diff --git a/content/zh/_index.html b/content/zh/_index.html
index 9405f2de0e457..1b0ff0170060c 100644
--- a/content/zh/_index.html
+++ b/content/zh/_index.html
@@ -1,61 +1,82 @@
 ---
 title: "生产级别的容器编排系统"
 abstract: "自动化的容器部署、扩展和管理"
-cid: "home"
+cid: home
 ---
 
 {{< deprecationwarning >}}
 
 {{< blocks/section id="oceanNodes" >}}
 {{% blocks/feature image="flower" %}}
-### [Kubernetes (K8s)]({{< relref "/docs/concepts/overview/what-is-kubernetes" >}})
-是一个开源系统，用于容器化应用的自动部署、扩缩和管理。
 
-Kubernetes 将构成应用的容器按逻辑单位进行分组以便于管理和发现。
-Kubernetes 基于 [谷歌公司在运行生产负载上的 15 年经验](http://queue.acm.org/detail.cfm?id=2898444)
-打造，并融合了来自社区的最佳建议与实践。
+<!-- ### [Kubernetes]({{< relref "/docs/concepts/overview/what-is-kubernetes" >}}) is an open-source system for automating deployment, scaling, and management of containerized applications. -->
+### [Kubernetes]({{< relref "/docs/concepts/overview/what-is-kubernetes" >}}) 是用于自动部署，扩展和管理容器化应用程序的开源系统。
+
+<!-- It groups containers that make up an application into logical units for easy management and discovery.
+Kubernetes builds upon [15 years of experience of running production workloads at Google](http://queue.acm.org/detail.cfm?id=2898444),
+combined with best-of-breed ideas and practices from the community. -->
+
+它将组成应用程序的容器组合成逻辑单元，以便于管理和服务发现。Kubernetes 源自[Google 15 年生产环境的运维经验](http://queue.acm.org/detail.cfm?id=2898444)，同时凝聚了社区的最佳创意和实践。
+
 {{% /blocks/feature %}}
 
 {{% blocks/feature image="scalable" %}}
-#### 星际规模
 
-基于一定的规则原理，谷歌公司每周能够运行数十亿的容器；通过遵循相同的设计，
-Kubernetes 能够在保持现有运维团队规模的前提下完成集群的弹性伸缩。
+<!-- #### Planet Scale -->
+#### 星际尺度
+
+<!-- Designed on the same principles that allows Google to run billions of containers a week,
+Kubernetes can scale without increasing your ops team. -->
+
+Google 每周运行数十亿个容器，Kubernetes 基于与之相同的原则来设计，能够在不扩张运维团队的情况下进行规模扩展。
 
 {{% /blocks/feature %}}
 
 {{% blocks/feature image="blocks" %}}
-#### 永不过时
 
-无论是在本地测试还是支撑全球化企业业务，Kubernetes 的灵活性使得其能够与您一起成长。
-无论您的需求多么复杂，Kubernetes 都能助您始终如一地、轻而易举地交付应用。
+<!-- #### Never Outgrow -->
+#### 处处适用
+
+<!-- Whether testing locally or running a global enterprise, Kubernetes flexibility grows with you to deliver your applications
+consistently and easily no matter how complex your need is. -->
+
+无论是本地测试，还是跨国公司，Kubernetes 的灵活性都能让你在应对复杂系统时得心应手。
 
 {{% /blocks/feature %}}
 
 {{% blocks/feature image="suitcase" %}}
-#### 随处运行
 
-作为一个开源系统，Kubernetes 使您能够自由地获得内部云、混合云或公有云基础设施所提供的便利，
-并根据需要轻松地迁移工作负载。
+<!-- #### Run Anywhere -->
+#### 永不过时
+
+<!-- Kubernetes is open source giving you the freedom to take advantage of on-premises, hybrid,
+or public cloud infrastructure, letting you effortlessly move workloads to where it matters to you. -->
+
+Kubernetes 是开源系统，可以自由地部署在企业内部，私有云、混合云或公有云，让您轻松地做出合适的选择。
 
 {{% /blocks/feature %}}
 
 {{< /blocks/section >}}
 
 {{< blocks/section id="video" background-image="kub_video_banner_homepage" >}}
+
 <div class="light-text">
-<h2>将超过 150 个微服务迁移到 Kubernetes 时遇到的挑战</h2>
-        <p>Sarah Wells, Technical Director for Operations and Reliability, Financial Times</p>
-        <button id="desktopShowVideoButton" onclick="kub.showVideo()">观看视频</button>
-        <br>
-        <br>
-        <br>
-        <a href="https://events.linuxfoundation.org/events/kubecon-cloudnativecon-north-america-2019" button id="desktopKCButton">参加 2019 年 11 月 18 日的 San Diego KubeCon</a>
-        <br>
-        <br>
-        <br>
-        <br>
-        <a href="https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2020/" button id="desktopKCButton">参加 2020 年 3 月 30 日的 Amsterdam KubeCon</a>
+    <!-- <h2>The Challenges of Migrating 150+ Microservices to Kubernetes</h2> -->
+    <h2>将 150+ 微服务迁移到 Kubernetes 上的挑战</h2>
+    <!-- <p>By Sarah Wells, Technical Director for Operations and Reliability, Financial Times</p> -->
+    <p>Sarah Wells, 运营和可靠性技术总监, 金融时报</p>
+    <button id="desktopShowVideoButton" onclick="kub.showVideo()">Watch Video</button>
+    <br>
+    <br>
+    <br>
+    <!-- <a href="https://www.lfasiallc.com/events/kubecon-cloudnativecon-china-2018/" button id="desktopKCButton">Attend KubeCon in Shanghai on Nov. 13-15, 2018</a> -->
+    <a href="https://www.lfasiallc.com/events/kubecon-cloudnativecon-china-2018/" button id="desktopKCButton">参加11月13日到15日的上海 KubeCon</a>
+    <br>
+    <br>
+    <br>
+    <br>
+    <!-- <a href="https://events.linuxfoundation.org/events/kubecon-cloudnativecon-north-america-2018/" button id="desktopKCButton">Attend KubeCon in Seattle on Dec. 11-13, 2018</a> -->
+    <a href="https://events.linuxfoundation.org/events/kubecon-cloudnativecon-north-america-2018/" button id="desktopKCButton">参加12月11日到13日的西雅图 KubeCon</a>
 </div>
 <div id="videoPlayer">
     <iframe data-url="https://www.youtube.com/embed/H06qrNmGqyE?autoplay=1" frameborder="0" allowfullscreen></iframe>
diff --git a/content/zh/_redirects b/content/zh/_redirects
new file mode 100644
index 0000000000000..a38fbcc91be78
--- /dev/null
+++ b/content/zh/_redirects
@@ -0,0 +1 @@
+/zh/docs/	/zh/docs/home/ 301
diff --git a/content/zh/blog/_posts/2015-03-00-Kubernetes-Gathering-Videos.md b/content/zh/blog/_posts/2015-03-00-Kubernetes-Gathering-Videos.md
new file mode 100644
index 0000000000000..2576296c644b6
--- /dev/null
+++ b/content/zh/blog/_posts/2015-03-00-Kubernetes-Gathering-Videos.md
@@ -0,0 +1,27 @@
+---
+
+title: " Kubernetes 采集视频 "
+date: 2015-03-23
+slug: kubernetes-gathering-videos
+url: /blog/2015/03/Kubernetes-Gathering-Videos
+---
+
+<!--
+---
+
+title: " Kubernetes Gathering Videos "
+date: 2015-03-23
+slug: kubernetes-gathering-videos
+url: /blog/2015/03/Kubernetes-Gathering-Videos
+---
+-->
+
+<!--
+If you missed the Kubernetes Gathering in SF last month, fear not! Here are the videos from the evening presentations organized into a playlist on YouTube
+
+[![Kubernetes Gathering](https://img.youtube.com/vi/q8lGZCKktYo/0.jpg)](https://www.youtube.com/playlist?list=PL69nYSiGNLP2FBVvSLHpJE8_6hRHW8Kxe)
+-->
+
+如果你错过了上个月在旧金山举行的 Kubernetes 大会，不要害怕!以下是在 YouTube 上组织成播放列表的晚间演示文稿中的视频。
+
+[![Kubernetes Gathering](https://img.youtube.com/vi/q8lGZCKktYo/0.jpg)](https://www.youtube.com/playlist?list=PL69nYSiGNLP2FBVvSLHpJE8_6hRHW8Kxe)
diff --git a/content/zh/blog/_posts/2015-03-00-Weekly-Kubernetes-Community-Hangout.md b/content/zh/blog/_posts/2015-03-00-Weekly-Kubernetes-Community-Hangout.md
new file mode 100644
index 0000000000000..6a345d4950b2d
--- /dev/null
+++ b/content/zh/blog/_posts/2015-03-00-Weekly-Kubernetes-Community-Hangout.md
@@ -0,0 +1,186 @@
+---
+title: " Kubernetes 社区每周聚会笔记 - 2015年3月27日 "
+date: 2015-03-28
+slug: weekly-kubernetes-community-hangout
+url: /blog/2015/03/Weekly-Kubernetes-Community-Hangout
+---
+
+<!--
+---
+title: " Weekly Kubernetes Community Hangout Notes - March 27 2015 "
+date: 2015-03-28
+slug: weekly-kubernetes-community-hangout
+url: /blog/2015/03/Weekly-Kubernetes-Community-Hangout
+---
+-->
+
+<!--
+Every week the Kubernetes contributing community meet virtually over Google Hangouts. We want anyone who's interested to know what's discussed in this forum.
+-->
+每个星期，Kubernetes 贡献者社区几乎都会在谷歌 Hangouts 上聚会。我们希望任何对此感兴趣的人都能了解这个论坛的讨论内容。
+
+<!--
+Agenda:
+-->
+日程安排：
+
+<!--
+
+\- Andy - demo remote execution and port forwarding
+
+\- Quinton - Cluster federation - Postponed
+
+\- Clayton - UI code sharing and collaboration around Kubernetes
+
+-->
+
+\- Andy - 演示远程执行和端口转发
+
+\- Quinton - 联邦集群 - 延迟
+
+\- Clayton - 围绕 Kubernetes 的 UI 代码共享和协作
+
+<!--
+Notes from meeting:
+-->
+从会议指出：
+
+<!--
+
+1\. Andy from RedHat:
+
+-->
+
+1\. Andy 从 RedHat：
+
+<!--
+
+* Demo remote execution
+
+-->
+
+* 演示远程执行
+
+<!--
+
+    * kubectl exec -p $POD -- $CMD
+
+    * Makes a connection to the master as proxy, figures out which node the pod is on, proxies connection to kubelet, which does the interesting bit.  via nsenter.
+
+    * Multiplexed streaming over HTTP using SPDY
+
+    * Also interactive mode:
+
+    * Assumes first container.  Can use -c $CONTAINER to pick a particular one.
+
+    * If have gdb pre-installed in container, then can interactively attach it to running process
+
+        * backtrace, symbol tbles, print, etc.  Most things you can do with gdb.
+
+    * Can also with careful flag crafting run rsync over this or set up sshd inside container.
+
+    * Some feedback via chat:
+    
+-->
+
+    * kubectl exec -p $POD -- $CMD
+
+    * 作为代理与主机建立连接，找出 pod 所在的节点，代理与 kubelet 的连接，这一点很有趣。通过 nsenter。
+
+    * 使用 SPDY 通过 HTTP 进行多路复用流式传输
+
+    * 还有互动模式：
+
+    * 假设第一个容器，可以使用 -c $CONTAINER 一个特定的。
+
+    * 如果在容器中预先安装了 gdb，则可以交互地将其附加到正在运行的进程中
+
+        * backtrace、symbol tbles、print 等。  使用gdb可以做的大多数事情。
+
+    * 也可以用精心制作的参数在上面运行 rsync 或者在容器内设置 sshd。
+
+    * 一些聊天反馈：
+
+<!--
+
+* Andy also demoed port forwarding
+* nsenter vs. docker exec
+
+-->
+
+* Andy 还演示了端口转发
+* nnsenter 与 docker exec
+
+<!--
+
+    * want to inject a binary under control of the host, similar to pre-start hooks
+
+    * socat, nsenter, whatever the pre-start hook needs
+    
+-->
+
+    * 想要在主机的控制下注入二进制文件，类似于预启动钩子
+
+    * socat、nsenter，任何预启动钩子需要的
+
+<!--
+
+* would be nice to blog post on this
+* version of nginx in wheezy is too old to support needed master-proxy functionality
+
+-->
+
+* 如果能在博客上发表这方面的文章就太好了
+* wheezy 中的 nginx 版本太旧，无法支持所需的主代理功能
+
+<!--
+
+2\. Clayton: where are we wrt a community organization for e.g. kubernetes UI components?
+
+* google-containers-ui IRC channel, mailing list.
+* Tim: google-containers prefix is historical, should just do "kubernetes-ui"
+* also want to put design resources in, and bower expects its own repo.
+* General agreement
+
+-->
+
+2\. Clayton: 我们的社区组织在哪里，例如 kubernetes UI 组件？
+
+* google-containers-ui IRC 频道，邮件列表。
+* Tim: google-containers 前缀是历史的，应该只做 "kubernetes-ui"
+* 也希望将设计资源投入使用，并且 bower 期望自己的仓库。
+* 通用协议
+
+<!--
+
+3\. Brian Grant:
+
+* Testing v1beta3, getting that ready to go in.
+* Paul working on changes to commandline stuff.
+* Early to mid next week, try to enable v1beta3 by default?
+* For any other changes, file issue and CC thockin.
+
+-->
+
+3\. Brian Grant:
+
+* 测试 v1beta3，准备进入。
+* Paul 力于改变命令行的内容。
+* 下周初至中旬，尝试默认启用v1beta3 ?
+* 对于任何其他更改，请发出文件并抄送 thockin。
+
+<!--
+
+4\. General consensus that 30 minutes is better than 60
+
+-->
+
+4\. 一般认为30分钟比60分钟好
+
+<!--
+
+* Shouldn't artificially try to extend just to fill time.
+
+-->
+
+* 不应该为了填满时间而人为地延长。
diff --git a/content/zh/blog/_posts/2015-03-00-Welcome-To-Kubernetes-Blog.md b/content/zh/blog/_posts/2015-03-00-Welcome-To-Kubernetes-Blog.md
new file mode 100644
index 0000000000000..3e3b5f6d3dbd8
--- /dev/null
+++ b/content/zh/blog/_posts/2015-03-00-Welcome-To-Kubernetes-Blog.md
@@ -0,0 +1,62 @@
+---
+title: 欢迎来到 Kubernetes 博客!
+date: 2015-03-20
+slug: welcome-to-kubernetes-blog
+url: /blog/2015/03/Welcome-To-Kubernetes-Blog
+---
+
+<!--
+---
+title: Welcome to the Kubernetes Blog! 
+date: 2015-03-20
+slug: welcome-to-kubernetes-blog
+url: /blog/2015/03/Welcome-To-Kubernetes-Blog
+---
+-->
+
+<!--
+Welcome to the new Kubernetes Blog. Follow this blog to learn about the Kubernetes Open Source project. We plan to post release notes, how-to articles, events, and maybe even some off topic fun here from time to time.
+-->
+欢迎来到新的 Kubernetes 博客。关注此博客，了解 Kubernetes 开源项目。我们计划不时发布发布说明，操作方法文章，活动，甚至一些非常有趣的话题。
+
+<!--
+If you are using Kubernetes or contributing to the project and would like to do a guest post, [please let me know](mailto:kitm@google.com).
+-->
+如果您正在使用 Kubernetes 或为该项目做出贡献并想要发帖子，[请告诉我](mailto:kitm@google.com)。
+
+<!--
+To start things off, here's a roundup of recent Kubernetes posts from other sites:
+-->
+首先，以下是 Kubernetes 最近在其他网站上发布的文章摘要：
+
+<!--
+- [Scaling MySQL in the cloud with Vitess and Kubernetes](http://googlecloudplatform.blogspot.com/2015/03/scaling-MySQL-in-the-cloud-with-Vitess-and-Kubernetes.html)
+- [Container Clusters on VMs](http://googlecloudplatform.blogspot.com/2015/02/container-clusters-on-vms.html)
+- [Everything you wanted to know about Kubernetes but were afraid to ask](http://googlecloudplatform.blogspot.com/2015/01/everything-you-wanted-to-know-about-Kubernetes-but-were-afraid-to-ask.html)
+- [What makes a container cluster?](http://googlecloudplatform.blogspot.com/2015/01/what-makes-a-container-cluster.html)
+- [Integrating OpenStack and Kubernetes with Murano](https://www.mirantis.com/blog/integrating-openstack-and-kubernetes-with-murano/)
+- [An introduction to containers, Kubernetes, and the trajectory of modern cloud computing](http://googlecloudplatform.blogspot.com/2015/01/in-coming-weeks-we-will-be-publishing.html)
+- [What is Kubernetes and how to use it?](http://www.centurylinklabs.com/what-is-kubernetes-and-how-to-use-it/)
+- [OpenShift V3, Docker and Kubernetes Strategy](https://blog.openshift.com/v3-docker-kubernetes-interview/)
+- [An Introduction to Kubernetes](https://www.digitalocean.com/community/tutorials/an-introduction-to-kubernetes)
+-->
+
+- [使用 Vitess 和 Kubernetes 在云中扩展 MySQL](http://googlecloudplatform.blogspot.com/2015/03/scaling-MySQL-in-the-cloud-with-Vitess-and-Kubernetes.html)
+- [虚拟机上的容器群集](http://googlecloudplatform.blogspot.com/2015/02/container-clusters-on-vms.html)
+- [想知道的关于 kubernetes 的一切，却又不敢问](http://googlecloudplatform.blogspot.com/2015/01/everything-you-wanted-to-know-about-Kubernetes-but-were-afraid-to-ask.html)
+- [什么构成容器集群？](http://googlecloudplatform.blogspot.com/2015/01/what-makes-a-container-cluster.html)
+- [将 OpenStack 和 Kubernetes 与 Murano 集成](https://www.mirantis.com/blog/integrating-openstack-and-kubernetes-with-murano/)
+- [容器介绍，Kubernetes 以及现代云计算的发展轨迹](http://googlecloudplatform.blogspot.com/2015/01/in-coming-weeks-we-will-be-publishing.html)
+- [什么是 Kubernetes 以及如何使用它？](http://www.centurylinklabs.com/what-is-kubernetes-and-how-to-use-it/)
+- [OpenShift V3，Docker 和 Kubernetes 策略](https://blog.openshift.com/v3-docker-kubernetes-interview/)
+- [Kubernetes 简介](https://www.digitalocean.com/community/tutorials/an-introduction-to-kubernetes)
+
+<!--
+Happy cloud computing!
+-->
+快乐的云计算！
+
+<!--
+ - Kit Merker - Product Manager, Google Cloud Platform
+-->
+ - Kit Merker - Google 云平台产品经理
diff --git a/content/zh/blog/_posts/2015-04-00-Kubernetes-Release-0150.md b/content/zh/blog/_posts/2015-04-00-Kubernetes-Release-0150.md
new file mode 100644
index 0000000000000..d7071e2377d8f
--- /dev/null
+++ b/content/zh/blog/_posts/2015-04-00-Kubernetes-Release-0150.md
@@ -0,0 +1,176 @@
+---
+title: " Kubernetes Release: 0.15.0 "
+date: 2015-04-16
+slug: kubernetes-release-0150
+url: /blog/2015/04/Kubernetes-Release-0150
+---
+
+<!--
+Release Notes:
+-->
+
+Release 说明：
+
+<!--
+
+* Enables v1beta3 API and sets it to the default API version ([#6098][1])
+* Added multi-port Services ([#6182][2])
+    * New Getting Started Guides
+    * Multi-node local startup guide ([#6505][3])
+    * Mesos on Google Cloud Platform ([#5442][4])
+    * Ansible Setup instructions ([#6237][5])
+* Added a controller framework ([#5270][6], [#5473][7])
+* The Kubelet now listens on a secure HTTPS port ([#6380][8])
+* Made kubectl errors more user-friendly ([#6338][9])
+* The apiserver now supports client cert authentication ([#6190][10])
+* The apiserver now limits the number of concurrent requests it processes ([#6207][11])
+* Added rate limiting to pod deleting ([#6355][12])
+* Implement Balanced Resource Allocation algorithm as a PriorityFunction in scheduler package ([#6150][13])
+* Enabled log collection from master ([#6396][14])
+* Added an api endpoint to pull logs from Pods ([#6497][15])
+* Added latency metrics to scheduler ([#6368][16])
+* Added latency metrics to REST client ([#6409][17])
+
+-->
+
+* 启用 1beta3 API 并将其设置为默认 API 版本 ([#6098][1])
+* 增加了多端口服务([#6182][2])
+    * 新入门指南
+    * 多节点本地启动指南 ([#6505][3])
+    * Google 云平台上的 Mesos ([#5442][4])
+    * Ansible 安装说明 ([#6237][5])
+* 添加了一个控制器框架 ([#5270][6], [#5473][7])
+* Kubelet 现在监听一个安全的 HTTPS 端口 ([#6380][8])
+* 使 kubectl 错误更加友好 ([#6338][9])
+* apiserver 现在支持客户端 cert 身份验证 ([#6190][10])
+* apiserver 现在限制了它处理的并发请求的数量 ([#6207][11])
+* 添加速度限制删除 pod ([#6355][12])
+* 将平衡资源分配算法作为优先级函数实现在调度程序包中 ([#6150][13])
+* 从主服务器启用日志收集功能 ([#6396][14])
+* 添加了一个 api 端口来从 Pod 中提取日志 ([#6497][15])
+* 为调度程序添加了延迟指标 ([#6368][16])
+* 为 REST 客户端添加了延迟指标 ([#6409][17])
+
+<!--
+
+* etcd now runs in a pod on the master ([#6221][18])
+* nginx now runs in a container on the master ([#6334][19])
+* Began creating Docker images for master components ([#6326][20])
+* Updated GCE provider to work with gcloud 0.9.54 ([#6270][21])
+* Updated AWS provider to fix Region vs Zone semantics ([#6011][22])
+* Record event when image GC fails ([#6091][23])
+* Add a QPS limiter to the kubernetes client ([#6203][24])
+* Decrease the time it takes to run make release ([#6196][25])
+* New volume support
+    * Added iscsi volume plugin ([#5506][26])
+    * Added glusterfs volume plugin ([#6174][27])
+    * AWS EBS volume support ([#5138][28])
+* Updated to heapster version to v0.10.0 ([#6331][29])
+* Updated to etcd 2.0.9 ([#6544][30])
+* Updated to Kibana to v1.2 ([#6426][31])
+* Bug Fixes
+    * Kube-proxy now updates iptables rules if a service's public IPs change ([#6123][32])
+    * Retry kube-addons creation if the initial creation fails ([#6200][33])
+    * Make kube-proxy more resiliant to running out of file descriptors ([#6727][34])
+
+-->
+
+* etcd 现在在 master 上的一个 pod 中运行 ([#6221][18])
+* nginx 现在在 master上的容器中运行 ([#6334][19])
+* 开始为主组件构建 Docker 镜像 ([#6326][20])
+* 更新了 GCE 程序以使用 gcloud 0.9.54 ([#6270][21])
+* 更新了 AWS 程序来修复区域与区域语义 ([#6011][22])
+* 记录镜像 GC 失败时的事件 ([#6091][23])
+* 为 kubernetes 客户端添加 QPS 限制器 ([#6203][24])
+* 减少运行 make release 所需的时间 ([#6196][25])
+* 新卷的支持
+    * 添加 iscsi 卷插件 ([#5506][26])
+    * 添加 glusterfs 卷插件 ([#6174][27])
+    * AWS EBS 卷支持 ([#5138][28])
+* 更新到 heapster 版本到 v0.10.0 ([#6331][29])
+* 更新到 etcd 2.0.9 ([#6544][30])
+* 更新到 Kibana 到 v1.2 ([#6426][31])
+* 漏洞修复
+    * 如果服务的公共 IP 发生变化，Kube-proxy现在会更新iptables规则 ([#6123][32])
+    * 如果初始创建失败，则重试 kube-addons 创建 ([#6200][33])
+    * 使 kube-proxy 对耗尽文件描述符更具弹性 ([#6727][34])
+
+<!--
+To download, please visit https://github.com/GoogleCloudPlatform/kubernetes/releases/tag/v0.15.0
+-->
+要下载，请访问 https://github.com/GoogleCloudPlatform/kubernetes/releases/tag/v0.15.0
+
+<!--
+[1]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6098 "Enabling v1beta3 api version by default in master"
+[2]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6182 "Implement multi-port Services"
+[3]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6505 "Docker multi-node"
+[4]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5442 "Getting started guide for Mesos on Google Cloud Platform"
+[5]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6237 "example ansible setup repo"
+[6]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5270 "Controller framework"
+[7]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5473 "Add DeltaFIFO (a controller framework piece)"
+[8]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6380 "Configure the kubelet to use HTTPS (take 2)"
+[9]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6338 "Return a typed error for config validation, and make errors simple"
+[10]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6190 "Add client cert authentication"
+[11]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6207 "Add a limit to the number of in-flight requests that a server processes."
+[12]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6355 "Added rate limiting to pod deleting"
+[13]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6150 "Implement Balanced Resource Allocation (BRA) algorithm as a PriorityFunction in scheduler package."
+[14]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6396 "Enable log collection from master."
+[15]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6497 "Pod log subresource"
+[16]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6368 "Add basic latency metrics to scheduler."
+[17]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6409 "Add latency metrics to REST client"
+[18]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6221 "Run etcd 2.0.5 in a pod"
+[19]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6334 "Add an nginx docker image for use on the master."
+[20]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6326 "Create Docker images for master components "
+[21]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6270 "Updates for gcloud 0.9.54"
+-->
+[1]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6098 "在 master 中默认启用 v1beta3 api 版本"
+[2]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6182 "实现多端口服务"
+[3]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6505 "Docker 多节点"
+[4]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5442 "谷歌云平台上 Mesos 入门指南"
+[5]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6237 "示例 ansible 设置仓库"
+[6]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5270 "控制器框架"
+[7]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5473 "添加 DeltaFIFO（控制器框架块）"
+[8]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6380 "将 kubelet 配置为使用 HTTPS (获得 2)"
+[9]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6338 "返回用于配置验证的类型化错误，并简化错误"
+[10]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6190 "添加客户端证书认证"
+[11]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6207 "为服务器处理的正在运行的请求数量添加一个限制。"
+[12]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6355 "添加速度限制删除 pod"
+[13]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6150 "将均衡资源分配算法作为优先级函数实现在调度程序包中。"
+[14]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6396 "启用主服务器收集日志。"
+[15]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6497 "pod 子日志资源"
+[16]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6368 "将基本延迟指标添加到调度程序。"
+[17]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6409 "向 REST 客户端添加延迟指标"
+[18]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6221 "在 pod 中运行 etcd 2.0.5"
+[19]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6334 "添加一个 nginx docker 镜像用于主程序。"
+[20]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6326 "为主组件创建 Docker 镜像"
+[21]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6270 "gcloud 0.9.54 的更新"
+
+<!--
+[22]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6011 "Fix AWS region vs zone"
+[23]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6091 "Record event when image GC fails."
+[24]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6203 "Add a QPS limiter to the kubernetes client."
+[25]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6196 "Parallelize architectures in both the building and packaging phases of `make release`"
+[26]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5506 "add iscsi volume plugin"
+[27]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6174 "implement glusterfs volume plugin"
+[28]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5138 "AWS EBS volume support"
+[29]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6331 "Update heapster version to v0.10.0"
+[30]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6544 "Build etcd image (version 2.0.9), and upgrade kubernetes cluster to the new version"
+[31]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6426 "Update Kibana to v1.2 which paramaterizes location of Elasticsearch"
+[32]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6123 "Fix bug in kube-proxy of not updating iptables rules if a service's public IPs change"
+[33]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6200 "Retry kube-addons creation if kube-addons creation fails."
+[34]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6727 "pkg/proxy: panic if run out of fd"
+-->
+[22]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6011 "修复 AWS 区域 与 zone"
+[23]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6091 "记录镜像 GC 失败时的事件。"
+[24]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6203 "向 kubernetes 客户端添加 QPS 限制器。"
+[25]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6196 "在 `make release` 的构建和打包阶段并行化架构"
+[26]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5506 "添加 iscsi 卷插件"
+[27]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6174 "实现 glusterfs 卷插件"
+[28]: https://github.com/GoogleCloudPlatform/kubernetes/pull/5138 "AWS EBS 卷支持"
+[29]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6331 "将 heapster 版本更新到 v0.10.0"
+[30]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6544 "构建 etcd 镜像(版本 2.0.9)，并将 kubernetes 集群升级到新版本"
+[31]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6426 "更新 Kibana 到 v1.2，它对 Elasticsearch 的位置进行了参数化"
+[32]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6123 "修复了 kube-proxy 中的一个错误，如果一个服务的公共 ip 发生变化，它不会更新 iptables 规则"
+[33]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6200 "如果 kube-addons 创建失败，请重试 kube-addons 创建。"
+[34]: https://github.com/GoogleCloudPlatform/kubernetes/pull/6727 "pkg/proxy: fd 用完后引起恐慌"
+
diff --git a/content/zh/blog/_posts/2015-04-00-Weekly-Kubernetes-Community-Hangout_17.md b/content/zh/blog/_posts/2015-04-00-Weekly-Kubernetes-Community-Hangout_17.md
new file mode 100644
index 0000000000000..e71b8d17be7e8
--- /dev/null
+++ b/content/zh/blog/_posts/2015-04-00-Weekly-Kubernetes-Community-Hangout_17.md
@@ -0,0 +1,287 @@
+---
+title: " Kubernetes 社区每周聚会笔记- 2015年4月17日 "
+date: 2015-04-17
+slug: weekly-kubernetes-community-hangout_17
+url: /blog/2015/04/Weekly-Kubernetes-Community-Hangout_17
+---
+
+<!--
+---
+title: " Weekly Kubernetes Community Hangout Notes - April 17 2015 "
+date: 2015-04-17
+slug: weekly-kubernetes-community-hangout_17
+url: /blog/2015/04/Weekly-Kubernetes-Community-Hangout_17
+---
+-->
+
+<!--
+Every week the Kubernetes contributing community meet virtually over Google Hangouts. We want anyone who's interested to know what's discussed in this forum.  
+-->
+每个星期，Kubernetes 贡献者社区几乎都会在谷歌 Hangouts 上聚会。我们希望任何对此感兴趣的人都能了解这个论坛的讨论内容。
+
+<!--
+Agenda  
+
+* Mesos Integration
+* High Availability (HA)
+* Adding performance and profiling details to e2e to track regressions
+* Versioned clients
+
+-->
+议程  
+
+* Mesos 集成
+* 高可用性（HA）
+* 向 e2e 添加性能和分析详细信息以跟踪回归
+* 客户端版本化
+
+<!--
+Notes  
+-->
+笔记
+
+<!--
+
+* Mesos integration
+
+    * Mesos integration proposal:
+
+    * No blockers to integration.
+
+    * Documentation needs to be updated.
+
+-->
+
+* Mesos 集成
+
+    * Mesos 集成提案：
+
+    * 没有阻塞集成的因素。
+
+    * 文档需要更新。
+
+<!--
+
+* HA
+
+    * Proposal should land today.
+
+    * Etcd cluster.
+
+    * Load-balance apiserver.
+
+    * Cold standby for controller manager and other master components.
+    
+-->
+
+* HA
+
+    * 提案今天应该会提交。
+
+    * Etcd 集群。
+
+    * apiserver 负载均衡。
+
+    * 控制器管理器和其他主组件的冷备用。
+
+<!--
+
+* Adding performance and profiling details to e2e to track regression
+
+    * Want red light for performance regression
+
+    * Need a public DB to post the data
+
+        * See
+
+    * Justin working on multi-platform e2e dashboard
+    
+-->
+
+* 向 e2e 添加性能和分析详细信息以跟踪回归
+
+    * 希望红色为性能回归
+
+    * 需要公共数据库才能发布数据
+
+        * 查看
+
+    * Justin 致力于多平台 e2e 仪表盘
+
+<!--
+
+* Versioned clients
+
+    *
+
+    *
+
+    * Client library currently uses internal API objects.
+
+    * Nobody reported that frequent changes to types.go have been painful, but we are worried about it.
+
+    * Structured types are useful in the client. Versioned structs would be ok.
+
+    * If start with json/yaml (kubectl), shouldn’t convert to structured types. Use swagger.
+    
+-->
+
+* 客户端版本化
+
+    *
+
+    *
+
+    * 客户端库当前使用内部 API 对象。
+
+    * 尽管没有人反映频繁修改 `types.go` 有多痛苦，但我们很为此担心。
+
+    * 结构化类型在客户端中很有用。版本化的结构就可以了。
+
+    * 如果从 json/yaml (kubectl) 开始，则不应转换为结构化类型。使用 swagger。
+
+<!--
+
+* Security context
+
+    *
+
+    * Administrators can restrict who can run privileged containers or require specific unix uids
+
+    * Kubelet will be able to get pull credentials from apiserver
+
+    * Policy proposal coming in the next week or so
+-->
+
+* Security context
+
+    *
+
+    * 管理员可以限制谁可以运行特权容器或需要特定的 unix uid
+
+    * kubelet 将能够从 apiserver 获取证书
+
+    * 政策提案将于下周左右出台
+
+<!--
+
+* Discussing upstreaming of users, etc. into Kubernetes, at least as optional
+* 1.0 Roadmap
+
+    * Focus is performance, stability, cluster upgrades
+
+    * TJ has been making some edits to [roadmap.md][4] but hasn’t sent out a PR yet
+* Kubernetes UI
+
+    * Dependencies broken out into third-party
+
+    * @lavalamp is reviewer
+
+-->
+
+* 讨论用户的上游，等等进入Kubernetes，至少是可选的
+* 1.0 路线图
+
+    * 重点是性能，稳定性，集群升级
+
+    * TJ 一直在对[roadmap.md][4]进行一些编辑，但尚未发布PR
+* Kubernetes UI
+
+    * 依赖关系分解为第三方
+
+    * @lavalamp 是评论家
+
+
+[1]: http://kubernetes.io/images/nav_logo.svg
+[2]: http://kubernetes.io/docs/
+[3]: https://kubernetes.io/blog/
+[4]: https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/roadmap.md
+[5]: https://kubernetes.io/blog/2015/04/weekly-kubernetes-community-hangout_17 "permanent link"
+[6]: https://resources.blogblog.com/img/icon18_edit_allbkg.gif
+[7]: https://www.blogger.com/post-edit.g?blogID=112706738355446097&postID=630924463010638300&from=pencil "Edit Post"
+[8]: https://www.blogger.com/share-post.g?blogID=112706738355446097&postID=630924463010638300&target=email "Email This"
+[9]: https://www.blogger.com/share-post.g?blogID=112706738355446097&postID=630924463010638300&target=blog "BlogThis!"
+[10]: https://www.blogger.com/share-post.g?blogID=112706738355446097&postID=630924463010638300&target=twitter "Share to Twitter"
+[11]: https://www.blogger.com/share-post.g?blogID=112706738355446097&postID=630924463010638300&target=facebook "Share to Facebook"
+[12]: https://www.blogger.com/share-post.g?blogID=112706738355446097&postID=630924463010638300&target=pinterest "Share to Pinterest"
+[13]: https://kubernetes.io/blog/search/label/community%20meetings
+[14]: https://kubernetes.io/blog/search/label/containers
+[15]: https://kubernetes.io/blog/search/label/docker
+[16]: https://kubernetes.io/blog/search/label/k8s
+[17]: https://kubernetes.io/blog/search/label/kubernetes
+[18]: https://kubernetes.io/blog/search/label/open%20source
+[19]: https://kubernetes.io/blog/2015/04/kubernetes-and-mesosphere-dcos "Newer Post"
+[20]: https://kubernetes.io/blog/2015/04/introducing-kubernetes-v1beta3 "Older Post"
+[21]: https://kubernetes.io/blog/feeds/630924463010638300/comments/default
+[22]: https://img2.blogblog.com/img/widgets/arrow_dropdown.gif
+[23]: https://img1.blogblog.com/img/icon_feed12.png
+[24]: https://img1.blogblog.com/img/widgets/subscribe-netvibes.png
+[25]: https://www.netvibes.com/subscribe.php?url=http%3A%2F%2Fblog.kubernetes.io%2Ffeeds%2Fposts%2Fdefault
+[26]: https://img1.blogblog.com/img/widgets/subscribe-yahoo.png
+[27]: https://add.my.yahoo.com/content?url=http%3A%2F%2Fblog.kubernetes.io%2Ffeeds%2Fposts%2Fdefault
+[28]: https://kubernetes.io/blog/feeds/posts/default
+[29]: https://www.netvibes.com/subscribe.php?url=http%3A%2F%2Fblog.kubernetes.io%2Ffeeds%2F630924463010638300%2Fcomments%2Fdefault
+[30]: https://add.my.yahoo.com/content?url=http%3A%2F%2Fblog.kubernetes.io%2Ffeeds%2F630924463010638300%2Fcomments%2Fdefault
+[31]: https://resources.blogblog.com/img/icon18_wrench_allbkg.png
+[32]: //www.blogger.com/rearrange?blogID=112706738355446097&widgetType=Subscribe&widgetId=Subscribe1&action=editWidget§ionId=sidebar-right-1 "Edit"
+[33]: https://twitter.com/kubernetesio
+[34]: https://github.com/kubernetes/kubernetes
+[35]: http://slack.k8s.io/
+[36]: http://stackoverflow.com/questions/tagged/kubernetes
+[37]: http://get.k8s.io/
+[38]: //www.blogger.com/rearrange?blogID=112706738355446097&widgetType=HTML&widgetId=HTML2&action=editWidget§ionId=sidebar-right-1 "Edit"
+[39]: javascript:void(0)
+[40]: https://kubernetes.io/blog/2018/
+[41]: https://kubernetes.io/blog/2018/01/
+[42]: https://kubernetes.io/blog/2017/
+[43]: https://kubernetes.io/blog/2017/12/
+[44]: https://kubernetes.io/blog/2017/11/
+[45]: https://kubernetes.io/blog/2017/10/
+[46]: https://kubernetes.io/blog/2017/09/
+[47]: https://kubernetes.io/blog/2017/08/
+[48]: https://kubernetes.io/blog/2017/07/
+[49]: https://kubernetes.io/blog/2017/06/
+[50]: https://kubernetes.io/blog/2017/05/
+[51]: https://kubernetes.io/blog/2017/04/
+[52]: https://kubernetes.io/blog/2017/03/
+[53]: https://kubernetes.io/blog/2017/02/
+[54]: https://kubernetes.io/blog/2017/01/
+[55]: https://kubernetes.io/blog/2016/
+[56]: https://kubernetes.io/blog/2016/12/
+[57]: https://kubernetes.io/blog/2016/11/
+[58]: https://kubernetes.io/blog/2016/10/
+[59]: https://kubernetes.io/blog/2016/09/
+[60]: https://kubernetes.io/blog/2016/08/
+[61]: https://kubernetes.io/blog/2016/07/
+[62]: https://kubernetes.io/blog/2016/06/
+[63]: https://kubernetes.io/blog/2016/05/
+[64]: https://kubernetes.io/blog/2016/04/
+[65]: https://kubernetes.io/blog/2016/03/
+[66]: https://kubernetes.io/blog/2016/02/
+[67]: https://kubernetes.io/blog/2016/01/
+[68]: https://kubernetes.io/blog/2015/
+[69]: https://kubernetes.io/blog/2015/12/
+[70]: https://kubernetes.io/blog/2015/11/
+[71]: https://kubernetes.io/blog/2015/10/
+[72]: https://kubernetes.io/blog/2015/09/
+[73]: https://kubernetes.io/blog/2015/08/
+[74]: https://kubernetes.io/blog/2015/07/
+[75]: https://kubernetes.io/blog/2015/06/
+[76]: https://kubernetes.io/blog/2015/05/
+[77]: https://kubernetes.io/blog/2015/04/
+[78]: https://kubernetes.io/blog/2015/04/weekly-kubernetes-community-hangout_29
+[79]: https://kubernetes.io/blog/2015/04/borg-predecessor-to-kubernetes
+[80]: https://kubernetes.io/blog/2015/04/kubernetes-and-mesosphere-dcos
+[81]: https://kubernetes.io/blog/2015/04/weekly-kubernetes-community-hangout_17
+[82]: https://kubernetes.io/blog/2015/04/introducing-kubernetes-v1beta3
+[83]: https://kubernetes.io/blog/2015/04/kubernetes-release-0150
+[84]: https://kubernetes.io/blog/2015/04/weekly-kubernetes-community-hangout_11
+[85]: https://kubernetes.io/blog/2015/04/faster-than-speeding-latte
+[86]: https://kubernetes.io/blog/2015/04/weekly-kubernetes-community-hangout
+[87]: https://kubernetes.io/blog/2015/03/
+[88]: //www.blogger.com/rearrange?blogID=112706738355446097&widgetType=BlogArchive&widgetId=BlogArchive1&action=editWidget§ionId=sidebar-right-1 "Edit"
+[89]: //www.blogger.com/rearrange?blogID=112706738355446097&widgetType=HTML&widgetId=HTML1&action=editWidget§ionId=sidebar-right-1 "Edit"
+[90]: https://www.blogger.com
+[91]: //www.blogger.com/rearrange?blogID=112706738355446097&widgetType=Attribution&widgetId=Attribution1&action=editWidget§ionId=footer-3 "Edit"
+
+  [*[3:27 PM]: 2015-04-17T15:27:00-07:00
diff --git a/content/zh/blog/_posts/2015-04-00-Weekly-Kubernetes-Community-Hangout_29.md b/content/zh/blog/_posts/2015-04-00-Weekly-Kubernetes-Community-Hangout_29.md
new file mode 100644
index 0000000000000..c451022671a51
--- /dev/null
+++ b/content/zh/blog/_posts/2015-04-00-Weekly-Kubernetes-Community-Hangout_29.md
@@ -0,0 +1,143 @@
+---
+title: " Kubernetes 社区每周聚会笔记- 2015年4月24日 "
+date: 2015-04-30
+slug: weekly-kubernetes-community-hangout_29
+url: /blog/2015/04/Weekly-Kubernetes-Community-Hangout_29
+---
+
+<!--
+---
+title: " Weekly Kubernetes Community Hangout Notes - April 24 2015 "
+date: 2015-04-30
+slug: weekly-kubernetes-community-hangout_29
+url: /blog/2015/04/Weekly-Kubernetes-Community-Hangout_29
+---
+
+-->
+
+<!--
+Every week the Kubernetes contributing community meet virtually over Google Hangouts. We want anyone who's interested to know what's discussed in this forum.  
+-->
+每个星期，Kubernetes 贡献者社区几乎都会在谷歌 Hangouts 上聚会。我们希望任何对此感兴趣的人都能了解这个论坛的讨论内容。
+
+<!--
+Agenda:
+
+* Flocker and Kubernetes integration demo
+
+-->
+日程安排：
+
+* Flocker 和 Kubernetes 集成演示
+
+<!--
+Notes:
+
+* flocker and kubernetes integration demo
+* * Flocker Q/A
+
+    * Does the file still exists on node1 after migration?
+
+    * Brendan: Any plan this to make it a volume? So we don't need powerstrip?
+
+        * Luke:  Need to figure out interest to decide if we want to make it a first-class persistent disk provider in kube.
+
+        * Brendan: Removing need for powerstrip would make it simple to use. Totally go for it.
+
+        * Tim: Should take no more than 45 minutes to add it to kubernetes:)
+
+-->
+笔记：
+
+* flocker 和 kubernetes 集成演示
+* * Flocker Q/A
+
+    * 迁移后文件是否仍存在于node1上？
+
+    * Brendan: 有没有计划把它做成一本书？我们不需要 powerstrip？
+
+        * Luke:  需要找出感兴趣的来决定我们是否想让它成为 kube 中的一个一流的持久性磁盘提供商。
+
+        * Brendan: 删除对 powerstrip 的需求会使其易于使用。完全去做。
+
+        * Tim: 将它添加到 kubernetes 应该不超过45分钟:)
+
+<!--
+
+    * Derek: Contrast this with persistent volumes and claims?
+
+        * Luke: Not much difference, except for the novel ZFS based backend. Makes workloads really portable.
+
+        * Tim: very different than network-based volumes. Its interesting that it is the only offering that allows upgrading media.
+
+        * Brendan: claims, how does it look for replicated claims? eg Cassandra wants to have replicated data underneath. It would be efficient to scale up and down. Create storage on the fly based on load dynamically. Its step beyond taking snapshots - programmatically creating replicas with preallocation.
+
+        * Tim: helps with auto-provisioning.
+
+-->
+
+    * Derek: 持久卷和请求相比呢?
+
+        * Luke: 除了基于 ZFS 的新后端之外，差别不大。使工作负载真正可移植。
+
+        * Tim: 与基于网络的卷非常不同。有趣的是，它是唯一允许升级媒体的产品。
+
+        * Brendan: 请求，它如何查找重复请求？Cassandra 希望在底层复制数据。向上和向下扩缩是有效的。根据负载动态地创建存储。它的步骤不仅仅是快照——通过编程使用预分配创建副本。
+
+        * Tim: 帮助自动配置。
+        
+<!--
+
+    * Brian: Does flocker requires any other component?
+
+        * Kai: Flocker control service co-located with the master.  (dia on blog post). Powerstrip + Powerstrip Flocker. Very interested in mpersisting state in etcd. It keeps metadata about each volume.
+
+        * Brendan: In future, flocker can be a plugin and we'll take care of persistence. Post v1.0.
+
+        * Brian: Interested in adding generic plugin for services like flocker.
+
+        * Luke: Zfs can become really valuable when scaling to lot of containers on a single node.
+
+-->
+
+    * Brian: flocker 是否需要其他组件？
+
+        * Kai: Flocker 控制服务与主服务器位于同一位置。(dia 在博客上)。Powerstrip + Powerstrip Flocker。对在 etcd 中持久化状态非常有趣。它保存关于每个卷的元数据。
+
+        * Brendan: 在未来，flocker 可以是一个插件，我们将负责持久性。发布 v1.0。
+
+        * Brian: 有兴趣为 flocker 等服务添加通用插件。
+
+        * Luke: 当扩展到单个节点上的许多容器时，Zfs 会变得非常有价值。
+
+<!--
+
+    * Alex: Can flocker service can be run as a pod?
+
+        * Kai: Yes, only requirement is the flocker control service should be able to talk to zfs agent. zfs agent needs to be installed on the host and zfs binaries need to be accessible.
+
+        * Brendan: In theory, all zfs bits can be put it into a container with devices.
+
+        * Luke: Yes, still working through cross-container mounting issue.
+
+        * Tim: pmorie is working through it to make kubelet work in a container. Possible re-use.
+
+    * Kai: Cinder support is coming. Few days away.
+* Bob: What's the process of pushing kube to GKE? Need more visibility for confidence.
+
+-->
+
+    * Alex: flocker 服务可以作为 pod 运行吗？
+
+        * Kai: 是的，唯一的要求是 flocker 控制服务应该能够与 zfs 代理对话。需要在主机上安装 zfs 代理，并且需要访问 zfs 二进制文件。
+
+        * Brendan: 从理论上讲，所有 zfs 位都可以与设备一起放入容器中。
+
+        * Luke: 是的，仍然在处理跨容器安装问题。
+
+        * Tim: pmorie 正在通过它使 kubelet 在容器中工作。可能重复使用。
+
+    * Kai: Cinder 支持即将到来。几天之后。
+* Bob: 向 GKE 推送 kube 的过程是怎样的？需要更多的可见度。
+
+
diff --git a/content/zh/blog/_posts/2015-05-00-Kubernetes-On-Openstack.md b/content/zh/blog/_posts/2015-05-00-Kubernetes-On-Openstack.md
new file mode 100644
index 0000000000000..0a4ac17ef5e56
--- /dev/null
+++ b/content/zh/blog/_posts/2015-05-00-Kubernetes-On-Openstack.md
@@ -0,0 +1,112 @@
+---
+title: " OpenStack 上的 Kubernetes "
+date: 2015-05-19
+slug: kubernetes-on-openstack
+url: /blog/2015/05/Kubernetes-On-Openstack
+---
+
+<!--
+---
+title: " Kubernetes on OpenStack "
+date: 2015-05-19
+slug: kubernetes-on-openstack
+url: /blog/2015/05/Kubernetes-On-Openstack
+---
+-->
+
+[![](https://3.bp.blogspot.com/-EOrCHChZJZE/VVZzq43g6CI/AAAAAAAAF-E/JUilRHk369E/s400/Untitled%2Bdrawing.jpg)](https://3.bp.blogspot.com/-EOrCHChZJZE/VVZzq43g6CI/AAAAAAAAF-E/JUilRHk369E/s1600/Untitled%2Bdrawing.jpg)
+
+
+<!--
+Today, the [OpenStack foundation](https://www.openstack.org/foundation/) made it even easier for you deploy and manage clusters of Docker containers on OpenStack clouds by including Kubernetes in its [Community App Catalog](http://apps.openstack.org/). &nbsp;At a keynote today at the OpenStack Summit in Vancouver, Mark Collier, COO of the OpenStack Foundation, and Craig Peters, &nbsp;[Mirantis](https://www.mirantis.com/) product line manager, demonstrated the Community App Catalog workflow by launching a Kubernetes cluster in a matter of seconds by leveraging the compute, storage, networking and identity systems already present in an OpenStack cloud.
+-->
+今天，[OpenStack 基金会](https://www.openstack.org/foundation/)通过在其[社区应用程序目录](http://apps.openstack.org/)中包含 Kubernetes，使您更容易在 OpenStack 云上部署和管理 Docker 容器集群。
+今天在温哥华 OpenStack 峰会上的主题演讲中，OpenStack 基金会的首席运营官：Mark Collier 和 [Mirantis](https://www.mirantis.com/) 产品线经理 Craig Peters 通过利用 OpenStack 云中已经存在的计算、存储、网络和标识系统，在几秒钟内启动了 Kubernetes 集群，展示了社区应用程序目录的工作流。
+
+<!--
+The entries in the catalog include not just the ability to [start a Kubernetes cluster](http://apps.openstack.org/#tab=murano-apps&asset=Kubernetes%20Cluster), but also a range of applications deployed in Docker containers managed by Kubernetes. These applications include:
+-->
+目录中的条目不仅包括[启动 Kubernetes 集群](http://apps.openstack.org/#tab=murano-apps&asset=Kubernetes%20Cluster)的功能，还包括部署在 Kubernetes 管理的 Docker 容器中的一系列应用程序。这些应用包括：
+
+<!--
+
+-
+Apache web server
+-
+Nginx web server
+-
+Crate - The Distributed Database for Docker
+-
+GlassFish - Java EE 7 Application Server
+-
+Tomcat - An open-source web server and servlet container
+-
+InfluxDB - An open-source, distributed, time series database
+-
+Grafana - Metrics dashboard for InfluxDB
+-
+Jenkins - An extensible open source continuous integration server
+-
+MariaDB database
+-
+MySql database
+-
+Redis - Key-value cache and store
+-
+PostgreSQL database
+-
+MongoDB NoSQL database
+-
+Zend Server - The Complete PHP Application Platform
+
+-->
+
+
+-
+Apache web 服务器
+-
+Nginx web 服务器
+-
+Crate - Docker的分布式数据库
+-
+GlassFish - Java EE 7 应用服务器
+-
+Tomcat - 一个开源的 web 服务器和 servlet 容器
+-
+InfluxDB - 一个开源的、分布式的、时间序列数据库
+-
+Grafana -   InfluxDB 的度量仪表板
+-
+Jenkins - 一个可扩展的开放源码持续集成服务器
+-
+MariaDB 数据库
+-
+MySql 数据库
+-
+Redis - 键-值缓存和存储
+-
+PostgreSQL 数据库
+-
+MongoDB NoSQL 数据库
+-
+Zend 服务器 - 完整的 PHP 应用程序平台
+
+<!--
+This list will grow, and is curated [here](https://github.com/openstack/murano-apps/tree/master/Docker/Kubernetes). You can examine (and contribute to) the YAML file that tells Murano how to install and start the Kubernetes cluster [here](https://github.com/openstack/murano-apps/blob/master/Docker/Kubernetes/KubernetesCluster/package/Classes/KubernetesCluster.yaml).
+-->
+此列表将会增长，并在[此处](https://github.com/openstack/murano-apps/tree/master/Docker/Kubernetes)进行策划。您可以检查（并参与）YAML 文件，该文件告诉 Murano 如何根据[此处](https://github.com/openstack/murano-apps/blob/master/Docker/Kubernetes/KubernetesCluster/package/Classes/KubernetesCluster.yaml)定义来安装和启动 ...apps/blob/master/Docker/Kubernetes/KubernetesCluster/package/Classes/KubernetesCluster.yaml)安装和启动 Kubernetes 集群。
+
+<!--
+[The Kubernetes open source project](https://github.com/GoogleCloudPlatform/kubernetes) has continued to see fantastic community adoption and increasing momentum, with over 11,000 commits and 7,648 stars on GitHub. With supporters ranging from Red Hat and Intel to CoreOS and Box.net, it has come to represent a range of customer interests ranging from enterprise IT to cutting edge startups. We encourage you to give it a try, give us your feedback, and get involved in our growing community.
+-->
+[Kubernetes 开源项目](https://github.com/GoogleCloudPlatform/kubernetes)继续受到社区的欢迎，并且势头越来越好，GitHub 上有超过 11000 个提交和 7648 颗星。从 Red Hat 和 Intel 到 CoreOS 和 Box.net，它已经代表了从企业 IT 到前沿创业企业的一系列客户。我们鼓励您尝试一下，给我们您的反馈，并参与到我们不断增长的社区中来。
+
+
+<!--
+
+- Martin Buhr, Product Manager, Kubernetes Open Source Project
+
+-->
+
+- Martin Buhr, Kubernetes 开源项目产品经理
+
diff --git a/content/zh/blog/_posts/2015-05-00-Weekly-Kubernetes-Community-Hangout.md b/content/zh/blog/_posts/2015-05-00-Weekly-Kubernetes-Community-Hangout.md
new file mode 100644
index 0000000000000..8f60d7916bd16
--- /dev/null
+++ b/content/zh/blog/_posts/2015-05-00-Weekly-Kubernetes-Community-Hangout.md
@@ -0,0 +1,121 @@
+---
+title: " Kubernetes 社区每周聚会笔记- 2015年5月1日 "
+date: 2015-05-11
+slug: weekly-kubernetes-community-hangout
+url: /blog/2015/05/Weekly-Kubernetes-Community-Hangout
+---
+
+<!--
+---
+title: " Weekly Kubernetes Community Hangout Notes - May 1 2015 "
+date: 2015-05-11
+slug: weekly-kubernetes-community-hangout
+url: /blog/2015/05/Weekly-Kubernetes-Community-Hangout
+---
+-->
+
+<!--
+Every week the Kubernetes contributing community meet virtually over Google Hangouts. We want anyone who's interested to know what's discussed in this forum.
+-->
+每个星期，Kubernetes 贡献者社区几乎都会在谷歌 Hangouts 上聚会。我们希望任何对此感兴趣的人都能了解这个论坛的讨论内容。
+
+<!--
+
+* Simple rolling update - Brendan
+
+    * Rolling update = nice example of why RCs and Pods are good.
+
+    * ...pause… (Brendan needs demo recovery tips from Kelsey)
+
+    * Rolling update has recovery: Cancel update and restart, update continues from where it stopped.
+
+    * New controller  gets name of old controller, so appearance is pure update.
+
+    * Can also name versions in update (won't do rename at the end).
+
+-->  
+
+* 简单的滚动更新 - Brendan
+
+    * 滚动更新 = RCs和Pods很好的例子。
+
+    * ...pause… (Brendan 需要 Kelsey 的演示恢复技巧)
+
+    * 滚动更新具有恢复功能:取消更新并重新启动，更新从停止的地方继续。
+
+    * 新控制器获取旧控制器的名称，因此外观是纯粹的更新。
+
+    * 还可以在 update 中命名版本(最后不会重命名)。
+
+<!--
+
+* Rocket demo - CoreOS folks
+
+    * 2 major differences between rocket & docker: Rocket is daemonless & pod-centric.
+
+    * Rocket has AppContainer format as native, but also supports docker image format.
+
+    * Can run AppContainer and docker containers in same pod.
+
+    * Changes are close to merged.
+    
+-->
+
+* Rocket 演示 - CoreOS 的伙计们
+
+    * Rocket 和 docker 之间的主要区别: Rocket 是无守护进程和以 pod 为中心。。
+
+    * Rocket 具有原生的 AppContainer 格式，但也支持 docker 镜像格式。
+
+    * 可以在同一个 pod 中运行 AppContainer 和 docker 容器。
+
+    * 变更接近于合并。
+
+<!--
+
+* demo service accounts and secrets being added to pods - Jordan
+
+    * Problem: It's hard to get a token to talk to the API.
+
+    * New API object: "ServiceAccount"
+
+    * ServiceAccount is namespaced, controller makes sure that at least 1 default service account exists in a namespace.
+
+    * Typed secret "ServiceAccountToken", controller makes sure there is at least 1 default token.
+
+    * DEMO
+
+    *     * Can create new service account with ServiceAccountToken. Controller will create token for it.
+
+    * Can create a pod with service account, pods will have service account secret mounted at /var/run/secrets/kubernetes.io/…
+    
+-->
+
+* 演示 service accounts 和 secrets 被添加到 pod - Jordan
+
+    * 问题：很难获得与API通信的令牌。
+
+    * 新的API对象："ServiceAccount"
+
+    * ServiceAccount 是命名空间，控制器确保命名空间中至少存在一个个默认 service account。
+
+    * 键入 "ServiceAccountToken"，控制器确保至少有一个默认令牌。
+
+    * 演示
+
+    *     * 可以使用 ServiceAccountToken 创建新的 service account。控制器将为它创建令牌。
+
+    * 可以创建一个带有 service account 的 pod, pod 将在 /var/run/secrets/kubernets.io/…
+    
+<!--    
+    
+* Kubelet running in a container - Paul
+
+    * Kubelet successfully ran pod w/ mounted secret.
+
+-->
+    
+* Kubelet 在容器中运行 - Paul
+
+    * Kubelet 成功地运行了带有 secret 的 pod。
+    
diff --git a/content/zh/blog/_posts/2015-06-00-Slides-Cluster-Management-With.md b/content/zh/blog/_posts/2015-06-00-Slides-Cluster-Management-With.md
new file mode 100644
index 0000000000000..8e1c001d65373
--- /dev/null
+++ b/content/zh/blog/_posts/2015-06-00-Slides-Cluster-Management-With.md
@@ -0,0 +1,25 @@
+---
+title: "幻灯片：Kubernetes 集群管理，爱丁堡大学演讲"
+date: 2015-06-26
+slug: slides-cluster-management-with
+url: /blog/2015/06/Slides-Cluster-Management-With
+---
+
+<!--
+---
+title: " Slides: Cluster Management with Kubernetes, talk given at the University of Edinburgh "
+date: 2015-06-26
+slug: slides-cluster-management-with
+url: /blog/2015/06/Slides-Cluster-Management-With
+---
+-->
+
+<!--
+On Friday 5 June 2015 I gave a talk called [Cluster Management with Kubernetes](https://docs.google.com/presentation/d/1H4ywDb4vAJeg8KEjpYfhNqFSig0Q8e_X5I36kM9S6q0/pub?start=false&loop=false&delayms=3000) to a general audience at the University of Edinburgh. The talk includes an example of a music store system with a Kibana front end UI and an Elasticsearch based back end which helps to make concrete concepts like pods, replication controllers and services.
+
+[Cluster Management with Kubernetes](https://docs.google.com/presentation/d/1H4ywDb4vAJeg8KEjpYfhNqFSig0Q8e_X5I36kM9S6q0/pub?start=false&loop=false&delayms=3000).
+-->
+
+2015年6月5日星期五，我在爱丁堡大学给普通听众做了一个演讲，题目是[使用 Kubernetes 进行集群管理](https://docs.google.com/presentation/d/1H4ywDb4vAJeg8KEjpYfhNqFSig0Q8e_X5I36kM9S6q0/pub?start=false&loop=false&delayms=3000)。这次演讲包括一个带有 Kibana 前端 UI 的音乐存储系统的例子，以及一个基于 Elasticsearch 的后端，该后端有助于生成具体的概念，如 pods、复制控制器和服务。
+
+[Kubernetes 集群管理](https://docs.google.com/presentation/d/1H4ywDb4vAJeg8KEjpYfhNqFSig0Q8e_X5I36kM9S6q0/pub?start=false&loop=false&delayms=3000)。
diff --git a/content/zh/blog/_posts/2015-07-00-Announcing-First-Kubernetes-Enterprise.md b/content/zh/blog/_posts/2015-07-00-Announcing-First-Kubernetes-Enterprise.md
new file mode 100644
index 0000000000000..d71f6bcc70047
--- /dev/null
+++ b/content/zh/blog/_posts/2015-07-00-Announcing-First-Kubernetes-Enterprise.md
@@ -0,0 +1,24 @@
+---
+title: "宣布首个Kubernetes企业培训课程 "
+date: 2015-07-08
+slug: announcing-first-kubernetes-enterprise
+url: /blog/2015/07/Announcing-First-Kubernetes-Enterprise
+---
+<!-- ---
+title: " Announcing the First Kubernetes Enterprise Training Course "
+date: 2015-07-08
+slug: announcing-first-kubernetes-enterprise
+url: /blog/2015/07/Announcing-First-Kubernetes-Enterprise
+--- -->
+
+<!-- At Google we rely on Linux application containers to run our core infrastructure. Everything from Search to Gmail runs in containers. &nbsp;In fact, we like containers so much that even our Google Compute Engine VMs run in containers! &nbsp;Because containers are critical to our business, we have been working with the community on many of the basic container technologies (from cgroups to Docker’s LibContainer) and even decided to build the next generation of Google’s container scheduling technology, Kubernetes, in the open. -->
+在谷歌，我们依赖 Linux 容器应用程序去运行我们的核心基础架构。所有服务，从搜索引擎到Gmail服务，都运行在容器中。事实上，我们非常喜欢容器，甚至我们的谷歌云计算引擎虚拟机也运行在容器上！由于容器对于我们的业务至关重要，我们已经与社区合作开发许多基本的容器技术（从 cgroups 到 Docker 的 LibContainer）,甚至决定去构建谷歌的下一代开源容器调度技术，Kubernetes。
+
+<!-- One year into the Kubernetes project, and on the eve of our planned V1 release at OSCON, we are pleased to announce the first-ever formal Kubernetes enterprise-focused training session organized by a key Kubernetes contributor, Mesosphere. The inaugural session will be taught by Zed Shaw and Michael Hausenblas from Mesosphere, and will take place on July 20 at OSCON in Portland. [Pre-registration](https://mesosphere.com/training/kubernetes/) is free for early registrants, but space is limited so act soon! -->
+在 Kubernetes 项目进行一年后，在 OSCON 上发布 V1 版本的前夕，我们很高兴的宣布Kubernetes 的主要贡献者 Mesosphere 组织了有史以来第一次正规的以企业为中心的 Kubernetes 培训会议。首届会议将于 6 月 20 日在波特兰的 OSCON 举办，由来自 Mesosphere 的 Zed Shaw 和 Michael Hausenblas 演讲。[Pre-registration](https://mesosphere.com/training/kubernetes/) 对于优先注册者是免费的，但名额有限，立刻行动吧！
+
+<!-- This one-day course will cover the basics of building and deploying containerized applications using Kubernetes. It will walk attendees through the end-to-end process of creating a Kubernetes application architecture, building and configuring Docker images, and deploying them on a Kubernetes cluster. Users will also learn the fundamentals of deploying Kubernetes applications and services on our Google Container Engine and Mesosphere’s Datacenter Operating System. -->
+这个为期一天的课程将包涵使用 Kubernetes 构建和部署容器化应用程序的基础知识。它将通过完整的流程引导与参会者创建一个 Kubernetes 的应用程序体系结构，创建和配置 Docker 镜像，并把它们部署到 Kubernetes 集群上。用户还将了解在我们的谷歌容器引擎和 Mesosphere 的数据中心操作系统上部署 Kubernetes 应用程序和服务的基础知识。
+
+<!-- The upcoming Kubernetes bootcamp will be a great way to learn how to apply Kubernetes to solve long-standing deployment and application management problems. &nbsp;This is just the first of what we hope are many, and from a broad set of contributors. -->
+即将推出的 Kubernetes bootcamp 将是学习如何应用 Kubernetes 解决长期部署和应用程序管理问题的一个好途径。相对于我们所预期的，来自于广泛社区的众多培训项目而言，这只是其中一个。
diff --git a/content/zh/blog/_posts/2015-12-00-Managing-Kubernetes-Pods-Services-And-Replication-Controllers-With-Puppet.md b/content/zh/blog/_posts/2015-12-00-Managing-Kubernetes-Pods-Services-And-Replication-Controllers-With-Puppet.md
new file mode 100644
index 0000000000000..5faf8381489ea
--- /dev/null
+++ b/content/zh/blog/_posts/2015-12-00-Managing-Kubernetes-Pods-Services-And-Replication-Controllers-With-Puppet.md
@@ -0,0 +1,164 @@
+---
+title: " 使用 Puppet 管理 Kubernetes Pods，Services 和 Replication Controllers "
+date: 2015-12-17
+slug: managing-kubernetes-pods-services-and-replication-controllers-with-puppet
+url: /blog/2015/12/Managing-Kubernetes-Pods-Services-And-Replication-Controllers-With-Puppet
+---
+
+<!--
+---
+title: " Managing Kubernetes Pods, Services and Replication Controllers with Puppet "
+date: 2015-12-17
+slug: managing-kubernetes-pods-services-and-replication-controllers-with-puppet
+url: /blog/2015/12/Managing-Kubernetes-Pods-Services-And-Replication-Controllers-With-Puppet
+---
+-->
+
+<!--
+_Today’s guest post is written by Gareth Rushgrove, Senior Software Engineer at Puppet Labs, a leader in IT automation. Gareth tells us about a new Puppet module that helps manage resources in Kubernetes.&nbsp;_  
+
+People familiar with [Puppet](https://github.com/puppetlabs/puppet)&nbsp;might have used it for managing files, packages and users on host computers. But Puppet is first and foremost a configuration management tool, and config management is a much broader discipline than just managing host-level resources. A good definition of configuration management is that it aims to solve four related problems: identification, control, status accounting and verification and audit. These problems exist in the operation of any complex system, and with the new [Puppet Kubernetes module](https://forge.puppetlabs.com/garethr/kubernetes)&nbsp;we’re starting to look at how we can solve those problems for Kubernetes.  
+-->
+
+_今天的嘉宾帖子是由 IT 自动化领域的领导者 Puppet Labs 的高级软件工程师 Gareth Rushgrove 撰写的。Gareth告诉我们一个新的 Puppet 模块，它帮助管理 Kubernetes 中的资源。_
+
+熟悉[Puppet]的人(https://github.com/puppetlabs/puppet)可能使用它来管理主机上的文件、包和用户。但是Puppet首先是一个配置管理工具，配置管理是一个比管理主机级资源更广泛的规程。配置管理的一个很好的定义是它旨在解决四个相关的问题：标识、控制、状态核算和验证审计。这些问题存在于任何复杂系统的操作中，并且有了新的[Puppet Kubernetes module](https://forge.puppetlabs.com/garethr/kubernetes)，我们开始研究如何为 Kubernetes 解决这些问题。
+
+<!--
+### The Puppet Kubernetes Module
+
+The Puppet Kubernetes module currently assumes you already have a Kubernetes cluster [up and running](http://kubernetes.io/gettingstarted/).&nbsp;Its focus is on managing the resources in Kubernetes, like Pods, Replication Controllers and Services, not (yet) on managing the underlying kubelet or etcd services. Here’s a quick snippet of code describing a Pod in Puppet’s DSL.  
+-->
+
+### Puppet Kubernetes 模块
+
+Puppet kubernetes 模块目前假设您已经有一个 kubernetes 集群 [启动并运行]](http://kubernetes.io/gettingstarted/)。它的重点是管理 Kubernetes中的资源，如 Pods、Replication Controllers 和 Services，而不是（现在）管理底层的 kubelet 或 etcd services。下面是描述 Puppet’s DSL 中一个 Pod 的简短代码片段。
+
+<!--
+```
+kubernetes_pod { 'sample-pod':
+  ensure => present,
+  metadata => {
+    namespace => 'default',
+  },
+  spec => {
+    containers => [{
+      name => 'container-name',
+      image => 'nginx',
+    }]
+  },
+```
+}  
+-->
+
+```
+kubernetes_pod { 'sample-pod':
+  ensure => present,
+  metadata => {
+    namespace => 'default',
+  },
+  spec => {
+    containers => [{
+      name => 'container-name',
+      image => 'nginx',
+    }]
+  },
+}  
+```
+<!--
+If you’re familiar with the YAML file format, you’ll probably recognise the structure immediately. The interface is intentionally identical to aid conversion between different formats — in fact, the code powering this is autogenerated from the Kubernetes API Swagger definitions. Running the above code, assuming we save it as pod.pp, is as simple as:  
+
+
+```
+puppet apply pod.pp
+```
+-->
+
+如果您熟悉 YAML 文件格式，您可能会立即识别该结构。 该接口故意采取相同的格式以帮助在不同格式之间进行转换 — 事实上，为此提供支持的代码是从Kubernetes API Swagger自动生成的。 运行上面的代码，假设我们将其保存为 pod.pp，就像下面这样简单：
+
+
+```
+puppet apply pod.pp
+```
+
+<!--
+Authentication uses the standard kubectl configuration file. You can find complete [installation instructions in the module's README](https://github.com/garethr/garethr-kubernetes/blob/master/README.md).  
+
+Kubernetes has several resources, from Pods and Services to Replication Controllers and Service Accounts. You can see an example of the module managing these resources in the [Kubernetes guestbook sample in Puppet](https://puppetlabs.com/blog/kubernetes-guestbook-example-puppet)&nbsp;post. This demonstrates converting the canonical hello-world example to use Puppet code.  -->
+
+身份验证使用标准的 kubectl 配置文件。您可以在模块的自述文件中找到完整的[README](https://github.com/garethr/garethr-kubernetes/blob/master/README.md)。
+
+Kubernetes 有很多资源，来自 Pods、 Services、 Replication Controllers 和 Service Accounts。您可以在[Puppet 中的 kubernetes 留言簿示例](https://puppetlabs.com/blog/kubernetes-guestbook-example-puppet)文章中看到管理这些资源的模块示例。这演示了如何将规范的 hello-world 示例转换为使用 Puppet代码。
+
+<!--
+One of the main advantages of using Puppet for this, however, is that you can create your own higher-level and more business-specific interfaces to Kubernetes-managed applications. For instance, for the guestbook, you could create something like the following:  
+
+
+```
+guestbook { 'myguestbook':
+  redis_slave_replicas => 2,
+  frontend_replicas => 3,
+  redis_master_image => 'redis',
+  redis_slave_image => 'gcr.io/google_samples/gb-redisslave:v1',
+  frontend_image => 'gcr.io/google_samples/gb-frontend:v3',     
+}
+```
+-->
+
+然而，使用 Puppet 的一个主要优点是，您可以创建自己的更高级别和更特定于业务的接口，以连接 kubernetes 管理的应用程序。例如，对于留言簿，可以创建如下内容：
+
+```
+guestbook { 'myguestbook':
+  redis_slave_replicas => 2,
+  frontend_replicas => 3,
+  redis_master_image => 'redis',
+  redis_slave_image => 'gcr.io/google_samples/gb-redisslave:v1',
+  frontend_image => 'gcr.io/google_samples/gb-frontend:v3',     
+}
+```
+
+<!--
+You can read more about using Puppet’s defined types, and see lots more code examples, in the Puppet blog post, [Building Your Own Abstractions for Kubernetes in Puppet](https://puppetlabs.com/blog/building-your-own-abstractions-kubernetes-puppet).  
+
+
+### Conclusions
+
+The advantages of using Puppet rather than just the standard YAML files and kubectl are:  
+-->
+
+您可以在Puppet博客文章[在 Puppet 中为 Kubernetes 构建自己的抽象](https://puppetlabs.com/blog/building-your-own-abstractions-kubernetes-puppet)中阅读更多关于使用 Puppet 定义的类型的信息，并看到更多的代码示例。
+
+
+### 结论
+
+使用 Puppet 而不仅仅是使用标准的 YAML 文件和 kubectl 的优点是：
+
+<!--
+- The ability to create your own abstractions to cut down on repetition and craft higher-level user interfaces, like the guestbook example above.&nbsp;
+- Use of Puppet’s development tools for validating code and for writing unit tests.&nbsp;
+- Integration with other tools such as Puppet Server, for ensuring that your model in code matches the state of your cluster, and with PuppetDB for storing reports and tracking changes.
+- The ability to run the same code repeatedly against the Kubernetes API, to detect any changes or remediate configuration drift.&nbsp;
+-->
+
+- 能够创建自己的抽象，以减少重复和设计更高级别的用户界面，如上面的留言簿示例。
+- 使用 Puppet 的开发工具验证代码和编写单元测试。
+- 与 Puppet Server 等其他工具配合，以确保代码中的模型与集群的状态匹配，并与 PuppetDB 配合工作，以存储报告和跟踪更改。
+- 能够针对 Kubernetes API 重复运行相同的代码，以检测任何更改或修正配置。
+
+<!--
+It’s also worth noting that most large organisations will have very heterogenous environments, running a wide range of software and operating systems. Having a single toolchain that unifies those discrete systems can make adopting new technology like Kubernetes much easier.  
+-->
+
+值得注意的是，大多数大型组织都将拥有非常异构的环境，运行各种各样的软件和操作系统。拥有统一这些离散系统的单一工具链可以使采用 Kubernetes 等新技术变得更加容易。
+
+<!--
+It’s safe to say that Kubernetes provides an excellent set of primitives on which to build cloud-native systems. And with Puppet, you can address some of the operational and configuration management issues that come with running any complex system in production. [Let us know](mailto:gareth@puppetlabs.com)&nbsp;what you think if you try the module out, and what else you’d like to see supported in the future.  
+
+&nbsp;-&nbsp;Gareth Rushgrove, Senior Software Engineer, Puppet Labs
+-->
+
+可以肯定地说，Kubernetes提供了一组优秀的组件来构建云原生系统。使用 Puppet，您可以解决在生产中运行任何复杂系统所带来的一些操作和配置管理问题。[告诉我们](mailto:gareth@puppetlabs.com)如果您试用了该模块，您会有什么想法，以及您希望在将来看到哪些支持。
+
+
+Gareth Rushgrove，Puppet Labs 高级软件工程师
+
diff --git a/content/zh/blog/_posts/2016-01-00-Simple-Leader-Election-With-Kubernetes.md b/content/zh/blog/_posts/2016-01-00-Simple-Leader-Election-With-Kubernetes.md
new file mode 100644
index 0000000000000..bcea1c026e4cc
--- /dev/null
+++ b/content/zh/blog/_posts/2016-01-00-Simple-Leader-Election-With-Kubernetes.md
@@ -0,0 +1,303 @@
+<!--
+---
+title: " Simple leader election with Kubernetes and Docker "
+date: 2016-01-11
+slug: simple-leader-election-with-kubernetes
+url: /blog/2016/01/Simple-Leader-Election-With-Kubernetes
+---
+
+####  Overview
+-->
+
+title: "Kubernetes 和 Docker 简单的 leader election"
+date: 2016-01-11
+slug: simple-leader-election-with-kubernetes
+url: /blog/2016/01/Simple-Leader-Election-With-Kubernetes
+
+<!--
+Kubernetes simplifies the deployment and operational management of services running on clusters. However, it also simplifies the development of these services. In this post we'll see how you can use Kubernetes to easily perform leader election in your distributed application. Distributed applications usually replicate the tasks of a service for reliability and scalability, but often it is necessary to designate one of the replicas as the leader who is responsible for coordination among all of the replicas.
+-->
+
+Kubernetes 简化了集群上运行的服务的部署和操作管理。但是，它也简化了这些服务的发展。在本文中，我们将看到如何使用 Kubernetes 在分布式应用程序中轻松地执行 leader election。分布式应用程序通常为了可靠性和可伸缩性而复制服务的任务，但通常需要指定其中一个副本作为负责所有副本之间协调的负责人。
+
+<!--
+Typically in leader election, a set of candidates for becoming leader is identified. These candidates all race to declare themselves the leader. One of the candidates wins and becomes the leader. Once the election is won, the leader continually "heartbeats" to renew their position as the leader, and the other candidates periodically make new attempts to become the leader. This ensures that a new leader is identified quickly, if the current leader fails for some reason.
+-->
+
+通常在 leader election 中，会确定一组成为领导者的候选人。这些候选人都竞相宣布自己为领袖。其中一位候选人获胜并成为领袖。一旦选举获胜，领导者就会不断地“信号”以表示他们作为领导者的地位，其他候选人也会定期地做出新的尝试来成为领导者。这样可以确保在当前领导因某种原因失败时，快速确定新领导。
+
+<!--
+Implementing leader election usually requires either deploying software such as ZooKeeper, etcd or Consul and using it for consensus, or alternately, implementing a consensus algorithm on your own. We will see below that Kubernetes makes the process of using leader election in your application significantly easier.
+
+####  Implementing leader election in Kubernetes
+-->
+
+实现 leader election 通常需要部署 ZooKeeper、etcd 或 Consul 等软件并将其用于协商一致，或者也可以自己实现协商一致算法。我们将在下面看到，Kubernetes 使在应用程序中使用 leader election 的过程大大简化。
+
+####在 Kubernetes 实施领导人选举
+
+<!--
+The first requirement in leader election is the specification of the set of candidates for becoming the leader. Kubernetes already uses _Endpoints_ to represent a replicated set of pods that comprise a service, so we will re-use this same object. (aside: You might have thought that we would use _ReplicationControllers_, but they are tied to a specific binary, and generally you want to have a single leader even if you are in the process of performing a rolling update)
+
+To perform leader election, we use two properties of all Kubernetes API objects:
+-->
+
+Leader election 的首要条件是确定候选人的人选。Kubernetes 已经使用 _Endpoints_ 来表示组成服务的一组复制 pod，因此我们将重用这个相同的对象。（旁白：您可能认为我们会使用 _ReplicationControllers_，但它们是绑定到特定的二进制文件，而且通常您希望只有一个领导者，即使您正在执行滚动更新）
+
+要执行 leader election，我们使用所有 Kubernetes api 对象的两个属性：
+
+<!--
+* ResourceVersions - Every API object has a unique ResourceVersion, and you can use these versions to perform compare-and-swap on Kubernetes objects
+* Annotations - Every API object can be annotated with arbitrary key/value pairs to be used by clients.
+
+Given these primitives, the code to use master election is relatively straightforward, and you can find it [here][1]. Let's run it ourselves.
+-->
+
+* ResourceVersions - 每个 API 对象都有一个惟一的 ResourceVersion，您可以使用这些版本对 Kubernetes 对象执行比较和交换
+* Annotations - 每个 API 对象都可以用客户端使用的任意键/值对进行注释。
+
+给定这些原语，使用 master election 的代码相对简单，您可以在这里找到[here][1]。我们自己来做吧。
+
+<!--
+```    
+$ kubectl run leader-elector --image=gcr.io/google_containers/leader-elector:0.4 --replicas=3 -- --election=example
+```
+
+This creates a leader election set with 3 replicas:
+
+```    
+$ kubectl get pods
+NAME                   READY     STATUS    RESTARTS   AGE
+leader-elector-inmr1   1/1       Running   0          13s
+leader-elector-qkq00   1/1       Running   0          13s
+leader-elector-sgwcq   1/1       Running   0          13s
+```
+-->
+
+```    
+$ kubectl run leader-elector --image=gcr.io/google_containers/leader-elector:0.4 --replicas=3 -- --election=example
+```
+
+这将创建一个包含3个副本的 leader election 集合：
+
+```    
+$ kubectl get pods
+NAME                   READY     STATUS    RESTARTS   AGE
+leader-elector-inmr1   1/1       Running   0          13s
+leader-elector-qkq00   1/1       Running   0          13s
+leader-elector-sgwcq   1/1       Running   0          13s
+```
+
+<!--
+To see which pod was chosen as the leader, you can access the logs of one of the pods, substituting one of your own pod's names in place of
+
+```  
+${pod_name}, (e.g. leader-elector-inmr1 from the above)
+
+$ kubectl logs -f ${name}
+leader is (leader-pod-name)
+```
+… Alternately, you can inspect the endpoints object directly:
+-->
+
+要查看哪个pod被选为领导，您可以访问其中一个 pod 的日志，用您自己的一个 pod 的名称替换
+
+```  
+${pod_name}, (e.g. leader-elector-inmr1 from the above)
+
+$ kubectl logs -f ${name}
+leader is (leader-pod-name)
+```
+…或者，可以直接检查 endpoints 对象：
+
+<!--
+_'example' is the name of the candidate set from the above kubectl run … command_
+```
+$ kubectl get endpoints example -o yaml
+```
+Now to validate that leader election actually works, in a different terminal, run:
+
+```  
+$ kubectl delete pods (leader-pod-name)
+```
+-->
+
+_'example' 是上面 kubectl run … 命令_中候选集的名称
+```
+$ kubectl get endpoints example -o yaml
+```
+现在，要验证 leader election 是否实际有效，请在另一个终端运行：
+```  
+$ kubectl delete pods (leader-pod-name)
+```
+
+<!--
+This will delete the existing leader. Because the set of pods is being managed by a replication controller, a new pod replaces the one that was deleted, ensuring that the size of the replicated set is still three. Via leader election one of these three pods is selected as the new leader, and you should see the leader failover to a different pod. Because pods in Kubernetes have a _grace period_ before termination, this may take 30-40 seconds.
+
+The leader-election container provides a simple webserver that can serve on any address (e.g. http://localhost:4040). You can test this out by deleting the existing leader election group and creating a new one where you additionally pass in a --http=(host):(port) specification to the leader-elector image. This causes each member of the set to serve information about the leader via a webhook.
+-->
+
+这将删除现有领导。由于 pod 集由 replication controller 管理，因此新的 pod 将替换已删除的pod，确保复制集的大小仍为3。通过 leader election，这三个pod中的一个被选为新的领导者，您应该会看到领导者故障转移到另一个pod。因为 Kubernetes 的吊舱在终止前有一个 _grace period_，这可能需要30-40秒。
+
+Leader-election container 提供了一个简单的 web 服务器，可以服务于任何地址(e.g. http://localhost:4040)。您可以通过删除现有的 leader election 组并创建一个新的 leader elector 组来测试这一点，在该组中，您还可以向 leader elector 映像传递--http=(host):(port) 规范。这将导致集合中的每个成员通过 webhook 提供有关领导者的信息。
+
+<!--
+```    
+# delete the old leader elector group
+$ kubectl delete rc leader-elector
+
+# create the new group, note the --http=localhost:4040 flag
+$ kubectl run leader-elector --image=gcr.io/google_containers/leader-elector:0.4 --replicas=3 -- --election=example --http=0.0.0.0:4040
+
+# create a proxy to your Kubernetes api server
+$ kubectl proxy
+```
+-->
+
+```    
+# delete the old leader elector group
+$ kubectl delete rc leader-elector
+
+# create the new group, note the --http=localhost:4040 flag
+$ kubectl run leader-elector --image=gcr.io/google_containers/leader-elector:0.4 --replicas=3 -- --election=example --http=0.0.0.0:4040
+
+# create a proxy to your Kubernetes api server
+$ kubectl proxy
+```
+
+<!--
+You can then access:
+
+
+http://localhost:8001/api/v1/proxy/namespaces/default/pods/(leader-pod-name):4040/
+
+
+And you will see:
+
+```  
+{"name":"(name-of-leader-here)"}
+```
+####  Leader election with sidecars
+-->
+
+然后您可以访问：
+
+
+
+
+http://localhost:8001/api/v1/proxy/namespaces/default/pods/(leader-pod-name):4040/
+
+
+
+
+你会看到：
+
+```  
+{"name":"(name-of-leader-here)"}
+```
+####  有副手的 leader election
+
+<!--
+Ok, that's great, you can do leader election and find out the leader over HTTP, but how can you use it from your own application? This is where the notion of sidecars come in. In Kubernetes, Pods are made up of one or more containers. Often times, this means that you add sidecar containers to your main application to make up a Pod. (for a much more detailed treatment of this subject see my earlier blog post).
+
+The leader-election container can serve as a sidecar that you can use from your own application. Any container in the Pod that's interested in who the current master is can simply access http://localhost:4040 and they'll get back a simple JSON object that contains the name of the current master. Since all containers in a Pod share the same network namespace, there's no service discovery required!
+-->
+
+好吧，那太好了，你可以通过 HTTP 进行leader election 并找到 leader，但是你如何从自己的应用程序中使用它呢？这就是 sidecar 的由来。Kubernetes  中，Pods 由一个或多个容器组成。通常情况下，这意味着您将 sidecar containers 添加到主应用程序中以组成 pod。（关于这个主题的更详细的处理，请参阅我之前的博客文章）。
+Leader-election container 可以作为一个 sidecar，您可以从自己的应用程序中使用。Pod 中任何对当前 master 感兴趣的容器都可以简单地访问http://localhost:4040，它们将返回一个包含当前 master 名称的简单 json 对象。由于 pod中 的所有容器共享相同的网络命名空间，因此不需要服务发现！
+
+<!--
+For example, here is a simple Node.js application that connects to the leader election sidecar and prints out whether or not it is currently the master. The leader election sidecar sets its identifier to `hostname` by default.
+
+```    
+var http = require('http');
+// This will hold info about the current master
+var master = {};
+
+  // The web handler for our nodejs application
+  var handleRequest = function(request, response) {
+    response.writeHead(200);
+    response.end("Master is " + master.name);
+  };
+
+  // A callback that is used for our outgoing client requests to the sidecar
+  var cb = function(response) {
+    var data = '';
+    response.on('data', function(piece) { data = data + piece; });
+    response.on('end', function() { master = JSON.parse(data); });
+  };
+
+  // Make an async request to the sidecar at http://localhost:4040
+  var updateMaster = function() {
+    var req = http.get({host: 'localhost', path: '/', port: 4040}, cb);
+    req.on('error', function(e) { console.log('problem with request: ' + e.message); });
+    req.end();
+  };
+
+  / / Set up regular updates
+  updateMaster();
+  setInterval(updateMaster, 5000);
+
+  // set up the web server
+  var www = http.createServer(handleRequest);
+  www.listen(8080);
+  ```
+  Of course, you can use this sidecar from any language that you choose that supports HTTP and JSON.
+-->
+
+例如，这里有一个简单的 Node.js 应用程序，它连接到 leader election sidecar 并打印出它当前是否是 master。默认情况下，leader election sidecar 将其标识符设置为 `hostname`。
+
+```    
+var http = require('http');
+// This will hold info about the current master
+var master = {};
+
+  // The web handler for our nodejs application
+  var handleRequest = function(request, response) {
+    response.writeHead(200);
+    response.end("Master is " + master.name);
+  };
+
+  // A callback that is used for our outgoing client requests to the sidecar
+  var cb = function(response) {
+    var data = '';
+    response.on('data', function(piece) { data = data + piece; });
+    response.on('end', function() { master = JSON.parse(data); });
+  };
+
+  // Make an async request to the sidecar at http://localhost:4040
+  var updateMaster = function() {
+    var req = http.get({host: 'localhost', path: '/', port: 4040}, cb);
+    req.on('error', function(e) { console.log('problem with request: ' + e.message); });
+    req.end();
+  };
+
+  / / Set up regular updates
+  updateMaster();
+  setInterval(updateMaster, 5000);
+
+  // set up the web server
+  var www = http.createServer(handleRequest);
+  www.listen(8080);
+  ```
+ 当然，您可以从任何支持 HTTP 和 JSON 的语言中使用这个 sidecar。
+
+<!--
+#### Conclusion
+
+
+  Hopefully I've shown you how easy it is to build leader election for your distributed application using Kubernetes. In future installments we'll show you how Kubernetes is making building distributed systems even easier. In the meantime, head over to [Google Container Engine][2] or [kubernetes.io][3] to get started with Kubernetes.
+
+  [1]: https://github.com/kubernetes/contrib/pull/353
+  [2]: https://cloud.google.com/container-engine/
+  [3]: http://kubernetes.io/
+-->
+
+#### 结论
+
+
+ 希望我已经向您展示了使用 Kubernetes 为您的分布式应用程序构建 leader election 是多么容易。在以后的部分中，我们将向您展示 Kubernetes 如何使构建分布式系统变得更加容易。同时，转到[Google Container Engine][2]或[kubernetes.io][3]开始使用Kubernetes。
+
+  [1]: https://github.com/kubernetes/contrib/pull/353
+  [2]: https://cloud.google.com/container-engine/
+  [3]: http://kubernetes.io/
\ No newline at end of file
diff --git a/content/zh/blog/_posts/2016-01-00-Why-Kubernetes-Doesnt-Use-Libnetwork.md b/content/zh/blog/_posts/2016-01-00-Why-Kubernetes-Doesnt-Use-Libnetwork.md
new file mode 100644
index 0000000000000..424a68d0777ad
--- /dev/null
+++ b/content/zh/blog/_posts/2016-01-00-Why-Kubernetes-Doesnt-Use-Libnetwork.md
@@ -0,0 +1,79 @@
+---
+title: " 为什么 Kubernetes 不用 libnetwork "
+date: 2016-01-14
+slug: why-kubernetes-doesnt-use-libnetwork
+url: /blog/2016/01/Why-Kubernetes-Doesnt-Use-Libnetwork
+---
+
+<!-- ---
+title: " Why Kubernetes doesn’t use libnetwork "
+date: 2016-01-14
+slug: why-kubernetes-doesnt-use-libnetwork
+url: /blog/2016/01/Why-Kubernetes-Doesnt-Use-Libnetwork
+--- -->
+
+<!-- Kubernetes has had a very basic form of network plugins since before version 1.0 was released — around the same time as Docker's [libnetwork](https://github.com/docker/libnetwork) and Container Network Model ([CNM](https://github.com/docker/libnetwork/blob/master/docs/design.md)) was introduced. Unlike libnetwork, the Kubernetes plugin system still retains its "alpha" designation. Now that Docker's network plugin support is released and supported, an obvious question we get is why Kubernetes has not adopted it yet. After all, vendors will almost certainly be writing plugins for Docker — we would all be better off using the same drivers, right?   -->
+
+在 1.0 版本发布之前，Kubernetes 已经有了一个非常基础的网络插件形式-大约在引入 Docker’s [libnetwork](https://github.com/docker/libnetwork) 和 Container Network Model ([CNM](https://github.com/docker/libnetwork/blob/master/docs/design.md)) 的时候。与 libnetwork 不同，Kubernetes 插件系统仍然保留它的 'alpha' 名称。现在 Docker 的网络插件支持已经发布并得到支持，我们发现一个明显的问题是 Kubernetes 尚未采用它。毕竟，供应商几乎肯定会为 Docker 编写插件-我们最好还是用相同的驱动程序，对吧？
+
+<!-- Before going further, it's important to remember that Kubernetes is a system that supports multiple container runtimes, of which Docker is just one. Configuring networking is a facet of each runtime, so when people ask "will Kubernetes support CNM?" what they really mean is "will kubernetes support CNM drivers with the Docker runtime?" It would be great if we could achieve common network support across runtimes, but that’s not an explicit goal.   -->
+
+在进一步说明之前，重要的是记住 Kubernetes 是一个支持多种容器运行时的系统， Docker 只是其中之一。配置网络只是每一个运行时的一个方面，所以当人们问起“ Kubernetes 会支持CNM吗？”，他们真正的意思是“ Kubernetes 会支持 Docker 运行时的 CNM 驱动吗？”如果我们能够跨运行时实现通用的网络支持会很棒，但这不是一个明确的目标。
+
+<!-- Indeed, Kubernetes has not adopted CNM/libnetwork for the Docker runtime. In fact, we’ve been investigating the alternative Container Network Interface ([CNI](https://github.com/appc/cni/blob/master/SPEC.md)) model put forth by CoreOS and part of the App Container ([appc](https://github.com/appc)) specification. Why? There are a number of reasons, both technical and non-technical.   -->
+
+实际上， Kubernetes 还没有为 Docker 运行时采用 CNM/libnetwork 。事实上，我们一直在研究 CoreOS 提出的替代 Container Network Interface ([CNI](https://github.com/appc/cni/blob/master/SPEC.md)) 模型以及 App Container ([appc](https://github.com/appc)) 规范的一部分。为什么我们要这么做？有很多技术和非技术的原因。
+
+<!-- First and foremost, there are some fundamental assumptions in the design of Docker's network drivers that cause problems for us.   -->
+
+首先，Docker 的网络驱动程序设计中存在一些基本假设，这些假设会给我们带来问题。
+
+<!-- Docker has a concept of "local" and "global" drivers. Local drivers (such as "bridge") are machine-centric and don’t do any cross-node coordination. Global drivers (such as "overlay") rely on [libkv](https://github.com/docker/libkv) (a key-value store abstraction) to coordinate across machines. This key-value store is a another plugin interface, and is very low-level (keys and values, no semantic meaning). To run something like Docker's overlay driver in a Kubernetes cluster, we would either need cluster admins to run a whole different instance of [consul](https://github.com/hashicorp/consul), [etcd](https://github.com/coreos/etcd) or [zookeeper](https://zookeeper.apache.org/) (see [multi-host networking](https://docs.docker.com/engine/userguide/networking/get-started-overlay/)), or else we would have to provide our own libkv implementation that was backed by Kubernetes.  -->
+
+Docker 有一个“本地”和“全局”驱动程序的概念。本地驱动程序（例如 "bridge" ）以机器为中心，不进行任何跨节点协调。全局驱动程序（例如 "overlay" ）依赖于 [libkv](https://github.com/docker/libkv) （一个键值存储抽象库）来协调跨机器。这个键值存储是另一个插件接口，并且是非常低级的（键和值，没有其他含义）。 要在 Kubernetes 集群中运行类似 Docker's overlay 驱动程序，我们要么需要集群管理员来运行 [consul](https://github.com/hashicorp/consul), [etcd](https://github.com/coreos/etcd) 或 [zookeeper](https://zookeeper.apache.org/) 的整个不同实例 (see [multi-host networking](https://docs.docker.com/engine/userguide/networking/get-started-overlay/)) 否则我们必须提供我们自己的 libkv 实现，那被 Kubernetes 支持。
+
+<!-- The latter sounds attractive, and we tried to implement it, but the libkv interface is very low-level, and the schema is defined internally to Docker. We would have to either directly expose our underlying key-value store or else offer key-value semantics (on top of our structured API which is itself implemented on a key-value system). Neither of those are very attractive for performance, scalability and security reasons. The net result is that the whole system would significantly be more complicated, when the goal of using Docker networking is to simplify things.   -->
+
+后者听起来很有吸引力，并且我们尝试实现它，但 libkv 接口是非常低级的，并且架构在内部定义为 Docker 。我们必须直接暴露我们的底层键值存储，或者提供键值语义（在我们的结构化API之上，它本身是在键值系统上实现的）。对于性能，可伸缩性和安全性原因，这些都不是很有吸引力。最终结果是，当使用 Docker 网络的目标是简化事情时，整个系统将显得更加复杂。
+
+<!-- For users that are willing and able to run the requisite infrastructure to satisfy Docker global drivers and to configure Docker themselves, Docker networking should "just work." Kubernetes will not get in the way of such a setup, and no matter what direction the project goes, that option should be available. For default installations, though, the practical conclusion is that this is an undue burden on users and we therefore cannot use Docker's global drivers (including "overlay"), which eliminates a lot of the value of using Docker's plugins at all.   -->
+
+对于愿意并且能够运行必需的基础架构以满足 Docker 全局驱动程序并自己配置 Docker 的用户， Docker 网络应该“正常工作。” Kubernetes 不会妨碍这样的设置，无论项目的方向如何，该选项都应该可用。但是对于默认安装，实际的结论是这对用户来说是一个不应有的负担，因此我们不能使用 Docker 的全局驱动程序（包括 "overlay" ），这消除了使用 Docker 插件的很多价值。
+
+<!-- Docker's networking model makes a lot of assumptions that aren’t valid for Kubernetes. In docker versions 1.8 and 1.9, it includes a fundamentally flawed implementation of "discovery" that results in corrupted `/etc/hosts` files in containers ([docker #17190](https://github.com/docker/docker/issues/17190)) — and this cannot be easily turned off. In version 1.10 Docker is planning to [bundle a new DNS server](https://github.com/docker/docker/issues/17195), and it’s unclear whether this will be able to be turned off. Container-level naming is not the right abstraction for Kubernetes — we already have our own concepts of service naming, discovery, and binding, and we already have our own DNS schema and server (based on the well-established [SkyDNS](https://github.com/skynetservices/skydns)). The bundled solutions are not sufficient for our needs but are not disableable.   -->
+
+Docker 的网络模型做出了许多对 Kubernetes 无效的假设。在 docker 1.8 和 1.9 版本中，它包含一个从根本上有缺陷的“发现”实现，导致容器中的 `/etc/hosts` 文件损坏 ([docker #17190](https://github.com/docker/docker/issues/17190)) - 并且这不容易被关闭。在 1.10 版本中，Docker 计划 [捆绑一个新的DNS服务器](https://github.com/docker/docker/issues/17195)，目前还不清楚是否可以关闭它。容器级命名不是 Kubernetes 的正确抽象 - 我们已经有了自己的服务命名，发现和绑定概念，并且我们已经有了自己的 DNS 模式和服务器（基于完善的 [SkyDNS](https://github.com/skynetservices/skydns) ）。捆绑的解决方案不足以满足我们的需求，但不能禁用。
+
+<!-- Orthogonal to the local/global split, Docker has both in-process and out-of-process ("remote") plugins. We investigated whether we could bypass libnetwork (and thereby skip the issues above) and drive Docker remote plugins directly. Unfortunately, this would mean that we could not use any of the Docker in-process plugins, "bridge" and "overlay" in particular, which again eliminates much of the utility of libnetwork.   -->
+
+与本地/全局拆分正交， Docker 具有进程内和进程外（ "remote" ）插件。我们调查了是否可以绕过 libnetwork （从而跳过上面的问题）并直接驱动 Docker remote 插件。不幸的是，这意味着我们无法使用任何 Docker 进程中的插件，特别是 "bridge" 和 "overlay"，这再次消除了 libnetwork 的大部分功能。
+
+<!-- On the other hand, CNI is more philosophically aligned with Kubernetes. It's far simpler than CNM, doesn't require daemons, and is at least plausibly cross-platform (CoreOS’s [rkt](https://coreos.com/rkt/docs/) container runtime supports it). Being cross-platform means that there is a chance to enable network configurations which will work the same across runtimes (e.g. Docker, Rocket, Hyper). It follows the UNIX philosophy of doing one thing well.   -->
+
+另一方面， CNI 在哲学上与 Kubernetes 更加一致。它比 CNM 简单得多，不需要守护进程，并且至少是合理的跨平台（ CoreOS 的 [rkt](https://coreos.com/rkt/docs/) 容器运行时支持它）。跨平台意味着有机会启用跨运行时（例如 Docker ， Rocket ， Hyper ）运行相同的网络配置。 它遵循 UNIX 的理念，即做好一件事。
+
+<!-- Additionally, it's trivial to wrap a CNI plugin and produce a more customized CNI plugin — it can be done with a simple shell script. CNM is much more complex in this regard. This makes CNI an attractive option for rapid development and iteration. Early prototypes have proven that it's possible to eject almost 100% of the currently hard-coded network logic in kubelet into a plugin.   -->
+
+此外，包装 CNI 插件并生成更加个性化的 CNI 插件是微不足道的 - 它可以通过简单的 shell 脚本完成。 CNM 在这方面要复杂得多。这使得 CNI 对于快速开发和迭代是有吸引力的选择。早期的原型已经证明，可以将 kubelet 中几乎 100％ 的当前硬编码网络逻辑弹出到插件中。
+
+<!-- We investigated [writing a "bridge" CNM driver](https://groups.google.com/forum/#!topic/kubernetes-sig-network/5MWRPxsURUw) for Docker that ran CNI drivers. This turned out to be very complicated. First, the CNM and CNI models are very different, so none of the "methods" lined up. We still have the global vs. local and key-value issues discussed above. Assuming this driver would declare itself local, we have to get info about logical networks from Kubernetes.   -->
+
+我们调查了为 Docker [编写 "bridge" CNM驱动程序](https://groups.google.com/forum/#!topic/kubernetes-sig-network/5MWRPxsURUw) 并运行 CNI 驱动程序。事实证明这非常复杂。首先， CNM 和 CNI 模型非常不同，因此没有一种“方法”协调一致。 我们仍然有上面讨论的全球与本地和键值问题。假设这个驱动程序会声明自己是本地的，我们必须从 Kubernetes 获取有关逻辑网络的信息。
+
+<!-- Unfortunately, Docker drivers are hard to map to other control planes like Kubernetes. Specifically, drivers are not told the name of the network to which a container is being attached — just an ID that Docker allocates internally. This makes it hard for a driver to map back to any concept of network that exists in another system.   -->
+
+不幸的是， Docker 驱动程序很难映射到像 Kubernetes 这样的其他控制平面。具体来说，驱动程序不会被告知连接容器的网络名称 - 只是 Docker 内部分配的 ID 。这使得驱动程序很难映射回另一个系统中存在的任何网络概念。
+
+<!-- This and other issues have been brought up to Docker developers by network vendors, and are usually closed as "working as intended" ([libnetwork #139](https://github.com/docker/libnetwork/issues/139), [libnetwork #486](https://github.com/docker/libnetwork/issues/486), [libnetwork #514](https://github.com/docker/libnetwork/pull/514), [libnetwork #865](https://github.com/docker/libnetwork/issues/865), [docker #18864](https://github.com/docker/docker/issues/18864)), even though they make non-Docker third-party systems more difficult to integrate with. Throughout this investigation Docker has made it clear that they’re not very open to ideas that deviate from their current course or that delegate control. This is very worrisome to us, since Kubernetes complements Docker and adds so much functionality, but exists outside of Docker itself.   -->
+
+这个问题和其他问题已由网络供应商提出给 Docker 开发人员，并且通常关闭为“按预期工作”，([libnetwork #139](https://github.com/docker/libnetwork/issues/139), [libnetwork #486](https://github.com/docker/libnetwork/issues/486), [libnetwork #514](https://github.com/docker/libnetwork/pull/514), [libnetwork #865](https://github.com/docker/libnetwork/issues/865), [docker #18864](https://github.com/docker/docker/issues/18864))，即使它们使非 Docker 第三方系统更难以与之集成。在整个调查过程中， Docker 明确表示他们对偏离当前路线或委托控制的想法不太欢迎。这对我们来说非常令人担忧，因为 Kubernetes 补充了 Docker 并增加了很多功能，但它存在于 Docker 之外。
+
+<!-- For all of these reasons we have chosen to invest in CNI as the Kubernetes plugin model. There will be some unfortunate side-effects of this. Most of them are relatively minor (for example, `docker inspect` will not show an IP address), but some are significant. In particular, containers started by `docker run` might not be able to communicate with containers started by Kubernetes, and network integrators will have to provide CNI drivers if they want to fully integrate with Kubernetes. On the other hand, Kubernetes will get simpler and more flexible, and a lot of the ugliness of early bootstrapping (such as configuring Docker to use our bridge) will go away.   -->
+
+出于所有这些原因，我们选择投资 CNI 作为 Kubernetes 插件模型。这会有一些不幸的副作用。它们中的大多数都相对较小（例如， `docker inspect` 不会显示 IP 地址），但有些是重要的。特别是，由 `docker run` 启动的容器可能无法与 Kubernetes 启动的容器通信，如果网络集成商想要与 Kubernetes 完全集成，则必须提供 CNI 驱动程序。另一方面， Kubernetes 将变得更简单，更灵活，早期引入的许多丑陋的（例如配置 Docker 使用我们的网桥）将会消失。
+
+<!-- As we proceed down this path, we’ll certainly keep our eyes and ears open for better ways to integrate and simplify. If you have thoughts on how we can do that, we really would like to hear them — find us on [slack](http://slack.k8s.io/) or on our [network SIG mailing-list](https://groups.google.com/forum/#!forum/kubernetes-sig-network).   -->
+
+当我们沿着这条道路前进时，我们肯定会保持眼睛和耳朵的开放，以便更好地整合和简化。如果您对我们如何做到这一点有所想法，我们真的希望听到它们 - 在 [slack](http://slack.k8s.io/) 或者 [network SIG mailing-list](https://groups.google.com/forum/#!forum/kubernetes-sig-network) 找到我们。
+
+Tim Hockin, Software Engineer, Google
diff --git a/content/zh/blog/_posts/2016-02-00-Kubecon-Eu-2016-Kubernetes-Community-In.md b/content/zh/blog/_posts/2016-02-00-Kubecon-Eu-2016-Kubernetes-Community-In.md
new file mode 100644
index 0000000000000..d4ee22a2b1eb5
--- /dev/null
+++ b/content/zh/blog/_posts/2016-02-00-Kubecon-Eu-2016-Kubernetes-Community-In.md
@@ -0,0 +1,84 @@
+---
+title: " KubeCon EU 2016：伦敦 Kubernetes 社区 "
+date: 2016-02-24
+slug: kubecon-eu-2016-kubernetes-community-in
+url: /blog/2016/02/Kubecon-Eu-2016-Kubernetes-Community-In
+---
+
+<!--
+---
+title: " KubeCon EU 2016: Kubernetes Community in London "
+date: 2016-02-24
+slug: kubecon-eu-2016-kubernetes-community-in
+url: /blog/2016/02/Kubecon-Eu-2016-Kubernetes-Community-In
+---
+-->
+
+<!--
+KubeCon EU 2016 is the inaugural [European Kubernetes](http://kubernetes.io/) community conference that follows on the American launch in November 2015. KubeCon is fully dedicated to education and community engagement for[Kubernetes](http://kubernetes.io/) enthusiasts, production users and the surrounding ecosystem.
+-->
+KubeCon EU 2016 是首届[欧洲 Kubernetes](http://kubernetes.io/) 社区会议，紧随 2015 年 11 月召开的北美会议。KubeCon 致力于为 [Kubernetes](http://kubernetes.io/) 爱好者、产品用户和周围的生态系统提供教育和社区参与。
+
+<!--
+Come join us in London and hang out with hundreds from the Kubernetes community and experience a wide variety of deep technical expert talks and use cases.
+-->
+快来加入我们在伦敦，与 Kubernetes 社区的数百人一起出去，体验各种深入的技术专家讲座和用例。
+
+<!--
+Don’t miss these great speaker sessions at the conference:
+-->
+不要错过这些优质的演讲：
+
+<!--
+* “Kubernetes Hardware Hacks: Exploring the Kubernetes API Through Knobs, Faders, and Sliders” by Ian Lewis and Brian Dorsey, Developer Advocate, Google -* [http://sched.co/6Bl3](http://sched.co/6Bl3)  
+
+* “rktnetes: what's new with container runtimes and Kubernetes” by Jonathan Boulle, Developer and Team Lead at CoreOS -* [http://sched.co/6BY7](http://sched.co/6BY7)
+
+* “Kubernetes Documentation: Contributing, fixing issues, collecting bounties” by John Mulhausen, Lead Technical Writer, Google -* [http://sched.co/6BUP](http://sched.co/6BUP)&nbsp;
+* “[What is OpenStack's role in a Kubernetes world?](https://kubeconeurope2016.sched.org/event/6BYC/what-is-openstacks-role-in-a-kubernetes-world?iframe=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:100;&sidebar=yes&bg=no)” By Thierry Carrez, Director of Engineering, OpenStack Foundation -* http://sched.co/6BYC
+* “A Practical Guide to Container Scheduling” by Mandy Waite, Developer Advocate, Google -* [http://sched.co/6BZa](http://sched.co/6BZa)  
+
+* “[Kubernetes in Production in The New York Times newsroom](https://kubeconeurope2016.sched.org/event/67f2/kubernetes-in-production-in-the-new-york-times-newsroom?iframe=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:100;&sidebar=yes&bg=no)” Eric Lewis, Web Developer, New York Times -* [http://sched.co/67f2](http://sched.co/67f2)
+* “[Creating an Advanced Load Balancing Solution for Kubernetes with NGINX](https://kubeconeurope2016.sched.org/event/6Bc9/creating-an-advanced-load-balancing-solution-for-kubernetes-with-nginx?iframe=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:100;&sidebar=yes&bg=no)” by Andrew Hutchings, Technical Product Manager, NGINX -* http://sched.co/6Bc9
+* And many more http://kubeconeurope2016.sched.org/
+-->
+
+* “Kubernetes 硬件黑客：通过旋钮、推杆和滑块探索 Kubernetes API” 演讲者 Ian Lewis 和 Brian Dorsey，谷歌开发布道师* [http://sched.co/6Bl3](http://sched.co/6Bl3)  
+
+* “rktnetes: 容器运行时和 Kubernetes 的新功能” 演讲者 Jonathan Boulle, CoreOS 的主程 -* [http://sched.co/6BY7](http://sched.co/6BY7)
+
+* “Kubernetes 文档：贡献、修复问题、收集奖金” 作者：John Mulhausen，首席技术作家，谷歌 -* [http://sched.co/6BUP](http://sched.co/6BUP)&nbsp;
+* “[OpenStack 在 Kubernetes 的世界中扮演什么角色？](https://kubeconeurope2016.sched.org/event/6BYC/what-is-openstacks-role-in-a-kubernetes-world?iframe=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:100;&sidebar=yes&bg=no)” 作者：Thierry carez, OpenStack 基金会工程总监 -* http://sched.co/6BYC
+* “容器调度的实用指南” 作者：Mandy Waite，开发者倡导者，谷歌 -* [http://sched.co/6BZa](http://sched.co/6BZa)  
+
+* “[《纽约时报》编辑部正在制作 Kubernetes](https://kubeconeurope2016.sched.org/event/67f2/kubernetes-in-production-in-the-new-york-times-newsroom?iframe=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:100;&sidebar=yes&bg=no)” Eric Lewis，《纽约时报》网站开发人员 -* [http://sched.co/67f2](http://sched.co/67f2)
+* “[使用 NGINX 为 Kubernetes 创建一个高级负载均衡解决方案](https://kubeconeurope2016.sched.org/event/6Bc9/creating-an-advanced-load-balancing-solution-for-kubernetes-with-nginx?iframe=yes&w=i:0;&sidebar=yes&bg=no#?iframe=yes&w=i:100;&sidebar=yes&bg=no)” 作者：Andrew Hutchings, NGINX 技术产品经理 -* http://sched.co/6Bc9
+* 还有更多 http://kubeconeurope2016.sched.org/
+
+<!--
+Get your KubeCon EU [tickets here](https://ti.to/kubecon/kubecon-eu-2016).
+-->
+[在这里](https://ti.to/kubecon/kubecon-eu-2016)获取您的 KubeCon EU 门票。
+
+<!--
+Venue Location: CodeNode * 10 South Pl, London, United Kingdom  
+Accommodations: [hotels](https://skillsmatter.com/contact-us#hotels)   
+Website: [kubecon.io](https://www.kubecon.io/)   
+Twitter: [@KubeConio](https://twitter.com/kubeconio) #KubeCon
+Google is a proud Diamond sponsor of KubeCon EU 2016. Come to London next month, March 10th & 11th, and visit booth #13 to learn all about Kubernetes, Google Container Engine (GKE) and Google Cloud Platform!  
+-->
+会场地址：CodeNode * 英国伦敦南广场 10 号
+酒店住宿：[酒店](https://skillsmatter.com/contact-us)
+网站：[kubecon.io] (https://www.kubecon.io/)
+推特：[@KubeConio] (https://twitter.com/kubeconio)
+谷歌是 KubeCon EU 2016 的钻石赞助商。下个月 3 月 10 - 11 号来伦敦，参观 13 号展位，了解 Kubernetes，Google Container Engine（GKE），Google Cloud Platform 的所有信息!
+
+<!--
+_KubeCon is organized by KubeAcademy, LLC, a community-driven group of developers focused on the education of developers and the promotion of Kubernetes._  
+
+-* Sarah Novotny, Kubernetes Community Manager, Google  
+-->
+
+_KubeCon 是由 KubeAcademy、LLC 组织的，这是一个由社区驱动的开发者团体，专注于开发人员的教育和 kubernet.com 的推广
+-* Sarah Novotny, 谷歌的 Kubernetes 社区经理
+
diff --git a/content/zh/blog/_posts/2016-02-00-Kubernetes-Community-Meeting-Notes.md b/content/zh/blog/_posts/2016-02-00-Kubernetes-Community-Meeting-Notes.md
new file mode 100644
index 0000000000000..5d1037f747226
--- /dev/null
+++ b/content/zh/blog/_posts/2016-02-00-Kubernetes-Community-Meeting-Notes.md
@@ -0,0 +1,117 @@
+---
+title: " Kubernetes 社区会议记录 - 20160204 "
+date: 2016-02-09
+slug: kubernetes-community-meeting-notes
+url: /blog/2016/02/Kubernetes-Community-Meeting-Notes
+---
+<!--
+---
+title: " Kubernetes community meeting notes - 20160204 "
+date: 2016-02-09
+slug: kubernetes-community-meeting-notes
+url: /blog/2016/02/Kubernetes-Community-Meeting-Notes
+---
+-->
+<!--
+####  February 4th - rkt demo (congratulations on the 1.0, CoreOS!), eBay puts k8s on Openstack and considers Openstack on k8s, SIGs, and flaky test surge makes progress.
+-->
+####  2月4日 - rkt演示（祝贺 1.0 版本， CoreOS！）， eBay 将 k8s 放在 Openstack 上并认为 Openstack 在 k8s， SIG 和片状测试激增方面取得了进展。
+
+<!--
+The Kubernetes contributing community meets most Thursdays at 10:00PT to discuss the project's status via a videoconference. Here are the notes from the latest meeting.
+-->
+Kubernetes 贡献社区在每周四 10:00 PT 开会,通过视频会议讨论项目状态。以下是最近一次会议的笔记。
+
+<!--
+* Note taker: Rob Hirschfeld
+* Demo (20 min): CoreOS rkt + Kubernetes [Shaya Potter]
+    * expect to see integrations w/ rkt & k8s in the coming months ("rkt-netes"). not integrated into the v1.2 release.
+    * Shaya gave a demo (8 minutes into meeting for video reference)
+        * CLI of rkt shown spinning up containers
+        * [note: audio is garbled at points]
+        * Discussion about integration w/ k8s & rkt
+        * rkt community sync next week: https://groups.google.com/forum/#!topic/rkt-dev/FlwZVIEJGbY
+        * Dawn Chen:
+            * The remaining issues of integrating rkt with kubernetes: 1) cadivsor 2) DNS 3) bugs related to logging
+            * But need more work on e2e test suites
+-->
+* 书记员：Rob Hirschfeld
+* 演示视频（20分钟）：CoreOS rkt + Kubernetes[Shaya Potter]
+    * 期待在未来几个月内看到与rkt和k8s的整合（“rkt-netes”）。 还没有集成到 v1.2版本中。   
+    * Shaya 做了一个演示（8分钟的会议视频参考）
+        * rkt的CLI显示了旋转容器
+        * [注意：音频在点数上是乱码]
+        * 关于 k8s&rkt 整合的讨论
+        * 下周 rkt 社区同步：https://groups.google.com/forum/#!topic/rkt-dev/FlwZVIEJGbY
+        * Dawn Chen:
+            * 将 rkt 与 kubernetes 集成的其余问题：1）cadivsor 2） DNS 3）与日志记录相关的错误
+            * 但是需要在 e2e 测试套件上做更多的工作
+<!--    
+* Use Case (10 min): eBay k8s on OpenStack and OpenStack on k8s [Ashwin Raveendran]
+    * eBay is currently running Kubernetes on OpenStack
+    * Goal for eBay is to manage the OpenStack control plane w/ k8s.  Goal would be to achieve upgrades
+    * OpenStack Kolla creates containers for the control plane.  Uses Ansible+Docker for management of the containers.  
+    * Working on k8s control plan management - Saltstack is proving to be a management challenge at the scale they want to operate.  Looking for automated management of the k8s control plane.
+-->
+* 用例（10分钟）：在 OpenStack 上的 eBay k8s 和 k8s 上的 OpenStack [Ashwin Raveendran]
+    * eBay 目前正在 OpenStack 上运行 Kubernetes
+    * eBay 的目标是管理带有 k8s 的 OpenStack 控制平面。目标是实现升级。
+    * OpenStack Kolla 为控制平面创建容器。使用 Ansible+Docker 来管理容器。
+    * 致力于 k8s 控制计划管理 - Saltstack 被证明是他们想运营的规模的管理挑战。寻找 k8s 控制平面的自动化管理。
+<!--
+* SIG Report
+* Testing update [Jeff, Joe, and Erick]
+    * Working to make the workflow about contributing to K8s easier to understanding
+        * [pull/19714][1] has flow chart of the bot flow to help users understand
+    * Need a consistent way to run tests w/ hacking config scripts (you have to fake a Jenkins process right now)
+    * Want to create necessary infrastructure to make test setup less flaky
+    * want to decouple test start (single or full) from Jenkins
+    * goal is to get to point where you have 1 script to run that can be pointed to any cluster
+    * demo included Google internal views - working to try get that external.
+    * want to be able to collect test run results
+    * Bob Wise calls for testing infrastructure to be a blocker on v1.3
+    * Long discussion about testing practices…
+        * consensus that we want to have tests work over multiple platforms.
+        * would be helpful to have a comprehensive state dump for test reports
+        * "phone-home" to collect stack traces - should be available
+-->
+*  SIG 报告
+*  测试更新 [Jeff, Joe, 和 Erick]
+    *  努力使有助于 K8s 的工作流程更容易理解
+        * [pull/19714][1]有 bot 流程图来帮助用户理解
+    *  需要一种一致的方法来运行测试 w/hacking 配置脚本（你现在必须伪造一个 Jenkins 进程）
+    *  想要创建必要的基础设施，使测试设置不那么薄弱
+    *  想要将测试开始（单次或完整）与 Jenkins分离
+    *  目标是指出你有一个可以指向任何集群的脚本
+    *  演示包括 Google 内部视图 - 努力尝试获取外部视图。
+    *  希望能够收集测试运行结果
+    *  Bob Wise 不赞同在 v1.3 版本进行测试方面的基础设施建设。
+    *  关于测试实践的长期讨论…
+       * 我们希望在多个平台上进行测试的共识。
+       * 为测试报告提供一个全面转储会很有帮助
+       * 可以使用"phone-home"收集异常
+       
+
+<!--
+* 1.2 Release Watch
+* CoC [Sarah]
+* GSoC [Sarah]
+-->
+* 1.2发布观察
+* CoC [Sarah]
+* GSoC [Sarah]
+
+<!--
+To get involved in the Kubernetes community consider joining our [Slack channel][2], taking a look at the [Kubernetes project][3] on GitHub, or join the [Kubernetes-dev Google group][4]. If you're really excited, you can do all of the above and join us for the next community conversation -- February 11th, 2016. Please add yourself or a topic you want to know about to the [agenda][5] and get a calendar invitation by joining [this group][6].   
+-->
+要参与 Kubernetes 社区，请考虑加入我们的[Slack 频道][2]，查看 GitHub上的 [Kubernetes 项目][3]，或加入[Kubernetes-dev Google 小组][4]。如果你真的很兴奋，你可以完成上述所有工作并加入我们的下一次社区对话-2016年2月11日。请将您自己或您想要了解的主题添加到[议程][5]并通过加入[此组][6]来获取日历邀请。
+
+ "https://youtu.be/IScpP8Cj0hw?list=PL69nYSiGNLP1pkHsbPjzAewvMgGUpkCnJ"
+
+
+[1]: https://github.com/kubernetes/kubernetes/pull/19714
+[2]: http://slack.k8s.io/
+[3]: https://github.com/kubernetes/
+[4]: https://groups.google.com/forum/#!forum/kubernetes-dev
+[5]: https://docs.google.com/document/d/1VQDIAB0OqiSjIHI8AWMvSdceWhnz56jNpZrLs6o7NJY/edit#
+[6]: https://groups.google.com/forum/#!forum/kubernetes-community-video-chat
diff --git a/content/zh/blog/_posts/2016-04-Kubernetes-Network-Policy-APIs.md b/content/zh/blog/_posts/2016-04-Kubernetes-Network-Policy-APIs.md
index 072ec679f3b41..e9b6e2f0848be 100644
--- a/content/zh/blog/_posts/2016-04-Kubernetes-Network-Policy-APIs.md
+++ b/content/zh/blog/_posts/2016-04-Kubernetes-Network-Policy-APIs.md
@@ -1,16 +1,16 @@
-<!-- ---
+---
 title: " SIG-Networking: Kubernetes Network Policy APIs Coming in 1.3 "
 date: 2016-04-18
 slug: kubernetes-network-policy-apis
 url: /blog/2016/04/Kubernetes-Network-Policy-APIs
---- -->
-
 ---
-title: "SIG-Networking: Kubernetes Network Policy APIs Coming in 1.3 "
+
+<!-- ---
+title: " SIG-Networking: Kubernetes Network Policy APIs Coming in 1.3 "
 date: 2016-04-18
 slug: kubernetes-network-policy-apis
 url: /blog/2016/04/Kubernetes-Network-Policy-APIs
----
+--- -->
 
 <!-- _Editor’s note: This week we’re featuring [Kubernetes Special Interest Groups](https://github.com/kubernetes/kubernetes/wiki/Special-Interest-Groups-(SIGs)); Today’s post is by the Network-SIG team describing network policy APIs coming in 1.3 - policies for security, isolation and multi-tenancy._ -->
 
diff --git a/content/zh/blog/_posts/2016-04-Kubernetes-On-Aws_15.md b/content/zh/blog/_posts/2016-04-Kubernetes-On-Aws_15.md
index c5de9e6a1285e..a12060b915706 100644
--- a/content/zh/blog/_posts/2016-04-Kubernetes-On-Aws_15.md
+++ b/content/zh/blog/_posts/2016-04-Kubernetes-On-Aws_15.md
@@ -1,16 +1,16 @@
-<!-- ---
-title: " How to deploy secure, auditable, and reproducible Kubernetes clusters on AWS "
+---
+title: " 如何在AWS上部署安全，可审计，可复现的k8s集群 "
 date: 2016-04-15
 slug: kubernetes-on-aws_15
 url: /blog/2016/04/Kubernetes-On-Aws_15
---- -->
-
 ---
-title: " 如何在AWS上部署安全，可审计，可复现的k8s集群 "
+
+<!-- ---
+title: " How to deploy secure, auditable, and reproducible Kubernetes clusters on AWS "
 date: 2016-04-15
 slug: kubernetes-on-aws_15
 url: /blog/2016/04/Kubernetes-On-Aws_15
----
+--- -->
 
 <!-- _Today’s guest post is written by Colin Hom, infrastructure engineer at [CoreOS](https://coreos.com/), the company delivering Google’s Infrastructure for Everyone Else (#GIFEE) and running the world's containers securely on CoreOS Linux, Tectonic and Quay._
 
diff --git a/content/zh/blog/_posts/2016-07-00-Citrix-Netscaler-And-Kubernetes.md b/content/zh/blog/_posts/2016-07-00-Citrix-Netscaler-And-Kubernetes.md
new file mode 100644
index 0000000000000..6915b8482a8f5
--- /dev/null
+++ b/content/zh/blog/_posts/2016-07-00-Citrix-Netscaler-And-Kubernetes.md
@@ -0,0 +1,72 @@
+---
+title: " Citrix + Kubernetes = 全垒打 "
+date: 2016-07-14
+slug: citrix-netscaler-and-kubernetes
+url: /blog/2016/07/Citrix-Netscaler-And-Kubernetes
+---
+
+<!--
+---
+title: " Citrix + Kubernetes = A Home Run "
+date: 2016-07-14
+slug: citrix-netscaler-and-kubernetes
+url: /blog/2016/07/Citrix-Netscaler-And-Kubernetes
+---
+-->
+
+<!--
+_Editor’s note: today’s guest post is by Mikko Disini, a Director of Product Management at Citrix Systems, sharing their collaboration experience on a Kubernetes integration.&nbsp;_  
+-->
+编者按：今天的客座文章来自 Citrix Systems 的产品管理总监 Mikko Disini，他分享了他们在 Kubernetes 集成上的合作经验。&nbsp;_ 
+
+<!--
+Technical collaboration is like sports. If you work together as a team, you can go down the homestretch and pull through for a win. That’s our experience with the Google Cloud Platform team.  
+-->
+技术合作就像体育运动。如果你能像一个团队一样合作，你就能在最后关头取得胜利。这就是我们对谷歌云平台团队的经验。
+
+<!--
+Recently, we approached Google Cloud Platform (GCP) to collaborate on behalf of Citrix customers and the broader enterprise market looking to migrate workloads.&nbsp;This migration required including the [NetScaler Docker load balancer](https://www.citrix.com/blogs/2016/06/20/the-best-docker-load-balancer-at-dockercon-in-seattle-this-week/), CPX, into Kubernetes nodes and resolving any issues with getting traffic into the CPX proxies. &nbsp;  
+-->
+最近，我们与 Google 云平台（GCP）联系，代表 Citrix 客户以及更广泛的企业市场，希望就工作负载的迁移进行协作。此迁移需要将 [NetScaler Docker 负载均衡器]https://www.citrix.com/blogs/2016/06/20/the-best-docker-load-balancer-at-dockercon-in-seattle-this-week/) CPX 包含到 Kubernetes 节点中，并解决将流量引入 CPX 代理的任何问题。  
+
+<!--
+**Why NetScaler and Kubernetes?**  
+-->
+
+**为什么是 NetScaler 和 Kubernetes**
+
+<!--
+1. Citrix customers want the same Layer 4 to Layer 7 capabilities from NetScaler that they have on-prem as they move to the cloud as they begin deploying their container and microservices architecture with Kubernetes&nbsp;
+2. Kubernetes provides a proven infrastructure for running containers and VMs with automated workload delivery
+3. NetScaler CPX provides Layer 4 to Layer 7 services and highly efficient telemetry data to a logging and analytics platform, [NetScaler Management and Analytics System](https://www.citrix.com/blogs/2016/05/24/introducing-the-next-generation-netscaler-management-and-analytics-system/)
+-->
+
+1. Citrix 的客户希望他们开始使用 Kubernetes 部署他们的容器和微服务体系结构时，能够像当初迁移到云计算时一样，享有 NetScaler 所提供的第 4 层到第 7 层能力&nbsp;
+2. Kubernetes 提供了一套经过验证的基础设施，可用来运行容器和虚拟机，并自动交付工作负载；  
+3. NetScaler CPX 提供第 4 层到第 7 层的服务，并为日志和分析平台 [NetScaler 管理和分析系统](https://www.citrix.com/blogs/2016/05/24/introducing-the-next-generation-netscaler-management-and-analytics-system/) 提供高效的度量数据。
+
+<!--
+I wish all our experiences working together with a technical partner were as good as working with GCP. We had a list of issues to enable our use cases and were able to collaborate swiftly on a solution. To resolve these, GCP team offered in depth technical assistance, working with Citrix such that NetScaler CPX can spin up and take over as a client-side proxy running on each host.&nbsp;  
+-->
+我希望我们所有与技术合作伙伴一起工作的经验都能像与 GCP 一起工作一样好。我们有一个列表，包含支持我们的用例所需要解决的问题。我们能够快速协作形成解决方案。为了解决这些问题，GCP 团队提供了深入的技术支持，与 Citrix 合作，从而使得 NetScaler CPX 能够在每台主机上作为客户端代理启动运行。
+
+<!--
+Next, NetScaler CPX needed to be inserted in the data path of GCP ingress load balancer so that NetScaler CPX can spread traffic to front end web servers. The NetScaler team made modifications so that NetScaler CPX listens to API server events and configures itself to create a VIP, IP table rules and server rules to take ingress traffic and load balance across front end applications. Google Cloud Platform team provided feedback and assistance to verify modifications made to overcome the technical hurdles. Done!  
+-->
+接下来，需要在 GCP 入口负载均衡器的数据路径中插入 NetScaler CPX，使 NetScaler CPX 能够将流量分散到前端 web 服务器。NetScaler 团队进行了修改，以便 NetScaler CPX 监听 API 服务器事件，并配置自己来创建 VIP、IP 表规则和服务器规则，以便跨前端应用程序接收流量和负载均衡。谷歌云平台团队提供反馈和帮助，验证为克服技术障碍所做的修改。完成了!
+
+<!--
+NetScaler CPX use case is supported in [Kubernetes 1.3](https://kubernetes.io/blog/2016/07/kubernetes-1.3-bridging-cloud-native-and-enterprise-workloads). Citrix customers and the broader enterprise market will have the opportunity to leverage NetScaler with Kubernetes, thereby lowering the friction to move workloads to the cloud.&nbsp;  
+-->
+NetScaler CPX 用例在 [Kubernetes 1.3](https://kubernetes.io/blog/2016/07/kubernets-1.3 - bridge -cloud-native-and-enterprise-workload) 中提供支持。Citrix 的客户和更广泛的企业市场将有机会基于 Kubernetes 享用 NetScaler 服务，从而降低将工作负载转移到云平台的阻力。&nbsp;
+
+<!--
+You can learn more about&nbsp;NetScaler CPX [here](https://www.citrix.com/networking/microservices.html).  
+-->
+您可以在[此处](https://www.citrix.com/networking/microservices.html)了解有关 NetScaler CPX 的更多信息。
+
+<!--
+_&nbsp;-- Mikko Disini, Director of Product Management - NetScaler, Citrix Systems_
+-->
+_&nbsp;-- Mikko Disini，Citrix Systems NetScaler 产品管理总监
+
diff --git a/content/zh/blog/_posts/2016-07-00-Dashboard-Web-Interface-For-Kubernetes.md b/content/zh/blog/_posts/2016-07-00-Dashboard-Web-Interface-For-Kubernetes.md
new file mode 100644
index 0000000000000..467d169c0fb31
--- /dev/null
+++ b/content/zh/blog/_posts/2016-07-00-Dashboard-Web-Interface-For-Kubernetes.md
@@ -0,0 +1,139 @@
+---
+title: " Dashboard - Kubernetes 的全功能 Web 界面 "
+date: 2016-07-15
+slug: dashboard-web-interface-for-kubernetes
+url: /blog/2016/07/Dashboard-Web-Interface-For-Kubernetes
+---
+
+<!--
+---
+title: " Dashboard - Full Featured Web Interface for Kubernetes "
+date: 2016-07-15
+slug: dashboard-web-interface-for-kubernetes
+url: /blog/2016/07/Dashboard-Web-Interface-For-Kubernetes
+---
+-->
+
+<!--
+_Editor’s note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2016/07/five-days-of-kubernetes-1.3) on what's new in Kubernetes 1.3_  
+
+[Kubernetes Dashboard](http://github.com/kubernetes/dashboard) is a project that aims to bring a general purpose monitoring and operational web interface to the Kubernetes world.&nbsp;Three months ago we [released](https://kubernetes.io/blog/2016/04/building-awesome-user-interfaces-for-kubernetes) the first production ready version, and since then the dashboard has made massive improvements. In a single UI, you’re able to perform majority of possible interactions with your Kubernetes clusters without ever leaving your browser. This blog post breaks down new features introduced in the latest release and outlines the roadmap for the future.&nbsp;  
+-->
+
+_编者按：这篇文章是[一系列深入的文章](https://kubernetes.io/blog/2016/07/five-days-of-kubernetes-1.3) 中关于Kubernetes 1.3的新内容的一部分_
+[Kubernetes Dashboard](http://github.com/kubernetes/dashboard)是一个旨在为 Kubernetes 世界带来通用监控和操作 Web 界面的项目。三个月前，我们[发布](https://kubernetes.io/blog/2016/04/building-awesome-user-interfaces-for-kubernetes)第一个面向生产的版本，从那时起 dashboard 已经做了大量的改进。在一个 UI 中，您可以在不离开浏览器的情况下，与 Kubernetes 集群执行大多数可能的交互。这篇博客文章分解了最新版本中引入的新功能，并概述了未来的路线图。
+
+<!--
+**Full-Featured Dashboard**  
+
+Thanks to a large number of contributions from the community and project members, we were able to deliver many new features for [Kubernetes 1.3 release](https://kubernetes.io/blog/2016/07/kubernetes-1.3-bridging-cloud-native-and-enterprise-workloads). We have been carefully listening to all the great feedback we have received from our users (see the [summary infographics](http://static.lwy.io/img/kubernetes_dashboard_infographic.png)) and addressed the highest priority requests and pain points.  
+-->
+
+**全功能的 Dashboard** 
+
+由于社区和项目成员的大量贡献，我们能够为[Kubernetes 1.3发行版](https://kubernetes.io/blog/2016/07/kubernetes-1.3-bridging-cloud-native-and-enterprise-workloads)提供许多新功能。我们一直在认真听取用户的反馈(参见[摘要信息图表](http://static.lwy.io/img/kubernetes_dashboard_infographic.png))，并解决了最高优先级的请求和难点。
+-->
+
+<!--
+The Dashboard UI now handles all workload resources. This means that no matter what workload type you run, it is visible in the web interface and you can do operational changes on it. For example, you can modify your stateful MySQL installation with [Pet Sets](/docs/user-guide/petset/), do a rolling update of your web server with Deployments or install cluster monitoring with DaemonSets.&nbsp;  
+
+
+
+ [![](https://lh3.googleusercontent.com/p9bMGxPx4jE6_Z2KB-MktmyuAxyFst-bEk29M_Bn0Bj5ul7uzinH6u5WjHsMmqhGvBwlABZt06dwQ5qkBZiLq_EM1oddCmpwChvXDNXZypaS5l8uzkKuZj3PBUmzTQT4dgDxSXgz) ](https://lh3.googleusercontent.com/p9bMGxPx4jE6_Z2KB-MktmyuAxyFst-bEk29M_Bn0Bj5ul7uzinH6u5WjHsMmqhGvBwlABZt06dwQ5qkBZiLq_EM1oddCmpwChvXDNXZypaS5l8uzkKuZj3PBUmzTQT4dgDxSXgz)
+-->
+
+Dashboard UI 现在处理所有工作负载资源。这意味着无论您运行什么工作负载类型，它都在 web 界面中可见，并且您可以对其进行操作更改。例如，可以使用[Pet Sets](/docs/user-guide/petset/)修改有状态的 mysql 安装，使用部署对 web 服务器进行滚动更新，或使用守护程序安装群集监视。
+
+
+
+ [![](https://lh3.googleusercontent.com/p9bMGxPx4jE6_Z2KB-MktmyuAxyFst-bEk29M_Bn0Bj5ul7uzinH6u5WjHsMmqhGvBwlABZt06dwQ5qkBZiLq_EM1oddCmpwChvXDNXZypaS5l8uzkKuZj3PBUmzTQT4dgDxSXgz) ](https://lh3.googleusercontent.com/p9bMGxPx4jE6_Z2KB-MktmyuAxyFst-bEk29M_Bn0Bj5ul7uzinH6u5WjHsMmqhGvBwlABZt06dwQ5qkBZiLq_EM1oddCmpwChvXDNXZypaS5l8uzkKuZj3PBUmzTQT4dgDxSXgz)
+
+<!--
+In addition to viewing resources, you can create, edit, update, and delete them. This feature enables many use cases. For example, you can kill a failed Pod, do a rolling update on a Deployment, or just organize your resources. You can also export and import YAML configuration files of your cloud apps and store them in a version control system.
+
+
+
+ ![](https://lh6.googleusercontent.com/zz-qjNcGgvWXrK1LIipUdIdPyeWJ1EyPVJxRnSvI6pMcLBkxDxpQt-ObsIiZsS_X0RjVBWtXYO5TCvhsymb__CGXFzKuPUnUrB4HKnAMsxtYdWLwMmHEb8c9P9Chzlo5ePHRKf5O)
+-->
+
+除了查看资源外，还可以创建、编辑、更新和删除资源。这个特性支持许多用例。例如，您可以杀死一个失败的 pod，对部署进行滚动更新，或者只组织资源。您还可以导出和导入云应用程序的 yaml 配置文件，并将它们存储在版本控制系统中。
+
+
+
+ ![](https://lh6.googleusercontent.com/zz-qjNcGgvWXrK1LIipUdIdPyeWJ1EyPVJxRnSvI6pMcLBkxDxpQt-ObsIiZsS_X0RjVBWtXYO5TCvhsymb__CGXFzKuPUnUrB4HKnAMsxtYdWLwMmHEb8c9P9Chzlo5ePHRKf5O)
+
+<!--
+The release includes a beta view of cluster nodes for administration and operational use cases. The UI lists all nodes in the cluster to allow for overview analysis and quick screening for problematic nodes. The details view shows all information about the node and links to pods running on it.
+
+
+
+ ![](https://lh6.googleusercontent.com/3CSTUy-8Tz-yAL9tCqxNUqMcWJYKK0dwk7kidE9zy-L-sXFiD4A4Y2LKEqbJKgI6Fl6xbzYxsziI8dULVXPJbu6eU0ci7hNtqi3tTuhdbVD6CG3EXw151fvt2MQuqumHRbab6g-_)
+-->
+
+这个版本包括一个用于管理和操作用例的集群节点的 beta 视图。UI 列出集群中的所有节点，以便进行总体分析和快速筛选有问题的节点。details 视图显示有关该节点的所有信息以及指向在其上运行的 pod 的链接。
+
+
+
+ ![](https://lh6.googleusercontent.com/3CSTUy-8Tz-yAL9tCqxNUqMcWJYKK0dwk7kidE9zy-L-sXFiD4A4Y2LKEqbJKgI6Fl6xbzYxsziI8dULVXPJbu6eU0ci7hNtqi3tTuhdbVD6CG3EXw151fvt2MQuqumHRbab6g-_)
+
+<!--
+There are also many smaller scope new features that the we shipped with the release, namely: support for namespaced resources, internationalization, performance improvements, and many bug fixes (find out more in the [release notes](https://github.com/kubernetes/dashboard/releases/tag/v1.1.0)). All these improvements result in a better and simpler user experience of the product.
+-->
+
+我们随发行版提供的还有许多小范围的新功能，即：支持命名空间资源、国际化、性能改进和许多错误修复(请参阅[发行说明](https://github.com/kubernetes/dashboard/releases/tag/v1.1.0)中的更多内容)。所有这些改进都会带来更好、更简单的产品用户体验。
+
+<!--
+**Future Work**
+
+
+
+The team has ambitious plans for the future spanning across multiple use cases. We are also open to all feature requests, which you can post on our [issue tracker](https://github.com/kubernetes/dashboard/issues).
+-->
+
+**Future Work**
+
+
+
+该团队对跨越多个用例的未来有着雄心勃勃的计划。我们还对所有功能请求开放，您可以在我们的[问题跟踪程序](https://github.com/kubernetes/dashboard/issues)上发布这些请求。
+
+<!--
+Here is a list of our focus areas for the following months:
+
+- [Handle more Kubernetes resources](https://github.com/kubernetes/dashboard/issues/961) - To show all resources that a cluster user may potentially interact with. Once done, Dashboard can act as a complete replacement for CLI.&nbsp;
+- [Monitoring and troubleshooting](https://github.com/kubernetes/dashboard/issues/962) - To add resource usage statistics/graphs to the objects shown in Dashboard. This focus area will allow for actionable debugging and troubleshooting of cloud applications.
+- [Security, auth and logging in](https://github.com/kubernetes/dashboard/issues/964) - Make Dashboard accessible from networks external to a Cluster and work with custom authentication systems.
+-->
+
+以下是我们接下来几个月的重点领域：
+
+- [Handle more Kubernetes resources](https://github.com/kubernetes/dashboard/issues/961) - 显示群集用户可能与之交互的所有资源。一旦完成，dashboard 就可以完全替代cli。
+- [Monitoring and troubleshooting](https://github.com/kubernetes/dashboard/issues/962) - 将资源使用统计信息/图表添加到 Dashboard 中显示的对象。这个重点领域将允许对云应用程序进行可操作的调试和故障排除。
+- [Security, auth and logging in](https://github.com/kubernetes/dashboard/issues/964) - 使仪表板可从群集外部的网络访问，并使用自定义身份验证系统。
+
+<!--
+**Connect With Us**
+
+
+
+We would love to talk with you and hear your feedback!
+
+- Email us at the [SIG-UI mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-ui)
+- Chat with us on the Kubernetes Slack&nbsp;[#SIG-UI channel](https://kubernetes.slack.com/messages/sig-ui/)
+- Join our meetings: 4PM CEST. See the [SIG-UI calendar](https://calendar.google.com/calendar/embed?src=google.com_52lm43hc2kur57dgkibltqc6kc%40group.calendar.google.com&ctz=Europe/Warsaw) for details.
+
+
+
+
+
+_-- Piotr Bryk, Software Engineer, Google_
+-->
+
+**联系我们**
+
+
+
+我们很乐意与您交谈并听取您的反馈！
+
+- 请在[SIG-UI邮件列表](https://groups.google.com/forum/向我们发送电子邮件！论坛/kubernetes sig ui)
+- 在 kubernetes slack 上与我们聊天。[#SIG-UI channel](https://kubernetes.slack.com/messages/sig-ui/)
+- 参加我们的会议：东部时间下午4点。请参阅[SIG-UI日历](https://calendar.google.com/calendar/embed?src=google.com_52lm43hc2kur57dgkibltqc6kc%40group.calendar.google.com&ctz=Europe/Warsaw)了解详细信息。
diff --git a/content/zh/blog/_posts/2016-07-00-Oh-The-Places-You-Will-Go.md b/content/zh/blog/_posts/2016-07-00-Oh-The-Places-You-Will-Go.md
new file mode 100644
index 0000000000000..95adefc352ee1
--- /dev/null
+++ b/content/zh/blog/_posts/2016-07-00-Oh-The-Places-You-Will-Go.md
@@ -0,0 +1,89 @@
+---
+title: " Kubernetes 生日快乐。哦，这是你要去的地方！ "
+date: 2016-07-21
+slug: oh-the-places-you-will-go
+url: /blog/2016/07/Oh-The-Places-You-Will-Go
+---
+
+<!--
+---
+title: " Happy Birthday Kubernetes. Oh, the places you’ll go! "
+date: 2016-07-21
+slug: oh-the-places-you-will-go
+url: /blog/2016/07/Oh-The-Places-You-Will-Go
+---
+-->
+
+<!--
+_Editor’s note, Today’s guest post is from an independent Kubernetes contributor, Justin Santa Barbara, sharing his reflection on growth of the project from inception to its future._  
+
+**Dear K8s,**  
+
+_It’s hard to believe you’re only one - you’ve grown up so fast. On the occasion of your first birthday, I thought I would write a little note about why I was so excited when you were born, why I feel fortunate to be part of the group that is raising you, and why I’m eager to watch you continue to grow up!_  
+-->
+
+_编者按，今天的嘉宾帖子来自一位独立的 kubernetes 撰稿人 Justin Santa Barbara，分享了他对项目从一开始到未来发展的思考。_  
+
+**亲爱的 K8s,**  
+
+_很难相信你是唯一的一个 - 成长这么快的。在你一岁生日的时候，我想我可以写一个小纸条，告诉你为什么我在你出生的时候那么兴奋，为什么我觉得很幸运能成为抚养你长大的一员，为什么我渴望看到你继续成长！_  
+
+<!--
+_--Justin_  
+
+You started with an excellent foundation - good declarative functionality, built around a solid API with a well defined schema and the machinery so that we could evolve going forwards. And sure enough, over your first year you grew so fast: autoscaling, HTTP load-balancing support (Ingress), support for persistent workloads including clustered databases (PetSets). You’ve made friends with more clouds (welcome Azure & OpenStack to the family), and even started to span zones and clusters (Federation). And these are just some of the most visible changes - there’s so much happening inside that brain of yours!  
+
+I think it’s wonderful you’ve remained so open in all that you do - you seem to write down everything on GitHub - for better or worse. I think we’ve all learned a lot about that on the way, like the perils of having engineers make scaling statements that are then weighed against claims made without quite the same framework of precision and rigor. But I’m proud that you chose not to lower your standards, but rose to the challenge and just ran faster instead - it might not be the most realistic approach, but it is the only way to move mountains!  
+-->
+
+_--Justin_ 
+
+你从一个优秀的基础 - 良好的声明性功能开始，它是围绕一个具有良好定义的模式和机制的坚实的 API 构建的，这样我们就可以向前发展了。果然，在你的第一年里，你增长得如此之快：autoscaling、HTTP load-balancing support (Ingress)、support for persistent workloads including clustered databases (PetSets)。你已经和更多的云交了朋友(欢迎 azure 和 openstack 加入家庭)，甚至开始跨越区域和集群(Federation)。这些只是一些最明显的变化 - 在你的大脑里发生了太多的变化！
+
+我觉得你一直保持开放的态度真是太好了 - 你好像把所有的东西都写在 github 上 - 不管是好是坏。我想我们在这方面都学到了很多，比如让工程师做缩放声明的风险，然后在没有完全相同的精确性和严谨性框架的情况下，将这些声明与索赔进行权衡。但我很自豪你选择了不降低你的标准，而是上升到挑战，只是跑得更快 - 这可能不是最现实的办法，但这是唯一的方式能移动山！
+
+<!--
+And yet, somehow, you’ve managed to avoid a lot of the common dead-ends that other open source software has fallen into, particularly as those projects got bigger and the developers end up working on it more than they use it directly. How did you do that? There’s a probably-apocryphal story of an employee at IBM that makes a huge mistake, and is summoned to meet with the big boss, expecting to be fired, only to be told “We just spent several million dollars training you. Why would we want to fire you?”. Despite all the investment google is pouring into you (along with Redhat and others), I sometimes wonder if the mistakes we are avoiding could be worth even more. There is a very open development process, yet there’s also an “oracle” that will sometimes course-correct by telling us what happens two years down the road if we make a particular design decision. This is a parent you should probably listen to!  
+-->
+
+然而，不知何故，你已经设法避免了许多其他开源软件陷入的共同死胡同，特别是当那些项目越来越大，开发人员最终要做的比直接使用它更多的时候。你是怎么做到的？有一个很可能是虚构的故事，讲的是 IBM 的一名员工犯了一个巨大的错误，被传唤去见大老板，希望被解雇，却被告知“我们刚刚花了几百万美元培训你。我们为什么要解雇你？“。尽管谷歌对你进行了大量的投资(包括 redhat 和其他公司)，但我有时想知道，我们正在避免的错误是否更有价值。有一个非常开放的开发过程，但也有一个“oracle”，它有时会通过告诉我们两年后如果我们做一个特定的设计决策会发生什么来纠正错误。这是你应该听的父母！
+
+<!--
+And so although you’re only a year old, you really have an [old soul](http://queue.acm.org/detail.cfm?id=2898444). I’m just one of the [many people raising you](https://kubernetes.io/blog/2016/07/happy-k8sbday-1), but it’s a wonderful learning experience for me to be able to work with the people that have built these incredible systems and have all this domain knowledge. Yet because we started from scratch (rather than taking the existing Borg code) we’re at the same level and can still have genuine discussions about how to raise you. Well, at least as close to the same level as we could ever be, but it’s to their credit that they are all far too nice ever to mention it!  
+
+If I would pick just two of the wise decisions those brilliant people made:  
+-->
+
+所以，尽管你只有一岁，你真的有一个[旧灵魂](http://queue.acm.org/detail.cfm？ID=2898444)。我只是[很多人抚养你]中的一员(https://kubernetes.io/blog/2016/07/happy-k8sbday-1)，但对我来说，能够与那些建立了这些令人难以置信的系统并拥有所有这些领域知识的人一起工作是一次极好的学习经历。然而，因为我们是白手起家(而不是采用现有的 Borg 代码)，我们处于同一水平，仍然可以就如何培养你进行真正的讨论。好吧，至少和我们的水平一样接近，但值得称赞的是，他们都太好了，从来没提过！
+
+如果我选择两个聪明人做出的明智决定：
+
+<!--
+- Labels & selectors give us declarative “pointers”, so we can say “why” we want things, rather than listing the things directly. It’s the secret to how you can scale to [great heights](https://kubernetes.io/blog/2016/07/thousand-instances-of-cassandra-using-kubernetes-pet-set); not by naming each step, but saying “a thousand more steps just like that first one”.
+- Controllers are state-synchronizers: we specify the goals, and your controllers will indefatigably work to bring the system to that state. They work through that strongly-typed API foundation, and are used throughout the code, so Kubernetes is more of a set of a hundred small programs than one big one. It’s not enough to scale to thousands of nodes technically; the project also has to scale to thousands of developers and features; and controllers help us get there.
+-->
+
+- 标签和选择器给我们声明性的“pointers”，所以我们可以说“为什么”我们想要东西，而不是直接列出东西。这是如何扩展到[伟大高度]的秘密(https://kubernetes.io/blog/2016/07/thousand-instances-of-cassandra-using-kubernetes-pet-set)；不是命名每一步，而是说“像第一步一样多走一千步”。
+- 控制器是状态同步器：我们指定目标，您的控制器将不遗余力地工作，使系统达到该状态。它们工作在强类型 API 基础上，并且贯穿整个代码，因此 Kubernetes 比一个大的程序多一百个小程序。仅仅从技术上扩展到数千个节点是不够的；这个项目还必须扩展到数千个开发人员和特性；控制器帮助我们达到目的。
+
+<!--
+And so on we will go! We’ll be replacing those controllers and building on more, and the API-foundation lets us build anything we can express in that way - with most things just a label or annotation away! But your thoughts will not be defined by language: with third party resources you can express anything you choose. Now we can build Kubernetes without building in Kubernetes, creating things that feel as much a part of Kubernetes as anything else. Many of the recent additions, like ingress, DNS integration, autoscaling and network policies were done or could be done in this way. Eventually it will be hard to imagine you before these things, but tomorrow’s standard functionality can start today, with no obstacles or gatekeeper, maybe even for an audience of one.  
+
+So I’m looking forward to seeing more and more growth happen further and further from the core of Kubernetes. We had to work our way through those phases; starting with things that needed to happen in the kernel of Kubernetes - like replacing replication controllers with deployments. Now we’re starting to build things that don’t require core changes. But we’re still still talking about infrastructure separately from applications. It’s what comes next that gets really interesting: when we start building applications that rely on the Kubernetes APIs. We’ve always had the Cassandra example that uses the Kubernetes API to self-assemble, but we haven’t really even started to explore this more widely yet. In the same way that the S3 APIs changed how we build things that remember, I think the k8s APIs are going to change how we build things that think.  
+-->
+
+等等我们就走！我们将取代那些控制器，建立更多，API 基金会让我们构建任何我们可以用这种方式表达的东西 - 大多数东西只是标签或注释远离！但你的思想不会由语言来定义：有了第三方资源，你可以表达任何你选择的东西。现在我们可以不用在 Kubernetes 建造Kubernetes 了，创造出与其他任何东西一样感觉是 Kubernetes 的一部分的东西。最近添加的许多功能，如ingress、DNS integration、autoscaling and network policies ，都已经完成或可以通过这种方式完成。最终，在这些事情发生之前很难想象你会是怎样的一个人，但是明天的标准功能可以从今天开始，没有任何障碍或看门人，甚至对一个听众来说也是这样。
+
+所以我期待着看到越来越多的增长发生在离 Kubernetes 核心越来越远的地方。我们必须通过这些阶段来工作；从需要在 kubernetes 内核中发生的事情开始——比如用部署替换复制控制器。现在我们开始构建不需要核心更改的东西。但我们仍然在讨论基础设施和应用程序。接下来真正有趣的是：当我们开始构建依赖于 kubernetes api 的应用程序时。我们一直有使用 kubernetes api 进行自组装的 cassandra 示例，但我们还没有真正开始更广泛地探讨这个问题。正如 S3 APIs 改变了我们构建记忆事物的方式一样，我认为 k8s APIs 也将改变我们构建思考事物的方式。
+
+<!--
+So I’m looking forward to your second birthday: I can try to predict what you’ll look like then, but I know you’ll surpass even the most audacious things I can imagine. Oh, the places you’ll go!  
+
+
+_-- Justin Santa Barbara, Independent Kubernetes Contributor_  
+-->
+
+所以我很期待你的二岁生日：我可以试着预测你那时的样子，但我知道你会超越我所能想象的最大胆的东西。哦，这是你要去的地方！
+
+
+_-- Justin Santa Barbara, 独立的 Kubernetes 贡献者_  
diff --git a/content/zh/blog/_posts/2017-10-00-Five-Days-Of-Kubernetes-18.md b/content/zh/blog/_posts/2017-10-00-Five-Days-Of-Kubernetes-18.md
new file mode 100644
index 0000000000000..8fb8d01ef9fb0
--- /dev/null
+++ b/content/zh/blog/_posts/2017-10-00-Five-Days-Of-Kubernetes-18.md
@@ -0,0 +1,72 @@
+---
+title: " Kubernetes 1.8 的五天 "
+date: 2017-10-24
+slug: five-days-of-kubernetes-18
+url: /blog/2017/10/Five-Days-Of-Kubernetes-18
+---
+
+<!--
+---
+title: " Five Days of Kubernetes 1.8 "
+date: 2017-10-24
+slug: five-days-of-kubernetes-18
+url: /blog/2017/10/Five-Days-Of-Kubernetes-18
+---
+-->
+
+<!--
+Kubernetes 1.8 is live, made possible by hundreds of contributors pushing thousands of commits in this latest releases.  
+-->
+Kubernetes 1.8 是现场直播，数百名贡献者在这个最新版本中推出了成千上万的提交。
+
+<!--
+The community has tallied more than 66,000 commits in the main repo and continues rapid growth outside of the main repo, which signals growing maturity and stability for the project. The community has logged more than 120,000 commits across all repos and 17,839 commits across all repos for v1.7.0 to v1.8.0 alone.  
+-->
+社区已经有超过 66,000 个提交在主仓库，并在主仓库之外继续快速增长，这标志着该项目日益成熟和稳定。仅 v1.7.0 到 v1.8.0，社区就记录了所有仓库的超过 120,000 次提交和 17839 次提交。
+
+<!--
+With the help of our growing community of 1,400 plus contributors, we issued more than 3,000 PRs and pushed more than 5,000 commits to deliver Kubernetes 1.8 with significant security and workload support updates. This all points to increased stability, a result of our project-wide focus on maturing [process](https://github.com/kubernetes/sig-release), formalizing [architecture](https://github.com/kubernetes/community/tree/master/sig-architecture), and strengthening Kubernetes’ [governance model](https://github.com/kubernetes/community/tree/master/community/elections/2017).  
+-->
+在拥有 1400 多名贡献者，并且不断发展壮大的社区的帮助下，我们合并了 3000 多个 PR，并发布了 5000 多个提交，最后的 Kubernetes 1.8 在安全和工作负载方面添加了很多的更新。
+这一切都表明稳定性的提高，这是我们整个项目关注成熟[流程](https://github.com/kubernetes/sig-release)、形式化[架构](https://github.com/kubernetes/community/tree/master/sig-architecture)和加强 Kubernetes 的[治理模型](https://github.com/kubernetes/community/tree/master/community/elections/2017)的结果。
+
+<!--
+While many improvements have been contributed, we highlight key features in this series of in-depth&nbsp;posts listed below. [Follow along](https://twitter.com/kubernetesio) and see what’s new and improved with storage, security and more.  
+-->
+虽然有很多改进，但我们在下面列出的这一系列深度文章中突出了一些关键特性。[跟随](https://twitter.com/kubernetesio)并了解存储，安全等方面的新功能和改进功能。
+
+<!--
+**Day 1:** [5 Days of Kubernetes 1.8](https://kubernetes.io/blog/2017/10/five-days-of-kubernetes-18)  
+**Day 2:** [kubeadm v1.8 Introduces Easy Upgrades for Kubernetes Clusters](https://kubernetes.io/blog/2017/10/kubeadm-v18-released)  
+**Day 3:** [Kubernetes v1.8 Retrospective: It Takes a Village to Raise a Kubernetes](https://kubernetes.io/blog/2017/10/it-takes-village-to-raise-kubernetes)
+**Day 4:** [Using RBAC, Generally Available in Kubernetes v1.8](https://kubernetes.io/blog/2017/10/using-rbac-generally-available-18)  
+**Day 5:** [Enforcing Network Policies in Kubernetes](https://kubernetes.io/blog/2017/10/enforcing-network-policies-in-kubernetes)  
+-->
+
+**第一天：** [Kubernetes 1.8 的五天](https://kubernetes.io/blog/2017/10/five-days-of-kubernetes-18)  
+**第二天：** [kubeadm v1.8 为 Kubernetes 集群引入了简单的升级](https://kubernetes.io/blog/2017/10/kubeadm-v18-released)  
+**第三天：** [Kubernetes v1.8 回顾：提升一个 Kubernetes 需要一个 Village](https://kubernetes.io/blog/2017/10/it-takes-village-to-raise-kubernetes)
+**第四天：** [使用 RBAC，一般在 Kubernetes v1.8 中提供](https://kubernetes.io/blog/2017/10/using-rbac-generally-available-18)  
+**第五天：** [在 Kubernetes 执行网络策略](https://kubernetes.io/blog/2017/10/enforcing-network-policies-in-kubernetes)  
+
+<!--
+**Connect**  
+-->
+
+**链接**  
+
+<!--
+- Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes)
+- Join the community portal for advocates on [K8sPort](http://k8sport.org/)
+- Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for latest updates&nbsp;
+- Connect with the community on [Slack](http://slack.k8s.io/)
+- Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes)
+-->
+
+- 在 [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) 上发布问题（或回答问题）
+- 加入 [K8sPort](http://k8sport.org/) 布道师的社区门户网站
+- 在 Twitter [@Kubernetesio](https://twitter.com/kubernetesio) 关注我们以获取最新更新
+- 与 [Slack](http://slack.k8s.io/) 上的社区联系
+- 参与 [GitHub](https://github.com/kubernetes/kubernetes) 上的 Kubernetes 项目 
+
+
diff --git a/content/zh/blog/_posts/2017-11-00-Autoscaling-In-Kubernetes.md b/content/zh/blog/_posts/2017-11-00-Autoscaling-In-Kubernetes.md
new file mode 100644
index 0000000000000..87c9ccd74b5fa
--- /dev/null
+++ b/content/zh/blog/_posts/2017-11-00-Autoscaling-In-Kubernetes.md
@@ -0,0 +1,32 @@
+---
+title: " Kubernetes 中自动缩放 "
+date: 2017-11-17
+slug: autoscaling-in-kubernetes
+url: /blog/2017/11/Autoscaling-In-Kubernetes
+---
+
+<!--
+---
+title: " Autoscaling in Kubernetes "
+date: 2017-11-17
+slug: autoscaling-in-kubernetes
+url: /blog/2017/11/Autoscaling-In-Kubernetes
+---
+-->
+
+<!--
+Kubernetes allows developers to automatically adjust cluster sizes and the number of pod replicas based on current traffic and load. These adjustments reduce the amount of unused nodes, saving money and resources. In this talk, Marcin Wielgus of Google walks you through the current state of pod and node autoscaling in Kubernetes: .how it works, and how to use it, including best practices for deployments in production applications.  
+-->
+Kubernetes 允许开发人员根据当前的流量和负载自动调整集群大小和 pod 副本的数量。这些调整减少了未使用节点的数量，节省了资金和资源。
+在这次演讲中，谷歌的 Marcin Wielgus 将带领您了解 Kubernetes 中 pod 和 node 自动调焦的当前状态：它是如何工作的，以及如何使用它，包括在生产应用程序中部署的最佳实践。
+
+<!--
+Enjoyed this talk? Join us for more exciting sessions on scaling and automating your Kubernetes clusters at KubeCon in Austin on December 6-8. [Register Now](https://www.eventbrite.com/e/kubecon-cloudnativecon-north-america-registration-37824050754?_ga=2.9666039.317115486.1510003873-1623727562.1496428006)  
+-->
+喜欢这个演讲吗？ 12 月 6 日至 8 日，在 Austin 参加 KubeCon 关于扩展和自动化您的 Kubernetes 集群的更令人兴奋的会议。[现在注册](https://www.eventbrite.com/e/kubecon-cloudnativecon-north-america-registration-37824050754?_ga=2.9666039.317115486.1510003873-1623727562.1496428006)。
+
+<!--
+Be sure to check out [Automating and Testing Production Ready Kubernetes Clusters in the Public Cloud](http://sched.co/CU64) by Ron Lipke, Senior Developer, Platform as a Service, Gannet/USA Today Network.
+-->
+一定要查看由 Ron Lipke， Gannet/USA Today Network, 平台即服务高级开发人员，在[公共云中自动化和测试产品就绪的 Kubernetes 集群](http://sched.co/CU64)。
+
diff --git a/content/zh/blog/_posts/2018-05-01-developing-on-kubernetes.md b/content/zh/blog/_posts/2018-05-01-developing-on-kubernetes.md
new file mode 100644
index 0000000000000..5d31031ec7f10
--- /dev/null
+++ b/content/zh/blog/_posts/2018-05-01-developing-on-kubernetes.md
@@ -0,0 +1,728 @@
+---
+title: 在 Kubernetes 上开发
+date: 2018-05-01
+slug: developing-on-kubernetes
+---
+
+<!--
+---
+title: Developing on Kubernetes
+date: 2018-05-01
+slug: developing-on-kubernetes
+---
+-->
+
+<!--**Authors**:-->
+**作者**： [Michael Hausenblas](https://twitter.com/mhausenblas) (Red Hat), [Ilya Dmitrichenko](https://twitter.com/errordeveloper) (Weaveworks)
+
+<!-- 
+How do you develop a Kubernetes app? That is, how do you write and test an app that is supposed to run on Kubernetes? This article focuses on the challenges, tools and methods you might want to be aware of to successfully write Kubernetes apps alone or in a team setting. 
+-->
+
+您将如何开发一个 Kubernates 应用？也就是说，您如何编写并测试一个要在 Kubernates 上运行的应用程序？本文将重点介绍在独自开发或者团队协作中，您可能希望了解到的为了成功编写 Kubernetes 应用程序而需面临的挑战，工具和方法。
+
+<!--
+We’re assuming you are a developer, you have a favorite programming language, editor/IDE, and a testing framework available. The overarching goal is to introduce minimal changes to your current workflow when developing the app for Kubernetes. For example, if you’re a Node.js developer and are used to a hot-reload setup—that is, on save in your editor the running app gets automagically updated—then dealing with containers and container images, with container registries, Kubernetes deployments, triggers, and more can not only be overwhelming but really take all the fun out if it.
+-->
+
+我们假定您是一位开发人员，有您钟爱的编程语言，编辑器/IDE（集成开发环境），以及可用的测试框架。在针对 Kubernates 开发应用时，最重要的目标是减少对当前工作流程的影响，改变越少越好，尽量做到最小。举个例子，如果您是 Node.js 开发人员，习惯于那种热重载的环境 - 也就是说您在编辑器里一做保存，正在运行的程序就会自动更新 - 那么跟容器、容器镜像或者镜像仓库打交道，又或是跟 Kubernetes 部署、triggers 以及更多头疼东西打交道，不仅会让人难以招架也真的会让开发过程完全失去乐趣。
+
+<!--
+In the following, we’ll first discuss the overall development setup, then review tools of the trade, and last but not least do a hands-on walkthrough of three exemplary tools that allow for iterative, local app development against Kubernetes.
+-->
+
+在下文中，我们将首先讨论 Kubernetes 总体开发环境，然后回顾常用工具，最后进行三个示例性工具的实践演练。这些工具允许针对 Kubernetes 进行本地应用程序的开发和迭代。
+
+<!--
+## Where to run your cluster?
+-->
+
+## 您的集群运行在哪里？
+
+<!--
+As a developer you want to think about where the Kubernetes cluster you’re developing against runs as well as where the development environment sits. Conceptually there are four development modes:
+-->
+
+作为开发人员，您既需要考虑所针对开发的 Kubernetes 集群运行在哪里，也需要思考开发环境如何配置。概念上，有四种开发模式：
+
+![Dev Modes](/images/blog/2018-05-01-developing-on-kubernetes/dok-devmodes_preview.png)
+
+<!--
+A number of tools support pure offline development including Minikube, Docker for Mac/Windows, Minishift, and the ones we discuss in detail below. Sometimes, for example, in a microservices setup where certain microservices already run in the cluster, a proxied setup (forwarding traffic into and from the cluster) is preferable and Telepresence is an example tool in this category. The live mode essentially means you’re building and/or deploying against a remote cluster and, finally, the pure online mode means both your development environment and the cluster are remote, as this is the case with, for example, [Eclipse Che](https://www.eclipse.org/che/docs/kubernetes-single-user.html) or [Cloud 9](https://github.com/errordeveloper/k9c). Let’s now have a closer look at the basics of offline development: running Kubernetes locally.
+-->
+
+许多工具支持纯 offline 开发，包括 Minikube、Docker（Mac 版/Windows 版）、Minishift 以及下文中我们将详细讨论的几种。有时，比如说在一个微服务系统中，已经有若干微服务在运行，proxied 模式（通过转发把数据流传进传出集群）就非常合适，Telepresence 就是此类工具的一个实例。live 模式，本质上是您基于一个远程集群进行构建和部署。最后，纯 online 模式意味着您的开发环境和运行集群都是远程的，典型的例子是 [Eclipse Che](https://www.eclipse.org/che/docs/kubernetes-single-user.html) 或者 [Cloud 9](https://github.com/errordeveloper/k9c)。现在让我们仔细看看离线开发的基础：在本地运行 Kubernetes。
+
+<!--
+[Minikube](/docs/getting-started-guides/minikube/) is a popular choice for those who prefer to run Kubernetes in a local VM. More recently Docker for [Mac](https://docs.docker.com/docker-for-mac/kubernetes/) and [Windows](https://docs.docker.com/docker-for-windows/kubernetes/) started shipping Kubernetes as an experimental package (in the “edge” channel). Some reasons why you may want to prefer using Minikube over the Docker desktop option are:
+-->
+
+[Minikube](/docs/getting-started-guides/minikube/) 在更加喜欢于本地 VM 上运行 Kubernetes 的开发人员中，非常受欢迎。不久前，Docker 的 [Mac](https://docs.docker.com/docker-for-mac/kubernetes/) 版和 [Windows](https://docs.docker.com/docker-for-windows/kubernetes/) 版，都试验性地开始自带 Kubernetes（需要下载 “edge” 安装包）。在两者之间，以下原因也许会促使您选择 Minikube 而不是 Docker 桌面版：
+
+<!--
+* You already have Minikube installed and running
+* You prefer to wait until Docker ships a stable package
+* You’re a Linux desktop user
+* You are a Windows user who doesn’t have Windows 10 Pro with Hyper-V
+-->
+
+* 您已经安装了 Minikube 并且它运行良好
+* 您想等到 Docker 出稳定版本
+* 您是 Linux 桌面用户
+* 您是 Windows 用户，但是没有配有 Hyper-V 的 Windows 10 Pro
+
+<!--
+Running a local cluster allows folks to work offline and that you don’t have to pay for using cloud resources. Cloud provider costs are often rather affordable and free tiers exists, however some folks prefer to avoid having to approve those costs with their manager as well as potentially incur unexpected costs, for example, when leaving cluster running over the weekend.
+-->
+
+运行一个本地集群，开发人员可以离线工作，不用支付云服务。云服务收费一般不会太高，并且免费的等级也有，但是一些开发人员不喜欢为了使用云服务而必须得到经理的批准，也不愿意支付意想不到的费用，比如说忘了下线而集群在周末也在运转。
+
+<!--
+Some developers prefer to use a remote Kubernetes cluster, and this is usually to allow for larger compute and storage capacity and also enable collaborative workflows more easily. This means it’s easier for you to pull in a colleague to help with debugging or share access to an app in the team. Additionally, for some developers it can be critical to mirror production environment as closely as possible, especially when it comes down to external cloud services, say,  proprietary databases, object stores, message queues, external load balancer, or mail delivery systems.
+-->
+
+有些开发人员却更喜欢远程的 Kubernetes 集群，这样他们通常可以获得更大的计算能力和存储容量，也简化了协同工作流程。您可以更容易的拉上一个同事来帮您调试，或者在团队内共享一个应用的使用。再者，对某些开发人员来说，尽可能的让开发环境类似生产环境至关重要，尤其是您依赖外部厂商的云服务时，如：专有数据库、云对象存储、消息队列、外商的负载均衡器或者邮件投递系统。
+
+<!--
+In summary, there are good reasons for you to develop against a local cluster as well as a remote one. It very much depends on in which phase you are: from early prototyping and/or developing alone to integrating a set of more stable microservices.
+-->
+
+总之，无论您选择本地或者远程集群，理由都足够多。这很大程度上取决于您所处的阶段：从早期的原型设计/单人开发到后期面对一批稳定微服务的集成。
+
+<!--
+Now that you have a basic idea of the options around the runtime environment, let’s move on to how to iteratively develop and deploy your app.
+-->
+
+既然您已经了解到运行环境的基本选项，那么我们就接着讨论如何迭代式的开发并部署您的应用。
+
+<!--
+## The tools of the trade
+-->
+
+## 常用工具
+
+<!--
+We are now going to review tooling allowing you to develop apps on Kubernetes with the focus on having minimal impact on your existing workflow. We strive to provide an unbiased description including implications of using each of the tools in general terms.
+-->
+
+我们现在回顾既可以允许您可以在 Kubernetes 上开发应用程序又尽可能最小地改变您现有的工作流程的一些工具。我们致力于提供一份不偏不倚的描述，也会提及使用某个工具将会意味着什么。
+
+<!--
+Note that this is a tricky area since even for established technologies such as, for example, JSON vs YAML vs XML or REST vs gRPC vs SOAP a lot depends on your background, your preferences and organizational settings. It’s even harder to compare tooling in the Kubernetes ecosystem as things evolve very rapidly and new tools are announced almost on a weekly basis; during the preparation of this post alone, for example, [Gitkube](https://gitkube.sh/) and [Watchpod](https://github.com/MinikubeAddon/watchpod) came out. To cover these new tools as well as related, existing tooling such as [Weave Flux](https://github.com/weaveworks/flux) and OpenShift’s [S2I](https://docs.openshift.com/container-platform/3.9/creating_images/s2i.html) we are planning a follow-up blog post to the one you’re reading.
+-->
+
+请注意这很棘手，因为即使在成熟定型的技术中做选择，比如说在 JSON、YAML、XML、REST、gRPC 或者 SOAP 之间做选择，很大程度也取决于您的背景、喜好以及公司环境。在 Kubernetes 生态系统内比较各种工具就更加困难，因为技术发展太快，几乎每周都有新工具面市；举个例子，仅在准备这篇博客的期间，[Gitkube](https://gitkube.sh/) 和 [Watchpod](https://github.com/MinikubeAddon/watchpod) 相继出品。为了进一步覆盖到这些新的，以及一些相关的已推出的工具，例如 [Weave Flux](https://github.com/weaveworks/flux) 和 OpenShift 的 [S2I](https://docs.openshift.com/container-platform/3.9/creating_images/s2i.html)，我们计划再写一篇跟进的博客。
+
+### Draft
+
+
+<!--
+[Draft](https://github.com/Azure/draft) aims to help you get started deploying any app to Kubernetes. It is capable of applying heuristics as to what programming language your app is written in and generates a Dockerfile along with a Helm chart. It then runs the build for you and deploys resulting image to the target cluster via the Helm chart. It also allows user to setup port forwarding to localhost very easily.
+-->
+
+[Draft](https://github.com/Azure/draft) 旨在帮助您将任何应用程序部署到 Kubernetes。它能够检测到您的应用所使用的编程语言，并且生成一份 Dockerfile 和 Helm 图表。然后它替您启动构建并且依照 Helm 图表把所生产的镜像部署到目标集群。它也可以让您很容易地设置到 localhost 的端口映射。
+
+<!--
+Implications:
+-->
+
+这意味着：
+
+<!--
+* User can customise the chart and Dockerfile templates however they like, or even create a [custom pack](https://github.com/Azure/draft/blob/master/docs/reference/dep-003.md) (with Dockerfile, the chart and more) for future use
+-->
+* 用户可以任意地自定义 Helm 图表和 Dockerfile 模版，或者甚至创建一个 [custom pack](https://github.com/Azure/draft/blob/master/docs/reference/dep-003.md)（使用 Dockerfile、Helm 图表以及其他）以备后用
+
+<!--
+* It’s not very simple to guess how just any app is supposed to be built, in some cases user may need to tweak Dockerfile and the Helm chart that Draft generates
+-->
+* 要想理解一个应用应该怎么构建并不容易，在某些情况下，用户也许需要修改 Draft 生成的 Dockerfile 和 Heml 图表
+
+<!--
+* With [Draft version 0.12.0](https://github.com/Azure/draft/releases/tag/v0.12.0) or older, every time user wants to test a change, they need to wait for Draft to copy the code to the cluster, then run the build, push the image and release updated chart; this can timely, but it results in an image being for every single change made by the user (whether it was committed to git or not)
+-->
+* 如果使用 [Draft version 0.12.0](https://github.com/Azure/draft/releases/tag/v0.12.0)<sup>1</sup> 或者更老版本，每一次用户想要测试一个改动，他们需要等 Draft 把代码拷贝到集群，运行构建，推送镜像并且发布更新后的图表；这些步骤可能进行得很快，但是每一次用户的改动都会产生一个镜像（无论是否提交到 git ）
+
+<!--
+* As of Draft version 0.12.0, builds are executed locally
+* User doesn’t have an option to choose something other than Helm for deployment
+* It can watch local changes and trigger deployments, but this feature is not enabled by default
+-->
+* 在 Draft 0.12.0版本，构建是本地进行的
+* 用户不能选择 Helm 以外的工具进行部署
+* 它可以监控本地的改动并且触发部署，但是这个功能默认是关闭的
+
+<!--
+* It allows developer to use either local or remote Kubernetes cluster
+* Deploying to production is up to the user, Draft authors recommend their other project – Brigade
+* Can be used instead of Skaffold, and along the side of Squash
+-->
+* 它允许开发人员使用本地或者远程的 Kubernates 集群
+* 如何部署到生产环境取决于用户， Draft 的作者推荐了他们的另一个项目 - Brigade
+* 可以代替 Skaffold， 并且可以和 Squash 一起使用
+
+<!--
+More info:
+-->
+
+更多信息：
+
+* [Draft: Kubernetes container development made easy](https://kubernetes.io/blog/2017/05/draft-kubernetes-container-development)
+* [Getting Started Guide](https://github.com/Azure/draft/blob/master/docs/getting-started.md)
+
+【1】：此处疑为 0.11.0，因为 0.12.0 已经支持本地构建，见下一条
+
+### Skaffold
+
+<!--
+[Skaffold](https://github.com/GoogleCloudPlatform/skaffold) is a tool that aims to provide portability for CI integrations with different build system, image registry and deployment tools. It is different from Draft, yet somewhat comparable. It has a basic capability for generating manifests, but it’s not a prominent feature. Skaffold is extendible and lets user pick tools for use in each of the steps in building and deploying their app.
+-->
+
+[Skaffold](https://github.com/GoogleCloudPlatform/skaffold) 让 CI 集成具有可移植性的，它允许用户采用不同的构建系统，镜像仓库和部署工具。它不同于 Draft，同时也具有一定的可比性。它具有生成系统清单的基本能力，但那不是一个重要功能。Skaffold 易于扩展，允许用户在构建和部署应用的每一步选取相应的工具。
+
+<!--
+Implications:
+-->
+
+这意味着：
+
+<!--
+* Modular by design
+* Works independently of CI vendor, user doesn’t need Docker or Kubernetes plugin
+* Works without CI as such, i.e. from the developer’s laptop
+* It can watch local changes and trigger deployments
+-->
+* 模块化设计
+* 不依赖于 CI，用户不需要 Docker 或者 Kubernetes 插件
+* 没有 CI 也可以工作，也就是说，可以在开发人员的电脑上工作
+* 它可以监控本地的改动并且触发部署
+
+<!--
+* It allows developer to use either local or remote Kubernetes cluster
+* It can be used to deploy to production, user can configure how exactly they prefer to do it and provide different kind of pipeline for each target environment
+* Can be used instead of Draft, and along the side with most other tools
+-->
+* 它允许开发人员使用本地或者远程的 Kubernetes 集群
+* 它可以用于部署生产环境，用户可以精确配置，也可以为每一套目标环境提供不同的生产线
+* 可以代替 Draft，并且和其他工具一起使用
+
+<!--
+More info:
+-->
+
+更多信息：
+
+* [Introducing Skaffold: Easy and repeatable Kubernetes development](https://cloudplatform.googleblog.com/2018/03/introducing-Skaffold-Easy-and-repeatable-Kubernetes-development.html)
+* [Getting Started Guide](https://github.com/GoogleCloudPlatform/skaffold#getting-started-with-local-tooling)
+
+### Squash
+
+<!--
+[Squash](https://github.com/solo-io/squash) consists of a debug server that is fully integrated with Kubernetes, and a IDE plugin. It allows you to insert breakpoints and do all the fun stuff you are used to doing when debugging an application using an IDE. It bridges IDE debugging experience with your Kubernetes cluster by allowing you to attach the debugger to a pod running in your Kubernetes cluster.
+-->
+[Squash](https://github.com/solo-io/squash) 包含一个与 Kubernetes 全面集成的调试服务器，以及一个 IDE 插件。它允许您插入断点和所有的调试操作，就像您所习惯的使用 IDE 调试一个程序一般。它允许您将调试器应用到 Kubernetes 集群中运行的 pod 上，从而让您可以使用 IDE 调试 Kubernetes 集群。
+
+<!--
+Implications:
+-->
+
+这意味着：
+
+<!--
+* Can be used independently of other tools you chose
+* Requires a privileged DaemonSet
+* Integrates with popular IDEs
+* Supports Go, Python, Node.js, Java and gdb
+-->
+* 不依赖您选择的其它工具
+* 需要一组特权 DaemonSet
+* 可以和流行 IDE 集成
+* 支持 Go、Python、Node.js、Java 和 gdb
+
+<!--
+* User must ensure application binaries inside the container image are compiled with debug symbols
+* Can be used in combination with any other tools described here
+* It can be used with either local or remote Kubernetes cluster
+-->
+* 用户必须确保容器中的应用程序使编译时使用了调试符号
+* 可与此处描述的任何其他工具结合使用
+* 它可以与本地或远程 Kubernetes 集群一起使用
+
+<!--
+More info:
+-->
+
+更多信息：
+
+* [Squash: A Debugger for Kubernetes Apps](https://www.youtube.com/watch?v=5TrV3qzXlgI)
+* [Getting Started Guide](https://github.com/solo-io/squash/blob/master/docs/getting-started.md)
+
+### Telepresence
+
+<!--
+[Telepresence](https://www.telepresence.io/) connects containers running on developer’s workstation with a remote Kubernetes cluster using a two-way proxy and emulates in-cluster environment as well as provides access to config maps and secrets. It aims to improve iteration time for container app development by eliminating the need for deploying app to the cluster and leverages local container to abstract network and filesystem interface in order to make it appear as if the app was running in the cluster.
+-->
+[Telepresence](https://www.telepresence.io/) 使用双向代理将开发人员工作站上运行的容器与远程 Kubernetes 集群连接起来，并模拟集群内环境以及提供对配置映射和机密的访问。它消除了将应用部署到集群的需要，并利用本地容器抽象出网络和文件系统接口，以使其看起来应用好像就在集群中运行，从而改进容器应用程序开发的迭代时间。
+
+<!--
+Implications:
+-->
+
+这意味着：
+
+<!--
+* It can be used independently of other tools you chose
+* Using together with Squash is possible, although Squash would have to be used for pods in the cluster, while conventional/local debugger would need to be used for debugging local container that’s connected to the cluster via Telepresence
+* Telepresence imposes some network latency
+-->
+* 它不依赖于其它您选取的工具
+* 可以同 Squash 一起使用，但是 Squash 必须用于调试集群中的 pods，而传统/本地调试器需要用于调试通过 Telepresence 连接到集群的本地容器
+* Telepresence 会产生一些网络延迟
+
+<!--
+* It provides connectivity via a side-car process - sshuttle, which is based on SSH
+* More intrusive dependency injection mode with LD_PRELOAD/DYLD_INSERT_LIBRARIES is also available
+* It is most commonly used with a remote Kubernetes cluster, but can be used with a local one also
+-->
+* 它通过辅助进程提供连接 -  sshuttle，基于SSH的一个工具
+* 还提供了使用 LD_PRELOAD/DYLD_INSERT_LIBRARIES 的更具侵入性的依赖注入模式
+* 它最常用于远程 Kubernetes 集群，但也可以与本地集群一起使用
+
+<!--
+More info:
+-->
+
+更多信息：
+
+* [Telepresence: fast, realistic local development for Kubernetes microservices](https://www.telepresence.io/)
+* [Getting Started Guide](https://www.telepresence.io/tutorials/docker)
+* [How It Works](https://www.telepresence.io/discussion/how-it-works)
+
+### Ksync
+
+<!--
+[Ksync](https://github.com/vapor-ware/ksync) synchronizes application code (and configuration) between your local machine and the container running in Kubernetes, akin to what [oc rsync](https://docs.openshift.com/container-platform/3.9/dev_guide/copy_files_to_container.html) does in OpenShift. It aims to improve iteration time for app development by eliminating build and deployment steps.
+-->
+
+
+[Ksync](https://github.com/vapor-ware/ksync) 在本地计算机和运行在 Kubernetes 中的容器之间同步应用程序代码（和配置），类似于 [oc rsync](https://docs.openshift.com/container-platform/3.9/dev_guide/copy_files_to_container.html) 在 OpenShift 中的角色。它旨在通过消除构建和部署步骤来缩短应用程序开发的迭代时间。
+
+
+<!--
+Implications:
+-->
+
+这意味着：
+
+<!--
+* It bypasses container image build and revision control
+* Compiled language users have to run builds inside the pod (TBC)
+* Two-way sync – remote files are copied to local directory
+* Container is restarted each time remote filesystem is updated
+* No security features – development only
+-->
+* 它绕过容器图像构建和修订控制
+* 使用编译语言的用户必须在 pod（TBC）内运行构建
+* 双向同步 - 远程文件会复制到本地目录
+* 每次更新远程文件系统时都会重启容器
+* 无安全功能 - 仅限开发
+
+<!--
+* Utilizes [Syncthing](https://github.com/syncthing/syncthing), a Go library for peer-to-peer sync
+* Requires a privileged DaemonSet running in the cluster
+* Node has to use Docker with overlayfs2 – no other CRI implementations are supported at the time of writing
+-->
+* 使用 [Syncthing](https://github.com/syncthing/syncthing)，一个用于点对点同步的 Go 语言库
+* 需要一个在集群中运行的特权 DaemonSet
+* Node 必须使用带有 overlayfs2 的 Docker  - 在写作本文时，尚不支持其他 CRI 实现
+
+<!--
+More info:
+-->
+
+更多信息：
+
+* [Getting Started Guide](https://github.com/vapor-ware/ksync#getting-started)
+* [How It Works](https://github.com/vapor-ware/ksync/blob/master/docs/architecture.md)
+* [Katacoda scenario to try out ksync in your browser](https://www.katacoda.com/vaporio/scenarios/ksync)
+* [Syncthing Specification](https://docs.syncthing.net/specs/)
+
+<!--
+## Hands-on walkthroughs
+-->
+
+## 实践演练
+
+
+<!--
+The app we will be using for the hands-on walkthroughs of the tools in the following is a simple [stock market simulator](https://github.com/kubernauts/dok-example-us), consisting of two microservices:
+-->
+
+我们接下来用于练习使用工具的应用是一个简单的[股市模拟器](https://github.com/kubernauts/dok-example-us)，包含两个微服务：
+
+<!--
+* The `stock-gen` microservice is written in Go and generates stock data randomly and exposes it via HTTP endpoint `/stockdata`.
+‎* A second microservice, `stock-con` is a Node.js app that consumes the stream of stock data from `stock-gen` and provides an aggregation in form of a moving average via the HTTP endpoint `/average/$SYMBOL` as well as a health-check endpoint at `/healthz`.
+-->
+
+* `stock-gen`（股市数据生成器）微服务是用 Go 编写的，随机生成股票数据并通过 HTTP 端点 `/ stockdata` 公开
+* 第二个微服务，`stock-con`（股市数据消费者）是一个 Node.js 应用程序，它使用来自 `stock-gen` 的股票数据流，并通过 HTTP 端点 `/average/$SYMBOL` 提供股价移动平均线，也提供一个健康检查端点 `/healthz`。
+
+<!--
+Overall, the default setup of the app looks as follows:
+-->
+
+总体上，此应用的默认配置如下图所示：
+
+![Default Setup](/images/blog/2018-05-01-developing-on-kubernetes/dok-architecture_preview.png)
+
+<!--
+In the following we’ll do a hands-on walkthrough for a representative selection of tools discussed above: ksync, Minikube with local build, as well as Skaffold. For each of the tools we do the following:
+-->
+
+在下文中，我们将选取以上讨论的代表性工具进行实践演练：ksync，具有本地构建的 Minikube 以及 Skaffold。对于每个工具，我们执行以下操作：
+
+<!--
+* Set up the respective tool incl. preparations for the deployment and local consumption of the `stock-con` microservice.
+* Perform a code update, that is, change the source code of the `/healthz` endpoint in the `stock-con` microservice and observe the updates.
+-->
+
+* 设置相应的工具，包括部署准备和 `stock-con` 微服务数据的本地读取
+* 执行代码更新，即更改 `stock-con` 微服务的 `/healthz` 端点的源代码并观察网页刷新
+
+<!--
+Note that for the target Kubernetes cluster we’ve been using Minikube locally, but you can also a remote cluster for ksync and Skaffold if you want to follow along.
+-->
+
+请注意，我们一直使用 Minikube 的本地 Kubernetes 集群，但是您也可以使用 ksync 和 Skaffold 的远程集群跟随练习。
+
+<!--
+### Walkthrough: ksync
+-->
+
+### 实践演练：ksync
+
+<!--
+As a preparation, install [ksync](https://vapor-ware.github.io/ksync/#installation) and then carry out the following steps to prepare the development setup:
+-->
+
+作为准备，安装 [ksync](https://vapor-ware.github.io/ksync/#installation)，然后执行以下步骤配置开发环境：
+
+```
+$ mkdir -p $(pwd)/ksync
+$ kubectl create namespace dok
+$ ksync init -n dok
+```
+<!--
+With the basic setup completed we're ready to tell ksync’s local client to watch a certain Kubernetes namespace and then we create a spec to define what we want to sync (the directory `$(pwd)/ksync` locally with `/app` in the container). Note that target pod is specified via the selector parameter:
+-->
+
+
+完成基本设置后，我们可以告诉 ksync 的本地客户端监控 Kubernetes 的某个命名空间，然后我们创建一个规范来定义我们想要同步的文件夹（本地的 `$(pwd)/ksync` 和容器中的 `/ app` ）。请注意，目标 pod 是用 selector 参数指定：
+
+```
+$ ksync watch -n dok
+$ ksync create -n dok --selector=app=stock-con $(pwd)/ksync /app
+$ ksync get -n dok
+```
+
+<!--
+Now we deploy the stock generator and the stock consumer microservice:
+-->
+
+现在我们部署股价数据生成器和股价数据消费者微服务：
+
+```
+$ kubectl -n=dok apply \
+      -f https://raw.githubusercontent.com/kubernauts/dok-example-us/master/stock-gen/app.yaml
+$ kubectl -n=dok apply \
+      -f https://raw.githubusercontent.com/kubernauts/dok-example-us/master/stock-con/app.yaml
+```
+<!--
+Once both deployments are created and the pods are running, we forward the `stock-con` service for local consumption (in a separate terminal session):
+-->
+
+
+一旦两个部署建好并且 pod 开始运行，我们转发 `stock-con` 服务以供本地读取（另开一个终端窗口）：
+
+```
+$ kubectl get -n dok po --selector=app=stock-con  \
+                     -o=custom-columns=:metadata.name --no-headers |  \
+                     xargs -IPOD kubectl -n dok port-forward POD 9898:9898
+```
+<!--
+With that we should be able to consume the `stock-con` service from our local machine; we do this by regularly checking the response of the `healthz` endpoint like so (in a separate terminal session):
+-->
+
+
+这样，通过定期查询 `healthz` 端点，我们就应该能够从本地机器上读取 `stock-con` 服务，查询命令如下（在一个单独的终端窗口）：
+
+```
+$ watch curl localhost:9898/healthz
+```
+<!--
+Now change the code in the `ksync/stock-con`directory, for example update the [`/healthz` endpoint code in `service.js`](https://github.com/kubernauts/dok-example-us/blob/2334ee8fb11f8813370122bd46285cf45bdd4c48/stock-con/service.js#L52) by adding a field to the JSON response and observe how the pod gets updated and the response of the `curl localhost:9898/healthz` command changes. Overall you should have something like the following in the end:
+-->
+
+
+现在，改动 `ksync/stock-con` 目录中的代码，例如改动 [`service.js` 中定义的 `/healthz` 端点代码](https://github.com/kubernauts/dok-example-us/blob/2334ee8fb11f8813370122bd46285cf45bdd4c48/stock-con/service.js#L52)，在其 JSON 形式的响应中新添一个字段并观察 pod 如何更新以及 `curl localhost：9898/healthz` 命令的输出发生何种变化。总的来说，您最后应该看到类似的内容：
+
+
+![Preview](/images/blog/2018-05-01-developing-on-kubernetes/dok-ksync_preview.png)
+
+
+<!--
+### Walkthrough: Minikube with local build
+-->
+
+### 实践演练：带本地构建的 Minikube
+
+<!--
+For the following you will need to have Minikube up and running and we will leverage the Minikube-internal Docker daemon for building images, locally. As a preparation, do the following
+-->
+
+
+对于以下内容，您需要启动并运行 Minikube，我们将利用 Minikube 自带的 Docker daemon 在本地构建镜像。作为准备，请执行以下操作
+
+```
+$ git clone https://github.com/kubernauts/dok-example-us.git && cd dok-example-us
+$ eval $(minikube docker-env)
+$ kubectl create namespace dok
+```
+
+<!--
+Now we deploy the stock generator and the stock consumer microservice:
+-->
+
+现在我们部署股价数据生成器和股价数据消费者微服务：
+
+
+```
+$ kubectl -n=dok apply -f stock-gen/app.yaml
+$ kubectl -n=dok apply -f stock-con/app.yaml
+```
+<!--
+Once both deployments are created and the pods are running, we forward the `stock-con` service for local consumption (in a separate terminal session):
+-->
+
+
+一旦两个部署建好并且 pod 开始运行，我们转发 `stock-con` 服务以供本地读取（另开一个终端窗口）：
+
+```
+$ kubectl get -n dok po --selector=app=stock-con  \
+                     -o=custom-columns=:metadata.name --no-headers |  \
+                     xargs -IPOD kubectl -n dok port-forward POD 9898:9898 &
+$ watch curl localhost:9898/healthz
+```
+<!--
+Now change the code in the `stock-con`directory, for example, update the [`/healthz` endpoint code in `service.js`](https://github.com/kubernauts/dok-example-us/blob/2334ee8fb11f8813370122bd46285cf45bdd4c48/stock-con/service.js#L52) by adding a field to the JSON response. Once you’re done with your code update, the last step is to build a new container image and kick off a new deployment like shown below:
+-->
+
+现在，改一下 `ksync/stock-con` 目录中的代码，例如修改 [`service.js` 中定义的 `/healthz` 端点代码](https://github.com/kubernauts/dok-example-us/blob/2334ee8fb11f8813370122bd46285cf45bdd4c48/stock-con/service.js#L52)，在其 JSON 形式的响应中添加一个字段。在您更新完代码后，最后一步是构建新的容器镜像并启动新部署，如下所示：
+
+
+```
+$ docker build -t stock-con:dev -f Dockerfile .
+$ kubectl -n dok set image deployment/stock-con *=stock-con:dev
+```
+<!--
+Overall you should have something like the following in the end:
+-->
+
+总的来说，您最后应该看到类似的内容：
+
+![Local Preview](/images/blog/2018-05-01-developing-on-kubernetes/dok-minikube-localdev_preview.png)
+
+<!--
+### Walkthrough: Skaffold
+-->
+
+### 实践演练：Skaffold
+
+<!--
+To perform this walkthrough you first need to install [Skaffold](https://github.com/GoogleContainerTools/skaffold#installation). Once that is done, you can do the following steps to prepare the development setup:
+-->
+
+要进行此演练，首先需要安装 [Skaffold](https://github.com/GoogleContainerTools/skaffold#installation)。完成后，您可以执行以下步骤来配置开发环境：
+
+```
+$ git clone https://github.com/kubernauts/dok-example-us.git && cd dok-example-us
+$ kubectl create namespace dok
+```
+<!--
+Now we deploy the stock generator (but not the stock consumer microservice, that is done via Skaffold):
+-->
+
+现在我们部署股价数据生成器（但是暂不部署股价数据消费者，此服务将使用 Skaffold 完成）：
+
+```
+$ kubectl -n=dok apply -f stock-gen/app.yaml
+```
+
+<!--
+Note that initially we experienced an authentication error when doing `skaffold dev` and needed to apply a fix as described in [Issue 322](https://github.com/GoogleContainerTools/skaffold/issues/322). Essentially it means changing the content of `~/.docker/config.json` to:
+-->
+
+
+请注意，最初我们在执行 `skaffold dev` 时发生身份验证错误，为避免此错误需要安装[问题322](https://github.com/GoogleContainerTools/skaffold/issues/322) 中所述的修复。本质上，需要将 `〜/.docker/config.json` 的内容改为：
+
+
+```
+{
+   "auths": {}
+}
+```
+
+<!--
+Next, we had to patch `stock-con/app.yaml` slightly to make it work with Skaffold:
+-->
+
+接下来，我们需要略微改动 `stock-con/app.yaml`，这样 Skaffold 才能正常使用此文件：
+
+<!--
+Add a `namespace` field to both the `stock-con` deployment and the service with the value of `dok`.
+Change the `image` field of the container spec to `quay.io/mhausenblas/stock-con` since Skaffold manages the container image tag on the fly.
+-->
+
+在 `stock-con` 部署和服务中添加一个 `namespace` 字段，其值为 `dok`
+
+将容器规范的 `image` 字段更改为 `quay.io/mhausenblas/stock-con`，因为 Skaffold 可以即时管理容器镜像标签。
+
+<!--
+ The resulting `app.yaml` file stock-con looks as follows:
+ -->
+最终的 stock-con 的 `app.yaml` 文件看起来如下：
+
+
+```
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: stock-con
+  name: stock-con
+  namespace: dok
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: stock-con
+    spec:
+      containers:
+      - name: stock-con
+        image: quay.io/mhausenblas/stock-con
+        env:
+        - name: DOK_STOCKGEN_HOSTNAME
+          value: stock-gen
+        - name: DOK_STOCKGEN_PORT
+          value: "9999"
+        ports:
+        - containerPort: 9898
+          protocol: TCP
+        livenessProbe:
+          initialDelaySeconds: 2
+          periodSeconds: 5
+          httpGet:
+            path: /healthz
+            port: 9898
+        readinessProbe:
+          initialDelaySeconds: 2
+          periodSeconds: 5
+          httpGet:
+            path: /healthz
+            port: 9898
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: stock-con
+  name: stock-con
+  namespace: dok
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 9898
+  selector:
+    app: stock-con
+```
+<!--
+The final step before we can start development is to configure Skaffold. So, create a file `skaffold.yaml` in the `stock-con/` directory with the following content:
+ -->
+
+我们能够开始开发之前的最后一步是配置 Skaffold。因此，在 `stock-con/` 目录中创建文件 `skaffold.yaml`，其中包含以下内容：
+
+```
+apiVersion: skaffold/v1alpha2
+kind: Config
+build:
+  artifacts:
+  - imageName: quay.io/mhausenblas/stock-con
+    workspace: .
+    docker: {}
+  local: {}
+deploy:
+  kubectl:
+    manifests:
+      - app.yaml
+```
+<!--
+Now we’re ready to kick off the development. For that execute the following in the `stock-con/` directory:
+ -->
+
+现在我们准备好开始开发了。为此，在 `stock-con/` 目录中执行以下命令：
+
+```
+$ skaffold dev
+```
+<!--
+Above command triggers a build of the `stock-con` image and then a deployment. Once the pod of the `stock-con` deployment is running, we again forward the `stock-con` service for local consumption (in a separate terminal session) and check the response of the `healthz` endpoint:
+ -->
+
+
+上面的命令将触发 `stock-con` 图像的构建和部署。一旦 `stock-con` 部署的 pod 开始运行，我们再次转发 `stock-con` 服务以供本地读取（在单独的终端窗口中）并检查 `healthz` 端点的响应：
+
+```bash
+$ kubectl get -n dok po --selector=app=stock-con  \
+                     -o=custom-columns=:metadata.name --no-headers |  \
+                     xargs -IPOD kubectl -n dok port-forward POD 9898:9898 &
+$ watch curl localhost:9898/healthz
+```
+<!--
+If you now change the code in the `stock-con`directory, for example, by updating the [`/healthz` endpoint code in `service.js`](https://github.com/kubernauts/dok-example-us/blob/2334ee8fb11f8813370122bd46285cf45bdd4c48/stock-con/service.js#L52) by adding a field to the JSON response, you should see Skaffold noticing the change and create a new image as well as deploy it. The resulting screen would look something like this:
+ -->
+ 
+现在，如果您修改一下 `stock-con` 目录中的代码，例如 [`service.js` 中定义的 `/healthz` 端点代码](https://github.com/kubernauts/dok-example-us/blob/2334ee8fb11f8813370122bd46285cf45bdd4c48/stock-con/service.js#L52)，在其 JSON 形式的响应中添加一个字段，您应该看到 Skaffold 可以检测到代码改动并创建新图像以及部署它。您的屏幕看起来应该类似这样：
+ 
+ 
+![Skaffold Preview](/images/blog/2018-05-01-developing-on-kubernetes/dok-skaffold_preview.png)
+<!--
+By now you should have a feeling how different tools enable you to develop apps on Kubernetes and if you’re interested to learn more about tools and or methods, check out the following resources:
+ -->
+
+至此，您应该对不同的工具如何帮您在 Kubernetes 上开发应用程序有了一定的概念，如果您有兴趣了解有关工具和/或方法的更多信息，请查看以下资源：
+
+* Blog post by Shahidh K Muhammed on [Draft vs Gitkube vs Helm vs Ksonnet vs Metaparticle vs Skaffold](https://blog.hasura.io/draft-vs-gitkube-vs-helm-vs-ksonnet-vs-metaparticle-vs-skaffold-f5aa9561f948) (03/2018)
+* Blog post by Gergely Nemeth on [Using Kubernetes for Local Development](https://nemethgergely.com/using-kubernetes-for-local-development/index.html), with a focus on Skaffold (03/2018)
+* Blog post by Richard Li on [Locally developing Kubernetes services (without waiting for a deploy)](https://hackernoon.com/locally-developing-kubernetes-services-without-waiting-for-a-deploy-f63995de7b99), with a focus on Telepresence
+* Blog post by Abhishek Tiwari on [Local Development Environment for Kubernetes using Minikube](https://abhishek-tiwari.com/local-development-environment-for-kubernetes-using-minikube/) (09/2017)
+* Blog post by Aymen El Amri on [Using Kubernetes for Local Development — Minikube](https://medium.com/devopslinks/using-kubernetes-minikube-for-local-development-c37c6e56e3db) (08/2017)
+* Blog post by Alexis Richardson on [​GitOps - Operations by Pull Request](https://www.weave.works/blog/gitops-operations-by-pull-request) (08/2017)
+* Slide deck [GitOps: Drive operations through git](https://docs.google.com/presentation/d/1d3PigRVt_m5rO89Ob2XZ16bW8lRSkHHH5k816-oMzZo/), with a focus on Gitkube by Tirumarai Selvan (03/2018)
+* Slide deck [Developing apps on Kubernetes](https://speakerdeck.com/mhausenblas/developing-apps-on-kubernetes), a talk Michael Hausenblas gave at a CNCF Paris meetup  (04/2018)
+* YouTube videos:
+    * [TGI Kubernetes 029: Developing Apps with Ksync](https://www.youtube.com/watch?v=QW85Y0Ug3KY )
+    * [TGI Kubernetes 030: Exploring Skaffold](https://www.youtube.com/watch?v=McwwWhCXMxc)
+    * [TGI Kubernetes 031: Connecting with Telepresence](https://www.youtube.com/watch?v=zezeBAJ_3w8)
+    * [TGI Kubernetes 033: Developing with Draft](https://www.youtube.com/watch?v=8B1D7cTMPgA)
+* Raw responses to the [Kubernetes Application Survey](https://docs.google.com/spreadsheets/d/12ilRCly2eHKPuicv1P_BD6z__PXAqpiaR-tDYe2eudE/edit) 2018 by SIG Apps
+
+<!--
+With that we wrap up this post on how to go about developing apps on Kubernetes, we hope you learned something and if you have feedback and/or want to point out a tool that you found useful, please let us know via Twitter: [Ilya](https://twitter.com/errordeveloper) and [Michael](https://twitter.com/mhausenblas).
+-->
+
+有了这些，我们这篇关于如何在 Kubernetes 上开发应用程序的博客就可以收尾了，希望您有所收获，如果您有反馈和/或想要指出您认为有用的工具，请通过 Twitter 告诉我们：[Ilya](https://twitter.com/errordeveloper) 和 [Michael](https://twitter.com/mhausenblas)
diff --git a/content/zh/blog/_posts/2018-05-30-say-hello-to-discuss-kubernetes.md b/content/zh/blog/_posts/2018-05-30-say-hello-to-discuss-kubernetes.md
new file mode 100644
index 0000000000000..eb1aba85d2b46
--- /dev/null
+++ b/content/zh/blog/_posts/2018-05-30-say-hello-to-discuss-kubernetes.md
@@ -0,0 +1,67 @@
+---
+title: 'Kubernetes 1 11：向 discuss kubernetes 问好'
+layout: blog
+date: 2018-05-30
+---
+
+<!--
+---
+title: ' Kubernetes 1 11：say-hello-to-discuss-kubernetes '
+cn-approvers:
+- congfairy
+layout: blog
+date: 2018-05-30
+---
+-->
+
+<!--   
+
+Author: Jorge Castro (Heptio)
+
+-->
+
+作者: Jorge Castro (Heptio)
+
+<!-- 
+
+Communication is key when it comes to engaging a community of over 35,000 people in a global and remote environment. Keeping track of everything in the Kubernetes community can be an overwhelming task. On one hand we have our official resources, like Stack Overflow, GitHub, and the mailing lists, and on the other we have more ephemeral resources like Slack, where you can hop in, chat with someone, and then go on your merry way. 
+
+-->
+
+就一个超过 35,000 人的全球性社区而言，参与其中时沟通是非常关键的。 跟踪 Kubernetes 社区中的所有内容可能是一项艰巨的任务。 一方面，我们有官方资源，如 Stack Overflow，GitHub 和邮件列表，另一方面，我们有更多瞬时性的资源，如 Slack，你可以加入进去、与某人聊天然后各走各路。
+
+
+<!--
+
+Slack is great for casual and timely conversations and keeping up with other community members, but communication can't be easily referenced in the future. Plus it can be hard to raise your hand in a room filled with 35,000 participants and find a voice. Mailing lists are useful when trying to reach a specific group of people with a particular ask and want to keep track of responses on the thread, but can be daunting with a large amount of people. Stack Overflow and GitHub are ideal for collaborating on projects or questions that involve code and need to be searchable in the future, but certain topics like "What's your favorite CI/CD tool" or "Kubectl tips and tricks" are offtopic there.
+
+While our current assortment of communication channels are valuable in their own rights, we found that there was still a gap between email and real time chat. Across the rest of the web, many other open source projects like Docker, Mozilla, Swift, Ghost, and Chef have had success building communities on top of Discourse, an open source discussion platform. So what if we could use this tool to bring our discussions together under a modern roof, with an open API, and perhaps not let so much of our information fade into the ether? There's only one way to find out: Welcome to discuss.kubernetes.io
+
+-->
+
+Slack 非常适合随意和及时的对话，并与其他社区成员保持联系，但未来很难轻易引用通信。此外，在35,000名参与者中提问并得到回答很难。邮件列表在有问题尝试联系特定人群并且想要跟踪大家的回应时非常有用，但是对于大量人员来说可能是麻烦的。 Stack Overflow 和 GitHub 非常适合在涉及代码的项目或问题上进行协作，并且如果在将来要进行搜索也很有用，但某些主题如“你最喜欢的 CI/CD 工具是什么”或“[Kubectl提示和技巧](http://discuss.kubernetes.io/t/kubectl-tips-and-tricks/192)“在那里是没有意义的。
+
+虽然我们目前的各种沟通渠道对他们自己来说都很有价值，但我们发现电子邮件和实时聊天之间仍然存在差距。在网络的其他部分，许多其他开源项目，如 Docker、Mozilla、Swift、Ghost 和 Chef，已经成功地在[Discourse](http://www.discourse.org/features)之上构建社区，一个开放的讨论平台。那么，如果我们可以使用这个工具将我们的讨论结合在一个平台下，使用开放的API，或许也不会让我们的大部分信息消失在网络中呢？只有一种方法可以找到：欢迎来到[discuss.kubernetes.io](http://discuss.kubernetes.io)
+
+<!--
+
+Right off the bat we have categories that users can browse. Checking and posting in these categories allow users to participate in things they might be interested in without having to commit to subscribing to a list. Granular notification controls allow the users to subscribe to just the category or tag they want, and allow for responding to topics via email. 
+
+Ecosystem partners and developers now have a place where they can [announce projects](https://discuss.kubernetes.io/c/announcements) that they're working on to users without wondering if it would be offtopic on an official list. We can make this place be not just about core Kubernetes, but about the hundreds of wonderful tools our community is building. 
+
+
+This new community forum gives people a place to go where they can discuss Kubernetes, and a sounding board for developers to make announcements of things happening around Kubernetes, all while being searchable and easily accessible to a wider audience. 
+
+Hop in and take a look. We're just getting started, so you might want to begin by [introducing yourself](https://discuss.kubernetes.io/t/introduce-yourself-here/56) and then browsing around. Apps are also available for [Android](https://play.google.com/store/apps/details?id=com.discourse&hl=en_US&rdid=com.discourse&pli=1)and [iOS](https://itunes.apple.com/us/app/discourse-app/id1173672076?mt=8).  
+ 
+
+-->
+
+马上，我们有用户可以浏览的类别。检查和发布这些类别允许用户参与他们可能感兴趣的事情，而无需订阅列表。精细的通知控件允许用户只订阅他们想要的类别或标签，并允许通过电子邮件回复主题。
+
+生态系统合作伙伴和开发人员现在有一个地方可以[宣布项目](http://discuss.kubernetes.io/c/announcements)，他们正在为用户工作，而不会想知道它是否会在官方列表中脱离主题。我们可以让这个地方不仅仅是关于核心 Kubernetes，而是关于我们社区正在建设的数百个精彩工具。
+
+这个新的社区论坛为人们提供了一个可以讨论 Kubernetes 的地方，也是开发人员在 Kubernetes 周围发布事件的声音板，同时可以搜索并且更容易被更广泛的用户访问。
+
+进来看看。我们刚刚开始，所以，您可能希望从[自我介绍](http://discuss.kubernetes.io/t/introduce-yourself-here/56)开始，到处浏览。也有 [Android](http://play.google.com/store/apps/details?id=com.discourse&hl=en_US&rdid=com.discourse&pli=1) 和 [iOS](http://itunes.apple.com/us/app/discourse-app/id1173672076?mt=8) 应用下载。
+
diff --git a/content/zh/blog/_posts/2018-06-06-4-years-of-k8s.md b/content/zh/blog/_posts/2018-06-06-4-years-of-k8s.md
new file mode 100644
index 0000000000000..b4e118b58410d
--- /dev/null
+++ b/content/zh/blog/_posts/2018-06-06-4-years-of-k8s.md
@@ -0,0 +1,42 @@
+---
+title: Kubernetes 这四年
+approvers:
+cn-approvers:
+- congfairy
+layout: blog
+date: 2018-06-06
+---
+ <!--
+**Author**: Joe Beda (CTO and Founder, Heptio)
+ On June 6, 2014 I checked in the [first commit](https://github.com/kubernetes/kubernetes/commit/2c4b3a562ce34cddc3f8218a2c4d11c7310e6d56) of what would become the public repository for Kubernetes. Many would assume that is where the story starts. It is the beginning of history, right? But that really doesn’t tell the whole story.
+-->
+
+ **作者**：Joe Beda( Heptio 首席技术官兼创始人)
+ 2014 年 6 月 6 日，我检查了 Kubernetes 公共代码库的[第一次 commit](https://github.com/kubernetes/kubernetes/commit/2c4b3a562ce34cddc3f8218a2c4d11c7310e6d56) 。许多人会认为这是故事开始的地方。这难道不是一切开始的地方吗？但这的确不能把整个过程说清楚。
+ 
+ ![k8s_first_commit](/images/blog/2018-06-06-4-years-of-k8s/k8s-first-commit.png)
+ 
+ <!--
+The cast leading up to that commit was large and the success for Kubernetes since then is owed to an ever larger cast.
+ Kubernetes was built on ideas that had been proven out at Google over the previous ten years with Borg. And Borg, itself, owed its existence to even earlier efforts at Google and beyond.
+ Concretely, Kubernetes started as some prototypes from Brendan Burns combined with ongoing work from me and Craig McLuckie to better align the internal Google experience with the Google Cloud experience. Brendan, Craig, and I really wanted people to use this, so we made the case to build out this prototype as an open source project that would bring the best ideas from Borg out into the open.
+ After we got the nod, it was time to actually build the system.  We took Brendan’s prototype (in Java), rewrote it in Go, and built just enough to get the core ideas across.  By this time the team had grown to include Ville Aikas, Tim Hockin, Brian Grant, Dawn Chen and Daniel Smith.  Once we had something working, someone had to sign up to clean things up to get it ready for public launch.  That ended up being me. Not knowing the significance at the time, I created a new repo, moved things over, and checked it in.  So while I have the first public commit to the repo, there was work underway well before that.
+ The version of Kubernetes at that point was really just a shadow of what it was to become.  The core concepts were there but it was very raw.  For example, Pods were called Tasks.  That was changed a day before we went public.  All of this led up to the public announcement of Kubernetes on June 10th, 2014 in a keynote from Eric Brewer at the first DockerCon.  You can watch that video here:
+-->
+
+ 第一次 commit 涉及的人员众多，自那以后 Kubernetes 的成功归功于更大的开发者阵容。
+ Kubernetes 建立在过去十年曾经在 Google 的 Borg 集群管理系统中验证过的思路之上。而 Borg 本身也是 Google 和其他公司早期努力的结果。
+ 具体而言，Kubernetes 最初是从 Brendan Burns 的一些原型开始，结合我和 Craig McLuckie 正在进行的工作，以更好地将 Google 内部实践与 Google Cloud 的经验相结合。 Brendan，Craig 和我真的希望人们使用它，所以我们建议将这个原型构建为一个开源项目，将 Borg 的最佳创意带给大家。
+在我们所有人同意后，就开始着手构建这个系统了。我们采用了 Brendan 的原型（Java 语言），用 Go 语言重写了它，并且以上述核心思想去构建该系统。到这个时候，团队已经成长为包括 Ville Aikas，Tim Hockin，Brian Grant，Dawn Chen 和 Daniel Smith。一旦我们有了一些工作需求，有人必须承担一些脱敏的工作，以便为公开发布做好准备。这个角色最终由我承担。当时，我不知道这件事情的重要性，我创建了一个新的仓库，把代码搬过来，然后进行了检查。所以在我第一次提交 public commit 之前，就有工作已经启动了。
+那时 Kubernetes 的版本只是现在版本的简单雏形。核心概念已经有了，但非常原始。例如，Pods 被称为 Tasks，这在我们推广前一天就被替换。2014年6月10日 Eric Brewe 在第一届 DockerCon 上的演讲中正式发布了 Kubernetes 。您可以在此处观看该视频：
+ 
+
+<center><iframe width="560" height="315" src="https://www.youtube.com/embed/YrxnVKZeqK8" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>  
+
+ <!--
+ But, however raw, that modest start was enough to pique the interest of a community that started strong and has only gotten stronger.  Over the past four years Kubernetes has exceeded the expectations of all of us that were there early on. We owe the Kubernetes community a huge debt.  The success the project has seen  is based not just on code and technology but also the way that an amazing group of people have come together to create something special.  The best expression of this is the [set of Kubernetes values](https://github.com/kubernetes/steering/blob/master/values.md) that Sarah Novotny helped curate.
+ Here is to another 4 years and beyond! 🎉🎉🎉
+-->
+
+ 但是，无论多么原始，这小小的一步足以激起一个开始强大而且变得更强大的社区的兴趣。在过去的四年里，Kubernetes 已经超出了我们所有人的期望。我们对 Kubernetes 社区的所有人员表示感谢。该项目所取得的成功不仅基于代码和技术，还基于一群出色的人聚集在一起所做的有意义的事情。Sarah Novotny 策划的一套 [Kubernetes 价值观](https://github.com/kubernetes/steering/blob/master/values.md)是以上最好的表现形式。
+ 让我们一起期待下一个4年！🎉🎉🎉
diff --git a/content/zh/blog/_posts/2018-06-07-dynamic-ingress-kubernetes.md b/content/zh/blog/_posts/2018-06-07-dynamic-ingress-kubernetes.md
new file mode 100644
index 0000000000000..bb8d7d848c1fd
--- /dev/null
+++ b/content/zh/blog/_posts/2018-06-07-dynamic-ingress-kubernetes.md
@@ -0,0 +1,129 @@
+---
+title: 'Kubernetes 内的动态 Ingress'
+layout: blog
+---
+
+<!--
+title: Dynamic Ingress in Kubernetes
+date:  2018-06-07
+Author: Richard Li (Datawire)
+-->
+
+作者: Richard Li (Datawire)
+
+<!--
+Kubernetes makes it easy to deploy applications that consist of many microservices, but one of the key challenges with this type of architecture is dynamically routing ingress traffic to each of these services.  One approach is Ambassador, a Kubernetes-native open source API Gateway built on the Envoy Proxy. Ambassador is designed for dynamic environment where services may come and go frequently.
+Ambassador is configured using Kubernetes annotations. Annotations are used to configure specific mappings from a given Kubernetes service to a particular URL. A mapping can include a number of annotations for configuring a route. Examples include rate limiting, protocol, cross-origin request sharing, traffic shadowing, and routing rules.
+-->
+
+Kubernetes 可以轻松部署由许多微服务组成的应用程序，但这种架构的关键挑战之一是动态地将流量路由到这些服务中的每一个。
+一种方法是使用 [Ambassador](https://www.getambassador.io)，
+一个基于 [Envoy Proxy](https://www.envoyproxy.io) 构建的 Kubernetes 原生开源 API 网关。
+Ambassador 专为动态环境而设计，这类环境中的服务可能被频繁添加或删除。
+
+Ambassador 使用 Kubernetes 注解进行配置。
+注解用于配置从给定 Kubernetes 服务到特定 URL 的具体映射关系。
+每个映射中可以包括多个注解，用于配置路由。
+注解的例子有速率限制、协议、跨源请求共享（CORS）、流量影射和路由规则等。
+
+<!--
+## A Basic Ambassador Example
+Ambassador is typically installed as a Kubernetes deployment, and is also available as a Helm chart. To configure Ambassador, create a Kubernetes service with the Ambassador annotations. Here is an example that configures Ambassador to route requests to /httpbin/ to the public httpbin.org service:
+-->
+
+## 一个简单的 Ambassador 示例
+
+Ambassador 通常作为 Kubernetes Deployment 来安装，也可以作为 Helm Chart 使用。
+配置 Ambassador 时，请使用 Ambassador 注解创建 Kubernetes 服务。
+下面是一个例子，用来配置 Ambassador，将针对 /httpbin/ 的请求路由到公共的 httpbin.org 服务：
+
+```
+apiVersion: v1
+kind: Service
+metadata:
+  name: httpbin
+  annotations:
+    getambassador.io/config: |
+      ---
+      apiVersion: ambassador/v0
+      kind:  Mapping
+      name:  httpbin_mapping
+      prefix: /httpbin/
+      service: httpbin.org:80
+      host_rewrite: httpbin.org
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+```
+
+<!--
+A mapping object is created with a prefix of /httpbin/ and a service name of httpbin.org. The host_rewrite annotation specifies that the HTTP host header should be set to httpbin.org.
+-->
+
+例子中创建了一个 Mapping 对象，其 prefix 设置为 /httpbin/，service 名称为 httpbin.org。
+其中的 host_rewrite 注解指定 HTTP 的 host 头部字段应设置为 httpbin.org。
+
+<!--
+## Kubeflow
+Kubeflow provides a simple way to easily deploy machine learning infrastructure on Kubernetes. The Kubeflow team needed a proxy that provided a central point of authentication and routing to the wide range of services used in Kubeflow, many of which are ephemeral in nature.
+<center><i>Kubeflow architecture, pre-Ambassador</center></i>
+-->
+
+## Kubeflow
+
+[Kubeflow](https://github.com/kubeflow/kubeflow) 提供了一种简单的方法，用于在 Kubernetes 上轻松部署机器学习基础设施。
+Kubeflow 团队需要一个代理，为 Kubeflow 中所使用的各种服务提供集中化的认证和路由能力；Kubeflow 中许多服务本质上都是生命期很短的。
+
+<center><i>Kubeflow architecture, pre-Ambassador</center></i>
+
+<!--
+## Service configuration
+With Ambassador, Kubeflow can use a distributed model for configuration. Instead of a central configuration file, Ambassador allows each service to configure its route in Ambassador via Kubernetes annotations. Here is a simplified example configuration:
+-->
+
+## 服务配置
+
+有了 Ambassador，Kubeflow 可以使用分布式模型进行配置。
+Ambassador 不使用集中的配置文件，而是允许每个服务通过 Kubernetes 注解在 Ambassador 中配置其路由。
+下面是一个简化的配置示例：
+
+```
+---
+apiVersion: ambassador/v0
+kind:  Mapping
+name: tfserving-mapping-test-post
+prefix: /models/test/
+rewrite: /model/test/:predict
+method: POST
+service: test.kubeflow:8000
+```
+
+<!--
+In this example, the “test” service uses Ambassador annotations to dynamically configure a route to the service, triggered only when the HTTP method is a POST, and the annotation also specifies a rewrite rule.
+-->
+
+示例中，“test” 服务使用 Ambassador 注解来为服务动态配置路由。
+所配置的路由仅在 HTTP 方法是 POST 时触发；注解中同时还给出了一条重写规则。
+
+<!--
+With Ambassador, Kubeflow manages routing easily with Kubernetes annotations. Kubeflow configures a single ingress object that directs traffic to Ambassador, then creates services with Ambassador annotations as needed to direct traffic  to specific backends. For example, when deploying TensorFlow services,  Kubeflow creates and and annotates a K8s service so that the model will be served at https://<ingress host>/models/<model name>/. Kubeflow can also use the Envoy Proxy to do the actual L7 routing. Using Ambassador, Kubeflow takes advantage of additional routing configuration like URL rewriting and method-based routing.
+If you’re interested in using Ambassador with Kubeflow, the standard Kubeflow install automatically installs and configures Ambassador.
+If you’re interested in using Ambassador as an API Gateway or Kubernetes ingress solution for your non-Kubeflow services, check out the Getting Started with Ambassador guide.
+## Kubeflow and Ambassador
+-->
+
+## Kubeflow 和 Ambassador
+
+通过 Ambassador，Kubeflow 可以使用 Kubernetes 注解轻松管理路由。
+Kubeflow 配置同一个 Ingress 对象，将流量定向到 Ambassador，然后根据需要创建具有 Ambassador 注解的服务，以将流量定向到特定后端。
+例如，在部署 TensorFlow 服务时，Kubeflow 会创建 Kubernetes 服务并为其添加注解，
+以便用户能够在 `https://<ingress主机>/models/<模型名称>/` 处访问到模型本身。
+Kubeflow 还可以使用 Envoy Proxy 来进行实际的 L7 路由。
+通过 Ambassador，Kubeflow 能够更充分地利用 URL 重写和基于方法的路由等额外的路由配置能力。
+
+如果您对在 Kubeflow 中使用 Ambassador 感兴趣，标准的 Kubeflow 安装会自动安装和配置 Ambassador。
+
+如果您有兴趣将 Ambassador 用作 API 网关或 Kubernetes 的 Ingress 解决方案，
+请参阅 [Ambassador 入门指南](https://www.getambassador.io/user-guide/getting-started)。
+
diff --git a/content/zh/blog/_posts/2018-08-29-kubernetes-testing-ci-automating-contributor-experience.md b/content/zh/blog/_posts/2018-08-29-kubernetes-testing-ci-automating-contributor-experience.md
new file mode 100644
index 0000000000000..8720e483ea5ac
--- /dev/null
+++ b/content/zh/blog/_posts/2018-08-29-kubernetes-testing-ci-automating-contributor-experience.md
@@ -0,0 +1,241 @@
+<!--
+---
+layout: blog
+title:  'The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience'
+date:   2018-08-29
+---
+-->
+
+---
+layout: blog
+title: '机器可以完成这项工作，一个关于 kubernetes 测试、CI 和自动化贡献者体验的故事'
+date: 2019-08-29
+---
+
+<!--
+**Author**: Aaron Crickenberger (Google) and Benjamin Elder (Google)
+-->
+
+**作者**：Aaron Crickenberger（谷歌）和 Benjamin Elder（谷歌）
+
+<!--
+_“Large projects have a lot of less exciting, yet, hard work. We value time spent automating repetitive work more highly than toil. Where that work cannot be automated, it is our culture to recognize and reward all types of contributions. However, heroism is not sustainable.”_ - [Kubernetes Community Values](https://git.k8s.io/community/values.md#automation-over-process)
+-->
+
+_”大型项目有很多不那么令人兴奋，但却很辛苦的工作。比起辛苦工作，我们更重视把时间花在自动化重复性工作上，如果这项工作无法实现自动化，我们的文化就是承认并奖励所有类型的贡献。然而，英雄主义是不可持续的。“_ - [Kubernetes Community Values](https://git.k8s.io/community/values.md#automation-over-process)
+
+<!--
+Like many open source projects, Kubernetes is hosted on GitHub. We felt the barrier to participation would be lowest if the project lived where developers already worked, using tools and processes developers already knew. Thus the project embraced the service fully: it was the basis of our workflow, our issue tracker, our documentation, our blog platform, our team structure, and more.
+-->
+
+像许多开源项目一样，Kubernetes 托管在 GitHub 上。 如果项目位于在开发人员已经工作的地方，使用的开发人员已经知道的工具和流程，那么参与的障碍将是最低的。 因此，该项目完全接受了这项服务：它是我们工作流程，问题跟踪，文档，博客平台，团队结构等的基础。
+
+<!--
+This strategy worked. It worked so well that the project quickly scaled past its contributors’ capacity as humans. What followed was an incredible journey of automation and innovation. We didn’t just need to rebuild our airplane mid-flight without crashing, we needed to convert it into a rocketship and launch into orbit. We needed machines to do the work.
+-->
+
+这个策略奏效了。 它运作良好，以至于该项目迅速超越了其贡献者的人类能力。 接下来是一次令人难以置信的自动化和创新之旅。 我们不仅需要在飞行途中重建我们的飞机而不会崩溃，我们需要将其转换为火箭飞船并发射到轨道。 我们需要机器来完成这项工作。
+
+<!--
+## The Work
+-->
+
+##　工作
+
+<!--
+Initially, we focused on the fact that we needed to support the sheer volume of tests mandated by a complex distributed system such as Kubernetes. Real world failure scenarios had to be exercised via end-to-end (e2e) tests to ensure proper functionality. Unfortunately, e2e tests were susceptible to flakes (random failures) and took anywhere from an hour to a day to complete.
+-->
+
+最初，我们关注的事实是，我们需要支持复杂的分布式系统（如 Kubernetes）所要求的大量测试。 真实世界中的故障场景必须通过端到端（e2e）测试来执行，确保正确的功能。 不幸的是，e2e 测试容易受到薄片（随机故障）的影响，并且需要花费一个小时到一天才能完成。
+
+<!--
+Further experience revealed other areas where machines could do the work for us:
+-->
+
+进一步的经验揭示了机器可以为我们工作的其他领域：
+
+<!--
+* PR Workflow
+  * Did the contributor sign our CLA?
+  * Did the PR pass tests?
+  * Is the PR mergeable?
+  * Did the merge commit pass tests?
+* Triage
+  * Who should be reviewing PRs?
+  * Is there enough information to route an issue to the right people?
+  * Is an issue still relevant?
+* Project Health
+  * What is happening in the project?
+  * What should we be paying attention to?
+  -->
+
+* Pull Request 工作流程
+  * 贡献者是否签署了我们的 CLA？
+  * Pull Request 通过测试吗？
+  * Pull Request 可以合并吗？
+  * 合并提交是否通过了测试？
+* 鉴别分类
+  * 谁应该审查 Pull Request？
+  * 是否有足够的信息将问题发送给合适的人？
+  * 问题是否依旧存在？
+* 项目健康
+  * 项目中发生了什么？
+  * 我们应该注意什么？
+
+<!--
+As we developed automation to improve our situation, we followed a few guiding principles:
+-->
+
+当我们开发自动化来改善我们的情况时，我们遵循了以下几个指导原则：
+
+<!--
+* Follow the push/pull control loop patterns that worked well for Kubernetes
+* Prefer stateless loosely coupled services that do one thing well
+* Prefer empowering the entire community over empowering a few core contributors
+* Eat our own dogfood and avoid reinventing wheels
+-->
+
+* 遵循适用于 Kubernetes 的推送/拉取控制循环模式
+* 首选无状态松散耦合服务
+* 更倾向于授权整个社区权利，而不是赋予少数核心贡献者权力
+* 做好自己的事，而不要重新造轮子
+
+<!--
+## Enter Prow
+-->
+
+## 了解 Prow
+
+<!--
+This led us to create [Prow](https://git.k8s.io/test-infra/prow) as the central component for our automation. Prow is sort of like an [If This, Then That](https://ifttt.com/) for GitHub events, with a built-in library of [commands](https://prow.k8s.io/command-help), [plugins](https://prow.k8s.io/plugins), and utilities. We built Prow on top of Kubernetes to free ourselves from worrying about resource management and scheduling, and ensure a more pleasant operational experience.
+-->
+
+这促使我们创建 [Prow](https://git.k8s.io/test-infra/prow) 作为我们自动化的核心组件。 Prow有点像 [If This, Then That](https://ifttt.com/) 用于 GitHub 事件， 内置 [commands](https://prow.k8s.io/command-help)， [plugins](https://prow.k8s.io/plugins)， 和实用程序。 我们在  Kubernetes 之上建立了 Prow，让我们不必担心资源管理和日程安排，并确保更愉快的运营体验。
+
+<!--
+Prow lets us do things like:
+-->
+
+Prow 让我们做以下事情：
+
+<!--
+* Allow our community to triage issues/PRs by commenting commands such as “/priority critical-urgent”, “/assign mary” or “/close”
+* Auto-label PRs based on how much code they change, or which files they touch
+* Age out issues/PRs that have remained inactive for too long
+* Auto-merge PRs that meet our PR workflow requirements
+* Run CI jobs defined as [Knative Builds](https://github.com/knative/build), Kubernetes Pods, or Jenkins jobs
+* Enforce org-wide and per-repo GitHub policies like [branch protection](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/branchprotector) and [GitHub labels](https://github.com/kubernetes/test-infra/tree/master/label_sync)
+-->
+
+* 允许我们的社区通过评论诸如“/priority critical-urgent”，“/assign mary”或“/close”之类的命令对 issues/Pull Requests 进行分类
+* 根据用户更改的代码数量或创建的文件自动标记 Pull Requests
+* 标出长时间保持不活动状态 issues/Pull Requests
+* 自动合并符合我们PR工作流程要求的 Pull Requests
+* 运行定义为[Knative Builds](https://github.com/knative/build)的 Kubernetes Pods或 Jenkins jobs的 CI 作业
+* 实施组织范围和重构 GitHub 仓库策略，如[Knative Builds]（https://github.com/kubernetes/test-infra/tree/master/prow/cmd/branchprotector）和[GitHub labels]（https://github.com/kubernetes/test-infra/tree/master/label_sync）
+
+<!--
+Prow was initially developed by the engineering productivity team building Google Kubernetes Engine, and is actively contributed to by multiple members of Kubernetes SIG Testing. Prow has been adopted by several other open source projects, including Istio, JetStack, Knative and OpenShift. [Getting started with Prow](https://github.com/kubernetes/test-infra/blob/master/prow/getting_started.md) takes a Kubernetes cluster and `kubectl apply starter.yaml` (running pods on a Kubernetes cluster).
+-->
+
+Prow最初由构建 Google Kubernetes Engine 的工程效率团队开发，并由 Kubernetes SIG Testing 的多个成员积极贡献。 Prow 已被其他几个开源项目采用，包括 Istio，JetStack，Knative 和 OpenShift。 [Getting started with Prow](https://github.com/kubernetes/test-infra/blob/master/prow/getting_started.md)需要一个 Kubernetes 集群和 `kubectl apply starter.yaml`（在 Kubernetes 集群上运行 pod）。
+
+<!--
+Once we had Prow in place, we began to hit other scaling bottlenecks, and so produced additional tooling to support testing at the scale required by Kubernetes, including:
+-->
+
+一旦我们安装了 Prow，我们就开始遇到其他的问题，因此需要额外的工具以支持 Kubernetes 所需的规模测试，包括：
+
+<!--
+- [Boskos](https://github.com/kubernetes/test-infra/tree/master/boskos): manages job resources (such as GCP projects) in pools, checking them out for jobs and cleaning them up automatically ([with monitoring](http://velodrome.k8s.io/dashboard/db/boskos-dashboard?orgId=1))
+- [ghProxy](https://github.com/kubernetes/test-infra/tree/master/ghproxy): a reverse proxy HTTP cache optimized for use with the GitHub API, to ensure our token usage doesn’t hit API limits ([with monitoring](http://velodrome.k8s.io/dashboard/db/github-cache?refresh=1m&orgId=1))
+- [Greenhouse](https://github.com/kubernetes/test-infra/tree/master/greenhouse): allows us to use a remote bazel cache to provide faster build and test results for PRs ([with monitoring](http://velodrome.k8s.io/dashboard/db/bazel-cache?orgId=1))
+- [Splice](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/splice): allows us to test and merge PRs in a batch, ensuring our merge velocity is not limited to our test velocity
+- [Tide](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/tide): allows us to merge PRs selected via GitHub queries rather than ordered in a queue, allowing for significantly higher merge velocity in tandem with splice
+-->
+
+- [Boskos](https://github.com/kubernetes/test-infra/tree/master/boskos): 管理池中的作业资源（例如 GCP 项目），检查它们是否有工作并自动清理它们 ([with monitoring](http://velodrome.k8s.io/dashboard/db/boskos-dashboard?orgId=1))
+- [ghProxy](https://github.com/kubernetes/test-infra/tree/master/ghproxy): 优化用于 GitHub API 的反向代理 HTTP 缓存，以确保我们的令牌使用不会达到 API 限制 ([with monitoring](http://velodrome.k8s.io/dashboard/db/github-cache?refresh=1m&orgId=1))
+- [Greenhouse](https://github.com/kubernetes/test-infra/tree/master/greenhouse): 允许我们使用远程 bazel 缓存为 Pull requests 提供更快的构建和测试结果 ([with monitoring](http://velodrome.k8s.io/dashboard/db/bazel-cache?orgId=1))
+- [Splice](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/splice): 允许我们批量测试和合并 Pull requests，确保我们的合并速度不仅限于我们的测试速度
+- [Tide](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/tide): 允许我们合并通过 GitHub 查询选择的 Pull requests，而不是在队列中排序，允许显着更高合并速度与拼接一起
+
+<!--
+## Scaling Project Health
+-->
+
+##　关注项目健康状况
+
+<!--
+With workflow automation addressed, we turned our attention to project health. We chose to use Google Cloud Storage (GCS) as our source of truth for all test data, allowing us to lean on established infrastructure, and allowed the community to contribute results. We then built a variety of tools to help individuals and the project as a whole make sense of this data, including:
+-->
+
+随着工作流自动化的实施，我们将注意力转向了项目健康。我们选择使用 Google Cloud Storage (GCS)作为所有测试数据的真实来源，允许我们依赖已建立的基础设施，并允许社区贡献结果。然后，我们构建了各种工具来帮助个人和整个项目理解这些数据，包括：
+
+<!--
+* [Gubernator](https://github.com/kubernetes/test-infra/tree/master/gubernator): display the results and test history for a given PR
+* [Kettle](https://github.com/kubernetes/test-infra/tree/master/kettle): transfer data from GCS to a publicly accessible bigquery dataset
+* [PR dashboard](https://k8s-gubernator.appspot.com/pr): a workflow-aware dashboard that allows contributors to understand which PRs require attention and why
+* [Triage](https://storage.googleapis.com/k8s-gubernator/triage/index.html): identify common failures that happen across all jobs and tests
+* [Testgrid](https://k8s-testgrid.appspot.com/): display test results for a given job across all runs, summarize test results across groups of jobs
+-->
+
+* [Gubernator](https://github.com/kubernetes/test-infra/tree/master/gubernator): 显示给定 Pull Request 的结果和测试历史
+* [Kettle](https://github.com/kubernetes/test-infra/tree/master/kettle): 将数据从 GCS 传输到可公开访问的 bigquery 数据集
+* [PR dashboard](https://k8s-gubernator.appspot.com/pr): 一个工作流程识别仪表板，允许参与者了解哪些 Pull Request 需要注意以及为什么
+* [Triage](https://storage.googleapis.com/k8s-gubernator/triage/index.html): 识别所有作业和测试中发生的常见故障
+* [Testgrid](https://k8s-testgrid.appspot.com/): 显示所有运行中给定作业的测试结果，汇总各组作业的测试结果
+
+<!--
+We approached the Cloud Native Computing Foundation (CNCF) to develop DevStats to glean insights from our GitHub events such as:
+-->
+
+我们与云计算本地计算基金会（CNCF）联系，开发 DevStats，以便从我们的 GitHub 活动中收集见解，例如：
+
+<!--
+* [Which prow commands are people most actively using](https://k8s.devstats.cncf.io/d/5/bot-commands-repository-groups?orgId=1)
+* [PR reviews by contributor over time](https://k8s.devstats.cncf.io/d/46/pr-reviews-by-contributor?orgId=1&var-period=d7&var-repo_name=All&var-reviewers=All)
+* [Time spent in each phase of our PR workflow](https://k8s.devstats.cncf.io/d/44/pr-time-to-approve-and-merge?orgId=1)
+-->
+
+* [Which prow commands are people most actively using](https://k8s.devstats.cncf.io/d/5/bot-commands-repository-groups?orgId=1)
+* [PR reviews by contributor over time](https://k8s.devstats.cncf.io/d/46/pr-reviews-by-contributor?orgId=1&var-period=d7&var-repo_name=All&var-reviewers=All)
+* [Time spent in each phase of our PR workflow](https://k8s.devstats.cncf.io/d/44/pr-time-to-approve-and-merge?orgId=1)
+
+<!--
+## Into the Beyond
+-->
+
+## Into the Beyond
+
+<!--
+Today, the Kubernetes project spans over 125 repos across five orgs. There are 31 Special Interests Groups and 10 Working Groups coordinating development within the project. In the last year the project has had [participation from over 13,800 unique developers](https://k8s.devstats.cncf.io/d/13/developer-activity-counts-by-repository-group?orgId=1&var-period_name=Last%20year&var-metric=contributions&var-repogroup_name=All) on GitHub.
+-->
+
+今天，Kubernetes 项目跨越了5个组织125个仓库。有31个特殊利益集团和10个工作组在项目内协调发展。在过去的一年里，该项目有 [来自13800多名独立开发人员的参与](https://k8s.devstats.cncf.io/d/13/developer-activity-counts-by-repository-group?orgId=1&var-period_name=Last%20year&var-metric=contributions&var-repogroup_name=All)。
+
+<!--
+On any given weekday our Prow instance [runs over 10,000 CI jobs](http://velodrome.k8s.io/dashboard/db/bigquery-metrics?panelId=10&fullscreen&orgId=1&from=now-6M&to=now); from March 2017 to March 2018 it ran 4.3 million jobs. Most of these jobs involve standing up an entire Kubernetes cluster, and exercising it using real world scenarios. They allow us to ensure all supported releases of Kubernetes work across cloud providers, container engines, and networking plugins. They make sure the latest releases of Kubernetes work with various optional features enabled, upgrade safely, meet performance requirements, and work across architectures.
+-->
+
+在任何给定的工作日，我们的 Prow 实例[运行超过10,000个 CI 工作](http://velodrome.k8s.io/dashboard/db/bigquery-metrics?panelId=10&fullscreen&orgId=1&from=now-6M&to=now); 从2017年3月到2018年3月，它有430万个工作岗位。 这些工作中的大多数涉及建立整个 Kubernetes 集群，并使用真实场景来实施它。 它们使我们能够确保所有受支持的 Kubernetes 版本跨云提供商，容器引擎和网络插件工作。 他们确保最新版本的 Kubernetes 能够启用各种可选功能，安全升级，满足性能要求，并跨架构工作。
+
+<!--
+With today’s [announcement from CNCF](https://www.cncf.io/announcement/2018/08/29/cncf-receives-9-million-cloud-credit-grant-from-google) – noting that Google Cloud has begun transferring ownership and management of the Kubernetes project’s cloud resources to CNCF community contributors, we are excited to embark on another journey. One that allows the project infrastructure to be owned and operated by the community of contributors, following the same open governance model that has worked for the rest of the project. Sound exciting to you? Come talk to us at #sig-testing on kubernetes.slack.com.
+-->
+
+今天[来自CNCF的公告](https://www.cncf.io/announcement/2018/08/29/cncf-receives-9-million-cloud-credit-grant-from-google) - 注意到    Google Cloud 有开始将 Kubernetes 项目的云资源的所有权和管理权转让给 CNCF 社区贡献者，我们很高兴能够开始另一个旅程。 允许项目基础设施由贡献者社区拥有和运营，遵循对项目其余部分有效的相同开放治理模型。 听起来令人兴奋。 请来 kubernetes.slack.com 上的 #sig-testing on kubernetes.slack.com 与我们联系。
+
+<!--
+Want to find out more? Come check out these resources:
+-->
+
+想了解更多？ 快来看看这些资源：
+
+<!--
+* [Prow: Testing the way to Kubernetes Next](https://bentheelder.io/posts/prow)
+* [Automation and the Kubernetes Contributor Experience](https://www.youtube.com/watch?v=BsIC7gPkH5M)
+-->
+
+* [Prow: Testing the way to Kubernetes Next](https://bentheelder.io/posts/prow)
+* [Automation and the Kubernetes Contributor Experience](https://www.youtube.com/watch?v=BsIC7gPkH5M)
diff --git a/content/zh/blog/_posts/2018-10-03-kubedirector.md b/content/zh/blog/_posts/2018-10-03-kubedirector.md
new file mode 100644
index 0000000000000..e07f1bb35fde1
--- /dev/null
+++ b/content/zh/blog/_posts/2018-10-03-kubedirector.md
@@ -0,0 +1,306 @@
+---
+layout: blog
+title: 'KubeDirector：在 Kubernetes 上运行复杂状态应用程序的简单方法'
+date: 2018-10-03
+---
+
+<!--
+layout: blog
+title: 'KubeDirector: The easy way to run complex stateful applications on Kubernetes'
+date: 2018-10-03
+-->
+
+<!--
+**Author**: Thomas Phelan (BlueData)
+-->
+
+**作者**：Thomas Phelan（BlueData）
+
+<!--
+KubeDirector is an open source project designed to make it easy to run complex stateful scale-out application clusters on Kubernetes. KubeDirector is built using the custom resource definition (CRD) framework and leverages the native Kubernetes API extensions and design philosophy. This enables transparent integration with Kubernetes user/resource management as well as existing clients and tools.
+-->
+KubeDirector 是一个开源项目，旨在简化在 Kubernetes 上运行复杂的有状态扩展应用程序集群。KubeDirector 使用自定义资源定义（CRD）
+框架构建，并利用了本地 Kubernetes API 扩展和设计哲学。这支持与 Kubernetes 用户/资源 管理以及现有客户端和工具的透明集成。
+
+<!--
+We recently [introduced the KubeDirector project](https://medium.com/@thomas_phelan/operation-stateful-introducing-bluek8s-and-kubernetes-director-aa204952f619/), as part of a broader open source Kubernetes initiative we call BlueK8s. I’m happy to announce that the pre-alpha
+code for [KubeDirector](https://github.com/bluek8s/kubedirector/) is now available. And in this blog post, I’ll show how it works.
+-->
+我们最近[介绍了 KubeDirector 项目](https://medium.com/@thomas_phelan/operation-stateful-introducing-bluek8s-and-kubernetes-director-aa204952f619/)，作为我们称为 BlueK8s 的更广泛的 Kubernetes 开源项目的一部分。我很高兴地宣布 [KubeDirector](https://github.com/bluek8s/kubedirector/) 的
+pre-alpha 代码现在已经可用。在这篇博客文章中，我将展示它是如何工作的。
+
+<!--
+KubeDirector provides the following capabilities:
+-->
+KubeDirector 提供以下功能：
+
+<!--
+*	The ability to run non-cloud native stateful applications on Kubernetes without modifying the code. In other words, it’s not necessary to decompose these existing applications to fit a microservices design pattern.
+*	Native support for preserving application-specific configuration and state.
+*	An application-agnostic deployment pattern, minimizing the time to onboard new stateful applications to Kubernetes.
+-->
+
+*	无需修改代码即可在 Kubernetes 上运行非云原生有状态应用程序。换句话说，不需要分解这些现有的应用程序来适应微服务设计模式。
+*	本机支持保存特定于应用程序的配置和状态。
+*	与应用程序无关的部署模式，最大限度地减少将新的有状态应用程序装载到 Kubernetes 的时间。
+
+<!--
+KubeDirector enables data scientists familiar with data-intensive distributed applications such as Hadoop, Spark, Cassandra, TensorFlow, Caffe2, etc. to run these applications on Kubernetes -- with a minimal learning curve and no need to write GO code. The applications controlled by KubeDirector are defined by some basic metadata and an associated package of configuration artifacts.  The application metadata is referred to as a KubeDirectorApp resource.
+-->
+KubeDirector 使熟悉数据密集型分布式应用程序（如 Hadoop、Spark、Cassandra、TensorFlow、Caffe2 等）的数据科学家能够在 Kubernetes 上运行这些应用程序 -- 只需极少的学习曲线，无需编写 GO 代码。由 KubeDirector 控制的应用程序由一些基本元数据和相关的配置工件包定义。应用程序元数据称为 KubeDirectorApp 资源。
+
+<!--
+To understand the components of KubeDirector, clone the repository on [GitHub](https://github.com/bluek8s/kubedirector/) using a command similar to:
+-->
+要了解 KubeDirector 的组件，请使用类似于以下的命令在 [GitHub](https://github.com/bluek8s/kubedirector/) 上克隆存储库：
+
+```
+git clone http://<userid>@github.com/bluek8s/kubedirector.
+```
+
+<!--
+The KubeDirectorApp definition for the Spark 2.2.1 application is located
+in the file `kubedirector/deploy/example_catalog/cr-app-spark221e2.json`.
+-->
+Spark 2.2.1 应用程序的 KubeDirectorApp 定义位于文件 `kubedirector/deploy/example_catalog/cr-app-spark221e2.json` 中。
+
+ ```
+ ~> cat kubedirector/deploy/example_catalog/cr-app-spark221e2.json
+ {
+    "apiVersion": "kubedirector.bluedata.io/v1alpha1",
+    "kind": "KubeDirectorApp",
+    "metadata": {
+        "name" : "spark221e2"
+    },
+    "spec" : {
+        "systemctlMounts": true,
+        "config": {
+            "node_services": [
+                {
+                    "service_ids": [
+                        "ssh",
+                        "spark",
+                        "spark_master",
+                        "spark_worker"
+                    ],
+…
+```
+
+<!--
+The configuration of an application cluster is referred to as a KubeDirectorCluster resource. The
+KubeDirectorCluster definition for a sample Spark 2.2.1 cluster is located in the file
+`kubedirector/deploy/example_clusters/cr-cluster-spark221.e1.yaml`.
+-->
+应用程序集群的配置称为 KubeDirectorCluster 资源。示例 Spark 2.2.1 集群的 KubeDirectorCluster 定义位于文件
+`kubedirector/deploy/example_clusters/cr-cluster-spark221.e1.yaml` 中。
+
+```
+~> cat kubedirector/deploy/example_clusters/cr-cluster-spark221.e1.yaml
+apiVersion: "kubedirector.bluedata.io/v1alpha1"
+kind: "KubeDirectorCluster"
+metadata:
+  name: "spark221e2"
+spec:
+  app: spark221e2
+  roles:
+  - name: controller
+    replicas: 1
+    resources:
+      requests:
+        memory: "4Gi"
+        cpu: "2"
+      limits:
+        memory: "4Gi"
+        cpu: "2"
+  - name: worker
+    replicas: 2
+    resources:
+      requests:
+        memory: "4Gi"
+        cpu: "2"
+      limits:
+        memory: "4Gi"
+        cpu: "2"
+  - name: jupyter
+…
+```
+
+<!--
+## Running Spark on Kubernetes with KubeDirector
+-->
+
+## 使用 KubeDirector 在 Kubernetes 上运行 Spark
+
+<!--
+With KubeDirector, it’s easy to run Spark clusters on Kubernetes.
+-->
+使用 KubeDirector，可以轻松在 Kubernetes 上运行 Spark 集群。
+
+<!--
+First, verify that Kubernetes (version 1.9 or later) is running, using the command `kubectl version`
+-->
+首先，使用命令 `kubectl version` 验证 Kubernetes（版本 1.9 或更高）是否正在运行
+
+```
+~> kubectl version
+Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.3", GitCommit:"a4529464e4629c21224b3d52edfe0ea91b072862", GitTreeState:"clean", BuildDate:"2018-09-09T18:02:47Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
+Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.3", GitCommit:"a4529464e4629c21224b3d52edfe0ea91b072862", GitTreeState:"clean", BuildDate:"2018-09-09T17:53:03Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}                                    
+```
+
+<!--
+Deploy the KubeDirector service and the example KubeDirectorApp resource definitions with the commands:
+-->
+使用以下命令部署 KubeDirector 服务和示例 KubeDirectorApp 资源定义：
+
+```
+cd kubedirector
+make deploy
+```
+
+<!--
+These will start the KubeDirector pod:
+-->
+这些将启动 KubeDirector pod：
+
+```
+~> kubectl get pods
+NAME                           READY     STATUS     RESTARTS     AGE
+kubedirector-58cf59869-qd9hb   1/1       Running    0            1m     
+```
+
+<!--
+List the installed KubeDirector applications with `kubectl get KubeDirectorApp`
+-->
+`kubectl get KubeDirectorApp` 列出中已安装的 KubeDirector 应用程序
+
+```
+~> kubectl get KubeDirectorApp
+NAME           AGE
+cassandra311   30m
+spark211up     30m
+spark221e2     30m
+```
+
+<!--
+Now you can launch a Spark 2.2.1 cluster using the example KubeDirectorCluster file and the
+`kubectl create -f deploy/example_clusters/cr-cluster-spark211up.yaml` command.
+Verify that the Spark cluster has been started:
+-->
+现在，您可以使用示例 KubeDirectorCluster 文件和 `kubectl create -f deploy/example_clusters/cr-cluster-spark211up.yaml` 命令
+启动 Spark 2.2.1 集群。验证 Spark 集群已经启动:
+
+```
+~> kubectl get pods
+NAME                             READY     STATUS    RESTARTS   AGE
+kubedirector-58cf59869-djdwl     1/1       Running   0          19m
+spark221e2-controller-zbg4d-0    1/1       Running   0          23m
+spark221e2-jupyter-2km7q-0       1/1       Running   0          23m
+spark221e2-worker-4gzbz-0        1/1       Running   0          23m
+spark221e2-worker-4gzbz-1        1/1       Running   0          23m
+```
+
+<!--
+The running services now include the Spark services:
+-->
+现在运行的服务包括 Spark 服务：
+
+```
+~> kubectl get service
+NAME                                TYPE         CLUSTER-IP        EXTERNAL-IP    PORT(S)                                                    AGE
+kubedirector                        ClusterIP    10.98.234.194     <none>         60000/TCP                                                  1d
+kubernetes                          ClusterIP    10.96.0.1         <none>         443/TCP                                                    1d
+svc-spark221e2-5tg48                ClusterIP    None              <none>         8888/TCP                                                   21s
+svc-spark221e2-controller-tq8d6-0   NodePort     10.104.181.123    <none>         22:30534/TCP,8080:31533/TCP,7077:32506/TCP,8081:32099/TCP  20s
+svc-spark221e2-jupyter-6989v-0      NodePort     10.105.227.249    <none>         22:30632/TCP,8888:30355/TCP                                20s
+svc-spark221e2-worker-d9892-0       NodePort     10.107.131.165    <none>         22:30358/TCP,8081:32144/TCP                                20s
+svc-spark221e2-worker-d9892-1       NodePort     10.110.88.221     <none>         22:30294/TCP,8081:31436/TCP                                20s
+```
+
+<!--
+Pointing the browser at port 31533 connects to the Spark Master UI:
+-->
+将浏览器指向端口 31533 连接到 Spark 主节点 UI：
+
+![kubedirector](/images/blog/2018-10-03-kubedirector/kubedirector.png)
+
+<!--
+That’s all there is to it!
+In fact, in the example above we also deployed a Jupyter notebook along with the Spark cluster.
+-->
+就是这样!
+事实上，在上面的例子中，我们还部署了一个 Jupyter notebook 和 Spark 集群。
+
+<!--
+To start another application (e.g. Cassandra), just specify another KubeDirectorApp file:
+-->
+要启动另一个应用程序（例如 Cassandra），只需指定另一个 KubeDirectorApp 文件：
+
+```
+kubectl create -f deploy/example_clusters/cr-cluster-cassandra311.yaml
+```
+
+<!--
+See the running Cassandra cluster:
+-->
+查看正在运行的 Cassandra 集群：
+
+```
+~> kubectl get pods
+NAME                              READY     STATUS    RESTARTS   AGE
+cassandra311-seed-v24r6-0         1/1       Running   0          1m
+cassandra311-seed-v24r6-1         1/1       Running   0          1m
+cassandra311-worker-rqrhl-0       1/1       Running   0          1m
+cassandra311-worker-rqrhl-1       1/1       Running   0          1m
+kubedirector-58cf59869-djdwl      1/1       Running   0          1d
+spark221e2-controller-tq8d6-0     1/1       Running   0          22m
+spark221e2-jupyter-6989v-0        1/1       Running   0          22m
+spark221e2-worker-d9892-0         1/1       Running   0          22m
+spark221e2-worker-d9892-1         1/1       Running   0          22m
+```
+
+<!--
+Now you have a Spark cluster (with a Jupyter notebook) and a Cassandra cluster running on Kubernetes.
+Use `kubectl get service` to see the set of services.
+-->
+现在，您有一个 Spark 集群（带有 Jupyter notebook ）和一个运行在 Kubernetes 上的 Cassandra 集群。
+使用 `kubectl get service` 查看服务集。
+
+```
+~> kubectl get service
+NAME                                TYPE         CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                   AGE
+kubedirector                        ClusterIP    10.98.234.194    <none>        60000/TCP                                                 1d
+kubernetes                          ClusterIP    10.96.0.1        <none>        443/TCP                                                   1d
+svc-cassandra311-seed-v24r6-0       NodePort     10.96.94.204     <none>        22:31131/TCP,9042:30739/TCP                               3m
+svc-cassandra311-seed-v24r6-1       NodePort     10.106.144.52    <none>        22:30373/TCP,9042:32662/TCP                               3m
+svc-cassandra311-vhh29              ClusterIP    None             <none>        8888/TCP                                                  3m
+svc-cassandra311-worker-rqrhl-0     NodePort     10.109.61.194    <none>        22:31832/TCP,9042:31962/TCP                               3m
+svc-cassandra311-worker-rqrhl-1     NodePort     10.97.147.131    <none>        22:31454/TCP,9042:31170/TCP                               3m
+svc-spark221e2-5tg48                ClusterIP    None             <none>        8888/TCP                                                  24m
+svc-spark221e2-controller-tq8d6-0   NodePort     10.104.181.123   <none>        22:30534/TCP,8080:31533/TCP,7077:32506/TCP,8081:32099/TCP 24m
+svc-spark221e2-jupyter-6989v-0      NodePort     10.105.227.249   <none>        22:30632/TCP,8888:30355/TCP                               24m
+svc-spark221e2-worker-d9892-0       NodePort     10.107.131.165   <none>        22:30358/TCP,8081:32144/TCP                               24m
+svc-spark221e2-worker-d9892-1       NodePort     10.110.88.221    <none>        22:30294/TCP,8081:31436/TCP                               24m
+```
+
+<!--
+## Get Involved
+-->
+
+## 参与其中
+
+<!--
+KubeDirector is a fully open source, Apache v2 licensed, project – the first of multiple open source projects within a broader initiative we call BlueK8s.
+The pre-alpha code for KubeDirector has just been released and we would love for you to join the growing community of developers, contributors, and adopters.
+Follow [@BlueK8s](https://twitter.com/BlueK8s/) on Twitter and get involved through these channels:
+-->
+KubeDirector 是一个完全开放源码的 Apache v2 授权项目 – 在我们称为 BlueK8s 的更广泛的计划中，它是多个开放源码项目中的第一个。
+KubeDirector 的 pre-alpha 代码刚刚发布，我们希望您加入到不断增长的开发人员、贡献者和使用者社区。
+在 Twitter 上关注 [@BlueK8s](https://twitter.com/BlueK8s/)，并通过以下渠道参与:
+
+<!--
+* KubeDirector [chat room on Slack](https://join.slack.com/t/bluek8s/shared_invite/enQtNDUwMzkwODY5OTM4LTRhYmRmZmE4YzY3OGUzMjA1NDg0MDVhNDQ2MGNkYjRhM2RlMDNjMTI1NDQyMjAzZGVlMDFkNThkNGFjZGZjMGY/)
+*	KubeDirector [GitHub repo](https://github.com/bluek8s/kubedirector/)
+-->
+
+* KubeDirector [Slack 聊天室](https://join.slack.com/t/bluek8s/shared_invite/enQtNDUwMzkwODY5OTM4LTRhYmRmZmE4YzY3OGUzMjA1NDg0MDVhNDQ2MGNkYjRhM2RlMDNjMTI1NDQyMjAzZGVlMDFkNThkNGFjZGZjMGY/)
+*	KubeDirector [GitHub 仓库](https://github.com/bluek8s/kubedirector/)
diff --git a/content/zh/blog/_posts/2018-10-11-topology-aware-volume-provisioning.md b/content/zh/blog/_posts/2018-10-11-topology-aware-volume-provisioning.md
new file mode 100644
index 0000000000000..3aefd018ab019
--- /dev/null
+++ b/content/zh/blog/_posts/2018-10-11-topology-aware-volume-provisioning.md
@@ -0,0 +1,268 @@
+---
+layout: blog
+title: 'Kubernetes 中的拓扑感知数据卷供应'
+date: 2018-10-11
+---
+<!--
+---
+layout: blog
+title: 'Topology-Aware Volume Provisioning in Kubernetes'
+date: 2018-10-11
+---
+-->
+
+<!--
+**Author**: Michelle Au (Google)
+-->
+**作者**: Michelle Au（谷歌）
+
+<!--
+The multi-zone cluster experience with persistent volumes is improving in Kubernetes 1.12 with the topology-aware dynamic provisioning beta feature. This feature allows Kubernetes to make intelligent decisions when dynamically provisioning volumes by getting scheduler input on the best place to provision a volume for a pod.  In multi-zone clusters, this means that volumes will get provisioned in an appropriate zone that can run your pod, allowing you to easily deploy and scale your stateful workloads across failure domains to provide high availability and fault tolerance.
+-->
+通过提供拓扑感知动态卷供应功能，具有持久卷的多区域集群体验在 Kubernetes 1.12 中得到了改进。此功能使得 Kubernetes 在动态供应卷时能做出明智的决策，方法是从调度器获得为 Pod 提供数据卷的最佳位置。在多区域集群环境，这意味着数据卷能够在满足你的 Pod 运行需要的合适的区域被供应，从而允许您跨故障域轻松部署和扩展有状态工作负载，从而提供高可用性和容错能力。
+
+<!--
+## Previous challenges
+-->
+## 以前的挑战
+
+<!--
+Before this feature, running stateful workloads with zonal persistent disks (such as AWS ElasticBlockStore, Azure Disk, GCE PersistentDisk) in multi-zone clusters had many challenges. Dynamic provisioning was handled independently from pod scheduling, which meant that as soon as you created a PersistentVolumeClaim (PVC), a volume would get provisioned. This meant that the provisioner had no knowledge of what pods were using the volume, and any pod constraints it had that could impact scheduling.
+-->
+在此功能被提供之前，在多区域集群中使用区域化的持久磁盘（例如 AWS ElasticBlockStore，Azure Disk，GCE PersistentDisk）运行有状态工作负载存在许多挑战。动态供应独立于 Pod 调度处理，这意味着只要您创建了一个 PersistentVolumeClaim（PVC），一个卷就会被供应。这也意味着供应者不知道哪些 Pod 正在使用该卷，也不清楚任何可能影响调度的 Pod 约束。
+
+<!--
+This resulted in unschedulable pods because volumes were provisioned in zones that:
+-->
+这导致了不可调度的 Pod，因为在以下区域中配置了卷：
+
+<!--
+* did not have enough CPU or memory resources to run the pod
+* conflicted with node selectors, pod affinity or anti-affinity policies
+* could not run the pod due to taints
+-->
+* 没有足够的 CPU 或内存资源来运行 Pod
+* 与节点选择器、Pod 亲和或反亲和策略冲突
+* 由于污点（taint）不能运行 Pod
+
+<!--
+Another common issue was that a non-StatefulSet pod using multiple persistent volumes could have each volume provisioned in a different zone, again resulting in an unschedulable pod.
+-->
+另一个常见问题是，使用多个持久卷的非有状态 Pod 可能会在不同的区域中配置每个卷，从而导致一个不可调度的 Pod。
+
+<!--
+Suboptimal workarounds included overprovisioning of nodes, or manual creation of volumes in the correct zones, making it difficult to dynamically deploy and scale stateful workloads.
+-->
+次优的解决方法包括节点超配，或在正确的区域中手动创建卷，但这会造成难以动态部署和扩展有状态工作负载的问题。
+
+<!--
+The topology-aware dynamic provisioning feature addresses all of the above issues.
+-->
+拓扑感知动态供应功能解决了上述所有问题。
+
+<!--
+## Supported Volume Types
+-->
+## 支持的卷类型
+
+<!--
+In 1.12, the following drivers support topology-aware dynamic provisioning:
+-->
+在 1.12 中，以下驱动程序支持拓扑感知动态供应：
+
+<!--
+* AWS EBS
+* Azure Disk
+* GCE PD (including Regional PD)
+* CSI (alpha) - currently only the GCE PD CSI driver has implemented topology support
+-->
+* AWS EBS
+* Azure Disk
+* GCE PD （包括 Regional PD）
+* CSI（alpha） - 目前只有 GCE PD CSI 驱动实现了拓扑支持
+
+<!--
+## Design Principles
+-->
+## 设计原则
+
+<!--
+While the initial set of supported plugins are all zonal-based, we designed this feature to adhere to the Kubernetes principle of portability across environments. Topology specification is generalized and uses a similar label-based specification like in Pod nodeSelectors and nodeAffinity. This mechanism allows you to define your own topology boundaries, such as racks in on-premise clusters, without requiring modifications to the scheduler to understand these custom topologies.
+-->
+虽然最初支持的插件集都是基于区域的，但我们设计此功能时遵循 Kubernetes 跨环境可移植性的原则。
+拓扑规范是通用的，并使用类似于基于标签的规范，如 Pod nodeSelectors 和 nodeAffinity。
+该机制允许您定义自己的拓扑边界，例如内部部署集群中的机架，而无需修改调度程序以了解这些自定义拓扑。
+
+<!--
+In addition, the topology information is abstracted away from the pod specification, so a pod does not need knowledge of the underlying storage system’s topology characteristics. This means that you can use the same pod specification across multiple clusters, environments, and storage systems.
+-->
+此外，拓扑信息是从 Pod 规范中抽象出来的，因此 Pod 不需要了解底层存储系统的拓扑特征。
+这意味着您可以在多个集群、环境和存储系统中使用相同的 Pod 规范。
+
+<!--
+## Getting Started
+-->
+## 入门
+
+<!--
+To enable this feature, all you need to do is to create a StorageClass with `volumeBindingMode` set to `WaitForFirstConsumer`:
+-->
+要启用此功能，您需要做的就是创建一个将 `volumeBindingMode` 设置为 `WaitForFirstConsumer` 的 StorageClass：
+
+```
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: topology-aware-standard
+provisioner: kubernetes.io/gce-pd
+volumeBindingMode: WaitForFirstConsumer
+parameters:
+  type: pd-standard
+```
+
+<!--
+This new setting instructs the volume provisioner to not create a volume immediately, and instead, wait for a pod using an associated PVC to run through scheduling. Note that previous StorageClass `zone` and `zones` parameters do not need to be specified anymore, as pod policies now drive the decision of which zone to provision a volume in.
+-->
+这个新设置表明卷配置器不立即创建卷，而是等待使用关联的 PVC 的 Pod 通过调度运行。
+请注意，不再需要指定以前的 StorageClass `zone` 和 `zones` 参数，因为现在在哪个区域中配置卷由 Pod 策略决定。
+
+<!--
+Next, create a pod and PVC with this StorageClass. This sequence is the same as before, but with a different StorageClass specified in the PVC. The following is a hypothetical example, demonstrating the capabilities of the new feature by specifying many pod constraints and scheduling policies:
+-->
+接下来，使用此 StorageClass 创建一个 Pod 和 PVC。
+此过程与之前相同，但在 PVC 中指定了不同的 StorageClass。
+以下是一个假设示例，通过指定许多 Pod 约束和调度策略来演示新功能特性：
+
+<!--
+* multiple PVCs in a pod
+* nodeAffinity across a subset of zones
+* pod anti-affinity on zones
+-->
+* 一个 Pod 多个 PVC
+* 跨子区域的节点亲和
+* 同一区域 Pod 反亲和
+
+```
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web
+spec:   
+  serviceName: "nginx"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: failure-domain.beta.kubernetes.io/zone
+                operator: In
+                values:
+                - us-central1-a
+                - us-central1-f
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - nginx
+            topologyKey: failure-domain.beta.kubernetes.io/zone
+      containers:
+      - name: nginx
+        image: gcr.io/google_containers/nginx-slim:0.8
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /usr/share/nginx/html
+        - name: logs
+          mountPath: /logs
+ volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: topology-aware-standard
+      resources:
+        requests:
+          storage: 10Gi
+  - metadata:
+      name: logs
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: topology-aware-standard
+      resources:
+        requests:
+          storage: 1Gi
+```
+
+<!--
+Afterwards, you can see that the volumes were provisioned in zones according to the policies set by the pod:
+-->
+之后，您可以看到根据 Pod 设置的策略在区域中配置卷：
+
+```
+$ kubectl get pv -o=jsonpath='{range .items[*]}{.spec.claimRef.name}{"\t"}{.metadata.labels.failure\-domain\.beta\.kubernetes\.io/zone}{"\n"}{end}'
+www-web-0       us-central1-f
+logs-web-0      us-central1-f
+www-web-1       us-central1-a
+logs-web-1      us-central1-a
+```
+
+<!--
+## How can I learn more?
+-->
+## 我怎样才能了解更多？
+
+<!--
+Official documentation on the topology-aware dynamic provisioning feature is available here:https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
+-->
+有关拓扑感知动态供应功能的官方文档可在此处获取：https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
+
+<!--
+Documentation for CSI drivers is available at https://kubernetes-csi.github.io/docs/
+-->
+有关 CSI 驱动程序的文档，请访问：https://kubernetes-csi.github.io/docs/
+
+<!--
+## What’s next?
+-->
+## 下一步是什么？
+
+<!--
+We are actively working on improving this feature to support:
+-->
+我们正积极致力于改进此功能以支持：
+
+<!--
+* more volume types, including dynamic provisioning for local volumes
+* dynamic volume attachable count and capacity limits per node
+-->
+* 更多卷类型，包括本地卷的动态供应
+* 动态容量可附加计数和每个节点的容量限制
+
+<!--
+## How do I get involved?
+-->
+## 我如何参与？
+
+<!--
+If you have feedback for this feature or are interested in getting involved with the design and development, join the [Kubernetes Storage Special-Interest-Group](https://github.com/kubernetes/community/tree/master/sig-storage) (SIG). We’re rapidly growing and always welcome new contributors.
+-->
+如果您对此功能有反馈意见或有兴趣参与设计和开发，请加入 [Kubernetes 存储特别兴趣小组](https://github.com/kubernetes/community/tree/master/sig-storage)（SIG）。我们正在快速成长，并始终欢迎新的贡献者。
+
+<!--
+Special thanks to all the contributors that helped bring this feature to beta, including Cheng Xing ([verult](https://github.com/verult)), Chuqiang Li ([lichuqiang](https://github.com/lichuqiang)), David Zhu ([davidz627](https://github.com/davidz627)), Deep Debroy ([ddebroy](https://github.com/ddebroy)), Jan Šafránek ([jsafrane](https://github.com/jsafrane)), Jordan Liggitt ([liggitt](https://github.com/liggitt)), Michelle Au ([msau42](https://github.com/msau42)), Pengfei Ni ([feiskyer](https://github.com/feiskyer)), Saad Ali ([saad-ali](https://github.com/saad-ali)), Tim Hockin ([thockin](https://github.com/thockin)), and Yecheng Fu ([cofyc](https://github.com/cofyc)).
+-->
+特别感谢帮助推出此功能的所有贡献者，包括 Cheng Xing ([verult](https://github.com/verult))、Chuqiang Li ([lichuqiang](https://github.com/lichuqiang))、David Zhu ([davidz627](https://github.com/davidz627))、Deep Debroy ([ddebroy](https://github.com/ddebroy))、Jan Šafránek ([jsafrane](https://github.com/jsafrane))、Jordan Liggitt ([liggitt](https://github.com/liggitt))、Michelle Au ([msau42](https://github.com/msau42))、Pengfei Ni ([feiskyer](https://github.com/feiskyer))、Saad Ali ([saad-ali](https://github.com/saad-ali))、Tim Hockin ([thockin](https://github.com/thockin))，以及 Yecheng Fu ([cofyc](https://github.com/cofyc))。
diff --git a/content/zh/blog/_posts/2018-10-15-steering-election-results.md b/content/zh/blog/_posts/2018-10-15-steering-election-results.md
new file mode 100644
index 0000000000000..8e7d5edf7e569
--- /dev/null
+++ b/content/zh/blog/_posts/2018-10-15-steering-election-results.md
@@ -0,0 +1,73 @@
+---
+layout: blog
+title: '2018 年督导委员会选举结果'
+date: 2018-10-15
+---
+<!--
+---
+layout: blog
+title: '2018 Steering Committee Election Results'
+date: 2018-10-15
+---
+-->
+
+<!-- **Authors**: Jorge Castro (Heptio), Ihor Dvoretskyi (CNCF), Paris Pittman (Google) -->
+**作者**: Jorge Castro (Heptio), Ihor Dvoretskyi (CNCF), Paris Pittman (Google)
+
+<!--
+## Results
+-->
+## 结果
+<!--
+The [Kubernetes Steering Committee Election](https://kubernetes.io/blog/2018/09/06/2018-steering-committee-election-cycle-kicks-off/) is now complete and the following candidates came ahead to secure two year terms that start immediately:
+-->
+[Kubernetes 督导委员会选举](https://kubernetes.io/blog/2018/09/06/2018-steering-committee-election-cycle-kicks-off/)现已完成，以下候选人获得了立即开始的两年任期：
+
+* Aaron Crickenberger, Google, [@spiffxp](https://github.com/spiffxp)
+* Davanum Srinivas, Huawei, [@dims](https://github.com/dims)
+* Tim St. Clair, Heptio, [@timothysc](https://github.com/timothysc)
+
+<!--
+## Big Thanks!
+-->
+## 十分感谢！
+
+<!-- 
+* Steering Committee Member Emeritus [Quinton Hoole](https://github.com/quinton-hoole) for his service to the community over the past year. We look forward to
+* The candidates that came forward to run for election. May we always have a strong set of people who want to push community forward like yours in every election.
+* All 307 voters who cast a ballot.
+* And last but not least...Cornell University for hosting [CIVS](https://civs.cs.cornell.edu/)! 
+-->
+* 督导委员会荣誉退休成员 [Quinton Hoole](https://github.com/quinton-hoole)，表扬他在过去一年为社区所作的贡献。我们期待着
+* 参加竞选的候选人。愿我们永远拥有一群强大的人，他们希望在每一次选举中都能像你们一样推动社区向前发展。
+* 共计 307 名选民参与投票。
+* 本次选举由康奈尔大学主办 [CIVS](https://civs.cs.cornell.edu/)！
+
+<!--
+## Get Involved with the Steering Committee
+-->
+## 加入督导委员会
+<!--
+You can follow along to Steering Committee [backlog items](https://git.k8s.io/steering/backlog.md) and weigh in by filing an issue or creating a PR against their [repo](https://github.com/kubernetes/steering). They meet bi-weekly on [Wednesdays at 8pm UTC](https://github.com/kubernetes/steering) and regularly attend Meet Our Contributors.
+-->
+你可以关注督导委员会的[任务清单](https://git.k8s.io/steering/backlog.md)，并通过向他们的[代码仓库](https://github.com/kubernetes/steering)提交 issue 或 PR 的方式来参与。他们也会在[UTC 时间每周三晚 8 点](https://github.com/kubernetes/steering)举行会议，并定期与我们的贡献者见面。
+
+<!--
+Steering Committee Meetings:
+-->
+督导委员会会议：
+
+* [YouTube 播放列表](https://www.youtube.com/playlist?list=PL69nYSiGNLP1yP1B_nd9-drjoxp0Q14qM)
+
+<!--
+Meet Our Contributors Steering AMA’s: 
+-->
+与我们的贡献者会面：
+
+<!--
+* [Oct  3 2018](https://youtu.be/x6Jm8p0K-IQ)
+* [Sept 5 2018](https://youtu.be/UbxWV12Or58)
+-->
+
+* [2018 年 10 月 3 日](https://youtu.be/x6Jm8p0K-IQ)
+* [2018 年 7 月 5 日](https://youtu.be/UbxWV12Or58)
diff --git a/content/zh/blog/_posts/2018-10-16-kubernetes-2018-north-american-contributor-summit.md b/content/zh/blog/_posts/2018-10-16-kubernetes-2018-north-american-contributor-summit.md
new file mode 100644
index 0000000000000..b504a5c6b6082
--- /dev/null
+++ b/content/zh/blog/_posts/2018-10-16-kubernetes-2018-north-american-contributor-summit.md
@@ -0,0 +1,118 @@
+---
+layout: "Blog"
+title: "Kubernetes 2018 年北美贡献者峰会"
+date: 2018-10-16    
+---
+<!--
+---
+layout: "Blog"
+title: "Kubernetes 2018 North American Contributor Summit"
+date: 2018-10-16    
+---
+-->
+<!--
+**Authors:**
+-->
+**作者：**
+<!--
+[Bob Killen][bob] (University of Michigan)
+[Sahdev Zala][sahdev] (IBM),
+[Ihor Dvoretskyi][ihor] (CNCF) 
+-->
+[Bob Killen][bob]（密歇根大学）
+[Sahdev Zala][sahdev]（IBM），
+[Ihor Dvoretskyi][ihor]（CNCF）
+
+<!--
+The 2018 North American Kubernetes Contributor Summit to be hosted right before
+[KubeCon + CloudNativeCon][kubecon] Seattle is shaping up to be the largest yet.
+-->
+2018 年北美 Kubernetes 贡献者峰会将在西雅图 [KubeCon + CloudNativeCon][kubecon] 会议之前举办，这将是迄今为止规模最大的一次盛会。
+<!--
+It is an event that brings together new and current contributors alike to
+connect and share face-to-face; and serves as an opportunity for existing
+contributors to help shape the future of community development. For new
+community members, it offers a welcoming space to learn, explore and put the
+contributor workflow to practice.
+-->
+这是一个将新老贡献者聚集在一起，面对面交流和分享的活动；并为现有的贡献者提供一个机会，帮助塑造社区发展的未来。它为新的社区成员提供了一个学习、探索和实践贡献工作流程的良好空间。
+
+<!--
+Unlike previous Contributor Summits, the event now spans two-days with a more
+relaxed ‘hallway’ track and general Contributor get-together to be hosted from
+5-8pm on Sunday December 9th at the [Garage Lounge and Gaming Hall][garage], just
+a short walk away from the Convention Center. There, contributors can enjoy
+billiards, bowling, trivia and more; accompanied by a variety of food and drink. 
+-->
+与之前的贡献者峰会不同，本次活动为期两天，有一个更为轻松的行程安排，一般贡献者将于 12 月 9 日（周日）下午 5 点至 8 点在距离会议中心仅几步远的 [Garage Lounge and Gaming Hall][garage] 举办峰会。在那里，贡献者也可以进行台球、保龄球等娱乐活动，而且还有各种食品和饮料。
+
+<!--
+Things pick up the following day, Monday the 10th with three separate tracks: 
+-->
+接下来的一天，也就是 10 号星期一，有三个独立的会议你可以选择参与：
+
+<!--
+### New Contributor Workshop:
+A half day workshop aimed at getting new and first time contributors onboarded
+and comfortable with working within the Kubernetes Community. Staying for the
+duration is required; this is not a workshop you can drop into. 
+-->
+### 新贡献者研讨会：
+
+为期半天的研讨会旨在让新贡献者加入社区，并营造一个良好的 Kubernetes 社区工作环境。
+请在开会期间保持在场，该讨论会不允许随意进出。
+
+<!--
+### Current Contributor Track:
+Reserved for those that are actively engaged with the development of the
+project; the Current Contributor Track includes Talks, Workshops, Birds of a
+Feather, Unconferences, Steering Committee Sessions, and more! Keep an eye on
+the [schedule in GitHub][schedule] as content is frequently being updated.
+-->
+### 当前贡献者追踪：
+
+保留给那些积极参与项目开发的贡献者；目前的贡献者追踪包括讲座、研讨会、聚会、Unconferences 会议、指导委员会会议等等!
+请留意 [GitHub 中的时间表][时间表]，因为内容经常更新。
+
+<!--
+### Docs Sprint:
+SIG-Docs will have a curated list of issues and challenges to be tackled closer
+to the event date.
+-->
+### Docs 冲刺：
+
+SIG-Docs 将在活动日期临近的时候列出一个需要处理的问题和挑战列表。
+
+<!--
+## To Register:
+To register for the Contributor Summit, see the [Registration section of the
+Event Details in GitHub][register]. Please note that registrations are being
+reviewed. If you select the “Current Contributor Track” and are not an active
+contributor, you will be asked to attend the New Contributor Workshop, or asked
+to be put on a waitlist. With thousands of contributors and only 300 spots, we
+need to make sure the right folks are in the room. 
+-->
+## 注册：
+
+要注册贡献者峰会，请参阅 Git Hub 上的[活动详情注册部分][注册]。请注意报名正在审核中。
+如果您选择了 “当前贡献者追踪”，而您却不是一个活跃的贡献者，您将被要求参加新贡献者研讨会，或者被要求进入候补名单。
+成千上万的贡献者只有 300 个位置，我们需要确保正确的人被安排席位。
+
+<!--
+If you have any questions or concerns, please don’t hesitate to reach out to
+the Contributor Summit Events Team at community@kubernetes.io.
+-->
+如果您有任何问题或疑虑，请随时通过 community@kubernetes.io 联系贡献者峰会组织团队。
+
+<!--
+Look forward to seeing everyone there!
+-->
+期待在那里看到每个人！
+
+[bob]: https://twitter.com/mrbobbytables
+[sahdev]: https://twitter.com/sp_zala
+[ihor]: https://twitter.com/idvoretskyi
+[kubecon]: https://events.linuxfoundation.org/events/kubecon-cloudnativecon-north-america-2018/
+[garage]: https://www.garagebilliards.com/
+[时间表]: https://git.k8s.io/community/events/2018/12-contributor-summit#agenda
+[注册]:  https://git.k8s.io/community/events/2018/12-contributor-summit#registration
diff --git a/content/zh/blog/_posts/2018-11-08-kubernetes-docs-update-i18n.md b/content/zh/blog/_posts/2018-11-08-kubernetes-docs-update-i18n.md
new file mode 100644
index 0000000000000..cf6d5e58cbd64
--- /dev/null
+++ b/content/zh/blog/_posts/2018-11-08-kubernetes-docs-update-i18n.md
@@ -0,0 +1,89 @@
+---
+layout: blog
+title: 'Kubernetes 文档更新，国际版'
+date: 2018-11-08
+---
+<!--
+---
+layout: blog
+title: 'Kubernetes Docs Updates, International Edition'
+date: 2018-11-08
+---
+-->
+
+<!-- **Author**: Zach Corleissen (Linux Foundation) -->
+**作者**：Zach Corleissen （Linux 基金会）
+
+<!-- As a co-chair of SIG Docs, I'm excited to share that Kubernetes docs have a fully mature workflow for localization (l10n).  -->
+作为文档特别兴趣小组（SIG Docs）的联合主席，我很高兴能与大家分享 Kubernetes 文档在本地化（l10n）方面所拥有的一个完全成熟的工作流。
+
+<!-- ## Abbreviations galore -->
+## 丰富的缩写
+
+<!-- L10n is an abbreviation for _localization_. -->
+L10n 是 _localization_ 的缩写。
+
+<!-- I18n is an abbreviation for _internationalization_.  -->
+I18n 是 _internationalization_ 的缩写。
+
+<!-- I18n is [what you do](https://www.w3.org/International/questions/qa-i18n) to make l10n easier. L10n is a fuller, more comprehensive process than translation (_t9n_). -->
+I18n 定义了[做什么](https://www.w3.org/International/questions/qa-i18n) 能让 l10n 更容易。而 L10n 更全面，相比翻译（ _t9n_ ）具备更完善的流程。
+
+<!-- ## Why localization matters -->
+## 为什么本地化很重要
+
+<!-- The goal of SIG Docs is to make Kubernetes easier to use for as many people as possible. -->
+SIG Docs 的目标是让 Kubernetes 更容易为尽可能多的人使用。
+
+<!-- One year ago, we looked at whether it was possible to host the output of a Chinese team working independently to translate the Kubernetes docs. After many conversations (including experts on OpenStack l10n), [much transformation](https://kubernetes.io/blog/2018/05/05/hugo-migration/), and [renewed commitment to easier localization](https://github.com/kubernetes/website/pull/10485), we realized that open source documentation is, like open source software, an ongoing exercise at the edges of what's possible. -->
+一年前，我们研究了是否有可能由一个独立翻译 Kubernetes 文档的中国团队来主持文档输出。经过多次交谈（包括 OpenStack l10n 的专家），[多次转变](https://kubernetes.io/blog/2018/05/05/hugo-migration/)，以及[重新致力于更轻松的本地化](https://github.com/kubernetes/website/pull/10485)，我们意识到，开源文档就像开源软件一样，是在可能的边缘不断进行实践。
+
+<!-- Consolidating workflows, language labels, and team-level ownership may seem like simple improvements, but these features make l10n scalable for increasing numbers of l10n teams. While SIG Docs continues to iterate improvements, we've paid off a significant amount of technical debt and streamlined l10n in a single workflow. That's great for the future as well as the present. -->
+整合工作流程、语言标签和团队级所有权可能看起来像是十分简单的改进，但是这些功能使 l10n 可以扩展到规模越来越大的 l10n 团队。随着 SIG Docs 不断改进，我们已经在单一工作流程中偿还了大量技术债务并简化了 l10n。这对未来和现在都很有益。
+
+<!-- ## Consolidated workflow -->
+## 整合的工作流程
+
+<!-- Localization is now consolidated in the [kubernetes/website](https://github.com/kubernetes/website) repository. We've configured the Kubernetes CI/CD system, [Prow](https://github.com/kubernetes/test-infra/tree/master/prow), to handle automatic language label assignment as well as team-level PR review and approval. -->
+现在，本地化已整合到 [kubernetes/website](https://github.com/kubernetes/website) 存储库。我们已经配置了 Kubernetes CI/CD 系统，[Prow](https://github.com/kubernetes/test-infra/tree/master/prow) 来处理自动语言标签分配以及团队级 PR 审查和批准。
+
+<!-- ### Language labels  -->
+### 语言标签
+
+<!-- Prow automatically applies language labels based on file path. Thanks to SIG Docs contributor [June Yi](https://github.com/kubernetes/test-infra/pull/9835), folks can also manually assign language labels in pull request (PR) comments. For example, when left as a comment on an issue or PR, this command assigns the label `language/ko` (Korean). -->
+Prow 根据文件路径自动添加语言标签。感谢 SIG Docs 贡献者 [June Yi](https://github.com/kubernetes/test-infra/pull/9835)，他让人们还可以在 pull request（PR）注释中手动分配语言标签。例如，当为 issue 或 PR 留下下述注释时，将为之分配标签 `language/ko`（Korean）。
+
+```
+/language ko
+```
+
+
+<!-- These repo labels let reviewers filter for PRs and issues by language. For example, you can now filter the k/website dashboard for [PRs with Chinese content](https://github.com/kubernetes/website/pulls?utf8=%E2%9C%93&q=is%3Aopen+is%3Apr+label%3Alanguage%2Fzh).   -->
+这些存储库标签允许审阅者按语言过滤 PR 和 issue。例如，您现在可以过滤 kubernetes/website 面板中[具有中文内容的 PR](https://github.com/kubernetes/website/pulls?utf8=%E2%9C%93&q=is%3Aopen+is%3Apr+label%3Alanguage%2Fzh)。
+
+<!-- ### Team review  -->
+### 团队审核
+
+<!-- L10n teams can now review and approve their own PRs. For example, review and approval permissions for English are [assigned in an OWNERS file](https://github.com/kubernetes/website/blob/master/content/en/OWNERS) in the top subfolder for English content.  -->
+L10n 团队现在可以审查和批准他们自己的 PR。例如，英语的审核和批准权限在位于用于显示英语内容的顶级子文件夹中的 [OWNERS 文件中指定](https://github.com/kubernetes/website/blob/master/content/en/OWNERS)。
+
+<!-- Adding `OWNERS` files to subdirectories lets localization teams review and approve changes without requiring a rubber stamp approval from reviewers who may lack fluency. -->
+将 `OWNERS` 文件添加到子目录可以让本地化团队审查和批准更改，而无需由可能并不擅长该门语言的审阅者进行批准。
+
+<!-- ## What's next -->
+## 下一步是什么
+
+<!-- We're looking forward to the [doc sprint in Shanghai](https://kccncchina2018english.sched.com/event/HVb2/contributor-summit-doc-sprint-additional-registration-required) to serve as a resource for the Chinese l10n team. -->
+我们期待着[上海的 doc sprint](https://kccncchina2018english.sched.com/event/HVb2/contributor-summit-doc-sprint-additional-registration-required) 能作为中国 l10n 团队的资源。
+
+<!-- We're excited to continue supporting the Japanese and Korean l10n teams, who are making excellent progress. -->
+我们很高兴继续支持正在取得良好进展的日本和韩国 l10n 队伍。
+
+<!-- If you're interested in localizing Kubernetes for your own language or region, check out our [guide to localizing Kubernetes docs](https://kubernetes.io/docs/contribute/localization/) and reach out to a [SIG Docs chair](https://github.com/kubernetes/community/tree/master/sig-docs#leadership) for support. -->
+如果您有兴趣将 Kubernetes 本地化为您自己的语言或地区，请查看我们的[本地化 Kubernetes 文档指南](https://kubernetes.io/docs/contribute/localization/)，并联系 [SIG Docs 主席团](https://github.com/kubernetes/community/tree/master/sig-docs#leadership)获取支持。
+
+<!-- ### Get involved with SIG Docs  -->
+### 加入SIG Docs
+
+<!-- If you're interested in Kubernetes documentation, come to a SIG Docs [weekly meeting](https://github.com/kubernetes/community/tree/master/sig-docs#meetings), or join [#sig-docs in Kubernetes Slack](https://kubernetes.slack.com/messages/C1J0BPD2M/details/). -->
+如果您对 Kubernetes 文档感兴趣，请参加 SIG Docs [每周会议](https://github.com/kubernetes/community/tree/master/sig-docs#meetings)，或在 [Kubernetes Slack 加入 #sig-docs](https://kubernetes.slack.com/messages/C1J0BPD2M/details/)。
diff --git a/content/zh/blog/_posts/2018-12-05-new-contributor-shanghai.md b/content/zh/blog/_posts/2018-12-05-new-contributor-shanghai.md
index 4ad2391ace85d..bf57259f549bd 100644
--- a/content/zh/blog/_posts/2018-12-05-new-contributor-shanghai.md
+++ b/content/zh/blog/_posts/2018-12-05-new-contributor-shanghai.md
@@ -3,7 +3,7 @@ layout: blog
 title: '新贡献者工作坊上海站'
 date: 2018-12-05
 ---
-
+ 
 <!-- 
 ---
 layout: blog
diff --git a/content/zh/case-studies/_index.html b/content/zh/case-studies/_index.html
index 4e74f0cbec244..12823ae1a1708 100644
--- a/content/zh/case-studies/_index.html
+++ b/content/zh/case-studies/_index.html
@@ -1,23 +1,21 @@
----
-title: 案例研究
-linkTitle: 案例研究
-bigheader: Kubernetes 用户案例研究
-abstract: 在生产环境中运行 Kubernetes 的用户集合。
-layout: basic
-class: gridPage
-cid: caseStudies
----
-
-<!--
-
----
-title: Case Studies
-linkTitle: Case Studies
-bigheader: Kubernetes User Case Studies
-abstract: A collection of users running Kubernetes in production.
-layout: basic
-class: gridPage
-cid: caseStudies
----
-
--->
+---
+title: 案例分析
+linkTitle: 案例分析
+bigheader: Kubernetes 用户案例分析
+abstract: 在生产环境下使用 Kubernetes 的案例集
+layout: basic
+class: gridPage
+cid: caseStudies
+---
+
+<!--
+---
+title: Case Studies
+linkTitle: Case Studies
+bigheader: Kubernetes User Case Studies
+abstract: A collection of users running Kubernetes in production.
+layout: basic
+class: gridPage
+cid: caseStudies
+---
+-->
diff --git a/content/zh/case-studies/buffer/buffer_featured.png b/content/zh/case-studies/buffer/buffer_featured.png
new file mode 100644
index 0000000000000..cd6aaba4ca6a0
Binary files /dev/null and b/content/zh/case-studies/buffer/buffer_featured.png differ
diff --git a/content/zh/case-studies/buffer/buffer_logo.png b/content/zh/case-studies/buffer/buffer_logo.png
new file mode 100644
index 0000000000000..1b4b3b7e525d0
Binary files /dev/null and b/content/zh/case-studies/buffer/buffer_logo.png differ
diff --git a/content/zh/case-studies/buffer/index.html b/content/zh/case-studies/buffer/index.html
new file mode 100644
index 0000000000000..58bb793dea573
--- /dev/null
+++ b/content/zh/case-studies/buffer/index.html
@@ -0,0 +1,157 @@
+---
+title: 案例研究：Buffer
+
+case_study_styles: true
+cid: caseStudies
+css: /css/style_buffer.css
+---
+
+<!-- <div class="banner1">
+  <h1>CASE STUDY: <img src="/images/buffer.png" width="18%" style="margin-bottom:-5px;margin-left:10px;"><br>
+  <div class="subhead">Making Deployments Easy for a Small, Distributed Team</div>
+</h1>
+</div> -->
+<div class="banner1">
+  <h1>案例研究: <img src="/images/buffer.png" width="18%" style="margin-bottom:-5px;margin-left:10px;"><br>
+  <div class="subhead">使小型分布式团队轻松部署</div>
+</h1>
+</div>
+
+<!-- <div class="details">
+    Company&nbsp;<b>Buffer</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>Around the World</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Social Media Technology</b>
+</div> -->
+<div class="details">
+    公司&nbsp;<b>Buffer</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;位置 &nbsp;<b>全球</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>社交媒体技术公司</b>
+</div>
+
+<hr>
+
+<section class="section1">
+  <div class="cols">
+    <div class="col1">
+
+<!-- <h2>Challenge</h2>
+With a small but fully distributed team of 80 working across almost a dozen time zones, Buffer—which offers social media management to agencies and marketers—was looking to solve its "classic monolithic code base problem," says Architect Dan Farrelly. "We wanted to have the kind of liquid infrastructure where a developer could create an app and deploy it and scale it horizontally as&nbsp;necessary." -->
+<h2>挑战</h2>
+  Buffer 拥有一支80人的分布式团队，他们遍布全球近十几个时区。这样一个为代理商和营销人员提供社交媒体管理的公司，希望解决其“典型的单一庞大编码基数问题”，架构师 Dan Farrelly 这样说。“我们希望拥有一种流动性的基础架构，开发人员可以创建一个应用程序，可以根据需要部署并横向扩展它”。
+</div>
+
+<div class="col2">
+  <!-- <h2>Solution</h2>
+      Embracing containerization, Buffer moved its infrastructure from Amazon Web Services’ Elastic Beanstalk to Docker on AWS, orchestrated with&nbsp;Kubernetes. -->
+<h2>解决方案</h2>
+拥抱容器化，Buffer 将其基础设施从 AWS 上的 Elastic Beanstalk 迁移到由 Kubernetes 负责编排的 Docker 上。
+      <br>
+      <br>
+<!-- <h2>Impact</h2>
+      The new system "leveled up our ability with deployment and rolling out new changes," says Farrelly. "Building something on your computer and knowing that it’s going to work has shortened things up a lot. Our feedback cycles are a lot faster now&nbsp;too." -->
+<h2>影响</h2>
+Farrelly 说，新系统“提高了我们将新变化进行部署和上线的能力”。“在自己的计算机上构建一些东西，并且知道它是可用的，这已经让事情简单了很多；而且我们的反馈周期现在也快了很多。”
+</div>
+</div>
+</section>
+
+<div class="banner2">
+  <div class="banner2text">
+    <!-- "It’s amazing that we can use the Kubernetes solution off the shelf with our team. And it just keeps getting better. Before we even know that we need something, it’s there in the next release or it’s coming in the next few months."<br><br><span style="font-size:16px;letter-spacing:2px;">- DAN FARRELLY, BUFFER ARCHITECT</span> -->
+“我们的团队能够直接使用既有的 Kubernetes 解决方案，这太棒了，而且它还在不断改进中。在意识到我们需要某些功能之前，它就出现在下一个版本中，或者在未来几个月内出现。<br><br><span style="font-size:16px;letter-spacing:2px;">- DAN FARRELLY, BUFFER ARCHITECT</span>
+  </div>
+</div>
+
+<section class="section2">
+<div class="fullcol">
+<!-- <h2>Dan Farrelly uses a carpentry analogy to explain the problem his company, <a href="https://buffer.com">Buffer</a>, began having as its team of developers grew over the past few years.</h2> -->
+<h2>Dan Farrelly 用木工类比来解释他的公司<a href="https://buffer.com"> Buffer </a>，随着过去几年的发展，公司开始有这个问题。</h2>
+
+<!-- "If you’re building a table by yourself, it’s fine," the company’s architect says. "If you bring in a second person to work on the table, maybe that person can start sanding the legs while you’re sanding the top. But when you bring a third or fourth person in, someone should probably work on a different table." Needing to work on more and more different tables led Buffer on a path toward microservices and containerization made possible by Kubernetes. -->
+“如果你自己做一张桌子，这很好！”公司的架构师说。“如果你请另一个人一起来做这个桌子，也许这个人可以在你抛光桌面时开始对腿进行抛光。但是，当你把第三个或第四个人带进来时，有人也许应该在另外一张桌子上工作。”需要处理越来越多不同的桌子，使 Buffer 走上了 Kubernetes 实现微服务和容器化的道路。
+<br><br>
+<!-- Since around 2012, Buffer had already been using <a href="https://aws.amazon.com/elasticbeanstalk/">Elastic Beanstalk</a>, the orchestration service for deploying infrastructure offered by <a href="https://aws.amazon.com">Amazon Web Services</a>. "We were deploying a single monolithic <a href="http://php.net/manual/en/intro-whatis.php">PHP</a> application, and it was the same application across five or six environments," says Farrelly. "We were very much a product-driven company.  -->
+自2012年左右以来，Buffer 开始使用<a href="https://aws.amazon.com/elasticbeanstalk/"> Elastic Beanstalk </a>,这是<a href="https://aws.amazon.com">亚马逊网络服务</a>提供的网络基础设施编排服务。“我们部署了一个单一的<a href="http://php.net/manual/en/intro-whatis.php">PHP</a>应用程序,它是在五六个环境中相同的应用程序，”Farrelly 说。“我们在很大程度上是一家产品驱动型的公司。”
+<!-- It was all about shipping new features quickly and getting things out the door, and if something was not broken, we didn’t spend too much time on it. If things were getting a little bit slow, we’d maybe use a faster server or just scale up one instance, and it would be good enough. We’d move on." -->
+这一切都是为了尽快给应用推出新功能并进行交付，如果能够正常运行，我们就不会花太多时间在上面。如果产品变得有点慢，我们可能会使用更快的服务器或只是增加一个实例，这些就已经足够了。然后继续前进。
+<br><br>
+<!-- But things came to a head in 2016. With the growing number of committers on staff, Farrelly and Buffer’s then-CTO, Sunil Sadasivan, decided it was time to re-architect and rethink their infrastructure. "It was a classic monolithic code base problem," says Farrelly.<br><br>Some of the company’s team was already successfully using <a href="https://www.docker.com">Docker</a> in their development environment, but the only application running on Docker in production was a marketing website that didn’t see real user traffic. They wanted to go further with Docker, and the next step was looking at options for&nbsp;orchestration. -->
+但事情在2016年就到了头。随着应用提交修改的数量不断增加，Farrelly 和 Buffer 当时的首席技术官 Sunil Sadasivan 决定,是重新思考和构建其基础架构的时候了。“这是一个典型的单一庞大编码基数问题，”Farrelly说。公司的一些团队已经在开发环境中成功使用<a href="https://www.docker.com">Docker</a>，但在生产环境中，运行在 Docker 上的唯一应用程序是一个看不到真实用户流量的营销网站。他们希望在使用 Docker 上更进一步,下一步是寻找业务流程的选项。
+</div>
+</section>
+
+<div class="banner3">
+  <div class="banner3text">
+<!-- And all the things Kubernetes did well suited Buffer’s needs. "We wanted to have the kind of liquid infrastructure where a developer could create an app and deploy it and scale it horizontally as necessary," says Farrelly. "We quickly used some scripts to set up a couple of test clusters, we built some small proof-of-concept applications in containers, and we deployed things within an hour. We had very little experience in running containers in production. It was amazing how quickly we could get a handle on it&nbsp;[Kubernetes]." -->
+Kubernetes 所做的所有事情都很好地适应了 Buffer 的需求。Farrelly 说：“我们希望拥有一种流动基础架构，开发人员可以创建一个应用程序，并在必要时部署并进行水平扩展。”“我们很快就使用一些脚本来设置几个测试集群，在容器中构建了一些小的概念性验证应用程序，并在一小时内部署了这些内容。我们在生产中运行容器方面经验很少。令人惊奇的是，我们能很快地用 Kubernetes 来处理。”
+  </div>
+</div>
+
+<section class="section3">
+<div class="fullcol">
+    <!-- First they considered <a href="https://mesosphere.com">Mesosphere</a>, <a href="https://dcos.io">DC/OS</a> and <a href="https://aws.amazon.com/ecs/">Amazon Elastic Container Service</a> (which their data systems team was already using for some data pipeline jobs). While they were impressed by these offerings, they ultimately went with Kubernetes. -->
+首先，他们考虑了<a href="https://mesosphere.com">Mesosphere</a>、<a href="https://dcos.io">DC/OS</a>和<a href="https://aws.amazon.com/ecs/">Amazon Elastic Container Service</a>(他们的数据系统团队已经将其用于某些数据管道作业)。虽然他们对这些产品印象深刻，但他们最终还是与 Kubernetes 合作。
+ <!-- "We run on AWS still, so spinning up, creating services and creating load balancers on demand for us without having to configure them manually was a great way for our team to get into this," says Farrelly. "We didn’t need to figure out how to configure this or that, especially coming from a former Elastic Beanstalk environment that gave us an automatically-configured load balancer. I really liked Kubernetes’ controls of the command line. It just took care of ports. It was a lot more flexible. Kubernetes was designed for doing what it does, so it does it very well." -->
+Farrelly 说：“我们的应用仍在 AWS 上运行，但是我们的团队通过 Kubernetes 无需手动配置即可创建服务并按需创建负载均衡器，这是使用 Kubernetes 的最佳入门体验。”“我们不需要考虑如何配置这个或那个,特别是相较于以前的 Elastic Beanstalk 环境，它为我们提供了一个自动配置的负载均衡器。我真的很喜欢 Kubernetes 对命令行的控制，只需要对端口进行配置，这样更加灵活。Kubernetes 是为做它所做的事情而设计的,所以它做得非常好。”
+<br><br>
+    <!-- And all the things Kubernetes did well suited Buffer’s needs. "We wanted to have the kind of liquid infrastructure where a developer could create an app and deploy it and scale it horizontally as necessary," says Farrelly. "We quickly used some scripts to set up a couple of test clusters, we built some small proof-of-concept applications in containers, and we deployed things within an hour. We had very little experience in running containers in production. It was amazing how quickly we could get a handle on it [Kubernetes]." -->
+Kubernetes 所做的所有事情都很好地适应了 Buffer 的需求。Farrelly 说：“我们希望拥有一种流动基础架构，开发人员可以创建一个应用程序，并在必要时部署并进行水平扩展。”“我们很快就使用一些脚本来设置几个测试集群，在容器中构建了一些小的概念性验证应用程序，并在一小时内部署了这些内容。我们在生产中运行容器方面经验很少。令人惊奇的是,我们能很快地用 Kubernetes 来处理。”
+<br><br>
+    <!-- Above all, it provided a powerful solution for one of the company’s most distinguishing characteristics: their remote team that’s spread across a dozen different time zones. "The people with deep knowledge of our infrastructure live in time zones different from our peak traffic time zones, and most of our product engineers live in other places," says Farrelly. "So we really wanted something where anybody could get a grasp of the system early on and utilize it, and not have to worry that the deploy engineer is asleep. Otherwise people would sit around for 12 to 24 hours for something. It’s been really cool to see people moving much faster." -->
+最重要的是，它为公司最显著的特征之一提供了强大的解决方案：他们的远程团队分布在十几个不同的时区。Farrelly 说：“对我们的基础设施有深入了解的人生活在不同于我们相对集中的时区，而我们的大部分产品工程师都住在其他地方。”“因此，我们确实希望有人能够尽早掌握这套系统并利用好它，而不必担心部署工程师正在睡觉。否则，人们会为了一些东西必须得等待12到24小时左右。看到人们前进得更快，这真的很酷。”
+    <br><br>
+    <!-- With a relatively small engineering team—just 25 people, and only a handful working on infrastructure, with the majority front-end developers—Buffer needed "something robust for them to deploy whatever they wanted," says Farrelly. Before, "it was only a couple of people who knew how to set up everything in the old way. With this system, it was easy to review documentation and get something out extremely quickly. It lowers the bar for us to get everything in production. We don't have the big team to build all these tools or manage the infrastructure like other larger companies&nbsp;might." -->
+Farrelly 说，Buffer 拥有相对较小的工程团队，只有 25 人，只有少数人从事基础设施工作，大多数前端开发人员都需要“一些强大的配置能力，以便部署任何他们想要的内容。”以前，“只有几个人知道如何用旧的方式设置一切。有了这个系统，审查文档变得很容易，并且能很快地看到效果。它降低了我们获取在开发环境中所需要一切的门槛。因为我们团队的人数不足以来构建所有这些工具或像其他大公司那样管理基础架构。”
+</div>
+</section>
+
+<div class="banner4">
+  <div class="banner4text">
+    <!-- "In our old way of working, the feedback loop was a lot longer, and it was delicate because if you deployed something, the risk was high to potentially break something else," Farrelly says. "With the kind of deploys that we built around Kubernetes, we were able to detect bugs and fix them, and get them deployed super fast. The second someone is fixing [a bug], it’s out the&nbsp;door." -->
+Farrelly 说：“在我们以往的工作方式中，反馈循环流程要长得多，而且很微妙，因为如果你部署了某些东西，就存在破坏其他东西的风险。”“我们通过围绕 Kubernetes 构建的部署类型，能够及时检测 Bug 并修复它们，并使其部署得超快。这一秒正在修复漏洞，不一会就上线运行了。”
+  </div>
+</div>
+
+<section class="section4">
+<div class="fullcol">
+    <!-- To help with this, Buffer developers wrote a deploy bot that wraps the Kubernetes deploy process and can be used by every team. "Before, our data analysts would update, say, a <a href="https://www.python.org">Python</a> analysis script and have to wait for the lead on that team to click the button and deploy it," Farrelly explains. "Now our data analysts can make a change, enter a <a href="https://slack.com">Slack</a> command, ‘/deploy,’ and it goes out instantly. They don’t need to wait on these slow turnaround times. They don’t even know where it’s running; it doesn’t matter." -->
+为了帮助解决这一问题，Buffer 开发人员编写了一个部署机器人，该机器人包装了 Kubernetes 部署过程，并且每个团队都可以使用。”“以前,我们的数据分析师会更新<a href="https://www.python.org"> Python </a>分析脚本，并且必须等待该团队的主管单击该按钮并部署它，”Farrelly 解释道。“现在，我们的数据分析师可以进行更改，输入<a href="https://slack.com"> Slack </a>命令，‘/deploy’,它会立即进行部署。他们不需要等待这些缓慢的周转时间，他们甚至不知道它在哪里运行。这些都不重要了。
+    <br><br>
+    <!-- One of the first applications the team built from scratch using Kubernetes was a new image resizing service. As a social media management tool that allows marketing teams to collaborate on posts and send updates across multiple social media profiles and networks, Buffer has to be able to resize photographs as needed to meet the varying limitations of size and format posed by different social networks. "We always had these hacked together solutions," says Farrelly. -->
+团队使用 Kubernetes 从头开始构建的第一个应用程序是一种新的图像大小调整服务。作为一种社交媒体管理工具，它允许营销团队通过发帖进行协作，并通过多个社交媒体配置文件和网络发送更新，Buffer 必须能够根据需要调整照片的大小，以满足不同的社交网络。Farrelly 说：“我们一直有这些拼凑在一起的解决方案。”
+    <br><br>
+    <!-- To create this new service, one of the senior product engineers was assigned to learn Docker and Kubernetes, then build the service, test it, deploy it and monitor it—which he was able to do relatively quickly. "In our old way of working, the feedback loop was a lot longer, and it was delicate because if you deployed something, the risk was high to potentially break something else," Farrelly says. "With the kind of deploys that we built around Kubernetes, we were able to detect bugs and fix them, and get them deployed super fast. The second someone is fixing [a bug], it’s out the door." -->
+为了创建这项新服务，一位高级产品工程师被指派学习 Docker 和 Kubernetes，然后构建服务、测试、部署和监视服务，他能够相对快速地完成该服务。Farrelly说：“在我们以往的工作方式中，反馈循环流程要长得多，而且很微妙，因为如果你部署了某些东西，就存在破坏其他东西的风险。”“我们通过围绕 Kubernetes 构建的部署类型，能够及时检测 Bug 并修复它们，并使其部署得超快。这一秒正在修复漏洞,不一会就上线运行了。”
+    <br><br>
+    <!-- Plus, unlike with their old system, they could scale things horizontally with one command. "As we rolled it out," Farrelly says, "we could anticipate and just click a button. This allowed us to deal with the demand that our users were placing on the system and easily scale it to handle it." -->
+此外，与旧系统不同，他们只需一个命令就可以水平缩放内容。“当我们推出它,”Farrelly说，“我们可以预测，只需点击一个按钮。这使我们能够处理用户对系统的需求,并轻松扩展以处理它。”
+    <br><br>
+    <!-- Another thing they weren’t able to do before was a canary deploy. This new capability "made us so much more confident in deploying big changes," says Farrelly. "Before, it took a lot of testing, which is still good, but it was also a lot of ‘fingers crossed.’ And this is something that gets run 800,000 times a day, the core of our business. If it doesn’t work, our business doesn’t work. In a Kubernetes world, I can do a canary deploy to test it for 1 percent and I can shut it down very quickly if it isn’t working. This has leveled up our ability to deploy and roll out new changes quickly while reducing&nbsp;risk." -->
+他们以前不能做的另外一件事是金丝雀部署。Farrelly说，这种新功能“使我们在部署重大变革方面更加自信。”“以前，虽然进行很多测试但仍表现不错，但它也存在很多‘手指交叉’。这是每天运行 800000 次的东西，这是我们业务的核心。如果它不工作，我们的业务也无法运行。在 Kubernetes 世界中，我可以执行金丝雀部署以测试 1%，如果它不工作，我可以很快将其关闭。这使我们在快速部署和推出新更改的同时降低风险的能力得到了提高。”
+
+</div>
+</section>
+
+<div class="banner5">
+  <div class="banner5text">
+    <!-- "If you want to run containers in production, with nearly the power that Google uses internally, this [Kubernetes] is a great way to do that," Farrelly says. "We’re a relatively small team that’s actually running Kubernetes, and we’ve never run anything like it before. So it’s more approachable than you might think. That’s the one big thing that I tell people who are experimenting with it. Pick a couple of things, roll it out, kick the tires on this for a couple of months and see how much it can handle. You start learning a lot this&nbsp;way." -->
+Farrelly 说：“如果你想在生产中运行容器，拥有像谷歌内部使用的那种效果，那么 Kubernetes 就是一个很好的方法。”“我们是一个相对较小的团，实际上运行 Kubernetes，我们之前从来没来做过这样的事情。因此，它比你想象的更容易上手，这正是我想要告诉正在尝试使用它的人们的一件很重要的事。挑几个应用,把它们准备好,在机器上运行几个月,看看它能处理的怎么样。通过这种方式你可以学到很多东西。”
+  </div>
+</div>
+
+<section class="section5">
+<div class="fullcol">
+    <!-- By October 2016, 54 percent of Buffer’s traffic was going through their Kubernetes cluster. "There’s a lot of our legacy functionality that still runs alright, and those parts might move to Kubernetes or stay in our old setup forever," says Farrelly. But the company made the commitment at that time that going forward, "all new development, all new features, will be running on Kubernetes." -->
+到 2016 年 10 月，Buffer 54% 的流量都通过其 Kubernetes 集群。Farrelly 说：“我们很多传统功能仍然运行正常，这些部分可能会转移到 Kubernetes 或永远留在我们的旧设置中。”但该公司当时承诺，“所有新的开发，所有新功能,将在Kubernetes上运行。”
+    <br><br>
+    <!-- The plan for 2017 is to move all the legacy applications to a new Kubernetes cluster, and run everything they’ve pulled out of their old infrastructure, plus the new services they’re developing in Kubernetes, on another cluster. "I want to bring all the benefits that we’ve seen on our early services to everyone on the team," says Farrelly. -->
+2017年计划是将所有旧应用程序迁移到新的 Kubernetes 集群，并运行他们从旧基础架构中撤出的所有内容，以及他们正在另一个 Kubernetes 集群上开发的新服务。Farrelly 说：“我想为团队中的每个人带来我们早期服务的所有好处。”
+    <br><br>
+    <h2>
+<!-- For Buffer’s engineers, it’s an exciting process. "Every time we’re deploying a new service, we need to figure out: OK, what’s the architecture? How do these services communicate? What’s the best way to build this service?" Farrelly says. "And then we use the different features that Kubernetes has to glue all the pieces together. It’s enabling us to experiment as we’re learning how to design a service-oriented architecture. Before, we just wouldn’t have been able to do it. This is actually giving us a blank white board so we can do whatever we want on it." -->
+对于 Buffer 的工程师来说，这是一个令人兴奋的过程。“每次部署新服务时，我们都需要弄清楚:好的，体系结构是什么？这些服务如何沟通？构建此服务的最佳方式是什么？”Farrelly说。“然后，我们使用 Kubernetes 的特性将所有部分聚合到一起。在学习如何设计面向服务的体系结构时，它使我们能够进行试验。以前，我们只是不能做到这一点。这实际上给了我们一个空白的白板，所以我们可以做任何我们想要的。”
+    </h2>
+    <!-- Part of that blank slate is the flexibility that Kubernetes offers should the time come when Buffer may want or need to change its cloud. "It’s cloud agnostic so maybe one day we could switch to Google or somewhere else," Farrelly says. "We’re very deep in Amazon but it’s nice to know we could move away if we need to." -->
+部分空白是 Kubernetes 提供的灵活性，如果某一天 Buffer 可能想要或需要改变他的云服务。“这是与云无关的，所以也许有一天我们可以切换到谷歌或其他地方，”Farrelly 说。“我们非常依赖亚马逊的基础服务，但很高兴知道，如果我们需要的话，我们可以搬走。”
+    <br><br>
+    <!-- At this point, the team at Buffer can’t imagine running their infrastructure any other way—and they’re happy to spread the word. "If you want to run containers in production, with nearly the power that Google uses internally, this [Kubernetes] is a great way to do that," Farrelly says. "We’re a relatively small team that’s actually running Kubernetes, and we’ve never run anything like it before. So it’s more approachable than you might think. That’s the one big thing that I tell people who are experimenting with it. Pick a couple of things, roll it out, kick the tires on this for a couple of months and see how much it can handle. You start learning a lot this&nbsp;way." -->
+此时，Buffer 团队无法想象以任何其他方式运行其基础结构，他们很乐意传播这一信息。Farrelly 说：“如果你想在生产中运行容器，拥有像谷歌内部使用的那种效果，那么 Kubernetes 就是一个很好的方法。”“我们是一个相对较小的团队，实际上运行 Kubernetes，我们之前从来没来做过这样的事情。因此，它比你想象的更容易上手，这正是我想要告诉正在尝试使用它的人们的一件很重要的事。挑几个应用，把它们准备好，在机器上运行几个月，看看它能处理的怎么样。通过这种方式你可以学到很多东西。”
+  <br><br>
+</div>
+</section>
diff --git a/content/zh/case-studies/ccp-games/ccp_logo.png b/content/zh/case-studies/ccp-games/ccp_logo.png
new file mode 100644
index 0000000000000..cbf3d267ba8dd
Binary files /dev/null and b/content/zh/case-studies/ccp-games/ccp_logo.png differ
diff --git a/content/zh/case-studies/ccp-games/index.html b/content/zh/case-studies/ccp-games/index.html
new file mode 100644
index 0000000000000..8867cbb323442
--- /dev/null
+++ b/content/zh/case-studies/ccp-games/index.html
@@ -0,0 +1,4 @@
+---
+title: CCP Games
+content_url: https://cloud.google.com/customers/ccp-games/
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/goldman-sachs/gs_logo.png b/content/zh/case-studies/goldman-sachs/gs_logo.png
new file mode 100644
index 0000000000000..5cc8c14566ae5
Binary files /dev/null and b/content/zh/case-studies/goldman-sachs/gs_logo.png differ
diff --git a/content/zh/case-studies/goldman-sachs/index.html b/content/zh/case-studies/goldman-sachs/index.html
new file mode 100644
index 0000000000000..93d3022d12440
--- /dev/null
+++ b/content/zh/case-studies/goldman-sachs/index.html
@@ -0,0 +1,4 @@
+---
+title: Goldman Sachs
+content_url: http://blogs.wsj.com/cio/2016/02/24/big-changes-in-goldmans-software-emerge-from-small-containers/
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/huawei/huawei_featured.png b/content/zh/case-studies/huawei/huawei_featured.png
new file mode 100644
index 0000000000000..22071b4691e38
Binary files /dev/null and b/content/zh/case-studies/huawei/huawei_featured.png differ
diff --git a/content/zh/case-studies/huawei/huawei_logo.png b/content/zh/case-studies/huawei/huawei_logo.png
new file mode 100644
index 0000000000000..94361a27eb5af
Binary files /dev/null and b/content/zh/case-studies/huawei/huawei_logo.png differ
diff --git a/content/zh/case-studies/huawei/index.html b/content/zh/case-studies/huawei/index.html
new file mode 100644
index 0000000000000..cfd2f562b6711
--- /dev/null
+++ b/content/zh/case-studies/huawei/index.html
@@ -0,0 +1,433 @@
+---
+title: 华为案例分析
+
+case_study_styles: true
+cid: caseStudies
+css: /css/style_huawei.css
+---
+
+<!--
+---
+title: Huawei Case Study
+
+case_study_styles: true
+cid: caseStudies
+css: /css/style_huawei.css
+---
+-->
+
+<div class="banner1">
+  <h1> 案例分析：<img src="/images/huawei_logo.png" class="header_logo"><br> <div class="subhead">以用户和供应商身份拥抱云原生</div></h1>
+  <!--
+  <h1> CASE STUDY:<img src="/images/huawei_logo.png" class="header_logo"><br> <div class="subhead">Embracing Cloud Native as a User – and a Vendor</div></h1>
+  -->
+</div>
+
+<div class="details">
+    公司 &nbsp;<b>华为</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;地点 &nbsp;<b>中国深圳</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;产业 &nbsp;<b>通信设备</b>
+    <!--
+    Company &nbsp;<b>Huawei</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>Shenzhen, China</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Telecommunications Equipment</b>
+    -->
+</div>
+
+<hr>
+
+<section class="section1">
+
+<div class="cols">
+  <div class="col1">
+    <h2>挑战</h2>
+    <!--
+    <h2>Challenge</h2>
+    -->
+      华为是世界上最大的电信设备制造商，拥有超过 18 万名员工。
+      <!--
+      A multinational company that’s the largest telecommunications equipment manufacturer in the world, 
+      Huawei has more than 180,000 employees. 
+      -->
+
+      为了支持华为在全球的快速业务发展，<a href="http://www.huawei.com/">华为</a>内部 IT 部门有 8 个数据中心，
+      这些数据中心在 100K+ VMs 上运行了 800 多个应用程序，服务于这 18 万用户。
+      <!--
+      In order to support its fast business development around the globe, 
+      <a href="http://www.huawei.com/">Huawei</a> has eight data centers for its internal I.T. department,
+      which have been running 800+ applications in 100K+ VMs to serve these 180,000 users. 
+      -->
+
+      随着新应用程序的快速增长，基于 VM 的应用程序的管理和部署的成本和效率都成为业务敏捷性的关键挑战。
+      <!--
+      With the rapid increase of new applications, the cost and efficiency of management and 
+      deployment of VM-based apps all became critical challenges for business agility.
+      -->
+
+      该公司首席软件架构师、开源社区总监侯培新表示：
+      “这是一个超大的分布式系统，因此我们发现，以更一致的方式管理所有任务始终是一个挑战。
+      我们希望进入一种更敏捷、更得体的实践”。
+      <!--
+      "It’s very much a distributed system so we found that managing all of the tasks 
+      in a more consistent way is always a challenge," says Peixin Hou, 
+      the company’s Chief Software Architect and Community Director for Open Source. 
+      "We wanted to move into a more agile and decent practice."  
+      -->
+
+  </div>
+
+<div class="col2">
+  <h2>解决方案</h2>
+  <!--
+  <h2>Solution</h2>
+  -->
+      在决定使用容器技术后，华为开始将内部 IT 部门的应用程序迁移到<a href="http://kubernetes.io/"> Kubernetes </a>上运行。
+      到目前为止，大约 30% 的应用程序已经转移为云原生程序。
+      <!--
+      After deciding to use container technology, Huawei began moving the internal I.T. department’s applications 
+      to run on <a href="http://kubernetes.io/">Kubernetes</a>.
+      So far, about 30 percent of these applications have been transferred to cloud native.  
+      -->
+<br>
+<br>
+<h2>影响</h2>
+<!--
+<h2>Impact</h2>  
+-->
+      “到 2016 年底，华为的内部 IT 部门使用基于 Kubernetes 的平台即服务（PaaS）解决方案管理了 4000 多个节点和数万个容器。
+      全局部署周期从一周缩短到几分钟，应用程序交付效率提高了 10 倍”。
+      <!--
+       "By the end of 2016, Huawei’s internal I.T. department managed more than 4,000 nodes with tens of thousands containers 
+       using a Kubernetes-based Platform as a Service (PaaS) solution," says Hou.
+       "The global deployment cycles decreased from a week to minutes, and the efficiency of application delivery has been improved 10 fold."
+      -->
+
+      对于底线，侯培新表示，“我们还看到运营开支大幅削减，在某些情况下可削减 20% 到 30%，我们认为这对我们的业务非常有帮助”。
+      <!--
+      For the bottom line, he says, "We also see significant operating expense spending cut, in some circumstances 20-30 percent, 
+      which we think is very helpful for our business."
+      -->
+      
+      这里给出一些华为内部结果资料、外部需求，也是公司的技术包装产品<a href="http://developer.huawei.com/ict/en/site-paas"> FusionStage™ </a>，
+      它被作为一套 PaaS 解决方案提供给其客户。
+      <!--
+      Given the results Huawei has had internally – and the demand it is seeing externally – the company has also built the technologies 
+      into <a href="http://developer.huawei.com/ict/en/site-paas">FusionStage™</a>, the PaaS solution it offers its customers. 
+      -->
+</div>
+
+</div>
+
+</section>
+
+<div class="banner2">
+  <div class="banner2text">
+    “如果你是一个供应商，为了说服你的客户，你应该自己使用它。
+    幸运的是，因为华为有很多员工，我们可以利用这种技术来展示我们所能构建的云的规模。”
+    <!--
+    "If you’re a vendor, in order to convince your customer, you should use it yourself. 
+    Luckily because Huawei has a lot of employees, 
+    we can demonstrate the scale of cloud we can build using this technology."
+    -->
+
+    <br style="height:25px">
+    <span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;">
+        <br>- 侯培新，首席软件架构师、开源社区总监
+        <!--
+        <br>- Peixin Hou, chief software architect and community director for open source
+        -->
+    </span>  
+  </div>
+</div>
+
+<section class="section2">
+
+<div class="fullcol">
+    华为的 Kubernetes 之旅始于一位开发者。
+    <!--
+    Huawei’s Kubernetes journey began with one developer. 
+    -->
+
+    两年前，这家网络和电信巨头雇佣的一名工程师对<a href="http://kubernetes.io/"> Kubernetes </a>
+    这一跨主机集群的管理应用程序容器的技术产生了兴趣，并开始为其开源社区作出贡献。
+    <!--
+    Over two years ago, one of the engineers employed by the networking and telecommunications giant became interested 
+    in <a href="http://kubernetes.io/">Kubernetes</a>, 
+    the technology for managing application containers across clusters of hosts, 
+    and started contributing to its open source community.
+    -->
+
+    随着技术和社区的发展，他不断地将这门技术告诉他的经理们。<br><br>
+    <!--
+    As the technology developed and the community grew, he kept telling his managers about it.<br><br>  
+    -->
+
+    与此同时，华为也在为其内部的企业 IT 部门寻找更好的编排系统，该系统应该支持每一个业务的流程处理。
+    <!--
+    And as fate would have it, at the same time, 
+    Huawei was looking for a better orchestration system for its internal enterprise I.T. department, 
+    which supports every business flow processing. 
+    -->
+
+    华为首席软件架构师、开源社区总监侯培新表示，
+    “我们在全球拥有逾 18 万名员工，内部流程复杂，所以这个部门可能每周都需要开发一些新的应用程序。
+    <!--
+    "We have more than 180,000 employees worldwide, and a complicated internal procedure, 
+    so probably every week this department needs to develop some new applications," says Peixin Hou, 
+    Huawei’s Chief Software Architect and Community Director for Open Source. 
+    -->
+
+    我们的 IT 部门经常需要启动数万个容器，任务要跨越全球数千个节点。
+    这是一个超大的分布式的系统，所以我们发现以更一致的方式管理所有的任务总是一个挑战”。<br><br>  
+    <!--
+    "Very often our I.T. departments need to launch tens of thousands of containers, 
+    with tasks running across thousands of nodes across the world. 
+    It’s very much a distributed system, so we found that managing all of the tasks 
+    in a more consistent way is always a challenge."<br><br>
+    -->
+
+    过去，华为曾使用虚拟机来封装应用程序，但是，“每次我们启动虚拟机时”，侯培新说，
+    “无论是因为它是一项新服务，还是因为它是一项由于节点功能异常而被关闭的服务，都需要花费大量时间”。
+    <!--
+    In the past, Huawei had used virtual machines to encapsulate applications, 
+    but "every time when we start a VM," Hou says, 
+    "whether because it’s a new service or because it was a service that was shut down 
+    because of some abnormal node functioning, it takes a lot of time." 
+    -->
+
+    华为转向了容器化，所以是时候尝试 Kubernetes 了。
+    采纳了这位工程师的建议花费了一年的时间，这个过程“不是一蹴而就的”，侯说，
+    <!--
+    Huawei turned to containerization, so the timing was right to try Kubernetes. 
+    It took a year to adopt that engineer’s suggestion – the process "is not overnight," says Hou – 
+    -->
+
+    但一旦投入使用，“Kubernetes 基本上解决了我们的大部分问题。
+    以前，部署时间大约需要一周，现在只需几分钟。
+    <!--
+    but once in use, he says, "Kubernetes basically solved most of our problems. 
+    Before, the time of deployment took about a week, now it only takes minutes. 
+    -->
+
+    开发人员非常高兴。使用 Kubernetes 的那个部门也十分高兴”。<br><br>  
+    <!--
+    The developers are happy. That department is also quite happy."<br><br>
+    -->
+
+    侯培新看到了使用这项技术给公司带来的巨大好处，
+    “Kubernetes 为基于云的应用程序带来了敏捷性、扩展能力和 DevOps 实践”，他说，
+    <!--
+    Hou sees great benefits to the company that come with using this technology: 
+    "Kubernetes brings agility, scale-out capability, 
+    and DevOps practice to the cloud-based applications," he says.
+    -->
+    
+    “它为我们提供了自定义调度体系结构的能力，这使得容器任务之间的关联性成为可能，从而提高了效率。
+    它支持多种容器格式，同时广泛支持各种容器网络解决方案和容器存储方案”。
+    <!--
+    "It provides us with the ability to customize the scheduling architecture, 
+    which makes possible the affinity between container tasks that gives greater efficiency. 
+    It supports multiple container formats. It has extensive support for various container 
+    networking solutions and container storage."
+    -->
+</div>
+</section>
+
+<div class="banner3">
+  <div class="banner3text">
+    “Kubernetes 基本上解决了我们的大部分问题。
+    以前，部署时间大约需要一周，现在只需几分钟。
+    开发人员很高兴。使用 Kubernetes 的部门也很高兴。”
+    <!--
+    "Kubernetes basically solved most of our problems. 
+    Before, the time of deployment took about a week, now it only takes minutes. 
+    The developers are happy. That department is also quite happy."  
+    -->
+  </div>
+</div>
+
+<section class="section3">
+<div class="fullcol">
+      最重要的是，这对底线有影响。侯培新说，
+      “我们还看到，在某些情况下，运营开支会大幅削减 20% 到 30%，这对我们的业务非常有帮助”。<br><br>
+      <!--
+      And not least of all, there’s an impact on the bottom line. 
+      Says Hou: "We also see significant operating expense spending cut in some circumstances 20-30 percent, 
+      which is very helpful for our business."<br><br>
+      -->
+
+    华为对这些初步结果感到满意，并看到客户对云原生技术的需求，因此加大了 Kubernetes 的投入。
+    2016 年春，公司不仅成为用户，而且成为了供应商。<br><br>
+    <!--
+    Pleased with those initial results, and seeing a demand for cloud native technologies from its customers, 
+    Huawei doubled down on Kubernetes. 
+    In the spring of 2016, the company became not only a user but also a vendor.<br><br>  
+    -->
+
+    “我们构建了 Kubernetes 技术解决方案”，侯培新说，
+    指的是华为的<a href="http://developer.huawei.com/ict/en/site-paas"> FusionStage™ </a> PaaS 输出。
+    <!--
+    "We built the Kubernetes technologies into our solutions," says Hou, referring to Huawei’s 
+    <a href="http://developer.huawei.com/ict/en/site-paas">FusionStage™</a> PaaS offering. 
+    -->
+
+    “我们的客户，从非常大的电信运营商到银行，都喜欢云原生的想法。他们喜欢 Kubernetes 的技术。
+    但是他们需要花费大量的时间来分解他们的应用程序，将它们转换为微服务体系结构。
+    作为解决方案提供者，我们帮助他们。
+    <!--
+    "Our customers, from very big telecommunications operators to banks, love the idea of cloud native. 
+    They like Kubernetes technology. But they need to spend a lot of time to decompose their applications 
+    to turn them into microservice architecture, and as a solution provider, we help them. 
+    -->
+
+    我们已经开始与一些中国银行合作，我们看到中国移动（China Mobile）和德国电信（Deutsche Telekom）等客户对我们很感兴趣”。<br><br>
+    <!--
+    We’ve started to work with some Chinese banks, and we see a lot of interest from our customers 
+    like <a href="http://www.chinamobileltd.com/">China Mobile</a> and 
+    <a href="https://www.telekom.com/en">Deutsche Telekom</a>."<br><br>
+    -->
+
+    “如果你是一个用户，你就仅仅是个用户”，侯培新补充道，“但如果你是一个供应商，为了说服你的客户，你应该自己使用它。
+    <!--
+    "If you’re just a user, you’re just a user," adds Hou. 
+    "But if you’re a vendor, in order to even convince your customers, you should use it yourself. 
+    -->
+
+    幸运的是，因为华为有很多员工，我们可以利用这种技术来展示我们所能构建的云的规模，向客户提供智慧服务”。
+    <!--
+    Luckily because Huawei has a lot of employees, we can demonstrate the scale of cloud we can build using this technology. 
+    We provide customer wisdom."
+    -->
+
+    尽管华为拥有自己的私有云，但其许多客户使用华为的解决方案运行跨云应用程序。
+    这是一个很大的卖点，大多数公共云提供商现在都支持 Kubernetes。
+    侯培新说，“这使得跨云转换比其他解决方案更容易”。<br><br>
+    <!--
+    While Huawei has its own private cloud, many of its customers run cross-cloud applications using Huawei’s solutions. 
+    It’s a big selling point that most of the public cloud providers now support Kubernetes. 
+    "This makes the cross-cloud transition much easier than with other solutions," says Hou.<br><br>
+    -->
+</div>
+</section>
+
+<div class="banner4">
+  <div class="banner4text">
+    “我们的客户，从非常大的电信运营商到银行，都喜欢云原生的想法。他们喜欢 Kubernetes 的技术。
+    但是他们需要花很多时间来分解他们的应用程序，把它们变成微服务体系结构，作为一个解决方案提供商，我们帮助他们。”
+    <!--
+    "Our customers, from very big telecommunications operators to banks, love the idea of cloud native. 
+    They like Kubernetes technology. But they need to spend a lot of time to decompose their applications 
+    to turn them into microservice architecture, and as a solution provider, we help them."
+    -->
+  </div>
+</div>
+
+<section class="section4">
+<div class="fullcol">
+
+    在华为内部，一旦他的团队完成内部业务流程部门向 Kubernetes 的转型，侯培新希望说服更多部门转向云原生开发和实践。
+    <!--
+    Within Huawei itself, once his team completes the transition of the internal business procedure department to Kubernetes, 
+    Hou is looking to convince more departments to move over to the cloud native development cycle and practice. 
+    -->
+
+    “我们有很多软件开发人员，所以我们将为他们提供我们的平台作为服务解决方案，我们自己的产品”，
+    他说，“我们希望在他们的迭代周期中看到显著的成本削减”。<br><br>
+    <!--
+    "We have a lot of software developers, 
+    so we will provide them with our platform as a service solution, our own product," he says. 
+    "We would like to see significant cuts in their iteration cycle."<br><br>
+    -->
+
+    在见证了华为最开始的向 Kubernetes 的转型之后，侯培新为其他考虑该技术的公司提供了建议，
+    “当你开始设计应用程序的架构时，首先考虑云原生，然后再考虑微服务架构”，他说，“我想你会从中受益”。<br><br>
+    <!--
+    Having overseen the initial move to Kubernetes at Huawei, Hou has advice for other companies considering the technology: 
+    "When you start to design the architecture of your application, think about cloud native, 
+    think about microservice architecture from the beginning," he says. 
+    "I think you will benefit from that."<br><br>
+    -->
+
+    但是如果您已经有了遗留应用程序，“首先从这些应用程序中一些对微服务友好的部分开始，
+    这些部分相对容易分解成更简单的部分，并且相对轻量级”，侯培新说，
+    <!--
+    But if you already have legacy applications, "start from some microservice-friendly part of those applications first, 
+    parts that are relatively easy to be decomposed into simpler pieces and are relatively lightweight," Hou says. 
+    -->
+
+    “不要从一开始就认为我想在几天内将整个架构或所有东西都迁移到微服务中。
+    不要把它当作目标。你应该循序渐进地做这件事。
+    我想说的是，对于遗留应用程序，并不是每个部分都适合微服务架构”。<br><br>
+    <!--
+    "Don’t think from day one that within how many days I want to move the whole architecture, 
+    or move everything into microservices. Don’t put that as a kind of target. 
+    You should do it in a gradual manner. And I would say for legacy applications, 
+    not every piece would be suitable for microservice architecture. No need to force it."<br><br>  
+    -->
+
+  毕竟，尽管侯培新对华为的 Kubernetes 充满热情，但他估计，
+  “未来 10 年，或许 80% 的工作负载可以分布式地在云原生环境中运行，但仍然有 20% 不是，但是没关系。
+  如果我们能够让 80% 的工作负载真正是云原生的、敏捷的，那么最终会有一个更好的世界”。
+  <!--
+  After all, as enthusiastic as Hou is about Kubernetes at Huawei, he estimates that "in the next 10 years, 
+  maybe 80 percent of the workload can be distributed, can be run on the cloud native environments. 
+  There’s still 20 percent that’s not, but it’s fine. 
+  If we can make 80 percent of our workload really be cloud native, to have agility, 
+  it’s a much better world at the end of the day."
+  -->
+</div>
+</section>
+
+<div class="banner5">
+  <div class="banner5text">
+    “未来 10 年，可能 80% 的工作负载可以分布式地在云原生环境中运行，但仍然有 20% 不是，不过没关系。
+    如果我们能够让 80% 的工作负载真正是云原生的、敏捷的，那么最终会有一个更好的世界。”
+    <!--
+    "In the next 10 years, maybe 80 percent of the workload can be distributed, 
+    can be run on the cloud native environments. 
+    There’s still 20 percent that’s not, but it’s fine. 
+    If we can make 80 percent of our workload really be cloud native, to have agility, 
+    it’s a much better world at the end of the day."
+    -->
+  </div>
+</div>
+<section class="section5">
+<div class="fullcol">
+  在不久的将来，侯培新期待着围绕着 Kubernetes 开发的新功能，尤其是华为正在开发的那些功能。
+  <!--
+  In the nearer future, Hou is looking forward to new features that are being developed around Kubernetes, 
+  not least of all the ones that Huawei is contributing to. 
+  -->
+
+  华为的工程师已经在为联邦功能(将多个 Kubernetes 集群放在一个框架中进行无缝管理)、调度、容器网络和存储，以及刚刚发布的一项名为
+  <a href="http://containerops.org/"的> Container Ops </a>的技术工作，这是一个 DevOps 管道引擎。
+  <!--
+  Huawei engineers have worked on the federation feature 
+  (which puts multiple Kubernetes clusters in a single framework to be managed seamlessly), scheduling, 
+  container networking and storage, and a just-announced technology called 
+  <a href="http://containerops.org/">Container Ops</a>, which is a DevOps pipeline engine.
+  -->
+
+  “这将把每个 DevOps 作业放到一个容器中”，他解释说，“这种容器机制使用 Kubernetes 运行，也用于测试 Kubernetes。
+  有了这种机制，我们可以比以前更容易地创建、共享和管理容器化 DevOps 作业”。<br><br>
+  <!--
+  "This will put every DevOps job into a container," he explains. 
+  "And then this container mechanism is running using Kubernetes, but is also used to test Kubernetes. 
+  With that mechanism, we can make the containerized DevOps jobs be created, 
+  shared and managed much more easily than before."<br><br>
+  -->
+
+  尽管如此，侯培新认为这项技术只是实现其全部潜力的一半。
+  首先，也是最重要的，他想要扩大它可以协调的规模，
+  这对于华为这样的超大规模公司以及它的一些客户来说非常重要。<br><br>
+  <!--
+  Still, Hou sees this technology as only halfway to its full potential. 
+  First and foremost, he’d like to expand the scale it can orchestrate, 
+  which is important for supersized companies like Huawei –  as well as some of its customers.<br><br>
+  -->
+
+  侯培新自豪地指出，在华为第一位工程师成为 Kubernetes 的贡献者和传道者两年后，华为现在是这个社区的最大贡献者。
+  他说，“我们发现，你对社区的贡献越大，你得到的回报也就越多”。
+  <!--
+  Hou proudly notes that two years after that first Huawei engineer became a contributor to and evangelist for Kubernetes, 
+  Huawei is now a top contributor to the community. "We’ve learned that the more you contribute to the community," 
+  he says, "the more you get back."
+  -->
+</div>
+</section>
diff --git a/content/zh/case-studies/ibm/ibm_featured_logo.png b/content/zh/case-studies/ibm/ibm_featured_logo.png
new file mode 100644
index 0000000000000..adb07a8cdf588
Binary files /dev/null and b/content/zh/case-studies/ibm/ibm_featured_logo.png differ
diff --git a/content/zh/case-studies/ibm/ibm_featured_logo.svg b/content/zh/case-studies/ibm/ibm_featured_logo.svg
new file mode 100644
index 0000000000000..577d8e97d960d
--- /dev/null
+++ b/content/zh/case-studies/ibm/ibm_featured_logo.svg
@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 215.9892 128.40633"><defs><style>.cls-1{fill:#f9f9f9;}.cls-2{fill:#4c81c2;}</style></defs><title>ibm_featured_logo</title><rect class="cls-1" x="-5.9997" y="-8.99955" width="229.48853" height="143.9928"/><polygon class="cls-2" points="190.441 33.693 162.454 33.693 164.178 28.868 190.441 28.868 190.441 33.693"/><path class="cls-2" d="M115.83346,28.867l25.98433-.003,1.7014,4.83715c.01251-.00687-27.677.00593-27.677,0C115.84224,33.69422,115.82554,28.867,115.83346,28.867Z"/><path class="cls-2" d="M95.19668,28.86593A18.6894,18.6894,0,0,1,106.37358,33.7s-47.10052.00489-47.10052,0V28.86488Z"/><rect class="cls-2" x="22.31176" y="28.86593" width="32.72063" height="4.82558"/><path class="cls-2" d="M190.44115,42.74673h-31.194s1.70142-4.79994,1.691-4.80193h29.50305Z"/><polygon class="cls-2" points="146.734 42.753 115.832 42.753 115.832 37.944 145.041 37.944 146.734 42.753"/><path class="cls-2" d="M110.04127,37.94271a12.47,12.47,0,0,1,1.35553,4.80214H59.28193V37.94271Z"/><rect class="cls-2" x="22.31176" y="37.94271" width="32.72063" height="4.80214"/><polygon class="cls-2" points="156.056 51.823 157.768 46.998 181.191 47.005 181.191 51.812 156.056 51.823"/><polygon class="cls-2" points="148.237 46.997 149.944 51.823 125.046 51.823 125.046 46.997 148.237 46.997"/><path class="cls-2" d="M111.81,46.99627a15.748,15.748,0,0,1-.68923,4.82641H96.85137V46.99627Z"/><rect class="cls-2" x="31.43162" y="47.01973" width="14.06406" height="4.8019"/><rect class="cls-2" x="68.7486" y="46.99627" width="14.03976" height="4.82537"/><path class="cls-2" d="M138.87572,57.03292s.004,3.65225.001,3.65913H125.04558V55.89h26.35583l1.637,4.4773c.00773.00292,1.57841-4.48815,1.58153-4.47835h26.56223V60.692h-13.763c-.00124-.00687-.00771-3.65819-.00771-3.65819l-1.273,3.65819-25.99183-.00687Z"/><path class="cls-2" d="M68.7486,55.889h40.30365v-.00188a18.13723,18.13723,0,0,1-3.99812,4.80494s-36.30647.00668-36.30647,0Z"/><rect class="cls-2" x="31.43162" y="55.88794" width="14.06406" height="4.80316"/><rect class="cls-2" x="167.41912" y="64.94348" width="13.76302" height="4.80212"/><path class="cls-2" d="M138.87572,64.94348H125.04558V69.7456c-.00688-.0025,13.83411.00167,13.83411,0C138.87969,69.7431,138.89532,64.94348,138.87572,64.94348Z"/><path class="cls-2" d="M164.63927,64.94348c-.06255-.007-1.61218,4.79962-1.67723,4.80212l-19.60378.00835c-.01543-.00751-1.72371-4.81745-1.725-4.81047Z"/><path class="cls-2" d="M68.74672,64.94233H104.985a23.7047,23.7047,0,0,1,4.32076,4.80327c.06609-.0025-40.5581.00167-40.5581,0Z"/><path class="cls-2" d="M45.49359,69.74436v-4.802H31.45487V69.7431Z"/><rect class="cls-2" x="167.41912" y="73.99693" width="13.76198" height="4.80295"/><rect class="cls-2" x="125.04474" y="73.99693" width="13.83097" height="4.80212"/><path class="cls-2" d="M159.74351,78.8224c.00376-.02169,1.69745-4.82964,1.72373-4.82547H144.80219c-.029-.00209,1.70848,4.80378,1.70848,4.80378S159.7404,78.84241,159.74351,78.8224Z"/><path class="cls-2" d="M68.74766,78.79905c0,.01919-.00094-4.80212,0-4.803H82.9958s.01272,4.80462,0,4.80462C82.98224,78.80072,68.74766,78.79489,68.74766,78.79905Z"/><path class="cls-2" d="M111.30529,73.9961a13.94783,13.94783,0,0,1,.89542,4.825H97.10364v-4.825Z"/><rect class="cls-2" x="31.45487" y="73.9961" width="14.03872" height="4.80171"/><rect class="cls-2" x="167.41912" y="82.86525" width="23.0212" height="4.80421"/><rect class="cls-2" x="115.83139" y="82.86525" width="23.04432" height="4.80421"/><polygon class="cls-2" points="156.647 87.669 149.618 87.669 147.931 82.865 158.272 82.865 156.647 87.669"/><path class="cls-2" d="M22.3099,82.86525v4.80212H55.008c.01366.00751-.01469-4.79919,0-4.79919Z"/><path class="cls-2" d="M111.60237,82.86525c-.3442,1.58445-.65962,3.5158-1.81732,4.80421l-.43175-.00209H59.28005V82.86525Z"/><polygon class="cls-2" points="153.461 96.733 152.814 96.733 151.171 91.92 155.147 91.92 153.461 96.733"/><rect class="cls-2" x="167.41788" y="91.91953" width="23.02244" height="4.82547"/><path class="cls-2" d="M59.27307,96.73333V91.92745s47.24073.00585,47.37623.00585A17.945,17.945,0,0,1,94.43864,96.745l-35.15859-.00959"/><rect class="cls-2" x="115.83139" y="91.91953" width="23.04432" height="4.82547"/><path class="cls-2" d="M55.008,91.94079s-.01469,4.79253,0,4.79253c.01366,0-32.6885.0196-32.69809.00961-.00888-.00961.00875-4.81548,0-4.81548S54.9933,91.95664,55.008,91.94079Z"/></svg>
\ No newline at end of file
diff --git a/content/zh/case-studies/ibm/index.html b/content/zh/case-studies/ibm/index.html
new file mode 100644
index 0000000000000..bb9a4a8943b65
--- /dev/null
+++ b/content/zh/case-studies/ibm/index.html
@@ -0,0 +1,93 @@
+---
+title: 案例研究：IBM
+
+case_study_styles: true
+cid: caseStudies
+css: /css/style_ibm.css
+---
+
+<!-- <div class="banner1" style="background-image: url('/images/CaseStudy_ibm_banner1.jpg')">
+  <h1> CASE STUDY:<img src="/images/ibm_logo.png" class="header_logo" style="width:10%"><br> <div class="subhead">Building an Image Trust Service on Kubernetes with Notary and TUF</div></h1>
+
+</div> -->
+
+<div class="banner1">
+  <h1> 案例研究：<img src="/images/ibm_logo.png" width="18%" style="margin-bottom:-5px;margin-left:10px;"><br> <div class="subhead">在 Kubernetes 上使用 Notary 和 TUF 建立镜像信任服务</div></h1>
+
+</div>
+
+<div class="details">
+    公司 &nbsp;<b>IBM</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;位置 &nbsp;<b>阿蒙克， 纽约</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>云计算</b>
+</div>
+
+<hr>
+<section class="section1">
+<div class="cols">
+  <div class="col1">
+    <h2>挑战</h2>
+        <!-- <a href="https://www.ibm.com/cloud/">IBM Cloud</a> offers public, private, and hybrid cloud functionality across a diverse set of runtimes from its OpenWhisk-based function as a service (FaaS) offering, managed <a href="https://kubernetes.io">Kubernetes</a> and containers, to <a href="https://www.cloudfoundry.org">Cloud Foundry</a> platform as a service (PaaS). These runtimes are combined with the power of the company’s enterprise technologies, such as MQ and DB2, its modern artificial intelligence (AI) Watson, and data analytics services. Users of IBM Cloud can exploit capabilities from more than 170 different cloud native services in its catalog, including capabilities such as IBM’s Weather Company API and data services. In the later part of 2017, the IBM Cloud Container Registry team wanted to build out an image trust service. -->
+<a href="https://www.ibm.com/cloud/">IBM Cloud</a> 提供公共、私有和混合云功能，包括基于 OpenWhisk 的服务 （FaaS）、托管于 <a href="https://kubernetes.io">Kubernetes</a> 和容器，以及 <a href="https://www.cloudfoundry.org">Cloud Foundry</a> 服务 （PaaS） 的各种运行时。这些运行时与公司企业技术（如 MQ 和 DB2、其现代人工智能 （AI） Watson 和数据分析服务）的强大功能相结合。IBM Cloud 用户可以使用其目录中 170 多个不同云原生服务的功能，包括 IBM 的气象公司 API 和数据服务等功能。在 2017 年后期，IBM 云容器托管团队希望构建镜像信任服务。<br><br>
+ <h2>解决方案</h2>
+      <!-- The work on this new service culminated with its public availability in the IBM Cloud in February 2018. The image trust service, called Portieris, is fully based on the <a href="https://www.cncf.io">Cloud Native Computing Foundation (CNCF)</a> open source project <a href="https://github.com/theupdateframework/notary">Notary</a>, according to Michael Hough, a software developer with the IBM Cloud Container Registry team. Portieris is a Kubernetes admission controller for enforcing content trust. Users can create image security policies for each Kubernetes namespace, or at the cluster level, and enforce different levels of trust for different images. Portieris is a key part of IBM’s trust story, since it makes it possible for users to consume the company’s Notary offering from within their IKS clusters. The offering is that Notary server runs in IBM’s cloud, and then Portieris runs inside the IKS cluster. This enables users to be able to have their IKS cluster verify that the image they're loading containers from contains exactly what they expect it to, and Portieris is what allows an IKS cluster to apply that verification. -->
+2018 年 2 月，这项新服务在 IBM 云中公开发布。IBM 云容器托管团队的软件开发者 Michael Hough 说，名为 Portieris 的镜像信任服务完全基于 <a href="https://www.cncf.io">Cloud Native Computing Foundation (CNCF)</a> 的开源项目 <a href="https://github.com/theupdateframework/notary">Notary</a>。Portieris 是 Kubernetes 的准入控制器，用于强制执行适当的信任等级。用户可以为每个 Kubernetes 命名空间或在集群级别创建镜像安全策略，并为不同的镜像强制实施不同级别的信任。Portieris 是 IBM 信任内容的关键部分，因为它使用户能够从 IKS 集群中使用公司的 Notary。产品是 Notary 服务器在 IBM 的云中运行，然后 Portieris 在 IKS 集群内运行。这使用户能够让 IKS 集群验证他们加载容器的镜像是否包含他们期望的内容，而 Portieris 是允许 IKS 集群应用该验证的原因。
+
+  </div>
+<div class="col2">
+<h2>影响</h2>
+     <!-- IBM's intention in offering a managed Kubernetes container service and image registry is to provide a fully secure end-to-end platform for its enterprise customers. "Image signing is one key part of that offering, and our container registry team saw Notary as the de facto way to implement that capability in the current Docker and container ecosystem," Hough says. The company had not been offering image signing before, and Notary is the tool it used to implement that capability. "We had a multi-tenant Docker Registry with private image hosting," Hough says. "The Docker Registry uses hashes to ensure that image content is correct, and data is encrypted both in flight and at rest. But it does not provide any guarantees of who pushed an image. We used Notary to enable users to sign images in their private registry namespaces if they so choose." -->
+IBM 打算提供基于 Kubernetes 的容器服务和镜像托管服务，目的是为其企业客户提供完全安全的端到端平台。Hough 说：“镜像签名是该产品的关键部分之一，我们的容器托管团队将 Notary 视为在当前 Docker 和容器生态系统中实现该功能的实际方式。”该公司以前没有提供镜像签名，Notary 是它用来实现该功能的工具。“我们有一个多租户 Docker 托管服务，具有私有镜像托管功能，” Hough 说。“ Docker 托管使用哈希值来确保镜像内容正确，并且数据在传输和静态时都进行了加密。但它没有提供任何保证谁推镜像。我们使用 Notary 来允许用户在其专用注册表命名空间中签名镜像（如果他们愿意的话）。”
+</div>
+
+</div>
+</section>
+<div class="banner2">
+  <div class="banner2text">
+   <!-- "We see CNCF as a safe haven for cloud native open source, providing stability, longevity, and expected maintenance for member projects—no matter the originating vendor or project."<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>- Michael Hough, a software developer with the IBM Container Registry team</span> -->
+   “我们将 CNCF 视为云原生开源的安全避难所，为成员项目（无论是原始供应商还是项目）提供稳定性、使用寿命和预期维护。”<br><br><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;">- Michael Hough, IBM 容器托管团队软件开发人员</span>
+  </div>
+</div>
+<section class="section2">
+<div class="fullcol">
+  <!-- <h2>Docker had already created the Notary project as an implementation of <a href="https://github.com/theupdateframework/specification" style="text-decoration:underline">The Update Framework (TUF)</a>, and this implementation of TUF provided the capabilities for Docker Content Trust.</h2> "After contribution to CNCF of both TUF and Notary, we perceived that it was becoming the de facto standard for image signing in the container ecosystem", says Michael Hough, a software developer with the IBM Cloud Container Registry team. -->
+  <h2>Docker 已经创建了 Notary 项目作为 <a href="https://github.com/theupdateframework/specification" style="text-decoration:underline">The Update Framework (TUF)</a> 的实现，TUF 的此实现为 Docker 内容信任提供了功能。</h2> IBM 云容器托管团队的软件开发者 Michael Hough 说：“在 TUF 和 Notary 对 CNCF 做出了贡献后，我们发现它正在成为容器生态系统中镜像签名的实际标准。”<br><br>
+<!-- The key reason for selecting Notary was that it was already compatible with the existing authentication stack IBM’s container registry was using. So was the design of TUF, which does not require the registry team to have to enter the business of key management. Both of these were "attractive design decisions that confirmed our choice of Notary," he says. -->
+选择 Notary 的关键原因是它已经与 IBM 的容器托管正在使用的现有身份验证技术兼容。TUF 的设计也是如此，它不要求托管团队必须涉足密钥管理业务。他说，这两项都是“有吸引力的设计决定，证实了我们对 Notary 的选择是正确的。”<br><br>
+<!-- The introduction of Notary to implement image signing capability in IBM Cloud encourages increased security across IBM's cloud platform, "where we expect it will include both the signing of official IBM images as well as expected use by security-conscious enterprise customers," Hough says. "When combined with security policy implementations, we expect an increased use of deployment policies in CI/CD pipelines that allow for fine-grained control of service deployment based on image signers." -->
+在 IBM Cloud 中引入 Notary 功能以实现镜像签名，可提高 IBM 云平台的安全性，“我们预计这将包括签署 IBM 官方镜像以及预期的有安全需求的企业客户，” Hough 说。与安全策略实现结合使用时，我们预计 CI/CD 管道中会更多地使用部署策略，以便根据镜像签名者对服务部署进行精细控制。
+<!-- The availability of image signing "is a huge benefit to security-conscious customers who require this level of image provenance and security," Hough says. "With our IBM Cloud Kubernetes as-a-service offering and the admission controller we have made available, it allows both IBM services as well as customers of the IBM public cloud to use security policies to control service deployment." -->
+Hough 说，镜像签名的可用性“对于需要这种级别镜像来源和安全性的客户来说，是一个巨大的好处。”“借助我们的 IBM 云上的 Kubernetes 以及我们提供的许可控制器，它允许 IBM 服务以及 IBM 公共云的客户使用安全策略来控制服务部署。”
+</div>
+</section>
+<div class="banner3">
+  <div class="banner3text">
+    <!-- "Image signing is one key part of our Kubernetes container service offering, and our container registry team saw Notary as the de facto way to implement that capability in the current Docker and container ecosystem"<span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br><br>- Michael Hough, a software developer with the IBM Cloud Container Registry team</span> -->
+    镜像签名是我们 Kubernetes 容器服务的关键部分之一，我们的容器托管团队将 Notary 视为在当前 Docker 和容器生态系统中实现该功能的实际方式。<br><br><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;">- Michael Hough, IBM 容器托管团队软件开发人员</span>
+
+  </div>
+</div>
+<section class="section3">
+<div class="fullcol">
+    <!-- Now that the Notary-implemented service is generally available in IBM’s public cloud as a component of its existing IBM Cloud Container Registry, it is deployed as a highly available service across five IBM Cloud regions. This high-availability deployment has three instances across two zones in each of the five regions, load balanced with failover support. "We have also deployed it with end-to-end TLS support through to our back-end IBM Cloudant persistence storage service," Hough says. -->
+现在，Notary 通常作为现有 IBM 云容器托管的一个组件在 IBM 的公共云中提供服务，因此它被部署为五个 IBM 云区域中的高可用服务。此高可用性部署在五个区域中的每个区域中各有三个实例，实现负载均衡与故障转移。Hough 说：“我们还将其部署到后端 IBM Cloudant 持久性存储服务，并随端到端 TLS 支持一起部署。”<br><br>
+    <!-- The IBM team has created and open sourced a Kubernetes admission controller called Portieris, which uses Notary signing information combined with customer-defined security policies to control image deployment into their cluster. "We are hoping to drive adoption of Portieris through its use of our Notary offering," Hough says. -->
+IBM 团队创建并开源了名为 Portieris 的 Kubernetes 准入控制器，该控制器使用 Notary 签名信息与客户定义的安全策略相结合，以控制将镜像部署到集群中。“我们希望通过使用我们的 Notary 服务来推动 Portieris 的使用，” Hough 说。<br><br>
+    <!-- IBM has been a key player in the creation and support of open source foundations, including CNCF. Todd Moore, IBM's vice president of Open Technology, is the current CNCF governing board chair and a number of IBMers are active across many of the CNCF member projects. -->
+IBM 在创建和支持开源基础（包括 CNCF）方面一直占据主导地位。IBM 开放技术副总裁 Todd Moore 是现任 CNCF 董事会主席，许多 IBM 员工活跃于 CNCF 成员项目中。
+</div>
+</section>
+<div class="banner4">
+  <div class="banner4text">
+   <!-- "There are new projects addressing these challenges, including within CNCF. We will definitely be following these advancements with interest. We found the Notary community to be an active and friendly community open to changes, such as our addition of a CouchDB backend for persistent storage." <span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br><br>- Michael Hough, a software developer with the IBM Cloud Container Registry team</span> -->
+   “有新项目应对这些挑战，包括在 CNCF 内。我们一定会饶有兴趣地关注这些进步。我们发现 Notary 社区是一个积极友好的社区，对变化持开放态度，例如我们为持久存储添加的 CouchDB 后端。”<br><br> <span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;">- Michael Hough, IBM 容器托管团队软件开发人员</span>
+  </div>
+</div>
+<section class="section4">
+  <div class="fullcol">
+<!-- The company has used other CNCF projects <a href="https://containerd.io">containerd</a>, <a href="https://www.envoyproxy.io">Envoy</a>, <a href="https://prometheus.io">Prometheus</a>, <a href="https://grpc.io">gRPC</a>, and <a href="https://github.com/containernetworking">CNI</a>, and is looking into <a href="https://github.com/spiffe">SPIFFE</a> and <a href="https://github.com/spiffe/spire">SPIRE</a> as well for potential future use. -->
+该公司已经使用的 CNCF 项目有 <a href="https://containerd.io">containerd</a>，<a href="https://www.envoyproxy.io">Envoy</a>，<a href="https://prometheus.io">Prometheus</a>，<a href="https://grpc.io">gRPC</a>，<a href="https://github.com/containernetworking">CNI</a>，而且正在探索 <a href="https://github.com/spiffe">SPIFFE</a> 和 <a href="https://github.com/spiffe/spire">SPIRE</a> 在未来的潜在可用性。<br><br>
+<!-- What advice does Hough have for other companies that are looking to deploy Notary or a cloud native infrastructure? -->
+对于希望部署 Notary 或云原生基础架构的其他公司，Hough 有何建议？<br><br>
+<!-- "While this is true for many areas of cloud native infrastructure software, we found that a high-availability, multi-region deployment of Notary requires a solid implementation to handle certificate management and rotation," he says. "There are new projects addressing these challenges, including within CNCF. We will definitely be following these advancements with interest. We found the Notary community to be an active and friendly community open to changes, such as our addition of a CouchDB backend for persistent storage." -->
+“虽然对于云原生基础结构软件的许多领域也是如此，但我们发现，高可用性、多区域的 Notary 部署需要扎实的实现来处理证书管理和轮换，”他说。“有新项目应对这些挑战，包括在 CNCF 内。我们一定会饶有兴趣地关注这些进步。我们发现 Notary 社区是一个积极友好的社区，对变化持开放态度，例如我们为持久存储添加的 CouchDB 后端。”
+  </div>
+</section>
diff --git a/content/zh/case-studies/liveperson/index.html b/content/zh/case-studies/liveperson/index.html
new file mode 100644
index 0000000000000..0cadb0f274073
--- /dev/null
+++ b/content/zh/case-studies/liveperson/index.html
@@ -0,0 +1,4 @@
+---
+title: LivePerson
+content_url: https://www.openstack.org/videos/video/running-kubernetes-on-openstack-at-liveperson
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/liveperson/liveperson_logo.png b/content/zh/case-studies/liveperson/liveperson_logo.png
new file mode 100644
index 0000000000000..b7e63d94f72d6
Binary files /dev/null and b/content/zh/case-studies/liveperson/liveperson_logo.png differ
diff --git a/content/zh/case-studies/monzo/index.html b/content/zh/case-studies/monzo/index.html
new file mode 100644
index 0000000000000..99d4f35934145
--- /dev/null
+++ b/content/zh/case-studies/monzo/index.html
@@ -0,0 +1,4 @@
+---
+title: Monzo
+content_url: https://youtu.be/YkOY7DgXKyw
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/monzo/monzo_logo.png b/content/zh/case-studies/monzo/monzo_logo.png
new file mode 100644
index 0000000000000..854409d17eabb
Binary files /dev/null and b/content/zh/case-studies/monzo/monzo_logo.png differ
diff --git a/content/zh/case-studies/netease/index.html b/content/zh/case-studies/netease/index.html
new file mode 100644
index 0000000000000..0ce8d133e2353
--- /dev/null
+++ b/content/zh/case-studies/netease/index.html
@@ -0,0 +1,105 @@
+---
+title: 案例研究：NetEase
+case_study_styles: true
+cid: caseStudies
+css: /css/style_case_studies.css
+---
+
+
+<!-- <div class="banner1" style="background-image: url('/images/CaseStudy_netease_banner1.jpg')">
+  <h1> CASE STUDY:<img src="/images/netease_logo.png" class="header_logo" style="width:22%;margin-bottom:-1%"><br> <div class="subhead" style="margin-top:1%"> How NetEase Leverages Kubernetes to Support Internet Business Worldwide</div></h1>
+
+</div> -->
+<div class="banner1" style="background-image: url('/images/CaseStudy_netease_banner1.jpg')">
+  <h1> 案例研究：<img src="/images/netease_logo.png" class="header_logo" style="width:22%;margin-bottom:-1%"><br> <div class="subhead" style="margin-top:1%"> 网易如何利用 Kubernetes 支持在全球的互联网业务</div></h1>
+
+</div>
+
+
+<div class="details" style="font-size:1em">
+    公司 &nbsp;<b>网易</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;位置 &nbsp;<b>杭州，中国</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>互联网科技</b>
+</div>
+
+<hr>
+<section class="section1">
+<div class="cols">
+  <div class="col1" style="margin-left:-1.5% !important">
+    <h2>挑战</h2>
+         <!-- Its gaming business is one of the largest in the world, but that’s not all that <a href="https://netease-na.com/">NetEase</a> provides to Chinese consumers. The company also operates e-commerce, advertising, music streaming, online education, and email platforms; the last of which serves almost a billion users with free email services through sites like <a href="https://www.163.com/">163.com</a>. In 2015, the NetEase Cloud team providing the infrastructure for all of these systems realized that their R&D process was slowing down developers. “Our users needed to prepare all of the infrastructure by themselves,” says Feng Changjian, Architect for NetEase Cloud and Container Service. “We were eager to provide the infrastructure and tools for our users automatically via serverless container service.” -->
+其游戏业务是世界上最大的游戏业务之一，但这不是<a href="https://netease-na.com/">网易</a>为中国消费者提供的所有。公司还经营电子商务、广告、音乐流媒体、在线教育和电子邮件平台；其中最后一个服务有近10亿用户通过网站使用免费的电子邮件服务，如<a href="https://www.163.com/">163.com</a>。2015 年，为所有这些系统提供基础设施的网易云团队意识到，他们的研发流程正在减缓开发人员的速度。网易云和容器服务架构师冯长健表示：“我们的用户需要自己准备所有基础设施。”“我们希望通过无服务器容器服务自动为用户提供基础设施和工具。”
+<br><br>
+ <h2>解决方案</h2>
+      <!-- After considering building its own orchestration solution, NetEase decided to base its private cloud platform on <a href="https://kubernetes.io/">Kubernetes</a>. The fact that the technology came out of Google gave the team confidence that it could keep up with NetEase’s scale. “After our 2-to-3-month evaluation, we believed it could satisfy our needs,” says Feng. The team started working with Kubernetes in 2015, before it was even 1.0. Today, the NetEase internal cloud platform—which also leverages the CNCF projects <a href="https://prometheus.io/">Prometheus</a>, <a href="https://www.envoyproxy.io/">Envoy</a>, <a href="https://goharbor.io/">Harbor</a>, <a href="https://grpc.io/">gRPC</a>, and <a href="https://helm.sh/">Helm</a>—runs 10,000 nodes in a production cluster and can support up to 30,000 nodes in a cluster. Based on its learnings from its internal platform, the company introduced a Kubernetes-based cloud and microservices-oriented PaaS product, <a href="https://landscape.cncf.io/selected=netease-qingzhou-microservice">NetEase Qingzhou Microservice</a>, to outside customers. -->
+在考虑构建自己的业务流程解决方案后，网易决定将其私有云平台建立在 <a href="https://kubernetes.io/">Kubernetes</a> 的基础上。这项技术来自 Google，这一事实让团队有信心，它能够跟上网易的规模。“经过2到3个月的评估，我们相信它能满足我们的需求，”冯长健说。该团队于 2015 年开始与 Kubernetes 合作，那会它甚至还不是1.0版本。如今，网易内部云平台还使用了 CNCF 项目 <a href="https://prometheus.io/">Prometheus</a>、<a href="https://www.envoyproxy.io/">Envoy</a>、<a href="https://goharbor.io/">Harbor</a>、<a href="https://grpc.io/">gRPC</a> 和 <a href="https://helm.sh/">Helm</a>， 在生产集群中运行 10000 个节点，并可支持集群多达 30000 个节点。基于对内部平台的学习，公司向外部客户推出了基于 Kubernetes 的云和微服务型 PaaS 产品，网易轻舟微服务。
+
+
+<br><br>
+<h2>影响</h2>
+      <!-- The NetEase team reports that Kubernetes has increased R&D efficiency by more than 100%. Deployment efficiency has improved by 280%. “In the past, if we wanted to do upgrades, we needed to work with other teams, even in other departments,” says Feng. “We needed special staff to prepare everything, so it took about half an hour. Now we can do it in only 5 minutes.” The new platform also allows for mixed deployments using GPU and CPU resources. “Before, if we put all the resources toward the GPU, we won’t have spare resources for the CPU. But now we have improvements thanks to the mixed deployments,” he says. Those improvements have also brought an increase in resource utilization. -->
+网易团队报告说，Kubernetes 已经提高了研发效率一倍多，部署效率提高了 2.8倍。“过去，如果我们想要进行升级，我们需要与其他团队合作，甚至加入其他部门，”冯长健说。“我们需要专人来准备一切，需要花费约半个小时。现在我们只需 5 分钟即可完成。”新平台还允许使用 GPU 和 CPU 资源进行混合部署。“以前，如果我们将所有资源都用于 GPU，则 CPU 的备用资源将没有。但是现在，由于混合部署，我们有了很大的改进，”他说。这些改进也提高了资源的利用率。
+</div>
+</div>
+
+</section>
+<div class="banner2">
+  <div class="banner2text">
+    <!-- "The system can support 30,000 nodes in a single cluster. In production, we have gotten the data of 10,000 nodes in a single cluster. The whole internal system is using this system for development, test, and production."<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>— Zeng Yuxing, Architect, NetEase</span> -->
+    “系统可以在单个群集中支持 30000 个节点。在生产中，我们在单个群集中获取到了 10000 个节点的数据。整个内部系统都在使用该系统进行开发、测试和生产。”<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>— 曾宇兴,网易架构师</span>
+  </div>
+</div>
+<section class="section2">
+<div class="fullcol">
+ <!-- <h2>Its gaming business is the <a href="https://newzoo.com/insights/rankings/top-25-companies-game-revenues/">fifth-largest</a> in the world, but that’s not all that <a href="https://netease-na.com/">NetEase</a> provides consumers.</h2>The company also operates e-commerce, advertising, music streaming, online education, and email platforms in China; the last of which serves almost a billion users with free email services through popular sites like <a href="https://www.163.com/">163.com</a> and <a href="https://www.126.com/">126.com</a>. With that kind of scale, the NetEase Cloud team providing the infrastructure for all of these systems realized in 2015 that their R&D process was making it hard for developers to keep up with demand. “Our users needed to prepare all of the infrastructure by themselves,” says Feng Changjian, Architect for NetEase Cloud and Container Service. “We were eager to provide the infrastructure and tools for our users automatically via serverless container service.”<br><br> -->
+ <h2>其游戏业务是世界<a href="https://newzoo.com/insights/rankings/top-25-companies-game-revenues/">第五大</a>游戏业务，但这不是<a href="https://netease-na.com/">网易</a>为消费者提供的所有业务。</h2>公司还在中国经营电子商务、广告、音乐流媒体、在线教育和电子邮件平台；其中最后一个服务是有近10亿用户使用的网站，如<a href="https://www.163.com/">163.com</a>和<a href="https://www.126.com/">126.com</a>免费电子邮件服务。有了这样的规模，为所有这些系统提供基础设施的网易云团队在 2015 年就意识到，他们的研发流程使得开发人员难以跟上需求。网易云和容器服务架构师冯长健表示：“我们的用户需要自己准备所有基础设施。”“我们渴望通过无服务器容器服务自动为用户提供基础设施和工具。”<br><br>
+ <!-- After considering building its own orchestration solution, NetEase decided to base its private cloud platform on <a href="https://kubernetes.io/">Kubernetes</a>. The fact that the technology came out of Google gave the team confidence that it could keep up with NetEase’s scale. “After our 2-to-3-month evaluation, we believed it could satisfy our needs,” says Feng. -->
+在考虑构建自己的业务流程解决方案后，网易决定将其私有云平台建立在 <a href="https://kubernetes.io/">Kubernetes</a> 的基础上。这项技术来自谷歌，这一事实让团队有信心，它能够跟上网易的规模。“经过2到3个月的评估，我们相信它能满足我们的需求，”冯长健说。
+</div>
+</section>
+<div class="banner3" style="background-image: url('/images/CaseStudy_netease_banner3.jpg')">
+  <div class="banner3text">
+    <!-- "We leveraged the programmability of Kubernetes so that we can build a platform to satisfy the needs of our internal customers for upgrades and deployment." -->
+“我们利用 Kubernetes 的可编程性，构建一个平台，以满足内部客户对升级和部署的需求。”<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>- 冯长健,网易云和容器托管平台架构师</span>
+  </div>
+</div>
+<section class="section3">
+<div class="fullcol">
+  <!-- The team started adopting Kubernetes in 2015, before it was even 1.0, because it was relatively easy to use and enabled DevOps at the company. “We abandoned some of the concepts of Kubernetes; we only wanted to use the standardized framework,” says Feng. “We leveraged the programmability of Kubernetes so that we can build a platform to satisfy the needs of our internal customers for upgrades and deployment.”<br><br> -->
+该团队于 2015 年开始采用 Kubernetes，那会它甚至还不是1.0版本，因为它相对易于使用，并且使 DevOps 在公司中得以实现。“我们放弃了 Kubernetes 的一些概念；我们只想使用标准化框架，”冯长健说。“我们利用 Kubernetes 的可编程性，构建一个平台，以满足内部客户对升级和部署的需求。”<br><br>
+  <!-- The team first focused on building the container platform to manage resources better, and then turned their attention to improving its support of microservices by adding internal systems such as monitoring. That has meant integrating the CNCF projects <a href="https://prometheus.io/">Prometheus</a>, <a href="https://www.envoyproxy.io/">Envoy</a>, <a href="https://goharbor.io/">Harbor</a>, <a href="https://grpc.io/">gRPC</a>, and <a href="https://helm.sh/">Helm</a>. “We are trying to provide a simplified and standardized process, so our users and customers can leverage our best practices,” says Feng.<br><br> -->
+团队首先专注于构建容器平台以更好地管理资源，然后通过添加内部系统（如监视）来改进对微服务的支持。这意味着整合了 CNCF 项目 <a href="https://prometheus.io/">Prometheus</a>，<a href="https://www.envoyproxy.io/">Envoy</a>，<a href="https://goharbor.io/">Harbor</a>，<a href="https://grpc.io/">gRPC</a> 和 <a href="https://helm.sh/">Helm</a>。“我们正在努力提供简化和标准化的流程，以便我们的用户和客户能够利用我们的最佳实践，”冯长健说。<br><br>
+  <!-- And the team is continuing to make improvements. For example, the e-commerce part of the business needs to leverage mixed deployments, which in the past required using two separate platforms: the infrastructure-as-a-service platform and the Kubernetes platform. More recently, NetEase has created a cross-platform application that enables using both with one-command deployment. -->
+团队正在继续改进。例如，企业的电子商务部分需要利用混合部署，过去需要使用两个单独的平台：基础架构即服务平台和 Kubernetes 平台。最近，网易创建了一个跨平台应用程序，支持将两者同时使用单命令部署。
+</div>
+</section>
+<div class="banner4" style="background-image: url('/images/CaseStudy_netease_banner4.jpg')">
+  <div class="banner4text">
+    <!-- "As long as a company has a mature team and enough developers, I think Kubernetes is a very good technology that can help them."<span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br><br>- Li Lanqing, Kubernetes Developer, NetEase</span> -->
+“只要公司拥有成熟的团队和足够的开发人员，我认为 Kubernetes 是一个很好的有所助力的技术。”<span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br><br>- 李兰青, 网易 Kubernetes 开发人员</span>
+  </div>
+  </div>
+</div>
+
+<section class="section5" style="padding:0px !important">
+<div class="fullcol">
+  <!-- Today, the NetEase internal cloud platform “can support 30,000 nodes in a single cluster,” says Architect Zeng Yuxing. “In production, we have gotten the data of 10,000 nodes in a single cluster. The whole internal system is using this system for development, test, and production.” <br><br> -->
+“系统可以在单个群集中支持 30000 个节点。在生产中，我们在单个群集中获取到了 10000 个节点的数据。整个内部系统都在使用该系统进行开发、测试和生产。”<br><br>
+  <!-- The NetEase team reports that Kubernetes has increased R&D efficiency by more than 100%. Deployment efficiency has improved by 280%. “In the past, if we wanted to do upgrades, we needed to work with other teams, even in other departments,” says Feng. “We needed special staff to prepare everything, so it took about half an hour. Now we can do it in only 5 minutes.” The new platform also allows for mixed deployments using GPU and CPU resources. “Before, if we put all the resources toward the GPU, we won’t have spare resources for the CPU. But now we have improvements thanks to the mixed deployments.” Those improvements have also brought an increase in resource utilization. -->
+网易团队报告说，Kubernetes 已经提高了研发效率一倍多。部署效率提高了 2.8倍。“过去，如果我们想要进行升级，我们需要与其他团队合作，甚至加入其他部门，”冯长健说。“我们需要专人来准备一切，需要花费约半个小时。现在我们只需 5 分钟即可完成。”新平台还允许使用 GPU 和 CPU 资源进行混合部署。“以前，如果我们将所有资源都用于 GPU，则 CPU 的备用资源将没有。但是现在，由于混合部署，我们有了很大的改进，”他说。这些改进也提高了资源的利用率。
+
+</div>
+
+<div class="banner5">
+  <div class="banner5text">
+  <!-- "By engaging with this community, we can gain some experience from it and we can also benefit from it. We can see what are the concerns and the challenges faced by the community, so we can get involved."<span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br><br>- Li Lanqing, Kubernetes Developer, NetEase</span> -->
+“通过与这个社区接触，我们可以从中获得一些经验，我们也可以从中获益。我们可以看到社区所关心的问题和挑战，以便我们参与其中。”<span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br><br>- 李兰青, 网易 Kubernetes 开发人员</span>
+  </div>
+</div>
+<div class="fullcol">
+  <!-- Based on the results and learnings from using its internal platform, the company introduced a Kubernetes-based cloud and microservices-oriented PaaS product, <a href="https://landscape.cncf.io/selected=netease-qingzhou-microservice">NetEase Qingzhou Microservice</a>, to outside customers. “The idea is that we can find the problems encountered by our game and e-commerce and cloud music providers, so we can integrate their experiences and provide a platform to satisfy the needs of our users,” says Zeng. <br><br> -->
+基于使用内部平台的成果和学习，公司向外部客户推出了基于 Kubernetes 的云和微服务型 PaaS 产品，网易轻舟微服务。“我们的想法是，我们可以找到我们的游戏和电子商务以及云音乐提供商遇到的问题，所以我们可以整合他们的体验，并提供一个平台，以满足所有用户的需求，”曾宇兴说。<br><br>
+  <!-- With or without the use of the NetEase product, the team encourages other companies to try Kubernetes. “As long as a company has a mature team and enough developers, I think Kubernetes is a very good technology that can help them,” says Kubernetes developer Li Lanqing.<br><br> -->
+无论是否使用网易产品，该团队鼓励其他公司尝试 Kubernetes。Kubernetes 开发者李兰青表示：“只要公司拥有成熟的团队和足够的开发人员，我认为 Kubernetes 是一个很好的技术，可以帮助他们。”<br><br>
+  <!-- As an end user as well as a vendor, NetEase has become more involved in the community, learning from other companies and sharing what they’ve done. The team has been contributing to the Harbor and Envoy projects, providing feedback as the technologies are being tested at NetEase scale. “We are a team focusing on addressing the challenges of microservices architecture,” says Feng. “By engaging with this community, we can gain some experience from it and we can also benefit from it. We can see what are the concerns and the challenges faced by the community, so we can get involved.” -->
+作为最终用户和供应商，网易已经更多地参与社区，向其他公司学习，分享他们所做的工作。该团队一直在为 Harbor 和 Envoy 项目做出贡献，在网易进行规模测试技术时提供反馈。“我们是一个团队，专注于应对微服务架构的挑战，”冯长健说。“通过与这个社区接触，我们可以从中获得一些经验，我们也可以从中获益。我们可以看到社区所关心的问题和挑战，以便我们参与其中。”
+</div>
+</section>
diff --git a/content/zh/case-studies/netease/netease_featured_logo.png b/content/zh/case-studies/netease/netease_featured_logo.png
new file mode 100644
index 0000000000000..5700b940f34af
Binary files /dev/null and b/content/zh/case-studies/netease/netease_featured_logo.png differ
diff --git a/content/zh/case-studies/nordstrom/index.html b/content/zh/case-studies/nordstrom/index.html
new file mode 100644
index 0000000000000..40cfc7642d77f
--- /dev/null
+++ b/content/zh/case-studies/nordstrom/index.html
@@ -0,0 +1,152 @@
+---
+title: 案例研究：Nordstrom
+case_study_styles: true
+cid: caseStudies
+css: /css/style_case_studies.css
+---
+
+<!-- <div class="banner1" style="background-image: url('/images/CaseStudy_nordstrom_banner1.jpg')">
+  <h1> CASE STUDY:<img src="/images/nordstrom_logo.png" class="header_logo" style="margin-bottom:-1.5% !important;width:20% !important;"><br> <div class="subhead">Finding Millions in Potential Savings in a Tough Retail Climate
+
+</div></h1>
+
+</div> -->
+
+<div class="banner1" style="background-image: url('/images/CaseStudy_nordstrom_banner1.jpg')">
+  <h1> 案例研究:<img src="/images/nordstrom_logo.png" class="header_logo" style="margin-bottom:-1.5% !important;width:20% !important;"><br> <div class="subhead">在艰难的零售环境下寻找数百万的潜在成本节约
+
+
+</div></h1>
+
+</div>
+
+<!-- <div class="details">
+    Company &nbsp;<b>Nordstrom</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>Seattle, Washington</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Retail</b>
+</div> -->
+
+<div class="details">
+    公司 &nbsp;<b>Nordstrom</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;地点 &nbsp;<b>西雅图, 华盛顿</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>零售</b>
+</div>
+
+<hr>
+<section class="section1">
+<div class="cols">
+  <div class="col1">
+    <!-- <h2>Challenge</h2>
+    Nordstrom wanted to increase the efficiency and speed of its technology operations, which includes the Nordstrom.com e-commerce site. At the same time, Nordstrom Technology was looking for ways to tighten its technology operational costs. -->
+
+<h2>挑战</h2>
+Nordstrom 希望提高其技术运营的效率和速度，其中包括 Nordstrom.com 电子商务网站。与此同时，Nordstrom 技术公司正在寻找压缩技术运营成本的方法。
+
+<br>
+    <!-- <h2>Solution</h2>
+    After embracing a DevOps transformation and launching a continuous integration/continuous deployment (CI/CD) project four years ago, the company reduced its deployment time from three months to 30 minutes. But they wanted to go even faster across environments, so they began their cloud native journey, adopting Docker containers orchestrated with <a href="http://kubernetes.io/">Kubernetes</a>. -->
+
+<h2>解决方案</h2>
+在四年前采用 DevOps 转型并启动持续集成/部署 (CI/CD)项目后，该公司将部署时间从 3 个月缩短到 30 分钟。但是他们想在部署环境上走得更快，所以他们开始他们的云原生之旅，采用与<a href="http://kubernetes.io/"> Kubernetes </a>协调的Docker容器。
+
+  <br>
+
+
+</div>
+
+<div class="col2">
+
+  <!-- <h2>Impact</h2>
+  Nordstrom Technology developers using Kubernetes now deploy faster and can "just focus on writing applications," says Dhawal Patel, a senior engineer on the team building a Kubernetes enterprise platform for Nordstrom. Furthermore, the team has increased Ops efficiency, improving CPU utilization from 5x to 12x depending on the workload. "We run thousands of virtual machines (VMs), but aren’t effectively using all those resources," says Patel. "With Kubernetes, without even trying to make our cluster efficient, we are currently at a 10x increase." -->
+
+<h2>影响</h2>
+为 Nordstrom 构建 Kubernetes 企业平台的团队高级工程师 Dhawal Patel 说，“使用 Kubernetes 的 Nordstrom 技术开发人员现在项目部署得更快，并且能够只专注于编写应用程序。”此外，该团队还提高了运营效率,根据工作负载将 CPU 利用率从 5 倍提高到 12 倍。Patel 说：“我们运行了数千台虚拟机 (VM),但无法有效地使用所有这些资源。借助  Kubernetes ,我们甚至不需要尝试去提高群集的效率,就能使运营效率增长 10 倍。”
+
+</div>
+</div>
+</section>
+<div class="banner2">
+<div class="banner2text">
+<!-- "We are always looking for ways to optimize and provide more value through technology. With Kubernetes we are showcasing two types of efficiency that we can bring: Dev efficiency and Ops efficiency. It’s a win-win." -->
+“我们一直在寻找通过技术进行优化和提供更多价值的方法。通过 Kubernetes ，我们在开发效率和运营效率这两方面取得了示范性的提升。这是一个双赢。”
+<!-- <br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>-— Dhawal Patel, senior engineer at Nordstrom</span> -->
+<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>-— Dhawal Patel, Nordstrom 高级工程师</span>
+</div>
+</div>
+<section class="section2">
+<div class="fullcol">
+<!-- When Dhawal Patel joined <a href="http://shop.nordstrom.com/">Nordstrom</a> five years ago as an application developer for the retailer’s website, he realized there was an opportunity to help speed up development cycles. -->
+当 Dhawal Patel 五年前加入<a href="http://shop.nordstrom.com/"> Nordstrom </a>，担任该零售商网站的应用程序开发人员时，他意识到有机会帮助加快开发周期。
+<br><br>
+<!-- In those early DevOps days, Nordstrom Technology still followed a traditional model of silo teams and functions. "As a developer, I was spending more time fixing environments than writing code and adding value to business," Patel says. "I was passionate about that—so I was given the opportunity to help fix it." -->
+在早期的 DevOps 时代,，Nordstrom 技术仍然遵循传统的孤岛团队和功能模型。Patel 说：“作为开发人员，我花在维护环境上的时间比编写代码和为业务增加价值的时间要多。我对此充满热情，因此我有机会参与帮助修复它。”
+<br><br>
+<!-- The company was eager to move faster, too, and in 2013 launched the first continuous integration/continuous deployment (CI/CD) project. That project was the first step in Nordstrom’s cloud native journey. -->
+公司也渴望加快步伐，并在 2013 年启动了首个持续集成/部署 (CI/CD)项目。该项目是 Nordstrom 云原生之旅的第一步。
+<br><br>
+<!-- Dev and Ops team members built a CI/CD pipeline, working with the company’s servers on premise. The team chose <a href="https://www.chef.io/chef/">Chef</a>, and wrote cookbooks that automated virtual IP creation, servers, and load balancing. "After we completed the project, deployment went from three months to 30 minutes," says Patel. "We still had multiple environments—dev, test, staging, then production—so with each environment running the Chef cookbooks, it took 30 minutes. It was a huge achievement at that point." -->
+开发人员和运营团队成员构建了一个 CI/CD 管道，在内部使用公司的服务器。团队选择了<a href="https://www.chef.io/chef/"> Chef </a>，并编写了自动虚拟 IP 创建、服务器和负载均衡的指导手册。Patel 说：“项目完成后,部署时间从 3 个月减少到 30 分钟。我们仍有开发、测试、暂存、然后生产等多个环境需要重新部署。之后，每个运行 Chef 说明书的环境部署都只花 30 分钟。在那个时候，这是一个巨大的成就。”
+<br><br>
+<!-- But new environments still took too long to turn up, so the next step was working in the cloud. Today, Nordstrom Technology has built an enterprise platform that allows the company’s 1,500 developers to deploy applications running as Docker containers in the cloud, orchestrated with Kubernetes. -->
+但是，新环境仍然需要很长时间才能出现，因此下一步是在云中工作。如今，Nordstrom  Technology 已经构建了一个企业平台，允许公司的1500 名开发人员在云中部署以 Docker 容器身份运行的应用程序，这些应用程序由 Kubernetes 进行编排。
+</div>
+</section>
+<div class="banner3" style="background-image: url('/images/CaseStudy_nordstrom_banner3.jpg')">
+<div class="banner3text">
+<!-- "We made a bet that Kubernetes was going to take off, informed by early indicators of community support and project velocity, so we rebuilt our system with Kubernetes at the core," -->
+“了解到早期的社区支持和项目迭代指标，我们肯定 Kubernetes 一定会成功的，因此我们以 Kubernetes 为核心重建了我们的系统。”
+</div>
+</div>
+<section class="section3">
+<div class="fullcol">
+
+<!-- "The cloud provided faster access to resources, because it took weeks for us to get a virtual machine (VM) on premises," says Patel. "But now we can do the same thing in only five minutes." -->
+Patel 说：“云提供了对资源的更快访问,因为我们在内部需要花数周时间才能部署一个虚拟机 (VM)来提供服务。但现在我们可以做同样的事情，只需五分钟。”
+<br><br>
+<!-- Nordstrom’s first foray into scheduling containers on a cluster was a homegrown system based on CoreOS fleet. They began doing a few proofs of concept projects with that system until Kubernetes 1.0 was released when they made the switch. "We made a bet that Kubernetes was going to take off, informed by early indicators of community support and project velocity, so we rebuilt our system with Kubernetes at the core," says Marius Grigoriu, Sr. Manager of the Kubernetes team at Nordstrom. -->
+Nordstrom 首次尝试在集群上调度容器，是基于 CoreOS fleet 的原生系统。他们开始使用该系统做一些概念验证项目，直到 Kubernetes 1.0发布时才将正式项目迁移到里面。Nordstrom 的 Kubernetes 团队经理 Marius Grigoriu 表示：“了解到早期的社区支持和项目迭代指标，我们肯定 Kubernetes 一定会成功的，因此我们以 Kubernetes 为核心重建了我们的系统。”
+<!-- While Kubernetes is often thought as a platform for microservices, the first application to launch on Kubernetes in a critical production role at Nordstrom was Jira. "It was not the ideal microservice we were hoping to get as our first application," Patel admits, "but the team that was working on it was really passionate about Docker and Kubernetes, and they wanted to try it out. They had their application running on premises, and wanted to move it to Kubernetes." -->
+虽然 Kubernetes 通常被视为微服务的平台，但在 Nordstrom 担任关键生产角色的 Kubernetes 上推出的第一个应用程序是 Jira。Patel 承认：“这不是我们希望作为第一个应用程序获得的理想微服务，但致力于此应用程序的团队对 Docker 和 Kubernetes 非常热情，他们希望尝试一下。他们的应用程序部署在内部运行，并希望将其移动到 Kubernetes。
+<br><br>
+<!-- The benefits were immediate for the teams that came on board. "Teams running on our Kubernetes cluster loved the fact that they had fewer issues to worry about. They didn’t need to manage infrastructure or operating systems," says Grigoriu. "Early adopters loved the declarative nature of Kubernetes. They loved the reduced surface area they had to deal with." -->
+对于加入的团队来说,这些好处是立竿见影的。Grigoriu 说：“在我们的 Kubernetes 集群中运行的团队喜欢这样一个事实，即他们担心的问题更少，他们不需要管理基础设施或操作系统。早期使用者喜欢 Kubernetes 的声明特性，让他们不得不处理的面积减少。
+</div>
+</section>
+<div class="banner4" style="background-image: url('/images/CaseStudy_nordstrom_banner4.jpg')">
+  <div class="banner4text">
+ <!-- "Teams running on our Kubernetes cluster loved the fact that they had fewer issues to worry about. They didn’t need to manage infrastructure or operating systems," says Grigoriu. "Early adopters loved the declarative nature of Kubernetes. They loved the reduced surface area they had to deal with." -->
+Grigoriu 说：“在我们的 Kubernetes 集群中运行的团队喜欢这样一个事实，即他们担心的问题更少，他们不需要管理基础设施或操作系统。早期使用者喜欢 Kubernetes 的声明特性，让他们不得不处理的面积减少。”
+  </div>
+</div>
+
+<section class="section5">
+<div class="fullcol">
+  <!-- To support these early adopters, Patel’s team began growing the cluster and building production-grade services. "We integrated with <a href="https://prometheus.io/">Prometheus</a> for monitoring, with a <a href="https://grafana.com/">Grafana</a> front end; we used <a href="http://www.fluentd.org/">Fluentd</a> to push logs to <a href="https://www.elastic.co/">Elasticsearch</a>, so that gives us log aggregation," says Patel. The team also added dozens of open-source components, including CNCF projects and has made contributions to Kubernetes, Terraform, and kube2iam. -->
+为了支持这些早期使用者，Patel 的团队开始发展集群并构建生产级服务。“我们与<a href="https://prometheus.io/"> Prometheus </a>集成了监控功能，并配有<a href="https://grafana.com/"> Grafana </a>前端；我们使用<a href="http://www.fluentd.org/"> Fluentd </a>将日志推送到<a href="https://www.elastic.co/"> Elasticsearch </a>，从而提供日志聚合”Patel 说。该团队还增加了数十个开源组件，包括 CNCF 项目，而且把这些成果都贡献给了 Kubernetes 、Terraform 和 kube2iam 。
+ <br><br>
+<!-- There are now more than 60 development teams running Kubernetes in Nordstrom Technology, and as success stories have popped up, more teams have gotten on board. "Our initial customer base, the ones who were willing to try this out, are now going and evangelizing to the next set of users," says Patel. "One early adopter had Docker containers and he was not sure how to run it in production. We sat with him and within 15 minutes we deployed it in production. He thought it was amazing, and more people in his org started coming in." -->
+现在有60多个开发团队在 Nordstrom 上运行 Kubernetes ，随着成功案例的涌现，更多的团队加入
+进来。Patel 说：“我们最初的客户群，那些愿意尝试这些的客户群，现在已经开始向后续用户宣传。一个早期使用者拥有 Docker 容器，他不知道如何在生产中运行它。我们和他坐在一起，在15分钟内，我们将其部署到生产中。他认为这是惊人的，他所在的组织更多的人开始加入进来。”
+ <br><br>
+<!-- For Nordstrom Technology, going cloud-native has vastly improved development and operational efficiency. The developers using Kubernetes now deploy faster and can focus on building value in their applications.  One such team started with a 25-minute merge to deploy by launching virtual machines in the cloud. Switching to Kubernetes was a 5x speedup in their process, improving their merge to deploy time to 5 minutes. -->
+对于 Nordstrom 而言，云原生极大地提高了开发和运营
+效率。现在，使用 Kubernetes 的开发人员部署速度更快，可以专注于在其应用程序中构建价值。一个团队从 25 分钟的合并开始，通过在云中启动虚拟机来进行部署。切换到 Kubernetes 的过程速度是原来 5 倍，将合并时间缩短为 5 分钟。
+</div>
+
+<div class="banner5">
+  <div class="banner5text">
+    <!-- "With Kubernetes, without even trying to make our cluster efficient, we are currently at 40 percent CPU utilization—a 10x increase. we are running 2600+ customer pods that would have been 2600+ VMs if they had gone directly to the cloud. We are running them on 40 VMs now, so that’s a huge reduction in operational overhead." -->
+“借助 Kubernetes ，我们甚至不需要尝试去提高群集的效率，目前 CPU 利用率为 40%，较之前增长了 10 倍。我们正在运行 2600 多个客户 pod ，如果它们直接进入云，这些 Pod 将是 2600 多个 VM。我们现在在 40 台 VM 上运行它们，因此这大大降低了运营开销。
+  </div>
+</div>
+
+<div class="fullcol">
+  <!-- Speed is great, and easily demonstrated, but perhaps the bigger impact lies in the operational efficiency. "We run thousands of VMs on AWS, and their overall average CPU utilization is about four percent," says Patel. "With Kubernetes, without even trying to make our cluster efficient, we are currently at 40 percent CPU utilization—a 10x increase. We are running 2600+ customer pods that would have been 2600+ VMs if they had gone directly to the cloud. We are running them on 40 VMs now, so that’s a huge reduction in operational overhead." -->
+速度是伟大的，并且很容易证明，但也许更大的影响在于运营效率。Patel 说：“我们在 AWS 上运行了数千个 VM ，它们的总体平均 CPU 利用率约为 4%。借助 Kubernetes ，我们甚至不需要尝试去提高群集的效率，目前 CPU 利用率为 40%，较之前增长了 10 倍。我们正在运行 2600 多个客户 pod ，如果它们直接进入云，这些 Pod 将是 2600 多个 VM。我们现在在 40 台 VM 上运行它们，因此这大大降低了运营开销。
+<br><br>
+  <!-- Nordstrom Technology is also exploring running Kubernetes on bare metal on premises. "If we can build an on-premises Kubernetes cluster," says Patel, "we could bring the power of cloud to provision resources fast on-premises. Then for the developer, their interface is Kubernetes; they might not even realize or care that their services are now deployed on premises because they’re only working with Kubernetes." -->
+Patel 说：“如果我们能构建一个本地 Kubernetes 集群，我们就能将云的力量带到本地快速调配资源。然后，对于开发人员，他们的接口是Kubernetes；他们甚至可能没有意识到或不关心他们的服务现在部署在内部，因为他们只与 Kubernetes 合作。
+  <!-- For that reason, Patel is eagerly following Kubernetes’ development of multi-cluster capabilities. "With cluster federation, we can have our on-premise as the primary cluster and the cloud as a secondary burstable cluster," he says. "So, when there is an anniversary sale or Black Friday sale, and we need more containers - we can go to the cloud." -->
+因此，Patel 热切关注 Kubernetes 多集群能力的发展。他说：“有了集群联合，我们可以将内部部署作为主群集，将云作为辅助可突发集群。因此,当有周年销售或黑色星期五销售,我们需要更多的容器时，我们可以去云。”
+<br><br>
+  <!-- That kind of possibility—as well as the impact that Grigoriu and Patel’s team has already delivered using Kubernetes—is what led Nordstrom on its cloud native journey in the first place. "The way the retail environment is today, we are trying to build responsiveness and flexibility where we can," says Grigoriu.  "Kubernetes makes it easy to: bring efficiency to both the Dev and Ops side of the equation. It’s a win-win." -->
+这种可能性以及 Grigoriu 和 Patel 的团队已经使用Kubernetes所提供的影响，是 Nordstrom 最初在云原生之旅中所起
+的作用。Grigoriu 说：“在当下的零售模式下，我们正在努力在力所能及的地方建立响应能力和灵活性。Kubernetes 使得为开发端和运维端同时带来效率的提升，这是一个双赢。”
+</div>
+</section>
diff --git a/content/zh/case-studies/nordstrom/nordstrom_featured_logo.png b/content/zh/case-studies/nordstrom/nordstrom_featured_logo.png
new file mode 100644
index 0000000000000..a557ffa82f12e
Binary files /dev/null and b/content/zh/case-studies/nordstrom/nordstrom_featured_logo.png differ
diff --git a/content/zh/case-studies/philips/index.html b/content/zh/case-studies/philips/index.html
new file mode 100644
index 0000000000000..e45d41a776baa
--- /dev/null
+++ b/content/zh/case-studies/philips/index.html
@@ -0,0 +1,4 @@
+---
+title: Philips
+content_url: https://cloud.google.com/customers/philips/
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/philips/philips_logo.png b/content/zh/case-studies/philips/philips_logo.png
new file mode 100644
index 0000000000000..9ba3421a61b81
Binary files /dev/null and b/content/zh/case-studies/philips/philips_logo.png differ
diff --git a/content/zh/case-studies/pokemon-go/index.html b/content/zh/case-studies/pokemon-go/index.html
new file mode 100644
index 0000000000000..ed4e168019236
--- /dev/null
+++ b/content/zh/case-studies/pokemon-go/index.html
@@ -0,0 +1,4 @@
+---
+title: Pokemon GO
+content_url: https://cloudplatform.googleblog.com/2016/09/bringing-Pokemon-GO-to-life-on-Google-Cloud.html
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/pokemon-go/pokemon_go_logo.png b/content/zh/case-studies/pokemon-go/pokemon_go_logo.png
new file mode 100644
index 0000000000000..3cf2b5c7ef63d
Binary files /dev/null and b/content/zh/case-studies/pokemon-go/pokemon_go_logo.png differ
diff --git a/content/zh/case-studies/samsung-sds/index.html b/content/zh/case-studies/samsung-sds/index.html
new file mode 100644
index 0000000000000..db4aa479abc1e
--- /dev/null
+++ b/content/zh/case-studies/samsung-sds/index.html
@@ -0,0 +1,4 @@
+---
+title: Samsung SDS
+content_url: http://www.nextplatform.com/2016/05/24/samsung-experts-put-kubernetes-paces/
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/samsung-sds/sds_logo.png b/content/zh/case-studies/samsung-sds/sds_logo.png
new file mode 100644
index 0000000000000..0a172df65d7e1
Binary files /dev/null and b/content/zh/case-studies/samsung-sds/sds_logo.png differ
diff --git a/content/zh/case-studies/soundcloud/index.html b/content/zh/case-studies/soundcloud/index.html
new file mode 100644
index 0000000000000..c3c99ba715c4c
--- /dev/null
+++ b/content/zh/case-studies/soundcloud/index.html
@@ -0,0 +1,4 @@
+---
+title: SoundCloud
+content_url: https://www.youtube.com/watch?v=5378N5iLb2Q
+---
diff --git a/content/zh/case-studies/soundcloud/soundcloud_logo.png b/content/zh/case-studies/soundcloud/soundcloud_logo.png
new file mode 100644
index 0000000000000..f8c12f05b5edf
Binary files /dev/null and b/content/zh/case-studies/soundcloud/soundcloud_logo.png differ
diff --git a/content/zh/case-studies/squarespace/index.html b/content/zh/case-studies/squarespace/index.html
new file mode 100644
index 0000000000000..b78180f52c295
--- /dev/null
+++ b/content/zh/case-studies/squarespace/index.html
@@ -0,0 +1,224 @@
+---
+title: Squarespace 案例分析
+case_study_styles: true
+cid: caseStudies
+css: /css/style_case_studies.css
+---
+
+<!--
+---
+title: Squarespace Case Study
+case_study_styles: true
+cid: caseStudies
+css: /css/style_case_studies.css
+---
+-->
+
+<!-- <div class="banner1 desktop" style="background-image: url('/images/CaseStudy_squarespace_banner1.jpg')">
+  <h1> CASE STUDY:<img src="/images/squarespace_logo.png" class="header_logo"><br>
+    <div class="subhead">Squarespace: Gaining Productivity and Resilience with Kubernetes</div>
+  </h1>
+</div> -->
+
+<div class="banner1 desktop" style="background-image: url('/images/CaseStudy_squarespace_banner1.jpg')">
+  <h1> 案例分析：<img src="/images/squarespace_logo.png" class="header_logo"><br>
+    <div class="subhead">Squarespace: 借力 Kubernetes 提升效率和可靠性</div>
+  </h1>
+</div>
+
+<!-- <div class="details">
+    Company &nbsp;<b>Squarespace</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>New York, N.Y.</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Software as a Service, Website-Building Platform</b>
+</div> -->
+
+<div class="details">
+    公司名 &nbsp;<b>Squarespace</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;地址 &nbsp;<b>纽约市，纽约州</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>软件服务，网站构建平台</b>
+</div>
+
+<hr>
+<section class="section1">
+<div class="cols">
+  <div class="col1">
+    <!-- <h2>Challenge</h2>
+    Moving from a monolith to microservices in 2014 "solved a problem on the development side, but it pushed that problem to the infrastructure team," says Kevin Lynch, Staff Engineer on the Site Reliability team at Squarespace. "The infrastructure deployment process on our 5,000 VM hosts was slowing everyone down." -->
+    <h2>挑战</h2>
+    自从 2014 年，我们从 monolith 架构移植到微服务架构，
+    “虽然解决了开发端的问题，但却带来了架构组的问题”，Squarespace 网站可靠性组的主任工程师 Kevin Lynch 说道。
+    “5000 个 VM 主机上的部署过程，让每个人都举步维艰。”
+
+    <br>
+    <!-- <h2>Solution</h2>
+    The team experimented with container orchestration platforms, and found that Kubernetes "answered all the questions that we had," says Lynch. The company began running Kubernetes in its data centers in&nbsp;2016. -->
+    <h2>解决方案</h2>
+      网站可靠性组开始尝试使用不同的容器编排平台，然后发现 Kubernetes “解决了我们所有的既有问题”，Lynch 说道。于是整个公司在 2016 年开始在自己的数据中心中运行 Kubernetes 集群。
+  </div>
+
+  <div class="col2">
+
+<!-- <h2>Impact</h2>
+Since Squarespace moved to Kubernetes, in conjunction with modernizing its networking stack, deployment time has been reduced by almost 85%.
+Before, their VM deployment would take half an hour; now, says Lynch, "someone can generate a templated application, deploy it within five minutes,
+and have actual instances containerized, running in our staging environment at that point." Because of that, "productivity time is the big cost saver,"
+he adds. "When we started the Kubernetes project, we had probably a dozen microservices. Today there are twice that in the pipeline being actively worked on."
+Resilience has also been improved with Kubernetes: "If a node goes down, it’s rescheduled immediately and there’s no performance&nbsp;impact." -->
+
+<h2>影响</h2>
+自从 Squarespace 开始全面使用 Kubernetes，伴随着网络技术栈的革新，部署时间大幅减少85%。
+以前，他们的 VM 部署需要耗费半个小时；现在，Lynch 提到，“一个人可以生成一个模板应用，在五分钟内部署，并将实例容器化，并在模拟环境下运行。”正因为如此，“开发效率节省了大量的成本。”
+他又补充道，“当我们开始用 Kubernetes 时，我们可能只有十几个微服务。而现在的任务栏里面已经有两倍多的微服务正在进行中。”
+Kubernetes 也同样提升了可靠性：“如果一个节点宕掉，马上会重新调度一个新的节点，没有任何性能上的影响。”
+
+</div>
+
+</div>
+</section>
+<div class="banner2">
+  <div class="banner2text">
+    <iframe width="560" height="315" src="https://www.youtube.com/embed/feQkzJkW-SA" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
+    <br><br>“一旦你验证了 Kubernetes 可以解决一个问题，每个人都会立即着手解决其它的问题，无需你的布道。”
+<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>— Kevin Lynch，Squarespace 网站可靠性组的主任工程师</span>
+  </div>
+</div>
+<section class="section2">
+<div class="fullcol">
+  <!-- <h2>Since it was started in a dorm room in 2003, Squarespace has made it simple for millions of people to create their own websites.</h2> -->
+  <h2>从 2003 年宿舍起步， Squarespace 已经为数百万人提供了网站构建服务。</h2>
+
+  <!-- Behind the scenes, though, the company’s monolithic Java application was making things not so simple for its developers to keep improving the platform.
+  So in 2014, the company decided to "go down the microservices path," says Kevin Lynch, staff engineer on Squarespace’s Site Reliability team.
+  "But we were always deploying our applications in vCenter VMware VMs [in our own data centers]. Microservices solved a problem on the development side,
+  but it pushed that problem to the Infrastructure team. The infrastructure deployment process on our 5,000 VM hosts was slowing everyone down."<br><br> -->
+
+  但在幕后，公司的单体应用却让开发人员在平台创新上举步维艰。所以在 2014 年，公司决定”走微服务之路”，Kevin Lynch 提到，Squarespace 网站稳定性组的主任工程师。
+  “但是我们还是一直在自己的 vCenter VMware 虚拟机[我们自己的数据中心]上部署应用。微服务解决了开发端的问题，但是让问题转变到了基础架构组这一边。我们在5000个虚拟机主机上的部署流程让每个人的开发效率都提高不起来。”
+
+  <!-- After experimenting with another container orchestration platform and "breaking it in very painful ways," Lynch says,
+  the team began experimenting with Kubernetes in mid-2016 and found that it "answered all the questions that we had."
+  Deploying it in the data center rather than the public cloud was their biggest challenge, and at the time, not a lot of other companies were doing that.
+  "We had to figure out how to deploy this in our infrastructure for ourselves, and we had to integrate it with our other applications," says Lynch.<br><br> -->
+
+  在尝试过另外一个容器编排平台，“非常痛苦地拆解它”，Lynch 说道，我们组开始在 2016 年年中尝试 Kubernetes，发现它“能解决我们所有的问题”。
+  将 Kubernetes 部署在数据中心，而非公有云上是我们最大的挑战，但在当时，并没有很多其它的公司会这么做。
+  “我们必须要自己摸索出如何在自己的基础架构中部署它，我们也必须要将其和我们其它的应用做集成，”Lynch补充道。<br><br>
+
+  <!-- At the same time, Squarespace’s Network Engineering team was modernizing its networking stack, switching from a traditional layer-two network to a layer-three spine-and-leaf network.
+  "It mapped beautifully with what we wanted to do with Kubernetes," says Lynch. "It gives us the ability to have our servers communicate directly with the top-of-rack switches. We use Calico for
+  <a href="https://github.com/containernetworking/cnihttps://github.com/containernetworking/cni">CNI networking for Kubernetes</a>,
+  so we can announce all these individual Kubernetes pod IP addresses and have them integrate seamlessly with our other services that are still provisioned in the VMs." -->
+
+  与此同时，Squarespace 的网络工程组也正在革新它们的网络技术栈，从传统的 L2 网络转变为 L3 脊叶网络架构。
+  “” Lynch 说道，“它给了我们服务器直接通过架顶交换机通信的能力。我们使用 Calico 作为
+  <a href="https://github.com/containernetworking/cnihttps://github.com/containernetworking/cni">Kubernetes 的 CNI 网络插件</a>”，
+  因而，我们可以为每个 Kubernetes pod 分配 IP 地址，并将它们和其它仍在虚拟机中创建的服务无缝衔接。
+
+</div>
+</section>
+
+<div class="banner3" style="background-image: url('/images/CaseStudy_squarespace_banner3.jpg')">
+  <!-- <div class="banner3text">
+    After experimenting with another container orchestration platform and "breaking it in very painful ways,"
+    Lynch says, the team began experimenting with Kubernetes in mid-2016 and found that it "answered all the questions that we had."
+  </div> -->
+  <div class="banner3text">
+    在尝试过另外一个容器编排平台，“非常痛苦地拆解它”，Lynch 说道，我们组开始在 2016 年年中尝试 Kubernetes，发现它“能解决我们所有的问题”。
+  </div>
+</div>
+
+<section class="section3">
+<div class="fullcol">
+  <!-- Within a couple months, they had a stable cluster for their internal use, and began rolling out Kubernetes for production.
+  They also added Zipkin and CNCF projects <a href="https://prometheus.io/">Prometheus</a> and <a href="https://www.fluentd.org/">fluentd</a> to their cloud native stack.
+  "We switched to Kubernetes, a new world, and we revamped all our other tooling as well," says Lynch. "It allowed us to streamline our process,
+  so we can now easily create an entire microservice project from templates, generate the code and deployment pipeline for that, generate the Docker file,
+  and then immediately just ship a workable, deployable project to Kubernetes." Deployments across Dev/QA/Stage/Prod were also "simplified drastically," Lynch adds.
+  "Now there is little configuration variation." -->
+
+  几个月的时间，它们就有了一个稳定的集群供内部使用，并开始在生产环境下使用 Kubernetes。
+  他们同时还在自己的云原生技术栈中用到了 Zipkin 和 CNCF 项目 <a href="https://prometheus.io/">Prometheus</a> and <a href="https://www.fluentd.org/">fluentd</a> 。
+  “我们换到 Kubernetes，就像进入了一个新世界，我们也同时改进了其它的工具，” Lynch 说道。“它让我们简化了流程，因而，我们才能更加方便地从模板中创建整个微服务项目，生成代码和部署管道，生成 Docker 文件，
+  并迅速地将可用的、可部署的项目发布到 Kubernetes 集群上。”在 Dev/QA/Stage/Prod 不同环境间的部署也变得 “异常的简单，” Lynch 补充道。
+  “现在，环境间的配置差异变得很小。”
+
+<br><br>
+  <!-- And the whole process takes only five minutes, an almost 85% reduction in time compared to their VM deployment.
+  "From end to end that probably took half an hour, and that’s not accounting for the fact that an infrastructure engineer would be responsible for doing that,
+  so there’s some business delay in there as well." -->
+
+  而且整个部署过程只需要五分钟，和虚拟机部署相比，几乎节约了 85% 的时间。
+  “从端到端可能要半个小时，这还没有考虑可能需要基础架构工程师来做这方面的工作，因而，也还有一些业务上的延时。”
+<br><br>
+  <!-- With faster deployments, "productivity time is the big cost saver," says Lynch. "We had a team that was implementing a new file storage service,
+  and they just started integrating that with our storage back end without our involvement"—which wouldn’t have been possible before Kubernetes.
+  He adds: "When we started the Kubernetes project, we had probably a dozen microservices. Today there are twice that in the pipeline being actively worked on." -->
+
+  部署变快之后，“开发效率节省了大量的成本，” Lynch 提到，“我们有个组想要实现新的文件存储服务，他们就径直和我们的存储后来做了集成，而不需要我们的参与”，这在采用 Kubernetes 之前是不可想象的。
+  他又补充道：“在我们开始 Kubernetes 项目时，我们可能只有十几个微服务。而现在的任务栏里面已经有两倍多的微服务正在进行中。”
+
+
+
+</div>
+</section>
+<div class="banner4" style="background-image: url('/images/CaseStudy_squarespace_banner4.jpg')">
+  <div class="banner4text">
+  <!-- "We switched to Kubernetes, a new world....It allowed us to streamline our process, so we can now easily create an entire microservice project from templates,"
+  Lynch says. And the whole process takes only five minutes, an almost 85% reduction in time compared to their VM deployment. -->
+
+  “我们换到 Kubernetes，就像进入了一个新世界....它让我们简化了流程，因而，我们才能更加方便地从模板中创建整个微服务项目，”
+  Lynch 说道。整个部署过程只需要五分钟，和虚拟机部署相比，几乎节约了 85% 的时间。
+  </div>
+</div>
+
+<section class="section5" style="padding:0px !important">
+<div class="fullcol">
+  <!-- There’s also been a positive impact on the application’s resilience. "When we’re deploying VMs, we have to build tooling to ensure that a service is
+  spread across racks appropriately and can withstand failure," he says. "Kubernetes just does it. If a node goes down,
+  it’s rescheduled immediately and there’s no performance impact." -->
+
+  同样在应用程序的可靠性方面也有积极的影响。“当我们在部署虚拟机时，我们需要工具来保障服务散布在机架间，可以承受失败，”他说道，“Kubernetes 正好可以做到这一点。如果节点宕掉，可以马上重新调度，没有性能影响。”
+<br><br>
+  <!-- Another big benefit is autoscaling. "It wasn’t really possible with the way we’ve been using VMware," says Lynch, "but now we can just
+  add the appropriate autoscaling features via Kubernetes directly, and boom, it’s scaling up as demand increases. And it worked out of the box." -->
+
+  另一个很大的好处就是扩缩容。“按照我们使用 VMware 的方式，扩缩容好像不可能实现，”Lynch 说道，“但现在，我们可以直接通过 Kubernetes 加入合适的扩缩容功能，然后，随着需求的增加而扩容。开箱即用！”
+<br><br>
+  <!-- For others starting out with Kubernetes, Lynch says his best advice is to "fail fast": "Once you’ve planned things out, just execute.
+  Kubernetes has been really great for trying something out quickly and seeing if it works or not." -->
+
+  针对刚开始使用 Kubernetes 的人，Lynch 说他最后的建议就是“快速失败”：“一旦计划后，马上执行。Kubernetes 真的是非常适合快速实验，看看是否可行。”
+
+</div>
+
+<div class="banner5">
+  <div class="banner5text">
+    <!-- "When we’re deploying VMs, we have to build tooling to ensure that a service is spread across racks appropriately and can withstand failure,"
+    he says. "Kubernetes just does it. If a node goes down, it’s rescheduled immediately and there’s no performance impact." -->
+
+    “当我们在部署虚拟机时，我们需要工具来保障服务散布在机架间，可以承受失败，”他说道，“Kubernetes 正好可以做到这一点。如果节点宕掉，可以马上重新调度，没有性能影响。”
+
+  </div>
+</div>
+
+<div class="fullcol">
+  <!-- Lynch and his team are planning to open source some of the tools they’ve developed to extend Kubernetes and use it as an API itself.
+  The first tool injects dependent applications as containers in a pod.
+  "When you ship an application, usually it comes along with a whole bunch of dependent applications that need to be shipped with that,
+  for example, fluentd for logging," he explains. With this tool, the developer doesn’t need to worry about the configurations. -->
+
+  Lynch 和他的小组正准备开源一些他们的工具，这些工具用来延展 Kubernetes，将其作为 API 使用。
+  第一个工具在 pod 将依赖应用作为容器注入。
+  “当你在发布应用时，常常需要一系列的依赖应用，例如，日志用的 fluentd，” 他解释道。
+  有了这个工具，开发人员就不需要担心配置了。
+
+<br><br>
+  <!-- Going forward, all new services at Squarespace are going into Kubernetes, and the end goal is to convert everything it can. About a quarter of
+  existing services have been migrated. "Our monolithic application is going to be the last one, just because it’s so big and complex," says Lynch.
+  "But now I’m seeing other services get moved over, like the file storage service. Someone just did it and it worked—painlessly. So I believe if we tackle it,
+  it’s probably going to be a lot easier than we fear. Maybe I should just take my own advice and fail fast!" -->
+
+  自此之后，Squarespace 所有新的微服务都将直接部署到 Kubernetes 上，而最终的目标是要扩大到所有的服务上。
+  现在已经有四分之一的服务已经移植完。“我的单体应用将是最后一个被移植的，仅仅是以为它太大、太复杂，”Lynch 说道。
+  “但现在我已经看到其它的服务已经被移植到 Kubernetes 上，例如文件存储服务。有人解决了，而且并不复杂。
+  所以我坚信如果我们着手解决它，很可能回避我们所担心的要轻松许多。也许我应该接受自己的建议，“快速失败”！”
+
+</div>
+
+</section>
diff --git a/content/zh/case-studies/squarespace/squarespace_featured_logo.png b/content/zh/case-studies/squarespace/squarespace_featured_logo.png
new file mode 100644
index 0000000000000..551b6da32119d
Binary files /dev/null and b/content/zh/case-studies/squarespace/squarespace_featured_logo.png differ
diff --git a/content/zh/case-studies/wepay/index.html b/content/zh/case-studies/wepay/index.html
new file mode 100644
index 0000000000000..b8ce8201d5f5b
--- /dev/null
+++ b/content/zh/case-studies/wepay/index.html
@@ -0,0 +1,4 @@
+---
+title: WePay
+content_url: http://thenewstack.io/wepay-kubernetes-changed-business/
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/wepay/wepay_logo.png b/content/zh/case-studies/wepay/wepay_logo.png
new file mode 100644
index 0000000000000..4e35dd8fd694a
Binary files /dev/null and b/content/zh/case-studies/wepay/wepay_logo.png differ
diff --git a/content/zh/case-studies/wikimedia/index.html b/content/zh/case-studies/wikimedia/index.html
new file mode 100644
index 0000000000000..ab6452bfc3ea7
--- /dev/null
+++ b/content/zh/case-studies/wikimedia/index.html
@@ -0,0 +1,118 @@
+---
+title: 案例研究：Wikimedia
+
+class: gridPage
+cid: caseStudies
+---
+
+<section id="hero" class="light-text">
+    <h1> 案例研究：Wikimedia</h1>
+</section>
+
+<section id="mainContent">
+    <main>
+        <div class="content">
+            <!-- <h3 id="caseStudyTitle">Using Kubernetes to Build Tools to Improve the World's Wikis</h3> -->
+<h3 id="caseStudyTitle">利用 Kubernetes 构建工具提升世界的维基</h3>
+            <p>
+                <!-- The non-profit Wikimedia Foundation operates some of the largest collaboratively edited reference projects in the world, including Wikipedia. To help users maintain and use wikis, it runs Wikimedia Tool Labs, a hosting environment for community developers working on tools and bots to help editors and other volunteers do their work, including reducing vandalism. The community around Wikimedia Tool Labs began forming nearly 10 years ago. -->
+非营利的 Wikimedia 基金会运营着一些世界上最大的合作编辑参考项目，包括 Wikipedia。为了帮助用户维护和使用 wiki，它运行 Wikimedia 工具实验室，这是一个托管环境，为社区开发人员工作的工具和机器人，以帮助编辑和其他志愿者做他们的工作，包括减少破坏。Wikimedia 工具实验室周围的社区在近10年前开始形成。
+            </p>
+            <div class="feature">
+                <img src="/images/wikimedia_logo.png" alt="Wikimedia">
+                <p class="quote">
+                    <!-- "Wikimedia Tool Labs is vital for making sure wikis all around the world work as well as they possibly can. Because it's grown organically for almost 10 years, it has become an extremely challenging environment and difficult to maintain. It's like a big ball of mud — you really can't see through it. With Kubernetes, we're simplifying the environment and making it easier for developers to build the tools that make wikis run better." -->
+“ Wikimedia 工具实验室对于确保世界各地的 wiki 尽可能工作至关重要。因为它有机地生长了近10年，它已成为一个极具挑战性的环境，难以维持。它就像一个大的泥球，你真的看不透它。借助 Kubernetes，可以简化环境，使开发人员能够更轻松地构建使 wiki 运行得更好的工具。”
+                </p>
+                <!-- <p class="attrib">— Yuvi Panda, operations engineer at Wikimedia Foundation and Wikimedia Tool Labs</p> -->
+                <p class="attrib">— Yuvi Panda, Wikimedia 基金会和 Wikimedia 工具实验室的运维工程师</p>
+            </div>
+        </div>
+    </main>
+</section>
+
+<section class="bullets">
+    <main>
+        <div class="content">
+            <div class="bullet">
+                <h4>挑战：</h4>
+                <ul>
+                    <!-- <li>Simplify a complex, difficult-to-manage infrastructure</li> -->
+                    <li>简化复杂、难以管理的基础架构</li>
+                    <!-- <li>Allow developers to continue writing tools and bots using existing techniques</li> -->
+                    <li>允许开发人员使用现有技术继续编写工具和机器人</li>
+                </ul>
+            </div>
+            <div class="bullet">
+                <!-- <h4>Why Kubernetes:</h4> -->
+                <h4>为什么要使用 Kubernetes</h4>
+                <ul>
+                    <!-- <li>Wikimedia Tool Labs chose Kubernetes because it can mimic existing workflows, while reducing complexity</li> -->
+                    <li>Wikimedia 工具实验室之所以选择 Kubernetes，是因为它可以模仿现有的工作流程，同时降低复杂性。</li>
+                </ul>
+            </div>
+            <div class="bullet">
+                <!-- <h4>Approach:</h4> -->
+                <h4>解决方案：</h4>
+                <ul>
+                    <!-- <li>Migrate old systems and a complex infrastructure to Kubernetes</li> -->
+                    <li>将旧系统和复杂的基础设施迁移到库贝内特斯</li>
+                </ul>
+            </div>
+            <div class="bullet">
+                <!-- <h4>Results:</h4> -->
+                <h4>结果：</h4>
+                <ul>
+                    <!-- <li>20 percent of web tools that account for more than 40 percent of web traffic now run on Kubernetes</li> -->
+                    <li>占 Web 流量 40% 以上的 Web 工具的 20% 现在都在 Kubernetes 上运行</li>
+                    <!-- <li>A 25-node cluster that keeps up with each new Kubernetes release</li> -->
+                    <li>一个 25 节点集群可跟上每个新 Kubernetes 版本</li>
+                    <!-- <li>Thousands of lines of old code have been deleted, thanks to Kubernetes</li> -->
+                    <li>由于 Kubernetes 数千行旧代码被删除</li>
+                </ul>
+            </div>
+        </div>
+    </main>
+</section>
+
+<section class="details">
+    <main>
+        <div class="content">
+            <!-- <h4>Using Kubernetes to provide tools for maintaining wikis</h4> -->
+            <h4>使用 Kubernetes 提供维护 wiki 的工具</h4>
+            <p>
+                <!-- Wikimedia Tool Labs is run by a staff of four-and-a-half paid employees and two volunteers. The infrastructure didn't make it easy or intuitive for developers to build bots and other tools to make wikis work more easily. Yuvi says, "It's incredibly chaotic. We have lots of Perl and Bash duct tape on top of it. Everything is super fragile." -->
+                Wikimedia 工具实验室由四名半付费员工和两名志愿者管理。基础架构无法使开发人员轻松或直观地构建机器人和其他工具，使 wiki 更易于工作。Yuvi说，“它非常混乱。我们有很多的 Perl 和 Bash 缠绕在上面。一切都是超级脆弱。”
+            </p>
+            <p>
+                <!-- To solve the problem, Wikimedia Tool Labs migrated parts of its infrastructure to Kubernetes, in preparation for eventually moving its entire system. Yuvi said Kubernetes greatly simplifies maintenance. The goal is to allow developers creating bots and other tools to use whatever development methods they want, but make it easier for the Wikimedia Tool Labs to maintain the required infrastructure for hosting and sharing them. -->
+                为了解决这个问题，Wikimedia 工具实验室将其部分基础设施迁移到了 Kubernetes，为最终迁移整个系统做准备。Yuvi 说，Kubernetes 大大简化了维护。目标是允许创建机器人和其他工具的开发人员使用他们想要的任何开发方法，但使 Wikimedia 工具实验室更容易维护托管和共享它们所需的基础结构。
+            </p>
+            <p>
+                <!-- "With Kubernetes, I've been able to remove a lot of our custom-made code, which makes everything easier to maintain. Our users' code also runs in a more stable way than previously," says Yuvi. -->
+                “借助 Kubernetes，我能够删除大量我们定制的代码，这使得所有内容更易于维护。我们的用户代码也以比以前更稳定的方式运行，” Yuvi 说。
+            </p>
+        </div>
+    </main>
+</section>
+
+<section class="details">
+    <main>
+        <div class="content">
+            <!-- <h4>Simplifying infrastructure and keeping wikis running better</h4> -->
+            <h4>简化基础架构让 wiki 更好地运行</h4>
+            <p>
+                <!-- Wikimedia Tool Labs has seen great success with the initial Kubernetes deployment. Old code is being simplified and eliminated, contributing developers don't have to change the way they write their tools and bots, and those tools and bots run in a more stable fashion than they have in the past. The paid staff and volunteers are able to better keep up with fixing issues. -->
+                Wikimedia 工具实验室在最初的 Kubernetes 部署中取得了巨大成功。旧代码正在被简化和消除，使开发人员不必改变他们编写工具和机器人的方式，这些工具和机器人的运行方式比过去更稳定。付费员工和志愿者能够更好地解决问题。
+            </p>
+            <p>
+                <!-- In the future, with a more complete migration to Kubernetes, Wikimedia Tool Labs expects to make it even easier to host and maintain the bots and tools that help run wikis across the world. The tool labs already host approximately 1,300 tools and bots from 800 volunteers, with many more being submitted every day. Twenty percent of the tool labs' web tools that account for more than 60 percent of web traffic now run on Kubernetes. The tool labs has a 25-node cluster that keeps up with each new Kubernetes release. Many existing web tools are migrating to Kubernetes. -->
+                将来，随着更完整的迁移到 Kubernetes，Wikimedia 工具实验室希望使托管和维护帮助在世界各地运行 wiki 的机器人和工具变得更加容易。该工具实验室已经托管了来自 800 名志愿者的大约 1300 个工具和机器人，每天提交更多工具和机器人。占 Web 流量 60% 以上的 20% 的工具实验室 Web 工具现在运行在 Kubernetes 上。该工具实验室有一个 25 节点群集，可跟上每个新的 Kubernetes 版本。许多现有的 Web 工具正在迁移到 Kubernetes。
+            </p>
+            <p>
+                <!-- "Our goal is to make sure that people all over the world can share knowledge as easily as possible. Kubernetes helps with that, by making it easier for wikis everywhere to have the tools they need to thrive," says Yuvi. -->
+                “我们的目标是确保世界各地的人们能够尽可能轻松地分享知识。Kubernetes 通过让世界各地的 wiki 更容易拥有蓬勃发展所需的工具，从而帮助到您，” Yuvi 说。
+            </p>
+        </div>
+    </main>
+</section>
diff --git a/content/zh/case-studies/wikimedia/wikimedia_featured.png b/content/zh/case-studies/wikimedia/wikimedia_featured.png
new file mode 100644
index 0000000000000..7b1f89ac98490
Binary files /dev/null and b/content/zh/case-studies/wikimedia/wikimedia_featured.png differ
diff --git a/content/zh/case-studies/wikimedia/wikimedia_logo.png b/content/zh/case-studies/wikimedia/wikimedia_logo.png
new file mode 100644
index 0000000000000..3ad5b63034204
Binary files /dev/null and b/content/zh/case-studies/wikimedia/wikimedia_logo.png differ
diff --git a/content/zh/case-studies/wink/index.html b/content/zh/case-studies/wink/index.html
new file mode 100644
index 0000000000000..db4fa13964aa9
--- /dev/null
+++ b/content/zh/case-studies/wink/index.html
@@ -0,0 +1,146 @@
+---
+title: 案例研究：Wink
+
+case_study_styles: true
+cid: caseStudies
+css: /css/style_wink.css
+---
+
+<div class="banner1">
+  <!-- <h1>CASE STUDY: <img src="/images/wink_logo.png" width="13%" style="margin-bottom:-4px"><br>
+    <div class="subhead">Cloud-Native Infrastructure Keeps Your Smart Home Connected</div>
+  </h1> -->
+  <h1>案例研究： <img src="/images/wink_logo.png" width="13%" style="margin-bottom:-4px"><br>
+    <div class="subhead">云原生基础设施让你的智能家居互联</div>
+  </h1>
+
+</div>
+
+
+<!-- <div class="details">
+    Company &nbsp;<b>Wink</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>New York, N.Y.</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Internet of Things Platform</b>
+</div> -->
+<div class="details">
+    公司 &nbsp;<b>Wink</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;位置 &nbsp;<b>纽约，纽约州</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>物联网平台</b>
+</div>
+
+<hr>
+
+<section class="section1">
+<div class="cols">
+  <div class="col1">
+
+      <h2>挑战</h2>
+        <!-- Building a low-latency, highly reliable infrastructure to serve communications between millions of connected smart-home devices and the company’s consumer hubs and mobile app, with an emphasis on horizontal scalability, the ability to encrypt everything quickly and connections that could be easily brought back up if anything went wrong. -->
+构建低延迟、高度可靠的基础设施，为数百万互联智能家居设备、公司消费者中心、移动应用之间的通信提供服务，强调水平可扩展性，能够快速加密所有内容和强健的连接。
+        <br><br>
+      <h2>解决方案</h2>
+        <!-- Across-the-board use of a Kubernetes-Docker-CoreOS Container Linux stack.<br><br> -->
+全面使用 Kubernetes-Docker-CoreOS 容器的 Linux 系统。<br><br>
+
+  </div>
+
+  <div class="col2">
+    <h2>影响</h2>
+      <!-- "Two of the biggest American retailers [Home Depot and Walmart] are carrying and promoting the brand and the hardware,” Wink Head of Engineering Kit Klein says proudly – though he adds that "it really comes with a lot of pressure. It’s not a retail situation where you have a lot of tech enthusiasts. These are everyday people who want something that works and have no tolerance for technical excuses.” And that’s further testament to how much faith Klein has in the infrastructure that the Wink team has built. With 80 percent of Wink’s workload running on a unified stack of Kubernetes-Docker-CoreOS, the company has put itself in a position to continually innovate and improve its products and services. Committing to this technology, says Klein, "makes building on top of the infrastructure relatively&nbsp;easy.” -->
+“美国最大的两家零售商 [Home Depot 和 Walmart] 正在使用和推广 Wink 品牌和硬件，” Wink 工程主管 Kit Klein 自豪地说，不过他补充道，“这确实带来了很大的压力。这不是普通的零售商客户像技术狂热者一样追求前沿技术。这些人每天都在想要一些行之有效的东西，并且不会容忍技术方面的借口。”这进一步证明了 Klein 对 Wink 团队所构建的基础设施有多大的信心。由于 Wink 80% 的工作量在 Kubernetes-Docker-CoreOS 的统一堆栈上运行，公司已使自己能够不断创新和改进其产品和服务。克莱因说，致力于这项技术“使得在基础设施之上的建设相对容易。”
+  </div>
+
+</div>
+</section>
+
+
+<div class="banner2">
+  <div class="banner2text">
+      <!-- "It’s not proprietary, it’s totally open, it’s really portable. You can run all the workloads across different cloud providers. You can easily run a hybrid AWS or even bring in your own data center. That’s the benefit of having everything unified on one open source Kubernetes-Docker-CoreOS Container Linux stack. There are massive security benefits if you only have one Linux distro/machine image to validate. The benefits are enormous because you save money, and you save time.”<br><br><span style="font-size:15px;letter-spacing:0.08em">- KIT KLEIN, HEAD OF ENGINEERING, WINK</span> -->
+“它不是专有的，它是完全开放的，它非常可移植。你可以跨不同的云提供商运行所有工作负载。你可以轻松地运行混合形式的 AWS，甚至引入你自己的数据中心。这就是在一个开源 Kubernetes-Docker-CoreOS 容器 Linux 系统上统一所有内容的好处。如果你只有一个 Linux 发行版/计算机映像进行验证，则具有巨大的安全优势。好处是巨大的，因为即省钱又省时间。<br><br><span style="font-size:15px;letter-spacing:0.08em">- KIT KLEIN, WINK 工程主管</span>
+
+  </div>
+</div>
+
+
+<section class="section2">
+  <div class="fullcol">
+      <!-- <h2>How many people does it take to turn on a light bulb?</h2> -->
+<h2>打开一个灯泡需要多少人？</h2>
+
+      <!-- Kit Klein whips out his phone to demonstrate. With a few swipes, the head of engineering at Wink pulls up the smart-home app created by the New York City-based company and taps the light button. "Honestly when you’re holding the phone and you’re hitting the light,” he says, "by the time you feel the pressure of your finger on the screen, it’s on. It takes as long as the signal to travel to your brain.”<br><br> -->
+Kit Klein 拿出他的手机进行演示。只需轻扫几下，Wink 的工程主管打开由一家纽约公司开发的智能家居应用程序，然后轻触灯光按钮。“老实说，当你拿着手机，意味着你控制着灯光，”他说，“当你感觉到你的手指在屏幕上的压力，灯就打开了。开灯就和触觉反馈到你的大脑一样快。”<br><br>
+      <!-- Sure, it takes just one finger and less than 200 milliseconds to turn on the light – or lock a door or change a thermostat. But what allows Wink to help consumers manage their connected smart-home products with such speed and ease is a sophisticated, cloud native infrastructure that Klein and his team built and continue to develop using a unified stack of CoreOS, the open-source operating system designed for clustered deployments, and Kubernetes, an open-source platform for automating deployment, scaling, and operations of application containers across clusters of hosts, providing container-centric infrastructure. "When you have a big, complex network of interdependent microservices that need to be able to discover each other, and need to be horizontally scalable and tolerant to failure, that’s what this is really optimized for,” says Klein. "A lot of people end up relying on proprietary services [offered by some big cloud providers] to do some of this stuff, but what you get by adopting CoreOS/Kubernetes is portability, to not be locked in to anyone. You can really make your own fate.”<br><br> -->
+当然，只需一根手指，不到 200 毫秒即可打开灯，或锁上门或更换恒温器。但是，让 Wink 能够帮助消费者以如此快速和轻松的速度管理其互联智能家居产品的是一个复杂的云原生基础架构，Klein 和他的团队使用开源的 CoreOS 统一系统构建并继续开发专为集群部署设计的操作系统和 Kubernetes，Kubernetes 是一个开源平台，用于跨主机集群自动部署、扩展和操作应用程序容器，提供以容器为中心的基础结构。Klein 说：“当你拥有一个庞大而复杂的相互依赖的微服务网络，需要能够发现彼此，并且需要水平可伸缩和对故障的容忍度时，这就是真正优化的原因。”“很多人最终依靠一些大型云提供商提供的专有服务来执行某些操作，但通过采用 CoreOS/Kubernetes 获得的是可移植性，而不是依赖于固定的某人。你真的可以决定自己的命运。“”<br><br>
+      <!-- Indeed, Wink did. The company’s mission statement is to make the connected home accessible – that is, user-friendly for non-technical owners, affordable and perhaps most importantly, reliable. "If you can’t trust that when you hit the switch, you know a light is going to go on, or if you’re remote and you’re checking on your house and that information isn’t accurate, then the convenience of the system is lost,” says Klein. "So that’s where the infrastructure comes in.”<br><br> -->
+事实上，Wink 做到了。公司的使命是使家庭互联无障碍，即对非技术业主来说，用户友好，价格合理，也许最重要的是，可靠。Klein 说：“如果你不相信，当你点击开关时就可以打开一盏灯，或者你在远处使用手机检查你的房子，但是反馈信息不准确，那么系统的便利性就会丧失。”这就是基础架构的用处。<br><br>
+      <!-- Wink was incubated within Quirky, a company that developed crowd-sourced inventions. The Wink app was first introduced in 2013, and at the time, it controlled only a few consumer products such as the PivotPower Strip that Quirky produced in collaboration with GE. As smart-home products proliferated, Wink was launched in 2014 in Home Depot stores nationwide. Its first project: a hub that could integrate with smart products from about a dozen brands like Honeywell and Chamberlain. The biggest challenge would be to build the infrastructure to serve all those communications between the hub and the products, with a focus on maximizing reliability and minimizing latency.<br><br> -->
+Wink 是在 Quirky 公司孵化的，该公司开发众包产品。Wink 应用程序于 2013 年首次推出，当时，它只控制了少数消费类产品，如 Quirky 与 GE 合作生产的 PivotPower Strip。随着智能家居产品的激增，Wink 于 2014 年在全国的 Home Depot 商店推出。其第一个项目：可以与 Honeywell 和 Chamberlain 等十几个品牌的智能产品集成的平台。最大的挑战是构建基础设施，为信息中心和产品之间的所有这些通信提供服务，重点是最大限度地提高可靠性和最小化延迟。<br><br>
+      <!-- "When we originally started out, we were moving very fast trying to get the first product to market, the minimum viable product,” says Klein. "Lots of times you go down a path and end up having to backtrack and try different things. But in this particular case, we did a lot of the work up front, which led to us making a really sound decision to deploy it on CoreOS Container Linux. And that was very early in the life of it.” -->
+Klein 说：“当我们最初推出时，我们正以非常快的速度尝试将第一个产品推向市场，即最低可行产品。”“很多时候，你走一条路，最终不得不回头尝试不同的东西。但是在这个特殊的情况下，我们预先做了许多工作，这导致我们作出了一个真正明智的决定，将其部署到使用 CoreOS 容器的 Linux 上。而且是在项目伊始时就这么做了。”
+
+  </div>
+</section>
+
+<div class="banner3">
+  <div class="banner3text">
+    <!-- "...what you get by adopting CoreOS/Kubernetes is portability, to not be locked in to anyone. You can really make your own fate.” -->
+“...通过 CoreOS/Kubernetes 带来的可移植性，你可以不依赖于任何人。你真的可以决定自己的命运。”
+  </div>
+</div>
+
+<section class="section3">
+  <div class="fullcol">
+    <!-- Concern number one: Wink’s products need to connect to consumer devices in people’s homes, behind a firewall. "You don’t have an end point like a URL, and you don’t even know what ports are open behind that firewall,” Klein explains. "So you essentially need to have this thing wake up and talk to your system and then open real-time, bidirectional communication between the cloud and the device. And it’s really, really important that it’s persistent because you want to decrease as much as possible the overhead of sending a message – you never know when someone is going to turn on the lights.”<br><br> -->
+关注第一：Wink 的产品需要连接到人们家中在防火墙后面的消费设备。Klein 解释道：“由于没有 URL 这样的端点，你甚至不需要知道防火墙后面打开了哪些端口。”“因此，你基本上需要唤醒这些设备，然后与你的系统通信，然后在云和设备之间打开实时、双向通信。持续的连接真的非常重要，因为你希望尽可能减少发送消息的开销，你永远不知道什么时候有人会开灯。”<br><br>
+    <!-- With the earliest version of the Wink Hub, when you decided to turn your lights on or off, the request would be sent to the cloud and then executed. Subsequent updates to Wink’s software enabled local control, cutting latency down to about 10 milliseconds for many devices. But with the need for cloud-enabled integrations of an ever-growing ecosystem of smart home products, low-latency internet connectivity is still a critical consideration. -->
+使用 Wink Hub 的最早版本，当你决定打开或关闭灯光时，请求将发送到云，然后执行。Wink 软件的后续更新启用了本地控制，将许多设备的延迟缩短到大约 10 毫秒。但是，由于需要云支持的智能家居产品生态系统的集成，低延迟互联网连接仍然是一个关键的考虑因素。
+    <br><br>
+    <!-- <h2>"You essentially need to have this thing wake up and talk to your system and then open real-time, bidirectional communication between the cloud and the device. And it’s really, really important that it’s persistent...you never know when someone is going to turn on the&nbsp;lights.”</h2> -->
+<h2>“你基本上需要唤醒此设备，然后与你的系统通信，然后在云和设备之间打开实时、双向通信。持续的连接真的非常重要，你永远不知道什么时候有人会开灯。”</h2>
+    <!-- In addition, Wink had other requirements: horizontal scalability, the ability to encrypt everything quickly, connections that could be easily brought back up if something went wrong. "Looking at this whole structure we started, we decided to make a secure socket-based service,” says Klein. "We’ve always used, I would say, some sort of clustering technology to deploy our services and so the decision we came to was, this thing is going to be containerized, running on Docker.”<br><br> -->
+此外，Wink 还有其他要求：水平可扩展性、快速加密所有内容的能力、在出现问题时可以轻松恢复的连接。Klein 说：“从一开始的整个结构来看，我们决定提供基于套接字的安全服务。”“我们总是使用某种集群技术来部署我们的服务，因此我们决定，这东西将被容器化，在 Docker 上运行。”<br><br>
+    <!-- At the time – just over two years ago – Docker wasn’t yet widely used, but as Klein points out, "it was certainly understood by the people who were on the frontier of technology. We started looking at potential technologies that existed. One of the limiting factors was that we needed to deploy multi-port non-http/https services. It wasn’t really appropriate for some of the early cluster technology. We liked the project a lot and we ended up using it on other stuff for a while, but initially it was too targeted toward http workloads.”<br><br> -->
+当时，就在两年多前，Docker 还没有被广泛使用，但是正如 Klein 指出的，“技术前沿的人们当然理解它。我们开始研究现有的潜在技术。限制因素之一是我们需要部署多端口非 http/https 服务。它并不真正适合某些早期的集群技术。我们非常喜欢这个项目，最后在其它东西上使用了一段时间，但最初它过于针对 http 工作负载。”<br><br>
+    <!-- Once Wink’s backend engineering team decided on a Dockerized workload, they had to make decisions about the OS and the container orchestration platform. "Obviously you can’t just start the containers and hope everything goes well,” Klein says with a laugh. "You need to have a system that is helpful [in order] to manage where the workloads are being distributed out to. And when the container inevitably dies or something like that, to restart it, you have a load balancer. All sorts of housekeeping work is needed to have a robust infrastructure.” -->
+Wink 的后端工程团队决定使用 Docker 化的工作负载后，就不得不就操作系统和容器编排平台做出决定。Klein 笑着说：“很明显，你不能只是启动容器，希望一切顺利。”“你需要有一个有用的系统，以便管理工作负载的分发位置。当容器不可避免地死亡或类似的东西，重新启动它，你得有一个负载平衡器。要拥有强大的基础设施，需要进行各种内部事务管理工作。”
+
+  </div>
+</section>
+
+  <div class="banner4">
+    <div class="banner4text">
+    <!-- "Obviously you can’t just start the containers and hope everything goes well,” Klein says with a laugh. "You need to have a system that is helpful [in order] to manage where the workloads are being distributed out to. And when the container inevitably dies or something like that, to restart it, you have a load balancer. All sorts of housekeeping work is needed to have a robust infrastructure.” -->
+Klein 笑着说：“很明显，你不能只是启动容器，希望一切顺利。”“你需要有一个有用的系统，以便管理工作负载的分发位置。当容器不可避免地死亡或类似的东西，重新启动它，你得有一个负载平衡器。要拥有强大的基础设施，需要进行各种内部事务管理工作。”
+    </div>
+  </div>
+
+<section class="section4">
+  <div class="fullcol">
+    <!-- Wink considered building directly on a general purpose Linux distro like Ubuntu (which would have required installing tools to run a containerized workload) and cluster management systems like Mesos (which was targeted toward enterprises with larger teams/workloads), but ultimately set their sights on CoreOS Container Linux. "A container-optimized Linux distribution system was exactly what we needed,” he says. "We didn’t have to futz around with trying to take something like a Linux distro and install everything. It’s got a built-in container orchestration system, which is Fleet, and an easy-to-use API. It’s not as feature-rich as some of the heavier solutions, but we realized that, at that moment, it was exactly what we needed.”<br><br> -->
+Wink 考虑直接在通用 Linux 发行版（需要安装工具来运行容器化工作负载）和集群管理系统如 Mesos（面向拥有较大团队的企业）的基础上构建，但最终将目光投向了使用 CoreOS 容器的 Linux。“一个容器优化的Linux分发系统正是我们需要的，”他说。“我们不必为了尝试采用 Linux 发行版之类的东西来安装所有内容而四处奔波。它有一个内置的容器编排系统，Fleet ，和一个易于使用的 API。它不像一些较重的解决方案那样具有丰富的功能，但我们意识到，在那一刻，这正是我们需要的。”<br><br>
+    <!-- Wink’s hub (along with a revamped app) was introduced in July 2014 with a short-term deployment, and within the first month, they had moved the service to the Dockerized CoreOS deployment. Since then, they’ve moved almost every other piece of their infrastructure – from third-party cloud-to-cloud integrations to their customer service and payment portals – onto CoreOS Container Linux clusters. <br><br> -->
+Wink 的核心（以及经过改进的应用程序）于 2014 年 7 月推出，并进行了短期部署，并在第一个月内将服务转移到 Docker 化的 CoreOS 上部署。自那时以来，他们几乎将基础设施的其他所有部分（从第三方云到云的集成迁移到其客户服务和支付门户）迁移到使用 CoreOS 容器的 Linux 集群上。<br><br>
+    <!-- Using this setup did require some customization. "Fleet is really nice as a basic container orchestration system, but it doesn’t take care of routing, sharing configurations, secrets, et cetera, among instances of a service,” Klein says. "All of those layers of functionality can be implemented, of course, but if you don’t want to spend a lot of time writing unit files manually – which of course nobody does – you need to create a tool to automate some of that, which we did.”<br><br> -->
+使用此设置确实需要一些额外的配置。Klein 说：“ Fleet 作为一个基本的容器编排系统确实很好，但它不负责服务实例之间的路由、配置共享、加密等。当然，所有这些功能层都可以实现，但如果你不想花费大量时间手动编写单元文件（当然没有人这样做），则需要创建一个工具来自动执行其中一些文件，我们做到了。”<br><br>
+    <!-- Wink quickly embraced the Kubernetes container cluster manager when it was launched in 2015 and integrated with CoreOS core technology, and as promised, it ended up providing the features Wink wanted and had planned to build. "If not for Kubernetes, we likely would have taken the logic and library we implemented for the automation tool that we created, and would have used it in a higher level abstraction and tool that could be used by non-DevOps engineers from the command line to create and manage clusters,” Klein says. "But Kubernetes made that totally unnecessary – and is written and maintained by people with a lot more experience in cluster management than us, so all the better.” Now, an estimated 80 percent of Wink’s workload is run on Kubernetes on top of CoreOS Container Linux. -->
+Wink 在 2015 年推出并集成了 CoreOS 核心技术时，很快接受了 Kubernetes 容器集群管理器，正如所承诺的那样，它最终提供了 Wink 想要的功能，并计划构建这些功能。“如果不是 Kubernetes，我们很可能采用我们为所创建的自动化工具实现的逻辑和库，并将它用于更高级别的抽象和工具，这些抽象和工具可供命令行中的非 DevOps 工程师使用，以创建和管理集群，” Klein 说。“但 Kubernetes 完全没有必要这样做，并且由比我们在集群管理方面有经验更丰富的人编写和维护，因此更好。现在，估计 Wink 80% 的工作负载是在使用 CoreOS 容器的 Linux 之上的 Kubernetes 上运行。”
+
+  </div>
+</section>
+
+  <div class="banner5">
+    <div class="banner5text">
+      <!-- "Stay close to the development. Understand why decisions are being made. If you understand the intent behind the project, from the technological intent to a certain philosophical intent, then it helps you understand how to build your system in harmony with those systems as opposed to trying to work against it.” -->
+“同发展保持同步。了解决策原因。如果你了解项目背后的意图，从技术意图到某种哲学意图，那么它可以帮助你了解如何与这些系统和谐地构建系统，而不是试图与之对抗。”
+    </div>
+  </div>
+
+<section class="section5">
+  <div class="fullcol">
+    <!-- Wink’s reasons for going all in are clear: "It’s not proprietary, it’s totally open, it’s really portable,” Klein says. "You can run all the workloads across different cloud providers. You can easily run a hybrid AWS or even bring in your own data center. That’s the benefit of having everything unified on one Kubernetes-Docker-CoreOS Container Linux stack. There are massive security benefits if you only have one Linux distro to try to validate. The benefits are enormous because you save money, you save time.”<br><br> -->
+Wink 的去向理由很明确：“它不是专有的，它是完全开放的，它真的很便携，” Klein 说，“它很可移植。你可以跨不同的云提供商运行所有工作负载。你可以轻松地运行混合 AWS，甚至引入你自己的数据中心。这就是在一个使用 Kubernetes-Docker-CoreOS 容器的 Linux 系统上统一所有内容的好处。如果你只有一个 Linux 发行版来尝试验证，则具有巨大的安全优势。好处是巨大的，因为既省钱又省时间。”
+    <!-- Klein concedes that there are tradeoffs in every technology decision. "Cutting-edge technology is going to be scary for some people,” he says. "In order to take advantage of this, you really have to keep up with the technology. You can’t treat it like it’s a black box. Stay close to the development. Understand why decisions are being made. If you understand the intent behind the project, from the technological intent to a certain philosophical intent, then it helps you understand how to build your system in harmony with those systems as opposed to trying to work against it.”<br><br> -->
+Klein 承认，每个技术决策都有权衡。他表示：“对一些人来说，尖端技术将非常可怕。”“为了利用这一优势，你确实必须跟上技术。你不能把它当作一个黑盒子。同发展保持同步。了解决策原因。如果你了解项目背后的意图，从技术意图到某种哲学意图，那么它可以帮助你了解如何与这些系统和谐地构建系统，而不是试图与之对抗。”
+    <!-- Wink, which was acquired by Flex in 2015, now controls 2.3 million connected devices in households all over the country. What’s next for the company? A new version of the hub - Wink Hub 2 - hit shelves last November – and is being offered for the first time at Walmart stores in addition to Home Depot. "Two of the biggest American retailers are carrying and promoting the brand and the hardware,” Klein says proudly – though he adds that "it really comes with a lot of pressure. It’s not a retail situation where you have a lot of tech enthusiasts. These are everyday people who want something that works and have no tolerance for technical excuses.” And that’s further testament to how much faith Klein has in the infrastructure that the Wink team has have built.<br><br> -->
+Wink 于 2015 年被 Flex 收购，目前控制着全国 230 万台联网设备。公司下一步怎么办？去年11月，一款新版的 “Wink Hub 2”上架，除 Home Depot 外，Walmart 商店还首次上市。Klein 自豪地说：“美国最大的两家零售商都正在使用和推广 Wink 品牌和硬件，”不过他补充道，“这确实带来了很大的压力。这不是普通的零售商客户像技术狂热者一样追求前沿技术。这些人每天都在想要一些行之有效的东西，并且不会容忍技术方面的借口。这进一步证明了 Klein 对 Wink 团队所构建的基础设施有多大的信心。”
+    <!-- Wink’s engineering team has grown exponentially since its early days, and behind the scenes, Klein is most excited about the machine learning Wink is using. "We built [a system of] containerized small sections of the data pipeline that feed each other and can have multiple outputs,” he says. "It’s like data pipelines as microservices.” Again, Klein points to having a unified stack running on CoreOS Container Linux and Kubernetes as the primary driver for the innovations to come. "You’re not reinventing the wheel every time,” he says. "You can just get down to work.”   -->
+Wink 的工程团队从早期起就呈指数级增长，在幕后，Klein 对 Wink 使用的机器学习感到非常兴奋。“我们构建了一个数据管道的容器化小段系统，这些部分对整个团队都是有益的，并且可以有多个输出，”他说。“这就像数据管道作为微服务。”同样，Klein 指出，在使用 CoreOS 容器的 Linux 和 Kubernetes 上运行统一的系统是未来的创新的主要驱动力。“你不是每次都在重新发明轮子，”他说。“你可以专注于业务进行开发。”
+</div>
+</section>
diff --git a/content/zh/case-studies/wink/wink_featured.png b/content/zh/case-studies/wink/wink_featured.png
new file mode 100644
index 0000000000000..3c01133bef701
Binary files /dev/null and b/content/zh/case-studies/wink/wink_featured.png differ
diff --git a/content/zh/case-studies/wink/wink_logo.png b/content/zh/case-studies/wink/wink_logo.png
new file mode 100644
index 0000000000000..ef2ee30bf3a46
Binary files /dev/null and b/content/zh/case-studies/wink/wink_logo.png differ
diff --git a/content/zh/case-studies/workiva/index.html b/content/zh/case-studies/workiva/index.html
new file mode 100644
index 0000000000000..9b6a811c1ce57
--- /dev/null
+++ b/content/zh/case-studies/workiva/index.html
@@ -0,0 +1,147 @@
+---
+title: 案例研究：Workiva
+
+case_study_styles: true
+cid: caseStudies
+css: /css/style_workiva.css
+---
+
+<div class="banner1">
+  <!-- <h1> CASE STUDY:<img src="/images/workiva_logo.png" style="margin-bottom:0%" class="header_logo"><br> <div class="subhead">Using OpenTracing to Help Pinpoint the Bottlenecks
+
+</div></h1> -->
+  <h1> 案例研究：<img src="/images/workiva_logo.png" style="margin-bottom:0%" class="header_logo"><br> <div class="subhead">使用 OpenTracing 帮助查找瓶颈
+
+</div></h1>
+
+
+</div>
+
+<!-- <div class="details">
+    Company &nbsp;<b>Workiva</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>Ames, Iowa</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Enterprise Software</b>
+</div> -->
+<div class="details">
+    公司 &nbsp;<b>Workiva</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>艾姆斯，爱荷华州</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>企业软件</b>
+</div>
+
+
+<hr>
+<section class="section1">
+<div class="cols">
+  <div class="col1">
+    <h2>挑战</h2>
+    <!-- <a href="https://www.workiva.com/">Workiva</a> offers a cloud-based platform for managing and reporting business data. This SaaS product, Wdesk, is used by more than 70 percent of the Fortune 500 companies. As the company made the shift from a monolith to a more distributed, microservice-based system, "We had a number of people working on this, all on different teams, so we needed to identify what the issues were and where the bottlenecks were," says Senior Software Architect MacLeod Broad. With back-end code running on Google App Engine, Google Compute Engine, as well as Amazon Web Services, Workiva needed a tracing system that was agnostic of platform. While preparing one of the company’s first products utilizing AWS, which involved a "sync and link" feature that linked data from spreadsheets built in the new application with documents created in the old application on Workiva’s existing system, Broad’s team found an ideal use case for tracing: There were circular dependencies, and optimizations often turned out to be micro-optimizations that didn’t impact overall speed. -->
+<a href="https://www.workiva.com/">Workiva</a>提供了一个基于云的平台，用于管理和报告业务数据。此 SaaS 产品 Wdesk 被 70% 以上的财富 500 强企业使用。随着公司从单体系统向更分散的基于微服务的系统转变，“我们有许多人在研究这个问题，他们都在不同的团队中，所以我们需要确定问题是什么，瓶颈在哪里，”高级软件架构师 MacLeod Broad 说。随着后端代码在 Google App Engine，Google Compute Engine，以及 Amazon Web Services 上运行，Workiva 需要一个还未被开发的跟踪系统。在准备公司首批使用 AWS 的产品时，Broad 的团队将新应用程序中构建的电子表格数据与 Workiva 现有系统上的旧应用程序中创建的文档相关联，该功能涉及“同步和链接”功能，从而发现了一个理想的跟踪用例：存在循环依赖关系，而优化通常证明是不影响整体速度的微优化。
+
+<br>
+
+</div>
+
+<div class="col2">
+ <h2>解决方案</h2>
+    <!-- Broad’s team introduced the platform-agnostic distributed tracing system OpenTracing to help them pinpoint the bottlenecks.  -->
+Broad 的团队推出了与平台无关的分布式跟踪系统 OpenTracing，帮助他们找出瓶颈。
+<br>
+<h2>影响</h2>
+  <!-- Now used throughout the company, OpenTracing produced immediate results. Software Engineer Michael Davis reports: "Tracing has given us immediate, actionable insight into how to improve our service. Through a combination of seeing where each call spends its time, as well as which calls are most often used, we were able to reduce our average response time by 95 percent (from 600ms to 30ms) in a single fix." -->
+现在在整个公司使用，OpenTracing 产生了立竿见影的效果。软件工程师 Michael Davis 报告说：“跟踪让我们能够立即了解如何改进我们的服务。通过查看每个调用的花费时间以及最常使用哪些调用的组合，我们能够在单个修复中将平均响应时间减少 95%（从 600ms 到 30ms）。”
+
+</div>
+
+</div>
+</section>
+<div class="banner2">
+  <div class="banner2text">
+<!-- "With OpenTracing, my team was able to look at a trace and make optimization suggestions to another team without ever looking at their code." <span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— MacLeod Broad, Senior Software Architect at Workiva</span> -->
+使用 OpenTracing，我的团队能够查看跟踪，并针对其他团队提出优化建议，而无需查看他们的代码。<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— MacLeod Broad, Workiva 高级软件架构师</span>
+
+  </div>
+</div>
+<section class="section2">
+<div class="fullcol">
+  <!-- <h2>Last fall, MacLeod Broad’s platform team at Workiva was prepping one of the company’s first products utilizing <a href="https://aws.amazon.com/">Amazon Web Services</a> when they ran into a roadblock.</h2> -->
+<h2>去年秋天，MacLeod Broad 在 Workiva 的平台团队在准备该公司的首批产品之一，当遇到障碍时就使用 <a href="https://aws.amazon.com/">Amazon Web Services</a> 。</h2>
+  <!-- Early on, Workiva’s backend had run mostly on <a href="https://cloud.google.com/appengine/">Google App Engine</a>. But things changed along the way as Workiva’s SaaS offering, <a href="https://www.workiva.com/wdesk">Wdesk</a>, a cloud-based platform for managing and reporting business data, grew its customer base to more than 70 percent of the Fortune 500 companies. "As customer needs grew and the product offering expanded, we started to leverage a wider offering of services such as Amazon Web Services as well as other Google Cloud Platform services, creating a multi-vendor environment."<br><br> -->
+早期，Workiva 的后端主要运行在<a href="https://cloud.google.com/appengine/">Google App Engine</a>上。但随着 Workiva 的 SaaS 产品，<a href="https://www.workiva.com/wdesk">Wdesk</a>，一种基于云的管理和报告业务数据平台，将客户群增长到财富 500 强公司的 70% 以上，情况发生了变化。“随着客户需求的增长和产品供应的扩大，我们开始利用更广泛的服务，如 Amazon Web Services 以及其他 Google Cloud Platform 服务，从而创建一个多供应商环境。”
+
+<!-- With this new product, there was a "sync and link" feature by which data "went through a whole host of services starting with the new spreadsheet system [<a href="https://aws.amazon.com/rds/aurora/">Amazon Aurora</a>] into what we called our linking system, and then pushed through http to our existing system, and then a number of calculations would go on, and the results would be transmitted back into the new system," says Broad. "We were trying to optimize that for speed. We thought we had made this great optimization and then it would turn out to be a micro optimization, which didn’t really affect the overall speed of things." <br><br> -->
+有了这个新产品，具备“同步和链接”功能，通过它，数据“经历了一大堆服务，从新的电子表格系统[<a href="https://aws.amazon.com/rds/aurora/">Amazon Aurora</a>]到我们所谓的链接系统，然后通过 http 推送到我们现有的系统，然后进行一些计算，结果将传回新系统，”Broad 说。“我们当时进行优化是为了速度。我们认为做了这种极好的优化，然后它会变成一个微观优化，这并没有真正影响系统的整体速度。”<br><br>
+<!-- The challenges faced by Broad’s team may sound familiar to other companies that have also made the shift from monoliths to more distributed, microservice-based systems. "We had a number of people working on this, all on different teams, so it was difficult to get our head around what the issues were and where the bottlenecks were," says Broad.<br><br> -->
+Broad 团队面临的挑战听起来可能为其他公司所熟悉，这些公司也从单体系统转向更分散的基于微服务的系统。Broad 说：“我们有许多人从事这方面的工作，他们都在不同的团队中，因此很难了解问题是什么以及瓶颈在哪里。”<br><br>
+ <!-- "Each service team was going through different iterations of their architecture and it was very hard to follow what was actually going on in each teams’ system," he adds. "We had circular dependencies where we’d have three or four different service teams unsure of where the issues really were, requiring a lot of back and forth communication. So we wasted a lot of time saying, ‘What part of this is slow? Which part of this is sometimes slow depending on the use case? Which part is degrading over time? Which part of this process is asynchronous so it doesn’t really matter if it’s long-running or not? What are we doing that’s redundant, and which part of this is buggy?’" -->
+“每个服务团队都经历着不同的架构迭代，很难了解每个团队系统中的实际内容，”他补充道。“我们有循环依赖关系，其中有三个或四个不同的服务团队不确定问题的真正位置，需要大量的来回沟通。因此，我们浪费了很多时间说，‘这个哪一部分比较慢？根据应用场景的不同，哪一部分有时很慢？随着时间推移，哪一部分会逐渐变慢？这个进程的哪一部分是异步的，因此，它是否长时间运行并不重要？我们在做的哪些是多余的，其中哪一部分是错误？’”
+
+
+</div>
+</section>
+<div class="banner3">
+  <div class="banner3text">
+    <!-- "A tracing system can at a glance explain an architecture, narrow down a performance bottleneck and zero in on it, and generally just help direct an investigation at a high level. Being able to do that at a glance is much faster than at a meeting or with three days of debugging, and it’s a lot faster than never figuring out the problem and just moving on."<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— MACLEOD BROAD, SENIOR SOFTWARE ARCHITECT AT WORKIVA</span> -->
+    “跟踪系统可以一目了然地解释体系结构，缩小性能瓶颈并归零，通常只是帮助指导高级别的调查。一眼就能做到这一点，比在会议或三天的调试中要快得多，而且比从来不找出问题得过且过要快得多。”<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— MACLEOD BROAD, WORKIVA 高级软件架构师</span>
+
+  </div>
+</div>
+<section class="section3">
+<div class="fullcol">
+
+<!-- Simply put, it was an ideal use case for tracing. "A tracing system can at a glance explain an architecture, narrow down a performance bottleneck and zero in on it, and generally just help direct an investigation at a high level," says Broad. "Being able to do that at a glance is much faster than at a meeting or with three days of debugging, and it’s a lot faster than never figuring out the problem and just moving on."<br><br> -->
+简而言之，它是跟踪的理想用例。Broad 说：“跟踪系统可以一目了然地解释体系结构，缩小性能瓶颈并归零，通常只是帮助在高级别指导调查。”“一眼就能做到这一点，比在会议或三天的调试中要快得多，而且比从不找出问题得过且过要快得多。”<br><br>
+<!-- With Workiva’s back-end code running on <a href="https://cloud.google.com/compute/">Google Compute Engine</a> as well as App Engine and AWS, Broad knew that he needed a tracing system that was platform agnostic. "We were looking at different tracing solutions," he says, "and we decided that because it seemed to be a very evolving market, we didn’t want to get stuck with one vendor. So OpenTracing seemed like the cleanest way to avoid vendor lock-in on what backend we actually had to use."<br><br> -->
+Workiva 的后端代码在 <a href="https://cloud.google.com/compute/">Google Compute Engine</a> 、App Engine 和 AWS 上运行，Broad 知道他需要一个与平台无关的跟踪系统。“我们正在研究不同的追踪解决方案，”他说，“我们决定，由于市场似乎是一个不断发展的市场，我们不想被一个供应商卡住。因此，OpenTracing 似乎是避免供应商限制我们实际使用的后端的最简捷方法。”<br><br>
+<!-- Once they introduced OpenTracing into this first use case, Broad says, "The trace made it super obvious where the bottlenecks were." Even though everyone had assumed it was Workiva’s existing code that was slowing things down, that wasn’t exactly the case. "It looked like the existing code was slow only because it was reaching out to our next-generation services, and they were taking a very long time to service all those requests," says Broad. "On the waterfall graph you can see the exact same work being done on every request when it was calling back in. So every service request would look the exact same for every response being paged out. And then it was just a no-brainer of, ‘Why is it doing all this work again?’"<br><br> -->
+Broad 说，一旦他们将 OpenTrace 引入到第一个用例中，“跟踪使得瓶颈所在位置变得非常明显。”尽管每个人都认为是 Workiva 的现有代码减缓了速度，但事实并非如此。Broad 说：“看起来现有代码速度很慢，只是因为它能够达到到我们下一代服务的水平，而且它们需要很长时间才能处理所有这些请求。”“在瀑布图上，你可以看到每个请求在得到响应时所做的完全相同的工作。因此，对于被分页的每个响应，每个服务请求看起来都完全相同。然后，就不用费神去思考‘为什么它再次做所有这些工作？’”<br><br>
+<!-- Using the insight OpenTracing gave them, "My team was able to look at a trace and make optimization suggestions to another team without ever looking at their code," says Broad. "The way we named our traces gave us insight whether it’s doing a SQL call or it’s making an RPC. And so it was really easy to say, ‘OK, we know that it’s going to page through all these requests. Do the work once and stuff it in cache.’ And we were done basically. All those calls became sub-second calls immediately."<br><br> -->
+使用 OpenTrace 的跟踪功能，“我的团队能够查看跟踪，并针对另一个团队提出优化建议，而无需查看他们的代码，”Broad 说。“我们命名跟踪的方式可以说明请求是执行 SQL 调用还是创建 RPC。因此，可以非常简单地说，‘好吧，我们知道它能处理所有这些请求。处理一次缓存一次。’我们基本上完成了。所有这些调用立即变成了亚秒级的调用。”<br><br>
+
+</div>
+</section>
+
+<div class="banner4">
+  <div class="banner4text">
+<!-- "We were looking at different tracing solutions and we decided that because it seemed to be a very evolving market, we didn’t want to get stuck with one vendor. So OpenTracing seemed like the cleanest way to avoid vendor lock-in on what backend we actually had to&nbsp;use." <span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— MACLEOD BROAD, SENIOR SOFTWARE ARCHITECT AT WORKIVA</span> -->
+“我们正在研究不同的跟踪解决方案，我们决定使用 OpenTracing，由于市场似乎是一个不断发展的市场，我们不想被一个供应商卡住。因此，OpenTracing 似乎是避免供应商限制我们实际使用的后端的最简捷方法。”<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— MACLEOD BROAD, WORKIVA 高级软件架构师</span>
+
+  </div>
+</div>
+
+<section class="section4">
+<div class="fullcol">
+  <!-- After the success of the first use case, everyone involved in the trial went back and fully instrumented their products. Tracing was added to a few more use cases. "We wanted to get through the initial implementation pains early without bringing the whole department along for the ride," says Broad. "Now, a lot of teams add it when they’re starting up a new service. We’re really pushing adoption now more than we were before." <br><br> -->
+在第一个用例成功后，参与尝试的每个人都回去重新编排了他们的产品。跟踪功能已添加到几个更多的用例中。Broad 说：“我们希望尽早度过最初的实施难关，而不会让整个部门一起渡过难关。”“现在，许多团队在启动新服务时添加它。我们现在确实比以前更将推动采用。”<br><br>
+<!-- Some teams were won over quickly. "Tracing has given us immediate, actionable insight into how to improve our [Workspaces] service," says Software Engineer Michael Davis. "Through a combination of seeing where each call spends its time, as well as which calls are most often used, we were able to reduce our average response time by 95 percent (from 600ms to 30ms) in a single fix." <br><br> -->
+一些团队很快就赢了。软件工程师 Michael Davis 说：“跟踪让我们能够立即了解如何改进我们的（工作空间）服务。通过查看每个调用的花费时间以及最常使用哪些调用的组合，我们能够在单个修复中将平均响应时间减少 95%（从 600ms 到 30ms）”。<br><br>
+<!-- Most of Workiva’s major products are now traced using OpenTracing, with data pushed into <a href="https://cloud.google.com/stackdriver/">Google StackDriver</a>. Even the products that aren’t fully traced have some components and libraries that are. <br><br> -->
+Workiva 的大部分主要产品现在都使用 OpenTracing 进行跟踪，将数据推送到 <a href="https://cloud.google.com/stackdriver/">Google StackDriver</a>。即使未完全使用跟踪功能的产品，也具有一些组件和库。<br><br>
+<!-- Broad points out that because some of the engineers were working on App Engine and already had experience with the platform’s Appstats library for profiling performance, it didn’t take much to get them used to using OpenTracing. But others were a little more reluctant. "The biggest hindrance to adoption I think has been the concern about how much latency is introducing tracing [and StackDriver] going to cost," he says. "People are also very concerned about adding middleware to whatever they’re working on. Questions about passing the context around and how that’s done were common. A lot of our Go developers were fine with it, because they were already doing that in one form or another. Our Java developers were not super keen on doing that because they’d used other systems that didn’t require that."<br><br> -->
+Broad 指出，由于一些工程师正在使用 App Engine，并且已经拥有平台的 Appstats 库分析性能的经验，因此他们不需要花太多时间才能习惯使用 OpenTracing。但其他人则有点不情愿。“我认为，使用 OpenTracing 的最大障碍是担心引入跟踪和 StackDriver 的成本会是多少，”他说。“人们也非常关心将中间件添加到他们正在处理的任何内容中。有关传递上下文以及如何完成这些工作的问题很常见。我们的许多 Go 开发人员对此都很好，因为他们已经以这样或那样的形式这样做了。我们的 Java 开发人员并不热衷于这样做，因为他们使用了其他不需要该功能的系统。”<br><br>
+<!-- But the benefits clearly outweighed the concerns, and today, Workiva’s official policy is to use tracing." -->
+但好处显然超过了人们的担忧，而今天，Workiva 的官方政策是使用追踪。
+<!-- In fact, Broad believes that tracing naturally fits in with Workiva’s existing logging and metrics systems. "This was the way we presented it internally, and also the way we designed our use," he says. "Our traces are logged in the exact same mechanism as our app metric and logging data, and they get pushed the exact same way. So we treat all that data exactly the same when it’s being created and when it’s being recorded. We have one internal library that we use for logging, telemetry, analytics and tracing." -->
+事实上，Broad 认为跟踪天然符合 Workiva 现有的日志记录和指标系统。“这是我们在内部展示的方式，也是我们设计使用方式的方式，”他说。“我们的跟踪记录在与我们的应用指标和日志记录数据完全相同的机制中，并且它们被推送的方式完全相同。因此，在创建和记录所有数据时，我们对待这些数据完全一样。我们有一个内部库，用于日志记录、遥测、分析和跟踪。”
+
+
+</div>
+</section>
+
+<div class="banner5">
+  <div class="banner5text">
+   <!-- "Tracing has given us immediate, actionable insight into how to improve our [Workspaces] service. Through a combination of seeing where each call spends its time, as well as which calls are most often used, we were able to reduce our average response time by 95 percent (from 600ms to 30ms) in&nbsp;a&nbsp;single&nbsp;fix." <span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— Michael Davis, Software Engineer, Workiva </span> -->
+“跟踪让我们能够立即、可操作地洞察如何改进我们的（工作空间）服务。通过查看每个调用花费的时间以及最常使用哪些调用的组合，我们能够在单个修复中将平均响应时间减少 95%（从 600ms 到 30ms）。”<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase"><br>— Michael Davis, 软件工程师, Workiva </span>
+
+  </div>
+</div>
+
+<section class="section5">
+<div class="fullcol">
+ <!-- For Workiva, OpenTracing has become an essential tool for zeroing in on optimizations and determining what’s actually a micro-optimization by observing usage patterns. "On some projects we often assume what the customer is doing, and we optimize for these crazy scale cases that we hit 1 percent of the time," says Broad. "It’s been really helpful to be able to say, ‘OK, we’re adding 100 milliseconds on every request that does X, and we only need to add that 100 milliseconds if it’s the worst of the worst case, which only happens one out of a thousand requests or one out of a million requests."<br><br> -->
+对于 Workiva，OpenTracing 已成为一种重要工具，通过观察使用模式来聚焦最佳优化和确定什么是微观优化。Broad 说：“在某些项目中，我们经常假设客户正在做什么，我们针对这些疯狂的测试案例进行优化，这些案例的 1% 是同用户实际非常相符的。”“这样是非常有益的，‘好吧，我们在每个执行 X 的请求上添加 100 毫秒，如果最坏的情况，我们也只需要添加 100 毫秒，这仅发生在千分之一的请求或一百万个请求中的一个。’”<br><br>
+<!-- Unlike many other companies, Workiva also traces the client side. "For us, the user experience is important—it doesn’t matter if the RPC takes 100 milliseconds if it still takes 5 seconds to do the rendering to show it in the browser," says Broad. "So for us, those client times are important. We trace it to see what parts of loading take a long time. We’re in the middle of working on a definition of what is ‘loaded.’ Is it when you have it, or when it’s rendered, or when you can interact with it? Those are things we’re planning to use tracing for to keep an eye on and to better understand."<br><br> -->
+与许多其他公司不同，Workiva 还跟踪客户端。Broad 说：“对我们来说，用户体验很重要，如果 RPC 执行后还需要 5 秒才能在浏览器中显示，则 RPC 执行需要 100 毫秒就不重要了。”“因此，对于我们而言，这些客户端响应时间非常重要。我们跟踪它，看看加载的哪些部分需要很长时间。我们正在研究什么是“加载”的定义。是当你访问到它，还是当它被渲染时，或者当你可以与它交互时？我们计划使用跟踪来关注和更好地了解这些内容。”<br><br>
+<!-- That also requires adjusting for differences in external and internal clocks. "Before time correcting, it was horrible; our traces were more misleading than anything," says Broad. "So we decided that we would return a timestamp on the response headers, and then have the client reorient its time based on that—not change its internal clock but just calculate the offset on the response time to when the client got it. And if you end up in an impossible situation where a client RPC spans 210 milliseconds but the time on the response time is outside of that window, then we have to reorient that."<br><br> -->
+这还需要根据外部和内部时钟的差异进行调整。“在时间纠正之前，这是非常恐怖的；我们的跟踪比什么都更具有误导性，” Broad 说。“因此，我们决定在响应标头上返回一个时间戳，然后让客户端根据该时间调整其时间，而不是更改其内部时钟，而只需计算客户端收到时响应时间的偏移量。如果最终出现一种不可能的情况，客户端的 RPC 调用持续了 210 毫秒但响应返回时间并不在这个范围内，那就必须得重新调用请求。”<br><br>
+<!-- Broad is excited about the impact OpenTracing has already had on the company, and is also looking ahead to what else the technology can enable. One possibility is using tracing to update documentation in real time. "Keeping documentation up to date with reality is a big challenge," he says. "Say, we just ran a trace simulation or we just ran a smoke test on this new deploy, and the architecture doesn’t match the documentation. We can find whose responsibility it is and let them know and have them update it. That’s one of the places I’d like to get in the future with tracing." -->
+Broad 对 OpenTracing 对公司产生的影响感到兴奋，并且也在展望该技术还能实现什么。一种可能性是使用跟踪实时更新文档。他表示：“使文档与现实保持同步是一项重大挑战。”“例如，我们刚刚运行了跟踪模拟，或者我们刚刚在此新部署上运行了烟雾测试，但是结果显示架构与文档不匹配。我们可以找到是谁的责任，并通知他们进行更新。这是我希望在未来通过追踪获得的功能之一。”
+
+</div>
+
+</section>
diff --git a/content/zh/case-studies/workiva/workiva_featured_logo.png b/content/zh/case-studies/workiva/workiva_featured_logo.png
new file mode 100644
index 0000000000000..9998b471049e5
Binary files /dev/null and b/content/zh/case-studies/workiva/workiva_featured_logo.png differ
diff --git a/content/zh/case-studies/yahoo-japan/index.html b/content/zh/case-studies/yahoo-japan/index.html
new file mode 100644
index 0000000000000..724a41ae01558
--- /dev/null
+++ b/content/zh/case-studies/yahoo-japan/index.html
@@ -0,0 +1,4 @@
+---
+title: Yahoo! Japan
+content_url: https://kubernetes.io/blog/2016/10/kubernetes-and-openstack-at-yahoo-japan
+---
\ No newline at end of file
diff --git a/content/zh/case-studies/yahoo-japan/yahooJapan_logo.png b/content/zh/case-studies/yahoo-japan/yahooJapan_logo.png
new file mode 100644
index 0000000000000..3cbea39598954
Binary files /dev/null and b/content/zh/case-studies/yahoo-japan/yahooJapan_logo.png differ
diff --git a/content/zh/case-studies/ygrene/index.html b/content/zh/case-studies/ygrene/index.html
new file mode 100644
index 0000000000000..969483ba073aa
--- /dev/null
+++ b/content/zh/case-studies/ygrene/index.html
@@ -0,0 +1,130 @@
+---
+title: 案例研究：Ygrene
+
+case_study_styles: true
+cid: caseStudies
+css: /css/style_ygrene.css
+---
+
+<!-- <div class="banner1 desktop" style="background-image: url('/images/CaseStudy_ygrene_banner1.jpg')">
+  <h1> CASE STUDY:<img src="/images/ygrene_logo.png" style="margin-bottom:-1%" class="header_logo"><br> <div class="subhead">Ygrene: Using Cloud Native to Bring Security and Scalability to the Finance Industry
+
+</div></h1> -->
+<div class="banner1">
+  <h1> 案例研究:<img src="/images/ygrene_logo.png" style="margin-bottom:-1%" class="header_logo"><br> <div class="subhead">Ygrene: 使用原生云为金融行业带来安全性和可扩展性
+
+</div></h1>
+
+
+</div>
+
+<!-- <div class="details">
+    Company &nbsp;<b>Ygrene</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>Petaluma, Calif.</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Clean energy financing</b>
+</div> -->
+<div class="details">
+    公司 &nbsp;<b>Ygrene</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;位置 &nbsp;<b>佩塔卢马，加利福尼亚州</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>清洁能源融资</b>
+</div>
+
+<hr>
+<section class="section1">
+<div class="cols">
+  <div class="col1">
+    <h2>挑战</h2>
+    <!-- A PACE (Property Assessed Clean Energy) financing company, Ygrene has funded more than $1 billion in loans since 2010. In order to approve and process those loans, "We have lots of data sources that are being aggregated, and we also have lots of systems that need to churn on that data," says Ygrene Development Manager Austin Adams. The company was utilizing massive servers, and "we just reached the limit of being able to scale them vertically. We had a really unstable system that became overwhelmed with requests just for doing background data processing in real time. The performance the users saw was very poor. We needed a solution that wouldn’t require us to make huge refactors to the code base." As a finance company, Ygrene also needed to ensure that they were shipping their applications securely. -->
+作为一家 PACE（清洁能源资产评估）融资公司，Ygrene 自2010年以来已经为超过10亿的贷款提供资金。为了批准和处理这些贷款，“我们有很多正在聚合的数据源，而且我们也有许多系统需要对这些数据进行改动，”Ygrene 开发经理 Austin Adams 说。该公司正在使用大量服务器，“我们刚刚达到能够垂直扩展它们的极限。我们有一个非常不稳定的系统，它变得不知所措，要求只是做后台数据处理的实时。用户看到的性能很差。我们需要一个解决方案，不需要我们对代码库进行大量重构。作为一家金融公司，Ygrene 还需要确保他们安全地传输应用程序。”
+
+<br>
+
+ <h2>解决方案</h2>
+    <!-- Moving from an Engine Yard platform and Amazon Elastic Beanstalk, the Ygrene team embraced cloud native technologies and practices: <a href="https://kubernetes.io/">Kubernetes</a> to help scale out vertically and distribute workloads, <a href="https://github.com/theupdateframework/notary">Notary</a> to put in build-time controls and get trust on the Docker images being used with third-party dependencies, and <a href="https://www.fluentd.org/">Fluentd</a> for "observing every part of our stack," all running on <a href="https://aws.amazon.com/ec2/spot/">Amazon EC2 Spot</a>. -->
+从 Engine Yard 和 Amazon Elastic Beanstalk 上迁移了应用后，Ygrene 团队采用云原生技术和实践：使用<a href="https://kubernetes.io/">Kubernetes</a>来帮助垂直扩展和分配工作负载，使用<a href="https://github.com/theupdateframework/notary"> Notary </a>加入构建时间控制和获取使用第三方依赖的可信赖 Docker 镜像，使用<a href="https://www.fluentd.org/">Fluentd</a>“掌握堆栈中的所有情况”，这些都运行在<a href="https://aws.amazon.com/ec2/spot/">Amazon EC2 Spot</a>上。
+</div>
+
+<div class="col2">
+
+<h2>影响</h2>
+  <!-- Before, deployments typically took three to four hours, and two or three months’ worth of work would be deployed at low-traffic times every week or two weeks. Now, they take five minutes for Kubernetes, and an hour for the overall deploy with smoke testing. And "we’re able to deploy three or four times a week, with just one week’s or two days’ worth of work," Adams says. "We’re deploying during the work week, in the daytime and without any downtime. We had to ask for business approval to take the systems down, even in the middle of the night, because people could be doing loans. Now we can deploy, ship code, and migrate databases, all without taking the system down. The company gets new features without worrying that some business will be lost or delayed." Additionally, by using the kops project, Ygrene can now run its Kubernetes clusters with AWS EC2 Spot, at a tenth of the previous cost. These cloud native technologies have "changed the game for scalability, observability, and security—we’re adding new data sources that are very secure," says Adams. "Without Kubernetes, Notary, and Fluentd, we couldn’t tell our investors and team members that we knew what was going on." -->
+以前，部署通常需要三到四个小时，而且每周或每两周要把一些两三个月工作量的任务在系统占用低的时候进行部署。现在，他们用5分钟来配置 Kubernetes，然后用一个小时进行整体部署与烟雾测试。Adams 说：“我们每周可以部署三到四次，只需一周或两天的工作量。”“我们在工作周、白天的任意时间进行部署，甚至不需要停机。以前我们不得不请求企业批准，以关闭系统，因为即使在半夜，人们也可能正在访问服务。现在，我们可以部署、上传代码和迁移数据库，而无需关闭系统。公司获得新功能，而不必担心某些业务会丢失或延迟。”此外，通过使用 kops 项目，Ygrene 现在可以用以前成本的十分之一使用 AWS EC2 Spot 运行其 Kubernetes 集群。Adams 说，这些云原生技术“改变了可扩展性、可观察性和安全性（我们正在添加新的非常安全的数据源）的游戏。”“没有 Kubernetes、Notary 和 Fluent，我们就无法告诉投资者和团队成员，我们知道刚刚发生了什么事情。”
+
+</div>
+
+</div>
+</section>
+<div class="banner2">
+  <div class="banner2text">
+<!-- "CNCF projects are helping Ygrene determine the security and observability standards for the entire PACE industry. We’re an emerging finance industry, and without these projects, especially Kubernetes, we couldn’t be the industry leader that we are today." <span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase;line-height:14px"><br><br>— Austin Adams, Development Manager, Ygrene Energy Fund</span> -->
+“CNCF 项目正在帮助 Ygrene 确定整个 PACE 行业的安全性和可观察性标准。我们是一个新兴的金融企业，没有这些项目，尤其是 Kubernetes，我们不可能成为今天的行业领导者。”<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase;line-height:14px"><br><br>— Austin Adams, Ygrene 能源基金会开发经理</span>
+
+  </div>
+</div>
+
+<section class="section2">
+<div class="fullcol">
+ <!-- <h2>In less than a decade, <a href="https://ygrene.com/index.html" style="text-decoration:underline">Ygrene</a> has funded more than $1 billion in loans for renewable energy&nbsp;projects.</h2> A <a href="https://www.energy.gov/eere/slsc/property-assessed-clean-energy-programs">PACE</a> (Property Assessed Clean Energy) financing company, "We take the equity in a home or a commercial building, and use it to finance property improvements for anything that saves electricity, produces electricity, saves water, or reduces carbon emissions," says Development Manager Austin Adams. <br><br> -->
+<h2>在不到十年的时间里，<a href="https://ygrene.com/index.html" style="text-decoration:underline"> Ygrene </a>就为可再生能源项目提供了超过10亿美元的贷款。</h2><a href="https://www.energy.gov/eere/slsc/property-assessed-clean-energy-programs"> PACE </a>（清洁能源物业评估）融资公司开发经理 Austin Adams 表示：“我们抵押房屋或商业建筑，用贷款来为任何可以节约电力、生产电力、节约用水或减少碳排放的项目提供资金支持。”<br><br>
+
+<!-- In order to approve those loans, the company processes an enormous amount of underwriting data. "We have tons of different points that we have to validate about the property, about the company, or about the person," Adams says. "So we have lots of data sources that are being aggregated, and we also have lots of systems that need to churn on that data in real time." <br><br> -->
+为了批准这些贷款，公司需要处理大量的承销数据。Adams 说：“我们必须要验证有关财产、公司或人员的问题，像这样的工作数以千计。因此，我们有很多正在聚合的数据源，并且我们也有大量系统需要实时对这些数据进行改动。”<br><br>
+<!-- By 2017, deployments and scalability had become pain points. The company was utilizing massive servers, and "we just reached the limit of being able to scale them vertically," he says. Migrating to AWS Elastic Beanstalk didn’t solve the problem: "The Scala services needed a lot of data from the main Ruby on Rails services and from different vendors, so they were asking for information from our Ruby services at a rate that those services couldn’t handle. We had lots of configuration misses with Elastic Beanstalk as well. It just came to a head, and we realized we had a really unstable system." -->
+到 2017 年，部署和可扩展性已成为痛点。该公司已经使用了大量服务器，“我们刚刚达到能够垂直扩展的极限，”他说。迁移到 AWS Elastic Beanstalk 并不能解决问题：“Scala 服务需要来自主 Ruby on Rails 服务和不同供应商提供的大量数据，因此他们要求从我们的 Ruby 服务以一种服务器无法承受的速率获取信息。在 Elastic Beanstalk 上我们也有许多配置与应用不匹配。这仅仅是一个开始，我们也意识到我们这个系统非常不稳定。”
+</div>
+</section>
+<div class="banner3">
+  <div class="banner3text">
+    <!-- "CNCF has been an amazing incubator for so many projects. Now we look at its webpage regularly to find out if there are any new, awesome, high-quality projects we can implement into our stack. It’s actually become a hub for us for knowing what software we need to be looking at to make our systems more secure or more scalable."<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase;line-height:14px"><br><br>— Austin Adams, Development Manager, Ygrene Energy Fund</span> -->
+“CNCF 是众多项目惊人的孵化器。现在，我们定期查看其网页，了解是否有任何新的、可敬的高质量项目可以应用到我们的系统中。它实际上已成为我们了解自身需要什么样的软件以使我们的系统更加安全和具有可伸缩性的信息中心。”<span style="font-size:14px;letter-spacing:0.12em;padding-top:20px;text-transform:uppercase;line-height:14px"><br><br>— Austin Adams, Ygrene 能源基金会开发经理</span>
+  </div>
+</div>
+<section class="section3">
+<div class="fullcol">
+
+<!-- Adams along with the rest of the team set out to find a solution that would be transformational, but "wouldn’t require us to make huge refactors to the code base," he says. And as a finance company, Ygrene needed security as much as scalability. They found the answer by embracing cloud native technologies: Kubernetes to help scale out vertically and distribute workloads, Notary to achieve reliable security at every level, and Fluentd for observability. "Kubernetes was where the community was going, and we wanted to be future proof," says Adams. <br><br> -->
+Adams 和其他团队一起着手寻找一种具有变革性的解决方案，但“不需要我们对代码库进行巨大的重构，”他说。作为一家金融公司，和可伸缩性一样，Ygrene 需要更好的安全性。他们通过采用云原生技术找到了答案：Kubernetes 帮助纵向扩展和分配工作负载，Notary 在各个级别实现可靠的安全性，Fluentd 来提供可观察性。Adams 说：“ Kubernetes 是社区前进的方向，也是我们展望未来的证明。”<br><br>
+<!-- With Kubernetes, the team was able to quickly containerize the Ygrene application with Docker. "We had to change some practices and code, and the way things were built," Adams says, "but we were able to get our main systems onto Kubernetes in a month or so, and then into production within two months. That’s very fast for a finance company."<br><br> -->
+有了 Kubernetes，该团队能够快速将 Ygrene 应用程序用 Docker 容器化。“我们必须改变一些实现和代码，以及系统的构建方式，” Adams 说，“但我们已经能够在一个月左右的时间内将主要系统引入 Kubernetes，然后在两个月内投入生产。对于一家金融公司来说，这已经非常快了。”<br><br>
+<!-- How? Cloud native has "changed the game for scalability, observability, and security—we’re adding new data sources that are very secure," says Adams. "Without Kubernetes, Notary, and Fluentd, we couldn’t tell our investors and team members that we knew what was going on." <br><br> -->
+怎么样？Adams 说，这些云原生技术“改变了可扩展性、可观察性和安全性（我们正在添加新的非常安全的数据源）的游戏。”“没有 Kubernetes、Notary 和 Fluent，我们就无法告诉投资者和团队成员，我们知道刚刚发生了什么事情。”<br><br>
+<!-- Notary, in particular, "has been a godsend," says Adams. "We need to know that our attack surface on third-party dependencies is low, or at least managed. We use it as a trust system and we also use it as a separation, so production images are signed by Notary, but some development images we don’t sign. That is to ensure that they can’t get into the production cluster. We’ve been using it in the test cluster to feel more secure about our builds." -->
+Adams 说，尤其 Notary 简直就是“天赐之物”。“我们要清楚，我们针对第三方依赖项的攻击面较低，或者至少是托管的。因为我们使用 Notary 作为一个信任系统，我们也使用它作为区分，所以生产镜像由 Notary 签名，但一些开发镜像就不签署。这是为了确保未签名镜像无法进入生产集群。我们已经在测试集群中使用它，以使构建的应用更安全。”
+
+
+</div>
+</section>
+<div class="banner4">
+  <div class="banner4text">
+<!-- "We had to change some practices and code, and the way things were built," Adams says, "but we were able to get our main systems onto Kubernetes in a month or so, and then into production within two months. That’s very fast for a finance company." -->
+“我们必须改变一些实现和代码，以及系统的构建方式，” Adams 说，“但我们已经能够在一个月左右的时间内将主要系统引入 Kubernetes，然后在两个月内投入生产。对于一家金融公司来说，这已经非常快了。”
+  </div>
+</div>
+
+<section class="section4">
+<div class="fullcol">
+ <!-- By using the kops project, Ygrene was able to move from Elastic Beanstalk to running its Kubernetes clusters on AWS EC2 Spot, at a tenth of the previous cost. "In order to scale before, we would need to up our instance sizes, incurring high cost for low value," says Adams. "Now with Kubernetes and kops, we are able to scale horizontally on Spot with multiple instance groups."<br><br> -->
+通过使用 kops 项目，Ygrene 能够用以前成本的十分之一从 Elastic Beanstalk 迁移到 AWS EC2 Spot 上运行其 Kubernetes 群集。Adams 说：“以前为了扩展，我们需要增加实例大小，导致高成本产出低价值。现在，借助 Kubernetes 和 kops，我们能够在具有多个实例组的 Spot 上水平缩放。”<br><br>
+<!-- That also helped them mitigate the risk that comes with running in the public cloud. "We figured out, essentially, that if we’re able to select instance classes using EC2 Spot that had an extremely low likelihood of interruption and zero history of interruption, and we’re willing to pay a price high enough, that we could virtually get the same guarantee using Kubernetes because we have enough nodes," says Software Engineer Zach Arnold, who led the migration to Kubernetes. "Now that we’ve re-architected these pieces of the application to not live on the same server, we can push out to many different servers and have a more stable deployment."<br><br> -->
+这也帮助他们降低了在公共云中运行所带来的风险。“我们发现，基本上，如果我们能够使用中断可能性极低、无中断历史的 EC2 Spot 选择实例类，并且我们愿意付出足够高的价格，我们几乎可以得到和使用 Kubernetes 相同的保证，因为我们有足够的节点，”软件工程师 Zach Arnold 说，他领导了向 Kubernetes 的迁移。“现在，我们已经重新架构了应用程序的这些部分，使之不再位于同一台服务器上，我们可以推送到许多不同的服务器，并实现更稳定的部署。”<br><br>
+<!-- As a result, the team can now ship code any time of day. "That was risky because it could bring down your whole loan management software with it," says Arnold. "But we now can deploy safely and securely during the day." -->
+因此，团队现在可以在一天中的任何时间传输代码。阿诺德说：“以前这样做是很危险的，因为它会拖慢整个贷款管理软件。”“但现在，我们可以在白天安全部署。”
+
+</div>
+</section>
+<div class="banner5">
+  <div class="banner5text">
+ <!-- "In order to scale before, we would need to up our instance sizes, incurring high cost for low value," says Adams. "Now with Kubernetes and kops, we are able to scale horizontally on Spot with multiple instance groups." -->
+Adams 说：“以前为了扩展，我们需要增加实例大小，导致高成本产出低价值。现在，借助 Kubernetes 和 kops，我们能够在具有多个实例组的 Spot 上水平缩放。”
+  </div>
+</div>
+
+<section class="section5">
+<div class="fullcol">
+ <!-- Before, deployments typically took three to four hours, and two or three months’ worth of work would be deployed at low-traffic times every week or two weeks. Now, they take five minutes for Kubernetes, and an hour for an overall deploy with smoke testing. And "we’re able to deploy three or four times a week, with just one week’s or two days’ worth of work," Adams says. "We’re deploying during the work week, in the daytime and without any downtime. We had to ask for business approval to take the systems down for 30 minutes to an hour, even in the middle of the night, because people could be doing loans. Now we can deploy, ship code, and migrate databases, all without taking the system down. The company gets new features without worrying that some business will be lost or delayed."<br><br> -->
+以前，部署通常需要三到四个小时，而且每周或每两周要把一些两三个月工作量的任务在系统占用低的时候进行部署。现在，他们用5分钟来配置 Kubernetes，然后用一个小时进行整体部署与烟雾测试。Adams 说：“我们每周可以部署三到四次，只需一周或两天的工作量。”“我们在工作周、白天的任意时间进行部署，甚至不需要停机。以前我们不得不请求企业批准，以关闭系统，因为即使在半夜，人们也可能正在访问服务。现在，我们可以部署、上传代码和迁移数据库，而无需关闭系统。公司增加新项目，而不必担心某些业务会丢失或延迟。”<br><br>
+<!-- Cloud native also affected how Ygrene’s 50+ developers and contractors work. Adams and Arnold spent considerable time "teaching people to think distributed out of the box," says Arnold. "We ended up picking what we call the Four S’s of Shipping: safely, securely, stably, and speedily." (For more on the security piece of it, see their <a href="https://thenewstack.io/beyond-ci-cd-how-continuous-hacking-of-docker-containers-and-pipeline-driven-security-keeps-ygrene-secure/index.html">article</a> on their "continuous hacking" strategy.) As for the engineers, says Adams, "they have been able to advance as their software has advanced. I think that at the end of the day, the developers feel better about what they’re doing, and they also feel more connected to the modern software development community."<br><br> -->
+云原生也影响了 Ygrene 的 50 多名开发人员和承包商的工作方式。Adams 和 Arnold 花了相当长的时间“教人们思考开箱即用的”，Arnold 说。“我们最终选择了称之为“航运四S”：安全、可靠、稳妥、快速。”（有关其安全部分的更多内容，请参阅他们关于"持续黑客攻击"策略的<a href="https://thenewstack.io/beyond-ci-cd-how-continuous-hacking-of-docker-containers-and-pipeline-driven-security-keeps-ygrene-secure/index.html">文章</a>。至于工程师，Adams 说，“他们已经能够跟上软件进步的步伐。我想一天结束时，开发人员会感觉更好，他们也会感觉与现代软件开发社区的联系更加紧密。”<br><br>
+<!-- Looking ahead, Adams is excited to explore more CNCF projects, including SPIFFE and SPIRE. "CNCF has been an amazing incubator for so many projects," he says. "Now we look at its webpage regularly to find out if there are any new, awesome, high-quality projects we can implement into our stack. It’s actually become a hub for us for knowing what software we need to be looking at to make our systems more secure or more scalable." -->
+展望未来，Adams 很高兴能探索更多的 CNCF 项目，包括 SPIFFE 和 SPIRE。“ CNCF 是众多项目惊人的孵化器。现在，我们定期查看其网页，了解是否有任何新的、可敬的高质量项目可以应用到我们的系统中。它实际上已成为我们了解自身需要什么样的软件以使我们的系统更加安全和具有可伸缩性的信息中心。”
+
+
+</div>
+
+</section>
diff --git a/content/zh/case-studies/ygrene/ygrene_featured_logo.png b/content/zh/case-studies/ygrene/ygrene_featured_logo.png
new file mode 100644
index 0000000000000..d0d69114784c8
Binary files /dev/null and b/content/zh/case-studies/ygrene/ygrene_featured_logo.png differ
diff --git a/content/zh/case-studies/zalando/index.html b/content/zh/case-studies/zalando/index.html
new file mode 100644
index 0000000000000..39fc63ab1d98a
--- /dev/null
+++ b/content/zh/case-studies/zalando/index.html
@@ -0,0 +1,132 @@
+---
+title: 案例研究：Zalando
+case_study_styles: true
+cid: caseStudies
+css: /css/style_zalando.css
+---
+
+<div class="banner1">
+  <!-- <h1> CASE STUDY:<img src="/images/zalando_logo.png" class="header_logo"><br> <div class="subhead">Europe’s Leading Online Fashion Platform Gets Radical with Cloud Native
+</div></h1> -->
+<h1> 案例研究：<img src="/images/zalando_logo.png" class="header_logo"><br> <div class="subhead">欧洲领先的在线时尚平台通过云原生获得突破性进展
+</div></h1>
+
+</div>
+
+<!-- <div class="details">
+    Company &nbsp;<b>Zalando</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Location &nbsp;<b>Berlin, Germany</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Industry &nbsp;<b>Online Fashion</b>
+</div> -->
+<div class="details">
+    公司 &nbsp;<b>Zalando</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;位置 &nbsp;<b>柏林, 德国</b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;行业 &nbsp;<b>在线时尚平台</b>
+</div>
+
+<hr>
+<section class="section1">
+<div class="cols">
+  <div class="col1">
+    <h2>挑战</h2>
+    <!-- Zalando, Europe’s leading online fashion platform, has experienced exponential growth since it was founded in 2008. In 2015, with plans to further expand its original e-commerce site to include new services and products, Zalando embarked on a <a href="https://jobs.zalando.com/tech/blog/radical-agility-study-notes/">radical transformation</a> resulting in autonomous self-organizing teams. This change requires an infrastructure that could scale with the growth of the engineering organization. Zalando’s technology department began rewriting its applications to be cloud-ready and started moving its infrastructure from on-premise data centers to the cloud. While orchestration wasn’t immediately considered, as teams migrated to <a href="https://aws.amazon.com/">Amazon Web Services</a> (AWS): "We saw the pain teams were having with infrastructure and Cloud Formation on AWS," says Henning Jacobs, Head of Developer Productivity. "There’s still too much operational overhead for the teams and compliance. " To provide better support, cluster management was brought into play. -->
+Zalando 是欧洲领先的在线时尚平台，自 2008 年成立以来，经历了指数级增长。2015 年，Zalando 计划进一步扩展其原有的电子商务站点，以扩展新的服务和产品，从而开始了<a href="https://jobs.zalando.com/tech/blog/radical-agility-study-notes/">彻底的变革</a>，因此形成了自主的自组织团队。这次扩展需要可以随工程组织的增长而扩展的基础架构。Zalando 的技术部门开始重写其应用程序，使其能够在云端运行，并开始将其基础架构从内部数据中心迁移到云。虽然编排没有立即被考虑，因为团队迁移到<a href="https://aws.amazon.com/">亚马逊网络服务</a>（AWS）：“我们体验过团队在 AWS 上进行基础设施架构和使用云资源时遇到的痛苦，”开发人员生产力主管 Henning Jacobs 说，“我们遇到了一些难题。对于团队和合规性来说，运营开销仍然过多。为了提供更好的支持，项目引入了集群管理。”
+
+      </div>
+
+<div class="col2">
+  <h2>解决方案</h2>
+      <!-- The company now runs its Docker containers on AWS using Kubernetes orchestration. -->
+该公司现在使用 Kubernetes 编排在 AWS 上运行的 Docker 容器。
+<br>
+<h2>影响</h2>
+      <!-- With the old infrastructure "it was difficult to properly embrace new technologies, and DevOps teams were considered to be a bottleneck," says Jacobs. "Now, with this cloud infrastructure, they have this packaging format, which can contain anything that runs on the Linux kernel. This makes a lot of people pretty happy. The engineers love autonomy." -->
+Jacobs 说，由于旧基础设施“很难正确采用新技术，而 DevOps 团队被视为瓶颈。”“现在，有了这个云基础架构，它们有了这种打包格式，可以包含任何在Linux内核上运行的东西。这使得很多人相当高兴。工程师喜欢自主。”
+</div>
+</div>
+</section>
+<div class="banner2">
+  <div class="banner2text">
+    <!-- "We envision all Zalando delivery teams running their containerized applications on a state-of-the-art, reliable and scalable cluster infrastructure provided by Kubernetes."<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>- Henning Jacobs, Head of Developer Productivity at Zalando</span> -->
+“我们设想所有 Zalando 交付团队在 Kubernetes 提供的最先进的、可靠且可扩展的群集基础架构上运行其容器化应用程序。”<br style="height:25px"><span style="font-size:14px;letter-spacing:2px;text-transform:uppercase;margin-top:5% !important;"><br>- Henning Jacobs, Zalando 开发人员生产力主管
+</span>
+  </div>
+</div>
+<section class="section2">
+<div class="fullcol">
+    <!-- <h2>When Henning Jacobs arrived at Zalando in 2010, the company was just two years old with 180 employees running an online store for European shoppers to buy fashion items.</h2> -->
+<h2>当 Henning Jacobs 于2010年来到 Zalando 时，该公司刚成立两年，有180名员工经营一家网上商店，供欧洲消费者购买时尚商品。</h2>
+    <!-- "It started as a PHP e-commerce site which was easy to get started with, but was not scaling with the business' needs" says Jacobs, Head of Developer Productivity at Zalando.<br><br> -->
+Zalando 的开发人员生产力主管 Jacobs 说：“它最初是一个 PHP 电子商务网站，很容易上手，但无法随业务需求扩展。”<br><br>
+    <!-- At that time, the company began expanding beyond its German origins into other European markets. Fast-forward to today and Zalando now has more than 14,000 employees, 3.6 billion Euro in revenue for 2016 and operates across 15 countries. "With growth in all dimensions, and constant scaling, it has been a once-in-a-lifetime experience," he says.<br><br> -->
+当时，公司开始从德国以外扩展到其他欧洲市场。快进到今天，Zalando 现在拥有超过 14000 名员工，2016 年收入为 36 亿欧元，业务遍及 15 个国家/地区。他表示：“这种全面快速的增长和不断扩展，一生只能有一次。”<br><br>
+    <!-- Not to mention a unique opportunity for an infrastructure specialist like Jacobs. Just after he joined, the company began rewriting all their applications in-house. "That was generally our strategy," he says. "For example, we started with our own logistics warehouses but at first you don’t know how to do logistics software, so you have some vendor software. And then we replaced it with our own because with off-the-shelf software you’re not competitive. You need to optimize these processes based on your specific business needs."<br><br> -->
+能拥有像 Jacobs 这样的基础设施专家的机会是非常独特的。就在他加入公司后，公司开始在内部重写他们的所有应用。“这通常是我们的策略，”他表示。“例如，我们从我们自己的物流仓库开始，但起初不知道如何做物流软件，所以得用一些供应商软件。然后我们用自己的软件替换了它，因为使用现成的软件是没有竞争力的。需要根据特定业务需求优化这些流程。”<br><br>
+    <!-- In parallel to rewriting their applications, Zalando had set a goal of expanding beyond basic e-commerce to a platform offering multi-tenancy, a dramatic increase in assortments and styles, same-day delivery and even <a href="https://www.zalon.de">your own personal online stylist</a>.<br><br> -->
+在重写其应用程序的同时，Zalando 设定了一个目标，即从基本电子商务扩展到提供多租户的平台、大量增加的分类和样式、当天送达，甚至<a href="https://www.zalon.de">您自己的平台个人在线造型师</a>。<br><br>
+    <!-- The need to scale ultimately led the company on a cloud-native journey. As did its embrace of a microservices-based software architecture that gives engineering teams more autonomy and ownership of projects. "This move to the cloud was necessary because in the data center you couldn’t have autonomous teams. You have the same infrastructure and it was very homogeneous, so you could only run your Java or Python app," Jacobs says. -->
+扩展的需求最终引领了公司踏上云原生之旅。它采用基于微服务的软件架构，使工程团队拥有更多的项目自主权和所有权。“迁移到云是必要的，因为在数据中心中，团队不可能随心所欲。使用相同的基础架构，因此只能运行 Java 或 Python 应用，”Jacobs 说。
+
+</div>
+</section>
+<div class="banner3">
+  <div class="banner3text">
+    <!-- "This move to the cloud was necessary because in the data center you couldn’t have autonomous teams. You have the same infrastructure and it was very homogeneous, so you could only run your Java or Python app." -->
+“迁移到云是必要的，因为在数据中心中，团队不可能随心所欲。使用相同的基础架构，因此只能运行 Java 或 Python 应用。”
+
+  </div>
+</div>
+<section class="section3">
+<div class="fullcol">
+  <!-- Zalando began moving its infrastructure from two on-premise data centers to the cloud, requiring the migration of older applications for cloud-readiness. "We decided to have a clean break," says Jacobs. "Our <a href="https://aws.amazon.com/">Amazon Web Services</a> infrastructure was set up like so: Every team has its own AWS account, which is completely isolated, meaning there’s no ‘lift and shift.’ You basically have to rewrite your application to make it cloud-ready even down to the persistence layer. We bravely went back to the drawing board and redid everything, first choosing Docker as a common containerization, then building the infrastructure from there."<br><br> -->
+Zalando 开始将其基础架构从两个内部数据中心迁移到云，这需要迁移较旧的应用程序使其在云中准备就绪。“我们决定果断一些，” Jacobs 说。“我们的<a href="https://aws.amazon.com/">亚马逊网络服务</a>基础设施是这样的：每个团队都有自己的 AWS 账户，该账户是完全隔离的，这意味着没有'提升和转移'。基本上必须重写应用程序，使其在云中准备就绪，甚至到持久层也是如此。我们勇敢地回到绘图板，重做一切，首先选择 Docker 作为通用容器化，然后从那里构建基础结构。”<br><br>
+  <!-- The company decided to hold off on orchestration at the beginning, but as teams were migrated to AWS, "we saw the pain teams were having with infrastructure and cloud formation on AWS," says Jacobs. <br><br> -->
+公司最初决定推迟编排，但随着团队迁移到 AWS，“我们看到团队在 AWS 上的基础设施和使用云资源方面遇到了难题，” Jacobs 说。<br><br>
+  <!-- Zalandos 200+ autonomous engineering teams decide what technologies to use and could operate their own applications using their own AWS accounts. This setup proved to be a compliance challenge. Even with strict rules-of-play and automated compliance checks in place, engineering teams and IT-compliance were overburdened addressing compliance issues. "Violations appear for non-compliant behavior, which we detect when scanning the cloud infrastructure," says Jacobs. "Everything is possible and nothing enforced, so you have to live with violations (and resolve them) instead of preventing the error in the first place. This means overhead for teams—and overhead for compliance and operations. It also takes time to spin up new EC2 instances on AWS, which affects our deployment velocity." <br><br> -->
+Zalando 200多人的自主工程团队研究使用哪些技术，并可以使用自己的 AWS 账户操作自己的应用程序。事实证明，此设置是一项合规性挑战。即使制定了严格的游戏规则和自动化的合规性检查，工程团队和 IT 合规性在解决合规性问题方面也负担过重。Jacobs 说："违规行为会出现，我们在扫描云基础架构时会检测到这些行为。“一切皆有可能，没有强制实施，因此您必须忍受违规行为（并解决它们），而不是一开始就防止错误。这些都会增加团队的开销，以及合规性和操作的开销。在 AWS 上启动新的 EC2 实例也需要时间，这会影响我们的部署速度。”<br><br>
+  <!-- The team realized they needed to "leverage the value you get from cluster management," says Jacobs. When they first looked at Platform as a Service (PaaS) options in 2015, the market was fragmented; but "now there seems to be a clear winner. It seemed like a good bet to go with Kubernetes."<br><br> -->
+Jacobs 说，团队意识到他们需要“利用从集群管理中获得的价值”。当他们在2015年首次将平台视为服务（PaaS）选项时，市场是支离破碎的；但“现在似乎有一个明确的赢家。使用 Kubernetes 似乎是一个很好的尝试。”<br><br>
+  <!-- The transition to Kubernetes started in 2016 during Zalando’s <a href="https://jobs.zalando.com/tech/blog/hack-week-5-is-live/?gh_src=4n3gxh1">Hack Week</a> where participants deployed their projects to a Kubernetes cluster. From there 60 members of the tech infrastructure department were on-boarded - and then engineering teams were brought on one at a time. "We always start by talking with them and make sure everyone’s expectations are clear," says Jacobs. "Then we conduct some Kubernetes training, which is mostly training for our CI/CD setup, because the user interface for our users is primarily through the CI/CD system. But they have to know fundamental Kubernetes concepts and the API. This is followed by a weekly sync with each team to check their progress. Once they have something in production, we want to see if everything is fine on top of what we can improve." -->
+Kubernetes 的过渡始于 2016 年 Zalando 的<a href="https://jobs.zalando.com/tech/blog/hack-week-5-is-live/?gh_src=4n3gxh1">极客周</a>期间，参与者将他们的项目部署到 Kubernetes 集群。60名技术基础设施部门的成员开始使用这项技术，之后每次会加入一支工程团队。Jacobs 说：“我们总是从与他们交谈开始，确保每个人的期望都清晰。然后，我们进行一些 Kubernetes 培训，这主要是针对我们的 CI/CD 设置的培训，因为我们的用户界面主要通过 CI/CD 系统。但是他们必须知道Kubernetes的基本概念和API。之后每周与每个团队同步，以检查其进度。一旦出现什么状况，就可以确定我们所做的改进是否正常。”
+
+</div>
+</section>
+<div class="banner4">
+  <div class="banner4text">
+  <!-- Once Zalando began migrating applications to Kubernetes, the results were immediate. "Kubernetes is a cornerstone for our seamless end-to-end developer experience. We are able to ship ideas to production using a single consistent and declarative API," says Jacobs. -->
+一旦Zalando开始将应用迁移到Kubernetes，效果立竿见影。“Kubernetes 是我们无缝端到端开发人员体验的基石。我们能够使用单一一致且声明性的 API 将创意运送到生产中，” Jacobs 说。
+  </div>
+</div>
+
+<section class="section4">
+<div class="fullcol">
+  <!-- At the moment, Zalando is running an initial 40 Kubernetes clusters with plans to scale for the foreseeable future.
+  Once Zalando began migrating applications to Kubernetes, the results were immediate. "Kubernetes is a cornerstone for our seamless end-to-end developer experience. We are able to ship ideas to production using a single consistent and declarative API," says Jacobs. "The self-healing infrastructure provides a frictionless experience with higher-level abstractions built upon low-level best practices. We envision all Zalando delivery teams will run their containerized applications on a state-of-the-art reliable and scalable cluster infrastructure provided by Kubernetes."<br><br> -->
+目前，Zalando正在运行最初的40个Kubernetes集群，并计划在可预见的将来进行扩展。一旦Zalando开始将申请迁移到Kubernetes，效果立竿见影。“ Kubernetes 是我们无缝端到端开发人员体验的基石。我们能够使用单一一致且声明性的 API 将创意运送到生产中，” Jacobs 说。“自愈基础架构提供了无摩擦体验，基于低级最佳实践构建了更高级别的抽象。我们设想所有 Zalando 交付团队都将在 Kubernetes 提供的最先进的可靠和可扩展群集基础架构上运行其容器化应用程序。”
+  <!-- With the old on-premise infrastructure "it was difficult to properly embrace new technologies, and DevOps teams were considered to be a bottleneck," says Jacobs. "Now, with this cloud infrastructure, they have this packaging format, which can contain anything that runs in the Linux kernel. This makes a lot of people pretty happy. The engineers love the autonomy."
+  There were a few challenges in Zalando’s Kubernetes implementation. "We are a team of seven people providing clusters to different engineering teams, and our goal is to provide a rock-solid experience for all of them," says Jacobs. "We don’t want pet clusters. We don’t want to have to understand what workload they have; it should just work out of the box. With that in mind, cluster autoscaling is important. There are many different ways of doing cluster management, and this is not part of the core. So we created two components to provision clusters, have a registry for clusters, and to manage the whole cluster life cycle."<br><br> -->
+Jacobs 说，使用旧的内部基础设施，“很难正确采用新技术，而 DevOps 团队被视为瓶颈。”“现在，有了这个云基础架构，它们有了这种打包格式，可以包含运行在 Linux 内核中的任何内容。这使得很多人相当高兴。工程师喜欢自主性。”在Zalando的Kubernetes实施中出现了一些挑战。Jacobs 说：“我们是一支由七人组成的团队，为不同的工程团队提供集群，我们的目标是为所有团队提供坚如磐石的体验。”“我们不想要宠物集群。我们不想了解他们的工作量；它应该只是开箱即用。考虑到这一点，集群自动缩放非常重要。执行集群管理的方法有很多种，这不是核心的一部分。因此，我们创建了两个组件来预配群集，具有集群的注册表，并管理整个集群生命周期。”<br><br>
+  <!-- Jacobs’s team also worked to improve the Kubernetes-AWS integration. "Thus you're very restricted. You need infrastructure to scale each autonomous team’s idea.""<br><br> -->
+Jacobs 的团队还致力于改进Kubernetes-AWS 集成。“由于许多限制条件,需要通过基础设施来扩展每个自主团队的想法。”
+  <!-- Plus, "there are still a lot of best practices missing," says Jacobs. The team, for example, recently solved a pod security policy issue. "There was already a concept in Kubernetes but it wasn’t documented, so it was kind of tricky," he says. The large Kubernetes community was a big help to resolve the issue. To help other companies start down the same path, Jacobs compiled his team’s learnings in a document called <a href="http://kubernetes-on-aws.readthedocs.io/en/latest/admin-guide/kubernetes-in-production.html">Running Kubernetes in Production</a>. -->
+此外，“仍然缺少很多最佳实践，”Jacobs说。例如，该团队最近解决了 pod 安全策略问题。“在Kubernetes已经有一个概念，但没有记录，所以有点棘手，”他说。大型的Kubernetes社区是解决这个问题的一大帮助。为了帮助其他公司走上同样的道路，Jacobs在一份名为“在生产中运行 Kubernetes ”的文件中汇编了他的团队的经验教训。
+
+</div>
+</section>
+
+<div class="banner5">
+  <div class="banner5text">
+    <!-- "The Kubernetes API allows us to run applications in a cloud provider-agnostic way, which gives us the freedom to revisit IaaS providers in the coming years... We expect the Kubernetes API to be the global standard for PaaS infrastructure and are excited about the continued journey." -->
+“ Kubernetes API 允许我们以与云提供商无关的方式运行应用程序，这使我们能够在未来几年中自由访问 IaaS 提供商...我们期望 Kubernetes API 成为 PaaS 基础设施的全球标准，并对未来的继续旅程感到兴奋。”
+  </div>
+</div>
+<section class="section5">
+<div class="fullcol">
+  <!-- In the end, Kubernetes made it possible for Zalando to introduce and maintain the new products the company envisioned to grow its platform. "<a href="https://www.zalon.de/">The fashion advice</a> product used Scala, and there were struggles to make this possible with our former infrastructure," says Jacobs. "It was a workaround, and that team needed more and more support from the platform team, just because they used different technologies. Now with Kubernetes, it’s autonomous. Whatever the workload is, that team can just go their way, and Kubernetes prevents other bottlenecks."<br><br> -->
+最后，Kubernetes 使 Zalando 能够引进和维护公司为发展其平台而设想的新产品。Jacobs 说：“时尚咨询产品使用 Scala，而我们以前的基础设施也难以实现这一点。”这是一个解决方法，该团队需要平台团队提供越来越多的支持，只是因为他们使用了不同的技术。现在有了Kubernetes，它就自主了。无论工作负载是什么，该团队都可以走自己的路，而 Kubernetes 可以防止其他瓶颈。<br><br>
+  <!-- Looking ahead, Jacobs sees Zalando’s new infrastructure as a great enabler for other things the company has in the works, from its new logistics software, to a platform feature connecting brands, to products dreamed up by data scientists. "One vision is if you watch the next James Bond movie and see the suit he’s wearing, you should be able to automatically order it, and have it delivered to you within an hour," says Jacobs. "It’s about connecting the full fashion sphere. This is definitely not possible if you have a bottleneck with everyone running in the same data center and thus very restricted. You need infrastructure to scale each autonomous team’s idea."<br><br> -->
+展望未来，Jacobs 将 Zalando 的新基础设施视为公司在进行的其他工程中的巨大推动因素，从新的物流软件到连接品牌的平台功能，以及数据科学家梦寐以求的产品。Jacobs说：“一个愿景是，如果你看下一部 James Bond 的电影，看看他穿的西装，你就应该能够自动订购，并在一小时内把它送到你身边。”“这是关于连接整个时尚领域。如果您遇到瓶颈，因为每个人都在同一个数据中心运行，因此限制很大，则这绝对是不可能的。需要基础设施来扩展每个自主团队的想法。”<br><br>
+  <!-- For other companies considering this technology, Jacobs says he wouldn’t necessarily advise doing it exactly the same way Zalando did. "It’s okay to do so if you’re ready to fail at some things," he says. "You need to set the right expectations. Not everything will work. Rewriting apps and this type of organizational change can be disruptive. The first product we moved was critical. There were a lot of dependencies, and it took longer than expected. Maybe we should have started with something less complicated, less business critical, just to get our toes wet."<br><br> -->
+对于考虑这项技术的其他公司，Jacobs 说，他不一定建议像 Zalando 那样做。他表示：“如果你准备尝试失败，那么这样做是可以的。”“设定正确的期望是必须的。并不是一切都会起作用。重写应用和这种类型的组织更改可能会造成中断。我们移动的第一个产品至关重要。存在大量依赖关系，而且时间比预期长。也许我们应该从不那么复杂、不是业务关键的东西开始，只是为了开个好头。”<br><br>
+  <!-- But once they got to the other side "it was clear for everyone that there’s no big alternative," Jacobs adds. "The Kubernetes API allows us to run applications in a cloud provider-agnostic way, which gives us the freedom to revisit IaaS providers in the coming years. Zalando Technology benefits from migrating to Kubernetes as we are able to leverage our existing knowledge to create an engineering platform offering flexibility and speed to our engineers while significantly reducing the operational overhead. We expect the Kubernetes API to be the global standard for PaaS infrastructure and are excited about the continued journey." -->
+但是，一旦他们到了另一边，“每个人都很清楚，没有大的选择，” Jacobs 补充说。“ Kubernetes API 允许我们以与云提供商无关的方式运行应用程序，这使我们能够在未来几年中自由访问 IaaS 提供商。Zalando 受益于迁移到 Kubernetes，因为我们能够利用现有知识创建工程平台，为我们的工程师提供灵活性和速度，同时显著降低运营开销。我们期望 Kubernetes API 成为 PaaS 基础设施的全球标准，并对未来的旅程感到兴奋。”
+
+</div>
+
+</section>
diff --git a/content/zh/case-studies/zalando/zalando_feature_logo.png b/content/zh/case-studies/zalando/zalando_feature_logo.png
new file mode 100644
index 0000000000000..ba6251050d15a
Binary files /dev/null and b/content/zh/case-studies/zalando/zalando_feature_logo.png differ
diff --git a/content/zh/case-studies/zulily/index.html b/content/zh/case-studies/zulily/index.html
index d41671470f71f..d5caf422aacd7 100644
--- a/content/zh/case-studies/zulily/index.html
+++ b/content/zh/case-studies/zulily/index.html
@@ -1,4 +1,4 @@
----
-title: Zulily
-content_url: https://www.youtube.com/embed/of45hYbkIZs
----
+---
+title: Zulily
+content_url: https://www.youtube.com/embed/of45hYbkIZs
+---
diff --git a/content/zh/community/_index.html b/content/zh/community/_index.html
new file mode 100644
index 0000000000000..53cbbd068279f
--- /dev/null
+++ b/content/zh/community/_index.html
@@ -0,0 +1,133 @@
+---
+title: 社区
+layout: basic
+cid: community
+---
+
+<!--
+---
+title: Community
+layout: basic
+cid: community
+---
+-->
+
+<section id="mainContent">
+    <main>
+        <!-- <div class="content">
+            <h3>Ensuring Kubernetes works well everywhere and for everyone.</h3>
+            <p>Connect with the Kubernetes community on our <a href="http://slack.k8s.io/">Slack channel</a>, <a href="https://discuss.kubernetes.io/">discussion board</a>, or join the
+                <a href="https://groups.google.com/forum/#!forum/kubernetes-dev">Kubernetes-dev Google group</a>. A weekly
+                community meeting takes place via video conference to discuss the state of affairs, see
+		<a href="https://github.com/kubernetes/community/blob/master/events/community-meeting.md">these instructions</a> for information
+	        on how to participate.</p>
+            <p>You can also join Kubernetes all around the world through our
+                <a href="https://www.meetup.com/topics/kubernetes/">Kubernetes Meetup Community</a> and the
+                <a href="https://www.meetup.com/Kubernetes-Cloud-Native-Online-Meetup/">Kubernetes Cloud Native Meetup Community</a>.</p>
+          </div> -->
+
+          <div class="content">
+              <h3>保证 Kubernetes 到处都适用，每个人都喜欢。</h3>
+              <p>在我们的<a href="http://slack.k8s.io/">Slack channel</a>,
+                <a href="https://discuss.kubernetes.io/">讨论版</a>, 或者
+                <a href="https://groups.google.com/forum/#!forum/kubernetes-dev">Kubernetes-dev Google 群主</a>上和 Kubernetes 互动。
+              同时，每周我们也有社区视频会议，讨论最新进展。参见
+  		<a href="https://github.com/kubernetes/community/blob/master/events/community-meeting.md">这些指导</a>了解如何参与其中。</p>
+              <p>你也可以在世界各地通过我们的
+                  <a href="https://www.meetup.com/topics/kubernetes/">Kubernetes Meetup 社区</a> 以及
+                  <a href="https://www.meetup.com/Kubernetes-Cloud-Native-Online-Meetup/">Kubernetes Cloud Native Meetup 社区</a>来参与。</p>
+            </div>
+
+        <!-- <div class="content">
+            <h3>Special Interest Groups (SIGs)</h3>
+            <p>Have a special interest in how Kubernetes works with another technology?  See our ever growing
+                <a href="https://git.k8s.io/community/sig-list.md">lists of SIGs</a>,
+                from AWS and Openstack to Big Data and Scalability, there's a place for you to contribute and instructions
+                for forming a new SIG if your special interest isn't covered (yet).</p>
+
+            <p>As a member of the Kubernetes community, you are welcome to join any of the SIG meetings
+                you are interested in. No registration required.</p>
+        </div> -->
+
+        <div class="content">
+            <h3>特殊兴趣小组 （Special Interest Groups，SIGs）</h3>
+            <p>对于 Kubernetes 是如何和另外的技术协作感兴趣？了解下我们不停发展的
+                <a href="https://git.k8s.io/community/sig-list.md">SIGs 群组</a>,
+                从 AWS 和 Openstack 到 大数据和可扩展性，总会有一个适合你，如果你所关注的不在其列，也有指导帮助你成立新的 SIG。</p>
+
+            <p>作为 Kubernetes 社区的一员，你可以随意加入任何你感兴趣的 SIG 会议。不需要额外注册。</p>
+        </div>
+
+        <!-- <div class="content">
+          <h3>Code of Conduct</h3>
+          <p>The Kubernetes community values respect and inclusiveness, and
+             enforces a <a href="code-of-conduct/">Code of Conduct</a> in all
+             interactions. If you notice a violation of the Code of Conduct at
+             an event or meeting, in Slack, or in another communication
+             mechanism, reach out to the <a href="https://github.com/kubernetes/community/tree/master/committee-code-of-conduct">Kubernetes Code of Conduct Committee</a>
+             <a href="mailto:conduct@kubernetes.io">conduct@kubernetes.io</a>.
+             Your anonymity will be protected.</p>
+           </p>
+         </div> -->
+
+         <div class="content">
+           <h3>行为规范</h3>
+           <p>Kubernetes 社区重视尊重和包容，并要求在所有场合都遵循
+             <a href="code-of-conduct/">行为规范</a>。
+             如果你在活动、会议、Slack 或是其它场合发现有任何违反行为规范的行为，请联系
+             <a href="https://github.com/kubernetes/community/tree/master/committee-code-of-conduct">Kubernetes 行为规范委员会</a>
+              <a href="mailto:conduct@kubernetes.io">conduct@kubernetes.io</a>.
+              我们会确保您的匿名性。</p>
+          </div>
+    </main>
+</section>
+
+<!-- <section id="talkToUs">
+    <main>
+        <h3>Talk to Us!</h3>
+        <h4>We would love to hear from you, how you are using Kubernetes,<br> and what we can do to make it better.</h4>
+        <div id="bigSocial">
+            <div>
+                <a href="https://twitter.com/kubernetesio">@kubernetesio</a>
+                <p>Get the latest news and updates.</p>
+            </div>
+            <div>
+                <a href="https://github.com/kubernetes/kubernetes">Github Project</a>
+                <p>Check out the project and consider contributing.</p>
+            </div>
+            <div>
+                <a href="http://slack.k8s.io/">#kubernetes-users</a>
+                <p>Our Slack channel is the best way to contact our engineers and share your ideas with them.</p>
+            </div>
+            <div>
+                <a href="http://stackoverflow.com/questions/tagged/kubernetes">Stack Overflow</a>
+                <p>Our user forum is a great place to go for community support.</p>
+            </div>
+        </div>
+    </main>
+</section> -->
+
+<section id="talkToUs">
+    <main>
+        <h3>与我们联系！</h3>
+        <h4>我们很希望听到你的声音，你是如何使用 Kubernetes 的，<br>以及我们可以将 Kubernetes 变得更美好。</h4>
+        <div id="bigSocial">
+            <div>
+                <a href="https://twitter.com/kubernetesio">@kubernetesio</a>
+                <p>获取更多的资讯和更新。</p>
+            </div>
+            <div>
+                <a href="https://github.com/kubernetes/kubernetes">Github 项目</a>
+                <p>了解项目，作出贡献。</p>
+            </div>
+            <div>
+                <a href="http://slack.k8s.io/">#kubernetes-users</a>
+                <p>Slack channel 是联系工程师，分享想法的最佳方法。</p>
+            </div>
+            <div>
+                <a href="http://stackoverflow.com/questions/tagged/kubernetes">Stack Overflow</a>
+                <p>我们的论坛是获得社区支持的最佳地点。</p>
+            </div>
+        </div>
+    </main>
+</section>
diff --git a/content/zh/community/code-of-conduct.md b/content/zh/community/code-of-conduct.md
new file mode 100644
index 0000000000000..848c58832ed5b
--- /dev/null
+++ b/content/zh/community/code-of-conduct.md
@@ -0,0 +1,44 @@
+---
+title: 社区
+layout: basic
+cid: community
+css: /css/community.css
+---
+
+<!-- ---
+title: Community
+layout: basic
+cid: community
+css: /css/community.css
+--- -->
+
+<div class="community_main">
+<!-- <h1>Kubernetes Community Code of Conduct</h1> -->
+<h1>Kubernetes 社区行为规范</h1>
+
+<!-- Kubernetes follows the
+<a href="https://github.com/cncf/foundation/blob/master/code-of-conduct.md">CNCF Code of Conduct</a>.
+The text of the CNCF CoC is replicated below, as of
+<a href="https://github.com/cncf/foundation/blob/0ce4694e5103c0c24ca90c189da81e5408a46632/code-of-conduct.md">commit 0ce4694</a>.
+If you notice that this is out of date, please
+<a href="https://github.com/kubernetes/website/issues/new">file an issue</a>. -->
+
+Kubernetes 遵循
+<a href="https://github.com/cncf/foundation/blob/master/code-of-conduct.md">CNCF 行为规范</a>。
+CNCF 社区规范文本如下链接
+<a href="https://github.com/cncf/foundation/blob/0ce4694e5103c0c24ca90c189da81e5408a46632/code-of-conduct.md">commit 0ce4694</a>。
+如果您发现这个 CNCF 社区规范文本已经过时，请
+<a href="https://github.com/kubernetes/website/issues/new">提交 issue</a>。
+
+<!-- If you notice a violation of the Code of Conduct at an event or meeting, in
+Slack, or in another communication mechanism, reach out to
+the [Kubernetes Code of Conduct Committee](https://github.com/kubernetes/community/tree/master/committee-code-of-conduct) <conduct@kubernetes.io>.
+Your anonymity will be protected. -->
+
+如果你在活动、会议、Slack 或是其它场合发现有任何违反行为规范的行为，请联系[Kubernetes 行为规范委员会](https://github.com/kubernetes/community/tree/master/committee-code-of-conduct)<conduct@kubernetes.io>。
+我们会确保您的匿名性。
+
+<div class="cncf_coc_container">
+{{< include "/static/cncf-code-of-conduct.md" >}}
+</div>
+</div>
diff --git a/content/zh/community/static/README.md b/content/zh/community/static/README.md
new file mode 100644
index 0000000000000..6d65182dcc2cb
--- /dev/null
+++ b/content/zh/community/static/README.md
@@ -0,0 +1,5 @@
+<!-- The files in this directory have been imported from other sources. Do not
+edit them directly, except by replacing them with new versions. -->
+
+本路径下的文件从其它地方导入。
+除了版本更新，不要直接修改。
diff --git a/content/zh/community/static/cncf-code-of-conduct.md b/content/zh/community/static/cncf-code-of-conduct.md
new file mode 100644
index 0000000000000..3ee025ba344fa
--- /dev/null
+++ b/content/zh/community/static/cncf-code-of-conduct.md
@@ -0,0 +1,46 @@
+<!-- Do not edit this file directly. Get the latest from
+     https://github.com/cncf/foundation/blob/master/code-of-conduct.md -->
+## CNCF Community Code of Conduct v1.0
+
+### Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of fostering
+an open and welcoming community, we pledge to respect all people who contribute
+through reporting issues, posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for
+everyone, regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
+religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic addresses,
+ without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are not
+aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers
+commit themselves to fairly and consistently applying these principles to every aspect
+of managing this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting
+the [Kubernetes Code of Conduct Committee](https://github.com/kubernetes/community/tree/master/committee-code-of-conduct) <conduct@kubernetes.io>.
+
+This Code of Conduct is adapted from the Contributor Covenant
+(http://contributor-covenant.org), version 1.2.0, available at
+http://contributor-covenant.org/version/1/2/0/
+
+### CNCF Events Code of Conduct
+
+CNCF events are governed by the Linux Foundation [Code of Conduct](http://events.linuxfoundation.org/events/cloudnativecon/attend/code-of-conduct) available on the event page. This is designed to be compatible with the above policy and also includes more details on responding to incidents.
diff --git a/content/zh/docs/_index.md b/content/zh/docs/_index.md
index e31ea1aea7473..0b9545eaa6524 100644
--- a/content/zh/docs/_index.md
+++ b/content/zh/docs/_index.md
@@ -1,3 +1,9 @@
 ---
 title: 文档
+weight: 5
 ---
+
+<!-- ---
+title: Home
+weight: 5
+--- -->
diff --git a/content/zh/docs/admin/authorization/_index.md b/content/zh/docs/admin/authorization/_index.md
new file mode 100644
index 0000000000000..7941c2705f393
--- /dev/null
+++ b/content/zh/docs/admin/authorization/_index.md
@@ -0,0 +1,155 @@
+---
+approvers:
+- erictune
+- lavalamp
+- deads2k
+- liggitt
+title: 概述
+content_template: templates/concept
+---
+
+{{% capture overview %}}
+
+学习有关 Kubernetes 授权的更多信息，包括有关使用支持的授权模块创建策略的详细信息。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+在 Kubernetes 里，您必须经过身份验证 ( 登录 )，才能授权您的请求 ( 授予访问权限 ).。有关认证的信息，请参阅[访问控制概述](/docs/admin/access-the-api/)。
+
+Kubernetes 提供通用的 REST API 请求。这意味着 Kubernetes 授权可以与现有的组织或云提供商的访问控制系统一起使用，该系统可以处理除 Kubernetes API 之外的其他 API。
+
+## 确定请求是允许还是被拒绝
+Kubernetes 使用 API ​​ 服务器授权 API 请求。它根据所有策略评估所有请求属性，并允许或拒绝请求。某些策略必须允许 API 请求的所有部分继续进行，这意味着默认情况下是拒绝权限。
+
+( 虽然 Kubernetes 使用 API ​​服务器，访问控制和依赖特定类型对象的特定领域策略由 Admission 控制器处理。)
+
+当配置多个授权模块时，按顺序检查每个模块，如果有任何模块授权请求，则可以继续执行该请求。如果所有模块拒绝请求，则拒绝该请求 (HTTP 状态代码 403)。
+
+## 查看您的请求属性
+
+Kubernetes 仅查看以下 API 请求属性 :
+
+* **user**  - 验证期间提供的 `user` 字符串
+* **group**  - 认证用户所属的组名列表
+* **extra**  - 由认证层提供的任意字符串键到字符串值的映射
+* **API**  - 指示请求是否用于 API 资源
+* **Request path**  - 诸如 `/api` 或 `/healthz` 的其他非资源端点的路径 ( 请参阅[kubectl](#kubectl)).
+* **API request verb**  -  API 动词 `get`，`list`，`create`，`update`，`patch`，`watch`，`proxy`，`redirect`，`delete` 和 `deletecollection` 用于资源请求。要确定资源 API 端点的请求动词，请参阅**确定下面的请求动词**.
+* **HTTP request verb**  -  HTTP 动词 `get`，`post`，`put` 和 `delete` 用于非资源请求
+* **Resource**  - 正在访问的资源的 ID 或名称 ( 仅适用于资源请求 )，对于使用 `get`, `update`, `patch`, 和 `delete` 动词的资源请求，您必须提供资源名称。
+* **Subresource**  - 正在访问的子资源 ( 仅用于资源请求 )
+* **Namespace**  - 正在被访问的对象的命名空间 ( 仅针对命名空间的资源请求 )
+* **API group**  - 正在访问的 API 组 ( 仅用于资源请求 ). 一个空字符串指定[核心 API 组](/docs/api/).
+
+## 确定请求动词
+
+要确定资源 API 端点的请求动词，请查看所使用的 HTTP 动词以及请求是否对单个资源或资源集合进行操作 :
+
+HTTP 动词 | 请求动词
+---------- | ---------------
+POST | 创建
+GET，HEAD | 获取 ( 个人资源 )，列表 ( 集合 )
+PUT | 更新
+PATCH | 补丁
+DELETE| 删除 ( 个人资源 )，删除 ( 收藏 )
+
+Kubernetes 有时会使用专门的动词检查授权以获得额外的权限。例如 :
+
+* [PodSecurityPolicy](/docs/concepts/policy/pod-security-policy/) 在 `extensions` API 组中的 `podsecuritypolicies` 资源上检查 `use` 动词的授权。
+* [RBAC](/docs/admin/authorization/rbac/#privilege-escalation-prevention-and-bootstrapping) 在 `rbac.authorization.k8s.io` API 组中的 `roles` 和 `clusterroles` 资源上检查 `bind` 动词的授权。
+* [认证](/docs/admin/authentication/) 在核心 API 组中的 `users`，`groups` 和 `serviceaccounts` 上的 `impersonate` 动词的授权以及 `authentication.k8s.io` API 组中的 `userextras` 进行层次检查。
+
+## 授权模块
+* **ABAC 模式**  - 基于属性的访问控制 (ABAC) 定义了访问控制范例，通过使用将属性组合在一起的策略来授予用户访问权限。策略可以使用任何类型的属性 ( 用户属性，资源属性，对象，环境属性等 )。要了解有关使用 ABAC 模式的更多信息，请参阅 [ABAC 模式](/docs/admin/authorization/abac/)
+* **RBAC 模式**  - 基于角色的访问控制 (RBAC) 是一种根据企业内个人用户的角色来调整对计算机或网络资源的访问的方法。在这种情况下，访问是单个用户执行特定任务 ( 例如查看，创建或修改文件 ) 的能力。要了解有关使用 RBAC 模式的更多信息，请参阅 [RBAC 模式](/docs/admin/authorization/rbac/)
+*当指定 "RBAC"( 基于角色的访问控制 ) 使用 "rbac.authorization.k8s.io" API 组来驱动授权决定时，允许管理员通过 Kubernetes API 动态配置权限策略 .
+.. *截至 1.6 RBAC 模式是测试版 .
+.. *要启用 RBAC，请使用 `--authorization-mode=RBAC` 启动 apiserver.
+* **Webhook 模式**  -  WebHook 是 HTTP 回调 : 发生事件时发生的 HTTP POST; 通过 HTTP POST 简单的事件通知 . 实施 WebHooks 的 Web 应用程序将在某些事情发生时向 URL 发送消息 . 要了解有关使用 Webhook 模式的更多信息，请参阅[Webhook 模式](/docs/admin/authorization/webhook/)
+* **自定义模块**  - 您可以创建使用 Kubernetes 的自定义模块 . 要了解更多信息，请参阅下面的**自定义模块**。
+
+### 自定义模块
+可以相当容易地开发其他实现 ,APIserver 调用 Authorizer 接口：
+
+```go
+type Authorizer interface {
+  Authorize(a Attributes) error
+}
+```
+
+以确定是否允许每个 API 操作 .
+
+授权插件是实现此接口的模块 . 授权插件代码位于 `pkg/auth/authorizer/$MODULENAME` 中。
+
+授权模块可以完全实现，也可以拨出远程授权服务。 授权模块可以实现自己的缓存，以减少具有相同或相似参数的重复授权调用的成本。 开发人员应该考虑缓存和撤销权限之间的交互。
+
+#### 检查 API 访问
+
+Kubernetes 将 `subjectaccessreviews.v1.authorization.k8s.io`  资源公开为允许外部访问 API 授权者决策的普通资源。 无论您选择使用哪个授权器，您都可以使用 `SubjectAccessReview` 发出一个 `POST`，就像 webhook 授权器的 `apis/authorization.k8s.io/v1/subjectaccessreviews` 端点一样，并回复一个响应。 例如：
+
+
+```bash
+kubectl create --v=8 -f -  << __EOF__
+{
+  "apiVersion": "authorization.k8s.io/v1",
+  "kind": "SubjectAccessReview",
+  "spec": {
+    "resourceAttributes": {
+      "namespace": "kittensandponies",
+      "verb": "get",
+      "group": "unicorn.example.org",
+      "resource": "pods"
+    },
+    "user": "jane",
+    "group": [
+      "group1",
+      "group2"
+    ],
+    "extra": {
+      "scopes": [
+        "openid",
+        "profile"
+      ]
+    }
+  }
+}
+__EOF__
+
+--- snip lots of output ---
+
+I0913 08:12:31.362873   27425 request.go:908] Response Body: {"kind":"SubjectAccessReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"resourceAttributes":{"namespace":"kittensandponies","verb":"GET","group":"unicorn.example.org","resource":"pods"},"user":"jane","group":["group1","group2"],"extra":{"scopes":["openid","profile"]}},"status":{"allowed":true}}
+subjectaccessreview "" created
+```
+
+这对于调试访问问题非常有用，因为您可以使用此资源来确定授权者授予哪些访问权限。
+
+## 为您的授权模块使用标志
+
+您的策略中必须包含一个标志，以指出您的策略包含哪个授权模块 :
+
+可以使用以下标志 :
+ - `--authorization-mode=ABAC` 基于属性的访问控制 (ABAC) 模式允许您使用本地文件配置策略。
+ - `--authorization-mode=RBAC` 基于角色的访问控制 (RBAC) 模式允许您使用 Kubernetes API 创建和存储策略 .
+ - `--authorization-mode=Webhook` WebHook 是一种 HTTP 回调模式，允许您使用远程 REST 管理授权。
+ - `--authorization-mode=AlwaysDeny` 此标志阻止所有请求 . 仅使用此标志进行测试。
+ - `--authorization-mode=AlwaysAllow` 此标志允许所有请求 . 只有在您不需要 API 请求授权的情况下才能使用此标志。
+
+您可以选择多个授权模块，如果其中一种模式为 `AlwaysAllow`，则覆盖其他模式，并允许所有 API 请求。
+
+## 版本控制
+
+对于版本 1.2，配置了 kube-up.sh 创建的集群，以便任何请求都不需要授权。
+
+从版本 1.3 开始，配置由 kube-up.sh 创建的集群，使得 ABAC 授权模块处于启用状态。但是，其输入文件最初设置为允许所有用户执行所有操作，集群管理员需要编辑该文件，或者配置不同的授权器来限制用户可以执行的操作。
+
+{{% /capture %}}
+{{% capture whatsnext %}}
+
+* 要学习有关身份验证的更多信息，请参阅**身份验证**[控制访问 Kubernetes API](docs/admin/access-the-api/)。
+* 要了解有关入学管理的更多信息，请参阅[使用 Admission 控制器](docs/admin/admission-controllers/)。
+*
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/admin/high-availability/_index.md b/content/zh/docs/admin/high-availability/_index.md
new file mode 100644
index 0000000000000..4d854b8daffba
--- /dev/null
+++ b/content/zh/docs/admin/high-availability/_index.md
@@ -0,0 +1,214 @@
+---
+title: 构建高可用集群
+---
+
+
+## 简介
+
+
+本文描述了如何构建一个高可用（high-availability, HA）的 Kubernetes 集群。这是一个非常高级的主题。
+
+对于仅希望使用 Kubernetes 进行试验的用户，推荐使用更简单的配置工具进行搭建，例如：
+[Minikube](/docs/getting-started-guides/minikube/)，或者尝试使用[Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) 来运行 Kubernetes。
+
+此外，当前在我们的端到端（e2e）测试环境中，没有对 Kubernetes 高可用的支持进行连续测试。我们将会增加这个连续测试项，但当前对单节点 master 的安装测试得更加严格。
+
+{{< toc >}}
+
+## 概览
+
+
+搭建一个正真可靠，高度可用的分布式系统需要若干步骤。这类似于穿上内衣，裤子，皮带，背带，另一套内衣和另一套裤子。我们会详细介绍每一个步骤，但先在这里给出一个总结来帮助指导用户。
+
+
+相关步骤如下：
+
+   * [创建可靠的组成节点，共同形成我们的高可用主节点实现。](# 可靠的节点 )
+   * [使用 etcd 集群，搭建一个冗余的，可靠的存储层。](# 建立一个冗余的，可靠的存储层 )
+   * [启动具有备份和负载均衡能力的 Kubernetes API 服务](# 复制的 API 服务 )
+   * [搭建运行 master 选举的 Kubernetes scheduler 和 controller-manager 守护程序](# 进行 master 选举的组件 )
+  
+系统完成时看起来应该像这样：
+
+![High availability Kubernetes diagram](/images/docs/ha.svg)
+
+
+## 初始配置
+
+
+本文假设你正在搭建一个 3 节点的主节点集群，每个节点上都运行者某种 Linux 系统。
+
+指南中的示例使用 Debian 发行版，但它们应该可以被轻松移植到其他发行版上。
+
+同样的，不管在公有云还是私有云亦或是裸机上，这个配置都应该可以运行。
+
+
+从一个现成的单主节点集群开始是实现一个高可用 Kubernetes 集群的最简单的方法。这篇指导 [https://get.k8s.io](https://get.k8s.io) 描述了在多种平台上方便的安装一个单主节点集群的方法。
+
+## 可靠的节点
+
+
+我们在每个主节点上都将运行数个实现 Kubernetes API 的进程。使他们可靠的第一步是保证在发生故障时，每一个进程都可以自动重启。为了实现这个目标，我们需要安装一个进程监视器。我们选择了在每个工作者节点上都会运行的 `kubelet` 进程。这会带来便利性，因为我们使用了容器来分发我们的二进制文件，所以我们能够为每一个守护程序建立资源限制并省查它们的资源消耗。当然，我们也需要一些手段来监控 kubelete 本身（在此监测监控者本身是一个有趣的话题）。对于 Debian 系统我们选择了 monit，但也有许多可替代的工具。例如在基于 systemd 的系统上（如 RHEL, CentOS），你可以运行 'systemctl enable kubelet'。
+
+
+如果你是从标准的 Kubernetes 安装扩展而来，那么 `kubelet` 二进制文件应该已经存在于你的系统中。你可以运行 `which kubelet` 来判断是否确实安装了这个二进制文件。如果没有安装的话，你应该手动安装 [kubelet binary](https://storage.googleapis.com/kubernetes-release/release/v0.19.3/bin/linux/amd64/kubelet), 
+[kubelet init file](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/saltbase/salt/kubelet/initd) 和 [default-kubelet](/docs/admin/high-availability/default-kubelet) 脚本。
+
+如果使用 monit，你还需要安装 monit 守护程序（`apt-get install monit`）以及[monit-kubelet](/docs/admin/high-availability/monit-kubelet) 和
+[monit-docker](/docs/admin/high-availability/monit-docker) 配置。
+
+在使用 systemd 的系统上，你可以执行 `systemctl enable kubelet` 和 `systemctl enable docker`。
+
+
+## 建立一个冗余的，可靠的存储层
+
+
+高可用方案的中心基础是一个冗余的，可靠的存储层。高可用的头条规则是保护数据。不管发生了什么，不管什么着了火，只要还有数据，你就可以重建。如果丢掉了数据，你就完了。
+
+
+集群化的 etcd 已经把你存储的数据复制到了你集群中的所有主节点实例上。这意味着如果要想丢失数据，三个节点的物理（或虚拟）硬盘需要全部同时故障。这种情况发生的概率是比较低的，所以对于许多人来说，运行一个复制的 etcd 集群可能已经足够的可靠了。你可以将集群数量从 3 个增大到 5 个来增加集群的可靠性。如果那样还不够，你可以添加[更多的可靠性到你的存储层](# 更加可靠的存储 )。
+
+
+### 集群化 etcd
+
+
+集群化 etcd 的完整细节超出了本文范围，你可以在[etcd clustering page](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md) 找到许多详细内容。这个例子仅走查一个简单的集群建立过程，使用 etcd 内置的发现功能来构建我们的集群。
+
+
+首先，调用 etcd 发现服务来创建一个新令牌 :
+
+```shell
+curl https://discovery.etcd.io/new?size=3
+```
+
+
+在每个节点上，拷贝 [etcd.yaml](/docs/admin/high-availability/etcd.yaml) 文件到 `/etc/kubernetes/manifests/etcd.yaml`。
+
+
+每个节点上的 kubelet 会动态的监控这个文件夹的内容，并且会按照 `etcd.yaml` 里对 pod 的定义创建一个 `etcd` 服务的实例。
+
+
+请注意，你应该使用上文中获取的令牌 URL 替换全部三个节点上 `etcd.yaml` 中的 `${DISCOVERY_TOKEN}` 项。同时还应该将每个节点上的 `${NODE_NAME}` 替换为一个不同的名字（例如：`node-1`），并将 `${NODE_IP}` 替换为正确的 IP 地址。
+
+
+#### 验证你的集群
+
+
+如果已经将这个文件拷贝到所有三个节点，你应该已经搭建起了一个集群化的 etcd。你可以在主节点上进行验证：
+```shell
+kubectl exec < pod_name > etcdctl member list
+```
+
+和
+
+```shell
+kubectl exec < pod_name > etcdctl cluster-health
+```
+
+
+你也可以在一个节点上运行 `etcdctl set foo bar`，在另一个节点上运行 `etcdctl get foo` 来验证集群是否工作正常。
+
+
+### 更加可靠的存储
+
+
+当然，如果你对增加数据的可靠性感兴趣，这里还有一些更深入的选项可以使 etcd 把它的数据存放在比常规硬盘更可靠的地方（裤带和背带，ftw!）。
+
+
+如果你使用云服务，那么你的提供商通常会为你提供这个特性，例如 Google Cloud Platform 上的 [Persistent Disk](https://cloud.google.com/compute/docs/disks/persistent-disks) 。它们是可以挂载到你的虚拟机中的块设备持久化存储。其他的云服务提供商提供了类似的解决方案。
+
+
+如果运行于物理机之上，你仍然可以使用 iSCSI 或者 NFS 接口通过网络来连接冗余存储。
+此外，你还可以运行一个集群文件系统，比如 Gluster 或者 Ceph。最后，你还可以在你的每个物理机器上运行 RAID 矩阵。
+
+
+不管你选择如何实现，如果已经选择了使用其中的一个选项，那么你应该保证你的存储被挂载到了每一台机器上。如果你的存储在集群中的三个主节点之间共享，那么你应该在存储上为每一个节点创建一个不同的文件夹。对于所有的这些指导，我们都假设这个存储被挂载到你机器上的 `/var/etcd/data` 路径。
+
+
+## 复制的 API 服务
+
+
+在正确搭建复制的 etcd 之后，我们还需要使用 kubelet 安装 apiserver。
+
+
+
+
+首先，你需要创建初始的日志文件，这样 Docker 才会挂载一个文件而不是一个文件夹：
+```shell
+touch /var/log/kube-apiserver.log
+```
+
+接下来，你需要在每个节点上创建一个 `/srv/kubernetes/` 文件夹。这个文件夹包含：
+
+   * basic_auth.csv  - 基本认证的用户名和密码
+   * ca.crt - CA 证书
+   * known_tokens.csv - 实体（例如 kubelet）用来和 apiserver 通信的令牌
+   * kubecfg.crt - 客户端证书，公钥
+   * kubecfg.key - 客户端证书，私钥
+   * server.cert - 服务端证书，公钥
+   * server.key - 服务端证书，私钥
+
+
+创建这个文件夹最简单的方法可以是从一个工作正常的集群的主节点拷贝，或者你也可以手动生成它们。
+
+
+### 启动 API 服务
+
+
+一旦这些文件已经存在了，拷贝 [kube-apiserver.yaml](/docs/admin/high-availability/kube-apiserver.yaml) 到每个主节点的 `/etc/kubernetes/manifests/` 文件夹。
+
+
+kubelet 会监控这个文件夹，并且会按照文件里对 pod 的定义创建一个 `kube-apiserver` 容器。
+
+
+### 负载均衡
+
+
+现在，你应该有 3 个全部正常工作的 apiserver 了。如果搭建了网络负载均衡器，你应该能够通过那个负载均衡器访问你的集群，并且看到负载在 apiserver 实例间分发。设置负载均衡器依赖于你的平台的实际情况，例如对于 Google Cloud Platform 的指导可以在[这里](https://cloud.google.com/compute/docs/load-balancing/) 找到。
+
+
+请注意，如果使用了身份认证，你可能需要重新生成你的证书，除每个节点的 IP 地址外额外包含负载均衡器的 IP 地址。
+
+
+对于部署在集群中的 pods， `kubernetes` 服务 /dns 名称应该自动的为主节点提供了负载均衡的 endpoint。
+
+
+对于使用 API 的外部用户（如命令行运行的 `kubectl`，持续集成管道或其他客户端）你会希望将他们配置成为访问外部负载均衡器的地址。
+
+
+## 进行 Master 选举的组件
+
+
+到目前为止，我们已经搭建了状态存储，也搭建好了 API 服务，但我们还没有运行任何真正改变集群状态的服务，比如 controller manager 和 scheduler。为了可靠的实现这个目标，我们希望在同一时间只有一个参与者在修改集群状态。但是我们希望复制这些参与者的实例以防某个机器宕机。要做到这一点，我们打算在 API 中使用一个 lease-lock 来执行 master 选举。我们会对每一个 scheduler 和 controller-manager 使用 `--leader-elect` 标志，从而在 API 中使用一个租约来保证同一时间只有一个 scheduler 和 controller-manager 的实例正在运行。
+
+
+scheduler 和 controller-manager 可以配置为只和位于它们相同节点（即 127.0.0.1）上的 API 服务通信，也可以配置为使用 API 服务的负载均衡器的 IP 地址。不管它们如何配置，当使用 `--leader-elect` 时 scheduler 和 controller-manager 都将完成上文提到的 leader 选举过程。
+
+
+为了防止访问 API 服务失败，选举出的 leader 不能通过更新租约来选举一个新的 leader。当 scheduler 和 controller-manager 通过 127.0.0.1 访问 API 服务，而相同节点上的 API 服务不可用时，这一点相当重要。
+
+
+### 安装配置文件
+
+
+首先，在每个节点上创建空白日志文件，这样 Docker 就会挂载这些文件而不是创建一个新文件夹：
+
+```shell
+touch /var/log/kube-scheduler.log
+touch /var/log/kube-controller-manager.log
+```
+
+
+接下来，在每个节点上配置 scheduler 和 controller manager pods 的描述文件。拷贝 [kube-scheduler.yaml](/docs/admin/high-availability/kube-scheduler.yaml) 和 [kube-controller-manager.yaml](/docs/admin/high-availability/kube-controller-manager.yaml) 到 `/etc/kubernetes/manifests/` 文件夹。
+
+
+## 结尾
+
+
+此时，你已经完成了 master 组件的配置（耶！），但你还需要添加工作者节点（噗！）。
+
+
+如果你有一个现成的集群，你只需要在每个节点上简单的重新配置你的 kubeletes 连接到负载均衡的 endpoint 并重启它们。
+
+
+如果你搭建的是一个全新的集群，你将需要在每个工作节点上安装 kubelet 和 kube-proxy，并设置 `--apiserver` 指向复制的 endpoint。
\ No newline at end of file
diff --git a/content/zh/docs/admin/ovs-networking.md b/content/zh/docs/admin/ovs-networking.md
new file mode 100644
index 0000000000000..856148c0d84b2
--- /dev/null
+++ b/content/zh/docs/admin/ovs-networking.md
@@ -0,0 +1,22 @@
+---
+approvers:
+- thockin
+title: Kubernetes OpenVSwitch GRE/VxLAN 网络
+---
+
+本文档介绍了如何使用 OpenVSwitch，在跨 nodes 的 pods 之间设置网络。
+隧道类型可以是 GRE 或者是 VxLAN。如需在网络内执行大规模隔离时，最好使用 VxLAN。
+
+![OVS Networking](/images/docs/ovs-networking.png)
+
+Kubernetes 中 Vagrant 的设置如下：
+
+docker 网桥被 brctl 生成的 Linux 网桥（kbr0） 所代替，kbr0 是具有 256 个地址空间的子网。总的来说，node 会得到 10.244.x.0/24 的子网，docker 上配置使用的网桥会代替默认 docker0 的网桥。
+
+另外，OVS 网桥创建（obr0），并将其作为端口添加到 kbr0 的网桥中。所有 OVS 网桥通过 GRE 隧道连接所有的 nodes。因此，每个 node 都有一个到其他 nodes 的出站 GRE 隧道。这个隧道没有必要是一个完整的网状物，但是越像网状结构越好。在网桥上开启 STP （生成树）模式以防止环路的发生。
+
+路由规则允许任何 10.244.0.0/16 通过与隧道相连的 OVS 网桥到达目标。
+
+
+
+
diff --git a/content/zh/docs/concepts/_index.md b/content/zh/docs/concepts/_index.md
index 6059a0544ef7f..59de4ca192596 100644
--- a/content/zh/docs/concepts/_index.md
+++ b/content/zh/docs/concepts/_index.md
@@ -28,7 +28,7 @@ weight: 40
 
 <!-- To work with Kubernetes, you use *Kubernetes API objects* to describe your cluster's *desired state*: what applications or other workloads you want to run, what container images they use, the number of replicas, what network and disk resources you want to make available, and more. You set your desired state by creating objects using the Kubernetes API, typically via the command-line interface, `kubectl`. You can also use the Kubernetes API directly to interact with the cluster and set or modify your desired state. -->
 
-要使用 Kubernetes，你需要用 *Kubernetes API 对象* 来描述集群的*预期状态（desired state）* ：包括你需要运行的应用或者负载，它们使用的镜像、副本数，以及所需网络和磁盘资源等等。你可以使用命令行工具 `kubectl`  来调用 Kubernetes API 创建对象，通过所创建的这些对象来配置预期状态。你也可以直接调用 Kubernetes API 和集群进行交互，设置或者修改预期状态。
+要使用 Kubernetes，你需要用 *Kubernetes API 对象* 来描述集群的 *预期状态（desired state）* ：包括你需要运行的应用或者负载，它们使用的镜像、副本数，以及所需网络和磁盘资源等等。你可以使用命令行工具 `kubectl`  来调用 Kubernetes API 创建对象，通过所创建的这些对象来配置预期状态。你也可以直接调用 Kubernetes API 和集群进行交互，设置或者修改预期状态。
 
 <!-- Once you've set your desired state, the *Kubernetes Control Plane* works to make the cluster's current state match the desired state. To do so, Kubernetes performs a variety of tasks automatically--such as starting or restarting containers, scaling the number of replicas of a given application, and more. The Kubernetes Control Plane consists of a collection of processes running on your cluster:  -->
 
@@ -39,7 +39,7 @@ weight: 40
   * **[kubelet](/docs/admin/kubelet/)**, which communicates with the Kubernetes Master.
   * **[kube-proxy](/docs/admin/kube-proxy/)**, a network proxy which reflects Kubernetes networking services on each node. -->
 
-*  **Kubernetes 主控组件（Master）** 包含三个进程，都运行在集群中的某个节上，通常这个节点被称为 master 节点。这些进程包括：[kube-apiserver](/docs/admin/kube-apiserver/)、[kube-controller-manager](/docs/admin/kube-controller-manager/)和[kube-scheduler](/docs/admin/kube-scheduler/)。
+*  **Kubernetes 主控组件（Master）** 包含三个进程，都运行在集群中的某个节上，通常这个节点被称为 master 节点。这些进程包括：[kube-apiserver](/docs/admin/kube-apiserver/)、[kube-controller-manager](/docs/admin/kube-controller-manager/) 和 [kube-scheduler](/docs/admin/kube-scheduler/)。
 * 集群中的每个非 master 节点都运行两个进程：
   * **[kubelet](/docs/admin/kubelet/)**，和 master 节点进行通信。
   * **[kube-proxy](/docs/admin/kube-proxy/)**，一种网络代理，将 Kubernetes 的网络服务代理到每个节点上。
@@ -50,7 +50,7 @@ weight: 40
 
 <!-- Kubernetes contains a number of abstractions that represent the state of your system: deployed containerized applications and workloads, their associated network and disk resources, and other information about what your cluster is doing. These abstractions are represented by objects in the Kubernetes API; see the [Kubernetes Objects overview](/docs/concepts/abstractions/overview/) for more details.  -->
 
-Kubernetes 包含若干抽象用来表示系统状态，包括：已部署的容器化应用和负载、与它们相关的网络和磁盘资源以及有关集群正在运行的其他操作的信息。这些抽象使用 Kubernetes API 对象来表示。参阅 [Kubernetes对象概述](/docs/concepts/abstractions/overview/)以了解详细信息。
+Kubernetes 包含若干抽象用来表示系统状态，包括：已部署的容器化应用和负载、与它们相关的网络和磁盘资源以及有关集群正在运行的其他操作的信息。这些抽象使用 Kubernetes API 对象来表示。参阅 [Kubernetes 对象概述](/docs/concepts/abstractions/overview/)以了解详细信息。
 
 <!-- The basic Kubernetes objects include: -->
 
@@ -77,7 +77,7 @@ Kubernetes 包含若干抽象用来表示系统状态，包括：已部署的容
 
 <!-- The various parts of the Kubernetes Control Plane, such as the Kubernetes Master and kubelet processes, govern how Kubernetes communicates with your cluster. The Control Plane maintains a record of all of the Kubernetes Objects in the system, and runs continuous control loops to manage those objects' state. At any given time, the Control Plane's control loops will respond to changes in the cluster and work to make the actual state of all the objects in the system match the desired state that you provided. -->
 
-关于 Kubernetes 控制平面的各个部分，（如 Kubernetes 主控组件和 kubelet 进程，管理着 Kubernetes 如何与你的集群进行通信。控制平面维护着系统中所有的 Kubernetes 对象的状态记录，并且通过连续的控制循环来管理这些对象的状态。在任一的给定时间点，控制面的控制环都能响应集群中的变化，并且让系统中所有对象的实际状态与你提供的预期状态相匹配。
+关于 Kubernetes 控制平面的各个部分，（如 Kubernetes 主控组件和 kubelet 进程），管理着 Kubernetes 如何与你的集群进行通信。控制平面维护着系统中所有的 Kubernetes 对象的状态记录，并且通过连续的控制循环来管理这些对象的状态。在任意的给定时间点，控制面的控制环都能响应集群中的变化，并且让系统中所有对象的实际状态与你提供的预期状态相匹配。
 
 <!-- For example, when you use the Kubernetes API to create a Deployment object, you provide a new desired state for the system. The Kubernetes Control Plane records that object creation, and carries out your instructions by starting the required applications and scheduling them to cluster nodes--thus making the cluster's actual state match the desired state. -->
 
@@ -93,7 +93,7 @@ Kubernetes master 节点负责维护集群的目标状态。当你要与 Kuberne
 
 <!-- > The "master" refers to a collection of processes managing the cluster state.  Typically these processes are all run on a single node in the cluster, and this node is also referred to as the master. The master can also be replicated for availability and redundancy. -->
 
-> "master" 是指管理集群状态的一组进程的集合。通常这些进程都跑在集群中一个单独的节点上，并且这个节点被称为 master 节点。master 节点也可以扩展副本数，来获取更好的性能及冗余。
+> "master" 是指管理集群状态的一组进程的集合。通常这些进程都跑在集群中一个单独的节点上，并且这个节点被称为 master 节点。master 节点也可以扩展副本数，来获取更好的可用性及冗余。
 
 <!-- ### Kubernetes Nodes -->
 
@@ -108,7 +108,7 @@ Kubernetes master 节点负责维护集群的目标状态。当你要与 Kuberne
 #### 对象元数据
 
 
-* [注释](/docs/concepts/overview/working-with-objects/annotations/)
+* [注解](/docs/concepts/overview/working-with-objects/annotations/)
 
 {{% /capture %}}
 
diff --git a/content/zh/docs/concepts/architecture/_index.md b/content/zh/docs/concepts/architecture/_index.md
new file mode 100755
index 0000000000000..93d61ea5ff67e
--- /dev/null
+++ b/content/zh/docs/concepts/architecture/_index.md
@@ -0,0 +1,11 @@
+---
+title: "Kubernetes 架构"
+weight: 30
+---
+
+<!--
+---
+title: "Kubernetes Architecture"
+weight: 30
+---
+-->
\ No newline at end of file
diff --git a/content/zh/docs/concepts/architecture/cloud-controller.md b/content/zh/docs/concepts/architecture/cloud-controller.md
index efa9ee49db05c..77e36af2c1ded 100644
--- a/content/zh/docs/concepts/architecture/cloud-controller.md
+++ b/content/zh/docs/concepts/architecture/cloud-controller.md
@@ -1,175 +1,458 @@
-title: 云控制器管理器的基本概念
+---
+title: 云控制器管理器的基础概念
+content_template: templates/concept
+weight: 30
+---
 
-## 云控制器管理器
+<!--
+---
+title: Concepts Underlying the Cloud Controller Manager
+content_template: templates/concept
+weight: 30
+---
+-->
 
-云控制器管理器（CCM）这个概念创建的初衷是为了让特定的云服务供应商代码和Kubernetes核心相互独立演化。云控制器管理器与其他主要组件如Kubernetes控制器管理器，API服务器和调度程序同时运行。云控制器管理器也可以作为Kubernetes的插件启动，这种情况下，CCM运行在Kubernetes系统之上。
 
-云控制器管理器基于插件机制设计，允许新的云服务供应商通过插件轻松地与Kubernetes集成。目前已经有在Kubernetes上加入新的云服务供应商计划，并为云服务供应商提供从原先的旧模式迁移到新CCM模式的方案。
+{{% capture overview %}}
+
+<!--
+The cloud controller manager (CCM) concept (not to be confused with the binary) was originally created to allow cloud specific vendor code and the Kubernetes core to evolve independent of one another. The cloud controller manager runs alongside other master components such as the Kubernetes controller manager, the API server, and scheduler. It can also be started as a Kubernetes addon, in which case it runs on top of Kubernetes.
+-->
+
+云控制器管理器（cloud controller manager，CCM）这个概念 （不要与二进制文件混淆）创建的初衷是为了让特定的云服务供应商代码和 Kubernetes 核心相互独立演化。云控制器管理器与其他主要组件（如 Kubernetes 控制器管理器，API 服务器和调度程序）一起运行。它也可以作为 Kubernetes 的插件启动，在这种情况下，它会运行在 Kubernetes 之上。
+
+<!--
+The cloud controller manager's design is based on a plugin mechanism that allows new cloud providers to integrate with Kubernetes easily by using plugins. There are plans in place for on-boarding new cloud providers on Kubernetes and for migrating cloud providers from the old model to the new CCM model.
+-->
+
+云控制器管理器基于插件机制设计，允许新的云服务供应商通过插件轻松地与 Kubernetes 集成。目前已经有在 Kubernetes 上加入新的云服务供应商计划，并为云服务供应商提供从原先的旧模式迁移到新 CCM 模式的方案。
+
+<!--
+This document discusses the concepts behind the cloud controller manager and gives details about its associated functions.
+-->
 
 本文讨论了云控制器管理器背后的概念，并提供了相关功能的详细信息。
 
-下面这张图描述了没有云控制器管理器的Kubernetes集群架构：
+<!--
+Here's the architecture of a Kubernetes cluster without the cloud controller manager: -->
+
+这是没有云控制器管理器的 Kubernetes 集群的架构：
+
+<!--
+![Pre CCM Kube Arch](/images/docs/pre-ccm-arch.png)
+-->
+
+![没有云控制器管理器的 Kubernetes 架构](/images/docs/pre-ccm-arch.png)
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Design
+-->
 
-![无云控制器管理器的 K8s 集群架构](/images/docs/pre-ccm-arch.png)
 
 ## 设计
 
-在上图中，Kubernetes和云服务供应商通过几个不同的组件进行了集成，分别是：
+<!--
+In the preceding diagram, Kubernetes and the cloud provider are integrated through several different components:
+-->
+
+在上图中，Kubernetes 和云服务供应商通过几个不同的组件进行了集成，分别是：
+
+<!--
+* Kubelet
+* Kubernetes controller manager
+* Kubernetes API server
+-->
 
 * Kubelet
 * Kubernetes 控制管理器
-* Kubernetes API服务器
+* Kubernetes API 服务器
+
+<!--
+The CCM consolidates all of the cloud-dependent logic from the preceding three components to create a single point of integration with the cloud. The new architecture with the CCM looks like this:
+-->
+
+CCM 整合了前三个组件中的所有依赖于云的逻辑，以创建与云的单一集成点。CCM 的新架构如下所示：
+
+<!-- ![CCM Kube Arch](/images/docs/post-ccm-arch.png) -->
 
-而CCM整合了前三个组件中的所有依赖于云的逻辑，用来创建与云的单点集成。新架构如下图所示：
+![含有云控制器管理器的 Kubernetes 架构](/images/docs/post-ccm-arch.png)
 
-![有云控制器管理器的 K8s 集群架构](/images/docs/post-ccm-arch.png)
+<!--
+## Components of the CCM
+-->
+## CCM 的组成部分
 
-## CCM的组件
+<!--
+The CCM breaks away some of the functionality of Kubernetes controller manager (KCM) and runs it as a separate process. Specifically, it breaks away those controllers in the KCM that are cloud dependent. The KCM has the following cloud dependent controller loops:
+ -->
 
-CCM突破了Kubernetes控制器管理器（KCM）的一些功能，并将其作为一个独立的进程运行。具体而言，它打破了KCM中与云相关的控制器。KCM具有以下依赖于云的控制器引擎：
+CCM 打破了 Kubernetes 控制器管理器（KCM）的一些功能，并将其作为一个单独的进程运行。具体来说，它打破了 KCM 中依赖于云的控制器。KCM 具有以下依赖于云的控制器：
+
+<!--
+ * Node controller
+ * Volume controller
+ * Route controller
+ * Service controller
+-->
 
 * 节点控制器
 * 卷控制器
 * 路由控制器
 * 服务控制器
+<!--
+In version 1.9, the CCM runs the following controllers from the preceding list:
+ -->
+
+在 1.9 版本中，CCM 运行前述列表中的以下控制器：
 
-在1.8版本中，当前运行中的CCM从上面的列表中运行以下控制器：
+<!--
+* Node controller
+* Route controller
+* Service controller
+-->
 
 * 节点控制器
 * 路由控制器
 * 服务控制器
 
-另外，它运行另一个名为 PersistentVolumeLabels Controller 的控制器。这个控制器负责对在GCP和AWS云里创建的PersistentVolumes的域（Zone）和区（Region）标签进行设置。
+<!--
+Additionally, it runs another controller called the PersistentVolumeLabels controller. This controller is responsible for setting the zone and region labels on PersistentVolumes created in GCP and AWS clouds.
+-->
+
+此外，它还运行另一个名为 PersistentVolumeLabels Controller 的控制器，这个控制器负责在 GCP 和 AWS 云中创建的 PersistentVolumes 的域（zone）和区（region）标签进行设置。
+
+{{< note >}}
+<!--
+Volume controller was deliberately chosen to not be a part of CCM. Due to the complexity involved and due to the existing efforts to abstract away vendor specific volume logic, it was decided that volume controller will not be moved to CCM.
+-->
+
+注意卷控制器不属于 CCM，由于其中涉及到的复杂性和对现有供应商特定卷的逻辑抽象，因此决定了卷控制器不会被移动到 CCM 之中。
 
-**注意**：卷控制器被特意设计为CCM之外的一部分。由于其中涉及到的复杂性和对现有供应商特定卷的逻辑抽象，因此决定了卷控制器不会被移动到CCM之中。
+{{< /note >}}
 
-原本计划使用CCM来支持卷的目的是为了引入FlexVolume卷来支持可插拔卷。然而，官方正在计划使用更具备竞争力的CSI来取代FlexVolume卷。
+<!--
+The original plan to support volumes using CCM was to use Flex volumes to support pluggable volumes. However, a competing effort known as CSI is being planned to replace Flex.
+-->
 
-考虑到这些正在进行中的变化，我们决定暂时停止当前工作直至CSI准备就绪。
+使用 CCM 支持 volume 的最初计划是使用 Flex volume 来支持可插拔卷，但是现在正在计划一项名为 CSI 的项目以取代 Flex。
 
-云服务供应商工作组（wg-cloud-provider）正在开展相关工作，以实现通过CCM支持PersistentVolume的功能。详细信息请参见[kubernetes/kubernetes＃52371](https://github.com/kubernetes/kubernetes/pull/52371)。
+<!--
+Considering these dynamics, we decided to have an intermediate stop gap measure until CSI becomes ready.
+-->
 
-## CCM功能
+考虑到这些正在进行中的变化，在 CSI 准备就绪之前，我们决定停止当前的工作。
 
-CCM从Kubernetes组件中继承了与云服务供应商相关的功能。本节基于被CCM继承其功能的组件展开描述。
+<!--
+## Functions of the CCM
+-->
+
+## CCM 的功能
+
+<!--
+The CCM inherits its functions from components of Kubernetes that are dependent on a cloud provider. This section is structured based on those components.
+-->
+
+CCM 从依赖于云提供商的 Kubernetes 组件继承其功能，本节基于这些组件组织。
+
+<!--
+### 1. Kubernetes controller manager
+-->
 
 ### 1. Kubernetes 控制器管理器
 
-CCM的大部分功能都来自KCM。 如上一节所述，CCM运行以下控制引擎：
+<!--
+The majority of the CCM's functions are derived from the KCM. As mentioned in the previous section, the CCM runs the following control loops:
+-->
+
+CCM 的大多数功能都来自 KCM，如上一节所述，CCM 运行以下控制器。
+
+<!--
+* Node controller
+* Route controller
+* Service controller
+* PersistentVolumeLabels controller
+-->
 
 * 节点控制器
 * 路由控制器
 * 服务控制器
-* PersistentVolumeLabels控制器
+* PersistentVolumeLabels 控制器
+
+<!--
+#### Node controller
+-->
 
 #### 节点控制器
 
-节点控制器负责通过从云服务供应商获得有关在集群中运行的节点的信息来初始化节点。节点控制器执行以下功能：
+<!--
+The Node controller is responsible for initializing a node by obtaining information about the nodes running in the cluster from the cloud provider. The node controller performs the following functions:
+-->
 
-1.使用云特定域（Zone）/区（Region）标签初始化节点。
+节点控制器负责通过从云提供商获取有关在集群中运行的节点的信息来初始化节点，节点控制器执行以下功能：
 
-1.使用特定于云的实例详细信息初始化节点，例如类型和大小。
+<!--
+1. Initialize a node with cloud specific zone/region labels.
+2. Initialize a node with cloud specific instance details, for example, type and size.
+3. Obtain the node's network addresses and hostname.
+4. In case a node becomes unresponsive, check the cloud to see if the node has been deleted from the cloud.
+If the node has been deleted from the cloud, delete the Kubernetes Node object.
+-->
 
-1.获取节点的网络地址和主机名。
+1. 使用特定于云的域（zone）/区（region）标签初始化节点；
+2. 使用特定于云的实例详细信息初始化节点，例如，类型和大小；
+3. 获取节点的网络地址和主机名；
+4. 如果节点无响应，请检查云以查看该节点是否已从云中删除。如果已从云中删除该节点，请删除 Kubernetes 节点对象。
 
-1.如果节点无响应，检查该节点是否已从云中删除。如果该节点已从云中删除，则删除Kubernetes节点对象。
+<!--
+#### Route controller
+-->
 
 #### 路由控制器
 
-路由控制器负责为云配置正确的路由，以便Kubernetes集群中不同节点上的容器可以相互通信。路由控制器仅适用于Google Compute Engine平台。
+<!--
+The Route controller is responsible for configuring routes in the cloud appropriately so that containers on different nodes in the Kubernetes cluster can communicate with each other. The route controller is only applicable for Google Compute Engine clusters.
+-->
+
+Route 控制器负责适当地配置云中的路由，以便 Kubernetes 集群中不同节点上的容器可以相互通信。route 控制器仅适用于 Google Compute Engine 群集。
+
+<!--
+#### Service Controller
+-->
 
 #### 服务控制器
 
-服务控制器负责监听服务的创建、更新和删除事件。根据Kubernetes中各个服务的当前状态，它将配置云负载平衡器（如ELB或Google LB）以反映Kubernetes中的服务状态。此外，它还确保云负载均衡器的服务后端保持最新。
+<!--
+The Service controller is responsible for listening to service create, update, and delete events. Based on the current state of the services in Kubernetes, it configures cloud load balancers (such as ELB or Google LB) to reflect the state of the services in Kubernetes. Additionally, it ensures that service backends for cloud load balancers are up to date.
+-->
+
+服务控制器负责监听服务的创建、更新和删除事件。根据 Kubernetes 中各个服务的当前状态，它配置云负载均衡器（如 ELB 或 Google LB）以反映 Kubernetes 中的服务状态。此外，它还确保云负载均衡器的服务后端是最新的。
+
+<!--
+#### PersistentVolumeLabels controller
+-->
 
 #### PersistentVolumeLabels 控制器
 
-PersistentVolumeLabels控制器在AWS的EBS卷、GCE的PD卷创建时申请标签，这使得用户不再需要手动设置这些卷标签。
+<!--
+The PersistentVolumeLabels controller applies labels on AWS EBS/GCE PD volumes when they are created. This removes the need for users to manually set the labels on these volumes.
+-->
 
-这些标签对于pod的调度工作是非常重要的，因为这些卷只能在它们所在的域（Zone）/区（Region）内工作，因此所有使用这些卷的pod都必须要在同一个域/区中才能保证进行调度正常进行。
+PersistentVolumeLabels 控制器在创建 AWS EBS/GCE PD 卷时应用标签，这样就无需用户手动设置这些卷上的标签。
 
-PersistentVolumeLabels控制器是专门为CCM创建的; 也就是说，在CCM创建之前它是不存在的。这样做是为了将Kubernetes API服务器（它是一个许可控制器）中的PV标签逻辑移动到CCM。 它不在KCM上运行。
+<!--
+These labels are essential for the scheduling of pods as these volumes are constrained to work only within the region/zone that they are in. Any Pod using these volumes needs to be scheduled in the same region/zone.
+-->
 
+这些标签对于 pod 的调度至关重要，因为这些卷仅限于在它们所在的域（zone）/区（region）内工作，使用这些卷的任何 Pod 都需要在同一域（zone）/区（region）中进行调度。
+
+<!--
+The PersistentVolumeLabels controller was created specifically for the CCM; that is, it did not exist before the CCM was created. This was done to move the PV labelling logic in the Kubernetes API server (it was an admission controller) to the CCM. It does not run on the KCM.
+-->
+
+PersistentVolumeLabels 控制器专门为 CCM 创建； 也就是说，在创建 CCM 之前它不存在。这样做是为了将 Kubernetes API 服务器（它是一个准入控制器）中的 PV 标记逻辑移动到 CCM，它不在 KCM 上运行。
+
+<!--
 ### 2. Kubelet
+-->
+
+### 2. Kubelet
+
+<!--
+The Node controller contains the cloud-dependent functionality of the kubelet. Prior to the introduction of the CCM, the kubelet was responsible for initializing a node with cloud-specific details such as IP addresses, region/zone labels and instance type information. The introduction of the CCM has moved this initialization operation from the kubelet into the CCM.
+-->
+
+节点控制器包含 kubelet 中依赖于云的功能，在引入 CCM 之前，kubelet 负责使用特定于云的详细信息（如 IP 地址，域/区标签和实例类型信息）初始化节点。CCM 的引入已将此初始化操作从 kubelet 转移到 CCM 中。
+
+<!--
+In this new model, the kubelet initializes a node without cloud-specific information. However, it adds a taint to the newly created node that makes the node unschedulable until the CCM initializes the node with cloud-specific information. It then removes this taint.
+-->
+
+在这个新模型中，kubelet 初始化一个没有特定于云的信息的节点。但是，它会为新创建的节点添加污点，使节点不可调度，直到 CCM 使用特定于云的信息初始化节点后，才会清除这种污点，便得该节点可被调度。
+
+<!--
+### 3. Kubernetes API server
+-->
+
+### 3. Kubernetes API 服务器
 
-Node控制器包含kubelet中依赖于云的功能。在系统引入CCM组件之前，是由kubelet采用包含云特定信息的方式对节点进行初始化，如IP地址、区（Region）/域（Zone）标签和实例类型信息；引入CCM之后，这部分的初始化操作就从kubelet转移到了CCM中。
+<!--
+The PersistentVolumeLabels controller moves the cloud-dependent functionality of the Kubernetes API server to the CCM as described in the preceding sections.
+-->
 
-在引入CCM后的新的模型中，kubelet采用不包含云特定信息的方式初始化一个节点。但是，它会为新创建的节点添加一个污点，使得该节点不可被立即调度，直到CCM使用包含云的特定信息初始化节点后，才会删除该污点，使得该节点可被调度。
+PersistentVolumeLabels 控制器将 Kubernetes API 服务器的依赖于云的功能移至 CCM，如前面部分所述。
 
-### 3. Kubernetes API服务器
+<!--
+## Plugin mechanism
+-->
 
-PersistentVolumeLabels控制器将Kubernetes API服务器的依赖于云的功能移至CCM，如前面部分所述。
 
 ## 插件机制
 
-云控制器管理器使用Go接口与外部对接从而实现功能扩展。具体来说，它使用了[这里](https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/cloud.go)定义的CloudProvider接口。
+<!--
+The cloud controller manager uses Go interfaces to allow implementations from any cloud to be plugged in. Specifically, it uses the CloudProvider Interface defined [here](https://github.com/kubernetes/cloud-provider/blob/9b77dc1c384685cb732b3025ed5689dd597a5971/cloud.go#L42-L62).
+-->
 
-上面强调的四个共享控制器的实现，以及一些辅助设施（scaffolding）和共享的云服务供应商接口，将被保留在Kubernetes核心当中。但云服务供应商特有的实现将会建立在核心之外，并实现核心中定义的接口。
+云控制器管理器使用 Go 接口允许插入任何云的实现。具体来说，它使用[此处](https://github.com/kubernetes/cloud-provider/blob/9b77dc1c384685cb732b3025ed5689dd597a5971/cloud.go#L42-L62)定义的 CloudProvider 接口。
 
-有关开发插件的更多信息，请参阅
-[开发云控制器管理器](/docs/tasks/administrators-cluster/developing-cloud-controller-manager/)。
+
+<!--
+The implementation of the four shared controllers highlighted above, and some scaffolding along with the shared cloudprovider interface, will stay in the Kubernetes core. Implementations specific to cloud providers will be built outside of the core and implement interfaces defined in the core.
+-->
+
+上面强调的四个共享控制器的实现，以及一些辅助设施（scaffolding）和共享的 cloudprovider 接口，将被保留在 Kubernetes 核心中。但特定于云提供商的实现将在核心之外构建，并实现核心中定义的接口。
+
+<!--
+For more information about developing plugins, see [Developing Cloud Controller Manager](/docs/tasks/administer-cluster/developing-cloud-controller-manager/).
+ -->
+
+有关开发插件的更多信息，请参阅[开发云控制器管理器](/docs/tasks/administer-cluster/developing-cloud-controller-manager/)。
+
+<!--
+## Authorization
+-->
 
 ## 授权
 
-本节分解了CCM对各种API对象的访问，以执行其操作。
+<!--
+This section breaks down the access required on various API objects by the CCM to perform its operations.
+-->
+
+本节分解了 CCM 执行其操作时各种 API 对象所需的访问权限。
+
+<!--
+### Node Controller
+-->
 
 ### 节点控制器
 
-节点控制器仅适用于节点对象。它需要完全访问权限来获取、列出、创建、更新、修补、监视和删除节点对象。
+<!--
+The Node controller only works with Node objects. It requires full access to get, list, create, update, patch, watch, and delete Node objects.
+-->
+
+Node 控制器仅适用于 Node 对象，它需要完全访问权限来获取、列出、创建、更新、修补、监视和删除 Node 对象。
+
+<!--
+v1/Node:
+
+- Get
+- List
+- Create
+- Update
+- Patch
+- Watch
+- Delete
+-->
+
+v1/Node:
 
-v1/Node: 
 - Get
 - List
 - Create
 - Update
 - Patch
 - Watch
+- Delete
+
+<!--
+### Route controller
+-->
 
 ### 路由控制器
 
-路由控制器监听节点对象的创建并配置合适的路由。它需要对节点对象的访问权限。
+<!--
+The route controller listens to Node object creation and configures routes appropriately. It requires get access to Node objects.
+-->
+
+路由控制器侦听 Node 对象创建并适当地配置路由，它需要访问 Node 对象。
+
+v1/Node:
 
-v1/Node: 
 - Get
 
+<!--
+### Service controller
+-->
+
 ### 服务控制器
 
-服务控制器侦听服务对象创建、更新和删除事件，然后对这些服务的端点进行恰当的配置。
+<!--
+The service controller listens to Service object create, update and delete events and then configures endpoints for those Services appropriately.
+-->
+
+服务控制器侦听 Service 对象创建、更新和删除事件，然后适当地为这些服务配置端点。
 
-要访问服务，它需要罗列和监控权限。要更新服务，它需要修补和更新权限。
+<!--
+To access Services, it requires list, and watch access. To update Services, it requires patch and update access.
+-->
 
-要为服务设置端点，需要访问创建、列表、获取、监视和更新。
+要访问服务，它需要列表和监视访问权限。要更新服务，它需要修补和更新访问权限。
+
+<!--
+To set up endpoints for the Services, it requires access to create, list, get, watch, and update.
+-->
+
+要为服务设置端点，需要访问 create、list、get、watch 和 update。
 
 v1/Service:
+
 - List
 - Get
 - Watch
 - Patch
 - Update
 
+<!--
+### PersistentVolumeLabels controller
+-->
+
 ### PersistentVolumeLabels 控制器
 
-PersistentVolumeLabels控制器监听PersistentVolume（PV）创建事件并更新它们。该控制器需要访问列表、查看、获取和更新PV的权限。
+<!--
+The PersistentVolumeLabels controller listens on PersistentVolume (PV) create events and then updates them. This controller requires access to get and update PVs.
+-->
+
+PersistentVolumeLabels 控制器侦听 PersistentVolume（PV）创建事件并更新它们，该控制器需要访问以获取和更新 PV。
 
 v1/PersistentVolume:
+
 - Get
 - List
 - Watch
 - Update
 
+<!--
+### Others
+-->
+
 ### 其它
 
-CCM核心的实现需要创建事件的权限，为了确保安全操作，需要创建ServiceAccounts的权限。
+<!--
+The implementation of the core of CCM requires access to create events, and to ensure secure operation, it requires access to create ServiceAccounts.
+-->
+
+CCM 核心的实现需要访问权限以创建事件，并且为了确保安全操作，它需要访问权限以创建服务账户。
 
 v1/Event:
+
 - Create
 - Patch
 - Update
 
 v1/ServiceAccount:
+
 - Create
 
-针对CCM的RBAC ClusterRole如下所示：
+<!--
+The RBAC ClusterRole for the CCM looks like this:
+-->
+
+
+针对 CCM 的 RBAC ClusterRole 看起来像这样：
 
 ```yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -233,17 +516,44 @@ rules:
   - update
 ```
 
+<!--
+## Vendor Implementations
+-->
+
+
 ## 供应商实施
 
-以下云服务供应商为自己的云部署了CCM。
+<!--
+The following cloud providers have implemented CCMs:
+-->
 
+以下云服务提供商已实现了 CCM：
+
+<!--
 * [Digital Ocean](https://github.com/digitalocean/digitalocean-cloud-controller-manager)
 * [Oracle](https://github.com/oracle/oci-cloud-controller-manager)
-* [Azure](https://github.com/kubernetes/cloud-provider-azure)
-* [GCP](https://github.com/kubernetes/cloud-provider-gcp)
-* [AWS](https://github.com/kubernetes/cloud-provider-aws)
-* [BaiduCloud](https://github.com/baidu/cloud-provider-baiducloud)
+* [Azure](https://github.com/kubernetes/kubernetes/tree/master/pkg/cloudprovider/providers/azure)
+* [GCE](https://github.com/kubernetes/kubernetes/tree/master/pkg/cloudprovider/providers/gce)
+* [AWS](https://github.com/kubernetes/kubernetes/tree/master/pkg/cloudprovider/providers/aws)
+-->
+
+* [Digital Ocean](https://github.com/digitalocean/digitalocean-cloud-controller-manager)
+* [Oracle](https://github.com/oracle/oci-cloud-controller-manager)
+* [Azure](https://github.com/kubernetes/kubernetes/tree/master/pkg/cloudprovider/providers/azure)
+* [GCE](https://github.com/kubernetes/kubernetes/tree/master/pkg/cloudprovider/providers/gce)
+* [AWS](https://github.com/kubernetes/kubernetes/tree/master/pkg/cloudprovider/providers/aws)
+
+<!--
+## Cluster Administration
+-->
 
 ## 群集管理
 
-[这里](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager)提供了配置和运行CCM的完整说明。
+<!--
+Complete instructions for configuring and running the CCM are provided
+[here](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager). -->
+
+[这里](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager)提供了有关配置和运行 CCM 的完整说明。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/concepts/architecture/master-node-communication.md b/content/zh/docs/concepts/architecture/master-node-communication.md
index 45b2d08d5990d..9c117c2185bd9 100644
--- a/content/zh/docs/concepts/architecture/master-node-communication.md
+++ b/content/zh/docs/concepts/architecture/master-node-communication.md
@@ -40,7 +40,7 @@ Master 组件通过非安全（没有加密或认证）端口和集群的 apiser
 从 master（apiserver）到集群有两种主要的通信路径。第一种是从 apiserver 到集群中每个节点上运行的 kubelet 进程。第二种是从 apiserver 通过它的代理功能到任何 node、pod 或者 service。
 
 
-### apiserver -> kubelet
+## apiserver -> kubelet
 
 
 从 apiserver 到 kubelet 的连接用于获取 pods 日志、连接（通过 kubectl）运行中的 pods，以及使用 kubelet 的端口转发功能。这些连接终止于 kubelet 的 HTTPS endpoint。
@@ -52,19 +52,19 @@ Master 组件通过非安全（没有加密或认证）端口和集群的 apiser
 为了对这个连接进行认证，请使用 `--kubelet-certificate-authority` 标记给 apiserver 提供一个根证书捆绑，用于 kubelet 的服务证书。
 
 
-如果这样不可能，又要求避免在不可信的或公共的网络上进行连接，请在 apiserver 和 kubelet 之间使用 [SSH 隧道](/docs/concepts/architecture/master-node-communication/#ssh-tunnels)。
+如果这样不可能，又要求避免在不可信的或公共的网络上进行连接，请在 apiserver 和 kubelet 之间使用 [SSH 隧道](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/)。
 
 
-最后，应该启用[Kubelet 用户认证和/或权限认证](/docs/admin/kubelet-authentication-authorization/)来保护 kubelet API。
+最后，应该启用 [Kubelet 用户认证和/或权限认证](/docs/admin/kubelet-authentication-authorization/)来保护 kubelet API。
 
 
-### apiserver -> nodes, pods, and services
+## apiserver -> nodes, pods, and services
 
 
-从 apiserver 到 node、pod或者service 的连接默认为纯 HTTP 方式，因此既没有认证，也没有加密。他们能够通过给API URL 中的 node、pod 或 service 名称添加前缀 `https:` 来运行在安全的 HTTPS 连接上。但他们即不会认证 HTTPS endpoint 提供的证书，也不会提供客户端证书。这样虽然连接是加密的，但它不会提供任何完整性保证。这些连接**目前还不能安全的**在不可信的或公共的网络上运行。
+从 apiserver 到 node、pod 或者 service 的连接默认为纯 HTTP 方式，因此既没有认证，也没有加密。他们能够通过给 API URL 中的 node、pod 或 service 名称添加前缀 `https:` 来运行在安全的 HTTPS 连接上。但他们即不会认证 HTTPS endpoint 提供的证书，也不会提供客户端证书。这样虽然连接是加密的，但它不会提供任何完整性保证。这些连接**目前还不能安全的**在不可信的或公共的网络上运行。
 
 
-### SSH 隧道
+## SSH 隧道
 
 
 [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/docs/) 使用 SSH 隧道保护 Master -> Cluster 通信路径。在这种配置下，apiserver 发起一个到集群中每个节点的 SSH 隧道（连接到在 22 端口监听的 ssh 服务）并通过这个隧道传输所有到 kubelet、node、pod 或者 service 的流量。这个隧道保证流量不会在集群运行的私有 GCE 网络之外暴露。
diff --git a/content/zh/docs/concepts/architecture/nodes.md b/content/zh/docs/concepts/architecture/nodes.md
index 49971d1c54d6d..37b393714a885 100644
--- a/content/zh/docs/concepts/architecture/nodes.md
+++ b/content/zh/docs/concepts/architecture/nodes.md
@@ -61,9 +61,12 @@ redirect_from:
 | ---------------- | ---------------------------------------- |
 | `OutOfDisk`      | `True` 表示 node 的空闲空间不足以用于添加新 pods, 否则为 `False` |
 | `Ready`          | `True` 表示 node 是健康的并已经准备好接受 pods；`False` 表示 node 不健康而且不能接受 pods；`Unknown` 表示 node 控制器在最近 40 秒内没有收到 node 的消息 |
-| `MemoryPressure` | `True` 表示 node 不存在内存压力 -- 即 node 内存用量低, 否则为 `False`       |
-| `DiskPressure`   | `True` 表示 node 不存在磁盘压力 -- 即磁盘用量低, 否则为 `False`       |
-
+| `MemoryPressure` | `True` 表示 node 存在内存压力 -- 即 node 内存用量低，否则为 `False`       |
+| `DiskPressure`   | `True` 表示 node 存在磁盘压力 -- 即磁盘用量低，否则为 `False`       |
+<!--
+| `MemoryPressure`    | `True` if pressure exists on the node memory -- that is, if the node memory is low; otherwise `False` |
+| `DiskPressure`    | `True` if pressure exists on the disk size -- that is, if the disk capacity is low; otherwise `False` |
+-->
 
 Node 条件使用一个 JSON 对象表示。例如，下面的响应描述了一个健康的 node。
 
@@ -77,10 +80,10 @@ Node 条件使用一个 JSON 对象表示。例如，下面的响应描述了一
 ```
 
 
-如果 Ready 条件处于状态 "Unknown" 或者 "False" 的时间超过了 `pod-eviction-timeout`(一个传递给 [kube-controller-manager](/docs/admin/kube-controller-manager/) 的参数)，node 上的所有 Pods 都会被 Node 控制器计划删除。默认的删除超时时长为**5分钟**。某些情况下，当 node 不可访问时，apiserver 不能和其上的 kubelet 通信。删除 pods 的决定不能传达给 kubelet，直到它重新建立和 apiserver 的连接为止。与此同时，被计划删除的 pods 可能会继续在分区 node 上运行。
+如果 Ready 条件处于状态 "Unknown" 或者 "False" 的时间超过了 `pod-eviction-timeout`（一个传递给 [kube-controller-manager](/docs/admin/kube-controller-manager/) 的参数），node 上的所有 Pods 都会被 Node 控制器计划删除。默认的删除超时时长为**5 分钟**。某些情况下，当 node 不可访问时，apiserver 不能和其上的 kubelet 通信。删除 pods 的决定不能传达给 kubelet，直到它重新建立和 apiserver 的连接为止。与此同时，被计划删除的 pods 可能会继续在分区 node 上运行。
 
 
-在 1.5 版本之前的 Kubernetes 里，node 控制器会将不能访问的 pods 从 apiserver 中[强制删除](/docs/concepts/workloads/pods/pod/#force-deletion-of-pods)。但在 1.5 或更高的版本里，在node 控制器确认这些 pods 已经在集群里停运行前不会强制删除它们。你可以看到这些处于 "Terminating" 或者 "Unknown" 状态的 pods 可能在无法访问的 node 上运行。为了防止 kubernetes 不能从底层基础设施中推断出一个 node 是否已经永久的离开了集群，集群管理员可能需要手动删除这个 node 对象。从 Kubernetes 删除 node 对象将导致 apiserver 删除 node 上所有运行的 Pod 对象并释放它们的名字。
+在 1.5 版本之前的 Kubernetes 里，node 控制器会将不能访问的 pods 从 apiserver 中[强制删除](/docs/concepts/workloads/pods/pod/#force-deletion-of-pods)。但在 1.5 或更高的版本里，在 node 控制器确认这些 pods 已经在集群里停运行前不会强制删除它们。你可以看到这些处于 "Terminating" 或者 "Unknown" 状态的 pods 可能在无法访问的 node 上运行。为了防止 kubernetes 不能从底层基础设施中推断出一个 node 是否已经永久的离开了集群，集群管理员可能需要手动删除这个 node 对象。从 Kubernetes 删除 node 对象将导致 apiserver 删除 node 上所有运行的 Pod 对象并释放它们的名字。
 
 
 ### 容量
@@ -117,7 +120,7 @@ Node 条件使用一个 JSON 对象表示。例如，下面的响应描述了一
 Kubernetes 会在内部创一个 node 对象（象征 node），并基于  `metadata.name` 字段（我们假设 `metadata.name` 能够被解析）通过健康检查来验证 node。如果 node 可用，意即所有必要服务都已运行，它就符合了运行一个 pod 的条件；否则它将被所有的集群动作忽略直到变为可用。请注意，Kubernetes 将保存不可用 node 的对象，除非它被客户端显式的删除。Kubernetes 将持续检查 node 是否变的可用。
 
 
-当前，有3个组件同 Kubernetes node 接口交互：node 控制器、kubelet 和 kubectl。
+当前，有 3 个组件同 Kubernetes node 接口交互：node 控制器、kubelet 和 kubectl。
 
 
 ### Node 控制器
@@ -141,13 +144,13 @@ Node 控制器在 node 的生命周期中扮演了多个角色。第一个是当
 大部分情况下， node 控制器把删除频率限制在每秒 `--node-eviction-rate` 个（默认为 0.1）。这表示它在 10 秒钟内不会从超过一个 node 上删除 pods。
 
 
-当一个 availability zone 中的 node 变为不健康时，它的删除行为将发生改变。Node 控制器会同时检查 zone 中不健康（NodeReady  状态为 ConditionUnknown 或 ConditionFalse）的 nodes 的百分比。如果不健康 nodes 的部分超过 `--unhealthy-zone-threshold` （默认为 0.55），删除速率将会减小：如果集群较小（意即小于等于 `--large-cluster-size-threshold` 个 nodes - 默认为50），删除将会停止，否则删除速率将降为每秒 `--secondary-node-eviction-rate` 个（默认为 0.01）。在单个 availability zone 实施这些策略的原因是当一个 availability zone 可能从 master 分区时其它的仍然保持连接。如果你的集群没有跨越云服务商的多个 availability zones，那就只有一个 availability zone（整个集群）。
+当一个 availability zone 中的 node 变为不健康时，它的删除行为将发生改变。Node 控制器会同时检查 zone 中不健康（NodeReady  状态为 ConditionUnknown 或 ConditionFalse）的 nodes 的百分比。如果不健康 nodes 的部分超过 `--unhealthy-zone-threshold` （默认为 0.55），删除速率将会减小：如果集群较小（意即小于等于 `--large-cluster-size-threshold` 个 nodes - 默认为 50），删除将会停止，否则删除速率将降为每秒 `--secondary-node-eviction-rate` 个（默认为 0.01）。在单个 availability zone 实施这些策略的原因是当一个 availability zone 可能从 master 分区时其它的仍然保持连接。如果你的集群没有跨越云服务商的多个 availability zones，那就只有一个 availability zone（整个集群）。
 
 
 在多个 availability zones 分布你的 nodes 的一个关键原因是当整个 zone 故障时，工作负载可以转移到健康的 zones。因此，如果一个 zone 中的所有 nodes 都不健康时，node 控制器会以正常的速率 `--node-eviction-rate` 删除。在所有的 zones 都不健康（也即集群中没有健康 node）的极端情况下，node 控制器将假设 master 的连接出了某些问题，它将停止所有删除动作直到一些连接恢复。
 
 
-从 Kubernetes 1.6 开始，NodeController 还负责删除运行在拥有 `NoExecute` taints 的 nodes 上的 pods，如果这些 pods 没有 tolerate 这些 taints。此外，作为一个默认禁用的 alpha 特性，NodeController 还负责根据 node 故障（例如 node 不可访问或没有 ready）添加 taints。请查看 [这个文档](/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature)了解关于 `NoExecute` taints 和这个 alpha 特性。
+从 Kubernetes 1.6 开始，NodeController 还负责删除运行在拥有 `NoExecute` taints 的 nodes 上的 pods，如果这些 pods 没有 tolerate 这些 taints。此外，作为一个默认禁用的 alpha 特性，NodeController 还负责根据 node 故障（例如 node 不可访问或没有 ready）添加 taints。请查看[这个文档](/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature)了解关于 `NoExecute` taints 和这个 alpha 特性。
 
 
 ### Nodes 自注册
@@ -180,7 +183,7 @@ Node 控制器在 node 的生命周期中扮演了多个角色。第一个是当
 如果管理员希望手动创建 node 对象，请设置 kubelet 标记 `--register-node=false`。
 
 
-管理员可以修改 node 资源（忽略 `--register-node` 设置）。修改包括在 node 上设置 labels及标记它为不可调度。
+管理员可以修改 node 资源（忽略 `--register-node` 设置）。修改包括在 node 上设置 labels 及标记它为不可调度。
 
 
 Nodes 上的 labels 可以和 pods 的 node selectors 一起使用来控制调度，例如限制一个 pod 只能在一个符合要求的 nodes 子集上运行。
diff --git a/content/zh/docs/concepts/cluster-administration/_index.md b/content/zh/docs/concepts/cluster-administration/_index.md
new file mode 100644
index 0000000000000..9ec54aaf96dc8
--- /dev/null
+++ b/content/zh/docs/concepts/cluster-administration/_index.md
@@ -0,0 +1,11 @@
+---
+title: "计算、存储和网络扩展"
+weight: 30
+---
+
+<!--
+---
+title: "Compute, Storage, and Networking Extensions"
+weight: 30
+---
+-->
\ No newline at end of file
diff --git a/content/zh/docs/concepts/cluster-administration/addons.md b/content/zh/docs/concepts/cluster-administration/addons.md
index 1ddac950f1f64..659f2874476e8 100644
--- a/content/zh/docs/concepts/cluster-administration/addons.md
+++ b/content/zh/docs/concepts/cluster-administration/addons.md
@@ -24,7 +24,7 @@ Add-ons 扩展了 Kubernetes 的功能。
 * [Cilium](https://github.com/cilium/cilium) 是一个 L3 网络和网络策略插件， 能够透明的实施  HTTP/API/L7 策略。 同时支持路由（routing）和叠加/封装（ overlay/encapsulation）模式。
 * [Contiv](http://contiv.github.io) 为多种用例提供可配置网络（使用 BGP 的原生 L3，使用 vxlan 的 overlay，经典 L2 和  Cisco-SDN/ACI）和丰富的策略框架。Contiv 项目完全[开源](http://github.com/contiv)。[安装工具](http://github.com/contiv/install)同时提供基于和不基于 kubeadm 的安装选项。
 * [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml) 是一个可以用于 Kubernetes 的 overlay 网络提供者。
-* [Romana](http://romana.io) 是一个 pod 网络的层 3 解决方案，并且支持  [NetworkPolicy API](/docs/concepts/services-networking/network-policies/)。Kubeadm add-on 安装细节可以在[这里](https://github.com/romana/romana/tree/master/containerize)找到。
+* [Romana](http://romana.io) 是一个 pod 网络的层 3 解决方案，并且支持 [NetworkPolicy API](/docs/concepts/services-networking/network-policies/)。Kubeadm add-on 安装细节可以在[这里](https://github.com/romana/romana/tree/master/containerize)找到。
 * [Weave Net](https://www.weave.works/docs/net/latest/kube-addon/)  提供了在网络分组两端参与工作的网络和网络策略，并且不需要额外的数据库。
 * [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie)  使 Kubernetes 无缝连接到一种 CNI 插件，例如：Flannel、Calico、Canal、Romana 或者 Weave。
 
@@ -33,7 +33,7 @@ Add-ons 扩展了 Kubernetes 的功能。
 
 
 * [Dashboard](https://github.com/kubernetes/dashboard#kubernetes-dashboard) 是一个 Kubernetes 的 web 控制台界面。
-* [Weave Scope](https://www.weave.works/documentation/scope-latest-installing/#k8s) 是一个图形化工具，用于查看你的 containers、 pods、services等。 请和一个  [Weave Cloud account](https://cloud.weave.works/) 一起使用，或者自己运行 UI。
+* [Weave Scope](https://www.weave.works/documentation/scope-latest-installing/#k8s) 是一个图形化工具，用于查看你的 containers、 pods、services 等。 请和一个 [Weave Cloud account](https://cloud.weave.works/) 一起使用，或者自己运行 UI。
 
 
 ## 遗留 Add-ons
diff --git a/content/zh/docs/concepts/cluster-administration/certificates.md b/content/zh/docs/concepts/cluster-administration/certificates.md
index c70f17b7431a7..b8347a49befc6 100644
--- a/content/zh/docs/concepts/cluster-administration/certificates.md
+++ b/content/zh/docs/concepts/cluster-administration/certificates.md
@@ -17,7 +17,7 @@ title: 证书
 `cluster/saltbase/salt/generate-cert/make-ca-cert.sh`。
 
 执行该脚本时需传入两个参数。 第一个参数为 API 服务器的 IP 地址，第二个参数为对象的候补名称列表，
-形如 `IP:<ip地址> 或 DNS:<dns名称>`。
+形如 `IP:<ip 地址 > 或 DNS:<dns 名称 >`。
 
 脚本生成三个文件： `ca.crt`、`server.crt` 和 `server.key`。
 
@@ -44,7 +44,7 @@ title: 证书
         ./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass
 1.  生成服务器证书和密钥。
     参数 `--subject-alt-name` 设置了访问 API 服务器时可能使用的 IP 和 DNS 名称。 `MASTER_CLUSTER_IP`
-    通常为 `--service-cluster-ip-range` 参数中指定的服务 CIDR 的 首个 IP 地址，`--service-cluster-ip-range`同时用于
+    通常为 `--service-cluster-ip-range` 参数中指定的服务 CIDR 的 首个 IP 地址，`--service-cluster-ip-range` 同时用于
     API 服务器和控制器管理器组件。  `--days` 参数用于设置证书的有效期限。
     下面的示例还假设用户使用 `cluster.local` 作为默认的 DNS 域名。
 
@@ -78,7 +78,7 @@ title: 证书
 
         openssl genrsa -out server.key 2048
 1.  创建用于生成证书签名请求（CSR）的配置文件。
-    确保在将其保存至文件（如`csr.conf`）之前将尖括号标记的值（如`<MASTER_IP>`）
+    确保在将其保存至文件（如 `csr.conf`）之前将尖括号标记的值（如 `<MASTER_IP>`）
     替换为你想使用的真实值。 注意：`MASTER_CLUSTER_IP` 是前面小节中描述的 API 服务器的服务集群 IP
     (service cluster IP)。 下面的示例也假设用户使用 `cluster.local` 作为默认的 DNS 域名。
 
diff --git a/content/zh/docs/concepts/cluster-administration/cloud-providers.md b/content/zh/docs/concepts/cluster-administration/cloud-providers.md
index 2b9721d3fe4ba..71545ed669c96 100644
--- a/content/zh/docs/concepts/cluster-administration/cloud-providers.md
+++ b/content/zh/docs/concepts/cluster-administration/cloud-providers.md
@@ -105,5 +105,3 @@ Kubernetes 利用 OpenStack 服务目录对它知道如何使用的服务进行
 bs-version=v2
 ```
 {{% /capture %}}
-
-
diff --git a/content/zh/docs/concepts/cluster-administration/cluster-administration-overview.md b/content/zh/docs/concepts/cluster-administration/cluster-administration-overview.md
index 60178404269b4..ad53aab637296 100644
--- a/content/zh/docs/concepts/cluster-administration/cluster-administration-overview.md
+++ b/content/zh/docs/concepts/cluster-administration/cluster-administration-overview.md
@@ -9,7 +9,7 @@ content_template: templates/concept
 
 {{% capture overview %}}
 
-集群管理概述面向任何创建和管理 Kubernetes 集群的读者人群。我们假设你对 [用户指南](/docs/user-guide/)中的概念有一些熟悉。
+集群管理概述面向任何创建和管理 Kubernetes 集群的读者人群。我们假设你对[用户指南](/docs/user-guide/)中的概念有一些熟悉。
 {{% /capture %}}
 
 {{% capture body %}}
@@ -24,8 +24,8 @@ content_template: templates/concept
 
  - 你是打算在你的电脑上尝试 Kubernetes，还是要构建一个高可用的多节点集群？请选择最适合你需求的发行版。
  - **如果你正在设计一个高可用集群**，请了解[在多个 zones 中配置集群](/docs/admin/multi-cluster)。
- - 你的集群是在**本地**还是**云（IaaS）**上？Kubernetes 不能直接支持混合集群。作为代替，你可以建立多个集群。
- - **如果你在本地配置 Kubernetes**，需要考虑哪种[网络模型](/docs/admin/networking)最适合。
+ - 你的集群是在**本地**还是**云（IaaS）**上？ Kubernetes 不能直接支持混合集群。作为代替，你可以建立多个集群。
+ - **如果你在本地配置 Kubernetes**，需要考虑哪种[网络模型](/docs/admin/networking)最适合。一种自定义网络的选项是 [*OpenVSwitch GRE/VxLAN 网络*](/docs/admin/ovs-networking/)，它使用 OpenVSwitch 在跨 Kubernetes 节点的 pods 之间建立起网络。
  - 你的 Kubernetes 在 **裸金属硬件** 还是 **虚拟机（VMs）**上运行？
  - 你**只想运行一个集群**，还是打算**活动开发 Kubernetes 项目代码**？如果是后者，请选择一个活动开发的发行版。某些发行版只提供二进制发布版，但提供更多的选择。
  - 让你自己熟悉运行一个集群所需的[组件](/docs/admin/cluster-components) 。
@@ -49,10 +49,10 @@ content_template: templates/concept
 * [Kubernetes 容器环境](/docs/concepts/containers/container-environment-variables/) 描述了 Kubernetes 节点上由 Kubelet 管理的容器的环境。
 
 
-* [控制到 Kubernetes API 的访问](/docs/admin/accessing-the-api) 描述了如何为用户和 service accounts 建立权限许可.
+* [控制到 Kubernetes API 的访问](/docs/admin/accessing-the-api)描述了如何为用户和 service accounts 建立权限许可。
 
 
-*  [用户认证](/docs/admin/authentication) 阐述了 Kubernetes 中的认证功能，包括许多认证选项。
+*  [用户认证](/docs/admin/authentication)阐述了 Kubernetes 中的认证功能，包括许多认证选项。
 
 
 *  [授权](/docs/admin/authorization)从认证中分离出来，用于控制如何处理 HTTP 请求。
@@ -64,7 +64,7 @@ content_template: templates/concept
 * [在 Kubernetes Cluster 中使用 Sysctls](/docs/concepts/cluster-administration/sysctl-cluster/) 描述了管理员如何使用 `sysctl` 命令行工具来设置内核参数。
 
 
-* [审计](/docs/tasks/debug-application-cluster/audit/) 描述了如何与 Kubernetes 的审计日志交互。
+* [审计](/docs/tasks/debug-application-cluster/audit/)描述了如何与 Kubernetes 的审计日志交互。
 
 
 ### 保护 kubelet
@@ -77,11 +77,9 @@ content_template: templates/concept
 ## 可选集群服务
 
 
-*  [DNS 与 SkyDNS 集成](/docs/concepts/services-networking/dns-pod-service/)描述了如何将一个 DNS 名解析到一个Kubernetes service。
+*  [DNS 与 SkyDNS 集成](/docs/concepts/services-networking/dns-pod-service/)描述了如何将一个 DNS 名解析到一个 Kubernetes service。
 
 
-* [记录和监控集群活动](/docs/concepts/cluster-administration/logging/) 阐述了Kubernetes 的日志如何工作以及怎样实现。
+* [记录和监控集群活动](/docs/concepts/cluster-administration/logging/)阐述了 Kubernetes 的日志如何工作以及怎样实现。
 
 {{% /capture %}}
-
-
diff --git a/content/zh/docs/concepts/cluster-administration/controller-metrics.md b/content/zh/docs/concepts/cluster-administration/controller-metrics.md
new file mode 100644
index 0000000000000..85a46101ffea7
--- /dev/null
+++ b/content/zh/docs/concepts/cluster-administration/controller-metrics.md
@@ -0,0 +1,82 @@
+---
+title: 控制器管理器指标
+content_template: templates/concept
+weight: 100
+---
+
+<!--
+---
+title: Controller manager metrics
+content_template: templates/concept
+weight: 100
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Controller manager metrics provide important insight into the performance and health of
+the controller manager.
+-->
+
+控制器管理器指标为控制器管理器的性能和健康提供了重要的观测手段。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## What are controller manager metrics
+
+Controller manager metrics provide important insight into the performance and health of the controller manager.
+These metrics include common Go language runtime metrics such as go_routine count and controller specific metrics such as
+etcd request latencies or Cloudprovider (AWS, GCE, OpenStack) API latencies that can be used
+to gauge the health of a cluster.
+
+Starting from Kubernetes 1.7, detailed Cloudprovider metrics are available for storage operations for GCE, AWS, Vsphere and OpenStack.
+These metrics can be used to monitor health of persistent volume operations.
+
+For example, for GCE these metrics are called:
+-->
+
+## 什么是控制器管理器度量
+
+控制器管理器指标为控制器管理器的性能和健康提供了重要的观测手段。
+这些度量包括常见的 Go 语言运行时度量，比如 go_routine 计数，以及控制器特定的度量，比如 etcd 请求延迟或 云提供商（AWS、GCE、OpenStack）的 API 延迟，这些参数可以用来测量集群的健康状况。
+
+从 Kubernetes 1.7 版本开始，详细的云提供商指标可用于 GCE、AWS、Vsphere 和 OpenStack 的存储操作。
+这些度量可用于监视持久卷操作的健康状况。
+
+例如，在 GCE 中这些指标叫做：
+
+```
+cloudprovider_gce_api_request_duration_seconds { request = "instance_list"}
+cloudprovider_gce_api_request_duration_seconds { request = "disk_insert"}
+cloudprovider_gce_api_request_duration_seconds { request = "disk_delete"}
+cloudprovider_gce_api_request_duration_seconds { request = "attach_disk"}
+cloudprovider_gce_api_request_duration_seconds { request = "detach_disk"}
+cloudprovider_gce_api_request_duration_seconds { request = "list_disk"}
+```
+
+<!--
+## Configuration
+
+
+In a cluster, controller-manager metrics are available from `http://localhost:10252/metrics`
+from the host where the controller-manager is running.
+
+The metrics are emitted in [prometheus format](https://prometheus.io/docs/instrumenting/exposition_formats/) and are human readable.
+
+In a production environment you may want to configure prometheus or some other metrics scraper
+to periodically gather these metrics and make them available in some kind of time series database.
+-->
+
+## 配置
+
+在集群中，控制器管理器指标可从它所在的主机上的 `http://localhost:10252/metrics` 中获得。
+
+这些指标是以 [prometheus 格式](https://prometheus.io/docs/instrumenting/exposition_formats/) 发出的，是人类可读的。
+
+在生产环境中，您可能想配置 prometheus 或其他一些指标收集工具，以定期收集这些指标数据，并将它们应用到某种时间序列数据库中。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/cluster-administration/kubelet-garbage-collection.md b/content/zh/docs/concepts/cluster-administration/kubelet-garbage-collection.md
new file mode 100644
index 0000000000000..6947c16f7d4ce
--- /dev/null
+++ b/content/zh/docs/concepts/cluster-administration/kubelet-garbage-collection.md
@@ -0,0 +1,261 @@
+---
+title: 配置 kubelet 垃圾回收策略
+content_template: templates/concept
+weight: 70
+---
+
+<!--
+---
+title: Configuring kubelet Garbage Collection
+content_template: templates/concept
+weight: 70
+---
+-->
+
+{{% capture overview %}}
+
+垃圾回收是 kubelet 的一个有用功能，它将清理未使用的镜像和容器。
+
+<!--
+Garbage collection is a helpful function of kubelet that will clean up unused images and unused containers. 
+-->
+
+Kubelet 将每分钟对容器执行一次垃圾回收，每五分钟对镜像执行一次垃圾回收。
+
+<!--
+Kubelet will perform garbage collection for containers every minute and garbage collection for images every five minutes.
+-->
+
+不建议使用外部垃圾收集工具，因为这些工具可能会删除原本期望存在的容器进而破坏 kubelet 的行为。
+
+<!--
+External garbage collection tools are not recommended as these tools can potentially break the behavior of kubelet by removing containers expected to exist.
+-->
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+## 镜像回收
+
+<!--
+## Image Collection
+-->
+
+Kubernetes 借助于 cadvisor 通过 imageManager 来管理所有镜像的生命周期。
+
+<!--
+Kubernetes manages lifecycle of all images through imageManager, with the cooperation
+of cadvisor.
+-->
+
+镜像垃圾回收策略只考虑两个因素：`HighThresholdPercent` 和 `LowThresholdPercent`。
+
+<!--
+The policy for garbage collecting images takes two factors into consideration:
+`HighThresholdPercent` and `LowThresholdPercent`.
+-->
+
+磁盘使用率超过上限阈值（HighThresholdPercent）将触发垃圾回收。
+
+<!--
+Disk usage above the high threshold will trigger garbage collection.
+-->
+
+垃圾回收将删除最近最少使用的镜像，直到磁盘使用率满足下限阈值（LowThresholdPercent）。
+
+<!--
+The garbage collection will delete least recently used images until the low
+threshold has been met.
+-->
+
+## 容器回收
+
+<!--
+## Container Collection
+-->
+
+容器垃圾回收策略考虑三个用户定义变量。
+
+<!--
+The policy for garbage collecting containers considers three user-defined variables.
+-->
+
+`MinAge` 是容器可以被执行垃圾回收的最小年龄。
+
+<!--
+`MinAge` is the minimum age at which a container can be garbage collected.
+-->
+
+`MaxPerPodContainer` 是每个 pod 内允许存在的死亡容器的最大数量。
+
+<!--
+`MaxPerPodContainer` is the maximum number of dead containers every single
+pod (UID, container name) pair is allowed to have.
+-->
+
+`MaxContainers` 是全部死亡容器的最大数量。
+
+<!--
+`MaxContainers` is the maximum number of total dead containers. 
+-->
+
+可以分别独立地通过将 `MinAge` 设置为 0，以及将 `MaxPerPodContainer` 和 `MaxContainers` 设置为小于 0 来禁用这些变量。
+
+<!--
+These variables can be individually disabled by setting `MinAge` to zero and setting `MaxPerPodContainer` and `MaxContainers` respectively to less than zero.
+-->
+
+Kubelet 将处理无法辨识的、已删除的以及超出前面提到的参数所设置范围的容器。最老的容器通常会先被移除。
+
+<!--
+Kubelet will act on containers that are unidentified, deleted, or outside of the boundaries set by the previously mentioned flags. The oldest containers will generally be removed first.
+-->
+
+`MaxPerPodContainer` 和 `MaxContainer` 在某些场景下可能会存在冲突，例如在保证每个 pod 内死亡容器的最大数量（`MaxPerPodContainer`）的条件下可能会超过允许存在的全部死亡容器的最大数量（`MaxContainer`）。
+
+<!--
+`MaxPerPodContainer` and `MaxContainer` may potentially conflict with each other in situations where retaining the maximum number of containers per pod (`MaxPerPodContainer`) would go outside the allowable range of global dead containers (`MaxContainers`). 
+-->
+
+`MaxPerPodContainer` 在这种情况下会被进行调整：最坏的情况是将 `MaxPerPodContainer` 降级为 1，并驱逐最老的容器。
+
+<!--
+`MaxPerPodContainer` would be adjusted in this situation: A worst case scenario would be to downgrade `MaxPerPodContainer` to 1 and evict the oldest containers.
+-->
+
+此外，pod 内已经被删除的容器一旦年龄超过 `MinAge` 就会被清理。
+
+<!--
+Additionally, containers owned by pods that have been deleted are removed once they are older than `MinAge`.
+-->
+
+不被 kubelet 管理的容器不受容器垃圾回收的约束。
+
+<!--
+Containers that are not managed by kubelet are not subject to container garbage collection.
+-->
+
+## 用户配置
+
+<!--
+## User Configuration
+-->
+
+用户可以使用以下 kubelet 参数调整相关阈值来优化镜像垃圾回收：
+
+<!--
+Users can adjust the following thresholds to tune image garbage collection with the following kubelet flags :
+-->
+
+<!--
+1. `image-gc-high-threshold`, the percent of disk usage which triggers image garbage collection.
+Default is 85%.
+
+2. `image-gc-low-threshold`, the percent of disk usage to which image garbage collection attempts
+to free. Default is 80%.
+-->
+
+1. `image-gc-high-threshold`，触发镜像垃圾回收的磁盘使用率百分比。默认值为 85%。
+
+2. `image-gc-low-threshold`，镜像垃圾回收试图释放资源后达到的磁盘使用率百分比。默认值为 80%。
+
+我们还允许用户通过以下 kubelet 参数自定义垃圾收集策略：
+
+<!--
+We also allow users to customize garbage collection policy through the following kubelet flags:
+-->
+
+<!--
+1. `minimum-container-ttl-duration`, minimum age for a finished container before it is
+garbage collected. Default is 0 minute, which means every finished container will be garbage collected.
+
+2. `maximum-dead-containers-per-container`, maximum number of old instances to be retained
+per container. Default is 1.
+
+3. `maximum-dead-containers`, maximum number of old instances of containers to retain globally.
+Default is -1, which means there is no global limit.
+-->
+
+1. `minimum-container-ttl-duration`，完成的容器在被垃圾回收之前的最小年龄，默认是 0 分钟，这意味着每个完成的容器都会被执行垃圾回收。
+
+2. `maximum-dead-containers-per-container`，每个容器要保留的旧实例的最大数量。默认值为 1。
+
+3. `maximum-dead-containers`，要全局保留的旧容器实例的最大数量。默认值是 -1，这意味着没有全局限制。
+
+容器可能会在其效用过期之前被垃圾回收。这些容器可能包含日志和其他对故障诊断有用的数据。
+
+<!--
+Containers can potentially be garbage collected before their usefulness has expired. These containers
+can contain logs and other data that can be useful for troubleshooting.
+-->
+
+强烈建议为 `maximum-dead-containers-per-container` 设置一个足够大的值，以便每个预期容器至少保留一个死亡容器。
+
+<!--
+A sufficiently large value for `maximum-dead-containers-per-container` is highly recommended 
+to allow at least 1 dead container to be retained per expected container.
+-->
+
+由于同样的原因，`maximum-dead-containers` 也建议使用一个足够大的值。
+
+<!--
+A larger value for `maximum-dead-containers` is also recommended for a similar reason.
+-->
+
+查阅 [这个问题](https://github.com/kubernetes/kubernetes/issues/13287) 获取更多细节。
+
+<!--
+See [this issue](https://github.com/kubernetes/kubernetes/issues/13287) for more details.
+-->
+
+## 弃用
+
+<!--
+## Deprecation
+-->
+
+这篇文档中的一些 kubelet 垃圾收集（Garbage Collection）功能将在未来被 kubelet 驱逐回收（eviction）所替代。
+
+<!--
+Some kubelet Garbage Collection features in this doc will be replaced by kubelet eviction in the future.
+-->
+
+包括:
+
+| 现存参数 | 新参数 | 解释 |
+| ------------- | -------- | --------- |
+| `--image-gc-high-threshold` | `--eviction-hard` 或 `--eviction-soft` | 现存的驱逐回收信号可以触发镜像垃圾回收 |
+| `--image-gc-low-threshold` | `--eviction-minimum-reclaim` | 驱逐回收实现相同行为 |
+| `--maximum-dead-containers` | | 一旦旧日志存储在容器上下文之外，就会被弃用 |
+| `--maximum-dead-containers-per-container` | | 一旦旧日志存储在容器上下文之外，就会被弃用 |
+| `--minimum-container-ttl-duration` | | 一旦旧日志存储在容器上下文之外，就会被弃用 |
+| `--low-diskspace-threshold-mb` | `--eviction-hard` or `eviction-soft` | 驱逐回收将磁盘阈值泛化到其他资源 |
+| `--outofdisk-transition-frequency` | `--eviction-pressure-transition-period` | 驱逐回收将磁盘压力转换到其他资源 |
+
+<!--
+Including:
+
+| Existing Flag | New Flag | Rationale |
+| ------------- | -------- | --------- |
+| `--image-gc-high-threshold` | `--eviction-hard` or `--eviction-soft` | existing eviction signals can trigger image garbage collection |
+| `--image-gc-low-threshold` | `--eviction-minimum-reclaim` | eviction reclaims achieve the same behavior |
+| `--maximum-dead-containers` | | deprecated once old logs are stored outside of container's context |
+| `--maximum-dead-containers-per-container` | | deprecated once old logs are stored outside of container's context |
+| `--minimum-container-ttl-duration` | | deprecated once old logs are stored outside of container's context |
+| `--low-diskspace-threshold-mb` | `--eviction-hard` or `eviction-soft` | eviction generalizes disk thresholds to other resources |
+| `--outofdisk-transition-frequency` | `--eviction-pressure-transition-period` | eviction generalizes disk pressure transition to other resources |
+-->
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+查阅 [配置驱逐回收资源的策略](/docs/tasks/administer-cluster/out-of-resource/) 获取更多细节。
+
+<!--
+See [Configuring Out Of Resource Handling](/docs/tasks/administer-cluster/out-of-resource/) for more details.
+-->
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/cluster-administration/logging.md b/content/zh/docs/concepts/cluster-administration/logging.md
new file mode 100755
index 0000000000000..be577dfb78221
--- /dev/null
+++ b/content/zh/docs/concepts/cluster-administration/logging.md
@@ -0,0 +1,460 @@
+---
+reviewers:
+- piosz
+- x13n
+title: 日志架构
+content_template: templates/concept
+weight: 60
+---
+
+{{% capture overview %}}
+
+<!--
+Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism; as such, most container engines are likewise designed to support some kind of logging. The easiest and most embraced logging method for containerized applications is to write to the standard output and standard error streams.
+-->
+应用和系统日志可以让您了解集群内部的运行状况。日志对调试问题和监控集群活动非常有用。大部分现代化应用都有某种日志记录机制；同样地，大多数容器引擎也被设计成支持某种日志记录机制。针对容器化应用，最简单且受欢迎的日志记录方式就是写入标准输出和标准错误流。
+
+<!--
+However, the native functionality provided by a container engine or runtime is usually not enough for a complete logging solution. For example, if a container crashes, a pod is evicted, or a node dies, you'll usually still want to access your application's logs. As such, logs should have a separate storage and lifecycle independent of nodes, pods, or containers. This concept is called _cluster-level-logging_. Cluster-level logging requires a separate backend to store, analyze, and query logs. Kubernetes provides no native storage solution for log data, but you can integrate many existing logging solutions into your Kubernetes cluster.
+-->
+但是，由容器引擎或 runtime 提供的原生功能通常不足以满足完整的日志记录方案。例如，如果发生容器崩溃、pod 被逐出或节点宕机等情况，您仍然想访问到应用日志。因此，日志应该具有独立的存储和生命周期，与节点、pod 或容器的生命周期相独立。这个概念叫 _集群级的日志_ 。集群级日志方案需要一个独立的后台来存储、分析和查询日志。Kubernetes 没有为日志数据提供原生存储方案，但是您可以集成许多现有的日志解决方案到 Kubernetes 集群中。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+Cluster-level logging architectures are described in assumption that
+a logging backend is present inside or outside of your cluster. If you're
+not interested in having cluster-level logging, you might still find
+the description of how logs are stored and handled on the node to be useful.
+-->
+集群级日志架构假定在集群内部或者外部有一个日志后台。如果您对集群级日志不感兴趣，您仍会发现关于如何在节点上存储和处理日志的描述对您是有用的。
+
+<!--
+## Basic logging in Kubernetes
+
+In this section, you can see an example of basic logging in Kubernetes that
+outputs data to the standard output stream. This demonstration uses
+a [pod specification](/examples/debug/counter-pod.yaml) with
+a container that writes some text to standard output once per second.
+-->
+## Kubernetes 中的基本日志记录
+
+本节，您会看到一个kubernetes 中生成基本日志的例子，该例子中数据被写入到标准输出。
+这里通过一个特定的 [pod 规约](/examples/debug/counter-pod.yaml) 演示创建一个容器，并令该容器每秒钟向标准输出写入数据。
+
+{{< codenew file="debug/counter-pod.yaml" >}}
+
+<!--
+To run this pod, use the following command:
+-->
+用下面的命令运行 pod：
+
+```shell
+$ kubectl create -f https://k8s.io/examples/debug/counter-pod.yaml
+pod/counter created
+```
+
+<!--
+To fetch the logs, use the `kubectl logs` command, as follows:
+-->
+使用 `kubectl logs` 命令获取日志:
+
+```shell
+$ kubectl logs counter
+0: Mon Jan  1 00:00:00 UTC 2001
+1: Mon Jan  1 00:00:01 UTC 2001
+2: Mon Jan  1 00:00:02 UTC 2001
+...
+```
+
+<!--
+You can use `kubectl logs` to retrieve logs from a previous instantiation of a container with `--previous` flag, in case the container has crashed. If your pod has multiple containers, you should specify which container's logs you want to access by appending a container name to the command. See the [`kubectl logs` documentation](/docs/reference/generated/kubectl/kubectl-commands#logs) for more details.
+-->
+一旦发生容器崩溃，您可以使用命令 `kubectl logs` 和参数 `--previous` 检索之前的容器日志。
+如果 pod 中有多个容器，您应该向该命令附加一个容器名以访问对应容器的日志。
+详见 [`kubectl logs` 文档](/docs/reference/generated/kubectl/kubectl-commands#logs)。
+
+<!--
+## Logging at the node level
+-->
+## 节点级日志记录
+
+![Node level logging](/images/docs/user-guide/logging/logging-node-level.png)
+
+<!--
+Everything a containerized application writes to `stdout` and `stderr` is handled and redirected somewhere by a container engine. For example, the Docker container engine redirects those two streams to [a logging driver](https://docs.docker.com/engine/admin/logging/overview), which is configured in Kubernetes to write to a file in json format.
+-->
+容器化应用写入 `stdout` 和 `stderr` 的任何数据，都会被容器引擎捕获并被重定向到某个位置。
+例如，Docker 容器引擎将这两个输出流重定向到某个 [日志驱动](https://docs.docker.com/engine/admin/logging/overview) ，
+该日志驱动在 Kubernetes 中配置为以 json 格式写入文件。
+
+<!--
+{{< note >}}
+The Docker json logging driver treats each line as a separate message. When using the Docker logging driver, there is no direct support for multi-line messages. You need to handle multi-line messages at the logging agent level or higher.
+{{< /note >}}
+-->
+{{< note >}}
+Docker json 日志驱动将日志的每一行当作一条独立的消息。该日志驱动不直接支持多行消息。您需要在日志代理级别或更高级别处理多行消息。
+{{< /note >}}
+
+<!--
+By default, if a container restarts, the kubelet keeps one terminated container with its logs. If a pod is evicted from the node, all corresponding containers are also evicted, along with their logs.
+-->
+默认情况下，如果容器重启，kubelet 会保留被终止的容器日志。
+如果 pod 在工作节点被驱逐，该 pod 中所有的容器也会被驱逐，包括容器日志。
+
+<!--
+An important consideration in node-level logging is implementing log rotation,
+so that logs don't consume all available storage on the node. Kubernetes
+currently is not responsible for rotating logs, but rather a deployment tool
+should set up a solution to address that.
+For example, in Kubernetes clusters, deployed by the `kube-up.sh` script,
+there is a [`logrotate`](https://linux.die.net/man/8/logrotate)
+tool configured to run each hour. You can also set up a container runtime to
+rotate application's logs automatically, e.g. by using Docker's `log-opt`.
+In the `kube-up.sh` script, the latter approach is used for COS image on GCP,
+and the former approach is used in any other environment. In both cases, by
+default rotation is configured to take place when log file exceeds 10MB.
+-->
+节点级日志记录中，需要重点考虑实现日志的轮转，以此来保证日志不会消耗节点上所有的可用空间。
+Kubernetes 当前并不负责轮转日志，而是通过部署工具建立一个解决问题的方案。
+例如，在 Kubernetes 集群中，用 `kube-up.sh` 部署一个每小时运行的工具 [`logrotate`](https://linux.die.net/man/8/logrotate)。
+您也可以设置容器 runtime 来自动地轮转应用日志，比如使用 Docker 的 `log-opt` 选项。
+在 `kube-up.sh` 脚本中，使用后一种方式来处理 GCP 上的 COS 镜像，而使用前一种方式来处理其他环境。
+这两种方式，默认日志超过 10MB 大小时都会触发日志轮转。
+
+<!--
+As an example, you can find detailed information about how `kube-up.sh` sets
+up logging for COS image on GCP in the corresponding [script]
+[cosConfigureHelper].
+-->
+例如，您可以找到关于 `kube-up.sh` 为 GCP 环境的 COS 镜像设置日志的详细信息，
+相应的脚本在 [这里][cosConfigureHelper]。
+
+<!--
+When you run [`kubectl logs`](/docs/reference/generated/kubectl/kubectl-commands#logs) as in
+the basic logging example, the kubelet on the node handles the request and
+reads directly from the log file, returning the contents in the response.
+-->
+当运行 [`kubectl logs`](/docs/reference/generated/kubectl/kubectl-commands#logs) 时，
+节点上的 kubelet 处理该请求并直接读取日志文件，同时在响应中返回日志文件内容。
+
+{{< note >}}
+<!-- 
+Currently, if some external system has performed the rotation,
+only the contents of the latest log file will be available through
+`kubectl logs`. E.g. if there's a 10MB file, `logrotate` performs
+the rotation and there are two files, one 10MB in size and one empty,
+`kubectl logs` will return an empty response.
+-->
+当前，如果有其他系统机制执行日志轮转，那么 `kubectl logs` 仅可查询到最新的日志内容。
+比如，一个 10MB 大小的文件，通过`logrotate` 执行轮转后生成两个文件，一个 10MB 大小，一个为空，所以 `kubectl logs` 将返回空。
+
+[cosConfigureHelper]: https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch">}}/cluster/gce/gci/configure-helper.sh 
+{{< /note >}}
+
+<!--
+### System component logs
+
+There are two types of system components: those that run in a container and those
+that do not run in a container. For example:
+-->
+### 系统组件日志
+
+有两种类型的系统组件，运行在容器中的和未运行在容器中的。例如：
+
+<!--
+* The Kubernetes scheduler and kube-proxy run in a container.
+* The kubelet and container runtime, for example Docker, do not run in containers.
+-->
+* 运行在容器中的 Kubernetes 调度器和 kube-proxy。
+* 未运行在容器中的 kubelet 和容器 runtime，比如 Docker。
+
+<!--
+On machines with systemd, the kubelet and container runtime write to journald. If
+systemd is not present, they write to `.log` files in the `/var/log` directory.
+System components inside containers always write to the `/var/log` directory,
+bypassing the default logging mechanism. They use the [glog][glog]
+logging library. You can find the conventions for logging severity for those
+components in the [development docs on logging](https://git.k8s.io/community/contributors/devel/logging.md).
+-->
+在使用 systemd 机制的服务器上，kubelet 和容器 runtime 写入日志到 journald。
+如果没有 systemd，他们写入日志到 `/var/log` 目录的 `.log` 文件。
+容器中的系统组件通常将日志写到 `/var/log` 目录，绕过了默认的日志机制。他们使用 [glog][glog] 日志库。
+您可以在[日志开发文档](https://git.k8s.io/community/contributors/devel/logging.md)找到这些组件的日志告警级别协议。
+
+<!--
+Similarly to the container logs, system component logs in the `/var/log`
+directory should be rotated. In Kubernetes clusters brought up by
+the `kube-up.sh` script, those logs are configured to be rotated by
+the `logrotate` tool daily or once the size exceeds 100MB.
+-->
+和容器日志类似，`/var/log` 目录中的系统组件日志也应该被轮转。
+通过脚本 `kube-up.sh` 启动的 Kubernetes 集群中，日志被工具 `logrotate` 执行每日轮转，或者日志大小超过 100MB 时触发轮转。
+
+[glog]: https://godoc.org/github.com/golang/glog
+
+<!--
+## Cluster-level logging architectures
+-->
+## 集群级别日志架构
+
+<!--
+While Kubernetes does not provide a native solution for cluster-level logging, there are several common approaches you can consider. Here are some options:
+
+* Use a node-level logging agent that runs on every node.
+* Include a dedicated sidecar container for logging in an application pod.
+* Push logs directly to a backend from within an application.
+-->
+虽然 Kubernetes 并未提供原生的集群级记录日志方案，但是您可以考虑几种常见的方式。以下是一些选项：
+
+* 使用运行在各个节点上的节点级日志代理。
+* 在应用程序的 pod 中，包含专门记录日志的 sidecar 容器。
+* 在应用程序中将日志直接推送到后台。
+
+<!--
+### Using a node logging agent
+-->
+### 使用节点级日志代理
+
+![Using a node level logging agent](/images/docs/user-guide/logging/logging-with-node-agent.png)
+
+<!--
+You can implement cluster-level logging by including a _node-level logging agent_ on each node. The logging agent is a dedicated tool that exposes logs or pushes logs to a backend. Commonly, the logging agent is a container that has access to a directory with log files from all of the application containers on that node.
+-->
+您可以在每个节点上使用 _节点级的日志代理_ 来实现集群级日志记录。
+日志代理是专门的工具，它会暴露出日志或将日志推送到后台。
+通常来说，日志代理是一个容器，这个容器可以访问这个节点上所有应用容器的日志目录。
+
+<!--
+Because the logging agent must run on every node, it's common to implement it as either a DaemonSet replica, a manifest pod, or a dedicated native process on the node. However the latter two approaches are deprecated and highly discouraged.
+-->
+因为日志代理必须在每个节点上运行，所以通常的实现方式为，DaemonSet 副本、manifest pod 或者专用于本地的进程。
+但是后两种方式已被弃用并且不被推荐。
+
+<!--
+Using a node-level logging agent is the most common and encouraged approach for a Kubernetes cluster, because it creates only one agent per node, and it doesn't require any changes to the applications running on the node. However, node-level logging _only works for applications' standard output and standard error_.
+-->
+对于 Kubernetes 集群来说，使用节点级的日志代理是最常用和被推荐的方式，因为在每个节点上仅创建一个代理，并且不需要对节点上的应用做修改。
+但是，节点级的日志 _仅适用于应用程序的标准输出和标准错误输出_。
+
+<!--
+Kubernetes doesn't specify a logging agent, but two optional logging agents are packaged with the Kubernetes release: [Stackdriver Logging](/docs/user-guide/logging/stackdriver) for use with Google Cloud Platform, and [Elasticsearch](/docs/user-guide/logging/elasticsearch). You can find more information and instructions in the dedicated documents. Both use [fluentd](http://www.fluentd.org/) with custom configuration as an agent on the node.
+-->
+Kubernetes 并不指定日志代理，但是有两个可选的日志代理与 Kubernetes 发行版一起发布。
+[Stackdriver 日志](/docs/user-guide/logging/stackdriver) 适用于 Google Cloud Platform，和 [Elasticsearch](/docs/user-guide/logging/elasticsearch)。
+您可以在专门的文档中找到更多的信息和说明。两者都使用 [fluentd](http://www.fluentd.org/) 与自定义配置作为节点上的代理。
+
+<!--
+### Using a sidecar container with the logging agent
+-->
+### 使用 sidecar 容器和日志代理
+
+<!--
+You can use a sidecar container in one of the following ways:
+-->
+您可以通过以下方式之一使用 sidecar 容器：
+
+<!--
+* The sidecar container streams application logs to its own `stdout`.
+* The sidecar container runs a logging agent, which is configured to pick up logs from an application container.
+-->
+* sidecar 容器将应用程序日志传送到自己的标准输出。
+* sidecar 容器运行一个日志代理，配置该日志代理以便从应用容器收集日志。
+
+<!--
+#### Streaming sidecar container
+-->
+#### 传输数据流的 sidecar 容器
+
+<!--
+![Sidecar container with a streaming container](/images/docs/user-guide/logging/logging-with-streaming-sidecar.png)
+
+By having your sidecar containers stream to their own `stdout` and `stderr`
+streams, you can take advantage of the kubelet and the logging agent that
+already run on each node. The sidecar containers read logs from a file, a socket,
+or the journald. Each individual sidecar container prints log to its own `stdout`
+or `stderr` stream.
+-->
+利用 sidecar 容器向自己的 `stdout` 和 `stderr` 传输流的方式，您就可以利用每个节点上的 kubelet 和日志代理来处理日志。
+sidecar 容器从文件，socket 或 journald 读取日志。每个 sidecar 容器打印其自己的 `stdout` 和 `stderr` 流。
+
+<!--
+This approach allows you to separate several log streams from different
+parts of your application, some of which can lack support
+for writing to `stdout` or `stderr`. The logic behind redirecting logs
+is minimal, so it's hardly a significant overhead. Additionally, because
+`stdout` and `stderr` are handled by the kubelet, you can use built-in tools
+like `kubectl logs`.
+-->
+这种方式允许您分离出不同的日志流，这些日志流来自您应用的不同功能，其中一些可能缺乏对写入 `stdout` 和 `stderr` 的支持。
+重定向背后的逻辑很小，所以不会是很严重的开销。
+除此之外，因为 kubelet 处理 `stdout` 和 `stderr`，所以您照样可以使用 `kubectl logs` 工具。
+
+<!--
+Consider the following example. A pod runs a single container, and the container
+writes to two different log files, using two different formats. Here's a
+configuration file for the Pod:
+-->
+考虑接下来的例子。pod 的容器向两个文件写不同格式的日志，下面是这个 pod 的配置文件:
+
+{{< codenew file="admin/logging/two-files-counter-pod.yaml" >}}
+
+<!--
+It would be a mess to have log entries of different formats in the same log
+stream, even if you managed to redirect both components to the `stdout` stream of
+the container. Instead, you could introduce two sidecar containers. Each sidecar
+container could tail a particular log file from a shared volume and then redirect
+the logs to its own `stdout` stream.
+-->
+在同一个日志流中有两种不同格式的日志条目，这有点混乱，即使您试图重定向它们到容器的 `stdout` 流。
+取而代之的是，您可以引入两个 sidecar 容器。
+每一个 sidecar 容器可以从共享卷跟踪特定的日志文件，并重定向文件内容到各自的 `stdout` 流。
+
+<!--
+Here's a configuration file for a pod that has two sidecar containers:
+-->
+这是运行两个 sidecar 容器的 pod 文件。
+
+{{< codenew file="admin/logging/two-files-counter-pod-streaming-sidecar.yaml" >}}
+
+<!--
+Now when you run this pod, you can access each log stream separately by
+running the following commands:
+-->
+现在当您运行这个 pod 时，您可以分别地访问每一个日志流，运行如下命令：
+
+```shell
+$ kubectl logs counter count-log-1
+0: Mon Jan  1 00:00:00 UTC 2001
+1: Mon Jan  1 00:00:01 UTC 2001
+2: Mon Jan  1 00:00:02 UTC 2001
+...
+```
+
+```shell
+$ kubectl logs counter count-log-2
+Mon Jan  1 00:00:00 UTC 2001 INFO 0
+Mon Jan  1 00:00:01 UTC 2001 INFO 1
+Mon Jan  1 00:00:02 UTC 2001 INFO 2
+...
+```
+
+<!--
+The node-level agent installed in your cluster picks up those log streams
+automatically without any further configuration. If you like, you can configure
+the agent to parse log lines depending on the source container.
+-->
+无需深入配置，集群中的节点级代理即可自动地收集流日志。如果您愿意，您可以配置代理程序来解析源容器的日志行。
+
+<!--
+Note, that despite low CPU and memory usage (order of couple of millicores
+for cpu and order of several megabytes for memory), writing logs to a file and
+then streaming them to `stdout` can double disk usage. If you have
+an application that writes to a single file, it's generally better to set
+`/dev/stdout` as destination rather than implementing the streaming sidecar
+container approach.
+-->
+注意，尽管 CPU 和内存使用率都很低（以多个 cpu millicores 指标排序或者按 memory 的兆字节排序），
+向文件写日志然后输出到 `stdout` 流仍然会成倍地增加磁盘使用率。
+如果您的应用向单一文件写日志，通常最好设置 `/dev/stdout` 作为目标路径，而不是使用流式的 sidecar 容器方式。
+
+<!--
+Sidecar containers can also be used to rotate log files that cannot be
+rotated by the application itself. [An example](https://github.com/samsung-cnct/logrotate)
+of this approach is a small container running logrotate periodically.
+However, it's recommended to use `stdout` and `stderr` directly and leave rotation
+and retention policies to the kubelet.
+-->
+应用本身如果不具备轮转日志文件的功能，可以通过 sidecar 容器实现。
+该方式的 [例子](https://github.com/samsung-cnct/logrotate) 是运行一个定期轮转日志的容器。
+然而，还是推荐直接使用 `stdout` 和 `stderr`，将日志的轮转和保留策略交给 kubelet。
+
+<!--
+#### Sidecar container with a logging agent
+-->
+### 具有日志代理功能的 sidecar 容器
+
+![Sidecar container with a logging agent](/images/docs/user-guide/logging/logging-with-sidecar-agent.png)
+
+<!--
+If the node-level logging agent is not flexible enough for your situation, you
+can create a sidecar container with a separate logging agent that you have
+configured specifically to run with your application.
+-->
+如果节点级的日志代理对您的环境来说不够灵活，您可以在 sidecar 容器中创建一个独立的、专门为您的应用而配置的日志代理。
+
+<!--
+{{< note >}}
+Using a logging agent in a sidecar container can lead
+to significant resource consumption. Moreover, you won't be able to access
+those logs using `kubectl logs` command, because they are not controlled
+by the kubelet.
+{{< /note >}}
+-->
+{{< note >}}
+在 sidecar 容器中使用日志代理会导致严重的资源损耗。此外，您不能使用 `kubectl logs` 命令访问日志，因为日志并没有被 kubelet 管理。
+{{< /note >}}
+
+<!--
+As an example, you could use [Stackdriver](/docs/tasks/debug-application-cluster/logging-stackdriver/),
+which uses fluentd as a logging agent. Here are two configuration files that
+you can use to implement this approach. The first file contains
+a [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) to configure fluentd.
+-->
+例如，您可以使用 [Stackdriver](/docs/tasks/debug-application-cluster/logging-stackdriver/)，它用 fluentd 作为日志代理。
+这是实现此种方式的两个配置文件。
+第一个文件包含配置 fluentd 的 [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/)。
+
+{{< codenew file="admin/logging/fluentd-sidecar-config.yaml" >}}
+
+<!--
+{{< note >}}
+The configuration of fluentd is beyond the scope of this article. For
+information about configuring fluentd, see the
+[official fluentd documentation](http://docs.fluentd.org/).
+{{< /note >}}
+-->
+{{< note >}}
+fluentd 的配置文件已经超出了本文的讨论范畴。
+有关配置 fluentd 的更多信息，请见 [官方 fluentd 文档](http://docs.fluentd.org/)。
+{{< /note >}}
+
+<!--
+The second file describes a pod that has a sidecar container running fluentd.
+The pod mounts a volume where fluentd can pick up its configuration data.
+-->
+第二个文件描述了运行 fluentd  sidecar 容器的 pod 。flutend 通过 pod 的挂载卷获取它的配置数据。
+
+{{< codenew file="admin/logging/two-files-counter-pod-agent-sidecar.yaml" >}}
+
+<!--
+After some time you can find log messages in the Stackdriver interface.
+-->
+一段时间后，您可以在 Stackdriver 界面看到日志消息。
+
+<!--
+Remember, that this is just an example and you can actually replace fluentd
+with any logging agent, reading from any source inside an application
+container.
+-->
+记住，这只是一个例子，事实上您可以用任何一个日志代理替换 fluentd ，并从应用容器中读取任何资源。
+
+<!--
+### Exposing logs directly from the application
+-->
+
+### 从应用中直接暴露日志目录
+
+![Exposing logs directly from the application](/images/docs/user-guide/logging/logging-from-application.png)
+
+<!--
+You can implement cluster-level logging by exposing or pushing logs directly from
+every application; however, the implementation for such a logging mechanism
+is outside the scope of Kubernetes.
+-->
+通过暴露或推送每个应用的日志，您可以实现集群级日志记录；然而，这种日志记录机制的实现已超出 Kubernetes 的范围。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/cluster-administration/manage-deployment.md b/content/zh/docs/concepts/cluster-administration/manage-deployment.md
new file mode 100644
index 0000000000000..c8589e45f880a
--- /dev/null
+++ b/content/zh/docs/concepts/cluster-administration/manage-deployment.md
@@ -0,0 +1,629 @@
+---
+reviewers:
+- bgrant0607
+- janetkuo
+- mikedanese
+title: 管理资源
+content_template: templates/concept
+weight: 40
+---
+<!--
+---
+reviewers:
+- bgrant0607
+- janetkuo
+- mikedanese
+title: Managing Resources
+content_template: templates/concept
+weight: 40
+---
+ -->
+
+{{% capture overview %}}
+
+<!--
+You've deployed your application and exposed it via a service. Now what? Kubernetes provides a number of tools to help you manage your application deployment, including scaling and updating. Among the features that we will discuss in more depth are [configuration files](/docs/concepts/configuration/overview/) and [labels](/docs/concepts/overview/working-with-objects/labels/).
+ -->
+您已经部署了应用并通过服务暴露它。然后呢？Kubernetes 提供了一些工具来帮助管理您的应用部署，包括缩扩容和更新。我们将更深入讨论的特性包括[配置文件](/docs/concepts/configuration/overview/)和[标签](/docs/concepts/overview/working-with-objects/labels/)。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Organizing resource configurations
+
+Many applications require multiple resources to be created, such as a Deployment and a Service. Management of multiple resources can be simplified by grouping them together in the same file (separated by `---` in YAML). For example:
+ -->
+## 组织资源配置
+
+许多应用需要创建多个资源，例如 Deployment 和 Service。可以通过将多个资源组合在同一个文件中（在 YAML 中以 `---` 分隔）来简化对它们的管理。例如：
+
+{{< codenew file="application/nginx-app.yaml" >}}
+
+<!--
+Multiple resources can be created the same way as a single resource:
+ -->
+可以用创建单个资源相同的方式来创建多个资源：
+
+```shell
+$ kubectl create -f https://k8s.io/examples/application/nginx-app.yaml
+service/my-nginx-svc created
+deployment.apps/my-nginx created
+```
+
+<!--
+The resources will be created in the order they appear in the file. Therefore, it's best to specify the service first, since that will ensure the scheduler can spread the pods associated with the service as they are created by the controller(s), such as Deployment.
+ -->
+资源将按照它们在文件中的顺序创建。因此，最好先指定服务，这样在控制器（例如 Deployment）创建 Pod 时能够确保调度器可以将与服务关联的多个 Pod 分散到不同节点。
+
+<!--
+`kubectl create` also accepts multiple `-f` arguments:
+ -->
+`kubectl create` 也接受多个 `-f` 参数:
+
+```shell
+$ kubectl create -f https://k8s.io/examples/application/nginx/nginx-svc.yaml -f https://k8s.io/examples/application/nginx/nginx-deployment.yaml
+```
+
+<!--
+And a directory can be specified rather than or in addition to individual files:
+ -->
+还可以指定目录路径，而不用添加多个单独的文件：
+
+```shell
+$ kubectl create -f https://k8s.io/examples/application/nginx/
+```
+
+<!--
+`kubectl` will read any files with suffixes `.yaml`, `.yml`, or `.json`.
+
+It is a recommended practice to put resources related to the same microservice or application tier into the same file, and to group all of the files associated with your application in the same directory. If the tiers of your application bind to each other using DNS, then you can then simply deploy all of the components of your stack en masse.
+
+A URL can also be specified as a configuration source, which is handy for deploying directly from configuration files checked into github:
+ -->
+`kubectl` 将读取任何后缀为 `.yaml`，`.yml` 或者 `.json` 的文件。
+
+建议的做法是，将同一个微服务或同一应用层相关的资源放到同一个文件中，将同一个应用相关的所有文件按组存放到同一个目录中。如果应用的各层使用 DNS 相互绑定，那么您可以简单地将堆栈的所有组件一起部署。
+
+还可以使用 URL 作为配置源，便于直接使用已经提交到 Github 上的配置文件进行部署：
+
+```shell
+$ kubectl create -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx/nginx-deployment.yaml
+deployment.apps/my-nginx created
+```
+
+<!--
+## Bulk operations in kubectl
+
+Resource creation isn't the only operation that `kubectl` can perform in bulk. It can also extract resource names from configuration files in order to perform other operations, in particular to delete the same resources you created:
+ -->
+## kubectl 中的批量操作
+
+资源创建并不是 `kubectl` 可以批量执行的唯一操作。`kubectl` 还可以从配置文件中提取资源名，以便执行其他操作，特别是删除您之前创建的资源：
+
+```shell
+$ kubectl delete -f https://k8s.io/examples/application/nginx-app.yaml
+deployment.apps "my-nginx" deleted
+service "my-nginx-svc" deleted
+```
+
+<!--
+In the case of just two resources, it's also easy to specify both on the command line using the resource/name syntax:
+ -->
+在仅有两种资源的情况下，可以使用"资源类型/资源名"的语法在命令行中同时指定这两个资源：
+
+```shell
+$ kubectl delete deployments/my-nginx services/my-nginx-svc
+```
+
+<!--
+For larger numbers of resources, you'll find it easier to specify the selector (label query) specified using `-l` or `--selector`, to filter resources by their labels:
+ -->
+对于资源数目较大的情况，您会发现使用 `-l` 或 `--selector` 指定的筛选器（标签查询）能很容易根据标签筛选资源：
+
+```shell
+$ kubectl delete deployment,services -l app=nginx
+deployment.apps "my-nginx" deleted
+service "my-nginx-svc" deleted
+```
+
+<!--
+Because `kubectl` outputs resource names in the same syntax it accepts, it's easy to chain operations using `$()` or `xargs`:
+ -->
+由于 `kubectl` 用来输出资源名称的语法与其所接受的资源名称语法相同，所以很容易使用 `$()` 或 `xargs` 进行链式操作：
+
+```shell
+$ kubectl get $(kubectl create -f docs/concepts/cluster-administration/nginx/ -o name | grep service)
+NAME           TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)      AGE
+my-nginx-svc   LoadBalancer   10.0.0.208   <pending>     80/TCP       0s
+```
+
+<!--
+With the above commands, we first create resources under `examples/application/nginx/` and print the resources created with `-o name` output format
+(print each resource as resource/name). Then we `grep` only the "service", and then print it with `kubectl get`.
+ -->
+上面的命令中，我们首先使用 `examples/application/nginx/` 下的配置文件创建资源，并使用 `-o name` 的输出格式（以"资源/名称"的形式打印每个资源）打印所创建的资源。然后，我们通过 `grep` 来过滤 "service"，最后再打印 `kubectl get` 的内容。
+
+<!--
+If you happen to organize your resources across several subdirectories within a particular directory, you can recursively perform the operations on the subdirectories also, by specifying `--recursive` or `-R` alongside the `--filename,-f` flag.
+ -->
+如果您碰巧在某个路径下的多个子路径中组织资源，那么也可以递归地在所有子路径上执行操作，方法是在 `--filename,-f` 后面指定 `--recursive` 或者 `-R`。
+
+<!--
+For instance, assume there is a directory `project/k8s/development` that holds all of the manifests needed for the development environment, organized by resource type:
+ -->
+例如，假设有一个目录路径为 `project/k8s/development`，它保存开发环境所需的所有清单，并按资源类型组织：
+
+```
+project/k8s/development
+├── configmap
+│   └── my-configmap.yaml
+├── deployment
+│   └── my-deployment.yaml
+└── pvc
+    └── my-pvc.yaml
+```
+
+<!--
+By default, performing a bulk operation on `project/k8s/development` will stop at the first level of the directory, not processing any subdirectories. If we had tried to create the resources in this directory using the following command, we would have encountered an error:
+ -->
+默认情况下，对 `project/k8s/development` 执行的批量操作将停止在目录的第一级，而不是处理所有子目录。
+如果我们试图使用以下命令在此目录中创建资源，则会遇到一个错误：
+
+```shell
+$ kubectl create -f project/k8s/development
+error: you must provide one or more resources by argument or filename (.json|.yaml|.yml|stdin)
+```
+
+<!--
+Instead, specify the `--recursive` or `-R` flag with the `--filename,-f` flag as such:
+ -->
+然而，在 `--filename,-f` 后面标明 `--recursive` 或者 `-R` 之后：
+
+```shell
+$ kubectl create -f project/k8s/development --recursive
+configmap/my-config created
+deployment.apps/my-deployment created
+persistentvolumeclaim/my-pvc created
+```
+
+<!--
+The `--recursive` flag works with any operation that accepts the `--filename,-f` flag such as: `kubectl {create,get,delete,describe,rollout} etc.`
+
+The `--recursive` flag also works when multiple `-f` arguments are provided:
+ -->
+`--recursive` 可以用于接受 `--filename,-f` 参数的任何操作，例如：`kubectl {create,get,delete,describe,rollout}` 等。
+
+有多个 `-f` 参数出现的时候，`--recursive` 参数也能正常工作：
+
+```shell
+$ kubectl create -f project/k8s/namespaces -f project/k8s/development --recursive
+namespace/development created
+namespace/staging created
+configmap/my-config created
+deployment.apps/my-deployment created
+persistentvolumeclaim/my-pvc created
+```
+
+<!--
+If you're interested in learning more about `kubectl`, go ahead and read [kubectl Overview](/docs/reference/kubectl/overview/).
+ -->
+如果您有兴趣学习更多关于 `kubectl` 的内容，请阅读 [kubectl 概述](/docs/reference/kubectl/overview/)。
+
+<!--
+## Using labels effectively
+
+The examples we've used so far apply at most a single label to any resource. There are many scenarios where multiple labels should be used to distinguish sets from one another.
+ -->
+## 有效地使用标签
+
+到目前为止我们使用的示例中的资源最多使用了一个标签。在许多情况下，应使用多个标签来区分集合。
+
+<!--
+For instance, different applications would use different values for the `app` label, but a multi-tier application, such as the [guestbook example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/), would additionally need to distinguish each tier. The frontend could carry the following labels:
+ -->
+例如，不同的应用可能会为 `app` 标签设置不同的值。
+但是，类似 [guestbook 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/) 这样的多层应用，还需要区分每一层。前端可以带以下标签：
+
+```yaml
+     labels:
+        app: guestbook
+        tier: frontend
+```
+
+<!--
+while the Redis master and slave would have different `tier` labels, and perhaps even an additional `role` label:
+ -->
+Redis 的主节点和从节点会有不同的 `tier` 标签，甚至还有一个额外的 `role` 标签：
+
+```yaml
+     labels:
+        app: guestbook
+        tier: backend
+        role: master
+```
+
+<!--
+and
+ -->
+以及
+
+```yaml
+     labels:
+        app: guestbook
+        tier: backend
+        role: slave
+```
+
+<!--
+The labels allow us to slice and dice our resources along any dimension specified by a label:
+ -->
+标签允许我们按照标签指定的任何维度对我们的资源进行切片和切块：
+
+```shell
+$ kubectl create -f examples/guestbook/all-in-one/guestbook-all-in-one.yaml
+$ kubectl get pods -Lapp -Ltier -Lrole
+NAME                           READY     STATUS    RESTARTS   AGE       APP         TIER       ROLE
+guestbook-fe-4nlpb             1/1       Running   0          1m        guestbook   frontend   <none>
+guestbook-fe-ght6d             1/1       Running   0          1m        guestbook   frontend   <none>
+guestbook-fe-jpy62             1/1       Running   0          1m        guestbook   frontend   <none>
+guestbook-redis-master-5pg3b   1/1       Running   0          1m        guestbook   backend    master
+guestbook-redis-slave-2q2yf    1/1       Running   0          1m        guestbook   backend    slave
+guestbook-redis-slave-qgazl    1/1       Running   0          1m        guestbook   backend    slave
+my-nginx-divi2                 1/1       Running   0          29m       nginx       <none>     <none>
+my-nginx-o0ef1                 1/1       Running   0          29m       nginx       <none>     <none>
+$ kubectl get pods -lapp=guestbook,role=slave
+NAME                          READY     STATUS    RESTARTS   AGE
+guestbook-redis-slave-2q2yf   1/1       Running   0          3m
+guestbook-redis-slave-qgazl   1/1       Running   0          3m
+```
+
+<!--
+## Canary deployments
+ -->
+## 金丝雀部署
+
+<!--
+Another scenario where multiple labels are needed is to distinguish deployments of different releases or configurations of the same component. It is common practice to deploy a *canary* of a new application release (specified via image tag in the pod template) side by side with the previous release so that the new release can receive live production traffic before fully rolling it out.
+ -->
+另一个需要多标签的场景是用来区分同一组件的不同版本或者不同配置的多个部署。常见的做法是部署一个使用*金丝雀发布*来部署新应用版本（在 pod 模板中通过镜像标签指定），保持新旧版本应用同时运行，这样，新版本在完全发布之前也可以接收实时的生产流量。
+
+<!--
+For instance, you can use a `track` label to differentiate different releases.
+
+The primary, stable release would have a `track` label with value as `stable`:
+ -->
+例如，您可以使用 `track` 标签来区分不同的版本。
+
+主要稳定的发行版将有一个 `track` 标签，其值为 `stable`：
+
+```yaml
+     name: frontend
+     replicas: 3
+     ...
+     labels:
+        app: guestbook
+        tier: frontend
+        track: stable
+     ...
+     image: gb-frontend:v3
+```
+
+<!--
+and then you can create a new release of the guestbook frontend that carries the `track` label with different value (i.e. `canary`), so that two sets of pods would not overlap:
+ -->
+然后，您可以创建 guestbook 前端的新版本，让这些版本的 `track` 标签带有不同的值（即 `canary`），以便两组 pod 不会重叠：
+
+```yaml
+     name: frontend-canary
+     replicas: 1
+     ...
+     labels:
+        app: guestbook
+        tier: frontend
+        track: canary
+     ...
+     image: gb-frontend:v4
+```
+
+<!--
+The frontend service would span both sets of replicas by selecting the common subset of their labels (i.e. omitting the `track` label), so that the traffic will be redirected to both applications:
+ -->
+前端服务通过选择标签的公共子集（即忽略 `track` 标签）来覆盖两组副本，以便流量可以转发到两个应用：
+
+```yaml
+  selector:
+     app: guestbook
+     tier: frontend
+```
+
+<!--
+You can tweak the number of replicas of the stable and canary releases to determine the ratio of each release that will receive live production traffic (in this case, 3:1).
+Once you're confident, you can update the stable track to the new application release and remove the canary one.
+ -->
+您可以调整 `stable` 和 `canary` 版本的副本数量，以确定每个版本将接收实时生产流量的比例(在本例中为 3:1)。一旦有信心，您就可以将新版本应用的 `track` 标签的值从 `canary` 替换为 `stable`，并且将老版本应用删除。
+
+<!--
+For a more concrete example, check the [tutorial of deploying Ghost](https://github.com/kelseyhightower/talks/tree/master/kubecon-eu-2016/demo#deploy-a-canary).
+ -->
+想要了解更具体的示例，请查看 [Ghost 部署教程](https://github.com/kelseyhightower/talks/tree/master/kubecon-eu-2016/demo#deploy-a-canary)。
+
+<!--
+## Updating labels
+
+Sometimes existing pods and other resources need to be relabeled before creating new resources. This can be done with `kubectl label`.
+For example, if you want to label all your nginx pods as frontend tier, simply run:
+ -->
+## 更新标签
+
+有时，现有的 pod 和其它资源需要在创建新资源之前重新标记。这可以用 `kubectl label` 完成。
+例如，如果想要将所有 nginx pod 标记为前端层，只需运行：
+
+```shell
+$ kubectl label pods -l app=nginx tier=fe
+pod/my-nginx-2035384211-j5fhi labeled
+pod/my-nginx-2035384211-u2c7e labeled
+pod/my-nginx-2035384211-u3t6x labeled
+```
+
+<!--
+This first filters all pods with the label "app=nginx", and then labels them with the "tier=fe".
+To see the pods you just labeled, run:
+ -->
+首先用标签 "app=nginx" 过滤所有的 pod，然后用 "tier=fe" 标记它们。想要查看您刚才标记的 pod，请运行：
+
+```shell
+$ kubectl get pods -l app=nginx -L tier
+NAME                        READY     STATUS    RESTARTS   AGE       TIER
+my-nginx-2035384211-j5fhi   1/1       Running   0          23m       fe
+my-nginx-2035384211-u2c7e   1/1       Running   0          23m       fe
+my-nginx-2035384211-u3t6x   1/1       Running   0          23m       fe
+```
+
+<!--
+This outputs all "app=nginx" pods, with an additional label column of pods' tier (specified with `-L` or `--label-columns`).
+
+For more information, please see [labels](/docs/concepts/overview/working-with-objects/labels/) and [kubectl label](/docs/reference/generated/kubectl/kubectl-commands/#label).
+ -->
+这将输出所有 "app=nginx" 的 pod，并有一个额外的描述 pod 的 tier 的标签列（用参数 `-L` 或者 `--label-columns` 标明）。
+
+想要了解更多信息，请参考 [标签](/docs/concepts/overview/working-with-objects/labels/) 和 [kubectl label](/docs/reference/generated/kubectl/kubectl-commands/#label)。
+
+<!--
+## Updating annotations
+
+Sometimes you would want to attach annotations to resources. Annotations are arbitrary non-identifying metadata for retrieval by API clients such as tools, libraries, etc. This can be done with `kubectl annotate`. For example:
+ -->
+## 更新注解
+
+有时，您可能希望将注解附加到资源中。注解是 API 客户端（如工具、库等）用于检索的任意非标识元数据。这可以通过 `kubectl annotate` 来完成。例如：
+
+```shell
+$ kubectl annotate pods my-nginx-v4-9gw19 description='my frontend running nginx'
+$ kubectl get pods my-nginx-v4-9gw19 -o yaml
+apiversion: v1
+kind: pod
+metadata:
+  annotations:
+    description: my frontend running nginx
+...
+```
+
+<!--
+For more information, please see [annotations](/docs/concepts/overview/working-with-objects/annotations/) and [kubectl annotate](/docs/reference/generated/kubectl/kubectl-commands/#annotate) document.
+ -->
+想要了解更多信息，请参考 [注解](/docs/concepts/overview/working-with-objects/annotations/) 和 [kubectl annotate](/docs/reference/generated/kubectl/kubectl-commands/#annotate) 文档。
+
+<!--
+## Scaling your application
+
+When load on your application grows or shrinks, it's easy to scale with `kubectl`. For instance, to decrease the number of nginx replicas from 3 to 1, do:
+ -->
+## 缩扩您的应用
+
+当应用上的负载增长或收缩时，使用 `kubectl` 能够轻松实现规模的缩扩。例如，要将 nginx 副本的数量从 3 减少到 1，请执行以下操作：
+
+```shell
+$ kubectl scale deployment/my-nginx --replicas=1
+deployment.extensions/my-nginx scaled
+```
+
+<!--
+Now you only have one pod managed by the deployment.
+ -->
+现在，您的 deployment 管理的 pod 只有一个了。
+
+```shell
+$ kubectl get pods -l app=nginx
+NAME                        READY     STATUS    RESTARTS   AGE
+my-nginx-2035384211-j5fhi   1/1       Running   0          30m
+```
+
+<!--
+To have the system automatically choose the number of nginx replicas as needed, ranging from 1 to 3, do:
+ -->
+想要让系统自动选择需要 nginx 副本的数量，范围从 1 到 3，请执行以下操作：
+
+```shell
+$ kubectl autoscale deployment/my-nginx --min=1 --max=3
+horizontalpodautoscaler.autoscaling/my-nginx autoscaled
+```
+
+<!--
+Now your nginx replicas will be scaled up and down as needed, automatically.
+
+For more information, please see [kubectl scale](/docs/reference/generated/kubectl/kubectl-commands/#scale), [kubectl autoscale](/docs/reference/generated/kubectl/kubectl-commands/#autoscale) and [horizontal pod autoscaler](/docs/tasks/run-application/horizontal-pod-autoscale/) document.
+ -->
+现在，您的 nginx 副本将根据需要自动地增加或者减少。
+
+想要了解更多信息，请参考 [kubectl scale](/docs/reference/generated/kubectl/kubectl-commands/#scale), [kubectl autoscale](/docs/reference/generated/kubectl/kubectl-commands/#autoscale) 和 [pod 水平自动伸缩](/docs/tasks/run-application/horizontal-pod-autoscale/) 文档。
+
+<!--
+## In-place updates of resources
+
+Sometimes it's necessary to make narrow, non-disruptive updates to resources you've created.
+ -->
+## 就地更新资源
+
+有时，有必要对您所创建的资源进行小范围、无干扰地更新。
+
+### kubectl apply
+
+<!--
+It is suggested to maintain a set of configuration files in source control (see [configuration as code](http://martinfowler.com/bliki/InfrastructureAsCode.html)),
+so that they can be maintained and versioned along with the code for the resources they configure.
+Then, you can use [`kubectl apply`](/docs/reference/generated/kubectl/kubectl-commands/#apply) to push your configuration changes to the cluster.
+ -->
+建议在源代码管理中维护一组配置文件（参见[配置即代码](http://martinfowler.com/bliki/InfrastructureAsCode.html)），这样，它们就可以和应用代码一样进行维护和版本管理。然后，您可以用 [`kubectl apply`](/docs/reference/generated/kubectl/kubectl-commands/#apply) 将配置变更应用到集群中。
+
+<!--
+This command will compare the version of the configuration that you're pushing with the previous version and apply the changes you've made, without overwriting any automated changes to properties you haven't specified.
+ -->
+这个命令将会把推送的版本与以前的版本进行比较，并应用您所做的更改，但是不会自动覆盖任何你没有指定更改的属性。
+
+```shell
+$ kubectl apply -f https://k8s.io/examples/application/nginx/nginx-deployment.yaml
+deployment.apps/my-nginx configured
+```
+
+<!--
+Note that `kubectl apply` attaches an annotation to the resource in order to determine the changes to the configuration since the previous invocation. When it's invoked, `kubectl apply` does a three-way diff between the previous configuration, the provided input and the current configuration of the resource, in order to determine how to modify the resource.
+ -->
+注意，`kubectl apply` 将为资源增加一个额外的注解，以确定自上次调用以来对配置的更改。当调用它时，`kubectl apply` 会在以前的配置、提供的输入和资源的当前配置之间找出三方差异，以确定如何修改资源。
+
+<!--
+Currently, resources are created without this annotation, so the first invocation of `kubectl apply` will fall back to a two-way diff between the provided input and the current configuration of the resource. During this first invocation, it cannot detect the deletion of properties set when the resource was created. For this reason, it will not remove them.
+ -->
+目前，新创建的资源是没有这个注解的，所以，第一次调用 `kubectl apply` 将使用提供的输入和资源的当前配置双方之间差异进行比较。在第一次调用期间，它无法检测资源创建时属性集的删除情况。因此，不会删除它们。
+
+<!--
+All subsequent calls to `kubectl apply`, and other commands that modify the configuration, such as `kubectl replace` and `kubectl edit`, will update the annotation, allowing subsequent calls to `kubectl apply` to detect and perform deletions using a three-way diff.
+ -->
+所有后续调用 `kubectl apply` 以及其它修改配置的命令，如 `kubectl replace` 和 `kubectl edit`，都将更新注解，并允许随后调用的 `kubectl apply` 使用三方差异进行检查和执行删除。
+
+<!--
+{{< note >}}
+To use apply, always create resource initially with either `kubectl apply` or `kubectl create --save-config`.
+{{< /note >}}
+ -->
+{{< note >}}
+想要使用 apply，请始终使用 `kubectl apply` 或 `kubectl create --save-config` 创建资源。
+{{< /note >}}
+
+### kubectl edit
+
+<!--
+Alternatively, you may also update resources with `kubectl edit`:
+ -->
+或者，您也可以使用 `kubectl edit` 更新资源：
+
+```shell
+$ kubectl edit deployment/my-nginx
+```
+
+<!--
+This is equivalent to first `get` the resource, edit it in text editor, and then `apply` the resource with the updated version:
+ -->
+这相当于首先 `get` 资源，在文本编辑器中编辑它，然后用更新的版本 `apply` 资源：
+
+```shell
+$ kubectl get deployment my-nginx -o yaml > /tmp/nginx.yaml
+$ vi /tmp/nginx.yaml
+# do some edit, and then save the file
+$ kubectl apply -f /tmp/nginx.yaml
+deployment.apps/my-nginx configured
+$ rm /tmp/nginx.yaml
+```
+
+<!--
+This allows you to do more significant changes more easily. Note that you can specify the editor with your `EDITOR` or `KUBE_EDITOR` environment variables.
+
+For more information, please see [kubectl edit](/docs/reference/generated/kubectl/kubectl-commands/#edit) document.
+ -->
+这使您可以更加容易地进行更重大的更改。请注意，可以使用 `EDITOR` 或 `KUBE_EDITOR` 环境变量来指定编辑器。
+
+想要了解更多信息，请参考 [kubectl edit](/docs/reference/generated/kubectl/kubectl-commands/#edit) 文档。
+
+### kubectl patch
+
+<!--
+You can use `kubectl patch` to update API objects in place. This command supports JSON patch,
+JSON merge patch, and strategic merge patch. See
+[Update API Objects in Place Using kubectl patch](/docs/tasks/run-application/update-api-object-kubectl-patch/)
+and
+[kubectl patch](/docs/reference/generated/kubectl/kubectl-commands/#patch).
+ -->
+您可以使用 `kubectl patch` 来更新 API 对象。此命令支持 JSON patch，JSON merge patch，以及 strategic merge patch。 请参考
+[使用 kubectl patch 更新 API 对象](/docs/tasks/run-application/update-api-object-kubectl-patch/)
+和
+[kubectl patch](/docs/reference/generated/kubectl/kubectl-commands/#patch).
+
+<!--
+## Disruptive updates
+
+In some cases, you may need to update resource fields that cannot be updated once initialized, or you may just want to make a recursive change immediately, such as to fix broken pods created by a Deployment. To change such fields, use `replace --force`, which deletes and re-creates the resource. In this case, you can simply modify your original configuration file:
+ -->
+## 破坏性的更新
+
+在某些情况下，您可能需要更新某些初始化后无法更新的资源字段，或者您可能只想立即进行递归更改，例如修复 Deployment 创建的不正常的 Pod。若要更改这些字段，请使用 `replace --force`，它将删除并重新创建资源。在这种情况下，您可以简单地修改原始配置文件：
+
+```shell
+$ kubectl replace -f https://k8s.io/examples/application/nginx/nginx-deployment.yaml --force
+deployment.apps/my-nginx deleted
+deployment.apps/my-nginx replaced
+```
+
+<!--
+## Updating your application without a service outage
+ -->
+## 在不中断服务的情况下更新应用
+
+<!--
+At some point, you'll eventually need to update your deployed application, typically by specifying a new image or image tag, as in the canary deployment scenario above. `kubectl` supports several update operations, each of which is applicable to different scenarios.
+ -->
+在某些时候，您最终需要更新已部署的应用，通常都是通过指定新的镜像或镜像标签，如上面的金丝雀发布的场景中所示。`kubectl` 支持几种更新操作，每种更新操作都适用于不同的场景。
+
+<!--
+We'll guide you through how to create and update applications with Deployments. If your deployed application is managed by Replication Controllers,
+you should read [how to use `kubectl rolling-update`](/docs/tasks/run-application/rolling-update-replication-controller/) instead.
+ -->
+我们将指导您通过 Deployment 如何创建和更新应用。如果部署的应用由 `ReplicationController` 管理，那么您应该阅读 [怎么样使用 `kubectl rolling-update`](/docs/tasks/run-application/rolling-update-replication-controller/)。
+
+<!--
+Let's say you were running version 1.7.9 of nginx:
+ -->
+假设您正运行的是 1.7.9 版本的 nginx：
+
+```shell
+$ kubectl run my-nginx --image=nginx:1.7.9 --replicas=3
+deployment.apps/my-nginx created
+```
+
+<!--
+To update to version 1.9.1, simply change `.spec.template.spec.containers[0].image` from `nginx:1.7.9` to `nginx:1.9.1`, with the kubectl commands we learned above.
+ -->
+要更新到 1.9.1 版本，只需使用我们前面学到的 kubectl 命令将 `.spec.template.spec.containers[0].image` 从 `nginx:1.7.9` 修改为 `nginx:1.9.1`。
+
+```shell
+$ kubectl edit deployment/my-nginx
+```
+
+<!--
+That's it! The Deployment will declaratively update the deployed nginx application progressively behind the scene. It ensures that only a certain number of old replicas may be down while they are being updated, and only a certain number of new replicas may be created above the desired number of pods. To learn more details about it, visit [Deployment page](/docs/concepts/workloads/controllers/deployment/).
+ -->
+没错，就是这样！Deployment 将在后台逐步更新已经部署的 nginx 应用。它确保在更新过程中，只有一定数量的旧副本被开闭，并且只有一定基于所需 pod 数量的新副本被创建。想要了解更多细节，请参考 [Deployment](/docs/concepts/workloads/controllers/deployment/)。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+- [Learn about how to use `kubectl` for application introspection and debugging.](/docs/tasks/debug-application-cluster/debug-application-introspection/)
+- [Configuration Best Practices and Tips](/docs/concepts/configuration/overview/)
+ -->
+- [学习怎么样使用 `kubectl` 观察和调试应用](/docs/tasks/debug-application-cluster/debug-application-introspection/)
+- [配置最佳实践和技巧](/docs/concepts/configuration/overview/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/configuration/_index.md b/content/zh/docs/concepts/configuration/_index.md
new file mode 100644
index 0000000000000..5bf9c6c13813d
--- /dev/null
+++ b/content/zh/docs/concepts/configuration/_index.md
@@ -0,0 +1,11 @@
+---
+title: "配置"
+weight: 70
+---
+
+<!--
+---
+title: "Configuration"
+weight: 70
+---
+-->
\ No newline at end of file
diff --git a/content/zh/docs/concepts/configuration/manage-compute-resources-container.md b/content/zh/docs/concepts/configuration/manage-compute-resources-container.md
index 0d798d058bf10..e1a93014874a2 100644
--- a/content/zh/docs/concepts/configuration/manage-compute-resources-container.md
+++ b/content/zh/docs/concepts/configuration/manage-compute-resources-container.md
@@ -1,22 +1,74 @@
 ---
+title: 为容器管理计算资源
+content_template: templates/concept
+weight: 20
+feature:
+  title: 自动装箱
+  description: >
+    根据资源需求和其他约束自动放置容器，同时不会牺牲可用性，将任务关键工作负载和尽力服务工作负载进行混合放置，以提高资源利用率并节省更多资源。
+---
+
+<!--
+---
 title: Managing Compute Resources for Containers
 content_template: templates/concept
+weight: 20
+feature:
+  title: Automatic binpacking
+  description: >
+    Automatically places containers based on their resource requirements and other constraints, while not sacrificing availability. Mix critical and best-effort workloads in order to drive up utilization and save even more resources.
 ---
+-->
 
 {{% capture overview %}}
 
-当您定义 [Pod](/docs/user-guide/pods) 的时候可以选择为每个容器指定需要的 CPU 和内存（RAM）大小。当为容器指定了资源请求后，调度器就能够更好的判断出将容器调度到哪个节点上。如果您还为容器指定了资源限制，节点上的资源就可以按照指定的方式做竞争。关于资源请求和限制的不同点和更多资料请参考 [Resource QoS](https://git.k8s.io/community/contributors/design-proposals/resource-qos.md)。
+<!--
+When you specify a [Pod](/docs/concepts/workloads/pods/pod/), you can optionally specify how
+much CPU and memory (RAM) each Container needs. When Containers have resource
+requests specified, the scheduler can make better decisions about which nodes to
+place Pods on. And when Containers have their limits specified, contention for
+resources on a node can be handled in a specified manner. For more details about
+the difference between requests and limits, see
+[Resource QoS](https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md).
+-->
+当您定义 [Pod](/docs/user-guide/pods) 的时候可以选择为每个容器指定需要的 CPU 和内存（RAM）大小。当为容器指定了资源请求后，调度器就能够更好的判断出将容器调度到哪个节点上。如果您还为容器指定了资源限制，Kubernetes 就可以按照指定的方式来处理节点上的资源竞争。关于资源请求和限制的不同点和更多资料请参考 [Resource QoS](https://git.k8s.io/community/contributors/design-proposals/resource-qos.md)。
 
 {{% /capture %}}
 
 
 {{% capture body %}}
 
+<!--
+## Resource types
+*CPU* and *memory* are each a *resource type*. A resource type has a base unit.
+CPU is specified in units of cores, and memory is specified in units of bytes.
+CPU and memory are collectively referred to as *compute resources*, or just
+*resources*. Compute
+resources are measurable quantities that can be requested, allocated, and
+consumed. They are distinct from
+[API resources](/docs/concepts/overview/kubernetes-api/). API resources, such as Pods and
+[Services](/docs/concepts/services-networking/service/) are objects that can be read and modified
+through the Kubernetes API server.
+-->
+
 ## 资源类型
 
-*CPU* 和 *内存* 都是 *资源类型* 。资源类型具有基本单位。CPU 的单位是 core，内存的单位是 byte。
+*CPU* 和*内存*都是*资源类型*。资源类型具有基本单位。CPU 的单位是核心数，内存的单位是字节。
+
+CPU和内存统称为*计算资源*，也可以称为*资源*。计算资源的数量是可以被请求、分配、消耗和可测量的。它们与 [API 资源](/docs/concepts/overview/kubernetes-api/) 不同。 API 资源（如 Pod 和 [Service](/docs/concepts/services-networking/service/)）是可通过 Kubernetes API server 读取和修改的对象。
 
-CPU和内存统称为*计算资源* ，也可以称为*资源* 。计算资源的数量是可以被请求、分配、消耗和可测量的。它们与 [API 资源](/docs/api/) 不同。 API 资源（如 Pod 和 [Service](/docs/user-guide/services)）是可通过 Kubernetes API server 读取和修改的对象。
+<!--
+## Resource requests and limits of Pod and Container
+Each Container of a Pod can specify one or more of the following:
+* `spec.containers[].resources.limits.cpu`
+* `spec.containers[].resources.limits.memory`
+* `spec.containers[].resources.requests.cpu`
+* `spec.containers[].resources.requests.memory`
+Although requests and limits can only be specified on individual Containers, it
+is convenient to talk about Pod resource requests and limits. A
+*Pod resource request/limit* for a particular resource type is the sum of the
+resource requests/limits of that type for each Container in the Pod.
+-->
 
 ## Pod 和 容器的资源请求和限制
 
@@ -29,6 +81,27 @@ Pod 中的每个容器都可以指定以下的一个或者多个值：
 
 尽管只能在个别容器上指定请求和限制，但是我们可以方便地计算出 Pod 资源请求和限制。特定资源类型的Pod 资源请求/限制是 Pod 中每个容器的该类型的资源请求/限制的总和。
 
+<!--
+## Meaning of CPU
+Limits and requests for CPU resources are measured in *cpu* units.
+One cpu, in Kubernetes, is equivalent to:
+- 1 AWS vCPU
+- 1 GCP Core
+- 1 Azure vCore
+- 1 IBM vCPU
+- 1 *Hyperthread* on a bare-metal Intel processor with Hyperthreading
+Fractional requests are allowed. A Container with
+`spec.containers[].resources.requests.cpu` of `0.5` is guaranteed half as much
+CPU as one that asks for 1 CPU.  The expression `0.1` is equivalent to the
+expression `100m`, which can be read as "one hundred millicpu". Some people say
+"one hundred millicores", and this is understood to mean the same thing. A
+request with a decimal point, like `0.1`, is converted to `100m` by the API, and
+precision finer than `1m` is not allowed. For this reason, the form `100m` might
+be preferred.
+CPU is always requested as an absolute quantity, never as a relative quantity;
+0.1 is the same amount of CPU on a single-core, dual-core, or 48-core machine.
+-->
+
 ## CPU 的含义
 
 CPU 资源的限制和请求以 *cpu* 为单位。
@@ -44,6 +117,14 @@ Kubernetes 中的一个 cpu 等于：
 
 CPU 总是要用绝对数量，不可以使用相对数量；0.1 的 CPU 在单核、双核、48核的机器中的意义是一样的。
 
+<!--
+## Meaning of memory
+Limits and requests for `memory` are measured in bytes. You can express memory as
+a plain integer or as a fixed-point integer using one of these suffixes:
+E, P, T, G, M, K. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi,
+Mi, Ki. For example, the following represent roughly the same value:
+-->
+
 ## 内存的含义
 
 内存的限制和请求以字节为单位。您可以使用以下后缀之一作为平均整数或定点整数表示内存：E，P，T，G，M，K。您还可以使用两个字母的等效的幂数：Ei，Pi，Ti ，Gi，Mi，Ki。例如，以下代表大致相同的值：
@@ -52,6 +133,14 @@ CPU 总是要用绝对数量，不可以使用相对数量；0.1 的 CPU 在单
 128974848, 129e6, 129M, 123Mi
 ```
 
+<!--
+Here's an example.
+The following Pod has two Containers. Each Container has a request of 0.25 cpu
+and 64MiB (2<sup>26</sup> bytes) of memory. Each Container has a limit of 0.5
+cpu and 128MiB of memory. You can say the Pod has a request of 0.5 cpu and 128
+MiB of memory, and a limit of 1 cpu and 256MiB of memory.
+-->
+
 下面是个例子。
 
 以下 Pod 有两个容器。每个容器的请求为 0.25 cpu 和 64MiB（2<sup>26</sup> 字节）内存，每个容器的限制为 0.5 cpu 和 128MiB 内存。您可以说该 Pod 请求 0.5 cpu 和 128 MiB 的内存，限制为 1 cpu 和 256MiB 的内存。
@@ -83,27 +172,91 @@ spec:
         cpu: "500m"
 ```
 
+<!--
+## How Pods with resource requests are scheduled
+When you create a Pod, the Kubernetes scheduler selects a node for the Pod to
+run on. Each node has a maximum capacity for each of the resource types: the
+amount of CPU and memory it can provide for Pods. The scheduler ensures that,
+for each resource type, the sum of the resource requests of the scheduled
+Containers is less than the capacity of the node. Note that although actual memory
+or CPU resource usage on nodes is very low, the scheduler still refuses to place
+a Pod on a node if the capacity check fails. This protects against a resource
+shortage on a node when resource usage later increases, for example, during a
+daily peak in request rate.
+-->
+
 ## 具有资源请求的 Pod 如何调度
 
 当您创建一个 Pod 时，Kubernetes 调度程序将为 Pod 选择一个节点。每个节点具有每种资源类型的最大容量：可为 Pod 提供的 CPU 和内存量。调度程序确保对于每种资源类型，调度的容器的资源请求的总和小于节点的容量。请注意，尽管节点上的实际内存或 CPU 资源使用量非常低，但如果容量检查失败，则调度程序仍然拒绝在该节点上放置 Pod。当资源使用量稍后增加时，例如在请求率的每日峰值期间，这可以防止节点上的资源短缺。
 
+<!--
+## How Pods with resource limits are run
+When the kubelet starts a Container of a Pod, it passes the CPU and memory limits
+to the container runtime.
+When using Docker:
+-->
+
 ## 具有资源限制的 Pod 如何运行
 
 当 kubelet 启动一个 Pod 的容器时，它会将 CPU 和内存限制传递到容器运行时。
 
 当使用 Docker 时：
 
-- `spec.containers[].resources.requests.cpu` 的值将转换成 millicore 值，这是个浮点数，并乘以1024，这个数字中的较大者或2用作 `docker run` 命令中的[ `--cpu-shares`](https://docs.docker.com/engine/reference/run/#/cpu-share-constraint) 标志的值。
+<!--
+- The `spec.containers[].resources.requests.cpu` is converted to its core value,
+  which is potentially fractional, and multiplied by 1024. The greater of this number
+  or 2 is used as the value of the
+  [`--cpu-shares`](https://docs.docker.com/engine/reference/run/#/cpu-share-constraint)
+  flag in the `docker run` command.
+- The `spec.containers[].resources.limits.cpu` is converted to its millicore value and
+  multiplied by 100. The resulting value is the total amount of CPU time that a container can use
+  every 100ms. A container cannot use more than its share of CPU time during this interval.
+-->
+
+- `spec.containers[].resources.requests.cpu` 的值将转换成 millicore 值，这是个浮点数，并乘以 1024，这个数字中的较大者或 2 用作 `docker run` 命令中的[ `--cpu-shares`](https://docs.docker.com/engine/reference/run/#/cpu-share-constraint) 标志的值。
+
 - `spec.containers[].resources.limits.cpu` 被转换成 millicore 值。被乘以 100000 然后 除以 1000。这个数字用作 `docker run` 命令中的 [`--cpu-quota`](https://docs.docker.com/engine/reference/run/#/cpu-quota-constraint) 标志的值。[`--cpu-quota` ] 标志被设置成了 100000，表示测量配额使用的默认100ms 周期。如果 [`--cpu-cfs-quota`] 标志设置为 true，则 kubelet 会强制执行 cpu 限制。从 Kubernetes 1.2 版本起，此标志默认为 true。
+
+<!--
+  {{< note >}}
+  The default quota period is 100ms. The minimum resolution of CPU quota is 1ms.
+  {{</ note >}}
+-->
+
+  {{< note >}}
+  默认配额限制为 100 毫秒。 CPU配额的最小单位为 1 毫秒。
+  {{</ note >}}
+
 - `spec.containers[].resources.limits.memory` 被转换为整型，作为 `docker run` 命令中的 [`--memory`](https://docs.docker.com/engine/reference/run/#/user-memory-constraints) 标志的值。
 
+<!--
+If a Container exceeds its memory limit, it might be terminated. If it is
+restartable, the kubelet will restart it, as with any other type of runtime
+failure.
+If a Container exceeds its memory request, it is likely that its Pod will
+be evicted whenever the node runs out of memory.
+A Container might or might not be allowed to exceed its CPU limit for extended
+periods of time. However, it will not be killed for excessive CPU usage.
+To determine whether a Container cannot be scheduled or is being killed due to
+resource limits, see the
+[Troubleshooting](#troubleshooting) section.
+-->
+
 如果容器超过其内存限制，则可能会被终止。如果可重新启动，则与所有其他类型的运行时故障一样，kubelet 将重新启动它。
 
 如果一个容器超过其内存请求，那么当节点内存不足时，它的 Pod 可能被逐出。
 
 容器可能被允许也可能不被允许超过其 CPU 限制时间。但是，由于 CPU 使用率过高，不会被杀死。
 
-要确定容器是否由于资源限制而无法安排或被杀死，请参阅 [疑难解答](#troubleshooting) 部分。
+要确定容器是否由于资源限制而无法安排或被杀死，请参阅[疑难解答](#troubleshooting) 部分。
+
+<!--
+## Monitoring compute resource usage
+The resource usage of a Pod is reported as part of the Pod status.
+If [optional monitoring](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/cluster-monitoring/README.md)
+is configured for your cluster, then Pod resource usage can be retrieved from
+the monitoring system.
+-->
 
 ## 监控计算资源使用
 
@@ -111,6 +264,14 @@ Pod 的资源使用情况被报告为 Pod 状态的一部分。
 
 如果为集群配置了 [可选监控](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/cluster-monitoring/README.md)，则可以从监控系统检索 Pod 资源的使用情况。
 
+<!--
+## Troubleshooting
+### My Pods are pending with event message failedScheduling
+If the scheduler cannot find any node where a Pod can fit, the Pod remains
+unscheduled until a place can be found. An event is produced each time the
+scheduler fails to find a place for the Pod, like this:
+-->
+
 ## 疑难解答
 
 ### 我的 Pod 处于 pending 状态且事件信息显示 failedScheduling
@@ -124,8 +285,29 @@ Events:
   36s   5s     6      {scheduler }              FailedScheduling  Failed for reason PodExceedsFreeCPU and possibly others
 ```
 
+<!-
+In the preceding example, the Pod named "frontend" fails to be scheduled due to
+insufficient CPU resource on the node. Similar error messages can also suggest
+failure due to insufficient memory (PodExceedsFreeMemory). In general, if a Pod
+is pending with a message of this type, there are several things to try:
+- Add more nodes to the cluster.
+- Terminate unneeded Pods to make room for pending Pods.
+- Check that the Pod is not larger than all the nodes. For example, if all the
+  nodes have a capacity of `cpu: 1`, then a Pod with a request of `cpu: 1.1` will
+  never be scheduled.
+You can check node capacities and amounts allocated with the
+`kubectl describe nodes` command. For example:
+-->
+
 在上述示例中，由于节点上的 CPU 资源不足，名为 “frontend” 的 Pod 将无法调度。由于内存不足（PodExceedsFreeMemory），类似的错误消息也可能会导致失败。一般来说，如果有这种类型的消息而处于 pending 状态，您可以尝试如下几件事情：
 
+- 向集群添加更多节点。
+- 终止不需要的 Pod，为待处理的 Pod 腾出空间。
+- 检查 Pod 所需的资源是否大于所有节点的资源。 例如，如果全部节点的容量为`cpu：1`，那么一个请求为 `cpu：1.1`的 Pod 永远不会被调度。
+
+您可以使用 `kubectl describe nodes` 命令检查节点容量和分配的数量。 例如：
+
+
 ```shell
 $ kubectl describe nodes e2e-test-minion-group-4lw4
 Name:            e2e-test-minion-group-4lw4
@@ -156,6 +338,21 @@ Allocated resources:
   680m (34%)      400m (20%)    920Mi (12%)        1070Mi (14%)
 ```
 
+<!--
+In the preceding output, you can see that if a Pod requests more than 1120m
+CPUs or 6.23Gi of memory, it will not fit on the node.
+By looking at the `Pods` section, you can see which Pods are taking up space on
+the node.
+The amount of resources available to Pods is less than the node capacity, because
+system daemons use a portion of the available resources. The `allocatable` field
+[NodeStatus](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#nodestatus-v1-core)
+gives the amount of resources that are available to Pods. For more information, see
+[Node Allocatable Resources](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md).
+The [resource quota](/docs/concepts/policy/resource-quotas/) feature can be configured
+to limit the total amount of resources that can be consumed. If used in conjunction
+with namespaces, it can prevent one team from hogging all the resources.
+-->
+
 在上面的输出中，您可以看到如果 Pod 请求超过 1120m CPU 或者 6.23Gi 内存，节点将无法满足。
 
 通过查看 `Pods` 部分，您将看到哪些 Pod 占用的节点上的资源。
@@ -164,6 +361,13 @@ Pod 可用的资源量小于节点容量，因为系统守护程序使用一部
 
 可以将 [资源配额](/docs/concepts/policy/resource-quotas/) 功能配置为限制可以使用的资源总量。如果与 namespace 配合一起使用，就可以防止一个团队占用所有资源。
 
+<!--
+### My Container is terminated
+Your Container might get terminated because it is resource-starved. To check
+whether a Container is being killed because it is hitting a resource limit, call
+`kubectl describe pod` on the Pod of interest:
+-->
+
 ## 我的容器被终止了
 
 您的容器可能因为资源枯竭而被终止了。要查看容器是否因为遇到资源限制而被杀死，请在相关的 Pod 上调用 `kubectl describe pod`：
@@ -210,6 +414,13 @@ Events:
 
 您可以使用 `kubectl get pod` 命令加上 `-o go-template=...` 选项来获取之前终止容器的状态。
 
+<!--
+In the preceding example, the `Restart Count:  5` indicates that the `simmemleak`
+Container in the Pod was terminated and restarted five times.
+You can call `kubectl get pod` with the `-o go-template=...` option to fetch the status
+of previously terminated Containers:
+-->
+
 ```shell
 [13:59:01] $ kubectl get pod -o go-template='{{range.status.containerStatuses}}{{"Container Name: "}}{{.name}}{{"\r\nLastState: "}}{{.lastState}}{{end}}'  simmemleak-60xbc
 Container Name: simmemleak
@@ -218,6 +429,10 @@ LastState: map[terminated:map[exitCode:137 reason:OOM Killed startedAt:2015-07-0
 
 您可以看到容器因为 `reason:OOM killed` 被终止，`OOM` 表示 Out Of Memory。
 
+<!--
+You can see that the Container was terminated because of `reason:OOM Killed`, where `OOM` stands for Out Of Memory.
+-->
+
 ## 不透明整型资源（Alpha功能）
 
 Kubernetes 1.5 版本中引入不透明整型资源。不透明的整数资源允许集群运维人员发布新的节点级资源，否则系统将不了解这些资源。
@@ -275,6 +490,26 @@ spec:
         pod.alpha.kubernetes.io/opaque-int-resource-foo: 1
 ```
 
+<!--
+## Planned Improvements
+Kubernetes version 1.5 only allows resource quantities to be specified on a
+Container. It is planned to improve accounting for resources that are shared by
+all Containers in a Pod, such as
+[emptyDir volumes](/docs/concepts/storage/volumes/#emptydir).
+Kubernetes version 1.5 only supports Container requests and limits for CPU and
+memory. It is planned to add new resource types, including a node disk space
+resource, and a framework for adding custom
+[resource types](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/scheduling/resources.md).
+Kubernetes supports overcommitment of resources by supporting multiple levels of
+[Quality of Service](http://issue.k8s.io/168).
+In Kubernetes version 1.5, one unit of CPU means different things on different
+cloud providers, and on different machine types within the same cloud providers.
+For example, on AWS, the capacity of a node is reported in
+[ECUs](http://aws.amazon.com/ec2/faqs/), while in GCE it is reported in logical
+cores. We plan to revise the definition of the cpu resource to allow for more
+consistency across providers and platforms.
+-->
+
 ## 计划改进
 
 在 kubernetes 1.5 版本中仅允许在容器上指定资源量。计划改进对所有容器在 Pod 中共享资源的计量，如 [emptyDir volume](/docs/concepts/storage/volumes/#emptydir)。
@@ -288,6 +523,12 @@ Kubernetes 通过支持通过多级别的 [服务质量](http://issue.k8s.io/168
 {{% /capture %}}
 
 {{% capture whatsnext %}}
+<!--
+* Get hands-on experience [assigning Memory resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-memory-resource/).
+* Get hands-on experience [assigning CPU resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-cpu-resource/).
+* [Container API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#container-v1-core)
+* [ResourceRequirements](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#resourcerequirements-v1-core)
+-->
 
 - 获取将 [CPU 和内存资源分配给容器](/docs/tasks/configure-pod-container/assign-cpu-ram-container/) 的实践经验
 - [容器](/docs/api-reference/{{< param "version" >}}/#container-v1-core)
diff --git a/content/zh/docs/concepts/configuration/organize-cluster-access-kubeconfig.md b/content/zh/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
new file mode 100644
index 0000000000000..ac311a8e46955
--- /dev/null
+++ b/content/zh/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
@@ -0,0 +1,280 @@
+---
+title: 使用 kubeconfig 文件组织集群访问
+content_template: templates/concept
+weight: 60
+---
+<!--
+---
+title: Organizing Cluster Access Using kubeconfig Files
+content_template: templates/concept
+weight: 60
+---
+--->
+
+{{% capture overview %}}
+
+<!--
+Use kubeconfig files to organize information about clusters, users, namespaces, and
+authentication mechanisms. The `kubectl` command-line tool uses kubeconfig files to
+find the information it needs to choose a cluster and communicate with the API server
+of a cluster.
+--->
+使用 kubeconfig 文件来组织有关集群、用户、命名空间和身份认证机制的信息。`kubectl` 命令行工具使用 kubeconfig 文件来查找选择集群所需的信息，并与集群的 API 服务器进行通信。
+
+<!--
+{{< note >}}
+A file that is used to configure access to clusters is called
+a *kubeconfig file*. This is a generic way of referring to configuration files.
+It does not mean that there is a file named `kubeconfig`.
+{{< /note >}}
+--->
+{{< note >}}
+注意：用于配置集群访问的文件称为 *kubeconfig 文件*。这是引用配置文件的通用方法。这并不意味着有一个名为 `kubeconfig` 的文件
+{{< /note >}}
+
+<!--
+By default, `kubectl` looks for a file named `config` in the `$HOME/.kube` directory.
+You can specify other kubeconfig files by setting the `KUBECONFIG` environment
+variable or by setting the
+[`--kubeconfig`](/docs/reference/generated/kubectl/kubectl/) flag.
+--->
+默认情况下，`kubectl` 在 `$HOME/.kube` 目录下查找名为 `config` 的文件。您可以通过设置 `KUBECONFIG` 环境变量或者设置[`--kubeconfig`](/docs/reference/generated/kubectl/kubectl/)参数来指定其他 kubeconfig 文件。
+
+<!--
+For step-by-step instructions on creating and specifying kubeconfig files, see
+[Configure Access to Multiple Clusters](/docs/tasks/access-application-cluster/configure-access-multiple-clusters).
+--->
+有关创建和指定 kubeconfig 文件的分步说明，请参阅[配置对多集群的访问](/docs/tasks/access-application-cluster/configure-access-multiple-clusters)。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Supporting multiple clusters, users, and authentication mechanisms
+--->
+## 支持多集群、用户和身份认证机制
+
+<!--
+Suppose you have several clusters, and your users and components authenticate
+in a variety of ways. For example:
+--->
+假设您有多个集群，并且您的用户和组件以多种方式进行身份认证。比如：
+
+<!--
+- A running kubelet might authenticate using certificates.
+- A user might authenticate using tokens.
+- Administrators might have sets of certificates that they provide to individual users.
+--->
+- 正在运行的 kubelet 可能使用证书在进行认证。
+- 用户可能通过令牌进行认证。
+- 管理员可能拥有多个证书集合提供给各用户。
+
+<!--
+With kubeconfig files, you can organize your clusters, users, and namespaces.
+You can also define contexts to quickly and easily switch between
+clusters and namespaces.
+--->
+使用 kubeconfig 文件，您可以组织集群、用户和命名空间。您还可以定义上下文，以便在集群和命名空间之间快速轻松地切换。
+
+<!--
+## Context
+--->
+## 上下文（Context）
+
+<!--
+A *context* element in a kubeconfig file is used to group access parameters
+under a convenient name. Each context has three parameters: cluster, namespace, and user.
+By default, the `kubectl` command-line tool uses parameters from
+the *current context* to communicate with the cluster. 
+--->
+通过 kubeconfig 文件中的 *context* 元素，使用简便的名称来对访问参数进行分组。每个上下文都有三个参数：cluster、namespace 和 user。默认情况下，`kubectl` 命令行工具使用 *当前上下文* 中的参数与集群进行通信。
+
+<!--
+To choose the current context:
+--->
+选择当前上下文
+```
+kubectl config use-context
+```
+
+<!--
+## The KUBECONFIG environment variable
+--->
+## KUBECONFIG 环境变量
+
+<!--
+The `KUBECONFIG` environment variable holds a list of kubeconfig files.
+For Linux and Mac, the list is colon-delimited. For Windows, the list
+is semicolon-delimited. The `KUBECONFIG` environment variable is not
+required. If the `KUBECONFIG` environment variable doesn't exist,
+`kubectl` uses the default kubeconfig file, `$HOME/.kube/config`.
+--->
+`KUBECONFIG` 环境变量包含一个 kubeconfig 文件列表。对于 Linux 和 Mac，列表以冒号分隔。对于 Windows，列表以分号分隔。`KUBECONFIG` 环境变量不是必要的。如果 `KUBECONFIG` 环境变量不存在，`kubectl` 使用默认的 kubeconfig 文件，`$HOME/.kube/config`。
+
+<!--
+If the `KUBECONFIG` environment variable does exist, `kubectl` uses
+an effective configuration that is the result of merging the files
+listed in the `KUBECONFIG` environment variable.
+--->
+如果 `KUBECONFIG` 环境变量存在，`kubectl` 使用 `KUBECONFIG` 环境变量中列举的文件合并后的有效配置。
+
+<!--
+## Merging kubeconfig files
+--->
+## 合并 kubeconfig 文件
+
+<!--
+To see your configuration, enter this command:
+--->
+要查看配置，输入以下命令：
+```shell
+kubectl config view
+```
+
+<!--
+As described previously, the output might be from a single kubeconfig file,
+or it might be the result of merging several kubeconfig files.
+--->
+如前所述，输出可能来自 kubeconfig 文件，也可能是合并多个 kubeconfig 文件的结果。
+
+<!--
+Here are the rules that `kubectl` uses when it merges kubeconfig files:
+--->
+以下是 `kubectl` 在合并 kubeconfig 文件时使用的规则。
+
+<!--
+1. If the `--kubeconfig` flag is set, use only the specified file. Do not merge.
+   Only one instance of this flag is allowed.
+
+   Otherwise, if the `KUBECONFIG` environment variable is set, use it as a
+   list of files that should be merged.
+   Merge the files listed in the `KUBECONFIG` environment variable
+   according to these rules:
+
+   * Ignore empty filenames.
+   * Produce errors for files with content that cannot be deserialized.
+   * The first file to set a particular value or map key wins.
+   * Never change the value or map key.
+     Example: Preserve the context of the first file to set `current-context`.
+     Example: If two files specify a `red-user`, use only values from the first file's `red-user`.
+     Even if the second file has non-conflicting entries under `red-user`, discard them.
+--->
+1. 如果设置了 `--kubeconfig` 参数，则仅使用指定的文件。不进行合并。此参数只能使用一次。
+   
+   否则，如果设置了 `KUBECONFIG` 环境变量，将它用作应合并的文件列表。根据以下规则合并 `KUBECONFIG` 环境变量中列出的文件：
+
+   * 忽略空文件名。
+   * 对于内容无法反序列化的文件，产生错误信息。
+   * 第一个设置特定值或者映射键的文件将生效。
+   * 永远不会更改值或者映射键。示例：保留第一个文件的上下文以设置 `current-context`。示例：如果两个文件都指定了 `red-user`，则仅使用第一个文件的 `red-user` 中的值。即使第二个文件在 `red-user` 下有非冲突条目，也要丢弃它们。
+
+<!--
+   For an example of setting the `KUBECONFIG` environment variable, see
+   [Setting the KUBECONFIG environment variable](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/#set-the-kubeconfig-environment-variable).
+--->
+   有关设置 `KUBECONFIG` 环境变量的示例，请参阅[设置 KUBECONFIG 环境变量](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/#set-the-kubeconfig-environment-variable)。
+
+<!--
+   Otherwise, use the default kubeconfig file, `$HOME/.kube/config`, with no merging.
+--->
+   否则，使用默认的 kubeconfig 文件， `$HOME/.kube/config`，不进行合并。
+
+<!--
+1. Determine the context to use based on the first hit in this chain:
+
+    1. Use the `--context` command-line flag if it exists.
+    2. Use the `current-context` from the merged kubeconfig files.
+--->
+1. 根据此链中的第一个匹配确定要使用的上下文。
+
+    1. 如果存在，使用 `--context` 命令行参数。
+    2. 使用合并的 kubeconfig 文件中的 `current-context`。
+
+<!--
+   An empty context is allowed at this point.
+--->
+   这种场景下允许空上下文。
+
+<!--
+1. Determine the cluster and user. At this point, there might or might not be a context.
+   Determine the cluster and user based on the first hit in this chain,
+   which is run twice: once for user and once for cluster:
+
+   1. Use a command-line flag if it exists: `--user` or `--cluster`.
+   2. If the context is non-empty, take the user or cluster from the context.
+--->
+1. 确定集群和用户。此时，可能有也可能没有上下文。根据此链中的第一个匹配确定集群和用户，这将运行两次：一次用于用户，一次用于集群。
+
+   1. 如果存在，使用命令行参数：`--user` 或者 `--cluster`。
+   2. 如果上下文非空，从上下文中获取用户或集群。
+
+<!--
+   The user and cluster can be empty at this point.
+--->
+   这种场景下用户和集群可以为空。
+
+<!--
+1. Determine the actual cluster information to use. At this point, there might or
+   might not be cluster information.
+   Build each piece of the cluster information based on this chain; the first hit wins:
+
+   1. Use command line flags if they exist: `--server`, `--certificate-authority`, `--insecure-skip-tls-verify`.
+   2. If any cluster information attributes exist from the merged kubeconfig files, use them.
+   3. If there is no server location, fail.
+--->
+1. 确定要使用的实际集群信息。此时，可能有也可能没有集群信息。基于此链构建每个集群信息；第一个匹配项会被采用：
+
+   1. 如果存在：`--server`、`--certificate-authority` 和 `--insecure-skip-tls-verify`，使用命令行参数。
+   2. 如果合并的 kubeconfig 文件中存在集群信息属性，则使用它们。
+   3. 如果没有 server 配置，则配置无效。
+
+<!--
+2. Determine the actual user information to use. Build user information using the same
+   rules as cluster information, except allow only one authentication
+   technique per user:
+
+   1. Use command line flags if they exist: `--client-certificate`, `--client-key`, `--username`, `--password`, `--token`.
+   2. Use the `user` fields from the merged kubeconfig files.
+   3. If there are two conflicting techniques, fail.
+--->
+2. 确定要使用的实际用户信息。使用与集群信息相同的规则构建用户信息，但每个用户只允许一种身份认证技术：
+
+   1. 如果存在：`--client-certificate`、`--client-key`、`--username`、`--password` 和 `--token`，使用命令行参数。
+   2. 使用合并的 kubeconfig 文件中的 `user` 字段。
+   3. 如果存在两种冲突技术，则配置无效。
+
+<!--
+3. For any information still missing, use default values and potentially
+   prompt for authentication information.
+--->
+3. 对于仍然缺失的任何信息，使用其对应的默认值，并可能提示输入身份认证信息。
+
+<!--
+## File references
+--->
+## 文件引用
+
+<!--
+File and path references in a kubeconfig file are relative to the location of the kubeconfig file.
+File references on the command line are relative to the current working directory.
+In `$HOME/.kube/config`, relative paths are stored relatively, and absolute paths
+are stored absolutely.
+--->
+kubeconfig 文件中的文件和路径引用是相对于 kubeconfig 文件的位置。命令行上的文件引用是相当对于当前工作目录的。在 `$HOME/.kube/config` 中，相对路径按相对路径存储，绝对路径按绝对路径存储。
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+<!--
+* [Configure Access to Multiple Clusters](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/)
+* [`kubectl config`](/docs/reference/generated/kubectl/kubectl-commands#config)
+--->
+* [配置对多集群的访问](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/)
+* [`kubectl config`](/docs/reference/generated/kubectl/kubectl-commands#config)
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/concepts/configuration/overview.md b/content/zh/docs/concepts/configuration/overview.md
new file mode 100644
index 0000000000000..98e04965d0f96
--- /dev/null
+++ b/content/zh/docs/concepts/configuration/overview.md
@@ -0,0 +1,268 @@
+---
+reviewers:
+- mikedanese
+title: 配置最佳实践
+content_template: templates/concept
+weight: 10
+---
+<!--
+---
+reviewers:
+- mikedanese
+title: Configuration Best Practices
+content_template: templates/concept
+weight: 10
+---
+-->
+
+{{% capture overview %}}
+<!--
+This document highlights and consolidates configuration best practices that are introduced throughout the user guide, Getting Started documentation, and examples.
+-->
+本文档重点介绍并整合了整个用户指南、入门文档和示例中介绍的配置最佳实践。
+
+<!--
+This is a living document. If you think of something that is not on this list but might be useful to others, please don't hesitate to file an issue or submit a PR.
+-->
+这是一份活文件。
+如果您认为某些内容不在此列表中但可能对其他人有用，请不要犹豫，提交问题或提交 PR。
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+## General Configuration Tips
+-->
+## 一般配置提示
+
+<!--
+- When defining configurations, specify the latest stable API version.
+-->
+- 定义配置时，请指定最新的稳定 API 版本。
+
+<!--
+- Configuration files should be stored in version control before being pushed to the cluster. This allows you to quickly roll back a configuration change if necessary. It also aids cluster re-creation and restoration.
+-->
+- 在推送到集群之前，配置文件应存储在版本控制中。
+ 这允许您在必要时快速回滚配置更改。
+ 它还有助于集群重新创建和恢复。 
+
+<!--
+- Write your configuration files using YAML rather than JSON. Though these formats can be used interchangeably in almost all scenarios, YAML tends to be more user-friendly.
+-->
+- 使用 YAML 而不是 JSON 编写配置文件。虽然这些格式几乎可以在所有场景中互换使用，但 YAML 往往更加用户友好。
+
+<!--
+- Group related objects into a single file whenever it makes sense. One file is often easier to manage than several. See the [guestbook-all-in-one.yaml](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/all-in-one/guestbook-all-in-one.yaml) file as an example of this syntax.
+-->
+- 只要有意义，就将相关对象分组到一个文件中。
+ 一个文件通常比几个文件更容易管理。
+ 请参阅[guestbook-all-in-one.yaml](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/all-in-one/guestbook-all-in-one.yaml) 文件作为此语法的示例。
+
+<!--
+- Note also that many `kubectl` commands can be called on a directory. For example, you can call `kubectl apply` on a directory of config files.
+-->
+- 另请注意，可以在目录上调用许多`kubectl`命令。
+ 例如，你可以在配置文件的目录中调用`kubectl apply`。
+
+<!--
+- Don't specify default values unnecessarily: simple, minimal configuration will make errors less likely.
+-->
+- 不要不必要地指定默认值：简单的最小配置会降低错误的可能性。
+
+<!--
+- Put object descriptions in annotations, to allow better introspection.
+-->
+- 将对象描述放在注释中，以便更好地进行内省。
+
+
+<!--
+## "Naked" Pods vs ReplicaSets, Deployments, and Jobs
+-->
+## “Naked”Pods 与 ReplicaSet，Deployment 和 Jobs
+
+<!--
+- Don't use naked Pods (that is, Pods not bound to a [ReplicaSet](/docs/concepts/workloads/controllers/replicaset/) or [Deployment](/docs/concepts/workloads/controllers/deployment/)) if you can avoid it. Naked Pods will not be rescheduled in the event of a node failure.
+-->
+- 如果您能避免，不要使用 naked Pods（即，Pod 未绑定到[ReplicaSet](/docs/concepts/workloads/controllers/replicaset/) 或[Deployment](/docs/concepts/workloads/controllers/deployment/)）。
+ 如果节点发生故障，将不会重新安排 Naked Pods。
+
+<!--
+  A Deployment, which both creates a ReplicaSet to ensure that the desired number of Pods is always available, and specifies a strategy to replace Pods (such as [RollingUpdate](/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment)), is almost always preferable to creating Pods directly, except for some explicit [`restartPolicy: Never`](/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) scenarios. A [Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/) may also be appropriate.
+-->
+  部署，它创建一个 ReplicaSet 以确保所需数量的 Pod 始终可用，并指定替换 Pod 的策略(例如 [RollingUpdate](/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment))，除了一些显式的[`restartPolicy: Never`](/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy)场景之外，几乎总是优先考虑直接创建 Pod。
+[Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/) 也可能是合适的。
+
+
+<!--
+## Services
+-->
+## 服务
+
+<!--
+- Create a [Service](/docs/concepts/services-networking/service/) before its corresponding backend workloads (Deployments or ReplicaSets), and before any workloads that need to access it. When Kubernetes starts a container, it provides environment variables pointing to all the Services which were running when the container was started. For example, if a Service named `foo` exists, all containers will get the following variables in their initial environment:
+-->
+- 在其相应的后端工作负载（Deployment 或 ReplicaSet）之前，以及在需要访问它的任何工作负载之前创建[服务](/docs/concepts/services-networking/service/)。
+ 当 Kubernetes 启动容器时，它提供指向启动容器时正在运行的所有服务的环境变量。
+ 例如，如果存在名为`foo`当服务，则所有容器将在其初始环境中获取以下变量。
+
+  ```shell
+  FOO_SERVICE_HOST=<the host the Service is running on>
+  FOO_SERVICE_PORT=<the port the Service is running on>
+  ```
+
+<!--
+  *This does imply an ordering requirement* - any `Service` that a `Pod` wants to access must be created before the `Pod` itself, or else the environment variables will not be populated.  DNS does not have this restriction.
+-->
+  *这确实意味着订购要求* - 必须在`Pod`本身之前创建`Pod`想要访问的任何`Service`，否则将不会填充环境变量。 
+   DNS没有此限制。
+
+<!--
+- An optional (though strongly recommended) [cluster add-on](/docs/concepts/cluster-administration/addons/) is a DNS server.  The
+DNS server watches the Kubernetes API for new `Services` and creates a set of DNS records for each.  If DNS has been enabled throughout the cluster then all `Pods` should be able to do name resolution of `Services` automatically.
+-->
+- 一个可选（尽管强烈推荐）[cluster add-on](/docs/concepts/cluster-administration/addons/)是 DNS 服务器。DNS 服务器为新的`Services`监视 Kubernetes API，并为每个创建一组 DNS 记录。
+  如果在整个集群中启用了 DNS，则所有`Pods`应该能够自动对`Services`进行名称解析。
+
+<!--
+- Don't specify a `hostPort` for a Pod unless it is absolutely necessary. When you bind a Pod to a `hostPort`, it limits the number of places the Pod can be scheduled, because each <`hostIP`, `hostPort`, `protocol`> combination must be unique. If you don't specify the `hostIP` and `protocol` explicitly, Kubernetes will use `0.0.0.0` as the default `hostIP` and `TCP` as the default `protocol`.
+-->
+- 除非绝对必要，否则不要为 Pod 指定`hostPort`。
+  将 Pod 绑定到`hostPort`时，它会限制 Pod 可以调度的位置数，因为每个<`hostIP`, `hostPort`, `protocol`>组合必须是唯一的。如果您没有明确指定`hostIP`和`protocol`，Kubernetes将使用`0.0.0.0`作为默认`hostIP`和`TCP`作为默认`protocol`。
+
+<!--
+  If you only need access to the port for debugging purposes, you can use the [apiserver proxy](/docs/tasks/access-application-cluster/access-cluster/#manually-constructing-apiserver-proxy-urls) or [`kubectl port-forward`](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/).
+-->
+  如果您只需要访问端口以进行调试，则可以使用[apiserver proxy](/docs/tasks/access-application-cluster/access-cluster/#manually-constructing-apiserver-proxy-urls)或[`kubectl port-forward`](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/)。
+
+<!--
+  If you explicitly need to expose a Pod's port on the node, consider using a [NodePort](/docs/concepts/services-networking/service/#nodeport) Service before resorting to `hostPort`.
+-->
+  如果您明确需要在节点上公开 Pod 的端口，请在使用`hostPort`之前考虑使用[NodePort](/docs/concepts/services-networking/service/#nodeport) 服务。
+
+<!--
+- Avoid using `hostNetwork`, for the same reasons as `hostPort`.
+-->
+- 避免使用`hostNetwork`，原因与`hostPort`相同。
+
+<!--
+- Use [headless Services](/docs/concepts/services-networking/service/#headless-
+services) (which have a `ClusterIP` of `None`) for easy service discovery when you don't need `kube-proxy` load balancing.
+-->
+- 当您不需要`kube-proxy`负载平衡时，使用 [无头服务](/docs/concepts/services-networking/service/#headless-
+services)  (具有`None`的`ClusterIP`)以便于服务发现。
+
+<!--
+## Using Labels
+-->
+## 使用标签
+
+<!--
+- Define and use [labels](/docs/concepts/overview/working-with-objects/labels/) that identify __semantic attributes__ of your application or Deployment, such as `{ app: myapp, tier: frontend, phase: test, deployment: v3 }`. You can use these labels to select the appropriate Pods for other resources; for example, a Service that selects all `tier: frontend` Pods, or all `phase: test` components of `app: myapp`. See the [guestbook](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/) app for examples of this approach.
+-->
+- 定义并使用[标签](/docs/concepts/overview/working-with-objects/labels/)来识别应用程序或部署的__semantic attributes__，例如`{ app: myapp, tier: frontend, phase: test, deployment: v3 }`。
+  您可以使用这些标签为其他资源选择合适的 Pod；例如，一个选择所有`tier: frontend` Pod 的服务，或者`app: myapp`的所有`phase: test`组件。
+  有关此方法的示例，请参阅[留言板](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/) 。
+
+<!--
+A Service can be made to span multiple Deployments by omitting release-specific labels from its selector. [Deployments](/docs/concepts/workloads/controllers/deployment/) make it easy to update a running service without downtime.
+-->
+通过从选择器中省略特定发行版的标签，可以使服务跨越多个部署。
+[部署](/docs/concepts/workloads/controllers/deployment/)可以在不停机的情况下轻松更新正在运行的服务。
+
+<!--
+A desired state of an object is described by a Deployment, and if changes to that spec are _applied_, the deployment controller changes the actual state to the desired state at a controlled rate.
+-->
+部署描述了对象的期望状态，并且如果对该规范的更改是_applied_，则部署控制器以受控速率将实际状态改变为期望状态。
+
+<!--
+- You can manipulate labels for debugging. Because Kubernetes controllers (such as ReplicaSet) and Services match to Pods using selector labels, removing the relevant labels from a Pod will stop it from being considered by a controller or from being served traffic by a Service. If you remove the labels of an existing Pod, its controller will create a new Pod to take its place. This is a useful way to debug a previously "live" Pod in a "quarantine" environment. To interactively remove or add labels, use [`kubectl label`](/docs/reference/generated/kubectl/kubectl-commands#label).
+-->
+- 您可以操纵标签进行调试。
+- 由于 Kubernetes 控制器（例如 ReplicaSet）和服务使用选择器标签与 Pod 匹配，因此从 Pod 中删除相关标签将阻止其被控制器考虑或由服务提供服务流量。
+  如果删除现有 Pod 的标签，其控制器将创建一个新的 Pod 来取代它。
+  这是在"隔离"环境中调试先前"实时"Pod 的有用方法。
+  要以交互方式删除或添加标签，请使用[`kubectl label`](/docs/reference/generated/kubectl/kubectl-commands#label)。
+
+<!--
+## Container Images
+-->
+## 容器镜像
+
+<!--
+The [imagePullPolicy](/docs/concepts/containers/images/#updating-images) and the tag of the image affect when the [kubelet](/docs/admin/kubelet/) attempts to pull the specified image.
+-->
+当 [kubelet](/docs/admin/kubelet/)尝试拉取指定的镜像时，[imagePullPolicy]（/ docs / concepts / containers / images / #updating-images）和镜像的标签会生效。
+
+<!--
+- `imagePullPolicy: IfNotPresent`: the image is pulled only if it is not already present locally.
+-->
+- `imagePullPolicy: IfNotPresent`：仅当镜像在本地不存在时镜像才被拉取。
+
+<!--
+- `imagePullPolicy: Always`: the image is pulled every time the pod is started.
+-->
+- `imagePullPolicy: Always`：每次启动 pod 的时候都会拉取镜像。
+
+<!--
+- `imagePullPolicy` is omitted and either the image tag is `:latest` or it is omitted: `Always` is applied.
+-->
+- 省略`imagePullPolicy`，镜像标签为`:latest`或被省略，`Always`被应用。
+
+<!--
+- `imagePullPolicy` is omitted and the image tag is present but not `:latest`: `IfNotPresent` is applied.
+-->
+- `imagePullPolicy`被省略，并且镜像的标签被指定且不是`:latest`，`IfNotPresent`被应用。
+
+<!--
+- `imagePullPolicy: Never`: the image is assumed to exist locally. No attempt is made to pull the image.
+-->
+- `imagePullPolicy: Never`：镜像被假设存在于本地。
+  没有尝试拉取镜像。
+
+<!--
+To make sure the container always uses the same version of the image, you can specify its [digest](https://docs.docker.com/engine/reference/commandline/pull/#pull-an-image-by-digest-immutable-identifier), for example `sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2`. The digest uniquely identifies a specific version of the image, so it is never updated by Kubernetes unless you change the digest value.
+-->
+{{< note >}}
+要确保容器始终使用相同版本的镜像，你可以指定其 [摘要](https://docs.docker.com/engine/reference/commandline/pull/#pull-an-image-by-digest-immutable-identifier), 例如`sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2`。
+摘要唯一地标识出镜像的指定版本，因此除非您更改摘要值，否则 Kubernetes 永远不会更新它。
+{{< /note >}}
+
+<!--
+You should avoid using the `:latest` tag when deploying containers in production as it is harder to track which version of the image is running and more difficult to roll back properly.
+-->
+{{< note >}}
+在生产中部署容器时应避免使用 `:latest` 标记，因为更难跟踪正在运行的镜像版本，并且更难以正确回滚。 
+{{< /note >}}
+
+<!--
+The caching semantics of the underlying image provider make even `imagePullPolicy: Always` efficient. With Docker, for example, if the image already exists, the pull attempt is fast because all image layers are cached and no image download is needed.
+-->
+{{< note >}}
+底层镜像提供程序的缓存语义甚至使 `imagePullPolicy: Always`变得高效。
+例如，对于 Docker，如果镜像已经存在，则拉取尝试很快，因为镜像层都被缓存并且不需要镜像下载。
+{{< /note >}}
+
+<!--
+## Using kubectl
+-->
+## 使用 kubectl
+
+<!--
+- Use `kubectl apply -f <directory>`. This looks for Kubernetes configuration in all `.yaml`, `.yml`, and `.json` files in `<directory>` and passes it to `apply`.
+-->
+- 使用`kubectl apply -f <directory>`。
+  它在`<directory>`中的所有`.yaml`，`.yml`和`.json`文件中查找 Kubernetes 配置，并将其传递给`apply`。
+
+<!--
+- Use label selectors for `get` and `delete` operations instead of specific object names. See the sections on [label selectors](/docs/concepts/overview/working-with-objects/labels/#label-selectors) and [using labels effectively](/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively).
+-->
+- 使用标签选择器进行`get`和`delete`操作，而不是特定的对象名称。
+- 请参阅[标签选择器](/docs/concepts/overview/working-with-objects/labels/#label-selectors)和[有效使用标签]部分(/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively)。
+
+<!--
+- Use `kubectl run` and `kubectl expose` to quickly create single-container Deployments and Services. See [Use a Service to Access an Application in a Cluster](/docs/tasks/access-application-cluster/service-access-application-cluster/) for an example.
+-->
+- 使用`kubectl run`和`kubectl expose`来快速创建单容器部署和服务。
+  有关示例，请参阅[使用服务访问集群中的应用程序](/docs/tasks/access-application-cluster/service-access-application-cluster/)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/configuration/scheduler-perf-tuning.md b/content/zh/docs/concepts/configuration/scheduler-perf-tuning.md
new file mode 100644
index 0000000000000..3ca2c81c8d46e
--- /dev/null
+++ b/content/zh/docs/concepts/configuration/scheduler-perf-tuning.md
@@ -0,0 +1,175 @@
+---
+reviewers:
+- bsalamat
+title: 调度器性能调优
+content_template: templates/concept
+weight: 70
+---
+
+<!-- ---
+reviewers:
+- bsalamat
+title: Scheduler Performance Tuning
+content_template: templates/concept
+weight: 70
+--- -->
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="1.12" >}}
+
+<!-- Kube-scheduler is the Kubernetes default scheduler. It is responsible for
+placement of Pods on Nodes in a cluster. Nodes in a cluster that meet the
+scheduling requirements of a Pod are called "feasible" Nodes for the Pod. The
+scheduler finds feasible Nodes for a Pod and then runs a set of functions to
+score the feasible Nodes and picks a Node with the highest score among the
+feasible ones to run the Pod. The scheduler then notifies the API server about this
+decision in a process called "Binding". -->
+
+Kube-scheduler 是 Kubernetes 的默认调度器。负责将 Pods 安排到集群中的节点上。
+集群中达到 Pod 调度要求的节点也被称为这个 Pod 的“可行性”节点。
+调度器首先找出 Pod 的可行性节点，然后运行一套打分函数来为可行性节点打分，
+最后挑选出分数最高的可行性节点来运行 Pod。随后，调度器将这个决定通知给 API 服务器，
+这个通知流程叫做“绑定”（"Binding"）。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!-- ## Percentage of Nodes to Score -->
+## 可行性打分的节点比例
+
+<!-- Before Kubernetes 1.12, Kube-scheduler used to check the feasibility of all the
+nodes in a cluster and then scored the feasible ones. Kubernetes 1.12 has a new
+feature that allows the scheduler to stop looking for more feasible nodes once
+it finds a certain number of them. This improves the scheduler's performance in
+large clusters. The number is specified as a percentage of the cluster size and
+is controlled by a configuration option called `percentageOfNodesToScore`. The
+range should be between 1 and 100. Other values are considered as 100%. The
+default value of this option is 50%. A cluster administrator can change this value by providing a
+different value in the scheduler configuration. However, it may not be necessary to change this value. -->
+
+在 Kubernetes 1.12 之前， Kube-scheduler 曾经是检查集群中所有节点的可行性，并为它们依次打分。
+而在 Kubernetes 1.12 中加入了一项新的功能，允许调度器在找到足够合适的可行性节点之后，停止搜索。
+这项功能将提高调度器在大型集群应用中的性能。这是一个比例参数，通过一个名为 `percentageOfNodesToScore` 的配置选项，
+指明了集群大小中的比例。参数值范围在 1 到 100 之间。其它的数值将被认为是 100%。
+选项的默认值为 50%。集群管理员也可以在调度器的配置文件中，提供不同数值来做修改。
+但可能也并不需要修改这个值。
+
+```yaml
+apiVersion: componentconfig/v1alpha1
+kind: KubeSchedulerConfiguration
+algorithmSource:
+  provider: DefaultProvider
+
+...
+
+percentageOfNodesToScore: 50
+```
+
+{{< note >}}
+
+<!-- **Note**: In clusters with zero or less than 50 feasible nodes, the
+scheduler still checks all the nodes, simply because there are not enough
+feasible nodes to stop the scheduler's search early. -->
+
+**注意**：如果集群中可行性节点的数量为 0 或者小于 50 个，调度器还是会检查所有的节点，
+仅仅是因为没有足够多的可行性节点让调度器终止搜索。
+
+{{< /note >}}
+
+
+
+<!-- **To disable this feature**, you can set `percentageOfNodesToScore` to 100. -->
+可以将 `percentageOfNodesToScore` 设置为 100 来**禁止这项功能**。
+
+<!-- ### Tuning percentageOfNodesToScore -->
+### 调优 `percentageOfNodesToScore`
+
+<!-- `percentageOfNodesToScore` must be a value between 1 and 100
+with the default value of 50. There is also a hardcoded minimum value of 50
+nodes which is applied internally. The scheduler tries to find at
+least 50 nodes regardless of the value of `percentageOfNodesToScore`. This means
+that changing this option to lower values in clusters with several hundred nodes
+will not have much impact on the number of feasible nodes that the scheduler
+tries to find. This is intentional as this option is unlikely to improve
+performance noticeably in smaller clusters. In large clusters with over a 1000
+nodes setting this value to lower numbers may show a noticeable performance
+improvement. -->
+
+`percentageOfNodesToScore` 的数值必须在 1 到 100 之间，默认值为 50。
+在内部设计里面，还存在有硬编码的至少 50 个节点的要求。无论 `percentageOfNodesToScore` 设置如何，
+调度器都至少会搜索 50 个节点。换言之，在只有数百个节点的集群中调低这个参数，并不会对调度器搜索可行性节点有影响。
+这样设计是经过考虑的，因为在较小的集群中，这个参数并不会显著提升性能。
+而在超过 1000 个节点的大型集群中调低这个参数，将会有显著的性能提升。
+
+<!-- An important note to consider when setting this value is that when a smaller
+number of nodes in a cluster are checked for feasibility, some nodes are not
+sent to be scored for a given Pod. As a result, a Node which could possibly
+score a higher value for running the given Pod might not even be passed to the
+scoring phase. This would result in a less than ideal placement of the Pod. For
+this reason, the value should not be set to very low percentages. A general rule
+of thumb is to never set the value to anything lower than 30. Lower values
+should be used only when the scheduler's throughput is critical for your
+application and the score of nodes is not important. In other words, you prefer
+to run the Pod on any Node as long as it is feasible. -->
+
+在设置这个数值时，需要注意一点，如果集群中只有较少的一部分节点进行了可行性检查，
+有些节点将不会被作可行性打分。
+因而，有运行 Pod 可行性分数更高的节点甚至可能不会到达打分阶段。这会造成一个并不十分理想的安排结果。
+正因为如此，这个数值不应该设置得非常低。
+一个重要原则就是这个数值不应该小于 30。
+更小的数值只应该在应用对调度器的吞吐量十分敏感，而节点的可行性打分相对不重要的前提下使用。
+换言之，只要节点适合运行 Pod 就可以安排到该节点上运行。
+
+<!-- It is not recommended to lower this value from its default if your cluster has
+only several hundred Nodes. It is unlikely to improve the scheduler's
+performance significantly. -->
+
+如果集群只有数百个节点，我们不建议将参数值调到比默认值低。因为这并不能显著提升调度器的性能。
+
+<!-- ### How the scheduler iterates over Nodes -->
+### 调度器是如何遍历节点的
+
+<!-- This section is intended for those who want to understand the internal details
+of this feature. -->
+
+这一节是为那些希望了解这项功能内部细节的人准备的。
+
+<!-- In order to give all the Nodes in a cluster a fair chance of being considered
+for running Pods, the scheduler iterates over the nodes in a round robin
+fashion. You can imagine that Nodes are in an array. The scheduler starts from
+the start of the array and checks feasibility of the nodes until it finds enough
+Nodes as specified by `percentageOfNodesToScore`. For the next Pod, the
+scheduler continues from the point in the Node array that it stopped at when checking
+feasibility of Nodes for the previous Pod. -->
+
+为了让集群中所有的节点都有平等的机会被考虑运行 Pods，调度器需要以轮转的方式遍历所有的节点。
+你可以这样理解：所有节点都在记录在某数组之中，调度器从数组的一端开始检查节点的可行性，直到找到 `percentageOfNodesToScore`
+指明的、足够多的节点。对于下一个 pod，调度器将从前一个 Pod 的结束节点开始，继续开始搜索。
+
+<!-- If Nodes are in multiple zones, the scheduler iterates over Nodes in various
+zones to ensure that Nodes from different zones are considered in the
+feasibility checks. As an example, consider six nodes in two zones: -->
+
+如果节点在不同的区域，调度器也将遍历不同区域的所有节点，保证不同区域的节点都会被考虑在列。
+例如，如果六个节点分布在两个区域：
+
+```
+Zone 1: Node 1, Node 2, Node 3, Node 4
+Zone 2: Node 5, Node 6
+```
+
+<!-- The Scheduler evaluates feasibility of the nodes in this order: -->
+
+调度器将会按照下面的顺序来对所有的节点进行可行性检查：
+
+```
+Node 1, Node 5, Node 2, Node 6, Node 3, Node 4
+```
+
+<!-- After going over all the Nodes, it goes back to Node 1. -->
+
+当遍历完所有的节点后，会重新从 Node 1 开始搜索。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/configuration/secret.md b/content/zh/docs/concepts/configuration/secret.md
index a415bd5e00318..facc8d54eb5f9 100644
--- a/content/zh/docs/concepts/configuration/secret.md
+++ b/content/zh/docs/concepts/configuration/secret.md
@@ -547,13 +547,13 @@ spec:
 
 ### 客户端使用 Secret API
 
-当部署与 secret API 交互的应用程序时，应使用诸如 [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) 之类的 [授权策略](https://kubernetes.io/docs/admin/authorization/) 来限制访问。
+当部署与 secret API 交互的应用程序时，应使用诸如 [RBAC](/docs/admin/authorization/rbac/) 之类的 [授权策略](/docs/admin/authorization/) 来限制访问。
 
 Secret 中的值对于不同的环境来说重要性可能不同，例如对于 Kubernetes 集群内部（例如 service account 令牌）和集群外部来说就不一样。即使一个应用程序可以理解其期望的与之交互的 secret 有多大的能力，但是同一命名空间中的其他应用程序却可能不这样认为。
 
 由于这些原因，在命名空间中 `watch` 和 `list`  secret 的请求是非常强大的功能，应该避免这样的行为，因为列出 secret 可以让客户端检查所有 secret 是否在该命名空间中。在群集中`watch` 和 `list` 所有 secret 的能力应该只保留给最有特权的系统级组件。
 
-需要访问 secrets API 的应用程序应该根据他们需要的 secret 执行 `get` 请求。这允许管理员限制对所有 secret 的访问，同时设置 [白名单访问](https://kubernetes.io/docs/admin/authorization/rbac/#referring-to-resources) 应用程序需要的各个实例。
+需要访问 secrets API 的应用程序应该根据他们需要的 secret 执行 `get` 请求。这允许管理员限制对所有 secret 的访问，同时设置 [白名单访问](/docs/admin/authorization/rbac/#referring-to-resources) 应用程序需要的各个实例。
 
 为了提高循环获取的性能，客户端可以设计引用 secret 的资源，然后 `watch` 资源，在引用更改时重新请求 secret。此外，还提出了一种 [”批量监控“ API](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/bulk_watch.md) 来让客户端 `watch` 每个资源，该功能可能会在将来的 Kubernetes 版本中提供。
 
diff --git a/content/zh/docs/concepts/configuration/taint-and-toleration.md b/content/zh/docs/concepts/configuration/taint-and-toleration.md
index 388bb057c071a..b997b55df6854 100755
--- a/content/zh/docs/concepts/configuration/taint-and-toleration.md
+++ b/content/zh/docs/concepts/configuration/taint-and-toleration.md
@@ -78,7 +78,7 @@ To remove the taint added by the command above, you can run:
 -->
 想删除上述命令添加的 taint ，您可以运行：
 ```shell
-kubectl taint nodes kube11 key:NoSchedule-
+kubectl taint nodes node1 key:NoSchedule-
 ```
 
 ```yaml
diff --git a/content/zh/docs/concepts/containers/_index.md b/content/zh/docs/concepts/containers/_index.md
new file mode 100644
index 0000000000000..b17230af3a5ab
--- /dev/null
+++ b/content/zh/docs/concepts/containers/_index.md
@@ -0,0 +1,11 @@
+---
+title: "容器"
+weight: 50
+---
+
+<!--
+---
+title: "Containers"
+weight: 50
+---
+-->
\ No newline at end of file
diff --git a/content/zh/docs/concepts/containers/container-lifecycle-hooks.md b/content/zh/docs/concepts/containers/container-lifecycle-hooks.md
new file mode 100644
index 0000000000000..1a7c51db72400
--- /dev/null
+++ b/content/zh/docs/concepts/containers/container-lifecycle-hooks.md
@@ -0,0 +1,229 @@
+---
+reviewers:
+- mikedanese
+- thockin
+title: 容器生命周期钩子
+content_template: templates/concept
+weight: 30
+---
+
+<!--
+reviewers:
+- mikedanese
+- thockin
+title: Container Lifecycle Hooks
+content_template: templates/concept
+weight: 30
+-->
+
+
+{{% capture overview %}}
+
+<!--
+This page describes how kubelet managed Containers can use the Container lifecycle hook framework
+to run code triggered by events during their management lifecycle.
+-->
+这个页面描述了 kubelet 管理的容器如何使用容器生命周期钩子框架来运行在其管理生命周期中由事件触发的代码。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Overview
+-->
+
+## 概述
+
+<!--
+Analogous to many programming language frameworks that have component lifecycle hooks, such as Angular,
+Kubernetes provides Containers with lifecycle hooks.
+The hooks enable Containers to be aware of events in their management lifecycle
+and run code implemented in a handler when the corresponding lifecycle hook is executed.
+-->
+类似于许多具有生命周期钩子组件的编程语言框架，例如Angular，Kubernetes为容器提供了生命周期钩子。
+钩子使容器能够了解其管理生命周期中的事件，并在执行相应的生命周期钩子时运行在处理程序中实现的代码。
+
+<!--
+## Container hooks
+-->
+
+## 容器钩子
+
+<!--
+There are two hooks that are exposed to Containers:
+-->
+有两个钩子暴露在容器中:
+
+`PostStart`
+
+<!--
+This hook executes immediately after a container is created.
+However, there is no guarantee that the hook will execute before the container ENTRYPOINT.
+No parameters are passed to the handler.
+-->
+这个钩子在创建容器之后立即执行。
+但是，不能保证钩子会在容器入口点之前执行。
+没有参数传递给处理程序。
+
+`PreStop`
+
+<!--
+This hook is called immediately before a container is terminated.
+It is blocking, meaning it is synchronous,
+so it must complete before the call to delete the container can be sent.
+No parameters are passed to the handler.
+-->
+在容器终止之前立即调用此钩子。
+它是阻塞的，同时也是同步的，因此它必须在删除容器的调用之前完成。
+没有参数传递给处理程序。
+
+<!--
+A more detailed description of the termination behavior can be found in
+[Termination of Pods](/docs/concepts/workloads/pods/pod/#termination-of-pods).
+-->
+有关终止行为的更详细描述，请参见[终止 Pod](/docs/concepts/workloads/pods/pod/#termination-of-pods)。
+
+<!--
+### Hook handler implementations
+-->
+
+### 钩子处理程序的实现
+
+<!--
+Containers can access a hook by implementing and registering a handler for that hook.
+There are two types of hook handlers that can be implemented for Containers:
+-->
+容器可以通过实现和注册该钩子的处理程序来访问该钩子。
+针对容器，有两种类型的钩子处理程序可供实现：
+
+<!--
+* Exec - Executes a specific command, such as `pre-stop.sh`, inside the cgroups and namespaces of the Container.
+Resources consumed by the command are counted against the Container.
+* HTTP - Executes an HTTP request against a specific endpoint on the Container.
+-->
+
+* Exec - 执行一个特定的命令，例如 `pre-stop.sh`，在容器的 cgroups 和名称空间中。
+命令所消耗的资源根据容器进行计算。
+* HTTP - 对容器上的特定端点执行 HTTP 请求。
+
+<!--
+### Hook handler execution
+-->
+
+### 钩子处理程序执行
+
+<!--
+When a Container lifecycle management hook is called,
+the Kubernetes management system executes the handler in the Container registered for that hook. 
+-->
+当调用容器生命周期管理钩子时，Kubernetes 管理系统在为该钩子注册的容器中执行处理程序。
+
+<!--
+Hook handler calls are synchronous within the context of the Pod containing the Container.
+This means that for a `PostStart` hook,
+the Container ENTRYPOINT and hook fire asynchronously.
+However, if the hook takes too long to run or hangs,
+the Container cannot reach a `running` state.
+-->
+钩子处理程序调用在包含容器的 Pod 上下文中是同步的。
+这意味着对于 `PostStart` 钩子，容器入口点和钩子异步触发。
+但是，如果钩子运行或挂起的时间太长，则容器无法达到 `running` 状态。
+
+<!--
+The behavior is similar for a `PreStop` hook.
+If the hook hangs during execution,
+the Pod phase stays in a `Terminating` state and is killed after `terminationGracePeriodSeconds` of pod ends.
+If a `PostStart` or `PreStop` hook fails,
+it kills the Container.
+-->
+行为与 `PreStop` 钩子的行为类似。
+如果钩子在执行过程中挂起，Pod 阶段将保持在 `Terminating` 状态，并在 Pod 结束的 `terminationGracePeriodSeconds` 之后被杀死。
+如果 `PostStart` 或 `PreStop` 钩子失败，它会杀死容器。
+
+<!--
+Users should make their hook handlers as lightweight as possible.
+There are cases, however, when long running commands make sense,
+such as when saving state prior to stopping a Container.
+-->
+用户应该使他们的钩子处理程序尽可能的轻量级。
+但也需要考虑长时间运行的命令也很有用的情况，比如在停止容器之前保存状态。
+
+<!--
+### Hook delivery guarantees
+-->
+
+### 钩子寄送保证
+
+<!--
+Hook delivery is intended to be *at least once*,
+which means that a hook may be called multiple times for any given event,
+such as for `PostStart` or `PreStop`.
+It is up to the hook implementation to handle this correctly.
+-->
+钩子的寄送应该是*至少一次*，这意味着对于任何给定的事件，例如 `PostStart` 或 `PreStop`，钩子可以被调用多次。
+如何正确处理，是钩子实现所要考虑的问题。
+
+<!--
+Generally, only single deliveries are made.
+If, for example, an HTTP hook receiver is down and is unable to take traffic,
+there is no attempt to resend.
+In some rare cases, however, double delivery may occur.
+For instance, if a kubelet restarts in the middle of sending a hook,
+the hook might be resent after the kubelet comes back up.
+-->
+通常情况下，只会进行单次寄送。
+例如，如果 HTTP 钩子接收器宕机，无法接收流量，则不会尝试重新发送。
+然而，偶尔也会发生重复寄送的可能。
+例如，如果 kubelet 在发送钩子的过程中重新启动，钩子可能会在 kubelet 恢复后重新发送。
+
+<!--
+### Debugging Hook handlers
+-->
+
+### 调试钩子处理程序
+
+<!--
+The logs for a Hook handler are not exposed in Pod events.
+If a handler fails for some reason, it broadcasts an event.
+For `PostStart`, this is the `FailedPostStartHook` event,
+and for `PreStop`, this is the `FailedPreStopHook` event.
+You can see these events by running `kubectl describe pod <pod_name>`.
+Here is some example output of events from running this command:
+-->
+钩子处理程序的日志不会在 Pod 事件中公开。
+如果处理程序由于某种原因失败，它将播放一个事件。
+对于 `PostStart`，这是 `FailedPostStartHook` 事件，对于 `PreStop`，这是 `FailedPreStopHook` 事件。
+您可以通过运行 `kubectl describe pod <pod_name>` 命令来查看这些事件。
+下面是运行这个命令的一些事件输出示例:
+
+```
+Events:
+  FirstSeen    LastSeen    Count    From                            SubobjectPath        Type        Reason        Message
+  ---------    --------    -----    ----                            -------------        --------    ------        -------
+  1m        1m        1    {default-scheduler }                                Normal        Scheduled    Successfully assigned test-1730497541-cq1d2 to gke-test-cluster-default-pool-a07e5d30-siqd
+  1m        1m        1    {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}    spec.containers{main}    Normal        Pulling        pulling image "test:1.0"
+  1m        1m        1    {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}    spec.containers{main}    Normal        Created        Created container with docker id 5c6a256a2567; Security:[seccomp=unconfined]
+  1m        1m        1    {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}    spec.containers{main}    Normal        Pulled        Successfully pulled image "test:1.0"
+  1m        1m        1    {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}    spec.containers{main}    Normal        Started        Started container with docker id 5c6a256a2567
+  38s        38s        1    {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}    spec.containers{main}    Normal        Killing        Killing container with docker id 5c6a256a2567: PostStart handler: Error executing in Docker Container: 1
+  37s        37s        1    {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}    spec.containers{main}    Normal        Killing        Killing container with docker id 8df9fdfd7054: PostStart handler: Error executing in Docker Container: 1
+  38s        37s        2    {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}                Warning        FailedSync    Error syncing pod, skipping: failed to "StartContainer" for "main" with RunContainerError: "PostStart handler: Error executing in Docker Container: 1"
+  1m         22s         2     {kubelet gke-test-cluster-default-pool-a07e5d30-siqd}    spec.containers{main}    Warning        FailedPostStartHook
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about the [Container environment](/docs/concepts/containers/container-environment-variables/).
+* Get hands-on experience
+  [attaching handlers to Container lifecycle events](/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/).
+-->
+
+* 了解更多关于[容器环境](/docs/concepts/containers/container-environment-variables/)。
+* 获取实践经验[将处理程序附加到容器生命周期事件](/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/containers/images.md b/content/zh/docs/concepts/containers/images.md
index 3f4e6a8acd398..6b48630b8dc2f 100644
--- a/content/zh/docs/concepts/containers/images.md
+++ b/content/zh/docs/concepts/containers/images.md
@@ -124,13 +124,13 @@ Docker将私有仓库的密钥存放在`$HOME/.dockercfg`或`$HOME/.docker/confi
 
 推荐如下步骤来为node配置私有仓库。以下示例在PC或笔记本电脑中操作
 
-   1.对于想要使用的每一种凭证，运行 `docker login [server]`，它会更新`$HOME/.docker/config.json`。
-   1.使用编辑器查看`$HOME/.docker/config.json`，保证文件中包含了想要使用的凭证
-   1.获取node列表，例如
-     - 如果使用node名称，`nodes=$(kubectl get nodes -o jsonpath='{range.items[*].metadata}{.name} {end}')`
-	 - 如果使用node IP ，`nodes=$(kubectl get nodes -o jsonpath='{range .items[*].status.addresses[?(@.type=="ExternalIP")]}{.address} {end}')`
-   1.将本地的`.docker/config.json`拷贝到每个节点root用户目录下
-     - 例如： `for n in $nodes; do scp ~/.docker/config.json root@$n:/root/.docker/config.json; done`
+   1. 对于想要使用的每一种凭证，运行 `docker login [server]`，它会更新`$HOME/.docker/config.json`。
+   1. 使用编辑器查看`$HOME/.docker/config.json`，保证文件中包含了想要使用的凭证
+   1. 获取node列表，例如
+      - 如果使用node名称，`nodes=$(kubectl get nodes -o jsonpath='{range.items[*].metadata}{.name} {end}')`
+      - 如果使用node IP ，`nodes=$(kubectl get nodes -o jsonpath='{range .items[*].status.addresses[?(@.type=="ExternalIP")]}{.address} {end}')`
+   1. 将本地的`.docker/config.json`拷贝到每个节点root用户目录下
+      - 例如： `for n in $nodes; do scp ~/.docker/config.json root@$n:/root/.docker/config.json; done`
 	 
 创建使用私有仓库的pod来验证，例如：
 
diff --git a/content/zh/docs/concepts/containers/runtime-class.md b/content/zh/docs/concepts/containers/runtime-class.md
new file mode 100644
index 0000000000000..4029826901f0d
--- /dev/null
+++ b/content/zh/docs/concepts/containers/runtime-class.md
@@ -0,0 +1,197 @@
+---
+reviewers:
+- tallclair
+- dchen1107
+title: RuntimeClass
+content_template: templates/concept
+weight: 20
+---
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.12" state="alpha" >}}
+
+<!-- 
+This page describes the RuntimeClass resource and runtime selection mechanism.
+-->
+本页面讨论了 RuntimeClass 资源和运行时的选择机制。
+
+{{% /capture %}}
+
+{{< toc >}}
+
+{{% capture body %}}
+
+## RuntimeClass
+
+<!-- 
+RuntimeClass is an alpha feature for selecting the container runtime configuration to use to run a
+pod's containers.
+-->
+RuntimeClass 是一个 alpha 功能，用来选择运行 pod 中容器的容器运行时配置。
+
+<!-- 
+### Set Up
+-->
+### 设置
+
+<!-- 
+As an early alpha feature, there are some additional setup steps that must be taken in order to use
+the RuntimeClass feature:
+-->
+作为一个处于早期状态的 alpha 特性，必须要完成以下步骤才能使用 RuntimeClass 功能：
+
+<!--
+1. Enable the RuntimeClass feature gate (on apiservers & kubelets, requires version 1.12+)
+2. Install the RuntimeClass CRD
+3. Configure the CRI implementation on nodes (runtime dependent)
+4. Create the corresponding RuntimeClass resources
+-->
+1. 开启 RuntimeClass 特性门控（在 apiservers ＆ kubelets 上，需要 1.12 及以上版本）
+2. 安装 RuntimeClass CRD
+3. 在节点上配置 CRI 的实现（取决于所选的运行时）
+4. 创建相应的 RuntimeClass 资源
+
+<!--
+#### 1. Enable the RuntimeClass feature gate
+-->
+#### 1. 开启 RuntimeClass 特性门控
+
+<!--
+See [Feature Gates](/docs/reference/command-line-tools-reference/feature-gates/) for an explanation
+of enabling feature gates. The RuntimeClass feature gate must be enabled on apiservers _and_ kubelets.
+-->
+参见[特性门控](/docs/reference/command-line-tools-reference/feature-gates/)文档了解如何开启特定的特性门控。
+`RuntimeClass` 特性门控必须在 apiservers _和_ kubelets 上同时开启，才能使用。
+
+<!--
+#### 2. Install the RuntimeClass CRD
+-->
+#### 2. 安装 RuntimeClass CRD
+
+<!--
+The RuntimeClass [CustomResourceDefinition][/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/] (CRD) can be found in the addons directory of the
+Kubernetes git repo:
+-->
+可以在 Kubernetes git 仓库的 addons 目录中找到
+RuntimeClass [CustomResourceDefinition (CRD)](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/) 的定义：
+
+https://github.com/kubernetes/kubernetes/tree/release-1.12/cluster/addons/runtimeclass/runtimeclass_crd.yaml
+
+<!--
+Install the CRD with `kubectl apply -f runtimeclass_crd.yaml`.
+-->
+
+使用 `kubectl apply -f runtimeclass_crd.yaml` 命令安装 CRD。
+
+<!--
+#### 3. Configure the CRI implementation on nodes
+-->
+#### 3. 在节点上配置 CRI 实现
+
+<!--
+The configurations to select between with RuntimeClass are CRI implementation dependent. See the
+corresponding documentation for your CRI implementation for how to configure. As this is an alpha
+feature, not all CRIs support multiple RuntimeClasses yet.
+-->
+各 RuntimeClass 所支持的配置选项取决于 CRI 的实现本身。
+请参阅 CRI 实现的相应文档了解具体如何配置。
+由于这是一个 alpha 特性功能，并非所有 CRI 都支持多个 RuntimeClass。
+
+<!--
+RuntimeClass currently assumes a homogeneous node configuration across the cluster
+(which means that all nodes are configured the same way with respect to container runtimes). Any heterogeneity (varying configurations) must be
+managed independently of RuntimeClass through scheduling features
+(see [Assigning Pods to Nodes](/docs/concepts/configuration/assign-pod-node/)).
+-->
+{{< note >}}
+RuntimeClass 当前假设的是集群中的节点配置是同构的（换言之，所有的节点在容器运行时方面的配置是相同的）。
+任何异构性（不同的配置）必须通过调度功能在 RuntimeClass 之外单独管理（请参阅[在节点上分配 Pods](/docs/concepts/configuration/assign-pod-node/)）。
+{{< /note >}}
+
+<!--
+The configurations have a corresponding `RuntimeHandler` name, referenced by the RuntimeClass. The
+RuntimeHandler must be a valid DNS-1123 subdomain (alpha-numeric characters, `-`, or `.`).
+-->
+所有这些配置都具有相应的 `RuntimeHandler` 名，并被 RuntimeClass 引用。
+RuntimeHandler 必须是有效的 DNS-1123 子域（字母数字字符、`-` 或 `.`）。
+
+<!--
+#### 4. Create the corresponding RuntimeClass resources
+-->
+
+#### 4. 创建相应的 RuntimeClass 资源
+
+<!--
+The configurations setup in step 3 should each have an associated `RuntimeHandler` name, which
+identifies the configuration. For each RuntimeHandler (and optionally the empty `""` handler),
+create a corresponding RuntimeClass object
+.-->
+步骤 3 中的配置设置应该有相应的 `RuntimeHandler` 名，用于标识配置。
+对应每个 RuntimeHandler（以及 `""` 所代表的空处理程序），都创建相应的 RuntimeClass 对象。
+
+<!--The RuntimeClass resource currently only has 2 significant fields: the RuntimeClass name
+(`metadata.name`) and the RuntimeHandler (`spec.runtimeHandler`). The object definition looks like this:
+-->
+RuntimeClass 资源当前只有两个重要的字段：RuntimeClass 名 (`metadata.name`) 和 RuntimeHandler (`spec.runtimeHandler`)。
+对象定义如下所示：
+
+```yaml
+apiVersion: node.k8s.io/v1alpha1  # 在 node.k8s.io API 中对 RuntimeClass 进行定义
+kind: RuntimeClass
+metadata:
+  name: myclass  # 引用 RuntimeClass
+  # RuntimeClass 是不属于任何名字空间的资源
+spec:
+  runtimeHandler: myconfiguration  # 给出 CRI 配置的名称
+```
+
+<!--
+It is recommended that RuntimeClass write operations (create/update/patch/delete) be
+restricted to the cluster administrator. This is typically the default. See [Authorization
+Overview](/docs/reference/access-authn-authz/authorization/) for more details.
+-->
+
+{{< note >}}
+建议将 RuntimeClass 写操作（create、update、patch 和 delete）限定于集群管理员使用。
+通常这是默认配置。参阅[授权概述](/docs/reference/access-authn-authz/authorization/)了解更多信息。
+{{< /note >}}
+
+<!--
+### Usage
+Once RuntimeClasses are configured for the cluster, using them is very simple. Specify a
+`runtimeClassName` in the Pod spec. For example:
+-->
+
+### 使用说明
+
+一旦完成集群中 RuntimeClasses 的配置，使用起来非常简便。
+在 Pod spec 中指定 `runtimeClassName` 即可。例如:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mypod
+spec:
+  runtimeClassName: myclass
+  # ...
+```
+
+<!--This will instruct the Kubelet to use the named RuntimeClass to run this pod. If the named
+RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod will enter the
+`Failed` terminal [phase](/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase). Look for a
+corresponding [event](/docs/tasks/debug-application-cluster/debug-application-introspection/) for an
+error message.-->
+
+这一设置会告诉 Kubelet 使用所指的 RuntimeClass 来运行该 pod。
+如果所指的 RuntimeClass 不存在或者 CRI 无法运行相应的 handler，那么 pod 将会进入 `Failed` 终止[阶段](/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase)。
+你可以查看相应的[事件](/docs/tasks/debug-application-cluster/debug-application-introspection/)，获取出错信息。
+
+<!--
+If no `runtimeClassName` is specified, the default RuntimeHandler will be used, which is equivalent
+to the behavior when the RuntimeClass feature is disabled.
+-->
+如果未指定 `runtimeClassName` ，则将使用默认的 RuntimeHandler，相当于禁用 RuntimeClass 功能特性。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/extend-kubernetes/_index.md b/content/zh/docs/concepts/extend-kubernetes/_index.md
new file mode 100644
index 0000000000000..9eef5fffc5f54
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/_index.md
@@ -0,0 +1,11 @@
+---
+title: 扩展 Kubernetes
+weight: 40
+---
+
+<!--
+---
+title: Extending Kubernetes
+weight: 40
+---
+-->
diff --git a/content/zh/docs/concepts/extend-kubernetes/api-extension/_index.md b/content/zh/docs/concepts/extend-kubernetes/api-extension/_index.md
new file mode 100644
index 0000000000000..51c5bdcc7ac70
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/api-extension/_index.md
@@ -0,0 +1,11 @@
+---
+title: 扩展 Kubernetes API
+weight: 20
+---
+
+<!--
+---
+title: Extending the Kubernetes API
+weight: 20
+---
+-->
diff --git a/content/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md b/content/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
new file mode 100644
index 0000000000000..11dc1e423aced
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
@@ -0,0 +1,73 @@
+<!--
+---
+title: Extending the Kubernetes API with the aggregation layer
+reviewers:
+- lavalamp
+- cheftako
+- chenopis
+content_template: templates/concept
+weight: 10
+---
+-->
+
+---
+title: 通过聚合层扩展 Kubernetes API
+reviewers:
+- lavalamp
+- cheftako
+- chenopis
+content_template: templates/concept
+weight: 10
+---
+
+{{% capture overview %}}
+
+<!--
+The aggregation layer allows Kubernetes to be extended with additional APIs, beyond what is offered by the core Kubernetes APIs. 
+-->
+
+聚合层允许 Kubernetes 通过额外的 API 进行扩展，而不局限于 Kubernetes 核心 API 提供的功能。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Overview
+
+The aggregation layer enables installing additional Kubernetes-style APIs in your cluster. These can either be pre-built, existing 3rd party solutions, such as [service-catalog](https://github.com/kubernetes-incubator/service-catalog/blob/master/README.md), or user-created APIs like [apiserver-builder](https://github.com/kubernetes-incubator/apiserver-builder/blob/master/README.md), which can get you started.
+-->
+
+## 概述
+
+聚合层使您的集群可以安装其他 Kubernetes 风格的 API。这些 API 可以是预编译的、第三方的解决方案提供的例如[service-catalog](https://github.com/kubernetes-incubator/service-catalog/blob/master/README.md)、或者用户创建的类似[apiserver-builder](https://github.com/kubernetes-incubator/apiserver-builder/blob/master/README.md)一样的API可以帮助你上手。
+
+<!--
+In 1.7 the aggregation layer runs in-process with the kube-apiserver. Until an extension resource is registered, the aggregation layer will do nothing. To register an API, users must add an APIService object, which "claims" the URL path in the Kubernetes API. At that point, the aggregation layer will proxy anything sent to that API path (e.g. /apis/myextension.mycompany.io/v1/…) to the registered APIService. 
+-->
+
+1.7 版本中，聚合层在 kube-apiserver 进程内运行。在扩展资源注册之前，聚合层不做任何事情。要注册 API，用户必须添加一个 APIService 对象，用它来申领 Kubernetes API 中的 URL 路径。自此以后，聚合层将会把发给该 API 路径的所有内容（例如 /apis/myextension.mycompany.io/v1/…）代理到已注册的 APIService。
+
+<!--
+Ordinarily, the APIService will be implemented by an *extension-apiserver* in a pod running in the cluster. This extension-apiserver will normally need to be paired with one or more controllers if active management of the added resources is needed. As a result, the apiserver-builder will actually provide a skeleton for both. As another example, when the service-catalog is installed, it provides both the extension-apiserver and controller for the services it provides.
+-->
+
+正常情况下，APIService 会实现为运行于集群中某 Pod 内的 extension-apiserver。如果需要对增加的资源进行动态管理，extension-apiserver 经常需要和一个或多个控制器一起使用。因此，apiserver-builder 同时提供用来管理新资源的 API 框架和控制器框架。另外一个例子，当安装了 service-catalog 时，它会为自己提供的服务提供 extension-apiserver 和控制器。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* To get the aggregator working in your environment, [configure the aggregation layer](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/).
+* Then, [setup an extension api-server](/docs/tasks/access-kubernetes-api/setup-extension-api-server/) to work with the aggregation layer.
+* Also, learn how to [extend the Kubernetes API using Custom Resource Definitions](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/).
+-->
+
+* 阅读[配置聚合层](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/) 文档，了解如何在自己的环境中启用聚合器（aggregator）。
+* 然后[安装扩展的 api-server](/docs/tasks/access-kubernetes-api/setup-extension-api-server/) 来开始使用聚合层。
+* 也可以学习怎样 [使用客户资源定义扩展 Kubernetes API](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/)。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/concepts/extend-kubernetes/api-extension/custom_resources.md b/content/zh/docs/concepts/extend-kubernetes/api-extension/custom_resources.md
new file mode 100644
index 0000000000000..bee484cb16cde
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/api-extension/custom_resources.md
@@ -0,0 +1,535 @@
+---
+title: 自定义资源
+reviewers:
+- enisoc
+- deads2k
+content_template: templates/concept
+weight: 20
+---
+<!--
+---
+title: Custom Resources
+reviewers:
+- enisoc
+- deads2k
+content_template: templates/concept
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+*Custom resources* are extensions of the Kubernetes API. This page discusses when to add a custom resource to your Kubernetes cluster and when to use a standalone service. It describes the two methods for adding custom resources and how to choose between them.
+-->
+*自定义资源* 是 Kubernetes API 的扩展。本页讨论何时向 Kubernetes 群集添加自定义资源以及何时使用独立服务。它描述了添加自定义资源的两种方法以及如何在它们之间进行选择。
+
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+## Custom resources
+-->
+## 自定义资源
+
+<!--
+A *resource* is an endpoint in the [Kubernetes API](/docs/reference/using-api/api-overview/) that stores a collection of
+[API objects](/docs/concepts/overview/working-with-objects/kubernetes-objects/) of a certain kind. For example, the built-in *pods* resource contains a collection of Pod objects.
+-->
+*资源* 是[Kubernetes API](/docs/reference/using-api/api-overview/)中的端点，用于存储
+某种[API 对象](/docs/concepts/overview/working-with-objects/kubernetes-objects/)的集合。例如,内置 *Pod* 资源包含 Pod 对象的集合。
+
+<!--
+A *custom resource* is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation. It represents a customization of a particular Kubernetes installation. However, many core Kubernetes functions are now built using custom resources, making Kubernetes more modular.
+-->
+*自定义资源* 是 Kubernetes API 的扩展，在 Kubernetes 的默认安装中不一定可用。它使 Kubernetes 具备可定制化安装的能力。但是，很多核心 Kubernetes 功能现在都使用自定义资源构建，使 Kubernetes 模块更加合理。
+
+<!--
+Custom resources can appear and disappear in a running cluster through dynamic registration, and cluster admins can update custom resources independently of the cluster itself. Once a custom resource is installed, users can create and access its objects using
+[kubectl](/docs/user-guide/kubectl-overview/), just as they do for built-in resources like
+*Pods*.
+-->
+自定义资源可以通过动态注册在运行的集群中显示或者消失，并且集群管理员可以独立于集群本身更新自定义资源。安装自定义资源后,用户可以使用 [kubectl](/docs/user-guide/kubectl-overview/) 创建和访问其对象，就像对 *Pod* 等内置资源一样。
+
+<!--
+## Custom controllers
+-->
+## 自定义控制器
+
+<!--
+On their own, custom resources simply let you store and retrieve structured data.
+When you combine a custom resource with a *custom controller*, custom resources
+provide a true _declarative API_.
+-->
+自定义资源可以存储和检索结构化数据。将自定义资源和自定义控制器结合时，自定义资源提供一个真正 _声明式 API_ 。
+
+<!--
+A [declarative API](/docs/concepts/overview/working-with-objects/kubernetes-objects/#understanding-kubernetes-objects)
+allows you to _declare_ or specify the desired state of your resource and tries to
+keep the current state of Kubernetes objects in sync with the desired state.
+The controller interprets the structured data as a record of the user's
+desired state, and continually maintains this state.
+-->
+[声明式 API](/docs/concepts/overview/working-with-objects/kubernetes-objects/#understanding-kubernetes-objects) 允许使用者_声明_或者指定所需的资源状态，并使当前状态与预期状态保持一致。控制器将结构化数据解释为用户所需状态的记录,并持续维护此状态。
+
+<!--
+You can deploy and update a custom controller on a running cluster, independently
+of the cluster's own lifecycle. Custom controllers can work with any kind of resource,
+but they are especially effective when combined with custom resources. The
+[Operator pattern](https://coreos.com/blog/introducing-operators.html) combines custom
+resources and custom controllers. You can use custom controllers to encode domain knowledge
+for specific applications into an extension of the Kubernetes API.
+-->
+你可以在运行中的集群上部署或更新自定义控制器，而这一操作是与集群自身的生命期无关的。自定义控制器可以与任何资源一起工作，但是与自定义资源相结合时他们特别有效。[ Operator 模式](https://coreos.com/blog/introducing-operators.html) 结合了自定义资源和自定义控制器。您可以使用自定义控制器将特定应用程序的领域知识编码到 Kubernetes API 的扩展中。
+
+<!--
+## Should I add a custom resource to my Kubernetes Cluster?
+-->
+## 是否需要向 Kubernetes 集群添加自定义资源？
+
+<!--
+When creating a new API, consider whether to [aggregate your API with the Kubernetes cluster APIs](/docs/concepts/api-extension/apiserver-aggregation/) or let your API stand alone.
+-->
+创建新 API 的时候，请考虑是[将 API 与 Kubernetes 集群 API 聚合](/docs/concepts/api-extension/apiserver-aggregation/) 还是将API独立。
+
+<!--
+| Consider API aggregation if: | Prefer a stand-alone API if: |
+| ---------------------------- | ---------------------------- |
+| Your API is [Declarative](#declarative-apis). | Your API does not fit the [Declarative](#declarative-apis) model. |
+| You want your new types to be readable and writable using `kubectl`.| `kubectl` support is not required |
+| You want to view your new types in a Kubernetes UI, such as dashboard, alongside built-in types. | Kubernetes UI support is not required. |
+| You are developing a new API. | You already have a program that serves your API and works well. |
+| You are willing to accept the format restriction that Kubernetes puts on REST resource paths, such as API Groups and Namespaces. (See the [API Overview](/docs/concepts/overview/kubernetes-api/).) | You need to have specific REST paths to be compatible with an already defined REST API. |
+| Your resources are naturally scoped to a cluster or to namespaces of a cluster. | Cluster or namespace scoped resources are a poor fit; you need control over the specifics of resource paths. |
+| You want to reuse [Kubernetes API support features](#common-features).  | You don't need those features. |
+-->
+| 如果属于下面情况之一，可以考虑采用 API 聚合:                                         | 如果属于下面情况之一，首选独立 API :                                           |
+| ------------------------------------------------------------ | ------------------------------------------------------------ |
+| API 具有[声明性](#declarative-apis).                        | API 不适合[声明性](#declarative-apis)模型.                 |
+| 你希望可使用 `kubectl` 来读写新类型。                 | 不需要 `kubectl` 支持                                         |
+| 你希望在 Kubernetes 用户界面（如 dashboard）中和内置类型一起看到你的新类型。 | 不需要 Kubernetes 使用界面支持。                               |
+| 你正在开发新的 API。                                         | 你已经有一个运行良好的程序为你提供 API 服务。                 |
+| 你愿意接受 Kubernetes 对 REST 资源路径的格式限制，例如 API 组和命名空间。 (参照 [API 概述](/docs/concepts/overview/kubernetes-api/).) | 你需要有一个特定的 REST 路径来兼容已经定义的 REST API 。         |
+| 你的资源可以很自然地归入集群作用域或者集群中的某个命名空间的作用域。         | 集群或者命名空间作用域均不合适；你需要控制资源路径的细节。 |
+| 你希望重用 [Kubernetes API 的支持功能](#common-features).    | 你不需要这些功能。                                           |
+
+<!--
+### Declarative APIs
+-->
+### 声明式 API {#declarative-apis}
+
+<!--
+In a Declarative API, typically:
+-->
+在声明式 API 中，通常：
+
+<!--
+ - Your API consists of a relatively small number of relatively small objects (resources).
+ - The objects define configuration of applications or infrastructure.
+ - The objects are updated relatively infrequently.
+ - Humans often need to read and write the objects.
+ - The main operations on the objects are CRUD-y (creating, reading, updating and deleting).
+ - Transactions across objects are not required: the API represents a desired state, not an exact state.
+-->
+ - API由相对较少的对象（资源）组成。
+ - 对象定义了应用或基础设施的配置项。
+ - 对象更新相对较少。
+ - 用户经常需要读取和写入对象。
+ - 对象上的主要操作是 CRUD（创建，读取，更新和删除）。
+ - 不需要跨对象的事务：API 表示一个所需的状态，而不是一个确切的状态。
+
+<!--
+Imperative APIs are not declarative.
+Signs that your API might not be declarative include:
+-->
+命令式 API 不是声明式的。API 不是声明式的特点包括：
+
+<!--
+ - The client says "do this", and then gets a synchronous response back when it is done.
+ - The client says "do this", and then gets an operation ID back, and has to check a separate Operation object to determine completion of the request.
+ - You talk about Remote Procedure Calls (RPCs).
+ - Directly storing large amounts of data (e.g. > a few kB per object, or >1000s of objects).
+ - High bandwidth access (10s of requests per second sustained) needed.
+ - Store end-user data (such as images, PII, etc) or other large-scale data processed by applications.
+ - The natural operations on the objects are not CRUD-y.
+ - The API is not easily modeled as objects.
+ - You chose to represent pending operations with an operation ID or an operation object.
+-->
+ - 客户端说“执行此操作”，然后在完成时获取同步响应。
+ - 客户端说“执行此操作”，然后获取一个操作 ID，并且为了确认请求的完成，必须检查单独的操作对象。
+ - 说的是远程过程调用（RPCs）。
+ - 直接存储大量数据（例如，每个对象几 kB，或1000个对象）。
+ - 需要高带宽访问（每秒持续的10个请求）
+ - 存储业务用户数据（如图像、PII 等）或者其他由应用程序处理的大规模数据。
+ - 对于对象的自然操作不是 CRUD。
+ - API 不容易建模成对象。
+ - 你选择使用操作 ID 或者操作对象来表示待解决的操作。
+
+<!--
+## Should I use a configMap or a custom resource?
+-->
+## 我应该使用 configMap 还是自定义资源？
+
+<!--
+Use a ConfigMap if any of the following apply:
+-->
+如果以下任何一项适用，请使用 ConfigMap ：
+
+<!--
+* There is an existing, well-documented config file format, such as a `mysql.cnf` or `pom.xml`.
+* You want to put the entire config file into one key of a configMap.
+* The main use of the config file is for a program running in a Pod on your cluster to consume the file to configure itself.
+* Consumers of the file prefer to consume via file in a Pod or environment variable in a pod, rather than the Kubernetes API.
+* You want to perform rolling updates via Deployment, etc, when the file is updated.
+-->
+* 存在一种记录良好的配置文件格式，，例如 `mysql.cnf` 或者 `pom.xml` 。
+* 你想把所有的配置文件都放进 configMap 的一个键中。
+* 配置文件的作用就是，让运行在集群中 Pod 的程序配置自身环境。
+* 文件使用者更倾向于使用通过 Pod 中的文件或 Pod 中的环境变量，而不是使用 Kubernetes API。
+* 你希望在更新文件时通过部署等执行滚动更新。
+
+<!--
+{{< note >}}
+Use a [secret](/docs/concepts/configuration/secret/) for sensitive data, which is similar to a configMap but more secure.
+{{< /note >}}
+-->
+{{< note >}}
+对敏感数据使用 [secret](/docs/concepts/configuration/secret/) , 类似于 configMap ，但更安全。
+{{</ note >}}
+
+<!--
+Use a custom resource (CRD or Aggregated API) if most of the following apply:
+-->
+如果以下大多数情况出现，请使用自定义资源（ CustomResourceDefinition 或者 API集合 ）：
+
+<!--
+* You want to use Kubernetes client libraries and CLIs to create and update the new resource.
+* You want top-level support from kubectl (for example: `kubectl get my-object object-name`).
+* You want to build new automation that watches for updates on the new object, and then CRUD other objects, or vice versa.
+* You want to write automation that handles updates to the object.
+* You want to use Kubernetes API conventions like `.spec`, `.status`, and `.metadata`.
+* You want the object to be an abstraction over a collection of controlled resources, or a summarization of other resources.
+-->
+* 您希望使用 Kubernetes 客户端库和 CLIs 来创建和更新新资源。
+* 你希望从 kubectl 得到顶级支持（比如：`kubectl get my-object object-name`）。
+* 你希望新建一个自动化以监视新对象的更新，然后监视 CRUD 其他对象，反之亦然。
+* 你希望编写处理对象更新的自动化。
+* 你想要使用 Kubernetes API约定，比如像 `.spec` ， `.status` ，和 `.metadata` 。
+* 你希望对象是受控资源集合的抽象，或者是其他资源的汇总。
+
+<!--
+## Adding custom resources
+-->
+## 添加自定义资源
+
+<!--
+Kubernetes provides two ways to add custom resources to your cluster:
+-->
+Kubernetes 提供了两种将自定义资源添加到集群的方法：
+
+<!--
+- CRDs are simple and can be created without any programming.
+- [API Aggregation](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) requires programming, but allows more control over API behaviors like how data is stored and conversion between API versions.
+-->
+- CustomResourceDefinition 非常简单，无需任何编程即可创建。
+- [API 聚集](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/)需要编程，但允许对 API 行为进行更多控制，比如数据的存储方式和 API 版本之间的转换。
+
+<!--
+Kubernetes provides these two options to meet the needs of different users, so that neither ease of use nor flexibility is compromised.
+-->
+Kubernetes 提供了两个选项来满足不同使用者的需要，因此无论是易用性还是灵活性都不受影响。
+
+<!--
+Aggregated APIs are subordinate APIServers that sit behind the primary API server, which acts as a proxy. This arrangement is called [API Aggregation](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) (AA). To users, it simply appears that the Kubernetes API is extended.
+-->
+API 聚集是位于主API服务器后面的从属 API 服务器，用来充当代理。这种安排被称作[API 聚合](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) （AA）。对于用户来说，Kubernetes API 似乎只是扩展了。
+
+<!--
+CRDs allow users to create new types of resources without adding another APIserver. You do not need to understand API Aggregation to use CRDs.
+-->
+CustomResourceDefinition 允许用户在不添加其他 API 服务器的情况下创建新类型的资源。您无需了解 API 集合就可以使用 CustomResourceDefinition 。
+
+<!--
+Regardless of how they are installed, the new resources are referred to as Custom Resources to distinguish them from built-in Kubernetes resources (like pods).
+-->
+无论如何安装，新资源都被称为自定义资源，已将其与内置的 Kubernetes（如 Pod ）资源区分开。
+
+<!--
+## CustomResourceDefinitions
+-->
+## 自定义资源定义(CustomResourceDefinition) {#CustomResourceDefinition} 
+
+<!--
+The [CustomResourceDefinition](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/) API resource allows you to define custom resources. Defining a CRD object creates a new custom resource with a name and schema that you specify. The Kubernetes API serves and handles the storage of your custom resource.
+-->
+[CustomResourceDefinition](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/) API 资源允许你去定义自定义资源。定义 CustomResourceDefinition 对象创建了一个新的自定义资源，该资源具有您指定的名称和架构。Kubernetes API 提供并处理自定义资源的存储。
+
+<!--
+This frees you from writing your own API server to handle the custom resource,
+but the generic nature of the implementation means you have less flexibility than with
+[API server aggregation](#api-server-aggregation).
+-->
+这样，你就不用为了处理自定义资源来编写你自己的API服务器了，但是实现的通用性意味着比 [API 服务器集合](#api-server-aggregation)的灵活性要低。
+
+<!--
+Refer to the [custom controller example](https://github.com/kubernetes/sample-controller)
+for an example of how to register a new custom resource, work with instances of your new resource type,
+and use a controller to handle events.
+-->
+有关如何注册新自定义资源、使用新资源类型的实例以及使用控制器处理事件的示例,请参阅[自定义控制器示例](https://github.com/kubernetes/sample-controller)。
+
+<!--
+## API server aggregation
+-->
+## API服务器聚合
+
+<!--
+Usually, each resource in the Kubernetes API requires code that handles REST requests and manages persistent storage of objects. The main Kubernetes API server handles built-in resources like *pods* and *services*, and can also handle custom resources in a generic way through [CRDs](#customresourcedefinitions).
+-->
+通常，Kubernetes API 中的每个资源都需要代码来处理 REST 请求和管理对象的持续存储。主 Kubernetes API服务器处理像 *Pod* 和 *services* 的内置资源，还可以通过 [CustomResourceDefinition](#customresourcedefinitions) 以通用的方式处理自定义资源。
+
+<!--
+The [aggregation layer](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) allows you to provide specialized
+implementations for your custom resources by writing and deploying your own standalone API server.
+-->
+[集合层](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/)允许您通过编写部署你自己独立的API服务器来为自定义资源提供专用实现。
+
+<!--
+The main API server delegates requests to you for the custom resources that you handle,
+making them available to all of its clients.
+-->
+主 API 服务器将委托您处理自定义资源，使其可供所有客户端使用。
+
+<!--
+## Choosing a method for adding custom resources
+-->
+## 选择添加自定义资源的方法
+
+<!--
+CRDs are easier to use. Aggregated APIs are more flexible. Choose the method that best meets your needs.
+-->
+CustomResourceDefinition 更易于使用。API 集合更加灵活。选择更能满足您需求的方法。
+
+<!--
+Typically, CRDs are a good fit if:
+-->
+通常，CustomResourceDefinition 更适合以下几个方面：
+
+<!--
+* You have a handful of fields
+* You are using the resource within your company, or as part of a small open-source project (as opposed to a commercial product)
+-->
+* 你有几个字段。
+* 你正在使用公司内的资源，或者一个小的开源项目的一部分（区别于商业产品）
+
+<!--
+### Comparing ease of use
+-->
+### 比较易用性
+
+<!--
+CRDs are easier to create than Aggregated APIs.
+-->
+CustomResourceDefinition 比 API 集合更容易创建。
+
+<!--
+| CRDs                        | Aggregated API |
+| --------------------------- | -------------- |
+| Do not require programming. Users can choose any language for a CRD controller. | Requires programming in Go and building binary and image. Users can choose any language for a CRD controller. |
+| No additional service to run; CRs are handled by API Server. | An additional service to create and that could fail. |
+| No ongoing support once the CRD is created. Any bug fixes are picked up as part of normal Kubernetes Master upgrades. | May need to periodically pickup bug fixes from upstream and rebuild and update the Aggregated APIserver. |
+| No need to handle multiple versions of your API. For example: when you control the client for this resource, you can upgrade it in sync with the API. | You need to handle multiple versions of your API, for example: when developing an extension to share with the world. |
+-->
+| CustomResourceDefinition（CRD）                              | API 集合                                                     |
+| ------------------------------------------------------------ | ------------------------------------------------------------ |
+| 不需要编程。用户可以为 CRD 控制器选择任何语言。                | 需要在 Go 中编程并构建二进制和镜像。用户可以为CRD控制器选择任何语言。 |
+| 无需运行其他服务; CR 由 API 服务器处理。                         | 要创建其他服务，并可以会失败。                               |
+| 一旦 CRD 创建，无需后续支持。任何错误修复都是正常 Kubernetes Master 升级的一部分。 | 可能需要定期从上游拾取错误修复，并重建和更新 API 集合服务器。  |
+| 无需处理 API 的多个版本。例如：当您控制此资源的客户端时，可以将其与 API 同步升级。 | 你需要处理 API 的多个版本，例如：当开发一个扩展，与世界分享时。 |
+
+<!--
+### Advanced features and flexibility
+-->
+### 高级功能和灵活性
+
+<!--
+Aggregated APIs offer more advanced API features and customization of other features, for example: the storage layer.
+-->
+API 集合提供更高级的 API 特性以及其他功能的自定义，例如：存储层。
+
+<!--
+| Feature | Description | CRDs | Aggregated API |
+| ------- | ----------- | ---- | -------------- |
+| Validation | Help users prevent errors and allow you to evolve your API independently of your clients. These features are most useful when there are many clients who can't all update at the same time. | Yes.  Most validation can be specified in the CRD using [OpenAPI v3.0 validation](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/#validation).  Any other validations supported by addition of a [Validating Webhook](/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook-alpha-in-1-8-beta-in-1-9). | Yes, arbitrary validation checks |
+| Defaulting | See above | Yes, via a [Mutating Webhook](/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook-beta-in-1-9); Planned, via CRD OpenAPI schema. | Yes |
+| Multi-versioning | Allows serving the same object through two API versions. Can help ease API changes like renaming fields. Less important if you control your client versions. | [Yes](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definition-versioning) | Yes |
+| Custom Storage | If you need storage with a different performance mode (for example, time-series database instead of key-value store) or isolation for security (for example, encryption secrets or different | No | Yes |
+| Custom Business Logic | Perform arbitrary checks or actions when creating, reading, updating or deleting an object | Yes, using [Webhooks](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks). | Yes |
+| Scale Subresource | Allows systems like HorizontalPodAutoscaler and PodDisruptionBudget interact with your new resource | [Yes](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/#scale-subresource)  | Yes |
+| Status Subresource | <ul><li>Finer-grained access control: user writes spec section, controller writes status section.</li><li>Allows incrementing object Generation on custom resource data mutation (requires separate spec and status sections in the resource)</li></ul> | [Yes](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/#status-subresource) | Yes |
+| Other Subresources | Add operations other than CRUD, such as "logs" or "exec". | No | Yes |
+| strategic-merge-patch | The new endpoints support PATCH with `Content-Type: application/strategic-merge-patch+json`. Useful for updating objects that may be modified both locally, and by the server. For more information, see ["Update API Objects in Place Using kubectl patch"](/docs/tasks/run-application/update-api-object-kubectl-patch/) | No | Yes |
+| Protocol Buffers | The new resource supports clients that want to use Protocol Buffers | No | Yes |
+| OpenAPI Schema | Is there an OpenAPI (swagger) schema for the types that can be dynamically fetched from the server? Is the user protected from misspelling field names by ensuring only allowed fields are set? Are types enforced (in other words, don't put an `int` in a `string` field?) | No, but planned | Yes |
+-->
+| 特性 | 描述 | CustomResourceDefinition | API集合 |
+| ------- | ----------- | ---- | -------------- |
+| 验证 |帮助用户避免错误并且允许您独立于客户端发展API。 当有许多客户端无法同时更新时，这些功能非常有用。 | 是的。大多数验证可以在CustomResourceDefinition 中使用[OpenAPI v3.0 validation](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/#validation)来验证。 其他验证可以通过添加[验证的 Webhook](/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook-alpha-in-1-8-beta-in-1-9)来支持. | 是的，任意验证检查。 |
+| 违约 | 见上文 | 是的， 通过 [突变的 Webhook](/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook-beta-in-1-9); 规划, 通过 CustomResourceDefinition OpenAPI 架构. | 是的 |
+| 多版本 | 允许通过两个 API 版本为同一对象提供服务。 可帮助简化 API 更改,如重命名字段。 如果您控制客户端版本,则不太重要。| [是的](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definition-versioning) | 是的 |
+| 自定义存储 | 如果需要不同性能模式的存储(例如，时间序列数据库而不是密钥值存储) 或为了安全进行隔离(例如，加密机密或不同的）| 不是 | 是的 |
+| 定制业务逻辑 | 在创建，读取，更新或删除对象时执行任意检查或操作 | 是的, 使用 [Webhooks](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks)。| 是的 |
+| Scale 子资源 | 允许 HorizontalPodAutoscaler 和 PodDisruptionBudget 与您的新资源进行互换 | [是的](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/#scale-subresource)  | 是的 |
+| Status 子资源 | <ul><li>细粒度访问控制：用户写入规范部分，控制器写入状态部分。</li><li>允许递增对象在自定义资源数据突变上 Generation (需要资源中的单独规范和状态部分)</li></ul> | [是的](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/#status-subresource) | 是的 |
+| 其他子资源| 添加 CRUD 以外的操作,如"日志"或"执行"。 | 不是 | 是的 |
+| 战略-合并-补丁 | 新的端点支持具有 `Content-Type: application/strategic-merge-patch+json` 的 PATCH . 可用于更新可在本地和服务器修改的对象。更多信息，请参阅["使用 kubectl 修补程序更新API对象"](/docs/tasks/run-application/update-api-object-kubectl-patch/) | 不是 | 是的 |
+| 协议缓冲区 | 新资源支持希望使用协议缓冲区的客户端 | 不是 | 是的 |
+| OpenAPI 架构 | 是否有可从服务器动态提取类型的 OpenAPI (swagger) 架构？用户通过确保只设置允许的字段来避免拼写错误的字段名称是否被设置？ 是否是强制执行类型 (换句话说，不要在 `string` 字段中放置 `int` ?) | 不，但有计划 | 是的 |
+
+<!--
+### Common Features
+-->
+### 公共特性
+
+<!--
+When you create a custom resource, either via a CRDs or an AA, you get many features for your API, compared to implementing it outside the Kubernetes platform:
+-->
+与在 Kubernetes 平台之外实现它相比，当通过 CustomResourceDefinition 或 AA 创建自定义资源时，您可以获得 API 的许多功能：
+
+<!--
+| Feature | What it does |
+| ------- | ------------ |
+| CRUD | The new endpoints support CRUD basic operations via HTTP and `kubectl` |
+| Watch | The new endpoints support Kubernetes Watch operations via HTTP |
+| Discovery | Clients like kubectl and dashboard automatically offer list, display, and field edit operations on your resources |
+| json-patch | The new endpoints support PATCH with `Content-Type: application/json-patch+json` |
+| merge-patch | The new endpoints support PATCH with `Content-Type: application/merge-patch+json` |
+| HTTPS | The new endpoints uses HTTPS |
+| Built-in Authentication | Access to the extension uses the core apiserver (aggregation layer) for authentication |
+| Built-in Authorization | Access to the extension can reuse the authorization used by the core apiserver (e.g. RBAC) |
+| Finalizers | Block deletion of extension resources until external cleanup happens. |
+| Admission Webhooks | Set default values and validate extension resources during any create/update/delete operation. |
+| UI/CLI Display | Kubectl, dashboard can display extension resources. |
+| Unset vs Empty | Clients can distinguish unset fields from zero-valued fields. |
+| Client Libraries Generation | Kubernetes provides generic client libraries, as well as tools to generate type-specific client libraries. |
+| Labels and annotations | Common metadata across objects that tools know how to edit for core and custom resources. |
+-->
+
+| 功能 | 作用 |
+| ------- | ------------ |
+| CRUD | 通过 HTTP 和 `kubectl` ，新的端点通过 HTTP 和 kubectl 支持 CRUD 基本操作|
+| Watch | 新的端点通过 HTTP 支持 Kubernetes 监视功能 |
+| 发现 | 如 Kubectl 和 dashboard 客户端会自动提供资源上的列表、显示和字段编辑操作 |
+| json-patch | 新的端点支持打上 `Content-Type: application/json-patch+json` 的 PATCH  |
+| merge-patch | 新的端点支持打上 `Content-Type: application/merge-patch+json` 的 PATCH |
+| HTTPS | 新的端点使用 HTTPS |
+| 内置身份验证 | 对扩展的访问使用核心API服务（聚合层）进行身份认证 |
+| 内置授权 | 对扩展的访问可以重用被核心API服务使用的授权（例如，基于角色的访问控制 role-based access control） |
+| 终结器 | 阻止删除扩展资源,直到进行外部清理。|
+| 准入 Webhooks | 在任何创建/更新/删除操作期间设置默认值并验证扩展资源。 |
+| UI/CLI 显示 | Kubectl ,和 dashboard 可以显示扩展资源。|
+| 未设置与空 | 客户端可以把未设置字段从零值字段中区分出来。 |
+| 客户端库生成 | Kubernetes 提供通用客户端库，以及用于生成特定客户端库的工具。|
+| 标签和注释 | 工具知道如何编辑核心和自定义资源的跨对象的通用元数据 |
+
+<!--
+## Preparing to install a custom resource
+-->
+## 准备安装自定义资源
+
+<!--
+There are several points to be aware of before adding a custom resource to your cluster.
+-->
+在将自定义资源添加到群集之前,需要注意几个要点。
+
+<!--
+### Third party code and new points of failure
+-->
+### 第三方代码和新的故障点
+
+<!--
+While creating a CRD does not automatically add any new points of failure (for example, by causing third party code to run on your API server), packages (for example, Charts) or other installation bundles often include CRDs as well as a Deployment of third-party code that implements the business logic for a new custom resource.
+-->
+虽然创建CRD不会自动添加任何新的故障点（例如，通过第三方代码在 API 服务器上运行），但包（例如，图表）或其他安装捆绑包经常包括 CustomResourceDefinition 以及 Deployment 第三方代码来实现新的自定义资源的业务逻辑。
+
+<!--
+Installing an Aggregated APIserver always involves running a new Deployment.
+-->
+安装新的聚合 API 服务器总是涉及运行新的部署。
+
+<!--
+### Storage
+-->
+### 存储
+<!--
+Custom resources consume storage space in the same way that ConfigMaps do. Creating too many custom resources may overload your API server's storage space.
+-->
+自定义资源与 ConfigMap 以相同的方式消耗存储空间。创建过多的自定义资源会过载 API 服务器的存储空间。
+
+<!--
+Aggregated API servers may use the same storage as the main API server, in which case the same warning applies.
+-->
+API 集合服务器可以使用与主 API 服务器相同的存储，在这种情况下,将应用相同的警告。
+
+<!--
+### Authentication, authorization, and auditing
+-->
+### 身份验证、授权和审核
+
+<!--
+CRDs always use the same authentication, authorization, and audit logging as the built-in resources of your API Server.
+-->
+CustomResourceDefinition 始终使用与 API 服务器内置资源相同的身份验证、授权和审核日志记录。
+
+<!--
+If you use RBAC for authorization, most RBAC roles will not grant access to the new resources (except the cluster-admin role or any role created with wildcard rules). You'll need to explicitly grant access to the new resources. CRDs and Aggregated APIs often come bundled with new role definitions for the types they add.
+-->
+如果使用 RBAC 进行授权，大多数 RBAC （基于角色的访问控制）的角色不会授予对新资源的访问权限（除了集群管理员角色或任何通配符规则创建的角色）。您需要明确授予对新资源的访问权限。CustomResourceDefinition 和 API集合 通常与他们添加类型的新角色定义捆绑。
+
+<!--
+Aggregated API servers may or may not use the same authentication, authorization, and auditing as the primary API server.
+-->
+API 集合服务器可能使用或不使用与主 API 服务器相同的身份验证，授权和审核。
+
+<!--
+## Accessing a custom resource
+-->
+## 访问自定义资源
+
+<!--
+Kubernetes [client libraries](/docs/reference/using-api/client-libraries/) can be used to access custom resources. Not all client libraries support custom resources. The go and python client libraries do.
+-->
+Kubernetes [客户端库](/docs/reference/using-api/client-libraries/)可用于访问自定义资源。并非所有客户端库都支持自定义资源。go 和 python 客户端库可以。
+
+<!--
+When you add a custom resource, you can access it using:
+-->
+当你添加了一个自定义资源，可以使用一下命令来访问它：
+
+<!--
+- kubectl
+- The kubernetes dynamic client.
+- A REST client that you write.
+- A client generated using [Kubernetes client generation tools](https://github.com/kubernetes/code-generator) (generating one is an advanced undertaking, but some projects may provide a client along with the CRD or AA).
+-->
+- kubectl
+- kubernetes 动态客户端。
+- 你编写的 REST 客户端。
+- 使用 Kubernetes [客户端生成工具](https://github.com/kubernetes/code-generator)生成的客户端（生成是一个高级的任务，但有些项目可能会提供客户端以及 CustomResourceDdfinition 或 Aggregated API ）
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn how to [Extend the Kubernetes API with the aggregation layer](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/).
+-->
+* 了解如何使用[聚合层扩展 Kubernetes API](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/)。
+
+<!--
+* Learn how to [Extend the Kubernetes API with CustomResourceDefinition](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/).
+-->
+* 了解如何使用 [CustomResourceDefinition 扩展 Kubernetes API](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/)。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/concepts/extend-kubernetes/compute-storage-net/_index.md b/content/zh/docs/concepts/extend-kubernetes/compute-storage-net/_index.md
new file mode 100644
index 0000000000000..1b46b18dd2a52
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/compute-storage-net/_index.md
@@ -0,0 +1,11 @@
+---
+title: 计算、存储和网络扩展
+weight: 30
+---
+
+<!--
+---
+title: Compute, Storage, and Networking Extensions
+weight: 30
+---
+-->
diff --git a/content/zh/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md b/content/zh/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md
new file mode 100644
index 0000000000000..506539c3bef67
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md
@@ -0,0 +1,273 @@
+---
+title: 网络插件
+content_template: templates/concept
+weight: 10
+---
+<!--
+title: Network Plugins
+content_template: templates/concept
+weight: 10
+-->
+
+
+{{% capture overview %}}
+
+{{< feature-state state="alpha" >}}
+<!--
+{{< warning >}}Alpha features change rapidly. {{< /warning >}}
+-->
+{{< warning >}}Alpha 特性迅速变化。{{< /warning >}}
+
+<!--
+Network plugins in Kubernetes come in a few flavors:
+
+* CNI plugins: adhere to the appc/CNI specification, designed for interoperability.
+* Kubenet plugin: implements basic `cbr0` using the `bridge` and `host-local` CNI plugins
+-->
+Kubernetes中的网络插件有几种类型：
+
+* CNI 插件： 遵守 appc/CNI 规约，为互操作性设计。
+* Kubenet 插件：使用 `bridge` 和 `host-local` CNI 插件实现了基本的 `cbr0`。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Installation
+
+The kubelet has a single default network plugin, and a default network common to the entire cluster. It probes for plugins when it starts up, remembers what it found, and executes the selected plugin at appropriate times in the pod lifecycle (this is only true for Docker, as rkt manages its own CNI plugins). There are two Kubelet command line parameters to keep in mind when using plugins:
+
+* `cni-bin-dir`: Kubelet probes this directory for plugins on startup
+* `network-plugin`: The network plugin to use from `cni-bin-dir`.  It must match the name reported by a plugin probed from the plugin directory.  For CNI plugins, this is simply "cni".
+-->
+## 安装
+
+kubelet 有一个单独的默认网络插件，以及一个对整个集群通用的默认网络。
+它在启动时探测插件，记住找到的内容，并在 pod 生命周期的适当时间执行所选插件（这仅适用于 Docker，因为 rkt 管理自己的 CNI 插件）。
+在使用插件时，需要记住两个 Kubelet 命令行参数：
+
+* `cni-bin-dir`： Kubelet 在启动时探测这个目录中的插件
+* `network-plugin`： 要使用的网络插件来自 `cni-bin-dir`。它必须与从插件目录探测到的插件报告的名称匹配。对于 CNI 插件，其值为 "cni"。
+
+<!--
+## Network Plugin Requirements
+
+Besides providing the [`NetworkPlugin` interface](https://github.com/kubernetes/kubernetes/tree/{{< param "fullversion" >}}/pkg/kubelet/dockershim/network/plugins.go) to configure and clean up pod networking, the plugin may also need specific support for kube-proxy.  The iptables proxy obviously depends on iptables, and the plugin may need to ensure that container traffic is made available to iptables.  For example, if the plugin connects containers to a Linux bridge, the plugin must set the `net/bridge/bridge-nf-call-iptables` sysctl to `1` to ensure that the iptables proxy functions correctly.  If the plugin does not use a Linux bridge (but instead something like Open vSwitch or some other mechanism) it should ensure container traffic is appropriately routed for the proxy.
+
+By default if no kubelet network plugin is specified, the `noop` plugin is used, which sets `net/bridge/bridge-nf-call-iptables=1` to ensure simple configurations (like Docker with a bridge) work correctly with the iptables proxy.
+-->
+## 网络插件要求
+
+除了提供[`NetworkPlugin` 接口](https://github.com/kubernetes/kubernetes/tree/{{< param "fullversion" >}}/pkg/kubelet/dockershim/network/plugins.go)来配置和清理 pod 网络之外，该插件还可能需要对 kube-proxy 的特定支持。
+iptables 代理显然依赖于 iptables，插件可能需要确保 iptables 能够监控容器的网络通信。
+例如，如果插件将容器连接到 Linux 网桥，插件必须将 `net/bridge/bridge-nf-call-iptables` 系统参数设置为`1`，以确保 iptables 代理正常工作。
+如果插件不使用 Linux 网桥（而是类似于 Open vSwitch 或者其它一些机制），它应该确保为代理对容器通信执行正确的路由。
+
+默认情况下，如果未指定 kubelet 网络插件，则使用 `noop` 插件，该插件设置 `net/bridge/bridge-nf-call-iptables=1`，以确保简单的配置（如带网桥的 Docker ）与 iptables 代理正常工作。
+
+<!--
+### CNI
+
+The CNI plugin is selected by passing Kubelet the `--network-plugin=cni` command-line option.  Kubelet reads a file from `--cni-conf-dir` (default `/etc/cni/net.d`) and uses the CNI configuration from that file to set up each pod's network.  The CNI configuration file must match the [CNI specification](https://github.com/containernetworking/cni/blob/master/SPEC.md#network-configuration), and any required CNI plugins referenced by the configuration must be present in `--cni-bin-dir` (default `/opt/cni/bin`).
+
+If there are multiple CNI configuration files in the directory, the first one in lexicographic order of file name is used.
+
+In addition to the CNI plugin specified by the configuration file, Kubernetes requires the standard CNI [`lo`](https://github.com/containernetworking/plugins/blob/master/plugins/main/loopback/loopback.go) plugin, at minimum version 0.2.0
+-->
+### CNI
+
+通过给 Kubelet 传递 `--network-plugin=cni` 命令行选项来选择 CNI 插件。
+Kubelet 从 `--cni-conf-dir` （默认是 `/etc/cni/net.d`） 读取文件并使用该文件中的 CNI 配置来设置每个 pod 的网络。
+CNI 配置文件必须与 [CNI 规约](https://github.com/containernetworking/cni/blob/master/SPEC.md#network-configuration)匹配，并且配置引用的任何所需的 CNI 插件都必须存在于 `--cni-bin-dir`（默认是 `/opt/cni/bin`）。
+
+如果这个目录中有多个 CNI 配置文件，则使用按文件名的字典顺序排列的第一个配置文件。
+
+除了配置文件指定的 CNI 插件外，Kubernetes 还需要标准的 CNI [`lo`](https://github.com/containernetworking/plugins/blob/master/plugins/main/loopback/loopback.go) 插件，最低版本是0.2.0。
+
+<!--
+#### Support hostPort
+
+The CNI networking plugin supports `hostPort`. You can use the official [portmap](https://github.com/containernetworking/plugins/tree/master/plugins/meta/portmap)
+plugin offered by the CNI plugin team or use your own plugin with portMapping functionality.
+
+If you want to enable `hostPort` support, you must specify `portMappings capability` in your `cni-conf-dir`.
+For example:
+-->
+#### 支持 hostPort
+
+CNI 网络插件支持 `hostPort`。 您可以使用官方 [portmap](https://github.com/containernetworking/plugins/tree/master/plugins/meta/portmap)
+插件，它由 CNI 插件团队提供，或者使用您自己的带有 portMapping 功能的插件。
+
+如果你想要启动 `hostPort` 支持，则必须在 `cni-conf-dir` 指定 `portMappings capability`。
+例如：
+
+```json
+{
+  "name": "k8s-pod-network",
+  "cniVersion": "0.3.0",
+  "plugins": [
+    {
+      "type": "calico",
+      "log_level": "info",
+      "datastore_type": "kubernetes",
+      "nodename": "127.0.0.1",
+      "ipam": {
+        "type": "host-local",
+        "subnet": "usePodCidr"
+      },
+      "policy": {
+        "type": "k8s"
+      },
+      "kubernetes": {
+        "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
+      }
+    },
+    {
+      "type": "portmap",
+      "capabilities": {"portMappings": true}
+    }
+  ]
+}
+```
+
+<!--
+#### Support traffic shaping
+
+The CNI networking plugin also supports pod ingress and egress traffic shaping. You can use the official [bandwidth](https://github.com/containernetworking/plugins/tree/master/plugins/meta/bandwidth)
+plugin offered by the CNI plugin team or use your own plugin with bandwidth control functionality.
+
+If you want to enable traffic shaping support, you must add a `bandwidth` plugin to your CNI configuration file
+(default `/etc/cni/net.d`).
+-->
+#### 支持流量整形
+
+CNI 网络插件还支持 pod 入口和出口流量整形。
+您可以使用 CNI 插件团队提供的 [bandwidth](https://github.com/containernetworking/plugins/tree/master/plugins/meta/bandwidth) 插件，
+也可以使用您自己的具有带宽控制功能的插件。
+
+如果您想要启用流量整形支持，你必须将 `bandwidth` 插件添加到 CNI 配置文件
+（默认是 `/etc/cni/net.d`）。
+
+```json
+{
+  "name": "k8s-pod-network",
+  "cniVersion": "0.3.0",
+  "plugins": [
+    {
+      "type": "calico",
+      "log_level": "info",
+      "datastore_type": "kubernetes",
+      "nodename": "127.0.0.1",
+      "ipam": {
+        "type": "host-local",
+        "subnet": "usePodCidr"
+      },
+      "policy": {
+        "type": "k8s"
+      },
+      "kubernetes": {
+        "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
+      }
+    },
+    {
+      "type": "bandwidth",
+      "capabilities": {"bandwidth": true}
+    }
+  ]
+}
+```
+<!--
+Now you can add the `kubernetes.io/ingress-bandwidth` and `kubernetes.io/egress-bandwidth` annotations to your pod.
+For example:
+-->
+现在，您可以将 `kubernetes.io/ingress-bandwidth` 和 `kubernetes.io/egress-bandwidth` 注解添加到 pod 中。
+例如：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    kubernetes.io/ingress-bandwidth: 1M
+    kubernetes.io/egress-bandwidth: 1M
+...
+```
+
+<!--
+### kubenet
+
+Kubenet is a very basic, simple network plugin, on Linux only.  It does not, of itself, implement more advanced features like cross-node networking or network policy.  It is typically used together with a cloud provider that sets up routing rules for communication between nodes, or in single-node environments.
+
+Kubenet creates a Linux bridge named `cbr0` and creates a veth pair for each pod with the host end of each pair connected to `cbr0`.  The pod end of the pair is assigned an IP address allocated from a range assigned to the node either through configuration or by the controller-manager.  `cbr0` is assigned an MTU matching the smallest MTU of an enabled normal interface on the host.
+
+The plugin requires a few things:
+
+* The standard CNI `bridge`, `lo` and `host-local` plugins are required, at minimum version 0.2.0. Kubenet will first search for them in `/opt/cni/bin`. Specify `cni-bin-dir` to supply additional search path. The first found match will take effect.
+* Kubelet must be run with the `--network-plugin=kubenet` argument to enable the plugin
+* Kubelet should also be run with the `--non-masquerade-cidr=<clusterCidr>` argument to ensure traffic to IPs outside this range will use IP masquerade.
+* The node must be assigned an IP subnet through either the `--pod-cidr` kubelet command-line option or the `--allocate-node-cidrs=true --cluster-cidr=<cidr>` controller-manager command-line options.
+-->
+### kubenet
+
+Kubenet 是一个非常基本的、简单的网络插件，仅适用于 Linux。
+它本身并不实现更高级的功能，如跨节点网络或网络策略。
+它通常与云驱动一起使用，云驱动为节点间或单节点环境中的通信设置路由规则。
+
+Kubenet 创建名为 `cbr0` 的网桥，并为每个 pod 创建了一个 veth 对，每个 pod 的主机端都连接到 `cbr0`。
+这个 veth 对的 pod 端会被分配一个 IP 地址，该 IP 地址隶属于节点所被分配的 IP 地址范围内。节点的 IP 地址范围则通过配置或控制器管理器来设置。
+`cbr0` 被分配一个 MTU，该 MTU 匹配主机上已启用的正常接口的最小 MTU。
+
+使用此插件还需要一些其他条件：
+
+* 需要标准的 CNI `bridge`、`lo` 以及 `host-local` 插件，最低版本是0.2.0。Kubenet 首先在 `/opt/cni/bin` 中搜索它们。 指定 `cni-bin-dir` 以提供其它的搜索路径。首次找到的匹配将生效。
+* Kubelet 必须和 `--network-plugin=kubenet` 参数一起运行，才能启用该插件。
+* Kubelet 还应该和 `--non-masquerade-cidr=<clusterCidr>` 参数一起运行，以确保超出此范围的 IP 流量将使用 IP 伪装。
+* 节点必须被分配一个 IP 子网，通过kubelet 命令行的 `--pod-cidr` 选项或控制器管理器的命令行选项 `--allocate-node-cidrs=true --cluster-cidr=<cidr>` 来设置。
+
+<!--
+### Customizing the MTU (with kubenet)
+
+The MTU should always be configured correctly to get the best networking performance.  Network plugins will usually try
+to infer a sensible MTU, but sometimes the logic will not result in an optimal MTU.  For example, if the
+Docker bridge or another interface has a small MTU, kubenet will currently select that MTU.  Or if you are
+using IPSEC encapsulation, the MTU must be reduced, and this calculation is out-of-scope for
+most network plugins.
+
+Where needed, you can specify the MTU explicitly with the `network-plugin-mtu` kubelet option.  For example,
+on AWS the `eth0` MTU is typically 9001, so you might specify `--network-plugin-mtu=9001`.  If you're using IPSEC you
+might reduce it to allow for encapsulation overhead e.g. `--network-plugin-mtu=8873`.
+
+This option is provided to the network-plugin; currently **only kubenet supports `network-plugin-mtu`**.
+-->
+### 自定义 MTU（使用 kubenet）
+
+要获得最佳的网络性能，必须确保 MTU 的取值配置正确。
+网络插件通常会尝试推断出一个合理的 MTU，但有时候这个逻辑不会产生一个最优的 MTU。
+例如，如果 Docker 网桥或其他接口有一个小的 MTU, kubenet 当前将选择该 MTU。
+或者如果您正在使用 IPSEC 封装，则必须减少 MTU，并且这种计算超出了大多数网络插件的能力范围。
+
+如果需要，您可以使用 `network-plugin-mtu` kubelet 选项显式的指定 MTU。
+例如：在 AWS 上 `eth0` MTU 通常是 9001，因此您可以指定 `--network-plugin-mtu=9001`。
+如果您正在使用 IPSEC ，您可以减少它以允许封装开销，例如 `--network-plugin-mtu=8873`。
+
+此选项会传递给网络插件； 当前 **仅 kubenet 支持 `network-plugin-mtu`**。
+
+<!--
+## Usage Summary
+
+* `--network-plugin=cni` specifies that we use the `cni` network plugin with actual CNI plugin binaries located in `--cni-bin-dir` (default `/opt/cni/bin`) and CNI plugin configuration located in `--cni-conf-dir` (default `/etc/cni/net.d`).
+* `--network-plugin=kubenet` specifies that we use the `kubenet` network plugin with CNI `bridge` and `host-local` plugins placed in `/opt/cni/bin` or `cni-bin-dir`.
+* `--network-plugin-mtu=9001` specifies the MTU to use, currently only used by the `kubenet` network plugin.
+-->
+## 使用总结
+
+* `--network-plugin=cni` 用来表明我们要使用 `cni` 网络插件，实际的 CNI 插件可执行文件位于 `--cni-bin-dir`（默认是 `/opt/cni/bin`）下， CNI 插件配置位于 `--cni-conf-dir`（默认是 `/etc/cni/net.d`）下。
+* `--network-plugin=kubenet` 用来表明我们要使用 `kubenet` 网络插件，CNI `bridge` 和 `host-local` 插件位于 `/opt/cni/bin` 或 `cni-bin-dir` 中。
+* `--network-plugin-mtu=9001` 指定了我们使用的 MTU，当前仅被 `kubenet` 网络插件使用。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/extend-kubernetes/extend-cluster.md b/content/zh/docs/concepts/extend-kubernetes/extend-cluster.md
new file mode 100644
index 0000000000000..a5af58004924d
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/extend-cluster.md
@@ -0,0 +1,371 @@
+---
+title: 扩展你的 Kubernetes 集群
+reviewers:
+- erictune
+- lavalamp
+- cheftako
+- chenopis
+content_template: templates/concept
+weight: 10
+---
+
+<!--
+---
+title: Extending your Kubernetes Cluster
+reviewers:
+- erictune
+- lavalamp
+- cheftako
+- chenopis
+content_template: templates/concept
+weight: 10
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Kubernetes is highly configurable and extensible. As a result,
+there is rarely a need to fork or submit patches to the Kubernetes
+project code.
+
+This guide describes the options for customizing a Kubernetes
+cluster. It is aimed at {{< glossary_tooltip text="Cluster Operators" term_id="cluster-operator" >}} who want to
+understand how to adapt their Kubernetes cluster to the needs of
+their work environment. Developers who are prospective {{< glossary_tooltip text="Platform Developers" term_id="platform-developer" >}} or Kubernetes Project {{< glossary_tooltip text="Contributors" term_id="contributor" >}} will also find it
+useful as an introduction to what extension points and patterns
+exist, and their trade-offs and limitations.
+-->
+Kubernetes 是高度可配置和可扩展的。因此，极少需要分发或提交补丁代码给 Kubernetes 项目。
+
+本文档介绍自定义 Kubernetes 集群的选项。本文档的目标读者是希望了解如何使 Kubernetes 集群满足其业务环境需求的集群运维人员。Kubernetes 项目的贡献者或潜在的平台开发人员也可以从本文找到有用的信息，如对已存在扩展点和模式的介绍，以及它们的权衡和限制。 
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Overview
+
+Customization approaches can be broadly divided into *configuration*, which only involves changing flags, local configuration files, or API resources; and *extensions*, which involve running additional programs or services. This document is primarily about extensions.
+-->
+## 概述
+
+定制方法可以大致分为 *配置* 和 *扩展* 。*配置* 只涉及更改标志参数，本地配置文件或 API 资源; *扩展* 涉及运行额外的程序或服务。本文档主要内容是关于扩展。
+
+<!--
+## Configuration
+
+*Configuration files* and *flags* are documented in the Reference section of the online documentation, under each binary:
+
+* [kubelet](/docs/admin/kubelet/)
+* [kube-apiserver](/docs/admin/kube-apiserver/)
+* [kube-controller-manager](/docs/admin/kube-controller-manager/)
+* [kube-scheduler](/docs/admin/kube-scheduler/).
+
+Flags and configuration files may not always be changeable in a hosted Kubernetes service or a distribution with managed installation. When they are changeable, they are usually only changeable by the cluster administrator. Also, they are subject to change in future Kubernetes versions, and setting them may require restarting processes. For those reasons, they should be used only when there are no other options.
+
+*Built-in Policy APIs*, such as [ResourceQuota](/docs/concepts/policy/resource-quotas/), [PodSecurityPolicies](/docs/concepts/policy/pod-security-policy/), [NetworkPolicy](/docs/concepts/services-networking/network-policies/) and Role-based Access Control ([RBAC](/docs/reference/access-authn-authz/rbac/)), are built-in Kubernetes APIs. APIs are typically used with hosted Kubernetes services and with managed Kubernetes installations. They are declarative and use the same conventions as other Kubernetes resources like pods, so new cluster configuration can be repeatable and be managed the same way as applications. And, where they are stable, they enjoy a [defined support policy](/docs/reference/deprecation-policy/) like other Kubernetes APIs. For these reasons, they are preferred over *configuration files* and *flags* where suitable.
+-->
+## 配置
+
+关于 *配置文件* 和 *标志* 的说明文档位于在线文档的参考部分，按照二进制组件各自描述：
+
+* [kubelet](/docs/admin/kubelet/)
+* [kube-apiserver](/docs/admin/kube-apiserver/)
+* [kube-controller-manager](/docs/admin/kube-controller-manager/)
+* [kube-scheduler](/docs/admin/kube-scheduler/).
+
+在托管的 Kubernetes 服务或受控安装的 Kubernetes 版本中，标志和配置文件可能并不总是可以更改的。而且当它们可以进行更改时，它们通常只能由集群管理员进行更改。此外，标志和配置文件在未来的 Kubernetes 版本中可能会发生变化，并且更改设置后它们可能需要重新启动进程。出于这些原因，只有在没有其他选择的情况下才使用它们。
+
+ *内置策略 API* ，例如 [ResourceQuota](/docs/concepts/policy/resource-quotas/)、[PodSecurityPolicy](/docs/concepts/policy/pod-security-policy/)、[NetworkPolicy](/docs/concepts/services-networking/network-policies/) 和基于角色的权限控制 ([RBAC](/docs/reference/access-authn-authz/rbac/))，是内置的 Kubernetes API。API 通常与托管的 Kubernetes 服务和受控的 Kubernetes 安装一起使用。
+它们是声明性的，并使用与其他 Kubernetes 资源（如 Pod ）相同的约定，所以新的集群配置可以重复使用，并以与应用程序相同的方式进行管理。而且，当他们变稳定后，他们和其他 Kubernetes API 一样享受[定义支持政策](/docs/reference/deprecation-policy/)。出于这些原因，在合适的情况下它们优先于 *配置文件* 和 *标志* 被使用。
+
+<!--
+## Extensions
+
+Extensions are software components that extend and deeply integrate with Kubernetes.
+They adapt it to support new types and new kinds of hardware.
+
+Most cluster administrators will use a hosted or distribution
+instance of Kubernetes. As a result, most Kubernetes users will need to
+install extensions and fewer will need to author new ones.
+-->
+## 扩展程序
+
+扩展程序是指对 Kubernetes 进行扩展和深度集成的软件组件。它们适合用于支持新的类型和新型硬件。
+
+大多数集群管理员会使用托管的或统一分发的 Kubernetes 实例。因此，大多数 Kubernetes 用户需要安装扩展程序，而且还有少部分用户甚至需要编写新的扩展程序。
+
+<!--
+## Extension Patterns
+
+Kubernetes is designed to be automated by writing client programs. Any
+program that reads and/or writes to the Kubernetes API can provide useful
+automation. *Automation* can run on the cluster or off it. By following
+the guidance in this doc you can write highly available and robust automation.
+Automation generally works with any Kubernetes cluster, including hosted
+clusters and managed installations.
+
+There is a specific pattern for writing client programs that work well with
+Kubernetes called the *Controller* pattern. Controllers typically read an
+object's `.spec`, possibly do things, and then update the object's `.status`.
+
+A controller is a client of Kubernetes. When Kubernetes is the client and
+calls out to a remote service, it is called a *Webhook*. The remote service
+is called a *Webhook Backend*. Like Controllers, Webhooks do add a point of
+failure.
+
+In the webhook model, Kubernetes makes a network request to a remote service.
+In the *Binary Plugin* model, Kubernetes executes a binary (program).
+Binary plugins are used by the kubelet (e.g. [Flex Volume
+Plugins](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md)
+and [Network
+Plugins](/docs/concepts/cluster-administration/network-plugins/))
+and by kubectl.
+
+Below is a diagram showing how the extensions points interact with the
+Kubernetes control plane.
+
+<img src="https://docs.google.com/drawings/d/e/2PACX-1vQBRWyXLVUlQPlp7BvxvV9S1mxyXSM6rAc_cbLANvKlu6kCCf-kGTporTMIeG5GZtUdxXz1xowN7RmL/pub?w=960&h=720">
+-->
+## 扩展模式
+
+Kubernetes 的设计是通过编写客户端程序来实现自动化的。任何读和（或）写 Kubernetes API 的程序都可以提供有用的自动化工作。 *自动化* 程序可以运行在集群之中或之外。按照本文档的指导，您可以编写出高可用的和健壮的自动化程序。自动化程序通常适用于任何 Kubernetes 集群，包括托管集群和受管理安装的集群。
+
+*控制器* 模式是编写适合 Kubernetes 的客户端程序的一种特定模式。控制器通常读取一个对象的 `.spec` 字段，可能做出一些处理，然后更新对象的 `.status` 字段。
+
+一个控制器是 Kubernetes 的一个客户端。而当 Kubernetes 作为客户端调用远程服务时，它被称为 *Webhook* ，远程服务称为 *Webhook* 后端。 和控制器类似，Webhooks 增加了一个失败点。
+
+在 webhook 模型里，Kubernetes 向远程服务发送一个网络请求。在 *二进制插件* 模型里，Kubernetes 执行一个二进制（程序）。二进制插件被 kubelet（如 [Flex 卷插件](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md)和[网络插件](/docs/concepts/cluster-administration/network-plugins/))和 kubectl 所使用。
+
+下图显示了扩展点如何与 Kubernetes 控制平面进行交互。
+
+<img src="https://docs.google.com/drawings/d/e/2PACX-1vQBRWyXLVUlQPlp7BvxvV9S1mxyXSM6rAc_cbLANvKlu6kCCf-kGTporTMIeG5GZtUdxXz1xowN7RmL/pub?w=960&h=720">
+
+<!-- image source drawing https://docs.google.com/drawings/d/1muJ7Oxuj_7Gtv7HV9-2zJbOnkQJnjxq-v1ym_kZfB-4/edit?ts=5a01e054 -->
+
+<!--
+## Extension Points
+
+This diagram shows the extension points in a Kubernetes system.
+
+<img src="https://docs.google.com/drawings/d/e/2PACX-1vSH5ZWUO2jH9f34YHenhnCd14baEb4vT-pzfxeFC7NzdNqRDgdz4DDAVqArtH4onOGqh0bhwMX0zGBb/pub?w=425&h=809">
+-->
+## 扩展点
+
+下图显示了 Kubernetes 系统的扩展点。
+
+<img src="https://docs.google.com/drawings/d/e/2PACX-1vSH5ZWUO2jH9f34YHenhnCd14baEb4vT-pzfxeFC7NzdNqRDgdz4DDAVqArtH4onOGqh0bhwMX0zGBb/pub?w=425&h=809">
+
+<!-- image source diagrams: https://docs.google.com/drawings/d/1k2YdJgNTtNfW7_A8moIIkij-DmVgEhNrn3y2OODwqQQ/view -->
+
+<!--
+1.   Users often interact with the Kubernetes API using `kubectl`. [Kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/) extend the kubectl binary. They only affect the individual user's local environment, and so cannot enforce site-wide policies.
+2.   The apiserver handles all requests. Several types of extension points in the apiserver allow authenticating requests, or blocking them based on their content, editing content, and handling deletion. These are described in the [API Access Extensions](/docs/concepts/overview/extending#api-access-extensions) section.
+3.   The apiserver serves various kinds of *resources*. *Built-in resource kinds*, like `pods`, are defined by the Kubernetes project and can't be changed. You can also add resources that you define, or that other projects have defined, called *Custom Resources*, as explained in the [Custom Resources](/docs/concepts/overview/extending#user-defined-types) section. Custom Resources are often used with API Access Extensions.
+4.   The Kubernetes scheduler decides which nodes to place pods on. There are several ways to extend scheduling. These are described in the [Scheduler Extensions](/docs/concepts/overview/extending#scheduler-extensions) section.
+5.   Much of the behavior of Kubernetes is implemented by programs called Controllers which are clients of the API-Server. Controllers are often used in conjunction with Custom Resources.
+6.   The kubelet runs on servers, and helps pods appear like virtual servers with their own IPs on the cluster network. [Network Plugins](/docs/concepts/overview/extending#network-plugins) allow for different implementations of pod networking.
+7.  The kubelet also mounts and unmounts volumes for containers. New types of storage can be supported via [Storage Plugins](/docs/concepts/overview/extending#storage-plugins).
+
+If you are unsure where to start, this flowchart can help. Note that some solutions may involve several types of extensions.
+
+
+<img src="https://docs.google.com/drawings/d/e/2PACX-1vRWXNNIVWFDqzDY0CsKZJY3AR8sDeFDXItdc5awYxVH8s0OLherMlEPVUpxPIB1CSUu7GPk7B2fEnzM/pub?w=1440&h=1080">
+-->
+1. 用户通常使用 `kubectl` 与 Kubernetes API 进行交互。[kubectl 插件](/docs/tasks/extend-kubectl/kubectl-plugins/)扩展了 kubectl 二进制程序。它们只影响个人用户的本地环境，因此不能执行站点范围的策略。
+2. apiserver 处理所有请求。apiserver 中的几种类型的扩展点允许对请求进行身份认证或根据其内容对其进行阻止、编辑内容以及处理删除操作。这些内容在[API 访问扩展](/docs/concepts/overview/extending#api-access-extensions)小节中描述。
+3. apiserver 提供各种 *资源* 。 *内置的资源种类* ，如 `pods`，由 Kubernetes 项目定义，不能更改。您还可以添加您自己定义的资源或其他项目已定义的资源，称为 自定义资源，如[自定义资源](/docs/concepts/overview/extending#user-defined-types)部分所述。自定义资源通常与 API 访问扩展一起使用。
+4. Kubernetes 调度器决定将 Pod 放置到哪个节点。有几种方法可以扩展调度器。这些内容在 [Scheduler Extensions](/docs/concepts/overview/extending#scheduler-extensions) 小节中描述。
+5. Kubernetes 的大部分行为都是由称为控制器的程序实现的，这些程序是 API-Server 的客户端。控制器通常与自定义资源一起使用。
+6. kubelet 在主机上运行，并帮助 pod 看起来就像在集群网络上拥有自己的 IP 的虚拟服务器。[网络插件](/docs/concepts/overview/extending#network-plugins)让您可以实现不同的 pod 网络。
+7. kubelet 也挂载和卸载容器的卷。新的存储类型可以通过[存储插件](/docs/concepts/overview/extending#storage-plugins)支持。
+
+如果您不确定从哪里开始扩展，此流程图可以提供帮助。请注意，某些解决方案可能涉及多种类型的扩展。
+
+<img src="https://docs.google.com/drawings/d/e/2PACX-1vRWXNNIVWFDqzDY0CsKZJY3AR8sDeFDXItdc5awYxVH8s0OLherMlEPVUpxPIB1CSUu7GPk7B2fEnzM/pub?w=1440&h=1080">
+
+<!-- image source drawing: https://docs.google.com/drawings/d/1sdviU6lDz4BpnzJNHfNpQrqI9F19QZ07KnhnxVrp2yg/edit -->
+
+<!--
+## API Extensions
+### User-Defined Types
+
+Consider adding a Custom Resource to Kubernetes if you want to define new controllers, application configuration objects or other declarative APIs, and to manage them using Kubernetes tools, such as `kubectl`.
+
+Do not use a Custom Resource as data storage for application, user, or monitoring data.
+
+For more about Custom Resources, see the [Custom Resources concept guide](/docs/concepts/api-extension/custom-resources/).
+-->
+## API 扩展
+### 用户自定义类型
+
+如果您想定义新的控制器、应用程序配置对象或其他声明式 API，并使用 Kubernetes 工具（如 `kubectl`）管理它们，请考虑为 Kubernetes 添加一个自定义资源。
+
+不要使用自定义资源作为应用、用户或者监控数据的数据存储。
+
+有关自定义资源的更多信息，请查看[自定义资源概念指南](/docs/concepts/api-extension/custom-resources/)。
+
+<!--
+### Combining New APIs with Automation
+
+Often, when you add a new API, you also add a control loop that reads and/or writes the new APIs. When the combination of a Custom API and a control loop is used to manage a specific, usually stateful, application, this is called the *Operator* pattern. Custom APIs and control loops can also be used to control other resources, such as storage, policies, and so on.
+-->
+### 将新的 API 与自动化相结合
+
+通常，在您添加新的 API 时，还需要添加一个读取和（或）写入新 API 的循环控制线程。当使用自定义 API 和循环控制线程的组合来管理特定的（通常是有状态的）应用程序时，这称为 *Operator* 模式。自定义 API 和循环控制线程也可以用来控制其他资源，例如存储、策略等等。
+
+<!--
+### Changing Built-in Resources
+
+When you extend the Kubernetes API by adding custom resources, the added resources always fall into a new API Groups. You cannot replace or change existing API groups.
+Adding an API does not directly let you affect the behavior of existing APIs (e.g. Pods), but API Access Extensions do.
+-->
+### 改变内置资源
+
+当您通过添加自定义资源来扩展 Kubernetes API 时，添加的资源始终属于新的 API 组。您不能替换或更改已有的 API 组。添加 API 不会直接影响现有 API（例如 Pod ）的行为，但是 API 访问扩展可以。
+
+<!--
+### API Access Extensions
+
+When a request reaches the Kubernetes API Server, it is first Authenticated, then Authorized, then subject to various types of Admission Control. See [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/) for more on this flow.
+
+Each of these steps offers extension points.
+
+Kubernetes has several built-in authentication methods that it supports. It can also sit behind an authenticating proxy, and it can send a token from an Authorization header to a remote service for verification (a webhook). All of these methods are covered in the [Authentication documentation](/docs/reference/access-authn-authz/authentication/).
+-->
+### API 访问扩展
+
+当请求到达 Kubernetes API Server 时，它首先被要求进行用户认证，然后要进行授权检查，接着受到各种类型的准入控制的检查。有关此流程的更多信息，请参阅 [Kubernetes API访问控制](/docs/reference/access-authn-authz/controlling-access/)。
+
+上述每个步骤都提供了扩展点。
+
+Kubernetes 有几个它支持的内置认证方法。它还可以位于身份验证代理之后，并将授权 header 中的令牌发送给远程服务进行验证（webhook）。所有这些方法都在[身份验证文档](/docs/reference/access-authn-authz/authentication/)中介绍。
+
+<!--
+### Authentication
+
+[Authentication](/docs/reference/access-authn-authz/authentication/) maps headers or certificates in all requests to a username for the client making the request.
+
+Kubernetes provides several built-in authentication methods, and an [Authentication webhook](/docs/reference/access-authn-authz/authentication/#webhook-token-authentication) method if those don't meet your needs.
+-->
+### 身份认证
+
+[身份认证](/docs/reference/access-authn-authz/authentication/)将所有请求中的 header 或证书映射为发出请求的客户端的用户名。
+
+Kubernetes 提供了几种内置的身份认证方法，如果这些方法不符合您的需求，可以使用[身份认证 webhook](/docs/reference/access-authn-authz/authentication/#webhook-token-authentication) 方法。
+
+<!--
+### Authorization
+
+ [Authorization](/docs/reference/access-authn-authz/webhook/) determines whether specific users can read, write, and do other operations on API resources. It just works at the level of whole resources -- it doesn't discriminate based on arbitrary object fields. If the built-in authorization options don't meet your needs, and [Authorization webhook](/docs/reference/access-authn-authz/webhook/) allows calling out to user-provided code to make an authorization decision.
+-->
+### 授权
+
+[授权](/docs/reference/access-authn-authz/webhook/)决定特定用户是否可以对 API 资源执行读取、写入以及其他操作。它只是在整个资源的层面上工作 -- 它不基于任意的对象字段进行区分。如果内置授权选项不能满足您的需求，[授权 webhook](/docs/reference/access-authn-authz/webhook/) 允许调用用户提供的代码来作出授权决定。
+
+<!--
+### Dynamic Admission Control
+
+After a request is authorized, if it is a write operation, it also goes through [Admission Control](/docs/reference/access-authn-authz/admission-controllers/) steps. In addition to the built-in steps, there are several extensions:
+
+*   The [Image Policy webhook](/docs/reference/access-authn-authz/admission-controllers/#imagepolicywebhook) restricts what images can be run in containers.
+*   To make arbitrary admission control decisions, a general [Admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks) can be used. Admission Webhooks can reject creations or updates.
+-->
+### 动态准入控制
+
+在请求被授权之后，如果是写入操作，它还将进入[准入控制](/docs/reference/access-authn-authz/admission-controllers/)步骤。除了内置的步骤之外，还有几个扩展：
+
+* [镜像策略 webhook](/docs/reference/access-authn-authz/admission-controllers/#imagepolicywebhook) 限制了哪些镜像可以在容器中运行。
+* 为了进行灵活的准入控制决策，可以使用通用的 [Admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks)。Admission Webhooks 可以拒绝创建或更新操作。
+
+<!--
+## Infrastructure Extensions
+
+
+### Storage Plugins
+
+[Flex Volumes](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/flexvolume-deployment.md
+) allow users to mount volume types without built-in support by having the
+Kubelet call a Binary Plugin to mount the volume.
+-->
+## 基础设施扩展
+
+
+### 存储插件
+
+[Flex Volumes](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/flexvolume-deployment.md
+) 允许用户挂载无内置插件支持的卷类型，它通过 Kubelet 调用一个二进制插件来挂载卷。
+
+<!--
+### Device Plugins
+
+Device plugins allow a node to discover new Node resources (in addition to the
+builtin ones like cpu and memory) via a [Device
+Plugin](/docs/concepts/cluster-administration/device-plugins/).
+-->
+### 设备插件
+
+设备插件允许节点通过[设备插件](/docs/concepts/cluster-administration/device-plugins/)发现新的节点资源（除了内置的 CPU 和内存之外）。
+
+<!--
+### Network Plugins
+
+Different networking fabrics can be supported via node-level [Network Plugins](/docs/admin/network-plugins/).
+-->
+### 网络插件
+
+不同的网络结构可以通过节点级的[网络插件](/docs/admin/network-plugins/)支持。
+
+<!--
+### Scheduler Extensions
+
+The scheduler is a special type of controller that watches pods, and assigns
+pods to nodes. The default scheduler can be replaced entirely, while
+continuing to use other Kubernetes components, or [multiple
+schedulers](/docs/tasks/administer-cluster/configure-multiple-schedulers/)
+can run at the same time.
+
+This is a significant undertaking, and almost all Kubernetes users find they
+do not need to modify the scheduler.
+
+The scheduler also supports a
+[webhook](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/scheduling/scheduler_extender.md)
+that permits a webhook backend (scheduler extension) to filter and prioritize
+the nodes chosen for a pod.
+-->
+### 调度器扩展
+
+调度器是一种特殊类型的控制器，用于监视 pod 并将其分配到节点。默认的调度器可以完全被替换，而继续使用其他 Kubernetes 组件，或者可以同时运行[多个调度器](/docs/tasks/administer-cluster/configure-multiple-schedulers/)。
+
+这是一个重要的任务，几乎所有的 Kubernetes 用户都发现他们不需要修改调度器。
+
+调度器也支持 [webhook](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/scheduling/scheduler_extender.md)，它允许一个 webhook 后端（调度器扩展程序）为 pod 筛选节点和确定节点的优先级。
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about [Custom Resources](/docs/concepts/api-extension/custom-resources/)
+* Learn about [Dynamic admission control](/docs/reference/access-authn-authz/extensible-admission-controllers/)
+* Learn more about Infrastructure extensions
+  * [Network Plugins](/docs/concepts/cluster-administration/network-plugins/)
+  * [Device Plugins](/docs/concepts/cluster-administration/device-plugins/)
+* Learn about [kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/)
+* See examples of Automation
+  * [List of Operators](https://github.com/operator-framework/awesome-operators)
+-->
+* 详细了解[自定义资源](/docs/concepts/api-extension/custom-resources/)
+* 了解[动态准入控制](/docs/reference/access-authn-authz/extensible-admission-controllers/)
+* 详细了解基础设施扩展
+  * [网络插件](/docs/concepts/cluster-administration/network-plugins/)
+  * [设备插件](/docs/concepts/cluster-administration/device-plugins/)
+* 了解 [kubectl 插件](/docs/tasks/extend-kubectl/kubectl-plugins/)
+* 查看自动化的例子
+  * [Operator 列表](https://github.com/operator-framework/awesome-operators)
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/extend-kubernetes/service-catalog.md b/content/zh/docs/concepts/extend-kubernetes/service-catalog.md
new file mode 100644
index 0000000000000..ab8494e637854
--- /dev/null
+++ b/content/zh/docs/concepts/extend-kubernetes/service-catalog.md
@@ -0,0 +1,457 @@
+---
+title: 服务目录
+reviewers:
+- chenopis
+content_template: templates/concept
+weight: 40
+---
+<!--
+---
+title: Service Catalog
+reviewers:
+- chenopis
+content_template: templates/concept
+weight: 40
+---
+-->
+
+{{% capture overview %}}
+{{< glossary_definition term_id="service-catalog" length="all" prepend="" >}}  
+
+<!--
+A service broker, as defined by the [Open service broker API spec](https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md), is an endpoint for a set of managed services offered and maintained by a third-party, which could be a cloud provider such as AWS, GCP, or Azure.
+Some examples of managed services are Microsoft Azure Cloud Queue, Amazon Simple Queue Service, and Google Cloud Pub/Sub, but they can be any software offering that can be used by an application.
+
+Using Service Catalog, a {{< glossary_tooltip text="cluster operator" term_id="cluster-operator" >}} can browse the list of managed services offered by a service broker, provision an instance of a managed service, and bind with it to make it available to an application in the Kubernetes cluster.
+-->
+服务代理是由[开放服务代理 API 规范](https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md)定义的一组托管服务的终结点，由第三方提供并维护，其中的第三方可以是 AWS，GCP 或 Azure 等云服务提供商。
+托管服务的一些示例是 Microsoft Azure Cloud Queue，Amazon Simple Queue Service 和 Google Cloud Pub/Sub，但它们是可以使用应用程序的任何软件产品。
+
+使用服务目录，集群操作者可以浏览其提供的托管服务列表，提供托管服务实例并与之绑定，以使其可以被 Kubernetes 集群中的应用程序使用。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+<!--
+## Example use case
+
+An {{< glossary_tooltip text="application developer" term_id="application-developer" >}} wants to use message queuing as part of their application running in a Kubernetes cluster.
+However, they do not want to deal with the overhead of setting such a service up and administering it themselves.
+Fortunately, there is a cloud provider that offers message queuing as a managed service through its service broker.
+
+A cluster operator can setup Service Catalog and use it to communicate with the cloud provider's service broker to provision an instance of the message queuing service and make it available to the application within the Kubernetes cluster.
+The application developer therefore does not need to be concerned with the implementation details or management of the message queue.
+The application can simply use it as a service.
+-->
+## 示例用例
+
+应用开发者希望使用消息队列作为其在 Kubernetes 集群中运行的应用程序的一部分。
+但是，它们不想承受建立这种服务的开销，也不想自行管理。幸运的是，有一家云服务提供商通过它们的服务代理将消息队列作为托管服务提供。
+
+集群运维人员可以设置服务目录并使用它与云服务提供商的服务代理 通信，以此提供消息队列服务的实例并使其对 Kubernetes 中的应用程序可用。
+因此，应用开发者可以不用关心消息队列的实现细节，也不用对其进行管理。它们的应用程序可以简单的将其作为服务使用。
+
+<!--
+## Architecture
+
+Service Catalog uses the [Open service broker API](https://github.com/openservicebrokerapi/servicebroker) to communicate with service brokers, acting as an intermediary for the Kubernetes API Server to negotiate the initial provisioning and retrieve the credentials necessary for the application to use a managed service.
+
+It is implemented as an extension API server and a controller, using etcd for storage. It also uses the [aggregation layer](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) available in Kubernetes 1.7+ to present its API.
+
+<br>
+
+![Service Catalog Architecture](/images/docs/service-catalog-architecture.svg)
+-->
+## 架构
+服务目录使用[开放服务代理 API](https://github.com/openservicebrokerapi/servicebroker) 与服务代理进行通信，并作为 Kubernetes API Server 的中介，以便协商首要规定并获取应用程序使用托管服务的必要凭据。
+
+它被实现为一个扩展 API 服务和一个控制器管理器，使用 Etcd 作为存储。它还使用了 Kubernetes 1.7+ 版本中提供的 [aggregation layer](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) 来呈现其 API。
+
+<br>
+
+![Service Catalog Architecture](/images/docs/service-catalog-architecture.svg)
+
+<!--
+### API Resources
+
+Service Catalog installs the `servicecatalog.k8s.io` API and provides the following Kubernetes resources:
+
+* `ClusterServiceBroker`: An in-cluster representation of a service broker, encapsulating its server connection details.
+These are created and managed by cluster operators who wish to use that broker server to make new types of managed services available within their cluster.
+* `ClusterServiceClass`: A managed service offered by a particular service broker.
+When a new `ClusterServiceBroker` resource is added to the cluster, the Service Catalog controller connects to the service broker to obtain a list of available managed services. It then creates a new `ClusterServiceClass` resource corresponding to each managed service.
+* `ClusterServicePlan`: A specific offering of a managed service. For example, a managed service may have different plans available, such as a free tier or paid tier, or it may have different configuration options, such as using SSD storage or having more resources. Similar to `ClusterServiceClass`, when a new `ClusterServiceBroker` is added to the cluster, Service Catalog creates a new `ClusterServicePlan` resource corresponding to each Service Plan available for each managed service.
+* `ServiceInstance`: A provisioned instance of a `ClusterServiceClass`.
+These are created by cluster operators to make a specific instance of a managed service available for use by one or more in-cluster applications.
+When a new `ServiceInstance` resource is created, the Service Catalog controller connects to the appropriate service broker and instruct it to provision the service instance.
+* `ServiceBinding`: Access credentials to a `ServiceInstance`.
+These are created by cluster operators who want their applications to make use of a `ServiceInstance`.
+Upon creation, the Service Catalog controller creates a Kubernetes `Secret` containing connection details and credentials for the Service Instance, which can be mounted into Pods.
+-->
+## API 资源
+
+服务目录安装 `servicecatalog.k8s.io` API 并提供以下 Kubernetes 资源：
+
+* `ClusterServiceBroker`：服务目录的集群内代表，封装了它的服务连接细节。集群运维人员创建和管理这些资源，并希望使用该代理服务在集群中提供新类型的托管服务。
+* `ClusterServiceClass`：由特定服务代理提供的托管服务。当新的 `ClusterServiceBroker` 资源被添加到集群时，服务目录控制器将连接到服务代理以获取可用的托管服务列表。然后为每个托管服务创建对应的新 `ClusterServiceClass` 资源。
+* `ClusterServicePlan`：托管服务的特定产品。例如托管服务可能有不同的计划可用，如免费版本和付费版本，或者可能有不同的配置选项，例如使用 SSD 存储或拥有更多资源。与 `ClusterServiceClass` 类似，当一个新的 `ClusterServiceBroker` 被添加到集群时，服务目录会为每个托管服务的每个可用服务计划创建对应的新 `ClusterServicePlan` 资源。
+* `ServiceInstance`：`ClusterServiceClass` 提供的示例。由集群运维人员创建，以使托管服务的特定实例可供一个或多个集群内应用程序使用。当创建一个新的 `ServiceInstance` 资源时，服务目录控制器将连接到相应的服务代理并指示它调配服务实例。
+* `ServiceBinding`：`ServiceInstance` 的访问凭据。由希望其应用程序使用服务 `ServiceInstance` 的集群运维人员创建。创建之后，服务目录控制器将创建一个 Kubernetes `Secret`，其中包含服务实例的连接细节和凭据，可以挂载到 Pod 中。
+
+<!--
+### Authentication
+
+Service Catalog supports these methods of authentication:
+
+* Basic (username/password)
+* [OAuth 2.0 Bearer Token](https://tools.ietf.org/html/rfc6750)
+-->
+### 认证
+
+服务目录支持这些认证方法：
+
+* 基础认证（用户名/密码）
+* [OAuth 2.0 不记名令牌](https://tools.ietf.org/html/rfc6750)
+
+<!--
+## Usage
+
+A cluster operator can use Service Catalog API Resources to provision managed services and make them available within a Kubernetes cluster. The steps involved are:
+
+1. Listing the managed services and Service Plans available from a service broker.
+2. Provisioning a new instance of the managed service.
+3. Binding to the managed service, which returns the connection credentials.
+4. Mapping the connection credentials into the application.
+-->
+## 使用方式
+
+集群运维人员可以使用服务目录 API 资源来提供托管服务并使其在 Kubernetes 集群内可用。涉及的步骤有：
+
+1. 列出服务代理提供的托管服务和服务计划。
+2. 配置托管服务的新实例。
+3. 绑定到托管服务，它将返回连接凭证。
+4. 将连接凭证映射到应用程序中。
+
+<!--
+### Listing managed services and Service Plans
+
+First, a cluster operator must create a `ClusterServiceBroker` resource within the `servicecatalog.k8s.io` group. This resource contains the URL and connection details necessary to access a service broker endpoint.
+
+This is an example of a `ClusterServiceBroker` resource:
+
+```yaml
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ClusterServiceBroker
+metadata:
+  name: cloud-broker
+spec:
+  # Points to the endpoint of a service broker. (This example is not a working URL.)
+  url:  https://servicebroker.somecloudprovider.com/v1alpha1/projects/service-catalog/brokers/default
+  #####
+  # Additional values can be added here, which may be used to communicate
+  # with the service broker, such as bearer token info or a caBundle for TLS.
+  #####
+```
+
+The following is a sequence diagram illustrating the steps involved in listing managed services and Plans available from a service broker:
+
+![List Services](/images/docs/service-catalog-list.svg)
+
+1. Once the `ClusterServiceBroker` resource is added to Service Catalog, it triggers a call to the external service broker for a list of available services.
+1. The service broker returns a list of available managed services and a list of Service Plans, which are cached locally as `ClusterServiceClass` and `ClusterServicePlan` resources respectively.
+1. A cluster operator can then get the list of available managed services using the following command:
+
+        kubectl get clusterserviceclasses -o=custom-columns=SERVICE\ NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName
+
+    It should output a list of service names with a format similar to:
+
+        SERVICE NAME                           EXTERNAL NAME
+        4f6e6cf6-ffdd-425f-a2c7-3c9258ad2468   cloud-provider-service
+        ...                                    ...
+
+    They can also view the Service Plans available using the following command:
+
+        kubectl get clusterserviceplans -o=custom-columns=PLAN\ NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName
+
+    It should output a list of plan names with a format similar to:
+
+        PLAN NAME                              EXTERNAL NAME
+        86064792-7ea2-467b-af93-ac9694d96d52   service-plan-name
+        ...                                    ...
+-->
+### 列出托管服务和服务计划
+
+首先，集群运维人员在 `servicecatalog.k8s.io` 组内创建一个 `ClusterServiceBroker` 资源。此资源包含访问服务代理终结点所需的 URL 和连接详细信息。
+
+这是一个 `ClusterServiceBroker` 资源的例子：
+
+```yaml
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ClusterServiceBroker
+metadata:
+  name: cloud-broker
+spec:
+  # Points to the endpoint of a service broker. (This example is not a working URL.)
+  url:  https://servicebroker.somecloudprovider.com/v1alpha1/projects/service-catalog/brokers/default
+  #####
+  # Additional values can be added here, which may be used to communicate
+  # with the service broker, such as bearer token info or a caBundle for TLS.
+  #####
+```
+
+下面的顺序图展示了从一个服务代理列出可用托管服务和计划所有涉及的步骤：
+
+![List Services](/images/docs/service-catalog-list.svg)
+
+1. 一旦 `ClusterServiceBroker` 资源被添加到了服务目录之后，将会触发一个到外部服务代理的 List Services 调用。
+1. 服务代理返回可用的托管服务和服务计划列表，这些列表将本地缓存在 `ClusterServiceClass` 和 `ClusterServicePlan` 资源中。
+1. 然后集群运维人员可以使用以下命令获取可用托管服务的列表：
+
+        kubectl get clusterserviceclasses -o=custom-columns=SERVICE\ NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName
+
+    它应该输出一个和以下格式类似的服务名称列表：
+
+        SERVICE NAME                           EXTERNAL NAME
+        4f6e6cf6-ffdd-425f-a2c7-3c9258ad2468   cloud-provider-service
+        ...                                    ...
+
+    他们还可以使用以下命令查看可用的服务计划：
+
+        kubectl get clusterserviceplans -o=custom-columns=PLAN\ NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName
+
+    它应该输出一个和以下格式类似的服务计划列表：
+
+        PLAN NAME                              EXTERNAL NAME
+        86064792-7ea2-467b-af93-ac9694d96d52   service-plan-name
+        ...                                    ...
+
+<!--
+### Provisioning a new instance
+
+A cluster operator can initiate the provisioning of a new instance by creating a `ServiceInstance` resource.
+
+This is an example of a `ServiceInstance` resource:
+
+```yaml
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceInstance
+metadata:
+  name: cloud-queue-instance
+  namespace: cloud-apps
+spec:
+  # References one of the previously returned services
+  clusterServiceClassExternalName: cloud-provider-service
+  clusterServicePlanExternalName: service-plan-name
+  #####
+  # Additional parameters can be added here,
+  # which may be used by the service broker.
+  #####
+```
+
+The following sequence diagram illustrates the steps involved in provisioning a new instance of a managed service:
+
+![Provision a Service](/images/docs/service-catalog-provision.svg)
+
+1. When the `ServiceInstance` resource is created, Service Catalog initiates a call to the external service broker to provision an instance of the service.
+1. The service broker creates a new instance of the managed service and returns an HTTP response.
+1. A cluster operator can then check the status of the instance to see if it is ready.
+-->
+### 配置一个新实例
+
+集群运维人员 可以通过创建一个 `ServiceInstance` 资源来启动一个新实例的配置。
+
+这是一个 `ServiceInstance` 资源的例子：
+
+```yaml
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceInstance
+metadata:
+  name: cloud-queue-instance
+  namespace: cloud-apps
+spec:
+  # References one of the previously returned services
+  clusterServiceClassExternalName: cloud-provider-service
+  clusterServicePlanExternalName: service-plan-name
+  #####
+  # Additional parameters can be added here,
+  # which may be used by the service broker.
+  #####
+```
+
+以下顺序图展示了配置托管服务新实例所涉及的步骤：
+
+![Provision a Service](/images/docs/service-catalog-provision.svg)
+
+1. 当创建 `ServiceInstance` 资源时，服务目录将启动一个到外部服务代理的配置实例调用。
+1. 服务代理创建一个托管服务的新实例并返回 HTTP 响应。
+1. 然后集群运维人员可以检查实例的状态是否就绪。
+
+<!--
+### Binding to a managed service
+
+After a new instance has been provisioned, a cluster operator must bind to the managed service to get the connection credentials and service account details necessary for the application to use the service. This is done by creating a `ServiceBinding` resource.
+
+The following is an example of a `ServiceBinding` resource:
+
+```yaml
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceBinding
+metadata:
+  name: cloud-queue-binding
+  namespace: cloud-apps
+spec:
+  instanceRef:
+    name: cloud-queue-instance
+  #####
+  # Additional information can be added here, such as a secretName or
+  # service account parameters, which may be used by the service broker.
+  #####
+```
+
+The following sequence diagram illustrates the steps involved in binding to a managed service instance:
+
+![Bind to a managed service](/images/docs/service-catalog-bind.svg)
+
+1. After the `ServiceBinding` is created, Service Catalog makes a call to the external service broker requesting the information necessary to bind with the service instance.
+1. The service broker enables the application permissions/roles for the appropriate service account.
+1. The service broker returns the information necessary to connect and access the managed service instance. This is provider and service-specific so the information returned may differ between Service Providers and their managed services.
+-->
+### 绑定到托管服务
+
+在设置新实例之后，集群运维人员必须绑定到托管服务才能获取应用程序使用服务所需的连接凭据和服务账户的详细信息。该操作通过创建一个 `ServiceBinding` 资源完成。
+
+以下是 `ServiceBinding` 资源的示例：
+
+```yaml
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceBinding
+metadata:
+  name: cloud-queue-binding
+  namespace: cloud-apps
+spec:
+  instanceRef:
+    name: cloud-queue-instance
+  #####
+  # Additional information can be added here, such as a secretName or
+  # service account parameters, which may be used by the service broker.
+  #####
+```
+
+以下顺序图展示了绑定到托管服务实例的步骤：
+
+![Bind to a managed service](/images/docs/service-catalog-bind.svg)
+
+1. 在创建 `ServiceBinding` 之后，服务目录调用外部服务代理，请求绑定服务实例所需的信息。
+1. 服务代理为相应服务账户启用应用权限/角色。
+1. 服务代理返回连接和访问托管服务示例所需的信息。这是由提供商和服务特定的，故返回的信息可能因服务提供商和其托管服务而有所不同。
+
+<!--
+### Mapping the connection credentials
+
+After binding, the final step involves mapping the connection credentials and service-specific information into the application.
+These pieces of information are stored in secrets that the application in the cluster can access and use to connect directly with the managed service.
+
+<br>
+
+![Map connection credentials](/images/docs/service-catalog-map.svg)
+-->
+### 映射连接凭据
+
+完成绑定之后的最后一步就是将连接凭据和服务特定的信息映射到应用程序中。这些信息存储在 secret 中，集群中的应用程序可以访问并使用它们直接与托管服务进行连接。
+
+<br>
+
+![Map connection credentials](/images/docs/service-catalog-map.svg)
+
+<!--
+#### Pod configuration File
+
+One method to perform this mapping is to use a declarative Pod configuration.
+
+The following example describes how to map service account credentials into the application. A key called `sa-key` is stored in a volume named `provider-cloud-key`, and the application mounts this volume at `/var/secrets/provider/key.json`. The environment variable `PROVIDER_APPLICATION_CREDENTIALS` is mapped from the value of the mounted file.
+
+```yaml
+...
+    spec:
+      volumes:
+        - name: provider-cloud-key
+          secret:
+            secretName: sa-key
+      containers:
+...
+          volumeMounts:
+          - name: provider-cloud-key
+            mountPath: /var/secrets/provider
+          env:
+          - name: PROVIDER_APPLICATION_CREDENTIALS
+            value: "/var/secrets/provider/key.json"
+```
+
+The following example describes how to map secret values into application environment variables. In this example, the messaging queue topic name is mapped from a secret named `provider-queue-credentials` with a key named `topic` to the environment variable `TOPIC`.
+
+
+```yaml
+...
+          env:
+          - name: "TOPIC"
+            valueFrom:
+                secretKeyRef:
+                   name: provider-queue-credentials
+                   key: topic
+```
+-->
+#### Pod 配置文件
+
+执行此映射的一种方法是使用声明式 Pod 配置。
+
+以下示例描述了如何将服务账户凭据映射到应用程序中。名为 `sa-key` 的密钥保存在一个名为 `provider-cloud-key` 的卷中，应用程序会将该卷挂载在 `/var/secrets/provider/key.json` 路径下。环境变量 `PROVIDER_APPLICATION_CREDENTIALS` 将映射为挂载文件的路径。
+
+```yaml
+...
+    spec:
+      volumes:
+        - name: provider-cloud-key
+          secret:
+            secretName: sa-key
+      containers:
+...
+          volumeMounts:
+          - name: provider-cloud-key
+            mountPath: /var/secrets/provider
+          env:
+          - name: PROVIDER_APPLICATION_CREDENTIALS
+            value: "/var/secrets/provider/key.json"
+```
+
+以下示例描述了如何将 secret 值映射为应用程序的环境变量。在这个示例中，消息队列的主题名从 secret `provider-queue-credentials` 中名为 `topic` 的 key 项映射到环境变量 `TOPIC` 中。
+
+
+```yaml
+...
+          env:
+          - name: "TOPIC"
+            valueFrom:
+                secretKeyRef:
+                   name: provider-queue-credentials
+                   key: topic
+```
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+<!--
+* If you are familiar with {{< glossary_tooltip text="Helm Charts" term_id="helm-chart" >}}, [install Service Catalog using Helm](/docs/tasks/service-catalog/install-service-catalog-using-helm/) into your Kubernetes cluster. Alternatively, you can [install Service Catalog using the SC tool](/docs/tasks/service-catalog/install-service-catalog-using-sc/).
+* View [sample service brokers](https://github.com/openservicebrokerapi/servicebroker/blob/master/gettingStarted.md#sample-service-brokers).
+* Explore the [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog) project.
+* View [svc-cat.io](https://svc-cat.io/docs/).
+-->
+* 如果您熟悉{{< glossary_tooltip text="Helm Charts" term_id="helm-chart" >}}，您可以[使用 Helm 将服务目录](/docs/tasks/service-catalog/install-service-catalog-using-helm/)安装到 Kubernetes 集群中。或者，您可以[使用 SC 工具安装服务目录](/docs/tasks/service-catalog/install-service-catalog-using-sc/)。
+* 查看[服务代理示例](https://github.com/openservicebrokerapi/servicebroker/blob/master/gettingStarted.md#sample-service-brokers)。
+* 浏览 [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog) 项目。
+* 查看 [svc-cat.io](https://svc-cat.io/docs/)。
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/concepts/overview/_index.md b/content/zh/docs/concepts/overview/_index.md
index 9ab3e94ae4062..87550923ffca5 100755
--- a/content/zh/docs/concepts/overview/_index.md
+++ b/content/zh/docs/concepts/overview/_index.md
@@ -1,4 +1,11 @@
 ---
-title: "概述"
+title: 概述
 weight: 20
----
\ No newline at end of file
+---
+
+<!--
+---
+title: "Overview"
+weight: 20
+---
+-->
diff --git a/content/zh/docs/concepts/overview/components.md b/content/zh/docs/concepts/overview/components.md
index 124f5a2d780fa..f0b373bb12951 100644
--- a/content/zh/docs/concepts/overview/components.md
+++ b/content/zh/docs/concepts/overview/components.md
@@ -22,7 +22,7 @@ Master 组件可以在集群中的任何节点上运行。然而，为了简单
 
 ### API服务器
 
-[kube-apiserver](/docs/admin/kube-apiserver)对外暴露了Kubernetes API。它是的 Kubernetes 前端控制层。它被设计为水平扩展，即通过部署更多实例来缩放。请参阅[构建高可用性群集](/docs/admin/high-availability).
+[kube-apiserver](/docs/admin/kube-apiserver)对外暴露了Kubernetes API。它是 Kubernetes 的前端控制层。它被设计为水平扩展，即通过部署更多实例来缩放。请参阅[构建高可用性群集](/docs/admin/high-availability).
 
 ### etcd
 
diff --git a/content/zh/docs/concepts/overview/kubernetes-api.md b/content/zh/docs/concepts/overview/kubernetes-api.md
index 9a920f043fbac..5364b81a82d77 100644
--- a/content/zh/docs/concepts/overview/kubernetes-api.md
+++ b/content/zh/docs/concepts/overview/kubernetes-api.md
@@ -7,11 +7,11 @@ weight: 30
 
 [API协议文档](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md)描述了主系统和API概念。
 
-[API参考文档](https://kubernetes.io/docs/reference)描述了API整体规范。
+[API参考文档](/docs/reference)描述了API整体规范。
 
-[访问文档](https://kubernetes.io/docs/admin/accessing-the-api)讨论了通过远程访问API的相关问题。
+[访问文档](/docs/admin/accessing-the-api)讨论了通过远程访问API的相关问题。
 
-Kubernetes API是系统描述性配置的基础。 [Kubectl](https://kubernetes.io/docs/user-guide/kubectl/) 命令行工具被用于创建、更新、删除、获取API对象。
+Kubernetes API是系统描述性配置的基础。 [Kubectl](/docs/user-guide/kubectl/) 命令行工具被用于创建、更新、删除、获取API对象。
 
 Kubernetes 通过API资源存储自己序列化状态(现在存储在[etcd](https://coreos.com/docs/distributed-configuration/getting-started-with-etcd/))。
 
@@ -82,11 +82,11 @@ Kubernetes实现了另一种基于Protobuf的序列化格式，该格式主要
 
 1. 核心组（通常被称为遗留组）位于REST路径 **`/api/v1`** 并使用 **`apiVersion：v1`**。
 
-1. 指定的组位于REST路径 **`/apis/$GROUP_NAME/$VERSION`**，并使用 **`apiVersion：$GROUP_NAME/$VERSION`**（例如 **`apiVersion：batch/v1`**）。 在[Kubernetes API参考](https://kubernetes.io/docs/reference/)中可以看到支持的API组的完整列表。
+1. 指定的组位于REST路径 **`/apis/$GROUP_NAME/$VERSION`**，并使用 **`apiVersion：$GROUP_NAME/$VERSION`**（例如 **`apiVersion：batch/v1`**）。 在[Kubernetes API参考](/docs/reference/)中可以看到支持的API组的完整列表。
 
-社区支持使用以下两种方式来提供自定义资源对API进行扩展[自定义资源](https://kubernetes.io/docs/concepts/api-extension/custom-resources/)：
+社区支持使用以下两种方式来提供自定义资源对API进行扩展[自定义资源](/docs/concepts/api-extension/custom-resources/)：
 
-1. [CustomResourceDefinition](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/)适用于具有非常基本的CRUD需求的用户。
+1. [CustomResourceDefinition](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/)适用于具有非常基本的CRUD需求的用户。
 
 1. 即将推出：需要全套Kubernetes API语义的用户可以实现自己的apiserver，并使用[聚合器](https://git.k8s.io/community/contributors/design-proposals/api-machinery/aggregated-api-servers.md)为客户提供无缝的服务。
 
diff --git a/content/zh/docs/concepts/overview/object-management-kubectl/_index.md b/content/zh/docs/concepts/overview/object-management-kubectl/_index.md
new file mode 100644
index 0000000000000..3ee775f5a6d78
--- /dev/null
+++ b/content/zh/docs/concepts/overview/object-management-kubectl/_index.md
@@ -0,0 +1,11 @@
+---
+title: "用 kubectl 管理对象"
+weight: 50
+---
+
+<!--
+---
+title: "Object Management Using kubectl"
+weight: 50
+---
+-->
diff --git a/content/zh/docs/concepts/overview/object-management-kubectl/imperative-config.md b/content/zh/docs/concepts/overview/object-management-kubectl/imperative-config.md
new file mode 100644
index 0000000000000..ac923edef9917
--- /dev/null
+++ b/content/zh/docs/concepts/overview/object-management-kubectl/imperative-config.md
@@ -0,0 +1,262 @@
+---
+title: 使用配置文件指令式管理 Kubernetes 对象
+content_template: templates/concept
+weight: 30
+---
+
+<!--
+---
+title: Imperative Management of Kubernetes Objects Using Configuration Files
+content_template: templates/concept
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+<!--
+Kubernetes objects can be created, updated, and deleted by using the `kubectl`
+command-line tool along with an object configuration file written in YAML or JSON.
+This document explains how to define and manage objects using configuration files.
+-->
+通过使用 `kubectl` 命令行工具和 yaml 或 json 格式编写的对象配置文件，用户可以创建、更新和删除 Kubernetes 对象。
+本文档介绍如何使用配置文件定义和管理对象。
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Trade-offs
+-->
+## 取舍权衡
+
+<!--
+The `kubectl` tool supports three kinds of object management:
+-->
+
+`kubectl` 工具支持三种对象管理：
+
+<!--
+* Imperative commands
+* Imperative object configuration
+* Declarative object configuration
+-->
+* 指令性命令
+* 指令性对象配置
+* 声明式对象配置
+
+<!--
+See [Kubernetes Object Management](/docs/concepts/overview/object-management-kubectl/overview/)
+for a discussion of the advantages and disadvantage of each kind of object management.
+-->
+请参阅[Kubernetes 对象管理](/docs/concepts/overview/object-management-kubectl/overview/) 以了解每种对象管理的优缺点。
+
+<!--
+## How to create objects
+-->
+## 怎样创建对象
+
+<!--
+You can use `kubectl create -f` to create an object from a configuration file.
+Refer to the [kubernetes API reference](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)
+for details.
+-->
+
+可以使用 `kubectl create -f` 从配置文件创建对象。
+有关详细信息，请参阅[Kubernetes API 参考](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)。
+
+- `kubectl create -f <filename|url>`
+
+<!--
+## How to update objects
+-->
+## 怎样更新对象
+
+{{< warning >}}
+<!--
+Updating objects with the `replace` command drops all
+parts of the spec not specified in the configuration file.  This
+should not be used with objects whose specs are partially managed
+by the cluster, such as Services of type `LoadBalancer`, where
+the `externalIPs` field is managed independently from the configuration
+file.  Independently managed fields must be copied to the configuration
+file to prevent `replace` from dropping them.
+-->
+使用 `replace` 命令更新对象时，系统将会删除配置文件的 spec 中未指定的所有内容。
+对于部分上由集群来管理的对象而言，不要使用这种对象管理方式。
+
+例如，对于 `LoadBalancer` 类型的服务而言，其 `externalIPs` 字段值是独立于配置文件进行管理的。
+独立管理的字段必须复制到配置文件中，以防止被 `replace` 操作删除。
+{{< /warning >}}
+
+<!--
+You can use `kubectl replace -f` to update a live object according to a
+configuration file.
+-->
+您可以使用 `kubectl replace -f` 命令基于配置文件来更新活跃状态的对象。
+
+- `kubectl replace -f <filename|url>`
+
+<!--
+## How to delete objects
+-->
+## 怎样删除对象
+
+<!--
+You can use `kubectl delete -f` to delete an object that is described in a
+configuration file.
+-->
+
+您可以使用 `kubectl delete -f` 命令来删除配置文件中描述的对象。
+
+- `kubectl delete -f <filename|url>`
+
+<!--
+## How to view an object
+-->
+## 怎样查看对象
+
+<!--
+You can use `kubectl get -f` to view information about an object that is
+described in a configuration file.
+-->
+
+您可以使用 `kubectl get -f` 命令来查看配置文件中描述的对象的信息。
+
+- `kubectl get -f <filename|url> -o yaml`
+
+<!--
+The `-o yaml` flag specifies that the full object configuration is printed.
+Use `kubectl get -h` to see a list of options.
+-->
+
+指定了 `-o yaml` 参数将会打印完整的对象配置。
+使用 `kubectl get -h` 命令查看选项列表。
+
+<!--
+## Limitations
+-->
+## 限制
+
+<!--
+The `create`, `replace`, and `delete` commands work well when each object's
+configuration is fully defined and recorded in its configuration
+file. However when a live object is updated, and the updates are not merged
+into its configuration file, the updates will be lost the next time a `replace`
+is executed. This can happen if a controller, such as
+a HorizontalPodAutoscaler, makes updates directly to a live object. Here's
+an example:
+-->
+当每个对象的配置都完整的定义和记录在它的配置文件中时，`create`、`replace` 和 `delete` 命令就能正常使用。
+然而，当一个存活态的对象被更新、并且更新的内容没有被合入该对象的配置文件时，下次再执行 `replace` 命令将导致更新的内容丢失。
+如果控制器（如 HorizontalPodAutoscaler）直接更新存活态的对象，就会发生上面的情况。
+下面是个例子：
+
+<!--
+1. You create an object from a configuration file.
+1. Another source updates the object by changing some field.
+1. You replace the object from the configuration file. Changes made by
+the other source in step 2 are lost.
+-->
+
+1. 从配置文件创建对象。
+1. 另外一个资源更新这个对象的一些字段。
+1. 从配置文件中替换（replace）该对象。第二步中另外的资源对该对象所做的更新将丢失。
+
+<!--
+If you need to support multiple writers to the same object, you can use
+`kubectl apply` to manage the object.
+-->
+如果您需要对同一对象支持多个写者，那么可以使用 `kubectl apply` 命令管理该对象。
+
+<!--
+## Creating and editing an object from a URL without saving the configuration
+-->
+## 通过 URL 创建和编辑对象而不保存配置
+
+<!--
+Suppose you have the URL of an object configuration file. You can use
+`kubectl create --edit` to make changes to the configuration before the
+object is created. This is particularly useful for tutorials and tasks
+that point to a configuration file that could be modified by the reader.
+-->
+
+假设您知道一个对象配置文件的 URL。
+您可以在对象被创建之前使用 `kubectl create --edit` 命令来更改它的配置。
+这对于指向那些读者可修改配置文件的教程和任务特别有用。
+
+```sh
+kubectl create -f <url> --edit
+```
+
+<!--
+## Migrating from imperative commands to imperative object configuration
+-->
+## 从指令性命令迁移到指令性对象配置
+
+<!--
+Migrating from imperative commands to imperative object configuration involves
+several manual steps.
+-->
+从指令性命令迁移到指令性对象配置包括几个手动步骤。
+
+
+1. <!--Export the live object to a local object configuration file:-->将存活态的对象导出为本地对象配置文件：
+```sh
+kubectl get <kind>/<name> -o yaml --export > <kind>_<name>.yaml
+```
+1. <!--Manually remove the status field from the object configuration file.-->手动从对象配置文件中移除状态信息。
+1. <!--For subsequent object management, use `replace` exclusively.-->对于后续的对象管理，只使用 `replace`。
+```sh
+kubectl replace -f <kind>_<name>.yaml
+```
+
+<!--
+## Defining controller selectors and PodTemplate labels
+-->
+## 定义控制器选择器和 PodTemplate 标签
+
+{{< warning >}}
+<!--
+Updating selectors on controllers is strongly discouraged.
+-->
+强烈不建议更新控制器的选择器。
+{{< /warning >}}
+
+<!--
+The recommended approach is to define a single, immutable PodTemplate label
+used only by the controller selector with no other semantic meaning.
+-->
+建议的方法是定义一个单一的、不变的 PodTemplate 标签，该标签仅由控制器选择器使用，没有其他语义意义。
+
+<!--
+Example label:
+-->
+标签示例：
+
+```yaml
+selector:
+  matchLabels:
+      controller-selector: "extensions/v1beta1/deployment/nginx"
+template:
+  metadata:
+    labels:
+      controller-selector: "extensions/v1beta1/deployment/nginx"
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+- [Managing Kubernetes Objects Using Imperative Commands](/docs/concepts/overview/object-management-kubectl/imperative-command/)
+- [Managing Kubernetes Objects Using Object Configuration (Declarative)](/docs/concepts/overview/object-management-kubectl/declarative-config/)
+- [Kubectl Command Reference](/docs/reference/generated/kubectl/kubectl/)
+- [Kubernetes API Reference](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)
+-->
+
+- [使用指令性命令管理 Kubernetes 对象](/docs/concepts/overview/object-management-kubectl/imperative-command/)
+- [使用对象配置文件（声明式）管理 Kubernetes 对象](/docs/concepts/overview/object-management-kubectl/declarative-config/)
+- [Kubectl 命令参考](/docs/reference/generated/kubectl/kubectl/)
+- [Kubernetes API 参考](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/concepts/overview/working-with-objects/_index.md b/content/zh/docs/concepts/overview/working-with-objects/_index.md
index 5dcf6e4ed5620..477bdc5b18829 100755
--- a/content/zh/docs/concepts/overview/working-with-objects/_index.md
+++ b/content/zh/docs/concepts/overview/working-with-objects/_index.md
@@ -1,4 +1,11 @@
 ---
 title: "使用 Kubernetes 对象"
 weight: 40
----
\ No newline at end of file
+---
+
+<!--
+---
+title: "Working with Kubernetes Objects"
+weight: 40
+---
+-->
diff --git a/content/zh/docs/concepts/overview/working-with-objects/annotations.md b/content/zh/docs/concepts/overview/working-with-objects/annotations.md
new file mode 100644
index 0000000000000..91bd7064e19d1
--- /dev/null
+++ b/content/zh/docs/concepts/overview/working-with-objects/annotations.md
@@ -0,0 +1,129 @@
+---
+title: 注解
+content_template: templates/concept
+weight: 50
+---
+
+<!--
+---
+title: Annotations
+content_template: templates/concept
+weight: 50
+---
+-->
+
+{{% capture overview %}}
+
+你可以使用 Kubernetes 注解为对象附加任意的非标识的元数据。客户端程序（例如工具和库）能够获取这些元数据信息。
+<!--
+You can use Kubernetes annotations to attach arbitrary non-identifying metadata
+to objects. Clients such as tools and libraries can retrieve this metadata.
+-->
+{{% /capture %}}
+
+{{% capture body %}}
+## 为对象附加元数据
+<!--
+## Attaching metadata to objects
+-->
+
+您可以使用标签或注解将元数据附加到 Kubernetes 对象。标签可以用来选择对象和查找满足某些条件的对象集合。
+<!--
+You can use either labels or annotations to attach metadata to Kubernetes
+objects. Labels can be used to select objects and to find
+collections of objects that satisfy certain conditions.
+-->
+
+相反，注解不用于标识和选择对象。
+注解中的元数据，可以很小，也可以很大，可以是结构化的，也可以是非结构化的，能够包含标签不允许的字符。
+<!--
+In contrast, annotations are not used to identify and select objects. 
+The metadata in an annotation can be small or large, structured or unstructured, 
+and can include characters not permitted by labels.
+-->
+
+注解和标签一样，是键/值对:
+<!--
+Annotations, like labels, are key/value maps:
+-->
+
+```json
+"metadata": {
+  "annotations": {
+    "key1" : "value1",
+    "key2" : "value2"
+  }
+}
+```
+
+以下是一些例子，用来说明哪些信息可以使用注解来记录:
+<!--
+Here are some examples of information that could be recorded in annotations:
+-->
+
+* 由声明性配置所管理的字段。
+  将这些字段附加为注解，能够将它们与客户端或服务端设置的默认值、自动生成的字段以及通过自动调整大小或自动伸缩系统设置的字段区分开来。
+
+<!--
+* Fields managed by a declarative configuration layer. Attaching these fields
+  as annotations distinguishes them from default values set by clients or
+  servers, and from auto-generated fields and fields set by
+  auto-sizing or auto-scaling systems.
+-->
+
+* 构建、发布或镜像信息（如时间戳、发布 ID、Git 分支、PR 数量、镜像哈希、仓库地址）。
+
+<!--
+* Build, release, or image information like timestamps, release IDs, git branch,
+  PR numbers, image hashes, and registry address.
+-->
+
+* 指向日志记录、监控、分析或审计仓库的指针。
+
+<!--
+* Pointers to logging, monitoring, analytics, or audit repositories.
+-->
+
+* 可用于调试目的的客户端库或工具信息：例如，名称、版本和构建信息。
+
+<!--
+* Client library or tool information that can be used for debugging purposes:
+  for example, name, version, and build information.
+-->
+
+* 用户或者工具/系统的来源信息，例如来自其他生态系统组件的相关对象的 URL。
+
+<!--
+* User or tool/system provenance information, such as URLs of related objects
+  from other ecosystem components.
+-->
+
+* 推出的轻量级工具的元数据信息：例如，配置或检查点。
+
+<!--
+* Lightweight rollout tool metadata: for example, config or checkpoints.
+-->
+
+* 负责人员的电话或呼机号码，或指定在何处可以找到该信息的目录条目，如团队网站。
+
+<!--
+* Phone or pager numbers of persons responsible, or directory entries that
+  specify where that information can be found, such as a team web site.
+-->
+
+您可以将这类信息存储在外部数据库或目录中而不使用注解，但这样做就使得开发人员很难生成用于部署、管理、自检的客户端共享库和工具。
+<!--
+Instead of using annotations, you could store this type of information in an
+external database or directory, but that would make it much harder to produce
+shared client libraries and tools for deployment, management, introspection,
+and the like.
+-->
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+进一步了解[标签和选择器](/docs/concepts/overview/working-with-objects/labels/)。
+<!--
+Learn more about [Labels and Selectors](/docs/concepts/overview/working-with-objects/labels/).
+-->
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/overview/working-with-objects/common-labels.md b/content/zh/docs/concepts/overview/working-with-objects/common-labels.md
new file mode 100644
index 0000000000000..f1b3575c4502d
--- /dev/null
+++ b/content/zh/docs/concepts/overview/working-with-objects/common-labels.md
@@ -0,0 +1,259 @@
+---
+title: 推荐使用的标签
+content_template: templates/concept
+---
+<!--
+---
+title: Recommended Labels
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+<!--
+You can visualize and manage Kubernetes objects with more tools than kubectl and
+the dashboard. A common set of labels allows tools to work interoperably, describing
+objects in a common manner that all tools can understand.
+-->
+除了 kubectl 和 dashboard 之外，您可以其他工具来可视化和管理 Kubernetes 对象。
+一组通用的标签可以让多个工具之间互操作，用所有工具都能理解的通用方式描述对象。
+
+<!--
+In addition to supporting tooling, the recommended labels describe applications
+in a way that can be queried.
+-->
+除了支持工具外，推荐的标签还以一种可以查询的方式描述了应用程序。
+
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+The metadata is organized around the concept of an _application_. Kubernetes is not
+a platform as a service (PaaS) and doesn't have or enforce a formal notion of an application.
+Instead, applications are informal and described with metadata. The definition of
+what an application contains is loose.
+-->
+元数据围绕 _应用（application）_ 的概念进行组织。Kubernetes 不是
+平台即服务（PaaS），没有或强制执行正式的应用程序概念。
+相反，应用程序是非正式的，并使用元数据进行描述。应用程序包含的定义是松散的。
+
+{{< note >}}
+<!--
+These are recommended labels. They make it easier to manage applications
+but aren't required for any core tooling.
+-->
+这些是推荐的标签。它们使管理应用程序变得更容易但不是任何核心工具所必需的。
+{{< /note >}}
+
+<!--
+Shared labels and annotations share a common prefix: `app.kubernetes.io`. Labels
+without a prefix are private to users. The shared prefix ensures that shared labels
+do not interfere with custom user labels.
+-->
+共享标签和注解都使用同一个前缀：`app.kubernetes.io`。没有前缀的标签是用户私有的。共享前缀可以确保共享标签不会干扰用户自定义的标签。
+
+<!--
+## Labels
+
+In order to take full advantage of using these labels, they should be applied
+on every resource object.
+-->
+## 标签
+为了充分利用这些标签，应该在每个资源对象上都使用它们。
+
+<!--
+| Key                                 | Description           | Example  | Type |
+| ----------------------------------- | --------------------- | -------- | ---- |
+| `app.kubernetes.io/name`            | The name of the application | `mysql` | string |
+| `app.kubernetes.io/instance`        | A unique name identifying the instance of an application | `wordpress-abcxzy` | string |
+| `app.kubernetes.io/version`         | The current version of the application (e.g., a semantic version, revision hash, etc.) | `5.7.21` | string |
+| `app.kubernetes.io/component`       | The component within the architecture | `database` | string |
+| `app.kubernetes.io/part-of`         | The name of a higher level application this one is part of | `wordpress` | string |
+| `app.kubernetes.io/managed-by`  | The tool being used to manage the operation of an application | `helm` | string |
+-->
+| 键                                 | 描述           | 示例  | 类型 |
+| ----------------------------------- | --------------------- | -------- | ---- |
+| `app.kubernetes.io/name`            | 应用程序的名称 | `mysql` | 字符串 |
+| `app.kubernetes.io/instance`        | 用于唯一确定应用实例的名称 | `wordpress-abcxzy` | 字符串 |
+| `app.kubernetes.io/version`         | 应用程序的当前版本（例如，语义版本，修订版哈希等） | `5.7.21` | 字符串 |
+| `app.kubernetes.io/component`       | 架构中的组件 | `database` | 字符串 |
+| `app.kubernetes.io/part-of`         | 此级别的更高级别应用程序的名称 | `wordpress` | 字符串 |
+| `app.kubernetes.io/managed-by`  | 用于管理应用程序的工具 | `helm` | 字符串 |
+<!--
+To illustrate these labels in action, consider the following StatefulSet object:
+-->
+为说明这些标签的实际使用情况，请看下面的 StatefulSet 对象：
+
+```yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.kubernetes.io/name: mysql
+    app.kubernetes.io/instance: wordpress-abcxzy
+    app.kubernetes.io/version: "5.7.21"
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wordpress
+    app.kubernetes.io/managed-by: helm
+```
+
+<!--
+## Applications And Instances Of Applications
+
+An application can be installed one or more times into a Kubernetes cluster and,
+in some cases, the same namespace. For example, wordpress can be installed more
+than once where different websites are different installations of wordpress.
+
+The name of an application and the instance name are recorded separately. For
+example, WordPress has a `app.kubernetes.io/name` of `wordpress` while it has
+an instance name, represented as `app.kubernetes.io/instance` with a value of
+`wordpress-abcxzy`. This enables the application and instance of the application
+to be identifiable. Every instance of an application must have a unique name.
+-->
+## 应用和应用实例
+
+应用可以在 Kubernetes 集群中安装一次或多次。在某些情况下，可以安装在同一命名空间中。例如，可以不止一次地为不同的站点安装不同的 wordpress。
+
+应用的名称和实例的名称是分别记录的。例如，某 WordPress 实例的 `app.kubernetes.io/name` 为 `wordpress`，而其实例名称表现为 `app.kubernetes.io/instance` 的属性值 `wordpress-abcxzy`。这使应用程序和应用程序的实例成为可能是可识别的。应用程序的每个实例都必须具有唯一的名称。
+
+<!--
+## Examples
+-->
+## 示例
+
+<!--
+To illustrate different ways to use these labels the following examples have varying complexity.
+-->
+为了说明使用这些标签的不同方式，以下示例具有不同的复杂性。
+
+<!--
+### A Simple Stateless Service
+-->
+### 一个简单的无状态服务
+
+<!--
+Consider the case for a simple stateless service deployed using `Deployment` and `Service` objects. The following two snippets represent how the labels could be used in their simplest form.
+-->
+考虑使用 `Deployment` 和 `Service` 对象部署的简单无状态服务的情况。以下两个代码段表示如何以最简单的形式使用标签。
+
+<!--
+The `Deployment` is used to oversee the pods running the application itself.
+-->
+下面的 `Deployment` 用于监督运行应用本身的 pods。
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: myservice
+    app.kubernetes.io/instance: myservice-abcxzy
+...
+```
+
+<!--
+The `Service` is used to expose the application.
+-->
+下面的 `Service` 用于暴露应用。
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: myservice
+    app.kubernetes.io/instance: myservice-abcxzy
+...
+```
+
+<!--
+### Web Application With A Database
+-->
+### 带有一个数据库的 Web 应用程序
+
+<!--
+Consider a slightly more complicated application: a web application (WordPress)
+using a database (MySQL), installed using Helm. The following snippets illustrate
+the start of objects used to deploy this application.
+
+The start to the following `Deployment` is used for WordPress:
+-->
+考虑一个稍微复杂的应用：一个使用 Helm 安装的 Web 应用（WordPress），其中
+使用了数据库（MySQL）。以下代码片段说明用于部署此应用程序的对象的开始。
+
+以下 `Deployment` 的开头用于 WordPress：
+
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: wordpress
+    app.kubernetes.io/instance: wordpress-abcxzy
+    app.kubernetes.io/version: "4.9.4"
+    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: wordpress
+...
+```
+
+<!--
+The `Service` is used to expose WordPress:
+-->
+这个 `Service` 用于暴露 WordPress：
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: wordpress
+    app.kubernetes.io/instance: wordpress-abcxzy
+    app.kubernetes.io/version: "4.9.4"
+    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: wordpress
+...
+```
+
+<!--
+MySQL is exposed as a `StatefulSet` with metadata for both it and the larger application it belongs to:
+-->
+MySQL 作为一个 `StatefulSet` 暴露，包含它和它所属的较大应用程序的元数据：
+```yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.kubernetes.io/name: mysql
+    app.kubernetes.io/instance: wordpress-abcxzy
+    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wordpress
+    app.kubernetes.io/version: "5.7.21"
+...
+```
+
+<!--
+The `Service` is used to expose MySQL as part of WordPress:
+-->
+`Service` 用于将 MySQL 作为 WordPress 的一部分暴露：
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: mysql
+    app.kubernetes.io/instance: wordpress-abcxzy
+    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wordpress
+    app.kubernetes.io/version: "5.7.21"
+...
+```
+
+<!--
+With the MySQL `StatefulSet` and `Service` you'll notice information about both MySQL and Wordpress, the broader application, are included.
+-->
+使用 MySQL `StatefulSet` 和 `Service`，您会注意到有关 MySQL 和 Wordpress 的信息，包括更广泛的应用程序。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/overview/working-with-objects/field-selectors.md b/content/zh/docs/concepts/overview/working-with-objects/field-selectors.md
new file mode 100644
index 0000000000000..b00442633c777
--- /dev/null
+++ b/content/zh/docs/concepts/overview/working-with-objects/field-selectors.md
@@ -0,0 +1,106 @@
+---
+title: 字段选择器
+weight: 60
+---
+
+<!--
+---
+title: Field Selectors
+weight: 60
+---
+-->
+
+字段选择器允许您根据一个或多个资源字段的值[筛选 Kubernetes 资源](/docs/concepts/overview/working-with-objects/kubernetes-objects)。
+下面是一些使用字段选择器查询的例子：
+<!--
+_Field selectors_ let you [select Kubernetes resources](/docs/concepts/overview/working-with-objects/kubernetes-objects) based on the value of one or more resource fields. Here are some example field selector queries:
+-->
+
+* `metadata.name=my-service`
+* `metadata.namespace!=default`
+* `status.phase=Pending`
+
+下面这个 `kubectl` 命令将筛选出[`status.phase`](/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase)字段值为 `Running` 的所有 Pod：
+<!--
+This `kubectl` command selects all Pods for which the value of the [`status.phase`](/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase) field is `Running`:
+-->
+
+```shell
+$ kubectl get pods --field-selector status.phase=Running
+```
+
+{{< note >}}
+
+字段选择器本质上是资源*过滤器*。默认情况下，字段选择器/过滤器是未被应用的，这意味着指定类型的所有资源都会被筛选出来。
+这使得以下的两个 `kubectl` 查询是等价的：
+<!--
+Field selectors are essentially resource *filters*. By default, no selectors/filters are applied, meaning that all resources of the specified type are selected. This makes the following `kubectl` queries equivalent:
+-->
+
+```shell
+$ kubectl get pods
+$ kubectl get pods --field-selector ""
+```
+{{< /note >}}
+
+## 支持的字段
+<!--
+## Supported fields
+-->
+
+不同的 Kubernetes 资源类型支持不同的字段选择器。
+所有资源类型都支持 `metadata.name` 和 `metadata.namespace` 字段。
+使用不被支持的字段选择器会产生错误，例如：
+<!--
+Supported field selectors vary by Kubernetes resource type. All resource types support the `metadata.name` and `metadata.namespace` fields. Using unsupported field selectors produces an error. For example:
+-->
+
+```shell
+$ kubectl get ingress --field-selector foo.bar=baz
+Error from server (BadRequest): Unable to find "ingresses" that match label selector "", field selector "foo.bar=baz": "foo.bar" is not a known field selector: only "metadata.name", "metadata.namespace"
+```
+
+## 支持的运算符
+<!--
+## Supported operators
+-->
+
+您可以使用 `=`、`==`和 `!=` 对字段选择器进行运算（`=` 和 `==` 的意义是相同的）。
+例如，下面这个 `kubectl` 命令将筛选所有不属于 `default` 名称空间的 Kubernetes Service：
+<!--
+You can use the `=`, `==`, and `!=` operators with field selectors (`=` and `==` mean the same thing). This `kubectl` command, for example, selects all Kubernetes Services that aren't in the `default` namespace:
+-->
+
+```shell
+$ kubectl get services --field-selector metadata.namespace!=default
+```
+
+## 链式选择器
+<!--
+## Chained selectors
+-->
+
+同[标签](/docs/concepts/overview/working-with-objects/labels)和其他选择器一样，字段选择器可以通过使用逗号分隔的列表组成一个选择链。
+下面这个 `kubectl` 命令将筛选 `status.phase` 字段不等于 `Running` 同时 `spec.restartPolicy` 字段等于 `Always` 的所有 Pod：
+<!--
+As with [label](/docs/concepts/overview/working-with-objects/labels) and other selectors, field selectors can be chained together as a comma-separated list. This `kubectl` command selects all Pods for which the `status.phase` does not equal `Running` and the `spec.restartPolicy` field equals `Always`:
+-->
+
+```shell
+$ kubectl get pods --field-selector=status.phase!=Running,spec.restartPolicy=Always
+```
+
+## 多种资源类型
+<!--
+## Multiple resource types
+-->
+
+您能够跨多种资源类型来使用字段选择器。
+下面这个 `kubectl` 命令将筛选出所有不在 `default` 命名空间中的 StatefulSet 和 Service：
+<!--
+You use field selectors across multiple resource types. This `kubectl` command selects all Statefulsets and Services that are not in the `default` namespace:
+-->
+
+```shell
+$ kubectl get statefulsets,services --field-selector metadata.namespace!=default
+```
diff --git a/content/zh/docs/concepts/overview/working-with-objects/labels.md b/content/zh/docs/concepts/overview/working-with-objects/labels.md
new file mode 100644
index 0000000000000..3bc5554c5e679
--- /dev/null
+++ b/content/zh/docs/concepts/overview/working-with-objects/labels.md
@@ -0,0 +1,378 @@
+---
+title: 标签和选择器
+content_template: templates/concept
+weight: 40
+---
+<!--
+---
+reviewers:
+- mikedanese
+title: Labels and Selectors
+content_template: templates/concept
+weight: 40
+---
+-->
+{{% capture overview %}}
+
+<!--
+_Labels_ are key/value pairs that are attached to objects, such as pods.
+Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system.
+Labels can be used to organize and to select subsets of objects.  Labels can be attached to objects at creation time and subsequently added and modified at any time.
+Each object can have a set of key/value labels defined.  Each Key must be unique for a given object.
+-->
+_标签_ 是附加到 Kubernetes 对象（比如 Pods）上的键值对。
+标签旨在用于指定对用户有意义且相关的对象的标识属性，但不直接对核心系统有语义含义。
+标签可以用于组织和选择对象的子集。标签可以在创建时附加到对象，随后可以随时添加和修改。
+每个对象都可以定义一组键/值标签。每个键对于给定对象必须是唯一的。
+
+```json
+"metadata": {
+  "labels": {
+    "key1" : "value1",
+    "key2" : "value2"
+  }
+}
+```
+
+<!--
+We'll eventually index and reverse-index labels for efficient queries and watches, use them to sort and group in UIs and CLIs, etc. We don't want to pollute labels with non-identifying, especially large and/or structured, data. Non-identifying information should be recorded using [annotations](/docs/concepts/overview/working-with-objects/annotations/).
+-->
+
+我们最终将标签索引和反向索引，用于高效查询和监视，使用它们在 UI 和 CLI 中进行排序和分组等。我们不希望将非标识性的、尤其是大型或结构化数据用作标签，给后者带来污染。应使用 [注解](/docs/concepts/overview/working-with-objects/annotations/) 记录非识别信息
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Motivation
+-->
+
+## 动机
+
+<!--
+Labels enable users to map their own organizational structures onto system objects in a loosely coupled fashion, without requiring clients to store these mappings.
+-->
+标签使用户能够以松散耦合的方式将他们自己的组织结构映射到系统对象，而无需客户端存储这些映射。
+
+<!--
+Service deployments and batch processing pipelines are often multi-dimensional entities (e.g., multiple partitions or deployments, multiple release tracks, multiple tiers, multiple micro-services per tier). Management often requires cross-cutting operations, which breaks encapsulation of strictly hierarchical representations, especially rigid hierarchies determined by the infrastructure rather than by users.
+-->
+服务部署和批处理流水线通常是多维实体（例如，多个分区或部署、多个发行序列、多个层，每层多个微服务）。管理通常需要交叉操作，这打破了严格的层次表示的封装，特别是由基础设施而不是用户确定的严格的层次结构。
+
+<!--
+Example labels:
+-->
+示例标签：
+
+   * `"release" : "stable"`, `"release" : "canary"`
+   * `"environment" : "dev"`, `"environment" : "qa"`, `"environment" : "production"`
+   * `"tier" : "frontend"`, `"tier" : "backend"`, `"tier" : "cache"`
+   * `"partition" : "customerA"`, `"partition" : "customerB"`
+   * `"track" : "daily"`, `"track" : "weekly"`
+
+<!--
+These are just examples of commonly used labels; you are free to develop your own conventions. Keep in mind that label Key must be unique for a given object.
+-->
+这些只是常用标签的例子; 您可以任意制定自己的约定。请记住，对于给定对象标签的键必须是唯一的。
+
+<!--
+## Syntax and character set
+-->
+## 语法和字符集
+
+
+<!--
+_Labels_ are key/value pairs. Valid label keys have two segments: an optional prefix and name, separated by a slash (`/`).  The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character (`[a-z0-9A-Z]`) with dashes (`-`), underscores (`_`), dots (`.`), and alphanumerics between.  The prefix is optional.  If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots (`.`), not longer than 253 characters in total, followed by a slash (`/`).
+If the prefix is omitted, the label Key is presumed to be private to the user. Automated system components (e.g. `kube-scheduler`, `kube-controller-manager`, `kube-apiserver`, `kubectl`, or other third-party automation) which add labels to end-user objects must specify a prefix.  The `kubernetes.io/` prefix is reserved for Kubernetes core components.
+-->
+_标签_ 是键值对。有效的标签键有两个段：可选的前缀和名称，用斜杠（`/`）分隔。名称段是必需的，必须小于等于 63 个字符，以字母数字字符（`[a-z0-9A-Z]`）开头和结尾，带有破折号（`-`），下划线（`_`），点（ `.`）和之间的字母数字。前缀是可选的。如果指定，前缀必须是 DNS 子域：由点（`.`）分隔的一系列 DNS 标签，总共不超过 253 个字符，后跟斜杠（`/`）。
+如果省略前缀，则假定标签键对用户是私有的。 向最终用户对象添加标签的自动系统组件（例如 `kube-scheduler`，`kube-controller-manager`，`kube-apiserver`，`kubectl` 或其他第三方自动化）必须指定前缀。`kubernetes.io/` 前缀是为 Kubernetes 核心组件保留的。
+
+<!--
+Valid label values must be 63 characters or less and must be empty or begin and end with an alphanumeric character (`[a-z0-9A-Z]`) with dashes (`-`), underscores (`_`), dots (`.`), and alphanumerics between.
+-->
+有效标签值必须为 63 个字符或更少，并且必须为空或以字母数字字符（`[a-z0-9A-Z]`）开头和结尾，中间可以包含破折号（`-`）、下划线（`_`）、点（`.`）和字母或数字。
+
+<!--
+## Label selectors
+-->
+## 标签选择器
+
+<!--
+Unlike [names and UIDs](/docs/user-guide/identifiers), labels do not provide uniqueness. In general, we expect many objects to carry the same label(s).
+-->
+与 [名称和 UID](/docs/user-guide/identifiers) 不同，标签不提供唯一性。通常，我们希望许多对象携带相同的标签。
+
+<!--
+Via a _label selector_, the client/user can identify a set of objects. The label selector is the core grouping primitive in Kubernetes.
+-->
+通过 _标签选择器_，客户端/用户可以识别一组对象。标签选择器是 Kubernetes 中的核心分组原语。
+
+<!--
+The API currently supports two types of selectors: _equality-based_ and _set-based_.
+A label selector can be made of multiple _requirements_ which are comma-separated. In the case of multiple requirements, all must be satisfied so the comma separator acts as a logical _AND_ (`&&`) operator.
+-->
+API 目前支持两种类型的选择器：_基于相等性的_ 和 _基于集合的_。
+标签选择器可以由逗号分隔的多个 _需求_ 组成。在多个需求的情况下，必须满足所有要求，因此逗号分隔符充当逻辑 _与_（`&&`）运算符。
+
+<!--
+An empty label selector (that is, one with zero requirements) selects every object in the collection.
+-->
+空标签选择器（即，需求为零的选择器）选择集合中的每个对象。
+
+<!--
+A null label selector (which is only possible for optional selector fields) selects no objects.
+-->
+null 值的标签选择器（仅可用于可选选择器字段）不选择任何对象
+{{< note >}}
+<!--
+**Note**: the label selectors of two controllers must not overlap within a namespace, otherwise they will fight with each other.
+-->
+**注意**：两个控制器的标签选择器不得在命名空间内重叠，否则它们将互相冲突。
+{{< /note >}}
+
+<!--
+### _Equality-based_ requirement
+-->
+### _基于相等性的_ 需求
+
+
+<!--
+_Equality-_ or _inequality-based_ requirements allow filtering by label keys and values. Matching objects must satisfy all of the specified label constraints, though they may have additional labels as well.
+Three kinds of operators are admitted `=`,`==`,`!=`. The first two represent _equality_ (and are simply synonyms), while the latter represents _inequality_. For example:
+-->
+_基于相等性_ 或 _不相等_ 的需求允许按标签键和值进行过滤。匹配对象必须满足所有指定的标签约束，尽管它们也可能具有其他标签。
+可接受的运算符有`=`、`==` 和 `！=` 三种。 前两个表示 _相等_（并且只是同义词），而后者表示 _不相等_。 例如：
+
+```
+environment = production
+tier != frontend
+```
+
+<!--
+The former selects all resources with key equal to `environment` and value equal to `production`.
+The latter selects all resources with key equal to `tier` and value distinct from `frontend`, and all resources with no labels with the `tier` key.
+One could filter for resources in `production` excluding `frontend` using the comma operator: `environment=production,tier!=frontend`
+-->
+前者选择所有资源，其键名等于 `environment`，值等于 `production`。
+后者选择所有资源，其键名等于 `tier`，值不同于 `frontend`，所有资源都没有带有 `tier` 键的标签。
+可以使用逗号运算符来过滤 `production` 环境中的非 `frontend` 层资源：`environment=production,tier!=frontend`。
+
+<!--
+One usage scenario for equality-based label requirement is for Pods to specify
+node selection criteria. For example, the sample Pod below selects nodes with
+the label "`accelerator=nvidia-tesla-p100`".
+-->
+基于相等性的标签要求的一种使用场景是 Pods 要指定节点选择标准。例如，下面的示例 Pod 选择带有标签 "`accelerator=nvidia-tesla-p100`"。
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cuda-test
+spec:
+  containers:
+    - name: cuda-test
+      image: "k8s.gcr.io/cuda-vector-add:v0.1"
+      resources:
+        limits:
+          nvidia.com/gpu: 1
+  nodeSelector:
+    accelerator: nvidia-tesla-p100
+```
+
+<!--
+### _Set-based_ requirement
+-->
+### _基于集合_ 的需求
+
+<!--
+_Set-based_ label requirements allow filtering keys according to a set of values. Three kinds of operators are supported: `in`,`notin` and `exists` (only the key identifier). For example:
+-->
+_基于集合_ 的标签需求允许您通过一组值来过滤键。支持三种操作符：`in`,`notin` and `exists` (只可以用在键标识符上)。例如：
+
+```
+environment in (production, qa)
+tier notin (frontend, backend)
+partition
+!partition
+```
+
+<!--
+The first example selects all resources with key equal to `environment` and value equal to `production` or `qa`.
+-->
+
+第一个示例选择了所有键等于 `environment` 并且值等于 `production` 或者 `qa` 的资源。
+
+<!--
+The second example selects all resources with key equal to `tier` and values other than `frontend` and `backend`, and all resources with no labels with the `tier` key.
+-->
+
+第二个示例选择了所有键等于 `tier` 并且值不等于 `frontend` 或者 `backend` 的资源，以及所有没有 `tier` 键标签的资源。
+
+<!--
+The third example selects all resources including a label with key `partition`; no values are checked.
+--->
+
+第三个示例选择了所有包含了有 `partition` 标签的资源；没有校验它的值。
+
+<!--
+The fourth example selects all resources without a label with key `partition`; no values are checked.
+-->
+
+第三个示例选择了所有没有 `partition` 标签的资源；没有校验它的值。
+
+<!--
+Similarly the comma separator acts as an _AND_ operator. So filtering resources with a `partition` key (no matter the value) and with `environment` different than  `qa` can be achieved using `partition,environment notin (qa)`.
+-->
+类似地，逗号分隔符充当 _AND_ 运算符。因此，使用 `partition` 键（无论为何值）和 `environment` 不同于 `qa` 来过滤资源可以使用 `partition，environment notin（qa)` 来实现。
+
+<!--
+The _set-based_ label selector is a general form of equality since `environment=production` is equivalent to `environment in (production)`; similarly for `!=` and `notin`.
+-->
+
+_基于集合_ 的标签选择器是相等标签选择器的一般形式，因为 `environment = production` 等同于 `environment in（production）`;`！=` 和 `notin` 也是类似的。
+
+<!--
+_Set-based_ requirements can be mixed with _equality-based_ requirements. For example: `partition in (customerA, customerB),environment!=qa`.
+-->
+_基于集合_ 的要求可以与基于 _相等_ 的要求混合使用。例如：`partition in (customerA, customerB),environment!=qa`。
+
+## API
+
+<!--
+### LIST and WATCH filtering
+-->
+### LIST 和 WATCH 过滤
+
+<!--
+LIST and WATCH operations may specify label selectors to filter the sets of objects returned using a query parameter. Both requirements are permitted (presented here as they would appear in a URL query string):
+-->
+LIST and WATCH 操作可以使用查询参数指定标签选择器过滤一组对象。两种需求都是允许的。（这里显示的是它们出现在 URL 查询字符串中）
+
+<!--
+  * _equality-based_ requirements: `?labelSelector=environment%3Dproduction,tier%3Dfrontend`
+  * _set-based_ requirements: `?labelSelector=environment+in+%28production%2Cqa%29%2Ctier+in+%28frontend%29`
+-->
+  * _基于相等性_ 的需求: `?labelSelector=environment%3Dproduction,tier%3Dfrontend`
+  * _基于集合_ 的需求: `?labelSelector=environment+in+%28production%2Cqa%29%2Ctier+in+%28frontend%29`
+
+<!--
+Both label selector styles can be used to list or watch resources via a REST client. For example, targeting `apiserver` with `kubectl` and using _equality-based_ one may write:
+-->
+两种标签选择器都可以通过 REST 客户端用于 list 或者 watch 资源。例如，使用 `kubectl` 定位 `apiserver`，可以使用 _基于相等性_ 的标签选择器可以这么写：
+
+
+```shell
+$ kubectl get pods -l environment=production,tier=frontend
+```
+
+<!--
+or using _set-based_ requirements:
+-->
+或者使用 _基于集合的_ 需求：
+
+```shell
+$ kubectl get pods -l 'environment in (production),tier in (frontend)'
+```
+
+<!--
+As already mentioned _set-based_ requirements are more expressive.  For instance, they can implement the _OR_ operator on values:
+-->
+正如刚才提到的，_基于集合_ 的需求更具有表达力。例如，它们可以实现值的 _或_ 操作：
+
+```shell
+$ kubectl get pods -l 'environment in (production, qa)'
+```
+
+<!--
+or restricting negative matching via _exists_ operator:
+-->
+或者通过 _exists_ 运算符限制不匹配：
+
+```shell
+$ kubectl get pods -l 'environment,environment notin (frontend)'
+```
+
+<!--
+### Set references in API objects
+
+Some Kubernetes objects, such as [`services`](/docs/user-guide/services) and [`replicationcontrollers`](/docs/user-guide/replication-controller), also use label selectors to specify sets of other resources, such as [pods](/docs/user-guide/pods).
+-->
+### 在 API 对象上设置引用
+
+一些 Kubernetes 对象，例如 [`services`](/docs/user-guide/services) 和 [`replicationcontrollers`](/docs/user-guide/replication-controller) ，也使用了标签选择器去指定了其他资源的集合，例如 [pods](/docs/user-guide/pods)。
+
+<!--
+#### Service and ReplicationController
+
+The set of pods that a `service` targets is defined with a label selector. Similarly, the population of pods that a `replicationcontroller` should manage is also defined with a label selector.
+
+Labels selectors for both objects are defined in `json` or `yaml` files using maps, and only _equality-based_ requirement selectors are supported:
+-->
+#### Service 和 ReplicationController
+
+一个 `Service` 指向的一组 pods 是由标签选择器定义的。同样，一个 `ReplicationController` 应该管理的 pods 的数量也是由标签选择器定义的。
+
+两个对象的标签选择器都是在 `json` 或者 `yaml` 文件中使用映射定义的，并且只支持 _基于相等性_ 需求的选择器：
+
+```json
+"selector": {
+    "component" : "redis",
+}
+```
+
+<!--
+or
+-->
+或者
+
+```yaml
+selector:
+    component: redis
+```
+
+<!---
+this selector (respectively in `json` or `yaml` format) is equivalent to `component=redis` or `component in (redis)`.
+-->
+这个选择器(分别在 `json` 或者 `yaml` 格式中) 等价于 `component=redis` 或 `component in (redis)` 。
+
+<!--
+#### Resources that support set-based requirements
+
+Newer resources, such as [`Job`](/docs/concepts/jobs/run-to-completion-finite-workloads/), [`Deployment`](/docs/concepts/workloads/controllers/deployment/), [`Replica Set`](/docs/concepts/workloads/controllers/replicaset/), and [`Daemon Set`](/docs/concepts/workloads/controllers/daemonset/), support _set-based_ requirements as well.
+-->
+#### 支持基于集合需求的资源
+
+比较新的资源，例如 [`Job`](/docs/concepts/jobs/run-to-completion-finite-workloads/)、[`Deployment`](/docs/concepts/workloads/controllers/deployment/)、[`Replica Set`](/docs/concepts/workloads/controllers/replicaset/) 和[`Daemon Set`](/docs/concepts/workloads/controllers/daemonset/) ,也支持 _基于集合的_ 需求。
+
+```yaml
+selector:
+  matchLabels:
+    component: redis
+  matchExpressions:
+    - {key: tier, operator: In, values: [cache]}
+    - {key: environment, operator: NotIn, values: [dev]}
+```
+
+<!--
+`matchLabels` is a map of `{key,value}` pairs. A single `{key,value}` in the `matchLabels` map is equivalent to an element of `matchExpressions`, whose `key` field is "key", the `operator` is "In", and the `values` array contains only "value". `matchExpressions` is a list of pod selector requirements. Valid operators include In, NotIn, Exists, and DoesNotExist. The values set must be non-empty in the case of In and NotIn. All of the requirements, from both `matchLabels` and `matchExpressions` are ANDed together -- they must all be satisfied in order to match.
+-->
+
+`matchLabels` 是由 `{key，value}` 对组成的映射。`matchLabels` 映射中的单个 `{key，value }` 等同于 `matchExpressions` 的元素，其 `key`字段为 "key"，`operator` 为 "In"，而 `values` 数组仅包含 "value"。`matchExpressions` 是 pod 选择器要求的列表。有效的运算符包括 In，NotIn，Exists 和 DoesNotExist。在 In 和 NotIn 的情况下，设置的值必须是非空的。来自 `matchLabels` 和 `matchExpressions` 的所有要求都是合在一起 -- 它们必须都满足才能匹配。
+
+<!--
+#### Selecting sets of nodes
+-->
+#### 选择节点集
+
+<!--
+One use case for selecting over labels is to constrain the set of nodes onto which a pod can schedule.
+See the documentation on [node selection](/docs/concepts/configuration/assign-pod-node/) for more information.
+-->
+通过标签进行选择的一个用例是确定节点集，方便 pod 调度。
+有关更多信息，请参阅 [选择节点](/docs/concepts/configuration/assign-pod-node/) 上的文档。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/overview/working-with-objects/names.md b/content/zh/docs/concepts/overview/working-with-objects/names.md
new file mode 100644
index 0000000000000..4645df7e15816
--- /dev/null
+++ b/content/zh/docs/concepts/overview/working-with-objects/names.md
@@ -0,0 +1,66 @@
+---
+title: 名称
+content_template: templates/concept
+weight: 20
+---
+
+<!--
+---
+reviewers:
+- mikedanese
+- thockin
+title: Names
+content_template: templates/concept
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+
+Kubernetes REST API 中的所有对象都通过名称和 UID 明确标识。
+
+<!--
+All objects in the Kubernetes REST API are unambiguously identified by a Name and a UID.
+-->
+
+对于用户提供的非惟一属性，Kubernetes 提供 [标签](/docs/user-guide/labels) 和
+[注解](/docs/concepts/overview/working-with-objects/annotations/)。
+
+<!--
+For non-unique user-provided attributes, Kubernetes provides [labels](/docs/user-guide/labels) and [annotations](/docs/concepts/overview/working-with-objects/annotations/).
+-->
+
+查看 [标识设计文档](https://git.k8s.io/community/contributors/design-proposals/architecture/identifiers.md) 获取名称和 UID 的精确语法规则。
+
+<!--
+See the [identifiers design doc](https://git.k8s.io/community/contributors/design-proposals/architecture/identifiers.md) for the precise syntax rules for Names and UIDs.
+-->
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+## 名称
+
+<!--
+## Names
+-->
+
+{{< glossary_definition term_id="name" length="all" >}}
+
+按照惯例，Kubernetes 资源的名称最长可达 253 个字符，并由小写字母、数字、 “-” 和 “.” 组成，但某些资源可能有更具体的限制。
+
+<!--
+By convention, the names of Kubernetes resources should be up to maximum length of 253 characters and consist of lower case alphanumeric characters, `-`, and `.`, but certain resources have more specific restrictions.
+-->
+
+## UID
+
+<!--
+## UIDs
+-->
+
+{{< glossary_definition term_id="uid" length="all" >}}
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/overview/working-with-objects/namespaces.md b/content/zh/docs/concepts/overview/working-with-objects/namespaces.md
new file mode 100644
index 0000000000000..59c8849170d61
--- /dev/null
+++ b/content/zh/docs/concepts/overview/working-with-objects/namespaces.md
@@ -0,0 +1,219 @@
+---
+title: 命名空间
+content_template: templates/concept
+weight: 30
+---
+<!--
+---
+reviewers:
+- derekwaynecarr
+- mikedanese
+- thockin
+title: Namespaces
+content_template: templates/concept
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+
+Kubernetes 支持多个虚拟集群，它们底层依赖于同一个物理集群。
+这些虚拟集群被称为命名空间。
+<!--
+Kubernetes supports multiple virtual clusters backed by the same physical cluster.
+These virtual clusters are called namespaces.
+-->
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+## 何时使用多个命名空间
+<!--
+## When to Use Multiple Namespaces
+-->
+
+命名空间适用于存在很多跨多个团队或项目的用户的场景。
+对于只有几到几十个用户的集群，根本不需要创建或考虑命名空间。
+<!--
+Namespaces are intended for use in environments with many users spread across multiple
+teams, or projects. For clusters with a few to tens of users, 
+you should not need to create or think about namespaces at all.  
+-->
+
+当您需要命名空间提供的特性时，请开始使用它们。
+<!--
+Start using namespaces when you need the features they provide.
+-->
+
+命名空间为名称提供了一个范围。
+资源的名称需要在命名空间内是惟一的，但不能跨命名空间。
+<!--
+Namespaces provide a scope for names.  
+Names of resources need to be unique within a namespace, but not across namespaces.
+-->
+
+命名空间是在多个用户之间划分集群资源的一种方法（通过[资源配额](/docs/concepts/policy/resource-quotas/)）。
+<!--
+Namespaces are a way to divide cluster resources between multiple users (via [resource quota](/docs/concepts/policy/resource-quotas/)).
+-->
+
+在 Kubernetes 未来版本中，相同命名空间中的对象默认将具有相同的访问控制策略。
+<!--
+In future versions of Kubernetes, objects in the same namespace will have the same
+access control policies by default.
+-->
+
+不需要使用多个命名空间来分隔轻微不同的资源，例如同一软件的不同版本：
+使用[标签](/docs/user-guide/labels)来区分同一命名空间中的不同资源。
+<!--
+It is not necessary to use multiple namespaces just to separate slightly different
+resources, such as different versions of the same software: use [labels](/docs/user-guide/labels) to distinguish
+resources within the same namespace.
+-->
+
+## 使用命名空间
+<!--
+## Working with Namespaces
+-->
+
+命名空间的创建和删除已在[命名空间的管理指南文档](/docs/admin/namespaces)中进行了描述。
+<!--
+Creation and deletion of namespaces are described in the [Admin Guide documentation
+for namespaces](/docs/admin/namespaces).
+-->
+
+### 查看命名空间
+<!--
+### Viewing namespaces
+-->
+
+您可以使用以下命令列出集群中现存的命名空间：
+<!--
+You can list the current namespaces in a cluster using:
+-->
+
+```shell
+$ kubectl get namespaces
+NAME          STATUS    AGE
+default       Active    1d
+kube-system   Active    1d
+kube-public   Active    1d
+```
+
+Kubernetes 会创建三个初始命名空间：
+<!--
+Kubernetes starts with three initial namespaces:
+-->
+   
+   * `default` 没有指明使用其它命名空间的对象所使用的默认命名空间
+   <!-->
+   * `default` The default namespace for objects with no other namespace
+   -->
+   * `kube-system` Kubernetes 系统创建对象所使用的命名空间
+   <!-->
+   * `kube-system` The namespace for objects created by the Kubernetes system
+   -->
+   * `kube-public` 这个命名空间是自动创建的，所有用户（包括未经过身份验证的用户）都可以读取它。这个命名空间主要用于集群使用，以防某些资源在整个集群中应该是可见和可读的。这个命名空间的公共方面只是一种约定，而不是要求。
+   <!-->
+   * `kube-public` This namespace is created automatically and is readable by all users (including those not authenticated). This namespace is mostly reserved for cluster usage, in case that some resources should be visible and readable publicly throughout the whole cluster. The public aspect of this namespace is only a convention, not a requirement.
+   -->
+
+### 为请求设置命名空间
+<!--
+### Setting the namespace for a request
+-->
+
+要临时设置请求的命名空间，请使用 `--namespace` 参数。
+<!--
+To temporarily set the namespace for a request, use the `--namespace` flag.
+-->
+
+例如：
+<!--
+For example:
+-->
+
+```shell
+$ kubectl --namespace=<insert-namespace-name-here> run nginx --image=nginx
+$ kubectl --namespace=<insert-namespace-name-here> get pods
+```
+
+### 设置命名空间首选项
+<!--
+### Setting the namespace preference
+-->
+
+您可以永久保存该上下文中所有后续 kubectl 命令使用的命名空间。
+<!--
+You can permanently save the namespace for all subsequent kubectl commands in that
+context.
+-->
+
+```shell
+$ kubectl config set-context $(kubectl config current-context) --namespace=<insert-namespace-name-here>
+# Validate it
+$ kubectl config view | grep namespace:
+```
+
+## 命名空间和 DNS
+<!--
+## Namespaces and DNS
+-->
+
+当您创建一个[服务](/docs/user-guide/services)时，Kubernetes 会创建一个相应的[DNS 条目](/docs/concepts/services-networking/dns-pod-service/)。
+<!--
+When you create a [Service](/docs/user-guide/services), it creates a corresponding [DNS entry](/docs/concepts/services-networking/dns-pod-service/).
+-->
+
+该条目的形式是 `<service-name>.<namespace-name>.svc.cluster.local`，
+这意味着如果容器只使用 `<service-name>`，它将被解析到本地命名空间的服务。
+<!--
+This entry is of the form `<service-name>.<namespace-name>.svc.cluster.local`, which means
+that if a container just uses `<service-name>`, it will resolve to the service which
+is local to a namespace.
+-->
+
+这对于跨多个命名空间（如开发、分级和生产）使用相同的配置非常有用。
+<!-->
+This is useful for using the same configuration across
+multiple namespaces such as Development, Staging and Production.
+-->
+如果您希望跨命名空间访问，则需要使用完全限定域名（FQDN）。
+<!--
+If you want to reach across namespaces, 
+you need to use the fully qualified domain name (FQDN).
+-->
+
+## 并非所有对象都在命名空间中
+<!--
+## Not All Objects are in a Namespace
+-->
+
+大多数 kubernetes 资源（例如 Pod、服务、副本控制器等）都位于某些命名空间中。
+但是命名空间资源本身并不在命名空间中。
+<!--
+Most Kubernetes resources (e.g. pods, services, replication controllers, and others) are
+in some namespaces.  However namespace resources are not themselves in a namespace.
+-->
+
+而且底层资源，例如[节点](/docs/admin/node)和持久化卷不属于任何命名空间。
+<!--
+And low-level resources, such as [nodes](/docs/admin/node) and
+persistentVolumes, are not in any namespace.
+-->
+
+查看哪些 Kubernetes 资源在命名空间中，哪些不在命名空间中：
+<!--
+To see which Kubernetes resources are and aren't in a namespace:
+-->
+
+```shell
+# In a namespace
+$ kubectl api-resources --namespaced=true
+
+# Not in a namespace
+$ kubectl api-resources --namespaced=false
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/policy/_index.md b/content/zh/docs/concepts/policy/_index.md
new file mode 100644
index 0000000000000..a724a7dd475c2
--- /dev/null
+++ b/content/zh/docs/concepts/policy/_index.md
@@ -0,0 +1,11 @@
+---
+title: "策略"
+weight: 160
+---
+
+<!--
+---
+title: "Policies"
+weight: 160
+---
+-->
diff --git a/content/zh/docs/concepts/services-networking/_index.md b/content/zh/docs/concepts/services-networking/_index.md
new file mode 100644
index 0000000000000..905f25af01b37
--- /dev/null
+++ b/content/zh/docs/concepts/services-networking/_index.md
@@ -0,0 +1,11 @@
+---
+title: "服务、负载均衡和联网"
+weight: 80
+---
+
+<!--
+---
+title: "Services, Load Balancing, and Networking"
+weight: 80
+---
+-->
diff --git a/content/zh/docs/concepts/services-networking/ingress-controllers.md b/content/zh/docs/concepts/services-networking/ingress-controllers.md
new file mode 100644
index 0000000000000..5841f7411ec3b
--- /dev/null
+++ b/content/zh/docs/concepts/services-networking/ingress-controllers.md
@@ -0,0 +1,124 @@
+---
+title: Ingress 控制器
+content_template: templates/concept
+weight: 40
+---
+<!--
+title: Ingress Controllers
+content_template: templates/concept
+weight: 40
+-->
+
+{{% capture overview %}}
+<!--
+In order for the Ingress resource to work, the cluster must have an ingress controller running. 
+
+Unlike other types of controllers which run as part of the `kube-controller-manager` binary, Ingress controllers 
+are not started automatically with a cluster. Use this page to choose the ingress controller implementation 
+that best fits your cluster.
+
+Kubernetes as a project currently supports and maintains [GCE](https://git.k8s.io/ingress-gce/README.md) and
+  [nginx](https://git.k8s.io/ingress-nginx/README.md) controllers.
+-->
+为了让 Ingress 资源工作，集群必须有一个正在运行的 Ingress 控制器。
+
+与其他类型的控制器不同，它们是作为 `kube-controller-manager` 二进制文件的一部分运行的，而 Ingress 控制器不是随集群自动启动的。
+通过此页面可选择最适合您的集群的 ingress 控制器实现。
+
+Kubernetes 作为一个项目，目前支持和维护 [GCE](https://git.k8s.io/ingress-gce/README.md) 和
+  [nginx](https://git.k8s.io/ingress-nginx/README.md) 控制器。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Additional controllers
+
+* [Ambassador](https://www.getambassador.io/) API Gateway is an [Envoy](https://www.envoyproxy.io) based ingress 
+  controller with [community](https://www.getambassador.io/docs) or 
+  [commercial](https://www.getambassador.io/pro/) support from [Datawire](https://www.datawire.io/).
+* [AppsCode Inc.](https://appscode.com) offers support and maintenance for the most widely used [HAProxy](http://www.haproxy.org/) based ingress controller [Voyager](https://appscode.com/products/voyager).  
+* [Contour](https://github.com/heptio/contour) is an [Envoy](https://www.envoyproxy.io) based ingress controller
+  provided and supported by Heptio.
+* Citrix provides an [Ingress Controller](https://github.com/citrix/citrix-k8s-ingress-controller) for its hardware (MPX), virtualized (VPX) and [free containerized (CPX) ADC](https://www.citrix.com/products/citrix-adc/cpx-express.html) for [baremetal](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/deployment/baremetal) and [cloud](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/deployment) deployments.
+* F5 Networks provides [support and maintenance](https://support.f5.com/csp/article/K86859508)
+  for the [F5 BIG-IP Controller for Kubernetes](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest).
+* [Gloo](https://gloo.solo.io) is an open-source ingress controller based on [Envoy](https://www.envoyproxy.io) which offers API Gateway functionality with enterprise support from [solo.io](https://www.solo.io).  
+* [HAProxy](http://www.haproxy.org/) based ingress controller
+  [jcmoraisjr/haproxy-ingress](https://github.com/jcmoraisjr/haproxy-ingress) which is mentioned on the blog post
+  [HAProxy Ingress Controller for Kubernetes](https://www.haproxy.com/blog/haproxy_ingress_controller_for_kubernetes/).
+  [HAProxy Technologies](https://www.haproxy.com/) offers support and maintenance for HAProxy Enterprise and
+  the ingress controller [jcmoraisjr/haproxy-ingress](https://github.com/jcmoraisjr/haproxy-ingress).
+* [Istio](https://istio.io/) based ingress controller
+  [Control Ingress Traffic](https://istio.io/docs/tasks/traffic-management/ingress/).
+* [Kong](https://konghq.com/) offers [community](https://discuss.konghq.com/c/kubernetes) or
+  [commercial](https://konghq.com/kong-enterprise/) support and maintenance for the
+  [Kong Ingress Controller for Kubernetes](https://github.com/Kong/kubernetes-ingress-controller).
+* [NGINX, Inc.](https://www.nginx.com/) offers support and maintenance for the
+  [NGINX Ingress Controller for Kubernetes](https://www.nginx.com/products/nginx/kubernetes-ingress-controller).
+* [Traefik](https://github.com/containous/traefik) is a fully featured ingress controller
+  ([Let's Encrypt](https://letsencrypt.org), secrets, http2, websocket), and it also comes with commercial
+  support by [Containous](https://containo.us/services).
+-->
+## 其他控制器
+
+* [Ambassador](https://www.getambassador.io/) API 网关， 一个基于 [Envoy](https://www.envoyproxy.io) 的 ingress 
+  控制器，有着来自 [Datawire](https://www.datawire.io/) [社区](https://www.getambassador.io/docs)或[商业](https://www.getambassador.io/pro/)的支持。
+* [AppsCode Inc.](https://appscode.com) 为最广泛使用的基于 [HAProxy](http://www.haproxy.org/) 的 ingress 控制器 [Voyager](https://appscode.com/products/voyager) 提供支持和维护.  
+* [Contour](https://github.com/heptio/contour) 是一个基于 [Envoy](https://www.envoyproxy.io) 的 ingress 控制器，它由 Heptio 提供和支持。
+* Citrix 为其硬件（MPX），虚拟化（VPX）和 [免费容器化 (CPX) ADC](https://www.citrix.com/products/citrix-adc/cpx-express.html) 提供了一个 [Ingress 控制器](https://github.com/citrix/citrix-k8s-ingress-controller)，用于[裸金属](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/deployment/baremetal)和[云](https://github.com/citrix/citrix-k8s-ingress-controller/tree/master/deployment)部署。
+* F5 Networks 为 [用于 Kubernetes 的 F5 BIG-IP 控制器](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest)提供[支持和维护](https://support.f5.com/csp/article/K86859508)。
+* [Gloo](https://gloo.solo.io) 是一个开源的基于 [Envoy](https://www.envoyproxy.io) 的 ingress 控制器，它提供了 API 网关功能，有着来自 [solo.io](https://www.solo.io) 的企业级支持。 
+* 基于 [HAProxy](http://www.haproxy.org/) 的 ingress 控制器
+  [jcmoraisjr/haproxy-ingress](https://github.com/jcmoraisjr/haproxy-ingress)，
+  [用于 Kubernetes 的 HAProxy Ingress 控制器](https://www.haproxy.com/blog/haproxy_ingress_controller_for_kubernetes/)这篇博文提到它。
+  [HAProxy Technologies](https://www.haproxy.com/) 为 HAProxy 企业版和
+  ingress 控制器 [jcmoraisjr/haproxy-ingress](https://github.com/jcmoraisjr/haproxy-ingress) 提供支持和维护。
+* 基于 [Istio](https://istio.io/) 的 ingress 控制器[控制 Ingress 流量](https://istio.io/docs/tasks/traffic-management/ingress/)。
+* [Kong](https://konghq.com/) 为[用于 Kubernetes 的 Kong Ingress 控制器](https://github.com/Kong/kubernetes-ingress-controller) 提供[社区](https://discuss.konghq.com/c/kubernetes)或[商业](https://konghq.com/kong-enterprise/)支持和维护。
+* [NGINX, Inc.](https://www.nginx.com/) 为[用于 Kubernetes 的 NGINX Ingress 控制器](https://www.nginx.com/products/nginx/kubernetes-ingress-controller)提供支持和维护。
+* [Traefik](https://github.com/containous/traefik) 是一个全功能的 ingress 控制器
+  （[Let's Encrypt](https://letsencrypt.org)，secrets，http2，websocket），并且它也有来自 [Containous](https://containo.us/services) 的商业支持。
+
+<!--
+## Using multiple Ingress controllers
+
+You may deploy [any number of ingress controllers](https://git.k8s.io/ingress-nginx/docs/user-guide/multiple-ingress.md#multiple-ingress-controllers) 
+within a cluster. When you create an ingress, you should annotate each ingress with the appropriate
+[`ingress.class`](https://git.k8s.io/ingress-gce/docs/faq/README.md#how-do-i-run-multiple-ingress-controllers-in-the-same-cluster) 
+to indicate which ingress controller should be used if more than one exists within your cluster.
+
+If you do not define a class, your cloud provider may use a default ingress controller.
+
+Ideally, all ingress controllers should fulfill this specification, but the various ingress
+controllers operate slightly differently.
+-->
+## 使用多个 Ingress 控制器
+
+你可以在集群中部署[任意数量的 ingress 控制器](https://git.k8s.io/ingress-nginx/docs/user-guide/multiple-ingress.md#multiple-ingress-controllers)。
+创建 ingress 时，应该使用适当的
+[`ingress.class`](https://git.k8s.io/ingress-gce/docs/faq/README.md#how-do-i-run-multiple-ingress-controllers-in-the-same-cluster) 注解每个 ingress 
+以表明在集群中如果有多个 ingress 控制器时，应该使用哪个 ingress 控制器。
+
+如果不定义 `ingress.class`，云提供商可能使用默认的 ingress 控制器。
+
+理想情况下，所有 ingress 控制器都应满足此规范，但各种 ingress 控制器的操作略有不同。
+
+{{< note >}}
+<!--
+Make sure you review your ingress controller's documentation to understand the caveats of choosing it.
+-->
+确保您查看了 ingress 控制器的文档，以了解选择它的注意事项。
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* Learn more about [Ingress](/docs/concepts/services-networking/ingress/).
+* [Set up Ingress on Minikube with the NGINX Controller](/docs/tasks/access-application-cluster/ingress-minikube).
+-->
+* 了解更多关于 [Ingress](/docs/concepts/services-networking/ingress/)。
+* [在 Minikube 上使用 NGINX 控制器安装 Ingress](/docs/tasks/access-application-cluster/ingress-minikube)。
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/services-networking/ingress.md b/content/zh/docs/concepts/services-networking/ingress.md
new file mode 100644
index 0000000000000..6fdb5df8c8728
--- /dev/null
+++ b/content/zh/docs/concepts/services-networking/ingress.md
@@ -0,0 +1,674 @@
+---
+reviewers:
+- bprashanth
+title: Ingress
+content_template: templates/concept
+weight: 40
+---
+
+{{% capture overview %}}
+{{< glossary_definition term_id="ingress" length="all" >}}
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Terminology
+
+Throughout this doc you will see a few terms that are sometimes used interchangeably elsewhere, that might cause confusion. This section attempts to clarify them.
+
+* Node: A single virtual or physical machine in a Kubernetes cluster.
+* Cluster: A group of nodes firewalled from the internet, that are the primary compute resources managed by Kubernetes.
+* Edge router: A router that enforces the firewall policy for your cluster. This could be a gateway managed by a cloud provider or a physical piece of hardware.
+* Cluster network: A set of links, logical or physical, that facilitate communication within a cluster according to the [Kubernetes networking model](/docs/concepts/cluster-administration/networking/). Examples of a Cluster network include Overlays such as [flannel](https://github.com/coreos/flannel#flannel) or SDNs such as [OVS](https://www.openvswitch.org/).
+* Service: A Kubernetes [Service](/docs/concepts/services-networking/service/) that identifies a set of pods using label selectors. Unless mentioned otherwise, Services are assumed to have virtual IPs only routable within the cluster network.
+-->
+
+## 专用术语
+
+在本文档中，您将看到一些有时在其他地方可互换使用的术语，这些术语可能会引起混淆。 本节试图澄清它们
+
+* 节点：Kubernetes 集群中的单个虚拟或物理机器。
+* 集群：互联网防火墙保护下的一组节点，它们是 Kubernetes 管理的主要计算资源。
+* 边缘路由器：为集群强制执行防火墙策略的路由器。这可以是由云提供商管理的网关或物理硬件。
+* 集群网络：一组逻辑或物理的链接，根据 [Kubernetes 网络模型](/docs/concepts/cluster-administration/networking/) 在集群内实现通信。集群网络的例子包括 覆盖网络，例如 [flannel](https://github.com/coreos/flannel#flannel)；或者SDN，例如 [OVS](https://www.openvswitch.org/)。
+* 服务：Kubernetes [服务](/docs/concepts/services-networking/service/) 使用标签选择器标识一组 Pod。除非另有说明，否则假定服务只具有在集群网络中可路由的虚拟 IP。
+
+<!--
+## What is Ingress?
+
+Typically, services and pods have IPs only routable by the cluster network. All traffic that ends up at an edge router is either dropped or forwarded elsewhere. Conceptually, this might look like:
+-->
+
+## Ingress 是什么？
+
+通常，服务 和 Pod 具有仅能在集群网络内路由的 IP 地址。在边缘路由器结束的所有流量都被丢弃或转发到别处。从概念上讲，这可能看起来像：
+
+```none
+    internet
+        |
+  ------------
+  [ Services ]
+```
+
+<!--
+An Ingress is a collection of rules that allow inbound connections to reach the cluster services.
+-->
+
+Ingress 是允许连接到集群 Service 的规则集合。
+
+```
+    互联网
+        |
+   [ Ingress ]
+   --|-----|--
+   [ Services ]
+```
+
+<!--
+It can be configured to give services externally-reachable URLs, load balance traffic, terminate SSL, offer name based virtual hosting, and more. Users request ingress by POSTing the Ingress resource to the API server. An [Ingress controller](#ingress-controllers) is responsible for fulfilling the Ingress, usually with a loadbalancer, though it may also configure your edge router or additional frontends to help handle the traffic in an HA manner.
+-->
+
+它可以被配置为提供外部可访问的URL、负载均衡流量、终止SSL、提供基于名称的虚拟托管等等。
+用户通过向 API 服务器 POST Ingress 资源来请求 Ingress。
+[Ingress 控制器](#ingress-controllers) 负责实现 Ingress，它通常使用负载均衡器，不过它也可以配置边缘路由器或其他前端，从而帮助用户以 HA 方式处理流量。
+
+<!--
+## Prerequisites
+
+Before you start using the Ingress resource, there are a few things you should understand. The Ingress is a beta resource, not available in any Kubernetes release prior to 1.1. You need an Ingress controller to satisfy an Ingress, simply creating the resource will have no effect.
+
+GCE/Google Kubernetes Engine deploys an ingress controller on the master. You can deploy any number of custom ingress controllers in a pod. You must annotate each ingress with the appropriate class, as indicated [here](https://git.k8s.io/ingress-nginx/docs/user-guide/multiple-ingress.md#multiple-ingress-controllers) and [here](https://git.k8s.io/ingress-gce/examples/PREREQUISITES.md#ingress-class).
+
+Make sure you review the [beta limitations](https://github.com/kubernetes/ingress-gce/blob/master/BETA_LIMITATIONS.md#glbc-beta-limitations) of this controller. In environments other than GCE/Google Kubernetes Engine, you need to [deploy a controller](https://git.k8s.io/ingress-nginx/README.md) as a pod.
+-->
+
+## 环境准备
+
+在开始使用 Ingress 资源之前，有一些事情您应该了解。
+Ingress 是 beta 资源，在 1.1 之前的任何 Kubernetes 版本中都不可用。
+您需要一个 Ingress 控制器来满足 Ingress，否则简单地创建资源将不起作用。
+
+GCE／Google Kubernetes Engine 是在主节点上部署 Ingress 控制器。
+您可以在 Pod 中部署任意数量的自定义 Ingress 控制器。
+您必须使用适当的类来注释每个 Ingress，如[这里](https://git.k8s.io/ingress-nginx/docs/user-guide/multiple-ingress.md#multiple-ingress-controllers) 和 [这里](https://git.k8s.io/ingress-gce/examples/PREREQUISITES.md#ingress-class) 所示。
+
+一定要检查一下这个控制器的 [beta 限制](https://github.com/kubernetes/ingress-gce/blob/master/BETA_LIMITATIONS.md#glbc-beta-limitations)。
+在 GCE／Google Kubernetes Engine 之外的环境中，需要将[控制器部署](https://git.k8s.io/ingress-nginx/README.md) 为 Pod。
+
+<!--
+## The Ingress Resource
+
+A minimal Ingress might look like:
+-->
+
+## Ingress 资源
+
+最小的 Ingress 可能看起来像这样：
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: test-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /testpath
+        backend:
+          serviceName: test
+          servicePort: 80
+```
+
+<!--
+*POSTing this to the API server will have no effect if you have not configured an [Ingress controller](#ingress-controllers).*
+
+__Lines 1-6__: As with all other Kubernetes config, an Ingress needs `apiVersion`, `kind`, and `metadata` fields.  For general information about working with config files, see [deploying applications](/docs/tasks/run-application/run-stateless-application-deployment/), [configuring containers](/docs/tasks/configure-pod-container/configure-pod-configmap/), [managing resources](/docs/concepts/cluster-administration/manage-deployment/) and [ingress configuration rewrite](https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/rewrite/README.md).
+
+__Lines 7-9__: Ingress [spec](https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status) has all the information needed to configure a loadbalancer or proxy server. Most importantly, it contains a list of rules matched against all incoming requests. Currently the Ingress resource only supports http rules.
+-->
+
+*如果尚未配置 [Ingress 控制器](#ingress-controllers)，则向 API 服务器 POST 操作将没有任何效果。*
+
+
+__1-6 行__: 与其他 Kubernetes 对象配置一样，Ingress 需要 `apiVersion`、`kind`、和 `metadata` 字段。
+有关使用配置文件的一般信息，请参见 
+[部署应用](/docs/tasks/run-application/run-stateless-application-deployment/)、
+[配置容器](/docs/tasks/configure-pod-container/configure-pod-configmap/)、
+[管理资源](/docs/concepts/cluster-administration/manage-deployment/) 
+和 [ingress 配置重写](https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/rewrite/README.md)。
+
+
+__7-9 行__: Ingress [spec](https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status) 具有配置负载均衡器或代理服务器所需的所有信息。
+最重要的是，它包含与所有传入请求相匹配的规则列表。目前，Ingress 资源仅支持 HTTP 规则。
+
+<!--
+__Lines 10-11__: Each http rule contains the following information: A host (e.g.: foo.bar.com, defaults to * in this example), a list of paths (e.g.: /testpath) each of which has an associated backend (test:80). Both the host and path must match the content of an incoming request before the loadbalancer directs traffic to the backend.
+
+__Lines 12-14__: A backend is a service:port combination as described in the [services doc](/docs/concepts/services-networking/service/). Ingress traffic is typically sent directly to the endpoints matching a backend.
+
+__Global Parameters__: For the sake of simplicity the example Ingress has no global parameters, see the [API reference](https://releases.k8s.io/{{< param "githubbranch" >}}/staging/src/k8s.io/api/extensions/v1beta1/types.go) for a full definition of the resource. One can specify a global default backend in the absence of which requests that don't match a path in the spec are sent to the default backend of the Ingress controller.
+-->
+
+__10-11 行__: 每个 HTTP 规则都包含以下信息：主机（例如：foo.bar.com，在本例中默认为 * ），路径列表（例如：/testpath），每个路径都有一个关联的后端（test:80）。
+在负载均衡器将流量路由到后端之前，主机和路径都必须与传入请求的规则匹配。
+
+__12-14 行__: 如[services doc](/docs/concepts/services-net./service/)中所述，后端（endpoint）是 “Service:port” 的组合。
+Ingress 流量通常被直接发送到与后端相匹配的端点。
+
+__全局参数__: 为了简单起见，Ingress 示例没有全局参数，有关资源的完整定义请参见 [API引用](https://releases.k8s.io/{{< param "githubbranch" >}}/staging/src/k8s.io/api/extensions/v1beta1/types.go)。
+您可以指定全局默认的后端，这样的话，当请求与 spec 中的路径不匹配时，就会被转发到 Ingress 控制器的默认后端。
+
+<!--
+## Ingress controllers
+
+In order for the Ingress resource to work, the cluster must have an Ingress controller running. This is unlike other types of controllers, which typically run as part of the `kube-controller-manager` binary, and which are typically started automatically as part of cluster creation. Choose the ingress controller implementation that best fits your cluster, or implement a new ingress controller. 
+-->
+
+## Ingress 控制器
+
+为了使 Ingress 资源正常工作，集群必须有 Ingress 控制器运行。
+这不同于其他类型的控制器，它们通常作为 `kube-controller-manager` 二进制文件的一部分运行，并且通常作为集群创建的一部分自动启动。
+请选择最适合您的集群的 Ingress 控制器，或者实现一个新的 Ingress 控制器。
+
+<!--
+* Kubernetes currently supports and maintains [GCE](https://git.k8s.io/ingress-gce/README.md) and [nginx](https://git.k8s.io/ingress-nginx/README.md) controllers. 
+* F5 Networks provides [support and maintenance](https://support.f5.com/csp/article/K86859508) for the [F5 BIG-IP Controller for Kubernetes](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest). 
+* [Kong](https://konghq.com/) offers [community](https://discuss.konghq.com/c/kubernetes) or [commercial](https://konghq.com/api-customer-success/) support and maintenance for the [Kong Ingress Controller for Kubernetes](https://konghq.com/blog/kubernetes-ingress-controller-for-kong/)
+* [Traefik](https://github.com/containous/traefik) is a fully featured ingress controller
+([Let's Encrypt](https://letsencrypt.org), secrets, http2, websocket...), and it also comes with commercial support by [Containous](https://containo.us/services)
+* [NGINX, Inc.](https://www.nginx.com/) offers support and maintenance for the [NGINX Ingress Controller for Kubernetes](https://www.nginx.com/products/nginx/kubernetes-ingress-controller)
+* [HAProxy](http://www.haproxy.org/) based ingress controller [jcmoraisjr/haproxy-ingress](https://github.com/jcmoraisjr/haproxy-ingress) which is mentioned on this blog post [HAProxy Ingress Controller for Kubernetes](https://www.haproxy.com/blog/haproxy_ingress_controller_for_kubernetes/)
+* [Istio](https://istio.io/) based ingress controller [Control Ingress Traffic](https://istio.io/docs/tasks/traffic-management/ingress/)
+
+{{< note >}}
+**Note:** Review the documentation for your controller to find its specific support policy.
+{{< /note >}}
+-->
+
+* Kubernetes 当前支持并维护 [GCE](https://git.k8s.io/ingress-gce/README.md) 和 [nginx](https://git.k8s.io/ingress-nginx/README.md) 控制器。
+* F5 Networks 为 [F5 BIG-IP Controller for Kubernetes](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest) 提供[支持和维护](https://support.f5.com/csp/article/K86859508)。
+* [Kong](https://konghq.com/) 为 [Kong Ingress Controller for Kubernetes](https://konghq.com/blog/kubernetes-ingress-controller-for-kong/) 提供 [社区版](https://discuss.konghq.com/c/kubernetes) 或 [商业版](https://konghq.com/api-customer-success/) 支持和维护。
+* [Traefik](https://github.com/containous/traefik) 是个全功能的 Ingress 控制器。
+([Let's Encrypt](https://letsencrypt.org), secrets, http2, websocket...), 它也伴随着 [Containous](https://containo.us/services) 的商业支持。
+* [NGINX, Inc.](https://www.nginx.com/) 为 [NGINX Ingress Controller for Kubernetes](https://www.nginx.com/products/nginx/kubernetes-ingress-controller) 提供支持和维护。
+* [HAProxy](http://www.haproxy.org/) 是 Ingress 控制器 [jcmoraisjr/haproxy-ingress](https://github.com/jcmoraisjr/haproxy-ingress) 的基础， 在这个博客中有提到它 [HAProxy Ingress Controller for Kubernetes](https://www.haproxy.com/blog/haproxy_ingress_controller_for_kubernetes/)。
+* [Istio](https://istio.io/) 是 Ingress 控制器 [Control Ingress Traffic](https://istio.io/docs/tasks/traffic-management/ingress/) 的基础。
+
+{{< note >}}
+**注意:** 请检查你的控制器的文档以找到其特定的支持策略。
+{{< /note >}}
+
+<!--
+## Before you begin
+
+The following document describes a set of cross-platform features exposed through the Ingress resource. Ideally, all Ingress controllers should fulfill this specification, but we're not there yet. We currently support and maintain [GCE](https://git.k8s.io/ingress-gce/README.md) and [nginx](https://git.k8s.io/ingress-nginx/README.md) controllers. If you use the F5 BIG-IP Controller, see [Use the BIG-IP Controller as a Kubernetes Ingress Controller](http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-k8s-ingress-ctlr.html). 
+-->
+
+## 在您开始之前
+
+下面的文档描述了通过Ingress资源公开的一组跨平台特性。
+理想情况下，所有 Ingress 控制器都应该满足这个规范，但是我们还没有。
+我们现在支持并维护 [GCE](https://git.k8s.io/ingress-gce/README.md) 和 [nginx](https://git.k8s.io/ingress-nginx/README.md) 控制器。
+如果您使用 F5 BIG-IP 控制器，请参考 [使用 BIG-IP 控制器作为 Kubernetes Ingress 控制器](http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-k8s-ingress-ctlr.html)。
+
+<!--
+{{< note >}}
+**Note:** Make sure you review your controller's specific docs so you understand the caveats.
+{{< /note >}}
+-->
+
+{{< note >}}
+**注意:** 请您一定要查看您的控制器的特定文档，以便您能理解这些警告。
+{{< /note >}}
+
+<!--
+## Types of Ingress
+
+### Single Service Ingress
+
+There are existing Kubernetes concepts that allow you to expose a single Service
+(see [alternatives](#alternatives)), however you can do so through an Ingress
+as well, by specifying a *default backend* with no rules.
+-->
+
+## Ingress 的类型
+
+### 单服务 Ingress
+
+现有的 Kubernetes 概念允许您暴露单个 Service (查看 [替代方案](#alternatives))，同样您也可以使用 Ingress 来实现，具体方法是指定一个没有规则的 *默认后端（default backend）*。
+
+
+{{< codenew file="service/networking/ingress.yaml" >}}
+
+<!--
+If you create it using `kubectl create -f` you should see:
+-->
+
+如果您用 `kubectl create -f`创建它，你应该看到：
+
+
+```shell
+kubectl get ingress test-ingress
+```
+
+```shell
+NAME           HOSTS     ADDRESS           PORTS     AGE
+test-ingress   *         107.178.254.228   80        59s
+```
+
+<!--
+Where `107.178.254.228` is the IP allocated by the Ingress controller to satisfy
+this Ingress.
+-->
+
+其中 `107.178.254.228` 是 Ingress 控制器为该 Ingress 分配的 IP 该。
+
+<!--
+### Simple fanout
+
+As described previously, Pods within kubernetes have IPs only visible on the
+cluster network, so we need something at the edge accepting ingress traffic and
+proxying it to the right endpoints. This component is usually a highly available
+loadbalancer. An Ingress allows you to keep the number of loadbalancers down
+to a minimum. For example, a setup like:
+-->
+
+### 简单分列
+
+如前所述，Kubernetes 中 Pod 的 IP 仅在集群网络上可见，所以我们需要在集群网络的边缘接收下行流量并将其代理到正确的端点。
+这个组件通常是一个高可用的负载均衡器。Ingress 允许您将负载均衡器的数量降至最低。例如，这样的设置：
+
+```shell
+foo.bar.com -> 178.91.123.132 -> / foo    s1:80
+                                 / bar    s2:80
+```
+
+<!--
+would require an Ingress such as:
+-->
+
+可能需要一个 Ingress 就像：
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: test
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+  - host: foo.bar.com
+    http:
+      paths:
+      - path: /foo
+        backend:
+          serviceName: s1
+          servicePort: 80
+      - path: /bar
+        backend:
+          serviceName: s2
+          servicePort: 80
+```
+
+<!--
+When you create the Ingress with `kubectl create -f`:
+-->
+
+当您使用 `kubectl create -f` 创建 Ingress 时：
+
+```shell
+kubectl describe ingress test
+```
+
+```shell
+Name:             test
+Namespace:        default
+Address:          178.91.123.132
+Default backend:  default-http-backend:80 (10.8.2.3:8080)
+Rules:
+  Host         Path  Backends
+  ----         ----  --------
+  foo.bar.com
+               /foo   s1:80 (10.8.0.90:80)
+               /bar   s2:80 (10.8.0.91:80)
+Annotations:
+  nginx.ingress.kubernetes.io/rewrite-target:  /
+Events:
+  Type     Reason  Age                From                     Message
+  ----     ------  ----               ----                     -------
+  Normal   ADD     22s                loadbalancer-controller  default/test
+```
+
+<!--
+The Ingress controller will provision an implementation specific loadbalancer
+that satisfies the Ingress, as long as the services (`s1`, `s2`) exist.
+When it has done so, you will see the address of the loadbalancer at the
+Address field.
+-->
+
+Ingress 控制器将提供实现特定的负载均衡器来满足 Ingress，只要 Service (`s1`，`s2`) 存在。
+当它这样做了，你会在地址栏看到负载平衡器的地址。
+
+{{< note >}}
+<!--**Note:** You need to create a default-http-backend [Service](/docs/concepts/services-networking/service/) if necessary.-->
+**注意:** 如果需要，你需要创建一个默认的 HTTP 后端 [Service](/docs/concepts/services-networking/service/)。
+{{< /note >}}
+
+
+<!--
+### Name based virtual hosting
+
+Name-based virtual hosts use multiple host names for the same IP address.
+-->
+
+### 基于名称的虚拟托管
+
+基于名称的虚拟主机为同一个 IP 地址使用多个主机名。
+
+```none
+foo.bar.com --|                 |-> foo.bar.com s1:80
+              | 178.91.123.132  |
+bar.foo.com --|                 |-> bar.foo.com s2:80
+```
+
+<!--
+The following Ingress tells the backing loadbalancer to route requests based on
+the [Host header](https://tools.ietf.org/html/rfc7230#section-5.4).
+-->
+
+下面的 Ingress 让后台的负载均衡器基于 [Host header](https://tools.ietf.org/html/rfc7230#section-5.4) 路由请求。
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: test
+spec:
+  rules:
+  - host: foo.bar.com
+    http:
+      paths:
+      - backend:
+          serviceName: s1
+          servicePort: 80
+  - host: bar.foo.com
+    http:
+      paths:
+      - backend:
+          serviceName: s2
+          servicePort: 80
+```
+
+<!--
+__Default Backends__: An Ingress with no rules, like the one shown in the previous
+section, sends all traffic to a single default backend. You can use the same
+technique to tell a loadbalancer where to find your website's 404 page, by
+specifying a set of rules *and* a default backend. Traffic is routed to your
+default backend if none of the Hosts in your Ingress match the Host in the
+request header, and/or none of the paths match the URL of the request.
+-->
+
+__默认后端__: 一个没有规则的 Ingress，如前面部分所示，它将所有流量发送到单个默认后端。
+通过指定一组规则*和*默认后端，您可以使用相同的技术来告诉负载均衡器在哪里找到网站的 404 页面。
+如果 Ingress 中的主机与请求头中的主机不匹配，和/或没有路径与请求的 URL 匹配，则流量被路由到默认后端。
+
+<!--
+### TLS
+
+You can secure an Ingress by specifying a [secret](/docs/concepts/configuration/secret)
+that contains a TLS private key and certificate. Currently the Ingress only
+supports a single TLS port, 443, and assumes TLS termination. If the TLS
+configuration section in an Ingress specifies different hosts, they will be
+multiplexed on the same port according to the hostname specified through the
+SNI TLS extension (provided the Ingress controller supports SNI). The TLS secret
+must contain keys named `tls.crt` and `tls.key` that contain the certificate
+and private key to use for TLS, e.g.:
+-->
+
+### TLS
+
+您可以通过指定包含TLS私钥和证书的 [secret](/docs/concepts/configuration/secret) 来加密 Ingress。
+目前，Ingress 只支持单个 TLS 端口，443，并假定 TLS 终止。
+如果 Ingress 中的 TLS 配置部分指定了不同的主机，那么它们将根据通过 SNI TLS 扩展指定的主机名（如果 Ingress 控制器支持 SNI）在同一端口上进行复用。
+TLS Secret 必须包含名为 `tls.crt` 和 `tls.key` 的密钥，这些密钥包含用于 TLS 的证书和私钥，例如：
+
+```yaml
+apiVersion: v1
+data:
+  tls.crt: base64 encoded cert
+  tls.key: base64 encoded key
+kind: Secret
+metadata:
+  name: testsecret
+  namespace: default
+type: Opaque
+```
+
+<!--
+Referencing this secret in an Ingress will tell the Ingress controller to
+secure the channel from the client to the loadbalancer using TLS:
+-->
+
+在 Ingress 中引用此 Secret 将会告诉 Ingress 控制器使用 TLS 保护从客户端到负载均衡器的通道：
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: no-rules-map
+spec:
+  tls:
+  - secretName: testsecret
+  backend:
+    serviceName: s1
+    servicePort: 80
+```
+
+<!--
+Note that there is a gap between TLS features supported by various Ingress
+controllers. Please refer to documentation on
+[nginx](https://git.k8s.io/ingress-nginx/README.md#https),
+[GCE](https://git.k8s.io/ingress-gce/README.md#frontend-https), or any other
+platform specific Ingress controller to understand how TLS works in your environment.
+-->
+
+注意，各种 Ingress 控制器所支持的 TLS 功能之间存在间隙。请参阅有关文件
+[nginx](https://git.k8s.io/ingress-nginx/README.md#https)，
+[GCE](https://git.k8s.io/ingress-gce/README.md#frontend-https)， 
+或任何其他平台特定的 Ingress 控制器，以了解 TLS 如何在您的环境中工作。
+
+<!--
+### Loadbalancing
+
+An Ingress controller is bootstrapped with some load balancing policy settings
+that it applies to all Ingress, such as the load balancing algorithm, backend
+weight scheme, and others. More advanced load balancing concepts
+(e.g. persistent sessions, dynamic weights) are not yet exposed through the
+Ingress. You can still get these features through the
+[service loadbalancer](https://github.com/kubernetes/ingress-nginx).
+ With time, we plan to distill load balancing patterns that are applicable
+cross platform into the Ingress resource.
+-->
+
+### 负载均衡
+
+Ingress控制器使用一些适用于所有 Ingress 的负载均衡策略设置进行自举，例如负载平衡算法、后端权重方案等。
+更高级的负载平衡概念（例如，持久会话、动态权重）尚未通过Ingress公开。
+您仍然可以通过 [Service 负载均衡器](https://github.com/kubernetes/ingress-nginx) 获得这些特性。
+随着时间的推移，我们计划将跨平台应用的负载平衡模式提取到 Ingress 资源中。
+
+<!--
+It's also worth noting that even though health checks are not exposed directly
+through the Ingress, there exist parallel concepts in Kubernetes such as
+[readiness probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/)
+which allow you to achieve the same end result. Please review the controller
+specific docs to see how they handle health checks (
+[nginx](https://git.k8s.io/ingress-nginx/README.md),
+[GCE](https://git.k8s.io/ingress-gce/README.md#health-checks)).
+-->
+
+值得注意的是，即使健康检查不是通过 Ingress 直接暴露的，但是在 Kubernetes 中存在并行概念，比如 [就绪检查](/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/)，它允许您实现相同的最终结果。
+请检查控制器说明文档，以了解他们是怎样实现健康检查的 (
+[nginx](https://git.k8s.io/ingress-nginx/README.md)，
+[GCE](https://git.k8s.io/ingress-gce/README.md#health-checks))。
+
+
+<!--
+## Updating an Ingress
+
+Say you'd like to add a new Host to an existing Ingress, you can update it by editing the resource:
+-->
+
+## 更新 Ingress
+
+假设您想向现有的 Ingress 中添加新主机，可以通过编辑资源来更新它：
+
+```shell
+kubectl describe ingress test
+```
+
+```shell
+Name:             test
+Namespace:        default
+Address:          178.91.123.132
+Default backend:  default-http-backend:80 (10.8.2.3:8080)
+Rules:
+  Host         Path  Backends
+  ----         ----  --------
+  foo.bar.com
+               /foo   s1:80 (10.8.0.90:80)
+Annotations:
+  nginx.ingress.kubernetes.io/rewrite-target:  /
+Events:
+  Type     Reason  Age                From                     Message
+  ----     ------  ----               ----                     -------
+  Normal   ADD     35s                loadbalancer-controller  default/test
+```
+
+```shell
+kubectl edit ingress test
+```
+
+<!--
+This should pop up an editor with the existing yaml, modify it to include the new Host:
+-->
+
+这应该弹出一个编辑器与现有的 yaml，修改它来增加新的主机：
+
+```yaml
+spec:
+  rules:
+  - host: foo.bar.com
+    http:
+      paths:
+      - backend:
+          serviceName: s1
+          servicePort: 80
+        path: /foo
+  - host: bar.baz.com
+    http:
+      paths:
+      - backend:
+          serviceName: s2
+          servicePort: 80
+        path: /foo
+..
+```
+
+<!--
+Saving the yaml will update the resource in the API server, which should tell the Ingress controller to reconfigure the loadbalancer.
+-->
+
+保存 yaml 将更新 API 服务器中的资源，这应该会告诉 Ingress 控制器来重新配置负载均衡器。
+
+```shell
+kubectl describe ingress test
+```
+
+```shell
+Name:             test
+Namespace:        default
+Address:          178.91.123.132
+Default backend:  default-http-backend:80 (10.8.2.3:8080)
+Rules:
+  Host         Path  Backends
+  ----         ----  --------
+  foo.bar.com
+               /foo   s1:80 (10.8.0.90:80)
+  bar.baz.com
+               /foo   s2:80 (10.8.0.91:80)
+Annotations:
+  nginx.ingress.kubernetes.io/rewrite-target:  /
+Events:
+  Type     Reason  Age                From                     Message
+  ----     ------  ----               ----                     -------
+  Normal   ADD     45s                loadbalancer-controller  default/test
+```
+
+<!--
+You can achieve the same by invoking `kubectl replace -f` on a modified Ingress yaml file.
+-->
+
+您可以通过 `kubectl replace -f` 命令调用修改后的 Ingress yaml 文件来获得同样的结果。
+
+<!--
+## Failing across availability zones
+
+Techniques for spreading traffic across failure domains differs between cloud providers. Please check the documentation of the relevant Ingress controller for details. Please refer to the federation [doc](/docs/concepts/cluster-administration/federation/) for details on deploying Ingress in a federated cluster.
+-->
+
+## 跨可用区失败
+
+用于跨故障域传播流量的技术在云提供商之间是不同的。详情请查阅相关 Ingress 控制器的文档。
+有关在联邦集群中部署 Ingress 的详细信息，请参阅联邦 [文档](/docs/concepts/cluster-administration/federation/)。 
+
+
+<!--
+## Future Work
+
+* Various modes of HTTPS/TLS support (e.g.: SNI, re-encryption)
+* Requesting an IP or Hostname via claims
+* Combining L4 and L7 Ingress
+* More Ingress controllers
+
+Please track the [L7 and Ingress proposal](https://github.com/kubernetes/kubernetes/pull/12827) for more details on the evolution of the resource, and the [Ingress repository](https://github.com/kubernetes/ingress/tree/master) for more details on the evolution of various Ingress controllers.
+-->
+
+## 未来的工作
+
+*各种 HTTPS/TLS 模式的支持（例如：SNI、重加密）
+*通过声明请求IP或主机名
+*合并 L4 和 L7 Ingress
+*更多 Ingress 控制器
+
+请跟踪 [L7 and Ingress proposal](https://github.com/kubernetes/kubernetes/pull/12827)以了解关于资源演化的更多细节，以及 [Ingress repository](https://github.com/kubernetes/ingress/tree/master) 以了解关于各种 Ingress 控制器演进的更多细节。
+
+<!--
+## Alternatives
+
+You can expose a Service in multiple ways that don't directly involve the Ingress resource:
+
+* Use [Service.Type=LoadBalancer](/docs/concepts/services-networking/service/#loadbalancer)
+* Use [Service.Type=NodePort](/docs/concepts/services-networking/service/#nodeport)
+* Use a [Port Proxy](https://git.k8s.io/contrib/for-demos/proxy-to-service)
+-->
+
+## 替代方案
+
+不直接使用 Ingress 资源，也有多种方法暴露 Service：
+
+* 使用 [Service.Type=LoadBalancer](/docs/concepts/services-networking/service/#loadbalancer)
+* 使用 [Service.Type=NodePort](/docs/concepts/services-networking/service/#nodeport)
+* 使用 [端口代理](https://git.k8s.io/contrib/for-demos/proxy-to-service)
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/concepts/services-networking/service.md b/content/zh/docs/concepts/services-networking/service.md
index 6e9705b22129a..534a01cf4700b 100644
--- a/content/zh/docs/concepts/services-networking/service.md
+++ b/content/zh/docs/concepts/services-networking/service.md
@@ -1,46 +1,103 @@
 ---
-approvers:
+reviewers:
 - bprashanth
-title: Service
-redirect_from:
-- "/docs/user-guide/services/"
-- "/docs/user-guide/services/index.html"
+title: Services
+feature:
+  title: 服务发现与负载均衡
+  description: >
+    无需修改您的应用程序即可使用陌生的服务发现机制。Kubernetes 为容器提供了自己的 IP 地址和一个 DNS 名称，并且可以在它们之间实现负载平衡。
+
+content_template: templates/concept
+weight: 10
 ---
 
+<!--
+---
+reviewers:
+- bprashanth
+title: Services
+feature:
+  title: Service discovery and load balancing
+  description: >
+    No need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers, and can load-balance across them.
+
+content_template: templates/concept
+weight: 10
+---
+-->
 
 
+{{% capture overview %}}
+
+<!--
+Kubernetes [`Pods`](/docs/concepts/workloads/pods/pod/) are mortal. They are born and when they die, they
+are not resurrected.  [`ReplicaSets`](/docs/concepts/workloads/controllers/replicaset/) in
+particular create and destroy `Pods` dynamically (e.g. when scaling out or in).  While each `Pod` gets its own IP address, even
+those IP addresses cannot be relied upon to be stable over time. This leads to
+a problem: if some set of `Pods` (let's call them backends) provides
+functionality to other `Pods` (let's call them frontends) inside the Kubernetes
+cluster, how do those frontends find out and keep track of which backends are
+in that set?
+-->
+
 Kubernetes [`Pod`](/docs/user-guide/pods) 是有生命周期的，它们可以被创建，也可以被销毁，然而一旦被销毁生命就永远结束。 
 通过 [`ReplicaSets`](/docs/concepts/workloads/controllers/replicaset/) 能够动态地创建和销毁 `Pod`（例如，需要进行扩缩容，或者执行 [滚动升级](/docs/user-guide/kubectl/v1.7/#rolling-update)）。 
 每个 `Pod` 都会获取它自己的 IP 地址，即使这些 IP 地址不总是稳定可依赖的。
 这会导致一个问题：在 Kubernetes 集群中，如果一组 `Pod`（称为 backend）为其它 `Pod` （称为 frontend）提供服务，那么那些 frontend 该如何发现，并连接到这组 `Pod` 中的哪些 backend 呢？
 
+<!--
+Enter `Services`.
+-->
 
+关于 `Services`
 
-关于 `Service`
-
-
+<!--
+A Kubernetes `Service` is an abstraction which defines a logical set of `Pods`
+and a policy by which to access them - sometimes called a micro-service.  The
+set of `Pods` targeted by a `Service` is (usually) determined by a [`Label
+Selector`](/docs/concepts/overview/working-with-objects/labels/#label-selectors) (see below for why you might want a
+`Service` without a selector).
+-->
 
 Kubernetes `Service` 定义了这样一种抽象：逻辑上的一组 `Pod`，一种可以访问它们的策略 —— 通常称为微服务。
 这一组 `Pod` 能够被 `Service` 访问到，通常是通过 [`Label Selector`](/docs/concepts/overview/working-with-objects/labels/#label-selectors)（查看下面了解，为什么可能需要没有 selector 的 `Service`）实现的。
 
-
+<!--
+As an example, consider an image-processing backend which is running with 3
+replicas.  Those replicas are fungible - frontends do not care which backend
+they use.  While the actual `Pods` that compose the backend set may change, the
+frontend clients should not need to be aware of that or keep track of the list
+of backends themselves.  The `Service` abstraction enables this decoupling.
+-->
 
 举个例子，考虑一个图片处理 backend，它运行了3个副本。这些副本是可互换的 —— frontend 不需要关心它们调用了哪个 backend 副本。
 然而组成这一组 backend 程序的 `Pod` 实际上可能会发生变化，frontend 客户端不应该也没必要知道，而且也不需要跟踪这一组 backend 的状态。
 `Service` 定义的抽象能够解耦这种关联。
 
-
+<!--
+For Kubernetes-native applications, Kubernetes offers a simple `Endpoints` API
+that is updated whenever the set of `Pods` in a `Service` changes.  For
+non-native applications, Kubernetes offers a virtual-IP-based bridge to Services
+which redirects to the backend `Pods`.
+-->
 
 对 Kubernetes 集群中的应用，Kubernetes 提供了简单的 `Endpoints` API，只要 `Service` 中的一组 `Pod` 发生变更，应用程序就会被更新。
 对非 Kubernetes 集群中的应用，Kubernetes 提供了基于 VIP 的网桥的方式访问 `Service`，再由 `Service` 重定向到 backend `Pod`。
 
-{{< toc >}}
 
+{{% /capture %}}
 
+{{% capture body %}}
 
-## 定义 Service
-
+<!--
+## Defining a service
+A `Service` in Kubernetes is a REST object, similar to a `Pod`.  Like all of the
+REST objects, a `Service` definition can be POSTed to the apiserver to create a
+new instance.  For example, suppose you have a set of `Pods` that each expose
+port 9376 and carry a label `"app=MyApp"`.
+-->
 
+## 定义 Service
 
 一个 `Service` 在 Kubernetes 中是一个 REST 对象，和 `Pod` 类似。
 像所有的 REST 对象一样， `Service` 定义可以基于 POST 方式，请求 apiserver 创建新的实例。
@@ -60,13 +117,29 @@ spec:
       targetPort: 9376
 ```
 
-
+<!--
+This specification will create a new `Service` object named "my-service" which
+targets TCP port 9376 on any `Pod` with the `"app=MyApp"` label.  This `Service`
+will also be assigned an IP address (sometimes called the "cluster IP"), which
+is used by the service proxies (see below).  The `Service`'s selector will be
+evaluated continuously and the results will be POSTed to an `Endpoints` object
+also named "my-service".
+-->
 
 上述配置将创建一个名称为 “my-service” 的 `Service` 对象，它会将请求代理到使用 TCP 端口 9376，并且具有标签 `"app=MyApp"` 的 `Pod` 上。
 这个 `Service` 将被指派一个 IP 地址（通常称为 “Cluster IP”），它会被服务的代理使用（见下面）。
 该 `Service` 的 selector 将会持续评估，处理结果将被 POST 到一个名称为 “my-service” 的 `Endpoints` 对象上。
 
-
+<!--
+Note that a `Service` can map an incoming port to any `targetPort`.  By default
+the `targetPort` will be set to the same value as the `port` field.  Perhaps
+more interesting is that `targetPort` can be a string, referring to the name of
+a port in the backend `Pods`.  The actual port number assigned to that name can
+be different in each backend `Pod`. This offers a lot of flexibility for
+deploying and evolving your `Services`.  For example, you can change the port
+number that pods expose in the next version of your backend software, without
+breaking clients.
+-->
 
 需要注意的是， `Service` 能够将一个接收端口映射到任意的 `targetPort`。
 默认情况下，`targetPort` 将被设置为与 `port` 字段相同的值。
@@ -75,16 +148,32 @@ spec:
 对于部署和设计 `Service` ，这种方式会提供更大的灵活性。
 例如，可以在 backend 软件下一个版本中，修改 Pod 暴露的端口，并不会中断客户端的调用。
 
-
+<!--
+Kubernetes `Services` support `TCP`, `UDP` and `SCTP` for protocols.  The default
+is `TCP`.
+-->
 
 Kubernetes `Service` 能够支持 `TCP` 和 `UDP` 协议，默认 `TCP` 协议。 
 
-
+{{< note >}}
+自 Kubernetes 1.12 以来，SCTP 的支持是 alpha 功能。
+{{< /note >}}
+
+<!--
+### Services without selectors
+Services generally abstract access to Kubernetes `Pods`, but they can also
+abstract other kinds of backends.  For example:
+  * You want to have an external database cluster in production, but in test
+    you use your own databases.
+  * You want to point your service to a service in another
+    [`Namespace`](/docs/concepts/overview/working-with-objects/namespaces/) or on another cluster.
+  * You are migrating your workload to Kubernetes and some of your backends run
+    outside of Kubernetes.
+In any of these scenarios you can define a service without a selector:
+-->
 
 ### 没有 selector 的 Service
 
-
-
 Servcie 抽象了该如何访问 Kubernetes `Pod`，但也能够抽象其它类型的 backend，例如：
 
 * 希望在生产环境中使用外部的数据库集群，但测试环境使用自己的数据库。
@@ -105,6 +194,10 @@ spec:
       targetPort: 9376
 ```
 
+<!--
+Because this service has no selector, the corresponding `Endpoints` object will not be
+created. You can manually map the service to your own specific endpoints:
+-->
 
 由于这个 `Service` 没有 selector，就不会创建相关的 `Endpoints` 对象。可以手动将 `Service` 映射到指定的 `Endpoints`：
 
@@ -120,57 +213,76 @@ subsets:
       - port: 9376
 ```
 
-
-
-注意：Endpoint IP 地址不能是 loopback（127.0.0.0/8）、 link-local（169.254.0.0/16）、或者 link-local 多播（224.0.0.0/24）。
-
-
+<!--
+{{< note >}}
+The endpoint IPs may not be loopback (127.0.0.0/8), link-local
+(169.254.0.0/16), or link-local multicast (224.0.0.0/24). They cannot be the
+cluster IPs of other Kubernetes services either because the `kube-proxy`
+component doesn't support virtual IPs as destination yet.
+{{< /note >}}
+-->
+
+{{< note >}}
+注意：Endpoint IP 地址不能是 loopback（127.0.0.0/8）、 link-local（169.254.0.0/16）、或者 link-local 多播（224.0.0.0/24）。它们不能是其他 Kubernetes 服务的集群 IP，因为 `kube-proxy` 组件不支持虚拟 IP 作为目的地。
+{{< /note >}}
+
+<!--
+Accessing a `Service` without a selector works the same as if it had a selector.
+The traffic will be routed to endpoints defined by the user (`1.2.3.4:9376` in
+this example).
+-->
 
 访问没有 selector 的 `Service`，与有 selector 的 `Service` 的原理相同。请求将被路由到用户定义的 Endpoint（该示例中为 `1.2.3.4:9376`）。
 
-
-
-ExternalName `Service` 是 `Service` 的特例，它没有 selector，也没有定义任何的端口和 Endpoint。
-相反地，对于运行在集群外部的服务，它通过返回该外部服务的别名这种方式来提供服务。
-
-```yaml
-kind: Service
-apiVersion: v1
-metadata:
-  name: my-service
-  namespace: prod
-spec:
-  type: ExternalName
-  externalName: my.database.example.com
-```
-
-
-
-当查询主机 `my-service.prod.svc.CLUSTER`时，集群的 DNS 服务将返回一个值为 `my.database.example.com` 的 `CNAME` 记录。
-访问这个服务的工作方式与其它的相同，唯一不同的是重定向发生在 DNS 层，而且不会进行代理或转发。
-如果后续决定要将数据库迁移到 Kubernetes 集群中，可以启动对应的 Pod，增加合适的 Selector 或 Endpoint，修改 `Service` 的 `type`。
-
-
+<!--
+An ExternalName service is a special case of service that does not have
+selectors and uses DNS names instead. For more information, see the
+[ExternalName](#externalname) section later in this document.
+-->
+
+ExternalName `Service` 是 `Service` 的特例，它没有 selector，也没有使用 DNS 名称代替。
+有关更多信息，请参阅本文档后面的[`ExternalName`](#externalname)。
+
+<!--
+## Virtual IPs and service proxies
+Every node in a Kubernetes cluster runs a `kube-proxy`. `kube-proxy` is
+responsible for implementing a form of virtual IP for `Services` of type other
+than [`ExternalName`](#externalname).
+In Kubernetes v1.0, `Services` are a "layer 4" (TCP/UDP over IP) construct, the
+proxy was purely in userspace.  In Kubernetes v1.1, the `Ingress` API was added
+(beta) to represent "layer 7"(HTTP) services, iptables proxy was added too,
+and became the default operating mode since Kubernetes v1.2. In Kubernetes v1.8.0-beta.0,
+ipvs proxy was added.
+-->
 
 ## VIP 和 Service 代理
 
+在 Kubernetes 集群中，每个 Node 运行一个 `kube-proxy` 进程。`kube-proxy` 负责为 `Service` 实现了一种 VIP（虚拟 IP）的形式，而不是 [`ExternalName`](#externalname) 的形式。
 
-
-在 Kubernetes 集群中，每个 Node 运行一个 `kube-proxy` 进程。`kube-proxy` 负责为 `Service` 实现了一种 VIP（虚拟 IP）的形式，而不是 `ExternalName` 的形式。
-在 Kubernetes v1.0 版本，代理完全在 userspace。在 Kubernetes v1.1 版本，新增了 iptables 代理，但并不是默认的运行模式。
-从 Kubernetes v1.2 起，默认就是 iptables 代理。
+在 Kubernetes v1.0 版本，`Services` 是 "L4" (IP 层上的 TCP/UDP) 构造，代理完全在 userspace。在 Kubernetes v1.1 版本，新增了 `Ingress` API (beta) "L 7"(HTTP) 服务与 iptables 代理，自 Kubernetes v1.2 以来成为默认的操作模式。
+在 Kubernetes v1.8.0-beta.0 中，添加了 ipvs 代理。
 
 
 
 在 Kubernetes v1.0 版本，`Service` 是 “4层”（TCP/UDP over IP）概念。
 在 Kubernetes v1.1 版本，新增了 `Ingress` API（beta 版），用来表示 “7层”（HTTP）服务。
 
-
+<!--
+### Proxy-mode: userspace
+In this mode, kube-proxy watches the Kubernetes master for the addition and
+removal of `Service` and `Endpoints` objects. For each `Service` it opens a
+port (randomly chosen) on the local node.  Any connections to this "proxy port"
+will be proxied to one of the `Service`'s backend `Pods` (as reported in
+`Endpoints`).  Which backend `Pod`  to use is decided based on the
+`SessionAffinity` of the `Service`.  Lastly, it installs iptables rules which
+capture traffic to the `Service`'s `clusterIP` (which is virtual) and `Port`
+and redirects that traffic to the proxy port which proxies the backend `Pod`.
+By default, the choice of backend is round robin.
+![Services overview diagram for userspace proxy](/images/docs/services-userspace-overview.svg)
+-->
 
 ### userspace 代理模式
 
-
-
 这种模式，kube-proxy 会监视 Kubernetes master 对 `Service` 对象和 `Endpoints` 对象的添加和移除。
 对每个 `Service`，它会在本地 Node 上打开一个端口（随机选择）。
 任何连接到“代理端口”的请求，都会被代理到 `Service` 的backend `Pods` 中的某个上面（如 `Endpoints` 所报告的一样）。
@@ -190,12 +302,24 @@ spec:
 
 ![userspace代理模式下Service概览图](/images/docs/services-userspace-overview.svg)
 
-
+<!--
+### Proxy-mode: iptables
+In this mode, kube-proxy watches the Kubernetes master for the addition and
+removal of `Service` and `Endpoints` objects. For each `Service`, it installs
+iptables rules which capture traffic to the `Service`'s `clusterIP` (which is
+virtual) and `Port` and redirects that traffic to one of the `Service`'s
+backend sets.  For each `Endpoints` object, it installs iptables rules which
+select a backend `Pod`. By default, the choice of backend is random.
+Obviously, iptables need not switch back between userspace and kernelspace, it should be
+faster and more reliable than the userspace proxy. However, unlike the
+userspace proxier, the iptables proxier cannot automatically retry another
+`Pod` if the one it initially selects does not respond, so it depends on
+having working [readiness probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#defining-readiness-probes).
+![Services overview diagram for iptables proxy](/images/docs/services-iptables-overview.svg)
+-->
 
 ### iptables 代理模式
 
-
-
 这种模式，kube-proxy 会监视 Kubernetes master 对 `Service` 对象和 `Endpoints` 对象的添加和移除。
 对每个 `Service`，它会安装 iptables 规则，从而捕获到达该 `Service` 的 `clusterIP`（虚拟 IP）和端口的请求，进而将请求重定向到 `Service` 的一组 backend 中的某个上面。
 对于每个 `Endpoints` 对象，它也会安装 iptables 规则，这个规则会选择一个 backend `Pod`。
@@ -214,7 +338,68 @@ spec:
 
 ![iptables代理模式下Service概览图](/images/docs/services-iptables-overview.svg)
 
-
+<!--
+### Proxy-mode: ipvs
+{{< feature-state for_k8s_version="v1.9" state="beta" >}}
+In this mode, kube-proxy watches Kubernetes Services and Endpoints,
+calls `netlink` interface to create ipvs rules accordingly and syncs ipvs rules with Kubernetes
+Services and Endpoints periodically, to make sure ipvs status is
+consistent with the expectation. When Service is accessed, traffic will
+be redirected to one of the backend Pods.
+Similar to iptables, Ipvs is based on netfilter hook function, but uses hash
+table as the underlying data structure and works in the kernel space.
+That means ipvs redirects traffic much faster, and has much
+better performance when syncing proxy rules. Furthermore, ipvs provides more
+options for load balancing algorithm, such as:
+- `rr`: round-robin
+- `lc`: least connection
+- `dh`: destination hashing
+- `sh`: source hashing
+- `sed`: shortest expected delay
+- `nq`: never queue
+{{< note >}}
+ipvs mode assumes IPVS kernel modules are installed on the node
+before running kube-proxy. When kube-proxy starts with ipvs proxy mode,
+kube-proxy would validate if IPVS modules are installed on the node, if
+it's not installed kube-proxy will fall back to iptables proxy mode.
+{{< /note >}}
+![Services overview diagram for ipvs proxy](/images/docs/services-ipvs-overview.svg)
+In any of these proxy model, any traffic bound for the Service’s IP:Port is
+proxied to an appropriate backend without the clients knowing anything
+about Kubernetes or Services or Pods. Client-IP based session affinity
+can be selected by setting `service.spec.sessionAffinity` to "ClientIP"
+(the default is "None"), and you can set the max session sticky time by
+setting the field `service.spec.sessionAffinityConfig.clientIP.timeoutSeconds`
+if you have already set `service.spec.sessionAffinity` to "ClientIP"
+(the default is “10800”).
+-->
+
+<!--
+## Multi-Port Services
+Many `Services` need to expose more than one port.  For this case, Kubernetes
+supports multiple port definitions on a `Service` object.  When using multiple
+ports you must give all of your ports names, so that endpoints can be
+disambiguated.  For example:
+```yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: my-service
+spec:
+  selector:
+    app: MyApp
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 9376
+  - name: https
+    protocol: TCP
+    port: 443
+    targetPort: 9377
+```
+Note that the port names must only contain lowercase alphanumeric characters and `-`, and must begin & end with an alphanumeric character. `123-abc` and `web` are valid, but `123_abc` and `-web` are not valid names.
+-->
 
 ## 多端口 Service
 
@@ -242,23 +427,43 @@ spec:
         targetPort: 9377
 ```
 
-
+<!--
+## Choosing your own IP address
+You can specify your own cluster IP address as part of a `Service` creation
+request.  To do this, set the `.spec.clusterIP` field. For example, if you
+already have an existing DNS entry that you wish to reuse, or legacy systems
+that are configured for a specific IP address and difficult to re-configure.
+The IP address that a user chooses must be a valid IP address and within the
+`service-cluster-ip-range` CIDR range that is specified by flag to the API
+server.  If the IP address value is invalid, the apiserver returns a 422 HTTP
+status code to indicate that the value is invalid.
+-->
 
 ## 选择自己的 IP 地址
 
-
-
 在 `Service` 创建的请求中，可以通过设置 `spec.clusterIP` 字段来指定自己的集群 IP 地址。
 比如，希望替换一个已经已存在的 DNS 条目，或者遗留系统已经配置了一个固定的 IP 且很难重新配置。
 用户选择的 IP 地址必须合法，并且这个 IP 地址在 `service-cluster-ip-range` CIDR 范围内，这对 API Server 来说是通过一个标识来指定的。
 如果 IP 地址不合法，API Server 会返回 HTTP 状态码 422，表示值不合法。
 
 
+<!--
+### Why not use round-robin DNS?
+A question that pops up every now and then is why we do all this stuff with
+virtual IPs rather than just use standard round-robin DNS.  There are a few
+reasons:
+   * There is a long history of DNS libraries not respecting DNS TTLs and
+     caching the results of name lookups.
+   * Many apps do DNS lookups once and cache the results.
+   * Even if apps and libraries did proper re-resolution, the load of every
+     client re-resolving DNS over and over would be difficult to manage.
+We try to discourage users from doing things that hurt themselves.  That said,
+if enough people ask for this, we may implement it as an alternative.
+-->
 
 ### 为何不使用 round-robin DNS？
 
 
-
 一个不时出现的问题是，为什么我们都使用 VIP 的方式，而不使用标准的 round-robin DNS，有如下几个原因：
 
 * 长久以来，DNS 库都没能认真对待 DNS TTL、缓存域名查询结果
@@ -267,20 +472,42 @@ spec:
 
 我们尽力阻止用户做那些对他们没有好处的事情，如果很多人都来问这个问题，我们可能会选择实现它。
 
-
+<!--
+## Discovering services
+Kubernetes supports 2 primary modes of finding a `Service` - environment
+variables and DNS.
+-->
 
 ## 服务发现
 
-
-
 Kubernetes 支持2种基本的服务发现模式 —— 环境变量和 DNS。
-
-
+<!--
+### Environment variables
+When a `Pod` is run on a `Node`, the kubelet adds a set of environment variables
+for each active `Service`.  It supports both [Docker links
+compatible](https://docs.docker.com/userguide/dockerlinks/) variables (see
+[makeLinkVariables](http://releases.k8s.io/{{< param "githubbranch" >}}/pkg/kubelet/envvars/envvars.go#L49))
+and simpler `{SVCNAME}_SERVICE_HOST` and `{SVCNAME}_SERVICE_PORT` variables,
+where the Service name is upper-cased and dashes are converted to underscores.
+For example, the Service `"redis-master"` which exposes TCP port 6379 and has been
+allocated cluster IP address 10.0.0.11 produces the following environment
+variables:
+```shell
+REDIS_MASTER_SERVICE_HOST=10.0.0.11
+REDIS_MASTER_SERVICE_PORT=6379
+REDIS_MASTER_PORT=tcp://10.0.0.11:6379
+REDIS_MASTER_PORT_6379_TCP=tcp://10.0.0.11:6379
+REDIS_MASTER_PORT_6379_TCP_PROTO=tcp
+REDIS_MASTER_PORT_6379_TCP_PORT=6379
+REDIS_MASTER_PORT_6379_TCP_ADDR=10.0.0.11
+```
+*This does imply an ordering requirement* - any `Service` that a `Pod` wants to
+access must be created before the `Pod` itself, or else the environment
+variables will not be populated.  DNS does not have this restriction.
+-->
 
 ### 环境变量
 
-
-
 当 `Pod` 运行在 `Node` 上，kubelet 会为每个活跃的 `Service` 添加一组环境变量。
 它同时支持 [Docker links兼容](https://docs.docker.com/userguide/dockerlinks/) 变量（查看 [makeLinkVariables](http://releases.k8s.io/{{< param "githubbranch" >}}/pkg/kubelet/envvars/envvars.go#L49)）、简单的 `{SVCNAME}_SERVICE_HOST` 和 `{SVCNAME}_SERVICE_PORT` 变量，这里 `Service` 的名称需大写，横线被转换成下划线。
 
@@ -301,9 +528,29 @@ REDIS_MASTER_PORT_6379_TCP_ADDR=10.0.0.11
 
 *这意味着需要有顺序的要求* ——  `Pod` 想要访问的任何 `Service` 必须在 `Pod` 自己之前被创建，否则这些环境变量就不会被赋值。DNS 并没有这个限制。
 
+<!--
 ### DNS
+An optional (though strongly recommended) [cluster
+add-on](/docs/concepts/cluster-administration/addons/) is a DNS server.  The
+DNS server watches the Kubernetes API for new `Services` and creates a set of
+DNS records for each.  If DNS has been enabled throughout the cluster then all
+`Pods` should be able to do name resolution of `Services` automatically.
+For example, if you have a `Service` called `"my-service"` in a Kubernetes
+`Namespace` called `"my-ns"`, a DNS record for `"my-service.my-ns"` is created.  `Pods`
+which exist in the `"my-ns"` `Namespace` should be able to find it by simply doing
+a name lookup for `"my-service"`.  `Pods` which exist in other `Namespaces` must
+qualify the name as `"my-service.my-ns"`.  The result of these name lookups is the
+cluster IP.
+Kubernetes also supports DNS SRV (service) records for named ports.  If the
+`"my-service.my-ns"` `Service` has a port named `"http"` with protocol `TCP`, you
+can do a DNS SRV query for `"_http._tcp.my-service.my-ns"` to discover the port
+number for `"http"`.
+The Kubernetes DNS server is the only way to access services of type
+`ExternalName`.  More information is available in the [DNS Pods and
+Services](/docs/concepts/services-networking/dns-pod-service/).
+-->
 
-
+### DNS
 
 一个可选（尽管强烈推荐）[集群插件](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/README.md) 是 DNS 服务器。
 DNS 服务器监视着创建新 `Service` 的 Kubernetes API，从而为每一个 `Service` 创建一组 DNS 记录。
@@ -326,7 +573,20 @@ Kubernetes 也支持对端口名称的 DNS SRV（Service）记录。
 Kubernetes DNS 服务器是唯一的一种能够访问 `ExternalName` 类型的 Service 的方式。
 更多信息可以查看[DNS Pod 和 Service](/docs/concepts/services-networking/dns-pod-service/)。
 
-
+<!--
+## Headless services
+Sometimes you don't need or want load-balancing and a single service IP.  In
+this case, you can create "headless" services by specifying `"None"` for the
+cluster IP (`.spec.clusterIP`).
+This option allows developers to reduce coupling to the Kubernetes system by
+allowing them freedom to do discovery their own way.  Applications can still use
+a self-registration pattern and adapters for other discovery systems could easily
+be built upon this API.
+For such `Services`, a cluster IP is not allocated, kube-proxy does not handle
+these services, and there is no load balancing or proxying done by the platform
+for them. How DNS is automatically configured depends on whether the service has
+selectors defined.
+-->
 
 ## Headless Service
 
@@ -345,7 +605,12 @@ Kubernetes DNS 服务器是唯一的一种能够访问 `ExternalName` 类型的
 对这类 `Service` 并不会分配 Cluster IP，kube-proxy 不会处理它们，而且平台也不会为它们进行负载均衡和路由。
 DNS 如何实现自动配置，依赖于 `Service` 是否定义了 selector。
 
-
+<!--
+### With selectors
+For headless services that define selectors, the endpoints controller creates
+`Endpoints` records in the API, and modifies the DNS configuration to return A
+records (addresses) that point directly to the `Pods` backing the `Service`.
+-->
 
 ### 配置 Selector
 
@@ -353,7 +618,15 @@ DNS 如何实现自动配置，依赖于 `Service` 是否定义了 selector。
 
 对定义了 selector 的 Headless Service，Endpoint 控制器在 API 中创建了 `Endpoints` 记录，并且修改 DNS 配置返回 A 记录（地址），通过这个地址直接到达 `Service` 的后端  `Pod` 上。
 
-
+<!--
+### Without selectors
+For headless services that do not define selectors, the endpoints controller does
+not create `Endpoints` records. However, the DNS system looks for and configures
+either:
+  * CNAME records for [`ExternalName`](#externalname)-type services.
+  * A records for any `Endpoints` that share a name with the service, for all
+    other types.
+-->
 
 ### 不配置 Selector
 
@@ -365,7 +638,28 @@ DNS 如何实现自动配置，依赖于 `Service` 是否定义了 selector。
 * `ExternalName` 类型 Service 的 CNAME 记录
   * 记录：与 Service 共享一个名称的任何 `Endpoints`，以及所有其它类型
 
-
+<!--
+## Publishing services - service types
+For some parts of your application (e.g. frontends) you may want to expose a
+Service onto an external (outside of your cluster) IP address.
+Kubernetes `ServiceTypes` allow you to specify what kind of service you want.
+The default is `ClusterIP`.
+`Type` values and their behaviors are:
+   * `ClusterIP`: Exposes the service on a cluster-internal IP. Choosing this value
+     makes the service only reachable from within the cluster. This is the
+     default `ServiceType`.
+   * [`NodePort`](#nodeport): Exposes the service on each Node's IP at a static port
+     (the `NodePort`). A `ClusterIP` service, to which the `NodePort` service will
+     route, is automatically created.  You'll be able to contact the `NodePort` service,
+     from outside the cluster,
+     by requesting `<NodeIP>:<NodePort>`.
+   * [`LoadBalancer`](#loadbalancer): Exposes the service externally using a cloud
+     provider's load balancer. `NodePort` and `ClusterIP` services, to which the external
+     load balancer will route, are automatically created.
+   * [`ExternalName`](#externalname): Maps the service to the contents of the
+     `externalName` field (e.g. `foo.bar.example.com`), by returning a `CNAME` record
+     with its value. No proxying of any kind is set up. 
+-->
 
 ## 发布服务 —— 服务类型
 
@@ -381,9 +675,29 @@ Kubernetes `ServiceTypes` 允许指定一个需要的类型的 Service，默认
 * `NodePort`：通过每个 Node 上的 IP 和静态端口（`NodePort`）暴露服务。`NodePort` 服务会路由到 `ClusterIP` 服务，这个 `ClusterIP` 服务会自动创建。通过请求 `<NodeIP>:<NodePort>`，可以从集群的外部访问一个 `NodePort` 服务。
 * `LoadBalancer`：使用云提供商的负载局衡器，可以向外部暴露服务。外部的负载均衡器可以路由到 `NodePort` 服务和 `ClusterIP` 服务。
 * `ExternalName`：通过返回 `CNAME` 和它的值，可以将服务映射到 `externalName` 字段的内容（例如， `foo.bar.example.com`）。
-    没有任何类型代理被创建，这只有 Kubernetes 1.7 或更高版本的 `kube-dns` 才支持。
-
-
+    没有任何类型代理被创建。
+
+{{< note >}}
+您需要 CoreDNS 1.7 或更高版本才能使用 `ExternalName` 类型。
+{{< /note >}}
+
+<!--
+### Type NodePort {#nodeport}
+If you set the `type` field to `NodePort`, the Kubernetes master will
+allocate a port from a range specified by `--service-node-port-range` flag (default: 30000-32767), and each
+Node will proxy that port (the same port number on every Node) into your `Service`.
+That port will be reported in your `Service`'s `.spec.ports[*].nodePort` field.
+If you want to specify particular IP(s) to proxy the port, you can set the `--nodeport-addresses` flag in kube-proxy to particular IP block(s) (which is supported since Kubernetes v1.10). A comma-delimited list of IP blocks (e.g. 10.0.0.0/8, 1.2.3.4/32) is used to filter addresses local to this node. For example, if you start kube-proxy with flag `--nodeport-addresses=127.0.0.0/8`, kube-proxy will select only the loopback interface for NodePort Services. The `--nodeport-addresses` is defaulted to empty (`[]`), which means select all available interfaces and is in compliance with current NodePort behaviors.
+If you want a specific port number, you can specify a value in the `nodePort`
+field, and the system will allocate you that port or else the API transaction
+will fail (i.e. you need to take care about possible port collisions yourself).
+The value you specify must be in the configured range for node ports.
+This gives developers the freedom to set up their own load balancers, to
+configure environments that are not fully supported by Kubernetes, or
+even to just expose one or more nodes' IPs directly.
+Note that this Service will be visible as both `<NodeIP>:spec.ports[*].nodePort`
+and `.spec.clusterIP:spec.ports[*].port`. (If the `--nodeport-addresses` flag in kube-proxy is set, <NodeIP> would be filtered NodeIP(s).)
+-->
 
 ### NodePort 类型
 
@@ -402,12 +716,51 @@ Kubernetes `ServiceTypes` 允许指定一个需要的类型的 Service，默认
 
 需要注意的是，Service 将能够通过 `<NodeIP>:spec.ports[*].nodePort` 和 `spec.clusterIp:spec.ports[*].port` 而对外可见。
 
-
+<!--
+### Type LoadBalancer {#loadbalancer}
+On cloud providers which support external load balancers, setting the `type`
+field to `LoadBalancer` will provision a load balancer for your `Service`.
+The actual creation of the load balancer happens asynchronously, and
+information about the provisioned balancer will be published in the `Service`'s
+`.status.loadBalancer` field.  For example:
+```yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: my-service
+spec:
+  selector:
+    app: MyApp
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 9376
+  clusterIP: 10.0.171.239
+  loadBalancerIP: 78.11.24.19
+  type: LoadBalancer
+status:
+  loadBalancer:
+    ingress:
+    - ip: 146.148.47.155
+```
+Traffic from the external load balancer will be directed at the backend `Pods`,
+though exactly how that works depends on the cloud provider. Some cloud providers allow
+the `loadBalancerIP` to be specified. In those cases, the load-balancer will be created
+with the user-specified `loadBalancerIP`. If the `loadBalancerIP` field is not specified,
+an ephemeral IP will be assigned to the loadBalancer. If the `loadBalancerIP` is specified, but the
+cloud provider does not support the feature, the field will be ignored.
+**Special notes for Azure**: To use user-specified public type `loadBalancerIP`, a static type
+public IP address resource needs to be created first, and it should be in the same resource
+group of the other automatically created resources of the cluster. For example, `MC_myResourceGroup_myAKSCluster_eastus`. Specify the assigned IP address as loadBalancerIP. Ensure that you have updated the securityGroupName in the cloud provider configuration file. For information about troubleshooting `CreatingLoadBalancerFailed` permission issues see, [Use a static IP address with the Azure Kubernetes Service (AKS) load balancer](https://docs.microsoft.com/en-us/azure/aks/static-ip) or [CreatingLoadBalancerFailed on AKS cluster with advanced networking](https://github.com/Azure/AKS/issues/357).
+{{< note >}}
+The support of SCTP in the cloud provider's load balancer is up to the cloud provider's
+load balancer implementation. If SCTP is not supported by the cloud provider's load balancer the
+Service creation request is accepted but the creation of the load balancer fails.
+{{< /note >}}
+-->
 
 ### LoadBalancer 类型
 
-
-
 使用支持外部负载均衡器的云提供商的服务，设置 `type` 的值为 `"LoadBalancer"`，将为 `Service` 提供负载均衡器。
 负载均衡器是异步创建的，关于被提供的负载均衡器的信息将会通过 `Service` 的 `status.loadBalancer` 字段被发布出去。
 
@@ -439,7 +792,59 @@ status:
 某些云提供商允许设置 `loadBalancerIP`。如果没有设置 `loadBalancerIP`，将会给负载均衡器指派一个临时 IP。
 如果设置了 `loadBalancerIP`，但云提供商并不支持这种特性，那么设置的 `loadBalancerIP` 值将会被忽略掉。
 
-
+<!--
+#### Internal load balancer
+In a mixed environment it is sometimes necessary to route traffic from services inside the same VPC.
+In a split-horizon DNS environment you would need two services to be able to route both external and internal traffic to your endpoints.
+This can be achieved by adding the following annotations to the service based on cloud provider.
+{{< tabs name="service_tabs" >}}
+{{% tab name="Default" %}}
+Select one of the tabs.
+{{% /tab %}}
+{{% tab name="GCP" %}}
+```yaml
+[...]
+metadata:
+    name: my-service
+    annotations:
+        cloud.google.com/load-balancer-type: "Internal"
+[...]
+```
+Use `cloud.google.com/load-balancer-type: "internal"` for masters with version 1.7.0 to 1.7.3.
+For more information, see the [docs](https://cloud.google.com/kubernetes-engine/docs/internal-load-balancing).
+{{% /tab %}}
+{{% tab name="AWS" %}}
+```yaml
+[...]
+metadata:
+    name: my-service
+    annotations:
+        service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
+[...]
+```
+{{% /tab %}}
+{{% tab name="Azure" %}}
+```yaml
+[...]
+metadata:
+    name: my-service
+    annotations:
+        service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+[...]
+```
+{{% /tab %}}
+{{% tab name="OpenStack" %}}
+```yaml
+[...]
+metadata:
+    name: my-service
+    annotations:
+        service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+[...]
+```
+{{% /tab %}}
+{{< /tabs >}}
+-->
 
 ### AWS 内部负载均衡器
 在混合云环境中，有时从虚拟私有云（VPC）环境中的服务路由流量是非常有必要的。
@@ -457,7 +862,61 @@ metadata:
 
 在水平分割的 DNS 环境中，需要两个 `Service` 来将外部和内部的流量路由到 Endpoint 上。
 
-
+<!--
+#### SSL support on AWS
+For partial SSL support on clusters running on AWS, starting with 1.3 three
+annotations can be added to a `LoadBalancer` service:
+```yaml
+metadata:
+  name: my-service
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
+```
+The first specifies the ARN of the certificate to use. It can be either a
+certificate from a third party issuer that was uploaded to IAM or one created
+within AWS Certificate Manager.
+```yaml
+metadata:
+  name: my-service
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: (https|http|ssl|tcp)
+```
+The second annotation specifies which protocol a pod speaks. For HTTPS and
+SSL, the ELB will expect the pod to authenticate itself over the encrypted
+connection.
+HTTP and HTTPS will select layer 7 proxying: the ELB will terminate
+the connection with the user, parse headers and inject the `X-Forwarded-For`
+header with the user's IP address (pods will only see the IP address of the
+ELB at the other end of its connection) when forwarding requests.
+TCP and SSL will select layer 4 proxying: the ELB will forward traffic without
+modifying the headers.
+In a mixed-use environment where some ports are secured and others are left unencrypted,
+the following annotations may be used:
+```yaml
+    metadata:
+      name: my-service
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443,8443"
+```
+In the above example, if the service contained three ports, `80`, `443`, and
+`8443`, then `443` and `8443` would use the SSL certificate, but `80` would just
+be proxied HTTP.
+Beginning in 1.9, services can use [predefined AWS SSL policies](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html)
+for any HTTPS or SSL listeners. To see which policies are available for use, run
+the awscli command:
+```bash
+aws elb describe-load-balancer-policies --query 'PolicyDescriptions[].PolicyName'
+```
+Any one of those policies can then be specified using the
+"`service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy`"
+annotation, for example:
+```yaml
+    metadata:
+      name: my-service
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
+-->
 
 ### AWS SSL 支持
 对运行在 AWS 上部分支持 SSL 的集群，从 1.3 版本开始，可以为 `LoadBalancer` 类型的 `Service` 增加两个 annotation：
@@ -490,7 +949,31 @@ HTTP 和 HTTPS 将选择7层代理：ELB 将中断与用户的连接，当转发
 
 TCP 和 SSL 将选择4层代理：ELB 将转发流量，并不修改 Header 信息。
 
-
+<!--
+### External IPs
+If there are external IPs that route to one or more cluster nodes, Kubernetes services can be exposed on those
+`externalIPs`. Traffic that ingresses into the cluster with the external IP (as destination IP), on the service port,
+will be routed to one of the service endpoints. `externalIPs` are not managed by Kubernetes and are the responsibility
+of the cluster administrator.
+In the `ServiceSpec`, `externalIPs` can be specified along with any of the `ServiceTypes`.
+In the example below, "`my-service`" can be accessed by clients on "`80.11.12.10:80`"" (`externalIP:port`)
+```yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: my-service
+spec:
+  selector:
+    app: MyApp
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 9376
+  externalIPs:
+  - 80.11.12.10
+```
+-->
 
 ### 外部 IP
 
@@ -518,7 +1001,20 @@ spec:
     - 80.11.12.10
 ```
 
-
+<!--
+## Shortcomings
+Using the userspace proxy for VIPs will work at small to medium scale, but will
+not scale to very large clusters with thousands of Services.  See [the original
+design proposal for portals](http://issue.k8s.io/1107) for more details.
+Using the userspace proxy obscures the source-IP of a packet accessing a `Service`.
+This makes some kinds of firewalling impossible.  The iptables proxier does not
+obscure in-cluster source IPs, but it does still impact clients coming through
+a load-balancer or node-port.
+The `Type` field is designed as nested functionality - each level adds to the
+previous.  This is not strictly required on all cloud providers (e.g. Google Compute Engine does
+not need to allocate a `NodePort` to make `LoadBalancer` work, but AWS does)
+but the current API requires it.
+-->
 
 ## 不足之处
 
@@ -536,7 +1032,20 @@ iptables 代理不会隐藏 Kubernetes 集群内部的 IP 地址，但却要求
 `Type` 字段支持嵌套功能 —— 每一层需要添加到上一层里面。
 不会严格要求所有云提供商（例如，GCE 就没必要为了使一个 `LoadBalancer` 能工作而分配一个 `NodePort`，但是 AWS 需要 ），但当前 API 是强制要求的。
 
-
+<!--
+## Future work
+In the future we envision that the proxy policy can become more nuanced than
+simple round robin balancing, for example master-elected or sharded.  We also
+envision that some `Services` will have "real" load balancers, in which case the
+VIP will simply transport the packets there.
+We intend to improve our support for L7 (HTTP) `Services`.
+We intend to have more flexible ingress modes for `Services` which encompass
+the current `ClusterIP`, `NodePort`, and `LoadBalancer` modes and more.
+## The gory details of virtual IPs
+The previous information should be sufficient for many people who just want to
+use `Services`.  However, there is a lot going on behind the scenes that may be
+worth understanding.
+-->
 
 ## 未来工作
 
@@ -549,14 +1058,37 @@ iptables 代理不会隐藏 Kubernetes 集群内部的 IP 地址，但却要求
 
 我们打算为 `Service` 实现更加灵活的请求进入模式，这些 `Service` 包含当前 `ClusterIP`、`NodePort` 和 `LoadBalancer` 模式，或者更多。
 
-
+<!--
+## The gory details of virtual IPs
+The previous information should be sufficient for many people who just want to
+use `Services`.  However, there is a lot going on behind the scenes that may be
+worth understanding.
+-->
 
 ## VIP 的那些骇人听闻的细节
 
 对很多想使用 `Service` 的人来说，前面的信息应该足够了。
 然而，有很多内部原理性的内容，还是值去理解的。
 
-
+<!--
+### Avoiding collisions
+One of the primary philosophies of Kubernetes is that users should not be
+exposed to situations that could cause their actions to fail through no fault
+of their own.  In this situation, we are looking at network ports - users
+should not have to choose a port number if that choice might collide with
+another user.  That is an isolation failure.
+In order to allow users to choose a port number for their `Services`, we must
+ensure that no two `Services` can collide.  We do that by allocating each
+`Service` its own IP address.
+To ensure each service receives a unique IP, an internal allocator atomically
+updates a global allocation map in etcd prior to creating each service. The map object
+must exist in the registry for services to get IPs, otherwise creations will
+fail with a message indicating an IP could not be allocated. A background
+controller is responsible for creating that map (to migrate from older versions
+of Kubernetes that used in memory locking) as well as checking for invalid
+assignments due to administrator intervention and cleaning up any IPs
+that were allocated but which no service currently uses.
+-->
 
 ### 避免冲突
 
@@ -575,7 +1107,18 @@ Kubernetes 最主要的哲学之一，是用户不应该暴露那些能够导致
 为了使 `Service` 能够获取到 IP，这个映射表对象必须在注册中心存在，否则创建 `Service` 将会失败，指示一个 IP 不能被分配。
 一个后台 Controller 的职责是创建映射表（从 Kubernetes 的旧版本迁移过来，旧版本中是通过在内存中加锁的方式实现），并检查由于管理员干预和清除任意 IP 造成的不合理分配，这些 IP 被分配了但当前没有 `Service` 使用它们。
 
-
+<!--
+### IPs and VIPs
+Unlike `Pod` IP addresses, which actually route to a fixed destination,
+`Service` IPs are not actually answered by a single host.  Instead, we use
+`iptables` (packet processing logic in Linux) to define virtual IP addresses
+which are transparently redirected as needed.  When clients connect to the
+VIP, their traffic is automatically transported to an appropriate endpoint.
+The environment variables and DNS for `Services` are actually populated in
+terms of the `Service`'s VIP and port.
+We support three proxy modes - userspace, iptables and ipvs which operate
+slightly differently.
+-->
 
 ### IP 和 VIP
 
@@ -584,7 +1127,22 @@ Kubernetes 最主要的哲学之一，是用户不应该暴露那些能够导致
 当客户端连接到 VIP 时，它们的流量会自动地传输到一个合适的 Endpoint。
 环境变量和 DNS，实际上会根据 `Service` 的 VIP 和端口来进行填充。
 
-
+<!--
+#### Userspace
+As an example, consider the image processing application described above.
+When the backend `Service` is created, the Kubernetes master assigns a virtual
+IP address, for example 10.0.0.1.  Assuming the `Service` port is 1234, the
+`Service` is observed by all of the `kube-proxy` instances in the cluster.
+When a proxy sees a new `Service`, it opens a new random port, establishes an
+iptables redirect from the VIP to this new port, and starts accepting
+connections on it.
+When a client connects to the VIP the iptables rule kicks in, and redirects
+the packets to the `Service proxy`'s own port.  The `Service proxy` chooses a
+backend, and starts proxying traffic from the client to the backend.
+This means that `Service` owners can choose any port they want without risk of
+collision.  Clients can simply connect to an IP and port, without being aware
+of which `Pods` they are actually accessing.
+-->
 
 #### Userspace
 
@@ -601,7 +1159,23 @@ Kubernetes 最主要的哲学之一，是用户不应该暴露那些能够导致
 这意味着 `Service` 的所有者能够选择任何他们想使用的端口，而不存在冲突的风险。
 客户端可以简单地连接到一个 IP 和端口，而不需要知道实际访问了哪些 `Pod`。
 
-
+<!--
+#### Iptables
+Again, consider the image processing application described above.
+When the backend `Service` is created, the Kubernetes master assigns a virtual
+IP address, for example 10.0.0.1.  Assuming the `Service` port is 1234, the
+`Service` is observed by all of the `kube-proxy` instances in the cluster.
+When a proxy sees a new `Service`, it installs a series of iptables rules which
+redirect from the VIP to per-`Service` rules.  The per-`Service` rules link to
+per-`Endpoint` rules which redirect (Destination NAT) to the backends.
+When a client connects to the VIP the iptables rule kicks in.  A backend is
+chosen (either based on session affinity or randomly) and packets are
+redirected to the backend.  Unlike the userspace proxy, packets are never
+copied to userspace, the kube-proxy does not have to be running for the VIP to
+work, and the client IP is not altered.
+This same basic flow executes when traffic comes in through a node-port or
+through a load-balancer, though in those cases the client IP does get altered.
+-->
 
 #### Iptables
 
@@ -617,7 +1191,12 @@ Kubernetes 最主要的哲学之一，是用户不应该暴露那些能够导致
 不像 userspace 代理，数据包从来不拷贝到用户空间，kube-proxy 不是必须为该 VIP 工作而运行，并且客户端 IP 是不可更改的。
 当流量打到 Node 的端口上，或通过负载均衡器，会执行相同的基本流程，但是在那些案例中客户端 IP 是可以更改的。
 
-
+<!--
+## API Object
+Service is a top-level resource in the Kubernetes REST API. More details about the
+API object can be found at:
+[Service API object](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#service-v1-core).
+-->
 
 ## API 对象
 
diff --git a/content/zh/docs/concepts/storage/_index.md b/content/zh/docs/concepts/storage/_index.md
index 3f2371fcb414c..1880a0aef7278 100644
--- a/content/zh/docs/concepts/storage/_index.md
+++ b/content/zh/docs/concepts/storage/_index.md
@@ -8,4 +8,4 @@ weight: 70
 title: "Storage"
 weight: 70
 ---
--->
\ No newline at end of file
+-->
diff --git a/content/zh/docs/concepts/storage/dynamic-provisioning.md b/content/zh/docs/concepts/storage/dynamic-provisioning.md
new file mode 100644
index 0000000000000..f9f642bfdaddd
--- /dev/null
+++ b/content/zh/docs/concepts/storage/dynamic-provisioning.md
@@ -0,0 +1,220 @@
+---
+title: 动态卷供应
+content_template: templates/concept
+weight: 40
+---
+<!--
+---
+reviewers:
+- saad-ali
+- jsafrane
+- thockin
+- msau42
+title: Dynamic Volume Provisioning
+content_template: templates/concept
+weight: 40
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Dynamic volume provisioning allows storage volumes to be created on-demand.
+Without dynamic provisioning, cluster administrators have to manually make
+calls to their cloud or storage provider to create new storage volumes, and
+then create [`PersistentVolume` objects](/docs/concepts/storage/persistent-volumes/)
+to represent them in Kubernetes. The dynamic provisioning feature eliminates
+the need for cluster administrators to pre-provision storage. Instead, it
+automatically provisions storage when it is requested by users.
+-->
+动态卷供应允许按需创建存储卷。
+如果没有动态供应，集群管理员必须手动地联系他们的云或存储提供商来创建新的存储卷，
+然后在 Kubernetes 集群创建 [`PersistentVolume` 对象](/docs/concepts/storage/persistent-volumes/)来表示这些卷。
+动态供应功能消除了集群管理员预先配置存储的需要。 相反，它在用户请求时自动供应存储。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Background
+-->
+## 背景
+
+<!--
+The implementation of dynamic volume provisioning is based on the API object `StorageClass`
+from the API group `storage.k8s.io`. A cluster administrator can define as many
+`StorageClass` objects as needed, each specifying a *volume plugin* (aka
+*provisioner*) that provisions a volume and the set of parameters to pass to
+that provisioner when provisioning.
+-->
+动态卷供应的实现基于 `storage.k8s.io` API 组中的 `StorageClass` API 对象。
+集群管理员可以根据需要定义多个 `StorageClass` 对象，每个对象指定一个*卷插件*（又名 *provisioner*），
+卷插件向卷供应商提供在创建卷时需要的数据卷信息及相关参数。
+
+<!--
+A cluster administrator can define and expose multiple flavors of storage (from
+the same or different storage systems) within a cluster, each with a custom set
+of parameters. This design also ensures that end users don’t have to worry
+about the complexity and nuances of how storage is provisioned, but still
+have the ability to select from multiple storage options.
+-->
+集群管理员可以在集群中定义和公开多种存储（来自相同或不同的存储系统），每种都具有自定义参数集。
+该设计也确保终端用户不必担心存储供应的复杂性和细微差别，但仍然能够从多个存储选项中进行选择。
+
+<!--
+More information on storage classes can be found
+[here](/docs/concepts/storage/persistent-volumes/#storageclasses).
+-->
+点击[这里](/docs/concepts/storage/persistent-volumes/#storageclasses)查阅有关存储类的更多信息。
+
+<!--
+## Enabling Dynamic Provisioning
+-->
+## 启用动态卷供应
+
+<!--
+To enable dynamic provisioning, a cluster administrator needs to pre-create
+one or more StorageClass objects for users.
+StorageClass objects define which provisioner should be used and what parameters
+should be passed to that provisioner when dynamic provisioning is invoked.
+The following manifest creates a storage class "slow" which provisions standard
+disk-like persistent disks.
+-->
+要启用动态供应功能，集群管理员需要为用户预先创建一个或多个 `StorageClass` 对象。
+`StorageClass` 对象定义在进行动态卷供应时应使用哪个卷供应商，以及应该将哪些参数传递给该供应商。
+以下清单创建了一个存储类 "slow"，它提供类似标准磁盘的永久磁盘。
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: slow
+provisioner: kubernetes.io/gce-pd
+parameters:
+  type: pd-standard
+```
+
+<!--
+The following manifest creates a storage class "fast" which provisions
+SSD-like persistent disks.
+-->
+以下清单创建了一个 "fast" 存储类，它提供类似 SSD 的永久磁盘。
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: fast
+provisioner: kubernetes.io/gce-pd
+parameters:
+  type: pd-ssd
+```
+
+<!--
+## Using Dynamic Provisioning
+-->
+## 使用动态卷供应
+
+<!--
+Users request dynamically provisioned storage by including a storage class in
+their `PersistentVolumeClaim`. Before Kubernetes v1.6, this was done via the
+`volume.beta.kubernetes.io/storage-class` annotation. 
+-->
+用户通过在 `PersistentVolumeClaim` 中包含存储类来请求动态供应的存储。
+在 Kubernetes v1.6 之前，这通过 `volume.beta.kubernetes.io/storage-class` 注解实现。
+
+<!--
+However, this annotation
+is deprecated since v1.6. Users now can and should instead use the
+`storageClassName` field of the `PersistentVolumeClaim` object. The value of
+this field must match the name of a `StorageClass` configured by the
+administrator (see [below](#enabling-dynamic-provisioning)).
+-->
+然而，这个注解自 v1.6 起就不被推荐使用了。
+用户现在能够而且应该使用 `PersistentVolumeClaim` 对象的 `storageClassName` 字段。
+这个字段的值必须能够匹配到集群管理员配置的 `StorageClass` 名称（见[下面](#enabling-dynamic-provisioning)）。
+
+<!--
+To select the “fast” storage class, for example, a user would create the
+following `PersistentVolumeClaim`:
+-->
+例如，要选择 "fast" 存储类，用户将创建如下的 `PersistentVolumeClaim`：
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: claim1
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: fast
+  resources:
+    requests:
+      storage: 30Gi
+```
+
+<!--
+This claim results in an SSD-like Persistent Disk being automatically
+provisioned. When the claim is deleted, the volume is destroyed.
+-->
+该声明会自动供应一块类似 SSD 的永久磁盘。
+在删除该声明后，这个卷也会被销毁。
+
+<!--
+## Defaulting Behavior
+-->
+## 默认行为
+
+<!--
+Dynamic provisioning can be enabled on a cluster such that all claims are
+dynamically provisioned if no storage class is specified. A cluster administrator
+can enable this behavior by:
+-->
+可以在群集上启用动态卷供应，以便在未指定存储类的情况下动态设置所有声明。
+集群管理员可以通过以下方式启用此行为：
+
+<!--
+- Marking one `StorageClass` object as *default*;
+- Making sure that the [`DefaultStorageClass` admission controller](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass)
+  is enabled on the API server.
+-->
+- 标记一个 `StorageClass` 为 *默认*；
+- 确保 [`DefaultStorageClass` 准入控制器](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass)在 API 服务端被启用。
+
+<!--
+An administrator can mark a specific `StorageClass` as default by adding the
+`storageclass.kubernetes.io/is-default-class` annotation to it.
+When a default `StorageClass` exists in a cluster and a user creates a
+`PersistentVolumeClaim` with `storageClassName` unspecified, the
+`DefaultStorageClass` admission controller automatically adds the
+`storageClassName` field pointing to the default storage class.
+-->
+管理员可以通过向其添加 `storageclass.kubernetes.io/is-default-class` 注解来将特定的 `StorageClass` 标记为默认。
+当集群中存在默认的 `StorageClass` 并且用户创建了一个未指定 `storageClassName` 的 `PersistentVolumeClaim` 时，
+`DefaultStorageClass` 准入控制器会自动向其中添加指向默认存储类的 `storageClassName` 字段。
+
+<!--
+Note that there can be at most one *default* storage class on a cluster, or
+a `PersistentVolumeClaim` without `storageClassName` explicitly specified cannot
+be created.
+-->
+请注意，群集上最多只能有一个 *默认* 存储类，否则无法创建没有明确指定 `storageClassName` 的 `PersistentVolumeClaim`。
+
+<!--
+## Topology Awareness
+-->
+## 拓扑感知
+
+<!--
+In [Multi-Zone](/docs/setup/multiple-zones) clusters, Pods can be spread across
+Zones in a Region. Single-Zone storage backends should be provisioned in the Zones where
+Pods are scheduled. This can be accomplished by setting the [Volume Binding
+Mode](/docs/concepts/storage/storage-classes/#volume-binding-mode).
+-->
+在[多区域](/docs/setup/multiple-zones)集群中，Pod 可以被分散到多个区域。
+单区域存储后端应该被供应到 Pod 被调度到的区域。
+这可以通过设置[卷绑定模式](/docs/concepts/storage/storage-classes/#volume-binding-mode)来实现。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/storage/storage-classes.md b/content/zh/docs/concepts/storage/storage-classes.md
new file mode 100644
index 0000000000000..d15c48fad575e
--- /dev/null
+++ b/content/zh/docs/concepts/storage/storage-classes.md
@@ -0,0 +1,1152 @@
+---
+reviewers:
+- jsafrane
+- saad-ali
+- thockin
+- msau42
+title: Storage Classes
+content_template: templates/concept
+weight: 30
+---
+
+{{% capture overview %}}
+
+<!--
+This document describes the concept of a StorageClass in Kubernetes. Familiarity
+with [volumes](/docs/concepts/storage/volumes/) and
+[persistent volumes](/docs/concepts/storage/persistent-volumes) is suggested.
+-->
+本文描述了 Kubernetes 中 StorageClass 的概念。建议先熟悉 [卷](/docs/concepts/storage/volumes/) 和
+[持久卷](/docs/concepts/storage/persistent-volumes) 的概念。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Introduction
+
+A `StorageClass` provides a way for administrators to describe the "classes" of
+storage they offer. Different classes might map to quality-of-service levels,
+or to backup policies, or to arbitrary policies determined by the cluster
+administrators. Kubernetes itself is unopinionated about what classes
+represent. This concept is sometimes called "profiles" in other storage
+systems.
+-->
+## 介绍
+
+`StorageClass` 为管理员提供了描述存储 `"类"` 的方法。
+不同的`类型`可能会映射到不同的服务质量等级或备份策略，或是由群集管理员制定的任意策略。
+Kubernetes 本身并不清楚各种`类`代表的什么。这个`类`的概念在其他存储系统中有时被称为"配置文件"。
+
+<!--
+## The StorageClass Resource
+
+Each `StorageClass` contains the fields `provisioner`, `parameters`, and
+`reclaimPolicy`, which are used when a `PersistentVolume` belonging to the
+class needs to be dynamically provisioned.
+ -->
+## StorageClass 资源
+
+每个 `StorageClass` 都包含 `provisioner`、`parameters` 和 `reclaimPolicy` 字段，
+这些字段会在`StorageClass`需要动态分配 `PersistentVolume` 时会使用到。
+
+<!--
+The name of a `StorageClass` object is significant, and is how users can
+request a particular class. Administrators set the name and other parameters
+of a class when first creating `StorageClass` objects, and the objects cannot
+be updated once they are created.
+ -->
+`StorageClass` 对象的命名很重要，用户使用这个命名来请求生成一个特定的类。
+当创建 `StorageClass` 对象时，管理员设置 StorageClass 对象的命名和其他参数，一旦创建了对象就不能再对其更新。
+
+<!--
+Administrators can specify a default `StorageClass` just for PVCs that don't
+request any particular class to bind to: see the
+[`PersistentVolumeClaim` section](/docs/concepts/storage/persistent-volumes/#class-1)
+for details.
+ -->
+管理员可以为没有申请绑定到特定 `StorageClass` 的 PVC 指定一个默认的`类` ：
+更多详情请参阅 [`PersistentVolumeClaim` 章节](#persistentvolumeclaims)。
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: standard
+provisioner: kubernetes.io/aws-ebs
+parameters:
+  type: gp2
+reclaimPolicy: Retain
+mountOptions:
+  - debug
+volumeBindingMode: Immediate
+```
+
+<!--
+### Provisioner
+
+Storage classes have a provisioner that determines what volume plugin is used
+for provisioning PVs. This field must be specified.
+ -->
+### 存储分配器
+
+`StorageClass` 有一个分配器，用来决定使用哪个`卷插件`分配`持久化卷申领`。该字段必须指定。
+
+| 卷插件        | 提供厂商 | 配置例子                      |
+| :---                 |     :---:           |    :---:                             |
+| AWSElasticBlockStore | &#x2713;            | [AWS EBS](#aws-ebs)                          |
+| AzureFile            | &#x2713;            | [Azure File](#azure-file)            |
+| AzureDisk            | &#x2713;            | [Azure Disk](#azure-disk)            |
+| CephFS               | -                   | -                                    |
+| Cinder               | &#x2713;            | [OpenStack Cinder](#openstack-cinder)|
+| FC                   | -                   | -                                    |
+| Flexvolume           | -                   | -                                    |
+| Flocker              | &#x2713;            | -                                    |
+| GCEPersistentDisk    | &#x2713;            | [GCE PD](#gce-pd)                          |
+| Glusterfs            | &#x2713;            | [Glusterfs](#glusterfs)              |
+| iSCSI                | -                   | -                                    |
+| Quobyte              | &#x2713;            | [Quobyte](#quobyte)                  |
+| NFS                  | -                   | -                                    |
+| RBD                  | &#x2713;            | [Ceph RBD](#ceph-rbd)                |
+| VsphereVolume        | &#x2713;            | [vSphere](#vsphere)                  |
+| PortworxVolume       | &#x2713;            | [Portworx Volume](#portworx-volume)  |
+| ScaleIO              | &#x2713;            | [ScaleIO](#scaleio)                  |
+| StorageOS            | &#x2713;            | [StorageOS](#storageos)              |
+| Local                | -                   | [Local](#local)              |
+
+<!--
+You are not restricted to specifying the "internal" provisioners
+listed here (whose names are prefixed with "kubernetes.io" and shipped
+alongside Kubernetes). You can also run and specify external provisioners,
+which are independent programs that follow a [specification](https://git.k8s.io/community/contributors/design-proposals/storage/volume-provisioning.md)
+defined by Kubernetes. Authors of external provisioners have full discretion
+over where their code lives, how the provisioner is shipped, how it needs to be
+run, what volume plugin it uses (including Flex), etc. The repository [kubernetes-incubator/external-storage](https://github.com/kubernetes-incubator/external-storage)
+houses a library for writing external provisioners that implements the bulk of
+the specification plus various community-maintained external provisioners.
+ -->
+您不限于指定此处列出的"内置"分配器（其名称前缀为 kubernetes.io 并打包在 Kubernetes 中）。
+您还可以运行和指定外部分配器，这些独立的程序遵循由 Kubernetes 定义的 [规范](https://git.k8s.io/community/contributors/design-proposals/storage/volume-provisioning.md)。
+外部供应商的作者完全可以自由决定他们的代码保存于何处、打包方式、运行方式、使用的插件（包括 Flex）等。
+代码仓库 [kubernetes-incubator/external-storage](https://github.com/kubernetes-incubator/external-storage)
+包含一个用于为外部分配器编写功能实现的类库，以及各种社区维护的外部分配器。
+
+<!--
+For example, NFS doesn't provide an internal provisioner, but an external provisioner
+can be used. Some external provisioners are listed under the repository [kubernetes-incubator/external-storage](https://github.com/kubernetes-incubator/external-storage).
+There are also cases when 3rd party storage vendors provide their own external
+provisioner.
+ -->
+例如，NFS 没有内部分配器，但可以使用外部分配器。一些外部分配器在代码仓库 [kubernetes-incubator/external-storage](https://github.com/kubernetes-incubator/external-storage) 中。
+也有第三方存储供应商提供自己的外部分配器。
+
+<!--
+### Reclaim Policy
+
+Persistent Volumes that are dynamically created by a storage class will have the
+reclaim policy specified in the `reclaimPolicy` field of the class, which can be
+either `Delete` or `Retain`. If no `reclaimPolicy` is specified when a
+`StorageClass` object is created, it will default to `Delete`.
+
+Persistent Volumes that are created manually and managed via a storage class will have
+whatever reclaim policy they were assigned at creation.
+ -->
+### 回收策略
+
+由 `StorageClass` 动态创建的持久化卷会在的 `reclaimPolicy` 字段中指定回收策略，可以是
+`Delete` 或者 `Retain`。如果 `StorageClass` 对象被创建时没有指定 `reclaimPolicy` ，它将默认为 `Delete`。
+
+通过 `StorageClass` 手动创建并管理的 Persistent Volume 会使用它们被创建时指定的回收政策。
+
+<!--
+### Mount Options
+
+Persistent Volumes that are dynamically created by a storage class will have the
+mount options specified in the `mountOptions` field of the class.
+
+If the volume plugin does not support mount options but mount options are
+specified, provisioning will fail. Mount options are not validated on either
+the class or PV, so mount of the PV will simply fail if one is invalid.
+ -->
+### 挂载选项
+
+由 `StorageClass` 动态创建的 Persistent Volume 将使用`类`中 `mountOption` 字段指定的挂载选项。
+
+如果卷插件不支持挂载选项，却指定了该选项，则分配操作会失败。
+挂载选项在 `StorageClass` 和持久卷上都不会做验证，所以如果挂载选项无效，那么这个 PV 就会失败。
+
+<!--
+### Volume Binding Mode
+ -->
+### 卷绑定模式
+
+{{< feature-state for_k8s_version="v1.12" state="beta" >}}
+
+<!--
+**Note:** This feature requires the `VolumeScheduling` feature gate to be
+enabled.
+ -->
+**注意：** 这个功能特性需要启用 `VolumeScheduling` 参数才能使用。
+
+<!--
+The `volumeBindingMode` field controls when [volume binding and dynamic
+provisioning](/docs/concepts/storage/persistent-volumes/#provisioning) should occur.
+ -->
+`volumeBindingMode` 字段控制了 [卷绑定和动态分配](/docs/concepts/storage/persistent-volumes/#provisioning)
+应该发生在什么时候。
+
+<!--
+By default, the `Immediate` mode indicates that volume binding and dynamic
+provisioning occurs once the PersistentVolumeClaim is created. For storage
+backends that are topology-constrained and not globally accessible from all Nodes
+in the cluster, PersistentVolumes will be bound or provisioned without knowledge of the Pod's scheduling
+requirements. This may result in unschedulable Pods.
+ -->
+默认情况下，`Immediate` 模式表示一旦创建了 PersistentVolumeClaim 也就完成了卷绑定和动态分配。
+对于由于拓扑限制而非集群所有节点可达的存储后端，PersistentVolume 会在不知道 Pod 调度要求的情况下绑定或者分配。
+
+<!--
+A cluster administrator can address this issue by specifying the `WaitForFirstConsumer` mode which
+will delay the binding and provisioning of a PersistentVolume until a Pod using the PersistentVolumeClaim is created.
+PersistentVolumes will be selected or provisioned conforming to the topology that is
+specified by the Pod's scheduling constraints. These include, but are not limited to, [resource
+requirements](/docs/concepts/configuration/manage-compute-resources-container),
+[node selectors](/docs/concepts/configuration/assign-pod-node/#nodeselector),
+[pod affinity and
+anti-affinity](/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity),
+and [taints and tolerations](/docs/concepts/configuration/taint-and-toleration).
+-->
+集群管理员可以通过指定 `WaitForFirstConsumer` 模式来解决此问题。
+该模式将延迟 PersistentVolume 的绑定和分配，直到使用该 PersistentVolumeClaim 的 Pod 被创建。
+PersistentVolume 会根据 Pod 调度约束指定的拓扑来选择或分配。这些包括但不限于 [资源需求](/docs/concepts/configuration/manage-compute-resources-container)，
+[节点筛选器](/docs/concepts/configuration/assign-pod-node/#nodeselector)，
+[pod 亲和性和互斥性](/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity),
+以及 [污点和容忍度](/docs/concepts/configuration/taint-and-toleration).
+
+<!--
+The following plugins support `WaitForFirstConsumer` with dynamic provisioning:
+
+* [AWSElasticBlockStore](#aws-ebs)
+* [GCEPersistentDisk](#gce-pd)
+* [AzureDisk](#azure-disk)
+-->
+以下插件支持动态分配的 `WaitForFirstConsumer` 模式:
+
+* [AWSElasticBlockStore](#aws-ebs)
+* [GCEPersistentDisk](#gce-pd)
+* [AzureDisk](#azure-disk)
+
+<!--
+The following plugins support `WaitForFirstConsumer` with pre-created PersistentVolume binding:
+
+* All of the above
+* [Local](#local)
+-->
+以下插件支持预创建绑定 PersistentVolume 的 `WaitForFirstConsumer` 模式：
+
+* All of the above
+* [Local](#local)
+
+<!--
+### Allowed Topologies
+-->
+### 允许的拓扑结构
+{{< feature-state for_k8s_version="v1.12" state="beta" >}}
+
+<!--
+**Note:** This feature requires the `VolumeScheduling` feature gate to be enabled.
+-->
+**注意：** 这个特性需要开启 `VolumeScheduling` 特性开关。
+
+<!--
+When a cluster operactor specifies the `WaitForFirstConsumer` volume binding mode, it is no longer necessary
+to restrict provisioning to specific topologies in most situations. However,
+if still required, `allowedTopologies` can be specified.
+-->
+当集群操作人员使用了 `WaitForFirstConsumer` 的卷绑定模式，在大部分情况下就没有必要将配置限制为特定的拓扑结构。
+然而，如果还有需要的话，可以使用 `allowedTopologies`。
+
+<!--
+This example demonstrates how to restrict the topology of provisioned volumes to specific
+zones and should be used as a replacement for the `zone` and `zones` parameters for the
+supported plugins.
+-->
+这个例子描述了如何将分配卷限的拓扑限制在特定的区域，在使用时应该根据插件支持情况替换 `zone` 和 `zones` 参数。
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: standard
+provisioner: kubernetes.io/gce-pd
+parameters:
+  type: pd-standard
+volumeBindingMode: WaitForFirstConsumer
+allowedTopologies:
+- matchLabelExpressions:
+  - key: failure-domain.beta.kubernetes.io/zone
+    values:
+    - us-central1-a
+    - us-central1-b
+```
+
+<!--
+## Parameters
+
+Storage classes have parameters that describe volumes belonging to the storage
+class. Different parameters may be accepted depending on the `provisioner`. For
+ example, the value `io1`, for the parameter `type`, and the parameter
+`iopsPerGB` are specific to EBS. When a parameter is omitted, some default is
+used.
+ -->
+## 参数
+
+Storage class 具有描述属于卷的参数。取决于分配器，可以接受不同的参数。
+例如，参数 type 的值 io1 和参数 iopsPerGB 特定于 EBS PV。当参数被省略时，会使用默认值。
+
+### AWS EBS
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: slow
+provisioner: kubernetes.io/aws-ebs
+parameters:
+  type: io1
+  iopsPerGB: "10"
+  fsType: ext4
+```
+
+<!--
+* `type`: `io1`, `gp2`, `sc1`, `st1`. See
+  [AWS docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html)
+  for details. Default: `gp2`.
+* `zone` (Deprecated): AWS zone. If neither `zone` nor `zones` is specified, volumes are
+  generally round-robin-ed across all active zones where Kubernetes cluster
+  has a node. `zone` and `zones` parameters must not be used at the same time.
+* `zones` (Deprecated): A comma separated list of AWS zone(s). If neither `zone` nor `zones`
+  is specified, volumes are generally round-robin-ed across all active zones
+  where Kubernetes cluster has a node. `zone` and `zones` parameters must not
+  be used at the same time.
+* `iopsPerGB`: only for `io1` volumes. I/O operations per second per GiB. AWS
+  volume plugin multiplies this with size of requested volume to compute IOPS
+  of the volume and caps it at 20 000 IOPS (maximum supported by AWS, see
+  [AWS docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html).
+  A string is expected here, i.e. `"10"`, not `10`.
+* `fsType`: fsType that is supported by kubernetes. Default: `"ext4"`.
+* `encrypted`: denotes whether the EBS volume should be encrypted or not.
+  Valid values are `"true"` or `"false"`. A string is expected here,
+  i.e. `"true"`, not `true`.
+* `kmsKeyId`: optional. The full Amazon Resource Name of the key to use when
+  encrypting the volume. If none is supplied but `encrypted` is true, a key is
+  generated by AWS. See AWS docs for valid ARN value.
+-->
+* `type`：`io1`，`gp2`，`sc1`，`st1`。详细信息参见 [AWS 文档](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html)。默认值：`gp2`。
+* `zone`(弃用)：AWS 区域。如果没有指定 `zone` 和 `zones`，通常卷会在 Kubernetes 集群节点所在的活动区域中轮询调度分配。`zone` 和 `zones` 参数不能同时使用。
+* `zones`(弃用)：以逗号分隔的 AWS 区域列表。如果没有指定 `zone` 和 `zones`，通常卷会在 Kubernetes 集群节点所在的活动区域中轮询调度分配。`zone`和`zones`参数不能同时使用。
+* `iopsPerGB`：只适用于 `io1` 卷。每 GiB 每秒 I/O 操作。AWS 卷插件将其与请求卷的大小相乘以计算 IOPS 的容量，并将其限制在 20 000 IOPS（AWS 支持的最高值，请参阅 [AWS 文档](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html)。
+  这里需要输入一个字符串，即 `"10"`，而不是 `10`。
+* `fsType`：受 Kubernetes 支持的文件类型。默认值：`"ext4"`。
+* `encrypted`：指定 EBS 卷是否应该被加密。合法值为 `"true"` 或者 `"false"`。这里需要输入字符串，即 `"true"`, 而非 `true`。
+* `kmsKeyId`：可选。加密卷时使用密钥的完整 Amazon 资源名称。如果没有提供，但 `encrypted` 值为 true，AWS 生成一个密钥。关于有效的 ARN 值，请参阅 AWS 文档。
+<!--
+**Note:** `zone` and `zones` parameters are deprecated and replaced with
+[allowedTopologies](#allowed-topologies)
+ -->
+**注意：** `zone` 和 `zones` 已被弃用并被 [允许的拓扑结构](#allowed-topologies) 取代。
+
+### GCE PD
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: slow
+provisioner: kubernetes.io/gce-pd
+parameters:
+  type: pd-standard
+  replication-type: none
+```
+<!--
+* `type`: `pd-standard` or `pd-ssd`. Default: `pd-standard`
+* `zone` (Deprecated): GCE zone. If neither `zone` nor `zones` is specified, volumes are
+  generally round-robin-ed across all active zones where Kubernetes cluster has
+  a node. `zone` and `zones` parameters must not be used at the same time.
+* `zones` (Deprecated): A comma separated list of GCE zone(s). If neither `zone` nor `zones`
+  is specified, volumes are generally round-robin-ed across all active zones
+  where Kubernetes cluster has a node. `zone` and `zones` parameters must not
+  be used at the same time.
+* `replication-type`: `none` or `regional-pd`. Default: `none`.
+-->
+* `type`：`pd-standard` 或者 `pd-ssd`。默认：`pd-standard`
+* `zone`(弃用)：GCE 区域。如果没有指定 `zone` 和 `zones`，通常卷会在 Kubernetes 集群节点所在的活动区域中轮询调度分配。`zone` 和 `zones` 参数不能同时使用。
+* `zones`(弃用)：逗号分隔的 GCE 区域列表。如果没有指定 `zone` 和 `zones`，通常卷会在 Kubernetes 集群节点所在的活动区域中轮询调度（round-robin）分配。`zone` 和 `zones` 参数不能同时使用。
+* `replication-type`：`none` 或者 `regional-pd`。默认值：`none`。
+
+<!--
+If `replication-type` is set to `none`, a regular (zonal) PD will be provisioned.
+-->
+如果 `replication-type` 设置为 `none`，会分配一个常规（当前区域内的）持久化磁盘。
+
+<!--
+If `replication-type` is set to `regional-pd`, a
+[Regional Persistent Disk](https://cloud.google.com/compute/docs/disks/#repds)
+will be provisioned. In this case, users must use `zones` instead of `zone` to
+specify the desired replication zones. If exactly two zones are specified, the
+Regional PD will be provisioned in those zones. If more than two zones are
+specified, Kubernetes will arbitrarily choose among the specified zones. If the
+`zones` parameter is omitted, Kubernetes will arbitrarily choose among zones
+managed by the cluster.
+-->
+如果 `replication-type` 设置为 `regional-pd`，会分配一个 [区域性持久化磁盘（Regional Persistent Disk）](https://cloud.google.com/compute/docs/disks/#repds)。在这种情况下，用户必须使用 `zones` 而非 `zone` 来指定期望的复制区域（zone）。如果指定来两个特定的区域，区域性持久化磁盘会在这两个区域里分配。如果指定了多于两个的区域，Kubernetes 会选择其中任意两个区域。如果省略了 `zones` 参数，Kubernetes 会在集群管理的区域中任意选择。
+
+<!--
+**Note:** `zone` and `zones` parameters are deprecated and replaced with
+[allowedTopologies](#allowed-topologies)
+-->
+**注意：** `zone` 和 `zones` 已被弃用并被 [allowedTopologies](#allowed-topologies) 取代。
+
+### Glusterfs
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: slow
+provisioner: kubernetes.io/glusterfs
+parameters:
+  resturl: "http://127.0.0.1:8081"
+  clusterid: "630372ccdc720a92c681fb928f27b53f"
+  restauthenabled: "true"
+  restuser: "admin"
+  secretNamespace: "default"
+  secretName: "heketi-secret"
+  gidMin: "40000"
+  gidMax: "50000"
+  volumetype: "replicate:3"
+```
+
+<!--
+* `resturl`: Gluster REST service/Heketi service url which provision gluster
+  volumes on demand. The general format should be `IPaddress:Port` and this is
+  a mandatory parameter for GlusterFS dynamic provisioner. If Heketi service is
+  exposed as a routable service in openshift/kubernetes setup, this can have a
+  format similar to `http://heketi-storage-project.cloudapps.mystorage.com`
+  where the fqdn is a resolvable Heketi service url.
+* `restauthenabled` : Gluster REST service authentication boolean that enables
+  authentication to the REST server. If this value is `"true"`, `restuser` and
+  `restuserkey` or `secretNamespace` + `secretName` have to be filled. This
+  option is deprecated, authentication is enabled when any of `restuser`,
+  `restuserkey`, `secretName` or `secretNamespace` is specified.
+* `restuser` : Gluster REST service/Heketi user who has access to create volumes
+  in the Gluster Trusted Pool.
+* `restuserkey` : Gluster REST service/Heketi user's password which will be used
+  for authentication to the REST server. This parameter is deprecated in favor
+  of `secretNamespace` + `secretName`.
+-->
+* `resturl`：分配 gluster 卷的需求的 Gluster REST 服务/Heketi 服务 url。
+  通用格式应该是 `IPaddress:Port`，这是 GlusterFS 动态分配器的必需参数。
+  如果 Heketi 服务在 openshift/kubernetes 中安装并暴露为可路由服务，则可以使用类似于
+  `http://heketi-storage-project.cloudapps.mystorage.com` 的格式，其中 fqdn 是可解析的 heketi 服务网址。
+* `restauthenabled`：Gluster REST 服务身份验证布尔值，用于启用对 REST 服务器的身份验证。如果此值为 'true'，则必须填写 `restuser` 和 `restuserkey` 或 `secretNamespace` + `secretName`。此选项已弃用，当在指定 `restuser`，`restuserkey`，`secretName` 或  `secretNamespace` 时，身份验证被启用。
+* `restuser`：在 Gluster 可信池中有权创建卷的 Gluster REST服务/Heketi 用户。
+* `restuserkey`：Gluster REST 服务/Heketi 用户的密码将被用于对 REST 服务器进行身份验证。此参数已弃用，取而代之的是 `secretNamespace` + `secretName`。
+<!--
+* `secretNamespace`, `secretName` : Identification of Secret instance that
+  contains user password to use when talking to Gluster REST service. These
+  parameters are optional, empty password will be used when both
+  `secretNamespace` and `secretName` are omitted. The provided secret must have
+  type `"kubernetes.io/glusterfs"`, e.g. created in this way:
+
+    ```
+    kubectl create secret generic heketi-secret \
+      --type="kubernetes.io/glusterfs" --from-literal=key='opensesame' \
+      --namespace=default
+    ```
+
+    Example of a secret can be found in
+    [glusterfs-provisioning-secret.yaml](https://github.com/kubernetes/examples/tree/master/staging/persistent-volume-provisioning/glusterfs/glusterfs-secret.yaml).
+-->
+* `secretNamespace`，`secretName`：Secret 实例的标识，包含与 Gluster REST 服务交互时使用的用户密码。
+  这些参数是可选的，`secretNamespace` 和 `secretName` 都省略时使用空密码。所提供的 Secret 必须将类型设置为 "kubernetes.io/glusterfs"，例如以这种方式创建：
+
+    ```
+    kubectl create secret generic heketi-secret \
+      --type="kubernetes.io/glusterfs" --from-literal=key='opensesame' \
+      --namespace=default
+    ```
+
+    secret 的例子可以在 [glusterfs-provisioning-secret.yaml](https://github.com/kubernetes/examples/tree/master/staging/persistent-volume-provisioning/glusterfs/glusterfs-secret.yaml) 中找到。
+<!--
+* `clusterid`: `630372ccdc720a92c681fb928f27b53f` is the ID of the cluster
+  which will be used by Heketi when provisioning the volume. It can also be a
+  list of clusterids, for example:
+  `"8452344e2becec931ece4e33c4674e4e,42982310de6c63381718ccfa6d8cf397"`. This
+  is an optional parameter.
+* `gidMin`, `gidMax` : The minimum and maximum value of GID range for the
+  storage class. A unique value (GID) in this range ( gidMin-gidMax ) will be
+  used for dynamically provisioned volumes. These are optional values. If not
+  specified, the volume will be provisioned with a value between 2000-2147483647
+  which are defaults for gidMin and gidMax respectively.
+-->
+* `clusterid`：`630372ccdc720a92c681fb928f27b53f` 是集群的 ID，当分配卷时，Heketi 将会使用这个文件。它也可以是一个 clusterid 列表，例如：
+  `"8452344e2becec931ece4e33c4674e4e,42982310de6c63381718ccfa6d8cf397"`。这个是可选参数。
+* `gidMin`，`gidMax`：storage class GID 范围的最小值和最大值。在此范围（gidMin-gidMax）内的唯一值（GID）将用于动态分配卷。这些是可选的值。如果不指定，卷将被分配一个 2000-2147483647 之间的值，这是 gidMin 和 gidMax 的默认值。
+<!--
+* `volumetype` : The volume type and its parameters can be configured with this
+  optional value. If the volume type is not mentioned, it's up to the provisioner
+  to decide the volume type.
+
+    For example:
+    * Replica volume: `volumetype: replicate:3` where '3' is replica count.
+    * Disperse/EC volume: `volumetype: disperse:4:2` where '4' is data and '2' is the redundancy count.
+    * Distribute volume: `volumetype: none`
+
+    For available volume types and administration options, refer to the
+    [Administration Guide](https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3.1/html/Administration_Guide/part-Overview.html).
+
+    For further reference information, see
+    [How to configure Heketi](https://github.com/heketi/heketi/wiki/Setting-up-the-topology).
+
+    When persistent volumes are dynamically provisioned, the Gluster plugin
+    automatically creates an endpoint and a headless service in the name
+    `gluster-dynamic-<claimname>`. The dynamic endpoint and service are automatically
+    deleted when the persistent volume claim is deleted.
+-->
+* `volumetype`：卷的类型及其参数可以用这个可选值进行配置。如果未声明卷类型，则由分配器决定卷的类型。
+
+    例如：
+    'Replica volume': `volumetype: replicate:3` 其中 '3' 是 replica 数量.
+    'Disperse/EC volume': `volumetype: disperse:4:2` 其中 '4' 是数据，'2' 是冗余数量.
+    'Distribute volume': `volumetype: none`
+
+    有关可用的卷类型和管理选项，请参阅 [管理指南](https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3.1/html/Administration_Guide/part-Overview.html)。
+
+    更多相关的参考信息，请参阅 [如何配置 Heketi](https://github.com/heketi/heketi/wiki/Setting-up-the-topology)。
+
+    当动态分配持久卷时，Gluster 插件自动创建名为 `gluster-dynamic-<claimname>` 的端点和 headless service。在 PVC 被删除时动态端点和 headless service 会自动被删除。
+
+### OpenStack Cinder
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: gold
+provisioner: kubernetes.io/cinder
+parameters:
+  availability: nova
+```
+
+<!--
+* `availability`: Availability Zone. If not specified, volumes are generally
+  round-robin-ed across all active zones where Kubernetes cluster has a node.
+-->
+* `availability`：可用区域。如果没有指定，通常卷会在 Kubernetes 集群节点所在的活动区域中轮询调度分配。
+
+<!--
+{{< note >}}
+{{< feature-state state="deprecated" for_k8s_version="1.11" >}}
+This internal provisioner of OpenStack is deprecated. Please use [the external cloud provider for OpenStack](https://github.com/kubernetes/cloud-provider-openstack).
+{{< /note >}}
+ -->
+{{< note >}}
+{{< feature-state state="deprecated" for_k8s_version="1.11" >}}
+OpenStack 的内部驱动程序已经被弃用。请使用 [OpenStack 的外部驱动程序](https://github.com/kubernetes/cloud-provider-openstack)。
+{{< /note >}}
+
+### vSphere
+
+<!--
+1. Create a StorageClass with a user specified disk format.
+ -->
+1. 使用用户指定的磁盘格式创建一个 StorageClass。
+
+    ```yaml
+    kind: StorageClass
+    apiVersion: storage.k8s.io/v1
+    metadata:
+      name: fast
+    provisioner: kubernetes.io/vsphere-volume
+    parameters:
+      diskformat: zeroedthick
+    ```
+
+<!--
+    `diskformat`: `thin`, `zeroedthick` and `eagerzeroedthick`. Default: `"thin"`.
+ -->
+    `diskformat`: `thin`, `zeroedthick` 和 `eagerzeroedthick`。默认值: `"thin"`。
+
+<!--    
+2. Create a StorageClass with a disk format on a user specified datastore.
+-->
+2. 在用户指定的数据存储上创建磁盘格式的 StorageClass。
+
+    ```yaml
+    kind: StorageClass
+    apiVersion: storage.k8s.io/v1
+    metadata:
+      name: fast
+    provisioner: kubernetes.io/vsphere-volume
+    parameters:
+        diskformat: zeroedthick
+        datastore: VSANDatastore
+    ```
+
+<!--
+    `datastore`: The user can also specify the datastore in the StorageClass.
+    The volume will be created on the datastore specified in the storage class,
+    which in this case is `VSANDatastore`. This field is optional. If the
+    datastore is not specified, then the volume will be created on the datastore
+    specified in the vSphere config file used to initialize the vSphere Cloud
+    Provider.
+-->
+    `datastore`：用户也可以在 StorageClass 中指定数据存储。卷将在 storage class 中指定的数据存储上创建，在这种情况下是 `VSANDatastore`。该字段是可选的。如果未指定数据存储，则将在用于初始化 vSphere Cloud Provider 的 vSphere 配置文件中指定的数据存储上创建该卷。
+
+<!--
+3. Storage Policy Management inside kubernetes
+-->
+3. Kubernetes 中的存储策略管理
+
+<!--
+    * Using existing vCenter SPBM policy
+
+        One of the most important features of vSphere for Storage Management is
+        policy based Management. Storage Policy Based Management (SPBM) is a
+        storage policy framework that provides a single unified control plane
+        across a broad range of data services and storage solutions. SPBM enables
+        vSphere administrators to overcome upfront storage provisioning challenges,
+        such as capacity planning, differentiated service levels and managing
+        capacity headroom.
+
+        The SPBM policies can be specified in the StorageClass using the
+        `storagePolicyName` parameter.
+-->
+    * 使用现有的 vCenter SPBM 策略
+
+        vSphere 用于存储管理的最重要特性之一是基于策略的管理。基于存储策略的管理（SPBM）是一个存储策略框架，提供单一的统一控制平面的跨越广泛的数据服务和存储解决方案。 SPBM 使能 vSphere 管理员克服先期的存储配置挑战，如容量规划，差异化服务等级和管理容量空间。
+
+        SPBM 策略可以在 StorageClass 中使用 `storagePolicyName` 参数声明。
+
+<!--
+    * Virtual SAN policy support inside Kubernetes
+
+        Vsphere Infrastructure (VI) Admins will have the ability to specify custom
+        Virtual SAN Storage Capabilities during dynamic volume provisioning. You
+        can now define storage requirements, such as performance and availability,
+        in the form of storage capabilities during dynamic volume provisioning.
+        The storage capability requirements are converted into a Virtual SAN
+        policy which are then pushed down to the Virtual SAN layer when a
+        persistent volume (virtual disk) is being created. The virtual disk is
+        distributed across the Virtual SAN datastore to meet the requirements.
+
+        You can see [Storage Policy Based Management for dynamic provisioning of volumes](https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/policy-based-mgmt.html)
+        for more details on how to use storage policies for persistent volumes
+        management.
+-->
+    * Kubernetes 内的 Virtual SAN 策略支持
+
+        Vsphere Infrastructure（VI）管理员将能够在动态卷配置期间指定自定义 Virtual SAN 存储功能。您现在可以定义存储需求，例如性能和可用性，当动态卷供分配时会以存储功能的形式提供。存储功能需求会转换为 Virtual SAN 策略，然后当 persistent volume（虚拟磁盘）在创建时，会将其推送到 Virtual SAN 层。虚拟磁盘分布在 Virtual SAN 数据存储中以满足要求。
+
+        更多有关 persistent volume 管理的存储策略的详细信息，
+        您可以参考 [基于存储策略的动态分配卷管理](https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/policy-based-mgmt.html)。
+
+<!--
+There are few
+[vSphere examples](https://github.com/kubernetes/examples/tree/master/staging/volumes/vsphere)
+which you try out for persistent volume management inside Kubernetes for vSphere.
+-->
+有几个 [vSphere 例子](https://github.com/kubernetes/examples/tree/master/staging/volumes/vsphere)
+供您在 Kubernetes for vSphere 中尝试进行 persistent volume 管理。
+
+### Ceph RBD
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: fast
+provisioner: kubernetes.io/rbd
+parameters:
+  monitors: 10.16.153.105:6789
+  adminId: kube
+  adminSecretName: ceph-secret
+  adminSecretNamespace: kube-system
+  pool: kube
+  userId: kube
+  userSecretName: ceph-secret-user
+  userSecretNamespace: default
+  fsType: ext4
+  imageFormat: "2"
+  imageFeatures: "layering"
+```
+
+<!--
+* `monitors`: Ceph monitors, comma delimited. This parameter is required.
+* `adminId`: Ceph client ID that is capable of creating images in the pool.
+  Default is "admin".
+* `adminSecretName`: Secret Name for `adminId`. This parameter is required.
+  The provided secret must have type "kubernetes.io/rbd".
+* `adminSecretNamespace`: The namespace for `adminSecretName`. Default is "default".
+* `pool`: Ceph RBD pool. Default is "rbd".
+* `userId`: Ceph client ID that is used to map the RBD image. Default is the
+  same as `adminId`.
+-->
+* `monitors`：Ceph monitor，逗号分隔。该参数是必需的。
+* `adminId`：Ceph 客户端 ID，用于在池 ceph 池中创建映像。默认是 "admin"。
+* `adminSecret`：`adminId` 的 Secret 名称。该参数是必需的。
+  提供的 secret 必须有值为 "kubernetes.io/rbd" 的 type 参数。
+* `adminSecretNamespace`：`adminSecret` 的命名空间。默认是 "default"。
+* `pool`: Ceph RBD 池. 默认是 "rbd"。
+* `userId`：Ceph 客户端 ID，用于映射 RBD 镜像。默认与 `adminId` 相同。
+<!--
+* `userSecretName`: The name of Ceph Secret for `userId` to map RBD image. It
+  must exist in the same namespace as PVCs. This parameter is required.
+  The provided secret must have type "kubernetes.io/rbd", e.g. created in this
+  way:
+
+    ```shell
+    kubectl create secret generic ceph-secret --type="kubernetes.io/rbd" \
+      --from-literal=key='QVFEQ1pMdFhPUnQrSmhBQUFYaERWNHJsZ3BsMmNjcDR6RFZST0E9PQ==' \
+      --namespace=kube-system
+    ```
+-->
+* `userSecretName`：用于映射 RBD 镜像的 `userId` 的 Ceph Secret 的名字。
+  它必须与 PVC 存在于相同的 namespace 中。该参数是必需的。
+  提供的 secret 必须具有值为 "kubernetes.io/rbd" 的 type 参数，例如以这样的方式创建：
+
+    ```shell
+    kubectl create secret generic ceph-secret --type="kubernetes.io/rbd" \
+      --from-literal=key='QVFEQ1pMdFhPUnQrSmhBQUFYaERWNHJsZ3BsMmNjcDR6RFZST0E9PQ==' \
+      --namespace=kube-system
+    ```
+
+<!--
+* `userSecretNamespace`: The namespace for `userSecretName`.
+* `fsType`: fsType that is supported by kubernetes. Default: `"ext4"`.
+* `imageFormat`: Ceph RBD image format, "1" or "2". Default is "2".
+* `imageFeatures`: This parameter is optional and should only be used if you
+  set `imageFormat` to "2". Currently supported features are `layering` only.
+  Default is "", and no features are turned on.
+-->
+* `userSecretNamespace`：`userSecretName` 的命名空间。
+* `fsType`：Kubernetes 支持的 fsType。默认：`"ext4"`。
+* `imageFormat`：Ceph RBD 镜像格式，"1" 或者 "2"。默认值是 "1"。
+* `imageFeatures`：这个参数是可选的，只能在你将 `imageFormat` 设置为 "2" 才使用。
+  目前支持的功能只是 `layering`。默认是 ""，没有功能打开。
+
+### Quobyte
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+   name: slow
+provisioner: kubernetes.io/quobyte
+parameters:
+    quobyteAPIServer: "http://138.68.74.142:7860"
+    registry: "138.68.74.142:7861"
+    adminSecretName: "quobyte-admin-secret"
+    adminSecretNamespace: "kube-system"
+    user: "root"
+    group: "root"
+    quobyteConfig: "BASE"
+    quobyteTenant: "DEFAULT"
+```
+
+<!--
+* `quobyteAPIServer`: API Server of Quobyte in the format
+  `"http(s)://api-server:7860"`
+* `registry`: Quobyte registry to use to mount the volume. You can specify the
+  registry as ``<host>:<port>`` pair or if you want to specify multiple
+  registries you just have to put a comma between them e.q.
+  ``<host1>:<port>,<host2>:<port>,<host3>:<port>``.
+  The host can be an IP address or if you have a working DNS you can also
+  provide the DNS names.
+* `adminSecretNamespace`: The namespace for `adminSecretName`.
+  Default is "default".
+-->
+* `quobyteAPIServer`：Quobyte API 服务器的格式是
+  `"http(s)://api-server:7860"`
+* `registry`：用于挂载卷的 Quobyte registry。你可以指定 registry 为 ``<host>:<port>``
+  或者如果你想指定多个 registry，你只需要在他们之间添加逗号，例如
+  ``<host1>:<port>,<host2>:<port>,<host3>:<port>``。
+  主机可以是一个 IP 地址，或者如果您有正在运行的 DNS，您也可以提供 DNS 名称。
+* `adminSecretNamespace`：`adminSecretName`的 namespace。
+  默认值是 "default"。
+<!--
+* `adminSecretName`: secret that holds information about the Quobyte user and
+  the password to authenticate against the API server. The provided secret
+  must have type "kubernetes.io/quobyte", e.g. created in this way:
+
+    ```shell
+    kubectl create secret generic quobyte-admin-secret \
+      --type="kubernetes.io/quobyte" --from-literal=key='opensesame' \
+      --namespace=kube-system
+    ```
+
+-->
+* `adminSecretName`：保存关于 Quobyte 用户和密码的 secret，用于对 API 服务器进行身份验证。
+  提供的 secret 必须有值为 "kubernetes.io/quobyte" 的 type 参数，例如以这种方式创建：
+
+    ```shell
+    kubectl create secret generic quobyte-admin-secret \
+      --type="kubernetes.io/quobyte" --from-literal=key='opensesame' \
+      --namespace=kube-system
+    ```
+<!--
+* `user`: maps all access to this user. Default is "root".
+* `group`: maps all access to this group. Default is "nfsnobody".
+* `quobyteConfig`: use the specified configuration to create the volume. You
+  can create a new configuration or modify an existing one with the Web
+  console or the quobyte CLI. Default is "BASE".
+* `quobyteTenant`: use the specified tenant ID to create/delete the volume.
+  This Quobyte tenant has to be already present in Quobyte.
+  Default is "DEFAULT".
+-->
+* `user`：对这个用户映射的所有访问权限。默认是 "root"。
+* `group`：对这个组映射的所有访问权限。默认是 "nfsnobody"。
+* `quobyteConfig`：使用指定的配置来创建卷。您可以创建一个新的配置，或者，可以修改 Web console 或
+  quobyte CLI 中现有的配置。默认是 "BASE"。
+* `quobyteTenant`：使用指定的租户 ID 创建/删除卷。这个 Quobyte 租户必须已经于 Quobyte。
+  默认是 "DEFAULT"。
+
+<!--
+### Azure Disk
+-->
+### Azure 磁盘
+
+<!--
+#### Azure Unmanaged Disk Storage Class
+-->
+#### Azure Unmanaged Disk Storage Class（非托管磁盘存储类）
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: slow
+provisioner: kubernetes.io/azure-disk
+parameters:
+  skuName: Standard_LRS
+  location: eastus
+  storageAccount: azure_storage_account_name
+```
+
+<!--
+* `skuName`: Azure storage account Sku tier. Default is empty.
+* `location`: Azure storage account location. Default is empty.
+* `storageAccount`: Azure storage account name. If a storage account is provided,
+  it must reside in the same resource group as the cluster, and `location` is
+  ignored. If a storage account is not provided, a new storage account will be
+  created in the same resource group as the cluster.
+-->
+* `skuName`：Azure 存储帐户 Sku 层。默认为空。
+* `location`：Azure 存储帐户位置。默认为空。
+* `storageAccount`：Azure 存储帐户名称。如果提供存储帐户，它必须位于与集群相同的资源组中，并且 `location` 是被忽略的。如果未提供存储帐户，则会在与群集相同的资源组中创建新的存储帐户。
+
+<!--
+#### New Azure Disk Storage Class (starting from v1.7.2)
+-->
+#### 新的 Azure 磁盘 Storage Class（从 v1.7.2 开始）
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: slow
+provisioner: kubernetes.io/azure-disk
+parameters:
+  storageaccounttype: Standard_LRS
+  kind: Shared
+```
+
+<!--
+* `storageaccounttype`: Azure storage account Sku tier. Default is empty.
+* `kind`: Possible values are `shared` (default), `dedicated`, and `managed`.
+  When `kind` is `shared`, all unmanaged disks are created in a few shared
+  storage accounts in the same resource group as the cluster. When `kind` is
+  `dedicated`, a new dedicated storage account will be created for the new
+  unmanaged disk in the same resource group as the cluster. When `kind` is
+  `managed`, all managed disks are created in the same resource group as
+  the cluster.
+-->
+* `storageaccounttype`：Azure 存储帐户 Sku 层。默认为空。
+* `kind`：可能的值是 `shared`（默认）、`dedicated` 和 `managed`。
+  当 `kind` 的值是 `shared` 时，所有非托管磁盘都在集群的同一个资源组中的几个共享存储帐户中创建。
+  当 `kind` 的值是 `dedicated` 时，将为在集群的同一个资源组中新的非托管磁盘创建新的专用存储帐户。
+
+<!--
+- Premium VM can attach both Standard_LRS and Premium_LRS disks, while Standard
+  VM can only attach Standard_LRS disks.
+- Managed VM can only attach managed disks and unmanaged VM can only attach
+  unmanaged disks.
+-->
+- Premium VM 可以同时添加 Standard_LRS 和 Premium_LRS 磁盘，而 Standard 虚拟机只能添加 Standard_LRS 磁盘。
+- 托管虚拟机只能连接托管磁盘，非托管虚拟机只能连接非托管磁盘。
+
+<!--
+### Azure File
+-->
+### Azure 文件
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: azurefile
+provisioner: kubernetes.io/azure-file
+parameters:
+  skuName: Standard_LRS
+  location: eastus
+  storageAccount: azure_storage_account_name
+```
+
+<!--
+* `skuName`: Azure storage account Sku tier. Default is empty.
+* `location`: Azure storage account location. Default is empty.
+* `storageAccount`: Azure storage account name.  Default is empty. If a storage
+  account is not provided, all storage accounts associated with the resource
+  group are searched to find one that matches `skuName` and `location`. If a
+  storage account is provided, it must reside in the same resource group as the
+  cluster, and `skuName` and `location` are ignored.
+-->
+* `skuName`：Azure 存储帐户 Sku 层。默认为空。
+* `location`：Azure 存储帐户位置。默认为空。
+* `storageAccount`：Azure 存储帐户名称。默认为空。
+  如果不提供存储帐户，会搜索所有与资源相关的存储帐户，以找到一个匹配 `skuName` 和 `location` 的账号。
+  如果提供存储帐户，它必须存在于与集群相同的资源组中，`skuName` 和 `location` 会被忽略。
+
+<!--
+During provision, a secret is created for mounting credentials. If the cluster
+has enabled both [RBAC](/docs/reference/access-authn-authz/rbac/) and
+[Controller Roles](/docs/reference/access-authn-authz/rbac/#controller-roles),
+add the `create` permission of resource `secret` for clusterrole
+`system:controller:persistent-volume-binder`.
+-->
+在分配期间，为挂载凭证创建一个 secret。如果集群同时启用了 [RBAC](/docs/admin/authorization/rbac/) 和 [Controller Roles](/docs/admin/authorization/rbac/#controller-roles)，
+为 `system:controller:persistent-volume-binder` 的 clusterrole 添加 `secret` 资源的 `create` 权限。
+
+<!--
+### Portworx Volume
+ -->
+### Portworx 卷
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: portworx-io-priority-high
+provisioner: kubernetes.io/portworx-volume
+parameters:
+  repl: "1"
+  snap_interval:   "70"
+  io_priority:  "high"
+
+```
+
+<!--
+* `fs`: filesystem to be laid out: [none/xfs/ext4] (default: `ext4`).
+* `block_size`: block size in Kbytes (default: `32`).
+* `repl`: number of synchronous replicas to be provided in the form of
+  replication factor [1..3] (default: `1`) A string is expected here i.e.
+  `"1"` and not `1`.
+* `io_priority`: determines whether the volume will be created from higher
+  performance or a lower priority storage [high/medium/low] (default: `low`).
+* `snap_interval`: clock/time interval in minutes for when to trigger snapshots.
+  Snapshots are incremental based on difference with the prior snapshot, 0
+  disables snaps (default: `0`). A string is expected here i.e.
+  `"70"` and not `70`.
+* `aggregation_level`: specifies the number of chunks the volume would be
+  distributed into, 0 indicates a non-aggregated volume (default: `0`). A string
+  is expected here i.e. `"0"` and not `0`
+* `ephemeral`: specifies whether the volume should be cleaned-up after unmount
+  or should be persistent. `emptyDir` use case can set this value to true and
+  `persistent volumes` use case such as for databases like Cassandra should set
+  to false, [true/false] (default `false`). A string is expected here i.e.
+  `"true"` and not `true`.
+-->
+* `fs`：选择的文件系统：[none/xfs/ext4]（默认：`ext4`）。
+* `block_size`：以 Kbytes 为单位的块大小（默认值：`32`）。
+* `repl`：同步副本数量，以复制因子 [1..3]（默认值：`1`）的形式提供。
+  这里需要填写字符串，即，`"1"` 而不是 `1`。
+* `io_priority`：决定是否从更高性能或者较低优先级存储创建卷 [high/medium/low]（默认值：`low`）。
+* `snap_interval`：触发快照的时钟/时间间隔（分钟）。快照是基于与先前快照的增量变化，0 是禁用快照（默认：`0`）。
+  这里需要填写字符串，即，是 `"70"` 而不是 `70`。
+* `aggregation_level`：指定卷分配到的块数量，0 表示一个非聚合卷（默认：`0`）。
+  这里需要填写字符串，即，是 `"0"` 而不是 `0`。
+* `ephemeral`：指定卷在卸载后进行清理还是持久化。 `emptyDir` 的使用场景可以将这个值设置为 true ，
+  `persistent volumes` 的使用场景可以将这个值设置为 false（例如 Cassandra 这样的数据库）[true/false]（默认为 `false`）。这里需要填写字符串，即，是 `"true"` 而不是 `true`。
+
+### ScaleIO
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: slow
+provisioner: kubernetes.io/scaleio
+parameters:
+  gateway: https://192.168.99.200:443/api
+  system: scaleio
+  protectionDomain: pd0
+  storagePool: sp1
+  storageMode: ThinProvisioned
+  secretRef: sio-secret
+  readOnly: false
+  fsType: xfs
+```
+
+<!--
+* `provisioner`: attribute is set to `kubernetes.io/scaleio`
+* `gateway`: address to a ScaleIO API gateway (required)
+* `system`: the name of the ScaleIO system (required)
+* `protectionDomain`: the name of the ScaleIO protection domain (required)
+* `storagePool`: the name of the volume storage pool (required)
+* `storageMode`: the storage provision mode: `ThinProvisioned` (default) or
+  `ThickProvisioned`
+* `secretRef`: reference to a configured Secret object (required)
+* `readOnly`: specifies the access mode to the mounted volume (default false)
+* `fsType`: the file system to use for the volume (default ext4)
+-->
+* `provisioner`：属性设置为 `kubernetes.io/scaleio`
+* `gateway` 到 ScaleIO API 网关的地址（必需）
+* `system`：ScaleIO 系统的名称（必需）
+* `protectionDomain`：ScaleIO 保护域的名称（必需）
+* `storagePool`：卷存储池的名称（必需）
+* `storageMode`：存储提供模式：`ThinProvisioned`（默认）或 `ThickProvisioned`
+* `secretRef`：对已配置的 Secret 对象的引用（必需）
+* `readOnly`：指定挂载卷的访问模式（默认为 false）
+* `fsType`：卷的文件系统（默认是 ext4）
+
+<!--
+The ScaleIO Kubernetes volume plugin requires a configured Secret object.
+The secret must be created with type `kubernetes.io/scaleio` and use the same
+namespace value as that of the PVC where it is referenced
+as shown in the following command:
+
+```shell
+kubectl create secret generic sio-secret --type="kubernetes.io/scaleio" \
+--from-literal=username=sioadmin --from-literal=password=d2NABDNjMA== \
+--namespace=default
+```
+-->
+ScaleIO Kubernetes 卷插件需要配置一个 Secret 对象。
+secret 必须用 `kubernetes.io/scaleio` 类型创建，并与引用它的 PVC 所属的名称空间使用相同的值
+如下面的命令所示：
+
+```shell
+kubectl create secret generic sio-secret --type="kubernetes.io/scaleio" \
+--from-literal=username=sioadmin --from-literal=password=d2NABDNjMA== \
+--namespace=default
+```
+
+### StorageOS
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: fast
+provisioner: kubernetes.io/storageos
+parameters:
+  pool: default
+  description: Kubernetes volume
+  fsType: ext4
+  adminSecretNamespace: default
+  adminSecretName: storageos-secret
+```
+
+<!--
+* `pool`: The name of the StorageOS distributed capacity pool to provision the
+  volume from.  Uses the `default` pool which is normally present if not specified.
+* `description`: The description to assign to volumes that were created dynamically.
+  All volume descriptions will be the same for the storage class, but different
+  storage classes can be used to allow descriptions for different use cases.
+  Defaults to `Kubernetes volume`.
+* `fsType`: The default filesystem type to request. Note that user-defined rules
+  within StorageOS may override this value.  Defaults to `ext4`.
+* `adminSecretNamespace`: The namespace where the API configuration secret is
+  located. Required if adminSecretName set.
+* `adminSecretName`: The name of the secret to use for obtaining the StorageOS
+  API credentials. If not specified, default values will be attempted.
+-->
+* `pool`：分配卷的 StorageOS 分布式容量池的名称。如果未指定，则使用通常存在的 `default` 池。
+* `description`：分配给动态创建的卷的描述。所有卷描述对于 storage class 都是相同的，
+  但不同的 storage class 可以使用不同的描述，以区分不同的使用场景。
+  默认为 `Kubernetas volume`。
+* `fsType`：请求的默认文件系统类型。请注意，在 StorageOS 中用户定义的规则可以覆盖此值。默认为 `ext4`
+* `adminSecretNamespace`：API 配置 secret 所在的命名空间。如果设置了 adminSecretName，则是必需的。
+* `adminSecretName`：用于获取 StorageOS API 凭证的 secret 名称。如果未指定，则将尝试默认值。
+
+<!--
+The StorageOS Kubernetes volume plugin can use a Secret object to specify an
+endpoint and credentials to access the StorageOS API. This is only required when
+the defaults have been changed.
+The secret must be created with type `kubernetes.io/storageos` as shown in the
+following command:
+
+```shell
+kubectl create secret generic storageos-secret \
+--type="kubernetes.io/storageos" \
+--from-literal=apiAddress=tcp://localhost:5705 \
+--from-literal=apiUsername=storageos \
+--from-literal=apiPassword=storageos \
+--namespace=default
+```
+-->
+StorageOS Kubernetes 卷插件可以使 Secret 对象来指定用于访问 StorageOS API 的端点和凭据。
+只有当默认值已被更改时，这才是必须的。
+secret 必须使用 `kubernetes.io/storageos` 类型创建，如以下命令：
+
+```shell
+kubectl create secret generic storageos-secret \
+--type="kubernetes.io/storageos" \
+--from-literal=apiAddress=tcp://localhost:5705 \
+--from-literal=apiUsername=storageos \
+--from-literal=apiPassword=storageos \
+--namespace=default
+```
+
+<!--
+Secrets used for dynamically provisioned volumes may be created in any namespace
+and referenced with the `adminSecretNamespace` parameter. Secrets used by
+pre-provisioned volumes must be created in the same namespace as the PVC that
+references it.
+-->
+用于动态分配卷的 Secret 可以在任何名称空间中创建，并通过 `adminSecretNamespace` 参数引用。
+预先配置的卷使用的 Secret 必须在与引用它的 PVC 在相同的名称空间中。
+
+<!--
+### Local
+-->
+### 本地
+
+{{< feature-state for_k8s_version="v1.10" state="beta" >}}
+
+```yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: local-storage
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+```
+
+<!--
+Local volumes do not support dynamic provisioning yet, however a StorageClass
+should still be created to delay volume binding until pod scheduling. This is
+specified by the `WaitForFirstConsumer` volume binding mode.
+-->
+本地卷还不支持动态分配，然而还是需要创建 StorageClass 以延迟卷绑定，直到完成 pod 的调度。这是由 `WaitForFirstConsumer` 卷绑定模式指定的。
+
+<!--
+Delaying volume binding allows the scheduler to consider all of a pod's
+scheduling constraints when choosing an appropriate PersistentVolume for a
+PersistentVolumeClaim.
+-->
+延迟卷绑定使得调度器在为 PersistentVolumeClaim 选择一个合适的 PersistentVolume 时能考虑到所有 pod 的调度限制。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/storage/storage-limits.md b/content/zh/docs/concepts/storage/storage-limits.md
new file mode 100644
index 0000000000000..832c6b5c9ed00
--- /dev/null
+++ b/content/zh/docs/concepts/storage/storage-limits.md
@@ -0,0 +1,140 @@
+---
+title: 特定于节点的卷数限制
+content_template: templates/concept
+---
+
+<!-- ---
+reviewers:
+- jsafrane
+- saad-ali
+- thockin
+- msau42
+title: Node-specific Volume Limits
+content_template: templates/concept
+---
+ -->
+
+{{% capture overview %}}
+
+<!-- This page describes the maximum number of volumes that can be attached
+to a Node for various cloud providers. -->
+此页面描述了各个云供应商可关联至一个节点的最大卷数。
+
+<!-- Cloud providers like Google, Amazon, and Microsoft typically have a limit on
+how many volumes can be attached to a Node. It is important for Kubernetes to
+respect those limits. Otherwise, Pods scheduled on a Node could get stuck
+waiting for volumes to attach. -->
+
+谷歌、亚马逊和微软等云供应商通常对可以关联到节点的卷数量进行限制。 
+Kubernetes 需要尊重这些限制。 否则，在节点上调度的 Pod 可能会卡住去等待卷的关联。
+
+
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!-- ## Kubernetes default limits
+
+The Kubernetes scheduler has default limits on the number of volumes
+that can be attached to a Node: -->
+
+## Kubernetes 的默认限制
+
+The Kubernetes 调度器对关联于一个节点的卷数有默认限制：
+<!-- 
+<table>
+  <tr><th>Cloud service</th><th>Maximum volumes per Node</th></tr>
+  <tr><td><a href="https://aws.amazon.com/ebs/">Amazon Elastic Block Store (EBS)</a></td><td>39</td></tr>
+  <tr><td><a href="https://cloud.google.com/persistent-disk/">Google Persistent Disk</a></td><td>16</td></tr>
+  <tr><td><a href="https://azure.microsoft.com/en-us/services/storage/main-disks/">Microsoft Azure Disk Storage</a></td><td>16</td></tr>
+</table>
+ -->
+<table>
+  <tr><th>云服务</th><th>每节点最大卷数</th></tr>
+  <tr><td><a href="https://aws.amazon.com/ebs/">Amazon Elastic Block Store (EBS)</a></td><td>39</td></tr>
+  <tr><td><a href="https://cloud.google.com/persistent-disk/">Google Persistent Disk</a></td><td>16</td></tr>
+  <tr><td><a href="https://azure.microsoft.com/en-us/services/storage/main-disks/">Microsoft Azure Disk Storage</a></td><td>16</td></tr>
+</table>
+
+<!-- ## Custom limits
+
+You can change these limits by setting the value of the
+`KUBE_MAX_PD_VOLS` environment variable, and then starting the scheduler.
+
+Use caution if you set a limit that is higher than the default limit. Consult
+the cloud provider's documentation to make sure that Nodes can actually support
+the limit you set.
+
+The limit applies to the entire cluster, so it affects all Nodes. -->
+
+## 自定义限制
+
+您可以通过设置 `KUBE_MAX_PD_VOLS` 环境变量的值来设置这些限制，然后再启动调度器。
+
+如果设置的限制高于默认限制，请谨慎使用。请参阅云提供商的文档以确保节点可支持您设置的限制。
+
+此限制应用于整个集群，所以它会影响所有节点。
+
+<!-- ## Dynamic volume limits -->
+
+## 动态卷限制
+
+{{< feature-state state="beta" for_k8s_version="v1.12" >}}
+
+<!-- Kubernetes 1.11 introduced support for dynamic volume limits based on Node type as an Alpha feature.
+In Kubernetes 1.12 this feature is graduating to Beta and will be enabled by default.
+
+Dynamic volume limits is supported for following volume types.
+
+- Amazon EBS
+- Google Persistent Disk
+- Azure Disk
+- CSI -->
+
+Kubernetes 1.11 引入了基于节点类型的动态卷限制的支持作为 Alpha 功能。
+在 Kubernetes 1.12 中，此功能升级到 Beta 版，将默认开启。
+
+以下卷类型支持动态卷限制。
+
+- Amazon EBS
+- Google Persistent Disk
+- Azure Disk
+- CSI
+
+<!-- When the dynamic volume limits feature is enabled, Kubernetes automatically
+determines the Node type and enforces the appropriate number of attachable
+volumes for the node. For example: -->
+
+启用动态卷限制功能后，Kubernetes 会自动确定节点类型并确保节点上可关联的卷数目合规。 例如：
+
+<!-- * On
+<a href="https://cloud.google.com/compute/">Google Compute Engine</a>,
+up to 128 volumes can be attached to a node, [depending on the node
+type](https://cloud.google.com/compute/docs/disks/#pdnumberlimits).
+
+* For Amazon EBS disks on M5,C5,R5,T3 and Z1D instance types, Kubernetes allows only 25
+volumes to be attached to a Node. For other instance types on
+<a href="https://aws.amazon.com/ec2/">Amazon Elastic Compute Cloud (EC2)</a>,
+Kubernetes allows 39 volumes to be attached to a Node.
+
+* On Azure, up to 64 disks can be attached to a node, depending on the node type. For more details, refer to [Sizes for virtual machines in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes).
+
+* For CSI, any driver that advertises volume attach limits via CSI specs will have those limits available as the Node's allocatable property
+  and the Scheduler will not schedule Pods with volumes on any Node that is already at its capacity. Refer to the [CSI specs](https://github.com/container-storage-interface/spec/blob/master/spec.md#nodegetinfo) for more details. -->
+
+* 在
+<a href="https://cloud.google.com/compute/">Google Compute Engine</a>环境中,
+[根据节点类型](https://cloud.google.com/compute/docs/disks/#pdnumberlimits)最多可以将128个卷关联到节点。
+
+* 对于 M5、C5、R5、T3 和 Z1D 类型实例的 Amazon EBS 磁盘，Kubernetes 仅允许 25 个卷关联到节点。
+对于 ec2 上的其他实例类型
+<a href="https://aws.amazon.com/ec2/">Amazon Elastic Compute Cloud (EC2)</a>,
+Kubernetes 允许 39 个卷关联至节点。
+
+* 在 Azure 环境中, 根据节点类型，最多 64 个磁盘可以关联至一个节点。
+更多详细信息，请参阅[Azure 虚拟机的数量大小](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes)。
+
+* 对于 CSI，任何符合 CSI 规范中卷关联限制的驱动都将这些限制作为 Node 的 allocatable 属性。调度器不会往已经达到其容量限制的任何节点上调度具有卷的Pod。 参考 [CSI 规范](https://github.com/container-storage-interface/spec/blob/master/spec.md#nodegetinfo) 获取更多详细信息。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/storage/volume-snapshot-classes.md b/content/zh/docs/concepts/storage/volume-snapshot-classes.md
new file mode 100644
index 0000000000000..17ea4de4134e6
--- /dev/null
+++ b/content/zh/docs/concepts/storage/volume-snapshot-classes.md
@@ -0,0 +1,84 @@
+---
+title: 卷快照类
+content_template: templates/concept
+weight: 30
+---
+
+{{% capture overview %}}
+
+<!-- This document describes the concept of `VolumeSnapshotClass` in Kubernetes. Familiarity
+with [volume snapshots](/docs/concepts/storage/volume-snapshots/) and
+[storage classes](/docs/concepts/storage/storage-classes) is suggested. -->
+
+
+本文档描述了 Kubernetes 中 `VolumeSnapshotClass` 的概念。 建议熟悉[卷快照（Volume Snapshots）](/docs/concepts/storage/volume-snapshots/)和[存储类（Storage Class）](/docs/concepts/storage/storage-classes)。
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!-- ## Introduction
+
+Just like `StorageClass` provides a way for administrators to describe the "classes"
+of storage they offer when provisioning a volume, `VolumeSnapshotClass` provides a
+way to describe the "classes" of storage when provisioning a volume snapshot. -->
+
+## 介绍
+
+就像 `StorageClass` 为管理员提供了一种在配置卷时描述存储“类”的方法，`VolumeSnapshotClass` 提供了一种在配置卷快照时描述存储“类”的方法。
+
+<!-- ## The VolumeSnapshotClass Resource
+
+Each `VolumeSnapshotClass` contains the fields `snapshotter` and `parameters`,
+which are used when a `VolumeSnapshot` belonging to the class needs to be
+dynamically provisioned.
+
+The name of a `VolumeSnapshotClass` object is significant, and is how users can
+request a particular class. Administrators set the name and other parameters
+of a class when first creating `VolumeSnapshotClass` objects, and the objects cannot
+be updated once they are created.
+
+Administrators can specify a default `VolumeSnapshotClass` just for VolumeSnapshots
+that don't request any particular class to bind to.
+ -->
+
+## VolumeSnapshotClass 资源
+
+每个 `VolumeSnapshotClass` 都包含 `snapshotter` 和 `parameters` 字段，当需要动态配置属于该类的 `VolumeSnapshot` 时使用。
+
+`VolumeSnapshotClass` 对象的名称很重要，是用户可以请求特定类的方式。
+管理员在首次创建 `VolumeSnapshotClass` 对象时设置类的名称和其他参数，对象一旦创建就无法更新。
+
+管理员可以为不请求任何特定类绑定的 VolumeSnapshots 指定默认的 `VolumeSnapshotClass`。
+
+
+```yaml
+apiVersion: snapshot.storage.k8s.io/v1alpha1
+kind: VolumeSnapshotClass
+metadata:
+  name: csi-hostpath-snapclass
+snapshotter: csi-hostpath
+parameters:
+```
+<!-- 
+### Snapshotter
+
+Volume snapshot classes have a snapshotter that determines what CSI volume plugin is
+used for provisioning VolumeSnapshots. This field must be specified.
+ -->
+ 
+### 快照生成器（Snapshotter）
+
+卷快照类具有一个快照生成器，用于确定配置 VolumeSnapshot 的 CSI 卷插件。 必须指定此字段。
+
+<!-- ## Parameters
+
+Volume snapshot classes have parameters that describe volume snapshots belonging to
+the volume snapshot class. Different parameters may be accepted depending on the
+`snapshotter`. -->
+
+## 参数
+
+卷快照类具有描述属于卷快照类的卷快照参数。 可根据 `snapshotter` 接受不同的参数。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/storage/volumes.md b/content/zh/docs/concepts/storage/volumes.md
new file mode 100644
index 0000000000000..7288ac10a1b0e
--- /dev/null
+++ b/content/zh/docs/concepts/storage/volumes.md
@@ -0,0 +1,2093 @@
+---
+reviewers:
+- jsafrane
+- saad-ali
+- thockin
+- msau42
+title: Volumes
+content_template: templates/concept
+weight: 10
+---
+
+{{% capture overview %}}
+
+<!--
+On-disk files in a Container are ephemeral, which presents some problems for
+non-trivial applications when running in Containers.  First, when a Container
+crashes, kubelet will restart it, but the files will be lost - the
+Container starts with a clean state.  Second, when running Containers together
+in a `Pod` it is often necessary to share files between those Containers.  The
+Kubernetes `Volume` abstraction solves both of these problems.
+-->
+
+容器中的文件在磁盘上是临时存放的，这给容器中运行的特殊应用程序带来一些问题。
+首先，当容器崩溃时，kubelet 将重新启动容器，容器中的文件将会丢失——因为容器会以干净的状态重建。
+其次，当在一个 `Pod` 中同时运行多个容器时，常常需要在这些容器之间共享文件。
+Kubernetes 抽象出 `Volume` 对象来解决这两个问题。
+
+<!--
+Familiarity with [Pods](/docs/user-guide/pods) is suggested.
+-->
+
+阅读本文前建议您熟悉一下 [Pods](/docs/user-guide/pods)。 
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Background
+
+Docker also has a concept of
+[volumes](https://docs.docker.com/engine/admin/volumes/), though it is
+somewhat looser and less managed.  In Docker, a volume is simply a directory on
+disk or in another Container.  Lifetimes are not managed and until very
+recently there were only local-disk-backed volumes.  Docker now provides volume
+drivers, but the functionality is very limited for now (e.g. as of Docker 1.7
+only one volume driver is allowed per Container and there is no way to pass
+parameters to volumes).
+-->
+
+## 背景
+
+Docker 也有 [Volume](https://docs.docker.com/engine/admin/volumes/) 的概念，但对它只有少量且松散的管理。
+在 Docker 中，Volume 是磁盘上或者另外一个容器内的一个目录。
+直到最近，Docker 才支持对基于本地磁盘的 Volume 的生存期进行管理。
+虽然 Docker 现在也能提供 Volume 驱动程序，但是目前功能还非常有限（例如，截至 Docker 1.7，每个容器只允许有一个 Volume 驱动程序，并且无法将参数传递给卷）。
+
+<!--
+A Kubernetes volume, on the other hand, has an explicit lifetime - the same as
+the Pod that encloses it.  Consequently, a volume outlives any Containers that run
+within the Pod, and data is preserved across Container restarts. Of course, when a
+Pod ceases to exist, the volume will cease to exist, too.  Perhaps more
+importantly than this, Kubernetes supports many types of volumes, and a Pod can
+use any number of them simultaneously.
+-->
+
+另一方面，Kubernetes 卷具有明确的生命周期——与包裹它的 Pod 相同。
+因此，卷比 Pod 中运行的任何容器的存活期都长，在容器重新启动时数据也会得到保留。
+当然，当一个 Pod 不再存在时，卷也将不再存在。也许更重要的是，Kubernetes 可以支持许多类型的卷，Pod 也能同时使用任意数量的卷。
+
+<!--
+At its core, a volume is just a directory, possibly with some data in it, which
+is accessible to the Containers in a Pod.  How that directory comes to be, the
+medium that backs it, and the contents of it are determined by the particular
+volume type used.
+-->
+
+卷的核心是包含一些数据的目录，Pod 中的容器可以访问该目录。
+特定的卷类型可以决定这个目录如何形成的，并能决定它支持何种介质，以及目录中存放什么内容。
+
+
+<!--
+To use a volume, a Pod specifies what volumes to provide for the Pod (the
+`.spec.volumes`
+field) and where to mount those into Containers (the
+`.spec.containers.volumeMounts`
+field).
+-->
+
+使用卷时, Pod 声明中需要提供卷的类型 (`.spec.volumes` 字段)和卷挂载的位置 (`.spec.containers.volumeMounts` 字段).
+
+<!--
+A process in a container sees a filesystem view composed from their Docker
+image and volumes.  The [Docker
+image](https://docs.docker.com/userguide/dockerimages/) is at the root of the
+filesystem hierarchy, and any volumes are mounted at the specified paths within
+the image.  Volumes can not mount onto other volumes or have hard links to
+other volumes.  Each Container in the Pod must independently specify where to
+mount each volume.
+-->
+
+容器中的进程能看到由它们的 Docker 镜像和卷组成的文件系统视图。
+[Docker 镜像](https://docs.docker.com/userguide/dockerimages/) 位于文件系统层次结构的根部，并且任何 Volume 都挂载在镜像内的指定路径上。
+卷不能挂载到其他卷，也不能与其他卷有硬链接。
+Pod 中的每个容器必须独立地指定每个卷的挂载位置。
+
+<!--
+## Types of Volumes
+
+Kubernetes supports several types of Volumes:
+-->
+
+## Volume 的类型
+
+Kubernetes 支持下列类型的卷：
+
+
+   * [awsElasticBlockStore](#awselasticblockstore)
+   * [azureDisk](#azuredisk)
+   * [azureFile](#azurefile)
+   * [cephfs](#cephfs)
+   * [configMap](#configmap)
+   * [csi](#csi)
+   * [downwardAPI](#downwardapi)
+   * [emptyDir](#emptydir)
+   * [fc (fibre channel)](#fc)
+   * [flocker](#flocker)
+   * [gcePersistentDisk](#gcepersistentdisk)
+   * [gitRepo (deprecated)](#gitrepo)
+   * [glusterfs](#glusterfs)
+   * [hostPath](#hostpath)
+   * [iscsi](#iscsi)
+   * [local](#local)
+   * [nfs](#nfs)
+   * [persistentVolumeClaim](#persistentvolumeclaim)
+   * [projected](#projected)
+   * [portworxVolume](#portworxvolume)
+   * [quobyte](#quobyte)
+   * [rbd](#rbd)
+   * [scaleIO](#scaleio)
+   * [secret](#secret)
+   * [storageos](#storageos)
+   * [vsphereVolume](#vspherevolume)
+
+<!--
+We welcome additional contributions.
+-->
+
+我们欢迎大家贡献其他的卷类型支持。
+
+### awsElasticBlockStore {#awselasticblockstore}
+
+<!--
+An `awsElasticBlockStore` volume mounts an Amazon Web Services (AWS) [EBS
+Volume](http://aws.amazon.com/ebs/) into your Pod.  Unlike
+`emptyDir`, which is erased when a Pod is removed, the contents of an EBS
+volume are preserved and the volume is merely unmounted.  This means that an
+EBS volume can be pre-populated with data, and that data can be "handed off"
+between Pods.
+-->
+
+`awsElasticBlockStore` 卷将 Amazon Web服务（AWS）[EBS 卷](http://aws.amazon.com/ebs/) 挂载到您的 Pod 中。
+与 `emptyDir` 在删除 Pod 时会被删除不同，EBS 卷的内容在删除 Pod 时会被保留，卷只是被卸载掉了。
+这意味着 EBS 卷可以预先填充数据，并且可以在 Pod 之间传递数据。
+
+{{< caution >}}
+<!--You must create an EBS volume using `aws ec2 create-volume` or the AWS API before you can use it.-->
+您在使用 EBS 卷之前必须先创建它，可以使用 `aws ec2 create-volume` 命令进行创建；也可以使用 AWS API 进行创建。
+{{< /caution >}}
+
+<!--
+There are some restrictions when using an `awsElasticBlockStore` volume:
+
+* the nodes on which Pods are running must be AWS EC2 instances
+* those instances need to be in the same region and availability-zone as the EBS volume
+* EBS only supports a single EC2 instance mounting a volume
+-->
+
+使用 `awsElasticBlockStore` 卷时有一些限制：
+
+* Pod 正在运行的节点必须是 AWS EC2 实例。
+* 这些实例需要与 EBS 卷在相同的地域（region）和可用区（availability-zone）。
+* EBS 卷只支持被挂载到单个 EC2 实例上。
+
+<!--
+#### Creating an EBS volume
+
+Before you can use an EBS volume with a Pod, you need to create it.
+-->
+
+#### 创建 EBS 卷
+
+在将 EBS 卷用到 Pod 上之前，您首先要创建它。
+
+```shell
+aws ec2 create-volume --availability-zone=eu-west-1a --size=10 --volume-type=gp2
+```
+
+<!--
+Make sure the zone matches the zone you brought up your cluster in.  (And also check that the size and EBS volume
+type are suitable for your use!)
+-->
+
+确保该区域与您的群集所在的区域相匹配。（也要检查卷的大小和 EBS 卷类型都适合您的用途！）
+
+<!--
+#### AWS EBS Example configuration
+-->
+
+#### AWS EBS 配置示例
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-ebs
+spec:
+  containers:
+  - image: k8s.gcr.io/test-webserver
+    name: test-container
+    volumeMounts:
+    - mountPath: /test-ebs
+      name: test-volume
+  volumes:
+  - name: test-volume
+    # This AWS EBS volume must already exist.
+    awsElasticBlockStore:
+      volumeID: <volume-id>
+      fsType: ext4
+```
+
+### azureDisk {#azuredisk}
+
+<!--
+A `azureDisk` is used to mount a Microsoft Azure [Data Disk](https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-about-disks-vhds/) into a Pod.
+
+More details can be found [here](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/azure_disk/README.md).
+-->
+
+`azureDisk` 用来在 Pod 上挂载 Microsoft Azure [数据盘（Data Disk）](https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-about-disks-vhds/) .
+更多详情请参考[这里](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/azure_disk/README.md)。
+
+### azureFile {#azurefile}
+
+<!--
+A `azureFile` is used to mount a Microsoft Azure File Volume (SMB 2.1 and 3.0)
+into a Pod.
+
+More details can be found [here](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/azure_file/README.md).
+-->
+
+`azureFile` 用来在 Pod 上挂载 Microsoft Azure 文件卷（File Volume） (SMB 2.1 和 3.0)。
+更多详情请参考[这里](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/azure_file/README.md)。
+
+### cephfs {#cephfs}
+
+<!--
+A `cephfs` volume allows an existing CephFS volume to be
+mounted into your Pod. Unlike `emptyDir`, which is erased when a Pod is
+removed, the contents of a `cephfs` volume are preserved and the volume is merely
+unmounted.  This means that a CephFS volume can be pre-populated with data, and
+that data can be "handed off" between Pods.  CephFS can be mounted by multiple
+writers simultaneously.
+-->
+
+`cephfs` 允许您将现存的 CephFS 卷挂载到 Pod 中。不像 `emptyDir` 那样会在删除 Pod 的同时也会被删除，`cephfs` 卷的内容在删除 Pod 时会被保留，卷只是被卸载掉了。
+这意味着 CephFS 卷可以被预先填充数据，并且这些数据可以在 Pod 之间"传递"。CephFS 卷可同时被多个写者挂载。
+
+
+{{< caution >}}
+<!--You must have your own Ceph server running with the share exported before you can use it.-->
+在您使用 Ceph 卷之前，您的 Ceph 服务器必须正常运行并且要使用的 share 被导出（exported）。
+{{< /caution >}}
+
+<!--
+See the [CephFS example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/cephfs/) for more details.
+-->
+
+更多信息请参考 [CephFS 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/cephfs/)。
+
+### configMap {#configmap}
+
+<!--
+The [`configMap`](/docs/tasks/configure-pod-container/configure-pod-configmap/) resource
+provides a way to inject configuration data into Pods.
+The data stored in a `ConfigMap` object can be referenced in a volume of type
+`configMap` and then consumed by containerized applications running in a Pod.
+-->
+
+[`configMap`](/docs/tasks/configure-pod-container/configure-pod-configmap/) 资源提供了向 Pod 注入配置数据的方法。
+`ConfigMap` 对象中存储的数据可以被 `configMap` 类型的卷引用，然后被应用到 Pod 中运行的容器化应用。
+
+<!--
+When referencing a `configMap` object, you can simply provide its name in the
+volume to reference it. You can also customize the path to use for a specific
+entry in the ConfigMap.
+For example, to mount the `log-config` ConfigMap onto a Pod called `configmap-pod`,
+you might use the YAML below:
+-->
+
+当引用 `configMap` 对象时，你可以简单的在 Volume 中通过它名称来引用。
+还可以自定义 ConfigMap 中特定条目所要使用的路径。
+例如，要将名为 `log-config` 的 ConfigMap 挂载到名为 `configmap-pod` 的 Pod 中，您可以使用下面的 YAML：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: configmap-pod
+spec:
+  containers:
+    - name: test
+      image: busybox
+      volumeMounts:
+        - name: config-vol
+          mountPath: /etc/config
+  volumes:
+    - name: config-vol
+      configMap:
+        name: log-config
+        items:
+          - key: log_level
+            path: log_level
+```
+
+<!--
+The `log-config` ConfigMap is mounted as a volume, and all contents stored in
+its `log_level` entry are mounted into the Pod at path "`/etc/config/log_level`".
+Note that this path is derived from the volume's `mountPath` and the `path`
+keyed with `log_level`.
+-->
+
+`log-config` ConfigMap 是以卷的形式挂载的，
+存储在 `log_level` 条目中的所有内容都被挂载到 Pod 的 "`/etc/config/log_level`" 路径下。
+请注意，这个路径来源于 Volume 的 `mountPath` 和 `log_level` 键对应的 `path`。
+
+{{< caution >}}
+<!--You must create a [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) before you can use it.-->
+在使用 [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) 之前您首先要创建它。
+{{< /caution >}}
+
+{{< note >}}
+<!--
+A Container using a ConfigMap as a [subPath](#using-subpath) volume mount will not
+receive ConfigMap updates.
+-->
+容器以 [subPath](#using-subpath) 卷挂载方式使用 ConfigMap 时，将无法接收 ConfigMap 的更新。
+{{< /note >}}
+
+### downwardAPI {#downwardapi}
+
+<!--
+A `downwardAPI` volume is used to make downward API data available to applications.
+It mounts a directory and writes the requested data in plain text files.
+-->
+
+`downwardAPI` 卷用于使 downward API 数据对应用程序可用。
+这种卷类型挂载一个目录并在纯文本文件中写入请求的数据。 
+
+{{< note >}}
+<!--A Container using Downward API as a [subPath](#using-subpath) volume mount will not
+receive Downward API updates.-->
+容器以挂载 [subPath](#using-subpath) 卷的方式使用 downwardAPI 时，将不能接收到它的更新。
+{{< /note >}}
+
+<!--
+See the [`downwardAPI` volume example](/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/)  for more details.
+-->
+更多详细信息请参考 [`downwardAPI` 卷示例](/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/)。
+
+### emptyDir {#emptydir}
+
+<!--
+An `emptyDir` volume is first created when a Pod is assigned to a Node, and
+exists as long as that Pod is running on that node.  As the name says, it is
+initially empty.  Containers in the Pod can all read and write the same
+files in the `emptyDir` volume, though that volume can be mounted at the same
+or different paths in each Container.  When a Pod is removed from a node for
+any reason, the data in the `emptyDir` is deleted forever.
+-->
+
+当 Pod 指定到某个节点上时，首先创建的是一个 `emptyDir` 卷，并且只要 Pod 在该节点上运行，卷就一直存在。
+就像它的名称表示的那样，卷最初是空的。
+尽管 Pod 中的容器挂载 `emptyDir` 卷的路径可能相同也可能不同，但是这些容器都可以读写 `emptyDir` 卷中相同的文件。
+当 Pod 因为某些原因被从节点上删除时，`emptyDir` 卷中的数据也会永久删除。
+
+{{< note >}}
+<!--A Container crashing does *NOT* remove a Pod from a node, so the data in an `emptyDir` volume is safe across Container crashes.-->
+容器崩溃并不会导致 Pod 被从节点上移除，因此容器崩溃时 `emptyDir` 卷中的数据是安全的。
+{{< /note >}}
+
+<!--
+Some uses for an `emptyDir` are:
+
+* scratch space, such as for a disk-based merge sort
+* checkpointing a long computation for recovery from crashes
+* holding files that a content-manager Container fetches while a webserver
+  Container serves the data
+-->
+
+`emptyDir` 的一些用途：
+
+* 缓存空间，例如基于磁盘的归并排序。
+* 为耗时较长的计算任务提供检查点，以便任务能方便地从崩溃前状态恢复执行。
+* 在 Web 服务器容器服务数据时，保存内容管理器容器获取的文件。
+
+
+<!--
+By default, `emptyDir` volumes are stored on whatever medium is backing the
+node - that might be disk or SSD or network storage, depending on your
+environment.  However, you can set the `emptyDir.medium` field to `"Memory"`
+to tell Kubernetes to mount a tmpfs (RAM-backed filesystem) for you instead.
+While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on
+node reboot and any files you write will count against your Container's
+memory limit.
+-->
+
+默认情况下， `emptyDir` 卷存储在支持该节点所使用的介质上；这里的介质可以是磁盘或 SSD 或网络存储，这取决于您的环境。
+但是，您可以将 `emptyDir.medium` 字段设置为 `"Memory"`，以告诉 Kubernetes 为您安装 tmpfs（基于 RAM 的文件系统）。
+虽然 tmpfs 速度非常快，但是要注意它与磁盘不同。
+tmpfs 在节点重启时会被清除，并且您所写入的所有文件都会计入容器的内存消耗，受容器内存限制约束。
+
+<!--
+#### Example Pod
+-->
+
+#### Pod 示例
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pd
+spec:
+  containers:
+  - image: k8s.gcr.io/test-webserver
+    name: test-container
+    volumeMounts:
+    - mountPath: /cache
+      name: cache-volume
+  volumes:
+  - name: cache-volume
+    emptyDir: {}
+```
+
+<!--
+### fc (fibre channel) {#fc}
+
+An `fc` volume allows an existing fibre channel volume to be mounted in a Pod.
+You can specify single or multiple target World Wide Names using the parameter
+`targetWWNs` in your volume configuration. If multiple WWNs are specified,
+targetWWNs expect that those WWNs are from multi-path connections.
+-->
+
+### fc (光纤通道) {#fc}
+
+`fc` 卷允许将现有的光纤通道卷挂载到 Pod 中。
+可以使用卷配置中的参数 `targetWWNs` 来指定单个或多个目标 WWN。
+如果指定多个 WWN，targetWWNs 期望这些 WWN 来自多路径连接。
+
+{{< caution >}}
+<!--You must configure FC SAN Zoning to allocate and mask those LUNs (volumes) to the target WWNs beforehand so that Kubernetes hosts can access them.-->
+您必须配置 FC SAN Zoning，以便预先向目标 WWN 分配和屏蔽这些 LUN（卷），这样 Kubernetes 主机才可以访问它们。
+{{< /caution >}}
+
+<!--
+See the [FC example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/fibre_channel) for more details.
+-->
+
+更多详情请参考 [FC 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/fibre_channel)。
+
+<!--
+### flocker {#flocker}
+
+[Flocker](https://github.com/ClusterHQ/flocker) is an open-source clustered Container data volume manager. It provides management
+and orchestration of data volumes backed by a variety of storage backends.
+-->
+
+### flocker {#flocker}
+
+[Flocker](https://github.com/ClusterHQ/flocker) 是一个开源的、集群化的容器数据卷管理器。
+Flocker 提供了由各种存储后备支持的数据卷的管理和编排。
+
+<!--
+A `flocker` volume allows a Flocker dataset to be mounted into a Pod. If the
+dataset does not already exist in Flocker, it needs to be first created with the Flocker
+CLI or by using the Flocker API. If the dataset already exists it will be
+reattached by Flocker to the node that the Pod is scheduled. This means data
+can be "handed off" between Pods as required.
+-->
+
+`flocker` 卷允许将一个 Flocker 数据集挂载到 Pod 中。
+如果数据集在 Flocker 中不存在，则需要首先使用 Flocker CLI 或 Flocker API 创建数据集。
+如果数据集已经存在，那么 Flocker 将把它重新附加到 Pod 被调度的节点。
+这意味着数据可以根据需要在 Pod 之间 "传递"。
+
+
+{{< caution >}}
+<!--You must have your own Flocker installation running before you can use it.-->
+您在使用 Flocker 之前必须先安装运行自己的 Flocker。
+{{< /caution >}}
+
+<!--
+See the [Flocker example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/flocker) for more details.
+-->
+
+更多详情请参考 [Flocker 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/flocker)。
+
+<!--
+### gcePersistentDisk {#gcepersistentdisk}
+
+A `gcePersistentDisk` volume mounts a Google Compute Engine (GCE) [Persistent
+Disk](http://cloud.google.com/compute/docs/disks) into your Pod.  Unlike
+`emptyDir`, which is erased when a Pod is removed, the contents of a PD are
+preserved and the volume is merely unmounted.  This means that a PD can be
+pre-populated with data, and that data can be "handed off" between Pods.
+-->
+
+### gcePersistentDisk {#gcepersistentdisk}
+
+`gcePersistentDisk` 卷能将谷歌计算引擎 (GCE) [持久盘（PD）](http://cloud.google.com/compute/docs/disks) 挂载到您的 Pod 中。
+不像 `emptyDir` 那样会在删除 Pod 的同时也会被删除，持久盘卷的内容在删除 Pod 时会被保留，卷只是被卸载掉了。
+这意味着持久盘卷可以被预先填充数据，并且这些数据可以在 Pod 之间"传递"。
+
+{{< caution >}}
+<!--You must create a PD using `gcloud` or the GCE API or UI before you can use it.-->
+您在使用 PD 前，必须使用 `gcloud` 或者 GCE API 或 UI 创建它。
+{{< /caution >}}
+
+<!--
+There are some restrictions when using a `gcePersistentDisk`:
+
+* the nodes on which Pods are running must be GCE VMs
+* those VMs need to be in the same GCE project and zone as the PD
+-->
+
+使用 `gcePersistentDisk` 时有一些限制：
+
+* 运行 Pod 的节点必须是 GCE VM
+* 那些 VM 必须和持久盘属于相同的 GCE 项目和区域（zone）
+
+<!--
+A feature of PD is that they can be mounted as read-only by multiple consumers
+simultaneously.  This means that you can pre-populate a PD with your dataset
+and then serve it in parallel from as many Pods as you need.  Unfortunately,
+PDs can only be mounted by a single consumer in read-write mode - no
+simultaneous writers allowed.
+-->
+
+PD 的一个特点是它们可以同时被多个消费者以只读方式挂载。
+这意味着您可以用数据集预先填充 PD，然后根据需要并行地在尽可能多的 Pod 中提供该数据集。
+不幸的是，PD 只能由单个使用者以读写模式挂载——即不允许同时写入。
+
+<!--
+Using a PD on a Pod controlled by a ReplicationController will fail unless
+the PD is read-only or the replica count is 0 or 1.
+-->
+
+在由 ReplicationController 所管理的 Pod 上使用 PD 将会失败，除非 PD 是只读模式或者副本的数量是 0 或 1。
+
+<!--
+#### Creating a PD
+
+Before you can use a GCE PD with a Pod, you need to create it.
+-->
+
+#### 创建持久盘（PD）
+
+在 Pod 中使用 GCE 持久盘之前，您首先要创建它。
+
+```shell
+gcloud compute disks create --size=500GB --zone=us-central1-a my-data-disk
+```
+
+<!--
+#### Example Pod
+-->
+
+#### Pod 示例
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pd
+spec:
+  containers:
+  - image: k8s.gcr.io/test-webserver
+    name: test-container
+    volumeMounts:
+    - mountPath: /test-pd
+      name: test-volume
+  volumes:
+  - name: test-volume
+    # This GCE PD must already exist.
+    gcePersistentDisk:
+      pdName: my-data-disk
+      fsType: ext4
+```
+<!--
+#### Regional Persistent Disks
+-->
+
+#### 区域持久盘（Regional Persistent Disks）
+
+{{< feature-state for_k8s_version="v1.10" state="beta" >}}
+
+<!--
+The [Regional Persistent Disks](https://cloud.google.com/compute/docs/disks/#repds) feature allows the creation of Persistent Disks that are available in two zones within the same region. In order to use this feature, the volume must be provisioned as a PersistentVolume; referencing the volume directly from a pod is not supported.
+-->
+
+[区域持久盘](https://cloud.google.com/compute/docs/disks/#repds) 功能允许您创建能在同一区域的两个可用区中使用的持久盘。
+要使用这个功能，必须以持久盘的方式提供卷；Pod 不支持直接引用这种卷。
+
+<!--
+#### Manually provisioning a Regional PD PersistentVolume
+Dynamic provisioning is possible using a [StorageClass for GCE PD](/docs/concepts/storage/storage-classes/#gce).
+Before creating a PersistentVolume, you must create the PD:
+-->
+
+#### 手动供应基于区域 PD 的 PersistentVolume
+
+使用 [为 GCE PD 定义的存储类](/docs/concepts/storage/storage-classes/#gce) 也可以动态供应。
+在创建 PersistentVolume 之前，您首先要创建 PD。
+
+```shell
+gcloud beta compute disks create --size=500GB my-data-disk
+    --region us-central1
+    --replica-zones us-central1-a,us-central1-b
+```
+
+<!--
+Example PersistentVolume spec:
+-->
+
+PersistentVolume 示例：
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: test-volume
+  labels:
+    failure-domain.beta.kubernetes.io/zone: us-central1-a__us-central1-b
+spec:
+  capacity:
+    storage: 400Gi
+  accessModes:
+  - ReadWriteOnce
+  gcePersistentDisk:
+    pdName: my-data-disk
+    fsType: ext4
+```
+
+<!--
+### gitRepo (deprecated) {#gitrepo}
+-->
+
+### gitRepo (已弃用)
+
+{{< warning >}}
+<!--
+gitRepo volume type is deprecated. To provision a container with a git repo, mount an [EmptyDir](#emptydir) into an InitContainer that clones the repo using git, then mount the [EmptyDir](#emptydir) into the Pod's container.
+-->
+gitRepo 卷类型已经被废弃。如果需要在容器中提供 git 仓库，请将一个 [EmptyDir](#emptydir) 卷挂载到 InitContainer 中，使用 git 命令完成仓库的克隆操作，然后将 [EmptyDir](#emptydir) 卷挂载到 Pod 的容器中。
+{{< /warning >}}
+
+<!--
+A `gitRepo` volume is an example of what can be done as a volume plugin.  It
+mounts an empty directory and clones a git repository into it for your Pod to
+use.  In the future, such volumes may be moved to an even more decoupled model,
+rather than extending the Kubernetes API for every such use case.
+
+Here is an example for gitRepo volume:
+-->
+
+`gitRepo` 卷是一个卷插件的例子。
+该卷类型挂载了一个空目录，并将一个 Git 代码仓库克隆到这个目录中供您使用。
+将来，这种卷可能被移动到一个更加解耦的模型中，而不是针对每个应用案例扩展 Kubernetes API。
+
+下面给出一个 gitRepo 卷的示例：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: server
+spec:
+  containers:
+  - image: nginx
+    name: nginx
+    volumeMounts:
+    - mountPath: /mypath
+      name: git-volume
+  volumes:
+  - name: git-volume
+    gitRepo:
+      repository: "git@somewhere:me/my-git-repository.git"
+      revision: "22f1d8406d464b0c0874075539c1f2e96c253775"
+```
+
+### glusterfs {#glusterfs}
+
+<!--
+A `glusterfs` volume allows a [Glusterfs](http://www.gluster.org) (an open
+source networked filesystem) volume to be mounted into your Pod.  Unlike
+`emptyDir`, which is erased when a Pod is removed, the contents of a
+`glusterfs` volume are preserved and the volume is merely unmounted.  This
+means that a glusterfs volume can be pre-populated with data, and that data can
+be "handed off" between Pods.  GlusterFS can be mounted by multiple writers
+simultaneously.
+-->
+
+`glusterfs` 卷能将 [Glusterfs](http://www.gluster.org) (一个开源的网络文件系统) 挂载到您的 Pod 中。
+不像 `emptyDir` 那样会在删除 Pod 的同时也会被删除，`glusterfs` 卷的内容在删除 Pod 时会被保存，卷只是被卸载掉了。
+这意味着 `glusterfs` 卷可以被预先填充数据，并且这些数据可以在 Pod 之间"传递"。GlusterFS 可以被多个写者同时挂载。
+
+{{< caution >}}
+<!--You must have your own GlusterFS installation running before you can use it.-->
+在使用前您必须先安装运行自己的 GlusterFS。
+{{< /caution >}}
+
+<!--
+See the [GlusterFS example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/glusterfs) for more details.
+-->
+
+更多详情请参考 [GlusterFS 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/glusterfs)。
+
+### hostPath {#hostpath}
+
+<!--
+A `hostPath` volume mounts a file or directory from the host node's filesystem
+into your Pod. This is not something that most Pods will need, but it offers a
+powerful escape hatch for some applications.
+-->
+
+`hostPath` 卷能将主机节点文件系统上的文件或目录挂载到您的 Pod 中。
+虽然这不是大多数 Pod 需要的，但是它为一些应用程序提供了强大的逃生舱。
+
+<!--
+For example, some uses for a `hostPath` are:
+
+* running a Container that needs access to Docker internals; use a `hostPath`
+  of `/var/lib/docker`
+* running cAdvisor in a Container; use a `hostPath` of `/sys`
+* allowing a Pod to specify whether a given `hostPath` should exist prior to the
+  Pod running, whether it should be created, and what it should exist as
+-->
+
+例如，`hostPath` 的一些用法有：
+
+* 运行一个需要访问 Docker 引擎内部机制的容器；请使用 `hostPath` 挂载 `/var/lib/docker` 路径。
+* 在容器中运行 cAdvisor 时，以 `hostPath` 方式挂载 `/sys`。
+* 允许 Pod 指定给定的 `hostPath` 在运行 Pod 之前是否应该存在，是否应该创建以及应该以什么方式存在。
+
+<!--
+In addition to the required `path` property, user can optionally specify a `type` for a `hostPath` volume.
+
+The supported values for field `type` are:
+-->
+
+除了必需的 `path` 属性之外，用户可以选择性地为 `hostPath` 卷指定 `type`。
+
+支持的 `type` 值如下：
+
+
+<!--
+| Value | Behavior |
+|:------|:---------|
+| | Empty string (default) is for backward compatibility, which means that no checks will be performed before mounting the hostPath volume. |
+| `DirectoryOrCreate` | If nothing exists at the given path, an empty directory will be created there as needed with permission set to 0755, having the same group and ownership with Kubelet. |
+| `Directory` | A directory must exist at the given path |
+| `FileOrCreate` | If nothing exists at the given path, an empty file will be created there as needed with permission set to 0644, having the same group and ownership with Kubelet. |
+| `File` | A file must exist at the given path |
+| `Socket` | A UNIX socket must exist at the given path |
+| `CharDevice` | A character device must exist at the given path |
+| `BlockDevice` | A block device must exist at the given path |
+-->
+
+| 取值 | 行为 |
+|:------|:---------|
+| | 空字符串（默认）用于向后兼容，这意味着在安装 hostPath 卷之前不会执行任何检查。 |
+| `DirectoryOrCreate` | 如果在给定路径上什么都不存在，那么将根据需要创建空目录，权限设置为 0755，具有与 Kubelet 相同的组和所有权。 |
+| `Directory` | 在给定路径上必须存在的目录。|
+| `FileOrCreate` | 如果在给定路径上什么都不存在，那么将在那里根据需要创建空文件，权限设置为 0644，具有与 Kubelet 相同的组和所有权。|
+| `File` | 在给定路径上必须存在的文件。|
+| `Socket` | 在给定路径上必须存在的 UNIX 套接字。|
+| `CharDevice` | 在给定路径上必须存在的字符设备。|
+| `BlockDevice` | 在给定路径上必须存在的块设备。|
+
+<!--
+Watch out when using this type of volume, because:
+
+* Pods with identical configuration (such as created from a podTemplate) may
+  behave differently on different nodes due to different files on the nodes
+* when Kubernetes adds resource-aware scheduling, as is planned, it will not be
+  able to account for resources used by a `hostPath`
+* the files or directories created on the underlying hosts are only writable by root. You
+  either need to run your process as root in a
+  [privileged Container](/docs/user-guide/security-context) or modify the file
+  permissions on the host to be able to write to a `hostPath` volume
+-->
+
+当使用这种类型的卷时要小心，因为：
+
+* 具有相同配置（例如从 podTemplate 创建）的多个 Pod 会由于节点上文件的不同而在不同节点上有不同的行为。
+* 当 Kubernetes 按照计划添加资源感知的调度时，这类调度机制将无法考虑由 `hostPath` 使用的资源。
+* 基础主机上创建的文件或目录只能由 root 用户写入。您需要在 [特权容器](/docs/user-guide/security-context) 中以 root 身份运行进程，或者修改主机上的文件权限以便容器能够写入 `hostPath` 卷。
+
+<!--
+#### Example Pod
+-->
+
+#### Pod 示例
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pd
+spec:
+  containers:
+  - image: k8s.gcr.io/test-webserver
+    name: test-container
+    volumeMounts:
+    - mountPath: /test-pd
+      name: test-volume
+  volumes:
+  - name: test-volume
+    hostPath:
+      # directory location on host
+      path: /data
+      # this field is optional
+      type: Directory
+```
+
+### iscsi {#iscsi}
+
+<!--
+An `iscsi` volume allows an existing iSCSI (SCSI over IP) volume to be mounted
+into your Pod.  Unlike `emptyDir`, which is erased when a Pod is removed, the
+contents of an `iscsi` volume are preserved and the volume is merely
+unmounted.  This means that an iscsi volume can be pre-populated with data, and
+that data can be "handed off" between Pods.
+-->
+
+`iscsi` 卷能将 iSCSI (基于 IP 的 SCSI) 挂载到您的 Pod 中。
+不像 `emptyDir` 那样会在删除 Pod 的同时也会被删除，持久盘 卷的内容在删除 Pod 时会被保存，卷只是被卸载掉了。
+这意味着 `iscsi` 卷可以被预先填充数据，并且这些数据可以在 Pod 之间"传递"。
+
+{{< caution >}}
+<!--
+You must have your own iSCSI server running with the volume created before you can use it.
+-->
+在您使用 iSCSI 卷之前，您必须拥有自己的 iSCSI 服务器，并在上面创建卷。
+{{< /caution >}}
+
+<!--
+A feature of iSCSI is that it can be mounted as read-only by multiple consumers
+simultaneously.  This means that you can pre-populate a volume with your dataset
+and then serve it in parallel from as many Pods as you need.  Unfortunately,
+iSCSI volumes can only be mounted by a single consumer in read-write mode - no
+simultaneous writers allowed.
+-->
+
+iSCSI 的一个特点是它可以同时被多个用户以只读方式挂载。
+这意味着您可以用数据集预先填充卷，然后根据需要在尽可能多的 Pod 上提供它。不幸的是，iSCSI 卷只能由单个使用者以读写模式挂载——不允许同时写入。
+
+<!--
+See the [iSCSI example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/iscsi) for more details.
+-->
+
+更多详情请参考 [iSCSI 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/iscsi)。
+
+<!--
+### local {#local}
+-->
+
+### local {#local}
+
+{{< feature-state for_k8s_version="v1.10" state="beta" >}}
+
+{{< note >}}
+<!--The alpha PersistentVolume NodeAffinity annotation has been deprecated
+and will be removed in a future release. Existing PersistentVolumes using this
+annotation must be updated by the user to use the new PersistentVolume
+`NodeAffinity` field.-->
+alpha 版本的 PersistentVolume NodeAffinity 注释已被取消，将在将来的版本中废弃。
+用户必须更新现有的使用该注解的 PersistentVolume，以使用新的 PersistentVolume `NodeAffinity` 字段。
+{{< /note >}}
+
+<!--
+A `local` volume represents a mounted local storage device such as a disk,
+partition or directory.
+
+Local volumes can only be used as a statically created PersistentVolume. Dynamic
+provisioning is not supported yet.
+-->
+
+`local` 卷指的是所挂载的某个本地存储设备，例如磁盘、分区或者目录。
+
+`local` 卷只能用作静态创建的持久卷。尚不支持动态配置。
+
+<!--
+Compared to `hostPath` volumes, local volumes can be used in a durable and
+portable manner without manually scheduling Pods to nodes, as the system is aware
+of the volume's node constraints by looking at the node affinity on the PersistentVolume.
+-->
+
+相比 `hostPath` 卷，`local` 卷可以以持久和可移植的方式使用，而无需手动将 Pod 调度到节点，因为系统通过查看 PersistentVolume 所属节点的亲和性配置，就能了解卷的节点约束。
+
+<!--
+However, local volumes are still subject to the availability of the underlying
+node and are not suitable for all applications. If a node becomes unhealthy,
+then the local volume will also become inaccessible, and a Pod using it will not
+be able to run. Applications using local volumes must be able to tolerate this
+reduced availability, as well as potential data loss, depending on the
+durability characteristics of the underlying disk.
+
+The following is an example PersistentVolume spec using a `local` volume and
+`nodeAffinity`:
+-->
+
+然而，`local` 卷仍然取决于底层节点的可用性，并不是适合所有应用程序。
+如果节点变得不健康，那么`local` 卷也将变得不可访问，并且使用它的 Pod 将不能运行。
+使用 `local` 卷的应用程序必须能够容忍这种可用性的降低，以及因底层磁盘的耐用性特征而带来的潜在的数据丢失风险。
+
+下面是一个使用 `local` 卷和 `nodeAffinity` 的持久卷示例：
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: example-pv
+spec:
+  capacity:
+    storage: 100Gi
+  # volumeMode field requires BlockVolume Alpha feature gate to be enabled.
+  volumeMode: Filesystem
+  accessModes:
+  - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Delete
+  storageClassName: local-storage
+  local:
+    path: /mnt/disks/ssd1
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - example-node
+```
+
+<!--
+PersistentVolume `nodeAffinity` is required when using local volumes. It enables
+the Kubernetes scheduler to correctly schedule Pods using local volumes to the
+correct node.
+-->
+
+使用 `local` 卷时，需要使用 PersistentVolume 对象的 `nodeAffinity` 字段。
+它使 Kubernetes 调度器能够将使用 `local` 卷的 Pod 正确地调度到合适的节点。
+
+<!--
+PersistentVolume `volumeMode` can now be set to "Block" (instead of the default
+value "Filesystem") to expose the local volume as a raw block device. The
+`volumeMode` field requires `BlockVolume` Alpha feature gate to be enabled.
+-->
+
+现在，可以将 PersistentVolume 对象的 `volumeMode` 字段设置为 "Block"（而不是默认值 "Filesystem"），以将 `local` 卷作为原始块设备暴露出来。
+`volumeMode` 字段需要启用 Alpha 功能 `BlockVolume`。
+
+<!--
+When using local volumes, it is recommended to create a StorageClass with
+`volumeBindingMode` set to `WaitForFirstConsumer`. See the
+[example](/docs/concepts/storage/storage-classes/#local). Delaying volume binding ensures
+that the PersistentVolumeClaim binding decision will also be evaluated with any
+other node constraints the Pod may have, such as node resource requirements, node
+selectors, Pod affinity, and Pod anti-affinity.
+-->
+
+当使用 `local` 卷时，建议创建一个 StorageClass，将 `volumeBindingMode` 设置为 `WaitForFirstConsumer`。
+请参考 [示例](/docs/concepts/storage/storage-classes/#local)。
+延迟卷绑定操作可以确保 Kubernetes 在为 PersistentVolumeClaim 作出绑定决策时，会评估 Pod 可能具有的其他节点约束，例如：如节点资源需求、节点选择器、Pod 亲和性和 Pod 反亲和性。
+
+<!--
+An external static provisioner can be run separately for improved management of
+the local volume lifecycle. Note that this provisioner does not support dynamic
+provisioning yet. For an example on how to run an external local provisioner,
+see the [local volume provisioner user guide](https://github.com/kubernetes-incubator/external-storage/tree/master/local-volume).
+-->
+
+您可以在 Kubernetes 之外单独运行静态驱动以改进对 local 卷的生命周期管理。
+请注意，此驱动不支持动态配置。
+有关如何运行外部 `local` 卷驱动的示例，请参考 [local 卷驱动用户指南](https://github.com/kubernetes-incubator/external-storage/tree/master/local-volume)。
+
+{{< note >}}
+<!--
+The local PersistentVolume requires manual cleanup and deletion by the
+user if the external static provisioner is not used to manage the volume
+lifecycle.
+-->
+如果不使用外部静态驱动来管理卷的生命周期，则用户需要手动清理和删除 local 类型的持久卷。
+{{< /note >}}
+
+### nfs {#nfs}
+
+<!--
+An `nfs` volume allows an existing NFS (Network File System) share to be
+mounted into your Pod. Unlike `emptyDir`, which is erased when a Pod is
+removed, the contents of an `nfs` volume are preserved and the volume is merely
+unmounted.  This means that an NFS volume can be pre-populated with data, and
+that data can be "handed off" between Pods.  NFS can be mounted by multiple
+writers simultaneously.
+-->
+
+`nfs` 卷能将 NFS (网络文件系统) 挂载到您的 Pod 中。
+不像 `emptyDir` 那样会在删除 Pod 的同时也会被删除，`nfs` 卷的内容在删除 Pod 时会被保存，卷只是被卸载掉了。
+这意味着 `nfs` 卷可以被预先填充数据，并且这些数据可以在 Pod 之间"传递"。
+
+{{< caution >}}
+<!--
+You must have your own NFS server running with the share exported before you can use it.
+-->
+在您使用 NFS 卷之前，必须运行自己的 NFS 服务器并将目标 share 导出备用。
+{{< /caution >}}
+
+<!--
+See the [NFS example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/nfs) for more details.
+-->
+
+要了解更多详情请参考 [NFS 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/nfs)。
+
+### persistentVolumeClaim {#persistentvolumeclaim}
+
+<!--
+A `persistentVolumeClaim` volume is used to mount a
+[PersistentVolume](/docs/concepts/storage/persistent-volumes/) into a Pod.  PersistentVolumes are a
+way for users to "claim" durable storage (such as a GCE PersistentDisk or an
+iSCSI volume) without knowing the details of the particular cloud environment.
+-->
+`persistentVolumeClaim` 卷用来将[持久卷](/docs/concepts/storage/persistent-volumes/)（PersistentVolume）挂载到 Pod 中。
+持久卷是用户在不知道特定云环境细节的情况下"申领"持久存储（例如 GCE PersistentDisk 或者 iSCSI 卷）的一种方法。
+
+<!--
+See the [PersistentVolumes example](/docs/concepts/storage/persistent-volumes/) for more
+details.
+-->
+
+更多详情请参考[持久卷示例](/docs/concepts/storage/persistent-volumes/)
+
+### projected {#projected}
+
+<!--
+A `projected` volume maps several existing volume sources into the same directory.
+
+Currently, the following types of volume sources can be projected:
+-->
+
+`projected` 卷类型能将若干现有的卷来源映射到同一目录上。
+
+目前，可以映射的卷来源类型如下：
+
+- [`secret`](#secret)
+- [`downwardAPI`](#downwardapi)
+- [`configMap`](#configmap)
+- `serviceAccountToken`
+
+<!--
+All sources are required to be in the same namespace as the Pod. For more details,
+see the [all-in-one volume design document](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md).
+-->
+
+所有的卷来源需要和 Pod 处于相同的命名空间。
+更多详情请参考[一体化卷设计文档](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md)。
+
+<!--
+The projection of service account tokens is a feature introduced in Kubernetes
+1.11 and promoted to Beta in 1.12.
+To enable this feature on 1.11, you need to explicitly set the `TokenRequestProjection`
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) to
+True.
+-->
+
+服务帐户令牌的映射是 Kubernetes 1.11 版本中引入的一个功能，并在 1.12 版本中被提升为 Beta 功能。
+若要在 1.11 版本中启用此特性，需要显式设置 `TokenRequestProjection` [功能开关](/docs/reference/command-line-tools-reference/feature-gates/) 为 True。
+
+<!--
+#### Example Pod with a secret, a downward API, and a configmap.
+-->
+
+#### 包含 secret、downwardAPI 和 configmap 的 Pod 示例如下：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: volume-test
+spec:
+  containers:
+  - name: container-test
+    image: busybox
+    volumeMounts:
+    - name: all-in-one
+      mountPath: "/projected-volume"
+      readOnly: true
+  volumes:
+  - name: all-in-one
+    projected:
+      sources:
+      - secret:
+          name: mysecret
+          items:
+            - key: username
+              path: my-group/my-username
+      - downwardAPI:
+          items:
+            - path: "labels"
+              fieldRef:
+                fieldPath: metadata.labels
+            - path: "cpu_limit"
+              resourceFieldRef:
+                containerName: container-test
+                resource: limits.cpu
+      - configMap:
+          name: myconfigmap
+          items:
+            - key: config
+              path: my-group/my-config
+```
+
+<!--
+#### Example Pod with multiple secrets with a non-default permission mode set.
+-->
+
+带有非默认许可模式设置的多个 secret 的 Pod 示例如下：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: volume-test
+spec:
+  containers:
+  - name: container-test
+    image: busybox
+    volumeMounts:
+    - name: all-in-one
+      mountPath: "/projected-volume"
+      readOnly: true
+  volumes:
+  - name: all-in-one
+    projected:
+      sources:
+      - secret:
+          name: mysecret
+          items:
+            - key: username
+              path: my-group/my-username
+      - secret:
+          name: mysecret2
+          items:
+            - key: password
+              path: my-group/my-password
+              mode: 511
+```
+<!--
+Each projected volume source is listed in the spec under `sources`. The
+parameters are nearly the same with two exceptions:
+
+* For secrets, the `secretName` field has been changed to `name` to be consistent
+  with ConfigMap naming.
+* The `defaultMode` can only be specified at the projected level and not for each
+  volume source. However, as illustrated above, you can explicitly set the `mode`
+  for each individual projection.
+-->
+
+每个被投射的卷来源都在 spec 中的 `sources` 内列出。
+参数几乎相同，除了两处例外：
+
+* 对于 secret，`secretName` 字段已被变更为 `name` 以便与 ConfigMap 命名一致。
+* `defaultMode` 只能根据投射级别指定，而不是针对每个卷来源指定。不过，如上所述，您可以显式地为每个投射项设置 `mode` 值。
+
+<!--
+When the `TokenRequestProjection` feature is enabled, you can inject the token
+for the current [service account](/docs/reference/access-authn-authz/authentication/#service-account-tokens)
+into a Pod at a specified path. Below is an example:
+-->
+
+当开启 `TokenRequestProjection` 功能时，可以将当前 [服务帐户](/docs/reference/access-authn-authz/authentication/#service-account-tokens)的令牌注入 Pod 中的指定路径。
+下面是一个例子：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: sa-token-test
+spec:
+  containers:
+  - name: container-test
+    image: busybox
+    volumeMounts:
+    - name: token-vol
+      mountPath: "/service-account"
+      readOnly: true
+  volumes:
+  - name: token-vol
+    projected:
+      sources:
+      - serviceAccountToken:
+          audience: api
+          expirationSeconds: 3600
+          path: token
+```
+
+<!--
+The example Pod has a projected volume containing the injected service account
+token. This token can be used by Pod containers to access the Kubernetes API
+server, for example. The `audience` field contains the intended audience of the
+token. A recipient of the token must identify itself with an identifier specified
+in the audience of the token, and otherwise should reject the token. This field
+is optional and it defaults to the identifier of the API server.
+-->
+
+示例 Pod 具有包含注入服务帐户令牌的映射卷。
+例如，这个令牌可以被 Pod 容器用来访问 Kubernetes API服务器。
+`audience` 字段包含令牌的预期受众。
+令牌的接收者必须使用令牌的受众中指定的标识符来标识自己，否则应拒绝令牌。
+此字段是可选的，默认值是 API 服务器的标识符。
+
+<!--
+The `expirationSeconds` is the expected duration of validity of the service account
+token. It defaults to 1 hour and must be at least 10 minutes (600 seconds). An administrator
+can also limit its maximum value by specifying the `--service-account-max-token-expiration`
+option for the API server. The `path` field specifies a relative path to the mount point
+of the projected volume.
+-->
+
+`expirationSeconds` 是服务帐户令牌的有效期。
+默认值为 1 小时，必须至少 10 分钟（600 秒）。
+管理员还可以通过指定 API 服务器的 `--service-account-max-token-expiration` 选项来限制其最大值。
+`path` 字段指定相对于映射卷的挂载点的相对路径。
+
+{{< note >}}
+<!--
+A Container using a projected volume source as a [subPath](#using-subpath) volume mount will not
+receive updates for those volume sources.
+-->
+使用投射卷源作为 [subPath](#using-subpath) 卷挂载的容器将不会接收这些卷源的更新。
+{{< /note >}}
+
+### portworxVolume {#portworxvolume}
+
+<!--
+A `portworxVolume` is an elastic block storage layer that runs hyperconverged with
+Kubernetes. Portworx fingerprints storage in a server, tiers based on capabilities,
+and aggregates capacity across multiple servers. Portworx runs in-guest in virtual
+machines or on bare metal Linux nodes.
+-->
+
+`portworxVolume` 是一个可伸缩的块存储层，能够以超聚合（hyperconverged）的方式与 Kubernetes 一起运行。
+Portworx 支持对服务器上存储的指纹处理、基于存储能力进行分层以及跨多个服务器整合存储容量。
+Portworx 可以以 in-guest 方式在虚拟机中运行，也可以在裸金属 Linux 节点上运行。
+
+<!--
+A `portworxVolume` can be dynamically created through Kubernetes or it can also
+be pre-provisioned and referenced inside a Kubernetes Pod.
+Here is an example Pod referencing a pre-provisioned PortworxVolume:
+-->
+
+`portworxVolume` 类型的卷可以通过 Kubernetes 动态创建，也可以在 Kubernetes Pod 内预先供应和引用。
+下面是一个引用预先配置的 PortworxVolume 的示例 Pod：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-portworx-volume-pod
+spec:
+  containers:
+  - image: k8s.gcr.io/test-webserver
+    name: test-container
+    volumeMounts:
+    - mountPath: /mnt
+      name: pxvol
+  volumes:
+  - name: pxvol
+    # This Portworx volume must already exist.
+    portworxVolume:
+      volumeID: "pxvol"
+      fsType: "<fs-type>"
+```
+
+{{< caution >}}
+<!--
+Make sure you have an existing PortworxVolume with name `pxvol`
+before using it in the Pod.
+-->
+在 Pod 中使用 portworxVolume 之前，请确保有一个名为 `pxvol` 的 PortworxVolume 存在。
+{{< /caution >}}
+
+<!--
+More details and examples can be found [here](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/portworx/README.md).
+-->
+
+更多详情和示例可以在[这里](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/portworx/README.md)找到。
+
+### quobyte {#quobyte}
+
+<!--
+A `quobyte` volume allows an existing [Quobyte](http://www.quobyte.com) volume to
+be mounted into your Pod.
+-->
+
+`quobyte` 卷允许将现有的 [Quobyte](http://www.quobyte.com) 卷挂载到您的 Pod 中。
+
+{{< caution >}}
+<!--
+You must have your own Quobyte setup running with the volumes
+created before you can use it.
+-->
+在使用 Quobyte 卷之前，您首先要进行安装并创建好卷。
+
+{{< /caution >}}
+
+<!--
+See the [Quobyte example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/quobyte) for more details.
+-->
+
+更多详情请参考 [Quobyte 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/quobyte)。
+
+### rbd {#rbd}
+
+<!--
+An `rbd` volume allows a [Rados Block
+Device](http://ceph.com/docs/master/rbd/rbd/) volume to be mounted into your
+Pod.  Unlike `emptyDir`, which is erased when a Pod is removed, the contents of
+a `rbd` volume are preserved and the volume is merely unmounted.  This
+means that a RBD volume can be pre-populated with data, and that data can
+be "handed off" between Pods.
+-->
+
+`rbd` 卷允许将 [Rados 块设备](http://ceph.com/docs/master/rbd/rbd/) 卷挂载到您的 Pod 中. 
+不像 `emptyDir` 那样会在删除 Pod 的同时也会被删除，`rbd` 卷的内容在删除 Pod 时会被保存，卷只是被卸载掉了。
+这意味着 `rbd` 卷可以被预先填充数据，并且这些数据可以在 Pod 之间"传递"。
+
+
+{{< caution >}}
+<!--You must have your own Ceph installation running before you can use RBD.-->
+在使用 RBD 之前，您必须安装运行 Ceph。
+{{< /caution >}}
+
+<!--
+A feature of RBD is that it can be mounted as read-only by multiple consumers
+simultaneously.  This means that you can pre-populate a volume with your dataset
+and then serve it in parallel from as many Pods as you need.  Unfortunately,
+RBD volumes can only be mounted by a single consumer in read-write mode - no
+simultaneous writers allowed.
+
+See the [RBD example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/rbd) for more details.
+-->
+
+RBD 的一个特点是它可以同时被多个用户以只读方式挂载。
+这意味着您可以用数据集预先填充卷，然后根据需要从尽可能多的 Pod 中并行地提供卷。
+不幸的是，RBD 卷只能由单个使用者以读写模式安装——不允许同时写入。
+
+更多详情请参考 [RBD 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/rbd)。
+
+### scaleIO {#scaleio}
+
+<!--
+ScaleIO is a software-based storage platform that can use existing hardware to
+create clusters of scalable shared block networked storage. The `scaleIO` volume
+plugin allows deployed Pods to access existing ScaleIO
+volumes (or it can dynamically provision new volumes for persistent volume claims, see
+[ScaleIO Persistent Volumes](/docs/concepts/storage/persistent-volumes/#scaleio)).
+-->
+
+ScaleIO 是基于软件的存储平台，可以使用现有硬件来创建可伸缩的、共享的而且是网络化的块存储集群。
+`scaleIO` 卷插件允许部署的 Pod 访问现有的 ScaleIO 卷（或者它可以动态地为持久卷申领提供新的卷，参见[ScaleIO 持久卷](/docs/concepts/storage/persistent-volumes/#scaleio))。
+
+{{< caution >}}
+<!--
+You must have an existing ScaleIO cluster already setup and
+running with the volumes created before you can use them.
+-->
+在使用前，您必须有个安装完毕且运行正常的 ScaleIO 集群，并且创建好了存储卷。
+{{< /caution >}}
+
+<!--
+The following is an example Pod configuration with ScaleIO:
+-->
+
+下面是配置了 ScaleIO 的 Pod 示例：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-0
+spec:
+  containers:
+  - image: k8s.gcr.io/test-webserver
+    name: pod-0
+    volumeMounts:
+    - mountPath: /test-pd
+      name: vol-0
+  volumes:
+  - name: vol-0
+    scaleIO:
+      gateway: https://localhost:443/api
+      system: scaleio
+      protectionDomain: sd0
+      storagePool: sp1
+      volumeName: vol-0
+      secretRef:
+        name: sio-secret
+      fsType: xfs
+```
+
+<!--
+For further detail, please the see the [ScaleIO examples](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/scaleio).
+-->
+
+更多详情，请参考 [ScaleIO 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/scaleio)。
+
+### secret {#secret}
+
+<!--
+A `secret` volume is used to pass sensitive information, such as passwords, to
+Pods.  You can store secrets in the Kubernetes API and mount them as files for
+use by Pods without coupling to Kubernetes directly.  `secret` volumes are
+backed by tmpfs (a RAM-backed filesystem) so they are never written to
+non-volatile storage.
+-->
+
+`secret` 卷用来给 Pod 传递敏感信息，例如密码。您可以将 secret 存储在 Kubernetes API 服务器上，然后以文件的形式挂在到 Pod 中，无需直接与 Kubernetes 耦合。
+`secret` 卷由 tmpfs（基于 RAM 的文件系统）提供存储，因此它们永远不会被写入非易失性（持久化的）存储器。
+
+{{< caution >}}
+<!--
+You must create a secret in the Kubernetes API before you can use it.
+-->
+使用前您必须在 Kubernetes API 中创建 secret。
+{{< /caution >}}
+
+{{< note >}}
+<!--A Container using a Secret as a [subPath](#using-subpath) volume mount will not
+receive Secret updates.-->
+容器以 [subPath](#using-subpath) 卷的方式挂载 Secret 时，它将感知不到 Secret 的更新。
+{{< /note >}}
+
+<!--
+Secrets are described in more detail [here](/docs/user-guide/secrets).
+-->
+
+Secret 的更多详情请参考[这里](/docs/user-guide/secrets)。
+
+### storageOS {#storageos}
+
+<!--
+A `storageos` volume allows an existing [StorageOS](https://www.storageos.com)
+volume to be mounted into your Pod.
+-->
+
+`storageos` 卷允许将现有的 [StorageOS](https://www.storageos.com) 卷挂载到您的 Pod 中。
+
+<!--
+StorageOS runs as a Container within your Kubernetes environment, making local
+or attached storage accessible from any node within the Kubernetes cluster.
+Data can be replicated to protect against node failure. Thin provisioning and
+compression can improve utilization and reduce cost.
+-->
+
+StorageOS 在 Kubernetes 环境中以容器的形式运行，这使得应用能够从 Kubernetes 集群中的任何节点访问本地或关联的存储。
+为应对节点失效状况，可以复制数据。
+若需提高利用率和降低成本，可以考虑瘦配置（Thin Provisioning）和数据压缩。
+
+<!--
+At its core, StorageOS provides block storage to Containers, accessible via a file system.
+
+The StorageOS Container requires 64-bit Linux and has no additional dependencies.
+A free developer license is available.
+-->
+
+作为其核心能力之一，StorageOS 为容器提供了可以通过文件系统访问的块存储。
+
+StorageOS 容器需要 64 位的 Linux，并且没有其他的依赖关系。
+StorageOS 提供免费的开发者授权许可。
+
+{{< caution >}}
+<!--
+You must run the StorageOS Container on each node that wants to
+access StorageOS volumes or that will contribute storage capacity to the pool.
+For installation instructions, consult the
+[StorageOS documentation](https://docs.storageos.com).
+-->
+
+您必须在每个希望访问 StorageOS 卷的或者将向存储资源池贡献存储容量的节点上运行 StorageOS 容器。
+有关安装说明，请参阅 [StorageOS 文档](https://docs.storageos.com)。
+
+{{< /caution >}}
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    name: redis
+    role: master
+  name: test-storageos-redis
+spec:
+  containers:
+    - name: master
+      image: kubernetes/redis:v1
+      env:
+        - name: MASTER
+          value: "true"
+      ports:
+        - containerPort: 6379
+      volumeMounts:
+        - mountPath: /redis-master-data
+          name: redis-data
+  volumes:
+    - name: redis-data
+      storageos:
+        # The `redis-vol01` volume must already exist within StorageOS in the `default` namespace.
+        volumeName: redis-vol01
+        fsType: ext4
+```
+
+<!--
+For more information including Dynamic Provisioning and Persistent Volume Claims, please see the
+[StorageOS examples](https://github.com/kubernetes/examples/blob/master/staging/volumes/storageos).
+-->
+
+更多关于动态供应和持久卷申领的信息请参考 [StorageOS 示例](https://github.com/kubernetes/examples/blob/master/staging/volumes/storageos)。
+
+### vsphereVolume {#vspherevolume}
+
+{{< note >}}
+<!--
+Prerequisite: Kubernetes with vSphere Cloud Provider configured. For cloudprovider
+configuration please refer [vSphere getting started guide](https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/).
+-->
+前提条件：配备了 vSphere 云驱动的 Kubernetes。云驱动的配置方法请参考 [vSphere 使用指南](https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/)。
+{{< /note >}}
+
+<!--
+A `vsphereVolume` is used to mount a vSphere VMDK Volume into your Pod.  The contents
+of a volume are preserved when it is unmounted. It supports both VMFS and VSAN datastore.
+-->
+
+`vsphereVolume` 用来将 vSphere VMDK 卷挂载到您的 Pod 中。
+在卸载卷时，卷的内容会被保留。
+vSphereVolume 卷类型支持 VMFS 和 VSAN 数据仓库。
+
+{{< caution >}}
+<!--You must create VMDK using one of the following method before using with Pod.-->
+在挂载到 Pod 之前，您必须用下列方式之一创建 VMDK。
+{{< /caution >}}
+
+<!--
+#### Creating a VMDK volume
+
+Choose one of the following methods to create a VMDK.
+-->
+
+#### 创建 VMDK 卷 
+
+选择下列方式之一创建 VMDK。
+
+{{< tabs name="tabs_volumes" >}}
+{{% tab name="使用 vmkfstools 创建" %}}
+<!--{{% tab name="Create using vmkfstools" %}}-->
+
+<!--
+First ssh into ESX, then use the following command to create a VMDK:
+-->
+
+首先 ssh 到 ESX，然后使用下面的命令来创建 VMDK：
+
+```shell
+vmkfstools -c 2G /vmfs/volumes/DatastoreName/volumes/myDisk.vmdk
+```
+{{% /tab %}}
+{{% tab name="使用 vmware-vdiskmanager 创建" %}}
+<!--{{% tab name="Create using vmware-vdiskmanager" %}}-->
+
+<!--
+Use the following command to create a VMDK:
+-->
+
+使用下面的命令创建 VMDK：
+
+```shell
+vmware-vdiskmanager -c -t 0 -s 40GB -a lsilogic myDisk.vmdk
+```
+{{% /tab %}}
+
+{{< /tabs >}}
+
+
+<!--
+#### vSphere VMDK Example configuration
+-->
+
+#### vSphere VMDK 配置示例
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-vmdk
+spec:
+  containers:
+  - image: k8s.gcr.io/test-webserver
+    name: test-container
+    volumeMounts:
+    - mountPath: /test-vmdk
+      name: test-volume
+  volumes:
+  - name: test-volume
+    # This VMDK volume must already exist.
+    vsphereVolume:
+      volumePath: "[DatastoreName] volumes/myDisk"
+      fsType: ext4
+```
+
+<!--
+More examples can be found [here](https://github.com/kubernetes/examples/tree/master/staging/volumes/vsphere).
+-->
+
+更多示例可以在[这里](https://github.com/kubernetes/examples/tree/master/staging/volumes/vsphere)找到。
+
+<!--
+## Using subPath
+
+Sometimes, it is useful to share one volume for multiple uses in a single Pod. The `volumeMounts.subPath`
+property can be used to specify a sub-path inside the referenced volume instead of its root.
+-->
+
+## 使用 subPath
+
+有时，在单个 Pod 中共享卷以供多方使用是很有用的。
+`volumeMounts.subPath` 属性可用于指定所引用的卷内的子路径，而不是其根路径。
+
+<!--
+Here is an example of a Pod with a LAMP stack (Linux Apache Mysql PHP) using a single, shared volume.
+The HTML contents are mapped to its `html` folder, and the databases will be stored in its `mysql` folder:
+-->
+
+下面是一个使用同一共享卷的、内含 LAMP 栈（Linux Apache Mysql PHP）的 Pod 的示例。
+HTML 内容被映射到卷的 `html` 文件夹，数据库将被存储在卷的 `mysql` 文件夹中：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-lamp-site
+spec:
+    containers:
+    - name: mysql
+      image: mysql
+      env:
+      - name: MYSQL_ROOT_PASSWORD
+        value: "rootpasswd"
+      volumeMounts:
+      - mountPath: /var/lib/mysql
+        name: site-data
+        subPath: mysql
+    - name: php
+      image: php:7.0-apache
+      volumeMounts:
+      - mountPath: /var/www/html
+        name: site-data
+        subPath: html
+    volumes:
+    - name: site-data
+      persistentVolumeClaim:
+        claimName: my-lamp-site-data
+```
+
+<!--
+### Using subPath with expanded environment variables
+-->
+
+### 使用带有扩展环境变量的 subPath
+
+{{< feature-state for_k8s_version="v1.11" state="alpha" >}}
+
+<!--
+`subPath` directory names can also be constructed from Downward API environment variables.
+Before you use this feature, you must enable the `VolumeSubpathEnvExpansion` feature gate.
+-->
+
+`subPath` 的目录名也可以由 Downward API 环境变量构造。
+在使用此特性之前，必须启用 `VolumeSubpathEnvExpansion` 功能开关。
+
+<!--
+In this example, a Pod uses `subPath` to create a directory `pod1` within the hostPath volume `/var/log/pods`, using the pod name from the Downward API.  The host directory `/var/log/pods/pod1` is mounted at `/logs` in the container.
+-->
+
+在这个示例中，Pod 基于 Downward API 中的 Pod 名称，使用 `subPath` 在 hostPath 卷 `/var/log/pods` 中创建目录 `pod1`。
+主机目录 `/var/log/pods/pod1` 挂载到了容器的 `/logs` 中。
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod1
+spec:
+  containers:
+  - name: container1
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          apiVersion: v1
+          fieldPath: metadata.name
+    image: busybox
+    command: [ "sh", "-c", "while [ true ]; do echo 'Hello'; sleep 10; done | tee -a /logs/hello.txt" ]
+    volumeMounts:
+    - name: workdir1
+      mountPath: /logs
+      subPath: $(POD_NAME)
+  restartPolicy: Never
+  volumes:
+  - name: workdir1
+    hostPath:
+      path: /var/log/pods
+```
+
+<!--
+## Resources
+
+The storage media (Disk, SSD, etc.) of an `emptyDir` volume is determined by the
+medium of the filesystem holding the kubelet root dir (typically
+`/var/lib/kubelet`).  There is no limit on how much space an `emptyDir` or
+`hostPath` volume can consume, and no isolation between Containers or between
+Pods.
+-->
+
+## 资源
+
+`emptyDir` 卷的存储介质（磁盘、SSD 等）是由保存 kubelet 根目录（通常是 `/var/lib/kubelet`）的文件系统的介质确定。
+`emptyDir` 卷或者 `hostPath` 卷可以消耗的空间没有限制，容器之间或 Pod 之间也没有隔离。
+
+<!--
+In the future, we expect that `emptyDir` and `hostPath` volumes will be able to
+request a certain amount of space using a [resource](/docs/user-guide/compute-resources)
+specification, and to select the type of media to use, for clusters that have
+several media types.
+-->
+
+将来，我们希望 `emptyDir` 卷和 `hostPath` 卷能够使用 [resource](/docs/user-guide/computeresources) 规范来请求一定量的空间，并且能够为具有多种介质类型的集群选择要使用的介质类型。
+
+<!--
+## Out-of-Tree Volume Plugins
+The Out-of-tree volume plugins include the Container Storage Interface (CSI)
+and Flexvolume. They enable storage vendors to create custom storage plugins
+without adding them to the Kubernetes repository.
+-->
+
+## Out-of-Tree 卷插件
+
+Out-of-Tree 卷插件包括容器存储接口（CSI）和 Flexvolume。
+它们使存储供应商能够创建自定义存储插件，而无需将它们添加到 Kubernetes 代码仓库。
+
+<!--
+Before the introduction of CSI and Flexvolume, all volume plugins (like
+volume types listed above) were "in-tree" meaning they were built, linked,
+compiled, and shipped with the core Kubernetes binaries and extend the core
+Kubernetes API. This meant that adding a new storage system to Kubernetes (a
+volume plugin) required checking code into the core Kubernetes code repository.
+-->
+
+在引入 CSI 和 Flexvolume 之前，所有卷插件（如上面列出的卷类型）都是 "in-tree" 的，这意味着它们是与 Kubernetes 的核心组件一同构建、链接、编译和交付的，并且这些插件都扩展了 Kubernetes 的核心 API。
+这意味着向 Kubernetes 添加新的存储系统（卷插件）需要将代码合并到 Kubernetes 核心代码库中。
+
+<!--
+Both CSI and Flexvolume allow volume plugins to be developed independent of
+the Kubernetes code base, and deployed (installed) on Kubernetes clusters as
+extensions.
+
+For storage vendors looking to create an out-of-tree volume plugin, please refer
+to [this FAQ](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md).
+-->
+
+CSI 和 Flexvolume 都允许独立于 Kubernetes 代码库开发卷插件，并作为扩展部署（安装）在 Kubernetes 集群上。
+
+对于希望创建 out-of-tree 卷插件的存储供应商，请参考[这个 FAQ](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md)。
+
+### CSI
+
+{{< feature-state for_k8s_version="v1.10" state="beta" >}}
+
+<!--
+[Container Storage Interface](https://github.com/container-storage-interface/spec/blob/master/spec.md) (CSI)
+defines a standard interface for container orchestration systems (like
+Kubernetes) to expose arbitrary storage systems to their container workloads.
+-->
+
+[容器存储接口](https://github.com/container-storage-interface/spec/blob/master/spec.md) (CSI)
+为容器编排系统（如 Kubernetes）定义标准接口，以将任意存储系统暴露给它们的容器工作负载。
+
+<!--
+Please read the [CSI design proposal](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/container-storage-interface.md) for more information.
+
+CSI support was introduced as alpha in Kubernetes v1.9 and moved to beta in
+Kubernetes v1.10.
+-->
+
+更多详情请阅读 [CSI 设计方案](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/container-storage-interface.md)。
+
+CSI 的支持在 Kubernetes v1.9 中作为 alpha 特性引入，并在 Kubernetes v1.10 中转为 beta 特性。
+
+<!--
+Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users
+may use the `csi` volume type to attach, mount, etc. the volumes exposed by the
+CSI driver.
+
+The `csi` volume type does not support direct reference from Pod and may only be
+referenced in a Pod via a `PersistentVolumeClaim` object.
+
+The following fields are available to storage administrators to configure a CSI
+persistent volume:
+-->
+
+一旦在 Kubernetes 集群上部署了 CSI 兼容卷驱动程序，用户就可以使用 `csi` 卷类型来关联、挂载 CSI 驱动程序暴露出来的卷。
+
+`csi` 卷类型不支持来自 Pod 的直接引用，只能通过 `PersistentVolumeClaim` 对象在 Pod 中引用。
+
+存储管理员可以使用以下字段来配置 CSI 持久卷：
+
+
+- <!--`driver`: A string value that specifies the name of the volume driver to use.
+  This value must correspond to the value returned in the `GetPluginInfoResponse`
+  by the CSI driver as defined in the [CSI spec](https://github.com/container-storage-interface/spec/blob/master/spec.md#getplugininfo).
+  It is used by Kubernetes to identify which CSI driver to call out to, and by
+  CSI driver components to identify which PV objects belong to the CSI driver.-->
+
+  `driver`：指定要使用的卷驱动程序名称的字符串值。
+  这个值必须与 CSI 驱动程序在 `GetPluginInfoResponse` 中返回的值相对应；该接口定义在 [CSI 规范](https://github.com/container-storage-interface/spec/blob/master/spec.md#getplugininfo)中。
+  Kubernetes 使用所给的值来标识要调用的 CSI 驱动程序；CSI 驱动程序也使用该值来辨识哪些 PV 对象属于该 CSI 驱动程序。
+
+- <!--`volumeHandle`: A string value that uniquely identifies the volume. This value
+  must correspond to the value returned in the `volume.id` field of the
+  `CreateVolumeResponse` by the CSI driver as defined in the [CSI spec](https://github.com/container-storage-interface/spec/blob/master/spec.md#createvolume).
+  The value is passed as `volume_id` on all calls to the CSI volume driver when
+  referencing the volume.-->
+
+  `volumeHandle`：唯一标识卷的字符串值。
+  该值必须与CSI 驱动程序在 `CreateVolumeResponse` 的 `volume_id` 字段中返回的值相对应；接口定义在 [CSI spec](https://github.com/container-storageinterface/spec/blob/master/spec.md#createvolume) 中。
+  在所有对 CSI 卷驱动程序的调用中，引用该 CSI 卷时都使用此值作为 `volume_id` 参数。
+
+- <!--`readOnly`: An optional boolean value indicating whether the volume is to be
+  "ControllerPublished" (attached) as read only. Default is false. This value is
+  passed to the CSI driver via the `readonly` field in the
+  `ControllerPublishVolumeRequest`.-->
+
+  `readOnly`：一个可选的布尔值，指示通过 `ControllerPublished` 关联该卷时是否设置该卷为只读。
+  默认值是 false。
+  该值通过 `ControllerPublishVolumeRequest` 中的 `readonly` 字段传递给 CSI 驱动程序。
+
+
+- <!--`fsType`: If the PV's `VolumeMode` is `Filesystem` then this field may be used
+  to specify the filesystem that should be used to mount the volume. If the
+  volume has not been formatted and formatting is supported, this value will be
+  used to format the volume.
+  This value is passed to the CSI driver via the `VolumeCapability` field of
+  `ControllerPublishVolumeRequest`, `NodeStageVolumeRequest`, and
+  `NodePublishVolumeRequest`.-->
+
+  `fsType`：如果 PV 的 `VolumeMode` 为 `Filesystem`，那么此字段指定挂载卷时应该使用的文件系统。
+  如果卷尚未格式化，并且支持格式化，此值将用于格式化卷。
+  此值可以通过 `ControllerPublishVolumeRequest`、`NodeStageVolumeRequest` 和
+  `NodePublishVolumeRequest` 的 `VolumeCapability` 字段传递给 CSI 驱动。
+
+
+- <!--`volumeAttributes`: A map of string to string that specifies static properties
+  of a volume. This map must correspond to the map returned in the
+  `volume.attributes` field of the `CreateVolumeResponse` by the CSI driver as
+  defined in the [CSI spec](https://github.com/container-storage-interface/spec/blob/master/spec.md#createvolume).
+  The map is passed to the CSI driver via the `volume_attributes` field in the
+  `ControllerPublishVolumeRequest`, `NodeStageVolumeRequest`, and
+  `NodePublishVolumeRequest`.-->
+
+  `volumeAttributes`：一个字符串到字符串的映射表，用来设置卷的静态属性。
+  该映射必须与 CSI 驱动程序返回的 `CreateVolumeResponse` 中的 `volume.attributes` 字段的映射相对应；[CSI 规范](https://github.com/container-storage-interface/spec/blob/master/spec.md#createvolume) 中有相应的定义。
+  该映射通过`ControllerPublishVolumeRequest`、`NodeStageVolumeRequest`、和 `NodePublishVolumeRequest` 中的 `volume_attributes` 字段传递给 CSI 驱动。
+  
+- <!--`controllerPublishSecretRef`: A reference to the secret object containing
+  sensitive information to pass to the CSI driver to complete the CSI
+  `ControllerPublishVolume` and `ControllerUnpublishVolume` calls. This field is
+  optional, and may be empty if no secret is required. If the secret object
+  contains more than one secret, all secrets are passed.-->
+
+  `controllerPublishSecretRef`：对包含敏感信息的 secret 对象的引用；该敏感信息会被传递给 CSI 驱动来完成 CSI `ControllerPublishVolume` 和 `ControllerUnpublishVolume` 调用。
+  此字段是可选的；在不需要 secret 时可以是空的。
+  如果 secret 对象包含多个 secret，则所有的 secret 都会被传递。
+   
+- <!--`nodeStageSecretRef`: A reference to the secret object containing
+  sensitive information to pass to the CSI driver to complete the CSI
+  `NodeStageVolume` call. This field is optional, and may be empty if no secret
+  is required. If the secret object contains more than one secret, all secrets
+  are passed.-->
+
+  `nodeStageSecretRef`：对包含敏感信息的 secret 对象的引用，以传递给 CSI 驱动来完成 CSI `NodeStageVolume` 调用。
+  此字段是可选的，如果不需要 secret，则可能是空的。
+  如果 secret 对象包含多个 secret，则传递所有 secret。
+
+- <!--`nodePublishSecretRef`: A reference to the secret object containing
+  sensitive information to pass to the CSI driver to complete the CSI
+  `NodePublishVolume` call. This field is optional, and may be empty if no
+  secret is required. If the secret object contains more than one secret, all
+  secrets are passed.-->
+  
+  `nodePublishSecretRef`：对包含敏感信息的 secret 对象的引用，以传递给 CSI 驱动来完成 CSI ``NodePublishVolume` 调用。
+  此字段是可选的，如果不需要 secret，则可能是空的。
+  如果 secret 对象包含多个 secret，则传递所有 secret。
+
+<!--
+#### CSI raw block volume support
+-->
+#### CSI 原始块卷支持
+
+{{< feature-state for_k8s_version="v1.11" state="alpha" >}}
+
+<!--
+Starting with version 1.11, CSI introduced support for raw block volumes, which
+relies on the raw block volume feature that was introduced in a previous version of
+Kubernetes.  This feature will make it possible for vendors with external CSI drivers to
+implement raw block volumes support in Kubernetes workloads.
+-->
+
+从 1.11 版本开始，CSI 引入了对原始块卷的支持。该特性依赖于在 Kubernetes 的之前版本中引入的原始块卷（Raw Block Volume）功能。
+该特性将使具有外部 CSI 驱动程序的供应商能够在 Kubernetes 工作负载中实现原始块卷支持。
+
+<!--
+CSI block volume support is feature-gated and turned off by default.  To run CSI with
+block volume support enabled, a cluster administrator must enable the feature for each
+Kubernetes component using the following feature gate flags:
+-->
+
+CSI 块卷支持是可选功能，并且默认关闭。
+为了在启用块卷支持的情况下运行 CSI，集群管理员必须使用以下特性开关参数为每个 Kubernetes 组件启用该特性：
+
+```
+--feature-gates=BlockVolume=true,CSIBlockVolume=true
+```
+<!--
+Learn how to
+[setup your PV/PVC with raw block volume support](/docs/concepts/storage/persistent-volumes/#raw-block-volume-support).
+-->
+学习怎样[安装您的带有块卷支持的 PV/PVC](/docs/concepts/storage/persistent-volumes/#raw-block-volume-support)。
+
+
+### Flexvolume
+<!--
+Flexvolume is an out-of-tree plugin interface that has existed in Kubernetes
+since version 1.2 (before CSI). It uses an exec-based model to interface with
+drivers. Flexvolume driver binaries must be installed in a pre-defined volume
+plugin path on each node (and in some cases master).
+
+Pods interact with Flexvolume drivers through the `flexvolume` in-tree plugin.
+More details can be found [here](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md).
+-->
+
+Flexvolume 是一个自 1.2 版本（在 CSI 之前）以来在 Kubernetes 中一直存在的 out-of-tree 插件接口。
+它使用基于 exec 的模型来与驱动程序对接。
+用户必须在每个节点（在某些情况下是主节点）上的预定义卷插件路径中安装 Flexvolume 驱动程序可执行文件。
+
+Pod 通过 `flexvolume` in-tree 插件与 Flexvolume 驱动程序交互。
+更多详情请参考[这里](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md)。
+
+<!--
+## Mount propagation
+
+Mount propagation allows for sharing volumes mounted by a Container to
+other Containers in the same Pod, or even to other Pods on the same node.
+
+Mount propagation of a volume is controlled by `mountPropagation` field in Container.volumeMounts.
+Its values are:
+-->
+
+## 挂载卷的传播
+
+挂载卷的传播能力允许将容器安装的卷共享到同一 Pod 中的其他容器，甚至共享到同一节点上的其他 Pod。
+
+卷的挂载传播特性由 Container.volumeMounts 中的 `mountPropagation` 字段控制。
+它的值包括：
+
+ * <!--`None` - This volume mount will not receive any subsequent mounts
+   that are mounted to this volume or any of its subdirectories by the host.
+   In similar fashion, no mounts created by the Container will be visible on
+   the host. This is the default mode.
+
+   This mode is equal to `private` mount propagation as described in the
+   [Linux kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
+   -->
+   `None` - 此卷挂载将不会感知到主机后续在此卷或其任何子目录上执行的挂载变化。
+   类似的，容器所创建的卷挂载在主机上是不可见的。这是默认模式。
+   该模式等同于 [Linux 内核文档](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)中描述的 `private` 挂载传播选项。
+
+ * <!--`HostToContainer` - This volume mount will receive all subsequent mounts
+   that are mounted to this volume or any of its subdirectories.
+
+   In other words, if the host mounts anything inside the volume mount, the
+   Container will see it mounted there.
+
+   Similarly, if any Pod with `Bidirectional` mount propagation to the same
+   volume mounts anything there, the Container with `HostToContainer` mount
+   propagation will see it.
+
+   This mode is equal to `rslave` mount propagation as described in the
+   [Linux kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
+   -->
+   `HostToContainer` - 此卷挂载将会感知到主机后续针对此卷或其任何子目录的挂载操作。
+   
+   换句话说，如果主机在此挂载卷中挂载任何内容，容器将能看到它被挂载在那里。
+   
+   类似的，配置了 `Bidirectional` 挂载传播选项的 Pod 如果在同一卷上挂载了内容，挂载传播设置为 `HostToContainer` 的容器都将能看到这一变化。
+
+   该模式等同于 [Linux 内核文档](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) 中描述的 `rslave` 挂载传播选项。
+
+ * <!--`Bidirectional` - This volume mount behaves the same the `HostToContainer` mount.
+   In addition, all volume mounts created by the Container will be propagated
+   back to the host and to all Containers of all Pods that use the same volume.
+
+   A typical use case for this mode is a Pod with a Flexvolume or CSI driver or
+   a Pod that needs to mount something on the host using a `hostPath` volume.
+
+   This mode is equal to `rshared` mount propagation as described in the
+   [Linux kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
+   -->
+   --`Bidirectional` - 这种卷挂载和 `HostToContainer` 挂载表现相同。
+
+   另外，容器创建的卷挂载将被传播回至主机和使用同一卷的所有 Pod 的所有容器。
+
+   该模式等同于 [Linux 内核文档](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) 中描述的 `rshared` 挂载传播选项。
+
+
+{{< caution >}}
+<!--
+`Bidirectional` mount propagation can be dangerous. It can damage
+the host operating system and therefore it is allowed only in privileged
+Containers. Familiarity with Linux kernel behavior is strongly recommended.
+In addition, any volume mounts created by Containers in Pods must be destroyed
+(unmounted) by the Containers on termination.
+-->
+
+`Bidirectional` 形式的挂载传播可能比较危险。
+它可以破坏主机操作系统，因此它只被允许在特权容器中使用。
+强烈建议您熟悉 Linux 内核行为。
+此外，由 Pod 中的容器创建的任何卷挂载必须在终止时由容器销毁（卸载）。
+
+{{< /caution >}}
+
+<!--
+### Configuration
+Before mount propagation can work properly on some deployments (CoreOS,
+RedHat/Centos, Ubuntu) mount share must be configured correctly in
+Docker as shown below.
+-->
+### 配置
+
+在某些部署环境中，挂载传播正常工作前，必须在 Docker 中正确配置挂载共享（mount share），如下所示。
+
+<!--
+Edit your Docker's `systemd` service file.  Set `MountFlags` as follows:
+-->
+编辑您的 Docker `systemd` 服务文件，按下面的方法设置 `MountFlags`：
+
+```shell
+MountFlags=shared
+```
+<!--
+Or, remove `MountFlags=slave` if present. Then restart the Docker daemon:
+-->
+或者，如果存在 `MountFlags=slave` 就删除掉。然后重启 Docker 守护进程：
+
+```shell
+$ sudo systemctl daemon-reload
+$ sudo systemctl restart docker
+```
+
+{{% capture whatsnext %}}
+<!--* Follow an example of [deploying WordPress and MySQL with Persistent Volumes](/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/).-->
+参考[使用持久卷部署 WordPress 和 MySQL](/docs/tutorials/stateful-application/mysqlwordpress-persistent-volume/) 示例。
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/workloads/_index.md b/content/zh/docs/concepts/workloads/_index.md
index 4e1e7855851c3..850d6b64bd22d 100644
--- a/content/zh/docs/concepts/workloads/_index.md
+++ b/content/zh/docs/concepts/workloads/_index.md
@@ -8,4 +8,4 @@ weight: 50
 title: "Workloads"
 weight: 50
 ---
--->
\ No newline at end of file
+-->
diff --git a/content/zh/docs/concepts/workloads/controllers/_index.md b/content/zh/docs/concepts/workloads/controllers/_index.md
index 87407c033647e..21c6b5b903529 100644
--- a/content/zh/docs/concepts/workloads/controllers/_index.md
+++ b/content/zh/docs/concepts/workloads/controllers/_index.md
@@ -1,11 +1,11 @@
-<!--
 ---
-title: "Controllers"
+title: "控制器"
 weight: 20
 ---
--->
 
+<!--
 ---
-title: "控制器"
+title: "Controllers"
 weight: 20
 ---
+-->
diff --git a/content/zh/docs/concepts/workloads/controllers/cron-jobs.md b/content/zh/docs/concepts/workloads/controllers/cron-jobs.md
index 43f67cb87b7f6..cb6b9bbb45da6 100644
--- a/content/zh/docs/concepts/workloads/controllers/cron-jobs.md
+++ b/content/zh/docs/concepts/workloads/controllers/cron-jobs.md
@@ -1,71 +1,105 @@
 ---
-approvers:
+reviewers:
 - erictune
 - soltysh
 - janetkuo
-title: Cron Job
-redirect_from:
-- "/docs/concepts/jobs/cron-jobs/"
-- "/docs/concepts/jobs/cron-jobs.html"
-- "/docs/user-guide/cron-jobs/"
-- "/docs/user-guide/cron-jobs.html"
+title: CronJob
+content_template: templates/concept
+weight: 80
 ---
 
-{{< toc >}}
+{{% capture overview %}}
 
+<!--
+A _Cron Job_ creates [Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/) on a time-based schedule.
 
+One CronJob object is like one line of a _crontab_ (cron table) file. It runs a job periodically
+on a given schedule, written in [Cron](https://en.wikipedia.org/wiki/Cron) format.
+-->
 
-## Cron Job 是什么？
+_Cron Job_ 创建基于时间调度的 [Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/)。
 
-_Cron Job_ 管理基于时间的 [Job](/docs/concepts/jobs/run-to-completion-finite-workloads/)，即：
+一个 CronJob 对象就像 _crontab_ (cron table) 文件中的一行。它用 [Cron](https://en.wikipedia.org/wiki/Cron) 格式进行编写，并周期性的在给定的调度时间执行 Job。
 
-* 在给定时间点只运行一次
-* 在给定时间点周期性地运行
+{{< note >}}
+<!--All **CronJob** `schedule:` times are denoted in UTC.-->
+所有 **CronJob** 的 `schedule:` 时间都是用 UTC 表示。
+{{< /note >}}
 
-一个 CronJob 对象类似于 _crontab_ （cron table）文件中的一行。它根据指定的预定计划周期性地运行一个 Job，格式可以参考 [Cron](https://en.wikipedia.org/wiki/Cron) 。
+<!--
+For instructions on creating and working with cron jobs, and for an example of a spec file for a cron job, see [Running automated tasks with cron jobs](/docs/tasks/job/automated-tasks-with-cron-jobs).
+-->
 
+有关创建和使用 CronJob 的说明及规范文件的示例，请参见 [使用 CronJob 运行自动任务](/docs/tasks/job/automated-tasks-with-cron-jobs)。
 
 
-**注意：** 在预定计划中，问号（`?`）和星号（`*`）的意义是相同的，表示给定字段的取值是任意可用值。
+{{% /capture %}}
 
-**注意：** 在 Kubernetes 1.4 版本引入了 ScheduledJob 资源，但从 1.5 版本开始改成了 CronJob。
 
-典型的用法如下所示：
+{{% capture body %}}
 
+<!--
+## Cron Job Limitations
 
+A cron job creates a job object _about_ once per execution time of its schedule. We say "about" because there
+are certain circumstances where two jobs might be created, or no job might be created. We attempt to make these rare,
+but do not completely prevent them. Therefore, jobs should be _idempotent_.
+-->
 
-* 在给定的时间点调度 Job 运行
-* 创建周期性运行的 Job，例如：数据库备份、发送邮件。
+## CronJob 限制
 
-### 前提条件
+CronJob 创建 Job 对象，每个 Job 的执行次数大约为一次。
+我们之所以说 "大约"，是因为在某些情况下，可能会创建两个 Job，或者不会创建任何 Job。
+我们试图使这些情况尽量少发生，但不能完全杜绝。因此，Job 应该是 _幂等的_。
 
+<!--
+If `startingDeadlineSeconds` is set to a large value or left unset (the default)
+and if `concurrencyPolicy` is set to `Allow`, the jobs will always run
+at least once.
+-->
 
+如果 `startingDeadlineSeconds` 设置为很大的数值或未设置（默认），并且 `concurrencyPolicy` 设置为 `Allow`，则作业将始终至少运行一次。
 
-当使用的 Kubernetes 集群，版本 >= 1.4（对 ScheduledJob），>= 1.5（对 CronJob），当启动 API Server（参考 [为集群开启或关闭 API 版本](/docs/admin/cluster-management/#turn-on-or-off-an-api-version-for-your-cluster) 获取更多信息）时，通过传递选项 `--runtime-config=batch/v2alpha1=true`  可以开启 batch/v2alpha1 API。
+<!--
+For every CronJob, the CronJob controller checks how many schedules it missed in the duration from its last scheduled time until now. If there are more than 100 missed schedules, then it does not start the job and logs the error
+-->
 
-## 创建 Cron Job
+对于每个 CronJob，CronJob 控制器检查从上一次调度的时间点到现在所错过了调度次数。如果错过的调度次数超过 100 次，那么它就不会启动这个任务，并记录这个错误:
 
-下面是一个 Cron Job 的例子。它会每分钟运行一个 Job，打印出当前时间并输出问候语 hello。
+````
+Cannot determine if job needs to be started. Too many missed start time (> 100). Set or decrease .spec.startingDeadlineSeconds or check clock skew.
 
-% include code.html language="yaml" file="cronjob.yaml" ghlink="/docs/concepts/workloads/controllers/cronjob.yaml" %}
+````
 
-下载并运行该示例 Cron Job，然后执行如下命令：
+<!--
+It is important to note that if the `startingDeadlineSeconds` field is set (not `nil`), the controller counts how many missed jobs occurred from the value of `startingDeadlineSeconds` until now rather than from the last scheduled time until now. For example, if `startingDeadlineSeconds` is `200`, the controller counts how many missed jobs occurred in the last 200 seconds.
+-->
 
-```shell
-$ kubectl create -f ./cronjob.yaml
-cronjob "hello" created
-```
+需要注意的是，如果设置 `startingDeadlineSeconds` 字段非空，则控制器会统计从 `startingDeadlineSeconds` 的值到现在而不是从上一个计划时间到现在错过了多少次 Job。例如，如果 `startingDeadlineSeconds` 是 `200`，则控制器会统计在过去 200 秒中错过了多少次 Job。
 
+<!--
+A CronJob is counted as missed if it has failed to be created at its scheduled time. For example, If `concurrencyPolicy` is set to `Forbid` and a CronJob was attempted to be scheduled when there was a previous schedule still running, then it would count as missed.
+-->
 
+如果未能在调度时间内创建 CronJob，则计为错过。例如，如果 `concurrencyPolicy` 被设置为 `Forbid`，并且当前有一个调度仍在运行的情况下，试图调度的 CronJob 将被计算为错过。
 
-可选地，使用 `kubectl run` 创建一个 Cron Job，不需要写完整的配置：
+<!--
+For example, suppose a cron job is set to start at exactly `08:30:00` and its
+`startingDeadlineSeconds` is set to 10, if the CronJob controller happens to
+be down from `08:29:00` to `08:42:00`, the job will not start.
+Set a longer `startingDeadlineSeconds` if starting later is better than not
+starting at all.
+-->
 
-```shell
-$ kubectl run hello --schedule="*/1 * * * *" --restart=OnFailure --image=busybox -- /bin/sh -c "date; echo Hello from the Kubernetes cluster"
-cronjob "hello" created
-```
+例如，假设一个 CronJob 被设置为`08:30:00` 准时开始，它的 `startingDeadlineSeconds` 属性被设置为10，如果在`08:29:00` 时将 CronJob 控制器的时间改为 `08:42:00`，Job 将不会启动。
+如果觉得晚些开始比没有启动好，那请设置一个较长的 `startingDeadlineSeconds`。
 
+<!--
+The Cronjob is only responsible for creating Jobs that match its schedule, and
+the Job in turn is responsible for the management of the Pods it represents.
+-->
 
+CronJob 只负责创建与其时间表相匹配的 Job，相应的 Job 又会负责管理它所代表的Pod。
 
 创建该 Cron Job 之后，通过如下命令获取它的状态信息：
 
diff --git a/content/zh/docs/concepts/workloads/controllers/daemonset.md b/content/zh/docs/concepts/workloads/controllers/daemonset.md
index 60822051ba29d..e8a79277a8953 100644
--- a/content/zh/docs/concepts/workloads/controllers/daemonset.md
+++ b/content/zh/docs/concepts/workloads/controllers/daemonset.md
@@ -1,163 +1,416 @@
 ---
-approvers:
+reviewers:
+- enisoc
 - erictune
+- foxish
+- janetkuo
+- kow3ns
 title: DaemonSet
-redirect_from:
-- "/docs/admin/daemons/"
-- "/docs/admin/daemons.html"
+content_template: templates/concept
+weight: 50
 ---
 
-{{< toc >}}
+<!--
+---
+reviewers:
+- enisoc
+- erictune
+- foxish
+- janetkuo
+- kow3ns
+title: DaemonSet
+content_template: templates/concept
+weight: 50
+---
+--->
+
+{{% capture overview %}}
+
+<!--
+A _DaemonSet_ ensures that all (or some) Nodes run a copy of a Pod.  As nodes are added to the
+cluster, Pods are added to them.  As nodes are removed from the cluster, those Pods are garbage
+collected.  Deleting a DaemonSet will clean up the Pods it created.
+--->
+ _DaemonSet_ 确保全部（或者某些）节点上运行一个 Pod 的副本。当有节点加入集群时，
+也会为他们新增一个 Pod 。当有节点从集群移除时，这些 Pod 也会被回收。删除 DaemonSet 将会删除它创建的所有 Pod。
+
+<!--
+Some typical uses of a DaemonSet are:
+
+- running a cluster storage daemon, such as `glusterd`, `ceph`, on each node.
+- running a logs collection daemon on every node, such as `fluentd` or `logstash`.
+- running a node monitoring daemon on every node, such as [Prometheus Node Exporter](
+  https://github.com/prometheus/node_exporter), `collectd`, [Dynatrace OneAgent](https://www.dynatrace.com/technologies/kubernetes-monitoring/), [AppDynamics Agent](https://docs.appdynamics.com/display/CLOUD/Container+Visibility+with+Kubernetes), [Datadog agent](https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/), [New Relic agent](https://docs.newrelic.com/docs/integrations/kubernetes-integration/installation/kubernetes-installation-configuration), Ganglia `gmond` or Instana agent.
+--->
+使用 DaemonSet 的一些典型用法：
 
+- 运行集群存储 daemon，例如在每个节点上运行 `glusterd`、`ceph`。
+- 在每个节点上运行日志收集 daemon，例如`fluentd`、`logstash`。
+- 在每个节点上运行监控 daemon，例如 [Prometheus Node Exporter](https://github.com/prometheus/node_exporter)、`collectd`、[Dynatrace OneAgent](https://www.dynatrace.com/technologies/kubernetes-monitoring/)、 [AppDynamics 代理](https://docs.appdynamics.com/display/CLOUD/Container+Visibility+with+Kubernetes)、 [Datadog 代理](https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/)、[New Relic 代理](https://docs.newrelic.com/docs/integrations/kubernetes-integration/installation/kubernetes-installation-configuration), Ganglia `gmond` 或 Instana agent。
 
+<!--
+In a simple case, one DaemonSet, covering all nodes, would be used for each type of daemon.
+A more complex setup might use multiple DaemonSets for a single type of daemon, but with
+different flags and/or different memory and cpu requests for different hardware types.
+--->
+一个简单的用法是在所有的节点上都启动一个 DaemonSet，将被作为每种类型的 daemon 使
+用。
+一个稍微复杂的用法是单独对每种 daemon 类型使用多个 DaemonSet，但具有不同的标志，
+和/或对不同硬件类型具有不同的内存、CPU要求。
 
-## 什么是 DaemonSet？
+{{% /capture %}}
 
- _DaemonSet_ 确保全部（或者某些）节点上运行一个 Pod 的副本。当有节点加入集群时，也会为他们新增一个 Pod 。
- 当有节点从集群移除时，这些 Pod 也会被回收。删除 DaemonSet 将会删除它创建的所有 Pod。
 
- 
+{{% capture body %}}
 
-使用 DaemonSet 的一些典型用法：
+<!--
+## Writing a DaemonSet Spec
 
-- 运行集群存储 daemon，例如在每个节点上运行 `glusterd`、`ceph`。
-- 在每个节点上运行日志收集 daemon，例如`fluentd`、`logstash`。
-- 在每个节点上运行监控 daemon，例如 [Prometheus Node Exporter](https://github.com/prometheus/node_exporter)、`collectd`、Datadog 代理、New Relic 代理，或 Ganglia `gmond`。
+### Create a DaemonSet
+--->
+## 编写 DaemonSet 规约 
 
-一个简单的用法是在所有的节点上都启动一个 DaemonSet，将被作为每种类型的 daemon 使用。
-一个稍微复杂的用法是单独对每种 daemon 类型使用多个 DaemonSet，但具有不同的标志，和/或对不同硬件类型具有不同的内存、CPU要求。
+### 创建 DaemonSet
 
+<!--
+You can describe a DaemonSet in a YAML file. For example, the `daemonset.yaml` file below describes a DaemonSet that runs the fluentd-elasticsearch Docker image:
 
+{{< codenew file="controllers/daemonset.yaml" >}}
 
-## 编写 DaemonSet 规约
+* Create a DaemonSet based on the YAML file:
+```
+kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml
+```
+--->
+您可以在 YAML 文件中描述 DaemonSet。例如，下面的 daemonset.yaml 文件描述了一个运行 fluentd-elasticsearch Docker 镜像的 DaemonSet：
 
-### 必需字段
+{{< codenew file="controllers/daemonset.yaml" >}}
+
+* 基于 YAML 文件创建 DaemonSet:
+```
+kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml
+```
 
+<!--
+### Required Fields
 
+As with all other Kubernetes config, a DaemonSet needs `apiVersion`, `kind`, and `metadata` fields.  For
+general information about working with config files, see [deploying applications](/docs/user-guide/deploying-applications/),
+[configuring containers](/docs/tasks/), and [object management using kubectl](/docs/concepts/overview/object-management-kubectl/overview/) documents.
 
-和其它所有 Kubernetes 配置一样，DaemonSet 需要 `apiVersion`、`kind` 和 `metadata` 字段。
-有关配置文件的基本信息，详见文档 [deploying applications](/docs/user-guide/deploying-applications/)、[配置容器](/docs/user-guide/configuring-containers/) 和 [资源管理](/docs/concepts/tools/kubectl/object-management-overview/) 。
+A DaemonSet also needs a [`.spec`](https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status) section.
+--->
+### 必需字段
+和其它所有 Kubernetes 配置一样，DaemonSet 需要 `apiVersion`、`kind` 和 `metadata` 字段。有关配置文件的基本信息，详见文档 [部署应用](/docs/user-guide/deploying-applications/)、[配置容器](/docs/tasks/) 和 [使用kubectl进行对象管理](/docs/concepts/overview/object-management-kubectl/overview/) 。
 
 DaemonSet 也需要一个 [`.spec`](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status) 配置段。
 
+<!--
+### Pod Template
 
+The `.spec.template` is one of the required fields in `.spec`.
 
-### Pod 模板
+The `.spec.template` is a [pod template](/docs/concepts/workloads/pods/pod-overview/#pod-templates). It has exactly the same schema as a [Pod](/docs/concepts/workloads/pods/pod/), except it is nested and does not have an `apiVersion` or `kind`.
 
-`.spec` 唯一必需的字段是 `.spec.template`。
+In addition to required fields for a Pod, a Pod template in a DaemonSet has to specify appropriate
+labels (see [pod selector](#pod-selector)).
 
+A Pod Template in a DaemonSet must have a [`RestartPolicy`](/docs/user-guide/pod-states)
+ equal to `Always`, or be unspecified, which defaults to `Always`.
+--->
+### Pod 模板
 
+`.spec` 唯一必需的字段是 `.spec.template`。
 
-`.spec.template` 是一个 [Pod 模板](/docs/user-guide/replication-controller/#pod-template)。
-它与 [Pod](/docs/user-guide/pods) 具有相同的 schema，除了它是嵌套的，而且不具有 `apiVersion` 或 `kind` 字段。
+`.spec.template` 是一个 [Pod 模板](/docs/concepts/workloads/pods/pod-overview/#pod-templates)。它与 [Pod](/docs/concepts/workloads/pods/pod/) 具有相同的 schema，除了它是嵌套的，而且不具有 `apiVersion` 或 `kind` 字段。
 
 除了 Pod 必需字段外，在 DaemonSet 中的 Pod 模板必须指定合理的标签（查看 [Pod Selector](#pod-selector)）。
 
 在 DaemonSet 中的 Pod 模板必须具有一个值为 `Always` 的 [`RestartPolicy`](/docs/user-guide/pod-states)，或者未指定它的值，默认是 `Always`。
 
+<!--
+### Pod Selector
 
+The `.spec.selector` field is a pod selector.  It works the same as the `.spec.selector` of
+a [Job](/docs/concepts/jobs/run-to-completion-finite-workloads/).
 
+As of Kubernetes 1.8, you must specify a pod selector that matches the labels of the
+`.spec.template`. The pod selector will no longer be defaulted when left empty. Selector
+defaulting was not compatible with `kubectl apply`. Also, once a DaemonSet is created,
+its `.spec.selector` can not be mutated. Mutating the pod selector can lead to the
+unintentional orphaning of Pods, and it was found to be confusing to users.
+--->
 ### Pod Selector
 
-`.spec.selector` 字段表示 Pod Selector，它与 [Job](/docs/concepts/jobs/run-to-completion-finite-workloads/) 或其它资源的 `.spec.selector` 的作用是相同的。
-
-`spec.selector` 表示一个对象，它由如下两个字段组成：
+`.spec.selector` 字段表示 Pod Selector，它与 [Job](/docs/concepts/jobs/run-to-completion-finite-workloads/) 的 `.spec.selector` 的作用是相同的。
 
-* `matchLabels` - 与 [ReplicationController](/docs/concepts/workloads/controllers/replicationcontroller/) 的 `.spec.selector` 的作用相同。
-* `matchExpressions` - 允许构建更加复杂的 Selector，可以通过指定 key、value 列表，以及与 key 和 value 列表相关的操作符。
+从 Kubernetes 1.8开始，您必须指定与 `.spec.template` 的标签匹配的 pod selector。当不配置时，pod selector 将不再有默认值。selector 默认与 `kubectl apply` 不兼容。 此外，一旦创建了 DaemonSet，它的 `.spec.selector` 就不能修改。修改 pod selector 可能导致成为 孤儿Pod，并且这对用户来说是困惑的。
 
+<!--
+The `.spec.selector` is an object consisting of two fields:
 
+* `matchLabels` - works the same as the `.spec.selector` of a [ReplicationController](/docs/concepts/workloads/controllers/replicationcontroller/).
+* `matchExpressions` - allows to build more sophisticated selectors by specifying key,
+  list of values and an operator that relates the key and values.
 
-当上述两个字段都指定时，结果表示的是 AND 关系。
+When the two are specified the result is ANDed.
 
-如果指定了 `.spec.selector`，必须与 `.spec.template.metadata.labels` 相匹配。如果没有指定，它们默认是等价的。如果与它们配置的不匹配，则会被 API 拒绝。
+If the `.spec.selector` is specified, it must match the `.spec.template.metadata.labels`. Config with these not matching will be rejected by the API.
 
-如果 Pod 的 label 与 selector 匹配，或者直接基于其它的 DaemonSet、或者 Controller（例如 ReplicationController），也不可以创建任何 Pod。
-否则 DaemonSet Controller 将认为那些 Pod 是它创建的。Kubernetes 不会阻止这样做。一个场景是，可能希望在一个具有不同值的、用来测试用的节点上手动创建 Pod。
+Also you should not normally create any Pods whose labels match this selector, either directly, via
+another DaemonSet, or via other controller such as ReplicaSet.  Otherwise, the DaemonSet
+controller will think that those Pods were created by it.  Kubernetes will not stop you from doing
+this.  One case where you might want to do this is manually create a Pod with a different value on
+a node for testing.
+--->
+`spec.selector` 表示一个对象，它由如下两个字段组成：
 
+* `matchLabels` - 与 [ReplicationController](/docs/concepts/workloads/controllers/replicationcontroller/) 的 `.spec.selector` 的作用相同。
+* `matchExpressions` - 允许构建更加复杂的 Selector，可以通过指定 key、value 列表
+，以及与 key 和 value 列表相关的操作符。
 
+当上述两个字段都指定时，结果表示的是 AND 关系。
 
-### 仅在某些节点上运行 Pod
+如果指定了 `.spec.selector`，必须与 `.spec.template.metadata.labels` 相匹配。如果与它们配置的不匹配，则会被 API 拒绝。
 
-如果指定了 `.spec.template.spec.nodeSelector`，DaemonSet Controller 将在能够与 [Node Selector](/docs/concepts/configuration/assign-pod-node/) 匹配的节点上创建 Pod。
-类似这种情况，可以指定 `.spec.template.spec.affinity`，然后 DaemonSet Controller 将在能够与 [Node Affinity](/docs/concepts/configuration/assign-pod-node/) 匹配的节点上创建 Pod。
-如果根本就没有指定，则 DaemonSet Controller 将在所有节点上创建 Pod。
+此外，您通常不应该创建任何 pods，它们的 label 与 selector 匹配，或者直接创建，或者通过另一个 DaemonSet、或者其他控制器，比如 ReplicaSet。否则，DaemonSet 控制器会认为这些 Pod 是由它创建的。Kubernetes 不会阻止你这样做。 您可能希望这样做的一种情况是在节点上手动创建具有不同值的 Pod 以进行测试。
 
+<!--
+### Running Pods on Only Some Nodes
 
+If you specify a `.spec.template.spec.nodeSelector`, then the DaemonSet controller will
+create Pods on nodes which match that [node
+selector](/docs/concepts/configuration/assign-pod-node/). Likewise if you specify a `.spec.template.spec.affinity`,
+then DaemonSet controller will create Pods on nodes which match that [node affinity](/docs/concepts/configuration/assign-pod-node/).
+If you do not specify either, then the DaemonSet controller will create Pods on all nodes.
+--->
+### 仅在某些节点上运行 Pod
 
-## 如何调度 Daemon Pod
+如果指定了 `.spec.template.spec.nodeSelector`，DaemonSet Controller 将在能够与 [Node Selector](/docs/concepts/configuration/assign-pod-node/) 匹配的节点上创建 Pod。类似这种情况，可以指定 `.spec.template.spec.affinity`，然后 DaemonSet Controller 将在能够与 [node Affinity](/docs/concepts/configuration/assign-pod-node/) 匹配>的节点上创建 Pod。
+如果根本就没有指定，则 DaemonSet Controller 将在所有节点上创建 Pod。
 
-正常情况下，Pod 运行在哪个机器上是由 Kubernetes 调度器来选择的。然而，由 Daemon Controller 创建的 Pod 已经确定了在哪个机器上（Pod 创建时指定了 `.spec.nodeName`），因此：
+<!--
+## How Daemon Pods are Scheduled
 
-- DaemonSet Controller 并不关心一个节点的 [`unschedulable`](/docs/admin/node/#manual-node-administration) 字段。
-- DaemonSet Controller 可以创建 Pod，即使调度器还没有启动，这对集群启动是非常有帮助的。
+### Scheduled by DaemonSet controller (disabled by default since 1.12)
 
+Normally, the machine that a Pod runs on is selected by the Kubernetes scheduler. However, Pods
+created by the DaemonSet controller have the machine already selected (`.spec.nodeName` is specified
+when the Pod is created, so it is ignored by the scheduler).  Therefore:
 
+ - The [`unschedulable`](/docs/admin/node/#manual-node-administration) field of a node is not respected
+   by the DaemonSet controller.
+ - The DaemonSet controller can make Pods even when the scheduler has not been started, which can help cluster
+   bootstrap.
+--->
+## 如何调度 Daemon Pods
 
-Daemon Pod 关心 [Taint 和 Toleration](/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature)，它们会为没有指定 `tolerationSeconds` 的 `node.kubernetes.io/not-ready` 和 `node.alpha.kubernetes.io/unreachable` 的 Taint，创建具有 `NoExecute` 的 Toleration。这确保了当 alpha 特性的 `TaintBasedEvictions` 被启用时，发生节点故障，比如网络分区，这时它们将不会被清除掉（当 `TaintBasedEvictions` 特性没有启用，在这些场景下也不会被清除，但会因为 NodeController 的硬编码行为而被清除，而不会因为 Toleration 导致被清除）。
+### 由 DaemonSet 控制器调度（从v1.12 开始默认禁用）
 
+正常情况下，Pod 运行在哪个机器上是由 Kubernetes 调度器来选择的。然而，由 DaemonSet Controller 创建的 Pod 已经确定了在哪个机器上（Pod 创建时指定了 `.spec.nodeName`，调度器会忽略它），因此：
 
+- DaemonSet Controller 并不关心一个节点的 [`unschedulable`](/docs/admin/node/#manual-node-administration) 字段。
+- DaemonSet Controller 可以创建 Pod，即使调度器还没有启动，这对集群启动是非常有帮助的。
 
-## 与 Daemon Pod 通信
+<!--
+### Scheduled by default scheduler (enabled by default since 1.12)
+
+{{< feature-state state="beta" for-kubernetes-version="1.12" >}}
+
+A DaemonSet ensures that all eligible nodes run a copy of a Pod. Normally, the
+node that a Pod runs on is selected by the Kubernetes scheduler. However,
+DaemonSet pods are created and scheduled by the DaemonSet controller instead.
+That introduces the following issues:
+
+ * Inconsistent Pod behavior: Normal Pods waiting to be scheduled are created
+   and in `Pending` state, but DaemonSet pods are not created in `Pending`
+   state. This is confusing to the user.
+ * [Pod preemption](/docs/concepts/configuration/pod-priority-preemption/)
+   is handled by default scheduler. When preemption is enabled, the DaemonSet controller
+   will make scheduling decisions without considering pod priority and preemption.
+--->
+### 由默认 scheduler 调度（从v1.12开始默认开启）
+
+{{< feature-state state="beta" for-kubernetes-version="1.12" >}}
+
+DaemonSet 确保所有符合条件的节点都运行一个 Pod 的副本。通常，运行 Pod 的节点由 Kubernetes scheduler 选择。然而，DaemonSet pods 由 DaemonSet controller 创建和调度。这将引入以下问题：
+
+ * Pod 行为的不一致性：等待调度的正常 Pod 已被创建并处于 `Pending` 状态，但 DaemonSet pods 未在 `Pending` 状态下创建。 这使用户感到困惑。
+ * [Pod preemption](/docs/concepts/configuration/pod-priority-preemption/)由默认 scheduler 处理。 启用抢占后，DaemonSet 控制器将在不考虑 pod 优先级和抢占的情况下制定调度决策。
+
+<!--
+`ScheduleDaemonSetPods` allows you to schedule DaemonSets using the default
+scheduler instead of the DaemonSet controller, by adding the `NodeAffinity` term
+to the DaemonSet pods, instead of the `.spec.nodeName` term. The default
+scheduler is then used to bind the pod to the target host. If node affinity of
+the DaemonSet pod already exists, it is replaced. The DaemonSet controller only
+performs these operations when creating or modifying DaemonSet pods, and no
+changes are made to the `spec.template` of the DaemonSet.
+--->
+`ScheduleDaemonSetPods` 允许您使用默认 scheduler 而不是 DaemonSet 控制器来调度 DaemonSets，方法是将 `NodeAffinity` 添加到 DaemonSet pods，而不是 `.spec.nodeName`。 然后使用默认 scheduler 将 pod 绑定到目标主机。 如果 DaemonSet pod的亲和节点已存在，则替换它。 DaemonSet 控制器仅在创建或修改 DaemonSet pods 时执行这些操作，并且不对 DaemonSet的 `spec.template` 进行任何更改。
+
+```yaml
+nodeAffinity:
+  requiredDuringSchedulingIgnoredDuringExecution:
+    nodeSelectorTerms:
+    - matchFields:
+      - key: metadata.name
+        operator: In
+        values:
+        - target-host-name
+```
+
+<!--
+In addition, `node.kubernetes.io/unschedulable:NoSchedule` toleration is added
+automatically to DaemonSet Pods. The default scheduler ignores
+`unschedulable` Nodes when scheduling DaemonSet Pods.
+--->
+此外，`node.kubernetes.io/unschedulable：NoSchedule` toleration 会自动添加到 DaemonSet Pods。 在调度DaemonSet Pod 时，默认调度器会忽略 `unschedulable`节点。
+
+<!--
+### Taints and Tolerations
+
+Although Daemon Pods respect
+[taints and tolerations](/docs/concepts/configuration/taint-and-toleration),
+the following tolerations are added to DaemonSet Pods automatically according to
+the related features.
+--->
+### Taints and Tolerations
+
+尽管 Daemon Pods 尊重[taints and tolerations](/docs/concepts/configuration/taint-and-toleration)，根据相关特性，会自动将以下 tolerations 添加到 DaemonSet Pods 中。
+
+| Toleration Key                           | Effect     | Version | Description                                                  |
+| ---------------------------------------- | ---------- | ------- | ------------------------------------------------------------ |
+| `node.kubernetes.io/not-ready`           | NoExecute  | 1.13+    | DaemonSet pods will not be evicted when there are node problems such as a network partition. |
+| `node.kubernetes.io/unreachable`         | NoExecute  | 1.13+    | DaemonSet pods will not be evicted when there are node problems such as a network partition. |
+| `node.kubernetes.io/disk-pressure`       | NoSchedule | 1.8+    |                                                              |
+| `node.kubernetes.io/memory-pressure`     | NoSchedule | 1.8+    |                                                              |
+| `node.kubernetes.io/unschedulable`       | NoSchedule | 1.12+   | DaemonSet pods tolerate unschedulable attributes by default scheduler.                                                    |
+| `node.kubernetes.io/network-unavailable` | NoSchedule | 1.12+   | DaemonSet pods, who uses host network, tolerate network-unavailable attributes by default scheduler.                      |
+
+
+
+<!--
+## Communicating with Daemon Pods
+
+Some possible patterns for communicating with Pods in a DaemonSet are:
+
+- **Push**: Pods in the DaemonSet are configured to send updates to another service, such
+  as a stats database.  They do not have clients.
+- **NodeIP and Known Port**: Pods in the DaemonSet can use a `hostPort`, so that the pods are reachable via the node IPs.  Clients know the list of node IPs somehow, and know the port by convention.
+- **DNS**: Create a [headless service](/docs/concepts/services-networking/service/#headless-services) with the same pod selector,
+  and then discover DaemonSets using the `endpoints` resource or retrieve multiple A records from
+  DNS.
+- **Service**: Create a service with the same Pod selector, and use the service to reach a
+  daemon on a random node. (No way to reach specific node.)
+--->
+## 与 Daemon Pods 通信
 
 与 DaemonSet 中的 Pod 进行通信，几种可能的模式如下：
 
 - **Push**：配置 DaemonSet 中的 Pod 向其它 Service 发送更新，例如统计数据库。它们没有客户端。
-- **NodeIP 和已知端口**：DaemonSet 中的 Pod 可以使用 `hostPort`，从而可以通过节点 IP 访问到 Pod。客户端能通过某种方法知道节点 IP 列表，并且基于此也可以知道端口。
-- **DNS**：创建具有相同 Pod Selector 的 [Headless Service](/docs/user-guide/services/#headless-services)，然后通过使用 `endpoints` 资源或从 DNS 检索到多个 A 记录来发现 DaemonSet。
+- **NodeIP 和已知端口**：DaemonSet 中的 Pod 可以使用 `hostPort`，从而可以通过节点 IP 访问到 Pod。客户端能通过某种方法知道节点 IP 列表，并且基于此也可以知道端口
+。
+- **DNS**：创建具有相同 Pod Selector 的 [Headless Service](/docs/concepts/services-networking/service/#headless-services)，然后通过使用 `endpoints` 资源或从 DNS 检索到多个 A 记录来发现 DaemonSet。
 - **Service**：创建具有相同 Pod Selector 的 Service，并使用该 Service 随机访问到某个节点上的 daemon（没有办法访问到特定节点）。
 
+<!--
+## Updating a DaemonSet
 
+If node labels are changed, the DaemonSet will promptly add Pods to newly matching nodes and delete
+Pods from newly not-matching nodes.
 
-## 更新 DaemonSet
-
-如果修改了节点标签（Label），DaemonSet 将立刻向新匹配上的节点添加 Pod，同时删除新近不能够匹配的节点上的 Pod。
+You can modify the Pods that a DaemonSet creates.  However, Pods do not allow all
+fields to be updated.  Also, the DaemonSet controller will use the original template the next
+time a node (even with the same name) is created.
 
-我们可以修改 DaemonSet 创建的 Pod。然而，不允许对 Pod 的所有字段进行更新。当下次节点（即使具有相同的名称）被创建时，DaemonSet Controller 还会使用最初的模板。
+You can delete a DaemonSet.  If you specify `--cascade=false` with `kubectl`, then the Pods
+will be left on the nodes.  You can then create a new DaemonSet with a different template.
+The new DaemonSet with the different template will recognize all the existing Pods as having
+matching labels.  It will not modify or delete them despite a mismatch in the Pod template.
+You will need to force new Pod creation by deleting the Pod or deleting the node.
+--->
+## 更新 DaemonSet
 
+如果修改了节点标签（Label），DaemonSet 将立刻向新匹配上的节点添加 Pod，同时删除不能够匹配的节点上的 Pod。
 
+您可以修改 DaemonSet 创建的 Pod。然而，不允许对 Pod 的所有字段进行更新。当下次
+节点（即使具有相同的名称）被创建时，DaemonSet Controller 还会使用最初的模板。
 
-可以删除一个 DaemonSet。如果使用 `kubectl` 并指定 `--cascade=false` 选项，则 Pod 将被保留在节点上。然后可以创建具有不同模板的新 DaemonSet。具有不同模板的新 DaemonSet 将能够通过标签匹配并识别所有已经存在的 Pod。它不会修改或删除它们，即使是错误匹配了 Pod 模板。通过删除 Pod 或者删除节点，可以强制创建新的 Pod。
+您可以删除一个 DaemonSet。如果使用 `kubectl` 并指定 `--cascade=false` 选项，则 Pod 将被保留在节点上。然后可以创建具有不同模板的新 DaemonSet。具有不同模板的新 DaemonSet 将能够通过标签匹配并识别所有已经存在的 Pod。它不会修改或删除它们，即使是错误匹配了 Pod 模板。通过删除 Pod 或者删除节点，可以强制创建新的 Pod。
 
+<!--
+In Kubernetes version 1.6 and later, you can [perform a rolling update](/docs/tasks/manage-daemon/update-daemon-set/) on a DaemonSet.
+--->
 在 Kubernetes 1.6 或以后版本，可以在 DaemonSet 上 [执行滚动升级](/docs/tasks/manage-daemon/update-daemon-set/)。
 
-未来的 Kubernetes 版本将支持节点的可控更新。
+<!--
+## Alternatives to DaemonSet
 
+### Init Scripts
 
+It is certainly possible to run daemon processes by directly starting them on a node (e.g. using
+`init`, `upstartd`, or `systemd`).  This is perfectly fine.  However, there are several advantages to
+running such processes via a DaemonSet:
 
+- Ability to monitor and manage logs for daemons in the same way as applications.
+- Same config language and tools (e.g. Pod templates, `kubectl`) for daemons and applications.
+- Running daemons in containers with resource limits increases isolation between daemons from app
+  containers.  However, this can also be accomplished by running the daemons in a container but not in a Pod
+  (e.g. start directly via Docker).
+--->
 ## DaemonSet 的可替代选择
 
 ### init 脚本
 
 我们很可能希望直接在一个节点上启动 daemon 进程（例如，使用 `init`、`upstartd`、或 `systemd`）。这非常好，但基于 DaemonSet 来运行这些进程有如下一些好处：
 
-
-
 - 像对待应用程序一样，具备为 daemon 提供监控和管理日志的能力。
 - 为 daemon 和应用程序使用相同的配置语言和工具（如 Pod 模板、`kubectl`）。
-- Kubernetes 未来版本可能会支持对 DaemonSet 创建 Pod 与节点升级工作流进行集成。
 - 在资源受限的容器中运行 daemon，能够增加 daemon 和应用容器的隔离性。然而，这也实现了在容器中运行 daemon，但却不能在 Pod 中运行（例如，直接基于 Docker 启动）。
 
+<!--
+### Bare Pods
 
-
+It is possible to create Pods directly which specify a particular node to run on.  However,
+a DaemonSet replaces Pods that are deleted or terminated for any reason, such as in the case of
+node failure or disruptive node maintenance, such as a kernel upgrade. For this reason, you should
+use a DaemonSet rather than creating individual Pods.
+--->
 ### 裸 Pod
 
-可能要直接创建 Pod，同时指定其运行在特定的节点上。
-然而，DaemonSet 替换了由于任何原因被删除或终止的 Pod，例如节点失败、例行节点维护、内核升级。由于这个原因，我们应该使用 DaemonSet 而不是单独创建 Pod。
-
+可能要直接创建 Pod，同时指定其运行在特定的节点上。然而，DaemonSet 替换了由于任何原因被删除或终止的 Pod，例如节点失败、例行节点维护、内核升级。由于这个原因，我们应该使用 DaemonSet 而不是单独创建 Pod。
 
+<!--
+### Static Pods
 
+It is possible to create Pods by writing a file to a certain directory watched by Kubelet.  These
+are called [static pods](/docs/concepts/cluster-administration/static-pod/).
+Unlike DaemonSet, static Pods cannot be managed with kubectl
+or other Kubernetes API clients.  Static Pods do not depend on the apiserver, making them useful
+in cluster bootstrapping cases.  Also, static Pods may be deprecated in the future.
+--->
 ### 静态 Pod
 
 可能需要通过在一个指定目录下编写文件来创建 Pod，该目录受 Kubelet 所监视。这些 Pod 被称为 [静态 Pod](/docs/concepts/cluster-administration/static-pod/)。
-不像 DaemonSet，静态 Pod 不受 kubectl 和其它 Kubernetes API 客户端管理。静态 Pod 不依赖于 apiserver，这使得它们在集群启动的情况下非常有用。
-而且，未来静态 Pod 可能会被废弃掉。
+不像 DaemonSet，静态 Pod 不受 kubectl 和其它 Kubernetes API 客户端管理。静态 Pod 不依赖于 apiserver，这使得它们在集群启动的情况下非常有用。而且，未来静态 Pod 可能会被废弃掉。
 
+<!--
+### Deployments
 
+DaemonSets are similar to [Deployments](/docs/concepts/workloads/controllers/deployment/) in that
+they both create Pods, and those Pods have processes which are not expected to terminate (e.g. web servers,
+storage servers).
 
-### Replication Controller
+Use a Deployment for stateless services, like frontends, where scaling up and down the
+number of replicas and rolling out updates are more important than controlling exactly which host
+the Pod runs on.  Use a DaemonSet when it is important that a copy of a Pod always run on
+all or certain hosts, and when it needs to start before other Pods.
+--->
+### Deployments
 
-DaemonSet 与 [Replication Controller](/docs/user-guide/replication-controller) 非常类似，它们都能创建 Pod，这些 Pod 对应的进程都不希望被终止掉（例如，Web 服务器、存储服务器）。
-为无状态的 Service 使用 Replication Controller，比如前端（Frontend）服务，实现对副本的数量进行扩缩容、平滑升级，比之于精确控制 Pod 运行在某个主机上要重要得多。
+DaemonSet 与 [Deployments](/docs/concepts/workloads/controllers/deployment/)非常类似，它们都能创建 Pod，这些 Pod 对应的进程都不希望被终止掉（例如，Web 服务器、存储服务器）。
+为无状态的 Service 使用 Deployments，比如前端 Frontend 服务，实现对副本的数量进行扩缩容、平滑升级，比基于精确控制 Pod 运行在某个主机上要重要得多。
 需要 Pod 副本总是运行在全部或特定主机上，并需要先于其他 Pod 启动，当这被认为非常重要时，应该使用 Daemon Controller。
 
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/workloads/controllers/replicaset.md b/content/zh/docs/concepts/workloads/controllers/replicaset.md
new file mode 100644
index 0000000000000..8fc47968cb78a
--- /dev/null
+++ b/content/zh/docs/concepts/workloads/controllers/replicaset.md
@@ -0,0 +1,416 @@
+---
+reviewers:
+- Kashomon
+- bprashanth
+- madhusudancs
+title: ReplicaSet
+content_template: templates/concept
+weight: 10
+---
+
+{{% capture overview %}}
+
+<!--
+ReplicaSet is the next-generation Replication Controller. The only difference
+between a _ReplicaSet_ and a
+[_Replication Controller_](/docs/concepts/workloads/controllers/replicationcontroller/) right now is
+the selector support. ReplicaSet supports the new set-based selector requirements
+as described in the [labels user guide](/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+whereas a Replication Controller only supports equality-based selector requirements.
+-->
+
+ReplicaSet 是下一代的 Replication Controller。 _ReplicaSet_ 和 [_Replication Controller_](/docs/concepts/workloads/controllers/replicationcontroller/) 的唯一区别是选择器的支持。ReplicaSet 支持新的基于集合的选择器需求，这在[标签用户指南](/docs/concepts/overview/working-with-objects/labels/#label-selectors)中有描述。而 Replication Controller 仅支持基于相等选择器的需求。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## How to use a ReplicaSet
+
+Most [`kubectl`](/docs/user-guide/kubectl/) commands that support
+Replication Controllers also support ReplicaSets. One exception is the
+[`rolling-update`](/docs/reference/generated/kubectl/kubectl-commands#rolling-update) command. If
+you want the rolling update functionality please consider using Deployments
+instead. Also, the
+[`rolling-update`](/docs/reference/generated/kubectl/kubectl-commands#rolling-update) command is
+imperative whereas Deployments are declarative, so we recommend using Deployments
+through the [`rollout`](/docs/reference/generated/kubectl/kubectl-commands#rollout) command.
+
+While ReplicaSets can be used independently, today it's mainly used by
+[Deployments](/docs/concepts/workloads/controllers/deployment/) as a mechanism to orchestrate pod
+creation, deletion and updates. When you use Deployments you don't have to worry
+about managing the ReplicaSets that they create. Deployments own and manage
+their ReplicaSets.
+-->
+
+## 怎样使用 ReplicaSet
+
+大多数支持 Replication Controllers 的[`kubectl`](/docs/user-guide/kubectl/)命令也支持 ReplicaSets。但[`rolling-update`](/docs/reference/generated/kubectl/kubectl-commands#rolling-update) 命令是个例外。如果您想要滚动更新功能请考虑使用 Deployment。[`rolling-update`](/docs/reference/generated/kubectl/kubectl-commands#rolling-update) 命令是必需的，而 Deployment 是声明性的，因此我们建议通过 [`rollout`](/docs/reference/generated/kubectl/kubectl-commands#rollout)命令使用 Deployment。
+
+虽然 ReplicaSets 可以独立使用，但今天它主要被[Deployments](/docs/concepts/workloads/controllers/deployment/) 用作协调 Pod 创建、删除和更新的机制。
+当您使用 Deployment 时，您不必担心还要管理它们创建的 ReplicaSet。Deployment 会拥有并管理它们的 ReplicaSet。
+
+<!--
+## When to use a ReplicaSet
+
+A ReplicaSet ensures that a specified number of pod replicas are running at any given
+time. However, a Deployment is a higher-level concept that manages ReplicaSets and
+provides declarative updates to pods along with a lot of other useful features.
+Therefore, we recommend using Deployments instead of directly using ReplicaSets, unless
+you require custom update orchestration or don't require updates at all.
+
+This actually means that you may never need to manipulate ReplicaSet objects:
+use a Deployment instead, and define your application in the spec section.
+-->
+
+## 什么时候使用 ReplicaSet
+
+ReplicaSet 确保任何时间都有指定数量的 Pod 副本在运行。
+然而，Deployment 是一个更高级的概念，它管理 ReplicaSet，并向 Pod 提供声明式的更新以及许多其他有用的功能。
+因此，我们建议使用 Deployment 而不是直接使用 ReplicaSet，除非您需要自定义更新业务流程或根本不需要更新。
+
+这实际上意味着，您可能永远不需要操作 ReplicaSet 对象：而是使用 Deployment，并在 spec 部分定义您的应用。
+
+<!--
+## Example
+-->
+## 示例
+
+{{< codenew file="controllers/frontend.yaml" >}}
+
+<!--
+Saving this manifest into `frontend.yaml` and submitting it to a Kubernetes cluster should
+create the defined ReplicaSet and the pods that it manages.
+-->
+
+将此清单保存到 `frontend.yaml` 中，并将其提交到 Kubernetes 集群，应该就能创建 yaml 文件所定义的 ReplicaSet 及其管理的 Pod。
+
+```shell
+$ kubectl create -f http://k8s.io/examples/controllers/frontend.yaml
+replicaset.apps/frontend created
+$ kubectl describe rs/frontend
+Name:		frontend
+Namespace:	default
+Selector:	tier=frontend,tier in (frontend)
+Labels:		app=guestbook
+		tier=frontend
+Annotations:	<none>
+Replicas:	3 current / 3 desired
+Pods Status:	3 Running / 0 Waiting / 0 Succeeded / 0 Failed
+Pod Template:
+  Labels:       app=guestbook
+                tier=frontend
+  Containers:
+   php-redis:
+    Image:      gcr.io/google_samples/gb-frontend:v3
+    Port:       80/TCP
+    Requests:
+      cpu:      100m
+      memory:   100Mi
+    Environment:
+      GET_HOSTS_FROM:   dns
+    Mounts:             <none>
+  Volumes:              <none>
+Events:
+  FirstSeen    LastSeen    Count    From                SubobjectPath    Type        Reason            Message
+  ---------    --------    -----    ----                -------------    --------    ------            -------
+  1m           1m          1        {replicaset-controller }             Normal      SuccessfulCreate  Created pod: frontend-qhloh
+  1m           1m          1        {replicaset-controller }             Normal      SuccessfulCreate  Created pod: frontend-dnjpy
+  1m           1m          1        {replicaset-controller }             Normal      SuccessfulCreate  Created pod: frontend-9si5l
+$ kubectl get pods
+NAME             READY     STATUS    RESTARTS   AGE
+frontend-9si5l   1/1       Running   0          1m
+frontend-dnjpy   1/1       Running   0          1m
+frontend-qhloh   1/1       Running   0          1m
+```
+
+<!--
+## Writing a ReplicaSet Spec
+
+As with all other Kubernetes API objects, a ReplicaSet needs the `apiVersion`, `kind`, and `metadata` fields.  For
+general information about working with manifests, see [object management using kubectl](/docs/concepts/overview/object-management-kubectl/overview/).
+
+A ReplicaSet also needs a [`.spec` section](https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status).
+-->
+
+## 编写 ReplicaSet Spec
+
+与所有其他 Kubernetes API 对象一样，ReplicaSet  也需要 `apiVersion`、`kind`、和 `metadata` 字段。有关使用清单的一般信息，请参见 [使用 kubectl 管理对象](/docs/concepts/overview/object-management-kubectl/overview/)。
+
+ReplicaSet 也需要 [`.spec`](https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status) 部分。
+
+<!--
+### Pod Template
+
+The `.spec.template` is the only required field of the `.spec`. The `.spec.template` is a 
+[pod template](/docs/concepts/workloads/pods/pod-overview/#pod-templates). It has exactly the same schema as a 
+[pod](/docs/concepts/workloads/pods/pod/), except that it is nested and does not have an `apiVersion` or `kind`.
+
+In addition to required fields of a pod, a pod template in a ReplicaSet must specify appropriate
+labels and an appropriate restart policy.
+
+For labels, make sure to not overlap with other controllers. For more information, see [pod selector](#pod-selector).
+
+For [restart policy](/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy), the only allowed value for `.spec.template.spec.restartPolicy` is `Always`, which is the default.
+
+For local container restarts, ReplicaSet delegates to an agent on the node,
+for example the [Kubelet](/docs/admin/kubelet/) or Docker.
+-->
+
+### Pod 模版
+
+`.spec.template` 是 `.spec` 唯一需要的字段。`.spec.template` 是 [Pod 模版](/docs/concepts/workloads/pods/pod-overview/#pod-templates)。它和 [Pod](/docs/concepts/workloads/pods/pod/) 的语法几乎完全一样，除了它是嵌套的并没有 `apiVersion` 和 `kind`。
+
+除了所需的 Pod 字段之外，ReplicaSet 中的 Pod 模板必须指定适当的标签和适当的重启策略。
+
+对于标签，请确保不要与其他控制器重叠。更多信息请参考 [Pod 选择器](#pod-selector)。
+
+对于 [重启策略](/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy)，`.spec.template.spec.restartPolicy` 唯一允许的取值是 `Always`，这也是默认值.
+
+对于本地容器重新启动，ReplicaSet 委托给了节点上的代理去执行，例如[Kubelet](/docs/admin/kubelet/) 或 Docker 去执行。
+
+<!--
+### Pod Selector
+
+The `.spec.selector` field is a [label selector](/docs/concepts/overview/working-with-objects/labels/). A ReplicaSet
+manages all the pods with labels that match the selector. It does not distinguish
+between pods that it created or deleted and pods that another person or process created or
+deleted. This allows the ReplicaSet to be replaced without affecting the running pods.
+
+The `.spec.template.metadata.labels` must match the `.spec.selector`, or it will
+be rejected by the API.
+
+In Kubernetes 1.9 the API version `apps/v1` on the ReplicaSet kind is the current version and is enabled by default. The API version `apps/v1beta2` is deprecated.
+-->
+
+### Pod 选择器
+
+`.spec.selector` 字段是[标签选择器](/docs/concepts/overview/working-with-objects/labels/)。ReplicaSet 管理所有标签匹配与标签选择器的 Pod。它不区分自己创建或删除的 Pod 和其他人或进程创建或删除的pod。这允许在不影响运行中的 Pod 的情况下替换副本集。
+
+`.spec.template.metadata.labels` 必须匹配 `.spec.selector`，否则它将被 API 拒绝。
+
+Kubernetes 1.9 版本中，API 版本 `apps/v1` 中的 ReplicaSet 类型的版本是当前版本并默认开启。API 版本 `apps/v1beta2` 被弃用。
+
+<!--
+Also you should not normally create any pods whose labels match this selector, either directly, with 
+another ReplicaSet, or with another controller such as a Deployment. If you do so, the ReplicaSet thinks that it 
+created the other pods. Kubernetes does not stop you from doing this.
+
+If you do end up with multiple controllers that have overlapping selectors, you
+will have to manage the deletion yourself.
+-->
+
+另外，通常您不应该创建标签与此选择器匹配的任何 Pod，或者直接与另一个 ReplicaSet 或另一个控制器（如 Deployment）标签匹配的任何 Pod。
+如果你这样做，ReplicaSet 会认为它创造了其他 Pod。Kubernetes 并不会阻止您这样做。
+
+如果您最终使用了多个具有重叠选择器的控制器，则必须自己负责删除。
+
+<!--
+### Labels on a ReplicaSet
+
+The ReplicaSet can itself have labels (`.metadata.labels`).  Typically, you
+would set these the same as the `.spec.template.metadata.labels`.  However, they are allowed to be
+different, and the `.metadata.labels` do not affect the behavior of the ReplicaSet.
+
+### Replicas
+
+You can specify how many pods should run concurrently by setting `.spec.replicas`. The number running at any time may be higher
+or lower, such as if the replicas were just increased or decreased, or if a pod is gracefully
+shut down, and a replacement starts early.
+
+If you do not specify `.spec.replicas`, then it defaults to 1.
+-->
+
+### Replicas
+
+通过设置 `.spec.replicas` 您可以指定要同时运行多少个 Pod。
+在任何时间运行的 Pod 数量可能高于或低于 `.spec.replicas` 指定的数量，例如在副本刚刚被增加或减少后、或者 Pod 正在被优雅地关闭、以及替换提前开始。
+
+如果您没有指定 `.spec.replicas`, 那么默认值为 1。
+
+<!--
+## Working with ReplicaSets
+
+### Deleting a ReplicaSet and its Pods
+
+To delete a ReplicaSet and all of its Pods, use [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete). The [Garbage collector](/docs/concepts/workloads/controllers/garbage-collection/) automatically deletes all of the dependent Pods by default.
+
+When using the REST API or the `client-go` library, you must set `propagationPolicy` to `Background` or `Foreground` in delete option. e.g. :
+-->
+
+## 使用 ReplicaSets 的具体方法
+
+### 删除 ReplicaSet 和它的 Pod
+
+要删除 ReplicaSet 和它的所有 Pod，使用[`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete) 命令。
+默认情况下，[垃圾收集器](/docs/concepts/workloads/controllers/garbage-collection/) 自动删除所有依赖的 Pod。
+
+当使用 REST API 或 `client-go` 库时，您必须在删除选项中将 `propagationPolicy` 设置为 `Background` 或 `Foreground`。例如：
+
+```shell
+kubectl proxy --port=8080
+curl -X DELETE  'localhost:8080/apis/extensions/v1beta1/namespaces/default/replicasets/frontend' \
+> -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Foreground"}' \
+> -H "Content-Type: application/json"
+```
+
+<!--
+### Deleting just a ReplicaSet
+
+You can delete a ReplicaSet without affecting any of its pods using [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete) with the `--cascade=false` option.
+When using the REST API or the `client-go` library, you must set `propagationPolicy` to `Orphan`, e.g. :
+-->
+
+### 只删除 ReplicaSet
+
+您可以只删除 ReplicaSet 而不影响它的 Pod，方法是使用[`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete) 命令并设置 `--cascade=false` 选项。
+
+当使用 REST API 或 `client-go` 库时，您必须将 `propagationPolicy` 设置为 `Orphan`。例如：
+
+```shell
+kubectl proxy --port=8080
+curl -X DELETE  'localhost:8080/apis/extensions/v1beta1/namespaces/default/replicasets/frontend' \
+> -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Orphan"}' \
+> -H "Content-Type: application/json"
+```
+
+<!--
+Once the original is deleted, you can create a new ReplicaSet to replace it.  As long
+as the old and new `.spec.selector` are the same, then the new one will adopt the old pods.
+However, it will not make any effort to make existing pods match a new, different pod template.
+To update pods to a new spec in a controlled way, use a [rolling update](#rolling-updates).
+-->
+
+一旦删除了原来的 ReplicaSet，就可以创建一个新的来替换它。
+由于新旧 ReplicaSet 的 `.spec.selector` 是相同的，新的 ReplicaSet 将接管老的 Pod。
+但是，它不会努力使现有的 Pod 与新的、不同的 Pod 模板匹配。
+若想要以可控的方式将 Pod 更新到新的 spec，就要使用 [滚动更新](#rolling-updates)的方式。
+
+
+<!--
+
+### Isolating pods from a ReplicaSet
+
+Pods may be removed from a ReplicaSet's target set by changing their labels. This technique may be used to remove pods 
+from service for debugging, data recovery, etc. Pods that are removed in this way will be replaced automatically (
+  assuming that the number of replicas is not also changed).
+
+-->
+
+### 将 Pod 从 ReplicaSet 中隔离
+
+可以通过改变标签来从 ReplicaSet 的目标集中移除 Pod。这种技术可以用来从服务中去除 Pod，以便进行排错、数据恢复等。
+以这种方式移除的 Pod 将被自动替换（假设副本的数量没有改变）。
+
+<!--
+### Scaling a ReplicaSet
+
+A ReplicaSet can be easily scaled up or down by simply updating the `.spec.replicas` field. The ReplicaSet controller
+ensures that a desired number of pods with a matching label selector are available and operational.
+-->
+
+### 缩放 RepliaSet
+
+通过更新 `.spec.replicas` 字段，ReplicaSet 可以被轻松的进行缩放。ReplicaSet 控制器能确保匹配标签选择器的数量的 Pod 是可用的和可操作的。
+
+<!--
+### ReplicaSet as an Horizontal Pod Autoscaler Target
+
+A ReplicaSet can also be a target for
+[Horizontal Pod Autoscalers (HPA)](/docs/tasks/run-application/horizontal-pod-autoscale/). That is,
+a ReplicaSet can be auto-scaled by an HPA. Here is an example HPA targeting
+the ReplicaSet we created in the previous example.
+-->
+
+### ReplicaSet 作为水平的 Pod 自动缩放器目标
+
+ReplicaSet 也可以作为 [水平的 Pod 缩放器 (HPA)](/docs/tasks/run-application/horizontal-pod-autoscale/) 的目标。也就是说，ReplicaSet 可以被 HPA 自动缩放。
+以下是 HPA 以我们在前一个示例中创建的副本集为目标的示例。
+
+
+{{< codenew file="controllers/hpa-rs.yaml" >}}
+
+<!--
+Saving this manifest into `hpa-rs.yaml` and submitting it to a Kubernetes cluster should
+create the defined HPA that autoscales the target ReplicaSet depending on the CPU usage
+of the replicated pods.
+-->
+
+将这个列表保存到 `hpa-rs.yaml` 并提交到 Kubernetes 集群，就能创建它所定义的 HPA，进而就能根据复制的 Pod 的 CPU 利用率对目标 ReplicaSet进行自动缩放。
+
+```shell
+kubectl create -f https://k8s.io/examples/controllers/hpa-rs.yaml
+```
+
+<!--
+Alternatively, you can use the `kubectl autoscale` command to accomplish the same
+(and it's easier!)
+-->
+
+或者，可以使用 `kubectl autoscale` 命令完成相同的操作。
+(而且它更简单！)
+
+```shell
+kubectl autoscale rs frontend
+```
+
+<!--
+## Alternatives to ReplicaSet
+
+### Deployment (Recommended)
+
+[`Deployment`](/docs/concepts/workloads/controllers/deployment/) is a higher-level API object that updates its underlying ReplicaSets and their Pods
+in a similar fashion as `kubectl rolling-update`. Deployments are recommended if you want this rolling update functionality,
+because unlike `kubectl rolling-update`, they are declarative, server-side, and have additional features. For more information on running a stateless
+application using a Deployment, please read [Run a Stateless Application Using a Deployment](/docs/tasks/run-application/run-stateless-application-deployment/).
+-->
+
+## ReplicaSet 的替代方案
+
+### Deployment （推荐）
+
+[`Deployment`](/docs/concepts/workloads/controllers/deployment/) 是一个高级 API 对象，它以 `kubectl rolling-update` 的方式更新其底层副本集及其Pod。
+如果您需要滚动更新功能，建议使用 Deployment，因为 Deployment 与 `kubectl rolling-update` 不同的是：它是声明式的、服务器端的、并且具有其他特性。
+有关使用 Deployment 来运行无状态应用的更多信息，请参阅 [使用 Deployment 运行无状态应用](/docs/tasks/run-application/run-stateless-application-deployment/)。
+
+<!--
+### Bare Pods
+
+Unlike the case where a user directly created pods, a ReplicaSet replaces pods that are deleted or terminated for any reason, such as in the case of node failure or disruptive node maintenance, such as a kernel upgrade. For this reason, we recommend that you use a ReplicaSet even if your application requires only a single pod. Think of it similarly to a process supervisor, only it supervises multiple pods across multiple nodes instead of individual processes on a single node. A ReplicaSet delegates local container restarts to some agent on the node (for example, Kubelet or Docker).
+-->
+
+### 裸 Pod
+
+与用户直接创建 Pod 的情况不同，ReplicaSet 会替换那些由于某些原因被删除或被终止的 Pod，例如在节点故障或破坏性的节点维护（如内核升级）的情况下。
+因为这个好处，我们建议您使用 ReplicaSet，即使应用程序只需要一个 Pod。
+想像一下，ReplicaSet 类似于进程监视器，只不过它在多个节点上监视多个 Pod，而不是在单个节点上监视单个进程。
+ReplicaSet 将本地容器重启的任务委托给了节点上的某个代理（例如，Kubelet 或 Docker）去完成。
+
+<!--
+### Job
+
+Use a [`Job`](/docs/concepts/jobs/run-to-completion-finite-workloads/) instead of a ReplicaSet for pods that are expected to terminate on their own
+(that is, batch jobs).
+-->
+
+### Job
+
+使用[`Job`](/docs/concepts/jobs/run-to-completion-finite-workloads/) 代替ReplicaSet，可以用于那些期望自行终止的 Pod。
+
+<!--
+### DaemonSet
+
+Use a [`DaemonSet`](/docs/concepts/workloads/controllers/daemonset/) instead of a ReplicaSet for pods that provide a
+machine-level function, such as machine monitoring or machine logging.  These pods have a lifetime that is tied
+to a machine lifetime: the pod needs to be running on the machine before other pods start, and are
+safe to terminate when the machine is otherwise ready to be rebooted/shutdown.
+-->
+
+### DaemonSet
+
+对于管理那些提供主机级别功能（如主机监控和主机日志）的容器，就要用[`DaemonSet`](/docs/concepts/workloads/controllers/daemonset/) 而不用 ReplicaSet。
+这些 Pod 的寿命与主机寿命有关：这些 Pod 需要先于主机上的其他 Pod 运行，并且在机器准备重新启动/关闭时安全地终止。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/concepts/workloads/controllers/replicationcontroller.md b/content/zh/docs/concepts/workloads/controllers/replicationcontroller.md
new file mode 100644
index 0000000000000..94b125b690bd3
--- /dev/null
+++ b/content/zh/docs/concepts/workloads/controllers/replicationcontroller.md
@@ -0,0 +1,546 @@
+---
+title: ReplicationController
+feature:
+  title: 自我修复
+  anchor: ReplicationController 如何工作
+  description: >
+    重新启动失败的容器，在节点死亡时替换并重新调度容器，杀死不响应用户定义的健康检查的容器，并且在它们准备好服务之前不会它们公布给客户端。
+
+content_template: templates/concept
+weight: 20
+---
+<!--
+title: ReplicationController
+feature:
+  title: Self-healing
+  anchor: How a ReplicationController Works
+  description: >
+    Restarts containers that fail, replaces and reschedules containers when nodes die, kills containers that don't respond to your user-defined health check, and doesn't advertise them to clients until they are ready to serve.
+
+content_template: templates/concept
+weight: 20
+-->
+
+{{% capture overview %}}
+
+{{< note >}}
+<!--
+A [`Deployment`](/docs/concepts/workloads/controllers/deployment/) that configures a [`ReplicaSet`](/docs/concepts/workloads/controllers/replicaset/) is now the recommended way to set up replication.
+-->
+现在推荐使用配置 [`ReplicaSet`](/docs/concepts/workloads/controllers/replicaset/) 的 [`Deployment`](/docs/concepts/workloads/controllers/deployment/) 来建立副本管理机制。
+{{< /note >}}
+
+<!--
+A _ReplicationController_ ensures that a specified number of pod replicas are running at any one
+time. In other words, a ReplicationController makes sure that a pod or a homogeneous set of pods is
+always up and available.
+-->
+_ReplicationController_ 确保在任何时候都有特定数量的 pod 副本处于运行状态。
+换句话说，ReplicationController 确保一个 pod 或一组同类的 pod 总是可用的。
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## How a ReplicationController Works
+
+If there are too many pods, the ReplicationController terminates the extra pods. If there are too few, the
+ReplicationController starts more pods. Unlike manually created pods, the pods maintained by a
+ReplicationController are automatically replaced if they fail, are deleted, or are terminated.
+For example, your pods are re-created on a node after disruptive maintenance such as a kernel upgrade.
+For this reason, you should use a ReplicationController even if your application requires
+only a single pod. A ReplicationController is similar to a process supervisor,
+but instead of supervising individual processes on a single node, the ReplicationController supervises multiple pods
+across multiple nodes.
+
+ReplicationController is often abbreviated to "rc" or "rcs" in discussion, and as a shortcut in
+kubectl commands.
+
+A simple case is to create one ReplicationController object to reliably run one instance of
+a Pod indefinitely.  A more complex use case is to run several identical replicas of a replicated
+service, such as web servers.
+-->
+## ReplicationController 如何工作
+
+当 pods 数量过多时，ReplicationController 会终止多余的 pods。当 pods 数量太少时，ReplicationController 将会启动新的 pods。
+与手动创建的 pod 不同，由 ReplicationController 创建的 pods 在失败、被删除或被终止时会被自动替换。
+例如，在中断性维护（如内核升级）之后，您的 pod 会在节点上重新创建。
+因此，即使您的应用程序只需要一个 pod，您也应该使用一个 ReplicationController。
+ReplicationController 类似于进程管理器，但是 ReplicationController 不是监控单个节点上的单个进程，而是监控跨多个节点的多个 pods。
+
+在讨论中，ReplicationController 通常缩写为 "rc" 或 "rcs"，并作为 kubectl 命令的快捷方式。
+
+一个简单的例子是创建一个 ReplicationController 对象来可靠地无限期地运行 Pod 的一个实例。
+更复杂的用例是运行一个多副本服务（如 web 服务器）的若干相同副本。
+
+<!--
+## Running an example ReplicationController
+
+This example ReplicationController config runs three copies of the nginx web server.
+-->
+## 运行一个示例 ReplicationController
+
+这个示例 ReplicationController 配置运行 nginx web 服务器的三个副本。
+
+{{< codenew file="controllers/replication.yaml" >}}
+
+<!--
+Run the example job by downloading the example file and then running this command:
+-->
+通过下载示例文件并运行以下命令来运行示例任务:
+
+```shell
+kubectl apply -f https://k8s.io/examples/controllers/replication.yaml
+```
+```
+replicationcontroller/nginx created
+```
+
+<!--
+Check on the status of the ReplicationController using this command:
+-->
+使用以下命令检查 ReplicationController 的状态:
+
+```shell
+kubectl describe replicationcontrollers/nginx
+```
+```
+Name:        nginx
+Namespace:   default
+Selector:    app=nginx
+Labels:      app=nginx
+Annotations:    <none>
+Replicas:    3 current / 3 desired
+Pods Status: 0 Running / 3 Waiting / 0 Succeeded / 0 Failed
+Pod Template:
+  Labels:       app=nginx
+  Containers:
+   nginx:
+    Image:              nginx
+    Port:               80/TCP
+    Environment:        <none>
+    Mounts:             <none>
+  Volumes:              <none>
+Events:
+  FirstSeen       LastSeen     Count    From                        SubobjectPath    Type      Reason              Message
+  ---------       --------     -----    ----                        -------------    ----      ------              -------
+  20s             20s          1        {replication-controller }                    Normal    SuccessfulCreate    Created pod: nginx-qrm3m
+  20s             20s          1        {replication-controller }                    Normal    SuccessfulCreate    Created pod: nginx-3ntk0
+  20s             20s          1        {replication-controller }                    Normal    SuccessfulCreate    Created pod: nginx-4ok8v
+```
+
+<!--
+Here, three pods are created, but none is running yet, perhaps because the image is being pulled.
+A little later, the same command may show:
+-->
+此时，创建了三个 pod，但是还没有运行，可能正在拉取镜像。
+稍后，相同的命令可能显示：
+
+```shell
+Pods Status:    3 Running / 0 Waiting / 0 Succeeded / 0 Failed
+```
+
+<!--
+To list all the pods that belong to the ReplicationController in a machine readable form, you can use a command like this:
+-->
+要以机器可读的形式列出属于 ReplicationController 的所有 pod，可以使用如下命令：
+
+```shell
+pods=$(kubectl get pods --selector=app=nginx --output=jsonpath={.items..metadata.name})
+echo $pods
+```
+```
+nginx-3ntk0 nginx-4ok8v nginx-qrm3m
+```
+
+<!--
+Here, the selector is the same as the selector for the ReplicationController (seen in the
+`kubectl describe` output, and in a different form in `replication.yaml`.  The `--output=jsonpath` option
+specifies an expression that just gets the name from each pod in the returned list.
+-->
+这里，选择器与 ReplicationController 的选择器相同（参见 `kubectl describe` 输出），并以不同的形式出现在 `replication.yaml` 中。
+`--output=jsonpath` 选项指定了一个表达式，只从返回列表中的每个 pod 中获取名称。
+
+<!--
+## Writing a ReplicationController Spec
+
+As with all other Kubernetes config, a ReplicationController needs `apiVersion`, `kind`, and `metadata` fields.
+For general information about working with config files, see [object management ](/docs/concepts/overview/working-with-objects/object-management/).
+
+A ReplicationController also needs a [`.spec` section](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status).
+-->
+## 编写一个 ReplicationController Spec
+
+与所有其它 Kubernetes 配置一样，ReplicationController 需要 `apiVersion` ，`kind` 和 `metadata` 字段。
+有关使用配置文件的常规信息，参考[对象管理](/docs/concepts/overview/working-with-objects/object-management/)。
+
+ReplicationController 也需要一个 [`.spec` 部分](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)。
+
+<!--
+### Pod Template
+
+The `.spec.template` is the only required field of the `.spec`.
+
+The `.spec.template` is a [pod template](/docs/concepts/workloads/pods/pod-overview/#pod-templates). It has exactly the same schema as a [pod](/docs/concepts/workloads/pods/pod/), except it is nested and does not have an `apiVersion` or `kind`.
+
+In addition to required fields for a Pod, a pod template in a ReplicationController must specify appropriate
+labels and an appropriate restart policy. For labels, make sure not to overlap with other controllers. See [pod selector](#pod-selector).
+
+Only a [`.spec.template.spec.restartPolicy`](/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) equal to `Always` is allowed, which is the default if not specified.
+
+For local container restarts, ReplicationControllers delegate to an agent on the node,
+for example the [Kubelet](/docs/admin/kubelet/) or Docker.
+-->
+### Pod 模板
+
+`.spec.template` 是 `.spec` 的唯一必需字段。
+
+`.spec.template` 是一个 [pod 模板](/docs/concepts/workloads/pods/pod-overview/#pod-templates)。它的模式与 [pod](/docs/concepts/workloads/pods/pod/) 完全相同，只是它是嵌套的，并且没有 `apiVersion` 或 `kind`。
+
+除了 Pod 所需的字段外，ReplicationController 中的 pod 模板必须指定适当的标签和适当的重新启动策略。
+对于标签，请确保不与其他控制器重叠。参考 [pod 选择器](#pod-选择器)。
+
+只允许 [`.spec.template.spec.restartPolicy`](/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) 等于 `Always`，如果没有指定，这是默认值。
+
+对于本地容器重启，ReplicationController 委托给节点上的代理，
+例如 [Kubelet](/docs/admin/kubelet/) 或 Docker。
+
+<!--
+### Labels on the ReplicationController
+
+The ReplicationController can itself have labels (`.metadata.labels`).  Typically, you
+would set these the same as the `.spec.template.metadata.labels`; if `.metadata.labels` is not specified
+then it defaults to  `.spec.template.metadata.labels`.  However, they are allowed to be
+different, and the `.metadata.labels` do not affect the behavior of the ReplicationController.
+-->
+### ReplicationController 上的标签
+
+ReplicationController 本身可以有标签 （`.metadata.labels`）。
+通常，您可以将这些设置为 `.spec.template.metadata.labels`； 
+如果没有指定 `.metadata.labels` 那么它默认为 `.spec.template.metadata.labels`。  
+但是，Kubernetes 允许它们是不同的，`.metadata.labels` 不会影响 ReplicationController 的行为。
+
+<!--
+### Pod Selector
+
+The `.spec.selector` field is a [label selector](/docs/concepts/overview/working-with-objects/labels/#label-selectors). A ReplicationController
+manages all the pods with labels that match the selector. It does not distinguish
+between pods that it created or deleted and pods that another person or process created or
+deleted. This allows the ReplicationController to be replaced without affecting the running pods.
+
+If specified, the `.spec.template.metadata.labels` must be equal to the `.spec.selector`, or it will
+be rejected by the API.  If `.spec.selector` is unspecified, it will be defaulted to
+`.spec.template.metadata.labels`.
+
+Also you should not normally create any pods whose labels match this selector, either directly, with
+another ReplicationController, or with another controller such as Job. If you do so, the
+ReplicationController thinks that it created the other pods.  Kubernetes does not stop you
+from doing this.
+
+If you do end up with multiple controllers that have overlapping selectors, you
+will have to manage the deletion yourself (see [below](#working-with-replicationcontrollers)).
+-->
+### Pod 选择器
+
+`.spec.selector` 字段是一个[标签选择器](/docs/concepts/overview/working-with-objects/labels/#label-selectors)。 
+ReplicationController 管理标签与选择器匹配的所有 Pods。
+它不区分它创建或删除的 pod 以及另一个人或进程创建或删除的 pod。
+这允许在不影响正在运行的 pod 的情况下替换 ReplicationController。
+
+如果指定了 `.spec.template.metadata.labels`，它必须和 `.spec.selector` 相同，否则它将被 API 拒绝。
+如果没有指定 `.spec.selector`，它将默认为 `.spec.template.metadata.labels`。
+
+此外，用户通常不应创建标签与此选择器匹配的任何其他 Pods，无论是直接创建、使用另一个 ReplicationController 来创建或者别的控制器（如 Job ）来创建，都是不允许的。
+如果这样做， ReplicationController 会认为这些 Pods 是由它自己创建的。
+Kubernetes 并没有阻止你这样做。
+
+如果您的确创建了多个控制器并且其选择器之间存在重叠，那么您将不得不自己管理删除操作（参考[后文](#使用-replicationcontrollers)）。
+
+<!--
+### Multiple Replicas
+
+You can specify how many pods should run concurrently by setting `.spec.replicas` to the number
+of pods you would like to have running concurrently.  The number running at any time may be higher
+or lower, such as if the replicas were just increased or decreased, or if a pod is gracefully
+shutdown, and a replacement starts early.
+
+If you do not specify `.spec.replicas`, then it defaults to 1.
+-->
+### 多个副本
+
+你可以通过设置 `.spec.replicas` 来指定应该同时运行多少个 Pods。
+在任何时候，处于运行状态的 Pods 个数都可能高于或者低于设定值。例如，副本个数刚刚被增加或减少时，或者一个 pod 处于体面终止过程中而其替代副本已经提前开始创建时。
+
+如果你没有指定 `.spec.replicas` ，那么它默认是1。
+
+<!--
+## Working with ReplicationControllers
+-->
+## 使用 ReplicationController
+
+<!--
+### Deleting a ReplicationController and its Pods
+
+To delete a ReplicationController and all its pods, use [`kubectl
+delete`](/docs/reference/generated/kubectl/kubectl-commands#delete).  Kubectl will scale the ReplicationController to zero and wait
+for it to delete each pod before deleting the ReplicationController itself.  If this kubectl
+command is interrupted, it can be restarted.
+
+When using the REST API or go client library, you need to do the steps explicitly (scale replicas to
+0, wait for pod deletions, then delete the ReplicationController).
+-->
+### 删除一个 ReplicationController 以及它的 Pod
+
+要删除一个 ReplicationController 以及它的 Pod，使用 [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete)。
+Kubectl 将 ReplicationController 缩放为0并等待以便在删除 ReplicationController 本身之前删除每个 pod。
+如果这个 kubectl 命令被中断，可以重新启动它。
+
+当使用 REST API 或 go 客户端库时，您需要明确地执行这些步骤（缩放副本为0、 等待 Pod 删除，之后删除 ReplicationController 资源）。
+
+<!--
+### Deleting just a ReplicationController
+
+You can delete a ReplicationController without affecting any of its pods.
+
+Using kubectl, specify the `--cascade=false` option to [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete).
+
+When using the REST API or go client library, simply delete the ReplicationController object.
+
+Once the original is deleted, you can create a new ReplicationController to replace it.  As long
+as the old and new `.spec.selector` are the same, then the new one will adopt the old pods.
+However, it will not make any effort to make existing pods match a new, different pod template.
+To update pods to a new spec in a controlled way, use a [rolling update](#rolling-updates).
+-->
+### 只删除 ReplicationController
+
+你可以删除一个 ReplicationController 而不影响它的任何 pod。
+
+使用 kubectl ，为 [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete) 指定 `--cascade=false` 选项。
+
+当使用 REST API 或 go 客户端库时， 只需删除 ReplicationController 对象。
+
+一旦原始对象被删除，你可以创建一个新的 ReplicationController 来替换它。
+只要新的和旧的 `.spec.selector` 相同，那么新的控制器将领养旧的 Pods。
+但是，它不会做出任何努力使现有的 pod 匹配新的、不同的 pod 模板。
+如果希望以受控方式更新 Pods 以使用新的 spec，请执行[滚动更新](#滚动更新)操作。
+
+<!--
+### Isolating pods from a ReplicationController
+
+Pods may be removed from a ReplicationController's target set by changing their labels. This technique may be used to remove pods from service for debugging, data recovery, etc. Pods that are removed in this way will be replaced automatically (assuming that the number of replicas is not also changed).
+-->
+### 从 ReplicationController 中隔离 pod
+
+通过更改 Pod 的标签，可以从 ReplicationController 的目标中删除 pod。
+此技术可用于从服务中删除 pod 以进行调试、数据恢复等。以这种方式删除的 pod 将自动替换（假设复制副本的数量也没有更改）。
+
+<!--
+## Common usage patterns
+-->
+## 常见的使用模式
+
+<!--
+### Rescheduling
+
+As mentioned above, whether you have 1 pod you want to keep running, or 1000, a ReplicationController will ensure that the specified number of pods exists, even in the event of node failure or pod termination (for example, due to an action by another control agent).
+-->
+### 重新调度
+
+如上所述，无论您想要继续运行1个 pod 还是1000个，一个 ReplicationController 都将确保存在指定数量的 pod，即使在节点故障或 pod 终止(例如，由于另一个控制代理的操作)的情况下也是如此。
+<!--
+### Scaling
+
+The ReplicationController makes it easy to scale the number of replicas up or down, either manually or by an auto-scaling control agent, by simply updating the `replicas` field.
+-->
+### 扩缩容
+
+通过简单地更新 `replicas` 字段，ReplicationController 可以方便地横向扩容或缩容副本的数量，或手动或通过自动缩放控制代理。
+
+<!--
+### Rolling updates
+
+The ReplicationController is designed to facilitate rolling updates to a service by replacing pods one-by-one.
+
+As explained in [#1353](http://issue.k8s.io/1353), the recommended approach is to create a new ReplicationController with 1 replica, scale the new (+1) and old (-1) controllers one by one, and then delete the old controller after it reaches 0 replicas. This predictably updates the set of pods regardless of unexpected failures.
+
+Ideally, the rolling update controller would take application readiness into account, and would ensure that a sufficient number of pods were productively serving at any given time.
+
+The two ReplicationControllers would need to create pods with at least one differentiating label, such as the image tag of the primary container of the pod, since it is typically image updates that motivate rolling updates.
+
+Rolling update is implemented in the client tool
+[`kubectl rolling-update`](/docs/reference/generated/kubectl/kubectl-commands#rolling-update). Visit [`kubectl rolling-update` task](/docs/tasks/run-application/rolling-update-replication-controller/) for more concrete examples.
+-->
+### 滚动更新
+
+ReplicationController 的设计目的是通过逐个替换 pod 以方便滚动更新服务。
+
+如[#1353](http://issue.k8s.io/1353)所述，建议的方法是使用1个副本创建一个新的 ReplicationController，逐个缩放新的（+1）和旧的（-1）控制器，然后在旧的控制器达到0个副本后将其删除。这一方法能够实现可控的 Pods 集合更新，即使存在意外失效的状况。
+
+理想情况下，滚动更新控制器将考虑应用程序的就绪情况，并确保在任何给定时间都有足够数量的 Pods 有效地提供服务。
+
+这两个 ReplicationController 将需要创建至少具有一个不同标签的 pod，比如 pod 主要容器的镜像标签，因为通常是镜像更新触发滚动更新。
+
+滚动更新是在客户端工具
+[`kubectl rolling-update`](/docs/reference/generated/kubectl/kubectl-commands#rolling-update)中实现的。 访问 [`kubectl rolling-update` 任务](/docs/tasks/run-application/rolling-update-replication-controller/)以获得更多的具体示例。
+
+<!--
+### Multiple release tracks
+
+In addition to running multiple releases of an application while a rolling update is in progress, it's common to run multiple releases for an extended period of time, or even continuously, using multiple release tracks. The tracks would be differentiated by labels.
+
+For instance, a service might target all pods with `tier in (frontend), environment in (prod)`.  Now say you have 10 replicated pods that make up this tier.  But you want to be able to 'canary' a new version of this component.  You could set up a ReplicationController with `replicas` set to 9 for the bulk of the replicas, with labels `tier=frontend, environment=prod, track=stable`, and another ReplicationController with `replicas` set to 1 for the canary, with labels `tier=frontend, environment=prod, track=canary`.  Now the service is covering both the canary and non-canary pods.  But you can mess with the ReplicationControllers separately to test things out, monitor the results, etc.
+-->
+### 多个版本跟踪
+
+除了在滚动更新过程中运行应用程序的多个版本之外，通常还会使用多个版本跟踪来长时间，甚至持续运行多个版本。这些跟踪将根据标签加以区分。
+
+例如，一个服务可能把具有 `tier in (frontend), environment in (prod)` 的所有 pod 作为目标。
+现在假设您有10个副本的 pod 组成了这个层。但是你希望能够'金丝雀部署'这个组件的新版本。
+您可以为大部分副本设置一个 ReplicationController，其中 `replicas` 设置为9，标签为 `tier=frontend, environment=prod, track=stable` 而为 canary 设置另一个 ReplicationController，其中 `replicas` 设置为1，标签为 `tier=frontend, environment=prod, track=canary`。
+现在这个服务覆盖了 canary 和非 canary pod。但您可以单独处理 ReplicationController，以测试、监控结果等。
+
+<!--
+### Using ReplicationControllers with Services
+
+Multiple ReplicationControllers can sit behind a single service, so that, for example, some traffic
+goes to the old version, and some goes to the new version.
+
+A ReplicationController will never terminate on its own, but it isn't expected to be as long-lived as services. Services may be composed of pods controlled by multiple ReplicationControllers, and it is expected that many ReplicationControllers may be created and destroyed over the lifetime of a service (for instance, to perform an update of pods that run the service). Both services themselves and their clients should remain oblivious to the ReplicationControllers that maintain the pods of the services.
+-->
+### 和服务一起使用 ReplicationController
+
+多个 ReplicationController 可以位于一个服务的后面，例如，一部分流量流向旧版本，一部分流量流向新版本。
+
+一个 ReplicationController 永远不会自行终止，但它不会像服务那样长寿。
+服务可以由多个 ReplicationController 控制的 pod 组成，并且在服务的生命周期内（例如，为了执行 pod 更新而运行服务），可以创建和销毁许多 ReplicationController。
+服务本身和它们的客户端都应该忽略负责维护服务 Pod 的 ReplicationController 的存在。
+
+<!--
+## Writing programs for Replication
+
+Pods created by a ReplicationController are intended to be fungible and semantically identical, though their configurations may become heterogeneous over time. This is an obvious fit for replicated stateless servers, but ReplicationControllers can also be used to maintain availability of master-elected, sharded, and worker-pool applications. Such applications should use dynamic work assignment mechanisms, such as the [RabbitMQ work queues](https://www.rabbitmq.com/tutorials/tutorial-two-python.html), as opposed to static/one-time customization of the configuration of each pod, which is considered an anti-pattern. Any pod customization performed, such as vertical auto-sizing of resources (for example, cpu or memory), should be performed by another online controller process, not unlike the ReplicationController itself.
+-->
+## 编写多副本的应用
+
+由 ReplicationController 创建的 Pod 是可替换的，语义上是相同的，尽管随着时间的推移，它们的配置可能会变得异构。
+这显然适合于多副本的无状态服务器，但是 ReplicationController 也可以用于维护主选、分片和工作池应用程序的可用性。
+这样的应用程序应该使用动态的工作分配机制，例如 [RabbitMQ工作队列](https://www.rabbitmq.com/tutorials/tutorial-two-python.html)，而不是静态的/一次性定制每个 pod 的配置，这被认为是一种反模式。
+执行的任何 pod 定制，例如资源的垂直自动调整大小(例如，cpu 或内存)，都应该由另一个在线控制器进程执行，这与 ReplicationController 本身没什么不同。
+
+<!--
+## Responsibilities of the ReplicationController
+
+The ReplicationController simply ensures that the desired number of pods matches its label selector and are operational. Currently, only terminated pods are excluded from its count. In the future, [readiness](http://issue.k8s.io/620) and other information available from the system may be taken into account, we may add more controls over the replacement policy, and we plan to emit events that could be used by external clients to implement arbitrarily sophisticated replacement and/or scale-down policies.
+
+The ReplicationController is forever constrained to this narrow responsibility. It itself will not perform readiness nor liveness probes. Rather than performing auto-scaling, it is intended to be controlled by an external auto-scaler (as discussed in [#492](http://issue.k8s.io/492)), which would change its `replicas` field. We will not add scheduling policies (for example, [spreading](http://issue.k8s.io/367#issuecomment-48428019)) to the ReplicationController. Nor should it verify that the pods controlled match the currently specified template, as that would obstruct auto-sizing and other automated processes. Similarly, completion deadlines, ordering dependencies, configuration expansion, and other features belong elsewhere. We even plan to factor out the mechanism for bulk pod creation ([#170](http://issue.k8s.io/170)).
+
+The ReplicationController is intended to be a composable building-block primitive. We expect higher-level APIs and/or tools to be built on top of it and other complementary primitives for user convenience in the future. The "macro" operations currently supported by kubectl (run, scale, rolling-update) are proof-of-concept examples of this. For instance, we could imagine something like [Asgard](http://techblog.netflix.com/2012/06/asgard-web-based-cloud-management-and.html) managing ReplicationControllers, auto-scalers, services, scheduling policies, canaries, etc.
+-->
+## ReplicationController 的职责
+
+ReplicationController 只需确保所需的 pod 数量与其标签选择器匹配，并且是可操作的。
+目前，它的计数中只排除终止的 pod。
+未来，可能会考虑系统提供的[就绪状态](http://issue.k8s.io/620)和其他信息，我们可能会对替换策略添加更多控制，我们计划发出事件，这些事件可以被外部客户端用来实现任意复杂的替换和/或缩减策略。
+
+ReplicationController 永远被限制在这个狭隘的职责范围内。
+它本身既不执行就绪态探测，也不执行活跃性探测。
+它不负责执行自动缩放，而是由外部自动缩放器控制（如[#492](http://issue.k8s.io/492)中所述），后者负责更改其 `replicas` 字段取值。
+我们不会向 ReplicationController 添加调度策略(例如，[spreading](http://issue.k8s.io/367#issuecomment-48428019))。
+它也不应该验证所控制的 pod 是否与当前指定的模板匹配，因为这会阻碍自动调整大小和其他自动化过程。
+类似地，完成期限、整理依赖关系、配置扩展和其他特性也属于其他地方。
+我们甚至计划考虑批量创建 pod 的机制（[#170](http://issue.k8s.io/170)）。
+
+ReplicationController 旨在成为可组合的构建基元。
+我们希望在它和其他补充原语的基础上构建更高级别的 API 和/或工具，以便于将来的用户使用。
+Kubectl 目前支持的“宏”操作（运行、缩放、滚动更新）就是这方面的概念示例。
+例如，我们可以想象类似于 [Asgard](http://techblog.netflix.com/2012/06/asgaard-web-based-cloud-management-and.html) 的东西管理 ReplicationController、自动定标器、服务、调度策略、 canary 等。
+
+<!--
+## API Object
+
+Replication controller is a top-level resource in the Kubernetes REST API. More details about the
+API object can be found at:
+[ReplicationController API object](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#replicationcontroller-v1-core).
+-->
+## API 对象
+
+在 Kubernetes REST API 中 Replication controller 是顶级资源。
+更多关于 API 对象的详细信息可以在
+[ReplicationController API 对象](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#replicationcontroller-v1-core)找到。
+
+<!--
+## Alternatives to ReplicationController
+-->
+## ReplicationController 的替代方案
+
+<!--
+### ReplicaSet
+
+[`ReplicaSet`](/docs/concepts/workloads/controllers/replicaset/) is the next-generation ReplicationController that supports the new [set-based label selector](/docs/concepts/overview/working-with-objects/labels/#set-based-requirement).
+It’s mainly used by [`Deployment`](/docs/concepts/workloads/controllers/deployment/) as a mechanism to orchestrate pod creation, deletion and updates.
+Note that we recommend using Deployments instead of directly using Replica Sets, unless you require custom update orchestration or don’t require updates at all.
+-->
+### ReplicaSet
+
+[`ReplicaSet`](/docs/concepts/workloads/controllers/replicaset/) 是下一代 ReplicationController ，支持新的[基于集合的标签选择器](/docs/concepts/overview/working-with-objects/labels/#set-based-requirement)。
+它主要被 [`Deployment`](/docs/concepts/workloads/controllers/deployment/) 用来作为一种编排 pod 创建、删除及更新的机制。
+请注意，我们推荐使用 Deployment 而不是直接使用 ReplicaSet，除非您需要自定义更新编排或根本不需要更新。
+
+<!--
+### Deployment (Recommended)
+
+[`Deployment`](/docs/concepts/workloads/controllers/deployment/) is a higher-level API object that updates its underlying Replica Sets and their Pods
+in a similar fashion as `kubectl rolling-update`. Deployments are recommended if you want this rolling update functionality,
+because unlike `kubectl rolling-update`, they are declarative, server-side, and have additional features.
+-->
+### Deployment （推荐）
+
+[`Deployment`](/docs/concepts/workloads/controllers/deployment/) 是一种更高级别的 API 对象，它以类似于 `kubectl rolling-update` 的方式更新其底层 ReplicaSet 及其 Pod。
+如果您想要这种滚动更新功能，那么推荐使用 Deployment，因为与 `kubectl rolling-update` 不同，它们是声明式的、服务端的，并且具有其它特性。
+
+<!--
+### Bare Pods
+
+Unlike in the case where a user directly created pods, a ReplicationController replaces pods that are deleted or terminated for any reason, such as in the case of node failure or disruptive node maintenance, such as a kernel upgrade. For this reason, we recommend that you use a ReplicationController even if your application requires only a single pod. Think of it similarly to a process supervisor, only it supervises multiple pods across multiple nodes instead of individual processes on a single node.  A ReplicationController delegates local container restarts to some agent on the node (for example, Kubelet or Docker).
+-->
+### 裸 Pods
+
+与用户直接创建 pod 的情况不同，ReplicationController 能够替换因某些原因被删除或被终止的 pod ，例如在节点故障或中断节点维护的情况下，例如内核升级。
+因此，我们建议您使用 ReplicationController，即使您的应用程序只需要一个 pod。
+可以将其看作类似于进程管理器，它只管理跨多个节点的多个 pod ，而不是单个节点上的单个进程。
+ReplicationController 将本地容器重启委托给节点上的某个代理(例如，Kubelet 或 Docker)。
+
+<!--
+### Job
+
+Use a [`Job`](/docs/concepts/jobs/run-to-completion-finite-workloads/) instead of a ReplicationController for pods that are expected to terminate on their own
+(that is, batch jobs).
+-->
+### Job
+
+对于预期会自行终止的 pod (即批处理任务)，使用 [`Job`](/docs/concepts/jobs/run-to-completion-finite-workloads/) 而不是 ReplicationController。
+
+<!--
+### DaemonSet
+
+Use a [`DaemonSet`](/docs/concepts/workloads/controllers/daemonset/) instead of a ReplicationController for pods that provide a
+machine-level function, such as machine monitoring or machine logging.  These pods have a lifetime that is tied
+to a machine lifetime: the pod needs to be running on the machine before other pods start, and are
+safe to terminate when the machine is otherwise ready to be rebooted/shutdown.
+-->
+### DaemonSet
+
+对于提供机器级功能（例如机器监控或机器日志记录）的 pod ，使用 [`DaemonSet`](/docs/concepts/workloads/controllers/daemonset/) 而不是 ReplicationController。
+这些 pod 的生命期与机器的生命期绑定：它们需要在其他 pod 启动之前在机器上运行，并且在机器准备重新启动/关闭时安全地终止。
+
+<!--
+## For more information
+
+Read [Run Stateless AP Replication Controller](/docs/tutorials/stateless-application/run-stateless-ap-replication-controller/).
+-->
+## 更多信息
+
+请阅读[运行无状态的 Replication Controller](/docs/tutorials/stateless-application/run-stateless-ap-replication-controller/)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/workloads/controllers/statefulset.md b/content/zh/docs/concepts/workloads/controllers/statefulset.md
new file mode 100644
index 0000000000000..3ecf219dc41a9
--- /dev/null
+++ b/content/zh/docs/concepts/workloads/controllers/statefulset.md
@@ -0,0 +1,417 @@
+---
+reviewers:
+- enisoc
+- erictune
+- foxish
+- janetkuo
+- kow3ns
+- smarterclayton
+title: StatefulSets
+content_template: templates/concept
+weight: 40
+---
+
+<!--
+---
+reviewers:
+- enisoc
+- erictune
+- foxish
+- janetkuo
+- kow3ns
+- smarterclayton
+title: StatefulSets
+content_template: templates/concept
+weight: 40
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+StatefulSet is the workload API object used to manage stateful applications.
+-->
+
+StatefulSet 是用来管理有状态应用的工作负载 API 对象。
+
+{{< note >}}
+<!--**Note:** StatefulSets are stable (GA) in 1.9.-->
+**注意：** StatefulSets 是在 1.9 版本中正式发布的。
+{{< /note >}}
+
+{{< glossary_definition term_id="statefulset" length="all" >}}
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Using StatefulSets
+
+StatefulSets are valuable for applications that require one or more of the
+following.
+
+* Stable, unique network identifiers.
+* Stable, persistent storage.
+* Ordered, graceful deployment and scaling.
+* Ordered, automated rolling updates.
+
+In the above, stable is synonymous with persistence across Pod (re)scheduling.
+If an application doesn't require any stable identifiers or ordered deployment,
+deletion, or scaling, you should deploy your application with a controller that
+provides a set of stateless replicas. Controllers such as
+[Deployment](/docs/concepts/workloads/controllers/deployment/) or
+[ReplicaSet](/docs/concepts/workloads/controllers/replicaset/) may be better suited to your stateless needs.
+-->
+
+## 使用 StatefulSets
+
+StatefulSets 对于需要满足以下一个或多个需求的应用程序很有价值：
+
+* 稳定的、唯一的网络标识符。
+* 稳定的、持久的存储。
+* 有序的、优雅的部署和缩放。
+* 有序的、自动的滚动更新。
+
+在上面，稳定意味着 Pod 调度或重调度的整个过程是有持久性的。如果应用程序不需要任何稳定的标识符或有序的部署、删除或伸缩，则应该使用一组无状态的副本控制器来部署应用程序，比如 [Deployment](/docs/concepts/workloads/controllers/deployment/) 或者 [ReplicaSet](/docs/concepts/workloads/controllers/replicaset/) 可能更适用于您的无状态需要。
+
+<!--
+## Limitations
+
+* StatefulSet was a beta resource prior to 1.9 and not available in any Kubernetes release prior to 1.5.
+* The storage for a given Pod must either be provisioned by a [PersistentVolume Provisioner](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/persistent-volume-provisioning/README.md) based on the requested `storage class`, or pre-provisioned by an admin.
+* Deleting and/or scaling a StatefulSet down will *not* delete the volumes associated with the StatefulSet. This is done to ensure data safety, which is generally more valuable than an automatic purge of all related StatefulSet resources.
+* StatefulSets currently require a [Headless Service](/docs/concepts/services-networking/service/#headless-services) to be responsible for the network identity of the Pods. You are responsible for creating this Service.
+* StatefulSets do not provide any guarantees on the termination of pods when a StatefulSet is deleted. To achieve ordered and graceful termination of the pods in the StatefulSet, it is possible to scale the StatefulSet down to 0 prior to deletion.
+-->
+
+## 限制
+
+* StatefulSet 在 1.9 版本之前属于 beta 资源，在 1.5 版本之前的任何 Kubernetes 版本中都不可用。
+* 给定 Pod 的存储必须由 [PersistentVolume 驱动](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/persistent-volume-provisioning/README.md) 基于所请求的 `storage class` 来提供，或者由管理员预先提供。
+* 删除和／或收缩 StatefulSet 并*不会*删除它关联的存储卷。这样做是为了保证数据安全，它通常比自动清除 StatefulSet 所有相关的资源更有价值。
+* StatefulSet 当前需要 [无头服务](/docs/concepts/services-networking/service/#headless-services) 来负责Pod 的网络标识。您需要负责创建此服务。
+* 当删除 StatefulSets 时，StatefulSet 不提供任何终止 Pod 的保证。为了实现 StatefulSet 中的 Pod 可以有序和优雅的终止，可以在删除之前将 StatefulSet 缩放为0。
+
+<!--
+## Components
+The example below demonstrates the components of a StatefulSet.
+
+* A Headless Service, named nginx, is used to control the network domain.
+* The StatefulSet, named web, has a Spec that indicates that 3 replicas of the nginx container will be launched in unique Pods.
+* The volumeClaimTemplates will provide stable storage using [PersistentVolumes](/docs/concepts/storage/persistent-volumes/) provisioned by a PersistentVolume Provisioner.
+-->
+
+## 组件
+下面的示例演示了 StatefulSet 的组件。
+
+* 名为 nginx 的无头服务用来控制网络域。
+* 名为 web 的 StatefulSet 有一个Spec，它表明将在单个 Pod 中启动 nginx 容器的3个副本。
+* volumeClaimTemplates 将通过 [PersistentVolumes](/docs/concepts/storage/persistent-volumes/) 驱动提供的 PersistentVolume 来提供稳定的存储。
+
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  ports:
+  - port: 80
+    name: web
+  clusterIP: None
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web
+spec:
+  selector:
+    matchLabels:
+      app: nginx # has to match .spec.template.metadata.labels
+  serviceName: "nginx"
+  replicas: 3 # by default is 1
+  template:
+    metadata:
+      labels:
+        app: nginx # has to match .spec.selector.matchLabels
+    spec:
+      terminationGracePeriodSeconds: 10
+      containers:
+      - name: nginx
+        image: k8s.gcr.io/nginx-slim:0.8
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /usr/share/nginx/html
+  volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: "my-storage-class"
+      resources:
+        requests:
+          storage: 1Gi
+```
+
+<!--
+## Pod Selector
+You must set the `.spec.selector` field of a StatefulSet to match the labels of its `.spec.template.metadata.labels`. Prior to Kubernetes 1.8, the `.spec.selector` field was defaulted when omitted. In 1.8 and later versions, failing to specify a matching Pod Selector will result in a validation error during StatefulSet creation.
+-->
+
+## Pod 选择器
+您必须设置 StatefulSet 的 `.spec.selector` 字段来匹配它的`.spec.template.metadata.labels`标签。在 Kubernetes 1.8 版本之前，忽略`.spec.selector` 字段会提供默认设置。在 1.8 和以后的版本中，指定的 Pod 选择器匹配失败将在创建 StatefulSet 期间导致验证错误。
+
+<!--
+## Pod Identity
+StatefulSet Pods have a unique identity that is comprised of an ordinal, a
+stable network identity, and stable storage. The identity sticks to the Pod,
+regardless of which node it's (re)scheduled on.
+-->
+
+## Pod 的身份
+
+StatefulSet Pod 具有唯一的标识，该标识包括顺序标识、稳定的网络标识和稳定的存储。该标识和 Pod 是绑定的，不管它被调度在哪个节点上。
+
+<!--
+### Ordinal Index
+
+For a StatefulSet with N replicas, each Pod in the StatefulSet will be
+assigned an integer ordinal, from 0 up through N-1, that is unique over the Set.
+-->
+
+### 序号索引
+
+对于具有N个副本的 StatefulSet，StatefulSet 中的每个 Pod 将被分配一个整数序号，从 0 到 N-1，该序号在 StatefulSet 上是唯一的。
+
+<!--
+### Stable Network ID
+
+Each Pod in a StatefulSet derives its hostname from the name of the StatefulSet
+and the ordinal of the Pod. The pattern for the constructed hostname
+is `$(statefulset name)-$(ordinal)`. The example above will create three Pods
+named `web-0,web-1,web-2`.
+A StatefulSet can use a [Headless Service](/docs/concepts/services-networking/service/#headless-services)
+to control the domain of its Pods. The domain managed by this Service takes the form:
+`$(service name).$(namespace).svc.cluster.local`, where "cluster.local" is the
+cluster domain.
+As each Pod is created, it gets a matching DNS subdomain, taking the form:
+`$(podname).$(governing service domain)`, where the governing service is defined
+by the `serviceName` field on the StatefulSet.
+-->
+
+### 稳定的网络 ID
+
+StatefulSet 中的每个 Pod 根据 StatefulSet 的名称和 Pod 的序号派生出它的主机名。组合主机名的格式为  `$(statefulset name)-$(ordinal)`。上例将会创建三个名称为  `web-0,web-1,web-2` 的三个 Pod。
+StatefulSet 可以使用 [无头服务](/docs/concepts/services-networking/service/#headless-services) 控制它的 Pod 的网络域。管理域的这个服务的格式为：
+`$(service name).$(namespace).svc.cluster.local`, 其中 "cluster.local" 是集群域。
+ 一旦每个 Pod 创建成功，就会得到一个匹配的 DNS 子域，格式为：`$(podname).$(governing service domain)`，其中管理服务由 StatefulSet 的 `serviceName` 域来定义。
+
+
+<!--
+Here are some examples of choices for Cluster Domain, Service name,
+StatefulSet name, and how that affects the DNS names for the StatefulSet's Pods.
+-->
+
+下面给出一些选择集群域、服务名、StatefulSet 名、及其怎样影响 StatefulSet 的 Pod 上的 DNS 名称的示例：
+
+Cluster Domain | Service (ns/name) | StatefulSet (ns/name)  | StatefulSet Domain  | Pod DNS | Pod Hostname |
+-------------- | ----------------- | ----------------- | -------------- | ------- | ------------ |
+ cluster.local | default/nginx     | default/web       | nginx.default.svc.cluster.local | web-{0..N-1}.nginx.default.svc.cluster.local | web-{0..N-1} |
+ cluster.local | foo/nginx         | foo/web           | nginx.foo.svc.cluster.local     | web-{0..N-1}.nginx.foo.svc.cluster.local     | web-{0..N-1} |
+ kube.local    | foo/nginx         | foo/web           | nginx.foo.svc.kube.local        | web-{0..N-1}.nginx.foo.svc.kube.local        | web-{0..N-1} |
+
+{{< note >}}
+<!--
+**Note:** Cluster Domain will be set to `cluster.local` unless
+[otherwise configured](/docs/concepts/services-networking/dns-pod-service/#how-it-works).
+-->
+**注意** 集群域会被设置为 `cluster.local` 除非有[其他配置](/docs/concepts/services-networking/dns-pod-service/#how-it-works)。
+{{< /note >}}
+
+<!--
+### Stable Storage
+
+Kubernetes creates one [PersistentVolume](/docs/concepts/storage/persistent-volumes/) for each
+VolumeClaimTemplate. In the nginx example above, each Pod will receive a single PersistentVolume
+with a StorageClass of `my-storage-class` and 1 Gib of provisioned storage. If no StorageClass
+is specified, then the default StorageClass will be used. When a Pod is (re)scheduled
+onto a node, its `volumeMounts` mount the PersistentVolumes associated with its
+PersistentVolume Claims. Note that, the PersistentVolumes associated with the
+Pods' PersistentVolume Claims are not deleted when the Pods, or StatefulSet are deleted.
+This must be done manually.
+-->
+
+### 稳定的存储
+
+Kubernetes 为每个 VolumeClaimTemplate 创建一个 [PersistentVolume](/docs/concepts/storage/persistent-volumes/)。在上面的 nginx 示例中，每个 Pod 将会得到基于 StorageClass `my-storage-class` 提供的 1 Gib 的 PersistentVolume。如果没有声明 StorageClass，就会使用默认的 StorageClass。当一个 Pod 被安排到节点上时，它的 `volumeMounts` 挂载了与其 PersistentVolumeClaims 相关联的 PersistentVolume。请注意，当 Pod 或者 StatefulSet 被删除时，与PersistentVolumeClaims 相关联的 PersistentVolume 并不会被删除。要删除它必须通过手动方式来完成。
+
+
+<!--
+### Pod Name Label
+
+When the StatefulSet controller creates a Pod, it adds a label, `statefulset.kubernetes.io/pod-name`, 
+that is set to the name of the Pod. This label allows you to attach a Service to a specific Pod in 
+the StatefulSet.
+-->
+
+### Pod 名称标签
+
+当 StatefulSet 创建 Pod 时，它会添加一个标签 `statefulset.kubernetes.io/pod-name`，该标签设置为 Pod 名称。这个标签允许您给 StatefulSet 中的特定 Pod 绑定一个 Service。
+
+<!--
+## Deployment and Scaling Guarantees
+
+* For a StatefulSet with N replicas, when Pods are being deployed, they are created sequentially, in order from {0..N-1}.
+* When Pods are being deleted, they are terminated in reverse order, from {N-1..0}.
+* Before a scaling operation is applied to a Pod, all of its predecessors must be Running and Ready.
+* Before a Pod is terminated, all of its successors must be completely shutdown.
+-->
+
+## 部署和伸缩保证
+
+* 对于包含 N 个 副本的 StatefulSet，当部署 Pod 时，它们是依次创建的，顺序为 {0..N-1}。
+* 当删除 Pod 时，它们是逆序终止的，顺序为 {N-1..0}。
+* 在将缩放操作应用到 Pod 之前，它前面的所有 Pod 必须是 Running 和 Ready 状态。
+* 在 Pod 终止之前，所有的继任者必须完全关闭。
+
+<!--
+The StatefulSet should not specify a `pod.Spec.TerminationGracePeriodSeconds` of 0. This practice is unsafe and strongly discouraged. For further explanation, please refer to [force deleting StatefulSet Pods](/docs/tasks/run-application/force-delete-stateful-set-pod/).
+-->
+
+StatefulSet 不应该声明 `pod.Spec.TerminationGracePeriodSeconds` 为 0。这种做法是不安全的，要强烈阻止。更多的解释请参考 [强制删除 StatefulSet Pods](/docs/tasks/run-application/force-delete-stateful-set-pod/)。
+
+<!--
+When the nginx example above is created, three Pods will be deployed in the order
+web-0, web-1, web-2. web-1 will not be deployed before web-0 is
+[Running and Ready](/docs/user-guide/pod-states/), and web-2 will not be deployed until
+web-1 is Running and Ready. If web-0 should fail, after web-1 is Running and Ready, but before
+web-2 is launched, web-2 will not be launched until web-0 is successfully relaunched and
+becomes Running and Ready.
+-->
+
+在上面的 nginx 示例被创建后，会按照 web-0、web-1、web-2 的顺序部署三个 Pod。在 web-0 进入[Running 和 Ready](/docs/user-guide/pod-states/)状态前不会部署 web-1。在 web-1 进入Running 和 Ready 状态前不会部署 web-2。如果 web-1 已经处于 Running 和 Ready 状态，而 web-2 尚未部署，在此期间发生了 web-0 运行失败，那么 web-2 将不会被部署，要等到 web-0 部署完成并进入 Running 和 Ready 状态后，才会部署 web-2。
+
+<!--
+If a user were to scale the deployed example by patching the StatefulSet such that
+`replicas=1`, web-2 would be terminated first. web-1 would not be terminated until web-2
+is fully shutdown and deleted. If web-0 were to fail after web-2 has been terminated and
+is completely shutdown, but prior to web-1's termination, web-1 would not be terminated
+until web-0 is Running and Ready.
+-->
+
+ 如果用户想将示例中的 StatefulSet 收缩为 `replicas=1`，首先被终止的是 web-2。在 web-2 没有被完全停止和删除前，web-1 不会被终止。当 web-2 已被终止和删除、web-1尚未被终止，如果在此期间发生 web-0 运行失败，那么就不会终止 web-1，必须等到 web-0 进入 Running 和 Ready 状态后才会终止 web-1。
+
+<!--
+### Pod Management Policies
+In Kubernetes 1.7 and later, StatefulSet allows you to relax its ordering guarantees while
+preserving its uniqueness and identity guarantees via its `.spec.podManagementPolicy` field.
+
+#### OrderedReady Pod Management
+
+`OrderedReady` pod management is the default for StatefulSets. It implements the behavior
+described [above](#deployment-and-scaling-guarantees).
+
+#### Parallel Pod Management
+
+`Parallel` pod management tells the StatefulSet controller to launch or
+terminate all Pods in parallel, and to not wait for Pods to become Running
+and Ready or completely terminated prior to launching or terminating another
+Pod.
+-->
+
+### Pod 管理策略
+在 Kubernetes 1.7及以后的版本中，StatefulSet 允许您放松其排序保证，同时通过它的 `.spec.podManagementPolicy` 域保持其唯一性和身份保证。
+
+#### 有序的 Pod 管理
+
+`有序的` Pod 管理是 StatefulSet 的默认功能。它实现了 [上面](#deployment-and-scaling-guarantees)描述的行为。
+
+#### 并行的 Pod 管理
+
+`并行` Pod 管理让 StatefulSet 控制器并行的启动或终止所有的 Pod，启动或者终止其他 Pod 前，无需等待 Pod 进入 Running 和 ready 或者完全停止状态。
+
+<!--
+## Update Strategies
+
+In Kubernetes 1.7 and later, StatefulSet's `.spec.updateStrategy` field allows you to configure
+and disable automated rolling updates for containers, labels, resource request/limits, and
+annotations for the Pods in a StatefulSet.
+-->
+
+## 更新策略
+
+在 Kubernetes 1.7 及以后的版本中，StatefulSet 的 `.spec.updateStrategy` 字段让您可以配置和禁用掉自动滚动更新 Pod 的容器、标签、资源请求／限制、以及注解。
+
+
+<!--
+### On Delete
+
+The `OnDelete` update strategy implements the legacy (1.6 and prior) behavior. When a StatefulSet's
+`.spec.updateStrategy.type` is set to `OnDelete`, the StatefulSet controller will not automatically
+update the Pods in a StatefulSet. Users must manually delete Pods to cause the controller to
+create new Pods that reflect modifications made to a StatefulSet's `.spec.template`.
+-->
+
+### On Delete
+
+`OnDelete` 更新策略实现了 1.6 及以前版本的历史遗留行为。当 StatefulSet 的 `.spec.updateStrategy.type` 设置为 `OnDelete` 时，它的控制器将不会自动更新 StatefulSet 中的 Pod。用户必须手动删除 Pod 以便让控制器创建新的 Pod，以此来对 StatefulSet 的 `.spec.template` 的变动作出反应。
+
+
+<!--
+### Rolling Updates
+
+The `RollingUpdate` update strategy implements automated, rolling update for the Pods in a
+StatefulSet. It is the default strategy when `.spec.updateStrategy` is left unspecified. When a StatefulSet's `.spec.updateStrategy.type` is set to `RollingUpdate`, the
+StatefulSet controller will delete and recreate each Pod in the StatefulSet. It will proceed
+in the same order as Pod termination (from the largest ordinal to the smallest), updating
+each Pod one at a time. It will wait until an updated Pod is Running and Ready prior to
+updating its predecessor.
+-->
+
+### 滚动更新（Rolling Updates）
+
+`RollingUpdate` 更新策略对 StatefulSet 中的 Pod 执行自动的滚动更新。在没有声明`.spec.updateStrategy`时，`RollingUpdate` 是默认配置。
+当 StatefulSet 的 `.spec.updateStrategy.type` 被设置为 `RollingUpdate` 时，StatefulSet 控制器会删除和重建 StatefulSet 中的每个 Pod。
+它将按照与 Pod 终止相同的顺序（从最大序号到最小序号）进行，每次更新一个 Pod。它会等到被更新的 Pod 进入 Running 和 Ready状态，然后再更新其前身。
+
+<!--
+#### Partitions
+
+The `RollingUpdate` update strategy can be partitioned, by specifying a
+`.spec.updateStrategy.rollingUpdate.partition`. If a partition is specified, all Pods with an
+ordinal that is greater than or equal to the partition will be updated when the StatefulSet's
+`.spec.template` is updated. All Pods with an ordinal that is less than the partition will not
+be updated, and, even if they are deleted, they will be recreated at the previous version. If a
+StatefulSet's `.spec.updateStrategy.rollingUpdate.partition` is greater than its `.spec.replicas`,
+updates to its `.spec.template` will not be propagated to its Pods.
+In most cases you will not need to use a partition, but they are useful if you want to stage an
+update, roll out a canary, or perform a phased roll out.
+-->
+
+#### 分区
+
+通过声明 `.spec.updateStrategy.rollingUpdate.partition`的方式，`RollingUpdate` 更新策略可以实现分区。如果声明了一个分区，当 StatefulSet 的`.spec.template` 被更新时，所有序号大于等于该分区序号的 Pod 都会被更新。所有序号小于该分区序号的 Pod 都不会被更新，并且，即使他们被删除也会依据之前的版本进行重建。如果 StatefulSet 的 `.spec.updateStrategy.rollingUpdate.partition` 大于它的 `.spec.replicas`，对它的 `.spec.template` 的更新将不会传递到它的 Pod。
+在大多数情况下，您不需要使用分区，但如果您希望进行阶段更新、执行金丝雀或执行分阶段展开，则这些分区会非常有用。
+
+
+{{% /capture %}}
+{{% capture whatsnext %}}
+
+<!--
+* Follow an example of [deploying a stateful application](/docs/tutorials/stateful-application/basic-stateful-set/).
+* Follow an example of [deploying Cassandra with Stateful Sets](/docs/tutorials/stateful-application/cassandra/).
+-->
+
+* 示例一： [部署有状态应用](/docs/tutorials/stateful-application/basic-stateful-set/)。
+* 示例二： [使用 StatefulSet 部署 Cassandra](/docs/tutorials/stateful-application/cassandra/)。
+
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/concepts/workloads/controllers/ttlafterfinished.md b/content/zh/docs/concepts/workloads/controllers/ttlafterfinished.md
new file mode 100644
index 0000000000000..def3823e2622c
--- /dev/null
+++ b/content/zh/docs/concepts/workloads/controllers/ttlafterfinished.md
@@ -0,0 +1,120 @@
+---
+reviewers:
+- janetkuo
+title: 已完成资源的 TTL 控制器
+content_template: templates/concept
+weight: 65
+---
+<!--
+---
+reviewers:
+- janetkuo
+title: TTL Controller for Finished Resources
+content_template: templates/concept
+weight: 65
+---
+-->
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.12" state="alpha" >}}
+
+<!--
+The TTL controller provides a TTL mechanism to limit the lifetime of resource objects that have finished execution. TTL controller only handles[Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/) for now, and may be expanded to handle other resources that will finish execution,such as Pods and custom resources.
+-->
+TTL 控制器提供了一种 TTL 机制来限制已完成执行的资源对象的生命周期。TTL 控制器目前只处理[作业](/docs/concepts/workloads/controllers/jobs-run-to-completion/)，可能以后会扩展以处理将完成执行的其他资源，例如 Pod 和自定义资源。
+
+<!--
+Alpha Disclaimer: this feature is currently alpha, and can be enabled with[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)`TTLAfterFinished`.
+-->
+Alpha 免责声明：此功能目前是 alpha 版，可以通过[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) `TTLAfterFinished` 启用。
+
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## TTL Controller
+-->
+## TTL 控制器
+
+<!--
+The TTL controller only supports Jobs for now. A cluster operator can use this feature to cleanup finished Jobs (either `Complete` or `Failed`) automatically by specifying the`.spec.ttlSecondsAfterFinished` field of a Job, as in this[example](/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically).
+-->
+TTL 控制器现在只支持 Jobs。集群操作员可以通过指定 Job 的 `.spec.ttlSecondsAfterFinished` 字段来自动清理已结束的作业（“完成”或“失败”），就像下边的[示例](/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically)。
+<!--
+The TTL controller will assume that a resource is eligible to be cleaned upTTL seconds after the resource has finished, in other words, when the TTL has expired. When the TTL controller cleans up a resource, it will delete it cascadingly, i.e. delete its dependent objects together with it. Note that when the resource is deleted,its lifecycle guarantees, such as finalizers, will be honored.
+-->
+TTL 控制器假设资源能在执行完成后的 TTL 秒内被清理，也就是当 TTL 过期后。当 TTL 控制器清理资源时，它将做级联删除，即删除资源对象的同时也删除其依赖对象。注意，当资源被删除时，由该资源的生命周期保证其终结器（finalizers）等被执行。
+
+<!--
+The TTL seconds can be set at any time. Here are some examples for setting the`.spec.ttlSecondsAfterFinished` field of a Job:
+-->
+可以随时设置 TTL 秒。以下是设置 Job 的 `.spec.ttlSecondsAfterFinished` 字段的一些示例：
+
+<!--
+* Specify this field in the resource manifest, so that a Job can be cleaned up
+  automatically some time after it finishes.
+* Set this field of existing, already finished resources, to adopt this new
+  feature.
+* Use a
+  [mutating admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks)
+  to set this field dynamically at resource creation time. Cluster administrators can
+  use this to enforce a TTL policy for finished resources.
+* Use a
+  [mutating admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks)
+  to set this field dynamically after the resource has finished, and choose
+  different TTL values based on resource status, labels, etc.
+-->
+* 在资源清单（manifest）中指定此字段，以便作业在完成后的某个时间被自动清除。
+* 将此字段设置为存在的、已完成的资源，以采用此新功能。
+* 在资源创建时使用 [mutating admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks) 动态设置该字段。集群管理员可以使用它对完成的资源强制执行 TTL 策略。
+* 使用 [mutating admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks) 在资源完成后动态设置该字段，并根据资源状态、标签等选择不同的 TTL 值。
+
+<!--
+## Caveat
+-->
+## 警告
+
+<!--
+### Updating TTL Seconds
+-->
+### 更新 TTL 秒
+
+<!--
+Note that the TTL period, e.g. `.spec.ttlSecondsAfterFinished` field of Jobs,can be modified after the resource is created or has finished. However, once the Job becomes eligible to be deleted (when the TTL has expired), the system won't guarantee that the Jobs will be kept, even if an update to extend the TTL returns a successful API response.
+-->
+请注意，在创建资源后或已经执行结束后，仍可以修改其 TTL 周期，例如作业的 `.spec.ttlSecondsAfterFinished` 字段。但是，一旦作业变为可被删除状态（当其 TTL 已过期时），即使您通过 API 扩展其 TTL 时长得到了成功的响应，系统也不保证作业将被保留。
+
+<!--
+### Time Skew
+-->
+### 时间偏差
+
+<!--
+Because TTL controller uses timestamps stored in the Kubernetes resources to determine whether the TTL has expired or not, this feature is sensitive to time skew in the cluster, which may cause TTL controller to clean up resource objects at the wrong time.
+-->
+由于 TTL 控制器使用存储在 Kubernetes 资源中的时间戳来确定 TTL 是否已过期，因此该功能对集群中的时间偏差很敏感，这可能导致 TTL 控制器在错误的时间清理资源对象。
+
+<!--
+In Kubernetes, it's required to run NTP on all nodes(see [#6159](https://github.com/kubernetes/kubernetes/issues/6159#issuecomment-93844058))to avoid time skew. Clocks aren't always correct, but the difference should bevery small. Please be aware of this risk when setting a non-zero TTL.
+-->
+在 Kubernetes 中，需要在所有节点上运行 NTP（参见[#6159](https://github.com/kubernetes/kubernetes/issues/6159#issuecomment-93844058)）以避免时间偏差。时钟并不总是如此正确，但差异应该很小。设置非零 TTL 时请注意这种风险。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+[Clean up Jobs automatically](/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically)
+-->
+[自动清理作业](/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically)
+
+<!--
+[Design doc](https://github.com/kubernetes/community/blob/master/keps/sig-apps/0026-ttl-after-finish.md)
+-->
+[设计文档](https://github.com/kubernetes/community/blob/master/keps/sig-apps/0026-ttl-after-finish.md)
+
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/workloads/pods/_index.md b/content/zh/docs/concepts/workloads/pods/_index.md
index 3b714c7ff5b64..1c35becca5487 100644
--- a/content/zh/docs/concepts/workloads/pods/_index.md
+++ b/content/zh/docs/concepts/workloads/pods/_index.md
@@ -1,12 +1,11 @@
-<!--
 ---
 title: "Pods"
 weight: 10
 ---
--->
 
+<!--
 ---
 title: "Pods"
 weight: 10
 ---
-
+-->
diff --git a/content/zh/docs/concepts/workloads/pods/pod-overview.md b/content/zh/docs/concepts/workloads/pods/pod-overview.md
new file mode 100644
index 0000000000000..d96799b1213ca
--- /dev/null
+++ b/content/zh/docs/concepts/workloads/pods/pod-overview.md
@@ -0,0 +1,256 @@
+---
+reviewers:
+- erictune
+title: Pod 概览
+content_template: templates/concept
+weight: 10
+---
+
+<!--
+---
+reviewers:
+- erictune
+title: Pod Overview
+content_template: templates/concept
+weight: 10
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page provides an overview of `Pod`, the smallest deployable object in the Kubernetes object model.
+-->
+本节提供了 `Pod` 的概览信息，`Pod` 是最小可部署的 Kubernetes 对象模型。
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Understanding Pods
+
+A *Pod* is the basic building block of Kubernetes--the smallest and simplest unit in the Kubernetes object model that you create or deploy. A Pod represents a running process on your cluster.
+-->
+
+## 理解 Pod
+
+*Pod* 是 Kubernetes 的基本构建块，它是 Kubernetes 对象模型中创建或部署的最小和最简单的单元。
+Pod 表示集群上正在运行的进程。
+
+<!--
+A Pod encapsulates an application container (or, in some cases, multiple containers), storage resources, a unique network IP, and options that govern how the container(s) should run. A Pod represents a unit of deployment: *a single instance of an application in Kubernetes*, which might consist of either a single container or a small number of containers that are tightly coupled and that share resources.
+-->
+
+Pod 封装了应用程序容器（或者在某些情况下封装多个容器）、存储资源、唯一网络 IP 以及控制容器应该如何运行的选项。
+Pod 表示部署单元：*Kubernetes 中应用程序的单个实例*，它可能由单个容器或少量紧密耦合并共享资源的容器组成。
+
+<!--
+> [Docker](https://www.docker.com) is the most common container runtime used in a Kubernetes Pod, but Pods support other container runtimes as well.
+
+Pods in a Kubernetes cluster can be used in two main ways:
+-->
+[Docker](https://www.docker.com) 是 Kubernetes Pod 中最常用的容器运行时，但 Pod 也能支持其他的容器运行时。
+
+Kubernetes 集群中的 Pod 可被用于以下两个主要用途：
+
+<!--
+* **Pods that run a single container**. The "one-container-per-Pod" model is the most common Kubernetes use case; in this case, you can think of a Pod as a wrapper around a single container, and Kubernetes manages the Pods rather than the containers directly.
+* **Pods that run multiple containers that need to work together**. A Pod might encapsulate an application composed of multiple co-located containers that are tightly coupled and need to share resources. These co-located containers might form a single cohesive unit of service--one container serving files from a shared volume to the public, while a separate "sidecar" container refreshes or updates those files. The Pod wraps these containers and storage resources together as a single manageable entity.
+-->
+
+* **运行单个容器的 Pod**。"每个 Pod 一个容器"模型是最常见的 Kubernetes 用例；在这种情况下，可以将 Pod 看作单个容器的包装器，并且 Kubernetes 直接管理 Pod，而不是容器。
+* **运行多个协同工作的容器的 Pod**。
+Pod 可能封装由多个紧密耦合且需要共享资源的共处容器组成的应用程序。
+这些位于同一位置的容器可能形成单个内聚的服务单元——一个容器将文件从共享卷提供给公众，而另一个单独的“挂斗”容器则刷新或更新这些文件。
+Pod 将这些容器和存储资源打包为一个可管理的实体。
+
+<!--
+The [Kubernetes Blog](http://kubernetes.io/blog) has some additional information on Pod use cases. For more information, see:
+
+* [The Distributed System Toolkit: Patterns for Composite Containers](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns)
+* [Container Design Patterns](https://kubernetes.io/blog/2016/06/container-design-patterns)
+-->
+
+[Kubernetes 博客](http://kubernetes.io/blog) 上有一些其他的 Pod 用例信息。更多信息请参考：
+
+* [分布式系统工具包：复合容器的模式](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns)
+* [容器设计模式](https://kubernetes.io/blog/2016/06/container-design-patterns)
+
+<!--
+Each Pod is meant to run a single instance of a given application. If you want to scale your application horizontally (e.g., run multiple instances), you should use multiple Pods, one for each instance. In Kubernetes, this is generally referred to as _replication_. Replicated Pods are usually created and managed as a group by an abstraction called a Controller. See [Pods and Controllers](#pods-and-controllers) for more information.
+-->
+
+每个 Pod 表示运行给定应用程序的单个实例。如果希望横向扩展应用程序（例如，运行多个实例），则应该使用多个 Pod，每个实例使用一个。
+在 Kubernetes 中，这通常被称为 _副本_。
+通常使用一个称为控制器的抽象来创建和管理一组被复制的 Pod。
+更多信息请参见 [POD 和控制器](#pods-and-controllers)。
+
+<!--
+### How Pods manage multiple Containers
+
+Pods are designed to support multiple cooperating processes (as containers) that form a cohesive unit of service. The containers in a Pod are automatically co-located and co-scheduled on the same physical or virtual machine in the cluster. The containers can share resources and dependencies, communicate with one another, and coordinate when and how they are terminated.
+-->
+
+### Pod 怎样管理多个容器
+
+Pod 被设计成支持形成内聚服务单元的多个协作过程（作为容器）。
+Pod 中的容器被自动的安排到集群中的同一物理或虚拟机上，并可以一起进行调度。
+容器可以共享资源和依赖、彼此通信、协调何时以及何种方式终止它们。
+
+<!--
+Note that grouping multiple co-located and co-managed containers in a single Pod is a relatively advanced use case. You should use this pattern only in specific instances in which your containers are tightly coupled. For example, you might have a container that acts as a web server for files in a shared volume, and a separate "sidecar" container that updates those files from a remote source, as in the following diagram:
+-->
+
+注意，在单个 Pod 中将多个并置和共同管理的容器分组是一个相对高级的使用方式。
+只在容器紧密耦合的特定实例中使用此模式。
+例如，您可能有个充当共享卷中文件的 Web 服务器的容器，以及从远程源更新这些文件的单独的"挂斗"容器，如下图所示：
+
+
+{{< figure src="/images/docs/pod.svg" title="pod diagram" width="50%" >}}
+
+<!--
+Pods provide two kinds of shared resources for their constituent containers: *networking* and *storage*.
+-->
+
+Pod 为其组成容器提供了两种共享资源：*网络* 和 *存储*。
+
+<!--
+#### Networking
+
+Each Pod is assigned a unique IP address. Every container in a Pod shares the network namespace, including the IP address and network ports. Containers *inside a Pod* can communicate with one another using `localhost`. When containers in a Pod communicate with entities *outside the Pod*, they must coordinate how they use the shared network resources (such as ports).
+-->
+
+#### 联网
+
+每个 Pod 分配一个唯一的 IP 地址。
+Pod 中的每个容器共享网络命名空间，包括 IP 地址和网络端口。
+*Pod 内的容器* 可以使用 `localhost` 互相通信。
+当 Pod 中的容器与 *Pod 之外* 的实体通信时，它们必须协调如何使用共享的网络资源（例如端口）。
+
+<!--
+#### Storage
+
+A Pod can specify a set of shared storage *volumes*. All containers in the Pod can access the shared volumes, allowing those containers to share data. Volumes also allow persistent data in a Pod to survive in case one of the containers within needs to be restarted. See [Volumes](/docs/concepts/storage/volumes/) for more information on how Kubernetes implements shared storage in a Pod.
+-->
+
+#### 存储
+
+一个 Pod 可以指定一组共享存储 *卷*。
+Pod 中的所有容器都可以访问共享卷，允许这些容器共享数据。
+卷还允许 Pod 中的持久数据在重启 Pod 中的某个容器时存活。
+有关 Kubernetes 如何在 Pod 中实现共享存储的更多信息，请参考 [卷](/docs/concepts/storage/volumes/)。
+
+<!--
+## Working with Pods
+
+You'll rarely create individual Pods directly in Kubernetes--even singleton Pods. This is because Pods are designed as relatively ephemeral, disposable entities. When a Pod gets created (directly by you, or indirectly by a Controller), it is scheduled to run on a Node in your cluster. The Pod remains on that Node until the process is terminated, the pod object is deleted, the pod is *evicted* for lack of resources, or the Node fails.
+-->
+
+## 使用 Pod
+
+你很少在 Kubernetes 中直接创建单独的 Pod，甚至是单个存在的 Pod。
+这是因为 Pod 被设计成了相对短暂的一次性的实体。
+当 Pod 由您创建或者间接地由控制器创建时，它被调度在集群中的节点上运行。
+Pod 会保持在该节点上运行，直到进程被终止、Pod 对象被删除、Pod 因资源不足而被 *驱逐* 或者节点失效为止。
+{{< note >}}
+<!--
+Restarting a container in a Pod should not be confused with restarting the Pod. The Pod itself does not run, but is an environment the containers run in and persists until it is deleted.
+-->
+重启 Pod 中的容器不应与重启 Pod 混淆。Pod 本身不运行，而是作为容器运行的环境，并且一直保持到被删除为止。
+{{< /note >}}
+
+<!--
+Pods do not, by themselves, self-heal. If a Pod is scheduled to a Node that fails, or if the scheduling operation itself fails, the Pod is deleted; likewise, a Pod won't survive an eviction due to a lack of resources or Node maintenance. Kubernetes uses a higher-level abstraction, called a *Controller*, that handles the work of managing the relatively disposable Pod instances. Thus, while it is possible to use Pod directly, it's far more common in Kubernetes to manage your pods using a Controller. See [Pods and Controllers](#pods-and-controllers) for more information on how Kubernetes uses Controllers to implement Pod scaling and healing.
+-->
+
+Pod 本身并不能自愈。
+如果 Pod 被调度到失败的节点，或者如果调度操作本身失败，则删除该 Pod；同样，由于缺乏资源或进行节点维护，Pod 在被驱逐后将不再生存。
+Kubernetes 使用了一个更高级的称为 *控制器* 的抽象，由它处理相对可丢弃的 Pod 实例的管理工作。
+因此，虽然可以直接使用 Pod，但在 Kubernetes 中，更为常见的是使用控制器管理 Pod。
+有关 Kubernetes 如何使用控制器实现 Pod 伸缩和愈合的更多信息，请参考 [Pod 和控制器](#pods-and-controllers)。
+
+<!--
+### Pods and Controllers
+
+A Controller can create and manage multiple Pods for you, handling replication and rollout and providing self-healing capabilities at cluster scope. For example, if a Node fails, the Controller might automatically replace the Pod by scheduling an identical replacement on a different Node.
+-->
+
+### Pod 和控制器
+
+控制器可以为您创建和管理多个 Pod，管理副本和上线，并在集群范围内提供自修复能力。
+例如，如果一个节点失败，控制器可以在不同的节点上调度一样的替身来自动替换 Pod。
+
+<!--
+Some examples of Controllers that contain one or more pods include:
+
+* [Deployment](/docs/concepts/workloads/controllers/deployment/)
+* [StatefulSet](/docs/concepts/workloads/controllers/statefulset/)
+* [DaemonSet](/docs/concepts/workloads/controllers/daemonset/)
+
+In general, Controllers use a Pod Template that you provide to create the Pods for which it is responsible.
+-->
+
+包含一个或多个 Pod 的控制器一些示例包括：
+
+* [Deployment](/docs/concepts/workloads/controllers/deployment/)
+* [StatefulSet](/docs/concepts/workloads/controllers/statefulset/)
+* [DaemonSet](/docs/concepts/workloads/controllers/daemonset/)
+
+控制器通常使用您提供的 Pod 模板来创建它所负责的 Pod。
+
+<!--
+## Pod Templates
+
+Pod templates are pod specifications which are included in other objects, such as
+[Replication Controllers](/docs/concepts/workloads/controllers/replicationcontroller/), [Jobs](/docs/concepts/jobs/run-to-completion-finite-workloads/), and
+[DaemonSets](/docs/concepts/workloads/controllers/daemonset/).  Controllers use Pod Templates to make actual pods.
+The sample below is a simple manifest for a Pod which contains a container that prints
+a message.
+-->
+
+## Pod 模板
+
+Pod 模板是包含在其他对象中的 Pod 规范，例如
+[Replication Controllers](/docs/concepts/workloads/controllers/replicationcontroller/)、 [Jobs](/docs/concepts/jobs/run-to-completion-finite-workloads/)、和
+[DaemonSets](/docs/concepts/workloads/controllers/daemonset/)。
+控制器使用 Pod 模板来制作实际使用的 Pod。
+下面的示例是一个简单的 Pod 清单，它包含一个打印消息的容器。
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: myapp-pod
+  labels:
+    app: myapp
+spec:
+  containers:
+  - name: myapp-container
+    image: busybox
+    command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']
+```
+
+<!--
+Rather than specifying the current desired state of all replicas, pod templates are like cookie cutters. Once a cookie has been cut, the cookie has no relationship to the cutter. There is no "quantum entanglement". Subsequent changes to the template or even switching to a new template has no direct effect on the pods already created. Similarly, pods created by a replication controller may subsequently be updated directly. This is in deliberate contrast to pods, which do specify the current desired state of all containers belonging to the pod. This approach radically simplifies system semantics and increases the flexibility of the primitive.
+-->
+
+Pod 模板就像饼干切割器，而不是指定所有副本的当前期望状态。
+一旦饼干被切掉，饼干就与切割器没有关系。
+没有“量子纠缠”。
+随后对模板的更改或甚至切换到新的模板对已经创建的 Pod 没有直接影响。
+类似地，由副本控制器创建的 Pod 随后可以被直接更新。
+这与 Pod 形成有意的对比，Pod 指定了属于 Pod 的所有容器的当前期望状态。
+这种方法从根本上简化了系统语义，增加了原语的灵活性。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* Learn more about Pod behavior:
+  * [Pod Termination](/docs/concepts/workloads/pods/pod/#termination-of-pods)
+  * Other Pod Topics
+-->
+* 进一步了解 Pod 的行为：
+  * [Pod 的终止](/docs/concepts/workloads/pods/pod/#termination-of-pods)
+  * 其他 Pod 话题
+{{% /capture %}}
diff --git a/content/zh/docs/concepts/workloads/pods/pod.md b/content/zh/docs/concepts/workloads/pods/pod.md
new file mode 100644
index 0000000000000..3b35674ccaa06
--- /dev/null
+++ b/content/zh/docs/concepts/workloads/pods/pod.md
@@ -0,0 +1,399 @@
+---
+reviewers:
+title: Pods
+content_template: templates/concept
+weight: 20
+---
+
+<!--
+---
+reviewers:
+title: Pods
+content_template: templates/concept
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+_Pods_ are the smallest deployable units of computing that can be created and
+managed in Kubernetes.
+-->
+
+_Pods_ 是可以在 Kubernetes 中创建和管理的、最小的可部署的计算单元。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## What is a Pod?
+
+A _pod_ (as in a pod of whales or pea pod) is a group of one or more containers
+(such as Docker containers), with shared storage/network, and a specification
+for how to run the containers.  A pod's contents are always co-located and
+co-scheduled, and run in a shared context.  A pod models an
+application-specific "logical host" - it contains one or more application
+containers which are relatively tightly coupled &mdash; in a pre-container
+world, being executed on the same physical or virtual machine would mean being
+executed on the same logical host.
+-->
+
+## Pod 是什么？
+
+_pod_ （就像在鲸鱼荚或者豌豆荚中）是一组（一个或多个）容器（例如 Docker 容器），这些容器有共享存储、网络、以及怎样运行这些容器的声明。Pod 的内容总是共同定位和共同调度，并且在共享的上下文中运行。
+Pod 以特定于应用的“逻辑主机”为模型，它包含一个或多个应用容器，这些容器是相对紧密的耦合在一起；在容器出现之前，在相同的物理机或虚拟机上运行意味着在相同的逻辑主机上运行。
+
+<!--
+While Kubernetes supports more container runtimes than just Docker, Docker is
+the most commonly known runtime, and it helps to describe pods in Docker terms.
+
+The shared context of a pod is a set of Linux namespaces, cgroups, and
+potentially other facets of isolation - the same things that isolate a Docker
+container.  Within a pod's context, the individual applications may have
+further sub-isolations applied.
+-->
+
+虽然 Kubernetes 支持多种容器运行时，但 Docker 是最常见的一种运行时，它有助于描述 Docker 术语中的 Pod。
+
+Pod 的共享上下文是一组 Linux 命名空间、cgroups、以及其他潜在的资源隔离相关的因素，这些相同的东西也隔离了 Docker 容器。在 Pod 的上下文中，单个应用程序可能还会应用进一步的子隔离。
+
+<!--
+Containers within a pod share an IP address and port space, and
+can find each other via `localhost`. They can also communicate with each
+other using standard inter-process communications like SystemV semaphores or
+POSIX shared memory.  Containers in different pods have distinct IP addresses
+and can not communicate by IPC without
+[special configuration](/docs/concepts/policy/pod-security-policy/).
+These containers usually communicate with each other via Pod IP addresses.
+
+Applications within a pod also have access to shared volumes, which are defined
+as part of a pod and are made available to be mounted into each application's
+filesystem.
+-->
+
+Pod 中的所有容器共享一个 IP 地址和端口空间，并且可以通过 `localhost` 互相发现。他们也能通过标准的进程间通信（如 SystemV 信号量或 POSIX 共享内存）方式进行互相通信。不同 Pod 中的容器的 IP 地址互不相同，没有 [特殊配置](/docs/concepts/policy/pod-security-policy/) 就不能使用 IPC 进行通信。这些容器之间经常通过 Pod IP 地址进行通信。
+
+Pod 中的应用也能访问共享卷，共享卷是 Pod 定义的一部分，可被用来挂载到每个应用的文件系统上。
+
+<!--
+In terms of [Docker](https://www.docker.com/) constructs, a pod is modelled as
+a group of Docker containers with shared namespaces and shared
+[volumes](/docs/concepts/storage/volumes/).
+
+Like individual application containers, pods are considered to be relatively
+ephemeral (rather than durable) entities. As discussed in [life of a
+pod](/docs/concepts/workloads/pods/pod-lifecycle/), pods are created, assigned a unique ID (UID), and
+scheduled to nodes where they remain until termination (according to restart
+policy) or deletion. If a node dies, the pods scheduled to that node are
+scheduled for deletion, after a timeout period. A given pod (as defined by a UID) is not
+"rescheduled" to a new node; instead, it can be replaced by an identical pod,
+with even the same name if desired, but with a new UID (see [replication
+controller](/docs/concepts/workloads/controllers/replicationcontroller/) for more details).
+-->
+
+在 [Docker](https://www.docker.com/) 体系的术语中，Pod 被建模为一组具有共享命名空间和共享 [卷](/docs/concepts/storage/volumes/) 的 Docker 容器。
+
+与单个应用程序容器一样，Pod被认为是相对短暂的（而不是持久的）实体。如 [Pod 的生命](/docs/concepts/workloads/pods/pod-lifecycle/) 所讨论的那样：Pod 被创建、给它指定一个唯一 ID （UID）、被调度到节点、在节点上存续直到终止（取决于重启策略）或被删除。如果节点宕机，调度到该节点上的 Pod 会在一个超时周期后被安排删除。给定 Pod （由 UID 定义）不会重新调度到新节点；相反，它会被一个完全相同的 Pod 替换掉，如果需要甚至连 Pod 名称都可以一样，除了 UID 是新的(更多信息请查阅 [副本控制器（replication
+controller）](/docs/concepts/workloads/controllers/replicationcontroller/))。
+
+<!--
+When something is said to have the same lifetime as a pod, such as a volume,
+that means that it exists as long as that pod (with that UID) exists. If that
+pod is deleted for any reason, even if an identical replacement is created, the
+related thing (e.g. volume) is also destroyed and created anew.
+-->
+
+当某些东西被说成与 Pod（如卷）具有相同的生存期时，这意味着只要pod（具有该UID）存在，它就存在。如果那个 Pod 因为某种原因被删除了，即使创建了相同的 Pod 做替换，Pod 的相关的资源（如卷等）也会被销毁进行重新创建。
+
+{{< figure src="/images/docs/pod.svg" title="pod diagram" width="50%" >}}
+
+<!--
+*A multi-container pod that contains a file puller and a
+web server that uses a persistent volume for shared storage between the containers.*
+-->
+
+包含多个容器的 Pod 包含文件拉取器和 web 服务器，使用了持久卷在容器之间进行存储共享。
+
+{{< figure src="/images/docs/pod.svg" title="pod diagram" width="50%" >}}
+
+
+<!--
+## Motivation for pods
+
+### Management
+
+Pods are a model of the pattern of multiple cooperating processes which form a
+cohesive unit of service.  They simplify application deployment and management
+by providing a higher-level abstraction than the set of their constituent
+applications. Pods serve as unit of deployment, horizontal scaling, and
+replication. Colocation (co-scheduling), shared fate (e.g. termination),
+coordinated replication, resource sharing, and dependency management are
+handled automatically for containers in a pod.
+-->
+
+## Pod 的动机
+
+### 管理
+
+Pod 是形成内聚服务单元的多个协作过程模式的模型。它们提供了一个比它们的应用组成集合更高级的抽象，从而简化了应用的部署和管理。Pod 可以用作部署单元、水平缩放和复制。在 Pod中，多个容器的共同定位（协同调度）、共享命运（例如，终止）、协调复制、资源共享和依赖项管理都是自动处理的。
+
+
+<!--
+### Resource sharing and communication
+
+Pods enable data sharing and communication among their constituents.
+
+The applications in a pod all use the same network namespace (same IP and port
+space), and can thus "find" each other and communicate using `localhost`.
+Because of this, applications in a pod must coordinate their usage of ports.
+Each pod has an IP address in a flat shared networking space that has full
+communication with other physical computers and pods across the network.
+-->
+
+### 资源共享和通信
+
+Pod 使它的组成容器间能够进行数据共享和通信。
+
+Pod 中的应用都使用相同的网络命名空间（相同 IP 和 端口空间），而且能够互相“发现”并使用 `localhost` 进行通信。因此，在 Pod 中的应用必须协调它们的端口使用情况。每个 Pod 在扁平的共享网络空间中具有一个IP地址，该空间能与整个网络上的其他物理机或虚拟机进行完全通信。
+
+<!--
+The hostname is set to the pod's Name for the application containers within the
+pod. [More details on networking](/docs/concepts/cluster-administration/networking/).
+
+In addition to defining the application containers that run in the pod, the pod
+specifies a set of shared storage volumes. Volumes enable data to survive
+container restarts and to be shared among the applications within the pod.
+-->
+
+主机名被设置为 Pod 内的应用程序容器的 Pod 名称。请参考[组网的更多信息](/docs/concepts/cluster-administration/networking/)。
+
+Pod 除了定义了 Pod 中运行的应用程序容器之外，Pod 还指定了一组共享存储卷。该共享存储卷能使数据在容器重新启动后继续保留，并能在 Pod 内的应用程序之间共享。
+
+<!--
+## Uses of pods
+
+Pods can be used to host vertically integrated application stacks (e.g. LAMP),
+but their primary motivation is to support co-located, co-managed helper
+programs, such as:
+
+* content management systems, file and data loaders, local cache managers, etc.
+* log and checkpoint backup, compression, rotation, snapshotting, etc.
+* data change watchers, log tailers, logging and monitoring adapters, event publishers, etc.
+* proxies, bridges, and adapters
+* controllers, managers, configurators, and updaters
+-->
+
+## 使用 Pod
+
+Pod 可以用于托管垂直集成的应用程序栈（例如，LAMP），但最主要的动机是支持位于同一位置的、共同管理的帮助程序，例如：
+
+* 内容管理系统、文件和数据加载器、本地缓存管理器等。
+* 日志和检查点备份、压缩、旋转、快照等。
+* 数据更改监视器、日志跟踪器、日志和监视适配器、事件发布器等。
+* 代理、桥接器和适配器
+* 控制器、管理器、配置器和更新器
+
+
+<!--
+Individual pods are not intended to run multiple instances of the same
+application, in general.
+
+For a longer explanation, see [The Distributed System ToolKit: Patterns for
+Composite
+Containers](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns).
+-->
+
+通常，单个 Pod 并不打算运行同一应用程序的多个实例。
+
+更多解释，请参考 [分布式系统工具包：复合容器的模式](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns)
+
+<!--
+## Alternatives considered
+
+_Why not just run multiple programs in a single (Docker) container?_
+
+1. Transparency. Making the containers within the pod visible to the
+   infrastructure enables the infrastructure to provide services to those
+   containers, such as process management and resource monitoring. This
+   facilitates a number of conveniences for users.
+1. Decoupling software dependencies. The individual containers may be
+   versioned, rebuilt and redeployed independently. Kubernetes may even support
+   live updates of individual containers someday.
+1. Ease of use. Users don't need to run their own process managers, worry about
+   signal and exit-code propagation, etc.
+1. Efficiency. Because the infrastructure takes on more responsibility,
+   containers can be lighter weight.
+-->
+
+## 备选方案的思考
+
+_为什么不在单个（Docker）容器中运行多个程序？_
+
+1. 透明度。Pod 内的容器对基础设施可见，使得基础设施能够向这些容器提供服务，例如流程管理和资源监控。这为用户提供了许多便利。
+1. 解耦软件依赖关系。可以独立地对单个容器进行版本控制、重新构建和重新部署。Kubernetes 有一天甚至可能支持单个容器的实时更新。
+1. 易用性。用户不需要运行他们自己的进程管理器、也不用担心信号和退出代码传播等。
+1. 效率。因为基础结构承担了更多的责任，所以容器可以变得更加轻量化。
+
+<!--
+_Why not support affinity-based co-scheduling of containers?_
+
+That approach would provide co-location, but would not provide most of the
+benefits of pods, such as resource sharing, IPC, guaranteed fate sharing, and
+simplified management.
+-->
+
+_为什么不支持基于亲和性的容器联合调度？_
+
+这种处理方法尽管可以提供同址，但不能提供 Pod 的大部分好处，如资源共享、IPC、有保证的命运共享和简化的管理。
+
+<!--
+## Durability of pods (or lack thereof)
+
+Pods aren't intended to be treated as durable entities. They won't survive scheduling failures, node failures, or other evictions, such as due to lack of resources, or in the case of node maintenance.
+
+In general, users shouldn't need to create pods directly. They should almost
+always use controllers even for singletons, for example,
+[Deployments](/docs/concepts/workloads/controllers/deployment/).
+Controllers provide self-healing with a cluster scope, as well as replication
+and rollout management.
+Controllers like [StatefulSet](/docs/concepts/workloads/controllers/statefulset.md)
+can also provide support to stateful pods.
+-->
+
+## Pod 的持久性（或稀缺性）
+
+Pod 并没想被视为持久的实体。它们无法在调度失败、节点故障或其他驱逐策略（例如由于缺乏资源或在节点维护的情况下）中生存。
+
+一般来说，用户不需要直接创建 Pod。他们几乎都是使用控制器进行创建，即使对于单例的创建也一样使用控制器，例如 [Deployments](/docs/concepts/workloads/controllers/deployment/)。
+控制器提供集群范围的自修复以及复制和滚动管理。
+像 [StatefulSet](/docs/concepts/workloads/controllers/statefulset.md) 这样的控制器还可以提供支持有状态的 Pod。
+
+<!--
+The use of collective APIs as the primary user-facing primitive is relatively common among cluster scheduling systems, including [Borg](https://research.google.com/pubs/pub43438.html), [Marathon](https://mesosphere.github.io/marathon/docs/rest-api.html), [Aurora](http://aurora.apache.org/documentation/latest/reference/configuration/#job-schema), and [Tupperware](http://www.slideshare.net/Docker/aravindnarayanan-facebook140613153626phpapp02-37588997).
+-->
+
+在集群调度系统中，使用 API 合集作为面向用户的主要原语是比较常见的，包括 [Borg](https://research.google.com/pubs/pub43438.html)、[Marathon](https://mesosphere.github.io/marathon/docs/rest-api.html)、[Aurora](http://aurora.apache.org/documentation/latest/reference/configuration/#job-schema)、和 [Tupperware](http://www.slideshare.net/Docker/aravindnarayanan-facebook140613153626phpapp02-37588997)。
+
+<!--
+Pod is exposed as a primitive in order to facilitate:
+
+* scheduler and controller pluggability
+* support for pod-level operations without the need to "proxy" them via controller APIs
+* decoupling of pod lifetime from controller lifetime, such as for bootstrapping
+* decoupling of controllers and services &mdash; the endpoint controller just watches pods
+* clean composition of Kubelet-level functionality with cluster-level functionality &mdash; Kubelet is effectively the "pod controller"
+* high-availability applications, which will expect pods to be replaced in advance of their termination and certainly in advance of deletion, such as in the case of planned evictions or image prefetching.
+-->
+
+Pod 暴露为原语是为了便于：
+
+* 调度器和控制器可插拔性
+* 支持 Pod 级别的操作，而不需要通过控制器 API "代理" 它们
+* Pod 生命与控制器生命的解耦，如自举
+* 控制器和服务的解耦；端点控制器只监视 Pod
+* Kubelet 级别的功能与集群级别功能的清晰组合；Kubelet 实际上是 "Pod 控制器"
+* 高可用性应用程序期望在 Pod 终止之前并且肯定要在 Pod 被删除之前替换 Pod，例如在计划驱逐或镜像预先提取的情况下。
+
+<!--
+## Termination of Pods
+
+Because pods represent running processes on nodes in the cluster, it is important to allow those processes to gracefully terminate when they are no longer needed (vs being violently killed with a KILL signal and having no chance to clean up). Users should be able to request deletion and know when processes terminate, but also be able to ensure that deletes eventually complete. When a user requests deletion of a pod, the system records the intended grace period before the pod is allowed to be forcefully killed, and a TERM signal is sent to the main process in each container. Once the grace period has expired, the KILL signal is sent to those processes, and the pod is then deleted from the API server. If the Kubelet or the container manager is restarted while waiting for processes to terminate, the termination will be retried with the full grace period.
+-->
+
+## Pod 的终止
+
+因为 Pod 代表在集群中的节点上运行的进程，所以当不再需要这些进程时（与被 KILL 信号粗暴地杀死并且没有机会清理相比），允许这些进程优雅地终止是非常重要的。
+用户应该能够请求删除并且知道进程何时终止，但是也能够确保删除最终完成。当用户请求删除 Pod 时，系统会记录在允许强制删除 Pod 之前所期望的宽限期，并向每个容器中的主进程发送 TERM 信号。一旦过了宽限期，KILL 信号就发送到这些进程，然后就从 API 服务器上删除 Pod。如果 Kubelet 或容器管理器在等待进程终止时发生重启，则终止操作将以完整的宽限期进行重试。
+
+
+<!--
+An example flow:
+
+1. User sends command to delete Pod, with default grace period (30s)
+1. The Pod in the API server is updated with the time beyond which the Pod is considered "dead" along with the grace period.
+1. Pod shows up as "Terminating" when listed in client commands
+1. (simultaneous with 3) When the Kubelet sees that a Pod has been marked as terminating because the time in 2 has been set, it begins the pod shutdown process.
+    1. If the pod has defined a [preStop hook](/docs/concepts/containers/container-lifecycle-hooks/#hook-details), it is invoked inside of the pod. If the `preStop` hook is still running after the grace period expires, step 2 is then invoked with a small (2 second) extended grace period.
+    1. The processes in the Pod are sent the TERM signal.
+1. (simultaneous with 3) Pod is removed from endpoints list for service, and are no longer considered part of the set of running pods for replication controllers. Pods that shutdown slowly cannot continue to serve traffic as load balancers (like the service proxy) remove them from their rotations.
+1. When the grace period expires, any processes still running in the Pod are killed with SIGKILL.
+1. The Kubelet will finish deleting the Pod on the API server by setting grace period 0 (immediate deletion). The Pod disappears from the API and is no longer visible from the client.
+-->
+
+流程示例：
+
+1. 用户发送命令删除 Pod，使用的是默认的宽限期（30秒）
+2. API 服务器中的 Pod 会随着宽限期规定的时间进行更新，过了这个时间 Pod 就会被认为已 "死亡"。
+3. 当使用客户端命令查询 Pod 状态时，Pod 显示为 "Terminating"。
+4. （和第3步同步进行）当 Kubelet 看到 Pod 由于步骤2中设置的时间而被标记为 terminating 状态时，它就开始执行关闭 Pod 流程。
+    1. 如果 Pod 定义了 [preStop 钩子](/docs/concepts/containers/container-lifecycle-hooks/#hook-details)，就在 Pod 内部调用它。如果宽限期结束了 `preStop` 钩子还在运行，那么就用小的（2秒）扩展宽限期调用步骤2。
+
+    2. 给 Pod 内的进程发送 TERM 信号。
+5. （和第3步同步进行）从服务的端点列表中删除 Pod，Pod也不再被视为副本控制器的运行状态的 Pod 集的一部分。当负载平衡器（如服务代理）将 Pod 从轮换中移除时，关闭迟缓的 Pod 将不能继续为流量服务。
+6. 当宽限期结束后，Pod 中运行的任何进程都将被用 SIGKILL 杀死。
+7. Kubelet 将通过设置宽限期为0（立即删除）来完成删除 API 服务器上的 Pod。Pod 从 API 中消失，从客户端也不再可见。
+
+
+<!--
+By default, all deletes are graceful within 30 seconds. The `kubectl delete` command supports the `--grace-period=<seconds>` option which allows a user to override the default and specify their own value. The value `0` [force deletes](/docs/concepts/workloads/pods/pod/#force-deletion-of-pods) the pod. In kubectl version >= 1.5, you must specify an additional flag `--force` along with `--grace-period=0` in order to perform force deletions.
+-->
+
+默认情况下，所有删除在30秒内都是优雅的。`kubectl delete` 命令支持 `--grace-period=<seconds>` 选项，允许用户覆盖默认值并声明他们自己的宽限期。设置为 ‘0’ 会[强制删除](/docs/concepts/workloads/pods/pod/#force-deletion-of-pods) Pod。在 kubectl 1.5以后的版本（含1.5版本）中，为了执行强制删除，您还必须为 `--grace-period=0` 声明一个额外的 `--force` 标志。
+
+<!--
+### Force deletion of pods
+
+Force deletion of a pod is defined as deletion of a pod from the cluster state and etcd immediately. When a force deletion is performed, the apiserver does not wait for confirmation from the kubelet that the pod has been terminated on the node it was running on. It removes the pod in the API immediately so a new pod can be created with the same name. On the node, pods that are set to terminate immediately will still be given a small grace period before being force killed.
+
+Force deletions can be potentially dangerous for some pods and should be performed with caution. In case of StatefulSet pods, please refer to the task documentation for [deleting Pods from a StatefulSet](/docs/tasks/run-application/force-delete-stateful-set-pod/).
+-->
+
+### Pod 的强制删除
+
+强制删除pod定义为从集群状态和 etcd 中立即删除 Pod。当执行强制删除时，apiserver 并不会等待 kubelet 的确认信息，该 Pod 已在所运行的节点上被终止了。强制删除操作从 API 中立即清除了 Pod， 因此可以用相同的名称创建一个新的 Pod。在节点上，设置为立即终止的 Pod 还是会在被强制删除前设置一个小的宽限期。
+
+强制删除对某些 Pod 可能具有潜在危险，因此应该谨慎地执行。对于 StatefulSet 管理的 Pod，请参考 [从 StatefulSet 中删除 Pod](/docs/tasks/run-application/force-delete-stateful-set-pod/)的任务文档。
+
+<!--
+## Privileged mode for pod containers
+
+From Kubernetes v1.1, any container in a pod can enable privileged mode, using the `privileged` flag on the `SecurityContext` of the container spec. This is useful for containers that want to use linux capabilities like manipulating the network stack and accessing devices. Processes within the container get almost the same privileges that are available to processes outside a container. With privileged mode, it should be easier to write network and volume plugins as separate pods that don't need to be compiled into the kubelet.
+
+If the master is running Kubernetes v1.1 or higher, and the nodes are running a version lower than v1.1, then new privileged pods will be accepted by api-server, but will not be launched. They will be pending state.
+If user calls `kubectl describe pod FooPodName`, user can see the reason why the pod is in pending state. The events table in the describe command output will say:
+`Error validating pod "FooPodName"."FooPodNamespace" from api, ignoring: spec.containers[0].securityContext.privileged: forbidden '<*>(0xc2089d3248)true'`
+-->
+
+## Pod 容器的特权模式
+
+从 Kubernetes v1.1 开始，Pod 内的任何容器都可以开启特权模式，开启的方法是在容器声明中的  `SecurityContext` 域使用  `privileged` 标志。这对于希望使用linux功能（如操作网络堆栈和访问设备）的容器非常有用。容器内的进程获得的特权与容器外的进程几乎相同。使用特权模式，将网络和卷插件编写为不需要编译到 kubelet 中的独立的 Pod 应该更容易。
+
+如果主节点的 Kubernetes 版本是 v1.1 或更高，而工作节点的版本低于 v1.1，新的特权 Pod 将被 API 服务器接受，但不会被启动。它们将处于 pending 状态。如果用户使用命令 `kubectl describe pod FooPodName`，就可以看到 Pod 处于 pending 状态的原因。`describe` 命令的输出事件列表将显示：
+`Error validating pod "FooPodName"."FooPodNamespace" from api, ignoring: spec.containers[0].securityContext.privileged: forbidden '<*>(0xc2089d3248)true'`
+
+<!--
+If the master is running a version lower than v1.1, then privileged pods cannot be created. If user attempts to create a pod, that has a privileged container, the user will get the following error:
+`The Pod "FooPodName" is invalid.
+spec.containers[0].securityContext.privileged: forbidden '<*>(0xc20b222db0)true'`
+-->
+
+如果主节点的版本低于 v1.1，那么特权 Pod 就不能被创建。如果用户尝试创建有特权容器的 Pod，将会得到下面的错误信息：
+`The Pod "FooPodName" is invalid.
+spec.containers[0].securityContext.privileged: forbidden '<*>(0xc20b222db0)true'`
+
+<!--
+## API Object
+
+Pod is a top-level resource in the Kubernetes REST API. More details about the
+API object can be found at:
+[Pod API object](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core).
+
+{{% /capture %}}
+-->
+
+## API 对象
+
+Pod 是 Kubernetes REST API 中的顶级资源。关于该 API 对象的更详细信息请参考 [Pod API 对象](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core)。
diff --git a/content/zh/docs/concepts/workloads/pods/podpreset.md b/content/zh/docs/concepts/workloads/pods/podpreset.md
index 81b9f5d4db0cd..23106c2d66d1f 100644
--- a/content/zh/docs/concepts/workloads/pods/podpreset.md
+++ b/content/zh/docs/concepts/workloads/pods/podpreset.md
@@ -1,72 +1,151 @@
 ---
-approvers:
+reviewers:
 - jessfraz
 title: Pod Preset
 content_template: templates/concept
+weight: 50
 ---
 
 {{% capture overview %}}
-本文提供了 PodPreset 的概述。 在 pod 创建时，用户可以使用 `podpreset` 对象将特定信息注入
-pod 中，这些信息可以包括 secret、 卷、卷挂载和环境变量。
+<!--
+This page provides an overview of PodPresets, which are objects for injecting
+certain information into pods at creation time. The information can include
+secrets, volumes, volume mounts, and environment variables.
+-->
+本文提供了 PodPreset 的概述。 在 Pod 创建时，用户可以使用 PodPreset 对象将特定信息注入 Pod 中，这些信息可以包括 secret、 卷、卷挂载和环境变量。
 {{% /capture %}}
 
-{{< toc >}}
 
 {{% capture body %}}
+
+<!--
+## Understanding Pod Presets
+
+A `Pod Preset` is an API resource for injecting additional runtime requirements
+into a Pod at creation time.
+You use [label selectors](/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+to specify the Pods to which a given Pod Preset applies.
+-->
+
 ## 理解 Pod Preset
 
-`Pod Preset` 是一种 API 资源，在 pod 创建时，用户可以用它将额外的运行时需求信息注入 pod。
-使用[标签选择器（label selector）](/docs/concepts/overview/working-with-objects/labels/#label-selectors)来指定 Pod Preset 所适用的 pod。
+`Pod Preset` 是一种 API 资源，在 Pod 创建时，用户可以用它将额外的运行时需求信息注入 Pod。
+使用[标签选择器（label selector）](/docs/concepts/overview/working-with-objects/labels/#label-selectors)来指定 Pod Preset 所适用的 Pod。
+
+<!--
+Using a Pod Preset allows pod template authors to not have to explicitly provide
+all information for every pod. This way, authors of pod templates consuming a
+specific service do not need to know all the details about that service.
+-->
+
+使用 Pod Preset 使得 Pod 模板编写者不必显式地为每个 Pod 设置信息。
+这样，使用特定服务的 Pod 模板编写者不需要了解该服务的所有细节。
 
-使用 Pod Preset 使得 pod 模板编写者不必显式地为每个 pod 设置信息。
-这样，使用特定服务的 pod 模板编写者不需要了解该服务的所有细节。
+<!--
+For more information about the background, see the [design proposal for PodPreset](https://git.k8s.io/community/contributors/design-proposals/service-catalog/pod-preset.md).
+-->
 
 了解更多的相关背景信息，请参考 [ PodPreset 设计提案](https://git.k8s.io/community/contributors/design-proposals/service-catalog/pod-preset.md)。
 
+<!--
+## How It Works
+
+Kubernetes provides an admission controller (`PodPreset`) which, when enabled,
+applies Pod Presets to incoming pod creation requests.
+When a pod creation request occurs, the system does the following:
+-->
+
 ## PodPreset 如何工作
 
 Kubernetes 提供了准入控制器 (`PodPreset`)，该控制器被启用时，会将 Pod Preset 
-应用于接收到的 pod 创建请求中。
-当出现 pod 创建请求时，系统会执行以下操作：
+应用于接收到的 Pod 创建请求中。
+当出现 Pod 创建请求时，系统会执行以下操作：
+
+<!--
+1. Retrieve all `PodPresets` available for use.
+1. Check if the label selectors of any `PodPreset` matches the labels on the
+   pod being created.
+1. Attempt to merge the various resources defined by the `PodPreset` into the
+   Pod being created.
+1. On error, throw an event documenting the merge error on the pod, and create
+   the pod _without_ any injected resources from the `PodPreset`.
+1. Annotate the resulting modified Pod spec to indicate that it has been
+   modified by a `PodPreset`. The annotation is of the form
+   `podpreset.admission.kubernetes.io/podpreset-<pod-preset name>: "<resource version>"`.
+-->
 
 1. 检索所有可用 `PodPresets` 。
-1. 检查 `PodPreset` 的标签选择器与要创建的 pod 的标签是否匹配。
-1. 尝试合并 `PodPreset` 中定义的各种资源，并注入要创建的 pod。
-1. 发生错误时抛出事件，该事件记录了 pod 信息合并错误，同时在 _不注入_ `PodPreset` 信息的情况下创建 pod。
-1. 为改动的 pod spec 添加注解，来表明它被 `PodPreset` 所修改。 注解形如：
+1. 检查 `PodPreset` 的标签选择器与要创建的 Pod 的标签是否匹配。
+1. 尝试合并 `PodPreset` 中定义的各种资源，并注入要创建的 Pod。
+1. 发生错误时抛出事件，该事件记录了 pod 信息合并错误，同时在 _不注入_ `PodPreset` 信息的情况下创建 Pod。
+1. 为改动的 Pod spec 添加注解，来表明它被 `PodPreset` 所修改。 注解形如：
 `podpreset.admission.kubernetes.io/podpreset-<pod-preset name>": "<resource version>"`。
 
+<!--
+Each Pod can be matched by zero or more Pod Presets; and each `PodPreset` can be
+applied to zero or more pods. When a `PodPreset` is applied to one or more
+Pods, Kubernetes modifies the Pod Spec. For changes to `Env`, `EnvFrom`, and
+`VolumeMounts`, Kubernetes modifies the container spec for all containers in
+the Pod; for changes to `Volume`, Kubernetes modifies the Pod Spec.
+-->
+
 一个 Pod 可能不与任何 Pod Preset 匹配，也可能匹配多个 Pod Preset。 同时，一个 `PodPreset` 
 可能不应用于任何 Pod，也可能应用于多个 Pod。 当 `PodPreset` 应用于一个或多个 Pod 时，Kubernetes
 修改 pod spec。 对于 `Env`、 `EnvFrom` 和 `VolumeMounts` 的改动， Kubernetes 修改 pod 
 中所有容器的规格，对于卷的改动，Kubernetes 修改 Pod spec。
 
+
 {{< note >}}
-**注意：** Pod Preset 能够在适当的时候修改 Pod spec 的 `spec.containers` 字段，
-但是不会应用于 `initContainers` 字段。
+<!--A Pod Preset is capable of modifying the `.spec.containers` field in a
+Pod spec when appropriate. *No* resource definition from the Pod Preset will be
+applied to the `initContainers` field.-->
+
+Pod Preset 能够在适当的时候修改 Pod spec 的 `spec.containers` 字段，但是不会应用于 `initContainers` 字段。
 {{< /note >}}
 
+<!--
+### Disable Pod Preset for a Specific Pod
+
+There may be instances where you wish for a Pod to not be altered by any Pod
+Preset mutations. In these cases, you can add an annotation in the Pod Spec
+of the form: `podpreset.admission.kubernetes.io/exclude: "true"`.
+-->
+
 ### 为特定 Pod 禁用 Pod Preset
 
-在一些情况下，用户不希望 pod 被 pod preset 所改动，这时，用户可以在 pod spec 中添加形如
- `podpreset.admission.kubernetes.io/exclude: "true"` 的注解。
+在一些情况下，用户不希望 Pod 被 Pod Preset 所改动，这时，用户可以在 Pod spec 中添加形如 `podpreset.admission.kubernetes.io/exclude: "true"` 的注解。
+
+<!--
+## Enable Pod Preset
+
+In order to use Pod Presets in your cluster you must ensure the following:
+-->
 
 ## 启用 Pod Preset
 
 为了在集群中使用 Pod Preset，必须确保以下几点：
 
-1.  已启用 api 类型 `settings.k8s.io/v1alpha1/podpreset`。 这可以通过在 API 服务器的
-    `--runtime-config` 配置项中包含 `settings.k8s.io/v1alpha1=true` 来实现。
-1.  已启用准入控制器 `PodPreset`。 启用的一种方式是在 API 服务器的 `--admission-control`
-    配置项中包含 `PodPreset` 。
-1.  已经通过在相应的名字空间中创建 `PodPreset` 对象，定义了 Pod preset。
-
-{{% /capture %}}
+<!--
+1.  You have enabled the API type `settings.k8s.io/v1alpha1/podpreset`. For
+    example, this can be done by including `settings.k8s.io/v1alpha1=true` in
+    the `--runtime-config` option for the API server.
+1.  You have enabled the admission controller `PodPreset`. One way to doing this
+    is to include `PodPreset` in the `--enable-admission-plugins` option value specified
+    for the API server.
+1.  You have defined your Pod Presets by creating `PodPreset` objects in the
+    namespace you will use.
+-->
 
-{{% capture whatsnext %}}
+1.  已启用 API 类型 `settings.k8s.io/v1alpha1/podpreset`。 这可以通过在 API 服务器的 `--runtime-config` 配置项中包含 `settings.k8s.io/v1alpha1=true` 来实现。
+1.  已启用准入控制器 `PodPreset`。 启用的一种方式是在 API 服务器的 `--admission-control` 配置项中包含 `PodPreset` 。
+1.  已经通过在相应的命名空间中创建 `PodPreset` 对象，定义了 Pod Preset。
 
-* [使用 PodPreset 将信息注入 Pods](/docs/tasks/inject-data-application/podpreset/)
 
 {{% /capture %}}
 
-
+{{% capture whatsnext %}}
+<!--
+* [Injecting data into a Pod using PodPreset](/docs/tasks/inject-data-application/podpreset/)
+-->
+* [使用 PodPreset 将信息注入 Pod](/docs/tasks/inject-data-application/podpreset/)
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/_index.md b/content/zh/docs/contribute/_index.md
new file mode 100644
index 0000000000000..a3ec22713b5f5
--- /dev/null
+++ b/content/zh/docs/contribute/_index.md
@@ -0,0 +1,173 @@
+---
+content_template: templates/concept
+title: 为 Kubernetes 文档做贡献
+linktitle: 贡献
+main_menu: true
+weight: 80
+---
+
+<!--
+---
+content_template: templates/concept
+title: Contribute to Kubernetes docs
+linktitle: Contribute
+main_menu: true
+weight: 80
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+If you would like to help contribute to the Kubernetes documentation or website,
+we're happy to have your help! Anyone can contribute, whether you're new to the
+project or you've been around a long time, and whether you self-identify as a
+developer, an end user, or someone who just can't stand seeing typos.
+-->
+
+如果你想帮助对 Kubernetes 文档或网站做出贡献，我们很高兴得到你的帮助！
+任何人都可以做出贡献，无论你刚参与项目还是参与了很长时间，无论你是开发人员还是用户，或是无法忍受看到拼写错误的人。
+
+<!--
+For more ways to get involved in the Kubernetes community or to learn about us,
+also visit the [Kubernetes community site](/community/).
+-->
+
+更多途径参与 Kubernetes 社区或了解我们，请访问 [Kubernetes 社区网站](/community/)。
+
+<!--
+Looking for the [style guide](/docs/contribute/style/style-guide/) or the
+[Kubernetes Community site](/community/)?
+-->
+
+查找 [样式指南](/docs/contribute/style/style-guide/) 或者 [Kubernetes 社区网站](/community/)？
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Types of contributor
+-->
+
+## 贡献者类型
+
+<!--
+- A _member_ of the Kubernetes organization has [signed the CLA](/docs/contribute/start#sign-the-cla)
+  and contributed some time and effort to the project. See
+  [Community membership](https://github.com/kubernetes/community/blob/master/community-membership.md)
+  for specific criteria for membership.
+-->
+
+- [签署了 CLA](/docs/contribute/start#sign-the-cla)并为项目贡献了时间和精力的 Kubernetes 组织的_成员_。
+  参见 [社区成员](https://github.com/kubernetes/community/blob/master/community-membership.md) 中对于成员资格的具体标准。
+
+<!--
+- A SIG Docs _reviewer_ is a member of the Kubernetes organization who has
+  expressed interest in reviewing documentation pull requests and who has been
+  added to the appropriate Github group and `OWNERS` files in the Github
+  repository, by a SIG Docs Approver.
+-->
+
+- SIG Docs 的_评审者_是对评审文档 PR 感兴趣，并被 SIG Docs 审批者添加到 Github 群组并在 Github 仓库中 `OWNERS` 文件的 Kubernetes 组织的成员。
+
+<!--
+- A SIG Docs _approver_ is a member in good standing who has shown a continued
+  commitment to the project and is granted the ability to merge pull requests
+  and thus to publish content on behalf of the Kubernetes organization.
+  Approvers can also represent SIG Docs in the larger Kubernetes community.
+  Some of the duties of a SIG Docs approver, such as coordinating a release,
+  require a significant time commitment.
+-->
+
+- SIG Docs 的_审批者_是对项目持续贡献，并被授予合并 PR 权限和代表 Kubernetes 组织发布内容的成员。
+  批准人也可以在更广泛的 Kubernetes 社区中代表 SIG Docs 团队。
+  SIG Docs审批者的一些职责，如协调发布版本，需要大量的时间投入。
+
+<!--
+## Ways to contribute
+-->
+
+## 贡献途径
+
+<!--
+This list is divided into things anyone can do, things Kubernetes organization
+members can do, and things that require a higher level of access and familiarity
+with SIG Docs processes. Contributing consistently over time can help you
+understand some of the tooling and organizational decisions that have already
+been made.
+-->
+
+以下列表将工作分成了：任何人都可以做的工作、Kubernetes 组织成员可以做的工作，和熟悉 SIG Docs 流程并且有更高访问权限才能做的工作。
+持续的贡献可以帮助你理解已有的工具和组织决策。
+
+<!--
+This is not an exhaustive list of ways you can contribute to the Kubernetes
+documentation, but it should help you get started.
+-->
+
+你对 Kubernetes 文档可以做出的贡献不仅限于列表列出的条目，但它可以帮助你开动起来。
+
+<!--
+- [Anyone](/docs/contribute/start/)
+  - File actionable bugs
+-->
+
+- [任何人](/docs/contribute/start/)
+  - 登记记录可修正的错误
+
+<!--
+- [Member](/docs/contribute/start/)
+  - Improve existing docs
+  - Bring up ideas for improvement on Slack or SIG docs mailing list
+  - Improve docs accessibility
+  - Provide non-binding feedback on PRs
+  - Write a blog post or case study
+-->
+
+- [成员](/docs/contribute/start/)
+  - 完善已有文档
+  - 在 Slack 或 SIG Docs 邮件列表中提出改进意见
+  - 提升文档的易用性
+  - 对 PR 提出无约束的反馈
+  - 编写博文和案例分析
+
+<!--
+- [Reviewer](/docs/contribute/intermediate/)
+  - Document new features
+  - Triage and categorize issues
+  - Review PRs
+  - Create diagrams, graphics assets, and embeddable screencasts / videos
+  - Localization
+  - Contribute to other repos as a docs representative
+  - Edit user-facing strings in code
+  - Improve code comments, Godoc
+-->
+
+- [评审者](/docs/contribute/intermediate/)
+  - 为新功能特性编写文档
+  - 对 issue 进行筛选和分类
+  - 评审 PR
+  - 创建图表、图形分析和嵌入式的屏幕/视频
+  - 本地化
+  - 作为 docs 小组的代表为其他项目仓库做贡献
+  - 在代码中编辑面向用户的字符串
+  - 改进代码注释和 Godoc
+
+<!--
+- [Approver](/docs/contribute/advanced/)
+  - Publish contributor content by approving and merging PRs
+  - Participate in a Kubernetes release team as a docs representative
+  - Propose improvements to the style guide
+  - Propose improvements to docs tests
+  - Propose improvements to the Kubernetes website or other tooling
+-->
+
+- [审批者](/docs/contribute/advanced/)
+  - 通过批准和合并 PR 发布贡献成果
+  - 作为 docs 团队的代表参与 Kubernetes 发布团队
+  - 对样式指南提出改进建议
+  - 对文档测试提出改进建议
+  - 对 Kubernetes 网站或其他工具提出改进建议
+
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/advanced.md b/content/zh/docs/contribute/advanced.md
new file mode 100644
index 0000000000000..7df7d280f3dfa
--- /dev/null
+++ b/content/zh/docs/contribute/advanced.md
@@ -0,0 +1,232 @@
+---
+title: 高级贡献
+slug: advanced
+content_template: templates/concept
+weight: 30
+---
+
+<!--
+---
+title: Advanced contributing
+slug: advanced
+content_template: templates/concept
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page assumes that you've read and mastered the
+[Start contributing](/docs/contribute/start/) and
+[Intermediate contributing](/docs/contribute/intermediate/) topics and are ready
+to learn about more ways to contribute. You need to use the Git command line
+client and other tools for some of these tasks.
+-->
+
+如果你已经阅读并掌握[开始贡献](/docs/contribute/start/)和[中级贡献](/docs/contribute/intermediate/)，并准备了解更多贡献的途径，请阅读此文。
+您需要使用 Git 命令行工具和其他工具做这些工作。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Be the PR Wrangler for a week
+-->
+
+## 做一周的 PR 管理者
+
+<!--
+SIG Docs [approvers](/docs/contribute/participating/#approvers) can be PR
+wranglers.
+-->
+
+SIG Docs 的[审批者](/docs/contribute/participating/#approvers)可以成为 PR 管理者。
+
+<!--
+SIG Docs approvers are added to the
+[PR Wrangler rotation scheduler](https://github.com/kubernetes/website/wiki/PR-Wranglers)
+for weekly rotations. The PR wrangler's duties include:
+-->
+
+SIG Docs 的审批者会每周轮换地加入到 [PR 管理者轮换日程](https://github.com/kubernetes/website/wiki/PR-Wranglers)中。
+PR 管理者的工作职责包括：
+
+<!--
+- Review incoming pull requests daily.
+  - Help new contributors sign the CLA, and close any PR where the CLA hasn't
+    been signed for two weeks. PR authors can reopen the PR after signing the
+    CLA, so this is a low-risk way to make sure nothing gets merged without a
+    signed CLA.
+  - Provide feedback on proposed changes, including helping facilitate technical
+    review from members of other SIGs.
+  - Merge PRs when they are ready, or close PRs that shouldn't be accepted.
+- Triage and tag incoming issues daily. See
+  [Intermediate contributing](/docs/contribute/intermediate/) for guidelines
+  about how SIG Docs uses metadata.
+-->
+
+- 每天评审新增的 PR
+  - 指导新的贡献者签署 CLA，关闭两周都没有签署 CLA 的提交人的 PR。
+    PR 提交人在签署 CLA 之后可以重启 PR，所以 PR 管理者需要保证这段时间内相关文件没有合入。
+  - 对改进建议的更新提供反馈信息，包括促成其他 SIG 成员的技术性评审。
+  - 合入符合要求的 PR，关闭不符合要求的 PR。
+- 每天筛选和标记新增的 issue。参见[中级贡献](/docs/contribute/intermediate/)中有关 SIG Docs 成员使用 metadata 的指南。
+
+<!--
+## Propose improvements
+-->
+
+## 提出改进建议
+
+<!--
+SIG Docs
+[members](/docs/contribute/participating/#members) can propose improvements.
+-->
+
+SIG Docs 的[成员](/docs/contribute/participating/#members)可以提出改进建议。
+
+<!--
+After you've been contributing to the Kubernetes documentation for a while, you
+may have ideas for improvement to the style guide, the toolchain used to build
+the documentation, the website style, the processes for reviewing and merging
+pull requests, or other aspects of the documentation. For maximum transparency,
+these types of proposals need to be discussed in a SIG Docs meeting or on the
+[kubernetes-sig-docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs).
+In addition, it can really help to have some context about the way things
+currently work and why past decisions have been made before proposing sweeping
+changes. The quickest way to get answers to questions about how the documentation
+currently works is to ask in the `#sig-docs` Slack channel on
+[kubernetes.slack.com](https://kubernetes.slack.com)
+-->
+
+在对 Kubernetes 文档贡献了一段时间后，你可能会对样式指南、用于构建文档的工具链、网页样式、评审和合入 PR 的流程，或者文档的其他方面产生改进的想法。为了尽可能透明化，这些提议都需要在 SIG Docs 会议或 [kubernetes-sig-docs 邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)上讨论。此外，在提出全面的改进之前，它能真正帮助我们了解有关“当前工作如何运作”和“以往的决定是为何做出”的背景。想了解文档的当前运作方式，最快的途径是咨询 [kubernetes.slack.com](https://kubernetes.slack.com) 中的 `#sig-docs` 聊天群组。
+
+<!--
+After the discussion has taken place and the SIG is in agreement about the desired
+outcome, you can work on the proposed changes in the way that is the most
+appropriate. For instance, an update to the style guide or the website's
+functionality might involve opening a pull request, while a change related to
+documentation testing might involve working with sig-testing.
+-->
+
+在进行了讨论并且 SIG 就期望的结果达成一致之后，你就能以最合理的方式处理改进建议了。例如，样式指南或网站功能的更新可能涉及 PR 的新增，而与文档测试相关的更改可能涉及 sig-testing。
+
+<!--
+## Coordinate docs for a Kubernetes release
+-->
+
+## 为 Kubernetes 版本发布协调文档
+
+<!--
+SIG Docs [approvers](/docs/contribute/participating/#approvers) can coordinate
+docs for a Kubernetes release.
+-->
+
+SIG Docs 的[审批者](/docs/contribute/participating/#approvers)可以为 Kubernetes 版本发布协调文档。
+
+<!--
+Each Kubernetes release is coordinated by a team of people participating in the
+sig-release Special Interest Group (SIG). Others on the release team for a given
+release include an overall release lead, as well as representatives from sig-pm,
+sig-testing, and others. To find out more about Kubernetes release processes,
+refer to
+[https://github.com/kubernetes/sig-release](https://github.com/kubernetes/sig-release).
+-->
+
+每一个 Kubernetes 版本都是由参与 sig-release 的 SIG（特别兴趣小组）的一个团队协调的。指定版本的发布团队中还包括总体发布牵头人，以及来自 sig-pm、sig-testing 的代表等。了解更多关于 Kubernetes 版本发布的流程，请参考 [https://github.com/kubernetes/sig-release](https://github.com/kubernetes/sig-release)。
+
+<!--
+The SIG Docs representative for a given release coordinates the following tasks:
+-->
+
+SIG Docs 团队的代表需要为一个指定的版本协调以下工作：
+
+<!--
+- Monitor the feature-tracking spreadsheet for new or changed features with an
+  impact on documentation. If documentation for a given feature won't be ready
+  for the release, the feature may not be allowed to go into the release.
+-->
+
+- 通过特性跟踪表来监视新功能特性或现有功能特性的修改。如果版本的某个功能特性的文档没有为发布做好准备，那么该功能特性不允许进入发布版本。
+
+<!--
+- Attend sig-release meetings regularly and give updates on the status of the
+  docs for the release.
+-->
+
+- 定期参加 sig-release 会议并对文档状态进行更新。
+
+<!--
+- Review and copyedit feature documentation drafted by the SIG responsible for
+  implementing the feature.
+-->
+
+- 评审和修改由负责实现某功能特性的 SIG 起草的功能特性文档。
+
+<!--
+- Merge release-related pull requests and maintain the Git feature branch for
+  the release.
+-->
+
+- 合入版本发布相关的 PR，并为对应发布版本维护 Git 特性分支。
+
+<!--
+- Mentor other SIG Docs contributors who want to learn how to do this role in
+  the future. This is known as "shadowing".
+-->
+
+- 指导那些想学习并有意愿担当该角色的 SIG Docs 贡献者。这就是我们常说的“实习”。
+
+<!--
+- Publish the documentation changes related to the release when the release
+  artifacts are published.
+-->
+
+- 发布版本的制品发布时，相关的文档更新也需要发布。
+
+<!--
+Coordinating a release is typically a 3-4 month commitment, and the duty is
+rotated among SIG Docs approvers.
+-->
+
+协调一个版本发布通常需要 3-4 个月的时间投入，该任务由 SIG Docs 审批者轮流承担。
+
+<!--
+## Sponsor a new contributor
+-->
+
+## 保荐新的贡献者
+
+<!--
+SIG Docs [reviewers](/docs/contribute/participating/#reviewers) can sponsor
+new contributors.
+-->
+
+SIG Docs 的[评审者](/docs/contribute/participating/#reviewers)可以保荐新的贡献者。
+
+<!--
+After a new contributor has successfully submitted 5 substantive pull requests
+to one or more Kubernetes repositiries, they are eligible to apply for
+[membership](/docs/contribute/participating#members) in the Kubernetes
+organization. The contributor's membership needs to be backed by two sponsors
+who are already reviewers.
+-->
+
+新的贡献者针对一个或多个 Kubernetes 项目仓库成功提交了 5 个实质性 PR 之后，就有资格申请 Kubernetes 组织[成员](/docs/contribute/participating#members)。贡献者的成员资格需要同时得到两位评审者的保荐。
+
+<!--
+New docs contributors can request sponsors by asking in the #sig-docs channel
+on the [Kubernetes Slack instance](https://kubernetes.slack.com) or on the
+[SIG Docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs).
+If you feel confident about the applicant's work, you volunteer to sponsor them.
+When they submit their membership application, reply to the application with a
+"+1" and include details about why you think the applicant is a good fit for
+membership in the Kubernetes organization.
+-->
+
+新的文档贡献者可以通过咨询 [Kubernetes Slack instance](https://kubernetes.slack.com) 上的 #sig-docs 或 [SIG Docs 邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-docs) 来请求评审者保荐。如果你对申请人的工作充满信心，你自愿保荐他们。当他们提交成员资格申请时，回复“+1”并详细说明为什么你认为申请人适合加入 Kubernetes 组织。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/contribute/generate-ref-docs/_index.md b/content/zh/docs/contribute/generate-ref-docs/_index.md
new file mode 100644
index 0000000000000..ac5f61a40f883
--- /dev/null
+++ b/content/zh/docs/contribute/generate-ref-docs/_index.md
@@ -0,0 +1,21 @@
+---
+title: 参考文档概述
+main_menu: true
+weight: 80
+---
+
+<!--
+---
+title: Reference docs overview
+main_menu: true
+weight: 80
+---
+-->
+
+<!--
+Much of the Kubernetes reference documentation is generated from Kubernetes
+source code, using scripts. The topics in this section document how to generate
+this type of content.
+-->
+
+许多 Kubernetes 参考文档都是使用脚本从 Kubernetes 源代码生成的。本节的主题是如何生成这种类型的文档。
diff --git a/content/zh/docs/contribute/generate-ref-docs/federation-api.md b/content/zh/docs/contribute/generate-ref-docs/federation-api.md
new file mode 100644
index 0000000000000..c4023ab8a4848
--- /dev/null
+++ b/content/zh/docs/contribute/generate-ref-docs/federation-api.md
@@ -0,0 +1,152 @@
+---
+title: 为 Kubernetes 联邦 API 生成参考文档
+content_template: templates/task
+---
+
+<!--
+---
+title: Generating Reference Documentation for Kubernetes Federation API
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to automatically generate reference pages for the
+Kubernetes Federation API.
+-->
+
+本节介绍如何为 Kubernetes 联邦 API 自动生成参考文档。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+<!--
+* You need to have
+[Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+installed.
+-->
+
+* 你需要安装 [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)。
+
+<!--
+* You need to have
+[Golang](https://golang.org/doc/install) version 1.9.1 or later installed,
+and your `$GOPATH` environment variable must be set.
+-->
+
+* 你需要安装 1.9.1 或更高版本的 [Golang](https://golang.org/doc/install)，并在环境变量中设置你的 `$GOPATH`。
+
+<!--
+* You need to have
+[Docker](https://docs.docker.com/engine/installation/) installed.
+-->
+
+* 你需要安装 [Docker](https://docs.docker.com/engine/installation/)。
+
+<!--
+* You need to know how to create a pull request to a GitHub repository.
+Typically, this involves creating a fork of the repository. For more
+information, see
+[Creating a Documentation Pull Request](/docs/home/contribute/create-pull-request/).
+-->
+
+* 你需要知道如何在一个 GitHub 项目仓库中创建一个 PR。一般来说，这涉及到创建仓库的一个分支。想了解更多信息，请参见[创建一个文档 PR](/docs/home/contribute/create-pull-request/)。
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Running the update-federation-api-docs.sh script
+-->
+
+## 运行 update-federation-api-docs.sh 脚本
+
+<!--
+If you don't already have the Kubernetes federation source code, get it now:
+-->
+
+如果你还没有 Kubernetes 联邦的源码，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes/federation
+```
+
+<!--
+Determine the base directory of your local
+[kubernetes/federation](https://github.com/kubernetes/federation) repository.
+For example, if you followed the preceding step to get the federation source
+code, your base directory is `$GOPATH/src/github.com/kubernetes/federation.`
+The remaining steps refer to your base directory as `<fed-base>`.
+-->
+
+确定本地 [kubernetes/federation](https://github.com/kubernetes/federation) 仓库的主目录。
+例如，如果按照前面的步骤获取联邦的源码，则主目录是 `$GOPATH/src/github.com/kubernetes/federation`。
+下文将该目录称为 `<fed-base>`。
+
+<!--
+Run the doc generation script:
+-->
+
+运行文档生成脚本：
+
+```shell
+cd <fed-base>
+hack/update-federation-api-reference-docs.sh
+```
+
+<!--
+The script runs the
+[k8s.gcr.io/gen-swagger-docs](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/gen-swagger-docs?gcrImageListquery=%255B%255D&gcrImageListpage=%257B%2522t%2522%253A%2522%2522%252C%2522i%2522%253A0%257D&gcrImageListsize=50&gcrImageListsort=%255B%257B%2522p%2522%253A%2522uploaded%2522%252C%2522s%2522%253Afalse%257D%255D)
+image to generate this set of reference docs:
+-->
+
+脚本运行 [k8s.gcr.io/gen-swagger-docs](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/gen-swagger-docs?gcrImageListquery=%255B%255D&gcrImageListpage=%257B%2522t%2522%253A%2522%2522%252C%2522i%2522%253A0%257D&gcrImageListsize=50&gcrImageListsort=%255B%257B%2522p%2522%253A%2522uploaded%2522%252C%2522s%2522%253Afalse%257D%255D) 镜像来生成以下参考文档：
+
+* /docs/api-reference/extensions/v1beta1/operations.html
+* /docs/api-reference/extensions/v1beta1/definitions.html
+* /docs/api-reference/v1/operations.html
+* /docs/api-reference/v1/definitions.html
+
+<!--
+The generated files do not get published automatically. They have to be manually copied to the
+[kubernetes/website](https://github.com/kubernetes/website/tree/master/content/en/docs/reference/generated)
+repository.
+-->
+
+生成的文件不会被自动发布。你必须手工将它们复制到 [kubernetes/website](https://github.com/kubernetes/website/tree/master/content/en/docs/reference/generated) 仓库。
+
+<!--
+These files are published at
+[kubernetes.io/docs/reference](/docs/reference/):
+-->
+
+以下文件发布在 [kubernetes.io/docs/reference](/docs/reference/)：
+
+* [Federation API v1 Operations](/docs/reference/federation/v1/operations/)
+* [Federation API v1 Definitions](/docs/reference/federation/v1/definitions/)
+* [Federation API extensions/v1beta1 Operations](/docs/reference/federation/extensions/v1beta1/operations/)
+* [Federation API extensions/v1beta1 Definitions](/docs/reference/federation/extensions/v1beta1/definitions/)
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* [Generating Reference Documentation for the Kubernetes API](/docs/home/contribute/generated-reference/kubernetes-api/)
+* [Generating Reference Documentation for kubectl Commands](/docs/home/contribute/generated-reference/kubectl/)
+* [Generating Reference Pages for Kubernetes Components and Tools](/docs/home/contribute/generated-reference/kubernetes-components/)
+-->
+
+* [为 Kubernetes API 生成参考文档](/docs/home/contribute/generated-reference/kubernetes-api/)
+* [为 kubectl 命令集生成参考文档](/docs/home/contribute/generated-reference/kubectl/)
+* [为 Kubernetes 组件和工具生成参考页](/docs/home/contribute/generated-reference/kubernetes-components/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/generate-ref-docs/kubectl.md b/content/zh/docs/contribute/generate-ref-docs/kubectl.md
new file mode 100644
index 0000000000000..ae64df1dc2378
--- /dev/null
+++ b/content/zh/docs/contribute/generate-ref-docs/kubectl.md
@@ -0,0 +1,473 @@
+---
+title: 为 kubectl 命令集生成参考文档
+content_template: templates/task
+---
+
+<!--
+---
+title: Generating Reference Documentation for kubectl Commands
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to automatically generate reference pages for the
+commands provided by the `kubectl` tool.
+-->
+
+该页面显示了如何自动生成 `kubectl` 工具提供的命令的参考页面。
+
+{{< note >}}
+<!--
+This topic shows how to generate reference documentation for
+[kubectl commands](/docs/reference/generated/kubectl/kubectl-commands)
+like
+[kubectl apply](/docs/reference/generated/kubectl/kubectl-commands#apply) and
+[kubectl taint](/docs/reference/generated/kubectl/kubectl-commands#taint).
+-->
+
+本主题展示了如何为 [kubectl 命令集](/docs/reference/generated/kubectl/kubectl-commands) 生成参考文档，如 [kubectl apply](/docs/reference/generated/kubectl/kubectl-commands#apply) 和 [kubectl taint](/docs/reference/generated/kubectl/kubectl-commands#taint)。
+
+<!--
+This topic does not show how to generate the
+[kubectl](/docs/reference/generated/kubectl/kubectl/)
+options reference page. For instructions on how to generate the kubectl options
+reference page, see
+[Generating Reference Pages for Kubernetes Components and Tools](/docs/home/contribute/generated-reference/kubernetes-components/).
+-->
+
+本主题没有展示如何生成 [kubectl](/docs/reference/generated/kubectl/kubectl/) 组件的参考页面。相关说明请参见[为 Kubernetes 组件和工具生成参考页面](/docs/home/contribute/generated-reference/kubernetes-components/)。
+{{< /note >}}
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+<!--
+* You need to have
+[Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+installed.
+-->
+
+* 你需要安装 [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)。
+
+<!--
+* You need to have
+[Golang](https://golang.org/doc/install) version 1.9.1 or later installed,
+and your `$GOPATH` environment variable must be set.
+-->
+
+* 你需要安装 1.9.1 或更高版本的 [Golang](https://golang.org/doc/install), 并在环境变量中设置 `$GOPATH`。
+
+<!--
+* You need to have
+[Docker](https://docs.docker.com/engine/installation/) installed.
+-->
+
+* 你需要安装 [Docker](https://docs.docker.com/engine/installation/)。
+
+<!--
+* You need to know how to create a pull request to a GitHub repository.
+Typically, this involves creating a fork of the repository. For more
+information, see
+[Creating a Documentation Pull Request](/docs/home/contribute/create-pull-request/) and
+[GitHub Standard Fork & Pull Request Workflow](https://gist.github.com/Chaser324/ce0505fbed06b947d962).
+-->
+
+* 你需要知道如何在一个 GitHub 项目仓库中创建一个 PR。一般来说，这涉及到创建仓库的一个分支。想了解更多信息，请参见[创建一个文档 PR](/docs/home/contribute/create-pull-request/) 和 [GitHub 标准 Fork&PR 工作流](https://gist.github.com/Chaser324/ce0505fbed06b947d962)。
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Getting three repositories
+-->
+
+## 下载三个仓库
+
+<!--
+If you don't already have the kubernetes/kubernetes repository, get it now:
+-->
+
+如果你还没有下载过 kubernetes/kubernetes 仓库，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes/kubernetes
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository.
+For example, if you followed the preceding step to get the repository, your
+base directory is `$GOPATH/src/github.com/kubernetes/kubernetes.`
+The remaining steps refer to your base directory as `<k8s-base>`.
+-->
+
+确定 [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes/kubernetes`。下文将该目录称为 `<k8s-base>`。
+
+<!--
+If you don't already have the kubernetes/website repository, get it now:
+-->
+
+如果你还没有下载过 kubernetes/website 仓库，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes/website
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes/website](https://github.com/kubernetes/website) repository.
+For example, if you followed the preceding step to get the repository, your
+base directory is `$GOPATH/src/github.com/kubernetes/website.`
+The remaining steps refer to your base directory as `<web-base>`.
+-->
+
+确定 [kubernetes/website](https://github.com/kubernetes/website) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes/website`。下文将该目录称为 `<web-base>`。
+
+<!--
+If you don't already have the kubernetes-incubator/reference-docs repository, get it now:
+-->
+
+如果你还没有下载过 kubernetes-incubator/reference-docs 仓库，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes-incubator/reference-docs
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs) repository.
+For example, if you followed the preceding step to get the repository, your
+base directory is `$GOPATH/src/github.com/kubernetes-incubator/reference-docs.`
+The remaining steps refer to your base directory as `<rdocs-base>`.
+-->
+
+确定 [kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes-incubator/reference-docs`。下文将该目录称为 `<rdocs-base>`。
+
+<!--
+In your local kubernetes/kubernetes repository, check out the branch of interest,
+and make sure it is up to date. For example, if you want to generate docs for
+Kubernetes 1.9, you could use these commands:
+-->
+
+进入 kubernetes/kubernetes 仓库的本地目录，检出感兴趣的分支，并确保它是最新的。例如，如果希望为 Kubernetes 1.9 生成文档，可以使用以下命令：
+
+```shell
+cd <k8s-base>
+git checkout release-1.9
+git pull https://github.com/kubernetes/kubernetes release-1.9
+```
+
+<!--
+## Editing the kubectl source code
+-->
+
+## 编辑 kubectl 源码
+
+<!--
+The reference documentation for the kubectl commands is automatically generated from
+kubectl source code. If you want to change the reference documentation, the first step
+is to change one or more comments in the kubectl source code. Make the change in your
+local kubernetes/kubernetes repository, and then submit a pull request to the master branch of
+[github.com/kubernetes/kubernetes](https://github.com/kubernetes/kubernetes).
+-->
+
+kubectl 命令集的参考文档是基于 kubectl 源码自动生成的。如果想要修改参考文档，可以从修改 kubectl 源码中的一个或多个注释开始。在本地 kubernetes/kubernetes 仓库中进行修改，然后向 [github.com/kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 的 master 分支提交 PR。
+
+<!--
+[PR 56673](https://github.com/kubernetes/kubernetes/pull/56673/files)
+is an example of a pull request that fixes a typo in the kubectl source code.
+-->
+
+[PR 56673](https://github.com/kubernetes/kubernetes/pull/56673/files) 是一个对 kubectl 源码中的笔误进行修复的 PR 示例。
+
+<!--
+Monitor your pull request, and respond to reviewer comments. Continue to monitor your
+pull request until it is merged into the master branch of the kubernetes/kubernetes repository.
+-->
+
+跟踪你的 PR，并回应评审人的评论。继续跟踪你的 PR，直到它合入到 kubernetes/kubernetes 仓库的 master 分支中。
+
+<!--
+## Cherry picking your change into a release branch
+-->
+
+## 以 cherry-pick 方式将你的修改合入已发布分支
+
+<!--
+Your change is now in the master branch, which is used for development of the next
+Kubernetes release. If you want your change to appear in the docs for a Kubernetes
+version that has already been released, you need to propose that your change be
+cherry picked into the release branch.
+-->
+
+你的修改已合入 master 分支中，该分支用于开发下一个 Kubernetes 版本。如果你希望修改部分出现在已发布的 Kubernetes 版本文档中，则需要提议将它们以 cherry-pick 方式合入已发布分支。
+
+<!--
+For example, suppose the master branch is being used to develop Kubernetes 1.10,
+and you want to backport your change to the release-1.9 branch. For instructions
+on how to do this, see
+[Propose a Cherry Pick](https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md).
+-->
+
+例如，假设 master 分支正用于开发 Kubernetes 1.10 版本，而你希望将修改合入到已发布的 1.9 版本分支。相关的操作指南，请参见 [提议一个 cherry-pick 合入](https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md)。
+
+<!--
+Monitor your cherry-pick pull request until it is merged into the release branch.
+-->
+
+跟踪你的 cherry-pick PR，直到它合入到已发布分支中。
+
+{{< note >}}
+<!--
+Proposing a cherry pick requires that you have permission to set a label and a
+milestone in your pull request. If you don’t have those permissions, you will
+need to work with someone who can set the label and milestone for you.
+-->
+
+提议一个 cherry-pick 合入，需要你有在 PR 中设置标签和里程碑的权限。如果你没有，你需要与有权限为你设置标签和里程碑的人合作完成。
+{{< /note >}}
+
+<!--
+## Editing Makefile
+-->
+
+## 编辑 Makefile
+
+<!--
+Go to `<rdocs-base>`, and open `Makefile` for editing:
+-->
+
+进入 `<rdocs-base>` 目录, 打开 `Makefile` 进行编辑：
+
+<!--
+Set `K8SROOT` to the base directory of your local kubernetes/kubernetes
+repository. Set `WEBROOT` to the base directory of your local kubernetes/website repository.
+Set `MINOR_VERSION` to the minor version of the docs you want to build. For example,
+if you want to build docs for Kubernetes 1.9, set `MINOR_VERSION` to 9. Save and close `Makefile`.
+-->
+
+将 `K8SROOT` 设置为 kubernetes/kubernetes 仓库的本地主目录。将 `WEBROOT` 设置为 kubernetes/website 仓库的本地主目录。将 `MINOR_VERSION` 设置为要构建的文档的副版本号。例如，如果要为 Kubernetes 1.9 版本构建文档，请将 `MINOR_VERSION` 设置为 9。保存并关闭 `Makefile`。
+
+<!--
+## Building the brodocs image
+-->
+
+## 制作 brodocs 镜像
+
+<!--
+The doc generation code requires the `pwittrock/brodocs` Docker image.
+-->
+
+文档生成代码需要 `pwittrock/brodocs` Docker 镜像。
+
+<!--
+This command creates the `pwittrock/brodocs` Docker image. It also tries to push the image to
+DockerHub, but it's OK if that step fails. As long as you have the image locally, the code generation
+can succeed.
+-->
+
+该命令用于创建 `pwittrock/brodocs` Docker 镜像。它还尝试将镜像推送到 DockerHub，但是如果该步骤失败也没关系。只要镜像在本地，就可以成功生成代码。
+
+
+```shell
+make brodocs
+```
+
+<!--
+Verify that you have the brodocs image:
+-->
+
+确认 brodocs 镜像是否存在：
+
+```shell
+docker images
+```
+
+<!--
+The output shows `pwittrock/brodocs` as one of the available images:
+-->
+
+输出显示 `pwittrock/brodocs` 是可用镜像之一：
+
+```shell
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+pwittrock/brodocs   latest              999d34a50d56        5 weeks ago         714MB
+```
+
+<!--
+## Creating a version directory
+-->
+
+## 创建版本目录
+
+<!--
+In the `gen-kubectldocs/generators` directory, if you do not already
+have a directory named `v1_MINOR_VERSION`, create one now by copying the directory
+for the previous version. For example, suppose you want to generate docs for
+Kubernetes 1.9, but you don't already have a `v1_9` directory. Then you could
+create and populate a `v1_9` directory by running these commands:
+-->
+
+在 `gen-kubectldocs/generators` 目录中，如果你还没有一个名为 `v1_MINOR_VERSION` 的目录，那么现在通过复制前一版本的目录来创建一个。例如，假设你想要为 Kubernetes 1.9 版本生成文档，但是还没有 `v1_9` 目录，这时可以通过运行以下命令来创建并填充 `v1_9` 目录：
+
+```shell
+mkdir gen-kubectldocs/generators/v1_9
+cp -r gen-kubectldocs/generators/v1_8/* gen-kubectldocs/generators/v1_9
+```
+
+<!--
+## Checking out a branch in kubernetes/kubernetes
+-->
+
+## 从 kubernetes/kubernetes 检出一个分支
+
+<!--
+In you local kubernetes/kubernetes repository, checkout the branch that has
+the version of Kubernetes that you want to document. For example, if you want
+to generate docs for Kubernetes 1.9, checkout the release-1.9 branch. Make sure
+you local branch is up to date.
+-->
+
+在本地 kubernetes/kubernetes 仓库中，检出你想要生成文档的、包含 Kubernetes 版本的分支。例如，如果希望为 Kubernetes 1.9 版本生成文档，请检出 1.9 分支。确保本地分支是最新的。
+
+<!--
+## Running the doc generation code
+-->
+
+## 运行文档生成代码
+
+<!--
+In you local kubernetes-incubator/reference-docs repository, build and run the
+doc generation code. You might need to run the command as root:
+-->
+
+在 kubernetes-incubator/reference-docs 仓库的本地目录中，构建并运行文档生成代码。你可能需要以 root 用户运行命令：
+
+```shell
+cd <rdocs-base>
+make cli
+```
+
+<!--
+## Locate the generated files
+-->
+
+## 找到生成的文件
+
+<!--
+These two files are the primary output of a successful build. Verify that they exist:
+-->
+
+这两个文件是成功构建的主要产物。验证它们是否存在：
+
+* `<rdocs-base>/gen-kubectldocs/generators/build/index.html`
+* `<rdocs-base>/gen-kubectldocs/generators/build/navData.js`
+
+<!--
+## Copying files to the kubernetes/website repository
+-->
+
+## 将文件复制到 kubernetes/website 仓库
+
+<!--
+Copy the generated files from your local kubernetes-incubator/reference-docs
+repository to your local kubernetes/website repository.
+-->
+
+将生成的文件从 kubernetes-incubator/reference-docs 仓库的本地目录复制到 kubernetes/website 仓库的本地目录。
+
+```shell
+cd <rdocs-base>
+make copycli
+```
+
+<!--
+## Adding and committing changes in kubernetes/website
+-->
+
+## 在 kubernetes/website 中添加和提交修改
+
+<!--
+List the files that were generated and copied to the `kubernetes/website`
+repository:
+-->
+
+列出生成并准备合入到 `kubernetes/website` 仓库中的文件：
+
+```
+cd <web-base>
+git status
+```
+
+<!--
+The output shows the new and modified files. For example, the output
+might look like this:
+-->
+
+输出展示了新增和修改的文件。例如，输出可能如下所示：
+
+```shell
+modified: docs/reference/generated/kubectl/kubectl-commands.html
+modified: docs/reference/generated/kubectl/navData.js
+```
+
+<!--
+Run `git add` and `git commit` to commit the files.
+-->
+
+运行 `git add` 和 `git commit` 将提交上述文件。
+
+<!--
+## Creating a pull request
+-->
+
+## 创建 PR
+
+<!--
+Create a pull request to the `kubernetes/website` repository. Monitor your
+pull request, and respond to review comments as needed. Continue to monitor
+your pull request until it is merged.
+-->
+
+对 `kubernetes/website` 仓库创建 PR。跟踪你的 PR，并根据需要回应评审人的评论。继续跟踪你的 PR，直到它被合入。
+
+<!--
+A few minutes after your pull request is merged, your updated reference
+topics will be visible in the
+[published documentation](/docs/home).
+-->
+
+在 PR 合入的几分钟后，你更新的参考主题将出现在[已发布文档](/docs/home/)中。
+
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* [Generating Reference Documentation for Kubernetes Components and Tools](/docs/home/contribute/generated-reference/kubernetes-components/)
+* [Generating Reference Documentation for the Kubernetes API](/docs/home/contribute/generated-reference/kubernetes-api/)
+* [Generating Reference Documentation for the Kubernetes Federation API](/docs/home/contribute/generated-reference/federation-api/)
+-->
+
+* [为 Kubernetes 组件和工具生成参考文档](/docs/home/contribute/generated-reference/kubernetes-components/)
+* [为 Kubernetes API 生成参考文档](/docs/home/contribute/generated-reference/kubernetes-api/)
+* [为 Kubernetes 联邦 API 生成参考文档](/docs/home/contribute/generated-reference/federation-api/)
+
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/contribute/generate-ref-docs/kubernetes-api.md b/content/zh/docs/contribute/generate-ref-docs/kubernetes-api.md
new file mode 100644
index 0000000000000..ccacc307d1675
--- /dev/null
+++ b/content/zh/docs/contribute/generate-ref-docs/kubernetes-api.md
@@ -0,0 +1,685 @@
+---
+title: 为 Kubernetes API 生成参考文档
+content_template: templates/task
+---
+
+<!--
+---
+title: Generating Reference Documentation for the Kubernetes API
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to update the automatically generated reference docs for the
+Kubernetes API.
+-->
+
+本页面展示了如何为 Kubernetes API 更新自动生成的参考文档。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+<!--
+You need to have these tools installed:
+-->
+
+你需要安装以下软件：
+
+<!--
+* [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [Golang](https://golang.org/doc/install) version 1.9.1 or later
+* [Docker](https://docs.docker.com/engine/installation/)
+* [etcd](https://github.com/coreos/etcd/)
+-->
+
+* [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* 1.9 或更高版本的 [Golang](https://golang.org/doc/install)
+* [Docker](https://docs.docker.com/engine/installation/)
+* [etcd](https://github.com/coreos/etcd/)
+
+<!--
+Your $GOPATH environment variable must be set, and the location of `etcd`
+must be in your $PATH environment variable.
+-->
+
+在环境变量中设置 $GOPATH，并且 etcd 的路径必须配置在 $PATH 环境变量中。
+
+<!--
+You need to know how to create a pull request to a GitHub repository.
+Typically, this involves creating a fork of the repository. For more
+information, see
+[Creating a Documentation Pull Request](/docs/home/contribute/create-pull-request/) and
+[GitHub Standard Fork & Pull Request Workflow](https://gist.github.com/Chaser324/ce0505fbed06b947d962).
+-->
+
+你需要知道如何在一个 GitHub 项目仓库中创建一个 PR。一般来说，这涉及到创建仓库的一个分支。想了解更多信息，请参见[创建一个文档 PR](/docs/home/contribute/create-pull-request/) 和 [GitHub 标准 Fork&PR 工作流](https://gist.github.com/Chaser324/ce0505fbed06b947d962)。
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## The big picture
+-->
+
+## 概述
+
+<!--
+Updating the Kubernetes API reference documentation is a two-stage process:
+-->
+
+更新 Kubernetes API 参考文档有两个步骤：
+
+<!--
+1. Generate an OpenAPI spec from the Kubernetes source code. The tools for
+this stage are at [kubernetes/kubernetes/hack](https://github.com/kubernetes/kubernetes/tree/master/hack).
+-->
+
+1. 从 kubernetes 源码生成 OpenAPI 规范。本步骤的工具在 [kubernetes/kubernetes/hack](https://github.com/kubernetes/kubernetes/tree/master/hack)。
+
+<!--
+1. Generate an HTML file from the OpenAPI spec. The tools for this stage are at
+[kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs).
+-->
+
+1. 从 OpenAPI 规范生成 HTML 文件。本步骤的工具在 [kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs)。
+
+<!--
+## Getting three repositories
+-->
+
+## 下载三个仓库
+
+<!--
+If you don't already have the kubernetes/kubernetes repository, get it now:
+-->
+
+If you don't already have the kubernetes/kubernetes repository, get it now:
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes/kubernetes
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository.
+For example, if you followed the preceding step to get the repository, your
+base directory is `$GOPATH/src/github.com/kubernetes/kubernetes.`
+The remaining steps refer to your base directory as `<k8s-base>`.
+-->
+
+确定 [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes/kubernetes`。下文将该目录称为 `<k8s-base>`。
+
+<!--
+If you don't already have the kubernetes/website repository, get it now:
+-->
+
+如果你还没有下载过 `kubernetes/website` 仓库，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes/website
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes/website](https://github.com/kubernetes/website) repository.
+For example, if you followed the preceding step to get the repository, your
+base directory is `$GOPATH/src/github.com/kubernetes/website.`
+The remaining steps refer to your base directory as `<web-base>`.
+-->
+
+确定 [kubernetes/website](https://github.com/kubernetes/website) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes/website`。下文将该目录称为 `<web-base>`。
+
+<!--
+If you don't already have the kubernetes-incubator/reference-docs repository, get it now:
+-->
+
+如果你还没有下载过 kubernetes-incubator/reference-docs 仓库，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes-incubator/reference-docs
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs) repository.
+For example, if you followed the preceding step to get the repository, your
+base directory is `$GOPATH/src/github.com/kubernetes-incubator/reference-docs.`
+The remaining steps refer to your base directory as `<rdocs-base>`.
+-->
+
+确定 [kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes-incubator/reference-docs`。下文将该目录称为 `<rdocs-base>`。
+
+<!--
+## Editing the Kubernetes source code
+-->
+
+## 编辑 Kubernetes 源码
+
+<!--
+The Kubernetes API reference documentation is automatically generated from
+an OpenAPI spec, which is generated from the Kubernetes source code. If you
+want to change the reference documentation, the first step is to change one
+or more comments in the Kubernetes source code.
+-->
+
+Kubernetes API 参考文档是基于 OpenAPI 规范自动生成的，而该规范是从 Kubernetes 源码生成的。如果想要修改参考文档，可以从修改 Kubernetes 源码中的一个或多个注释开始。
+
+<!--
+### Making changes to comments in the source code
+-->
+
+### 修改源码中的注释
+
+{{< note >}}
+<!--
+The following steps are an example, not a general procedure. Details 
+will be different in your situation.
+-->
+
+以下步骤是一个示例，而不是通用步骤。在你操作过程中，细节会有所不同。
+{{< /note >}}
+
+<!--
+Here's an example of editing a comment in the Kubernetes source code.
+-->
+
+下面是在 Kubernetes 源码中编辑注释的示例。
+
+<!--
+In your local kubernetes/kubernetes repository, check out the master branch,
+and make sure it is up to date:
+-->
+
+进入 kubernetes/kubernetes 仓库的本地目录，检出 master 分支，并确保它是最新的：
+
+```shell
+cd <k8s-base>
+git checkout master
+git pull https://github.com/kubernetes/kubernetes master
+```
+
+<!--
+Suppose this source file in the master branch has the typo "atmost":
+-->
+
+假设 master 分支中的这个源文件有一个拼写错误 "atmost"：
+
+[kubernetes/kubernetes/staging/src/k8s.io/api/apps/v1/types.go](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/api/apps/v1/types.go)
+
+<!--
+In your local environment, open `types.go`, and change "atmost" to "at most".
+-->
+
+在本地环境中，打开 `types.go` 文件，然后将 "atmost" 修改为 "at most"。
+
+<!--
+Verify that you have changed the file:
+-->
+
+确认文件已修改：
+
+```shell
+git status
+```
+
+<!--
+The output shows that you are on the master branch, and that the `types.go`
+source file has been modified:
+-->
+
+输出展示了在 master 分支上，`types.go` 文件已被修改：
+
+```shell
+On branch master
+...
+    modified:   staging/src/k8s.io/api/apps/v1/types.go
+```
+
+<!--
+### Committing your edited file
+-->
+
+### 提交已编辑的文件
+
+<!--
+Run `git add` and `git commit` to commit the changes you have made so far. In the next step,
+you will do a second commit. It is important to keep your changes separated into two commits.
+-->
+
+运行 `git add` 和 `git commit` 提交到目前为止所做的修改。在下一步中，你将进行第二次提交。将修改拆分为两个提交是很重要的。
+
+<!--
+### Generating the OpenAPI spec and related files
+-->
+
+### 生成 OpenAPI 规范和相关文件
+
+<!--
+Go to `<k8s-base>` and run these scripts:
+-->
+
+进入 `<k8s-base>` 目录运行以下脚本：
+
+```shell
+hack/update-generated-swagger-docs.sh
+hack/update-swagger-spec.sh
+hack/update-openapi-spec.sh
+hack/update-generated-protobuf.sh
+hack/update-api-reference-docs.sh
+```
+
+<!--
+Run `git status` to see what was generated.
+-->
+
+运行 `git status` 查看生成的文件。
+
+```shell
+On branch master
+...
+    modified:   api/openapi-spec/swagger.json
+    modified:   api/swagger-spec/apps_v1.json
+    modified:   docs/api-reference/apps/v1/definitions.html
+    modified:   staging/src/k8s.io/api/apps/v1/generated.proto
+    modified:   staging/src/k8s.io/api/apps/v1/types.go
+    modified:   staging/src/k8s.io/api/apps/v1/types_swagger_doc_generated.go
+```
+
+<!--
+View the contents of `api/openapi-spec/swagger.json` to make sure the typo is fixed.
+For example, you could run `git diff -a api/openapi-spec/swagger.json`.
+This is important, because `swagger.json` will be the input to the second stage of
+the doc generation process.
+-->
+
+检查 `api/openapi-spec/swagger.json` 的内容确认拼写错误是否被修复。例如，你可以运行 `git diff -a api/openapi-spec/swagger.json`。这个步骤很重要，因为 `swagger.json` 是文档生成过程的第二个步骤的输入。
+
+<!--
+Run `git add` and `git commit` to commit your changes. Now you have two commits:
+one that has the edited `types.go` file, and one that has the generated OpenAPI spec
+and related files. Keep these two commits separate. That is, do not squash your commits.
+-->
+
+运行 `git add` 和 `git commit` 提交修改。现在你有两个提交：一个是已编辑的 `types.go` 文件，另一个是已生成的 OpenAPI 规范和相关文件。把这两个提交分开。也就是说，不要将它们合并提交。
+
+<!--
+Submit your changes as a
+[pull request](https://help.github.com/articles/creating-a-pull-request/) to the
+master branch of the
+[kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository.
+Monitor your pull request, and respond to reviewer comments as needed. Continue
+to monitor your pull request until it has been merged.
+-->
+
+将你的修改以 [pull request](https://help.github.com/articles/creating-a-pull-request/) 提交到 [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 仓库的 master 分支。跟踪你的 PR，并根据需要回应评审人的评论。继续跟踪你的 PR，直到它被合入。
+
+<!--
+[PR 57758](https://github.com/kubernetes/kubernetes/pull/57758)
+is an example of a pull request that fixes a typo in the Kubernetes source code.
+-->
+
+[PR 57758](https://github.com/kubernetes/kubernetes/pull/57758) 是一个对 Kubernetes 源码中的拼写错误进行修复的 PR 示例。
+
+{{< note >}}
+<!--
+It can be tricky to determine the correct source file to be changed. In the
+preceding example, the authoritative source file is under the `staging` directory
+in the `kubernetes/kubernetes` repository. But in your situation,the `staging` directory
+might not be the place to find the authoritative source. For guidance, check the
+`README` files in
+[kubernetes/kubernetes](https://github.com/kubernetes/kubernetes/tree/master/staging)
+repository and in related repositories like
+[kubernetes/apiserver](https://github.com/kubernetes/apiserver/blob/master/README.md).
+-->
+
+定位要修改的具体源文件可能很困难。在前面的示例中，正确的源文件位于 `kubernetes/kubernetes` 仓库的 `staging` 目录下。但在你的情况下，`staging` 目录可能不是查找正确源的位置。有关指导，请查看 [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes/tree/master/staging) 仓库的 `README` 文件和相关仓库 [kubernetes/apiserver](https://github.com/kubernetes/apiserver/blob/master/README.md)。
+{{< /note >}}
+
+<!--
+### Cherry picking your commit into a release branch
+-->
+
+### 以 cherry-pick 方式将你的提交合入已发布分支
+
+<!--
+In the preceding section, you edited a file in the master branch and then ran scripts
+to generate an OpenAPI spec and related files. Then you submitted your changes in a pull request
+to the master branch of the kubernetes/kubernetes repository. Now suppose you want to backport
+your change into a release branch. For example, suppose the master branch is being used to develop
+Kubernetes version 1.10, and you want to backport your change into the release-1.9 branch.
+-->
+
+在上文中，你在 master 分支中编辑了一个文件，然后运行脚本来生成 OpenAPI 规范和相关文件。然后你在一个 PR 中向 kubernetes/kubernetes 仓库的 master 分支提交了修改。现在假设你想要将你的修改合入到一个发布分支中。例如，假设 master 分支用于开发 Kubernetes 1.10 版本，而你希望将你的修改合入到 release-1.9 分支中。
+
+<!--
+Recall that your pull request has two commits: one for editing `types.go`
+and one for the files generated by scripts. The next step is to propose a cherry pick of your first 
+commit into the release-1.9 branch. The idea is to cherry pick the commit that edited `types.go`, but not
+the commit that has the results of running the scripts. For instructions, see
+[Propose a Cherry Pick](https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md). 
+-->
+
+回想一下 PR 中有两个提交：一个用于编辑 `types.go`，另一个用于脚本生成的文件。下一步是对你在 release-1.9 分支的第一次提交提议一个 cherry-pick 合入。其目的是挑出对 `types.go` 的编辑的那次提交，而不是对运行脚本结果的提交。有关说明，请参见[提议一个 cherry-pick 合入](https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md)。
+
+{{< note >}}
+<!--
+Proposing a cherry pick requires that you have permission to set a label and a milestone in your
+pull request. If you don't have those permissions, you will need to work with someone who can set the label
+and milestone for you.
+-->
+
+提议一个 cherry-pick 合入，需要你有在 PR 中设置标签和里程碑的权限。如果你没有，你需要与有权限为你设置标签和里程碑的人合作完成。
+{{< /note >}}
+
+<!--
+When you have a pull request in place for cherry picking your one commit into the release-1.9 branch,
+the next step is to run these scripts in the release-1.9 branch of your local environment.
+-->
+
+当你有一个对 release-1.9 分支进行 cherry-pick 合入的 PR 时，下一步是在 release-1.9 分支的本地环境中运行这些脚本。
+
+```shell
+hack/update-generated-swagger-docs.sh
+hack/update-swagger-spec.sh
+hack/update-openapi-spec.sh
+hack/update-generated-protobuf.sh
+hack/update-api-reference-docs.sh
+```
+
+<!--
+Now add a commit to your cherry-pick pull request that has the recently generated OpenAPI spec
+and related files. Monitor your pull request until it gets merged into the release-1.9 branch.
+-->
+
+现在向 cherry pick 的 PR 添加一个提交，该 PR 包含最近生成的 OpenAPI 规范和相关文件。跟踪你的 PR，直到它合入到 release-1.9 分支中。
+
+<!--
+At this point, both the master branch and the release-1.9 branch have your updated `types.go`
+file and a set of generated files that reflect the change you made to `types.go`. Note that the
+generated OpenAPI spec and other generated files in the release-1.9 branch are not necessarily
+the same as the generated files in the master branch. The generated files in the release-1.9 branch
+contain API elements only from Kubernetes 1.9. The generated files in the master branch might contain
+API elements that are not in 1.9, but are under development for 1.10.
+-->
+
+此时，master 和 release-1.9 分支都更新了 `types.go` 文件和一组生成的文件，这些反映了你对 `types.go` 做的修改。注意，在 release-1.9 分支中生成的 OpenAPI 规范和其他文件不一定与在 master 分支中生成的文件相同。在 release-1.9 分支中生成的文件只包含 Kubernetes 1.9 版本的 API 元素。master 分支中生成的文件可能包含正在 1.10 版本中开发的 API 元素，而这些元素却不在 1.9 版本中。
+
+<!--
+## Generating the published reference docs
+-->
+
+## 生成已发布的参考文档
+
+<!--
+The preceding section showed how to edit a source file and then generate
+several files, including `api/openapi-spec/swagger.json` in the 
+`kubernetes/kubernetes` repository.
+-->
+
+前一章节展示了如何编辑源文件，然后生成几个文件，包括 `kubernetes/kubernetes` 仓库中的 `api/openapi-spec/swagger.json`。
+
+<!--
+This section shows how to generate the
+[published Kubernetes API reference documentation](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/),
+which is generated by the tools at
+[kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs).
+Those tools take the `api/openapi-spec/swagger.json` file as input.
+-->
+
+本章节介绍如何生成[已发布的 Kubernetes API 参考文档](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)，该文档由 [kubernetes-incubator/reference-docs](https://github.com/kubernetes-incubator/reference-docs) 中的工具生成。这些工具以 `api/openapi-spec/swagger.json` 文件作为输入。
+
+<!--
+### Editing Makefile in kubernetes-incubator/reference-docs
+-->
+
+### 在 kubernetes-incubator/reference-docs 仓库中编辑 Makefile 文件
+
+<!--
+Go to `<rdocs-base>`, and open `Makefile` for editing:
+-->
+
+进入 `<rdocs-base>` 目录, 打开 `Makefile` 进行编辑：
+
+<!--
+Set `K8SROOT` to the base directory of your local kubernetes/kubernetes
+repository. Set `WEBROOT` to the base directory of your local kubernetes/website repository.
+Set `MINOR_VERSION` to the minor version of the docs you want to build. For example,
+if you want to build docs for Kubernetes 1.9, set `MINOR_VERSION` to 9. Save and close `Makefile`.
+-->
+
+将 `K8SROOT` 设置为 kubernetes/kubernetes 仓库的本地主目录。将 `WEBROOT` 设置为 kubernetes/website 仓库的本地主目录。将 `MINOR_VERSION` 设置为要构建的文档的副版本号。例如，如果要为 Kubernetes 1.9 版本构建文档，请将 `MINOR_VERSION` 设置为 9。保存并关闭 `Makefile`。
+
+<!--
+### Copying the OpenAPI spec
+-->
+
+### 复制 OpenAPI 规范
+
+<!--
+The doc generation code needs a local copy of the OpenAPI spec for the Kubernetes API.
+Go to `<k8s-base>` and check out the branch that has the OpenAPI spec you want to use.
+For example, if you want to generate docs for Kubernetes 1.9, checkout the release-1.9
+branch.
+-->
+
+文档生成代码需要 Kubernetes API 的 OpenAPI 规范的本地副本。进入 `<k8s-base>` 目录，检出有你想要使用的 OpenAPI 规范的分支。例如，如果要为 Kubernetes 1.9 版本生成文档，请检出 release-1.9 分支。
+
+<!--
+Go back to `<rdocs-base>`. Enter the following command to copy the OpenAPI spec from the
+`kubernetes/kubernetes` repository to a local directory:
+-->
+
+返回 `<rdocs-base>` 目录。输入以下命令将 OpenAPI 规范从 `kubernetes/kubernetes` 仓库复制到本地目录：
+
+```shell
+make updateapispec
+```
+
+<!--
+The output shows that the file was copied:
+-->
+
+输出显示文件已被复制：
+
+```shell
+cp ~/src/github.com/kubernetes/kubernetes/api/openapi-spec/swagger.json gen-apidocs/generators/openapi-spec/swagger.json
+```
+
+<!--
+### Building the brodocs image
+-->
+
+### 制作 brodocs 镜像
+
+<!--
+The doc generation code requires the
+[pwittrock/brodocs](https://github.com/pwittrock/brodocs) Docker image.
+-->
+
+文档生成代码需要 [pwittrock/brodocs](https://github.com/pwittrock/brodocs) Docker 镜像。
+
+<!--
+This command creates the `pwittrock/brodocs` Docker image. It also tries to push the image to
+DockerHub, but it's OK if that step fails. As long as you have the image locally, the code generation
+can succeed.
+-->
+
+该命令用于创建 `pwittrock/brodocs` Docker 镜像。它还尝试将镜像推送到 DockerHub，但是如果该步骤失败也没关系。只要镜像在本地，就可以成功生成代码。
+
+```shell
+make brodocs
+```
+
+<!--
+Verify that you have the brodocs image:
+-->
+
+确认 brodocs 镜像是否存在：
+
+```shell
+docker images
+```
+
+<!--
+The output shows `pwittrock/brodocs` as one of the available images:
+-->
+
+输出显示 `pwittrock/brodocs` 是可用镜像之一：
+
+```shell
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+pwittrock/brodocs   latest              999d34a50d56        5 weeks ago         714MB
+```
+
+<!--
+### Running the doc generation code
+-->
+
+## 运行文档生成代码
+
+<!--
+Build and run the doc generation code. You might need to run the command as root:
+-->
+
+构建并运行文档生成代码。你可能需要以 root 用户运行命令：
+
+```shell
+cd <rdocs-base>
+make api
+```
+
+<!--
+### Locate the generated files
+-->
+
+### 找到生成的文件
+
+<!--
+These two files are the output of a successful build. Verify that they exist:
+-->
+
+这两个文件是成功构建的产物。验证它们是否存在：
+
+* `<rdocs-base>/gen-apidocs/generators/build/index.html`
+* `<rdocs-base>/gen-apidocs/generators/build/navData.js`
+
+<!--
+## Copying the generated docs to the kubernetes/website repository
+-->
+
+## 将生成的文档复制到 kubernetes/website 仓库
+
+<!--
+The preceding sections showed how to edit a Kubernetes source file,
+generate an OpenAPI spec, and then generate reference documentation for publication.
+-->
+
+前面的章节展示了如何编辑 Kubernetes 源文件，生成 OpenAPI 规范，然后生成用于发布的参考文档。
+
+<!--
+This section show how to copy the generated docs to the
+[kubernetes/website](https://github.com/kubernetes/website) repository. The files
+in the `kubernetes/website` repository are published in the
+[kubernetes.io](https://kubernetes.io) website. In particular, the generated
+`index.html` file is published [here](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/).
+-->
+
+本章节介绍如何将生成的文档复制到 [kubernetes/website](https://github.com/kubernetes/website) 仓库。`kubernetes/website` 仓库中的文件发布在 [kubernetes.io](https://kubernetes.io) 网站上。特别是，生成的 `index.html` 文件发布在[这里](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)。
+
+<!--
+Enter the following command to copy the generated files to
+your local kubernetes/website repository:
+-->
+
+输入以下命令将生成的文件复制到 kubernetes/website 仓库的本地目录：
+
+```shell
+make copyapi
+```
+
+<!--
+Go to the base of your local kubernetes/kubernetes repository, and 
+see which files have been modified:
+-->
+
+进入 kubernetes/kubernetes 仓库的本地主目录，查看哪些文件已被修改：
+
+```shell
+cd <web-base>
+git status
+```
+
+<!--
+The output shows the modified files:
+-->
+
+输出显示修改后的文件：
+
+```shell
+On branch master
+...
+   modified:   docs/reference/generated/kubernetes-api/v1.9/index.html
+```
+
+<!--
+In this example, only one file has been modified. Recall that you generated both
+`index.html` and `navData.js`. But apparently the generated `navata.js` is not different
+from the `navData.js` that was already in the kubernetes/website` repository.
+-->
+
+在本例中，只修改了一个文件。回想一下，你生成了 `index.html` 和 `navData.js`。但显然生成的 `navata.js` 与 kubernetes/website` 仓库中已有的 `navData.js` 没有什么不同。
+
+<!--
+In `<web-base>` run `git add` and `git commit` to commit the change.
+-->
+
+在 `<web base>` 目录下运行 `git add` 和 `git commit` 将提交修改。
+
+<!--
+Submit your changes as a
+[pull request](/docs/home/contribute/create-pull-request/) to the
+[kubernetes/website](https://github.com/kubernetes/website) repository.
+Monitor your pull request, and respond to reviewer comments as needed. Continue
+to monitor your pull request until it has been merged.
+-->
+
+将你的修改作为 [pull request](/docs/home/contribute/create-pull-request/) 提交到 [kubernetes/website](https://github.com/kubernetes/website) 仓库。跟踪你的 PR，并根据需要回应评审人的评论。继续跟踪你的 PR，直到它被合入。
+
+<!--
+A few minutes after your pull request is merged, your changes will be visible
+in the [published reference documentation](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/).
+-->
+
+在 PR 合入的几分钟后，你的修改将出现在[已发布的参考文档](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* [Generating Reference Docs for Kubernetes Components and Tools](/docs/home/contribute/generated-reference/kubernetes-components/)
+* [Generating Reference Documentation for kubectl Commands](/docs/home/contribute/generated-reference/kubectl/)
+* [Generating Reference Documentation for the Kubernetes Federation API](/docs/home/contribute/generated-reference/federation-api/)
+-->
+
+* [为 Kubernetes 组件和工具生成参考文档](/docs/home/contribute/generated-reference/kubernetes-components/)
+* [为 kubectl 命令集生成参考文档](/docs/home/contribute/generated-reference/kubectl/)
+* [为 Kubernetes 联邦 API 生成参考文档](/docs/home/contribute/generated-reference/federation-api/)
+
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/contribute/generate-ref-docs/kubernetes-components.md b/content/zh/docs/contribute/generate-ref-docs/kubernetes-components.md
new file mode 100644
index 0000000000000..8df429632cb06
--- /dev/null
+++ b/content/zh/docs/contribute/generate-ref-docs/kubernetes-components.md
@@ -0,0 +1,412 @@
+---
+title: 为 Kubernetes 组件和工具生成参考页面
+content_template: templates/task
+---
+
+<!--
+---
+title: Generating Reference Pages for Kubernetes Components and Tools
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to use the `update-imported-docs` tool to generate
+reference documentation for tools and components in the
+[Kubernetes](https://github.com/kubernetes/kubernetes) and
+[Federation](https://github.com/kubernetes/federation) repositories.
+-->
+
+本页面展示了如何使用 `update-imported-docs` 工具来为 [Kubernetes](https://github.com/kubernetes/kubernetes) 和 [Federation](https://github.com/kubernetes/federation) 仓库中的工具和组件生成参考文档。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* You need a machine that is running Linux or macOS.
+-->
+
+* 你需要一个运行着 Linux 或 macOS 操作系统的机器。
+
+<!--
+* You need to have this software installed:
+
+    * [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+
+    * [Golang](https://golang.org/doc/install) version 1.9 or later
+
+    * [make](https://www.gnu.org/software/make/)
+
+    * [gcc compiler/linker](https://gcc.gnu.org/)
+-->
+
+* 你需要安装以下软件：
+
+    * [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+
+    * 1.9或更高版本的 [Golang](https://golang.org/doc/install)
+
+    * [make](https://www.gnu.org/software/make/)
+
+    * [gcc compiler/linker](https://gcc.gnu.org/)
+
+<!--
+* Your `$GOPATH` environment variable must be set.
+-->
+
+* 在环境变量中设置 `$GOPATH`。
+
+<!--
+* You need to know how to create a pull request to a GitHub repository.
+Typically, this involves creating a fork of the repository. For more
+information, see
+[Creating a Documentation Pull Request](/docs/home/contribute/create-pull-request/).
+-->
+
+* 你需要知道如何在一个 GitHub 项目仓库中创建一个 PR。一般来说，这涉及到创建仓库的一个分支。想了解更多信息，请参见[创建一个文档 PR](/docs/home/contribute/create-pull-request/)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Getting two repositories
+-->
+
+## 下载两个仓库
+
+<!--
+If you don't already have the `kubernetes/website` repository, get it now:
+-->
+
+如果你还没有下载过 `kubernetes/website` 仓库，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes/website
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes/website](https://github.com/kubernetes/website) repository.
+For example, if you followed the preceding step to get the repository,
+your base directory is `$GOPATH/src/github.com/kubernetes/website.`
+The remaining steps refer to your base directory as `<web-base>`.
+-->
+
+确定 [kubernetes/website](https://github.com/kubernetes/website) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes/website`。下文将该目录称为 `<web-base>`。
+
+<!--
+If you plan on making changes to the ref docs, and if you don't already have
+the `kubernetes/kubernetes` repository, get it now:
+-->
+
+如果你想对参考文档进行修改，但是你还没下载过 `kubernetes/kubernetes` 仓库，现在下载：
+
+```shell
+mkdir $GOPATH/src
+cd $GOPATH/src
+go get github.com/kubernetes/kubernetes
+```
+
+<!--
+Determine the base directory of your clone of the
+[kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repository.
+For example, if you followed the preceding step to get the repository,
+your base directory is `$GOPATH/src/github.com/kubernetes/kubernetes.`
+The remaining steps refer to your base directory as `<k8s-base>`.
+-->
+
+确定 [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 仓库的本地主目录。例如，如果按照前面的步骤来获取该仓库，则主目录是 `$GOPATH/src/github.com/kubernetes/kubernetes`。下文将该目录称为 `<k8s-base>`。
+
+{{< note >}}
+<!--
+If you only need to generate, but not change, the reference docs, you don't need to
+manually get the `kubernetes/kubernetes` repository. When you run the `update-imported-docs`
+tool, it automatically clones the `kubernetes/kubernetes` repository.
+-->
+
+如果你只想生成参考文档，而不需要修改，则不需要手动下载 `kubernetes/kubernetes` 仓库。当你运行 `update-imported-docs` 工具时，它会自动克隆 `kubernetes/kubernetes` 仓库。
+{{< /note >}}
+
+<!--
+## Editing the Kubernetes source code
+-->
+
+## 编辑 Kubernetes 源码
+
+<!--
+The reference documentation for the Kubernetes components and tools is automatically
+generated from the Kubernetes source code. If you want to change the reference documentation,
+the first step is to change one or more comments in the Kubernetes source code. Make the
+change in your local kubernetes/kubernetes repository, and then submit a pull request to
+the master branch of
+[github.com/kubernetes/kubernetes](https://github.com/kubernetes/kubernetes).
+-->
+
+Kubernetes 组件和工具的参考文档是基于 Kubernetes 源码自动生成的。如果想要修改参考文档，可以从修改 Kubernetes 源码中的一个或多个注释开始。在本地 kubernetes/kubernetes 仓库中进行修改，然后向 [github.com/kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 的 master 分支提交 PR。
+
+<!--
+[PR 56942](https://github.com/kubernetes/kubernetes/pull/56942)
+is an example of a pull request that makes changes to comments in the Kubernetes
+source code.
+-->
+
+[PR 56942](https://github.com/kubernetes/kubernetes/pull/56942) 是一个对 Kubernetes 源码中的注释进行修改的 PR 示例。
+
+<!--
+Monitor your pull request, and respond to reviewer comments. Continue to monitor
+your pull request until it is merged into the master branch of the
+`kubernetes/kubernetes` repository.
+-->
+
+跟踪你的 PR，并回应评审人的评论。继续跟踪你的 PR，直到它合入到 `kubernetes/kubernetes` 仓库的 master 分支中。
+
+<!--
+## Cherry picking your change into a release branch
+-->
+
+## 以 cherry-pick 方式将你的修改合入已发布分支
+
+<!--
+Your change is now in the master branch, which is used for development of the next
+Kubernetes release. If you want your change to appear in the docs for a Kubernetes
+version that has already been released, you need to propose that your change be cherry
+picked into the release branch.
+-->
+
+你的修改已合入 master 分支中，该分支用于开发下一个 Kubernetes 版本。如果你希望修改部分出现在已发布的 Kubernetes 版本文档中，则需要提议将它们以 cherry-pick 方式合入已发布分支。
+
+<!--
+For example, suppose the master branch is being used to develop Kubernetes 1.10, and
+you want to backport your change to the release-1.9 branch. For instructions on how
+to do this, see
+[Propose a Cherry Pick](https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md).
+-->
+
+例如，假设 master 分支正用于开发 Kubernetes 1.10 版本，而你希望将修改合入到已发布的 1.9 版本分支。相关的操作指南，请参见 [提议一个 cherry-pick 合入](https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md)。
+
+<!--
+Monitor your cherry-pick pull request until it is merged into the release branch.
+-->
+
+跟踪你的 cherry-pick PR，直到它合入到已发布分支中。
+
+{{< note >}}
+<!--
+Proposing a cherry pick requires that you have permission to set a label
+and a milestone in your pull request. If you don’t have those permissions, you will
+need to work with someone who can set the label and milestone for you.
+-->
+
+提议一个 cherry-pick 合入，需要你有在 PR 中设置标签和里程碑的权限。如果你没有，你需要与有权限为你设置标签和里程碑的人合作完成。
+{{< /note >}}
+
+<!--
+## Overview of update-imported-docs
+-->
+
+## update-imported-docs 概述
+
+<!--
+The `update-imported-docs` tool is located in the `kubernetes/website/update-imported-docs/`
+directory. The tool performs the following steps:
+-->
+
+`update-imported-docs` 工具在 `kubernetes/website/update-imported-docs/` 目录下。它执行以下步骤：
+
+<!--
+1. Clones the related repositories specified in a configuration file. For the
+   purpose of generating reference docs, the repositories that are cloned by
+   default are `kubernetes-incubator/reference-docs` and `kubernetes/federation`.
+1. Runs commands under the cloned repositories to prepare the docs generator and
+   then generates the Markdown files.
+1. Copies the generated Markdown files to a local clone of the `kubernetes/website`
+   repository under locations specified in the configuration file.
+-->
+
+1. 克隆配置文件中指定的相关仓库。为了生成参考文档，默认情况下克隆的仓库是 `kubernetes-incubator/reference-docs` 和 `kubernetes/federation`。
+1. 在克隆出的仓库下运行命令来准备文档生成器，然后生成 Markdown 文件。
+1. 将生成的 Markdown 文件复制到配置文件中指定的 `kubernetes/website` 仓库的本地目录中。
+
+<!--
+When the Markdown files are in your local clone of the `kubernetes/website`
+repository, you can submit them in a
+[pull request](/docs/home/contribute/create-pull-request/)
+to `kubernetes/website`.
+-->
+
+当 Markdown 文件放入 `kubernetes/website` 仓库的本地目录中后，你就可以创建 [PR](/docs/home/contribute/create-pull-request/) 将它们提交到 `kubernetes/website`。
+
+<!--
+## Customizing the config file
+-->
+
+## 自定义配置文件
+
+<!--
+Open `<web-base>/update-imported-docs/reference.yml` for editing.
+Do not change the content for the `generate-command` entry unless you understand
+what it is doing and need to change the specified release branch.
+-->
+
+打开 `<web-base>/update-imported-docs/reference.yml` 进行编辑。不要修改 `generate-command` 条目的内容，除非你了解它的作用，并且需要修改指定的已发布分支。
+
+```shell
+repos:
+- name: reference-docs
+  remote: https://github.com/kubernetes-incubator/reference-docs.git
+  # This and the generate-command below needs a change when reference-docs has
+  # branches properly defined
+  branch: master  
+  generate-command: |
+    cd $GOPATH
+    git clone https://github.com/kubernetes/kubernetes.git src/k8s.io/kubernetes
+    cd src/k8s.io/kubernetes
+    git checkout release-1.11
+    make generated_files
+    cp -L -R vendor $GOPATH/src
+    rm -r vendor
+    cd $GOPATH
+    go get -v github.com/kubernetes-incubator/reference-docs/gen-compdocs
+    cd src/github.com/kubernetes-incubator/reference-docs/
+    make comp
+```
+
+<!--
+In reference.yml, the `files` field is a list of `src` and `dst` fields. The `src` field
+specifies the location of a generated Markdown file, and the `dst` field specifies
+where to copy this file in the cloned `kubernetes/website` repository.
+For example:
+-->
+
+在 reference.yml 中，`files` 字段是 `src` 和 `dst` 字段的列表。`src` 字段指定生成的 Markdown 文件的位置，而 `dst` 字段指定将此文件复制到 `kubernetes/website` 仓库的本地目录的哪个位置。例如：
+
+```yaml
+repos:
+- name: reference-docs
+  remote: https://github.com/kubernetes-incubator/reference-docs.git
+  files:
+  - src: gen-compdocs/build/kube-apiserver.md
+    dst: content/en/docs/reference/command-line-tools-reference/kube-apiserver.md
+  ...
+```
+
+<!--
+Note that when there are many files to be copied from the same source directory
+to the same destination directory, you can use wildcards in the value given to
+`src` and you can just provide the directory name as the value for `dst`.
+For example:
+-->
+
+注意，当有许多文件要从同一个源目录复制到同一个目标目录时，可以使用通配符给 `src` 赋值，而使用目录名给 `dst` 赋值。例如：
+
+```shell
+  files:
+  - src: gen-compdocs/build/kubeadm*.md
+    dst: content/en/docs/reference/setup-tools/kubeadm/generated/
+```
+
+<!--
+## Running the update-imported-docs tool
+-->
+
+## 运行 update-imported-docs 工具
+
+<!--
+After having reviewed and/or customized the `reference.yaml` file, you can run
+the `update-imported-docs` tool:
+-->
+
+在检查与或自定义 `reference.yaml` 文件后，运行 `update-imported-docs` 工具：
+
+```shell
+cd <web-base>/update-imported-docs
+./update-imported-docs reference.yml
+```
+
+<!--
+## Adding and committing changes in kubernetes/website
+-->
+
+## 在 kubernetes/website 中添加和提交修改
+
+<!--
+List the files that were generated and copied to the `kubernetes/website`
+repository:
+-->
+
+列出生成并准备合入到 `kubernetes/website` 仓库中的文件：
+
+```
+cd <web-base>
+git status
+```
+
+<!--
+The output shows the new and modified files. For example, the output
+might look like this:
+-->
+
+输出展示了新增和修改的文件。例如，输出可能如下所示：
+
+```shell
+...
+
+    modified:   content/en/docs/reference/command-line-tools-reference/cloud-controller-manager.md
+    modified:   content/en/docs/reference/command-line-tools-reference/federation-apiserver.md
+    modified:   content/en/docs/reference/command-line-tools-reference/federation-controller-manager.md
+    modified:   content/en/docs/reference/command-line-tools-reference/kube-apiserver.md
+    modified:   content/en/docs/reference/command-line-tools-reference/kube-controller-manager.md
+    modified:   content/en/docs/reference/command-line-tools-reference/kube-proxy.md
+    modified:   content/en/docs/reference/command-line-tools-reference/kube-scheduler.md
+...
+```
+
+<!--
+Run `git add` and `git commit` to commit the files.
+-->
+
+运行 `git add` 和 `git commit` 将提交上述文件。
+
+<!--
+## Creating a pull request
+-->
+
+## 创建 PR
+
+<!--
+Create a pull request to the `kubernetes/website` repository. Monitor your
+pull request, and respond to review comments as needed. Continue to monitor
+your pull request until it is merged.
+-->
+
+对 `kubernetes/website` 仓库创建 PR。跟踪你的 PR，并根据需要回应评审人的评论。继续跟踪你的 PR，直到它被合入。
+
+<!--
+A few minutes after your pull request is merged, your updated reference
+topics will be visible in the
+[published documentation](/docs/home/).
+-->
+
+在 PR 合入的几分钟后，你更新的参考主题将出现在[已发布文档](/docs/home/)中。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* [Generating Reference Documentation for kubectl Commands](/docs/home/contribute/generated-reference/kubectl/) 
+* [Generating Reference Documentation for the Kubernetes API](/docs/home/contribute/generated-reference/kubernetes-api/)
+* [Generating Reference Documentation for the Kubernetes Federation API](/docs/home/contribute/generated-reference/federation-api/)
+-->
+
+* [为 kubectl 命令集生成参考文档](/docs/home/contribute/generated-reference/kubectl/) 
+* [为 Kubernetes API 生成参考文档](/docs/home/contribute/generated-reference/kubernetes-api/)
+* [为 Kubernetes 联邦 API 生成参考文档](/docs/home/contribute/generated-reference/federation-api/)
+
+{{% /capture %}}
\ No newline at end of file
diff --git a/content/zh/docs/contribute/intermediate.md b/content/zh/docs/contribute/intermediate.md
new file mode 100644
index 0000000000000..82d42e8f4ef9d
--- /dev/null
+++ b/content/zh/docs/contribute/intermediate.md
@@ -0,0 +1,1498 @@
+---
+title: 中级贡献
+slug: intermediate
+content_template: templates/concept
+weight: 20
+card:
+  name: contribute
+  weight: 50
+---
+
+{{% capture overview %}}
+
+<!--
+This page assumes that you've read and mastered the tasks in the
+[start contributing](/docs/contribute/start/) topic and are ready to
+learn about more ways to contribute.
+-->
+本文假定你已经阅读并掌握了[开始贡献](/docs/contribute/start/)中介绍的内容，
+想要了解更多关于贡献的内容。
+
+
+{{< note >}}
+<!--
+Some tasks require you to use the Git command line client and other tools.
+-->有些任务需要使用Git命令行客户端和其他工具。
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+Now that you've gotten your feet wet and helped out with the Kubernetes docs in
+the ways outlined in the [start contributing](/docs/contribute/start/) topic,
+you may feel ready to do more. These tasks assume that you have, or are willing
+to gain, deeper knowledge of the following topic areas:
+-->
+现在，您已经熟悉了Kubernetes文档，并按照[开始贡献](/docs/contribute/start/)文章中介绍的方式进行了贡献，
+您可能已经准备好做更多的工作。这些任务假设您已经或愿意获得以下主题领域的更深入的知识:
+
+<!--
+- Kubernetes concepts
+- Kubernetes documentation workflows
+- Where and how to find information about upcoming Kubernetes features
+- Strong research skills in general
+-->
+- Kubernetes概念
+- Kubernetes文档工作流
+- 在哪里和如何找到即将推出的Kubernetes功能的信息
+- 较强的研究能力
+
+<!--
+These tasks are not as sequential as the beginner tasks. There is no expectation
+that one person does all of them all of the time.
+-->
+这些任务不像初学者的任务那样是顺序的。没有人期望一个人会一直做所有的事情。
+
+## 评审 pull request
+
+<!--
+In any given week, a specific docs approver volunteers to do initial triage
+and review of [pull requests and issues](#triage-and-categorize-issues). This
+person is the "PR Wrangler" for the week. The schedule is maintained using the
+[PR Wrangler scheduler](https://github.com/kubernetes/website/wiki/PR-Wranglers).
+To be added to this list, attend the weekly SIG Docs meeting and volunteer. Even
+if you are not on the schedule for the current week, you can still review pull
+requests (PRs) that are not already under active review.
+-->
+通常，每周都会有一个特定的文档审核志愿者对[pull requests 和 issues](#triage-and-categorize-issues)
+进行分类和审核。这个人就是本周的“PR 牧马人”。排班计划在[PR 牧马人排班](https://github.com/kubernetes/website/wiki/PR-Wranglers)维护。
+如果想要加入排班计划，需要参加每周的 SIG Docs 会议并志愿申请。
+尽管你不在本周的排班计划中，你也可以审核那些还未开始检视的PR。
+
+<!--
+In addition to the rotation, an automated system comments on each new PR and
+suggests reviewers and approvers for the PR, based on the list of approvers and
+reviewers in the affected files. The PR author is expected to follow the
+guidance of the bot, and this also helps PRs to get reviewed quickly.
+-->
+除了轮换之外，自动化系统（机器人）会根据修改的文件自动推荐相应的 approver 和 reviewer。
+PR作者应该遵循机器人的指导，这也有助于PR得到快速审查。
+
+<!--
+We want to get pull requests (PRs) merged and published as quickly as possible.
+To ensure the docs are accurate and up to date, each PR needs to be reviewed by
+people who understand the content, as well as people with experience writing
+great documentation.
+-->
+我们希望尽快合并和发布pull requests。
+为了确保文档是准确的和最新的，每个PR都需要由理解内容的人以及具有编写优秀文档经验的人来评审。
+
+<!--
+Reviewers and approvers need to provide actionable and constructive feedback to
+keep contributors engaged and help them to improve. Sometimes helping a new
+contributor get their PR ready to merge takes more time than just rewriting it
+yourself, but the project is better in the long term when we have a diversity of
+active participants.
+-->
+评审人员和批准人员需要提供可操作的和建设性的反馈，以保持贡献者的参与并帮助他们改进。
+有时候，帮助一个新的贡献者把他们的PR准备好合并比你自己重写它需要更多的时间，
+但是从长远来看，当我们有不同的积极参与者时，这个项目会更好。
+
+<!--
+Before you start reviewing PRs, make sure you are familiar with the
+[Documentation Style Guide](/docs/contribute/style/style-guide/)
+and the [code of conduct](/community/code-of-conduct/)
+-->
+在开始评审PR之前，请确保熟悉 [文档风格指南](/docs/contribute/style/style-guide/)
+和 [行为准则](/community/code-of-conduct/)。
+
+<!--
+### Find a PR to review
+-->
+### 找一个PR来评审
+
+<!--
+To see all open PRs, go to the **Pull Requests** tab in the GitHub repository.
+A PR is eligible for review when it meets all of the following criteria:
+-->
+要查看所有打开的PR，请转到GitHub仓库中的**Pull Requests**选项卡。
+当符合以下所有条件时，PR才有资格进行评审：
+
+<!--
+- Has the `cncf-cla:yes` tag
+- Does not have WIP in the description
+- Does not a have tag including the phrase `do-not-merge`
+- Has no merge conflicts
+- Is based against the correct branch (usually `master` unless the PR relates to
+  a feature that has not yet been released)
+- Is not being actively reviewed by another docs person (other technical
+  reviewers are fine), unless that person has explicitly asked for your help. In
+  particular, leaving lots of new comments after other review cycles have
+  already been completed on a PR can be discouraging and counter-productive.
+-->
+- 拥有 `cncf-cla:yes` 标签
+- 描述中没有WIP
+- 没有包含`do-not-merge`字样的标签
+- 没有合并冲突
+- 基于正确的分支(通常为“master”，除非PR与某个未发布的功能相关)
+- 没有被其他文档人员（或其他技术领域的评审人）评审，除非你被显式的请求参与评审。
+  需要说明的是，如果其他评审已经结束的情况下，你再留下很多新的意见，会让人感到沮丧，这适得其反。
+
+<!--
+If a PR is not eligible to merge, leave a comment to let the author know about
+the problem and offer to help them fix it. If they've been informed and have not
+fixed the problem in several weeks or months, eventually their PR will be closed
+without merging.
+-->
+如果PR不符合合并的条件，请留下评论，让作者知道问题所在，并帮助他们解决问题。
+如果他们被告知并在几周或几个月内没有解决问题，最终他们的PR将被关闭而不会合并。
+
+<!--
+If you're new to reviewing, or you don't have a lot of bandwidth, look for PRs
+with the `size/XS` or `size/S` tag set. The size is automatically determined by
+the number of lines the PR changes.
+-->
+如果您是新手，或者您没有太多的带宽，请寻找具有 `size/XS` 或 `size/S` 标记集的PR。
+大小由PR更改的行数自动设置。
+
+#### 评审人员和批准人员
+
+<!--
+The Kubernetes website repo operates differently than some of the Kubernetes
+code repositories when it comes to the roles of reviewers and approvers. For
+more information about the responsibilities of reviewers and approvers, see
+[Participating](/docs/contribute/participating/). Here's an overview.
+-->
+Kubernetes 网站仓库与 Kubernetes 的一些代码仓库在涉及审核者和审批者角色时的操作方式不同。
+有关评审人员和批准人员职责的更多信息，请参见[参与](/docs/contribute/participating/)。
+这里只做一个概述。
+
+<!--
+- A reviewer reviews pull request content for technical accuracy. A reviewer
+  indicates that a PR is technically accurate by leaving a `/lgtm` comment on
+  the PR.
+
+    {{< note >}}Don't add an `/lgtm` unless you are confident in the technical
+    accuracy of the documentation modified or introduced in the PR.{{< /note >}}
+
+- An approver reviews pull request content for docs quality and adherence to
+  SIG Docs guidelines, such as the
+  [style guide](/docs/contribute/style/style-guide). Only people listed as
+  approvers in the
+  [`OWNERS`](https://github.com/kubernetes/website/blob/master/OWNERS) file can
+  approve a PR. To approve a PR, leave an `/approved` comment on the PR.
+-->
+- 当评审人员以评审PR的技术准确性时，评审人员发表一个 `/lgtm` 评论表示技术上是无误的。
+
+    {{< note >}}如果你对技术准确性不确信，不要在涉及文档修改的PR中回复 `/lgtm`。  {{< /note >}}
+    
+- 批准者审核有关文档修改的内容时，注重质量和相关规范（比如[风格规范](/docs/contribute/style/style-guide)）。
+  只有在 [`OWNERS`](https://github.com/kubernetes/website/blob/master/OWNERS) 文件中列出的
+  人才可以批准PR。批准PR时，需要回复一个`/approved`评论。
+
+<!--
+A PR is merged when it has both a `/lgtm` comment from anyone in the Kubernetes
+organization and an `/approved` comment from an approver in the
+`sig-docs-maintainers` group, as long as it is not on hold and the PR author
+has signed the CLA.
+-->
+如果PR拥有来自Kubernetes社区的任何人的`/lgtm`评论和来自`sig-docs-maintainers`组的`/approved`评论，
+只要它没有被hold并且作者已签署了CLA，PR就会被合并。
+
+<!--
+### Review a PR
+-->
+### 审核PR
+
+<!--   
+1.  Read the PR description and read any attached issues or links, if
+    applicable. "Drive-by reviewing" is sometimes more harmful than helpful, so
+    make sure you have the right knowledge to provide a meaningful review.
+
+2.  If someone else is the best person to review this particular PR, let them
+    know by adding a comment with `/assign @<github-username>`. If you have
+    asked a non-docs person for technical review but still want to review the PR
+    from a docs point of view, keep going.    
+
+3.  Go to the **Files changed** tab. Look over all the changed lines. Removed
+    content has a red background, and those lines also start with a `-` symbol.
+    Added content has a green background, and those lines also start with a `+`
+    symbol. Within a line, the actual modified content has a slightly darker
+    green background than the rest of the line.
+
+      - Especially if the PR uses tricky formatting or changes CSS, Javascript,
+        or other site-wide elements, you can preview the website with the PR
+        applied. Go to the **Conversation** tab and click the **Details** link
+        for the `deploy/netlify` test, near the bottom of the page. It opens in
+        the same browser window by default, so open it in a new window so you
+        don't lose your partial review. Switch back to the **Files changed** tab
+        to resume your review.
+      - Make sure the PR complies with the
+        [Documentation Style Guide](/docs/contribute/style/style-guide/)
+        and link the author to the relevant part of the style guide if not.
+      - If you have a question, comment, or other feedback about a given
+        change, hover over a line and click the blue-and-white `+` symbol that
+        appears. Type your comment and click **Start a review**.
+      - If you have more comments, leave them in the same way.
+      - By convention, if you see a small problem that does not have to do with
+        the main purpose of the PR, such as a typo or whitespace error, you can
+        call it out, prefixing your comment with `nit:` so that the author knows
+        you consider it trivial. They should still address it.
+      - When you've reviewed everything, or if you didn't have any comments, go
+        back to the top of the page and click **Review changes**. Choose either
+        **Comment** or **Request Changes**. Add a summary of your review, and
+        add appropriate
+        [Prow commands](https://prow.k8s.io/command-help) to separate lines in
+        the Review Summary field. SIG Docs follows the
+        [Kubernetes code review process](https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md#the-code-review-process).
+        All of your comments will be sent to the PR author in a single
+        notification.
+
+          - If you think the PR is ready to be merged, add the text `/approve` to
+            your summary.
+          - If the PR does not need additional technical review, add the
+            text `/lgtm` as well.
+          - If the PR *does* need additional technical review, add the text
+            `/assign` with the GitHub username of the person who needs to
+            provide technical review. Look at the `reviewers` field in the
+            front-matter at the top of a given Markdown file to see who can
+            provide technical review.
+          - To prevent the PR from being merged, add `/hold`. This sets the
+            label `do-not-merge/hold`.
+          - If a PR has no conflicts and has the `lgtm` and `approved` label but
+            no `hold` label, it is merged automatically.
+          - If a PR has the `lgtm` and/or `approved` labels and new changes are
+            detected, these labels are removed automatically.
+
+            See
+            [the list of all available slash commands](https://prow.k8s.io/command-help)
+            that can be used in PRs.
+
+    - If you previously selected **Request changes** and the PR author has
+      addressed your concerns, you can change your review status either in the
+      **Files changed** tab or at the bottom of the **Conversation** tab. Be
+      sure to add the `/approve` tag and assign technical reviewers if necessary,
+      so that the PR can be merged.
+-->
+
+   
+1.  阅读PR描述，并阅读任何附加的问题或链接，如果有的话。
+    “快速评审”有时弊大于利，所以确保你有正确的知识来提供有意义的评审。
+
+2.  如果其他人是审核这个PR的最佳人选，请通过添加`/assign @<github-username>`的评论让他们知道。
+    如果你要求一个非文档人员进行技术评审，但仍然想从文档的角度来评审PR，那就继续吧。    
+
+3.  转到 **Files changed** 选项卡。查看所有的修改行。删除的内容具有红色背景，这些行也以 `-` 符号开头。
+    添加的内容具有绿色背景，这些行也以 `+` 符号开始。在一行中，实际修改的内容的背景颜色比该行的其余部分略深一些。
+
+      - 特别是如果PR使用复杂的格式或更改CSS、Javascript或其他站点范围内的元素，您可以使用PR预览网站。
+        转到 **Conversation** 选项卡，单击页面底部附近的 `deploy/netlify` 测试的 **Details** 链接。
+        默认情况下，它会在同一个浏览器窗口中打开，所以在一个新窗口中打开它，这样你就不会丢失你的部分评论。
+        切换回 **Files changed** 选项卡以继续您的审阅。
+      - 确保PR符合文档[风格指南](/docs/contribute/style/style-guide/)，
+        如果不符合，请将作者链接到风格指南的相关部分。
+      - 如果您对给定的更改有疑问、评论或其他反馈，请将鼠标悬停在一行上，然后单击出现的蓝白相间的 `+` 号。
+        键入您的评论并单击 **Start a review**。
+        
+      - 如果你有更多的评论，请以同样的方式留下评论。
+      - 按照惯例，如果您看到一个与PR的主要目的无关的小问题，比如一个打印错误或空格错误，
+        您可以将它指出来，并在注释前加上nit:以便作者知道您认为它是无关紧要的。
+        他们仍然应该解决这个问题。
+      - 当您查看完所有内容，或者没有任何评论时，回到页面顶部并单击 **Review changes**。
+        选择**Comment** 或**Request Changes**。添加评审摘要，
+        并在评审摘要字段中另起一行添加适当的[Prow 命令](https://prow.k8s.io/command-help)。
+        SIG Docs 遵循[Kubernetes代码审查流程](https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md#the-code-review-process)。
+        您所有的意见将在一个单一的评论中发送给PR作者。
+
+          - 如果您认为PR已经准备好合并，请将文本 `/approve` 添加到摘要中。
+          - 如果PR不需要额外的技术审查，也可以同时添加文本 `/lgtm` 。
+          - 如果PR *确实* 需要额外的技术审查，使用 `/assign` + GitHub 用户名添加需要提供技术审查的人。
+            查看上面出现的 Markdown 文件中的`reviewers`字段，看看谁可以提供技术审阅。
+          - 如果需要阻止PR被合并，加上 `/hold` ，就会设置 `do-not-merge/hold` 标签。
+          - 如果PR没有冲突、有 `lgtm` 和 `approved` 标签且没有 `hold` 标签，它就会自动合并。 
+          - 如果PR拥有 `lgtm` 和 `approved` 后再有新的变更，那么这些标签会自动清除。
+
+            PR中可能用到的命令，参阅
+            [斜线命令列表](https://prow.k8s.io/command-help)。
+
+    - 如果您以前选择了**Request changes** ，并且PR作者已经处理了您的关注点，
+      那么您可以在**Files changed** 选项卡或 **Conversation** 选项卡底部更改您的审阅状态。
+      确保添加 `/approve` 标签，并在必要时指派技术审阅人员，以便合并PR。
+
+<!--
+### Commit into another person's PR
+-->
+### 提交到别人的PR
+
+<!--
+Leaving PR comments is helpful, but there may be times when you need to commit
+into another person's PR, rather than just leaving a review.
+-->
+留下评论是有帮助的，但有时你需要把自己的想法融入到其他人的PR中，而不仅仅是留下评论。
+
+<!--
+Resist the urge to "take over" for another person unless they explicitly ask
+you to, or you want to resurrect a long-abandoned PR. While it may be faster
+in the short term, it deprives the person of the chance to contribute.
+-->
+除非对方明确要求你“接手”，或者你想重新建立一个长期被抛弃的PR，否则不要急于“接手”。
+虽然短期内这样做可能更快，但会剥夺这个人做出贡献的机会。
+
+<!--
+The process you use depends on whether you need to edit a file that is already
+in the scope of the PR or a file that the PR has not yet touched.
+-->
+您的做法（接手）取决于您是需要编辑已经在PR范围内的文件，还是PR尚未触及的文件。
+
+<!--
+You can't commit into someone else's PR if either of the following things is
+true:
+-->
+如果以下任何一件事是符合的，你就不能提交到某人的PR:
+
+<!--
+- If the PR author pushed their branch directly to the
+  [https://github.com/kubernetes/website/](https://github.com/kubernetes/website/)
+  repository, only a reviewer with push access can commit into their PR.
+  Authors should be encouraged to push their branch to their fork before
+  opening the PR.
+- If the PR author explicitly disallowed edits from approvers, you can't
+  commit into their PR unless they change this setting.
+-->
+- 如果PR作者将他们的分支直接推入https://github.com/kubernetes/website/ repository，
+  那么只有具有push访问权限的审阅者才能提交到他们的PR中。
+- 如果PR作者明确禁止审批者进行编辑，那么除非他们更改此设置，否则您无法提交到他们的PR中。
+
+<!--
+#### If the file is already changed by the PR
+-->
+#### 文件已在PR中修改
+
+<!--
+This method uses the GitHub UI. If you prefer, you can use the command line
+even if the file you want to change is part of the PR, if you are more
+comfortable working that way.
+-->
+这个方法使用GitHub UI。如果您愿意，您可以使用命令行，即使您想更改的文件是PR的一部分，如果您更愿意这样工作的话。
+
+<!--
+1.  Click the **Files changed** tab.
+2.  Scroll down to the file you want to edit, and click the pencil icon for
+    that file.
+3.  Make your changes, add a commit message in the field below the editor, and
+    click **Commit changes**.
+-->
+    
+1.  点击 **Files changed** 选项卡。
+2.  向下找到你想要编辑的文件，点击铅笔图标。
+3.  修改并在下面添加提交记录，点击 **Commit changes**。
+
+<!--
+Your commit is now pushed to the branch the PR represents (probably on the
+author's fork) and now shows up in the PR and your changes are reflected in
+the **Files changed** tab. Leave a comment letting the PR author know you
+changed the PR.
+-->
+您的提交现在被推送到PR对应的分支(可能在作者的分支上)，
+在PR中，您的更改反映在 **Files changed** 选项卡中。
+留下评论，让PR作者知道你修改了PR。
+
+<!--
+If the author is using the command line rather than the GitHub UI to work on
+this PR, they need to fetch their fork's changes and rebase their local branch
+on the branch in their fork, before doing additional work on the PR.
+-->
+如果作者使用命令行而不是GitHub UI来处理这个PR，那么在处理PR之前，
+他们需要获取fork的更改并将本地分支重新建立在fork中的分支上。
+
+#### 如果文件没有被PR修改
+
+<!--
+If changes need to be made to a file that is not yet included in the PR, you
+need to use the command line. You can always use this method, if you prefer it
+to the GitHub UI.
+-->
+如果需要更改尚未包含在PR中的文件，则需要使用命令行。
+如果您喜欢使用这个方法而不喜欢使用GitHub UI，那么您总是可以使用这个方法。
+
+
+1.  <!--
+    Get the URL for the author's fork. You can find it near the bottom of the
+    **Conversation** tab. Look for the text **Add more commits by pushing to**.
+    The first link after this phrase is to the branch, and the second link is
+    to the fork. Copy the second link. Note the name of the branch for later.
+    -->
+    获取作者的fork的URL。你可以在**Conversation** 标签的底部找到它。
+    查找文本 **Add more commits by pushing to** 。
+    这个短语后面的第一个链接是到分支的，第二个链接是到fork的。
+    复制第二个链接。稍后会用到分支的名称。
+
+2.  <!--
+    Add the fork as a remote. In your terminal, go to your clone of the
+    repository. Decide on a name to give the remote (such as the author's
+    GitHub username), and add the remote using the following syntax:
+    -->
+    要给远程设置一个名称(比如作者的GitHub用户名)，然后使用以下语法添加远程：
+    
+      ```
+      git remote add <name> <url-of-fork>
+      ```
+      
+3.  <!--
+    Fetch the remote. This doesn't change any local files, but updates your
+    clone's notion of the remote's objects (such as branches and tags) and
+    their current state.
+    -->
+    获取远程。这不会更改任何本地文件，但会更新克隆的远程对象的概念(如分支和标记)及其当前状态。
+          
+      ```
+      git remote fetch <name>
+      ```
+
+4.  <!--
+    Check out the remote branch. This command will fail if you already have a
+    local branch with the same name.
+    -->
+    拉取远程分支。如果已经有同名的本地分支，则此命令将失败。
+    
+    ```
+    git checkout <branch-from-PR>
+    ```
+
+5.  <!--
+    Make your changes, use `git add` to add them, and commit them.
+    -->
+    进行更改，使用 `git add` 添加更改，然后提交更改。
+
+6.  <!--
+    Push your changes to the author's remote.
+    -->
+    将您的更改推到作者的远程。
+
+      ```
+      git push <remote-name> <branch-name>
+      ```
+
+7.  <!--
+    Go back to the GitHub IU and refresh the PR. Your changes appear. Leave the
+    PR author a comment letting them know you changed the PR.
+    -->
+    回到GitHub UI并刷新PR。给PR作者留言，让他们知道你修改了PR。
+
+<!--
+If the author is using the command line rather than the GitHub UI to work on
+this PR, they need to fetch their fork's changes and rebase their local branch
+on the branch in their fork, before doing additional work on the PR.
+-->
+如果作者使用命令行而不是GitHub UI来处理这个PR，那么在处理PR之前，
+他们需要获取fork的更改并将本地分支重新建立在fork中的分支上。
+
+<!--
+## Work from a local clone
+-->
+## 使用本地克隆
+
+<!--
+For changes that require multiple files or changes that involve creating new
+files or moving files around, working from a local Git clone makes more sense
+than relying on the GitHub UI. These instructions use the `git` command and
+assume that you have it installed locally. You can adapt them to use a local
+graphical Git client instead.
+-->
+对于需要多个文件的更改，或者涉及创建新文件或移动文件的更改，
+使用本地Git克隆比依赖GitHub UI更有意义。
+这些指令使用git命令，并假设您已经在本地安装了它。
+您可以将它们调整为使用本地图形化Git客户机。
+
+<!--
+### Clone the repository
+-->
+### 克隆仓库
+
+<!--
+You only need to clone the repository once per physical system where you work
+on the Kubernetes documentation.
+-->
+对于处理Kubernetes文档的每个物理机，只需要克隆存储库一次。
+
+<!--
+1.  In a terminal window, use `git clone` to clone the repository. You do not
+    need any credentials to clone the repository.
+
+      ```
+      git clone https://github.com/kubernetes/website
+      ```
+
+      The new directory `website` is created in your current directory, with
+      the contents of the GitHub repository.
+
+2.  Change to the new `website` directory. Rename the default `origin` remote
+    to `upstream`.
+
+      ```
+      cd website
+
+      git remote rename origin upstream
+      ```
+
+3.  If you have not done so, create a fork of the repository on GitHub. In your
+    web browser, go to
+    [https://github.com/kubernetes/website](https://github.com/kubernetes/website)
+    and click the **Fork** button. After a few seconds, you are redirected to
+    the URL for your fork, which is typically something like
+    `https://github.com/<username>/website` unless you already had a repository
+    called `website`. Copy this URL.
+
+4.  Add your fork as a second remote, called `origin`:
+
+      ```
+      git remote add origin <FORK-URL>
+      ```
+-->
+
+1.  在终端中使用 `git clone` 来克隆仓库。你不需要指定任何证书。
+
+      ```
+      git clone https://github.com/kubernetes/website
+      ```
+      新目录 `website` 会在当前目录中创建并包含该仓库的内容。
+
+2.  进入 `website` 目录，将默认的 `origin` 重命名为远端 `upstream`。
+
+      ```
+      cd website
+
+      git remote rename origin upstream
+      ```
+
+3.  如果还没有这样做，请在GitHub上创建存储库的分支。
+    在您的web浏览器中，访问[https://github.com/kubernetes/website](https://github.com/kubernetes/website)
+    并单击Fork按钮。几秒钟后，您将被重定向到您的fork的URL，它通常类似于`https://github.com/<username>/website` ，
+    除非您已经有一个名为 `website`的存储库。复制这个网址。
+
+4.  在你的fork中增加另一个远端 `origin`:
+
+      ```
+      git remote add origin <FORK-URL>
+      ```
+
+<!--
+### Work on the local repository
+-->
+### 使用本地仓库
+
+<!--
+Before you start a new unit of work on your local repository, you need to figure
+out which branch to base your work on. The answer depends on what you are doing,
+but the following guidelines apply:
+-->
+在本地存储库上启动新的工作单元之前，您需要确定将工作基于哪个分支。
+答案取决于你在做什么，但是下面的指导方针是适用的：
+
+<!--
+- For general improvements to existing content, start from `master`.
+- For new content that is about features that already exist in a released
+  version of Kubernetes, start from `master`.
+- For long-running efforts that multiple SIG Docs contributors will collaborate on,
+  such as content reorganization, use a specific feature branch created for that
+  effort.
+- For new content that relates to upcoming but unreleased Kubernetes versions,
+  use the pre-release feature branch created for that Kubernetes version.
+-->
+- 对于现有内容的一般改进，可以从 `master` 开始。
+- 对于关于Kubernetes发布版本中已经存在的特性的新内容，请从 `master` 开始。
+- 对于多个SIG Docs贡献者将协作的长期工作，例如内容重组，使用为该工作创建的特定功能分支。
+- 对于与即将发布但尚未发布的Kubernetes版本相关的新内容，请使用为该Kubernetes版本创建的预发布特性分支。
+
+<!--
+For more guidance, see
+[Choose which branch to use](/docs/contribute/start/#choose-which-git-branch-to-use).
+-->
+更多指导，请参考[选择分支](/docs/contribute/start/#choose-which-git-branch-to-use)。
+
+<!--
+After you decide which branch to start your work (or _base it on_, in Git
+terminology), use the following workflow to be sure your work is based on the
+most up-to-date version of that branch.
+-->
+在您决定要使用哪个分支之后(或者用Git术语来说，基于它)，
+使用以下工作流来确保您的工作基于该分支的最新版本。
+
+
+1.  <!--
+    Fetch both the `upstream` and `origin` remotes. This updates your local
+    notion of what those branches contain, but does not change your local
+    branches at all.
+    -->
+    拉取 `upstream` 和 `origin` 远端。
+    这将更新您对这些分支所包含内容的本地概念，但不会更改您的本地分支。
+
+      ```
+      git fetch upstream
+      git fetch origin
+      ```
+
+2.  <!--
+    Create a new tracking branch based on the branch you decided is the most
+    appropriate. This example assumes you are using `master`.
+    -->
+    基于你选择的分支创建一个新的跟踪分支。以你使用master为例：
+
+      ```
+      git checkout -b <my_new_branch> upstream/master
+      ```
+
+      <!--
+      This new branch is based on `upstream/master`, not your local `master`.
+      It tracks `upstream/master`.
+      -->
+      新分支基于 `upstream/master`, 而不是你本地的 `master`。它跟踪 `upstream/master`。
+
+3.  <!--With your new branch checked out, make your changes using a text editor.
+    At any time, use the `git status` command to see what you've changed.
+    -->  
+    在检出的分支上使用编辑器修改。
+    你可以随时使用 `git status` 命令来查看你的更改。
+
+        
+4.  <!--
+    When you are ready to submit a pull request, commit your changes. First
+    use `git status` to see what changes need to be added to the changeset.
+    There are two important sections: `Changes staged for commit` and
+    `Changes not staged for commit`. Any files that show up in the latter
+    section under `modified` or `untracked` need to be added if you want them to
+    be part of this commit. For each file that needs to be added, use `git add`.
+    -->
+    当您准备提交pull request时，提交您的更改。
+    首先使用git status查看需要向变更集中添加哪些更改。
+    有两个重要的部分:`Changes staged for commit`和`Changes not staged for commit`。
+    如果您希望将后一节中显示的`modified` 或 `untracked` 文件添加到提交中，你需要使用`git add`。
+
+      ```
+      git add example-file.md
+      ```
+
+      <!--
+      When all your intended changes are included, create a commit, using the
+      `git commit` command:
+      -->
+      当所有文件准备好时，使用 `git commit` 命令提交：
+
+      ```
+      git commit -m "Your commit message"
+      ```
+
+      {{< note >}}
+      <!--
+      Do not reference a GitHub issue or pull request by ID or URL in the
+      commit message. If you do, it will cause that issue or pull request to get
+      a notification every time the commit shows up in a new Git branch. You can
+      link issues and pull requests together later, in the GitHub UI.
+      -->不要在提交消息中引用GitHub issue 或 PR(通过ID或URL)。如果您这样做了，那么每当提交出现在新的Git分支中时，就会导致该issue或PR获得通知。稍后，您可以在GitHub UI中链接问题并将请求拉到一起。
+      {{< /note >}}
+
+5.  <!--
+    Optionally, you can test your change by staging the site locally using the
+    `hugo` command. See [View your changes locally](#view-your-changes-locally).
+    You'll be able to view your changes after you submit the pull request, as
+    well.
+    -->
+    您还可以选择使用hugo命令在本地暂存站点来测试您的更改。[时间看本地更改](#view-your-changes-locally)。
+    您还可以在提交PR后查看更改。
+
+6.  <!--
+    Before you can create a pull request which includes your local commit, you
+    need to push the branch to your fork, which is the endpoint for the `origin`
+    remote.
+    -->
+    在创建包含本地提交的PR之前，需要将分支推到fork，也就是`origin`端点。
+
+      ```
+      git push origin <my_new_branch>
+      ```
+      <!--
+      Technically, you can omit the branch name from the `push` command, but
+      the behavior in that case depends upon the version of Git you are using.
+      The results are more repeatable if you include the branch name.
+      -->
+      从技术上讲，您可以从push命令中省略分支名称，但是这种情况下的行为取决于您使用的Git版本。
+      如果包含分支名称，结果将更加可重复。
+
+
+7.  <!--
+    At this point, if you go to https://github.com/kubernetes/website in your
+    web browser, GitHub detects that you pushed a new branch to your fork and
+    offers to create a pull request. Fill in the pull request template.
+    -->
+    此时，如果您在web浏览器中访问https://github.com/kubernetes/website, GitHub会检测到您将一个新的分支推送到您的fork，并提供创建一个pull请求。填写pull request模板。
+
+      - <!--The title should be no more than 50 characters and summarize the intent
+        of the change.-->标题不应超过50个字符，并总结更改的意图。
+      - <!--
+        The long-form description should contain more information about the fix,
+        including a line like `Fixes #12345` if the pull request fixes a GitHub
+        issue. This will cause the issue to be closed automatically when the
+        pull request is merged.
+        -->
+        长表单描述应该包含关于修复的更多信息，如果PR修复了GitHub issue，
+        则应该包含类似`Fixes #12345`这样的行。
+        这将导致在合并PR时自动关闭该问题。
+      - <!--
+        You can add labels or other metadata and assign reviewers. See
+        [Triage and categorize issues](#triage-and-categorize-issues) for the
+        syntax.
+        -->
+        您可以添加标签或其他元数据并分配审阅人员。有关语法，请参见[分类和分类问题](#triage-and-categorize-issues)。
+
+      <!--Click **Create pull request**.--> 点击 **Create pull request**
+
+8.  <!--Several automated tests will run against the state of the website with your
+    changes applied. If any of the tests fail, click the **Details** link for
+    more information. If the Netlify test completes successfully, its
+    **Details** link goes to a staged version of the Kubernetes website with
+    your changes applied. This is how reviewers will check your changes.-->
+    几个自动化测试将运行与您所应用的更改的网站状态。
+    如果任何测试失败，请单击**Details**链接获取更多信息。
+    如果Netlify测试成功完成，它的**Details**链接将转到Kubernetes网站的阶段性版本，
+    其中应用了您的更改。
+    这是审阅人员检查更改的方式。
+
+9.  <!--If you notice that more changes need to be made, or if reviewers give you
+    feedback, address the feedback locally, then repeat step 4 - 6 again,
+    creating a new commit. The new commit is added to your pull request and the
+    tests run again, including re-staging the Netlify staged site.-->
+    如果您注意到需要进行更多的更改，或者评审人员给了您反馈，请在本地处理反馈，
+    然后再次重复步骤4 - 6，创建一个新的提交。新的提交被添加到您的pull请求中，
+    测试再次运行，包括Netlify。
+
+10. <!--If a reviewer adds changes to your pull request, you need to fetch those
+    changes from your fork before you can add more changes. Use the following
+    commands to do this, assuming that your branch is currently checked out.-->
+    如果审查员将更改添加到您的pull请求中，您需要从fork获取这些更改，然后才能添加更多的更改。
+    假设您的分支当前已签出，请使用以下命令来完成此操作。
+
+      ```
+      git fetch origin
+      git rebase origin/<your-branch-name>
+      ```
+
+      <!--After rebasing, you need to add the `-f` flag to force-push new changes to
+      the branch to your fork.-->在rebasing之后，您需要添加`-f`标志来强制推送分支。
+
+      ```
+      git push -f origin <your-branch-name>
+      ```
+
+11. <!--If someone else's change is merged into the branch your work is based on,
+    and you have made changes to the same parts of the same files, a conflict
+    might occur. If the pull request shows that there are conflicts to resolve,
+    you can resolve them using the GitHub UI or you can resolve them locally.-->
+    如果其他人的更改合并到您工作所基于的分支中，并且您对相同文件的相同部分进行了更改，
+    则可能会发生冲突。如果pull请求显示有需要解决的冲突，您可以使用GitHub UI解决它们，
+    或者在本地解决它们。
+
+      <!--First, do step 10 to be sure that your fork and your local branch are in
+      the same state.-->首先执行第10步，确保你的fork仓库与你本地分支一致。
+
+      <!--Next, fetch `upstream` and rebase your branch on the branch it was
+      originally based on, like `upstream/master`.-->
+      接着，拉取 `upstream` 并 rebase 你的分支。 
+
+      ```
+      git fetch upstream
+      git rebase upstream/master
+      ```
+
+      <!--If there are conflicts Git can't automatically resolve, you can see the
+      conflicted files using the `git status` command. For each conflicted file,
+      edit it and look for the conflict markers `>>>`, `<<<`, and `===`. Resolve
+      the conflict and remove the conflict markers. Then add the changes to the
+      changeset using `git add <filename>` and continue the rebase using
+      `git rebase --continue`. When all commits have been applied and there are
+      no more conflicts, `git status` will show that you are not in a rebase and
+      there are no changes that need to be committed. At that point, force-push
+      the branch to your fork, and the pull request should no longer show any
+      conflicts.-->
+      如果存在Git无法自动解决的冲突，可以使用`git status`命令查看冲突文件。
+      对于每个冲突文件，编辑它并查找冲突标记`>>>`，`<<<`，and `===`。
+      解决冲突并删除冲突标记。然后使用`git add <filename>`，
+      并使用`git rebase --continue`继续将更改添加到更改集中。
+      当所有提交都已应用，并且没有更多冲突时，`git status`将显示您不在rebase中，
+      并且不需要提交任何更改。此时，强制将分支推到fork, pull请求应该不再显示任何冲突。
+
+<!--
+If you're having trouble resolving conflicts or you get stuck with
+anything else related to your pull request, ask for help on the `#sig-docs`
+Slack channel or the
+[kubernetes-sig-docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs).
+-->
+如果您在解决冲突方面遇到困难，或者您被与pull请求相关的任何其他事情卡住，
+请在`#sig-docs` Slack通道或[kubernet-sig-docs邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)中寻求帮助。
+
+<!--
+### View your changes locally
+-->
+### 本地查看更改
+
+<!--
+If you aren't ready to create a pull request but you want to see what your
+changes look like, you can build and run a docker image to generate all the documentation and 
+serve it locally.
+-->
+如果您还没有准备好创建一个pull请求，
+但是您希望看到您的更改是什么样子的，
+那么您可以构建并运行一个docker映像来生成所有文档并在本地提供它。
+
+<!--
+1.  Build the image locally:
+
+      ```
+      make docker-image
+      ```
+
+2.  Once the `kubernetes-hugo` image has been built locally, you can build and serve the site:
+
+      ```
+      make docker-serve
+      ```
+
+3.  In your browser's address bar, enter `localhost:1313`. Hugo will watch the
+    filesystem for changes and rebuild the site as needed.
+
+4.  To stop the local Hugo instance, go back to the terminal and type `Ctrl+C`
+    or just close the terminal window.
+
+Alternatively, you can install and use the `hugo` command on your development machine:
+
+1.  [Install Hugo](https://gohugo.io/getting-started/installing/) version {{< hugoVersion >}} or later.
+
+2.  In a terminal, go to the root directory of your clone of the Kubernetes
+    docs, and enter this command:
+
+      ```
+      hugo server
+      ```
+
+3.  In your browser’s address bar, enter `localhost:1313`.
+
+4.  To stop the local Hugo instance, go back to the terminal and type `Ctrl+C`
+    or just close the terminal window.
+-->
+1.  本地构建镜像:
+
+      ```
+      make docker-image
+      ```
+
+2.  `kubernetes-hugo` 镜像构建完成后，可以构建并启动网站：
+
+      ```
+      make docker-serve
+      ```
+
+3.  在浏览器地址栏输入 `localhost:1313`。Hugo将监视文件系统的更改，并根据需要重新构建站点。
+
+4.  如果想停掉本地Hugo实例，只需要在命令行中键入`Ctrl+C`来关闭命令行窗口。
+
+<!--
+Alternatively, you can install and use the `hugo` command on your development machine:
+-->
+或者，您可以在您的开发机器上安装并使用hugo命令：
+
+1.  <!--
+    [Install Hugo](https://gohugo.io/getting-started/installing/) version {{< hugoVersion >}} or later.
+    -->
+    [安装 Hugo](https://gohugo.io/getting-started/installing/) 版本 {{< hugoVersion >}} 或更新版本.
+
+2.  <!--
+    In a terminal, go to the root directory of your clone of the Kubernetes
+    docs, and enter this command:
+    -->
+    在终端中，转到您克隆的Kubernetes文档的根目录，并输入以下命令：
+
+      ```
+      hugo server
+      ```
+
+3.  <!--
+    In your browser’s address bar, enter `localhost:1313`.
+    -->
+    在浏览器地址栏中输入 `localhost:1313`。
+
+4.  <!--
+    To stop the local Hugo instance, go back to the terminal and type `Ctrl+C`
+    or just close the terminal window.
+    -->
+    如果想停掉本地Hugo实例，只需要在命令行中键入`Ctrl+C`来关闭命令行窗口。
+
+<!--
+## Triage and categorize issues
+-->
+## 问题归类
+
+<!--
+In any given week, a specific docs approver volunteers to do initial
+[triage and review of pull requests](#review-pull-requests) and issues. To get
+on this list, attend the weekly SIG Docs meeting and volunteer. Even if you are
+not on the schedule for the current week, you can still review PRs.
+-->
+在任何给定的一周内，一个特定的文档审批者会自愿对pull请求和问题进行初步分类和审查。
+要进入这个名单，参加每周的团体文档会议和志愿者。
+即使你不在这周的时间表上，你仍然可以审核PR。
+
+<!--
+People in SIG Docs are responsible only for triaging and categorizing
+documentation issues. General website issues are also filed in the
+`kubernetes/website` repository.
+-->
+SIG文档人员只负责对文档问题进行分类和分类。一般的网站问题也归档在`kubernetes/website` 资源库中。
+
+<!--
+When you triage an issue, you:
+-->
+当你对一个问题进行分类时：
+
+<!--
+- Assess whether the issue has merit. Some issues can be closed quickly by
+  answering a question or pointing the reporter to a resource.
+- Ask the reporter for more information if the issue doesn't have enough
+  detail to be actionable or the template is not filled out adequately.
+- Add labels (sometimes called tags), projects, or milestones to the issue.
+  Projects and milestones are not heavily used by the SIG Docs team.
+- At your discretion, taking ownership of an issue and submitting a PR for it
+  (especially if it is quick or relates to work you were already doing).
+-->
+- 评估这个问题是否有价值。有些问题可以通过回答问题或向作者指出资源来迅速解决。
+- 如果问题没有足够的细节可以采取行动，或者模板没有填好，询问作者更多的信息。
+- 向问题添加标签(有时称为标签)、项目或里程碑。SIG文档团队并没有大量使用项目和里程碑。
+- 根据您的判断，对某个问题拥有所有权并为其提交PR(特别是如果它是快速的或与您已经在做的工作相关的)。
+
+<!--
+If you have questions about triaging an issue, ask in `#sig-docs` on Slack or
+the
+[kubernetes-sig-docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs).
+-->
+如果你针对问题分类有疑问，请在Slack `#sig-docs` 频道或
+[kubernetes-sig-docs 邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)
+中询问。
+
+<!--
+### More about labels
+-->
+### 有关标签的更多信息
+
+<!--
+These guidelines are not set in stone and are subject to change.
+-->
+这些准则并非一成不变，可能会发生变化。
+
+<!--
+- An issue can have multiple labels.
+- Some labels use slash notation for grouping, which can be thought of like
+  "sub-labels". For instance, many `sig/` labels exist, such as `sig/cli` and
+  `sig/api-machinery`.
+- Some labels are automatically added based on metadata in the files involved
+  in the issue, slash commands used in the comments of the issue, or
+  information in the issue text.
+- Some labels are manually added by the person triaging the issue (or the person
+  reporting the issue, if they are a SIG Docs approvers).
+  - `Actionable`: There seems to be enough information for the issue to be fixed
+    or acted upon.
+  - `good first issue`: Someone with limited Kubernetes or SIG Docs experience
+    might be able to tackle this issue.
+  - `kind/bug`, `kind/feature`, and `kind/documentation`: If the person who
+    filed the issue did not fill out the template correctly, these labels may
+    not be assigned automatically. A bug is a problem with existing content or
+    functionality, and a feature is a request for new content or functionality.
+    The `kind/documentation` label is not currently in use.
+  - Priority labels: define the relative severity of the issue. These do not
+    conform to those outlined in the
+    [Kubernetes contributor guide](https://github.com/kubernetes/community/blob/master/contributors/guide/issue-triage.md#define-priority), and can be one of `P1`, `P2`, or `P3`, if set.
+- To add a label, you can use GitHub's **Labels** widget if you are a Sig Docs
+  approver. Anyone who is a member of the Kubernetes organization can add a
+  label by leaving a comment like `/label <label-to-add>`. The label must
+  already exist. If you try to add a label that does not exist, the command is
+  silently ignored.
+-->
+- 一个问题可以有多个标签。
+- 一些标签使用斜杠符号进行分组，可以将其视为“子标签”。例如，`sig/`存在许多标签，例如 `sig/cli` 和 `sig/api-machinery`。
+- 系统会根据问题所涉及文件中的元数据，问题注释中使用的斜杠命令或问题文本中的信息，自动添加一些标签。
+- 由负责问题分类的人员（或报告问题的人员，如果他们是SIG文档批准者）手动添加一些标签。
+  - `Actionable`：似乎有足够的信息可以解决或解决此问题。
+  - `good first issue`：Kubernetes或SIG Docs经验有限的人也有可能可以解决此问题。
+  - `kind/bug`, `kind/feature`, and `kind/documentation`：
+    如果提出问题的人未正确填写模板，则可能不会自动分配这些标签。
+    错误是现有内容或功能的问题，功能是对新内容或功能的请求。`kind/documentation`标签当前未使用。
+  - 优先级标签：定义问题的相对严重性。
+    这些并没有在[Kubernetes贡献者指导](https://github.com/kubernetes/community/blob/master/contributors/guide/issue-triage.md#define-priority)中，
+    可以是一个P1，P2或者P3。
+- 要添加标签，如果您是Sig Docs批准者，则可以使用GitHub的Labels小部件。Kubernetes组织的任何人都可以通过添加评论来添加标签/label <label-to-add>。标签必须已经存在。如果您尝试添加不存在的标签，该命令将被静默忽略。
+
+<!--
+### Priorities
+-->
+### 优先级
+
+<!--
+An issue's priority influences how quickly it is addressed. For documentation,
+here are the guidelines for setting a priority on an issue:
+-->
+问题的优先级会影响问题的解决速度。对于文档，以下是设置问题优先级的准则：
+
+#### P1
+
+<!--
+- Major content errors affecting more than 1 page
+- Broken code sample on a heavily trafficked page
+- Errors on a “getting started” page
+- Well known or highly publicized customer pain points
+- Automation issues
+-->
+- 影响超过1页的主要内容错误
+- 大量访问的页面上的代码示例损坏
+- “入门”页面上的错误
+- 众所周知或广为宣传的客户痛点
+- 自动化问题
+
+#### P2
+
+<!--
+This is the default for new issues and pull requests.
+这是新问题和拉取请求的默认设置。
+-->
+
+<!--
+- Broken code for sample that is not heavily used
+- Minor content issues in a heavily trafficked page
+- Major content issues on a lower-trafficked page
+-->
+- 不经常使用的示例代码损坏
+- 页面流量过大的次要内容问题
+- 流量较低的页面上的主要内容问题
+
+
+#### P3
+
+<!--
+- Typos and broken anchor links
+- Documentation feature requests
+- "Nice to have" items
+-->
+- 错别字和损坏的链接
+- 文档功能要求
+- “有了更好（没有也问题不大）”项目
+
+<!--
+### Handling special issue types
+-->
+### 处理特殊问题类型
+
+<!--
+We've encountered the following types of issues often enough to document how
+to handle them.
+-->
+我们经常遇到以下类型的问题，有必要记录如何处理它们。
+
+<!--
+#### Duplicate issues
+-->
+#### 重复的问题
+
+<!--
+If a single problem has one or more issues open for it, the problem should be
+consolidated into a single issue. You should decide which issue to keep open (or
+open a new issue), port over all relevant information, link related issues, and
+close all the other issues that describe the same problem. Only having a single
+issue to work on will help reduce confusion and avoid duplicating work on the
+same problem.
+-->
+如果单个问题可以解决一个或多个问题，则应将该问题合并为一个问题。
+您应该决定哪个问题保持打开状态（或打开一个新问题），移植所有相关信息，链接相关问题，
+并关闭描述同一问题的所有其他问题。只处理一个问题将有助于减少混乱并避免重复处理同一问题。
+
+<!--
+#### Dead link issues
+-->
+#### 无效链接问题
+
+<!--
+Depending on where the dead link is reported, different actions are required to
+resolve the issue. Dead links in the API and Kubectl docs are automation issues
+and should be assigned a P1 until the problem can be fully understood. All other
+dead links are issues that need to be manually fixed and can be assigned a P3.
+-->
+根据报告无效链接的位置，需要采取不同的措施来解决此问题。
+API和Kubectl文档中的无效链接是自动化问题，应分配为P1，直到可以完全解决该问题为止。
+所有其他无效链接都是需要手动修复的问题，可以将其分配为P3。
+
+<!--
+#### Blog issues
+-->
+#### 博客问题
+
+<!--
+[Kubernetes Blog](https://kubernetes.io/blog/) entries are expected to become
+outdated over time, so we maintain only blog entries that are less than one year old. 
+If an issue is related to a blog entry that is more than one year old, it should be closed
+without fixing. 
+-->
+随着时间的流逝，Kubernetes博客条目预计会过时，
+因此我们仅保留不到一年的博客条目。
+如果某个问题与存在超过一年的博客条目有关，则应将其关闭而不进行修复。
+
+<!--
+#### Support requests or code bug reports
+-->
+#### 支持请求或代码错误报告
+
+<!--
+Some issues opened for docs are instead issues with the underlying code, or
+requests for assistance when something (like a tutorial) didn’t work. For issues
+unrelated to docs, close the issue with a comment directing the requester to
+support venues (Slack, Stack Overflow) and, if relevant, where to file an issue
+for bugs with features (kubernetes/kubernetes is a great place to start).
+-->
+相反，为文档带来的一些问题是底层代码的问题，
+或者在某些内容（例如教程）不起作用时请求帮助。
+对于与文档无关的问题，请关闭issue并指示请求者正确的支持场所（Slack，Stack Overflow），
+并在适当的地方针对具有功能缺陷的问题提出问题（可以从kubernetes/kubernetes开始）。
+
+<!--
+Sample response to a request for support:
+-->
+对支持请求的响应示例：
+
+```none
+This issue sounds more like a request for support and less
+like an issue specifically for docs. I encourage you to bring
+your question to the `#kubernetes-users` channel in
+[Kubernetes slack](http://slack.k8s.io/). You can also search
+resources like
+[Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes)
+for answers to similar questions.
+
+You can also open issues for Kubernetes functionality in
+ https://github.com/kubernetes/kubernetes.
+
+If this is a documentation issue, please re-open this issue.
+```
+
+<!--
+Sample code bug report response:
+-->
+示例代码错误报告响应：
+
+```none
+This sounds more like an issue with the code than an issue with
+the documentation. Please open an issue at
+https://github.com/kubernetes/kubernetes/issues.
+
+If this is a documentation issue, please re-open this issue.
+```
+
+<!--
+## Document new features
+-->
+## 记录新功能
+
+<!--
+Each major Kubernetes release includes new features, and many of them need
+at least a small amount of documentation to show people how to use them.
+-->
+每个主要的Kubernetes版本都包含新功能，其中许多功能至少需要少量文档才能向人们展示如何使用它们。
+
+<!--
+Often, the SIG responsible for a feature submits draft documentation for the
+feature as a pull request to the appropriate release branch of
+`kubernetes/website` repository, and someone on the SIG Docs team provides
+editorial feedback or edits the draft directly.
+-->
+通常，负责功能的SIG负责对`kubernetes/website`存储库的相应release分支发起PR，
+提交该功能的文档草稿 ，并且由SIG Docs团队中的某人提供编辑反馈或直接编辑草稿。
+
+<!--
+### Find out about upcoming features
+### 了解即将推出的功能
+
+<!--
+To find out about upcoming features, attend the weekly sig-release meeting (see
+the [community](https://kubernetes.io/community/) page for upcoming meetings)
+and monitor the release-specific documentation
+in the [kubernetes/sig-release](https://github.com/kubernetes/sig-release/)
+repository. Each release has a sub-directory under the [/sig-release/tree/master/releases/](https://github.com/kubernetes/sig-release/tree/master/releases)
+directory. Each sub-directory contains a release schedule, a draft of the release
+notes, and a document listing each person on the release team.
+-->
+要了解即将发布的功能，请参加每周一次的sig-release会议
+（请参阅[社区](https://kubernetes.io/community/)页面以获取即将举行的会议，
+并在[kubernetes/sig-release](https://github.com/kubernetes/sig-release/) 存储库中监视特定于发行版的文档。
+每个发行版在[/sig-release/tree/master/releases/](https://github.com/kubernetes/sig-release/tree/master/releases)
+ 目录下都有一个子目录。每个子目录包含一个发布计划，一个发布说明草稿以及一个列出发布团队中每个人的文档。
+
+<!--
+- The release schedule contains links to all other documents, meetings,
+  meeting minutes, and milestones relating to the release. It also contains
+  information about the goals and timeline of the release, and any special
+  processes in place for this release. Near the bottom of the document, several
+  release-related terms are defined.
+
+    This document also contains a link to the **Feature tracking sheet**, which is
+    the official way to find out about all new features scheduled to go into the
+    release.
+- The release team document lists who is responsible for each release role. If
+  it's not clear who to talk to about a specific feature or question you have,
+  either attend the release meeting to ask your question, or contact the release
+  lead so that they can redirect you.
+- The release notes draft is a good place to find out a little more about
+  specific features, changes, deprecations, and more about the release. The
+  content is not finalized until late in the release cycle, so use caution.
+-->
+- 发布时间表包含与发布有关的所有其他文档，会议，会议记录和里程碑的链接。
+  它还包含有关该发行版的目标和时间表的信息，以及此发行版的任何特殊流程。
+  在文档底部附近，定义了几个与发布相关的术语。
+  
+    本文档还包含**Feature tracking sheet**的链接，这是查找排定要发布的所有新功能的正式方法。
+  
+- 发布团队文档列出了负责每个发布角色的人员。
+  如果不清楚要与谁谈论某个特定功能或问题，请参加发布会议询问您的问题，
+  或者与发布负责人联系，以便他们可以重定向您。
+- 发行说明草稿是了解更多有关特定功能，更改，不推荐使用以及更多有关发行版本的好地方。
+  该内容要到发布周期的后期才能最终确定，因此请谨慎使用。
+
+<!--
+#### The feature tracking sheet
+-->
+#### 功能跟踪表
+
+<!--
+The feature tracking sheet
+[for a given Kubernetes release](https://github.com/kubernetes/sig-release/tree/master/releases) lists each feature that is planned for a release.
+Each line item includes the name of the feature, a link to the feature's main
+GitHub issue, its stability level (Alpha, Beta, or Stable), the SIG and
+individual responsible for implementing it, whether it
+needs docs, a draft release note for the feature, and whether it has been
+merged. Keep the following in mind:
+-->
+给定Kubernetes版本的功能跟踪表 列出了计划发布的每个功能。
+每个订单项都包含功能名称，功能主要GitHub问题的链接，其稳定性级别（Alpha，Beta或Stable），
+SIG和负责实施此功能的人员，是否需要文档，发布说明草稿功能，以及是否已合并。请记住以下几点：
+
+<!--
+- Beta and Stable features are generally a higher documentation priority than
+  Alpha features.
+- It's hard to test (and therefore, document) a feature that hasn't been merged,
+  or is at least considered feature-complete in its PR.
+- Determining whether a feature needs documentation is a manual process and
+  just because a feature is not marked as needing docs doesn't mean it doesn't
+  need them.
+-->
+- Beta和稳定功能通常比Alpha功能具有更高的文档优先级。
+- 很难测试（因此要文档记录）尚未合并的功能，或者至少在其PR中被认为功能完整的功能。
+- 确定某个功能是否需要文档是一个手动过程，并且仅仅因为某个功能未标记为需要文档并不意味着它就不需要它们。
+
+<!--
+### Document a feature
+-->
+### 记录功能
+
+<!--
+As stated above, draft content for new features is usually submitted by the SIG
+responsible for implementing the new feature. This means that your role may be
+more of a shepherding role for a given feature than developing the documentation
+from scratch.
+-->
+如上所述，新功能的草案内容通常由负责实施新功能的SIG提交。
+这意味着您的角色可能更像是给定功能的牧羊人角色。
+
+<!--
+After you've chosen a feature to document/shepherd, ask about it in the `#sig-docs`
+Slack channel, in a weekly sig-docs meeting, or directly on the PR filed by the
+feature SIG. If you're given the go-ahead, you can edit into the PR using one of
+the techniques described in
+[Commit into another person's PR](#commit-into-another-persons-pr).
+-->
+选择要记录/跟踪的功能后，请在 `#sig-docs` Slack频道，
+每周一次的sig-docs会议中或直接在功能SIG提交的PR上询问有关功能。
+如果得到批准，则可以使用[提交到别人的PR](#commit-into-another-persons-pr)
+中介绍的技术来编辑 PR。
+
+<!--
+If you need to write a new topic, the following links are useful:
+-->
+如果您需要编写新主题，则以下链接很有用：
+
+<!--
+- [Writing a New Topic](/docs/contribute/style/write-new-topic/)
+- [Using Page Templates](/docs/contribute/style/page-templates/)
+- [Documentation Style Guide](/docs/contribute/style/style-guide/)
+-->
+- [撰写新主题](/docs/contribute/style/write-new-topic/)
+- [使用页面模板](/docs/contribute/style/page-templates/)
+- [文档样式指南](/docs/contribute/style/style-guide/)
+
+<!--
+### SIG members documenting new features
+-->
+SIG成员记录了新功能
+
+<!--
+If you are a member of a SIG developing a new feature for Kubernetes, you need
+to work with SIG Docs to be sure your feature is documented in time for the
+release. Check the
+[feature tracking spreadsheet](https://github.com/kubernetes/sig-release/tree/master/releases)
+or check in the #sig-release Slack channel to verify scheduling details and
+deadlines. Some deadlines related to documentation are:
+-->
+如果您是Kubernetes开发新功能的SIG成员，则需要一并更新SIG文档，
+以确保在发布该功能时及时记录了您的功能。
+查看 [功能跟踪电子表格](https://github.com/kubernetes/sig-release/tree/master/releases)，
+ 或在 #sig-release Slack频道中查看验证计划详细信息和截止日期。
+ 与文档相关的一些截止日期是：
+
+<!--
+- **Docs deadline - Open placeholder PRs**: Open a pull request against the
+  `release-X.Y` branch in the `kubernetes/website` repository, with a small
+  commit that you will amend later. Use the Prow command `/milestone X.Y` to
+  assign the PR to the relevant milestone. This alerts the docs person managing
+  this release that the feature docs are coming. If your feature does not need
+  any documentation changes, make sure the sig-release team knows this, by
+  mentioning it in the #sig-release Slack channel. If the feature does need
+  documentation but the PR is not created, the feature may be removed from the
+  milestone.
+- **Docs deadline - PRs ready for review**: Your PR now needs to contain a first
+  draft of the documentation for your feature. Don't worry about formatting or
+  polishing. Just describe what the feature does and how to use it. The docs
+  person managing the release will work with you to get the content into shape
+  to be published. If your feature needs documentation and the first draft
+  content is not received, the feature may be removed from the milestone.
+- **Docs complete - All PRs reviewed and ready to merge**: If your PR has not
+  yet been merged into the `release-X.Y` branch by this deadline, work with the
+  docs person managing the release to get it in. If your feature needs
+  documentation and the docs are not ready, the feature may be removed from the
+  milestone.
+-->
+- **文档截止期限-打开占位PR** ：针对`kubernetes/website`仓库中的`release-X.Y`分支提交一个PR，
+  稍作修改(占位)，稍后您将继续修改。使用Prow命令`/milestone X.Y`将PR分配给相关的里程碑。
+  这会提醒管理此版本的文档人员功能文档即将发布。
+  如果您的功能不需要任何文档更改，请在#sig-release Slack频道中说一下，
+  以确保sig-release团队知道这一点。
+  如果该功能确实需要文档，但未创建PR，则该功能可能已从里程碑中删除。
+- **文档截止日期-PR审核**：您的PR现在需要包含功能文档的初稿。不必担心格式或修饰。
+  只需描述该功能的用途以及使用方法即可。管理发行版的文档人员将与您合作，使内容成形以进行发布。
+  如果您的功能需要文档且未收到第一稿内容，则该功能可能已从里程碑中删除。
+- **文档完成-PR已审核，准备合并**：如果您的PR尚未在`release-X.Y`此期限之前合并到分支中，
+  请与管理发行版的文档人员一起合作帮助它合入。
+  如果您的功能需要文档且文档尚未准备好，该功能可能会从里程碑中删除。
+
+<!--
+If your feature is an Alpha feature and is behind a feature gate, make sure you
+add it to [Feature gates](/docs/reference/command-line-tools-reference/feature-gates/)
+as part of your pull request. If your feature is moving out of Alpha, make sure to
+remove it from that file.
+-->
+如果您的功能是Alpha功能并且由[功能开关](/docs/reference/command-line-tools-reference/feature-gates/)
+控制，请确保将其作为PR的一部分添加到功能开关。
+如果您的功能要移出Alpha，请确保将其从该文件中删除。
+
+<!--
+## Contribute to other repos
+-->
+## 贡献其他仓库
+
+<!--
+The [Kubernetes project](https://github.com/kubernetes) contains more than 50
+individual repositories. Many of these repositories contain code or content that
+can be considered documentation, such as user-facing help text, error messages,
+user-facing text in API references, or even code comments.
+-->
+该Kubernetes项目包含超过50个仓库。
+这些存储库中许多都包含可以视为文档的代码或内容，例如面向用户的帮助文本，错误消息，
+API参考中的面向用户的文本，甚至是代码注释。
+
+<!--
+If you see text and you aren't sure where it comes from, you can use GitHub's
+search tool at the level of the Kubernetes organization to search through all
+repositories for that text. This can help you figure out where to submit your
+issue or PR.
+-->
+如果您看到文本并且不确定其来源，则可以在Kubernetes组织级别使用GitHub的搜索工具在所有存储库中搜索该文本。
+这可以帮助您确定将问题或PR提交到哪里。
+
+<!--
+Each repository may have its own processes and procedures. Before you file an
+issue or submit a PR, read that repository's `README.md`, `CONTRIBUTING.md`, and
+`code-of-conduct.md`, if they exist.
+-->
+每个存储库可能都有自己的流程和过程。
+在您提交的问题或提交PR，查看存储库的`README.md`，`CONTRIBUTING.md`以及 `code-of-conduct.md`。
+
+<!--
+Most repositories use issue and PR templates. Have a look through some open
+issues and PRs to get a feel for that team's processes. Make sure to fill out
+the templates with as much detail as possible when you file issues or PRs.
+-->
+大多数存储库使用issue和PR模板。
+浏览一些未解决的问题和PR，以了解该团队的流程。
+提交问题或PR时，​​请确保尽可能详细地填写模板。
+
+<!--
+## Localize content
+-->
+## 本地化内容
+
+<!--
+The Kubernetes documentation is written in English first, but we want people to
+be able to read it in their language of choice. If you are comfortable
+writing in another language, especially in the software domain, you can help
+localize the Kubernetes documentation or provide feedback on existing localized
+content. See [Localization](/docs/contribute/localization/) and ask on the
+[kubernetes-sig-docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)
+or in `#sig-docs` on Slack if you are interested in helping out.
+-->
+Kubernetes文档首先是用英语编写的，但是我们希望人们能够使用他们选择的语言来阅读它。
+如果您愿意用另一种语言编写，尤其是在软件领域，则可以帮助本地化Kubernetes文档
+或提供有关现有本地化内容的反馈。
+请参阅[本地化](/docs/contribute/localization/) ，
+并在[kubernetes-sig-docs邮件列表][kubernetes-sig-docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs) #sig-docs上询问，或者在Slack上询问是否有帮助的兴趣。
+
+<!--
+### Working with localized content
+-->
+### 参与本地化工作
+
+<!--
+Follow these guidelines for working with localized content:
+-->
+请遵循以下准则来使用本地化内容：
+
+<!--
+- Limit PRs to a single language. 
+
+   Each language has its own reviewers and approvers.
+
+- Reviewers, verify that PRs contain changes to only one language.
+
+   If a PR contains changes to source in more than one language, ask the PR contributor to open separate PRs for each language.
+-->
+- 将PR限制为一种语言。
+
+    每种语言都有其自己的审阅者和批准者。
+    
+- 审阅者，请验证PR是否仅对一种语言进行了更改。
+  
+    如果PR包含对一种以上源语言的更改，请PR贡献者为每种语言打开单独的PR。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+When you are comfortable with all of the tasks discussed in this topic and you
+want to engage with the Kubernetes docs team in even deeper ways, read the
+[advanced docs contributor](/docs/contribute/advanced/) topic.
+-->
+如果您熟悉本主题中讨论的所有任务，并且想与Kubernetes文档小组进行更深入的接触，
+请阅读[高级文档贡献者](/docs/contribute/advanced/)主题。
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/localization.md b/content/zh/docs/contribute/localization.md
new file mode 100644
index 0000000000000..18cb55461165c
--- /dev/null
+++ b/content/zh/docs/contribute/localization.md
@@ -0,0 +1,528 @@
+---
+title: 本地化 Kubernetes 文档
+content_template: templates/concept
+approvers:
+- chenopis
+- zacharysarah
+- zparnold
+---
+
+<!--
+---
+title: Localizing Kubernetes Documentation
+content_template: templates/concept
+approvers:
+- chenopis
+- zacharysarah
+- zparnold
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Documentation for Kubernetes is available in multiple languages:
+-->
+
+Kubernetes 文档库有多种语言：
+
+<!--
+- English
+- Chinese
+- Japanese
+- Korean
+-->
+
+- 英语
+- 中文
+- 日语
+- 韩语
+
+<!--
+We encourage you to add new  [localizations](https://blog.mozilla.org/l10n/2011/12/14/i18n-vs-l10n-whats-the-diff/)!
+-->
+
+我们鼓励你添加新的[本地化](https://blog.mozilla.org/l10n/2011/12/14/i18n-vs-l10n-whats-the-diff/)！
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Getting started
+-->
+
+## 入门
+
+<!--
+Localizations must meet some requirements for workflow (*how* to localize) and output (*what* to localize).
+-->
+
+本地化必须满足工作流（*如何*本地化）和输出（本地化*内容*）的一些要求。
+
+<!--
+To add a new localization of the Kubernetes documentation, you'll need to update the website by modifying the  [site configuration](#modify-the-site-configuration) and [directory structure](#add-a-new-localization-directory). Then you can start [translating documents](#translating-documents)!
+-->
+
+要添加 Kubernetes 文档库的新的本地化，你需要修改[网站配置](#modify-the-site-configuration) 和[目录结构](#add-a-new-localization-directory)来更新网站。然后你就可以开始[翻译文档](#translating-documents)了！
+
+{{< note >}}
+<!--
+For an example localization-related [pull request](../create-pull-request), see [this pull request](https://github.com/kubernetes/website/pull/8636) to the [Kubernetes website repo](https://github.com/kubernetes/website) adding Korean localization to the Kubernetes docs.
+-->
+
+本地化相关的[拉取请求](../create-pull-request) 示例，请参见向 Kubernetes 文档库 [Kubernetes website 仓库](https://github.com/kubernetes/website) 合入韩语本地化的[这个拉取请求](https://github.com/kubernetes/website/pull/8636)。
+{{< /note >}}
+
+<!--
+Let Kubernetes SIG Docs know you're interested in creating a localization! Join the [SIG Docs Slack channel](https://kubernetes.slack.com/messages/C1J0BPD2M/). We're happy to help you get started and answer any questions you have.
+-->
+
+让 Kubernetes SIG Docs 知道你对创建本地化感兴趣！加入 [SIG Docs Slack channel](https://kubernetes.slack.com/messages/C1J0BPD2M/)。我们很乐意帮助你快速上手并回答你的任何问题。
+
+<!--
+All localization teams must be self-sustaining with their own resources. We're happy to host your work, but we can't translate it for you.
+-->
+
+所有本地化团队必须使用自身的资源独立工作。我们很高兴支持你的工作，但无法为你翻译。
+
+<!--
+### Fork and clone the repo
+-->
+
+### 克隆仓库并创建分支
+
+<!--
+First, [create your own fork](https://help.github.com/articles/fork-a-repo/) of the [kubernetes/website](https://github.com/kubernetes/website).
+-->
+
+首先，在 [kubernetes/website](https://github.com/kubernetes/website) 中[创建你自己的分支](https://help.github.com/articles/fork-a-repo/)。
+
+<!--
+Then, clone the website repo and `cd` into it:
+-->
+
+然后，克隆 website 仓库并通过 `cd` 命令进入 website 目录：
+
+```shell
+git clone https://github.com/kubernetes/website
+cd website
+```
+
+{{< note >}}
+<!--
+Contributors to `k/website` must [create a fork](/docs/contribute/start/#improve-existing-content) from which to open pull requests. For localizations, we ask additionally that:
+-->
+
+`k/website` 的贡献者必须[创建一个分支](/docs/contribute/start/#improve-existing-content)，从创建拉取请求。对于本地化，我们还要求：
+
+<!--
+1. Team approvers open development branches directly from https://github.com/kubernetes/website.
+2. Localization contributors work from forks, with branches based on the current development branch.
+-->
+
+1. 团队审批者直接从 https://github.com/kubernetes/website 新建开发分支。
+2. 本地化贡献者创建分支进行工作，其分支基于当前的开发分支。
+
+<!--
+This is because localization projects are collaborative efforts on long-running branches, similar to the development branches for the Kubernetes release cycle. For information about localization pull requests, see ["branching strategy"](#branching-strategy).
+-->
+
+这是因为本地化项目是在长期进行的分支上的协同工作，类似于 Kubernetes 发布周期的开发分支。有关本地化拉取请求，请参见[“分支策略”](#branching-strategy)。
+{{< /note >}}
+
+<!--
+### Find your two-letter language code
+-->
+
+### 找到两个字母的语言代码
+
+<!--
+Consult the [ISO 639-1 standard](https://www.loc.gov/standards/iso639-2/php/code_list.php) for your localization's two-letter country code. For example, the two-letter code for German is `de`.
+-->
+
+有关本地化的两个字母的国家代码，请参考 [ISO 639-1 标准](https://www.loc.gov/standards/iso639-2/php/code_list.php)。例如，德语的两个字母代码是 `de`。
+
+{{< note >}}
+<!--
+These instructions use the [ISO 639-1](https://www.loc.gov/standards/iso639-2/php/code_list.php) language code for German (`de`) as an example.
+-->
+
+这些说明遵循 [ISO 639-1](https://www.loc.gov/standards/iso639-2/php/code_list.php) 语言代码标准，以德语(`de`)为例。
+
+<!--
+There's currently no Kubernetes localization for German, but you're welcome to create one!
+-->
+
+目前没有针对德语的 Kubernetes 本地化，但欢迎你创建一个！
+{{< /note >}}
+
+<!--
+### Modify the site configuration
+-->
+
+### 修改网站配置
+
+<!--
+The Kubernetes website uses Hugo as its web framework. The website's Hugo configuration resides in the  [`config.toml`](https://github.com/kubernetes/website/tree/master/config.toml) file. To support a new localization, you'll need to modify `config.toml`.
+-->
+
+Kubernetes 网站使用 Hugo 作为其 web 框架。网站的 Hugo 配置位于 [`config.toml`](https://github.com/kubernetes/website/tree/master/config.toml) 文件中。要支持新的本地化，你需要修改 `config.toml`。
+
+<!--
+Add a configuration block for the new language to `config.toml`, under the existing `[languages]` block. The German block, for example, looks like:
+-->
+
+将新语言的配置块添加到 `config.toml` 中现有的 `[languages]` 块下。例如，德语块如下所示：
+
+```toml
+[languages.de]
+title = "Kubernetes"
+description = "Produktionsreife Container-Verwaltung"
+languageName = "Deutsch"
+contentDir = "content/de"
+weight = 3
+```
+
+<!--
+When assigning a `weight` parameter for your block, find the language block with the highest weight and add 1 to that value.
+-->
+
+为块分配 `weight` 参数时，请查找权重最大的语言块，并对该值加 1。
+
+<!--
+For more information about Hugo's multilingual support, see "[Multilingual Mode](https://gohugo.io/content-management/multilingual/)".
+-->
+
+有关 Hugo 多语言支持的更多信息，请参见 “[多语言模式](https://gohugo.io/content-management/multilingual/)”。
+
+<!--
+### Add a new localization directory
+-->
+
+### 创建新的本地化目录
+
+<!--
+Add a language-specific subdirectory to the [`content`](https://github.com/kubernetes/website/tree/master/content) folder in the repository. For example, the two-letter code for German is `de`:
+-->
+
+将特定语言的子目录添加到仓库中的 [`content`](https://github.com/kubernetes/website/tree/master/content) 目录中。例如，德语的两个字母代码是 `de`：
+
+```shell
+mkdir content/de
+```
+
+<!--
+### Add a localized README
+-->
+
+### 添加本地化自述文件
+
+<!--
+To guide other localization contributors, add a new [`README-**.md`](https://help.github.com/articles/about-readmes/) to the top level of k/website, where `**` is the two-letter language code. For example, a German README file would be `README-de.md`.
+-->
+
+要指导其他本地化贡献者，请将新的 [`README-**.md`](https://help.github.com/articles/about-readmes/) 添加到 k/website 的顶层，其中 `**` 是两个字母的语言代码。例如，德语的自述文件是 `README-de.md`。
+
+<!--
+Provide guidance to localization contributors in the localized `README-**.md` file. Include the same information contained in `README.md` as well as:
+-->
+
+在本地化的 `README-**.md` 文件中为本地化贡献者提供指导。包括 `README.md` 中包含的相同信息以及：
+
+<!--
+- A point of contact for the localization project
+- Any information specific to the localization
+-->
+
+- 本地化项目的联系人
+- 任何特定于本地化的信息
+
+<!--
+After you create the localized README, add a link to the file from the main English file, [`README.md`'s Localizing Kubernetes Documentation] and include contact information in English. You can provide a GitHub ID, email address, [Slack channel](https://slack.com/), or other method of contact.
+-->
+
+创建本地化的自述文件后，请在主英文文件中添加指向该文件的链接，[`README.md`'s Localizing Kubernetes Documentation]，并以英文包含联系信息。你可以提供 GitHub ID、电子邮箱、[Slack channel](https://slack.com/) 或其他联系方式。
+
+<!--
+## Translating documents
+-->
+
+## 翻译文档
+
+<!--
+Localizing *all* of the Kubernetes documentation is an enormous task. It's okay to start small and expand over time.
+-->
+
+本地化*所有* Kubernetes 文档是一项艰巨的任务。从小做起，循序渐进。
+
+<!--
+At a minimum, all localizations must include:
+-->
+
+所有本地化至少必须包括：
+
+<!--
+Description | URLs
+-----|-----
+Home | [All heading and subheading URLs](/docs/home/)
+Setup | [All heading and subheading URLs](/docs/setup/)
+Tutorials | [Kubernetes Basics](/docs/tutorials/kubernetes-basics/), [Hello Minikube](/docs/tutorials/stateless-application/hello-minikube/)
+Site strings | [All site strings in a new localized TOML file](https://github.com/kubernetes/website/tree/master/i18n)
+-->
+
+描述 | 网址
+-----|-----
+主页 | [所有标题和副标题网址](/docs/home/)
+安装 | [所有标题和副标题网址](/docs/setup/)
+教程 | [Kubernetes 基础](/docs/tutorials/kubernetes-basics/), [Hello Minikube](/docs/tutorials/stateless-application/hello-minikube/)
+网站字符串 | [新的本地化 TOML 文件中的所有网站字符串](https://github.com/kubernetes/website/tree/master/i18n)
+
+<!--
+Translated documents must reside in their own `content/**/` subdirectory, but otherwise follow the same URL path as the English source. For example, to prepare the [Kubernetes Basics](/docs/tutorials/kubernetes-basics/) tutorial for translation into German, create a subfolder under the `content/de/` folder and copy the English source:
+-->
+
+翻译后的文档必须保存在自己的 `content/**/` 子目录中，否则将遵循与英文源相同的 URL 路径。例如，要准备将 [Kubernetes 基础](/docs/tutorials/kubernetes-basics/) 教程翻译为德语，请在 `content/de/` 文件夹下创建一个子文件夹并复制英文源：
+
+```shell
+mkdir -p content/de/docs/tutorials
+cp content/en/docs/tutorials/kubernetes-basics.md content/de/docs/tutorials/kubernetes-basics.md
+```
+
+<!--
+For an example of a localization-related [pull request](../create-pull-request), [this pull request](https://github.com/kubernetes/website/pull/10471) to the [Kubernetes website repo](https://github.com/kubernetes/website) added Korean localization to the Kubernetes docs.
+-->
+
+本地化相关的[拉取请求](../create-pull-request) 示例，请参见向 Kubernetes 文档库 [Kubernetes website 仓库](https://github.com/kubernetes/website) 合入韩语本地化的[这个拉取请求](https://github.com/kubernetes/website/pull/10471)。
+
+<!--
+### Source Files
+-->
+
+### 源文件
+
+<!--
+Localizations must use English files from the most recent release as their source. The most recent version is **{{< latest-version >}}**.
+-->
+
+本地化必须使用最新版本的英文文件作为其源。最新版本是 **{{< latest-version >}}**。
+
+<!--
+To find source files for the most recent release:
+-->
+
+要查找最新版本的源文件，请执行以下操作：
+
+<!--
+1. Navigate to the Kubernetes website repository at https://github.com/kubernetes/website.
+2. Select the `release-1.X` branch for the most recent version.
+-->
+
+1. 导航到 Kubernetes website 仓库，网址为 https://github.com/kubernetes/website。
+2. 选择 `release-1.X` 分支作为最新版本。
+
+<!--
+The latest version is **{{< latest-version >}}**, so the most recent release branch is [`{{< release-branch >}}`](https://github.com/kubernetes/website/tree/{{< release-branch >}}).
+-->
+
+最新版本是 **{{< latest-version >}}**，所以最新的发布分支是 [`{{< release-branch >}}`](https://github.com/kubernetes/website/tree/{{< release-branch >}})。
+
+<!--
+### Site strings in i18n/
+-->
+
+### i18n 中的网站字符串/
+
+<!--
+Localizations must include the contents of [`i18n/en.toml`](https://github.com/kubernetes/website/blob/master/i18n/en.toml) in a new language-specific file. Using German as an example: `i18n/de.toml`.
+-->
+
+本地化必须在新的语言特定文件中包含 [`i18n/en.toml`](https://github.com/kubernetes/website/blob/master/i18n/en.toml) 的内容。以德语为例：`i18n/de.toml`。
+
+<!--
+Add a new localization file to `i18n/`. For example, with German (`de`):
+-->
+
+将新的本地化文件添加到 `i18n/`。例如德语 (`de`)：
+
+```shell
+cp i18n/en.toml i18n/de.toml
+```
+
+<!--
+Then translate the value of each string:
+-->
+
+然后转换每个字符串的值：
+
+```TOML
+[docs_label_i_am]
+other = "ICH BIN..."
+```
+
+<!--
+Localizing site strings lets you customize site-wide text and features: for example, the legal copyright text in the footer on each page.
+-->
+
+本地化网站字符串允许你自定义网站范围的文本和特性：例如，每个页面页脚中的合法版权文本。
+
+<!--
+## Project logistics
+-->
+
+## 项目组织
+
+<!--
+### Contact the SIG Docs chairs
+-->
+
+### 联系 SIG Docs 主席
+
+<!--
+Contact one of the chairs of the Kubernetes [SIG Docs](https://github.com/kubernetes/community/tree/master/sig-docs#chairs) chairs when you start a new localization.
+-->
+
+开始新的本地化时，请联系 Kubernetes [SIG Docs](https://github.com/kubernetes/community/tree/master/sig-docs#chairs) 中的主席之一。
+
+<!--
+### Maintainers
+-->
+
+### 维护者
+
+<!--
+Each localization repository must provide its own maintainers. Maintainers can be from a single organization or multiple organizations. Whenever possible, localization pull requests should be approved by a reviewer from a different organization than the translator.
+-->
+
+每个本地化存储库必须提供自己的维护人员。维护人员可以来自单个组织或多个组织。只要可能，本地化的拉取请求应该由来自不同组织的评审者批准，而不是由翻译人员批准。
+
+<!--
+A localization must provide a minimum of two maintainers. (It's not possible to review and approve one's own work.)
+-->
+
+本地化必须至少提供两个维护人员。（不能评审和批准自己的工作。）
+
+<!--
+### Branching strategy
+-->
+
+### 分支策略
+
+<!--
+Because localization projects are highly collaborative efforts, we encourage teams to work from a shared development branch.
+-->
+
+因为本地化项目是高度协同的工作，所以我们鼓励团队基于共享的开发分支工作。
+
+<!--
+To collaborate on a development branch:
+-->
+
+在开发分支上协作：
+
+<!--
+1. A team member opens a development branch, usually by opening a new pull request against a source branch on https://github.com/kubernetes/website.
+-->
+
+1. 团队成员新建一个开发分支，通常通过在 https://github.com/kubernetes/website 上针对源分支新建一个拉取请求。
+
+<!--
+    We recommend the following branch naming scheme:
+-->
+
+    我们推荐以下分支命名方案：
+
+    `dev-<source version>-<language code>.<team milestone>`
+
+<!--
+    For example, an approver on a German localization team opens the development branch `dev-1.12-de.1` directly against the k/website repository, based on the source branch for Kubernetes v1.12.
+-->
+
+    例如，一个德语本地化团队的审批者基于 Kubernetes v1.12 版本的源分支直接新建了 k/website 仓库的开发分支 `dev-1.12-de.1`。
+
+<!--
+2. Individual contributors open feature branches based on the development branch.
+-->
+
+2. 个人贡献者基于开发分支新建特性分支。
+
+<!--
+    For example, a German contributor opens a pull request with changes to `kubernetes:dev-1.12-de.1` from `username:local-branch-name`.
+-->
+
+    例如，一个德国贡献者新建了一个拉取请求，并从 `username:local-branch-name` 更改了 `kubernetes:dev-1.12-de.1`。
+
+<!--
+3. Approvers review and merge feature branches into the development branch.
+-->
+
+3. 审批者审批功能分支并将其合入到开发分支中。
+
+<!--
+4. Periodically, an approver merges the development branch to its source branch.
+-->
+
+4. 审批者定期将开发分支合并到其源分支。
+
+<!--
+Repeat steps 1-4 as needed until the localization is complete. For example, subsequent German development branches would be: `dev-1.12-de.2`, `dev-1.12-de.3`, etc.
+-->
+
+根据需要重复步骤 1-4，直到完成本地化工作。例如，随后的德语开发分支将是：`dev-1.12-de.2`、`dev-1.12-de.3`，等等。
+
+<!--
+Teams must merge localized content into the same release branch from which the content was sourced. For example, a development branch sourced from {{< release-branch >}} must be based on {{< release-branch >}}.
+-->
+
+团队必须将本地化内容合入到发布分支中，该发布分支也正是内容的来源。例如，源于 {{< release-branch >}} 的开发分支必须基于 {{< release-branch >}}。
+
+<!--
+An approver must maintain a development branch by keeping it current with its source branch and resolving merge conflicts. The longer a development branch stays open, the more maintenance it typically requires. Consider periodically merging development branches and opening new ones, rather than maintaining one extremely long-running development branch.
+-->
+
+审批者必须通过使开发分支与源分支保持最新并解决合并冲突来维护开发分支。开发分支的存在时间越长，通常需要的维护工作就越多。考虑定期合并开发分支并新建分支，而不是维护一个运行非常长的开发分支。
+
+<!--
+While only approvers can merge pull requests, anyone can open a pull request for a new development branch. No special permissions are required.
+-->
+
+虽然只有审批者可以合入拉取请求，但任何人都可以为新的开发分支新建拉取请求。不需要特殊权限。
+
+<!--
+For more information about working from forks or directly from the repository, see ["fork and clone the repo"](#fork-and-clone-the-repo).
+-->
+
+有关基于克隆或直接从仓库开展工作的更多信息，请参见 ["fork and clone the repo"](#fork-and-clone-the-repo)。
+
+<!--
+### Upstream contributions
+-->
+
+### 上游贡献
+
+<!--
+SIG Docs welcomes [upstream contributions and corrections](/docs/contribute/intermediate#localize-content) to the English source. 
+-->
+
+Sig Docs 欢迎[上游贡献和更正](/docs/contribute/intermediate#localize-content) 到英文源。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Once a l10n meets requirements for workflow and minimum output, SIG docs will:
+-->
+
+一旦 l10n 满足工作流和最小输出的要求，SIG docs 将：
+
+<!--
+- Enable language selection on the website
+- Publicize the localization's availability through [Cloud Native Computing Foundation](https://www.cncf.io/) (CNCF) channels, including the [Kubernetes blog](https://kubernetes.io/blog/).
+-->
+
+- 在网站上启用语言选择
+- 通过[云原生计算基金会](https://www.cncf.io/) (CNCF) 渠道，包括 [Kubernetes blog](https://kubernetes.io/blog/)，来宣传本地化的可用性。
+
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/participating.md b/content/zh/docs/contribute/participating.md
new file mode 100644
index 0000000000000..dce311e5372e5
--- /dev/null
+++ b/content/zh/docs/contribute/participating.md
@@ -0,0 +1,518 @@
+---
+title: 参与到 SIG Docs
+content_template: templates/concept
+card:
+  name: contribute
+  weight: 40
+---
+
+{{% capture overview %}}
+
+<!--
+SIG Docs is one of the
+[special interest groups](https://github.com/kubernetes/community/blob/master/sig-list.md)
+within the Kubernetes project, focused on writing, updating, and maintaining
+the documentation for Kubernetes as a whole. See
+[SIG Docs from the community github repo](https://github.com/kubernetes/community/tree/master/sig-docs)
+for more information about the SIG.
+-->
+SIG Docs 是 Kubernetes 项目中的一个 [special interest groups](https://github.com/kubernetes/community/blob/master/sig-list.md)，
+总的来说，它负责编写、更新和维护 Kubernetes 文档。
+
+<!--
+SIG Docs welcomes content and reviews from all contributors. Anyone can open a
+pull request (PR), and anyone is welcome to file issues about content or comment
+on pull requests in progress.
+-->
+SIG Docs 欢迎所有贡献者提供内容和检视。任何人可以提交拉取请求（PR），
+欢迎对文档内容提交 issue 和 对正在进行中的 PR 进行评论。
+
+<!--
+Within SIG Docs, you may also become a [member](#members),
+[reviewer](#reviewers), or [approver](#approvers). These roles require greater
+access and entail certain responsibilities for approving and committing changes.
+See [community-membership](https://github.com/kubernetes/community/blob/master/community-membership.md)
+for more information on how membership works within the Kubernetes community.
+The rest of this document outlines some unique ways these roles function within
+SIG Docs, which is responsible for maintaining one of the most public-facing
+aspects of Kubernetes -- the Kubernetes website and documentation.
+-->
+在 SIG Docs，你可以成为 [member](#members)、[reviewer](#reviewers) 或者 [approver](#approvers)。
+这些角色拥有更高的权限，并且需要承担批准和提交更改的责任。
+有关Kubernetes社区中的成员如何工作的更多信息，请参见[community-membership](https://github.com/kubernetes/community/blob/master/community-membership.md)。
+本文档的其余部分概述了这些角色在 SIG Docs 中发挥作用的一些独特方式，
+SIG Docs 负责维护 Kubernetes 最面向公众的方面之一—— Kubernetes 网站和文档。
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Roles and responsibilities
+-->
+## 角色和责任
+
+<!--
+When a pull request is merged to the branch used to publish content (currently
+`master`), that content is published and available to the world. To ensure that
+the quality of our published content is high, we limit merging pull requests to
+SIG Docs approvers. Here's how it works.
+-->
+
+当一个 pull 请求被合并到用于发布内容的分支(当前为“master”)，该内容将发布并向全世界开放。
+为了确保发布内容的质量较高，每个 pull 请求需要 SIG Docs 的 approver 审批。
+它是这样工作的。
+
+<!--
+- When a pull request has both the `lgtm` and `approve` labels and has no `hold`
+  labels, the pull request merges automatically. 
+- Kubernetes organization members and SIG Docs approvers can add comments to
+  prevent automatic merging of a given pull request (by adding a `/hold` comment
+  or withholding a `/lgtm` comment).
+- Any Kubernetes member can add the `lgtm` label, by adding a `/lgtm` comment.
+- Only an approver who is a member of SIG Docs can cause a pull request to merge
+  by adding an `/approve` comment. Some approvers also perform additional
+  specific roles, such as [PR Wrangler](#pr-wrangler) or
+  [SIG Docs chairperson](#sig-docs-chairperson).
+-->
+- 当某个 pull request 拥有 `lgtm` 和 `approve` 标签， 并且没有 `hold` 标签时，这个 pull request 会自动合入。
+- Kubernetes 组织成员 和 SIG Docs 的 approvers 可以通过评论的方式阻止某个 pull request 自动合入（评论中包含 `/hold` 或 取消 `/lgtm` 的内容）。
+- 任何 Kubernetes 成员都可以通过在评论回复 `/lgtm` 来增加 `/lgtm` 标签。
+- 只有 SIG Docs 的 approver 可以在评论中回复 `/approve` 并触发合并。 
+  某些 approver 还兼具其他角色，比如 [PR Wrangler](#pr-wrangler) 或 [SIG Docs chairperson](#sig-docs-chairperson)。
+
+<!--
+For more information about expectations and differences between the roles of
+Kubernetes organization member and SIG Docs approvers, see
+[Types of contributor](/docs/contribute#types-of-contributor). The following
+sections cover more details about these roles and how they work within
+SIG Docs.
+-->
+关于 Kubernetes 组织成员和 SIG Docs approver 的区别，请参考 [Types of contributor](/docs/contribute#types-of-contributor)。
+以下部分将详细介绍这些角色及其内部的工作方式。
+
+### Anyone
+
+<!--
+Anyone can file an issue against any part of Kubernetes, including documentation.
+-->
+任何人可以针对 Kubernetes 的任何内容（包括文档）提交 issue。
+
+<!--
+Anyone who has signed the CLA can submit a pull request. If you cannot sign the
+CLA, the Kubernetes project cannot accept your contribution.
+-->
+任何人想到提交 pull request，必须要签署 CLA。 否则 ubernetes 项目则不能接受你的贡献。
+
+### Members
+
+<!--
+Any member of the [Kubernetes organization](https://github.com/kubernetes) can
+review a pull request, and SIG Docs team members frequently request reviews from
+members of other SIGs for technical accuracy.
+SIG Docs also welcomes reviews and feedback regardless of a person's membership
+status in the Kubernetes organization. You can indicate your approval by adding
+a comment of `/lgtm` to a pull request. If you are not a member of the
+Kubernetes organization, your `/lgtm` has no effect on automated systems.
+-->
+任何 [Kubernetes 组织成员](https://github.com/kubernetes) 都可以检视 pull request。
+SIG Docs 组成员经常需要检视来自其他 SIG 的 pull request，以确保技术上的准确性。
+
+<!--
+Any member of the Kubernetes organization can add a `/hold` comment to prevent
+the pull request from being merged. Any member can also remove a `/hold` comment
+to cause a PR to be merged if it already has both `/lgtm` and `/approve` applied
+by appropriate people.
+-->
+作何 Kubernetes 组织成员都可以在评论中增加 `/hold` 标签来阻止 PR 被合入。
+任何 Kubernetes 组织成员都可以移除 `/hold` 标签来让PR 合入（必须此前已有 `/lgtm` 和 `/approve` 标签）。
+
+<!--
+#### Becoming a member
+-->
+#### 成为一个 member
+
+<!--
+After you have successfully submitted at least 5 substantive pull requests, you
+can request [membership](https://github.com/kubernetes/community/blob/master/community-membership.md#member)
+in the Kubernetes organization. Follow these steps:
+-->
+在你成功的提交至少5个PR后，你就可以向Kubernetes 组织提交申请 [membership](https://github.com/kubernetes/community/blob/master/community-membership.md#member)。
+按照如下流程：
+
+<!--
+1.  Find two reviewers or approvers to [sponsor](/docs/contribute/advanced#sponsor-a-new-contributor)
+    your membership.
+    
+      Ask for sponsorship in the [#sig-docs channel on the 
+      Kubernetes Slack instance](https://kubernetes.slack.com) or on the
+      [SIG Docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs).
+      
+      {{< note >}}
+      Don't send a direct email or Slack direct message to an individual
+      SIG Docs member.
+      {{< /note >}}
+
+2.  Open a GitHub issue in the `kubernetes/org` repository to request membership.
+    Fill out the template using the guidelines at
+    [Community membership](https://github.com/kubernetes/community/blob/master/community-membership.md).
+
+3.  Let your sponsors know about the GitHub issue, either by at-mentioning them
+    in the GitHub issue (adding a comment with `@<GitHub-username>`) or by sending them the link directly,
+    so that they can add a `+1` vote.
+
+4.  When your membership is approved, the github admin team member assigned to your request updates the
+    GitHub issue to show approval and then closes the GitHub issue.
+    Congratulations, you are now a member!
+-->
+1. 找到两个 reviewer 或 approver 为你提名。
+
+     通过[#sig-docs channel on the Kubernetes Slack instance](https://kubernetes.slack.com) 或者
+   [SIG Docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)
+   来寻找为你提名的人。
+    {{< note >}}
+    不要单独发送邮件给某个人或在Slack中私聊。
+    {{< /note >}}
+
+2. 在 `kubernetes/org` 仓库中提交一个 issue 发起请求。
+   按照[指导模板](https://github.com/kubernetes/community/blob/master/community-membership.md)填写请求。
+
+3. 告知你的提名人，可以通过在 issue中 `@<GitHub-username>` 或者直接发送给他们issue链接，
+   这样他们可以过来投票（`+1`）。
+   
+4. 当请求被批准后，github 管理员团队成员会告诉你批准加入并且关闭issue："Congratulations, you are now a member!"。
+   
+<!--
+If for some reason your membership request is not accepted right away, the
+membership committee provides information or steps to take before applying
+again.
+-->
+如果因为某些原因你的申请没有被批准，会员委员会成员会告诉你原因并指导你如何继续申请。
+
+### Reviewers
+
+<!--
+Reviewers are members of the
+[@kubernetes/sig-docs-pr-reviews](https://github.com/orgs/kubernetes/teams/sig-docs-pr-reviews)
+GitHub group. See [Teams and groups within SIG Docs](#teams-and-groups-within-sig-docs).
+-->
+Reviewers 是[@kubernetes/sig-docs-pr-reviews](https://github.com/orgs/kubernetes/teams/sig-docs-pr-reviews) 成员。
+
+<!--
+Reviewers review documentation pull requests and provide feedback on proposed
+changes.
+-->
+Reviewers 负责检视文档的PR并提供反馈。
+
+<!--
+Automation assigns reviewers to pull requests, and contributors can request a
+review from a specific reviewer with a comment on the pull request: `/assign
+[@_github_handle]`. To indicate that a pull request is technically accurate and
+requires no further changes, a reviewer adds a `/lgtm` comment to the pull
+request.
+-->
+每个PR都会自动分配 reviewer，任何贡献者都可以在评论中回复`/assign [@_github_handle]`
+来请求某个reviewer来检视。
+如果reviewer觉得没有问题且不需要进一步更改时，reviewer 会在评论中回复 `/lgtm` 。
+
+<!--
+If the assigned reviewer has not yet reviewed the content, another reviewer can
+step in. In addition, you can assign technical reviewers and wait for them to
+provide `/lgtm`.
+-->
+如果自动分配的 reviewer 未能及时检视，其他的 reviewer 也会参与。
+此外，你可以指定某个 reviewer 或者等他们回复 `/lgtm`。
+
+<!--
+For a trivial change or one that needs no technical review, the SIG Docs
+[approver](#approvers) can provide the `/lgtm` as well.
+-->
+对于不重要的更改或者非技术性的检视，SIG Docs 的 [approver](#approvers) 也可以提供 `/lgtm` 标签。
+
+<!--
+A `/approve` comment from a reviewer is ignored by automation.
+-->
+如果一个reviewer在评论中回复 `/approve` 会被自动忽略。
+
+<!--
+For more about how to become a SIG Docs reviewer and the responsibilities and
+time commitment involved, see
+[Becoming a reviewer or approver](#becoming-an-approver-or-reviewer).
+-->
+关于如何成为 SIG Docs reviewer 以及其责任、时间承诺等更多内容，请参照
+[Becoming a reviewer or approver](#becoming-an-approver-or-reviewer)。
+
+<!--
+#### Becoming a reviewer
+-->
+#### 成为 reviewer
+
+<!--
+When you meet the
+[requirements](https://github.com/kubernetes/community/blob/master/community-membership.md#reviewer),
+you can become a SIG Docs reviewer. Reviewers in other SIGs must apply
+separately for reviewer status in SIG Docs.
+-->
+当你满足[需求](https://github.com/kubernetes/community/blob/master/community-membership.md#reviewer)时，
+你就可以成为 SIG Docs 的 reviewer。
+其他SIG的 reviewer 也需要单独向 SIG Docs 申请。
+
+<!--
+To apply, open a pull request to add yourself to the `reviewers` section of the
+[top-level OWNERS file](https://github.com/kubernetes/website/blob/master/OWNERS)
+in the `kubernetes/website` repository. Assign the PR to one or more current SIG
+Docs approvers.
+-->
+通过提交一个PR并把自己加到位于 `kubernetes/website` 仓库顶层的 [top-level OWNERS file](https://github.com/kubernetes/website/blob/master/OWNERS) 文件中
+的 `reviewers` 部分，指定一个或多个当前 SIG Docs 的 approver。
+
+<!--
+If your pull request is approved, you are now a SIG Docs reviewer.
+[K8s-ci-robot](https://github.com/kubernetes/test-infra/tree/master/prow#bots-home)
+will assign and suggest you as a reviewer on new pull requests.
+-->
+如果你的PR被批准，你就成为了 SIG Docs reviewer 了。
+[K8s-ci-robot](https://github.com/kubernetes/test-infra/tree/master/prow#bots-home) 会在接下来的
+PR 中请求你检视。
+
+<!--
+If you are approved, request that a current SIG Docs approver add you to the
+[@kubernetes/sig-docs-pr-reviews](https://github.com/orgs/kubernetes/teams/sig-docs-pr-reviews)
+GitHub group. Only members of the `kubernetes-website-admins` GitHub group can
+add new members to a GitHub group.
+-->
+如果构的PR被批准，你就会加入[@kubernetes/sig-docs-pr-reviews](https://github.com/orgs/kubernetes/teams/sig-docs-pr-reviews)组。
+只有`kubernetes-website-admins`组的成员才可以加入新成员。
+
+### Approvers
+
+<!--
+Approvers are members of the
+[@kubernetes/sig-docs-maintainers](https://github.com/orgs/kubernetes/teams/sig-docs-maintainers)
+GitHub group. See [Teams and groups within SIG Docs](#teams-and-groups-within-sig-docs).
+-->
+approver 是GitHub [@kubernetes/sig-docs-maintainers](https://github.com/orgs/kubernetes/teams/sig-docs-maintainers) 组织成员。
+参考 [Teams and groups within SIG Docs](#teams-and-groups-within-sig-docs)。
+
+<!--
+Approvers have the ability to merge a PR, and thus, to publish content on the
+Kubernetes website. To approve a PR, an approver leaves an `/approve` comment on
+the PR. If someone who is not an approver leaves the approval comment,
+automation ignores it.
+-->
+approver 有权限合入PR，这意味着他们可以发布内容到 Kubernetes 网站。
+如果一个 approver 留下 `/approve` 评论，则代表他批准了PR。
+如果非 approver 成员尝试批准，则会被自动忽略。
+
+<!--
+If the PR already has a `/lgtm`, or if the approver also comments with `/lgtm`,
+the PR merges automatically. A SIG Docs approver should only leave a `/lgtm` on
+a change that doesn't need additional technical review.
+-->
+如果某个PR已有 `/lgtm` 标签，approver 再回复一个 `/lgtm` ，则这个PR会自动合入。
+SIG Docs approver 应该只在不需要额外的技术检视的情况下才可以标记 `/lgtm`。
+
+<!--
+For more about how to become a SIG Docs approver and the responsibilities and
+time commitment involved, see
+[Becoming a reviewer or approver](#becoming-an-approver-or-reviewer).
+-->
+关于如何成为 SIG Docs 的 approver 及其责任和时间承诺等信息，请参考[Becoming a reviewer or approver](#becoming-an-approver-or-reviewer)。
+
+<!-- 
+#### Becoming an approver
+-->
+#### 成为approver
+
+<!--
+When you meet the
+[requirements](https://github.com/kubernetes/community/blob/master/community-membership.md#approver),
+you can become a SIG Docs approver. Approvers in other SIGs must apply
+separately for approver status in SIG Docs.
+-->
+当满足[要求](https://github.com/kubernetes/community/blob/master/community-membership.md#approver)
+时，你可以成为 SIG Docs 的 approver。
+其他的SIG 的 approver 要想成为SIG Docs 的 approver 需要单独申请。
+
+<!--
+To apply, open a pull request to add yourself to the `approvers` section of the
+[top-level OWNERS file](https://github.com/kubernetes/website/blob/master/OWNERS)
+in the `kubernetes/website` repository. Assign the PR to one or more current SIG
+Docs approvers.
+-->
+通过提交一个PR并把自己加到位于 `kubernetes/website` 仓库顶层的 [top-level OWNERS file](https://github.com/kubernetes/website/blob/master/OWNERS) 文件中
+的 `approvers` 部分，指定一个或多个当前 SIG Docs 的 approver。
+
+<!--
+If your pull request is approved, you are now a SIG Docs approver.
+[K8s-ci-robot](https://github.com/kubernetes/test-infra/tree/master/prow#bots-home)
+will assign and suggest you as a reviewer on new pull requests.
+-->
+一旦你的PR被批准，你就是一个 SIG Docs 的 approver 了。
+
+<!--
+If you are approved, request that a current SIG Docs approver add you to the
+[@kubernetes/sig-docs-maintainers](https://github.com/orgs/kubernetes/teams/sig-docs-maintainers)
+GitHub group. Only members of the `kubernetes-website-admins` GitHub group can
+add new members to a GitHub group.
+-->
+如果构的PR被批准，你就会加入[@kubernetes/sig-docs-maintainers](https://github.com/orgs/kubernetes/teams/sig-docs-maintainers)组。
+只有`kubernetes-website-admins`组的成员才可以加入新成员。
+
+#### 成为网站管理员
+
+<!--
+Members of the `kubernetes-website-admins` GitHub group can manage GitHub group
+membership and have full administrative rights to the settings of the repository,
+including the ability to add, remove, and troubleshoot webhooks. Not all SIG
+Docs approvers need this level of access.
+-->
+GitHub`kubernetes-website-admins`组织成员管理者各组的成员，并且拥有设置仓库的权限，
+包括增加、删除和定位用的插件等。并不是所有的SIG Docs 的 approver 拥有此级别的权限。
+
+<!--
+If you think you need this level of access, talk to an existing website admin or
+ask in the #sig-docs channel on [Kubernetes Slack](https://kubernetes.slack.com).
+-->
+如果你觉得需要这个权限，可以与当前的网站管理员沟通，或者在[Kubernetes Slack](https://kubernetes.slack.com)中询问。
+
+<!--
+#### PR Wrangler
+-->
+#### PR 协调者
+
+<!--
+SIG Docs approvers are added to the
+[PR Wrangler rotation scheduler](https://github.com/kubernetes/website/wiki/PR-Wranglers)
+for weekly rotations. All SIG Docs approvers are expected to take part in this
+rotation. See
+[Be the PR Wrangler for a week](/docs/contribute/advanced#be-the-pr-wrangler-for-a-week)
+for more details.
+-->
+每个 SIG Docs approver 都会被加入到 [PR Wrangler rotation scheduler](https://github.com/kubernetes/website/wiki/PR-Wranglers)。
+所有 SIG Docs approver 都会参与轮值。
+更多信息，请参考 [做一周的PR协调者](/docs/contribute/advanced#be-the-pr-wrangler-for-a-week)。
+
+<!--
+#### SIG Docs chairperson
+-->
+#### SIG Docs 主席
+
+<!--
+Each SIG, including SIG Docs, selects one or more SIG members to act as
+chairpersons. These are points of contact between SIG Docs and other parts of
+the Kubernetes organization. They require extensive knowledge of the structure
+of the Kubernetes project as a whole and how SIG Docs works within it. See
+[Leadership](https://github.com/kubernetes/community/tree/master/sig-docs#leadership)
+for the current list of chairpersons.
+-->
+每个SIG，包括 SIG Docs，都会选出1位或多位成员作为主席。
+主席会成为 SIG Docs 和其他Kubernetes 组织的联络接口人。
+他们需要了解整个Kubernetes项目，并明白 SIG Docs如何运作。
+如需查询当前的主席，请查阅[Leadership](https://github.com/kubernetes/community/tree/master/sig-docs#leadership)。
+
+<!--
+## SIG Docs teams and automation
+-->
+## SIG Docs 团队和自动化
+
+<!--
+Automation in SIG Docs relies on two different mechanisms for automation:
+GitHub groups and OWNERS files.
+-->
+SIG文档中的自动化依赖于两种不同的自动化机制:
+GitHub组和OWNERS文件。
+
+### GitHub groups
+
+<!--
+The SIG Docs group defines two teams on GitHub:
+-->
+SIG Docs 组定义了两个GitHub组：
+
+ - [@kubernetes/sig-docs-maintainers](https://github.com/orgs/kubernetes/teams/sig-docs-maintainers)
+ - [@kubernetes/sig-docs-pr-reviews](https://github.com/orgs/kubernetes/teams/sig-docs-pr-reviews)
+
+<!--
+Each can be referenced with their `@name` in GitHub comments to communicate with
+everyone in that group.
+-->
+可以在GitHub的评论中`@name`他们来与他们沟通。
+
+<!--
+These teams overlap, but do not exactly match, the groups used by the automation
+tooling. For assignment of issues, pull requests, and to support PR approvals,
+the automation uses information from OWNERS files.
+-->
+这些团队与自动化工具使用的组有所重叠，但并不完全匹配。
+对于分配issue、拉请求和批准PR，自动化使用来自OWNERS文件的信息。
+
+<!--
+### OWNERS files and front-matter
+-->
+### OWNERS 文件和扉页
+
+<!--
+The Kubernetes project uses an automation tool called prow for automation
+related to GitHub issues and pull requests. The
+[Kubernetes website repository](https://github.com/kubernetes/website) uses
+two [prow plugins](https://github.com/kubernetes/test-infra/blob/master/prow/plugins.yaml#L210):
+-->
+Kubernetes项目使用名为 prow 的自动化工具来处理 GitHub issue 和 PR。
+[Kubernetes website repository](https://github.com/kubernetes/website) 使用了两个
+[prow 插件](https://github.com/kubernetes/test-infra/blob/master/prow/plugins.yaml#L210)：
+
+- blunderbuss
+- approve
+
+<!--
+These two plugins use the
+[OWNERS](https://github.com/kubernetes/website/blob/master/OWNERS) and
+[OWNERS_ALIASES](https://github.com/kubernetes/website/blob/master/OWNERS_ALIASES)
+files in the top level of the `kubernetes/website` GitHub repository to control
+how prow works within the repository.
+-->
+这两个插件使用位于 `kubernetes/website` 仓库顶层的
+[OWNERS](https://github.com/kubernetes/website/blob/master/OWNERS) 和
+[OWNERS_ALIASES](https://github.com/kubernetes/website/blob/master/OWNERS_ALIASES)
+来控制工作流程。 
+
+<!--
+An OWNERS file contains a list of people who are SIG Docs reviewers and
+approvers. OWNERS files can also exist in subdirectories, and can override who
+can act as a reviewer or approver of files in that subdirectory and its
+descendents. For more information about OWNERS files in general, see
+[OWNERS](https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md).
+-->
+OWNERS 文件包含 SIG Docs reviewer 和 approver的列表。 
+OWNERS 文件也可以存在于子目录中中，可以重写 reviewer 和 approver，并且它自动继乘上级。
+关于OWNERS的更多信息，请参考[OWNERS](https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md)。
+
+<!--
+In addition, an individual Markdown file can list reviewers and approvers in its
+front-matter, either by listing individual GitHub usernames or GitHub groups.
+-->
+此外，一个单独的 Markdown 格式的文件将会列出 reviewer 和 approver（扉页），或者列出
+其GitHub 用户名 或者列出其组名。
+
+<!--
+The combination of OWNERS files and front-matter in Markdown files determines
+the advice PR owners get from automated systems about who to ask for technical
+and editorial review of their PR.
+-->
+结合 OWNERS 文件及扉页可以给PR作者提供向谁请求检视的建议。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+For more information about contributing to the Kubernetes documentation, see:
+-->
+关于贡献Kubernetes 的更多文档，请参考：
+
+- [Start contributing](/docs/contribute/start/)
+- [Documentation style](/docs/contribute/style/)
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/contribute/start.md b/content/zh/docs/contribute/start.md
new file mode 100644
index 0000000000000..a2ca496cee94b
--- /dev/null
+++ b/content/zh/docs/contribute/start.md
@@ -0,0 +1,684 @@
+---
+title: 开始贡献
+slug: start
+content_template: templates/concept
+weight: 10
+card:
+  name: contribute
+  weight: 10
+---
+
+<!--
+---
+title: start contributing
+slug: start
+content_template: templates/concept
+weight: 10
+card:
+  name: contribute
+  weight: 10
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+If you want to get started contributing to the Kubernetes documentation, this
+page and its linked topics can help you get started. You don't need to be a
+developer or a technical writer to make a big impact on the Kubernetes
+documentation and user experience! All you need for the topics on this page is
+a [Github account](https://github.com/join) and a web browser.
+ -->
+如果您想要为 Kubernetes 文档做贡献，本页面的内容和链接的主题能够给您帮助。您不必是一位开发者或者技术作者，也同样可以为 Kubernetes 文档及其用户体验带来巨大的影响！您只需要有一个 [Github 账号](https://github.com/join) 和一个浏览器。
+
+<!--
+If you're looking for information on how to start contributing to Kubernetes
+code repositories, refer to
+[the Kubernetes community guidelines](https://github.com/kubernetes/community/blob/master/governance.md).
+ -->
+如果您在寻找有关如何开始向 Kubernetes 仓库贡献代码的信息，请参考 [Kubernetes 社区指南](https://github.com/kubernetes/community/blob/master/governance.md)。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## The basics about our docs
+ -->
+## 关于我们文档的基础知识
+
+<!--
+The Kubernetes documentation is written in Markdown and processed and deployed using Hugo. The source is in Github at [https://github.com/kubernetes/website](https://github.com/kubernetes/website). Most of the documentation source is stored in `/content/en/docs/`. Some of the reference documentation is automatically generated from scripts in the `update-imported-docs/` directory.
+ -->
+Kubernetes 文档是以 Markdown 形式编写的，使用 Hugo 进行部署。源码位于 Github 的 [https://github.com/kubernetes/website](https://github.com/kubernetes/website)。
+大部分文档源码位于 `/content/en/docs/`。有些参考文档是由 `update-imported-docs/` 目录内的脚本自动生产的。
+
+<!--
+You can file issues, edit content, and review changes from others, all from the
+Github website. You can also use Github's embedded history and search tools.
+ -->
+您可以查找 issue、编辑内容或者对其他人的提交内容进行复审，这些都可以在 Github 网站上完成。您也可以使用 Github 内置的历史功能和查询工具。
+
+<!--
+Not all tasks can be done in the Github UI, but these are discussed in the
+[intermediate](/docs/contribute/intermediate/) and
+[advanced](/docs/contribute/advanced/) docs contribution guides.
+ -->
+并非所有的任务都可以通过 Github UI 完成，这些任务会在[中级](/docs/contribute/intermediate/)和[高级](/docs/contribute/advanced/)文档贡献指南中讨论。
+
+<!--
+### Participating in SIG Docs
+ -->
+### 参与文档特别兴趣小组（SIG Docs）
+
+<!--
+The Kubernetes documentation is maintained by a Special Interest Group (SIG)
+called SIG Docs. We communicate using a Slack channel, a mailing list, and
+weekly video meetings. New participants are welcome. For more information, see
+[Participating in SIG Docs](/docs/contribute/participating/).
+ -->
+Kubernetes 文档是由特别兴趣小组（SIG）维护的，该小组名为 SIG Docs。我们通过 Slack 频道、邮件列表和网络视频周会进行交流。
+欢迎新的参与者加入。更多信息，请参考[参与 SIG Docs](/docs/contribute/participating/)。
+
+<!--
+### Style guidelines
+ -->
+### 风格指南
+
+<!--
+We maintain a [style guide](/docs/contribute/style/style-guide/) with information
+about choices the SIG Docs community has made about grammar, syntax, source
+formatting, and typographic conventions. Look over the style guide before you
+make your first contribution, and use it when you have questions.
+ -->
+我们维护了一个[风格指南](/docs/contribute/style/style-guide/)页面，上面有关于 SIG Docs 社区对于语法、句法、源格式和排版的约定。
+在您做首次贡献前或者在有疑问的时候请先查阅风格指南。
+
+<!--
+Changes to the style guide are made by SIG Docs as a group. To propose a change
+or addition, [add it to the agenda](https://docs.google.com/document/d/1Ds87eRiNZeXwRBEbFr6Z7ukjbTow5RQcNZLaSvWWQsE/edit#) for an upcoming SIG Docs meeting, and attend the meeting to participate in the
+discussion. See the [advanced contribution](/docs/contribute/advanced/) topic for more
+information.
+ -->
+风格的变化是由 SIG Docs 组共同决定的。如您想提交变更或增加内容，请将内容[添加到议题](https://docs.google.com/document/d/1Ds87eRiNZeXwRBEbFr6Z7ukjbTow5RQcNZLaSvWWQsE/edit#)并参与会议讨论。
+更多信息，参见[进阶贡献](/docs/contribute/advanced/)主题。
+
+<!--
+### Page templates
+ -->
+### 页面模板
+
+<!--
+We use page templates to control the presentation of our documentation pages.
+Be sure to understand how these templates work by reviewing
+[Using page templates](/docs/contribute/style/page-templates/).
+ -->
+我们使用页面模板来控制文档页面。需要确保您理解这些模版是如何工作的，请阅读[使用页面模板](/docs/contribute/style/page-templates/)。
+
+<!--
+### Hugo shortcodes
+ -->
+### Hugo 短代码
+
+<!--
+The Kubernetes documentation is transformed from Markdown to HTML using Hugo.
+We make use of the standard Hugo shortcodes, as well as a few that are custom to
+the Kubernetes documentation. See [Custom Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/) for
+information about how to use them.
+ -->
+Kubernetes 文档使用 Hugo 将 Markdown 转换成 HTML。我们使用标准的 Hugo 短代码，同时也会有部分为 Kubernetes 定制化的代码。
+有关如何使用短代码的信息，请参见[自定义 Hugo 短代码](/docs/contribute/style/hugo-shortcodes/)。
+
+<!--
+### Multiple languages
+ -->
+### 多语言
+
+<!--
+Documentation source is available in multiple languages in `/content/`. Each language has its own folder with a two-letter code determined by the [ISO 639-1 standard](https://www.loc.gov/standards/iso639-2/php/code_list.php). For example, English documentation source is stored in `/content/en/docs/`.
+ -->
+在 `/content/` 目录中有文档源码的多语言版本。每个语言拥有其自己的目录，采用 [ISO 639-1 标准](https://www.loc.gov/standards/iso639-2/php/code_list.php) 的两位编码命名。例如，英文文档源码位于 `/content/en/docs/` 目录。
+
+<!--
+For more information about contributing to documentation in multiple languages, see ["Localize content"](/docs/contribute/intermediate#localize-content) in the intermediate contributing guide.
+ -->
+更多关于对多语言文档做贡献的信息，请参考中级贡献指南中的["本地化内容"](/docs/contribute/intermediate#localize-content)。
+
+<!--
+If you're interested in starting a new localization, see ["Localization"](/docs/contribute/localization/).
+ -->
+如果您有兴趣开始一个新的本地化语言项目，请参考["本地化"](/docs/contribute/localization/)。
+
+<!--
+## File actionable issues
+ -->
+## 登记文档可操作问题
+
+<!--
+Anyone with a Github account can file an issue (bug report) against the
+Kubernetes documentation. If you see something wrong, even if you have no idea
+how to fix it, [file an issue](#how-to-file-an-issue). The exception to this
+rule is a tiny bug like a typo that you intend to fix yourself. In that case,
+you can instead [fix it](#improve-existing-content) without filing a bug first.
+ -->
+任何拥有 Github 账号的人都能对于 Kubernetes 文档登记一个问题（或者 bug 报告）。
+如果看到有东西坏了，即便您不知道如何修复它，请[登记一个问题](#how-to-file-an-issue)。
+除了您发现微小的错误的情况，例如发现了一个拼写错误，您想自己进行修复。在这种情况下，
+您可以[修复它](#improve-existing-content)，而不用先登记一个 bug。
+
+<!--
+### How to file an issue
+ -->
+### 如何记录问题
+
+<!--
+- **On an existing page**
+ -->
+- **对于已有页面**
+
+<!--
+    If you see a problem in an existing page in the [Kubernetes docs](/docs/),
+    go to the bottom of the page and click the **Create an Issue** button. If
+    you are not currently logged in to Github, log in. A Github issue form
+    appears with some pre-populated content.
+ -->
+    如果您在已有的 [Kubernetes 文档](/docs/)页面，在页面底部直接点击 **创建问题** 按钮。
+    如果您当前未登录 Github，那么请登录。Github 文档表单会带着预填的信息出现。
+
+<!--
+    Using Markdown, fill in as many details as you can. In places where you see
+    empty square brackets (`[ ]`), put an `x` between the set of brackets that
+    represents the appropriate choice. If you have a proposed solution to fix
+    the issue, add it.
+ -->
+    使用 Markdown 格式，填写尽可能多的详细信息。在方括号 (`[ ]`) 中，使用 `x` 代码选择了该选项。
+    如果您提交了修复问题的方法，也填在里面。
+
+<!--
+- **Request a new page**
+ -->
+- **请求创建一个新页面**
+
+<!--
+    If you think content should exist, but you aren't sure where it should go or
+    you don't think it fits within the pages that currently exist, you can
+    still file an issue. You can either choose an existing page near where you think the
+    new content should go and file the issue from that page, or go straight to
+    [https://github.com/kubernetes/website/issues/new/](https://github.com/kubernetes/website/issues/new/)
+    and file the issue from there.
+ -->
+    如果认为有些内容应该存在，但您不知道应该将这些内容存放在哪里，或者任何不适合放在现有页面中，
+    那么也可以记录一个问题。您可以选择通过内容相近的页面创建问题，或者直接
+    在 [https://github.com/kubernetes/website/issues/new/](https://github.com/kubernetes/website/issues/new/)
+    中记录问题。
+
+<!--
+### How to file great issues
+ -->
+### 如何记录好的问题
+
+<!--
+To ensure that we understand your issue and can act on it, keep these guidelines
+in mind:
+ -->
+要确保我们能理解您的问题，并能付诸行动，请谨记如下指南：
+
+<!--
+- Use the issue template, and fill out as many details as you can.
+- Clearly explain the specific impact the issue has on users.
+- Limit the scope of a given issue to a reasonable unit of work. For problems
+  with a large scope, break them down into smaller issues.
+ -->
+- 使用问题模板，尽可能填写详细的信息。
+- 清楚地描述该问题对用户造成的具体影响。
+- 限制问题的范围，以提交给合理的工作组。如果问题范围很大，将其拆分成若干个小问题。
+
+<!--
+    For instance, "Fix the security docs" is not an actionable issue, but "Add
+    details to the 'Restricting network access' topic" might be.
+- If the issue relates to another issue or pull request, you can refer to it
+  either by its full URL or by the issue or pull request number prefixed
+  with a `#` character. For instance, `Introduced by #987654`.
+- Be respectful and avoid venting. For instance, "The docs about X suck" is not
+  helpful or actionable feedback. The
+  [Code of Conduct](/community/code-of-conduct/) also applies to interactions on
+  Kubernetes Github repositories.
+ -->
+    例如，“修复安全文档”就是一个不可执行的问题，但 “为'限制网络访问'主题添加详细信息”就是可执行的。
+- 如果问题与另一个问题或者拉取请求（PR）有关，您可以通过问题的完整 URL 或者 PR 的序号（以 `#` 为前缀）进行关联。例如 `源于 #987654`。
+- 保持尊重，避免发泄。例如，"这问题就是个垃圾"就是无用且不可执行的反馈。[行为准测](/community/code-of-conduct/) 也适用于 Kubernetes Github 仓库的交流。
+
+<!--
+## Participate in SIG Docs discussions
+ -->
+## 参与 SIG Docs 讨论
+
+<!--
+The SIG Docs team communicates using the following mechanisms:
+ -->
+SIG Docs 团队的交流采用如下机制：
+
+<!--
+- [Join the Kubernetes Slack instance](http://slack.k8s.io/), then join the
+  `#sig-docs` channel, where we discuss docs issues in real-time. Be sure to
+  introduce yourself!
+- [Join the `kubernetes-sig-docs` mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs),
+  where broader discussions take place and official decisions are recorded.
+- Participate in the [weekly SIG Docs](https://github.com/kubernetes/community/tree/master/sig-docs) video meeting, which is announced on the Slack channel and the mailing list. Currently, these meetings take place on Zoom, so you'll need to download the [Zoom client](https://zoom.us/download) or dial in using a phone.
+ -->
+- [加入 Kubernetes 的 Slack 工作组](http://slack.k8s.io/)，然后加入 `#sig-docs` 频道，在那里我会实时讨论文档的问题。一定要做自我介绍！
+- [加入 `kubernetes-sig-docs` 邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)，在这里会有广泛的讨论以及官方决策的记录。
+- 参与 [SIG Docs 视频周例会](https://github.com/kubernetes/community/tree/master/sig-docs)，会通过 Slack 频道和邮件列表通知。
+  目前通过 Zoom 进行会议，所以您需要下载 [Zoom 客户端](https://zoom.us/download)，或者通过手机拨入。
+
+<!--
+{{< note >}}
+You can also check the SIG Docs weekly meeting on the [Kubernetes community meetings calendar](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles).
+{{< /note >}}
+ -->
+{{< note >}}
+您也可以查看 [Kubernetes 社区会议日历](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles)。
+{{< /note >}}
+
+<!--
+## Improve existing content
+ -->
+## 改进现有内容
+
+<!--
+To improve existing content, you file a _pull request (PR)_ after creating a
+_fork_. Those two terms are [specific to Github](https://help.github.com/categories/collaborating-with-issues-and-pull-requests/).
+For the purposes of this topic, you don't need to know everything about them,
+because you can do everything using your web browser. When you continue to the
+[intermediate docs contributor guide](/docs/contribute/intermediate/), you will
+need more background in Git terminology.
+ -->
+要改进现有的内容，您可以在创建 _fork_ 之后起草一个 _拉取请求（PR）_ 。
+这两个术语是 [Github 专用的](https://help.github.com/categories/collaborating-with-issues-and-pull-requests/)。
+出于本主题的目的，您无需了解有关它们的所有信息，因为您可以通过浏览器做所有的事情。
+当您继续阅读[贡献者中级指南](/docs/contribute/intermediate/)，您会需要更多 Git 术语的背景知识。
+
+<!--
+{{< note >}}
+**Kubernetes code developers**: If you are documenting a new feature for an
+upcoming Kubernetes release, your process is a bit different. See
+[Document a feature](/docs/contribute/intermediate/#sig-members-documenting-new-features) for
+process guidelines and information about deadlines.
+{{< /note >}}
+ -->
+{{< note >}}
+**Kubernetes 代码开发者**: 如果您在撰写 Kubernetes 新版本的新功能文档，流程会稍有不同。
+关于流程指南和最后期限的信息，请参阅[编写功能文档](/docs/contribute/intermediate/#sig-members-documenting-new-features)。
+{{< /note >}}
+
+<!--
+### Sign the CLA
+ -->
+## 签署 CLA
+
+<!--
+Before you can contribute code or documentation to Kubernetes, you **must** read
+the [Contributor guide](https://github.com/kubernetes/community/blob/master/contributors/guide/README.md) and
+[sign the Contributor License Agreement (CLA)](https://github.com/kubernetes/community/blob/master/CLA.md).
+Don't worry -- this doesn't take long!
+ -->
+在贡献 Kubernetes 的代码或文档前，您 **必须** 阅读[贡献者指南](https://github.com/kubernetes/community/blob/master/contributors/guide/README.md)，
+并[签署贡献者许可协议（CLA）](https://github.com/kubernetes/community/blob/master/CLA.md)。
+别担心 -- 不需要太多时间！
+
+<!--
+### Find something to work on
+ -->
+### 找些活干
+
+<!--
+If you see something you want to fix right away, just follow the instructions
+below. You don't need to [file an issue](#file-actionable-issues) (although you
+certainly can).
+ -->
+如果您发现了一些想要马上修复的东西，只需要遵循如下指南。您不需要[记录一个问题](#file-actionable-issues)（尽管你当然可以这么做）。
+
+<!--
+If you want to start by finding an existing issue to work on, go to
+[https://github.com/kubernetes/website/issues](https://github.com/kubernetes/website/issues)
+and look for issues with the label `good first issue` (you can use
+[this](https://github.com/kubernetes/website/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) shortcut). Read through the comments and make sure there is not an open pull
+request against the issue and that nobody has left a comment saying they are
+working on the issue recently (3 days is a good rule). Leave a comment saying
+that you would like to work on the issue.
+ -->
+如果您想从处理现有的问题开始，前往 [https://github.com/kubernetes/website/issues](https://github.com/kubernetes/website/issues)
+找一些有 `good first issue` 标签的问题（您可以使用[这个](https://github.com/kubernetes/website/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) 捷径)。
+阅读评论，确保针对此问题没有打开的 PR，并且没有人留言说他们最近正在解决这个问题（3天是个很好的规则）。留言说您会去解决这个问题。
+
+<!--
+### Choose which Git branch to use
+ -->
+## 选择使用的 Git 分支
+
+<!--
+The most important aspect of submitting pull requests is choosing which branch
+to base your work on. Use these guidelines to make the decision:
+ -->
+提交 PR 最重要的方面就是选择您工作所基于的基础分支。使用如下指南来做决定：
+
+<!--
+- Use `master` for fixing problems in content that is already published, or
+  making improvements to content that already exists.
+  - Use a release branch (such as `dev-{{< release-branch >}}` for the {{< release-branch >}} release) to document upcoming features
+  or changes for an upcoming release that is not yet published.
+- Use a feature branch that has been agreed upon by SIG Docs to collaborate on
+  big improvements or changes to the existing documentation, including content
+  reorganization or changes to the look and feel of the website.
+ -->
+- 用 `master` 来解决以及发布的内容中的问题，或者对于已经存在的内容进行改进。
+- 使用 release 分支（比如 `dev-{{< release-branch >}}` 用于 {{< release-branch >}} 发布）来撰写新的特性或者下个版本还未发布的变更说明。
+- 使用 SIG Docs 已经同意的 feature 分支来协作对现有文档进行重大改进或更改，包括内容重组或网站外观的更改。
+
+<!--
+If you're still not sure which branch to choose, ask in `#sig-docs` on Slack or
+attend a weekly SIG Docs meeting to get clarity.
+ -->
+如果您还不确定应该使用哪个分支，在 Slack 上询问 `#sig-docs` 或者参与 SIG Docs 周会来确认。
+
+<!--
+### Submit a pull request
+ -->
+### 提交 PR
+
+<!--
+Follow these steps to submit a pull request to improve the Kubernetes
+documentation.
+ -->
+按照如下步骤进行 PR 提交以改善 Kubernetes 文档。
+
+<!--
+1.  On the page where you see the issue, click the pencil icon at the top left.
+    A new page appears, with some help text.
+2.  Click the first blue button, which has the text **Edit &lt;page name&gt;**.
+
+    If you have never created a fork of the Kubernetes documentation
+    repository, you are prompted to do so. Create the fork under your Github
+    username, rather than another organization you may be a member of. The
+    fork usually has a URL such as `https://github.com/<username>/website`,
+    unless you already have a repository with a conflicting name.
+
+    The reason you are prompted to create a fork is that you do not have
+    access to push a branch directly to the definitive Kubernetes repository.
+
+3.  The Github Markdown editor appears with the source Markdown file loaded.
+    Make your changes. Below the editor, fill in the **Propose file change**
+    form. The first field is the summary of your commit message and should be
+    no more than 50 characters long. The second field is optional, but can
+    include more detail if appropriate.
+ -->
+1.  在您发现问题的页面上，点击右上角的铅笔图标。新的页面就会出现，上面会有一些帮助信息。
+2.  如果您从未创建过 Kubernetes 文档仓库的 fork，会提示您需要创建。请在您的 Github 账号
+    下创建 fork，而不是在您所在的组织下创建。fork URL 通常是这样的 `https://github.com/<username>/website`，
+    出发您已经有一个同名的仓库，那样会造成冲突。
+
+3.  Github Markdown 编辑器会载入着文档源码一起出现。根据实际情况撰写变化内容。在编辑器下方，
+    填写 **Propose file change（建议修改文件）** 表格。第一个区域需要填写提交说明消息，
+    不能超过 50 个字符。第二个区域是可选的，也能够填写更多详细信息。
+
+<!--
+    {{< note >}}
+Do not include references to other Github issues or pull
+requests in your commit message. You can add those to the pull request
+description later.
+{{< /note >}}
+ -->
+    {{< note >}}
+不要把 Github 问题或者 PR 的关联信息放在您的提交说明消息中。您可以之后把这些内容添加到 PR 的描述中。
+{{< /note >}}
+
+<!--
+    Click **Propose file change**. The change is saved as a commit in a
+    new branch in your fork, which is automatically named something like
+    `patch-1`.
+ -->
+    点击 **建议修改文件（Propose file change）** 按钮。
+    变更会保存为您 fork 新分支（通常会自动命名为 `patch-1`）中的一个提交内容。
+
+<!--
+4.  The next screen summarizes the changes you made, by comparing your new
+    branch (the **head fork** and **compare** selection boxes) to the current
+    state of the **base fork** and **base** branch (`master` on the
+    `kubernetes/website` repository by default). You can change any of the
+    selection boxes, but don't do that now. Have a look at the difference
+    viewer on the bottom of the screen, and if everything looks right, click
+    **Create pull request**.
+ -->
+4.  接下来屏幕会总结您的变更，将您的新分支（**head fork** 和 **compare** 选择框）
+    与 **base fork** 和 **base** 分支(默认是 `kubernetes/website` 的 `master` 分支)
+    进行比较。您可以更改选择框，但现在请不要这么做。看一下屏幕底部显示的变化内容，
+    如果看起来没问题，点击 **创建 PR（Create pull request）** 按钮。
+
+<!--
+    {{< note >}}
+If you don't want to create the pull request now, you can do it
+later, by browsing to the main URL of the Kubernetes website repository or
+your fork's repository. The Github website will prompt you to create the
+pull request if it detects that you pushed a new branch to your fork.
+{{< /note >}}
+ -->
+    {{< note >}}
+如果您现在还不想创建 PR，也可以稍后再做，通过浏览 Kubernetes 网站代码仓库或者您 fork 仓库的网站主页 URL。
+Github 网站会检查到您推送了一个新分支到 fork，并提示创建 PR。
+{{< /note >}}
+
+<!--
+5.  The **Open a pull request** screen appears. The subject of the pull request
+    is the same as the commit summary, but you can change it if needed. The
+    body is populated by your extended commit message (if present) and some
+    template text. Read the template text and fill out the details it asks for,
+    then delete the extra template text. Leave the
+    **Allow edits from maintainers** checkbox selected. Click
+    **Create pull request**.
+ -->
+5.  **Open a pull request（打开一个 PR）** 屏幕出现了。PR 的主题和提交说明的内容一致，
+    如有需要您也可以修改。主体内容会自动填充您的扩展提交消息（如果存在）和一些模板文本。
+    阅读模板文本并填写要求的详细信息，然后删除额外的模板文本。
+    保留选中 **Allow edits from maintainers（允许维护者编辑）** 复选框。
+    单击 **Create pull request（创建拉取请求）** 按钮。
+
+<!--
+    Congratulations! Your pull request is available in
+    [Pull requests](https://github.com/kubernetes/website/pulls).
+ -->
+    祝贺您！您的 PR 就出现在了[拉取请求](https://github.com/kubernetes/website/pulls) 中。
+
+<!--
+    After a few minutes, you can preview the website with your PR's changes
+    applied. Go to the **Conversation** tab of your PR and click the **Details**
+    link for the `deploy/netlify` test, near the bottom of the page. It opens in
+    the same browser window by default.
+ -->
+    几分钟后，您可以预览 PR 所带来的变化。前往您 PR 的 **Conversation（对话）** 标签页，
+    点击 `deploy/netlify` 测试的 **Details（详细信息）** 链接，它在页面底部附件。
+    默认会在同一个浏览器窗口中打开。
+
+<!--
+6.  Wait for review. Generally, reviewers are suggested by the `k8s-ci-robot`.
+    If a reviewer asks you to make changes, you can go to the **Files changed**
+    tab and click the pencil icon on any files that have been changed by the
+    pull request. When you save the changed file, a new commit is created in
+    the branch being monitored by the pull request.
+ -->
+6.  等待复审。通常，复审人员会由 `k8s-ci-robot` 建议指定。如果复审人员建议您修改，您可以
+    前往 **Files changed（改变的文件内容）** 标签页，点击任意 PR 中改变的文件页面上的铅笔图标。
+    保存更改的文件时，将在 PR 监视的分支中创建新的提交。
+
+<!--
+7.  If your change is accepted, a reviewer merges your pull request, and the
+    change is live on the Kubernetes website a few minutes later.
+ -->
+7.  如果修改被接受，复审人员会合并您的 PR，修改就会在几分钟后在 Kubernetes 网站上生效。
+
+<!--
+This is only one way to submit a pull request. If you are already a Git and
+Github advanced user, you can use a local GUI or command-line Git client
+instead of using the Github UI. Some basics about using the command-line Git
+client are discussed in the [intermediate](/docs/contribute/intermediate/) docs
+contribution guide.
+ -->
+这是提交 PR 的唯一方式。如果您已经是一名 Git 和 Github 的高级用户，您也可以使用本地 GUI 或者
+Git 命令行。关于使用 Git 客户端的基础会在[中级](/docs/contribute/intermediate/) 贡献者指南中讨论。
+
+<!--
+## Review docs pull requests
+ -->
+## 复审文档 PR
+
+<!--
+People who are not yet approvers or reviewers can still review pull requests.
+The reviews are not considered "binding", which means that your review alone
+won't cause a pull request to be merged. However, it can still be helpful. Even
+if you don't leave any review comments, you can get a sense of pull request
+conventions and etiquette and get used to the workflow.
+ -->
+就算不是批注者或者复审者，也同样可以复审 PR。复审人员并不是"固定"的，意味着您单独的评审并不会让 PR 合并。
+然而，这依然对我们是很有帮助的。即使您没有留下任何评审意见，您可以了解 PR 的规范和礼仪，并习惯工作流程。
+
+<!--
+1.  Go to
+    [https://github.com/kubernetes/website/pulls](https://github.com/kubernetes/website/pulls).
+    You see a list of every open pull request against the Kubernetes website and
+    docs.
+ -->
+1.  前往 [https://github.com/kubernetes/website/pulls](https://github.com/kubernetes/website/pulls)。
+    请会看到一个列表，里面包含了所有对于 Kubernetes 网站和文档提的 PR。
+
+<!--
+2.  By default, the only filter that is applied is `open`, so you don't see
+    pull requests that have already been closed or merged. It's a good idea to
+    apply the `cncf-cla: yes` filter, and for your first review, it's a good
+    idea to add `size/S` or `size/XS`. The `size` label is applied automatically
+    based on how many lines of code the PR modifies. You can apply filters using
+    the selection boxes at the top of the page, or use
+    [this shortcut](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+label%3A%22cncf-cla%3A+yes%22+label%3Asize%2FS) for only small PRs. All filters are `AND`ed together, so
+    you can't search for both `size/XS` and `size/S` in the same query.
+ -->
+2.  默认情况下，使用的筛选器是 `open`，所以您不会看见已经关闭或合并的 PR。
+    最好使用 `cncf-cla: yes` 筛选器，并且对于第一次复审来说，最好加上 `size/S`
+    或者 `size/XS`。`size` 标签会根据 PR 修改的代码行数自动生成。
+    您可以通过页面顶端的选择框应用筛选器，或者使用
+    [这个捷径](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+label%3A%22cncf-cla%3A+yes%22+label%3Asize%2FS)
+    来查找所有小型 PR。所有筛选条件都是 `与` 的，所以您不能在一次查询中同时查找 `size/XS` 和 `size/S` 的结果。
+
+<!--
+3.  Go to the **Files changed** tab. Look through the changes introduced in the
+    PR, and if applicable, also look at any linked issues. If you see a problem
+    or room for improvement, hover over the line and click the `+` symbol that
+    appears.
+ -->
+3.  前往 **Files changed（文件修改）** 标签页。查看 PR 中的变化部分，如果适用，也看一下关联的问题。
+    如果您发现问题或者可以改进的空间，将鼠标悬浮在那一行并点击前面出现的 `+` 加号。
+
+      <!-- You can type a comment, and either choose **Add single comment** or **Start
+      a review**. Typically, starting a review is better because it allows you to
+      leave multiple comments and notifies the PR owner only when you have
+      completed the review, rather than a separate notification for each comment.
+      -->
+      你可以留下评论，选择 **Add single comment（仅添加评论）** 或者也可以 **Start a review（开始复审）**。
+      典型来说，开始复审更好，因为这样您就可以在多行下留下评论，并且只有在完成复审后统一提交并通知 PR 的作者，
+      而不是每一条评论都发送通知。
+
+<!--
+4.  When finished, click **Review changes** at the top of the page. You can
+    summarize your review, and you can choose to comment, approve, or request
+    changes. New contributors should always choose **Comment**.
+ -->
+4.  完成后，点击页面顶端但 **Review changes（复审修改）** 按钮。您可以总结复审，并且可以选择
+    comment（评论），approve（批准），或者 request changes（请求变更）。
+    新的贡献者应该选择  **Comment（评论）**。
+
+<!--
+Thanks for reviewing a pull request! When you are new to the project, it's a
+good idea to ask for feedback on your pull request reviews. The `#sig-docs`
+Slack channel is a great place to do this.
+ -->
+感谢您对于 PR 的复审工作！当您对于项目还是新人时，最好在拉取请求评论中征求反馈意见。
+Slack 的 `#sig-docs` 频道就是一个征求意见好去处。
+
+<!--
+## Write a blog post
+ -->
+## 撰写一篇博客文章
+
+<!--
+Anyone can write a blog post and submit it for review. Blog posts should not be
+commercial in nature and should consist of content that will apply broadly to
+the Kubernetes community.
+ -->
+任何人都可以撰写博客并提交复审。博客文章不应具有商业性质，而应包含广泛适用于 Kubernetes 社区的内容。
+
+<!--
+To submit a blog post, you can either submit it using the
+[Kubernetes blog submission form](https://docs.google.com/forms/d/e/1FAIpQLSch_phFYMTYlrTDuYziURP6nLMijoXx_f7sLABEU5gWBtxJHQ/viewform),
+or follow the steps below.
+ -->
+要提交博客文章，您可以选择使用 [Kubernetes 博客提交表单](https://docs.google.com/forms/d/e/1FAIpQLSch_phFYMTYlrTDuYziURP6nLMijoXx_f7sLABEU5gWBtxJHQ/viewform)
+或者按如下步骤进行：
+
+<!--
+1.  [Sign the CLA](#sign-the-cla) if you have not yet done so.
+2.  Have a look at the Markdown format for existing blog posts in the
+    [website repository](https://github.com/kubernetes/website/tree/master/content/en/blog/_posts).
+3.  Write out your blog post in a text editor of your choice.
+4.  On the same link from step 2, click the **Create new file** button. Paste
+    your content into the editor. Name the file to match the proposed title of
+    the blog post, but don't put the date in the file name. The blog reviewers
+    will work with you on the final file name and the date the blog will be
+    published.
+5.  When you save the file, Github will walk you through the pull request
+    process.
+6.  A blog post reviewer will review your submission and work with you on
+    feedback and final details. When the blog post is approved, the blog will be
+    scheduled for publication.
+ -->
+1.  [签署 CLA](#sign-the-cla)，如果您还未签署的话。
+2.  查看现有博客文章的 Markdown 格式，位于[网站代码仓库](https://github.com/kubernetes/website/tree/master/content/en/blog/_posts)。
+3.  在您选择的文本编辑器中写下您的博客文章。
+4.  在步骤 2 的相同链接中，点击 **Create new file（创建新文件）** 按钮。
+    将您的内容粘贴到编辑器中。将文件命名为与博客文章的标题的名称，
+    但不要将日期放在文件名中。博客复审人员将与您一起确定最终文件名和博客发布日期。
+5.  保存文件时，Github 将引导您完成 PR 过程。
+6.  博客复审人员会对您提交对内容进行复审，并与您一起完成反馈意见和最终的详细信息。
+    博客文章获得批准后，博客将会安排时间进行发布。
+
+<!--
+## Submit a case study
+ -->
+## 提交一个案例研究
+
+<!--
+Case studies highlight how organizations are using Kubernetes to solve
+real-world problems. They are written in collaboration with the Kubernetes
+marketing team, which is handled by the CNCF.
+ -->
+案例研究强调组织如何使用 Kubernetes 解决实际问题。它们是由 Kubernetes 市场团队共同撰写的，由 CNCF 进行处理。
+
+<!--
+Have a look at the source for the
+[existing case studies](https://github.com/kubernetes/website/tree/master/content/en/case-studies).
+Use the [Kubernetes case study submission form](https://www.cncf.io/people/end-user-community/)
+to submit your proposal.
+ -->
+看一下[现有案例研究](https://github.com/kubernetes/website/tree/master/content/en/case-studies)的源码。
+使用 [Kubernetes 案例研究提交表](https://www.cncf.io/people/end-user-community/)提交您的提案。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+When you are comfortable with all of the tasks discussed in this topic and you
+want to engage with the Kubernetes docs team in deeper ways, read the
+[intermediate docs contribution guide](/docs/contribute/intermediate/).
+ -->
+当您对本主题中讨论的所有任务感到满意，并且您希望以更深入的方式与 Kubernetes 文档团队合作，
+请阅读[中级贡献者指南](/docs/contribute/intermediate/)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/style/_index.md b/content/zh/docs/contribute/style/_index.md
new file mode 100644
index 0000000000000..aacaf26575a73
--- /dev/null
+++ b/content/zh/docs/contribute/style/_index.md
@@ -0,0 +1,21 @@
+---
+title: 文档风格概述
+main_menu: true
+weight: 80
+---
+
+<!--
+---
+title: Documentation style overview
+main_menu: true
+weight: 80
+---
+-->
+
+<!--
+The topics in this section provide guidance on writing style, content formatting
+and organization, and using Hugo customizations specific to Kubernetes
+documentation.
+-->
+
+本节的主题是提供有关编写风格、内容格式和组织以及使用 Hugo 定制生成 Kubernetes 文档的指导。
diff --git a/content/zh/docs/contribute/style/content-organization.md b/content/zh/docs/contribute/style/content-organization.md
new file mode 100644
index 0000000000000..3ce7964655101
--- /dev/null
+++ b/content/zh/docs/contribute/style/content-organization.md
@@ -0,0 +1,270 @@
+---
+title: 内容组织
+content_template: templates/concept
+weight: 40
+---
+
+<!--
+---
+title: Content organization
+content_template: templates/concept
+weight: 40
+---
+-->
+
+
+{{% capture overview %}}
+
+<!--
+This site uses Hugo. In Hugo, [content organization](https://gohugo.io/content-management/organization/) is a core concept.
+-->
+
+本网站使用了 Hugo。在 Hugo 中，[内容组织](https://gohugo.io/content-management/organization/) 是一个核心概念。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+{{% note %}}
+<!--
+**Hugo Tip:** Start Hugo with `hugo server --navigateToChanged` for content edit-sessions.
+-->
+
+**Hugo 提示:** 用 `hugo server --navigateToChanged` 命令启动 Hugo 以进行内容编辑会话。
+{{% /note %}}
+
+<!--
+## Page Lists
+-->
+
+## 页面列表
+
+<!--
+### Page Order
+-->
+
+### 页面顺序
+
+<!--
+The documentation side menu, the documentation page browser etc. are listed using Hugo's default sort order, which sorts by weight (from 1), date (newest first), and finally by the link title.
+-->
+
+文档侧方菜单、文档页面浏览器等以 Hugo 的默认排序顺序列出，它按照权重（从1开始）、日期（最新的排第一个）排序，最后按链接标题排序。
+
+<!--
+Given that, if you want to move a page or a section up, set a weight in the page's front matter:
+-->
+
+如果你想提升一个页面或一个章节，请在页面头部设置一个较高的权重：
+
+```yaml
+title: My Page
+weight: 10
+```
+
+
+{{% note %}}
+<!--
+For page weights, it can be smart not to use 1, 2, 3 ..., but some other interval, say 10, 20, 30... This allows you to insert pages where you want later.
+-->
+
+对于页面的权重，不建议使用连续的数值，比如1、2、3...，而是采用间隔的数值，比如10、20、30...，这样你可以将后续的页面插入到想要的位置。
+{{% /note %}}
+
+
+<!--
+### Documentation Main Menu
+-->
+
+### 文档主菜单
+
+<!--
+The `Documentation` main menu is built from the sections below `docs/` with the `main_menu` flag set in front matter of the `_index.md` section content file:
+-->
+
+`Documentation` 主菜单是从 `docs/` 下面的章节构建的，它在 `_index.md` 章节内容文件的头部设置了 `main_menu` 标志：
+
+
+```yaml
+main_menu: true
+```
+
+
+<!--
+Note that the link title is fetched from the page's `linkTitle`, so if you want it to be something different than the title, change it in the content file:
+-->
+
+注意，链接标题是从页面的 `linkTitle` 中提取的，因此如果希望它与标题不同，请在内容文件中更改它：
+
+
+```yaml
+main_menu: true
+title: Page Title
+linkTitle: Title used in links
+```
+
+
+{{% note %}}
+<!--
+The above needs to be done per language. If you don't see your section in the menu, it is probably because it is not identified as a section by Hugo. Create a `_index.md` content file in the section folder.
+-->
+
+以上每种语言都需要完成。如果在菜单中没有看到你的章节，这可能是因为它没有被 Hugo 标识为一个章节。请在章节对应的目录下创建 `_index.md` 内容文件。
+{{% /note %}}
+
+<!--
+### Documentation Side Menu
+-->
+
+### 文档侧方菜单
+
+<!--
+The documentation side-bar menu is built from the _current section tree_ starting below `docs/`.
+-->
+
+文档侧方菜单是从 `docs/` 下面的 _current 章节的 tree_ 开始构建的。
+
+<!--
+It will show all sections and their pages.
+-->
+
+它将显示所有的章节和它们的页面。
+
+<!--
+If you don't want to list a section or page, set the `toc_hide` flag to `true` in front matter:
+-->
+
+如果你不想列出某个章节或页面，请在页面头部将 `toc_hide` 标志设置为 `true`。
+
+```yaml
+toc_hide: true
+```
+
+<!--
+When you navigate to a section that has content, the specific section or page (e.g. `_index.md`) is shown. Else, the first page inside that section is shown.
+-->
+
+当导航到具有内容的章节时，将显示出指定的章节或页面（例如 `_index.md`）。否则，将显示该章节里的第一个页面。
+
+<!--
+### Documentation Browser
+-->
+
+### 文档浏览器
+
+<!--
+The page browser on the documentation home page is built using all the sections and pages that are directly below the `docs section`.
+-->
+
+文档主页上的页面浏览器是用 `docs section` 下一层的所有章节和页面构建的。
+
+<!--
+If you don't want to list a section or page, set the `toc_hide` flag to `true` in front matter:
+-->
+
+如果你不想列出某个章节或页面，请在页面头部将 `toc_hide` 标志设置为 `true`。
+
+```yaml
+toc_hide: true
+```
+
+<!--
+### The Main Menu
+-->
+
+### 主菜单
+
+<!--
+The site links in the top-right menu -- and also in the footer -- are built by page-lookups. This is to make sure that the page actually exists. So, if the `case-studies` section does not exist in a site (language), it will not be linked to.
+-->
+
+右上菜单中的网站链接（也在页脚中）是通过页面查找构建的。这是为了确保页面实际存在。因此，如果 `case-studies` 章节在网站中不存在（按语言），则它将链接不到。
+
+
+<!--
+## Page Bundles
+-->
+
+## 页面包
+
+<!--
+In addition to standalone content pages (Markdown files), Hugo supports [Page Bundles](https://gohugo.io/content-management/page-bundles/).
+-->
+
+除了独立的内容页面（Markdown文件），Hugo 还支持 [页面包](https://gohugo.io/content-management/page-bundles/)。
+
+<!--
+One example is [Custom Hugo Shortcodes](/docs/contribute/style/hugo-shortcodes/). It is considered a `leaf bundle`. Everything below the directory, including the `index.md`, will be part of the bundle. This also includes page-relative links, images that can be processed etc.:
+-->
+
+一个例子是 [定制 Hugo 短代码](/docs/contribute/style/hugo-shortcodes/)。它被认为是 `leaf bundle`。目录下的所有内容，包括 `index.md`，都是包的一部分。这还包括页面相关的链接、可被处理的图像等：
+
+```bash
+en/docs/home/contribute/includes
+├── example1.md
+├── example2.md
+├── index.md
+└── podtemplate.json
+```
+
+<!--
+Another widely used example is the `includes` bundle. It sets `headless: true` in front matter, which means that it does not get its own URL. It is only used in other pages.
+-->
+
+另一个广泛使用的例子是 `includes` 包。它在页面头部设置 `headless: true`，这意味着它没有得到自己的 URL。它只用于其他页面。
+
+```bash
+en/includes
+├── default-storage-class-prereqs.md
+├── federated-task-tutorial-prereqs.md
+├── federation-content-moved.md
+├── index.md
+├── partner-script.js
+├── partner-style.css
+├── task-tutorial-prereqs.md
+├── user-guide-content-moved.md
+└── user-guide-migration-notice.md
+```
+
+<!--
+Some important notes to the files in the bundles:
+-->
+
+包中文件的一些重要说明：
+
+<!--
+* For translated bundles, any missing non-content files will be inherited from languages above. This avoids duplication.
+* All the files in a bundle are what Hugo calls `Resources` and you can provide metadata per language, such as parameters and title, even if it does not supports front matter (YAML files etc.). See [Page Resources Metadata](https://gohugo.io/content-management/page-resources/#page-resources-metadata).
+* The value you get from `.RelPermalink` of a `Resource` is page-relative. See [Permalinks](https://gohugo.io/content-management/urls/#permalinks).
+-->
+
+* 对于已翻译的包，任何丢失的非内容文件将从上面的语言继承。这避免了重复。
+* 包中的所有文件都是 Hugo 所指的 `Resources`，你可以为每种语言提供元数据，例如参数和标题，即使它不支持头部设置（YAML 文件等）。参见[页面资源元数据](https://gohugo.io/content-management/page-resources/#page-resources-metadata)。
+* 从 `Resource` 的 `.RelPermalink` 中获得的值是页面相关的。参见 [Permalinks](https://gohugo.io/content-management/urls/#permalinks)。
+
+
+<!--
+## Styles
+-->
+
+## 样式
+
+<!--
+The `SASS` source of the stylesheets for this site is stored below `src/sass` and can be built with `make sass` (note that Hugo will get `SASS` support soon, see https://github.com/gohugoio/hugo/issues/4243).
+-->
+
+本网站的样式表的 `SASS` 源存储在 `src/sass` 下面，可以用 `make sass` 构建（Hugo很快就会得到 `SASS` 的支持，参见https://github.com/gohugoio/hugo/issues/4243）。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* [Custom Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/)
+* [Style guide](/docs/contribute/style/style-guide)
+-->
+
+* [定制 Hugo 短代码](/docs/contribute/style/hugo-shortcodes/)
+* [样式指南](/docs/contribute/style/style-guide)
+
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/style/hugo-shortcodes/example1.md b/content/zh/docs/contribute/style/hugo-shortcodes/example1.md
new file mode 100644
index 0000000000000..0656ce4883908
--- /dev/null
+++ b/content/zh/docs/contribute/style/hugo-shortcodes/example1.md
@@ -0,0 +1,23 @@
+---
+title: 例子 #1
+---
+
+<!--
+---
+title: Example #1
+---
+-->
+
+<!--
+This is an **example** content file inside the **includes** leaf bundle.
+-->
+
+这是一个内容文件**示例**，位于一个**includes**叶子包中。
+
+{{< note >}}
+<!--
+Included content files can also contain shortcodes.
+-->
+
+包含的内容文件也可以包含短代码。
+{{< /note >}}
\ No newline at end of file
diff --git a/content/zh/docs/contribute/style/hugo-shortcodes/example2.md b/content/zh/docs/contribute/style/hugo-shortcodes/example2.md
new file mode 100644
index 0000000000000..356983f3c0029
--- /dev/null
+++ b/content/zh/docs/contribute/style/hugo-shortcodes/example2.md
@@ -0,0 +1,17 @@
+---
+title: 例子 #1
+---
+
+<!--
+---
+title: Example #1
+---
+-->
+
+<!--
+This is another **example** content file inside the **includes** leaf bundle.
+-->
+
+这是另一个内容文件**示例**，位于一个**includes**叶子包中。
+
+
diff --git a/content/zh/docs/contribute/style/hugo-shortcodes/index.md b/content/zh/docs/contribute/style/hugo-shortcodes/index.md
new file mode 100644
index 0000000000000..b9523c72170a6
--- /dev/null
+++ b/content/zh/docs/contribute/style/hugo-shortcodes/index.md
@@ -0,0 +1,272 @@
+---
+approvers:
+- chenopis
+title: 定制 Hugo 短代码
+content_template: templates/concept
+---
+
+<!-- ---
+approvers:
+- chenopis
+title: Custom Hugo Shortcodes
+content_template: templates/concept
+--- -->
+
+{{% capture overview %}}
+<!-- This page explains the custom Hugo shortcodes that can be used in Kubernetes markdown documentation. -->
+本页面将介绍定制 Hugo 短代码，可以用于 Kubernetes markdown 文档书写。
+
+<!-- Read more about shortcodes in the [Hugo documentation](https://gohugo.io/content-management/shortcodes). -->
+更多关于短代码参见 [Hugo 文档](https://gohugo.io/content-management/shortcodes)。
+{{% /capture %}}
+
+{{% capture body %}}
+<!-- ## Feature state -->
+## 功能状态
+
+<!-- In a markdown page (.md file) on this site, you can add a shortcode to display version and state of the documented feature. -->
+本站上面的 markdown 页面，你可以加入短代码来展示已经文档介绍的功能的版本和状态(state)。
+
+<!-- ### Feature state demo -->
+### 功能状态演示
+
+<!-- Below is a demo of the feature state snippet, which displays the feature as stable in Kubernetes version 1.10. -->
+下面是一个功能状态代码段的演示，表明这个功能已经在 Kubernetes v1.10时就已经稳定了。
+
+```
+{{</* feature-state for_k8s_version="v1.10" state="stable" */>}}
+```
+
+<!-- Will render to: -->
+会转换为：
+
+{{< feature-state for_k8s_version="v1.10" state="stable" >}}
+
+<!-- The valid values for `state` are: -->
+`state`的可选值如下：
+
+* alpha
+* beta
+* deprecated
+* stable
+
+<!-- ### Feature state code -->
+### 功能状态代码
+
+<!-- Below is the template code for each available feature state. -->
+下面是为每个现有的功能状态的模板代码。
+
+<!-- The displayed Kubernetes version defaults to that of the page or the site. This can be changed by passing the <code>for_k8s_version</code> shortcode parameter. -->
+
+显示的 Kubernetes 默认为该页或站点版本。
+这个可以通过修改 <code>for_k8s_version</code> 短代码参数来调整。
+
+```
+{{</* feature-state for_k8s_version="v1.10" state="stable" */>}}
+```
+
+<!-- Renders to: -->
+会转换为：
+
+{{< feature-state for_k8s_version="v1.10" state="stable" >}}
+
+<!-- #### Alpha feature -->
+#### Alpha 功能
+
+```
+{{</* feature-state feature-state state="alpha" */>}}
+```
+
+<!-- Renders to: -->
+会转换为：
+
+{{< feature-state state="alpha" >}}
+
+
+<!-- #### Beta feature -->
+#### Beta 功能
+
+```
+{{</* feature-state feature-state state="beta" */>}}
+```
+
+<!-- Renders to: -->
+会转换为：
+
+{{< feature-state state="beta" >}}
+
+<!-- #### Stable feature -->
+#### 稳定功能
+
+```
+{{</* feature-state feature-state state="stable" */>}}
+```
+
+<!-- Renders to: -->
+会转换为：
+
+{{< feature-state state="stable" >}}
+
+<!-- #### Deprecated feature -->
+#### 废弃功能
+
+```
+{{</* feature-state feature-state state="deprecated" */>}}
+```
+
+<!-- Renders to: -->
+会转换为：
+
+{{< feature-state state="deprecated" >}}
+
+<!-- ## Glossary -->
+## 词汇
+
+<!-- You can reference glossary terms with an inclusion that will automatically update and replace content with the relevant links from [our glossary](/docs/reference/glossary/). When the term is moused-over by someone
+using the online documentation, the glossary entry will display a tooltip. -->
+
+你可以通过加入术语词汇的短代码，来自动更新和替换相应链接中的内容（[我们的词汇库](/docs/reference/glossary/)）
+这样，在浏览在线文档，鼠标移到术语上时，术语解释就会显示在提示框中。
+
+<!-- The raw data for glossary terms is stored at [https://github.com/kubernetes/website/tree/master/content/en/docs/reference/glossary](https://github.com/kubernetes/website/tree/master/content/en/docs/reference/glossary), with a content file for each glossary term. -->
+
+词汇术语的原始数据保存在 [https://github.com/kubernetes/website/tree/master/content/en/docs/reference/glossary](https://github.com/kubernetes/website/tree/master/content/en/docs/reference/glossary)，每个内容文件对应相应的术语解释。
+
+<!-- ### Glossary Demo -->
+### 词汇演示
+
+<!-- For example, the following include within the markdown will render to {{< glossary_tooltip text="cluster" term_id="cluster" >}} with a tooltip: -->
+
+例如，下面的代码在 markdown 中将会转换为 `{{< glossary_tooltip text="cluster" term_id="cluster" >}}`，然后在提示框中显示。
+
+````liquid
+{{</* glossary_tooltip text="cluster" term_id="cluster" */>}}
+````
+
+<!-- ## Tabs -->
+## 标签页
+
+<!-- In a markdown page (`.md` file) on this site, you can add a tab set to display multiple flavors of a given solution. -->
+在本站的 markdown 页面（`.md` 文件）中，你可以加入一个标签页集来显示不同形式的解决方案。
+
+<!-- The `tabs` shortcode takes these parameters: -->
+标签页的短代码包含以下参数：
+
+<!-- * `name`: The name as shown on the tab.
+* `codelang`: If you provide inner content to the `tab` shortcode, you can tell Hugo what code language to use for highlighting.
+* `include`: The file to include in the tab. If the tab lives in a Hugo [leaf bundle](https://gohugo.io/content-management/page-bundles/#leaf-bundles), the file -- which can be any MIME type supported by Hugo -- will be looked up in the bundle itself. If not, the content page to include will be looked up relative to the current. Note that with the `include` you will not have any shortcode inner content and must use the self-closing syntax, e.g. {{</* tab name="Content File #1" include="example1" /*/>}}. Non-content files will be code-highlighted. The language to use will be taken from the filename if not provided in `codelang`. -->
+
+* `name`: 标签页上的名字。
+* `codelang`: 如果要在`tab`短代码中加入内部内容，需要告知 Hugo 使用的是什么代码语言，方便代码高亮。
+* `include`: 标签页中所要包含的文件。如果标签页是在 Hugo 的页面包（[leaf bundle](https://gohugo.io/content-management/page-bundles/#leaf-bundles)）中，文件（可以是 Hugo 所支持的 MIME 类型文件）将会在包中查找。如果不是，所要包含的内容页面将会在当前路径的相关路径下查找。注意，在`include`属性部分，不能加入短代码内部内容，必须要使用自结束（self-closing）的语法。
+非内容文件将会被代码高亮。如果没有在`codelang`进行声明的话，所用的代码语言将会来自文件名。
+
+<!-- * If your inner content is markdown, you must use `%`-delimiter to surorund the tab, e.g. `{{%/* tab name="Tab 1" %}}This is **markdown**{{% /tab */%}}`
+* You can combine the variations mentioned above inside a tab set. -->
+
+* 如果内部内容是 markdown， 你必须要使用 `%` 分隔符来包装标签页，例如，`{{%/* tab name="Tab 1" %}}This is **markdown**{{% /tab */%}}`
+* 可以在标签页集中混合使用上面的各种变形。
+
+<!-- Below is a demo of the tabs shortcode. -->
+下面是演示标签页短代码。
+
+{{< note >}}
+The tab **name** in a `tabs` definition must be unique within a content page.
+一个内容页面下的，标签页定义中的标签页 **名** 必须是唯一的。
+{{< /note >}}
+
+<!-- ### Tabs demo: Code highlighting -->
+### 标签页演示：代码高亮
+
+```go-text-template
+{{</* tabs name="tab_with_code" >}}
+{{{< tab name="Tab 1" codelang="bash" >}}
+echo "This is tab 1."
+{{< /tab >}}
+{{< tab name="Tab 2" codelang="go" >}}
+println "This is tab 2."
+{{< /tab >}}}
+{{< /tabs */>}}
+```
+
+<!-- Will be rendered as: -->
+会转换为：
+
+{{< tabs name="tab_with_code" >}}
+{{< tab name="Tab 1" codelang="bash" >}}
+echo "This is tab 1."
+{{< /tab >}}
+{{< tab name="Tab 2" codelang="go" >}}
+println "This is tab 2."
+{{< /tab >}}
+{{< /tabs >}}
+
+### Tabs demo: Inline Markdown and HTML
+
+```go-html-template
+{{</* tabs name="tab_with_md" >}}
+{{% tab name="Markdown" %}}
+This is **some markdown.**
+{{< note >}}**Note:** It can even contain shortcodes.{{< /note >}}
+{{% /tab %}}
+{{< tab name="HTML" >}}
+<div>
+	<h3>Plain HTML</h3>
+	<p>This is some <i>plain</i> HTML.</p>
+</div>
+{{< /tab >}}
+{{< /tabs */>}}
+```
+
+<!-- Will be rendered as: -->
+会转换为：
+
+{{< tabs name="tab_with_md" >}}
+{{% tab name="Markdown" %}}
+This is **some markdown.**
+{{< note >}}**Note:** It can even contain shortcodes.{{< /note >}}
+{{% /tab %}}
+{{< tab name="HTML" >}}
+<div>
+	<h3>Plain HTML</h3>
+	<p>This is some <i>plain</i> HTML.</p>
+</div>
+{{< /tab >}}
+{{< /tabs >}}
+
+<!-- ### Tabs demo: File include -->
+### 标签页演示：文件嵌套
+
+```go-text-template
+{{</* tabs name="tab_with_file_include" >}}
+{{< tab name="Content File #1" include="example1" />}}
+{{< tab name="Content File #2" include="example2" />}}
+{{< tab name="JSON File" include="podtemplate" />}}
+{{< /tabs */>}}
+```
+
+<!-- Will be rendered as: -->
+会转换为：
+
+{{< tabs name="tab_with_file_include" >}}
+{{< tab name="Content File #1" include="example1" />}}
+{{< tab name="Content File #2" include="example2" />}}
+{{< tab name="JSON File" include="podtemplate" />}}
+{{< /tabs >}}
+
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!-- * Learn about [Hugo](https://gohugo.io/).
+* Learn about [writing a new topic](/docs/home/contribute/write-new-topic/).
+* Learn about [using page templates](/docs/home/contribute/page-templates/).
+* Learn about [staging your changes](/docs/home/contribute/stage-documentation-changes/)
+* Learn about [creating a pull request](/docs/home/contribute/create-pull-request/). -->
+
+* 了解 [Hugo](https://gohugo.io/)。
+* 了解 [撰写新的话题](/docs/home/contribute/write-new-topic/)。
+* 了解 [使用页面模板](/docs/home/contribute/page-templates/)。
+* 了解 [暂存修改](/docs/home/contribute/stage-documentation-changes/)。
+* 了解 [创建 pull request](/docs/home/contribute/create-pull-request/)。
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/style/page-templates.md b/content/zh/docs/contribute/style/page-templates.md
new file mode 100644
index 0000000000000..f1afdff4279ce
--- /dev/null
+++ b/content/zh/docs/contribute/style/page-templates.md
@@ -0,0 +1,352 @@
+---
+title: 使用页面模板
+content_template: templates/concept
+weight: 30
+---
+
+<!--
+---
+title: Using Page Templates
+content_template: templates/concept
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+When contributing new topics, apply one of the following templates to them.
+This standardizes the user experience of a given page.
+-->
+
+当贡献新主题时，选择下列模板中的一种。
+这使指定页面的用户体验标准化。
+
+<!--
+The page templates are in the
+[`layouts/partials/templates`](https://git.k8s.io/website/layouts/partials/templates)
+directory of the [`kubernetes/website`](https://github.com/kubernetes/website)
+repository.
+-->
+
+页面模板在 [`kubernetes/website`](https://github.com/kubernetes/website) 仓库的 [`layouts/partials/templates`](https://git.k8s.io/website/layouts/partials/templates) 目录中。
+
+{{< note >}}
+<!--
+Every new topic needs to use a template. If you are unsure which
+template to use for a new topic, start with the
+[concept template](#concept-template).
+-->
+
+每个新主题都需要使用模板。如果你不确定新主题要使用哪个模板，请从[概念模板](#concept-template)开始。
+{{< /note >}}
+
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Concept template
+-->
+
+## 概念模板
+
+<!--
+A concept page explains some aspect of Kubernetes. For example, a concept
+page might describe the Kubernetes Deployment object and explain the role it
+plays as an application once it is deployed, scaled, and updated. Typically, concept
+pages don't include sequences of steps, but instead provide links to tasks or
+tutorials.
+-->
+
+每个概念页面负责解释 Kubernetes 的某方面。例如，概念页面可以描述 Kubernetes Deployment 对象，并解释当部署、扩展和更新时，它作为应用程序所扮演的角色。一般来说，概念页面不包括步骤序列，而是提供任务或教程的链接。
+
+
+<!--
+To write a new concept page, create a Markdown file in a subdirectory of the
+`/content/en/docs/concepts` directory, with the following characteristics:
+-->
+
+要编写新的概念页面，请在 `/content/en/docs/concepts` 目录的子目录中创建一个 Markdown 文件，其特点如下：
+
+<!--
+- In the page's YAML front-matter, set `content_template: templates/concept`.
+- In the page's body, set the required `capture` variables and any optional
+  ones you want to include:
+-->
+
+- 在页面的 YAML 头部，设置 `content_template: templates/concept`。
+- 在页面的 body 中，设置所需的 `capture` 变量和所有想要包含的变量：
+
+    | 变量          | 必需?     |
+    |---------------|-----------|
+    | overview      | 是        |
+    | body          | 是        |
+    | whatsnext     | 否        |
+
+<!--
+    The page's body will look like this (remove any optional captures you don't
+    need):
+-->
+
+    页面的 body 看起来像这样（移除所有不想要的可选 `capture` 变量）：
+
+    ```
+    {{%/* capture overview */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture body */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture whatsnext */%}}
+
+    {{%/* /capture */%}}
+    ```
+
+<!--
+- Within each section, write your content. Use the following guidelines:
+  - Use a minimum of H2 headings (with two leading `#` characters). The sections
+    themselves are titled automatically by the template.
+  - For `overview`, use a paragraph to set context for the entire topic.
+  - For `body`, explain the concept using free-form Markdown.
+  - For `whatsnext`, give a bullet list of up to 5 topics the reader might be
+    interested in reading next.
+-->
+
+- 在每个章节中写下你的内容。请遵从以下规则：
+  - 使用不低于 H2 级别的标题（避免使用 H1 的标题，但 H3、H4 的标题是可以的）（以两个 `#` 字符开头）。这些章节本身是由模板自动命名的。
+  - 在 `overview` 节，用一个段落的篇幅来为当前话题设定语境。
+  - 在 `body` 节，使用自由形式的 Markdown 文件来解释概念。
+  - 在 `whatsnext` 节，列出读者接下来可能感兴趣的最多 5 个主题。
+
+<!--
+An example of a published topic that uses the concept template is
+[Annotations](/docs/concepts/overview/working-with-objects/annotations/). The
+page you are currently reading also uses the concept template.
+-->
+
+使用概念模板的已发布主题的一个示例是[注解](/docs/concepts/overview/working-with-objects/annotations/)。你当前正在阅读的页面也使用概念模板。
+
+<!--
+## Task template
+-->
+
+## 任务模板
+
+<!--
+A task page shows how to do a single thing, typically by giving a short
+sequence of steps. Task pages have minimal explanation, but often provide links
+to conceptual topics that provide related background and knowledge.
+-->
+
+任务页面展示了如何完成单个任务，通常是通过给出一个简短的步骤序列。任务页面中解释性质的文字极少，但是通常会给出提供相关背景和知识的概念主题的链接。
+
+<!--
+To write a new task page, create a Markdown file in a subdirectory of the
+`/content/en/docs/tasks` directory, with the following characteristics:
+-->
+
+要编写新的任务页面，请在 `/content/en/docs/tasks` 目录的子目录中创建一个 Markdown 文件，其特点如下：
+
+<!--
+- In the page's YAML front-matter, set `content_template: templates/task`.
+- In the page's body, set the required `capture` variables and any optional
+  ones you want to include:
+-->
+
+- 在页面的 YAML 头部，设置 `content_template: templates/task`。
+- 在页面的 body 中，设置所需的 `capture` 变量和所有想要包含的变量：
+
+    | 变量          | 必需?     |
+    |---------------|-----------|
+    | overview      | 是        |
+    | prerequisites | 是        |
+    | steps         | 否        |
+    | discussion    | 否        |
+    | whatsnext     | 否        |
+
+<!--
+    The page's body will look like this (remove any optional captures you don't
+    need):
+-->
+
+    页面的 body 看起来像这样（移除所有不想要的可选 `capture` 变量）：
+
+    ```
+    {{%/* capture overview */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture prerequisites */%}}
+
+    {{</* include "task-tutorial-prereqs.md" */>}} {{</* version-check */>}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture steps */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture discussion */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture whatsnext */%}}
+
+    {{%/* /capture */%}}
+    ```
+
+<!--
+- Within each section, write your content. Use the following guidelines:
+  - Use a minimum of H2 headings (with two leading `#` characters). The sections
+    themselves are titled automatically by the template.
+  - For `overview`, use a paragraph to set context for the entire topic.
+  - For `prerequisites`, use bullet lists when possible. Start adding additional
+    prerequisites below the `include`. The default prerequisites include a running Kubernetes cluster.
+  - For `steps`, use numbered lists.
+  - For discussion, use normal content to expand upon the information covered
+    in `steps`.
+  - For `whatsnext`, give a bullet list of up to 5 topics the reader might be
+    interested in reading next.
+-->
+
+- 在每个章节中写下你的内容。请遵从以下规则：
+  - 使用不低于 H2 级别的标题（避免使用 H1 的标题，但 H3、H4 的标题是可以的）（以两个 `#` 字符开头）。这些章节本身是由模板自动命名的。
+  - 在 `overview` 节，用一个段落的篇幅来为当前话题设定语境。
+  - 在 `prerequisites 节`，如果有可能，请使用列表。在 `include` 下开始添加额外的先决条件。默认的先决条件包括运行中的 Kubernetes 集群。
+  - 在 `steps` 节，使用编号列表。
+  - 在讨论部分，使用通常的内容来扩展 `steps` 中包含的信息。
+  - 在 `whatsnext` 节，列出读者接下来可能感兴趣的最多 5 个主题。
+
+<!--
+An example of a published topic that uses the task template is [Using an HTTP proxy to access the Kubernetes API](/docs/tasks/access-kubernetes-api/http-proxy-access-api).
+-->
+
+使用任务模板的已发布主题的一个示例是[使用 HTTP 代理访问 Kubernetes API](/docs/tasks/access-kubernetes-api/http-proxy-access-api)。
+
+<!--
+## Tutorial template
+-->
+
+## 教程模板
+
+<!--
+A tutorial page shows how to accomplish a goal that is larger than a single
+task. Typically a tutorial page has several sections, each of which has a
+sequence of steps. For example, a tutorial might provide a walkthrough of a
+code sample that illustrates a certain feature of Kubernetes. Tutorials can
+include surface-level explanations, but should link to related concept topics
+for deep explanations.
+-->
+
+教程页面展示了如何完成比单个任务更大的目标。通常教程页有几个章节，每个章节都有步骤说明。例如，教程可以提供说明 Kubernetes 的特定特性的代码示例的演练。教程可以包括表层解释，但是应该链接到相关的概念主题以进行深入解释。
+
+<!--
+To write a new tutorial page, create a Markdown file in a subdirectory of the
+`/content/en/docs/tutorials` directory, with the following characteristics:
+-->
+
+要编写新的教程页面，请在 `/content/en/docs/tutorials` 目录的子目录中创建一个 Markdown 文件，其特点如下：
+
+<!--
+- In the page's YAML front-matter, set `content_template: templates/tutorial`.
+- In the page's body, set the required `capture` variables and any optional
+  ones you want to include:
+-->
+
+- 在页面的 YAML 头部，设置 `content_template: templates/tutorial`。
+- 在页面的 body 中，设置所需的 `capture` 变量和所有想要包含的变量：
+
+    | 变量          | 必需?     |
+    |---------------|-----------|
+    | overview      | 是        |
+    | prerequisites | 是        |
+    | objectives    | 是        |
+    | lessoncontent | 是        |
+    | cleanup       | 否        |
+    | whatsnext     | 否        |
+
+<!--
+    The page's body will look like this (remove any optional captures you don't
+    need):
+-->
+
+    页面的 body 看起来像这样（移除所有不想要的可选 `capture` 变量）：
+
+    ```
+    {{%/* capture overview */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture prerequisites */%}}
+
+    {{</* include "task-tutorial-prereqs.md" */>}} {{</* version-check */>}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture objectives */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture lessoncontent */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture cleanup */%}}
+
+    {{%/* /capture */%}}
+
+    {{%/* capture whatsnext */%}}
+
+    {{%/* /capture */%}}
+    ```
+
+<!--
+- Within each section, write your content. Use the following guidelines:
+  - Use a minimum of H2 headings (with two leading `#` characters). The sections
+    themselves are titled automatically by the template.
+  - For `overview`, use a paragraph to set context for the entire topic.
+  - For `prerequisites`, use bullet lists when possible. Add additional
+    prerequisites below the ones included by default.
+  - For `objectives`, use bullet lists.
+  - For `lessoncontent`, use a mix of numbered lists and narrative content as
+    appropriate.
+  - For `cleanup`, use numbered lists to describe the steps to clean up the
+    state of the cluster after finishing the task.
+  - For `whatsnext`, give a bullet list of up to 5 topics the reader might be
+    interested in reading next.
+-->
+
+- 在每个章节中写下你的内容。请遵从以下规则：
+  - 使用不低于 H2 级别的标题（避免使用 H1 的标题，但 H3、H4 的标题是可以的）（以两个 `#` 字符开头）。这些章节本身是由模板自动命名的。
+  - 在 `overview` 节，用一个段落的篇幅来为当前话题设定语境。
+  - 在 `prerequisites` 节，如果有可能，请使用列表。在默认情况下添加额外的先决条件。
+  - 在 `objectives` 节，使用列表。
+  - 在 `lessoncontent` 节，适当地使用编号列表和叙述内容的组合。
+  - 在 `cleanup` 节，使用编号列表描述完成任务后清理集群状态的步骤。
+  - 在 `whatsnext` 节，列出读者接下来可能感兴趣的最多 5 个主题。
+
+<!--
+An example of a published topic that uses the tutorial template is
+[Running a Stateless Application Using a Deployment](/docs/tutorials/stateless-application/run-stateless-application-deployment/).
+-->
+
+使用教程模板的已发布主题的一个示例是[使用部署运行无状态应用程序](/docs/tutorials/stateless-application/run-stateless-application-deployment/)。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+- Learn about the [style guide](/docs/contribute/style/style-guide/)
+- Learn about [content organization](/docs/contribute/style/content-organization/)
+-->
+
+- 学习[样式指南](/docs/contribute/style/style-guide/)
+- 学习[内容组织](/docs/contribute/style/content-organization/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/contribute/style/write-new-topic.md b/content/zh/docs/contribute/style/write-new-topic.md
new file mode 100644
index 0000000000000..82378bf1be8b8
--- /dev/null
+++ b/content/zh/docs/contribute/style/write-new-topic.md
@@ -0,0 +1,346 @@
+---
+title: 撰写新主题
+content_template: templates/task
+weight: 20
+---
+
+<!--
+---
+title: Writing a new topic
+content_template: templates/task
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page shows how to create a new topic for the Kubernetes docs.
+-->
+
+本页面展示如何为 Kubernetes 文档库创建新主题。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!--
+Create a fork of the Kubernetes documentation repository as described in
+[Start contributing](/docs/contribute/start/).
+-->
+
+创建 Kubernetes 文档仓库的一个分支，如[开始贡献](/docs/contribute/start/)中所述。
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Choosing a page type
+-->
+
+## 选择页面类型
+
+<!--
+As you prepare to write a new topic, think about the page type that would fit your content the best:
+-->
+
+当你准备写一个新的主题时，考虑一下最适合你的内容的页面类型：
+
+<!--
+<table>
+
+  <tr>
+    <td>Concept</td>
+    <td>A concept page explains some aspect of Kubernetes. For example, a concept page might describe the Kubernetes Deployment object and explain the role it plays as an application while it is deployed, scaled, and updated. Typically, concept pages don't include sequences of steps, but instead provide links to tasks or tutorials. For an example of a concept topic, see <a href="/docs/concepts/architecture/nodes/">Nodes</a>.</td>
+  </tr>
+
+  <tr>
+    <td>Task</td>
+    <td>A task page shows how to do a single thing. The idea is to give readers a sequence of steps that they can actually do as they read the page. A task page can be short or long, provided it stays focused on one area. In a task page, it is OK to blend brief explanations with the steps to be performed, but if you need to provide a lengthy explanation, you should do that in a concept topic. Related task and concept topics should link to each other. For an example of a short task page, see <a href="/docs/tasks/configure-pod-container/configure-volume-storage/">Configure a Pod to Use a Volume for Storage</a>. For an example of a longer task page, see <a href="/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/">Configure Liveness and Readiness Probes</a></td>
+  </tr>
+
+  <tr>
+    <td>Tutorial</td>
+    <td>A tutorial page shows how to accomplish a goal that ties together several Kubernetes features. A tutorial might provide several sequences of steps that readers can actually do as they read the page. Or it might provide explanations of related pieces of code. For example, a tutorial could provide a walkthrough of a code sample. A tutorial can include brief explanations of the Kubernetes features that are being tied together, but should link to related concept topics for deep explanations of individual features.</td>
+  </tr>
+
+</table>
+-->
+
+<table>
+
+  <tr>
+    <td>概念</td>
+    <td>每个概念页面负责解释 Kubernetes 的某方面。例如，概念页面可以描述 Kubernetes Deployment 对象，并解释当部署、扩展和更新时，它作为应用程序所扮演的角色。一般来说，概念页面不包括步骤序列，而是提供任务或教程的链接。一个概念主题的示例，请参见 <a href="/docs/concepts/architecture/nodes/">节点</a>.</td>
+  </tr>
+
+  <tr>
+    <td>任务</td>
+    <td>任务页面展示了如何完成单个任务。这样做的目的是给读者一系列步骤，让他们在阅读时能够真正做到这一点。任务页面可长可短，前提是它始终聚焦在一个区域。在任务页面中，可以将简短的解释与要执行的步骤混合在一起，但如果需要提供冗长的解释，则应在概念主题中进行。相关联的任务和概念主题可以相互链接。一个简短的任务页面的实例，请参见 <a href="/docs/tasks/configure-pod-container/configure-volume-storage/">配置一个使用卷进行存储的 Pod</a>. 一个较长的任务页面的实例，请参见 <a href="/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/">配置活动性和就绪性探测器</a></td>
+  </tr>
+
+  <tr>
+    <td>教程</td>
+    <td>教程页面展示了如何实现将几个 Kubernetes 特性联系在一起的目标。教程可能提供一些步骤序列，读者可以在阅读页面时实际执行这些步骤。或者它可以提供相关代码片段的解释。例如，教程可以提供代码示例的演练。教程可以包括对 Kubernetes 几个关联特性的简要解释，但应该链接到相关概念主题，以便深入解释各个特性。</td>
+  </tr>
+
+</table>
+
+<!--
+Use a template for each new page. Each page type has a
+[template](/docs/contribute/style/page-templates/)
+that you can use as you write your topic. Using templates helps ensure
+consistency among topics of a given type.
+-->
+
+为每个新页面使用模板。每种页面类型都有一个[模板](/docs/contribute/style/page-templates/)可以在编写主题时使用。使用模板有助于确保给定类型主题之间的一致性。
+
+<!--
+## Choosing a title and filename
+-->
+
+## 选择标题和文件名
+
+<!--
+Choose a title that has the keywords you want search engines to find.
+Create a filename that uses the words in your title separated by hyphens.
+For example, the topic with title
+[Using an HTTP Proxy to Access the Kubernetes API](/docs/tasks/access-kubernetes-api/http-proxy-access-api/)
+has filename `http-proxy-access-api.md`. You don't need to put
+"kubernetes" in the filename, because "kubernetes" is already in the
+URL for the topic, for example:
+-->
+
+选择一个标题，标题中包含了要通过搜索引擎要查找的关键字。创建一个文件名，使用标题中由连字符分隔的单词。例如，标题为[使用 HTTP 代理访问 Kubernetes API](/docs/tasks/access-kubernetes-api/http-proxy-access-api/) 的主题的文件名为 `http-proxy-access-api.md`。你不需要在文件名中加上 "kubernetes"，因为 "kubernetes" 已经在主题的 URL 中了，例如：
+
+       /docs/tasks/access-kubernetes-api/http-proxy-access-api/
+
+<!--
+## Adding the topic title to the front matter
+-->
+
+## 在页面头部添加主题标题
+
+<!--
+In your topic, put a `title` field in the
+[front matter](https://jekyllrb.com/docs/frontmatter/).
+The front matter is the YAML block that is between the
+triple-dashed lines at the top of the page. Here's an example:
+-->
+
+在你的主题中，在[页面头部](https://jekyllrb.com/docs/frontmatter/)设置一个 `title` 字段。页面头部是位于页面顶部三条虚线之间的 YAML 块。下面是一个例子：
+
+<!--
+    ---
+    title: Using an HTTP Proxy to Access the Kubernetes API
+    ---
+-->
+
+    ---
+    title: 使用 HTTP 代理访问 Kubernetes API
+    ---
+
+<!--
+## Choosing a directory
+-->
+
+## 选择目录
+
+<!--
+Depending on your page type, put your new file in a subdirectory of one of these:
+-->
+
+根据页面类型，将新文件放入其中一个子目录中：
+
+* /content/en/docs/tasks/
+* /content/en/docs/tutorials/
+* /content/en/docs/concepts/
+
+<!--
+You can put your file in an existing subdirectory, or you can create a new
+subdirectory.
+-->
+
+你可以将文件放在现有的子目录中，也可以创建一个新的子目录。
+
+<!--
+## Placing your topic in the table of contents
+-->
+
+## 将主题放在目录中
+
+<!--
+The table of contents is built dynamically using the directory structure of the
+documentation source. The top-level directories under `/content/en/docs/` create
+top-level navigation, and subdirectories each have entries in the table of
+contents.
+-->
+
+目录是使用文档源的目录结构动态构建的。`/content/en/docs/` 下的顶层目录创建顶层导航，它和子目录在目录中都有条目。
+
+<!--
+Each subdirectory has a file `_index.md`, which represents the "home" page for
+a given subdirectory's content. The `_index.md` does not need a template. It
+can contain overview content about the topics in the subdirectory.
+-->
+
+每个子目录都有一个 `_index.md` 文件，它表示指定子目录内容的主页面。`_index.md` 文件不需要模板。它可以包含有关子目录中主题的概述内容。
+
+<!--
+Other files in a directory are sorted alphabetically by default. This is almost
+never the best order. To control the relative sorting of topics in a
+subdirectory, set the `weight:` front-matter key to an integer. Typically, we
+use multiples of 10, to account for adding topics later. For instance, a topic
+with weight `10` will come before one with weight `20`.
+-->
+
+默认情况下，目录中的其他文件按字母顺序排序。这几乎不是最好的顺序。要控制子目录中主题的相对排序，请将页面头部的键 `weight:` 设置为整数。通常我们使用10的倍数，添加后续主题时权重值递增。例如，权重为 `10` 的主题将位于权重为 `20` 的主题之前。
+
+<!--
+## Embedding code in your topic
+-->
+
+## 在主题中嵌入代码
+
+<!--
+If you want to include some code in your topic, you can embed the code in your
+file directly using the markdown code block syntax. This is recommended for the
+following cases (not an exhaustive list):
+-->
+
+如果你想在主题中包含一些代码，可以直接使用标记代码块语法将代码嵌入到文件中。建议用于以下情况（并非详尽列表）：
+
+<!--
+- The code shows the output from a command such as
+  `kubectl get deploy mydeployment -o json | jq '.status'`.
+- The code is not generic enough for users to try out. As an example, you can
+  embed the YAML
+  file for creating a Pod which depends on a specific
+  [Flexvolume](/docs/concepts/storage/volumes#flexvolume) implementation.
+- The code is an incomplete example because its purpose is to highlight a
+  portion of a larger file. For example, when describing ways to
+  customize the [PodSecurityPolicy](/docs/tasks/administer-cluster/sysctl-cluster/#podsecuritypolicy)
+  for some reasons, you can provide a short snippet directly in your topic file.
+- The code is not meant for users to try out due to other reasons. For example,
+  when describing how a new attribute should be added to a resource using the
+  `kubectl edit` command, you can provide a short example that includes only
+  the attribute to add.
+-->
+
+- 代码显示来自命令的输出，例如 `kubectl get deploy mydeployment -o json | jq '.status'`。
+- 代码不够通用，用户无法验证。例如，你可以嵌入 YAML 文件来创建一个依赖于特定 [Flexvolume](/docs/concepts/storage/volumes#flexvolume)实现的 Pod。
+- 该代码是一个不完整的示例，因为它的目的是高亮显示大文件的部分内容。例如，在描述自定义 [PodSecurityPolicy](/docs/tasks/administer-cluster/sysctl-cluster/#podsecuritypolicy)的方法时，出于某些原因，你可以直接在主题文件中提供一个简短的片段。
+- 由于其他原因，该代码不适合用户验证。例如，当使用 `kubectl edit` 命令描述如何将新属性添加到资源时，你可以提供一个仅包含要添加的属性的简短示例。
+
+<!--
+## Including code from another file
+-->
+
+## 引用来自其他文件的代码
+
+<!--
+Another way to include code in your topic is to create a new, complete sample
+file (or group of sample files) and then reference the sample from your topic.
+Use this method to include sample YAML files when the sample is generic and
+reusable, and you want the reader to try it out themselves.
+-->
+
+在主题中引用代码的另一种方法是创建一个新的、完整的示例文件（或示例文件组），然后从主题中引用这些示例。当示例是通用的和可重用的，并且你希望读者自己验证时，使用此方法引用示例 YAML 文件。
+
+<!--
+When adding a new standalone sample file, such as a YAML file, place the code in
+one of the `<LANG>/examples/` subdirectories where `<LANG>` is the language for
+the topic. In your topic file, use the `codenew` shortcode:
+-->
+
+添加新的独立示例文件（如 YAML 文件）时，将代码放在 `<LANG>/examples/` 的某个子目录中，其中 `<LANG>` 是该主题的语言。在主题文件中使用 `codenew` 短代码：
+
+<pre>&#123;&#123;&lt; codenew file="&lt;RELPATH&gt;/my-example-yaml&gt;" &gt;&#125;&#125;</pre>
+
+<!--
+where `<RELPATH>` is the path to the file to include, relative to the
+`examples` directory. The following Hugo shortcode references a YAML
+file located at `/content/en/examples/pods/storage/gce-volume.yaml`.
+-->
+
+`<RELPATH>` 是要引用的文件的路径，相对于 `examples` 目录。以下 Hugo 短代码引用了位于 `/content/en/examples/pods/storage/gce-volume.yaml` 的 YAML 文件。
+
+```none
+{{</* codenew file="pods/storage/gce-volume.yaml" */>}}
+```
+
+{{< note >}}
+<!--
+To show raw Hugo shortcodes as in the above example and prevent Hugo
+from interpreting them, use C-style comments directly after the `<` and before
+the `>` characters. View the code for this page for an example.
+-->
+
+要展示上述示例中的原始 Hugo 短代码并避免 Hugo 对其进行解释，请直接在 `<` 字符之后和 `>` 字符之前使用 C 样式注释。请查看此页面的代码。
+{{< /note >}}
+
+<!--
+## Showing how to create an API object from a configuration file
+-->
+
+## 显示如何从配置文件创建 API 对象
+
+<!--
+If you need to demonstrate how to create an API object based on a
+configuration file, place the configuration file in one of the subdirectories
+under `<LANG>/examples`.
+-->
+
+如果需要演示如何基于配置文件创建 API 对象，请将配置文件放在 `<LANG>/examples` 下的某个子目录中。
+
+<!--
+In your topic, show this command:
+-->
+
+在主题中展示以下命令：
+
+```
+kubectl create -f https://k8s.io/examples/pods/storage/gce-volume.yaml
+```
+
+{{< note >}}
+<!--
+When adding new YAML files to the `<LANG>/examples` directory, make
+sure the file is also included into the `<LANG>/examples_test.go` file. The
+Travis CI for the Website automatically runs this test case when PRs are
+submitted to ensure all examples pass the tests.
+-->
+
+将新的 YAML 文件添加到 `<LANG>/examples` 目录时，请确保该文件也在 `<LANG>/examples_test.go` 文件中被引用。当提交拉取请求时，网站的 Travis CI 会自动运行此测试用例，以确保所有示例都通过测试。
+{{< /note >}}
+
+<!--
+For an example of a topic that uses this technique, see
+[Running a Single-Instance Stateful Application](/docs/tutorials/stateful-application/run-stateful-application/).
+-->
+
+有关使用此技术的主题的示例，请参见[运行单实例有状态的应用](/docs/tutorials/stateful-application/run-stateful-application/)。
+
+<!--
+## Adding images to a topic
+-->
+
+## 向主题添加镜像
+
+<!--
+Put image files in the `/images` directory. The preferred
+image format is SVG.
+-->
+
+将镜像文件放入 `/images` 目录。首选的镜像格式是 SVG。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* Learn about [using page templates](/docs/home/contribute/page-templates/).
+* Learn about [staging your changes](/docs/home/contribute/stage-documentation-changes/).
+* Learn about [creating a pull request](/docs/home/contribute/create-pull-request/).
+-->
+
+* 学习[使用页面模板](/docs/home/contribute/page-templates/)。
+* 学习[展示你的修改](/docs/home/contribute/stage-documentation-changes/)。
+* 学习[创建一个拉取请求](/docs/home/contribute/create-pull-request/)。
+{{% /capture %}}
diff --git a/content/zh/docs/doc-contributor-tools/README.md b/content/zh/docs/doc-contributor-tools/README.md
new file mode 100644
index 0000000000000..fe0e37a2c7e18
--- /dev/null
+++ b/content/zh/docs/doc-contributor-tools/README.md
@@ -0,0 +1,7 @@
+Kubernetes 文档贡献者的工具。 查看子目录内的 `README.md` 文件以获取更多信息。
+
+
+<!--
+Tools for Kubernetes docs contributors. View `README.md` files in
+subdirectories for more info.
+-->
diff --git a/content/zh/docs/doc-contributor-tools/snippets/README.md b/content/zh/docs/doc-contributor-tools/snippets/README.md
new file mode 100644
index 0000000000000..4058cbd4b62f3
--- /dev/null
+++ b/content/zh/docs/doc-contributor-tools/snippets/README.md
@@ -0,0 +1,84 @@
+<!-- # Snippets for Atom -->
+# Atom 的代码段
+
+<!-- Snippets are bits of text that get inserted into your editor, to save typing and
+reduce syntax errors. The snippets provided in `atom-snippets.cson` are scoped to
+only work on Markdown files within Atom. -->
+
+代码段就是可以插入到编辑器中的一段文本，可以节省键入时间，减少语法错误。
+`atom-snippets.cson` 文件中所提供的代码段只用于在 Atom 中的 Markdown 文件。
+
+<!-- ## Installation -->
+## 安装
+
+<!-- Copy the contents of the `atom-snippets.cson` file into your existing
+`~/.atom/snippets.cson`. **Do not replace your existing file.** -->
+
+将 `atom-snippets.cson` 文件中的内容复制到现有的`~/.atom/snippets.cson` 之中。
+**不要替换现有的文件。**
+
+<!-- You do not need to restart Atom. -->
+不需要重启 Atom。
+
+<!-- ## Usage -->
+## 使用
+
+<!-- Have a look through `atom-snippets.cson` and note the titles and `prefix` values
+of the snippets. -->
+
+浏览一遍 `atom-snippets.cson` 文件，记下代码段的标题和 `prefix`。
+
+<!-- You can trigger a given snippet in one of two ways:
+
+- By typing the snippet's `prefix` and pressing the `<TAB>` key
+- By searching for the snippet's title in **Packages / Snippets / Available** -->
+
+你可以使用以下任意一种方式来触发相应的代码段：
+- 键入代码段的`prefix`，按下 `<TAB>` 键
+- 在 **Packages / Snippets / Available** 中搜索代码段的标题
+
+<!-- For example, open a Markdown file and type `anote` and press `<TAB>`. A blank
+note is added, with the correct Hugo shortcodes. -->
+
+例如，打开一个 Markdown 文件，键入 `anote`，按下 `<TAB>`。
+就会插入一段带有正确的 Hugo 短代码的空注释。
+
+<!-- A snippet can insert a single line or multiple lines of text. Some snippets
+have placeholder values. To get to the next placeholder, press `<TAB>` again. -->
+
+代码段可以插入一行或多行文本。一些代码行都设有预留值。想要切换到下一个预留值，再按一次`<TAB>` 键即可。
+
+<!-- Some of the snippets only insert partially-formed Markdown or Hugo syntax.
+For instance, `coverview` inserts the start of a concept overview tag, while
+`cclose` inserts a close-capture tag. This is because every type of capture
+needs a capture-close tab. -->
+
+一些代码段只会插入部分格式的 Markdown 或 Hugo 语法。
+例如，`coverview` 只会插入一个概念概览的开始标签，而`cclose`则会插入一个结束标签。
+这是因为每类 capture 都需要一个 capture-close 标签。
+
+<!-- ## Creating new topics using snippets -->
+## 使用代码段创建新的话题
+
+<!-- To create a new concept, task, or tutorial from a blank file, use one of the
+following: -->
+从空白文件中，创建一个新的概念，任务或者教程，使用以下的代码段：
+
+- `newconcept`
+- `newtask`
+- `newtutorial`
+
+<!-- Placeholder text is included. -->
+预设文本包含其中。
+
+<!-- ## Submitting new snippets -->
+## 提交新的代码段
+
+<!-- 1.  Develop the snippet locally and verify that it works as expected.
+2.  Copy the template's code into the `atom-snippets.cson` file on Github. Raise a
+    pull request, and ask for review from another Atom user in `#sig-docs` on
+    Kubernetes Slack. -->
+
+1. 本地开发代码段，验证是否有效。
+2. 将代码单复制到 Github 的 `atom-snippets.cson` 文件中。
+提交 pull request，邀请 Kubernetes Slack `#sig-docs` 中的另外一名 Atom 用户进行审查。
diff --git a/content/zh/docs/getting-started-guides/_index.md b/content/zh/docs/getting-started-guides/_index.md
new file mode 100755
index 0000000000000..e2e9a092eaab9
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/_index.md
@@ -0,0 +1,11 @@
+---
+title: "独立解决方案"
+weight: 50
+---
+
+<!--
+---
+title: "Independent Solutions"
+weight: 50
+---
+-->
diff --git a/content/zh/docs/getting-started-guides/alternatives.md b/content/zh/docs/getting-started-guides/alternatives.md
new file mode 100644
index 0000000000000..36b4755d67f9e
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/alternatives.md
@@ -0,0 +1,22 @@
+---
+title: 弃用的替代品
+---
+<!--
+---
+reviewers:
+- pwittrock
+title: Deprecated Alternatives
+---
+-->
+
+# *停止。这些指南已被[Minikube](../minikube/)所取代，这里列出它们只是为了保持完整性。*
+<!--
+# *Stop.  These guides are superseded by [Minikube](../minikube/).  They are only listed here for completeness.*
+-->
+
+* [使用 Vagrant](https://git.k8s.io/community/contributors/devel/vagrant.md)
+* *更高级的：* [直接使用 Kubernetes 原始二进制程序（仅限 Linux 系统）](https://git.k8s.io/community/contributors/devel/running-locally.md)
+<!--
+* [Using Vagrant](https://git.k8s.io/community/contributors/devel/vagrant.md)
+* *Advanced:* [Directly using Kubernetes raw binaries (Linux Only)](https://git.k8s.io/community/contributors/devel/running-locally.md)
+-->
\ No newline at end of file
diff --git a/content/zh/docs/getting-started-guides/fedora/fedora_manual_config.md b/content/zh/docs/getting-started-guides/fedora/fedora_manual_config.md
new file mode 100644
index 0000000000000..596c87f6838ae
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/fedora/fedora_manual_config.md
@@ -0,0 +1,345 @@
+---
+reviewers:
+- aveshagarwal
+- eparis
+- thockin
+title: Fedora (单节点)
+---
+
+<!--
+---
+reviewers:
+- aveshagarwal
+- eparis
+- thockin
+title: Fedora (Single Node)
+---
+-->
+
+{{< toc >}}
+
+<!--
+## Prerequisites
+-->
+
+## 前提条件
+
+<!--
+1. You need 2 or more machines with Fedora installed. These can be either bare metal machines or virtual machines.
+
+## Instructions
+
+This is a getting started guide for Fedora.  It is a manual configuration so you understand all the underlying packages / services / ports, etc...
+
+This guide will only get ONE node (previously minion) working.  Multiple nodes require a functional [networking configuration](/docs/concepts/cluster-administration/networking/) done outside of Kubernetes.  Although the additional Kubernetes configuration requirements should be obvious.
+
+The Kubernetes package provides a few services: kube-apiserver, kube-scheduler, kube-controller-manager, kubelet, kube-proxy.  These services are managed by systemd and the configuration resides in a central location: `/etc/kubernetes`.  We will break the services up between the hosts.  The first host, fed-master, will be the Kubernetes master.  This host will run the kube-apiserver, kube-controller-manager, and kube-scheduler.  In addition, the master will also run _etcd_ (not needed if _etcd_ runs on a different host but this guide assumes that _etcd_ and Kubernetes master run on the same host).  The remaining host, fed-node will be the node and run kubelet, proxy and docker.
+-->
+
+1. 您需要两台或更多机器安装 Fedora。这些机器可以是裸机，也可以是虚拟机。
+
+## 说明
+
+这是 Fedora 的入门指南。配置手工打造，因而需要了解所有底层软件包/服务/端口等等。
+
+本指南只能使一个节点（以前的 minion）工作。多个节点需要在 Kubernetes 之外完成功能性网络配置。尽管额外的 Kubernetes 配置需求是显而易见的。
+
+Kubernetes 包提供了一些服务：kube-apiserver、kube-scheduler、kube-control -manager、kubelet、kube-proxy。这些服务由 systemd 管理，配置位于中心位置：`/etc/kubernetes`。
+我们将打破主机之间的服务。第一个主机，fed-master，将是 Kubernetes 主节点。该主节点将运行 kube-apiserver、kube-control-manager 和 kube-scheduler。
+此外，主服务器还将运行 *etcd* (如果 *etcd* 运行在不同的主机上就不需要了，但是本指南假设 *etcd* 和 Kubernetes 主服务器在同一主机上运行)。剩下的主机，fed-node 将是节点并运行 kubelet、proxy 和 docker。
+
+
+<!--
+**System Information:**
+
+Hosts:
+
+```conf
+fed-master = 192.168.121.9
+fed-node = 192.168.121.65
+```
+
+-->
+
+**系统信息：**
+
+主机:
+
+```conf
+fed-master = 192.168.121.9
+fed-node = 192.168.121.65
+```
+
+<!--
+**Prepare the hosts:**
+
+* Install Kubernetes on all hosts - fed-{master,node}.  This will also pull in docker. Also install etcd on fed-master.  This guide has been tested with Kubernetes-0.18 and beyond.
+* Running on AWS EC2 with RHEL 7.2, you need to enable "extras" repository for yum by editing `/etc/yum.repos.d/redhat-rhui.repo` and changing the `enable=0` to `enable=1` for extras.
+-->
+
+**准备主机：**
+
+* 在所有主机（fed-{master，node}）上安装 Kubernetes 。这同时也会安装 docker。接着在 fed-master 上安装 etcd。本指南已经通过 Kubernetes-0.18 及更高版本的测试。
+* 在使用 RHEL 7.2 的 AWS EC2 上运行时，您需要通过编辑 `/etc/yum.repos.d/redhat-rhui.repo` 和更改 `enable=0to` 为 `enable=1` 来为 yum 启用 “extras” 仓库。
+
+```shell
+dnf -y install kubernetes
+```
+
+<!--
+* Install etcd
+-->
+
+* 安装 etcd
+
+```shell
+dnf -y install etcd
+```
+<!--
+* Add master and node to `/etc/hosts` on all machines (not needed if hostnames already in DNS). Make sure that communication works between fed-master and fed-node by using a utility such as ping.
+-->
+
+* 将主机和节点添加到所有机器上的 `/etc/hosts` (如果主机名已经在 DNS 中，则不需要)。通过使用 ping 等实用程序，确保 fed-master 和 fed-node 之间的通信工作正常。
+
+
+```shell
+echo "192.168.121.9    fed-master
+192.168.121.65    fed-node" >> /etc/hosts
+```
+
+<!--
+* Edit `/etc/kubernetes/config` (which should be the same on all hosts) to set
+the name of the master server:
+
+```shell
+# Comma separated list of nodes in the etcd cluster
+KUBE_MASTER="--master=http://fed-master:8080"
+```
+-->
+
+* 编辑 `/etc/kubernetes/config` （在所有主机上应该是相同的）来设置主服务器的名称:
+
+```shell
+# 逗号分隔的 etcd 群集中的节点列表 
+KUBE_MASTER="--master=http://fed-master:8080"
+```
+
+<!--
+* Disable the firewall on both the master and node, as Docker does not play well with other firewall rule managers.  Please note that iptables.service does not exist on the default Fedora Server install.
+-->
+
+* 禁用主节点和子节点上的防火墙，因为 Docker 与其他防火墙规则管理器不兼容。请注意，默认的 Fedora Server 安装中不存在 iptables.service。
+
+```shell
+systemctl mask firewalld.service
+systemctl stop firewalld.service
+
+systemctl disable iptables.service
+systemctl stop iptables.service
+```
+
+<!--
+**Configure the Kubernetes services on the master.**
+
+* Edit `/etc/kubernetes/apiserver` to appear as such.  The service-cluster-ip-range IP addresses must be an unused block of addresses, not used anywhere else.  They do not need to be routed or assigned to anything.
+-->
+
+**在主服务器上配置 Kubernetes 服务。**
+
+* 编辑 `/etc/kubernetes/apiserver`，包含以下内容。`service-cluster-ip-range` 的 IP 地址必须是未使用的地址块，同时也不能在其他任何地方使用。它们不需要路由或分配给任何东西。
+
+<!--
+```shell
+# The address on the local server to listen to.
+KUBE_API_ADDRESS="--address=0.0.0.0"
+
+# Comma separated list of nodes in the etcd cluster
+KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
+
+# Address range to use for services
+KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
+
+# Add your own!
+KUBE_API_ARGS=""
+```
+-->
+
+```shell
+# 本地服务器上所要监听的地址。
+KUBE_API_ADDRESS="--address=0.0.0.0"
+
+# 逗号在 ETCD 集群分离节点列表 
+KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
+
+# 地址范围内使用的服务 
+KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
+
+# 添加你自己的!
+KUBE_API_ARGS=""
+```
+
+<!--
+* Edit `/etc/etcd/etcd.conf` to let etcd listen on all available IPs instead of 127.0.0.1. If you have not done this, you might see an error such as "connection refused".
+-->
+
+* 编辑 `/etc/etcd/etcd.conf` 让 etcd 监听所有可用的 IP 地址，而不仅仅是 127.0.0.1。如果没有这样做，您可能会看到一个错误，例如 "connection refused"。
+
+```shell
+ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
+```
+
+<!--
+* Start the appropriate services on master:
+-->
+
+* 在主节点上启动适当的服务:
+
+```shell
+for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do
+    systemctl restart $SERVICES
+    systemctl enable $SERVICES
+    systemctl status $SERVICES
+done
+```
+
+<!--
+**Configure the Kubernetes services on the node.**
+
+***We need to configure the kubelet on the node.***
+
+* Edit `/etc/kubernetes/kubelet` to appear as such:
+-->
+
+**在节点上配置 Kubernetes 服务**
+
+***我们需要在节点上配置 kubelet。***
+
+* 编辑 `/etc/kubernetes/kubelet`，加入以下内容：
+
+
+<!--
+```shell
+###
+# Kubernetes kubelet (node) config
+
+# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
+KUBELET_ADDRESS="--address=0.0.0.0"
+
+# You may leave this blank to use the actual hostname
+KUBELET_HOSTNAME="--hostname-override=fed-node"
+
+# location of the api-server
+KUBELET_ARGS="--cgroup-driver=systemd --kubeconfig=/etc/kubernetes/master-kubeconfig.yaml"
+
+```
+-->
+
+
+```shell
+###
+# Kubernetes kubelet（节点）的配置
+
+# info 服务器要服务的地址(设置为 0.0.0.0 或 "" 用于所有接口)
+KUBELET_ADDRESS="--address=0.0.0.0"
+
+# 可以留空，使用实际主机名
+KUBELET_HOSTNAME="--hostname-override=fed-node"
+
+# api-server 的位置 
+KUBELET_ARGS="--cgroup-driver=systemd --kubeconfig=/etc/kubernetes/master-kubeconfig.yaml"
+
+```
+
+<!--
+* Edit `/etc/kubernetes/master-kubeconfig.yaml` to contain the following information:
+-->
+
+* 编辑 `/etc/kubernetes/master-kubeconfig.yaml` 文件，添加以下信息：
+
+```yaml
+kind: Config
+clusters:
+- name: local
+  cluster:
+    server: http://fed-master:8080
+users:
+- name: kubelet
+contexts:
+- context:
+    cluster: local
+    user: kubelet
+  name: kubelet-context
+current-context: kubelet-context
+```
+
+<!--
+* Start the appropriate services on the node (fed-node).
+-->
+
+* 在节点（fed-node）上启动适当的服务。
+
+```shell
+for SERVICES in kube-proxy kubelet docker; do 
+    systemctl restart $SERVICES
+    systemctl enable $SERVICES
+    systemctl status $SERVICES 
+done
+```
+
+<!--
+* Check to make sure now the cluster can see the fed-node on fed-master, and its status changes to _Ready_.
+-->
+* 检查以确保集群在 fed-master 上可以看到 fed-node，并且它的状态更改为 _Ready_。
+
+```shell
+kubectl get nodes
+NAME            STATUS      AGE      VERSION
+fed-node        Ready       4h
+```
+
+<!--
+* Deletion of nodes:
+
+To delete _fed-node_ from your Kubernetes cluster, one should run the following on fed-master (Please do not do it, it is just for information):
+-->
+
+* 删除节点：
+
+要从 Kubernetes 集群中删除 _fed-node_，应该在 fed-master 上运行以下命令（这只是演示用）：
+
+
+```shell
+kubectl delete -f ./node.json
+```
+
+<!--
+*You should be finished!*
+
+**The cluster should be running! Launch a test pod.**
+
+## Support Level
+-->
+
+*到此为止！*
+
+**集群应该正在运行！创建测试 pod。**
+
+## 支持级别
+
+<!--
+IaaS Provider        | Config. Mgmt | OS     | Networking  | Docs                                              | Conforms | Support Level
+
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+Bare-metal           | custom       | Fedora | _none_      | [docs](/docs/getting-started-guides/fedora/fedora_manual_config)            |          | Project
+
+For support level information on all solutions, see the [Table of solutions](/docs/getting-started-guides/#table-of-solutions) chart.
+-->
+
+IaaS 供应商          | 配置管理      | 操作系统| 网络         | 文档                                              | 合规     | 支持级别
+
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+Bare-metal           | custom       | Fedora | _none_      | [文档](/docs/getting-started-guides/fedora/fedora_manual_config)            |          | 项目
+
+有关所有解决方案的支持级别信息，请参见[解决方案表](/docs/getting-started-guides/#table-of-solutions)。
+
+
diff --git a/content/zh/docs/getting-started-guides/fedora/flannel_multi_node_cluster.md b/content/zh/docs/getting-started-guides/fedora/flannel_multi_node_cluster.md
new file mode 100644
index 0000000000000..634167ccc4c21
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/fedora/flannel_multi_node_cluster.md
@@ -0,0 +1,332 @@
+---
+reviewers:
+- dchen1107
+- erictune
+- thockin
+title: Fedora （多节点）
+---
+
+<!--
+---
+reviewers:
+- dchen1107
+- erictune
+- thockin
+title: Fedora (Multi Node)
+---
+-->
+
+{{< toc >}}
+
+<!--
+This document describes how to deploy Kubernetes on multiple hosts to set up a multi-node cluster and networking with flannel. Follow fedora [getting started guide](/docs/getting-started-guides/fedora/fedora_manual_config/) to setup 1 master (fed-master) and 2 or more nodes. Make sure that all nodes have different names (fed-node1, fed-node2 and so on) and labels (fed-node1-label, fed-node2-label, and so on) to avoid any conflict. Also make sure that the Kubernetes master host is running etcd, kube-controller-manager, kube-scheduler, and kube-apiserver services, and the nodes are running docker, kube-proxy and kubelet services. Now install flannel on Kubernetes nodes. Flannel on each node configures an overlay network that docker uses. Flannel runs on each node to setup a unique class-C container network.
+-->
+本文档描述了如何在多个主机上部署 Kubernetes 来建立一个多节点集群和 flannel 网络。遵循 fedora 入门指南设置 1 个主节点 （fed-master）
+ 和 2 个或更多节点。确保所有节点具有不同的名称（fed-node1、fed-node2 等等）和标签（fed-node1-label、fed-node2-label 等等），以避免
+任何冲突。还要确保 Kubernetes 主节点主机正在运行 etcd、kube-controller-manager、kube-scheduler 和 kube-apiserver 服务，节点正在
+ 运行 docker、kube-proxy 和 kubelet 服务。现在在 Kubernetes 节点上安装 flannel。每个节点上的 flannel 配置 docker 使用的 overlay  网络。
+ Flannel 在每个节点上运行，以设置一个唯一的 class-C 容器网络。
+
+<!--
+## Prerequisites
+-->
+
+## 前提条件
+
+<!--
+You need 2 or more machines with Fedora installed.
+-->
+安装 Fedora 您需要两台或更多机器。
+
+<!--
+## Master Setup
+-->
+
+## 主节点设置
+
+<!--
+**Perform following commands on the Kubernetes master**
+
+* Configure flannel by creating a `flannel-config.json` in your current directory on fed-master. Flannel provides udp and vxlan among other overlay networking backend options. In this guide, we choose kernel based vxlan backend. The contents of the json are:
+-->
+
+**在 Kubernetes 主节点上执行以下命令**
+
+* 在您当前的目录上的 fed-master 中通过创建一个 `flannel-config.json` 来配置 flannel。Flannel 在其他 overlay 网络后端选项中提供 udp 和 vxlan 。在本指南中，我们选择基于内核的 vxlan 后端。json 的内容为：
+
+```json
+{
+    "Network": "18.16.0.0/16",
+    "SubnetLen": 24,
+    "Backend": {
+        "Type": "vxlan",
+        "VNI": 1
+     }
+}
+```
+
+{{< note >}}
+
+<!--
+Choose an IP range that is *NOT* part of the public IP address range.
+-->
+选择一个不在公共 IP 地址范围内的 IP 范围。
+
+{{< /note >}}
+
+<!--
+Add the configuration to the etcd server on fed-master.
+-->
+将配置添加到 fed-master 上的 etcd 服务器。
+
+```shell
+etcdctl set /coreos.com/network/config < flannel-config.json
+```
+
+<!--
+* Verify that the key exists in the etcd server on fed-master.
+-->
+
+* 验证 fed-master 上的 etcd 服务器中是否存在该密钥。
+
+```shell
+etcdctl get /coreos.com/network/config
+```
+
+<!--
+## Node Setup
+-->
+
+## 节点设置
+
+<!--
+**Perform following commands on all Kubernetes nodes**
+-->
+
+**在所有 Kubernetes 节点上执行以下命令**
+
+<!--
+Install the flannel package
+-->
+
+安装 flannel 包
+
+```shell
+# dnf -y install flannel
+```
+
+<!--
+Edit the flannel configuration file /etc/sysconfig/flanneld as follows:
+-->
+
+编辑 flannel 配置文件 /etc/sysconfig/flanneld，如下所示：
+
+<!--
+# Flanneld configuration options
+
+# etcd url location.  Point this to the server where etcd runs
+
+# etcd config key.  This is the configuration key that flannel queries
+# For address range assignment
+
+# Any additional options that you want to pass
+-->
+
+```shell
+# Flanneld 配置选项
+
+# etcd url 位置，将此指向 etcd 运行的服务器
+FLANNEL_ETCD="http://fed-master:2379"
+
+# etcd 配置的键。这是 flannel 查询的配置键
+# 用于地址范围分配
+FLANNEL_ETCD_KEY="/coreos.com/network"
+
+# 您想要传递的任何附加选项
+FLANNEL_OPTIONS=""
+```
+
+{{< note >}}
+
+<!--
+By default, flannel uses the interface for the default route. If you have multiple interfaces and would like to use an interface other than the default route one, you could add "-iface=" to FLANNEL_OPTIONS. For additional options, run `flanneld --help` on command line.
+-->
+默认情况下，flannel 使用默认路由的接口。如果您有多个接口并且想要使用默认路由以外的接口，则可以将 "-iface=" 添加到 FLANNEL_OPTIONS。有关其他选项，请在命令行上运行 `flanneld --help`。
+
+{{< /note >}}
+
+<!--
+Enable the flannel service.
+-->
+启用 flannel 服务。
+
+```shell
+systemctl enable flanneld
+```
+
+<!--
+If docker is not running, then starting flannel service is enough and skip the next step.
+-->
+如果 docker 没有运行，那么启动 flannel 服务就足够了，跳过下一步。
+
+```shell
+systemctl start flanneld
+```
+
+<!--
+If docker is already running, then stop docker, delete docker bridge (docker0), start flanneld and restart docker as follows. Another alternative is to just reboot the system (`systemctl reboot`).
+-->
+如果 docker 已经运行，则停止 docker，删除 docker bridge（docker0），启动 flanneld 并重新启动 docker，如下所示。另一种方法是重启系统（systemctl reboot）。
+
+```shell
+systemctl stop docker
+ip link delete docker0
+systemctl start flanneld
+systemctl start docker
+```
+
+<!--
+## Test the cluster and flannel configuration
+-->
+
+## 测试集群和 flannel 配置
+
+<!--
+Now check the interfaces on the nodes. Notice there is now a flannel.1 interface, and the ip addresses of docker0 and flannel.1 interfaces are in the same network. You will notice that docker0 is assigned a subnet (18.16.29.0/24 as shown below) on each Kubernetes node out of the IP range configured above. A working output should look like this:
+-->
+现在检查节点上的接口。请注意，现在有一个 flannel.1 接口，docker0 和 flannel.1 接口的 ip 地址在同一个网络中。您会注意到 docker0 在上面配置的 IP 范围之外的每个 Kubernetes 节点上分配了一个子网（18.16.29.0/24，如下所示）。 正常运行的输出应如下所示：
+
+
+```shell
+# ip -4 a|grep inet
+    inet 127.0.0.1/8 scope host lo
+    inet 192.168.122.77/24 brd 192.168.122.255 scope global dynamic eth0
+    inet 18.16.29.0/16 scope global flannel.1
+    inet 18.16.29.1/24 scope global docker0
+```
+
+<!--
+From any node in the cluster, check the cluster members by issuing a query to etcd server via curl (only partial output is shown using `grep -E "\{|\}|key|value"`). If you set up a 1 master and 3 nodes cluster, you should see one block for each node showing the subnets they have been assigned. You can associate those subnets to each node by the MAC address (VtepMAC) and IP address (Public IP) that is listed in the output.
+-->
+从集群中的任何节点，通过 curl 向 etcd 服务器发出查询来检查集群成员(仅显示部分输出 `grep -E "\{|\}|key|value`)。如果您设置了 1 个主节点和 3 个节点集群，您应该会看到每个节点都有一个块，显示分配给它们的子网。您可以通过输出中列出的 MAC 地址（VtepMAC）和 IP 地址(公共 IP) 将这些子网关联到每个节点。
+
+```shell
+curl -s http://fed-master:2379/v2/keys/coreos.com/network/subnets | python -mjson.tool
+```
+
+```json
+{
+    "node": {
+        "key": "/coreos.com/network/subnets",
+            {
+                "key": "/coreos.com/network/subnets/18.16.29.0-24",
+                "value": "{\"PublicIP\":\"192.168.122.77\",\"BackendType\":\"vxlan\",\"BackendData\":{\"VtepMAC\":\"46:f1:d0:18:d0:65\"}}"
+            },
+            {
+                "key": "/coreos.com/network/subnets/18.16.83.0-24",
+                "value": "{\"PublicIP\":\"192.168.122.36\",\"BackendType\":\"vxlan\",\"BackendData\":{\"VtepMAC\":\"ca:38:78:fc:72:29\"}}"
+            },
+            {
+                "key": "/coreos.com/network/subnets/18.16.90.0-24",
+                "value": "{\"PublicIP\":\"192.168.122.127\",\"BackendType\":\"vxlan\",\"BackendData\":{\"VtepMAC\":\"92:e2:80:ba:2d:4d\"}}"
+            }
+    }
+}
+```
+
+<!--
+From all nodes, review the `/run/flannel/subnet.env` file.  This file was generated automatically by flannel.
+-->
+从所有节点，查看 `/run/flannel/subnet.env` 文件。这个文件是由 flannel 自动生成的。
+
+```shell
+# cat /run/flannel/subnet.env
+FLANNEL_SUBNET=18.16.29.1/24
+FLANNEL_MTU=1450
+FLANNEL_IPMASQ=false
+```
+
+<!--
+At this point, we have etcd running on the Kubernetes master, and flannel / docker running on Kubernetes nodes. Next steps are for testing cross-host container communication which will confirm that docker and flannel are configured properly.
+-->
+此时，我们在 Kubernetes 主节点上运行了 etcd，在 Kubernetes 节点上运行了 flannel / docker。接下来的步骤是测试跨主机容器通信，这将确认 docker 和 flannel 配置正确。
+
+<!--
+Issue the following commands on any 2 nodes:
+-->
+在任意两个节点上发出以下命令:
+
+```shell
+# docker run -it fedora:latest bash
+bash-4.3# 
+```
+
+<!--
+This will place you inside the container. Install iproute and iputils packages to install ip and ping utilities. Due to a [bug](https://bugzilla.redhat.com/show_bug.cgi?id=1142311), it is required to modify capabilities of ping binary to work around "Operation not permitted" error.
+-->
+您将会进入容器中。安装 iproute 和 iputils 包来安装 ip 和 ping 实用程序。由于一个[错误](https://bugzilla.redhat.com/show_bug.cgi?id=1142311)，需要修改 ping 二进制文件的功能来处理"操作不允许"错误。
+
+```shell
+bash-4.3# dnf -y install iproute iputils
+bash-4.3# setcap cap_net_raw-ep /usr/bin/ping
+```
+
+<!--
+Now note the IP address on the first node:
+-->
+现在记下第一个节点上的 IP 地址：
+
+```shell
+bash-4.3# ip -4 a l eth0 | grep inet
+    inet 18.16.29.4/24 scope global eth0
+```
+
+<!--
+And also note the IP address on the other node:
+-->
+还要注意另一个节点上的 IP 地址：
+
+```shell
+bash-4.3# ip a l eth0 | grep inet
+    inet 18.16.90.4/24 scope global eth0
+```
+
+<!--
+Now ping from the first node to the other node:
+-->
+现在从第一个节点 ping 到另一个节点：
+
+```shell
+bash-4.3# ping 18.16.90.4
+PING 18.16.90.4 (18.16.90.4) 56(84) bytes of data.
+64 bytes from 18.16.90.4: icmp_seq=1 ttl=62 time=0.275 ms
+64 bytes from 18.16.90.4: icmp_seq=2 ttl=62 time=0.372 ms
+```
+
+<!--
+Now Kubernetes multi-node cluster is set up with overlay networking set up by flannel.
+-->
+现在，Kubernetes 多节点集群通过 flannel 设置 overlay 网络。
+
+<!--
+## Support Level
+-->
+
+## 支持级别
+
+<!--
+IaaS Provider        | Config. Mgmt | OS     | Networking  | Docs                                              | Conforms | Support Level
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+Bare-metal           | custom       | Fedora | flannel     | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/)      |          | Community ([@aveshagarwal](https://github.com/aveshagarwal))
+libvirt              | custom       | Fedora | flannel     | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/)      |          | Community ([@aveshagarwal](https://github.com/aveshagarwal))
+KVM                  | custom       | Fedora | flannel     | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/)      |          | Community ([@aveshagarwal](https://github.com/aveshagarwal))
+-->
+
+IaaS 供应商           | 配置 管理    | 系统    | 网络        | 文档                                              | 标准 | 支持级别
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+Bare-metal           | custom       | Fedora | flannel     | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/)      |          | Community ([@aveshagarwal](https://github.com/aveshagarwal))
+libvirt              | custom       | Fedora | flannel     | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/)      |          | Community ([@aveshagarwal](https://github.com/aveshagarwal))
+KVM                  | custom       | Fedora | flannel     | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/)      |          | Community ([@aveshagarwal](https://github.com/aveshagarwal))
+
+
+
diff --git a/content/zh/docs/getting-started-guides/ubuntu.md b/content/zh/docs/getting-started-guides/ubuntu.md
new file mode 100644
index 0000000000000..ae93616dfc61f
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu.md
@@ -0,0 +1,63 @@
+---
+title: 在 Ubuntu 上运行 Kubernetes
+content_template: templates/concept
+---
+<!--
+---
+title: Kubernetes on Ubuntu
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+<!--
+There are multiple ways to run a Kubernetes cluster with Ubuntu on public and private clouds, as well as bare metal.
+-->
+有多种方法可以在公有云、私有云以及裸金属上运行基于 Ubuntu 的 Kubernetes 集群。
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+## The Charmed Distribution of Kubernetes(CDK)
+-->
+## Kubernetes Charmed 发行版（CDK）
+
+<!--
+[CDK](https://www.ubuntu.com/cloud/kubernetes) is a distribution of Kubernetes packaged as a bundle of *charms* for Juju, the open source application modeller.
+-->
+[CDK](https://www.ubuntu.com/cloud/kubernetes) 是 Kubernetes 的一个发行版，作为开源应用程序建模器 Juju 的一组 *charms*。
+
+<!--
+CDK is the latest version of Kubernetes with upstream binaries, packaged in a format which makes it fast and easy to deploy. It supports various public and private clouds including AWS, GCE, Azure, Joyent, OpenStack, VMware, Bare Metaland localhost deployments.
+-->
+CDK 是附带了上游二进制文件的 Kubernetes 最新发行版，采用了一种支持快速简单部署的打包格式。它支持各种公有云和私有云，包括 AWS，GCE，Azure，Joyent，OpenStack，VMware 以及 Bare Metaland 本地部署。
+
+<!--
+See the [Official documentation](https://www.ubuntu.com/kubernetes/docs) for more information.
+-->
+请参阅[官方文档](https://www.ubuntu.com/kubernetes/docs)获取详细信息。
+
+<!--
+## MicroK8s
+-->
+## MicroK8s
+
+<!--
+[MicroK8s](https://microk8s.io) is a minimal install of Kubernetes designed to run locally.
+-->
+[MicroK8s](https://microk8s.io) 是 Kubernetes 的最小安装，旨在在本地运行。
+<!--
+It can be installed on Ubuntu (or any snap enabled operating system) with the command:
+-->
+它可以使用以下命令安装在 Ubuntu（或任何支持 snap 的操作系统）上：
+
+```shell
+snap install microk8s --classic
+```
+
+<!--
+Full documentation is available on the [MicroK8s website](https://microk8s.io/docs)
+-->
+[MicroK8s 网站](https://microk8s.io/docs)上提供了完整的文档。
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/_index.md b/content/zh/docs/getting-started-guides/ubuntu/_index.md
new file mode 100644
index 0000000000000..e3c8a54e9fdd8
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/_index.md
@@ -0,0 +1,140 @@
+---
+title: Ubuntu 上运行 Kubernetes
+content_template: templates/concept
+---
+
+<!-- ---
+title: Kubernetes on Ubuntu
+content_template: templates/concept
+--- -->
+{{% capture overview %}}
+<!-- There are multiple ways to run a Kubernetes cluster with Ubuntu. These pages explain how to deploy Kubernetes on Ubuntu on multiple public and private clouds, as well as bare metal. -->
+
+使用 Ubuntu 运行 Kubernetes 集群有多种方法。 这些页面阐释了如何在多种公共云、私有云和裸机的 Ubuntu 上部署 Kubernetes。
+{{% /capture %}}
+
+{{% capture body %}}
+<!-- ## Official Ubuntu Guides
+
+- [The Canonical Distribution of Kubernetes](https://www.ubuntu.com/cloud/kubernetes)
+
+The latest version of Kubernetes with upstream binaries. Supports AWS, GCE, Azure, Joyent, OpenStack, VMware, Bare Metal and localhost deployments.
+ -->
+## 官方 Ubuntu 指南
+
+- [Kubernetes 的 Canonical 发行版](https://www.ubuntu.com/cloud/kubernetes)
+
+最新版 Kubernetes 上游二进制文件。 支持 AWS、GCE、Azure、Joyent、OpenStack、VMware、裸机和 localhost 部署。
+
+<!-- ### Quick Start
+
+[conjure-up](http://conjure-up.io/) provides the quickest way to deploy Kubernetes on Ubuntu for multiple clouds and bare metal. It provides a user-friendly UI that prompts you for cloud credentials and configuration options
+
+Available for Ubuntu 16.04 and newer: -->
+### 快速入门
+
+[conjure-up](http://conjure-up.io/) 提供了在多种云和裸机的 Ubuntu 上部署 Kubernetes 的最快方法。它提供了用户友好的界面，提示您提供云凭据和配置选项
+
+适用于 Ubuntu 16.04 及更高版本:
+<!-- 
+```
+sudo snap install conjure-up --classic
+# re-login may be required at that point if you just installed snap utility
+conjure-up kubernetes
+```
+-->
+```
+sudo snap install conjure-up --classic
+# 如果您刚刚安装了 snap 工具，可能需要重新登录。
+conjure-up kubernetes
+```
+
+<!-- As well as Homebrew for macOS: -->
+
+以及用于 macOS 的 Homebrew：
+
+```
+brew install conjure-up
+conjure-up kubernetes
+```
+
+<!-- ### Operational Guides
+
+These are more in-depth guides for users choosing to run Kubernetes in production:
+
+  - [Installation](/docs/getting-started-guides/ubuntu/installation/)
+  - [Validation](/docs/getting-started-guides/ubuntu/validation/)
+  - [Backups](/docs/getting-started-guides/ubuntu/backups/)
+  - [Upgrades](/docs/getting-started-guides/ubuntu/upgrades/)
+  - [Scaling](/docs/getting-started-guides/ubuntu/scaling/)
+  - [Logging](/docs/getting-started-guides/ubuntu/logging/)
+  - [Monitoring](/docs/getting-started-guides/ubuntu/monitoring/)
+  - [Networking](/docs/getting-started-guides/ubuntu/networking/)
+  - [Security](/docs/getting-started-guides/ubuntu/security/)
+  - [Storage](/docs/getting-started-guides/ubuntu/storage/)
+  - [Troubleshooting](/docs/getting-started-guides/ubuntu/troubleshooting/)
+  - [Decommissioning](/docs/getting-started-guides/ubuntu/decommissioning/)
+  - [Operational Considerations](/docs/getting-started-guides/ubuntu/operational-considerations/)
+  - [Glossary](/docs/getting-started-guides/ubuntu/glossary/) -->
+
+### 操作指南
+
+这些是用户在生产中运行 Kubernetes 的更深入的指南：
+
+  - [安装](/docs/getting-started-guides/ubuntu/installation/)
+  - [验证](/docs/getting-started-guides/ubuntu/validation/)
+  - [备份](/docs/getting-started-guides/ubuntu/backups/)
+  - [升级](/docs/getting-started-guides/ubuntu/upgrades/)
+  - [缩放](/docs/getting-started-guides/ubuntu/scaling/)
+  - [日志](/docs/getting-started-guides/ubuntu/logging/)
+  - [监控](/docs/getting-started-guides/ubuntu/monitoring/)
+  - [网络](/docs/getting-started-guides/ubuntu/networking/)
+  - [安全](/docs/getting-started-guides/ubuntu/security/)
+  - [存储](/docs/getting-started-guides/ubuntu/storage/)
+  - [故障排除](/docs/getting-started-guides/ubuntu/troubleshooting/)
+  - [退役](/docs/getting-started-guides/ubuntu/decommissioning/)
+  - [操作因素](/docs/getting-started-guides/ubuntu/operational-considerations/)
+  - [词汇表](/docs/getting-started-guides/ubuntu/glossary/)
+
+
+<!-- ## Third-party Product Integrations
+
+  - [Rancher](/docs/getting-started-guides/ubuntu/rancher/)
+
+## Developer Guides
+
+  - [Localhost using LXD](/docs/getting-started-guides/ubuntu/local/) -->
+
+## 第三方产品集成
+
+  - [Rancher](/docs/getting-started-guides/ubuntu/rancher/)
+
+## 开发者指南
+
+  - [Localhost 使用 LXD](/docs/getting-started-guides/ubuntu/local/)
+
+<!-- ## Where to find us
+
+We're normally following the following Slack channels:
+
+- [kubernetes-users](https://kubernetes.slack.com/messages/kubernetes-users/)
+- [kubernetes-novice](https://kubernetes.slack.com/messages/kubernetes-novice/)
+- [sig-cluster-lifecycle](https://kubernetes.slack.com/messages/sig-cluster-lifecycle/)
+- [sig-cluster-ops](https://kubernetes.slack.com/messages/sig-cluster-ops/)
+- [sig-onprem](https://kubernetes.slack.com/messages/sig-onprem/)
+
+and we monitor the Kubernetes mailing lists. -->
+
+## 如何找到我们
+
+我们通常关注以下 Slack 频道：
+
+- [kubernetes-users](https://kubernetes.slack.com/messages/kubernetes-users/)
+- [kubernetes-novice](https://kubernetes.slack.com/messages/kubernetes-novice/)
+- [sig-cluster-lifecycle](https://kubernetes.slack.com/messages/sig-cluster-lifecycle/)
+- [sig-cluster-ops](https://kubernetes.slack.com/messages/sig-cluster-ops/)
+- [sig-onprem](https://kubernetes.slack.com/messages/sig-onprem/)
+
+而且我们会查看 Kubernetes 邮件列表。
+{{% /capture %}}
+
diff --git a/content/zh/docs/getting-started-guides/ubuntu/backups.md b/content/zh/docs/getting-started-guides/ubuntu/backups.md
new file mode 100644
index 0000000000000..7fa1213a5da5e
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/backups.md
@@ -0,0 +1,189 @@
+---
+title: 备份
+content_template: templates/task
+---
+
+{{% capture overview %}}
+
+<!-- The state of a Kubernetes cluster is kept in the etcd datastore.
+This page shows how to backup and restore the etcd shipped with
+the Canonical Distribution of Kubernetes. Backing up application specific data,
+normally stored in a persistent volume, is outside the scope of this
+document. -->
+Kubernetes 集群的状态信息保存在 etcd 数据库中。
+本文将要展示如何对 Canonical 发行版的 Kubernetes 中所带有的 etcd 进行备份和恢复。
+至于如何对通常保存在持久卷上的应用数据进行备份，超出了本文的讨论范围。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!-- This page assumes you have a working Juju deployed cluster. -->
+本文假设您有一个 Juju 部署的集群。
+{{% /capture %}}
+
+{{% capture steps %}}
+<!-- ## Snapshot etcd data -->
+## 快照 etcd 中的数据
+
+<!-- The `snapshot` action of the etcd charm allows the operator to snapshot
+a running cluster's data for use in cloning,
+backing up, or migrating to a new cluster.
+
+    juju run-action etcd/0 snapshot
+
+This will create a snapshot in `/home/ubuntu/etcd-snapshots` by default. -->
+
+etcd charm 的 `snapshot` 操作能够让操作员给正在运行的集群数据建立快照，快照数据可用于复制、备份或者迁移到一个新的集群中。
+
+    juju run-action etcd/0 snapshot
+
+这条命令会在 `/home/ubuntu/etcd-snapshots` 默认路径下建立一个快照。
+
+<!-- ## Restore etcd data -->
+## 恢复 etcd 数据
+
+<!-- The etcd charm is capable of restoring its data from a cluster-data snapshot
+via the `restore` action.
+This comes with caveats and a very specific path to restore a cluster:
+The cluster must be in a state of only having a single member. So it's best to
+deploy a new cluster using the etcd charm, without adding any additional units. -->
+
+etcd charm 能够通过 `restore` 操作从一个集群数据快照中恢复集群数据。
+这里有些注意事项，而且是恢复集群的唯一办法：集群当前只能有一个成员。
+所以最好是使用 etcd charm 来部署一个新的集群，而不必添加任何新的单元。
+
+```
+juju deploy etcd new-etcd
+```
+
+<!-- The above code snippet will deploy a single unit of etcd, as 'new-etcd' -->
+上面的命令将会部署一个单独的 etcd 单元，'new-etcd'。
+
+```
+juju run-action etcd/0 restore target=/mnt/etcd-backups
+```
+
+<!-- Once the restore action has completed, evaluate the cluster health. If the unit
+is healthy, you may resume scaling the application to meet your needs.
+
+- **param** target: destination directory to save the existing data.
+- **param** skip-backup: Don't backup any existing data. -->
+
+当恢复操作完成后，评估一下集群的健康状态。如果集群运行良好，就可以按照您的需求来扩展应用程序规模。
+
+- **参数** target: 保存现有数据的目的路径。
+- **参数** skip-backup: 不要备份任何现有的数据。
+
+
+<!-- ## Migrating an etcd cluster
+Using the above snapshot and restore operations, migrating etcd is a fairly easy task. -->
+
+## 迁移 etcd 集群
+通过使用上述的 `snapshot` 和 `restore` 操作，就能很容易地迁移 etcd 集群。
+
+<!-- **Step 1:** Snapshot your existing cluster. This is encapsulated in the `snapshot` action. -->
+**第一步：** 给现有的集群建立快照。这个已经封装在 `snapshot` 操作中。
+
+```
+juju run-action etcd/0 snapshot
+```
+
+<!-- Results: -->
+结果：
+
+```
+Action queued with id: b46d5d6f-5625-4320-8cda-b611c6ae580c
+```
+
+<!-- **Step 2:** Check the status of the action so you can grab the snapshot and verify
+the sum. The `copy.cmd` result output is a copy/paste command for you to download
+the exact snapshot that you just created. -->
+**第二步：** 检查操作状态，以便您能抓取快照并且验证校验和。
+您可以直接使用 `copy.cmd` 中的结果来下载您刚刚创建的快照数据，`copy.cmd` 中的结果可以直接复制/粘贴使用。
+
+<!-- Download the snapshot archive from the unit that created the snapshot and verify the sha256 sum -->
+从节点上下载刚刚创建的快照数据并且验证 sha256sum 校验和
+
+```
+juju show-action-output b46d5d6f-5625-4320-8cda-b611c6ae580c
+```
+
+<!-- Results: -->
+结果：
+
+```
+results:
+  copy:
+    cmd: juju scp etcd/0:/home/ubuntu/etcd-snapshots/etcd-snapshot-2016-11-09-02.41.47.tar.gz
+      .
+  snapshot:
+    path: /home/ubuntu/etcd-snapshots/etcd-snapshot-2016-11-09-02.41.47.tar.gz
+    sha256: 1dea04627812397c51ee87e313433f3102f617a9cab1d1b79698323f6459953d
+    size: 68K
+status: completed
+```
+
+<!-- Copy the snapshot to the local disk and then check the sha256sum. -->
+将数据快照拷到本地，然后检查 sha256sum。
+
+```
+juju scp etcd/0:/home/ubuntu/etcd-snapshots/etcd-snapshot-2016-11-09-02.41.47.tar.gz .
+sha256sum etcd-snapshot-2016-11-09-02.41.47.tar.gz
+```
+
+<!-- **Step 3:** Deploy the new cluster leader, and attach the snapshot: -->
+**第三步：** 部署新的集群 leader 节点，并加载快照数据：
+
+```
+juju deploy etcd new-etcd --resource snapshot=./etcd-snapshot-2016-11-09-02.41.47.tar.gz
+```
+
+<!-- **Step 4:** Reinitialize the master with the data from the resource we just attached in step 3. -->
+**第四步：** 使用在第三步中的快照数据来重新初始化 master：
+
+```
+juju run-action new-etcd/0 restore
+```
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+<!-- ## Known Limitations -->
+## 已知的局限
+
+<!-- #### Loss of PKI warning -->
+#### 丢失 PKI 警告
+
+<!-- If you destroy the leader - identified with the `*` text next to the unit number in status:
+all TLS pki will be lost. No PKI migration occurs outside
+of the units requesting and registering the certificates. -->
+
+如果销毁了 leader - 在状态栏通过 `*` 来标识，那么所有的 TLS pki 警告都将会丢失。
+在请求和注册证书的单元之外，将不会有 PKI 迁移发生。
+
+{{< caution >}}
+
+<!-- **Caution:**  Mismanaging this configuration will result in locking yourself
+out of the cluster, and can potentially break existing deployments in very
+strange ways relating to x509 validation of certificates, which affects both
+servers and clients. -->
+**警告：** 如果误管理这项配置，将会导致您无法从外部访问集群，
+并且很可能会破坏现有的部署，出现 x509 证书验证相关的异常问题，这些都会对服务器和客户端造成影响。
+
+{{< /caution >}}
+
+<!-- #### Restoring from snapshot on a scaled cluster -->
+#### 在一个已经扩展的集群上进行快照数据恢复
+
+<!-- Restoring from a snapshot on a scaled cluster will result in a broken cluster.
+Etcd performs clustering during unit turn-up, and state is stored in Etcd itself.
+During the snapshot restore phase, a new cluster ID is initialized, and peers
+are dropped from the snapshot state to enable snapshot restoration. Please
+follow the migration instructions above in the restore action description. -->
+
+在一个已经扩展的集群上进行快照数据恢复，将会导致集群损坏。
+etcd 在节点启动时开始集群管理，并且将状态保存在 etcd 中。
+在快照数据的恢复阶段，会初始化一个新的集群 ID，并且丢弃其它 peer 节点以保证快照数据的恢复。
+请严格遵照上述集群迁移中的恢复操作来进行操作。
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/decommissioning.md b/content/zh/docs/getting-started-guides/ubuntu/decommissioning.md
new file mode 100644
index 0000000000000..9956c0f84c107
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/decommissioning.md
@@ -0,0 +1,103 @@
+---
+title: 销毁
+content_template: templates/task
+---
+
+
+<!-- ---
+title: Decommissioning
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+<!-- This page shows you how to properly decommission a cluster. -->
+本页将展示如何销毁一个集群。
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+<!-- This page assumes you have a working Juju deployed cluster. -->
+本页假设有一个使用 Juju 部署的、正在运行的集群。
+
+{{< warning >}}
+<!-- By the time you've reached this step you should have backed up your workloads and pertinent data; this section is for the complete destruction of a cluster. -->
+当您到达这一步时，您应该已经对集群的相关内容进行了备份；这部分将彻底销毁一个集群。
+{{< /warning >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+<!-- ## Destroy the Juju model -->
+## 破坏 Juju 模型
+
+<!-- It is recommended to deploy individual Kubernetes clusters in their own models, so that there is a clean separation between environments. To remove a cluster first find out which model it's in with `juju list-models`. The controller reserves an `admin` model for itself. If you have chosen to not name your model it might show up as `default`. -->
+
+建议使用各自的模型来相应地部署 Kubernetes 集群，
+以便各个环境之间能够界限分明。
+如果想要删除一个集群，首先需要通过 `juju list-models` 命令找到其对应的模型。
+控制器为其自身预留了 `admin` 这个模型。
+如果没有命名模型，则模型名可能会显示为 `default`。
+
+```
+$ juju list-models
+Controller: aws-us-east-2
+
+Model       Cloud/Region   Status     Machines  Cores  Access  Last connection
+controller  aws/us-east-2  available         1      2  admin   just now
+my-kubernetes-cluster*    aws/us-east-2  available        12     22  admin   2 minutes ago
+```
+
+<!-- You can then destroy the model, which will in turn destroy the cluster inside of it: -->
+销毁模型，模型内的集群也随之被销毁：
+
+    juju destroy-model my-kubernetes-cluster
+
+```
+$ juju destroy-model my-kubernetes-cluster
+WARNING! This command will destroy the "my-kubernetes-cluster" model.
+This includes all machines, applications, data and other resources.
+
+Continue [y/N]? y
+Destroying model
+Waiting on model to be removed, 12 machine(s), 10 application(s)...
+Waiting on model to be removed, 12 machine(s), 9 application(s)...
+Waiting on model to be removed, 12 machine(s), 8 application(s)...
+Waiting on model to be removed, 12 machine(s), 7 application(s)...
+Waiting on model to be removed, 12 machine(s)...
+Waiting on model to be removed...
+$
+```
+
+<!-- This will destroy and decommission all nodes. You can confirm all nodes are destroyed by running `juju status`. -->
+这将会彻底破坏并销毁所有节点。
+运行 `juju status` 命令可以确认所有节点是否已经被销毁。
+
+<!-- If you're using a public cloud this will terminate the instances. If you're on bare metal using MAAS this will release the nodes, optionally wipe the disk, power off the machines, and return them to available pool of machines to deploy from. -->
+如果使用的是公有云，命令将会终止所有的实例。
+如果使用的是 MAAS 裸机，命令将会释放所有的节点，（可能）清空磁盘，关闭机器，
+然后将节点资源返回到可用的机器池中。
+
+<!-- ## Cleaning up the Controller -->
+## 清理控制器
+
+<!-- If you're not using the controller for anything else, you will also need to remove the controller instance: -->
+如果控制器没有其它的用途，还需要删除控制器实例：
+
+```
+$ juju list-controllers
+Use --refresh flag with this command to see the latest information.
+
+Controller      Model  User   Access     Cloud/Region   Models  Machines    HA  Version
+aws-us-east-2*  -      admin  superuser  aws/us-east-2       2         1  none  2.0.1
+
+$ juju destroy-controller aws-us-east-2
+WARNING! This command will destroy the "aws-us-east-2" controller.
+This includes all machines, applications, data and other resources.
+
+Continue? (y/N):y
+Destroying controller
+Waiting for hosted model resources to be reclaimed
+All hosted models reclaimed, cleaning up controller machines
+$
+```
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/glossary.md b/content/zh/docs/getting-started-guides/ubuntu/glossary.md
new file mode 100644
index 0000000000000..43528245ab251
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/glossary.md
@@ -0,0 +1,50 @@
+---
+title: 词汇与术语
+content_template: templates/concept
+---
+
+<!--
+---
+title: Glossary and Terminology
+content_template: templates/concept
+---
+-->
+
+<!--
+{{% capture overview %}}
+This page explains some of the terminology used in deploying Kubernetes with Juju.
+{{% /capture %}}
+
+{{% capture body %}}
+-->
+
+{{％capture overview％}}
+本页介绍了用 Juju 部署 Kubernetes 时使用的一些术语。
+{{％/ capture％}}
+
+{{％capture body％}}
+
+<!--
+**controller** - The management node of a cloud environment. Typically you have one controller per cloud region, or more in HA environments. The controller is responsible for managing all subsequent models in a given environment. It contains the Juju API server and its underlying database.
+
+**model** - A collection of charms and their relationships that define a deployment. This includes machines and units. A controller can host multiple models. It is recommended to separate Kubernetes clusters into individual models for management and isolation reasons.
+
+**charm** - The definition of a service, including its metadata, dependencies with other services, required packages, and application management logic. It contains all the operational knowledge of deploying a Kubernetes cluster. Included charm examples are  `kubernetes-core`, `easyrsa`, `flannel`, and `etcd`.
+
+**unit** - A given instance of a service. These may or may not use up a whole machine, and may be colocated on the same machine. So for example you might have a `kubernetes-worker`, and `etcd`, and `easyrsa` units running on a single machine, but they are three distinct units of different services.
+
+**machine** - A physical node, these can either be bare metal nodes, or virtual machines provided by a cloud.
+{{% /capture %}}
+-->
+
+**controller** - 云环境的管理节点。通常，每个域(Region)都有一个 controller，在高可用环境中有更多 controller。每个 controller 负责管理给定环境中的所有后续 model。Controller 中包含 Juju API 服务器及其底层数据库。
+
+**model** - 定义 Deployments 的一系列 charms 及其关系的集合。model 之中包括 machine 和更小的 unit。每个 controller 可以托管多个 model。出于管理和隔离的原因，建议将 Kubernetes 集群分成独立的 model。
+
+**charm** - 每个 charm 对应一个 Service 的定义，包括其元数据、与其他服务间的依赖关系、所需的包和应用管理逻辑。
+其中包含部署 Kubernetes 集群的所有操作知识。内置的 charms 例子有 `kubernetes-core`、`easyrsa`、`flannel` 和 `etcd` 等。
+
+**unit** - 对应某 Service 的给定实例。每个 unit 可能会也可能不会耗尽某指定机器上的所有资源。多个 unit 可能部署在同一台机器上。例如，您可能在一台机器上运行 `kubernetes-worker` 和 `etcd` 以及 `easyrsa` unit，但它们是基于不同服务的三个独立的 unit。
+
+**machine** - 物理节点，可以是裸机节点，也可以是云提供商提供的虚拟机。
+{{％/ capture％}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/installation.md b/content/zh/docs/getting-started-guides/ubuntu/installation.md
new file mode 100644
index 0000000000000..93d61d742412e
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/installation.md
@@ -0,0 +1,542 @@
+---
+reviewers:
+- caesarxuchao
+- erictune
+title: 用 Juju 搭建 Kubernetes
+content_template: templates/task
+---
+
+<!-- ---
+reviewers:
+- caesarxuchao
+- erictune
+title: Setting up Kubernetes with Juju
+content_template: templates/task
+--- -->
+
+<!-- {{% capture overview %}}
+Ubuntu 16.04 introduced the [Canonical Distribution of Kubernetes](https://www.ubuntu.com/cloud/kubernetes), a pure upstream distribution of Kubernetes designed for production usage. This page shows you how to deploy a cluster.
+{{% /capture %}} -->
+
+{% capture overview %}
+Ubuntu 16.04 已公开 [Kubernetes 的 Canonical 发行版 ](https://www.ubuntu.com/cloud/kubernetes), 一套为生产环境设计的 Kubernetes 上游版本。本文将为您演示如何部署集群。
+{% endcapture %}
+
+<!-- {{% capture prerequisites %}}
+- A working [Juju client](https://jujucharms.com/docs/2.3/reference-install); this does not have to be a Linux machine, it can also be Windows or OSX.
+- A [supported cloud](#cloud-compatibility).
+  - Bare Metal deployments are supported via [MAAS](http://maas.io). Refer to the [MAAS documentation](http://maas.io/docs/) for configuration instructions.
+  - OpenStack deployments are currently only tested on Icehouse and newer.
+- One of the following:
+  - Network access to the following domains
+    - *.jujucharms.com
+    - gcr.io
+    - github.com
+    - Access to an Ubuntu mirror (public or private)
+  - Offline deployment prepared with [these](https://github.com/juju-solutions/bundle-canonical-kubernetes/wiki/Running-CDK-in-a-restricted-environment) instructions.
+{{% /capture %}} -->
+
+{{% capture prerequisites %}}
+- 一个可用的 [Juju 客户端](https://jujucharms.com/docs/2.3/reference-install)；不一定要是 Linux 机器，也可以是 Windows 或 OSX。
+- 一个[受支持的云](#cloud-compatibility)。
+  - 裸机部署可以通过 [MAAS](http://maas.io) 实现。 配置指南参见 [MAAS 文档](http://maas.io/docs/)。
+  - OpenStack 部署目前只在 Icehouse 及更新版本上测试通过。
+- 下面任一一种选项：
+	- 可以网络访问以下站点
+		- *.jujucharms.com
+		- gcr.io
+		- github.com
+		- 访问 Ubuntu 镜像源（公共的或私有的）
+	- 通过[这些](https://github.com/juju-solutions/bundle-canonical-kubernetes/wiki/Running-CDK-in-a-restricted-environment)步骤准备好离线部署。
+{{% /capture %}}
+
+<!-- {{% capture steps %}}
+## Deployment overview
+Out of the box the deployment comes with the following components on 9 machines:
+
+- Kubernetes (automated deployment, operations, and scaling)
+     - Four node Kubernetes cluster with one master and three worker nodes.
+     - TLS used for communication between units for security.
+     - Flannel Software Defined Network (SDN) plugin
+     - A load balancer for HA kubernetes-master (Experimental)
+     - Optional Ingress Controller (on worker)
+     - Optional Dashboard addon (on master) including Heapster for cluster monitoring
+- EasyRSA
+     - Performs the role of a certificate authority serving self signed certificates
+       to the requesting units of the cluster.
+- ETCD (distributed key value store)
+     - Three unit cluster for reliability. -->
+
+{{% capture steps %}}
+## 部署概述
+
+开箱即用的部署由以下组件构成，部署在 9 台机器上：
+
+- Kubernetes （自动化部署，运营及伸缩）
+     - 具有一个主节点和三个工作节点的四节点 Kubernetes 集群。
+     - 使用 TLS 实现组件间的安全通信。
+     - Flannel 软件定义网络 (SDN) 插件
+     - 一个负载均衡器以实现 kubernetes-master 的高可用 (实验阶段)
+     - 可选的 Ingress 控制器（在工作节点上）
+     - 可选的 Dashboard 插件（在主节点上），包含实现集群监控的 Heapster 插件
+- EasyRSA
+     - 扮演证书授权机构的角色，向集群中的组件提供自签名证书
+- ETCD （分布式键值存储）
+     - 三节点的集群达到高可靠性。
+
+<!-- The Juju Kubernetes work is curated by the Big Software team at [Canonical Ltd](https://www.canonical.com/),
+let us know how we are doing. If you find any problems please open an
+[issue on our tracker](https://github.com/juju-solutions/bundle-canonical-kubernetes)
+so we can find them. -->
+
+Juju Kubernetes 工作由 Canonical Ltd（https://www.canonical.com/） 的 Big Software 团队整理，欢迎对我们的工作给出反馈意见。
+如果发现任何问题，请提交相应的 [Issue 到跟踪系统](https://github.com/juju-solutions/bundle-canonical-kubernetes)，以便我们解决。
+
+<!-- ## Support Level
+
+IaaS Provider        | Config. Mgmt | OS     | Networking  | Docs                                              | Conforms | Support Level
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+Amazon Web Services (AWS)   | Juju         | Ubuntu | flannel, calico*     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+OpenStack                   | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Microsoft Azure             | Juju         | Ubuntu | flannel     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Google Compute Engine (GCE) | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Joyent                      | Juju         | Ubuntu | flannel     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Rackspace                   | Juju         | Ubuntu | flannel     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+VMware vSphere              | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Bare Metal (MAAS)           | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core) -->
+
+##  支持级别
+
+IaaS 提供商        | 配置管理 | 系统     | 网络  | 文档                                              | 符合 | 支持级别
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+Amazon Web Services (AWS)   | Juju         | Ubuntu | flannel, calico*     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+OpenStack                   | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Microsoft Azure             | Juju         | Ubuntu | flannel     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Google Compute Engine (GCE) | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Joyent                      | Juju         | Ubuntu | flannel     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Rackspace                   | Juju         | Ubuntu | flannel     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+VMWare vSphere              | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+Bare Metal (MAAS)           | Juju         | Ubuntu | flannel, calico     | [docs](/docs/getting-started-guides/ubuntu)                                   |          | [Commercial](https://ubuntu.com/cloud/kubernetes), [Community](https://github.com/juju-solutions/bundle-kubernetes-core)
+
+
+<!-- For support level information on all solutions, see the [Table of solutions](/docs/getting-started-guides/#table-of-solutions) chart.
+
+## Installation options
+
+You can launch a cluster in one of two ways: [conjure-up](#conjure-up) or [juju deploy](#juju-deploy). Conjure-up is just a convenience wrapper over juju and simplifies the installation. As such, it is the preferred method of install.
+
+Deployment of the cluster is [supported on a wide variety of public clouds](#cloud-compatibility), private OpenStack clouds, or raw bare metal clusters. Bare metal deployments are supported via [MAAS](http://maas.io/).
+
+## Conjure-up
+To install Kubernetes with conjure-up, you need only to run the following commands and then follow the prompts:
+
+```
+sudo snap install conjure-up --classic
+conjure-up kubernetes
+```
+## Juju deploy
+
+### Configure Juju to use your cloud provider
+
+After deciding which cloud to deploy to, follow the [cloud setup page](https://jujucharms.com/docs/devel/getting-started) to configure deploying to that cloud.
+
+Load your [cloud credentials](https://jujucharms.com/docs/2.3/credentials) for each
+cloud provider you would like to use. -->
+
+有关所有解决方案的支持级别信息，请参见[解决方案表](/docs/getting-started-guides/#table-of-solutions)。
+
+## 安装选项
+
+可以通过下面任一一种方式启动集群：[conjure-up](#conjure-up) or [juju 部署](#juju-deploy)。Conjure-up 只是一个对 juju 的简易封装，简化了安装的过程。正因为如此，这也是推荐的安装方法。
+
+可以在 [众多不同的公有云](#cloud-compatibility)，私有 OpenStack 云，或者是原始的裸机集群上部署集群软件。通过 [MAAS](http://maas.io)  实现裸机部署。
+
+## Conjure-up
+
+通过 conjure-up 来安装 Kubernetes, 只需要运行下面的命令，然后根据提示做选择：
+
+```
+sudo snap install conjure-up --classic
+conjure-up kubernetes
+```
+
+## Juju 部署
+
+### 配置 Juju 使用您的云提供商
+
+确定所要部署的云之后，按照[云安装界面](https://jujucharms.com/docs/devel/getting-started)来配置、部署到该云。
+
+加载[云凭证](https://jujucharms.com/docs/2.3/credentials)来选择、使用相应的云。
+
+<!-- In this example
+
+```
+juju add-credential aws
+credential name: my_credentials
+select auth-type [userpass, oauth, etc]: userpass
+enter username: jorge
+enter password: *******
+```
+
+You can also just auto load credentials for popular clouds with the `juju autoload-credentials` command, which will auto import your credentials from the default files and environment variables for each cloud. -->
+
+在本例中
+
+```
+juju add-credential aws
+credential name: my_credentials
+select auth-type [userpass, oauth, etc]: userpass
+enter username: jorge
+enter password: *******
+```
+
+也可以通过 `juju autoload-credentials` 命令自动加载常用的云凭证，该命令将自动从每个云的默认文件和环境变量中导入凭据信息。
+
+<!-- Next we need to bootstrap a controller to manage the cluster. You need to define the cloud you want to bootstrap on, the region, and then any name for your controller node:
+
+```
+juju update-clouds # This command ensures all the latest regions are up to date on your client
+juju bootstrap aws/us-east-2
+```
+or, another example, this time on Azure:
+
+```
+juju bootstrap azure/westus2
+``` -->
+
+接下来，我们需要启动一个控制器来管理集群。您需要确定所要启动的云，地区以及控制器节点的名字：
+
+```
+juju update-clouds # 这个命令可以确保客户端上所有最新的区域是最新的
+juju bootstrap aws/us-east-2
+```
+或者，另外一个例子，这次是在 Azure 上：
+
+```
+juju bootstrap azure/westus2
+```
+
+<!-- If you receive this error, it is likely that the default Azure VM size (Standard D1 v2 [1 vcpu, 3.5 GB memory]) is not available in the Azure location: -->
+
+如果您看到下面的错误信息，很可能默认的 Azure VM (Standard D1 v2 [1 vcpu, 3.5 GB memory]) 并不在当前的 Azure 地区。
+```
+ERROR failed to bootstrap model: instance provisioning failed (Failed)
+```
+
+
+<!-- You will need a controller node for each cloud or region you are deploying to. See the [controller documentation](https://jujucharms.com/docs/2.3/controllers) for more information.
+
+Note that each controller can host multiple Kubernetes clusters in a given cloud or region. -->
+
+您需要为部署到的每个云或区域分配一个控制器节点。更多信息参见[控制器文档](https://jujucharms.com/docs/2.3/controllers)。
+
+请注意，每个控制器可以在给定的云或区域中管理多个 Kubernetes 集群。
+
+<!-- ### Launch a Kubernetes cluster
+
+The following command will deploy the initial 9-node starter cluster. The speed of execution is very dependent of the performance of the cloud you're deploying to:
+
+```
+juju deploy canonical-kubernetes
+```
+
+After this command executes the cloud will then launch instances and begin the deployment process. -->
+
+## 启动 Kubernetes 集群
+
+以下命令将部署 9-节点的初始集群。执行速度取决于您所要部署到的云的性能：
+
+```
+juju deploy canonical-kubernetes
+```
+
+执行完此命令后，云将启动实例并开始部署过程。
+
+<!-- ## Monitor deployment
+
+The `juju status` command provides information about each unit in the cluster. Use the `watch -c juju status --color` command to get a real-time view of the cluster as it deploys. When all the states are green and "Idle", the cluster is ready to be used:
+
+    juju status
+
+Output: -->
+
+## 监控部署
+
+`juju status` 命令提供集群中每个单元的信息。`watch -c juju status --color` 命令可以获取集群部署的实时状态。
+当所有的状态是绿色并且“空闲”时，表示集群处于待用状态：
+
+		juju status
+
+输出结果:
+
+```
+Model                         Controller          Cloud/Region   Version  SLA
+conjure-canonical-kubern-f48  conjure-up-aws-650  aws/us-east-2  2.3.2    unsupported
+
+App                    Version  Status  Scale  Charm                  Store       Rev  OS      Notes
+easyrsa                3.0.1    active      1  easyrsa                jujucharms   27  ubuntu
+etcd                   2.3.8    active      3  etcd                   jujucharms   63  ubuntu
+flannel                0.9.1    active      4  flannel                jujucharms   40  ubuntu
+kubeapi-load-balancer  1.10.3   active      1  kubeapi-load-balancer  jujucharms   43  ubuntu  exposed
+kubernetes-master      1.9.3    active      1  kubernetes-master      jujucharms   13  ubuntu
+kubernetes-worker      1.9.3    active      3  kubernetes-worker      jujucharms   81  ubuntu  exposed
+
+Unit                      Workload  Agent  Machine  Public address  Ports           Message
+easyrsa/0*                active    idle   3        18.219.190.99                   Certificate Authority connected.
+etcd/0                    active    idle   5        18.219.56.23    2379/tcp        Healthy with 3 known peers
+etcd/1*                   active    idle   0        18.219.212.151  2379/tcp        Healthy with 3 known peers
+etcd/2                    active    idle   6        13.59.240.210   2379/tcp        Healthy with 3 known peers
+kubeapi-load-balancer/0*  active    idle   1        18.222.61.65    443/tcp         Loadbalancer ready.
+kubernetes-master/0*      active    idle   4        18.219.105.220  6443/tcp        Kubernetes master running.
+  flannel/3               active    idle            18.219.105.220                  Flannel subnet 10.1.78.1/24
+kubernetes-worker/0       active    idle   2        18.219.221.98   80/tcp,443/tcp  Kubernetes worker running.
+  flannel/1               active    idle            18.219.221.98                   Flannel subnet 10.1.38.1/24
+kubernetes-worker/1*      active    idle   7        18.219.249.103  80/tcp,443/tcp  Kubernetes worker running.
+  flannel/2               active    idle            18.219.249.103                  Flannel subnet 10.1.68.1/24
+kubernetes-worker/2       active    idle   8        52.15.89.16     80/tcp,443/tcp  Kubernetes worker running.
+  flannel/0*              active    idle            52.15.89.16                     Flannel subnet 10.1.73.1/24
+
+Machine  State    DNS             Inst id              Series  AZ          Message
+0        started  18.219.212.151  i-065eab4eabc691b25  xenial  us-east-2a  running
+1        started  18.222.61.65    i-0b332955f028d6281  xenial  us-east-2b  running
+2        started  18.219.221.98   i-0879ef1ed95b569bc  xenial  us-east-2a  running
+3        started  18.219.190.99   i-08a7b364fc008fc85  xenial  us-east-2c  running
+4        started  18.219.105.220  i-0f92d3420b01085af  xenial  us-east-2a  running
+5        started  18.219.56.23    i-0271f6448cebae352  xenial  us-east-2c  running
+6        started  13.59.240.210   i-0789ef5837e0669b3  xenial  us-east-2b  running
+7        started  18.219.249.103  i-02f110b0ab042f7ac  xenial  us-east-2b  running
+8        started  52.15.89.16     i-086852bf1bee63d4e  xenial  us-east-2c  running
+
+Relation provider                    Requirer                             Interface         Type         Message
+easyrsa:client                       etcd:certificates                    tls-certificates  regular
+easyrsa:client                       kubeapi-load-balancer:certificates   tls-certificates  regular
+easyrsa:client                       kubernetes-master:certificates       tls-certificates  regular
+easyrsa:client                       kubernetes-worker:certificates       tls-certificates  regular
+etcd:cluster                         etcd:cluster                         etcd              peer
+etcd:db                              flannel:etcd                         etcd              regular
+etcd:db                              kubernetes-master:etcd               etcd              regular
+kubeapi-load-balancer:loadbalancer   kubernetes-master:loadbalancer       public-address    regular
+kubeapi-load-balancer:website        kubernetes-worker:kube-api-endpoint  http              regular
+kubernetes-master:cni                flannel:cni                          kubernetes-cni    subordinate
+kubernetes-master:kube-api-endpoint  kubeapi-load-balancer:apiserver      http              regular
+kubernetes-master:kube-control       kubernetes-worker:kube-control       kube-control      regular
+kubernetes-worker:cni                flannel:cni                          kubernetes-cni    subordinate
+```
+
+<!-- ## Interacting with the cluster
+
+After the cluster is deployed you may assume control over the cluster from any kubernetes-master, or kubernetes-worker node.
+
+If you didn't use conjure-up, you will first need to download the credentials and client application to your local workstation:
+
+Create the kubectl config directory.
+
+```
+mkdir -p ~/.kube
+```
+Copy the kubeconfig file to the default location.
+
+```
+juju scp kubernetes-master/0:/home/ubuntu/config ~/.kube/config
+``` -->
+
+## 与集群的交互
+
+部署完集群后，您可以在任意一个 kubernetes-master 或 kubernetes-worker 节点取得集群的控制权。
+
+如果您没有使用 conjure-up，那么您需要先将凭据和客户端程序下载到本地工作站上：
+
+创建 kubectl 配置信息目录。
+
+```
+mkdir -p ~/.kube
+```
+
+将 kubeconfig 文件复制到默认位置。
+
+```
+juju scp kubernetes-master/0:config ~/.kube/config
+```
+
+<!-- The next step is to install the kubectl client on your local machine. The recommended way to do this on Ubuntu is using the kubectl snap ([/docs/tasks/tools/install-kubectl/#install-with-snap-on-ubuntu](/docs/tasks/tools/install-kubectl/#install-with-snap-on-ubuntu)).
+
+The following command should be run on the machine you wish to use to control the kubernetes cluster:
+
+```
+sudo snap install kubectl --classic
+```
+
+This will install and deploy the kubectl binary. You may need to restart your terminal as your $PATH may have been updated. -->
+
+下一步是在本地机器上安装 kubectl 客户端。在 Ubuntu 上推荐的安装方式是使用 kubectl snap ([/docs/tasks/tools/install-kubectl/#install-with-snap-on-ubuntu](/docs/tasks/tools/install-kubectl/#install-with-snap-on-ubuntu))。
+
+可以运行下面的命令便可以控制 kubernetes 集群了：
+
+```
+sudo snap install kubectl --classic
+```
+
+这条命令会安装和部署 kubectl 程序。安装完成后，您可能需要重启命令窗口（因为 $PATH 已经被更新）。
+
+<!-- Query the cluster:
+
+    kubectl cluster-info
+
+Output:
+
+```
+Kubernetes master is running at https://52.15.104.227:443
+Heapster is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/heapster/proxy
+KubeDNS is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/kube-dns/proxy
+Grafana is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
+InfluxDB is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
+```
+
+Congratulations, you've now set up a Kubernetes cluster! -->
+
+查询集群：
+		kubectl cluster-info
+
+输出结果：
+
+```
+Kubernetes master is running at https://52.15.104.227:443
+Heapster is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/heapster/proxy
+KubeDNS is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/kube-dns/proxy
+Grafana is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
+InfluxDB is running at https://52.15.104.227:443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
+```
+
+<!-- ## Scale up cluster
+
+Want larger Kubernetes nodes? It is easy to request different sizes of cloud
+resources from Juju by using **constraints**. You can increase the amount of
+CPU or memory (RAM) in any of the systems requested by Juju. This allows you
+to fine tune the Kubernetes cluster to fit your workload. Use flags on the
+bootstrap command or as a separate `juju constraints` command. Look to the
+[Juju documentation for machine](https://jujucharms.com/docs/2.3/charms-constraints)
+details. -->
+
+## 为集群垂直扩容
+
+需要更大的 Kubernetes 节点？通过使用 Juju 的**约束**，您可以轻松地请求到不同大小的云资源。
+通过 Juju 请求创建的任意系统，您都可以为它们增加 CPU 和内存（RAM）。
+这使您可以对 Kubernetes 集群进行调优以适应工作负载。
+藉由 bootstrap 命令的参数或使用独立的 `juju constraints` 命令都可以做到这点。详情参见[和机器相关的 Juju 文档](https://jujucharms.com/docs/2.3/charms-constraints)
+
+<!-- ## Scale out cluster
+
+Need more workers? We just add more units:
+
+```shell
+juju add-unit kubernetes-worker
+```
+
+Or multiple units at one time:
+
+```shell
+juju add-unit -n3 kubernetes-worker
+```
+You can also ask for specific instance types or other machine-specific constraints. See the [constraints documentation](https://jujucharms.com/docs/stable/reference-constraints) for more information. Here are some examples, note that generic constraints such as `cores` and `mem` are more portable between clouds. In this case we'll ask for a specific instance type from AWS:
+
+```shell
+juju set-constraints kubernetes-worker instance-type=c4.large
+juju add-unit kubernetes-worker
+```
+
+You can also scale the etcd charm for more fault tolerant key/value storage:
+
+```shell
+juju add-unit -n3 etcd
+```
+It is strongly recommended to run an odd number of units for quorum. -->
+
+## 为集群集群水平扩容
+
+需要更多的工作节点？只需添加一些 unit：
+
+```shell
+juju add-unit kubernetes-worker
+```
+
+或者一次添加多个：
+
+```shell
+juju add-unit -n3 kubernetes-worker
+```
+您也可以为特定实例类型或者特定机器的设置约束。更多信息请参见[约束文档](https://jujucharms.com/docs/stable/reference-constraints)。
+接下来举一些例子。请注意，诸如 `cores` 和 `mem` 这样的通用约束在各云之间的可移植性是比较高的。
+在本例中，我们从 AWS 申请一个特定的实例类型：
+
+```shell
+juju set-constraints kubernetes-worker instance-type=c4.large
+juju add-unit kubernetes-worker
+```
+
+为提升键值存储的容错能力，您也可以扩展 etcd charm：
+
+```shell
+juju add-unit -n3 etcd
+```
+
+强烈建议运行奇数个 unit 以支持法定人数票选。
+
+<!-- ## Tear down cluster
+
+If you used conjure-up to create your cluster, you can tear it down with `conjure-down`. If you used juju directly, you can tear it down by destroying the Juju model or the controller. Use the `juju switch` command to get the current controller name:
+
+```shell
+juju switch
+juju destroy-controller $controllername --destroy-all-models
+```
+This will shutdown and terminate all running instances on that cloud.
+{{% /capture %}}
+
+{{% capture discussion %}} -->
+
+## 销毁集群
+
+如果您是使用 conjure-up 创建的集群，通过 `conjure-down` 便可以完成销毁过程。
+如果是直接使用的 juju，你可以通过销毁 juju 模型或控制器来销毁集群。
+使用 `juju switch` 命令获取当前控制器的名字：
+
+```shell
+juju switch
+juju destroy-controller $controllername --destroy-all-models
+```
+
+这将关闭并终止该云上所有正在运行的实例。
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!-- ## More Info
+
+The Ubuntu Kubernetes deployment uses open-source operations, or operations as code, known as charms. These charms are assembled from layers which keeps the code smaller and more focused on the operations of just Kubernetes and its components.
+
+The Kubernetes layer and bundles can be found in the `kubernetes`
+project on github.com:
+
+ - [Bundle location](https://git.k8s.io/kubernetes/cluster/juju/bundles)
+ - [Kubernetes charm layer location](https://git.k8s.io/kubernetes/cluster/juju/layers)
+ - [Canonical Kubernetes home](https://jujucharms.com/kubernetes)
+ - [Main issue tracker](https://github.com/juju-solutions/bundle-canonical-kubernetes)
+
+Feature requests, bug reports, pull requests and feedback are appreciated.
+{{% /capture %}} -->
+
+{{% capture discussion %}}
+## 更多信息
+
+Ubuntu Kubernetes 的部署通过名为 charms 的开源运维工具实现，这类工具也称作运维即代码（Operations as Code）。
+这些 charms 以层的方式组装，从而使代码更小，更专注于 Kubernetes 及其组件的操作。
+
+Kubernetes 的层和 Bundle 可以在 github.com 的 `kubernetes` 项目中找到：
+
+- [Bundle 的地址](https://git.k8s.io/kubernetes/cluster/juju/bundles)
+- [Kubernetes charm 层的地址](https://git.k8s.io/kubernetes/cluster/juju/layers)
+- [Canonical Kubernetes 主页](https://jujucharms.com/kubernetes)
+- [主要的 issue tracker](https://github.com/juju-solutions/bundle-canonical-kubernetes)
+
+欢迎提供功能需求，错误报告，pull request和反馈意见。
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/local.md b/content/zh/docs/getting-started-guides/ubuntu/local.md
new file mode 100644
index 0000000000000..1744114ae19c8
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/local.md
@@ -0,0 +1,118 @@
+---
+title: 通过 LXD 实现 Kubernetes 本地开发
+content_template: templates/task
+---
+
+<!-- ---
+title: Local Kubernetes development with LXD
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+<!-- Running Kubernetes locally has obvious development advantages, such as lower cost and faster iteration than constantly deploying and tearing down clusters on a public cloud. Ideally, a Kubernetes developer can spawn all necessary nodes inside local containers and test new configurations as they are committed. This page will show you how to deploy a cluster to LXD containers on a local machine. -->
+
+在本地运行 Kubernetes 比在公有云上部署和移除集群具有明显的开发优势，如更低的成本和更快的迭代。
+理想情况下，Kubernetes 开发人员可以在本地容器内产生所有必需的节点，并在提交新配置时测试它们。
+本文将展示如何将集群部署到本地机器的 LXD 容器上。
+
+{{% /capture %}}
+
+<!-- The purpose of using [LXD](https://linuxcontainers.org/lxd/) on a local machine is to emulate the same deployment that a user would use in a cloud or bare metal. Each node is treated as a machine, with the same characteristics as production. Each node is a separate container, which runs Docker containers and `kubectl` inside (see [Cluster Intro](/docs/tutorials/kubernetes-basics/cluster-intro/) for more info). -->
+
+在本地机器上使用 [LXD](https://linuxcontainers.org/lxd/) 的目的是为了模拟用户在云或裸机中部署的环境。每个节点都被视为一台机器，具有与生产环境相同的特性。 每个节点都是一个单独的容器，它在里面运行 Docker 容器和 `kubectl`（更多信息请参阅 [集群简介](/docs/tutorials/kubernetes-basics/cluster-intro/)）。
+
+{{% capture prerequisites %}}
+
+<!-- Install [conjure-up](http://conjure-up.io/), a tool for deploying big software.
+Add the current user to the `lxd` user group. -->
+
+安装 [conjure-up](http://conjure-up.io/)，这是一个用来部署大型软件的工具。
+将当前用户添加到 `lxd` 用户组中。
+
+```
+sudo snap install conjure-up --classic
+sudo usermod -a -G lxd $(whoami)
+```
+
+<!-- Note: If conjure-up asks you to "Setup an ipv6 subnet" with LXD, answer NO. ipv6 with Juju/LXD is currently unsupported.
+{{% /capture %}} -->
+
+注意：如果 conjure-up 要求您在 LXD 上 "配置一个 ipv6 子网"，请选择 NO。目前还不支持在 Juju/LXD 上使用 ipv6。
+{% endcapture %}
+
+{{% capture steps %}}
+
+<!-- ## Deploying Kubernetes -->
+
+## 部署 Kubernetes
+
+<!-- Start the deployment with: -->
+通过以下命令启动部署：
+
+    conjure-up kubernetes
+
+<!-- For this walkthrough we are going to create a new controller - select the `localhost` Cloud type:
+
+![Select Cloud](/images/docs/ubuntu/00-select-cloud.png) -->
+
+对于本教程，我们将会创建一个新的控制器 - 选择 `localhost` 云类型：
+
+![选择云类型](/images/docs/ubuntu/00-select-cloud.png)
+
+<!-- Deploy the applications:
+
+![Deploy Applications](/images/docs/ubuntu/01-deploy.png) -->
+
+部署应用：
+
+![部署应用](/images/docs/ubuntu/01-deploy.png)
+
+<!-- Wait for Juju bootstrap to finish:
+
+![Bootstrap](/images/docs/ubuntu/02-bootstrap.png) -->
+
+等待 Juju 引导结束：
+
+![引导](/images/docs/ubuntu/02-bootstrap.png)
+
+<!-- Wait for our Applications to be fully deployed:
+
+![Waiting](/images/docs/ubuntu/03-waiting.png) -->
+
+等待应用被完全部署：
+
+![等待](/images/docs/ubuntu/03-waiting.png)
+
+<!-- Run the final post-processing steps to automatically configure your Kubernetes environment:
+
+![Postprocessing](/images/docs/ubuntu/04-postprocessing.png) -->
+
+执行最终的后处理步骤，来自动配置 Kubernetes 环境：
+
+![后处理](/images/docs/ubuntu/04-postprocessing.png)
+
+<!-- Review the final summary screen:
+
+![Final Summary](/images/docs/ubuntu/05-final-summary.png) -->
+
+查看最终的摘要信息：
+
+![最终的摘要](/images/docs/ubuntu/05-final-summary.png)
+
+<!-- ## Accessing the Cluster
+
+You can access your Kubernetes cluster by running the following: -->
+
+## 访问集群
+
+您可以通过运行以下命令来访问 Kubernetes 集群：
+
+    kubectl --kubeconfig=~/.kube/config
+
+<!-- Or if you've already run this once it'll create a new config file as shown in the summary screen. -->
+或者如果您已经运行过一次，它将创建一个新的配置文件，如摘要信息所示。
+
+    kubectl --kubeconfig=~/.kube/config.conjure-up
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/logging.md b/content/zh/docs/getting-started-guides/ubuntu/logging.md
new file mode 100644
index 0000000000000..341882002129c
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/logging.md
@@ -0,0 +1,79 @@
+---
+title: 日志
+content_template: templates/task
+---
+
+<!-- ---
+title: Logging
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+<!-- This page will explain how logging works within a Juju deployed cluster. -->
+本文将说明日志在 Juju 部署的集群中是如何工作的。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!-- This page assumes you have a working Juju deployed cluster. -->
+本文假设你已经有一个可用的 Juju 部署的集群。
+{{% /capture %}}
+
+{{% capture steps %}}
+<!-- ## Agent Logging -->
+## 代理日志
+
+<!-- The `juju debug-log` will show all of the consolidated logs of all the Juju agents running on each node of the cluster. This can be useful for finding out why a specific node hasn't deployed or is in an error state. These agent logs are located in `/var/lib/juju/agents` on every node. -->
+`juju debug-log` 命令可以显示集群中每一个节点上运行的 Juju 代理所汇总的日志结果。
+它可以帮助确定为何某个节点没有被部署或者是处于错误的状态。这些代理日志被存放在每个节点的 `/var/lib/juju/agents` 路径下。
+
+<!-- See the [Juju documentation](https://jujucharms.com/docs/stable/troubleshooting-logs) for more information. -->
+更多信息参见[Juju 文档](https://jujucharms.com/docs/stable/troubleshooting-logs)
+
+
+<!-- ## Managing log verbosity -->
+## 管理日志级别
+
+<!-- Log verbosity in Juju is set at the model level. You can adjust it at any time: -->
+Juju 中默认的日志级别是 model 级别。不过，你可以随时调整它：
+
+```
+juju add-model k8s-development --config logging-config='<root>=DEBUG;unit=DEBUG'
+```
+
+<!-- and later on your k8s-production model -->
+然后在你的生态环境下的 k8s 模型进行配置
+
+```
+juju model-config -m k8s-production logging-config='<root>=ERROR;unit=ERROR'
+```
+
+<!-- In addition, the jujud daemon is started in debug mode by default on all controllers. To remove that behavior edit ```/var/lib/juju/init/jujud-machine-0/exec-start.sh``` on the controller node and comment the ```--debug``` section. -->
+另外，所有控制器上的 jujud 守护进程默认使用 debug 级别。如果想要移除这种行为，编辑控制器节点上的 ```/var/lib/juju/init/jujud-machine-0/exec-start.sh``` 文件并注释掉 ```--debug``` 选项。
+
+<!-- It then contains: -->
+修改之后，如下所示：
+
+```
+#!/usr/bin/env bash
+
+# Set up logging.
+touch '/var/log/juju/machine-0.log'
+chown syslog:syslog '/var/log/juju/machine-0.log'
+chmod 0600 '/var/log/juju/machine-0.log'
+exec >> '/var/log/juju/machine-0.log'
+exec 2>&1
+
+# Run the script.
+'/var/lib/juju/tools/machine-0/jujud' machine --data-dir '/var/lib/juju' --machine-id 0 # --debug
+```
+
+<!-- Then restart the service with: -->
+然后运行下面的命令，重启服务：
+
+```
+sudo systemctl restart jujud-machine-0.service
+```
+
+<!-- See the [official documentation](https://jujucharms.com/docs/stable/models-config) for more information about logging and other model settings in Juju. -->
+Juju 中更多和日志与其它模型设置相关的信息请参考[官方文档](https://jujucharms.com/docs/stable/models-config)。
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/monitoring.md b/content/zh/docs/getting-started-guides/ubuntu/monitoring.md
new file mode 100644
index 0000000000000..8f437d55dd821
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/monitoring.md
@@ -0,0 +1,234 @@
+---
+title: 监控
+content_template: templates/task
+---
+
+<!--
+---
+title: Monitoring
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!-- This page shows how to connect various logging solutions to a Juju deployed cluster. -->
+
+本文将介绍如何将不同的日志解决方案连到已经用 Juju 部署好的 Kubernetes 集群上。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- This page assumes you have a working Juju deployed cluster. -->
+本文假设你有一个用 Juju 部署好了的 Kubernetes 集群。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Connecting Datadog -->
+
+## 连接 Datadog
+
+<!-- Datadog is a SaaS offering which includes support for a range of integrations,
+including Kubernetes and ETCD. While the solution is SAAS/Commercial,
+they include a Free tier which is supported with the following method.
+To deploy a full Kubernetes stack with Datadog out of the box, do: -->
+
+Datadog 是一个 SaaS 方案，包含了对很多不同类型的应用集成的支持，例如，Kubernetes 和 etcd。
+在提供商业版本的同时，也支持通过如下方式免费使用。
+部署一个带有现成的 Databox 的 Kubernetes 集群：
+
+```
+juju deploy canonical-kubernetes-datadog
+```
+
+<!-- ### Installation of Datadog -->
+### 安装 Datadog
+
+<!-- To start, deploy the latest version Datadog from the Charm Store: -->
+首先, 从 Juju 的 Charm Store 下载部署最新版本的 Datadog :
+
+```
+juju deploy datadog
+```
+
+<!-- Configure Datadog with your api-key, found in the [Datadog dashboard]().
+Replace `XXXX` with your API key. -->
+
+使用在 [Datadog dashboard]() 上的 api-key 来配置 Datadog。
+将 `XXXX` 配置为你的 API 密钥。
+
+```
+juju configure datadog api-key=XXXX
+```
+
+<!-- Finally, attach `datadog` to all applications you wish to monitor.
+For example, kubernetes-master, kubernetes-worker, and etcd: -->
+
+最后, 将 `datadog` 绑定到需要监控的所有应用上。例如：kubernetes-master, kubernetes-worker, and etcd:
+
+```
+juju add-relation datadog kubernetes-worker
+juju add-relation datadog kubernetes-master
+juju add-relation datadog etcd
+```
+
+<!-- ## Connecting Elastic stack -->
+## 连接 Elastic 栈
+
+<!-- The Elastic stack, formally "ELK" stack, refers to Elastic Search and the suite of tools to
+facilitate log aggregation, monitoring, and dashboarding.
+To deploy a full Kubernetes stack with elastic out of the box, do: -->
+
+Elastic 栈，正规地说是 "ELK" 栈, 指的是 ElasticSearch 和日志收集，监控，dashboard 的套件.
+部署带有现成的 elastic 栈的 Kubernetes 集群命令如下：
+
+```
+juju deploy canonical-kubernetes-elastic
+```
+
+<!-- ### New install of ElasticSearch -->
+### 初装 ElasticSearch
+
+<!-- To start, deploy the latest version of ElasticSearch, Kibana, Filebeat, and Topbeat from the Charm Store: -->
+
+首先, 从 Juju 的 Charm store 下载、部署最新版本的 ElasticSearch, Kibana, Filebeat 和 Topbeat：
+
+<!-- This can be done in one command as: -->
+
+命令行如下：
+
+```
+juju deploy beats-core
+```
+
+<!-- However, if you wish to customize the deployment, or proceed manually, the following commands can be issued: -->
+
+此外，如果你要定制部署，或手工安装，可使用以下命令：
+
+```
+juju deploy elasticsearch
+juju deploy kibana
+juju deploy filebeat
+juju deploy topbeat
+
+juju add-relation elasticsearch kibana
+juju add-relation elasticsearch topbeat
+juju add-relation elasticsearch filebeat
+```
+
+<!-- Finally, connect filebeat and topbeat to all applications you wish to monitor.
+For example, kubernetes-master and kubernetes-worker: -->
+
+最后将 filebeat 和 topbeat 连接到所要监控的应用上。
+例如：kubernetes-master 和 kubernetes-worker：
+
+```
+juju add-relation kubernetes-master topbeat
+juju add-relation kubernetes-master filebeat
+juju add-relation kubernetes-worker topbeat
+juju add-relation kubernetes-worker filebeat
+```
+
+<!-- ### Existing ElasticSearch cluster -->
+### 已装 ElasticSearch 集群
+
+<!-- In the event an ElasticSearch cluster already exists,
+the following can be used to connect and leverage it instead of creating a
+new, separate, cluster.
+First deploy the two beats, filebeat and topbeat -->
+
+如果已有一个 ElasticSearch 集群已经存在的情况下，
+你可以使用下面的方式来连接和使用它而不是重新创建一个单独的新集群。
+首先部署 filebeat 和 topbeat 两个组件：
+
+```
+juju deploy filebeat
+juju deploy topbeat
+```
+
+<!-- Configure both filebeat and topbeat to connect to your ElasticSearch cluster,
+replacing `255.255.255.255` with the IP address in your setup. -->
+
+按照如下方式可配置 filebeat 和 topbeat 对接 ElasticSearch 集群，
+将 `255.255.255.255` 替换成自己配置的IP。
+
+```
+juju configure filebeat elasticsearch=255.255.255.255
+juju configure topbeat elasticsearch=255.255.255.255
+```
+
+<!-- Follow the above instructions on connect topbeat and filebeat to the applications you wish to monitor. -->
+
+使用上面的命令，将 topbeat 和 filebeat 连接到需要监控的应用上。
+
+
+<!-- ## Connecting Nagios -->
+
+## 连接 Nagios
+
+<!-- Nagios utilizes the Nagios Remote Plugin Executor protocol (NRPE protocol)
+as an agent on each node to derive machine level details of the health and applications. -->
+
+Nagios 在每个节点上，使用 Nagions 远程执行插件协议 (NRPE 协议)作为代理
+来收集节点里和健康、应用相关的详细信息。
+
+<!-- ### New install of Nagios -->
+
+### 初装 Nagios
+
+<!-- To start, deploy the latest version of the Nagios and NRPE charms from the store: -->
+
+首先, 从 Juju 的 Charm store 部署最新版本的 Nagois 和 NRPE:
+
+```
+juju deploy nagios
+juju deploy nrpe
+```
+
+<!-- Connect Nagios to NRPE -->
+将 Nagois 连接到 NRPE 上
+
+```
+juju add-relation nagios nrpe
+```
+
+<!-- Finally, add NRPE to all applications deployed that you wish to monitor,
+for example `kubernetes-master`, `kubernetes-worker`, `etcd`, `easyrsa`, and `kubeapi-load-balancer`. -->
+
+最后，将 NRPE 添加到所有需要部署的应用，
+例如，`kubernetes-master`, `kubernetes-worker`, `etcd`, `easyrsa`, 和 `kubeapi-load-balancer`。
+
+```
+juju add-relation nrpe kubernetes-master
+juju add-relation nrpe kubernetes-worker
+juju add-relation nrpe etcd
+juju add-relation nrpe easyrsa
+juju add-relation nrpe kubeapi-load-balancer
+```
+
+<!-- ### Existing install of Nagios -->
+### 已装 Nagios
+
+<!-- If you already have an existing Nagios installation,
+the `nrpe-external-master` charm can be used instead.
+This will allow you to supply configuration options that map your existing
+external Nagios installation to NRPE.
+Replace `255.255.255.255` with the IP address of the nagios instance. -->
+
+如果已经装有 Nagios，可以换用 `nrpe-external-master` charm 。
+这样可以提供配置选项将现有的、外部 Nagios 安装映射到 NRPE上。
+将 `255.255.255.255` 替换为 nagois 实例的 IP 地址。
+
+```
+juju deploy nrpe-external-master
+juju configure nrpe-external-master nagios_master=255.255.255.255
+```
+
+<!-- Once configured, connect nrpe-external-master as outlined above. -->
+
+配置完后，如上所示，连到 nrpe-external-master。
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/networking.md b/content/zh/docs/getting-started-guides/ubuntu/networking.md
new file mode 100644
index 0000000000000..e713c53cd7b36
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/networking.md
@@ -0,0 +1,92 @@
+---
+title: 网络
+content_template: templates/task
+---
+
+<!-- ---
+title: Networking
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+<!-- Kubernetes supports the [Container Network Interface (CNI)](https://github.com/containernetworking/cni).
+This is a network plugin architecture that allows you to use whatever
+Kubernetes-friendly SDN you want. Currently this means support for Flannel and Canal. -->
+
+Kubernetes 支持[容器网络接口](https://github.com/containernetworking/cni)。
+这个网络插件架构允许你使用任何你喜欢的、对 Kubernetes 友好的 SDN。
+目前支持的插件是 Flannel 和 Canal。
+
+<!-- This page shows how the various network portions of a cluster work and how to configure them. -->
+本页将展示集群中各个网络部分是如何工作，并且对它们进行相应的配置。
+
+{{% /capture %}}
+{{% capture prerequisites %}}
+
+<!-- This page assumes you have a working Juju deployed cluster. -->
+本页假设你有一个已经通过 Juju 部署、正在运行的集群。
+
+{{< note >}}
+<!-- Note that if you deploy a cluster via conjure-up or the CDK bundles, manually deploying CNI plugins is unnecessary. -->
+注意，如果你是通过 `conjure-up` 或者 CDK 软件包部署的集群，将不需要再手动部署 CNI 插件。
+
+{{< /note >}}
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!-- The CNI charms are [subordinates](https://jujucharms.com/docs/stable/authors-subordinate-applications).
+These charms will require a principal charm that implements the `kubernetes-cni` interface in order to properly deploy. -->
+
+CNI charms 在[子路径](https://jujucharms.com/docs/stable/authors-subordinate-applications)下。
+这些 charms 需要主 charm 实现 `kubernetes-cni` 接口，才能正常部署。
+
+## Flannel
+
+```
+juju deploy flannel
+juju add-relation flannel kubernetes-master
+juju add-relation flannel kubernetes-worker
+juju add-relation flannel etcd
+```
+
+## Canal
+
+```
+juju deploy canal
+juju add-relation canal kubernetes-master
+juju add-relation canal kubernetes-worker
+juju add-relation canal etcd
+```
+
+<!-- ### Configuration -->
+### 配置
+
+<!-- **iface** The interface to configure the flannel or canal SDN binding. If this value is
+empty string or undefined the code will attempt to find the default network
+adapter similar to the following command: -->
+
+**iface** 接口是用来配置 flannel 或 canal 的 SDN 绑定。
+如果属性为空字符串或未定义，程序将通过下面的命令行试图找出默认的网络适配器：
+
+```bash
+$ route | grep default | head -n 1 | awk {'print $8'}
+```
+
+<!-- **cidr** The network range to configure the flannel or canal SDN to declare when
+establishing networking setup with etcd. Ensure this network range is not active
+on layers 2/3 you're deploying to, as it will cause collisions and odd behavior
+if care is not taken when selecting a good CIDR range to assign to flannel. It's
+also good practice to ensure you allot yourself a large enough IP range to support
+how large your cluster will potentially scale.  Class A IP ranges with /24 are
+a good option. -->
+
+**cidr** 在用 etcd 进行网络设置时，用于配置 flannel 或 canal SDN 所要使用的网络地址范围。
+请确保这个网络地址范围在所要部署的 L2/L3 上不是在用状态，
+因为如果没有选择一个好的 CIDR 范围来分配给 flannel，就会出现冲突或异常行为。
+同时也要保证 IP 地址范围足够大以支持未来可能会发生的集群扩容。
+A 类 IP 地址 `/24` 是一个不错的选择。
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/operational-considerations.md b/content/zh/docs/getting-started-guides/ubuntu/operational-considerations.md
new file mode 100644
index 0000000000000..d738f09288eec
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/operational-considerations.md
@@ -0,0 +1,262 @@
+---
+title: 运维注意事项
+content_template: templates/task
+---
+
+<!--
+---
+title: Operational Considerations
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+<!-- This page gives recommendations and hints for people managing long lived clusters  -->
+
+本文为管理维护长期运行的集群的工程师提供一些建议和提示。
+
+{{% /capture %}}
+{{% capture prerequisites %}}
+<!-- This page assumes you understand the basics of Juju and Kubernetes. -->
+
+本文假定您对 Juju 和 Kubernetes 已经有了基本的了解。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Managing Juju -->
+
+## 管理 Juju
+
+<!-- ### Sizing your controller node -->
+
+### 确定控制节点规模
+
+<!-- The Juju Controller:  -->
+
+Juju 控制器：
+
+<!-- * requires about 2 to 2.5GB RAM to operate.
+* uses a MongoDB database as a storage backend for the configuration and state of the cluster. This database can grow significantly, and can also be the biggest consumer of CPU cycles on the instance
+* aggregates and stores the log data of all services and units. Therefore, significant storage is needed for long lived models. If your intention is to keep the cluster running, make sure to provision at least 64GB for the logs.  -->
+
+* 运行需要大概 2 到 2.5 GB 的 RAM。
+* 用 MongoDB 数据库作为集群配置和状态的存储后端。这个数据库可能增长很快，也可能是实例中 CPU 周期的最大消费者。
+* 汇总和存储所有服务和单位的日志数据。因此，长期运行的模型需要大量的存储。如果您的目的是保持集群运行，请确保为日志配置至少 64 GB 的存储空间。
+
+<!-- To bootstrap a controller with constraints run the following command: -->
+
+指定参数创建一个控制器（命令行如下）：
+
+```
+juju bootstrap --constraints "mem=8GB cpu-cores=4 root-disk=128G"
+```
+
+<!-- Juju will select the cheapest instance type matching your constraints on your target cloud.
+You can also use the ```instance-type``` constraint in conjunction with ```root-disk``` for strict control.
+For more information about the constraints available, refer to the [official documentation](https://jujucharms.com/docs/stable/reference-constraints) -->
+
+Juju 将会选择与目标云上的约束匹配的最便宜的实例类型。
+还可以通过将 ```instance-type``` 与 ```root-disk``` 两个约束结合使用来进行严格控制。
+对于可用的约束信息，请参阅 [官方文档](https://jujucharms.com/docs/stable/reference-constraints)
+
+
+<!-- Additional information about logging can be found in the [logging section](/docs/getting-started-guides/ubuntu/logging) -->
+
+关于日志记录的更多信息，请参阅 [日志章节](/docs/getting-started-guides/ubuntu/logging)
+
+<!-- ### SSHing into the Controller Node -->
+
+### SSH 到控制节点上
+
+<!-- By default, Juju will create a pair of SSH keys that it will use to automate the connection to units. They are stored on the client node in ```~/.local/share/juju/ssh/``` -->
+
+默认情况下，Juju 将创建一对 SSH 密钥，用于自动化单元之间的连接。
+这对密钥保存在客户端节点的 ```~/.local/share/juju/ssh/``` 路径下。
+
+<!-- After deployment, Juju Controller is a "silent unit" that acts as a proxy between the client and the deployed applications. Nevertheless it can be useful to SSH into it.  -->
+
+部署完后，Juju 控制器是一个 "无声单元"，
+其充当客户端和已部署应用程序之间的代理。
+尽管如此，SSH 到控制器上还是很有用的。
+
+<!-- First you need to understand your environment, especially if you run several Juju models and controllers. Run -->
+
+首先，你需要了解你的运行环境，特别是如果你运行了几个 Juju 模型和控制器。
+
+运行下面的命令行：
+
+```
+juju list-models --all
+$ juju models --all
+Controller: k8s
+
+Model             Cloud/Region   Status     Machines  Cores  Access  Last connection
+admin/controller  lxd/localhost  available         1      -  admin   just now
+admin/default     lxd/localhost  available         0      -  admin   2017-01-23
+admin/whale*      lxd/localhost  available         6      -  admin   3 minutes ago
+```
+
+<!-- The first line ```Controller: k8s``` refers to how you bootstrapped.  -->
+
+第一行的 ```Controller: k8s``` 表明是如何引导创建的控制器。
+
+<!-- Then you will see 2, 3 or more models listed below.  -->
+
+接着可以看见下面列了 2 个，3 个或更多的类型。
+
+<!-- * admin/controller is the default model that hosts all controller units of juju
+* admin/default is created by default as the primary model to host the user application, such as the Kubernetes cluster
+* admin/whale is an additional model created if you use conjure-up as an overlay on top of Juju.  -->
+
+* admin/controller 是托管 juju 所有控制器单元的默认模型
+* admin/default 默认情况下，作为托管用户应用程序的主要模型，例如 Kubernetes 集群
+* admin/whale 是一个额外的模型，如在 Juju 之上，叠加使用 conjure-up 的话
+
+<!-- Now to ssh into a controller node, you first ask Juju to switch context, then ssh as you would with a normal unit: -->
+
+现在开始 ssh 到控制节点上，首先是让 Juju 切换上下文，然后是像一般单元那样 ssh 到控制节点上：
+
+```
+juju switch controller
+```
+
+<!-- At this stage, you can query the controller model as well:  -->
+
+在这个阶段，也可以查询控制器模型：
+
+```
+juju status
+Model       Controller  Cloud/Region   Version
+controller  k8s           lxd/localhost  2.0.2
+
+App  Version  Status  Scale  Charm  Store  Rev  OS  Notes
+
+Unit  Workload  Agent  Machine  Public address  Ports  Message
+
+Machine  State    DNS           Inst id        Series  AZ
+0        started  10.191.22.15  juju-2a5ed8-0  xenial
+```
+
+<!-- Note that if you had bootstrapped in HA mode, you would see several machines listed.  -->
+
+请注意，如果是在 HA 模式下进行的引导，
+会在列表中看到几台机器。
+
+<!-- Now ssh-ing into the controller follows the same semantic as classic Juju commands:  -->
+
+现在 ssh 到控制器节点上，遵循和经典 Juju 命令相同的语义：
+
+```
+$ juju ssh 0
+Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.8.0-34-generic x86_64)
+
+ * Documentation:  https://help.ubuntu.com
+ * Management:     https://landscape.canonical.com
+ * Support:        https://ubuntu.com/advantage
+
+  Get cloud support with Ubuntu Advantage Cloud Guest:
+    http://www.ubuntu.com/business/services/cloud
+
+0 packages can be updated.
+0 updates are security updates.
+
+
+Last login: Tue Jan 24 16:38:13 2017 from 10.191.22.1
+ubuntu@juju-2a5ed8-0:~$
+```
+
+<!-- When you are done and want to come back to your initial model, exit the controller and -->
+
+在结束完操作，想要返回到最初的模型，退出控制器即可。
+
+<!-- Then if you need to switch back to your cluster and ssh into the units, run -->
+
+如果，还想要切换回集群，ssh 到其他单元上，运行下面的命令行进行切换：
+
+```
+juju switch default
+```
+
+<!-- ## Managing your Kubernetes cluster -->
+
+## 管理 Kubernetes 集群
+
+<!-- ### Running privileged containers -->
+
+### 运行特权容器
+
+<!-- By default, juju-deployed clusters only allow running privileged containers on nodes with GPUs.
+If you need privileged containers on other nodes,
+you have to enable the ```allow-privileged``` config on both kubernetes-master and kubernetes-worker: -->
+
+默认情况下，juju 部署的集群不支持在带有 GPU 的节点上运行特权容器。
+如果需要在其它节点上运行特权容器，只能是在 kubernetes-master 和 kubernetes-worker 节点上
+使能 ```allow-privileged``` 参数：
+
+```
+juju config kubernetes-master allow-privileged=true
+juju config kubernetes-worker allow-privileged=true
+```
+
+<!-- ### Private registry -->
+
+### 私有仓库
+
+<!-- With the registry action, you can easily create a private docker registry that
+uses TLS authentication.
+However, note that a registry deployed with that action
+is not HA;
+it uses storage tied to the kubernetes node where the pod is running.
+Consequently, if the registry pod is migrated from one node to another, you will
+need to re-publish the images. -->
+
+通过 registry 操作，您可以很容易地创建一个使用 TLS 身份验证的私有 docker 仓库。
+但是请注意，通过这些功能部署的仓库不是高可用性的；
+它使用的存储绑定到运行 pod 的 kubernetes 节点上。
+因此，如果仓库所在的 pod 从一个节点迁移到另一个节点上，
+那么你需要重新发布镜像。
+
+<!-- #### Example usage -->
+
+#### 使用示例
+
+<!-- Create the relevant authentication files. Let's say you want user ```userA```
+to authenticate with the password ```passwordA```. Then you'll do: -->
+
+创建相关的身份验证文件。
+例如用户为 ```userA``` 密码为 ```passwordA``` 用来进行身份验证，
+命令行如下：
+
+```
+echo "userA:passwordA" > htpasswd-plain
+htpasswd -c -b -B htpasswd userA passwordA
+```
+
+<!-- (the `htpasswd` program comes with the ```apache2-utils``` package) -->
+
+（`htpasswd` 程序通过 ```apache2-utils``` 包获得）
+
+<!-- Assuming that your registry will be reachable at ```myregistry.company.com```,
+you already have your TLS key in the ```registry.key``` file, and your TLS
+certificate (with ```myregistry.company.com``` as Common Name) in the ```registry.crt``` file, you would then run: -->
+
+假设您的仓库可以通过 ```myregistry.company.com``` 访问，
+您已经在 ```registry.key``` 文件中拥有了您的 TLS 密钥，
+并且您的 TLS 身份验证（以 ```myregistry.company.com``` 作为 Common Name）在
+```registry.crt``` 文件中，那么您可以运行：
+
+```
+juju run-action kubernetes-worker/0 registry domain=myregistry.company.com htpasswd="$(base64 -w0 htpasswd)" htpasswd-plain="$(base64 -w0 htpasswd-plain)" tlscert="$(base64 -w0 registry.crt)" tlskey="$(base64 -w0 registry.key)" ingress=true
+```
+
+<!-- If you then decide that you want to delete the registry, just run: -->
+
+如果决定删除镜像仓库，命令行如下：
+
+```
+juju run-action kubernetes-worker/0 registry delete=true ingress=true
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/rancher.md b/content/zh/docs/getting-started-guides/ubuntu/rancher.md
new file mode 100644
index 0000000000000..095b4c92feabb
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/rancher.md
@@ -0,0 +1,543 @@
+---
+title: Rancher 与 Ubuntu Kubernetes 集成
+cn-approvers:
+- chentao1596
+---
+
+<!-- ---
+title: Rancher Integration with Ubuntu Kubernetes
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+<!-- This repository explains how to deploy Rancher 2.0alpha on Canonical Kubernetes. -->
+
+本文将介绍如何在 Canonical Kubernetes 集群上部署 Rancher 2.0 alpha。
+
+<!-- These steps are currently in alpha/testing phase and will most likely change. -->
+这些步骤目前处于 alpha/testing 阶段，未来很可能会发生变化。
+
+<!-- The original documentation for this integration can be found at [https://github.com/CalvinHartwell/canonical-kubernetes-rancher/](https://github.com/CalvinHartwell/canonical-kubernetes-rancher/). -->
+
+有关此集成的原始文档可以在 [https://github.com/CalvinHartwell/canonical-kubernetes-rancher/](https://github.com/CalvinHartwell/canonical-kubernetes-rancher/) 上找到。
+
+
+{{% /capture %}}
+{{% capture prerequisites %}}
+
+<!-- To use this guide, you must have a working kubernetes cluster that was deployed using Canonical's juju. -->
+本文假设你有一个已经通过 Juju 部署、正在运行的集群。
+
+<!-- The full instructions for deploying Kubernetes with juju can be found at [/docs/getting-started-guides/ubuntu/installation/](/docs/getting-started-guides/ubuntu/installation/). -->
+
+有关使用 juju 部署 Kubernetes 集群的完整指导，请参考 [/docs/getting-started-guides/ubuntu/installation/](/docs/getting-started-guides/ubuntu/installation/)。
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!-- ## Deploying Rancher -->
+## 部署 Rancher
+
+<!-- To deploy Rancher, we just need to run the Rancher container workload on-top of Kubernetes.
+Rancher provides their containers through dockerhub ([https://hub.docker.com/r/rancher/server/tags/](https://hub.docker.com/r/rancher/server/tags/)) and can be downloaded freely from the internet. -->
+
+想要部署 Rancher，我们只需要在 Kubernetes 集群上运行 Rancher 容器工作负载即可。
+Rancher 通过 dockerhub（[https://hub.docker.com/r/rancher/server/tags/](https://hub.docker.com/r/rancher/server/tags/)）
+提供他们的容器镜像的免费下载。
+
+<!-- If you're running your own registry or have an offline deployment,
+the container should be downloaded and pushed to a private registry before proceeding. -->
+
+如果您正在使用自己的镜像仓库，或进行离线部署，
+那么，在开始部署之前，请先下载好这些容器镜像，将其推入私有镜像仓库中。
+
+<!-- ### Deploying Rancher with a nodeport -->
+### 使用 nodeport 部署 Rancher
+
+<!-- First create a yaml file which defines how to deploy Rancher on kubernetes.
+Save the file as cdk-rancher-nodeport.yaml: -->
+首先创建一个 yaml 文件，该文件定义了如何在 kubernetes 上部署 Rancher。
+将该文件保存为 cdk-rancher-nodeport.yaml：
+
+```
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: default
+roleRef:
+   kind: ClusterRole
+   name: cluster-admin
+   apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-admin
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- nonResourceURLs:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    app: rancher
+  name: rancher
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rancher
+      ima: pod
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: rancher
+        ima: pod
+    spec:
+      containers:
+      - image: rancher/server:preview
+        imagePullPolicy: Always
+        name: rancher
+        ports:
+        - containerPort: 80
+        - containerPort: 443
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 5
+          timeoutSeconds: 30
+        resources: {}
+      restartPolicy: Always
+      serviceAccountName: ""
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rancher
+  labels:
+    app: rancher
+spec:
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: 443
+  selector:
+    app: rancher
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rancher-nodeport
+spec:
+  type: NodePort
+  selector:
+     app: rancher
+  ports:
+  - name: rancher-api
+    protocol: TCP
+    nodePort: 30443
+    port: 443
+    targetPort: 443
+```
+
+<!-- Once kubectl is running and working, run the following command to deploy Rancher: -->
+
+kubectl 开始正常运行后，执行下面的命令开始部署 Rancher：
+
+```
+  kubectl apply -f cdk-rancher-nodeport.yaml
+```
+
+<!-- Now we need to open this nodeport so we can access it.
+For that, we can use juju. We need to run the open-port command for each of the worker nodes in our cluster.
+Inside the cdk-rancher-nodeport.yaml file, the nodeport has been set to 30443.
+Below shows how to open the port on each of the worker nodes: -->
+
+现在我们需要打开这个 nodeport，以供访问。
+为此，我们可以使用 juju。我们需要在集群中的每个工作节点上运行 open-port 命令。
+在 cdk-rancher-nodeport.yaml 文件中，nodeport 已设置为 30443。
+下面的命令行展示如何在每个工作节点上打开端口：
+
+<!-- ```
+   # repeat this for each kubernetes worker in the cluster.
+   juju run --unit kubernetes-worker/0 "open-port 30443"
+   juju run --unit kubernetes-worker/1 "open-port 30443"
+   juju run --unit kubernetes-worker/2 "open-port 30443"
+``` -->
+
+```
+   # 在集群的每个工作节点上运行下面的命令行
+   juju run --unit kubernetes-worker/0 "open-port 30443"
+   juju run --unit kubernetes-worker/1 "open-port 30443"
+   juju run --unit kubernetes-worker/2 "open-port 30443"
+```
+
+<!-- Rancher can now be accessed on this port through a worker IP or DNS entries if you have created them.
+It is generally recommended that you create a DNS entry for each of the worker nodes in your cluster.
+For example, if you have three worker nodes and you own the domain example.com,
+you could create three A records, one for each worker in the cluster. -->
+
+现在便可以通过工作节点的 IP 或 DNS 记录（如果已经创建）在此端口上访问 Rancher。
+通常建议您为集群中的每个工作节点创建一条 DNS 记录。
+例如，如果有三个工作节点并且域名是 example.com，则可以创建三条 A 记录，集群中的每个工作节点各一条。
+
+<!-- As creating DNS entries is outside of the scope of this document,
+we will use the freely available xip.io service which can return A records for an IP address
+which is part of the domain name.
+For example, if you have the domain rancher.35.178.130.245.xip.io,
+the xip.io service will automatically return the IP address 35.178.130.245 as an
+A record which is useful for testing purposes.
+For your deployment, the IP address 35.178.130.245 should be replaced with one of your worker IP address,
+which can be found using Juju or AWS: -->
+
+由于创建 DNS 记录超出了本文关注的范围，
+我们将使用免费服务 xip.io 来获得和 IP 地址相对应的 A 记录，IP 地址将是域名的一部分。
+例如，如果有域名 rancher.35.178.130.245.xip.io，
+则 xip.io 服务会自动将 IP 地址 35.178.130.245 作为 A 记录返回，这对测试相当有用。
+至于您的部署，IP 地址 35.178.130.245 应该替换为集群工作节点的 IP 地址，这个 IP 地址可以通过 Juju 或 AWS 得到：
+
+<!-- ```
+ calvinh@ubuntu-ws:~/Source/cdk-rancher$ juju status
+
+# ... output omitted.
+
+Unit                      Workload  Agent  Machine  Public address  Ports                     Message
+easyrsa/0*                active    idle   0        35.178.118.232                            Certificate Authority connected.
+etcd/0*                   active    idle   1        35.178.49.31    2379/tcp                  Healthy with 3 known peers
+etcd/1                    active    idle   2        35.177.99.171   2379/tcp                  Healthy with 3 known peers
+etcd/2                    active    idle   3        35.178.125.161  2379/tcp                  Healthy with 3 known peers
+kubeapi-load-balancer/0*  active    idle   4        35.178.37.87    443/tcp                   Loadbalancer ready.
+kubernetes-master/0*      active    idle   5        35.177.239.237  6443/tcp                  Kubernetes master running.
+  flannel/0*              active    idle            35.177.239.237                            Flannel subnet 10.1.27.1/24
+kubernetes-worker/0*      active    idle   6        35.178.130.245  80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/2               active    idle            35.178.130.245                            Flannel subnet 10.1.82.1/24
+kubernetes-worker/1       active    idle   7        35.178.121.29   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/3               active    idle            35.178.121.29                             Flannel subnet 10.1.66.1/24
+kubernetes-worker/2       active    idle   8        35.177.144.76   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/1               active    idle            35.177.144.76
+
+# Note the IP addresses for the kubernetes-workers in the example above.  You should pick one of the public addresses.
+``` -->
+
+```
+ calvinh@ubuntu-ws:~/Source/cdk-rancher$ juju status
+
+# ... 输出省略。
+
+Unit                      Workload  Agent  Machine  Public address  Ports                     Message
+easyrsa/0*                active    idle   0        35.178.118.232                            Certificate Authority connected.
+etcd/0*                   active    idle   1        35.178.49.31    2379/tcp                  Healthy with 3 known peers
+etcd/1                    active    idle   2        35.177.99.171   2379/tcp                  Healthy with 3 known peers
+etcd/2                    active    idle   3        35.178.125.161  2379/tcp                  Healthy with 3 known peers
+kubeapi-load-balancer/0*  active    idle   4        35.178.37.87    443/tcp                   Loadbalancer ready.
+kubernetes-master/0*      active    idle   5        35.177.239.237  6443/tcp                  Kubernetes master running.
+  flannel/0*              active    idle            35.177.239.237                            Flannel subnet 10.1.27.1/24
+kubernetes-worker/0*      active    idle   6        35.178.130.245  80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/2               active    idle            35.178.130.245                            Flannel subnet 10.1.82.1/24
+kubernetes-worker/1       active    idle   7        35.178.121.29   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/3               active    idle            35.178.121.29                             Flannel subnet 10.1.66.1/24
+kubernetes-worker/2       active    idle   8        35.177.144.76   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/1               active    idle            35.177.144.76
+
+# 注意上面输出中 kubernetes-worker 的 IP 地址，可以选一个用作设置。
+```
+
+<!-- Try opening up Rancher in your browser using the nodeport and the domain name or ip address: -->
+
+尝试使用 nodeport 搭配域名或 IP 地址在浏览器中打开 Rancher：
+
+<!-- ```
+  # replace the IP address with one of your Kubernetes worker, find this from juju status command.
+  wget https://35.178.130.245.xip.io:30443 --no-check-certificate
+
+  # this should also work
+  wget https://35.178.130.245:30443 --no-check-certificate
+``` -->
+
+```
+  # 将 IP 地址替换为某个 Kubernetes 工作节点的公共地址，通过 juju status 命令进行查找。
+  wget https://35.178.130.245.xip.io:30443 --no-check-certificate
+
+  # 这条命令也应该能工作
+  wget https://35.178.130.245:30443 --no-check-certificate
+```
+
+<!-- If you need to make any changes to the kubernetes configuration file,
+edit the yaml file and then just use apply again: -->
+
+如果需要对 kubernetes 配置文件进行任何更改，编辑 yaml 文件，再重新 apply 即可：
+
+```
+  kubectl apply -f cdk-rancher-nodeport.yaml
+```
+
+<!-- ### Deploying Rancher with an ingress rule -->
+### 使用 ingress 规则部署 Rancher
+
+<!-- It is also possible to deploy Rancher using an ingress rule.
+This has the added benefit of not requiring additional ports to be opened up on
+the Kubernetes cluster. First create a yaml file to describe the
+deployment called cdk-rancher-ingress.yaml which should contain the following: -->
+
+也可以使用 ingress 规则来部署 Rancher。
+这还有另外一个好处，就是不需要在 Kubernetes 集群上打开额外的端口。
+首先创建一个名为 cdk-rancher-ingress.yaml 的文件，内容如下：
+
+```
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: default
+roleRef:
+   kind: ClusterRole
+   name: cluster-admin
+   apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-admin
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- nonResourceURLs:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    app: rancher
+  name: rancher
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rancher
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: rancher
+    spec:
+      containers:
+      - image: rancher/server:preview
+        imagePullPolicy: Always
+        name: rancher
+        ports:
+        - containerPort: 443
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 5
+          timeoutSeconds: 30
+        resources: {}
+      restartPolicy: Always
+      serviceAccountName: ""
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rancher
+  labels:
+    app: rancher
+spec:
+  ports:
+    - port: 443
+      targetPort: 443
+      protocol: TCP
+  selector:
+    app: rancher
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: rancher
+ annotations:
+   kubernetes.io/tls-acme: "true"
+   ingress.kubernetes.io/secure-backends: "true"
+spec:
+ tls:
+   - hosts:
+     - rancher.34.244.118.135.xip.io
+ rules:
+   - host: rancher.34.244.118.135.xip.io
+     http:
+       paths:
+         - path: /
+           backend:
+             serviceName: rancher
+             servicePort: 443
+```
+
+<!-- It is generally recommended that you create a DNS entry for each of the worker nodes in your cluster.
+For example, if you have three worker nodes and you own the domain example.com,
+you could create three A records, one for each worker in the cluster. -->
+
+通常建议您为集群中的每个工作节点创建一条 DNS 记录。
+例如，如果有三个工作节点并且域名是 example.com，则可以创建三条 A 记录，集群中的每个工作节点各一条。
+
+<!-- As creating DNS entries is outside of the scope of this tutorial, we will use the freely available xip.io service which can return A records for an IP address which is part of the domain name. For example, if you have the domain rancher.35.178.130.245.xip.io, the xip.io service will automatically return the IP address 35.178.130.245 as an A record which is useful for testing purposes. -->
+
+由于创建 DNS 记录超出了本文关注的范围，
+我们将使用免费服务 xip.io 来获得和 IP 地址相对应的 A 记录，IP 地址将是域名的一部分。
+例如，如果有域名 rancher.35.178.130.245.xip.io，
+则 xip.io 服务会自动将 IP 地址 35.178.130.245 作为 A 记录返回，这对测试相当有用。
+
+<!-- For your deployment, the IP address 35.178.130.245 should be replaced with one of your worker IP address, which can be found using Juju or AWS: -->
+
+至于您的部署，IP 地址 35.178.130.245 应该替换为集群工作节点的 IP 地址，这个 IP 地址可以通过 Juju 或 AWS 得到：
+
+<!-- ```
+ calvinh@ubuntu-ws:~/Source/cdk-rancher$ juju status
+
+# ... output omitted.
+
+Unit                      Workload  Agent  Machine  Public address  Ports                     Message
+easyrsa/0*                active    idle   0        35.178.118.232                            Certificate Authority connected.
+etcd/0*                   active    idle   1        35.178.49.31    2379/tcp                  Healthy with 3 known peers
+etcd/1                    active    idle   2        35.177.99.171   2379/tcp                  Healthy with 3 known peers
+etcd/2                    active    idle   3        35.178.125.161  2379/tcp                  Healthy with 3 known peers
+kubeapi-load-balancer/0*  active    idle   4        35.178.37.87    443/tcp                   Loadbalancer ready.
+kubernetes-master/0*      active    idle   5        35.177.239.237  6443/tcp                  Kubernetes master running.
+  flannel/0*              active    idle            35.177.239.237                            Flannel subnet 10.1.27.1/24
+kubernetes-worker/0*      active    idle   6        35.178.130.245  80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/2               active    idle            35.178.130.245                            Flannel subnet 10.1.82.1/24
+kubernetes-worker/1       active    idle   7        35.178.121.29   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/3               active    idle            35.178.121.29                             Flannel subnet 10.1.66.1/24
+kubernetes-worker/2       active    idle   8        35.177.144.76   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/1               active    idle            35.177.144.76
+
+# Note the IP addresses for the kubernetes-workers in the example above.  You should pick one of the public addresses.
+``` -->
+
+```
+ calvinh@ubuntu-ws:~/Source/cdk-rancher$ juju status
+
+# ... 输出省略。
+
+Unit                      Workload  Agent  Machine  Public address  Ports                     Message
+easyrsa/0*                active    idle   0        35.178.118.232                            Certificate Authority connected.
+etcd/0*                   active    idle   1        35.178.49.31    2379/tcp                  Healthy with 3 known peers
+etcd/1                    active    idle   2        35.177.99.171   2379/tcp                  Healthy with 3 known peers
+etcd/2                    active    idle   3        35.178.125.161  2379/tcp                  Healthy with 3 known peers
+kubeapi-load-balancer/0*  active    idle   4        35.178.37.87    443/tcp                   Loadbalancer ready.
+kubernetes-master/0*      active    idle   5        35.177.239.237  6443/tcp                  Kubernetes master running.
+  flannel/0*              active    idle            35.177.239.237                            Flannel subnet 10.1.27.1/24
+kubernetes-worker/0*      active    idle   6        35.178.130.245  80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/2               active    idle            35.178.130.245                            Flannel subnet 10.1.82.1/24
+kubernetes-worker/1       active    idle   7        35.178.121.29   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/3               active    idle            35.178.121.29                             Flannel subnet 10.1.66.1/24
+kubernetes-worker/2       active    idle   8        35.177.144.76   80/tcp,443/tcp,30443/tcp  Kubernetes worker running.
+  flannel/1               active    idle            35.177.144.76
+
+# 注意上面输出中 kubernetes-worker 的 IP 地址，可以选一个用作设置。
+```
+
+<!-- Looking at the output from the juju status above, the Public Address (35.178.130.245) can be used to create a xip.io DNS entry (rancher.35.178.130.245.xip.io) which should be placed into the cdk-rancher-ingress.yaml file. You could also create your own DNS entry as long as it resolves to each of the worker nodes or one of them it will work fine: -->
+
+查看上面 juju status 的命令输出，可以拿公共地址（35.178.130.245）来创建 xip.io DNS记录（rancher.35.178.130.245.xip.io），记录可以加到 cdk-rancher-ingress.yaml 文件中。
+你也同样可以创建自己的 DNS 记录，只要能解析到集群上的工作节点即可:
+
+<!-- ```
+  # The xip.io domain should appear in two places in the file, change both entries.
+  cat cdk-rancher-ingress.yaml | grep xip.io
+  - host: rancher.35.178.130.245.xip.io
+``` -->
+
+```
+  # xip.io 在文件中会出现两次，请都替换修改。
+  cat cdk-rancher-ingress.yaml | grep xip.io
+  - host: rancher.35.178.130.245.xip.io
+```
+
+<!-- Once you've edited the ingress rule to reflect your DNS entries, run the kubectl apply -f cdk-rancher-ingress.yaml to deploy Kubernetes: -->
+
+修改完 ingress 规则之后，可以运行 `kubectl apply -f cdk-rancher-ingress.yaml` 命令来更新 Kubernetes 集群：
+
+```
+ kubectl apply -f cdk-rancher-ingress.yaml
+```
+
+<!-- Rancher can now be accessed on the regular 443 through a worker IP or DNS entries if you have created them.
+Try opening it up in your browser: -->
+
+现在可以通过工作节点 IP 或者 DNS 记录（如果已创建）在常规的 443 上访问 Rancher。
+尝试在浏览器中打开它：
+
+<!-- ```
+  # replace the IP address with one of your Kubernetes worker, find this from juju status command.
+  wget https://35.178.130.245.xip.io:443 --no-check-certificate
+``` -->
+
+```
+  # 将 IP 地址替换为某个 Kubernetes 工作节点的公共地址，通过 juju status 命令进行查找。
+  wget https://35.178.130.245.xip.io:443 --no-check-certificate
+```
+
+<!-- If you need to make any changes to the kubernetes configuration file,
+edit the yaml file and then just use apply again: -->
+
+如果需要对 kubernetes 配置文件进行任何更改，请编辑 yaml 文件，再 apply：
+
+```
+  kubectl apply -f cdk-rancher-ingress.yaml
+```
+
+<!-- ### Removing Rancher -->
+### 删除 Rancher
+
+<!-- You can remove Rancher from your cluster using kubectl.
+Deleting constructs in Kubernetes is as simple as creating them: -->
+
+您可以使用 kubectl 从集群中删除 Rancher。
+在 Kubernetes 中删除对象与创建它们的过程一样简单：
+
+<!-- ```
+  # If you used the nodeport example change the yaml filename if you used the ingress example.
+  kubectl delete -f cdk-rancher-nodeport.yaml
+``` -->
+
+```
+  # 使用 nodeport 示例（如果使用 ingress 示例，请修改文件名）
+  kubectl delete -f cdk-rancher-nodeport.yaml
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/scaling.md b/content/zh/docs/getting-started-guides/ubuntu/scaling.md
new file mode 100644
index 0000000000000..a24c136eeb430
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/scaling.md
@@ -0,0 +1,147 @@
+---
+title: 扩缩
+content_template: templates/task
+---
+
+<!-- ---
+title: Scaling
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+<!-- This page shows how to horizontally scale master and worker nodes on a cluster. -->
+本文将讨论如何在集群中扩缩主节点和工作节点。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- This page assumes you have a working Juju deployed cluster. -->
+
+本文假设您已经有一个用 Juju 部署、正在运行的集群。
+
+<!-- Any of the applications can be scaled out post-deployment.
+The charms update the status messages with progress, so it is recommended to run. -->
+
+任何应用都可以在部署之后进行横向扩容。
+charms 将会不停地更新进度状态信息，建议运行如下命令。
+
+```
+watch -c juju status --color
+```
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Kubernetes masters -->
+
+## Kubernetes 主节点
+
+<!-- The provided Kubernetes master nodes act as a control plane for the cluster.
+The deployment has been designed so that these nodes can be scaled independently
+of worker nodes to allow for more operational flexibility.
+To scale a master node up, simply execute: -->
+
+Kubernetes 主节点充当了集群中控制平面的角色。
+在设计上，这些主节点可以独立于工作节点进行扩缩容，从而带来运维上的灵活性。
+想要添加一个主节点，只需要执行以下命令：
+
+    juju add-unit kubernetes-master
+
+<!-- This will add another master node to the control plane.
+See the [building high-availability clusters](/docs/admin/high-availability)
+section of the documentation for more information. -->
+
+这将会在控制平面中添加一个新的主节点。
+参见[构建高可用集群](/docs/admin/high-availability)文档，获取更多信息。
+
+<!-- ## Kubernetes workers -->
+
+## Kubernetes 工作节点
+
+<!-- The kubernetes-worker nodes are the load-bearing units of a Kubernetes cluster. -->
+
+kubernetes-worker 节点是 Kubernetes 集群中承担负载的部分。
+
+<!-- By default pods are automatically spread throughout the kubernetes-worker units
+that you have deployed. -->
+
+默认情况下，pod 会自动均匀部署在 kubernetes-worker 节点上。
+
+<!-- To add more kubernetes-worker units to the cluster: -->
+
+如果想要在集群中添加更多的 kubernetes-worker 节点，运行如下命令：
+
+```
+juju add-unit kubernetes-worker
+```
+
+<!-- or specify machine constraints to create larger nodes: -->
+
+或者修改机器限制，来创建更大的节点：
+
+```
+juju set-constraints kubernetes-worker "cpu-cores=8 mem=32G"
+juju add-unit kubernetes-worker
+```
+
+<!-- Refer to the
+[machine constraints documentation](https://jujucharms.com/docs/stable/charms-constraints)
+for other machine constraints that might be useful for the kubernetes-worker units. -->
+
+参见[机器限制文档](https://jujucharms.com/docs/stable/charms-constraints)，
+了解其它机器约束，这些约束可能对 kubernetes-worker unit 有帮助。
+
+## etcd
+
+<!-- Etcd is used as a key-value store for the Kubernetes cluster.
+The bundle defaults to one instance in this cluster. -->
+
+Etcd 在 Kubernetes 集群中用作键值存储。
+集群默认使用一个存储实例。
+
+<!-- For quorum reasons it is recommended to keep an odd number of etcd nodes.
+3, 5, 7, and 9 nodes are the recommended amount of nodes,
+depending on your cluster size. The CoreOS etcd documentation has a chart for the
+[optimal cluster size](https://coreos.com/etcd/docs/latest/admin_guide.html#optimal-cluster-size)
+to determine fault tolerance. -->
+
+由于仲裁机制的关系，推荐保有奇数个 etcd 节点。
+根据集群的大小，推荐使用3、5、7 或 9 个节点。
+CoreOS etcd 文档有一个关于[最佳集群大小](https://coreos.com/etcd/docs/latest/admin_guide.html#optimal-cluster-size)的图表，
+可以参考确定最佳的容错设计。
+
+<!-- To add an etcd unit: -->
+添加 etcd 单元:
+
+```
+juju add-unit etcd
+```
+
+<!-- Shrinking of an etcd cluster after growth is not recommended. -->
+不建议在扩容 etcd 集群之后对其缩容。
+
+<!-- ## Juju controller -->
+## Juju 控制器
+
+<!-- A single node is responsible for coordinating with all the Juju agents
+on each machine that manage Kubernetes; it is called the controller node.
+For production deployments it is recommended to enable HA of the controller node: -->
+
+一个负责协调每台机器上 Juju 代理（这些代理管理 Kubernetes 集群）的节点被称为控制器节点。
+对于生产环境下的部署，建议启用控制器节点的高可用性：
+
+    juju enable-ha
+
+<!-- Enabling HA results in 3 controller nodes, this should be sufficient for most use cases.
+5 and 7 controller nodes are also supported for extra large deployments. -->
+
+启用 HA 将会创建 3 个控制器节点，对于大多数情况而言应该是足够的。
+而对于超大型的部署，也同时支持 5 或 7 个控制器节点。
+
+<!-- Refer to the [Juju HA controller documentation](https://jujucharms.com/docs/2.2/controllers-ha) for more information. -->
+
+参见 [Juju HA 控制器文档](https://jujucharms.com/docs/2.2/controllers-ha) 获取更多信息.
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/storage.md b/content/zh/docs/getting-started-guides/ubuntu/storage.md
new file mode 100644
index 0000000000000..04aa262d9b3e1
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/storage.md
@@ -0,0 +1,138 @@
+---
+title: 存储
+content_template: templates/task
+---
+
+<!-- ---
+title: Storage
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+<!-- This page explains how to install and configure persistent storage on a cluster. -->
+本文解释了如何在集群中安装和配置持久化存储。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- This page assumes you have a working Juju deployed cluster. -->
+本文假设您已经有一个用 Juju 部署、正在运行的集群。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Ceph Persistent Volumes -->
+## Ceph 持久卷
+
+<!-- The Canonical Distribution of Kubernetes allows you to connect with durable
+storage devices such as [Ceph](http://ceph.com). When paired with the
+[Juju Storage](https://jujucharms.com/docs/2.0/charms-storage) feature you
+can add durable storage easily and across clouds. -->
+
+Canonical 的 Kubernetes 发行版允许添加持久化存储设备，例如 [Ceph](http://ceph.com)。
+配合 [Juju Storage](https://jujucharms.com/docs/2.0/charms-storage)功能，
+可以跨云平台，添加持久化存储。
+
+<!-- Deploy a minimum of three ceph-mon and three ceph-osd units. -->
+
+部署一个至少有三个 ceph-mon 和三个 ceph-osd 单元的存储池。
+
+```
+juju deploy cs:ceph-mon -n 3
+juju deploy cs:ceph-osd -n 3
+```
+
+<!-- Relate the units together: -->
+关联这些单元：
+
+```
+juju add-relation ceph-mon ceph-osd
+```
+
+<!-- List the storage pools available to Juju for your cloud: -->
+列出云上 Juju 可用的存储池：
+
+    juju storage-pools
+
+<!-- Output: -->
+输出：
+
+```
+Name     Provider  Attrs
+ebs      ebs
+ebs-ssd  ebs       volume-type=ssd
+loop     loop
+rootfs   rootfs
+tmpfs    tmpfs
+```
+
+{{< note >}}
+
+<!-- This listing is for the Amazon Web Services public cloud.
+Different clouds may have different pool names. -->
+
+注意列表使用的是 AWS，不同的云有不同的存储池名称。
+
+{{< /note >}}
+
+<!-- Add a storage pool to the ceph-osd charm by NAME,SIZE,COUNT: -->
+
+以 “名字,大小,数量”的格式往 ceph-osd charm 中添加存储池：
+
+```
+juju add-storage ceph-osd/0 osd-devices=ebs,10G,1
+juju add-storage ceph-osd/1 osd-devices=ebs,10G,1
+juju add-storage ceph-osd/2 osd-devices=ebs,10G,1
+```
+
+<!-- Next relate the storage cluster with the Kubernetes cluster: -->
+接下来将 Kubernetes 和存储集群相关联：
+
+```
+juju add-relation kubernetes-master ceph-mon
+```
+
+<!-- We are now ready to enlist
+[Persistent Volumes](/docs/concepts/storage/persistent-volumes/)
+in Kubernetes which our workloads can consume via Persistent Volume (PV) claims. -->
+
+
+现在我们可以在 Kubernetes 中列举可用的[持久卷](/docs/concepts/storage/persistent-volumes/)，
+集群中的负载可以通过 PVC 申领来使用这些持久卷。
+
+```
+juju run-action kubernetes-master/0 create-rbd-pv name=test size=50
+```
+
+<!-- This example created a "test" Rados Block Device (rbd) in the size of 50 MB.
+
+Use watch on your Kubernetes cluster like the following, you should see the PV
+become enlisted and be marked as available: -->
+
+本例中创建了 50 MB 大小的 “test” Rados 块设备 (rbd)。
+
+在 Kubernetes 集群上使用如下所示的 watch 命令，可以看到 PV 加入列表，并被标记可用的过程：
+
+    watch kubectl get pv
+
+<!-- Output: -->
+输出:
+
+```
+NAME CAPACITY   ACCESSMODES   STATUS    CLAIM              REASON    AGE
+
+test   50M          RWO       Available                              10s
+```
+
+<!-- To consume these Persistent Volumes, your pods will need an associated
+Persistent Volume Claim with them, and is outside the scope of this README.
+See the [Persistent Volumes](/docs/concepts/storage/persistent-volumes/)
+documentation for more information. -->
+
+要使用这些持久卷，pods 需要关联一个持久卷申领，这超出了本文档的讨论范围。
+参见[持久卷](/docs/concepts/storage/persistent-volumes/)获取更多信息。
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/troubleshooting.md b/content/zh/docs/getting-started-guides/ubuntu/troubleshooting.md
new file mode 100644
index 0000000000000..be76e9eb9182e
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/troubleshooting.md
@@ -0,0 +1,272 @@
+---
+title: 故障排除
+---
+
+<!-- ---
+title: Troubleshooting
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+<!-- This document with highlighting how to troubleshoot the deployment of a Kubernetes cluster,
+it will not cover debugging of workloads inside Kubernetes. -->
+
+本文重点讨论如何解决 Kubernetes 集群部署过程中的问题，
+而不会关心如何调试 Kubernetes 集群内的工作负载。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- This page assumes you have a working Juju deployed cluster. -->
+
+本文假设您已经有一个用 Juju 部署、正在工作的集群。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Understanding Cluster Status -->
+## 了解集群状态
+
+<!-- Using `juju status` can give you some insight as to what's happening in a cluster: -->
+使用 `juju status` 命令可以了解一些集群内的情况：
+
+```
+Model  Controller  Cloud/Region   Version
+kubes  work-multi  aws/us-east-2  2.0.2.1
+
+App                Version  Status  Scale  Charm              Store       Rev  OS      Notes
+easyrsa            3.0.1    active      1  easyrsa            jujucharms    3  ubuntu
+etcd               2.2.5    active      1  etcd               jujucharms   17  ubuntu
+flannel            0.6.1    active      2  flannel            jujucharms    6  ubuntu
+kubernetes-master  1.4.5    active      1  kubernetes-master  jujucharms    8  ubuntu  exposed
+kubernetes-worker  1.4.5    active      1  kubernetes-worker  jujucharms   11  ubuntu  exposed
+
+Unit                  Workload  Agent  Machine  Public address  Ports           Message
+easyrsa/0*            active    idle   0/lxd/0  10.0.0.55                       Certificate Authority connected.
+etcd/0*               active    idle   0        52.15.47.228    2379/tcp        Healthy with 1 known peers.
+kubernetes-master/0*  active    idle   0        52.15.47.228    6443/tcp        Kubernetes master services ready.
+  flannel/1           active    idle            52.15.47.228                    Flannel subnet 10.1.75.1/24
+kubernetes-worker/0*  active    idle   1        52.15.177.233   80/tcp,443/tcp  Kubernetes worker running.
+  flannel/0*          active    idle            52.15.177.233                   Flannel subnet 10.1.63.1/24
+
+Machine  State    DNS            Inst id              Series  AZ
+0        started  52.15.47.228   i-0bb211a18be691473  xenial  us-east-2a
+0/lxd/0  started  10.0.0.55      juju-153b74-0-lxd-0  xenial
+1        started  52.15.177.233  i-0502d7de733be31bb  xenial  us-east-2b
+```
+
+<!-- In this example we can glean some information. The `Workload` column will show the status of a given service.
+The `Message` section will show you the health of a given service in the cluster.
+During deployment and maintenance these workload statuses will update to
+reflect what a given node is doing. For example the workload my say `maintenance`
+while message will describe this maintenance as `Installing docker`. -->
+
+在这个例子中，我们可以获取一些信息。 `Workload` 列将显示给定服务的状态。
+`Message` 部分将显示集群中给定服务的健康状况。 在部署和维护期间，
+这些工作负载状态将进行更新以反映给定节点正在执行的操作。例如，
+Workload 可能显示为 `maintenance`，而 Message 则会相应显示为 `Installing docker`。
+
+<!-- During normal operation the Workload should read `active`,
+the Agent column (which reflects what the Juju agent is doing) should read `idle`,
+and the messages will either say `Ready` or another descriptive term.
+`juju status --color` will also return all green results when a cluster's deployment is healthy. -->
+
+正常情况下，Workload 列应该为 `active`，Agent 列（用于反映 Juju 代理正在做什么）应该为 `idle`，
+而 Message 要么是 `Ready` 或者其它描述性的术语。
+如果集群运行健康，`juju status --color` 返回的结果输出都将是绿色的。
+
+<!-- Status can become unwieldy for large clusters, it is then recommended to
+check status on individual services, for example to check the status on the workers only: -->
+
+对于大型集群而言，状态信息可能会太多，因此建议检查各个服务的状态，例如仅检查工作节点的状态：
+
+    juju status kubernetes-worker
+
+<!-- or just on the etcd cluster: -->
+或者只检查 etcd 集群的状态：
+
+    juju status etcd
+
+Errors will have an obvious message, and will return a red result when used with
+`juju status --color`. Nodes that come up in this manner should be investigated.
+
+错误都会有明显的错误信息，使用 `juju status --color` 的返回结果也将是红色的。
+如果节点状态出现这种情况，需要相应地检查了解。
+
+<!-- ## SSHing to units -->
+## SSH 到各个单元上
+
+<!-- You can ssh to individual units easily with the following convention,
+`juju ssh <servicename>/<unit#>`: -->
+
+按照 `juju ssh <服务名>/<单元#>` 的命令格式可以轻松地连接到各个单元上：
+
+    juju ssh kubernetes-worker/3
+
+<!-- Will automatically ssh you to the 3rd worker unit. -->
+将会 ssh 到第 3 个工作单元上。
+
+    juju ssh easyrsa/0
+
+<!-- This will automatically ssh you to the easyrsa unit. -->
+将会 ssh 到第 0 个 easyrsa 单元上。
+
+<!-- ## Collecting debug information -->
+## 收集调试信息
+
+<!-- Sometimes it is useful to collect all the information from a cluster
+to share with a developer to identify problems. This is best accomplished with [CDK Field Agent](https://github.com/juju-solutions/cdk-field-agent). -->
+
+有时候，从集群上收集所有的信息，并与开发人员共享，将有助于发现问题。
+这最好是通过 [CDK Field Agent](https://github.com/juju-solutions/cdk-field-agent) 来完成。
+
+<!-- Download and execute the collect.py script from [CDK Field Agent](https://github.com/juju-solutions/cdk-field-agent) on a box that has a Juju client configured with the current controller and model pointing at the CDK deployment of interest. -->
+
+在带有 Juju 客户端，而客户端配有指向相应的 CDK 部署的控制器的节点上，
+下载并执行[CDK Field Agent](https://github.com/juju-solutions/cdk-field-agent)中的 collect.py 文件。
+
+<!-- Running the script will generate a tarball of system information and includes basic information such as systemctl status, Juju logs, charm unit data, etc. Additional application-specific information may be included as well. -->
+
+运行该脚本会生成一个 tar 包，包含系统信息以及诸如 systemctl 状态，Juju 日志，charm 单元数据等基本信息。
+额外和应用相关的信息可能也会包含其中。
+
+<!-- ## Common Problems -->
+
+## 常见问题
+
+<!-- ### Load Balancer interfering with Helm -->
+
+### 负载均衡器对 Helm 的影响
+
+<!-- This section assumes you have a working deployment of Kubernetes via Juju
+using a Load Balancer for the API, and that you are using Helm to deploy charts. -->
+
+本节假定有一个用 Juju 部署的正在运行的 Kubernetes 集群，使用负载均衡器来代理 API，同时也用 Helm 来进行 chart 部署。
+
+<!-- To deploy Helm you will have run: -->
+Helm 初始化：
+
+```
+helm init
+$HELM_HOME has been configured at /home/ubuntu/.helm
+Tiller (the helm server side component) has been installed into your Kubernetes Cluster.
+Happy Helming!
+```
+
+<!-- Then when using helm you may see one of the following errors: -->
+随后使用 helm 时，可能会出现以下错误：
+
+<!-- * Helm doesn't get the version from the Tiller server -->
+* Helm 不能从 Tiller 服务器获取版本号
+
+```
+helm version
+Client: &version.Version{SemVer:"v2.1.3", GitCommit:"5cbc48fb305ca4bf68c26eb8d2a7eb363227e973", GitTreeState:"clean"}
+Error: cannot connect to Tiller
+```
+
+<!-- * Helm cannot install your chart -->
+* Helm 不能安装 chart
+
+```
+helm install <chart> --debug
+Error: forwarding ports: error upgrading connection: Upgrade request required
+```
+
+<!-- This is caused by the API load balancer not forwarding ports in the context of the helm client-server relationship.
+To deploy using helm, you will need to follow these steps: -->
+
+这是因为 API 负载均衡器在 helm 客户端-服务端关系的上下文中不进行端口转发造成的。
+要使用 helm 进行部署，需要执行以下步骤：
+
+<!-- 1. Expose the Kubernetes Master service -->
+1. 暴露 Kubernetes Master 服务
+
+   ```
+   juju expose kubernetes-master
+   ```
+
+<!-- 1. Identify the public IP address of one of your masters -->
+1. 确定其中一个主节点的公开 IP 地址
+
+   ```
+   juju status kubernetes-master
+   Model       Controller  Cloud/Region   Version
+   production  k8s-admin   aws/us-east-1  2.0.0
+
+   App                Version  Status  Scale  Charm              Store       Rev  OS      Notes
+   flannel            0.6.1    active      1  flannel            jujucharms    7  ubuntu
+   kubernetes-master  1.5.1    active      1  kubernetes-master  jujucharms   10  ubuntu  exposed
+
+   Unit                  Workload  Agent  Machine  Public address  Ports     Message
+   kubernetes-master/0*  active    idle   5        54.210.100.102    6443/tcp  Kubernetes master running.
+     flannel/0           active    idle            54.210.100.102              Flannel subnet 10.1.50.1/24
+
+   Machine  State    DNS           Inst id              Series  AZ
+   5        started  54.210.100.102  i-002b7150639eb183b  xenial  us-east-1a
+
+   Relation      Provides               Consumes           Type
+   certificates  easyrsa                kubernetes-master  regular
+   etcd          etcd                   flannel            regular
+   etcd          etcd                   kubernetes-master  regular
+   cni           flannel                kubernetes-master  regular
+   loadbalancer  kubeapi-load-balancer  kubernetes-master  regular
+   cni           kubernetes-master      flannel            subordinate
+   cluster-dns   kubernetes-master      kubernetes-worker  regular
+   cni           kubernetes-worker      flannel            subordinate
+   ```
+
+   <!-- In this context the public IP address is 54.210.100.102.
+
+   If you want to access this data programmatically you can use the JSON output: -->
+
+   本例中，公开 IP 地址为 54.210.100.102。
+   如果想编程访问得到这个值，可以使用 JSON 输出：
+
+   ```
+   juju show-status kubernetes-master --format json | jq --raw-output '.applications."kubernetes-master".units | keys[]'
+   54.210.100.102
+   ```
+
+<!-- 1. Update the kubeconfig file -->
+1. 更新 kubeconfig 文件
+
+   <!-- Identify the kubeconfig file or section used for this cluster, and edit the server configuration.
+
+   By default, it will look like ```https://54.213.123.123:443```. Replace it with the Kubernetes Master endpoint ```https://54.210.100.102:6443``` and save.
+
+   Note that the default port used by CDK for the Kubernetes Master API is 6443 while the port exposed by the load balancer is 443. -->
+
+   确定集群所使用的 kubeconfig 文件或配置部分，然后修改服务器配置。
+
+   默认情况下，这个配置类似于 ```https://54.213.123.123:443```。将其替换为 Kubernetes Master 端点地址
+   ```https://54.210.100.102:6443``` 并保存。
+
+   注意，Kubernetes Master API 的 CDK 默认使用的端口为 6443，而负载均衡器暴露的端口是 443。
+
+<!-- 1. Start helm again! -->
+1. 继续使用 helm！
+
+   ```
+   helm install <chart> --debug
+   Created tunnel using local port: '36749'
+   SERVER: "localhost:36749"
+   CHART PATH: /home/ubuntu/.helm/<chart>
+   NAME:   <chart>
+   ...
+   ...
+   ```
+
+<!-- ## Logging and monitoring -->
+## 日志和监控
+
+<!-- By default there is no log aggregation of the Kubernetes nodes, each node logs locally.
+Please read over the [logging](/docs/getting-started-guides/ubuntu/logging/) page for more information. -->
+
+默认情况下， Kubernetes 没有节点的日志聚合，每个节点都是本地保存日志。
+请参阅[日志](/docs/getting-started-guides/ubuntu/logging/)文档，获取更多信息。
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/ubuntu/upgrades.md b/content/zh/docs/getting-started-guides/ubuntu/upgrades.md
new file mode 100644
index 0000000000000..9df7fb310a639
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/ubuntu/upgrades.md
@@ -0,0 +1,273 @@
+---
+title: 升级
+content_template: templates/task
+---
+
+<!-- ---
+title: Upgrades
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+<!-- This page will outline how to manage and execute a Kubernetes upgrade. -->
+本页将展示如何进行 Kubernetes 集群升级。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!-- This page assumes you have a working deployed cluster. -->
+本页假定你有一个 juju 部署的集群。
+
+{{< warning >}}
+
+<!-- You should always back up all your data before attempting an upgrade.
+Don't forget to include the workload inside your cluster!
+Refer to the [backup documentation](/docs/getting-started-guides/ubuntu/backups). -->
+
+在进行升级之前，你应当备份所有的数据。
+不要忘记对集群内的工作负载进行数据备份！
+参见[备份文档](/docs/getting-started-guides/ubuntu/backups)。
+
+{{< /warning >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Patch kubernetes upgrades for example 1.9.0 -> 1.9.1 -->
+## 对集群进行补丁版本升级，例如，1.9.0 -> 1.9.1
+
+<!-- Clusters are transparently upgraded to the latest Kubernetes patch release.
+To be clear, a cluster deployed using the 1.9/stable channel
+will transparently receive unattended upgrades for the 1.9.X Kubernetes
+releases.
+The upgrade causes no disruption to the operation of the cluster and requires
+no intervention from a cluster administrator.
+Each patch release is evaluated by the
+Canonical Kubernetes Distribution team.
+Once a patch release passes internal testing and is deemed safe for upgrade,
+it is packaged in snap format and pushed to the stable channel. -->
+
+集群透明地升级到最新的 Kubernetes 补丁版本。
+需要澄清的是，用 1.9/stable 通道部署的集群将会透明地、自动更新到 Kubernetes 1.9.X 最新版。
+升级的过程对集群的运行没有影响，也不需要集群维护人员的干预。
+每一个补丁版本都由 Canonical Kubernetes 发布小组审核评估。
+一旦补丁版本通过了内部测试，认为可以安全用于集群升级，
+将会被打包成 snap 格式，发布到稳定版通道上。
+
+<!-- ## Upgrading a minor Kubernetes release for example 1.8.1 -> 1.9.0 -->
+## 对集群进行次版本升级，例如，1.8.1 -> 1.9.0
+
+<!-- The Kubernetes charms follow the Kubernetes releases. Please consult
+your support plan on the upgrade frequency. Important operational considerations
+and changes in behaviour will always be documented in the release notes. -->
+
+Kubernetes charms 遵循的是 Kubernetes 发行版本。
+请咨询了解 support 计划在升级频率方面的相关信息。
+重要的运维考虑以及行为上的改变都会记录在发布通知里。
+
+<!-- ### Upgrade etcd -->
+### 升级 etcd
+
+<!-- Backing up etcd requires an export and snapshot, refer to the
+[backup documentation](/docs/getting-started-guides/ubuntu/backups) to create a snapshot.
+After the snapshot, upgrade the etcd service with: -->
+
+备份 etcd 需要导出和快照操作，参见[备份文档](/docs/getting-started-guides/ubuntu/backups)了解如何创建快照。
+在做完快照后，用下面的命令升级 etcd 服务：
+
+    juju upgrade-charm etcd
+
+<!-- This will handle upgrades between minor versions of etcd.
+Instructions on how to upgrade from 2.x to 3.x can be found
+[here](https://github.com/juju-solutions/bundle-canonical-kubernetes/wiki/Etcd-2.3-to-3.x-upgrade)
+in the juju-solutions wiki. -->
+
+命令将会负责 etcd 的次版本升级。
+在 [juju 解决方案的 wiki](https://github.com/juju-solutions/bundle-canonical-kubernetes/wiki/Etcd-2.3-to-3.x-upgrade) 里
+可以了解如何将 etcd 从 2.x 升级到 3.x。
+
+<!-- ### Upgrade kubeapi-load-balancer -->
+### 升级 kubeapi-load-balancer
+
+<!-- The Kubernetes Charms are generally all updated and released at the same time. A core part of a cluster on Ubuntu is the kubeapi-load-balancer component. Incorrect or missing changes there can have an effect on API availability and access controls. To ensure API service continuity for the master and workers when they are updated, this upgrade needs to precede them. -->
+
+Kubernetes Charms 通常是同时更新、发布。
+Ubuntu 集群的核心部分是 kubeapi-load-balancer 组件。
+错误或遗失修改可能会导致 API 可用性和访问控制方面的问题。
+为了保证 API 服务在集群升级期间还能为主节点和工作节点服务，也需要对它们进行升级。
+
+<!-- To upgrade the charm run: -->
+
+升级命令：
+
+    juju upgrade-charm kubeapi-load-balancer
+
+<!-- ### Upgrade Kubernetes -->
+### 升级 Kubernetes
+
+<!-- The Kubernetes Charms use snap channels to drive payloads.
+The channels are defined by `X.Y/channel` where `X.Y` is the `major.minor` release
+of Kubernetes (for example 1.9) and `channel` is one of the four following channels: -->
+
+Kubernetes Charms 使用 snap 通道来驱动负荷。
+这些通道定义的格式为 `X.Y/channel`，其中，`X.Y` 是 Kubernetes `主.次` 发行版（例如，1.9）
+而 `channel` 的取值范围如下：
+
+<!-- | Channel name        | Description  |
+| ------------------- | ------------ |
+| stable              | The latest stable released patch version of Kubernetes |
+| candidate           | Release candidate releases of Kubernetes |
+| beta                | Latest alpha or beta of Kubernetes for that minor release |
+| edge                | Nightly builds of that minor release of Kubernetes | -->
+
+| 通道名               | 描述  |
+| ------------------- | ------------ |
+| stable              | Kubernetes 的最新稳定发行版 |
+| candidate           | Kubernetes 的发行候选版 |
+| beta                | Kubernetes 次发行版的最新 alpha 或 beta 版 |
+| edge                | Kubernetes 次发行版的每日构建版 |
+
+
+<!-- If a release isn't available, the next highest channel is used.
+For example, 1.9/beta will load `/candidate` or `/stable` depending on availability of release.
+Development versions of Kubernetes are available in the edge channel for each minor release.
+There is no guarantee that edge snaps will work with the current charms. -->
+
+如果发行版还不可用，就会使用下一个最高通道的版本。
+例如，1.9/beta 会根据发行版的可用性加载 `/candidate` 或 `/stable` 版本。
+Kubernetes 的开发版本会根据每个次版本，发布到 edge 通道上。
+但不会保证 edge snap 能够和当前的 charms 一起工作。
+
+<!-- ### Master Upgrades -->
+### 主节点升级
+
+<!-- First you need to upgrade the masters: -->
+
+首先需要对主节点进行升级：
+
+    juju upgrade-charm kubernetes-master
+
+{{< note >}}
+
+<!-- Always upgrade the masters before the workers. -->
+
+永远在工作节点升级之前，升级主节点。
+
+{{< /note >}}
+
+<!-- Once the latest charm is deployed, the channel for Kubernetes can be selected by issuing the following: -->
+
+在部署完最新的 charm 之后，可以通过下面的命令行来选择通道：
+
+    juju config kubernetes-master channel=1.x/stable
+
+<!-- Where `x` is the minor version of Kubernetes. For example, `1.9/stable`. See above for Channel definitions.
+Once you've configured kubernetes-master with the appropriate channel, run the upgrade action on each master: -->
+
+其中，`x` 是 Kubernetes 的次版本号。例如，`1.9/stable`。
+参阅前面对通道的定义。
+将 kubernetes-master 配置到合适的通道上后，
+再在每个主节点上运行下面的升级命令：
+
+    juju run-action kubernetes-master/0 upgrade
+    juju run-action kubernetes-master/1 upgrade
+    ...
+
+<!-- ### Worker Upgrades -->
+### 工作节点升级
+
+<!-- Two methods of upgrading workers are supported.
+[Blue/Green Deployment](http://martinfowler.com/bliki/BlueGreenDeployment.html)
+and upgrade-in-place. Both methods are provided for operational flexibility and both
+are supported and tested. Blue/Green will require more hardware up front than in-place,
+but is a safer upgrade route. -->
+
+现有所支持的升级工作节点的方法有两种，[蓝/绿部署](http://martinfowler.com/bliki/BlueGreenDeployment.html)
+和就地升级。提供两种方法可以带来运维上的灵活性，而这两种方法也都被支持和测试。
+相比于就地升级，蓝/绿部署需要更多的硬件资源，但也更为安全可靠。
+
+<!-- #### Blue/green worker upgrade -->
+#### 蓝/绿工作节点升级
+
+<!-- Given a deployment where the workers are named kubernetes-alpha. -->
+
+假定一个部署里面所有的工作节点都叫 kubernetes-alpha。
+
+<!-- Deploy new workers: -->
+
+部署新的工作节点：
+
+    juju deploy kubernetes-alpha
+
+<!-- Pause the old workers so your workload migrates: -->
+
+暂停旧的工作节点，然后迁移工作负载：
+
+    juju run-action kubernetes-alpha/# pause
+
+<!-- Verify old workloads have migrated with: -->
+
+验证所迁移的工作负载：
+
+    kubectl get pod -o wide
+
+<!-- Tear down old workers with: -->
+
+销毁就有的工作节点：
+
+    juju remove-application kubernetes-alpha
+
+<!-- #### In place worker upgrade -->
+#### 就地工作节点升级
+
+    juju upgrade-charm kubernetes-worker
+    juju config kubernetes-worker channel=1.x/stable
+
+<!-- Where `x` is the minor version of Kubernetes. For example, `1.9/stable`.
+See above for Channel definitions. Once you've configured kubernetes-worker with the appropriate channel,
+run the upgrade action on each worker: -->
+
+其中，`x` 是 Kubernetes 的次版本号。例如，`1.9/stable`。
+参阅前面对通道的定义。将 kubernetes-worker 配置到合适的通道上后，
+再在每个工作节点上运行下面的升级命令：
+
+    juju run-action kubernetes-worker/0 upgrade
+    juju run-action kubernetes-worker/1 upgrade
+    ...
+
+<!-- ### Verify upgrade -->
+### 验证升级
+
+<!-- `kubectl version` should return the newer version. -->
+
+`kubectl version` 将会返回新的版本号。
+
+<!-- It is recommended to rerun a [cluster validation](/docs/getting-started-guides/ubuntu/validation)
+to ensure that the cluster upgrade has successfully completed. -->
+
+建议重新运行[集群验证](/docs/getting-started-guides/ubuntu/validation)确认集群升级成功完成。
+
+<!-- ### Upgrade Flannel -->
+### 升级 Flannel
+
+<!-- Upgrading flannel can be done at any time, it is independent of Kubernetes upgrades.
+Be advised that networking is interrupted during the upgrade. You can initiate a flannel upgrade with: -->
+
+可以在任何时候升级 flannel，它的升级可以和 Kubernetes 升级分开进行。
+需要注意的是，在升级过程中，网络会受到影响。
+可以通过下面的命令行发起升级：
+
+    juju upgrade-charm flannel
+
+<!-- ### Upgrade easyrsa -->
+### 升级 easyrsa
+
+<!-- Upgrading easyrsa can be done at any time, it is independent of Kubernetes upgrades.
+Upgrading easyrsa should result in zero downtime as it is not a running service: -->
+
+可以在任何时候升级 easyrsa，它的升级可以和 Kubernetes 升级分开进行。
+升级 easyrsa 会有停机时间，因为不是运行服务：
+
+    juju upgrade-charm easyrsa
+
+{{% /capture %}}
diff --git a/content/zh/docs/getting-started-guides/windows/OVN_OVS_Windows_Installer.png b/content/zh/docs/getting-started-guides/windows/OVN_OVS_Windows_Installer.png
new file mode 100644
index 0000000000000..520f6ae9e6c54
Binary files /dev/null and b/content/zh/docs/getting-started-guides/windows/OVN_OVS_Windows_Installer.png differ
diff --git a/content/zh/docs/getting-started-guides/windows/UpstreamRouting.png b/content/zh/docs/getting-started-guides/windows/UpstreamRouting.png
new file mode 100644
index 0000000000000..91189c36af3ba
Binary files /dev/null and b/content/zh/docs/getting-started-guides/windows/UpstreamRouting.png differ
diff --git a/content/zh/docs/getting-started-guides/windows/_index.md b/content/zh/docs/getting-started-guides/windows/_index.md
new file mode 100644
index 0000000000000..343feaafcb3e2
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/windows/_index.md
@@ -0,0 +1,892 @@
+---
+title: 在 Kubernetes 中使用 Windows Server 容器
+toc_hide: true
+---
+
+<!--
+title: Using Windows Server Containers in Kubernetes
+-->
+
+{{< note >}}
+**Note:** 这些说明最近基于 Windows Server 平台增强和 Kubernetes v1.9 版本进行了更新
+{{< /note >}}
+
+<!--
+**Note:** These instructions were recently updated based on Windows Server platform enhancements and the Kubernetes v1.9 release
+-->
+
+Kubernetes 1.5 版本基于 Windows Server 2016 操作系统引入了对 Windows Server 容器
+的 Alpha 支持。随着 Windows Server 版本 1709 的发布和使用 Kubernetes v1.9，用户可以使用许多不同的
+网络拓扑和 CNI 插件在本地或私有/公共云中部署 Kubernetes 集群。Kubernetes 上的 Windows Server 容器的一些
+关键功能改进包括：
+
+<!--
+Kubernetes version 1.5 introduced Alpha support for Windows Server
+Containers based on the Windows Server 2016 operating system. With the
+release of Windows Server version 1709 and using Kubernetes v1.9 users
+are able to deploy a Kubernetes cluster either on-premises or in a
+private/public cloud using a number of different network topologies
+and CNI plugins. Some key feature improvements for Windows Server
+Containers on Kubernetes include:
+-->
+
+- 改进了对 pod 的支持!具有多个 Windows Server 容器(共享内核)的共享网络命名空间(隔离专区)
+
+<!--
+- Improved support for pods! Shared network namespace (compartment) with multiple Windows Server containers (shared kernel)
+-->
+
+- 通过每个 pod 使用单个网络端点降低网络复杂性
+
+<!--
+- Reduced network complexity by using a single network endpoint per pod
+-->
+
+- 使用虚拟过滤平台 (VFP)Hyper-v 交换机扩展(类似于 Linux iptables) 的基于内核的负载均衡
+
+<!--
+- Kernel-Based load-balancing using the Virtual Filtering Platform (VFP) Hyper-v Switch Extension (analogous to Linux iptables)
+-->
+
+- 容器运行时接口(CRI) pod 和 节点级统计
+
+<!--
+- Container Runtime Interface (CRI) pod and node level statistics
+-->
+
+- 支持 kubeadm 命令将 Windows Server 节点添加到 Kubernetes 环境中
+
+<!--
+- Support for kubeadm commands to add Windows Server nodes to a Kubernetes environment
+-->
+
+Kubernetes 控制平面(API服务器，调度程序，控制器管理器等)继续在 Linux 上运行，而 kubelet 和 kube-proxy 可以在 Windows Server 2016 或更高版本上运行
+
+<!--
+The Kubernetes control plane (API Server, Scheduler, Controller Manager, etc) continue to run on Linux, while the kubelet and kube-proxy can be run on Windows Server 2016 or later
+-->
+
+{{< note >}}
+**Note:** Kubernetes 上的 Windows Server 容器是 Kubernetes v1.9 中的一个 Beta 特性
+{{< /note >}}
+
+<!--
+**Note:** Windows Server Containers on Kubernetes is a Beta feature in Kubernetes v1.9
+-->
+
+## 获取 Windows 二进制文件
+
+<!--
+## Get Windows Binaries
+-->
+
+我们建议使用可以在 [https://github.com/kubernetes/kubernetes/releases/latest](https://github.com/kubernetes/kubernetes/releases/latest) 上找到的发布的二进制文件。在更新日志下您可以找到 Windows-amd64 的节点二进制文件链接，其中包括 kubeadm，kubectl，kubelet 和 kube-proxy。
+
+<!--
+We recommend using the release binaries that can be found at [https://github.com/kubernetes/kubernetes/releases/latest](https://github.com/kubernetes/kubernetes/releases/latest). Under the CHANGELOG you can find the Node Binaries link for Windows-amd64, which will include kubeadm, kubectl, kubelet and kube-proxy.
+-->
+
+如果您希望自己构建代码，请参阅[此处](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/compiling-kubernetes-binaries)的详细构建说明。
+
+<!--
+If you wish to build the code yourself, please refer to detailed build instructions [here](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/compiling-kubernetes-binaries).
+-->
+
+## 环境准备
+<!--
+## Prerequisites
+-->
+在 Kubernetes 1.9 或更高版本中，使用以下内容支持 Kubernetes 的 Windows Server 容器：
+<!--
+In Kubernetes version 1.9 or later, Windows Server Containers for Kubernetes are supported using the following:
+-->
+
+1. Kubernetes 控制平面在现有的 Linux 基础架构(1.9版本或更高版本)上运行。
+<!--
+1. Kubernetes control plane running on existing Linux infrastructure (version 1.9 or later).
+-->
+2. Linux 的节点上的 Kubenet 网络插件设置。
+<!--
+2. Kubenet network plugin setup on the Linux nodes.
+-->
+3. Windows Server 2016 RTM 或更高版本，Windows Server 版本 1709 或更高版本是首选; 它解锁了共享网络命名空间等关键功能。
+<!--
+3. Windows Server 2016 RTM or later. Windows Server version 1709 or later is preferred; it unlocks key capabilities like shared network namespace.
+-->
+4. 适用于 Windows Server 节点的 Docker 版本 17.06.1-ee-2 或更高版本(Linux 节点和 Kubernetes 控制平面可以运行任何 Kubernetes 支持的 Docker 版本)。
+<!--
+4. Docker Version 17.06.1-ee-2 or later for Windows Server nodes (Linux nodes and Kubernetes control plane can run any Kubernetes supported Docker Version).
+-->
+
+## 网络
+
+<!--
+## Networking
+-->
+
+Windows 上有几种支持 Kubernetes v1.9 的网络配置，包括使用第三方网络插件的第三层路由和覆盖拓扑。
+<!--
+There are several supported network configurations with Kubernetes v1.9 on Windows, including both Layer-3 routed and overlay topologies using third-party network plugins.
+-->
+
+1. [上游 L3 路由](#upstream-l3-routing-topology) - 在上游 ToR 中配置的 IP 路由 
+<!--
+1. [Upstream L3 Routing](#upstream-l3-routing-topology) - IP routes configured in upstream ToR
+-->
+2. [主机网关](#host-gateway-topology) - 在每台主机上配置的 IP 路由
+<!--
+2. [Host-Gateway](#host-gateway-topology) - IP routes configured on each host
+-->
+3. [使用覆盖式 Open vSwitch(OVS) 和开放虚拟网络(OVN)](#using-ovn-with-ovs) - 覆盖网络(支持STT和Geneve隧道类型)
+<!--
+3. [Open vSwitch (OVS) & Open Virtual Network (OVN) with Overlay](#using-ovn-with-ovs) - overlay networks (supports STT and Geneve tunneling types)
+-->
+4. [未来 - 评审中] 覆盖 - 使用 Flannel 的 VXLAN 或者 IP-in-IP 封装
+<!--
+4. [Future - In Review] Overlay - VXLAN or IP-in-IP encapsulation using Flannel
+-->
+5. [未来] 使用 BGP(Calico) 的第三层路由 
+<!--
+5. [Future] Layer-3 Routing with BGP (Calico)
+-->
+
+选择要部署的网络配置和拓扑取决于物理网络拓扑和用户配置路由的能力，封装的性能问题以及与第三方网络插件集成的要求。
+<!--
+The selection of which network configuration and topology to deploy depends on the physical network topology and a user's ability to configure routes, performance concerns with encapsulation, and requirement to integrate with third-party network plugins.
+-->
+
+### 未来的 CNI 插件
+另外两个 CNI 插件 [win-l2bridge(主机网关)和 win-overlay(vxlan)] 正在进行 PR 审核。这两个 CNI 插件准备好后，既可以直接使用，也可以与 Flannel 一起使用。
+
+<!--
+### Future CNI Plugins
+An additional two CNI plugins [win-l2bridge (host-gateway) and win-overlay (vxlan)] are in [PR review](https://github.com/containernetworking/plugins/pull/85). These two CNI plugins, when ready, can either be used directly or with Flannel.
+-->
+
+### Linux
+Linux 上已经使用桥接接口支持上述网络方法，桥接接口基本上创建了节点本地的专用网络。与 Windows 端类似，必须创建到所有其他 pod CIDR 的路由才能通过"公共" NIC 发送数据包。
+
+<!--
+### Linux
+The above networking approaches are already supported on Linux using a bridge interface, which essentially creates a private network local to the node. Similar to the Windows side, routes to all other pod CIDRs must be created in order to send packets via the "public" NIC.
+-->
+
+### Windows
+Windows 支持 CNI 网络模型，并使用插件与 Windows 主机网络服务(HNS)连接以配置主机网络和策略。在撰写本文时，Microsoft 唯一公开提供的 CNI 插件是从私人存储库构建的，可在此处获得[wincni.exe](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/cni/wincni.exe)。它使用由管理员在每个节点上使用 HNS PowerShell 命令通过 Windows 主机网络服务(HNS)创建的 l2bridge 网络，如下面的 [Windows 主机设置](#windows-host-setup)部分所述。未来CNI插件的源代码将公开发布
+
+<!--
+### Windows
+Windows supports the CNI network model and uses plugins to interface with the Windows Host Networking Service (HNS) to configure host networking and policy. At the time of this writing, the only publicly available CNI plugin from Microsoft is built from a private repo and available here [wincni.exe](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/cni/wincni.exe). It uses an l2bridge network created through the Windows Host Networking Service (HNS) by an administrator using HNS PowerShell commands on each node as documented in the [Windows Host Setup](#windows-host-setup) section below. Source code for the future CNI plugins will be made available publicly.
+-->
+
+#### 上游 L3 路由拓扑
+在这种拓扑结构中，通过在机架 (ToR)交换机/路由器的上游顶部配置静态 IP 路由，使用L3路由实现网络连接。每个群集节点都通过主机 IP 连接到管理网络。此外，每个节点使用本地'l2bridge'网络，并分配了一个 pod CIDR。给定工作节点上的所有 pod 将连接到 pod CIDR 子网('l2bridge'网络)。为了在不同节点上运行的 pod 之间实现网络通信，上游路由器配置了静态路由 pod CIDR 前缀 => 主机 IP。
+
+<!--
+#### Upstream L3 Routing Topology
+In this topology, networking is achieved using L3 routing with static IP routes configured in an upstream Top of Rack (ToR) switch/router. Each cluster node is connected to the management network with a host IP. Additionally, each node uses a local 'l2bridge' network with a pod CIDR assigned. All pods on a given worker node will be connected to the pod CIDR subnet ('l2bridge' network). In order to enable network communication between pods running on different nodes, the upstream router has static routes configured with pod CIDR prefix => Host IP.
+-->
+
+以下示例图说明了使用上游 L3 路由设置的 Kubernetes 的 Windows Server 网络设置： 
+<!--
+The following example diagram illustrates the Windows Server networking setup for Kubernetes using Upstream L3 Routing Setup:
+-->
+
+![K8s 集群使用 ToR 的 L3 路由](UpstreamRouting.png)
+
+<!--
+![K8s Cluster using L3 Routing with ToR](UpstreamRouting.png)
+-->
+
+#### 主机网关拓扑
+这种拓扑与上游 L3 路由拓扑相似，惟一的区别是静态 IP 路由是直接在每个集群节点上配置的，而不是在上游 ToR 中配置的。每个节点使用本地的 'l2bridge' 网络，并像以前一样分配 pod CIDR，并为分配给远程集群节点的所有其他 pod CIDR 子网提供路由表条目。
+
+<!--
+#### Host-Gateway Topology
+This topology is similar to the Upstream L3 Routing topology with the only difference being that static IP routes are configured directly on each cluster node and not in the upstream ToR. Each node uses a local 'l2bridge' network with a pod CIDR assigned as before and has routing table entries for all other pod CIDR subnets assigned to the remote cluster nodes.
+-->
+
+#### OVN 和 OVS 一起使用
+下图概述了组件之间的体系结构和交互：
+
+<!--
+#### Using OVN with OVS
+The following diagram gives a general overview of the architecture and interaction between components:
+-->
+
+![覆盖式使用 OVN 控制器和 OVS 开关扩展](ovn_kubernetes.png)
+
+<!--
+![Overlay using OVN controller and OVS Switch Extension](ovn_kubernetes.png)
+-->
+
+(上图来自 [https://github.com/openvswitch/ovn-kubernetes#overlay-mode-architecture-diagram](https://github.com/openvswitch/ovn-kubernetes#overlay-mode-architecture-diagram))
+
+<!--
+(The above image is from [https://github.com/openvswitch/ovn-kubernetes#overlay-mode-architecture-diagram](https://github.com/openvswitch/ovn-kubernetes#overlay-mode-architecture-diagram))
+-->
+
+由于它的体系结构，OVN 有一个中央组件，它将您的网络意图存储在数据库中。其他组件如 kube-apiserver、kube-controller-manager、kube-scheduler 等也可以部署在该中心节点上。
+<!--
+Due to its architecture, OVN has a central component which stores your networking intent in a database. Other components i.e. kube-apiserver, kube-controller-manager, kube-scheduler etc. can be deployed on that central node as well.
+-->
+
+## 在 Kubernetes 上设置 Windows Server 容器
+要在 Kubernetes 上运行 Windows Server 容器，您需要为 Windows 设置主机和 Kubernetes 节点组件。根据您的网络拓扑，可能需要为不同节点上的 pod 通信设置路由。
+
+<!--
+## Setting up Windows Server Containers on Kubernetes
+To run Windows Server Containers on Kubernetes, you'll need to set up both your host machines and the Kubernetes node components for Windows. Depending on your network topology, routes may need to be set up for pod communication on different nodes.
+-->
+
+### 主机设置
+
+<!--
+### Host Setup
+-->
+
+#### 1. 上游 L3 路由拓扑和 2. 主机网关拓扑
+
+<!--
+#### For 1. Upstream L3 Routing Topology and 2. Host-Gateway Topology
+-->
+
+##### Linux 主机设置
+
+<!--
+##### Linux Host Setup
+-->
+
+1. Linux 主机应该根据它们各自的发行版文档和您将使用的 Kubernetes 版本的要求进行设置。
+<!--
+1. Linux hosts should be setup according to their respective distro documentation and the requirements of the Kubernetes version you will be using.
+-->
+2. 使用步骤[此处](https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/virtualization/windowscontainers/kubernetes/creating-a-linux-master.md)配置Linux主节点
+<!--
+2. Configure Linux Master node using steps [here](https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/virtualization/windowscontainers/kubernetes/creating-a-linux-master.md)
+-->
+3. [可选]安装CNI网络插件。
+<!--
+3. [Optional] CNI network plugin installed.
+-->
+
+##### Windows 主机设置
+
+<!--
+##### Windows Host Setup
+-->
+
+1. 运行所需 Windows Server 和 Docker 版本的 Windows Server 容器主机。请按照此帮助主题概述的安装说明进行操作：https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server。
+<!--
+1. Windows Server container host running the required Windows Server and Docker versions. Follow the setup instructions outlined by this help topic: https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server.
+-->
+2. 2. [获取 Windows 二进制文件](#get-windows-binaries) kubelet.exe, kube-proxy.exe, and kubectl.exe 使用说明
+<!--
+2. [Get Windows Binaries](#get-windows-binaries) kubelet.exe, kube-proxy.exe, and kubectl.exe using instructions
+-->
+3. 使用 X.509 密钥从 Linux 主节点复制节点规范文件(kube config)
+<!--
+3. Copy Node spec file (kube config) from Linux master node with X.509 keys
+-->
+4. 创建 HNS 网络，确保正确的 CNI 网络配置，并使用此脚本 [start-kubelet.ps1](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/start-kubelet.ps1) 启动 kubelet.exe
+<!--
+4. Create the HNS Network, ensure the correct CNI network config, and start kubelet.exe using this script [start-kubelet.ps1](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/start-kubelet.ps1)
+-->
+5. 使用此脚本启动 [start-kubeproxy.ps1](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/start-kubeproxy.ps1) 启动 kube-proxy
+<!--
+Start kube-proxy using this script [start-kubeproxy.ps1](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/start-kubeproxy.ps1)
+-->
+6. [仅限 #2 主机网关模式]使用此脚本 [AddRoutes.ps1](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/AddRoutes.ps1) 在Windows主机上添加静态路由
+<!--
+6. [Only required for #2 Host-Gateway mode] Add static routes on Windows host using this script [AddRoutes.ps1](https://github.com/Microsoft/SDN/blob/master/Kubernetes/windows/AddRoutes.ps1)
+-->
+更详细的说明可以在[这里](https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/virtualization/windowscontainers/kubernetes/getting-started-kubernetes-windows.md)找到。
+<!--
+More detailed instructions can be found [here](https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/virtualization/windowscontainers/kubernetes/getting-started-kubernetes-windows.md).
+-->
+
+**Windows CNI 配置示例**
+
+<!--
+**Windows CNI Config Example**
+-->
+
+Windows CNI 插件基于 wincni.exe 的，配置文件，是基于上面显示的 ToR 示例图，指定了应用于 Windows node-1 的配置。特别有趣的是 Windows node-1 pod CIDR(10.10.187.64/26) 和 cbr0(10.10.187.66)的关联网关。异常列表指定服务 CIDR(11.0.0.0/8)，集群 CIDR(10.10.0.0/16) 和管理(或主机) CIDR（10.127.132.128/25）。
+<!--
+Today, Windows CNI plugin is based on wincni.exe code with the following example, configuration file. This is based on the ToR example diagram shown above, specifying the configuration to apply to Windows node-1. Of special interest is Windows node-1 pod CIDR (10.10.187.64/26) and the associated gateway of cbr0 (10.10.187.66). The exception list is specifying the Service CIDR (11.0.0.0/8), Cluster CIDR (10.10.0.0/16), and Management (or Host) CIDR (10.127.132.128/25).
+-->
+
+注意：此文件假设用户以前使用 <Verb>-HNSNetworkcmdlet 在每个 Windows 节点上创建了'l2bridge' 主机网络，如上面链接的 start-kubelet.ps1 和 start-kubeproxy.ps1 脚本中所示
+<!--
+Note: this file assumes that a user previous created 'l2bridge' host networks on each Windows node using `<Verb>-HNSNetwork` cmdlets as shown in the `start-kubelet.ps1` and `start-kubeproxy.ps1` scripts linked above
+-->
+
+```json
+{
+	"cniVersion": "0.2.0",
+	"name": "l2bridge",
+	"type": "wincni.exe",
+	"master": "Ethernet",
+	"ipam": {
+		"environment": "azure",
+		"subnet": "10.10.187.64/26",
+		"routes": [{
+			"GW": "10.10.187.66"
+		}]
+	},
+	"dns": {
+		"Nameservers": [
+			"11.0.0.10"
+		]
+	},
+	"AdditionalArgs": [{
+			"Name": "EndpointPolicy",
+			"Value": {
+				"Type": "OutBoundNAT",
+				"ExceptionList": [
+					"11.0.0.0/8",
+					"10.10.0.0/16",
+					"10.127.132.128/25"
+				]
+			}
+		},
+		{
+			"Name": "EndpointPolicy",
+			"Value": {
+				"Type": "ROUTE",
+				"DestinationPrefix": "11.0.0.0/8",
+				"NeedEncap": true
+			}
+		},
+		{
+			"Name": "EndpointPolicy",
+			"Value": {
+				"Type": "ROUTE",
+				"DestinationPrefix": "10.127.132.213/32",
+				"NeedEncap": true
+			}
+		}
+	]
+}
+```
+
+#### 3.使用覆盖方式打开 vSwitch(OVS) 和开放虚拟网络(OVN)
+
+<!--
+#### For 3. Open vSwitch (OVS) & Open Virtual Network (OVN) with Overlay
+-->
+
+{{< note >}}
+**Note:** 通过 Ansible 剧本的全自动设置是[可用的](https://github.com/openvswitch/ovn-kubernetes/tree/master/contrib)。
+{{< /note >}}
+
+<!--
+**Note:** Fully automated setup via Ansible playbooks is [available](https://github.com/openvswitch/ovn-kubernetes/tree/master/contrib).
+-->
+
+对于手动设置，请继续以下步骤。
+<!--
+For manual setup, continue the following steps.
+-->
+
+##### Linux 主机设置
+
+<!--
+##### Linux Host Setup
+-->
+
+设置中心节点和所需组件超出了本文档的范围。您可以阅读[这些说明](https://github.com/openvswitch/ovn-kubernetes#k8s-master-node-initialization)。
+<!--
+Setting up the central node and the components needed is out of scope of this document. You can read [these instructions](https://github.com/openvswitch/ovn-kubernetes#k8s-master-node-initialization) for that.
+-->
+
+添加 Linux minion 也超出了范围，你可以在这里阅读：[Linux minion](https://github.com/openvswitch/ovn-kubernetes#k8s-minion-node-initializations)。
+<!--
+Adding a Linux minion is also out of scope and you can read it here: [Linux minion](https://github.com/openvswitch/ovn-kubernetes#k8s-minion-node-initializations).
+-->
+
+
+##### windows 主机设置
+
+<!--
+##### Windows Host Setup
+-->
+
+添加 Windows minion 需要您安装 OVS 和 OVN 二进制文件。运行所需 Windows Server 和 Docker 版本的 Windows Server 容器主机。请按照[此帮助主题](https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server)概述的设置说明进行操作。从 Windows Server 2016 RTM 开始支持此类部署。
+<!--
+Adding a Windows minion requires you to install OVS and OVN binaries. Windows Server container host running the required Windows Server and Docker versions. Follow the setup instructions outlined by [this help topic](https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server). This type of deployment is supported starting with Windows Server 2016 RTM.
+-->
+
+编译 OVS 并生成安装程序不在本文中讨论。请访问[此链接](http://docs.openvswitch.org/en/latest/intro/install/windows/#open-vswitch-on-windows)。对于预构建的认证安装程序，请访问[此链接](https://cloudbase.it/openvswitch/#download)并下载最新版本
+<!--
+Compiling OVS and generating the installer will not be treated in this document. For a step by step instruction please visit [this link](http://docs.openvswitch.org/en/latest/intro/install/windows/#open-vswitch-on-windows).
+For a prebuilt certified installer please visit [this link](https://cloudbase.it/openvswitch/#download) and download the latest version of it.
+-->
+
+以下指南使用预构建的认证安装程序。
+<!--
+The following guide uses the prebuilt certified installer.
+-->
+
+安装 OVS 既可以通过 GUI 对话框完成，也可以在无人看管的情况下完成。将 Windows 主机添加到您的设置需要您拥有`OVN主机`和默认安装特性。下面是需要安装的对话框图像：
+<!--
+Installing OVS can be done either via the GUI dialogs or unattended. Adding a Windows host to your setup requires you to have `OVN Host` together with the default installation features. Below is the dialog image on what needs to be installed:
+-->
+
+![Windows 安装 OVN OVS](OVN_OVS_Windows_Installer.png)
+
+<!--
+![OVN OVS Windows Installer](OVN_OVS_Windows_Installer.png)
+-->
+
+对于无人看管情况下的安装，请使用以下命令：
+<!--
+For an unattended installation please use the following command:
+-->
+
+```
+cmd /c 'msiexec /i openvswitch.msi ADDLOCAL="OpenvSwitchCLI,OpenvSwitchDriver,OVNHost" /qn'
+```
+
+安装程序设置新的环境变量。请使用命令打开一个新的 shell 或注销/登录，以确保刷新了环境变量。
+<!--
+The installer propagates new environment variables. Please open a new command shell or logoff/logon to ensure the environment variables are refreshed.
+-->
+
+对于叠加，Windows 上的 OVS 需要透明的 docker 网络才能正常运行。请使用以下命令创建一个透明的 docker 网络，OVS 将使用该网络。powershell：
+<!--
+For overlay, OVS on Windows requires a transparent docker network to function properly. Please use the following to create a transparent docker network which will be used by OVS. From powershell:
+-->
+
+```
+docker network create -d transparent --gateway $GATEWAY_IP --subnet $SUBNET `
+    -o com.docker.network.windowsshim.interface="$INTERFACE_ALIAS" external
+```
+
+$SUBNET 是用于产生 pods 的 minion 子网(将由 kubernetes 使用的子网)，$GATEWAY_IP 是 $SUBNET 的第一个 IP，$INTERFACE_ALIAS 是用于创建覆盖隧道的接口(必须与 OVN 主机的 rests 连接)。
+例：
+
+<!--
+Where $SUBNET is the minion subnet which will be used to spawn pods on (the one which will be used by kubernetes), $GATEWAY_IP is the first IP of the $SUBNET and $INTERFACE_ALIAS is the interface used for creating the overlay tunnels (must have connectivity with the rests of the OVN hosts).
+Example:
+-->
+
+```
+docker network create -d transparent --gateway 10.0.1.1 --subnet 10.0.1.0/24 `
+    -o com.docker.network.windowsshim.interface="Ethernet0" external
+```
+
+创建 docker 网络后，请从 powershell 运行下面的命令。(创建OVS桥接器，在桥接器下添加接口，并启用OVS转发交换机扩展名)
+<!--
+After creating the docker network please run the next commands from powershell. (creates an OVS bridge, adds the interface under the bridge and enables the OVS forwarding switch extension)
+-->
+
+```
+$a = Get-NetAdapter | where Name -Match HNSTransparent
+Rename-NetAdapter $a[0].Name -NewName HNSTransparent
+Stop-Service ovs-vswitchd -force; Disable-VMSwitchExtension "Cloudbase Open vSwitch Extension";
+ovs-vsctl --no-wait del-br br-ex
+ovs-vsctl --no-wait --may-exist add-br br-ex
+ovs-vsctl --no-wait add-port br-ex HNSTransparent -- set interface HNSTransparent type=internal
+ovs-vsctl --no-wait add-port br-ex $INTERFACE_ALIAS
+Enable-VMSwitchExtension "Cloudbase Open vSwitch Extension"; sleep 2; Restart-Service ovs-vswitchd
+```
+
+除此之外，Windows主机的设置与Linux主机相同。从[这里](https://github.com/openvswitch/ovn-kubernetes#k8s-minion-node-initializations)开始执行以下步骤。
+<!--
+Besides of the above, setting up a Windows host is the same as the Linux host. Follow the steps from [here](https://github.com/openvswitch/ovn-kubernetes#k8s-minion-node-initializations).
+-->
+
+**Windows CNI 设置**
+
+<!--
+**Windows CNI Setup**
+-->
+
+现在，Windows OVN&OVS CNI 插件是基于 ovn_cni.exe 可以从[此处](https://cloudbase.it/downloads/ovn_cni.exe)下载。CNI 配置文件示例如下:
+<!--
+Today, Windows OVN&OVS CNI plugin is based on ovn_cni.exe which can be downloaded from [here](https://cloudbase.it/downloads/ovn_cni.exe). A sample of CNI config file is the following:
+-->
+
+```
+{
+    "name": "net",
+    "type": "ovn_cni.exe",
+    "bridge": "br-int",
+    "isGateway": "true",
+    "ipMasq": "false",
+    "ipam": {
+         "type": "host-local",
+         "subnet": "$SUBNET"
+         }
+}
+```
+
+$SUBNET 是上一个 ```docker network create``` 命令中使用的子网。
+<!--
+Where $SUBNET is the subnet that was used in the previous ```docker network create``` command.
+-->
+
+有关谷歌云平台(GCP)，即谷歌计算引擎(GCE)的完整指南，请访问[这里](https://github.com/apprenda/kubernetes-ovn-heterogeneous-cluster#heterogeneous-kubernetes-cluster-on-top-of-ovn)。
+<!--
+For a complete guide on Google Cloud Platform (GCP), namely Google Compute Engine (GCE) visit [this](https://github.com/apprenda/kubernetes-ovn-heterogeneous-cluster#heterogeneous-kubernetes-cluster-on-top-of-ovn).
+-->
+
+有关亚马逊网络服务(AWS)，请访问[这里](https://github.com/justeat/kubernetes-windows-aws-ovs#kubernetes-on-windows-in-aws-using-ovn)。
+<!--
+For a complete guide on Amazon Web Services (AWS) visit [this](https://github.com/justeat/kubernetes-windows-aws-ovs#kubernetes-on-windows-in-aws-using-ovn).
+-->
+
+## 启动群集
+要启动集群，您需要启动基于 Linux 的 Kubernetes 控制平面和基于 Windows Server 的 Kubernetes 节点组件(kubelet 和 kube-proxy)。对于 OVS 和 OVN，仅需要 kubelet。
+
+<!--
+## Starting the Cluster
+To start your cluster, you'll need to start both the Linux-based Kubernetes control plane, and the Windows Server-based Kubernetes node components (kubelet and kube-proxy). For the OVS & OVN only the kubelet is required.
+-->
+
+## 启动基于 Linux-based 的控制平面
+使用您喜欢的方法在 Linux 上启动 Kubernetes 集群。请注意，集群 CIDR 可能需要更新。
+
+<!--
+## Starting the Linux-based Control Plane
+Use your preferred method to start Kubernetes cluster on Linux. Please note that Cluster CIDR might need to be updated.
+-->
+
+## 支持kubeadm加入
+
+<!--
+## Support for kubeadm join
+-->
+
+如果您的群集是由[kubeadm](/docs/setup/independent/create-cluster-kubeadm/)，创建的
+使用上面列出的方法之一正确地设置网络(网络是在 kubeadm 之外设置的)，您可以使用 kubeadm 向集群添加 Windows 节点。在较高的级别上，首先必须使用 kubeadm(Linux) 初始化主节点，然后设置基于 CNI 的网络(在 kubeadm 之外)，最后开始将 Windows 或 Linux 工作节点连接到集群。如需其他文件和参考资料，请访问上文的 kubeadm 链接。
+
+<!--
+If your cluster has been created by [kubeadm](/docs/setup/independent/create-cluster-kubeadm/),
+and your networking is setup correctly using one of the methods listed above (networking is setup outside of kubeadm), you can use kubeadm to add a Windows node to your cluster. At a high level, you first have to initialize the master with kubeadm (Linux), then set up the CNI based networking (outside of kubeadm), and finally start joining Windows or Linux worker nodes to the cluster. For additional documentation and reference material, visit the kubeadm link above.
+-->
+
+kubeadm 二进制文件可以在 [Kubernetes 版本](https://github.com/kubernetes/kubernetes/release)的节点二进制文件归档中找到。添加 Windows 节点与添加 Linux 节点没有任何不同：
+
+<!--
+The kubeadm binary can be found at [Kubernetes Releases](https://github.com/kubernetes/kubernetes/releases), inside the node binaries archive. Adding a Windows node is not any different than adding a Linux node:
+-->
+
+`kubeadm.exe join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>`
+
+有关更多详细信息请参阅[加入您的节点](/docs/setup/independent/create-cluster-kubeadm/#joining-your-nodes)。
+<!--
+See [joining-your-nodes](/docs/setup/independent/create-cluster-kubeadm/#joining-your-nodes) for more details.
+-->
+
+## 支持的功能
+
+<!--
+## Supported Features
+-->
+
+下面列出的示例假设在 Windows Server 1709 上运行 Windows 节点。如果您正在运行 Windows Server 2016，示例将需要更新镜像以指定 `image: microsoft/windowsservercore:ltsc2016`。这是因为在使用进程隔离时，需要容器镜像匹配主机操作系统版本。不指定标记将隐式地使用 `:latest` 标记，这可能导致令人惊讶的行为。有关 Windows Service Core 镜像标记的更多信息，请与[https://hub.docker.com/r/microsoft/windowsservercore/](https://hub.docker.com/r/microsoft/windowsservercore/)联系。
+<!--
+The examples listed below assume running Windows nodes on Windows Server 1709. If you are running Windows Server 2016, the examples will need the image updated to specify `image: microsoft/windowsservercore:ltsc2016`. This is due to the requirement for container images to match the host operating system version when using process isolation. Not specifying a tag will implicitly use the `:latest` tag which can lead to surprising behaviors. Please consult with [https://hub.docker.com/r/microsoft/windowsservercore/](https://hub.docker.com/r/microsoft/windowsservercore/) for additional information on Windows Server Core image tagging.
+-->
+
+
+### 在 Windows 上调度 Pod
+由于您的群集同时具有 Linux 和 Windows 节点，因此必须明确设置 nodeSelector 约束以便能够将 pod 安排到 Windows 节点。必须将 nodeSelector 的标签 beta.kubernetes.io/os 设置为值 windows; 请参阅以下示例：
+
+<!--
+### Scheduling Pods on Windows
+Because your cluster has both Linux and Windows nodes, you must explicitly set the `nodeSelector` constraint to be able to schedule pods to Windows nodes. You must set nodeSelector with the label `beta.kubernetes.io/os` to the value `windows`; see the following example:
+-->
+
+{{< codenew file="windows/simple-pod.yaml" >}}
+
+{{< note >}}
+**Note:** 本例假设您在 Windows Server 1709 上运行，因此使用镜像标记来支持它。如果使用不同的版本，则需要更新标记。例如，如果在 Windows Server 2016 上，更新为使用 `"image": "microsoft/iis"`，默认为该操作系统版本。
+{{< /note >}}
+
+<!--
+**Note:** This example assumes you are running on Windows Server 1709, so uses the image tag to support that. If you are on a different version, you will need to update the tag. For example, if on Windows Server 2016, update to use `"image": "microsoft/iis"` which will default to that OS version.
+-->
+
+### Secrets 和 ConfigMaps
+secret和configmap可以在Windows Service 容器中使用，但是必须作为环境变量使用。有关更多细节，请参见下面的限制部分。
+
+<!--
+### Secrets and ConfigMaps
+Secrets and ConfigMaps can be utilized in Windows Server Containers, but must be used as environment variables. See limitations section below for additional details.
+-->
+
+**例子：**
+
+<!--
+**Examples:**
+-->
+
+Windows pod 与 secrets 映射到环境变量
+<!--
+Windows pod with secrets mapped to environment variables
+-->
+
+{{< codenew file="windows/secret-pod.yaml" >}}
+
+具有 configMap 值的 Windows Pod 映射到环境变量
+<!--
+Windows Pod with configMap values mapped to environment variables
+-->
+
+{{< codenew file="windows/configmap-pod.yaml" >}}
+
+### 卷
+一些受支持的卷挂载可以是本地卷，emptyDir 卷和主机路径卷。需要记住的一点是，路径必须转义，或者使用前斜杠，例如：`mountPath: "C:\\etc\\foo"` or `mountPath: "C:/etc/foo"`。
+
+<!--
+### Volumes
+Some supported Volume Mounts are local, emptyDir, hostPath.  One thing to remember is that paths must either be escaped, or use forward slashes, for example `mountPath: "C:\\etc\\foo"` or `mountPath: "C:/etc/foo"`.
+-->
+
+对于受支持的卷类型，支持持久卷的声明。
+<!--
+Persistent Volume Claims are supported for supported volume types.
+-->
+
+**例子：**
+
+<!--
+**Examples:**
+-->
+
+带有主机路径卷的 Windows pod
+<!--
+Windows pod with a hostPath volume
+-->
+
+{{< codenew file="windows/hostpath-volume-pod.yaml" >}}
+
+
+具有多个 emptyDir 卷的 Windows pod
+<!--
+Windows pod with multiple emptyDir volumes
+-->
+
+{{< codenew file="windows/emptydir-pod.yaml" >}}
+
+### 守护线程集
+
+<!--
+### DaemonSets
+-->
+
+支持守护线程集
+<!--
+DaemonSets are supported
+-->
+
+{{< codenew file="windows/daemonset.yaml" >}}
+
+### 指标
+
+<!--
+### Metrics
+-->
+
+Windows Stats 使用混合模型：pod 和容器级别的统计数据来自 CRI(通过 dockershim)，而节点级别的统计数据来自“winstats”包，该包使用特定于 Windows 的 perf 计数器导出 cadvisor 之类的数据结构。
+<!--
+Windows Stats use a hybrid model: pod and container level stats come from CRI (via dockershim), while node level stats come from the "winstats" package that exports cadvisor like data structures using windows specific perf counters from the node.
+-->
+
+### 容器资源
+
+<!--
+### Container Resources
+-->
+
+现在可以为 v1.10 中的 windows 容器设置容器资源(CPU和内存)。
+<!--
+Container resources (CPU and memory) could be set now for windows containers in v1.10.
+-->
+
+{{< codenew file="windows/deploy-resource.yaml" >}}
+
+### Hyper-V 容器
+
+<!--
+### Hyper-V Containers
+-->
+
+Hyper-V 容器在 v1.10 中作为实验支持。要创建 Hyper-V 容器，kubelet 应该从特性 gates `HyperVContainer=true` 开始，Pod 应该包含注释 `experimental.windows.kubernetes.io/isolation-type=hyperv`。
+<!--
+Hyper-V containers are supported as experimental in v1.10. To create a Hyper-V container, kubelet should be started with feature gates `HyperVContainer=true` and Pod should include annotation `experimental.windows.kubernetes.io/isolation-type=hyperv`.
+-->
+
+{{< codenew file="windows/deploy-hyperv.yaml" >}}
+
+### Kubelet 和 kube-proxy 现在可以作为 Windows 服务运行
+
+<!--
+### Kubelet and kube-proxy can now run as Windows services
+-->
+
+从 kubernetes v1.11 开始，kubelet 和 kube-proxy 可以作为 Windows 服务运行。
+<!--
+Starting with kubernetes v1.11, kubelet and kube-proxy can run as Windows services.
+-->
+
+这意味着您现在可以通过 `sc` 命令将它们注册为 Windows 服务。有关如何使用 `sc` 创建 Windows 服务的更多细节，请参阅[此处](https://support.microsoft.com/en-us/help/251192/how-to-create-a-windows-service-by-using-sc-exe)。
+<!--
+This means that you can now register them as Windows services via `sc` command. More details about how to create Windows services with `sc` can be found [here](https://support.microsoft.com/en-us/help/251192/how-to-create-a-windows-service-by-using-sc-exe).
+-->
+
+**例子：**
+
+<!--
+**Examples:**
+-->
+
+创建服务
+<!--
+To create the service:
+-->
+
+```
+PS > sc.exe create <component_name> binPath= "<path_to_binary> --service <other_args>"
+CMD > sc create <component_name> binPath= "<path_to_binary> --service <other_args>"
+```
+
+请注意，如果参数包含空格，则必须对其进行转义。例：
+<!--
+Please note that if the arguments contain spaces, it must be escaped. Example:
+-->
+
+```
+PS > sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>"
+CMD > sc create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>"
+```
+
+启动服务：
+<!--
+To start the service:
+-->
+
+```
+PS > Start-Service kubelet; Start-Service kube-proxy
+CMD > net start kubelet && net start kube-proxy
+```
+
+停止服务
+<!--
+To stop the service:
+-->
+
+```
+PS > Stop-Service kubelet (-Force); Stop-Service kube-proxy (-Force)
+CMD > net stop kubelet && net stop kube-proxy
+```
+
+查询服务
+<!--
+To query the service:
+-->
+
+```
+PS > Get-Service kubelet; Get-Service kube-proxy;
+CMD > sc.exe queryex kubelet && sc qc kubelet && sc.exe queryex kube-proxy && sc.exe qc kube-proxy
+```
+
+## Windows Server 容器与 v1.9 的已知限制
+
+<!--
+## Known Limitations for Windows Server Containers with v1.9
+-->
+
+在未来的Kubernetes版本中，社区将解决其中一些限制：
+<!--
+Some of these limitations will be addressed by the community in future releases of Kubernetes:
+-->
+
+- 共享网络名称空间(隔间)与多个 Windows Server 容器(共享内核)每个 pod 只支持在 Windows Server 1709 或更高
+
+<!--
+- Shared network namespace (compartment) with multiple Windows Server containers (shared kernel) per pod is only supported on Windows Server 1709 or later
+-->
+
+- 不支持使用 secret 和 configmap 作为卷装载
+
+<!--
+- Using Secrets and ConfigMaps as volume mounts is not supported
+-->
+
+- Windows不支持挂载传播
+
+<!--
+- Mount propagation is not supported on Windows
+-->
+
+- 不支持有状态应用程序的状态集功能
+
+<!--
+- The StatefulSet functionality for stateful applications is not supported
+-->
+
+- Windows Server 容器 pod 的相同 pod 自动缩放尚未经过验证，pod 端之间无法工作。
+
+<!--
+- Horizontal Pod Autoscaling for Windows Server Container pods has not been verified to work end-to-end
+-->
+
+- 不支持Hyper-V隔离容器。
+
+<!--
+- Hyper-V isolated containers are not supported. 
+-->
+
+- Windows 容器操作系统必须与主机操作系统匹配。如果它不这样做，pod 就会陷入崩溃循环。
+
+<!--
+- Windows container OS must match the Host OS. If it does not, the pod will get stuck in a crash loop.
+-->
+
+- 在 L3 或主机 GW 的网络模型下，由于 Windows 问题，Windows 节点无法访问
+
+<!--
+- Under the networking models of L3 or Host GW, Kubernetes Services are inaccessible to Windows nodes due to a Windows issue. This is not an issue if using OVN/OVS for networking.
+-->
+
+- Windows kubelet.exe 在 VMware Fusion 下运行 Windows Server 时，可能无法启动[issue 57110](https://github.com/kubernetes/kubernetes/pull/57124)
+
+<!--
+- Windows kubelet.exe may fail to start when running on Windows Server under VMware Fusion [issue 57110](https://github.com/kubernetes/kubernetes/pull/57124)
+-->
+
+- Flannel 和 Weavenet 尚未得到支持
+
+<!--
+- Flannel and Weavenet are not yet supported
+-->
+
+- 一些 .Net 核心应用程序希望环境变量的名称中带有冒号 (`:`)。Kubernetes 目前不允许这样做。根据[此处](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?tabs=basicconfiguration#configuration-by-environment)所述，用双下划线 (`__`) 替换冒号 (':')
+
+<!--
+- Some .Net Core applications expect environment variables with a colon (`:`) in the name.  Kubernetes currently does not allow this.  Replace colon (`:`) with  double underscore (`__`) as documented [here](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?tabs=basicconfiguration#configuration-by-environment).
+-->
+
+- 由于 cgroups 在 windows 上不受支持，kubelet.exe 应该以以下附加参数开始 `--cgroups-per-qos=false --enforce-node-allocatable=""` [issue 61716](https://github.com/kubernetes/kubernetes/issues/61716)
+
+<!--
+- As cgroups are not supported on windows, kubelet.exe should be started with the following additional arguments `--cgroups-per-qos=false --enforce-node-allocatable=""` [issue 61716](https://github.com/kubernetes/kubernetes/issues/61716)
+-->
+
+## 后续步骤和资源
+
+<!--
+## Next steps and resources
+-->
+
+- 对Windows版本的支持从v1.9开始测试，欢迎您提供反馈。有关参与的信息，请访问[SIG-Windows](https://github.com/kubernetes/community/blob/master/sig-windows/README.md)
+- 故障排除和常见问题：[链接](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/common-problems)
+
+<!--
+- Support for Windows is in Beta as of v1.9 and your feedback is welcome. For information on getting involved, please head to [SIG-Windows](https://github.com/kubernetes/community/blob/master/sig-windows/README.md)
+- Troubleshooting and Common Problems: [Link](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/common-problems)
+-->
diff --git a/content/zh/docs/getting-started-guides/windows/ovn_kubernetes.png b/content/zh/docs/getting-started-guides/windows/ovn_kubernetes.png
new file mode 100644
index 0000000000000..739d75aad765c
Binary files /dev/null and b/content/zh/docs/getting-started-guides/windows/ovn_kubernetes.png differ
diff --git a/content/zh/docs/getting-started-guides/windows/sample-l2bridge-wincni-config.json b/content/zh/docs/getting-started-guides/windows/sample-l2bridge-wincni-config.json
new file mode 100644
index 0000000000000..f3842026ce28c
--- /dev/null
+++ b/content/zh/docs/getting-started-guides/windows/sample-l2bridge-wincni-config.json
@@ -0,0 +1,49 @@
+{
+    "cniVersion":  "0.2.0",
+    "name":  "l2bridge",
+    "type":  "wincni.exe",
+    "master":  "Ethernet",
+    "ipam":  {
+                 "environment":  "azure",
+                 "subnet":  "10.10.187.64/26",
+                 "routes":  [
+                                {
+                                    "GW":  "10.10.187.66"
+                                }
+                            ]
+             },
+    "dns":  {
+                "Nameservers":  [
+                                    "11.0.0.10"
+                                ]
+            },
+    "AdditionalArgs":  [
+                           {
+                               "Name":  "EndpointPolicy",
+                               "Value":  {
+                                             "Type":  "OutBoundNAT",
+                                             "ExceptionList":  [
+                                                                   "11.0.0.0/8",
+                                                                   "10.10.0.0/16",
+                                                                   "10.127.132.128/25"
+                                                               ]
+                                         }
+                           },
+                           {
+                               "Name":  "EndpointPolicy",
+                               "Value":  {
+                                             "Type":  "ROUTE",
+                                             "DestinationPrefix":  "11.0.0.0/8",
+                                             "NeedEncap":  true
+                                         }
+                           },
+                           {
+                               "Name":  "EndpointPolicy",
+                               "Value":  {
+                                             "Type":  "ROUTE",
+                                             "DestinationPrefix":  "10.127.132.213/32",
+                                             "NeedEncap":  true
+                                         }
+                           }
+                       ]
+}
diff --git a/content/zh/docs/getting-started-guides/windows/windows-setup.png b/content/zh/docs/getting-started-guides/windows/windows-setup.png
new file mode 100644
index 0000000000000..e11c58d596e35
Binary files /dev/null and b/content/zh/docs/getting-started-guides/windows/windows-setup.png differ
diff --git a/content/zh/docs/home/supported-doc-versions.md b/content/zh/docs/home/supported-doc-versions.md
index eae8ac97b162c..986155dc0f145 100644
--- a/content/zh/docs/home/supported-doc-versions.md
+++ b/content/zh/docs/home/supported-doc-versions.md
@@ -9,13 +9,13 @@ card:
 
 {{% capture overview %}}
 
-本网站包含了当前最新版本和之前四个版本的 Kubernetes。
+本网站包含当前版本和之前四个版本的 Kubernetes 文档。
 
 {{% /capture %}}
 
 {{% capture body %}}
 
-## 当前最新版本
+## 当前版本
 
 当前版本是
 [{{< param "version" >}}](/)。
diff --git a/content/zh/docs/reference/access-authn-authz/_index.md b/content/zh/docs/reference/access-authn-authz/_index.md
index 1e1d30cfb1ea3..aa4d8d273055a 100644
--- a/content/zh/docs/reference/access-authn-authz/_index.md
+++ b/content/zh/docs/reference/access-authn-authz/_index.md
@@ -2,4 +2,4 @@
 title: 访问 API
 weight: 20
 toc-hide: true
----
\ No newline at end of file
+---
diff --git a/content/zh/docs/reference/access-authn-authz/abac.md b/content/zh/docs/reference/access-authn-authz/abac.md
index 4c3715e495faf..196e541660cf7 100644
--- a/content/zh/docs/reference/access-authn-authz/abac.md
+++ b/content/zh/docs/reference/access-authn-authz/abac.md
@@ -20,36 +20,36 @@ content_template: templates/concept
 
 基于 `ABAC` 模式，可以这样指定策略文件 `--authorization-policy-file=SOME_FILENAME`。
 
-此文件是 JSON 格式[每行都是一个JSON对象](http://jsonlines.org/)，不应存在封闭的列表或映射，每行只有一个映射。
-
-每一行都是一个 "策略对象"，策略对象是具有以下映射的属性:
-
-  - 版本控制属性:
-    - `apiVersion`，字符串类型: 有效值为"abac.authorization.kubernetes.io/v1beta1"，允许版本控制和转换策略格式。
-    - `kind`，字符串类型: 有效值为 "Policy"，允许版本控制和转换策略格式。
-  - `spec` 配置为具有以下映射的属性:
-    - 匹配属性:
-      - `user`，字符串类型; 来自 `--token-auth-file` 的用户字符串，如果你指定`user`，它必须与验证用户的用户名匹配。
-      - `group`，字符串类型; 如果指定`group`，它必须与经过身份验证的用户的一个组匹配，`system:authenticated`匹配所有经过身份验证的请求。`system:unauthenticated`匹配所有未经过身份验证的请求。
-  - 资源匹配属性:
-    - `apiGroup`，字符串类型; 一个 API 组。
-      - 例: `extensions`
-      - 通配符: `*`匹配所有 API 组。
-    - `namespace`，字符串类型; 一个命名空间。
-      - 例如: `kube-system`
-      - 通配符: `*` 匹配所有资源请求。
-    - `resource`，字符串类型; 资源类型。
-      - 例:`pods`
-      - 通配符: `*`匹配所有资源请求。
-  - 非资源匹配属性:
-    - `nonResourcePath`，字符串类型; 非资源请求路径。
-      - 例如:`/version`或`/apis`
-      - 通配符:
+此文件是 JSON 格式[每行都是一个 JSON 对象](http://jsonlines.org/)，不应存在封闭的列表或映射，每行只有一个映射。
+
+每一行都是一个 " 策略对象 "，策略对象是具有以下映射的属性 :
+
+  - 版本控制属性 :
+    - `apiVersion`，字符串类型 : 有效值为 "abac.authorization.kubernetes.io/v1beta1"，允许版本控制和转换策略格式。
+    - `kind`，字符串类型 : 有效值为 "Policy"，允许版本控制和转换策略格式。
+  - `spec` 配置为具有以下映射的属性 :
+    - 匹配属性 :
+      - `user`，字符串类型 ; 来自 `--token-auth-file` 的用户字符串，如果你指定 `user`，它必须与验证用户的用户名匹配。
+      - `group`，字符串类型 ; 如果指定 `group`，它必须与经过身份验证的用户的一个组匹配，`system:authenticated` 匹配所有经过身份验证的请求。`system:unauthenticated` 匹配所有未经过身份验证的请求。
+  - 资源匹配属性 :
+    - `apiGroup`，字符串类型 ; 一个 API 组。
+      - 例 : `extensions`
+      - 通配符 : `*` 匹配所有 API 组。
+    - `namespace`，字符串类型 ; 一个命名空间。
+      - 例如 : `kube-system`
+      - 通配符 : `*` 匹配所有资源请求。
+    - `resource`，字符串类型 ; 资源类型。
+      - 例 :`pods`
+      - 通配符 : `*` 匹配所有资源请求。
+  - 非资源匹配属性 :
+    - `nonResourcePath`，字符串类型 ; 非资源请求路径。
+      - 例如 :`/version` 或 `/apis`
+      - 通配符 :
         - `*` 匹配所有非资源请求。
-        - `/foo/*` 匹配`/foo/`的所有子路径。
+        - `/foo/*` 匹配 `/foo/` 的所有子路径。
   - `readonly`，键入 boolean，如果为 true，则表示该策略仅适用于 get，list 和 watch 操作。
 
-**注意:** 未设置的属性与类型设置为零值的属性相同(例如空字符串，0、false)，然而未知的应该可读性优先。
+**注意 :** 未设置的属性与类型设置为零值的属性相同 ( 例如空字符串，0、false)，然而未知的应该可读性优先。
 
 在将来，策略可能以 JSON 格式表示，并通过 REST 界面进行管理。
 
@@ -57,58 +57,58 @@ content_template: templates/concept
 
 请求具有与策略对象的属性对应的属性。
 
-当接收到请求时，确定属性。 未知属性设置为其类型的零值（例如: 空字符串，0，false）。
+当接收到请求时，确定属性。 未知属性设置为其类型的零值（例如 : 空字符串，0，false）。
 
-设置为`“*"`的属性将匹配相应属性的任何值。
+设置为 `"*"` 的属性将匹配相应属性的任何值。
 
 检查属性的元组，以匹配策略文件中的每个策略。 如果至少有一行匹配请求属性，则请求被授权（但可能会在稍后验证失败）。
 
-要允许任何经过身份验证的用户执行某些操作，请将策略组属性设置为 `"system:authenticated“`。
+要允许任何经过身份验证的用户执行某些操作，请将策略组属性设置为 `"system:authenticated"`。
 
-要允许任何未经身份验证的用户执行某些操作，请将策略组属性设置为`"system:authentication“`。
+要允许任何未经身份验证的用户执行某些操作，请将策略组属性设置为 `"system:authentication"`。
 
 要允许用户执行任何操作，请使用 apiGroup，命名空间，
-资源和 nonResourcePath 属性设置为 `“*"`的策略.
+资源和 nonResourcePath 属性设置为 `"*"` 的策略。
 
-要允许用户执行任何操作，请使用设置为`“*”` 的 apiGroup，namespace，resource 和 nonResourcePath 属性编写策略。
+要允许用户执行任何操作，请使用设置为 `"*"` 的 apiGroup，namespace，resource 和 nonResourcePath 属性编写策略。
 
 ## Kubectl
 
-Kubectl 使用 api-server 的 `/api` 和 `/apis` 端点进行协商客户端/服务器版本。 通过创建/更新来验证发送到API的对象操作，kubectl 查询某些 swagger 资源。 对于API版本"v1", 那就是`/swaggerapi/api/v1` ＆ `/swaggerapi/ experimental/v1`。
+Kubectl 使用 api-server 的 `/api` 和 `/apis` 端点进行协商客户端 / 服务器版本。 通过创建 / 更新来验证发送到 API 的对象操作，kubectl 查询某些 swagger 资源。 对于 API 版本 "v1", 那就是 `/swaggerapi/api/v1` ＆ `/swaggerapi/ experimental/v1`。
 
-当使用 ABAC 授权时，这些特殊资源必须明确通过策略中的 `nonResourcePath` 属性暴露出来(参见下面的[例子](#examples)):
+当使用 ABAC 授权时，这些特殊资源必须明确通过策略中的 `nonResourcePath` 属性暴露出来 ( 参见下面的[例子](#examples)):
 
-* `/api`，`/api/*`，`/apis`和`/apis/*` 用于 API 版本协商.
-* `/version` 通过 `kubectl version` 检索服务器版本.
-* `/swaggerapi/*` 用于创建/更新操作.
+* `/api`，`/api/*`，`/apis` 和 `/apis/*` 用于 API 版本协商。
+* `/version` 通过 `kubectl version` 检索服务器版本。
+* `/swaggerapi/*` 用于创建 / 更新操作。
 
-要检查涉及到特定kubectl操作的HTTP调用，您可以调整详细程度：
+要检查涉及到特定 kubectl 操作的 HTTP 调用，您可以调整详细程度：
 
     kubectl --v=8 version
 
 ## 例子
 
-1. Alice 可以对所有资源做任何事情:
+1. Alice 可以对所有资源做任何事情 :
 
     ```json
     {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "alice", "namespace": "*", "resource": "*", "apiGroup": "*"}}
     ```
-2. Kubelet 可以读取任何pod:
+2. Kubelet 可以读取任何 pod:
 
     ```json
     {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "kubelet", "namespace": "*", "resource": "pods", "readonly": true}}
     ```
-3. Kubelet 可以读写事件:
+3. Kubelet 可以读写事件 :
 
     ```json
     {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "kubelet", "namespace": "*", "resource": "events"}}
     ```
-4. Bob 可以在命名空间“projectCaribou"中读取 pod:
+4. Bob 可以在命名空间 “projectCaribou” 中读取 pod：
 
     ```json
     {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "bob", "namespace": "projectCaribou", "resource": "pods", "readonly": true}}
     ```
-5. 任何人都可以对所有非资源路径进行只读请求:
+5. 任何人都可以对所有非资源路径进行只读请求：
 
     ```json
     {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group": "system:authenticated", "readonly": true, "nonResourcePath": "*"}}
@@ -119,7 +119,7 @@ Kubectl 使用 api-server 的 `/api` 和 `/apis` 端点进行协商客户端/服
 
 ## 服务帐户的快速说明
 
-服务帐户自动生成用户。 用户名是根据命名约定生成的:
+服务帐户自动生成用户。 用户名是根据命名约定生成的：
 
 ```shell
 system:serviceaccount:<namespace>:<serviceaccountname>
@@ -130,13 +130,13 @@ system:serviceaccount:<namespace>:<serviceaccountname>
 system:serviceaccount:<namespace>:default
 ```
 
-例如，如果要将 API 的 kube-system 完整权限中的默认服务帐户授予，则可以将此行添加到策略文件中:
+例如，如果要将 API 的 kube-system 完整权限中的默认服务帐户授予，则可以将此行添加到策略文件中 :
 
 ```json
 {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:serviceaccount:kube-system:default","namespace":"*","resource":"*","apiGroup":"*"}}
 ```
 
-需要重新启动 apiserver 以获取新的策略行.
+需要重新启动 apiserver 以获取新的策略行。
 
 {{% /capture %}}
 
diff --git a/content/zh/docs/reference/access-authn-authz/authorization.md b/content/zh/docs/reference/access-authn-authz/authorization.md
index 8ca313af0138f..4e13befdf963f 100644
--- a/content/zh/docs/reference/access-authn-authz/authorization.md
+++ b/content/zh/docs/reference/access-authn-authz/authorization.md
@@ -28,12 +28,12 @@ that Kubernetes authorization works with existing organization-wide or
 cloud-provider-wide access control systems which may handle other APIs besides
 the Kubernetes API. -->
 
-在Kubernetes中，您必须在授权（授予访问权限）之前进行身份验证（登录），有关身份验证的信息，
+在 Kubernetes 中，您必须在授权（授予访问权限）之前进行身份验证（登录），有关身份验证的信息，
 请参阅 [访问控制概述](/docs/reference/access-authn-authz/controlling-access/).
 
-Kubernetes期望REST API请求中常见的属性。
-这意味着Kubernetes授权适用于现有的组织范围或云提供商范围的访问控制系统，
-除了Kubernetes API之外，它还可以处理其他API。
+Kubernetes 期望 REST API 请求中常见的属性。
+这意味着 Kubernetes 授权适用于现有的组织范围或云提供商范围的访问控制系统，
+除了 Kubernetes API 之外，它还可以处理其他 API。
 
 <!-- ## Determine Whether a Request is Allowed or Denied
 Kubernetes authorizes API requests using the API server. It evaluates all of the
@@ -52,7 +52,7 @@ the request, then the request is denied. A deny returns an HTTP status code 403.
 
 ## 确定是允许还是拒绝请求
 Kubernetes 使用 API ​​服务器授权 API 请求。它根据所有策略评估所有请求属性来决定允许或拒绝请求。
-一个API请求的所有部分必须被某些策略允许才能继续。这意味着默认情况下拒绝权限。
+一个 API 请求的所有部分必须被某些策略允许才能继续。这意味着默认情况下拒绝权限。
 
 （尽管 Kubernetes 使用 API ​​服务器，但是依赖于特定种类对象的特定字段的访问控制和策略由准入控制器处理。）
 
@@ -78,19 +78,19 @@ Kubernetes reviews only the following API request attributes:
 -->
 
 ## 审查您的请求属性
-Kubernetes仅审查以下API请求属性：
+Kubernetes 仅审查以下 API 请求属性：
 
- * **user** - 身份验证期间提供的`user`字符串。
+ * **user** - 身份验证期间提供的 `user` 字符串。
  * **group** - 经过身份验证的用户所属的组名列表。
  * **extra** - 由身份验证层提供的任意字符串键到字符串值的映射。
  * **API** - 指示请求是否针对 API 资源。
- * **Request path** - 各种非资源端点的路径，如`/api`或`/healthz`。
- * **API request verb** - API 动词`get`，`list`，`create`，`update`，`patch`，`watch`，`proxy`，`redirect`，`delete`和`deletecollection`用于资源请求。要确定资源API端点的请求动词，请参阅[确定请求动词](/docs/reference/access-authn-authz/authorization/#determine-whether-a-request-is-allowed-or-denied)。
- * **HTTP request verb** - HTTP 动词`get`，`post`，`put`和`delete`用于非资源请求。
- * **Resource** - 正在访问的资源的 ID 或名称（仅限资源请求） - 对于使用`get`，`update`，`patch`和`delete`动词的资源请求，您必须提供资源名称。
+ * **Request path** - 各种非资源端点的路径，如 `/api` 或 `/healthz`。
+ * **API request verb** - API 动词 `get`，`list`，`create`，`update`，`patch`，`watch`，`proxy`，`redirect`，`delete` 和 `deletecollection` 用于资源请求。要确定资源 API 端点的请求动词，请参阅[确定请求动词](/docs/reference/access-authn-authz/authorization/#determine-whether-a-request-is-allowed-or-denied)。
+ * **HTTP request verb** - HTTP 动词 `get`，`post`，`put` 和 `delete` 用于非资源请求。
+ * **Resource** - 正在访问的资源的 ID 或名称（仅限资源请求） - 对于使用 `get`，`update`，`patch` 和 `delete` 动词的资源请求，您必须提供资源名称。
  * **Subresource** - 正在访问的子资源（仅限资源请求）。
  * **Namespace** - 正在访问的对象的名称空间（仅适用于命名空间资源请求）。
- * **API group** - 正在访问的 API 组（仅限资源请求）。空字符串表示[核心API组](/docs/concepts/overview/kubernetes-api/)。
+ * **API group** - 正在访问的 API 组（仅限资源请求）。空字符串表示[核心 API 组](/docs/concepts/overview/kubernetes-api/)。
 
 <!--
 ## Determine the Request Verb
@@ -116,21 +116,21 @@ of the `bind` verb on `roles` and `clusterroles` resources in the `rbac.authoriz
 
 ## 确定请求动词
 
-要确定资源API端点的请求谓词，请检查所使用的 HTTP 动词以及请求是否对单个资源或资源集合起作用：
+要确定资源 API 端点的请求谓词，请检查所使用的 HTTP 动词以及请求是否对单个资源或资源集合起作用：
 
 HTTP 动词 | request 动词
 ----------|---------------
 POST      | create
-GET, HEAD | get (单个资源), list (资源集合)
+GET, HEAD | get (单个资源)，list (资源集合)
 PUT       | update
 PATCH     | patch
-DELETE    | delete (单个资源), deletecollection (资源集合)
+DELETE    | delete (单个资源)，deletecollection (资源集合)
 
-Kubernetes有时使用专门的动词检查授权以获得额外的权限。例如：
+Kubernetes 有时使用专门的动词检查授权以获得额外的权限。例如：
 
-* [Pod安全策略](/docs/concepts/policy/pod-security-policy/) 检查`policy` API组中`podsecuritypolicies`资源的`use`动词的授权。
-* [RBAC](/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping) 检查`rbac.authorization.k8s.io` API 组中`roles`和`clusterroles`资源的`bind`动词的授权。
-* [认证](/docs/reference/access-authn-authz/authentication/) layer检查核心API组中`users`，`groups`和`serviceaccounts`的`impersonate`动词的授权，以及`authentication.k8s.io` API组中的`userextras`。
+* [Pod 安全策略](/docs/concepts/policy/pod-security-policy/) 检查 `policy` API 组中 `podsecuritypolicies` 资源的 `use` 动词的授权。
+* [RBAC](/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping) 检查 `rbac.authorization.k8s.io` API 组中 `roles` 和 `clusterroles` 资源的 `bind` 动词的授权。
+* [认证](/docs/reference/access-authn-authz/authentication/) layer 检查核心 API 组中 `users`，`groups` 和 `serviceaccounts` 的 `impersonate` 动词的授权，以及 `authentication.k8s.io` API 组中的 `userextras`。
 
 <!--
 ## Authorization Modules
@@ -144,11 +144,11 @@ Kubernetes有时使用专门的动词检查授权以获得额外的权限。例
  
 ## 授权模块
  * **Node** - 一个专用授权程序，根据计划运行的 pod 为 kubelet 授予权限。了解有关使用节点授权模式的更多信息，请参阅[节点授权](/docs/reference/access-authn-authz/node/).
- * **ABAC** - 基于属性的访问控制（ABAC) 定义了一种访问控制范例，通过使用将属性组合在一起的策略，将访问权限授予用户。策略可以使用任何类型的属性（用户属性，资源属性，对象，环境属性等）。要了解有关使用 ABAC 模式的更多信息，请参阅[ABAC 模式](/docs/reference/access-authn-authz/abac/)。
- * **RBAC** - 基于角色的访问控制（RBAC）是一种基于企业内个人用户的角色来管理对计算机或网络资源的访问的方法。在此上下文中，权限是单个用户执行特定任务的能力，例如查看，创建或修改文件。要了解有关使用 RBAC 模式的更多信息，请参阅[RBAC 模式](/docs/reference/access-authn-authz/rbac/)。
-   * 当指定的RBAC（基于角色的访问控制）使用`rbac.authorization.k8s.io` API 组来驱动授权决策时，允许管理员通过 Kubernetes API 动态配置权限策略。
-   * 要启用RBAC，请使用`--authorization-mode = RBAC`启动 apiserver 。
- * **Webhook** - WebHook 是一个 HTTP 回调: 发生某些事情时调用的 HTTP POST;通过 HTTP POST 进行简单的事件通知。实现 WebHooks 的 Web 应用程序会在发生某些事情时将消息发布到URL。要了解有关使用 Webhook 模式的更多信息，请参阅[Webhook 模式](/docs/reference/access-authn-authz/webhook/)。
+ * **ABAC** - 基于属性的访问控制（ABAC）定义了一种访问控制范例，通过使用将属性组合在一起的策略，将访问权限授予用户。策略可以使用任何类型的属性（用户属性，资源属性，对象，环境属性等）。要了解有关使用 ABAC 模式的更多信息，请参阅 [ABAC 模式](/docs/reference/access-authn-authz/abac/)。
+ * **RBAC** - 基于角色的访问控制（RBAC）是一种基于企业内个人用户的角色来管理对计算机或网络资源的访问的方法。在此上下文中，权限是单个用户执行特定任务的能力，例如查看，创建或修改文件。要了解有关使用 RBAC 模式的更多信息，请参阅 [RBAC 模式](/docs/reference/access-authn-authz/rbac/)。
+   * 当指定的 RBAC（基于角色的访问控制）使用 `rbac.authorization.k8s.io` API 组来驱动授权决策时，允许管理员通过 Kubernetes API 动态配置权限策略。
+   * 要启用 RBAC，请使用 `--authorization-mode = RBAC` 启动 apiserver 。
+ * **Webhook** - WebHook 是一个 HTTP 回调：发生某些事情时调用的 HTTP POST；通过 HTTP POST 进行简单的事件通知。实现 WebHook 的 Web 应用程序会在发生某些事情时将消息发布到 URL。要了解有关使用 Webhook 模式的更多信息，请参阅 [Webhook 模式](/docs/reference/access-authn-authz/webhook/)。
 
 <!--
 #### Checking API Access
@@ -158,10 +158,10 @@ The command uses the `SelfSubjectAccessReview` API to determine if the current u
 a given action, and works regardless of the authorization mode used.
 -->
 
-#### 检查API访问
+#### 检查 API 访问
 
-`kubectl`提供`auth can-i`子命令，用于快速查询 API 授权层。
-该命令使用`SelfSubjectAccessReview` API来确定当前用户是否可以执行给定操作，并且无论使用何种授权模式都可以工作。
+`kubectl` 提供 `auth can-i` 子命令，用于快速查询 API 授权层。
+该命令使用 `SelfSubjectAccessReview` API 来确定当前用户是否可以执行给定操作，并且无论使用何种授权模式都可以工作。
 
 ```bash
 $ kubectl auth can-i create deployments --namespace dev
@@ -192,14 +192,14 @@ These APIs can be queried by creating normal Kubernetes resources, where the res
 field of the returned object is the result of the query.
 -->
 
-`SelfSubjectAccessReview`是`authorization.k8s.io` API组的一部分，它将 API 服务器授权公开给外部服务。
+`SelfSubjectAccessReview` 是 `authorization.k8s.io` API 组的一部分，它将 API 服务器授权公开给外部服务。
 该组中的其他资源包括：
 
-* `SubjectAccessReview` - 访问任何用户的 Review ，而不仅仅是当前用户。用于将授权决策委派给API服务器。例如，kubelet 和扩展 API 服务器使用它来确定用户对自己的API的访问权限。
-* `LocalSubjectAccessReview` - 与`SubjectAccessReview`类似，但仅限于特定的命名空间。
-* `SelfSubjectRulesReview` - 返回用户可在命名空间内执行的操作集的审阅。用户可以快速汇总自己的访问权限，或者用于隐藏/显示操作的UI。
+* `SubjectAccessReview` - 访问任何用户的 Review ，而不仅仅是当前用户。用于将授权决策委派给 API 服务器。例如，kubelet 和扩展 API 服务器使用它来确定用户对自己的 API 的访问权限。
+* `LocalSubjectAccessReview` - 与 `SubjectAccessReview` 类似，但仅限于特定的命名空间。
+* `SelfSubjectRulesReview` - 返回用户可在命名空间内执行的操作集的审阅。用户可以快速汇总自己的访问权限，或者用于 UI 中的隐藏/显示动作。
 
-可以通过创建普通 Kubernetes 资源来查询这些 API ，其中返回对象的响应“status”字段是查询的结果。
+可以通过创建普通 Kubernetes 资源来查询这些 API ，其中返回对象的响应 “status” 字段是查询的结果。
 
 ```bash
 $ kubectl create -f - -o yaml << EOF
@@ -247,20 +247,20 @@ You can choose more than one authorization module. Modules are checked in order
 so an earlier module has higher priority to allow or deny a request.
 -->
 
-## 为您的授权模块使用标志
+## 为您的授权模块应用参数
 
-您必须在策略中包含一个标志，以指明您的策略包含哪个授权模块：
+您必须在策略中包含一个参数标志，以指明您的策略包含哪个授权模块：
 
-可以使用以下标志：
+可以使用以下参数：
 
   * `--authorization-mode=ABAC` 基于属性的访问控制（ABAC）模式允许您使用本地文件配置策略。
   * `--authorization-mode=RBAC` 基于角色的访问控制（RBAC）模式允许您使用 Kubernetes API 创建和存储策略。
-  * `--authorization-mode=Webhook` WebHook 是一种 HTTP 回调模式，允许您使用远程REST端点管理授权。
-  * `--authorization-mode=Node` 节点授权是一种特殊用途的授权模式，专门授权由 kubelet 发出的API请求。
+  * `--authorization-mode=Webhook` WebHook 是一种 HTTP 回调模式，允许您使用远程 REST 端点管理授权。
+  * `--authorization-mode=Node` 节点授权是一种特殊用途的授权模式，专门授权由 kubelet 发出的 API 请求。
   * `--authorization-mode=AlwaysDeny` 该标志阻止所有请求。仅将此标志用于测试。
   * `--authorization-mode=AlwaysAllow` 此标志允许所有请求。仅在您不需要 API 请求的授权时才使用此标志。
 
-您可以选择多个授权模块。按顺序检查模块，以便较早的模块具有更高的优先级来允许或拒绝请求。
+您可以选择多个授权模块。模块按顺序检查，以便较早的模块具有更高的优先级来允许或拒绝请求。
 
 <!--
 ## Privilege escalation via pod creation
@@ -271,11 +271,11 @@ access their privileges within that namespace. They can create pods that access
 secrets the user cannot themselves read, or that run under a service account
 with different/greater permissions.
 -->
-## 通过pod创建权限升级
+## 通过 Pod 创建升级权限
 
-能够在命名空间中创建 pod 的用户可能会升级其在该命名空间内的权限。
-他们可以创建在该命名空间内访问其权限的 pod 。
-他们可以创建用户无法自己读取 secret 的 pod ，或者在具有不同/更高权限的服务帐户下运行的 pod 。
+能够在命名空间中创建 Pod 的用户可能会升级其在该命名空间内的权限。
+他们可以创建在该命名空间内访问其权限的 Pod 。
+他们可以创建用户无法自己读取 secret 的 Pod ，或者在具有不同/更高权限的服务帐户下运行的 Pod 。
 
 {{< caution >}}
 <!--
@@ -286,9 +286,9 @@ maps in the namespace; and impersonate any service account in the namespace and
 take any action the account could take. This applies regardless of authorization
 mode.
 -->
-**注意：** 系统管理员在授予对 pod 创建的访问权限时要小心。
-授予在命名空间中创建 pod（或创建pod的控制器）的权限的用户可以：
-读取命名空间中的所有秘密;读取命名空间中的所有配置映射;
+**注意：** 系统管理员在授予对 Pod 创建的访问权限时要小心。
+授予在命名空间中创建 Pod（或创建 Pod 的控制器）的权限的用户可以：
+读取命名空间中的所有 secret；读取命名空间中的所有 ConfigMap；
 并模拟命名空间中的任何服务帐户并执行帐户可以执行的任何操作。
 无论采用何种授权方式，这都适用。
 {{< /caution >}}
@@ -299,6 +299,6 @@ mode.
 * To learn more about Authentication, see **Authentication** in [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/).
 * To learn more about Admission Control, see [Using Admission Controllers](/docs/reference/access-authn-authz/admission-controllers/).
 -->
-* 要了解有关身份验证的更多信息，请参阅 **身份验证** [控制对Kubernetes API的访问](/docs/reference/access-authn-authz/controlling-access/).
-* 要了解有关准入控制的更多信息，请参阅 [使用准入控制器](/docs/reference/access-authn-authz/admission-controllers/).
+* 要了解有关身份验证的更多信息，请参阅 **身份验证** [控制对 Kubernetes API 的访问](/docs/reference/access-authn-authz/controlling-access/)。
+* 要了解有关准入控制的更多信息，请参阅 [使用准入控制器](/docs/reference/access-authn-authz/admission-controllers/)。
 {{% /capture %}}
\ No newline at end of file
diff --git a/content/zh/docs/reference/access-authn-authz/bootstrap-tokens.md b/content/zh/docs/reference/access-authn-authz/bootstrap-tokens.md
index ced000932de16..77ca6f32d520f 100644
--- a/content/zh/docs/reference/access-authn-authz/bootstrap-tokens.md
+++ b/content/zh/docs/reference/access-authn-authz/bootstrap-tokens.md
@@ -15,8 +15,8 @@ Bootstrapping](/docs/admin/kubelet-tls-bootstrapping/) 系统进行工作。
 
 启动引导令牌被定义成一个特定类型的 secrets(`bootstrap.kubernetes.io/token`)，并存在于
 `kube-system` 命名空间中。然后这些 secrets 会被 API 服务器上的启动引导的认证器读取。
-控制器管理器中的控制器TokenCleaner能够删除过期的令牌。在节点发现的过程中Kubernetes会使用特殊的ConfigMap对象。
-控制器管理器中的BootstrapSigner控制器也会使用启动引导令牌为这类对象生成签名信息。
+控制器管理器中的控制器 TokenCleaner 能够删除过期的令牌。在节点发现的过程中 Kubernetes 会使用特殊的 ConfigMap 对象。
+控制器管理器中的 BootstrapSigner 控制器也会使用启动引导令牌为这类对象生成签名信息。
 
 目前，启动引导令牌处于 **alpha** 阶段，但是预期也不会有大的突破性变化。
 
@@ -26,7 +26,7 @@ Bootstrapping](/docs/admin/kubelet-tls-bootstrapping/) 系统进行工作。
 更加规范地说，它们必须符合正则表达式 `[a-z0-9]{6}\.[a-z0-9]{16}`。
 
 令牌的第一部分是 "Token ID" ，它是公共信息。用于引用某个令牌，并确保不会泄露认证所使用的秘密信息。
-第二部分是 "令牌秘密（Token Secret）"，它应该被共享给收信的第三方。
+第二部分是“令牌秘密（Token Secret）”，它应该被共享给收信的第三方。
 
 ## 启用启动引导令牌
 
@@ -82,19 +82,19 @@ TokenCleaner 控制器会删除过期的令牌。
 
 ## 使用 `kubeadm` 管理令牌
 
-你可以使用 `kubeadm` 工具管理正在运行集群的令牌。它会从 `kubeadm` 创建的集群(`/etc/kubernetes/admin.conf`)
+你可以使用 `kubeadm` 工具管理正在运行集群的令牌。它会从 `kubeadm` 创建的集群（`/etc/kubernetes/admin.conf`）
 自动抓取默认管理员密码。你可以通过参数 `--kubeconfig` 对下面命令指定一个另外的 kubeconfig 文件抓取密码。
 
 * `kubeadm token list` 列举了令牌，同时显示了它们的过期时间和用途。
 * `kubeadm token create` 创建一个新令牌。
     * `--description` 设置新令牌的描述。
-    * `--ttl duration` 设置令牌从 "现在" 起到过期时间的差值。
+    * `--ttl duration` 设置令牌从“现在”起到过期时间的差值。
       默认是 0 ，也就是不过期。
     * `--usages` 设置令牌被使用的方式。默认是 `signing,authentication`。用途在上面已经描述。
 * `kubeadm token delete <token id>|<token id>.<token secret>` 删除令牌。
   令牌可以只用 ID 来确认，也可以用整个令牌的值。如果只用 ID 的情况下，密文不匹配的令牌也会被删除。
 
-### ConfigMap签名
+### ConfigMap 签名
 
 除了认证之外，令牌可以用于签名 ConfigMap。这在集群启动过程的早期，在客户端信任 API 服务器之前被使用。
 被签名的 ConfigMap 可以通过共享令牌被认证。
@@ -131,6 +131,6 @@ ConfigMap 的 `kubeconfig` 成员是一个填好了集群信息的配置文件
 这里主要交换的信息是 `certificate-authority-data`。在将来可能会有扩展。
 
 签名是一个 JWS 签名，使用了 "detached" 模式。为了检验签名，用户应该按照 JWS 规则
-(base64 编码而忽略结尾的 `=`)对 `kubeconfig` 的载荷进行编码。完成编码的载荷会被通过插入 JWS 并存在于两个点的中间
+（base64 编码而忽略结尾的 `=`）对 `kubeconfig` 的载荷进行编码。完成编码的载荷会被通过插入 JWS 并存在于两个点的中间
 ，用于形成一个完整的 JWS。可以使用令牌的完整信息（比如 `07401b.f395accd246ae52d`）作为共享密钥，
 通过 `HS256` 方式 (HMAC-SHA256) 对 JWS 进行校验。 用户 _必须_ 确保使用了 HS256。
diff --git a/content/zh/docs/reference/access-authn-authz/controlling-access.md b/content/zh/docs/reference/access-authn-authz/controlling-access.md
index 251b69484d781..e181571a5de5f 100644
--- a/content/zh/docs/reference/access-authn-authz/controlling-access.md
+++ b/content/zh/docs/reference/access-authn-authz/controlling-access.md
@@ -2,40 +2,40 @@
 approvers:
 - erictune
 - lavalamp
-title: Kubernetes API访问控制
+title: Kubernetes API 访问控制
 ---
 
-用户通过 `kubectl`、客户端库或者通过发送REST请求[访问API](/docs/user-guide/accessing-the-cluster)。 用户（自然人）和[Kubernetes服务账户](/docs/tasks/configure-pod-container/configure-service-account/) 都可以被授权进行API访问。
-请求到达API服务器后会经过几个阶段，具体说明如图：
+用户通过 `kubectl`、客户端库或者通过发送 REST 请求[访问 API](/docs/user-guide/accessing-the-cluster)。 用户（自然人）和 [Kubernetes 服务账户](/docs/tasks/configure-pod-container/configure-service-account/) 都可以被授权进行 API 访问。
+请求到达 API 服务器后会经过几个阶段，具体说明如图：
 
 ![Diagram of request handling steps for Kubernetes API request](/images/docs/admin/access-control-overview.svg)
 
 ## 传输层安全
 
-在典型的Kubernetes集群中，API通过443端口提供服务。
-API服务器会提供一份证书。 该证书一般是自签名的， 所以用户机器上的 `$USER/.kube/config` 目录通常
-包含该API服务器证书的根证书，用来代替系统默认根证书。 当用户使用 `kube-up.sh` 创建集群时，该证书通常会被自动写入用户的`$USER/.kube/config`。  如果集群中存在多个用户，则创建者需要与其他用户共享证书。
+在典型的 Kubernetes 集群中，API 通过 443 端口提供服务。
+API 服务器会提供一份证书。 该证书一般是自签名的， 所以用户机器上的 `$USER/.kube/config` 目录通常
+包含该 API 服务器证书的根证书，用来代替系统默认根证书。 当用户使用 `kube-up.sh` 创建集群时，该证书通常会被自动写入用户的 `$USER/.kube/config`。  如果集群中存在多个用户，则创建者需要与其他用户共享证书。
 
 ## 认证
 
-一旦 TLS 连接建立，HTTP请求就进入到了认证的步骤。即图中的步骤 **1** 。
-集群创建脚本或集群管理员会为API服务器配置一个或多个认证模块。
-更具体的认证相关的描述详见 [这里](/docs/admin/authentication/)。
+一旦 TLS 连接建立，HTTP 请求就进入到了认证的步骤。即图中的步骤 **1** 。
+集群创建脚本或集群管理员会为 API 服务器配置一个或多个认证模块。
+更具体的认证相关的描述详见[这里](/docs/admin/authentication/)。
 
-认证步骤的输入是整个HTTP请求，但这里通常只是检查请求头和/或客户端证书。
+认证步骤的输入是整个 HTTP 请求，但这里通常只是检查请求头和 / 或客户端证书。
 
-认证模块支持客户端证书，密码和Plain Tokens，
-Bootstrap Tokens，以及JWT Tokens (用于服务账户)。
+认证模块支持客户端证书，密码和 Plain Tokens，
+Bootstrap Tokens，以及 JWT Tokens（用于服务账户）。
 
 （管理员）可以同时设置多种认证模块，在设置了多个认证模块的情况下，每个模块会依次尝试认证，
 直到其中一个认证成功。
 
-在 GCE 平台中，客户端证书，密码和Plain Tokens，Bootstrap Tokens，以及JWT Tokens同时被启用。
+在 GCE 平台中，客户端证书，密码和 Plain Tokens，Bootstrap Tokens，以及 JWT Tokens 同时被启用。
 
-如果请求认证失败，则请求被拒绝，返回401状态码。
+如果请求认证失败，则请求被拒绝，返回 401 状态码。
 如果认证成功，则被认证为具体的 `username`，该用户名可供随后的步骤中使用。一些认证模块还提供了用户的组成员关系，另一些则没有。
 
-尽管Kubernetes使用 "用户名" 来进行访问控制和请求记录，但它实际上并没有 `user` 对象，也不存储用户名称或其他相关信息。
+尽管 Kubernetes 使用“用户名”来进行访问控制和请求记录，但它实际上并没有 `user` 对象，也不存储用户名称或其他相关信息。
 
 ## 授权
 
@@ -43,7 +43,7 @@ Bootstrap Tokens，以及JWT Tokens (用于服务账户)。
 
 请求须包含请求者的用户名，请求动作，以及该动作影响的对象。 如果存在相应策略，声明该用户具有进行相应操作的权限，则该请求会被授权。
 
-例如，如果Bob有如下策略，那么他只能够读取`projectCaribou`命名空间下的pod资源：
+例如，如果 Bob 有如下策略，那么他只能够读取 `projectCaribou` 命名空间下的 pod 资源：
 
 ```json
 {
@@ -57,7 +57,7 @@ Bootstrap Tokens，以及JWT Tokens (用于服务账户)。
     }
 }
 ```
-如果Bob发起以下请求，那么请求能够通过授权，因为Bob被允许访问 `projectCaribou` 命名空间下的对象：
+如果 Bob 发起以下请求，那么请求能够通过授权，因为 Bob 被允许访问 `projectCaribou` 命名空间下的对象：
 
 ```json
 {
@@ -73,20 +73,20 @@ Bootstrap Tokens，以及JWT Tokens (用于服务账户)。
   }
 }
 ```
-如果Bob对 `projectCaribou` 命名空间下的对象发起一个写（`create` 或者 `update`）请求，那么它的授权会被拒绝。 如果Bob请求读取(`get`) 其他命名空间，例如 `projectFish`下的对象，其授权也会被拒绝。 
+如果 Bob 对 `projectCaribou` 命名空间下的对象发起一个写（`create` 或者 `update`）请求，那么它的授权会被拒绝。 如果 Bob 请求读取 （`get`）其他命名空间，例如 `projectFish` 下的对象，其授权也会被拒绝。 
 
-Kubernetes的授权要求使用通用的REST属性与现有的组织或云服务提供商的访问控制系统进行交互。 采用REST格式是必要的，因为除Kubernetes外，这些访问控制系统还可能与其他的API进行交互。
+Kubernetes 的授权要求使用通用的 REST 属性与现有的组织或云服务提供商的访问控制系统进行交互。 采用 REST 格式是必要的，因为除 Kubernetes 外，这些访问控制系统还可能与其他的 API 进行交互。
 
-Kubernetes 支持多种授权模块，例如ABAC模式，RBAC模式和 Webhook模式。 管理员创建集群时，会配置API服务器应用的授权模块。 如果多种授权模式同时被启用，Kubernetes将检查所有模块，如果其中一种通过授权，则请求授权通过。 如果所有的模块全部拒绝，则请求被拒绝(HTTP状态码403)。
+Kubernetes 支持多种授权模块，例如 ABAC 模式，RBAC 模式和 Webhook 模式。 管理员创建集群时，会配置 API 服务器应用的授权模块。 如果多种授权模式同时被启用，Kubernetes 将检查所有模块，如果其中一种通过授权，则请求授权通过。 如果所有的模块全部拒绝，则请求被拒绝（HTTP 状态码 403）。
 
-要了解更多的Kubernetes授权相关信息，包括使用授权模块创建策略的具体说明等，可参考[授权概述](/docs/admin/authorization)。
+要了解更多的 Kubernetes 授权相关信息，包括使用授权模块创建策略的具体说明等，可参考[授权概述](/docs/admin/authorization)。
 
 
 ## 准入控制
 
 准入控制模块是能够修改或拒绝请求的软件模块。
 作为授权模块的补充，准入控制模块会访问被创建或更新的对象的内容。
-它们作用于对象的创建，删除，更新和连接 (proxy)阶段，但不包括对象的读取。
+它们作用于对象的创建，删除，更新和连接（proxy）阶段，但不包括对象的读取。
 
 可以同时配置多个准入控制器，它们会按顺序依次被调用。
 
@@ -98,23 +98,23 @@ Kubernetes 支持多种授权模块，例如ABAC模式，RBAC模式和 Webhook
 
 可用的准入控制模块描述 [如下](/docs/admin/admission-controllers/)。
 
-一旦请求通过所有准入控制器，将使用对应API对象的验证流程对其进行验证，然后写入对象存储 (如步骤 **4**)。
+一旦请求通过所有准入控制器，将使用对应 API 对象的验证流程对其进行验证，然后写入对象存储 （如步骤 **4**）。
 
 
-## API的端口和IP
+## API 的端口和 IP
 
-上述讨论适用于发送请求到API服务器的安全端口(典型情况)。  
-实际上API服务器可以通过两个端口提供服务：
+上述讨论适用于发送请求到 API 服务器的安全端口（典型情况）。  
+实际上 API 服务器可以通过两个端口提供服务：
 
-默认情况下，API服务器在2个端口上提供HTTP服务：
+默认情况下，API 服务器在 2 个端口上提供 HTTP 服务：
 
   1. `Localhost Port`:
 
           - 用于测试和启动，以及管理节点的其他组件
-            (scheduler, controller-manager)与API的交互
-          - 没有TLS
-          - 默认值为8080，可以通过 `--insecure-port` 标记来修改。
-          - 默认的IP地址为localhost， 可以通过 `--insecure-bind-address`标记来修改。
+            （scheduler, controller-manager）与 API 的交互
+          - 没有 TLS
+          - 默认值为 8080，可以通过 `--insecure-port` 标记来修改。
+          - 默认的 IP 地址为 localhost， 可以通过 `--insecure-bind-address` 标记来修改。
           - 请求会 **绕过** 认证和鉴权模块。
           - 请求会被准入控制模块处理。
           - 其访问需要主机访问的权限。
@@ -123,12 +123,12 @@ Kubernetes 支持多种授权模块，例如ABAC模式，RBAC模式和 Webhook
 
           - 尽可能使用该端口访问
           - 应用 TLS。 可以通过 `--tls-cert-file` 设置证书， 通过 `--tls-private-key-file` 设置私钥。
-          - 默认值为6443，可以通过 `--secure-port` 标记来修改。
-          - 默认IP是首个非本地的网络接口地址，可以通过 `--bind-address` 标记来修改。
+          - 默认值为 6443，可以通过 `--secure-port` 标记来修改。
+          - 默认 IP 是首个非本地的网络接口地址，可以通过 `--bind-address` 标记来修改。
           - 请求会经过认证和鉴权模块处理。
           - 请求会被准入控制模块处理。
           - 要求认证和授权模块正常运行。
 
-通过 `kube-up.sh`创建集群时， 对 Google Compute Engine (GCE)
-和一些其他的云供应商来说， API通过443端口提供服务。 对
-GCE而言，项目上配置了防火墙规则，允许外部的HTTPS请求访问API，其他（厂商的）集群设置方法各不相同。
+通过 `kube-up.sh` 创建集群时， 对 Google Compute Engine（GCE）
+和一些其他的云供应商来说， API 通过 443 端口提供服务。 对
+GCE 而言，项目上配置了防火墙规则，允许外部的 HTTPS 请求访问 API，其他（厂商的）集群设置方法各不相同。
diff --git a/content/zh/docs/reference/access-authn-authz/extensible-admission-controllers.md b/content/zh/docs/reference/access-authn-authz/extensible-admission-controllers.md
new file mode 100644
index 0000000000000..ccaebb936fb9d
--- /dev/null
+++ b/content/zh/docs/reference/access-authn-authz/extensible-admission-controllers.md
@@ -0,0 +1,330 @@
+---
+reviewers:
+- smarterclayton
+- lavalamp
+- whitlockjc
+- caesarxuchao
+- deads2k
+- liggitt
+- mbohlool
+<!-- title: Dynamic Admission Control -->
+title: 动态准入控制
+content_template: templates/concept
+weight: 40
+---
+
+{{% capture overview %}}
+<!--
+The [admission controllers documentation](/docs/reference/access-authn-authz/admission-controllers/)
+introduces how to use standard, plugin-style admission controllers. However,
+plugin admission controllers are not flexible enough for all use cases, due to
+the following:
+
+* They need to be compiled into kube-apiserver.
+* They are only configurable when the apiserver starts up.
+
+*Admission Webhooks* (beta in 1.9) addresses these limitations. It allows
+admission controllers to be developed out-of-tree and configured at runtime.
+
+This page describes how to use Admission Webhooks.
+-->
+[admission 控制器文档](/docs/reference/access-authn-authz/admission-controllers/)
+介绍如何使用标准的插件式 admission 控制器。然而，
+由于以下原因插件 admission 控制器对于所有用例来说都不够灵活：
+
+* 他们需要编译到 kube-apiserver 里面。
+* 它们仅在 apiserver 启动时可配置。
+
+*Admission Webhooks*（1.9 版中的 beta）解决了这些限制。
+它允许 admission 控制器能被独立开发以及在运行时配置。
+
+本页介绍如何使用 Admission Webhooks。
+{{% /capture %}}
+
+{{% capture body %}}
+<!-- ### What are admission webhooks? -->
+### 什么是 admission webhook？
+
+<!--
+Admission webhooks are HTTP callbacks that receive admission requests and do
+something with them. You can define two types of admission webhooks,
+[validating admission Webhook](/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook)
+and
+[mutating admission webhook](/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook).
+With validating admission Webhooks, you may reject requests to enforce custom
+admission policies. With mutating admission Webhooks, you may change requests to
+enforce custom defaults.
+-->
+Admission webhooks 是 HTTP 回调，它接收 admission 请求并对它们做一些事情。
+您可以定义两种类型的 admission webhook，
+[validating admission Webhook](/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook)
+和
+[mutating admission webhook](/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook)。
+通过 validating admission Webhook，您可以拒绝请求以执行自定义的 admission 策略。
+通过 mutating admission webhook，您可以更改请求以执行自定义的默认值。
+
+<!--
+### Experimenting with admission webhooks
+
+Admission webhooks are essentially part of the cluster control-plane. You should
+write and deploy them with great caution. Please read the [user
+guides](/docs/reference/access-authn-authz/extensible-admission-controllers/#write-an-admission-webhook-server) for
+instructions if you intend to write/deploy production-grade admission webhooks.
+In the following, we describe how to quickly experiment with admission webhooks.
+-->
+### 尝试 admission webhook
+
+admission webhook 本质上是集群控制平面的一部分。 您应该非常谨慎地编写和部署它们。
+如果您打算编写/部署生产级 admission webhook，请阅读[用户指南](/docs/reference/access-authn-authz/extensible-admission-controllers/#write-an-admission-webhook-server)以获取相关说明。
+在下文中，我们将介绍如何快速试验 admission webhook。
+
+<!--
+### Prerequisites
+
+* Ensure that the Kubernetes cluster is at least as new as v1.9.
+
+* Ensure that MutatingAdmissionWebhook and ValidatingAdmissionWebhook
+  admission controllers are enabled.
+  [Here](/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use)
+  is a recommended set of admission controllers to enable in general.
+
+* Ensure that the admissionregistration.k8s.io/v1beta1 API is enabled.
+-->
+### 先决条件
+
+* 确保 Kubernetes 集群版本至少为 v1.9。
+
+* 确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。
+  [这里](/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use)
+  是一组推荐的 admission 控制器，通常可以启用。
+
+* 确保启用了`admissionregistration.k8s.io/v1beta1` API。
+
+<!--
+### Write an admission webhook server
+
+Please refer to the implementation of the [admission webhook
+server](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/images/webhook/main.go)
+that is validated in a Kubernetes e2e test. The webhook handles the
+`admissionReview` requests sent by the apiservers, and sends back its decision
+wrapped in `admissionResponse`.
+
+the `admissionReview` request can have different versions (e.g. v1beta1 or `v1` in a future version).
+The webhook can define what version they accept using `admissionReviewVersions` field. API server
+will try to use first version in the list which it supports. If none of the versions specified
+in this list supported by API server, validation will fail for this object. If the webhook
+configuration has already been persisted, calls to the webhook will fail and be
+subject to the failure policy.
+
+The example admission webhook server leaves the `ClientAuth` field
+[empty](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/images/webhook/config.go#L47-L48),
+which defaults to `NoClientCert`. This means that the webhook server does not
+authenticate the identity of the clients, supposedly apiservers. If you need
+mutual TLS or other ways to authenticate the clients, see
+how to [authenticate apiservers](#authenticate-apiservers).
+-->
+### 编写一个admission webhook 服务器
+
+请参阅 Kubernetes e2e 测试中的
+[admission webhook 服务器](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/images/webhook/main.go)实现。
+ webhook 处理由 apiservers 发送的 `admissionReview` 请求，并将其决定包含在 `admissionResponse` 中发回。
+
+`admissionReview` 请求可以有不同的版本（例如，`v1beta1` 或未来版本中的 `v1`）。
+webhook 可以使用 `admissionReviewVersions` 字段定义它们接受的版本。
+API 服务器将尝试在其支持的列表中使用第一个版本。
+如果 API 服务器不支持此列表中指定的任何版本，则此对象的验证将失败。
+如果 webhook 配置依然如此，则对 we​​bhook 的调用将失败并受到失败策略的控制。
+
+示例 admission webhook 服务器置 `ClientAuth` 字段为
+[空](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/images/webhook/config.go#L47-L48)，
+默认为 `NoClientCert` 。这意味着 webhook 服务器不会验证客户端的身份，认为其是 apiservers。
+如果您需要双向 TLS 或其他方式来验证客户端，请参阅如何[验证 apiservers](#验证 apiservers)。
+
+<!--
+### Deploy the admission webhook service
+
+The webhook server in the e2e test is deployed in the Kubernetes cluster, via
+the [deployment API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#deployment-v1beta1-apps).
+The test also creates a [service](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#service-v1-core)
+as the front-end of the webhook server. See
+[code](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/e2e/apimachinery/webhook.go#L227).
+
+You may also deploy your webhooks outside of the cluster. You will need to update
+your [webhook client configurations](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go#L247) accordingly.
+-->
+### 部署 admission webhook 服务
+
+e2e 测试中的 webhook 服务器部署在 Kubernetes 集群中，通过 [deployment API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#deployment-v1beta1-apps)。
+该测试还创建了 [service](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#service-v1-core) 作为 webhook 服务器的前端。 
+参见[代码](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/e2e/apimachinery/webhook.go#L227)。
+
+您还可以在集群外部署 Webhook，
+这需要相应地更新 [webhook 客户端配置](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go#L247)。
+
+<!--
+### Configure admission webhooks on the fly
+
+You can dynamically configure what resources are subject to what admission
+webhooks via
+[ValidatingWebhookConfiguration](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go#L84)
+or
+[MutatingWebhookConfiguration](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go#L114).
+
+The following is an example `validatingWebhookConfiguration`, a mutating webhook
+configuration is similar.
+-->
+### 动态配置 admission webhook
+
+您可以通过
+[ValidatingWebhookConfiguration](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go#L84)
+或
+[MutatingWebhookConfiguration](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go#L114)
+动态配置哪些资源通过哪些 admission webhook
+
+以下是 `validatingWebhookConfiguration` 的示例，Mutating Webhook Configuration 类似。
+
+```yaml
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: <name of this configuration object>
+webhooks:
+- name: <webhook name, e.g., pod-policy.example.io>
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    resources:
+    - pods
+    scope: "Namespaced"
+  clientConfig:
+    service:
+      namespace: <namespace of the front-end service>
+      name: <name of the front-end service>
+    caBundle: <pem encoded ca cert that signs the server cert used by the webhook>
+  admissionReviewVersions:
+  - v1beta1
+  timeoutSeconds: 1
+```
+
+<!--
+The scope field specifies if only cluster-scoped resources ("Cluster") or namespace-scoped
+resources ("Namespaced") will match this rule. "*" means that there are no scope restrictions.
+
+{{< note >}}
+When using `clientConfig.service`, the server cert must be valid for
+`<svc_name>.<svc_namespace>.svc`.
+{{< /note >}}
+
+{{< note >}}
+Default timeout for a webhook call is 30 seconds but starting in kubernetes 1.14 you
+can set the timeout and it is encouraged to use a very small timeout for webhooks.
+If the webhook call times out, the request is handled according to the webhook's 
+failure policy.
+{{< /note >}}
+
+When an apiserver receives a request that matches one of the `rules`, the
+apiserver sends an `admissionReview` request to webhook as specified in the
+`clientConfig`.
+
+After you create the webhook configuration, the system will take a few seconds
+to honor the new configuration.
+-->
+scope 字段指定是否只有集群范围的资源（“Cluster”）或命名空间范围的资源（“Namespaced”）才匹配此规则。 “*” 表示没有范围限制。
+
+{{< note >}}
+使用`clientConfig.service`时，服务器证书必须对`<svc_name>.<svc_namespace>.svc`有效。
+{{< /note >}}
+
+{{< note >}}
+webhook 调用的默认超时为 30 秒，但从 kubernetes 1.14 开始，您可以设置超时，并鼓励对 webhook 使用非常小的超时时间。
+如果 webhook 调用超时，则根据 webhook 的失败策略处理请求。
+{{< /note >}}
+
+当一个 apiserver 收到一个与 `rules` 之一匹配的请求时，apiserver 会向 `clientConfig` 中指定的 webhook 发送一个 `admissionReview` 请求。
+
+创建 webhook 配置后，系统将花费几秒钟来完成新配置的生效。
+
+<!--
+### Authenticate apiservers
+
+If your admission webhooks require authentication, you can configure the
+apiservers to use basic auth, bearer token, or a cert to authenticate itself to
+the webhooks. There are three steps to complete the configuration.
+
+* When starting the apiserver, specify the location of the admission control
+  configuration file via the `--admission-control-config-file` flag.
+
+* In the admission control configuration file, specify where the
+  MutatingAdmissionWebhook controller and ValidatingAdmissionWebhook controller
+  should read the credentials. The credentials are stored in kubeConfig files
+  (yes, the same schema that's used by kubectl), so the field name is
+  `kubeConfigFile`. Here is an example admission control configuration file:
+  -->
+### 验证 apiservers
+
+如果您的 webhooks 需要身份验证，您可以将 apiservers 配置为使用基本身份验证，不记名令牌或证书来对 webhook 进行身份验证。
+完成配置有三个步骤。
+
+* 启动apiserver时，通过 `--admission-control-config-file` 参数指定许可控制配置文件的位置。
+
+* 在准入控制配置文件中，指定 MutatingAdmissionWebhook 控制器和 ValidatingAdmissionWebhook 控制器应该读取凭据的位置。
+凭证存储在 kubeConfig 文件中（是​​的，与 kubectl 使用的模式相同），因此字段名称为`kubeConfigFile`。 
+以下是一个示例准入控制配置文件：
+
+```yaml
+apiVersion: apiserver.k8s.io/v1alpha1
+kind: AdmissionConfiguration
+plugins:
+- name: ValidatingAdmissionWebhook
+  configuration:
+    apiVersion: apiserver.config.k8s.io/v1alpha1
+    kind: WebhookAdmission
+    kubeConfigFile: <path-to-kubeconfig-file>
+- name: MutatingAdmissionWebhook
+  configuration:
+    apiVersion: apiserver.config.k8s.io/v1alpha1
+    kind: WebhookAdmission
+    kubeConfigFile: <path-to-kubeconfig-file>
+```
+
+<!--
+The schema of `admissionConfiguration` is defined
+[here](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go#L27).
+
+* In the kubeConfig file, provide the credentials:
+-->
+`admissionConfiguration` 的 shcema 在
+[这里](https://github.com/kubernetes/kubernetes/blob/v1.13.0/staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go#L27).
+
+* 在 kubeConfig 文件中，提供凭据：
+
+```yaml
+apiVersion: v1
+kind: Config
+users:
+# DNS name of webhook service, i.e., <service name>.<namespace>.svc, or the URL
+# of the webhook server.
+- name: 'webhook1.ns1.svc'
+  user:
+    client-certificate-data: <pem encoded certificate>
+    client-key-data: <pem encoded key>
+# The `name` supports using * to wildmatch prefixing segments.
+- name: '*.webhook-company.org'
+  user:
+    password: <password>
+    username: <name>
+# '*' is the default match.
+- name: '*'
+  user:
+    token: <token>
+```
+
+<!--
+Of course you need to set up the webhook server to handle these authentications.
+-->
+当然，您需要设置 webhook 服务器来处理这些身份验证。
+{{% /capture %}}
diff --git a/content/zh/docs/reference/access-authn-authz/node.md b/content/zh/docs/reference/access-authn-authz/node.md
new file mode 100644
index 0000000000000..255efffdc4286
--- /dev/null
+++ b/content/zh/docs/reference/access-authn-authz/node.md
@@ -0,0 +1,201 @@
+---
+title: 使用 Node 鉴权
+content_template: templates/concept
+weight: 90
+---
+<!-- 
+---
+reviewers:
+- timstclair
+- deads2k
+- liggitt
+- ericchiang
+title: Using Node Authorization
+content_template: templates/concept
+weight: 90
+---
+-->
+
+{{% capture overview %}}
+节点鉴权是一种特殊用途的鉴权模式，专门对 kubelet 发出的 API 请求进行鉴权。
+<!-- 
+Node authorization is a special-purpose authorization mode that specifically authorizes API requests made by kubelets.
+-->
+{{% /capture %}}
+
+{{% capture body %}}
+## 概述
+<!-- 
+## Overview 
+-->
+
+节点鉴权器允许 kubelet 执行 API 操作。包括：
+<!-- 
+The Node authorizer allows a kubelet to perform API operations. This includes: 
+-->
+
+读取操作：
+<!-- 
+Read operations: 
+-->
+
+* services
+* endpoints
+* nodes
+* pods
+* secrets、configmaps、以及绑定到 kubelet 的节点的 pod 的持久卷申领和持久卷 
+<!-- 
+* services
+* endpoints
+* nodes
+* pods
+* secrets, configmaps, persistent volume claims and persistent volumes related to pods bound to the kubelet's node 
+-->
+
+写入操作：
+<!-- 
+Write operations: 
+-->
+
+* 节点和节点状态（启用 `NodeRestriction` 准入插件以限制 kubelet 只能修改自己的节点）
+* Pod 和 Pod 状态 (启用 `NodeRestriction` 准入插件以限制 kubelet 只能修改绑定到自身的 Pod)
+* 事件
+<!-- 
+* nodes and node status (enable the `NodeRestriction` admission plugin to limit a kubelet to modify its own node)
+* pods and pod status (enable the `NodeRestriction` admission plugin to limit a kubelet to modify pods bound to itself)
+* events 
+-->
+
+鉴权相关操作：
+<!-- 
+Auth-related operations: 
+-->
+
+* 对于基于 TLS 的启动引导过程时使用的 certificationsigningrequests API 的读/写权限
+* 为委派的身份验证/授权检查创建 tokenreviews 和 subjectaccessreviews 的能力
+<!-- 
+* read/write access to the certificationsigningrequests API for TLS bootstrapping
+* the ability to create tokenreviews and subjectaccessreviews for delegated authentication/authorization checks 
+-->
+
+在将来的版本中，节点鉴权器可能会添加或删除权限，以确保 kubelet 具有正确操作所需的最小权限集。
+<!-- 
+In future releases, the node authorizer may add or remove permissions to ensure kubelets
+have the minimal set of permissions required to operate correctly. 
+-->
+
+为了获得节点鉴权器的授权，kubelet 必须使用一个凭证以表示它在 `system:nodes` 组中，用户名为 `system:node:<nodeName>`。
+上述的组名和用户名格式要与 [kubelet TLS 启动引导](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/)过程中为每个 kubelet 创建的标识相匹配。
+<!-- 
+In order to be authorized by the Node authorizer, kubelets must use a credential that identifies them as 
+being in the `system:nodes` group, with a username of `system:node:<nodeName>`.
+This group and user name format match the identity created for each kubelet as part of 
+[kubelet TLS bootstrapping](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/). 
+-->
+
+要启用节点授权器，请使用 `--authorization-mode = Node` 启动 apiserver。
+<!-- 
+To enable the Node authorizer, start the apiserver with `--authorization-mode=Node`. 
+-->
+
+要限制 kubelet 具有写入权限的 API 对象，请使用 `--enable-admission-plugins=...,NodeRestriction,...` 启动 apiserver，从而启用 [NodeRestriction](/docs/reference/access-authn-authz/admission-controllers#NodeRestriction) 准入插件。
+<!-- 
+To limit the API objects kubelets are able to write, enable the [NodeRestriction](/docs/reference/access-authn-authz/admission-controllers#NodeRestriction) admission plugin by starting the apiserver with `--enable-admission-plugins=...,NodeRestriction,...`
+ -->
+
+## 迁移考虑因素
+<!-- 
+## Migration considerations 
+-->
+
+### 在 `system:nodes` 组之外的 Kubelet
+<!-- 
+### Kubelets outside the `system:nodes` group 
+-->
+
+`system:nodes` 组之外的 kubelet 不会被 `Node` 鉴权模式授权，并且需要继续通过当前授权它们的机制来授权。
+节点准入插件不会限制来自这些 kubelet 的请求。
+<!-- 
+Kubelets outside the `system:nodes` group would not be authorized by the `Node` authorization mode,
+and would need to continue to be authorized via whatever mechanism currently authorizes them.
+The node admission plugin would not restrict requests from these kubelets. 
+-->
+
+### 具有无差别用户名的 Kubelet
+<!-- 
+### Kubelets with undifferentiated usernames 
+-->
+
+在一些部署中，kubelet 具有 `system:nodes` 组的凭证，但是无法给出它们所关联的节点的标识，因为它们没有 `system:node:...` 格式的用户名。
+这些 kubelet 不会被 `Node` 授权模式授权，并且需要继续通过当前授权它们的任何机制来授权。
+<!-- 
+In some deployments, kubelets have credentials that place them in the `system:nodes` group,
+but do not identify the particular node they are associated with,
+because they do not have a username in the `system:node:...` format.
+These kubelets would not be authorized by the `Node` authorization mode,
+and would need to continue to be authorized via whatever mechanism currently authorizes them. 
+-->
+
+因为默认的节点标识符实现不会把它当作节点身份标识，`NodeRestriction` 准入插件会忽略来自这些 kubelet 的请求。
+<!-- 
+The `NodeRestriction` admission plugin would ignore requests from these kubelets,
+since the default node identifier implementation would not consider that a node identity. 
+-->
+
+### 相对于以前使用 RBAC 的版本的更新
+<!-- 
+### Upgrades from previous versions using RBAC 
+-->
+
+升级的 1.7 之前的使用 [RBAC](/docs/reference/access-authn-authz/rbac/) 的集群将继续按原样运行，因为 `system:nodes` 组绑定已经存在。
+<!-- 
+Upgraded pre-1.7 clusters using [RBAC](/docs/reference/access-authn-authz/rbac/) will continue functioning as-is because the `system:nodes` group binding will already exist.
+-->
+
+如果集群管理员希望开始使用 `Node` 鉴权器和 `NodeRestriction` 准入插件来限制节点对 API 的访问，这一需求可以通过下列操作来完成且不会影响已部署的应用：
+<!-- 
+If a cluster admin wishes to start using the `Node` authorizer and `NodeRestriction` admission plugin
+to limit node access to the API, that can be done non-disruptively:
+ -->
+
+1. 启用 `Node` 鉴权模式 (`--authorization-mode=Node,RBAC`) 和 `NodeRestriction` 准入插件
+2. 确保所有 kubelet 的凭据符合组/用户名要求
+3. 审核 apiserver 日志以确保 `Node` 鉴权器不会拒绝来自 kubelet 的请求（日志中没有持续的 `NODE DENY` 消息）
+4. 删除 `system:node` 集群角色绑定
+<!-- 
+1. Enable the `Node` authorization mode (`--authorization-mode=Node,RBAC`) and the `NodeRestriction` admission plugin
+2. Ensure all kubelets' credentials conform to the group/username requirements
+3. Audit apiserver logs to ensure the `Node` authorizer is not rejecting requests from kubelets (no persistent `NODE DENY` messages logged)
+4. Delete the `system:node` cluster role binding 
+-->
+
+### RBAC 节点权限
+<!-- 
+### RBAC Node Permissions 
+-->
+
+在 1.6 版本中，当使用 [RBAC 鉴权模式](/docs/reference/access-authn-authz/rbac/) 时，`system:nodes` 集群角色会被自动绑定到 `system:node` 组。
+<!-- 
+In 1.6, the `system:node` cluster role was automatically bound to the `system:nodes` group when using the [RBAC Authorization mode](/docs/reference/access-authn-authz/rbac/). 
+-->
+
+在 1.7 版本中，不再推荐将 `system:nodes` 组自动绑定到 `system:node` 角色，因为节点鉴权器通过对 secret 和 configmap 访问的额外限制完成了相同的任务。
+如果同时启用了 `Node` 和 `RBAC` 授权模式，1.7 版本则不会创建 `system:nodes` 组到 `system:node` 角色的自动绑定。
+<!-- 
+In 1.7, the automatic binding of the `system:nodes` group to the `system:node` role is deprecated
+because the node authorizer accomplishes the same purpose with the benefit of additional restrictions
+on secret and configmap access. If the `Node` and `RBAC` authorization modes are both enabled,
+the automatic binding of the `system:nodes` group to the `system:node` role is not created in 1.7. 
+-->
+
+在 1.8 版本中，绑定将根本不会被创建。
+<!-- 
+In 1.8, the binding will not be created at all. 
+-->
+
+使用 RBAC 时，将继续创建 `system:node` 集群角色，以便与将其他用户或组绑定到该角色的部署方法兼容。
+<!-- 
+When using RBAC, the `system:node` cluster role will continue to be created,
+for compatibility with deployment methods that bind other users or groups to that role. 
+-->
+{{% /capture %}}
diff --git a/content/zh/docs/reference/access-authn-authz/service-accounts-admin.md b/content/zh/docs/reference/access-authn-authz/service-accounts-admin.md
index bf3e0783f908b..65d9aeeb532fb 100644
--- a/content/zh/docs/reference/access-authn-authz/service-accounts-admin.md
+++ b/content/zh/docs/reference/access-authn-authz/service-accounts-admin.md
@@ -4,58 +4,58 @@ approvers:
 - davidopp
 - lavalamp
 - liggitt
-title: 管理Service Accounts
+title: 管理 Service Accounts
 ---
 
-*这是一篇针对service accounts（服务账户）的集群管理员指南。  它呈现了 [User Guide to Service Accounts](/docs/user-guide/service-accounts)中的信息。* 
+*这是一篇针对 service accounts（服务账户）的集群管理员指南。  它呈现了 [User Guide to Service Accounts](/docs/user-guide/service-accounts) 中的信息。* 
 
-*对授权和用户账户的支持已在规划中，当前并不完备，为了更好地描述service accounts，有时这些不完善的特性也会被提及。*
+*对授权和用户账户的支持已在规划中，当前并不完备，为了更好地描述 service accounts，有时这些不完善的特性也会被提及。*
 
 ## 用户账户与服务账户
 
 Kubernetes 区分用户账户和服务账户的概念主要基于以下原因：
 
-  - 用户账户是针对人而言的。  服务账户是针对运行在pod中的进程而言的。
-  - 用户账户是全局性的。 其名称在集群各namespace中都是全局唯一的，未来的用户资源不会做namespace隔离，
-    服务账户是namespace隔离的。
-  - 通常情况下，集群的用户账户可能会从企业数据库进行同步，其创建需要特殊权限，并且涉及到复杂的业务流程。 服务账户创建的目的是为了更轻量，允许集群用户为了具体的任务创建服务账户 (即权限最小化原则)。
+  - 用户账户是针对人而言的。  服务账户是针对运行在 pod 中的进程而言的。
+  - 用户账户是全局性的。 其名称在集群各 namespace 中都是全局唯一的，未来的用户资源不会做 namespace 隔离，
+    服务账户是 namespace 隔离的。
+  - 通常情况下，集群的用户账户可能会从企业数据库进行同步，其创建需要特殊权限，并且涉及到复杂的业务流程。 服务账户创建的目的是为了更轻量，允许集群用户为了具体的任务创建服务账户 ( 即权限最小化原则 )。
   - 对人员和服务账户审计所考虑的因素可能不同。
-  - 针对复杂系统的配置可能包含系统组件相关的各种服务账户的定义。 因为服务账户可以定制化地创建，并且有namespace级别的名称，这种配置是很轻量的。
+  - 针对复杂系统的配置可能包含系统组件相关的各种服务账户的定义。 因为服务账户可以定制化地创建，并且有 namespace 级别的名称，这种配置是很轻量的。
 
 ## 服务账户的自动化
 
-三个独立组件协作完成服务账户相关的自动化:
+三个独立组件协作完成服务账户相关的自动化 :
 
   - 服务账户准入控制器（Service account admission controller）
-  - Token控制器（Token controller）
+  - Token 控制器（Token controller）
   - 服务账户控制器（Service account controller）
 
 ### 服务账户准入控制器
 
-对pod的改动通过一个被称为[Admission Controller](/docs/admin/admission-controllers)的插件来实现。它是apiserver的一部分。
-当pod被创建或更新时，它会同步地修改pod。 当该插件处于激活状态(在大多数发行版中都是默认的)，当pod被创建或更新时它会进行以下动作：
+对 pod 的改动通过一个被称为 [Admission Controller](/docs/admin/admission-controllers) 的插件来实现。它是 apiserver 的一部分。
+当 pod 被创建或更新时，它会同步地修改 pod。 当该插件处于激活状态 ( 在大多数发行版中都是默认的 )，当 pod 被创建或更新时它会进行以下动作：
 
-  1. 如果该pod没有 `ServiceAccount` 设置，将其 `ServiceAccount` 设为 `default`。
-  2. 保证pod所关联的 `ServiceAccount` 存在，否则拒绝该pod。
-  4. 如果pod不包含 `ImagePullSecrets`设置，那么 将 `ServiceAccount`中的`ImagePullSecrets` 信息添加到pod中。
-  5. 将一个包含用于API访问的token的 `volume` 添加到pod中。
-  6. 将挂载于 `/var/run/secrets/kubernetes.io/serviceaccount` 的 `volumeSource`添加到pod下的每个容器中。
+  1. 如果该 pod 没有 `ServiceAccount` 设置，将其 `ServiceAccount` 设为 `default`。
+  2. 保证 pod 所关联的 `ServiceAccount` 存在，否则拒绝该 pod。
+  4. 如果 pod 不包含 `ImagePullSecrets` 设置，那么 将 `ServiceAccount` 中的 `ImagePullSecrets` 信息添加到 pod 中。
+  5. 将一个包含用于 API 访问的 token 的 `volume` 添加到 pod 中。
+  6. 将挂载于 `/var/run/secrets/kubernetes.io/serviceaccount` 的 `volumeSource` 添加到 pod 下的每个容器中。
 
-### Token管理器
+### Token 管理器
 
-Token管理器是controller-manager的一部分。 以异步的形式工作：
+Token 管理器是 controller-manager 的一部分。 以异步的形式工作：
 
-- 检测服务账户的创建，并且创建相应的Secret以支持API访问。
-- 检测服务账户的删除，并且删除所有相应的服务账户Token Secret。
-- 检测Secret的增加，保证相应的服务账户存在，如有需要，为Secret增加token。
-- 检测Secret的删除，如有需要，从相应的服务账户中移除引用。
+- 检测服务账户的创建，并且创建相应的 Secret 以支持 API 访问。
+- 检测服务账户的删除，并且删除所有相应的服务账户 Token Secret。
+- 检测 Secret 的增加，保证相应的服务账户存在，如有需要，为 Secret 增加 token。
+- 检测 Secret 的删除，如有需要，从相应的服务账户中移除引用。
 
-你需要通过 `--service-account-private-key-file` 参数项传入一个服务账户私钥文件至Token管理器。 私钥用于为生成的服务账户token签名。
-同样地，你需要通过 `--service-account-key-file` 参数将对应的公钥传入kube-apiserver。 公钥用于认证过程中的token校验。
+你需要通过 `--service-account-private-key-file` 参数项传入一个服务账户私钥文件至 Token 管理器。 私钥用于为生成的服务账户 token 签名。
+同样地，你需要通过 `--service-account-key-file` 参数将对应的公钥传入 kube-apiserver。 公钥用于认证过程中的 token 校验。
 
 #### 创建额外的 API tokens
 
-控制器中有专门的循环来保证每个服务账户中都存在API token对应的Secret。 当需要为服务账户创建额外的API token时，创建一个类型为 `ServiceAccountToken` 的Secret，并在annotation中引用服务账户，控制器会生成token并更新:
+控制器中有专门的循环来保证每个服务账户中都存在 API token 对应的 Secret。 当需要为服务账户创建额外的 API token 时，创建一个类型为 `ServiceAccountToken` 的 Secret，并在 annotation 中引用服务账户，控制器会生成 token 并更新 :
 
 secret.json:
 
@@ -78,7 +78,7 @@ kubectl create -f ./secret.json
 kubectl describe secret mysecretname
 ```
 
-#### 删除/失效 服务账户token
+#### 删除 / 失效 服务账户 token
 
 ```shell
 kubectl delete secret mysecretname
diff --git a/content/zh/docs/reference/access-authn-authz/webhook.md b/content/zh/docs/reference/access-authn-authz/webhook.md
index e80fed7dc297e..c82049f8d3587 100644
--- a/content/zh/docs/reference/access-authn-authz/webhook.md
+++ b/content/zh/docs/reference/access-authn-authz/webhook.md
@@ -29,10 +29,10 @@ WebHook 是一种 HTTP 回调：某些条件下触发的 HTTP POST 请求；通
 clusters:
   - name: name-of-remote-authz-service
     cluster:
-      certificate-authority: /path/to/ca.pem      # 对远程服务进行身份认证的CA。
+      certificate-authority: /path/to/ca.pem      # 对远程服务进行身份认证的 CA。
       server: https://authz.example.com/authorize # 远程服务的查询 URL. 必须使用 'https'。
 
-# users 代表 API 服务器的 webhook 配置.
+# users 代表 API 服务器的 webhook 配置 .
 users:
   - name: name-of-api-server
     user:
@@ -55,7 +55,7 @@ contexts:
 
 需要注意的是 webhook API 对象与其他 Kubernetes API 对象一样都同样都服从 [版本兼容规则](/docs/api/) 。
 实施人员应该了解 beta 对象的更宽松的兼容性承诺，同时确认请求的 "apiVersion" 字段以确保能被正确地反序列化。
-此外，API 服务器还必须启用 `authorization.k8s.io/v1beta1` API 扩展组(`--runtime-config=authorization.k8s.io/v1beta1=true`)。
+此外，API 服务器还必须启用 `authorization.k8s.io/v1beta1` API 扩展组 (`--runtime-config=authorization.k8s.io/v1beta1=true`)。
 
 
 一个请求内容的例子：
diff --git a/content/zh/docs/reference/command-line-tools-reference/_index.md b/content/zh/docs/reference/command-line-tools-reference/_index.md
index dcd66f2df9f96..7c2792e89403d 100644
--- a/content/zh/docs/reference/command-line-tools-reference/_index.md
+++ b/content/zh/docs/reference/command-line-tools-reference/_index.md
@@ -1,5 +1,13 @@
 ---
-title: 命令行工具
+title: 命令行工具参考
 weight: 60
 toc-hide: true
 ---
+
+<!--
+---
+title: Command line tools reference
+weight: 60
+toc-hide: true
+---
+-->
diff --git a/content/zh/docs/reference/command-line-tools-reference/kube-apiserver.md b/content/zh/docs/reference/command-line-tools-reference/kube-apiserver.md
index 53b9836812fdf..f24899755f83c 100644
--- a/content/zh/docs/reference/command-line-tools-reference/kube-apiserver.md
+++ b/content/zh/docs/reference/command-line-tools-reference/kube-apiserver.md
@@ -9,7 +9,7 @@ notitle: true
 ### 概要
 
 
-Kubernetes API server 为 api 对象验证并配置数据，包括 pods、 services、 replicationcontrollers和其它 api 对象。API Server 提供 REST 操作和到集群共享状态的前端，所有其他组件通过它进行交互。
+Kubernetes API server 为 api 对象验证并配置数据，包括 pods、 services、 replicationcontrollers 和其它 api 对象。API Server 提供 REST 操作和到集群共享状态的前端，所有其他组件通过它进行交互。
 
 ```
 kube-apiserver
@@ -18,99 +18,99 @@ kube-apiserver
 ### 选项
 ```
 
-      --admission-control stringSlice                           控制资源进入集群的准入控制插件的顺序列表。逗号分隔的NamespaceLifecycle列表。(默认值[AlwaysAdmit])
+      --admission-control stringSlice                           控制资源进入集群的准入控制插件的顺序列表。逗号分隔的 NamespaceLifecycle 列表。（默认值 [AlwaysAdmit]）
 
       --admission-control-config-file string                    包含准入控制配置的文件。
 
-      --advertise-address ip                                    向集群成员通知apiserver消息的IP地址。这个地址必须能够被集群中其他成员访问。如果IP地址为空，将会使用--bind-address，如果未指定--bind-address，将会使用主机的默认接口地址。
+      --advertise-address ip                                    向集群成员通知 apiserver 消息的 IP 地址。这个地址必须能够被集群中其他成员访问。如果 IP 地址为空，将会使用 --bind-address，如果未指定 --bind-address，将会使用主机的默认接口地址。
 
-      --allow-privileged                                        如果为true, 将允许特权容器.
+      --allow-privileged                                        如果为 true, 将允许特权容器。
 
-      --anonymous-auth                                          启用到API server的安全端口的匿名请求。未被其他认证方法拒绝的请求被当做匿名请求。匿名请求的用户名为system:anonymous，用户组名为system:unauthenticated。（默认值true）
+      --anonymous-auth                                          启用到 API server 的安全端口的匿名请求。未被其他认证方法拒绝的请求被当做匿名请求。匿名请求的用户名为 system:anonymous，用户组名为 system:unauthenticated。（默认值 true）
 
-      --apiserver-count int                                     集群中运行的apiserver数量，必须为正数。（默认值1）
+      --apiserver-count int                                     集群中运行的 apiserver 数量，必须为正数。（默认值 1）
 
       --audit-log-maxage int                                    基于文件名中的时间戳，旧审计日志文件的最长保留天数。
 
-      --audit-log-maxbackup int                                 旧审计日志文件的最大保留个数.
+      --audit-log-maxbackup int                                 旧审计日志文件的最大保留个数。
 
       --audit-log-maxsize int                                   审计日志被轮转前的最大兆字节数。
 
-      --audit-log-path string                                   如果设置该值，所有到apiserver的请求都将会被记录到这个文件。'-'表示记录到标准输出。
+      --audit-log-path string                                   如果设置该值，所有到 apiserver 的请求都将会被记录到这个文件。'-' 表示记录到标准输出。
 
-      --audit-policy-file string                                定义审计策略配置的文件的路径。需要打开'AdvancedAuditing'特性开关。AdvancedAuditing需要一个配置来启用审计功能。
+      --audit-policy-file string                                定义审计策略配置的文件的路径。需要打开 'AdvancedAuditing' 特性开关。AdvancedAuditing 需要一个配置来启用审计功能。
 
-      --audit-webhook-config-file string                        一个具有kubeconfig格式文件的路径，该文件定义了审计的webhook配置。需要打开'AdvancedAuditing'特性开关。
+      --audit-webhook-config-file string                        一个具有 kubeconfig 格式文件的路径，该文件定义了审计的 webhook 配置。需要打开 'AdvancedAuditing' 特性开关。
 
-      --audit-webhook-mode string                               发送审计事件的策略。 Blocking模式表示正在发送事件时应该阻塞服务器的响应。 Batch模式使webhook异步缓存和发送事件。 Known模式为batch,blocking。 （默认值"batch")
+      --audit-webhook-mode string                               发送审计事件的策略。 Blocking 模式表示正在发送事件时应该阻塞服务器的响应。 Batch 模式使 webhook 异步缓存和发送事件。 Known 模式为 batch,blocking。（默认值 "batch")
 
-      --authentication-token-webhook-cache-ttl duration         从webhook令牌认证者获取的响应的缓存时长。(默认值2m0s)
+      --authentication-token-webhook-cache-ttl duration         从 webhook 令牌认证者获取的响应的缓存时长。( 默认值 2m0s)
 
-      --authentication-token-webhook-config-file string         包含webhook配置的文件，用于令牌认证，具有kubeconfig格式。API server将查询远程服务来决定对bearer令牌的认证。
+      --authentication-token-webhook-config-file string         包含 webhook 配置的文件，用于令牌认证，具有 kubeconfig 格式。API server 将查询远程服务来决定对 bearer 令牌的认证。
 
-      --authorization-mode string                               在安全端口上进行权限验证的插件的顺序列表。以逗号分隔的列表，包括：AlwaysAllow,AlwaysDeny,ABAC,Webhook,RBAC,Node.（默认值"AlwaysAllow"）
+      --authorization-mode string                               在安全端口上进行权限验证的插件的顺序列表。以逗号分隔的列表，包括：AlwaysAllow,AlwaysDeny,ABAC,Webhook,RBAC,Node.（默认值 "AlwaysAllow"）
  
-      --authorization-policy-file string                        包含权限验证策略的csv文件，和--authorization-mode=ABAC一起使用，作用在安全端口上。
+      --authorization-policy-file string                        包含权限验证策略的 csv 文件，和 --authorization-mode=ABAC 一起使用，作用在安全端口上。
  
-      --authorization-webhook-cache-authorized-ttl duration     从webhook授权者获得的'authorized'响应的缓存时长。（默认值5m0s） 
+      --authorization-webhook-cache-authorized-ttl duration     从 webhook 授权者获得的 'authorized' 响应的缓存时长。（默认值 5m0s） 
  
-      --authorization-webhook-cache-unauthorized-ttl duration   从webhook授权者获得的'unauthorized'响应的缓存时长。（默认值30s）
+      --authorization-webhook-cache-unauthorized-ttl duration   从 webhook 授权者获得的 'unauthorized' 响应的缓存时长。（默认值 30s）
  
-      --authorization-webhook-config-file string                包含webhook配置的kubeconfig格式文件，和--authorization-mode=Webhook一起使用。API server将查询远程服务来决定对API server安全端口的访问。
+      --authorization-webhook-config-file string                包含 webhook 配置的 kubeconfig 格式文件，和 --authorization-mode=Webhook 一起使用。API server 将查询远程服务来决定对 API server 安全端口的访问。
  
-      --azure-container-registry-config string                  包含Azure容器注册表配置信息的文件的路径。
+      --azure-container-registry-config string                  包含 Azure 容器注册表配置信息的文件的路径。
 
-      --basic-auth-file string                                  如果设置该值，这个文件将会被用于准许通过http基本认证到API server安全端口的请求。
+      --basic-auth-file string                                  如果设置该值，这个文件将会被用于准许通过 http 基本认证到 API server 安全端口的请求。
 
-      --bind-address ip                                         监听--seure-port的IP地址。被关联的接口必须能够被集群其它节点和CLI/web客户端访问。如果为空，则将使用所有接口（0.0.0.0）。（默认值0.0.0.0）
+      --bind-address ip                                         监听 --seure-port 的 IP 地址。被关联的接口必须能够被集群其它节点和 CLI/web 客户端访问。如果为空，则将使用所有接口（0.0.0.0）。（默认值 0.0.0.0）
 
-      --cert-dir string                                         存放TLS证书的目录。如果提供了--tls-cert-file和--tls-private-key-file选项，该标志将被忽略。（默认值 "/var/run/kubernetes"）
+      --cert-dir string                                         存放 TLS 证书的目录。如果提供了 --tls-cert-file 和 --tls-private-key-file 选项，该标志将被忽略。（默认值 "/var/run/kubernetes"）
 
-      --client-ca-file string                                   如果设置此标志，对于任何请求，如果存包含client-ca-file中的authorities签名的客户端证书，将会使用客户端证书中的CommonName对应的身份进行认证。
+      --client-ca-file string                                   如果设置此标志，对于任何请求，如果存包含 client-ca-file 中的 authorities 签名的客户端证书，将会使用客户端证书中的 CommonName 对应的身份进行认证。
  
-      --cloud-config string                                     云服务提供商配置文件路径。空字符串表示无配置文件.
+      --cloud-config string                                     云服务提供商配置文件路径。空字符串表示无配置文件 .
  
       --cloud-provider string                                   云服务提供商，空字符串表示无提供商。
  
-      --contention-profiling                                    如果已经启用profiling，则启用锁竞争profiling。
+      --contention-profiling                                    如果已经启用 profiling，则启用锁竞争 profiling。
 
-      --cors-allowed-origins stringSlice                        CORS的域列表，以逗号分隔。合法的域可以是一个匹配子域名的正则表达式。如果这个列表为空则不会启用CORS.
+      --cors-allowed-origins stringSlice                        CORS 的域列表，以逗号分隔。合法的域可以是一个匹配子域名的正则表达式。如果这个列表为空则不会启用 CORS.
 
-      --delete-collection-workers int                           用于DeleteCollection调用的工作者数量。这被用于加速namespace的清理。(默认值1)
+      --delete-collection-workers int                           用于 DeleteCollection 调用的工作者数量。这被用于加速 namespace 的清理。( 默认值 1)
 
-      --deserialization-cache-size int                          在内存中缓存的反序列化json对象的数量。
+      --deserialization-cache-size int                          在内存中缓存的反序列化 json 对象的数量。
 
-      --enable-aggregator-routing                               打开到endpoints IP的aggregator路由请求，替换cluster IP。
+      --enable-aggregator-routing                               打开到 endpoints IP 的 aggregator 路由请求，替换 cluster IP。
 
-      --enable-garbage-collector                                启用通用垃圾回收器. 必须与kube-controller-manager对应的标志保持同步。 （默认值true）
+      --enable-garbage-collector                                启用通用垃圾回收器 . 必须与 kube-controller-manager 对应的标志保持同步。 （默认值 true）
 
-      --enable-logs-handler                                     如果为true，则为apiserver日志功能安装一个/logs处理器。（默认值true）
+      --enable-logs-handler                                     如果为 true，则为 apiserver 日志功能安装一个 /logs 处理器。（默认值 true）
 
-      --enable-swagger-ui                                       在apiserver的/swagger-ui路径启用swagger ui。
+      --enable-swagger-ui                                       在 apiserver 的 /swagger-ui 路径启用 swagger ui。
 
-      --etcd-cafile string                                      用于保护etcd通信的SSL CA文件。
+      --etcd-cafile string                                      用于保护 etcd 通信的 SSL CA 文件。
 
-      --etcd-certfile string                                    用于保护etcd通信的的SSL证书文件。
+      --etcd-certfile string                                    用于保护 etcd 通信的的 SSL 证书文件。
 
-      --etcd-keyfile string                                     用于保护etcd通信的SSL密钥文件.
+      --etcd-keyfile string                                     用于保护 etcd 通信的 SSL 密钥文件 .
 
-      --etcd-prefix string                                      附加到所有etcd中资源路径的前缀。 （默认值"/registry"）
+      --etcd-prefix string                                      附加到所有 etcd 中资源路径的前缀。 （默认值 "/registry"）
 
-      --etcd-quorum-read                                        如果为true, 启用quorum读。
+      --etcd-quorum-read                                        如果为 true, 启用 quorum 读。
 
-      --etcd-servers stringSlice                                连接的etcd服务器列表,形式为（scheme://ip:port)，使用逗号分隔。
+      --etcd-servers stringSlice                                连接的 etcd 服务器列表 , 形式为（scheme://ip:port)，使用逗号分隔。
 
-      --etcd-servers-overrides stringSlice                      针对单个资源的etcd服务器覆盖配置, 以逗号分隔。 单个配置覆盖格式为: group/resource#servers, 其中servers形式为http://ip:port, 以分号分隔。
+      --etcd-servers-overrides stringSlice                      针对单个资源的 etcd 服务器覆盖配置 , 以逗号分隔。 单个配置覆盖格式为 : group/resource#servers, 其中 servers 形式为 http://ip:port, 以分号分隔。
 
-      --event-ttl duration                                      事件驻留时间。（默认值1h0m0s)
+      --event-ttl duration                                      事件驻留时间。（默认值 1h0m0s)
 
-      --enable-bootstrap-token-auth                             启用此选项以允许'kube-system'命名空间中的'bootstrap.kubernetes.io/token'类型密钥可以被用于TLS的启动认证。
+      --enable-bootstrap-token-auth                             启用此选项以允许 'kube-system' 命名空间中的 'bootstrap.kubernetes.io/token' 类型密钥可以被用于 TLS 的启动认证。
 
-      --experimental-encryption-provider-config string          包含加密提供程序的配置的文件，该加密提供程序被用于在etcd中保存密钥。
+      --experimental-encryption-provider-config string          包含加密提供程序的配置的文件，该加密提供程序被用于在 etcd 中保存密钥。
 
-      --external-hostname string                                为此master生成外部URL时使用的主机名(例如Swagger API文档)。
+      --external-hostname string                                为此 master 生成外部 URL 时使用的主机名 ( 例如 Swagger API 文档 )。
 
-      --feature-gates mapStringBool                             一个描述alpha/experimental特性开关的键值对列表。 选项包括:
+      --feature-gates mapStringBool                             一个描述 alpha/experimental 特性开关的键值对列表。 选项包括 :
 Accelerators=true|false (ALPHA - default=false)
 AdvancedAuditing=true|false (ALPHA - default=false)
 AffinityInAnnotations=true|false (ALPHA - default=false)
@@ -128,102 +128,102 @@ RotateKubeletServerCertificate=true|false (ALPHA - default=false)
 StreamingProxyRedirects=true|false (BETA - default=true)
 TaintBasedEvictions=true|false (ALPHA - default=false)
 
-      --google-json-key string                                  用于认证的Google Cloud Platform服务账号的JSON密钥。
+      --google-json-key string                                  用于认证的 Google Cloud Platform 服务账号的 JSON 密钥。
 
-      --insecure-allow-any-token username/group1,group2         如果设置该值, 你的服务将处于非安全状态。任何令牌都将会被允许，并将从令牌中把用户信息解析成为username/group1,group2。
+      --insecure-allow-any-token username/group1,group2         如果设置该值 , 你的服务将处于非安全状态。任何令牌都将会被允许，并将从令牌中把用户信息解析成为 username/group1,group2。
 
-      --insecure-bind-address ip                                用于监听--insecure-port的IP地址 (设置成0.0.0.0表示监听所有接口)。（默认值127.0.0.1)
+      --insecure-bind-address ip                                用于监听 --insecure-port 的 IP 地址 ( 设置成 0.0.0.0 表示监听所有接口 )。（默认值 127.0.0.1)
 
-      --insecure-port int                                       用于监听不安全和为认证访问的端口。这个配置假设你已经设置了防火墙规则，使得这个端口不能从集群外访问。对集群的公共地址的443端口的访问将被代理到这个端口。默认设置中使用nginx实现。（默认值8080）
+      --insecure-port int                                       用于监听不安全和为认证访问的端口。这个配置假设你已经设置了防火墙规则，使得这个端口不能从集群外访问。对集群的公共地址的 443 端口的访问将被代理到这个端口。默认设置中使用 nginx 实现。（默认值 8080）
 
-      --kubelet-certificate-authority string                    证书authority的文件路径。
+      --kubelet-certificate-authority string                    证书 authority 的文件路径。
 
-      --kubelet-client-certificate string                       用于TLS的客户端证书文件路径。
+      --kubelet-client-certificate string                       用于 TLS 的客户端证书文件路径。
 
-      --kubelet-client-key string                               用于TLS的客户端证书密钥文件路径.
+      --kubelet-client-key string                               用于 TLS 的客户端证书密钥文件路径 .
 
-      --kubelet-https                                           为kubelet启用https。 （默认值true）
+      --kubelet-https                                           为 kubelet 启用 https。 （默认值 true）
 
-      --kubelet-preferred-address-types stringSlice             用于kubelet连接的首选NodeAddressTypes列表。 (默认值[Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])
+      --kubelet-preferred-address-types stringSlice             用于 kubelet 连接的首选 NodeAddressTypes 列表。 ( 默认值[Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])
 
-      --kubelet-read-only-port uint                             已废弃: kubelet端口. （默认值10255）
+      --kubelet-read-only-port uint                             已废弃 : kubelet 端口 . （默认值 10255）
 
-      --kubelet-timeout duration                                kubelet操作超时时间。（默认值 
+      --kubelet-timeout duration                                kubelet 操作超时时间。（默认值 
       5s）
 
-      --kubernetes-service-node-port int                        如果不为0，Kubernetes master服务（用于创建/管理apiserver）将会使用NodePort类型，并将这个值作为端口号。如果为0，Kubernetes master服务将会使用ClusterIP类型。
+      --kubernetes-service-node-port int                        如果不为 0，Kubernetes master 服务（用于创建 / 管理 apiserver）将会使用 NodePort 类型，并将这个值作为端口号。如果为 0，Kubernetes master 服务将会使用 ClusterIP 类型。
 
-      --master-service-namespace string                         已废弃: 注入到pod中的kubernetes master服务的命名空间。（默认值"default"） 
+      --master-service-namespace string                         已废弃 : 注入到 pod 中的 kubernetes master 服务的命名空间。（默认值 "default"） 
 
-      --max-connection-bytes-per-sec int                        如果不为0，每个用户连接将会被限速为该值（bytes/sec）。当前只应用于长时间运行的请求。
+      --max-connection-bytes-per-sec int                        如果不为 0，每个用户连接将会被限速为该值（bytes/sec）。当前只应用于长时间运行的请求。
 
-      --max-mutating-requests-inflight int                      在给定时间内进行中可变请求的最大数量。当超过该值时，服务将拒绝所有请求。0值表示没有限制。（默认值200）
+      --max-mutating-requests-inflight int                      在给定时间内进行中可变请求的最大数量。当超过该值时，服务将拒绝所有请求。0 值表示没有限制。（默认值 200）
 
-      --max-requests-inflight int                               在给定时间内进行中不可变请求的最大数量。当超过该值时，服务将拒绝所有请求。0值表示没有限制。（默认值400）
+      --max-requests-inflight int                               在给定时间内进行中不可变请求的最大数量。当超过该值时，服务将拒绝所有请求。0 值表示没有限制。（默认值 400）
 
-      --min-request-timeout int                                 一个可选字段，表示一个handler在一个请求超时前，必须保持它处于打开状态的最小秒数。当前只对监听请求handler有效，它基于这个值选择一个随机数作为连接超时值，以达到分散负载的目的（默认值1800）。
+      --min-request-timeout int                                 一个可选字段，表示一个 handler 在一个请求超时前，必须保持它处于打开状态的最小秒数。当前只对监听请求 handler 有效，它基于这个值选择一个随机数作为连接超时值，以达到分散负载的目的（默认值 1800）。
       
-      --oidc-ca-file string                                    如果设置该值，将会使用oidc-ca-file中的任意一个authority对OpenID服务的证书进行验证，否则将会使用主机的根CA对其进行验证。
+      --oidc-ca-file string                                    如果设置该值，将会使用 oidc-ca-file 中的任意一个 authority 对 OpenID 服务的证书进行验证，否则将会使用主机的根 CA 对其进行验证。
       
-      --oidc-client-id string                                   使用OpenID连接的客户端的ID，如果设置了oidc-issuer-url，则必须设置这个值。
+      --oidc-client-id string                                   使用 OpenID 连接的客户端的 ID，如果设置了 oidc-issuer-url，则必须设置这个值。
        
-      --oidc-groups-claim string                                如果提供该值，这个自定义OpenID连接名将指定给特定的用户组。该声明值需要是一个字符串或字符串数组。此标志为实验性的，请查阅验证相关文档进一步了解详细信息。
+      --oidc-groups-claim string                                如果提供该值，这个自定义 OpenID 连接名将指定给特定的用户组。该声明值需要是一个字符串或字符串数组。此标志为实验性的，请查阅验证相关文档进一步了解详细信息。
 
-      --oidc-issuer-url string                                  OpenID颁发者URL，只接受HTTPS方案。如果设置该值，它将被用于验证OIDC JSON Web Token(JWT)。
+      --oidc-issuer-url string                                  OpenID 颁发者 URL，只接受 HTTPS 方案。如果设置该值，它将被用于验证 OIDC JSON Web Token(JWT)。
       
-      --oidc-username-claim string                              用作用户名的OpenID声明值。注意，不保证除默认 ('sub')外的其他声明值的唯一性和不变性。此标志为实验性的，请查阅验证相关文档进一步了解详细信息。
+      --oidc-username-claim string                              用作用户名的 OpenID 声明值。注意，不保证除默认 ('sub') 外的其他声明值的唯一性和不变性。此标志为实验性的，请查阅验证相关文档进一步了解详细信息。
        
-      --profiling                                               在web接口host:port/debug/pprof/上启用profiling。（默认值true）
+      --profiling                                               在 web 接口 host:port/debug/pprof/ 上启用 profiling。（默认值 true）
        
-      --proxy-client-cert-file string                           当必须调用外部程序时，用于证明aggregator或者kube-apiserver的身份的客户端证书。包括代理到用户api-server的请求和调用webhook准入控制插件的请求。它期望这个证书包含一个来自于CA中的--requestheader-client-ca-file标记的签名。该CA在kube-system命名空间的'extension-apiserver-authentication' configmap中发布。从Kube-aggregator收到调用的组件应该使用该CA进行他们部分的双向TLS验证。
+      --proxy-client-cert-file string                           当必须调用外部程序时，用于证明 aggregator 或者 kube-apiserver 的身份的客户端证书。包括代理到用户 api-server 的请求和调用 webhook 准入控制插件的请求。它期望这个证书包含一个来自于 CA 中的 --requestheader-client-ca-file 标记的签名。该 CA 在 kube-system 命名空间的 'extension-apiserver-authentication' configmap 中发布。从 Kube-aggregator 收到调用的组件应该使用该 CA 进行他们部分的双向 TLS 验证。
  
-      --proxy-client-key-file string                            当必须调用外部程序时，用于证明aggregator或者kube-apiserver的身份的客户端证书密钥。包括代理到用户api-server的请求和调用webhook准入控制插件的请求。
+      --proxy-client-key-file string                            当必须调用外部程序时，用于证明 aggregator 或者 kube-apiserver 的身份的客户端证书密钥。包括代理到用户 api-server 的请求和调用 webhook 准入控制插件的请求。
       
-      --repair-malformed-updates                                如果为true，服务将会尽力修复更新请求以通过验证，例如：将更新请求UID的当前值设置为空。在我们修复了所有发送错误格式请求的客户端后，可以关闭这个标志。
+      --repair-malformed-updates                                如果为 true，服务将会尽力修复更新请求以通过验证，例如：将更新请求 UID 的当前值设置为空。在我们修复了所有发送错误格式请求的客户端后，可以关闭这个标志。
 
-      --requestheader-allowed-names stringSlice                 使用--requestheader-username-headers指定的，允许在头部提供用户名的客户端证书通用名称列表。如果为空，任何通过--requestheader-client-ca-file中authorities验证的客户端证书都是被允许的。
+      --requestheader-allowed-names stringSlice                 使用 --requestheader-username-headers 指定的，允许在头部提供用户名的客户端证书通用名称列表。如果为空，任何通过 --requestheader-client-ca-file 中 authorities 验证的客户端证书都是被允许的。
       
-      --requestheader-client-ca-file string                     在信任请求头中以--requestheader-username-headers指示的用户名之前，用于验证接入请求中客户端证书的根证书捆绑。
+      --requestheader-client-ca-file string                     在信任请求头中以 --requestheader-username-headers 指示的用户名之前，用于验证接入请求中客户端证书的根证书捆绑。
       
-      --requestheader-extra-headers-prefix stringSlice          用于检查的请求头的前缀列表。建议使用X-Remote-Extra-。
+      --requestheader-extra-headers-prefix stringSlice          用于检查的请求头的前缀列表。建议使用 X-Remote-Extra-。
 
-      --requestheader-group-headers stringSlice                 用于检查群组的请求头列表。建议使用X-Remote-Group.
+      --requestheader-group-headers stringSlice                 用于检查群组的请求头列表。建议使用 X-Remote-Group.
        
-      --requestheader-username-headers stringSlice              用于检查用户名的请求头列表。建议使用X-Remote-User。
+      --requestheader-username-headers stringSlice              用于检查用户名的请求头列表。建议使用 X-Remote-User。
        
-      --runtime-config mapStringString                          传递给apiserver用于描述运行时配置的键值对集合。 apis/<groupVersion>键可以被用来打开/关闭特定的api版本。apis/<groupVersion>/<resource>键被用来打开/关闭特定的资源. api/all和api/legacy键分别用于控制所有的和遗留的api版本.
+      --runtime-config mapStringString                          传递给 apiserver 用于描述运行时配置的键值对集合。 apis/<groupVersion> 键可以被用来打开 / 关闭特定的 api 版本。apis/<groupVersion>/<resource> 键被用来打开 / 关闭特定的资源 . api/all 和 api/legacy 键分别用于控制所有的和遗留的 api 版本 .
         
-      --secure-port int                                         用于监听具有认证授权功能的HTTPS协议的端口。如果为0，则不会监听HTTPS协议。 （默认值6443)
+      --secure-port int                                         用于监听具有认证授权功能的 HTTPS 协议的端口。如果为 0，则不会监听 HTTPS 协议。 （默认值 6443)
        
-      --service-account-key-file stringArray                    包含PEM加密的x509 RSA或ECDSA私钥或公钥的文件，用于验证ServiceAccount令牌。如果设置该值，--tls-private-key-file将会被使用。指定的文件可以包含多个密钥，并且这个标志可以和不同的文件一起多次使用。
+      --service-account-key-file stringArray                    包含 PEM 加密的 x509 RSA 或 ECDSA 私钥或公钥的文件，用于验证 ServiceAccount 令牌。如果设置该值，--tls-private-key-file 将会被使用。指定的文件可以包含多个密钥，并且这个标志可以和不同的文件一起多次使用。
       
-      --service-cluster-ip-range ipNet                          CIDR表示的IP范围，服务的cluster ip将从中分配。 一定不要和分配给nodes和pods的IP范围产生重叠。
+      --service-cluster-ip-range ipNet                          CIDR 表示的 IP 范围，服务的 cluster ip 将从中分配。 一定不要和分配给 nodes 和 pods 的 IP 范围产生重叠。
       
-      --ssh-keyfile string                                      如果不为空，在使用安全的SSH代理访问节点时，将这个文件作为用户密钥文件。
+      --ssh-keyfile string                                      如果不为空，在使用安全的 SSH 代理访问节点时，将这个文件作为用户密钥文件。
       
-      --storage-backend string                                  持久化存储后端。 选项为: 'etcd3' (默认), 'etcd2'.
+      --storage-backend string                                  持久化存储后端。 选项为 : 'etcd3' ( 默认 ), 'etcd2'.
      
       --storage-media-type string                               在存储中保存对象的媒体类型。某些资源或者存储后端可能仅支持特定的媒体类型，并且忽略该配置项。（默认值 "application/vnd.kubernetes.protobuf")
       
-      --storage-versions string                                 按组划分资源存储的版本。 以"group1/version1,group2/version2,..."的格式指定。当对象从一组移动到另一组时, 你可以指定"group1=group2/v1beta1,group3/v1beta1,..."的格式。你只需要传入你希望从结果中改变的组的列表。默认为从KUBE_API_VERSIONS环境变量集成而来，所有注册组的首选版本列表。 （默认值"admission.k8s.io/v1alpha1,admissionregistration.k8s.io/v1alpha1,apps/v1beta1,authentication.k8s.io/v1,authorization.k8s.io/v1,autoscaling/v1,batch/v1,certificates.k8s.io/v1beta1,componentconfig/v1alpha1,extensions/v1beta1,federation/v1beta1,imagepolicy.k8s.io/v1alpha1,networking.k8s.io/v1,policy/v1beta1,rbac.authorization.k8s.io/v1beta1,settings.k8s.io/v1alpha1,storage.k8s.io/v1,v1")
+      --storage-versions string                                 按组划分资源存储的版本。 以 "group1/version1,group2/version2,..." 的格式指定。当对象从一组移动到另一组时 , 你可以指定 "group1=group2/v1beta1,group3/v1beta1,..." 的格式。你只需要传入你希望从结果中改变的组的列表。默认为从 KUBE_API_VERSIONS 环境变量集成而来，所有注册组的首选版本列表。 （默认值 "admission.k8s.io/v1alpha1,admissionregistration.k8s.io/v1alpha1,apps/v1beta1,authentication.k8s.io/v1,authorization.k8s.io/v1,autoscaling/v1,batch/v1,certificates.k8s.io/v1beta1,componentconfig/v1alpha1,extensions/v1beta1,federation/v1beta1,imagepolicy.k8s.io/v1alpha1,networking.k8s.io/v1,policy/v1beta1,rbac.authorization.k8s.io/v1beta1,settings.k8s.io/v1alpha1,storage.k8s.io/v1,v1")
       
-      --target-ram-mb int                                       apiserver内存限制，单位为MB(用于配置缓存大小等)。
+      --target-ram-mb int                                       apiserver 内存限制，单位为 MB( 用于配置缓存大小等 )。
       
-      --tls-ca-file string                                      如果设置该值，这个证书authority将会被用于从Admission Controllers过来的安全访问。它必须是一个PEM加密的合法CA捆绑包。此外, 该证书authority可以被添加到以--tls-cert-file提供的证书文件中.
+      --tls-ca-file string                                      如果设置该值，这个证书 authority 将会被用于从 Admission Controllers 过来的安全访问。它必须是一个 PEM 加密的合法 CA 捆绑包。此外 , 该证书 authority 可以被添加到以 --tls-cert-file 提供的证书文件中 .
       
-      --tls-cert-file string                                    包含用于HTTPS的默认x509证书的文件。（如果有CA证书，则附加于server证书之后）。如果启用了HTTPS服务，并且没有提供--tls-cert-file和--tls-private-key-file，则将为公共地址生成一个自签名的证书和密钥并保存于/var/run/kubernetes目录。
+      --tls-cert-file string                                    包含用于 HTTPS 的默认 x509 证书的文件。（如果有 CA 证书，则附加于 server 证书之后）。如果启用了 HTTPS 服务，并且没有提供 --tls-cert-file 和 --tls-private-key-file，则将为公共地址生成一个自签名的证书和密钥并保存于 /var/run/kubernetes 目录。
       
-      --tls-private-key-file string                             包含匹配--tls-cert-file的x509证书私钥的文件。
+      --tls-private-key-file string                             包含匹配 --tls-cert-file 的 x509 证书私钥的文件。
       
-      --tls-sni-cert-key namedCertKey                           一对x509证书和私钥的文件路径, 可以使用符合正式域名的域形式作为后缀。 如果没有提供域形式后缀, 则将提取证书名。 非通配符版本优先于通配符版本, 显示的域形式优先于证书中提取的名字。 对于多个密钥/证书对, 请多次使用--tls-sni-cert-key。例如: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". （默认值[])
+      --tls-sni-cert-key namedCertKey                           一对 x509 证书和私钥的文件路径 , 可以使用符合正式域名的域形式作为后缀。 如果没有提供域形式后缀 , 则将提取证书名。 非通配符版本优先于通配符版本 , 显示的域形式优先于证书中提取的名字。 对于多个密钥 / 证书对, 请多次使用 --tls-sni-cert-key。例如 : "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". （默认值[])
       
-      --token-auth-file string                                  如果设置该值，这个文件将被用于通过令牌认证来保护API服务的安全端口。
+      --token-auth-file string                                  如果设置该值，这个文件将被用于通过令牌认证来保护 API 服务的安全端口。
       
       --version version[=true]                                  打印版本信息并退出。
       
-      --watch-cache                                             启用apiserver的监视缓存。（默认值true）
+      --watch-cache                                             启用 apiserver 的监视缓存。（默认值 true）
       
-      --watch-cache-sizes stringSlice                           每种资源（pods, nodes等）的监视缓存大小列表，以逗号分隔。每个缓存配置的形式为：resource#size，size是一个数字。在watch-cache启用时生效。
+      --watch-cache-sizes stringSlice                           每种资源（pods, nodes 等）的监视缓存大小列表，以逗号分隔。每个缓存配置的形式为：resource#size，size 是一个数字。在 watch-cache 启用时生效。
 ```
 
 ###### Auto generated by spf13/cobra on 11-Jul-2017
diff --git a/content/zh/docs/reference/command-line-tools-reference/kube-controller-manager.md b/content/zh/docs/reference/command-line-tools-reference/kube-controller-manager.md
new file mode 100644
index 0000000000000..448f0de7aef37
--- /dev/null
+++ b/content/zh/docs/reference/command-line-tools-reference/kube-controller-manager.md
@@ -0,0 +1,818 @@
+---
+title: kube-controller-manager
+notitle: true
+---
+<!--
+## kube-controller-manager
+-->
+## kube-controller-manager
+
+
+<!--
+### Synopsis
+-->
+### 概述
+
+
+<!--
+The Kubernetes controller manager is a daemon that embeds
+the core control loops shipped with Kubernetes. In applications of robotics and
+automation, a control loop is a non-terminating loop that regulates the state of
+the system. In Kubernetes, a controller is a control loop that watches the shared
+state of the cluster through the apiserver and makes changes attempting to move the
+current state towards the desired state. Examples of controllers that ship with
+Kubernetes today are the replication controller, endpoints controller, namespace
+controller, and serviceaccounts controller.
+-->
+Kubernetes 控制器管理器是一个守护进程，嵌入了 Kubernetes 附带的核心控制循环。 在机器人和自动化的应用中，控制回路是一个永不休止的循环，用于调节系统状态。 在 Kubernetes 中，控制器是一个控制循环，它通过 apiserver 监视集群的共享状态，并尝试进行更改以将当前状态转为所需状态。现今，Kubernetes 自带的控制器包括副本控制器，节点控制器，命名空间控制器和serviceaccounts 控制器。
+
+```
+kube-controller-manager [flags]
+```
+
+<!--
+### Options
+-->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--allocate-node-cidrs</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Should CIDRs for Pods be allocated and set on the cloud provider.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--alsologtostderr</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">log to standard error as well as files</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--attach-detach-reconcile-sync-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 1m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The reconciler sync wait time between volume attach detach. This duration must be larger than one second, and increasing this value from the default may allow for volumes to be mismatched with pods.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authentication-kubeconfig string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io. This is optional. If empty, all token requests are considered to be anonymous and no client CA is looked up in the cluster.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authentication-skip-lookup</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authentication-token-webhook-cache-ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 10s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration to cache responses from the webhook token authenticator.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authentication-tolerate-lookup-failure</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If true, failures to look up missing authentication configuration from the cluster are not considered fatal. Note that this can result in authentication that treats all requests as anonymous.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authorization-always-allow-paths stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [/healthz]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of HTTP paths to skip during authorization, i.e. these are authorized without contacting the 'core' kubernetes server.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authorization-kubeconfig string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. This is optional. If empty, all requests not skipped by authorization are forbidden.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authorization-webhook-cache-authorized-ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 10s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration to cache 'authorized' responses from the webhook authorizer.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--authorization-webhook-cache-unauthorized-ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 10s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration to cache 'unauthorized' responses from the webhook authorizer.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--azure-container-registry-config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to the file containing Azure container registry configuration information.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--bind-address ip&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 0.0.0.0</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces).</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cidr-allocator-type string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "RangeAllocator"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Type of CIDR allocator to use</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--client-ca-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cloud-config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path to the cloud provider configuration file. Empty string for no configuration file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cloud-provider string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The provider for cloud services. Empty string for no provider.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cluster-cidr string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">CIDR Range for Pods in cluster. Requires --allocate-node-cidrs to be true</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cluster-name string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The instance prefix for the cluster.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cluster-signing-cert-file string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/ca/ca.pem"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Filename containing a PEM-encoded X509 CA certificate used to issue cluster-scoped certificates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cluster-signing-key-file string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/ca/ca.key"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Filename containing a PEM-encoded RSA or ECDSA private key used to sign cluster-scoped certificates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-deployment-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of deployment objects that are allowed to sync concurrently. Larger number = more responsive deployments, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-endpoint-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-gc-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 20</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of garbage collector workers that are allowed to sync concurrently.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-namespace-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 10</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of namespace objects that are allowed to sync concurrently. Larger number = more responsive namespace termination, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-replicaset-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of replica sets that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-resource-quota-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of resource quotas that are allowed to sync concurrently. Larger number = more responsive quota management, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-service-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 1</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of services that are allowed to sync concurrently. Larger number = more responsive service management, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-serviceaccount-token-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of service account token objects that are allowed to sync concurrently. Larger number = more responsive token generation, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent-ttl-after-finished-syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of TTL-after-finished controller workers that are allowed to sync concurrently.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--concurrent_rc_syncs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--configure-cloud-routes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Should CIDRs allocated by allocate-node-cidrs be configured on the cloud provider.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--contention-profiling</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Enable lock contention profiling, if profiling is enabled</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--controller-start-interval duration</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Interval between starting controller managers.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--controllers stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [*]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller named 'foo', '-foo' disables the controller named 'foo'.<br/>All controllers: attachdetach, bootstrapsigner, cloud-node-lifecycle, clusterrole-aggregation, cronjob, csrapproving, csrcleaner, csrsigning, daemonset, deployment, disruption, endpoint, garbagecollector, horizontalpodautoscaling, job, namespace, nodeipam, nodelifecycle, persistentvolume-binder, persistentvolume-expander, podgc, pv-protection, pvc-protection, replicaset, replicationcontroller, resourcequota, root-ca-cert-publisher, route, service, serviceaccount, serviceaccount-token, statefulset, tokencleaner, ttl, ttl-after-finished<br/>Disabled-by-default controllers: bootstrapsigner, tokencleaner</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--deployment-controller-sync-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 30s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Period for syncing the deployments.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--disable-attach-detach-reconcile-sync</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Disable volume attach detach reconciler sync. Disabling this may cause volumes to be mismatched with pods. Use wisely.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--enable-dynamic-provisioning&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Enable dynamic provisioning for environments that support it.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--enable-garbage-collector&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Enables the generic garbage collector. MUST be synced with the corresponding flag of the kube-apiserver.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--enable-hostpath-provisioner</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Enable HostPath PV provisioning when running without a cloud provider. This allows testing and development of provisioning features.  HostPath provisioning is not supported in any way, won't work in a multi-node cluster, and should not be used for anything other than testing or development.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--enable-taint-manager&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">WARNING: Beta feature. If set to true enables NoExecute Taints and will evict all not-tolerating Pod running on Nodes tainted with this kind of Taints.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--experimental-cluster-signing-duration duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 8760h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The length of duration signed certificates will be given.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--external-cloud-volume-plugin string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The plugin to use when cloud provider is set to external. Can be empty, should only be set when cloud-provider is external. Currently used to allow node and volume controllers to work for in tree cloud providers.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates mapStringBool</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:<br/>APIListChunking=true|false (BETA - default=true)<br/>APIResponseCompression=true|false (ALPHA - default=false)<br/>AllAlpha=true|false (ALPHA - default=false)<br/>AppArmor=true|false (BETA - default=true)<br/>AttachVolumeLimit=true|false (BETA - default=true)<br/>BalanceAttachedNodeVolumes=true|false (ALPHA - default=false)<br/>BlockVolume=true|false (BETA - default=true)<br/>BoundServiceAccountTokenVolume=true|false (ALPHA - default=false)<br/>CPUManager=true|false (BETA - default=true)<br/>CRIContainerLogRotation=true|false (BETA - default=true)<br/>CSIBlockVolume=true|false (BETA - default=true)<br/>CSIDriverRegistry=true|false (BETA - default=true)<br/>CSIInlineVolume=true|false (ALPHA - default=false)<br/>CSIMigration=true|false (ALPHA - default=false)<br/>CSIMigrationAWS=true|false (ALPHA - default=false)<br/>CSIMigrationGCE=true|false (ALPHA - default=false)<br/>CSIMigrationOpenStack=true|false (ALPHA - default=false)<br/>CSINodeInfo=true|false (BETA - default=true)<br/>CustomCPUCFSQuotaPeriod=true|false (ALPHA - default=false)<br/>CustomResourcePublishOpenAPI=true|false (ALPHA - default=false)<br/>CustomResourceSubresources=true|false (BETA - default=true)<br/>CustomResourceValidation=true|false (BETA - default=true)<br/>CustomResourceWebhookConversion=true|false (ALPHA - default=false)<br/>DebugContainers=true|false (ALPHA - default=false)<br/>DevicePlugins=true|false (BETA - default=true)<br/>DryRun=true|false (BETA - default=true)<br/>DynamicAuditing=true|false (ALPHA - default=false)<br/>DynamicKubeletConfig=true|false (BETA - default=true)<br/>ExpandCSIVolumes=true|false (ALPHA - default=false)<br/>ExpandInUsePersistentVolumes=true|false (ALPHA - default=false)<br/>ExpandPersistentVolumes=true|false (BETA - default=true)<br/>ExperimentalCriticalPodAnnotation=true|false (ALPHA - default=false)<br/>ExperimentalHostUserNamespaceDefaulting=true|false (BETA - default=false)<br/>HyperVContainer=true|false (ALPHA - default=false)<br/>KubeletPodResources=true|false (ALPHA - default=false)<br/>LocalStorageCapacityIsolation=true|false (BETA - default=true)<br/>MountContainers=true|false (ALPHA - default=false)<br/>NodeLease=true|false (BETA - default=true)<br/>PodShareProcessNamespace=true|false (BETA - default=true)<br/>ProcMountType=true|false (ALPHA - default=false)<br/>QOSReserved=true|false (ALPHA - default=false)<br/>ResourceLimitsPriorityFunction=true|false (ALPHA - default=false)<br/>ResourceQuotaScopeSelectors=true|false (BETA - default=true)<br/>RotateKubeletClientCertificate=true|false (BETA - default=true)<br/>RotateKubeletServerCertificate=true|false (BETA - default=true)<br/>RunAsGroup=true|false (BETA - default=true)<br/>RuntimeClass=true|false (BETA - default=true)<br/>SCTPSupport=true|false (ALPHA - default=false)<br/>ScheduleDaemonSetPods=true|false (BETA - default=true)<br/>ServerSideApply=true|false (ALPHA - default=false)<br/>ServiceNodeExclusion=true|false (ALPHA - default=false)<br/>StorageVersionHash=true|false (ALPHA - default=false)<br/>StreamingProxyRedirects=true|false (BETA - default=true)<br/>SupportNodePidsLimit=true|false (ALPHA - default=false)<br/>SupportPodPidsLimit=true|false (BETA - default=true)<br/>Sysctls=true|false (BETA - default=true)<br/>TTLAfterFinished=true|false (ALPHA - default=false)<br/>TaintBasedEvictions=true|false (BETA - default=true)<br/>TaintNodesByCondition=true|false (BETA - default=true)<br/>TokenRequest=true|false (BETA - default=true)<br/>TokenRequestProjection=true|false (BETA - default=true)<br/>ValidateProxyRedirects=true|false (BETA - default=true)<br/>VolumeSnapshotDataSource=true|false (ALPHA - default=false)<br/>VolumeSubpathEnvExpansion=true|false (ALPHA - default=false)<br/>WinDSR=true|false (ALPHA - default=false)<br/>WinOverlay=true|false (ALPHA - default=false)<br/>WindowsGMSA=true|false (ALPHA - default=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--flex-volume-plugin-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Full path of the directory in which the flex volume plugin should search for additional third party volume plugins.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for kube-controller-manager</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--horizontal-pod-autoscaler-cpu-initialization-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period after pod start when CPU samples might be skipped.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--horizontal-pod-autoscaler-downscale-stabilization duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period for which autoscaler will look backwards and not scale down below any recommendation it made during that period.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--horizontal-pod-autoscaler-initial-readiness-delay duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 30s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period after pod start during which readiness changes will be treated as initial readiness.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--horizontal-pod-autoscaler-sync-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 15s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period for syncing the number of pods in horizontal pod autoscaler.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--horizontal-pod-autoscaler-tolerance float&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 0.1</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The minimum change (from 1.0) in the desired-to-actual metrics ratio for the horizontal pod autoscaler to consider scaling.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--http2-max-streams-per-connection int</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The limit that the server gives to clients for the maximum number of streams in an HTTP/2 connection. Zero means to use golang's default.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kube-api-burst int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 30</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Burst to use while talking with kubernetes apiserver.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kube-api-content-type string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "application/vnd.kubernetes.protobuf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Content type of requests sent to apiserver.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kube-api-qps float32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 20</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">QPS to use while talking with kubernetes apiserver.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeconfig file with authorization and master location information.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--large-cluster-size-threshold int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 50</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Number of nodes from which NodeController treats the cluster as large for the eviction logic purposes. --secondary-node-eviction-rate is implicitly overridden to 0 for clusters this size or smaller.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--leader-elect&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--leader-elect-lease-duration duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 15s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--leader-elect-renew-deadline duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 10s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--leader-elect-resource-lock endpoints&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "endpoints"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--leader-elect-retry-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 2s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--log-backtrace-at traceLocation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: :0</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">when logging hits line file:N, emit a stack trace</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--log-dir string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If non-empty, write log files in this directory</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--log-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If non-empty, use this log file</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--log-flush-frequency duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Maximum number of seconds between log flushes</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--logtostderr&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">log to standard error instead of files</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--master string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The address of the Kubernetes API server (overrides any value in kubeconfig).</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--min-resync-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 12h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The resync period in reflectors will be random between MinResyncPeriod and 2*MinResyncPeriod.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--namespace-sync-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period for syncing namespace life-cycle updates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-cidr-mask-size int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 24</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Mask size for node cidr in cluster.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-eviction-rate float32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 0.1</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Number of nodes per second on which pods are deleted in case of node failure when a zone is healthy (see --unhealthy-zone-threshold for definition of healthy/unhealthy). Zone refers to entire cluster in non-multizone clusters.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-monitor-grace-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 40s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Amount of time which we allow running Node to be unresponsive before marking it unhealthy. Must be N times more than kubelet's nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet to post node status.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-monitor-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period for syncing NodeStatus in NodeController.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-startup-grace-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 1m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Amount of time which we allow starting Node to be unresponsive before marking it unhealthy.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pod-eviction-timeout duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The grace period for deleting pods on failed nodes.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--profiling</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Enable profiling via web interface host:port/debug/pprof/</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pv-recycler-increment-timeout-nfs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 30</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">the increment of time added per Gi to ActiveDeadlineSeconds for an NFS scrubber pod</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pv-recycler-minimum-timeout-hostpath int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 60</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The minimum ActiveDeadlineSeconds to use for a HostPath Recycler pod.  This is for development and testing only and will not work in a multi-node cluster.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pv-recycler-minimum-timeout-nfs int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 300</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The minimum ActiveDeadlineSeconds to use for an NFS Recycler pod</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pv-recycler-pod-template-filepath-hostpath string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The file path to a pod definition used as a template for HostPath persistent volume recycling. This is for development and testing only and will not work in a multi-node cluster.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pv-recycler-pod-template-filepath-nfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The file path to a pod definition used as a template for NFS persistent volume recycling</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pv-recycler-timeout-increment-hostpath int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 30</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">the increment of time added per Gi to ActiveDeadlineSeconds for a HostPath scrubber pod.  This is for development and testing only and will not work in a multi-node cluster.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pvclaimbinder-sync-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 15s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period for syncing persistent volumes and persistent volume claims</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--requestheader-allowed-names stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--requestheader-client-ca-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--requestheader-extra-headers-prefix stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [x-remote-extra-]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">List of request header prefixes to inspect. X-Remote-Extra- is suggested.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--requestheader-group-headers stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [x-remote-group]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">List of request headers to inspect for groups. X-Remote-Group is suggested.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--requestheader-username-headers stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [x-remote-user]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">List of request headers to inspect for usernames. X-Remote-User is common.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--resource-quota-sync-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 5m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period for syncing quota usage status in the system</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--root-ca-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If set, this root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--route-reconciliation-period duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 10s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The period for reconciling routes created for Nodes by cloud provider.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--secondary-node-eviction-rate float32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 0.01</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Number of nodes per second on which pods are deleted in case of node failure when a zone is unhealthy (see --unhealthy-zone-threshold for definition of healthy/unhealthy). Zone refers to entire cluster in non-multizone clusters. This value is implicitly overridden to 0 if the cluster size is smaller than --large-cluster-size-threshold.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--secure-port int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 10257</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port on which to serve HTTPS with authentication and authorization.If 0, don't serve HTTPS at all.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-account-private-key-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Filename containing a PEM-encoded private RSA or ECDSA key used to sign service account tokens.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cluster-ip-range string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">CIDR Range for Services in cluster. Requires --allocate-node-cidrs to be true</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--skip-headers</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If true, avoid header prefixes in the log messages</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--stderrthreshold severity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 2</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">logs at or above this threshold go to stderr</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--terminated-pod-gc-threshold int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 12500</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods. If &lt;= 0, the terminated pod garbage collector is disabled.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--tls-cert-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--tls-cipher-suites stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be use.  Possible values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--tls-min-version string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--tls-private-key-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">File containing the default x509 private key matching --tls-cert-file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--tls-sni-cert-key namedCertKey&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: []</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com".</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--unhealthy-zone-threshold float32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 0.55</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Fraction of Nodes in a zone which needs to be not Ready (minimum 3) for zone to be treated as unhealthy. </td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--use-service-account-credentials</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If true, use individual service account credentials for each controller.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-v, --v Level</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">number for the log level verbosity</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--version version[=true]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Print version information and quit</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--vmodule moduleSpec</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">comma-separated list of pattern=N settings for file-filtered logging</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/federation/_index.html b/content/zh/docs/reference/federation/_index.html
new file mode 100644
index 0000000000000..73b1875340882
--- /dev/null
+++ b/content/zh/docs/reference/federation/_index.html
@@ -0,0 +1,11 @@
+---
+title: "联邦 API"
+weight: 40
+---
+
+<!--
+---
+title: "Federation API"
+weight: 40
+---
+-->
diff --git a/content/zh/docs/reference/glossary/aggregation-layer.md b/content/zh/docs/reference/glossary/aggregation-layer.md
new file mode 100644
index 0000000000000..982c7ef3a2cbb
--- /dev/null
+++ b/content/zh/docs/reference/glossary/aggregation-layer.md
@@ -0,0 +1,45 @@
+---
+title: 聚合层
+id: aggregation-layer
+date: 2018-10-08
+full_link: /docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/
+short_description: >
+  聚合层允许您在自己的集群上安装额外的 Kubernetes 风格的 API。
+
+aka: 
+tags:
+- architecture
+- extension
+- operation
+---
+
+<!--
+---
+title: Aggregation Layer
+id: aggregation-layer
+date: 2018-10-08
+full_link: /docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/
+short_description: >
+  The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.
+
+aka: 
+tags:
+- architecture
+- extension
+- operation
+---
+-->
+
+<!--
+ The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.
+-->
+
+聚合层允许您在自己的集群上安装额外的 Kubernetes 风格的 API。
+
+<!--more--> 
+
+<!--
+When you've configured the {{< glossary_tooltip text="Kubernetes API Server" term_id="kube-apiserver" >}} to [support additional APIs](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/), you can add `APIService` objects to "claim" a URL path in the Kubernetes API.
+-->
+
+当您配置了 {{< glossary_tooltip text="Kubernetes API Server" term_id="kube-apiserver" >}} 来 [支持额外的 API](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/)，您就可以在 Kubernetes API 中增加 `APIService` 对象来  "申领（Claim）" 一个 URL 路径。 
diff --git a/content/zh/docs/reference/glossary/annotation.md b/content/zh/docs/reference/glossary/annotation.md
new file mode 100644
index 0000000000000..75705d9745219
--- /dev/null
+++ b/content/zh/docs/reference/glossary/annotation.md
@@ -0,0 +1,42 @@
+---
+title: 注解
+id: annotation
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/annotations
+short_description: >
+  注解是以键值对的形式给资源对象附加随机的无法标识的元数据。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: Annotation
+id: annotation
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/annotations
+short_description: >
+  A key-value pair that is used to attach arbitrary non-identifying metadata to objects.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ A key-value pair that is used to attach arbitrary non-identifying metadata to objects.
+-->
+
+ 注解是以键值对的形式给资源对象附加随机的无法标识的元数据。
+
+<!--more--> 
+
+<!--
+The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels. Clients such as tools and libraries can retrieve this metadata.
+-->
+
+注解中的元数据可大可小，可以是结构化的也可以是非结构化的，并且能包含标签不允许使用的字符。像工具和软件库这样的客户端可以检索这些元数据。
+
diff --git a/content/zh/docs/reference/glossary/application-architect.md b/content/zh/docs/reference/glossary/application-architect.md
new file mode 100644
index 0000000000000..849d1b768532d
--- /dev/null
+++ b/content/zh/docs/reference/glossary/application-architect.md
@@ -0,0 +1,37 @@
+---
+title: 应用架构师
+id: application-architect
+date: 2018-04-12
+full_link: 
+short_description: >
+  应用架构师是负责应用高级设计的人。
+
+aka: 
+tags:
+- user-type
+---
+ 应用架构师是负责应用高级设计的人。
+
+<!--
+---
+title: Application Architect
+id: application-architect
+date: 2018-04-12
+full_link: 
+short_description: >
+  A person responsible for the high-level design of an application.
+
+aka: 
+tags:
+- user-type
+---
+ A person responsible for the high-level design of an application.
+-->
+
+<!--more--> 
+<!--
+An architect ensures that an app's implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.
+-->
+
+应用架构师确保应用的实现允许它和周边组件进行可扩展的、可持续的交互。周边组件包括数据库、日志基础设施和其他微服务。
+
diff --git a/content/zh/docs/reference/glossary/application-developer.md b/content/zh/docs/reference/glossary/application-developer.md
new file mode 100644
index 0000000000000..65650133dac5f
--- /dev/null
+++ b/content/zh/docs/reference/glossary/application-developer.md
@@ -0,0 +1,41 @@
+---
+title: 应用开发者
+id: application-developer
+date: 2018-04-12
+full_link: 
+short_description: >
+  编写可以在 Kubernetes 集群上运行的应用的人。
+
+aka: 
+tags:
+- user-type
+---
+
+<!--
+---
+title: Application Developer
+id: application-developer
+date: 2018-04-12
+full_link: 
+short_description: >
+  A person who writes an application that runs in a Kubernetes cluster.
+
+aka: 
+tags:
+- user-type
+---
+-->
+
+<!--
+A person who writes an application that runs in a Kubernetes cluster.
+-->
+
+编写可以在 Kubernetes 集群上运行的应用的人。
+
+<!--more--> 
+
+<!--
+An application developer focuses on one part of an application. The scale of their focus may vary significantly in size.
+-->
+
+应用开发者专注于应用的某一部分。他们工作范围的大小有明显的差异。
diff --git a/content/zh/docs/reference/glossary/approver.md b/content/zh/docs/reference/glossary/approver.md
new file mode 100755
index 0000000000000..879ef5e58b6d5
--- /dev/null
+++ b/content/zh/docs/reference/glossary/approver.md
@@ -0,0 +1,40 @@
+---
+title: 批准者
+id: approver
+date: 2018-04-12
+full_link: 
+short_description: >
+  可以审核并批准 Kubernetes 代码贡献的人。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+---
+title: Approver
+id: approver
+date: 2018-04-12
+full_link: 
+short_description: >
+  A person who can review and approve Kubernetes code contributions.
+
+aka: 
+tags:
+- community
+---
+-->
+
+ 可以审核并批准 Kubernetes 代码贡献的人。
+
+<!--more--> 
+
+<!--
+While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.
+-->
+
+代码审核的重点是代码质量和正确性，而批准的重点是对贡献的整体接受。
+整体接受包括向后/向前兼容性、遵守 API 和参数约定、细微的性能和正确性问题、与系统其他部分的交互等。
+批准者状态的作用域是代码库的一部分。
+审批者以前被称为维护者。
diff --git a/content/zh/docs/reference/glossary/certificate.md b/content/zh/docs/reference/glossary/certificate.md
new file mode 100644
index 0000000000000..238178c8908ee
--- /dev/null
+++ b/content/zh/docs/reference/glossary/certificate.md
@@ -0,0 +1,42 @@
+---
+title: 证书
+id: certificate
+date: 2018-04-12
+full_link: /docs/tasks/tls/managing-tls-in-a-cluster/
+short_description: >
+  证书是个安全加密文件，用来确认对 Kubernetes 集群访问的合法性。
+
+aka: 
+tags:
+- security
+---
+
+<!--
+---
+title: Certificate
+id: certificate
+date: 2018-04-12
+full_link: /docs/tasks/tls/managing-tls-in-a-cluster/
+short_description: >
+  A cryptographically secure file used to validate access to the Kubernetes cluster.
+
+aka: 
+tags:
+- security
+---
+-->
+
+<!--
+ A cryptographically secure file used to validate access to the Kubernetes cluster.
+-->
+
+证书是个安全加密文件，用来确认对 Kubernetes 集群访问的合法性。
+
+<!--more--> 
+
+<!--
+Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API.
+-->
+
+证书可以让 Kubernetes 集群中运行的应用程序安全的访问 Kubernetes API。证书可以确认客户端是否被允许访问 API。
+
diff --git a/content/zh/docs/reference/glossary/cla.md b/content/zh/docs/reference/glossary/cla.md
new file mode 100644
index 0000000000000..dae58a89e626a
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cla.md
@@ -0,0 +1,38 @@
+---
+title: CLA (贡献者许可协议)
+id: cla
+date: 2018-04-12
+full_link: https://github.com/kubernetes/community/blob/master/CLA.md
+short_description: >
+  贡献者对他们在开源项目中所贡献的代码的授权许可条款。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+---
+title: CLA (Contributor License Agreement)
+id: cla
+date: 2018-04-12
+full_link: https://github.com/kubernetes/community/blob/master/CLA.md
+short_description: >
+  Terms under which a contributor grants a license to an open source project for their contributions.
+
+aka: 
+tags:
+- community
+---
+-->
+
+ {{< glossary_tooltip text="贡献者" term_id="contributor" >}} 对他们在开源项目中所贡献的代码的授权许可条款。
+
+<!--more--> 
+
+<!--
+CLAs help resolve legal disputes involving contributed material and intellectual property (IP).
+-->
+
+CLA 对解决贡献者在开源社区所贡献的资料和智力资产（IP）导致的法律纠纷很有帮助。
+
diff --git a/content/zh/docs/reference/glossary/cloud-controller-manager.md b/content/zh/docs/reference/glossary/cloud-controller-manager.md
new file mode 100755
index 0000000000000..b6254d7ce9791
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cloud-controller-manager.md
@@ -0,0 +1,47 @@
+---
+title: 云控制器管理器
+id: cloud-controller-manager
+date: 2018-04-12
+full_link: /docs/tasks/administer-cluster/running-cloud-controller/
+short_description: >
+  云控制器管理器是 1.8 的 alpha 特性。在未来发布的版本中，这是将 Kubernetes 与任何其他云集成的最佳方式。
+
+aka: 
+tags:
+- core-object
+- architecture
+- operation
+---
+
+<!--
+---
+title: Cloud Controller Manager
+id: cloud-controller-manager
+date: 2018-04-12
+full_link: /docs/tasks/administer-cluster/running-cloud-controller/
+short_description: >
+  Cloud Controller Manager is an alpha feature in 1.8. In upcoming releases it will be the preferred way to integrate Kubernetes with any cloud.
+
+aka: 
+tags:
+- core-object
+- architecture
+- operation
+---
+-->
+
+<!--
+ Cloud Controller Manager is an alpha feature in 1.8. In upcoming releases it will be the preferred way to integrate Kubernetes with any cloud.
+-->
+
+云控制器管理器是 1.8 的 alpha 特性。在未来发布的版本中，这是将 Kubernetes 与任何其他云集成的最佳方式。
+
+<!--more--> 
+
+<!--
+Kubernetes v1.6 contains a new binary called cloud-controller-manager. cloud-controller-manager is a daemon that embeds cloud-specific control loops.  These cloud-specific control loops were originally in the kube-controller-manager. Since cloud providers develop and release at a different pace compared to the Kubernetes  project, abstracting the provider-specific code to the cloud-controller-manager binary allows cloud vendors to evolve independently from the core Kubernetes code.
+-->
+
+Kubernetes v1.6 包含一个新的可执行文件叫做 cloud-controller-manager。cloud-controller-manager 是一个守护进程，其中嵌入了特定于某云环境的控制环。
+这些特定于云环境的控制环最初位于 kube-controller-manager 中。
+由于云供应商的开发和发布节奏与 Kubernetes 项目不同步，将特定于供应商的代码抽象到 cloud-controller-manager 可执行文件可以允许云供应商独立于核心 Kubernetes 代码进行演进。
diff --git a/content/zh/docs/reference/glossary/cloud-provider.md b/content/zh/docs/reference/glossary/cloud-provider.md
new file mode 100644
index 0000000000000..16851569d62ed
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cloud-provider.md
@@ -0,0 +1,38 @@
+---
+title: 云供应商
+id: cloud-provider
+date: 2018-04-12
+full_link: /docs/concepts/cluster-administration/cloud-providers
+short_description: >
+  云供应商是提供可以用来运行 Kubernetes 集群的云计算平台的公司。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+---
+title: Cloud Provider
+id: cloud-provider
+date: 2018-04-12
+full_link: /docs/concepts/cluster-administration/cloud-providers
+short_description: >
+  Cloud provider is a company that offers cloud computing platform that can run Kubernetes clusters.
+
+aka: 
+tags:
+- community
+---
+-->
+<!--
+ Cloud provider is a company that offers cloud computing platform that can run Kubernetes clusters.
+-->
+ 云供应商是提供可以用来运行 Kubernetes 集群的云计算平台的公司。
+
+<!--more--> 
+<!--
+Cloud providers or sometime called Cloud Service Provider (CSPs) provides cloud computing platforms.  They may offer services such as Infrastructure as a Service (IaaS) or Platform as a Service (PaaS).  Cloud providers host the Kubernetes cluster and also provide services that interact with the cluster, such as Load Balancers, Storage Classes etc. 
+-->
+
+云供应商也叫云服务供应商（CSPs），他们可以为用户提供云计算平台。他们提供的服务可以是基础设施即服务（IaaS）或者平台即服务（PaaS）。云供应商除了运行 Kubernetes 集群，还提供一些集群交互的服务，例如负载均衡（Load Balancers）、存储类别（Storage Classes）等。
diff --git a/content/zh/docs/reference/glossary/cluster-architect.md b/content/zh/docs/reference/glossary/cluster-architect.md
new file mode 100644
index 0000000000000..c45bcfbe349a0
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cluster-architect.md
@@ -0,0 +1,37 @@
+---
+title: 集群架构师
+id: cluster-architect
+date: 2018-04-12
+full_link: 
+short_description: >
+  集群架构师负责设计集群的基础设施，可能包含一个或多个 Kubernetes 集群。
+
+aka: 
+tags:
+- user-type
+---
+
+<!--
+---
+title: Cluster Architect
+id: cluster-architect
+date: 2018-04-12
+full_link: 
+short_description: >
+  A person who designs infrastructure that involves one or more Kubernetes clusters.
+
+aka: 
+tags:
+- user-type
+---
+-->
+
+ 集群架构师负责设计集群的基础设施，可能包含一个或多个 Kubernetes 集群。
+
+<!--more--> 
+
+<!--
+Cluster architects are concerned with best practices for distributed systems, for example&#58; high availability and security.
+-->
+
+集群架构师要具备分布式系统的最佳实践经验，例如：高可用性和安全性。
diff --git a/content/zh/docs/reference/glossary/cluster-operator.md b/content/zh/docs/reference/glossary/cluster-operator.md
new file mode 100644
index 0000000000000..8318dd46edffa
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cluster-operator.md
@@ -0,0 +1,44 @@
+---
+title: 集群操作者
+id: cluster-operator
+date: 2018-04-12
+full_link: 
+short_description: >
+  配置、控制、监控集群的人。
+
+aka: 
+tags:
+- user-type
+---
+
+<!--
+---
+title: Cluster Operator
+id: cluster-operator
+date: 2018-04-12
+full_link: 
+short_description: >
+  A person who configures, controls, and monitors clusters.
+
+aka: 
+tags:
+- user-type
+---
+-->
+
+<!--
+ A person who configures, controls, and monitors clusters.
+-->
+ 配置、控制、监控集群的人。
+
+<!--more--> 
+<!--
+Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.<br>
+
+**NOTE:** Cluster operators are different from the [Operator pattern](https://coreos.com/operators) that extends the Kubernetes API.
+-->
+
+他们的主要责任是保持集群正常运行，可能需要进行周期性的维护和升级活动。<br>
+
+**注意：** 集群操作者不同于[操作者模式（Operator Pattern）](https://coreos.com/operators)，操作者模式是用来扩展 Kubernetes API 的。
+
diff --git a/content/zh/docs/reference/glossary/cluster.md b/content/zh/docs/reference/glossary/cluster.md
new file mode 100644
index 0000000000000..8cc5502ed20c2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cluster.md
@@ -0,0 +1,43 @@
+---
+title: 集群
+id: cluster
+date: 2018-04-12
+full_link: 
+short_description: >
+  集群由一组被称作节点的机器组成。这些节点上运行 Kubernetes 所管理的容器化应用。
+
+aka: 
+tags:
+- fundamental
+- operation
+---
+
+<!--
+---
+title: Cluster
+id: cluster
+date: 2018-04-12
+full_link: 
+short_description: >
+  A set of machines, called nodes, that run containerized applications managed by Kubernetes.
+
+aka: 
+tags:
+- fundamental
+- operation
+---
+-->
+
+<!--
+ A set of machines, called nodes, that run containerized applications managed by Kubernetes.
+-->
+
+  集群由一组被称作节点的机器组成。这些节点上运行 Kubernetes 所管理的容器化应用。
+
+<!--more--> 
+
+<!--
+A cluster has several worker nodes and at least one master node.
+-->
+
+集群由至少一个主节点和若干个工作节点组成。
diff --git a/content/zh/docs/reference/glossary/cni.md b/content/zh/docs/reference/glossary/cni.md
new file mode 100644
index 0000000000000..361a7f09117be
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cni.md
@@ -0,0 +1,44 @@
+---
+title: CNI (容器网络接口)
+id: cni
+date: 2018-05-25
+full_link: /docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#cni
+short_description: >
+    容器网络接口 (CNI) 插件是遵循 appc/CNI 协议的一类网络插件。
+
+
+aka: 
+tags:
+- networking 
+---
+
+<!--
+---
+title: CNI (Container network interface)
+id: cni
+date: 2018-05-25
+full_link: /docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#cni
+short_description: >
+    Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.
+
+
+aka: 
+tags:
+- networking 
+---
+-->
+
+<!--
+ Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.
+-->
+
+ 容器网络接口 (CNI) 插件是遵循 appc/CNI 协议的一类网络插件。
+
+<!--more--> 
+
+<!--
+* For information on Kubernetes and CNI refer to [this](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#cni).
+* For information on Kubernetes and CNI, see ["Network plugins"](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#cni).
+-->
+
+* 想了解 Kubernetes 和 CNI 请参考 ["网络插件"](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#cni)。
diff --git a/content/zh/docs/reference/glossary/code-contributor.md b/content/zh/docs/reference/glossary/code-contributor.md
new file mode 100644
index 0000000000000..8d24d7f72f589
--- /dev/null
+++ b/content/zh/docs/reference/glossary/code-contributor.md
@@ -0,0 +1,43 @@
+---
+title: 代码贡献者
+id: code-contributor
+date: 2018-04-12
+full_link: /docs/community/devel/
+short_description: >
+  为 Kubernetes 开源代码库开发并贡献代码的人。
+
+aka: 
+tags:
+- community
+- user-type
+---
+
+<!--
+---
+title: Code Contributor
+id: code-contributor
+date: 2018-04-12
+full_link: /docs/community/devel/
+short_description: >
+  A person who develops and contributes code to the Kubernetes open source codebase.
+
+aka: 
+tags:
+- community
+- user-type
+---
+-->
+
+<!--
+ A person who develops and contributes code to the Kubernetes open source codebase.
+-->
+
+ 为 Kubernetes 开源代码库开发并贡献代码的人。
+
+<!--more--> 
+
+<!--
+They are also an active {{< glossary_tooltip text="community member" term_id="member" >}} who participates in one or more {{< glossary_tooltip text="Special Interest Groups (SIGs)" term_id="sig" >}}.
+-->
+
+代码贡献者也是加入一个或多个 {{< glossary_tooltip text="特别兴趣小组 (SIGs)" term_id="sig" >}} 的活跃的 {{< glossary_tooltip text="社区成员" term_id="member" >}}。
diff --git a/content/zh/docs/reference/glossary/configmap.md b/content/zh/docs/reference/glossary/configmap.md
new file mode 100644
index 0000000000000..d3d0945cdc601
--- /dev/null
+++ b/content/zh/docs/reference/glossary/configmap.md
@@ -0,0 +1,41 @@
+---
+title: ConfigMap
+id: configmap
+date: 2018-04-12
+full_link: /docs/tasks/configure-pod-container/configure-pod-configmap/
+short_description: >
+  ConfigMap 是一种 API 对象，用来将非机密性的数据保存到健值对中。使用时可以用作环境变量、命令行参数或者存储卷中的配置文件。
+   
+aka: 
+tags:
+- core-object
+---
+
+<!--
+---
+title: ConfigMap
+id: configmap
+date: 2018-04-12
+full_link: /docs/tasks/configure-pod-container/configure-pod-configmap/
+short_description: >
+  An API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a volume.
+
+aka: 
+tags:
+- core-object
+---
+-->
+
+<!--
+ An API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a {{< glossary_tooltip text="volume" term_id="volume" >}}.
+-->
+
+ ConfigMap 是一种 API 对象，用来将非机密性的数据保存到健值对中。使用时可以用作环境变量、命令行参数或者存储卷中的配置文件。
+
+<!--more--> 
+
+<!--
+Allows you to decouple environment-specific configuration from your {{< glossary_tooltip text="container images" term_id="container" >}}, so that your applications are easily portable. When storing confidential data use a [Secret](/docs/concepts/configuration/secret/).
+-->
+
+ConfigMap 将您的环境配置信息和 {{< glossary_tooltip text="容器镜像" term_id="container" >}} 解耦，便于应用配置的修改。当您需要储存机密信息时可以使用 [Secret](/docs/concepts/configuration/secret/) 对象。
diff --git a/content/zh/docs/reference/glossary/container-env-variables.md b/content/zh/docs/reference/glossary/container-env-variables.md
new file mode 100644
index 0000000000000..d851c14c92b0a
--- /dev/null
+++ b/content/zh/docs/reference/glossary/container-env-variables.md
@@ -0,0 +1,40 @@
+---
+title: 容器环境变量
+id: container-env-variables
+date: 2018-04-12
+full_link: /docs/concepts/containers/container-environment-variables.md
+short_description: >
+  容器环境变量提供了运行容器化应用所必须的一些重要信息。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: Container Environment Variables
+id: container-env-variables
+date: 2018-04-12
+full_link: /docs/concepts/containers/container-environment-variables.md
+short_description: >
+  Container environment variables are name=value pairs that provide useful information into containers running in a Pod.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ Container environment variables are name=value pairs that provide useful information into containers running in a Pod.
+-->
+
+  容器环境变量提供了运行容器化应用所必须的一些重要信息。
+  
+<!--more-->
+<!--
+Container environment variables provide information that is required by the running containerized applications along with information about important resources to the {{< glossary_tooltip text="Containers" term_id="container" >}}. For example, file system details, information about the container itself, and other cluster resources such as service endpoints.
+-->
+
+  容器环境变量为运行中的容器化应用提供必要的信息，同时还提供与 {{< glossary_tooltip text="容器" term_id="container" >}} 重要资源相关的其他信息，例如：文件系统信息、容器自身的信息以及其他像服务端点（Service endpoints）这样的集群资源信息。
diff --git a/content/zh/docs/reference/glossary/container-lifecycle-hooks.md b/content/zh/docs/reference/glossary/container-lifecycle-hooks.md
new file mode 100644
index 0000000000000..3d1b708fe0d54
--- /dev/null
+++ b/content/zh/docs/reference/glossary/container-lifecycle-hooks.md
@@ -0,0 +1,38 @@
+---
+title: 容器生命周期钩子
+id: container-lifecycle-hooks
+date: 2018-10-08
+full_link: /docs/concepts/containers/container-lifecycle-hooks/
+short_description: >
+  生命周期钩子暴露容器管理生命周期中的事件，允许用户在事件发生时运行代码。
+
+aka: 
+tags:
+- extension
+---
+<!--
+---
+title: Container Lifecycle Hooks
+id: container-lifecycle-hooks
+date: 2018-10-08
+full_link: /docs/concepts/containers/container-lifecycle-hooks/
+short_description: >
+  The lifecycle hooks expose events in the container management lifecycle and let the user run code when the events occur.
+
+aka: 
+tags:
+- extension
+---
+-->
+
+  生命周期钩子暴露{{< glossary_tooltip text="容器" term_id="container" >}}管理生命周期中的事件，允许用户在事件发生时运行代码。
+  <!--
+  The lifecycle hooks expose events in the {{< glossary_tooltip text="Container" term_id="container" >}}container management lifecycle and let the user run code when the events occur.
+  -->
+
+<!--more--> 
+
+针对容器暴露了两个钩子：PostStart 在容器创建之后立即执行，PreStop 在容器停止之前立即阻塞并被调用。
+<!--
+Two hooks are exposed to Containers: PostStart which executes immediately after a container is created and PreStop which is blocking and is called immediately before a container is terminated.
+-->
diff --git a/content/zh/docs/reference/glossary/container.md b/content/zh/docs/reference/glossary/container.md
new file mode 100644
index 0000000000000..16d99f4e30609
--- /dev/null
+++ b/content/zh/docs/reference/glossary/container.md
@@ -0,0 +1,44 @@
+---
+title: 容器
+id: container
+date: 2018-04-12
+full_link: /docs/concepts/overview/what-is-kubernetes/#why-containers
+short_description: >
+  容器是可移植、可执行的轻量级的镜像，镜像中包含软件及其相关依赖。
+
+aka: 
+tags:
+- fundamental
+- workload
+---
+
+<!--
+---
+title: Container
+id: container
+date: 2018-04-12
+full_link: /docs/concepts/overview/what-is-kubernetes/#why-containers
+short_description: >
+  A lightweight and portable executable image that contains software and all of its dependencies.
+
+aka: 
+tags:
+- fundamental
+- workload
+---
+-->
+
+<!--
+ A lightweight and portable executable image that contains software and all of its dependencies.
+-->
+
+ 容器是可移植、可执行的轻量级的镜像，镜像中包含软件及其相关依赖。
+
+<!--more--> 
+
+<!--
+Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling.
+-->
+
+容器使应用和底层的主机基础设施解耦，降低了应用在不同云环境或者操作系统上的部署难度，便于应用扩展。
+
diff --git a/content/zh/docs/reference/glossary/contributor.md b/content/zh/docs/reference/glossary/contributor.md
new file mode 100755
index 0000000000000..32f21a5e54b77
--- /dev/null
+++ b/content/zh/docs/reference/glossary/contributor.md
@@ -0,0 +1,39 @@
+---
+title: 贡献者
+id: contributor
+date: 2018-04-12
+full_link: 
+short_description: >
+  通过贡献代码、文档或者投入时间等方式来帮助 Kubernetes 项目或社区的人。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+title: Contributor
+id: contributor
+date: 2018-04-12
+full_link: 
+short_description: >
+  Someone who donates code, documentation, or their time to help the Kubernetes project or community.
+
+aka: 
+tags:
+- community
+-->
+
+<!--
+ Someone who donates code, documentation, or their time to help the Kubernetes project or community.
+-->
+
+通过贡献代码、文档或者投入时间等方式来帮助 Kubernetes 项目或社区的人。
+
+<!--more--> 
+<!--
+Contributions include pull requests (PRs), issues, feedback, {{< glossary_tooltip text="special interest groups (SIG)" term_id="sig" >}} participation, or organizing community events.
+-->
+
+贡献形式包括提交拉取请求（PRs）、问题报告（Issues）、反馈、参与{{< glossary_tooltip text="特别兴趣小组（SIG）" term_id="sig" >}}或者组织社区活动等等。
+
diff --git a/content/zh/docs/reference/glossary/controller.md b/content/zh/docs/reference/glossary/controller.md
new file mode 100644
index 0000000000000..2b523c8b76f3e
--- /dev/null
+++ b/content/zh/docs/reference/glossary/controller.md
@@ -0,0 +1,40 @@
+---
+title: 控制器
+id: controller
+date: 2018-04-12
+full_link: /docs/admin/kube-controller-manager/
+short_description: >
+  控制器通过 apiserver 监控集群的公共状态，并致力于将当前状态转变为期望的状态。
+
+aka: 
+tags:
+- architecture
+- fundamental
+---
+
+<!--
+---
+title: Controller
+id: controller
+date: 2018-04-12
+full_link: /docs/admin/kube-controller-manager/
+short_description: >
+  A control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state.
+
+aka: 
+tags:
+- architecture
+- fundamental
+---
+-->
+
+ 控制器通过 {{< glossary_tooltip text="apiserver" term_id="kube-apiserver" >}} 监控集群的公共状态，并致力于将当前状态转变为期望的状态。
+
+<!--more--> 
+
+<!--
+Examples of controllers that ship with Kubernetes today are the replication controller, endpoints controller, namespace controller, and serviceaccounts controller.
+-->
+
+Kubernetes 当前提供的部分控制器例子包括：副本控制器（replication controller）、端点控制器（endpoints controller）、命名空间控制器（namespace controller）、服务账号控制器（serviceaccounts controller）。
+
diff --git a/content/zh/docs/reference/glossary/cronjob.md b/content/zh/docs/reference/glossary/cronjob.md
new file mode 100644
index 0000000000000..5af7746647c6a
--- /dev/null
+++ b/content/zh/docs/reference/glossary/cronjob.md
@@ -0,0 +1,43 @@
+---
+title: CronJob
+id: cronjob
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/cron-jobs/
+short_description: >
+  管理定期运行的 [Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/)。
+
+aka: 
+tags:
+- core-object
+- workload
+---
+
+<!--
+---
+title: CronJob
+id: cronjob
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/cron-jobs/
+short_description: >
+  Manages a [Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/) that runs on a periodic schedule.
+
+aka: 
+tags:
+- core-object
+- workload
+---
+-->
+
+<!--
+ Manages a [Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/) that runs on a periodic schedule.
+-->
+
+ 管理定期运行的 [Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/)。
+
+<!--more--> 
+
+<!--
+Similar to a line in a *crontab* file, a Cronjob object specifies a schedule using the [Cron](https://en.wikipedia.org/wiki/Cron) format.
+-->
+
+Cronjob 对象类似 *crontab* 文件中的一行命令，它声明了一个遵循 [Cron](https://en.wikipedia.org/wiki/Cron) 格式的调度任务。
diff --git a/content/zh/docs/reference/glossary/csi.md b/content/zh/docs/reference/glossary/csi.md
new file mode 100644
index 0000000000000..afacbf8f1d072
--- /dev/null
+++ b/content/zh/docs/reference/glossary/csi.md
@@ -0,0 +1,48 @@
+---
+title: 容器存储接口 (CSI)
+id: csi
+date: 2018-06-25
+full_link: /docs/concepts/storage/volumes/#csi
+short_description: >
+    容器存储接口 （CSI）定义了存储系统暴露给容器的标准接口。
+
+
+aka: 
+tags:
+- storage 
+---
+
+<!--
+---
+title: Container Storage Interface (CSI)
+id: csi
+date: 2018-06-25
+full_link: /docs/concepts/storage/volumes/#csi
+short_description: >
+    The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.
+
+
+aka: 
+tags:
+- storage 
+---
+-->
+<!--
+ The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.
+-->
+
+ 容器存储接口 （CSI）定义了存储系统暴露给容器的标准接口。
+
+<!--more--> 
+
+<!--
+CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). To use a CSI driver from a storage provider, you must first [deploy it to your cluster](https://kubernetes-csi.github.io/docs/Setup.html). You will then be able to create a {{< glossary_tooltip text="Storage Class" term_id="storage-class" >}} that uses that CSI driver.
+
+* [CSI in the Kubernetes documentation](/docs/concepts/storage/volumes/#csi)
+* [List of available CSI drivers](https://kubernetes-csi.github.io/docs/Drivers.html)
+-->
+
+CSI 允许存储驱动提供商为 Kubernetes 创建定制化的存储插件，而无需将这些插件的代码添加到 Kubernetes 代码仓库（外部插件）。要使用某个存储提供商的 CSI 驱动，你首先要[将它部署到你的集群上](https://kubernetes-csi.github.io/docs/Setup.html)。然后你才能创建使用该 CSI 驱动的 {{< glossary_tooltip text="Storage Class" term_id="storage-class" >}} 。
+
+* [Kubernetes 文档中关于 CSI 的描述](/docs/concepts/storage/volumes/#csi)
+* [可用的 CSI 驱动列表](https://kubernetes-csi.github.io/docs/Drivers.html)
diff --git a/content/zh/docs/reference/glossary/customresourcedefinition.md b/content/zh/docs/reference/glossary/customresourcedefinition.md
new file mode 100644
index 0000000000000..510d26d3bc52f
--- /dev/null
+++ b/content/zh/docs/reference/glossary/customresourcedefinition.md
@@ -0,0 +1,46 @@
+---
+title: CustomResourceDefinition
+id: CustomResourceDefinition
+date: 2018-04-12
+full_link: docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/
+short_description: >
+  通过定制化的代码给您的 Kubernetes API 服务器增加资源对象，而无需编译完整的定制 API 服务器。
+
+aka: 
+tags:
+- fundamental
+- operation
+- extension
+---
+
+<!--
+---
+title: CustomResourceDefinition
+id: CustomResourceDefinition
+date: 2018-04-12
+full_link: docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/
+short_description: >
+  Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server.
+
+aka: 
+tags:
+- fundamental
+- operation
+- extension
+---
+-->
+ 
+<!--
+ Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server.
+-->
+
+ 通过定制化的代码给您的 Kubernetes API 服务器增加资源对象，而无需编译完整的定制 API 服务器。
+
+<!--more--> 
+
+<!--
+Custom Resource Definitions let you extend the Kubernetes API for your environment if the publicly supported API resources can't meet your needs. 
+-->
+
+当 Kubernetes 公开支持的 API 资源不能满足您的需要时，定制资源对象（Custom Resource Definitions）让您可以在您的环境上扩展 Kubernetes API。
+
diff --git a/content/zh/docs/reference/glossary/daemonset.md b/content/zh/docs/reference/glossary/daemonset.md
new file mode 100644
index 0000000000000..f0ec7e9cdab9d
--- /dev/null
+++ b/content/zh/docs/reference/glossary/daemonset.md
@@ -0,0 +1,43 @@
+---
+title: DaemonSet
+id: daemonset
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/daemonset
+short_description: >
+  确保 Pod 的副本在集群中的一组节点上运行。
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+
+<!--
+---
+title: DaemonSet
+id: daemonset
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/daemonset
+short_description: >
+  Ensures a copy of a Pod is running across a set of nodes in a cluster.
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+-->
+<!--
+ Ensures a copy of a {{< glossary_tooltip text="Pod" term_id="pod" >}} is running across a set of nodes in a {{< glossary_tooltip text="cluster" term_id="cluster" >}}.
+-->
+ 确保 {{< glossary_tooltip text="Pod" term_id="pod" >}} 的副本在{{< glossary_tooltip text="集群" term_id="cluster" >}}中的一组节点上运行。
+<!--more--> 
+
+<!--
+Used to deploy system daemons such as log collectors and monitoring agents that typically must run on every {{< glossary_tooltip term_id="node" >}}.
+-->
+
+用来部署系统守护进程，例如日志搜集和监控代理，这些进程通常必须运行在每个{{< glossary_tooltip text="节点" term_id="node" >}}上。
+
diff --git a/content/zh/docs/reference/glossary/deployment.md b/content/zh/docs/reference/glossary/deployment.md
new file mode 100644
index 0000000000000..08abdc60c89bc
--- /dev/null
+++ b/content/zh/docs/reference/glossary/deployment.md
@@ -0,0 +1,45 @@
+---
+title: Deployment
+id: deployment
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/deployment/
+short_description: >
+  Deployment 是管理应用副本的 API 对象。
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+
+<!--
+---
+title: Deployment
+id: deployment
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/deployment/
+short_description: >
+  An API object that manages a replicated application.
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+-->
+
+<!--
+ An API object that manages a replicated application.
+-->
+
+ Deployment 是管理应用副本的 API 对象。
+
+<!--more--> 
+
+<!--
+Each replica is represented by a {{< glossary_tooltip term_id="pod" >}}, and the Pods are distributed among the nodes of a cluster.
+-->
+
+应用的每个副本就是一个 {{< glossary_tooltip term_id="pod" >}}，并且这些 Pod 会分散运行在集群的节点上。
diff --git a/content/zh/docs/reference/glossary/developer.md b/content/zh/docs/reference/glossary/developer.md
new file mode 100755
index 0000000000000..2efbeea6e2e16
--- /dev/null
+++ b/content/zh/docs/reference/glossary/developer.md
@@ -0,0 +1,42 @@
+---
+title: 开发者 (释疑)
+id: developer
+date: 2018-04-12
+full_link: 
+short_description: >
+  指的是：应用开发者、代码贡献者、或平台开发者。
+
+aka: 
+tags:
+- community
+- user-type
+---
+
+<!--
+---
+title: Developer (disambiguation)
+id: developer
+date: 2018-04-12
+full_link: 
+short_description: >
+  May refer to&#58; Application Developer, Code Contributor, or Platform Developer.
+
+aka: 
+tags:
+- community
+- user-type
+---
+-->
+
+ 指的是： {{< glossary_tooltip text="应用开发者" term_id="application-developer" >}}、 {{< glossary_tooltip text="代码贡献者" term_id="code-contributor" >}}、或 {{< glossary_tooltip text="平台开发者" term_id="platform-developer" >}}。
+
+<!--more--> 
+
+<!--
+This overloaded term may have different meanings depending on the context
+-->
+
+根据上下文的不同，“开发者”这个被多处使用的词条会有不同的含义。
+
+
+
diff --git a/content/zh/docs/reference/glossary/device-plugin.md b/content/zh/docs/reference/glossary/device-plugin.md
new file mode 100644
index 0000000000000..9b900a5a414f5
--- /dev/null
+++ b/content/zh/docs/reference/glossary/device-plugin.md
@@ -0,0 +1,33 @@
+---
+title: 驱动插件
+id: device-plugin
+date: 2019-02-02
+full_link: /docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/
+short_description: >
+  驱动插件是运行在 Kubernetes 中的容器，它提供对供应商特定资源的访问。
+aka:
+tags:
+- fundamental
+- extension
+---
+
+<!--
+---
+title: Device Plugin
+id: device-plugin
+date: 2019-02-02
+full_link: /docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/
+short_description: >
+  Device Plugins are containers running in Kubernetes that provide access to a vendor specific resource.
+aka:
+tags:
+- fundamental
+- extension
+---
+-->
+
+<!--
+[Device Plugin](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/) are containers running in Kubernetes that provide access to a vendor specific resource. Device Plugins advertise these resources to kubelet and can be deployed manually or as a DeamonSet, rather than writing custom Kubernetes code.
+-->
+
+[驱动插件](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/)是运行在 Kubernetes 中的容器，它提供对供应商特定资源的访问。驱动插件将这些资源发布到 kubelet，并且可以手动部署或做为 DeamonSet 部署，而不用编写定制的 Kubernetes 代码。
diff --git a/content/zh/docs/reference/glossary/docker.md b/content/zh/docs/reference/glossary/docker.md
new file mode 100755
index 0000000000000..1d7c9a85116b0
--- /dev/null
+++ b/content/zh/docs/reference/glossary/docker.md
@@ -0,0 +1,41 @@
+---
+title: docker
+id: docker
+date: 2018-04-12
+full_link: /docs/reference/kubectl/docker-cli-to-kubectl/
+short_description: >
+  Docker 是一种可以提供操作系统级别虚拟化（也称作容器）的软件技术。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: docker
+id: docker
+date: 2018-04-12
+full_link: /docs/reference/kubectl/docker-cli-to-kubectl/
+short_description: >
+  Docker is a software technology providing operating-system-level virtualization also known as containers.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ Docker is a software technology providing operating-system-level virtualization also known as containers.
+-->
+
+ Docker 是一种可以提供操作系统级别虚拟化（也称作容器）的软件技术
+
+<!--more--> 
+
+<!--
+Docker uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable file system such as OverlayFS and others to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines (VMs).
+-->
+
+Docker 使用了 Linux 内核中的资源隔离特性（如 cgroup 和内核命名空间）以及支持联合文件系统（如 OverlayFS 和其他），允许多个相互独立的“容器”一起运行在同一 Linux 实例上，从而避免启动和维护虚拟机（VMs）的开销。
diff --git a/content/zh/docs/reference/glossary/downstream.md b/content/zh/docs/reference/glossary/downstream.md
new file mode 100755
index 0000000000000..54f66a2bb1566
--- /dev/null
+++ b/content/zh/docs/reference/glossary/downstream.md
@@ -0,0 +1,44 @@
+---
+title: 下游(消除歧义)
+id: downstream
+date: 2018-04-12
+full_link: 
+short_description: >
+  可以指：Kubernetes 生态系统中依赖于核心 Kubernetes 代码库或分支代码库的代码。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+---
+title: Downstream (disambiguation)
+id: downstream
+date: 2018-04-12
+full_link: 
+short_description: >
+  May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.
+
+aka: 
+tags:
+- community
+---
+-->
+
+<--
+May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.
+-->
+
+可以指：Kubernetes 生态系统中依赖于核心 Kubernetes 代码库或分支代码库的代码。
+
+<!--more--> 
+
+<!--
+* In the **Kubernetes Community**: Conversations often use *downstream* to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications *downstream* to improve their functionality.
+* In **GitHub** or **git**: The convention is to refer to a forked repo as *downstream*, whereas the source repo is considered *upstream*.
+-->
+
+* 在 **Kubernetes 社区**中：*下游(downstream)* 在人们交流中常用来表示那些依赖核心 Kubernetes 代码库的生态系统、代码或者第三方工具。例如，Kubernete 的一个新特性可以被*下游(downstream)* 应用采用，以提升它们的功能性。
+* 在 **GitHub** 或 **git** 中：约定用*下游(downstream)* 表示分支代码库，源代码库被认为是*上游(upstream)*。
+
diff --git a/content/zh/docs/reference/glossary/dynamic-volume-provisioning.md b/content/zh/docs/reference/glossary/dynamic-volume-provisioning.md
new file mode 100755
index 0000000000000..4f53bbef9d175
--- /dev/null
+++ b/content/zh/docs/reference/glossary/dynamic-volume-provisioning.md
@@ -0,0 +1,44 @@
+---
+title: 动态卷供应
+id: dynamicvolumeprovisioning
+date: 2018-04-12
+full_link: /docs/concepts/storage/dynamic-provisioning
+short_description: >
+  允许用户请求自动创建存储卷。
+
+aka: 
+tags:
+- core-object
+- storage
+---
+
+<!--
+---
+title: Dynamic Volume Provisioning
+id: dynamicvolumeprovisioning
+date: 2018-04-12
+full_link: /docs/concepts/storage/dynamic-provisioning
+short_description: >
+  Allows users to request automatic creation of storage  Volumes.
+
+aka: 
+tags:
+- core-object
+- storage
+---
+-->
+
+<!--
+ Allows users to request automatic creation of storage  {{< glossary_tooltip text="Volumes" term_id="volume" >}}.
+-->
+
+ 允许用户请求自动创建存储 {{< glossary_tooltip text="卷" term_id="volume" >}}。
+
+<!--more--> 
+
+<!--
+Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, {{< glossary_tooltip text="StorageClass" term_id="storage-class" >}}, referring to a {{< glossary_tooltip text="Volume Plugin" term_id="volume-plugin" >}} that provisions a {{< glossary_tooltip text="Volume" term_id="volume" >}} and the set of parameters to pass to the Volume Plugin.
+-->
+
+动态供应让集群管理员无需再预先供应存储。相反，它通过用户请求自动地供应存储。
+动态卷供应是基于 API 对象 {{< glossary_tooltip text="StorageClass" term_id="storage-class" >}} 的，StorageClass 可以引用 {{< glossary_tooltip text="卷插件（Volume Plugin）" term_id="volume-plugin" >}} 提供的 {{< glossary_tooltip text="卷（Volume）" term_id="volume" >}} ，也可以引用传递给卷插件（Volume Plugin）的参数集。
diff --git a/content/zh/docs/reference/glossary/etcd.md b/content/zh/docs/reference/glossary/etcd.md
new file mode 100644
index 0000000000000..916fa44122ea7
--- /dev/null
+++ b/content/zh/docs/reference/glossary/etcd.md
@@ -0,0 +1,43 @@
+---
+title: etcd
+id: etcd
+date: 2018-04-12
+full_link: /docs/tasks/administer-cluster/configure-upgrade-etcd/
+short_description: >
+  etcd 是兼具一致性和高可用性的键值数据库，用作保存 Kubernetes 所有集群数据的后台数据库。
+
+aka: 
+tags:
+- architecture
+- storage
+---
+
+<!--
+---
+title: etcd
+id: etcd
+date: 2018-04-12
+full_link: /docs/tasks/administer-cluster/configure-upgrade-etcd/
+short_description: >
+  Consistent and highly-available key value store used as Kubernetes' backing store for all cluster data.
+
+aka: 
+tags:
+- architecture
+- storage
+---
+-->
+
+<!--
+ Consistent and highly-available key value store used as Kubernetes' backing store for all cluster data.
+-->
+
+etcd 是兼具一致性和高可用性的键值数据库，可以作为保存 Kubernetes 所有集群数据的后台数据库。
+
+<!--more--> 
+
+<!--
+Always have a backup plan for etcd's data for your Kubernetes cluster. For in-depth information on etcd, see [etcd documentation](https://github.com/coreos/etcd/blob/master/Documentation/docs.md).
+-->
+
+您的 Kubernetes 集群的 etcd 数据库通常需要有个备份计划。要了解 etcd 更深层次的信息，请参考 [etcd 文档](https://github.com/coreos/etcd/blob/master/Documentation/docs.md)。
diff --git a/content/zh/docs/reference/glossary/flexvolume.md b/content/zh/docs/reference/glossary/flexvolume.md
new file mode 100644
index 0000000000000..5cb6b7b9e4ae2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/flexvolume.md
@@ -0,0 +1,51 @@
+---
+title: Flexvolume
+id: flexvolume
+date: 2018-06-25
+full_link: /docs/concepts/storage/volumes/#flexvolume
+short_description: >
+    Flexvolume 是创建 out-of-tree 卷插件的一种接口。 {{< glossary_tooltip text="容器存储接口（CSI）" term_id="csi" >}} 是比 Flexvolume 更新的接口，它解决了 Flexvolumes 的一些问题。
+
+
+aka: 
+tags:
+- storage 
+---
+
+<!--
+---
+title: Flexvolume
+id: flexvolume
+date: 2018-06-25
+full_link: /docs/concepts/storage/volumes/#flexvolume
+short_description: >
+    Flexvolume is an interface for creating out-of-tree volume plugins. The {{< glossary_tooltip text="Container Storage Interface" term_id="csi" >}} is a newer interface which addresses several problems with Flexvolumes.
+
+
+aka: 
+tags:
+- storage 
+---
+-->
+
+ Flexvolume 是创建 out-of-tree 卷插件的一种接口。 {{< glossary_tooltip text="容器存储接口（CSI）" term_id="csi" >}} 是比 Flexvolume 更新的接口，它解决了 Flexvolume 的一些问题。
+
+<!--more--> 
+
+<!--
+Flexvolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a {{< glossary_tooltip text="CSI" term_id="csi" >}} driver if possible since it addresses the limitations with Flexvolumes.
+-->
+
+Flexvolume 允许用户编写自己的驱动程序，并在 Kubernetes 中加入对用户自己的数据卷的支持。
+FlexVolume 驱动程序的二进制文件和依赖项必须安装在主机上。这需要 root 权限。
+如果可能的话，SIG Storage 建议实现 {{< glossary_tooltip text="CSI" term_id="csi" >}} 驱动程序，因为它解决了 Flexvolumes 的限制。
+
+<!--
+* [Flexvolume in the Kubernetes documentation](/docs/concepts/storage/volumes/#flexvolume)
+* [More information on Flexvolumes](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md)
+* [Volume Plugin FAQ for Storage Vendors](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md)
+-->
+
+* [Kubernetes 文档中的 Flexvolume](/docs/concepts/storage/volumes/#flexvolume)
+* [更多关于 Flexvolumes 的信息](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md)
+* [存储供应商的卷插件 FAQ](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md)
diff --git a/content/zh/docs/reference/glossary/helm-chart.md b/content/zh/docs/reference/glossary/helm-chart.md
new file mode 100755
index 0000000000000..d76c6a7906180
--- /dev/null
+++ b/content/zh/docs/reference/glossary/helm-chart.md
@@ -0,0 +1,43 @@
+---
+title: Helm Chart
+id: helm-chart
+date: 2018-04-12
+full_link: https://github.com/kubernetes/helm/blob/master/docs/charts.md
+short_description: >
+  Helm Chart 是一组预先配置的 Kubernetes 资源所构成的包，可以使用 Helm 工具对其进行管理。
+
+aka: 
+tags:
+- tool
+---
+
+<!--
+---
+title: Helm Chart
+id: helm-chart
+date: 2018-04-12
+full_link: https://github.com/kubernetes/helm/blob/master/docs/charts.md
+short_description: >
+  A package of pre-configured Kubernetes resources that can be managed with the Helm tool.
+
+aka: 
+tags:
+- tool
+---
+-->
+
+<!--
+ A package of pre-configured Kubernetes resources that can be managed with the Helm tool.
+-->
+
+Helm Chart 是一组预先配置的 Kubernetes 资源所构成的包，可以使用 Helm 工具对其进行管理。
+
+<!--more--> 
+
+<!--
+Charts provide a reproducible way of creating and sharing Kubernetes applications.
+A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.
+-->
+
+Chart 提供了一种可重现的用来创建和共享 Kubernetes 应用的方法。
+单个 Chart 可用来部署简单的系统（例如一个 memcached Pod），也可以用来部署复杂的系统（例如包含 HTTP 服务器、数据库、缓存等组件的完整 Web 应用堆栈）。
diff --git a/content/zh/docs/reference/glossary/horizontal-pod-autoscaler.md b/content/zh/docs/reference/glossary/horizontal-pod-autoscaler.md
new file mode 100755
index 0000000000000..663ebd26c82b2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/horizontal-pod-autoscaler.md
@@ -0,0 +1,37 @@
+---
+title: Pod 水平自动扩缩器
+id: horizontal-pod-autoscaler
+date: 2018-04-12
+full_link: /docs/tasks/run-application/horizontal-pod-autoscale/
+short_description: >
+  Pod 水平自动扩缩器（Horizontal Pod Autoscaler）是一种 API 资源，它根据目标 CPU 利用率或自定义度量目标扩缩 Pod 副本的数量。
+
+aka: 
+tags:
+- operation
+---
+
+<!--
+---
+title: Horizontal Pod Autoscaler
+id: horizontal-pod-autoscaler
+date: 2018-04-12
+full_link: /docs/tasks/run-application/horizontal-pod-autoscale/
+short_description: >
+  An API resource that automatically scales the number of pod replicas based on targeted CPU utilization or custom metric targets.
+
+aka: 
+tags:
+- operation
+---
+-->
+
+ Pod 水平自动扩缩器（Horizontal Pod Autoscaler）是一种 API 资源，它根据目标 CPU 利用率或自定义度量目标扩缩 Pod 副本的数量。
+
+<!--more--> 
+
+<!--
+HPA is typically used with {{< glossary_tooltip text="Replication Controllers" term_id="replication-controller" >}}, {{< glossary_tooltip text="Deployments" term_id="deployment" >}}, or Replica Sets. It cannot be applied to objects that cannot be scaled, for example {{< glossary_tooltip text="DaemonSets" term_id="daemonset" >}}.
+-->
+
+HPA 通常用于 {{< glossary_tooltip text="Replication Controllers" term_id="replication-controller" >}}、{{< glossary_tooltip text="Deployments" term_id="deployment" >}} 或者 Replica Sets 上。HPA 不能用于不支持扩缩的对象，例如 {{< glossary_tooltip text="DaemonSets" term_id="daemonset" >}}。
diff --git a/content/zh/docs/reference/glossary/image.md b/content/zh/docs/reference/glossary/image.md
new file mode 100755
index 0000000000000..1fc7db55e5165
--- /dev/null
+++ b/content/zh/docs/reference/glossary/image.md
@@ -0,0 +1,42 @@
+---
+title: 镜像
+id: image
+date: 2018-04-12
+full_link: 
+short_description: >
+  镜像是保存的容器实例，它打包了应用运行所需的一组软件。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: Image
+id: image
+date: 2018-04-12
+full_link: 
+short_description: >
+  Stored instance of a container that holds a set of software needed to run an application.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ Stored instance of a container that holds a set of software needed to run an application.
+-->
+
+镜像是保存的容器实例，它打包了应用运行所需的一组软件。
+
+<!--more--> 
+
+<!--
+A way of packaging software that allows it to be stored in a container registry, pulled to a local system, and run as an application. Meta data is included in the image that can indicate what executable to run, who built it, and other information.
+-->
+
+镜像是软件打包的一种方式，可以将镜像存储在容器镜像仓库、拉取到本地系统并作为应用来运行。
+镜像中包含的元数据指明了运行什么可执行程序、是由谁构建的以及其他信息。
diff --git a/content/zh/docs/reference/glossary/index.md b/content/zh/docs/reference/glossary/index.md
new file mode 100755
index 0000000000000..6fc5f767f3dcd
--- /dev/null
+++ b/content/zh/docs/reference/glossary/index.md
@@ -0,0 +1,23 @@
+---
+approvers:
+- chenopis
+- abiogenesis-now
+title: 标准化词汇表
+layout: glossary
+noedit: true
+default_active_tag: fundamental
+weight: 5
+---
+
+<!--
+---
+approvers:
+- chenopis
+- abiogenesis-now
+title: Standardized Glossary
+layout: glossary
+noedit: true
+default_active_tag: fundamental
+weight: 5
+---
+-->
diff --git a/content/zh/docs/reference/glossary/ingress.md b/content/zh/docs/reference/glossary/ingress.md
new file mode 100644
index 0000000000000..806dec752d49e
--- /dev/null
+++ b/content/zh/docs/reference/glossary/ingress.md
@@ -0,0 +1,46 @@
+---
+title: Ingress
+id: ingress
+date: 2018-04-12
+full_link: /docs/concepts/services-networking/ingress/
+short_description: >
+  Ingress 是对集群中服务的外部访问进行管理的 API 对象，典型的访问方式是 HTTP。
+
+aka: 
+tags:
+- networking
+- architecture
+- extension
+---
+
+<!--
+---
+title: Ingress
+id: ingress
+date: 2018-04-12
+full_link: /docs/concepts/services-networking/ingress/
+short_description: >
+  An API object that manages external access to the services in a cluster, typically HTTP.
+
+aka: 
+tags:
+- networking
+- architecture
+- extension
+---
+-->
+
+<!--
+ An API object that manages external access to the services in a cluster, typically HTTP.
+-->
+
+  Ingress 是对集群中服务的外部访问进行管理的 API 对象，典型的访问方式是 HTTP。
+
+<!--more--> 
+
+<!--
+Ingress can provide load balancing, SSL termination and name-based virtual hosting.
+-->
+
+Ingress 可以提供负载均衡、SSL 终结和基于名称的虚拟托管。
+
diff --git a/content/zh/docs/reference/glossary/init-container.md b/content/zh/docs/reference/glossary/init-container.md
new file mode 100755
index 0000000000000..cf8cead312a7f
--- /dev/null
+++ b/content/zh/docs/reference/glossary/init-container.md
@@ -0,0 +1,41 @@
+---
+title: 初始化容器
+id: init-container
+date: 2018-04-12
+full_link: 
+short_description: >
+  应用容器运行前必须先运行完成的一个或多个初始化容器。 
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: Init Container
+id: init-container
+date: 2018-04-12
+full_link: 
+short_description: >
+  One or more initialization containers that must run to completion before any app containers run. 
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ One or more initialization containers that must run to completion before any app containers run. 
+-->
+
+ 应用容器运行前必须先运行完成的一个或多个初始化容器。
+
+<!--more--> 
+
+<!--
+Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.  
+-->
+
+初始化（init）容器像常规应用容器一样，只有一点不同：初始化（init）容器必须在应用容器启动前运行完成。Init 容器的运行顺序：一个初始化（init）容器必须在下一个初始化（init）容器开始前运行完成。
diff --git a/content/zh/docs/reference/glossary/istio.md b/content/zh/docs/reference/glossary/istio.md
new file mode 100755
index 0000000000000..58c4cfffcc482
--- /dev/null
+++ b/content/zh/docs/reference/glossary/istio.md
@@ -0,0 +1,45 @@
+---
+title: Istio
+id: istio
+date: 2018-04-12
+full_link: https://istio.io/docs/concepts/what-is-istio/overview.html
+short_description: >
+  Istio 是个开放平台（非 Kubernetes 特有），提供了一种统一的方式来集成微服务、管理流量、实施策略和汇总度量数据。
+aka: 
+tags:
+- networking
+- architecture
+- extension
+---
+
+<!--
+---
+title: Istio
+id: istio
+date: 2018-04-12
+full_link: https://istio.io/docs/concepts/what-is-istio/overview.html
+short_description: >
+  An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.
+
+aka: 
+tags:
+- networking
+- architecture
+- extension
+---
+-->
+
+<!--
+ An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.
+-->
+
+Istio 是个开放平台（非 Kubernetes 特有），提供了一种统一的方式来集成微服务、管理流量、实施策略和汇总度量数据。
+
+<!--more--> 
+
+<!--
+Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio's control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.
+-->
+
+添加 Istio 时不需要修改应用代码。它是基础设施的一层，介于服务和网络之间。当它和服务的 Deployment 相结合时，就构成了通常所谓的服务网格（Service Mesh）。Istio 的控制面抽象掉了底层的集群管理平台，这一集群管理平台可以是 Kubernetes、Mesosphere 等。
+
diff --git a/content/zh/docs/reference/glossary/job.md b/content/zh/docs/reference/glossary/job.md
new file mode 100755
index 0000000000000..8ce421f2804fb
--- /dev/null
+++ b/content/zh/docs/reference/glossary/job.md
@@ -0,0 +1,45 @@
+---
+title: Job
+id: job
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/jobs-run-to-completion
+short_description: >
+  Job 是需要运行完成的确定性的或批量的任务。
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+
+<!--
+---
+title: Job
+id: job
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/jobs-run-to-completion
+short_description: >
+  A finite or batch task that runs to completion.
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+-->
+
+<!--
+ A finite or batch task that runs to completion.
+-->
+
+ Job 是需要运行完成的确定性的或批量的任务。
+
+<!--more--> 
+
+<!--
+Creates one or more {{< glossary_tooltip term_id="pod" >}} objects and ensures that a specified number of them successfully terminate. As Pods successfully complete, the Job tracks the successful completions.
+-->
+
+Job 创建一个或多个 {{< glossary_tooltip term_id="Pod" >}} 对象，并确保指定数量的 Pod 成功终止。随着各 Pod 成功结束，Job 会跟踪记录成功完成的个数。
diff --git a/content/zh/docs/reference/glossary/kops.md b/content/zh/docs/reference/glossary/kops.md
new file mode 100755
index 0000000000000..c1024390e7f45
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kops.md
@@ -0,0 +1,63 @@
+---
+title: Kops
+id: kops
+date: 2018-04-12
+full_link: /docs/getting-started-guides/kops/
+short_description: >
+  kops 是一个命令行工具，可以帮助您创建、销毁、升级和维护生产级，高可用性的 Kubernetes 集群。注意：官方仅支持 AWS，GCE 和 VMware vSphere 的支持还处于 alpha* 阶段。
+  
+aka: 
+tags:
+- tool
+- operation
+---
+
+<!--
+---
+title: Kops
+id: kops
+date: 2018-04-12
+full_link: /docs/getting-started-guides/kops/
+short_description: >
+  A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters. *NOTE&#58; Officially supports AWS only, with GCE and VMware vSphere in alpha*.
+
+aka: 
+tags:
+- tool
+- operation
+---
+-->
+
+<!--
+ A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters. *NOTE&#58; Officially supports AWS only, with GCE and VMware vSphere in alpha*.
+-->
+
+kops 是一个命令行工具，可以帮助您创建、销毁、升级和维护生产级，高可用性的 Kubernetes 集群。*注意：官方仅支持 AWS，GCE 和 VMware vSphere 的支持还处于 alpha 阶段*。
+
+<!--more--> 
+
+<!--
+`kops` provisions your cluster with&#58;
+
+  * Fully automated installation
+  * DNS-based cluster identification
+  * Self-healing&#58; everything runs in Auto-Scaling Groups
+  * Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
+  * High availability (HA) support
+  * The ability to directly provision, or generate terraform manifests
+-->
+
+`kops` 为您的集群提供了：
+
+  * 全自动化安装
+  * 基于 DNS 的集群标识
+  * 自愈功能：所有组件都在自动伸缩组（Auto-Scaling Groups）中运行
+  * 有限的操作系统支持 (推荐使用 Debian，支持 Ubuntu 16.04，试验性支持 CentOS & RHEL)
+  * 高可用 (HA) 支持
+  * 直接提供或者生成 Terraform 清单文件的能力
+
+<!--
+You can also build your own cluster using {{< glossary_tooltip term_id="kubeadm" >}} as a building block. `kops` builds on the kubeadm work.
+-->
+
+您也可以将自己的集群作为一个构造块，使用 {{< glossary_tooltip term_id="kubeadm" >}} 构造集群。`kops` 是建立在 kubeadm 之上的。
diff --git a/content/zh/docs/reference/glossary/kube-apiserver.md b/content/zh/docs/reference/glossary/kube-apiserver.md
new file mode 100755
index 0000000000000..c2d0e8a9eb56c
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kube-apiserver.md
@@ -0,0 +1,44 @@
+---
+title: kube-apiserver
+id: kube-apiserver
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-apiserver/
+short_description: >
+  主节点上负责提供 Kubernetes API 服务的组件；它是 Kubernetes 控制面的前端。
+
+aka: 
+tags:
+- architecture
+- fundamental
+---
+
+<!--
+title: kube-apiserver
+id: kube-apiserver
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-apiserver/
+short_description: >
+  Component on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. 
+
+aka: 
+tags:
+- architecture
+- fundamental
+-->
+
+<!--
+ Component on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. 
+-->
+
+主节点上负责提供 Kubernetes API 服务的组件；它是 Kubernetes 控制面的前端。
+
+<!--more--> 
+
+<!--
+It is designed to scale horizontally - that is, it scales by deploying more instances. See [Building High-Availability Clusters](/docs/admin/high-availability/).
+-->
+
+kube-apiserver 在设计上考虑了水平扩缩的需要。
+换言之，通过部署多个实例可以实现扩缩。
+参见[构造高可用集群](/docs/admin/high-availability/)。
+
diff --git a/content/zh/docs/reference/glossary/kube-controller-manager.md b/content/zh/docs/reference/glossary/kube-controller-manager.md
new file mode 100755
index 0000000000000..c24234e501134
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kube-controller-manager.md
@@ -0,0 +1,39 @@
+---
+title: kube-controller-manager
+id: kube-controller-manager
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-controller-manager/
+short_description: >
+  主节点上运行控制器的组件。
+
+aka: 
+tags:
+- architecture
+- fundamental
+---
+
+<!--
+---
+title: kube-controller-manager
+id: kube-controller-manager
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-controller-manager/
+short_description: >
+  Component on the master that runs controllers.
+
+aka: 
+tags:
+- architecture
+- fundamental
+---
+-->
+
+<!--
+ Component on the master that runs {{< glossary_tooltip text="controllers" term_id="controller" >}}.
+-->
+在主节点上运行{{< glossary_tooltip text="控制器" term_id="controller" >}}的组件。
+
+<!--more--> 
+
+从逻辑上讲，每个{{< glossary_tooltip text="控制器" term_id="controller" >}}都是一个单独的进程，但是为了降低复杂性，它们都被编译到同一个可执行文件，并在一个进程中运行。
+
diff --git a/content/zh/docs/reference/glossary/kube-proxy.md b/content/zh/docs/reference/glossary/kube-proxy.md
new file mode 100755
index 0000000000000..64a3626920f24
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kube-proxy.md
@@ -0,0 +1,43 @@
+---
+title: kube-proxy
+id: kube-proxy
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-proxy
+short_description: >
+  `kube-proxy` 是集群中每个节点上运行的网络代理。
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+
+<!--
+---
+title: kube-proxy
+id: kube-proxy
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-proxy
+short_description: >
+  `kube-proxy` is a network proxy that runs on each node in the cluster.
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+-->
+
+<!--
+ `kube-proxy` is a network proxy that runs on each node in the cluster.
+-->
+
+`kube-proxy` 是集群中每个节点上运行的网络代理。
+
+<!--more--> 
+
+<!--
+`kube-proxy` is responsible for request forwarding. `kube-proxy` allows TCP and UDP stream forwarding or round robin TCP and UDP forwarding across a set of backend functions.
+-->
+
+`kube-proxy` 负责转发请求。`kube-proxy` 能够提供 TCP 和 UDP 的流转发，也可为一组后端功能点提供轮转式 TCP 和 UDP 转发。
diff --git a/content/zh/docs/reference/glossary/kube-scheduler.md b/content/zh/docs/reference/glossary/kube-scheduler.md
new file mode 100755
index 0000000000000..67d82d98d7523
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kube-scheduler.md
@@ -0,0 +1,42 @@
+---
+title: kube-scheduler
+id: kube-scheduler
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-scheduler/
+short_description: >
+  主节点上的组件，该组件监视那些新创建的未指定运行节点的 Pod，并选择节点让 Pod 在上面运行。
+
+aka: 
+tags:
+- architecture
+- scheduler
+---
+
+<!--
+---
+title: kube-scheduler
+id: kube-scheduler
+date: 2018-04-12
+full_link: /docs/reference/generated/kube-scheduler/
+short_description: >
+  Component on the master that watches newly created pods that have no node assigned, and selects a node for them to run on.
+
+aka: 
+tags:
+- architecture
+---
+-->
+
+<!--
+ Component on the master that watches newly created pods that have no node assigned, and selects a node for them to run on.
+-->
+
+主节点上的组件，该组件监视那些新创建的未指定运行节点的 Pod，并选择节点让 Pod 在上面运行。
+
+<!--more--> 
+
+<!--
+Factors taken into account for scheduling decisions include individual and collective resource requirements,  hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference and deadlines.
+-->
+
+调度决策考虑的因素包括单个 Pod 和 Pod 集合的资源需求、硬件/软件/策略约束、亲和性和反亲和性规范、数据位置、工作负载间的干扰和最后时限。
diff --git a/content/zh/docs/reference/glossary/kubeadm.md b/content/zh/docs/reference/glossary/kubeadm.md
new file mode 100644
index 0000000000000..3d7ce11b59db4
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kubeadm.md
@@ -0,0 +1,43 @@
+---
+title: Kubeadm
+id: kubeadm
+date: 2018-04-12
+full_link: /docs/admin/kubeadm/
+short_description: >
+  用来快速安装 Kubernetes 并搭建安全稳定的集群的工具。
+
+aka: 
+tags:
+- tool
+- operation
+---
+
+<!--
+---
+title: Kubeadm
+id: kubeadm
+date: 2018-04-12
+full_link: /docs/admin/kubeadm/
+short_description: >
+  A tool for quickly installing Kubernetes and setting up a secure cluster.
+
+aka: 
+tags:
+- tool
+- operation
+---
+-->
+
+<!--
+ A tool for quickly installing Kubernetes and setting up a secure cluster.
+-->
+
+ 用来快速安装 Kubernetes 并搭建安全稳定的集群的工具。
+
+<!--more--> 
+
+<!--
+You can use kubeadm to install both the control plane and the worker node components.
+-->
+
+您可以使用 kubeadm 安装控制面和工作节点组件。
diff --git a/content/zh/docs/reference/glossary/kubectl.md b/content/zh/docs/reference/glossary/kubectl.md
new file mode 100755
index 0000000000000..2c8bde22eb846
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kubectl.md
@@ -0,0 +1,43 @@
+---
+title: Kubectl
+id: kubectl
+date: 2018-04-12
+full_link: /docs/user-guide/kubectl-overview/
+short_description: >
+  kubectl 是用来和 Kubernetes API 服务器进行通信的命令行工具。
+
+aka: 
+tags:
+- tool
+- fundamental
+---
+
+<!--
+---
+title: Kubectl
+id: kubectl
+date: 2018-04-12
+full_link: /docs/user-guide/kubectl-overview/
+short_description: >
+  A command line tool for communicating with a Kubernetes API server.
+
+aka: 
+tags:
+- tool
+- fundamental
+---
+-->
+
+<!--
+ A command line tool for communicating with a {{< glossary_tooltip text="Kubernetes API" term_id="kubernetes-api" >}} server.
+-->
+
+ kubectl 是用来和 {{< glossary_tooltip text="Kubernetes API" term_id="kubernetes-api" >}} 服务器进行通信的命令行工具。
+
+<!--more--> 
+
+<!--
+You can use kubectl to create, inspect, update, and delete Kubernetes objects.
+-->
+
+您可以使用 kubectl 创建、检查、更新和删除 Kubernetes 对象。
diff --git a/content/zh/docs/reference/glossary/kubelet.md b/content/zh/docs/reference/glossary/kubelet.md
new file mode 100755
index 0000000000000..c561109b6e89c
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kubelet.md
@@ -0,0 +1,40 @@
+---
+title: Kubelet
+id: kubelet
+date: 2018-04-12
+full_link: /docs/reference/generated/kubelet
+short_description: >
+  一个在集群中每个节点上运行的代理。它保证容器都运行在 Pod 中。
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+<!--
+---
+title: Kubelet
+id: kubelet
+date: 2018-04-12
+full_link: /docs/reference/generated/kubelet
+short_description: >
+  An agent that runs on each node in the cluster. It makes sure that containers are running in a pod.
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+-->
+<!--
+ An agent that runs on each node in the cluster. It makes sure that containers are running in a pod.
+-->
+一个在集群中每个节点上运行的代理。它保证容器都运行在 Pod 中。
+
+<!--more--> 
+
+<!--
+The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. The kubelet doesn’t manage containers which were not created by Kubernetes.
+-->
+
+kubelet 接收一组通过各类机制提供给它的 PodSpecs，确保这些 PodSpecs 中描述的容器处于运行状态且健康。kubelet 不会管理不是由 Kubernetes 创建的容器。
diff --git a/content/zh/docs/reference/glossary/kubernetes-api.md b/content/zh/docs/reference/glossary/kubernetes-api.md
new file mode 100755
index 0000000000000..fc1dbeac6a0e8
--- /dev/null
+++ b/content/zh/docs/reference/glossary/kubernetes-api.md
@@ -0,0 +1,47 @@
+---
+title: Kubernetes API
+id: kubernetes-api
+date: 2018-04-12
+full_link: /docs/concepts/overview/kubernetes-api/
+short_description: >
+  Kubernetes API 是通过 RESTful 接口提供 Kubernetes 功能服务并负责集群状态存储的应用程序。
+
+aka: 
+tags:
+- fundamental
+- architecture
+---
+
+<!--
+---
+title: Kubernetes API
+id: kubernetes-api
+date: 2018-04-12
+full_link: /docs/concepts/overview/kubernetes-api/
+short_description: >
+  The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
+
+aka: 
+tags:
+- fundamental
+- architecture
+---
+-->
+
+<!--
+ The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
+-->
+
+Kubernetes API 是通过 RESTful 接口提供 Kubernetes 功能服务并负责集群状态存储的应用程序。
+
+<!--more--> 
+
+<!--
+Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like `kubectl`. The core Kubernetes API is flexible and can also be extended to support custom resources.
+-->
+
+Kubernetes 资源和"意向记录"都是作为 API 对象储存的，并可以通过对 API 的 RESTful 调用进行修改。
+API 允许以声明方式管理配置。
+用户可以直接和 Kubernetes API 交互，也可以通过 `kubectl` 这样的工具进行交互。
+核心的 Kubernetes API 是很灵活的，可以扩展以支持定制资源。
+
diff --git a/content/zh/docs/reference/glossary/label.md b/content/zh/docs/reference/glossary/label.md
new file mode 100755
index 0000000000000..6201aaeb2999d
--- /dev/null
+++ b/content/zh/docs/reference/glossary/label.md
@@ -0,0 +1,41 @@
+---
+title: 标签
+id: label
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/labels
+short_description: >
+  用来为对象设置可标识的属性标记；这些标记对用户而言是有意义且重要的。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+title: Label
+id: label
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/labels
+short_description: >
+  Tags objects with identifying attributes that are meaningful and relevant to users.
+
+aka: 
+tags:
+- fundamental
+-->
+
+<!--
+ Tags objects with identifying attributes that are meaningful and relevant to users.
+-->
+
+用来为对象设置可标识的属性标记；这些标记对用户而言是有意义且重要的。
+
+<!--more--> 
+
+<!--
+Labels are key/value pairs that are attached to objects such as {{< glossary_tooltip text="Pods" term_id="pod" >}}. They are used to organize and to select subsets of objects.
+-->
+
+标签是一些关联到 {{< glossary_tooltip text="Pods" term_id="pod" >}} 这类对象上的键值对。
+它们通常用来组织和选择对象子集。
+
diff --git a/content/zh/docs/reference/glossary/managed-service.md b/content/zh/docs/reference/glossary/managed-service.md
new file mode 100755
index 0000000000000..fb7d5440c99d6
--- /dev/null
+++ b/content/zh/docs/reference/glossary/managed-service.md
@@ -0,0 +1,42 @@
+---
+title: 托管服务
+id: managed-service
+date: 2018-04-12
+full_link: 
+short_description: >
+  由第三方供应商负责维护的一种软件产品。
+
+aka: 
+tags:
+- extension
+---
+
+<!--
+title: Managed Service
+id: managed-service
+date: 2018-04-12
+full_link: 
+short_description: >
+  A software offering maintained by a third-party provider.
+
+aka: 
+tags:
+- extension
+-->
+
+<!--
+ A software offering maintained by a third-party provider.
+-->
+
+由第三方供应商负责维护的一种软件产品。
+
+<!--more--> 
+
+<!--
+Some examples of Managed Services are AWS EC2, Azure SQL Database, and GCP Pub/Sub, but they can be any software offering that can be used by an application. [Service Catalog](/docs/concepts/service-catalog/) provides a way to list, provision, and bind with Managed Services offered by {{< glossary_tooltip text="Service Brokers" term_id="service-broker" >}}.
+-->
+
+托管服务的一些例子有 AWS EC2、Azure SQL 数据库和 GCP Pub/Sub 等，
+不过它们也可以是可以被某应用使用的任何软件交付件。
+[服务目录](/docs/concepts/service-catalog/)提供了一种方法用来列举、供应和绑定到
+{{< glossary_tooltip text="服务代理商" term_id="service-broker" >}}所提供的托管服务。
diff --git a/content/zh/docs/reference/glossary/member.md b/content/zh/docs/reference/glossary/member.md
new file mode 100644
index 0000000000000..57e7cac386e86
--- /dev/null
+++ b/content/zh/docs/reference/glossary/member.md
@@ -0,0 +1,42 @@
+---
+title: 成员
+id: member
+date: 2018-04-12
+full_link: 
+short_description: >
+  K8s 社区中持续活跃的贡献者。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+---
+title: Member
+id: member
+date: 2018-04-12
+full_link: 
+short_description: >
+  A continuously active contributor in the K8s community.
+
+aka: 
+tags:
+- community
+---
+-->
+
+<!--
+ A continuously active {{< glossary_tooltip text="contributor" term_id="contributor" >}} in the K8s community.
+-->
+
+ K8s 社区中持续活跃的贡献者。
+
+<!--more--> 
+
+<!--
+Members can have issues and PRs assigned to them and participate in {{< glossary_tooltip text="special interest groups (SIGs)" term_id="sig" >}} through GitHub teams. Pre-submit tests are automatically run for members' PRs. A member is expected to remain an active contributor to the community.
+-->
+
+可以将问题单（issue）和 PR 指派给成员，成员也可以通过 GitHub 小组加入 {{< glossary_tooltip text="特别兴趣小组 (SIGs)" term_id="sig" >}}。针对成员所提交的 PR，系统自动运行提交前测试。成员应该是持续活跃的社区贡献者。
+
diff --git a/content/zh/docs/reference/glossary/minikube.md b/content/zh/docs/reference/glossary/minikube.md
new file mode 100755
index 0000000000000..e88e513ba440f
--- /dev/null
+++ b/content/zh/docs/reference/glossary/minikube.md
@@ -0,0 +1,43 @@
+---
+title: Minikube
+id: minikube
+date: 2018-04-12
+full_link: /docs/getting-started-guides/minikube/
+short_description: >
+  Minikube 是用来在本地运行 Kubernetes 的一种工具。
+
+aka: 
+tags:
+- fundamental
+- tool
+---
+
+<!--
+---
+title: Minikube
+id: minikube
+date: 2018-04-12
+full_link: /docs/getting-started-guides/minikube/
+short_description: >
+  A tool for running Kubernetes locally.
+
+aka: 
+tags:
+- fundamental
+- tool
+---
+-->
+
+<!--
+ A tool for running Kubernetes locally.
+-->
+
+Minikube 是用来在本地运行 Kubernetes 的一种工具。
+
+<!--more--> 
+
+<!--
+Minikube runs a single-node cluster inside a VM on your computer.
+-->
+
+Minikube 在用户计算机上的一个虚拟机内运行单节点 Kubernetes 集群。
diff --git a/content/zh/docs/reference/glossary/name.md b/content/zh/docs/reference/glossary/name.md
new file mode 100755
index 0000000000000..05532e09279c2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/name.md
@@ -0,0 +1,41 @@
+---
+title: 名称
+id: name
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/names
+short_description: >
+  客户端提供的字符串，用来指代资源 URL 中的对象，如 `/api/v1/pods/some-name`。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: Name
+id: name
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/names
+short_description: >
+  A client-provided string that refers to an object in a resource URL, such as `/api/v1/pods/some-name`.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ A client-provided string that refers to an object in a resource URL, such as `/api/v1/pods/some-name`.
+-->
+
+客户端提供的字符串，用来指代资源 URL 中的对象，如 `/api/v1/pods/some-name`。
+
+<!--more--> 
+
+<!--
+Only one object of a given kind can have a given name at a time. However, if you delete the object, you can make a new object with the same name.
+-->
+
+对给定资源类型 (kind) 而言，同一时刻只能有一个对象使用给定的名称。不过，如果该对象被删除，则可以使用同一名称创建新新对象。
diff --git a/content/zh/docs/reference/glossary/namespace.md b/content/zh/docs/reference/glossary/namespace.md
new file mode 100644
index 0000000000000..42019215cfdcb
--- /dev/null
+++ b/content/zh/docs/reference/glossary/namespace.md
@@ -0,0 +1,41 @@
+---
+title: 命名空间
+id: namespace
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/namespaces
+short_description: >
+  命名空间是 Kubernetes 为了在同一物理集群上支持多个虚拟集群而使用的一种抽象。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: Namespace
+id: namespace
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/namespaces
+short_description: >
+  An abstraction used by Kubernetes to support multiple virtual clusters on the same physical cluster.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ An abstraction used by Kubernetes to support multiple virtual clusters on the same physical {{< glossary_tooltip text="cluster" term_id="cluster" >}}.
+-->
+
+命名空间是 Kubernetes 为了在同一物理集群上支持多个虚拟集群而使用的一种抽象。
+
+<!--more--> 
+
+<!--
+Namespaces are used to organize objects in a cluster and provide a way to divide cluster resources. Names of resources need to be unique within a namespace, but not across namespaces.
+-->
+
+命名空间用来组织集群中对象，并为集群资源划分提供了一种方法。同一命名空间内的资源名称必须唯一，但跨命名空间时不作要求。
diff --git a/content/zh/docs/reference/glossary/network-policy.md b/content/zh/docs/reference/glossary/network-policy.md
new file mode 100755
index 0000000000000..25269bcc05472
--- /dev/null
+++ b/content/zh/docs/reference/glossary/network-policy.md
@@ -0,0 +1,44 @@
+---
+title: 网络策略
+id: network-policy
+date: 2018-04-12
+full_link: /docs/concepts/services-networking/network-policies/
+short_description: >
+  网络策略是一种规范，规定了允许 Pod 组之间、Pod 与其他网络端点之间以怎样的方式进行通信。
+
+aka: 
+tags:
+- networking
+- architecture
+- extension
+---
+
+<!--
+---
+title: Network Policy
+id: network-policy
+date: 2018-04-12
+full_link: /docs/concepts/services-networking/network-policies/
+short_description: >
+  A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
+
+aka: 
+tags:
+- networking
+- architecture
+- extension
+---
+
+<!--
+ A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
+-->
+
+网络策略是一种规范，规定了允许 Pod 组之间、Pod 与其他网络端点之间以怎样的方式进行通信。
+
+<!--more--> 
+
+<!--
+Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on. `NetworkPolicy` resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect.
+-->
+
+网络策略帮助您声明式地配置允许哪些 Pod 之间接、哪些命名空间之间允许进行通信，并具体配置了哪些端口号来执行各个策略。`NetworkPolicy` 资源使用标签来选择 Pod，并定义了所选 Pod 可以接受什么样的流量。网络策略由网络提供商提供的并被 Kubernetes 支持的网络插件实现。请注意，当没有控制器实现网络资源时，创建网络资源将不会生效。
diff --git a/content/zh/docs/reference/glossary/node.md b/content/zh/docs/reference/glossary/node.md
new file mode 100755
index 0000000000000..d1756799b7784
--- /dev/null
+++ b/content/zh/docs/reference/glossary/node.md
@@ -0,0 +1,43 @@
+---
+title: 节点
+id: node
+date: 2018-04-12
+full_link: /docs/concepts/architecture/nodes/
+short_description: >
+  Kubernetes 中的工作机器称作节点。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+title: Node
+id: node
+date: 2018-04-12
+full_link: /docs/concepts/architecture/nodes/
+short_description: >
+  A node is a worker machine in Kubernetes.
+
+aka: 
+tags:
+- fundamental
+-->
+
+<!--
+  A node is a worker machine in Kubernetes.
+-->
+
+Kubernetes 中的工作机器称作节点。
+
+<!--more--> 
+
+<!--
+A worker machine may be a VM or physical machine, depending on the cluster. It has the {{< glossary_tooltip text="Services" term_id="service" >}} necessary to run {{< glossary_tooltip text="Pods" term_id="pod" >}} and is managed by the master components. The {{< glossary_tooltip text="Services" term_id="service" >}} on a node include Docker, kubelet and kube-proxy.
+-->
+
+工作机器可以是虚拟机也可以是物理机，取决于集群的配置。
+其上部署了运行 {{< glossary_tooltip text="Pods" term_id="pod" >}} 所必需的{{< glossary_tooltip text="服务" term_id="service" >}}，
+并由主控组件来管理。
+节点上的{{< glossary_tooltip text="服务" term_id="service" >}}包括 Docker、kubelet 和 kube-proxy。
+
diff --git a/content/zh/docs/reference/glossary/persistent-volume-claim.md b/content/zh/docs/reference/glossary/persistent-volume-claim.md
new file mode 100755
index 0000000000000..00fc0c563f40f
--- /dev/null
+++ b/content/zh/docs/reference/glossary/persistent-volume-claim.md
@@ -0,0 +1,39 @@
+---
+title: 持久卷申领
+id: persistent-volume-claim
+date: 2018-04-12
+full_link: /docs/concepts/storage/persistent-volumes/
+short_description: >
+  声明在持久卷中定义的存储资源，以便可以将其挂载为容器中的卷。
+
+aka: 
+tags:
+- core-object
+- storage
+---
+
+<!--
+title: Persistent Volume Claim
+id: persistent-volume-claim
+date: 2018-04-12
+full_link: /docs/concepts/storage/persistent-volumes/
+short_description: >
+  Claims storage resources defined in a PersistentVolume so that it can be mounted as a volume in a container.
+
+aka: 
+tags:
+- core-object
+- storage
+-->
+
+<!--
+ Claims storage resources defined in a PersistentVolume so that it can be mounted as a volume in a container.
+-->
+申领持久卷中定义的存储资源，以便可以将其挂载为容器中的卷。
+
+<!--more--> 
+
+<!--
+Specifies the amount of storage, how the storage will be accessed (read-only, read-write and/or exclusive) and how it is reclaimed (retained, recycled or deleted). Details of the storage itself are in the PersistentVolume specification.
+-->
+指定存储的数量，如何访问存储（只读、读写或独占）以及如何回收存储（保留、回收或删除）。存储本身的详细信息在 PersistentVolume 规范中。
diff --git a/content/zh/docs/reference/glossary/persistent-volume.md b/content/zh/docs/reference/glossary/persistent-volume.md
new file mode 100644
index 0000000000000..d2364a6f8a8b2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/persistent-volume.md
@@ -0,0 +1,48 @@
+---
+title: 持久卷
+id: persistent-volume
+date: 2018-04-12
+full_link: /docs/concepts/storage/persistent-volumes/
+short_description: >
+  持久卷是代表集群中一块存储空间的 API 对象。 它是通用的、可插拔的、并且不受单个 Pod 生命周期约束的持久化资源。
+
+aka: 
+tags:
+- core-object
+- storage
+---
+
+<!--
+---
+title: Persistent Volume
+id: persistent-volume
+date: 2018-04-12
+full_link: /docs/concepts/storage/persistent-volumes/
+short_description: >
+  An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod.
+
+aka: 
+tags:
+- core-object
+- storage
+---
+-->
+
+<!--
+ An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual {{< glossary_tooltip text="Pod" term_id="pod" >}}.
+-->
+
+持久卷是代表集群中一块存储空间的 API 对象。 它是通用的、可插拔的、并且不受单个 Pod 生命周期约束的持久化资源。
+
+<!--more--> 
+
+<!--
+PersistentVolumes (PVs) provide an API that abstracts details of how storage is provided from how it is consumed.
+PVs are used directly in scenarios where storage can be created ahead of time (static provisioning).
+For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used instead.
+-->
+
+持久卷（PersistentVolumes，PV）提供了一个 API，该 API 对存储的供应方式细节进行抽象，令其与使用方式相分离。
+在提前创建存储（静态供应）的场景中，PV 可以直接使用。
+在按需提供存储（动态供应）的场景中，需要使用 PersistentVolumeClaims (PVCs)。
+
diff --git a/content/zh/docs/reference/glossary/platform-developer.md b/content/zh/docs/reference/glossary/platform-developer.md
new file mode 100755
index 0000000000000..0cc10ac633bc9
--- /dev/null
+++ b/content/zh/docs/reference/glossary/platform-developer.md
@@ -0,0 +1,42 @@
+---
+title: 平台开发者
+id: platform-developer
+date: 2018-04-12
+full_link: 
+short_description: >
+  定制 Kubernetes 平台以满足自己的项目需求的人。
+
+aka: 
+tags:
+- user-type
+---
+
+<!--
+---
+title: Platform Developer
+id: platform-developer
+date: 2018-04-12
+full_link: 
+short_description: >
+  A person who customizes the Kubernetes platform to fit the needs of their project.
+
+aka: 
+tags:
+- user-type
+---
+-->
+
+<!--
+ A person who customizes the Kubernetes platform to fit the needs of their project.
+-->
+
+ 定制 Kubernetes 平台以满足自己的项目需求的人。
+
+<!--more--> 
+
+<!--
+A platform developer may, for example, use [Custom Resources](/docs/concepts/api-extension/custom-resources/) or [Extend the Kubernetes API with the aggregation layer](/docs/concepts/api-extension/apiserver-aggregation/) to add functionality to their instance of Kubernetes, specifically for their application.  Some Platform Developers are also {{< glossary_tooltip text="contributors" term_id="contributor" >}} and develop extensions which are contributed to the Kubernetes community.  Others develop closed-source commercial or site-specific extensions.
+-->
+
+例如，平台开发人员可以使用[定制资源](/docs/concepts/api-extension/custom-resources/)或[使用汇聚层扩展 Kubernetes API](/docs/concepts/api-extension/apiserver-aggregation/) 来为其 Kubernetes 实例增加功能，特别是为其应用程序添加功能。一些平台开发人员也是 Kubrenetes {{< glossary_tooltip text="贡献者" term_id="contributor" >}}，他们会开发贡献给 Kubernetes 社区的扩展；另一些则开发封闭源代码的商业扩展或用于特定功能的扩展。
+
diff --git a/content/zh/docs/reference/glossary/pod-security-policy.md b/content/zh/docs/reference/glossary/pod-security-policy.md
new file mode 100644
index 0000000000000..e9937009cde94
--- /dev/null
+++ b/content/zh/docs/reference/glossary/pod-security-policy.md
@@ -0,0 +1,46 @@
+---
+title: Pod 安全策略
+id: pod-security-policy
+date: 2018-04-12
+full_link: /docs/concepts/policy/pod-security-policy/
+short_description: >
+  为 Pod 的创建和更新操作启用细粒度的授权。
+
+aka: 
+tags:
+- core-object
+- fundamental
+---
+
+<!--
+---
+title: Pod Security Policy
+id: pod-security-policy
+date: 2018-04-12
+full_link: /docs/concepts/policy/pod-security-policy/
+short_description: >
+  Enables fine-grained authorization of pod creation and updates.
+
+aka: 
+tags:
+- core-object
+- fundamental
+---
+-->
+
+<!--
+ Enables fine-grained authorization of {{< glossary_tooltip term_id="pod" >}} creation and updates.
+-->
+
+为 Pod 的创建和更新操作启用细粒度的授权。
+
+<!--more--> 
+
+<!--
+A cluster-level resource that controls security sensitive aspects of the Pod specification. The `PodSecurityPolicy` objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.
+-->
+
+Pod 安全策略是集群级别的资源，它控制着 Pod 规约中的安全性敏感的内容。
+`PodSecurityPolicy`对象定义了一组条件以及相关字段的默认值，Pod 运行时必须满足这些条件。Pod 安全策略控制实现上体现为一个可选的准入控制器。
+
+
diff --git a/content/zh/docs/reference/glossary/pod.md b/content/zh/docs/reference/glossary/pod.md
new file mode 100755
index 0000000000000..d8fcbb4cee452
--- /dev/null
+++ b/content/zh/docs/reference/glossary/pod.md
@@ -0,0 +1,43 @@
+---
+title: Pod
+id: pod
+date: 2018-04-12
+full_link: /docs/concepts/workloads/pods/pod-overview/
+short_description: >
+  Pod 是 Kubernetes 的原子对象。Pod 表示您的集群上一组正在运行的容器。
+
+aka: 
+tags:
+- core-object
+- fundamental
+---
+
+<!--
+---
+title: Pod
+id: pod
+date: 2018-04-12
+full_link: /docs/concepts/workloads/pods/pod-overview/
+short_description: >
+  The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster.
+
+aka: 
+tags:
+- core-object
+- fundamental
+---
+-->
+
+<!--
+ The smallest and simplest Kubernetes object. A Pod represents a set of running {{< glossary_tooltip text="containers" term_id="container" >}} on your cluster.
+-->
+
+ Pod 是 Kubernetes 的原子对象。Pod 表示您的集群上一组正在运行的{{< glossary_tooltip text="容器" term_id="container" >}}。
+
+<!--more--> 
+
+<!--
+A Pod is typically set up to run a single primary container. It can also run optional sidecar containers that add supplementary features like logging. Pods are commonly managed by a {{< glossary_tooltip term_id="deployment" >}}.
+-->
+
+通常创建 Pod 是为了运行单个主容器。Pod 还可以运行可选的挂斗（sidecar）容器，以添加诸如日志记录之类的补充特性。通常用 {{< glossary_tooltip term_id="deployment" >}} 来管理 Pod。
diff --git a/content/zh/docs/reference/glossary/podpreset.md b/content/zh/docs/reference/glossary/podpreset.md
new file mode 100755
index 0000000000000..3c5789de6df08
--- /dev/null
+++ b/content/zh/docs/reference/glossary/podpreset.md
@@ -0,0 +1,40 @@
+---
+title: PodPreset
+id: podpreset
+date: 2018-04-12
+full_link: 
+short_description: >
+  PodPreset 是一种 API 对象，在创建 Pod 时将诸如 Secret、卷挂载和环境变量之类的信息注入到该 Pod 中。
+
+aka: 
+tags:
+- operation
+---
+
+<!--
+---
+title: PodPreset
+id: podpreset
+date: 2018-04-12
+full_link: 
+short_description: >
+  An API object that injects information such as secrets, volume mounts, and environment variables into pods at creation time.
+
+aka: 
+tags:
+- operation
+---
+-->
+
+<!--
+ An API object that injects information such as secrets, volume mounts, and environment variables into pods at creation time.
+-->
+PodPreset 是一种 API 对象，在创建 Pod 时将诸如 Secret、卷挂载和环境变量之类的信息注入到该 Pod 中。
+
+<!--more--> 
+
+<!--
+This object chooses the pods to inject information into using standard selectors. This allows the podspec definitions to be nonspecific, decoupling the podspec from environment specific configuration.
+-->
+
+此 API 对象使用标准选择器选择 Pod 并向其中注入信息。这允许 podspec 定义是非特定的，从而将 podspec 与环境特定的配置解耦。
diff --git a/content/zh/docs/reference/glossary/quantity.md b/content/zh/docs/reference/glossary/quantity.md
new file mode 100644
index 0000000000000..70d5a95ffab77
--- /dev/null
+++ b/content/zh/docs/reference/glossary/quantity.md
@@ -0,0 +1,60 @@
+---
+title: 数量
+id: quantity
+date: 2018-08-07
+full_link:
+short_description: >
+  使用 SI 后缀的小数或大数的整数表示。
+
+aka: 
+tags:
+- core-object
+---
+<!--
+---
+title: Quantity
+id: quantity
+date: 2018-08-07
+full_link:
+short_description: >
+  A whole-number representation of small or large numbers using SI suffixes.
+
+aka: 
+tags:
+- core-object
+---
+-->
+
+<!--more-->
+
+数量是使用紧凑的整数表示法的小数或大数的表示，并带有国际计量单位制（SI）后缀。
+小数用 milli 单位表示，而大数用 kilo、mega 或 giga 单位表示。
+
+例如，数字 `1.5` 表示为`1500m`，
+而数字`1000`表示为`1k`，`1000000`表示为`1M`。 
+您还可以指定二进制表示法后缀; 数字 2048 可以写成`2Ki`。
+
+公认的十进制（10的幂）单位是 `m`（milli）、`k`（kilo，
+有意小写）、`M`（mega），`G`（giga）、`T`（terra）、`P`（peta）、
+`E`（exa）。
+
+公认的二进制（2的幂）单位是 `Ki` (kibi)、 `Mi` (mebi)、`Gi` (gibi)、
+`Ti` (tebi)、 `Pi` (pebi)、 `Ei` (exbi)。
+
+<!--
+Quantities are representations of small or large numbers using a compact,
+whole-number notation with SI suffixes.  Fractional numbers are represented
+using milli units, while large numbers can be represented using kilo,
+mega, or giga units.
+
+For instance, the number `1.5` is represented as `1500m`, while the number `1000`
+can be represented as `1k`, and `1000000` as `1M`. You can also specify
+binary-notation suffixes; the number 2048 can be written as `2Ki`.
+
+The accepted decimal (power-of-10) units are `m` (milli), `k` (kilo,
+intentionally lowercase), `M` (mega), `G` (giga), `T` (terra), `P` (peta),
+`E` (exa).
+
+The accepted binary (power-of-2) units are `Ki` (kibi), `Mi` (mebi), `Gi` (gibi),
+`Ti` (tebi), `Pi` (pebi), `Ei` (exbi).
+-->
diff --git a/content/zh/docs/reference/glossary/rbac.md b/content/zh/docs/reference/glossary/rbac.md
new file mode 100755
index 0000000000000..6f045ed9d0171
--- /dev/null
+++ b/content/zh/docs/reference/glossary/rbac.md
@@ -0,0 +1,43 @@
+---
+title: RBAC（基于角色的访问控制）
+id: rbac
+date: 2018-04-12
+full_link: /docs/reference/access-authn-authz/rbac/
+short_description: >
+  管理授权决策，允许管理员通过 Kubernetes API 动态配置访问策略。
+
+aka: 
+tags:
+- security
+- fundamental
+---
+
+<!--
+---
+title: RBAC (Role-Based Access Control)
+id: rbac
+date: 2018-04-12
+full_link: /docs/reference/access-authn-authz/rbac/
+short_description: >
+  Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
+
+aka: 
+tags:
+- security
+- fundamental
+---
+-->
+
+<!--
+ Manages authorization decisions, allowing admins to dynamically configure access policies through the {{< glossary_tooltip text="Kubernetes API" term_id="kubernetes-api" >}}.
+-->
+管理授权决策，允许管理员通过 {{< glossary_tooltip text="Kubernetes API" term_id="kubernetes-api" >}} 动态配置访问策略。
+
+<!--more--> 
+
+<!--
+RBAC utilizes *roles*, which contain permission rules, and *role bindings*, which grant the permissions defined in a role to a set of users.
+-->
+RBAC 使用 *角色* (包含权限规则)和 *角色绑定* (将角色中定义的权限授予一组用户)。
+
+
diff --git a/content/zh/docs/reference/glossary/replica-set.md b/content/zh/docs/reference/glossary/replica-set.md
new file mode 100755
index 0000000000000..5f394133b6b0c
--- /dev/null
+++ b/content/zh/docs/reference/glossary/replica-set.md
@@ -0,0 +1,45 @@
+---
+title: ReplicaSet
+id: replica-set
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/replicaset/
+short_description: >
+  ReplicaSet 是下一代副本控制器。
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+
+<!--
+---
+title: ReplicaSet
+id: replica-set
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/replicaset/
+short_description: >
+  ReplicaSet is the next-generation Replication Controller.
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+---
+-->
+
+<!--
+ ReplicaSet is the next-generation Replication Controller.
+-->
+
+ReplicaSet 是下一代副本控制器。
+
+<!--more--> 
+
+<!--
+ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time. ReplicaSet supports the new set-based selector requirements as described in the labels user guide, whereas a Replication Controller only supports equality-based selector requirements.
+-->
+
+ReplicaSet 就像 ReplicationController 那样，确保一次运行指定数量的 Pod 副本。ReplicaSet 支持新的基于集合的选择器需求（在标签的用户指南中有相关描述），而副本控制器只支持基于等值的选择器需求。
diff --git a/content/zh/docs/reference/glossary/replication-controller.md b/content/zh/docs/reference/glossary/replication-controller.md
new file mode 100644
index 0000000000000..8fd910e79997f
--- /dev/null
+++ b/content/zh/docs/reference/glossary/replication-controller.md
@@ -0,0 +1,43 @@
+---
+title: Replication Controller
+id: replication-controller
+date: 2018-04-12
+full_link: 
+short_description: >
+  Replication Controller 是 Kubernetes 的一种服务，用来确保给定个数的 Pod 一直处于运行状态。
+
+aka: 
+tags:
+- workload
+- core-object
+---
+
+<!--
+---
+title: Replication Controller
+id: replication-controller
+date: 2018-04-12
+full_link: 
+short_description: >
+  Kubernetes service that ensures a specific number of instances of a pod are always running.
+
+aka: 
+tags:
+- workload
+- core-object
+---
+-->
+
+<!--
+ Kubernetes service that ensures a specific number of instances of a pod are always running.
+-->
+
+Replication Controller 是 Kubernetes 的一种服务，用来确保给定个数的 Pod 一直处于运行状态。
+
+<!--more--> 
+
+<!--
+Will automatically add or remove running instances of a pod, based on a set value for that pod. Allows the pod to return to the defined number of instances if pods are deleted or if too many are started by mistake.
+-->
+
+Replication Controller 会基于设定值自动增删 Pod 的实例。如果 Pod 被误删除或者启动实例过多，Replication Controller 允许 Pod 的实例个数恢复到设定值。
diff --git a/content/zh/docs/reference/glossary/resource-quota.md b/content/zh/docs/reference/glossary/resource-quota.md
new file mode 100755
index 0000000000000..c0f40f32340bf
--- /dev/null
+++ b/content/zh/docs/reference/glossary/resource-quota.md
@@ -0,0 +1,47 @@
+---
+title: 资源配额
+id: resource-quota
+date: 2018-04-12
+full_link: /docs/concepts/policy/resource-quotas/
+short_description: >
+  资源配额提供了限制每个命名空间的资源消耗总和的约束。
+
+aka: 
+tags:
+- fundamental
+- operation
+- architecture
+---
+
+<!--
+---
+title: Resource Quotas
+id: resource-quota
+date: 2018-04-12
+full_link: /docs/concepts/policy/resource-quotas/
+short_description: >
+  Provides constraints that limit aggregate resource consumption per namespace.
+
+aka: 
+tags:
+- fundamental
+- operation
+- architecture
+---
+-->
+
+<!--
+ Provides constraints that limit aggregate resource consumption per {{< glossary_tooltip term_id="namespace" >}}.
+-->
+
+资源配额提供了限制每个 {{< glossary_tooltip text="命名空间" term_id="namespace">}} 的资源消耗总和的约束。
+
+<!--more--> 
+
+<!--
+Limits the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.
+-->
+
+限制了命名空间中每种对象可以创建的数量，也限制了项目中可被资源对象利用的计算资源总数。
+
+
diff --git a/content/zh/docs/reference/glossary/reviewer.md b/content/zh/docs/reference/glossary/reviewer.md
new file mode 100644
index 0000000000000..a181122927254
--- /dev/null
+++ b/content/zh/docs/reference/glossary/reviewer.md
@@ -0,0 +1,41 @@
+---
+title: 评审者
+id: reviewer
+date: 2018-04-12
+full_link: 
+short_description: >
+  评审者是负责评审项目的某部分代码以便提高代码质量和正确性的人。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+---
+title: Reviewer
+id: reviewer
+date: 2018-04-12
+full_link: 
+short_description: >
+  A person who reviews code for quality and correctness on some part of the project.
+
+aka: 
+tags:
+- community
+---
+-->
+
+<!--
+ A person who reviews code for quality and correctness on some part of the project.
+-->
+
+ 评审者是负责评审项目的某部分代码以便提高代码质量和正确性的人。
+
+<!--more--> 
+
+<!--
+Reviewers are knowledgeable about both the codebase and software engineering principles. Reviewer status is scoped to a part of the codebase.
+-->
+
+评审者既要了解代码库又要了解软件工程规范。评审者状态是基于代码库的组成部分来设定的。
diff --git a/content/en/docs/reference/glossary/rkt.md b/content/zh/docs/reference/glossary/rkt.md
similarity index 59%
rename from content/en/docs/reference/glossary/rkt.md
rename to content/zh/docs/reference/glossary/rkt.md
index 165bce5406130..b3423f32ff90b 100644
--- a/content/en/docs/reference/glossary/rkt.md
+++ b/content/zh/docs/reference/glossary/rkt.md
@@ -11,8 +11,16 @@ tags:
 - security
 - tool
 ---
+
+<!--
  A security-minded, standards-based container engine.
+-->
 
-<!--more--> 
+一个安全的，基于标准的容器引擎。
 
+<!--more--> 
+<!--
 rkt is an application {{< glossary_tooltip text="container" term_id="container" >}} engine featuring a {{< glossary_tooltip text="Pod" term_id="pod" >}}-native approach, a pluggable execution environment, and a well-defined surface area. rkt allows users to apply different configurations at both the Pod and application level. Each Pod executes directly in the classic Unix process model, in a self-contained, isolated environment.
+-->
+
+rkt 是一个应用程序 {{<glossary_tooltip text="container" term_id="container">}} 引擎，其中包含{{<glossary_tooltip text="Pod" term_id="pod">}}  -原生方法，可插拔式执行环境， 和定义良好的展示模块。 rkt 允许用户在 Pod 和应用程序级别应用不同的配置。每个 Pod 都直接在经典的 Unix 进程模型中，在一个独立的隔离环境中执行。
diff --git a/content/zh/docs/reference/glossary/secret.md b/content/zh/docs/reference/glossary/secret.md
new file mode 100755
index 0000000000000..a43dbb6ecefa0
--- /dev/null
+++ b/content/zh/docs/reference/glossary/secret.md
@@ -0,0 +1,45 @@
+---
+title: Secret
+id: secret
+date: 2018-04-12
+full_link: /docs/concepts/configuration/secret/
+short_description: >
+  Secret 用于存储敏感信息，如密码、OAuth 令牌和 SSH 密钥。
+
+aka: 
+tags:
+- core-object
+- security
+---
+
+<!--
+---
+title: Secret
+id: secret
+date: 2018-04-12
+full_link: /docs/concepts/configuration/secret/
+short_description: >
+  Stores sensitive information, such as passwords, OAuth tokens, and ssh keys.
+
+aka: 
+tags:
+- core-object
+- security
+---
+-->
+
+<!--
+ Stores sensitive information, such as passwords, OAuth tokens, and ssh keys.
+-->
+
+ Secret 用于存储敏感信息，如密码、OAuth 令牌和 SSH 密钥。
+
+<!--more--> 
+
+<!--
+Allows for more control over how sensitive information is used and reduces the risk of accidental exposure, including [encryption](/docs/tasks/administer-cluster/encrypt-data/#ensure-all-secrets-are-encrypted) at rest.  A {{< glossary_tooltip text="Pod" term_id="pod" >}} references the secret as a file in a volume mount or by the kubelet pulling images for a pod. Secrets are great for confidential data and [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) for non-confidential data.
+-->
+
+Secret 允许用户对如何使用敏感信息进行更多的控制，并减少信息意外暴露的风险，包括静态[加密](/docs/tasks/administer-cluster/encrypt-data/#ensure-all-secrets-are-encrypted)。
+{{< glossary_tooltip text="Pod" term_id="pod" >}} 通过挂载卷中的文件的方式引用 Secret，或者通过 kubelet 为 pod 拉取镜像时引用。
+Secret 非常适合机密数据使用，而 [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) 适用于非机密数据。
diff --git a/content/zh/docs/reference/glossary/security-context.md b/content/zh/docs/reference/glossary/security-context.md
new file mode 100755
index 0000000000000..31b99c635cec2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/security-context.md
@@ -0,0 +1,43 @@
+---
+title: 安全上下文（Security Context）
+id: security-context
+date: 2018-04-12
+full_link: /docs/tasks/configure-pod-container/security-context/
+short_description: >
+  securityContext 字段定义 Pod 或容器的特权和访问控制设置，包括运行时 UID 和 GID。
+
+aka: 
+tags:
+- security
+---
+
+<!--
+---
+title: Security Context
+id: security-context
+date: 2018-04-12
+full_link: /docs/tasks/configure-pod-container/security-context/
+short_description: >
+  The securityContext field defines privilege and access control settings for a Pod or Container, including the runtime UID and GID.
+
+aka: 
+tags:
+- security
+---
+-->
+
+<!--
+ The securityContext field defines privilege and access control settings for a Pod or Container, including the runtime UID and GID.
+-->
+securityContext 字段定义 Pod 或容器的特权和访问控制设置，包括运行时 UID 和 GID。
+
+<!--more--> 
+
+<!--
+The securityContext field in a {{< glossary_tooltip term_id="pod" >}} (applying to all containers) or container is used to set the user (runAsUser) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
+-->
+{{< glossary_tooltip term_id="pod" >}} 或者容器中的 securityContext 字段（应用于所有容器）用于设置容器进程使用的用户（runAsUser）和组 （fsGroup）、权能字、特权设置和安全策略（SELinux/AppArmor/Seccomp）。
+
+
+
+
diff --git a/content/zh/docs/reference/glossary/selector.md b/content/zh/docs/reference/glossary/selector.md
new file mode 100644
index 0000000000000..5a3e83ef0dfc2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/selector.md
@@ -0,0 +1,42 @@
+---
+title: 选择算符
+id: selector
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/labels/
+short_description: >
+  选择算符允许用户通过标签对一组资源对象进行筛选过滤。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: Selector
+id: selector
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/labels/
+short_description: >
+  Allows users to filter a list of resources based on labels.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ Allows users to filter a list of resources based on labels.
+-->
+
+选择算符允许用户通过标签对一组资源对象进行筛选过滤。
+
+<!--more--> 
+
+<!--
+Selectors are applied when querying lists of resources to filter them by {{< glossary_tooltip text="Labels" term_id="label" >}}.
+-->
+
+在查询资源列表时，选择算符可以通过 {{< glossary_tooltip text="标签" term_id="label" >}} 对资源进行过滤筛选。
+
diff --git a/content/zh/docs/reference/glossary/service-account.md b/content/zh/docs/reference/glossary/service-account.md
new file mode 100755
index 0000000000000..4dd29b301b128
--- /dev/null
+++ b/content/zh/docs/reference/glossary/service-account.md
@@ -0,0 +1,43 @@
+---
+title: 服务账户
+id: service-account
+date: 2018-04-12
+full_link: /docs/tasks/configure-pod-container/configure-service-account/
+short_description: >
+  为在 Pod 中运行的进程提供标识。
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+
+<!--
+---
+title: Service Account
+id: service-account
+date: 2018-04-12
+full_link: /docs/tasks/configure-pod-container/configure-service-account/
+short_description: >
+  Provides an identity for processes that run in a Pod.
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+-->
+
+<!--
+ Provides an identity for processes that run in a {{< glossary_tooltip text="Pod" term_id="pod" >}}.
+-->
+为在 {{< glossary_tooltip text="Pod" term_id="pod" >}} 中运行的进程提供标识。
+
+<!--more--> 
+  
+<!-- 
+When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example, `default`. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace {{< glossary_tooltip text="Namespace" term_id="namespace" >}}.
+-->
+当 Pod 中的进程访问集群时，API 服务器将它们作为特定的服务帐户进行身份验证，例如 `default`。当您创建 Pod 时，如果您没有指定服务帐户，它将在相同的命名空间 {{< glossary_tooltip text="命名空间" term_id="namespace" >}} 中自动分配 default 服务账户。
+
+
diff --git a/content/zh/docs/reference/glossary/service-broker.md b/content/zh/docs/reference/glossary/service-broker.md
new file mode 100755
index 0000000000000..8a017d127b5c7
--- /dev/null
+++ b/content/zh/docs/reference/glossary/service-broker.md
@@ -0,0 +1,42 @@
+---
+title: 服务代理（Service Broker）
+id: service-broker
+date: 2018-04-12
+full_link: 
+short_description: >
+  由第三方提供并维护的一组托管服务的访问端点。
+
+aka: 
+tags:
+- extension
+---
+
+<!--
+title: Service Broker
+id: service-broker
+date: 2018-04-12
+full_link: 
+short_description: >
+  An endpoint for a set of Managed Services offered and maintained by a third-party.
+
+aka: 
+tags:
+- extension
+-->
+
+<!--
+ An endpoint for a set of {{< glossary_tooltip text="Managed Service" term_id="managed-service">}}  offered and maintained by a third-party.
+-->
+
+由第三方提供并维护的一组{{< glossary_tooltip text="托管服务" term_id="managed-service">}} 的访问端点。
+
+<!--more--> 
+
+<!--
+{{< glossary_tooltip text="Service Brokers" term_id="service-broker" >}} implement the [Open Service Broker API spec](https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md) and provide a standard interface for applications to use their Managed Services. [Service Catalog](/docs/concepts/service-catalog/) provides a way to list, provision, and bind with Managed Services offered by Service Brokers.
+-->
+
+{{< glossary_tooltip text="服务代理" term_id="service-broker">}}会实现
+[开放服务代理 API 规范](https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md)
+并为应用提供使用其托管服务的标准接口。
+[服务目录（Service Catalog）](/docs/concepts/service-catalog/)则提供一种方法，用来列举、供应和绑定服务代理商所提供的托管服务。
diff --git a/content/zh/docs/reference/glossary/service-catalog.md b/content/zh/docs/reference/glossary/service-catalog.md
new file mode 100644
index 0000000000000..726aff57c2ef2
--- /dev/null
+++ b/content/zh/docs/reference/glossary/service-catalog.md
@@ -0,0 +1,43 @@
+---
+title: 服务目录
+id: service-catalog
+date: 2018-04-12
+full_link: 
+short_description: >
+  服务目录是一种扩展 API，它能让 Kubernetes 集群中运行的应用易于使用外部托管的软件服务，例如云供应商提供的数据仓库服务。
+  
+  An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.
+aka: 
+tags:
+- extension
+---
+
+<!--
+---
+title: Service Catalog
+id: service-catalog
+date: 2018-04-12
+full_link: 
+short_description: >
+  An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.
+
+aka: 
+tags:
+- extension
+---
+-->
+
+<!--
+ An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.
+-->
+
+服务目录（Service Catalog）是一种扩展 API，它能让 Kubernetes 集群中运行的应用易于使用外部托管的的软件服务，例如云供应商提供的数据仓库服务。
+
+<!--more--> 
+
+<!--
+It provides a way to list, provision, and bind with external {{< glossary_tooltip text="Managed Services" term_id="managed-service" >}} from {{< glossary_tooltip text="Service Brokers" term_id="service-broker" >}} without needing detailed knowledge about how those services are created or managed.
+-->
+
+服务目录可以检索、供应、和绑定由 {{< glossary_tooltip text="服务代理人（Service Brokers）" term_id="service-broker" >}} 提供的外部 {{< glossary_tooltip text="托管服务" term_id="managed-service" >}}，而无需知道那些服务具体是怎样创建和托管的。
+
diff --git a/content/zh/docs/reference/glossary/service.md b/content/zh/docs/reference/glossary/service.md
new file mode 100755
index 0000000000000..6d2f3f007858b
--- /dev/null
+++ b/content/zh/docs/reference/glossary/service.md
@@ -0,0 +1,43 @@
+---
+title: Service
+id: service
+date: 2018-04-12
+full_link: /docs/concepts/services-networking/service/
+short_description: >
+  Service 是一种 API 资源对象，它描述了应用的访问方式，例如包含一组 Pod 的应用如何进行访问，Service 还可以描述端口和负载均衡。
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+
+<!--
+---
+title: Service
+id: service
+date: 2018-04-12
+full_link: /docs/concepts/services-networking/service/
+short_description: >
+  An API object that describes how to access applications, such as a set of Pods, and can describe ports and load-balancers.
+
+aka: 
+tags:
+- fundamental
+- core-object
+---
+-->
+
+<!--
+ An API object that describes how to access applications, such as a set of {{< glossary_tooltip text="Pods" term_id="pod" >}}, and can describe ports and load-balancers.
+-->
+ 
+ Service 是一种 API 资源对象，它描述了应用的访问方式，例如包含一组 Pod 的应用如何进行访问，Service 还可以描述端口和负载均衡。
+ 
+<!--more--> 
+
+<!--
+The access point can be internal or external to the cluster.
+-->
+
+Service 的接入点可以是集群内部的也可以是集群外部的。
diff --git a/content/zh/docs/reference/glossary/sig.md b/content/zh/docs/reference/glossary/sig.md
new file mode 100755
index 0000000000000..a42a15b0b1c75
--- /dev/null
+++ b/content/zh/docs/reference/glossary/sig.md
@@ -0,0 +1,48 @@
+---
+title: SIG （特别兴趣小组）
+id: sig
+date: 2018-04-12
+full_link: https://github.com/kubernetes/community/blob/master/sig-list.md#master-sig-list
+short_description: >
+  共同管理大范畴 Kubernetes 开源项目中某组件或方面的一组社区成员。
+
+aka: 
+tags:
+- community
+---
+
+<!--
+title: SIG (special interest group)
+id: sig
+date: 2018-04-12
+full_link: https://github.com/kubernetes/community/blob/master/sig-list.md#master-sig-list
+short_description: >
+  Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project.
+
+aka: 
+tags:
+- community
+-->
+
+<!--
+ {{< glossary_tooltip text="Community members" term_id="member" >}} who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project.
+-->
+
+共同管理大范畴 Kubernetes 开源项目中某组件或方面的一组{{< glossary_tooltip text="社区成员" term_id="member" >}}。 
+
+<!--more--> 
+
+<!--
+Members within a SIG have a shared interest in advancing a specific area, such as architecture, API machinery, or documentation.
+SIGs must follow the [SIG Governance](https://github.com/kubernetes/community/blob/master/sig-governance.md) guidelines but can have their own contribution policy and channels of communication.
+
+For more information, see the [kubernetes/community](https://github.com/kubernetes/community) repo and the current list of [SIGs and Working Groups](https://github.com/kubernetes/community/blob/master/sig-list.md).
+-->
+
+SIG 中的成员对推进某个领域（如体系结构、API 机制构件或者文档）具有相同的兴趣。
+SIGs 必须遵从 [SIG Governance](https://github.com/kubernetes/community/blob/master/sig-governance.md) 的规定，
+不过可以有自己的贡献策略以及通信渠道（方式）。
+
+更多的详细信息可参阅 [kubernetes/community](https://github.com/kubernetes/community) 仓库以及
+[SIGs 和工作组（Working Groups）](https://github.com/kubernetes/community/blob/master/sig-list.md)的最新列表。
+
diff --git a/content/zh/docs/reference/glossary/statefulset.md b/content/zh/docs/reference/glossary/statefulset.md
new file mode 100644
index 0000000000000..ff63c63ce16b7
--- /dev/null
+++ b/content/zh/docs/reference/glossary/statefulset.md
@@ -0,0 +1,49 @@
+---
+title: StatefulSet
+id: statefulset
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/statefulset/
+short_description: >
+ StatefulSet 用来管理 Deployment 和伸缩一组 Pod，并且能为这些 Pod 提供*序号和唯一性保证*。
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+- storage
+---
+
+<!--
+---
+title: StatefulSet
+id: statefulset
+date: 2018-04-12
+full_link: /docs/concepts/workloads/controllers/statefulset/
+short_description: >
+  Manages the deployment and scaling of a set of Pods, *and provides guarantees about the ordering and uniqueness* of these Pods.
+
+aka: 
+tags:
+- fundamental
+- core-object
+- workload
+- storage
+---
+-->
+
+ StatefulSet 用来管理 Deployment 和扩展一组 Pod，并且能为这些 Pod 提供*序号和唯一性保证*。
+ 
+<!--more--> 
+
+<!--
+Like a {{< glossary_tooltip term_id="deployment" >}}, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable&#58; each has a persistent identifier that it maintains across any rescheduling.
+-->
+
+和 {{< glossary_tooltip term_id="Deployment" >}} 相同的是，StatefulSet 管理了基于相同容器定义的一组 Pod。但和 Deployment 不同的是，StatefulSet 为它们的每个 Pod 维护了一个固定的 ID。这些 Pod 是基于相同的声明来创建的，但是不能相互替换：无论怎么调度，每个 Pod 都有一个永久不变的 ID。
+
+<!--
+A StatefulSet operates under the same pattern as any other Controller. You define your desired state in a StatefulSet *object*, and the StatefulSet *controller* makes any necessary updates to get there from the current state.
+-->
+
+StatefulSet 和其他控制器使用相同的工作模式。你在 StatefulSet *对象* 中定义你期望的状态，然后 StatefulSet 的 *控制器* 就会通过各种更新来达到那种你想要的状态。
+
diff --git a/content/zh/docs/reference/glossary/storage-class.md b/content/zh/docs/reference/glossary/storage-class.md
new file mode 100644
index 0000000000000..52886478eb038
--- /dev/null
+++ b/content/zh/docs/reference/glossary/storage-class.md
@@ -0,0 +1,40 @@
+<!--
+---
+title: Storage Class
+id: storageclass
+date: 2018-04-12
+full_link: /docs/concepts/storage/storage-classes
+short_description: >
+  A StorageClass provides a way for administrators to describe different available storage types.
+
+aka: 
+tags:
+- core-object
+- storage
+---
+  A StorageClass provides a way for administrators to describe different available storage types.
+-->
+
+---
+title: 存储类别
+id: storageclass
+date: 2018-04-12
+full_link: /docs/concepts/storage/storage-classes
+short_description: >
+  StorageClass 是管理员用来描述不同的可用存储类型的一种方法。
+
+aka: 
+tags:
+- core-object
+- storage
+---
+
+ StorageClass 是管理员用来描述不同的可用存储类型的一种方法。
+
+<!--more--> 
+<!--
+StorageClasses can map to quality-of-service levels, backup policies, or to arbitrary policies determined by cluster administrators. Each StorageClass contains the fields `provisioner`, `parameters`, and `reclaimPolicy`, which are used when a {{< glossary_tooltip text="Persistent Volume" term_id="persistent-volume" >}} belonging to the class needs to be dynamically provisioned. Users can request a particular class using the name of a StorageClass object.
+-->
+
+StorageClass 可以映射到服务质量等级（QoS）、备份策略、或者管理员随机定义的策略。每个 StorageClass 对象包含的域有  `provisioner`、 `parameters` 和 `reclaimPolicy`，属于该存储类别的 {{< glossary_tooltip text="永久卷" term_id="persistent-volume" >}} 需要动态分配时就要用到这些域参数。通过 StorageClass 对象的名称，用户可以请求他们需要的特定存储类别。 
+
diff --git a/content/zh/docs/reference/glossary/sysctl.md b/content/zh/docs/reference/glossary/sysctl.md
new file mode 100644
index 0000000000000..46a6dd98f32e9
--- /dev/null
+++ b/content/zh/docs/reference/glossary/sysctl.md
@@ -0,0 +1,51 @@
+---
+title: sysctl
+id: sysctl
+date: 2019-02-12
+full_link: /docs/tasks/administer-cluster/sysctl-cluster/
+short_description: >
+  用于获取和设置 Unix 内核参数的接口
+
+aka:
+tags:
+- 工具
+---
+
+<!--
+---
+title: sysctl
+id: sysctl
+date: 2019-02-12
+full_link: /docs/tasks/administer-cluster/sysctl-cluster/
+short_description: >
+  An interface for getting and setting Unix kernel parameters
+
+aka:
+tags:
+- tool
+---
+-->
+
+<!--
+ `sysctl` is a semi-standardized interface for reading or changing the
+ attributes of the running Unix kernel.
+-->
+
+  `sysctl` 是一个半标准化的接口，用于读取或更改正在运行的 Unix 内核的属性。
+
+<!--more-->
+
+<!--
+On Unix-like systems, `sysctl` is both the name of the tool that administrators
+use to view and modify these settings, and also the system call that the tool
+uses.
+-->
+
+在类 Unix 系统上， `sysctl` 既是管理员用于查看和修改这些设置的工具的名称，也是该工具所调用的系统调用的名称。
+
+<!--
+{{< glossary_tooltip text="Container" term_id="container" >}} runtimes and
+network plugins may rely on `sysctl` values being set a certain way.
+-->
+
+{{< glossary_tooltip text="容器" term_id="container" >}} 运行时和网络插件可能对 `sysctl` 的取值有一定的要求。
diff --git a/content/zh/docs/reference/glossary/uid.md b/content/zh/docs/reference/glossary/uid.md
new file mode 100755
index 0000000000000..4da74f8fadd34
--- /dev/null
+++ b/content/zh/docs/reference/glossary/uid.md
@@ -0,0 +1,42 @@
+---
+title: UID
+id: uid
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/names
+short_description: >
+  由 Kubernetes 系统生成、用来唯一标识对象的字符串。
+
+aka: 
+tags:
+- fundamental
+---
+
+<!--
+---
+title: UID
+id: uid
+date: 2018-04-12
+full_link: /docs/concepts/overview/working-with-objects/names
+short_description: >
+  A Kubernetes systems-generated string to uniquely identify objects.
+
+aka: 
+tags:
+- fundamental
+---
+-->
+
+<!--
+ A Kubernetes systems-generated string to uniquely identify objects.
+-->
+
+由 Kubernetes 系统生成、用来唯一标识对象的字符串。
+
+<!--more--> 
+
+<!--
+Every object created over the whole lifetime of a Kubernetes cluster has a distinct UID. It is intended to distinguish between historical occurrences of similar entities.
+-->
+
+在 Kubernetes 集群的整个生命周期中，每个被创建的对象都有不同的 UID。UID 用来区分相似实体的历史事件。
+
diff --git a/content/zh/docs/reference/glossary/upstream.md b/content/zh/docs/reference/glossary/upstream.md
new file mode 100644
index 0000000000000..7f2c7ded3e5f7
--- /dev/null
+++ b/content/zh/docs/reference/glossary/upstream.md
@@ -0,0 +1,27 @@
+---
+title: Upstream (disambiguation)
+id: upstream
+date: 2018-04-12
+full_link: 
+short_description: >
+  May refer to: core Kubernetes or the source repo from which a repo was forked.
+
+aka: 
+tags:
+- community
+---
+<!--
+ May refer to: core Kubernetes or the source repo from which a repo was forked.
+-->
+<!--more--> 
+<!--
+* In the **Kubernetes Community**: Conversations often use *upstream* to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools relies upon. For example, [community members](#term-member) may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
+* In **GitHub** or **git**: The convention is to refer to a source repo as *upstream*, whereas the forked repo is considered *downstream*.
+-->
+
+可以参考：核心 Kubernetes 仓库或作为当前仓库派生来源的来源仓库。
+
+<!-- 更多 -->
+
+* 在 **Kubernetes社区**：对话中通常使用 *upstream* 来表示核心 Kubernetes 代码库，也就是更广泛的 kubernetes 生态系统、其他代码或第三方工具所依赖的仓库。 例如，[社区成员](#term-member)可能会建议将某个功能特性贡献到 upstream，使其位于核心代码库中，而不是维护于插件或第三方工具中。
+* 在 **GitHub** 或 **git** 中：约定是将源仓库称为 *upstream*，而派生的仓库则被视为 *downstream*。
diff --git a/content/zh/docs/reference/glossary/volume-plugin.md b/content/zh/docs/reference/glossary/volume-plugin.md
new file mode 100755
index 0000000000000..ca4318d4ad205
--- /dev/null
+++ b/content/zh/docs/reference/glossary/volume-plugin.md
@@ -0,0 +1,44 @@
+---
+title: 卷（Volume）插件
+id: volumeplugin
+date: 2018-04-12
+full_link: 
+short_description: >
+  卷（Volume）插件可以让 Pod 集成存储。
+
+aka: 
+tags:
+- core-object
+- storage
+---
+
+<!--
+---
+title: Volume Plugin
+id: volumeplugin
+date: 2018-04-12
+full_link: 
+short_description: >
+  A Volume Plugin enables integration of storage within a Pod.
+
+aka: 
+tags:
+- core-object
+- storage
+---
+-->
+
+<!--
+ A Volume Plugin enables integration of storage within a {{< glossary_tooltip text="Pod" term_id="pod" >}}.
+-->
+
+卷插件可以让 {{< glossary_tooltip text="Pod" term_id="pod" >}} 集成存储。
+
+<!--more--> 
+
+<!--
+A Volume Plugin lets you attach and mount storage volumes for use by a {{< glossary_tooltip text="Pod" term_id="pod" >}}. Volume plugins can be _in tree_ or _out of tree_. _In tree_ plugins are part of the Kubernetes code repository and follow its release cycle. _Out of tree_ plugins are developed independently.
+-->
+
+卷插件让您能给 {{< glossary_tooltip text="Pod" term_id="pod" >}} 附加和挂载存储卷。卷插件既可以是 _in tree_ 也可以是 _out of tree_ 。_in tree_ 插件是 Kubernetes 代码库的一部分，并遵循其发布周期。而 _Out of tree_ 插件则是独立开发的。
+
diff --git a/content/zh/docs/reference/glossary/volume.md b/content/zh/docs/reference/glossary/volume.md
new file mode 100755
index 0000000000000..279626861d4e7
--- /dev/null
+++ b/content/zh/docs/reference/glossary/volume.md
@@ -0,0 +1,43 @@
+---
+title: 卷
+id: volume
+date: 2018-04-12
+full_link: /docs/concepts/storage/volumes/
+short_description: >
+  包含可被 Pod 中容器访问的数据的目录。
+
+aka: 
+tags:
+- core-object
+- fundamental
+---
+
+<!--
+title: Volume
+id: volume
+date: 2018-04-12
+full_link: /docs/concepts/storage/volumes/
+short_description: >
+  A directory containing data, accessible to the containers in a pod.
+
+aka: 
+tags:
+- core-object
+- fundamental
+-->
+
+<!--
+ A directory containing data, accessible to the containers in a {{< glossary_tooltip text="pod" term_id="pod" >}}.
+-->
+
+包含可被 {{< glossary_tooltip text="pod" term_id="pod" >}} 中容器访问的数据的目录。
+
+<!--more--> 
+<!--
+A Kubernetes volume lives as long as the {{< glossary_tooltip text="pod" term_id="pod" >}} that encloses it. Consequently, a volume outlives any {{< glossary_tooltip text="containers" term_id="container" >}} that run within the {{< glossary_tooltip text="pod" term_id="pod" >}}, and data is preserved across {{< glossary_tooltip text="container" term_id="container" >}} restarts. 
+-->
+
+每个 Kubernetes 卷在所处的{{< glossary_tooltip text="pod" term_id="pod" >}} 存在期间保持存在状态。
+因此，卷的生命期会超出 {{< glossary_tooltip text="pod" term_id="pod" >}} 中运行的{{< glossary_tooltip text="容器" term_id="container" >}}，
+并且保证{{< glossary_tooltip text="容器" term_id="container" >}}重启之后仍保留数据。
+
diff --git a/content/zh/docs/reference/glossary/wg.md b/content/zh/docs/reference/glossary/wg.md
new file mode 100644
index 0000000000000..9a42e77ab00a4
--- /dev/null
+++ b/content/zh/docs/reference/glossary/wg.md
@@ -0,0 +1,45 @@
+---
+title: WG (工作组)
+id: wg
+date: 2018-04-12
+full_link: https://github.com/kubernetes/community/blob/master/sig-list.md#master-working-group-list
+short_description: >
+  工作组是为了方便讨论和（或）推进执行一些短周期、窄范围、或者从委员会和 SIG 分离出来的项目、以及跨 SIG 的活动。
+ 
+aka: 
+tags:
+- community
+---
+
+<!--
+---
+title: WG (working group)
+id: wg
+date: 2018-04-12
+full_link: https://github.com/kubernetes/community/blob/master/sig-list.md#master-working-group-list
+short_description: >
+  Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIG, or cross-SIG effort.
+
+aka: 
+tags:
+- community
+---
+-->
+
+<!--
+ Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, {{< glossary_tooltip text="SIG" term_id="sig" >}}, or cross-SIG effort.
+-->
+
+工作组是为了方便讨论和（或）推进执行一些短周期、窄范围、或者从委员会和 SIG 分离出来的项目、以及跨 SIG 的活动。
+
+<!--more--> 
+
+<!--
+Working groups are a way of organizing people to accomplish a discrete task, and are relatively easy to create and deprecate when inactive.
+
+For more information, see the [kubernetes/community](https://github.com/kubernetes/community) repo and the current list of [SIGs and working groups](https://github.com/kubernetes/community/blob/master/sig-list.md).
+-->
+
+工作组可以将人们组织起来，一起完成一项分散的任务。它组建简单，完成任务即可解散。
+
+更多信息请参考 [kubernetes/community](https://github.com/kubernetes/community) 代码库和当前的 [SIGs 和工作组](https://github.com/kubernetes/community/blob/master/sig-list.md) 列表。
diff --git a/content/zh/docs/reference/issues-security/_index.md b/content/zh/docs/reference/issues-security/_index.md
index 382a4ed66da36..b4f4e0c193cfe 100644
--- a/content/zh/docs/reference/issues-security/_index.md
+++ b/content/zh/docs/reference/issues-security/_index.md
@@ -2,4 +2,12 @@
 title: Kubernetes 问题和安全
 weight: 10
 toc-hide: true
----
\ No newline at end of file
+---
+
+<!--
+---
+title: Kubernetes Issues and Security
+weight: 10
+toc-hide: true
+---
+-->
diff --git a/content/zh/docs/reference/issues-security/issues.md b/content/zh/docs/reference/issues-security/issues.md
new file mode 100644
index 0000000000000..7976be7684892
--- /dev/null
+++ b/content/zh/docs/reference/issues-security/issues.md
@@ -0,0 +1,16 @@
+---
+title: Kubernetes 问题追踪
+weight: 10
+---
+
+<!--
+---
+title: Kubernetes Issue Tracker
+weight: 10
+---
+-->
+
+<!--
+Work on Kubernetes code is tracked using [GitHub Issues](https://github.com/kubernetes/kubernetes/issues/).
+-->
+Kubernetes 代码的问题追踪基于 [GitHub Issues](https://github.com/kubernetes/kubernetes/issues/) 进行。
diff --git a/content/zh/docs/reference/issues-security/security.md b/content/zh/docs/reference/issues-security/security.md
new file mode 100644
index 0000000000000..a0fe43786a61a
--- /dev/null
+++ b/content/zh/docs/reference/issues-security/security.md
@@ -0,0 +1,129 @@
+---
+title: Kubernetes 安全和信息披露
+aliases: [/security/]
+content_template: templates/concept
+weight: 20
+---
+
+<!--
+---
+title: Kubernetes Security and Disclosure Information
+aliases: [/security/]
+reviewers:
+- eparis
+- erictune
+- philips
+- jessfraz
+content_template: templates/concept
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page describes Kubernetes security and disclosure information.
+-->
+本页面介绍 Kubernetes 安全和信息披露相关的内容。
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+## Security Announcements
+-->
+## 安全公告
+
+<!--
+Join the [kubernetes-announce](https://groups.google.com/forum/#!forum/kubernetes-announce) group for emails about security and major API announcements.
+-->
+加入 [kubernets-announce](https://groups.google.com/forum/#!forum/kubernetes-announce) 组，以获取关于安全性和主要 API 公告的电子邮件。
+
+<!--
+## Report a Vulnerability
+-->
+## 报告一个漏洞
+
+<!--
+We’re extremely grateful for security researchers and users that report vulnerabilities to the Kubernetes Open Source Community. All reports are thoroughly investigated by a set of community volunteers.
+-->
+我们非常感谢向 Kubernetes 开源社区报告漏洞的安全研究人员和用户。
+所有的报告都由社区志愿者进行彻底调查。
+
+<!--
+To make a report, please email the private [security@kubernetes.io](mailto:security@kubernetes.io) list with the security details and the details expected for [all Kubernetes bug reports](https://git.k8s.io/kubernetes/.github/ISSUE_TEMPLATE/bug-report.md).
+-->
+如需报告，请连同安全细节以及预期的[所有 Kubernetes bug 报告](https://git.k8s.io/kubernetes/.github/ISSUE_TEMPLATE/bug-report.md)详细信息电邮到[security@kubernetes.io](mailto:security@kubernetes.io) 列表。
+
+<!--
+You may encrypt your email to this list using the GPG keys of the [Product Security Team members](https://git.k8s.io/sig-release/security-release-process-documentation/security-release-process.md#product-security-team-pst). Encryption using GPG is NOT required to make a disclosure.
+-->
+您可以使用[产品安全团队成员](https://git.k8s.io/sig-release/security-release-process-documentation/security-release-process.md#product-security-team-pst)的 GPG 密钥加密您的电子邮件到此列表。
+使用 GPG 加密不需要公开。
+
+<!--
+### When Should I Report a Vulnerability?
+-->
+### 我应该在什么时候报告漏洞？
+
+<!--
+- You think you discovered a potential security vulnerability in Kubernetes
+- You are unsure how a vulnerability affects Kubernetes
+- You think you discovered a vulnerability in another project that Kubernetes depends on (e.g. docker, rkt, etcd)
+-->
+- 您认为在 Kubernetes 中发现了一个潜在的安全漏洞
+- 您不确定漏洞如何影响 Kubernetes
+- 您认为您在 Kubernetes 依赖的另一个项目中发现了一个漏洞（例如 docker、rkt、etcd）
+
+<!--
+### When Should I NOT Report a Vulnerability?
+-->
+### 我什么时候不应该报告漏洞？
+
+<!--
+- You need help tuning Kubernetes components for security
+- You need help applying security related updates
+- Your issue is not security related
+-->
+- 您需要帮助调整 Kubernetes 组件的安全性
+- 您需要帮助应用与安全相关的更新
+- 您的问题与安全无关
+
+<!--
+## Security Vulnerability Response
+-->
+## 安全漏洞响应
+
+<!--
+Each report is acknowledged and analyzed by Product Security Team members within 3 working days. This will set off the [Security Release Process](https://git.k8s.io/sig-release/security-release-process-documentation/security-release-process.md#disclosures).
+-->
+每个报告在 3 个工作日内由产品安全团队成员确认和分析。这将启动[安全发布过程](https://git.k8s.io/sig-release/security-release-process-documentation/security-release-process.md#disclosures)。
+
+<!--
+Any vulnerability information shared with Product Security Team stays within Kubernetes project and will not be disseminated to other projects unless it is necessary to get the issue fixed.
+-->
+与产品安全团队共享的任何漏洞信息都保留在 Kubernetes 项目中，除非有必要修复该问题，否则不会传播到其他项目。
+
+<!--
+As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated.
+-->
+随着安全问题从分类、识别修复、发布计划等方面的进展，我们将不断更新报告。
+
+<!--
+## Public Disclosure Timing
+-->
+## 公开披露时间
+
+<!--
+A public disclosure date is negotiated by the Kubernetes product security team and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation is available.
+-->
+公开披露日期由 Kubernetes 产品安全团队和 bug 提交者协商。我们倾向于在用户缓解措施可用时尽快完全披露该 bug。
+
+<!--
+It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for vendor coordination. 
+-->
+当 bug 或其修复还没有被完全理解，解决方案没有经过良好的测试，或者为了处理供应商协调问题时，延迟披露是合理的。
+
+<!--
+The timeframe for disclosure is from immediate (especially if it's already publicly known) to a few weeks. As a basic default, we expect report date to disclosure date to be on the order of 7 days. The Kubernetes product security team holds the final say when setting a disclosure date.
+-->
+信息披露的时间范围从即时（尤其是已经公开的）到几周。作为一个基本的约定，我们希望报告日期到披露日期的间隔是 7 天。在设置披露日期时，Kubernetes 产品安全团队拥有最终决定权。
+{{% /capture %}}
diff --git a/content/zh/docs/reference/kubectl/_index.md b/content/zh/docs/reference/kubectl/_index.md
index 7b6c2d720b12a..fb61e32478d09 100755
--- a/content/zh/docs/reference/kubectl/_index.md
+++ b/content/zh/docs/reference/kubectl/_index.md
@@ -1,5 +1,11 @@
 ---
-title: "kubectl CLI"
+title: "kubectl 命令行界面"
 weight: 60
 ---
 
+<!--
+---
+title: "kubectl CLI"
+weight: 60
+---
+-->
diff --git a/content/zh/docs/reference/kubectl/cheatsheet.md b/content/zh/docs/reference/kubectl/cheatsheet.md
new file mode 100644
index 0000000000000..ab949d4b5ec28
--- /dev/null
+++ b/content/zh/docs/reference/kubectl/cheatsheet.md
@@ -0,0 +1,663 @@
+---
+title: kubectl Cheat Sheet
+reviewers:
+- bgrant0607
+- erictune
+- krousey
+- clove
+content_template: templates/concept
+---
+
+{{% capture overview %}}
+
+<!--
+See also: [Kubectl Overview](/docs/reference/kubectl/overview/) and [JsonPath Guide](/docs/reference/kubectl/jsonpath).
+-->
+也可以看下：[Kubectl 概述](/docs/reference/kubectl/overview/) 和 [JsonPath 指南](/docs/reference/kubectl/jsonpath)。
+
+<!--
+This page is an overview of the `kubectl` command.
+-->
+本页面是 `kubectl` 命令的概述。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+# kubectl - Cheat Sheet
+
+<!--
+## Kubectl Autocomplete
+-->
+## Kubectl 自动补全
+
+### BASH
+
+<!--
+```bash
+source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.
+echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.
+```
+-->
+```bash
+source <(kubectl completion bash) # 在 bash 中设置当前 shell 的自动补全，要先安装 bash-completion 包。
+echo "source <(kubectl completion bash)" >> ~/.bashrc # 在您的 bash shell 中永久的添加自动补全
+```
+
+### ZSH
+
+<!--
+```bash
+source <(kubectl completion zsh)  # setup autocomplete in zsh into the current shell
+echo "if [ $commands[kubectl] ]; then source <(kubectl completion zsh); fi" >> ~/.zshrc # add autocomplete permanently to your zsh shell
+```
+-->
+```bash
+source <(kubectl completion zsh)  # 在 zsh 中设置当前 shell 的自动补全
+echo "if [ $commands[kubectl] ]; then source <(kubectl completion zsh); fi" >> ~/.zshrc # 在您的 zsh shell 中永久的添加自动补全
+```
+
+<!--
+## Kubectl Context and Configuration
+
+Set which Kubernetes cluster `kubectl` communicates with and modifies configuration
+information. See [Authenticating Across Clusters with kubeconfig](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) documentation for
+detailed config file information.
+-->
+##  Kubectl 上下文和配置
+
+设置 `kubectl` 与哪个 Kubernetes 集群进行通信并修改配置信息。查看 [使用 kubeconfig 跨集群授权访问
+](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) 文档获取详情配置文件信息。
+
+<!--
+```bash
+kubectl config view # Show Merged kubeconfig settings.
+
+# use multiple kubeconfig files at the same time and view merged config
+KUBECONFIG=~/.kube/config:~/.kube/kubconfig2 kubectl config view
+
+# Get the password for the e2e user
+kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
+
+kubectl config current-context              # Display the current-context
+kubectl config use-context my-cluster-name  # set the default context to my-cluster-name
+
+# add a new cluster to your kubeconf that supports basic auth
+kubectl config set-credentials kubeuser/foo.kubernetes.com --username=kubeuser --password=kubepassword
+
+# set a context utilizing a specific username and namespace.
+kubectl config set-context gce --user=cluster-admin --namespace=foo \
+  && kubectl config use-context gce
+```
+-->
+```bash
+kubectl config view # 显示合并的 kubeconfig 配置。
+
+# 同时使用多个 kubeconfig 文件并查看合并的配置
+KUBECONFIG=~/.kube/config:~/.kube/kubconfig2 kubectl config view
+
+# 获取 e2e 用户的密码
+kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
+
+kubectl config current-context              # 展示当前所处的上下文
+kubectl config use-context my-cluster-name  # 设置默认的上下文为 my-cluster-name
+
+# 添加新的集群配置到 kubeconf 中，使用 basic auth 进行鉴权
+kubectl config set-credentials kubeuser/foo.kubernetes.com --username=kubeuser --password=kubepassword
+
+# 使用特定的用户名和命名空间设置上下文。
+kubectl config set-context gce --user=cluster-admin --namespace=foo \
+  && kubectl config use-context gce
+```
+
+<!--
+## Creating Objects
+
+Kubernetes manifests can be defined in json or yaml. The file extension `.yaml`,
+`.yml`, and `.json` can be used.
+-->
+## 创建对象
+
+Kubernetes 配置可以用 json 或 yaml 定义。可以使用的文件扩展名有 `.yaml`，
+`.yml` 和 `.json` 。
+
+<!--
+```bash
+kubectl create -f ./my-manifest.yaml           # create resource(s)
+kubectl create -f ./my1.yaml -f ./my2.yaml     # create from multiple files
+kubectl create -f ./dir                        # create resource(s) in all manifest files in dir
+kubectl create -f https://git.io/vPieo         # create resource(s) from url
+kubectl run nginx --image=nginx                # start a single instance of nginx
+kubectl explain pods,svc                       # get the documentation for pod and svc manifests
+
+# Create multiple YAML objects from stdin
+cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox-sleep
+spec:
+  containers:
+  - name: busybox
+    image: busybox
+    args:
+    - sleep
+    - "1000000"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox-sleep-less
+spec:
+  containers:
+  - name: busybox
+    image: busybox
+    args:
+    - sleep
+    - "1000"
+EOF
+
+# Create a secret with several keys
+cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysecret
+type: Opaque
+data:
+  password: $(echo -n "s33msi4" | base64 -w0)
+  username: $(echo -n "jane" | base64 -w0)
+EOF
+
+```
+-->
+```bash
+kubectl create -f ./my-manifest.yaml           # 创建资源
+kubectl create -f ./my1.yaml -f ./my2.yaml     # 使用多个文件创建
+kubectl create -f ./dir                        # 从目录下的全部配置文件创建资源
+kubectl create -f https://git.io/vPieo         # 从 url 中创建资源
+kubectl run nginx --image=nginx                # 启动单实例 nginx
+kubectl explain pods,svc                       # 获取 pod，svc 配置的文档说明
+
+# 从标准输入中的多个 YAML 对象中创建
+cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox-sleep
+spec:
+  containers:
+  - name: busybox
+    image: busybox
+    args:
+    - sleep
+    - "1000000"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox-sleep-less
+spec:
+  containers:
+  - name: busybox
+    image: busybox
+    args:
+    - sleep
+    - "1000"
+EOF
+
+# 创建有多个 key 的 Secret
+cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysecret
+type: Opaque
+data:
+  password: $(echo -n "s33msi4" | base64 -w0)
+  username: $(echo -n "jane" | base64 -w0)
+EOF
+
+```
+<!--
+## Viewing, Finding Resources
+-->
+## 获取和查找资源
+
+<!--
+```bash
+# Get commands with basic output
+kubectl get services                          # List all services in the namespace
+kubectl get pods --all-namespaces             # List all pods in all namespaces
+kubectl get pods -o wide                      # List all pods in the namespace, with more details
+kubectl get deployment my-dep                 # List a particular deployment
+kubectl get pods --include-uninitialized      # List all pods in the namespace, including uninitialized ones
+
+# Describe commands with verbose output
+kubectl describe nodes my-node
+kubectl describe pods my-pod
+
+kubectl get services --sort-by=.metadata.name # List Services Sorted by Name
+
+# List pods Sorted by Restart Count
+kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'
+
+# Get the version label of all pods with label app=cassandra
+kubectl get pods --selector=app=cassandra rc -o \
+  jsonpath='{.items[*].metadata.labels.version}'
+
+# Get all running pods in the namespace
+kubectl get pods --field-selector=status.phase=Running
+
+# Get ExternalIPs of all nodes
+kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'
+
+# List Names of Pods that belong to Particular RC
+# "jq" command useful for transformations that are too complex for jsonpath, it can be found at https://stedolan.github.io/jq/
+sel=${$(kubectl get rc my-rc --output=json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}
+echo $(kubectl get pods --selector=$sel --output=jsonpath={.items..metadata.name})
+
+# Check which nodes are ready
+JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
+ && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
+
+# List all Secrets currently in use by a pod
+kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq
+
+# List Events sorted by timestamp
+kubectl get events --sort-by=.metadata.creationTimestamp
+```
+-->
+```bash
+# 使用 get 命令获取基本输出
+kubectl get services                          # 列出当前命名空间下的所有 services
+kubectl get pods --all-namespaces             # 列出所有命名空间下的全部的 pods
+kubectl get pods -o wide                      # 列出当前命名空间下的全部 pods，有更多的详细信息
+kubectl get deployment my-dep                 # 列出某个特定的 deployment
+kubectl get pods --include-uninitialized      # 列出当前命名空间下的全部 pods，包含未初始化的
+
+# 使用 describe 命令获取详细输出
+kubectl describe nodes my-node
+kubectl describe pods my-pod
+
+kubectl get services --sort-by=.metadata.name # 列出当前命名空间下所有 services，按照名称排序
+
+# 列出 pods 按照重启次数进行排序
+kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'
+
+# 获取包含 app=cassandra 标签全部 pods 的 version 标签
+kubectl get pods --selector=app=cassandra rc -o \
+  jsonpath='{.items[*].metadata.labels.version}'
+
+# 获取当前命名空间中正在运行的 pods
+kubectl get pods --field-selector=status.phase=Running
+
+# 获取全部 node 的 ExternalIP 地址
+kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'
+
+# 列出属于某个特定 RC 的 pods 的名称
+# "jq" 命令对于 jsonpath 过于复杂的转换非常有用，可以在 https://stedolan.github.io/jq/ 找到它。
+sel=${$(kubectl get rc my-rc --output=json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}
+echo $(kubectl get pods --selector=$sel --output=jsonpath={.items..metadata.name})
+
+# 检查哪些节点处于 ready
+JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
+ && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
+
+# 列出被一个 pod 使用的全部 secret
+kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq
+
+# 列出 events，按照创建时间排序
+kubectl get events --sort-by=.metadata.creationTimestamp
+```
+
+<!--
+## Updating Resources
+
+As of version 1.11 `rolling-update` have been deprecated (see [CHANGELOG-1.11.md](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md)), use `rollout` instead.
+-->
+## 更新资源
+
+从版本 1.11 开始，`rolling-update` 已被弃用（参见[CHANGELOG-1.11.md]（https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md）），请使用 `rollout` 代替。
+
+<!--
+```bash
+kubectl set image deployment/frontend www=image:v2               # Rolling update "www" containers of "frontend" deployment, updating the image
+kubectl rollout undo deployment/frontend                         # Rollback to the previous deployment
+kubectl rollout status -w deployment/frontend                    # Watch rolling update status of "frontend" deployment until completion
+
+# deprecated starting version 1.11
+kubectl rolling-update frontend-v1 -f frontend-v2.json           # (deprecated) Rolling update pods of frontend-v1
+kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2  # (deprecated) Change the name of the resource and update the image
+kubectl rolling-update frontend --image=image:v2                 # (deprecated) Update the pods image of frontend
+kubectl rolling-update frontend-v1 frontend-v2 --rollback        # (deprecated) Abort existing rollout in progress
+
+cat pod.json | kubectl replace -f -                              # Replace a pod based on the JSON passed into std
+
+# Force replace, delete and then re-create the resource. Will cause a service outage.
+kubectl replace --force -f ./pod.json
+
+# Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000
+kubectl expose rc nginx --port=80 --target-port=8000
+
+# Update a single-container pod's image version (tag) to v4
+kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -
+
+kubectl label pods my-pod new-label=awesome                      # Add a Label
+kubectl annotate pods my-pod icon-url=http://goo.gl/XXBTWq       # Add an annotation
+kubectl autoscale deployment foo --min=2 --max=10                # Auto scale a deployment "foo"
+```
+-->
+```bash
+kubectl set image deployment/frontend www=image:v2               # 滚动更新 "frontend" deployment 的 "www" 容器镜像
+kubectl rollout undo deployment/frontend                         # 回滚到上次部署
+kubectl rollout status -w deployment/frontend                    # Watch "frontend" deployment 的滚动升级状态直到完成
+
+# 从 1.11 版本开始弃用
+kubectl rolling-update frontend-v1 -f frontend-v2.json           # (弃用) 滚动升级 frontend-v1 的 pods
+kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2  # (弃用) 修改资源的名称并更新镜像
+kubectl rolling-update frontend --image=image:v2                 # (弃用) 更新 frontend 的 pods 的镜像
+kubectl rolling-update frontend-v1 frontend-v2 --rollback        # (弃用) 终止已经进行中的 rollout
+
+cat pod.json | kubectl replace -f -                              # 通过传入到标准输入的 JSON 来替换 pod
+
+# 强制进行替换，会删除然后再创建资源，会导致服务不可用。
+kubectl replace --force -f ./pod.json
+
+# 为多副本的 nginx 创建服务，使用 80 端口提供服务，连接到容器的 8000 端口。
+kubectl expose rc nginx --port=80 --target-port=8000
+
+# 更新单容器 pod 的镜像标签到 v4
+kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -
+
+kubectl label pods my-pod new-label=awesome                      # 添加标签
+kubectl annotate pods my-pod icon-url=http://goo.gl/XXBTWq       # 添加注解
+kubectl autoscale deployment foo --min=2 --max=10                # 使 "foo" deployment 自动伸缩容
+```
+
+<!--
+## Patching Resources
+-->
+## 局部更新资源
+
+<!--
+```bash
+kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}' # Partially update a node
+
+# Update a container's image; spec.containers[*].name is required because it's a merge key
+kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
+
+# Update a container's image using a json patch with positional arrays
+kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
+
+# Disable a deployment livenessProbe using a json patch with positional arrays
+kubectl patch deployment valid-deployment  --type json   -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/livenessProbe"}]'
+
+# Add a new element to a positional array 
+kubectl patch sa default --type='json' -p='[{"op": "add", "path": "/secrets/1", "value": {"name": "whatever" } }]'
+```
+-->
+```bash
+kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}' # 部分更新 node 
+
+# 更新容器的镜像；spec.containers[*].name 是必须的因为它是一个合并 key。
+kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
+
+# 使用带位置数组的 json patch 更新容器的镜像
+kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
+
+# 使用带位置数组的 json patch 禁用 deployment 的 livenessProbe
+kubectl patch deployment valid-deployment  --type json   -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/livenessProbe"}]'
+
+# 在带位置数组中添加元素
+kubectl patch sa default --type='json' -p='[{"op": "add", "path": "/secrets/1", "value": {"name": "whatever" } }]'
+```
+
+<!--
+## Editing Resources
+The edit any API resource in an editor.
+
+```bash
+kubectl edit svc/docker-registry                      # Edit the service named docker-registry
+KUBE_EDITOR="nano" kubectl edit svc/docker-registry   # Use an alternative editor
+```
+-->
+## 编辑资源
+在编辑器中编辑任何 API 资源
+
+```bash
+kubectl edit svc/docker-registry                      # 编辑名为 docker-registry 的 service
+KUBE_EDITOR="nano" kubectl edit svc/docker-registry   # 使用其他编辑器
+```
+
+<!--
+## Scaling Resources
+
+```bash
+kubectl scale --replicas=3 rs/foo                                 # Scale a replicaset named 'foo' to 3
+kubectl scale --replicas=3 -f foo.yaml                            # Scale a resource specified in "foo.yaml" to 3
+kubectl scale --current-replicas=2 --replicas=3 deployment/mysql  # If the deployment named mysql's current size is 2, scale mysql to 3
+kubectl scale --replicas=5 rc/foo rc/bar rc/baz                   # Scale multiple replication controllers
+```
+-->
+## 对资源进行伸缩
+
+```bash
+kubectl scale --replicas=3 rs/foo                                 # 将名为 'foo' 的副本集伸缩到 3 副本
+kubectl scale --replicas=3 -f foo.yaml                            # 将在 "foo.yaml" 中的特定资源伸缩到 3 个副本
+kubectl scale --current-replicas=2 --replicas=3 deployment/mysql  # 如果名为 mysql 的 deployment 的副本当前是 2，那么将它伸缩到 3
+kubectl scale --replicas=5 rc/foo rc/bar rc/baz                   # 伸缩多个 replication controllers
+```
+
+<!--
+## Deleting Resources
+
+```bash
+kubectl delete -f ./pod.json                                              # Delete a pod using the type and name specified in pod.json
+kubectl delete pod,service baz foo                                        # Delete pods and services with same names "baz" and "foo"
+kubectl delete pods,services -l name=myLabel                              # Delete pods and services with label name=myLabel
+kubectl delete pods,services -l name=myLabel --include-uninitialized      # Delete pods and services, including uninitialized ones, with label name=myLabel
+kubectl -n my-ns delete po,svc --all                                      # Delete all pods and services, including uninitialized ones, in namespace my-ns,
+```
+-->
+## 删除资源
+
+```bash
+kubectl delete -f ./pod.json                                              # 删除在 pod.json 中指定的类型和名称的 pod
+kubectl delete pod,service baz foo                                        # 删除名称为 "baz" 和 "foo" 的 pod 和 service
+kubectl delete pods,services -l name=myLabel                              # 删除包含 name=myLabel 标签的 pods 和 services
+kubectl delete pods,services -l name=myLabel --include-uninitialized      # 删除包含 label name=myLabel 标签的 pods 和 services，包括未初始化的
+kubectl -n my-ns delete po,svc --all                                      # 删除在 my-ns 命名空间中全部的 pods 和 services ，包括未初始化的
+```
+
+<!--
+## Interacting with running Pods
+
+```bash
+kubectl logs my-pod                                 # dump pod logs (stdout)
+kubectl logs my-pod --previous                      # dump pod logs (stdout) for a previous instantiation of a container
+kubectl logs my-pod -c my-container                 # dump pod container logs (stdout, multi-container case)
+kubectl logs my-pod -c my-container --previous      # dump pod container logs (stdout, multi-container case) for a previous instantiation of a container
+kubectl logs -f my-pod                              # stream pod logs (stdout)
+kubectl logs -f my-pod -c my-container              # stream pod container logs (stdout, multi-container case)
+kubectl run -i --tty busybox --image=busybox -- sh  # Run pod as interactive shell
+kubectl attach my-pod -i                            # Attach to Running Container
+kubectl port-forward my-pod 5000:6000               # Listen on port 5000 on the local machine and forward to port 6000 on my-pod
+kubectl exec my-pod -- ls /                         # Run command in existing pod (1 container case)
+kubectl exec my-pod -c my-container -- ls /         # Run command in existing pod (multi-container case)
+kubectl top pod POD_NAME --containers               # Show metrics for a given pod and its containers
+```
+-->
+## 与运行中的 Pods 进行交互
+
+```bash
+kubectl logs my-pod                                 # 获取 pod 日志(标准输出)
+kubectl logs my-pod --previous                      # 获取上个容器实例的 pod 日志(标准输出)
+kubectl logs my-pod -c my-container                 # 获取 pod 的容器日志 (标准输出, 多容器的场景)
+kubectl logs my-pod -c my-container --previous      # 获取 pod 的上个容器实例日志 (标准输出, 多容器的场景)
+kubectl logs -f my-pod                              # 流式输出 pod 的日志 (标准输出)
+kubectl logs -f my-pod -c my-container              # 流式输出 pod 容器的日志 (标准输出, 多容器的场景)
+kubectl run -i --tty busybox --image=busybox -- sh  # 以交互式 shell 运行 Pod
+kubectl attach my-pod -i                            # 进入到一个运行中的容器中
+kubectl port-forward my-pod 5000:6000               # 在本地计算机上侦听端口 5000 并转发到 my-pod 上的端口 6000
+kubectl exec my-pod -- ls /                         # 在已有的 pod 中运行命令(单容器的场景)
+kubectl exec my-pod -c my-container -- ls /         # 在已有的 pod 中运行命令(多容器的场景)
+kubectl top pod POD_NAME --containers               # 显示给定 pod 和容器的监控数据
+```
+
+<!--
+## Interacting with Nodes and Cluster
+
+```bash
+kubectl cordon my-node                                                # Mark my-node as unschedulable
+kubectl drain my-node                                                 # Drain my-node in preparation for maintenance
+kubectl uncordon my-node                                              # Mark my-node as schedulable
+kubectl top node my-node                                              # Show metrics for a given node
+kubectl cluster-info                                                  # Display addresses of the master and services
+kubectl cluster-info dump                                             # Dump current cluster state to stdout
+kubectl cluster-info dump --output-directory=/path/to/cluster-state   # Dump current cluster state to /path/to/cluster-state
+
+# If a taint with that key and effect already exists, its value is replaced as specified.
+kubectl taint nodes foo dedicated=special-user:NoSchedule
+```
+-->
+## 与节点和集群进行交互
+
+```bash
+kubectl cordon my-node                                                # 设置 my-node 节点为不可调度
+kubectl drain my-node                                                 # 对 my-node 节点进行驱逐操作，为节点维护做准备
+kubectl uncordon my-node                                              # 设置 my-node 节点为可以调度
+kubectl top node my-node                                              # 显示指定节点的监控数据
+kubectl cluster-info                                                  # 限制 master 和 services 的地址
+kubectl cluster-info dump                                             # 将当前集群状态输出到标准输出
+kubectl cluster-info dump --output-directory=/path/to/cluster-state   # 将当前集群状态输出到 /path/to/cluster-state
+
+# 如果已存在具有该键和效果的污点，则其值将按指定替换
+kubectl taint nodes foo dedicated=special-user:NoSchedule
+```
+
+<!--
+### Resource types
+
+List all supported resource types along with their shortnames, [API group](/docs/concepts/overview/kubernetes-api/#api-groups), whether they are [namespaced](/docs/concepts/overview/working-with-objects/namespaces), and [Kind](/docs/concepts/overview/working-with-objects/kubernetes-objects):
+
+```bash
+kubectl api-resources
+```
+
+Other operations for exploring API resources:
+
+```bash
+kubectl api-resources --namespaced=true      # All namespaced resources
+kubectl api-resources --namespaced=false     # All non-namespaced resources
+kubectl api-resources -o name                # All resources with simple output (just the resource name)
+kubectl api-resources -o wide                # All resources with expanded (aka "wide") output
+kubectl api-resources --verbs=list,get       # All resources that support the "list" and "get" request verbs
+kubectl api-resources --api-group=extensions # All resources in the "extensions" API group
+```
+-->
+### 资源类型
+
+列出全部支持的资源类型和它们的简称, [API group](/docs/concepts/overview/kubernetes-api/#api-groups), 无论它们是否是 [namespaced](/docs/concepts/overview/working-with-objects/namespaces), [Kind](/docs/concepts/overview/working-with-objects/kubernetes-objects):
+
+```bash
+kubectl api-resources
+```
+
+用于探索 API 资源的其他操作：
+
+```bash
+kubectl api-resources --namespaced=true      # 所有在命名空间中的资源
+kubectl api-resources --namespaced=false     # 所有不在命名空间中的资源
+kubectl api-resources -o name                # 输出简单的所有资源（只是资源名称）
+kubectl api-resources -o wide                # 具有扩展（又称 "wide"）输出的所有资源
+kubectl api-resources --verbs=list,get       # 支持"list"和"get"请求动词的所有资源
+kubectl api-resources --api-group=extensions # "extensions" API组中的所有资源
+```
+
+<!--
+### Formatting output
+
+To output details to your terminal window in a specific format, you can add either the `-o` or `--output` flags to a supported `kubectl` command.
+
+Output format | Description
+--------------| -----------
+`-o=custom-columns=<spec>` | Print a table using a comma separated list of custom columns
+`-o=custom-columns-file=<filename>` | Print a table using the custom columns template in the `<filename>` file
+`-o=json`     | Output a JSON formatted API object
+`-o=jsonpath=<template>` | Print the fields defined in a [jsonpath](/docs/reference/kubectl/jsonpath) expression
+`-o=jsonpath-file=<filename>` | Print the fields defined by the [jsonpath](/docs/reference/kubectl/jsonpath) expression in the `<filename>` file
+`-o=name`     | Print only the resource name and nothing else
+`-o=wide`     | Output in the plain-text format with any additional information, and for pods, the node name is included
+`-o=yaml`     | Output a YAML formatted API object
+-->
+### 格式化输出
+
+要以特定格式将详细信息输出到终端窗口，可以将 `-o` 或 `--output` 参数添加到支持的 `kubectl` 命令.
+
+输出格式 | 描述
+--------------| -----------
+`-o=custom-columns=<spec>` | 使用逗号分隔的自定义列列表打印表格
+`-o=custom-columns-file=<filename>` | 使用 `<filename>` 文件中的自定义列模板打印表格
+`-o=json`     | 输出 JSON 格式的 API 对象
+`-o=jsonpath=<template>` | 打印 [jsonpath](/docs/reference/kubectl/jsonpath) 表达式中定义的字段
+`-o=jsonpath-file=<filename>` | 打印 `<filename>` 文件中 [jsonpath](/docs/reference/kubectl/jsonpath) 表达式定义的字段
+`-o=name`     | 仅打印资源名称而不打印任何其他内容
+`-o=wide`     | 使用任何其他信息以纯文本格式输出，对于 pod 来说，包含了节点名称
+`-o=yaml`     | 输出 YAML 格式的 API 对象
+
+<!--
+### Kubectl output verbosity and debugging
+
+Kubectl verbosity is controlled with the `-v` or `--v` flags followed by an integer representing the log level. General Kubernetes logging conventions and the associated log levels are described [here](https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md).
+
+Verbosity | Description
+--------------| -----------
+`--v=0` | Generally useful for this to ALWAYS be visible to an operator.
+`--v=1` | A reasonable default log level if you don't want verbosity.
+`--v=2` | Useful steady state information about the service and important log messages that may correlate to significant changes in the system. This is the recommended default log level for most systems.
+`--v=3` | Extended information about changes.
+`--v=4` | Debug level verbosity.
+`--v=6` | Display requested resources.
+`--v=7` | Display HTTP request headers.
+`--v=8` | Display HTTP request contents.
+`--v=9` | Display HTTP request contents without truncation of contents.
+-->
+### Kubectl 日志输出详细程度和调试
+
+Kubectl 日志输出详细程度是通过 `-v` 或者 `--v` 来控制的，参数后跟了一个数字表示日志的级别。Kubernetes 通用的日志习惯和相关的日志级别在 [这里](https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md) 有相应的描述。
+
+详细程度 | 描述
+--------------| -----------
+`--v=0` | 通常对此有用，始终对运维人员可见。
+`--v=1` | 如果您不想要详细程度，则为合理的默认日志级别。
+`--v=2` | 有关服务的有用稳定状态信息以及可能与系统中的重大更改相关的重要日志消息。这是大多数系统的建议默认日志级别。
+`--v=3` | 有关更改的扩展信息。
+`--v=4` | Debug 级别。
+`--v=6` | 显示请求的资源。
+`--v=7` | 显示 HTTP 请求头。
+`--v=8` | 显示 HTTP 请求内容。
+`--v=9` | 显示 HTTP 请求内容而不截断内容。
+
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about [Overview of kubectl](/docs/reference/kubectl/overview/).
+
+* See [kubectl](/docs/reference/kubectl/kubectl/) options.
+
+* Also [kubectl Usage Conventions](/docs/reference/kubectl/conventions/) to understand how to use it in reusable scripts.
+
+* See more community [kubectl cheatsheets](https://github.com/dennyzhang/cheatsheet-kubernetes-A4).
+-->
+* 学习更多关于 [kubectl 概述](/docs/reference/kubectl/overview/)。
+
+* 查看 [kubectl](/docs/reference/kubectl/kubectl/) 的参数。
+
+* 也可以查看 [kubectl 使用约定](/docs/reference/kubectl/conventions/) 来理解如果在可以复用的脚本中使用它。
+
+* 查看更多社区的 [kubectl cheatsheets](https://github.com/dennyzhang/cheatsheet-kubernetes-A4)。
+{{% /capture %}}
diff --git a/content/zh/docs/reference/kubectl/conventions.md b/content/zh/docs/reference/kubectl/conventions.md
new file mode 100644
index 0000000000000..fdc050a1ea9a3
--- /dev/null
+++ b/content/zh/docs/reference/kubectl/conventions.md
@@ -0,0 +1,175 @@
+---
+title: kubectl 的用法约定
+reviewers:
+- bgrant0607
+- janetkuo
+content_template: templates/concept
+---
+
+<!--
+---
+title: kubectl Usage Conventions
+reviewers:
+- bgrant0607
+- janetkuo
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+<!--
+Recommended usage conventions for `kubectl`.
+-->
+`kubectl` 的推荐用法约定
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Using `kubectl` in Reusable Scripts
+-->
+## 在可重用脚本中使用 `kubectl`
+
+<!--
+For a stable output in a script:
+-->
+对于脚本中的稳定输出：
+
+<!--
+* Request one of the machine-oriented output forms, such as `-o name`, `-o json`, `-o yaml`, `-o go-template`, or `-o jsonpath`.
+* Fully-qualify the version. For example, `jobs.v1.batch/myjob`. This will ensure that kubectl does not use its default version that can change over time.
+* Specify the `--generator` flag to pin to a specific behavior when you use generator-based commands such as `kubectl run` or `kubectl expose`.
+* Don't rely on context, preferences, or other implicit states.
+-->
+
+* 请求一个面向机器的输出格式，例如 `-o name`、`-o json`、`-o yaml`、`-o go template` 或 `-o jsonpath`。
+* 完全限定版本。例如 `jobs.v1.batch/myjob`。这将确保 kubectl 不会使用其默认版本，该版本会随着时间的推移而更改。
+* 在使用基于生成器的命令（例如 `kubectl run` 或者 `kubectl expose`）时，指定 `--generator` 参数以固定到特定行为。
+* 不要依赖上下文、首选项或其他隐式状态。
+
+<!--
+## Best Practices
+-->
+## 最佳实践
+
+### `kubectl run`
+
+<!--
+For `kubectl run` to satisfy infrastructure as code:
+-->
+若希望 `kubectl run` 满足"基础设施即代码（infrastructure as code）"的要求：
+
+<!--
+* Tag the image with a version-specific tag and don't move that tag to a new version. For example, use `:v1234`, `v1.2.3`, `r03062016-1-4`, rather than `:latest` (For more information, see [Best Practices for Configuration](/docs/concepts/configuration/overview/#container-images)).
+* Capture the parameters in a checked-in script, or at least use `--record` to annotate the created objects with the command line for an image that is lightly parameterized.
+* Check in the script for an image that is heavily parameterized.
+* Switch to configuration files checked into source control for features that are needed, but not expressible via `kubectl run` flags.
+* Pin to a specific [generator](#generators) version, such as `kubectl run --generator=deployment/v1beta1`.
+-->
+
+* 使用特定版本的标签标记镜像，不要将该标签移动到新版本。例如，使用 `:v1234`、`v1.2.3`、`r03062016-1-4`，而不是 `:latest`（有关详细信息，请参阅[配置的最佳实践](/docs/concepts/configuration/overview/#container-images))。
+* 使用基于版本控制的脚本来记录所使用的参数，或者至少使用 `--record` 参数以便为所创建的对象添加注解，在使用轻度参数化的镜像时，记录下所使用的命令行。
+* 使用基于版本控制的脚本来运行包含大量参数的镜像。
+* 对于无法通过 `kubectl run` 参数来表示的功能特性，使用基于源码控制的配置文件，以记录要使用的功能特性。
+* 固定到特定的[生成器](#生成器)版本，例如 `kubectl run --generator=deployment/v1beta1`。
+
+<!--
+#### Generators
+-->
+#### 生成器
+
+<!--
+You can create the following resources using `kubectl run` with the `--generator` flag:
+-->
+您可以使用带有 `--generator` 参数的 `kubectl run` 命令创建如下资源：
+
+<!--
+| Resource                        | kubectl command                                   |
+|---------------------------------|---------------------------------------------------|
+| Pod                             | `kubectl run --generator=run-pod/v1`              |
+| Replication controller          | `kubectl run --generator=run/v1`                  |
+| Deployment                      | `kubectl run --generator=extensions/v1beta1`      |
+|  -for an endpoint (default)     | `kubectl run --generator=deployment/v1beta1`      |
+| Deployment                      | `kubectl run --generator=apps/v1beta1`            |
+|  -for an endpoint (recommended) | `kubectl run --generator=deployment/apps.v1beta1` |
+| Job                             | `kubectl run --generator=job/v1`                  |
+| CronJob                         | `kubectl run --generator=batch/v1beta1`           |
+|  -for an endpoint (default)     | `kubectl run --generator=cronjob/v1beta1`         |
+| CronJob                         | `kubectl run --generator=batch/v2alpha1`          |
+|  -for an endpoint (deprecated)  | `kubectl run --generator=cronjob/v2alpha1`        |
+-->
+
+| 资源                             | kubectl 命令                                      |
+|---------------------------------|---------------------------------------------------|
+| Pod                             | `kubectl run --generator=run-pod/v1`              |
+| Replication controller          | `kubectl run --generator=run/v1`                  |
+| Deployment                      | `kubectl run --generator=extensions/v1beta1`      |
+|  -同时获得端点（默认）     | `kubectl run --generator=deployment/v1beta1`      |
+| Deployment                      | `kubectl run --generator=apps/v1beta1`            |
+|  -端点（推荐） | `kubectl run --generator=deployment/apps.v1beta1` |
+| Job                             | `kubectl run --generator=job/v1`                  |
+| CronJob                         | `kubectl run --generator=batch/v1beta1`           |
+|  -端点（默认）    | `kubectl run --generator=cronjob/v1beta1`         |
+| CronJob                         | `kubectl run --generator=batch/v2alpha1`          |
+|  -端点（废弃）  | `kubectl run --generator=cronjob/v2alpha1`        |
+
+
+
+<!--
+If you do not specify a generator flag, other flags prompt you to use a specific generator. The following table lists the flags that force you to use specific generators, depending on the version of the cluster:
+-->
+如果不指定 generator 参数，其他参数将提示您使用特定的生成器。下表列出了强制您使用特定生成器的参数，具体取决于集群的版本：
+
+<!--
+|   Generated Resource   | Cluster v1.4 and later | Cluster v1.3          | Cluster v1.2                               | Cluster v1.1 and earlier                   |
+|:----------------------:|------------------------|-----------------------|--------------------------------------------|--------------------------------------------|
+| Pod                    | `--restart=Never`      | `--restart=Never`     | `--generator=run-pod/v1`                   | `--restart=OnFailure` OR `--restart=Never` |
+| Replication Controller | `--generator=run/v1`   | `--generator=run/v1`  | `--generator=run/v1`                       | `--restart=Always`                         |
+| Deployment             | `--restart=Always`     | `--restart=Always`    | `--restart=Always`                         | N/A                                        |
+| Job                    | `--restart=OnFailure`  | `--restart=OnFailure` | `--restart=OnFailure` OR `--restart=Never` | N/A                                        |
+| Cron Job               | `--schedule=<cron>`    | N/A                   | N/A                                        | N/A                                        |
+-->
+
+|   生成的资源            | 集群版本 v1.4 及以后版本 | 集群版本 v1.3          | 集群版本 v1.2                               | 集群版本 v1.1 及更早                   |
+|:----------------------:|------------------------|-----------------------|--------------------------------------------|--------------------------------------------|
+| Pod                    | `--restart=Never`      | `--restart=Never`     | `--generator=run-pod/v1`                   | `--restart=OnFailure` 或 `--restart=Never` |
+| Replication Controller | `--generator=run/v1`   | `--generator=run/v1`  | `--generator=run/v1`                       | `--restart=Always`                         |
+| Deployment             | `--restart=Always`     | `--restart=Always`    | `--restart=Always`                         | N/A                                        |
+| Job                    | `--restart=OnFailure`  | `--restart=OnFailure` | `--restart=OnFailure` 或 `--restart=Never` | N/A                                        |
+| Cron Job               | `--schedule=<cron>`    | N/A                   | N/A                                        | N/A                                        |
+
+{{< note >}}
+<!--
+These flags use a default generator only when you have not specified any flag.
+This means that when you combine `--generator` with other flags the generator that you specified later does not change. For example, in a cluster v1.4, if you initially specify
+`--restart=Always`, a Deployment is created; if you later specify `--restart=Always`
+and `--generator=run/v1`, a Replication Controller is created.
+This enables you to pin to a specific behavior with the generator,
+even when the default generator is changed later.
+-->
+只有在未指定任何参数时，这些参数才使用默认生成器。
+这意味着，当您将 `--generator` 与其他参数组合时，随后指定的生成器不会更改。
+例如，在集群版本 v1.4 中，如果最初指定了 `--restart=always`，则会创建 Deployment；如果后来指定了 `--restart=always` 和 `--generator=run/v1`，则会创建 Replication Controller。
+这使您能够将生成器固定到特定的行为，即使在以后更改默认生成器时也是如此。
+{{< /note >}}
+
+<!--
+The flags set the generator in the following order: first the `--schedule` flag, then the `--restart` policy flag, and finally the `--generator` flag.
+-->
+这些参数按以下顺序设置生成器：首先是 `--schedule` 参数，然后是 `--restart` 策略参数，最后是 `--generator` 参数。
+
+<!--
+To check the final resource that was created, use the `--dry-run`
+flag, which provides the object to be submitted to the cluster.
+-->
+要检查最终所创建的资源，请使用 `--dry run` 参数；该参数可以提供将要提交到集群的对象。
+
+### `kubectl apply`
+
+<!--
+* You can use `kubectl apply` to create or update resources. However, to update a resource you should have created the resource by using `kubectl apply` or `kubectl create --save-config`. For more information about using kubectl apply to update resources, see [Managing Resources](/docs/concepts/cluster-administration/manage-deployment/#kubectl-apply).
+-->
+
+* 您可以使用 `kubectl apply` 命令创建或更新资源。但是，要更新资源，您应该使用 `kubectl apply` 或者 `kubectl create --save-config` 创建该资源。有关使用 kubectl apply 更新资源的详细信息，请参阅 [管理资源](/docs/concepts/cluster-administration/manage-deployment/#kubectl-apply)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md b/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md
index e1bee1f55d354..6a9b49d71217e 100644
--- a/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md
+++ b/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md
@@ -5,11 +5,11 @@ approvers:
 title: Docker 用户使用 kubectl 命令指南
 ---
 
-在本文中，我们将向 docker-cli 用户介绍 Kubernetes 命令行如何与 api 进行交互。该命令行工具——kubectl，被设计成 docker-cli 用户所熟悉的样子，但是它们之间又存在一些必要的差异。该文档将向您展示每个 docker 子命令和 kubectl 与其等效的命令。
+在本文中，我们将向 docker-cli 用户介绍 Kubernetes 命令行如何与 api 进行交互。该命令行工具 —— kubectl，被设计成 docker-cli 用户所熟悉的样子，但是它们之间又存在一些必要的差异。该文档将向您展示每个 docker 子命令和 kubectl 与其等效的命令。
 
 {{< toc >}}
 
-#### docker run
+## docker run
 
 如何运行一个 nginx Deployment 并将其暴露出来？ 查看 [kubectl run](/docs/reference/generated/kubectl/kubectl-commands/#run) 。
 
@@ -50,7 +50,7 @@ service "nginx-http" exposed
 
 在 kubectl 命令中，我们创建了一个 [Deployment](/docs/concepts/workloads/controllers/deployment/)，这将保证有 N 个运行 nginx 的 pod（N 代表 spec 中声明的 replica 数，默认为 1）。我们还创建了一个 [service](/docs/user-guide/services)，使用  selector 匹配具有相应的 selector 的 Deployment。查看[快速开始](/docs/user-guide/quick-start)获取更多信息。
 
-默认情况下镜像会在后台运行，与`docker run -d ...` 类似，如果您想在前台运行，使用：
+默认情况下镜像会在后台运行，与 `docker run -d ...` 类似，如果您想在前台运行，使用：
 
 ```shell
 kubectl run [-i] [--tty] --attach <name> --image=<image>
@@ -61,7 +61,7 @@ kubectl run [-i] [--tty] --attach <name> --image=<image>
 因为我们使用 Deployment 启动了容器，如果您终止了连接到的进程（例如 `ctrl-c`），容器将会重启，这跟 `docker run -it` 不同。
 如果想销毁该 Deployment（和它的 pod），您需要运行 `kubectl delete deployment <name>`。
 
-#### docker ps
+## docker ps
 
 如何列出哪些正在运行？查看 [kubectl get](/docs/reference/generated/kubectl/kubectl-commands/#get)。
 
@@ -81,7 +81,7 @@ NAME              READY     STATUS    RESTARTS   AGE
 nginx-app-5jyvm   1/1       Running   0          1h
 ```
 
-#### docker attach
+## docker attach
 
 如何连接到已经运行在容器中的进程？查看 [kubectl attach](/docs/reference/generated/kubectl/kubectl-commands/#attach)。
 
@@ -105,7 +105,7 @@ $ kubectl attach -it nginx-app-5jyvm
 ...
 ```
 
-#### docker exec
+## docker exec
 
 如何在容器中执行命令？查看 [kubectl exec](/docs/reference/generated/kubectl/kubectl-commands/#exec)。
 
@@ -147,7 +147,7 @@ $ kubectl exec -ti nginx-app-5jyvm -- /bin/sh
 
 更多信息请查看[获取运行中容器的 Shell 环境](/docs/tasks/kubectl/get-shell-running-container/)。
 
-#### docker logs
+## docker logs
 
 如何查看运行中进程的 stdout/stderr？查看 [kubectl logs](/docs/reference/generated/kubectl/kubectl-commands/#logs)。
 
@@ -177,7 +177,7 @@ $ kubectl logs --previous nginx-app-zibvs
 
 查看[记录和监控集群活动](/docs/concepts/cluster-administration/logging/)获取更多信息。
 
-#### docker stop 和 docker rm
+## docker stop 和 docker rm
 
 
 如何停止和删除运行中的进程？查看 [kubectl delete](/docs/reference/generated/kubectl/kubectl-commands/#delete)。
@@ -211,11 +211,11 @@ $ kubectl get po -l run=nginx-app
 
 请注意，我们不直接删除 pod。使用 kubectl 命令，我们要删除拥有该 pod 的 Deployment。如果我们直接删除 pod，Deployment 将会重新创建该 pod。
 
-#### docker login
+## docker login
 
 在 kubectl 中没有对 `docker login` 的直接模拟。如果您有兴趣在私有镜像仓库中使用 Kubernetes，请参阅[使用私有镜像仓库](/docs/concepts/containers/images/#using-a-private-registry)。
 
-#### docker version
+## docker version
 
 如何查看客户端和服务端的版本？查看  [kubectl version](/docs/reference/generated/kubectl/kubectl-commands/#version)。
 
@@ -243,7 +243,7 @@ Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.9+a3d1dfa6f4
 Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.9+a3d1dfa6f4335", GitCommit:"9b77fed11a9843ce3780f70dd251e92901c43072", GitTreeState:"dirty", BuildDate:"2017-08-29T20:32:58Z", OpenPaasKubernetesVersion:"v1.03.02", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
 ```
 
-#### docker info
+## docker info
 
 如何获取有关环境和配置的各种信息？查看  [kubectl cluster-info](/docs/reference/generated/kubectl/kubectl-commands/#cluster-info)。
 
diff --git a/content/zh/docs/reference/kubectl/kubectl-cmds.md b/content/zh/docs/reference/kubectl/kubectl-cmds.md
new file mode 100644
index 0000000000000..b10d9ee45c715
--- /dev/null
+++ b/content/zh/docs/reference/kubectl/kubectl-cmds.md
@@ -0,0 +1,10 @@
+---
+title: kubectl 命令
+---
+
+<!-- ---
+title: kubectl Commands
+--- -->
+
+<!-- [kubectl Command Reference](/docs/reference/generated/kubectl/kubectl-commands/) -->
+[kubectl 命令参考](/docs/reference/generated/kubectl/kubectl-commands/)
diff --git a/content/zh/docs/reference/kubectl/kubectl.md b/content/zh/docs/reference/kubectl/kubectl.md
index 81f971e94e4d9..0241655fdceaf 100644
--- a/content/zh/docs/reference/kubectl/kubectl.md
+++ b/content/zh/docs/reference/kubectl/kubectl.md
@@ -12,9 +12,9 @@ kubectl 可以操控 Kubernetes 集群。
 <!--
 ### Synopsis
 
-kubectl controls the Kubernetes cluster manager. 
+kubectl controls the Kubernetes cluster manager.
 
-Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/
+Find more information at: /docs/reference/kubectl/overview/
 -->
 ### 简介
 
@@ -25,7 +25,7 @@ kubectl 可以操控 Kubernetes 集群。
 ```
 kubectl [flags]
 ```
-<!--
+
 ### Options
 
 ```
@@ -177,3 +177,85 @@ kubectl [flags]
 ######2018年6月16日，通过spf13/cobra自动生成
 
 
+<!-- * [kubectl alpha](kubectl_alpha.md)	 - Commands for features in alpha -->
+* [kubectl alpha](kubectl_alpha.md)	 - kubectl alpha 功能
+<!-- * [kubectl annotate](kubectl_annotate.md)	 - Update the annotations on a resource -->
+* [kubectl annotate](kubectl_annotate.md)	 - 更新资源所关联的注解
+<!-- * [kubectl api-resources](kubectl_api-resources.md)	 - Print the supported API resources on the server -->
+* [kubectl api-resources](kubectl_api-resources.md)	 - 打印服务器上所支持的 API 资源
+<!-- * [kubectl api-versions](kubectl_api-versions.md)	 - Print the supported API versions on the server, in the form of "group/version" -->
+* [kubectl api-versions](kubectl_api-versions.md)	 - 以“组/版本”的格式输出服务端支持的 API 版本
+<!-- * [kubectl apply](kubectl_apply.md)	 - Apply a configuration to a resource by filename or stdin -->
+* [kubectl apply](kubectl_apply.md)	 - 基于文件名或标准输入，将新的配置应用到资源上
+<!-- * [kubectl attach](kubectl_attach.md)	 - Attach to a running container -->
+* [kubectl attach](kubectl_attach.md)	 - 连接到一个正在运行的容器
+<!-- * [kubectl auth](kubectl_auth.md)	 - Inspect authorization -->
+* [kubectl auth](kubectl_auth.md)	 - 检视授权信息
+<!-- * [kubectl autoscale](kubectl_autoscale.md)	 - Auto-scale a Deployment, ReplicaSet, or ReplicationController -->
+* [kubectl autoscale](kubectl_autoscale.md)	 -  对一个资源对象（ Deployment、ReplicaSet 或 ReplicationController ）进行扩缩
+<!-- * [kubectl certificate](kubectl_certificate.md)	 - Modify certificate resources. -->
+* [kubectl certificate](kubectl_certificate.md)	 - 修改证书资源
+<!-- * [kubectl cluster-info](kubectl_cluster-info.md)	 - Display cluster info -->
+* [kubectl cluster-info](kubectl_cluster-info.md)	 - 显示集群信息
+<!-- * [kubectl completion](kubectl_completion.md)	 - Output shell completion code for the specified shell (bash or zsh) -->
+* [kubectl completion](kubectl_completion.md)	 - 根据已经给出的 Shell（bash 或 zsh），输出 Shell 补全后的代码
+<!-- * [kubectl config](kubectl_config.md)	 - Modify kubeconfig files -->
+* [kubectl config](kubectl_config.md)	 - 修改 kubeconfig 配置文件
+<!-- * [kubectl convert](kubectl_convert.md)	 - Convert config files between different API versions -->
+* [kubectl convert](kubectl_convert.md)	 - 在不同的 API 版本之间转换配置文件
+<!-- * [kubectl cordon](kubectl_cordon.md)	 - Mark node as unschedulable -->
+* [kubectl cordon](kubectl_cordon.md)	 - 标记节点为不可调度的
+<!-- * [kubectl cp](kubectl_cp.md)	 - Copy files and directories to and from containers. -->
+* [kubectl cp](kubectl_cp.md)	 - 将文件和路径拷入/拷出容器。
+<!-- * [kubectl create](kubectl_create.md)	 - Create a resource from a file or from stdin. -->
+* [kubectl create](kubectl_create.md)	 - 通过文件或标准输入来创建资源
+<!-- * [kubectl delete](kubectl_delete.md)	 - Delete resources by filenames, stdin, resources and names, or by resources and label selector -->
+* [kubectl delete](kubectl_delete.md)	 - 通过文件名、标准输入、资源和名字删除资源，或者通过资源和标签选择器来删除资源
+<!-- * [kubectl describe](kubectl_describe.md)	 - Show details of a specific resource or group of resources -->
+* [kubectl describe](kubectl_describe.md)	 - 显示某个资源或某组资源的详细信息
+<!-- * [kubectl drain](kubectl_drain.md)	 - Drain node in preparation for maintenance -->
+* [kubectl drain](kubectl_drain.md)	 - 腾空节点，准备维护
+<!-- * [kubectl edit](kubectl_edit.md)	 - Edit a resource on the server -->
+* [kubectl edit](kubectl_edit.md)	 - 修改服务器上的某资源
+<!-- * [kubectl exec](kubectl_exec.md)	 - Execute a command in a container -->
+* [kubectl exec](kubectl_exec.md)	 - 在容器中执行命令
+<!-- * [kubectl explain](kubectl_explain.md)	 - Documentation of resources -->
+* [kubectl explain](kubectl_explain.md)	 - 显示资源说明
+<!-- * [kubectl expose](kubectl_expose.md)	 - Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service -->
+* [kubectl expose](kubectl_expose.md)	 - 给定副本控制器、服务、Deployment 或 Pod，将其暴露为新的 kubernetes Service
+<!-- * [kubectl get](kubectl_get.md)	 - Display one or many resources -->
+* [kubectl get](kubectl_get.md)	 - 显示一个或者多个资源信息
+<!-- * [kubectl label](kubectl_label.md)	 - Update the labels on a resource -->
+* [kubectl label](kubectl_label.md)	 - 更新资源的标签
+<!-- * [kubectl logs](kubectl_logs.md)	 - Print the logs for a container in a pod -->
+* [kubectl logs](kubectl_logs.md)	 - 输出 pod 中某容器的日志
+<!-- * [kubectl options](kubectl_options.md)	 - Print the list of flags inherited by all commands -->
+* [kubectl options](kubectl_options.md)	 - 打印所有命令都支持的共有参数列表
+<!-- * [kubectl patch](kubectl_patch.md)	 - Update field(s) of a resource using strategic merge patch -->
+* [kubectl patch](kubectl_patch.md)	 - 基于策略性合并修补（Stategic Merge Patch）规则更新某资源中的字段
+<!-- * [kubectl plugin](kubectl_plugin.md)	 - Runs a command-line plugin -->
+* [kubectl plugin](kubectl_plugin.md)	 - 运行命令行插件
+<!-- * [kubectl port-forward](kubectl_port-forward.md)	 - Forward one or more local ports to a pod -->
+* [kubectl port-forward](kubectl_port-forward.md)	 - 将一个或者多个本地端口转发到 pod
+<!-- * [kubectl proxy](kubectl_proxy.md)	 - Run a proxy to the Kubernetes API server -->
+* [kubectl proxy](kubectl_proxy.md)	 - 运行一个 kubernetes API 服务器代理
+<!-- * [kubectl replace](kubectl_replace.md)	 - Replace a resource by filename or stdin -->
+* [kubectl replace](kubectl_replace.md)	 - 基于文件名或标准输入替换资源
+<!-- * [kubectl rollout](kubectl_rollout.md)	 - Manage the rollout of a resource -->
+* [kubectl rollout](kubectl_rollout.md)	 - 管理资源的上线
+<!-- * [kubectl run](kubectl_run.md)	 - Run a particular image on the cluster -->
+* [kubectl run](kubectl_run.md)	 - 在集群中使用指定镜像启动容器
+<!-- * [kubectl scale](kubectl_scale.md)	 - Set a new size for a Deployment, ReplicaSet, Replication Controller, or Job -->
+* [kubectl scale](kubectl_scale.md)	 - 为一个 Deployment、ReplicaSet、ReplicationController 或 Job 设置一个新的规模尺寸值
+<!-- * [kubectl set](kubectl_set.md)	 - Set specific features on objects -->
+* [kubectl set](kubectl_set.md)	 - 在资源对象设置特定的功能
+<!-- * [kubectl taint](kubectl_taint.md)	 - Update the taints on one or more nodes -->
+* [kubectl taint](kubectl_taint.md)	 - 在一个或者多个节点上更新污点配置
+<!-- * [kubectl top](kubectl_top.md)	 - Display Resource (CPU/Memory/Storage) usage. -->
+* [kubectl top](kubectl_top.md)	 - 显示资源（CPU /内存/存储）使用率
+<!-- * [kubectl uncordon](kubectl_uncordon.md)	 - Mark node as schedulable -->
+* [kubectl uncordon](kubectl_uncordon.md)	 - 标记节点为可调度的
+<!-- * [kubectl version](kubectl_version.md)	 - Print the client and server version information -->
+* [kubectl version](kubectl_version.md)	 - 打印客户端和服务器的版本信息
+<!-- * [kubectl wait](kubectl_wait.md)	 - Experimental: Wait for one condition on one or many resources -->
+* [kubectl wait](kubectl_wait.md)	 - 实验性：等待一个或多个资源达到某种状态
diff --git a/content/zh/docs/reference/kubectl/overview.md b/content/zh/docs/reference/kubectl/overview.md
new file mode 100644
index 0000000000000..e1f477db9717a
--- /dev/null
+++ b/content/zh/docs/reference/kubectl/overview.md
@@ -0,0 +1,918 @@
+---
+reviewers:
+- bgrant0607
+- hw-qiaolei
+title: kubectl 概述
+content_template: templates/concept
+weight: 20
+card:
+  name: reference
+  weight: 20
+---
+
+<!--
+---
+reviewers:
+- bgrant0607
+- hw-qiaolei
+title: Overview of kubectl
+content_template: templates/concept
+weight: 20
+card:
+  name: reference
+  weight: 20
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Kubectl is a command line interface for running commands against Kubernetes clusters. `kubectl` looks for a file named config in the $HOME/.kube directory. You can specify other [kubeconfig](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) files by setting the KUBECONFIG environment variable or by setting the [`--kubeconfig`](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) flag.
+-->
+Kubectl 是一个命令行接口，用于对 Kubernetes 集群运行命令。`kubectl` 在 $HOME/.kube 中寻找一个名为 config 的文件。您可以通过设置环境变量 KUBECONFIG 或设置 [`--kubeconfig`](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) 参数指定其它 [kubeconfig](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) 文件。
+
+<!--
+This overview covers `kubectl` syntax, describes the command operations, and provides common examples. For details about each command, including all the supported flags and subcommands, see the [kubectl](/docs/reference/generated/kubectl/kubectl-commands/) reference documentation. For installation instructions see [installing kubectl](/docs/tasks/kubectl/install/).
+-->
+本文概述了 `kubectl` 语法和命令操作描述，并提供了常见的示例。有关每个命令的详细信息，包括所有受支持的参数和子命令，请参阅 [kubectl](/docs/reference/generated/kubectl/kubectl-commands/) 参考文档。有关安装说明，请参见 [安装 kubectl](/docs/tasks/kubectl/install/) 。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Syntax
+-->
+
+## 语法
+
+<!--
+Use the following syntax to run `kubectl` commands from your terminal window:
+-->
+使用以下语法 `kubectl` 从终端窗口运行命令：
+
+```shell
+kubectl [command] [TYPE] [NAME] [flags]
+```
+
+<!--
+where `command`, `TYPE`, `NAME`, and `flags` are:
+-->
+其中 `command`、`TYPE`、`NAME` 和 `flags` 分别是：
+
+<!--
+* `command`: Specifies the operation that you want to perform on one or more resources, for example `create`, `get`, `describe`, `delete`.
+
+* `TYPE`: Specifies the [resource type](#resource-types). Resource types are case-insensitive and you can specify the singular, plural, or abbreviated forms. For example, the following commands produce the same output:
+-->
+
+* `command`：指定要对一个或多个资源执行的操作，例如 `create`、`get`、`describe`、`delete`。
+
+* `TYPE`：指定[资源类型](#resource-types)。资源类型不区分大小写，可以指定单数、复数或缩写形式。例如，以下命令输出相同的结果:
+
+      ```shell
+      kubectl get pod pod1
+      kubectl get pods pod1
+      kubectl get po pod1
+      ```
+
+<!--
+* `NAME`: Specifies the name of the resource. Names are case-sensitive. If the name is omitted, details for all resources are displayed, for example `kubectl get pods`.
+
+   When performing an operation on multiple resources, you can specify each resource by type and name or specify one or more files:
+-->
+ 
+* `NAME`：指定资源的名称。名称区分大小写。如果省略名称，则显示所有资源的详细信息 `kubectl get pods`。 
+
+  在对多个资源执行操作时，您可以按类型和名称指定每个资源，或指定一个或多个文件： 
+
+<!--
+   * To specify resources by type and name:
+   
+      * To group resources if they are all the same type:  `TYPE1 name1 name2 name<#>`.<br/>
+      Example: `kubectl get pod example-pod1 example-pod2`
+        
+      * To specify multiple resource types individually:  `TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#>`.<br/>
+      Example: `kubectl get pod/example-pod1 replicationcontroller/example-rc1`
+        
+   * To specify resources with one or more files:  `-f file1 -f file2 -f file<#>`
+   
+      * [Use YAML rather than JSON](/docs/concepts/configuration/overview/#general-config-tips) since YAML tends to be more user-friendly, especially for configuration files.<br/>
+     Example: `kubectl get pod -f ./pod.yaml`
+
+* `flags`: Specifies optional flags. For example, you can use the `-s` or `--server` flags to specify the address and port of the Kubernetes API server.<br/>
+-->
+
+   * 要按类型和名称指定资源：
+   
+      * 要对所有类型相同的资源进行分组，请执行以下操作：`TYPE1 name1 name2 name<#>`。<br/>
+      例子：`kubectl get pod example-pod1 example-pod2`
+        
+      * 分别指定多个资源类型：`TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#>`。<br/>
+      例子：`kubectl get pod/example-pod1 replicationcontroller/example-rc1`
+        
+   * 用一个或多个文件指定资源：`-f file1 -f file2 -f file<#>`
+   
+      * [使用 YAML 而不是 JSON](/docs/concepts/configuration/overview/#general-config-tips) 因为 YAML 更容易使用，特别是用于配置文件时。<br/>
+     例子：`kubectl get pod -f ./pod.yaml`
+
+* `flags`: 指定可选的参数。例如，可以使用 `-s` 或 `-server` 参数指定 Kubernetes API 服务器的地址和端口。<br/>
+
+{{< caution >}}
+
+<!--
+Flags that you specify from the command line override default values and any corresponding environment variables.
+-->
+从命令行指定的参数会覆盖默认值和任何相应的环境变量。
+{{< /caution >}}
+
+<!--
+If you need help, just run `kubectl help` from the terminal window.
+-->
+如果您需要帮助，只需从终端窗口运行 ` kubectl help ` 即可。
+
+<!--
+## Operations
+-->
+
+## 操作
+
+<!--
+The following table includes short descriptions and the general syntax for all of the `kubectl` operations:
+-->
+下表包含所有 kubectl 操作的简短描述和普通语法：
+
+<!--
+Operation       | Syntax    |       Description
+-------------------- | -------------------- | --------------------
+`annotate`    | `kubectl annotate (-f FILENAME \| TYPE NAME \| TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags]` | Add or update the annotations of one or more resources.
+`api-versions`    | `kubectl api-versions [flags]` | List the API versions that are available.
+`apply`            | `kubectl apply -f FILENAME [flags]`| Apply a configuration change to a resource from a file or stdin.
+`attach`        | `kubectl attach POD -c CONTAINER [-i] [-t] [flags]` | Attach to a running container either to view the output stream or interact with the container (stdin).
+`autoscale`    | `kubectl autoscale (-f FILENAME \| TYPE NAME \| TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU] [flags]` | Automatically scale the set of pods that are managed by a replication controller.
+`cluster-info`    | `kubectl cluster-info [flags]` | Display endpoint information about the master and services in the cluster.
+`config`        | `kubectl config SUBCOMMAND [flags]` | Modifies kubeconfig files. See the individual subcommands for details.
+`create`        | `kubectl create -f FILENAME [flags]` | Create one or more resources from a file or stdin.
+`delete`        | `kubectl delete (-f FILENAME \| TYPE [NAME \| /NAME \| -l label \| --all]) [flags]` | Delete resources either from a file, stdin, or specifying label selectors, names, resource selectors, or resources.
+`describe`    | `kubectl describe (-f FILENAME \| TYPE [NAME_PREFIX \| /NAME \| -l label]) [flags]` | Display the detailed state of one or more resources.
+`diff`        | `kubectl diff -f FILENAME [flags]`| Diff file or stdin against live configuration (**BETA**)
+`edit`        | `kubectl edit (-f FILENAME \| TYPE NAME \| TYPE/NAME) [flags]` | Edit and update the definition of one or more resources on the server by using the default editor.
+`exec`        | `kubectl exec POD [-c CONTAINER] [-i] [-t] [flags] [-- COMMAND [args...]]` | Execute a command against a container in a pod.
+`explain`    | `kubectl explain  [--recursive=false] [flags]` | Get documentation of various resources. For instance pods, nodes, services, etc.
+`expose`        | `kubectl expose (-f FILENAME \| TYPE NAME \| TYPE/NAME) [--port=port] [--protocol=TCP\|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] [flags]` | Expose a replication controller, service, or pod as a new Kubernetes service.
+`get`        | `kubectl get (-f FILENAME \| TYPE [NAME \| /NAME \| -l label]) [--watch] [--sort-by=FIELD] [[-o \| --output]=OUTPUT_FORMAT] [flags]` | List one or more resources.
+`label`        | `kubectl label (-f FILENAME \| TYPE NAME \| TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags]` | Add or update the labels of one or more resources.
+`logs`        | `kubectl logs POD [-c CONTAINER] [--follow] [flags]` | Print the logs for a container in a pod.
+`patch`        | `kubectl patch (-f FILENAME \| TYPE NAME \| TYPE/NAME) --patch PATCH [flags]` | Update one or more fields of a resource by using the strategic merge patch process.
+`port-forward`    | `kubectl port-forward POD [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N] [flags]` | Forward one or more local ports to a pod.
+`proxy`        | `kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [flags]` | Run a proxy to the Kubernetes API server.
+`replace`        | `kubectl replace -f FILENAME` | Replace a resource from a file or stdin.
+`rolling-update`    | `kubectl rolling-update OLD_CONTROLLER_NAME ([NEW_CONTROLLER_NAME] --image=NEW_CONTAINER_IMAGE \| -f NEW_CONTROLLER_SPEC) [flags]` | Perform a rolling update by gradually replacing the specified replication controller and its pods.
+`run`        | `kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [flags]` | Run a specified image on the cluster.
+`scale`        | `kubectl scale (-f FILENAME \| TYPE NAME \| TYPE/NAME) --replicas=COUNT [--resource-version=version] [--current-replicas=count] [flags]` | Update the size of the specified replication controller.
+`stop`        | `kubectl stop` | Deprecated: Instead, see `kubectl delete`.
+`version`        | `kubectl version [--client] [flags]` | Display the Kubernetes version running on the client and server.
+-->
+
+操作             | 语法      |       描述
+-------------------- | -------------------- | --------------------
+`annotate`    | `kubectl annotate (-f FILENAME \| TYPE NAME \| TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags]` | 添加或更新一个或多个资源的注解。
+`api-versions`    | `kubectl api-versions [flags]` | 列出可用的 API 版本。
+`apply`            | `kubectl apply -f FILENAME [flags]`| 从文件或 stdin 对资源应用配置更改。
+`attach`        | `kubectl attach POD -c CONTAINER [-i] [-t] [flags]` | 附加到正在运行的容器，查看输出流或与容器（stdin）交互。
+`autoscale`    | `kubectl autoscale (-f FILENAME \| TYPE NAME \| TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU] [flags]` | 自动伸缩由副本控制器管理的一组 pod。
+`cluster-info`    | `kubectl cluster-info [flags]` | 显示有关集群中主服务器和服务的端口信息。
+`config`        | `kubectl config SUBCOMMAND [flags]` | 修改 kubeconfig 文件。有关详细信息，请参阅各个子命令。
+`create`        | `kubectl create -f FILENAME [flags]` | 从文件或 stdin 创建一个或多个资源。
+`delete`        | `kubectl delete (-f FILENAME \| TYPE [NAME \| /NAME \| -l label \| --all]) [flags]` | 从文件、标准输入或指定标签选择器、名称、资源选择器或资源中删除资源。
+`describe`    | `kubectl describe (-f FILENAME \| TYPE [NAME_PREFIX \| /NAME \| -l label]) [flags]` | 显示一个或多个资源的详细状态。
+`diff`        | `kubectl diff -f FILENAME [flags]`| 将 live 配置和文件或标准输入做对比 (**BETA**)
+`edit`        | `kubectl edit (-f FILENAME \| TYPE NAME \| TYPE/NAME) [flags]` | 使用默认编辑器编辑和更新服务器上一个或多个资源的定义。
+`exec`        | `kubectl exec POD [-c CONTAINER] [-i] [-t] [flags] [-- COMMAND [args...]]` | 对 pod 中的容器执行命令。
+`explain`    | `kubectl explain  [--recursive=false] [flags]` | 获取多种资源的文档。例如 pod, node, service 等。
+`expose`        | `kubectl expose (-f FILENAME \| TYPE NAME \| TYPE/NAME) [--port=port] [--protocol=TCP\|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] [flags]` | 将副本控制器、服务或 pod 作为新的 Kubernetes 服务暴露。
+`get`        | `kubectl get (-f FILENAME \| TYPE [NAME \| /NAME \| -l label]) [--watch] [--sort-by=FIELD] [[-o \| --output]=OUTPUT_FORMAT] [flags]` | 列出一个或多个资源。
+`label`        | `kubectl label (-f FILENAME \| TYPE NAME \| TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags]` | 添加或更新一个或多个资源的标签。
+`logs`        | `kubectl logs POD [-c CONTAINER] [--follow] [flags]` | 在 pod 中打印容器的日志。
+`patch`        | `kubectl patch (-f FILENAME \| TYPE NAME \| TYPE/NAME) --patch PATCH [flags]` | 使用策略合并 patch 程序更新资源的一个或多个字段。
+`port-forward`    | `kubectl port-forward POD [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N] [flags]` | 将一个或多个本地端口转发到一个 pod。
+`proxy`        | `kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [flags]` | 运行 Kubernetes API 服务器的代理。
+`replace`        | `kubectl replace -f FILENAME` | 从文件或标准输入中替换资源。
+`rolling-update`    | `kubectl rolling-update OLD_CONTROLLER_NAME ([NEW_CONTROLLER_NAME] --image=NEW_CONTAINER_IMAGE \| -f NEW_CONTROLLER_SPEC) [flags]` | 通过逐步替换指定的副本控制器及其 pod 来执行滚动更新。
+`run`        | `kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [flags]` | 在集群上运行指定的镜像。
+`scale`        | `kubectl scale (-f FILENAME \| TYPE NAME \| TYPE/NAME) --replicas=COUNT [--resource-version=version] [--current-replicas=count] [flags]` | 更新指定副本控制器的大小。
+`stop`        | `kubectl stop` | 不推荐：相反，请参阅 kubectl delete。
+`version`        | `kubectl version [--client] [flags]` | 显示运行在客户端和服务器上的 Kubernetes 版本。
+
+
+<!--
+Remember: For more about command operations, see the [kubectl](/docs/user-guide/kubectl/) reference documentation.
+-->
+记住：有关命令操作的更多信息，请参阅 [kubectl](/docs/user-guide/kubectl/) 参考文档。
+
+<!--
+## Resource types
+-->
+
+## 资源类型
+
+<!--
+The following table includes a list of all the supported resource types and their abbreviated aliases:
+-->
+下表列出所有受支持的资源类型及其缩写别名:
+
+<!--
+(This output can be retrieved from `kubectl api-resources`, and is accurate as of Kubernetes 1.13.3.)
+-->
+(以下输出可以通过 `kubectl api-resources` 获取，内容以 Kubernetes 1.13.3 版本为准。)
+
+<!--
+| Resource Name | Short Names | API Group | Namespaced | Resource Kind |
+|---|---|---|---|---|
+| `componentstatuses` | `cs` | | false | ComponentStatus |
+| `configmaps` | `cm` | | true | ConfigMap |
+| `endpoints` | `ep` | | true | Endpoints |
+| `limitranges` | `limits` | | true | LimitRange |
+| `namespaces` | `ns` | | false | Namespace |
+| `nodes` | `no` | | false | Node |
+| `persistentvolumeclaims` | `pvc` | | true | PersistentVolumeClaim |
+| `persistentvolumes` | `pv` | | false | PersistentVolume |
+| `pods` | `po` | | true | Pod |
+| `podtemplates` | | | true | PodTemplate |
+| `replicationcontrollers` | `rc` | | true| ReplicationController |
+| `resourcequotas` | `quota` | | true | ResourceQuota |
+| `secrets` | | | true | Secret |
+| `serviceaccounts` | `sa` | | true | ServiceAccount |
+| `services` | `svc` | | true | Service |
+| `mutatingwebhookconfigurations` | | admissionregistration.k8s.io | false | MutatingWebhookConfiguration |
+| `validatingwebhookconfigurations` | | admissionregistration.k8s.io | false | ValidatingWebhookConfiguration |
+| `customresourcedefinitions` | `crd`, `crds` | apiextensions.k8s.io | false |  CustomResourceDefinition |
+| `apiservices` | | apiregistration.k8s.io | false | APIService |
+| `controllerrevisions` | | apps | true | ControllerRevision |
+| `daemonsets` | `ds` | apps | true | DaemonSet |
+| `deployments` | `deploy` | apps | true | Deployment |
+| `replicasets` | `rs` | apps | true | ReplicaSet |
+| `statefulsets` | `sts` | apps | true | StatefulSet |
+| `tokenreviews` | | authentication.k8s.io | false | TokenReview |
+| `localsubjectaccessreviews` | | authorization.k8s.io | true | LocalSubjectAccessReview |
+| `selfsubjectaccessreviews` | | authorization.k8s.io | false | SelfSubjectAccessReview |
+| `selfsubjectrulesreviews` | | authorization.k8s.io | false | SelfSubjectRulesReview |
+| `subjectaccessreviews` | | authorization.k8s.io | false | SubjectAccessReview |
+| `horizontalpodautoscalers` | `hpa` | autoscaling | true | HorizontalPodAutoscaler |
+| `cronjobs` | `cj` | batch | true | CronJob |
+| `jobs` | | batch | true | Job |
+| `certificatesigningrequests` | `csr` | certificates.k8s.io | false | CertificateSigningRequest |
+| `leases` | | coordination.k8s.io | true | Lease |
+| `events` | `ev` | events.k8s.io | true | Event |
+| `ingresses` | `ing` | extensions | true | Ingress |
+| `networkpolicies` | `netpol` | networking.k8s.io | true | NetworkPolicy |
+| `poddisruptionbudgets` | `pdb` | policy | true | PodDisruptionBudget |
+| `podsecuritypolicies` | `psp` | policy | false | PodSecurityPolicy |
+| `clusterrolebindings` | | rbac.authorization.k8s.io | false | ClusterRoleBinding |
+| `clusterroles` | | rbac.authorization.k8s.io | false | ClusterRole |
+| `rolebindings` | | rbac.authorization.k8s.io | true | RoleBinding |
+| `roles` | | rbac.authorization.k8s.io | true | Role |
+| `priorityclasses` | `pc` | scheduling.k8s.io | false | PriorityClass |
+| `storageclasses` | `sc` | storage.k8s.io |  false | StorageClass |
+| `volumeattachments` | | storage.k8s.io | false | VolumeAttachment |
+-->
+| 资源名 | 缩写名 | API 分组 | 按命名空间 | 资源类型 |
+|---|---|---|---|---|
+| `componentstatuses` | `cs` | | false | ComponentStatus |
+| `configmaps` | `cm` | | true | ConfigMap |
+| `endpoints` | `ep` | | true | Endpoints |
+| `limitranges` | `limits` | | true | LimitRange |
+| `namespaces` | `ns` | | false | Namespace |
+| `nodes` | `no` | | false | Node |
+| `persistentvolumeclaims` | `pvc` | | true | PersistentVolumeClaim |
+| `persistentvolumes` | `pv` | | false | PersistentVolume |
+| `pods` | `po` | | true | Pod |
+| `podtemplates` | | | true | PodTemplate |
+| `replicationcontrollers` | `rc` | | true| ReplicationController |
+| `resourcequotas` | `quota` | | true | ResourceQuota |
+| `secrets` | | | true | Secret |
+| `serviceaccounts` | `sa` | | true | ServiceAccount |
+| `services` | `svc` | | true | Service |
+| `mutatingwebhookconfigurations` | | admissionregistration.k8s.io | false | MutatingWebhookConfiguration |
+| `validatingwebhookconfigurations` | | admissionregistration.k8s.io | false | ValidatingWebhookConfiguration |
+| `customresourcedefinitions` | `crd`, `crds` | apiextensions.k8s.io | false |  CustomResourceDefinition |
+| `apiservices` | | apiregistration.k8s.io | false | APIService |
+| `controllerrevisions` | | apps | true | ControllerRevision |
+| `daemonsets` | `ds` | apps | true | DaemonSet |
+| `deployments` | `deploy` | apps | true | Deployment |
+| `replicasets` | `rs` | apps | true | ReplicaSet |
+| `statefulsets` | `sts` | apps | true | StatefulSet |
+| `tokenreviews` | | authentication.k8s.io | false | TokenReview |
+| `localsubjectaccessreviews` | | authorization.k8s.io | true | LocalSubjectAccessReview |
+| `selfsubjectaccessreviews` | | authorization.k8s.io | false | SelfSubjectAccessReview |
+| `selfsubjectrulesreviews` | | authorization.k8s.io | false | SelfSubjectRulesReview |
+| `subjectaccessreviews` | | authorization.k8s.io | false | SubjectAccessReview |
+| `horizontalpodautoscalers` | `hpa` | autoscaling | true | HorizontalPodAutoscaler |
+| `cronjobs` | `cj` | batch | true | CronJob |
+| `jobs` | | batch | true | Job |
+| `certificatesigningrequests` | `csr` | certificates.k8s.io | false | CertificateSigningRequest |
+| `leases` | | coordination.k8s.io | true | Lease |
+| `events` | `ev` | events.k8s.io | true | Event |
+| `ingresses` | `ing` | extensions | true | Ingress |
+| `networkpolicies` | `netpol` | networking.k8s.io | true | NetworkPolicy |
+| `poddisruptionbudgets` | `pdb` | policy | true | PodDisruptionBudget |
+| `podsecuritypolicies` | `psp` | policy | false | PodSecurityPolicy |
+| `clusterrolebindings` | | rbac.authorization.k8s.io | false | ClusterRoleBinding |
+| `clusterroles` | | rbac.authorization.k8s.io | false | ClusterRole |
+| `rolebindings` | | rbac.authorization.k8s.io | true | RoleBinding |
+| `roles` | | rbac.authorization.k8s.io | true | Role |
+| `priorityclasses` | `pc` | scheduling.k8s.io | false | PriorityClass |
+| `storageclasses` | `sc` | storage.k8s.io |  false | StorageClass |
+| `volumeattachments` | | storage.k8s.io | false | VolumeAttachment |
+
+
+<--
+## Output options
+-->
+## 输出选项
+
+<!--
+Use the following sections for information about how you can format or sort the output of certain commands. For details about which commands support the various output options, see the [kubectl](/docs/user-guide/kubectl/) reference documentation.
+-->
+有关如何格式化或排序某些命令的输出的信息，请使用以下部分。有关哪些命令支持各种输出选项的详细信息，请参阅[kubectl](/docs/user-guide/kubectl/) 参考文档。
+
+<!--
+### Formatting output
+-->
+### 格式化输出
+
+<!--
+The default output format for all `kubectl` commands is the human readable plain-text format. To output details to your terminal window in a specific format, you can add either the `-o` or `--output` flags to a supported `kubectl` command.
+-->
+所有 `kubectl` 命令的默认输出格式都是人类可读的纯文本格式。要以特定格式向终端窗口输出详细信息，可以将 `-o` 或 `--output` 参数添加到受支持的 `kubectl` 命令中。
+
+<!--
+#### Syntax
+-->
+#### 语法
+
+```shell
+kubectl [command] [TYPE] [NAME] -o=<output_format>
+```
+
+<!--
+Depending on the `kubectl` operation, the following output formats are supported:
+-->
+根据 `kubectl` 操作，支持以下输出格式：
+
+<!--
+Output format | Description
+--------------| -----------
+`-o custom-columns=<spec>` | Print a table using a comma separated list of [custom columns](#custom-columns).
+`-o custom-columns-file=<filename>` | Print a table using the [custom columns](#custom-columns) template in the `<filename>` file.
+`-o json`     | Output a JSON formatted API object.
+`-o jsonpath=<template>` | Print the fields defined in a [jsonpath](/docs/reference/kubectl/jsonpath/) expression.
+`-o jsonpath-file=<filename>` | Print the fields defined by the [jsonpath](/docs/reference/kubectl/jsonpath/) expression in the `<filename>` file.
+`-o name`     | Print only the resource name and nothing else.
+`-o wide`     | Output in the plain-text format with any additional information. For pods, the node name is included.
+`-o yaml`     | Output a YAML formatted API object.
+-->
+Output format | Description
+--------------| -----------
+`-o custom-columns=<spec>` | 使用逗号分隔的[自定义列](#custom-columns)列表打印表。
+`-o custom-columns-file=<filename>` | 使用 `<filename>` 文件中的[自定义列](#custom-columns)模板打印表。
+`-o json`     | 输出 JSON 格式的 API 对象
+`-o jsonpath=<template>` | 打印 [jsonpath](/docs/reference/kubectl/jsonpath/) 表达式定义的字段
+`-o jsonpath-file=<filename>` | 打印 `<filename>` 文件中 [jsonpath](/docs/reference/kubectl/jsonpath/) 表达式定义的字段。
+`-o name`     | 仅打印资源名称而不打印任何其他内容。
+`-o wide`     | 以纯文本格式输出，包含任何附加信息。对于 pod 包含节点名。
+`-o yaml`     | 输出 YAML 格式的 API 对象。
+
+
+<!--
+##### Example
+-->
+
+##### 示例
+
+<!--
+In this example, the following command outputs the details for a single pod as a YAML formatted object:
+-->
+在此示例中，以下命令将单个 pod 的详细信息输出为 YAML 格式的对象：
+
+```shell
+kubectl get pod web-pod-13je7 -o yaml
+```
+
+<!--
+Remember: See the [kubectl](/docs/user-guide/kubectl/) reference documentation for details about which output format is supported by each command.
+-->
+请记住：有关每个命令支持哪种输出格式的详细信息，请参阅 [kubectl](/docs/user-guide/kubectl/) 参考文档。
+
+<!--
+#### Custom columns
+-->
+#### 自定义列
+
+<!--
+To define custom columns and output only the details that you want into a table, you can use the `custom-columns` option. You can choose to define the custom columns inline or use a template file: `-o=custom-columns=<spec>` or `-o=custom-columns-file=<filename>`.
+-->
+要定义自定义列并仅将所需的详细信息输出到表中，可以使用该 custom-columns 选项。您可以选择内联定义自定义列或使用模板文件：`-o=custom-columns=<spec>` 或 `-o=custom-columns-file=<filename>`。
+
+<!--
+##### Examples
+-->
+##### 示例
+
+<!--
+Inline:
+-->
+内联：
+
+```shell
+$ kubectl get pods <pod-name> -o custom-columns=NAME:.metadata.name,RSRC:.metadata.resourceVersion
+```
+
+<!--
+Template file:
+-->
+模板文件：
+
+```shell
+kubectl get pods <pod-name> -o custom-columns-file=template.txt
+```
+
+<!--
+where the `template.txt` file contains:
+-->
+其中，`template.txt` 文件包含：
+
+```
+NAME          RSRC
+metadata.name metadata.resourceVersion
+```
+
+<!--
+The result of running either command is:
+-->
+运行任何一个命令的结果是:
+
+```shell
+NAME           RSRC
+submit-queue   610995
+```
+
+<!--
+#### Server-side columns
+-->
+#### Server-side 列
+
+<!--
+`kubectl` supports receiving specific column information from the server about objects.
+This means that for any given resource, the server will return columns and rows relevant to that resource, for the client to print.
+This allows for consistent human-readable output across clients used against the same cluster, by having the server encapsulate the details of printing.
+-->
+`kubectl` 支持从服务器接收关于对象的特定列信息。
+这意味着对于任何给定的资源，服务器将返回与该资源相关的列和行，以便客户端打印。
+通过让服务器封装打印的细节，这允许在针对同一集群使用的客户端之间提供一致的人类可读输出。
+
+<!--
+This feature is enabled by default in `kubectl` 1.11 and higher. To disable it, add the
+`--server-print=false` flag to the `kubectl get` command.
+-->
+默认情况下，此功能在 `kubectl` 1.11 及更高版本中启用。要禁用它，请将该 `--server-print=false` 参数添加到 `kubectl get` 命令中。
+
+<!--
+##### Examples
+-->
+##### 例子：
+
+<!--
+To print information about the status of a pod, use a command like the following:
+-->
+要打印有关 pod 状态的信息，请使用如下命令：
+
+```shell
+kubectl get pods <pod-name> --server-print=false
+```
+
+<!--
+Output looks like this:
+-->
+输出如下：
+
+```shell
+NAME       READY     STATUS              RESTARTS   AGE
+pod-name   1/1       Running             0          1m
+```
+
+<!--
+### Sorting list objects
+-->
+### 排序列表对象
+
+<!--
+To output objects to a sorted list in your terminal window, you can add the `--sort-by` flag to a supported `kubectl` command. Sort your objects by specifying any numeric or string field with the `--sort-by` flag. To specify a field, use a [jsonpath](/docs/reference/kubectl/jsonpath/) expression.
+-->
+要将对象排序后输出到终端窗口，可以将 `--sort-by` 参数添加到支持的 `kubectl` 命令。通过使用 `--sort-by` 参数指定任何数字或字符串字段来对对象进行排序。要指定字段，请使用 [jsonpath](/docs/reference/kubectl/jsonpath/) 表达式。
+
+<!--
+#### Syntax
+-->
+#### 语法
+
+```shell
+kubectl [command] [TYPE] [NAME] --sort-by=<jsonpath_exp>
+```
+
+<!--
+##### Example
+-->
+##### 示例
+
+<!--
+To print a list of pods sorted by name, you run:
+-->
+要打印按名称排序的 pod 列表，请运行：
+
+```shell
+$ kubectl get pods --sort-by=.metadata.name
+```
+
+<!--
+## Examples: Common operations
+-->
+## 示例：常用操作
+
+<!--
+Use the following set of examples to help you familiarize yourself with running the commonly used `kubectl` operations:
+-->
+使用以下示例集来帮助您熟悉运行常用 kubectl 操作：
+
+<!--
+`kubectl apply` - Apply or Update a resource from a file or stdin.
+-->
+`kubectl apply` - 以文件或标准输入为准应用或更新资源。
+
+<!--
+```shell
+# Create a service using the definition in example-service.yaml.
+kubectl apply -f example-service.yaml
+
+# Create a replication controller using the definition in example-controller.yaml.
+kubectl apply -f example-controller.yaml
+
+# Create the objects that are defined in any .yaml, .yml, or .json file within the <directory> directory.
+kubectl apply -f <directory>
+```
+-->
+```shell
+# 使用 example-service.yaml 中的定义创建服务。
+kubectl apply -f example-service.yaml
+
+# 使用 example-controller.yaml 中的定义创建 replication controller。
+kubectl apply -f example-controller.yaml
+
+# 使用 <directory> 路径下的任意 .yaml, .yml, 或 .json 文件 创建对象。
+kubectl apply -f <directory>
+```
+
+<!--
+`kubectl get` - List one or more resources.
+-->
+`kubectl get` - 列出一个或多个资源。
+
+<!--
+# List all pods in plain-text output format.
+# List all pods in plain-text output format and include additional information (such as node name).
+# List the replication controller with the specified name in plain-text output format. Tip: You can shorten and replace the 'replicationcontroller' resource type with the alias 'rc'.
+# List all replication controllers and services together in plain-text output format.
+# List all daemon sets, including uninitialized ones, in plain-text output format.
+# List all pods running on node server01
+-->
+
+```shell
+# 以纯文本输出格式列出所有 pod。
+kubectl get pods
+
+# 以纯文本输出格式列出所有 pod，并包含附加信息(如节点名)。
+kubectl get pods -o wide
+
+# 以纯文本输出格式列出具有指定名称的副本控制器。提示：您可以使用别名 'rc' 缩短和替换 'replicationcontroller' 资源类型。
+kubectl get replicationcontroller <rc-name>
+
+# 以纯文本输出格式列出所有副本控制器和服务。
+kubectl get rc,services
+
+# 以纯文本输出格式列出所有守护程序集，包括未初始化的守护程序集。
+kubectl get ds --include-uninitialized
+
+# 列出在节点 server01 上运行的所有 pod
+kubectl get pods --field-selector=spec.nodeName=server01
+```
+
+<!--
+`kubectl describe` - Display detailed state of one or more resources, including the uninitialized ones by default.
+-->
+`kubectl describe` - 显示一个或多个资源的详细状态，默认情况下包括未初始化的资源。
+
+<!--
+# Display the details of the node with name <node-name>.
+# Display the details of the pod with name <pod-name>.
+
+# Display the details of all the pods that are managed by the replication controller named <rc-name>.
+# Remember: Any pods that are created by the replication controller get prefixed with the name of the replication controller.
+# Describe all pods, not including uninitialized ones
+-->
+
+```shell
+# 显示名称为 <node-name> 的节点的详细信息。
+kubectl describe nodes <node-name>
+
+# 显示名为 <pod-name> 的 pod 的详细信息。
+kubectl describe pods/<pod-name>
+
+# 显示由名为 <rc-name> 的副本控制器管理的所有 pod 的详细信息。
+# 记住：副本控制器创建的任何 pod 都以复制控制器的名称为前缀。
+kubectl describe pods <rc-name>
+
+# 描述所有的 pod，不包括未初始化的 pod
+kubectl describe pods --include-uninitialized=false
+```
+
+{{< note >}}
+
+<!--
+The `kubectl get` command is usually used for retrieving one or more
+resources of the same resource type. It features a rich set of flags that allows
+you to customize the output format using the `-o` or `--output` flag, for example.
+You can specify the `-w` or `--watch` flag to start watching updates to a particular
+object. The `kubectl describe` command is more focused on describing the many
+related aspects of a specified resource. It may invoke several API calls to the
+API server to build a view for the user. For example, the `kubectl describe node`
+command retrieves not only the information about the node, but also a summary of
+the pods running on it, the events generated for the node etc.
+-->
+`kubectl get` 命令通常用于检索同一资源类型的一个或多个资源。
+它具有丰富的参数，允许您使用 `-o` 或 `--output` 参数自定义输出格式。您可以指定 `-w` 或 `--watch` 参数以开始观察特定对象的更新。
+`kubectl describe` 命令更侧重于描述指定资源的许多相关方面。它可以调用对 `API 服务器` 的多个 API 调用来为用户构建视图。
+例如，该 `kubectl describe node` 命令不仅检索有关节点的信息，还检索在其上运行的 pod 的摘要，为节点生成的事件等。
+
+{{< /note >}}
+
+<!--
+`kubectl delete` - Delete resources either from a file, stdin, or specifying label selectors, names, resource selectors, or resources.
+-->
+`kubectl delete` - 从文件、stdin 或指定标签选择器、名称、资源选择器或资源中删除资源。
+
+<!--
+# Delete a pod using the type and name specified in the pod.yaml file.
+# Delete all the pods and services that have the label name=<label-name>.
+# Delete all the pods and services that have the label name=<label-name>, including uninitialized ones.
+// Delete all pods, including uninitialized ones.
+-->
+
+```shell
+# 使用 pod.yaml 文件中指定的类型和名称删除 pod。
+kubectl delete -f pod.yaml
+
+# 删除标签名= <label-name> 的所有 pod 和服务。
+kubectl delete pods,services -l name=<label-name>
+
+# 删除所有具有标签名称= <label-name> 的 pod 和服务，包括未初始化的那些。
+kubectl delete pods,services -l name=<label-name> --include-uninitialized
+
+# 删除所有 pod，包括未初始化的 pod。
+kubectl delete pods --all
+```
+
+<!--
+`kubectl exec` - Execute a command against a container in a pod.
+-->
+`kubectl exec` - 对 pod 中的容器执行命令。
+
+<!--
+# Get output from running 'date' from pod <pod-name>. By default, output is from the first container.
+# Get output from running 'date' in container <container-name> of pod <pod-name>.
+# Get an interactive TTY and run /bin/bash from pod <pod-name>. By default, output is from the first container.
+-->
+
+```shell
+# 从 pod <pod-name> 中获取运行 'date' 的输出。默认情况下，输出来自第一个容器。
+kubectl exec <pod-name> date
+  
+# 运行输出 'date' 获取在容器的 <container-name> 中 pod <pod-name> 的输出。
+kubectl exec <pod-name> -c <container-name> date
+
+# 获取一个交互 TTY 并运行 /bin/bash <pod-name >。默认情况下，输出来自第一个容器。
+kubectl exec -ti <pod-name> /bin/bash
+```
+
+<!--
+`kubectl logs` - Print the logs for a container in a pod.
+-->
+`kubectl logs` - 打印 Pod 中容器的日志。
+
+<!--
+# Return a snapshot of the logs from pod <pod-name>.
+# Start streaming the logs from pod <pod-name>. This is similar to the 'tail -f' Linux command.
+-->
+
+```shell
+# 从 pod 返回日志快照。
+kubectl logs <pod-name>
+
+# 从 pod <pod-name> 开始流式传输日志。这类似于 'tail -f' Linux 命令。
+kubectl logs -f <pod-name>
+```
+
+<!--
+## Examples: Creating and using plugins
+-->
+
+## 示例：创建和使用插件
+
+<!--
+Use the following set of examples to help you familiarize yourself with writing and using `kubectl` plugins:
+-->
+使用以下示例来帮助您熟悉编写和使用 `kubectl` 插件：
+
+<!--
+```shell
+# create a simple plugin in any language and name the resulting executable file
+# so that it begins with the prefix "kubectl-"
+cat ./kubectl-hello
+#!/bin/bash
+
+# this plugin prints the words "hello world"
+echo "hello world"
+
+# with our plugin written, let's make it executable
+sudo chmod +x ./kubectl-hello
+
+# and move it to a location in our PATH
+sudo mv ./kubectl-hello /usr/local/bin
+
+# we have now created and "installed" a kubectl plugin.
+# we can begin using our plugin by invoking it from kubectl as if it were a regular command
+kubectl hello
+```
+-->
+```shell
+# 用任何语言创建一个简单的插件，并为生成的可执行文件命名
+# 以前缀 "kubectl-" 开始
+cat ./kubectl-hello
+#!/bin/bash
+
+# 这个插件打印单词 "hello world"
+echo "hello world"
+
+# 我们的插件写好了，让我们把它变成可执行的
+sudo chmod +x ./kubectl-hello
+
+# 并将其移动到路径中的某个位置
+sudo mv ./kubectl-hello /usr/local/bin
+
+# 我们现在已经创建并"安装"了一个 kubectl 插件。
+# 我们可以开始使用我们的插件，从 kubectl 调用它，就像它是一个常规命令一样
+kubectl hello
+```
+```
+hello world
+```
+<!--
+```
+# we can "uninstall" a plugin, by simply removing it from our PATH
+sudo rm /usr/local/bin/kubectl-hello
+```
+-->
+```
+# 我们可以"卸载"一个插件，只需从我们的路径中删除它
+sudo rm /usr/local/bin/kubectl-hello
+```
+
+<!--
+In order to view all of the plugins that are available to `kubectl`, we can use
+the `kubectl plugin list` subcommand:
+-->
+为了查看可用的所有 `kubectl` 插件，我们可以使用 `kubectl plugin list` 子命令：
+```shell
+kubectl plugin list
+```
+<!--
+```
+The following kubectl-compatible plugins are available:
+
+/usr/local/bin/kubectl-hello
+/usr/local/bin/kubectl-foo
+/usr/local/bin/kubectl-bar
+```
+-->
+```
+以下 kubectl-适配 的插件是可用的：
+
+/usr/local/bin/kubectl-hello
+/usr/local/bin/kubectl-foo
+/usr/local/bin/kubectl-bar
+```
+<!--
+```
+# this command can also warn us about plugins that are
+# not executable, or that are overshadowed by other
+# plugins, for example
+sudo chmod -x /usr/local/bin/kubectl-foo
+kubectl plugin list
+```
+-->
+```
+# 这个指令也可以警告我们哪些插件
+# 被运行，或是被其它插件覆盖了
+# 例如
+sudo chmod -x /usr/local/bin/kubectl-foo
+kubectl plugin list
+```
+<!--
+```
+The following kubectl-compatible plugins are available:
+
+/usr/local/bin/kubectl-hello
+/usr/local/bin/kubectl-foo
+  - warning: /usr/local/bin/kubectl-foo identified as a plugin, but it is not executable
+/usr/local/bin/kubectl-bar
+
+error: one plugin warning was found
+```
+-->
+```
+以下 kubectl-适配 的插件是可用的：
+
+/usr/local/bin/kubectl-hello
+/usr/local/bin/kubectl-foo
+  - 警告: /usr/local/bin/kubectl-foo 被识别为一个插件，但是它并不可以执行
+/usr/local/bin/kubectl-bar
+
+错误: 发现了一个插件警告
+```
+
+<!--
+We can think of plugins as a means to build more complex functionality on top
+of the existing kubectl commands:
+-->
+我们可以将插件视为在现有 kubectl 命令之上构建更复杂功能的一种方法：
+<!--
+```shell
+cat ./kubectl-whoami
+#!/bin/bash
+
+# this plugin makes use of the `kubectl config` command in order to output
+# information about the current user, based on the currently selected context
+kubectl config view --template='{{ range .contexts }}{{ if eq .name "'$(kubectl config current-context)'" }}Current user: {{ .context.user }}{{ end }}{{ end }}'
+```
+-->
+```shell
+cat ./kubectl-whoami
+#!/bin/bash
+
+# 这个插件借用 `kubectl config` 指令来输出
+# 当前用户的信息，基于当前指定的 context
+kubectl config view --template='{{ range .contexts }}{{ if eq .name "'$(kubectl config current-context)'" }}Current user: {{ .context.user }}{{ end }}{{ end }}'
+```
+
+<!--
+Running the above plugin gives us an output containing the user for the currently selected
+context in our KUBECONFIG file:
+-->
+运行上面的插件为我们提供了一个输出，其中包含我们 KUBECONFIG 文件中当前所选定上下文对应的用户：
+<!--
+```shell
+# make the file executable
+sudo chmod +x ./kubectl-whoami
+
+# and move it into our PATH
+sudo mv ./kubectl-whoami /usr/local/bin
+
+kubectl whoami
+Current user: plugins-user
+```
+-->
+```shell
+# 使文件成为可执行的
+sudo chmod +x ./kubectl-whoami
+
+# 然后移动到我们的路径中
+sudo mv ./kubectl-whoami /usr/local/bin
+
+kubectl whoami
+Current user: plugins-user
+```
+
+<!--
+To find out more about plugins, take a look at the [example cli plugin](https://github.com/kubernetes/sample-cli-plugin).
+-->
+要了解关于插件的更多信息，请查看[示例 cli 插件](https://github.com/kubernetes/sample-cli-plugin)。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Start using the [kubectl](/docs/reference/generated/kubectl/kubectl-commands/) commands.
+-->
+开始使用 [kubectl](/docs/reference/generated/kubectl/kubectl-commands/) 命令。
+
+{{% /capture %}}
diff --git a/content/zh/docs/reference/kubernetes-api/_index.md b/content/zh/docs/reference/kubernetes-api/_index.md
index bb959eb924f0d..19f9f15ffa4bd 100644
--- a/content/zh/docs/reference/kubernetes-api/_index.md
+++ b/content/zh/docs/reference/kubernetes-api/_index.md
@@ -1,4 +1,11 @@
 ---
-title: Kubernetes API 
+title: API 参考
 weight: 30
 ---
+
+<!--
+---
+title: API Reference
+weight: 30
+---
+-->
diff --git a/content/zh/docs/reference/kubernetes-api/labels-annotations-taints.md b/content/zh/docs/reference/kubernetes-api/labels-annotations-taints.md
index fbeffb9587834..a6fca66a18840 100644
--- a/content/zh/docs/reference/kubernetes-api/labels-annotations-taints.md
+++ b/content/zh/docs/reference/kubernetes-api/labels-annotations-taints.md
@@ -10,13 +10,12 @@ kubernetes.io 标签和注解。
 **目录：**
 <!-- BEGIN MUNGE: GENERATED_TOC -->
 
-- [知名标签、注解和 Taints](#well-known-labels-annotations-and-taints)
-  - [beta.kubernetes.io/arch](#betakubernetesioarch)
-  - [beta.kubernetes.io/os](#betakubernetesioos)
-  - [kubernetes.io/hostname](#kubernetesiohostname)
-  - [beta.kubernetes.io/instance-type](#betakubernetesioinstance-type)
-  - [failure-domain.beta.kubernetes.io/region](#failure-domainbetakubernetesioregion)
-  - [failure-domain.beta.kubernetes.io/zone](#failure-domainbetakubernetesiozone)
+- [beta.kubernetes.io/arch](#betakubernetesioarch)
+- [beta.kubernetes.io/os](#betakubernetesioos)
+- [kubernetes.io/hostname](#kubernetesiohostname)
+- [beta.kubernetes.io/instance-type](#betakubernetesioinstance-type)
+- [failure-domain.beta.kubernetes.io/region](#failure-domainbetakubernetesioregion)
+- [failure-domain.beta.kubernetes.io/zone](#failure-domainbetakubernetesiozone)
 
 <!-- END MUNGE: GENERATED_TOC -->
 
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/README.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/README.md
new file mode 100644
index 0000000000000..b718c7ef340b8
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/README.md
@@ -0,0 +1 @@
+此目录下的所有文件都是从其他仓库自动生成的。 **不要人工编辑它们。 您必须在上游仓库中编辑它们**
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm.md
new file mode 100644
index 0000000000000..c92bfb20f082b
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm.md
@@ -0,0 +1,115 @@
+
+<!-- 
+kubeadm: easily bootstrap a secure Kubernetes cluster 
+-->
+kubeadm：轻松创建一个安全的 Kubernetes 集群
+
+<!-- 
+### Synopsis 
+-->
+### 摘要
+
+
+
+<!-- 
+kubeadm: easily bootstrap a secure Kubernetes cluster. 
+-->
+kubeadm：轻松创建一个安全的 Kubernetes 集群
+
+<!-- 
+    ┌──────────────────────────────────────────────────────────┐
+    │ KUBEADM IS CURRENTLY IN BETA                             │
+    │                                                          │
+    │ But please, try it out and give us feedback at:          │
+    │ https://github.com/kubernetes/kubeadm/issues             │
+    │ and at-mention @kubernetes/sig-cluster-lifecycle-bugs    │
+    │ or @kubernetes/sig-cluster-lifecycle-feature-requests    │
+    └──────────────────────────────────────────────────────────┘ 
+-->
+    ┌──────────────────────────────────────────────────────────┐
+    │ KUBEADM 正处在 BETA 阶段                                  │
+    │                                                          │
+    │ 欢迎您踊跃试用，并通过以下网址提交反馈：                     │
+    │ https://github.com/kubernetes/kubeadm/issues             │
+    │ 同时标注 @kubernetes/sig-cluster-lifecycle-bugs           │
+    │ 和 @kubernetes/sig-cluster-lifecycle-feature-requests    │
+    └──────────────────────────────────────────────────────────┘ 
+
+
+<!-- 
+Example usage:
+
+    Create a two-machine cluster with one master (which controls the cluster),
+    and one node (where your workloads, like Pods and Deployments run). 
+-->
+用途示例:
+
+    创建一个有两台机器的集群，包含一个主节点（用来控制集群），和一个节点（运行您的工作负载，像 Pod 和 Deployment）。
+
+<!-- 
+    ┌──────────────────────────────────────────────────────────┐
+    │ On the first machine:                                    │
+    ├──────────────────────────────────────────────────────────┤
+    │ master# kubeadm init                                     │
+    └──────────────────────────────────────────────────────────┘
+
+    ┌──────────────────────────────────────────────────────────┐
+    │ On the second machine:                                   │
+    ├──────────────────────────────────────────────────────────┤
+    │ node# kubeadm join <arguments-returned-from-init>        │
+    └──────────────────────────────────────────────────────────┘ 
+-->
+    ┌──────────────────────────────────────────────────────────┐
+    │ 在第一台机器上：                                          │
+    ├──────────────────────────────────────────────────────────┤
+    │ master# kubeadm init                                     │
+    └──────────────────────────────────────────────────────────┘
+
+    ┌──────────────────────────────────────────────────────────┐
+    │ 在第二台机器上：                                          │
+    ├──────────────────────────────────────────────────────────┤
+    │ node# kubeadm join <arguments-returned-from-init>        │
+    └──────────────────────────────────────────────────────────┘ 
+
+<!-- 
+You can then repeat the second step on as many other machines as you like. 
+-->
+您可以重复第二步，向集群添加更多机器。
+
+
+<!-- 
+### Options 
+-->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for kubeadm</td>
+-->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[试验阶段] 指向 '真实' 宿主机的根目录。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha.md
new file mode 100644
index 0000000000000..fe3cd34642be1
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha.md
@@ -0,0 +1,106 @@
+
+功能尚不完整的实验性子命令
+
+<!--
+Experimental sub-commands not yet fully functional.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Experimental sub-commands not yet fully functional.
+-->
+
+
+功能尚不完整的实验性子命令。
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for alpha</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">alpha 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase.md
new file mode 100644
index 0000000000000..aea59b39f1b2d
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase.md
@@ -0,0 +1,74 @@
+
+分别调用 kubeadm function 的子集进行手动安装。
+<!--
+Invoke subsets of kubeadm functions separately for a manual install.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用子命令列表。
+
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">phase 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for phase</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon.md
new file mode 100644
index 0000000000000..b9b4a1aa04711
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon.md
@@ -0,0 +1,93 @@
+
+安装所需插件（addons）以通过合规性测试
+<!--
+Installs required addons for passing Conformance tests
+-->
+
+### 摘要
+
+此命令不能单独运行。 请参阅可用的子命令列表。
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+
+### 可选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">addon 帮助。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for addon</td>
+    </tr>
+
+  </tbody>
+</table>
+
+-->
+
+
+
+### 从父命令继承的可选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_all.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_all.md
new file mode 100644
index 0000000000000..5f942af54cc7b
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_all.md
@@ -0,0 +1,216 @@
+
+<!--
+Installs all addons to a Kubernetes cluster
+-->
+将所有插件安装到 Kubernetes 集群
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Installs the CoreDNS and the kube-proxy addons components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed. 
+-->
+通过 API 服务器安装 CoreDNS 和 ku-proxy 组件。请注意，虽然已经部署了 DNS 服务器，但在安装 CNI 之前 DNS 服务器不能被调度运行。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase addon all [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Installs the CoreDNS and the kube-proxy addons components via the API server,
+  # functionally equivalent to what installed by kubeadm init.
+-->
+
+```
+  # 通过 API 服务器安装 CoreDNS 和 kube-proxy 插件，
+  # 在功能上与 kubeadm init 安装的相同。
+  
+  kubeadm alpha phase selfhosting from-staticpods
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的 IP 地址</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+-->
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+<!--
+<td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的端口</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+-->
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组"key=value"偶对，用来描述多种功能特性的特性开关；可选项有：<br/>Auditing=true|false (ALPHA - 默认=false)<br/>CoreDNS=true|false (默认=true)<br/>DynamicKubeletConfig=true|false (BETA - 默认=false)</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">all 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for all</td>
+-->
+    <tr>
+      <td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "k8s.gcr.io"</td>
+    </tr>
+<!--
+<td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "k8s.gcr.io"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">选择容器仓库拉取控制平面镜像</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a container registry to pull control plane images from</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+<!--
+<td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择特定的 Kubernetes 版本</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane</td>
+-->
+
+    <tr>
+      <td colspan="2">--pod-network-cidr string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 Pod 网络的 IP 地址范围</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP addresses used for the Pod network</td>
+-->
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "10.96.0.0/12"</td>
+    </tr>
+<!--
+<td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">服务 VIP 的 IP 范围</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP address used for service VIPs</td>
+-->
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "cluster.local"</td>
+    </tr>
+<!--
+<td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "cluster.local"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">服务的可选域</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Alternative domain for services</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_coredns.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_coredns.md
new file mode 100644
index 0000000000000..b3cefe3299cfc
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_coredns.md
@@ -0,0 +1,208 @@
+
+将 CoreDNS addon 安装到 Kubernetes 集群
+
+### Synopsis
+
+
+通过 API 服务器安装 CoreDNS addon 组件。 请注意尽管部署了 DNS 服务器，但是在 CNI 被安装之前，它不会被调度。 
+
+Alpha 免责声明：此命令目前是 alpha 阶段。
+
+```
+kubeadm alpha phase addon coredns [flags]
+```
+
+<!--
+
+Installs the CoreDNS addon to a Kubernetes cluster
+
+### Synopsis
+
+
+Installs the CoreDNS addon components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed. 
+
+Alpha Disclaimer: this command is currently alpha.
+
+```
+kubeadm alpha phase addon coredns [flags]
+```
+-->
+
+### 可选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。 警告: 配置文件的使用是实验性的。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组键=描述各个功能开关的键值对。 可选项有：<br/>Auditing=true|false (ALPHA - 默认=false)<br/>CoreDNS=true|false (默认=true)<br/>DynamicKubeletConfig=true|false (BETA - 默认=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">获取 coredns 帮助信息。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "k8s.gcr.io"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">选择一个用于拉取控制平面镜像的容器镜像源。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择特定的 Kubernetes 版本。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">服务 VIP 的 IP 范围。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">服务替代域。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for coredns</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "k8s.gcr.io"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a container registry to pull control plane images from</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP address used for service VIPs</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Alternative domain for services</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 从父命令继承的可选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_kube-proxy.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_kube-proxy.md
new file mode 100644
index 0000000000000..16ec4db690fbc
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_addon_kube-proxy.md
@@ -0,0 +1,165 @@
+
+将 kube-proxy 组件安装到 Kubernetes 集群
+<!--
+Installs the kube-proxy addon to a Kubernetes cluster
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Installs the kube-proxy addon components via the API server. 
+-->
+通过 API 服务器安装 kube-proxy 组件。
+
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase addon kube-proxy [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的 IP 地址</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+<!--
+<td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的端口号</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径，警告：配置文件的使用是实验性的</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kube-proxy 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for kube-proxy</td>
+-->
+
+    <tr>
+      <td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："k8s.gcr.io"</td>
+    </tr>
+<!--
+<td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "k8s.gcr.io"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">选择容器仓库拉取控制平面镜像</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a container registry to pull control plane images from</td>
+-->
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+<!--
+<td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择特定的 Kubernetes 版本</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane</td>
+-->
+
+    <tr>
+      <td colspan="2">--pod-network-cidr string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 Pod 网络的 IP 地址范围</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP addresses used for the Pod network</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token.md
new file mode 100644
index 0000000000000..af57e5f0fd0b7
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token.md
@@ -0,0 +1,105 @@
+<!-- 
+Manage kubeadm-specific bootstrap token functions
+
+### Synopsis
+ -->
+
+
+管理特定于 kubeadm 的启动引导令牌（bootstrap token）功能
+
+### 概要
+
+
+<!-- This command is not meant to be run on its own. See list of available subcommands.
+
+### Options -->
+
+此命令不用于自己运行。请参阅可用的子命令列表。
+
+
+### 可选项
+
+<!-- <table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for bootstrap-token</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+ -->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+    
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">bootstrap-token 的帮助</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群对话时用到的 KubeConfig 文件。如果未设置此标志，则搜索一组标准位置以查找现有KubeConfig文件。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!-- ### Options inherited from parent commands -->
+### 继承于父命令的选择项
+
+<!-- <table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+ -->
+
+ <table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] 主机根目录文件系统“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_all.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_all.md
new file mode 100644
index 0000000000000..5dbc2b121381f
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_all.md
@@ -0,0 +1,237 @@
+
+<!-- Makes all the bootstrap token configurations and creates an initial token -->
+
+生成所有 bootstrap token 配置并生成一个初始 token
+
+<!-- ### Synopsis -->
+
+### 概要
+
+<!-- 
+Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a the master node. 
+
+This command makes all the configurations required to make bootstrap tokens works and then creates an initial token. 
+
+Alpha Disclaimer: this command is currently alpha.
+
+```
+kubeadm alpha phase bootstrap-token all
+```
+ -->
+
+Bootstrap tokens 用来建立加入集群的节点和 master 节点间的双向互信。
+
+此命令生成所有生成 bootstrap tokens 的所需配置并生成一个初始 token。
+
+Alpha 免责声明：此命令处于 alpha 阶段。
+
+```
+kubeadm alpha phase bootstrap-token all
+```
+
+<!-- 
+### Examples
+
+```
+  # Makes all the bootstrap token configurations and creates an initial token, functionally
+  # equivalent to what generated by kubeadm init.
+  kubeadm alpha phase bootstrap-token all
+```
+ -->
+### 例子
+
+```
+  # 生成所有 bootstrap token 配置并生成一个初始 token
+  # 功能上等价于 kubeadm init 生成的。
+  kubeadm alpha phase bootstrap-token all
+```
+
+
+<!-- 
+### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--description string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A human friendly description of how this token is used.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--groups stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [system:bootstrappers:kubeadm:default-node-token]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Extra groups that this token will authenticate as when used for authentication. Must match "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for all</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--skip-token-print</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Skip printing of the bootstrap token</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The token to use for establishing bidirectional trust between nodes and masters. The format is [a-z0-9]{6}\.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token-ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 24h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--usages stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [signing,authentication]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]</td>
+    </tr>
+
+  </tbody>
+</table> -->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm config 文件路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--description string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">人性化描述如何使用 token</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--groups stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [system:bootstrappers:kubeadm:default-node-token]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用这个 token 进行身份认证的额外组。必须符合 "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">帮助</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--skip-token-print</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">跳过打印 bootstrap token</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">token 用来建立节点和 master 间的双向互信。格式为 [a-z0-9]{6}\.[a-z0-9]{16} - 例如 abcdef.0123456789abcdef</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token-ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 24h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">token 在被自动删除前的持续时间（如 1s, 2m, 3h）。如果设为'0'，token 将永不失效</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--usages stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [signing,authentication]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">描述 token 可以使用的方式。您可以多次传递 --usages 或用逗号分隔开多个选择项。有效的选择项: [signing,authentication]</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!-- ### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table> -->
+
+### 继承于父命令的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群对话时用到的 KubeConfig 文件。如果未设置此标志，则搜索一组标准位置以查找现有 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] “真正的” 主机根目录文件系统路径。</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_cluster-info.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_cluster-info.md
new file mode 100644
index 0000000000000..797823132b441
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_cluster-info.md
@@ -0,0 +1,100 @@
+
+从指定的 kubeconfig 文件上传集群信息 ConfigMap
+<!--
+Uploads the cluster-info ConfigMap from the given kubeconfig file
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Uploads the "cluster-info" ConfigMap in the "kube-public" namespace, populating it with cluster information extracted from the given kubeconfig file. The ConfigMap is used for the node bootstrap process in its initial phases, before the client trusts the API server. 
+-->
+在 "kube-public" 命名空间中上传 "cluster-info" ConfigMap，使用指定的 kubeconfig 文件中提取的集群信息填充它。在客户端信任 API 服务器之前，ConfigMap 用于节点引导过程的初始阶段，即客户端能够信任 API 服务器之前。
+
+<!--
+See online documentation about Authenticating with Bootstrap Tokens for more details. 
+-->
+更多详细信息，请参阅有关使用 Bootstrap 令牌进行身份验证的联机文档
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase bootstrap-token cluster-info [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">cluster-info 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for cluster-info</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+->
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_create.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_create.md
new file mode 100644
index 0000000000000..64a687e5fbfff
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_create.md
@@ -0,0 +1,228 @@
+创建用于节点加入的引导令牌
+
+<!--
+Creates a bootstrap token to be used for node joining
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+
+<!--
+Creates a bootstrap token. If no token value is given, kubeadm will generate a random token instead. 
+
+Alternatively, you can use kubeadm token. 
+
+Alpha Disclaimer: this command is currently alpha.
+-->
+
+创建一个引导令牌。如果没有给出令牌值，kubeadm 将生成一个随机令牌。
+
+或者，您可以使用 kubeadm 令牌。
+
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase bootstrap-token create [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--description string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A human friendly description of how this token is used.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--groups stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [system:bootstrappers:kubeadm:default-node-token]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Extra groups that this token will authenticate as when used for authentication. Must match "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for create</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--skip-token-print</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Skip printing of the bootstrap token</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The token to use for establishing bidirectional trust between nodes and masters. The format is [a-z0-9]{6}\.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token-ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 24h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--usages stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [signing,authentication]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。警告：配置文件的使用是实验性的</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--description string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">针对令牌用途的人性化的描述。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--groups stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: [system:bootstrappers:kubeadm:default-node-token]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用这个令牌进行身份认证的额外组。必须符合 "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">create 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--skip-token-print</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">跳过打印引导令牌操作</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">令牌用来建立节点与主控节点键的双向信任。格式为 [a-z0-9]{6}\.[a-z0-9]{16} - 例如 abcdef.0123456789abcdef</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token-ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: 24h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">令牌在被自动删除前的持续时间（如 1s, 2m, 3h）。如果设为'0'，token 将永不失效</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--usages stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: [signing,authentication]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">描述令牌可以使用的方式。您可以多次传递 --usages 或用逗号分隔开多个选择项。有效的选择项: [signing,authentication]</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node.md
new file mode 100644
index 0000000000000..e6f98f4cc76da
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node.md
@@ -0,0 +1,117 @@
+
+配置节点引导过程
+<!--
+Configures the node bootstrap process
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+
+此命令不能单独运行。请参阅可用子命令列表。
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for node</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">node 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md
new file mode 100644
index 0000000000000..6ab1f62a0f680
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md
@@ -0,0 +1,99 @@
+
+配置 RBAC 规则允许 csrapprover 控制器自动批准来自节点引导令牌的 CSR
+<!--
+Configures RBAC rules to allow the csrapprover controller automatically approve CSRs from a node bootstrap token
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Configures RBAC rules to allow the csrapprover controller to automatically approve certificate signing requests generated by nodes joining the cluster. It configures also RBAC rules for certificates rotation (with auto approval of new certificates). 
+-->
+配置 RBAC 规则，允许 csrapprover 控制器自动批准加入集群的节点生成的证书签名请求。它还配置用于证书轮换的 RBAC 规则(自动批准新证书)。
+
+<!--
+See online documentation about TLS bootstrapping for more details. 
+-->
+有关更多详细信息，请参阅有关 TLS 引导的联机文档。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase bootstrap-token node allow-auto-approve [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">allow-auto-approve 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for allow-auto-approve</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md
new file mode 100644
index 0000000000000..bc97cbdd558e0
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md
@@ -0,0 +1,99 @@
+
+配置 RBAC 允许节点引导令牌发送 CSR 请求，以便节点获得长期证书凭据
+<!--
+Configures RBAC to allow node bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Configures RBAC rules to allow node bootstrap tokens to post a certificate signing request, thus enabling nodes joining the cluster to request long term certificate credentials. 
+-->
+配置 RBAC 规则，允许节点引导令牌发送证书签名请求，从而允许正在加入到集群中的节点请求长期证书凭据。
+
+<!--
+See online documentation about TLS bootstrapping for more details. 
+-->
+有关更多详细信息，请参阅有关 TLS 引导的联机文档。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase bootstrap-token node allow-post-csrs [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">allow-post-csrs 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for allow-post-csrs</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项 
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs.md
new file mode 100644
index 0000000000000..f5034edc2d844
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs.md
@@ -0,0 +1,75 @@
+
+<!--
+Generates certificates for a Kubernetes cluster
+-->
+为 Kubernetes 集群生成证书
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用的子命令列表。
+
+<!--
+### Options
+-->
+
+### 选项 
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for certs</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">certs 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_all.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_all.md
new file mode 100644
index 0000000000000..8956b252c1550
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_all.md
@@ -0,0 +1,208 @@
+<!-- 
+Generates all PKI assets necessary to establish the control plane
+
+### Synopsis
+ -->
+生成所有建立控制平面所需的 PKI 数据
+
+### 概要
+<!-- 
+Generates a self-signed CA to provision identities for each component in the cluster (including nodes) and client certificates to be used by various components. 
+
+If a given certificate and private key pair both exist, kubeadm skips the generation step and existing files will be used. 
+
+Alpha Disclaimer: this command is currently alpha. -->
+
+生成自签名 CA，为集群中的每个组件（包括节点）提供标识，并为各种组件提供所需的客户端证书。
+
+如果某指定的证书和私钥对都已经存在，kubeadm 跳过生成步骤而使用现有的文件。
+
+Alpha 免责声明：此命令处于 Alpha 阶段。
+
+```
+kubeadm alpha phase certs all [flags]
+```
+<!-- 
+### Examples
+
+```
+  # Creates all PKI assets necessary to establish the control plane,
+  # functionally equivalent to what generated by kubeadm init.
+  kubeadm alpha phase certs all
+  
+  # Creates all PKI assets using options read from a configuration file.
+  kubeadm alpha phase certs all --config masterconfiguration.yaml
+```
+ -->
+
+### 例子
+
+```
+  # 生成所有建立控制平面所需的 PKI 数据，
+  # 功能等同于 kubeadm init 所生成的。
+  kubeadm alpha phase certs all
+  
+  # 使用配置文件的选项创建所有 PKI 数据。
+  kubeadm alpha phase certs all --config masterconfiguration.yaml
+```
+
+<!-- ### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on, to use for the API server serving cert</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-cert-extra-sans stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for all</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Alternative domain for services, to use for the API server serving cert</td>
+    </tr>
+
+  </tbody>
+</table>
+ -->
+### 选择项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可访问的 API 服务器 IP 地址，用于 API 服务器的服务证书</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-cert-extra-sans stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">应用于 API 服务器服务证书的可选的额外的别名。可以使用 IP 地址和 dns 名</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">认证存储路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件路径（警告: 配置文件的使用处于实验阶段）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">帮助</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可替换的服务 VIP 的 IP 地址范围，其中的内部 API 服务器的 VIP 将加到 API 服务器的服务证书 </td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可替换的服务域，用于 API 服务器的服务证书</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!-- ### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table> -->
+
+### 继承于父命令的选择项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] 主机根目录文件系统“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver-etcd-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver-etcd-client.md
new file mode 100644
index 0000000000000..6557f3a100326
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver-etcd-client.md
@@ -0,0 +1,111 @@
+
+生成 apiserver 客户端用于访问etcd
+<!--
+Generates the client apiserver uses to access etcd
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the client apiserver uses to access etcd, and saves them into apiserver-etcd-client.cert and apiserver-etcd-client.key files. 
+-->
+生成 apiserver 客户端用于访问 etcd，并将其保存到 apiserver-etcd-client.cert 和 apiserver-etcd-client.key 中。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤，并使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase certs apiserver-etcd-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+<td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书保存的路径</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">apiserver-etcd-client 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver-etcd-client</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项 
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机 root 文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md
new file mode 100644
index 0000000000000..582b162856c98
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver-kubelet-client.md
@@ -0,0 +1,110 @@
+
+生成 API 服务器连接 kubelet 所使用的客户端证书
+<!--
+Generates the Client certificate for the API server to connect to kubelet
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the Client certificate for the API server to connect to kubelet, and saves them into apiserver-kubelet-client.cert and apiserver-kubelet-client.key files. 
+-->
+生成 API 服务器连接 kubelet 所使用的客户端证书，并将其保存到 apiserver-kubelet-client.cert 和 apiserver-kubelet-client.key 文件中。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤而直接使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase certs apiserver-kubelet-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">apiserver-kubelet-client 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver-kubelet-client</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] '真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver.md
new file mode 100644
index 0000000000000..56c69d23d16bf
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_apiserver.md
@@ -0,0 +1,203 @@
+
+<!--
+Generates the certificate for serving the kubernetes API
+-->
+生成用于 Kubernetes API 的证书
+
+<!--
+### Synopsis
+-->
+### 概要
+
+<!--
+Generates the certificate for serving the kubernetes API, and saves them into apiserver.cert and apiserver.key files.
+-->
+生成用于 Kubernetes API 的证书，并把证书保存到 apiserver.cert 和 apiserver.key 文件中。
+
+<!--
+Default SANs are kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, 10.96.0.1, 127.0.0.1 
+-->
+默认的 SAN 是 kubernetes、kubernetes.default、kubernetes.default.svc、kubernetes.default.svc.cluster.local、10.96.0.1、127.0.0.1。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果这两个文件已经存在，kubeadm 将跳过生成步骤直接使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前处于 alpha 阶段。
+
+```
+kubeadm alpha phase certs apiserver [flags]
+```
+
+<!--
+### Options
+-->
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on, to use for the API server serving cert</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-cert-extra-sans stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Alternative domain for services, to use for the API server serving cert</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API 服务器可访问的 IP 地址，用于提供证书的 API 服务器</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-cert-extra-sans stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为证书提供服务的 API 服务器使用的可选的额外 altname， 可以是 IP 地址和 DNS 名称。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm config 文件路径（警告： 配置文件的使用是实验性的）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">apiserver 的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">服务 VIP 的可选 IP 地址范围，从中会产生将添加到提供证书的 API 服务器的内部 API 服务器的 VIP</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">服务的备用域，用于提供证书的 API 服务器</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径</td>
+    </tr>
+
+  </tbody>
+</table>
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_ca.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_ca.md
new file mode 100644
index 0000000000000..60f661e8ec5ad
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_ca.md
@@ -0,0 +1,100 @@
+
+<!--
+Generates the self-signed kubernetes CA to provision identities for other kuberenets components
+-->
+生成自签名 kubernetes 证书供其他 kuberenets 组件创建标识用
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the self-signed kubernetes CA to provision identities for other kuberenets components, and saves them into ca.cert and ca.key files. 
+-->
+生成自签名 kubernetes 证书供其他 kuberenets 组件创建标识用，并将它们保存到 ca.cert 和 ca.key 中。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤，并将使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase certs ca [flags]
+```
+
+<!--
+### Options
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for ca</td>
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径(警告：配置文件的使用是实验性的)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">ca 的操作帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+### 从父命令继承的选项
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-ca.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-ca.md
new file mode 100644
index 0000000000000..b7c5dbd6c5bec
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-ca.md
@@ -0,0 +1,109 @@
+
+<!--
+Generates the self-signed CA to provision identities for etcd
+-->
+生成自签名证书以便为 etcd 提供标识
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the self-signed CA to provision identities for etcd, and saves them into etcd/ca.cert and etcd/ca.key files. 
+-->
+生成自签名证书以为 etcd 提供标识，并将它们保存到 etcd/ca.cert 和 etcd/ca.key 中。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤，并将使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase certs etcd-ca [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-ca</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径(警告：配置文件的使用是实验性的)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd-ca 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md
new file mode 100644
index 0000000000000..5c409d7dc69c4
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-healthcheck-client.md
@@ -0,0 +1,109 @@
+
+为活跃性探针生成客户端证书以便对 etcd 执行健康检查
+<!--
+Generates the client certificate for liveness probes to healtcheck etcd
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the client certificate for liveness probes to healtcheck etcd, and saves them into etcd/healthcheck-client.cert and etcd/healthcheck-client.key files. 
+-->
+为活跃性探针生成客户端证书以便对 etcd 执行健康检查，并将它们保存到 etcd/healthcheck-client.cert 和 etcd/healthcheck-client.key 文件中。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤并将使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase certs etcd-healthcheck-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd-healthcheck-client 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-healthcheck-client</td>
+-->
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-peer.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-peer.md
new file mode 100644
index 0000000000000..892e860c31e72
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-peer.md
@@ -0,0 +1,114 @@
+
+为 etcd 节点生成相互通信的证书
+<!--
+Generates the credentials for etcd nodes to communicate with each other
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the credentials for etcd nodes to communicate with each other, and saves them into etcd/peer.cert and etcd/peer.key files.
+-->
+为 etcd 节点生成证书以便相互通信。并将这些证书保存到 etcd/peer.cert 和 etcd/peer.key 文件中。
+
+<!--
+Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1 
+-->
+默认 SAN 是 localhost、127.0.0.1 和 ::1
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤并使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase certs etcd-peer [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书的保存路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd-peer 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-peer</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-server.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-server.md
new file mode 100644
index 0000000000000..37204a7ed0a98
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_etcd-server.md
@@ -0,0 +1,115 @@
+
+<!--
+Generates the certificate for serving etcd
+-->
+生成服务 etcd 的证书
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the certificate for serving etcd, and saves them into etcd/server.cert and etcd/server.key files.
+-->
+生成服务 etcd 的证书，并将它们保存到 etcd/server.cert 和 etcd/server.key 中。
+
+<!--
+Default SANs are localhost, 127.0.0.1, ::1 
+-->
+默认 SANs 是本机 127.0.0.1, ::1
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤，并将使用现有文件。
+
+Alpha 免责声明：此命令属于 alpha。
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+
+```
+kubeadm alpha phase certs etcd-server [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+<td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件存储路径(警告: 配置文件使用是实验性的)</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd-server 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-server</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+<!--
+[EXPERIMENTAL] The path to the 'real' host root filesystem.
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_front-proxy-ca.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_front-proxy-ca.md
new file mode 100644
index 0000000000000..c9becd7c343f6
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_front-proxy-ca.md
@@ -0,0 +1,110 @@
+
+生成自签名证书为前端代理提供标识
+<!--
+Generates the self-signed CA to provision identities for front proxy
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the self-signed CA to provision identities for front proxy, and saves them into front-proxy-ca.cert and front-proxy-ca.key files. 
+-->
+生成自签名证书为前端代理提供标识，并将其保存到 front-proxy-ca.cert 和 front-proxy-ca.key 中。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤，并将使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase certs front-proxy-ca [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径(警告：配置文件的使用是实验性的)</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">front-proxy-ca 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for front-proxy-ca</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_front-proxy-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_front-proxy-client.md
new file mode 100644
index 0000000000000..afe675dc84405
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_front-proxy-client.md
@@ -0,0 +1,110 @@
+
+为前端代理生成客户端
+<!--
+Generates the client for the front proxy
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the client for the front proxy, and saves them into front-proxy-client.cert and front-proxy-client.key files. 
+-->
+为前端代理生成客户端，并将其保存到 front-proxy-client.cert 和 front-proxy-client.key 文件中。
+
+<!--
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+-->
+如果两个文件都已存在，kubeadm 将跳过生成步骤，并将使用现有文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令当前处于 alpha 阶段。
+
+```
+kubeadm alpha phase certs front-proxy-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用处于试验阶段）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">front-proxy-client 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for front-proxy-client</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew.md
new file mode 100644
index 0000000000000..75d910420cd03
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew.md
@@ -0,0 +1,79 @@
+
+续期 Kubernetes 集群的证书
+<!--
+Renews certificates for a Kubernetes cluster
+-->
+
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用子命令列表。
+
+```
+kubeadm alpha phase certs renew [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">renew 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for renew</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+--> 
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_all.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_all.md
new file mode 100644
index 0000000000000..2a6521b4f020f
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_all.md
@@ -0,0 +1,162 @@
+续期所有可用的证书
+
+<!--
+renew all available certificates
+-->
+
+<!--
+### Synopsis
+
+
+Renews all known certificates necessary to run the control plan. Renewals are run unconditionally, regardless of expiration date. Renewals can also be run individually for more control.
+-->
+
+### 摘要
+
+
+续期运行控制平面所需的所有已知证书。续期操作是无条件执行的，与证书到期时间无关。续期也可以单独运行以获得更多的控制。
+
+
+```
+kubeadm alpha phase certs renew all [flags]
+```
+
+<!--
+### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for all</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告: 配置文件的使用是实验性的）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">all 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群交互时使用的 KubeConfig 文件。如果没有设置该参数，将会搜索一组标准位置来查找现有的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes 证书 API 续期证书</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验特性] 指向主机根文件系统的'真实'路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver-etcd-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver-etcd-client.md
new file mode 100644
index 0000000000000..06898231cdc04
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver-etcd-client.md
@@ -0,0 +1,131 @@
+
+为 API 服务器生成用来访问 etcd 的客户端证书
+<!--
+Generates the client apiserver uses to access etcd
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Renews the client apiserver uses to access etcd, and saves them into apiserver-etcd-client.cert and apiserver-etcd-client.key files. 
+-->
+更新客户端 API 服务器用于访问 etcd，并将其保存到 apiserver-etcd-client.cert 和 apiserver-etcd-client.key 中。
+ 
+
+<!--
+Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.
+-->
+额外的属性如 SANs 将基于现有的证书，不需要重新提供它们。
+
+```
+kubeadm alpha phase certs renew apiserver-etcd-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+<td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径(警告：配置文件的使用是实验性的)</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">apiserver-etcd-client 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver-etcd-client</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes 证书 API 更新证书</td>
+
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver-kubelet-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver-kubelet-client.md
new file mode 100644
index 0000000000000..9c60bec8b522b
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver-kubelet-client.md
@@ -0,0 +1,127 @@
+
+为 API 服务器生成连接 kubelet 的客户端证书
+<!--
+Generates the Client certificate for the API server to connect to kubelet
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Renews the Client certificate for the API server to connect to kubelet, and saves them into apiserver-kubelet-client.cert and apiserver-kubelet-client.key files. 
+-->
+续订 API 服务器的客户端证书以连接到 kubelet，并将其保存到 apiserver-kubelet-client.cert 和 apiserver-kubelet-client.key 文件中。
+
+<!--
+Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.
+-->
+额外的属性(如 SANs) 将基于现有的证书，不需要重新提供它们。
+
+```
+kubeadm alpha phase certs renew apiserver-kubelet-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+<tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件路径（警告: 配置文件的使用处于实验阶段）</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">apiserver-kubelet-client 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver-kubelet-client</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一组标准路径来查找现有的 KubeConfig 文件。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes 证书 API 更新证书</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver.md
new file mode 100644
index 0000000000000..5e4277f348b67
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_apiserver.md
@@ -0,0 +1,128 @@
+
+生成提供 kubernetes API 服务的证书
+<!--
+Generates the certificate for serving the kubernetes API
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Renews the certificate for serving the kubernetes API, and saves them into apiserver.cert and apiserver.key files. 
+-->
+续期用于 kubernetes API 的证书，并将其保存到 apiserver.cert 和 apiserver.key 文件中。
+
+<!--
+Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.
+-->
+额外的属性(如 SAN) 将基于现有的证书，不需要重新提供它们。
+
+```
+kubeadm alpha phase certs renew apiserver [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用处于试验阶段）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">apiserver 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+       <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes 证书 API 更新证书</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-healthcheck-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-healthcheck-client.md
new file mode 100644
index 0000000000000..5e7859d054135
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-healthcheck-client.md
@@ -0,0 +1,128 @@
+
+为用于 etcd 健康检查的存活性探针生成客户端证书
+<!--
+Generates the client certificate for liveness probes to healtcheck etcd
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Renews the client certificate for liveness probes to healtcheck etcd, and saves them into etcd/healthcheck-client.cert and etcd/healthcheck-client.key files. 
+-->
+更新用于 etcd 健康检查的存活性探针的客户端证书，并将其保存到 etcd/healthcheck-client.cert 和 etcd/healthcheck-client.key 文件中。
+
+<!--
+Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.
+-->
+额外的属性(如 SANs)将基于现有的证书完成设置，不需要重新提供。
+
+```
+kubeadm alpha phase certs renew etcd-healthcheck-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书的保存路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd-healthcheck-client 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-healthcheck-client</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes 证书 API 更新证书</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-peer.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-peer.md
new file mode 100644
index 0000000000000..47adeb1dc6fe6
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-peer.md
@@ -0,0 +1,164 @@
+生成 etcd 节点之间相互通信的凭证
+
+<!--
+Generates the credentials for etcd nodes to communicate with each other
+-->
+
+<!--
+### Synopsis
+
+
+Renews the credentials for etcd nodes to communicate with each other, and saves them into etcd/peer.cert and etcd/peer.key files. 
+
+Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.
+-->
+
+### 摘要
+
+
+更新 etcd 节点的凭证以进行相互通信，并将其保存到 etcd/peer.cert 和 etcd/peer.key 文件中。
+
+附加属性（如SAN）将基于现有凭证，不需要重新提供它们。
+
+```
+kubeadm alpha phase certs renew etcd-peer [flags]
+```
+
+<!--
+### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-peer</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存凭证的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告: 配置文件的使用是实验性的）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd-peer 的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群交互时使用的 KubeConfig 文件。如果没有设置该参数，将会搜索一组标准位置来查找现有的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes 证书 API 更新证书</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性]指向主机根文件系统的“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-server.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-server.md
new file mode 100644
index 0000000000000..86dcca670366e
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_etcd-server.md
@@ -0,0 +1,127 @@
+
+生成提供 etcd 服务所需的证书
+<!--
+Generates the certificate for serving etcd
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Renews the certificate for serving etcd, and saves them into etcd/server.cert and etcd/server.key files. 
+-->
+更新提供 etcd 服务所需的证书并将它们保存到 etcd/server.cert 和 etcd/server.key 文件中。
+
+<!--
+Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.
+-->
+额外的属性（如 SANs）将基于现有的证书完成设置，不需要重新提供。
+
+```
+kubeadm alpha phase certs renew etcd-server [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书的保存路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd-server 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-server</td
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes 证书 API 更新证书</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_front-proxy-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_front-proxy-client.md
new file mode 100644
index 0000000000000..f8d6aeafd90e0
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_renew_front-proxy-client.md
@@ -0,0 +1,129 @@
+
+<!--
+Generates the client for the front proxy
+-->
+为前端代理生成客户端
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Renews the client for the front proxy, and saves them into front-proxy-client.cert and front-proxy-client.key files. 
+-->
+更新前端代理的客户端，并将其保存到 front-proxy-client.cert 和 front-proxy-client.key 中。
+
+<!--
+Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.
+-->
+额外的属性如 SANs 将基于现有的证书，不需要重新提供它们。
+
+```
+kubeadm alpha phase certs renew front-proxy-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+<td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径(警告：配置文件的使用是实验性的)</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">front-proxy-client 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for front-proxy-client</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--use-api</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用 Kubernetes certificate API 更新证书</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Use the Kubernetes certificate API to renew certificates</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_sa.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_sa.md
new file mode 100644
index 0000000000000..9f0097829da76
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_certs_sa.md
@@ -0,0 +1,129 @@
+<!-- 
+Generates a private key for signing service account tokens along with its public key
+
+### Synopsis
+ -->
+
+生成私钥用于与公钥一起签署服务账户令牌
+
+### 概要
+
+
+<!-- Generates the private key for signing service account tokens along with its public key, and saves them into sa.key and sa.pub files. If both files already exist, kubeadm skips the generation step and existing files will be used. 
+
+Alpha Disclaimer: this command is currently alpha. -->
+
+生成私钥用于与公钥一起签署服务账户令牌，并把它们存储在 sa.key 和 sa.pub 文件中。如果这两个文件都存在，kubeadm会跳过生成步骤并使用现存的文件。
+
+Alpha 免责声明：此命令处于 alpha 阶段。
+
+
+```
+kubeadm alpha phase certs sa [flags]
+```
+
+<!-- ### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the certificates</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for sa</td>
+    </tr>
+
+  </tbody>
+</table>
+ -->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书存储路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm config 配置文件路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">sa 帮助</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!-- ### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+ -->
+
+### 继承于父命令的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] 主机根目录文件系统“真实”路径。.</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane.md
new file mode 100644
index 0000000000000..9dc3464ac62bf
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane.md
@@ -0,0 +1,97 @@
+<!--
+Generates all static Pod manifest files necessary to establish the control plane
+
+### Synopsis
+
+
+This command is not meant to be run on its own. See list of available subcommands.
+
+### Options
+-->
+
+生成建立控制面所需的所有静态 Pod 清单文件
+
+### 简介
+
+
+此命令不能单独运行。请参阅可用子命令列表。
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for controlplane</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">controlplane 的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 从父命令继承的选项
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 宿主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_all.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_all.md
new file mode 100644
index 0000000000000..05b588a13336c
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_all.md
@@ -0,0 +1,225 @@
+
+生成用于创建控制平面所需的所有静态 Pod 清单文件
+<!--
+Generates all static Pod manifest files necessary to establish the control plane
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates all static Pod manifest files necessary to establish the control plane. 
+-->
+生成用于创建控制平面所需的所有静态 Pod 清单文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase controlplane all [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Generates all static Pod manifest files for control plane components,
+  # functionally equivalent to what generated by kubeadm init.
+  
+  # Generates all static Pod manifest files using options read from a configuration file.  
+-->
+
+```
+  # 生成控制平面组件所需的所有静态 Pod 清单文件。
+  # 在功能上和 kubeadm init 生成的内容是相同的。
+  kubeadm alpha phase controlplane all
+  
+  # 使用从配置文件读取的选项，生成所有静态 Pod 清单文件
+  kubeadm alpha phase controlplane --config masterconfiguration.yaml
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的 IP 地址</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address of the API server is accessible on</td>
+-->
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+<!--
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的端口号</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--apiserver-extra-args mapStringString</td>
+    </tr>
+<!--
+      <td colspan="2">--apiserver-extra-args mapStringString</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组以 &lt;flagname&gt;=&lt;value&gt; 的格式传递给 API 服务器或覆盖默认参数的附加的参数;</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of extra flags to pass to the API Server or override default ones in form of &lt;flagname&gt;=&lt;value&gt;</td>
+-->
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">存储证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+-->
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径 警告: 配置文件的使用是实验性的</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">--controller-manager-extra-args mapStringString</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组以 &lt;flagname&gt;=&lt;value&gt; 的格式传递给控制器管理器或覆盖默认参数的附加的参数。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of extra flags to pass to the Controller Manager or override default ones in form of &lt;flagname&gt;=&lt;value&gt;</td>
+-->
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">键值对集合，用来描述多种功能特性的特性开关；可选项有：<br/>Auditing=true|false (ALPHA - 默认=false)<br/>CoreDNS=true|false (默认=true)<br/>DynamicKubeletConfig=true|false (BETA - 默认=false)</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">all 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for all</td>
+-->
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择一个特定的 Kubernetes 版本</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane</td>
+-->
+
+    <tr>
+      <td colspan="2">--pod-network-cidr string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 Pod 网络的 IP 地址范围</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP addresses used for the Pod network</td>
+-->
+
+    <tr>
+      <td colspan="2">--scheduler-extra-args mapStringString</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组以 &lt;flagname&gt;=&lt;value&gt; 的格式传递给调度器或覆盖默认参数的附加的参数;</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of extra flags to pass to the Scheduler or override default ones in form of &lt;flagname&gt;=&lt;value&gt;</td>
+-->
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "10.96.0.0/12"</td>
+    </tr>
+<!--
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">>服务 VIP 的 IP 范围</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP address used for service VIPs</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_apiserver.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_apiserver.md
new file mode 100644
index 0000000000000..160fcb366d842
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_apiserver.md
@@ -0,0 +1,176 @@
+
+生成 API 服务器的静态 Pod 清单
+<!--
+Generates the API server static Pod manifest
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the static Pod manifest file for the API server and saves it into /etc/kubernetes/manifests/kube-apiserver.yaml file. 
+-->
+为 API 服务器生成静态 Pod 清单文件，并将其保存到 /etc/kubernetes/manifests/kube-apiserver.yaml 文件中。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase controlplane apiserver [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的 IP 地址</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address of the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+<!--
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的端口号</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--apiserver-extra-args mapStringString</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组以 &lt;flagname&gt;=&lt;value&gt; 的格式传递给 API 服务器或覆盖默认参数的附加的参数;</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of extra flags to pass to the API Server or override default ones in form of &lt;flagname&gt;=&lt;value&gt;</td>
+-->
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">存储证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径 警告: 配置文件的使用是实验性的</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">键值对集合，用来描述多种功能特性的特性开关；可选项有：<br/>Auditing=true|false (ALPHA - 默认=false)<br/>CoreDNS=true|false (默认=true)<br/>DynamicKubeletConfig=true|false (BETA - 默认=false)</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">apiserver 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择一个特定的 Kubernetes 版本</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane</td>
+-->
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "10.96.0.0/12"</td>
+    </tr>
+<!--
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 Pod 网络的 IP 地址范围</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP address used for service VIPs</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_controller-manager.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_controller-manager.md
new file mode 100644
index 0000000000000..b0117df498eca
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_controller-manager.md
@@ -0,0 +1,129 @@
+
+生成控制器管理器的静态 Pod 清单
+<!--
+Generates the controller-manager static Pod manifest
+-->
+
+### 概要
+
+<!--
+### Synopsis
+-->
+
+为控制器管理器生成静态 Pod 清单文件，并将其保存为 /etc/kubernetes/manifests/kube-controller-manager.yaml 。
+<!--
+Generates the static Pod manifest file for the controller-manager and saves it into /etc/kubernetes/manifests/kube-controller-manager.yaml file. 
+-->
+
+免责声明：此命令目前属于 alpha。
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+
+### 命令行选项
+
+<!--
+### Options
+-->
+
+<!--
+<td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+
+<td colspan="2">--config String</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of extra flags to pass to the Controller Manager or override default ones in form of &lt;flagname&gt;=&lt;value&gt;</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for controller-manager</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书的保存路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。警告：配置文件的使用是实验性的</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--controller-manager-extra-args mapStringString</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组额外参数，传递给控制管理器或以 &lt;flagname&gt;=&lt;value&gt; 的格式覆写默认参数。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">控制器管理器帮助</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择一个特定的 Kubernetes 版本</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pod-network-cidr string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Pod 网络的 IP 地址范围</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The range of IP addresses used for the Pod network</td>
+-->
+
+
+### 从父命令继承的选项
+
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+    <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机 root 文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_scheduler.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_scheduler.md
new file mode 100644
index 0000000000000..ca13bc086046d
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_controlplane_scheduler.md
@@ -0,0 +1,129 @@
+
+生成调度器的静态 Pod 清单
+<!--
+Generates the scheduler static Pod manifest
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the static Pod manifest file for the scheduler and saves it into /etc/kubernetes/manifests/kube-scheduler.yaml file. 
+-->
+为调度器生成静态 Pod 清单文件，并将其保存到 /etc/kubernetes/manifests/kube-scheduler.yaml 文件中。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase controlplane scheduler [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书的存储路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径，警告：配置文件的使用是实验性的</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">scheduler 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for scheduler</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;,默认值： "stable-1"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择特定的 Kubernetes 版本</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane</td>
+-->
+
+    <tr>
+      <td colspan="2">--scheduler-extra-args mapStringString</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组以 &lt;flagname&gt;=&lt;value&gt; 的格式传递调度器或覆盖默认参数的附加的参数</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of extra flags to pass to the Scheduler or override default ones in form of &lt;flagname&gt;=&lt;value&gt;</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+#### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+    <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_etcd.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_etcd.md
new file mode 100644
index 0000000000000..55a3d3e2eccff
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_etcd.md
@@ -0,0 +1,72 @@
+
+为 etcd 生成静态 Pod 清单文件。
+<!--
+Generates static Pod manifest file for etcd.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用的子命令列表。
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">etcd 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_etcd_local.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_etcd_local.md
new file mode 100644
index 0000000000000..05426af6c1729
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_etcd_local.md
@@ -0,0 +1,157 @@
+
+<!--
+Generates the static Pod manifest file for a local, single-node etcd instance
+-->
+为本地单节点 etcd 实例生成静态 Pod 清单文件
+
+<!--
+### Synopsis
+-->
+### 概要
+
+<!--
+Generates the static Pod manifest file for a local, single-node etcd instance and saves it to /etc/kubernetes/manifests/etcd.yaml file. 
+-->
+为本地单节点 etcd 实例生成静态 Pod 清单文件，并保存到 /etc/kubernetes/manifests/etcd.yaml 文件中。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令当前处于 alpha 阶段。
+
+```
+kubeadm alpha phase etcd local [flags]
+```
+
+<!--
+### Examples
+-->
+### 示例
+
+<!--
+```
+  # Generates the static Pod manifest file for etcd, functionally
+  # equivalent to what generated by kubeadm init.
+  kubeadm alpha phase etcd local
+  
+  #  Generates the static Pod manifest file for etcd.
+  kubeadm alpha phase etcd local --config masterconfiguration.yaml
+```
+-->
+
+```
+  # 为 etcd 生成静态 Pod 清单文件，功能上相当于 kubeadm init 生成的内容。
+  kubeadm alpha phase etcd local
+  
+  # 为 etcd 生成静态 Pod 清单文件。
+  kubeadm alpha phase etcd local --config masterconfiguration.yaml
+```
+
+<!--
+### Options
+-->
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for local</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件路径。警告：配置文件的使用处于试验阶段。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">local 的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[试验] 到'真实'主机的根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig.md
new file mode 100644
index 0000000000000..d0f88a8086aa0
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig.md
@@ -0,0 +1,96 @@
+<!--
+Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
+
+### Synopsis
+
+This command is not meant to be run on its own. See list of available subcommands.
+
+### Options
+-->
+
+生成建立控制面所需的所有 kubeconfig 文件和 admin kubeconfig 文件
+
+### 简介
+
+此命令不能单独运行。请参阅可用子命令列表。
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for kubeconfig</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeconfig帮助</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+从父命令继承的选项
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] 查看宿主机文件系统根目录</td>
+    </tr>
+
+  </tbody>
+</table>
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_admin.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_admin.md
new file mode 100644
index 0000000000000..08c6eb17402b6
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_admin.md
@@ -0,0 +1,176 @@
+<!--
+Generates a kubeconfig file for the admin to use and for kubeadm itself
+-->
+生成一个 kubeconfig 文件供管理员使用，也供 kubeadm 自身使用。
+
+<!--
+### Synopsis
+-->
+### 概要
+
+<!--
+Generates the kubeconfig file for the admin and for kubeadm itself, and saves it to admin.conf file. 
+-->
+为管理员和 kubeadm 本身生成 kubeconfig 文件，并将其保存到 admin.conf 文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+
+Alpha 免责声明：此命令当前处于 alpha 阶段。
+
+```
+kubeadm alpha phase kubeconfig admin [flags]
+```
+
+<!--
+### Options
+-->
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for admin</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the kubeconfig file</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API 服务器可访问的 IP 地址</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值：6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API 服务器可访问的端口</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。警告：配置文件的使用是实验性的。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">admin 的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeconfig 文件保存的路径</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_all.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_all.md
new file mode 100644
index 0000000000000..cd8c24b8d0ae4
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_all.md
@@ -0,0 +1,215 @@
+<!--
+Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
+-->
+生成建立控制平面所需的所有 kubeconfig 文件以及 admin kubconfig 文件
+
+<!--
+### Synopsis
+-->
+### 概要
+
+<!--
+Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file. 
+-->
+生成建立控制平面所需的所有 kubeconfig 文件以及 admin kubconfig 文件。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令当前处于 alpha 阶段。
+
+```
+kubeadm alpha phase kubeconfig all [flags]
+```
+
+<!--
+### Examples
+-->
+### 示例
+
+<!--
+```
+  # Generates all kubeconfig files, functionally equivalent to what generated
+  # by kubeadm init.
+  kubeadm alpha phase kubeconfig all
+  
+  # Generates all kubeconfig files using options read from a configuration file.
+  kubeadm alpha phase kubeconfig all --config masterconfiguration.yaml
+```
+-->
+
+```
+  # 生成所有 kubeconfig 文件，功能上相当于 kubeadm init 生成的内容。
+  kubeadm alpha phase kubeconfig all
+  
+  # 使用从配置文件中读取的选项来生成所有 kubeconfig 文件。
+  kubeadm alpha phase kubeconfig all --config masterconfiguration.yaml
+```
+
+<!--
+### Options
+-->
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for all</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the kubeconfig file</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The node name that should be used for the kubelet client certificate</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API 服务器可访问的 IP 地址。 </td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值：6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API 服务器可访问的端口。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存证书的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件路径。警告：配置文件的使用处于试验阶段。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">all 的帮助信息。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存 kubeconfig 文件的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 kubelet 客户端证书的节点名称。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[试验] 到'真实'主机的根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_controller-manager.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_controller-manager.md
new file mode 100644
index 0000000000000..9859109c4129a
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_controller-manager.md
@@ -0,0 +1,142 @@
+
+生成一个 kubeconfig 文件供控制器管理器使用
+<!--
+Generates a kubeconfig file for the controller manager to use
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the kubeconfig file for the controller manager to use and saves it to /etc/kubernetes/controller-manager.conf file. 
+-->
+生成一个 kubeconfig 文件供控制器管理器使用，并将其保存到 /etc/kubernetes/controller-manager.conf 文件中。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase kubeconfig controller-manager [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的 IP 地址/td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+<!--
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可用来访问 API 服务器的端口号</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">存储证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告: 配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">controller-manager 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for controller-manager</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存 kubeconfig 文件的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the kubeconfig file</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_kubelet.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_kubelet.md
new file mode 100644
index 0000000000000..0c242c5b3937c
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_kubelet.md
@@ -0,0 +1,155 @@
+生成 kubeconfig 文件供 kubelet 使用。请注意，这应该*只*用于引导目的
+<!--
+Generates a kubeconfig file for the kubelet to use. Please note that this should be used *only* for bootstrapping purposes
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the kubeconfig file for the kubelet to use and saves it to /etc/kubernetes/kubelet.conf file. 
+-->
+生成要使用的 kubelet 的 kubeconfig 文件，并将其保存到 /etc/kubernetes/kubelet.conf 文件中。
+
+<!--
+Please note that this should only be used for bootstrapping purposes. After your control plane is up, you should request all kubelet credentials from the CSR API. 
+-->
+请注意，这只能用于引导。在控制平面启动之后，应该从 CSR API 请求所有 kubelet 证书。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase kubeconfig kubelet [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可访问的API 服务器的 IP 地址</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+<!--
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用来访问 API 服务器的端口</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+-->
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">存储证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。警告：配置文件的使用是实验性的</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubelet 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for kubelet</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存 kubeconfig 文件的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the kubeconfig file</td>
+-->
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 kubelet 客户端证书的节点名</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The node name that should be used for the kubelet client certificate</td>      
+-->
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_scheduler.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_scheduler.md
new file mode 100644
index 0000000000000..969bd72fe6b96
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_scheduler.md
@@ -0,0 +1,169 @@
+
+<!-- Generates a kubeconfig file for the scheduler to use
+
+### Synopsis -->
+
+生成 kubeconfig 文件给调度器使用
+
+### 概要
+<!-- 
+Generates the kubeconfig file for the scheduler to use and saves it to /etc/kubernetes/scheduler.conf file. 
+
+Alpha Disclaimer: this command is currently alpha. -->
+
+生成 kubeconfig 文件给调度器使用且把它保存至/etc/kubernetes/scheduler.conf。
+
+Alpha 免责声明：此命令处于 Alpha 阶段。
+
+
+```
+kubeadm alpha phase kubeconfig scheduler [flags]
+```
+<!-- 
+### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for scheduler</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the kubeconfig file</td>
+    </tr>
+
+  </tbody>
+</table>
+ -->
+### 选择项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可访问的 API 服务器 IP 地址</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可访问的 API 服务器的端口</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书存储路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件存储路径（警告: 配置文件使用是实验性的）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">scheduler 帮助</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeconfig 文件存储路径</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!-- ### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+ -->
+
+### 继承于父命令的选择项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] 主机根目录文件系统“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_user.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_user.md
new file mode 100644
index 0000000000000..c4cee9dceb87d
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubeconfig_user.md
@@ -0,0 +1,228 @@
+
+为其他用户输出 kubeconfig 文件
+<!--
+Outputs a kubeconfig file for an additional user
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Outputs a kubeconfig file for an additional user. 
+
+Alpha Disclaimer: this command is currently alpha.
+-->
+
+为其他用户输出 kubeconfig 文件。
+Alpha 免责声明：此命令目前是 alpha。
+
+```
+kubeadm alpha phase kubeconfig user [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 样例
+
+<!--
+```
+  # Outputs a kubeconfig file for an additional user named foo
+  kubeadm alpha phase kubeconfig user --client-name=foo
+```
+-->
+
+```
+  # 为名为 foo 的其他用户输出 kubeconfig 文件
+  kubeadm alpha phase kubeconfig user --client-name=foo
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The port the API server is accessible on</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--client-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The name of user. It will be used as the CN if client certificates are created</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for user</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the kubeconfig file</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--org stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The orgnizations of the client certificate. It will be used as the O if client certificates are created</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用来访问 API 服务器的 IP 地址</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用来访问 API 服务器的端口</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">证书存储路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--client-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用户名。如果创建了客户端证书，它将用作 CN</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">user 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeconfig 文件存储路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--org stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">客户端证书的组织。如果创建了客户端证书，它将用作 O。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">需要用来完成 kubeconfig 身份认证操作的令牌，设定此值时 kubeadm 不再使用客户端证书</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet.md
new file mode 100644
index 0000000000000..f8a10d0be1777
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet.md
@@ -0,0 +1,75 @@
+
+<!--
+Commands related to handling the kubelet.
+-->
+处理 kubelet 相关的命令。
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用的子命令列表。
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for kubelet</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubelet 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config.md
new file mode 100644
index 0000000000000..874bff047e360
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config.md
@@ -0,0 +1,72 @@
+
+处理 kubelet 参数
+<!--
+Handles kubelet configuration.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用的子命令列表。
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">config 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for config</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_annotate-cri.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_annotate-cri.md
new file mode 100644
index 0000000000000..a0c25142bb46a
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_annotate-cri.md
@@ -0,0 +1,114 @@
+
+使用指定的 crisocket 对节点进行注释
+<!--
+annotates the node with the given crisocket
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Adds an annotation to the current node with the CRI socket specified in the kubeadm InitConfiguration object. 
+-->
+使用 kubeadm InitConfiguration 对象中指定的 CRI 套接字向当前节点添加注释。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase kubelet config annotate-cri [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+```
+  kubeadm alpha phase kubelet config annotate-cri --config kubeadm.yaml
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。警告：配置文件的使用是实验性的</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">annotate-cri 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for annotate-cri</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_download.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_download.md
new file mode 100644
index 0000000000000..d11a7a3b5a971
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_download.md
@@ -0,0 +1,123 @@
+
+从集群 ConfigMap kubelet-config-1.X 下载 kubelet 配置，其中 X 是 kubelet 的次要版本。
+<!--
+Downloads the kubelet configuration from the cluster ConfigMap kubelet-config-1.X, where X is the minor version of the kubelet.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Downloads the kubelet configuration from a ConfigMap of the form "kubelet-config-1.X" in the cluster, where X is the minor version of the kubelet. Either kubeadm autodetects the kubelet version by exec-ing "kubelet --version" or respects the --kubelet-version parameter. 
+-->
+从集群中名为 "kubelet-config-1.X" 的 ConfigMap 中下载 kubelet 配置信息，其中 X 是kubelet 的次要版本。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase kubelet config download [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Downloads the kubelet configuration from the ConfigMap in the cluster. Autodetects the kubelet version.
+  # Downloads the kubelet configuration from the ConfigMap in the cluster. Uses a specific desired kubelet version.
+-->
+
+```
+  # 从集群中的 ConfigMap 下载 kubelet 配置。自动检测 kubelet 版本。
+  kubeadm alpha phase kubelet config download
+  
+  # 从集群中的 ConfigMap 下载 kubelet 配置。使用特定的 kubelet 版本。
+  kubeadm alpha phase kubelet config download --kubelet-version v1.12.0
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">download 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for download</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/kubelet.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/kubelet.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubelet-version string</td>
+    </tr>
+    <tr>
+            <td></td><td style="line-height: 130%; word-wrap: break-word;">kubelet 的理想版本，默认通过 'kubelet --version' 自动检测。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The desired version for the kubelet. Defaults to being autodetected from 'kubelet --version'.</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_enable-dynamic.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_enable-dynamic.md
new file mode 100644
index 0000000000000..f322fffd766f2
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_enable-dynamic.md
@@ -0,0 +1,142 @@
+
+实验：启用或更新节点的动态 kubelet 配置
+<!--
+EXPERIMENTAL: Enables or updates dynamic kubelet configuration for a Node
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Enables or updates dynamic kubelet configuration for a Node, against the kubelet-config-1.X ConfigMap in the cluster, where X is the minor version of the desired kubelet version. 
+-->
+针对集群中的 kubelet-config-1.X ConfigMap 启用或更新节点的动态 kubelet 配置，其中 X 是 kubelet 的次要版本。
+
+<!--
+WARNING: This feature is still experimental, and disabled by default. Enable only if you know what you are doing, as it may have surprising side-effects at this stage. 
+-->
+警告：此功能仍处于试验阶段，默认情况下禁用。只有当您知道自己在做什么时才启用它，在这个阶段它可能有意想不到的效果。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase kubelet config enable-dynamic [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Enables dynamic kubelet configuration for a Node.
+  kubeadm alpha phase kubelet enable-dynamic-config --node-name node-1 --kubelet-version v1.12.0
+  
+  WARNING: This feature is still experimental, and disabled by default. Enable only if you know what you are doing, as it
+  may have surprising side-effects at this stage.
+-->
+
+```
+  # 为节点启用动态 kubelet 配置。
+  kubeadm alpha phase kubelet enable-dynamic-config --node-name node-1 --kubelet-version v1.12.0
+  
+  警告：此功能仍处于试验阶段，默认情况下禁用。只有当你清楚你在做什么时，才启用它。
+  may have surprising side-effects at this stage.
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">enable-dynamic 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for enable-dynamic</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群交互时使用的 KubeConfig 文件。如果未设置，将搜索一组标准路径来查找现有的 KubeConfig 文件。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubelet-version string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubelet 的期望版本</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The desired version for the kubelet</td>
+-->
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">启用动态 kubelet 配置的节点的名称</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Name of the node that should enable the dynamic kubelet configuration</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_upload.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_upload.md
new file mode 100644
index 0000000000000..41ef4128261f9
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_upload.md
@@ -0,0 +1,157 @@
+
+基于 kubeadm InitConfiguration 文件将 kubelet 配置上载到 ConfigMap。
+
+<!--
+Uploads kubelet configuration to a ConfigMap based on a kubeadm InitConfiguration file.
+-->
+<!--
+### Synopsis
+-->
+### 概要
+
+<!--
+Uploads kubelet configuration extracted from the kubeadm InitConfiguration object to a ConfigMap of the form kubelet-config-1.X in the cluster, where X is the minor version of the current (API Server) Kubernetes version. 
+-->
+
+将从 kubeadm InitConfiguration 对象提取的 kubelet 配置上载到集群中 kubelet-config-1.X 形式的 ConfigMap，其中 X 是当前（API 服务器）Kubernetes 版本的次要版本。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+
+Alpha 免责声明：此命令当前处于 alpha 阶段。
+
+```
+kubeadm alpha phase kubelet config upload [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 示例
+
+<!--
+```
+  # Uploads the kubelet configuration from the kubeadm Config file to a ConfigMap in the cluster.
+  kubeadm alpha phase kubelet config upload --config kubeadm.yaml
+```
+-->
+
+```
+  # 将 kubelet 配置从 kubeadm 配置文件上载到集群中的 ConfigMap。
+  kubeadm alpha phase kubelet config upload --config kubeadm.yaml
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for upload</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用处于试验阶段）</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">upload 的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群交互时使用的 KubeConfig 文件。如果未设置，将搜索一组标准路径来查找现有的 KubeConfig 文件。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_write-to-disk.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_write-to-disk.md
new file mode 100644
index 0000000000000..7ae2e276fdce1
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_config_write-to-disk.md
@@ -0,0 +1,106 @@
+
+基于 --config 参数将 kubelet 配置写到磁盘。
+<!--
+Writes kubelet configuration to disk, either based on the --config argument.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Writes kubelet configuration to disk, based on the kubeadm configuration passed via "--config". 
+-->
+基于 "--config" 传递的 kubeadm 配置，将 kubelet 配置写入磁盘。。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase kubelet config write-to-disk [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Extracts the kubelet configuration from a kubeadm configuration file
+-->
+
+```
+  # 从 kubeadm 配置文件中提取 kubelet 配置
+  kubeadm alpha phase kubelet config write-to-disk --config kubeadm.yaml
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">write-to-disk 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for write-to-disk</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_write-env-file.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_write-env-file.md
new file mode 100644
index 0000000000000..ad696ad58ebef
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_kubelet_write-env-file.md
@@ -0,0 +1,111 @@
+
+为 kubelet 写入带有运行时参数的环境文件。
+<!--
+Writes an environment file with runtime flags for the kubelet.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Writes an environment file with flags that should be passed to the kubelet executing on the master or node. This --config flag can either consume a InitConfiguration object or a JoinConfiguration one, as this function is used for both "kubeadm init" and "kubeadm join". 
+-->
+生成一个环境文件，其中包含需要传递给在主节点或节点上执行的 kubelet 的参数。--config 参数的取值可以是一个 InitConfiguration 对象或一个 JoinConfiguration 对象，因为这个功能既用于 "kubeadm init" 也用于 "kubeadm join"。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase kubelet write-env-file [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Writes a dynamic environment file with kubelet flags from a InitConfiguration file.
+  # Writes a dynamic environment file with kubelet flags from a JoinConfiguration file.
+-->
+
+```
+  # 从 InitConfiguration 文件中写入带有 kubelet 参数的动态环境文件。
+  kubeadm alpha phase kubelet write-env-file --config masterconfig.yaml
+  
+  # 从 JoinConfiguration 文件中写入带有 kubelet 参数的动态环境文件。
+  kubeadm alpha phase kubelet write-env-file --config nodeconfig.yaml
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告: 配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">write-env-file 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for write-env-file</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_mark-master.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_mark-master.md
new file mode 100644
index 0000000000000..e8bc172247007
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_mark-master.md
@@ -0,0 +1,133 @@
+
+<!--
+Mark a node as master
+-->
+将节点标记为主节点
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Applies a label that specifies that a node is a master and a taint that forces workloads to be deployed accordingly. 
+-->
+为某节点添加标签表明该节点是主节点，并为之添加污点以迫使工作负载在部署时考虑该污点的存在。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha。
+
+```
+kubeadm alpha phase mark-master [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+# Applies master label and taint to the current node, functionally equivalent to what executed by kubeadm init.
+
+# Applies master label and taint to a specific node
+-->
+
+```
+  # 将主节点标签和污点应用到当前节点上，在功能上等同于 kubeadm init 执行的操作。
+  kubeadm alpha phase mark-master
+  
+  # 将主节点标签和污点应用到当前节点上
+  kubeadm alpha phase mark-master --node-name myNode
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for mark-master</td>
+
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The node name to which label and taints should apply</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指向 kubeadm 配置文件的路径。警告：配置文件的使用是实验性的。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">mark-master 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">应该使用标签和污点的节点名</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight.md
new file mode 100644
index 0000000000000..57b152fac94dc
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight.md
@@ -0,0 +1,94 @@
+
+<!--
+Run pre-flight checks
+-->
+运行 pre-flight 检查
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用子命令列表。
+
+<!--
+### Options
+-->
+
+#### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径(警告：配置文件的使用是实验性的)</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">preflight 的帮助信息</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for preflight</td>
+-->
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">将检查的错误显示为警告，例如：'IsPrivilegedUser,Swap'. 值 'all' 忽略所有的检查错误。</td>
+    </tr>
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight_master.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight_master.md
new file mode 100644
index 0000000000000..5d2268a20bbac
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight_master.md
@@ -0,0 +1,163 @@
+<!--
+Run master pre-flight checks
+
+### Synopsis
+
+
+Run master pre-flight checks, functionally equivalent to what implemented by kubeadm init. 
+
+Alpha Disclaimer: this command is currently alpha.
+
+```
+kubeadm alpha phase preflight master [flags]
+```
+
+### Examples
+
+```
+  # Run master pre-flight checks.
+  kubeadm alpha phase preflight master
+```
+
+### Options
+-->
+
+执行主节点运行前检查
+
+### 简介
+
+
+运行前检查，功能上与 kubeadm init 实现的功能相同。
+
+Alpha 免责声明：此命令目前是试运行版本。
+
+```
+kubeadm alpha phase preflight master [flags]
+```
+
+### 例子
+
+```
+  ＃执行主节点运行前检查
+ kubeadm alpha phase preflight master
+```
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for master</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">master 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for master</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+### 从父命令继承的选项
+
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径(警告：配置文件的使用是实验性的)</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一系列检查，其错误将显示为警告。示例：'IsPrivilegedUser,Swap'。值'all'忽略所有检查的错误。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight_node.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight_node.md
new file mode 100644
index 0000000000000..63e02ab772cb2
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_preflight_node.md
@@ -0,0 +1,117 @@
+
+运行节点加入前的检查
+<!--
+Run node pre-flight checks
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Run node pre-flight checks, functionally equivalent to what implemented by kubeadm join. 
+-->
+运行节点加入前的检查，功能上与 kubeadm join 的实现相同。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase preflight node [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Run node pre-flight checks.
+-->
+
+```
+  # 运行节点加入前的检查
+  kubeadm alpha phase preflight node
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">node 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for node</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">检查项列表，这些检查项的错误将以警告的形式显示。例如：'IsPrivilegedUser,Swap'。 值设置为 'all' 将会忽略来自所有检查项的错误。</td>
+    </tr>
+<!--
+     <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</td>
+-->
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_selfhosting.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_selfhosting.md
new file mode 100644
index 0000000000000..774a234d688b3
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_selfhosting.md
@@ -0,0 +1,73 @@
+
+创建一个 kubeadm 自托管集群
+<!--
+Makes a kubeadm cluster self-hosted
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command is not meant to be run on its own. See list of available subcommands.
+-->
+此命令不能单独运行。请参阅可用的子命令列表。
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">selfhosting 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for selfhosting</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_selfhosting_convert-from-staticpods.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_selfhosting_convert-from-staticpods.md
new file mode 100644
index 0000000000000..73442d4dcaf8d
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_selfhosting_convert-from-staticpods.md
@@ -0,0 +1,155 @@
+
+将托管静态 Pod 的控制平面转换为自托管控制平面
+<!--
+Converts a static Pod-hosted control plane into a self-hosted one
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Converts static Pod files for control plane components into self-hosted DaemonSets configured via the Kubernetes API. 
+-->
+将控制平面组件的静态 Pod 文件转换为通过 Kubernetes API 配置的自托管 DaemonSet。
+
+<!--
+See the documentation for self-hosting limitations. 
+-->
+有关自托管限制，请参阅文档。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase selfhosting convert-from-staticpods [flags]
+```
+
+<!--
+### Examples
+
+```
+  # Converts a static Pod-hosted control plane into a self-hosted one,
+  # functionally equivalent to what generated by kubeadm init executed
+  # --feature-gates=SelfHosting=true.
+  
+  kubeadm alpha phase selfhosting convert-from-staticpods
+```
+-->
+
+### 例子
+
+```
+  # 将静态的 pod 托管的控制平面转换为自托管的控制平面，
+  # 在功能上等于 kubeadm init 所生成的执行
+  # with --feature-gates=SelfHosting=true。
+  
+  kubeadm alpha phase selfhosting convert-from-staticpods
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+<!--
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">存储证书的路径</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where certificates are stored</td>
+-->
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径，警告：配置文件的使用是实验性的</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">以键值对形式描述各种特性的特性门，选项有：<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">convert-from-staticpods 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for convert-from-staticpods</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令集成的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_upload-config.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_upload-config.md
new file mode 100644
index 0000000000000..a0be1a1a71397
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_phase_upload-config.md
@@ -0,0 +1,124 @@
+
+将当前使用的 kubeadm 配置上传到 ConfigMap
+<!--
+Uploads the currently used configuration for kubeadm to a ConfigMap
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Uploads the kubeadm init configuration of your cluster to a ConfigMap called kubeadm-config in the kube-system namespace. This enables correct configuration of system components and a seamless user experience when upgrading. 
+-->
+将集群 kubeadm init 配置上传到 kube-system 命名空间中名为 kubeadm-config 的 ConfigMap 中。这可以正确配置系统组件，并在升级时提供无缝的用户体验。
+
+<!--
+Alternatively, you can use kubeadm config. 
+-->
+或者您可以使用 kubeadm config。
+
+<!--
+Alpha Disclaimer: this command is currently alpha.
+-->
+Alpha 免责声明：此命令目前属于 alpha 阶段。
+
+```
+kubeadm alpha phase upload-config [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # uploads the configuration of your cluster
+-->
+
+```
+  # 上传集群的配置
+  kubeadm alpha phase upload-config --config=myConfig.yaml
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。警告：配置文件的使用是实验性的。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">upload-config 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for upload-config</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+ 
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_completion.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_completion.md
new file mode 100644
index 0000000000000..6ae7d542930f4
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_completion.md
@@ -0,0 +1,192 @@
+为指定的 shell（bash 或 zsh）输出 shell 自动补全代码。
+<!--
+Output shell completion code for the specified shell (bash or zsh).
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Output shell completion code for the specified shell (bash or zsh).
+The shell code must be evaluated to provide interactive
+completion of kubeadm commands. This can be done by sourcing it from
+the .bash_profile.
+-->
+
+为指定的 shell（bash 或 zsh）输出 shell 自动补全代码。
+必须激活 shell 代码以提供交互式 kubeadm 命令补全。这可以通过加载 .bash_profile 文件完成。
+
+<!--
+Note: this requires the bash-completion framework.
+-->
+
+注意: 此功能依赖于 `bash-completion` 框架。
+
+<!--
+To install it on Mac use homebrew:
+    $ brew install bash-completion
+Once installed, bash_completion must be evaluated. This can be done by adding the
+following line to the .bash_profile
+    $ source $(brew --prefix)/etc/bash_completion
+-->
+
+在 Mac 上使用 homebrew 安装:
+
+    brew install bash-completion
+
+安装后，必须激活 bash_completion。这可以通过在 .bash_profile 文件中添加下面的命令行来完成 
+
+    source $(brew --prefix)/etc/bash_completion
+
+<!--
+If bash-completion is not installed on Linux, please install the 'bash-completion' package
+via your distribution's package manager.
+-->
+
+如果在 Linux 上没有安装 bash-completion，请通过您的发行版的包管理器安装 'bash-completion' 软件包。
+
+<!--
+Note for zsh users: [1] zsh completions are only supported in versions of zsh >= 5.2
+-->
+
+zsh 用户注意事项：[1] zsh 自动补全仅在 v5.2 及以上版本中支持。
+
+```
+kubeadm completion SHELL [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 样例
+
+<!--
+```
+
+# Install bash completion on a Mac using homebrew
+brew install bash-completion
+printf "\n# Bash completion support\nsource $(brew --prefix)/etc/bash_completion\n" >> $HOME/.bash_profile
+source $HOME/.bash_profile
+
+# Load the kubeadm completion code for bash into the current shell
+source <(kubeadm completion bash)
+
+# Write bash completion code to a file and source if from .bash_profile
+kubeadm completion bash > ~/.kube/kubeadm_completion.bash.inc
+printf "\n# Kubeadm shell completion\nsource '$HOME/.kube/kubeadm_completion.bash.inc'\n" >> $HOME/.bash_profile
+source $HOME/.bash_profile
+
+# Load the kubeadm completion code for zsh[1] into the current shell
+source <(kubeadm completion zsh)
+```
+-->
+
+```
+# 在 Mac 上使用 homebrew 安装 bash completion
+brew install bash-completion
+printf "\n# Bash completion support\nsource $(brew --prefix)/etc/bash_completion\n" >> $HOME/.bash_profile
+source $HOME/.bash_profile
+
+# 将 bash 版本的 kubeadm 自动补全代码加载到当前 shell 中
+source <(kubeadm completion bash)
+
+# 将 bash 自动补全完成代码写入文件并且从 .bash_profile 文件加载它
+printf "\n# Kubeadm shell completion\nsource '$HOME/.kube/kubeadm_completion.bash.inc'\n" >> $HOME/.bash_profile
+source $HOME/.bash_profile
+
+# 将 zsh 版本的 kubeadm 自动补全代码加载到当前 shell 中
+source <(kubeadm completion zsh)
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for completion</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">completion 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config.md
new file mode 100644
index 0000000000000..2b5dcb2363b7f
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config.md
@@ -0,0 +1,115 @@
+
+管理集群中 ConfigMap 持久化保存的 kubeadm 集群配置
+<!--
+Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster.
+-->
+### 概要
+
+<!--
+### Synopsis
+-->
+
+<!--
+There is a ConfigMap in the kube-system namespace called "kubeadm-config" that kubeadm uses to store internal configuration about the
+cluster. kubeadm CLI v1.8.0+ automatically creates this ConfigMap with the config used with 'kubeadm init', but if you
+initialized your cluster using kubeadm v1.7.x or lower, you must use the 'config upload' command to create this
+ConfigMap. This is required so that 'kubeadm upgrade' can configure your upgraded cluster correctly.
+-->
+
+kube-system 命名空间里有一个名为 "kubeadm-config" 的 ConfigMap，kubeadm 用它来存储有关集群的内部配置。
+kubeadm CLI v1.8.0+ 通过一个配置自动创建该 ConfigMap，这个配置是和 'kubeadm init' 共用的。但是您如果使用 kubeadm v1.7.x 或更低的版本初始化集群，那么必须使用 'config upload' 命令创建该 ConfigMap。这是必要的操作，目的是使 'kubeadm upgrade' 能够正确地配置升级后的集群。
+
+```
+kubeadm config [flags]
+```
+
+### 可选项
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for config</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">配置帮助。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+### 从父命令继承的可选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 主机根文件系统的“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images.md
new file mode 100644
index 0000000000000..d0fec7b2f1ad3
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images.md
@@ -0,0 +1,90 @@
+
+<!--
+Interact with container images used by kubeadm.
+-->
+与 kubeadm 使用的容器镜像交互。
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Interact with container images used by kubeadm.
+-->
+与 kubeadm 使用的容器镜像交互。
+
+```
+kubeadm config images [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for images</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">镜像的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md
new file mode 100644
index 0000000000000..f7774a3d89fae
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md
@@ -0,0 +1,116 @@
+
+打印 kubeadm 要使用的镜像列表。配置文件用于自定义任何镜像或镜像存储库。
+<!--
+Print a list of images kubeadm will use. The configuration file is used in case any images or image repositories are customized.
+-->
+
+### 概要
+<!--
+### Synopsis
+-->
+
+打印 kubeadm 要使用的镜像列表。配置文件用于自定义任何镜像或镜像存储库。
+<!--
+Print a list of images kubeadm will use. The configuration file is used in case any images or image repositories are customized.
+-->
+
+```
+kubeadm config images list [flags]
+```
+
+### 选项
+
+<!--
+### Options
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组键=值对，用于描述各种特性的特性门。选项有：<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">list 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择一个特定的 Kubernetes 版本</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for list</td>
+
+<td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+
+ <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane.</td>
+-->
+
+### 从父命令继承的选项
+
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md
new file mode 100644
index 0000000000000..7a062da0f9086
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md
@@ -0,0 +1,129 @@
+
+拉取 kubeadm 使用的图像。
+<!--
+Pull images used by kubeadm.
+-->
+
+### 概要
+
+<!--
+### Synopsis
+-->
+
+拉取 kubeadm 使用的图像。
+<!--
+Pull images used by kubeadm.
+-->
+
+```
+kubeadm config images pull [flags]
+```
+
+### 选项
+
+<!--
+### Options
+-->
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file.</td>
+
+<td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/var/run/dockershim.sock"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the CRI socket to connect to.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for pull</td>
+
+<td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane.</td>
+
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定要连接的 CRI 套接字。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组键=值对，用于描述各种特性的特性门。选项：<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">pull 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择一个特定的 Kubernetes 版本。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+### 从父命令继承的选项
+
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md
new file mode 100644
index 0000000000000..27deab3f64c0c
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md
@@ -0,0 +1,129 @@
+
+从旧版本的文件中读取 kubeadm 配置 API的类型，并为新版本输出类似的配置对象。
+<!--
+Read an older version of the kubeadm configuration API types from a file, and output the similar config object for the newer version.
+-->
+
+
+### 概要
+
+<!--
+### Synopsis
+-->
+
+
+此命令允许您在 CLI 工具中将本地旧版本的配置对象转换为最新支持的版本，而无需触及群集中的任何内容。在此版本的 kubeadm 中，支持以下 API 版本：
+<!--
+This command lets you convert configuration objects of older versions to the latest supported version,
+locally in the CLI tool without ever touching anything in the cluster.
+In this version of kubeadm, the following API versions are supported:
+-->
+
+- kubeadm.k8s.io/v1alpha2
+- kubeadm.k8s.io/v1alpha3
+
+此外，kubeadm 只能写出版本"kubeadm.k8s.io/v1alpha3"的配置，但能够读取这两种类型，不管你传递给
+--old-config 的参数是什么版本，在写入 stdout 或 --new-config(如果指定时)，API 对象都是
+读取、反序列化、应用默认设置、执行版本转换与合法性验证，并在输出时重新序列化。
+
+<!--
+Further, kubeadm can only write out config of version "kubeadm.k8s.io/v1alpha3", but read both types.
+So regardless of what version you pass to the --old-config parameter here, the API object will be
+read, deserialized, defaulted, converted, validated, and re-serialized when written to stdout or
+--new-config if specified.
+-->
+
+换句话说这个命令的输出就是 kubeadm 在内部读取的内容
+提交这个文件到 "kubeadm init"
+<!--
+In other words, the output of this command is what kubeadm actually would read internally if you
+submitted this file to "kubeadm init"
+-->
+
+```
+kubeadm config migrate [flags]
+```
+
+### 选项
+
+<!--
+### Options
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">migrate 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--new-config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用新的 API 版本生成的 kubeadm 配置文件的路径。这个路径是可选的。如果没有指定，输出将被写到 stdout。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--old-config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用旧 API 版本的、需要进行转换的 kubeadm 配置文件路径。此参数是必需的。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for migrate</td>
+
+ <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to the resulting equivalent kubeadm config file using the new API version. Optional, if not specified output will be sent to STDOUT.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to the kubeadm config file that is using an old API version and should be converted. This flag is mandatory.</td>
+-->
+
+### 从父命令继承的选项
+
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print-default.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print-default.md
new file mode 100644
index 0000000000000..63896e63e864e
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print-default.md
@@ -0,0 +1,108 @@
+
+打印 kubeadm 配置对象的默认值。
+<!--
+Print the default values for a kubeadm configuration object.
+-->
+
+### 概要
+
+<!--
+### Synopsis
+-->
+
+
+此命令打印用于 'kubeadm init' 和 'kubeadm upgrade' 的默认 InitConfiguration 对象，以及用于 'kubeadm join'  的默认 JoinConfiguration 对象。
+<!--
+This command prints the default InitConfiguration object that is used for 'kubeadm init' and 'kubeadm upgrade',
+and the default JoinConfiguration object that is used for 'kubeadm join'.
+-->
+
+注意，如引导令牌字段这类敏感值会被替换为简单的值，如{"abcdef.0123456789abcdef" "" "nil" <nil> [] []}，目的是在通过合法性验证的同时避免执行创建令牌这类真实计算。没有为创建令牌执行真正的计算。
+<!--
+Note that sensitive values like the Bootstrap Token fields are replaced with silly values like {"abcdef.0123456789abcdef" "" "nil" <nil> [] []} in order to pass validation but
+not perform the real computation for creating a token.
+-->
+
+
+```
+kubeadm config print-default [flags]
+```
+
+### 选项
+
+<!--
+### Options
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--api-objects stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API 对象打印默认值的逗号分隔列表。可用值：[InitConfiguration ClusterConfiguration JoinConfiguration KubeProxyConfiguration KubeletConfiguration MasterConfiguration]。此参数未设置时表示“打印所有已知对象”</td>
+    </tr>
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">print-default 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A comma-separated list for API objects to print the default values for. Available values: [InitConfiguration ClusterConfiguration JoinConfiguration KubeProxyConfiguration KubeletConfiguration MasterConfiguration]. This flag unset means 'print all known objects'</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for print-default</td>
+-->
+
+
+
+### 从父命令继承的选项
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload.md
new file mode 100644
index 0000000000000..46fa685449cf0
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload.md
@@ -0,0 +1,91 @@
+
+<!--
+Upload configuration about the current state, so that 'kubeadm upgrade' can later know how to configure the upgraded cluster.
+-->
+上传关于当前状态的配置，以便 'kubeadm upgrade' 以后可以知道如何配置升级后的集群。
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+
+<!--
+Upload configuration about the current state, so that 'kubeadm upgrade' can later know how to configure the upgraded cluster.
+-->
+上传关于当前状态的配置，以便 'kubeadm upgrade' 以后可以知道如何配置升级后的集群。
+
+```
+kubeadm config upload [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for upload</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">upload 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload_from-file.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload_from-file.md
new file mode 100644
index 0000000000000..6fe4f6b23af81
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload_from-file.md
@@ -0,0 +1,113 @@
+
+将配置文件上传到集群内的 ConfigMap 以进行 kubeadm 配置。
+
+<!--
+Upload a configuration file to the in-cluster ConfigMap for kubeadm configuration.
+-->
+
+### 概要
+
+<!--
+### Synopsis
+-->
+
+
+
+使用此命令，您可以使用与 ‘kubeadm init’ 相同的配置文件将配置上传到集群中的 ConfigMap。
+如果您使用的是 v1.7.x 或更低版本的 kubeadm 客户端初始化集群并且使用了 --config 选项，那么在使用 'kubeadm upgrade' 升级到 v1.8 之前，您需要使用相同的配置文件运行此命令。
+<!--
+Using this command, you can upload configuration to the ConfigMap in the cluster using the same config file you gave to 'kubeadm init'.
+If you initialized your cluster using a v1.7.x or lower kubeadm client and used the --config option, you need to run this command with the
+same config file before upgrading to v1.8 using 'kubeadm upgrade'.
+-->
+
+该配置位于 "kube-system" 名称空间中的名为 "kubeadm-config" 的 ConfigMap 中。
+<!--
+The configuration is located in the "kube-system" namespace in the "kubeadm-config" ConfigMap.
+-->
+
+
+```
+kubeadm config upload from-file [flags]
+```
+
+### 选项 
+
+<!--
+### Options
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指向 kubeadm 配置文件的路径。警告：配置文件的使用是实验性的。</td>
+
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">帮助文件</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for from-file</td>
+-->
+
+### 继承于父命令的选项 
+
+<!--
+### Options inherited from parent commands
+-->
+<!--
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+ <td></td><td style="line-height: 130%; word-wrap: break-word;">The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload_from-flags.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload_from-flags.md
new file mode 100644
index 0000000000000..f6626ceb0e3bf
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_upload_from-flags.md
@@ -0,0 +1,216 @@
+
+首次使用 flags 参数创建群集内配置文件。
+<!--
+Create the in-cluster configuration file for the first time from using flags.
+-->
+
+### 概要
+
+<!--
+### Synopsis
+-->
+
+
+使用此命令，您可以使用与 'kubeadm init' 相同的配置文件将配置上传到集群中的 ConfigMap。
+如果使用 v1.7.x 或更低版本的 kubeadm 客户端初始化集群并且使用 --config 选项，则需要在使用 'kubeadm upgrade' 升级到 v1.8 之前使用相同的配置文件运行此命令。
+<!--
+Using this command, you can upload configuration to the ConfigMap in the cluster using the same config file you gave to 'kubeadm init'.
+If you initialized your cluster using a v1.7.x or lower kubeadm client and used the --config option, you need to run this command with the
+same config file before upgrading to v1.8 using 'kubeadm upgrade'.
+-->
+
+该配置位于 "kube-system" 名称空间中的名为 "kubeadm-config" 的 ConfigMap 中。
+<!--
+The configuration is located in the "kube-system" namespace in the "kubeadm-config" ConfigMap.
+-->
+
+
+```
+kubeadm config upload from-file [flags]
+```
+
+### 选项
+
+<!--
+### Options
+-->
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface.</td>
+-->
+<!--
+<td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Port for the API Server to bind to.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save and store the certificates.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the CRI socket to connect to.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/></td>
+-->
+<!--
+<td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default： 6443</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一个 IP 地址，API 服务器将宣告该 IP 地址正在监听。默认指定 '0.0.0.0' 用于网络接口的地址。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于绑定 API 服务器的端口。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-cert-extra-sans stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 API 服务器服务证书的可选额外主题替代名称(SANs)。可以是 IP 地址和 DNS 名称。</td></td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存和存储证书的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定要连接的 CRI 套接字。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组键=值对，用于描述各种特性的特性门。选项：<br/></td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">from-flags 帮助</td>
+    </tr>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for from-flags</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择一个特定的 Kubernetes 版本。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定节点名。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--pod-network-cidr string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定 pod 网络的 IP 地址范围。如果设置，控制平面将自动为每个节点分配 CIDRs。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">使用可替代的 IP 地址范围进行服务。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为服务使用替代域名，例如： "myorg.internal"。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the node name.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Use alternative range of IP address for service VIPs.</td>
+-->
+<!--
+<td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default： "cluster.local"</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Use alternative domain for services, e.g. "myorg.internal".</td>
+-->
+
+
+### 继承于父命令的选项
+
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_view.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_view.md
new file mode 100644
index 0000000000000..6638764eeacaf
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_view.md
@@ -0,0 +1,89 @@
+
+查看存储在集群中的 kubeadm 配置
+<!--
+View the kubeadm configuration stored inside the cluster.
+-->
+
+### 概要
+
+<!--
+### Synopsis
+-->
+
+使用此命令，可以查看 kubeadm 配置的集群中的 ConfigMap。
+
+该配置位于 "kube-system" 名称空间中的名为 "kubeadm-config" 的 ConfigMap 中。
+
+<!--
+Using this command, you can view the ConfigMap in the cluster where the configuration for kubeadm is located.
+
+The configuration is located in the "kube-system" namespace in the "kubeadm-config" ConfigMap.
+-->
+
+
+```
+kubeadm config view [flags]
+```
+
+### 选项
+
+<!--
+### Options
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">view 操作的帮助信息</td>
+    </tr>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for view</td>
+-->
+
+  </tbody>
+</table>
+
+### 继承于父命令的选项
+
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md
index 32e94830dd5e5..1d31da5d96a98 100644
--- a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md
@@ -1,13 +1,13 @@
 
 <!-- Run this command in order to set up the Kubernetes master. -->
-运行这个命令来搭建Kubernetes master节点
+运行此命令来搭建 Kubernetes master 节点
 
 <!-- ### Synopsis -->
 ### 简介
 
 
 <!-- Run this command in order to set up the Kubernetes master. -->
-运行这个命令来搭建Kubernetes主节点。
+运行此命令来搭建 Kubernetes 主节点。
 
 ```
 kubeadm init [flags]
@@ -28,7 +28,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface.</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">API Server将要广播的监听地址。如指定为 `0.0.0.0` 将使用缺省的网卡地址。</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API Server 将要广播的监听地址。如指定为 `0.0.0.0` 将使用缺省的网卡地址。</td>
     </tr>
 
     <tr>
@@ -37,7 +37,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Port for the API Server to bind to.</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">API Server绑定的端口</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API Server 绑定的端口</td>
     </tr>
 
     <tr>
@@ -62,7 +62,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental.</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm配置文件的路径。警告：配置文件的功能是实验性的。</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。警告：配置文件的功能是实验性的。</td>
     </tr>
 
     <tr>
@@ -71,7 +71,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the CRI socket to connect to.</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">指明要连接的CRI socket文件</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指明要连接的 CRI socket 文件</td>
     </tr>
 
     <tr>
@@ -87,7 +87,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">键值对的集合，用来控制各种功能的开关。可选项有:<br/>Auditing=true|false (当前为ALPHA状态 - 缺省值=false)<br/>CoreDNS=true|false (缺省值=true)<br/>DynamicKubeletConfig=true|false (当前为BETA状态 - 缺省值=false)</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">键值对的集合，用来控制各种功能的开关。可选项有:<br/>Auditing=true|false (当前为 ALPHA 状态 - 缺省值=false)<br/>CoreDNS=true|false (缺省值=true)<br/>DynamicKubeletConfig=true|false (当前为 BETA 状态 - 缺省值=false)</td>
     </tr>
 
     <tr>
@@ -95,7 +95,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">help for init</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">获取init命令的帮助信息</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">获取 init 命令的帮助信息</td>
     </tr>
 
     <tr>
@@ -112,7 +112,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane.</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">为control plane选择一个特定的Kubernetes版本。</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为 control plane 选择一个特定的 Kubernetes 版本。</td>
     </tr>
 
     <tr>
@@ -128,7 +128,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">指明pod网络可以使用的IP地址段。 如果设置了这个参数，control plane将会为每一个节点自动分配CIDRs。</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指明 pod 网络可以使用的IP地址段。 如果设置了这个参数，control plane 将会为每一个节点自动分配 CIDRs。</td>
     </tr>
 
     <tr>
@@ -137,7 +137,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Use alternative range of IP address for service VIPs.</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">为service的虚拟IP地址另外指定IP地址段</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为 service 的虚拟IP地址另外指定IP地址段</td>
     </tr>
 
     <tr>
@@ -146,7 +146,7 @@ kubeadm init [flags]
     </tr>
     <tr>
       <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Use alternative domain for services, e.g. "myorg.internal".</td> -->
-      <td></td><td style="line-height: 130%; word-wrap: break-word;">为services另外指定域名, 例如： "myorg.internal".</td>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为 services 另外指定域名, 例如： "myorg.internal".</td>
     </tr>
 
     <tr>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_all.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_all.md
new file mode 100644
index 0000000000000..4bfe79524db85
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_all.md
@@ -0,0 +1,173 @@
+
+生成所有证书
+<!--
+Generates all certificates
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+生成所有证书
+<!--
+Generates all certificates
+-->
+
+```
+kubeadm init phase certs all [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API Server 将通知它正在监听的 IP 地址。如果没有设置，将使用默认网络接口。</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--apiserver-cert-extra-sans stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--apiserver-cert-extra-sans stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于 API Server 服务证书的可选额外替代名称（SANs）。可以同时使用 IP 地址和 DNS 名称</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save and store the certificates.</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存和存储证书的路径。</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm configuration file.</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件路径。</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for all</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">帮助信息</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use alternative range of IP address for service VIPs.</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认： "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">VIPs 服务使用可选的 IP 地址范围。</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use alternative domain for services, e.g. "myorg.internal".</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--service-dns-domain string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认： "cluster.local"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">服务使用可选域名，例如："myorg.internal".</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 继承于父命令的选择项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验]到'真实'主机根目录文件系统路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-healthcheck-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-healthcheck-client.md
new file mode 100644
index 0000000000000..7b141fc6de839
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-healthcheck-client.md
@@ -0,0 +1,87 @@
+<!-- 
+
+Generates the client certificate for liveness probes to healthcheck etcd
+
+ -->
+
+为探查healthcheck etcd的活跃度生成客户端证书
+
+<!--
+
+Synopsis
+
+Generates the client certificate for liveness probes to healtcheck etcd, and saves them into etcd/healthcheck-client.cert and etcd/healthcheck-client.key files.
+
+If both files already exist, kubeadm skips the generation step and existing files will be used.
+
+Alpha Disclaimer: this command is currently alpha.
+
+-->
+
+概要
+
+为探查healthcheck etcd的活跃度生成客户端证书，并且保存为 etcd/healthcheck-client.cert 以及 etcd/healthcheck-client.key 两个文件。
+
+如果两个文件都已经存在，kubeadm 将会跳过生成的步骤并且使用已经存在的文件。
+
+Alpha免责声明：这个指令现在是alpha版。
+
+    kubeadm init phase certs etcd-healthcheck-client [flags]
+
+<!--
+
+Options
+
+-->
+
+选项
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save and store the certificates.</td>
+    </tr>
+    
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm configuration file.</td>
+    </tr>
+    
+    <tr>
+      <td colspan="2">--csr-dir string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path to output the CSRs and private keys to</td>
+    </tr>
+    
+    <tr>
+      <td colspan="2">--csr-only</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Create CSRs instead of generating certificates</td>
+    </tr>
+    
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for etcd-healthcheck-client</td>
+    </tr>
+
+<!--
+
+Options inherited from parent commands
+
+-->
+
+从父命令继承来的选项
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-client.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-client.md
new file mode 100644
index 0000000000000..6bbb5f2051fc3
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-client.md
@@ -0,0 +1,151 @@
+为前端代理生成客户端
+<!--
+Generates the client for the front proxy
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Generates the client for the front proxy, and saves them into front-proxy-client.cert and front-proxy-client.key files. 
+
+If both files already exist, kubeadm skips the generation step and existing files will be used. 
+
+Alpha Disclaimer: this command is currently alpha.
+-->
+为前端代理生成客户端，并将其保存到 front-proxy-client.cert 文件和 front-proxy-client.key 文件中。
+
+如果两个文件都已存在，kubeadm 将跳过生成步骤并将使用现有文件。
+
+Alpha 免责声明：此命令目前是 alpha 阶段。
+
+```
+kubeadm init phase certs front-proxy-client [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save and store the certificates.</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认："/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">存储证书的路径。</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm configuration file.</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件路径。</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--csr-dir string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path to output the CSRs and private keys to</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--csr-dir string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于输出 CSRs 和私钥的路径</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">--csr-only</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Create CSRs instead of generating certificates</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">--csr-only</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">创建 CSRs 而不是生成证书</td>
+    </tr>
+
+<!--
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for front-proxy-client</td>
+    </tr>
+-->
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">front-proxy-client 的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md
new file mode 100644
index 0000000000000..d7669e295942f
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_apiserver.md
@@ -0,0 +1,199 @@
+<!-- Generates the kube-apiserver static Pod manifest -->
+生成 kube-apiserver 静态 Pod 清单
+
+<!-- ### Synopsis -->
+### 概要
+
+
+<!-- Generates the kube-apiserver static Pod manifest -->
+生成 kube-apiserver 静态 Pod 清单
+
+```
+kubeadm init phase control-plane apiserver [flags]
+```
+
+<!-- ### Options -->
+### 选项
+
+<!-- <table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Port for the API Server to bind to.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-extra-args mapStringString</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of extra flags to pass to the API Server or override default ones in form of &lt;flagname&gt;=&lt;value&gt;</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save and store the certificates.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm configuration file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/></td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for apiserver</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "k8s.gcr.io"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a container registry to pull control plane images from</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Choose a specific Kubernetes version for the control plane.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use alternative range of IP address for service VIPs.</td>
+    </tr>
+
+  </tbody>
+</table> -->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">选项 API 服务器将公布它正在监听的IP地址。如果未设置，将使用默认网络接口。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> API 服务器绑定的端口</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-extra-args mapStringString</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组额外的 flags 以&lt;flagname&gt;=&lt;value&gt;的形式传递给 API 服务器或者覆盖默认设置。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存和存储证书的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> kubeadm 配置文件的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组键值对，用于描述各种特征的特征事项。选项是：<br/></td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> apiserver 帮助</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认: "k8s.gcr.io"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">选择要从中提取控制平面镜像的容器注册表</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认: "stable-1"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">为控制平面选择特定的 Kubernetes 版本</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--service-cidr string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认: "10.96.0.0/12"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">可替换的服务 VIP 地址服务范围。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!-- ### Options inherited from parent commands -->
+### 继承于父命令的选择项
+
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] 主机根目录文件系统的“真实”路径。
+
+</td>
+    </tr>
+
+  </tbody>
+</table>
\ No newline at end of file
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_kubeconfig.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_kubeconfig.md
new file mode 100644
index 0000000000000..a81b409c841eb
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_kubeconfig.md
@@ -0,0 +1,91 @@
+
+<!-- Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file -->
+生成建立控制平面和管理 kubeconfig 文件所需的所有 kubeconfig 文件
+
+<!-- ### Synopsis -->
+### 概要
+
+
+<!-- This command is not meant to be run on its own. See list of available subcommands. -->
+此命令并不意味着必须单独运行。请阅读可用子命令列表。
+
+```
+kubeadm init phase kubeconfig [flags]
+```
+
+<!-- ### Options -->
+### 选项
+
+<!-- <table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for kubeconfig</td>
+    </tr>
+
+  </tbody>
+</table> -->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeconfig 帮助</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!-- ### Options inherited from parent commands -->
+### 从父命令继承的选项
+
+<!-- <table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table> -->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] "真实"主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_kubeconfig_controller-manager.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_kubeconfig_controller-manager.md
new file mode 100644
index 0000000000000..06392159d50b0
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_kubeconfig_controller-manager.md
@@ -0,0 +1,139 @@
+
+<!-- Generates a kubeconfig file for the controller manager to use -->
+为控制器管理器生成要使用的 kubeconfig 文件
+
+<!-- ### Synopsis -->
+### 概要
+
+
+<!-- Generates the kubeconfig file for the controller manager to use and saves it to controller-manager.conf file -->
+生成控制器管理器要使用的 kubeconfig ，并保存到 controller-manager.conf 文件中
+
+```
+kubeadm init phase kubeconfig controller-manager [flags]
+```
+
+<!-- ### Options -->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--     <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--apiserver-advertise-address 字符串</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> API Server 对外发布的当前监听地址。设置此值为 “0.0.0.0” 以使用默认网络接口的 IP 地址。</td>
+    </tr>
+
+<!--     <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Port for the API Server to bind to.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+      默认值: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">要绑定到 API Server 的端口。</td>
+    </tr>
+
+
+<!--     <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save and store the certificates.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存和存储证书的路径。</td>
+    </tr>
+
+<!--     <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> kubeadm 配置文件的路径。警告：配置文件的使用是实验性的。</td>
+    </tr>
+
+<!--     <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for controller-manager</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> controller-manager 命令的帮助</td>
+    </tr>
+
+<!--     <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path where to save the kubeconfig file.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--kubeconfig-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+      默认值: "/etc/kubernetes"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">保存 kubeconfig 的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!-- ### Options inherited from parent commands -->
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--     <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--rootfs 字符串</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 主机根文件系统的“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_mark-control-plane.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_mark-control-plane.md
new file mode 100644
index 0000000000000..7da8cbebb615d
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_mark-control-plane.md
@@ -0,0 +1,111 @@
+
+<!-- Mark a node as a control-plane -->
+将节点标记为控制平面
+
+<!-- ### Synopsis -->
+### 概要
+
+
+<!-- Mark a node as a control-plane -->
+将节点标记为控制平面
+
+```
+kubeadm init phase mark-control-plane [flags]
+```
+
+<!-- ### Examples -->
+### 例子
+
+```
+  # 将控制平面的标签和污点应用于当前节点，功能上等同于 kubeadm init 执行的操作。
+  kubeadm init phase mark-control-plane --config config.yml
+
+  # 将控制平面的标签和污点应用于特定节点
+  kubeadm init phase mark-control-plane --node-name myNode
+```
+
+<!-- ### Options -->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--     <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file. WARNING: Usage of a configuration file is experimental.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> kubeadm 配置文件的路径。 警告：配置文件的使用是实验性的。</td>
+    </tr>
+
+<!--     <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for mark-control-plane</td>
+    </tr> -->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> mark-control-plane 命令的帮助</td>
+    </tr>
+
+<!--     <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the node name.</td>
+    </tr> -->
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定节点名称。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!-- ### Options inherited from parent commands -->
+<!-- ### Options inherited from parent commands -->
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--     <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr> -->
+    <tr>
+      <td colspan="2">--rootfs 字符串</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">主机根文件系统的“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_upload-config_kubelet.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_upload-config_kubelet.md
new file mode 100644
index 0000000000000..67c41da49112e
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_upload-config_kubelet.md
@@ -0,0 +1,154 @@
+
+<!--
+Uploads the kubelet component config to a ConfigMap
+-->
+上传 kubelet 组件配置到 ConfigMap
+
+<!--
+### Synopsis
+-->
+### 概要
+
+
+<!--
+Uploads kubelet configuration extracted from the kubeadm InitConfiguration object to a ConfigMap of the form kubelet-config-1.X in the cluster, where X is the minor version of the current (API Server) Kubernetes version.
+-->
+将从 kubeadm InitConfiguration 对象提取的 kubelet 配置上传到集群中 kubelet-config-1.X 形式的 ConfigMap，其中 X 是当前（API 服务器）Kubernetes 版本的小版本。
+
+<!--
+```
+kubeadm init phase upload-config kubelet [flags]
+```
+-->
+```
+kubeadm init phase upload-config kubelet [flags]
+```
+
+<!--
+### Examples
+-->
+### 例子
+
+<!--
+```
+  # Uploads the kubelet configuration from the kubeadm Config file to a ConfigMap in the cluster.
+  kubeadm init phase upload-config kubelet --config kubeadm.yaml
+```
+-->
+```
+  # 将 kubelet 配置从 kubeadm 配置文件上传到集群中的 ConfigMap。
+  kubeadm init phase upload-config kubelet --config kubeadm.yaml
+```
+
+<!--
+### Options
+-->
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to a kubeadm configuration file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for kubelet</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">到 kubeadm 配置文件的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubelet 的帮助</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群通信时使用的 kubeconfig 文件。如果未设置该标签，则可以通过一组标准路径来寻找已有的 kubeconfig 文件。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到宿主机根文件系统的 '真实' 路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md
new file mode 100644
index 0000000000000..bda3ff97954b1
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md
@@ -0,0 +1,374 @@
+在想要加入现有集群的每台机器上运行。
+
+<!--
+Run this on any machine you wish to join an existing cluster
+-->
+
+<!--
+### Synopsis
+-->
+
+### 摘要
+
+
+<!--
+When joining a kubeadm initialized cluster, we need to establish
+bidirectional trust. This is split into discovery (having the Node
+trust the Kubernetes Master) and TLS bootstrap (having the Kubernetes
+Master trust the Node).
+-->
+
+当节点加入 kubeadm 初始化的集群时，我们需要建立双向信任。
+这个过程可以分解为发现（让待加入节点信任 Kubernetes 主节点）和 TLS 引导（让Kubernetes 主节点信任待加入节点）两个部分。
+
+<!--
+There are 2 main schemes for discovery. The first is to use a shared
+token along with the IP address of the API server. The second is to
+provide a file - a subset of the standard kubeconfig file. This file
+can be a local file or downloaded via an HTTPS URL. The forms are
+kubeadm join --discovery-token abcdef.1234567890abcdef 1.2.3.4:6443,
+kubeadm join --discovery-file path/to/file.conf, or kubeadm join
+--discovery-file `https://url/file.conf`. Only one form can be used. If
+the discovery information is loaded from a URL, HTTPS must be used.
+Also, in that case the host installed CA bundle is used to verify
+the connection.
+-->
+
+有两种主要的发现方案。
+第一种方法是使用共享令牌和 API 服务器的 IP 地址。
+第二种是提供一个文件——标准 kubeconfig 文件的一个子集。
+该文件可以是本地文件，也可以通过 HTTPS URL 下载。
+格式是 kubeadm join --discovery-token abcdef.1234567890abcdef 1.2.3.4:6443、kubeadm join--discovery-file path/to/file.conf、或者 kubeadm join --discovery-file`https://url/file.conf`。
+只能使用其中一种。
+如果发现信息是从 URL 加载的，必须使用 HTTPS。
+此外，在这种情况下，主机安装的 CA 包用于验证连接。
+
+<!--
+If you use a shared token for discovery, you should also pass the
+--discovery-token-ca-cert-hash flag to validate the public key of the
+root certificate authority (CA) presented by the Kubernetes Master. The
+value of this flag is specified as "<hash-type>:<hex-encoded-value>",
+where the supported hash type is "sha256". The hash is calculated over
+the bytes of the Subject Public Key Info (SPKI) object (as in RFC7469).
+This value is available in the output of "kubeadm init" or can be
+calculated using standard tools. The --discovery-token-ca-cert-hash flag
+may be repeated multiple times to allow more than one public key.
+-->
+
+如果使用共享令牌进行发现，还应该传递 --discovery-token-ca-cert-hash 参数来验证 Kubernetes 主节点提供的根证书颁发机构（CA）的公钥。
+此参数的值指定为 "<hash-type>:<hex-encoded-value>"，其中支持的哈希类型为 "sha256"。哈希是通过 Subject Public Key Info（SPKI）对象的字节计算的（如 RFC7469）。
+这个值可以从 "kubeadm init" 的输出中获得，或者可以使用标准工具进行计算。
+可以多次重复 --discovery-token-ca-cert-hash 参数以允许多个公钥。
+
+<!--
+If you cannot know the CA public key hash ahead of time, you can pass
+the --discovery-token-unsafe-skip-ca-verification flag to disable this
+verification. This weakens the kubeadm security model since other nodes
+can potentially impersonate the Kubernetes Master.
+-->
+
+如果无法提前知道 CA 公钥哈希，则可以通过 --discovery-token-unsafe-skip-ca-verification 参数禁用此验证。
+这削弱了kubeadm 安全模型，因为其他节点可能会模仿 Kubernetes 主节点。
+
+<!--
+The TLS bootstrap mechanism is also driven via a shared token. This is
+used to temporarily authenticate with the Kubernetes Master to submit a
+certificate signing request (CSR) for a locally created key pair. By
+default, kubeadm will set up the Kubernetes Master to automatically
+approve these signing requests. This token is passed in with the
+--tls-bootstrap-token abcdef.1234567890abcdef flag.
+
+Often times the same token is used for both parts. In this case, the
+--token flag can be used instead of specifying each token individually.
+-->
+
+TLS 引导机制也通过共享令牌驱动。
+这用于向 Kubernetes 主节点进行临时的身份验证，以提交本地创建的密钥对的证书签名请求（CSR）。
+默认情况下，kubeadm 将设置 Kubernetes 主节点自动批准这些签名请求。
+这个令牌通过 --tls-bootstrap-token abcdef.1234567890abcdef 参数传入。
+
+通常两个部分会使用相同的令牌。
+在这种情况下可以使用 --token 参数，而不是单独指定每个令牌。
+
+```
+kubeadm join [flags]
+```
+
+<!--
+### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">If the node should host a new control plane instance, the port for the API Server to bind to.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the CRI socket to connect to.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A file or url from which to load cluster information.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A token used to validate cluster information fetched from the api server.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-token-ca-cert-hash stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">For token-based discovery, validate that the root CA public key matches this hash (format: "&lt;type&gt;:&lt;value&gt;").</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-token-unsafe-skip-ca-verification</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--experimental-control-plane</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Create a new control plane instance on this node</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for join</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the node name.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--tls-bootstrap-token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A token used for TLS bootstrapping.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Use this token for both discovery-token and tls-bootstrap-token.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--apiserver-advertise-address string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">如果节点应该托管一个新的控制平面实例，那么 API 服务器将通知它正在监听的 IP 地址。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--apiserver-bind-port int32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 6443</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">如果节点应该托管新的控制平面实例，则 API 服务器要绑定的端口。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定要连接的 CRI 套接字。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-file string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用来加载集群信息的文件或 URL。 </td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用来验证从 API 服务器获取的集群信息的令牌。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-token-ca-cert-hash stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">对基于令牌的发现，验证根 CA 公钥是否与此哈希匹配(格式： "&lt;type&gt;:&lt;value&gt;")。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--discovery-token-unsafe-skip-ca-verification</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">对于基于令牌的发现，允许没有 --discovery-token-ca-cert-hash 的加入.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--experimental-control-plane</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">在节点上创建一个新的控制平面实例</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组健值对，用来描述不同功能的功能开关。 选项包括：<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">join 的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">检查项列表，检查的错误信息将显示为警告。 示例： 'IsPrivilegedUser,Swap'。 值 'all' 会忽略所有检查错误。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--node-name string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定节点名称</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--tls-bootstrap-token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">TLS 引导使用的令牌。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--token string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> 用作 discovery-token 和 tls-bootstrap-token 的令牌</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] 连接 '真正的' 主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-join.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-join.md
new file mode 100644
index 0000000000000..356485cf07cfb
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-join.md
@@ -0,0 +1,102 @@
+
+<!--
+Joins a machine as a control plane instance
+-->
+将机器作为控制平面实例加入
+
+<!--
+### Synopsis
+-->
+### 概述
+
+
+<!--
+Joins a machine as a control plane instance
+-->
+将机器作为控制平面实例加入
+
+```
+kubeadm join phase control-plane-join [flags]
+```
+
+<!--
+### Examples
+-->
+### 示例
+
+<!--
+```
+  # Joins a machine as a control plane instance
+  kubeadm join phase control-plane-join all
+```
+-->
+```
+  # 将机器作为控制平面实例加入
+  kubeadm join phase control-plane-join all
+```
+
+<!--
+### Options
+-->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">control-plane-join 帮助</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+### 从父指令中继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 指向'真实'宿主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset.md
new file mode 100644
index 0000000000000..322d040f20661
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset.md
@@ -0,0 +1,141 @@
+
+此命令可将 'kubeadm init' 或者 'kubeadm join' 对主机的改动恢复到执行前的状态。
+
+### 摘要
+
+此命令可将 'kubeadm init' 或者 'kubeadm join' 对主机的改动恢复到执行前的状态。
+
+<!--
+Run this to revert any changes made to this host by 'kubeadm init' or 'kubeadm join'.
+
+### Synopsis
+
+
+Run this to revert any changes made to this host by 'kubeadm init' or 'kubeadm join'.
+-->
+
+```
+kubeadm reset [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path to the directory where the certificates are stored. If specified, clean this directory.</td>
+    </tr>
+    
+    <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The path to the CRI socket to use with crictl when cleaning up containers.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-f, --force</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Reset the node without prompting for confirmation.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for reset</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--cert-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/pki"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">到存储证书的目录的路径。如果指定了，需要清除此目录。</td>
+    </tr>
+    
+    <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">在清理容器时与 crictl 一起使用的 CRI 套接字的路径。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-f, --force</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">在不提示确认的情况下重置节点。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">reset 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">检查列表，其错误将显示为警告。示例：'IsPrivilegedUser,Swap'。值设为 'all' 将忽略所有检查中的错误。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] 通往'真正的'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token.md
new file mode 100644
index 0000000000000..d378bc86dd587
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token.md
@@ -0,0 +1,125 @@
+
+<!--
+Manage bootstrap tokens.
+-->
+管理引导令牌（bootstrap token）。
+
+<!--
+### Synopsis
+-->
+### 概述
+
+<!--
+This command manages bootstrap tokens. It is optional and needed only for advanced use cases.
+-->
+此命令管理引导令牌（bootstrap token）。它是可选的，仅适用于高级用例。
+
+<!--
+In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server.
+A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs
+to trust the server it is talking to. Then a bootstrap token with the "signing" usage can be used.
+-->
+简而言之，引导令牌（bootstrap token）用于在客户端和服务器之间建立双向信任。
+当客户端（例如，即将加入集群的节点）需要时，可以使用引导令牌相信正在与之通信的服务器。
+然后可以使用具有 “签名” 的引导令牌。
+
+<!--
+bootstrap tokens can also function as a way to allow short-lived authentication to the API Server
+(the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.
+-->
+引导令牌还可以作为一种允许对 API 服务器进行短期身份验证的方法（令牌用作 API 服务器信任客户端的方式），例如用于执行 TLS 引导程序。
+
+<!--
+What is a bootstrap token more exactly?
+ - It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
+ - A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
+   while the latter is the Token Secret and it must be kept private at all circumstances!
+ - The name of the Secret must be named "bootstrap-token-(token-id)".
+ -->
+引导令牌准确来说是什么？
+ - 它是位于 kube-system 命名空间中类型为 “bootstrap.kubernetes.io/token” 的一个 Secret。
+ - 引导令牌的格式必须为 “[a-z0-9]{6}.[a-z0-9]{16}”，前一部分是公共令牌 ID，而后者是令牌秘钥，必须在任何情况下都保密！
+ - 必须将 Secret 的名称命名为 “bootstrap-token-(token-id)”。
+
+<!--
+You can read more about bootstrap tokens here:
+  /docs/admin/bootstrap-tokens/
+-->
+您可以在此处阅读有关引导令牌（bootstrap token）的更多信息：
+  /docs/admin/bootstrap-tokens/
+
+```
+kubeadm token [flags]
+```
+<!--
+### Options
+-->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Whether to enable dry-run mode or not</td>
+      -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">是否启用 dry-run 模式</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for token</td>
+      -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">token 帮助</td>
+    </tr>
+
+    <tr>
+      <!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+      -->
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+      -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群通信时使用的 KubeConfig 文件。如果未设置，则搜索一组标准位置以查找现有 KubeConfig 文件。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+      -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性的] 指向“真实”主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_create.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_create.md
new file mode 100644
index 0000000000000..f7dcf727d5a14
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_create.md
@@ -0,0 +1,228 @@
+
+在服务器上创建引导令牌
+
+<!--
+Create bootstrap tokens on the server.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command will create a bootstrap token for you.
+You can specify the usages for this token, the "time to live" and an optional human friendly description.
+
+The [token] is the actual token to write.
+This should be a securely generated random token of the form "[a-z0-9]{6}.[a-z0-9]{16}".
+If no [token] is given, kubeadm will generate a random token instead.
+-->
+
+这个命令将为你创建一个引导令牌。
+您可以设置此令牌的用途，"有效时间" 和可选的人性化的描述。
+
+这里的 [token] 是指将要生成的实际令牌。
+该令牌应该是一个通过安全机制生成的随机令牌，形式为 "[a-z0-9]{6}.[a-z0-9]{16}"。
+如果没有给出 [token]，kubeadm 将生成一个随机令牌。
+
+```
+kubeadm token create [token]
+```
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--description string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A human friendly description of how this token is used.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--groups stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [system:bootstrappers:kubeadm:default-node-token]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Extra groups that this token will authenticate as when used for authentication. Must match "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for create</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--print-join-command</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 24h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--usages stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: [signing,authentication]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定 kubeadm 配置文件的路径 (警告: 使用配置文件是实验阶段的)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--description string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">针对令牌用途的人性化的描述。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--groups stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: [system:bootstrappers:kubeadm:default-node-token]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">此令牌将在用于身份验证时进行身份验证的额外组。必须匹配  "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">create 操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--print-join-command</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">输出使用令牌加入群集所需的完整的 "kubeadm join" 样式的命令，而不是只输出令牌。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ttl duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: 24h0m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">令牌有效时间，超过该时间令牌被自动删除。(例如： 1s, 2m, 3h)。如果设置为 '0'，令牌将永远不过期。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--usages stringSlice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: [signing,authentication]</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">描述可以使用此令牌的方式。你可以多次使用 `--usages` 或者提供一个以逗号分隔的选项列表。合法选项有: [signing,authentication]</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Whether to enable dry-run mode or not</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">是否启用 `dry-run` 运行模式</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_delete.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_delete.md
new file mode 100644
index 0000000000000..247baaad127ea
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_delete.md
@@ -0,0 +1,140 @@
+在服务器上删除引导令牌
+
+<!--
+Delete bootstrap tokens on the server.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command will delete a given bootstrap token for you.
+
+The [token-value] is the full Token of the form "[a-z0-9]{6}.[a-z0-9]{16}" or the
+Token ID of the form "[a-z0-9]{6}" to delete.
+-->
+
+这个命令将为你删除指定的引导令牌。
+
+[token-value] 是要删除的 "[a-z0-9]{6}.[a-z0-9]{16}" 形式的完整令牌或者是 "[a-z0-9]{6}" 形式的的令牌 ID。
+
+```
+kubeadm token delete [token-value]
+```
+
+<!--
+### Options
+-->
+
+### 可选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for delete</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">delete 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Whether to enable dry-run mode or not</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">是否启用 `dry-run` 运行模式</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_generate.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_generate.md
new file mode 100644
index 0000000000000..9d0f03b27ae3a
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_generate.md
@@ -0,0 +1,155 @@
+
+生成并打印一个引导令牌但并不在服务器上创建令牌对象。
+
+<!--
+Generate and print a bootstrap token, but do not create it on the server.
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+This command will print out a randomly-generated bootstrap token that can be used with
+the "init" and "join" commands.
+
+You don't have to use this command in order to generate a token. You can do so
+yourself as long as it is in the format "[a-z0-9]{6}.[a-z0-9]{16}". This
+command is provided for convenience to generate tokens in the given format.
+
+You can also use "kubeadm init" without specifying a token and it will
+generate and print one for you.
+-->
+
+此命令将打印一个随机生成的可以被 "init" 和 "join" 命令使用的引导令牌。
+
+您不必使用此命令来生成令牌。你可以自己设定，只要格式符合 "[a-z0-9]{6}.[a-z0-9]{16}"。这个命令提供是为了方便生成规定格式的令牌。
+
+您也可以使用 "kubeadm init" 并且不指定令牌，该命令会生成一个令牌并打印出来。
+
+```
+kubeadm token generate [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for generate</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">generate 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
+<!--
+### Options
+-->
+
+### 从父命令继承的选项
+
+<!--
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Whether to enable dry-run mode or not</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">是否启用 `dry-run` 运行模式</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值: "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_list.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_list.md
new file mode 100644
index 0000000000000..02b0b70421e81
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_token_list.md
@@ -0,0 +1,100 @@
+
+<!--
+List bootstrap tokens on the server.
+-->
+列出服务器上的引导令牌。
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+
+<!--
+This command will list all bootstrap tokens for you.
+-->
+此命令将为您列出所有的引导令牌。
+
+```
+kubeadm token list [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for list</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">list 操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Whether to enable dry-run mode or not</td>
+
+<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/admin.conf"</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">是否启用干运行模式</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/admin.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade.md
new file mode 100644
index 0000000000000..f35d4a1e4cce3
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade.md
@@ -0,0 +1,99 @@
+<!-- 
+Upgrade your cluster smoothly to a newer version with this command.
+
+### Synopsis
+
+
+Upgrade your cluster smoothly to a newer version with this command.
+ -->
+
+此命令能将您的集群平滑升级到新版本。
+
+### 概要
+
+
+此命令能将您的集群平滑升级到新版本。
+
+
+```
+kubeadm upgrade [flags]
+```
+
+<!-- ### Options
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for upgrade</td>
+    </tr>
+
+  </tbody>
+</table>
+ -->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">upgrade 帮助</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!-- ### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+ -->
+
+### 继承于父命令的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性] 主机根目录文件系统“真实”路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md
new file mode 100644
index 0000000000000..21f4be9991d14
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md
@@ -0,0 +1,281 @@
+<!--
+Upgrade your Kubernetes cluster to the specified version.
+
+### Synopsis
+
+
+Upgrade your Kubernetes cluster to the specified version.
+
+```
+kubeadm upgrade apply [version]
+```
+
+### Options
+-->
+
+将Kubernetes集群升级到指定版本。
+
+### 简介
+
+
+将Kubernetes集群升级到指定版本。
+
+```
+kubeadm upgrade apply [version]
+```
+
+### 选项
+
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+  
+<!--
+    <tr>
+      <td colspan="2">--allow-experimental-upgrades</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--allow-release-candidate-upgrades</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Specify the CRI socket to connect to.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Do not change any state, just output what actions would be performed.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--etcd-upgrade&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Perform the upgrade of etcd.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-f, --force</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Force upgrading although some requirements might not be met. This also implies non-interactive mode.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for apply</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--image-pull-timeout duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 15m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The maximum amount of time to wait for the control plane pods to be downloaded.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/Users/zarnold/.kube/config"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--print-config</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Specifies whether the configuration file that will be used in the upgrade should be printed or not.</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-y, --yes</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Perform the upgrade and do not prompt for confirmation (non-interactive mode).</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+  <tr>
+      <td colspan="2">--allow-experimental-upgrades</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">显示 Kubernetes 的不稳定版本作为升级替代方案，并允许升级到 Kubernetes 的 alpha/beta 或 RC 版本。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--allow-release-candidate-upgrades</td>
+    </tr>
+    <tr>  
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">显示 Kubernetes 的候选版本作为升级替代方案，并允许升级到 Kubernetes 的 RC 版本。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;"> kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--cri-socket string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/var/run/dockershim.sock"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定要连接的 CRI 套接字。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">不要更改任何状态，只输出要执行的操作。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--etcd-upgrade&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: true</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">执行 etcd 的升级。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一组键值对，用于描述各种功能的功能门。选项包括：<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">-f, --force</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">强制升级，但可能无法满足某些要求。这也意味着非交互模式。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">帮助</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">一系列检查，其错误将显示为警告。示例：'IsPrivilegedUser,Swap'。值'all'忽略所有检查的错误。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--image-pull-timeout duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 15m0s</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">等待控制面 pod 下载的最长时间。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/Users/zarnold/.kube/config"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">与集群通信时使用的 KubeConfig 文件。如果未设置标志，则在相关目录下搜索以查找现有KubeConfig文件。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">--print-config</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指定是否应打印将在升级中使用的配置文件。</td>
+    </tr>
+
+  <tr>
+      <td colspan="2">-y, --yes</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">执行升级，不提示确认（非交互模式）。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+    </tr>
+
+  </tbody>
+</table>
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+  <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] 宿主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md
new file mode 100644
index 0000000000000..2942bae794da8
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_diff.md
@@ -0,0 +1,143 @@
+
+显示将对现有静态 pod 清单产生的影响。这也能够通过 `kubeadm upgrade apply --dry-run` 命令查看。
+<!--
+Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply --dry-run
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply --dry-run
+-->
+显示将对现有静态 pod 清单产生的影响。这也能够通过 `kubeadm upgrade apply --dry-run` 命令查看。
+
+```
+kubeadm upgrade diff [version] [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+<!--
+      <td colspan="2">--api-server-manifest string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/manifests/kube-apiserver.yaml"</td>
+-->
+
+    <tr>
+      <td colspan="2">--api-server-manifest string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/manifests/kube-apiserver.yaml"</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">path to API server manifest</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">API 服务器清单的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    
+<!--
+    <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">到 kubeadm 配置文件的路径（警告：配置文件的使用是实验性的）</td>    
+    </tr>
+    
+<!--
+      <td colspan="2">-c, --context-lines int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: 3</td>
+-->
+    <tr>
+      <td colspan="2">-c, --context-lines int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值：3</td>
+    </tr>
+    
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">How many lines of context in the diff</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">diff 中有多少行上下文</td>
+    </tr>
+
+<!--
+      <td colspan="2">--controller-manager-manifest string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/manifests/kube-controller-manager.yaml"</td>
+-->
+    <tr>
+      <td colspan="2">--controller-manager-manifest string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/manifests/kube-controller-manager.yaml"</td>
+    </tr>
+    
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">path to controller manifest</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">控制器清单的路径</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for diff</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">diff 的帮助信息</td>
+    </tr>
+
+<!--
+      <td colspan="2">--scheduler-manifest string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/manifests/kube-scheduler.yaml"</td>
+-->
+    <tr>
+      <td colspan="2">--scheduler-manifest string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值："/etc/kubernetes/manifests/kube-scheduler.yaml"</td>
+    </tr>
+    
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">path to scheduler manifest</td>
+-->
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">调度器清单的路径</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+<!--
+      <td colspan="2">--rootfs string</td>
+-->
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机 root 文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md
new file mode 100644
index 0000000000000..383e6645051fb
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node.md
@@ -0,0 +1,78 @@
+<!--
+Upgrade commands for a node in the cluster. Currently only supports upgrading the configuration, not the kubelet itself.
+-->
+升级集群中某个节点的命令，目前只支持升级配置，不支持 kubelet 本身。
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Upgrade commands for a node in the cluster. Currently only supports upgrading the configuration, not the kubelet itself.
+-->
+升级集群中某个节点的命令，目前只支持升级配置，不支持 kubelet 本身。
+
+```
+kubeadm upgrade node [flags]
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for node</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">节点操作的帮助信息</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node_config.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node_config.md
new file mode 100644
index 0000000000000..caa5cb45ca64c
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node_config.md
@@ -0,0 +1,122 @@
+
+<!--
+Downloads the kubelet configuration from the cluster ConfigMap kubelet-config-1.X, where X is the minor version of the kubelet.
+-->
+从集群 ConfigMap kubelet-config-1.X 下载 kubelet 配置。其中 X 是 kubelet 的次要版本。
+
+<!--
+### Synopsis
+-->
+### 概要
+
+<!--
+Downloads the kubelet configuration from a ConfigMap of the form "kubelet-config-1.X" in the cluster, where X is the minor version of the kubelet. kubeadm uses the --kubelet-version parameter to determine what the desired kubelet version is. Give
+-->
+从群集中 "kubelet-config-1.X" 的 ConfigMap 下载 kubelet 配置，其中 X 是kubelet 的次要版本。kubeadm 使用 --kubelet-version 参数来确定所需的 kubelet 版本。
+
+```
+kubeadm upgrade node config [flags]
+```
+
+<!--
+### Examples
+-->
+<!--
+# Downloads the kubelet configuration from the ConfigMap in the cluster. Uses a specific desired kubelet version.
+# Simulates the downloading of the kubelet configuration from the ConfigMap in the cluster with a specific desired
+# version. Does not change any state locally on the node
+-->
+
+### 例子
+
+```
+  # 从集群中的 ConfigMap 下载 kubelet 配置，使用特定的 kubelet 版本。
+  kubeadm upgrade node config --kubelet-version v1.12.0
+  
+  # 模拟从集群中的 ConfigMap 下载具有特定版本的 kubelet 配置。节点上的任何本地状态没有改变吗？
+  kubeadm upgrade node config --kubelet-version v1.12.0 --dry-run
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Do not change any state, just output the actions that would be performed.</td>
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for config</td>
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are sear    ched for an existing KubeConfig file.</td>
+<td></td><td style="line-height: 130%; word-wrap: break-word;">The *desired* version for the kubelet after the upgrade.</td>
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">不改变任何状态，只输出将要执行的操作</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">配置操作的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/kubelet.conf"</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--kubelet-version string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">升级后的 kubelet 的*期望*版本。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+### 从父命令继承的选项
+
+<!--
+### Options inherited from parent commands
+-->
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+<!-
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node_experimental-control-plane.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node_experimental-control-plane.md
new file mode 100644
index 0000000000000..3809648c9d13a
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_node_experimental-control-plane.md
@@ -0,0 +1,121 @@
+
+升级部署在此节点上的控制平面实例。【重要】执行此命令之前，需要在控制平面的另一实例上执行 `kubeadm upgrade apply`。
+<!--
+Upgrades the control plane instance deployed on this node. IMPORTANT. This command should be executed after executing `kubeadm upgrade apply` on another control plane instance
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Downloads the kubelet configuration from a ConfigMap of the form "kubelet-config-1.X" in the cluster, where X is the minor version of the kubelet. kubeadm uses the --kubelet-version parameter to determine what the desired kubelet version is. Give
+-->
+从集群中 "kubelet-config-1.X" 的 ConfigMap 下载 kubelet 配置，在集群中 X 是 kubelet 的次要版本。kubeadm 使用 --kubelet-version 参数来确定所需的 kubelet 版本。
+
+```
+kubeadm upgrade node experimental-control-plane [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Downloads the kubelet configuration from the ConfigMap in the cluster. Uses a specific desired kubelet version.
+  # Simulates the downloading of the kubelet configuration from the ConfigMap in the cluster with a specific desired 
+  # version. Does not change any state locally on the node.
+-->
+
+```
+  # 从集群中的 ConfigMap 下载 kubelet 配置。使用特定的 kubelet 版本。
+  kubeadm upgrade node config --kubelet-version v1.12.0
+  
+  # 模拟从集群中的 ConfigMap 下载 kubelet 配置，使用特定的指定版本。不更改节点上的任何本地状态。
+  kubeadm upgrade node config --kubelet-version v1.12.0 --dry-run
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--dry-run</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">不改变任何状态，只输出将要执行的动作</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">Do not change any state, just output the actions that would be performed.</td>
+-->
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">experimental-control-plane 的帮助信息</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">help for experimental-control-plane</td>
+-->
+
+    <tr>
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;默认值： "/etc/kubernetes/kubelet.conf"</td>
+    </tr>
+<!--
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/etc/kubernetes/kubelet.conf"</td>
+-->
+
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">用于和集群通信的 KubeConfig 文件。如果它没有被设置，那么 kubeadm 将会搜索一个已经存在于标准路径的 KubeConfig 文件。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+<!--
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md
new file mode 100644
index 0000000000000..1ec2a180feb12
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_plan.md
@@ -0,0 +1,118 @@
+
+<!-- Check which versions are available to upgrade to and validate whether your current cluster is upgradeable. To skip the internet check, pass in the optional [version] parameter. -->
+检查当前可供升级的版本有哪些以及验证你当前的集群是否可以升级。传入可选的 [version] 参数可以跳过联网检查。
+
+<!-- ### Synopsis -->
+### 简介
+
+
+<!-- Check which versions are available to upgrade to and validate whether your current cluster is upgradeable. To skip the internet check, pass in the optional [version] parameter. -->
+检查当前可供升级的版本有哪些以及验证你当前的集群是否可以升级。传入可选的 [version] 参数可以跳过联网检查。
+
+```
+kubeadm upgrade plan [version] [flags]
+```
+
+<!-- ### Options -->
+### 选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--allow-experimental-upgrades</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes.</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">显示 Kubernetes 的不稳定版本作为升级的替代方案并且允许升级到 alpha/beta/release candidate 状态的 Kubernetes 版本。</td>      
+    </tr>
+
+    <tr>
+      <td colspan="2">--allow-release-candidate-upgrades</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes.</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">显示 Kubernetes 的 release candidate 版本作为升级的替代方案并且允许升级到 release candidate 状态的 Kubernetes 版本。</td>      
+    </tr>
+
+    <tr>
+      <td colspan="2">--config string</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">kubeadm 配置文件的路径（警告：配置文件功能是实验性的）</td>      
+    </tr>
+
+    <tr>
+      <td colspan="2">--feature-gates string</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">A set of key=value pairs that describe feature gates for various features. Options are:<br/>Auditing=true|false (ALPHA - default=false)<br/>CoreDNS=true|false (default=true)<br/>DynamicKubeletConfig=true|false (BETA - default=false)</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">键值对的结合，用于控制各种功能的开关。可选项有：<br/>Auditing=true|false (ALPHA状态 - 缺省值=false)<br/>CoreDNS=true|false (缺省值=true)<br/>DynamicKubeletConfig=true|false (BETA状态 - 缺省值=false)</td>      
+    </tr>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">help for plan</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">显示 plan 命令的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">--ignore-preflight-errors stringSlice</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">检查项的集合，这些检查项如果发生错误则会被显示为警告。 示例: 'IsPrivilegedUser,Swap'。 如果值为 'all' 则将忽略所有的检查错误。</td>  
+    </tr>
+
+    <tr>
+      <!-- <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: "/Users/zarnold/.kube/config"</td> -->
+      <td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;缺省值： "~/.kube/config"</td>      
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">同集群通信时使用的 KubeConfig 文件。 如果没有设置这个参数，将会通过搜索一系列标准的位置来找到一份已存在的 KubeConfig 文件。</td>      
+    </tr>
+
+    <tr>
+      <td colspan="2">--print-config</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">Specifies whether the configuration file that will be used in the upgrade should be printed or not.</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">指明是否打印出用于升级的配置文件。</td>      
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+<!-- ### Options inherited from parent commands -->
+### 从父命令继承的选项
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <!-- <td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td> -->
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验性的功能] 相对“真实”宿主机根目录的路径。</td>      
+    </tr>
+
+  </tbody>
+</table>
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_version.md b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_version.md
new file mode 100644
index 0000000000000..a4b003396cbc3
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/generated/kubeadm_version.md
@@ -0,0 +1,87 @@
+
+打印 kubeadm 的版本号
+<!--
+Print the version of kubeadm
+-->
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Print the version of kubeadm
+-->
+打印 kubeadm 的版本号
+
+```
+kubeadm version [flags]
+```
+
+### 选项
+
+<!--
+### Options
+-->
+
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">help for version</td>
+<td></td><td style="line-height: 130%; word-wrap: break-word;">Output format; available options are 'yaml', 'json' and 'short'</td>
+-->
+
+
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">-h, --help</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">版本的帮助信息</td>
+    </tr>
+
+    <tr>
+      <td colspan="2">-o, --output string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">输出格式；可用的选项有 'yaml', 'json' 和 'short'</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+<!--
+### Options inherited from parent commands
+-->
+<!--
+<td></td><td style="line-height: 130%; word-wrap: break-word;">[EXPERIMENTAL] The path to the 'real' host root filesystem.</td>
+-->
+
+### 从父命令继承的选项
+ 
+<table style="width: 100%; table-layout: fixed;">
+  <colgroup>
+    <col span="1" style="width: 10px;" />
+    <col span="1" />
+  </colgroup>
+  <tbody>
+
+    <tr>
+      <td colspan="2">--rootfs string</td>
+    </tr>
+    <tr>
+      <td></td><td style="line-height: 130%; word-wrap: break-word;">[实验] 到'真实'主机根文件系统的路径。</td>
+    </tr>
+
+  </tbody>
+</table>
+
+
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-config.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-config.md
new file mode 100644
index 0000000000000..982f1c243b2ff
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-config.md
@@ -0,0 +1,73 @@
+---
+reviewers:
+- mikedanese
+- luxas
+- jbeda
+title: kubeadm config
+content_template: templates/concept
+weight: 50
+---
+
+{{% capture overview %}}
+<!--
+Beginning with v1.8.0, kubeadm uploads the configuration of your cluster to a ConfigMap called
+`kubeadm-config` in the `kube-system` namespace, and later reads the ConfigMap when upgrading.
+This enables correct configuration of system components, and provides a seamless user experience.
+-->
+
+从 v1.8.0 开始，kubeadm 将集群的配置上传到名为 kube-system 的 ConfigMap 对象中，对象位于 kube-system 命名空间内。并在以后的升级中读取这个 ConfigMap 配置对象。
+这样可以保证系统组件的正确配置，提供无缝的用户体验。
+
+<!--
+You can execute `kubeadm config view` to view the ConfigMap. If you initialized your cluster using
+kubeadm v1.7.x or lower, you must use `kubeadm config upload` to create the ConfigMap before you
+may use `kubeadm upgrade`.
+-->
+
+您可以执行 kubeadm config view 来查看 ConfigMap。如果使用 kubeadm v1.7.x 或更低版本来初始化群集，必须先使用 kubeadm config upload 创建 ConfigMap，然后才能使用 kubeadm upgrade。
+
+<!--
+In Kubernetes v1.11.0, some new commands were added. You can use `kubeadm config print-default`
+to print the default configuration and `kubeadm config migrate` to convert your old configuration
+files to a newer version. `kubeadm config images list` and `kubeadm config images pull` can be used
+to list and pull the images that kubeadm requires.
+-->
+
+在 Kubernetes v1.11.0 中，添加了一些新命令。你可以使用 kubeadm config print-default
+打印默认配置，可以用 kubeadm config migrate 来将旧的配置文件转换到较新的版本，还可以使用 kubeadm config images list 和 kubeadm config images pull
+列出并拉取 kubeadm 所需的镜像。
+
+{{% /capture %}}
+
+{{% capture body %}}
+## kubeadm config upload from-file {#cmd-config-from-file}
+{{< include "generated/kubeadm_config_upload_from-file.md" >}}
+
+{{< include "generated/kubeadm_config_upload_from-flags.md" >}}
+
+## kubeadm config view {#cmd-config-view}
+{{< include "generated/kubeadm_config_view.md" >}}
+
+## kubeadm config print-default {#cmd-config-print-default}
+{{< include "generated/kubeadm_config_print-default.md" >}}
+
+## kubeadm config migrate {#cmd-config-migrate}
+{{< include "generated/kubeadm_config_migrate.md" >}}
+
+## kubeadm config images list {#cmd-config-images-list}
+{{< include "generated/kubeadm_config_images_list.md" >}}
+
+## kubeadm config images pull {#cmd-config-images-pull}
+{{< include "generated/kubeadm_config_images_pull.md" >}}
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* [kubeadm upgrade](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/) to upgrade a Kubernetes cluster to a newer version
+-->
+
+*  [kubeadm upgrade](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/) 将 Kubernetes 集群升级到更新版本 [kubeadm upgrade]
+{{% /capture %}}
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-init.md
index eb4fcea451799..b97946879cf06 100644
--- a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-init.md
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-init.md
@@ -5,7 +5,7 @@ weight: 20
 ---
 {{% capture overview %}}
 <!-- This command initializes a Kubernetes master node. -->
-此命令初始化一个 Kubernetes master 节点
+此命令初始化一个 Kubernetes 主节点
 {{% /capture %}}
 
 {{% capture body %}}
@@ -16,7 +16,7 @@ weight: 20
 ### Init 命令的工作流程 {#init-workflow}
 <!-- `kubeadm init` bootstraps a Kubernetes master node by executing the
 following steps: -->
-`kubeadm init` 命令通过执行下列步骤来启动一个 Kubernetes master 节点。
+`kubeadm init` 命令通过执行下列步骤来启动一个 Kubernetes 主节点。
 
 <!-- 1. Runs a series of pre-flight checks to validate the system state
    before making changes. Some checks only trigger warnings, others are
@@ -30,14 +30,14 @@ following steps: -->
    (`/etc/kubernetes/pki` by default) this step is skipped as described in the
    [Using custom certificates](#custom-certificates) document.
    The APIServer certs will have additional SAN entries for any `--apiserver-cert-extra-sans` arguments, lowercased if necessary. -->
-2. 生成一个自签名的 CA证书 (或者使用现有的证书，如果提供的话) 来为集群中的每一个组件建立身份标识。如果用户已经通过 `--cert-dir` 配置的证书目录（缺省值为 `/etc/kubernetes/pki`）提供了他们自己的 CA证书 以及/或者 密钥， 那么将会跳过这个步骤，正如文档[使用自定义证书](#custom-certificates)中所描述的那样。
+2. 生成一个自签名的 CA 证书 (或者使用现有的证书，如果提供的话) 来为集群中的每一个组件建立身份标识。如果用户已经通过 `--cert-dir` 配置的证书目录（缺省值为 `/etc/kubernetes/pki`）提供了他们自己的 CA证书 以及/或者 密钥， 那么将会跳过这个步骤，正如文档[使用自定义证书](#custom-certificates)中所描述的那样。
    如果指定了 `--apiserver-cert-extra-sans` 参数, APIServer 的证书将会有额外的 SAN 条目，如果必要的话，将会被转为小写。
 
 <!-- 3. Writes kubeconfig files in `/etc/kubernetes/`  for
    the kubelet, the controller-manager and the scheduler to use to connect to the
    API server, each with its own identity, as well as an additional
    kubeconfig file for administration named `admin.conf`. -->
-1. 将 kubeconfig 文件写入 `/etc/kubernetes/` 目录以便 kubelet、controller-manager 和 scheduler 用来连接到 API server，它们每一个都有自己的身份标识，同时生成一个名为 admin.conf 的独立的 kubeconfig 文件，用于管理操作。
+1. 将 kubeconfig 文件写入 `/etc/kubernetes/` 目录以便 kubelet、控制器管理器和调度器用来连接到 API 服务器，它们每一个都有自己的身份标识，同时生成一个名为 admin.conf 的独立的 kubeconfig 文件，用于管理操作。
 
 <!-- 4. If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig` enabled,
    it writes the kubelet init configuration into the `/var/lib/kubelet/config/init/kubelet` file.
@@ -53,14 +53,14 @@ following steps: -->
 <!-- 5. Generates static Pod manifests for the API server,
    controller manager and scheduler. In case an external etcd is not provided,
    an additional static Pod manifest are generated for etcd. -->
-5. 为 API server、controller manager 和 scheduler 生成静态 Pod 的清单文件。假使没有提供一个外部的 etcd 服务的话，也会为 etcd 生成一份额外的静态 Pod 清单文件。
+1. 为 API 服务器、控制器管理器和调度器生成静态 Pod 的清单文件。假使没有提供一个外部的 etcd 服务的话，也会为 etcd 生成一份额外的静态 Pod 清单文件。
 
 <!-- Static Pod manifests are written to `/etc/kubernetes/manifests`; the kubelet
    watches this directory for Pods to create on startup. -->
 静态 Pod 的清单文件被写入到 `/etc/kubernetes/manifests` 目录; kubelet 会监视这个目录以便在系统启动的时候创建 Pods。
 
 <!-- Once control plane Pods are up and running, the `kubeadm init` sequence can continue. -->
-一旦 control plane 的 Pods 都运行起来， `kubeadm init` 的工作流程就继续往下执行。
+一旦控制平面的 Pods 都运行起来， `kubeadm init` 的工作流程就继续往下执行。
 
 <!-- 1. If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig` enabled,
    it completes the kubelet dynamic configuration by creating a ConfigMap and some RBAC rules that enable
@@ -73,13 +73,13 @@ following steps: -->
 
 <!-- 2. Apply labels and taints to the master node so that no additional workloads will
    run there. -->
-2. 对 master 节点应用 labels 和 taints 以便不会在它上面运行其它的工作负载。
+1. 对主节点应用标签和污点标记以便不会在它上面运行其它的工作负载。
 
 <!-- 3. Generates the token that additional nodes can use to register
    themselves with the master in the future.  Optionally, the user can provide a
    token via `--token`, as described in the
    [kubeadm token](/docs/reference/setup-tools/kubeadm/kubeadm-token/) docs. -->
-3. 生成令牌以便其它节点以后可以使用这个令牌向 master 节点注册它们自己。 可选的，用户可以通过 `--token` 提供一个令牌, 正如文档[kubeadm 的令牌](/docs/reference/setup-tools/kubeadm/kubeadm-token/) 描述的那样。  
+3. 生成令牌以便其它节点以后可以使用这个令牌向主节点注册它们自己。 可选的，用户可以通过 `--token` 提供一个令牌, 正如文档 [kubeadm 的令牌](/docs/reference/setup-tools/kubeadm/kubeadm-token/) 描述的那样。  
 
 <!-- 4. Makes all the necessary configurations for allowing node joining with the
    [Bootstrap Tokens](/docs/reference/access-authn-authz/bootstrap-tokens/) and
@@ -106,14 +106,14 @@ following steps: -->
    In Kubernetes version 1.11 and later CoreDNS is the default DNS server.
    To install kube-dns instead of CoreDNS, kubeadm must be invoked with `--feature-gates=CoreDNS=false`.
    Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed. -->
-1. 通过 API server 安装一个 DNS 服务器 (CoreDNS) 和 kube-proxy 附加组件。
+1. 通过 API 服务器安装一个 DNS 服务器 (CoreDNS) 和 kube-proxy 附加组件。
    在 1.11 版本以及更新版本的 Kubernetes 中 CoreDNS 是默认的 DNS 服务器。
    如果要安装 kube-dns 而不是 CoreDNS, 你需要在调用 kubeadm 的时候附加 `--feature-gates=CoreDNS=false` 参数。请注意，尽管 DNS 服务器已经被部署了，它并不会被调度直到你安装好了 CNI 网络插件。
 
 <!-- 2. If `kubeadm init` is invoked with the alpha self-hosting feature enabled,
    (`--feature-gates=SelfHosting=true`), the static Pod based control plane is
    transformed into a [self-hosted control plane](#self-hosting). -->
-2. 如果调用 `kubeadm init` 命令时启用了 alpha 状态的 self-hosting 功能(`--feature-gates=SelfHosting=true`)，基于静态 Pod 的 control plane 将被转换为 [self-hosted control plane](#self-hosting)。
+1. 如果调用 `kubeadm init` 命令时启用了 alpha 状态的自托管功能(`--feature-gates=SelfHosting=true`)，基于静态 Pod 的控制平面将被转换为 [自托管的控制平面](#self-hosting)。
 
 <!-- ### Using kubeadm init with a configuration file {#config-file} -->
 ### 结合一份配置文件来使用 kubeadm init {#config-file}
@@ -139,7 +139,7 @@ because `v1alpha3` will be removed in Kubernetes 1.14. -->
 
 <!-- For more details on each field in the `v1beta1` configuration you can navigate to our
 [API reference pages.] (https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1) -->
-如果你想获取 `v1beta1` 版本配置中每个字段的细节说明，你可以查看我们的[API reference 页面]。 (https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1)
+如果你想获取 `v1beta1` 版本配置中每个字段的细节说明，你可以查看我们的 [API reference 页面](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1)
 
 <!-- ### Adding kube-proxy parameters {#kube-proxy} -->
 ### 添加 kube-proxy 参数 {#kube-proxy}
@@ -155,12 +155,12 @@ kubeadm 配置中有关 kube-proxy 的说明请查看:
 - [IPVS](https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md)
 
 <!-- ### Passing custom flags to control plane components {#control-plane-flags} -->
-### 向 control plane 组件传递自定义的 flags {#control-plane-flags}
+### 向控制平面组件传递自定义的命令行参数 {#control-plane-flags}
 
 <!-- For information about passing flags to control plane components see:
 - [control-plane-flags](/docs/setup/independent/control-plane-flags/) -->
-有关向 control plane 组件传递 flags 的说明请查看:
-- [control-plane-flags](/docs/setup/independent/control-plane-flags/)
+有关向控制平面组件传递命令行参数的说明请查看:
+- [控制平面命令行参数](/docs/setup/independent/control-plane-flags/)
 
 <!-- ### Using custom images {#custom-images} -->
 ### 使用自定义的镜像 {#custom-images}
@@ -168,7 +168,7 @@ kubeadm 配置中有关 kube-proxy 的说明请查看:
 <!-- By default, kubeadm pulls images from `k8s.gcr.io`, unless
 the requested Kubernetes version is a CI version. In this case,
 `gcr.io/kubernetes-ci-images` is used. -->
-默认情况下, kubeadm 会从 `k8s.gcr.io` 仓库拉取镜像, 除非请求的 Kubernetes 版本是一个持续集成版本。这这种情况下，则会使用 `gcr.io/kubernetes-ci-images` 仓库。
+默认情况下, kubeadm 会从 `k8s.gcr.io` 仓库拉取镜像, 除非请求的 Kubernetes 版本是一个持续集成版本。在这种情况下，则会使用 `gcr.io/kubernetes-ci-images` 仓库。
 
 <!-- You can override this behavior by using [kubeadm with a configuration file](#config-file). -->
 你可以通过这份文档里描述的方法 [结合一份配置文件来使用 kubeadm](#config-file) 来改变镜像拉取的策略。
@@ -180,7 +180,7 @@ the requested Kubernetes version is a CI version. In this case,
 * To provide a `unifiedControlPlaneImage` to be used instead of different images for control plane components.
 * To provide a specific `etcd.image` to be used instead of the image available at`k8s.gcr.io`. -->
 * 提供一个替代的镜像仓库 `imageRepository` 而不是使用 `k8s.gcr.io`。
-* 提供一个统一的 Control Plane 镜像 `unifiedControlPlaneImage` 而不是对每一个 control plane 组件使用不同的镜像。
+* 提供一个统一的控制平面镜像 `unifiedControlPlaneImage` 而不是对每一个控制平面组件使用不同的镜像。
 * 提供一个指定的 etcd 服务的镜像 `etcd.image` 而不是在 `k8s.gcr.io` 仓库中的可用镜像。
 
 <!-- Please note that the configuration field `kubernetesVersion` or the command line flag
@@ -205,7 +205,7 @@ generation step and existing files are used for the prescribed
 use case. This means you can, for example, copy an existing CA into `/etc/kubernetes/pki/ca.crt`
 and `/etc/kubernetes/pki/ca.key`, and kubeadm will use this CA for signing the rest
 of the certs. -->
-如果给定的证书和密钥对已经存在，kubeadm 将会跳过生成证书的步骤并且直接将已经存在的文件用于规定的案例中。也就是说你可以拷贝一份已存在的 CA 文件到 `/etc/kubernetes/pki/ca.crt` 和 `/etc/kubernetes/pki/ca.key`，kubeadm将会使用这份 CA 来签发其余的证书。
+如果给定的证书和密钥对已经存在，kubeadm 将会跳过生成证书的步骤并且直接将已经存在的文件用于规定的案例中。也就是说你可以拷贝一份已存在的 CA 文件到 `/etc/kubernetes/pki/ca.crt` 和 `/etc/kubernetes/pki/ca.key`，kubeadm 将会使用这份 CA 来签发其余的证书。
 
 <!-- #### External CA mode {#external-ca-mode} -->
 #### 外部 CA 模式 {#external-ca-mode}
@@ -256,10 +256,10 @@ ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $K
 <!-- * `--kubeconfig=/etc/kubernetes/kubelet.conf` points to the kubeconfig file that
    tells the kubelet where the API server is. This file also has the kubelet's
    credentials. -->
-* `--kubeconfig=/etc/kubernetes/kubelet.conf` 指向 kubeconfig 文件，这份文件为 kubelet 指明 API server 的地址。这份文件也包含了 kubelet 的证书。
+* `--kubeconfig=/etc/kubernetes/kubelet.conf` 指向 kubeconfig 文件，这份文件为 kubelet 指明 API 服务器的地址。这份文件也包含了 kubelet 的证书。
 <!-- * `--pod-manifest-path=/etc/kubernetes/manifests` specifies from where to read
    static Pod manifests used for starting the control plane. -->
-* `--pod-manifest-path=/etc/kubernetes/manifests` 指明从哪里读取静态 Pod 的清单文件用于启动 control plane。
+* `--pod-manifest-path=/etc/kubernetes/manifests` 指明从哪里读取静态 Pod 的清单文件用于启动控制平面。
 <!-- * `--allow-privileged=true` allows this kubelet to run privileged Pods. -->
 * `--allow-privileged=true` 允许 kubelet 运行 privileged Pods。
 <!-- * `--network-plugin=cni` uses CNI networking. -->
@@ -280,7 +280,7 @@ ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $K
 * `--client-ca-file=/etc/kubernetes/pki/ca.crt` 使用这个 CA 证书认证发往 Kubelet API 的请求。
 <!-- * `--authorization-mode=Webhook` authorizes requests to the Kubelet API by `POST`-ing
    a `SubjectAccessReview` to the API server. -->
-* `--authorization-mode=Webhook` 通过 `POST` 方法向 API server 发送一个 `SubjectAccessReview` 对象来授权发往 Kubelet API 的请求。
+* `--authorization-mode=Webhook` 通过 `POST` 方法向 API 服务器发送一个 `SubjectAccessReview` 对象来授权发往 Kubelet API 的请求。
 <!-- * `--rotate-certificates` auto rotate the kubelet client certificates by requesting new
    certificates from the `kube-apiserver` when the certificate expiration approaches. -->
 * `--rotate-certificates` 当证书临近过期的时候，通过从 `kube-apiserver` 请求新证书来自动替换 kubelet 客户端证书。
@@ -293,7 +293,7 @@ ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $K
 <!-- Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
 The container runtime used by default is Docker, which is enabled through the built-in
 `dockershim` CRI implementation inside of the `kubelet`. -->
-从v1.6.0版本开始, Kubernetes 默认启用了 CRI, 容器运行时接口。
+从 v1.6.0 版本开始, Kubernetes 默认启用了 CRI, 容器运行时接口。
 默认使用的容器运行时是 Docker, 这通过 `kubelet` 内置的 `dockershim` CRI 实现支持。
 
 <!-- Other CRI-based runtimes include: -->
@@ -339,37 +339,37 @@ using an external CRI implementation. -->
 ### 在你的集群中使用内网 IP
 
 <!-- In order to set up a cluster where the master and worker nodes communicate with internal IP addresses (instead of public ones), execute following steps. -->
-为了配置一个 master 与 worker 节点间使用内网 IP 地址通信的集群（而不是使用公网地址），执行以下操作。
+为了配置一个主节点与工作节点间使用内网 IP 地址通信的集群（而不是使用公网地址），执行以下操作。
 
 <!-- 1. When running init, you must make sure you specify an internal IP for the API server's bind address, like so: -->
-1. 当运行 init 命令的时候, 你必须为 API server 指定一个内网 IP 作为监听地址，像这样：
+1. 当运行 init 命令的时候, 你必须为 API 服务器指定一个内网 IP 作为监听地址，像这样：
 
    `kubeadm init --apiserver-advertise-address=<private-master-ip>`
 
 <!-- 2. When a master or worker node has been provisioned, add a flag to `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` that specifies the private IP of the worker node: -->
-2. 当一个 master 或者 worker 节点可供使用时，向 `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` 文件添加一个标记指明 worker 节点的私有 IP。
+2. 当一个主节点或者工作节点可供使用时，向 `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` 文件添加一个标记指明工作节点的私有 IP。
 
    `--node-ip=<private-node-ip>`
 
 <!-- 3. Finally, when you run `kubeadm join`, make sure you provide the private IP of the API server addressed as defined in step 1. -->
-3. 最后, 当你运行 `kubeadm join` 的时候, 确保你提供了正确的 API server 所在的、步骤 1 中定义的私有 IP。
+3. 最后, 当你运行 `kubeadm join` 的时候, 确保你提供了正确的 API 服务器所在的、步骤 1 中定义的私有 IP。
 
 <!-- ### Setting the node name -->
 ### 设置节点的名称
 
 <!-- By default, `kubeadm` assigns a node name based on a machine's host address. You can override this setting with the  `--node-name`flag. -->
 默认情况下, `kubeadm` 基于机器的 host 地址分配一个节点名称。你可以使用 `--node-name` 参数覆盖这个设置。
-<!-- The flag passes the appropriate [`--hostname-override`](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#options) to the kubelet. -->
-这个参数会向 kubelet 传递相应的 [`--hostname-override`](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/#options) 参数。
+<!-- The flag passes the appropriate [`--hostname-override`](/docs/reference/command-line-tools-reference/kubelet/#options) to the kubelet. -->
+这个参数会向 kubelet 传递相应的 [`--hostname-override`](/docs/reference/command-line-tools-reference/kubelet/#options) 参数。
 
 <!-- Be aware that overriding the hostname can [interfere with cloud providers](https://github.com/kubernetes/website/pull/8873). -->
 注意覆盖主机名称可能会 [干扰到云服务提供商](https://github.com/kubernetes/website/pull/8873)。
 
 <!-- ### Self-hosting the Kubernetes control plane {#self-hosting} -->
-### Self-hosting Kubernetes control plane {#self-hosting}
+### 自托管的 Kubernetes 控制平面 {#self-hosting}
 
 <!-- As of 1.8, you can experimentally create a _self-hosted_ Kubernetes control plane. This means that key components such as the API server, controller manager, and scheduler run as [DaemonSet pods](/docs/concepts/workloads/controllers/daemonset/) configured via the Kubernetes API instead of [static pods](/docs/tasks/administer-cluster/static-pod/) configured in the kubelet via static files. -->
-从1.8开始, 你可以试验性地创建一个 _self-hosted_ Kubernetes control plane. 这意味着诸如 API server、controller manager、 以及 scheduler 这些关键组件将作为通过 Kubernetes API 配置的 [DaemonSet pods](/docs/concepts/workloads/controllers/daemonset/) 运行，而不是在 kubelet 中通过静态文件配置的 [static pods](/docs/tasks/administer-cluster/static-pod/)。
+从1.8开始, 你可以试验性地创建一个 _self-hosted_ Kubernetes 控制平面。 这意味着诸如 API 服务器、控制器管理器、 以及调度器这些关键组件将作为通过 Kubernetes API 配置的 [DaemonSet pods](/docs/concepts/workloads/controllers/daemonset/) 运行，而不是在 kubelet 中通过静态文件配置的 [static pods](/docs/tasks/administer-cluster/static-pod/)。
 
 <!-- To create a self-hosted cluster, pass the flag `--feature-gates=SelfHosting=true` to `kubeadm init`. -->
 若要创建一个 self-hosted 的集群, 向 `kubeadm init` 命令传递 `--feature-gates=SelfHosting=true` 参数。
@@ -392,10 +392,10 @@ and will be removed in 1.13. -->
 self-hosted cluster _cannot recover from a reboot of the master node_
 without manual intervention. This and other limitations are expected to be
 resolved before self-hosting graduates from alpha. -->
-1.8 版本中的 Self-hosting 功能有一些重要的限制。特别的, 一个 self-hosted 的集群如果不手动介入的话 _不能够从 master node 的重新启动中恢复_ 。 这个以及其它的一些限制被期望在 self-hosting 功能从 alpha 状态毕业前解决。
+1.8 版本中的自托管功能有一些重要的限制。特别的, 一个自托管的集群如果不手动介入的话 _不能够从主节点的重新启动中恢复_ 。 这个以及其它的一些限制被期望在自托管功能从 alpha 状态毕业前解决。
 
-<!-- By default, self-hosted control plane Pods rely on credentials loaded from [`hostPath`](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) volumes. Except for initial creation, these credentials are not managed by kubeadm. You can use `--feature-gates=StoreCertsInSecrets=true` to enable an experimental mode where control plane credentials are loaded from Secrets instead. This requires very careful control over the authentication and authorization configuration for your cluster, and may not be appropriate for your environment. -->
-默认情况下, self-hosted control plane Pods 依赖位于 [`hostPath`](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) 数据卷中的证书。除了初始化创建证书的过程, 这些证书不被 kubeadm 管理。你可以使用 `--feature-gates=StoreCertsInSecrets=true` 参数来启用一个试验性的模式，在这个模式中 control plane 证书从 Secrets 加载。 这要求对你的集群进行非常小心的对鉴权和授权配置的控制, 并且可能并不适合你的环境。
+<!-- By default, self-hosted control plane Pods rely on credentials loaded from [`hostPath`](/docs/concepts/storage/volumes/#hostpath) volumes. Except for initial creation, these credentials are not managed by kubeadm. You can use `--feature-gates=StoreCertsInSecrets=true` to enable an experimental mode where control plane credentials are loaded from Secrets instead. This requires very careful control over the authentication and authorization configuration for your cluster, and may not be appropriate for your environment. -->
+默认情况下, self-hosted 控制平面 Pods 依赖位于 [`hostPath`](/docs/concepts/storage/volumes/#hostpath) 数据卷中的证书。除了初始化创建证书的过程, 这些证书不被 kubeadm 管理。你可以使用 `--feature-gates=StoreCertsInSecrets=true` 参数来启用一个试验性的模式，在这个模式中控制平面证书从 Secrets 加载。 这要求对你的集群进行非常小心的对鉴权和授权配置的控制, 并且可能并不适合你的环境。
 
 {{< caution >}}
 <!-- **Caution:** `StoreCertsInSecrets` is an alpha feature. It is deprecated in 1.12
@@ -405,25 +405,25 @@ and will be removed in 1.13. -->
 
 <!-- In kubeadm 1.8, the self-hosted portion of the control plane does not include etcd,
 which still runs as a static Pod. -->
-在 kubeadm 1.8 版本中, control plane 的 self-hosted 的组件并不包含 etcd，它仍然是作为静态 Pod 运行的。
+在 kubeadm 1.8 版本中, 控制平面的 self-hosted 的组件并不包含 etcd，它仍然是作为静态 Pod 运行的。
 
 #### 流程
 
 <!-- The self-hosting bootstrap process is documented in the [kubeadm design document](https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.9.md#optional-self-hosting). -->
-self-hosting 集群的启动过程写在了这份 [kubeadm 设计文档](https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.9.md#optional-self-hosting) 文档中。
+自托管集群的启动过程写在了这份 [kubeadm 设计文档](https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.9.md#optional-self-hosting) 文档中。
 
 <!-- In summary, `kubeadm init --feature-gates=SelfHosting=true` works as follows: -->
 总的说来, `kubeadm init --feature-gates=SelfHosting=true` 是按照以下步骤工作的:
 
   <!-- 1. Waits for this bootstrap static control plane to be running and
     healthy. This is identical to the `kubeadm init` process without self-hosting. -->
-  1. 等待 control plane 的相关组件成功运行起来。这与没有启用 self-hosting 的 `kubeadm init` 指令的流程是一致的。
+  1. 等待控制平面的相关组件成功运行起来。这与没有启用自托管的 `kubeadm init` 指令的流程是一致的。
 
   <!-- 2. Uses the static control plane Pod manifests to construct a set of
     DaemonSet manifests that will run the self-hosted control plane.
     It also modifies these manifests where necessary, for example adding new volumes
     for secrets. -->
-  2. 使用静态的 control plane Pod 清单文件构建一个 DaemonSet 清单文件用来运行 self-hosted control plane。有时也会在必要的时候修改这些清单文件，比如为 secrets 添加新的数据卷。
+  1. 使用静态的控制平面 Pod 清单文件构建一个 DaemonSet 清单文件用来运行自托管的控制平面。有时也会在必要的时候修改这些清单文件，比如为 secrets 添加新的数据卷。
 
   <!-- 3. Creates DaemonSets in the `kube-system` namespace and waits for the
      resulting Pods to be running. -->
@@ -436,8 +436,7 @@ self-hosting 集群的启动过程写在了这份 [kubeadm 设计文档](https:/
 
   <!-- 5. When the original static control plane stops, the new self-hosted control
     plane is able to bind to listening ports and become active. -->
-  5. 当原始的 static control plane 停止的时候, 新创建的 self-hosted control
-    plane 就能够绑定到端口并且可供使用。
+  5. 当原始的基于静态 Pod 的控制平面停止的时候, 新创建的自托管的控制平面就能够绑定到端口并且可供使用。
 
 <!-- This process (steps 3-6) can also be triggered with `kubeadm phase selfhosting convert-from-staticpods`. -->
 这个过程 （3-6步） 也可以通过 `kubeadm phase selfhosting convert-from-staticpods` 指令触发。
@@ -486,7 +485,7 @@ kubeadm config images pull
 ### kubeadm 自动化
 
 <!-- Rather than copying the token you obtained from `kubeadm init` to each node, as in the [basic kubeadm tutorial](/docs/setup/independent/create-cluster-kubeadm/), you can parallelize the token distribution for easier automation. To implement this automation, you must know the IP address that the master will have after it is started. -->
-与其如文档 [kubeadm 基础教程](/docs/setup/independent/create-cluster-kubeadm/) 所述，将从 `kubeadm init` 取得的令牌拷贝到每一个节点, 倒不如你可以使用更加简单的自动化的方式将令牌并行地分发出去。如果要实现这个自动化，你必须要知道 master node 启动后的 IP 地址。
+与其如文档 [kubeadm 基础教程](/docs/setup/independent/create-cluster-kubeadm/) 所述，将从 `kubeadm init` 取得的令牌拷贝到每一个节点, 倒不如你可以使用更加简单的自动化的方式将令牌并行地分发出去。如果要实现这个自动化，你必须要知道主节点启动后的 IP 地址。
 
 <!-- 1.  Generate a token. This token must have the form  `<6 character string>.<16
     character string>`.  More formally, it must match the regex:
@@ -505,11 +504,11 @@ kubeadm config images pull
 <!-- 2. Start both the master node and the worker nodes concurrently with this token.
    As they come up they should find each other and form the cluster.  The same
    `--token` argument can be used on both `kubeadm init` and `kubeadm join`. -->
-2. 使用这个令牌同时启动 master node 和 worker nodes。它们一旦运行起来应该就会互相寻找对方并且建立集群。同样的 `--token` 参数可以同时用于 `kubeadm init` 和 `kubeadm join` 命令。
+2. 使用这个令牌同时启动主节点和工作节点。它们一旦运行起来应该就会互相寻找对方并且建立集群。同样的 `--token` 参数可以同时用于 `kubeadm init` 和 `kubeadm join` 命令。
 
 <!-- Once the cluster is up, you can grab the admin credentials from the master node
 at `/etc/kubernetes/admin.conf` and use that to talk to the cluster. -->
-一旦集群启动起来，你就可以从 master node 的 `/etc/kubernetes/admin.conf` 文件获取管理凭证，然后你就可以使用这个凭证同集群通信了。
+一旦集群启动起来，你就可以从主节点的 `/etc/kubernetes/admin.conf` 文件获取管理凭证，然后你就可以使用这个凭证同集群通信了。
 
 <!-- Note that this style of bootstrap has some relaxed security guarantees because
 it does not allow the root CA hash to be validated with
@@ -523,7 +522,7 @@ provisioned). For details, see the [kubeadm join](/docs/reference/setup-tools/ku
 <!-- * [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) to bootstrap a Kubernetes worker node and join it to the cluster
 * [kubeadm upgrade](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/) to upgrade a Kubernetes cluster to a newer version
 * [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) to revert any changes made to this host by `kubeadm init` or `kubeadm join` -->
-* [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) 启动一个 Kubernetes worker node 并且将其加入到集群
+* [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) 启动一个 Kubernetes 工作节点并且将其加入到集群
 * [kubeadm upgrade](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/) 将 Kubernetes 集群升级到新版本
-* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) 使用 `kubeadm init` 或者 `kubeadm join`来恢复对节点的改变
+* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) 使用 `kubeadm init` 或者 `kubeadm join` 来恢复对节点的改变
 {{% /capture %}}
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-join.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-join.md
new file mode 100644
index 0000000000000..e3b7e1cdc1fc4
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-join.md
@@ -0,0 +1,402 @@
+---
+reviewers:
+- mikedanese
+- luxas
+- jbeda
+title: kubeadm join
+content_template: templates/concept
+weight: 30
+---
+{{% capture overview %}}
+<!--
+This command initializes a Kubernetes worker node and joins it to the cluster.
+-->
+此命令用来初始化 Kubernetes 工作节点并将其加入集群。
+{{% /capture %}}
+
+{{% capture body %}}
+{{< include "generated/kubeadm_join.md" >}}
+
+<!--
+### The joining workflow
+
+`kubeadm join` bootstraps a Kubernetes worker node and joins it to the cluster.
+This action consists of the following steps:
+-->
+
+### 加入流程
+
+`kubeadm join` 初始化 Kubernetes 工作节点并将其加入集群。
+该操作过程包含下面几个步骤：
+
+<!--
+1. kubeadm downloads necessary cluster information from the API server.
+   By default, it uses the bootstrap token and the CA key hash to verify the
+   authenticity of that data. The root CA can also be discovered directly via a
+   file or URL.
+-->
+1. kubeadm 从 API 服务器下载必要的集群信息。
+   默认情况下，它使用引导令牌和 CA 密钥哈希来验证数据的真实性。
+   也可以通过文件或 URL 直接发现根 CA。
+
+<!--
+1. If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig` enabled,
+   it first retrieves the kubelet init configuration from the master and writes it to
+   the disk. When kubelet starts up, kubeadm updates the node `Node.spec.configSource` property of the node.
+   See [Set Kubelet parameters via a config file](/docs/tasks/administer-cluster/kubelet-config-file/)
+   and [Reconfigure a Node's Kubelet in a Live Cluster](/docs/tasks/administer-cluster/reconfigure-kubelet/)
+   for more information about Dynamic Kubelet Configuration.
+-->
+
+1. 如果调用 kubeadm 时启用了 `--feature-gates=DynamicKubeletConfig`，它首先从主机上检索 kubelet 初始化配置并将其写入磁盘。
+   当 kubelet 启动时，kubeadm 更新节点的 `Node.spec.configSource` 属性。
+   进一步了解动态 kubelet 配置 请参考 [使用配置文件设置 Kubelet 参数](/docs/tasks/administer-cluster/kubelet-config-file/) 和 [重新配置集群中节点的 Kubelet](/docs/tasks/administer-cluster/reconfigure-kubelet/)。
+
+<!--
+1. Once the cluster information is known, kubelet can start the TLS bootstrapping
+   process.
+
+   The TLS bootstrap uses the shared token to temporarily authenticate
+   with the Kubernetes API server to submit a certificate signing request (CSR); by
+   default the control plane signs this CSR request automatically.
+-->
+
+1. 一旦知道集群信息，kubelet 就可以开始 TLS 引导过程。
+   TLS 引导程序使用共享令牌与 Kubernetes API 服务器进行临时的身份验证，以提交证书签名请求 (CSR)；
+   默认情况下，控制平面自动对该 CSR 请求进行签名。
+
+<!--
+1. Finally, kubeadm configures the local kubelet to connect to the API
+   server with the definitive identity assigned to the node.
+-->
+
+1. 最后，kubeadm 配置本地 kubelet 使用分配给节点的确定标识连接到 API 服务器。
+
+<!--
+### Discovering what cluster CA to trust
+
+The kubeadm discovery has several options, each with security tradeoffs.
+The right method for your environment depends on how you provision nodes and the
+security expectations you have about your network and node lifecycles.
+-->
+
+### 发现要信任的集群 CA
+
+Kubeadm 的发现有几个选项，每个选项都有安全性上的优缺点。
+适合您的环境的正确方法取决于节点是如何准备的以及您对网络的安全性期望和节点的生命周期特点。
+
+<!--
+#### Token-based discovery with CA pinning
+
+This is the default mode in Kubernetes 1.8 and above. In this mode, kubeadm downloads
+the cluster configuration (including root CA) and validates it using the token
+as well as validating that the root CA public key matches the provided hash and
+that the API server certificate is valid under the root CA.
+-->
+
+#### 带 CA 锁定模式的基于令牌的发现
+
+这是 Kubernetes 1.8 及以上版本中的默认模式。
+在这种模式下，kubeadm 下载集群配置（包括根CA）并使用令牌验证它，并且会验证根 CA 的公钥与所提供的哈希是否匹配，以及 API 服务器证书在根 CA 下是否有效。
+
+<!--
+The CA key hash has the format `sha256:<hex_encoded_hash>`. By default, the hash value is returned in the `kubeadm join` command printed at the end of `kubeadm init` or in the output of `kubeadm token create --print-join-command`. It is in a standard format (see [RFC7469](https://tools.ietf.org/html/rfc7469#section-2.4)) and can also be calculated by 3rd party tools or provisioning systems. For example, using the OpenSSL CLI:
+-->
+
+CA 键哈希格式为 `sha256:<hex_encoded_hash>`。
+默认情况下，在 `kubeadm init` 最后打印的 `kubeadm join` 命令或者 `kubeadm token create--print-join-command` 的输出信息中返回哈希值。
+它使用标准格式 (请参考 [RFC7469](https://tools.ietf.org/html/rfc7469#section-2.4)) 并且也能通过第三方工具或者驱动系统进行计算。
+例如，使用 OpenSSL CLI：
+
+```bash
+openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
+```
+<!--
+**Example `kubeadm join` command:**
+-->
+
+**`kubeadm join` 命令示例**
+
+```bash
+kubeadm join --discovery-token abcdef.1234567890abcdef --discovery-token-ca-cert-hash sha256:1234..cdef 1.2.3.4:6443
+```
+
+<!--
+**Advantages:**
+
+ - Allows bootstrapping nodes to securely discover a root of trust for the
+   master even if other worker nodes or the network are compromised.
+
+ - Convenient to execute manually since all of the information required fits
+   into a single `kubeadm join` command that is easy to copy and paste.
+-->
+
+**优势：**
+ - 允许引导节点安全地发现主节点的信任根，即使其他工作节点或网络受到损害。
+
+ - 方便手动执行，因为所需的所有信息都适合于易于复制和粘贴的单个 `kubeadm join` 命令。
+
+<!-- 
+**Disadvantages:**
+
+ - The CA hash is not normally known until the master has been provisioned,
+   which can make it more difficult to build automated provisioning tools that
+   use kubeadm. By generating your CA in beforehand, you may workaround this
+   limitation though.
+-->
+
+**劣势：**
+ - CA 哈希通常在主节点被提供之前是不知道的，这使得构建使用 kubeadm 的自动化配置工具更加困难。
+   通过预先生成CA，您可以解决这个限制。
+
+<!--   
+#### Token-based discovery without CA pinning
+
+_This was the default in Kubernetes 1.7 and earlier_, but comes with some
+important caveats. This mode relies only on the symmetric token to sign
+(HMAC-SHA256) the discovery information that establishes the root of trust for
+the master. It's still possible in Kubernetes 1.8 and above using the
+`--discovery-token-unsafe-skip-ca-verification` flag, but you should consider
+using one of the other modes if possible.
+
+**Example `kubeadm join` command:**
+-->
+
+#### 无 CA 锁定模式的基于令牌的发现
+
+_这是 Kubernetes 1.7 和早期版本_中的默认设置；使用时要注意一些重要的补充说明。
+此模式仅依赖于对称令牌来签名(HMAC-SHA256)发现信息，这些发现信息为主节点建立信任根。
+在 Kubernetes 1.8 及以上版本中仍然可以使用 `--discovery-token-unsafe-skip-ca-verification` 参数，但是如果可能的话，您应该考虑使用一种其他模式。
+
+**`kubeadm join` 命令示例**
+
+```
+kubeadm join --token abcdef.1234567890abcdef --discovery-token-unsafe-skip-ca-verification 1.2.3.4:6443`
+```
+
+<!--
+**Advantages:**
+
+ - Still protects against many network-level attacks.
+
+ - The token can be generated ahead of time and shared with the master and
+   worker nodes, which can then bootstrap in parallel without coordination. This
+   allows it to be used in many provisioning scenarios.
+-->
+
+**优势**
+
+ - 仍然可以防止许多网络级攻击。
+
+ - 可以提前生成令牌并与主节点和工作节点共享，这样主节点和工作节点就可以并行引导而无需协调。
+   这允许它在许多配置场景中使用。
+
+<!--
+**Disadvantages:**
+
+ - If an attacker is able to steal a bootstrap token via some vulnerability,
+   they can use that token (along with network-level access) to impersonate the
+   master to other bootstrapping nodes. This may or may not be an appropriate
+   tradeoff in your environment.
+-->
+
+**劣势**
+
+ - 如果攻击者能够通过某些漏洞窃取引导令牌，那么他们可以使用该令牌（连同网络级访问）为其它处于引导过程中的节点提供假冒的主节点。
+   在您的环境中，这可能是一个适当的折衷方法，也可能不是。
+
+<!--
+#### File or HTTPS-based discovery
+This provides an out-of-band way to establish a root of trust between the master
+and bootstrapping nodes.   Consider using this mode if you are building automated provisioning
+using kubeadm.
+-->
+
+#### 基于 HTTPS 或文件发现
+
+这种方案提供了一种带外方式在主节点和引导节点之间建立信任根。
+如果使用 kubeadm 构建自动配置，请考虑使用此模式。
+
+<!--
+**Example `kubeadm join` commands:**
+-->
+
+**`kubeadm join` 命令示例：**
+ - `kubeadm join --discovery-file path/to/file.conf` （本地文件）
+
+ - `kubeadm join --discovery-file https://url/file.conf` (远程 HTTPS URL)
+
+<!--
+**Advantages:**
+
+ - Allows bootstrapping nodes to securely discover a root of trust for the
+   master even if the network or other worker nodes are compromised.
+-->
+
+**优势：**
+
+ - 允许引导节点安全地发现主节点的信任根，即使网络或其他工作节点受到损害。
+
+<!--
+**Disadvantages:**
+
+ - Requires that you have some way to carry the discovery information from
+   the master to the bootstrapping nodes. This might be possible, for example,
+   via your cloud provider or provisioning tool. The information in this file is
+   not secret, but HTTPS or equivalent is required to ensure its integrity.
+-->
+
+**劣势：**
+
+ - 要求您有某种方法将发现信息从主节点传送到引导节点。
+   例如，这可以通过云提供商或驱动工具实现。
+   该文件中的信息不是加密的，而是需要 HTTPS 或等效文件来保证其完整性。
+
+<!--
+### Securing your installation even more {#securing-more}
+
+The defaults for kubeadm may not work for everyone. This section documents how to tighten up a kubeadm installation
+at the cost of some usability.
+-->
+
+### 确保您的安装更加安全 {#securing-more}
+
+Kubeadm 的默认值可能不适用于所有人。
+本节说明如何以牺牲可用性为代价来加强 kubeadm 安装。
+
+<!--
+#### Turning off auto-approval of node client certificates
+
+By default, there is a CSR auto-approver enabled that basically approves any client certificate request
+for a kubelet when a Bootstrap Token was used when authenticating. If you don't want the cluster to
+automatically approve kubelet client certs, you can turn it off by executing this command:
+-->
+
+#### 关闭节点客户端证书的自动批准
+
+默认情况下，Kubernetes 启用了 CSR 自动批准器，如果在身份验证时使用 Bootstrap Token，它会批准对 kubelet 的任何客户端证书的请求。
+如果不希望集群自动批准kubelet客户端证书，可以通过执行以下命令关闭它：
+
+```console
+$ kubectl delete clusterrole kubeadm:node-autoapprove-bootstrap
+```
+<!--
+After that, `kubeadm join` will block until the admin has manually approved the CSR in flight:
+-->
+
+关闭后，`kubeadm join` 操作将会被阻断，直到管理员已经手动批准了在途中的 CSR 才会继续：
+
+```console
+$ kubectl get csr
+NAME                                                   AGE       REQUESTOR                 CONDITION
+node-csr-c69HXe7aYcqkS1bKmH4faEnHAWxn6i2bHZ2mD04jZyQ   18s       system:bootstrap:878f07   Pending
+
+$ kubectl certificate approve node-csr-c69HXe7aYcqkS1bKmH4faEnHAWxn6i2bHZ2mD04jZyQ
+certificatesigningrequest "node-csr-c69HXe7aYcqkS1bKmH4faEnHAWxn6i2bHZ2mD04jZyQ" approved
+
+$ kubectl get csr
+NAME                                                   AGE       REQUESTOR                 CONDITION
+node-csr-c69HXe7aYcqkS1bKmH4faEnHAWxn6i2bHZ2mD04jZyQ   1m        system:bootstrap:878f07   Approved,Issued
+```
+<!--
+Only after `kubectl certificate approve` has been run, `kubeadm join` can proceed.
+
+#### Turning off public access to the cluster-info ConfigMap
+
+In order to achieve the joining flow using the token as the only piece of validation information, a
+ ConfigMap with some data needed for validation of the master's identity is exposed publicly by
+default. While there is no private data in this ConfigMap, some users might wish to turn
+it off regardless. Doing so will disable the ability to use the `--discovery-token` flag of the
+`kubeadm join` flow. Here are the steps to do so:
+
+* Fetch the `cluster-info` file from the API Server:
+-->
+
+只有执行了 `kubectl certificate approve` 后，`kubeadm join` 才会继续。
+
+#### 关闭对集群信息 ConfigMap 的公开访问
+
+为了实现使用令牌作为唯一验证信息的加入工作流，默认情况下会公开带有验证主节点标识所需数据的 ConfigMap。
+虽然此 ConfigMap 中没有私有数据，但一些用户可能希望无论如何都关闭它。
+这样做需要禁用 `kubeadm join` 工作流的 `--discovery-token` 参数。
+以下是实现步骤：
+
+```console
+$ kubectl -n kube-public get cm cluster-info -o yaml | grep "kubeconfig:" -A11 | grep "apiVersion" -A10 | sed "s/    //" | tee cluster-info.yaml
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: <ca-cert>
+    server: https://<ip>:<port>
+  name: ""
+contexts: []
+current-context: ""
+kind: Config
+preferences: {}
+users: []
+```
+
+<!--
+* Use the `cluster-info.yaml` file as an argument to `kubeadm join --discovery-file`.
+
+* Turn off public access to the `cluster-info` ConfigMap:
+-->
+
+* 使用 `cluster-info.yaml` 文件作为 `kubeadm join --discovery-file` 参数。
+
+* 关闭 `cluster-info` ConfigMap 的公开访问：
+
+```console
+$ kubectl -n kube-public delete rolebinding kubeadm:bootstrap-signer-clusterinfo
+```
+
+<!--
+These commands should be run after `kubeadm init` but before `kubeadm join`.
+
+### Using kubeadm join with a configuration file {#config-file}
+-->
+
+这些命令应该在执行 `kubeadm init` 之后、在`kubeadm join` 之前执行。
+
+### 使用带有配置文件的 kubeadm join
+
+{{< caution >}}
+<!--The config file is still considered alpha and may change in future versions.-->
+配置文件目前是 alpha 功能，在将来的版本中可能会变动。
+{{< /caution >}}
+
+<!--
+It's possible to configure `kubeadm join` with a configuration file instead of command
+line flags, and some more advanced features may only be available as
+configuration file options. This file is passed using the `--config` flag and it must
+contain a `JoinConfiguration` structure.
+
+To print the default values of `JoinConfiguration` run the following command:
+-->
+
+可以用配置文件替代命令行参数的方法配置 `kubeadm join`，一些高级功能也只有在使用配置文件时才可选用。
+该文件通过 `--config` 参数来传递，并且文件中必须包含 `JoinConfiguration` 结构。
+
+执行下面的命令可以查看 `JoinConfiguration` 默认值：
+
+```bash
+kubeadm config print-default --api-objects=JoinConfiguration
+```
+
+<!--
+For details on individual fields in `JoinConfiguration` see [the godoc](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#JoinConfiguration).
+-->
+
+要了解 `JoinConfiguration` 中各个字段的详细信息请参考 [godoc](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#JoinConfiguration)。
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init/) to bootstrap a Kubernetes master node
+* [kubeadm token](/docs/reference/setup-tools/kubeadm/kubeadm-token/) to manage tokens for `kubeadm join`
+* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) to revert any changes made to this host by `kubeadm init` or `kubeadm join`
+-->
+* [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init/) 初始化 Kubernetes 主节点
+* [kubeadm token](/docs/reference/setup-tools/kubeadm/kubeadm-token/) 管理 `kubeadm join` 的令牌
+* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) 将 `kubeadm init` 或 `kubeadm join` 对主机的更改恢复到之前状态
+{{% /capture %}}
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-reset.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-reset.md
new file mode 100644
index 0000000000000..5aa1028cc4d3c
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-reset.md
@@ -0,0 +1,56 @@
+---
+reviewers:
+- mikedanese
+- luxas
+- jbeda
+title: kubeadm reset
+content_template: templates/concept
+weight: 60
+---
+
+{{% capture overview %}}
+<!--
+This command reverts any changes made by `kubeadm init` or `kubeadm join`.
+-->
+此命令用来将 `kubeadm init` 或 `kubeadm join` 命令所做的改动恢复到之前的状态。
+{{% /capture %}}
+
+{{% capture body %}}
+{{< include "generated/kubeadm_reset.md" >}}
+
+<!--
+### External etcd clean up!
+
+`kubeadm reset` will not delete any etcd data if external etcd is used. This means that if you run `kubeadm init` again using the same etcd endpoints, you will see state from previous clusters.
+
+To wipe etcd data it is recommended you use a client like etcdctl, such as:
+-->
+
+### 外部 etcd 清理
+
+如果使用了外部 etcd，`kubeadm reset` 将不会删除任何 etcd 中的数据。
+这意味着，如果再次使用相同的 etcd 端点运行 `kubeadm init`，您将看到先前集群的状态。
+
+要擦除 etcd 中的数据，建议您使用 etcdctl 这样的客户端，例如：
+
+```bash
+etcdctl del "" --prefix
+```
+<!--
+See the [etcd documentation](https://github.com/coreos/etcd/tree/master/etcdctl) for more information.
+-->
+
+更多详情请参考 [etcd 文档](https://github.com/coreos/etcd/tree/master/etcdctl)。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init/) to bootstrap a Kubernetes master node
+* [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) to bootstrap a Kubernetes worker node and join it to the cluster
+-->
+
+* 参考 [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init/) 来初始化 Kubernetes 主节点。
+* 参考 [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) 来初始化 Kubernetes 工作节点并加入集群。
+
+{{% /capture %}}
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-token.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-token.md
new file mode 100644
index 0000000000000..24d3dac6b608e
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-token.md
@@ -0,0 +1,61 @@
+---
+reviewers:
+- mikedanese
+- luxas
+- jbeda
+title: kubeadm 令牌
+content_template: templates/concept
+weight: 70
+---
+
+<!--
+---
+reviewers:
+- mikedanese
+- luxas
+- jbeda
+title: kubeadm token
+content_template: templates/concept
+weight: 70
+---
+-->
+
+{{% capture overview %}}
+<!--
+Bootstrap tokens are used for establishing bidirectional trust between a node joining
+the cluster and a master node, as described in [authenticating with bootstrap tokens](/docs/reference/access-authn-authz/bootstrap-tokens/).
+-->
+
+如[使用引导令牌进行身份验证](/docs/reference/access-authn-authz/bootstrap-tokens/)所描述的，引导令牌用于在即将加入集群的节点和主节点间建立双向认证。
+
+<!--
+`kubeadm init` creates an initial token with a 24-hour TTL. The following commands allow you to manage
+such a token and also to create and manage new ones.
+-->
+
+`kubeadm init` 创建了一个有效期为 24 小时的令牌，下面的命令允许您管理令牌，也可以创建和管理新的令牌。
+
+{{% /capture %}}
+
+{{% capture body %}}
+## kubeadm token create {#cmd-token-create}
+{{< include "generated/kubeadm_token_create.md" >}}
+
+## kubeadm token delete {#cmd-token-delete}
+{{< include "generated/kubeadm_token_delete.md" >}}
+
+## kubeadm token generate {#cmd-token-generate}
+{{< include "generated/kubeadm_token_generate.md" >}}
+
+## kubeadm token list {#cmd-token-list}
+{{< include "generated/kubeadm_token_list.md" >}}
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+* [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) 引导 Kubernetes 工作节点并将其加入群集
+{{% /capture %}}
+<!--
+* [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) to bootstrap a Kubernetes worker node and join it to the cluster
+-->
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md
new file mode 100644
index 0000000000000..9a28793a46131
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-upgrade.md
@@ -0,0 +1,80 @@
+---
+title: kubeadm upgrade
+content_template: templates/concept
+weight: 40
+---
+<!--
+---
+reviewers:
+- mikedanese
+- luxas
+- jbeda
+title: kubeadm upgrade
+content_template: templates/concept
+weight: 40
+---
+-->
+{{% capture overview %}}
+<!--
+`kubeadm upgrade` is a user-friendly command that wraps complex upgrading logic behind one command, with support
+for both planning an upgrade and actually performing it. `kubeadm upgrade` can also be used for downgrading
+cluster if necessary.
+-->
+`kubeadm upgrade` 是一个对用户友好的命令，它将复杂的升级逻辑包装在一个命令后面，支持升级的规划和实际执行。
+如有必要，`kubeadm upgrade` 也可用于降级集群。
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+## kubeadm upgrade guidance
+-->
+## kubeadm 升级指南
+
+<!--
+Every upgrade process might be a bit different, so we've documented each minor upgrade process individually.
+For more version-specific upgrade guidance, see the following resources:
+-->
+每个升级过程可能会有所不同，因此我们分别记录了每个小的升级过程。
+有关特定版本的更多升级指南，请参阅以下资源：
+
+<!--
+ * [1.10 to 1.11 upgrades](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-11/)
+ * [1.11 to 1.12 upgrades](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-12/)
+ -->
+ * [1.10 到 1.11 升级](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-11/)
+ * [1.11 到 1.12 升级](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-12/)
+
+<!--
+_For older versions, please refer to older documentation sets on the Kubernetes website._
+-->
+_对于更老的版本，请参阅 Kubernetes 网站上的旧版文档。_
+
+<!--
+In Kubernetes v1.11.0 and later, you can use `kubeadm upgrade diff` to see the changes that would be
+applied to static pod manifests.
+-->
+在 Kubernetes v1.11.0 及更高版本中，您可以使用 `kubeadm upgrade diff` 来查看将应用于静态 Pod 清单的更改。
+
+## kubeadm upgrade plan {#cmd-upgrade-plan}
+{{< include "generated/kubeadm_upgrade_plan.md" >}}
+
+## kubeadm upgrade apply {#cmd-upgrade-apply}
+{{< include "generated/kubeadm_upgrade_apply.md" >}}
+
+## kubeadm upgrade diff {#cmd-upgrade-diff}
+{{< include "generated/kubeadm_upgrade_diff.md" >}}
+
+## kubeadm upgrade node config {#cmd-upgrade-node-config}
+{{< include "generated/kubeadm_upgrade_node_config.md" >}}
+
+## kubeadm upgrade node experimental-control-plane {#cmd-experimental-control-plane}
+{{< include "generated/kubeadm_upgrade_node_experimental-control-plane.md" >}}
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config/) if you initialized your cluster using kubeadm v1.7.x or lower, to configure your cluster for `kubeadm upgrade`
+-->
+* [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config/) 如果使用 kubeadm v1.7.x 或更低版本初始化的集群，请配置您的集群来使用 `kubeadm upgrade`。
+{{% /capture %}}
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-version.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-version.md
new file mode 100644
index 0000000000000..d13996605524f
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm-version.md
@@ -0,0 +1,22 @@
+---
+reviewers:
+- mikedanese
+- luxas
+- jbeda
+title: kubeadm version
+content_template: templates/concept
+weight: 80
+---
+
+{{% capture overview %}}
+<!--
+This command prints the version of kubeadm.
+-->
+
+此命令用来查询 kubeadm 的版本。
+
+{{% /capture %}}
+
+{{% capture body %}}
+{{< include "generated/kubeadm_version.md" >}}
+{{% /capture %}}
diff --git a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm.md b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm.md
index 4bff0f671fc5a..5e338b7039631 100644
--- a/content/zh/docs/reference/setup-tools/kubeadm/kubeadm.md
+++ b/content/zh/docs/reference/setup-tools/kubeadm/kubeadm.md
@@ -8,12 +8,11 @@ weight: 10
 Kubeadm 是一个工具，它提供了 `kubeadm init` 以及 `kubeadm join` 这两个命令作为快速创建 kubernetes 集群的最佳实践。
 
 <!-- kubeadm performs the actions necessary to get a minimum viable cluster up and running. By design, it cares only about bootstrapping, not about provisioning machines. Likewise, installing various nice-to-have addons, like the Kubernetes Dashboard, monitoring solutions, and cloud-specific addons, is not in scope. -->
-kubeadm 通过执行必要的操作来启动和运行一个最小可用的集群。它被故意设计为只关心启动集群，而不是之前的节点准备工作。同样的，诸如安装各种各样值得拥有的插件，例如 Kubernetes Dashboard、监控解决方案以及特定云提供商的插件，这些都不在它负责的范围。
+kubeadm 通过执行必要的操作来启动和运行一个最小可用的集群。它被故意设计为只关心启动集群，而不是准备节点环境的工作。同样的，诸如安装各种各样的可有可无的插件，例如 Kubernetes 控制面板、监控解决方案以及特定云提供商的插件，这些都不在它负责的范围。
 
 <!-- Instead, we expect higher-level and more tailored tooling to be built on top of kubeadm, and ideally, using kubeadm as the basis of all deployments will make it easier to create conformant clusters. -->
 相反，我们期望由一个基于 kubeadm 从更高层设计的更加合适的工具来做这些事情；并且，理想情况下，使用 kubeadm 作为所有部署的基础将会使得创建一个符合期望的集群变得容易。
 
-<!-- ## What's next -->
 ## 接下可以做什么
 
 <!-- * [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init) to bootstrap a Kubernetes master node -->
@@ -23,12 +22,12 @@ kubeadm 通过执行必要的操作来启动和运行一个最小可用的集群
 <!-- * [kubeadm upgrade](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade) to upgrade a Kubernetes cluster to a newer version -->
 * [kubeadm upgrade](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade) 更新一个 Kubernetes 集群到新版本
 <!-- * [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config) if you initialized your cluster using kubeadm v1.7.x or lower, to configure your cluster for `kubeadm upgrade` -->
-* [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config) 如果使用 v1.7.x 或者更低版本的 kubeadm 初始化集群，您需要对集群做一些配置以便使用 `kubeadm upgrade` 命令
+* [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config) 如果你使用 kubeadm v1.7.x 或者更低版本，你需要对你的集群做一些配置以便使用 `kubeadm upgrade` 命令
 <!-- * [kubeadm token](/docs/reference/setup-tools/kubeadm/kubeadm-token) to manage tokens for `kubeadm join` -->
-* [kubeadm token](/docs/reference/setup-tools/kubeadm/kubeadm-token) 管理 `kubeadm join` 使用的令牌
+* [kubeadm token](/docs/reference/setup-tools/kubeadm/kubeadm-token) 使用 `kubeadm join` 来管理令牌
 <!-- * [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset) to revert any changes made to this host by `kubeadm init` or `kubeadm join` -->
-* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset) 还原 `kubeadm init` 或者 `kubeadm join` 对主机所做的任何更改
+* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset) 使用 `kubeadm init` 或者  `kubeadm join` 来恢复对节点的改变
 <!-- * [kubeadm version](/docs/reference/setup-tools/kubeadm/kubeadm-version) to print the kubeadm version -->
-* [kubeadm version](/docs/reference/setup-tools/kubeadm/kubeadm-version) 打印 kubeadm 版本
+* [kubeadm version](/docs/reference/setup-tools/kubeadm/kubeadm-version) 打印出 kubeadm 版本
 <!-- * [kubeadm alpha](/docs/reference/setup-tools/kubeadm/kubeadm-alpha) to preview a set of features made available for gathering feedback from the community -->
 * [kubeadm alpha](/docs/reference/setup-tools/kubeadm/kubeadm-alpha) 预览一组可用的新功能以便从社区搜集反馈
diff --git a/content/zh/docs/reference/setup-tools/kubefed/_index.md b/content/zh/docs/reference/setup-tools/kubefed/_index.md
new file mode 100644
index 0000000000000..e76834dc5ed81
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/_index.md
@@ -0,0 +1,13 @@
+---
+title: kubefed
+weight: 20
+toc-hide: true
+---
+
+<!--
+---
+title: kubefed
+weight: 20
+toc-hide: true
+---
+-->
diff --git a/content/zh/docs/reference/setup-tools/kubefed/kubefed-options.md b/content/zh/docs/reference/setup-tools/kubefed/kubefed-options.md
new file mode 100644
index 0000000000000..2ae8d5f403552
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/kubefed-options.md
@@ -0,0 +1,176 @@
+---
+title: kubefed 选项
+notitle: true
+weight: 20
+---
+
+<!--
+---
+title: kubefed options
+notitle: true
+weight: 20
+---
+-->
+
+<!--
+## kubefed options
+-->
+
+## kubefed 选项
+
+<!--
+Print the list of flags inherited by all commands
+-->
+打印所有命令继承的参数列表
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Print the list of flags inherited by all commands
+-->
+打印所有命令继承的参数列表
+
+```
+kubefed options [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+  # Print flags inherited by all commands
+-->
+
+```
+  # 打印所有命令继承的参数
+  kubefed options
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+ -h, --help   options 的帮助信息
+-->
+
+```
+  -h, --help   help for options
+```
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+      --alsologtostderr                              log to standard error as well as files
+      --as string                                    Username to impersonate for the operation
+      --as-group stringArray                         Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --cache-dir string                             Default HTTP cache directory (default "/Users/jrondeau/.kube/http-cache")
+      --certificate-authority string                 Path to a cert file for the certificate authority
+      --client-certificate string                    Path to a client certificate file for TLS
+      --client-key string                            Path to a client key file for TLS
+      --cloud-provider-gce-lb-src-cidrs cidrs        CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               The name of the kubeconfig cluster to use
+      --context string                               The name of the kubeconfig context to use
+      --default-not-ready-toleration-seconds int     Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --default-unreachable-toleration-seconds int   Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+-->
+<!--
+--insecure-skip-tls-verify                     If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --ir-data-source string                        Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb")
+      --ir-dbname string                             InfluxDB database name which contains metrics required by InitialResources (default "k8s")
+      --ir-hawkular string                           Hawkular configuration URL
+      --ir-influxdb-host string                      Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+-->
+
+```
+      --alsologtostderr                              同时将日志输出到标准错误输出（stderr）
+      --as string                                    用户名模拟操作
+      --as-group stringArray                         要模拟操作的组，可以重复使用此参数来指定多个组。
+      --cache-dir string                             默认 HTTP 缓存目录(默认 "/Users/jrondeau/.kube/http-cache")
+      --certificate-authority string                 证书创建的证书机构的的路径
+      --client-certificate string                    TLS 客户端证书的路径
+      --client-key string                            TLS 客户端秘钥的路径
+      --cloud-provider-gce-lb-src-cidrs cidrs        在 GCE 防火墙中放开的 CIDRs，用于 LB 流量代理和检查是否正常(默认 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               使用的 kubeconfig 集群的名称
+      --context string                               使用的 kubeconfig 上下文名称
+      --default-not-ready-toleration-seconds int     对于未添加 notReady:NoExecute 容忍度设置的所有 Pod，为其设置此参数值作为对 notReady:NoExecute 容忍度的容忍秒数（tolerationSeconds）；默认值为 300 秒。
+      --default-unreachable-toleration-seconds int   对于未设置 unreachable:NoExecute 容忍度的所有 Pod，设置其对 unreachable:NoExecute 的容忍度秒数（tolerationSeconds）；默认值为 300 秒。
+      
+      --insecure-skip-tls-verify                     如果是 true，将不检查服务器证书的有效性。这将使您的 HTTPS 连接不安全
+      --ir-data-source string                        由 InitialResources 使用的数据源；支持的选项有：influxdb 和 gcm(默认 "influxdb")。
+      --ir-dbname string                             数据库名，其中包含 InitialResources 所需的指标 (默认 "k8s")
+      --ir-hawkular string                           Hawkular 配置 URL
+      --ir-influxdb-host string                      包含 InitialResources 需要的指标的 InfluxDB 的地址(默认 "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+      --ir-namespace-only                            是否仅根据来自相同命名空间的数据进行估算。
+      --ir-password string                           用于连接到 InfluxDB 的密码(默认 "root")
+      --ir-percentile int                            在估算资源时，InitialResoruces 要使用的样本百分比。仅用于实验目的。默认值为 90。 
+      --ir-user string                               用于连接到 InfluxDB 的用户(默认 "root")
+      --kubeconfig string                            用于 CLI 请求的 kubeconfig 文件的路径。
+      --log-backtrace-at traceLocation               当日志机制遇到文件行 file:N 时，打印堆栈轨迹；默认值为 “:0”。
+      --log-dir string                               如果非空，在此目录中写入日志文件
+      --log-flush-frequency duration                 日志刷新的最大秒数 (默认 5s)
+      --logtostderr                                  记录日志到标准错误输出（stderr）而不是文件中； 默认值为 true
+      --match-server-version                         要求服务器版本与客户端版本匹配
+  -n, --namespace string                             若给定，用来设置 CLI 请求的命名空间范围
+      --password string                              用来对 API 服务器进行基本身份验证的密码
+      --request-timeout string                       放弃单个服务器请求前等待的时间长度。非零值应包含相应的时间单位（如 1s、2m 或 3h）。值为 0 表示请求不超时； 默认值为 "0"
+  -s, --server string                                Kubernetes API 服务器的地址和端口
+      --stderrthreshold severity                     在此阈值或以上的日志将转到 stderr (默认 2)
+      --token string                                 向 API 服务器进行身份验证的持有者令牌
+      --user string                                  使用的 kubeconfig 用户的名称
+      --username string                              用户名，用于对 API 服务器的基本身份验证
+  -v, --v Level                                      V log 的 log 级别
+      --vmodule moduleSpec                           基于文件的日志过滤，取值为逗号分隔的列表，列表中每项的格式为 "pattern=N"
+```
+
+<!--
+--ir-namespace-only                            Whether the estimation should be made only based on data from the same namespace.
+      --ir-password string                           Password used for connecting to InfluxDB (default "root")
+      --ir-percentile int                            Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90)
+      --ir-user string                               User used for connecting to InfluxDB (default "root")
+      --kubeconfig string                            Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at traceLocation               when logging hits line file:N, emit a stack trace (default :0)
+      --log-dir string                               If non-empty, write log files in this directory
+      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
+      --logtostderr                                  log to standard error instead of files (default true)
+      --match-server-version                         Require server version to match client version
+  -n, --namespace string                             If present, the namespace scope for this CLI request
+      --password string                              Password for basic authentication to the API server
+      --request-timeout string                       The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+  -s, --server string                                The address and port of the Kubernetes API server
+      --stderrthreshold severity                     logs at or above this threshold go to stderr (default 2)
+      --token string                                 Bearer token for authentication to the API server
+      --user string                                  The name of the kubeconfig user to use
+      --username string                              Username for basic authentication to the API server
+  -v, --v Level                                      log level for V logs
+      --vmodule moduleSpec                           comma-separated list of pattern=N settings for file-filtered logging
+-->
+
+<!--
+### SEE ALSO
+-->
+
+### 查看其它
+
+* [kubefed](/docs/reference/setup-tools/kubefed/kubefed/)	 - kubefed 控制一个 Kubernetes 集群联邦
+
+<!--
+###### Auto generated by spf13/cobra on 25-Mar-2018
+-->
+
+ 
+
+
diff --git a/content/zh/docs/reference/setup-tools/kubefed/kubefed.md b/content/zh/docs/reference/setup-tools/kubefed/kubefed.md
new file mode 100644
index 0000000000000..3fdc8b36cc288
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/kubefed.md
@@ -0,0 +1,137 @@
+## kubefed
+
+<!--
+kubefed controls a Kubernetes Cluster Federation
+-->
+
+使用 kubefed 控制 Kubernetes 集群联邦
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+kubefed controls a Kubernetes Cluster Federation. 
+-->
+使用 kubefed 控制 Kubernetes 集群联邦
+
+<!--
+Find more information at https://github.com/kubernetes/federation.
+-->
+更多信息请前往 https://github.com/kubernetes/federation
+
+```
+kubefed [flags]
+```
+<!--
+### Options
+-->
+### 选项
+
+<!--
+```
+      --alsologtostderr                              log to standard error as well as files
+      --as string                                    Username to impersonate for the operation
+      --as-group stringArray                         Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --cache-dir string                             Default HTTP cache directory (default "/Users/zarnold/.kube/http-cache")
+      --certificate-authority string                 Path to a cert file for the certificate authority
+      --client-certificate string                    Path to a client certificate file for TLS
+      --client-key string                            Path to a client key file for TLS
+      --cloud-provider-gce-lb-src-cidrs cidrs        CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               The name of the kubeconfig cluster to use
+      --context string                               The name of the kubeconfig context to use
+      --default-not-ready-toleration-seconds int     Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --default-unreachable-toleration-seconds int   Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+  -h, --help                                         help for kubefed
+      --insecure-skip-tls-verify                     If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --ir-data-source string                        Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb")
+      --ir-dbname string                             InfluxDB database name which contains metrics required by InitialResources (default "k8s")
+      --ir-hawkular string                           Hawkular configuration URL
+      --ir-influxdb-host string                      Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+      --ir-namespace-only                            Whether the estimation should be made only based on data from the same namespace.
+      --ir-password string                           Password used for connecting to InfluxDB (default "root")
+      --ir-percentile int                            Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90)
+      --ir-user string                               User used for connecting to InfluxDB (default "root")
+      --kubeconfig string                            Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at traceLocation               when logging hits line file:N, emit a stack trace (default :0)
+      --log-dir string                               If non-empty, write log files in this directory
+      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
+      --logtostderr                                  log to standard error instead of files (default true)
+      --match-server-version                         Require server version to match client version
+  -n, --namespace string                             If present, the namespace scope for this CLI request
+      --password string                              Password for basic authentication to the API server
+      --request-timeout string                       The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+  -s, --server string                                The address and port of the Kubernetes API server
+      --stderrthreshold severity                     logs at or above this threshold go to stderr (default 2)
+      --token string                                 Bearer token for authentication to the API server
+      --user string                                  The name of the kubeconfig user to use
+      --username string                              Username for basic authentication to the API server
+  -v, --v Level                                      log level for V logs
+      --vmodule moduleSpec                           comma-separated list of pattern=N settings for file-filtered logging
+```
+-->
+
+```
+      --alsologtostderr                              同时将日志输出到标准错误输出（stderr）
+      --as string                                    用户名模拟操作
+      --as-group stringArray                         要模拟操作的组，可以重复使用此参数来指定多个组。
+      --cache-dir string                             默认 HTTP 缓存目录（默认 "/Users/jrondeau/.kube/http-cache"）
+      --certificate-authority string                 证书创建的证书机构的的路径
+      --client-certificate string                    TLS 客户端证书的路径
+      --client-key string                            TLS 客户端密钥的路径
+      --cloud-provider-gce-lb-src-cidrs cidrs        在 GCE 防火墙中放开的 CIDRs，用于 LB 流量代理和检查是否正常（默认 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16）。
+      --cluster string                               使用的 kubeconfig 集群的名称
+      --context string                               使用的 kubeconfig 上下文名称
+      --default-not-ready-toleration-seconds int     对于未添加 notReady:NoExecute 容忍度设置的所有 Pod，为其设置此参数值作为对 notReady:NoExecute 容忍度的容忍秒数（tolerationSeconds）；默认值为 300 秒。
+      --default-unreachable-toleration-seconds int   对于未设置 unreachable:NoExecute 容忍度的所有 Pod，设置其对 unreachable:NoExecute 的容忍度秒数（tolerationSeconds）；默认值为 300 秒。
+  -h, --help                                         kubefed 的帮助信息
+      --insecure-skip-tls-verify                     如果是 true，将不检查服务器证书的有效性。这将使您的 HTTPS 连接不安全。
+      --ir-data-source string                        由 InitialResources 使用的数据源；支持的选项有：influxdb 和 gcm（默认 "influxdb"）。
+      --ir-dbname string                             数据库名，其中包含 InitialResources 所需的指标（默认 "k8s"）。
+      --ir-hawkular string                           Hawkular 配置 URL
+      --ir-influxdb-host string                      包含 InitialResources 需要的指标的 InfluxDB 的地址（默认 "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy"）
+      --ir-namespace-only                            是否仅根据来自相同命名空间的数据进行估算。
+      --ir-password string                           用于连接到 InfluxDB 的密码（默认 "root"）
+      --ir-percentile int                            在估算资源时，InitialResoruces 要使用的样本百分比。仅用于实验目的。默认值为 90。 
+      --ir-user string                               用于连接到 InfluxDB 的用户（默认 "root"）
+      --kubeconfig string                            用于 CLI 请求的 kubeconfig 文件的路径。
+      --log-backtrace-at traceLocation               当日志机制遇到文件行 file:N 时，打印堆栈轨迹；默认值为 “:0”。
+      --log-dir string                               如果非空，在此目录中写入日志文件
+      --log-flush-frequency duration                 日志刷新的最大秒数（默认 5s）
+      --logtostderr                                  记录日志到标准错误输出（stderr）而不是文件中；默认值为 true。
+      --match-server-version                         要求服务器版本与客户端版本匹配
+  -n, --namespace string                             若给定，用来设置 CLI 请求的命名空间范围
+      --password string                              用来对 API 服务器进行基本身份验证的密码
+      --request-timeout string                       放弃单个服务器请求前等待的时间长度。非零值应包含相应的时间单位（如 1s、2m 或 3h）。值为 0 表示请求不超时；默认值为 "0"。
+  -s, --server string                                Kubernetes API 服务器的地址和端口
+      --stderrthreshold severity                     在此阈值或以上的日志将转到 stderr（默认 2）
+      --token string                                 向 API 服务器进行身份验证的持有者令牌
+      --user string                                  使用的 kubeconfig 用户的名称
+      --username string                              用户名，用于对 API 服务器的基本身份验证。
+  -v, --v Level                                      V 日志的日志级别
+      --vmodule moduleSpec                           基于文件的日志过滤，取值为逗号分隔的列表，列表中每项的格式为 "pattern=N"。
+```
+
+<!--
+### SEE ALSO
+* [kubefed init](kubefed_init.md)	 - Initialize a federation control plane
+* [kubefed join](kubefed_join.md)	 - Join a cluster to a federation
+* [kubefed options](kubefed_options.md)	 - Print the list of flags inherited by all commands
+* [kubefed unjoin](kubefed_unjoin.md)	 - Unjoin a cluster from a federation
+* [kubefed version](kubefed_version.md)	 - Print the client and server version information
+-->
+
+### 其他参考
+* [kubefed init](kubefed_init.md)  - 初始化联邦控制平面
+* [kubefed join](kubefed_join.md)  - 将集群加入联邦
+* [kubefed options](kubefed_options.md)  - 打印所有命令继承的参数列表
+* [kubefed unjoin](kubefed_unjoin.md)  - 将集群从联邦中移除
+* [kubefed version](kubefed_version.md)  - 打印客户端和服务器版本信息
+
+<!--
+###### Auto generated by spf13/cobra on 24-Sep-2018
+-->
+###### 原文由 spf13/cobra 自动生成于 2018-9-24
+
diff --git a/content/zh/docs/reference/setup-tools/kubefed/kubefed_init.md b/content/zh/docs/reference/setup-tools/kubefed/kubefed_init.md
new file mode 100644
index 0000000000000..7389f6f51f349
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/kubefed_init.md
@@ -0,0 +1,212 @@
+## kubefed init
+
+<!--
+Initialize a federation control plane
+-->
+
+初始化联邦控制平面
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Init initializes a federation control plane. 
+
+    Federation control plane is hosted inside a Kubernetes
+    cluster. The host cluster must be specified using the
+    --host-cluster-context flag.
+-->
+
+Init 用来初始化联邦控制平面
+
+    联邦控制平面位于 Kubernetes 集群内。必须使用 --host-cluster-context 参数指定主机集群。
+
+```
+kubefed init FEDERATION_NAME --host-cluster-context=HOST_CONTEXT [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 示例
+
+```
+<!--
+  # Initialize federation control plane for a federation
+  # named foo in the host cluster whose local kubeconfig
+  # context is bar.
+  kubefed init foo --host-cluster-context=bar
+```
+-->
+
+```
+  # 为主机集群中名为 foo 的联邦初始化控制平面，该主机集群中的本地 kubeconfig 上下文为 bar。
+  kubefed init foo --host-cluster-context=bar
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+```
+      --api-server-advertise-address string      Preferred address to advertise api server nodeport service. Valid only if 'api-server-service-type=NodePort'.
+      --api-server-port int32                    Preferred port to use for api server nodeport service (0 for random port assignment). Valid only if 'api-server-service-type=NodePort'.
+      --api-server-service-type string           The type of service to create for federation API server. Options: 'LoadBalancer' (default), 'NodePort'. (default "LoadBalancer")
+      --apiserver-arg-overrides string           comma separated list of federation-apiserver arguments to override: Example "--arg1=value1,--arg2=value2..."
+      --apiserver-enable-basic-auth              Enables HTTP Basic authentication for the federation-apiserver. Defaults to false.
+      --apiserver-enable-token-auth              Enables token authentication for the federation-apiserver. Defaults to false.
+      --controllermanager-arg-overrides string   comma separated list of federation-controller-manager arguments to override: Example "--arg1=value1,--arg2=value2..."
+      --credentials-kubeconfig string            Kubeconfig file path on local file system, which should be used to authenticate with host cluster or the joining cluster (instead of the default kubeconfig).This can be used to override the RBAC based authentication while initialising the federation control plane or joining a cluster to one, even when the cluster exposes the RBAC API.
+      --dns-provider string                      Dns provider to be used for this deployment.
+      --dns-provider-config string               Config file path on local file system for configuring DNS provider.
+      --dns-zone-name string                     DNS suffix for this federation. Federated Service DNS names are published with this suffix.
+      --dry-run                                  dry run without sending commands to server.
+      --etcd-image string                        Image to use for etcd server. (default "gcr.io/google_containers/etcd:3.1.10")
+      --etcd-persistent-storage                  Use persistent volume for etcd. Defaults to 'true'. (default true)
+      --etcd-pv-capacity string                  Size of persistent volume claim to be used for etcd. (default "10Gi")
+      --etcd-pv-storage-class string             The storage class of the persistent volume claim used for etcd.   Must be provided if a default storage class is not enabled for the host cluster.
+      --etcd-servers string                      External pre-deployed etcd server to be used to store federation state.
+      --federation-system-namespace string       Namespace in the host cluster where the federation system components are installed (default "federation-system")
+  -h, --help                                     help for init
+      --host-cluster-context string              Host cluster context
+      --image string                             Image to use for federation API server and controller manager binaries. (default "gcr.io/k8s-jkns-e2e-gce-federation/fcp-amd64:v0.0.0-master_$Format:%h$")
+      --image-pull-policy string                 PullPolicy describes a policy for if/when to pull a container image. The default pull policy is IfNotPresent which will not pull an image if it already exists. (default "IfNotPresent")
+      --image-pull-secrets string                Provide secrets that can access the private registry.
+      --node-selector string                     comma separated list of nodeSelector arguments: Example "arg1=value1,arg2=value2..."
+```
+-->
+
+```
+      --api-server-advertise-address string      公布 API 服务器的 nodeport 服务的首选地址。 只在 'api-server-service-type=NodePort' 时有效。
+      --api-server-port int32                    API 服务器的 nodeport 服务的首选端口（设置为 0 将随机指定端口）。只在 'api-server-service-type=NodePort' 时有效。
+      --api-server-service-type string           创建联邦 API 服务器的服务类型。 选项包括：'LoadBalancer'（默认），'NodePort'。（默认 "LoadBalancer"）
+      --apiserver-arg-overrides string           要重写的联合 API 服务器参数列表，用逗号分隔， 例如 "--arg1=value1,--arg2=value2..."
+      --apiserver-enable-basic-auth              为联邦 API 服务器启用 HTTP 基本身份验证。默认关闭。
+      --apiserver-enable-token-auth              为联邦 API 服务器启用令牌身份验证。默认关闭。
+      --controllermanager-arg-overrides string   要重写的 federation-controller-manager 参数列表，用逗号分隔，例如："--arg1=value1,--arg2=value2..."
+      --credentials-kubeconfig string            本地文件系统上的 kubeconfig 文件路径，应用于与主机集群或加入集群（而不是默认的 kubeconfig）进行身份验证。这可用于在初始化联邦控制平面或将集群加入到一个集群时覆盖基于 RBAC 的身份验证，即使在集群公开 RBAC API 时也是如此。
+      --dns-provider string                      此 deployment 使用的 DNS 驱动。
+      --dns-provider-config string               用来配置 DNS 驱动的本地文件系统中的配置文件。
+      --dns-zone-name string                     此联邦的 DNS 后缀。使用此后缀发布联邦服务 DNS 名称。
+      --dry-run                                  在不向服务器发送命令的情况下进行试运行。
+      --etcd-image string                        服务器使用的镜像（默认 "gcr.io/google_containers/etcd:3.1.10"）
+      --etcd-persistent-storage                  etcd 使用持久卷，默认为 'true'。（默认 true）
+      --etcd-pv-capacity string                  etcd 所使用的持久卷申领的大小（默认 "10Gi"）
+      --etcd-pv-storage-class string             etcd 所使用的持久卷申领的存储类。如果主机集群没有配置默认存储类，就必须提供。
+      --etcd-servers string                      用来存储联邦状态的外部预部署的 etcd 服务器。
+      --federation-system-namespace string       主机集群上用来安装联邦系统组件的命名空间（默认 "federation-system"）
+  -h, --help                                     init 的帮助信息
+      --host-cluster-context string              主机集群的上下文
+      --image string                             用于联邦 API 服务器和控制器管理器二进制文件的镜像。（默认 "gcr.io/k8s-jkns-e2e-gce-federation/fcp-amd64:v0.0.0-master_$Format:%h$"）
+      --image-pull-policy string                 拉取策略描述了容器映像的拉取策略。默认的拉取策略是 ifNotPresent，如果镜像已存在，则不会拉它。（默认 "IfNotPresent"）
+      --image-pull-secrets string                提供访问私有仓库的 secret。
+      --node-selector string                     逗号分隔的 nodeSelector（节点选择器）参数列表，例如："arg1=value1,arg2=value2..."
+```
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+```
+      --alsologtostderr                              log to standard error as well as files
+      --as string                                    Username to impersonate for the operation
+      --as-group stringArray                         Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --cache-dir string                             Default HTTP cache directory (default "/Users/jrondeau/.kube/http-cache")
+      --certificate-authority string                 Path to a cert file for the certificate authority
+      --client-certificate string                    Path to a client certificate file for TLS
+      --client-key string                            Path to a client key file for TLS
+      --cloud-provider-gce-lb-src-cidrs cidrs        CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               The name of the kubeconfig cluster to use
+      --context string                               The name of the kubeconfig context to use
+      --default-not-ready-toleration-seconds int     Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --default-unreachable-toleration-seconds int   Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --insecure-skip-tls-verify                     If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --ir-data-source string                        Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb")
+      --ir-dbname string                             InfluxDB database name which contains metrics required by InitialResources (default "k8s")
+      --ir-hawkular string                           Hawkular configuration URL
+      --ir-influxdb-host string                      Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+      --ir-namespace-only                            Whether the estimation should be made only based on data from the same namespace.
+      --ir-password string                           Password used for connecting to InfluxDB (default "root")
+      --ir-percentile int                            Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90)
+      --ir-user string                               User used for connecting to InfluxDB (default "root")
+      --kubeconfig string                            Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at traceLocation               when logging hits line file:N, emit a stack trace (default :0)
+      --log-dir string                               If non-empty, write log files in this directory
+      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
+      --logtostderr                                  log to standard error instead of files (default true)
+      --match-server-version                         Require server version to match client version
+  -n, --namespace string                             If present, the namespace scope for this CLI request
+      --password string                              Password for basic authentication to the API server
+      --request-timeout string                       The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+  -s, --server string                                The address and port of the Kubernetes API server
+      --stderrthreshold severity                     logs at or above this threshold go to stderr (default 2)
+      --token string                                 Bearer token for authentication to the API server
+      --user string                                  The name of the kubeconfig user to use
+      --username string                              Username for basic authentication to the API server
+  -v, --v Level                                      log level for V logs
+      --vmodule moduleSpec                           comma-separated list of pattern=N settings for file-filtered logging
+```
+-->
+
+```
+      --alsologtostderr                              同时将日志输出到标准错误输出（stderr）
+      --as string                                    用户名模拟操作
+      --as-group stringArray                         要模拟操作的组，可以重复使用此参数来指定多个组。
+      --cache-dir string                             默认 HTTP 缓存目录（默认 "/Users/jrondeau/.kube/http-cache"）
+      --certificate-authority string                 证书创建的证书机构的的路径
+      --client-certificate string                    TLS 客户端证书的路径
+      --client-key string                            TLS 客户端秘钥的路径
+      --cloud-provider-gce-lb-src-cidrs cidrs        在 GCE 防火墙中放开的 CIDRs，用于 LB 流量代理和检查是否正常（默认 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16）
+      --cluster string                               使用的 kubeconfig 集群的名称
+      --context string                               使用的 kubeconfig 上下文名称
+      --default-not-ready-toleration-seconds int     对于未添加 notReady:NoExecute 容忍度设置的所有 Pod，为其设置此参数值作为对 notReady:NoExecute 容忍度的容忍秒数（tolerationSeconds）；默认值为 300 秒。
+      --default-unreachable-toleration-seconds int   对于未设置 unreachable:NoExecute 容忍度的所有 Pod，设置其对 unreachable:NoExecute 的容忍度秒数（tolerationSeconds）；默认值为 300 秒。
+      --insecure-skip-tls-verify                     如果是 true，将不检查服务器证书的有效性。这将使您的 HTTPS 连接不安全
+      --ir-data-source string                        由 InitialResources 使用的数据源；支持的选项有：influxdb 和 gcm（默认 "influxdb"）。
+      --ir-dbname string                             数据库名，其中包含 InitialResources 所需的指标（默认 "k8s"）
+      --ir-hawkular string                           Hawkular 配置 URL
+      --ir-influxdb-host string                      包含 InitialResources 需要的指标的 InfluxDB 的地址（默认 "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy"）
+      --ir-namespace-only                            是否仅根据来自相同命名空间的数据进行估算。
+      --ir-password string                           用于连接到 InfluxDB 的密码（默认 "root"）
+      --ir-percentile int                            在估算资源时，InitialResoruces 要使用的样本百分比。仅用于实验目的。默认值为 90。 
+      --ir-user string                               用于连接到 InfluxDB 的用户（默认 "root"）
+      --kubeconfig string                            用于 CLI 请求的 kubeconfig 文件的路径。
+      --log-backtrace-at traceLocation               当日志机制遇到文件行 file:N 时，打印堆栈轨迹；默认值为 “:0”。
+      --log-dir string                               如果非空，在此目录中写入日志文件
+      --log-flush-frequency duration                 日志刷新的最大秒数（默认 5s）
+      --logtostderr                                  记录日志到标准错误输出（stderr）而不是文件中；默认值为 true
+      --match-server-version                         要求服务器版本与客户端版本匹配
+  -n, --namespace string                             若给定，用来设置 CLI 请求的命名空间范围
+      --password string                              用来对 API 服务器进行基本身份验证的密码
+      --request-timeout string                       放弃单个服务器请求前等待的时间长度。非零值应包含相应的时间单位（如 1s、2m 或 3h）。值为 0 表示请求不超时；默认值为 "0"
+  -s, --server string                                Kubernetes API 服务器的地址和端口
+      --stderrthreshold severity                     在此阈值或以上的日志将转到 stderr（默认 2）
+      --token string                                 向 API 服务器进行身份验证的持有者令牌
+      --user string                                  使用的 kubeconfig 用户的名称
+      --username string                              用户名，用于对 API 服务器的基本身份验证
+  -v, --v Level                                      V 日志的日志级别
+      --vmodule moduleSpec                           基于文件的日志过滤，取值为逗号分隔的列表，列表中每项的格式为 "pattern=N"
+```
+
+<!--
+### SEE ALSO
+* [kubefed](kubefed.md)	 - kubefed controls a Kubernetes Cluster Federation
+-->
+
+### 其他参考
+* [kubefed](kubefed.md)  - 用 kubefed 控制 Kubernetes 集群联邦
+
+<!--
+###### Auto generated by spf13/cobra on 24-Sep-2018
+-->
+###### 原文由 spf13/cobra 自动生成于 2018-9-24
diff --git a/content/zh/docs/reference/setup-tools/kubefed/kubefed_join.md b/content/zh/docs/reference/setup-tools/kubefed/kubefed_join.md
new file mode 100644
index 0000000000000..e481c1f43c2c8
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/kubefed_join.md
@@ -0,0 +1,202 @@
+## kubefed join
+
+<!--
+Join a cluster to a federation
+-->
+
+将集群加入联邦
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Join adds a cluster to a federation. 
+-->
+
+Join 将集群加入联邦。
+
+<!--
+    Current context is assumed to be a federation API
+    server. Please use the --context flag otherwise.
+-->
+
+    假设当前上下文是联邦 API 服务器。否则请使用 --context 参数。
+
+```
+kubefed join CLUSTER_NAME --host-cluster-context=HOST_CONTEXT [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 示例
+
+<!--
+```
+  # Join a cluster to a federation by specifying the
+  # cluster name and the context name of the federation
+  # control plane's host cluster. Cluster name must be
+  # a valid RFC 1123 subdomain name. Cluster context
+  # must be specified if the cluster name is different
+  # than the cluster's context in the local kubeconfig.
+  kubefed join foo --host-cluster-context=bar
+```
+-->
+
+```
+  # 通过指定集群名称和联邦控制平面的主机集群上下文名称，将集群添加到联邦。集群名称必须是符合 RFC 1123 规范的可用子域名。
+  # 如果集群名称和本地 kubeconfig 中的集群上下文不同，就必须指定集群上下文。
+  kubefed join foo --host-cluster-context=bar
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+```
+      --allow-missing-template-keys          If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. (default true)
+      --cluster-context string               Name of the cluster's context in the local kubeconfig. Defaults to cluster name if unspecified.
+      --credentials-kubeconfig string        Kubeconfig file path on local file system, which should be used to authenticate with host cluster or the joining cluster (instead of the default kubeconfig).This can be used to override the RBAC based authentication while initialising the federation control plane or joining a cluster to one, even when the cluster exposes the RBAC API.
+      --dry-run                              If true, only print the object that would be sent, without sending it.
+      --federation-system-namespace string   Namespace in the host cluster where the federation system components are installed (default "federation-system")
+      --generator string                     The name of the API generator to use. (default "cluster/v1beta1")
+  -h, --help                                 help for join
+      --host-cluster-context string          Host cluster context
+      --no-headers                           When using the default or custom-column output format, don't print headers (default print headers).
+  -o, --output string                        Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [/docs/user-guide/jsonpath].
+      --save-config                          If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+  -a, --show-all                             When printing, show all resources (default hide terminated pods.)
+      --show-labels                          When printing, show all labels as the last column (default hide labels column)
+      --sort-by string                       If non-empty, sort list types using this field specification.  The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+      --template string                      Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+      --validate                             If true, use a schema to validate the input before sending it (default true)
+```
+-->
+
+```
+      --allow-missing-template-keys          如果为 true，当模版中的字段或者映射键缺失时，将忽略模版中的任何错误。仅应用于 golang 和 jsonpath 输出格式。（默认值为 true）
+      --cluster-context string               本地 kubeconfig 中的集群上下文名称。如果未指定，默认为集群名称。
+      --credentials-kubeconfig string        本地文件系统上的 kubeconfig 的文件路径，应用于对主机集群或加入集群（而不是默认的 kubeconfig）进行身份验证。这可用于在初始化联合控制平面或将集群加入到其中时覆盖基于 RBAC 的身份验证，即使在集群公开 RBAC API 时也是如此。
+      --dry-run                              如果为 true，只打印将要发送的对象，实际上并没有发送出去。
+      --federation-system-namespace string   安装联邦系统组件的主机集群命名空间（默认值为 "federation-system"）。
+      --generator string                     要使用的 API 生成器的名称（默认值为 "cluster/v1beta1"）。
+  -h, --help                                 join 的帮助信息。
+      --host-cluster-context string          主机集群上下文。
+      --no-headers                           当使用默认或者定制列输出格式时，不打印头信息（默认打印头信息）。
+  -o, --output string                        输出格式。下列之一： json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... 参考定制列 [/docs/user-guide/kubectl-overview/#custom-columns]，golang 模版 [http://golang.org/pkg/text/template/#pkg-overview] 和 jsonpath 模版 [/docs/user-guide/jsonpath]。
+      --save-config                          如果为 true，当前对象的配置将保存到它的注解中。否则将不会改变注解。 当你将来对此对象执行 kubectl apply 时，会用到该参数。
+  -a, --show-all                             打印时，显示所有资源。（默认隐藏已终止的 pod）
+      --show-labels                          打印时，将所有标签显示在最后一列。 (默认隐藏标签列）
+      --sort-by string                       如果非空， 使用此字段的指定项对列表类型进行排序。此字段的指定项使用 JSONPath 表达式（例如 '{.metadata.name}'）。 此 JSONPath 表达式指定的 API 资源中的字段必须是整数或字符串。
+      --template string                       当设置 -o=go-template，-o=go-template-file 时， 要使用的模板文件的模板字符串或路径。模版格式为 golang 模版 [http://golang.org/pkg/text/template/#pkg-overview]。
+      --validate                             如果为 true，在发送输入信息之前先进行语法检查（默认值为 true）。
+```
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+```
+      --alsologtostderr                              log to standard error as well as files
+      --as string                                    Username to impersonate for the operation
+      --as-group stringArray                         Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --cache-dir string                             Default HTTP cache directory (default "/Users/zarnold/.kube/http-cache")
+      --certificate-authority string                 Path to a cert file for the certificate authority
+      --client-certificate string                    Path to a client certificate file for TLS
+      --client-key string                            Path to a client key file for TLS
+      --cloud-provider-gce-lb-src-cidrs cidrs        CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               The name of the kubeconfig cluster to use
+      --context string                               The name of the kubeconfig context to use
+      --default-not-ready-toleration-seconds int     Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --default-unreachable-toleration-seconds int   Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --insecure-skip-tls-verify                     If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --ir-data-source string                        Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb")
+      --ir-dbname string                             InfluxDB database name which contains metrics required by InitialResources (default "k8s")
+      --ir-hawkular string                           Hawkular configuration URL
+      --ir-influxdb-host string                      Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+      --ir-namespace-only                            Whether the estimation should be made only based on data from the same namespace.
+      --ir-password string                           Password used for connecting to InfluxDB (default "root")
+      --ir-percentile int                            Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90)
+      --ir-user string                               User used for connecting to InfluxDB (default "root")
+      --kubeconfig string                            Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at traceLocation               when logging hits line file:N, emit a stack trace (default :0)
+      --log-dir string                               If non-empty, write log files in this directory
+      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
+      --logtostderr                                  log to standard error instead of files (default true)
+      --match-server-version                         Require server version to match client version
+  -n, --namespace string                             If present, the namespace scope for this CLI request
+      --password string                              Password for basic authentication to the API server
+      --request-timeout string                       The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+  -s, --server string                                The address and port of the Kubernetes API server
+      --stderrthreshold severity                     logs at or above this threshold go to stderr (default 2)
+      --token string                                 Bearer token for authentication to the API server
+      --user string                                  The name of the kubeconfig user to use
+      --username string                              Username for basic authentication to the API server
+  -v, --v Level                                      log level for V logs
+      --vmodule moduleSpec                           comma-separated list of pattern=N settings for file-filtered logging
+```
+-->
+
+```
+      --alsologtostderr                              同时将日志输出到标准错误输出（stderr）。
+      --as string                                    用户名模拟操作。
+      --as-group stringArray                         要模拟操作的组，可以重复使用此参数来指定多个组。
+      --cache-dir string                             默认 HTTP 缓存目录（默认值为 "/Users/jrondeau/.kube/http-cache"）。
+      --certificate-authority string                 证书创建的证书机构的的路径。
+      --client-certificate string                    TLS 客户端证书的路径。
+      --client-key string                            TLS 客户端秘钥的路径。
+      --cloud-provider-gce-lb-src-cidrs cidrs        在 GCE 防火墙中放开的 CIDRs，用于 LB 流量代理和检查是否正常（默认 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16）。
+      --cluster string                               使用的 kubeconfig 集群的名称。
+      --context string                               使用的 kubeconfig 上下文名称。
+      --default-not-ready-toleration-seconds int     对于未添加 notReady:NoExecute 容忍度设置的所有 Pod，为其设置此参数值作为对 notReady:NoExecute 容忍度的容忍秒数（tolerationSeconds）；默认值为 300 秒。
+      --default-unreachable-toleration-seconds int   对于未设置 unreachable:NoExecute 容忍度的所有 Pod，设置其对 unreachable:NoExecute 的容忍度秒数（tolerationSeconds）；默认值为 300 秒。
+      --insecure-skip-tls-verify                     如果是 true，将不检查服务器证书的有效性。这将使您的 HTTPS 连接不安全。
+      --ir-data-source string                        由 InitialResources 使用的数据源；支持的选项有：influxdb 和 gcm（默认值为 "influxdb"）。
+      --ir-dbname string                             数据库名，其中包含 InitialResources 所需的指标（默认值为 "k8s"）。
+      --ir-hawkular string                           Hawkular 配置 URL。
+      --ir-influxdb-host string                      包含 InitialResources 需要的指标的 InfluxDB 的地址（默认值为 "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy"）。
+      --ir-namespace-only                            是否仅根据来自相同命名空间的数据进行估算。
+      --ir-password string                           用于连接到 InfluxDB 的密码（默认值为 "root"）。
+      --ir-percentile int                            在估算资源时，InitialResoruces 要使用的样本百分比。仅用于实验目的。默认值为 90。 
+      --ir-user string                               用于连接到 InfluxDB 的用户（默认值为 "root"）。
+      --kubeconfig string                            用于 CLI 请求的 kubeconfig 文件的路径。
+      --log-backtrace-at traceLocation               当日志机制遇到文件行 file:N 时，打印堆栈轨迹；默认值为：0。
+      --log-dir string                               如果非空，在此目录中写入日志文件。
+      --log-flush-frequency duration                 日志刷新的最大秒数（默认值为 5s）。
+      --logtostderr                                  记录日志到标准错误输出（stderr）而不是文件中；默认值为 true。
+      --match-server-version                         要求服务器版本与客户端版本匹配。
+  -n, --namespace string                             若给定，用来设置 CLI 请求的命名空间范围。
+      --password string                              用来对 API 服务器进行基本身份验证的密码。
+      --request-timeout string                       放弃单个服务器请求前等待的时间长度。非零值应包含相应的时间单位（如 1s、2m 或 3h）。值为 0 表示请求不超时；默认值为 "0"。
+  -s, --server string                                Kubernetes API 服务器的地址和端口。
+      --stderrthreshold severity                     在此阈值或以上的日志将转到 stderr（默认值为 2）。
+      --token string                                 向 API 服务器进行身份验证的持有者令牌。
+      --user string                                  使用的 kubeconfig 用户的名称。
+      --username string                              用户名，用于对 API 服务器的基本身份验证。
+  -v, --v Level                                      V 日志的日志级别。
+      --vmodule moduleSpec                           基于文件的日志过滤，取值为逗号分隔的列表，列表中每项的格式为 "pattern=N"。
+```
+
+<!--
+### SEE ALSO
+* [kubefed](kubefed.md)	 - kubefed controls a Kubernetes Cluster Federation
+-->
+
+### 其他参考
+* [kubefed](kubefed.md)  - 使用 kubefed 控制集群联邦
+
+<!--
+###### Auto generated by spf13/cobra on 24-Sep-2018
+-->
+
+###### 由 spf13/cobra 自动生成于 2018-9-24
diff --git a/content/zh/docs/reference/setup-tools/kubefed/kubefed_options.md b/content/zh/docs/reference/setup-tools/kubefed/kubefed_options.md
new file mode 100644
index 0000000000000..87e0b5cf0bed2
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/kubefed_options.md
@@ -0,0 +1,161 @@
+## kubefed 选项
+<!--
+## kubefed options
+-->
+
+<!--
+Print the list of flags inherited by all commands
+-->
+打印适用于所有命令的参数列表
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Print the list of flags inherited by all commands
+-->
+
+打印适用于所有命令的参数列表
+
+```
+kubefed options [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 示例
+
+<!--
+```
+  # Print flags inherited by all commands
+  kubefed options
+```
+-->
+
+```
+  # 打印适用于所有命令的参数
+  kubefed options
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+```
+  -h, --help   help for options
+```
+-->
+
+```
+  -h, --help   options 的帮助信息
+```
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+```
+      --alsologtostderr                              log to standard error as well as files
+      --as string                                    Username to impersonate for the operation
+      --as-group stringArray                         Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --cache-dir string                             Default HTTP cache directory (default "/Users/zarnold/.kube/http-cache")
+      --certificate-authority string                 Path to a cert file for the certificate authority
+      --client-certificate string                    Path to a client certificate file for TLS
+      --client-key string                            Path to a client key file for TLS
+      --cloud-provider-gce-lb-src-cidrs cidrs        CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               The name of the kubeconfig cluster to use
+      --context string                               The name of the kubeconfig context to use
+      --default-not-ready-toleration-seconds int     Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --default-unreachable-toleration-seconds int   Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --insecure-skip-tls-verify                     If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --ir-data-source string                        Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb")
+      --ir-dbname string                             InfluxDB database name which contains metrics required by InitialResources (default "k8s")
+      --ir-hawkular string                           Hawkular configuration URL
+      --ir-influxdb-host string                      Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+      --ir-namespace-only                            Whether the estimation should be made only based on data from the same namespace.
+      --ir-password string                           Password used for connecting to InfluxDB (default "root")
+      --ir-percentile int                            Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90)
+      --ir-user string                               User used for connecting to InfluxDB (default "root")
+      --kubeconfig string                            Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at traceLocation               when logging hits line file:N, emit a stack trace (default :0)
+      --log-dir string                               If non-empty, write log files in this directory
+      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
+      --logtostderr                                  log to standard error instead of files (default true)
+      --match-server-version                         Require server version to match client version
+  -n, --namespace string                             If present, the namespace scope for this CLI request
+      --password string                              Password for basic authentication to the API server
+      --request-timeout string                       The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+  -s, --server string                                The address and port of the Kubernetes API server
+      --stderrthreshold severity                     logs at or above this threshold go to stderr (default 2)
+      --token string                                 Bearer token for authentication to the API server
+      --user string                                  The name of the kubeconfig user to use
+      --username string                              Username for basic authentication to the API server
+  -v, --v Level                                      log level for V logs
+      --vmodule moduleSpec                           comma-separated list of pattern=N settings for file-filtered logging
+```
+-->
+
+```
+      --alsologtostderr                              同时将日志输出到标准错误输出（stderr）
+      --as string                                    用户名模拟操作
+      --as-group stringArray                         要模拟操作的组，可以重复使用此参数来指定多个组。
+      --cache-dir string                             默认 HTTP 缓存目录（默认 "/Users/jrondeau/.kube/http-cache"）
+      --certificate-authority string                 证书创建的证书机构的的路径
+      --client-certificate string                    TLS 客户端证书的路径
+      --client-key string                            TLS 客户端秘钥的路径
+      --cloud-provider-gce-lb-src-cidrs cidrs        在 GCE 防火墙中放开的 CIDRs，用于 LB 流量代理和检查是否正常（默认 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16）。
+      --cluster string                               使用的 kubeconfig 集群的名称
+      --context string                               使用的 kubeconfig 上下文名称
+      --default-not-ready-toleration-seconds int     对于未添加 notReady:NoExecute 容忍度设置的所有 Pod，为其设置此参数值作为对 notReady:NoExecute 容忍度的容忍秒数（tolerationSeconds）；默认值为 300 秒。
+      --default-unreachable-toleration-seconds int   对于未设置 unreachable:NoExecute 容忍度的所有 Pod，设置其对 unreachable:NoExecute 的容忍度秒数（tolerationSeconds）；默认值为 300 秒。
+      --insecure-skip-tls-verify                     如果是 true，将不检查服务器证书的有效性。这将使您的 HTTPS 连接不安全。
+      --ir-data-source string                        由 InitialResources 使用的数据源；支持的选项有：influxdb 和 gcm（默认 "influxdb"）。
+      --ir-dbname string                             数据库名，其中包含 InitialResources 所需的指标（默认 "k8s"）。
+      --ir-hawkular string                           Hawkular 配置 URL
+      --ir-influxdb-host string                      包含 InitialResources 需要的指标的 InfluxDB 的地址（默认 "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy"）
+      --ir-namespace-only                            是否仅根据来自相同命名空间的数据进行估算。
+      --ir-password string                           用于连接到 InfluxDB 的密码（默认 "root"）
+      --ir-percentile int                            在估算资源时，InitialResoruces 要使用的样本百分比。仅用于实验目的。默认值为 90。 
+      --ir-user string                               用于连接到 InfluxDB 的用户（默认 "root"）
+      --kubeconfig string                            用于 CLI 请求的 kubeconfig 文件的路径。
+      --log-backtrace-at traceLocation               当日志机制遇到文件行 file:N 时，打印堆栈轨迹；默认值为 “:0”。
+      --log-dir string                               如果非空，在此目录中写入日志文件
+      --log-flush-frequency duration                 日志刷新的最大秒数（默认 5s）
+      --logtostderr                                  记录日志到标准错误输出（stderr）而不是文件中；默认值为 true。
+      --match-server-version                         要求服务器版本与客户端版本匹配
+  -n, --namespace string                             若给定，用来设置 CLI 请求的命名空间范围
+      --password string                              用来对 API 服务器进行基本身份验证的密码
+      --request-timeout string                       放弃单个服务器请求前等待的时间长度。非零值应包含相应的时间单位（如 1s、2m 或 3h）。值为 0 表示请求不超时；默认值为 "0"。
+  -s, --server string                                Kubernetes API 服务器的地址和端口
+      --stderrthreshold severity                     在此阈值或以上的日志将转到 stderr（默认 2）
+      --token string                                 向 API 服务器进行身份验证的持有者令牌
+      --user string                                  使用的 kubeconfig 用户的名称
+      --username string                              用户名，用于对 API 服务器的基本身份验证。
+  -v, --v Level                                      V 日志的日志级别
+      --vmodule moduleSpec                           基于文件的日志过滤，取值为逗号分隔的列表，列表中每项的格式为 "pattern=N"。
+```
+
+<!--
+### SEE ALSO
+* [kubefed](kubefed.md)	 - kubefed controls a Kubernetes Cluster Federation
+-->
+
+### 其他参考
+* [kubefed](kubefed.md)  - 使用 kubefed 控制 Kubernetes 集群联邦
+
+<!--
+###### Auto generated by spf13/cobra on 24-Sep-2018
+-->
+
+###### 原文由 spf13/cobra 自动生成于 2018-9-24
diff --git a/content/zh/docs/reference/setup-tools/kubefed/kubefed_unjoin.md b/content/zh/docs/reference/setup-tools/kubefed/kubefed_unjoin.md
new file mode 100644
index 0000000000000..72e63b682595f
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/kubefed_unjoin.md
@@ -0,0 +1,175 @@
+## kubefed unjoin
+
+<!--
+Unjoin a cluster from a federation
+-->
+
+从联邦中移除一个集群
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Unjoin a cluster from a federation. 
+-->
+从联邦中移除一个集群
+
+<!--
+    Current context is assumed to be a federation endpoint.
+    Please use the --context flag otherwise.
+-->
+    假定当前上下文是联邦端点。
+    否则请使用 --context 参数。    
+
+```
+kubefed unjoin CLUSTER_NAME --host-cluster-context=HOST_CONTEXT [flags]
+```
+
+<!--
+### Examples
+-->
+
+### 示例
+
+<!--
+```
+  # Unjoin the specified cluster from a federation.
+  # Federation control plane's host cluster context name
+  # must be specified via the --host-cluster-context flag
+  # to properly cleanup the credentials.
+  kubectl unjoin foo --host-cluster-context=bar --cluster-context=baz
+```
+-->
+
+```
+  # 从联邦中移除指定集群。必须通过 --host-cluster-context 参数指定联邦控制平面所在群集的上下文名称，以便正确清理凭证。
+  kubectl unjoin foo --host-cluster-context=bar --cluster-context=baz
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+```
+      --cluster-context string               Name of the cluster's context in the local kubeconfig. Defaults to cluster name if unspecified.
+      --credentials-kubeconfig string        Kubeconfig file path on local file system, which should be used to authenticate with host cluster or the joining cluster (instead of the default kubeconfig).This can be used to override the RBAC based authentication while initialising the federation control plane or joining a cluster to one, even when the cluster exposes the RBAC API.
+      --federation-system-namespace string   Namespace in the host cluster where the federation system components are installed (default "federation-system")
+  -h, --help                                 help for unjoin
+      --host-cluster-context string          Host cluster context
+```
+-->
+
+```
+      --cluster-context string               本地 kubeconfig 中的集群上下文名称。 如果未指定，默认为集群名称。
+      --credentials-kubeconfig string        本地文件系统上的 kubeconfig 文件路径，应用于与主机群集或加入群集（而不是默认的 kubeconfig）进行身份验证。这可用于在初始化联邦控制平面或将群集加入到一个群集时覆盖基于 RBAC 的身份验证，即使在群集公开 RBAC API 时也是如此。
+      --federation-system-namespace string   主机集群上用来安装联邦系统组件的命名空间（默认 "federation-system"）
+  -h, --help                                 unjoin 的帮助信息
+      --host-cluster-context string          宿主集群的上下文
+```
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+```
+      --alsologtostderr                              log to standard error as well as files
+      --as string                                    Username to impersonate for the operation
+      --as-group stringArray                         Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --cache-dir string                             Default HTTP cache directory (default "/Users/zarnold/.kube/http-cache")
+      --certificate-authority string                 Path to a cert file for the certificate authority
+      --client-certificate string                    Path to a client certificate file for TLS
+      --client-key string                            Path to a client key file for TLS
+      --cloud-provider-gce-lb-src-cidrs cidrs        CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               The name of the kubeconfig cluster to use
+      --context string                               The name of the kubeconfig context to use
+      --default-not-ready-toleration-seconds int     Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --default-unreachable-toleration-seconds int   Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --insecure-skip-tls-verify                     If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --ir-data-source string                        Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb")
+      --ir-dbname string                             InfluxDB database name which contains metrics required by InitialResources (default "k8s")
+      --ir-hawkular string                           Hawkular configuration URL
+      --ir-influxdb-host string                      Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+      --ir-namespace-only                            Whether the estimation should be made only based on data from the same namespace.
+      --ir-password string                           Password used for connecting to InfluxDB (default "root")
+      --ir-percentile int                            Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90)
+      --ir-user string                               User used for connecting to InfluxDB (default "root")
+      --kubeconfig string                            Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at traceLocation               when logging hits line file:N, emit a stack trace (default :0)
+      --log-dir string                               If non-empty, write log files in this directory
+      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
+      --logtostderr                                  log to standard error instead of files (default true)
+      --match-server-version                         Require server version to match client version
+  -n, --namespace string                             If present, the namespace scope for this CLI request
+      --password string                              Password for basic authentication to the API server
+      --request-timeout string                       The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+  -s, --server string                                The address and port of the Kubernetes API server
+      --stderrthreshold severity                     logs at or above this threshold go to stderr (default 2)
+      --token string                                 Bearer token for authentication to the API server
+      --user string                                  The name of the kubeconfig user to use
+      --username string                              Username for basic authentication to the API server
+  -v, --v Level                                      log level for V logs
+      --vmodule moduleSpec                           comma-separated list of pattern=N settings for file-filtered logging
+```
+-->
+
+```
+      --alsologtostderr                              同时将日志输出到标准错误输出（stderr）
+      --as string                                    用户名模拟操作
+      --as-group stringArray                         要模拟操作的组，可以重复使用此参数来指定多个组。
+      --cache-dir string                             默认 HTTP 缓存目录（默认 "/Users/jrondeau/.kube/http-cache"）
+      --certificate-authority string                 证书创建的证书机构的的路径
+      --client-certificate string                    TLS 客户端证书的路径
+      --client-key string                            TLS 客户端密钥的路径
+      --cloud-provider-gce-lb-src-cidrs cidrs        在 GCE 防火墙中放开的 CIDRs，用于 LB 流量代理和检查是否正常（默认 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16）
+      --cluster string                               使用的 kubeconfig 集群的名称
+      --context string                               使用的 kubeconfig 上下文名称
+      --default-not-ready-toleration-seconds int     对于未添加 notReady:NoExecute 容忍度设置的所有 Pod，为其设置此参数值作为对 notReady:NoExecute 容忍度的容忍秒数（tolerationSeconds）；默认值为 300 秒。
+      --default-unreachable-toleration-seconds int   对于未设置 unreachable:NoExecute 容忍度的所有 Pod，设置其对 unreachable:NoExecute 的容忍度秒数（tolerationSeconds）；默认值为 300 秒。
+      --insecure-skip-tls-verify                     如果是 true，将不检查服务器证书的有效性。这将使您的 HTTPS 连接不安全
+      --ir-data-source string                        由 InitialResources 使用的数据源；支持的选项有：influxdb 和 gcm（默认 "influxdb"）。
+      --ir-dbname string                             数据库名，其中包含 InitialResources 所需的指标（默认 "k8s"）
+      --ir-hawkular string                           Hawkular 配置 URL
+      --ir-influxdb-host string                      包含 InitialResources 需要的指标的 InfluxDB 的地址（默认 "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy"）
+      --ir-namespace-only                            是否仅根据来自相同命名空间的数据进行估算。
+      --ir-password string                           用于连接到 InfluxDB 的密码（默认 "root"）
+      --ir-percentile int                            在估算资源时，InitialResoruces 要使用的样本百分比。仅用于实验目的。默认值为 90。 
+      --ir-user string                               用于连接到 InfluxDB 的用户（默认 "root"）
+      --kubeconfig string                            用于 CLI 请求的 kubeconfig 文件的路径。
+      --log-backtrace-at traceLocation               当日志机制遇到文件行 file:N 时，打印堆栈轨迹；默认值为 “:0”。
+      --log-dir string                               如果非空，在此目录中写入日志文件
+      --log-flush-frequency duration                 日志刷新的最大秒数 (默认 5s)
+      --logtostderr                                  记录日志到标准错误输出（stderr）而不是文件中； 默认值为 true
+      --match-server-version                         要求服务器版本与客户端版本匹配
+  -n, --namespace string                             若给定，用来设置 CLI 请求的命名空间范围
+      --password string                              用来对 API 服务器进行基本身份验证的密码
+      --request-timeout string                       放弃单个服务器请求前等待的时间长度。非零值应包含相应的时间单位（如 1s、2m 或 3h）。值为 0 表示请求不超时；默认值为 "0"
+  -s, --server string                                Kubernetes API 服务器的地址和端口
+      --stderrthreshold severity                     在此阈值或以上的日志将转到 stderr（默认 2）
+      --token string                                 向 API 服务器进行身份验证的持有者令牌
+      --user string                                  使用的 kubeconfig 用户的名称
+      --username string                              用户名，用于对 API 服务器的基本身份验证
+  -v, --v Level                                      V 日志的日志级别
+      --vmodule moduleSpec                           基于文件的日志过滤，取值为逗号分隔的列表，列表中每项的格式为 "pattern=N"
+```
+
+<!--
+### SEE ALSO
+* [kubefed](kubefed.md)  - kubefed controls a Kubernetes Cluster Federation
+-->
+
+### 其他参考
+* [kubefed](kubefed.md)  - 用 kubefed 控制 Kubernetes 集群联邦
+
+<!--
+###### Auto generated by spf13/cobra on 24-Sep-2018
+-->
+###### 原文由 spf13/cobra 自动生成于 2018-9-24
diff --git a/content/zh/docs/reference/setup-tools/kubefed/kubefed_version.md b/content/zh/docs/reference/setup-tools/kubefed/kubefed_version.md
new file mode 100644
index 0000000000000..3d4087672d3ee
--- /dev/null
+++ b/content/zh/docs/reference/setup-tools/kubefed/kubefed_version.md
@@ -0,0 +1,165 @@
+## kubefed version
+
+<!--
+Print the client and server version information
+-->
+
+打印客户端和服务器的版本信息
+
+<!--
+### Synopsis
+-->
+
+### 概要
+
+<!--
+Print the client and server version information for the current context
+-->
+
+打印当前上下文的客户端和服务器版本信息
+
+```
+kubefed version [flags]
+```
+
+<!--
+### Examples
+-->
+### 示例
+
+<!--
+```
+  # Print the client and server versions for the current context
+  kubefed version
+```
+-->
+
+```
+  # 打印当前上下文的客户端和服务器版本信息
+  kubefed version
+```
+
+<!--
+### Options
+-->
+
+### 选项
+
+<!--
+```
+      --client          Client version only (no server required).
+  -h, --help            help for version
+  -o, --output string   One of 'yaml' or 'json'.
+      --short           Print just the version number.
+```
+-->
+
+```
+      --client          只打印客户端版本（不打印服务器的版本）。
+  -h, --help            version 的帮助信息
+  -o, --output string   'yaml' 或 'json' 之一。
+      --short           仅打印版本号。
+```
+
+<!--
+### Options inherited from parent commands
+-->
+
+### 从父命令继承的选项
+
+<!--
+```
+      --alsologtostderr                              log to standard error as well as files
+      --as string                                    Username to impersonate for the operation
+      --as-group stringArray                         Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --cache-dir string                             Default HTTP cache directory (default "/Users/zarnold/.kube/http-cache")
+      --certificate-authority string                 Path to a cert file for the certificate authority
+      --client-certificate string                    Path to a client certificate file for TLS
+      --client-key string                            Path to a client key file for TLS
+      --cloud-provider-gce-lb-src-cidrs cidrs        CIDRs opened in GCE firewall for LB traffic proxy & health checks (default 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16)
+      --cluster string                               The name of the kubeconfig cluster to use
+      --context string                               The name of the kubeconfig context to use
+      --default-not-ready-toleration-seconds int     Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --default-unreachable-toleration-seconds int   Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. (default 300)
+      --insecure-skip-tls-verify                     If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --ir-data-source string                        Data source used by InitialResources. Supported options: influxdb, gcm. (default "influxdb")
+      --ir-dbname string                             InfluxDB database name which contains metrics required by InitialResources (default "k8s")
+      --ir-hawkular string                           Hawkular configuration URL
+      --ir-influxdb-host string                      Address of InfluxDB which contains metrics required by InitialResources (default "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy")
+      --ir-namespace-only                            Whether the estimation should be made only based on data from the same namespace.
+      --ir-password string                           Password used for connecting to InfluxDB (default "root")
+      --ir-percentile int                            Which percentile of samples should InitialResources use when estimating resources. For experiment purposes. (default 90)
+      --ir-user string                               User used for connecting to InfluxDB (default "root")
+      --kubeconfig string                            Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at traceLocation               when logging hits line file:N, emit a stack trace (default :0)
+      --log-dir string                               If non-empty, write log files in this directory
+      --log-flush-frequency duration                 Maximum number of seconds between log flushes (default 5s)
+      --logtostderr                                  log to standard error instead of files (default true)
+      --match-server-version                         Require server version to match client version
+  -n, --namespace string                             If present, the namespace scope for this CLI request
+      --password string                              Password for basic authentication to the API server
+      --request-timeout string                       The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+  -s, --server string                                The address and port of the Kubernetes API server
+      --stderrthreshold severity                     logs at or above this threshold go to stderr (default 2)
+      --token string                                 Bearer token for authentication to the API server
+      --user string                                  The name of the kubeconfig user to use
+      --username string                              Username for basic authentication to the API server
+  -v, --v Level                                      log level for V logs
+      --vmodule moduleSpec                           comma-separated list of pattern=N settings for file-filtered logging
+```
+-->
+
+
+```
+      --alsologtostderr                              同时将日志输出到标准错误输出（stderr）
+      --as string                                    用户名模拟操作
+      --as-group stringArray                         要模拟操作的组，可以重复使用此参数来指定多个组。
+      --cache-dir string                             默认 HTTP 缓存目录（默认 "/Users/jrondeau/.kube/http-cache"）
+      --certificate-authority string                 证书创建的证书机构的的路径
+      --client-certificate string                    TLS 客户端证书的路径
+      --client-key string                            TLS 客户端秘钥的路径
+      --cloud-provider-gce-lb-src-cidrs cidrs        在 GCE 防火墙中放开的 CIDRs，用于 LB 流量代理和检查是否正常（默认 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16）
+      --cluster string                               使用的 kubeconfig 集群的名称
+      --context string                               使用的 kubeconfig 上下文名称
+      --default-not-ready-toleration-seconds int     对于未添加 notReady:NoExecute 容忍度设置的所有 Pod，为其设置此参数值作为对 notReady:NoExecute 容忍度的容忍秒数（tolerationSeconds）；默认值为 300 秒。
+      --default-unreachable-toleration-seconds int   对于未设置 unreachable:NoExecute 容忍度的所有 Pod，设置其对 unreachable:NoExecute 的容忍度秒数（tolerationSeconds）；默认值为 300 秒。
+      --insecure-skip-tls-verify                     如果是 true，将不检查服务器证书的有效性。这将使您的 HTTPS 连接不安全
+      --ir-data-source string                        由 InitialResources 使用的数据源；支持的选项有：influxdb 和 gcm（默认 "influxdb"）。
+      --ir-dbname string                             数据库名，其中包含 InitialResources 所需的指标（默认 "k8s"）
+      --ir-hawkular string                           Hawkular 配置 URL
+      --ir-influxdb-host string                      包含 InitialResources 需要的指标的 InfluxDB 的地址（默认 "localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb:api/proxy"）
+      --ir-namespace-only                            是否仅根据来自相同命名空间的数据进行估算。
+      --ir-password string                           用于连接到 InfluxDB 的密码（默认 "root"）
+      --ir-percentile int                            在估算资源时，InitialResoruces 要使用的样本百分比。仅用于实验目的。默认值为 90。 
+      --ir-user string                               用于连接到 InfluxDB 的用户（默认 "root"）
+      --kubeconfig string                            用于 CLI 请求的 kubeconfig 文件的路径。
+      --log-backtrace-at traceLocation               当日志机制遇到文件行 file:N 时，打印堆栈轨迹；默认值为 “:0”。
+      --log-dir string                               如果非空，在此目录中写入日志文件
+      --log-flush-frequency duration                 日志刷新的最大秒数（默认 5s）
+      --logtostderr                                  记录日志到标准错误输出（stderr）而不是文件中；默认值为 true
+      --match-server-version                         要求服务器版本与客户端版本匹配
+  -n, --namespace string                             若给定，用来设置 CLI 请求的命名空间范围
+      --password string                              用来对 API 服务器进行基本身份验证的密码
+      --request-timeout string                       放弃单个服务器请求前等待的时间长度。非零值应包含相应的时间单位（如 1s、2m 或 3h）。值为 0 表示请求不超时；默认值为 "0"
+  -s, --server string                                Kubernetes API 服务器的地址和端口
+      --stderrthreshold severity                     在此阈值或以上的日志将转到 stderr（默认 2）
+      --token string                                 向 API 服务器进行身份验证的持有者令牌
+      --user string                                  使用的 kubeconfig 用户的名称
+      --username string                              用户名，用于对 API 服务器的基本身份验证
+  -v, --v Level                                      V 日志的日志级别
+      --vmodule moduleSpec                           基于文件的日志过滤，取值为逗号分隔的列表，列表中每项的格式为 "pattern=N"
+```
+
+<!--
+### SEE ALSO
+* [kubefed](kubefed.md)	 - kubefed controls a Kubernetes Cluster Federation
+-->
+
+### 其他参考
+* [kubefed](kubefed.md) - 使用 kubefed 控制集群联邦
+
+<!--
+###### Auto generated by spf13/cobra on 24-Sep-2018
+-->
+
+###### 原文由 spf13/cobra 自动生成于 2018-9-24
diff --git a/content/zh/docs/reference/tools.md b/content/zh/docs/reference/tools.md
index 388187aebe88e..8f1914ee63a7e 100644
--- a/content/zh/docs/reference/tools.md
+++ b/content/zh/docs/reference/tools.md
@@ -1,17 +1,20 @@
-<!--
 ---
 reviewers:
 - janetkuo
-title: Tools
+title: 工具
 content_template: templates/concept
 ---
--->
+
+<!--
 ---
 reviewers:
 - janetkuo
-title: 工具
+title: Tools
 content_template: templates/concept
 ---
+-->
+
+
 
 <!--
 Kubernetes contains several built-in tools to help you work with the Kubernetes system.
diff --git a/content/zh/docs/reference/using-api/_index.md b/content/zh/docs/reference/using-api/_index.md
new file mode 100644
index 0000000000000..aeeeb52727a22
--- /dev/null
+++ b/content/zh/docs/reference/using-api/_index.md
@@ -0,0 +1,13 @@
+---
+title: 使用 Kubernetes API
+weight: 10
+toc-hide: true
+---
+
+<!--
+---
+title: Using the Kubernetes API
+weight: 10
+toc-hide: true
+---
+-->
diff --git a/content/zh/docs/reference/using-api/client-libraries.md b/content/zh/docs/reference/using-api/client-libraries.md
new file mode 100644
index 0000000000000..1b1b8dea7e4aa
--- /dev/null
+++ b/content/zh/docs/reference/using-api/client-libraries.md
@@ -0,0 +1,139 @@
+---
+title: 客户端库
+content_template: templates/concept
+weight: 30
+---
+
+<!--
+---
+title: Client Libraries
+reviewers:
+- ahmetb
+content_template: templates/concept
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page contains an overview of the client libraries for using the Kubernetes
+API from various programming languages.
+-->
+本页面包含基于各种编程语言使用 Kubernetes API 的客户端库概述。
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+To write applications using the [Kubernetes REST API](/docs/reference/using-api/api-overview/),
+you do not need to implement the API calls and request/response types yourself.
+You can use a client library for the programming language you are using.
+-->
+在使用 [Kubernetes REST API](/docs/reference/using-api/api-overview/) 编写应用程序时，
+您并不需要自己实现 API 调用和 “请求/响应” 类型。
+您可以根据自己的编程语言需要选择使用合适的客户端库。
+
+<!--
+Client libraries often handle common tasks such as authentication for you.
+Most client libraries can discover and use the Kubernetes Service Account to
+authenticate if the API client is running inside the Kubernetes cluster, or can
+understand the [kubeconfig file](/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/)
+format to read the credentials and the API Server address.
+-->
+客户端库通常为您处理诸如身份验证之类的常见任务。
+如果 API 客户端在 Kubernetes 集群中运行，大多数客户端库可以发现并使用 Kubernetes 服务帐户进行身份验证，
+或者能够理解 [kubeconfig 文件](/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/)
+格式来读取凭据和 API 服务器地址。
+
+<!--
+## Officially-supported Kubernetes client libraries
+-->
+## 官方支持的 Kubernetes 客户端库
+
+<!--
+The following client libraries are officially maintained by [Kubernetes SIG API
+Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery).
+-->
+以下客户端库由 [Kubernetes SIG API Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery) 正式维护。
+
+<!--
+| Language | Client Library | Sample Programs |
+|----------|----------------|-----------------|
+| Go       | [github.com/kubernetes/client-go/](https://github.com/kubernetes/client-go/) | [browse](https://github.com/kubernetes/client-go/tree/master/examples)
+| Python       | [github.com/kubernetes-client/python/](https://github.com/kubernetes-client/python/) | [browse](https://github.com/kubernetes-client/python/tree/master/examples)
+| Java     | [github.com/kubernetes-client/java](https://github.com/kubernetes-client/java/) | [browse](https://github.com/kubernetes-client/java#installation)
+| dotnet   | [github.com/kubernetes-client/csharp](https://github.com/kubernetes-client/csharp) | [browse](https://github.com/kubernetes-client/csharp/tree/master/examples/simple)
+| JavaScript   | [github.com/kubernetes-client/javascript](https://github.com/kubernetes-client/javascript) | [browse](https://github.com/kubernetes-client/javascript/tree/master/examples)
+-->
+|   语言   |     客户端库    |     样例程序     |
+|----------|----------------|-----------------|
+| Go       | [github.com/kubernetes/client-go/](https://github.com/kubernetes/client-go/) | [浏览](https://github.com/kubernetes/client-go/tree/master/examples)
+| Python       | [github.com/kubernetes-client/python/](https://github.com/kubernetes-client/python/) | [浏览](https://github.com/kubernetes-client/python/tree/master/examples)
+| Java     | [github.com/kubernetes-client/java](https://github.com/kubernetes-client/java/) | [浏览](https://github.com/kubernetes-client/java#installation)
+| dotnet   | [github.com/kubernetes-client/csharp](https://github.com/kubernetes-client/csharp) | [浏览](https://github.com/kubernetes-client/csharp/tree/master/examples/simple)
+| JavaScript   | [github.com/kubernetes-client/javascript](https://github.com/kubernetes-client/javascript) | [浏览](https://github.com/kubernetes-client/javascript/tree/master/examples)
+
+
+<!--
+## Community-maintained client libraries
+-->
+## 社区维护的客户端库
+
+<!--
+The following Kubernetes API client libraries are provided and maintained by
+their authors, not the Kubernetes team.
+-->
+以下 Kubernetes API 客户端库是由社区，而非 Kubernetes 团队支持、维护的。
+
+<!--
+| Language             | Client Library                           |
+| -------------------- | ---------------------------------------- |
+| Clojure              | [github.com/yanatan16/clj-kubernetes-api](https://github.com/yanatan16/clj-kubernetes-api) |
+| Go                   | [github.com/ericchiang/k8s](https://github.com/ericchiang/k8s) |
+| Java (OSGi)          | [bitbucket.org/amdatulabs/amdatu-kubernetes](https://bitbucket.org/amdatulabs/amdatu-kubernetes) |
+| Java (Fabric8, OSGi) | [github.com/fabric8io/kubernetes-client](https://github.com/fabric8io/kubernetes-client) |
+| Lisp                 | [github.com/brendandburns/cl-k8s](https://github.com/brendandburns/cl-k8s) |
+| Lisp                 | [github.com/xh4/cube](https://github.com/xh4/cube) |
+| Node.js (TypeScript) | [github.com/Goyoo/node-k8s-client](https://github.com/Goyoo/node-k8s-client) |
+| Node.js              | [github.com/tenxcloud/node-kubernetes-client](https://github.com/tenxcloud/node-kubernetes-client) |
+| Node.js              | [github.com/godaddy/kubernetes-client](https://github.com/godaddy/kubernetes-client) |
+| Perl                 | [metacpan.org/pod/Net::Kubernetes](https://metacpan.org/pod/Net::Kubernetes) |
+| PHP                  | [github.com/devstub/kubernetes-api-php-client](https://github.com/devstub/kubernetes-api-php-client) |
+| PHP                  | [github.com/maclof/kubernetes-client](https://github.com/maclof/kubernetes-client) |
+| Python               | [github.com/eldarion-gondor/pykube](https://github.com/eldarion-gondor/pykube) |
+| Python               | [github.com/mnubo/kubernetes-py](https://github.com/mnubo/kubernetes-py) |
+| Ruby                 | [github.com/Ch00k/kuber](https://github.com/Ch00k/kuber) |
+| Ruby                 | [github.com/abonas/kubeclient](https://github.com/abonas/kubeclient) |
+| Ruby                 | [github.com/kontena/k8s-client](https://github.com/kontena/k8s-client) |
+| Scala                | [github.com/doriordan/skuber](https://github.com/doriordan/skuber) |
+| dotNet               | [github.com/tonnyeremin/kubernetes_gen](https://github.com/tonnyeremin/kubernetes_gen) |
+| DotNet (RestSharp)   | [github.com/masroorhasan/Kubernetes.DotNet](https://github.com/masroorhasan/Kubernetes.DotNet) |
+| Elixir               | [github.com/obmarg/kazan](https://github.com/obmarg/kazan/) |
+| Haskell              | [github.com/soundcloud/haskell-kubernetes](https://github.com/soundcloud/haskell-kubernetes) |
+-->
+| 语言                 | 客户端库                                  |
+| -------------------- | ---------------------------------------- |
+| Clojure              | [github.com/yanatan16/clj-kubernetes-api](https://github.com/yanatan16/clj-kubernetes-api) |
+| Go                   | [github.com/ericchiang/k8s](https://github.com/ericchiang/k8s) |
+| Java (OSGi)          | [bitbucket.org/amdatulabs/amdatu-kubernetes](https://bitbucket.org/amdatulabs/amdatu-kubernetes) |
+| Java (Fabric8, OSGi) | [github.com/fabric8io/kubernetes-client](https://github.com/fabric8io/kubernetes-client) |
+| Lisp                 | [github.com/brendandburns/cl-k8s](https://github.com/brendandburns/cl-k8s) |
+| Lisp                 | [github.com/xh4/cube](https://github.com/xh4/cube) |
+| Node.js (TypeScript) | [github.com/Goyoo/node-k8s-client](https://github.com/Goyoo/node-k8s-client) |
+| Node.js              | [github.com/tenxcloud/node-kubernetes-client](https://github.com/tenxcloud/node-kubernetes-client) |
+| Node.js              | [github.com/godaddy/kubernetes-client](https://github.com/godaddy/kubernetes-client) |
+| Perl                 | [metacpan.org/pod/Net::Kubernetes](https://metacpan.org/pod/Net::Kubernetes) |
+| PHP                  | [github.com/devstub/kubernetes-api-php-client](https://github.com/devstub/kubernetes-api-php-client) |
+| PHP                  | [github.com/maclof/kubernetes-client](https://github.com/maclof/kubernetes-client) |
+| Python               | [github.com/eldarion-gondor/pykube](https://github.com/eldarion-gondor/pykube) |
+| Python               | [github.com/mnubo/kubernetes-py](https://github.com/mnubo/kubernetes-py) |
+| Ruby                 | [github.com/Ch00k/kuber](https://github.com/Ch00k/kuber) |
+| Ruby                 | [github.com/abonas/kubeclient](https://github.com/abonas/kubeclient) |
+| Ruby                 | [github.com/kontena/k8s-client](https://github.com/kontena/k8s-client) |
+| Scala                | [github.com/doriordan/skuber](https://github.com/doriordan/skuber) |
+| dotNet               | [github.com/tonnyeremin/kubernetes_gen](https://github.com/tonnyeremin/kubernetes_gen) |
+| DotNet (RestSharp)   | [github.com/masroorhasan/Kubernetes.DotNet](https://github.com/masroorhasan/Kubernetes.DotNet) |
+| Elixir               | [github.com/obmarg/kazan](https://github.com/obmarg/kazan/) |
+| Haskell              | [github.com/soundcloud/haskell-kubernetes](https://github.com/soundcloud/haskell-kubernetes) |
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/search.md b/content/zh/docs/search.md
new file mode 100644
index 0000000000000..d0a89719f78bf
--- /dev/null
+++ b/content/zh/docs/search.md
@@ -0,0 +1,11 @@
+---
+layout: search
+title: 搜索结果
+---
+
+<!--
+---
+layout: search
+title: Search Results
+---
+-->
\ No newline at end of file
diff --git a/content/zh/docs/setup/_index.md b/content/zh/docs/setup/_index.md
new file mode 100644
index 0000000000000..22c00bb3cfed9
--- /dev/null
+++ b/content/zh/docs/setup/_index.md
@@ -0,0 +1,211 @@
+---
+reviewers:
+- brendandburns
+- erictune
+- mikedanese
+no_issue: true
+title: 设置
+main_menu: true
+weight: 30
+content_template: templates/concept
+---
+
+<!--
+---
+reviewers:
+- brendandburns
+- erictune
+- mikedanese
+no_issue: true
+title: Setup
+main_menu: true
+weight: 30
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Use this page to find the type of solution that best fits your needs.
+-->
+在这个页面可以找到最适合您以及您需要的解决方案类型。
+
+<!--
+Deciding where to run Kubernetes depends on what resources you have available
+and how much flexibility you need. You can run Kubernetes almost anywhere,
+from your laptop to VMs on a cloud provider to a rack of bare metal servers.
+You can also set up a fully-managed cluster by running a single command or craft
+your own customized cluster on your bare metal servers.
+-->
+Kubernetes 在何处运行取决于您拥有什么资源以及您需要多大的灵活性。您几乎可以在任何地方运行 Kubernetes，
+从笔记本电脑到云服务提供商的虚拟机，再到一排裸金属服务器。您还可以通过运行单个命令来设置完全
+托管的集群，或者在裸金属服务器上创建您自己的定制集群。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Local-machine Solutions
+-->
+
+## 本地机器解决方案
+
+<!--
+A local-machine solution is an easy way to get started with Kubernetes. You
+can create and test Kubernetes clusters without worrying about consuming cloud
+resources and quotas.
+-->
+本地机器解决方案是开始使用 Kubernetes 的一种简单的方法。您可以创建和测试 Kubernetes 集群，而不必担心消耗云资源和配额。
+
+<!--
+You should pick a local solution if you want to:
+-->
+你应该选择一个本地解决方案，如果您想：
+
+<!--
+* Try or start learning about Kubernetes
+* Develop and test clusters locally
+-->
+
+* 尝试或开始了解 Kubernetes
+* 在本地开发和测试集群
+
+<!--
+Pick a [local-machine solution](/docs/setup/pick-right-solution/#local-machine-solutions).
+-->
+选择[本地机器解决方案](/docs/setup/pick-right-solution/#local-machine-solutions)。
+
+<!--
+## Hosted Solutions
+-->
+## 托管解决方案
+
+<!--
+Hosted solutions are a convenient way to create and maintain Kubernetes clusters. They
+manage and operate your clusters so you don’t have to.
+-->
+托管解决方案是创建和维护 Kubernetes 集群的一种实用的方法。他们管理和操作您的集群，所以您不需要。
+
+<!--
+You should pick a hosted solution if you:
+-->
+您应该选择一个托管解决方案，如果您需要：
+
+<!--
+* Want a fully-managed solution
+* Want to focus on developing your apps or services
+* Don’t have dedicated site reliability engineering (SRE) team but want high availability
+* Don't have resources to host and monitor your clusters 
+-->
+
+* 想要一个完全托管的解决方案
+* 希望专注于开发您的应用或者服务
+* 没有专门的可靠的工程(SRE)团队，但需要高可用
+* 没有资源来托管和监视集群
+
+<!--
+Pick a [hosted solution](/docs/setup/pick-right-solution/#hosted-solutions).
+-->
+选择[托管解决方案](/docs/setup/pick-right-solution/#hosted-solutions)。
+
+<!--
+## Turnkey – Cloud Solutions
+-->
+
+## 一站式云解决方案
+
+<!--
+These solutions allow you to create Kubernetes clusters with only a few commands and 
+are actively developed and have active community support. They can also be hosted on 
+a range of Cloud IaaS providers, but they offer more freedom and flexibility in 
+exchange for effort. 
+-->
+这些解决方案允许您仅使用几个命令创建 Kubernetes 集群，这些集群是积极开发的，并且得到了社区的支持。
+它们也可以托管在一系列云服务 IaaS 提供商上，它们提供了更多的自由和灵活性来换取工作量。
+
+<!--
+You should pick a turnkey cloud solution if you
+-->
+您应该选择一个一站式云服务解决方案，如果您需要：
+
+<!--
+* Want more control over your clusters than the hosted solutions allow
+* Want to take on more operations ownership
+-->
+
+* 希望对集群拥有比托管解决方案更多的控制
+* 希望拥有更多的运营所有权
+
+<!--
+Pick a [turnkey cloud solution](/docs/setup/pick-right-solution/#turnkey-cloud-solutions)
+-->
+选择[一站式云服务解决方案](/docs/setup/pick-right-solution/#turnkey-cloud-solutions)。
+
+<!--
+## Turnkey – On-Premises Solutions
+-->
+
+## 一站式本地解决方案
+
+<!--
+These solutions allow you to create Kubernetes clusters on your internal, secure,
+cloud network with only a few commands.
+-->
+这些解决方案允许您在您的内部、安全的云网络上创建 Kubernetes 集群，只需要几个命令。
+
+<!--
+You should pick a on-prem turnkey cloud solution-
+-->
+
+您应该选择一个一站式本地解决方案，如果您需要：
+
+<!--
+* Want to deploy clusters on your private cloud network
+* Have a dedicated SRE team
+* Have the resources to host and monitor your clusters
+-->
+
+* 希望在您的私有云网络上部署集群
+* 有一个专门的 SRE 团队
+* 拥有托管和监视集群的资源
+
+<!--
+Pick an [on-prem turnkey cloud solution](/docs/setup/pick-right-solution/#on-premises-turnkey-cloud-solutions).
+-->
+选择[一站式本地云服务解决方案](/docs/setup/pick-right-solution/#on-premises-turnkey-cloud-solutions)。
+
+<!--
+## Custom Solutions
+-->
+
+## 定制解决方案
+
+<!--
+Custom solutions give you the most freedom over your clusters but require the
+most expertise. These solutions range from bare-metal to cloud providers on
+different operating systems.
+-->
+定制解决方案为您的集群提供了最大的自由度，但需要最多的专业知识。这些解决方案涵盖了从裸金属到不同操作系统上的云服务提供商。
+
+<!--
+Pick a [custom solution](/docs/setup/pick-right-solution/#custom-solutions).
+-->
+选择[定制解决方案](/docs/setup/pick-right-solution/#custom-solutions)。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Go to [Picking the Right Solution](/docs/setup/pick-right-solution/) for a complete
+list of solutions.
+-->
+
+转到完整的解决方案列表选择[正确的解决方案](/docs/setup/pick-right-solution/)。
+{{% /capture %}}
+
+
+
+
diff --git a/content/zh/docs/setup/best-practices/node-conformance.md b/content/zh/docs/setup/best-practices/node-conformance.md
new file mode 100644
index 0000000000000..bef833cf6c17a
--- /dev/null
+++ b/content/zh/docs/setup/best-practices/node-conformance.md
@@ -0,0 +1,177 @@
+---
+reviewers:
+- Random-Liu
+title: 校验节点设置
+weight: 30
+---
+<!--
+---
+reviewers:
+- Random-Liu
+title: Validate node setup
+weight: 30
+---
+-->
+
+{{< toc >}}
+
+<!--
+## Node Conformance Test
+-->
+## 节点一致性测试
+
+<!--
+*Node conformance test* is a containerized test framework that provides a system
+verification and functionality test for a node. 
+-->
+*节点一致性测试* 是一个容器化的测试框架，提供了针对节点的系统验证和功能测试。
+
+<!--
+The test validates whether the node meets the minimum requirements for Kubernetes; a node that passes the testis qualified to join a Kubernetes cluster.
+-->
+该测试主要检测节点是否满足 Kubernetes 的最低要求，通过检测的节点有资格加入 Kubernetes 集群。
+
+<!--
+## Limitations
+-->
+## 限制
+
+<!--
+In Kubernetes version 1.5, node conformance test has the following limitations:
+-->
+在 Kubernetes 1.5 版中，节点一致性测试具有以下限制：
+
+<!--
+* Node conformance test only supports Docker as the container runtime.
+* -->
+* 节点一致性测试只支持 Docker 作为容器运行时环境。
+
+<!--
+## Node Prerequisite
+-->
+## 节点的前提条件
+
+<!--
+To run node conformance test, a node must satisfy the same prerequisites as astandard Kubernetes node. At a minimum, the node should have the following daemons installed:
+-->
+要运行节点一致性测试，节点必须满足与标准 Kubernetes 节点相同的前提条件。节点至少应安装以下守护程序：
+
+<!--
+* Container Runtime (Docker)
+* Kubelet
+-->
+* 容器运行时 (Docker)
+* Kubelet
+
+<!--
+## Running Node Conformance Test
+-->
+## 运行节点一致性测试
+
+<!--
+To run the node conformance test, perform the following steps:
+-->
+要运行节点一致性测试，请执行以下步骤：
+
+<!--
+1. Point your Kubelet to localhost `--api-servers="http://localhost:8080"`,
+because the test framework starts a local master to test Kubelet. There are some
+other Kubelet flags you may care:
+  * `--pod-cidr`: If you are using `kubenet`, you should specify an arbitrary CIDR
+    to Kubelet, for example `--pod-cidr=10.180.0.0/24`.
+  * `--cloud-provider`: If you are using `--cloud-provider=gce`, you should
+    remove the flag to run the test.
+-->
+1. 因为测试框架会启动一个本地的 master 来测试 Kubelet，所以将 Kubelet 指向本机 `--api-servers="http://localhost:8080"。 
+   还有一些其他 Kubelet 参数可能需要注意：
+  * `--pod-cidr`： 如果使用 `kubenet`， 需要为 Kubelet 任意指定一个 CIDR， 例如 `--pod-cidr=10.180.0.0/24`。
+  * `--cloud-provider`： 如果使用 `--cloud-provider=gce`，需要移除这个参数来运行测试。
+
+
+<!--
+2. Run the node conformance test with command:
+-->
+2. 使用以下命令运行节点一致性测试：
+
+```shell
+# $CONFIG_DIR is the pod manifest path of your Kubelet.
+# $LOG_DIR is the test output path.
+sudo docker run -it --rm --privileged --net=host \
+  -v /:/rootfs -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
+  k8s.gcr.io/node-test:0.2
+```
+
+<!--
+## Running Node Conformance Test for Other Architectures
+-->
+## 针对其他硬件体系结构运行节点一致性测试
+
+<!--
+Kubernetes also provides node conformance test docker images for other architectures:
+-->
+Kubernetes 也为其他硬件体系结构的系统提供了节点一致性测试的 Docker 镜像：
+
+  Arch  |       Image       |
+--------|:-----------------:|
+ amd64  |  node-test-amd64  |
+  arm   |    node-test-arm  |
+ arm64  |  node-test-arm64  |
+
+<!--
+## Running Selected Test
+-->
+## 运行特定的测试
+
+<!--
+To run specific tests, overwrite the environment variable `FOCUS` with theregular expression of tests you want to run.
+-->
+要运行特定测试，请使用您希望运行的测试的特定表达式覆盖环境变量 `FOCUS`。
+
+```shell
+sudo docker run -it --rm --privileged --net=host \
+  -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
+  -e FOCUS=MirrorPod \ # Only run MirrorPod test
+  k8s.gcr.io/node-test:0.2
+```
+
+<!--
+To skip specific tests, overwrite the environment variable `SKIP` with theregular expression of tests you want to skip.
+-->
+要跳过特定的测试，请使用您希望跳过的测试的常规表达式覆盖环境变量 `SKIP`。
+
+```shell
+sudo docker run -it --rm --privileged --net=host \
+  -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
+  -e SKIP=MirrorPod \ # Run all conformance tests but skip MirrorPod test
+  k8s.gcr.io/node-test:0.2
+```
+
+<!--
+Node conformance test is a containerized version of [node e2e test](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/devel/e2e-node-tests.md).
+-->
+节点一致性测试是[节点端到端测试](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/devel/e2e-node-tests.md)的容器化版本。
+<!--
+By default, it runs all conformance tests.
+-->
+默认情况下，它会运行所有一致性测试。
+
+<!--
+Theoretically, you can run any node e2e test if you configure the container andmount required volumes properly. But **it is strongly recommended to only run conformance test**, because it requires much more complex configuration to run non-conformance test.
+-->
+理论上，只要合理地配置容器和挂载所需的卷，就可以运行任何的节点端到端测试用例。 但是这里**强烈建议只运行一致性测试**，因为运行非一致性测试需要很多复杂的配置。
+
+<!--
+## Caveats
+-->
+## 注意
+
+<!--
+* The test leaves some docker images on the node, including the node conformance
+  test image and images of containers used in the functionality
+  test.
+* The test leaves dead containers on the node. These containers are created
+  during the functionality test.
+-->
+
+* 测试会在节点上遗留一些 Docker 镜像， 包括节点一致性测试本身的镜像和功能测试相关的镜像。
+* 测试会在节点上遗留一些死的容器。这些容器是在功能测试的过程中创建的。
diff --git a/content/zh/docs/setup/certificates.md b/content/zh/docs/setup/certificates.md
new file mode 100644
index 0000000000000..a9e1239c3d231
--- /dev/null
+++ b/content/zh/docs/setup/certificates.md
@@ -0,0 +1,284 @@
+---
+title: PKI 证书和需求
+content_template: templates/concept
+--- 
+<!-- 
+---
+title: PKI Certificates and Requirements
+reviewers:
+- sig-cluster-lifecycle 
+content_template: templates/concept
+--- 
+-->
+
+{{% capture overview %}}
+
+<!-- 
+Kubernetes requires PKI certificates for authentication over TLS.
+If you install Kubernetes with [kubeadm](/docs/reference/setup-tools/kubeadm/kubeadm/), the certificates that your cluster requires are automatically generated.
+You can also generate your own certificates -- for example, to keep your private keys more secure by not storing them on the API server.
+This page explains the certificates that your cluster requires. 
+-->
+Kubernetes 需要 PKI 证书才能通过 TLS 进行身份验证。如果使用 [kubeadm](/docs/reference/setup-tools/kubeadm/kubeadm/) 安装 Kubernetes，集群所需的证书会被自动生成。
+您还可以生成自己的证书——例如，通过不将私钥保存在 API 服务器上，来更安全地保护它们。。
+此页面说明了集群所需的证书。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!-- 
+## How certificates are used by your cluster 
+-->
+## 集群如何使用证书
+
+<!-- 
+Kubernetes requires PKI for the following operations: 
+-->
+Kubernetes 在执行以下操作时需要相应的证书：
+
+<!-- 
+* Client certificates for the kubelet to authenticate to the API server
+* Server certificate for the API server endpoint
+* Client certificates for administrators of the cluster to authenticate to the API server
+* Client certificates for the API server to talk to the kubelets
+* Client certificate for the API server to talk to etcd
+* Client certificate/kubeconfig for the controller manager to talk to the API server
+* Client certificate/kubeconfig for the scheduler to talk to the API server.
+* Client and server certificates for the [front-proxy][proxy] 
+-->
+* 客户端证书，供 kubelet 访问 API 服务器时的身份验证使用
+* API 服务器端点的服务器证书
+* 客户端证书，供集群管理员访问 API 服务器时的身份验证之用
+* API 服务器与 kubelet 通信所需的客户端证书
+* API 服务器与 etcd 通信所需的客户端证书
+* 客户端证书/kubeconfig，供控制器管理器与 API 服务器通信
+* 客户端证书/kubeconfig，供调度器与 API 服务器通信。
+* [front-proxy][proxy] 的客户端和服务器证书
+
+{{< note >}}
+<!-- 
+`front-proxy` certificates are required only if you run kube-proxy to support [an extension API server](/docs/tasks/access-kubernetes-api/setup-extension-api-server/). 
+-->
+仅在您使用 kube-proxy 来支持 [一个扩展 API 服务器](/docs/tasks/access-kubernetes-api/setup-extension-api-server/) 时才需要 `front-proxy` 证书。
+{{< /note >}}
+
+<!-- 
+etcd also implements mutual TLS to authenticate clients and peers. 
+-->
+etcd 还实现了双向 TLS 来验证客户端和对等端。
+
+<!-- 
+## Where certificates are stored 
+-->
+## 证书在何处存储
+
+<!-- 
+If you install Kubernetes with kubeadm, certificates are stored in `/etc/kubernetes/pki`. All paths in this documentation are relative to that directory. 
+-->
+如果使用 kubeadm 安装 Kubernetes，证书将存储在 `/etc/kubernetes/pki` 目录中。 本文档中的所有路径，都是与该目录的相对路径。
+
+<!-- 
+## Configure certificates manually 
+-->
+## 手动配置证书
+
+<!-- 
+If you don't want kubeadm to generate the required certificates, you can create them in either of the following ways. 
+-->
+如果您不希望 kubeadm 生成所需的证书，可以使用以下任一方法创建它们。
+
+<!-- 
+### Single root CA 
+-->
+单个 root CA
+
+<!-- 
+You can create a single root CA, controlled by an administrator. This root CA can then create multiple intermediate CAs, and delegate all further creation to Kubernetes itself.  
+-->
+您可以创建一个由管理员控制的单个 root CA。然后，此 root CA 可以创建多个中间 CA，并委托 Kubernetes 本身完成后续创建操作。
+
+<!-- 
+Required CAs:
+
+| path                   | Default CN                | description                      |
+|------------------------|---------------------------|----------------------------------|
+| ca.crt,key             | kubernetes-ca             | Kubernetes general CA            |
+| etcd/ca.crt,key        | etcd-ca                   | For all etcd-related functions   |
+| front-proxy-ca.crt,key | kubernetes-front-proxy-ca | For the [front-end proxy][proxy] | 
+-->
+所需 CA：
+
+| 路径                   | 默认 CN                    | 描述                             |
+|------------------------|---------------------------|----------------------------------|
+| ca.crt,key             | kubernetes-ca             | Kubernetes 通用 CA               |
+| etcd/ca.crt,key        | etcd-ca                   | 所有 etcd 相关操作                |
+| front-proxy-ca.crt,key | kubernetes-front-proxy-ca | 供 [front-end proxy][proxy] 使用  | 
+
+<!-- 
+### All certificates 
+-->
+### 所有证书
+
+<!-- 
+If you don't wish to copy these private keys to your API servers, you can generate all certificates yourself.  
+-->
+如果您不希望将这些私钥复制到 API 服务器，您可以自己生成所有证书。
+
+<!-- 
+Required certificates:
+
+| Default CN                    | Parent CA                 | O (in Subject) | kind                                   | hosts (SAN)                                 |
+|-------------------------------|---------------------------|----------------|----------------------------------------|---------------------------------------------|
+| kube-etcd                     | etcd-ca                   |                | server, client [<sup>1</sup>][etcdbug] | `localhost`, `127.0.0.1`                        |
+| kube-etcd-peer                | etcd-ca                   |                | server, client                                   | `<hostname>`, `<Host_IP>`, `localhost`, `127.0.0.1` |
+| kube-etcd-healthcheck-client  | etcd-ca                   |                | client                                 |                                             |
+| kube-apiserver-etcd-client    | etcd-ca                   | system:masters | client                                 |                                             |
+| kube-apiserver                | kubernetes-ca             |                | server                                 | `<hostname>`, `<Host_IP>`, `<advertise_IP>`, `[1]` |
+| kube-apiserver-kubelet-client | kubernetes-ca             | system:masters | client                                 |                                             |
+| front-proxy-client            | kubernetes-front-proxy-ca |                | client                                 |                                             | 
+-->
+所需证书：
+
+| 默认 CN                       | 父 CA                      | O (in Subject) | 种类                                   | 主机 (SAN)                                          |
+|-------------------------------|---------------------------|----------------|----------------------------------------|-----------------------------------------------------|
+| kube-etcd                     | etcd-ca                   |                | server, client [<sup>1</sup>][etcdbug] | `localhost`, `127.0.0.1`                            |
+| kube-etcd-peer                | etcd-ca                   |                | server, client                         | `<hostname>`, `<Host_IP>`, `localhost`, `127.0.0.1` |
+| kube-etcd-healthcheck-client  | etcd-ca                   |                | client                                 |                                                     |
+| kube-apiserver-etcd-client    | etcd-ca                   | system:masters | client                                 |                                                     |
+| kube-apiserver                | kubernetes-ca             |                | server                                 | `<hostname>`, `<Host_IP>`, `<advertise_IP>`, `[1]`  |
+| kube-apiserver-kubelet-client | kubernetes-ca             | system:masters | client                                 |                                                     |
+| front-proxy-client            | kubernetes-front-proxy-ca |                | client                                 |                                                     |
+
+[1]: `kubernetes`, `kubernetes.default`, `kubernetes.default.svc`, `kubernetes.default.svc.cluster`, `kubernetes.default.svc.cluster.local`
+
+<!-- 
+where `kind` maps to one or more of the [x509 key usage][usage] types: 
+-->
+`kind` 映射到一个或多个 [x509 key usage][usage] 类型上
+
+<!-- 
+| kind   | Key usage                                                                       |
+|--------|---------------------------------------------------------------------------------|
+| server | digital signature, key encipherment, server auth                                |
+| client | digital signature, key encipherment, client auth                                | 
+-->
+| 种类   | 密钥用途                                                                         |
+|--------|---------------------------------------------------------------------------------|
+| server | 数字签名，密钥加密，服务器鉴权                                                     |
+| client | 数字签名，密钥加密，客户端鉴权                                                     | 
+
+<!-- 
+### Certificate paths 
+-->
+### 证书路径
+
+<!-- 
+Certificates should be placed in a recommended path (as used by [kubeadm][kubeadm]). Paths should be specified using the given argument regardless of location.
+
+| Default CN                   | recommend key path           | recommended cert path       | command        | key argument                 | cert argument                             |
+|------------------------------|------------------------------|-----------------------------|----------------|------------------------------|-------------------------------------------|
+| etcd-ca                      |                              | etcd/ca.crt                 | kube-apiserver |                              | --etcd-cafile                             |
+| etcd-client                  | apiserver-etcd-client.crt    | apiserver-etcd-client.crt   | kube-apiserver | --etcd-certfile              | --etcd-keyfile                            |
+| kubernetes-ca                |                              | ca.crt                      | kube-apiserver | --client-ca-file             |                                           |
+| kube-apiserver               | apiserver.crt                | apiserver.key               | kube-apiserver | --tls-cert-file              | --tls-private-key                         |
+| apiserver-kubelet-client     | apiserver-kubelet-client.crt |                             | kube-apiserver | --kubelet-client-certificate |                                           |
+| front-proxy-client           | front-proxy-client.key       | front-proxy-client.crt      | kube-apiserver | --proxy-client-cert-file     | --proxy-client-key-file                   |
+|                              |                              |                             |                |                              |                                           |
+| etcd-ca                      |                              | etcd/ca.crt                 | etcd           |                              | --trusted-ca-file, --peer-trusted-ca-file |
+| kube-etcd                    |                              | etcd/server.crt             | etcd           |                              | --cert-file                               |
+| kube-etcd-peer               | etcd/peer.key                | etcd/peer.crt               | etcd           | --peer-key-file              | --peer-cert-file                          |
+| etcd-ca                      |                              | etcd/ca.crt                 | etcdctl[2]     |                              | --cacert                                  |
+| kube-etcd-healthcheck-client | etcd/healthcheck-client.key  | etcd/healthcheck-client.crt | etcdctl[2]     | --key                        | --cert                                    | 
+-->
+证书应放置在推荐路径 (类似 [kubeadm][kubeadm] 中指定的)。无论位置如何，都应使用给定的参数指定路径。
+
+| 默认 CN                      | 建议密钥路径                  | 建议 cert 路径               | 命令           | 密钥参数                      | cert 参数                                 |
+|------------------------------|------------------------------|-----------------------------|----------------|------------------------------|-------------------------------------------|
+| etcd-ca                      |                              | etcd/ca.crt                 | kube-apiserver |                              | --etcd-cafile                             |
+| etcd-client                  | apiserver-etcd-client.crt    | apiserver-etcd-client.crt   | kube-apiserver | --etcd-certfile              | --etcd-keyfile                            |
+| kubernetes-ca                |                              | ca.crt                      | kube-apiserver | --client-ca-file             |                                           |
+| kube-apiserver               | apiserver.crt                | apiserver.key               | kube-apiserver | --tls-cert-file              | --tls-private-key                         |
+| apiserver-kubelet-client     | apiserver-kubelet-client.crt |                             | kube-apiserver | --kubelet-client-certificate |                                           |
+| front-proxy-client           | front-proxy-client.key       | front-proxy-client.crt      | kube-apiserver | --proxy-client-cert-file     | --proxy-client-key-file                   |
+|                              |                              |                             |                |                              |                                           |
+| etcd-ca                      |                              | etcd/ca.crt                 | etcd           |                              | --trusted-ca-file, --peer-trusted-ca-file |
+| kube-etcd                    |                              | etcd/server.crt             | etcd           |                              | --cert-file                               |
+| kube-etcd-peer               | etcd/peer.key                | etcd/peer.crt               | etcd           | --peer-key-file              | --peer-cert-file                          |
+| etcd-ca                      |                              | etcd/ca.crt                 | etcdctl[2]     |                              | --cacert                                  |
+| kube-etcd-healthcheck-client | etcd/healthcheck-client.key  | etcd/healthcheck-client.crt | etcdctl[2]     | --key                        | --cert                                    | 
+
+<!-- 
+[2]: For a liveness probe, if self-hosted 
+-->
+[2]: 对应自托管时的活跃度检测场景
+
+<!-- 
+## Configure certificates for user accounts 
+-->
+## 为用户帐户配置证书
+
+<!-- 
+You must manually configure these administrator account and service accounts:  
+-->
+您必须手动配置这些管理员帐户和服务帐户：
+
+<!-- 
+| filename                | credential name            | Default CN                     | O (in Subject) |
+|-------------------------|----------------------------|--------------------------------|----------------|
+| admin.conf              | default-admin              | kubernetes-admin               | system:masters |
+| kubelet.conf            | default-auth               | system:node:`<nodename>`        | system:nodes   |
+| controller-manager.conf | default-controller-manager | system:kube-controller-manager |                |
+| scheduler.conf          | default-manager            | system:kube-scheduler          |                | 
+-->
+| 文件名                   | 凭据名                     | 默认                           | O (in Subject) |
+|-------------------------|----------------------------|--------------------------------|----------------|
+| admin.conf              | default-admin              | kubernetes-admin               | system:masters |
+| kubelet.conf            | default-auth               | system:node:`<nodename>`       | system:nodes   |
+| controller-manager.conf | default-controller-manager | system:kube-controller-manager |                |
+| scheduler.conf          | default-manager            | system:kube-scheduler          |                |
+
+<!-- 
+1. For each config, generate an x509 cert/key pair with the given CN and O. 
+
+1. Run `kubectl` as follows for each config: 
+-->
+1. 对于每个配置，使用给定的 CN 和 O 生成 x509 证书/密钥对。
+
+1. 对于每个配置按如下所示执行 `kubectl`：
+
+```shell
+KUBECONFIG=<filename> kubectl config set-cluster default-cluster --server=https://<host ip>:6443 --certificate-authority <path-to-kubernetes-ca> --embed-certs
+KUBECONFIG=<filename> kubectl config set-credentials <credential-name> --client-key <path-to-key>.pem --client-certificate <path-to-cert>.pem --embed-certs
+KUBECONFIG=<filename> kubectl config set-context default-system --cluster default-cluster --user <credential-name>
+KUBECONFIG=<filename> kubectl config use-context default-system
+```
+
+<!-- 
+These files are used as follows: 
+-->
+这些文件用途如下：
+
+<!-- 
+| filename                | command                 | comment                                                               |
+|-------------------------|-------------------------|-----------------------------------------------------------------------|
+| admin.conf              | kubectl                 | Configures administrator user for the cluster                         |
+| kubelet.conf            | kubelet                 | One required for each node in the cluster.                            |
+| controller-manager.conf | kube-controller-manager | Must be added to manifest in `manifests/kube-controller-manager.yaml` |
+| scheduler.conf          | kube-scheduler          | Must be added to manifest in `manifests/kube-scheduler.yaml`          |
+ -->
+| 文件名                  | 命令                     | 描述                                                                  |
+|-------------------------|-------------------------|-----------------------------------------------------------------------|
+| admin.conf              | kubectl                 | 配置集群的管理员用户                                                    |
+| kubelet.conf            | kubelet                 | 集群中的每个节点都需要一个。                                            |
+| controller-manager.conf | kube-controller-manager | 必须添加到清单 `manifests/kube-controller-manager.yaml` 中             |
+| scheduler.conf          | kube-scheduler          | 必须添加到清单 `manifests/kube-scheduler.yaml` 中                      |
+
+<!-- 
+[usage]: https://godoc.org/k8s.io/api/certificates/v1beta1#KeyUsage 
+-->
+[usage]: https://godoc.org/k8s.io/api/certificates/v1beta1#KeyUsage
+[kubeadm]: /docs/reference/setup-tools/kubeadm/kubeadm/
+[proxy]: /docs/tasks/access-kubernetes-api/configure-aggregation-layer/
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/cluster-large.md b/content/zh/docs/setup/cluster-large.md
index b84e2477d486d..c8ebad97ef138 100644
--- a/content/zh/docs/setup/cluster-large.md
+++ b/content/zh/docs/setup/cluster-large.md
@@ -7,12 +7,12 @@ title: 创建大规模集群
 
 ## 支持规格
 
-在 {{< param "version" >}}，Kubernetes支持最多5000节点规模的集群。 更具体地说，我们支持满足以下 *所有* 标准的配置：
+在 {{< param "version" >}}，Kubernetes 支持最多 5000 节点规模的集群。 更具体地说，我们支持满足以下 *所有* 标准的配置：
 
-* 不超过5000节点
-* 总共不超过15000个pod
-* 总共不超过300000个容器
-* 每个节点不超过100个pod
+* 不超过 5000 节点
+* 总共不超过 15000 个 pod
+* 总共不超过 300000 个容器
+* 每个节点不超过 100 个 pod
 
 <br>
 
@@ -21,64 +21,64 @@ title: 创建大规模集群
 
 ## 创建
 
-集群是一组运行Kubernetes代理组件的节点(物理或虚拟机)，它们被 "master" (集群管理平面)所管理。
+集群是一组运行 Kubernetes 代理组件的节点（物理或虚拟机），它们被 `master`（集群管理平面）所管理。
 
-一般来说，集群的节点数量通过平台相关的 `config-default.sh` 文件中的 `NUM_NODES` 值来控制，(例如，详见 [GCE's `config-default.sh`](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/gce/config-default.sh))。
+一般来说，集群的节点数量通过平台相关的 `config-default.sh` 文件中的 `NUM_NODES` 值来控制，（例如，详见 [GCE's `config-default.sh`](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/gce/config-default.sh)）。
 
-对很多云提供商来说，单纯地修改`NUM_NODES` 为一个非常大的值，可能会导致集群的创建脚本失败。 例如，在GCE中部署时，会因配额不足，导致集群启动失败。
+对很多云提供商来说，单纯地修改 `NUM_NODES` 为一个非常大的值，可能会导致集群的创建脚本失败。 例如，在 GCE 中部署时，会因配额不足，导致集群启动失败。
 
-当建立一个大型的Kubernetes集群，以下几个问题必须考虑。
+当建立一个大型的 Kubernetes 集群，以下几个问题必须考虑。
 
 ### 配额问题
 
 为了避免出现配额问题，当创建包含大量节点的集群时，考虑：
 
-* 提高相关配额，如CPU，IP等。
-  * 如，在 [GCE](https://cloud.google.com/compute/docs/resource-quotas)中，你可能需要提高以下资源的配额：
+* 提高相关配额，如 CPU，IP 等。
+  * 如，在 [GCE](https://cloud.google.com/compute/docs/resource-quotas) 中，你可能需要提高以下资源的配额：
     * CPU
     * 虚机实例
     * 磁盘
-    * 使用的IP地址
+    * 使用的 IP 地址
     * 防火墙规则
     * 转发规则
     * 路由
     * 对象池
 * 设置创建脚本，使其以较小的规模分批次拉起新的节点，并在其间设置一定的等待时间，因为一些云供应商可能对虚机的创建速率进行了限制。
 
-### Etcd存储
+### Etcd 存储
 
-为了提升大规模集群的性能，我们将事件对象存储到独立的etcd实例中。
+为了提升大规模集群的性能，我们将事件对象存储到独立的 etcd 实例中。
 
-创建集群时，当前的salt脚本：
+创建集群时，当前的 salt 脚本：
 
-* 启动并配置额外的etcd实例
-* 配置api-server，将该etcd实例用于事件对象的存储
+* 启动并配置额外的 etcd 实例
+* 配置 api-server，将该 etcd 实例用于事件对象的存储
 
 ### 管理节点和组件的规格
 
-在 GCE/Google Kubernetes Engine 或 AWS平台中， `kube-up` 会根据集群的节点规模合理地设置管理节点的规格。 在其他云平台上，用户需要手动配置。 作为参考，GCE使用的规格为：
+在 GCE/Google Kubernetes Engine 或 AWS 平台中， `kube-up` 会根据集群的节点规模合理地设置管理节点的规格。 在其他云平台上，用户需要手动配置。 作为参考，GCE 使用的规格为：
 
 * 1-5 节点： n1-standard-1
 * 6-10 节点： n1-standard-2
 * 11-100 节点： n1-standard-4
 * 101-250 节点： n1-standard-8
 * 251-500 节点： n1-standard-16
-* 500节点以上： n1-standard-32
+* 500 节点以上： n1-standard-32
 
-AWS使用的规格为：
+AWS 使用的规格为：
 
 * 1-5 节点： m3.medium
 * 6-10 节点： m3.large
 * 11-100 节点： m3.xlarge
 * 101-250 节点： m3.2xlarge
 * 251-500 节点： c4.4xlarge
-* 500节点以上： c4.8xlarge
+* 500 节点以上： c4.8xlarge
 
-注意，管理节点的规格只会在集群创建时进行设置，后续集群规模发生变化 (如 手动增删节点或集群自动扩缩容)后不会再调整。
+注意，管理节点的规格只会在集群创建时进行设置，后续集群规模发生变化（如手动增删节点或集群自动扩缩容）后不会再调整。
 
 ### 插件的资源占用
 
-为防止 [集群插件](https://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons) 耗尽节点资源引起内存泄漏或其他资源问题， Kubernetes 设置了插件容器资源的上限，来限制其对CPU和内存资源的占用 (参考 PR [#10653](http://pr.k8s.io/10653/files) 和 [#10778](http://pr.k8s.io/10778/files))。
+为防止[集群插件](https://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons)耗尽节点资源引起内存泄漏或其他资源问题， Kubernetes 设置了插件容器资源的上限，来限制其对 CPU 和内存资源的占用（参考 PR [#10653](http://pr.k8s.io/10653/files) 和 [#10778](http://pr.k8s.io/10778/files)）。
 
 例如：
 
@@ -92,31 +92,31 @@ AWS使用的规格为：
         memory: 200Mi
 ```
 
-除 Heapster 外，这些限制是静态的，基于4个节点规模的集群上运行的插件所采集的数据 (详见 [#10335](http://issue.k8s.io/10335#issuecomment-117861225))。 而实际大规模集群中插件所消耗的资源要多得多 (详见 [#5880](http://issue.k8s.io/5880#issuecomment-113984085))。 所以如果部署大规模集群时不对这些值进行调整，插件可能会因为资源占用达到上限而不断被杀死。
+除 Heapster 外，这些限制是静态的，基于 4 个节点规模的集群上运行的插件所采集的数据（详见 [#10335](http://issue.k8s.io/10335#issuecomment-117861225)）。 而实际大规模集群中插件所消耗的资源要多得多（详见 [#5880](http://issue.k8s.io/5880#issuecomment-113984085)）。 所以如果部署大规模集群时不对这些值进行调整，插件可能会因为资源占用达到上限而不断被杀死。
 
 为了避免集群插件的资源问题，创建多节点的集群时，考虑以下几点：
 
-* 当扩大集群规模时，如果涉及，相应扩大以下插件的内存和CPU限制 (通过一个实例处理整个集群，因此其内存和CPU使用量往往与集群的大小/负载成比例增长)：
+* 当扩大集群规模时，如果涉及，相应扩大以下插件的内存和 CPU 限制（通过一个实例处理整个集群，因此其内存和 CPU 使用量往往与集群的大小/负载成比例增长）：
   * [InfluxDB 和 Grafana](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/cluster-monitoring/influxdb/influxdb-grafana-controller.yaml)
   * [kubedns, dnsmasq, 和 sidecar](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/dns/kubedns-controller.yaml.in)
   * [Kibana](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/fluentd-elasticsearch/kibana-controller.yaml)
-* 当扩大集群规模时，如果涉及，相应扩大以下插件副本数 (每个组件有多个副本，因此增加副本将有助于处理增加的负载，但是，由于每个副本的负载也略有增加，也应考虑提高CPU /内存上限)：
+* 当扩大集群规模时，如果涉及，相应扩大以下插件副本数（每个组件有多个副本，因此增加副本将有助于处理增加的负载，但是，由于每个副本的负载也略有增加，也应考虑提高 CPU / 内存上限）：
   * [elasticsearch](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/fluentd-elasticsearch/es-controller.yaml)
-* 当扩大集群规模时，如果涉及，略微扩大以下插件的内存和CPU限制 (每个节点一个副本， 但是CPU/内存使用随集群的大小/负载增长变化不明显)：
+* 当扩大集群规模时，如果涉及，略微扩大以下插件的内存和 CPU 限制（每个节点一个副本， 但是 CPU / 内存使用随集群的大小/负载增长变化不明显）：
   * [FluentD with ElasticSearch Plugin](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml)
   * [FluentD with GCP Plugin](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml)
 
-Heapster的资源限制是基于集群的初始规模动态设置的 (参考 [#16185](http://issue.k8s.io/16185)
-和 [#22940](http://issue.k8s.io/22940))。 当发现Heapster资源耗尽，应考虑调整计算Heapster内存请求的公式 (参考上述PR)。
+Heapster 的资源限制是基于集群的初始规模动态设置的 ( 参考 [#16185](http://issue.k8s.io/16185)
+和 [#22940](http://issue.k8s.io/22940))。 当发现 Heapster 资源耗尽，应考虑调整计算 Heapster 内存请求的公式（参考上述 PR）。
 
 关于如何检测插件是否达到资源上限 参考 [计算资源的故障排除章节](/docs/concepts/configuration/manage-compute-resources-container/#troubleshooting)。
 
 [将来](http://issue.k8s.io/13048)，我们期望基于集群规模来设置集群插件的资源限制，并且在集群规模增长或缩小时能够动态调整。
-欢迎提出PR来实现这些特性。
+欢迎提出 PR 来实现这些特性。
 
 ### 启动时允许部分失败
 
-因为种种原因 (详见 [#18969](https://github.com/kubernetes/kubernetes/issues/18969))，在 `NUM_NODES` 值很大的情况下执行
+因为种种原因（详见 [#18969](https://github.com/kubernetes/kubernetes/issues/18969)），在 `NUM_NODES` 值很大的情况下执行
 `kube-up.sh`， 可能因为其中一小部分节点没有正常启动而失败。
-这时我们有两种选择：重启集群 (`kube-down.sh` 然后再 `kube-up.sh`），或者在执行 `kube-up.sh`之前，
+这时我们有两种选择：重启集群（`kube-down.sh` 然后再 `kube-up.sh`），或者在执行 `kube-up.sh` 之前，
 将环境变量 `ALLOWED_NOTREADY_NODES` 设置为合适的值。 这将允许 `kube-up.sh` 以少于 `NUM_NODES` 的节点数量启动集群。 依据失败的具体原因，另外的节点可能在后面加入集群，或者集群节点数量将保持在 `NUM_NODES - ALLOWED_NOTREADY_NODES`。
diff --git a/content/zh/docs/setup/cri.md b/content/zh/docs/setup/cri.md
new file mode 100644
index 0000000000000..a77476a074ff7
--- /dev/null
+++ b/content/zh/docs/setup/cri.md
@@ -0,0 +1,471 @@
+---
+title: 安装 CRI
+content_template: templates/concept
+weight: 100
+---
+
+<!--
+---
+reviewers:
+- vincepri
+- bart0sh
+title: CRI installation
+content_template: templates/concept
+weight: 100
+---
+-->
+
+{{% capture overview %}}
+
+从 v1.6.0 开始，Kubernetes 默认启用 CRI(容器运行时接口)。此页面包含各种运行时的安装说明。
+此页面包含各种运行时的安装说明。
+
+<!--
+Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface, by default.
+This page contains installation instruction for various runtimes.
+-->
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+请以 root 用户在操作系统上执行以下命令。
+SSH 登录到各个主机后，你可以执行 `sudo -i` 成为 root 用户。
+
+<!--
+Please proceed with executing the following commands based on your OS as root.
+You may become the root user by executing `sudo -i` after SSH-ing to each host.
+-->
+
+## Docker
+
+<!--
+## Docker
+-->
+
+在每台机器上安装 Docker
+
+<!--
+On each of your machines, install Docker.
+-->
+
+建议使用版本 18.06，但已知 1.11，1.12，1.13 和 17.03 也可以使用。
+
+<!--
+Version 18.06 is recommended, but 1.11, 1.12, 1.13 and 17.03 are known to work as well.
+-->
+
+跟踪在 Kubernetes 发行说明中最新的已验证 Docker 版本。
+
+<!--
+Keep track of the latest verified Docker version in the Kubernetes release notes.
+-->
+
+使用以下命令在系统上安装 Docker：
+
+<!--
+Use the following commands to install Docker on your system:
+-->
+
+
+
+<!--
+# Install Docker from Ubuntu's repositories:
+-->
+
+<!--
+# or install Docker CE 18.06 from Docker's repositories for Ubuntu or Debian:
+-->
+
+<!--
+## Install prerequisites.
+-->
+
+<!--
+## Download GPG key.
+-->
+
+<!--
+## Add docker apt repository.
+-->
+
+<!--
+## Install docker.
+-->
+
+<!--
+# Setup daemon.
+-->
+
+<!--
+# Restart docker.
+-->
+
+<!--
+# Install Docker from CentOS/RHEL repository:
+-->
+
+<!--
+# or install Docker CE 18.06 from Docker's CentOS repositories:
+-->
+
+<!--
+## Install prerequisites.
+-->
+
+<!--
+## Add docker repository.
+-->
+
+<!--
+## Install docker.
+-->
+
+<!--
+## Create /etc/docker directory.
+-->
+
+<!--
+# Setup daemon.
+-->
+
+<!--
+# Restart docker.
+-->
+
+
+
+{{< tabs name="tab-cri-docker-installation" >}}
+{{< tab name="Ubuntu 16.04" codelang="bash" >}}
+
+# 从 Ubuntu 的存储库安装 Docker：
+apt-get update
+apt-get install -y docker.io
+
+# 或者从 Docker 的 Ubuntu 或 Debian 镜像仓库中安装 Docker CE 18.06：
+
+## 安装环境准备。
+apt-get update && apt-get install apt-transport-https ca-certificates curl software-properties-common
+
+## 下载 GPG 密钥。
+url -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+
+## 添加 docker apt 镜像仓库。
+add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+
+## 安装 docker。
+apt-get update && apt-get install docker-ce=18.06.0~ce~3-0~ubuntu
+
+# 设置守护进程。
+cat > /etc/docker/daemon.json <<EOF
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2"
+}
+EOF
+
+mkdir -p /etc/systemd/system/docker.service.d
+
+# 重启 docker。
+ystemctl daemon-reload
+systemctl restart docker
+
+{{< /tab >}}
+{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
+
+# 从 CentOs 镜像仓库安装 Docker：
+yum install -y docker
+
+# 或从 Docker 的 Centos 存储库安装 Docker CE 18.06：
+
+## 安装环境准备。
+yum install yum-utils device-mapper-persistent-data lvm2
+
+## 添加 docker 镜像仓库。
+m-config-manager \
+    --add-repo \
+    https://download.docker.com/linux/centos/docker-ce.repo
+
+## 安装 docker。
+yum update && yum install docker-ce-18.06.1.ce
+
+## 创建 /etc/docker 目录。
+mkdir /etc/docker
+
+# 设置守护进程。
+
+cat > /etc/docker/daemon.json <<EOF
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
+EOF
+
+mkdir -p /etc/systemd/system/docker.service.d
+
+# 重启 docker。
+systemctl daemon-reload
+systemctl restart docker
+
+{{< /tab >}}
+{{< /tabs >}}
+
+请参阅 [Docker 官方安装指南](https://docs.docker.com/engine/installation/)
+获取更多信息。
+
+<!--
+Refer to the [official Docker installation guides](https://docs.docker.com/engine/installation/)
+for more information.
+-->
+
+## CRI-O
+
+本节包含将“CRI-O”安装为 CRI 运行时所需的步骤。
+
+<!--
+## CRI-O
+
+This section contains the necessary steps to install `CRI-O` as CRI runtime.
+-->
+
+使用以下命令在系统上安装 CRI-O：
+
+<!--
+Use the following commands to install CRI-O on your system:
+-->
+
+### 环境准备
+
+<!--
+### Prerequisites
+-->
+
+
+
+<!--
+# Setup required sysctl params, these persist across reboots.
+-->
+
+<!--
+# Install prerequisites
+-->
+
+<!--
+# Install CRI-O
+-->
+
+<!--
+# Install prerequisites
+-->
+
+<!--
+# Install CRI-O
+-->
+
+
+
+```shell
+modprobe overlay
+modprobe br_netfilter
+
+# 设置需要 sysctl 参数，这些参数在重新引导时仍然存在。
+cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
+net.bridge.bridge-nf-call-iptables  = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+EOF
+
+sysctl --system
+```
+
+{{< tabs name="tab-cri-cri-o-installation" >}}
+{{< tab name="Ubuntu 16.04" codelang="bash" >}}
+
+# 安装环境准备。
+apt-get update
+apt-get install software-properties-common
+
+add-apt-repository ppa:projectatomic/ppa
+apt-get update
+
+# 安装 CRI-O
+apt-get install cri-o-1.11
+
+{{< /tab >}}
+{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
+
+# 安装环境准备
+yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-311-candidate/x86_64/os/
+
+# 安装 CRI-O
+apt-get install cri-o-1.11
+
+{{< /tab >}}
+{{< /tabs >}}
+
+### 启动 CRI-O
+
+```
+systemctl start crio
+```
+
+<!--
+### Start CRI-O
+
+```
+systemctl start crio
+```
+-->
+
+请参阅 [CRI-O 安装指南](https://github.com/kubernets-sigs/cri-o# get -started)
+的更多的信息。
+
+<!--
+Refer to the [CRI-O installation guide](https://github.com/kubernetes-sigs/cri-o#getting-started)
+for more information.
+-->
+
+## 容器
+
+<!--
+## containerd
+-->
+
+本节包含使用“容器运行时”作为 CRI 运行时所需的步骤。
+
+<!--
+This section contains the necessary steps to use `containerd` as CRI runtime.
+-->
+
+使用以下命令在系统上安装容器：
+
+<!--
+Use the following commands to install Containerd on your system:
+-->
+
+### 环境准备
+
+<!--
+### Prerequisites
+-->
+```shell
+modprobe overlay
+modprobe br_netfilter
+
+# 设置需要 sysctl 参数，这些参数在重新引导时仍然存在。
+cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
+net.bridge.bridge-nf-call-iptables  = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+EOF
+
+sysctl --system
+```
+
+<!--
+# Setup required sysctl params, these persist across reboots.
+cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
+net.bridge.bridge-nf-call-iptables  = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+EOF
+
+sysctl --system
+```
+-->
+
+{{< tabs name="tab-cri-containerd-installation" >}}
+{{< tab name="Ubuntu 16.04+" codelang="bash" >}}
+apt-get install -y libseccomp2
+{{< /tab >}}
+{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
+yum install -y libseccomp
+{{< /tab >}}
+{{< /tabs >}}
+
+<!--
+apt-get install -y libseccomp2
+yum install -y libseccomp
+-->
+
+### 安装容器运行时
+
+<!--
+### Install containerd
+-->
+
+[容器运行时版本](https://github.com/containerd/containerd/release)定期发布，下面的值被硬编码为编写本文时可用的最新版本。请查看更新的版本和哈希[此处](https://storage.googleapis.com/cri-containerd.release)。
+
+<!--
+[Containerd releases](https://github.com/containerd/containerd/releases) are published regularly, the values below are hardcoded to the latest version available at the time of writing. Please check for newer versions and hashes [here](https://storage.googleapis.com/cri-containerd-release).
+-->
+
+
+
+<!--
+# Export required environment variables.
+-->
+
+<!--
+# Download containerd tar.
+-->
+
+<!--
+# Check hash.
+-->
+
+<!--
+# Unpack.
+-->
+
+<!--
+# Start containerd.
+-->
+
+
+
+```shell
+# 导出所需的环境变量。
+export CONTAINERD_VERSION="1.1.2"
+export CONTAINERD_SHA256="d4ed54891e90a5d1a45e3e96464e2e8a4770cd380c21285ef5c9895c40549218"
+
+# 下载容器 tar 包。
+wget https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
+
+# 哈希校验和检查。
+echo "${CONTAINERD_SHA256} cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz" | sha256sum --check -
+
+# 解压缩。
+tar --no-overwrite-dir -C / -xzf cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
+
+# 启动容器。
+systemctl start containerd
+```
+
+## 其他 CRI 运行时：rktlet 和 frakti
+
+<!--
+## Other CRI runtimes: rktlet and frakti
+-->
+
+参考 [Frakti 快速入门指南](https://github.com/kubernetes/frakti# QuickStart)和 [Rktlet 入门指南](https://github.com/kubernets-incubator/rktlet/blob/master/docs/getting-startedguide.md)获取更多信息。
+
+{{% /capture %}}
+
+<!--
+Refer to the [Frakti QuickStart guide](https://github.com/kubernetes/frakti#quickstart) and [Rktlet Getting Started guide](https://github.com/kubernetes-incubator/rktlet/blob/master/docs/getting-started-guide.md) for more information.
+-->
diff --git a/content/zh/docs/setup/custom-cloud/_index.md b/content/zh/docs/setup/custom-cloud/_index.md
new file mode 100644
index 0000000000000..c9f1706c1b846
--- /dev/null
+++ b/content/zh/docs/setup/custom-cloud/_index.md
@@ -0,0 +1,11 @@
+---
+title: 定制的云解决方案
+weight: 50
+---
+
+<!--
+---
+title: Custom Cloud Solutions
+weight: 50
+---
+-->
diff --git a/content/zh/docs/setup/custom-cloud/coreos.md b/content/zh/docs/setup/custom-cloud/coreos.md
new file mode 100644
index 0000000000000..ffbc056ece59b
--- /dev/null
+++ b/content/zh/docs/setup/custom-cloud/coreos.md
@@ -0,0 +1,209 @@
+---
+title: 在 AWS 或者 GCE 上的 CoreOS
+reviewers:
+- errordeveloper
+content_template: templates/concept
+---
+
+<!--
+---
+title: CoreOS on AWS or GCE
+reviewers:
+- errordeveloper
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+There are multiple guides on running Kubernetes with [CoreOS](https://coreos.com/kubernetes/docs/latest/).
+-->
+有很多关于使用 [CoreOS](https://coreos.com/kubernetes/docs/latest/) 运行 Kubernetes 的指南。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Official CoreOS Guides
+-->
+
+## CoreOS 官方指南
+
+<!--
+These guides are maintained by CoreOS and deploy Kubernetes the "CoreOS Way" with full TLS, the DNS add-on, and more. These guides pass Kubernetes conformance testing and we encourage you to [test this yourself](https://coreos.com/kubernetes/docs/latest/conformance-tests.html).
+-->
+这些指南由 CoreOS 维护，并以 "CoreOS 方式" 部署 Kubernetes 包括完整的 TLS、DNS 附加组件等等。这些指南通过了 Kubernetes 合规测试，我们鼓励您[自己测试](https://coreos.com/kubernetes/docs/latest/conformance-tests.html)
+
+<!--
+* [**AWS Multi-Node**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-aws.html)
+-->
+* [**AWS 多节点**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-aws.html)
+
+<!--
+    Guide and CLI tool for setting up a multi-node cluster on AWS.
+    CloudFormation is used to set up a master and multiple workers in auto-scaling groups.
+-->
+    用于在 AWS 上设置多节点群集的指南和 CLI 工具。
+    使用了 CloudFormation 来将一个主节点和多个工作节点配置到一个自动扩缩组中。
+
+<!--
+* [**Bare Metal Multi-Node**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-baremetal.html#automated-provisioning)
+
+    Guide and HTTP/API service for PXE booting and provisioning a multi-node cluster on bare metal.
+    [Ignition](https://coreos.com/ignition/docs/latest/) is used to provision a master and multiple workers on the first boot from disk.
+-->
+
+* [**裸金属多节点**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-baremetal.html#automated-provisioning)
+
+    用于 PXE 引导和配置裸机上的多节点集群的指南和 HTTP/API 服务。
+    [Ignition](https://coreos.com/ignition/docs/latest/) 被用来在第一次从磁盘引导时配置一个主节点和多个工作节点。
+    
+<!--    
+* [**Vagrant Multi-Node**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-vagrant.html)
+
+    Guide to setting up a multi-node cluster on Vagrant.
+    The deployer can independently configure the number of etcd nodes, master nodes, and worker nodes to bring up a fully HA control plane.
+-->
+
+* [**Vagrant 多节点**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-vagrant.html)
+
+    在 Vagrant 上设置多节点集群的指南。
+    部署人员可以独立配置 etcd 节点、主节点和工作节点的数量，从而生成一个完全高可用的控制平面。
+
+<!--
+* [**Vagrant Single-Node**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-vagrant-single.html)
+
+    The quickest way to set up a Kubernetes development environment locally.
+    As easy as `git clone`, `vagrant up` and configuring `kubectl`.
+-->
+
+* [**Vagrant 单节点**](https://coreos.com/kubernetes/docs/latest/kubernetes-on-vagrant-single.html)
+
+    在本地设置 Kubernetes 开发环境的最快方法。
+    简单到只需 `git clone`、`vagrant up` 和 配置 `kubectl`。
+
+<!--
+* [**Full Step by Step Guide**](https://coreos.com/kubernetes/docs/latest/getting-started.html)
+
+    A generic guide to setting up an HA cluster on any cloud or bare metal, with full TLS.
+    Repeat the master or worker steps to configure more machines of that role.
+-->
+* [**完整的分步指南**](https://coreos.com/kubernetes/docs/latest/getting-started.html)
+
+    使用完整 TLS 在任何云或裸机上设置 HA 集群的通用指南。
+    重复主节点或工作节点步骤，以配置更多同一角色的机器。
+
+<!--
+## Community Guides
+-->
+
+## 社区指南
+
+<!--
+These guides are maintained by community members, cover specific platforms and use cases, and experiment with different ways of configuring Kubernetes on CoreOS.
+-->
+这些指南由社区成员维护，涵盖特定平台和用例，并尝试在 CoreOS 上配置 Kubernetes 的不同方法。
+
+<!--
+* [**Easy Multi-node Cluster on Google Compute Engine**](https://github.com/rimusz/coreos-multi-node-k8s-gce/blob/master/README.md)
+
+    Scripted installation of a single master, multi-worker cluster on GCE.
+    Kubernetes components are managed by [fleet](https://github.com/coreos/fleet).
+-->
+
+* [**Google Compute Engine 上的轻松多节点集群**](https://github.com/rimusz/coreos-multi-node-k8s-gce/blob/master/README.md)
+
+    在 GCE 上脚本安装单个主节点、多个工作节点集群。
+    Kubernetes 组件由 [fleet](https://github.com/coreos/fleet) 管理。
+
+<!--
+* [**Multi-node cluster using cloud-config and Weave on Vagrant**](https://github.com/errordeveloper/weave-demos/blob/master/poseidon/README.md)
+
+    Configure a Vagrant-based cluster of 3 machines with networking provided by Weave.
+-->
+
+* [**在 Vagrant 上使用 cloud-config 和 Weave 搭建多节点集群**](https://github.com/errordeveloper/weave-demos/blob/master/poseidon/README.md)
+
+    使用 Weave 提供的网络配置基于 Vagrant 的 3 台计算机集群。
+
+<!--
+* [**Multi-node cluster using cloud-config and Vagrant**](https://github.com/pires/kubernetes-vagrant-coreos-cluster/blob/master/README.md)
+
+    Configure a single master, multi-worker cluster locally, running on your choice of hypervisor: VirtualBox, Parallels, or VMware
+-->
+
+* [**使用 cloud-config 和 Vagrant 搭建多节点集群**](https://github.com/pires/kubernetes-vagrant-coreos-cluster/blob/master/README.md)
+
+    在本地配置单个主节点，多工作节点的集群，在您选择的虚拟机管理程序上运行：VirtualBox、Parallels 或 VMware
+    
+
+<!--
+* [**Single-node cluster using a small macOS App**](https://github.com/rimusz/kube-solo-osx/blob/master/README.md)
+
+    Guide to running a solo cluster (master + worker) controlled by an macOS menubar application.
+    Uses xhyve + CoreOS under the hood.
+-->
+
+* [**使用一个小型 macOS 应用程序来搭建单节点集群**](https://github.com/rimusz/kube-solo-osx/blob/master/README.md)
+
+    运行由 macOS 菜单栏应用程序控制的单节点集群(主 + 工作节点)指南。
+    底层使用的是 xhyve + CoreOS。
+
+<!--
+* [**Multi-node cluster with Vagrant and fleet units using a small macOS App**](https://github.com/rimusz/coreos-osx-gui-kubernetes-cluster/blob/master/README.md)
+
+    Guide to running a single master, multi-worker cluster controlled by an macOS menubar application.
+    Uses Vagrant under the hood.
+-->
+
+* [**使用一个小型 macOS 应用程序并具有 Vagrant 和 fleet 单元搭建多节点集群**](https://github.com/rimusz/coreos-osx-gui-kubernetes-cluster/blob/master/README.md)
+
+    运行由 macOS 菜单栏应用程序控制的单主节点，多工作节点集群的指南。
+    底层使用的是 Vagrant。
+
+<!--
+* [**Multi-node cluster using cloud-config, CoreOS and VMware ESXi**](https://github.com/xavierbaude/VMware-coreos-multi-nodes-Kubernetes)
+
+    Configure a single master, single worker cluster on VMware ESXi.
+-->
+
+* [**使用 cloud-config，CoreOS 和 VMware ESXi 搭建多节点群集**](https://github.com/xavierbaude/VMware-coreos-multi-nodes-Kubernetes)
+
+    在 VMware ESXi 上配置单个主节点，单个工作节点的集群。
+
+<!--
+* [**Single/Multi-node cluster using cloud-config, CoreOS and Foreman**](https://github.com/johscheuer/theforeman-coreos-kubernetes)
+
+    Configure a standalone Kubernetes or a Kubernetes cluster with [Foreman](https://theforeman.org).
+-->
+
+* [**使用 cloud-config，CoreOS 和 Foreman 的单/多节点集群**](https://github.com/johscheuer/theforeman-coreos-kubernetes)
+
+    使用 [Foreman](https://theforeman.org) 配置独立的 Kubernetes 或 Kubernetes 集群。
+
+<!--
+## Support Level
+-->
+
+## 支持级别
+
+<!--
+IaaS Provider        | Config. Mgmt | OS     | Networking  | Docs                                              | Conforms | Support Level
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+GCE                  | CoreOS       | CoreOS | flannel     | [docs](/docs/getting-started-guides/coreos)                                 |          | Community ([@pires](https://github.com/pires))
+Vagrant              | CoreOS       | CoreOS | flannel     | [docs](/docs/getting-started-guides/coreos)                                 |          | Community ([@pires](https://github.com/pires), [@AntonioMeireles](https://github.com/AntonioMeireles))
+-->
+
+IaaS 供应商           | 配置管理    | 操作系统    |   网络      | 文档                                              |    合规   | 支持级别
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+GCE                  | CoreOS       | CoreOS | flannel     | [文档](/docs/getting-started-guides/coreos)                                 |          | 社区 ([@pires](https://github.com/pires))
+Vagrant              | CoreOS       | CoreOS | flannel     | [文档](/docs/getting-started-guides/coreos)                                 |          | 社区 ([@pires](https://github.com/pires), [@AntonioMeireles](https://github.com/AntonioMeireles))
+
+<!--
+For support level information on all solutions, see the [Table of solutions](/docs/getting-started-guides/#table-of-solutions) chart.
+-->
+有关所有解决方案的支持级别信息，请参阅[解决方案表](/docs/getting-started-guides/#table-of-solutions)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/independent/_index.md b/content/zh/docs/setup/independent/_index.md
new file mode 100755
index 0000000000000..faa96e1ab0c04
--- /dev/null
+++ b/content/zh/docs/setup/independent/_index.md
@@ -0,0 +1,9 @@
+---
+title: "用 kubeadm 创建集群"
+weight: 30
+---
+
+<!-- ---
+title: "Bootstrapping Clusters with kubeadm"
+weight: 30
+--- -->
diff --git a/content/zh/docs/setup/independent/control-plane-flags.md b/content/zh/docs/setup/independent/control-plane-flags.md
new file mode 100644
index 0000000000000..94b042370f24c
--- /dev/null
+++ b/content/zh/docs/setup/independent/control-plane-flags.md
@@ -0,0 +1,130 @@
+---
+title: 使用 kubeadm 定制控制平面配置
+content_template: templates/concept
+weight: 40
+---
+
+<!--
+---
+reviewers:
+- sig-cluster-lifecycle
+title: Customizing control plane configuration with kubeadm
+content_template: templates/concept
+weight: 40
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+The kubeadm configuration exposes the following fields that can override the default flags passed to control plane components such as the APIServer, ControllerManager and Scheduler:
+-->
+kubeadm 配置公开了以下字段，这些字段可以覆盖传递给控制平面组件（如 APIServer、ControllerManager 和 Scheduler）的默认参数：
+
+- `APIServerExtraArgs`
+- `ControllerManagerExtraArgs`
+- `SchedulerExtraArgs`
+
+<!--
+These fields consist of `key: value` pairs. To override a flag for a control plane component:
+-->
+这些字段由 `key: value` 对组成。
+要覆盖控制平面组件的参数:
+
+<!--
+1.  Add the appropriate field to your configuration.
+2.  Add the flags to override to the field.
+-->
+1.  将适当的字段添加到配置中。
+2.  向字段添加要覆盖的参数值。
+
+<!--
+For more details on each field in the configuration you can navigate to our
+[API reference pages](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#ClusterConfiguration).
+-->
+有关配置中的每个字段的详细信息，您可以导航到我们的 [API 参考页面](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#ClusterConfiguration)。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## APIServer flags
+-->
+## APIServer 参数
+
+<!--
+For details, see the [reference documentation for kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/).
+-->
+有关详细信息，请参阅 [kube-apiserver 参考文档](/docs/reference/command-line-tools-reference/kube-apiserver/)。
+
+<!--
+Example usage:
+-->
+使用示例：
+```yaml
+apiVersion: kubeadm.k8s.io/v1alpha3
+kind: ClusterConfiguration
+kubernetesVersion: v1.12.0
+metadata:
+  name: 1.12-sample
+apiServerExtraArgs:
+  advertise-address: 192.168.0.103
+  anonymous-auth: false
+  enable-admission-plugins: AlwaysPullImages,DefaultStorageClass
+  audit-log-path: /home/johndoe/audit.log
+```
+
+<!--
+## ControllerManager flags
+-->
+## ControllerManager 参数
+
+<!--
+For details, see the [reference documentation for kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/).
+-->
+有关详细信息，请参阅 [kube-controller-manager 参考文档](/docs/reference/command-line-tools-reference/kube-controller-manager/)。
+
+<!--
+Example usage:
+-->
+使用示例：
+```yaml
+apiVersion: kubeadm.k8s.io/v1alpha3
+kind: ClusterConfiguration
+kubernetesVersion: v1.12.0
+metadata:
+  name: 1.12-sample
+controllerManagerExtraArgs:
+  cluster-signing-key-file: /home/johndoe/keys/ca.key
+  bind-address: 0.0.0.0
+  deployment-controller-sync-period: 50
+```
+
+<!--
+## Scheduler flags
+-->
+## Scheduler 参数
+
+<!--
+For details, see the [reference documentation for kube-scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/).
+-->
+有关详细信息，请参阅 [kube-scheduler 参考文档](/docs/reference/command-line-tools-reference/kube-scheduler/)。
+
+<!--
+Example usage:
+-->
+使用示例：
+```yaml
+apiVersion: kubeadm.k8s.io/v1alpha3
+kind: ClusterConfiguration
+kubernetesVersion: v1.12.0
+metadata:
+  name: 1.12-sample
+schedulerExtraArgs:
+  address: 0.0.0.0
+  config: /home/johndoe/schedconfig.yaml
+  kubeconfig: /home/johndoe/kubeconfig.yaml
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/independent/create-cluster-kubeadm.md b/content/zh/docs/setup/independent/create-cluster-kubeadm.md
index 0648f32972798..da411a1b3fa25 100644
--- a/content/zh/docs/setup/independent/create-cluster-kubeadm.md
+++ b/content/zh/docs/setup/independent/create-cluster-kubeadm.md
@@ -1,63 +1,75 @@
 ---
-title: 使用 kubeadm 创建一个单主集群
+reviewers:
+- sig-cluster-lifecycle
+title: 使用 kubeadm 创建只有一个主节点的集群
 content_template: templates/task
 weight: 30
 ---
 
-<!-- ---
+<!--
+---
 reviewers:
 - sig-cluster-lifecycle
 title: Creating a single master cluster with kubeadm
 content_template: templates/task
 weight: 30
---- -->
-
+---
+-->
 
 {{% capture overview %}}
+
 <!--
 <img src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/certified-kubernetes/versionless/color/certified-kubernetes-color.png" align="right" width="150px">**kubeadm** helps you bootstrap a minimum viable Kubernetes cluster that conforms to best practices.  With kubeadm, your cluster should pass [Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification). Kubeadm also supports other cluster 
 lifecycle functions, such as upgrades, downgrade, and managing [bootstrap tokens](/docs/reference/access-authn-authz/bootstrap-tokens/).  -->
 
 <img src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/certified-kubernetes/versionless/color/certified-kubernetes-color.png" align="right" width="150px">**kubeadm** 能帮助您建立一个小型的符合最佳实践的 Kubernetes 集群。通过使用 kubeadm, 您的集群会符合 [Kubernetes 合规性测试](https://kubernetes.io/blog/2017/10/software-conformance-certification)的要求. Kubeadm 也支持其他的集群生命周期操作，比如升级、降级和管理[启动引导令牌](/docs/reference/access-authn-authz/bootstrap-tokens/)。
 
-<!-- Because you can install kubeadm on various types of machine (e.g. laptop, server, 
+<!--
+Because you can install kubeadm on various types of machine (e.g. laptop, server, 
 Raspberry Pi, etc.), it's well suited for integration with provisioning systems 
-such as Terraform or Ansible. -->
+such as Terraform or Ansible.
+-->
 
-因为您可以在不同类型的机器（比如笔记本、服务器和树莓派等）上安装 kubeadm，因此它非常适合与 Terraform 或 Ansible 这类自动化管理系统集成。
+因为您可以在各种类型的机器（例如笔记本电脑、服务器、树莓派等）上安装 kubeadm，
+所以它非常适合与 Terraform 或 Ansible 等配置系统集成。
 
-<!-- kubeadm's simplicity means it can serve a wide range of use cases:
+<!--
+kubeadm's simplicity means it can serve a wide range of use cases:
 
 - New users can start with kubeadm to try Kubernetes out for the first time.
 - Users familiar with Kubernetes can spin up clusters with kubeadm and test their applications.
-- Larger projects can include kubeadm as a building block in a more complex system that can also include other installer tools. -->
+- Larger projects can include kubeadm as a building block in a more complex system that can also include other installer tools.
+-->
 
-kubeadm 的简单便捷为大家带来了广泛的用户案例：
+kubeadm 的简单性意味着它可以服务于各种用例：
 
-- 新用户可以从 kubeadm 开始来试用 Kubernetes。
-- 熟悉 Kubernetes 的用户可以使用 kubeadm 快速搭建集群并测试他们的应用。
-- 大型的项目可以将 kubeadm 和其他的安装工具一起形成一个比较复杂的系统。
+ - 新用户可以从 kubeadm 开始，第一次尝试 Kubernetes。
+ - 熟悉 Kubernetes 的用户可以使用 kubeadm 启动集群并测试他们的应用程序。
+ - 较大的项目可以包括 kubeadm 作为更复杂系统中的构建块，也可以包括其他安装工具。
 
-<!-- kubeadm is designed to be a simple way for new users to start trying
+<!--
+kubeadm is designed to be a simple way for new users to start trying
 Kubernetes out, possibly for the first time, a way for existing users to
 test their application on and stitch together a cluster easily, and also to be
 a building block in other ecosystem and/or installer tool with a larger
-scope. -->
+scope.
+-->
 
-kubeadm 的设计初衷是为新用户提供一种便捷的方式来首次试用 Kubernetes，
-同时也方便老用户搭建集群测试他们的应用。
-此外 kubeadm 也可以跟其它生态系统与/或安装工具集成到一起，提供更强大的功能。
+kubeadm 旨在成为新用户开始尝试 Kubernetes 的一种简单方法，可能这是第一次让
+现有用户可以轻松测试应用程序并将其与集群拼接在一起，同时，kubeadm 也可成为其他生态系统中的构建块或者更大范围的安装工具。
 
-<!-- You can install _kubeadm_ very easily on operating systems that support
+<!--
+You can install _kubeadm_ very easily on operating systems that support
 installing deb or rpm packages. The responsible SIG for kubeadm,
 [SIG Cluster Lifecycle](https://github.com/kubernetes/community/tree/master/sig-cluster-lifecycle), provides these packages pre-built for you,
-but you may also build them from source for other OSes. -->
+but you may also build them from source for other OSes.
+-->
 
-您可以很方便地在支持 rpm 或 deb 软件包的操作系统上安装 _kubeadm_。对应 kubeadm 的 SIG，
-[SIG Cluster Lifecycle](https://github.com/kubernetes/community/tree/master/sig-cluster-lifecycle)，
-提供了预编译的这类安装包，当然您也可以自己基于源码为其它操作系统来构造安装包。
+您可以在支持安装 deb 或 rpm 软件包的操作系统上轻松安装 _kubeadm_ 。 负责 kubeadm 的 SIG——[SIG Cluster Lifecycle](https://github.com/kubernetes/community/tree/master/sig-cluster-lifecycle)提供了为您预先构建的这些软件包，
+但您也可以基于源代码为其它操作系统生成这些软件包。
 
-<!-- ### kubeadm Maturity
+<!--
+### kubeadm Maturity
 
 | Area                      | Maturity Level |
 |---------------------------|--------------- |
@@ -67,99 +79,97 @@ but you may also build them from source for other OSes. -->
 | Self-hosting              | alpha          |
 | kubeadm alpha subcommands | alpha          |
 | CoreDNS                   | GA             |
-| DynamicKubeletConfig      | alpha          | -->
+| DynamicKubeletConfig      | alpha          |
+-->
 
-### kubeadm 成熟程度
+### kubeadm 成熟度
 
-| 功能                       | 成熟程度        |
+| 领域                       | 成熟度          |
 |---------------------------|--------------- |
-| 命令行用户体验               | beta           |
-| 功能实现                    | beta           |
-| 配置文件 API                | alpha          |
-| 自托管                     | alpha          |
+| 命令行 UX                  | beta           |
+| 执行（Implementation）     | beta           |
+| 配置文件 API               | alpha          |
+| 自托管 （Self-hosting）    | alpha          |
 | kubeadm alpha 子命令       | alpha          |
 | CoreDNS                   | GA             |
-| 动态 Kubelet 配置          | alpha          |
+| DynamicKubeletConfig      | alpha          |
+
 
-<!-- kubeadm's overall feature state is **Beta** and will soon be graduated to
+<!--
+kubeadm's overall feature state is **Beta** and will soon be graduated to
 **General Availability (GA)** during 2018. Some sub-features, like self-hosting
 or the configuration file API are still under active development. The
 implementation of creating the cluster may change slightly as the tool evolves,
 but the overall implementation should be pretty stable. Any commands under
-`kubeadm alpha` are by definition, supported on an alpha level. -->
+`kubeadm alpha` are by definition, supported on an alpha level.
+-->
 
-kubeadm 的整体功能目前还是 **Beta** 状态，然而很快在 2018 年就会转换成**正式发布 (GA)** 状态。
-一些子功能，比如自托管或者配置文件 API 还在开发过程当中。
-随着工具的发展，创建集群的方法可能会有所变化，但是整体部署方案还是比较稳定的。
-在 `kubeadm alpha` 下面的任何命令都只是 alpha 状态，目前只提供初期阶段的服务。
+kubeadm 的整体功能状态是 **Beta**，很快将在 2018年升级为 **正式发布 (GA)**。一些子功能，如自托管或配置文件
+API 仍在积极开发中。随着工具的发展，创建集群的实现可能会略有变化，但整体实现应该相当稳定。正如其名字所表达的，`kubeadm alpha` 下的任何命令
+都仅按 alpha 特性来支持。
 
-<!-- ### Support timeframes
+<!--
+### Support timeframes
 
 Kubernetes releases are generally supported for nine months, and during that
 period a patch release may be issued from the release branch if a severe bug or
 security issue is found. Here are the latest Kubernetes releases and the support
 timeframe; which also applies to `kubeadm`.
-
-| Kubernetes version | Release month  | End-of-life-month |
-|--------------------|----------------|-------------------|
-| v1.6.x             | March 2017     | December 2017     |
-| v1.7.x             | June 2017      | March 2018        |
-| v1.8.x             | September 2017 | June 2018         |
-| v1.9.x             | December 2017  | September 2018    |
-| v1.10.x            | March 2018     | December 2018     |
-| v1.11.x            | June 2018      | March 2019        |
-| v1.12.x            | September 2018 | June 2019         |
 -->
 
-### 维护周期
 
-Kubernetes 发现版本的通常只维护支持九个月，在维护周期内，如果发现有比较重大的 bug 或者安全问题的话，
-可能会发布一个补丁版本。下面是 Kubernetes 的发布和维护周期，同时也适用于 `kubeadm`。
+### 支持时间表
+
+每个 Kubernetes 发行版本通常支持九个月，在此期间，如果 Kubernetes 被发现有严重错误或安全问题，可能会从发行分支上发布补丁版本。 
+以下是最新的 Kubernetes 版本号和支持时间表；该表也适用于 `kubeadm`。
 
-| Kubernetes 版本     | 发行月份        | 终止维护月份        |
+| Kubernetes 版本号    | 发行月        |     结束月        |
 |--------------------|----------------|-------------------|
-| v1.6.x             | 2017 年 3 月    | 2017 年 12 月     |
-| v1.7.x             | 2017 年 6 月    | 2018 年 3 月      |
-| v1.8.x             | 2017 年 9 月    | 2018 年 6 月      |
-| v1.9.x             | 2017 年 12 月   |  2018 年 9 月     |
-| v1.10.x            | 2018 年 3 月    | 2018 年 12 月     |
-| v1.11.x            | 2018 年 6 月    | 2019 年 3 月      |
-| v1.12.x            | 2018 年 9 月    | 2019 年 6 月      |
+| v1.6.x             |  2017 年 3 月    |  2017 年 12 月     |
+| v1.7.x             |  2017 年 6 月    |  2018年 3 月       |
+| v1.8.x             |  2017 年 9 月    |  2018年 6 月       |
+| v1.9.x             |  2017 年 12 月   |  2018年 9 月       |
+| v1.10.x            |  2018 年 3 月    |  2018年 12 月      |
+| v1.11.x            |  2018 年 6 月    |  2019年 3 月       |
+| v1.12.x            |  2018 年 9 月    |  2019年 6 月       |
 
 {{% /capture %}}
 
 {{% capture prerequisites %}}
-<!-- 
 
+<!--
 - One or more machines running a deb/rpm-compatible OS, for example Ubuntu or CentOS
 - 2 GB or more of RAM per machine. Any less leaves little room for your
    apps.
 - 2 CPUs or more on the master
 - Full network connectivity among all machines in the cluster. A public or
    private network is fine.
- -->
+-->
+
+- 一台或多台机器，其上运行支持 deb / rpm 软件包的操作系统，例如 Ubuntu 或 CentOS。
+- 每台机器 2 GB 或更多内存。少一点点内存都会让您的应用运行空间非常局促。
+- 主节点上有至少 2 个 CPU。
+- 集群中所有计算机之间的网络互联互通，公网或内网都可以。
 
-- 一个或者多个兼容 deb 或者 rpm 软件包的操作系统，比如 Ubuntu 或者 CentOS
-- 每台机器 2 GB 以上的内存，内存不足时应用会受限制
-- 主节点上 2 CPU 以上
-- 集群里所有的机器有完全的网络连接，公有网络或者私有网络都可以
- 
 {{% /capture %}}
+
 {{% capture steps %}}
-<!-- 
+
+<!--
 ## Objectives
 
-* Install a single master Kubernetes cluster or [high availability cluster](https://kubernetes.io/docs/setup/independent/high-availability/)
+* Install a single master Kubernetes cluster or [high availability cluster](/docs/setup/independent/high-availability/)
 * Install a Pod network on the cluster so that your Pods can
   talk to each other
 -->
 
 ## 目标
 
-* 搭建一个单主 Kubernetes 集群或者[高可用集群](https://kubernetes.io/docs/setup/independent/high-availability/)
-* 在集群上安装 Pod 网络组件以便 Pod 之间可以互相通信
+* 安装只有一个主节点的集群或[高可用集群](/docs/setup/independent/high-availability/)。
+* 在集群上安装 Pod 网络，以便您的 Pod 可以相互通信。
 
-<!-- ## Instructions
+<!--
+## Instructions
 
 ### Installing kubeadm on your hosts
 
@@ -172,36 +182,36 @@ apt-get upgrade` or `yum update` to get the latest version of kubeadm.
 When you upgrade, the kubelet restarts every few seconds as it waits in a crashloop for
 kubeadm to tell it what to do. This crashloop is expected and normal. 
 After you initialize your master, the kubelet runs normally.
-{{< /note >}}-->
+{{< /note >}}
+-->
 
-## 步骤
+## 说明
 
-### 在您的机器上安装 kubeadm 
+### 在主机上安装 kubeadm
 
-请查阅[安装 kubeadm](/docs/setup/independent/install-kubeadm/)。
+详见["安装 kubeadm"](/docs/setup/independent/install-kubeadm/).
 
 {{< note >}}
-**注意:** 如果您的机器已经安装了 kubeadm, 请运行 `apt-get update &&
-apt-get upgrade` 或者 `yum update` 来升级至最新版本的 kubeadm.
+**注意:** 如果您已经安装了 kubeadm，请运行 `apt-get update && apt-get upgrade`
+或 `yum update` 以获取最新版本的 kubeadm。
+
+当您升级时，kubelet 会每隔几秒钟重新启动一次，
+因为它陷入崩溃循环（crashloop）中，等待 kubeadm 告诉它该怎么做。
+这个崩溃循环是意料之中的并且是正常的。主节点被初始化后，kubelet 会正常运行。
 
-升级过程中，kubelet 会每隔几秒钟重启并陷入了不断循环等待 kubeadm 发布指令的状态。
-这个死循环的过程是正常的，当升级并初始化完成您的主节点之后，kubelet 才会正常运行。
 {{< /note >}}
 
-<!-- ### Initializing your master
+<!--
+### Initializing your master
 
 The master is the machine where the control plane components run, including
 etcd (the cluster database) and the API server (which the kubectl CLI
-communicates with). -->
-
-### 初始化您的主节点
+communicates with).
 
-主节点是集群里运行控制面的机器，包括 etcd (集群的数据库)和 API 服务（kubectl CLI 与之交互）。
-
-<!-- 1. Choose a Pod network add-on, and verify whether it requires any arguments to 
+1. Choose a pod network add-on, and verify whether it requires any arguments to 
 be passed to kubeadm initialization. Depending on which
-third-party provider you choose, you might need to set the `--Pod-network-cidr` to
-a provider-specific value. See [Installing a Pod network add-on](#Pod-network).
+third-party provider you choose, you might need to set the `--pod-network-cidr` to
+a provider-specific value. See [Installing a pod network add-on](#pod-network).
 1. (Optional) Unless otherwise specified, kubeadm uses the network interface associated 
 with the default gateway to advertise the master's IP. To use a different 
 network interface, specify the `--apiserver-advertise-address=<ip-address>` argument 
@@ -214,39 +224,36 @@ Now run:
 
 ```bash
 kubeadm init <args> 
-``` -->
+```
+-->
+
+### 初始化主节点
 
+主节点是运行控制平面组件的机器，包括 etcd（集群数据库）和 API 服务器（kubectl CLI 与之通信）。
 
-1. 选择一个 Pod 网络插件，并检查是否在 kubeadm 初始化过程中需要传入什么参数。这个取决于
-您选择的网络插件，您可能需要设置 `--Pod-network-cidr` 来指定网络驱动的 CIDR。请参阅[安装网络插件](#Pod-network)。
-1. (可选) 除非特别指定，kubeadm 会使用默认网关所在的网络接口广播其主节点的 IP 地址。若需使用其他网络接口，请
-给 `kubeadm init` 设置 `--apiserver-advertise-address=<ip-address>` 参数。如果需要部署
-IPv6 的集群，则需要指定一个 IPv6 地址，比如 `--apiserver-advertise-address=fd00::101`。
-1. (可选) 在运行 `kubeadm init` 之前请先执行 `kubeadm config images pull` 来测试与 gcr.io 的连接。
+1. 选择一个 pod 网络加载项，并验证是否需要将任何参数传递给 kubeadm 初始化。
+根据您选择的第三方提供商，您可能需要将 `--pod-network-cidr` 设置为特定于提供者的值。
+请参阅[安装 pod 网络附加组件](#pod-network)。
+1. （可选）除非另有说明，否则 kubeadm 使用与默认网关关联的网络接口来通告主节点 IP。 要使用不同的网络接口，请为
+`kubeadm init` 指定 `--apiserver-advertise-address=<ip-address>` 参数。
+要使用 IPv6 部署 Kubernetes 集群，必须指定 IPv6 地址，例如 `--apiserver-advertise-address=fd00::101`。
+1. （可选）在运行 `kubeadm init` 之前运行 `kubeadm config images pull` 以验证与 gcr.io 镜像仓库的连接。
 
 现在运行:
 
 ```bash
 kubeadm init <args> 
 ```
-
-<!-- ### More information
+<!--
+### More information
 
 For more information about `kubeadm init` arguments, see the [kubeadm reference guide](/docs/reference/setup-tools/kubeadm/kubeadm/).
 
 For a complete list of configuration options, see the [configuration file documentation](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file).
 
-To customize control plane components, including optional IPv6 assignment to liveness probe for control plane components and etcd server, provide extra arguments to each component as documented in [custom arguments](/docs/admin/kubeadm#custom-args). -->
-
-### 补充信息
-
-想了解更多关于 `kubeadm init` 的参数, 请参阅[kubeadm 参考指南](/docs/reference/setup-tools/kubeadm/kubeadm/)。
+To customize control plane components, including optional IPv6 assignment to liveness probe for control plane components and etcd server, provide extra arguments to each component as documented in [custom arguments](/docs/admin/kubeadm#custom-args).
 
-想了解完整的配置选项，请参阅[配置文件](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file)。
-
-如果想定制控制面组件，包括为活跃性探测和 etcd 服务提供 IPv6 支持以及为各组件提供额外参数，请参阅[定制参数](/docs/admin/kubeadm#custom-args)。
-
-<!-- To run `kubeadm init` again, you must first [tear down the cluster](#tear-down).
+To run `kubeadm init` again, you must first [tear down the cluster](#tear-down).
 
 If you join a node with a different architecture to your cluster, create a separate
 Deployment or DaemonSet for `kube-proxy` and `kube-dns` on the node. This is because the Docker images for these
@@ -255,16 +262,25 @@ components do not currently support multi-architecture.
 `kubeadm init` first runs a series of prechecks to ensure that the machine
 is ready to run Kubernetes. These prechecks expose warnings and exit on errors. `kubeadm init`
 then downloads and installs the cluster control plane components. This may take several minutes. 
-The output should look like: -->
+The output should look like:
+-->
+
+### 更多信息
 
-如果需要再次运行 `kubeadm init`，您必须先[卸载集群](#tear-down)。
+更多关于 `kubeadm init` 的参数信息，详见 [kubeadm 参考指南](/docs/reference/setup-tools/kubeadm/kubeadm/)。
 
-如果您需要将不同架构的节点加入您的集群，请单独在这类节点上为 `kube-proxy` 和 `kube-dns` 创建 Deployment 或 DaemonSet。
-这是因为这些组件的 Docker 镜像并不支持多架构。
+有关配置选项的完整列表，请参阅 [配置文件文档](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file)。
 
-`kubeadm init` 首先会执行一系列的运行前检查来确保机器满足运行 Kubernetes 的条件。
-这些检查会抛出警告并在发现错误的时候终止整个初始化进程。
-然后 `kubeadm init` 会下载并安装集群的控制面组件，这可能会花费几分钟时间，其输出如下所示：
+要自定义控制平面组件，包括可选的 IPv6 分配到控制平面组件和 etcd 服务器的活动探测器，请为[自定义参数](/docs/admin/kubeadm#custom-args)中记录的每个组件提供额外的参数。
+
+要再次运行 `kubeadm init`，必须先[移除集群](#tear-down).
+
+如果您将具有不同体系结构的节点加集群，请在节点上为 `kube-proxy` 和 `kube-dns` 创建单独的 Deployment 或 DaemonSet 。
+这是因为这些组件的 Docker 镜像目前不支持多架构。
+
+执行 `kubeadm init` 命令后，首先运行一系列预检，以确保机器已准备好运行 Kubernetes。
+这些预先检查会显示警告并退出错误，然后 `kubeadm init` 会下载并安装集群控制平面组件。 这可能会需要几分钟。
+输出应如下所示：
 
 ```none
 [init] Using Kubernetes version: vX.Y.Z
@@ -307,9 +323,9 @@ To start using your cluster, you need to run (as a regular user):
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   sudo chown $(id -u):$(id -g) $HOME/.kube/config
 
-You should now deploy a Pod network to the cluster.
-Run "kubectl apply -f [Podnetwork].yaml" with one of the addon options listed at:
-  http://kubernetes.io/docs/admin/addons/
+You should now deploy a pod network to the cluster.
+Run "kubectl apply -f [podnetwork].yaml" with one of the addon options listed at:
+  /docs/admin/addons/
 
 You can now join any number of machines by running the following on each node
 as root:
@@ -317,17 +333,7 @@ as root:
   kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>
 ```
 
-
-<!-- To make kubectl work for your non-root user, run these commands, which are
-also part of the `kubeadm init` output:
-
-```bash
-mkdir -p $HOME/.kube
-sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
-sudo chown $(id -u):$(id -g) $HOME/.kube/config
-``` -->
-
-如果需要让普通用户可以运行 kubectl，请运行如下命令，其实这也是 `kubeadm init` 输出的一部分：
+如果您是非 root 用户运行 kubectl，请运行以下命令，这些命令也是 `kubeadm init` 输出的一部分：
 
 ```bash
 mkdir -p $HOME/.kube
@@ -335,79 +341,80 @@ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config
 ```
 
-<!-- Alternatively, if you are the `root` user, you can run:
-
-```bash
-export KUBECONFIG=/etc/kubernetes/admin.conf
-``` -->
-
 或者，如果您是 `root` 用户，则可以运行：
 
 ```bash
 export KUBECONFIG=/etc/kubernetes/admin.conf
 ```
-
-<!-- Make a record of the `kubeadm join` command that `kubeadm init` outputs. You
+<!--
+Make a record of the `kubeadm join` command that `kubeadm init` outputs. You
 need this command to [join nodes to your cluster](#join-nodes).
 
 The token is used for mutual authentication between the master and the joining
 nodes.  The token included here is secret. Keep it safe, because anyone with this
 token can add authenticated nodes to your cluster. These tokens can be listed,
 created, and deleted with the `kubeadm token` command. See the
-[kubeadm reference guide](/docs/reference/setup-tools/kubeadm/kubeadm-token/). -->
+[kubeadm reference guide](/docs/reference/setup-tools/kubeadm/kubeadm-token/).
+-->
 
-请备份好 `kubeadm init` 输出中的 `kubeadm join` 命令，因为您会需要这个命令来[给集群添加节点](#join-nodes)。
+记录 `kubeadm init` 输出结果中的 `kubeadm join` 命令。
+您需要执行此命令[将节点添加到您的集群](#join-nodes)。
 
-令牌是主节点和新添加的节点之间进行相互身份验证的，因此请确保其安全。任何人只要知道了这些令牌，就可以随便给您的集群添加节点。
-可以使用 `kubeadm token` 命令来列出、创建和删除这类令牌。
-请参阅[kubeadm 参考指南](/docs/reference/setup-tools/kubeadm/kubeadm-token/)。
+令牌（token）用于主节点和待加入节点之间的相互认证。
+请将这里包含的令牌视为机密数据，保证其安全，因为任何人都可以通过令牌将经过身份验证的节点添加到集群中。
+可以使用 `kubeadm token` 命令列出，创建和删除这些令牌。 参见 [kubeadm 参考指南](/docs/reference/setup-tools/kubeadm/kubeadm-token/).
 
-<!-- ### Installing a Pod network add-on {#Pod-network}
+<!--
+### Installing a pod network add-on {#pod-network}
 
 {{< caution >}}
 **Caution:** This section contains important information about installation and deployment order. Read it carefully before proceeding.
 {{< /caution >}}
 
-You must install a Pod network add-on so that your Pods can communicate with
-each other. -->
+You must install a pod network add-on so that your pods can communicate with
+each other.
+-->
 
-### 安装 Pod 网络插件 {#Pod-network}
+### 安装 pod 网络附加组件 {#pod-network}
 
 {{< caution >}}
-**注意:** 这一节包含了安装和部署顺序的重要信息，执行之前请仔细阅读。
+**注意:** 本节包含有关安装和部署顺序的重要信息。 继续操作之前请仔细阅读。
 {{< /caution >}}
 
-您必须先安装 Pod 网络插件，以便您的 Pod 可以互相通信。
+您必须安装 pod 网络插件，以便您的 pod 之间可以相互通信。
 
-<!-- **The network must be deployed before any applications. Also, CoreDNS will not start up before a network is installed.
+<!--
+**The network must be deployed before any applications. Also, CoreDNS will not start up before a network is installed.
 kubeadm only supports Container Network Interface (CNI) based networks (and does not support kubenet).**
 
-Several projects provide Kubernetes Pod networks using CNI, some of which also
+Several projects provide Kubernetes pod networks using CNI, some of which also
 support [Network Policy](/docs/concepts/services-networking/networkpolicies/). See the [add-ons page](/docs/concepts/cluster-administration/addons/) for a complete list of available network add-ons. 
 - IPv6 support was added in [CNI v0.6.0](https://github.com/containernetworking/cni/releases/tag/v0.6.0). 
-- [CNI bridge](https://github.com/containernetworking/plugins/blob/master/plugins/main/bridge/README.md) and [local-ipam](https://github.com/containernetworking/plugins/blob/master/plugins/ipam/host-local/README.md) are the only supported IPv6 network plugins in Kubernetes version 1.9. -->
+- [CNI bridge](https://github.com/containernetworking/plugins/blob/master/plugins/main/bridge/README.md) and [local-ipam](https://github.com/containernetworking/plugins/blob/master/plugins/ipam/host-local/README.md) are the only supported IPv6 network plugins in Kubernetes version 1.9.
 
-**网络必须在部署任何应用之前部署好。此外，在网络安装之前是 CoreDNS 不会启用的。
-kubeadm 只支持基于容器网络接口（CNI）的网络而且不支持 kubenet 。**
-
-有一些项目为 Kubernetes 提供使用 CNI 的 Pod 网络，其中一些也支持[网络策略](/docs/concepts/services-networking/networkpolicies/).
-请参阅[插件页面](/docs/concepts/cluster-administration/addons/)了解可用网络插件的完整列表。
-- [CNI v0.6.0](https://github.com/containernetworking/cni/releases/tag/v0.6.0) 也提供了 IPv6 的支持。
-- [CNI 网桥](https://github.com/containernetworking/plugins/blob/master/plugins/main/bridge/README.md) 和 [local-ipam](https://github.com/containernetworking/plugins/blob/master/plugins/ipam/host-local/README.md) 是 Kubernetes 1.9 版本里提供的唯一支持 IPv6 的网络插件。
-
-<!-- Note that kubeadm sets up a more secure cluster by default and enforces use of [RBAC](/docs/reference/access-authn-authz/rbac/).
+Note that kubeadm sets up a more secure cluster by default and enforces use of [RBAC](/docs/reference/access-authn-authz/rbac/).
 Make sure that your network manifest supports RBAC.
 
-You can install a Pod network add-on with the following command:
+You can install a pod network add-on with the following command:
 
 ```bash
 kubectl apply -f <add-on.yaml>
-``` -->
+```
+-->
 
-注意 kubeadm 默认会创建一个比较安全的集群并强制启用[RBAC](/docs/reference/access-authn-authz/rbac/)。
-请确保您的网络方案支持 RBAC。
+**您必须在开启任何应用程序之前部署网络。 此外，CoreDNS 将不会在安装网络之前启动。kubeadm 仅支持基于容器网络接口（CNI）的网络(并且不支持 kubenet )**
 
-您可以使用下列命令安装网络插件：
+有几个项目使用 CNI 提供 Kubernetes pod 网络，其中一些还支持[网络策略](/docs/concepts/services-networking/networkpolicies/)。
+有关可用网络加载项的完整列表，请参阅[插件项页面](/docs/concepts/cluster-administration/addons/)。
+
+- IPv6 的支持被加入到了 [CNI v0.6.0](https://github.com/containernetworking/cni/releases/tag/v0.6.0). 
+- [CNI 网桥](https://github.com/containernetworking/plugins/blob/master/plugins/main/bridge/README.md) 和 [local-ipam](https://github.com/containernetworking/plugins/blob/master/plugins/ipam/host-local/README.md) 是 Kubernetes 1.9 版本中唯一受支持的 IPv6 
+网络插件。
+
+请注意，kubeadm 默认设置更安全的集群并强制使用 [RBAC](/docs/reference/access-authn-authz/rbac/)。
+确保您的网络配置支持 RBAC。
+
+您可以使用以下命令安装 pod 网络插件：
 
 ```bash
 kubectl apply -f <add-on.yaml>
@@ -415,22 +422,13 @@ kubectl apply -f <add-on.yaml>
 
 <!-- You can install only one Pod network per cluster.
 
-{{< tabs name="tabs-Pod-install" >}}
-{{% tab name="Choose one..." %}}
-Please select one of the tabs to see installation instructions for the respective third-party Pod Network Provider.
-{{% /tab %}} -->
 
-您仅可以给任何一个集群安装一个网络插件。
+每个集群只能安装一个 Pod 网络。
 
-{{< tabs name="tabs-Pod-install" >}}
+{{< tabs name="tabs-pod-install" >}}
 {{% tab name="Choose one..." %}}
-请选择一个选项来查看对应的第三方网络插件驱动的安装向导。
-{{% /tab %}}
-
-<!--
-For more information about using Calico, see [Quickstart for Calico on Kubernetes](https://docs.projectcalico.org/latest/getting-started/kubernetes/), [Installing Calico for policy and networking](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/calico), and other related resources.
 
-For Calico to work correctly, you need to pass `--Pod-network-cidr=192.168.0.0/16` to `kubeadm init` or update the `calico.yml` file to match your Pod network. Note that Calico works on `amd64` only.
+请选择其中一个选项卡以查看相应第三方 Pod 网络驱动的安装说明。
 
 ```shell
 kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
@@ -438,10 +436,11 @@ kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
 -->
 
 {{% tab name="Calico" %}}
-想了解关于 Calico 的使用的更多信息, 请参阅[Kubernetes上的Calico快速实践](https://docs.projectcalico.org/latest/getting-started/kubernetes/)、[安装 Calico 实现网络策略](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/calico)和其他相关资源。
+有关使用 Calico 的更多信息，请参阅 [Calico on Kubernetes上的快速入门](https://docs.projectcalico.org/latest/getting-started/kubernetes/)，
+[安装 Calico 用于策略和网络](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/calico)和其他相关资源。
 
-为了 Calico 可以正确工作，您需要给 `kubeadm init` 传递 `--Pod-network-cidr=192.168.0.0/16` 这样的选项，
-或者根据您的网络方案更新 `calico.yml` 。注意 Calico 只适用于 `amd64` 架构。
+要使 Calico 正常工作，您需要执行 `kubeadm init` 时增加 `--pod-network-cidr=192.168.0.0/16` 参数或更新 `calico.yml` 文件以匹配您的 Pod 网络。
+请注意，Calico 仅适用于 `amd64`、`arm64`、`ppc64le` 和 `s390x` 架构。
 
 ```shell
 kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
@@ -449,8 +448,6 @@ kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
 
 {{% /tab %}}
 
-<!--
-Canal uses Calico for policy and Flannel for networking. Refer to the Calico documentation for the [official getting started guide](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/flannel).
 
 For Canal to work correctly, `--Pod-network-cidr=10.244.0.0/16` has to be passed to `kubeadm init`. Note that Canal works on `amd64` only.
 
@@ -460,226 +457,164 @@ kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/canal.yaml
 -->
 
 {{% tab name="Canal" %}}
-Canal 使用 Calico 提供的网络策略和 Flannel 提供的网络功能。请查阅 Calico 的官方文档
-[入门指引](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/flannel)。
+Canal 使用 Calico 作为策略、Flannel 作为网络。 有关 Calico 的内容，请参阅[官方入门指南](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/flannel)。
 
-为了 Canal 可以正确运行，`kubeadm init` 运行时需要设置`--Pod-network-cidr=10.244.0.0/16`，同时注意它只适用于 `amd64` 架构。
+为了让 Canal 正常工作， 您需要在执行 `kubeadm init` 时增加 `--pod-network-cidr=10.244.0.0/16` 参数。 注意 Canal 只支持 `amd64` 设备。
 
 ```shell
 kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/canal.yaml
 ```
 
 {{% /tab %}}
+{{% tab name="Cilium" %}}
 <!--
-For more information about using Cilium with Kubernetes, see [Quickstart for Cilium on Kubernetes](http://docs.cilium.io/en/v1.2/kubernetes/quickinstall/) and [Kubernetes Install guide for Cilium](http://docs.cilium.io/en/v1.2/kubernetes/install/).
+For more information about using Cilium with Kubernetes, see [Kubernetes Install guide for Cilium](https://docs.cilium.io/en/stable/kubernetes/).
 
-Passing `--Pod-network-cidr` option to `kubeadm init` is not required, but highly recommended.
+For Cilium to work correctly, you must pass `--pod-network-cidr=10.217.0.0/16` to `kubeadm init`.
 
 These commands will deploy Cilium with its own etcd managed by etcd operator.
 
-```shell
-# Download required manifests from Cilium repository
-wget https://github.com/cilium/cilium/archive/v1.2.0.zip
-unzip v1.2.0.zip
-cd cilium-1.2.0/examples/kubernetes/addons/etcd-operator
-
-# Generate and deploy etcd certificates
-export CLUSTER_DOMAIN=$(kubectl get ConfigMap --namespace kube-system coredns -o yaml | awk '/kubernetes/ {print $2}')
-tls/certs/gen-cert.sh $CLUSTER_DOMAIN
-tls/deploy-certs.sh
+_Note_: If you are running kubeadm in a single node please untaint it so that
+etcd-operator pods can be scheduled in the control-plane node.
 
-# Label kube-dns with fixed identity label
-kubectl label -n kube-system Pod $(kubectl -n kube-system get Pods -l k8s-app=kube-dns -o jsonpath='{range .items[]}{.metadata.name}{" "}{end}') io.cilium.fixed-identity=kube-dns
+```shell
+kubectl taint nodes <node-name> node-role.kubernetes.io/master:NoSchedule-
+```
 
-kubectl create -f ./
+To deploy Cilium you just need to run:
 
-# Wait several minutes for Cilium, coredns and etcd Pods to converge to a working state
+```shell
+kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.5/examples/kubernetes/1.14/cilium.yaml
 ```
--->
-{{% tab name="Cilium" %}}
-想了解 Kubernetes 上使用 Cilium 的更多相关信息，请查参阅[Kubernetes 上 Cilium 的快速指南](http://docs.cilium.io/en/v1.2/kubernetes/quickinstall/) 和 [Kubernetes 上 Cilium 的安装向导](http://docs.cilium.io/en/v1.2/kubernetes/install/)。
 
-尽管这里并不要求给 `kubeadm init` 设置 `--Pod-network-cidr` 参数，但是这是一个高度推荐操作的步骤。
-
-这些命令会部署 Cilium 和它自己受 etcd 操作者管理的 etcd。
+Once all Cilium pods are marked as `READY`, you start using your cluster.
 
 ```shell
-# 从 Cilium 库下载所需清单文件
-wget https://github.com/cilium/cilium/archive/v1.2.0.zip
-unzip v1.2.0.zip
-cd cilium-1.2.0/examples/kubernetes/addons/etcd-operator
-
-# 生成并部署 etcd 证书
-export CLUSTER_DOMAIN=$(kubectl get ConfigMap --namespace kube-system coredns -o yaml | awk '/kubernetes/ {print $2}')
-tls/certs/gen-cert.sh $CLUSTER_DOMAIN
-tls/deploy-certs.sh
+$ kubectl get pods -n kube-system --selector=k8s-app=cilium
+NAME           READY   STATUS    RESTARTS   AGE
+cilium-drxkl   1/1     Running   0          18m
+```
 
-# 为 kube-dns 设置固定的标识标签
-kubectl label -n kube-system Pod $(kubectl -n kube-system get Pods -l k8s-app=kube-dns -o jsonpath='{range .items[]}{.metadata.name}{" "}{end}') io.cilium.fixed-identity=kube-dns
+-->
+有关将 Cilium 与 Kubernetes 一起使用的更多信息，请参阅[适用于 Cilium 的 Kubernetes 安装指南](https://docs.cilium.io/en/stable/kubernetes/)。
 
-kubectl create -f ./
+为了使 Cilium 正确工作，您必须向 `kubeadm init` 传递 `--pod-network-cidr=10.217.0.0/16` 参数。
 
-# 等待几分钟，Cilium、coredns 和 etcd 的 Pods 会收敛到工作状态
-```
+以下命令将部署 Cilium，包括其运行需要的 etcd（被 etcd operator 管理）。
 
-{{% /tab %}}
+_注意_: 如果您在单节点运行 kubeadm，您需要解除该节点的污点（untaint），以便 etcd-operator pod 能被调度到该控制节点。
 
-<!-- 
+```shell
+kubectl taint nodes <node-name> node-role.kubernetes.io/master:NoSchedule-
+```
 
-For `flannel` to work correctly, you must pass `--Pod-network-cidr=10.244.0.0/16` to `kubeadm init`.
+部署 Cilium，您只需执行：
 
-Set `/proc/sys/net/bridge/bridge-nf-call-iptables` to `1` by running `sysctl net.bridge.bridge-nf-call-iptables=1`
-to pass bridged IPv4 traffic to iptables' chains. This is a requirement for some CNI plugins to work, for more information
-please see [here](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements).
+```shell
+kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.5/examples/kubernetes/1.14/cilium.yaml
+```
 
-Note that `flannel` works on `amd64`, `arm`, `arm64` and `ppc64le`.
+一旦所有的 Cilium pod 的状态变成 `READY`，您就可以开始使用集群了。
 
 ```shell
-kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
+$ kubectl get pods -n kube-system --selector=k8s-app=cilium
+NAME           READY   STATUS    RESTARTS   AGE
+cilium-drxkl   1/1     Running   0          18m
 ```
 
-For more information about `flannel`, see [the CoreOS flannel repository on GitHub
-](https://github.com/coreos/flannel).-->
+{{% /tab %}}
+
 
 {{% tab name="Flannel" %}}
 
-为了让 `flannel` 能正确工作，您必须在运行 `kubeadm init` 时设置 `--Pod-network-cidr=10.244.0.0/16`。
+为了使 `flannel` 正常工作，你必须将选项 `--pod-network-cidr=10.244.0.0/16` 传递给 `kubeadm init`。
 
-通过运行 `sysctl net.bridge.bridge-nf-call-iptables=1` 将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置成 `1`，
-进而确保桥接的 IPv4 流量会传递给 iptables。
-这是一部分 CNI 插件运行的要求条件，请查看[这篇文档](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)获取更详细信息。
+通过执行 `sysctl net.bridge.bridge-nf-call-iptables=1` 命令，将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置为 `1` 
+以便将桥接的 IPv4 流量传递给 iptables 的链。 这是一些 CNI 插件工作的要求，有关详细信息，请参阅[此处](/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)。
 
-注意 `flannel` 适用于 `amd64`、`arm`、`arm64` 和 `ppc64le` 架构平台。
+注意 `flannel` 可以运行在 `amd64`、`arm`、`arm64`、`ppc64le`架构的机器上。
 
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
 ```
 
-想了解更多关于 `flannel` 的信息,请查阅[ GitHub 上的 CoreOS flannel 仓库](https://github.com/coreos/flannel)。
+`flannel` 的更多信息, 参见 [CoreOS flannel 在 GitHub 上的仓库](https://github.com/coreos/flannel).
 {{% /tab %}}
 
-<!-- 
-Set `/proc/sys/net/bridge/bridge-nf-call-iptables` to `1` by running `sysctl net.bridge.bridge-nf-call-iptables=1`
-to pass bridged IPv4 traffic to iptables' chains. This is a requirement for some CNI plugins to work, for more information
-please see [here](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements).
-
-Kube-router relies on kube-controller-manager to allocate Pod CIDR for the nodes. Therefore, use `kubeadm init` with the `--Pod-network-cidr` flag.
 
-Kube-router provides Pod networking, network policy, and high-performing IP Virtual Server(IPVS)/Linux Virtual Server(LVS) based service proxy.
-
-For information on setting up Kubernetes cluster with Kube-router using kubeadm, please see official [setup guide](https://github.com/cloudnativelabs/kube-router/blob/master/docs/kubeadm.md).
--->
 
 {{% tab name="Kube-router" %}}
-通过运行 `sysctl net.bridge.bridge-nf-call-iptables=1` 将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置成 `1`，
-确保桥接的 IPv4 流量会传递给 iptables。
-这是一部分 CNI 插件的运行条件。请查看[这篇文档](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)了解更详细的信息。
+通过执行 `sysctl net.bridge.bridge-nf-call-iptables=1` 命令，将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置为 `1` 
+以便将桥接的 IPv4 流量传递给 iptables 的链。 这是一些 CNI 插件工作的要求，有关详细信息，请参阅[此处](/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)。
 
-Kube-router 依赖于 kube-controller-manager 来给节点分配 CIDR， 因此需要设置 `kubeadm init` 的 `--Pod-network-cidr` 参数。
+Kube-router 依靠 kube-controller-manager 为节点分配 pod CIDR。 因此，执行`kubeadm init` 命令需要使用带 `-pod-network-cidr` 选项。
 
-Kube-router 提供 Pod 间联网、网络策略和和高效的基于 IPVS/LVS 的服务代理功能。
+Kube-router 提供 pod 网络、网络策略和基于高性能 IP Virtual Server（IPVS）/ Linux Virtual Server（LVS）的服务代理。
 
-想了解关于使用 kubeadm 搭建 Kubernetes 和 Kube-router 的更多信息。请查看官方的[安装指引](https://github.com/cloudnativelabs/kube-router/blob/master/docs/kubeadm.md)。
+有关使用 kubeadm 使用 Kube-router 设置 Kubernetes 集群的信息，请参阅官方[设置指南](https://github.com/cloudnativelabs/kube-router/blob/master/docs/kubeadm.md).
 {{% /tab %}}
 
-<!-- 
-Set `/proc/sys/net/bridge/bridge-nf-call-iptables` to `1` by running `sysctl net.bridge.bridge-nf-call-iptables=1`
-to pass bridged IPv4 traffic to iptables' chains. This is a requirement for some CNI plugins to work, for more information
-please see [here](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements).
 
-The official Romana set-up guide is [here](https://github.com/romana/romana/tree/master/containerize#using-kubeadm).
-
-Romana works on `amd64` only.
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/romana/romana/master/containerize/specs/romana-kubeadm.yml
-```
--->
 
 {{% tab name="Romana" %}}
-通过运行 `sysctl net.bridge.bridge-nf-call-iptables=1` 将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置成 `1`，
-确保桥接的 IPv4 流量会传递给 iptables。这是一部分 CNI 插件的运行条件。
-请查看[这篇文档](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)
-获取更详细的信息。
+通过执行 `sysctl net.bridge.bridge-nf-call-iptables=1` 命令，将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置为 `1` 
+以便将桥接的 IPv4 流量传递给 iptables 的链。 这是一些 CNI 插件工作的要求，有关详细信息，请参阅[此处](/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)。
 
-官方的 Romana 安装指引在[这里](https://github.com/romana/romana/tree/master/containerize#using-kubeadm)。
+Romana 官方设置指南在[这里](https://github.com/romana/romana/tree/master/containerize#using-kubeadm).
 
-注意，Romana 只适用于 `amd64` 架构。
+Romana 仅运行在 `amd64` 架构的机器.
 
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/romana/romana/master/containerize/specs/romana-kubeadm.yml
 ```
 {{% /tab %}}
 
-<!-- 
-Set `/proc/sys/net/bridge/bridge-nf-call-iptables` to `1` by running `sysctl net.bridge.bridge-nf-call-iptables=1`
-to pass bridged IPv4 traffic to iptables' chains. This is a requirement for some CNI plugins to work, for more information
-please see [here](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements).
-
-The official Weave Net set-up guide is [here](https://www.weave.works/docs/net/latest/kube-addon/).
-
-Weave Net works on `amd64`, `arm`, `arm64` and `ppc64le` without any extra action required.
-Weave Net sets hairpin mode by default. This allows Pods to access themselves via their Service IP address
-if they don't know their PodIP.
-
-```shell
-kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
-```
--->
 
 {{% tab name="Weave Net" %}}
+通过执行 `sysctl net.bridge.bridge-nf-call-iptables=1` 命令，将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置为 `1` 
+以便将桥接的 IPv4 流量传递给 iptables 的链。 这是一些 CNI 插件工作的要求，有关详细信息，请参阅[此处](/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)。
 
-通过运行 `sysctl net.bridge.bridge-nf-call-iptables=1` 将 `/proc/sys/net/bridge/bridge-nf-call-iptables` 设置成 `1`，
-将桥接的 IPv4 流量传递给 iptables。这是一部分 CNI 插件的运行条件。
-请查看[这篇文档](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements)
-获取更详细的信息。
-
-官方的 Weave Net 配置向导在[这里](https://www.weave.works/docs/net/latest/kube-addon/)。
+Weave Net 官方设置指南在[这里](https://www.weave.works/docs/net/latest/kube-addon/).
 
-Weave Net 适用于`amd64`、`arm`、`arm64` 和 `ppc64le` 而不需要其它额外的配置。
-Weave Net 默认启用 hairpin 模式，可以让 Pod 在不知道他们自己的 PodIP 的时候仍可以使用服务的 IP 地址来访问他们自己。
+Weave Net 可以工作在无需任何额外操作的 `amd64`、`arm`、`arm64`和`ppc64le`架构的机器上。
+Weave Net 默认设置发夹（hairpin）模式。如果他们不知道自己的 PodIP，Pod 可以通过其服务 IP 地址来访问自身。
 
 ```shell
 kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
 ```
 {{% /tab %}}
 
-<!-- 
-Provides overlay SDN solution, delivering multicloud networking, hybrid cloud networking,
-simultaneous overlay-underlay support, network policy enforcement, network isolation,
-service chaining and flexible load balancing.
-
-There are multiple, flexible ways to install JuniperContrail/TungstenFabric CNI.
-
-Kindly refer to this quickstart: [TungstenFabric](https://tungstenfabric.github.io/website/)
--->
 
 {{% tab name="JuniperContrail/TungstenFabric" %}}
-提供了支持 overlay 的 SDN 解决方案，支持多云环境和混合云环境的网络方案，同时支持 overlay 和 underlay、网络策略、
-网络隔离、服务链和灵活的负载均衡。
+提供了覆盖 SDN 解决方案、多云网络、混合云网络，同时覆盖底层支持、网络策略实施、网络隔离、服务链和灵活的负载平衡。
 
-安装 JuniperContrail/TungstenFabric CNI 有很多灵活的方式。
+有多种灵活的方法可以安装 JuniperContrail / TungstenFabric CNI。
 
-请查阅这个[安装指引](https://tungstenfabric.github.io/website/)。
+请参考快速入门：[TungstenFabric](https://tungstenfabric.github.io/website/)
 {{% /tab %}}
 {{< /tabs >}}
 
-<!-- Once a Pod network has been installed, you can confirm that it is working by
-checking that the CoreDNS Pod is Running in the output of `kubectl get Pods --all-namespaces`.
-And once the CoreDNS Pod is up and running, you can continue by joining your nodes.
+<!--
+Once a pod network has been installed, you can confirm that it is working by
+checking that the CoreDNS pod is Running in the output of `kubectl get pods --all-namespaces`.
+And once the CoreDNS pod is up and running, you can continue by joining your nodes.
 
 If your network is not working or CoreDNS is not in the Running state, check
-out our [troubleshooting docs](/docs/setup/independent/troubleshooting-kubeadm/). -->
+out our [troubleshooting docs](/docs/setup/independent/troubleshooting-kubeadm/).
+-->
+
 
-一旦 Pod 网络安装完成，您就可以通过 `kubectl get Pods --all-namespaces` 的输出来验证 CoreDNS Pod 是否正常运行。
-只要确认了 CoreDNS 正常运行，您就可以向集群中添加节点了。
 
-如果您的网络不能工作或者 CoreDNS 不在运行状态，请查阅[查错方案](/docs/setup/independent/troubleshooting-kubeadm/)。
+安装了 pod 网络后，您可以通过在 `kubectl get pods --all-namespaces` 的输出中检查 CoreDNS pod 运行状态来确认它正常工作。
+一旦 CoreDNS pod 启动并运行，您可以继续加入您的节点。
 
-<!-- ### Master Isolation
+如果您的网络无法运行或 CoreDNS 未处于 “正在运行” 状态，请查看我们的[故障排除文档](/docs/setup/independent/troubleshooting-kubeadm/).
 
-By default, your cluster will not schedule Pods on the master for security
-reasons. If you want to be able to schedule Pods on the master, e.g. for a
+<!--
+### Master Isolation
+
+By default, your cluster will not schedule pods on the master for security
+reasons. If you want to be able to schedule pods on the master, e.g. for a
 single-machine Kubernetes cluster for development, run:
 
 ```bash
@@ -696,18 +631,19 @@ taint "node-role.kubernetes.io/master:" not found
 
 This will remove the `node-role.kubernetes.io/master` taint from any nodes that
 have it, including the master node, meaning that the scheduler will then be able
-to schedule Pods everywhere. -->
+to schedule pods everywhere.
+-->
 
 ### 主节点隔离
 
-出于安全原因，默认您的主节点不会被调度运行任何 Pod。
-如果您需要在主节点上运行 Pod，比如说部署环境是一个单机器集群，运行：
+默认情况下，出于安全原因，您的集群不会在主节点上调度容器。
+如果您希望能够在主节点上安排 pod，例如对于用于开发的单机 Kubernetes 集群，运行：
 
 ```bash
 kubectl taint nodes --all node-role.kubernetes.io/master-
 ```
 
-输出类似这样：
+输出与如下类似：
 
 ```
 node "test-01" untainted
@@ -715,57 +651,32 @@ taint "node-role.kubernetes.io/master:" not found
 taint "node-role.kubernetes.io/master:" not found
 ```
 
-这个操作会从任何有 `node-role.kubernetes.io/master` 这种标签的节点移除该标签，包括主节点，
-标签的移除意味着集群调度器可以将 Pod 调度到任何节点。
-
-<!-- ### Joining your nodes {#join-nodes}
+这将从拥有 `node-role.kubernetes.io/master` 污点的任何节点（包括主节点）上删除该污点，这意味着调度程序能够将 Pod 调度到任意节点执行。
 
-The nodes are where your workloads (containers and Pods, etc) run. To add new nodes to your cluster do the following for each machine:
-
-* SSH to the machine
-* Become root (e.g. `sudo su -`)
-* Run the command that was output by `kubeadm init`. For example:
-
-``` bash
-kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>
-``` -->
+<!--
+### Joining your nodes {#join-nodes}
+The nodes are where your workloads (containers and pods, etc) run. To add new nodes to your cluster do the following for each machine:
+-->
 
-### 添加节点 {#join-nodes}
+### 加入您的节点 {#join-nodes}
 
-节点就是工作负载（容器和 Pod 等）运行的地方。如需向集群添加新节点，可以在每台机器上面执行如下操作：
+节点是运行工作负载（容器和容器等）的位置。 要向集群添加新节点，请为每台计算机执行以下操作：
 
-* SSH 连接到机器上
-* 成为 root 用户（比如 `sudo su -`）
-* 运行 `kubeadm init` 输出里的命令，即：
+* SSH 到机器
+* 切换到 root 用户(例如 `sudo su -`)
+* 运行 `kubeadm init` 输出的命令。 例如：
 
 ``` bash
 kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>
 ```
-<!-- 
-If you do not have the token, you can get it by running the following command on the master node:
-
-``` bash
-kubeadm token list
-```
-
-The output is similar to this:
-
-``` console
-TOKEN                    TTL  EXPIRES              USAGES           DESCRIPTION            EXTRA GROUPS
-8ewj1p.9r9hcjoqgajrj4gi  23h  2018-06-12T02:51:28Z authentication,  The default bootstrap  system:
-                                                   signing          token generated by     bootstrappers:
-                                                                    'kubeadm init'.        kubeadm:
-                                                                                           default-node-token
-``` -->
 
-
-如果您没有保存令牌的话，可以通过在主节点上执行下面的命令来获取：
+如果您没有令牌，可以通过在主节点上运行以下命令来获取它：
 
 ``` bash
 kubeadm token list
 ```
 
-输出类似这样:
+输出类似于：
 
 ``` console
 TOKEN                    TTL  EXPIRES              USAGES           DESCRIPTION            EXTRA GROUPS
@@ -774,85 +685,43 @@ TOKEN                    TTL  EXPIRES              USAGES           DESCRIPTION
                                                                     'kubeadm init'.        kubeadm:
                                                                                            default-node-token
 ```
-
-<!-- By default, tokens expire after 24 hours. If you are joining a node to the cluster after the current token has expired,
+<!--
+By default, tokens expire after 24 hours. If you are joining a node to the cluster after the current token has expired,
 you can create a new token by running the following command on the master node:
+-->
+默认情况下，令牌在24小时后过期。 如果需要在当前令牌过期后将节点加入集群，可以通过在主节点上运行以下命令来创建新令牌：
 
 ``` bash
 kubeadm token create
 ```
 
-The output is similar to this:
+输出类似于：
 
 ``` console
 5didvk.d09sbcov8ph2amjw
 ```
-
+<!--
 If you don't have the value of `--discovery-token-ca-cert-hash`, you can get it by running the following command chain on the master node:
+-->
 
-``` bash
-openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
-   openssl dgst -sha256 -hex | sed 's/^.* //'
-```
-
-The output is similar to this:
-
-``` console
-8cb2de97839780a412b93877f8507ad6c94f73add17d5d7058e91741c9d5ec78
-``` -->
-
-默认情况下，令牌会在 24 小时内过期。如果在令牌过期之后添加节点，您可以在主节点上执行下面的命令创建一个新令牌：
-
-``` bash
-kubeadm token create
-```
-
-输出类似这样：
-
-``` console
-5didvk.d09sbcov8ph2amjw
-```
-
-如果您也不知道这个 `--discovery-token-ca-cert-hash` 的值，您也可以在主节点上运行下面的命令来获取：
+如果您没有 `--discovery-token-ca-cert-hash` 的值，则可以通过在主节点上运行以下命令来获取它：
 
 ``` bash
 openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
    openssl dgst -sha256 -hex | sed 's/^.* //'
 ```
 
-输出类似这样：
+输出类似于：
 
 ``` console
 8cb2de97839780a412b93877f8507ad6c94f73add17d5d7058e91741c9d5ec78
 ```
 
-<!-- {{< note >}}
-**Note:** To specify an IPv6 tuple for `<master-ip>:<master-port>`, IPv6 address must be enclosed in square brackets, for example: `[fd00::101]:2073`.
-{{< /note >}}
-
-The output should look something like:
-
-```
-[preflight] Running pre-flight checks
-
-... (log output of join workflow) ...
-
-Node join complete:
-* Certificate signing request sent to master and response
-  received.
-* Kubelet informed of new secure connection details.
-
-Run 'kubectl get nodes' on the master to see this machine join.
-```
-
-A few seconds later, you should notice this node in the output from `kubectl get
-nodes` when run on the master. -->
-
 {{< note >}}
-**注意:** 若需为 `<master-ip>:<master-port>` 参数设定一个 IPv6 的元组，地址必须写在一对方括号里面，比如: `[fd00::101]:2073`。
+**注意：** 要为`<master-ip>:<master-port>`指定 IPv6 元组，IPv6 地址必须用方括号括起来，例如：`[fd00::101]:2073`。
 {{< /note >}}
 
-输出类似这样:
+输出应该类似于：
 
 ```
 [preflight] Running pre-flight checks
@@ -866,20 +735,29 @@ Node join complete:
 
 Run 'kubectl get nodes' on the master to see this machine join.
 ```
+<!--
+A few seconds later, you should notice this node in the output from `kubectl get
+nodes` when run on the master.
 
-几秒钟之后，您将能在主节点上的 `kubectl get nodes` 的输出里发现新添加的节点。
-
-<!-- ### (Optional) Controlling your cluster from machines other than the master
+### (Optional) Controlling your cluster from machines other than the master
 
 In order to get a kubectl on some other computer (e.g. laptop) to talk to your
 cluster, you need to copy the administrator kubeconfig file from your master
 to your workstation like this:
+-->
+几秒钟之后，在主节点上运行时，您应该注意到 `kubectl get nodes` 输出中的包含此节点。
+
+### (可选) 从主节点以外的计算机控制您的集群
+
+为了在其他计算机（例如笔记本电脑）上获取 kubectl 与您的集群通信，
+您需要将管理员 kubeconfig 文件从主集群复制到您的工作站，如下所示：
 
 ``` bash
 scp root@<master ip>:/etc/kubernetes/admin.conf .
 kubectl --kubeconfig ./admin.conf get nodes
 ```
 
+<!--
 {{< note >}}
 **Note:** The example above assumes SSH access is enabled for root. If that is not the
 case, you can copy the `admin.conf` file to be accessible by some other user
@@ -892,29 +770,21 @@ this with the `kubeadm alpha phase kubeconfig user --client-name <CN>`
 command. That command will print out a KubeConfig file to STDOUT which you
 should save to a file and distribute to your user. After that, whitelist
 privileges by using `kubectl create (cluster)rolebinding`.
-{{< /note >}} -->
-
-### (可选) 在非主节点上控制集群
-
-为了能在其他机器（比如，笔记本）上使用 kubectl 来控制您的集群，您可以从主节点上复制管理员的 
-kubeconfig 到您的机器上，像下面这样操作：
-
-``` bash
-scp root@<master ip>:/etc/kubernetes/admin.conf .
-kubectl --kubeconfig ./admin.conf get nodes
-```
-
+{{< /note >}}
+-->
 {{< note >}}
-**注意:** 上面的例子生效的前提是 SSH 允许 root 用户连接登录。
-如果root 用户不能连接的话，您可以将 `admin.conf` 复制到允许其他用户访问的其他地方并将 `scp` 命令里的用户改成相对应的用户再复制。
-
-这个 `admin.conf` 文件给予了用户整个集群的超级用户权限，因此这个操作必须小心谨慎。对于普通用户来说，
-更建议创建一个适用于白名单某些权限的验证文件。您可以通过这个命令来生成 `kubeadm alpha phase kubeconfig user --client-name <CN>`。
-这个命令会打印 KubeConfig 的内容到标准输出，然后您需要将它保存到一个文件里并分发给您的用户。然后再创建权限的白名单列表，
-命令如下： `kubectl create (cluster)rolebinding` 。
+**注意:** 上面的示例假定您为 root 启用了 SSH 访问。
+如果不是这种情况，您可以复制 `admin.conf` 文件以供其他用户访问，而 `scp` 则可以使用其他用户访问。
+
+`admin.conf` 文件为用户提供了集群上的 _superuser_ 权限。
+应谨慎使用此文件。 对于普通用户，建议您生成一个唯一的凭据，并给予白名单特权。 您可以使用 `kubeadm alpha phase kubeconfig user --client-name <CN>` 
+命令执行此操作。 
+该命令将打印出一个 KubeConfig 文件到标准输出，您应将其保存为文件并分发给您的用户。
+之后，使用 `kubectl create（cluster）rolebinding` 命令进行白名单特权绑定。
 {{< /note >}}
 
-<!-- ### (Optional) Proxying API Server to localhost
+<!--
+### (Optional) Proxying API Server to localhost
 
 If you want to connect to the API Server from outside the cluster you can use
 `kubectl proxy`:
@@ -924,20 +794,9 @@ scp root@<master ip>:/etc/kubernetes/admin.conf .
 kubectl --kubeconfig ./admin.conf proxy
 ```
 
-You can now access the API Server locally at `http://localhost:8001/api/v1` -->
-
-### (可选) 将 API 服务代理到本地
-
-如果您需要从集群外部连接到您的 API 服务器，请运行`kubectl proxy`:
-
-```bash
-scp root@<master ip>:/etc/kubernetes/admin.conf .
-kubectl --kubeconfig ./admin.conf proxy
-```
-
-现在您就可以在本地访问 `http://localhost:8001/api/v1` 来连接 API 服务器了。
+You can now access the API Server locally at `http://localhost:8001/api/v1`
 
-<!-- ## Tear down {#tear-down}
+## Tear down {#tear-down}
 
 To undo what kubeadm did, you should first [drain the
 node](/docs/reference/generated/kubectl/kubectl-commands#drain) and make
@@ -960,48 +819,80 @@ If you wish to start over simply run `kubeadm init` or `kubeadm join` with the
 appropriate arguments.
 
 More options and information about the
-[`kubeadm reset command`](/docs/reference/setup-tools/kubeadm/kubeadm-reset/).-->
+[`kubeadm reset command`](/docs/reference/setup-tools/kubeadm/kubeadm-reset/).
+-->
+### (可选) 将 API 服务器代理到 localhost
+
+如果要从集群外部连接到 API 服务器，则可以使用 `kubectl proxy`：
+
+```bash
+scp root@<master ip>:/etc/kubernetes/admin.conf .
+kubectl --kubeconfig ./admin.conf proxy
+```
 
-## 卸载集群 {#tear-down}
+您现在可以在本地访问 API 服务器： `http://localhost:8001/api/v1`
 
-想要回退 kubeadm 做出的修改，您需要首先[腾空节点](/docs/reference/generated/kubectl/kubectl-commands#drain)
-而且必须确保在关闭节点之前没有任何工作负载在运行。
+## 移除 {#tear-down}
 
-使用正确的登录凭据来连接到主节点：
+要取消 kubeadm 所做的事情，你应该首先[腾空节点](/docs/reference/generated/kubectl/kubectl-commands#drain) 并确保节点在关闭之前是空的（没有运行任何 pod）。
+
+使用合适的凭据与主节点通信，运行：
 
 ```bash
 kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
 kubectl delete node <node name>
 ```
 
-然后在待移除的节点上，重置所有 kubeadm 的安装状态：
+然后，在要删除的节点上，重置所有 kubeadm 的安装状态：
 
 ```bash
 kubeadm reset
 ```
 
-如果您只是想重新运行 `kubeadm init` 或者 `kubeadm join`，[`kubeadm reset`](/docs/reference/setup-tools/kubeadm/kubeadm-reset/)页面有更多的信息可供参考.
+如果你想重新开始，只需使用适当的参数运行 `kubeadm init` 或 `kubeadm join`。
 
-<!-- ## Maintaining a cluster {#lifecycle}
+有关的更多选项和信息，参见
+[`kubeadm reset 命令`](/docs/reference/setup-tools/kubeadm/kubeadm-reset/).
 
-Instructions for maintaining kubeadm clusters (e.g. upgrades,downgrades, etc.) can be found [here.](/docs/tasks/administer-cluster/kubeadm)
+## 维护集群 {#lifecycle}
 
-## Explore other add-ons {#other-addons}
+维护 kubeadm 集群的说明（例如升级，降级等）可以在[这里](/docs/tasks/administer-cluster/kubeadm)找到。
 
-See the [list of add-ons](/docs/concepts/cluster-administration/addons/) to explore other add-ons,
-including tools for logging, monitoring, network policy, visualization &amp;
-control of your Kubernetes cluster. -->
+## 探索其他附加组件 {#other-addons}
+
+请参阅[附加组件列表](/docs/concepts/cluster-administration/addons/) 以探索其他附加组件，
+包括用于记录、监控、网络策略、可视化和控制 Kubernetes 集群的工具。
+
+## 下一步是什么 {#whats-next}
+
+* 使用 [Sonobuoy](https://github.com/heptio/sonobuoy) 验证集群是否正常运行。
+* 在 [kubeadm 参考文档](/docs/reference/setup-tools/kubeadm/kubeadm)中了解 kubeadm 的高级用法。
+* 了解有关 Kubernetes [concepts](/docs/concepts/) 和 [`kubectl`](/docs/user-guide/kubectl-overview/) 的更多信息。
+* 配置日志轮换。您可以使用 **logrotate**。使用 Docker 时，可以为 Docker 守护程序指定日志轮换选项，例如 `--log-driver=json-file --log-opt=max-size=10m --log-opt=max-file=5`。有关详细信息，请参阅[配置 Docker 守护程序并对其进行故障排除](https://docs.docker.com/engine/admin/)。
 
-## 集群维护 {#lifecycle}
+## Feedback {#feedback}
+
+* 有关 bug，请访问[kubeadm Github 问题跟踪器](https://github.com/kubernetes/kubeadm/issues)
+* 如需支持，请访问 kubeadm Slack Channel：
+  [#kubeadm](https://kubernetes.slack.com/messages/kubeadm/)
+* 常规 SIG 集群 Lifecycle 开发 Slack Channel：
+  [#sig-cluster-lifecycle](https://kubernetes.slack.com/messages/sig-cluster-lifecycle/)
+* SIG 集群 Lifecycle [SIG information](#TODO)
+* SIG 集群 Lifecycle 邮件列表：
+  [kubernetes-sig-cluster-lifecycle](https://groups.google.com/forum/#!forum/kubernetes-sig-cluster-lifecycle)
+
+<!--
+## Maintaining a cluster {#lifecycle}
 
-维护集群（比如升级，降级）的详细指令，可参考[这里](/docs/tasks/administer-cluster/kubeadm)。
+Instructions for maintaining kubeadm clusters (e.g. upgrades,downgrades, etc.) can be found [here.](/docs/tasks/administer-cluster/kubeadm)
 
-## 探索其他插件 {#other-addons}
+## Explore other add-ons {#other-addons}
 
-查看[插件列表](/docs/concepts/cluster-administration/addons/)来发现其他插件，包括日志、监控、网络策略、
-可视化和集群管理工具等等。
+See the [list of add-ons](/docs/concepts/cluster-administration/addons/) to explore other add-ons,
+including tools for logging, monitoring, network policy, visualization &amp;
+control of your Kubernetes cluster.
 
-<!-- ## What's next {#whats-next}
+## What's next {#whats-next}
 
 * Verify that your cluster is running properly with [Sonobuoy](https://github.com/heptio/sonobuoy)
 * Learn about kubeadm's advanced usage in the [kubeadm reference documentation](/docs/reference/setup-tools/kubeadm/kubeadm)
@@ -1036,8 +927,10 @@ control of your Kubernetes cluster. -->
 * SIG cluster-lifecycle 的 [SIG 信息](#TODO)
 * SIG cluster-lifecycle 的邮件列表:
   [kubernetes-sig-cluster-lifecycle](https://groups.google.com/forum/#!forum/kubernetes-sig-cluster-lifecycle)
+-->
 
-<!-- ## Version skew policy {#version-skew-policy}
+<!--
+## Version skew policy {#version-skew-policy}
 
 The kubeadm CLI tool of version vX.Y may deploy clusters with a control plane of version vX.Y or vX.(Y-1).
 kubeadm CLI vX.Y can also upgrade an existing kubeadm-created cluster of version vX.(Y-1).
@@ -1048,16 +941,9 @@ Example: kubeadm v1.8 can deploy both v1.7 and v1.8 clusters and upgrade v1.7 ku
 v1.8.
 
 Please also check our [installation guide](/docs/setup/independent/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl)
-for more information on the version skew between kubelets and the control plane. -->
-
-## 版本偏差策略 {#version-skew-policy}
-
-vX.Y 版本的 kubeadm 命令行工具可能会部署一个控制面版本为 vX.Y 或者 vX.(Y-1) 的集群，也可以用于升级一个 vX.(Y-1) 的由 kubeadm 创建的集群。
-因为我们无法预见未来，版本为 vX.Y 的 kubeadm 可能可以也可能无法用于部署 vX.(Y+1) 版本的集群。
-例子: kubeadm v1.8 可以用于部署 v1.7 和 v1.8 的集群，也可以升级 v1.7 的由 kubeadm 创建的集群到 1.8 版本。
-请查看我们的[安装向导](/docs/setup/independent/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl)，其中提供了关于 kubelet 和控制面版本偏差的更多信息。
+for more information on the version skew between kubelets and the control plane.
 
-<!-- ## kubeadm works on multiple platforms {#multi-platform}
+## kubeadm works on multiple platforms {#multi-platform}
 
 kubeadm deb/rpm packages and binaries are built for amd64, arm (32-bit), arm64, ppc64le, and s390x
 following the [multi-platform
@@ -1065,16 +951,9 @@ proposal](https://github.com/kubernetes/community/blob/master/contributors/desig
 
 Only some of the network providers offer solutions for all platforms. Please consult the list of
 network providers above or the documentation from each provider to figure out whether the provider
-supports your chosen platform. -->
+supports your chosen platform.
 
-## 跨多平台上使用 kubeadm {#multi-platform}
-
-kubeadm 的 deb/rpm 包和可执行文件都是适用于 amd64、arm (32位)、arm64、ppc64le 和 s390x等架构平台的，
-请查阅[多平台方案](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/multi-platform.md)。
-
-只有一部分的网络驱动提供了所有平台的网络解决方案，请查询上面的网络驱动列表或者对应的官方文档来确定是否支持您的平台。
-
-<!-- ## Limitations {#limitations}
+## Limitations {#limitations}
 
 Please note: kubeadm is a work in progress and these limitations will be
 addressed in due course.
@@ -1091,22 +970,38 @@ addressed in due course.
 
 ## Troubleshooting {#troubleshooting}
 
-If you are running into difficulties with kubeadm, please consult our [troubleshooting docs](/docs/setup/independent/troubleshooting-kubeadm/). -->
+If you are running into difficulties with kubeadm, please consult our [troubleshooting docs](/docs/setup/independent/troubleshooting-kubeadm/).
+-->
+## 版本偏差策略 {#version-skew-policy}
+
+版本 vX.Y 的 kubeadm CLI 工具可以部署具有版本 vX.Y 或 vX.(Y-1)的控制平面的集群。
+kubeadm CLI vX.Y 还可以升级现有的 kubeadm 创建的 vX 版本集群（Y-1）。
+
+由于我们无法预知未来，kubeadm CLI vX.Y 可能会也可能无法部署 vX.(Y+1) 的集群。
+
+示例：kubeadm v1.8 可以部署 v1.7 和 v1.8 集群，并将v1.7 kubeadm 创建的集群升级到 v1.8。
 
-## 局限 {#limitations}
+另请查看我们的[安装指南](/docs/setup/independent/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl)
+以获取有关 kubelet 和控制平面之间的版本偏差的更多信息。
 
-请注意，kubeadm 还处于正在开发的状态中，这些局限将会在适当的时间修正。
+## kubeadm 适用于多个平台 {#multi-platform}
 
-1. 这篇文档介绍的创建的集群只能有单一的主节点和单一的 etcd 数据库，这表示如果主节点宕机，您的集群将会丢失数据
-   而且可能无法重新创建。目前给 kubeadm 添加高可用支持（比如多 etcd 多 API服务等等）的功能还在开发当中，因此可先参照下面的
-   临时解决方案: 经常性地[备份 etcd](https://coreos.com/etcd/docs/latest/admin_guide.html)。
-   由 kubeadm 配置的 etcd 数据位于主节点上的 `/var/lib/etcd` 目录。
+kubeadm 的 deb / rpm 包和二进制文件是为 amd64、arm（32位）、arm64、ppc64le 和 s390x 构建的并
+遵循[多平台方案](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/multi-platform.md).
 
-## 查错 {#troubleshooting}
+只有部分网络提供商为所有平台提供解决方案。 
+请查阅上面的网络提供商列表或每个提供商的文档，以确定提供商是否支持您选择的平台。
 
-如果您在使用 kubeadm 发现任何问题，请查阅我们的[纠错文档](/docs/setup/independent/troubleshooting-kubeadm/)。
+## 限制 {#limitations}
 
+请注意：kubeadm 在运行时，这些限制将在适当的时候得到解决。
 
+1. 此处创建的集群有一个主节点，主节点运行一个 etcd 数据库。
+这意味着如果主节点出现故障，您的集群可能会丢失数据，可能需要从头开始重新创建,因此向 kubeadm 添加 HA 支持（多个 etcd 服务器，多个 API 服务器等）仍然是一项工作。
 
+   解决方法：定期
+   [备份 etcd](https://coreos.com/etcd/docs/latest/admin_guide.html)。由 kubeadm 配置的 etcd 数据目录位于主节点的 `/var/lib/etcd`。
 
+## 故障排除 {#troubleshooting}
 
+如果您遇到 kubeadm 上的困难，请参阅我们的[故障排除文档](/docs/setup/independent/troubleshooting-kubeadm/).
diff --git a/content/zh/docs/setup/independent/install-kubeadm.md b/content/zh/docs/setup/independent/install-kubeadm.md
index 6b35d57561265..ad6f6017c2ea7 100644
--- a/content/zh/docs/setup/independent/install-kubeadm.md
+++ b/content/zh/docs/setup/independent/install-kubeadm.md
@@ -51,9 +51,9 @@ see the [Using kubeadm to Create a Cluster](/docs/setup/independent/create-clust
 * 每台机器 2 GB 或更多的 RAM (如果少于这个数字将会影响您应用的运行内存)
 * 2 CPU 核心或更多 
 * 集群中的所有机器的网络彼此均能相互连接(公网和内网都可以)
-* 节点之中不可以有重复的主机名，MAC 地址，product_uuid。更多详细信息请参见[这里](#verify-the-mac-address-and-product-uuid-are-unique-for-every-node) 。
-* 开启主机上的一些特定端口. 更多详细信息请参见[这里](#check-required-ports)。
-* 禁用 Swap 交换分区。为了保证 kubelet 正确运行，您 **必须** 禁用交换分区。
+* 节点之中不可以有重复的主机名、MAC 地址或 product_uuid。请参见[这里](#verify-the-mac-address-and-product-uuid-are-unique-for-every-node)了解更多细节。
+* 开启主机上的一些特定端口。请参见[这里](#check-required-ports)了解更多细节。
+* 禁用 Swap 交换分区。为了保证 kubelet 正确运行，您**必须**禁用交换分区。
 
 {{% /capture %}}
 
@@ -68,8 +68,9 @@ see the [Using kubeadm to Create a Cluster](/docs/setup/independent/create-clust
 * You can get the MAC address of the network interfaces using the command `ip link` or `ifconfig -a`
 * The product_uuid can be checked by using the command `sudo cat /sys/class/dmi/id/product_uuid`
 -->
-* 您可以使用下列命令获取网络接口的 MAC 地址：`ip link` 或是 `ifconfig -a`
-* 下列命令可以用来获取 product_uuid `sudo cat /sys/class/dmi/id/product_uuid`
+
+* 您可以使用命令 `ip link` 或 `ifconfig -a` 来获取网络接口的 MAC 地址
+* 用来获取 product_uuid 的命令是 `sudo cat /sys/class/dmi/id/product_uuid`
 
 <!-- 
 It is very likely that hardware devices will have unique addresses, although some virtual machines may have
@@ -77,7 +78,9 @@ identical values. Kubernetes uses these values to uniquely identify the nodes in
 If these values are not unique to each node, the installation process
 may [fail](https://github.com/kubernetes/kubeadm/issues/31). 
 -->
-一般来讲，硬件设备会拥有独一无二的地址，但是有些虚拟机可能会雷同。Kubernetes 使用这些值来唯一确定集群中的节点。如果这些值在集群中不唯一，可能会导致安装[失败](https://github.com/kubernetes/kubeadm/issues/31)。
+
+一般来讲，硬件设备会拥有独一无二的地址，但是有些虚拟机可能会雷同。Kubernetes 使用这些值来唯一确定集群中的节点。
+如果这些值在集群中不唯一，可能会导致安装[失败](https://github.com/kubernetes/kubeadm/issues/31)。
 
 <!--
 ## Check network adapters
@@ -126,19 +129,22 @@ route, we recommend you add IP route(s) so Kubernetes cluster addresses go via t
 ** Default port range for [NodePort Services](/docs/concepts/services-networking/service/).
 -->
 
-** [NodePort 服务](/docs/concepts/services-networking/service/) 的默认端口范围。
+** [NodePort 服务](/docs/concepts/services-networking/service/)的默认端口范围。
 
 <!-- 
 Any port numbers marked with * are overridable, so you will need to ensure any
 custom ports you provide are also open. 
 -->
-任何使用 * 标记的端口号都有可能被覆盖，所以您需要保证您的自定义端口的状态是开放的。
+
+使用 * 标记的任意端口号都有可能被覆盖，所以您需要保证所提供的自定义端口的是开放的。
 
 <!-- 
 Although etcd ports are included in master nodes, you can also host your own
 etcd cluster externally or on custom ports. 
 -->
-虽然主节点已经包含了 etcd 的端口，您也可以使用自定义的外部 etcd 集群，或是指定自定义端口。
+
+虽然 master 节点已经包含了 etcd 的端口，您也可以使用自定义的外部 etcd 集群，或是指定自定义端口。
+
 <!--
 The pod network plugin you use (see below) may also require certain ports to be
 open. Since this differs with each pod network plugin, please see the
@@ -154,7 +160,9 @@ Since v1.6.0, Kubernetes has enabled the use of CRI, Container Runtime Interface
 The container runtime used by default is Docker, which is enabled through the built-in
 `dockershim` CRI implementation inside of the `kubelet`. 
 -->
-从 v1.6.0 起，Kubernetes 开始允许使用 CRI，容器运行时接口。默认的容器运行时是 Docker，这是由 `kubelet` 内置的 CRI 实现 `dockershim` 开启的。
+
+从 v1.6.0 起，Kubernetes 开始默认允许使用 CRI（容器运行时接口）。
+默认的容器运行时是 Docker，这是由 `kubelet` 内置的 CRI 实现 `dockershim` 开启的。
 
 <!-- 
 Other CRI-based runtimes include:
@@ -174,30 +182,27 @@ Other CRI-based runtimes include:
 <!-- 
 Refer to the [CRI installation instructions](/docs/setup/cri) for more information. 
 -->
-参考 [CRI 安装指南](/docs/setup/cri) 获取更多信息.
+参考 [CRI 安装指南](/docs/setup/cri)获取更多信息。
 
 <!--
 ## Installing kubeadm, kubelet and kubectl
 -->
-## 安装 kubeadm, kubelet 和 kubectl
+## 安装 kubeadm、kubelet 和 kubectl
 
 <!-- 
 You will install these packages on all of your machines:
-
 * `kubeadm`: the command to bootstrap the cluster.
-
 * `kubelet`: the component that runs on all of the machines in your cluster
     and does things like starting pods and containers.
-
 * `kubectl`: the command line util to talk to your cluster. 
 -->
-您需要在每台机器上都安装以下的软件包：
+您需要在每台机器上安装以下的软件包：
 
- * `kubeadm`: 用来初始化集群的指令。
+ * `kubeadm`：用来初始化集群的指令。
   
- * `kubelet`: 在集群中的每个节点上用来启动 pod 和 container 等。
+ * `kubelet`：在集群中的每个节点上用来启动 pod 和容器等。
   
- * `kubectl`: 用来与集群通信的命令行工具。
+ * `kubectl`：用来与集群通信的命令行工具。
 
 <!-- 
 kubeadm **will not** install or manage `kubelet` or `kubectl` for you, so you will
@@ -208,7 +213,10 @@ kubelet and the control plane is supported, but the kubelet version may never ex
 server version. For example, kubelets running 1.7.0 should be fully compatible with a 1.8.0 API server,
 but not vice versa. 
 -->
-kubeadm **不能** 帮您安装或管理 `kubelet` 或 `kubectl` ，所以您得保证他们满足通过 kubeadm 安装的 Kubernetes 控制层对版本的要求。如果版本没有满足要求，就有可能导致一些难以想到的错误或问题。然而控制层与 kubelet 间的 _小版本号_ 不一致无伤大雅，不过请记住 kubelet 的版本不可以超过 API server 的版本。例如 1.8.0 的 API server 可以适配 1.7.0 的 kubelet，反之就不行了。
+kubeadm **不能**帮您安装或管理 `kubelet` 或 `kubectl`，所以您得保证它们满足通过 kubeadm 安装的 Kubernetes 控制面对版本的要求。
+如果版本没有满足要求，就有可能导致一些难以想到的错误或问题。
+控制面与 kubelet 间的_小版本号_不一致无伤大雅，不过请记住 kubelet 的版本不可以超过 API 服务器的版本。
+例如 1.7.0 版本的 kubelet 可以兼容 1.8.0 版本的 API 服务器，反之则不可以。
 
 <!-- 
 {{< warning >}}
@@ -218,7 +226,7 @@ This is because kubeadm and Kubernetes require
 {{</ warning >}} 
 -->
 {{< warning >}}
-这些指南不包括所有系统升级时使用的 Kubernetes 程序包。这是因为 kubeadm 和 Kubernetes 需要 [升级时的特别注意事项](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-11/)。
+这些指南不包括系统升级时使用的所有 Kubernetes 程序包。这是因为 kubeadm 和 Kubernetes 需要[特殊的升级注意事项](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-11/)。
 {{</ warning >}} 
 
 <!-- 
@@ -226,7 +234,7 @@ For more information on version skews, please read our
 [version skew policy](/docs/setup/independent/create-cluster-kubeadm/#version-skew-policy). 
 -->
 
-更多关于版本偏差的信息，请参阅 [版本偏差政策](/docs/setup/independent/create-cluster-kubeadm/#version-skew-policy)。
+更多关于版本冲突的信息，请参阅[版本冲突政策](/docs/setup/independent/create-cluster-kubeadm/#version-skew-policy)。
 
 {{< tabs name="k8s_install" >}}
 {{% tab name="Ubuntu, Debian or HypriotOS" %}} 
@@ -279,7 +287,7 @@ systemctl enable kubelet && systemctl start kubelet
     `net.bridge.bridge-nf-call-iptables` is set to 1 in your `sysctl` config, e.g. 
   -->
   - 通过命令 `setenforce 0` 和 `sed ...` 可以将 SELinux 设置为 permissive 模式(将其禁用)。
-    只有执行这一操作之后，容器才能访问宿主的文件系统，进而能够正常使用 Pod 网络。您必须这么做，直到 kubelet 做出升级支持 SELinux 为止。
+    只有执行这一操作之后，容器才能访问宿主的文件系统，进而能够正常使用 pod 网络。您必须这么做，直到 kubelet 做出升级支持 SELinux 为止。
   - 一些 RHEL/CentOS 7 的用户曾经遇到过：由于 iptables 被绕过导致网络请求被错误的路由。您得保证
     在您的 `sysctl` 配置中 `net.bridge.bridge-nf-call-iptables` 被设为1。
 
@@ -295,7 +303,7 @@ systemctl enable kubelet && systemctl start kubelet
 <!--
 Install CNI plugins (required for most pod network):
 -->
-安装 CNI 插件（大多数 Pod 网络都需要）：
+安装 CNI 插件（大多数 pod 网络都需要）：
 
 ```bash
 CNI_VERSION="v0.6.0"
@@ -306,7 +314,7 @@ curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_
 <!-- 
 Install crictl (required for kubeadm / Kubelet Container Runtime Interface (CRI)) 
 -->
-安装 crictl (kubeadm / Kubelet 的容器运行时接口 (CRI) 要求) 
+安装 crictl (kubeadm/Kubelet 的容器运行时接口 (CRI) 要求) 
 
 ```bash
 CRICTL_VERSION="v1.11.1"
@@ -317,7 +325,7 @@ curl -L "https://github.com/kubernetes-incubator/cri-tools/releases/download/${C
 <!-- 
 Install `kubeadm`, `kubelet`, `kubectl` and add a `kubelet` systemd service: -->
 
-安装 `kubeadm`, `kubelet`, `kubectl` 并且添加一个 `kubelet` systemd 服务:
+安装 `kubeadm`、`kubelet` 和 `kubectl` 并且添加一个 `kubelet` systemd 服务:
 
 ```bash
 RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
@@ -358,7 +366,7 @@ kubelet 现在每隔几秒就会重启，因为它陷入了一个等待 kubeadm
 When using Docker, kubeadm will automatically detect the cgroup driver for the kubelet
 and set it in the `/var/lib/kubelet/kubeadm-flags.env` file during runtime.
 -->
-使用 Docker 时，kubeadm 会自动为其检测 cgroup 驱动在运行时对 `/var/lib/kubelet/kubeadm-flags.env` 文件进行配置。
+使用 Docker 时，kubeadm 会自动为其检测 cgroup 驱动并在运行时对 `/var/lib/kubelet/kubeadm-flags.env` 文件进行配置。
 <!--
 If you are using a different CRI, you have to modify the file
 `/etc/default/kubelet` with your `cgroup-driver` value, like so:
@@ -373,13 +381,13 @@ KUBELET_EXTRA_ARGS=--cgroup-driver=<value>
 This file will be used by `kubeadm init` and `kubeadm join` to source extra
 user defined arguments for the kubelet.
 -->
-这个文件将会被 `kubeadm init` 和 `kubeadm join` 用于为 kubelet 获取 额外的用户参数。
+这个文件将会被 `kubeadm init` 和 `kubeadm join` 用于为 kubelet 获取额外的用户参数。
 
 <!--
 Please mind, that you **only** have to do that if the cgroup driver of your CRI
 is not `cgroupfs`, because that is the default value in the kubelet already.
 -->
-请注意，您**只**需要在您的 cgroup driver 不是 `cgroupfs` 时这么做，因为 `cgroupfs` 已经是 kubelet 的默认值了。
+请注意，您**只**需要在您的 cgroup 驱动程序不是 `cgroupfs` 时这么做，因为 `cgroupfs` 是 kubelet 的默认值。
 
 <!--
 Restarting the kubelet is required:
@@ -399,7 +407,8 @@ systemctl restart kubelet
 <!-- 
 If you are running into difficulties with kubeadm, please consult our [troubleshooting docs](/docs/setup/independent/troubleshooting-kubeadm/).
 -->
-如果您在使用 kubeadm 时候遇到问题，请查看我们的[疑难解答文档](/docs/setup/independent/troubleshooting-kubeadm/). 
+如果您在使用 kubeadm 时候遇到问题，请查看我们的[疑难解答文档](/docs/setup/independent/troubleshooting-kubeadm/)。
+
 {{% capture whatsnext %}}
 <!-- 
 * [Using kubeadm to Create a Cluster](/docs/setup/independent/create-cluster-kubeadm/)
diff --git a/content/zh/docs/setup/independent/setup-ha-etcd-with-kubeadm.md b/content/zh/docs/setup/independent/setup-ha-etcd-with-kubeadm.md
new file mode 100644
index 0000000000000..664d2d04da68c
--- /dev/null
+++ b/content/zh/docs/setup/independent/setup-ha-etcd-with-kubeadm.md
@@ -0,0 +1,406 @@
+---
+title: 使用 kubeadm 创建一个高可用 etcd 集群
+content_template: templates/task
+weight: 60
+--- 
+<!--
+---
+reviewers:
+- sig-cluster-lifecycle
+title: Set up a High Availability etcd cluster with kubeadm
+content_template: templates/task
+weight: 60
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Kubeadm defaults to running a single member etcd cluster in a static pod managed
+by the kubelet on the control plane node. This is not a high availability setup
+as the etcd cluster contains only one member and cannot sustain any members
+becoming unavailable. This task walks through the process of creating a high
+availability etcd cluster of three members that can be used as an external etcd
+when using kubeadm to set up a kubernetes cluster. 
+-->
+默认情况下，kubeadm 运行单成员的 etcd 集群，该集群由控制面节点上的 kubelet 以静态 Pod 的方式进行管理。由于 etcd 集群只包含一个成员且不能在任一成员不可用时保持运行，所以这不是一种高可用设置。本任务，将告诉您如何在使用 kubeadm 创建一个 kubernetes 集群时创建一个外部 etcd：有三个成员的高可用 etcd 集群。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* Three hosts that can talk to each other over ports 2379 and 2380. This document assumes these default ports. However, they are configurable through the kubeadm config file. 
+-->
+* 三个可以通过 2379 和 2380 端口相互通信的主机。本文档使用这些作为默认端口。不过，它们可以通过 kubeadm 的配置文件进行自定义。
+
+<!--
+* Each host must [have docker, kubelet, and kubeadm installed][toolbox]. 
+-->
+* 每个主机必须 [安装有 docker、kubelet 和 kubeadm][工具箱]。
+
+<!--
+* Some infrastructure to copy files between hosts. For example `ssh` and `scp` can satisfy this requirement. 
+-->
+* 一些可以用来在主机间复制文件的基础设施。例如 `ssh` 和 `scp` 就可以满足需求。
+
+<!--
+[toolbox]: /docs/setup/independent/install-kubeadm/ 
+-->
+[工具箱]: /docs/setup/independent/install-kubeadm/
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Setting up the cluster 
+-->
+## 建立集群
+
+<!--
+The general approach is to generate all certs on one node and only distribute the *necessary* files to the other nodes. 
+-->
+一般来说，是在一个节点上生成所有证书并且只分发这些*必要*的文件到其它节点上。
+
+{{< note >}}
+<!--
+kubeadm contains all the necessary crytographic machinery to generate the certificates described below; no other cryptographic tooling is required for this example. 
+-->
+kubeadm 包含生成下述证书所需的所有必要的密码学工具；在这个例子中，不需要其他加密工具。
+{{< /note >}}
+
+<!--
+1. Configure the kubelet to be a service manager for etcd.
+
+    Running etcd is simpler than running kubernetes so you must override the
+    kubeadm-provided kubelet unit file by creating a new one with a higher
+    precedence. 
+-->
+1. 将 kubelet 配置为 etcd 的服务管理器。
+
+    运行 etcd 比运行 kubernetes 更简单，因此您必须通过创建具有更高优先级的新文件来覆盖 kubeadm 提供的 kubelet 单元文件。
+
+    ```sh
+    cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf
+    [Service]
+    ExecStart=
+    ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true
+    Restart=always
+    EOF
+
+    systemctl daemon-reload
+    systemctl restart kubelet
+    ```
+
+    <!--
+    1.Create configuration files for kubeadm.
+    
+        Generate one kubeadm configuration file for each host that will have an etcd
+        member running on it using the following script. 
+    -->
+
+1. 为 kubeadm 创建配置文件。
+
+    使用以下脚本为每个将要运行 etcd 成员的主机生成一个 kubeadm 配置文件。
+    
+    <!--
+    ```sh
+    # Update HOST0, HOST1, and HOST2 with the IPs or resolvable names of your hosts
+    export HOST0=10.0.0.6
+    export HOST1=10.0.0.7
+    export HOST2=10.0.0.8
+
+    # Create temp directories to store files that will end up on other hosts.
+    mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/
+
+    ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
+    NAMES=("infra0" "infra1" "infra2")
+
+    for i in "${!ETCDHOSTS[@]}"; do
+    HOST=${ETCDHOSTS[$i]}
+    NAME=${NAMES[$i]}
+    cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
+    apiVersion: "kubeadm.k8s.io/v1alpha3"
+    kind: ClusterConfiguration
+    etcd:
+        local:
+            serverCertSANs:
+            - "${HOST}"
+            peerCertSANs:
+            - "${HOST}"
+            extraArgs:
+                initial-cluster: infra0=https://${ETCDHOSTS[0]}:2380,infra1=https://${ETCDHOSTS[1]}:2380,infra2=https://${ETCDHOSTS[2]}:2380
+                initial-cluster-state: new
+                name: ${NAME}
+                listen-peer-urls: https://${HOST}:2380
+                listen-client-urls: https://${HOST}:2379
+                advertise-client-urls: https://${HOST}:2379
+                initial-advertise-peer-urls: https://${HOST}:2380
+    EOF
+    done
+    ``` 
+    -->
+    ```sh
+    # 使用 IP 或可解析的主机名替换 HOST0、HOST1 和 HOST2
+    export HOST0=10.0.0.6
+    export HOST1=10.0.0.7
+    export HOST2=10.0.0.8
+    
+    # 创建临时目录来存储将被分发到其它主机上的文件
+    mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/
+    
+    ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
+    NAMES=("infra0" "infra1" "infra2")
+    
+    for i in "${!ETCDHOSTS[@]}"; do
+    HOST=${ETCDHOSTS[$i]}
+    NAME=${NAMES[$i]}
+    cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
+    apiVersion: "kubeadm.k8s.io/v1alpha3"
+    kind: ClusterConfiguration
+    etcd:
+        local:
+            serverCertSANs:
+            - "${HOST}"
+            peerCertSANs:
+            - "${HOST}"
+            extraArgs:
+                initial-cluster: infra0=https://${ETCDHOSTS[0]}:2380,infra1=https://${ETCDHOSTS[1]}:2380,infra2=https://${ETCDHOSTS[2]}:2380
+                initial-cluster-state: new
+                name: ${NAME}
+                listen-peer-urls: https://${HOST}:2380
+                listen-client-urls: https://${HOST}:2379
+                advertise-client-urls: https://${HOST}:2379
+                initial-advertise-peer-urls: https://${HOST}:2380
+    EOF
+    done
+    ```
+
+    <!--
+    1.Generate the certificate authority
+
+        If you already have a CA then the only action that is copying the CA's `crt` and
+        `key` file to `/etc/kubernetes/pki/etcd/ca.crt` and
+        `/etc/kubernetes/pki/etcd/ca.key`. After those files have been copied,
+        proceed to the next step, "Create certificates for each member". 
+    -->
+1. 生成证书颁发机构
+
+    如果您已经拥有 CA，那么唯一的操作是复制 CA 的 `crt` 和 `key` 文件到 `etc/kubernetes/pki/etcd/ca.crt` 和 `/etc/kubernetes/pki/etcd/ca.key`。复制完这些文件后继续下一步，“为每个成员创建证书”。
+
+    <!--
+    If you do not already have a CA then run this command on `$HOST0` (where you generated the configuration files for kubeadm). 
+    -->
+    如果您还没有 CA，则在 `$HOST0`（您为 kubeadm 生成配置文件的位置）上运行此命令。
+
+    ```
+    kubeadm alpha phase certs etcd-ca
+    ```
+
+    <!--
+    This creates two files 
+    -->
+    创建了如下两个文件
+
+    - `/etc/kubernetes/pki/etcd/ca.crt`
+    - `/etc/kubernetes/pki/etcd/ca.key`
+
+    <!--
+    1. Create certificates for each member 
+    -->
+1. 为每个成员创建证书
+
+    <!--
+    ```sh
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST2}/
+    # cleanup non-reusable certificates
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST1}/
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    # No need to move the certs because they are for HOST0
+
+    # clean up certs that should not be copied off this host
+    find /tmp/${HOST2} -name ca.key -type f -delete
+    find /tmp/${HOST1} -name ca.key -type f -delete
+    ``` 
+    -->
+    ```sh
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST2}/
+    # 清理不可重复使用的证书
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST1}/
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    # 不需要移动 certs 因为它们是给 HOST0 使用的
+
+    # 清理不应从此主机复制的证书
+    find /tmp/${HOST2} -name ca.key -type f -delete
+    find /tmp/${HOST1} -name ca.key -type f -delete
+    ``` 
+
+    <!--
+    1.Copy certificates and kubeadm configs
+
+        The certificates have been generated and now they must be moved to their
+        respective hosts. 
+    -->
+1. 复制证书和 kubeadm 配置
+
+    证书已生成，现在必须将它们移动到对应的主机。
+
+    ```sh
+    USER=ubuntu
+    HOST=${HOST1}
+    scp -r /tmp/${HOST}/* ${USER}@${HOST}:
+    ssh ${USER}@${HOST}
+    USER@HOST $ sudo -Es
+    root@HOST $ chown -R root:root pki
+    root@HOST $ mv pki /etc/kubernetes/
+    ```
+
+    <!--
+    1.Ensure all expected files exist
+
+        The complete list of required files on `$HOST0` is: 
+    -->
+1. 确保已经所有预期的文件都存在
+   
+    `$HOST0` 所需文件的完整列表如下：
+
+    ```
+    /tmp/${HOST0}
+    └── kubeadmcfg.yaml
+    ---
+    /etc/kubernetes/pki
+    ├── apiserver-etcd-client.crt
+    ├── apiserver-etcd-client.key
+    └── etcd
+        ├── ca.crt
+        ├── ca.key
+        ├── healthcheck-client.crt
+        ├── healthcheck-client.key
+        ├── peer.crt
+        ├── peer.key
+        ├── server.crt
+        └── server.key
+    ```
+
+    <!--
+    On `$HOST1`: 
+    -->
+    在 `$HOST1`:
+
+    ```
+    $HOME
+    └── kubeadmcfg.yaml
+    ---
+    /etc/kubernetes/pki
+    ├── apiserver-etcd-client.crt
+    ├── apiserver-etcd-client.key
+    └── etcd
+        ├── ca.crt
+        ├── healthcheck-client.crt
+        ├── healthcheck-client.key
+        ├── peer.crt
+        ├── peer.key
+        ├── server.crt
+        └── server.key
+    ``` 
+
+    <!--
+    On `$HOST2` 
+    -->
+    在 `$HOST2`
+
+    ```
+    $HOME
+    └── kubeadmcfg.yaml
+    ---
+    /etc/kubernetes/pki
+    ├── apiserver-etcd-client.crt
+    ├── apiserver-etcd-client.key
+    └── etcd
+        ├── ca.crt
+        ├── healthcheck-client.crt
+        ├── healthcheck-client.key
+        ├── peer.crt
+        ├── peer.key
+        ├── server.crt
+        └── server.key
+    ``` 
+    
+    <!--
+    1.Create the static pod manifests
+
+        Now that the certificates and configs are in place it's time to create the
+        manifests. On each host run the `kubeadm` command to generate a static manifest
+        for etcd.
+    -->
+1. 创建静态 Pod 清单
+
+    既然证书和配置已经就绪，是时候去创建清单了。在每台主机上运行 `kubeadm` 命令来生成 etcd 使用的静态清单。
+
+    ```sh
+    root@HOST0 $ kubeadm alpha phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    root@HOST1 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
+    root@HOST2 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
+    ``` 
+   
+    <!--
+    1.Optional: Check the cluster health 
+    -->
+1. 可选：检查群集运行状况
+
+    ```sh
+    docker run --rm -it \
+    --net host \
+    -v /etc/kubernetes:/etc/kubernetes quay.io/coreos/etcd:v3.2.18 etcdctl \
+    --cert-file /etc/kubernetes/pki/etcd/peer.crt \
+    --key-file /etc/kubernetes/pki/etcd/peer.key \
+    --ca-file /etc/kubernetes/pki/etcd/ca.crt \
+    --endpoints https://${HOST0}:2379 cluster-health
+    ...
+    cluster is healthy
+    ``` 
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Once your have a working 3 member etcd cluster, you can continue setting up a
+highly available control plane using the [external etcd method with
+kubeadm](/docs/setup/independent/high-availability/). 
+-->
+一旦拥有了一个正常工作的 3 成员的 etcd 集群，你就可以基于[使用 kubeadm 的外部 etcd 方法](/docs/setup/independent/high-availability/)，继续部署一个高可用的控制平面。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/setup/learning-environment/_index.md b/content/zh/docs/setup/learning-environment/_index.md
new file mode 100644
index 0000000000000..5099203c9bcdc
--- /dev/null
+++ b/content/zh/docs/setup/learning-environment/_index.md
@@ -0,0 +1,11 @@
+---
+title: 学习环境
+weight: 20
+---
+
+<!--
+---
+title: Learning environment
+weight: 20
+---
+-->
diff --git a/content/zh/docs/setup/learning-environment/minikube.md b/content/zh/docs/setup/learning-environment/minikube.md
new file mode 100644
index 0000000000000..1ef01a316b835
--- /dev/null
+++ b/content/zh/docs/setup/learning-environment/minikube.md
@@ -0,0 +1,954 @@
+---
+title: 使用 Minikube 安装 Kubernetes
+content_template: templates/concept
+---
+<!--
+---
+reviewers:
+- dlorenc
+- balopat
+- aaron-prindle
+title: Installing Kubernetes with Minikube
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Minikube is a tool that makes it easy to run Kubernetes locally. Minikube runs a single-node Kubernetes cluster inside a Virtual Machine (VM) on your laptop for users looking to try out Kubernetes or develop with it day-to-day.
+-->
+Minikube 是一种可以让您在本地轻松运行 Kubernetes 的工具。Minikube 在笔记本电脑上的虚拟机（VM）中运行单节点 Kubernetes 集群，供那些希望尝试 Kubernetes 或进行日常开发的用户使用。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Minikube Features
+-->
+## Minikube 功能
+
+<!--
+Minikube supports the following Kubernetes features:
+-->
+Minikube 支持以下 Kubernetes 功能：
+
+<!--
+* DNS
+* NodePorts
+* ConfigMaps and Secrets
+* Dashboards
+* Container Runtime: Docker, [rkt](https://github.com/rkt/rkt), [CRI-O](https://github.com/kubernetes-incubator/cri-o), and [containerd](https://github.com/containerd/containerd)
+* Enabling CNI (Container Network Interface)
+* Ingress
+-->
+
+* DNS
+* NodePorts
+* ConfigMaps 和 Secrets
+* Dashboards
+* 容器运行时: Docker、[rkt](https://github.com/rkt/rkt)、[CRI-O](https://github.com/kubernetes-incubator/cri-o) 以及 [containerd](https://github.com/containerd/containerd)
+* 启用 CNI （容器网络接口）
+* Ingress
+
+<!--
+## Installation
+-->
+## 安装
+
+<!--
+See [Installing Minikube](/docs/tasks/tools/install-minikube/).
+-->
+请参阅[安装 Minikube](/docs/tasks/tools/install-minikube/)。
+
+<!--
+## Quickstart
+-->
+## 快速开始
+
+<!--
+This brief demo guides you on how to start, use, and delete Minikube locally. Follow the steps given below to start and explore Minikube.
+-->
+这个简短的演示将指导您如何在本地启动、使用和删除 Minikube。请按照以下步骤开始探索 Minikube。
+
+<!--
+1. Start Minikube and create a cluster:
+-->
+1. 启动 Minikube 并创建一个集群：
+
+    ```shell
+    minikube start
+    ```
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    Starting local Kubernetes cluster...
+    Running pre-create checks...
+    Creating machine...
+    Starting local Kubernetes cluster...
+    ```
+
+    <!--
+    For more information on starting your cluster on a specific Kubernetes version, VM, or container runtime, see [Starting a Cluster](#starting-a-cluster).
+    -->
+    
+    有关使用特定 Kubernetes 版本、VM 或容器运行时启动集群的详细信息，请参阅[启动集群](#starting-a-cluster)。
+
+2. 现在，您可以使用 kubectl 与集群进行交互。有关详细信息，请参阅[与集群交互](#interacting-with-your-cluster)。
+
+    <!--
+    Now, you can interact with your cluster using kubectl. For more information, see [Interacting with Your Cluster](#interacting-with-your-cluster).
+    -->
+
+    <!--
+    Let’s create a Kubernetes Deployment using an existing image named `echoserver`, which is a simple HTTP server and expose it on port 8080 using `--port`.
+    -->
+    让我们使用名为 `echoserver` 的镜像创建一个 Kubernetes Deployment，并使用 `--port` 在端口 8080 上暴露服务。`echoserver` 是一个简单的 HTTP 服务器。
+
+    ```shell
+    kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.10 --port=8080
+    ```
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    deployment.apps/hello-minikube created
+    ```
+
+3. 要访问 `hello-minikube` Deployment，需要将其作为 Service 公开：
+
+    <!--
+    To access the `hello-minikube` Deployment, expose it as a Service:
+    -->
+
+    ```shell
+    kubectl expose deployment hello-minikube --type=NodePort
+    ```
+    <!--
+    The option `--type=NodePort` specifies the type of the Service.
+    -->
+    选项 `--type = NodePort` 指定 Service 的类型。
+
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    service/hello-minikube exposed
+    ```
+
+4. 现在 `hello-minikube` Pod 已经启动，但是您必须等到 Pod 启动完全才能通过暴露的 Service 访问它。
+
+    <!--
+    The `hello-minikube` Pod is now launched but you have to wait until the Pod is up before accessing it via the exposed Service.
+    -->
+
+    <!--
+	Check if the Pod is up and running:
+    -->
+    检查 Pod 是否启动并运行：
+
+	```shell
+	kubectl get pod
+	```
+    <!--
+	If the output shows the `STATUS` as `ContainerCreating`, the Pod is still being created:
+    -->
+    如果输出显示 `STATUS` 为 `ContainerCreating`，则表明 Pod 仍在创建中：
+	```
+	NAME                              READY     STATUS              RESTARTS   AGE
+	hello-minikube-3383150820-vctvh   0/1       ContainerCreating   0          3s
+	```
+    <!--
+	If the output shows the `STATUS` as `Running`, the Pod is now up and running:
+    -->
+    如果输出显示 `STATUS` 为 `Running`，则 Pod 现在正在运行：
+	```
+	NAME                              READY     STATUS    RESTARTS   AGE
+	hello-minikube-3383150820-vctvh   1/1       Running   0          13s
+	```
+
+5. 获取暴露 Service 的 URL 以查看 Service 的详细信息：
+
+    <!--
+    Get the URL of the exposed Service to view the Service details:
+    -->
+
+	```shell
+	minikube service hello-minikube --url
+	```
+
+6. 要查看本地集群的详细信息，请在浏览器中复制粘贴并访问上一步骤输出的 URL。
+
+    <!--
+    To view the details of your local cluster, copy and paste the URL you got as the output, on your browser.
+    -->
+
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    Hostname: hello-minikube-7c77b68cff-8wdzq
+
+    Pod Information:
+        -no pod information available-
+
+    Server values:
+        server_version=nginx: 1.13.3 - lua: 10008
+
+    Request Information:
+        client_address=172.17.0.1
+        method=GET
+        real path=/
+        query=
+        request_version=1.1
+        request_scheme=http
+        request_uri=http://192.168.99.100:8080/
+
+    Request Headers:
+        accept=*/*
+        host=192.168.99.100:30674
+        user-agent=curl/7.47.0
+
+    Request Body:
+        -no body in request-
+    ```
+    <!--
+	If you no longer want the Service and cluster to run, you can delete them.
+    -->
+    如果您不再希望运行 Service 和集群，则可以删除它们。
+
+7. 删除 `hello-minikube` Service：
+
+    <!--
+    Delete the `hello-minikube` Service:
+    -->
+
+    ```shell
+    kubectl delete services hello-minikube
+    ```
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    service "hello-minikube" deleted
+    ```
+
+8. 删除 `hello-minikube` Deployment：
+
+    <!--
+    Delete the `hello-minikube` Deployment:
+    -->
+
+    ```shell
+    kubectl delete deployment hello-minikube
+    ```
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    deployment.extensions "hello-minikube" deleted
+    ```
+
+9.  停止本地 Minikube 集群：
+
+    <!--
+    Stop the local Minikube cluster:
+    -->
+
+    ```shell
+    minikube stop
+    ```
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    Stopping "minikube"...
+    "minikube" stopped.
+    ```
+    <!--
+	For more information, see [Stopping a Cluster](#stopping-a-cluster).
+    -->
+    有关更多信息，请参阅[停止集群](#stopsing-a-cluster)。
+
+10. 删除本地 Minikube 集群：
+
+    <!--
+    Delete the local Minikube cluster:
+    -->
+
+    ```shell
+    minikube delete
+    ```
+    <!--
+    The output is similar to this:
+    -->
+    输出类似于：
+
+    ```
+    Deleting "minikube" ...
+    The "minikube" cluster has been deleted.
+    ```
+    <!--
+	For more information, see [Deleting a cluster](#deleting-a-cluster).
+    -->
+    有关更多信息，请参阅[删除集群](#deletion-a-cluster)。
+
+<!--
+## Managing your Cluster
+-->
+## 管理您的集群
+
+<!--
+### Starting a Cluster
+-->
+### 启动集群 {#starting-a-cluster}
+
+<!--
+The `minikube start` command can be used to start your cluster.
+-->
+`minikube start` 命令可用于启动集群。
+<!--
+This command creates and configures a Virtual Machine that runs a single-node Kubernetes cluster.
+-->
+此命令将创建并配置一台虚拟机，使其运行单节点 Kubernetes 集群。
+<!--
+This command also configures your [kubectl](/docs/user-guide/kubectl-overview/) installation to communicate with this cluster.
+-->
+此命令还会配置您的 [kubectl](/docs/user-guide/kubectl-overview/) 安装，以便使其能与您的 Kubernetes 集群正确通信。
+
+<!--
+If you are behind a web proxy, you need to pass this information to the `minikube start` command:
+-->
+<!--
+Unfortunately, setting the environment variables alone does not work.
+-->
+<!--
+Minikube also creates a "minikube" context, and sets it to default in kubectl.
+-->
+<!--
+To switch back to this context, run this command: `kubectl config use-context minikube`.
+-->
+
+{{< note >}}
+如果您启用了 web 代理，则需要将此信息传递给 `minikube start` 命令：
+
+```shell
+https_proxy=<my proxy> minikube start --docker-env http_proxy=<my proxy> --docker-env https_proxy=<my proxy> --docker-env no_proxy=192.168.99.0/24
+```
+
+不幸的是，单独设置环境变量不起作用。
+
+Minikube 还创建了一个 `minikube` 上下文，并将其设置为 kubectl 的默认上下文。
+
+要切换回此上下文，请运行以下命令：`kubectl config use-context minikube`。
+{{< /note >}}
+
+<!--
+#### Specifying the Kubernetes version
+-->
+#### 指定 Kubernetes 版本
+
+<!--
+You can specify the version of Kubernetes for Minikube to use byadding the `--kubernetes-version` string to the `minikube start` command. Forexample, to run version {{< param "fullversion" >}}, you would run the following:
+-->
+您可以通过将 `--kubernetes-version` 字符串添加到 `minikube start` 命令来指定要用于 Minikube 的 Kubernetes 版本。例如，要运行版本 {{< param "fullversion" >}}，您可以运行以下命令：
+
+```
+minikube start --kubernetes-version {{< param "fullversion" >}}
+```
+<!--
+#### Specifying the VM driver
+-->
+#### 指定 VM 驱动程序
+
+<!--
+You can change the VM driver by adding the `--vm-driver=<enter_driver_name>` flag to `minikube start`.
+-->
+
+您可以通过将 `--vm-driver=<enter_driver_name>` 参数添加到 `minikube start` 来更改 VM 驱动程序。
+<!--
+For example the command would be.
+-->
+例如命令：
+
+```shell
+minikube start --vm-driver=<driver_name>
+```
+<!--
+ Minikube supports the following drivers:
+-->
+Minikube 支持以下驱动程序：
+
+<!--
+ See [DRIVERS](https://git.k8s.io/minikube/docs/drivers.md) for details on supported drivers and how to install plugins.
+-->
+
+<!--
+* virtualbox
+* vmwarefusion
+* kvm2 ([driver installation](https://git.k8s.io/minikube/docs/drivers.md#kvm2-driver))
+* hyperkit ([driver installation](https://git.k8s.io/minikube/docs/drivers.md#hyperkit-driver))
+* hyperv ([driver installation](https://github.com/kubernetes/minikube/blob/master/docs/drivers.md#hyperv-driver))
+Note that the IP below is dynamic and can change. It can be retrieved with `minikube ip`.
+* vmware ([driver installation](https://github.com/kubernetes/minikube/blob/master/docs/drivers.md#vmware-unified-driver)) (VMware unified driver)
+* none (Runs the Kubernetes components on the host and not in a VM. Using this driver requires Docker ([docker install](https://docs.docker.com/install/linux/docker-ce/ubuntu/)) and a Linux environment)
+-->
+
+
+ {{< note >}}
+有关支持的驱动程序以及如何安装插件的详细信息，请参阅[驱动程序](https://git.k8s.io/minikube/docs/drivers.md)。
+{{< /note >}}
+
+* virtualbox
+* vmwarefusion
+* kvm2 ([驱动安装](https://git.k8s.io/minikube/docs/drivers.md#kvm2-driver))
+* hyperkit ([驱动安装](https://git.k8s.io/minikube/docs/drivers.md#hyperkit-driver))
+* hyperv ([驱动安装](https://github.com/kubernetes/minikube/blob/master/docs/drivers.md#hyperv-driver))
+<!--
+Note that the IP below is dynamic and can change. It can be retrieved with `minikube ip`.
+-->
+请注意，下面的 IP 是动态的，可以更改。可以使用 `minikube ip` 检索。
+* vmware ([驱动安装](https://github.com/kubernetes/minikube/blob/master/docs/drivers.md#vmware-unified-driver)) （VMware 统一驱动）
+* none (在主机上运行Kubernetes组件，而不是在 VM 中。使用该驱动依赖 Docker ([安装 Docker](https://docs.docker.com/install/linux/docker-ce/ubuntu/)) 和 Linux 环境)
+
+<!--
+#### Starting a cluster on alternative container runtimes
+
+You can start Minikube on the following container runtimes.
+-->
+#### 通过别的容器运行时启动集群
+
+您可以通过以下容器运行时启动 Minikube。
+
+{{< tabs name="container_runtimes" >}}
+{{% tab name="containerd" %}}
+<!--
+To use [containerd](https://github.com/containerd/containerd) as the container runtime, run:
+-->
+要使用 [containerd](https://github.com/containerd/containerd) 作为容器运行时，请运行：
+
+```bash
+minikube start \
+    --network-plugin=cni \
+    --enable-default-cni \
+    --container-runtime=containerd \
+    --bootstrapper=kubeadm
+```
+
+<!--
+Or you can use the extended version:
+-->
+或者您可以使用扩展版本：
+
+```bash
+minikube start \
+    --network-plugin=cni \
+    --enable-default-cni \
+    --extra-config=kubelet.container-runtime=remote \
+    --extra-config=kubelet.container-runtime-endpoint=unix:///run/containerd/containerd.sock \
+    --extra-config=kubelet.image-service-endpoint=unix:///run/containerd/containerd.sock \
+    --bootstrapper=kubeadm
+```
+{{% /tab %}}
+{{% tab name="CRI-O" %}}
+<!--
+To use [CRI-O](https://github.com/kubernetes-incubator/cri-o) as the container runtime, run:
+-->
+要使用 [CRI-O](https://github.com/kubernetes-incubator/cri-o) 作为容器运行时，请运行：
+
+```bash
+minikube start \
+    --network-plugin=cni \
+    --enable-default-cni \
+    --container-runtime=cri-o \
+    --bootstrapper=kubeadm
+```
+<!--
+Or you can use the extended version:
+-->
+或者您可以使用扩展版本：
+
+```bash
+minikube start \
+    --network-plugin=cni \
+    --enable-default-cni \
+    --extra-config=kubelet.container-runtime=remote \
+    --extra-config=kubelet.container-runtime-endpoint=/var/run/crio.sock \
+    --extra-config=kubelet.image-service-endpoint=/var/run/crio.sock \
+    --bootstrapper=kubeadm
+```
+{{% /tab %}}
+{{% tab name="rkt container engine" %}}
+<!--
+To use [rkt](https://github.com/rkt/rkt) as the container runtime run:
+-->
+使用 [rkt](https://github.com/rkt/rkt) 作为容器运行时，请运行：
+
+```shell
+minikube start \
+    --network-plugin=cni \
+    --enable-default-cni \
+    --container-runtime=rkt
+```
+<!--
+This will use an alternative minikube ISO image containing both rkt, and Docker, and enable CNI networking.
+-->
+这将使用包含 rkt 和 Docker 的替代 minikube ISO 映像，并启用 CNI 网络。
+{{% /tab %}}
+{{< /tabs >}}
+
+<!--
+#### Use local images by re-using the Docker daemon
+-->
+#### 通过重用 Docker 守护进程使用本地镜像
+
+<!--
+When using a single VM for Kubernetes, it's useful to reuse Minikube's built-in Docker daemon. Reusing the built-in daemon means you don't have to build a Docker registry on your host machine and push the image into it. Instead, you can build inside the same Docker daemon as Minikube, which speeds up local experiments.
+-->
+当为 Kubernetes 使用单个 VM 时，重用 Minikube 的内置 Docker 守护程序非常有用。重用内置守护程序意味着您不必在主机上构建 Docker 镜像仓库并将镜像推入其中。相反，您可以在与 Minikube 相同的 Docker 守护进程内部构建，这可以加速本地实验。
+
+{{< note >}}
+<!--
+Be sure to tag your Docker image with something other than latest and use that tag to pull the image. Because `:latest` is the default value, with a corresponding default image pull policy of `Always`, an image pull error (`ErrImagePull`) eventually results if you do not have the Docker image in the default Docker registry (usually DockerHub).
+-->
+一定要用非 `latest` 的标签来标记你的 Docker 镜像，并使用该标签来拉取镜像。因为 `:latest` 标记的镜像，其默认镜像拉取策略是 `Always`，如果在默认的 Docker 镜像仓库（通常是 DockerHub）中没有找到你的 Docker 镜像，最终会导致一个镜像拉取错误（`ErrImagePull`）。
+{{< /note >}}
+
+<!--
+To work with the Docker daemon on your Mac/Linux host, use the `docker-env command` in your shell:
+-->
+要在 Mac/Linux 主机上使用 Docker 守护程序，请在 shell 中运行 `docker-env command`：
+
+```shell
+eval $(minikube docker-env)
+```
+
+<!--
+You can now use Docker at the command line of your host Mac/Linux machine to communicate with the Docker daemon inside the Minikube VM:
+-->
+您现在可以在 Mac/Linux 机器的命令行中使用 Docker 与 Minikube VM 内的 Docker 守护程序进行通信：
+
+```shell
+docker ps
+```
+
+{{< note >}}
+<!--
+On Centos 7, Docker may report the following error:
+-->
+在 Centos 7 上，Docker 可能会报如下错误：
+
+```
+Could not read CA certificate "/etc/docker/ca.pem": open /etc/docker/ca.pem: no such file or directory
+```
+
+<!--
+You can fix this by updating /etc/sysconfig/docker to ensure that Minikube's environment changes are respected:
+-->
+您可以通过更新 /etc/sysconfig/docker 来解决此问题，以确保 Minikube 的环境更改得到遵守：
+
+```shell
+< DOCKER_CERT_PATH=/etc/docker
+---
+> if [ -z "${DOCKER_CERT_PATH}" ]; then
+>   DOCKER_CERT_PATH=/etc/docker
+> fi
+```
+{{< /note >}}
+
+<!--
+### Configuring Kubernetes
+-->
+### 配置 Kubernetes
+
+<!--
+Minikube has a "configurator" feature that allows users to configure the Kubernetes components with arbitrary values.
+-->
+Minikube 有一个 "configurator" 功能，允许用户使用任意值配置 Kubernetes 组件。
+<!--
+To use this feature, you can use the `--extra-config` flag on the `minikube start` command.
+-->
+要使用此功能，可以在 `minikube start` 命令中使用 `--extra-config` 参数。
+
+<!--
+This flag is repeated, so you can pass it several times with several different values to set multiple options.
+-->
+此参数允许重复，因此您可以使用多个不同的值多次传递它以设置多个选项。
+
+<!--
+This flag takes a string of the form `component.key=value`, where `component` is one of the strings from the below list, `key` is a value on the configuration struct and `value` is the value to set.
+-->
+此参数采用 `component.key=value` 形式的字符串，其中 `component` 是下面列表中的一个字符串，`key` 是配置项名称，`value` 是要设置的值。
+
+<!--
+Valid keys can be found by examining the documentation for the Kubernetes `componentconfigs` for each component.
+-->
+通过检查每个组件的 Kubernetes `componentconfigs` 的文档，可以找到有效的 key。
+<!--
+Here is the documentation for each supported configuration:
+-->
+下面是每个组件所支持的配置的介绍文档：
+
+* [kubelet](https://godoc.org/k8s.io/kubernetes/pkg/kubelet/apis/config#KubeletConfiguration)
+* [apiserver](https://godoc.org/k8s.io/kubernetes/cmd/kube-apiserver/app/options#ServerRunOptions)
+* [proxy](https://godoc.org/k8s.io/kubernetes/pkg/proxy/apis/config#KubeProxyConfiguration)
+* [controller-manager](https://godoc.org/k8s.io/kubernetes/pkg/controller/apis/config#KubeControllerManagerConfiguration)
+* [etcd](https://godoc.org/github.com/coreos/etcd/etcdserver#ServerConfig)
+* [scheduler](https://godoc.org/k8s.io/kubernetes/pkg/scheduler/apis/config#KubeSchedulerConfiguration)
+
+<!--
+#### Examples
+-->
+#### 例子
+
+<!--
+To change the `MaxPods` setting to 5 on the Kubelet, pass this flag: `--extra-config=kubelet.MaxPods=5`.
+-->
+要在 Kubelet 上将 `MaxPods` 设置更改为 5，请传递此参数：`--extra-config=kubelet.MaxPods=5`。
+
+<!--
+This feature also supports nested structs. To change the `LeaderElection.LeaderElect` setting to `true` on the scheduler, pass this flag: `--extra-config=scheduler.LeaderElection.LeaderElect=true`.
+-->
+此功能还支持嵌套结构。要在调度程序上将 `LeaderElection.LeaderElect` 设置更改为 `true`，请传递此参数：`--extra-config=scheduler.LeaderElection.LeaderElect=true`。
+
+<!--
+To set the `AuthorizationMode` on the `apiserver` to `RBAC`, you can use: `--extra-config=apiserver.authorization-mode=RBAC`.
+-->
+要将 `apiserver` 的 `AuthorizationMode` 设置为 `RBAC`，您可以使用：`--extra-config=apiserver.authorization-mode=RBAC`。
+
+<!--
+### Stopping a ClusterThe 
+
+`minikube stop` command can be used to stop your cluster.
+-->
+### 停止集群 {#stopsing-a-cluster}
+
+`minikube stop` 命令可用于停止集群。
+<!--
+This command shuts down the Minikube Virtual Machine, but preserves all cluster state and data.
+-->
+此命令关闭 Minikube 虚拟机，但保留所有集群状态和数据。
+<!--
+Starting the cluster again will restore it to its previous state.
+-->
+再次启动集群会将其恢复到以前的状态。
+
+<!--
+### Deleting a ClusterThe 
+
+`minikube delete` command can be used to delete your cluster.
+-->
+### 删除集群 {#deletion-a-cluster}
+
+`minikube delete` 命令可用于删除集群。
+<!--
+This command shuts down and deletes the Minikube Virtual Machine. No data or state is preserved.
+-->
+此命令将关闭并删除 Minikube 虚拟机，不保留任何数据或状态。
+
+<!--
+## Interacting with Your Cluster
+-->
+## 与集群交互 {#interacting-with-your-cluster}
+
+<!--
+### Kubectl
+-->
+### Kubectl
+
+<!--
+The `minikube start` command creates a [kubectl context](/docs/reference/generated/kubectl/kubectl-commands#-em-set-context-em-) called "minikube".
+-->
+`minikube start` 命令创建一个名为 `minikube` 的 [kubectl 上下文](/docs/reference/generated/kubectl/kubectl-commands#-em-set-context-em-)。
+<!--
+This context contains the configuration to communicate with your Minikube cluster.
+-->
+此上下文包含与 Minikube 集群通信的配置。
+
+<!--
+Minikube sets this context to default automatically, but if you need to switch back to it in the future, run:
+-->
+Minikube 会自动将此上下文设置为默认值，但如果您以后需要切换回它，请运行：
+
+<!--
+`kubectl config use-context minikube`,
+-->
+`kubectl config use-context minikube`，
+
+<!--
+Or pass the context on each command like this: `kubectl get pods --context=minikube`.
+-->
+或者像这样，每个命令都附带其执行的上下文：`kubectl get pods --context=minikube`。
+
+<!--
+### Dashboard
+-->
+### 仪表盘
+
+<!--
+To access the [Kubernetes Dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard/), run this command in a shell after starting Minikube to get the address:
+-->
+要访问 [Kubernetes Dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard/)，请在启动 Minikube 后在 shell 中运行此命令以获取地址：
+
+```shell
+minikube dashboard
+```
+
+<!--
+### Services
+-->
+### Service
+
+<!--
+To access a Service exposed via a node port, run this command in a shell after starting Minikube to get the address:
+-->
+要访问通过节点（Node）端口公开的 Service，请在启动 Minikube 后在 shell 中运行此命令以获取地址：
+
+```shell
+minikube service [-n NAMESPACE] [--url] NAME
+```
+
+<!--
+## Networking
+-->
+## 网络
+
+<!--
+The Minikube VM is exposed to the host system via a host-only IP address, that can be obtained with the `minikube ip` command.
+-->
+Minikube VM 通过 host-only IP 暴露给主机系统，可以通过 `minikube ip` 命令获得该 IP。
+<!--
+Any services of type `NodePort` can be accessed over that IP address, on the NodePort.
+-->
+在 NodePort 上，可以通过该 IP 地址访问任何类型为 `NodePort` 的服务。
+
+<!--
+To determine the NodePort for your service, you can use a `kubectl` command like this:
+-->
+要确定服务的 NodePort，可以像这样使用 `kubectl` 命令：
+
+<!--
+`kubectl get service $SERVICE --output='jsonpath="{.spec.ports[0].nodePort}"'`
+-->
+`kubectl get service $SERVICE --output='jsonpath="{.spec.ports[0].nodePort}"'`
+
+<!--
+## Persistent Volumes
+
+Minikube supports [PersistentVolumes](/docs/concepts/storage/persistent-volumes/) of type `hostPath`.
+-->
+## 持久卷（PersistentVolume）
+
+Minikube 支持 `hostPath` 类型的 [持久卷](/docs/concepts/storage/persistent-volumes/)。
+<!--
+These PersistentVolumes are mapped to a directory inside the Minikube VM.
+-->
+这些持久卷会映射为 Minikube VM 内的目录。
+
+<!--
+The Minikube VM boots into a tmpfs, so most directories will not be persisted across reboots (`minikube stop`).
+-->
+Minikube VM 引导到 tmpfs，因此大多数目录不会在重新启动（`minikube stop`）之后保持不变。
+<!--
+However, Minikube is configured to persist files stored under the following host directories:
+-->
+但是，Minikube 被配置为保存存储在以下主机目录下的文件：
+
+* `/data`
+* `/var/lib/minikube`
+* `/var/lib/docker`
+
+<!--
+Here is an example PersistentVolume config to persist data in the `/data` directory:
+-->
+下面是一个持久卷配置示例，用于在 `/data` 目录中保存数据：
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv0001
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 5Gi
+  hostPath:
+    path: /data/pv0001/
+```
+
+<!--
+## Mounted Host Folders
+
+Some drivers will mount a host folder within the VM so that you can easily share files between the VM and host.  These are not configurable at the moment and different for the driver and OS you are using.
+-->
+## 挂载宿主机文件夹
+
+一些驱动程序将在 VM 中挂载一个主机文件夹，以便您可以轻松地在 VM 和主机之间共享文件。目前这些都是不可配置的，并且根据您正在使用的驱动程序和操作系统的不同而不同。
+
+<!--
+Host folder sharing is not implemented in the KVM driver yet.
+-->
+
+{{< note >}}
+KVM 驱动程序中尚未实现主机文件夹共享。
+{{< /note >}}
+
+| 驱动 | 操作系统 | 宿主机文件夹 | VM 文件夹 |
+| --- | --- | --- | --- |
+| VirtualBox | Linux | /home | /hosthome |
+| VirtualBox | macOS | /Users | /Users |
+| VirtualBox | Windows | C://Users | /c/Users |
+| VMware Fusion | macOS | /Users | /Users |
+| Xhyve | macOS | /Users | /Users |
+
+<!--
+## Private Container Registries
+-->
+## 私有容器镜像仓库
+
+<!--
+To access a private container registry, follow the steps on [this page](/docs/concepts/containers/images/).
+-->
+要访问私有容器镜像仓库，请按照[本页](/docs/concepts/containers/images/)上的步骤操作。
+
+<!--
+We recommend you use `ImagePullSecrets`, but if you would like to configure access on the Minikube VM you can place the `.dockercfg` in the `/home/docker` directory or the `config.json` in the `/home/docker/.docker` directory.
+-->
+我们建议您使用 `ImagePullSecrets`，但是如果您想在 Minikube VM 上配置访问权限，可以将 `.dockercfg` 放在 `/home/docker` 目录中，或将`config.json` 放在 `/home/docker/.docker` 目录。
+
+<!--
+## Add-ons
+-->
+## 附加组件
+
+<!--
+In order to have Minikube properly start or restart custom addons,place the addons you wish to be launched with Minikube in the `~/.minikube/addons`directory. Addons in this folder will be moved to the Minikube VM and launched each time Minikube is started or restarted.
+-->
+为了让 Minikube 正确启动或重新启动自定义插件，请将您希望用 Minikube 启动的插件放在 `~/.minikube/addons` 目录中。此文件夹中的插件将被移动到 Minikube VM 并在每次 Minikube 启动或重新启动时被启动。
+
+<!--
+## Using Minikube with an HTTP Proxy
+-->
+## 基于 HTTP 代理使用 Minikube
+
+<!--
+Minikube creates a Virtual Machine that includes Kubernetes and a Docker daemon.
+-->
+Minikube 创建了一个包含 Kubernetes 和 Docker 守护进程的虚拟机。
+<!--
+When Kubernetes attempts to schedule containers using Docker, the Docker daemon may require external network access to pull containers.
+-->
+当 Kubernetes 尝试使用 Docker 调度容器时，Docker 守护程序可能需要访问外部网络来拉取容器镜像。
+
+<!--
+If you are behind an HTTP proxy, you may need to supply Docker with the proxy settings.
+-->
+如果您配置了 HTTP 代理，则可能也需要为 Docker 进行代理设置。
+<!--
+To do this, pass the required environment variables as flags during `minikube start`.
+-->
+要实现这一点，可以在 `minikube start` 期间将所需的环境变量作为参数传递给启动命令。
+
+<!--
+For example:
+-->
+例如：
+
+```shell
+minikube start --docker-env http_proxy=http://$YOURPROXY:PORT \
+                 --docker-env https_proxy=https://$YOURPROXY:PORT
+```
+
+<!--
+If your Virtual Machine address is 192.168.99.100, then chances are your proxy settings will prevent `kubectl` from directly reaching it.
+-->
+如果您的虚拟机地址是 192.168.99.100，那么您的代理设置可能会阻止 `kubectl` 直接访问它。
+<!--
+To by-pass proxy configuration for this IP address, you should modify your no_proxy settings. You can do so with:
+-->
+要绕过此 IP 地址的代理配置，您应该修改 no_proxy 设置。您可以这样做：
+
+```shell
+export no_proxy=$no_proxy,$(minikube ip)
+```
+
+<!--
+## Known Issues
+-->
+## 已知的问题
+
+<!--
+* Features that require a Cloud Provider will not work in Minikube. These include:
+  * LoadBalancers
+* Features that require multiple nodes. These include:
+  * Advanced scheduling policies
+-->
+* 需要云供应商的提供的功能在 Minikube 中无法工作。这些包括：
+  * 负载均衡
+* 需要多节点的功能。这些包括：
+  * 先进的调度策略
+
+<!--
+## Design
+-->
+## 设计
+
+<!--
+Minikube uses [libmachine](https://github.com/docker/machine/tree/master/libmachine) for provisioning VMs, and [kubeadm](https://github.com/kubernetes/kubeadm) to provision a Kubernetes cluster.
+-->
+Minikube 使用 [libmachine](https://github.com/docker/machine/tree/master/libmachine) 配置虚拟机，[kubeadm](https://github.com/kubernetes/kubeadm) 配置 Kubernetes 集群。
+
+<!--
+For more information about Minikube, see the [proposal](https://git.k8s.io/community/contributors/design-proposals/cluster-lifecycle/local-cluster-ux.md).
+-->
+有关 Minikube 的更多信息，请参阅[提案](https://git.k8s.io/community/contributors/design-proposals/cluster-lifecycle/local-cluster-ux.md)。
+
+<!--
+## Additional Links
+-->
+## 其他链接
+
+<!--
+* **Goals and Non-Goals**: For the goals and non-goals of the Minikube project, please see our [roadmap](https://git.k8s.io/minikube/docs/contributors/roadmap.md).
+* **Development Guide**: See [CONTRIBUTING.md](https://git.k8s.io/minikube/CONTRIBUTING.md) for an overview of how to send pull requests.
+* **Building Minikube**: For instructions on how to build/test Minikube from source, see the [build guide](https://git.k8s.io/minikube/docs/contributors/build_guide.md).
+* **Adding a New Dependency**: For instructions on how to add a new dependency to Minikube, see the [adding dependencies guide](https://git.k8s.io/minikube/docs/contributors/adding_a_dependency.md).
+* **Adding a New Addon**: For instructions on how to add a new addon for Minikube, see the [adding an addon guide](https://git.k8s.io/minikube/docs/contributors/adding_an_addon.md).
+* **MicroK8s**: Linux users wishing to avoid running a virtual machine may consider [MicroK8s](https://microk8s.io/) as an alternative.
+-->
+
+* **目标和非目标**: 有关 Minikube 项目的目标和非目标，请参阅我们的 [roadmap](https://git.k8s.io/minikube/docs/contributors/roadmap.md)。
+* **开发指南**: 请查阅 [CONTRIBUTING.md](https://git.k8s.io/minikube/CONTRIBUTING.md) 获取有关如何提交 Pull Request 的概述。
+* **构建 Minikube**: 有关如何从源代码构建/测试 Minikube 的说明，请参阅[构建指南](https://git.k8s.io/minikube/docs/contributors/build_guide.md)。
+* **添加新依赖**: 有关如何向 Minikube 添加新依赖的说明，请参阅[添加依赖项指南](https://git.k8s.io/minikube/docs/contributors/adding_a_dependency.md)。
+* **添加新插件**: 有关如何为 Minikube 添加新插件的说明，请参阅[添加插件指南](https://git.k8s.io/minikube/docs/contributors/adding_an_addon.md)。
+* **MicroK8s**: 希望避免运行虚拟机的 Linux 用户可以考虑使用 [MicroK8s](https://microk8s.io/) 作为替代品。
+
+<!--
+## Community
+-->
+## 社区
+
+<!--
+Contributions, questions, and comments are all welcomed and encouraged! Minikube developers hang out on [Slack](https://kubernetes.slack.com) in the #minikube channel (get an invitation [here](http://slack.kubernetes.io/)). We also have the [kubernetes-dev Google Groups mailing list](https://groups.google.com/forum/#!forum/kubernetes-dev). If you are posting to the list please prefix your subject with "minikube: ".
+-->
+我们欢迎您向社区提交贡献、提出问题以及参与评论！Minikube 开发人员可以在 [Slack](https://kubernetes.slack.com) 的 #minikube 频道上互动交流（点击[这里](http：//slack.kubernetes.io/)获得邀请）。我们还有 [kubernetes-dev Google Groups 邮件列表](https://groups.google.com/forum/#!forum/kubernetes-dev)。如果您要发信到列表中，请在主题前加上 "minikube: "。
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/minikube.md b/content/zh/docs/setup/minikube.md
new file mode 100644
index 0000000000000..7408d4367b569
--- /dev/null
+++ b/content/zh/docs/setup/minikube.md
@@ -0,0 +1,689 @@
+---
+reviewers:
+- dlorenc
+- balopat
+- aaron-prindle
+title: 使用 Minikube 在本地运行 Kubernetes
+content_template: templates/concept
+---
+<!--
+---
+reviewers:
+- dlorenc
+- balopat
+- aaron-prindle
+title: Running Kubernetes Locally via Minikube
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Minikube is a tool that makes it easy to run Kubernetes locally. Minikube runs a single-node Kubernetes cluster inside a VM on your laptop for users looking to try out Kubernetes or develop with it day-to-day.
+-->
+Minikube 是一个可以在本地轻松运行 Kubernetes 的工具。Minikube 在笔记本电脑的虚拟机中运行单节点 Kubernetes 集群，供那些希望尝试 Kubernetes 或对 Kubernetes 进行日常开发的用户使用。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Minikube Features
+-->
+## Minikube 的特性
+
+<!--
+* Minikube supports Kubernetes features such as:
+  * DNS
+  * NodePorts
+  * ConfigMaps and Secrets
+  * Dashboards
+  * Container Runtime: Docker, [rkt](https://github.com/rkt/rkt), [CRI-O](https://github.com/kubernetes-incubator/cri-o) and [containerd](https://github.com/containerd/containerd)
+  * Enabling CNI (Container Network Interface)
+  * Ingress
+-->
+
+* Minikube 支持的 Kubernetes 特性如下：
+  * DNS
+  * NodePorts
+  * ConfigMaps 和 Secrets
+  * Dashboards
+  * 容器运行时: Docker, [rkt](https://github.com/rkt/rkt), [CRI-O](https://github.com/kubernetes-incubator/cri-o) 和 [containerd](https://github.com/containerd/containerd)
+  * 启用 CNI (Container Network Interface)
+  * Ingress
+
+<!--
+## Installation
+
+See [Installing Minikube](/docs/tasks/tools/install-minikube/).
+-->
+
+## 安装
+
+查看 [安装 Minikube](/docs/tasks/tools/install-minikube/)。
+
+<!--
+## Quickstart
+
+Here's a brief demo of Minikube usage.
+If you want to change the VM driver add the appropriate `--vm-driver=xxx` flag to `minikube start`. Minikube supports
+the following drivers:
+-->
+## 快速入门
+
+下面是 Minikube 用法的简单示例。
+如果您想要更改 VM 驱动，可以添加合适的 `--vm-driver=xxx` 到 `minikube start` 命令。Minikube 支持下面的驱动：
+
+* virtualbox
+* vmwarefusion
+* kvm2 ([安装驱动](https://git.k8s.io/minikube/docs/drivers.md#kvm2-driver))
+* kvm ([安装驱动](https://git.k8s.io/minikube/docs/drivers.md#kvm-driver))
+* hyperkit ([安装驱动](https://git.k8s.io/minikube/docs/drivers.md#hyperkit-driver))
+* xhyve ([安装驱动](https://git.k8s.io/minikube/docs/drivers.md#xhyve-driver)) (deprecated)
+
+<!--
+Note that the IP below is dynamic and can change. It can be retrieved with `minikube ip`.
+-->
+
+注意下面的 IP 是动态的、可能不同的。它可以通过 `minikube ip` 获取。
+
+```shell
+$ minikube start
+Starting local Kubernetes cluster...
+Running pre-create checks...
+Creating machine...
+Starting local Kubernetes cluster...
+
+$ kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.10 --port=8080
+deployment.apps/hello-minikube created
+$ kubectl expose deployment hello-minikube --type=NodePort
+service/hello-minikube exposed
+
+# 现在我们启动了一个 echoserver pod，但是必须等待这个 pod 启动成功后才可以通过暴露的服务对它进行访问。
+# 要检查这个 pod 是否启动并运行，我们可以使用下面的命令：
+
+$ kubectl get pod
+NAME                              READY     STATUS              RESTARTS   AGE
+hello-minikube-3383150820-vctvh   0/1       ContainerCreating   0          3s
+
+# 我们可以从 ContainerCreating 的状态得知，这个 pod 仍然处于创建中。
+$ kubectl get pod
+NAME                              READY     STATUS    RESTARTS   AGE
+hello-minikube-3383150820-vctvh   1/1       Running   0          13s
+
+# 我们可以看到这个 pod 现在处于 Running 状态，我们可以对它执行 curl:
+$ curl $(minikube service hello-minikube --url)
+
+
+Hostname: hello-minikube-7c77b68cff-8wdzq
+
+Pod Information:
+	-no pod information available-
+
+Server values:
+	server_version=nginx: 1.13.3 - lua: 10008
+
+Request Information:
+	client_address=172.17.0.1
+	method=GET
+	real path=/
+	query=
+	request_version=1.1
+	request_scheme=http
+	request_uri=http://192.168.99.100:8080/
+
+Request Headers:
+	accept=*/*
+	host=192.168.99.100:30674
+	user-agent=curl/7.47.0
+
+Request Body:
+	-no body in request-
+
+
+$ kubectl delete services hello-minikube
+service "hello-minikube" deleted
+$ kubectl delete deployment hello-minikube
+deployment.extensions "hello-minikube" deleted
+$ minikube stop
+Stopping local Kubernetes cluster...
+Stopping "minikube"...
+```
+
+<!--
+### Alternative Container Runtimes
+-->
+### 其他容器运行时
+
+#### containerd
+
+<!--
+To use [containerd](https://github.com/containerd/containerd) as the container runtime, run:
+-->
+要使用 [containerd](https://github.com/containerd/containerd) 作为容器运行时，运行：
+
+```bash
+$ minikube start \
+    --network-plugin=cni \
+    --container-runtime=containerd \
+    --bootstrapper=kubeadm
+```
+
+<!--
+Or you can use the extended version:
+-->
+或者您可以使用命令的扩展版本：
+
+```bash
+$ minikube start \
+    --network-plugin=cni \
+    --extra-config=kubelet.container-runtime=remote \
+    --extra-config=kubelet.container-runtime-endpoint=unix:///run/containerd/containerd.sock \
+    --extra-config=kubelet.image-service-endpoint=unix:///run/containerd/containerd.sock \
+    --bootstrapper=kubeadm
+```
+
+#### CRI-O
+
+<!--
+To use [CRI-O](https://github.com/kubernetes-incubator/cri-o) as the container runtime, run:
+-->
+要使用 [CRI-O](https://github.com/kubernetes-incubator/cri-o) 作为容器运行时，运行：
+
+```bash
+$ minikube start \
+    --network-plugin=cni \
+    --container-runtime=cri-o \
+    --bootstrapper=kubeadm
+```
+
+<!--
+Or you can use the extended version:
+-->
+或者您可以使用命令的扩展版本：
+
+```bash
+$ minikube start \
+    --network-plugin=cni \
+    --extra-config=kubelet.container-runtime=remote \
+    --extra-config=kubelet.container-runtime-endpoint=/var/run/crio.sock \
+    --extra-config=kubelet.image-service-endpoint=/var/run/crio.sock \
+    --bootstrapper=kubeadm
+```
+
+#### rkt container engine
+
+<!--
+To use [rkt](https://github.com/rkt/rkt) as the container runtime run:
+-->
+要使用 [rkt](https://github.com/rkt/rkt) 作为容器的运行时，运行：
+
+```shell
+$ minikube start \
+    --network-plugin=cni \
+    --container-runtime=rkt
+```
+<!--
+This will use an alternative minikube ISO image containing both rkt, and Docker, and enable CNI networking.
+-->
+这将使用包含 rkt 和 Docker 的替代 minikube ISO 映像，并启用 CNI 网络。
+
+<!--
+### Driver plugins
+-->
+### 驱动插件
+
+<!--
+See [DRIVERS](https://git.k8s.io/minikube/docs/drivers.md) for details on supported drivers and how to install
+plugins, if required.
+-->
+如有需要，可以查看 [驱动](https://git.k8s.io/minikube/docs/drivers.md) 查阅支持的驱动的细节和如何安装插件。
+
+<!--
+### Use local images by re-using the Docker daemon
+-->
+### 通过重用 Docker daemon 来使用本地镜像
+
+<!--
+When using a single VM of Kubernetes, it's really handy to reuse the Minikube's built-in Docker daemon; as this means you don't have to build a docker registry on your host machine and push the image into it - you can just build inside the same docker daemon as minikube which speeds up local experiments. Just make sure you tag your Docker image with something other than 'latest' and use that tag while you pull the image. Otherwise, if you do not specify version of your image, it will be assumed as `:latest`, with pull image policy of `Always` correspondingly, which may eventually result in `ErrImagePull` as you may not have any versions of your Docker image out there in the default docker registry (usually DockerHub) yet.
+-->
+当使用只有单个 VM 的 Kubernetes 集群时，重用 Minikube 的内置 Docker daemon 非常方便; 因为这意味着您不必在宿主机上构建 docker regitstry 并将镜像 push 进去 - 您可以在与 minikube 相同的 docker daemon 内部构建，从而加速本地实验。只需确保使用 'latest' 之外的其他标签标记 Docker 镜像，并在拉取镜像时使用该标签。否则，如果你没有指定镜像的版本，它将被假定为`：latest`，相应的拉取镜像策略为 `Always`，最终可能导致 `ErrImagePull`，因为您可能在默认的 docker registry（通常是 DockerHub ）中还没有任何版本的镜像。
+
+
+<!--
+To be able to work with the docker daemon on your mac/linux host use the `docker-env command` in your shell:
+-->
+为了能够在 mac/linux 主机上使用 docker daemon，请在 shell 中使用 `docker-env command`：
+
+```shell
+eval $(minikube docker-env)
+```
+
+<!--
+You should now be able to use docker on the command line on your host mac/linux machine talking to the docker daemon inside the minikube VM:
+-->
+现在您应该可以在您的 mac/linux 主机上使用 docker 命令与 minikube VM 中的 docker daemon 进行通信了：
+
+```shell
+docker ps
+```
+
+<!--
+On Centos 7, docker may report the following error:
+-->
+在 Centos 7 操作系统上，docker 可能报出下面的错误：
+
+```shell
+Could not read CA certificate "/etc/docker/ca.pem": open /etc/docker/ca.pem: no such file or directory
+```
+
+<!--
+The fix is to update /etc/sysconfig/docker to ensure that Minikube's environment changes are respected:
+-->
+修复办法是更新 /etc/sysconfig/docker，确保 Minikube 的环境变量的变化和预期一致：
+
+```shell
+< DOCKER_CERT_PATH=/etc/docker
+---
+> if [ -z "${DOCKER_CERT_PATH}" ]; then
+>   DOCKER_CERT_PATH=/etc/docker
+> fi
+```
+
+<!--
+Remember to turn off the imagePullPolicy:Always, otherwise Kubernetes won't use images you built locally.
+-->
+记得关闭 imagePullPolicy:Always，否则 Kubernetes 不会使用您在本地构建的镜像。
+
+<!--
+## Managing your Cluster
+
+### Starting a Cluster
+-->
+## 管理您的集群
+
+### 启动一个集群
+
+<!--
+The `minikube start` command can be used to start your cluster.
+This command creates and configures a Virtual Machine that runs a single-node Kubernetes cluster.
+This command also configures your [kubectl](/docs/user-guide/kubectl-overview/) installation to communicate with this cluster.
+
+If you are behind a web proxy, you will need to pass this information to the `minikube start` command:
+-->
+`minikube start` 命令可以用来启动您的集群。
+这个命令会创建和配置一个虚拟机，里面运行了一个单节点的 Kubernetes 集群。
+这个命令也会安装 [kubectl](/docs/user-guide/kubectl-overview/) 用于和集群进行通信。
+
+```shell
+https_proxy=<my proxy> minikube start --docker-env http_proxy=<my proxy> --docker-env https_proxy=<my proxy> --docker-env no_proxy=192.168.99.0/24
+```
+
+<!--
+Unfortunately just setting the environment variables will not work.
+
+Minikube will also create a "minikube" context, and set it to default in kubectl.
+To switch back to this context later, run this command: `kubectl config use-context minikube`.
+-->
+不幸的是，仅仅设置环境变量是不够的。
+
+Minikube 也会创建 "minikube" context，并且在 kubectl 把它设置为默认值。
+运行这个命令 `kubectl config use-context minikube` 可以再切换到这个 context。
+
+<!--
+#### Specifying the Kubernetes version
+-->
+#### 指定 Kubernetes 版本
+
+<!--
+You can specify the specific version of Kubernetes for Minikube to use by
+adding the `--kubernetes-version` string to the `minikube start` command. For
+example, to run version `v1.7.3`, you would run the following:
+-->
+您可以使用 `minikube start` 命令时，添加 `--kubernetes-version` 参数来指定 Minikube 的 Kubernetes 版本。例如，如果要运行 `v1.7.3` 版本，可以运行下面的命令：
+
+```
+minikube start --kubernetes-version v1.7.3
+```
+
+<!--
+### Configuring Kubernetes
+-->
+### 配置 Kubernetes
+
+<!--
+Minikube has a "configurator" feature that allows users to configure the Kubernetes components with arbitrary values.
+To use this feature, you can use the `--extra-config` flag on the `minikube start` command.
+
+This flag is repeated, so you can pass it several times with several different values to set multiple options.
+
+This flag takes a string of the form `component.key=value`, where `component` is one of the strings from the below list, `key` is a value on the
+configuration struct and `value` is the value to set.
+
+Valid keys can be found by examining the documentation for the Kubernetes `componentconfigs` for each component.
+Here is the documentation for each supported configuration:
+-->
+Minikube 有一个 "配置器" 特性，允许用户为 Kubernetes 组件配置任意值。要使用这个特性，您可以在使用 `minikube start` 时加上 `--extra-config` 参数。
+
+这个参数是可以重复的，所以您可以多次使用不同的值设置不同的选项。
+
+这个参数采用 `component.key=value` 形式的字符串，其中 `component` 是下面列表中的字符串，`key` 是配置结构的值，`value` 是配置项要设置的值。
+
+通过检查每个组件的 Kubernetes `componentconfigs` 文档，可以找到有效的键值。
+
+以下是每个支持配置的文档：
+
+* [kubelet](https://godoc.org/k8s.io/kubernetes/pkg/kubelet/apis/config#KubeletConfiguration)
+* [apiserver](https://godoc.org/k8s.io/kubernetes/cmd/kube-apiserver/app/options#ServerRunOptions)
+* [proxy](https://godoc.org/k8s.io/kubernetes/pkg/proxy/apis/config#KubeProxyConfiguration)
+* [controller-manager](https://godoc.org/k8s.io/kubernetes/pkg/controller/apis/config#KubeControllerManagerConfiguration)
+* [etcd](https://godoc.org/github.com/coreos/etcd/etcdserver#ServerConfig)
+* [scheduler](https://godoc.org/k8s.io/kubernetes/pkg/scheduler/apis/config#KubeSchedulerConfiguration)
+
+<!--
+#### Examples
+
+To change the `MaxPods` setting to 5 on the Kubelet, pass this flag: `--extra-config=kubelet.MaxPods=5`.
+
+This feature also supports nested structs. To change the `LeaderElection.LeaderElect` setting to `true` on the scheduler, pass this flag: `--extra-config=scheduler.LeaderElection.LeaderElect=true`.
+
+To set the `AuthorizationMode` on the `apiserver` to `RBAC`, you can use: `--extra-config=apiserver.authorization-mode=RBAC`.
+-->
+#### 示例
+
+要在 Kubelet 上将 `MaxPods` 设置更改为 5，请传递此参数：`--extra-config=kubelet.MaxPods=5`。
+
+这个特性也支持嵌套结构。要把调度器的 `LeaderElection.LeaderElect` 设置为 `true`，传递这个参数 `--extra-config=scheduler.LeaderElection.LeaderElect=true`。
+
+<!--
+### Stopping a Cluster
+The `minikube stop` command can be used to stop your cluster.
+This command shuts down the Minikube Virtual Machine, but preserves all cluster state and data.
+Starting the cluster again will restore it to it's previous state.
+-->
+### 停止集群
+可以使用 `minikube stop` 命令来停止您的集群。这个命令会停止 Minikube 虚拟机，但是保留了集群里的所有状态和数据。重新启动这个集群会恢复到之前的状态。
+
+<!--
+### Deleting a Cluster
+The `minikube delete` command can be used to delete your cluster.
+This command shuts down and deletes the Minikube Virtual Machine. No data or state is preserved.
+-->
+### 删除集群
+可以使用 `minikube delete` 命令来删除您的集群。
+这个命令会停止和删除 Minikube 虚拟机。不会保留任何数据和状态。
+
+<!--
+## Interacting with Your Cluster
+
+### Kubectl
+
+The `minikube start` command creates a [kubectl context](/docs/reference/generated/kubectl/kubectl-commands#-em-set-context-em-) called "minikube".
+This context contains the configuration to communicate with your Minikube cluster.
+
+Minikube sets this context to default automatically, but if you need to switch back to it in the future, run:
+
+`kubectl config use-context minikube`,
+
+Or pass the context on each command like this: `kubectl get pods --context=minikube`.
+-->
+## 和您的集群进行交互
+
+### Kubectl
+
+`minikube start` 命令会创建一个叫做 "minikube"的 [kubectl 上下文](/docs/reference/generated/kubectl/kubectl-commands#-em-set-context-em-)。这个上下文包含了与您的 Minikube 集群进行通信的配置信息。
+
+Minikube 会自动将这个上下文设为默认值，如果您将来需要将它切回，运行：
+
+`kubectl config use-context minikube`，
+
+或者像这样在每个命令中传递这个上下文：`kubectl get pods --context=minikube`。
+
+<!--
+### Dashboard
+
+To access the [Kubernetes Dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard/), run this command in a shell after starting Minikube to get the address:
+
+```shell
+minikube dashboard
+```
+-->
+### Dashboard
+
+要访问 [Kubernetes Dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard/)，在启动 Minikube 后在 shell 中执行此命令来获取访问地址：
+
+```shell
+minikube dashboard
+```
+
+<!--
+### Services
+
+To access a service exposed via a node port, run this command in a shell after starting Minikube to get the address:
+
+```shell
+minikube service [-n NAMESPACE] [--url] NAME
+```
+-->
+### Services
+
+要访问通过 node port 暴露的 service，在启动 Minikube 后在 shell 中执行此命令来获取访问地址：
+
+```shell
+minikube service [-n NAMESPACE] [--url] NAME
+```
+
+<!--
+## Networking
+
+The Minikube VM is exposed to the host system via a host-only IP address, that can be obtained with the `minikube ip` command.
+Any services of type `NodePort` can be accessed over that IP address, on the NodePort.
+
+To determine the NodePort for your service, you can use a `kubectl` command like this:
+
+`kubectl get service $SERVICE --output='jsonpath="{.spec.ports[0].nodePort}"'`
+-->
+## 网络
+
+Minikube VM 通过一个 host-only IP 地址暴露给宿主机，这个 IP 可以通过 `minikube ip` 命令获取。任何的 `NodePort` 类型的 service 可以通过这个 IP 在 NodePort 上来访问。
+
+要确定服务的 NodePort，您可以使用这样的 `kubectl` 命令：
+
+`kubectl get service $SERVICE --output='jsonpath="{.spec.ports[0].nodePort}"'`
+
+<!--
+## Persistent Volumes
+Minikube supports [PersistentVolumes](/docs/concepts/storage/persistent-volumes/) of type `hostPath`.
+These PersistentVolumes are mapped to a directory inside the Minikube VM.
+
+The Minikube VM boots into a tmpfs, so most directories will not be persisted across reboots (`minikube stop`).
+However, Minikube is configured to persist files stored under the following host directories:
+-->
+## Persistent Volumes
+Minikube 支持 `hostPath` 类型的 [PersistentVolumes](/docs/concepts/storage/persistent-volumes/)。
+这些 PersistentVolumes 被映射到 Minikube VM 里的目录中。
+
+
+
+* `/data`
+* `/var/lib/minikube`
+* `/var/lib/docker`
+<!--
+Here is an example PersistentVolume config to persist data in the `/data` directory:
+-->
+下面是一个将数据永久存储在 `/data` 的 PersistentVolume 配置示例：
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv0001
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 5Gi
+  hostPath:
+    path: /data/pv0001/
+```
+
+<!--
+## Mounted Host Folders
+Some drivers will mount a host folder within the VM so that you can easily share files between the VM and host.  These are not configurable at the moment and different for the driver and OS you are using.
+
+{{< note >}}
+Host folder sharing is not implemented in the KVM driver yet.
+{{< /note >}}
+
+| Driver | OS | HostFolder | VM |
+| --- | --- | --- | --- |
+| VirtualBox | Linux | /home | /hosthome |
+| VirtualBox | macOS | /Users | /Users |
+| VirtualBox | Windows | C://Users | /c/Users |
+| VMware Fusion | macOS | /Users | /Users |
+| Xhyve | macOS | /Users | /Users |
+-->
+## 挂载宿主机的目录
+一些驱动会在 VM 内挂载宿主机的目录，以便可以在 VM 和宿主机方便的共享文件。目前这些是不可配置的，而且根据您使用的 OS 和驱动而有所不同。
+
+{{< note >}}
+<!--
+Host folder sharing is not implemented in the KVM driver yet.
+-->
+目前 KVM 驱动尚未实现宿主机目录共享。
+{{< /note >}}
+
+| Driver | OS | HostFolder | VM |
+| --- | --- | --- | --- |
+| VirtualBox | Linux | /home | /hosthome |
+| VirtualBox | macOS | /Users | /Users |
+| VirtualBox | Windows | C://Users | /c/Users |
+| VMware Fusion | macOS | /Users | /Users |
+| Xhyve | macOS | /Users | /Users |
+
+<!--
+## Private Container Registries
+
+To access a private container registry, follow the steps on [this page](/docs/concepts/containers/images/).
+
+We recommend you use `ImagePullSecrets`, but if you would like to configure access on the Minikube VM you can place the `.dockercfg` in the `/home/docker` directory or the `config.json` in the `/home/docker/.docker` directory.
+-->
+## 私有镜像仓库
+
+要访问私有镜像仓库，请按照 [这个页面](/docs/concepts/containers/images/) 的步骤进行操作。
+
+我们推荐您使用 `ImagePullSecrets`，但是如果您想要配置在 Minikube VM 上能够访问，您可以把 `.dockercfg` 放在 `/home/docker` 目录或者把 `config.json` 放在 `/home/docker/.docker` 目录下。
+
+<!--
+## Add-ons
+
+In order to have Minikube properly start or restart custom addons,
+place the addons you wish to be launched with Minikube in the `~/.minikube/addons`
+directory. Addons in this folder will be moved to the Minikube VM and
+launched each time Minikube is started or restarted.
+-->
+## 插件
+
+为了能让 Minikube 能够正常地启动或者重启自定义插件，请把您要在 Minikube 里启动的插件放在 `~/.minikube/addons` 目录。在这个目录中的插件会被移动到 Minikube VM 中，并且在 Minikube 每次启动或者重启时启动。
+
+<!--
+## Using Minikube with an HTTP Proxy
+
+Minikube creates a Virtual Machine that includes Kubernetes and a Docker daemon.
+When Kubernetes attempts to schedule containers using Docker, the Docker daemon may require external network access to pull containers.
+
+If you are behind an HTTP proxy, you may need to supply Docker with the proxy settings.
+To do this, pass the required environment variables as flags during `minikube start`.
+
+For example:
+
+```shell
+$ minikube start --docker-env http_proxy=http://$YOURPROXY:PORT \
+                 --docker-env https_proxy=https://$YOURPROXY:PORT
+```
+
+If your Virtual Machine address is 192.168.99.100, then chances are your proxy settings will prevent `kubectl` from directly reaching it.
+To by-pass proxy configuration for this IP address, you should modify your no_proxy settings. You can do so with:
+
+```shell
+$ export no_proxy=$no_proxy,$(minikube ip)
+```
+-->
+## 在 Minikube 中使用 HTTP 代理
+
+Minikube 创建了一个包含了 Kubernetes 和 Docker daemon 的虚拟机。当 Kubernetes 尝试使用 Docker 调度容器时，Docker daemon 可能需要访问外部网络来拉取容器。
+
+如果您通过 HTTP 代理访问，您可能要设置 Docker 的代理配置。
+通过在运行 `minikube start` 时传入需要的环境变量来实现这个配置。
+
+例如：
+
+```shell
+$ minikube start --docker-env http_proxy=http://$YOURPROXY:PORT \
+                 --docker-env https_proxy=https://$YOURPROXY:PORT
+```
+
+如果您的虚拟机地址是 192.168.99.100，那么您的代理设置可能会阻止 `kubectl` 直接访问它。
+
+要绕过此 IP 地址的代理配置，您应该修改 no_proxy 设置。您可以这样做：
+
+```shell
+$ export no_proxy=$no_proxy,$(minikube ip)
+```
+
+<!--
+## Known Issues
+* Features that require a Cloud Provider will not work in Minikube. These include:
+  * LoadBalancers
+* Features that require multiple nodes. These include:
+  * Advanced scheduling policies
+-->
+## 已知问题
+* 需要 Cloud Provider 的特性在 Minikube 不能工作。这些特性包括：
+  * LoadBalancer
+* 需要多个节点的特性 Minikube 也不支持。包括：
+  * 高级调度策略
+<!--
+## Design
+
+Minikube uses [libmachine](https://github.com/docker/machine/tree/master/libmachine) for provisioning VMs, and [kubeadm](https://github.com/kubernetes/kubeadm) to provision a Kubernetes cluster.
+
+For more information about Minikube, see the [proposal](https://git.k8s.io/community/contributors/design-proposals/cluster-lifecycle/local-cluster-ux.md).
+-->
+## 设计
+
+Minikube 使用 [libmachine](https://github.com/docker/machine/tree/master/libmachine) 来提供虚拟机，使用 [kubeadm](https://github.com/kubernetes/kubeadm) 来提供 Kubernetes 集群。
+
+想要了解更多 Minikube 的信息，查看 [提议](https://git.k8s.io/community/contributors/design-proposals/cluster-lifecycle/local-cluster-ux.md)。
+
+
+
+<!--
+## Additional Links
+
+* **Goals and Non-Goals**: For the goals and non-goals of the Minikube project, please see our [roadmap](https://git.k8s.io/minikube/docs/contributors/roadmap.md).
+* **Development Guide**: See [CONTRIBUTING.md](https://git.k8s.io/minikube/CONTRIBUTING.md) for an overview of how to send pull requests.
+* **Building Minikube**: For instructions on how to build/test Minikube from source, see the [build guide](https://git.k8s.io/minikube/docs/contributors/build_guide.md).
+* **Adding a New Dependency**: For instructions on how to add a new dependency to Minikube see the [adding dependencies guide](https://git.k8s.io/minikube/docs/contributors/adding_a_dependency.md).
+* **Adding a New Addon**: For instruction on how to add a new addon for Minikube see the [adding an addon guide](https://git.k8s.io/minikube/docs/contributors/adding_an_addon.md).
+* **Updating Kubernetes**: For instructions on how to update Kubernetes see the [updating Kubernetes guide](https://git.k8s.io/minikube/docs/contributors/updating_kubernetes.md).
+-->
+## 其他链接
+
+* **目标和非目标**: 对于 Minikube 项目的目标和非目标, 请查看我们的 [路线图](https://git.k8s.io/minikube/docs/contributors/roadmap.md)。
+* **开发指南**: 查看 [CONTRIBUTING.md](https://git.k8s.io/minikube/CONTRIBUTING.md) 来了解如果发起 pull requests。
+* **编译 Minikube**: 有关如何从源代码构建/测试 Minikube 的说明，请查看 [编译指南](https://git.k8s.io/minikube/docs/contributors/build_guide.md)。
+* **添加新的依赖**: 有关如何向 Minikube 添加新依赖项的说明，查看 [添加依赖指南](https://git.k8s.io/minikube/docs/contributors/adding_a_dependency.md)。
+* **添加新的组件**: 有关如何为 Minikube 添加新插件的说明，查看 [添加插件指南](https://git.k8s.io/minikube/docs/contributors/adding_an_addon.md)。
+* **更新 Kubernetes**: 有关如何更新 Kubernetes 的说明，查看 [更新 Kubernetes 指南](https://git.k8s.io/minikube/docs/contributors/updating_kubernetes.md)。
+
+<!--
+## Community
+
+Contributions, questions, and comments are all welcomed and encouraged! Minikube developers hang out on [Slack](https://kubernetes.slack.com) in the #minikube channel (get an invitation [here](http://slack.kubernetes.io/)). We also have the [kubernetes-dev Google Groups mailing list](https://groups.google.com/forum/#!forum/kubernetes-dev). If you are posting to the list please prefix your subject with "minikube: ".
+-->
+## 社区
+
+我们欢迎和鼓励所有的贡献、问题和评论！Minikube 开发者在 [Slack]（https://kubernetes.slack.com）上 #minikube 频道闲逛（获得邀请[这里](http://slack.kubernetes.io/)）。我们还有[kubernetes-dev Google Groups邮件列表]（https://groups.google.com/forum/#!forum/kubernetes-dev）。如果您要发布到列表中，请在主题前加上"minikube："
+{{% /capture %}}
diff --git a/content/zh/docs/setup/multiple-zones.md b/content/zh/docs/setup/multiple-zones.md
index 5b01b9bf3b25e..27bd5289ce70d 100644
--- a/content/zh/docs/setup/multiple-zones.md
+++ b/content/zh/docs/setup/multiple-zones.md
@@ -8,58 +8,58 @@ title: 多区域运行
 
 ## 介绍
 
-Kubernetes 从v1.2开始支持将集群运行在多个故障域中。
-(GCE 中称其为 "区（Zones）"， AWS 中称其为 "可用区（Availability Zones）"，这里我们也称其为 "区")。
-它是广泛意义上的集群联邦特性的轻量级版本 (之前被称为 ["Ubernetes"](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/multicluster/federation.md))。
+Kubernetes 从 v1.2 开始支持将集群运行在多个故障域中。
+(GCE 中称其为 " 区（Zones）"， AWS 中称其为 " 可用区（Availability Zones）"，这里我们也称其为 " 区 ")。
+它是广泛意义上的集群联邦特性的轻量级版本 ( 之前被称为 ["Ubernetes"](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/multicluster/federation.md))。
 完整的集群联邦能够将多个分别运行在不同区或云供应商（或本地数据中心）的集群集中管理。
-然而，很多用户只是希望通过将单一云供应商上的Kubernetes集群运行在多个区域，来提高集群的可用性，
-这就是1.2版本中提供的对多区域的支持。
-(之前被称为 "Ubernetes Lite")。
+然而，很多用户只是希望通过将单一云供应商上的 Kubernetes 集群运行在多个区域，来提高集群的可用性，
+这就是 1.2 版本中提供的对多区域的支持。
+( 之前被称为 "Ubernetes Lite")。
 
-多区域的支持是有明确限制的： Kubernetes集群能够运行在多个区，但必须在同一个地域内 (云供应商也须一致)。
-目前只有GCE和AWS自动支持 (尽管在其他云甚至裸机上，也很容易通过为节点和卷添加合适的标签来实现类似的支持)。
+多区域的支持是有明确限制的： Kubernetes 集群能够运行在多个区，但必须在同一个地域内 ( 云供应商也须一致 )。
+目前只有 GCE 和 AWS 自动支持 ( 尽管在其他云甚至裸机上，也很容易通过为节点和卷添加合适的标签来实现类似的支持 )。
 
 
 {{< toc >}}
 
 ## 功能
 
-节点启动时，Kubelet自动为其添加区信息的标签。
+节点启动时，Kubelet 自动为其添加区信息的标签。
 
-在单一区域的集群中，Kubernetes 会自动将副本管理器或服务的pod分布到各节点上 (以减轻单实例故障的影响)。
+在单一区域的集群中，Kubernetes 会自动将副本管理器或服务的 pod 分布到各节点上 ( 以减轻单实例故障的影响 )。
 在多区域的集群中，这种分布的行为扩展到了区域级别
-(以减少区域故障对整体的影响)。  (通过 `SelectorSpreadPriority` 来实现)。
+( 以减少区域故障对整体的影响 )。  ( 通过 `SelectorSpreadPriority` 来实现 )。
 这种分发是尽力而为（best-effort）的，所以如果集群在各个区之间是异构的
-(比如，各区间的节点数量不同、节点类型不同、pod的资源需求不同等)可能导致pod无法完全均匀地分布。
-如果需要的话，用户可以使用同质的区(节点数量和节点类型相同)来减少区域之间分配不均匀的可能。
+( 比如，各区间的节点数量不同、节点类型不同、pod 的资源需求不同等 ) 可能导致 pod 无法完全均匀地分布。
+如果需要的话，用户可以使用同质的区 ( 节点数量和节点类型相同 ) 来减少区域之间分配不均匀的可能。
 
-当卷被创建时， `PersistentVolumeLabel`准入控制器会自动为其添加区域的标签。
-调度器 (通过 `VolumeZonePredicate` 断言) 会确申领该卷的pod被调度到该卷对应的区域，
+当卷被创建时， `PersistentVolumeLabel` 准入控制器会自动为其添加区域的标签。
+调度器 ( 通过 `VolumeZonePredicate` 断言 ) 会确申领该卷的 pod 被调度到该卷对应的区域，
 因为卷是不支持跨区挂载的。
 
 ## 限制
 
 对多区的支持有一些重要的限制：
 
-* 我们假设不同的区域间在网络上离得很近，所以我们不做任何的区域感知路由。 特别是，通过服务的网络访问可能跨区域 (即使该服务后端pod的其中一些运行在与客户端相同的区域中)，这可能导致额外的延迟和损耗。
+* 我们假设不同的区域间在网络上离得很近，所以我们不做任何的区域感知路由。 特别是，通过服务的网络访问可能跨区域 ( 即使该服务后端 pod 的其中一些运行在与客户端相同的区域中 )，这可能导致额外的延迟和损耗。
 
-* 卷的区域亲和性只对 `PersistentVolume`有效。 例如，如果你在pod的spec中直接指定一个EBS的卷，则不会生效。
+* 卷的区域亲和性只对 `PersistentVolume` 有效。 例如，如果你在 pod 的 spec 中直接指定一个 EBS 的卷，则不会生效。
 
-* 集群不支持跨云平台或地域 (这些功能需要完整的集群联邦特性支持)。
+* 集群不支持跨云平台或地域 ( 这些功能需要完整的集群联邦特性支持 )。
 
 * 尽管节点位于多区域，目前默认情况下 kube-up 创建的管理节点是单实例的。 所以尽管服务是高可用的，并且能够容忍跨区域的性能损耗，管理平面还是单区域的。 需要高可用的管理平面的用户可以按照 [高可用](/docs/admin/high-availability) 指导来操作。
 
-* 目前StatefulSet的卷动态创建时的跨区域分配，与pod的亲和性/反亲和性不兼容。
+* 目前 StatefulSet 的卷动态创建时的跨区域分配，与 pod 的亲和性 / 反亲和性不兼容。
 
-* StatefulSet的名称包含破折号 ("-")时，可能影响到卷在区域间的均匀分布。
+* StatefulSet 的名称包含破折号 ("-") 时，可能影响到卷在区域间的均匀分布。
 
-* 为deployment或pod指定多个PVC时，要求其StorageClass处于同一区域内，否则，相应的PV卷需要在一个区域中静态配置。 另一种方式是使用StatefulSet，这可以确保同一副本所挂载的卷位于同一区内。
+* 为 deployment 或 pod 指定多个 PVC 时，要求其 StorageClass 处于同一区域内，否则，相应的 PV 卷需要在一个区域中静态配置。 另一种方式是使用 StatefulSet，这可以确保同一副本所挂载的卷位于同一区内。
 
 
 ## 演练
 
 接下来我们将介绍如何同时在 GCE 和 AWS 上创建和使用多区域的集群。 为此，你需要创建一个完整的集群
-(指定 `MULTIZONE=true`)，然后再次执行 `kube-up`（指定 `KUBE_USE_EXISTING_MASTER=true`）来添加其他区域的节点。
+( 指定 `MULTIZONE=true`)，然后再次执行 `kube-up`（指定 `KUBE_USE_EXISTING_MASTER=true`）来添加其他区域的节点。
 
 ### 创建集群
 
@@ -99,7 +99,7 @@ kubernetes-minion-a12q   Ready                      6m    v1.6.0+fff5156   beta.
 
 ### 添加其它区中的节点
 
-接下来我们复用已有的管理节点，添加运行于其它区域 （us-central1-b或us-west-2b）中的节点。
+接下来我们复用已有的管理节点，添加运行于其它区域 （us-central1-b 或 us-west-2b）中的节点。
 再次执行 kube-up， 通过指定 `KUBE_USE_EXISTING_MASTER=true`，
 kube-up 不会创建新的管理节点，而是会复用之前创建的。
 
@@ -109,14 +109,14 @@ GCE:
 KUBE_USE_EXISTING_MASTER=true MULTIZONE=true KUBERNETES_PROVIDER=gce KUBE_GCE_ZONE=us-central1-b NUM_NODES=3 kubernetes/cluster/kube-up.sh
 ```
 
-在 AWS 中我们还需要为新增的子网指定网络CIDR，还有管理节点的内部IP地址。
+在 AWS 中我们还需要为新增的子网指定网络 CIDR，还有管理节点的内部 IP 地址。
 
 ```shell
 KUBE_USE_EXISTING_MASTER=true MULTIZONE=true KUBERNETES_PROVIDER=aws KUBE_AWS_ZONE=us-west-2b NUM_NODES=3 KUBE_SUBNET_CIDR=172.20.1.0/24 MASTER_INTERNAL_IP=172.20.0.9 kubernetes/cluster/kube-up.sh
 ```
 
 
-再次查看节点，3个新增的节点已经启动，并被标记为us-central1-b：
+再次查看节点，3 个新增的节点已经启动，并被标记为 us-central1-b：
 
 ```shell
 > kubectl get nodes --show-labels
@@ -133,7 +133,7 @@ kubernetes-minion-wf8i   Ready                      2m    v1.6.0+fff5156    beta
 
 ### 卷的亲和性
 
-使用动态创建卷的功能创建一个卷 (只有PV持久卷才支持区域亲和性)：
+使用动态创建卷的功能创建一个卷 ( 只有 PV 持久卷才支持区域亲和性 )：
 
 ```json
 kubectl create -f - <<EOF
@@ -160,11 +160,11 @@ kubectl create -f - <<EOF
 EOF
 ```
 
-**注意：** Kubernetes 1.3以上的版本中可以将PVC分发到多个已配置的区域中，在1.2版本中， 动态卷只能创建在管理节点所在的区域内(即这里的 us-central1-a / us-west-2a)；相关issue
+**注意：** Kubernetes 1.3 以上的版本中可以将 PVC 分发到多个已配置的区域中，在 1.2 版本中， 动态卷只能创建在管理节点所在的区域内 ( 即这里的 us-central1-a / us-west-2a)；相关 issue
 ([#23330](https://github.com/kubernetes/kubernetes/issues/23330))
-在1.3后续的版本中已解决。
+在 1.3 后续的版本中已解决。
 
-现在我们验证一下 Kubernetes 自动为创建的PV打上了所在地域和区域的标签。
+现在我们验证一下 Kubernetes 自动为创建的 PV 打上了所在地域和区域的标签。
 
 ```shell
 > kubectl get pv --show-labels
@@ -172,9 +172,9 @@ NAME           CAPACITY   ACCESSMODES   STATUS    CLAIM            REASON    AGE
 pv-gce-mj4gm   5Gi        RWO           Bound     default/claim1             46s       failure-domain.beta.kubernetes.io/region=us-central1,failure-domain.beta.kubernetes.io/zone=us-central1-a
 ```
 
-现在我们将创建使用这些PVC的pod。
-因为 GCE 的PD存储 / AWS 的EBS 卷 不支持跨区域挂载，
-这意味着相应的pod只能创建在卷所在的区域中。
+现在我们将创建使用这些 PVC 的 pod。
+因为 GCE 的 PD 存储 / AWS 的 EBS 卷 不支持跨区域挂载，
+这意味着相应的 pod 只能创建在卷所在的区域中。
 
 ```yaml
 kubectl create -f - <<EOF
@@ -196,7 +196,7 @@ spec:
 EOF
 ```
 
-注意pod被自动创建在了卷所在的区域中，因为云供应商通常不支持卷的跨区域挂载（attach）。
+注意 pod 被自动创建在了卷所在的区域中，因为云供应商通常不支持卷的跨区域挂载（attach）。
 
 ```shell
 > kubectl describe pod mypod | grep Node
@@ -206,9 +206,9 @@ NAME                     STATUS    AGE    VERSION          LABELS
 kubernetes-minion-9vlv   Ready     22m    v1.6.0+fff5156   beta.kubernetes.io/instance-type=n1-standard-2,failure-domain.beta.kubernetes.io/region=us-central1,failure-domain.beta.kubernetes.io/zone=us-central1-a,kubernetes.io/hostname=kubernetes-minion-9vlv
 ```
 
-### Pod的跨区域分布
+### Pod 的跨区域分布
 
-副本管理器或服务的pod被自动创建在了不同的区域。  首先，在第三个区域内启动节点：
+副本管理器或服务的 pod 被自动创建在了不同的区域。  首先，在第三个区域内启动节点：
 
 GCE:
 
@@ -222,19 +222,19 @@ AWS:
 KUBE_USE_EXISTING_MASTER=true MULTIZONE=true KUBERNETES_PROVIDER=aws KUBE_AWS_ZONE=us-west-2c NUM_NODES=3 KUBE_SUBNET_CIDR=172.20.2.0/24 MASTER_INTERNAL_IP=172.20.0.9 kubernetes/cluster/kube-up.sh
 ```
 
-验证你现在在3个区域内拥有节点:
+验证你现在在 3 个区域内拥有节点 :
 
 ```shell
 kubectl get nodes --show-labels
 ```
 
-创建 guestbook-go 示例应用， 它包含一个副本数为3的RC，运行一个简单的网络应用：
+创建 guestbook-go 示例应用， 它包含一个副本数为 3 的 RC，运行一个简单的网络应用：
 
 ```shell
 find kubernetes/examples/guestbook-go/ -name '*.json' | xargs -I {} kubectl create -f {}
 ```
 
-Pod应该分布在全部3个区域上：
+Pod 应该分布在全部 3 个区域上：
 
 ```shell
 >  kubectl describe pod -l app=guestbook | grep Node
@@ -268,7 +268,7 @@ LoadBalancer Ingress:   130.211.126.21
   "HOSTNAME": "guestbook-ppm40",
 ```
 
-负载平衡器正确指向了所有的pod，即使它们位于不同的区域内。
+负载均衡器正确指向了所有的 pod，即使它们位于不同的区域内。
 
 ### 停止集群
 
diff --git a/content/zh/docs/setup/node-conformance.md b/content/zh/docs/setup/node-conformance.md
index 1aa9be2412939..f959ce7ae9f42 100644
--- a/content/zh/docs/setup/node-conformance.md
+++ b/content/zh/docs/setup/node-conformance.md
@@ -1,84 +1,84 @@
----
-approvers:
-- Random-Liu
-title: 节点设置校验
----
-
-* TOC
-{{< toc >}}
-
-## 节点合规性测试
-
-*节点合规性测试* 是一个容器化的测试框架，提供了针对节点的系统验证和功能测试。 该测试主要检测节点是否满足 Kubernetes 的最低要求，通过检测的节点有资格加入 Kubernetes 集群。
-
-## 限制
-
-在 Kubernetes 1.5版本中，节点合规性测试存在以下限制：
-
-* 节点合规性测试只支持 Docker 作为容器运行时环境。
-
-## 节点的前提条件
-
-为运行节点合规性测试，节点必须满足与标准的 Kubernetes 节点同样的前提条件。最基本地， 节点应安装以下组件：
-
-* 容器运行时 (Docker)
-* Kubelet
-
-## 运行节点合规性测试
-
-执行以下步骤来运行节点合规性测试：
-
-1. 因为测试框架会启动一个本地的 master 来测试 Kubelet，
-所以将 Kubelet 指向本机 `--api-servers="http://localhost:8080"。 还有一些其他 Kubelet 参数可能需要注意：
-  * `--pod-cidr`： 如果使用 `kubenet`， 需要为 Kubelet 任意指定一个 CIDR， 例如 `--pod-cidr=10.180.0.0/24`。
-  * `--cloud-provider`： 如果使用 `--cloud-provider=gce`，需要移除这个参数来运行测试。
-
-2. 执行以下命令来运行节点合规性测试：
-
-```shell
-# $CONFIG_DIR 是 Kubelet 的 manifest 文件路径。
-# $LOG_DIR 是测试结果输出的路径。
-sudo docker run -it --rm --privileged --net=host \
-  -v /:/rootfs -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
-  k8s.gcr.io/node-test:0.2
-```
-
-## 针对其他硬件体系结构运行节点合规性测试
-
-Kubernetes 也为其他硬件体系结构的系统提供了节点合规性测试的 Docker 镜像：
-
-  Arch  |       Image       |
---------|:-----------------:|
- amd64  |  node-test-amd64  |
-  arm   |    node-test-arm  |
- arm64  |  node-test-arm64  |
-
-## 运行选定的测试
-
-为运行指定的测试，用正则表达式来描述将要运行的测试，并重载 `FOCUS` 环境变量。
-
-```shell
-sudo docker run -it --rm --privileged --net=host \
-  -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
-  -e FOCUS=MirrorPod \ # 只运行MirrorPod测试
-  k8s.gcr.io/node-test:0.2
-```
-
-为跳过指定的测试，用正则表达式来描述将要跳过的测试，并重载 `SKIP` 环境变量。
-
-```shell
-sudo docker run -it --rm --privileged --net=host \
-  -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
-  -e SKIP=MirrorPod \ # 运行除MirrorPod外的所有测试
-  k8s.gcr.io/node-test:0.2
-```
-
-节点合规性测试是[节点端到端测试](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/devel/e2e-node-tests.md)的一个容器化的版本。
-默认情况下， 它会运行所有的合规性测试用例。
-
-理论上，只要合理地配置容器和挂载所需的卷，就可以运行任何的节点端到端测试用例。 但是这里 **强烈建议只运行合规性测试**，因为运行非合规性测试需要很多复杂的配置。
-
-## 注意事项
-
-* 测试会在节点上遗留一些Docker镜像， 包括节点合规性测试本身的镜像，和功能测试相关的镜像。
-* 测试会在节点上遗留一些死的容器。这些容器是在功能测试的过程中创建的。
+---
+approvers:
+- Random-Liu
+title: 节点设置校验
+---
+
+* TOC
+{{< toc >}}
+
+## 节点合规性测试
+
+*节点合规性测试* 是一个容器化的测试框架，提供了针对节点的系统验证和功能测试。 该测试主要检测节点是否满足 Kubernetes 的最低要求，通过检测的节点有资格加入 Kubernetes 集群。
+
+## 限制
+
+在 Kubernetes 1.5 版本中，节点合规性测试存在以下限制：
+
+* 节点合规性测试只支持 Docker 作为容器运行时环境。
+
+## 节点的前提条件
+
+为运行节点合规性测试，节点必须满足与标准的 Kubernetes 节点同样的前提条件。最基本地， 节点应安装以下组件：
+
+* 容器运行时 (Docker)
+* Kubelet
+
+## 运行节点合规性测试
+
+执行以下步骤来运行节点合规性测试：
+
+1. 因为测试框架会启动一个本地的 master 来测试 Kubelet，
+所以将 Kubelet 指向本机 `--api-servers="http://localhost:8080"。 还有一些其他 Kubelet 参数可能需要注意：
+  * `--pod-cidr`： 如果使用 `kubenet`， 需要为 Kubelet 任意指定一个 CIDR， 例如 `--pod-cidr=10.180.0.0/24`。
+  * `--cloud-provider`： 如果使用 `--cloud-provider=gce`，需要移除这个参数来运行测试。
+
+2. 执行以下命令来运行节点合规性测试：
+
+```shell
+# $CONFIG_DIR 是 Kubelet 的 manifest 文件路径。
+# $LOG_DIR 是测试结果输出的路径。
+sudo docker run -it --rm --privileged --net=host \
+  -v /:/rootfs -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
+  k8s.gcr.io/node-test:0.2
+```
+
+## 针对其他硬件体系结构运行节点合规性测试
+
+Kubernetes 也为其他硬件体系结构的系统提供了节点合规性测试的 Docker 镜像：
+
+  Arch  |       Image       |
+--------|:-----------------:|
+ amd64  |  node-test-amd64  |
+  arm   |    node-test-arm  |
+ arm64  |  node-test-arm64  |
+
+## 运行选定的测试
+
+为运行指定的测试，用正则表达式来描述将要运行的测试，并重载 `FOCUS` 环境变量。
+
+```shell
+sudo docker run -it --rm --privileged --net=host \
+  -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
+  -e FOCUS=MirrorPod \ # 只运行 MirrorPod 测试
+  k8s.gcr.io/node-test:0.2
+```
+
+为跳过指定的测试，用正则表达式来描述将要跳过的测试，并重载 `SKIP` 环境变量。
+
+```shell
+sudo docker run -it --rm --privileged --net=host \
+  -v /:/rootfs:ro -v $CONFIG_DIR:$CONFIG_DIR -v $LOG_DIR:/var/result \
+  -e SKIP=MirrorPod \ # 运行除 MirrorPod 外的所有测试
+  k8s.gcr.io/node-test:0.2
+```
+
+节点合规性测试是[节点端到端测试](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/devel/e2e-node-tests.md)的一个容器化的版本。
+默认情况下， 它会运行所有的合规性测试用例。
+
+理论上，只要合理地配置容器和挂载所需的卷，就可以运行任何的节点端到端测试用例。 但是这里 **强烈建议只运行合规性测试**，因为运行非合规性测试需要很多复杂的配置。
+
+## 注意事项
+
+* 测试会在节点上遗留一些 Docker 镜像， 包括节点合规性测试本身的镜像和功能测试相关的镜像。
+* 测试会在节点上遗留一些死的容器。这些容器是在功能测试的过程中创建的。
diff --git a/content/zh/docs/setup/on-premises-metal/krib.md b/content/zh/docs/setup/on-premises-metal/krib.md
new file mode 100644
index 0000000000000..3ba60c2f755e4
--- /dev/null
+++ b/content/zh/docs/setup/on-premises-metal/krib.md
@@ -0,0 +1,205 @@
+<!--
+title: Installing Kubernetes with Digital Rebar Provision (DRP) via KRIB
+krib-version: 2.4
+author: Rob Hirschfeld (zehicle)
+-->
+---
+title: 通过 KRIB 安装带有 Digital Rebar Provision（DRP）的 Kubernetes
+krib-version: 2.4
+author: Rob Hirschfeld (zehicle)
+---
+
+<!--
+## Overview
+-->
+## 概览
+
+<!--
+This guide helps to install a Kubernetes cluster hosted on bare metal with [Digital Rebar Provision](https://github.com/digitalrebar/provision) using only its Content packages and *kubeadm*. 
+-->
+本指南帮助使用 [Digital Rebar Provision](https://github.com/digitalrebar/provision) 安装在裸机上托管的 Kubernetes 集群，且仅使用其内容包和 *kubeadm* 。
+
+<!--
+Digital Rebar Provision (DRP) is an integrated Golang DHCP, bare metal provisioning (PXE/iPXE) and workflow automation platform. While [DRP can be used to invoke](https://provision.readthedocs.io/en/tip/doc/integrations/ansible.html) [kubespray](../kubespray), it also offers a self-contained Kubernetes installation known as [KRIB (Kubernetes Rebar Integrated Bootstrap)](https://github.com/digitalrebar/provision-content/tree/master/krib).
+-->
+Digital Rebar Provision（DRP）是一个集成的 Golang DHCP、裸机配置（PXE/iPXE）和工作流自动化平台。 虽然 [DRP 可用于调用](https://provision.readthedocs.io/en/tip/doc/integrations/ansible.html) [kubespray](../kubespray)，但它还提供了一个独立的 Kubernetes 安装，称为 [KRIB（Kubernetes Rebar Integrated Bootstrap）](https://github.com/digitalrebar/provision-content/tree/master/krib)。
+
+{{< note >}}
+<!--
+KRIB is not a _stand-alone_ installer: Digital Rebar templates drive a standard *[kubeadm](/docs/admin/kubeadm/)* configuration that manages the Kubernetes installation with the [Digital Rebar cluster pattern](https://provision.readthedocs.io/en/tip/doc/arch/cluster.html#rs-cluster-pattern) to elect leaders _without external supervision_.
+-->
+KRIB 不是一个 _独立的_ 安装程序：Digital Rebar 模板驱动一个标准的 *[kubeadm](/docs/admin/kubeadm/)* 配置，使用 [Digital Rebar 集群模式](https://provision.readthedocs.io/en/tip/doc/arch/cluster.html#rs-cluster-pattern) 管理 Kubernetes 安装，_在没有外部监督的情况下_ 选举领导者。
+{{< /note >}}
+
+<!--
+KRIB features:
+
+* zero-touch, self-configuring cluster without pre-configuration or inventory
+* very fast, no-ssh required automation
+* bare metal, on-premises focused platform
+* highly available cluster options (including splitting etcd from the controllers)
+* dynamic generation of a TLS infrastructure
+* composable attributes and automatic detection of hardware by profile
+* options for persistent, immutable and image-based deployments
+* support for Ubuntu 18.04, CentOS/RHEL 7 and others
+-->
+KRIB特点：
+
+* 零接触，无需预配置或组件目录的自配置集群
+* 非常快，无需 ssh 的自动化
+* 关注裸机和本地部署的平台
+* 高度可用的集群选项（包括将 etcd 从控制节点分离）
+* 动态生成 TLS 基础架构
+* 可组合属性和按配置文件自动检测硬件
+* 支持基于持久存储、不可变存储和映像的部署
+* 支持 Ubuntu 18.04、CentOS/RHEL 7 等
+
+<!--
+## Creating a cluster
+-->
+## 创建集群
+
+<!--
+Review [Digital Rebar documentation](https://https://provision.readthedocs.io/en/tip/README.html) for details about installing the platform.
+-->
+有关安装该平台的详细信息，请查看 [Digital Rebar 文档](https://https://provision.readthedocs.io/en/tip/README.html)。
+
+<!--
+The Digital Rebar Provision Golang binary should be installed on a Linux-like system with 16 GB of RAM or larger (Packet.net Tiny and Rasberry Pi are also acceptable).
+-->
+Digital Rebar Provision Golang 二进制文件应该安装在类似 Linux 的系统上，内存为 16 GB 或更大（Packet.net Tiny 和 Rasberry Pi 也可以接受）。
+
+<!--
+### (1/5) Discover servers
+-->
+### (1/5) 发现服务器
+
+<!--
+Following the [Digital Rebar installation](https://provision.readthedocs.io/en/tip/doc/quickstart.html), allow one or more servers to boot through the _Sledgehammer_ discovery process to register with the API. This will automatically install the Digital Rebar runner and to allow for next steps.
+-->
+按 [Digital Rebar 安装](https://provision.readthedocs.io/en/tip/doc/quickstart.html) 文档所给的步骤执行安装，允许一个或多个服务器通过 _Sledgehammer_ 发现过程引导以向 API 注册。 这将自动安装 Digital Rebar runner 并允许后续步骤。
+
+<!--
+### (2/5) Install KRIB Content and Certificate Plugin
+-->
+### (2/5) 安装 KRIB 内容和证书插件
+
+<!--
+Upload the KRIB Content bundle (or build from [source](https://github.com/digitalrebar/provision-content/tree/master/krib)) and the Cert Plugin for your DRP platform (e.g.: [amd64 Linux v2.4.0](https://s3-us-west-2.amazonaws.com/rebar-catalog/certs/v2.4.0-0-02301d35f9f664d6c81d904c92a9c81d3fd41d2c/amd64/linux/certs)). Both are freely available via the [RackN UX](https://portal.rackn.io).
+-->
+上传与您的 DRP 平台匹配的 KRIB 软件包（或从[源代码](https://github.com/digitalrebar/provision-content/tree/master/krib)构建）和 Cert 插件（例如：[amd64 Linux v2.4.0](https://s3-us-west-2.amazonaws.com/rebar-catalog/certs/v2.4.0-0-02301d35f9f664d6c81d904c92a9c81d3fd41d2c/amd64/linux/certs)）。两者都可以通过 [RackN UX](https://portal.rackn.io) 免费获得。
+
+<!--
+### (3/5) Start your cluster deployment
+-->
+### (3/5) 启动集群部署
+
+<!--
+KRIB documentation is dynamically generated from the source and will be more up to date than this guide.
+-->
+{{< note >}}
+KRIB 文档是从源代码动态生成的，并且将比本指南更新。
+{{< /note >}}
+
+<!--
+Following the [KRIB documentation](https://provision.readthedocs.io/en/tip/doc/content-packages/krib.html), create a Profile for your cluster and assign your target servers into the cluster Profile. The Profile must set `krib\cluster-name` and `etcd\cluster-name` Params to be the name of the Profile. Cluster configuration choices can be made by adding additional Params to the Profile; however, safe defaults are provided for all Params.
+-->
+遵循 [KRIB 文档](https://provision.readthedocs.io/en/tip/doc/content-packages/krib.html)，为您的集群创建配置文件，并将目标服务器分配到集群配置文件中。 配置文件必须将 `krib\cluster-name` 和 `etcd\cluster-name` 参数（Params）设置为配置文件的名称。 可以通过向配置文件添加其他参数来进行集群配置选择; 不过所有参数都有安全的默认值。
+
+<!--
+Once all target servers are assigned to the cluster Profile, start a KRIB installation Workflow by assigning one of the included Workflows to all cluster servers. For example, selecting `krib-live-cluster` will perform an immutable deployment into the Sledgehammer discovery operating system. You may use one of the pre-created read-only Workflows or choose to build your own custom variation.
+-->
+将所有目标服务器分配给集群配置文件后，通过将所包含的工作流程之一分配给所有集群服务器来启动 KRIB 安装工作流程。 例如，选择 `krib-live-cluster` 将在 Sledgehammer 所发现的操作系统中执行不可变的部署。您可以使用其中一个预先创建的只读工作流，也可以选择构建自己的自定义变体。
+
+<!--
+For basic installs, no further action is required. Advanced users may choose to assign the controllers, etcd servers or other configuration values in the relevant Params.
+-->
+对于一般安装，无需进一步操作。高级用户可以选择在相关参数中设定控制器、etcd 服务器或其他配置值。
+
+<!--
+### (4/5) Monitor your cluster deployment
+-->
+### (4/5) 监控集群部署
+
+<!--
+Digital Rebar Provision provides detailed logging and live updates during the installation process. Workflow events are available via a websocket connection or monitoring the Jobs list.
+
+During the installation, KRIB writes cluster configuration data back into the cluster Profile.
+-->
+Digital Rebar Provision 在安装过程中提供详细的日志记录和实时更新。通过 websocket 连接或监视作业列表可以获得工作流事件。
+
+在安装过程中，KRIB 将集群配置数据写回集群配置文件。
+
+<!--
+### (5/5) Access your cluster
+-->
+### (5/5) 访问您的集群
+
+<!--
+The cluster is available for access via *kubectl* once the `krib/cluster-admin-conf` Param has been set. This Param contains the `kubeconfig` information necessary to access the cluster. 
+
+For example, if you named the cluster Profile `krib` then the following commands would allow you to connect to the installed cluster from your local terminal.
+-->
+一旦设置了 `krib/cluster-admin-conf` 参数，就可以通过 *kubectl* 访问集群。 该参数包含访问集群所需的 `kubeconfig` 信息。
+
+例如，如果您将集群配置文件命名为 `krib`，则以下命令将允许您从本地终端连接到已安装的集群。
+
+  ::
+
+    drpcli profiles get krib params krib/cluster-admin-conf > admin.conf
+    export KUBECONFIG=admin.conf
+    kubectl get nodes
+
+<!--
+The installation continues after the `krib/cluster-admin-conf` is set to install the Kubernetes UI and Helm. You may interact with the cluster as soon as the `admin.conf` file is available.
+-->
+在 `krib/cluster-admin-conf` 设置为安装 Kubernetes UI 和 Helm 后，安装继续。只要 `admin.conf` 文件可用，您就可以与集群进行交互。
+
+<!--
+## Cluster operations
+-->
+## 集群操作
+
+<!--
+KRIB provides additional Workflows to manage your cluster. Please see the [KRIB documentation](https://provision.readthedocs.io/en/tip/doc/content-packages/krib.html) for an updated list of advanced cluster operations.
+-->
+KRIB 提供额外的工作流来管理您的集群。有关高级集群操作的更新列表，请参阅 [KRIB 文档](https://provision.readthedocs.io/en/tip/doc/content-packages/krib.html)。
+
+<!--
+### Scale your cluster
+-->
+### 扩展您的集群
+
+<!--
+You can add servers into your cluster by adding the cluster Profile to the server and running the appropriate Workflow.
+-->
+您可以通过将集群配置文件添加到服务器并运行相应的工作流来将服务器添加到集群中。
+
+<!--
+### Cleanup your cluster (for developers)
+-->
+### 清理集群（面向开发人员）
+
+<!--
+You can reset your cluster and wipe out all configuration and TLS certificates using the `krib-reset-cluster` Workflow on any of the servers in the cluster.
+-->
+您可以使用集群中任何服务器上的 `krib-reset-cluster` 工作流重置您的集群并清除所有配置和 TLS 证书。
+
+<!--
+When running the reset Workflow, be sure not to accidentally target your production cluster!
+-->
+{{< caution >}}
+运行重置工作流程时，请小心不要指向生产集群！
+{{< /caution >}}
+
+<!--
+## Feedback
+-->
+## 反馈
+
+<!--
+* Slack Channel: [#community](https://rackn.slack.com/messages/community/)
+* [GitHub Issues](https://github.com/digital/provision/issues)
+-->
+* Slack Channel：[#community](https://rackn.slack.com/messages/community/)
+* [GitHub 问题](https://github.com/digital/provision/issues)
diff --git a/content/zh/docs/setup/on-premises-vm/_index.md b/content/zh/docs/setup/on-premises-vm/_index.md
new file mode 100644
index 0000000000000..9663db39ecab2
--- /dev/null
+++ b/content/zh/docs/setup/on-premises-vm/_index.md
@@ -0,0 +1,11 @@
+---
+title: 本地部署的虚拟机（On-Premises VMs）
+weight: 60
+---
+
+<!--
+---
+title: On-Premises VMs
+weight: 60
+---
+-->
diff --git a/content/zh/docs/setup/on-premises-vm/cloudstack.md b/content/zh/docs/setup/on-premises-vm/cloudstack.md
new file mode 100644
index 0000000000000..a6ef64fef3529
--- /dev/null
+++ b/content/zh/docs/setup/on-premises-vm/cloudstack.md
@@ -0,0 +1,213 @@
+---
+reviewers:
+- thockin
+title: Cloudstack
+content_template: templates/concept
+---
+
+<!--
+---
+reviewers:
+- thockin
+title: Cloudstack
+content_template: templates/concept
+---
+-->
+
+
+{{% capture overview %}}
+
+<!--
+[CloudStack](https://cloudstack.apache.org/) is a software to build public and private clouds based on hardware virtualization principles (traditional IaaS). 
+To deploy Kubernetes on CloudStack there are several possibilities depending on the Cloud being used and what images are made available. 
+CloudStack also has a vagrant plugin available, hence Vagrant could be used to deploy Kubernetes either using the existing shell provisioner or using new Salt based recipes.
+-->
+
+[CloudStack](https://cloudstack.apache.org/) 是一种基于硬件虚拟化原则(传统 IaaS 概念)用来构建公有云和私有云的软件。要在 CloudStack 上部署 Kubernetes，
+有几种可能性取决于正在使用的云以及可用的镜像。CloudStack 还提供了一个 vagrant 插件，因此 vagrant 可以使用现有的 shell 创建程序，或新的基于 Salt 的方法来部署 Kubernetes。
+
+<!--
+[CoreOS](http://coreos.com) templates for CloudStack are built [nightly](http://stable.release.core-os.net/amd64-usr/current/). 
+CloudStack operators need to [register](http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/templates.html) this template in their cloud before proceeding with these Kubernetes deployment instructions.
+-->
+CloudStack 的 [CoreOS](http://coreos.com) 模板会[每夜](http://stable.release.core-os.net/amd64-usr/current/)构建。
+CloudStack operators 需要在他们的云中 [注册](http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/templates.html)这个模板，然后才能继续执行 Kubernetes 部署的命令。
+
+<!--
+This guide uses a single [Ansible playbook](https://github.com/apachecloudstack/k8s), which is completely automated and can deploy Kubernetes on a CloudStack based Cloud using CoreOS images. The playbook, creates an ssh key pair, creates a security group and associated rules and finally starts coreOS instances configured via cloud-init.
+-->
+
+本指南只用到一个 [Ansible playbook](https://github.com/apachecloudstack/k8s)，完全自动化，可以使用 CoreOS 镜像在基于 CloudStack 的云上部署 Kubernetes。playbook 会创建 ssh 密钥对、创建安全组和相关规则，最后启动通过 cloud-init 配置的 CoreOS 实例。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Prerequisites
+-->
+
+## 先决条件
+
+```shell
+sudo apt-get install -y python-pip libssl-dev
+sudo pip install cs
+sudo pip install sshpubkeys
+sudo apt-get install software-properties-common
+sudo apt-add-repository ppa:ansible/ansible
+sudo apt-get update
+sudo apt-get install ansible
+```
+    
+<!--    
+On CloudStack server you also have to install libselinux-python :
+-->
+在 CloudStack 服务器上，您还必须安装 libselinux-python：
+
+```shell
+yum install libselinux-python
+```
+
+<!--
+[_cs_](https://github.com/exoscale/cs) is a python module for the CloudStack API.
+-->
+[_cs_](https://github.com/exoscale/cs) 是 CloudStack API 的 python 模块。
+
+<!--
+Set your CloudStack endpoint, API keys and HTTP method used.
+-->
+设置所使用的 CloudStack 端点、API 键和 HTTP 方法。
+
+<!--
+You can define them as environment variables: `CLOUDSTACK_ENDPOINT`, `CLOUDSTACK_KEY`, `CLOUDSTACK_SECRET` and `CLOUDSTACK_METHOD`.
+-->
+你可以将它们定义为环境变量：`CLOUDSTACK_ENDPOINT`、`CLOUDSTACK_KEY`、`CLOUDSTACK_SECRET` 和 `CLOUDSTACK_METHOD`。
+
+<!--
+Or create a `~/.cloudstack.ini` file:
+-->
+或者创建一个 `~/.cloudstack.ini` 文件：
+
+```none
+[cloudstack]
+endpoint = <your cloudstack api endpoint>
+key = <your api access key>
+secret = <your api secret key>
+method = post
+```
+
+<!--
+We need to use the http POST method to pass the _large_ userdata to the coreOS instances.
+-->
+我们需要使用 http POST 方法将 _large_ userdata 传递给 coreOS 实例。
+
+<!--
+### Clone the playbook
+-->
+
+### 复制 playbook
+
+```shell
+git clone https://github.com/apachecloudstack/k8s
+cd kubernetes-cloudstack
+```
+
+<!--
+### Create a Kubernetes cluster
+-->
+
+### 创建一个 Kubernetes 集群
+
+<!--
+You simply need to run the playbook.
+-->
+你只需要运行 playbook 即可。
+
+```shell
+ansible-playbook k8s.yml
+```
+
+<!--
+Some variables can be edited in the `k8s.yml` file.
+-->
+可以在 `k8s.yml` 文件中编辑某些变量。
+
+```none
+vars:
+  ssh_key: k8s
+  k8s_num_nodes: 2
+  k8s_security_group_name: k8s
+  k8s_node_prefix: k8s2
+  k8s_template: <templatename>
+  k8s_instance_type: <serviceofferingname>
+```
+
+<!--
+This will start a Kubernetes master node and a number of compute nodes (by default 2).
+The `instance_type` and `template` are specific, edit them to specify your CloudStack cloud specific template and instance type (i.e. service offering).
+-->
+这将启动一个 Kubernetes 主节点和一些计算节点(默认情况下为 2)。
+`instance_type` 和`模板`是特定的，编辑它们可以指定特定于 CloudStack 云的模板和实例类型(即服务提供)。
+
+<!--
+Check the tasks and templates in `roles/k8s` if you want to modify anything.
+-->
+如果您想修改任何内容，请检查 `roles/k8s` 中的任务和模板。
+
+<!--
+Once the playbook as finished, it will print out the IP of the Kubernetes master:
+-->
+一旦副本完成，它将打印出 Kubernetes 主节点的IP:
+
+```none
+TASK: [k8s | debug msg='k8s master IP is {{ k8s_master.default_ip }}'] ********
+```
+
+<!--
+SSH to it using the key that was created and using the _core_ user.
+-->
+使用创建的密钥和 _core_ 用户 SSH 到它。
+
+```shell
+ssh -i ~/.ssh/id_rsa_k8s core@<master IP>
+```
+
+<!--
+And you can list the machines in your cluster:
+-->
+您可以列出群集中的计算机：
+
+```shell
+fleetctl list-machines
+```
+
+```none
+MACHINE        IP             METADATA
+a017c422...    <node #1 IP>   role=node
+ad13bf84...    <master IP>    role=master
+e9af8293...    <node #2 IP>   role=node
+```
+
+<!--
+## Support Level
+-->
+
+## 支持级别
+
+<!--
+IaaS Provider        | Config. Mgmt | OS     | Networking  | Docs                                              | Conforms | Support Level
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+CloudStack           | Ansible      | CoreOS | flannel     | [docs](/docs/setup/on-premises-vm/cloudstack/)                             |          | Community ([@Guiques](https://github.com/ltupin/))
+-->
+
+IaaS 供应商        | 配置管理 | 操作系统     | 网络  | 文档                                              | 合规 | 支持级别
+-------------------- | ------------ | ------ | ----------  | ---------------------------------------------     | ---------| ----------------------------
+CloudStack           | Ansible      | CoreOS | flannel     | [文档](/docs/setup/on-premises-vm/cloudstack/)                             |          | 社区 ([@Guiques](https://github.com/ltupin/))
+
+
+<!--
+For support level information on all solutions, see the [Table of solutions](/docs/setup/pick-right-solution/#table-of-solutions) chart.
+-->
+有关所有解决方案的支持级别信息，请查看[解决方案](/docs/setup/pick-right-solution/# Table -of-solutions)图表。
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/on-premises-vm/dcos.md b/content/zh/docs/setup/on-premises-vm/dcos.md
new file mode 100644
index 0000000000000..19beb1f7a518d
--- /dev/null
+++ b/content/zh/docs/setup/on-premises-vm/dcos.md
@@ -0,0 +1,48 @@
+---
+title: 在 DC/OS 上运行 Kubernetes
+content_template: templates/concept
+---
+
+<!--
+---
+reviewers:
+- smugcloud
+title: Kubernetes on DC/OS
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Mesosphere provides an easy option to provision Kubernetes onto [DC/OS](https://mesosphere.com/product/), offering:
+-->
+Mesosphere 提供了一个将 Kubernetes 加入 [DC/OS](https://mesosphere.com/product/) 的简易选项，提供：
+
+<!--
+* Pure upstream Kubernetes
+* Single-click cluster provisioning
+* Highly available and secure by default
+* Kubernetes running alongside fast-data platforms (e.g. Akka, Cassandra, Kafka, Spark)
+-->
+
+* 纯粹的上游 Kubernetes
+* 一键集群供应
+* 默认的高可用和安全保障
+* Kubernetes 与快速数据处理平台一起运行（例如 Akka、Cassandra、Kafka、Spark）
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Official Mesosphere Guide
+-->
+## Mesosphere 官方指南
+
+<!--
+The canonical source of getting started on DC/OS is located in the [quickstart repo](https://github.com/mesosphere/dcos-kubernetes-quickstart).
+-->
+开始使用 DC/OS 的权威指南位于 [quickstart repo](https://github.com/mesosphere/dcos-kubernetes-quickstart)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md b/content/zh/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
new file mode 100644
index 0000000000000..caea1de34d0e0
--- /dev/null
+++ b/content/zh/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
@@ -0,0 +1,136 @@
+---
+title: 使用 kubeadm 定制控制平面配置
+content_template: templates/concept
+weight: 40
+---
+
+<!--
+---
+reviewers:
+- sig-cluster-lifecycle
+title: Customizing control plane configuration with kubeadm
+content_template: templates/concept
+weight: 40
+---
+-->
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="1.12" state="stable" >}}
+
+<!--
+The kubeadm `ClusterConfiguration` object exposes the field `extraArgs` that can override the default flags passed to control plane
+components such as the APIServer, ControllerManager and Scheduler. The components are defined using the following fields:
+-->
+kubeadm `ClusterConfiguration` 对象公开了 `extraArgs` 字段，它可以覆盖传递给控制平面组件（如 APIServer、ControllerManager 和 Scheduler）的默认参数。 各组件配置使用如下字段定义：
+
+- `apiServer`
+- `controllerManager`
+- `scheduler`
+
+<!--
+The `extraArgs` field consist of `key: value` pairs. To override a flag for a control plane component:
+-->
+`extraArgs` 字段由 `key: value` 对组成。
+要覆盖控制平面组件的参数:
+
+<!--
+1.  Add the appropriate field to your configuration.
+2.  Add the flags to override to the field.
+-->
+1.  将适当的字段添加到配置中。
+2.  向字段添加要覆盖的参数值。
+
+<!--
+For more details on each field in the configuration you can navigate to our
+[API reference pages](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#ClusterConfiguration).
+-->
+有关配置中的每个字段的详细信息，您可以导航到我们的 [API 参考页面](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#ClusterConfiguration)。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## APIServer flags
+-->
+## APIServer 参数
+
+<!--
+For details, see the [reference documentation for kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/).
+-->
+有关详细信息，请参阅 [kube-apiserver 参考文档](/docs/reference/command-line-tools-reference/kube-apiserver/)。
+
+<!--
+Example usage:
+-->
+使用示例：
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
+kubernetesVersion: v1.13.0
+metadata:
+  name: 1.13-sample
+apiServer:
+  extraArgs:
+    advertise-address: 192.168.0.103
+    anonymous-auth: false
+    enable-admission-plugins: AlwaysPullImages,DefaultStorageClass
+    audit-log-path: /home/johndoe/audit.log
+```
+
+<!--
+## ControllerManager flags
+-->
+## ControllerManager 参数
+
+<!--
+For details, see the [reference documentation for kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/).
+-->
+有关详细信息，请参阅 [kube-controller-manager 参考文档](/docs/reference/command-line-tools-reference/kube-controller-manager/)。
+
+<!--
+Example usage:
+-->
+使用示例：
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
+kubernetesVersion: v1.13.0
+metadata:
+  name: 1.13-sample
+controllerManager:
+  extraArgs:
+    cluster-signing-key-file: /home/johndoe/keys/ca.key
+    bind-address: 0.0.0.0
+    deployment-controller-sync-period: 50
+```
+
+<!--
+## Scheduler flags
+-->
+## Scheduler 参数
+
+<!--
+For details, see the [reference documentation for kube-scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/).
+-->
+有关详细信息，请参阅 [kube-scheduler 参考文档](/docs/reference/command-line-tools-reference/kube-scheduler/)。
+
+<!--
+Example usage:
+-->
+使用示例：
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
+kubernetesVersion: v1.13.0
+metadata:
+  name: 1.13-sample
+scheduler:
+  extraArgs:
+    address: 0.0.0.0
+    config: /home/johndoe/schedconfig.yaml
+    kubeconfig: /home/johndoe/kubeconfig.yaml
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/production-environment/tools/kubeadm/ha-topology.md b/content/zh/docs/setup/production-environment/tools/kubeadm/ha-topology.md
new file mode 100644
index 0000000000000..1e97eb65a0e2a
--- /dev/null
+++ b/content/zh/docs/setup/production-environment/tools/kubeadm/ha-topology.md
@@ -0,0 +1,137 @@
+---
+reviewers:
+- sig-cluster-lifecycle
+title: 高可用拓扑选项
+content_template: templates/concept
+weight: 50
+---
+<!--
+---
+reviewers:
+- sig-cluster-lifecycle
+title: Options for Highly Available topology
+content_template: templates/concept
+weight: 50
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page explains the two options for configuring the topology of your highly available (HA) Kubernetes clusters.
+-->
+本页面介绍了配置高可用（HA） Kubernetes 集群拓扑的两个选项。
+
+<!--
+You can set up an HA cluster:
+-->
+您可以设置 HA 集群：
+
+<!--
+- With stacked control plane nodes, where etcd nodes are colocated with control plane nodes- With external etcd nodes, where etcd runs on separate nodes from the control plane
+-->
+ - 使用堆叠（stacked）控制平面节点，其中 etcd 节点与控制平面节点共存 
+ - 使用外部 etcd 节点，其中 etcd 在与控制平面不同的节点上运行
+
+<!--
+You should carefully consider the advantages and disadvantages of each topology before setting up an HA cluster.
+-->
+在设置 HA 集群之前，您应该仔细考虑每种拓扑的优缺点。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+## Stacked etcd topology
+-->
+## 堆叠（Stacked） etcd 拓扑
+
+<!--
+A stacked HA cluster is a [topology](https://en.wikipedia.org/wiki/Network_topology) where the distributeddata storage cluster provided by etcd is stacked on top of the cluster formed by the nodes managed by kubeadm that run control plane components.
+-->
+堆叠（Stacked） HA 集群是一种这样的[拓扑](https://en.wikipedia.org/wiki/Network_topology)，其中 etcd 分布式数据存储集群堆叠在 kubeadm 管理的控制平面节点上，作为控制平面的一个组件运行。
+
+<!--
+Each control plane node runs an instance of the `kube-apiserver`, `kube-scheduler`, and `kube-controller-manager`.
+-->
+每个控制平面节点运行 `kube-apiserver`，`kube-scheduler` 和 `kube-controller-manager` 实例。
+<!--
+The `kube-apiserver` is exposed to worker nodes using a load balancer.
+-->
+`kube-apiserver` 使用负载均衡器暴露给工作节点。
+
+<!--
+Each control plane node creates a local etcd member and this etcd member communicate only withthe `kube-apiserver` of this node. The same applies to the local `kube-controller-manager`and `kube-scheduler` instances.
+-->
+每个控制平面节点创建一个本地 etcd 成员（member），这个 etcd 成员只与该节点的 `kube-apiserver` 通信。这同样适用于本地 `kube-controller-manager` 和 `kube-scheduler` 实例。
+
+<!--
+This topology couples the control planes and etcd members on the same nodes. It is simpler to set up than a cluster with external etcd nodes, and simpler to manage for replication.
+-->
+这种拓扑将控制平面和 etcd 成员耦合在同一节点上。相对使用外部 etcd 集群，设置起来更简单，而且更易于副本管理。
+
+<!--
+However, a stacked cluster runs the risk of failed coupling. If one node goes down, both an etcd member and a controlplane instance are lost, and redundancy is compromised. You can mitigate this risk by adding more control plane nodes.
+-->
+然而，堆叠集群存在耦合失败的风险。如果一个节点发生故障，则 etcd 成员和控制平面实例都将丢失，并且冗余会受到影响。您可以通过添加更多控制平面节点来降低此风险。
+
+<!--
+You should therefore run a minimum of three stacked control plane nodes for an HA cluster.
+-->
+因此，您应该为 HA 集群运行至少三个堆叠的控制平面节点。
+
+<!--
+This is the default topology in kubeadm. A local etcd member is created automaticallyon control plane nodes when using `kubeadm init` and `kubeadm join --experimental-control-plane`.
+-->
+这是 kubeadm 中的默认拓扑。当使用 `kubeadm init` 和 `kubeadm join --experimental-control-plane` 时，在控制平面节点上会自动创建本地 etcd 成员。
+
+<!--
+![Stacked etcd topology](/images/kubeadm/kubeadm-ha-topology-stacked-etcd.svg)
+-->
+！[堆叠的 etcd 拓扑](/images/kubeadm/kubeadm-ha-topology-stacked-etcd.svg)
+
+<!--
+## External etcd topology
+-->
+## 外部 etcd 拓扑
+
+<!--
+An HA cluster with external etcd is a [topology](https://en.wikipedia.org/wiki/Network_topology) where the distributed data storage cluster provided by etcd is external to the cluster formed by the nodes that run control plane components.
+-->
+具有外部 etcd 的 HA 集群是一种这样的[拓扑](https://en.wikipedia.org/wiki/Network_topology)，其中 etcd 分布式数据存储集群在独立于控制平面节点的其他节点上运行。
+
+<!--
+Like the stacked etcd topology, each control plane node in an external etcd topology runs an instance of the `kube-apiserver`, `kube-scheduler`, and `kube-controller-manager`. And the `kube-apiserver` is exposed to worker nodes using a load balancer. However, etcd members run on separate hosts, and each etcd host communicates with the `kube-apiserver` of each control plane node.
+-->
+就像堆叠的 etcd 拓扑一样，外部 etcd 拓扑中的每个控制平面节点都运行 `kube-apiserver`，`kube-scheduler` 和 `kube-controller-manager` 实例。同样， `kube-apiserver` 使用负载均衡器暴露给工作节点。但是，etcd 成员在不同的主机上运行，​​每个 etcd 主机与每个控制平面节点的 `kube-apiserver` 通信。
+
+<!--
+This topology decouples the control plane and etcd member. It therefore provides an HA setup wherelosing a control plane instance or an etcd member has less impact and does not affectthe cluster redundancy as much as the stacked HA topology.
+-->
+这种拓扑结构解耦了控制平面和 etcd 成员。因此，它提供了一种 HA 设置，其中失去控制平面实例或者 etcd 成员的影响较小，并且不会像堆叠的 HA 拓扑那样影响集群冗余。
+
+<!--
+However, this topology requires twice the number of hosts as the stacked HA topology.
+-->
+但是，此拓扑需要两倍于堆叠 HA 拓扑的主机数量。
+<!--
+A minimum of three hosts for control plane nodes and three hosts for etcd nodes are required for an HA cluster with this topology.
+-->
+具有此拓扑的 HA 集群至少需要三个用于控制平面节点的主机和三个用于 etcd 节点的主机。
+
+<!--
+![External etcd topology](/images/kubeadm/kubeadm-ha-topology-external-etcd.svg)
+-->
+！[外部 etcd 拓扑](/images/kubeadm/kubeadm-ha-topology-external-etcd.svg)
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+- [Set up a highly available cluster with kubeadm](/docs/setup/production-environment/tools/kubeadm/high-availability/)
+-->
+ -  [使用 kubeadm 设置高可用集群](/docs/setup/production-environment/tools/kubeadm/high-availability/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md b/content/zh/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
new file mode 100644
index 0000000000000..ecf11ceebe0d6
--- /dev/null
+++ b/content/zh/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
@@ -0,0 +1,406 @@
+---
+title: 使用 kubeadm 创建一个高可用 etcd 集群
+content_template: templates/task
+weight: 60
+--- 
+
+<!--
+---
+reviewers:
+- sig-cluster-lifecycle
+title: Set up a High Availability etcd cluster with kubeadm
+content_template: templates/task
+weight: 60
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Kubeadm defaults to running a single member etcd cluster in a static pod managed
+by the kubelet on the control plane node. This is not a high availability setup
+as the etcd cluster contains only one member and cannot sustain any members
+becoming unavailable. This task walks through the process of creating a high
+availability etcd cluster of three members that can be used as an external etcd
+when using kubeadm to set up a kubernetes cluster. 
+-->
+默认情况下，kubeadm 运行单成员的 etcd 集群，该集群由控制面节点上的 kubelet 以静态 Pod 的方式进行管理。由于 etcd 集群只包含一个成员且不能在任一成员不可用时保持运行，所以这不是一种高可用设置。本任务，将告诉您如何在使用 kubeadm 创建一个 kubernetes 集群时创建一个外部 etcd：有三个成员的高可用 etcd 集群。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* Three hosts that can talk to each other over ports 2379 and 2380. This document assumes these default ports. However, they are configurable through the kubeadm config file. 
+-->
+* 三个可以通过 2379 和 2380 端口相互通信的主机。本文档使用这些作为默认端口。不过，它们可以通过 kubeadm 的配置文件进行自定义。
+
+<!--
+* Each host must [have docker, kubelet, and kubeadm installed][toolbox]. 
+-->
+* 每个主机必须 [安装有 docker、kubelet 和 kubeadm][工具箱]。
+
+<!--
+* Some infrastructure to copy files between hosts. For example `ssh` and `scp` can satisfy this requirement. 
+-->
+* 一些可以用来在主机间复制文件的基础设施。例如 `ssh` 和 `scp` 就可以满足需求。
+
+<!--
+[toolbox]: /docs/setup/production-environment/tools/kubeadm/install-kubeadm/
+-->
+[工具箱]: /docs/setup/production-environment/tools/kubeadm/install-kubeadm/
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Setting up the cluster 
+-->
+## 建立集群
+
+<!--
+The general approach is to generate all certs on one node and only distribute the *necessary* files to the other nodes. 
+-->
+一般来说，是在一个节点上生成所有证书并且只分发这些*必要*的文件到其它节点上。
+
+{{< note >}}
+<!--
+kubeadm contains all the necessary crytographic machinery to generate the certificates described below; no other cryptographic tooling is required for this example. 
+-->
+kubeadm 包含生成下述证书所需的所有必要的密码学工具；在这个例子中，不需要其他加密工具。
+{{< /note >}}
+
+<!--
+1. Configure the kubelet to be a service manager for etcd.
+
+    Since etcd was created first, you must override the service priority by creating a new unit file
+    that has higher precedence than the kubeadm-provided kubelet unit file.
+-->
+1. 将 kubelet 配置为 etcd 的服务管理器。
+
+    由于 etcd 是首先创建的，因此您必须通过创建具有更高优先级的新文件来覆盖 kubeadm 提供的 kubelet 单元文件。
+
+    ```sh
+    cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf
+    [Service]
+    ExecStart=
+    ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true
+    Restart=always
+    EOF
+
+    systemctl daemon-reload
+    systemctl restart kubelet
+    ```
+
+    <!--
+    1.Create configuration files for kubeadm.
+    
+        Generate one kubeadm configuration file for each host that will have an etcd
+        member running on it using the following script. 
+    -->
+
+1. 为 kubeadm 创建配置文件。
+
+    使用以下脚本为每个将要运行 etcd 成员的主机生成一个 kubeadm 配置文件。
+    
+    <!--
+    ```sh
+    # Update HOST0, HOST1, and HOST2 with the IPs or resolvable names of your hosts
+    export HOST0=10.0.0.6
+    export HOST1=10.0.0.7
+    export HOST2=10.0.0.8
+
+    # Create temp directories to store files that will end up on other hosts.
+    mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/
+
+    ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
+    NAMES=("infra0" "infra1" "infra2")
+
+    for i in "${!ETCDHOSTS[@]}"; do
+    HOST=${ETCDHOSTS[$i]}
+    NAME=${NAMES[$i]}
+    cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
+    apiVersion: "kubeadm.k8s.io/v1alpha3"
+    kind: ClusterConfiguration
+    etcd:
+        local:
+            serverCertSANs:
+            - "${HOST}"
+            peerCertSANs:
+            - "${HOST}"
+            extraArgs:
+                initial-cluster: infra0=https://${ETCDHOSTS[0]}:2380,infra1=https://${ETCDHOSTS[1]}:2380,infra2=https://${ETCDHOSTS[2]}:2380
+                initial-cluster-state: new
+                name: ${NAME}
+                listen-peer-urls: https://${HOST}:2380
+                listen-client-urls: https://${HOST}:2379
+                advertise-client-urls: https://${HOST}:2379
+                initial-advertise-peer-urls: https://${HOST}:2380
+    EOF
+    done
+    ``` 
+    -->
+    ```sh
+    # 使用 IP 或可解析的主机名替换 HOST0、HOST1 和 HOST2
+    export HOST0=10.0.0.6
+    export HOST1=10.0.0.7
+    export HOST2=10.0.0.8
+    
+    # 创建临时目录来存储将被分发到其它主机上的文件
+    mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/
+    
+    ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
+    NAMES=("infra0" "infra1" "infra2")
+    
+    for i in "${!ETCDHOSTS[@]}"; do
+    HOST=${ETCDHOSTS[$i]}
+    NAME=${NAMES[$i]}
+    cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
+    apiVersion: "kubeadm.k8s.io/v1alpha3"
+    kind: ClusterConfiguration
+    etcd:
+        local:
+            serverCertSANs:
+            - "${HOST}"
+            peerCertSANs:
+            - "${HOST}"
+            extraArgs:
+                initial-cluster: infra0=https://${ETCDHOSTS[0]}:2380,infra1=https://${ETCDHOSTS[1]}:2380,infra2=https://${ETCDHOSTS[2]}:2380
+                initial-cluster-state: new
+                name: ${NAME}
+                listen-peer-urls: https://${HOST}:2380
+                listen-client-urls: https://${HOST}:2379
+                advertise-client-urls: https://${HOST}:2379
+                initial-advertise-peer-urls: https://${HOST}:2380
+    EOF
+    done
+    ```
+
+    <!--
+    1.Generate the certificate authority
+
+        If you already have a CA then the only action that is copying the CA's `crt` and
+        `key` file to `/etc/kubernetes/pki/etcd/ca.crt` and
+        `/etc/kubernetes/pki/etcd/ca.key`. After those files have been copied,
+        proceed to the next step, "Create certificates for each member". 
+    -->
+1. 生成证书颁发机构
+
+    如果您已经拥有 CA，那么唯一的操作是复制 CA 的 `crt` 和 `key` 文件到 `etc/kubernetes/pki/etcd/ca.crt` 和 `/etc/kubernetes/pki/etcd/ca.key`。复制完这些文件后继续下一步，“为每个成员创建证书”。
+
+    <!--
+    If you do not already have a CA then run this command on `$HOST0` (where you generated the configuration files for kubeadm). 
+    -->
+    如果您还没有 CA，则在 `$HOST0`（您为 kubeadm 生成配置文件的位置）上运行此命令。
+
+    ```
+    kubeadm alpha phase certs etcd-ca
+    ```
+
+    <!--
+    This creates two files 
+    -->
+    创建了如下两个文件
+
+    - `/etc/kubernetes/pki/etcd/ca.crt`
+    - `/etc/kubernetes/pki/etcd/ca.key`
+
+    <!--
+    1. Create certificates for each member 
+    -->
+1. 为每个成员创建证书
+
+    <!--
+    ```sh
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST2}/
+    # cleanup non-reusable certificates
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST1}/
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    # No need to move the certs because they are for HOST0
+
+    # clean up certs that should not be copied off this host
+    find /tmp/${HOST2} -name ca.key -type f -delete
+    find /tmp/${HOST1} -name ca.key -type f -delete
+    ``` 
+    -->
+    ```sh
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST2}/
+    # 清理不可重复使用的证书
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
+    cp -R /etc/kubernetes/pki /tmp/${HOST1}/
+    find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
+
+    kubeadm alpha phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    # 不需要移动 certs 因为它们是给 HOST0 使用的
+
+    # 清理不应从此主机复制的证书
+    find /tmp/${HOST2} -name ca.key -type f -delete
+    find /tmp/${HOST1} -name ca.key -type f -delete
+    ``` 
+
+    <!--
+    1.Copy certificates and kubeadm configs
+
+        The certificates have been generated and now they must be moved to their
+        respective hosts. 
+    -->
+1. 复制证书和 kubeadm 配置
+
+    证书已生成，现在必须将它们移动到对应的主机。
+
+    ```sh
+    USER=ubuntu
+    HOST=${HOST1}
+    scp -r /tmp/${HOST}/* ${USER}@${HOST}:
+    ssh ${USER}@${HOST}
+    USER@HOST $ sudo -Es
+    root@HOST $ chown -R root:root pki
+    root@HOST $ mv pki /etc/kubernetes/
+    ```
+
+    <!--
+    1.Ensure all expected files exist
+
+        The complete list of required files on `$HOST0` is: 
+    -->
+1. 确保已经所有预期的文件都存在
+   
+    `$HOST0` 所需文件的完整列表如下：
+
+    ```
+    /tmp/${HOST0}
+    └── kubeadmcfg.yaml
+    ---
+    /etc/kubernetes/pki
+    ├── apiserver-etcd-client.crt
+    ├── apiserver-etcd-client.key
+    └── etcd
+        ├── ca.crt
+        ├── ca.key
+        ├── healthcheck-client.crt
+        ├── healthcheck-client.key
+        ├── peer.crt
+        ├── peer.key
+        ├── server.crt
+        └── server.key
+    ```
+
+    <!--
+    On `$HOST1`: 
+    -->
+    在 `$HOST1`:
+
+    ```
+    $HOME
+    └── kubeadmcfg.yaml
+    ---
+    /etc/kubernetes/pki
+    ├── apiserver-etcd-client.crt
+    ├── apiserver-etcd-client.key
+    └── etcd
+        ├── ca.crt
+        ├── healthcheck-client.crt
+        ├── healthcheck-client.key
+        ├── peer.crt
+        ├── peer.key
+        ├── server.crt
+        └── server.key
+    ``` 
+
+    <!--
+    On `$HOST2` 
+    -->
+    在 `$HOST2`
+
+    ```
+    $HOME
+    └── kubeadmcfg.yaml
+    ---
+    /etc/kubernetes/pki
+    ├── apiserver-etcd-client.crt
+    ├── apiserver-etcd-client.key
+    └── etcd
+        ├── ca.crt
+        ├── healthcheck-client.crt
+        ├── healthcheck-client.key
+        ├── peer.crt
+        ├── peer.key
+        ├── server.crt
+        └── server.key
+    ``` 
+    
+    <!--
+    1.Create the static pod manifests
+
+        Now that the certificates and configs are in place it's time to create the
+        manifests. On each host run the `kubeadm` command to generate a static manifest
+        for etcd.
+    -->
+1. 创建静态 Pod 清单
+
+    既然证书和配置已经就绪，是时候去创建清单了。在每台主机上运行 `kubeadm` 命令来生成 etcd 使用的静态清单。
+
+    ```sh
+    root@HOST0 $ kubeadm alpha phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml
+    root@HOST1 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
+    root@HOST2 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
+    ``` 
+   
+    <!--
+    1.Optional: Check the cluster health 
+    -->
+1. 可选：检查群集运行状况
+
+    ```sh
+    docker run --rm -it \
+    --net host \
+    -v /etc/kubernetes:/etc/kubernetes quay.io/coreos/etcd:v3.2.18 etcdctl \
+    --cert-file /etc/kubernetes/pki/etcd/peer.crt \
+    --key-file /etc/kubernetes/pki/etcd/peer.key \
+    --ca-file /etc/kubernetes/pki/etcd/ca.crt \
+    --endpoints https://${HOST0}:2379 cluster-health
+    ...
+    cluster is healthy
+    ``` 
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Once your have a working 3 member etcd cluster, you can continue setting up a
+highly available control plane using the [external etcd method with
+kubeadm](/docs/setup/independent/high-availability/). 
+-->
+一旦拥有了一个正常工作的 3 成员的 etcd 集群，你就可以基于[使用 kubeadm 的外部 etcd 方法](/docs/setup/independent/high-availability/)，继续部署一个高可用的控制平面。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/setup/release/_index.md b/content/zh/docs/setup/release/_index.md
new file mode 100644
index 0000000000000..93f01fa8d4c03
--- /dev/null
+++ b/content/zh/docs/setup/release/_index.md
@@ -0,0 +1,11 @@
+---
+title: "下载 Kubernetes"
+weight: 20
+---
+
+<!--
+---
+title: "Downloading Kubernetes"
+weight: 20
+---
+-->
diff --git a/content/zh/docs/setup/release/building-from-source.md b/content/zh/docs/setup/release/building-from-source.md
new file mode 100644
index 0000000000000..3d66b049e360d
--- /dev/null
+++ b/content/zh/docs/setup/release/building-from-source.md
@@ -0,0 +1,53 @@
+---
+title: 从源代码构建
+---
+
+<!--
+---
+reviewers:
+- david-mcmahon
+- jbeda
+title: Building from Source
+---
+-->
+
+您可以从源代码构建发行包，也可以下载预构建的发行包。
+<!--
+You can either build a release from source or download a pre-built release.
+-->
+
+如果您不打算开发 Kubernetes 本身，我们建议您使用当前发行包的预构建版本，该版本可以在[发行说明](/docs/setup/release/notes/)中找到。
+<!--
+If you do not plan on developing Kubernetes itself, we suggest using a pre-built version of the current release, which can be found in the [Release Notes](/docs/setup/release/notes/).
+-->
+
+Kubernetes 源代码可以从 [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) 仓库下载。
+<!--
+The Kubernetes source code can be downloaded from the [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) repo.
+-->
+
+## 从源代码构建
+<!--
+## Building from source
+-->
+
+如果您只是简单地想从源代码构建一个发行包，则不需要设置完整的 golang 环境，因为所有构建过程都发生在 Docker 容器中。
+<!--
+If you are simply building a release from source there is no need to set up a full golang environment as all building happens in a Docker container.
+-->
+
+构建一个发行包很简单。
+<!--
+Building a release is simple.
+-->
+
+```shell
+git clone https://github.com/kubernetes/kubernetes.git
+cd kubernetes
+make release
+```
+
+有关发布过程的更多细节，请参见 kubernetes/kubernetes [`build`](http://releases.k8s.io/{{< param "githubbranch" >}}/build/) 目录。
+<!--
+For more details on the release process see the kubernetes/kubernetes [`build`](http://releases.k8s.io/{{< param "githubbranch" >}}/build/) directory.
+-->
diff --git a/content/zh/docs/setup/salt.md b/content/zh/docs/setup/salt.md
index aa5ef2a87dedf..98d49d5dba1ea 100755
--- a/content/zh/docs/setup/salt.md
+++ b/content/zh/docs/setup/salt.md
@@ -148,52 +148,31 @@ The following enumerates the set of defined key/value pairs that are supported t
 
 <!--
 Key | Value
+`api_servers` | (Optional) The IP address / host name where a kubelet can get read-only access to kube-apiserver
+`cbr-cidr` | (Optional) The minion IP address range used for the docker container bridge.
+`cloud` | (Optional) Which IaaS platform is used to host Kubernetes, *gce*, *azure*, *aws*, *vagrant*
+`etcd_servers` | (Optional) Comma-delimited list of IP addresses the kube-apiserver and kubelet use to reach etcd.  Uses the IP of the first machine in the kubernetes_master role, or 127.0.0.1 on GCE.
+`hostnamef` | (Optional) The full host name of the machine, i.e. uname -n
+`node_ip` | (Optional) The IP address to use to address this node
+`hostname_override` | (Optional) Mapped to the kubelet hostname-override
+`network_mode` | (Optional) Networking model to use among nodes: *openvswitch*
+`networkInterfaceName` | (Optional) Networking interface to use to bind addresses, default value *eth0*
+`publicAddressOverride` | (Optional) The IP address the kube-apiserver should use to bind against for external read-only access
+`roles` | (Required) 1. `kubernetes-master` means this machine is the master in the Kubernetes cluster.  2. `kubernetes-pool` means this machine is a kubernetes-node.  Depending on the role, the Salt scripts will provision different resources on the machine.
+
 -->
 键 | 值
 -----------------------------------|----------------------------------------------------------------
-<!--
-`api_servers` | (Optional) The IP address / host name where a kubelet can get read-only access to kube-apiserver
--->
 `api_servers` | （可选） IP 地址/主机名 ，kubelet 用其访问 kube-apiserver
-<!--
-`cbr-cidr` | (Optional) The minion IP address range used for the docker container bridge.
--->
 `cbr-cidr` | （可选） docker 容器网桥分配给 minion 节点的 IP 地址范围
-<!--
-`cloud` | (Optional) Which IaaS platform is used to host Kubernetes, *gce*, *azure*, *aws*, *vagrant*
--->
 `cloud` | （可选） 托管 Kubernetes 的 IaaS 平台， *gce*, *azure*, *aws*, *vagrant*
-<!--
-`etcd_servers` | (Optional) Comma-delimited list of IP addresses the kube-apiserver and kubelet use to reach etcd.  Uses the IP of the first machine in the kubernetes_master role, or 127.0.0.1 on GCE.
--->
 `etcd_servers` | （可选） 以逗号分隔的 IP 地址列表，kube-apiserver 和 kubelet 使用其访问 etcd。kubernetes_master 角色的节点使用第一个机器的 IP ，在 GCE 环境上使用 127.0.0.1。
-<!--
-`hostnamef` | (Optional) The full host name of the machine, i.e. uname -n
--->
 `hostnamef` | （可选） 机器的完整主机名，即：uname -n
-<!--
-`node_ip` | (Optional) The IP address to use to address this node
--->
 `node_ip` | （可选）用于定位本节点的 IP 地址
-<!--
-`hostname_override` | (Optional) Mapped to the kubelet hostname-override
--->
 `hostname_override` | （可选）对应 kubelet 的 hostname-override 参数
-<!--
-`network_mode` | (Optional) Networking model to use among nodes: *openvswitch*
--->
 `network_mode` | （可选）节点间使用的网络模型：*openvswitch*
-<!--
-`networkInterfaceName` | (Optional) Networking interface to use to bind addresses, default value *eth0*
--->
 `networkInterfaceName` | （可选）用于绑定地址的网络接口，默认值 *eth0*
-<!--
-`publicAddressOverride` | (Optional) The IP address the kube-apiserver should use to bind against for external read-only access
--->
 `publicAddressOverride` | （可选）kube-apiserver 用于外部只读访问而绑定的IP地址
-<!--
-`roles` | (Required) 1. `kubernetes-master` means this machine is the master in the Kubernetes cluster.  2. `kubernetes-pool` means this machine is a kubernetes-node.  Depending on the role, the Salt scripts will provision different resources on the machine.
--->
 `roles` | （必选）1、`kubernetes-master` 表示本节点是 Kubernetes 集群的 master。2、`kubernetes-pool` 表示本节点是一个 kubernetes-node。根据角色，Salt 脚本会在机器上提供不同的资源
 
 <!--
diff --git a/content/zh/docs/setup/turnkey/_index.md b/content/zh/docs/setup/turnkey/_index.md
new file mode 100644
index 0000000000000..db406bd8292d3
--- /dev/null
+++ b/content/zh/docs/setup/turnkey/_index.md
@@ -0,0 +1,11 @@
+---
+title: 一站式云解决方案
+weight: 40
+---
+
+<!--
+---
+title: Turnkey Cloud Solutions
+weight: 40
+---
+-->
diff --git a/content/zh/docs/setup/turnkey/alibaba-cloud.md b/content/zh/docs/setup/turnkey/alibaba-cloud.md
new file mode 100644
index 0000000000000..f568c239cec41
--- /dev/null
+++ b/content/zh/docs/setup/turnkey/alibaba-cloud.md
@@ -0,0 +1,53 @@
+---
+title: 在阿里云上运行 Kubernetes
+---
+<!--
+---
+reviewers:
+- colemickens
+- brendandburns
+title: Running Kubernetes on Alibaba Cloud
+---
+-->
+
+<!--
+## Alibaba Cloud Container Service
+-->
+## 阿里云容器服务
+
+<!--
+The [Alibaba Cloud Container Service](https://www.aliyun.com/product/containerservice) lets you run and manage Docker applications on a cluster of Alibaba Cloud ECS instances. It supports the popular open source container orchestrators: Docker Swarm and Kubernetes.
+-->
+[阿里云容器服务](https://www.aliyun.com/product/containerservice)允许您在阿里云 ECS 实例集群上运行和管理 Docker 应用程序。
+它支持流行的开源容器编排框架：Docker Swarm 和 Kubernetes。
+
+<!--
+To simplify cluster deployment and management, use [Kubernetes Support for Alibaba Cloud Container Service](https://www.aliyun.com/solution/kubernetes/). 
+-->
+为了简化集群部署和管理，您可以使用[阿里云容器服务的 Kubernetes 支持](https://www.aliyun.com/solution/kubernetes/)。
+
+<!--
+You can get started quickly by following the [Kubernetes walk-through](https://help.aliyun.com/document_detail/53751.html), and there are some [tutorials for Kubernetes Support on Alibaba Cloud](https://yq.aliyun.com/teams/11/type_blog-cid_200-page_1) in Chinese. 
+-->
+您可以通过 [Kubernetes 演练](https://help.aliyun.com/document_detail/53751.html) 快速入门，
+这里还有一些中文版的[阿里云 Kubernetes 支持教程](https://yq.aliyun.com/teams/11/type_blog-cid_200-page_1)。
+
+<!--
+To use custom binaries or open source Kubernetes, follow the instructions below.
+-->
+要使用自定义二进制文件或开源 Kubernetes，请遵循下面的说明。
+
+<!--
+## Custom Deployments
+-->
+## 自定义部署
+
+<!--
+The source code for [Kubernetes with Alibaba Cloud provider implementation](https://github.com/AliyunContainerService/kubernetes) is open source and available on GitHub.
+-->
+[阿里云提供的 Kubernetes 实现](https://github.com/AliyunContainerService/kubernetes)是开源的，您可以在 GitHub 上找到。
+
+<!--
+For more information, see "[Quick deployment of Kubernetes - VPC environment on Alibaba Cloud](https://www.alibabacloud.com/forum/read-830)" in English and [Chinese](https://yq.aliyun.com/articles/66474).
+-->
+更多信息，请参见英文版“[快速部署 Kubernetes - 阿里云 VPC 环境](https://www.alibabacloud.com/forum/read-830)”以及[中文版](https://yq.aliyun.com/articles/66474)。
diff --git a/content/zh/docs/setup/turnkey/aws.md b/content/zh/docs/setup/turnkey/aws.md
new file mode 100644
index 0000000000000..3feceb2ad6f6b
--- /dev/null
+++ b/content/zh/docs/setup/turnkey/aws.md
@@ -0,0 +1,191 @@
+---
+reviewers:
+- justinsb
+- clove
+title: 在 AWS EC2 上运行 Kubernetes
+content_template: templates/task
+---
+
+<!--
+---
+reviewers:
+- justinsb
+- clove
+title: Running Kubernetes on AWS EC2
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page describes how to install a Kubernetes cluster on AWS.
+-->
+本页介绍如何在 AWS 上安装 Kubernetes 集群。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+To create a Kubernetes cluster on AWS, you will need an Access Key ID and a Secret Access Key from AWS.
+-->
+要在 AWS 上创建 Kubernetes 集群，您需要一个访问密钥 ID 和一个来自 AWS 的 Secret 访问密钥。
+
+<!--
+### Supported Production Grade Tools
+-->
+
+### 支持的生产等级工具
+
+<!--
+* [conjure-up](/docs/getting-started-guides/ubuntu/) is an open-source installer for Kubernetes that creates Kubernetes clusters with native AWS integrations on Ubuntu.
+
+* [Kubernetes Operations](https://github.com/kubernetes/kops) - Production Grade K8s Installation, Upgrades, and Management. Supports running Debian, Ubuntu, CentOS, and RHEL in AWS.
+
+* [CoreOS Tectonic](https://coreos.com/tectonic/) includes the open-source [Tectonic Installer](https://github.com/coreos/tectonic-installer) that creates Kubernetes clusters with Container Linux nodes on AWS.
+
+* CoreOS originated and the Kubernetes Incubator maintains [a CLI tool, kube-aws](https://github.com/kubernetes-incubator/kube-aws), that creates and manages Kubernetes clusters with [Container Linux](https://coreos.com/why/) nodes, using AWS tools: EC2, CloudFormation and Autoscaling.
+-->
+
+* [conjure-up](/docs/getting-started-guides/ubuntu/) 是 Kubernetes 的一个开源安装程序，可以在 Ubuntu 上创建本机 AWS 集成的 Kubernetes 集群。
+                                                                                      \
+* [Kubernetes 操作](https://github.com/kubernetes/kops) - 生产级 K8s 安装、升级和管理。支持在 AWS 中运行 Debian、Ubuntu、CentOS 和 RHEL。
+
+* [CoreOS 结构](https://coreos.com/tectonic/)包括开源[结构](https://github.com/coreos/tectonic-installer)，它在 AWS 上创建带有 Linux 容器节点的 Kubernetes 集群。
+
+* CoreOS 起源于 Kubernetes 孵化器，Kubernetes 孵化器维护 [一个 CLI 工具 kube-aws](https://github.com/kubernetes-incubator/kube-aws)，它使用 AWS 工具：EC2、CloudFormation 和 Autoscaling 创建和管理 [Linux 容器](https://coreos.com/why/)节点的 Kubernetes 集群。
+
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Getting started with your cluster
+-->
+
+## 开始您的集群
+
+<!--
+### Command line administration tool: kubectl
+-->
+
+### 命令行管理工具：kubectl
+
+<!--
+The cluster startup script will leave you with a `kubernetes` directory on your workstation.
+Alternately, you can download the latest Kubernetes release from [this page](https://github.com/kubernetes/kubernetes/releases).
+-->
+集群启动脚本将在您的工作站上留下一个 `kubernetes` 目录。
+或者，您可以从[这个页面](https://github.com/kubernetes/kubernetes/releases)下载最新的 Kubernetes 版本。
+
+<!--
+Next, add the appropriate binary folder to your `PATH` to access kubectl:
+-->
+接下来，将相应的二进制文件夹添加到您的 `PATH` 中访问 kubectl：
+
+```shell
+# macOS
+export PATH=<path/to/kubernetes-directory>/platforms/darwin/amd64:$PATH
+
+# Linux
+export PATH=<path/to/kubernetes-directory>/platforms/linux/amd64:$PATH
+```
+
+<!--
+An up-to-date documentation page for this tool is available here: [kubectl manual](/docs/user-guide/kubectl/)
+-->
+这个工具的最新文档页面可以在这里找到：[kubectl 手册](/docs/user-guide/kubectl/)
+
+<!--
+By default, `kubectl` will use the `kubeconfig` file generated during the cluster startup for authenticating against the API.
+For more information, please read [kubeconfig files](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/)
+-->
+默认情况下，`kubectl` 将使用集群启动期间生成的 `kubeconfig` 文件对 API 进行身份验证。
+更多信息，请阅读 [kubeconfig 文件](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/)
+
+<!--
+### Examples
+-->
+
+### 例子
+
+<!--
+See [a simple nginx example](/docs/tasks/run-application/run-stateless-application-deployment/) to try out your new cluster.
+-->
+查看一个[简单的 nginx 示例](/docs/tasks/run-application/run-stateless-application-deployment/)来试用您的新集群。
+
+<!--
+The "Guestbook" application is another popular example to get started with Kubernetes: [guestbook example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/)
+-->
+"留言板"应用程序是 Kubernetes 的另一个流行示例：[留言板示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/)
+
+<!--
+For more complete applications, please look in the [examples directory](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/)
+-->
+有关更完整的应用程序，请查看[示例目录](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/)
+
+<!--
+## Scaling the cluster
+-->
+
+## 扩展集群
+
+<!--
+Adding and removing nodes through `kubectl` is not supported. You can still scale the amount of nodes manually through adjustments of the 'Desired' and 'Max' properties within the [Auto Scaling Group](http://docs.aws.amazon.com/autoscaling/latest/userguide/as-manual-scaling.html), which was created during the installation.
+-->
+`kubectl` 不支持添加和删除节点。您仍然可以通过[自动扩缩功能组](http://docs.aws.amazon.com/autoscaling/latest/userguide/as-manual-scale.html) 中的 `Desired` 和 `Max` 属性手动调整节点的数量，该属性是在安装过程中创建的。
+
+<!--
+## Tearing down the cluster
+-->
+
+## 拆除集群
+
+<!--
+Make sure the environment variables you used to provision your cluster are still exported, then call the following script inside the
+`kubernetes` directory:
+-->
+确保用于提供集群的环境变量已经导出，然后在 `kubernetes` 目录中调用以下脚本：
+
+```shell
+cluster/kube-down.sh
+```
+
+<!--
+## Support Level
+-->
+
+## 支持级别
+
+<!--
+IaaS Provider        | Config. Mgmt | OS            | Networking  | Docs                                          | Conforms | Support Level
+-->
+
+
+IaaS 供应商          |  配置管理     | 操作系统       | 网络        | 文档                                          |  合规     | 支持级别
+-------------------- | ------------ | ------------- | ----------  | --------------------------------------------- | ---------| ----------------------------
+AWS                  | kops         | Debian        | k8s (VPC)   | [文档](https://github.com/kubernetes/kops)     |          | 社区 ([@justinsb](https://github.com/justinsb))
+AWS                  | CoreOS       | CoreOS        | flannel     | [文档](/docs/getting-started-guides/aws)       |          | 社区
+AWS                  | Juju         | Ubuntu        | flannel, calico, canal     | [文档](/docs/getting-started-guides/ubuntu)      | 100%     | 商业、社区
+
+<!--
+For support level information on all solutions, see the [Table of solutions](/docs/getting-started-guides/#table-of-solutions) chart.
+-->
+有关所有解决方案的支持级别信息，请查看[解决方案表](/docs/getting-started-guides/#table-of-solutions)。
+
+<!--
+## Further reading
+-->
+
+## 进一步阅读
+
+<!--
+Please see the [Kubernetes docs](/docs/) for more details on administering
+and using a Kubernetes cluster.
+-->
+有关管理和使用 Kubernetes 集群的详细信息，请参阅 [Kubernetes 文档](/docs/)。
+
+
+{{% /capture %}}
diff --git a/content/zh/docs/setup/turnkey/azure.md b/content/zh/docs/setup/turnkey/azure.md
new file mode 100644
index 0000000000000..7d010d7003cf5
--- /dev/null
+++ b/content/zh/docs/setup/turnkey/azure.md
@@ -0,0 +1,87 @@
+---
+reviewers:
+- colemickens
+- brendandburns
+title: 在 Azure 上运行 Kubernetes
+---
+
+<!--
+---
+reviewers:
+- colemickens
+- brendandburns
+title: Running Kubernetes on Azure
+---
+-->
+
+<!--
+## Azure Kubernetes Service (AKS)
+-->
+## Azure Kubernetes Service (AKS)
+
+<!--
+The [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/) offers simple
+deployments for Kubernetes clusters.
+-->
+[Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/) 为 Kubernetes 集群提供简单的部署。
+
+<!--
+For an example of deploying a Kubernetes cluster onto Azure via the Azure Kubernetes Service:
+-->
+通过 Azure Kubernetes Service 将 Kubernetes 集群部署到 Azure 的示例：
+
+<!--
+**[Microsoft Azure Kubernetes Service](https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes)**
+-->
+**[Microsoft Azure Kubernetes Service](https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes)**
+
+<!--
+## Custom Deployments: ACS-Engine
+-->
+## 自定义部署：ACS-Engine
+
+<!--
+The core of the Azure Kubernetes Service is **open source** and available on GitHub for the community
+to use and contribute to: **[ACS-Engine](https://github.com/Azure/acs-engine)**.
+-->
+Azure Kubernetes 服务的核心是 **开源的** ，可在 GitHub 上获取，供社区使用和贡献：**[ACS-Engine](https://github.com/Azure/acs-engine)**。
+
+<!--
+ACS-Engine is a good choice if you need to make customizations to the deployment beyond what the Azure Kubernetes
+Service officially supports. These customizations include deploying into existing virtual networks, utilizing multiple
+agent pools, and more. Some community contributions to ACS-Engine may even become features of the Azure Kubernetes Service.
+-->
+如果您需要对 Azure Kubernetes Service 官方支持的部署进行自定义，ACS-Engine 是一个不错的选择。 这些自定义包括部署到现有网络虚拟，使用多个代理池等。一些社区对 ACS-Engine 的贡献甚至可能成为 Azure Kubernetes Service 的功能。
+
+<!--
+The input to ACS-Engine is similar to the ARM template syntax used to deploy a cluster directly with the Azure Kubernetes Service.
+The resulting output is an Azure Resource Manager Template that can then be checked into source control and can then be used
+to deploy Kubernetes clusters into Azure.
+-->
+导入 ACS-Engine 类似于用于直接使用 Azure Kubernetes Service 部署集群的 ARM 模板语法。
+结果导出是 Azure 资源管理器模板，然后可以将其检入源控件，然后可以用于将 Kubernetes 集群部署到 Azure 中。
+
+<!--
+You can get started quickly by following the **[ACS-Engine Kubernetes Walkthrough](https://github.com/Azure/acs-engine/blob/master/docs/kubernetes.md)**.
+-->
+您可以按照 **[ACS-Engine Kubernetes 演练](https://github.com/Azure/acs-engine/blob/master/docs/kubernetes.md)** 快速入门。
+
+<!--
+## CoreOS Tectonic for Azure
+-->
+## Azure 上使用 CoreOS Tectonic
+
+<!--
+The CoreOS Tectonic Installer for Azure is **open source** and available on GitHub for the community to use and contribute to: **[Tectonic Installer](https://github.com/coreos/tectonic-installer)**.
+-->
+在 Azure 上安装 CoreOS Tectonic 的程序是 **开源的** ，可在 GitHub 上获取，供社区使用和贡献：**[Tectonic Installer](https://github.com/coreos/tectonic-installer)**。
+
+<!--
+Tectonic Installer is a good choice when you need to make cluster customizations as it is built on [Hashicorp's Terraform](https://www.terraform.io/docs/providers/azurerm/) Azure Resource Manager (ARM) provider. This enables users to customize or integrate using familiar Terraform tooling.
+-->
+当您需要进行集群自定义时，Tectonic Installer 是一个不错的选择，因为它是基于 [Hashicorp's Terraform](https://www.terraform.io/docs/providers/azurerm/) Azure 资源管理器（ARM）提供程序构建的。这使用户能够使用熟悉的 Terraform 工具进行自定义或集成。
+
+<!--
+You can get started using the [Tectonic Installer for Azure Guide](https://coreos.com/tectonic/docs/latest/install/azure/azure-terraform.html).
+-->
+您可以开始使用 [在 Azure 上安装 Tectonic 指南](https://coreos.com/tectonic/docs/latest/install/azure/azure-terraform.html)。
diff --git a/content/zh/docs/sitemap.md b/content/zh/docs/sitemap.md
new file mode 100644
index 0000000000000..433569cab834b
--- /dev/null
+++ b/content/zh/docs/sitemap.md
@@ -0,0 +1,115 @@
+---
+---
+<script language="JavaScript">
+var dropDownsPopulated = false;
+$( document ).ready(function() {
+  // When the document loads, get the metadata JSON, and kick off tbl render
+  $.get("/metadata.txt", function(data, status) {
+    metadata = $.parseJSON(data);
+    metadata.pages.sort(dynamicSort("t"));
+    mainLogic()
+    $(window).bind( 'hashchange', function(e) {
+      mainLogic();
+    });
+  });
+});
+function mainLogic()
+{
+  // If there's a tag filter, change the table/drop down output
+  if (!dropDownsPopulated) populateDropdowns();
+  var tag=window.location.hash.replace("#","");
+  if(tag) {
+    tag = $.trim(tag);
+    for (i=0;i<tagName.length;i++) {
+      querystringTag = tagName[i] + "=";
+      if (tag.indexOf(querystringTag) > -1)
+      {
+        console.log("in mainLog: querystringTag of " + querystringTag + " matches tag of " + tag);
+        tag = tag.replace(querystringTag,"");
+        selectDropDown(tagName[i],tag);
+        topicsFilter(tagName[i],tag,"output");
+      }
+    }
+  } else {
+    currentTopics = metadata.pages;
+  }
+  renderTable(currentTopics,"output");
+
+}
+function populateDropdowns()
+{
+  // Keeping mainLogic() brief by functionalizing the initialization of the
+  // drop-down filter boxes
+
+  for(i=0;i<metadata.pages.length;i++)
+  {
+    var metadataArrays = [metadata.pages[i].cr,metadata.pages[i].or,metadata.pages[i].mr];
+    for(j=0;j<metadataArrays.length;j++)
+    {
+      if (metadataArrays[j]) {
+        for (k=0;k<metadataArrays[j].length;k++) {
+          if (typeof storedTagsArrays[j] == 'undefined') storedTagsArrays[j] = new Array();
+          storedTagsArrays[j][metadataArrays[j][k][tagName[j]]] = true;
+          // ^ conceptList[metadata.pages[i].cr[k].concept] = true; (if rolling through concepts)
+          // ^ conceptList['container'] = true; (ultimate result)
+          // ^ objectList[metadata.pages[i].or[k].object] = true; (if rolling through objects)
+          // ^ objectList['restartPolicy'] = true; (ultimate result)
+        }
+      }
+    }
+  }
+  var output = new Array();
+  for(i=0;i<tagName.length;i++)
+  {
+    // Phew! All tags in conceptList, objectList, and commandList!
+    // Loop through them and populate those drop-downs through html() injection
+    output = [];
+    output.push("<select id='" + tagName[i] + "' onchange='dropFilter(this)'>");
+    output.push("<option>---</option>");
+    Object.keys(storedTagsArrays[i]).sort().forEach(function (key) {
+      output.push("<option>" + key + "</option>");
+    });
+    output.push("</select>")
+    $(dropDowns[i]).html(output.join(""));
+  }
+  dropDownsPopulated = true;
+}
+function dropFilter(srcobj)
+{
+  // process the change of a drop-down value
+  // the ID of the drop down is either command, object, or concept
+  // these exact values are what topicsFilter() expects, plus a filter val
+  // which we get from .text() of :selected
+  console.log("dropFilter:" + $(srcobj).attr('id') + ":" + $(srcobj).find(":selected").text());
+  topicsFilter($(srcobj).attr('id').replace("#",""),$(srcobj).find(":selected").text(),"output");
+  for(i=0;i<tagName.length;i++)
+  {
+    if($(srcobj).attr('id')!=tagName[i]) selectDropDown(tagName[i],"---");
+  }
+}
+function selectDropDown(type,tag)
+{
+  // change drop-down selection w/o filtering
+  $("#" + type).val(tag);
+}
+</script>
+<style>
+#filters select{
+  font-size: 14px;
+  border: 1px #000 solid;
+}
+#filters {
+  padding-top: 20px;
+}
+</style>
+
+<!-- Click tags or use the drop downs to filter. Click table headers to sort or reverse sort. -->
+单击"标记"或使用下拉列表进行筛选。单击"表标题"进行排序或反向排序。
+
+<p id="filters">
+Filter by Concept: <span id="conceptFilter" /><br/>
+Filter by Object: <span id="objectFilter" /><br/>
+Filter by Command: <span id="commandFilter" />
+</p>
+
+<div id="output" />
diff --git a/content/zh/docs/tasks/_index.md b/content/zh/docs/tasks/_index.md
new file mode 100644
index 0000000000000..0be5747945d39
--- /dev/null
+++ b/content/zh/docs/tasks/_index.md
@@ -0,0 +1,191 @@
+---
+title: 任务
+main_menu: true
+weight: 50
+content_template: templates/concept
+---
+<!--
+---
+title: Tasks
+main_menu: true
+weight: 50
+content_template: templates/concept
+---
+-->
+
+{{< toc >}}
+
+{{% capture overview %}}
+
+Kubernetes 文档这一部分包含的一些页面展示如何去做单个任务。一个任务页面展示了如何执行操作单一的项目，通常是通过给出若干步骤。
+<!--
+This section of the Kubernetes documentation contains pages that
+show how to do individual tasks. A task page shows how to do a
+single thing, typically by giving a short sequence of steps.
+-->
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+## Web 用户界面 (Dashboard)
+
+部署和访问 Dashboard Web 用户界面，以帮助您管理和监控 Kubernetes 集群中的容器化应用程序。
+
+<!--
+## Web UI (Dashboard)
+
+Deploy and access the Dashboard web user interface to help you manage and monitor containerized applications in a Kubernetes cluster.
+-->
+
+## 使用 kubectl 命令行
+
+下载并设置用于直接管理 Kubernetes 集群的 kubectl 命令行工具。
+
+<!--
+## Using the kubectl Command-line
+
+Install and setup the `kubectl` command-line tool used to directly manage Kubernetes clusters.
+-->
+
+## 配置 Pod 和容器
+
+执行 Pod 和容器的常见配置任务。
+
+<!--
+## Configuring Pods and Containers
+
+Perform common configuration tasks for Pods and Containers.
+-->
+
+## 运行应用程序
+
+执行常见的应用程序管理任务，例如滚动更新、将信息注入 Pod、以及 Pod 水平自动伸缩。
+
+<!--
+## Running Applications
+
+Perform common application management tasks, such as rolling updates, injecting information into pods, and horizontal Pod autoscaling.
+-->
+
+## 运行 Job
+
+使用并行处理方式运行 Job。
+
+<!--
+## Running Jobs
+
+Run Jobs using parallel processing.
+-->
+
+## 访问集群中的应用程序
+
+配置负载均衡和端口转发、或者设置防火墙、或者配置 DNS 以访问集群中的应用程序。
+
+<!--
+## Accessing Applications in a Cluster
+
+Configure load balancing, port forwarding, or setup firewall or DNS configurations to access applications in a cluster.
+-->
+
+## 监控、日志记录和调试
+
+设置监控和日志记录以对集群进行故障排除或者调试容器化应用程序。
+
+<!--
+## Monitoring, Logging, and Debugging
+
+Setup monitoring and logging to troubleshoot a cluster or debug a containerized application.
+-->
+
+## 访问 Kubernetes API
+
+了解直接访问 Kubernetes API 的各种方法。
+
+<!--
+## Accessing the Kubernetes API
+
+Learn various methods to directly access the Kubernetes API.
+-->
+
+## 使用 TLS
+
+配置您的应用程序去信任和使用集群的根证书机构（ CA ）。
+
+<!--
+## Using TLS
+
+Configure your application to trust and use the cluster root Certificate Authority (CA).
+-->
+
+## 管理集群
+
+了解管理集群的常见任务。
+
+<!--
+## Administering a Cluster
+
+Learn common tasks for administering a cluster.
+-->
+
+## 管理联邦
+
+配置集群联邦中的组件。
+
+<!--
+## Administering Federation
+
+Configure components in a cluster federation.
+-->
+
+## 管理状态应用程序
+
+执行管理有状态应用程序的常见任务，包括扩展、删除和调试 StatefulSets。
+
+<!--
+## Managing Stateful Applications
+
+Perform common tasks for managing Stateful applications, including scaling, deleting, and debugging StatefulSets.
+-->
+
+## 集群 Daemons
+
+执行管理 DaemonSet 的常见任务，例如执行滚动更新。
+
+<!--
+## Cluster Daemons
+
+Perform common tasks for managing a DaemonSet, such as performing a rolling update.
+-->
+
+## 管理 GPU
+
+配置和调度 NVIDIA GPU 作为集群中节点使用的资源。
+
+<!--
+## Managing GPUs
+
+Configure and schedule NVIDIA GPUs for use as a resource by nodes in a cluster.
+-->
+
+## 管理 HugePage
+
+配置和调度 HugePage 作为集群中的可调度资源。
+
+<!--
+## Managing HugePages
+
+Configure and schedule huge pages as a schedulable resource in a cluster.
+-->
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+如果您想编写任务页面，请参阅[创建文档提取请求](/docs/home/contribute/create-pull-request/)。
+<!--
+If you would like to write a task page, see
+[Creating a Documentation Pull Request](/docs/home/contribute/create-pull-request/).
+-->
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/access-application-cluster/_index.md b/content/zh/docs/tasks/access-application-cluster/_index.md
new file mode 100644
index 0000000000000..8436005bc0386
--- /dev/null
+++ b/content/zh/docs/tasks/access-application-cluster/_index.md
@@ -0,0 +1,11 @@
+---
+title: 访问集群中的应用程序
+weight: 60
+---
+
+<!--
+---
+title: "Access Applications in a Cluster"
+weight: 60
+---
+-->
diff --git a/content/zh/docs/tasks/access-application-cluster/access-cluster.md b/content/zh/docs/tasks/access-application-cluster/access-cluster.md
index 10b68fbed30a2..09c045b4fddc9 100644
--- a/content/zh/docs/tasks/access-application-cluster/access-cluster.md
+++ b/content/zh/docs/tasks/access-application-cluster/access-cluster.md
@@ -1,15 +1,16 @@
-<!--
----
-title: Accessing Clusters
+---
+title: 访问集群
 weight: 20
 content_template: templates/concept
 ---
--->
+
+<!--
 ---
-title: 访问集群
+title: Accessing Clusters
 weight: 20
 content_template: templates/concept
 ---
+-->
 
 {{% capture overview %}}
 
diff --git a/content/zh/docs/tasks/access-application-cluster/configure-dns-cluster.md b/content/zh/docs/tasks/access-application-cluster/configure-dns-cluster.md
index 48cc0a019a75a..14d691387d72e 100644
--- a/content/zh/docs/tasks/access-application-cluster/configure-dns-cluster.md
+++ b/content/zh/docs/tasks/access-application-cluster/configure-dns-cluster.md
@@ -1,15 +1,16 @@
-<!--
 ---
-title: Configure DNS for a Cluster
+title: 为集群配置 DNS
 weight: 120
 content_template: templates/concept
 ---
--->
+
+<!--
 ---
-title: 为集群配置 DNS
+title: Configure DNS for a Cluster
 weight: 120
 content_template: templates/concept
 ---
+-->
 
 {{% capture overview %}}
 <!--
diff --git a/content/zh/docs/tasks/access-application-cluster/create-external-load-balancer.md b/content/zh/docs/tasks/access-application-cluster/create-external-load-balancer.md
index 0965a657ec29d..5b467004b408d 100644
--- a/content/zh/docs/tasks/access-application-cluster/create-external-load-balancer.md
+++ b/content/zh/docs/tasks/access-application-cluster/create-external-load-balancer.md
@@ -1,16 +1,16 @@
-<!--
 ---
-title: Create an External Load Balancer
+title: 创建一个外部负载均衡器
 content_template: templates/task
 weight: 80
 ---
--->
+
+<!--
 ---
-title: 创建一个外部负载均衡器
+title: Create an External Load Balancer
 content_template: templates/task
 weight: 80
 ---
-
+-->
 
 {{% capture overview %}}
 
diff --git a/content/zh/docs/tasks/access-application-cluster/list-all-running-container-images.md b/content/zh/docs/tasks/access-application-cluster/list-all-running-container-images.md
index fb3850c3b0d59..6e1b8ffde7278 100644
--- a/content/zh/docs/tasks/access-application-cluster/list-all-running-container-images.md
+++ b/content/zh/docs/tasks/access-application-cluster/list-all-running-container-images.md
@@ -1,15 +1,16 @@
-<!--
 ---
-title: List All Container Images Running in a Cluster
+title: 列出集群中所有运行容器的镜像
 content_template: templates/task
 weight: 100
 ---
--->
+
+<!--
 ---
-title: 列出集群中所有运行容器的镜像
+title: List All Container Images Running in a Cluster
 content_template: templates/task
 weight: 100
 ---
+-->
 
 {{% capture overview %}}
 
diff --git a/content/zh/docs/tasks/access-application-cluster/load-balance-access-application-cluster.md b/content/zh/docs/tasks/access-application-cluster/load-balance-access-application-cluster.md
index b653c5aecb20c..6256f3b2d19dc 100644
--- a/content/zh/docs/tasks/access-application-cluster/load-balance-access-application-cluster.md
+++ b/content/zh/docs/tasks/access-application-cluster/load-balance-access-application-cluster.md
@@ -1,15 +1,16 @@
-<!--
 ---
-title: Provide Load-Balanced Access to an Application in a Cluster
+title: 提供对集群中应用程序的负载均衡访问
 content_template: templates/tutorial
 weight: 50
 ---
--->
+
+<!--
 ---
-title: 提供对集群中应用程序的负载均衡访问
+title: Provide Load-Balanced Access to an Application in a Cluster
 content_template: templates/tutorial
 weight: 50
 ---
+-->
 
 {{% capture overview %}}
 
diff --git a/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md b/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
index 13eb4b1f4976b..5bbcead46d9f0 100644
--- a/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
+++ b/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
@@ -1,15 +1,16 @@
-<!--
 ---
-title: Use Port Forwarding to Access Applications in a Cluster
+title: 使用端口转发来访问集群中的应用
 content_template: templates/task
 weight: 40
 ---
--->
+
+<!--
 ---
-title: 使用端口转发来访问集群中的应用
+title: Use Port Forwarding to Access Applications in a Cluster
 content_template: templates/task
 weight: 40
 ---
+-->
 
 {{% capture overview %}}
 
diff --git a/content/zh/docs/tasks/access-application-cluster/service-access-application-cluster.md b/content/zh/docs/tasks/access-application-cluster/service-access-application-cluster.md
index 908280e29d3d4..92283bc070510 100644
--- a/content/zh/docs/tasks/access-application-cluster/service-access-application-cluster.md
+++ b/content/zh/docs/tasks/access-application-cluster/service-access-application-cluster.md
@@ -1,15 +1,16 @@
-<!--
 ---
-title: Use a Service to Access an Application in a Cluster
+title: 使用服务来访问集群中的应用
 content_template: templates/tutorial
 weight: 60
 ---
--->
+
+<!--
 ---
-title: 使用服务来访问集群中的应用
+title: Use a Service to Access an Application in a Cluster
 content_template: templates/tutorial
 weight: 60
 ---
+-->
 
 {{% capture overview %}}
 
diff --git a/content/zh/docs/tasks/access-application-cluster/web-ui-dashboard.md b/content/zh/docs/tasks/access-application-cluster/web-ui-dashboard.md
new file mode 100644
index 0000000000000..cc2b73b3a35a0
--- /dev/null
+++ b/content/zh/docs/tasks/access-application-cluster/web-ui-dashboard.md
@@ -0,0 +1,366 @@
+---
+reviewers:
+- bryk
+- mikedanese
+- rf232
+title: Web UI (Dashboard)
+content_template: templates/concept
+weight: 10
+---
+
+{{% capture overview %}}
+
+<!--
+Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster itself along with its attendant resources. You can use Dashboard to get an overview of applications running on your cluster, as well as for creating or modifying individual Kubernetes resources (such as Deployments, Jobs, DaemonSets, etc). For example, you can scale a Deployment, initiate a rolling update, restart a pod or deploy new applications using a deploy wizard.
+
+Dashboard also provides information on the state of Kubernetes resources in your cluster, and on any errors that may have occurred.
+ -->
+Dashboard 是基于网页的 Kubernetes 用户界面。您可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中，也可以对容器应用排错，还能管理集群本身及其附属资源。您可以使用 Dashboard 获取运行在集群中的应用的概览信息，也可以创建或者修改 Kubernetes 资源（如 Deployment，Job，DaemonSet 等等）。例如，您可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
+
+Dashboard 同时展示了 Kubernetes 集群中的资源状态信息和所有报错信息。
+
+![Kubernetes Dashboard UI](/images/docs/ui-dashboard.png)
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Deploying the Dashboard UI
+
+The Dashboard UI is not deployed by default. To deploy it, run the following command:
+ -->
+## 部署 Dashboard UI
+
+默认情况下不会部署 Dashboard。可以通过以下命令部署：
+
+```
+kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
+```
+
+<!--
+## Accessing the Dashboard UI
+
+There are multiple ways you can access the Dashboard UI; either by using the kubectl command-line interface, or by accessing the Kubernetes master apiserver using your web browser.
+ -->
+## 访问 Dashboard UI
+
+访问 Dashboard UI 有多种方式；可以使用 kubectl 命令行，或者使用浏览器访问 Kubernetes 主节点的 API 服务器。
+
+<!--
+### Command line proxy
+You can access Dashboard using the kubectl command-line tool by running the following command:
+ -->
+### 命令行代理
+您可以使用 kubectl 命令行工具访问 Dashboard，命令如下：
+
+```
+kubectl proxy
+```
+
+<!--
+Kubectl will handle authentication with apiserver and make Dashboard available at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/.
+
+The UI can _only_ be accessed from the machine where the command is executed. See `kubectl proxy --help` for more options.
+ -->
+kubectl 会处理与 API 服务器的认证过程，并使得 Dashboard 可以通过 http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 访问。
+
+UI _只能_ 通过执行这条命令的机器进行访问。更多选项参见 `kubectl proxy --help`。
+
+<!--
+### Master server
+
+You may access the UI directly via the Kubernetes master apiserver. Open a browser and navigate to ``https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/``, where `<master-ip>` is IP address or domain name of the Kubernetes
+master.
+
+Please note, this works only if the apiserver is set up to allow authentication with username and password. This is not currently the case with some setup tools (e.g., `kubeadm`). Refer to the  [authentication admin documentation](/docs/reference/access-authn-authz/authentication/) for information on how to configure authentication manually.
+
+If the username and password are configured but unknown to you, then use `kubectl config view` to find it.
+ -->
+### 主节点 API 服务器
+UI 可以直接通过 Kubernetes 主节点上的 API 服务器访问。打开浏览器，输入 `https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/`，其中 `<<master-ip>` 是 Kubernetes 主服务器的 IP 地址或域名。
+
+请注意，只有当 API 服务器允许使用用户名密码认证时，这种方式才可以正常工作。但目前对于安装工具（如 `kubeadm`）来说并非如此。关于如何手工设置，参见 [认证管理文档](/docs/reference/access-authn-authz/authentication/)。
+
+如果您不知道配置的用户名密码，可以使用 `kubectl config view` 查询。
+
+<!--
+## Welcome view
+
+When you access Dashboard on an empty cluster, you'll see the welcome page. This page contains a link to this document as well as a button to deploy your first application. In addition, you can view which system applications are running by default in the `kube-system` [namespace](/docs/tasks/administer-cluster/namespaces/) of your cluster, for example the Dashboard itself.
+ -->
+## 欢迎界面
+
+当访问空集群的 Dashboard 时，您会看到欢迎界面。页面包含一个指向此文档的链接，以及一个用于部署第一个应用程序的按钮。此外，您可以看到在默认情况下有哪些默认系统应用运行在 `kube-system` [命名空间](/docs/tasks/administer-cluster/namespaces/) 中，比如 Dashboard 自己。
+
+<!--
+![Kubernetes Dashboard welcome page](/images/docs/ui-dashboard-zerostate.png)
+ -->
+![Kubernetes Dashboard 欢迎页面](/images/docs/ui-dashboard-zerostate.png)
+
+<!--
+## Deploying containerized applications
+
+Dashboard lets you create and deploy a containerized application as a Deployment and optional Service with a simple wizard. You can either manually specify application details, or upload a YAML or JSON file containing application configuration.
+
+To access the deploy wizard from the Welcome page, click the respective button. To access the wizard at a later point in time, click the **CREATE** button in the upper right corner of any page.
+ -->
+## 部署容器化应用
+
+通过一个简单的部署向导，您可以使用 Dashboard 将容器化应用作为一个 Deployment 和可选的 Service 进行创建和部署。可以手工指定应用的详细配置，或者上传一个包含应用配置的 YAML 或 JSON 文件。
+
+想要访问部署向导，可以点击欢迎界面上的各个部署按钮。向导也可以之后通过点击任何页面右上角的 **创建** 按钮进行快速访问。
+
+<!--
+![Deploy wizard](/images/docs/ui-dashboard-deploy-simple.png)
+ -->
+![部署向导](/images/docs/ui-dashboard-deploy-simple.png)
+
+<!--
+### Specifying application details
+
+The deploy wizard expects that you provide the following information:
+ -->
+### 指定应用的详细配置
+
+部署向导需要您提供以下信息：
+
+<!--
+- **App name** (mandatory): Name for your application. A [label](/docs/concepts/overview/working-with-objects/labels/) with the name will be added to the Deployment and Service, if any, that will be deployed.
+
+  The application name must be unique within the selected Kubernetes [namespace](/docs/tasks/administer-cluster/namespaces/). It must start with a lowercase character, and end with a lowercase character or a number, and contain only lowercase letters, numbers and dashes (-). It is limited to 24 characters. Leading and trailing spaces are ignored.
+ -->
+- **应用名称**（必填）：应用的名称。内容为`应用名称`的[标签](/docs/concepts/overview/working-with-objects/labels/) 会被添加到任何将被部署的 Deployment 和 Service。
+
+  在选定的 Kubernetes [命名空间](/docs/tasks/administer-cluster/namespaces/) 中，应用名称必须唯一。必须由小写字母开头，以数字或者小写字母结尾，并且只含有小写字母、数字和中划线（-）。小于等于24个字符。开头和结尾的空格会被忽略。
+
+<!--
+- **Container image** (mandatory): The URL of a public Docker [container image](/docs/concepts/containers/images/) on any registry, or a private image (commonly hosted on the Google Container Registry or Docker Hub). The container image specification must end with a colon.
+ -->
+- **容器镜像**（必填）：公共镜像仓库上的 Docker [容器镜像](/docs/concepts/containers/images/) 或者私有镜像仓库（通常是 Google Container Registery 或者 Docker Hub）的 URL。容器镜像参数说明必须以冒号结尾。
+
+<!--
+- **Number of pods** (mandatory): The target number of Pods you want your application to be deployed in. The value must be a positive integer.
+
+  A [Deployment](/docs/concepts/workloads/controllers/deployment/) will be created to maintain the desired number of Pods across your cluster.
+ -->
+- **pod 的数量**（必填）：您希望应用程序部署的 Pod 的数量。值必须为正整数。
+
+  系统会创建一个 [Deployment](/docs/concepts/workloads/controllers/deployment/) 用于保证集群中运行了期望的 Pod 数量。
+
+<!--
+- **Service** (optional): For some parts of your application (e.g. frontends) you may want to expose a [Service](/docs/concepts/services-networking/service/) onto an external, maybe public IP address outside of your cluster (external Service). For external Services, you may need to open up one or more ports to do so. Find more details [here](/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/).
+ -->
+- **服务**（可选）：对于部分应用（比如前端），您可能想对外暴露一个 [Service](/docs/concepts/services-networking/service/) ，这个 Service（外部 Service）可能用的是集群之外的公网 IP 地址。对于外部 Service 的情况，需要开放一个或者多个端口来满足。更多信息请参考 [这里](/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/。
+
+<!--
+  Other Services that are only visible from inside the cluster are called internal Services.
+
+  Irrespective of the Service type, if you choose to create a Service and your container listens on a port (incoming), you need to specify two ports. The Service will be created mapping the port (incoming) to the target port seen by the container. This Service will route to your deployed Pods. Supported protocols are TCP and UDP. The internal DNS name for this Service will be the value you specified as application name above.
+ -->
+  其它只能对集群内部可见的 Service 称为内部 Service。
+
+  不管哪种 Service 类型，如果您选择创建一个 Service，而且容器在一个端口上开启了监听（入向的），那么您需要定义两个端口。创建的 Service 会把（入向的）端口映射到容器可见的目标端口。该 Service 会把流量路由到您部署的 Pod。支持的协议有 TCP 和 UDP。这个 Service 的内部 DNS 解析名就是之前您定义的应用名称的值。
+
+<!--
+If needed, you can expand the **Advanced options** section where you can specify more settings:
+ -->
+如果需要，您可以打开 **高级选项** 部分，这里您可以定义更多设置：
+
+<!--
+- **Description**: The text you enter here will be added as an [annotation](/docs/concepts/overview/working-with-objects/annotations/) to the Deployment and displayed in the application's details.
+ -->
+- **描述**：这里您输入的文本会作为一个 [注解](/docs/concepts/overview/working-with-objects/annotations/) 添加到 Deployment，并显示在应用的详细信息中。
+
+<!--
+- **Labels**: Default [labels](/docs/concepts/overview/working-with-objects/labels/) to be used for your application are application name and version. You can specify additional labels to be applied to the Deployment, Service (if any), and Pods, such as release, environment, tier, partition, and release track.
+
+  Example:
+ -->
+- **标签**：应用默认使用的 [标签](/docs/concepts/overview/working-with-objects/labels/) 是应用名称和版本。您可以为 Deployment、Service（如果有）定义额外的标签，比如 release（版本）、environment（环境）、tier（层级）、partition（分区） 和 release track（版本跟踪）。
+
+  例子：
+
+   ```conf
+   release=1.0
+   tier=frontend
+   environment=pod
+   track=stable
+   ```
+
+<!--
+- **Namespace**: Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called [namespaces](/docs/tasks/administer-cluster/namespaces/). They let you partition resources into logically named groups.
+
+  Dashboard offers all available namespaces in a dropdown list, and allows you to create a new namespace. The namespace name may contain a maximum of 63 alphanumeric characters and dashes (-) but can not contain capital letters.
+  Namespace names should not consist of only numbers. If the name is set as a number, such as 10, the pod will be put in the default namespace.
+
+  In case the creation of the namespace is successful, it is selected by default. If the creation fails, the first namespace is selected.
+-->
+- **命名空间**：Kubernetes 支持多个虚拟集群依附于同一个物理集群。这些虚拟集群被称为 [命名空间](/docs/tasks/administer-cluster/namespaces/)，可以让您将资源划分为逻辑命名的组。
+
+  Dashboard 通过下拉菜单提供所有可用的命名空间，并允许您创建新的命名空间。命名空间的名称最长可以包含 63 个字母或数字和中横线（-），但是不能包含大写字母。
+  命名空间的名称不能只包含数字。如果名字被设置成一个数字，比如 10，pod 就会被放在默认的命名空间中。
+
+  在 namespace 创建成功的情况下，默认会使用新创建的命名空间。如果创建失败，那么第一个命名空间会被选中。
+
+<!--
+- **Image Pull Secret**: In case the specified Docker container image is private, it may require [pull secret](/docs/concepts/configuration/secret/) credentials.
+
+  Dashboard offers all available secrets in a dropdown list, and allows you to create a new secret. The secret name must follow the DNS domain name syntax, e.g. `new.image-pull.secret`. The content of a secret must be base64-encoded and specified in a  [`.dockercfg`](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) file. The secret name may consist of a maximum of 253 characters.
+
+  In case the creation of the image pull secret is successful, it is selected by default. If the creation fails, no secret is applied.
+ -->
+- **镜像拉取 Secret**：如果要使用私有的 Docker 容器镜像，需要拉取 [secret](/docs/concepts/configuration/secret/) 凭证。
+
+  Dashboard 通过下拉菜单提供所有可用的 secret，并允许您创建新的 secret。secret 名称必须遵循 DNS 域名语法，比如 `new.image-pull.secret`。secret 的内容必须是 base64 编码的，并且在一个 [`.dockercfg`](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) 文件中声明。secret 名称最大可以包含 253 个字符。
+
+  在镜像拉取 secret 创建成功的情况下，默认会使用新创建的 secret。如果创建失败，则不会使用任何 secret。
+
+<!--
+- **CPU requirement (cores)** and **Memory requirement (MiB)**: You can specify the minimum [resource limits](/docs/tasks/configure-pod-container/limit-range/) for the container. By default, Pods run with unbounded CPU and memory limits.
+ -->
+- **CPU 需求（核数）**和**内存需求（MiB）**：您可以为容器定义最小的 [资源限制](/docs/tasks/configure-pod-container/limit-range/)。默认情况下，Pod 没有 CPU 和内存限制。
+
+<!--
+- **Run command** and **Run command arguments**: By default, your containers run the specified Docker image's default [entrypoint command](/docs/user-guide/containers/#containers-and-commands). You can use the command options and arguments to override the default.
+ -->
+- **运行命令**和**运行命令参数**：默认情况下，您的容器会运行 Docker 镜像的默认 [入口命令](/docs/user-guide/containers/#containers-and-commands)。您可以使用 command 选项覆盖默认值。
+
+<!--
+- **Run as privileged**: This setting determines whether processes in [privileged containers](/docs/user-guide/pods/#privileged-mode-for-pod-containers) are equivalent to processes running as root on the host. Privileged containers can make use of capabilities like manipulating the network stack and accessing devices.
+ -->
+- **以特权运行**：这个设置决定了在 [特权容器](/docs/user-guide/pods/#privileged-mode-for-pod-containers) 中运行的进程是否像主机中使用 root 运行的进程一样。特权容器可以使用诸如操纵网络堆栈和访问设备的功能。
+
+<!--
+- **Environment variables**: Kubernetes exposes Services through [environment variables](/docs/tasks/inject-data-application/environment-variable-expose-pod-information/). You can compose environment variable or pass arguments to your commands using the values of environment variables. They can be used in applications to find a Service. Values can reference other variables using the `$(VAR_NAME)` syntax.
+ -->
+- **环境变量**：Kubernetes 通过 [环境变量](/docs/tasks/inject-data-application/environment-variable-expose-pod-information/) 暴露 Service。您可以构建环境变量，或者将环境变量的值作为参数传递给您的命令。它们可以被应用用于查找 Service。值可以通过  `$(VAR_NAME)` 语法关联其他变量。
+
+<!--
+### Uploading a YAML or JSON file
+
+Kubernetes supports declarative configuration. In this style, all configuration is stored in YAML or JSON configuration files using the Kubernetes [API](/docs/concepts/overview/kubernetes-api/) resource schemas.
+
+As an alternative to specifying application details in the deploy wizard, you can define your application in YAML or JSON files, and upload the files using Dashboard:
+ -->
+### 上传 YAML 或者 JSON 文件
+
+Kubernetes 支持声明式配置。所有的配置都存储在遵循 Kubernetes [API](/docs/concepts/overview/kubernetes-api/) 架构的 YAML 或者 JSON 配置文件中。
+
+作为一种替代在部署向导中指定应用详情的方式，您可以在 YAML 或者 JSON 文件中定义应用，并且使用 Dashboard 上传文件：
+
+<!--
+![Deploy wizard file upload](/images/docs/ui-dashboard-deploy-file.png)
+ -->
+![部署向导中上传文件](/images/docs/ui-dashboard-deploy-file.png)
+
+<!--
+## Using Dashboard
+Following sections describe views of the Kubernetes Dashboard UI; what they provide and how can they be used.
+ -->
+## 使用 Dashboard
+以下各节描述了 Kubernetes Dashboard UI 视图；包括它们提供的内容，以及怎么使用它们。
+
+<!--
+### Navigation
+
+When there are Kubernetes objects defined in the cluster, Dashboard shows them in the initial view. By default only objects from the _default_ namespace are shown and this can be changed using the namespace selector located in the navigation menu.
+
+Dashboard shows most Kubernetes object kinds and groups them in a few menu categories.
+ -->
+### 导航栏
+
+当在集群中定义 Kubernetes 对象时，Dashboard 会在初始视图中显示它们。默认情况下只会显示 _默认_ 命名空间中的对象，可以通过更改导航栏菜单中的命名空间筛选器进行改变。
+
+Dashboard 展示大部分 Kubernetes 对象，并将它们分组放在几个菜单类别中。
+
+<!--
+#### Admin
+View for cluster and namespace administrators. It lists Nodes, Namespaces and Persistent Volumes and has detail views for them. Node list view contains CPU and memory usage metrics aggregated across all Nodes. The details view shows the metrics for a Node, its specification, status, allocated resources, events and pods running on the node.
+ -->
+#### 管理
+集群和命名空间管理的视图。它会列出节点、命名空间和持久卷，并且有它们的详细视图。节点列表视图包含从所有节点聚合的 CPU 和内存使用的度量值。详细信息视图显示了一个节点的度量值，它的规格、状态、分配的资源、事件和这个节点上运行的 Pod。
+
+<!--
+![Node detail view](/images/docs/ui-dashboard-node.png)
+ -->
+![节点详细信息视图](/images/docs/ui-dashboard-node.png)
+
+<!--
+#### Workloads
+Entry point view that shows all applications running in the selected namespace. The view lists applications by workload kind (e.g., Deployments, Replica Sets, Stateful Sets, etc.) and each workload kind can be viewed separately. The lists summarize actionable information about the workloads, such as the number of ready pods for a Replica Set or current memory usage for a Pod.
+ -->
+#### 负载
+入口视图显示选中的命名空间中所有运行的应用。视图按照负载类型（如 Deployment、ReplicaSet、StatefulSet 等）罗列应用，并且每种负载都可以单独查看。列表总结了关于负载的可执行信息，比如一个 ReplicaSet 的准备状态的 Pod 数量，或者目前一个 Pod 的内存使用量。
+
+<!--
+![Workloads view](/images/docs/ui-dashboard-workloadview.png)
+ -->
+![负载视图](/images/docs/ui-dashboard-workloadview.png)
+
+<!--
+Detail views for workloads show status and specification information and surface relationships between objects. For example, Pods that Replica Set is controlling or New Replica Sets and Horizontal Pod Autoscalers for Deployments.
+ -->
+工作负载的详情视图展示了对象的状态、详细信息和相互关系。例如，ReplicaSet 所控制的 Pod，或者 Deployment 关联的 新 ReplicaSet 和 Pod 水平扩展控制器。
+
+<!--
+![Deployment detail view](/images/docs/ui-dashboard-deployment-detail.png)
+ -->
+![部署详情视图](/images/docs/ui-dashboard-deployment-detail.png)
+
+<!--
+#### Services and discovery
+Services and discovery view shows Kubernetes resources that allow for exposing services to external world and discovering them within a cluster. For that reason, Service and Ingress views show Pods targeted by them, internal endpoints for cluster connections and external endpoints for external users.
+ -->
+#### 服务发现
+服务发现视图展示允许暴露给外网服务和允许集群内部发现的 Kubernetes 资源。因此，Service 和 Ingress 视图展示他们关联的 Pod、给集群连接使用的内部端点和给外部用户使用的外部端点。
+
+<!--
+![Service list partial view](/images/docs/ui-dashboard-service-list.png)
+ -->
+![服务列表部分视图](/images/docs/ui-dashboard-service-list.png)
+
+<!--
+#### Storage
+Storage view shows Persistent Volume Claim resources which are used by applications for storing data.
+ -->
+#### 存储
+存储视图展示持久卷申领（PVC）资源，这些资源被应用程序用来存储数据。
+
+<!--
+#### Config
+Config view shows all Kubernetes resources that are used for live configuration of applications running in clusters. This is now Config Maps and Secrets. The view allows for editing and managing config objects and displays secrets hidden by default.
+ -->
+#### 配置
+配置视图展示的所有 Kubernetes 资源是在集群中运行的应用程序的实时配置。目前来说就是 ConfigMap 和 Secret。通过这个视图可以编辑和管理配置对象，并显示那些默认隐藏的 secret。
+
+<!--
+![Secret detail view](/images/docs/ui-dashboard-secret-detail.png)
+ -->
+![Secret 详情视图](/images/docs/ui-dashboard-secret-detail.png)
+
+<!--
+#### Logs viewer
+Pod lists and detail pages link to logs viewer that is built into Dashboard. The viewer allows for drilling down logs from containers belonging to a single Pod.
+ -->
+#### 日志查看器
+Pod 列表和详细信息页面可以链接到 Dashboard 内置的日志查看器。查看器可以钻取属于同一个 Pod 的不同容器的日志。
+
+<!--
+![Logs viewer](/images/docs/ui-dashboard-logs-view.png)
+ -->
+![日志浏览](/images/docs/ui-dashboard-logs-view.png)
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+For more information, see the
+[Kubernetes Dashboard project page](https://github.com/kubernetes/dashboard).
+ -->
+更多信息，参见
+[Kubernetes Dashboard 项目页面](https://github.com/kubernetes/dashboard).
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/access-kubernetes-api/_index.md b/content/zh/docs/tasks/access-kubernetes-api/_index.md
new file mode 100755
index 0000000000000..345cd8381bbb6
--- /dev/null
+++ b/content/zh/docs/tasks/access-kubernetes-api/_index.md
@@ -0,0 +1,11 @@
+---
+title: "扩展 Kubernetes"
+weight: 90
+---
+
+<!--
+---
+title: "Extend Kubernetes"
+weight: 90
+---
+-->
diff --git a/content/zh/docs/tasks/access-kubernetes-api/configure-aggregation-layer.md b/content/zh/docs/tasks/access-kubernetes-api/configure-aggregation-layer.md
new file mode 100644
index 0000000000000..d59c38c146e95
--- /dev/null
+++ b/content/zh/docs/tasks/access-kubernetes-api/configure-aggregation-layer.md
@@ -0,0 +1,100 @@
+---
+title: 配置聚合层
+reviewers:
+- lavalamp
+- cheftako
+- chenopis
+content_template: templates/task
+weight: 10
+---
+<!--
+---
+title: Configure the Aggregation Layer
+reviewers:
+- lavalamp
+- cheftako
+- chenopis
+content_template: templates/task
+weight: 10
+---
+-->
+
+{{% capture overview %}}
+
+配置[聚合层](/docs/concepts/api-extension/apiserver-aggregation/)允许 Kubernetes apiserver 使用其它 API 进行扩展，这些 API 不是核心 Kubernetes API 的一部分。
+<!--
+Configuring the [aggregation layer](/docs/concepts/api-extension/apiserver-aggregation/) allows the Kubernetes apiserver to be extended with additional APIs, which are not part of the core Kubernetes APIs.
+-->
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{< note >}}
+**注意:** 在您的环境中启用聚合层时，如需要支持代理和扩展 apiserver 之间的双向 TLS 身份验证，需要满足一些设置要求。
+Kubernetes 和 kube-apiserver 都有多个 CA，因此要确保代理的证书由聚合层 CA 签署，而不是由其它 CA （如主 CA）来签署。
+{{< /note >}}
+<!--
+{{< note >}}
+**Note:** There are a few setup requirements for getting the aggregation layer working in your environment to support mutual TLS auth between the proxy and extension apiservers. Kubernetes and the kube-apiserver have multiple CAs, so make sure that the proxy is signed by the aggregation layer CA and not by something else, like the master CA.
+{{< /note >}}
+-->
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+## 启用 apiserver 参数
+
+通过以下 kube-apiserver 参数启用聚合层。这一操作可能已由您的供应商完成。
+
+    --requestheader-client-ca-file=<path to aggregator CA cert>
+    --requestheader-allowed-names=front-proxy-client
+    --requestheader-extra-headers-prefix=X-Remote-Extra-
+    --requestheader-group-headers=X-Remote-Group
+    --requestheader-username-headers=X-Remote-User
+    --proxy-client-cert-file=<path to aggregator proxy cert>
+    --proxy-client-key-file=<path to aggregator proxy key>
+
+**警告**：除非您了解 CA 的风险和保护 CA 使用的机制，否则**不要**在不同的场合重复使用同一 CA。
+
+如果您未在运行 API 服务器的主机上运行 kube-proxy ，则必须确保配置了以下 apiserver 参数：
+
+    --enable-aggregator-routing=true
+<!--
+## Enable apiserver flags
+
+Enable the aggregation layer via the following kube-apiserver flags. They may have already been taken care of by your provider.
+
+    --requestheader-client-ca-file=<path to aggregator CA cert>
+    --requestheader-allowed-names=front-proxy-client
+    --requestheader-extra-headers-prefix=X-Remote-Extra-
+    --requestheader-group-headers=X-Remote-Group
+    --requestheader-username-headers=X-Remote-User
+    --proxy-client-cert-file=<path to aggregator proxy cert>
+    --proxy-client-key-file=<path to aggregator proxy key>
+
+WARNING: do **not** reuse a CA that is used in a different context unless you understand the risks and the mechanisms to protect the CA's usage.
+
+If you are not running kube-proxy on a host running the API server, then you must make sure that the system is enabled with the following apiserver flag:
+
+    --enable-aggregator-routing=true
+-->
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+* [安装一个扩展的 api-server ](/docs/tasks/access-kubernetes-api/setup-extension-api-server/) 以使用聚合层。
+* 有关高级概述，请参阅[使用聚合层扩展 Kubernetes API ](/docs/concepts/api-extension/apiserver-aggregation/)。
+* 了解如何[使用自定义资源扩展 Kubernetes API ](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/)。
+
+<!--
+* [Setup an extension api-server](/docs/tasks/access-kubernetes-api/setup-extension-api-server/) to work with the aggregation layer.
+* For a high level overview, see [Extending the Kubernetes API with the aggregation layer](/docs/concepts/api-extension/apiserver-aggregation/).
+* Learn how to [Extend the Kubernetes API Using Custom Resource Definitions](/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/).
+-->
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/access-kubernetes-api/custom-resources/_index.md b/content/zh/docs/tasks/access-kubernetes-api/custom-resources/_index.md
new file mode 100755
index 0000000000000..7fb09fb93d65c
--- /dev/null
+++ b/content/zh/docs/tasks/access-kubernetes-api/custom-resources/_index.md
@@ -0,0 +1,9 @@
+---
+title: "使用自定义资源"
+weight: 10
+---
+
+<!-- ---
+title: "Use Custom Resources"
+weight: 10
+--- -->
diff --git a/content/zh/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definition-versioning.md b/content/zh/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definition-versioning.md
new file mode 100644
index 0000000000000..5e322416878aa
--- /dev/null
+++ b/content/zh/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definition-versioning.md
@@ -0,0 +1,517 @@
+---
+title: CustomResourceDefinitions 的版本
+reviewers:
+- mbohlool
+- sttts
+- liggitt
+content_template: templates/task
+weight: 30
+---
+<!--
+---
+title: Versions of CustomResourceDefinitions
+reviewers:
+- mbohlool
+- sttts
+- liggitt
+content_template: templates/task
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page explains how to add versioning information to
+[CustomResourceDefinitions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#customresourcedefinition-v1beta1-apiextensions), to indicate the stability
+level of your CustomResourceDefinitions or advance your API to a new version with conversion between API representations. It also describes how to upgrade an object from one version to another.
+-->
+本页介绍了如何添加版本信息到[CustomResourceDefinitions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#customresourcedefinition-v1beta1-apiextensions)，如何表示 CustomResourceDefinitions 的稳定水平或者用 API 之间的表征的转换提高您的 API 到一个新的版本。它还描述了如何将对象从一个版本升级到另一个版本。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!--
+* Make sure your Kubernetes cluster has a master version of 1.11.0 or higher.
+-->
+* 确保您的 Kubernetes 集群的主版本为1.11.0或更高版本。
+
+<!--
+* Read about [custom resources](/docs/concepts/api-extension/custom-resources/).
+-->
+* 阅读[自定义资源](/docs/concepts/api-extension/custom-resources/)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Overview
+-->
+## 概览
+
+<!--
+The CustomResourceDefinition API supports a `versions` field that you can use to
+support multiple versions of custom resources that you have developed. Versions
+can have different schemas with a conversion webhook to convert custom resources between versions.
+Webhook conversions should follow the [Kubernetes API conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md) wherever applicable.
+Specifically, See the [API change documentation](https://github.com/kubernetes/community/blob/master/contributors/devel/api_changes.md) for a set of useful gotchas and suggestions.
+-->
+CustomResourceDefinition API 支持您使用`versions`字段来开发多个版本的自定义资源。
+版本可以有不同的模式与转换 webhook 在版本之间转换自定义资源。
+Webhook 转换应遵循适用的[Kubernetes API 约定](https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md)。
+具体来说，请参阅 [API 更改文档](https://github.com/kubernetes/community/blob/master/contributors/devel/api_changes.md)以获取一组有用的问题和建议。
+
+<!--
+Earlier iterations included a `version` field instead of `versions`. The
+`version` field is deprecated and optional, but if it is not empty, it must
+match the first item in the `versions` field.
+-->
+{{< note >}}
+早期的迭代包括 `version` 字段而不是`versions`。
+`version` 字段已弃用且可选，但如果它不为空，则必须必配`versions` 字段中的第一项。
+{{< /note >}}
+
+<!--
+## Specify multiple versions
+-->
+## 指定多个版本
+
+<!--
+This example shows a CustomResourceDefinition with two versions. For the first
+example, the assumption is all versions share the same schema with no conversion
+between them. The comments in the YAML provide more context.
+-->
+此示例显示了两个版本的 CustomResourceDefinition。第一个例子，假设所有的版本共享相同的模式而它们之间没有转换。YAML 中的评论提供了更多背景信息。
+
+```yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  # name must match the spec fields below, and be in the form: <plural>.<group>
+  name: crontabs.example.com
+spec:
+  # group name to use for REST API: /apis/<group>/<version>
+  group: example.com
+  # list of versions supported by this CustomResourceDefinition
+  versions:
+  - name: v1beta1
+    # Each version can be enabled/disabled by Served flag.
+    served: true
+    # One and only one version must be marked as the storage version.
+    storage: true
+  - name: v1
+    served: true
+    storage: false
+  # The conversion section is introduced in Kubernetes 1.13+ with a default value of
+  # None conversion (strategy sub-field set to None).
+  conversion:
+    # None conversion assumes the same schema for all versions and only sets the apiVersion
+    # field of custom resources to the proper value
+    strategy: None
+  # either Namespaced or Cluster
+  scope: Namespaced
+  names:
+    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+    plural: crontabs
+    # singular name to be used as an alias on the CLI and for display
+    singular: crontab
+    # kind is normally the CamelCased singular type. Your resource manifests use this.
+    kind: CronTab
+    # shortNames allow shorter string to match your resource on the CLI
+    shortNames:
+    - ct
+```
+
+<!--
+You can save the CustomResourceDefinition in a YAML file, then use
+`kubectl apply` to create it.
+-->
+你可以将 CustomResourceDefinition 存储在 YAML 文件中，然后使用`kubectl apply`来创建它。
+
+```shell
+kubectl apply -f my-versioned-crontab.yaml
+```
+
+<!--
+After creation, the API server starts to serve each enabled version at an HTTP
+REST endpoint. In the above example, the API versions are available at
+`/apis/example.com/v1beta1` and `/apis/example.com/v1`.
+-->
+在创建之后，API 服务器开始在 HTTP REST 端点上为每个启用的版本提供服务。在上面的示例中，API 版本可以在`/apis/example.com/v1beta1` 和 `/apis/example.com/v1`中获得。
+
+<!--
+### Version priority
+-->
+### 版本优先级
+
+<!--
+Regardless of the order in which versions are defined in a
+CustomResourceDefinition, the version with the highest priority is used by
+kubectl as the default version to access objects. The priority is determined
+by parsing the _name_ field to determine the version number, the stability
+(GA, Beta, or Alpha), and the sequence within that stability level.
+-->
+不考虑 CustomResourceDefinition 中版本被定义的顺序，kubectl 使用具有最高优先级的版本作为访问对象的默认版本。
+通过解析_name_字段确定优先级来决定版本号，稳定性(GA, Beta, 或者 Alpha)，以及该稳定性水平内的序列。
+
+<!--
+The algorithm used for sorting the versions is designed to sort versions in the
+same way that the Kubernetes project sorts Kubernetes versions. Versions start with a
+`v` followed by a number, an optional `beta` or `alpha` designation, and
+optional additional numeric versioning information. Broadly, a version string might look
+like `v2` or `v2beta1`. Versions are sorted using the following algorithm:
+-->
+用于对版本进行排序的算法被设计成与 Kubernetes 项目对 Kubernetes 版本进行排序的方式相同。
+版本以`v`开头跟一个数字，一个可选的`beta` 或者 `alpha`命名，和一个可选的附加的数字型的版本信息。
+从广义上讲，版本字符串可能看起来像`v2`或者`v2beta1`。
+使用以下算法对版本进行排序：
+
+<!--
+- Entries that follow Kubernetes version patterns are sorted before those that
+  do not.
+- For entries that follow Kubernetes version patterns, the numeric portions of
+  the version string is sorted largest to smallest.
+- If the strings `beta` or `alpha` follow the first numeric portion, they sorted
+  in that order, after the equivalent string without the `beta` or `alpha`
+  suffix (which is presumed to be the GA version).
+- If another number follows the `beta`, or `alpha`, those numbers are also
+  sorted from largest to smallest.
+- Strings that don't fit the above format are sorted alphabetically and the
+  numeric portions are not treated specially. Notice that in the example below,
+  `foo1` is sorted above `foo10`. This is different from the sorting of the
+  numeric portion of entries that do follow the Kubernetes version patterns.
+-->
+- 遵循 Kubernetes 版本模式的条目在不符合条件的条目之前进行排序。
+- 对于遵循 Kubernetes 版本模式的条目，版本字符串的数字部分从最大到最小排序。
+- 如果字符串`beta` 或 `alpha`跟随第一数字部分，它们按顺序排序，在没有`beta` 或 `alpha`后缀（假定为 GA 版本）的等效字符串后面。
+- 如果另一个数字跟在`beta`或`alpha`之后，那么这些数字也是从最大到最小排序。
+- 不符合上述格式的字符串按字母顺序排序，数字部分不经过特殊处理。请注意，在下面的示例中，`foo1`在 `foo10`上方排序。这与遵循 Kubernetes 版本模式的条目的数字部分排序不同。
+
+<!--
+This might make sense if you look at the following sorted version list:
+-->
+如果查看以下排序版本列表可以明白：
+
+```none
+- v10
+- v2
+- v1
+- v11beta2
+- v10beta3
+- v3beta1
+- v12alpha1
+- v11alpha2
+- foo1
+- foo10
+```
+
+<!--
+For the example in [Specify multiple versions](#specify-multiple-versions), the
+version sort order is `v1`, followed by `v1beta1`. This causes the kubectl
+command to use `v1` as the default version unless the provided object specifies
+the version.
+-->
+对于 [指定多个版本](#specify-multiple-versions)中的示例，版本排序顺序为`v1`，后跟着`v1beta1`。
+这导致了 kubectl 命令使用`v1`作为默认版本，除非提供对象指定版本。
+
+<!--
+## Webhook conversion
+-->
+## Webhook 转换
+
+<!--
+Webhook conversion is introduced in Kubernetes 1.13 as an alpha feature. To use it, the
+`CustomResourceWebhookConversion` feature should be enabled. Please refer to the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) documentation for more information.
+-->
+{{< note >}}
+Webhook 转换在 Kubernetes 1.13中作为 alpha 功能引入。要使用它，应启用`CustomResourceWebhookConversion`功能。 请参阅 [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) 文档以获得更多信息。
+{{< /note >}}
+
+<!--
+The above example has a None conversion between versions which only sets the `apiVersion` field
+on conversion and does not change the rest of the object. The API server also supports webhook
+conversions that call an external service in case a conversion is required. For example when:
+-->
+上面的例子在版本之间有一个 None 转换，它只在转换时设置`apiVersion`字段而不改变对象的其余部分。API 服务器还支持在需要转换时调用外部服务的 webhook 转换。例如：
+
+<!--
+* custom resource is requested in a different version than stored version.
+* Watch is created in one version but the changed object is stored in another version.
+* custom resource PUT request is in a different version than storage version.
+-->
+* 自定义资源被要求在一个不同的版本里而不是一个存储的版本里。
+* Watch 在一个版本中创建，但更改对象存储在另一个版本中。
+* 自定义资源 PUT 请求在一个不同的版本里而不是一个存储的版本。
+
+<!--
+To cover all of these cases and to optimize conversion by the API server, the conversion requests may contain multiple objects in order to minimize the external calls. The webhook should perform these conversions independently.
+-->
+为了涵盖所有这些情况并通过 API 服务器优化转换，转换对象可能包含多个对象，以便最大限度地减少外部调用。webhook 应该独立执行这些转换。
+
+<!--
+### Write a conversion webhook server
+-->
+### 编写一个 webhook 服务器的转换
+
+<!--
+Please refer to the implementation of the [custom resource conversion webhook
+server](https://github.com/kubernetes/kubernetes/tree/v1.13.0/test/images/crd-conversion-webhook/main.go)
+that is validated in a Kubernetes e2e test. The webhook handles the
+`ConversionReview` requests sent by the API servers, and sends back conversion
+results wrapped in `ConversionResponse`. Note that the request
+contains a list of custom resources that need to be converted independently without
+changing the order of objects.
+The example server is organized in a way to be reused for other conversions. Most of the common code are located in the [framework file](https://github.com/kubernetes/kubernetes/tree/v1.14.0/test/images/crd-conversion-webhook/converter/framework.go) that leaves only [one function](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/images/crd-conversion-webhook/converter/example_converter.go#L29-L80) to be implemented for different conversions.
+-->
+请参考[自定义资源转换 webhook
+服务器](https://github.com/kubernetes/kubernetes/tree/v1.13.0/test/images/crd-conversion-webhook/main.go)的实施，这在Kubernetes e2e测试中得到验证。
+webhook 处理由 API 服务器发送的`ConversionReview`请求，并发送回包含在`ConversionResponse`中的转换结果。
+请注意，请求包含需要独立转换不改变对象顺序的自定义资源列表。
+示例服务器的组织方式使其可以重用于其他转换。
+大多数常见代码都位于[框架文件](https://github.com/kubernetes/kubernetes/tree/v1.14.0/test/images/crd-conversion-webhook/converter/framework.go)中，只留下[一个功能](https://github.com/kubernetes/kubernetes/blob/v1.13.0/test/images/crd-conversion-webhook/converter/example_converter.go#L29-L80)用于实施不同的转换。
+
+<!--
+The example conversion webhook server leaves the `ClientAuth` field
+[empty](https://github.com/kubernetes/kubernetes/tree/v1.13.0/test/images/crd-conversion-webhook/config.go#L47-L48),
+which defaults to `NoClientCert`. This means that the webhook server does not
+authenticate the identity of the clients, supposedly API servers. If you need
+mutual TLS or other ways to authenticate the clients, see
+how to [authenticate API servers](/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers).
+-->
+{{< note >}}
+示例转换 webhook 服务器留下`ClientAuth`字段[empty](https://github.com/kubernetes/kubernetes/tree/v1.13.0/test/images/crd-conversion-webhook/config.go#L47-L48)，默认为`NoClientCert`。
+这意味着 webhook 服务器没有验证客户端的身份，据称是 API 服务器。
+如果您需要相互 TLS 或者其他方式来验证客户端，请参阅如何[验证 API 服务器](/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers)。
+{{< /note >}}
+
+<!--
+### Deploy the conversion webhook service
+-->
+### 部署转换 webhook 服务器
+
+<!--
+Documentation for deploying the conversion webhook is the same as for the [admission webhook example service](/docs/reference/access-authn-authz/extensible-admission-controllers/#deploy_the_admission_webhook_service).
+The assumption for next sections is that the conversion webhook server is deployed to a service named `example-conversion-webhook-server` in `default` namespace and serving traffic on path `/crdconvert`.
+-->
+用于部署转换 webhook 的文档与[准入 webhook 示例服务](/docs/reference/access-authn-authz/extensible-admission-controllers/#deploy_the_admission_webhook_service)。
+下一节的假设是转换 webhook 服务器部署到`default`命名空间中名为`example-conversion-webhook-server`的服务器上，并在路径`/crdconvert`上提供流量。
+
+<!--
+When the webhook server is deployed into the Kubernetes cluster as a
+service, it has to be exposed via a service on port 443 (The server
+itself can have an arbitrary port but the service object should map it to port 443).
+The communication between the API server and the webhook service may fail
+if a different port is used for the service.
+-->
+{{< note >}}
+当 webhook 服务器作为一个部署到 Kubernetes 集群中的服务器时，它必须通过端口443上的服务器公开(服务器本身可以有一个任意端口，但是服务器对象应该将它映射到端口443)。
+如果为服务器使用不同的端口，则 API 服务器和 webhook 服务器之间的通信可能会失败。
+{{< /note >}}
+
+<!--
+### Configure CustomResourceDefinition to use conversion webhooks
+-->
+### 配置 CustomResourceDefinition 以使用转换 webhook
+
+<!--
+The `None` conversion example can be extended to use the conversion webhook by modifying `conversion`
+section of the `spec`:
+-->
+通过修改`spec`中的`conversion`部分，可以扩展`None`转换示例来使用转换 webhook。
+
+```yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  # name must match the spec fields below, and be in the form: <plural>.<group>
+  name: crontabs.example.com
+spec:
+  # group name to use for REST API: /apis/<group>/<version>
+  group: example.com
+  # list of versions supported by this CustomResourceDefinition
+  versions:
+  - name: v1beta1
+    # Each version can be enabled/disabled by Served flag.
+    served: true
+    # One and only one version must be marked as the storage version.
+    storage: true
+    # Each version can define it's own schema when there is no top-level
+    # schema is defined.
+    schema:
+      openAPIV3Schema:
+        properties:
+          hostPort:
+            type: string
+  - name: v1
+    served: true
+    storage: false
+    schema:
+      openAPIV3Schema:
+        properties:
+          host:
+            type: string
+          port:
+            type: string
+  conversion:
+    # a Webhook strategy instruct API server to call an external webhook for any conversion between custom resources.
+    strategy: Webhook
+    # webhookClientConfig is required when strategy is `Webhook` and it configure the webhook endpoint to be
+    # called by API server.
+    webhookClientConfig:
+      service:
+        namespace: default
+        name: example-conversion-webhook-server
+        # path is the url the API server will call. It should match what the webhook is serving at. The default is '/'.
+        path: /crdconvert
+      caBundle: <pem encoded ca cert that signs the server cert used by the webhook>
+  # either Namespaced or Cluster
+  scope: Namespaced
+  names:
+    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+    plural: crontabs
+    # singular name to be used as an alias on the CLI and for display
+    singular: crontab
+    # kind is normally the CamelCased singular type. Your resource manifests use this.
+    kind: CronTab
+    # shortNames allow shorter string to match your resource on the CLI
+    shortNames:
+    - ct
+```
+
+<!--
+When using `clientConfig.service`, the server cert must be valid for
+`<svc_name>.<svc_namespace>.svc`.
+-->
+{{< note >}}
+当使用 `clientConfig.service`时，服务器证书必须对`<svc_name>.<svc_namespace>.svc`有效。
+{{< /note >}}
+
+<!--
+You can save the CustomResourceDefinition in a YAML file, then use
+`kubectl apply` to apply it.
+-->
+您可以将 CustomResourceDefinition 保存在 YAML 文件中，然后使用`kubectl apply`来应用它。
+
+```shell
+kubectl apply -f my-versioned-crontab-with-conversion.yaml
+```
+
+<!--
+Make sure the conversion service is up and running before applying new changes.
+-->
+在应用新更改之前，请确保转换服务器已启动并正在运行。
+
+<!--
+## Writing, reading, and updating versioned CustomResourceDefinition objects
+-->
+## 编写、读取和更新版本化的 CustomResourceDefinition 对象
+
+<!--
+When an object is written, it is persisted at the version designated as the
+storage version at the time of the write. If the storage version changes,
+existing objects are never converted automatically. However, newly-created
+or updated objects are written at the new storage version. It is possible for an
+object to have been written at a version that is no longer served.
+-->
+写入对象时，它将保留在写入时指定为存储版本的版本中。
+如果存储版本发生变化，现有对象永远不会自动转换。
+然而，新创建或更新的对象将在新的存储版本中编写。
+对象可能已在不再被服务的版本中编写。
+
+<!--
+When you read an object, you specify the version as part of the path. If you
+specify a version that is different from the object's persisted version,
+Kubernetes returns the object to you at the version you requested, but the
+persisted object is neither changed on disk, nor converted in any way
+(other than changing the `apiVersion` string) while serving the request.
+You can request an object at any version that is currently served.
+-->
+当读取对象时，将版本指定为路径的一部分。
+如果指定的版本与对象的持久版本不同， Kubernetes 会在您请求的版本里将对象返还给您，但是在提供请求时，持久化对象既不会在磁盘上更改，也不会以任何方式进行转换（除了更改`apiVersion`字符串）。
+您可以在当前提供的任何版本中请求对象。
+
+<!--
+If you update an existing object, it is rewritten at the version that is
+currently the storage version. This is the only way that objects can change from
+one version to another.
+-->
+如果您更新了一个现有对象，它将在现在的存储版本中被重写。
+这是对象可以从一个版本改到另一个版本的唯一办法。
+
+<!--
+To illustrate this, consider the following hypothetical series of events:
+-->
+为了说明这一点，请考虑以下假设的一系列事件：
+
+<!--
+1.  The storage version is `v1beta1`. You create an object. It is persisted in
+    storage at version `v1beta1`
+2.  You add version `v1` to your CustomResourceDefinition and designate it as
+    the storage version.
+3.  You read your object at version `v1beta1`, then you read the object again at
+    version `v1`. Both returned objects are identical except for the apiVersion
+    field.
+4.  You create a new object. It is persisted in storage at version `v1`. You now
+    have two objects, one of which is at `v1beta1`, and the other of which is at
+    `v1`.
+5.  You update the first object. It is now persisted at version `v1` since that
+    is the current storage version.
+-->
+1.  存储版本是`v1beta1`。
+    它保存在版本`v1beta1`的存储中。
+2.  您将版本`v1`添加到 CustomResourceDefinition 中，并将其指定为存储版本。
+3.  您在版本`v1beta1`中读取您的对象，然后您再次在版本`v1`中读取对象。
+    除了 apiVersion 字段之外，两个返回的对象都是相同的。
+4.  您创建一个新对象。
+    它存储在版本`v1`的存储中。
+    您现在有两个对象，其中一个位于`v1beta1`，另一个位于`v1`。
+5.  您更新第一个对象。
+    它现在保存在版本`v1`中，因为那是当前的存储版本。
+
+<!--
+### Previous storage versions
+-->
+### 以前的存储版本
+
+<!--
+The API server records each version which has ever been marked as the storage
+version in the status field `storedVersions`. Objects may have been persisted
+at any version that has ever been designated as a storage version. No objects
+can exist in storage at a version that has never been a storage version.
+-->
+API 服务器在状态字段`storedVersions`中记录曾被标记为存储版本的每个版本。
+对象可能已被保留在任何曾被指定为存储版本的版本中。
+从未成为存储版本的版本的存储中不能存在任何对象。
+
+<!--
+## Upgrade existing objects to a new stored version
+-->
+## 将现有对象升级到新的存储版本
+
+<!--
+When deprecating versions and dropping support, devise a storage upgrade
+procedure. The following is an example procedure to upgrade from `v1beta1`
+to `v1`.
+-->
+弃用版本并删除支持时，请设计存储升级过程。
+以下是从`v1beta1`升级到`v1`的示例过程。
+
+<!--
+1.  Set `v1` as the storage in the CustomResourceDefinition file and apply it
+    using kubectl. The `storedVersions` is now `v1beta1, v1`.
+2.  Write an upgrade procedure to list all existing objects and write them with
+    the same content. This forces the backend to write objects in the current
+    storage version, which is `v1`.
+3.  Update the CustomResourceDefinition `Status` by removing `v1beta1` from
+    `storedVersions` field.
+-->
+1.  将`v1`设置为 CustomResourceDefinition 文件中的存储，并使用 kubectl 应用它。
+    `storedVersions`现在是`v1beta1、 v1`。
+2.  编写升级过程以列出所有现有对象并使用相同内容编写它们。
+    这会强制后端在当前存储版本中写入对象，即`v1`。
+3.  通过从`storedVersions`字段中删除`v1beta1`来更新 CustomResourceDefinition`Status`。 
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/access-kubernetes-api/http-proxy-access-api.md b/content/zh/docs/tasks/access-kubernetes-api/http-proxy-access-api.md
new file mode 100644
index 0000000000000..4f6978fbcf327
--- /dev/null
+++ b/content/zh/docs/tasks/access-kubernetes-api/http-proxy-access-api.md
@@ -0,0 +1,128 @@
+---
+title: 使用 HTTP 代理访问 Kubernetes API
+content_template: templates/task
+weight: 40
+---
+
+<!--
+---
+title: Use an HTTP Proxy to Access the Kubernetes API
+content_template: templates/task
+weight: 40
+---
+-->
+
+<!--
+{{% capture overview %}}
+This page shows how to use an HTTP proxy to access the Kubernetes API.
+{{% /capture %}}
+ -->
+ 
+{{% capture overview %}}
+
+本文说明如何使用 HTTP 代理访问 Kubernetes API。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!--
+* If you do not already have an application running in your cluster, start
+  a Hello world application by entering this command:
+ -->
+* 如果您的集群中还没有任何应用，使用如下命令启动一个 Hello World 应用：
+
+      kubectl run node-hello --image=gcr.io/google-samples/node-hello:1.0 --port=8080
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Using kubectl to start a proxy server
+
+This command starts a proxy to the Kubernetes API server:
+ -->
+## 使用 kubectl 启动代理服务器
+
+使用如下命令启动 Kubernetes API 服务器的代理：
+
+    kubectl proxy --port=8080
+
+<!--
+## Exploring the Kubernetes API
+
+When the proxy server is running, you can explore the API using `curl`, `wget`,
+or a browser.
+ -->
+## 探究 Kubernetes API
+
+当代理服务器在运行时，你可以通过 `curl`、`wget` 或者浏览器访问 API。
+
+<!--
+Get the API versions:
+ -->
+获取 API 版本：
+
+    curl http://localhost:8080/api/
+
+    {
+      "kind": "APIVersions",
+      "versions": [
+        "v1"
+      ],
+      "serverAddressByClientCIDRs": [
+        {
+          "clientCIDR": "0.0.0.0/0",
+          "serverAddress": "10.0.2.15:8443"
+        }
+      ]
+    }
+
+<!--
+Get a list of pods:
+ -->
+获取 Pod 列表：
+
+    curl http://localhost:8080/api/v1/namespaces/default/pods
+
+    {
+      "kind": "PodList",
+      "apiVersion": "v1",
+      "metadata": {
+        "selfLink": "/api/v1/namespaces/default/pods",
+        "resourceVersion": "33074"
+      },
+      "items": [
+        {
+          "metadata": {
+            "name": "kubernetes-bootcamp-2321272333-ix8pt",
+            "generateName": "kubernetes-bootcamp-2321272333-",
+            "namespace": "default",
+            "selfLink": "/api/v1/namespaces/default/pods/kubernetes-bootcamp-2321272333-ix8pt",
+            "uid": "ba21457c-6b1d-11e6-85f7-1ef9f1dab92b",
+            "resourceVersion": "33003",
+            "creationTimestamp": "2016-08-25T23:43:30Z",
+            "labels": {
+              "pod-template-hash": "2321272333",
+              "run": "kubernetes-bootcamp"
+            },
+            ...
+    }
+
+{{% /capture %}}
+
+<!--
+{{% capture whatsnext %}}
+Learn more about [kubectl proxy](/docs/reference/generated/kubectl/kubectl-commands#proxy).
+{{% /capture %}}
+ -->
+ 
+{{% capture whatsnext %}}
+
+想了解更多信息，请参阅 [kubectl 代理](/docs/reference/generated/kubectl/kubectl-commands#proxy)。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/access-kubernetes-api/setup-extension-api-server.md b/content/zh/docs/tasks/access-kubernetes-api/setup-extension-api-server.md
index f7b3fff81a32d..6e6779c41c612 100644
--- a/content/zh/docs/tasks/access-kubernetes-api/setup-extension-api-server.md
+++ b/content/zh/docs/tasks/access-kubernetes-api/setup-extension-api-server.md
@@ -1,6 +1,5 @@
-<!--
 ---
-title: Setup an extension API server
+title: 设置一个扩展的 API server
 reviewers:
 - lavalamp
 - cheftako
@@ -8,9 +7,10 @@ reviewers:
 content_template: templates/task
 weight: 15
 ---
--->
+
+<!--
 ---
-title: 设置一个扩展的 API server
+title: Setup an extension API server
 reviewers:
 - lavalamp
 - cheftako
@@ -18,6 +18,7 @@ reviewers:
 content_template: templates/task
 weight: 15
 ---
+-->
 
 {{% capture overview %}}
 
diff --git a/content/zh/docs/tasks/administer-cluster/_index.md b/content/zh/docs/tasks/administer-cluster/_index.md
new file mode 100755
index 0000000000000..348e449aa8fda
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/_index.md
@@ -0,0 +1,11 @@
+---
+title: "管理集群"
+weight: 20
+---
+
+<!--
+---
+title: "Administer a Cluster"
+weight: 20
+---
+-->
diff --git a/content/zh/docs/tasks/administer-cluster/access-cluster-api.md b/content/zh/docs/tasks/administer-cluster/access-cluster-api.md
new file mode 100644
index 0000000000000..b689d9413c484
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/access-cluster-api.md
@@ -0,0 +1,352 @@
+---
+title: 使用 Kubernetes API 访问集群
+content_template: templates/task
+---
+<!-- ---
+title: Access Clusters Using the Kubernetes API
+content_template: templates/task
+--- -->
+{{% capture overview %}}
+<!-- This page shows how to access clusters using the Kubernetes API. -->
+本页展示了如何使用 Kubernetes API 访问集群
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Accessing the cluster API -->
+
+## 访问集群 API
+
+<!-- ### Accessing for the first time with kubectl -->
+
+### 使用 kubectl 进行首次访问
+
+<!-- When accessing the Kubernetes API for the first time, use the
+Kubernetes command-line tool, `kubectl`. -->
+
+首次访问 Kubernetes API 时，请使用 Kubernetes 命令行工具 `kubectl` 。
+
+<!-- To access a cluster, you need to know the location of the cluster and have credentials
+to access it. Typically, this is automatically set-up when you work through
+a [Getting started guide](/docs/setup/),
+or someone else setup the cluster and provided you with credentials and a location. -->
+
+要访问集群，您需要知道集群位置并拥有访问它的凭证。通常，当您完成[入门指南](/docs/setup/)时，这会自动设置完成，或者由其他人设置好集群并将凭证和位置提供给您。
+
+<!-- Check the location and credentials that kubectl knows about with this command: -->
+
+使用此命令检查 kubectl 已知的位置和凭证：
+
+```shell
+kubectl config view
+```
+
+<!-- Many of the [examples](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/) provide an introduction to using
+kubectl. Complete documentation is found in the [kubectl manual](/docs/reference/kubectl/overview/). -->
+
+许多[样例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/)提供了使用 kubectl 的介绍。完整文档请见 [kubectl 手册](/docs/reference/kubectl/overview/)。
+
+<!-- ### Directly accessing the REST API -->
+
+### 直接访问 REST API
+
+<!-- kubectl handles locating and authenticating to the API server. If you want to directly access the REST API with an http client like
+`curl` or `wget`, or a browser, there are multiple ways you can locate and authenticate against the API server: -->
+
+kubectl 处理对 API 服务器的定位和身份验证。如果您想通过 http 客户端（如 `curl` 或 `wget`，或浏览器）直接访问 REST API，您可以通过多种方式对 API 服务器进行定位和身份验证：
+
+ <!-- 1. Run kubectl in proxy mode (recommended). This method is recommended, since it uses the stored apiserver location and verifies the identity of the API server using a self-signed cert. No man-in-the-middle (MITM) attack is possible using this method.
+ 1. Alternatively, you can provide the location and credentials directly to the http client. This works with client code that is confused by proxies. To protect against man in the middle attacks, you'll need to import a root cert into your browser. -->
+
+ 1. 以代理模式运行 kubectl（推荐）。 推荐使用此方法，因为它用存储的 apiserver 位置并使用自签名证书验证 API 服务器的标识。使用这种方法无法进行中间人（MITM）攻击。
+ 2. 另外，您可以直接为 http 客户端提供位置和身份认证。这适用于被代理混淆的客户端代码。为防止中间人攻击，您需要将根证书导入浏览器。
+
+ <!-- Using the Go or Python client libraries provides accessing kubectl in proxy mode. -->
+
+ 使用 Go 或 Python 客户端库可以在代理模式下访问 kubectl。
+
+<!-- #### Using kubectl proxy -->
+
+#### 使用 kubectl 代理
+
+<!-- The following command runs kubectl in a mode where it acts as a reverse proxy. It handles
+locating the API server and authenticating. -->
+
+下列命令使 kubectl 运行在反向代理模式下。它处理 API 服务器的定位和身份认证。
+
+<!-- Run it like this: -->
+
+像这样运行它：
+
+```shell
+kubectl proxy --port=8080 &
+```
+
+<!-- See [kubectl proxy](/docs/reference/generated/kubectl/kubectl-commands/#proxy) for more details. -->
+
+参见 [kubectl 代理](/docs/reference/generated/kubectl/kubectl-commands/#proxy) 获取更多细节。
+
+<!-- Then you can explore the API with curl, wget, or a browser, like so: -->
+
+然后您可以通过 curl，wget，或浏览器浏览 API，像这样：
+
+```shell
+curl http://localhost:8080/api/
+```
+
+<!-- The output is similar to this: -->
+
+输出类似如下：
+
+```json
+{
+  "versions": [
+    "v1"
+  ],
+  "serverAddressByClientCIDRs": [
+    {
+      "clientCIDR": "0.0.0.0/0",
+      "serverAddress": "10.0.1.149:443"
+    }
+  ]
+}
+```
+
+<!-- #### Without kubectl proxy -->
+
+#### 不使用 kubectl 代理
+
+<!-- It is possible to avoid using kubectl proxy by passing an authentication token
+directly to the API server, like this:
+
+Using `grep/cut` approach: -->
+
+通过将身份认证令牌直接传给 API 服务器，可以避免使用 kubectl 代理，像这样：
+
+使用 `grep/cut` 方式：
+
+```shell
+# Check all possible clusters, as you .KUBECONFIG may have multiple contexts:
+kubectl config view -o jsonpath='{"Cluster name\tServer\n"}{range .clusters[*]}{.name}{"\t"}{.cluster.server}{"\n"}{end}'
+
+# Select name of cluster you want to interact with from above output:
+export CLUSTER_NAME="some_server_name"
+
+# Point to the API server refering the cluster name
+APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")
+
+# Gets the token value
+TOKEN=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 -d)
+
+# Explore the API with TOKEN
+curl -X GET $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
+```
+
+<!-- The output is similar to this: -->
+
+输出类似如下：
+
+```json
+{
+  "kind": "APIVersions",
+  "versions": [
+    "v1"
+  ],
+  "serverAddressByClientCIDRs": [
+    {
+      "clientCIDR": "0.0.0.0/0",
+      "serverAddress": "10.0.1.149:443"
+    }
+  ]
+}
+```
+
+<!-- Using `jsonpath` approach: -->
+
+使用 `jsonpath` 方式：
+
+```
+$ APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
+$ TOKEN=$(kubectl get secret $(kubectl get serviceaccount default -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 --decode )
+$ curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
+{
+  "kind": "APIVersions",
+  "versions": [
+    "v1"
+  ],
+  "serverAddressByClientCIDRs": [
+    {
+      "clientCIDR": "0.0.0.0/0",
+      "serverAddress": "10.0.1.149:443"
+    }
+  ]
+}
+```
+
+<!-- The above example uses the `--insecure` flag. This leaves it subject to MITM
+attacks. When kubectl accesses the cluster it uses a stored root certificate
+and client certificates to access the server. (These are installed in the
+`~/.kube` directory). Since cluster certificates are typically self-signed, it
+may take special configuration to get your http client to use root
+certificate. -->
+
+上面例子使用了 `--insecure` 标志位。这使它易受到 MITM 攻击。当 kubectl 访问集群时，它使用存储的根证书和客户端证书访问服务器。（已安装在 `~/.kube` 目录下）。由于集群认证通常是自签名的，因此可能需要特殊设置才能让你的 http 客户端使用根证书。
+
+<!-- On some clusters, the API server does not require authentication; it may serve
+on localhost, or be protected by a firewall. There is not a standard
+for this. [Configuring Access to the API](/docs/reference/access-authn-authz/controlling-access/)
+describes how a cluster admin can configure this. Such approaches may conflict
+with future high-availability support. -->
+
+在一些集群中，API 服务器不需要身份认证；它运行在本地，或由防火墙保护着。对此并没有一个标准。[配置对 API 的访问](/docs/reference/access-authn-authz/controlling-access/) 阐述了一个集群管理员如何对此进行配置。这种方法可能与未来的高可用性支持发生冲突。
+
+<!-- ### Programmatic access to the API -->
+
+### 编程方式访问 API
+
+<!-- Kubernetes officially supports client libraries for [Go](#go-client) and
+[Python](#python-client). -->
+
+Kubernetes 官方支持 [Go](#go-客户端) 和 [Python](#python-客户端) 的客户端库.
+
+<!-- #### Go client -->
+
+#### Go 客户端
+
+<!-- * To get the library, run the following command: `go get k8s.io/client-go/<version number>/kubernetes` See [https://github.com/kubernetes/client-go](https://github.com/kubernetes/client-go) to see which versions are supported.
+* Write an application atop of the client-go clients. Note that client-go defines its own API objects, so if needed, please import API definitions from client-go rather than from the main repository, e.g., `import "k8s.io/client-go/1.4/pkg/api/v1"` is correct. -->
+
+* 要获取库，运行下列命令：`go get k8s.io/client-go/<version number>/kubernetes` 参见 [https://github.com/kubernetes/client-go](https://github.com/kubernetes/client-go) 查看受支持的版本。
+* 基于 client-go 客户端编写应用程序。注意 client-go 定义了自己的 API 对象，因此如果需要，请从 client-go 而不是主仓库导入 API 定义，例如 `import "k8s.io/client-go/1.4/pkg/api/v1"` 是正确做法。
+
+<!-- The Go client can use the same [kubeconfig file](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/)
+as the kubectl CLI does to locate and authenticate to the API server. See this [example](https://git.k8s.io/client-go/examples/out-of-cluster-client-configuration/main.go): -->
+
+Go 客户端可以使用与 kubectl 命令行工具相同的 [kubeconfig 文件](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/) 定位和验证 API 服务器。参见这个 [例子](https://git.k8s.io/client-go/examples/out-of-cluster-client-configuration/main.go)：
+
+```golang
+import (
+   "fmt"
+   "k8s.io/client-go/1.4/kubernetes"
+   "k8s.io/client-go/1.4/pkg/api/v1"
+   "k8s.io/client-go/1.4/tools/clientcmd"
+)
+...
+   // uses the current context in kubeconfig
+   config, _ := clientcmd.BuildConfigFromFlags("", "path to kubeconfig")
+   // creates the clientset
+   clientset, _:= kubernetes.NewForConfig(config)
+   // access the API to list pods
+   pods, _:= clientset.CoreV1().Pods("").List(v1.ListOptions{})
+   fmt.Printf("There are %d pods in the cluster\n", len(pods.Items))
+...
+```
+
+<!-- If the application is deployed as a Pod in the cluster, please refer to the [next section](#accessing-the-api-from-a-pod). -->
+
+如果该应用程序部署为集群中的一个 Pod，请参阅 [下一节](#从-pod-中访问-api)。
+
+<!-- #### Python client -->
+
+#### Python 客户端
+
+<!-- To use [Python client](https://github.com/kubernetes-client/python), run the following command: `pip install kubernetes` See [Python Client Library page](https://github.com/kubernetes-client/python) for more installation options. -->
+
+要使用 [Python 客户端](https://github.com/kubernetes-client/python)，运行下列命令：`pip install kubernetes` 参见 [Python 客户端库主页](https://github.com/kubernetes-client/python) 查看更多安装选项。
+
+<!-- The Python client can use the same [kubeconfig file](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/)
+as the kubectl CLI does to locate and authenticate to the API server. See this [example](https://github.com/kubernetes-client/python/tree/master/examples/example1.py): -->
+
+Python 客户端可以使用与 kubectl 命令行工具相同的 [kubeconfig 文件](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/) 定位和验证 API 服务器。参见这个 [例子](https://github.com/kubernetes-client/python/tree/master/examples/example1.py)：
+
+```python
+from kubernetes import client, config
+
+config.load_kube_config()
+
+v1=client.CoreV1Api()
+print("Listing pods with their IPs:")
+ret = v1.list_pod_for_all_namespaces(watch=False)
+for i in ret.items:
+    print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
+```
+
+<!-- #### Other languages -->
+
+#### 其他语言
+
+<!-- There are [client libraries](/docs/reference/using-api/client-libraries/) for accessing the API from other languages. See documentation for other libraries for how they authenticate. -->
+
+有许多 [客户端库](/docs/reference/using-api/client-libraries/) 可以用于从其他语言访问 API。请参阅其他库的文档了解它们的身份验证方式。
+
+<!-- ### Accessing the API from a Pod -->
+
+### 从 Pod 中访问 API
+
+<!-- When accessing the API from a Pod, locating and authenticating
+to the API server are somewhat different. -->
+
+从 Pod 访问 API 时，对 API 服务器的定位和身份验证会有所不同。
+
+<!-- The easiest way to use the Kubernetes API from a Pod is to use
+one of the official [client libraries](/docs/reference/using-api/client-libraries/). These
+libraries can automatically discover the API server and authenticate. -->
+
+从 Pod 使用 Kubernetes API 的最简单的方法就是使用一个官方的 [客户端库](/docs/reference/using-api/client-libraries/)。这些库可以自动发现 API 服务器并进行身份验证。
+
+<!-- While running in a Pod, the Kubernetes apiserver is accessible via a Service named
+`kubernetes` in the `default` namespace. Therefore, Pods can use the 
+`kubernetes.default.svc` hostname to query the API server. Official client libraries
+do this automatically. -->
+
+在运行在 Pod 中时，可以通过 `default` 命名空间中的名为 `kubernetes` 的服务访问 Kubernetes apiserver。也就是说，Pods 可以使用 `kubernetes.default.svc` 主机名来查询 API 服务器。官方客户端库自动完成这个工作。
+
+<!-- From within a Pod, the recommended way to authenticate to the API server is with a
+[service account](/docs/user-guide/service-accounts) credential. By default, a Pod
+is associated with a service account, and a credential (token) for that
+service account is placed into the filesystem tree of each container in that Pod,
+at `/var/run/secrets/kubernetes.io/serviceaccount/token`. -->
+
+从一个 Pod 内，向 API 服务器进行身份认证的推荐的做法是使用 [服务账号](/docs/user-guide/service-accounts) 凭证。默认的，一个 Pod 与一个服务账号关联，该服务账户的凭证（令牌）放置在此 Pod 中每个容器的文件系统树中的 `/var/run/secrets/kubernetes.io/serviceaccount/token` 处。
+
+<!-- If available, a certificate bundle is placed into the filesystem tree of each
+container at `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`, and should be
+used to verify the serving certificate of the API server. -->
+
+如果可用，凭证包被放入每个容器的文件系统树中的 `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` 处，并且将被用于验证 API 服务器的服务证书。
+
+<!-- Finally, the default namespace to be used for namespaced API operations is placed in a file
+at `/var/run/secrets/kubernetes.io/serviceaccount/namespace` in each container. -->
+
+最后，用于命名空间 API 操作的默认的命名空间放置在每个容器中的 `/var/run/secrets/kubernetes.io/serviceaccount/namespace` 文件中。
+
+<!-- From within a Pod, the recommended ways to connect to the Kubernetes API are: -->
+
+从一个 Pod 内，连接 Kubernetes API 的推荐方法是：
+
+<!--   - Use one of the official [client libraries](/docs/reference/using-api/client-libraries/)
+    as they handle API host discovery and authentication automatically.
+    For Go client, the `rest.InClusterConfig()` function assists with this.
+    See [an example here](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go). -->
+
+  - 使用官方的 [客户端库](/docs/reference/using-api/client-libraries/) 因为他们会自动地完成 API 主机发现和身份认证。以 Go 客户端来说，`rest.InClusterConfig()` 可以帮助解决这个问题。参见 [这里的一个例子](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go)。
+
+<!--   - If you would like to query the API without an official client library, you can run `kubectl proxy`
+    as the [command](/docs/tasks/inject-data-application/define-command-argument-container/)
+    of a new sidecar container in the Pod. This way, `kubectl proxy` will authenticate
+    to the API and expose it on the `localhost` interface of the Pod, so that other containers
+    in the Pod can use it directly. -->
+
+  - 如果您想要在没有官方客户端库的情况下查询 API，可以在 Pod 里以一个新的边车容器的 [命令](/docs/tasks/inject-data-application/define-command-argument-container/)的方式运行 `kubectl proxy` 。此方式下，`kubectl proxy` 将对 API 进行身份验证并将其公开在 Pod 的 `localhost` 接口上，以便 Pod 中的其他容器可以直接使用它。
+
+<!-- In each case, the service account credentials of the Pod are used to communicate
+securely with the API server. -->
+
+在每种情况下，Pod 的服务账号凭证被用于与 API 服务器的安全通信。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/change-default-storage-class.md b/content/zh/docs/tasks/administer-cluster/change-default-storage-class.md
index fe419be70b834..0dbfb7c8ee6a5 100644
--- a/content/zh/docs/tasks/administer-cluster/change-default-storage-class.md
+++ b/content/zh/docs/tasks/administer-cluster/change-default-storage-class.md
@@ -36,54 +36,61 @@ content_template: templates/task
 
 1. 列出您集群中的 StorageClasses：
 
-        kubectl get storageclass
+    ```bash
+    kubectl get storageclass
+    ```
 
+    输出类似这样：
 
-	输出类似这样：
-
-        NAME                 TYPE
-        standard (default)   kubernetes.io/gce-pd
-        gold                 kubernetes.io/gce-pd
-
+    ```bash
+    NAME                 PROVISIONER               AGE
+    standard (default)   kubernetes.io/gce-pd      1d
+    gold                 kubernetes.io/gce-pd      1d
+    ```
 
-   默认 StorageClass 以 `(default)` 标记。
+    默认 StorageClass 以 `(default)` 标记。
 
 
 2. 标记默认 StorageClass  非默认：
 
 
-   默认 StorageClass 的注解 `storageclass.kubernetes.io/is-default-class` 设置为 `true`。注解的其它任意值或者缺省值将被解释为 `false`。
-
+      默认 StorageClass 的注解 `storageclass.kubernetes.io/is-default-class` 设置为 `true`。注解的其它任意值或者缺省值将被解释为 `false`。
 
-   要标记一个 StorageClass 为非默认的，您需要改变它的值为 `false`： 
+      要标记一个 StorageClass 为非默认的，您需要改变它的值为 `false`： 
+   
+      ```bash
+      kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
+      ```
 
-        kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
 
-
-    这里的 `<your-class-name>` 是您选择的 StorageClass 的名字。
+      这里的 `<your-class-name>` 是您选择的 StorageClass 的名字。
 
 
 3. 标记一个 StorageClass 为默认的：
 
 
-   和前面的步骤类似，您需要添加/设置注解 `storageclass.kubernetes.io/is-default-class=true`。
-
-        kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+      和前面的步骤类似，您需要添加/设置注解 `storageclass.kubernetes.io/is-default-class=true`。
 
+      ```bash
+      kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+      ```
 
-   请注意，最多只能有一个 StorageClass 能够被标记为默认。如果它们中有两个或多个被标记为默认，Kubernetes 将忽略这个注解，也就是它将表现为没有默认 StorageClass。
+      请注意，最多只能有一个 StorageClass 能够被标记为默认。如果它们中有两个或多个被标记为默认，Kubernetes 将忽略这个注解，也就是它将表现为没有默认 StorageClass。
 
 
 4. 验证您选用的 StorageClass 为默认的：
 
-        kubectl get storageclass
+      ```bash
+      kubectl get storageclass
+      ```
 
+      输出类似这样：
 
-    输出类似这样：
-
-        NAME             TYPE
-        standard         kubernetes.io/gce-pd
-        gold (default)   kubernetes.io/gce-pd
+      ```bash
+      NAME             PROVISIONER               AGE
+      standard         kubernetes.io/gce-pd      1d
+      gold (default)   kubernetes.io/gce-pd      1d
+      ```
 
 {{% /capture %}}
 
diff --git a/content/zh/docs/tasks/administer-cluster/configure-multiple-schedulers.md b/content/zh/docs/tasks/administer-cluster/configure-multiple-schedulers.md
new file mode 100644
index 0000000000000..479151b213518
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/configure-multiple-schedulers.md
@@ -0,0 +1,310 @@
+---
+title: 配置多个调度器
+content_template: templates/task
+---
+<!--
+---
+reviewers:
+- davidopp
+- madhusudancs
+title: Configure Multiple Schedulers
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Kubernetes ships with a default scheduler that is described [here](/docs/admin/kube-scheduler/).
+-->
+Kubernetes 自带了一个默认调度器，其详细描述请查阅[这里](/docs/reference/command-line-tools-reference/kube-scheduler/)。
+<!--
+If the default scheduler does not suit your needs you can implement your own scheduler.
+-->
+如果默认调度器不适合您的需求，您可以实现自己的调度器。
+<!--
+Not just that, you can even run multiple schedulers simultaneously alongside the default scheduler and instruct Kubernetes what scheduler to use for each of your pods. Let's learn how to run multiple schedulers in Kubernetes with an example.
+-->
+不仅如此，您甚至可以伴随着默认调度器同时运行多个调度器，并告诉 Kubernetes 为每个 pod 使用什么调度器。
+让我们通过一个例子讲述如何在 Kubernetes 中运行多个调度器。
+
+<!--
+A detailed description of how to implement a scheduler is outside the scope of this document. Please refer to the kube-scheduler implementation in[pkg/scheduler](https://github.com/kubernetes/kubernetes/tree/{{< param "githubbranch" >}}/pkg/scheduler)in the Kubernetes source directory for a canonical example.
+-->
+关于实现调度器的具体细节描述超出了本文范围。
+请参考 kube-scheduler 的实现，规范示例代码位于 [pkg/scheduler](https://github.com/kubernetes/kubernetes/tree/{{< param "githubbranch" >}}/pkg/scheduler)。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Package the scheduler
+-->
+## 打包调度器
+
+<!--
+Package your scheduler binary into a container image. For the purposes of this example,let's just use the default scheduler (kube-scheduler) as our second scheduler as well.
+-->
+将调度器二进制文件打包到容器镜像中。出于示例目的，我们就使用默认调度器（kube-scheduler）作为我们的第二个调度器。
+<!--
+Clone the [Kubernetes source code from Github](https://github.com/kubernetes/kubernetes)and build the source.
+-->
+从 Github 克隆 [Kubernetes 源代码](https://github.com/kubernetes/kubernetes)，并编译构建源代码。
+
+```shell
+git clone https://github.com/kubernetes/kubernetes.git
+cd kubernetes
+make
+```
+
+<!--
+Create a container image containing the kube-scheduler binary. Here is the `Dockerfile`to build the image:
+-->
+创建一个包含 kube-scheduler 二进制文件的容器镜像。用于构建镜像的 `Dockerfile` 内容如下：
+
+```docker
+FROM busybox
+ADD ./_output/dockerized/bin/linux/amd64/kube-scheduler /usr/local/bin/kube-scheduler
+```
+
+<!--
+Save the file as `Dockerfile`, build the image and push it to a registry. This example pushes the image to[Google Container Registry (GCR)](https://cloud.google.com/container-registry/).
+-->
+将文件保存为 `Dockerfile`，构建镜像并将其推送到镜像仓库。
+此示例将镜像推送到 [Google 容器镜像仓库（GCR）](https://cloud.google.com/container-registry/)。
+<!--
+For more details, please read the GCR[documentation](https://cloud.google.com/container-registry/docs/).
+-->
+有关详细信息，请阅读 GCR [文档](https://cloud.google.com/container-registry/docs/)。
+
+```shell
+docker build -t gcr.io/my-gcp-project/my-kube-scheduler:1.0 .
+gcloud docker -- push gcr.io/my-gcp-project/my-kube-scheduler:1.0
+```
+
+<!--
+## Define a Kubernetes Deployment for the scheduler
+-->
+## 为调度器定义 Kubernetes Deployment
+
+<!--
+Now that we have our scheduler in a container image, we can just create a pod config for it and run it in our Kubernetes cluster. But instead of creating a pod directly in the cluster, let's use a [Deployment](/docs/concepts/workloads/controllers/deployment/)for this example. A [Deployment](/docs/concepts/workloads/controllers/deployment/) manages a[Replica Set](/docs/concepts/workloads/controllers/replicaset/) which in turn manages the pods,thereby making the scheduler resilient to failures. Here is the deployment config. Save it as `my-scheduler.yaml`:
+-->
+现在我们将调度器放在容器镜像中，我们可以为它创建一个 pod 配置，并在我们的 Kubernetes 集群中运行它。
+但是与其在集群中直接创建一个 pod，不如使用 [Deployment](/docs/concepts/workloads/controllers/deployment/)。
+[Deployment](/docs/concepts/workloads/controllers/deployment/) 管理一个 [Replica Set](/docs/concepts/workloads/controllers/replicaset/)，Replica Set 再管理 pod，从而使调度器能够适应故障。
+以下是 Deployment 配置，被保存为 `my-scheduler.yaml`：
+
+{{< codenew file="admin/sched/my-scheduler.yaml" >}}
+
+<!--
+An important thing to note here is that the name of the scheduler specified as an argument to the scheduler command in the container spec should be unique. This is the name that is matched against the value of the optional `spec.schedulerName` on pods, to determine whether this scheduler is responsible for scheduling a particular pod.
+-->
+这里需要注意的是，在该部署文件中 Container 的 spec 配置的调度器启动命令参数（--scheduler-name）指定的调度器名称应该是惟一的。
+这个名称应该与 pods 上的可选参数 `spec.schedulerName` 的值相匹配，也就是说调度器名称的匹配关系决定了 pods 的调度任务由哪个调度器负责。
+
+<!--
+Note also that we created a dedicated service account `my-scheduler` and bind the cluster role`system:kube-scheduler` to it so that it can acquire the same privileges as `kube-scheduler`.
+-->
+还要注意，我们创建了一个专用服务帐户 `my-scheduler` 并将集群角色 `system:kube-scheduler` 绑定到它，以便它可以获得与 `kube-scheduler` 相同的权限。
+
+<!--
+Please see the[kube-scheduler documentation](/docs/admin/kube-scheduler/) for detailed description of other command line arguments.
+-->
+请参阅 [kube-scheduler 文档](/docs/reference/command-line-tools-reference/kube-scheduler/)以获取其他命令行参数的详细说明。
+
+<!--
+## Run the second scheduler in the cluster
+-->
+## 在集群中运行第二个调度器
+
+<!--
+In order to run your scheduler in a Kubernetes cluster, just create the deployment specified in the config above in a Kubernetes cluster:
+-->
+为了在 Kubernetes 集群中运行我们的第二个调度器，只需在 Kubernetes 集群中创建上面配置中指定的 Deployment：
+
+```shell
+kubectl create -f my-scheduler.yaml
+```
+
+<!--
+Verify that the scheduler pod is running:
+-->
+验证调度器 pod 正在运行：
+
+```shell
+$ kubectl get pods --namespace=kube-system
+NAME                                           READY     STATUS    RESTARTS   AGE
+....
+my-scheduler-lnf4s-4744f                       1/1       Running   0          2m
+...
+```
+
+<!--
+You should see a "Running" my-scheduler pod, in addition to the default kube-scheduler pod in this list.
+-->
+此列表中，除了默认的 kube-scheduler pod 之外，您应该还能看到处于 “Running” 状态的 my-scheduler pod。
+
+<!--
+To run multiple-scheduler with leader election enabled, you must do the following:
+-->
+要在启用了 leader 选举的情况下运行多调度器，您必须执行以下操作：
+
+<!--
+First, update the following fields in your YAML file:
+-->
+首先，更新上述 Deployment YAML（my-scheduler.yaml）文件中的以下字段：
+
+* `--leader-elect=true`
+* `--lock-object-namespace=lock-object-namespace`
+* `--lock-object-name=lock-object-name`
+
+<!--
+If RBAC is enabled on your cluster, you must update the `system:kube-scheduler` cluster role. Add you scheduler name to the resourceNames of the rule applied for endpoints resources, as in the following example:
+-->
+如果在集群上启用了 RBAC，则必须更新 `system：kube-scheduler` 集群角色。将调度器名称添加到应用于端点资源的规则的 resourceNames，如以下示例所示：
+```
+$ kubectl edit clusterrole system:kube-scheduler
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: ClusterRole
+  metadata:
+    annotations:
+      rbac.authorization.kubernetes.io/autoupdate: "true"
+    labels:
+      kubernetes.io/bootstrapping: rbac-defaults
+    name: system:kube-scheduler
+  rules:
+  - apiGroups:
+    - ""
+    resourceNames:
+    - kube-scheduler
+    - my-scheduler
+    resources:
+    - endpoints
+    verbs:
+    - delete
+    - get
+    - patch
+    - update
+```
+
+<!--
+## Specify schedulers for pods
+-->
+## 指定 pod 的调度器
+
+<!--
+Now that our second scheduler is running, let's create some pods, and direct them to be scheduled by either the default scheduler or the one we just deployed. In order to schedule a given pod using a specific scheduler, we specify the name of the scheduler in that pod spec. Let's look at three examples.
+-->
+现在我们的第二个调度器正在运行，让我们创建一些 pod，并指定它们由默认调度器或我们刚部署的调度器进行调度。
+为了使用特定的调度器调度给定的 pod，我们在那个 pod 的 spec 中指定调度器的名称。让我们看看三个例子。
+
+
+<!--
+- Pod spec without any scheduler name
+-->
+ -  Pod spec 没有任何调度器名称
+
+  {{< codenew file="admin/sched/pod1.yaml" >}}
+
+<!--
+  When no scheduler name is supplied, the pod is automatically scheduled using the  default-scheduler.
+-->
+如果未提供调度器名称，则会使用 default-scheduler 自动调度 pod。
+
+<!--
+  Save this file as `pod1.yaml` and submit it to the Kubernetes cluster.
+-->
+将此文件另存为 `pod1.yaml`，并将其提交给 Kubernetes 集群。
+
+```shell
+kubectl create -f pod1.yaml
+```
+
+<!--
+- Pod spec with `default-scheduler`
+-->
+ -  Pod spec 设置为 `default-scheduler`
+
+  {{< codenew file="admin/sched/pod2.yaml" >}}
+
+<!--
+  A scheduler is specified by supplying the scheduler name as a value to `spec.schedulerName`. In this case, we supply the name of the  default scheduler which is `default-scheduler`.
+-->
+通过将调度器名称作为 `spec.schedulerName` 参数的值来指定调度器。在这种情况下，我们提供默认调度器的名称，即 `default-scheduler`。
+
+<!--
+  Save this file as `pod2.yaml` and submit it to the Kubernetes cluster.
+-->
+将此文件另存为 `pod2.yaml`，并将其提交给 Kubernetes 集群。
+
+```shell
+kubectl create -f pod2.yaml
+```
+
+<!--
+- Pod spec with `my-scheduler`
+-->
+ -  Pod spec 设置为 `my-scheduler`
+
+  {{< codenew file="admin/sched/pod3.yaml" >}}
+
+<!--
+  In this case, we specify that this pod should be scheduled using the scheduler that we  deployed - `my-scheduler`. Note that the value of `spec.schedulerName` should match the name supplied to the scheduler  command as an argument in the deployment config for the scheduler.
+-->
+在这种情况下，我们指定此 pod 使用我们部署的 `my-scheduler` 来调度。
+请注意，`spec.schedulerName` 参数的值应该与 Deployment 中配置的提供给 scheduler 命令的参数名称匹配。
+
+<!--
+  Save this file as `pod3.yaml` and submit it to the Kubernetes cluster.
+-->
+将此文件另存为 `pod3.yaml`，并将其提交给 Kubernetes 集群。
+
+```shell
+kubectl create -f pod3.yaml
+```
+
+<!--
+  Verify that all three pods are running.
+-->
+确认所有三个 pod 都在运行。
+
+```shell
+kubectl get pods
+```
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+### Verifying that the pods were scheduled using the desired schedulers
+-->
+### 验证是否使用所需的调度器调度了 pod
+
+<!--
+In order to make it easier to work through these examples, we did not verify that the pods were actually scheduled using the desired schedulers. We can verify that by changing the order of pod and deployment config submissions above. If we submit all the pod configs to a Kubernetes cluster before submitting the scheduler deployment config,we see that the pod `annotation-second-scheduler` remains in "Pending" state forever while the other two pods get scheduled. Once we submit the scheduler deployment config and our new scheduler starts running, the `annotation-second-scheduler` pod gets scheduled as well.
+-->
+为了更容易地完成这些示例，我们没有验证 pod 实际上是使用所需的调度程序调度的。
+我们可以通过更改 pod 的顺序和上面的部署配置提交来验证这一点。
+如果我们在提交调度器部署配置之前将所有 pod 配置提交给 Kubernetes 集群，我们将看到注解了 `annotation-second-scheduler` 的 pod 始终处于 “Pending” 状态，而其他两个 pod 被调度。
+一旦我们提交调度器部署配置并且我们的新调度器开始运行，注解了 `annotation-second-scheduler` 的 pod 就能被调度。
+
+<!--
+Alternatively, one could just look at the "Scheduled" entries in the event logs to verify that the pods were scheduled by the desired schedulers.
+-->
+或者，可以查看事件日志中的 “Scheduled” 条目，以验证是否由所需的调度器调度了 pod。
+
+```shell
+kubectl get events
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/configure-upgrade-etcd.md b/content/zh/docs/tasks/administer-cluster/configure-upgrade-etcd.md
new file mode 100644
index 0000000000000..ba01ad9e1e94e
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/configure-upgrade-etcd.md
@@ -0,0 +1,454 @@
+---
+reviewers:
+- mml
+- wojtek-t
+title: 为 Kubernetes 运行 etcd 集群
+content_template: templates/task
+---
+<!--
+---
+reviewers:
+- mml
+- wojtek-t
+title: Operating etcd clusters for Kubernetes
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+{{< glossary_definition term_id="etcd" length="all" prepend="etcd is a ">}}
+-->
+{{< glossary_definition term_id="etcd" length="all" prepend="etcd 是一个">}}
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Prerequisites
+
+* Run etcd as a cluster of odd members.
+
+* etcd is a leader-based distributed system. Ensure that the leader periodically send heartbeats on time to all followers to keep the cluster stable.
+
+* Ensure that no resource starvation occurs.
+
+  Performance and stability of the cluster is sensitive to network and disk IO. Any resource starvation can lead to heartbeat timeout, causing instability of the cluster. An unstable etcd indicates that no leader is elected. Under such circumstances, a cluster cannot make any changes to its current state, which implies no new pods can be scheduled.
+
+* Keeping stable etcd clusters is critical to the stability of Kubernetes clusters. Therefore, run etcd clusters on dedicated machines or isolated environments for [guaranteed resource requirements](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/hardware.md#hardware-recommendations).
+
+* The minimum recommended version of etcd to run in production is `3.2.10+`.
+-->
+## 先决条件
+
+* 运行的 etcd 集群个数成员为奇数。
+
+* etcd 是一个 leader-based 分布式系统。确保主节点定期向所有从节点发送心跳，以保持集群稳定。
+
+* 确保不发生资源不足。
+  
+  集群的性能和稳定性对网络和磁盘 IO 非常敏感。任何资源匮乏都会导致心跳超时，从而导致集群的不稳定。不稳定的情况表明没有选出任何主节点。在这种情况下，集群不能对其当前状态进行任何更改，这意味着不能调度新的 pod。
+
+* 保持稳定的 etcd 集群对 Kubernetes 集群的稳定性至关重要。因此，请在专用机器或隔离环境上运行 etcd 集群，以满足[所需资源需求](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/hardware.md#hardware-recommendations)。
+
+* 在生产中运行的 etcd 的最低推荐版本是 `3.2.10+`。
+  
+<!--
+## Resource requirements
+
+Operating etcd with limited resources is suitable only for testing purposes. For deploying in production, advanced hardware configuration is required. Before deploying etcd in production, see [resource requirement reference documentation](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/hardware.md#example-hardware-configurations).
+
+## Starting Kubernetes API server
+
+This section covers starting a Kubernetes API server with an etcd cluster in the deployment.
+-->
+## 资源要求
+
+使用有限的资源运行 etcd 只适合测试目的。为了在生产中部署，需要先进的硬件配置。在生产中部署 etcd 之前，请查看[所需资源参考文档](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/hardware.md#example-hardware-configurations)。
+
+## 启动 Kubernetes API 服务器
+
+本节介绍如何在 deployment 中使用 etcd 集群启动 Kubernetes API 服务器。
+
+<!--
+### Single-node etcd cluster
+
+Use a single-node etcd cluster only for testing purpose.
+
+1. Run the following:
+
+    ```sh
+    ./etcd --listen-client-urls=http://$PRIVATE_IP:2379 --advertise-client-urls=http://$PRIVATE_IP:2379
+    ```
+
+2. Start Kubernetes API server with the flag `--etcd-servers=$PRIVATE_IP:2379`.
+
+    Replace `PRIVATE_IP` with your etcd client IP.
+-->
+### 单节点 etcd 集群
+
+只为测试目的使用单节点 etcd 集群。
+
+1. 运行以下命令：
+
+    ```sh
+    ./etcd --listen-client-urls=http://$PRIVATE_IP:2379 --advertise-client-urls=http://$PRIVATE_IP:2379
+    ```
+
+2. 使用参数 `--etcd-servers=$PRIVATE_IP:2379` 启动 Kubernetes API 服务器。
+
+    使用您 etcd 客户端 IP 替换 `PRIVATE_IP`。
+
+<!--
+### Multi-node etcd cluster
+
+For durability and high availability, run etcd as a multi-node cluster in production and back it up periodically. A five-member cluster is recommended in production. For more information, see [FAQ Documentation](https://github.com/coreos/etcd/blob/master/Documentation/faq.md#what-is-failure-tolerance).
+
+Configure an etcd cluster either by static member information or by dynamic discovery. For more information on clustering, see [etcd Clustering Documentation](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md).
+
+For an example, consider a five-member etcd cluster running with the following client URLs: `http://$IP1:2379`, `http://$IP2:2379`, `http://$IP3:2379`, `http://$IP4:2379`, and `http://$IP5:2379`. To start a Kubernetes API server:
+
+1. Run the following:
+
+    ```sh
+    ./etcd --listen-client-urls=http://$IP1:2379, http://$IP2:2379, http://$IP3:2379, http://$IP4:2379, http://$IP5:2379 --advertise-client-urls=http://$IP1:2379, http://$IP2:2379, http://$IP3:2379, http://$IP4:2379, http://$IP5:2379
+    ```
+
+2. Start Kubernetes API servers with the flag `--etcd-servers=$IP1:2379, $IP2:2379, $IP3:2379, $IP4:2379, $IP5:2379`.
+
+    Replace `IP` with your client IP addresses.
+-->
+### 多节点 etcd 集群
+
+为了耐用性和高可用性，在生产中将以多节点集群的方式运行 etcd，并且定期备份。建议在生产中使用五个成员的集群。有关该内容的更多信息，请参阅[常见问题文档](https://github.com/coreos/etcd/blob/master/Documentation/faq.md#what-is-failure-tolerance)。
+
+可以通过静态成员信息或动态发现的方式配置 etcd 集群。有关集群的详细信息，请参阅 [etcd 集群文档](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/clustering.md)。
+
+例如，考虑运行以下客户端 URL 的五个成员的 etcd 集群：`http://$IP1:2379`，`http://$IP2:2379`，`http://$IP3:2379`，`http://$IP4:2379` 和 `http://$IP5:2379`。要启动 Kubernetes API 服务器：
+
+1. 运行以下命令：
+
+    ```sh
+    ./etcd --listen-client-urls=http://$IP1:2379, http://$IP2:2379, http://$IP3:2379, http://$IP4:2379, http://$IP5:2379 --advertise-client-urls=http://$IP1:2379, http://$IP2:2379, http://$IP3:2379, http://$IP4:2379, http://$IP5:2379
+    ```
+
+2. 使用参数 `--etcd-servers=$IP1:2379, $IP2:2379, $IP3:2379, $IP4:2379, $IP5:2379` 启动 Kubernetes API 服务器。
+
+    使用您 etcd 客户端 IP 地址替换 `IP`。
+
+<!--
+###  Multi-node etcd cluster with load balancer
+
+To run a load balancing etcd cluster:
+
+1. Set up an etcd cluster.
+2. Configure a load balancer in front of the etcd cluster.
+   For example, let the address of the load balancer be `$LB`.
+3. Start Kubernetes API Servers with the flag `--etcd-servers=$LB:2379`.
+-->
+### 使用负载均衡的多节点 etcd 集群
+
+要运行负载均衡的 etcd 集群：
+
+1. 建立一个 etcd 集群。
+2. 在 etcd 集群前面配置负载均衡器。例如，让负载均衡器的地址为 `$LB`。
+3. 使用参数 `--etcd-servers=$LB:2379` 启动 Kubernetes API 服务器。
+
+<!--
+## Securing etcd clusters
+
+Access to etcd is equivalent to root permission in the cluster so ideally only the API server should have access to it. Considering the sensitivity of the data, it is recommended to grant permission to only those nodes that require access to etcd clusters.
+
+To secure etcd, either set up firewall rules or use the security features provided by etcd. etcd security features depend on x509 Public Key Infrastructure (PKI). To begin, establish secure communication channels by generating a key and certificate pair. For example, use key pairs `peer.key` and `peer.cert` for securing communication between etcd members, and `client.key` and `client.cert` for securing communication between etcd and its clients. See the [example scripts](https://github.com/coreos/etcd/tree/master/hack/tls-setup) provided by the etcd project to generate key pairs and CA files for client authentication.
+-->
+## 安全的 etcd 集群
+
+对 etcd 的访问相当于集群中的 root 权限，因此理想情况下只有 API 服务器才能访问它。考虑到数据的敏感性，建议只向需要访问 etcd 集群的节点授予权限。
+
+想要确保 etcd 的安全，可以设置防火墙规则或使用 etcd 提供的安全特性，这些安全特性依赖于 x509 公钥基础设施（PKI）。首先，通过生成密钥和证书对来建立安全的通信通道。
+例如，使用密钥对 `peer.key` 和 `peer.cert` 来保护 etcd 成员之间的通信，而 `client.cert` 和 `client.cert` 用于保护 etcd 与其客户端之间的通信。请参阅 etcd 项目提供的[示例脚本](https://github.com/coreos/etcd/tree/master/hack/tls-setup)，以生成用于客户端身份验证的密钥对和 CA 文件。
+
+<!--
+### Securing communication
+
+To configure etcd with secure peer communication, specify flags `--peer-key-file=peer.key` and `--peer-cert-file=peer.cert`, and use https as URL schema.
+
+Similarly, to configure etcd with secure client communication, specify flags `--key-file=k8sclient.key` and `--cert-file=k8sclient.cert`, and use https as URL schema.
+-->
+### 安全通信
+
+若要使用安全对等通信对 etcd 进行配置，请指定参数 `--peer-key-file=peer.key` 和 `--peer-cert-file=peer.cert`，并使用 https 作为 URL 模式。
+
+类似地，要使用安全客户端通信对 etcd 进行配置，请指定参数 `--key-file=k8sclient.key` 和 `--cert-file=k8sclient.cert`，并使用 https 作为 URL 模式。
+
+<!--
+### Limiting access of etcd clusters
+
+After configuring secure communication, restrict the access of etcd cluster to only the Kubernetes API server. Use TLS authentication to do so.
+
+For example, consider key pairs `k8sclient.key` and `k8sclient.cert` that are trusted by the CA `etcd.ca`. When etcd is configured with `--client-cert-auth` along with TLS, it verifies the certificates from clients by using system CAs or the CA passed in by `--trusted-ca-file` flag. Specifying flags `--client-cert-auth=true` and `--trusted-ca-file=etcd.ca` will restrict the access to clients with the certificate `k8sclient.cert`.
+
+Once etcd is configured correctly, only clients with valid certificates can access it. To give Kubernetes API server the access, configure it with the flags `--etcd-certfile=k8sclient.cert`,`--etcd-keyfile=k8sclient.key` and `--etcd-cafile=ca.cert`.
+
+{{< note >}}
+etcd authentication is not currently supported by Kubernetes. For more information, see the related issue [Support Basic Auth for Etcd v2](https://github.com/kubernetes/kubernetes/issues/23398).
+{{< /note >}}
+-->
+### 限制 etcd 集群的访问
+
+配置安全通信后，将 etcd 集群的访问限制在 Kubernetes API 服务器上。使用 TLS 身份验证来完成此任务。
+
+例如，考虑由 CA `etcd.ca` 信任的密钥对 `k8sclient.key` 和 `k8sclient.cert`。当 etcd 配置为 `--client-cert-auth` 和 TLS 时，它使用系统 CA 或由 `--trusted-ca-file` 参数传入的 CA 验证来自客户端的证书。
+指定参数 `--client-cert-auth=true` 和 `--trusted-ca-file=etcd.ca` 将限制对具有证书 `k8sclient.cert` 的客户端的访问。
+
+一旦正确配置了 etcd，只有具有有效证书的客户端才能访问它。要让 Kubernetes API 服务器访问，可以使用参数 `--etcd-certfile=k8sclient.cert`,`--etcd-keyfile=k8sclient.key` 和 `--etcd-cafile=ca.cert` 配置它。
+
+{{< note >}}
+Kubernetes 目前不支持 etcd 身份验证。想要了解更多信息，请参阅相关的问题[支持 etcd v2 的基本认证](https://github.com/kubernetes/kubernetes/issues/23398)。
+{{< /note >}}
+
+<!--
+## Replacing a failed etcd member
+
+etcd cluster achieves high availability by tolerating minor member failures. However, to improve the overall health of the cluster, replace failed members immediately. When multiple members fail, replace them one by one. Replacing a failed member involves two steps: removing the failed member and adding a new member.
+
+Though etcd keeps unique member IDs internally, it is recommended to use a unique name for each member to avoid human errors. For example, consider a three-member etcd cluster. Let the URLs be, member1=http://10.0.0.1, member2=http://10.0.0.2, and member3=http://10.0.0.3. When member1 fails, replace it with member4=http://10.0.0.4.
+
+1. Get the member ID of the failed member1:
+
+    `etcdctl --endpoints=http://10.0.0.2,http://10.0.0.3 member list`
+
+      The following message is displayed:
+
+        8211f1d0f64f3269, started, member1, http://10.0.0.1:2380, http://10.0.0.1:2379
+        91bc3c398fb3c146, started, member2, http://10.0.0.2:2380, http://10.0.0.2:2379
+        fd422379fda50e48, started, member3, http://10.0.0.3:2380, http://10.0.0.3:2379
+
+2. Remove the failed member:
+
+    `etcdctl member remove 8211f1d0f64f3269`
+
+      The following message is displayed:
+
+       Removed member 8211f1d0f64f3269 from cluster
+
+3. Add the new member:
+
+    `./etcdctl member add member4 --peer-urls=http://10.0.0.4:2380`
+
+     The following message is displayed:
+
+       Member 2be1eb8f84b7f63e added to cluster ef37ad9dc622a7c4
+
+4. Start the newly added member on a machine with the IP `10.0.0.4`:
+
+        export ETCD_NAME="member4"
+        export ETCD_INITIAL_CLUSTER="member2=http://10.0.0.2:2380,member3=http://10.0.0.3:2380,member4=http://10.0.0.4:2380"
+        export ETCD_INITIAL_CLUSTER_STATE=existing
+        etcd [flags]
+
+5. Do either of the following:
+
+   1. Update its `--etcd-servers` flag to make Kubernetes aware of the configuration changes, then restart the Kubernetes API server.
+   2. Update the load balancer configuration if a load balancer is used in the deployment.
+
+For more information on cluster reconfiguration, see [etcd Reconfiguration Documentation](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#remove-a-member).
+-->
+## 替换失败的 etcd 成员
+
+etcd 集群通过容忍少数成员故障实现高可用性。但是，要改善集群的整体健康状况，请立即替换失败的成员。当多个成员失败时，逐个替换它们。替换失败成员需要两个步骤：删除失败成员和添加新成员。
+
+虽然 etcd 在内部保留唯一的成员 ID，但建议为每个成员使用唯一的名称，以避免人为错误。例如，考虑一个三成员的 etcd 集群。让 URL 为：member1=http://10.0.0.1， member2=http://10.0.0.2 和 member3=http://10.0.0.3。当 member1 失败时，将其替换为 member4=http://10.0.0.4。
+
+1. 获取失败的 member1 的成员 ID：
+
+    `etcdctl --endpoints=http://10.0.0.2,http://10.0.0.3 member list`
+
+      显示以下信息：
+
+        8211f1d0f64f3269, started, member1, http://10.0.0.1:2380, http://10.0.0.1:2379
+        91bc3c398fb3c146, started, member2, http://10.0.0.2:2380, http://10.0.0.2:2379
+        fd422379fda50e48, started, member3, http://10.0.0.3:2380, http://10.0.0.3:2379
+
+2. 移除失败的成员
+
+    `etcdctl member remove 8211f1d0f64f3269`
+
+      显示以下信息：
+
+       Removed member 8211f1d0f64f3269 from cluster
+
+3. 增加新成员：
+
+    `./etcdctl member add member4 --peer-urls=http://10.0.0.4:2380`
+
+     显示以下信息：
+
+       Member 2be1eb8f84b7f63e added to cluster ef37ad9dc622a7c4
+
+4. 在 IP 为 `10.0.0.4` 的机器上启动新增加的成员：
+
+        export ETCD_NAME="member4"
+        export ETCD_INITIAL_CLUSTER="member2=http://10.0.0.2:2380,member3=http://10.0.0.3:2380,member4=http://10.0.0.4:2380"
+        export ETCD_INITIAL_CLUSTER_STATE=existing
+        etcd [flags]
+
+5. 做以下事情之一：
+
+   1. 更新其 `--etcd-servers` 参数，使 Kubernetes 知道配置进行了更改，然后重新启动 Kubernetes API 服务器。
+   2. 如果在 deployment 中使用了负载均衡，更新负载均衡配置。
+
+有关集群重新配置的详细信息，请参阅 [etcd 重构文档](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#remove-a-member)。
+
+<!--
+## Backing up an etcd cluster
+
+All Kubernetes objects are stored on etcd. Periodically backing up the etcd cluster data is important to recover Kubernetes clusters under disaster scenarios, such as losing all master nodes. The snapshot file contains all the Kubernetes states and critical information. In order to keep the sensitive Kubernetes data safe, encrypt the snapshot files.
+
+Backing up an etcd cluster can be accomplished in two ways: etcd built-in snapshot and volume snapshot.
+-->
+## 备份 etcd 集群
+
+所有 Kubernetes 对象都存储在 etcd 上。定期备份 etcd 集群数据对于在灾难场景（例如丢失所有主节点）下恢复 Kubernetes 集群非常重要。快照文件包含所有 Kubernetes 状态和关键信息。为了保证敏感的 Kubernetes 数据的安全，可以对快照文件进行加密。
+
+备份 etcd 集群可以通过两种方式完成：etcd 内置快照和卷快照。
+
+<!--
+### Built-in snapshot
+
+etcd supports built-in snapshot, so backing up an etcd cluster is easy. A snapshot may either be taken from a live member with the `etcdctl snapshot save` command or by copying the `member/snap/db` file from an etcd [data directory](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#--data-dir) that is not currently used by an etcd process. Taking the snapshot will normally not affect the performance of the member.
+
+Below is an example for taking a snapshot of the keyspace served by `$ENDPOINT` to the file `snapshotdb`:
+
+```sh
+ETCDCTL_API=3 etcdctl --endpoints $ENDPOINT snapshot save snapshotdb
+# exit 0
+
+# verify the snapshot
+ETCDCTL_API=3 etcdctl --write-out=table snapshot status snapshotdb
++----------+----------+------------+------------+
+|   HASH   | REVISION | TOTAL KEYS | TOTAL SIZE |
++----------+----------+------------+------------+
+| fe01cf57 |       10 |          7 | 2.1 MB     |
++----------+----------+------------+------------+
+```
+-->
+### 内置快照
+
+etcd 支持内置快照，因此备份 etcd 集群很容易。快照可以从使用 `etcdctl snapshot save` 命令的活动成员中获取，也可以通过从 etcd [数据目录](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#--data-dir)复制 `member/snap/db` 文件，该 etcd 数据目录目前没有被 etcd 进程使用。获取快照通常不会影响成员的性能。
+
+下面是一个示例，用于获取 `$ENDPOINT` 所提供的键空间的快照到文件 `snapshotdb`：
+
+```sh
+ETCDCTL_API=3 etcdctl --endpoints $ENDPOINT snapshot save snapshotdb
+# exit 0
+
+# verify the snapshot
+ETCDCTL_API=3 etcdctl --write-out=table snapshot status snapshotdb
++----------+----------+------------+------------+
+|   HASH   | REVISION | TOTAL KEYS | TOTAL SIZE |
++----------+----------+------------+------------+
+| fe01cf57 |       10 |          7 | 2.1 MB     |
++----------+----------+------------+------------+
+```
+
+<!--
+### Volume snapshot
+
+If etcd is running on a storage volume that supports backup, such as Amazon Elastic Block Store, back up etcd data by taking a snapshot of the storage volume.
+
+## Scaling up etcd clusters
+
+Scaling up etcd clusters increases availability by trading off performance. Scaling does not increase cluster performance nor capability. A general rule is not to scale up or down etcd clusters. Do not configure any auto scaling groups for etcd clusters. It is highly recommended to always run a static five-member etcd cluster for production Kubernetes clusters at any officially supported scale.
+
+A reasonable scaling is to upgrade a three-member cluster to a five-member one, when more reliability is desired. See [etcd Reconfiguration Documentation](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#remove-a-member) for information on how to add members into an existing cluster.
+-->
+### 卷快照
+
+如果 etcd 运行在支持备份的存储卷（如 Amazon Elastic Block 存储）上，则可以通过获取存储卷的快照来备份 etcd 数据。
+
+## 扩展 etcd 集群
+
+通过交换性能，扩展 etcd 集群可以提高可用性。缩放不会提高集群性能和能力。一般情况下不要扩大或缩小 etcd 集群的集合。不要为 etcd 集群配置任何自动缩放组。强烈建议始终在任何官方支持的规模上运行生产 Kubernetes 集群时使用静态的五成员 etcd 集群。
+
+合理的扩展是在需要更高可靠性的情况下，将三成员集群升级为五成员集群。请参阅 [etcd 重新配置文档](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#remove-a-member)以了解如何将成员添加到现有集群中的信息。
+
+<!--
+## Restoring an etcd cluster
+
+etcd supports restoring from snapshots that are taken from an etcd process of the [major.minor](http://semver.org/) version. Restoring a version from a different patch version of etcd also is supported. A restore operation is employed to recover the data of a failed cluster.
+
+Before starting the restore operation, a snapshot file must be present. It can either be a snapshot file from a previous backup operation, or from a remaining [data directory](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#--data-dir). For more information and examples on restoring a cluster from a snapshot file, see [etcd disaster recovery documentation](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/recovery.md#restoring-a-cluster).
+
+If the access URLs of the restored cluster is changed from the previous cluster, the Kubernetes API server must be reconfigured accordingly. In this case, restart Kubernetes API server with the flag `--etcd-servers=$NEW_ETCD_CLUSTER` instead of the flag `--etcd-servers=$OLD_ETCD_CLUSTER`. Replace `$NEW_ETCD_CLUSTER` and `$OLD_ETCD_CLUSTER` with the respective IP addresses. If a load balancer is used in front of an etcd cluster, you might need to update the load balancer instead.
+
+If the majority of etcd members have permanently failed, the etcd cluster is considered failed. In this scenario, Kubernetes cannot make any changes to its current state. Although the scheduled pods might continue to run, no new pods can be scheduled. In such cases, recover the etcd cluster and potentially reconfigure Kubernetes API server to fix the issue.
+-->
+## 恢复 etcd 集群
+
+etcd 支持从 [major.minor](http://semver.org/) 或其他不同 patch 版本的 etcd 进程中获取的快照进行恢复。还原操作用于恢复失败的集群的数据。
+
+在启动还原操作之前，必须有一个快照文件。它可以是来自以前备份操作的快照文件，也可以是来自剩余[数据目录](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#--data-dir)的快照文件。
+有关从快照文件还原集群的详细信息和示例，请参阅 [etcd 灾难恢复文档](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/recovery.md#restoring-a-cluster)。
+
+如果还原的集群的访问 URL 与前一个集群不同，则必须相应地重新配置 Kubernetes API 服务器。
+在本例中，使用参数 `--etcd-servers=$NEW_ETCD_CLUSTER` 而不是参数 `--etcd-servers=$OLD_ETCD_CLUSTER` 重新启动 Kubernetes API 服务器。
+用相应的 IP 地址替换 `$NEW_ETCD_CLUSTER` 和 `$OLD_ETCD_CLUSTER`。如果在 etcd 集群前面使用负载平衡，则可能需要更新负载均衡器。
+
+如果大多数 etcd 成员永久失败，则认为 etcd 集群失败。在这种情况下，Kubernetes 不能对其当前状态进行任何更改。
+虽然已调度的 pod 可能继续运行，但新的 pod 无法调度。在这种情况下，恢复 etcd 集群并可能需要重新配置 Kubernetes API 服务器以修复问题。
+
+<!--
+## Upgrading and rolling back etcd clusters
+
+As of Kubernetes v1.13.0, etcd2 is no longer supported as a storage backend for
+new or existing Kubernetes clusters. The timeline for Kubernetes support for
+etcd2 and etcd3 is as follows: 
+
+- Kubernetes v1.0: etcd2 only
+- Kubernetes v1.5.1: etcd3 support added, new clusters still default to etcd2
+- Kubernetes v1.6.0: new clusters created with `kube-up.sh` default to etcd3,
+                     and `kube-apiserver` defaults to etcd3
+- Kubernetes v1.9.0: deprecation of etcd2 storage backend announced
+- Kubernetes v1.13.0: etcd2 storage backend removed, `kube-apiserver` will
+                      refuse to start with `--storage-backend=etcd2`, with the
+                      message `etcd2 is no longer a supported storage backend`
+
+Before upgrading a v1.12.x kube-apiserver using `--storage-backend=etcd2` to
+v1.13.x, etcd v2 data MUST by migrated to the v3 storage backend, and
+kube-apiserver invocations changed to use `--storage-backend=etcd3`.
+
+The process for migrating from etcd2 to etcd3 is highly dependent on how the
+etcd cluster was deployed and configured, as well as how the Kubernetes 
+cluster was deployed and configured. We recommend that you consult your cluster
+provider's documentation to see if there is a predefined solution.
+
+If your cluster was created via `kube-up.sh` and is still using etcd2 as its
+storage backend, please consult the [Kubernetes v1.12 etcd cluster upgrade docs](https://v1-12.docs.kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#upgrading-and-rolling-back-etcd-clusters)
+-->
+## 升级和回滚 etcd 集群
+
+从 Kubernetes v1.13.0 开始，不在支持 etcd2 作为新的或现有 Kubernetes 集群的后端。Kubernetes 支持 etcd2 和 etcd3 的时间表如下：
+
+- Kubernetes v1.0: 仅限 etcd2
+- Kubernetes v1.5.1: 添加了 etcd3 支持，新的集群仍默认为 etcd2
+- Kubernetes v1.6.0: 使用 `kube-up.sh` 创建的新集群默认为 etcd3，而 `kube-apiserver` 默认为 etcd3
+- Kubernetes v1.9.0: 宣布弃用 etcd2 存储后端
+- Kubernetes v1.13.0: 删除了 etcd2 存储后端，`kube-apiserver` 将拒绝以 `--storage-backend = etcd2` 开头，消息 `etcd2 不再是支持的存储后端`
+
+在使用 `--storage-backend = etcd2` 升级 v1.12.x kube-apiserver 到 v1.13.x 之前，etcd v2 数据必须迁移到 v3 存储后端，并且 kube-apiserver 调用改为使用 `--storage-backend=etcd3`。
+
+从 etcd2 迁移到 etcd3 的过程在很大程度上取决于部署和配置 etcd 集群的方式，以及如何部署和配置 Kubernetes 集群。 我们建议您查阅集群提供商的文档，以了解是否存在预定义的解决方案。
+
+如果您的集群是通过 `kube-up.sh` 创建的并且仍然使用 etcd2 作为其存储后端，请参阅 [Kubernetes v1.12 etcd 集群升级文档](https://v1-12.docs.kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#upgrading-and-rolling-back-etcd-clusters)
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/coredns.md b/content/zh/docs/tasks/administer-cluster/coredns.md
new file mode 100644
index 0000000000000..26a774193514b
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/coredns.md
@@ -0,0 +1,153 @@
+---
+reviewers:
+- johnbelamaric
+title: 使用 CoreDNS 进行服务发现
+min-kubernetes-server-version: v1.9
+content_template: templates/task
+---
+
+<!--
+---
+reviewers:
+- johnbelamaric
+title: Using CoreDNS for Service Discovery
+min-kubernetes-server-version: v1.9
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page describes the CoreDNS upgrade process and how to install CoreDNS instead of kube-dns.
+-->
+此页面介绍了 CoreDNS 升级过程以及如何安装 CoreDNS 而不是 kube-dns。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## About CoreDNS
+-->
+
+## 关于 CoreDNS
+
+<!--
+[CoreDNS](https://coredns.io) is a flexible, extensible DNS server that can serve as the Kubernetes cluster DNS.
+Like Kubernetes, the CoreDNS project is hosted by the [CNCF.](http://www.cncf.io)
+-->
+[CoreDNS](https://coredns.io) 是一个灵活可扩展的 DNS 服务器，可以作为 Kubernetes 集群 DNS。与 Kubernetes 一样，CoreDNS 项目由 CNCF(http://www.cncf.io) 持有。
+
+<!--
+You can use CoreDNS instead of kube-dns in your cluster by replacing kube-dns in an existing
+deployment, or by using tools like kubeadm that will deploy and upgrade the cluster for you.
+-->
+通过在现有的集群中替换 kube-dns，可以在集群中使用 CoreDNS 代替 kube-dns 部署，或者使用 kubeadm 等工具来为您部署和升级集群。
+
+<!--
+## Installing CoreDNS
+-->
+
+## 安装 CoreDNS
+
+<!--
+For manual deployment or replacement of kube-dns, see the documentation at the
+[CoreDNS GitHub project.](https://github.com/coredns/deployment/tree/master/kubernetes)
+-->
+有关手动部署或替换 kube-dns，请参阅 [CoreDNS GitHub 工程](https://github.com/coredns/deployment/tree/master/kubernetes)。
+
+<!--
+## Upgrading an existing cluster with kubeadm
+-->
+
+## 使用 kubeadm 升级现有集群
+
+<!--
+In Kubernetes version 1.10 and later, you can also move to CoreDNS when you use `kubeadm` to upgrade
+a cluster that is using `kube-dns`. In this case, `kubeadm` will generate the CoreDNS configuration
+("Corefile") based upon the `kube-dns` ConfigMap, preserving configurations for federation,
+stub domains, and upstream name server.
+-->
+在 Kubernetes 1.10 及更高版本中，当您使用 `kubeadm` 升级使用 `kube-dns` 的集群时，您还可以迁移到 CoreDNS。
+在本例中 `kubeadm` 将生成 CoreDNS 配置（"Corefile"）基于 `kube-dns` ConfigMap，保存联邦、存根域和上游名称服务器的配置。
+
+<!--
+If you are moving from kube-dns to CoreDNS, make sure to set the `CoreDNS` feature gate to `true`
+during an upgrade. For example, here is what a `v1.11.0` upgrade would look like:
+-->
+如果您正在从 kube-dns 迁移到 CoreDNS，请确保在升级期间将 `CoreDNS` 特性门设置为 `true`。例如，`v1.11.0` 升级应该是这样的:
+
+```
+kubeadm upgrade apply v1.11.0 --feature-gates=CoreDNS=true
+```
+
+<!--
+In versions prior to 1.11 the Corefile will be **overwritten** by the one created during upgrade.
+**You should save your existing ConfigMap if you have customized it.** You may re-apply your
+customizations after the new ConfigMap is up and running.
+-->
+在 1.11 之前的版本中，核心文件将被升级过程中创建的文件覆盖。
+**如果已对其进行自定义，则应保存现有的 ConfigMap。** 在新的 ConfigMap 启动并运行后，您可以重新应用自定义。
+
+<!--
+If you are running CoreDNS in Kubernetes version 1.11 and later, during upgrade,
+your existing Corefile will be retained.
+-->
+如果您在 Kubernetes 1.11 及更高版本中运行 CoreDNS，则在升级期间，将保留现有的 Corefile。
+
+<!--
+## Installing kube-dns instead of CoreDNS with kubeadm
+-->
+## 使用 kubeadm 安装 kube-dns 而不是 CoreDNS
+
+{{< note >}}
+
+<!--
+In Kubernetes 1.11, CoreDNS has graduated to General Availability (GA)
+and is installed by default.
+-->
+在 Kubernetes 1.11 中，CoreDNS 已经升级到通用可用性(GA)，并默认安装。
+
+{{< /note >}}
+
+<!--
+To install kube-dns instead, set the `CoreDNS` feature gate
+value to `false`:
+-->
+若要安装 kube-dns，请将 `CoreDNS` 特性门值设置为 `false`：
+
+```
+kubeadm init --feature-gates=CoreDNS=false
+```
+
+<!--
+## Tuning CoreDNS
+-->
+
+## CoreDNS 调优
+
+<!--
+When resource utilisation is a concern, it may be useful to tune the configuration of CoreDNS. For more details, check out the
+[documentation on scaling CoreDNS]((https://github.com/coredns/deployment/blob/master/kubernetes/Scaling_CoreDNS.md)).
+-->
+当涉及到资源利用时，优化内核的配置可能是有用的。有关详细信息，请参阅 [关于扩展 CoreDNS 的文档]((https://github.com/coredns/deployment/blob/master/kubernetes/Scaling_CoreDNS.md))。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+You can configure [CoreDNS](https://coredns.io) to support many more use cases than
+kube-dns by modifying the `Corefile`. For more information, see the
+[CoreDNS site](https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/).
+-->
+您可以通过修改 `Corefile` 来配置 [CoreDNS](https://coredns.io)，以支持比 ku-dns 更多的用例。有关更多信息，请参考 [CoreDNS 网站](https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/)。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-cluster/cpu-management-policies.md b/content/zh/docs/tasks/administer-cluster/cpu-management-policies.md
index 9be8e7da03028..7e7efa9de7c7b 100644
--- a/content/zh/docs/tasks/administer-cluster/cpu-management-policies.md
+++ b/content/zh/docs/tasks/administer-cluster/cpu-management-policies.md
@@ -1,54 +1,195 @@
 ---
-title: 控制节点上的CPU管理策略
+title: 控制节点上的 CPU 管理策略
+reviewers:
+- sjenning
+- ConnorDoyle
+- balajismaniam
+content_template: templates/task
 ---
+<!--
+---
+title: Control CPU Management Policies on the Node
+reviewers:
+- sjenning
+- ConnorDoyle
+- balajismaniam
+content_template: templates/task
+--->
+
+{{% capture overview %}}
+
+{{< feature-state state="beta" >}}
+
+<!--
+Kubernetes keeps many aspects of how pods execute on nodes abstracted
+from the user. This is by design.  However, some workloads require
+stronger guarantees in terms of latency and/or performance in order to operate
+acceptably. The kubelet provides methods to enable more complex workload
+placement policies while keeping the abstraction free from explicit placement
+directives.
+--->
+按照设计，Kubernetes 对 pod 执行相关的很多方面进行了抽象，使得用户不必关心。然
+而，为了正常运行，有些工作负载要求在延迟和/或性能方面有更强的保证。 为此，kubelet 提供方法来实现更复杂的负载放置策略，同时保持抽象，避免显式的放置指令。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
 
-{{< toc >}}
+{{% /capture %}}
 
-按照设计，Kubernetes 对 pod 执行相关的很多方面进行了抽象，使得用户不必关心。然而，为了正常运行，有些工作负载要求在延迟和/或性能方面有更强的保证。 为此，kubelet 提供方法来实现更复杂的负载放置策略，同时保持抽象，避免显式的放置指令。
+{{% capture steps %}}
 
+<!--
+## CPU Management Policies
+
+By default, the kubelet uses [CFS quota](https://en.wikipedia.org/wiki/Completely_Fair_Scheduler)
+to enforce pod CPU limits.  When the node runs many CPU-bound pods,
+the workload can move to different CPU cores depending on
+whether the pod is throttled and which CPU cores are available at
+scheduling time.  Many workloads are not sensitive to this migration and thus
+work fine without any intervention.
+--->
 ## CPU 管理策略
 
 默认情况下，kubelet 使用 [CFS 配额](https://en.wikipedia.org/wiki/Completely_Fair_Scheduler) 来执行 pod 的 CPU 约束。当节点上运行了很多 CPU 密集的 pod 时，工作负载可能会迁移到不同的 CPU 核，这取决于调度时 pod 是否被扼制，以及哪些 CPU 核是可用的。许多工作负载对这种迁移不敏感，因此无需任何干预即可正常工作。
 
+<!--
+However, in workloads where CPU cache affinity and scheduling latency
+significantly affect workload performance, the kubelet allows alternative CPU
+management policies to determine some placement preferences on the node.
+--->
 然而，有些工作负载的性能明显地受到 CPU 缓存亲和性以及调度延迟的影响，对此，kubelet 提供了可选的 CPU 管理策略，来确定节点上的一些分配偏好。
 
-### 配置
-
-CPU 管理器（CPU Manager）作为 alpha 特性引入 Kubernetes 1.8 版本。 必须在 kubelet 特性开关中显式启用：
-`--feature-gates=CPUManager=true`。
+<!--
+### Configuration
 
-CPU 管理策略通过 kubelet 参数 `--cpu-manager-policy` 来指定，
-有两种支持策略：
+The CPU Manager is an alpha feature in Kubernetes v1.8. It was enabled by
+default as a beta feature since v1.10.
 
-* `none`：默认策略，表示现有的调度行为。
-* `static`：允许为节点上具有某些资源特征的 pod 赋予增强的 CPU 亲和性和独占性。
-
-CPU管理器定期通过 CRI 写入资源更新，以保证内存中 CPU 分配与 cgroupfs 一致。同步频率通过新增的 Kubelet 配置参数
-`--cpu-manager-reconcile-period` 来设置。 如不指定，默认与 `--node-status-update-frequency` 的周期相同。
+The CPU Manager policy is set with the `--cpu-manager-policy` kubelet
+option. There are two supported policies:
+--->
+### 配置
 
+CPU 管理器（CPU Manager）作为 alpha 特性引入 Kubernetes 1.8 版本。从 1.10 版本开始，作为 beta 特性默认开启。
+
+CPU 管理策略通过 kubelet 参数 `--cpu-manager-policy` 来指定。支持两种策略：
+
+<!--
+* `none`: the default, which represents the existing scheduling behavior.
+* `static`: allows pods with certain resource characteristics to be
+  granted increased CPU affinity and exclusivity on the node.
+--->
+* `none`: 默认策略，表示现有的调度行为。
+* `static`: 允许为节点上具有某些资源特征的 pod 赋予增强的 CPU 亲和性和独占性。
+
+<!--
+The CPU manager periodically writes resource updates through the CRI in
+order to reconcile in-memory CPU assignments with cgroupfs. The reconcile
+frequency is set through a new Kubelet configuration value
+`--cpu-manager-reconcile-period`. If not specified, it defaults to the same
+duration as `--node-status-update-frequency`.
+--->
+CPU 管理器定期通过 CRI 写入资源更新，以保证内存中 CPU 分配与 cgroupfs 一致。同步频率通过新增的 Kubelet 配置参数 `--cpu-manager-reconcile-period` 来设置。 如果不指定，默认与 `--node-status-update-frequency` 的周期相同。
+
+<!--
+### None policy
+
+The `none` policy explicitly enables the existing default CPU
+affinity scheme, providing no affinity beyond what the OS scheduler does
+automatically.  Limits on CPU usage for
+[Guaranteed pods](/docs/tasks/configure-pod-container/quality-service-pod/)
+are enforced using CFS quota.
+--->
 ### None 策略
 
-`none` 策略显式地启用现有的默认 CPU 亲和方案，不提供操作系统调度器默认行为之外的亲和性策略。 通过 CFS 配额来实现
-[Guaranteed pods](/docs/tasks/configure-pod-container/quality-service-pod/) 的 CPU 使用限制。
+`none` 策略显式地启用现有的默认 CPU 亲和方案，不提供操作系统调度器默认行为之外的亲和性策略。 通过 CFS 配额来实现 [Guaranteed pods](/docs/tasks/configure-pod-container/quality-service-pod/) 的 CPU 使用限制。
+
+<!--
+### Static policy
 
+The `static` policy allows containers in `Guaranteed` pods with integer CPU
+`requests` access to exclusive CPUs on the node. This exclusivity is enforced
+using the [cpuset cgroup controller](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt).
+--->
 ### Static 策略
 
-`static` 策略针对具有整数型 CPU `requests` 的 pod ，它允许该类 pod 中的容器访问节点上的独占 CPU 资源。这种独占性是使用 [cpuset cgroup 控制器](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt) 来实现的。
+`static` 策略针对具有整数型 CPU `requests` 的 `Guaranteed` pod ，它允许该类 pod 中的容器访问节点上的独占 CPU 资源。这种独占性是使用 [cpuset cgroup 控制器](https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt) 来实现的。
 
+<!--
 {{< note >}}
-**注意:** 诸如容器运行时和 kubelet 本身的系统服务可以继续在这些独占 CPU 上运行。独占性仅针对其他 pod。
+System services such as the container runtime and the kubelet itself can continue to run on these exclusive CPUs.  The exclusivity only extends to other pods.
+{{< /note >}}
+--->
+{{< note >}}
+诸如容器运行时和 kubelet 本身的系统服务可以继续在这些独占 CPU 上运行。独占性仅针对其他 pod。
 {{< /note >}}
 
+<!--
+{{< note >}}
+The alpha version of this policy does not guarantee static
+exclusive allocations across Kubelet restarts.
+{{< /note >}}
+--->
 {{< note >}}
-**注意:** 该策略的 alpha 版本不保证 Kubelet 重启前后的静态独占性分配。
+该策略的 alpha 版本不保证 Kubelet 重启前后的静态独占性分配。
 {{< /note >}}
 
-该策略管理一个共享 CPU 资源池，最初，该资源池包含节点上所有的 CPU 资源。可用的独占性 CPU 资源数量等于节点的 CPU 总量减去通过 `--kube-reserved` 或 `--system-reserved` 参数保留的 CPU 。通过这些参数预留的 CPU 是以整数方式，按物理内核 ID 升序从初始共享池获取的。 共享池是 `BestEffort` 和 `Burstable` pod 运行的 CPU 集合。`Guaranteed` pod 中的容器，如果声明了非整数值的 CPU `requests` ，也将运行在共享池的 CPU 上。只有 `Guaranteed` pod 中，指定了整数型 CPU `requests` 的容器，才会被分配独占 CPU 资源。
+<!--
+{{< note >}}
+CPU Manager doesn't support offlining and onlining of
+CPUs at runtime. Also, if the set of online CPUs changes on the node,
+the node must be drained and CPU manager manually reset by deleting the
+state file `cpu_manager_state` in the kubelet root directory.
+{{< /note >}}
+--->
+{{< note >}}
+CPU 管理器不支持运行时下线和上线 CPUs。此外，如果节点上的在线 CPUs 集合发生变化，则必须驱逐节点上的 pods，并通过删除 kubelet 根目录中的状态文件 `cpu_manager_state`  来手动重置 CPU 管理器。
+{{< /note >}}
 
+<!--
+This policy manages a shared pool of CPUs that initially contains all CPUs in the
+node. The amount of exclusively allocatable CPUs is equal to the total
+number of CPUs in the node minus any CPU reservations by the kubelet `--kube-reserved` or
+`--system-reserved` options. CPUs reserved by these options are taken, in
+integer quantity, from the initial shared pool in ascending order by physical
+core ID.  This shared pool is the set of CPUs on which any containers in
+`BestEffort` and `Burstable` pods run. Containers in `Guaranteed` pods with fractional
+CPU `requests` also run on CPUs in the shared pool. Only containers that are
+both part of a `Guaranteed` pod and have integer CPU `requests` are assigned
+exclusive CPUs.
+--->
+该策略管理一个共享 CPU 资源池，最初，该资源池包含节点上所有的 CPU 资源。可用
+的独占性 CPU 资源数量等于节点的 CPU 总量减去通过 `--kube-reserved` 或 `--system-reserved` 参数保留的 CPU 。通过这些参数预留的 CPU 是以整数方式，按物理内
+核 ID 升序从初始共享池获取的。 共享池是 `BestEffort` 和 `Burstable` pod 运行
+的 CPU 集合。`Guaranteed` pod 中的容器，如果声明了非整数值的 CPU `requests` ，也将运行在共享池的 CPU 上。只有 `Guaranteed` pod 中，指定了整数型 CPU `requests` 的容器，才会被分配独占 CPU 资源。
+
+<!--
+{{< note >}}
+The kubelet requires a CPU reservation greater than zero be made
+using either `--kube-reserved` and/or `--system-reserved` when the static
+policy is enabled. This is because zero CPU reservation would allow the shared
+pool to become empty.
+{{< /note >}}
+--->
 {{< note >}}
-**注意:** 当启用 static 策略时，要求使用 `--kube-reserved` 和/或 `--system-reserved` 来保证预留的 CPU 值大于零。 这是因为零预留 CPU 值可能使得共享池变空。
+当启用 static 策略时，要求使用 `--kube-reserved` 和/或 `--system-reserved` 来保证预留的 CPU 值大于零。 这是因为零预留 CPU 值可能使得共享池变空。
 {{< /note >}}
 
+<!--
+As `Guaranteed` pods whose containers fit the requirements for being statically
+assigned are scheduled to the node, CPUs are removed from the shared pool and
+placed in the cpuset for the container. CFS quota is not used to bound
+the CPU usage of these containers as their usage is bound by the scheduling domain
+itself. In others words, the number of CPUs in the container cpuset is equal to the integer
+CPU `limit` specified in the pod spec. This static assignment increases CPU
+affinity and decreases context switches due to throttling for the CPU-bound
+workload.
+
+Consider the containers in the following pod specs:
+--->
 当 `Guaranteed` pod 调度到节点上时，如果其容器符合静态分配要求，相应的 CPU 会被从共享池中移除，并放置到容器的 cpuset 中。因为这些容器所使用的 CPU 受到调度域本身的限制，所以不需要使用 CFS 配额来进行 CPU 的绑定。换言之，容器 cpuset  中的 CPU 数量与 pod 规格中指定的整数型 CPU `limit` 相等。这种静态分配增强了 CPU 亲和性，减少了 CPU 密集的工作负载在节流时引起的上下文切换。
 
 考虑以下 Pod 规格的容器：
@@ -60,8 +201,11 @@ spec:
     image: nginx
 ```
 
-该 pod 属于 `BestEffort` 服务质量类型，因为其未指定 `requests` 或
-`limits` 值。 所以该容器运行在共享 CPU 池中。
+<!--
+This pod runs in the `BestEffort` QoS class because no resource `requests` or
+`limits` are specified. It runs in the shared pool.
+--->
+该 pod 属于 `BestEffort` QoS 类型，因为其未指定 `requests` 或 `limits` 值。 所以该容器运行在共享 CPU 池中。
 
 ```yaml
 spec:
@@ -75,8 +219,12 @@ spec:
         memory: "100Mi"
 ```
 
-该 pod 属于 `Burstable` 服务质量类型，因为其资源 `requests` 不等于
-`limits`， 且未指定 `cpu` 数量。所以该容器运行在共享 CPU 池中。
+<!--
+This pod runs in the `Burstable` QoS class because resource `requests` do not
+equal `limits` and the `cpu` quantity is not specified. It runs in the shared
+pool.
+--->
+该 pod 属于 `Burstable` QoS 类型，因为其资源 `requests` 不等于 `limits`， 且未指定 `cpu` 数量。所以该容器运行在共享 CPU 池中。
 
 ```yaml
 spec:
@@ -92,7 +240,11 @@ spec:
         cpu: "1"
 ```
 
-该 pod 属于 `Burstable` 服务质量类型，因为其资源 `requests` 不等于 `limits`。所以该容器运行在共享 CPU 池中。
+<!--
+This pod runs in the `Burstable` QoS class because resource `requests` do not
+equal `limits`. It runs in the shared pool.
+--->
+该 pod 属于 `Burstable` QoS 类型，因为其资源 `requests` 不等于 `limits`。所以该容器运行在共享 CPU 池中。
 
 ```yaml
 spec:
@@ -108,9 +260,12 @@ spec:
         cpu: "2"
 ```
 
-该 pod 属于 `Guaranteed` 服务质量类型，因为其 `requests` 值与 `limits`相等。
-同时，容器对 CPU 资源的限制值是一个大于或等于 1 的整数值。所以，该 `nginx` 容器被赋予 2 个独占 CPU。
-
+<!--
+This pod runs in the `Guaranteed` QoS class because `requests` are equal to `limits`.
+And the container's resource limit for the CPU resource is an integer greater than
+or equal to one. The `nginx` container is granted 2 exclusive CPUs.
+--->
+该 pod 属于 `Guaranteed` QoS 类型，因为其 `requests` 值与 `limits`相等。同时，容器对 CPU 资源的限制值是一个大于或等于 1 的整数值。所以，该 `nginx` 容器被赋予 2 个独占 CPU。
 
 ```yaml
 spec:
@@ -126,8 +281,12 @@ spec:
         cpu: "1.5"
 ```
 
-该 pod 属于 `Guaranteed` 服务质量类型，因为其 `requests` 值与 `limits`相等。但是容器对 CPU 资源的限制值是一个小数。所以该容器运行在共享 CPU 池中。
-
+<!--
+This pod runs in the `Guaranteed` QoS class because `requests` are equal to `limits`.
+But the container's resource limit for the CPU resource is a fraction. It runs in
+the shared pool.
+--->
+该 pod 属于 `Guaranteed` QoS 类型，因为其 `requests` 值与 `limits`相等。但是容器对 CPU 资源的限制值是一个小数。所以该容器运行在共享 CPU 池中。
 
 ```yaml
 spec:
@@ -140,6 +299,12 @@ spec:
         cpu: "2"
 ```
 
-该 pod 属于 `Guaranteed` 服务质量类型，因其指定了 `limits` 值，
-同时当未显式指定时，`requests` 值被设置为与 `limits` 值相等。同时，容器对 CPU 资源的限制值是一个大于或等于 1 的整数值。所以，该 `nginx` 容器被赋予 2 个独占 CPU。
+<!--
+This pod runs in the `Guaranteed` QoS class because only `limits` are specified
+and `requests` are set equal to `limits` when not explicitly specified. And the
+container's resource limit for the CPU resource is an integer greater than or
+equal to one. The `nginx` container is granted 2 exclusive CPUs.
+--->
+该 pod 属于 `Guaranteed` QoS 类型，因其指定了 `limits` 值，同时当未显式指定时，`requests` 值被设置为与 `limits` 值相等。同时，容器对 CPU 资源的限制值是一个大于或等于 1 的整数值。所以，该 `nginx` 容器被赋予 2 个独占 CPU。
 
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/developing-cloud-controller-manager.md b/content/zh/docs/tasks/administer-cluster/developing-cloud-controller-manager.md
new file mode 100644
index 0000000000000..09dc35a5282ef
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/developing-cloud-controller-manager.md
@@ -0,0 +1,84 @@
+---
+reviewers:
+- luxas
+- thockin
+- wlan0
+title: 开发云控制器管理器
+content_template: templates/concept
+---
+
+<!--
+---
+reviewers:
+- luxas
+- thockin
+- wlan0
+title: Developing Cloud Controller Manager
+content_template: templates/concept
+---
+-->
+
+
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.11" state="beta" >}}
+<!--
+In upcoming releases, Cloud Controller Manager will
+be the preferred way to integrate Kubernetes with any cloud. This will ensure cloud providers
+can develop their features independently from the core Kubernetes release cycles.**
+-->
+在即将发布的版本中，云控制器管理器将是把 Kubernetes 与任何云集成的首选方式。 这将确保驱动可以独立于核心 Kubernetes 发布周期开发其功能。
+
+{{< feature-state for_k8s_version="1.8" state="alpha" >}}
+
+<!--
+Before going into how to build your own cloud controller manager, some background on how it works under the hood is helpful. The cloud controller manager is code from `kube-controller-manager` utilizing Go interfaces to allow implementations from any cloud to be plugged in. Most of the scaffolding and generic controller implementations will be in core, but it will always exec out to the cloud interfaces it is provided, so long as the [cloud provider interface](https://github.com/kubernetes/cloud-provider/blob/master/cloud.go#L42-L62) is satisfied.
+-->
+在讨论如何构建自己的云控制器管理器之前，了解有关它如何工作的一些背景知识是有帮助的。云控制器管理器是来自 `kube-controller-manager` 的代码，利用 Go 接口允许插入任何云的实现。大多数框架和通用控制器的实现在 core，但只要满足 [云提供者接口](https://github.com/kubernetes/cloud-provider/blob/master/cloud.go#L42-L62)，它就会始终执行它所提供的云接口。
+
+<!--
+To dive a little deeper into implementation details, all cloud controller managers will import packages from Kubernetes core, the only difference being each project will register their own cloud providers by calling [cloudprovider.RegisterCloudProvider](https://github.com/kubernetes/cloud-provider/blob/master/plugins.go#L56-L66) where a global variable of available cloud providers is updated.
+-->
+为了深入了解实施细节，所有云控制器管理器都将从 Kubernetes 核心导入依赖包，唯一的区别是每个项目都会通过调用 [cloudprovider.RegisterCloudProvider](https://github.com/kubernetes/cloud-provider/blob/master/plugins.go#L56-L66) 来注册自己的驱动，更新可用驱动的全局变量。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Developing
+-->
+## 开发
+
+### Out of Tree
+
+<!--
+To build an out-of-tree cloud-controller-manager for your cloud, follow these steps:
+-->
+要为您的云构建一个 out-of-tree 云控制器管理器，请按照下列步骤操作：
+
+<!--
+1. Create a go package with an implementation that satisfies [cloudprovider.Interface](https://git.k8s.io/kubernetes/pkg/cloudprovider/cloud.go).
+2. Use [main.go in cloud-controller-manager](https://github.com/kubernetes/kubernetes/blob/master/cmd/cloud-controller-manager/controller-manager.go) from Kubernetes core as a template for your main.go. As mentioned above, the only difference should be the cloud package that will be imported.
+3. Import your cloud package in `main.go`, ensure your package has an `init` block to run [cloudprovider.RegisterCloudProvider](https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/plugins.go#L42-L52).
+-->
+1. 使用满足 [cloudprovider.Interface](https://git.k8s.io/kubernetes/pkg/cloudprovider/cloud.go) 的实现创建一个 go 包。
+2. 使用来自 Kubernetes 核心包的 [cloud-controller-manager 中的 main.go](https://github.com/kubernetes/kubernetes/blob/master/cmd/cloud-controller-manager/controller-manager.go) 作为 main.go 的模板。如上所述，唯一的区别应该是将导入的云包。
+3. 在 `main.go` 中导入你的云包，确保你的包有一个 `init` 块来运行 cloudprovider.RegisterCloudProvider。
+
+<!--
+Using existing out-of-tree cloud providers as an example may be helpful. You can find the list [here](/docs/tasks/administer-cluster/running-cloud-controller.md#examples).
+-->
+用现有的 out-of-tree 云驱动作为例子可能会有所帮助。你可以在这里找到 [清单](/docs/tasks/administer-cluster/running-cloud-controller.md#examples)。
+
+
+### In Tree
+
+<!--
+For in-tree cloud providers, you can run the in-tree cloud controller manager as a [Daemonset](/examples/admin/cloud/ccm-example.yaml) in your cluster. See the [running cloud controller manager docs](/docs/tasks/administer-cluster/running-cloud-controller.md) for more details.
+-->
+对于 in-tree 驱动，您可以将 in-tree 云控制器管理器作为群集中的 [Daemonset](/examples/admin/cloud/ccm-example.yaml) 运行。有关详细信息，请参阅 [运行的云控制器管理器文档](/docs/tasks/administer-cluster/running-cloud-controller.md)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/dns-debugging-resolution.md b/content/zh/docs/tasks/administer-cluster/dns-debugging-resolution.md
new file mode 100644
index 0000000000000..aaf3f2230f6ca
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/dns-debugging-resolution.md
@@ -0,0 +1,601 @@
+---
+translator:
+- nicksu
+reviewers:
+- bowei
+- zihongz
+title:  Debug DNS 方案
+content_template: templates/task
+---
+
+<!--
+
+{{% capture overview %}}
+This page provides hints on diagnosing DNS problems.
+{{% /capture %}}
+
+-->
+
+{{% capture overview %}}
+这篇文章提供了一些关于 DNS 问题诊断的方法。
+{{% /capture %}}
+
+<!--
+
+{{% capture prerequisites %}}
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+* Kubernetes version 1.6 and above.
+* The cluster must be configured to use the `coredns` (or `kube-dns`) addons.
+{{% /capture %}}
+
+{{% capture steps %}}
+
+-->
+
+{{% capture prerequisites %}}
+
+- {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+- Kubernetes 1.6 或者以上版本。
+- 集群必须使用了 `coredns` (或者 `kube-dns`)插件。
+  {{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+
+### Create a simple Pod to use as a test environment
+
+Create a file named busybox.yaml with the following contents:
+
+{{< codenew file="admin/dns/busybox.yaml" >}}
+
+Then create a pod using this file and verify its status:
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/dns/busybox.yaml
+pod/busybox created
+
+kubectl get pods busybox
+NAME      READY     STATUS    RESTARTS   AGE
+busybox   1/1       Running   0          <some-time>
+```
+
+-->
+
+### 创建一个简单的 Pod 作为测试环境
+
+新建一个名为 busybox.yaml 的文件并填入下列内容：
+
+{{< codenew file="admin/dns/busybox.yaml" >}}
+
+然后使用这个文件创建一个 Pod 并验证其状态：
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/dns/busybox.yaml
+pod/busybox created
+
+kubectl get pods busybox
+NAME      READY     STATUS    RESTARTS   AGE
+busybox   1/1       Running   0          <some-time>
+```
+
+<!--
+
+Once that pod is running, you can exec `nslookup` in that environment.
+If you see something like the following, DNS is working correctly.
+
+```shell
+kubectl exec -ti busybox -- nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10
+
+Name:      kubernetes.default
+Address 1: 10.0.0.1
+```
+
+If the `nslookup` command fails, check the following:
+
+-->
+
+只要 Pod 处于 running 状态，您就可以在环境里执行 `nslookup` 。
+如果您看到类似下列的内容，则表示 DNS 是正常运行的。
+
+```shell
+kubectl exec -ti busybox -- nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10
+
+Name:      kubernetes.default
+Address 1: 10.0.0.1
+```
+
+如果 `nslookup` 命令执行失败，请检查下列内容：
+
+<!--
+
+### Check the local DNS configuration first
+
+Take a look inside the resolv.conf file.
+(See [Inheriting DNS from the node](/docs/tasks/administer-cluster/dns-custom-nameservers/#inheriting-dns-from-the-node) and
+[Known issues](#known-issues) below for more information)
+
+```shell
+kubectl exec busybox cat /etc/resolv.conf
+```
+
+Verify that the search path and name server are set up like the following
+(note that search path may vary for different cloud providers):
+
+```
+search default.svc.cluster.local svc.cluster.local cluster.local google.internal c.gce_project_id.internal
+nameserver 10.0.0.10
+options ndots:5
+```
+
+-->
+
+### 先检查本地的 DNS 配置
+
+查看 resolv.conf 文件的内容
+(阅读下面的 [从节点继承 DNS 配置](/docs/tasks/administer-cluster/dns-custom-nameservers/#inheriting-dns-from-the-node) 和
+[已知问题](#known-issues) ，获取更多信息)
+
+```shell
+kubectl exec busybox cat /etc/resolv.conf
+```
+
+验证 search 和 name server 的配置是否类似下面的配置
+(注意 search 根据不同的云提供商可能会有所不同):
+
+```
+search default.svc.cluster.local svc.cluster.local cluster.local google.internal c.gce_project_id.internal
+nameserver 10.0.0.10
+options ndots:5
+```
+
+<!--
+
+Errors such as the following indicate a problem with the coredns/kube-dns add-on or
+associated Services:
+
+```
+kubectl exec -ti busybox -- nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10
+
+nslookup: can't resolve 'kubernetes.default'
+```
+
+or
+
+```
+kubectl exec -ti busybox -- nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+nslookup: can't resolve 'kubernetes.default'
+```
+
+-->
+
+下列错误表示 coredns/kube-dns 或者相关服务出现了问题：
+
+```
+kubectl exec -ti busybox -- nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10
+
+nslookup: can't resolve 'kubernetes.default'
+```
+
+或者
+
+```
+kubectl exec -ti busybox -- nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+nslookup: can't resolve 'kubernetes.default'
+```
+
+<!--
+
+### Check if the DNS pod is running
+
+Use the `kubectl get pods` command to verify that the DNS pod is running.
+
+For CoreDNS:
+```shell
+kubectl get pods --namespace=kube-system -l k8s-app=coredns
+NAME                       READY     STATUS    RESTARTS   AGE
+...
+coredns-7b96bf9f76-5hsxb   1/1       Running   0           1h
+coredns-7b96bf9f76-mvmmt   1/1       Running   0           1h
+...
+```
+
+Or for kube-dns:
+```shell
+kubectl get pods --namespace=kube-system -l k8s-app=kube-dns
+NAME                    READY     STATUS    RESTARTS   AGE
+...
+kube-dns-v19-ezo1y      3/3       Running   0           1h
+...
+```
+
+If you see that no pod is running or that the pod has failed/completed, the DNS
+add-on may not be deployed by default in your current environment and you will
+have to deploy it manually.
+
+-->
+
+### 检查 DNS Pod 是否运行
+
+使用 `kubectl get pods` 命令来验证 DNS Pod 是否运行。
+
+对于 CoreDNS 的情况:
+
+```shell
+kubectl get pods --namespace=kube-system -l k8s-app=coredns
+NAME                       READY     STATUS    RESTARTS   AGE
+...
+coredns-7b96bf9f76-5hsxb   1/1       Running   0           1h
+coredns-7b96bf9f76-mvmmt   1/1       Running   0           1h
+...
+```
+
+或者是 kube-dns:
+
+```shell
+kubectl get pods --namespace=kube-system -l k8s-app=kube-dns
+NAME                    READY     STATUS    RESTARTS   AGE
+...
+kube-dns-v19-ezo1y      3/3       Running   0           1h
+...
+```
+
+如果您发现没有 pod 在运行，或者这些 Pod 的状态是 failed 或者 completed， 那可能这个 DNS 插件在您当前的环境里并没有成功部署，您将需要手动去部署它。
+
+<!--
+
+### Check for Errors in the DNS pod
+
+Use `kubectl logs` command to see logs for the DNS containers.
+
+For CoreDNS:
+```shell
+for p in $(kubectl get pods --namespace=kube-system -l k8s-app=coredns -o name); do kubectl logs --namespace=kube-system $p; done
+```
+
+Here is an example of a healthy CoreDNS log:
+
+```
+.:53
+2018/08/15 14:37:17 [INFO] CoreDNS-1.2.2
+2018/08/15 14:37:17 [INFO] linux/amd64, go1.10.3, 2e322f6
+CoreDNS-1.2.2
+linux/amd64, go1.10.3, 2e322f6
+2018/08/15 14:37:17 [INFO] plugin/reload: Running configuration MD5 = 24e6c59e83ce706f07bcc82c31b1ea1c
+```
+
+-->
+
+### 检查 DNS pod 里的错误
+
+使用 `kubectl logs` 命令来查看 DNS 容器的日志信息。
+
+对于 CoreDNS:
+
+```shell
+for p in $(kubectl get pods --namespace=kube-system -l k8s-app=coredns -o name); do kubectl logs --namespace=kube-system $p; done
+```
+
+下列是一个正常运行的 CoreDNS 日志信息：
+
+```
+.:53
+2018/08/15 14:37:17 [INFO] CoreDNS-1.2.2
+2018/08/15 14:37:17 [INFO] linux/amd64, go1.10.3, 2e322f6
+CoreDNS-1.2.2
+linux/amd64, go1.10.3, 2e322f6
+2018/08/15 14:37:17 [INFO] plugin/reload: Running configuration MD5 = 24e6c59e83ce706f07bcc82c31b1ea1c
+```
+
+<!--
+
+For kube-dns, there are 3 sets of logs:
+
+```shell
+kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1) -c kubedns
+
+kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1) -c dnsmasq
+
+kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1) -c sidecar
+```
+
+See if there are any suspicious error messages in the logs. In kube-dns, a '`W`', '`E`' or '`F`' at the beginning
+of a line represents a Warning, Error or Failure. Please search for entries that have these
+as the logging level and use
+[kubernetes issues](https://github.com/kubernetes/kubernetes/issues)
+to report unexpected errors.
+
+-->
+
+对于 kube-dns, 总共有三种类型的日志需要查看：
+
+```shell
+kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1) -c kubedns
+
+kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1) -c dnsmasq
+
+kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name | head -1) -c sidecar
+```
+
+看日志信息里是否有可疑的错误，对于 kube-dns,  一个 '`W`', '`E`' 或者 '`F`' 开头的行表示对应的 Warning（警告）， Error（错误）或者 Failure（失败）。请搜索日志等级是否有这样的关键字的日志信息并使用 [kubernetes issues](https://github.com/kubernetes/kubernetes/issues) 来提交错误报告。
+
+### 检查是否启用了 DNS 服务
+
+使用`kubectl get service` 命令来检查 DNS 服务是否已经启用。
+
+```shell
+kubectl get svc --namespace=kube-system
+NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
+...
+kube-dns     ClusterIP   10.0.0.10      <none>        53/UDP,53/TCP        1h
+...
+```
+
+注意不管是 CoreDNS 还是 kube-dns ， 这个 service 的名字都会是“kube-dns” 。
+如果您已经创建了这个 service 或者说在这个例子里它应该是默认自动创建的，但是它并没有出现，请阅读 [services 纠错](/docs/tasks/debug-application-cluster/debug-service/)来获取更多信息。
+
+<!--
+
+### Are DNS endpoints exposed?
+
+You can verify that DNS endpoints are exposed by using the `kubectl get endpoints`
+command.
+
+```shell
+kubectl get ep kube-dns --namespace=kube-system
+NAME       ENDPOINTS                       AGE
+kube-dns   10.180.3.17:53,10.180.3.17:53    1h
+```
+
+If you do not see the endpoints, see endpoints section in the
+[debugging services](/docs/tasks/debug-application-cluster/debug-service/) documentation.
+
+For additional Kubernetes DNS examples, see the
+[cluster-dns examples](https://github.com/kubernetes/examples/tree/master/staging/cluster-dns)
+in the Kubernetes GitHub repository.
+
+-->
+
+### DNS 的 endpoints 公开了吗？
+
+您可以使用 `kubectl get endpoints`命令来验证 DNS 的 endpoint 是否公开了。
+
+```shell
+kubectl get ep kube-dns --namespace=kube-system
+NAME       ENDPOINTS                       AGE
+kube-dns   10.180.3.17:53,10.180.3.17:53    1h
+```
+
+如果您没看到对应的 endpoints， 请阅读[services 纠错](/docs/tasks/debug-application-cluster/debug-service/)的 endpoints 小节。
+
+若需要更多的 Kubernetes DNS 例子，请在 Kubernetes GitHub 仓库里查看[cluster-dns 例子](https://github.com/kubernetes/examples/tree/master/staging/cluster-dns) 。 
+
+<!--
+
+### Are DNS queries being received/processed?
+
+You can verify if queries are being received by CoreDNS by adding the `log` plugin to the CoreDNS configuration (aka Corefile).
+The CoreDNS Corefile is held in a ConfigMap named `coredns`. To edit it, use the command ...
+
+```
+kubectl -n kube-system edit configmap coredns
+```
+
+-->
+
+### DNS 查询有被接收或者执行吗？
+
+您可以通过给 CoreDNS 的配置文件 (也叫 Corefile)添加`log`插件来判断查询是否被正确接收。
+ CoreDNS 的 Corefile 被保存在一个叫 `coredns` 的 ConfigMap 里，使用下列命令来编辑它：
+
+```
+kubectl -n kube-system edit configmap coredns
+```
+
+<!--
+
+Then add `log` in the Corefile section per the example below.
+
+```
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        log
+        errors
+        health
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          upstream
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        prometheus :9153
+        proxy . /etc/resolv.conf
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+
+```
+
+After saving the changes, it may take up to minute or two for Kubernetes to propagate these changes to the CoreDNS pods.
+
+-->
+
+然后类似下面的例子给 Corefile 添加 `log`。
+
+```
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        log
+        errors
+        health
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          upstream
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        prometheus :9153
+        proxy . /etc/resolv.conf
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+
+```
+
+保存这些更改后，您可能会需要等待一到两分钟让 Kubernetes 把这些更改应用到 CoreDNS 的 pods 里。
+
+<!--
+
+Next, make some queries and view the logs per the sections above in this document. If CoreDNS pods are receiving the queries, you should see them in the logs.
+
+Here is an example of a query in the log.
+
+```
+.:53
+2018/08/15 14:37:15 [INFO] CoreDNS-1.2.0
+2018/08/15 14:37:15 [INFO] linux/amd64, go1.10.3, 2e322f6
+CoreDNS-1.2.0
+linux/amd64, go1.10.3, 2e322f6
+2018/09/07 15:29:04 [INFO] plugin/reload: Running configuration MD5 = 162475cdf272d8aa601e6fe67a6ad42f
+2018/09/07 15:29:04 [INFO] Reloading complete
+172.17.0.18:41675 - [07/Sep/2018:15:29:11 +0000] 59925 "A IN kubernetes.default.svc.cluster.local. udp 54 false 512" NOERROR qr,aa,rd,ra 106 0.000066649s
+
+```
+
+-->
+
+接下来，发起一些查询并依照本文上面章节的内容查看日志信息，如果 CoreDNS 的 pods 接收到这些查询，您将可以在日志信息里看到他们。
+
+下面是日志信息里的查询例子：
+
+```
+.:53
+2018/08/15 14:37:15 [INFO] CoreDNS-1.2.0
+2018/08/15 14:37:15 [INFO] linux/amd64, go1.10.3, 2e322f6
+CoreDNS-1.2.0
+linux/amd64, go1.10.3, 2e322f6
+2018/09/07 15:29:04 [INFO] plugin/reload: Running configuration MD5 = 162475cdf272d8aa601e6fe67a6ad42f
+2018/09/07 15:29:04 [INFO] Reloading complete
+172.17.0.18:41675 - [07/Sep/2018:15:29:11 +0000] 59925 "A IN kubernetes.default.svc.cluster.local. udp 54 false 512" NOERROR qr,aa,rd,ra 106 0.000066649s
+
+```
+
+<!--
+
+## Known issues
+
+Some Linux distributions (e.g. Ubuntu), use a local DNS resolver by default (systemd-resolved).
+Systemd-resolved moves and replaces `/etc/resolv.conf` with a stub file that can cause a fatal forwarding
+loop when resolving names in upstream servers. This can be fixed manually by using kubelet's `--resolv-conf` flag
+to point to the correct `resolv.conf` (With `systemd-resolved`, this is `/run/systemd/resolve/resolv.conf`).
+kubeadm (>= 1.11) automatically detects `systemd-resolved`, and adjusts the kubelet flags accordingly.
+
+-->
+
+## 已知问题
+
+有些 Linux 发行版本 (比如 Ubuntu)， 默认使用一个本地的 DNS 解析器 (systemd-resolved)。
+Systemd-resolved 会用一个 stub 文件来覆盖 `/etc/resolv.conf`从而在解析域名的时候导致了重复向 DNS 上游服务器推送请求。 这个问题可以通过手动指定 kubelet 的 `--resolv-conf` 标签为正确的 `resolv.conf` (如果是 `systemd-resolved`，则这个文件路径为 `/run/systemd/resolve/resolv.conf`) 来解决。
+kubeadm (>= 1.11) 会自动检测`systemd-resolved`并对应的更改 kubelet 的标签。
+
+<!--
+
+Kubernetes installs do not configure the nodes' `resolv.conf` files to use the
+cluster DNS by default, because that process is inherently distribution-specific.
+This should probably be implemented eventually.
+
+Linux's libc is impossibly stuck ([see this bug from
+2005](https://bugzilla.redhat.com/show_bug.cgi?id=168253)) with limits of just
+3 DNS `nameserver` records and 6 DNS `search` records. Kubernetes needs to
+consume 1 `nameserver` record and 3 `search` records. This means that if a
+local installation already uses 3 `nameserver`s or uses more than 3 `search`es,
+some of those settings will be lost. As a partial workaround, the node can run
+`dnsmasq` which will provide more `nameserver` entries, but not more `search`
+entries. You can also use kubelet's `--resolv-conf` flag.
+
+If you are using Alpine version 3.3 or earlier as your base image, DNS may not
+work properly owing to a known issue with Alpine.
+Check [here](https://github.com/kubernetes/kubernetes/issues/30215)
+for more information.
+
+-->
+
+Kubernetes 的安装并不会默认配置节点的 `resolv.conf` 文件来使用集群的 DNS 服务，因为这个配置对于不同的发行版本是不一样的。这个问题应该迟早会被解决的。
+
+Linux 的 libc 会在仅有三个 DNS 的 `nameserver` 和六个 DNS 的`search` 记录时会不可思议的卡死 ([详情请查阅这个2005年的bug](https://bugzilla.redhat.com/show_bug.cgi?id=168253))。Kubernetes 需要占用一个 `nameserver` 记录和三个`search`记录。这意味着如果一个本地的安装已经使用了三个`nameserver`或者使用了超过三个的 `search`记录，那有些配置很可能会丢失。有一个不完整的解决方案就是在节点上使用`dnsmasq`来提供更多的`nameserver`配置，但是无法提供更多的`search`记录。您也可以使用kubelet 的 `--resolv-conf` 标签来解决这个问题。
+
+如果您是使用 Alpine  3.3 或者更早版本作为您的基础镜像，DNS 可能会由于Alpine 一个已知的问题导致无法正常工作，请查看[这里](https://github.com/kubernetes/kubernetes/issues/30215)获取更多资料。
+
+<!--
+
+## Kubernetes Federation (Multiple Zone support)
+
+Release 1.3 introduced Cluster Federation support for multi-site Kubernetes
+installations. This required some minor (backward-compatible) changes to the
+way the Kubernetes cluster DNS server processes DNS queries, to facilitate
+the lookup of federated services (which span multiple Kubernetes clusters).
+See the [Cluster Federation Administrators' Guide](/docs/concepts/cluster-administration/federation/)
+for more details on Cluster Federation and multi-site support.
+
+## -->
+
+## Kubernetes Federation (支持多区域部署)
+
+自从 1.3 版本支持了多个 Kubernetes 的联邦集群后，集群 DNS 服务在处理 DNS 请求时需要有一些微弱的调整 (这是向下兼容的)，从而可以使用跨越多个 Kubernetes 集群的联邦服务。请看 [联邦集群管理向导](/docs/concepts/cluster-administration/federation/) 获取更多关于联邦集群和多点支持的信息。
+
+<!--
+
+## References
+
+- [DNS for Services and Pods](/docs/concepts/services-networking/dns-pod-service/)
+- [Docs for the kube-dns DNS cluster addon](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/dns/kube-dns/README.md)
+
+## What's next
+- [Autoscaling the DNS Service in a Cluster](/docs/tasks/administer-cluster/dns-horizontal-autoscaling/).
+
+{{% /capture %}}
+
+## -->
+
+## 参考
+
+- [Services 和 Pods 的 DNS 指南](/docs/concepts/services-networking/dns-pod-service/)
+- [kube-dns DNS 插件文档](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/dns/kube-dns/README.md)
+
+## 接下来
+
+- [集群里自动伸缩 DNS Service](/docs/tasks/administer-cluster/dns-horizontal-autoscaling/).
+
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/tasks/administer-cluster/dns-horizontal-autoscaling.md b/content/zh/docs/tasks/administer-cluster/dns-horizontal-autoscaling.md
new file mode 100644
index 0000000000000..ae5a8623a09cb
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/dns-horizontal-autoscaling.md
@@ -0,0 +1,487 @@
+---
+title: 集群 DNS 服务自动伸缩
+content_template: templates/task
+---
+<!--
+---
+title: Autoscale the DNS Service in a Cluster
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page shows how to enable and configure autoscaling of the DNS service in a
+Kubernetes cluster.
+-->
+本页展示了如何在集群中启用和配置 DNS 服务的自动伸缩功能。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!--
+* This guide assumes your nodes use the AMD64 or Intel 64 CPU architecture
+
+* Make sure the [DNS feature](/docs/concepts/services-networking/dns-pod-service/) itself is enabled.
+
+* Kubernetes version 1.4.0 or later is recommended.
+-->
+* 本指南假设您的节点使用 AMD64 或 Intel 64 CPU 架构
+
+* 确保已启用 [DNS 功能](/docs/concepts/services-networking/dns-pod-service/)本身。
+
+* 建议使用 Kubernetes 1.4.0 或更高版本。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Determining whether DNS horizontal autoscaling is already enabled
+
+List the {{< glossary_tooltip text="Deployments" term_id="deployment" >}}
+in your cluster in the kube-system namespace:
+
+```shell
+kubectl get deployment --namespace=kube-system
+```
+
+The output is similar to this:
+
+    NAME                  DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    dns-autoscaler        1         1         1            1           ...
+    ...
+
+If you see "dns-autoscaler" in the output, DNS horizontal autoscaling is
+already enabled, and you can skip to
+[Tuning autoscaling parameters](#tuning-autoscaling-parameters).
+-->
+## 确定是否 DNS 水平 水平自动伸缩特性已经启用
+
+在 kube-system 命名空间中列出集群中的 {{< glossary_tooltip text="Deployments" term_id="deployment" >}} ：
+
+```shell
+kubectl get deployment --namespace=kube-system
+```
+
+输出类似如下这样：
+
+    NAME                  DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    dns-autoscaler        1         1         1            1           ...
+    ...
+
+如果在输出中看到 “dns-autoscaler”，说明 DNS 水平自动伸缩已经启用，可以跳到 [调优自动伸缩参数](#tuning-autoscaling-parameters)。
+
+<!--
+## Getting the name of your DNS Deployment or ReplicationController
+
+List the Deployments in your cluster in the kube-system namespace:
+
+```shell
+kubectl get deployment --namespace=kube-system
+```
+
+The output is similar to this:
+
+    NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    coredns      2         2         2            2           ...
+    ...
+
+
+In Kubernetes versions earlier than 1.12, the DNS Deployment was called "kube-dns".
+
+In Kubernetes versions earlier than 1.5 DNS was implemented using a
+ReplicationController instead of a Deployment. So if you don't see kube-dns,
+or a similar name, in the preceding output, list the ReplicationControllers in
+your cluster in the kube-system namespace:
+
+```shell
+kubectl get rc --namespace=kube-system
+```
+
+The output is similar to this:
+
+    NAME            DESIRED   CURRENT   READY     AGE
+    ...
+    kube-dns-v20    1         1         1         ...
+    ...
+-->
+## 获取 DNS Deployment 或 ReplicationController 的名称
+
+列出集群内 kube-system namespace 中的 Deployment：
+
+```shell
+kubectl get deployment --namespace=kube-system
+```
+
+输出类似如下这样：
+
+    NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    coredns      2         2         2            2           ...
+    ...
+
+在早于 1.12 的 Kubernetes 版本中，DNS 部署称为 “kube-dns”。
+
+Kubernetes 1.5 或之前版本，DNS 通过使用 ReplicationController 来实现，而不是 Deployment。 所以看不到 kube-dns 或者类似的名称，在之前的输出中，列出了集群内 kube-system namespace 中的 ReplicationController：
+
+```shell
+kubectl get rc --namespace=kube-system
+```
+
+输出类似如下这样：
+
+    NAME            DESIRED   CURRENT   READY     AGE
+    ...
+    kube-dns-v20    1         1         1         ...
+    ...
+
+<!--
+## Determining your scale target
+
+If you have a DNS Deployment, your scale target is:
+
+    Deployment/<your-deployment-name>
+
+where `<your-deployment-name>` is the name of your DNS Deployment. For example, if
+your DNS Deployment name is coredns, your scale target is Deployment/coredns.
+
+If you have a DNS ReplicationController, your scale target is:
+
+    ReplicationController/<your-rc-name>
+
+where `<your-rc-name>` is the name of your DNS ReplicationController. For example,
+if your DNS ReplicationController name is kube-dns-v20, your scale target is
+ReplicationController/kube-dns-v20.
+-->
+## 确定伸缩目标
+
+如果有一个 DNS Deployment，伸缩目标是：
+
+    Deployment/<your-deployment-name>
+
+其中 `<your-deployment-name>` 是 DNS 部署的名称。例如，如果您的 DNS 部署名称是 coredns，则您的扩展目标是 Deployment/coredns。
+
+如果有一个 DNS ReplicationController，那么伸缩目标为：
+
+    ReplicationController/<your-rc-name>
+
+这里 `<your-rc-name>` 是 DNS ReplicationController 的名称。 例如，DNS ReplicationController 的名称是 kube-dns-v20，则伸缩目标为 ReplicationController/kube-dns-v20。
+
+<!--
+## Enabling DNS horizontal autoscaling
+
+In this section, you create a Deployment. The Pods in the Deployment run a
+container based on the `cluster-proportional-autoscaler-amd64` image.
+
+Create a file named `dns-horizontal-autoscaler.yaml` with this content:
+
+{{< codenew file="admin/dns/dns-horizontal-autoscaler.yaml" >}}
+
+In the file, replace `<SCALE_TARGET>` with your scale target.
+
+Go to the directory that contains your configuration file, and enter this
+command to create the Deployment:
+
+```shell
+kubectl apply -f dns-horizontal-autoscaler.yaml
+```
+
+The output of a successful command is:
+
+    deployment.apps/kube-dns-autoscaler created
+
+DNS horizontal autoscaling is now enabled.
+-->
+## 启用 DNS 水平自动伸缩
+
+在本段，我们创建一个 Deployment。Deployment 中的 Pod 运行一个基于 `cluster-proportional-autoscaler-amd64` 镜像的容器。
+
+创建文件 `dns-horizontal-autoscaler.yaml`，内容如下所示：
+
+{{< codenew file="admin/dns/dns-horizontal-autoscaler.yaml" >}}
+
+在文件中，将 `<SCALE_TARGET>` 替换成 scale 目标。
+
+进入到包含配置文件的目录中，输入如下命令创建 Deployment：
+
+```shell
+kubectl apply -f dns-horizontal-autoscaler.yaml
+```
+
+一个成功的命令输出是：
+
+    deployment.apps/kube-dns-autoscaler created
+
+DNS 水平自动伸缩在已经启用了。
+
+<!--
+## Tuning autoscaling parameters
+
+Verify that the dns-autoscaler {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} exists:
+
+```shell
+kubectl get configmap --namespace=kube-system
+```
+
+The output is similar to this:
+
+    NAME                  DATA      AGE
+    ...
+    dns-autoscaler        1         ...
+    ...
+
+Modify the data in the ConfigMap:
+
+```shell
+kubectl edit configmap dns-autoscaler --namespace=kube-system
+```
+
+Look for this line:
+
+```yaml
+linear: '{"coresPerReplica":256,"min":1,"nodesPerReplica":16}'
+```
+
+Modify the fields according to your needs. The "min" field indicates the
+minimal number of DNS backends. The actual number of backends number is
+calculated using this equation:
+
+    replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
+
+Note that the values of both `coresPerReplica` and `nodesPerReplica` are
+integers.
+
+The idea is that when a cluster is using nodes that have many cores,
+`coresPerReplica` dominates. When a cluster is using nodes that have fewer
+cores, `nodesPerReplica` dominates.
+
+There are other supported scaling patterns. For details, see
+[cluster-proportional-autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler).
+-->
+## 调优自动伸缩参数
+
+验证 dns-autoscaler {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} 是否存在：
+
+```shell
+kubectl get configmap --namespace=kube-system
+```
+
+输出类似如下所示：
+
+    NAME                  DATA      AGE
+    ...
+    dns-autoscaler        1         ...
+    ...
+
+修改该 ConfigMap 中的数据：
+
+```shell
+kubectl edit configmap dns-autoscaler --namespace=kube-system
+```
+
+找到如下这行内容：
+
+```yaml
+linear: '{"coresPerReplica":256,"min":1,"nodesPerReplica":16}'
+```
+
+根据需要修改对应的字段。“min” 字段说明 DNS 后端的最小数量。实际后端的数量，通过使用如下公式来计算：
+
+    replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
+
+注意 `coresPerReplica` 和 `nodesPerReplica` 的值都是整数。
+
+想法是，当一个集群使用具有很多核心的节点时，由 `coresPerReplica` 来控制。 当一个集群使用具有较少核心的节点时，由 `nodesPerReplica` 来控制。
+
+其它的伸缩模式也是支持的，详情查看 [cluster-proportional-autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler)。
+
+<!--
+## Disable DNS horizontal autoscaling
+
+There are a few options for tuning DNS horizontal autoscaling. Which option to
+use depends on different conditions.
+-->
+## 禁用 DNS 水平自动伸缩
+
+有几个 DNS 水平自动伸缩的选项。具体使用哪个选项因环境而异。
+
+<!--
+### Option 1: Scale down the dns-autoscaler deployment to 0 replicas
+
+This option works for all situations. Enter this command:
+
+```shell
+kubectl scale deployment --replicas=0 dns-autoscaler --namespace=kube-system
+```
+
+The output is:
+
+    deployment.extensions/dns-autoscaler scaled
+
+Verify that the replica count is zero:
+
+```shell
+kubectl get deployment --namespace=kube-system
+```
+
+The output displays 0 in the DESIRED and CURRENT columns:
+
+    NAME                  DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    dns-autoscaler        0         0         0            0           ...
+    ...
+-->
+### 选项 1：调小 dns-autoscaler deployment 至 0 个副本
+
+该选项适用于所有场景。运行如下命令：
+
+```shell
+kubectl scale deployment --replicas=0 dns-autoscaler --namespace=kube-system
+```
+
+输出如下所示：
+
+    deployment.extensions/dns-autoscaler scaled
+
+验证当前副本数为 0：
+
+```shell
+kubectl get deployment --namespace=kube-system
+```
+
+输出内容中，在 DESIRED 和 CURRENT 列显示为 0：
+
+    NAME                  DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    dns-autoscaler        0         0         0            0           ...
+    ...
+
+<!--
+### Option 2: Delete the dns-autoscaler deployment
+
+This option works if dns-autoscaler is under your own control, which means
+no one will re-create it:
+
+```shell
+kubectl delete deployment dns-autoscaler --namespace=kube-system
+```
+
+The output is:
+
+    deployment.extensions "dns-autoscaler" deleted
+-->
+### 选项 2：删除 dns-autoscaler Deployment
+
+如果 dns-autoscaler 为您所控制，该选项可以正常工作，也就说没有人会去重新创建它：
+
+```shell
+kubectl delete deployment dns-autoscaler --namespace=kube-system
+```
+
+输出内容如下所示：
+
+    deployment.extensions "dns-autoscaler" deleted
+
+<!--
+### Option 3: Delete the dns-autoscaler manifest file from the master node
+
+This option works if dns-autoscaler is under control of the (deprecated)
+[Addon Manager](https://git.k8s.io/kubernetes/cluster/addons/README.md),
+and you have write access to the master node.
+
+Sign in to the master node and delete the corresponding manifest file.
+The common path for this dns-autoscaler is:
+
+    /etc/kubernetes/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
+
+After the manifest file is deleted, the Addon Manager will delete the
+dns-autoscaler Deployment.
+-->
+### 选项 3：从 master 节点删除 dns-autoscaler manifest 文件
+
+如果 dns-autoscaler 在[插件管理器](https://git.k8s.io/kubernetes/cluster/addons/README.md)的控制之下，该选项可以工作，并且具有操作 master 节点的写权限。
+
+登录到 master 节点，删除对应的 manifest 文件。 
+dns-autoscaler 的路径一般为：
+
+    /etc/kubernetes/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
+
+当 manifest 文件删除后，插件管理器将删除 dns-autoscaler Deployment。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Understanding how DNS horizontal autoscaling works
+
+* The cluster-proportional-autoscaler application is deployed separately from
+the DNS service.
+
+* An autoscaler Pod runs a client that polls the Kubernetes API server for the
+number of nodes and cores in the cluster.
+
+* A desired replica count is calculated and applied to the DNS backends based on
+the current schedulable nodes and cores and the given scaling parameters.
+
+* The scaling parameters and data points are provided via a ConfigMap to the
+autoscaler, and it refreshes its parameters table every poll interval to be up
+to date with the latest desired scaling parameters.
+
+* Changes to the scaling parameters are allowed without rebuilding or restarting
+the autoscaler Pod.
+
+* The autoscaler provides a controller interface to support two control
+patterns: *linear* and *ladder*.
+-->
+## 理解 DNS 水平自动伸缩工作原理
+
+* cluster-proportional-autoscaler 应用独立于 DNS service 部署。
+
+* autoscaler Pod 运行一个客户端，它通过轮询 Kubernetes API server 获取集群中节点和核心的数量。
+
+* 一个期望的副本数会被计算，并根据当前可调度的节点、核心数、给定伸缩参数，被应用到 DNS 后端。
+
+* 伸缩参数和数据点会基于一个 ConfigMap 来提供给 autoscaler，它会在每次轮询时刷新它的参数表，以与最近期望的伸缩参数保持一致。
+
+* 允许对伸缩参数进行修改，而不需要重建或重启 autoscaler Pod。
+
+* autoscaler 提供了一个控制器接口来支持两种控制模式：*linear* 和 *ladder*。
+
+<!--
+## Future enhancements
+
+Control patterns, in addition to linear and ladder, that consider custom metrics
+are under consideration as a future development.
+
+Scaling of DNS backends based on DNS-specific metrics is under consideration as
+a future development. The current implementation, which uses the number of nodes
+and cores in cluster, is limited.
+
+Support for custom metrics, similar to that provided by
+[Horizontal Pod Autoscaling](/docs/tasks/run-application/horizontal-pod-autoscale/),
+is under consideration as a future development.
+-->
+## 未来功能增强
+
+控制模式，除了 linear 和 ladder，正在考虑未来将开发自定义 metric。
+
+基于 DNS 特定 metric 的 DNS 后端的伸缩，考虑未来会开发。当前实现是使用集群中节点和核心的数量是受限制的。
+
+支持自定义 metric，类似于 [Horizontal Pod 自动伸缩](/docs/tasks/run-application/horizontal-pod-autoscale/) 所提供的，考虑未来进行开发。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* Learn more about the
+[implementation of cluster-proportional-autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler).
+-->
+* 了解更多关于 [cluster-proportional-autoscaler 实现](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler)的相关信息。
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/encrypt-data.md b/content/zh/docs/tasks/administer-cluster/encrypt-data.md
index d1f12a6edf830..7784389bd9fa4 100644
--- a/content/zh/docs/tasks/administer-cluster/encrypt-data.md
+++ b/content/zh/docs/tasks/administer-cluster/encrypt-data.md
@@ -1,17 +1,18 @@
-<!--
 ---
 reviewers:
 - smarterclayton
-title: Encrypting Secret Data at Rest
+title: 静态加密 Secret 数据
 content_template: templates/task
 ---
--->
+
+<!--
 ---
 reviewers:
 - smarterclayton
-title: 加密静态 Secret 数据
+title: Encrypting Secret Data at Rest
 content_template: templates/task
 ---
+-->
 
 {{% capture overview %}}
 <!--
diff --git a/content/zh/docs/tasks/administer-cluster/extended-resource-node.md b/content/zh/docs/tasks/administer-cluster/extended-resource-node.md
new file mode 100644
index 0000000000000..21585be0b528d
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/extended-resource-node.md
@@ -0,0 +1,368 @@
+---
+title: 为节点发布扩展资源
+content_template: templates/task
+---
+<!--
+---
+title: Advertise Extended Resources for a Node
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to specify extended resources for a Node.
+Extended resources allow cluster administrators to advertise node-level
+resources that would otherwise be unknown to Kubernetes.
+-->
+本文展示了如何为节点指定扩展资源。 扩展资源允许集群管理员发布节点级别的资源，这些资源在不进行发布的情况下无法被 Kubernetes 感知。
+
+{{< feature-state state="stable" >}}
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Get the names of your Nodes
+
+```shell
+kubectl get nodes
+```
+
+Choose one of your Nodes to use for this exercise.
+-->
+## 获取您的节点名称
+
+```shell
+kubectl get nodes
+```
+
+选择您的一个节点用于此练习。
+
+<!--
+## Advertise a new extended resource on one of your Nodes
+
+To advertise a new extended resource on a Node, send an HTTP PATCH request to
+the Kubernetes API server. For example, suppose one of your Nodes has four dongles
+attached. Here's an example of a PATCH request that advertises four dongle resources
+for your Node.
+
+```shell
+PATCH /api/v1/nodes/<your-node-name>/status HTTP/1.1
+Accept: application/json
+Content-Type: application/json-patch+json
+Host: k8s-master:8080
+
+[
+  {
+    "op": "add",
+    "path": "/status/capacity/example.com~1dongle",
+    "value": "4"
+  }
+]
+```
+
+Note that Kubernetes does not need to know what a dongle is or what a dongle is for.
+The preceding PATCH request just tells Kubernetes that your Node has four things that
+you call dongles.
+
+Start a proxy, so that you can easily send requests to the Kubernetes API server:
+
+```
+kubectl proxy
+```
+
+In another command window, send the HTTP PATCH request.
+Replace `<your-node-name>` with the name of your Node:
+
+```shell
+curl --header "Content-Type: application/json-patch+json" \
+--request PATCH \
+--data '[{"op": "add", "path": "/status/capacity/example.com~1dongle", "value": "4"}]' \
+http://localhost:8001/api/v1/nodes/<your-node-name>/status
+```
+
+{{< note >}}
+In the preceding request, `~1` is the encoding for the character / in
+the patch path. The operation path value in JSON-Patch is interpreted as a
+JSON-Pointer. For more details, see
+[IETF RFC 6901](https://tools.ietf.org/html/rfc6901), section 3.
+{{< /note >}}
+
+The output shows that the Node has a capacity of 4 dongles:
+
+```
+"capacity": {
+  "cpu": "2",
+  "memory": "2049008Ki",
+  "example.com/dongle": "4",
+```
+
+Describe your Node:
+
+```
+kubectl describe node <your-node-name>
+```
+
+Once again, the output shows the dongle resource:
+
+```yaml
+Capacity:
+ cpu:  2
+ memory:  2049008Ki
+ example.com/dongle:  4
+```
+
+Now, application developers can create Pods that request a certain
+number of dongles. See
+[Assign Extended Resources to a Container](/docs/tasks/configure-pod-container/extended-resource/).
+-->
+## 在您的一个节点上发布一种新的扩展资源
+
+为在一个节点上发布一种新的扩展资源，需要发送一个 HTTP PATCH 请求到 Kubernetes API server。 例如：假设您的一个节点上带有四个 dongle 资源。下面是一个 PATCH 请求的示例， 该请求为您的节点发布四个 dongle 资源。
+
+```shell
+PATCH /api/v1/nodes/<your-node-name>/status HTTP/1.1
+Accept: application/json
+Content-Type: application/json-patch+json
+Host: k8s-master:8080
+
+[
+  {
+    "op": "add",
+    "path": "/status/capacity/example.com~1dongle",
+    "value": "4"
+  }
+]
+```
+
+注意：Kubernetes 不需要了解 dongle 资源的含义和用途。 前面的 PATCH 请求仅仅告诉 Kubernetes 您的节点拥有四个您称之为 dongle 的东西。
+
+启动一个代理（proxy），以便您可以很容易地向 Kubernetes API server 发送请求：
+
+```
+kubectl proxy
+```
+
+在另一个命令窗口中，发送 HTTP PATCH 请求。 用您的节点名称替换 `<your-node-name>`：
+
+```shell
+curl --header "Content-Type: application/json-patch+json" \
+--request PATCH \
+--data '[{"op": "add", "path": "/status/capacity/example.com~1dongle", "value": "4"}]' \
+http://localhost:8001/api/v1/nodes/<your-node-name>/status
+```
+
+{{< note >}}
+在前面的请求中，`~1` 为 patch 路径中 “/” 符号的编码。JSON-Patch 中的操作路径值被解析为 JSON 指针。 更多细节，请查看 [IETF RFC 6901](https://tools.ietf.org/html/rfc6901) 的第 3 部分。
+{{< /note >}}
+
+输出显示该节点的 dongle 资源容量（capacity）为 4：
+
+```
+"capacity": {
+  "cpu": "2",
+  "memory": "2049008Ki",
+  "example.com/dongle": "4",
+```
+
+描述您的节点：
+
+```
+kubectl describe node <your-node-name>
+```
+
+输出再次展示了 dongle 资源：
+
+```yaml
+Capacity:
+ cpu:  2
+ memory:  2049008Ki
+ example.com/dongle:  4
+```
+
+现在，应用开发者可以创建请求一定数量 dongle 资源的 Pod 了。 参见[将扩展资源分配给容器](/docs/tasks/configure-pod-container/extended-resource/)。
+
+<!--
+## Discussion
+
+Extended resources are similar to memory and CPU resources. For example,
+just as a Node has a certain amount of memory and CPU to be shared by all components
+running on the Node, it can have a certain number of dongles to be shared
+by all components running on the Node. And just as application developers
+can create Pods that request a certain amount of memory and CPU, they can
+create Pods that request a certain number of dongles.
+
+Extended resources are opaque to Kubernetes; Kubernetes does not
+know anything about what they are. Kubernetes knows only that a Node
+has a certain number of them. Extended resources must be advertised in integer
+amounts. For example, a Node can advertise four dongles, but not 4.5 dongles.
+-->
+## 讨论
+
+扩展资源类似于内存和 CPU 资源。 例如，正如一个节点拥有一定数量的内存和 CPU 资源， 它们被节点上运行的所有组件共享，该节点也可以拥有一定数量的 dongle 资源， 这些资源同样被节点上运行的所有组件共享。 此外，正如应用开发者可以创建请求一定数量的内存和 CPU 资源的 Pod， 他们也可以创建请求一定数量 dongle 资源的 Pod。
+
+扩展资源对 Kubernetes 是不透明的。 Kubernetes 不知道扩展资源含义相关的任何信息。 Kubernetes 只了解一个节点拥有一定数量的扩展资源。 扩展资源必须以整形数量进行发布。 例如，一个节点可以发布 4 个 dongle 资源，但是不能发布 4.5 个。
+
+<!--
+### Storage example
+
+Suppose a Node has 800 GiB of a special kind of disk storage. You could
+create a name for the special storage, say example.com/special-storage.
+Then you could advertise it in chunks of a certain size, say 100 GiB. In that case,
+your Node would advertise that it has eight resources of type
+example.com/special-storage.
+
+```yaml
+Capacity:
+ ...
+ example.com/special-storage: 8
+```
+
+If you want to allow arbitrary requests for special storage, you
+could advertise special storage in chunks of size 1 byte. In that case, you would advertise
+800Gi resources of type example.com/special-storage.
+
+```yaml
+Capacity:
+ ...
+ example.com/special-storage:  800Gi
+```
+
+Then a Container could request any number of bytes of special storage, up to 800Gi.
+-->
+### 存储示例
+
+假设一个节点拥有一种特殊类型的磁盘存储，其容量为 800 GiB。 您可以为该特殊存储创建一个名称， 如 example.com/special-storage。 然后您就可以按照一定规格的块（如 100 GiB）对其进行发布。 在这种情况下，您的节点将会通知它拥有八个 example.com/special-storage 类型的资源。
+
+```yaml
+Capacity:
+ ...
+ example.com/special-storage: 8
+```
+
+如果您想要允许针对特殊存储任意（数量）的请求，您可以按照 1 byte 大小的块来发布特殊存储。 在这种情况下，您将会发布 800Gi 数量的 example.com/special-storage 类型的资源。
+
+```yaml
+Capacity:
+ ...
+ example.com/special-storage:  800Gi
+```
+
+然后，容器就能够请求任意数量（多达 800Gi）字节的特殊存储。
+
+<!--
+## Clean up
+
+Here is a PATCH request that removes the dongle advertisement from a Node.
+
+```shell
+PATCH /api/v1/nodes/<your-node-name>/status HTTP/1.1
+Accept: application/json
+Content-Type: application/json-patch+json
+Host: k8s-master:8080
+
+[
+  {
+    "op": "remove",
+    "path": "/status/capacity/example.com~1dongle",
+  }
+]
+```
+
+Start a proxy, so that you can easily send requests to the Kubernetes API server:
+
+```
+kubectl proxy
+```
+
+In another command window, send the HTTP PATCH request.
+Replace `<your-node-name>` with the name of your Node:
+
+```shell
+curl --header "Content-Type: application/json-patch+json" \
+--request PATCH \
+--data '[{"op": "remove", "path": "/status/capacity/example.com~1dongle"}]' \
+http://localhost:8001/api/v1/nodes/<your-node-name>/status
+```
+
+Verify that the dongle advertisement has been removed:
+
+```
+kubectl describe node <your-node-name> | grep dongle
+```
+-->
+## 清理
+
+这里是一个从节点移除 dongle 资源发布的 PATCH 请求。
+
+```shell
+PATCH /api/v1/nodes/<your-node-name>/status HTTP/1.1
+Accept: application/json
+Content-Type: application/json-patch+json
+Host: k8s-master:8080
+
+[
+  {
+    "op": "remove",
+    "path": "/status/capacity/example.com~1dongle",
+  }
+]
+```
+
+启动一个代理，以便您可以很容易地向 Kubernetes API server 发送请求：
+
+```
+kubectl proxy
+```
+
+在另一个命令窗口中，发送 HTTP PATCH 请求。 用您的节点名称替换 `<your-node-name>`：
+
+```shell
+curl --header "Content-Type: application/json-patch+json" \
+--request PATCH \
+--data '[{"op": "remove", "path": "/status/capacity/example.com~1dongle"}]' \
+http://localhost:8001/api/v1/nodes/<your-node-name>/status
+```
+
+验证 dongle 资源的发布已经被移除：
+
+```
+kubectl describe node <your-node-name> | grep dongle
+```
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+<!--
+### For application developers
+
+* [Assign Extended Resources to a Container](/docs/tasks/configure-pod-container/extended-resource/)
+
+### For cluster administrators
+
+* [Configure Minimum and Maximum Memory Constraints for a Namespace](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+* [Configure Minimum and Maximum CPU Constraints for a Namespace](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+-->
+### 针对应用开发人员
+
+* [将扩展资源分配给容器](/docs/tasks/configure-pod-container/extended-resource/)
+  
+### 针对集群管理员
+
+* [为 Namespace 配置最小和最大内存约束](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+* [为 Namespace 配置最小和最大 CPU 约束](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md b/content/zh/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md
index a99010e0d4764..fea250a56cc02 100644
--- a/content/zh/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md
+++ b/content/zh/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md
@@ -1,54 +1,40 @@
 ---
-approvers:
-- davidopp
-- filipg
-- piosz
 title: 关键插件 Pod 的调度保证
+content_template: templates/concept
 ---
 
-{{< toc >}}
-
-
-
-## 概览
-
-除了 Kubernetes 核心组件，像运行在 master 机器上的 api-server、scheduler、controller-manager，由于各种原因，还有很多插件必须运行在一个普通的集群节点上（而不是 Kubernetes master）。
-这些插件中的一些对于一个功能完备的集群来说是非常关键的，例如 Heapster、DNS 以及 UI。
-如果一个关键的插件被移除（或者手动，或是类似升级这样具有副作用的其它操作），或者变成挂起状态（例如，当集群利用率过高，以及或者其它被调度到该空间中的挂起 Pod 被清理关键插件 Pod 给移除，或者由于其它原因导致节点上可用资源的总量发生变化），集群可能会停止正常工作。
-
-
-
-## 二次调度器：关键插件的调度保证
-
-二次调度器确保关键的插件总是能被调度（假定普通的 Pod 不存在时，集群具有足够的资源去运行关键插件 Pod）。
-如果调度器确定没有节点有足够资源去运行关键插件 Pod，假使有 Pod 已经运行在集群中（通过将关键插件 Pod 的条件 PodScheduled 设置为 false，原因设置为 Unschedulable  来指示），这时二次调度器通过清理一些 Pod 尽量去释放空间，然后调度器将调度该插件 Pod。
-
-
-
-为了避免这种情况，当另一个 Pod 被调度到该空间，为了该关键插件，被选择的节点导致临时变成 "CriticalAddonsOnly" 的 taint（查看 [更多详情](https://git.k8s.io/community/contributors/design-proposals/taint-toleration-dedicated.md)）。
-每个关键插件不得不容忍它，然而其它一些 Pod 不可能容忍该 taint。一旦该插件被成功调度，该 taint 会被移除。
-
-*警告：* 当前对选中哪个节点，以及为了调度该关键 Pod 杀掉哪个 Pod 并没有任何保证，所以如果启用了二次调度器，任何 Pod 都可能被偶然的杀掉以达到目的。
-
-
-
-## 配置
-
-二次调度器应该被 [作为 static Pod 默认启用](https://git.k8s.io/kubernetes/cluster/saltbase/salt/rescheduler/rescheduler.manifest)。
-它没有任何面向用户的配置（组件配置），或者 API，可以通过如下方式来禁用：
-
-
-
-* 在集群安装过程中通过设置 `ENABLE_RESCHEDULER` 标志为 `false`
-* 在运行中的集群中从 master 节点删除它的 manifest（默认路径 `/etc/kubernetes/manifests/rescheduler.manifest`）
-
-
-
-### 标记关键插件
-
-想变成关键插件，必须运行在 `kube-system` Namespace 中（是基于标志可配置的），并且：
-* 将 `scheduler.alpha.kubernetes.io/critical-pod` annotation 设置为空字符串，并且
-* 将 PodSpec 的 `tolerations` 字段设置为 `[{"key":"CriticalAddonsOnly", "operator":"Exists"}]`
-
-第一个表示是一个关键 Pod。第二个是二次调度器算法必需的。
-
+{{% capture overview %}}
+
+<!-- 
+In addition to Kubernetes core components like api-server, scheduler, controller-manager running on a master machine
+there are a number of add-ons which, for various reasons, must run on a regular cluster node (rather than the Kubernetes master).
+Some of these add-ons are critical to a fully functional cluster, such as metrics-server, DNS, and UI.
+A cluster may stop working properly if a critical add-on is evicted (either manually or as a side effect of another operation like upgrade)
+and becomes pending (for example when the cluster is highly utilized and either there are other pending pods that schedule into the space
+vacated by the evicted critical add-on pod or the amount of resources available on the node changed for some other reason).
+-->
+除了在主机上运行的 Kubernetes 核心组件（如 api-server 、scheduler 、controller-manager）之外，还有许多插件，由于各种原因，
+必须在常规集群节点（而不是 Kubernetes 主节点）上运行。
+其中一些插件对于功能完备的群集至关重要，例如 Heapster、DNS 和 UI。
+如果关键插件被逐出（手动或作为升级等其他操作的副作用）或者变成挂起状态，群集可能会停止正常工作。
+关键插件进入挂起状态的例子有：集群利用率过高；被逐出的关键插件 Pod 释放了空间，但该空间被之前悬决的 Pod 占用；由于其它原因导致节点上可用资源的总量发生变化。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+### Marking pod as critical
+-->
+### 标记关键 Pod
+
+<!--
+To be considered critical, the pod has to run in the `kube-system` namespace (configurable via flag) and
+* Have the priorityClassName set as "system-cluster-critical" or "system-node-critical", the latter being the highest for entire cluster. Alternatively, you could add an annotation `scheduler.alpha.kubernetes.io/critical-pod` as key and empty string as value to your pod, but this annotation is deprecated as of version 1.13 and will be removed in 1.14.
+-->
+要将 pod 标记为关键性（critical），pod 必须在 kube-system 命名空间中运行（可通过参数配置）。
+同时，需要将 `priorityClassName` 设置为 `system-cluster-critical` 或 `system-node-critical` ，后者是整个群集的最高级别。
+或者，也可以为 Pod 添加名为 `scheduler.alpha.kubernetes.io/critical-pod`、值为空字符串的注解。
+不过，这一注解从 1.13 版本开始不再推荐使用，并将在 1.14 中删除。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/ip-masq-agent.md b/content/zh/docs/tasks/administer-cluster/ip-masq-agent.md
new file mode 100644
index 0000000000000..ff76ccc730e06
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/ip-masq-agent.md
@@ -0,0 +1,215 @@
+---
+title: IP Masquerade Agent 用户指南
+content_template: templates/task
+---
+<!--
+---
+title: IP Masquerade Agent User Guide
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page shows how to configure and enable the ip-masq-agent.
+-->
+此页面展示如何配置和启用 ip-masq-agent。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+<!--
+## IP Masquerade Agent User Guide
+-->
+## IP Masquerade Agent 用户指南
+
+<!--
+The ip-masq-agent configures iptables rules to hide a pod's IP address behind the cluster node's IP address. This is typically done when sending traffic to destinations outside the cluster's pod [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) range.
+-->
+ip-masq-agent 配置 iptables 规则以隐藏位于集群节点 IP 地址后面的 pod 的 IP 地址。 这通常在将流量发送到集群的 pod [CIDR](https://zh.wikipedia.org/wiki/%E6%97%A0%E7%B1%BB%E5%88%AB%E5%9F%9F%E9%97%B4%E8%B7%AF%E7%94%B1) 范围之外的目的地时使用。
+
+<!--
+### **Key Terms**
+-->
+### **关键词**
+
+<!--
+*   **NAT (Network Address Translation)**
+    Is a method of remapping one IP address to another by modifying either the source and/or destination address information in the IP header.  Typically performed by a device doing IP routing.
+-->
+*   **NAT (网络地址解析)**
+    是一种通过修改 IP 地址头中的源和/或目标地址信息将一个 IP 地址重新映射到另一个 IP 地址的方法。通常由执行 IP 路由的设备执行。
+<!--
+*   **Masquerading**
+    A form of NAT that is typically used to perform a many to one address translation, where multiple source IP addresses are masked behind a single address, which is typically the device doing the IP routing. In Kubernetes this is the Node's IP address.
+-->    
+*   **伪装**
+    NAT 的一种形式，通常用于执行多对一地址转换，其中多个源 IP 地址被隐藏在单个地址后面，该地址通常是执行 IP 路由的设备。在 Kubernetes 中，这是节点的 IP 地址。
+<!--
+*   **CIDR (Classless Inter-Domain Routing)**
+    Based on the variable-length subnet masking, allows specifying arbitrary-length prefixes. CIDR introduced a new method of representation for IP addresses, now commonly known as **CIDR notation**, in which an address or routing prefix is written with a suffix indicating the number of bits of the prefix, such as 192.168.2.0/24.
+-->
+*   **CIDR (无类别域间路由)**
+    基于可变长度子网掩码，允许指定任意长度的前缀。CIDR 引入了一种新的 IP 地址表示方法，现在通常称为**CIDR表示法**，其中地址或路由前缀后添加一个后缀，用来表示前缀的位数，例如 192.168.2.0/24。
+<!--
+*   **Link Local**
+    A link-local address is a network address that is valid only for communications within the network segment or the broadcast domain that the host is connected to. Link-local addresses for IPv4 are defined in the address block 169.254.0.0/16 in CIDR notation.
+-->
+*   **本地链路**
+    本地链路是仅对网段或主机所连接的广播域内的通信有效的网络地址。IPv4的本地链路地址在 CIDR 表示法的地址块 169.254.0.0/16 中定义。
+
+<!--
+The ip-masq-agent configures iptables rules to handle masquerading node/pod IP addresses when sending traffic to destinations outside the cluster node's IP and the Cluster IP range.  This essentially hides pod IP addresses behind the cluster node's IP address.  In some environments, traffic to "external" addresses must come from a known machine address. For example, in Google Cloud, any traffic to the internet must come from a VM's IP.  When containers are used, as in Google Kubernetes Engine, the Pod IP will be rejected for egress. To avoid this, we must hide the Pod IP behind the VM's own IP address - generally known as "masquerade". By default, the agent is configured to treat the three private IP ranges specified by [RFC 1918](https://tools.ietf.org/html/rfc1918) as non-masquerade [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).  These ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. The agent will also treat link-local (169.254.0.0/16) as a non-masquerade CIDR by default.  The agent is configured to reload its configuration from the location */etc/config/ip-masq-agent* every 60 seconds, which is also configurable.
+-->
+ip-masq-agent 配置 iptables 规则，以便在将流量发送到集群节点的IP和集群IP范围之外的目标时处理伪装节点/pod 的 IP 地址。这基本上隐藏了集群节点 IP 地址后面的pod IP地址。在某些环境中，去往“外部”地址的流量必须从已知的机器地址发出。例如，在 Google Cloud 中，任何到互联网的流量都必须来自 VM 的 IP。使用容器时，如 Google Kubernetes Engine，从Pod IP 发出的流量将被拒绝出出站。为了避免这种情况，我们必须将 Pod IP 隐藏在 VM 自己的IP地址后面 - 通常称为“伪装”。默认情况下，代理配置为将[RFC 1918](https://tools.ietf.org/html/rfc1918)指定的三个私有IP范围视为非伪装[CIDR](https://zh.wikipedia.org/wiki/%E6%97%A0%E7%B1%BB%E5%88%AB%E5%9F%9F%E9%97%B4%E8%B7%AF%E7%94%B1)。这些范围是 10.0.0.0/8,172.16.0.0/12 和 192.168.0.0/16。默认情况下，代理还将链路本地地址(169.254.0.0/16)视为非伪装 CIDR。代理程序配置为每隔60秒从*/etc/config/ip-masq-agent*重新加载其配置，这也是可修改的。
+
+![masq/non-masq example](/images/docs/ip-masq.png)
+
+<!--
+The agent configuration file must be written in YAML or JSON syntax, and may contain three optional keys:
+-->
+代理配置文件必须使用 YAML 或 JSON 语法编写，并且可能包含三个可选值：
+
+<!--
+*   **nonMasqueradeCIDRs:** A list of strings in [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) notation that specify the non-masquerade ranges.
+-->
+*   **nonMasqueradeCIDRs:** [CIDR](https://zh.wikipedia.org/wiki/%E6%97%A0%E7%B1%BB%E5%88%AB%E5%9F%9F%E9%97%B4%E8%B7%AF%E7%94%B1) 表示法中的字符串列表，用于指定不需伪装的地址范围。
+<!--
+*   **masqLinkLocal:** A Boolean (true / false) which indicates whether to masquerade traffic to the link local prefix 169.254.0.0/16. False by default.
+-->
+*   **masqLinkLocal:** 布尔值 (true / false)，表示是否将流量伪装到本地链路前缀169.254.0.0/16。 默认为 false。
+<!--
+*   **resyncInterval:** An interval at which the agent attempts to reload config from disk. e.g. '30s' where 's' is seconds, 'ms' is milliseconds etc...
+-->
+*   **resyncInterval:** 代理尝试从磁盘重新加载配置的时间间隔。 例如 '30s'，其中 's' 是秒，'ms' 是毫秒等...
+
+<!--
+Traffic to 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) ranges will NOT be masqueraded. Any other traffic (assumed to be internet) will be masqueraded.  An example of a local destination from a pod could be its Node's IP address as well as another node's address or one of the IP addresses in Cluster's IP range.   Any other traffic will be masqueraded by default.  The below entries show the default set of rules that are applied by the ip-masq-agent:
+-->
+10.0.0.0/8,172.16.0.0/12和192.168.0.0/16）范围内的流量不会被伪装。任何其他流量（假设是互联网）将被伪装。pod 访问本地目的地的例子，可以是其节点的 IP 地址、另一节点的地址或集群的 IP 地址范围内的一个 IP 地址。默认情况下，任何其他流量都将伪装。以下条目展示了 ip-masq-agent 的默认使用的规则：
+
+<!--
+```
+iptables -t nat -L IP-MASQ-AGENT
+RETURN     all  --  anywhere             169.254.0.0/16       /* ip-masq-agent: cluster-local traffic should not be subject to MASQUERADE */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             10.0.0.0/8           /* ip-masq-agent: cluster-local traffic should not be subject to MASQUERADE */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             172.16.0.0/12        /* ip-masq-agent: cluster-local traffic should not be subject to MASQUERADE */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             192.168.0.0/16       /* ip-masq-agent: cluster-local traffic should not be subject to MASQUERADE */ ADDRTYPE match dst-type !LOCAL
+MASQUERADE  all  --  anywhere             anywhere             /* ip-masq-agent: outbound traffic should be subject to MASQUERADE (this match must come after cluster-local CIDR matches) */ ADDRTYPE match dst-type !LOCAL
+
+```
+-->
+```
+iptables -t nat -L IP-MASQ-AGENT
+RETURN     all  --  anywhere             169.254.0.0/16       /* ip-masq-agent: 集群本地流量不被 MASQUERADE 控制 */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             10.0.0.0/8           /* ip-masq-agent: 集群本地流量不被 MASQUERADE 控制 */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             172.16.0.0/12        /* ip-masq-agent: 集群本地流量不被 MASQUERADE 控制 */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             192.168.0.0/16       /* ip-masq-agent: 集群本地流量不被 MASQUERADE 控制 */ ADDRTYPE match dst-type !LOCAL
+MASQUERADE  all  --  anywhere             anywhere             /* ip-masq-agent: 出站流量应受 MASQUERADE 控制 (此规则必须在集群本地 CIDR 规则之后) */ ADDRTYPE match dst-type !LOCAL
+
+```
+
+<!--
+By default, in GCE/Google Kubernetes Engine starting with Kubernetes version 1.7.0, if network policy is enabled or you are using a cluster CIDR not in the 10.0.0.0/8 range, the ip-masq-agent will run in your cluster.  If you are running in another environment, you can add the ip-masq-agent [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) to your cluster:
+-->
+默认情况下，从 Kubernetes 1.7.0 版本开始的 GCE/Google Kubernetes Engine 中，如果启用了网络策略，或者您使用的集群 CIDR 不在 10.0.0.0/8 范围内，则 ip-masq-agent 将在您的集群中运行。如果您在其他环境中运行，则可以将 ip-masq-agent [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) 添加到您的集群：
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Create an ip-masq-agent
+To create an ip-masq-agent, run the following kubectl command:
+-->
+## 创建 ip-masq-agent
+通过运行以下 kubectl 指令创建 ip-masq-agent:
+
+`
+kubectl apply -f https://raw.githubusercontent.com/kubernetes-incubator/ip-masq-agent/master/ip-masq-agent.yaml
+`
+
+<!--
+You must also apply the appropriate node label to any nodes in your cluster that you want the agent to run on.
+-->
+您必须同时将适当的节点标签应用于集群中希望代理运行的任何节点。
+
+`
+kubectl label nodes my-node beta.kubernetes.io/masq-agent-ds-ready=true
+`
+
+<!--
+More information can be found in the ip-masq-agent documentation [here](https://github.com/kubernetes-incubator/ip-masq-agent)
+-->
+更多信息可以通过 ip-masq-agent 文档 [这里](https://github.com/kubernetes-incubator/ip-masq-agent) 找到
+
+<!--
+In most cases, the default set of rules should be sufficient; however, if this is not the case for your cluster, you can create and apply a [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) to customize the IP ranges that are affected.  For example, to allow only 10.0.0.0/8 to be considered by the ip-masq-agent, you can create the following [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) in a file called "config".
+-->
+在大多数情况下，默认的规则集应该足够；但是，如果您的群集不是这种情况，则可以创建并应用 [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) 来自定义受影响的 IP 范围。 例如，要允许 ip-masq-agent 仅作用于 10.0.0.0/8，您可以一个名为 “config” 的文件中创建以下 [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) 。
+
+{{< note >}}
+<!--
+It is important that the file is called config since, by default, that will be used as the key for lookup by the ip-masq-agent:
+-->
+重要的是，该文件之所以被称为 config，因为默认情况下，该文件将被用作 ip-masq-agent 查找的关键：
+
+```
+nonMasqueradeCIDRs:
+  - 10.0.0.0/8
+resyncInterval: 60s
+```
+{{< /note >}}
+
+<!--
+Run the following command to add the config map to your cluster:
+-->
+运行以下命令将配置映射添加到您的集群：
+
+```
+kubectl create configmap ip-masq-agent --from-file=config --namespace=kube-system
+```
+
+<!--
+This will update a file located at */etc/config/ip-masq-agent* which is periodically checked every *resyncInterval* and applied to the cluster node.
+After the resync interval has expired, you should see the iptables rules reflect your changes:
+-->
+这将更新位于 */etc/config/ip-masq-agent* 的一个文件，该文件以 *resyncInterval* 为周期定期检查并应用于集群节点。
+重新同步间隔到期后，您应该看到您的更改在 iptables 规则中体现：
+
+<!--
+```
+iptables -t nat -L IP-MASQ-AGENT
+Chain IP-MASQ-AGENT (1 references)
+target     prot opt source               destination
+RETURN     all  --  anywhere             169.254.0.0/16       /* ip-masq-agent: cluster-local traffic should not be subject to MASQUERADE */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             10.0.0.0/8           /* ip-masq-agent: cluster-local
+MASQUERADE  all  --  anywhere             anywhere             /* ip-masq-agent: outbound traffic should be subject to MASQUERADE (this match must come after cluster-local CIDR matches) */ ADDRTYPE match dst-type !LOCAL
+```
+-->
+```
+iptables -t nat -L IP-MASQ-AGENT
+Chain IP-MASQ-AGENT (1 references)
+target     prot opt source               destination
+RETURN     all  --  anywhere             169.254.0.0/16       /* ip-masq-agent: 集群本地流量不被 MASQUERADE 控制 */ ADDRTYPE match dst-type !LOCAL
+RETURN     all  --  anywhere             10.0.0.0/8           /* ip-masq-agent: cluster-local
+MASQUERADE  all  --  anywhere             anywhere             /* ip-masq-agent: 出站流量应受 MASQUERADE 控制 (此规则必须在集群本地 CIDR 规则之后) */ ADDRTYPE match dst-type !LOCAL
+```
+
+<!--
+By default, the link local range (169.254.0.0/16) is also handled by the ip-masq agent, which sets up the appropriate iptables rules.  To have the ip-masq-agent ignore link local, you can set *masqLinkLocal*  to true in the config map.
+-->
+默认情况下，本地链路范围 (169.254.0.0/16) 也由 ip-masq agent 处理，该代理设置适当的 iptables 规则。 要使 ip-masq-agent 忽略本地链路，可以在配置映射中将 *masqLinkLocal* 设置为true。
+
+```
+nonMasqueradeCIDRs:
+  - 10.0.0.0/8
+resyncInterval: 60s
+masqLinkLocal: true
+```
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/kms-provider.md b/content/zh/docs/tasks/administer-cluster/kms-provider.md
new file mode 100644
index 0000000000000..8d4332d15820c
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/kms-provider.md
@@ -0,0 +1,283 @@
+---
+reviewers:
+- smarterclayton
+title: 使用 KMS 提供商进行数据加密
+content_template: templates/task
+---
+<!-- ---
+reviewers:
+- smarterclayton
+title: Using a KMS provider for data encryption
+content_template: templates/task
+--- -->
+{{% capture overview %}}
+<!-- This page shows how to configure a Key Management Service (KMS) provider and plugin to enable secret data encryption. -->
+
+本页展示了如何配置秘钥管理服务—— Key Management Service (KMS) 提供商和插件以启用数据加密。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!-- * Kubernetes version 1.10.0 or later is required -->
+
+* 需要 Kubernetes 1.10.0 或更新版本
+
+<!-- * etcd v3 or later is required -->
+
+* 需要 etcd v3 或更新版本
+
+{{< feature-state for_k8s_version="v1.12" state="beta" >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- The KMS encryption provider uses an envelope encryption scheme to encrypt data in etcd. The data is encrypted using a data encryption key (DEK); a new DEK is generated for each encryption. The DEKs are encrypted with a key encryption key (KEK) that is stored and managed in a remote KMS. The KMS provider uses gRPC to communicate with a specific KMS 
+plugin. The KMS plugin, which is implemented as a gRPC server and deployed on the same host(s) as the Kubernetes master(s), is responsible for all communication with the remote KMS. -->
+
+KMS 加密提供商使用封套加密模型来加密 etcd 中的数据。数据使用数据加密秘钥（DEK）加密；每次加密都生成一个新的 DEK。这些 DEK 经一个秘钥加密秘钥（KEK）加密后在一个远端的 KMS 中存储和管理。KMS 提供商使用 gRPC 与一个特定的 KMS 插件通信。这个 KMS 插件作为一个 gRPC 服务器被部署在 Kubernetes 主服务器的同一个主机上，负责与远端 KMS 的通信。
+
+<!-- ## Configuring the KMS provider -->
+
+## 配置 KMS 提供商
+
+<!-- To configure a KMS provider on the API server, include a provider of type ```kms``` in the providers array in the encryption configuration file and set the following properties: -->
+
+为了在 API 服务器上配置 KMS 提供商，在加密配置文件中的提供商数组中加入一个类型为 ```kms``` 的提供商，并设置下列属性：
+
+<!--   * `name`: Display name of the KMS plugin.
+  * `endpoint`: Listen address of the gRPC server (KMS plugin). The endpoint is a UNIX domain socket.
+  * `cachesize`: Number of data encryption keys (DEKs) to be cached in the clear. When cached, DEKs can be used without another call to the KMS; whereas DEKs that are not cached require a call to the KMS to unwrap.
+  * `timeout`: How long should kube-apiserver wait for kms-plugin to respond before returning an error (default is 3 seconds). -->
+
+  * `name`: KMS 插件的显示名称。
+  * `endpoint`: gRPC 服务器（KMS 插件）的监听地址。该端点是一个 UNIX 的套接字。
+  * `cachesize`: 以明文缓存的数据加密秘钥（DEKs）的数量。一旦被缓存，就可以直接使用 DEKs 而无需另外调用 KMS；而未被缓存的 DEKs 需要调用一次 KMS 才能解包。
+  * `timeout`: 在返回一个错误之前，kube-apiserver 等待 kms-plugin 响应的时间（默认是 3 秒）。
+
+<!-- See [Understanding the encryption at rest configuration.](/docs/tasks/administer-cluster/encrypt-data) -->
+
+参见 [理解静态数据加密配置](/docs/tasks/administer-cluster/encrypt-data)
+
+<!-- ## Implementing a KMS plugin -->
+
+## 实现 KMS 插件
+
+<!-- To implement a KMS plugin, you can develop a new plugin gRPC server or enable a KMS plugin already provided by your cloud provider. You then integrate the plugin with the remote KMS and deploy it on the Kubernetes master. -->
+
+为实现一个 KMS 插件，您可以开发一个新的插件 gRPC 服务器或启用一个由您的云服务提供商提供的 KMS 插件。您可以将这个插件与远程 KMS 集成，并把它部署到 Kubernetes 的主服务器上。
+
+<!-- ### Enabling the KMS supported by your cloud provider 
+Refer to your cloud provider for instructions on enabling the cloud provider-specific KMS plugin. -->
+
+### 启用由云服务提供商支持的 KMS
+有关启用云服务提供商特定的 KMS 插件的说明，请咨询您的云服务提供商。
+
+<!-- ### Developing a KMS plugin gRPC server
+You can develop a KMS plugin gRPC server using a stub file available for Go. For other languages, you use a proto file to create a stub file that you can use to develop the gRPC server code. -->
+
+### 开发 KMS 插件 gRPC 服务器
+您可以使用 Go 语言的存根文件开发 KMS 插件 gRPC 服务器。对于其他语言，您可以用 proto 文件创建可以用于开发 gRPC 服务器代码的存根文件。
+
+<!-- * Using Go: Use the functions and data structures in the stub file: [service.pb.go](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/service.pb.go) to develop the gRPC server code  -->
+
+* 使用 Go：使用存根文件 [service.pb.go](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/service.pb.go) 中的函数和数据结构开发 gRPC 服务器代码。
+
+<!-- * Using languages other than Go: Use the protoc compiler with the proto file: [service.proto](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/service.proto) to generate a stub file for the specific language -->
+
+* 使用 Go 以外的其他语言：用 protoc 编译器编译 proto 文件： [service.proto](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1/service.proto) 为指定语言生成存根文件。
+
+<!-- Then use the functions and data structures in the stub file to develop the server code. -->
+
+然后使用存根文件中的函数和数据结构开发服务器代码。
+
+<!-- **Notes:** -->
+
+**注意：**
+
+<!-- * kms plugin version: `v1beta1`
+
+In response to procedure call Version, a compatible KMS plugin should return v1beta1 as VersionResponse.version -->
+
+* kms 插件版本：`v1beta1`
+
+作为对过程调用 Version 的响应，兼容的 KMS 插件应把 v1beta1 作为 VersionResponse.version 返回
+
+<!-- * message version: `v1beta1`
+
+All messages from KMS provider have the version field set to current version v1beta1 -->
+
+* 消息版本：`v1beta1`
+
+所有来自 KMS 提供商的消息都把 version 字段设置为当前版本 v1beta1
+
+<!-- * protocol: UNIX domain socket (`unix`)
+
+The gRPC server should listen at UNIX domain socket -->
+
+* 协议：UNIX 域套接字 (`unix`)
+
+gRPC 服务器应监听 UNIX 域套接字
+
+<!-- ### Integrating a KMS plugin with the remote KMS
+The KMS plugin can communicate with the remote KMS using any protocol supported by the KMS.
+All configuration data, including authentication credentials the KMS plugin uses to communicate with the remote KMS, 
+are stored and managed by the KMS plugin independently. The KMS plugin can encode the ciphertext with additional metadata that may be required before sending it to the KMS for decryption. -->
+
+### 将 KMS 插件与远程 KMS 整合
+KMS 插件可以用任何受 KMS 支持的协议与远程 KMS 通信。
+所有的配置数据，包括 KMS 插件用于与远程 KMS 通信的认证凭据，都由 KMS 插件独立地存储和管理。KMS 插件可以用额外的元数据对密文进行编码，这些元数据是在把它发往 KMS 进行解密之前可能要用到的。
+
+<!-- ### Deploying the KMS plugin 
+Ensure that the KMS plugin runs on the same host(s) as the Kubernetes master(s). -->
+
+### 部署 KMS 插件
+确保 KMS 插件与 Kubernetes 主服务器运行在同一主机上。
+
+<!-- ## Encrypting your data with the KMS provider -->
+## 使用 KMS 提供商加密数据
+
+<!-- To encrypt the data: -->
+为了加密数据：
+
+<!-- 1. Create a new encryption configuration file using the appropriate properties for the `kms` provider: -->
+1. 使用 `kms` 提供商的相应的属性创建一个新的加密配置文件：
+
+```yaml
+kind: EncryptionConfiguration
+apiVersion: apiserver.config.k8s.io/v1
+resources:
+  - resources:
+    - secrets
+    providers:
+    - kms:
+        name: myKmsPlugin
+        endpoint: unix:///tmp/socketfile.sock
+        cachesize: 100
+        timeout: 3s
+    - identity: {}
+```
+
+<!-- 2. Set the `--encryption-provider-config` flag on the kube-apiserver to point to the location of the configuration file. -->
+2. 设置 kube-apiserver 的 `--encryption-provider-config` 参数指向配置文件的位置。
+<!-- 3. Restart your API server. -->
+3. 重启 API 服务器。
+
+<!-- Note:
+The alpha version of the encryption feature prior to 1.13 required a config file with
+`kind: EncryptionConfig` and `apiVersion: v1`, and used the `--experimental-encryption-provider-config` flag. -->
+
+注意：
+在 1.13 之前的加密功能的 alpha 版本需要一个带有 `kind: EncryptionConfig` 和 `apiVersion: v1` 的配置文件，并使用 `--experimental-encryption-provider-config` 标志。
+
+<!-- ## Verifying that the data is encrypted
+Data is encrypted when written to etcd. After restarting your kube-apiserver, any newly created or updated secret should be encrypted when stored. To verify, you can use the etcdctl command line program to retrieve the contents of your secret. -->
+
+## 验证数据是否已加密
+写入 etcd 时数据被加密。重启 kube-apiserver 后，任何新建或更新的秘密信息在存储时应该已被加密。要验证这点，您可以用 etcdctl 命令行程序获取秘密信息内容。 
+
+<!-- 1. Create a new secret called secret1 in the default namespace: -->
+1. 在默认的命名空间里创建一个名为 secret1 的秘密信息：
+```
+kubectl create secret generic secret1 -n default --from-literal=mykey=mydata
+```
+<!-- 2. Using the etcdctl command line, read that secret out of etcd: -->
+2. 用 etcdctl 命令行，从 etcd 读取出秘密信息：
+```
+ETCDCTL_API=3 etcdctl get /kubernetes.io/secrets/default/secret1 [...] | hexdump -C
+```
+ <!-- where `[...]` must be the additional arguments for connecting to the etcd server. -->
+ 其中 `[...]` 是用于连接 etcd 服务器的额外参数。
+<!-- 3. Verify the stored secret is prefixed with `k8s:enc:kms:v1:`, which indicates that the `kms` provider has encrypted the resulting data. -->
+3. 验证保存的秘密信息是否是以 `k8s:enc:kms:v1:` 开头的，这表明 `kms` 提供商已经对结果数据加密。
+<!-- 4. Verify that the secret is correctly decrypted when retrieved via the API: -->
+4. 验证秘密信息在被 API 获取时已被正确解密：
+```
+kubectl describe secret secret1 -n default
+```
+应该符合 `mykey: mydata` 格式
+
+<!-- ## Ensuring all secrets are encrypted
+Because secrets are encrypted on write, performing an update on a secret encrypts that content. -->
+
+## 确保所有秘密信息都已被加密
+因为秘密信息是在写入时被加密的，所以在更新秘密信息时会加密该内容。
+
+<!-- The following command reads all secrets and then updates them to apply server side encryption. If an error occurs due to a conflicting write, retry the command. For larger clusters, you may wish to subdivide the secrets by namespace or script an update. -->
+
+下列命令读取所有秘密信息并更新他们以便应用服务器端加密。如果因为写入冲突导致错误发生，请重试此命令。对较大的集群，您可能希望根据命名空间或脚本更新去细分秘密内容。
+
+```
+kubectl get secrets --all-namespaces -o json | kubectl replace -f -
+```
+
+<!-- ## Switching from a local encryption provider to the KMS provider
+To switch from a local encryption provider to the `kms` provider and re-encrypt all of the secrets: -->
+
+## 从本地加密提供商切换到 KMS 提供商
+为了从本地加密提供商切换到 `kms` 提供商并重新加密所有秘密内容：
+
+<!-- 1. Add the `kms` provider as the first entry in the configuration file as shown in the following example. -->
+1. 在配置文件中加入 `kms` 提供商作为第一个条目，如下列样例所示
+
+```yaml
+kind: EncryptionConfiguration
+apiVersion: apiserver.config.k8s.io/v1
+resources:
+  - resources:
+    - secrets
+    providers:
+    - kms:
+        name : myKmsPlugin
+        endpoint: unix:///tmp/socketfile.sock
+        cachesize: 100
+    - aescbc:
+         keys:
+         - name: key1
+           secret: <BASE 64 ENCODED SECRET>
+```
+<!-- 2. Restart all kube-apiserver processes. -->
+2. 重启所有 kube-apiserver 进程。
+<!-- 3. Run the following command to force all secrets to be re-encrypted using the `kms` provider. -->
+3. 运行下列命令使用 `kms` 提供商强制重新加密所有秘密信息。
+```
+kubectl get secrets --all-namespaces -o json| kubectl replace -f -
+```
+
+<!-- ## Disabling encryption at rest
+To disable encryption at rest: -->
+
+## 禁用静态数据加密
+要禁用静态数据加密：
+
+<!-- 1. Place the `identity` provider as the first entry in the configuration file:  -->
+
+1. 将 `identity` 提供商作为配置文件中的第一个条目： 
+
+```yaml
+kind: EncryptionConfiguration
+apiVersion: apiserver.config.k8s.io/v1
+resources:
+  - resources:
+    - secrets
+    providers:
+    - identity: {}
+    - kms:
+        name : myKmsPlugin
+        endpoint: unix:///tmp/socketfile.sock
+        cachesize: 100
+```
+<!-- 2.  Restart all kube-apiserver processes.  -->
+2. 重启所有 kube-apiserver 进程。
+<!-- 3. Run the following command to force all secrets to be decrypted. -->
+3. 运行下列命令强制重新加密所有秘密信息。
+```
+kubectl get secrets --all-namespaces -o json | kubectl replace -f -
+```
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/_index.md b/content/zh/docs/tasks/administer-cluster/kubeadm/_index.md
new file mode 100644
index 0000000000000..19f6db4cfa586
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/_index.md
@@ -0,0 +1,11 @@
+---
+title: "用 kubeadm 进行管理"
+weight: 10
+---
+
+<!--
+---
+title: "Administration with kubeadm"
+weight: 10
+---
+-->
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
new file mode 100644
index 0000000000000..0ac9776361886
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
@@ -0,0 +1,247 @@
+---
+reviewers:
+- sig-cluster-lifecycle
+title: 使用 kubeadm 进行证书管理
+content_template: templates/task
+---
+<!--
+---
+reviewers:
+- sig-cluster-lifecycle
+title: Certificate Management with kubeadm
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page explains how to manage certificates manually with kubeadm.
+-->
+本页介绍如何使用 kubeadm 手动管理证书。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+These are advanced topics for users who need to integrate their organization's certificate infrastructure into a kubeadm-built cluster. If kubeadm with the default configuration satisfies your needs, you should let kubeadm manage certificates instead.
+-->
+这些是需要将其组织的证书基础机构集成到 kubeadm 构建的集群中的用户的高级主题。如果具有默认配置的 kubeadm 满足您的需求，您应该让 kubeadm 管理证书。
+
+<!--
+You should be familiar with [PKI certificates and requirements in Kubernetes](/docs/setup/best-practices/certificates/).
+-->
+您应该熟悉[Kubernetes 中的 PKI 证书和要求](/docs/setup/best-practices/certificates/)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Renew certificates with the certificates API
+-->
+## 使用证书 API 更新证书
+
+<!--
+The Kubernetes certificates normally reach their expiration date after one year.
+-->
+Kubernetes 证书通常在一年后到期。
+
+<!--
+Kubeadm can renew certificates with the `kubeadm alpha certs renew` commands; you should run these commands on control-plane nodes only.
+-->
+Kubeadm 可以使用`kubeadm alpha certs renew`命令更新证书；您应该只在控制平面节点上运行这些命令。
+
+<!--
+Typically this is done by loading on-disk CA certificates and keys and using them to issue new certificates.
+This approach works well if your certificate tree is self-contained. However, if your certificates are externally
+managed, you might need a different approach.
+-->
+通常，这是通过加载磁盘CA证书和密钥并使用它们来颁发新证书来完成的。
+如果证书树是自包含的，则此方法很有效。
+然而，如果您的证书是外部管理的，您可能需要一个不同的方法。
+
+<!--
+As an alternative, Kubernetes provides its own [API for managing certificates][manage-tls].
+With kubeadm, you can use this API by running `kubeadm alpha certs renew --use-api`.
+-->
+作为替代方案，Kubernetes 提供了自己的[用于管理证书的 API][manage-tls]。
+使用 kubeadm，您可以通过运行`kubeadm alpha certs renew --use-api`来使用此 API。
+
+<!--
+## Set up a signer
+-->
+## 设置签名者
+
+<!--
+The Kubernetes Certificate Authority does not work out of the box.
+You can configure an external signer such as [cert-manager][cert-manager-issuer], or you can use the build-in signer.
+The built-in signer is part of [`kube-controller-manager`][kcm].
+To activate the build-in signer, you pass the `--cluster-signing-cert-file` and `--cluster-signing-key-file` arguments.
+-->
+Kubernetes 证书颁发机构不是开箱即用。
+你可以配置外部签名者，例如[cert-manager][cert-manager-issuer]，也可以使用内置签名者。
+内置签名者是[`kube-controller-manager`][kcm]的一部分。
+要激活内置签名者，请传递`--cluster-signing-cert-file` 和 `--cluster-signing-key-file`参数。
+
+<!--
+You pass these arguments in any of the following ways:
+-->
+您可以通过以下任何方式传递这些参数：
+
+<!--
+* Edit `/etc/kubernetes/manifests/kube-controller-manager.yaml` to add the arguments to the command.
+  Remember that your changes could be overwritten when you upgrade.
+-->
+* 编辑`/etc/kubernetes/manifests/kube-controller-manager.yaml`将参数添加到命令中。
+ 请记住，升级时可能会覆盖您的更改。
+
+<!--
+* If you're creating a new cluster, you can use a kubeadm [configuration file][config]:
+-->
+* 如果您要创建新集群，可以使用 kubeadm[配置文件][config]:
+
+  ```yaml
+  apiVersion: kubeadm.k8s.io/v1beta1
+  kind: ClusterConfiguration
+  controllerManager:
+    extraArgs:
+      cluster-signing-cert-file: /etc/kubernetes/pki/ca.crt
+      cluster-signing-key-file: /etc/kubernetes/pki/ca.key
+  ```
+
+<!--
+* You can also upload a config file using [`kubeadm config upload from-files`][config-upload]
+-->
+* 您也可以使用[`kubeadm config upload from-files`][config-upload]上传配置文件
+
+[cert-manager-issuer]: https://cert-manager.readthedocs.io/en/latest/tutorials/ca/creating-ca-issuer.html
+[kcm]: /docs/reference/command-line-tools-reference/kube-controller-manager/
+[config]: https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1
+[config-upload]: /docs/reference/setup-tools/kubeadm/kubeadm-config/#cmd-config-from-file
+
+
+<!--
+### Approve requests
+-->
+### 批准请求
+
+<!--
+If you set up an external signer such as [cert-manager][cert-manager], certificate signing requests (CSRs) are automatically approved.
+Otherwise, you must manually approve certificates with the [`kubectl certificate`][certs] command.
+The following kubeadm command outputs the name of the certificate to approve, then blocks and waits for approval to occur:
+-->
+如果您设置例如[cert-manager][cert-manager]等外部签名者，则会自动批准证书签名请求（CSRs）。
+否者，您必须使用[`kubectl certificate`][certs]命令手动批准证书。
+以下 kubeadm 命令输出要批准的证书名称，然后缓慢等待批准发生：
+
+```shell
+sudo kubeadm alpha certs renew apiserver --use-api &
+```
+```
+[1] 2890
+[certs] certificate request "kubeadm-cert-kube-apiserver-ld526" created
+```
+```shell
+kubectl certificate approve kubeadm-cert-kube-apiserver-ld526
+certificatesigningrequest.certificates.k8s.io/kubeadm-cert-kube-apiserver-ld526 approved
+[1]+  Done                    sudo kubeadm alpha certs renew apiserver --use-api
+```
+
+<!--
+You can view a list of pending certificates with `kubectl get csr`.
+-->
+您可以使用`kubectl get csr`查看待处理证书列表。
+
+[manage-tls]: /docs/tasks/tls/managing-tls-in-a-cluster/
+[cert-manager]: https://github.com/jetstack/cert-manager
+[certs]: /docs/reference/generated/kubectl/kubectl-commands#certificate
+
+<!--
+## Certificate requests with kubeadm
+-->
+## 使用 kubeadm 的证书请求
+
+<!--
+To better integrate with external CAs, kubeadm can also produce certificate signing requests (CSRs).
+A CSR represents a request to a CA for a signed certificate for a client.
+In kubeadm terms, any certificate that would normally be signed by an on-disk CA can be produced as a CSR instead. A CA, however, cannot be produced as a CSR.
+-->
+为了更好的与外部 CA 集成，kubeadm 还可以生成证书签名请求（CSR）。
+CSR 表示向 CA 请求客户的签名证书。
+在 kubeadm 术语中，通常由磁盘 CA 签名的任何证书都可以作为 CSR 生成。但是，CA 不能作为 CSR 生成。
+
+<!--
+You can create an individual CSR with `kubeadm init phase certs apiserver --csr-only`.
+The `--csr-only` flag can be applied only to individual phases. After [all certificates are in place][certs], you can run `kubeadm init --external-ca`.
+-->
+您可以使用`kubeadm init phase certs apiserver --csr-only`创建单独的 CSR。
+`--csr-only`标志只能应用于各个阶段。在[所有证书到位][证书]之后, 您可以运行`kubeadm init --external-ca`。
+
+<!--
+You can pass in a directory with `--csr-dir` to output the CSRs to the specified location.
+If `--csr-dir` is not specified, the default certificate directory (`/etc/kubernetes/pki`) is used.
+Both the CSR and the accompanying private key are given in the output. After a certificate is signed, the certificate and the private key must be copied to the PKI directory (by default `/etc/kubernetes/pki`).
+-->
+您可以传入一个带有`--csr-dir`的目录，将 CRS 输出到指定位置。
+如果未指定`--csr-dir`，则使用默认证书目录(`/etc/kubernetes/pki`)。
+CSR 和随附的私钥都在输出中给出。签署证书后，必须将证书和私钥复制到 PKI 目录（默认情况下为`/etc/kubernetes/pki`）。
+
+<!--
+### Renew certificates
+-->
+### 更新证书
+
+<!--
+Certificates can be renewed with `kubeadm alpha certs renew --csr-only`.
+As with `kubeadm init`, an output directory can be specified with the `--csr-dir` flag.
+To use the new certificates, copy the signed certificate and private key into the PKI directory (by default `/etc/kubernetes/pki`)
+-->
+可以使用`kubeadm alpha certs renew --csr-only`更新证书。
+与`kubeadm init`一样，可以使用`--csr-dir`标志指定输出目录。
+要使用新证书，请将签名证书和私钥复制到 PKI 目录中（默认情况下为`/etc/kubernetes/pki`）
+
+<!--
+## Cert usage
+-->
+## 证书使用
+
+<!--
+A CSR contains a certificate's name, domains, and IPs, but it does not specify usages.
+It is the responsibility of the CA to specify [the correct cert usages][cert-table] when issuing a certificate.
+-->
+CSR 包含证书的名称、域和 IP，但不指定用法。
+CA 颁发证书时，有责任指定[正确的证书用法][证书表] 。
+
+<!--
+* In `openssl` this is done with the [`openssl ca` command][openssl-ca].
+* In `cfssl` you specify [usages in the config file][cfssl-usages]
+-->
+* 在 `openssl`中，这是通过 [`openssl ca` command][openssl-ca]完成的。
+* 在 `cfssl` 中指定 [配置文件中的用法][cfssl-usages]
+
+<!--
+## CA selection
+-->
+## CA 选择
+
+<!--
+Kubeadm sets up [three CAs][cert-cas] by default. Make sure to sign the CSRs with a corresponding CA.
+-->
+Kubeadm 默认设置[三个 CA][cert-cas]。确保使用相应的 CA 对 CSR 进行签名。
+
+<!--
+[openssl-ca]: https://superuser.com/questions/738612/openssl-ca-keyusage-extension
+[cfssl-usages]: https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt#L170
+[certs]: /docs/setup/best-practices/certificates/
+[cert-cas]: /docs/setup/best-practices/certificates/#single-root-ca
+[cert-table]: /docs/setup/best-practices/certificates/#all-certificates
+-->
+[openssl-ca]: https://superuser.com/questions/738612/openssl-ca-keyusage-extension
+[cfssl-usages]: https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt#L170
+[证书]: /docs/setup/best-practices/certificates/
+[cert-cas]: /docs/setup/best-practices/certificates/#single-root-ca
+[cert-table]: /docs/setup/best-practices/certificates/#all-certificates
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-12.md b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-12.md
new file mode 100644
index 0000000000000..8c5786f8de5de
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-12.md
@@ -0,0 +1,446 @@
+---
+reviewers:
+- sig-cluster-lifecycle
+title: 将 kubeadm 集群从 v1.11 升级到 v1.12
+content_template: templates/task
+---
+
+{{% capture overview %}}
+<!--
+This page explains how to upgrade a Kubernetes cluster created with `kubeadm` from version 1.11.x to version 1.12.x, and from version 1.12.x to 1.12.y, where `y > x`.
+-->
+
+本页介绍了如何将 `kubeadm` 创建的 Kubernetes 集群从 1.11.x 版本升级到 1.12.x 版本，以及从版本 1.12.x 升级到 1.12.y ，其中 `y > x`。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!--
+- You need to have a `kubeadm` Kubernetes cluster running version 1.11.0 or later. 
+  [Swap must be disabled][swap]. 
+  The cluster should use a static control plane and etcd pods.
+- Make sure you read the [release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md) carefully.
+- Make sure to back up any important components, such as app-level state stored in a database. 
+  `kubeadm upgrade` does not touch your workloads, only components internal to Kubernetes, but backups are always a best practice.
+-->
+
+- 您需要有一个由 `kubeadm` 创建并运行着 1.11.0 或更高版本的 Kubernetes 集群。
+  [Swap 必须被禁用][swap]. 
+  集群应使用静态的控制平面和 etcd pod。
+- 请务必认真阅读[发行说明](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md)。
+- 请务必备份所有重要组件，例如存储在数据库中应用层面的状态。
+  `kubeadm upgrade` 不会触及您的工作负载，只会触及 Kubernetes 内部的组件，但备份终究是好的。
+
+[swap]: https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux
+
+<!--
+### Additional information
+
+- All containers are restarted after upgrade, because the container spec hash value is changed.
+- You can upgrade only from one minor version to the next minor version. 
+  That is, you cannot skip versions when you upgrade. 
+  For example, you can upgrade only from 1.10 to 1.11, not from 1.9 to 1.11.
+-->
+
+### 附加信息
+
+- 升级后重新启动所有容器，因为容器 spec 的哈希值已更改。
+- 您只能从一个次版本升级到下一个次版本。
+  也就是说，升级时无法跳过版本。
+  例如，您只能从 1.10 升级到 1.11，而不能从 1.9 升级到 1.11。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+
+<!--
+## Upgrade the control plane
+
+1.  On your master node, upgrade kubeadm:
+
+    {{< tabs name="k8s_install" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    apt-get update
+    apt-get upgrade -y kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    yum upgrade -y kubeadm --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+1.  Verify that the download works and has the expected version:
+
+    ```shell
+    kubeadm version
+    ```
+-->
+
+## 升级控制平面
+
+1.  在主节点上，升级 kubeadm：
+
+    {{< tabs name="k8s_install" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    apt-get update
+    apt-get upgrade -y kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    yum upgrade -y kubeadm --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+1.  验证下载是否有效并且是预期的版本
+
+    ```shell
+    kubeadm version
+    ```
+
+1.  在主节点上，运行：
+
+    ```shell
+    kubeadm upgrade plan
+    ```
+<!--
+    You should see output similar to this:
+-->
+
+    您应该可以看到与下面类似的输出：
+
+    ```shell
+    [preflight] Running pre-flight checks.
+    [upgrade] Making sure the cluster is healthy:
+    [upgrade/config] Making sure the configuration is correct:
+    [upgrade/config] Reading configuration from the cluster...
+    [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
+    [upgrade] Fetching available versions to upgrade to
+    [upgrade/versions] Cluster version: v1.11.3
+    [upgrade/versions] kubeadm version: v1.12.0
+    [upgrade/versions] Latest stable version: v1.11.3
+    [upgrade/versions] Latest version in the v1.11 series: v1.11.3
+    [upgrade/versions] Latest experimental version: v1.13.0-alpha.0
+
+    Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
+    COMPONENT   CURRENT       AVAILABLE
+    Kubelet     2 x v1.11.1   v1.12.0
+                1 x v1.11.3   v1.12.0
+
+    Upgrade to the latest experimental version:
+
+    COMPONENT            CURRENT   AVAILABLE
+    API Server           v1.11.3   v1.12.0
+    Controller Manager   v1.11.3   v1.12.0
+    Scheduler            v1.11.3   v1.12.0
+    Kube Proxy           v1.11.3   v1.12.0
+    CoreDNS              1.1.3     1.2.2
+    Etcd                 3.2.18    3.2.24
+
+    You can now apply the upgrade by executing the following command:
+
+        kubeadm upgrade apply v1.12.0 
+
+    _____________________________________________________________________
+
+    ```
+
+    此命令检查您的集群是否可以升级，并可以获取到升级的版本。
+
+1.  选择要升级到的版本，然后运行相应的命令。 例如：
+
+    ```shell
+    kubeadm upgrade apply v1.12.0
+    ```
+
+    您应该可以看见与下面类似的输出：
+    <!-- TODO: output from stable -->
+
+    ```shell
+    [preflight] Running pre-flight checks.
+    [upgrade] Making sure the cluster is healthy:
+    [upgrade/config] Making sure the configuration is correct:
+    [upgrade/config] Reading configuration from the cluster...
+    [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
+    [upgrade/apply] Respecting the --cri-socket flag that is set with higher priority than the config file.
+    [upgrade/version] You have chosen to change the cluster version to "v1.12.0"
+    [upgrade/versions] Cluster version: v1.11.3
+    [upgrade/versions] kubeadm version: v1.12.0
+    [upgrade/confirm] Are you sure you want to proceed with the upgrade? [y/N]: y
+    [upgrade/prepull] Will prepull images for components [kube-apiserver kube-controller-manager kube-scheduler etcd]
+    [upgrade/prepull] Prepulling image for component etcd.
+    [upgrade/prepull] Prepulling image for component kube-apiserver.
+    [upgrade/prepull] Prepulling image for component kube-controller-manager.
+    [upgrade/prepull] Prepulling image for component kube-scheduler.
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-etcd
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-apiserver
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-scheduler
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-controller-manager
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-etcd
+    [upgrade/prepull] Prepulled image for component kube-apiserver.
+    [upgrade/prepull] Prepulled image for component kube-controller-manager.
+    [upgrade/prepull] Prepulled image for component kube-scheduler.
+    [upgrade/prepull] Prepulled image for component etcd.
+    [upgrade/prepull] Successfully prepulled the images for all the control plane components
+    [upgrade/apply] Upgrading your Static Pod-hosted control plane to version "v1.12.0"...
+    Static pod: kube-apiserver-ip-172-31-80-76 hash: d9b7af93990d702b3ee9a2beca93384b
+    Static pod: kube-controller-manager-ip-172-31-80-76 hash: 44a081fb5d26e90773ceb98b4e16fe10
+    Static pod: kube-scheduler-ip-172-31-80-76 hash: 009228e74aef4d7babd7968782118d5e
+    Static pod: etcd-ip-172-31-80-76 hash: 997fcf3d8d974c98abc14556cc02617e
+    [etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests661777755/etcd.yaml"
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/etcd.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2018-09-19-18-58-14/etcd.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s
+    Static pod: etcd-ip-172-31-80-76 hash: 997fcf3d8d974c98abc14556cc02617e
+    <snip>
+    [apiclient] Found 1 Pods for label selector component=etcd
+    [upgrade/staticpods] Component "etcd" upgraded successfully!
+    [upgrade/etcd] Waiting for etcd to become available
+    [util/etcd] Waiting 0s for initial delay
+    [util/etcd] Attempting to see if all cluster endpoints are available 1/10
+    [upgrade/staticpods] Writing new Static Pod manifests to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests661777755"
+    [controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests661777755/kube-apiserver.yaml"
+    [controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests661777755/kube-controller-manager.yaml"
+    [controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests661777755/kube-scheduler.yaml"
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-apiserver.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2018-09-19-18-58-14/kube-apiserver.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s
+    <snip>
+    Static pod: kube-apiserver-ip-172-31-80-76 hash: 854a5a8468f899093c6a967bb81dcfbc
+    [apiclient] Found 1 Pods for label selector component=kube-apiserver
+    [upgrade/staticpods] Component "kube-apiserver" upgraded successfully!
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-controller-manager.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2018-09-19-18-58-14/kube-controller-manager.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s
+    Static pod: kube-controller-manager-ip-172-31-80-76 hash: 44a081fb5d26e90773ceb98b4e16fe10
+    Static pod: kube-controller-manager-ip-172-31-80-76 hash: b651f83474ae70031d5fb2cab73bd366
+    [apiclient] Found 1 Pods for label selector component=kube-controller-manager
+    [upgrade/staticpods] Component "kube-controller-manager" upgraded successfully!
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-scheduler.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2018-09-19-18-58-14/kube-scheduler.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s
+    Static pod: kube-scheduler-ip-172-31-80-76 hash: 009228e74aef4d7babd7968782118d5e
+    Static pod: kube-scheduler-ip-172-31-80-76 hash: da406e5a49adfbbeb90fe2a0cf8fd8d1
+    [apiclient] Found 1 Pods for label selector component=kube-scheduler
+    [upgrade/staticpods] Component "kube-scheduler" upgraded successfully!
+    [uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
+    [kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster
+    [kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace
+    [kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
+    [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "ip-172-31-80-76" as an annotation
+    [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
+    [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
+    [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
+    [addons] Applied essential addon: CoreDNS
+    [addons] Applied essential addon: kube-proxy
+
+    [upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.12.0". Enjoy!
+
+    [upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
+    ```
+
+1.  手动升级软件定义网络（SDN）。
+
+    您的容器网络接口（CNI）应该提供了程序自身的升级说明。
+    检查 [addons](/docs/concepts/cluster-administration/addons/) 页面以
+    查找您 CNI 所提供的程序，并查看是否需要其他升级步骤。
+
+<!--
+1.  Manually upgrade your Software Defined Network (SDN).
+
+    Your Container Network Interface (CNI) provider may have its own upgrade instructions to follow.
+    Check the [addons](/docs/concepts/cluster-administration/addons/) page to
+    find your CNI provider and see whether additional upgrade steps are required.
+-->
+
+<!--
+## Upgrade master and node packages
+
+1.  Prepare each node for maintenance, marking it unschedulable and evicting the workloads:
+
+    ```shell
+    kubectl drain $NODE --ignore-daemonsets
+    ```
+
+    On the master node, you must add `--ignore-daemonsets`:
+
+    ```shell
+    kubectl drain ip-172-31-85-18
+    node "ip-172-31-85-18" cordoned
+    error: unable to drain node "ip-172-31-85-18", aborting command...
+
+    There are pending nodes to be drained:
+    ip-172-31-85-18
+    error: DaemonSet-managed pods (use --ignore-daemonsets to ignore): calico-node-5798d, kube-proxy-thjp9
+    ```
+
+    ```
+    kubectl drain ip-172-31-85-18 --ignore-daemonsets
+    node "ip-172-31-85-18" already cordoned
+    WARNING: Ignoring DaemonSet-managed pods: calico-node-5798d, kube-proxy-thjp9
+    node "ip-172-31-85-18" drained
+    ```
+
+1.  Upgrade the Kubernetes package version on each `$NODE` node by running the Linux package manager for your distribution:
+
+    {{< tabs name="k8s_upgrade" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    apt-get update
+    apt-get upgrade -y kubelet kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    yum upgrade -y kubelet kubeadm --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+-->
+## 升级主节点和其他节点的软件包
+
+1.  准备为每个节点进行维护，将其标记为不可调度并移出工作负载：
+
+    ```shell
+    kubectl drain $NODE --ignore-daemonsets
+    ```
+
+    在 master 节点上，您必须增加 `--ignore-daemonsets`：
+
+    ```shell
+    kubectl drain ip-172-31-85-18
+    node "ip-172-31-85-18" cordoned
+    error: unable to drain node "ip-172-31-85-18", aborting command...
+
+    There are pending nodes to be drained:
+    ip-172-31-85-18
+    error: DaemonSet-managed pods (use --ignore-daemonsets to ignore): calico-node-5798d, kube-proxy-thjp9
+    ```
+
+    ```
+    kubectl drain ip-172-31-85-18 --ignore-daemonsets
+    node "ip-172-31-85-18" already cordoned
+    WARNING: Ignoring DaemonSet-managed pods: calico-node-5798d, kube-proxy-thjp9
+    node "ip-172-31-85-18" drained
+    ```
+
+1.  通过运行适用于您的 Linux 发行版包管理器，在每个 `$NODE` 节点上升级 Kubernetes 软件包版本：
+
+    {{< tabs name="k8s_upgrade" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    apt-get update
+    apt-get upgrade -y kubelet kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    yum upgrade -y kubelet kubeadm --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!--
+## Upgrade kubelet on each node
+
+1.  On each node except the master node, upgrade the kubelet config:
+
+    ```shell
+    sudo kubeadm upgrade node config --kubelet-version $(kubelet --version | cut -d ' ' -f 2)
+    ```
+
+1.  Restart the kubelet process:
+
+    ```shell
+    sudo systemctl restart kubelet
+    ```
+
+1.  Verify that the new version of the `kubelet` is running on the node:
+
+    ```shell
+    systemctl status kubelet
+    ```
+
+1.  Bring the node back online by marking it schedulable:
+
+    ```shell
+    kubectl uncordon $NODE
+    ```
+
+1.  After the kubelet is upgraded on all nodes, verify that all nodes are available again by running the following command from anywhere kubectl can access the cluster:
+
+    ```shell
+    kubectl get nodes
+    ```
+
+    The `STATUS` column should show `Ready` for all your nodes, and the version number should be updated.
+-->
+{{% /capture %}}
+
+## 在每个节点上升级 kubelet
+
+1.  在除主节点之外的每个节点上，升级 kubelet 配置：
+
+    ```shell
+    sudo kubeadm upgrade node config --kubelet-version $(kubelet --version | cut -d ' ' -f 2)
+    ```
+
+1.  重启 kubelet 进程：
+
+    ```shell
+    sudo systemctl restart kubelet
+    ```
+
+1.  验证新版本的 `kubelet` 已经运行到了各个节点上。
+
+    ```shell
+    systemctl status kubelet
+    ```
+
+1.  通过将节点标记为可调度，让节点重新上线：
+
+    ```shell
+    kubectl uncordon $NODE
+    ```
+
+1.  在所有节点上升级 kubelet 之后，通过以下命令验证所有的节点是否依旧可用，使得 kubectl 可以访问整个集群： 
+
+    ```shell
+    kubectl get nodes
+    ```
+
+    `STATUS` 列应显示所有节点为 `Ready` 状态，并且版本号已经被更新。 
+
+<!--
+## Recovering from a failure state
+
+If `kubeadm upgrade` fails and does not roll back, for example because of an unexpected shutdown during execution, you can run `kubeadm upgrade` again. 
+This command is idempotent and eventually makes sure that the actual state is the desired state you declare.
+
+To recover from a bad state, you can also run `kubeadm upgrade --force` without changing the version that your cluster is running.
+-->
+
+## 从故障状态恢复
+
+如果 `kubeadm upgrade` 失败并且没有回滚，例如由于执行期间意外关闭，您可以再次运行 `kubeadm upgrade`。
+此命令是幂等的，并最终确保实际状态是您声明的所需状态。
+要从故障状态恢复，您还可以运行 `kubeadm upgrade --force` 而不去更改集群正在运行的版本。
+
+<!--
+## How it works
+
+`kubeadm upgrade apply` does the following:
+
+- Checks that your cluster is in an upgradeable state:
+  - The API server is reachable
+  - All nodes are in the `Ready` state
+  - The control plane is healthy
+- Enforces the version skew policies.
+- Makes sure the control plane images are available or available to pull to the machine.
+- Upgrades the control plane components or rollbacks if any of them fails to come up.
+- Applies the new `kube-dns` and `kube-proxy` manifests and enforces that all necessary RBAC rules are created.
+- Creates new certificate and key files of the API server and backs up old files if they're about to expire in 180 days.
+-->
+
+## 它是怎么运作的
+
+`kubeadm upgrade apply` 做了以下工作：
+
+- 检查您的集群是否处于可升级状态：
+  - API 服务器是可访问的
+  - 所有节点处于 `Ready` 状态
+  - 控制平面是健康的
+- 强制执行版本 skew 策略。
+- 确保控制平面的镜像是可用的或可拉取到服务器上。
+- 升级控制平面组件或回滚（如果其中任何一个组件无法启动）。
+- 应用新的 `kube-dns` 和 `kube-proxy` 清单，并强制创建所有必需的 RBAC 规则。
+- 如果旧文件在 180 天后过期，将创建 API 服务器的新证书和密钥文件并备份旧文件。
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-13.md b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-13.md
new file mode 100644
index 0000000000000..89ab0355d9560
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-13.md
@@ -0,0 +1,549 @@
+---
+reviewers:
+- sig-cluster-lifecycle
+title: 将 kubeadm 集群从 v1.12 升级到 v1.13
+content_template: templates/task
+---
+<!--
+---
+reviewers:
+- sig-cluster-lifecycle
+title: Upgrading kubeadm clusters from v1.12 to v1.13
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page explains how to upgrade a Kubernetes cluster created with `kubeadm` from version 1.12.x to version 1.13.x, and from version 1.13.x to 1.13.y, where `y > x`.
+-->
+本页介绍了如何将 `kubeadm` 创建的 Kubernetes 集群从 1.12.x 版本升级到 1.13.x 版本，以及从版本 1.13.x 升级到 1.13.y ，其中 `y > x`。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+- You need to have a `kubeadm` Kubernetes cluster running version 1.12.0 or later.
+  [Swap must be disabled][swap].
+  The cluster should use a static control plane and etcd pods.
+- Make sure you read the [release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md) carefully.
+- Make sure to back up any important components, such as app-level state stored in a database.
+  `kubeadm upgrade` does not touch your workloads, only components internal to Kubernetes, but backups are always a best practice.
+-->
+- 您需要有一个由 `kubeadm` 创建并运行着 1.12.0 或更高版本的 Kubernetes 集群。
+  [Swap 必须被禁用][swap]. 
+  集群应使用静态的控制平面和 etcd pod。
+- 请务必认真阅读[发行说明](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md)。
+- 请务必备份所有重要组件，例如存储在数据库中应用层面的状态。
+  `kubeadm upgrade` 不会触及您的工作负载，只会触及 Kubernetes 内部的组件，但备份终究是好的。
+
+
+<!--
+[swap]: https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux
+### Additional information
+-->
+[swap]: https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux
+### 附加信息
+
+<!--
+- All containers are restarted after upgrade, because the container spec hash value is changed.
+- You can upgrade only from one minor version to the next minor version.
+  That is, you cannot skip versions when you upgrade.
+  For example, you can upgrade only from 1.10 to 1.11, not from 1.9 to 1.11.
+-->
+### 附加信息
+
+- 升级后重新启动所有容器，因为容器 spec 的哈希值已更改。
+- 您只能从一个次版本升级到下一个次版本。
+  也就是说，升级时无法跳过版本。
+  例如，您只能从 1.10 升级到 1.11，而不能从 1.9 升级到 1.11。
+
+{{< warning >}}
+The command `join --experimental-control-plane` is known to fail on single node clusters created with kubeadm v1.12 and then upgraded to v1.13.x.
+This will be fixed when graduating the `join --control-plane` workflow from alpha to beta.
+A possible workaround is described [here](https://github.com/kubernetes/kubeadm/issues/1269#issuecomment-441116249).
+{{</ warning >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+## Determine which version to upgrade to
+
+1.  Find the latest stable 1.13 version:
+
+    {{< tabs name="k8s_install_versions" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    apt update
+    apt-cache policy kubeadm
+    # find the latest 1.13 version in the list
+    # it should look like 1.13.x-00, where x is the latest patch
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    yum list --showduplicates kubeadm --disableexcludes=kubernetes
+    # find the latest 1.13 version in the list
+    # it should look like 1.13.x-0, where x is the latest patch
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!--
+## Upgrade the control plane node
+
+1.  On your control plane node, upgrade kubeadm:
+
+    {{< tabs name="k8s_install_kubeadm" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.13.x-00 with the latest patch version
+    apt-mark unhold kubeadm && \
+    apt-get update && apt-get install -y kubeadm=1.13.x-00 && \
+    apt-mark hold kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.13.x-0 with the latest patch version
+    yum install -y kubeadm-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+1.  Verify that the download works and has the expected version:
+
+    ```shell
+    kubeadm version
+    ```
+-->
+## 升级控制平面
+
+1.  在主节点上，升级 kubeadm：
+
+    {{< tabs name="k8s_install_kubeadm" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.13.x-00 with the latest patch version
+    apt-mark unhold kubeadm && \
+    apt-get update && apt-get install -y kubeadm=1.13.x-00 && \
+    apt-mark hold kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.13.x-0 with the latest patch version
+    yum install -y kubeadm-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+1.  验证下载是否有效并且是预期的版本
+
+    ```shell
+    kubeadm version
+    ```
+
+<!--
+1.  On the master node, run:
+
+    ```shell
+    kubeadm upgrade plan
+    ```
+
+    You should see output similar to this:
+
+-->
+1.  在主节点上，运行：
+
+    ```shell
+    kubeadm upgrade plan
+    ```
+
+    您应该可以看到与下面类似的输出：
+
+    ```shell
+    [preflight] Running pre-flight checks.
+    [upgrade] Making sure the cluster is healthy:
+    [upgrade/config] Making sure the configuration is correct:
+    [upgrade/config] Reading configuration from the cluster...
+    [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
+    [upgrade] Fetching available versions to upgrade to
+    [upgrade/versions] Cluster version: v1.12.2
+    [upgrade/versions] kubeadm version: v1.13.0
+
+    Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
+    COMPONENT   CURRENT       AVAILABLE
+    Kubelet     2 x v1.12.2   v1.13.0
+
+    Upgrade to the latest version in the v1.12 series:
+
+    COMPONENT            CURRENT   AVAILABLE
+    API Server           v1.12.2   v1.13.0
+    Controller Manager   v1.12.2   v1.13.0
+    Scheduler            v1.12.2   v1.13.0
+    Kube Proxy           v1.12.2   v1.13.0
+    CoreDNS              1.2.2     1.2.6
+    Etcd                 3.2.24    3.2.24
+
+    You can now apply the upgrade by executing the following command:
+
+            kubeadm upgrade apply v1.13.0
+
+    _____________________________________________________________________
+    ```
+
+<!--
+    This command checks that your cluster can be upgraded, and fetches the versions you can upgrade to.
+
+1.  Choose a version to upgrade to, and run the appropriate command. For example:
+-->
+    此命令检查您的集群是否可以升级，并可以获取到升级的版本。
+
+1.  选择要升级到的版本，然后运行相应的命令。 例如：
+
+    ```shell
+    kubeadm upgrade apply v1.13.0
+    ```
+
+<!--
+    You should see output similar to this:
+-->
+    您应该可以看见与下面类似的输出：
+
+    <!-- TODO: output from stable -->
+
+    ```shell
+    [preflight] Running pre-flight checks.
+    [upgrade] Making sure the cluster is healthy:
+    [upgrade/config] Making sure the configuration is correct:
+    [upgrade/config] Reading configuration from the cluster...
+    [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
+    [upgrade/apply] Respecting the --cri-socket flag that is set with higher priority than the config file.
+    [upgrade/version] You have chosen to change the cluster version to "v1.13.0"
+    [upgrade/versions] Cluster version: v1.12.2
+    [upgrade/versions] kubeadm version: v1.13.0
+    [upgrade/confirm] Are you sure you want to proceed with the upgrade? [y/N]: y
+    [upgrade/prepull] Will prepull images for components [kube-apiserver kube-controller-manager kube-scheduler etcd]
+    [upgrade/prepull] Prepulling image for component etcd.
+    [upgrade/prepull] Prepulling image for component kube-controller-manager.
+    [upgrade/prepull] Prepulling image for component kube-scheduler.
+    [upgrade/prepull] Prepulling image for component kube-apiserver.
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-kube-controller-manager
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-etcd
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-kube-scheduler
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-apiserver
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-controller-manager
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-etcd
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-scheduler
+    [upgrade/prepull] Prepulled image for component etcd.
+    [upgrade/prepull] Prepulled image for component kube-apiserver.
+    [upgrade/prepull] Prepulled image for component kube-scheduler.
+    [upgrade/prepull] Prepulled image for component kube-controller-manager.
+    [upgrade/prepull] Successfully prepulled the images for all the control plane components
+    [upgrade/apply] Upgrading your Static Pod-hosted control plane to version "v1.13.0"...
+    Static pod: kube-apiserver-ip-10-0-0-7 hash: 4af3463d6ace12615f1795e40811c1a1
+    Static pod: kube-controller-manager-ip-10-0-0-7 hash: a640b0098f5bddc701786e007c96e220
+    Static pod: kube-scheduler-ip-10-0-0-7 hash: ee7b1077c61516320f4273309e9b4690
+    map[localhost:2379:3.2.24]
+    [upgrade/staticpods] Writing new Static Pod manifests to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests969681047"
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-apiserver.yaml" and backed up old manifest to     "/etc/kubernetes/tmp/kubeadm-backup-manifests-2018-11-20-18-30-42/kube-apiserver.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
+    Static pod: kube-apiserver-ip-10-0-0-7 hash: 4af3463d6ace12615f1795e40811c1a1
+    Static pod: kube-apiserver-ip-10-0-0-7 hash: bf5b045d2be93e73654f3eb7027a4ef8
+    [apiclient] Found 1 Pods for label selector component=kube-apiserver
+    [upgrade/staticpods] Component "kube-apiserver" upgraded successfully!
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-controller-manager.yaml" and backed up old manifest to     "/etc/kubernetes/tmp/kubeadm-backup-manifests-2018-11-20-18-30-42/kube-controller-manager.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
+    Static pod: kube-controller-manager-ip-10-0-0-7 hash: a640b0098f5bddc701786e007c96e220
+    Static pod: kube-controller-manager-ip-10-0-0-7 hash: 1e0eea23b3d971460ac032c18ab7daac
+    [apiclient] Found 1 Pods for label selector component=kube-controller-manager
+    [upgrade/staticpods] Component "kube-controller-manager" upgraded successfully!
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-scheduler.yaml" and backed up old manifest to     "/etc/kubernetes/tmp/kubeadm-backup-manifests-2018-11-20-18-30-42/kube-scheduler.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
+    Static pod: kube-scheduler-ip-10-0-0-7 hash: ee7b1077c61516320f4273309e9b4690
+    Static pod: kube-scheduler-ip-10-0-0-7 hash: 7f7d929b61a2cc5bcdf36609f75927ec
+    [apiclient] Found 1 Pods for label selector component=kube-scheduler
+    [upgrade/staticpods] Component "kube-scheduler" upgraded successfully!
+    [uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
+    [kubelet] Creating a ConfigMap "kubelet-config-1.13" in namespace kube-system with the configuration for the kubelets in the cluster
+    [kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.13" ConfigMap in the kube-system namespace
+    [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
+    [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "ip-10-0-0-7" as an annotation
+    [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
+    [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
+    [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
+    [addons] Applied essential addon: CoreDNS
+    [addons] Applied essential addon: kube-proxy
+
+    [upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.13.0". Enjoy!
+
+    [upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
+    ```
+
+<!--
+1.  Manually upgrade your Software Defined Network (SDN).
+
+    Your Container Network Interface (CNI) provider may have its own upgrade instructions to follow.
+    Check the [addons](/docs/concepts/cluster-administration/addons/) page to
+    find your CNI provider and see whether additional upgrade steps are required.
+-->
+1.  手动升级软件定义网络（SDN）。
+
+    您的容器网络接口（CNI）应该提供了程序自身的升级说明。
+    检查 [addons](/docs/concepts/cluster-administration/addons/) 页面以
+    查找您 CNI 所提供的程序，并查看是否需要其他升级步骤。
+
+<!--
+1.  Upgrade the kubelet on the control plane node:
+
+    {{< tabs name="k8s_install_kubelet" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.13.x-00 with the latest patch version
+    apt-mark unhold kubelet && \
+    apt-get update && apt-get install -y kubelet=1.13.x-00 && \
+    apt-mark hold kubelet
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.13.x-0 with the latest patch version
+    yum install -y kubelet-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+-->
+1.  升级控制平面节点上的 kubelet:
+
+    {{< tabs name="k8s_install_kubelet" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # 将 1.13.x-00 中的 x 替换为最新的版本
+    apt-mark unhold kubelet && \
+    apt-get update && apt-get install -y kubelet=1.13.x-00 && \
+    apt-mark hold kubelet
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # 将 1.13.x-00 中的 x 替换为最新的版本
+    yum install -y kubelet-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!--
+## Upgrade kubectl on all nodes
+
+1.  Upgrade kubectl on all nodes:
+
+    {{< tabs name="k8s_install_kubectl" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.13.x-00 with the latest patch version
+    apt-mark unhold kubectl && \
+    apt-get update && apt-get install -y kubectl=1.13.x-00 && \
+    apt-mark hold kubectl
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.13.x-0 with the latest patch version
+    yum install -y kubectl-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+-->
+## 升级所有节点上的 kubectl
+
+1.  升级所有节点上的 kubectl:
+
+    {{< tabs name="k8s_install_kubectl" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # 将 1.13.x-00 中的 x 替换为最新的版本
+    apt-mark unhold kubectl && \
+    apt-get update && apt-get install -y kubectl=1.13.x-00 && \
+    apt-mark hold kubectl
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # 将 1.13.x-00 中的 x 替换为最新的版本
+    yum install -y kubectl-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!--
+## Drain control plane and worker nodes
+
+1.  Prepare each node for maintenance by marking it unschedulable and evicting the workloads. Run:
+-->
+## 清空控制平面和工作节点
+
+1.  在维护前，将每个节点标记为不可调度并移除工作负载来做好准备。 运行：
+
+    ```shell
+    kubectl drain $NODE --ignore-daemonsets
+    ```
+
+<!--
+    On the control plane node, you must add `--ignore-daemonsets`:
+-->
+    在控制平面节点上，必须添加 `--ignore-daemonsets`:
+
+    ```shell
+    kubectl drain ip-172-31-85-18
+    node "ip-172-31-85-18" cordoned
+    error: unable to drain node "ip-172-31-85-18", aborting command...
+
+    There are pending nodes to be drained:
+    ip-172-31-85-18
+    error: DaemonSet-managed pods (use --ignore-daemonsets to ignore): calico-node-5798d, kube-proxy-thjp9
+    ```
+
+    ```
+    kubectl drain ip-172-31-85-18 --ignore-daemonsets
+    node "ip-172-31-85-18" already cordoned
+    WARNING: Ignoring DaemonSet-managed pods: calico-node-5798d, kube-proxy-thjp9
+    node "ip-172-31-85-18" drained
+    ```
+
+<!--
+## Upgrade the kubelet config on worker nodes
+
+1.  On each node except the control plane node, upgrade the kubelet config:
+-->
+## 在工作节点上更新 kubelet 配置
+
+1.  在除控制平面节点的其它节点上，更新 kubelet 配置:
+
+    ```shell
+    kubeadm upgrade node config --kubelet-version v1.13.x
+    ```
+
+<!--
+    Replace `x` with the patch version you picked for this ugprade.
+-->
+    将 `x` 替换为您本次将要升级到的版本号。
+
+
+<!--
+## Upgrade kubeadm and the kubelet on worker nodes
+
+1.  Upgrade the Kubernetes package version on each `$NODE` node by running the Linux package manager for your distribution:
+
+    {{< tabs name="k8s_kubelet_and_kubeadm" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.13.x-00 with the latest patch version
+    apt-mark unhold kubelet kubeadm
+    apt-get update
+    apt-get install -y kubelet=1.13.x-00 kubeadm=1.13.x-00
+    apt-mark hold kubelet kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.13.x-0 with the latest patch version
+    yum install -y kubelet-1.13.x-0 kubeadm-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+-->
+## 在每个工作节点上升级 kubelet
+
+1.  在每个 `$NODE` 节点上使用您的发行版对应的 Linux 包管理器:
+
+    {{< tabs name="k8s_kubelet_and_kubeadm" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # # 将 1.13.x-00 中的 x 替换为最新的版本
+    apt-mark unhold kubelet kubeadm
+    apt-get update
+    apt-get install -y kubelet=1.13.x-00 kubeadm=1.13.x-00
+    apt-mark hold kubelet kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # # 将 1.13.x-00 中的 x 替换为最新的版本
+    yum install -y kubelet-1.13.x-0 kubeadm-1.13.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!--
+## Restart the kubelet for all nodes
+
+1.  Restart the kubelet process for all nodes:
+
+    ```shell
+    systemctl restart kubelet
+    ```
+
+1.  Verify that the new version of the `kubelet` is running on the node:
+
+    ```shell
+    systemctl status kubelet
+    ```
+
+1.  Bring the node back online by marking it schedulable:
+
+    ```shell
+    kubectl uncordon $NODE
+    ```
+
+1.  After the kubelet is upgraded on all nodes, verify that all nodes are available again by running the following command from anywhere kubectl can access the cluster:
+
+    ```shell
+    kubectl get nodes
+    ```
+
+    The `STATUS` column should show `Ready` for all your nodes, and the version number should be updated.
+-->
+## 重启所有节点上的 kubelet
+
+1.  重启所有节点上的 kubelet 进程:
+
+    ```shell
+    systemctl restart kubelet
+    ```
+
+1.  验证节点上新版本的 `kubelet` 处于运行状态:
+
+    ```shell
+    systemctl status kubelet
+    ```
+
+1.  将节点状态标记为可调度:
+
+    ```shell
+    kubectl uncordon $NODE
+    ```
+
+1.  在所有节点上升级 kubelet 之后，通过从任何 kubectl 可以访问集群的位置运行以下命令来验证所有节点是否可用：
+
+    ```shell
+    kubectl get nodes
+    ```
+
+    您所有节点的 `STATUS` 列应为 `Ready`，并且版本信息应该是更新后的.
+
+{{% /capture %}}
+
+<!--
+## Recovering from a failure state
+
+If `kubeadm upgrade` fails and does not roll back, for example because of an unexpected shutdown during execution, you can run `kubeadm upgrade` again.
+This command is idempotent and eventually makes sure that the actual state is the desired state you declare.
+
+To recover from a bad state, you can also run `kubeadm upgrade --force` without changing the version that your cluster is running.
+-->
+## 从失败状态恢复
+
+如果 `kubeadm upgrade` 失败且没有回滚，比如在运行过程中意外被关闭，您可以重新运行`kubeadm upgrade` 。
+此命令是幂等的，并最终确保实际状态是您声明的所需状态。
+
+要从错误状态恢复，您还可以运行 `kubeadm upgrade --force` 而无需更改群集正在运行的版本。
+
+<!--
+## How it works
+
+`kubeadm upgrade apply` does the following:
+
+- Checks that your cluster is in an upgradeable state:
+  - The API server is reachable
+  - All nodes are in the `Ready` state
+  - The control plane is healthy
+- Enforces the version skew policies.
+- Makes sure the control plane images are available or available to pull to the machine.
+- Upgrades the control plane components or rollbacks if any of them fails to come up.
+- Applies the new `kube-dns` and `kube-proxy` manifests and makes sure that all necessary RBAC rules are created.
+- Creates new certificate and key files of the API server and backs up old files if they're about to expire in 180 days.
+-->
+## 工作原理
+
+`kubeadm upgrade apply` 指令做了如下操作:
+
+- 检查您的集群是否处于可升级状态:
+  - API 服务器可达
+  - 所有节点在 `Ready` 状态
+  - 控制平面状态为健康
+- 执行版本 skew 策略。
+- 确保控制平面图像可用或可被拉取到机器。
+- 升级控制平面组件或回滚（如果其中任何一个组件无法启动）。
+- 应用新的 `kube-dns` 和 `kube-proxy` 清单，并确保创建所有必需的 RBAC 规则。
+- 创建 API 服务器的新证书和密钥文件，如果旧文件即将在 180 天后过期，则备份旧文件。
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-14.md b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-14.md
new file mode 100644
index 0000000000000..1234bc453ec8a
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-14.md
@@ -0,0 +1,547 @@
+---
+title: 将 kubeadm 集群从 v1.13 升级到 v1.14
+content_template: templates/task
+---
+<!-- ---
+reviewers:
+- sig-cluster-lifecycle
+title: Upgrading kubeadm clusters from v1.13 to v1.14
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+<!-- This page explains how to upgrade a Kubernetes cluster created with kubeadm from version 1.13.x to version 1.14.x,
+and from version 1.14.x to 1.14.y (where `y > x`). -->
+本页介绍了如何将 `kubeadm` 创建的 Kubernetes 集群从 1.13.x 版本升级到 1.14.x 版本，以及从版本 1.14.x 升级到 1.14.y ，其中 `y > x`。
+
+<!-- The upgrade workflow at high level is the following:
+
+1. Upgrade the primary control plane node.
+1. Upgrade additional control plane nodes.
+1. Upgrade worker nodes. -->
+高版本升级工作流如下：
+
+1. 升级主控制平面节点。
+1. 升级其他控制平面节点。
+1. 升级 worker 节点。
+
+{{< note >}}
+<!-- With the release of Kubernetes v1.14, the kubeadm instructions for upgrading both HA and single control plane clusters
+are merged into a single document. -->
+随着 Kubernetes v1.14 的发布，用于升级 HA 和单个控制平面集群的 kubeadm 指令被合并到一个文档中。
+{{</ note >}}
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- - You need to have a kubeadm Kubernetes cluster running version 1.13.0 or later.
+- [Swap must be disabled](https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux).
+- The cluster should use a static control plane and etcd pods.
+- Make sure you read the [release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md) carefully.
+- Make sure to back up any important components, such as app-level state stored in a database.
+  `kubeadm upgrade` does not touch your workloads, only components internal to Kubernetes, but backups are always a best practice. -->
+- 您需要有一个由 `kubeadm` 创建并运行着 1.13.0 或更高版本的 Kubernetes 集群。
+- [禁用 Swap](https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux)。
+- 集群应使用静态的控制平面和 etcd pod。
+- 务必仔细认真阅读[发行说明](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md)。
+- 务必备份所有重要组件，例如存储在数据库中应用层面的状态。
+  `kubeadm upgrade` 不会影响您的工作负载，只会涉及 Kubernetes 内部的组件，但备份终究是好的。
+
+<!-- ### Additional information -->
+### 附加信息
+
+<!-- - All containers are restarted after upgrade, because the container spec hash value is changed.
+- You only can upgrade from one MINOR version to the next MINOR version,
+  or between PATCH versions of the same MINOR. That is, you cannot skip MINOR versions when you upgrade.
+  For example, you can upgrade from 1.y to 1.y+1, but not from 1.y to 1.y+2. -->
+- 升级后重新启动所有容器，因为容器 spec 的哈希值已更改。
+- 您只能从一个次版本升级到下一个次版本,或者同样次版本的补丁版。也就是说，升级时无法跳过版本。
+  例如，您只能从 1.y 升级到 1.y+1，而不能从 from 1.y 升级到 1.y+2。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Determine which version to upgrade to -->
+## 确定要升级到哪个版本
+
+<!-- 1.  Find the latest stable 1.14 version:
+
+    {{< tabs name="k8s_install_versions" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    apt update
+    apt-cache policy kubeadm
+    # find the latest 1.14 version in the list
+    # it should look like 1.14.x-00, where x is the latest patch
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    yum list --showduplicates kubeadm --disableexcludes=kubernetes
+    # find the latest 1.14 version in the list
+    # it should look like 1.14.x-0, where x is the latest patch
+    {{% /tab %}}
+    {{< /tabs >}} -->
+1.  找到最新的稳定版 1.14:
+
+    {{< tabs name="k8s_install_versions" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    apt update
+    apt-cache policy kubeadm
+    # 在列表中查找最新的 1.14 版本
+    # 它看起来应该是 1.14.x-00 ，其中 x 是最新的补丁
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    yum list --showduplicates kubeadm --disableexcludes=kubernetes
+    # 在列表中查找最新的 1.14 版本
+    # 它看起来应该是 1.14.x-00 ，其中 x 是最新的补丁
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!-- ## Upgrade the first control plane node -->
+## 升级第一个控制平面节点
+
+<!-- 1.  On your first control plane node, upgrade kubeadm:
+
+    {{< tabs name="k8s_install_kubeadm_first_cp" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.14.x-00 with the latest patch version
+    apt-mark unhold kubeadm && \
+    apt-get update && apt-get install -y kubeadm=1.14.x-00 && \
+    apt-mark hold kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.14.x-0 with the latest patch version
+    yum install -y kubeadm-1.14.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}} -->
+1.  在第一个控制平面节点上，升级 kubeadm :
+
+    {{< tabs name="k8s_install_kubeadm_first_cp" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 x
+    apt-mark unhold kubeadm && \
+    apt-get update && apt-get install -y kubeadm=1.14.x-00 && \
+    apt-mark hold kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 x
+    yum install -y kubeadm-1.14.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!-- 1.  Verify that the download works and has the expected version:
+
+    ```shell
+    kubeadm version
+    ``` -->
+1.  验证下载是否有效并具有预期版本：
+
+    ```shell
+    kubeadm version
+    ```
+
+<!-- 1.  On the control plane node, run: -->
+1.  在主节点上，运行:
+
+    ```shell
+    sudo kubeadm upgrade plan
+    ```
+
+    <!-- You should see output similar to this: -->
+    您应该可以看到与下面类似的输出：
+
+    ```shell
+    [preflight] Running pre-flight checks.
+    [upgrade] Making sure the cluster is healthy:
+    [upgrade/config] Making sure the configuration is correct:
+    [upgrade/config] Reading configuration from the cluster...
+    [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
+    [upgrade] Fetching available versions to upgrade to
+    [upgrade/versions] Cluster version: v1.13.3
+    [upgrade/versions] kubeadm version: v1.14.0
+
+    Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
+    COMPONENT   CURRENT       AVAILABLE
+    Kubelet     2 x v1.13.3   v1.14.0
+
+    Upgrade to the latest version in the v1.13 series:
+
+    COMPONENT            CURRENT   AVAILABLE
+    API Server           v1.13.3   v1.14.0
+    Controller Manager   v1.13.3   v1.14.0
+    Scheduler            v1.13.3   v1.14.0
+    Kube Proxy           v1.13.3   v1.14.0
+    CoreDNS              1.2.6     1.3.1
+    Etcd                 3.2.24    3.3.10
+
+    You can now apply the upgrade by executing the following command:
+
+            kubeadm upgrade apply v1.14.0
+
+    _____________________________________________________________________
+    ```
+
+    <!-- This command checks that your cluster can be upgraded, and fetches the versions you can upgrade to. -->
+    此命令检查您的集群是否可以升级，并可以获取到升级的版本。
+
+<!-- 1.  Choose a version to upgrade to, and run the appropriate command. For example: -->
+1.  选择要升级到的版本，然后运行相应的命令。例如:
+
+    ```shell
+    sudo kubeadm upgrade apply v1.14.x
+    ```
+
+    <!-- - Replace `x` with the patch version you picked for this ugprade. -->
+    - 将 `x` 替换为您为此升级选择的修补程序版本。
+
+    <!-- You should see output similar to this: -->
+    您应该可以看见与下面类似的输出：
+
+    ```shell
+    [preflight] Running pre-flight checks.
+    [upgrade] Making sure the cluster is healthy:
+    [upgrade/config] Making sure the configuration is correct:
+    [upgrade/config] Reading configuration from the cluster...
+    [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
+    [upgrade/version] You have chosen to change the cluster version to "v1.14.0"
+    [upgrade/versions] Cluster version: v1.13.3
+    [upgrade/versions] kubeadm version: v1.14.0
+    [upgrade/confirm] Are you sure you want to proceed with the upgrade? [y/N]: y
+    [upgrade/prepull] Will prepull images for components [kube-apiserver kube-controller-manager kube-scheduler etcd]
+    [upgrade/prepull] Prepulling image for component etcd.
+    [upgrade/prepull] Prepulling image for component kube-scheduler.
+    [upgrade/prepull] Prepulling image for component kube-apiserver.
+    [upgrade/prepull] Prepulling image for component kube-controller-manager.
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-etcd
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-kube-scheduler
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-kube-controller-manager
+    [apiclient] Found 0 Pods for label selector k8s-app=upgrade-prepull-kube-apiserver
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-etcd
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-controller-manager
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-scheduler
+    [apiclient] Found 1 Pods for label selector k8s-app=upgrade-prepull-kube-apiserver
+    [upgrade/prepull] Prepulled image for component etcd.
+    [upgrade/prepull] Prepulled image for component kube-apiserver.
+    [upgrade/prepull] Prepulled image for component kube-scheduler.
+    [upgrade/prepull] Prepulled image for component kube-controller-manager.
+    [upgrade/prepull] Successfully prepulled the images for all the control plane components
+    [upgrade/apply] Upgrading your Static Pod-hosted control plane to version "v1.14.0"...
+    Static pod: kube-apiserver-myhost hash: 6436b0d8ee0136c9d9752971dda40400
+    Static pod: kube-controller-manager-myhost hash: 8ee730c1a5607a87f35abb2183bf03f2
+    Static pod: kube-scheduler-myhost hash: 4b52d75cab61380f07c0c5a69fb371d4
+    [upgrade/etcd] Upgrading to TLS for etcd
+    Static pod: etcd-myhost hash: 877025e7dd7adae8a04ee20ca4ecb239
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/etcd.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2019-03-14-20-52-44/etcd.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
+    Static pod: etcd-myhost hash: 877025e7dd7adae8a04ee20ca4ecb239
+    Static pod: etcd-myhost hash: 877025e7dd7adae8a04ee20ca4ecb239
+    Static pod: etcd-myhost hash: 64a28f011070816f4beb07a9c96d73b6
+    [apiclient] Found 1 Pods for label selector component=etcd
+    [upgrade/staticpods] Component "etcd" upgraded successfully!
+    [upgrade/etcd] Waiting for etcd to become available
+    [upgrade/staticpods] Writing new Static Pod manifests to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests043818770"
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-apiserver.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2019-03-14-20-52-44/kube-apiserver.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
+    Static pod: kube-apiserver-myhost hash: 6436b0d8ee0136c9d9752971dda40400
+    Static pod: kube-apiserver-myhost hash: 6436b0d8ee0136c9d9752971dda40400
+    Static pod: kube-apiserver-myhost hash: 6436b0d8ee0136c9d9752971dda40400
+    Static pod: kube-apiserver-myhost hash: b8a6533e241a8c6dab84d32bb708b8a1
+    [apiclient] Found 1 Pods for label selector component=kube-apiserver
+    [upgrade/staticpods] Component "kube-apiserver" upgraded successfully!
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-controller-manager.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2019-03-14-20-52-44/kube-controller-manager.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
+    Static pod: kube-controller-manager-myhost hash: 8ee730c1a5607a87f35abb2183bf03f2
+    Static pod: kube-controller-manager-myhost hash: 6f77d441d2488efd9fc2d9a9987ad30b
+    [apiclient] Found 1 Pods for label selector component=kube-controller-manager
+    [upgrade/staticpods] Component "kube-controller-manager" upgraded successfully!
+    [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-scheduler.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2019-03-14-20-52-44/kube-scheduler.yaml"
+    [upgrade/staticpods] Waiting for the kubelet to restart the component
+    [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
+    Static pod: kube-scheduler-myhost hash: 4b52d75cab61380f07c0c5a69fb371d4
+    Static pod: kube-scheduler-myhost hash: a24773c92bb69c3748fcce5e540b7574
+    [apiclient] Found 1 Pods for label selector component=kube-scheduler
+    [upgrade/staticpods] Component "kube-scheduler" upgraded successfully!
+    [upload-config] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
+    [kubelet] Creating a ConfigMap "kubelet-config-1.14" in namespace kube-system with the configuration for the kubelets in the cluster
+    [kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
+    [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
+    [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
+    [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
+    [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
+    [addons] Applied essential addon: CoreDNS
+    [addons] Applied essential addon: kube-proxy
+
+    [upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.14.0". Enjoy!
+
+    [upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
+    ```
+
+<!-- 1.  Manually upgrade your CNI provider plugin. -->
+1.  手动升级你的 CNI 供应商插件。
+
+    <!-- Your Container Network Interface (CNI) provider may have its own upgrade instructions to follow.
+    Check the [addons](/docs/concepts/cluster-administration/addons/) page to
+    find your CNI provider and see whether additional upgrade steps are required. -->
+    您的容器网络接口（CNI）应该提供了程序自身的升级说明。
+    检查[插件](/docs/concepts/cluster-administration/addons/)页面查找您 CNI 所提供的程序，并查看是否需要其他升级步骤。
+
+<!-- 1.  Upgrade the kubelet and kubectl on the control plane node: -->
+1.  升级控制平面节点上的 kubelet 和 kubectl ：
+    {{< tabs name="k8s_install_kubelet" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 x
+    apt-mark unhold kubelet kubectl && \
+    apt-get update && apt-get install -y kubelet=1.14.x-00 kubectl=1.14.x-00 && \
+    apt-mark hold kubelet kubectl
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 x
+    yum install -y kubelet-1.14.x-0 kubectl-1.14.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+
+<!-- 1. Restart the kubelet -->
+1. 重启 kubelet
+
+    ```shell
+    sudo systemctl restart kubelet
+    ```
+
+<!-- ## Upgrade additional control plane nodes -->
+## 升级其他控制面板节点
+
+<!-- 1.  Same as the first control plane node but use: -->
+1.  与第一个控制平面节点相同，但使用：
+
+```
+sudo kubeadm upgrade node experimental-control-plane
+```
+
+instead of:
+
+```
+sudo kubeadm upgrade apply
+```
+
+<!-- Also `sudo kubeadm upgrade plan` is not needed. -->
+也不需要 `sudo kubeadm upgrade plan` 。
+
+<!-- ## Upgrade worker nodes -->
+## 升级工作节点
+
+<!-- The upgrade procedure on worker nodes should be executed one node at a time or few nodes at a time,
+without compromising the minimum required capacity for running your workloads. -->
+工作节点上的升级过程应该一次执行一个节点，或者一次执行几个节点，以不影响运行工作负载所需的最小容量。
+
+<!-- ### Upgrade kubeadm -->
+### 升级 kubeadm
+
+<!-- 1.  Upgrade kubeadm on all worker nodes:
+
+    {{< tabs name="k8s_install_kubeadm_worker_nodes" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.14.x-00 with the latest patch version
+    apt-mark unhold kubeadm && \
+    apt-get update && apt-get install -y kubeadm=1.14.x-00 && \
+    apt-mark hold kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.14.x-0 with the latest patch version
+    yum install -y kubeadm-1.14.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}} -->
+1.  在所有工作节点升级 kubeadm :
+
+    {{< tabs name="k8s_install_kubeadm_worker_nodes" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 x
+    apt-mark unhold kubeadm && \
+    apt-get update && apt-get install -y kubeadm=1.14.x-00 && \
+    apt-mark hold kubeadm
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 x
+    yum install -y kubeadm-1.14.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!-- ### Cordon the node -->
+### 节点临界点
+
+<!-- 1.  Prepare the node for maintenance by marking it unschedulable and evicting the workloads. Run:
+
+    ```shell
+    kubectl drain $NODE --ignore-daemonsets
+    ```
+
+    You should see output similar to this:
+
+    ```shell
+    node/ip-172-31-85-18 cordoned
+    WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-proxy-dj7d7, kube-system/weave-net-z65qx
+    node/ip-172-31-85-18 drained
+    ``` -->
+1.  通过将节点标记为不可计划并逐出工作负载，为维护做好准备。运行：
+
+    ```shell
+    kubectl drain $NODE --ignore-daemonsets
+    ```
+
+    <!-- You should see output similar to this: -->
+    您应该可以看见与下面类似的输出：
+
+    ```shell
+    node/ip-172-31-85-18 cordoned
+    WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-proxy-dj7d7, kube-system/weave-net-z65qx
+    node/ip-172-31-85-18 drained
+    ```
+
+<!-- ### Upgrade the kubelet config -->
+### 升级 kubelet 配置
+
+<!-- 1.  Upgrade the kubelet config:
+
+    ```shell
+    sudo kubeadm upgrade node config --kubelet-version v1.14.x
+    ```
+
+    Replace `x` with the patch version you picked for this ugprade. -->
+1.  升级 kubelet 配置:
+
+    ```shell
+    sudo kubeadm upgrade node config --kubelet-version v1.14.x
+    ```
+
+    <!-- Replace `x` with the patch version you picked for this ugprade. -->
+    用最新的修补程序版本替换 1.14.x-00 中的 x
+
+
+<!-- ### Upgrade kubelet and kubectl -->
+### 升级 kubelet 与 kubectl
+
+<!-- 1.  Upgrade the Kubernetes package version by running the Linux package manager for your distribution:
+
+    {{< tabs name="k8s_kubelet_and_kubectl" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # replace x in 1.14.x-00 with the latest patch version
+    apt-mark unhold kubelet kubectl && \
+    apt-get update && apt-get install -y kubelet=1.14.x-00 kubectl=1.14.x-00 && \
+    apt-mark hold kubelet kubectl
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # replace x in 1.14.x-0 with the latest patch version
+    yum install -y kubelet-1.14.x-0 kubectl-1.14.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}} -->
+1.  通过运行适用于您的 Linux 发行版包管理器升级 Kubernetes 软件包版本： 
+
+    {{< tabs name="k8s_kubelet_and_kubectl" >}}
+    {{% tab name="Ubuntu, Debian or HypriotOS" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 xs
+    apt-mark unhold kubelet kubectl && \
+    apt-get update && apt-get install -y kubelet=1.14.x-00 kubectl=1.14.x-00 && \
+    apt-mark hold kubelet kubectl
+    {{% /tab %}}
+    {{% tab name="CentOS, RHEL or Fedora" %}}
+    # 用最新的修补程序版本替换 1.14.x-00 中的 x
+    yum install -y kubelet-1.14.x-0 kubectl-1.14.x-0 --disableexcludes=kubernetes
+    {{% /tab %}}
+    {{< /tabs >}}
+
+<!-- 1. Restart the kubelet
+
+    ```shell
+    sudo systemctl restart kubelet
+    ``` -->
+1.  重启 kubelet
+
+    ```shell
+    sudo systemctl restart kubelet
+    ```
+
+<!-- ### Uncordon the node -->
+### 节点未临界点
+
+<!-- 1.  Bring the node back online by marking it schedulable:
+
+    ```shell
+    kubectl uncordon $NODE
+    ``` -->
+1.  通过将节点标记为可调度，让节点重新上线:
+
+    ```shell
+    kubectl uncordon $NODE
+    ```
+
+<!-- ## Verify the status of the cluster
+
+After the kubelet is upgraded on all nodes verify that all nodes are available again by running the following command from anywhere kubectl can access the cluster:
+
+```shell
+kubectl get nodes
+``` -->
+## 验证集群的状态
+
+在所有节点上升级 kubelet 后，通过从 kubectl 可以访问集群的任何位置运行以下命令，验证所有节点是否再次可用：
+
+```shell
+kubectl get nodes
+```
+
+<!-- The `STATUS` column should show `Ready` for all your nodes, and the version number should be updated. -->
+`STATUS` 列应显示所有节点为 `Ready` 状态，并且版本号已经被更新。 
+
+{{% /capture %}}
+
+<!-- ## Recovering from a failure state
+
+If `kubeadm upgrade` fails and does not roll back, for example because of an unexpected shutdown during execution, you can run `kubeadm upgrade` again.
+This command is idempotent and eventually makes sure that the actual state is the desired state you declare.
+
+To recover from a bad state, you can also run `kubeadm upgrade --force` without changing the version that your cluster is running. -->
+## 从故障状态恢复
+
+如果 `kubeadm upgrade` 失败并且没有回滚，例如由于执行期间意外关闭，您可以再次运行 `kubeadm upgrade`。
+此命令是幂等的，并最终确保实际状态是您声明的所需状态。
+要从故障状态恢复，您还可以运行 `kubeadm upgrade --force` 而不去更改集群正在运行的版本。
+
+<!-- ## How it works
+
+`kubeadm upgrade apply` does the following:
+
+- Checks that your cluster is in an upgradeable state:
+  - The API server is reachable
+  - All nodes are in the `Ready` state
+  - The control plane is healthy
+- Enforces the version skew policies.
+- Makes sure the control plane images are available or available to pull to the machine.
+- Upgrades the control plane components or rollbacks if any of them fails to come up.
+- Applies the new `kube-dns` and `kube-proxy` manifests and makes sure that all necessary RBAC rules are created.
+- Creates new certificate and key files of the API server and backs up old files if they're about to expire in 180 days. -->
+## 它是怎么工作的
+
+`kubeadm upgrade apply` 做了以下工作：
+
+- 检查您的集群是否处于可升级状态:
+  - API 服务器是可访问的
+  - 所有节点处于 `Ready` 状态
+  - 控制平面是健康的
+- 强制执行版本 skew 策略。
+- 确保控制平面的镜像是可用的或可拉取到服务器上。
+- 升级控制平面组件或回滚（如果其中任何一个组件无法启动）。
+- 应用新的 `kube-dns` 和 `kube-proxy` 清单，并强制创建所有必需的 RBAC 规则。
+- 如果旧文件在 180 天后过期，将创建 API 服务器的新证书和密钥文件并备份旧文件。
+
+<!-- `kubeadm upgrade node experimental-control-plane` does the following on additional control plane nodes:
+- Fetches the kubeadm `ClusterConfiguration` from the cluster.
+- Optionally backups the kube-apiserver certificate.
+- Upgrades the static Pod manifests for the control plane components. -->
+`kubeadm upgrade node experimental-control-plane` 实验控制平面在其他控制平面节点上执行以下操作：
+- 从集群中获取 kubeadm `ClusterConfiguration`。
+- 可选地备份 kube-apiserver 证书。
+- 升级控制平面组件的静态 Pod 清单。
\ No newline at end of file
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-ha-1-12.md b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-ha-1-12.md
new file mode 100644
index 0000000000000..c0155be3cbe68
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-ha-1-12.md
@@ -0,0 +1,425 @@
+---
+reviewers:
+- jamiehannaford
+- luxas
+- timothysc
+- jbeda
+title: 将 kubeadm 高可用集群从 v1.11 升级到 v1.12
+content_template: templates/task
+---
+
+<!--
+---
+reviewers:
+- jamiehannaford
+- luxas
+- timothysc
+- jbeda
+title: Upgrading kubeadm HA clusters from v1.11 to v1.12x
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page explains how to upgrade a highly available (HA) Kubernetes cluster created with `kubeadm` from version 1.11.x to version 1.12.x. In addition to upgrading, you must also follow the instructions in [Creating HA clusters with kubeadm](/docs/setup/independent/high-availability/).
+-->
+本页介绍了如何将基于 kubeadm 创建的 Kubernetes HA 集群从 1.11.x 版本升级到 1.12.x 版本。除了升级，您还必须遵守[使用 kubeadm 创建 HA 集群](/docs/setup/independent/high-availability/) 的相关说明。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+Before proceeding:
+-->
+在继续之前：
+
+<!--
+- You need to have a `kubeadm` HA cluster running version 1.11 or higher.
+- Make sure you read the [release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md) carefully.
+- Make sure to back up any important components, such as app-level state stored in a database. `kubeadm upgrade` does not touch your workloads, only components internal to Kubernetes, but backups are always a best practice.
+- Check the prerequisites for [Upgrading/downgrading kubeadm clusters between v1.11 to v1.12](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-12/).
+-->
+
+- 您需要一个 1.11 或更高版本的 kubeadm 高可用集群。
+- 请务必仔细阅读[发行说明](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md)。
+- 确保备份所有重要组件，比如存储在数据库中的应用程序级状态。`kubeadm upgrade` 不涉及您的工作负载，只涉及 Kubernetes 内部的组件，但备份始终是最佳实践。
+- 检查[在 v1.11 到 v1.12 之间升级/降级 kubeadm 集群](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-12/) 的条件。
+
+{{< note >}}
+
+<!--
+All commands on any control plane or etcd node should be run as root.
+-->
+任何控制平面或 etcd 节点上的所有命令都应以 root 身份运行。
+
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Prepare for both methods
+
+Upgrade `kubeadm` to the version that matches the version of Kubernetes that you are upgrading to:
+-->
+
+## 准备两种方法
+
+升级 `kubeadm` 到与要升级到的 Kubernetes 版本匹配的版本：
+
+```shell
+apt-mark unhold kubeadm && \
+apt-get update && apt-get install -y kubeadm && \
+apt-mark hold kubeadm
+```
+
+<!--
+Check prerequisites and determine the upgrade versions:
+-->
+检查条件并确定升级版本：
+
+```shell
+kubeadm upgrade plan
+```
+
+<!--
+You should see something like the following:
+-->
+您应该看到如下内容：
+
+    Upgrade to the latest stable version:
+
+    COMPONENT            CURRENT   AVAILABLE
+    API Server           v1.11.3   v1.12.0
+    Controller Manager   v1.11.3   v1.12.0
+    Scheduler            v1.11.3   v1.12.0
+    Kube Proxy           v1.11.3   v1.12.0
+    CoreDNS              1.1.3     1.2.2
+    Etcd                 3.2.18    3.2.24
+
+<!--
+## Stacked control plane nodes
+
+### Upgrade the first control plane node
+
+Modify `configmap/kubeadm-config` for this control plane node:
+-->
+
+## 叠加控制平面节点
+
+### 升级第一个控制平面节点
+
+为该控制平面节点修改 `configmap/kubeadm-config` 文件：
+
+```shell
+kubectl get configmap -n kube-system kubeadm-config -o yaml > kubeadm-config-cm.yaml
+```
+
+<!--
+Open the file in an editor and replace the following values:
+-->
+在编辑器中打开文件并替换以下值：
+
+<!--
+    This should be set to the local node's IP address.
+    This should be updated to the local node's IP address.
+    This should be updated to the local node's IP address.
+    This should be updated to the local node's IP address.
+    This should be updated to the local node's IP address.       
+-->
+
+<!--
+    This should be updated to include the hostname and IP address pairs for each control plane node in the cluster. For example:
+-->
+
+
+- `api.advertiseAddress`
+
+    应将其设置为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.advertise-client-urls`
+
+    此值应该更新为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.initial-advertise-peer-urls`
+
+    此值应该更新为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.listen-client-urls`
+
+    此值应该更新为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.listen-peer-urls`
+
+    此值应该更新为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.initial-cluster`
+
+    应更新此项以包含群集中每个控制平面节点的主机名和 IP 地址对。例如：
+
+        "ip-172-31-92-42=https://172.31.92.42:2380,ip-172-31-89-186=https://172.31.89.186:2380,ip-172-31-90-42=https://172.31.90.42:2380"
+
+<!--
+You must also pass an additional argument (`initial-cluster-state: existing`) to etcd.local.extraArgs.
+-->
+您还必须将另一个参数（`initial-cluster-state: existing`）传递给 etcd.local.extraArgs。
+
+```shell
+kubectl apply -f kubeadm-config-cm.yaml --force
+```
+
+<!--
+Start the upgrade:
+-->
+开始升级：
+
+```shell
+kubeadm upgrade apply v<YOUR-CHOSEN-VERSION-HERE>
+```
+
+<!--
+You should see something like the following:
+-->
+您应该看到如下内容：
+
+    [upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.12.0". Enjoy!
+
+<!--
+The `kubeadm-config` ConfigMap is now updated from `v1alpha2` version to `v1alpha3`.
+
+### Upgrading additional control plane nodes
+
+Each additional control plane node requires modifications that are different from the first control plane node. Run:
+-->
+
+`kubeadm-config` ConfigMap 现在从 `v1alpha2` 版本更新为 `v1alpha3`。
+
+## 升级其他控制平面节点
+
+每个额外的控制平面节点都需要与第一个控制平面节点做不同的修改。运行：
+
+```shell
+kubectl get configmap -n kube-system kubeadm-config -o yaml > kubeadm-config-cm.yaml
+```
+
+<!--
+Open the file in an editor and replace the following values for `ClusterConfiguration`:
+-->
+在编辑器中打开文件并为 `ClusterConfiguration` 替换以下值：
+
+<!--
+    This should be updated to the local node's IP address.
+    This should be updated to the local node's IP address.
+    This should be updated to the local node's IP address.
+    This should be updated to the local node's IP address.
+-->
+
+
+- `etcd.local.extraArgs.advertise-client-urls`
+
+    这应该更新为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.initial-advertise-peer-urls`
+
+   这应该更新为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.listen-client-urls`
+
+    这应该更新为本地节点的 IP 地址。
+
+- `etcd.local.extraArgs.listen-peer-urls`
+
+   这应该更新为本地节点的 IP 地址。
+
+<!--
+You must also modify the `ClusterStatus` to add a mapping for the current host under apiEndpoints.
+
+Add an annotation for the cri-socket to the current node, for example to use docker:
+-->
+您还必须修改 `ClusterStatus`， 为 apiEndpoints 下的当前主机添加映射。
+
+将 cri-socket 的注解添加到当前节点，例如使用 docker：
+
+```shell
+kubectl annotate node <nodename> kubeadm.alpha.kubernetes.io/cri-socket=/var/run/dockershim.sock
+```
+
+<!--
+Apply the modified kubeadm-config on the node:
+-->
+在节点上应用修改后的 kubeadm-config：
+
+```shell
+kubectl apply -f kubeadm-config-cm.yaml --force
+```
+
+<!--
+Start the upgrade:
+-->
+开始升级：
+
+```shell
+kubeadm upgrade apply v<YOUR-CHOSEN-VERSION-HERE>
+```
+
+<!--
+You should see something like the following:
+-->
+您应该看到如下内容：
+
+    [upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.12.0". Enjoy!
+
+<!--
+## External etcd
+
+### Upgrade each control plane
+
+Get a copy of the kubeadm config used to create this cluster. The config should be the same for every node. The config must exist on every control plane node before the upgrade begins.
+-->
+
+## 外部 etcd
+
+### 升级每个控制平面
+
+获取用于创建集群的 kubeadm 配置的副本。所有节点的配置应该相同。在升级开始之前，配置必须存在于每个控制平面节点上。
+
+<!--
+# on each control plane node
+-->
+
+```
+# 在每个控制平面节点上
+kubectl get configmap -n kube-system kubeadm-config -o jsonpath={.data.MasterConfiguration} > kubeadm-config.yaml
+```
+
+<!--
+Open the file in an editor and set `api.advertiseAddress` to the local node's IP address.
+
+Now run the upgrade on each control plane node one at a time.
+-->
+在编辑器中打开文件并设置 `api.advertiseAddress` 为本地节点的 IP 地址。
+
+现在，在每个控制平面节点上分别执行升级命令。
+
+```
+kubeadm upgrade apply v1.12.0 --config kubeadm-config.yaml
+```
+
+<!--
+### Upgrade etcd
+
+Kubernetes v1.11 to v1.12 only changed the patch version of etcd from v3.2.18 to v3.2.24. This is a rolling upgrade with no downtime, because you can run both versions in the same cluster.
+
+On the first host, modify the etcd manifest:
+-->
+
+### 升级 etcd
+
+Kubernetes v1.11 至 v1.12 只将 etcd 的 patch 版本从 v3.2.18 更改为 v3.2.24。这是一个滚动升级，没有停机时间，因为您可以在同一个集群中运行两个版本。
+
+在第一台主机上，修改 etcd 清单：
+
+```shell
+sed -i 's/3.2.18/3.2.24/' /etc/kubernetes/manifests/etcd.yaml
+```
+
+<!--
+Wait for the etcd process to reconnect. There will be error warnings in the other etcd node logs. This is expected.
+
+Repeat this step on the other etcd hosts.
+
+## Next steps
+
+### Manually upgrade your CNI provider
+
+Your Container Network Interface (CNI) provider might have its own upgrade instructions to follow. Check the [addons](/docs/concepts/cluster-administration/addons/) page to find your CNI provider and see whether you need to take additional upgrade steps.
+
+### Update kubelet and kubectl packages
+
+Upgrade the kubelet and kubectl by running the following on each node:
+-->
+
+等待 etcd 进程重新连接。其他 etcd 节点日志中将出现错误警告。这是预料之中的。
+
+在其他 etcd 主机上重复此步骤。
+
+## 下一步
+
+### 手动升级您的 CNI 提供商
+
+您的容器网络接口（CNI）提供程序可能有自己的升级说明。检查[插件](/docs/concepts/cluster-administration/addons/)页面找到您的 CNI 提供商，看看是否需要采取其他升级步骤。
+
+### 更新 kubelet 和 kubectl 包
+
+通过在每个节点上运行以下命令来升级 kubelet 和 kubectl：
+
+<!--
+# use your distro's package manager, e.g. 'apt-get' on Debian-based systems
+# for the versions stick to kubeadm's output (see above)
+-->
+
+```shell
+# 使用你的发行版软件包管理器，例如基于 Debian 系统上的 'apt-get' 
+# 对于版本，基于 kubeadm 的输出来设置(参见上文)
+apt-mark unhold kubelet kubectl && \
+apt-get update && \
+apt-get install kubelet=<NEW-K8S-VERSION> kubectl=<NEW-K8S-VERSION> && \
+apt-mark hold kubelet kubectl && \
+systemctl restart kubelet
+```
+
+<!--
+In this example a _deb_-based system is assumed and `apt-get` is used for installing the upgraded software. On rpm-based systems the command is `yum install <PACKAGE>=<NEW-K8S-VERSION>` for all packages.
+
+Verify that the new version of the kubelet is running:
+-->
+本例假设使用一个基于 _deb_ 的系统，并使用 `apt-get` 安装升级后的软件。在基于 rpm 的系统上，对于所有软件包都使用 `yum install <PACKAGE>=<NEW-K8S-VERSION>` 命令。
+
+验证新版本的 `kubelet` 是否正在运行：
+
+```shell
+systemctl status kubelet
+```
+
+<!--
+Verify that the upgraded node is available again by running the following command from wherever you run `kubectl`:
+-->
+无论当前路径在哪里，使用 `kubectl` 运行以下命令，再次验证已升级的节点是否可用：
+
+```shell
+kubectl get nodes
+```
+
+<!--
+If the `STATUS` column shows `Ready` for the upgraded host, you can continue. You might need to repeat the command until the node shows `Ready`.
+-->
+如果对于升级后的主机其 `STATUS` 列显示 `Ready`，则可以继续；否则您可能需要重复该命令，直到节点显示 `Ready`。
+
+<!--
+## If something goes wrong
+
+If the upgrade fails, see whether one of the following scenarios applies:
+
+- If `kubeadm upgrade apply` failed to upgrade the cluster, it will try to perform a rollback. If this is the case on the first master, the cluster is probably still intact.
+
+   You can run `kubeadm upgrade apply` again, because it is idempotent and should eventually make sure the actual state is the desired state you are declaring. You can run `kubeadm upgrade apply` to change a running cluster with `x.x.x -> x.x.x` with `--force` to recover from a bad state.
+
+- If `kubeadm upgrade apply` on one of the secondary masters failed, the cluster is upgraded and working, but the secondary masters are in an undefined state. You need to investigate further and join the secondaries manually.
+-->
+
+## 如果出现问题
+
+如果升级失败，请检查是否符合以下列出的可能场景：
+
+- 如果 `kubeadm upgrade apply` 无法升级集群，它将尝试执行回滚。如果在第一个主控节点上就是这种情况，则集群可能仍然完好无损。
+
+   您可以再次运行 `kubeadm upgrade apply`，因为它是幂等的，最终应该确保实际状态是您声明的期望状态。您可以运行 `kubeadm upgrade apply` 并设置参数 `--force` 请求"更新"正在运行的集群（从 `x.x.x --> x.x.x` ），尝试从错误状态中恢复。
+
+- 如果其他节点上的 `kubeadm upgrade apply` 失败，则集群已经升级并运行，只是这些节点处于未定义的状态。您需要进一步调试并手动将其加入集群。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/administer-cluster/kubelet-config-file.md b/content/zh/docs/tasks/administer-cluster/kubelet-config-file.md
index 506bca986fb79..db7ecc67c4dde 100644
--- a/content/zh/docs/tasks/administer-cluster/kubelet-config-file.md
+++ b/content/zh/docs/tasks/administer-cluster/kubelet-config-file.md
@@ -1,36 +1,52 @@
 ---
-approvers:
+reviewers:
 - mtaufen
 - dawnchen
-cn-approvers:
-- xiaosuiba
-cn-reviwers:
-- pigletfly
-- zjj2wry
-- chentao1596
 title: 通过配置文件设置 Kubelet 参数
 content_template: templates/task
 ---
-
+<!--
+---
+reviewers:
+- mtaufen
+- dawnchen
+title: Set Kubelet parameters via a config file
+content_template: templates/task
+---
+--->
 
 {{% capture overview %}}
-{{< feature-state state="alpha" >}}
+{{< feature-state state="beta" >}}
 
+<!--
+A subset of the Kubelet's configuration parameters may be
+set via an on-disk config file, as a substitute for command-line flags.
+This functionality is considered beta in v1.10.
+--->
+通过保存在硬盘的配置文件设置 Kubelet 的配置参数子集，可以作为命令行参数的替代。此功能在 v1.10 中为 beta 版。
+
+<!--
+Providing parameters via a config file is the recommended approach because
+it simplifies node deployment and configuration management.
+--->
+建议通过配置文件的方式提供参数，因为这样可以简化节点部署和配置管理。
 
-在 Kubernetes 1.8 版本上，除了可以通过命令行参数外，还可以通过保存在硬盘的配置文件设置 Kubelet 的配置子集。
-将来，大部分现存的命令行参数都将被废弃，取而代之以配置文件的方式提供参数，以简化节点部署过程。
 {{% /capture %}}
 
 {{% capture prerequisites %}}
 
-
-- 需要安装 1.8 版本或更高版本的 Kubelet 二进制文件。
+<!--
+- A v1.10 or higher Kubelet binary must be installed for beta functionality.
+--->
+- 需要安装 1.10 或更高版本的 Kubelet 二进制文件，才能实现 beta 功能。
 
 {{% /capture %}}
 
 {{% capture steps %}}
 
-
+<!--
+## Create the config file
+--->
 ## 创建配置文件
 
 
@@ -55,22 +71,48 @@ evictionHard:
 
 ## 启动通过配置文件配置的 Kubelet 进程
 
-
-启动 Kubelet 需要将其 `--init-config-dir` 标志设置为包含 `kubelet` 文件的文件夹路径。Kubelet 将从 `kubelet` 文件中读取由 `KubeletConfiguration` 定义的参数，而不是从参数相关的命令行标志中读取。
+<!--
+Start the Kubelet with the `--config` flag set to the path of the Kubelet's config file.
+The Kubelet will then load its config from this file.
+--->
+启动 Kubelet 需要将 `--config` 参数设置为 Kubelet 配置文件的路径。Kubelet 将从此文件加载其配置。
+
+<!--
+Note that command line flags which target the same value as a config file will override that value.
+This helps ensure backwards compatibility with the command-line API.
+--->
+请注意，命令行参数与配置文件有相同的值时，就会覆盖配置文件中的该值。这有助于确保命令行 API 的向后兼容性。
+
+<!--
+Note that relative file paths in the Kubelet config file are resolved relative to the
+location of the Kubelet config file, whereas relative paths in command line flags are resolved
+relative to the Kubelet's current working directory.
+--->
+请注意，Kubelet 配置文件中的相对文件路径是相对于 Kubelet 配置文件的位置解析的，而命令行参数中的相对路径是相对于 Kubelet 的当前工作目录解析的。
+
+<!--
+Note that some default values differ between command-line flags and the Kubelet config file.
+If `--config` is provided and the values are not specified via the command line, the
+defaults for the `KubeletConfiguration` version apply.
+In the above example, this version is `kubelet.config.k8s.io/v1beta1`.
+--->
+请注意，命令行参数和 Kubelet 配置文件的某些默认值不同。如果设置了 `--config`，并且没有通过命令行指定值，则 `KubeletConfiguration` 版本的默认值生效。在上面的例子中，version 是 `kubelet.config.k8s.io/v1beta1`。
 
 {{% /capture %}}
 
 {{% capture discussion %}}
 
-
+<!--
+## Relationship to Dynamic Kubelet Config
+--->
 ## 与动态 Kubelet 配置的关系
 
-
-如果您正在使用  [动态 Kubelet 配置（Dynamic Kubelet Configuration）](/docs/tasks/administer-cluster/reconfigure-kubelet) 特性，那么自动回滚机制将认为通过 `--init-config-dir` 提供的配置是“最后已知正常（last known good）”的配置。
-
-
-请注意，`--init-config-dir` 文件的布局结构镜像了 ConfigMap 中用于动态 Kubelet 配置的数据结构；文件命名和 ConfigMap 的 key 相同，文件的内容是 ConfigMap 中相同数据结构的 JSON 或 YAML 表现形式。虽然以后可能会出现更多，但目前只有 kubelet:KubeletConfiguration 配置对。更多信息请查阅  [重新配置活动集群节点的 Kubelet](/docs/tasks/administer-cluster/reconfigure-kubelet)。
-
+<!--
+If you are using the [Dynamic Kubelet Configuration](/docs/tasks/administer-cluster/reconfigure-kubelet)
+feature, the combination of configuration provided via `--config` and any flags which override these values
+is considered the default "last known good" configuration by the automatic rollback mechanism.
+--->
+如果您正在使用 [动态 Kubelet 配置](/docs/tasks/administer-cluster/reconfigure-kubelet) 特性，那么自动回滚机制将认为是 "最后已知正常（last known good）" 的配置，通过 `--config` 提供的配置与覆盖这些值的任何参数的结合。
 {{% /capture %}}
 
 
diff --git a/content/zh/docs/tasks/administer-cluster/limit-storage-consumption.md b/content/zh/docs/tasks/administer-cluster/limit-storage-consumption.md
new file mode 100644
index 0000000000000..e8cadbd4b2ad6
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/limit-storage-consumption.md
@@ -0,0 +1,143 @@
+---
+title: 限制存储消耗
+content_template: templates/task
+---
+<!--
+---
+title: Limit Storage Consumption
+content_template: templates/task
+---
+-->
+
+
+{{% capture overview %}}
+
+<!--
+This example demonstrates an easy way to limit the amount of storage consumed in a namespace.
+-->
+此示例演示了一种限制命名空间中存储使用量的简便方法。
+
+<!--
+The following resources are used in the demonstration: [ResourceQuota](/docs/concepts/policy/resource-quotas/),
+[LimitRange](/docs/tasks/administer-cluster/memory-default-namespace/),
+and [PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/).
+-->
+演示中用到了以下资源：[ResourceQuota](/docs/concepts/policy/resource-quotas/)，[LimitRange](/docs/tasks/administer-cluster/memory-default-namespace/) 和 [PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/)。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Scenario: Limiting Storage Consumption
+-->
+## 场景：限制存储消耗
+
+<!--
+The cluster-admin is operating a cluster on behalf of a user population and the admin wants to control
+how much storage a single namespace can consume in order to control cost.
+-->
+集群管理员代表用户群操作集群，管理员希望控制单个名称空间可以消耗多少存储空间以控制成本。
+
+<!--
+The admin would like to limit:
+-->
+管理员想要限制：
+
+<!--
+1. The number of persistent volume claims in a namespace
+2. The amount of storage each claim can request
+3. The amount of cumulative storage the namespace can have
+-->
+1. 命名空间中持久卷申领（persistent volume claims）的数量
+2. 每个申领（claim）可以请求的存储量
+3. 命名空间可以具有的累计存储量
+
+<!--
+## LimitRange to limit requests for storage
+-->
+## 使用 LimitRange 限制存储请求
+
+<!--
+Adding a `LimitRange` to a namespace enforces storage request sizes to a minimum and maximum. Storage is requested via `PersistentVolumeClaim`. The admission controller that enforces limit ranges will reject any PVC that is above or below the values set by the admin.
+-->
+将 `LimitRange` 添加到命名空间会为存储请求大小强制设置最小值和最大值。存储是通过 `PersistentVolumeClaim` 来发起请求的。执行限制范围控制的准入控制器会拒绝任何高于或低于管理员所设阈值的 PVC。
+
+<!--
+In this example, a PVC requesting 10Gi of storage would be rejected because it exceeds the 2Gi max.
+-->
+在此示例中，请求 10Gi 存储的 PVC 将被拒绝，因为它超过了最大 2Gi。
+
+```
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: storagelimits
+spec:
+  limits:
+  - type: PersistentVolumeClaim
+    max:
+      storage: 2Gi
+    min:
+      storage: 1Gi
+```
+
+<!--
+Minimum storage requests are used when the underlying storage provider requires certain minimums. For example,
+AWS EBS volumes have a 1Gi minimum requirement.
+-->
+当底层存储提供程序需要某些最小值时，将会用到所设置最小存储请求值。例如，AWS EBS volumes 的最低要求为 1Gi。
+
+<!--
+## StorageQuota to limit PVC count and cumulative storage capacity
+-->
+## 使用 StorageQuota 限制 PVC 数目和累计存储容量
+
+<!--
+Admins can limit the number of PVCs in a namespace as well as the cumulative capacity of those PVCs. New PVCs that exceed
+either maximum value will be rejected.
+-->
+管理员可以限制某个命名空间中的 PVCs 个数以及这些 PVCs 的累计容量。新 PVCs 请求如果超过任一上限值将被拒绝。
+
+<!--
+In this example, a 6th PVC in the namespace would be rejected because it exceeds the maximum count of 5. Alternatively,
+a 5Gi maximum quota when combined with the 2Gi max limit above, cannot have 3 PVCs where each has 2Gi. That would be 6Gi requested
+ for a namespace capped at 5Gi.
+-->
+在此示例中，命名空间中的第 6 个 PVC 将被拒绝，因为它超过了最大计数 5。或者，当与上面的 2Gi 最大容量限制结合在一起时，意味着 5Gi 的最大配额不能支持 3 个都是 2Gi 的 PVC。后者实际上是向命名空间请求 6Gi 容量，而该命令空间已经设置上限为 5Gi。
+
+```
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: storagequota
+spec:
+  hard:
+    persistentvolumeclaims: "5"
+    requests.storage: "5Gi"
+```
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Summary
+-->
+## 小结
+
+<!--
+A limit range can put a ceiling on how much storage is requested while a resource quota can effectively cap the storage consumed by a namespace through claim counts and cumulative storage capacity. The allows a cluster-admin to plan their
+cluster's storage budget without risk of any one project going over their allotment.
+-->
+限制范围对象可以用来设置可请求的存储量上限，而资源配额对象则可以通过申领计数和累计存储容量有效地限制命名空间耗用的存储量。这两种机制使得集群管理员能够规划其集群存储预算而不会发生任一项目超量分配的风险。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-cluster/manage-resources/_index.md b/content/zh/docs/tasks/administer-cluster/manage-resources/_index.md
index cdc4c457a55d3..8fcbf33fe5fa3 100644
--- a/content/zh/docs/tasks/administer-cluster/manage-resources/_index.md
+++ b/content/zh/docs/tasks/administer-cluster/manage-resources/_index.md
@@ -1,12 +1,11 @@
-<!--
 ---
-title: Manage Memory, CPU, and API Resources
+title: 管理内存，CPU 和 API 资源
 weight: 20
 ---
--->
 
+<!--
 ---
-title: 管理内存，CPU 和 API 资源
+title: Manage Memory, CPU, and API Resources
 weight: 20
 ---
-
+-->
diff --git a/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace.md b/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace.md
index 41f6af4b29346..8607d283b62dd 100644
--- a/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace.md
+++ b/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace.md
@@ -1,17 +1,16 @@
-<!--
 ---
-title: Configure Minimum and Maximum CPU Constraints for a Namespace
+title: 为命名空间配置CPU最小和最大限制
 content_template: templates/task
 weight: 40
 ---
--->
 
+<!--
 ---
-title: 为命名空间配置CPU最小和最大限制
+title: Configure Minimum and Maximum CPU Constraints for a Namespace
 content_template: templates/task
 weight: 40
 ---
-
+-->
 
 {{% capture overview %}}
 
@@ -428,13 +427,13 @@ kubectl delete namespace constraints-cpu-example
 
 * [为命名空间配置内存限制的最小值和最大值](/docs/tasks/administer-cluster/memory-constraint-namespace/)
 
-* [为命名空间配置CPU限制的最小值和最大值](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+* [为命名空间配置 CPU 限制的最小值和最大值](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
 
-* [为命名空间配置内存和CPU配额](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+* [为命名空间配置内存和 CPU 配额](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
 
-* [为命名空间配置Pod配额](/docs/tasks/administer-cluster/quota-pod-namespace/)
+* [为命名空间配置 Pod 配额](/docs/tasks/administer-cluster/quota-pod-namespace/)
 
-* [为API对象配置配额](/docs/tasks/administer-cluster/quota-api-object/)
+* [为 API 对象配置配额](/docs/tasks/administer-cluster/quota-api-object/)
 
 <!--
 ### For app developers
@@ -448,15 +447,10 @@ kubectl delete namespace constraints-cpu-example
 
 ### 应用开发者参考：
 
-* [为容器和Pod分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
+* [为容器和 Pod 分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
 
-* [为容器和Pod分配CPU资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+* [为容器和 Pod 分配 CPU 资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
 
-* [为Pod配置Service数量](/docs/tasks/configure-pod-container/quality-service-pod/)
+* [为 Pod 配置 Service 数量](/docs/tasks/configure-pod-container/quality-service-pod/)
 
 {{% /capture %}}
-
-
-
-
-
diff --git a/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace.md b/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace.md
index ea2a22c746283..837d07efdffae 100644
--- a/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace.md
+++ b/content/zh/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace.md
@@ -1,16 +1,16 @@
-<!--
 ---
-title: Configure Default CPU Requests and Limits for a Namespace
+title: 为命名空间配置默认的CPU请求和限制
 content_template: templates/task
 weight: 20
 ---
--->
 
+<!--
 ---
-title: 为命名空间配置默认的CPU请求和限制
+title: Configure Default CPU Requests and Limits for a Namespace
 content_template: templates/task
 weight: 20
 ---
+-->
 
 {{% capture overview %}}
 <!--
@@ -284,13 +284,13 @@ it can be allowed to run in a namespace that is restricted by a quota.
 
 * [为命名空间配置内存限制的最小值和最大值](/docs/tasks/administer-cluster/memory-constraint-namespace/)
 
-* [为命名空间配置CPU限制的最小值和最大值](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+* [为命名空间配置 CPU 限制的最小值和最大值](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
 
-* [为命名空间配置内存和CPU配额](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+* [为命名空间配置内存和 CPU 配额](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
 
-* [为命名空间配置Pod配额](/docs/tasks/administer-cluster/quota-pod-namespace/)
+* [为命名空间配置 Pod 配额](/docs/tasks/administer-cluster/quota-pod-namespace/)
 
-* [为API对象配置配额](/docs/tasks/administer-cluster/quota-api-object/)
+* [为 API 对象配置配额](/docs/tasks/administer-cluster/quota-api-object/)
 
 <!--
 ### For app developers
@@ -306,12 +306,10 @@ it can be allowed to run in a namespace that is restricted by a quota.
 * [Configure Quality of Service for Pods](/docs/tasks/configure-pod-container/quality-service-pod/)
 -->
 
-* [为容器和Pod分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
+* [为容器和 Pod 分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
 
-* [为容器和Pod分配CPU资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+* [为容器和 Pod 分配 CPU 资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
 
-* [为Pod配置Service数量](/docs/tasks/configure-pod-container/quality-service-pod/)
+* [为 Pod 配置 Service 数量](/docs/tasks/configure-pod-container/quality-service-pod/)
 
 {{% /capture %}}
-
-
diff --git a/content/zh/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace.md b/content/zh/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace.md
index 84149f2b1edf2..0fd7481edca19 100644
--- a/content/zh/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace.md
+++ b/content/zh/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace.md
@@ -1,16 +1,16 @@
-<!--
 ---
-title: Configure Minimum and Maximum Memory Constraints for a Namespace
+title: 配置命名空间的最小和最大内存约束
 content_template: templates/task
 weight: 30
 ---
--->
 
+<!--
 ---
-title: 配置命名空间的最小和最大内存约束
+title: Configure Minimum and Maximum Memory Constraints for a Namespace
 content_template: templates/task
 weight: 30
 ---
+-->
 
 {{% capture overview %}}
 
@@ -440,8 +440,3 @@ kubectl delete namespace constraints-mem-example
 * [为 Pod 配置 Service 数量](/docs/tasks/configure-pod-container/quality-service-pod/)
 
 {{% /capture %}}
-
-
-
-
-
diff --git a/content/zh/docs/tasks/administer-cluster/manage-resources/memory-default-namespace.md b/content/zh/docs/tasks/administer-cluster/manage-resources/memory-default-namespace.md
index cd1521a861098..6c801f6f085dc 100644
--- a/content/zh/docs/tasks/administer-cluster/manage-resources/memory-default-namespace.md
+++ b/content/zh/docs/tasks/administer-cluster/manage-resources/memory-default-namespace.md
@@ -1,16 +1,16 @@
-<!--
 ---
-title: Configure Default Memory Requests and Limits for a Namespace
+title: 为命名空间配置默认的内存请求和限制
 content_template: templates/task
 weight: 10
 ---
--->
 
+<!--
 ---
-title: 为命名空间配置默认的内存请求和限制
+title: Configure Default Memory Requests and Limits for a Namespace
 content_template: templates/task
 weight: 10
 ---
+-->
 
 {{% capture overview %}}
 
@@ -265,7 +265,7 @@ Here are two of the restrictions that a resource quota imposes on a namespace:
 -->
 
 * 运行在命名空间中的每个容器必须有自己的内存限制。
-* 命名空间中所有容器的内存使用量之和不能超过声明的限制值。 
+* 命名空间中所有容器的内存使用量之和不能超过声明的限制值。
 
 <!--
 If a Container does not specify its own memory limit, it is given the default limit, and then
@@ -331,5 +331,3 @@ it can be allowed to run in a namespace that is restricted by a quota.
 * [为 Pod 配置服务数量](/docs/tasks/configure-pod-container/quality-service-pod/)
 
 {{% /capture %}}
-
-
diff --git a/content/zh/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace.md b/content/zh/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace.md
index 146d5edf130f3..7947c43be85fc 100644
--- a/content/zh/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace.md
+++ b/content/zh/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace.md
@@ -1,17 +1,16 @@
-<!--
 ---
-title: Configure Memory and CPU Quotas for a Namespace
+title: 为命名空间配置内存和 CPU 配额
 content_template: templates/task
 weight: 50
 ---
--->
 
+<!--
 ---
-title: 为命名空间配置内存和 CPU 配额
+title: Configure Memory and CPU Quotas for a Namespace
 content_template: templates/task
 weight: 50
 ---
-
+-->
 
 {{% capture overview %}}
 
@@ -299,8 +298,3 @@ kubectl delete namespace quota-mem-cpu-example
 * [为 Pod 配置 Service 数量](/docs/tasks/configure-pod-container/quality-service-pod/)
 
 {{% /capture %}}
-
-
-
-
-
diff --git a/content/zh/docs/tasks/administer-cluster/manage-resources/quota-pod-namespace.md b/content/zh/docs/tasks/administer-cluster/manage-resources/quota-pod-namespace.md
new file mode 100644
index 0000000000000..9d1e4b4c4fd76
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/manage-resources/quota-pod-namespace.md
@@ -0,0 +1,223 @@
+---
+title: 为命名空间配置 Pod 配额
+content_template: templates/task
+weight: 60
+---
+
+<!--
+---
+title: Configure a Pod Quota for a Namespace
+content_template: templates/task
+weight: 60
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to set a quota for the total number of Pods that can run
+in a namespace. You specify quotas in a
+[ResourceQuota](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#resourcequota-v1-core)
+object.
+-->
+
+本文介绍怎样给命名空间配置可以运行的 Pod 总数配额。你在 [ResourceQuota](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#resourcequota-v1-core)对象中可以进行声明。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Create a namespace
+
+Create a namespace so that the resources you create in this exercise are
+isolated from the rest of your cluster.
+-->
+
+## 创建命名空间
+
+创建一个命名空间，以便本练习所创建的资源和集群的其余资源相隔离。
+
+```shell
+kubectl create namespace quota-pod-example
+```
+
+<!--
+## Create a ResourceQuota
+
+Here is the configuration file for a ResourceQuota object:
+-->
+
+## 创建一个 ResourceQuota
+
+这里给出了一个 ResourceQuota 对象的配置文件：
+
+{{< codenew file="admin/resource/quota-pod.yaml" >}}
+
+<!--
+Create the ResourceQuota:
+-->
+
+创建 ResourceQuota
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/resource/quota-pod.yaml --namespace=quota-pod-example
+```
+
+<!--
+View detailed information about the ResourceQuota:
+-->
+
+查看 ResourceQuota 详情：
+
+```shell
+kubectl get resourcequota pod-demo --namespace=quota-pod-example --output=yaml
+```
+
+<!--
+The output shows that the namespace has a quota of two Pods, and that currently there are
+no Pods; that is, none of the quota is used.
+-->
+
+输出结果显示该命名空间有两个 Pod 的配额，并且当前没有 Pod；也就是配额没有被使用。
+
+```yaml
+spec:
+  hard:
+    pods: "2"
+status:
+  hard:
+    pods: "2"
+  used:
+    pods: "0"
+```
+
+<!--
+Here is the configuration file for a Deployment:
+-->
+
+这里给出了一个 Deployment 的配置文件：
+
+{{< codenew file="admin/resource/quota-pod-deployment.yaml" >}}
+
+<!--
+In the configuration file, `replicas: 3` tells Kubernetes to attempt to create three Pods, all running the same application.
+
+Create the Deployment:
+-->
+
+配置文件中，`replicas: 3` 使 Kubernetes 尝试创建3个 Pod，都运行相同的应用。
+
+创建 Deployment：
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/resource/quota-pod-deployment.yaml --namespace=quota-pod-example
+```
+
+<!--
+View detailed information about the Deployment:
+-->
+
+查看 Deployment 详情：
+
+```shell
+kubectl get deployment pod-quota-demo --namespace=quota-pod-example --output=yaml
+```
+
+<!--
+The output shows that even though the Deployment specifies three replicas, only two
+Pods were created because of the quota.
+-->
+
+输出结果显示尽管 Deployment 声明了三个副本，但由于配额的限制只创建了两个 Pod。
+
+```yaml
+spec:
+  ...
+  replicas: 3
+...
+status:
+  availableReplicas: 2
+...
+lastUpdateTime: 2017-07-07T20:57:05Z
+    message: 'unable to create pods: pods "pod-quota-demo-1650323038-" is forbidden:
+      exceeded quota: pod-demo, requested: pods=1, used: pods=2, limited: pods=2'
+```
+
+<!--
+## Clean up
+
+Delete your namespace:
+-->
+
+## 清理环境
+
+删除你的命名空间：
+
+```shell
+kubectl delete namespace quota-pod-example
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+### For cluster administrators
+
+* [Configure Default Memory Requests and Limits for a Namespace](/docs/tasks/administer-cluster/memory-default-namespace/)
+
+* [Configure Default CPU Requests and Limits for a Namespace](/docs/tasks/administer-cluster/cpu-default-namespace/)
+
+* [Configure Minimum and Maximum Memory Constraints for a Namespace](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+
+* [Configure Minimum and Maximum CPU Constraints for a Namespace](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+
+* [Configure Memory and CPU Quotas for a Namespace](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+
+* [Configure Quotas for API Objects](/docs/tasks/administer-cluster/quota-api-object/)
+-->
+
+### 集群管理员参考
+
+* [为命名空间配置默认内存请求和限制](/docs/tasks/administer-cluster/memory-default-namespace/)
+
+* [为命名空间配置内存限制的最小值和最大值](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+
+* [为命名空间配置 CPU 限制的最小值和最大值](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+
+* [为命名空间配置内存和 CPU 配额](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+
+* [为命名空间配置 Pod 配额](/docs/tasks/administer-cluster/quota-pod-namespace/)
+
+* [为 API 对象配置配额](/docs/tasks/administer-cluster/quota-api-object/)
+
+<!--
+### For app developers
+
+* [Assign Memory Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-memory-resource/)
+
+* [Assign CPU Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+
+* [Configure Quality of Service for Pods](/docs/tasks/configure-pod-container/quality-service-pod/)
+-->
+
+### 应用开发者参考
+
+* [为容器和 Pod 分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
+
+* [为容器和 Pod 分配 CPU 资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+
+* [为 Pod 配置 Service 数量](/docs/tasks/configure-pod-container/quality-service-pod/)
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-cluster/namespaces-walkthrough.md b/content/zh/docs/tasks/administer-cluster/namespaces-walkthrough.md
new file mode 100644
index 0000000000000..74ea7a9c93b5d
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/namespaces-walkthrough.md
@@ -0,0 +1,386 @@
+---
+reviewers:
+- derekwaynecarr
+- janetkuo
+title: 命名空间演练
+content_template: templates/task
+---
+<!-- ---
+reviewers:
+- derekwaynecarr
+- janetkuo
+title: Namespaces Walkthrough
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+<!-- Kubernetes {{< glossary_tooltip text="namespaces" term_id="namespace" >}}
+help different projects, teams, or customers to share a Kubernetes cluster. -->
+
+Kubernetes {{< glossary_tooltip text="命名空间" term_id="namespace" >}}
+有助于不同的项目、团队或客户去共享 Kubernetes 集群。
+
+<!-- It does this by providing the following:
+
+1. A scope for [Names](/docs/concepts/overview/working-with-objects/names/).
+2. A mechanism to attach authorization and policy to a subsection of the cluster. -->
+
+名字空间通过以下方式实现这点：
+
+1. 为[名字](/docs/concepts/overview/working-with-objects/names/)设置作用域.
+2. 为集群中的部分资源关联鉴权和策略的机制。
+
+<!-- Use of multiple namespaces is optional. -->
+
+使用多个命名空间是可选的。
+
+<!-- This example demonstrates how to use Kubernetes namespaces to subdivide your cluster. -->
+
+此示例演示了如何使用 Kubernetes 命名空间细分群集。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Prerequisites -->
+
+## 环境准备
+
+<!-- This example assumes the following:
+
+1. You have an [existing Kubernetes cluster](/docs/setup/).
+2. You have a basic understanding of Kubernetes _[Pods](/docs/concepts/workloads/pods/pod/)_, _[Services](/docs/concepts/services-networking/service/)_, and _[Deployments](/docs/concepts/workloads/controllers/deployment/)_. -->
+
+此示例作如下假设：
+
+1. 您已拥有一个 [配置好的 Kubernetes 集群](/docs/setup/)。
+2. 您已对 Kubernetes 的 _[Pods](/docs/concepts/workloads/pods/pod/)_, _[Services](/docs/concepts/services-networking/service/)_ 和 _[Deployments](/docs/concepts/workloads/controllers/deployment/)_ 有基本理解。
+
+<!-- ## Understand the default namespace
+
+By default, a Kubernetes cluster will instantiate a default namespace when provisioning the cluster to hold the default set of Pods,
+Services, and Deployments used by the cluster. -->
+
+1. 理解默认命名空间
+
+默认情况下，Kubernetes 集群会在配置集群时实例化一个默认命名空间，用以存放集群所使用的默认 Pods、Services 和 Deployments 集合。
+
+<!-- Assuming you have a fresh cluster, you can inspect the available namespaces by doing the following: -->
+
+假设您有一个新的集群，您可以通过执行以下操作来检查可用的命名空间：
+
+```shell
+kubectl get namespaces
+```
+```
+NAME      STATUS    AGE
+default   Active    13m
+```
+
+<!-- ## Create new namespaces -->
+
+## 创建新的命名空间
+
+<!-- For this exercise, we will create two additional Kubernetes namespaces to hold our content. -->
+
+在本练习中，我们将创建两个额外的 Kubernetes 命名空间来保存我们的内容。
+
+<!-- Let's imagine a scenario where an organization is using a shared Kubernetes cluster for development and production use cases. -->
+
+我们假设一个场景，某组织正在使用共享的 Kubernetes 集群来支持开发和生产：
+
+<!-- The development team would like to maintain a space in the cluster where they can get a view on the list of Pods, Services, and Deployments
+they use to build and run their application.  In this space, Kubernetes resources come and go, and the restrictions on who can or cannot modify resources
+are relaxed to enable agile development. -->
+
+开发团队希望在集群中维护一个空间，以便他们可以查看用于构建和运行其应用程序的 Pods、Services 和 Deployments 列表。在这个空间里，Kubernetes 资源被自由地加入或移除，对谁能够或不能修改资源的限制被放宽，以实现敏捷开发。
+
+<!-- The operations team would like to maintain a space in the cluster where they can enforce strict procedures on who can or cannot manipulate the set of
+Pods, Services, and Deployments that run the production site. -->
+
+运维团队希望在集群中维护一个空间，以便他们可以强制实施一些严格的规程，对谁可以或谁不可以操作运行生产站点的 Pods、Services 和 Deployments 集合进行控制。
+
+<!-- One pattern this organization could follow is to partition the Kubernetes cluster into two namespaces: `development` and `production`. -->
+
+该组织可以遵循的一种模式是将 Kubernetes 集群划分为两个命名空间：development 和 production。
+
+<!-- Let's create two new namespaces to hold our work. -->
+
+让我们创建两个新的命名空间来保存我们的工作。
+
+<!-- Use the file [`namespace-dev.json`](/examples/admin/namespace-dev.json) which describes a `development` namespace: -->
+
+文件 [`namespace-dev.json`](/examples/admin/namespace-dev.json) 描述了 development 命名空间:
+
+{{< codenew language="json" file="admin/namespace-dev.json" >}}
+
+<!-- Create the `development` namespace using kubectl. -->
+
+使用 kubectl 创建 development 命名空间。
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/namespace-dev.json
+```
+
+<!-- Save the following contents into file [`namespace-prod.json`](/examples/admin/namespace-prod.json) which describes a `production` namespace: -->
+
+将下列的内容保存到文件 [`namespace-prod.json`](/examples/admin/namespace-prod.json) 中，这些内容是对 production 命名空间的描述：
+
+{{< codenew language="json" file="admin/namespace-prod.json" >}}
+
+<!-- And then let's create the `production` namespace using kubectl. -->
+
+让我们使用 kubectl 创建 production 命名空间。
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/namespace-prod.json
+```
+
+<!-- To be sure things are right, let's list all of the namespaces in our cluster. -->
+
+为了确保一切正常，我们列出集群中的所有命名空间。
+
+```shell
+kubectl get namespaces --show-labels
+```
+```
+NAME          STATUS    AGE       LABELS
+default       Active    32m       <none>
+development   Active    29s       name=development
+production    Active    23s       name=production
+```
+
+<!-- ## Create pods in each namespace -->
+
+## 在每个命名空间中创建 pod
+
+<!-- A Kubernetes namespace provides the scope for Pods, Services, and Deployments in the cluster.
+
+Users interacting with one namespace do not see the content in another namespace. -->
+
+Kubernetes 命名空间为集群中的 Pods、Services 和 Deployments 提供了作用域。
+
+与一个命名空间交互的用户不会看到另一个命名空间中的内容。
+
+<!-- To demonstrate this, let's spin up a simple Deployment and Pods in the `development` namespace. -->
+
+为了演示这一点，让我们在 development 命名空间中启动一个简单的 Deployment 和 Pod。
+
+<!-- We first check what is the current context: -->
+
+我们首先检查一下当前的上下文：
+
+```shell
+kubectl config view
+```
+```yaml
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: REDACTED
+    server: https://130.211.122.180
+  name: lithe-cocoa-92103_kubernetes
+contexts:
+- context:
+    cluster: lithe-cocoa-92103_kubernetes
+    user: lithe-cocoa-92103_kubernetes
+  name: lithe-cocoa-92103_kubernetes
+current-context: lithe-cocoa-92103_kubernetes
+kind: Config
+preferences: {}
+users:
+- name: lithe-cocoa-92103_kubernetes
+  user:
+    client-certificate-data: REDACTED
+    client-key-data: REDACTED
+    token: 65rZW78y8HbwXXtSXuUw9DbP4FLjHi4b
+- name: lithe-cocoa-92103_kubernetes-basic-auth
+  user:
+    password: h5M0FtUUIflBSdI7
+    username: admin
+```
+```shell
+kubectl config current-context
+```
+```
+lithe-cocoa-92103_kubernetes
+```
+
+<!-- The next step is to define a context for the kubectl client to work in each namespace. The value of "cluster" and "user" fields are copied from the current context. -->
+
+下一步是为 kubectl 客户端定义一个上下文，以便在每个命名空间中工作。"cluster" 和 "user" 字段的值将从当前上下文中复制。
+
+```shell
+kubectl config set-context dev --namespace=development \
+  --cluster=lithe-cocoa-92103_kubernetes \
+  --user=lithe-cocoa-92103_kubernetes
+
+kubectl config set-context prod --namespace=production \
+  --cluster=lithe-cocoa-92103_kubernetes \
+  --user=lithe-cocoa-92103_kubernetes
+```
+
+<!-- By default, the above commands adds two contexts that are saved into file
+`.kube/config`. You can now view the contexts and alternate against the two
+new request contexts depending on which namespace you wish to work against. -->
+
+默认地，上述命令会添加两个上下文到 `.kube/config` 文件中。
+您现在可以查看上下文并根据您希望使用的命名空间并在这两个新的请求上下文之间切换。
+
+<!-- To view the new contexts: -->
+
+查看新的上下文：
+
+```shell
+kubectl config view
+```
+```yaml
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: REDACTED
+    server: https://130.211.122.180
+  name: lithe-cocoa-92103_kubernetes
+contexts:
+- context:
+    cluster: lithe-cocoa-92103_kubernetes
+    user: lithe-cocoa-92103_kubernetes
+  name: lithe-cocoa-92103_kubernetes
+- context:
+    cluster: lithe-cocoa-92103_kubernetes
+    namespace: development
+    user: lithe-cocoa-92103_kubernetes
+  name: dev
+- context:
+    cluster: lithe-cocoa-92103_kubernetes
+    namespace: production
+    user: lithe-cocoa-92103_kubernetes
+  name: prod
+current-context: lithe-cocoa-92103_kubernetes
+kind: Config
+preferences: {}
+users:
+- name: lithe-cocoa-92103_kubernetes
+  user:
+    client-certificate-data: REDACTED
+    client-key-data: REDACTED
+    token: 65rZW78y8HbwXXtSXuUw9DbP4FLjHi4b
+- name: lithe-cocoa-92103_kubernetes-basic-auth
+  user:
+    password: h5M0FtUUIflBSdI7
+    username: admin
+```
+
+<!-- Let's switch to operate in the `development` namespace. -->
+
+让我们切换到 development 命名空间进行操作。
+
+```shell
+kubectl config use-context dev
+```
+
+<!-- You can verify your current context by doing the following: -->
+
+您可以使用下列命令验证当前上下文：
+
+```shell
+kubectl config current-context
+```
+```
+dev
+```
+
+<!-- At this point, all requests we make to the Kubernetes cluster from the command line are scoped to the `development` namespace. -->
+
+此时，我们从命令行向 Kubernetes 集群发出的所有请求都限定在 development 命名空间中。
+
+<!-- Let's create some contents. -->
+
+让我们创建一些内容。
+
+```shell
+kubectl run snowflake --image=kubernetes/serve_hostname --replicas=2
+```
+<!-- We have just created a deployment whose replica size is 2 that is running the pod called `snowflake` with a basic container that just serves the hostname.
+Note that `kubectl run` creates deployments only on Kubernetes cluster >= v1.2. If you are running older versions, it creates replication controllers instead.
+If you want to obtain the old behavior, use `--generator=run/v1` to create replication controllers. See [`kubectl run`](/docs/reference/generated/kubectl/kubectl-commands/#run) for more details. -->
+
+我们刚刚创建了一个副本大小为 2 的 deployment，该 deployment 运行名为 snowflake 的 pod，其中包含一个仅提供主机名服务的基本容器。请注意，`kubectl run` 仅在 Kubernetes 集群版本 >= v1.2 时创建 deployment。如果您运行在旧版本上，则会创建 replication controller。如果期望执行旧版本的行为，请使用 `--generator=run/v1` 创建 replication controller。 参见 [`kubectl run`](/docs/reference/generated/kubectl/kubectl-commands/#run) 获取更多细节。
+
+```shell
+kubectl get deployment
+```
+```
+NAME        DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+snowflake   2         2         2            2           2m
+```
+
+```shell
+kubectl get pods -l run=snowflake
+```
+```
+NAME                         READY     STATUS    RESTARTS   AGE
+snowflake-3968820950-9dgr8   1/1       Running   0          2m
+snowflake-3968820950-vgc4n   1/1       Running   0          2m
+```
+
+<!-- And this is great, developers are able to do what they want, and they do not have to worry about affecting content in the `production` namespace. -->
+
+这很棒，开发人员可以做他们想要的事情，而不必担心影响 production 命名空间中的内容。
+
+<!-- Let's switch to the `production` namespace and show how resources in one namespace are hidden from the other. -->
+
+让我们切换到 production 命名空间，展示一个命名空间中的资源如何对另一个命名空间不可见。
+
+```shell
+kubectl config use-context prod
+```
+
+<!-- The `production` namespace should be empty, and the following commands should return nothing. -->
+
+`production` 命名空间应该是空的，下列命令应该返回的内容为空。
+
+```shell
+kubectl get deployment
+kubectl get pods
+```
+
+<!-- Production likes to run cattle, so let's create some cattle pods. -->
+
+生产环境需要运行 cattle，让我们创建一些名为 cattle 的 pods。
+
+```shell
+kubectl run cattle --image=kubernetes/serve_hostname --replicas=5
+
+kubectl get deployment
+```
+```
+NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+cattle    5         5         5            5           10s
+
+kubectl get pods -l run=cattle
+NAME                      READY     STATUS    RESTARTS   AGE
+cattle-2263376956-41xy6   1/1       Running   0          34s
+cattle-2263376956-kw466   1/1       Running   0          34s
+cattle-2263376956-n4v97   1/1       Running   0          34s
+cattle-2263376956-p5p3i   1/1       Running   0          34s
+cattle-2263376956-sxpth   1/1       Running   0          34s
+```
+
+<!-- At this point, it should be clear that the resources users create in one namespace are hidden from the other namespace. -->
+
+此时，应该很清楚的展示了用户在一个命名空间中创建的资源对另一个命名空间是不可见的。
+
+<!-- As the policy support in Kubernetes evolves, we will extend this scenario to show how you can provide different
+authorization rules for each namespace. -->
+
+随着 Kubernetes 中的策略支持的发展，我们将扩展此场景，以展示如何为每个命名空间提供不同的授权规则。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/namespaces.md b/content/zh/docs/tasks/administer-cluster/namespaces.md
new file mode 100644
index 0000000000000..6866bbbc713cc
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/namespaces.md
@@ -0,0 +1,558 @@
+---
+reviewers:
+- derekwaynecarr
+- janetkuo
+title: 通过命名空间共享集群
+content_template: templates/task
+---
+<!-- ---
+reviewers:
+- derekwaynecarr
+- janetkuo
+title: Share a Cluster with Namespaces
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+<!-- This page shows how to view, work in, and delete {{< glossary_tooltip text="namespaces" term_id="namespace" >}}. The page also shows how to use Kubernetes namespaces to subdivide your cluster. -->
+
+本页展示了如何查看、使用和删除{{< glossary_tooltip text="namespaces" term_id="namespace" >}}。本页同时展示了如何使用 Kubernetes 命名空间去细分集群。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!-- * Have an [existing Kubernetes cluster](/docs/setup/).
+* Have a basic understanding of Kubernetes _[Pods](/docs/concepts/workloads/pods/pod/)_, _[Services](/docs/concepts/services-networking/service/)_, and _[Deployments](/docs/concepts/workloads/controllers/deployment/)_. -->
+
+* 您已拥有一个 [配置好的 Kubernetes 集群](/docs/setup/).
+* 您已对 Kubernetes 的 _[Pods](/docs/concepts/workloads/pods/pod/)_, _[Services](/docs/concepts/services-networking/service/)_, 和 _[Deployments](/docs/concepts/workloads/controllers/deployment/)_ 有基本理解。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Viewing namespaces -->
+
+## 查看命名空间
+
+<!-- 1. List the current namespaces in a cluster using: -->
+
+1. 列出集群中现有的命名空间：
+
+```shell
+kubectl get namespaces
+```
+```
+NAME          STATUS    AGE
+default       Active    11d
+kube-system   Active    11d
+kube-public   Active    11d
+```
+
+<!-- Kubernetes starts with three initial namespaces: -->
+
+初始状态下，Kubernetes 具有三个名字空间：
+
+<!--    * `default` The default namespace for objects with no other namespace
+   * `kube-system` The namespace for objects created by the Kubernetes system
+   * `kube-public` This namespace is created automatically and is readable by all users (including those not authenticated). This namespace is mostly reserved for cluster usage, in case that some resources should be visible and readable publicly throughout the whole cluster. The public aspect of this namespace is only a convention, not a requirement. -->
+
+   * `default` 无命名空间对象的默认命名空间
+   * `kube-system` 由 Kubernetes 系统创建的对象的命名空间
+   * `kube-public` 自动创建且被所有用户可读的命名空间（包括未经身份认证的）。此命名空间通常在某些资源在整个集群中可见且可公开读取时被集群使用。此命名空间的公共方面只是一个约定，而不是一个必要条件。
+
+<!-- You can also get the summary of a specific namespace using: -->
+
+您还可以通过下列命令获取特定命名空间的摘要：
+
+```shell
+kubectl get namespaces <name>
+```
+
+<!-- Or you can get detailed information with: -->
+
+或获取详细信息：
+
+```shell
+kubectl describe namespaces <name>
+```
+```
+Name:           default
+Labels:         <none>
+Annotations:    <none>
+Status:         Active
+
+No resource quota.
+
+Resource Limits
+ Type       Resource    Min Max Default
+ ----               --------    --- --- ---
+ Container          cpu         -   -   100m
+```
+
+<!-- Note that these details show both resource quota (if present) as well as resource limit ranges. -->
+
+请注意，这些详情同时显示了资源配额（如果存在）以及资源限制区间。
+
+<!-- Resource quota tracks aggregate usage of resources in the *Namespace* and allows cluster operators
+to define *Hard* resource usage limits that a *Namespace* may consume. -->
+
+资源配额跟踪并聚合 *Namespace* 中资源的使用情况，并允许集群运营者定义 *Namespace* 可能消耗的 *Hard* 资源使用限制。
+
+<!-- A limit range defines min/max constraints on the amount of resources a single entity can consume in
+a *Namespace*.
+
+See [Admission control: Limit Range](https://git.k8s.io/community/contributors/design-proposals/resource-management/admission_control_limit_range.md) -->
+
+限制区间定义了单个实体在一个 *Namespace* 中可使用的最小/最大资源量约束。
+
+参阅 [准入控制: 限制区间](https://git.k8s.io/community/contributors/design-proposals/resource-management/admission_control_limit_range.md)
+
+<!-- A namespace can be in one of two phases:
+
+   * `Active` the namespace is in use
+   * `Terminating` the namespace is being deleted, and can not be used for new objects
+
+See the [design doc](https://git.k8s.io/community/contributors/design-proposals/architecture/namespaces.md#phases) for more details. -->
+
+命名空间可以处于下列两个阶段中的一个:
+
+   * `Active` 命名空间使用中
+   * `Terminating` 命名空间正在被删除，且不能被用于新对象。
+
+参见 [设计文档](https://git.k8s.io/community/contributors/design-proposals/architecture/namespaces.md#phases) 查看更多细节。
+
+<!-- ## Creating a new namespace -->
+
+## 创建命名空间
+
+<!-- 1. Create a new YAML file called `my-namespace.yaml` with the contents: -->
+
+1. 新建一个名为 `my-namespace.yaml` 的 YAML 文件，并写入下列内容：
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: <insert-namespace-name-here>
+```
+
+<!-- Then run: -->
+
+然后运行：
+
+```shell
+kubectl create -f ./my-namespace.yaml
+```
+
+<!-- Note that the name of your namespace must be a DNS compatible label. -->
+
+请注意，命名空间的名称必须是 DNS 兼容的标签。
+
+<!-- There's an optional field `finalizers`, which allows observables to purge resources whenever the namespace is deleted. Keep in mind that if you specify a nonexistent finalizer, the namespace will be created but will get stuck in the `Terminating` state if the user tries to delete it.
+
+More information on `finalizers` can be found in the namespace [design doc](https://git.k8s.io/community/contributors/design-proposals/architecture/namespaces.md#finalizers). -->
+
+可选字段 `finalizers` 允许观察者们在命名空间被删除时清除资源。记住如果指定了一个不存在的终结器，命名空间仍会被创建，但如果用户试图删除它，它将陷入 `Terminating` 状态。
+
+更多有关 `finalizers` 的信息请查阅 [设计文档](https://git.k8s.io/community/contributors/design-proposals/architecture/namespaces.md#finalizers) 中命名空间部分。
+
+<!-- ## Deleting a namespace -->
+
+## 删除命名空间
+
+<!-- 1. Delete a namespace with -->
+
+1. 删除命名空间使用命令
+
+```shell
+kubectl delete namespaces <insert-some-namespace-name>
+```
+
+{{< warning >}}
+<!-- This deletes _everything_ under the namespace! -->
+
+这会删除命名空间下的 _所有内容_ ！
+
+{{< /warning >}}
+
+<!-- This delete is asynchronous, so for a time you will see the namespace in the `Terminating` state. -->
+
+删除是异步的,所以有一段时间你会看到命名空间处于 `Terminating` 状态。
+
+<!-- ## Subdividing your cluster using Kubernetes namespaces -->
+
+## 使用 Kubernetes 命名空间细分您的集群
+
+<!-- 1. Understand the default namespace
+
+By default, a Kubernetes cluster will instantiate a default namespace when provisioning the cluster to hold the default set of Pods,
+Services, and Deployments used by the cluster. -->
+
+1. 理解默认命名空间
+
+默认情况下，Kubernetes 集群会在配置集群时实例化一个默认命名空间，用以存放集群所使用的默认 Pods、Services 和 Deployments 集合。
+
+<!-- Assuming you have a fresh cluster, you can introspect the available namespace's by doing the following: -->
+
+假设您有一个新的集群，您可以通过执行以下操作来内省可用的命名空间
+
+```shell
+kubectl get namespaces
+```
+```
+NAME      STATUS    AGE
+default   Active    13m
+```
+
+<!-- 2. Create new namespaces -->
+
+2. 创建新的命名空间
+
+<!-- For this exercise, we will create two additional Kubernetes namespaces to hold our content. -->
+
+在本练习中，我们将创建两个额外的 Kubernetes 命名空间来保存我们的内容。
+
+<!-- In a scenario where an organization is using a shared Kubernetes cluster for development and production use cases: -->
+
+在某组织使用共享的 Kubernetes 集群进行开发和生产的场景中：
+
+<!-- The development team would like to maintain a space in the cluster where they can get a view on the list of Pods, Services, and Deployments
+they use to build and run their application.  In this space, Kubernetes resources come and go, and the restrictions on who can or cannot modify resources
+are relaxed to enable agile development. -->
+
+开发团队希望在集群中维护一个空间，以便他们可以查看用于构建和运行其应用程序的 Pods、Services 和 Deployments 列表。在这个空间里，Kubernetes 资源被自由地加入或移除，对谁能够或不能修改资源的限制被放宽，以实现敏捷开发。
+
+<!-- The operations team would like to maintain a space in the cluster where they can enforce strict procedures on who can or cannot manipulate the set of
+Pods, Services, and Deployments that run the production site. -->
+
+运维团队希望在集群中维护一个空间，以便他们可以强制实施一些严格的规程，对谁可以或不可以操作运行生产站点的 Pods、Services 和 Deployments 集合进行控制。
+
+<!-- One pattern this organization could follow is to partition the Kubernetes cluster into two namespaces: `development` and `production`. -->
+
+该组织可以遵循的一种模式是将 Kubernetes 集群划分为两个命名空间：development 和 production。
+
+<!-- Let's create two new namespaces to hold our work. -->
+
+让我们创建两个新的命名空间来保存我们的工作。
+
+<!-- Use the file [`namespace-dev.json`](/examples/admin/namespace-dev.json) which describes a `development` namespace: -->
+
+文件 [`namespace-dev.json`](/examples/admin/namespace-dev.json) 描述了 development 命名空间:
+
+{{< codenew language="json" file="admin/namespace-dev.json" >}}
+
+<!-- Create the `development` namespace using kubectl. -->
+
+使用 kubectl 创建 `development` 命名空间。
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/namespace-dev.json
+```
+
+<!-- And then let's create the `production` namespace using kubectl. -->
+
+让我们使用 kubectl 创建 `production` 命名空间。
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/namespace-prod.json
+```
+
+<!-- To be sure things are right, list all of the namespaces in our cluster. -->
+
+为了确保一切正常，列出集群中的所有命名空间。
+
+```shell
+kubectl get namespaces --show-labels
+```
+```
+NAME          STATUS    AGE       LABELS
+default       Active    32m       <none>
+development   Active    29s       name=development
+production    Active    23s       name=production
+```
+
+<!-- 3. Create pods in each namespace -->
+
+3. 在每个命名空间中创建 pod
+
+<!-- A Kubernetes namespace provides the scope for Pods, Services, and Deployments in the cluster.
+
+Users interacting with one namespace do not see the content in another namespace. -->
+
+Kubernetes 命名空间为集群中的 Pods、Services 和 Deployments 提供了作用域。
+
+与一个命名空间交互的用户不会看到另一个命名空间中的内容。
+
+<!-- To demonstrate this, let's spin up a simple Deployment and Pods in the `development` namespace. -->
+
+为了演示这一点，让我们在 `development` 命名空间中启动一个简单的 Deployment 和 Pod。
+
+<!-- We first check what is the current context: -->
+
+我们首先检查一下当前的上下文：
+
+```shell
+kubectl config view
+```
+```yaml
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: REDACTED
+    server: https://130.211.122.180
+  name: lithe-cocoa-92103_kubernetes
+contexts:
+- context:
+    cluster: lithe-cocoa-92103_kubernetes
+    user: lithe-cocoa-92103_kubernetes
+  name: lithe-cocoa-92103_kubernetes
+current-context: lithe-cocoa-92103_kubernetes
+kind: Config
+preferences: {}
+users:
+- name: lithe-cocoa-92103_kubernetes
+  user:
+    client-certificate-data: REDACTED
+    client-key-data: REDACTED
+    token: 65rZW78y8HbwXXtSXuUw9DbP4FLjHi4b
+- name: lithe-cocoa-92103_kubernetes-basic-auth
+  user:
+    password: h5M0FtUUIflBSdI7
+    username: admin
+```
+
+```shell
+kubectl config current-context
+```
+```
+lithe-cocoa-92103_kubernetes
+```
+
+<!-- The next step is to define a context for the kubectl client to work in each namespace. The values of "cluster" and "user" fields are copied from the current context. -->
+
+下一步是为 kubectl 客户端定义一个上下文，以便在每个命名空间中工作。"cluster" 和 "user" 字段的值将从当前上下文中复制。
+
+```shell
+kubectl config set-context dev --namespace=development --cluster=lithe-cocoa-92103_kubernetes --user=lithe-cocoa-92103_kubernetes
+kubectl config set-context prod --namespace=production --cluster=lithe-cocoa-92103_kubernetes --user=lithe-cocoa-92103_kubernetes
+```
+
+<!-- The above commands provided two request contexts you can alternate against depending on what namespace you
+wish to work against. -->
+
+上述命令提供了两个可以替代的请求上下文，具体取决于您希望使用的命名空间。
+
+<!-- Let's switch to operate in the `development` namespace. -->
+
+让我们切换到 `development` 命名空间进行操作。
+
+```shell
+kubectl config use-context dev
+```
+
+<!-- You can verify your current context by doing the following: -->
+
+您可以使用下列命令验证当前上下文：
+
+```shell
+kubectl config current-context
+dev
+```
+
+<!-- At this point, all requests we make to the Kubernetes cluster from the command line are scoped to the `development` namespace. -->
+
+此时，我们从命令行向 Kubernetes 集群发出的所有请求都限定在 `development` 命名空间中。
+
+<!-- Let's create some contents. -->
+
+让我们创建一些内容。
+
+```shell
+kubectl run snowflake --image=kubernetes/serve_hostname --replicas=2
+```
+<!-- We have just created a deployment whose replica size is 2 that is running the pod called `snowflake` with a basic container that just serves the hostname.
+Note that `kubectl run` creates deployments only on Kubernetes cluster >= v1.2. If you are running older versions, it creates replication controllers instead.
+If you want to obtain the old behavior, use `--generator=run/v1` to create replication controllers. See [`kubectl run`](/docs/reference/generated/kubectl/kubectl-commands/#run) for more details. -->
+
+我们刚刚创建了一个副本大小为 2 的 deployment，该 deployment 运行名为 snowflake 的 pod，其中包含一个仅提供主机名服务的基本容器。请注意，`kubectl run` 仅在 Kubernetes 集群版本 >= v1.2 时创建 deployment。如果您运行在旧版本上，则会创建 replication controllers。如果期望执行旧版本的行为，请使用 `--generator=run/v1` 创建 replication controllers。 参见 [`kubectl run`](/docs/reference/generated/kubectl/kubectl-commands/#run) 获取更多细节。
+
+```shell
+kubectl get deployment
+```
+```
+NAME        DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+snowflake   2         2         2            2           2m
+```
+```shell
+kubectl get pods -l run=snowflake
+```
+```
+NAME                         READY     STATUS    RESTARTS   AGE
+snowflake-3968820950-9dgr8   1/1       Running   0          2m
+snowflake-3968820950-vgc4n   1/1       Running   0          2m
+```
+
+<!-- And this is great, developers are able to do what they want, and they do not have to worry about affecting content in the `production` namespace. -->
+
+这很棒，开发人员可以做他们想要的事情，而不必担心影响 `production` 命名空间中的内容。
+
+<!-- Let's switch to the `production` namespace and show how resources in one namespace are hidden from the other. -->
+
+让我们切换到 `production` 命名空间，展示一个命名空间中的资源如何对另一个命名空间不可见。
+
+```shell
+kubectl config use-context prod
+```
+
+<!-- The `production` namespace should be empty, and the following commands should return nothing. -->
+
+`production` 命名空间应该是空的，下列命令应该返回的内容为空。
+
+```shell
+kubectl get deployment
+kubectl get pods
+```
+
+<!-- Production likes to run cattle, so let's create some cattle pods. -->
+
+生产环境需要运行 cattle，让我们创建一些名为 cattle 的 pods。
+
+```shell
+kubectl run cattle --image=kubernetes/serve_hostname --replicas=5
+
+kubectl get deployment
+```
+```
+NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+cattle    5         5         5            5           10s
+```
+
+```shell
+kubectl get pods -l run=cattle
+```
+```
+NAME                      READY     STATUS    RESTARTS   AGE
+cattle-2263376956-41xy6   1/1       Running   0          34s
+cattle-2263376956-kw466   1/1       Running   0          34s
+cattle-2263376956-n4v97   1/1       Running   0          34s
+cattle-2263376956-p5p3i   1/1       Running   0          34s
+cattle-2263376956-sxpth   1/1       Running   0          34s
+```
+
+<!-- At this point, it should be clear that the resources users create in one namespace are hidden from the other namespace. -->
+
+此时，应该很清楚的展示了用户在一个命名空间中创建的资源对另一个命名空间是隐藏的。
+
+<!-- As the policy support in Kubernetes evolves, we will extend this scenario to show how you can provide different
+authorization rules for each namespace. -->
+
+随着 Kubernetes 中的策略支持的发展，我们将扩展此场景，以展示如何为每个命名空间提供不同的授权规则。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!-- ## Understanding the motivation for using namespaces -->
+
+## 理解使用命名空间的动机
+
+<!-- A single cluster should be able to satisfy the needs of multiple users or groups of users (henceforth a 'user community'). -->
+
+单个集群应该能满足多个用户及用户组的需求（以下称为 “用户社区”）。
+
+<!-- Kubernetes _namespaces_ help different projects, teams, or customers to share a Kubernetes cluster. -->
+
+Kubernetes _命名空间_ 帮助不同的项目、团队或客户去共享 Kubernetes 集群。
+
+<!-- It does this by providing the following:
+
+1. A scope for [Names](/docs/concepts/overview/working-with-objects/names/).
+2. A mechanism to attach authorization and policy to a subsection of the cluster. -->
+
+名字空间通过以下方式实现这点：
+
+1. 为[名字](/docs/concepts/overview/working-with-objects/names/)设置作用域.
+2. 为集群中的部分资源关联鉴权和策略的机制。
+
+<!-- Use of multiple namespaces is optional. -->
+
+使用多个命名空间是可选的。
+
+<!-- Each user community wants to be able to work in isolation from other communities. -->
+
+每个用户社区都希望能够与其他社区隔离开展工作。
+
+<!-- Each user community has its own:
+
+1. resources (pods, services, replication controllers, etc.)
+2. policies (who can or cannot perform actions in their community)
+3. constraints (this community is allowed this much quota, etc.) -->
+
+每个用户社区都有:
+
+1. 资源（pods, services, replication controllers, 等等）
+2. 策略（谁能或不能在他们的社区里执行操作）
+3. 约束（该社区允许多少配额，等等）
+
+<!-- A cluster operator may create a Namespace for each unique user community. -->
+
+集群运营者可以为每个唯一用户社区创建命名空间。
+
+<!-- The Namespace provides a unique scope for:
+
+1. named resources (to avoid basic naming collisions)
+2. delegated management authority to trusted users
+3. ability to limit community resource consumption -->
+
+命名空间为下列内容提供唯一的作用域：
+
+1. 命名资源（避免基本的命名冲突）
+2. 将管理权限委派给可信用户
+3. 限制社区资源消耗的能力
+
+<!-- Use cases include:
+
+1.  As a cluster operator, I want to support multiple user communities on a single cluster.
+2.  As a cluster operator, I want to delegate authority to partitions of the cluster to trusted users
+    in those communities.
+3.  As a cluster operator, I want to limit the amount of resources each community can consume in order
+    to limit the impact to other communities using the cluster.
+4.  As a cluster user, I want to interact with resources that are pertinent to my user community in
+    isolation of what other user communities are doing on the cluster. -->
+
+用例包括:
+
+1.  作为集群运营者, 我希望能在单个集群上支持多个用户社区。
+2.  作为集群运营者，我希望将集群分区的权限委派给这些社区中的受信任用户。
+3.  作为集群运营者，我希望能限定每个用户社区可使用的资源量，以限制对使用同一集群的其他用户社区的影响。
+4.  作为群集用户，我希望与我的用户社区相关的资源进行交互，而与其他用户社区在该集群上执行的操作无关。
+
+<!-- ## Understanding namespaces and DNS -->
+
+## 理解命名空间和 DNS
+
+<!-- When you create a [Service](/docs/concepts/services-networking/service/), it creates a corresponding [DNS entry](/docs/concepts/services-networking/dns-pod-service/).
+This entry is of the form `<service-name>.<namespace-name>.svc.cluster.local`, which means
+that if a container just uses `<service-name>` it will resolve to the service which
+is local to a namespace.  This is useful for using the same configuration across
+multiple namespaces such as Development, Staging and Production.  If you want to reach
+across namespaces, you need to use the fully qualified domain name (FQDN). -->
+
+当您创建 [Service](/docs/concepts/services-networking/service/) 时，它会创建相应的 [DNS 条目](/docs/concepts/services-networking/dns-pod-service/)。此条目的格式为 `<service-name>。<namespace-name> .svc.cluster.local`，这意味着如果容器只使用 `<service-name>`，它将解析为本地服务到命名空间。 这对于在多个命名空间（如开发，暂存和生产）中使用相同的配置非常有用。 如果要跨命名空间访问，则需要使用完全限定的域名（FQDN）。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!-- * Learn more about [setting the namespace preference](/docs/concepts/overview/working-with-objects/namespaces/#setting-the-namespace-preference).
+* Learn more about [setting the namespace for a request](/docs/concepts/overview/working-with-objects/namespaces/#setting-the-namespace-for-a-request)
+* See [namespaces design](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/architecture/namespaces.md). -->
+
+
+* 了解更多 [设置命名空间首选项](/docs/concepts/overview/working-with-objects/namespaces/#setting-the-namespace-preference) 的内容。
+* 了解更多 [设置请求的命名空间](/docs/concepts/overview/working-with-objects/namespaces/#setting-the-namespace-for-a-request) 的内容。
+* 参见 [命名空间设计](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/architecture/namespaces.md)。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md b/content/zh/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md
index 78d0d8e675381..8b5d304fc7b6f 100644
--- a/content/zh/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md
+++ b/content/zh/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy.md
@@ -65,17 +65,19 @@ weight: 10
     ```
 
     Calico 的 pods 名以 `calico` 打头，检查确认每个 pods 状态为 `Running`。
+    
 <!-- 
+
 ## Creating a local Calico cluster with kubeadm
 
 To get a local single-host Calico cluster in fifteen minutes using kubeadm, refer to the 
 [Calico Quickstart](https://docs.projectcalico.org/latest/getting-started/kubernetes/).
- -->
+
+-->
 
 ## 使用 kubeadm 创建一个本地 Calico 集群
 
-在15分钟内使用 kubeadm 得到一个本地单主机 Calico 集群，请参考 
-[Calico 快速入门](https://docs.projectcalico.org/latest/getting-started/kubernetes/)。
+在15分钟内使用 kubeadm 得到一个本地单主机 Calico 集群，请参考 [Calico 快速入门](https://docs.projectcalico.org/latest/getting-started/kubernetes/)。
 
 {{% /capture %}}
 
diff --git a/content/zh/docs/tasks/administer-cluster/network-policy-provider/weave-network-policy.md b/content/zh/docs/tasks/administer-cluster/network-policy-provider/weave-network-policy.md
index 26eb7434baed3..3dccf47430769 100644
--- a/content/zh/docs/tasks/administer-cluster/network-policy-provider/weave-network-policy.md
+++ b/content/zh/docs/tasks/administer-cluster/network-policy-provider/weave-network-policy.md
@@ -34,13 +34,16 @@ The Weave Net addon for Kubernetes comes with a [Network Policy Controller](http
 按照[通过插件集成Kubernetes](https://www.weave.works/docs/net/latest/kube-addon/)指南。
 
 Kubernetes 的 Weave Net 插件带有[网络策略控制器](https://www.weave.works/docs/net/latest/kube-addon/#npc)，可自动监控 Kubernetes 所有名称空间中的任何 NetworkPolicy 注释。 配置`iptables`规则以允许或阻止策略指示的流量。
-<!-- 
+
+<!--
+
 ## Test the installation
 
 Verify that the weave works.
 
 Enter the following command:
- -->
+
+-->
 
 ## 测试安装
 
diff --git a/content/zh/docs/tasks/administer-cluster/out-of-resource.md b/content/zh/docs/tasks/administer-cluster/out-of-resource.md
new file mode 100644
index 0000000000000..87ff04089f1c8
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/out-of-resource.md
@@ -0,0 +1,667 @@
+---
+reviewers:
+- derekwaynecarr
+- vishh
+- timstclair
+title: 配置资源不足时的处理方式
+content_template: templates/concept
+---
+<!--
+---
+reviewers:
+- derekwaynecarr
+- vishh
+- timstclair
+title: Configure Out Of Resource Handling
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page explains how to configure out of resource handling with `kubelet`.
+
+The `kubelet` needs to preserve node stability when available compute resources
+are low. This is especially important when dealing with incompressible
+compute resources, such as memory or disk space. If such resources are exhausted,
+nodes become unstable.
+-->
+本页介绍了如何使用 `kubelet` 配置资源不足时的处理方式。
+
+当可用计算资源较少时，`kubelet` 需要保证节点稳定性。这在处理如内存和硬盘之类的不可压缩资源时尤为重要。如果任意一种资源耗尽，节点将会变得不稳定。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Eviction Policy
+
+The `kubelet` can proactively monitor for and prevent total starvation of a
+compute resource. In those cases, the `kubelet` can reclaim the starved
+resource by proactively failing one or more Pods. When the `kubelet` fails
+a Pod, it terminates all of its containers and transitions its `PodPhase` to `Failed`.
+-->
+## 驱逐策略
+
+`kubelet` 能够主动监测和防止计算资源的全面短缺。在那种情况下，`kubelet` 可以主动地结束一个或多个 pod 以回收短缺的资源。当 `kubelet` 结束一个 pod 时，它将终止 pod 中的所有容器，而 pod 的 `PodPhase` 将变为 `Failed`。
+
+<!--
+### Eviction Signals
+
+The `kubelet` supports eviction decisions based on the signals described in the following
+table. The value of each signal is described in the Description column, which is based on
+the `kubelet` summary API.
+
+| Eviction Signal  | Description                                                                     |
+|----------------------------|-----------------------------------------------------------------------|
+| `memory.available` | `memory.available` := `node.status.capacity[memory]` - `node.stats.memory.workingSet` |
+| `nodefs.available` | `nodefs.available` := `node.stats.fs.available` |
+| `nodefs.inodesFree` | `nodefs.inodesFree` := `node.stats.fs.inodesFree` |
+| `imagefs.available` | `imagefs.available` := `node.stats.runtime.imagefs.available` |
+| `imagefs.inodesFree` | `imagefs.inodesFree` := `node.stats.runtime.imagefs.inodesFree` |
+
+Each of the above signals supports either a literal or percentage based value.
+The percentage based value is calculated relative to the total capacity
+associated with each signal.
+
+The value for `memory.available` is derived from the cgroupfs instead of tools
+like `free -m`. This is important because `free -m` does not work in a
+container, and if users use the [node
+allocatable](/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable) feature, out of resource decisions
+are made local to the end user Pod part of the cgroup hierarchy as well as the
+root node. This
+[script](/docs/tasks/administer-cluster/out-of-resource/memory-available.sh)
+reproduces the same set of steps that the `kubelet` performs to calculate
+`memory.available`. The `kubelet` excludes inactive_file (i.e. # of bytes of
+file-backed memory on inactive LRU list) from its calculation as it assumes that
+memory is reclaimable under pressure.
+
+`kubelet` supports only two filesystem partitions.
+
+1. The `nodefs` filesystem that kubelet uses for volumes, daemon logs, etc.
+2. The `imagefs` filesystem that container runtimes uses for storing images and
+   container writable layers.
+
+`imagefs` is optional. `kubelet` auto-discovers these filesystems using
+cAdvisor. `kubelet` does not care about any other filesystems. Any other types
+of configurations are not currently supported by the kubelet. For example, it is
+*not OK* to store volumes and logs in a dedicated `filesystem`.
+
+In future releases, the `kubelet` will deprecate the existing [garbage
+collection](/docs/concepts/cluster-administration/kubelet-garbage-collection/)
+support in favor of eviction in response to disk pressure.
+-->
+### 驱逐信号
+
+`kubelet` 支持按照以下表格中描述的信号触发驱逐决定。每个信号的值在 description 列描述，基于 `kubelet` 摘要 API。
+
+| 驱逐信号  | 描述                                                                     |
+|----------------------------|-----------------------------------------------------------------------|
+| `memory.available` | `memory.available` := `node.status.capacity[memory]` - `node.stats.memory.workingSet` |
+| `nodefs.available` | `nodefs.available` := `node.stats.fs.available` |
+| `nodefs.inodesFree` | `nodefs.inodesFree` := `node.stats.fs.inodesFree` |
+| `imagefs.available` | `imagefs.available` := `node.stats.runtime.imagefs.available` |
+| `imagefs.inodesFree` | `imagefs.inodesFree` := `node.stats.runtime.imagefs.inodesFree` |
+
+上面的每个信号都支持字面值或百分比的值。基于百分比的值的计算与每个信号对应的总容量相关。
+
+`memory.available` 的值从 cgroupfs 获取，而不是通过类似 `free -m` 的工具。这很重要，因为 `free -m` 不能在容器中工作，并且如果用户使用了[可分配节点](/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable)特性，资源不足的判定将同时在本地 cgroup 层次结构的终端用户 pod 部分和根节点做出。这个[脚本](/docs/tasks/administer-cluster/out-of-resource/memory-available.sh)复现了与 `kubelet` 计算 `memory.available` 相同的步骤。`kubelet` 将 inactive_file（意即活动 LRU 列表上基于文件后端的内存字节数）从计算中排除，因为它假设内存在出现压力时将被回收。
+
+`kubelet` 只支持两种文件系统分区。
+
+1. `nodefs` 文件系统，kubelet 将其用于卷和守护程序日志等。
+2. `imagefs` 文件系统，容器运行时用于保存镜像和容器可写层。
+
+`imagefs` 可选。`kubelet` 使用 cAdvisor 自动发现这些文件系统。`kubelet` 不关心其它文件系统。当前不支持配置任何其它类型。例如，在专用`文件系统`中存储卷和日志是不可以的。
+
+在将来的发布中，`kubelet` 将废除当前存在的[垃圾回收](/docs/concepts/cluster-administration/kubelet-garbage-collection/)机制，这种机制目前支持将驱逐操作作为对磁盘压力的响应。
+
+<!--
+### Eviction Thresholds
+
+The `kubelet` supports the ability to specify eviction thresholds that trigger the `kubelet` to reclaim resources.
+
+Each threshold has the following form:
+
+`[eviction-signal][operator][quantity]`
+
+where:
+
+* `eviction-signal` is an eviction signal token as defined in the previous table.
+* `operator` is the desired relational operator, such as `<` (less than).
+* `quantity` is the eviction threshold quantity, such as `1Gi`. These tokens must
+match the quantity representation used by Kubernetes. An eviction threshold can also
+be expressed as a percentage using the `%` token.
+
+For example, if a node has `10Gi` of total memory and you want trigger eviction if
+the available memory falls below `1Gi`, you can define the eviction threshold as
+either `memory.available<10%` or `memory.available<1Gi`. You cannot use both.
+-->
+### 驱逐阈值
+
+`kubelet` 支持指定驱逐阈值，用于触发 `kubelet` 回收资源。
+
+每个阈值形式如下：
+
+`[eviction-signal][operator][quantity]`
+
+* 合法的 `eviction-signal` 标志如上所示。
+* `operator` 是所需的关系运算符，例如 `<`。
+* `quantity` 是驱逐阈值值标志，例如 `1Gi`。合法的标志必须匹配 Kubernetes 使用的数量表示。驱逐阈值也可以使用 `%` 标记表示百分比。
+
+举例说明，如果一个节点有 `10Gi` 内存，希望在可用内存下降到 `1Gi` 以下时引起驱逐操作，则驱逐阈值可以使用下面任意一种方式指定（但不是两者同时）。
+
+* `memory.available<10%`
+* `memory.available<1Gi`
+
+<!--
+#### Soft Eviction Thresholds
+
+A soft eviction threshold pairs an eviction threshold with a required
+administrator-specified grace period. No action is taken by the `kubelet`
+to reclaim resources associated with the eviction signal until that grace
+period has been exceeded. If no grace period is provided, the `kubelet`
+returns an error on startup.
+
+In addition, if a soft eviction threshold has been met, an operator can
+specify a maximum allowed Pod termination grace period to use when evicting
+pods from the node. If specified, the `kubelet` uses the lesser value among
+the `pod.Spec.TerminationGracePeriodSeconds` and the max allowed grace period.
+If not specified, the `kubelet` kills Pods immediately with no graceful
+termination.
+
+To configure soft eviction thresholds, the following flags are supported:
+
+* `eviction-soft` describes a set of eviction thresholds (e.g. `memory.available<1.5Gi`) that if met over a
+corresponding grace period would trigger a Pod eviction.
+* `eviction-soft-grace-period` describes a set of eviction grace periods (e.g. `memory.available=1m30s`) that
+correspond to how long a soft eviction threshold must hold before triggering a Pod eviction.
+* `eviction-max-pod-grace-period` describes the maximum allowed grace period (in seconds) to use when terminating
+pods in response to a soft eviction threshold being met.
+-->
+#### 软驱逐阈值
+
+软驱逐阈值使用一对由驱逐阈值和管理员必须指定的宽限期组成的配置对。在超过宽限期前，`kubelet` 不会采取任何动作回收和驱逐信号关联的资源。如果没有提供宽限期，`kubelet` 启动时将报错。
+
+此外，如果达到了软驱逐阈值，操作员可以指定从节点驱逐 pod 时，在宽限期内允许结束的 pod 的最大数量。如果指定了 `pod.Spec.TerminationGracePeriodSeconds` 值，`kubelet` 将使用它和宽限期二者中较小的一个。如果没有指定，`kubelet` 将立即终止 pod，而不会优雅结束它们。
+
+软驱逐阈值的配置支持下列标记：
+
+* `eviction-soft` 描述了驱逐阈值的集合（例如 `memory.available<1.5Gi`），如果在宽限期之外满足条件将触发 pod 驱逐。
+* `eviction-soft-grace-period` 描述了驱逐宽限期的集合（例如 `memory.available=1m30s`），对应于在驱逐 pod 前软驱逐阈值应该被控制的时长。
+* `eviction-max-pod-grace-period` 描述了当满足软驱逐阈值并终止 pod 时允许的最大宽限期值（秒数）。
+
+<!--
+#### Hard Eviction Thresholds
+
+A hard eviction threshold has no grace period, and if observed, the `kubelet`
+will take immediate action to reclaim the associated starved resource. If a
+hard eviction threshold is met, the `kubelet` kills the Pod immediately
+with no graceful termination.
+
+To configure hard eviction thresholds, the following flag is supported:
+
+* `eviction-hard` describes a set of eviction thresholds (e.g. `memory.available<1Gi`) that if met
+would trigger a Pod eviction.
+
+The `kubelet` has the following default hard eviction threshold:
+
+* `memory.available<100Mi`
+* `nodefs.available<10%`
+* `nodefs.inodesFree<5%`
+* `imagefs.available<15%`
+-->
+#### 硬驱逐阈值
+
+硬驱逐阈值没有宽限期，一旦察觉，`kubelet` 将立即采取行动回收关联的短缺资源。如果满足硬驱逐阈值，`kubelet` 将立即结束 pod 而不是优雅终止。
+
+硬驱逐阈值的配置支持下列标记：
+
+* `eviction-hard` 描述了驱逐阈值的集合（例如 `memory.available<1Gi`），如果满足条件将触发 pod 驱逐。
+
+`kubelet` 有如下所示的默认硬驱逐阈值：
+
+* `memory.available<100Mi`
+* `nodefs.available<10%`
+* `nodefs.inodesFree<5%`
+* `imagefs.available<15%`
+
+<!--
+### Eviction Monitoring Interval
+
+The `kubelet` evaluates eviction thresholds per its configured housekeeping interval.
+
+* `housekeeping-interval` is the interval between container housekeepings.
+-->
+### 驱逐监控时间间隔
+
+`kubelet` 根据其配置的整理时间间隔计算驱逐阈值。
+
+* `housekeeping-interval` 是容器管理时间间隔。
+
+<!--
+### Node Conditions
+
+The `kubelet` maps one or more eviction signals to a corresponding node condition.
+
+If a hard eviction threshold has been met, or a soft eviction threshold has been met
+independent of its associated grace period, the `kubelet` reports a condition that
+reflects the node is under pressure.
+
+The following node conditions are defined that correspond to the specified eviction signal.
+
+| Node Condition | Eviction Signal  | Description                                                      |
+|-------------------------|-------------------------------|--------------------------------------------|
+| `MemoryPressure` | `memory.available` | Available memory on the node has satisfied an eviction threshold |
+| `DiskPressure` | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, or `imagefs.inodesFree` | Available disk space and inodes on either the node's root filesystem or image filesystem has satisfied an eviction threshold |
+
+The `kubelet` continues to report node status updates at the frequency specified by
+`--node-status-update-frequency` which defaults to `10s`.
+-->
+### 节点状态
+
+`kubelet` 会将一个或多个驱逐信号映射到对应的节点状态。
+
+如果满足硬驱逐阈值，或者满足独立于其关联宽限期的软驱逐阈值时，`kubelet` 将报告节点处于压力下的状态。
+
+下列节点状态根据相应的驱逐信号定义。
+
+| 节点状态 | 驱逐信号  | 描述                                                      |
+|-------------------------|-------------------------------|--------------------------------------------|
+| `MemoryPressure` | `memory.available` | Available memory on the node has satisfied an eviction threshold |
+| `DiskPressure` | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, or `imagefs.inodesFree` | Available disk space and inodes on either the node's root filesystem or image filesystem has satisfied an eviction threshold |
+
+`kubelet` 将以 `--node-status-update-frequency` 指定的频率连续报告节点状态更新，其默认值为 `10s`。
+
+<!--
+### Oscillation of node conditions
+
+If a node is oscillating above and below a soft eviction threshold, but not exceeding
+its associated grace period, it would cause the corresponding node condition to
+constantly oscillate between true and false, and could cause poor scheduling decisions
+as a consequence.
+
+To protect against this oscillation, the following flag is defined to control how
+long the `kubelet` must wait before transitioning out of a pressure condition.
+
+* `eviction-pressure-transition-period` is the duration for which the `kubelet` has
+to wait before transitioning out of an eviction pressure condition.
+
+The `kubelet` would ensure that it has not observed an eviction threshold being met
+for the specified pressure condition for the period specified before toggling the
+condition back to `false`.
+-->
+### 节点状态振荡
+
+如果节点在软驱逐阈值的上下振荡，但没有超过关联的宽限期时，将引起对应节点的状态持续在 true 和 false 间跳变，并导致不好的调度结果。
+
+为了防止这种振荡，可以定义下面的标志，用于控制 `kubelet` 从压力状态中退出之前必须等待的时间。
+
+* `eviction-pressure-transition-period` 是 `kubelet` 从压力状态中退出之前必须等待的时长。
+
+`kubelet` 将确保在设定的时间段内没有发现和指定压力条件相对应的驱逐阈值被满足时，才会将状态变回 `false`。
+
+<!--
+### Reclaiming node level resources
+
+If an eviction threshold has been met and the grace period has passed,
+the `kubelet` initiates the process of reclaiming the pressured resource
+until it has observed the signal has gone below its defined threshold.
+
+The `kubelet` attempts to reclaim node level resources prior to evicting end-user Pods. If
+disk pressure is observed, the `kubelet` reclaims node level resources differently if the
+machine has a dedicated `imagefs` configured for the container runtime.
+-->
+### 回收节点层级资源
+
+如果满足驱逐阈值并超过了宽限期，`kubelet` 将启动回收压力资源的过程，直到它发现低于设定阈值的信号为止。
+
+`kubelet` 将尝试在驱逐终端用户 pod 前回收节点层级资源。发现磁盘压力时，如果节点针对容器运行时配置有独占的 `imagefs`，`kubelet` 回收节点层级资源的方式将会不同。
+
+<!--
+#### With `imagefs`
+
+If `nodefs` filesystem has met eviction thresholds, `kubelet` frees up disk space by deleting the dead Pods and their containers.
+
+If `imagefs` filesystem has met eviction thresholds, `kubelet` frees up disk space by deleting all unused images.
+
+#### Without `imagefs`
+
+If `nodefs` filesystem has met eviction thresholds, `kubelet` frees up disk space in the following order:
+
+1. Delete dead Pods and their containers
+2. Delete all unused images
+-->
+#### 使用 `Imagefs`
+
+如果 `nodefs` 文件系统满足驱逐阈值，`kubelet` 通过驱逐 pod 及其容器来释放磁盘空间。
+
+如果 `imagefs` 文件系统满足驱逐阈值，`kubelet` 通过删除所有未使用的镜像来释放磁盘空间。
+
+#### 未使用 `Imagefs`
+
+如果 `nodefs` 满足驱逐阈值，`kubelet` 将以下面的顺序释放磁盘空间：
+
+1. 删除停止运行的 pod/container
+2. 删除全部没有使用的镜像
+
+<!--
+### Evicting end-user Pods
+
+If the `kubelet` is unable to reclaim sufficient resource on the node, `kubelet` begins evicting Pods.
+
+The `kubelet` ranks Pods for eviction first by whether or not their usage of the starved resource exceeds requests,
+then by [Priority](/docs/concepts/configuration/pod-priority-preemption/), and then by the consumption of the starved compute resource relative to the Pods' scheduling requests.
+
+As a result, `kubelet` ranks and evicts Pods in the following order:
+
+* `BestEffort` or `Burstable` Pods whose usage of a starved resource exceeds its request.
+Such pods are ranked by Priority, and then usage above request.
+* `Guaranteed` pods and `Burstable` pods whose usage is beneath requests are evicted last.
+`Guaranteed` Pods are guaranteed only when requests and limits are specified for all
+the containers and they are equal. Such pods are guaranteed to never be evicted because
+of another Pod's resource consumption. If a system daemon (such as `kubelet`, `docker`,
+and `journald`) is consuming more resources than were reserved via `system-reserved` or
+`kube-reserved` allocations, and the node only has `Guaranteed` or `Burstable` Pods using
+less than requests remaining, then the node must choose to evict such a Pod in order to
+preserve node stability and to limit the impact of the unexpected consumption to other Pods.
+In this case, it will choose to evict pods of Lowest Priority first.
+
+If necessary, `kubelet` evicts Pods one at a time to reclaim disk when `DiskPressure`
+is encountered. If the `kubelet` is responding to `inode` starvation, it reclaims
+`inodes` by evicting Pods with the lowest quality of service first. If the `kubelet`
+is responding to lack of available disk, it ranks Pods within a quality of service
+that consumes the largest amount of disk and kill those first.
+-->
+### 驱逐最终用户的 pod
+
+如果 `kubelet` 在节点上无法回收足够的资源，`kubelet` 将开始驱逐 pod。
+
+`kubelet` 首先根据他们对短缺资源的使用是否超过请求来排除 pod 的驱逐行为，然后通过[优先级](/docs/concepts/configuration/pod-priority-preemption/)，然后通过相对于 pod 的调度请求消耗急需的计算资源。
+
+`kubelet` 按以下顺序对要驱逐的 pod 排名：
+
+* `BestEffort` 或 `Burstable`，其对短缺资源的使用超过了其请求，此类 pod 按优先级排序，然后使用高于请求。
+* `Guaranteed` pod 和 `Burstable` pod,其使用率低于请求，最后被驱逐。`Guaranteed` pod 只有为所有的容器指定了要求和限制并且它们相等时才能得到保证。由于另一个 pod 的资源消耗，这些 pod 保证永远不会被驱逐。如果系统守护进程（例如 `kubelet`、`docker`、和 `journald`）消耗的资源多于通过 `system-reserved` 或 `kube-reserved` 分配保留的资源，并且该节点只有 `Guaranteed` 或 `Burstable` pod 使用少于剩余的请求，然后节点必须选择驱逐这样的 pod 以保持节点的稳定性并限制意外消耗对其他 pod 的影响。在这种情况下，它将首先驱逐优先级最低的 pod。
+
+必要时，`kubelet` 会在遇到 `DiskPressure` 时驱逐一个 pod 来回收磁盘空间。如果 `kubelet` 响应 `inode` 短缺，它会首先驱逐服务质量最低的 pod 来回收 `inodes`。如果 `kubelet` 响应缺少可用磁盘，它会将 pod 排在服务质量范围内，该服务会消耗大量的磁盘并首先结束这些磁盘。
+
+<!--
+#### With `imagefs`
+
+If `nodefs` is triggering evictions, `kubelet` sorts Pods based on the usage on `nodefs`
+- local volumes + logs of all its containers.
+
+If `imagefs` is triggering evictions, `kubelet` sorts Pods based on the writable layer usage of all its containers.
+
+#### Without `imagefs`
+
+If `nodefs` is triggering evictions, `kubelet` sorts Pods based on their total disk usage
+- local volumes + logs & writable layer of all its containers.
+-->
+#### 使用 `imagefs`
+
+如果是 `nodefs` 触发驱逐，`kubelet` 将按 `nodefs` 用量 - 本地卷 + pod 的所有容器日志的总和对其排序。
+
+如果是 `imagefs` 触发驱逐，`kubelet` 将按 pod 所有可写层的用量对其进行排序。
+
+#### 未使用 `imagefs`
+
+如果是 `nodefs` 触发驱逐，`kubelet` 会根据磁盘的总使用情况对 pod 进行排序 - 本地卷 + 所有容器的日志及其可写层。
+
+<!--
+### Minimum eviction reclaim
+
+In certain scenarios, eviction of Pods could result in reclamation of small amount of resources. This can result in
+`kubelet` hitting eviction thresholds in repeated successions. In addition to that, eviction of resources like `disk`,
+ is time consuming.
+
+To mitigate these issues, `kubelet` can have a per-resource `minimum-reclaim`. Whenever `kubelet` observes
+resource pressure, `kubelet` attempts to reclaim at least `minimum-reclaim` amount of resource below
+the configured eviction threshold.
+
+For example, with the following configuration:
+
+```
+--eviction-hard=memory.available<500Mi,nodefs.available<1Gi,imagefs.available<100Gi
+--eviction-minimum-reclaim="memory.available=0Mi,nodefs.available=500Mi,imagefs.available=2Gi"`
+```
+
+If an eviction threshold is triggered for `memory.available`, the `kubelet` works to ensure
+that `memory.available` is at least `500Mi`. For `nodefs.available`, the `kubelet` works
+to ensure that `nodefs.available` is at least `1.5Gi`, and for `imagefs.available` it
+works to ensure that `imagefs.available` is at least `102Gi` before no longer reporting pressure
+on their associated resources.
+
+The default `eviction-minimum-reclaim` is `0` for all resources.
+-->
+### 最小驱逐回收
+
+在某些场景，驱逐 pod 会导致回收少量资源。这将导致 `kubelet` 反复碰到驱逐阈值。除此之外，对如 `disk` 这类资源的驱逐时比较耗时的。
+
+为了减少这类问题，`kubelet` 可以为每个资源配置一个 `minimum-reclaim`。当 `kubelet` 发现资源压力时，`kubelet` 将尝试至少回收驱逐阈值之下 `minimum-reclaim` 数量的资源。
+
+例如使用下面的配置：
+
+```
+--eviction-hard=memory.available<500Mi,nodefs.available<1Gi,imagefs.available<100Gi
+--eviction-minimum-reclaim="memory.available=0Mi,nodefs.available=500Mi,imagefs.available=2Gi"`
+```
+
+如果 `memory.available` 驱逐阈值被触发，`kubelet` 将保证 `memory.available` 至少为 `500Mi`。对于 `nodefs.available`，`kubelet` 将保证 `nodefs.available` 至少为 `1.5Gi`。对于 `imagefs.available`，`kubelet` 将保证 `imagefs.available` 至少为 `102Gi`，直到不再有相关资源报告压力为止。
+
+所有资源的默认 `eviction-minimum-reclaim` 值为 `0`。
+
+<!--
+### Scheduler
+
+The node reports a condition when a compute resource is under pressure. The
+scheduler views that condition as a signal to dissuade placing additional
+pods on the node.
+
+| Node Condition    | Scheduler Behavior                               |
+| ---------------- | ------------------------------------------------ |
+| `MemoryPressure` | No new `BestEffort` Pods are scheduled to the node. |
+| `DiskPressure` | No new Pods are scheduled to the node. |
+-->
+### 调度器
+
+当资源处于压力之下时，节点将报告状态。调度器将那种状态视为一种信号，阻止更多 pod 调度到这个节点上。
+
+| 节点状态    | 调度器行为                               |
+| ---------------- | ------------------------------------------------ |
+| `MemoryPressure` | No new `BestEffort` Pods are scheduled to the node. |
+| `DiskPressure` | No new Pods are scheduled to the node. |
+
+<!--
+## Node OOM Behavior
+
+If the node experiences a system OOM (out of memory) event prior to the `kubelet` is able to reclaim memory,
+the node depends on the [oom_killer](https://lwn.net/Articles/391222/) to respond.
+
+The `kubelet` sets a `oom_score_adj` value for each container based on the quality of service for the Pod.
+
+| Quality of Service | oom_score_adj |
+|----------------------------|-----------------------------------------------------------------------|
+| `Guaranteed` | -998 |
+| `BestEffort` | 1000 |
+| `Burstable` | min(max(2, 1000 - (1000 * memoryRequestBytes) / machineMemoryCapacityBytes), 999) |
+
+If the `kubelet` is unable to reclaim memory prior to a node experiencing system OOM, the `oom_killer` calculates
+an `oom_score` based on the percentage of memory it's using on the node, and then add the `oom_score_adj` to get an
+effective `oom_score` for the container, and then kills the container with the highest score.
+
+The intended behavior should be that containers with the lowest quality of service that
+are consuming the largest amount of memory relative to the scheduling request should be killed first in order
+to reclaim memory.
+
+Unlike Pod eviction, if a Pod container is OOM killed, it may be restarted by the `kubelet` based on its `RestartPolicy`.
+-->
+## 节点 OOM 行为
+
+如果节点在 `kubelet` 回收内存之前经历了系统 OOM(内存不足) 事件，它将基于 [oom_killer](https://lwn.net/Articles/391222/) 做出响应。
+
+`kubelet` 基于 pod 的 service 质量为每个容器设置一个 `oom_score_adj` 值。
+
+| Service 质量 | oom_score_adj |
+|----------------------------|-----------------------------------------------------------------------|
+| `Guaranteed` | -998 |
+| `BestEffort` | 1000 |
+| `Burstable` | min(max(2, 1000 - (1000 * memoryRequestBytes) / machineMemoryCapacityBytes), 999) |
+
+如果 `kubelet` 在节点经历系统 OOM 之前无法回收内存，`oom_killer` 将基于它在节点上使用的内存百分比算出一个 `oom_score`，并加上 `oom_score_adj` 得到容器的有效 `oom_score`，然后结束得分最高的容器。
+
+预期的行为应该是拥有最低 service 质量并消耗和调度请求相关内存量最多的容器第一个被结束，以回收内存。
+
+和 pod 驱逐不同，如果一个 pod 的容器是被 OOM 结束的，基于其 `RestartPolicy`，它可能会被 `kubelet` 重新启动。
+
+<!--
+## Best Practices
+
+The following sections describe best practices for out of resource handling.
+
+### Schedulable resources and eviction policies
+
+Consider the following scenario:
+
+* Node memory capacity: `10Gi`
+* Operator wants to reserve 10% of memory capacity for system daemons (kernel, `kubelet`, etc.)
+* Operator wants to evict Pods at 95% memory utilization to reduce incidence of system OOM.
+
+To facilitate this scenario, the `kubelet` would be launched as follows:
+
+```
+--eviction-hard=memory.available<500Mi
+--system-reserved=memory=1.5Gi
+```
+
+Implicit in this configuration is the understanding that "System reserved" should include the amount of memory
+covered by the eviction threshold.
+
+To reach that capacity, either some Pod is using more than its request, or the system is using more than `1.5Gi - 500Mi = 1Gi`.
+
+This configuration ensures that the scheduler does not place Pods on a node that immediately induce memory pressure
+and trigger eviction assuming those Pods use less than their configured request.
+-->
+## 最佳实践
+
+以下部分描述了资源外处理的最佳实践。
+
+### 可调度资源和驱逐策略
+
+考虑以下场景：
+
+* 节点内存容量：`10Gi`
+* 操作员希望为系统守护进程保留 10% 内存容量（内核、`kubelet` 等）。
+* 操作员希望在内存用量达到 95% 时驱逐 pod，以减少对系统的冲击并防止系统 OOM 的发生。
+
+为了促成这个场景，`kubelet` 将像下面这样启动：
+
+```
+--eviction-hard=memory.available<500Mi
+--system-reserved=memory=1.5Gi
+```
+
+这个配置的暗示是理解“系统保留”应该包含被驱逐阈值覆盖的内存数量。
+
+要达到这个容量，要么某些 pod 使用了超过它们请求的资源，要么系统使用的内存超过 `1.5Gi - 500Mi = 1Gi`。
+
+这个配置将保证在 pod 使用量都不超过它们配置的请求值时，如果可能立即引起内存压力并触发驱逐时，调度器不会将 pod 放到这个节点上。
+
+<!--
+### DaemonSet
+
+It is never desired for `kubelet` to evict a `DaemonSet` Pod, since the Pod is
+immediately recreated and rescheduled back to the same node.
+
+At the moment, the `kubelet` has no ability to distinguish a Pod created
+from `DaemonSet` versus any other object. If/when that information is
+available, the `kubelet` could pro-actively filter those Pods from the
+candidate set of Pods provided to the eviction strategy.
+
+In general, it is strongly recommended that `DaemonSet` not
+create `BestEffort` Pods to avoid being identified as a candidate Pod
+for eviction. Instead `DaemonSet` should ideally launch `Guaranteed` Pods.
+-->
+### DaemonSet
+
+我们永远都不希望 `kubelet` 驱逐一个从 `DaemonSet` 派生的 pod，因为这个 pod 将立即被重建并调度回相同的节点。
+
+目前，`kubelet` 没有办法区分一个 pod 是由 `DaemonSet` 还是其他对象创建。如果/当这个信息可用时，`kubelet` 可能会预先将这些 pod 从提供给驱逐策略的候选集合中过滤掉。
+
+总之，强烈推荐 `DaemonSet` 不要创建 `BestEffort` 的 pod，防止其被识别为驱逐的候选 pod。相反，理想情况下 `DaemonSet` 应该启动 `Guaranteed` 的 pod。
+
+<!--
+## Deprecation of existing feature flags to reclaim disk
+
+`kubelet` has been freeing up disk space on demand to keep the node stable.
+
+As disk based eviction matures, the following `kubelet` flags are marked for deprecation
+in favor of the simpler configuration supported around eviction.
+
+| Existing Flag | New Flag |
+| ------------- | -------- |
+| `--image-gc-high-threshold` | `--eviction-hard` or `eviction-soft` |
+| `--image-gc-low-threshold` | `--eviction-minimum-reclaim` |
+| `--maximum-dead-containers` | deprecated |
+| `--maximum-dead-containers-per-container` | deprecated |
+| `--minimum-container-ttl-duration` | deprecated |
+| `--low-diskspace-threshold-mb` | `--eviction-hard` or `eviction-soft` |
+| `--outofdisk-transition-frequency` | `--eviction-pressure-transition-period` |
+-->
+## 弃用现有特性标签以回收磁盘
+
+`kubelet` 已经按需求清空了磁盘空间以保证节点稳定性。
+
+当磁盘驱逐成熟时，下面的 `kubelet` 标志将被标记为废弃的，以简化支持驱逐的配置。
+
+| 现有标签 | 新标签 |
+| ------------- | -------- |
+| `--image-gc-high-threshold` | `--eviction-hard` or `eviction-soft` |
+| `--image-gc-low-threshold` | `--eviction-minimum-reclaim` |
+| `--maximum-dead-containers` | deprecated |
+| `--maximum-dead-containers-per-container` | deprecated |
+| `--minimum-container-ttl-duration` | deprecated |
+| `--low-diskspace-threshold-mb` | `--eviction-hard` or `eviction-soft` |
+| `--outofdisk-transition-frequency` | `--eviction-pressure-transition-period` |
+
+<!--
+## Known issues
+
+The following sections describe known issues related to out of resource handling.
+
+### kubelet may not observe memory pressure right away
+
+The `kubelet` currently polls `cAdvisor` to collect memory usage stats at a regular interval. If memory usage
+increases within that window rapidly, the `kubelet` may not observe `MemoryPressure` fast enough, and the `OOMKiller`
+will still be invoked. We intend to integrate with the `memcg` notification API in a future release to reduce this
+latency, and instead have the kernel tell us when a threshold has been crossed immediately.
+
+If you are not trying to achieve extreme utilization, but a sensible measure of overcommit, a viable workaround for
+this issue is to set eviction thresholds at approximately 75% capacity. This increases the ability of this feature
+to prevent system OOMs, and promote eviction of workloads so cluster state can rebalance.
+-->
+## 已知问题
+
+以下部分描述了与资源外处理有关的已知问题。
+
+### kubelet 可能无法立即发现内存压力
+
+`kubelet` 当前通过以固定的时间间隔轮询 `cAdvisor` 来收集内存使用数据。如果内存使用在那个时间窗口内迅速增长，`kubelet` 可能不能足够快的发现 `MemoryPressure`，`OOMKiller` 将不会被调用。我们准备在将来的发行版本中通过集成 `memcg` 通知 API 来减小这种延迟。当超过阈值时，内核将立即告诉我们。
+
+如果您想处理可察觉的超量使用而不要求极端精准，可以设置驱逐阈值为大约 75% 容量作为这个问题的变通手段。这将增强这个特性的能力，防止系统 OOM，并提升负载卸载能力，以再次平衡集群状态。
+
+<!--
+### kubelet may evict more Pods than needed
+
+The Pod eviction may evict more Pods than needed due to stats collection timing gap. This can be mitigated by adding
+the ability to get root container stats on an on-demand basis [(https://github.com/google/cadvisor/issues/1247)](https://github.com/google/cadvisor/issues/1247) in the future.
+-->
+### kubelet 可能会驱逐超过需求数量的 pod
+
+由于状态采集的时间差，驱逐操作可能驱逐比所需的更多的 pod。将来可通过添加从根容器获取所需状态的能力 [(https://github.com/google/cadvisor/issues/1247)]([(https://github.com/google/cadvisor/issues/1247)](https://github.com/google/cadvisor/issues/1247)) 来减缓这种状况。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/quota-api-object.md b/content/zh/docs/tasks/administer-cluster/quota-api-object.md
new file mode 100644
index 0000000000000..67249bd075f86
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/quota-api-object.md
@@ -0,0 +1,274 @@
+---
+title: 配置 API 对象配额
+content_template: templates/task
+---
+
+<!--
+---
+title: Configure Quotas for API Objects
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to configure quotas for API objects, including
+PersistentVolumeClaims and Services. A quota restricts the number of
+objects, of a particular type, that can be created in a namespace.
+You specify quotas in a
+[ResourceQuota](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#resourcequota-v1-core)
+object.
+-->
+
+本文讨论如何为 API 对象配置配额，包括 PersistentVolumeClaims 和 Services。
+配额限制了可以在命名空间中创建的特定类型对象的数量。
+您可以在 [ResourceQuota](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#resourcequota-v1-core) 对象中指定配额。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Create a namespace
+
+Create a namespace so that the resources you create in this exercise are
+isolated from the rest of your cluster.
+-->
+
+## 创建命名空间
+
+创建一个命名空间以便本例中创建的资源和集群中的其余部分相隔离。
+
+```shell
+kubectl create namespace quota-object-example
+```
+
+<!--
+## Create a ResourceQuota
+
+Here is the configuration file for a ResourceQuota object:
+-->
+
+## 创建 ResourceQuota
+
+下面是一个 ResourceQuota 对象的配置文件：
+
+{{< codenew file="admin/resource/quota-objects.yaml" >}}
+
+<!--
+Create the ResourceQuota:
+-->
+
+创建 ResourceQuota
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/resource/quota-objects.yaml --namespace=quota-object-example
+```
+
+<!--
+View detailed information about the ResourceQuota:
+-->
+
+查看 ResourceQuota 的详细信息：
+
+```shell
+kubectl get resourcequota object-quota-demo --namespace=quota-object-example --output=yaml
+```
+
+<!--
+The output shows that in the quota-object-example namespace, there can be at most
+one PersistentVolumeClaim, at most two Services of type LoadBalancer, and no Services
+of type NodePort.
+-->
+
+输出结果表明在 quota-object-example 命名空间中，至多只能有一个 PersistentVolumeClaim，最多两个 LoadBalancer 类型的服务，不能有 NodePort 类型的服务。
+
+
+```yaml
+status:
+  hard:
+    persistentvolumeclaims: "1"
+    services.loadbalancers: "2"
+    services.nodeports: "0"
+  used:
+    persistentvolumeclaims: "0"
+    services.loadbalancers: "0"
+    services.nodeports: "0"
+```
+
+<!--
+## Create a PersistentVolumeClaim
+
+Here is the configuration file for a PersistentVolumeClaim object:
+-->
+
+## 创建 PersistentVolumeClaim
+
+下面是一个 PersistentVolumeClaim 对象的配置文件：
+
+{{< codenew file="admin/resource/quota-objects-pvc.yaml" >}}
+
+<!--
+Create the PersistentVolumeClaim:
+-->
+
+创建 PersistentVolumeClaim：
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/resource/quota-objects-pvc.yaml --namespace=quota-object-example
+```
+
+<!--
+Verify that the PersistentVolumeClaim was created:
+-->
+
+确认已创建完 PersistentVolumeClaim：
+
+```shell
+kubectl get persistentvolumeclaims --namespace=quota-object-example
+```
+
+<!--
+The output shows that the PersistentVolumeClaim exists and has status Pending:
+-->
+
+输出信息表明 PersistentVolumeClaim 存在并且处于 Pending 状态：
+
+```shell
+NAME             STATUS
+pvc-quota-demo   Pending
+```
+
+<!--
+## Attempt to create a second PersistentVolumeClaim
+
+Here is the configuration file for a second PersistentVolumeClaim:
+-->
+
+## 尝试创建第二个 PersistentVolumeClaim
+
+下面是第二个 PersistentVolumeClaim 的配置文件：
+
+{{< codenew file="admin/resource/quota-objects-pvc-2.yaml" >}}
+
+<!--
+Attempt to create the second PersistentVolumeClaim:
+-->
+
+尝试创建第二个 PersistentVolumeClaim：
+
+```shell
+kubectl create -f https://k8s.io/examples/admin/resource/quota-objects-pvc-2.yaml --namespace=quota-object-example
+```
+<!--
+The output shows that the second PersistentVolumeClaim was not created,
+because it would have exceeded the quota for the namespace.
+-->
+
+输出信息表明第二个 PersistentVolumeClaim 没有创建成功，因为这会超出命名空间的配额。
+
+
+```
+persistentvolumeclaims "pvc-quota-demo-2" is forbidden:
+exceeded quota: object-quota-demo, requested: persistentvolumeclaims=1,
+used: persistentvolumeclaims=1, limited: persistentvolumeclaims=1
+```
+<!--
+## Notes
+
+These are the strings used to identify API resources that can be constrained
+by quotas:
+-->
+
+## 注意事项
+
+下面这些字符串可被用来标识那些能被配额限制的 API 资源：
+
+<table>
+<tr><th>String</th><th>API Object</th></tr>
+<tr><td>"pods"</td><td>Pod</td></tr>
+<tr><td>"services</td><td>Service</td></tr>
+<tr><td>"replicationcontrollers"</td><td>ReplicationController</td></tr>
+<tr><td>"resourcequotas"</td><td>ResourceQuota</td></tr>
+<tr><td>"secrets"</td><td>Secret</td></tr>
+<tr><td>"configmaps"</td><td>ConfigMap</td></tr>
+<tr><td>"persistentvolumeclaims"</td><td>PersistentVolumeClaim</td></tr>
+<tr><td>"services.nodeports"</td><td>Service of type NodePort</td></tr>
+<tr><td>"services.loadbalancers"</td><td>Service of type LoadBalancer</td></tr>
+</table>
+
+<!--
+## Clean up
+
+Delete your namespace:
+-->
+
+## 清理
+
+删除您的命名空间：
+
+```shell
+kubectl delete namespace quota-object-example
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+### For cluster administrators
+
+* [Configure Default Memory Requests and Limits for a Namespace](/docs/tasks/administer-cluster/memory-default-namespace/)
+
+* [Configure Default CPU Requests and Limits for a Namespace](/docs/tasks/administer-cluster/cpu-default-namespace/)
+
+* [Configure Minimum and Maximum Memory Constraints for a Namespace](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+
+* [Configure Minimum and Maximum CPU Constraints for a Namespace](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+
+* [Configure Memory and CPU Quotas for a Namespace](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+
+* [Configure a Pod Quota for a Namespace](/docs/tasks/administer-cluster/quota-pod-namespace/)
+-->
+
+### 集群管理员参考
+
+* [为命名空间配置默认的内存请求和限制](/docs/tasks/administer-cluster/memory-default-namespace/)
+
+* [为命名空间配置默认的 CPU 请求和限制](/docs/tasks/administer-cluster/cpu-default-namespace/)
+
+* [为命名空间配置内存的最小和最大限制](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+
+* [为命名空间配置 CPU 的最小和最大限制](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+
+* [为命名空间配置 CPU 和内存配额](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+
+* [为命名空间配置 Pod 配额](/docs/tasks/administer-cluster/quota-pod-namespace/)
+
+<!--
+### For app developers
+
+* [Assign Memory Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-memory-resource/)
+
+* [Assign CPU Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+
+* [Configure Quality of Service for Pods](/docs/tasks/configure-pod-container/quality-service-pod/)
+-->
+
+### 应用开发者参考
+
+* [为容器和 Pod 分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
+* [为容器和 Pod 分配 CPU 资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+* [为 Pod 配置服务质量](/docs/tasks/configure-pod-container/quality-service-pod/)
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/administer-cluster/reconfigure-kubelet.md b/content/zh/docs/tasks/administer-cluster/reconfigure-kubelet.md
new file mode 100644
index 0000000000000..bb88078429110
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/reconfigure-kubelet.md
@@ -0,0 +1,677 @@
+---
+title: 在实时集群上重新配置节点的 Kubelet
+content_template: templates/task
+---
+
+<!--
+
+---
+reviewers:
+- mtaufen
+- dawnchen
+title: Reconfigure a Node's Kubelet in a Live Cluster
+content_template: templates/task
+---
+
+-->
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.11" state="beta" >}}
+
+<!--
+[Dynamic Kubelet Configuration](https://github.com/kubernetes/enhancements/issues/281)
+allows you to change the configuration of each Kubelet in a live Kubernetes
+cluster by deploying a ConfigMap and configuring each Node to use it.
+-->
+[动态Kubelet配置](https://github.com/kubernetes/enhancements/issues/281)
+引导你在一个运行的 Kubernetes 集群上更改每一个 Kubelet 的配置，通过部署 ConfigMap 并配置每个节点来使用它。
+
+{{< warning >}}
+<!--
+All Kubelet configuration parameters can be changed dynamically,
+but this is unsafe for some parameters. Before deciding to change a parameter
+dynamically, you need a strong understanding of how that change will affect your
+cluster's behavior. Always carefully test configuration changes on a small set
+of nodes before rolling them out cluster-wide. Advice on configuring specific
+fields is available in the inline `KubeletConfiguration`
+[type documentation](https://github.com/kubernetes/kubernetes/blob/release-1.11/pkg/kubelet/apis/kubeletconfig/v1beta1/types.go).
+-->
+**警告**：所有Kubelet配置参数都可以动态地更改，但这对某些参数来说是不安全的。在决定动态更改参数之前，你需要深刻理解这种变化将如何影响你的集群的行为。
+在把一组节点推广到集群范围之前，都要仔细地测试这些节点上的配置变化。与配置相关的建议可以在具体的文件下找到，内联 `KubeletConfiguration`
+[类型文档](https://github.com/kubernetes/kubernetes/blob/release-1.11/pkg/kubelet/apis/kubeletconfig/v1beta1/types.go)。
+{{< /warning >}}
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!--
+- Kubernetes v1.11 or higher on both the Master and the Nodes
+- kubectl v1.11 or higher, configured to communicate with the cluster
+- The Kubelet's `--dynamic-config-dir` flag must be set to a writable
+ directory on the Node.
+-->
+
+- Kubernetes v1.11 或者更高版本配置在主节点和节点上
+- kubectl v1.11 或者更高版本和集群配置通信
+- The Kubelet's `--dynamic-config-dir` flag 必须设置在节点的可写目录上
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Reconfiguring the Kubelet on a Live Node in your Cluster -->
+## 在你集群中的一个实时节点上配置Kubelet
+
+<!-- ### Basic Workflow Overview -->
+### 基本工作流程概述
+
+<!--
+The basic workflow for configuring a Kubelet in a live cluster is as follows:
+
+1. Write a YAML or JSON configuration file containing the
+Kubelet's configuration.
+2. Wrap this file in a ConfigMap and save it to the Kubernetes control plane.
+3. Update the Kubelet's corresponding Node object to use this ConfigMap.
+-->
+在实时集群中配置 Kubelet 的基本工作流程如下：
+
+1. 编写一个 YAML 或 JSON 的配置文件包含 Kubelet 的配置。
+2. 将此文件包装在 ConfigMap 中并将其保存到 Kubernetes 控制平面。
+3. 更新 Kubelet 的相应节点对象以使用此 ConfigMap。
+
+<!--
+Each Kubelet watches a configuration reference on its respective Node object.
+When this reference changes, the Kubelet downloads the new configuration,
+updates a local reference to refer to the file, and exits.
+For the feature to work correctly, you must be running an OS-level service
+manager (such as systemd), which will restart the Kubelet if it exits. When the
+Kubelet is restarted, it will begin using the new configuration.
+-->
+每个 Kubelet 都会在其各自的节点对象上查看配置引用。当此引用更改时，Kubelet 将下载新配置，
+更新本地引用以引用该文件，然后退出。
+要想使该功能正常地工作，您必须运行操作系统级别的服务管理器（如systemd），如果退出，将重启Kubelet。
+当Kubelet重新启动时，它将开始使用新配置。
+
+<!--
+The new configuration completely overrides configuration provided by `--config`,
+and is overridden by command-line flags. Unspecified values in the new configuration
+will receive default values appropriate to the configuration version
+(e.g. `kubelet.config.k8s.io/v1beta1`), unless overridden by flags.
+-->
+这个新配置完全地覆盖 `--config` 所提供的配置，并被命令行标志覆盖。新配置中未指定的值将收到适合配置版本的默认值
+(e.g. `kubelet.config.k8s.io/v1beta1`)，除非被标志覆盖。
+
+<!--
+The status of the Node's Kubelet configuration is reported via
+`Node.Spec.Status.Config`. Once you have updated a Node to use the new
+ConfigMap, you can observe this status to confirm that the Node is using the
+intended configuration.
+-->
+这个节点的 Kubelet 配置状态通过命令 `Node.Spec.Status.Config` 获取。一旦您已经改变了一个节点去使用新的 ConfigMap ，
+您就可以观察此状态以确认这个节点正在使用的预期配置。
+
+<!--
+This document describes editing Nodes using `kubectl edit`.
+There are other ways to modify a Node's spec, including `kubectl patch`, for
+example, which facilitate scripted workflows.
+-->
+这个文档描述编辑节点信息用命令 `kubectl edit`，还有一些其他的方式去修改节点的规范，包括命令 `kubectl patch`，
+例如，哪一个更利于脚本化的工作流程。
+
+<!--
+This document only describes a single Node consuming each ConfigMap. Keep in
+mind that it is also valid for multiple Nodes to consume the same ConfigMap.
+-->
+这个文档仅仅讲述了在单节点上使用每一个 ConfigMap。请注意对于多个节点使用相同的 ConfigMap 也是有效的。
+
+{{< warning >}}
+<!--
+While it is *possible* to change the configuration by
+updating the ConfigMap in-place, this causes all Kubelets configured with
+that ConfigMap to update simultaneously. It is much safer to treat ConfigMaps
+as immutable by convention, aided by `kubectl`'s `--append-hash` option,
+and incrementally roll out updates to `Node.Spec.ConfigSource`.
+-->
+**警告**：通过更新本地的 ConfigMap *有可能* 会改变配置信息，这样会导致所有 Kubelets 所配置的 ConfigMap 同步更新。
+它是更安全的去处理 ConfigMap 按照惯例不变，借助于 `kubectl`'s `--append-hash` 选项，并逐步把更新推广到 `Node.Spec.ConfigSource`。
+{{< /warning >}}
+
+<!-- ### Automatic RBAC rules for Node Authorizer -->
+### 节点授权器的自动RBAC规则
+
+<!--
+Previously, you were required to manually create RBAC rules
+to allow Nodes to access their assigned ConfigMaps. The Node Authorizer now
+automatically configures these rules.
+-->
+以前，您需要手动创建RBAC规则允许节点访问其分配的ConfigMaps。 节点授权器现在
+自动地配置这些规则。
+
+<!-- ### Generating a file that contains the current configuration -->
+### 生成包含当前配置的文件
+
+<!--
+The Dynamic Kubelet Configuration feature allows you to provide an override for
+the entire configuration object, rather than a per-field overlay. This is a
+simpler model that makes it easier to trace the source of configuration values
+and debug issues. The compromise, however, is that you must start with knowledge
+of the existing configuration to ensure that you only change the fields you
+intend to change.
+-->
+动态 Kubelet 配置特性允许您提供覆盖对于整个配置对象，而不是每个字段的叠加。 这是一个
+更简单的模型，可以更轻松地跟踪配置值的来源和调试问题。 然而，妥协是你必须从现有配置的认识开始，
+以确保您只更改您打算修改的字段。
+
+<!--
+Ideally, the Kubelet would be bootstrapped from a file on disk
+and you could edit this file (which could also be version-controlled),
+to create the first Kubelet ConfigMap
+(see [Set Kubelet parameters via a config file](/docs/tasks/administer-cluster/kubelet-config-file)),
+Currently, the Kubelet is bootstrapped with **a combination of this file and command-line flags**
+that can override the configuration in the file.
+As a workaround, you can generate a config file containing a Node's current
+configuration by accessing the Kubelet server's `configz` endpoint via the
+kubectl proxy. This endpoint, in its current implementation, is intended to be
+used only as a debugging aid. Do not rely on the  of this endpoint for
+production scenarios. The examples below use the `jq` command to streamline
+working with JSON. To follow the tasks as written, you need to have `jq`
+installed, but you can adapt the tasks if you prefer to extract the
+`kubeletconfig` subobject manually.
+-->
+理想情况下，Kubelet 将被引导从磁盘上的一个文件，并且你可以编辑这个文件（也可以是版本控制的），
+去创建第一个 Kubelet ConfigMap (参考文档 [通过配置文件设置Kubelet参数](/docs/tasks/administer-cluster/kubelet-config-file))，
+目前，Kubelet 使用 **文件和命令行标志的组合** 进行引导来覆盖文件中的配置。
+作为解决方法，您可以生成一个配置文件包含节点当前的组态，通过 kubectl 代理访问Kubelet服务器的 `configz` 端点。
+该端点在其当前实现中，旨在被用来作为一个调试辅助工具。在生产环境下，不要依赖此端点的特性。
+下面的例子使用 `jq` 命令来简化使用 JSON。按照所写的步骤，您需要安装 `jq` ，
+但如果您喜欢手动提取 `kubeletconfig` 子对象，您也可以完成这个任务。
+
+<!-- #### Generate the configuration file -->
+#### 生成配置文件
+
+<!--
+1. Choose a Node to reconfigure. In this example, the name of this Node is
+    referred to as `NODE_NAME`.
+2. Start the kubectl proxy in the background using the following command:
+
+      ```bash
+      kubectl proxy --port=8001 &
+      ```
+
+3. Run the following command to download and unpack the configuration from the
+    `configz` endpoint. The command is long, so be careful when copying and
+    pasting. **If you use zsh**, note that common zsh configurations add backslashes
+    to escape the opening and closing curly braces around the variable name in the URL.
+    For example: `${NODE_NAME}` will be rewritten as `$\{NODE_NAME\}` during the paste.
+    You must remove the backslashes before running the command, or the command will fail.
+
+      ```bash
+      NODE_NAME="the-name-of-the-node-you-are-reconfiguring"; curl -sSL "http://localhost:8001/api/v1/nodes/${NODE_NAME}/proxy/configz" | jq '.kubeletconfig|.kind="KubeletConfiguration"|.apiVersion="kubelet.config.k8s.io/v1beta1"' > kubelet_configz_${NODE_NAME}
+      ```
+-->
+
+1. 选择一个节点去重新配置，在此示例中，此节点的名称为 `NODE_NAME`。
+2. 使用以下命令在后台启动kubectl代理：
+
+      ```bash
+      kubectl proxy --port=8001 &
+      ```
+
+3. 运行以下命令从 `configz` 端点中下载并解压配置。这个命令很长，因此在复制和黏贴时要小心。
+**如果您使用zsh**，请注意常见的 zsh 配置添加反斜杠转义URL中变量名称周围的大括号的开始和结束。
+例如：在粘贴期间，`$ {NODE_NAME}` 将被重写为 `$ \ {NODE_NAME \}`。
+您必须在运行命令之前删除反斜杠，否则命令将失败。
+
+ ```bash
+      NODE_NAME="the-name-of-the-node-you-are-reconfiguring"; curl -sSL "http://localhost:8001/api/v1/nodes/${NODE_NAME}/proxy/configz" | jq '.kubeletconfig|.kind="KubeletConfiguration"|.apiVersion="kubelet.config.k8s.io/v1beta1"' > kubelet_configz_${NODE_NAME}
+ ```
+
+{{< note >}}
+**注意**：You need to manually add the `kind` and `apiVersion` to the downloaded
+object, because they are not reported by the `configz` endpoint.
+您需要手动将 `kind` 和 `apiVersion` 添加到下载对象中，因为它们不是由 `configz` 端点报出的。
+{{< /note >}}
+
+<!-- #### Edit the configuration file -->
+#### 修改配置文件
+
+Using a text editor, change one of the parameters in the
+file generated by the previous procedure. For example, you
+might edit the QPS parameter `eventRecordQPS`.
+使用文本编辑器，在这个文件里，改变之前的程序生成的一个参数。例如，你或许会修改 QPS 参数  `eventRecordQPS`。
+
+<!-- #### Push the configuration file to the control plane -->
+#### 把配置文件推送到控制平面
+
+<!--
+Push the edited configuration file to the control plane with the
+following command:
+
+```bash
+kubectl -n kube-system create configmap my-node-config --from-file=kubelet=kubelet_configz_${NODE_NAME} --append-hash -o yaml
+```
+-->
+用以下命令把配置文件推送到控制平面：
+
+```bash
+kubectl -n kube-system create configmap my-node-config --from-file=kubelet=kubelet_configz_${NODE_NAME} --append-hash -o yaml
+```
+
+<!--
+This is an example of a valid response:
+
+```none
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2017-09-14T20:23:33Z
+  name: my-node-config-gkt4c2m4b2
+  namespace: kube-system
+  resourceVersion: "119980"
+  selfLink: /api/v1/namespaces/kube-system/configmaps/my-node-config-gkt4c2m4b2
+  uid: 946d785e-998a-11e7-a8dd-42010a800006
+data:
+  kubelet: |
+    {...}
+```
+-->
+这是一个响应有效的例子：
+
+```none
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2017-09-14T20:23:33Z
+  name: my-node-config-gkt4c2m4b2
+  namespace: kube-system
+  resourceVersion: "119980"
+  selfLink: /api/v1/namespaces/kube-system/configmaps/my-node-config-gkt4c2m4b2
+  uid: 946d785e-998a-11e7-a8dd-42010a800006
+data:
+  kubelet: |
+    {...}
+```
+
+<!--
+The ConfigMap is created in the `kube-system` namespace because this
+ConfigMap configures a Kubelet, which is Kubernetes system component.
+-->
+ConfigMap是在 `kube-system` 命名空间中创建的，因为 ConfigMap 配置了 Kubelet，它是 Kubernetes 的系统组件。
+
+<!--
+The `--append-hash` option appends a short checksum of the ConfigMap contents
+to the name. This is convenient for an edit-then-push workflow, because it
+automatically, yet deterministically, generates new names for new ConfigMaps.
+The name that includes this generated hash is referred to as `CONFIG_MAP_NAME`
+in the following examples.
+-->
+`--append-hash` 选项给 ConfigMap 内容附加了一个简短校验和。 这对于编辑然后推送工作流程很方便，因为它
+自动并确定地为新ConfigMaps生成新的名称。在以下示例中，包含生成的哈希名称为 `CONFIG_MAP_NAME`。
+
+<!-- #### Set the Node to use the new configuration -->
+#### 用新配置创建新的节点
+
+<!--
+Edit the Node's reference to point to the new ConfigMap with the
+following command:
+
+```bash
+kubectl edit node ${NODE_NAME}
+```
+
+In your text editor, add the following YAML under `spec`:
+
+```yaml
+configSource:
+    configMap:
+        name: CONFIG_MAP_NAME
+        namespace: kube-system
+        kubeletConfigKey: kubelet
+```
+-->
+用下面的命令行编辑节点的参数来指向新的 ConfigMap：
+
+```bash
+kubectl edit node ${NODE_NAME}
+```
+
+<!-- In your text editor, add the following YAML under `spec`: -->
+在您的文本编辑器中，在 `spec` 下增添以下 YAML：
+
+```yaml
+configSource:
+    configMap:
+        name: CONFIG_MAP_NAME
+        namespace: kube-system
+        kubeletConfigKey: kubelet
+```
+
+<!--
+You must specify all three of `name`, `namespace`, and `kubeletConfigKey`.
+The `kubeletConfigKey` parameter shows the Kubelet which key of the ConfigMap
+contains its config.
+-->
+您必须指定这三个参数中的每一个 `name`, `namespace` 和 `kubeletConfigKey`。
+`kubeletConfigKey` 这个参数显示出 Kubelet 上的哪个 key 包含了 ConfigMap 的配置。
+
+<!-- #### Observe that the Node begins using the new configuration -->
+#### 使用新配置监察节点
+
+<!--
+Retrieve the Node using the `kubectl get node ${NODE_NAME} -o yaml` command and inspect
+`Node.Status.Config`. The config sources corresponding to the `active`,
+`assigned`, and `lastKnownGood` configurations are reported in the status.
+
+- The `active` configuration is the version the Kubelet is currently running with.
+- The `assigned` configuration is the latest version the Kubelet has resolved based on
+  `Node.Spec.ConfigSource`.
+- The `lastKnownGood` configuration is the version the
+  Kubelet will fall back to if an invalid config is assigned in `Node.Spec.ConfigSource`.
+-->
+用 `kubectl get node ${NODE_NAME} -o yaml` 命令回收节点并用命令 `Node.Status.Config` 检查节点状态配置。
+在这个状态报告的配置里，对应这些配置源 `active`，`assigned` 和 `lastKnownGood`。
+
+- `active` 是 Kubelet 当前运行的版本。
+- `assigned` 参数是 Kubelet 基于 `Node.Spec.ConfigSource` 的最新版本.
+- `lastKnownGood` 参数是 Kubelet 的回退版本，如果在 `Node.Spec.ConfigSource` 中分配了无效的配置。
+
+<!--
+The`lastKnownGood` configuration might not be present if it is set to its default value,
+the local config deployed with the node. The status will update `lastKnownGood` to
+match a valid `assigned` config after the Kubelet becomes comfortable with the config.
+The details of how the Kubelet determines a config should become the `lastKnownGood` are
+not guaranteed by the API, but is currently implemented as a 10-minute grace period.
+-->
+如果用本地的配置部署节点，使其设置成默认值，这个`lastKnownGood`配置可能不存在。
+在 Kubelet 配置好后，将更新 `lastKnownGood` 去匹配一个有效的 `assigned` 配置。
+判断如何配置 Kubelet 的细节是使`lastKnownGood`不受API限制，但目前实施为 10分钟 的宽限期。
+
+<!--
+You can use the following command (using `jq`) to filter down
+to the config status:
+
+```bash
+kubectl get no ${NODE_NAME} -o json | jq '.status.config'
+```
+
+The following is an example response:
+
+```json
+{
+  "active": {
+    "configMap": {
+      "kubeletConfigKey": "kubelet",
+      "name": "my-node-config-9mbkccg2cc",
+      "namespace": "kube-system",
+      "resourceVersion": "1326",
+      "uid": "705ab4f5-6393-11e8-b7cc-42010a800002"
+    }
+  },
+  "assigned": {
+    "configMap": {
+      "kubeletConfigKey": "kubelet",
+      "name": "my-node-config-9mbkccg2cc",
+      "namespace": "kube-system",
+      "resourceVersion": "1326",
+      "uid": "705ab4f5-6393-11e8-b7cc-42010a800002"
+    }
+  },
+  "lastKnownGood": {
+    "configMap": {
+      "kubeletConfigKey": "kubelet",
+      "name": "my-node-config-9mbkccg2cc",
+      "namespace": "kube-system",
+      "resourceVersion": "1326",
+      "uid": "705ab4f5-6393-11e8-b7cc-42010a800002"
+    }
+  }
+}
+
+```
+-->
+您可以使用以下命令 (using `jq`) 过滤到配置状态：
+
+```bash
+kubectl get no ${NODE_NAME} -o json | jq '.status.config'
+```
+
+以下是一个响应示例：
+
+```json
+{
+  "active": {
+    "configMap": {
+      "kubeletConfigKey": "kubelet",
+      "name": "my-node-config-9mbkccg2cc",
+      "namespace": "kube-system",
+      "resourceVersion": "1326",
+      "uid": "705ab4f5-6393-11e8-b7cc-42010a800002"
+    }
+  },
+  "assigned": {
+    "configMap": {
+      "kubeletConfigKey": "kubelet",
+      "name": "my-node-config-9mbkccg2cc",
+      "namespace": "kube-system",
+      "resourceVersion": "1326",
+      "uid": "705ab4f5-6393-11e8-b7cc-42010a800002"
+    }
+  },
+  "lastKnownGood": {
+    "configMap": {
+      "kubeletConfigKey": "kubelet",
+      "name": "my-node-config-9mbkccg2cc",
+      "namespace": "kube-system",
+      "resourceVersion": "1326",
+      "uid": "705ab4f5-6393-11e8-b7cc-42010a800002"
+    }
+  }
+}
+
+```
+
+<!--
+If an error occurs, the Kubelet reports it in the `Node.Status.Config.Error`
+structure. Possible errors are listed in
+[Understanding Node.Status.Config.Error messages](#understanding-node-status-config-error-messages).
+You can search for the identical text in the Kubelet log for additional details
+and context about the error.
+-->
+如果发生错误，Kubelet 会在 `Node.Status.Config.Error` 中显示出它的结构体。 可能的错误列在
+[了解 Node.Status.Config.Error 信息](#understanding-node-status-config-error-messages).
+您可以在 Kubelet 日志中搜索相同的文本以获取更多详细信息和有关错误的上下文。
+
+<!-- #### Make more changes -->
+#### 做出更多的改变
+
+<!--
+Follow the workflow above to make more changes and push them again. Each time
+you push a ConfigMap with new contents, the --append-hash kubectl option creates
+the ConfigMap with a new name. The safest rollout strategy is to first create a
+new ConfigMap, and then update the Node to use the new ConfigMap.
+-->
+按照下面的工作流程做出更多的改变并再次推送它们。你每次推送一个ConfigMap 的新内容时，--append-hash kubectl 选项都会给 ConfigMap 创建一个新的名称。
+最安全的推出策略是首先创建一个新的 ConfigMap，然后更新 节点 以使用新的 ConfigMap。
+
+<!-- #### Reset the Node to use its local default configuration -->
+#### 重置节点以使用其本地默认配置
+
+<!--
+To reset the Node to use the configuration it was provisioned with, edit the
+Node using `kubectl edit node ${NODE_NAME}` and remove the
+`Node.Spec.ConfigSource` field.
+-->
+重置节点去使用已经配好的的配置，用 `kubectl edit node $ {NODE_NAME}` 命令编辑节点，并删除
+`Node.Spec.ConfigSource` 字段。
+
+<!-- #### Observe that the Node is using its local default configuration -->
+#### 监察正在使用本地默认配置的节点
+
+<!--
+After removing this subfield, `Node.Status.Config` eventually becomes
+empty, since all config sources have been reset to `nil`, which indicates that
+the local default config is `assigned`, `active`, and `lastKnownGood`, and no
+error is reported.
+-->
+在删除此字段后，`Node.Status.Config` 最终变成空，所有配置源都已重置为 `nil`，这表示
+本地默认配置是 `assigned`，`active` 和 `lastKnownGood`这三个参数，没有报告错误。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!-- ## Kubectl Patch Example -->
+## Kubectl 补丁示例
+
+<!--
+You can change a Node's configSource using several different mechanisms.
+This example uses `kubectl patch`:
+
+```bash
+kubectl patch node ${NODE_NAME} -p "{\"spec\":{\"configSource\":{\"configMap\":{\"name\":\"${CONFIG_MAP_NAME}\",\"namespace\":\"kube-system\",\"kubeletConfigKey\":\"kubelet\"}}}}"
+```
+-->
+您可以使用几种不同的机制来更改节点的 configSource。
+这个例子使用`kubectl patch`：
+
+```bash
+kubectl patch node ${NODE_NAME} -p "{\"spec\":{\"configSource\":{\"configMap\":{\"name\":\"${CONFIG_MAP_NAME}\",\"namespace\":\"kube-system\",\"kubeletConfigKey\":\"kubelet\"}}}}"
+```
+
+<!-- ## Understanding how the Kubelet checkpoints config -->
+## 了解Kubelet检查点的配置方式
+
+<!--
+When a new config is assigned to the Node, the Kubelet downloads and unpacks the
+config payload as a set of files on the local disk. The Kubelet also records metadata
+that locally tracks the assigned and last-known-good config sources, so that the
+Kubelet knows which config to use across restarts, even if the API server becomes
+unavailable. After checkpointing a config and the relevant metadata, the Kubelet
+exits if it detects that the assigned config has changed. When the Kubelet is
+restarted by the OS-level service manager (such as `systemd`), it reads the new
+metadata and uses the new config.
+-->
+当为节点分配新配置时，Kubelet 会在本地磁盘上，下载并解压配置负载为一组文件。Kubelet 还记录元数据
+在本地跟踪已分配和最后已知良好的配置源，以便 Kubelet 知道在重新启动时使用哪个配置，即使API服务器变为不可用。 在检查点配置和相关元数据之后，如果检测到已分配的配置改变了，则 Kubelet 退出。 当K ubelet 被 OS 级服务管理器（例如`systemd`）重新启动时，它会读取新的元数据并使用新配置。
+
+<!--
+The recorded metadata is fully resolved, meaning that it contains all necessary
+information to choose a specific config version - typically a `UID` and `ResourceVersion`.
+This is in contrast to `Node.Spec.ConfigSource`, where the intended config is declared
+via the idempotent `namespace/name` that identifies the target ConfigMap; the Kubelet
+tries to use the latest version of this ConfigMap.
+-->
+当记录的元数据已被完全解析时，意味着它包含的所有必需的信息去选择一个指定的
+配置版本 - 通常是 `UID` 和 `ResourceVersion`。与 `Node.Spec.ConfigSource` 形成对比，
+通过幂等 `namespace/name` 预期声明配置来标识目标 ConfigMap；Kubelet
+尝试使用此 ConfigMap的 最新版本。
+
+<!--
+When you are debugging problems on a node, you can inspect the Kubelet's config
+metadata and checkpoints. The structure of the Kubelet's checkpointing directory is:
+
+```none
+- --dynamic-config-dir (root for managing dynamic config)
+| - meta
+  | - assigned (encoded kubeletconfig/v1beta1.SerializedNodeConfigSource object, indicating the assigned config)
+  | - last-known-good (encoded kubeletconfig/v1beta1.SerializedNodeConfigSource object, indicating the last-known-good config)
+| - checkpoints
+  | - uid1 (dir for versions of object identified by uid1)
+    | - resourceVersion1 (dir for unpacked files from resourceVersion1 of object with uid1)
+    | - ...
+  | - ...
+```
+-->
+当您在节点上调试问题时，可以检查Kubelet的配置元数据和检查点。Kubelet 的检查点目录结构是：
+
+```none
+- --dynamic-config-dir (root for managing dynamic config)
+| - meta
+  | - assigned (encoded kubeletconfig/v1beta1.SerializedNodeConfigSource object, indicating the assigned config)
+  | - last-known-good (encoded kubeletconfig/v1beta1.SerializedNodeConfigSource object, indicating the last-known-good config)
+| - checkpoints
+  | - uid1 (dir for versions of object identified by uid1)
+    | - resourceVersion1 (dir for unpacked files from resourceVersion1 of object with uid1)
+    | - ...
+  | - ...
+```
+
+<!-- ## Understanding Node.Status.Config.Error messages -->
+## 了解 Node.Status.Config.Error 信息
+
+<!--
+The following table describes error messages that can occur
+when using Dynamic Kubelet Config. You can search for the identical text
+in the Kubelet log for additional details and context about the error.
+-->
+下表描述了使用Dynamic Kubelet配置时可能发生的错误消息。 您可以在 Kubelet 日志中搜索相同的文本
+来获取有关错误的其他详细信息和上下文。
+
+<!--
+<table>
+<table align="left">
+<tr>
+    <th>Error Message</th>
+    <th>Possible Causes</th>
+</tr>
+<tr>
+    <td><p>failed to load config, see Kubelet log for details</p></td>
+    <td><p>The Kubelet likely could not parse the downloaded config payload, or encountered a filesystem error attempting to load the payload from disk.</p></td>
+</tr>
+<tr>
+    <td><p>failed to validate config, see Kubelet log for details</p></td>
+    <td><p>The configuration in the payload, combined with any command-line flag overrides, and the sum of feature gates from flags, the config file, and the remote payload, was determined to be invalid by the Kubelet.</p></td>
+</tr>
+<tr>
+    <td><p>invalid NodeConfigSource, exactly one subfield must be non-nil, but all were nil</p></td>
+    <td><p>Since Node.Spec.ConfigSource is validated by the API server to contain at least one non-nil subfield, this likely means that the Kubelet is older than the API server and does not recognize a newer source type.</p></td>
+</tr>
+<tr>
+    <td><p>failed to sync: failed to download config, see Kubelet log for details</p></td>
+    <td><p>The Kubelet could not download the config. It is possible that Node.Spec.ConfigSource could not be resolved to a concrete API object, or that network errors disrupted the download attempt. The Kubelet will retry the download when in this error state.</p></td>
+</tr>
+<tr>
+    <td><p>failed to sync: internal failure, see Kubelet log for details</p></td>
+    <td><p>The Kubelet encountered some internal problem and failed to update its config as a result. Examples include filesystem errors and reading objects from the internal informer cache.</p></td>
+</tr>
+<tr>
+    <td><p>internal failure, see Kubelet log for details</p></td>
+    <td><p>The Kubelet encountered some internal problem while manipulating config, outside of the configuration sync loop.</p></td>
+</tr>
+</table>
+-->
+<table>
+<table align="left">
+<tr>
+    <th>错误信息</th>
+    <th>可能的原因</th>
+</tr>
+<tr>
+    <td><p>无法加载配置，请参阅 Kubelet 日志了解详细信息</p></td>
+    <td><p>Kubelet可能无法解析下载配置的有效负载，或者当尝试从磁盘中加载有效负载时，遇到文件系统错误。</p></td>
+</tr>
+<tr>
+    <td><p>无法验证配置，请参阅Kubelet日志了解详细信息</p></td>
+    <td><p>有效负载中的配置将任何命令行标志所覆盖的和这些标志的特性们合并，包括配置文件和远程有效负载，
+    它们一起被Kubelet确定为无效。</p></td>
+</tr>
+<tr>
+    <td><p>无效的 NodeConfigSource，理应刚好一个子字段必须是非空的，但这些字段都是空的</p></td>
+    <td><p>由 API 服务器验证 Node.Spec.ConfigSource 是否包含至少一个非空子字段，可能原因是 Kubelet 比API 服务器版本低，不识别更新的源类型。</p></td>
+</tr>
+<tr>
+    <td><p>无法同步：无法下载配置，请参阅Kubelet日志了解详细信息</p></td>
+    <td><p>Kubelet无法下载配置。可能是 Node.Spec.ConfigSource 无法解析为具体的API对象，或者网络错误中断了下载。 当处于此错误状态时，Kubelet 将重新下载。</p></td>
+</tr>
+<tr>
+    <td><p>无法同步：内部故障，请参阅Kubelet日志了解详细信息</p></td>
+    <td><p>Kubelet遇到了一些内部问题，因此无法更新其配置。 例如包括文件系统错误和从内部函数缓存中读取对象。</p></td>
+</tr>
+<tr>
+    <td><p>内部故障，请参阅Kubelet日志了解详细信息</p></td>
+    <td><p>在配置同步循环之外操作配置时，Kubelet遇到了一些内部问题。</p></td>
+</tr>
+</table>
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/reserve-compute-resources.md b/content/zh/docs/tasks/administer-cluster/reserve-compute-resources.md
new file mode 100644
index 0000000000000..41bb9cb1107c5
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/reserve-compute-resources.md
@@ -0,0 +1,421 @@
+---
+reviewers:
+- vishh
+- derekwaynecarr
+- dashpole
+title: 为系统守护进程预留计算资源
+content_template: templates/task
+---
+<!--
+---
+reviewers:
+- vishh
+- derekwaynecarr
+- dashpole
+title: Reserve Compute Resources for System Daemons
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+<!--
+Kubernetes nodes can be scheduled to `Capacity`. Pods can consume all the
+available capacity on a node by default. This is an issue because nodes
+typically run quite a few system daemons that power the OS and Kubernetes
+itself. Unless resources are set aside for these system daemons, pods and system
+daemons compete for resources and lead to resource starvation issues on the
+node.
+
+The `kubelet` exposes a feature named `Node Allocatable` that helps to reserve
+compute resources for system daemons. Kubernetes recommends cluster
+administrators to configure `Node Allocatable` based on their workload density
+on each node.
+-->
+Kubernetes 的节点可以按照 `Capacity` 调度。默认情况下 pod 能够使用节点全部可用容量。这是个问题，因为节点自己通常运行了不少驱动 OS 和 Kubernetes 的系统守护进程。除非为这些系统守护进程留出资源，否则它们将与 pod 争夺资源并导致节点资源短缺问题。
+
+`kubelet` 公开了一个名为 `Node Allocatable` 的特性，有助于为系统守护进程预留计算资源。Kubernetes 推荐集群管理员按照每个节点上的工作负载密度配置 `Node Allocatable`。
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Node Allocatable
+
+```text
+      Node Capacity
+---------------------------
+|     kube-reserved       |
+|-------------------------|
+|     system-reserved     |
+|-------------------------|
+|    eviction-threshold   |
+|-------------------------|
+|                         |
+|      allocatable        |
+|   (available for pods)  |
+|                         |
+|                         |
+---------------------------
+```
+
+`Allocatable` on a Kubernetes node is defined as the amount of compute resources
+that are available for pods. The scheduler does not over-subscribe
+`Allocatable`. `CPU`, `memory` and `ephemeral-storage` are supported as of now.
+
+Node Allocatable is exposed as part of `v1.Node` object in the API and as part
+of `kubectl describe node` in the CLI.
+
+Resources can be reserved for two categories of system daemons in the `kubelet`.
+-->
+## 可分配的节点
+
+```text
+      Node Capacity
+---------------------------
+|     kube-reserved       |
+|-------------------------|
+|     system-reserved     |
+|-------------------------|
+|    eviction-threshold   |
+|-------------------------|
+|                         |
+|      allocatable        |
+|   (available for pods)  |
+|                         |
+|                         |
+---------------------------
+```
+
+Kubernetes 节点上的 `Allocatable` 被定义为 pod 可用计算资源量。调度器不会超额申请 `Allocatable`。目前支持 `CPU`, `memory` 和 `ephemeral-storage` 这几个参数。
+
+可分配的节点暴露为 API 中 `v1.Node` 对象的一部分，也是 CLI 中 `kubectl describe node` 的一部分。
+
+在 `kubelet` 中，可以为两类系统守护进程预留资源。
+
+<!--
+### Enabling QoS and Pod level cgroups
+
+To properly enforce node allocatable constraints on the node, you must
+enable the new cgroup hierarchy via the `--cgroups-per-qos` flag. This flag is
+enabled by default. When enabled, the `kubelet` will parent all end-user pods
+under a cgroup hierarchy managed by the `kubelet`.
+-->
+### 启用 QoS 和 Pod 级别的 cgroups
+
+为了恰当的在节点范围实施 node allocatable，您必须通过 `--cgroups-per-qos` 标志启用新的 cgroup 层次结构。这个标志是默认启用的。启用后，`kubelet` 将在其管理的 cgroup 层次结构中创建所有终端用户的 pod。
+
+<!--
+### Configuring a cgroup driver
+
+The `kubelet` supports manipulation of the cgroup hierarchy on
+the host using a cgroup driver. The driver is configured via the
+`--cgroup-driver` flag.
+
+The supported values are the following:
+
+* `cgroupfs` is the default driver that performs direct manipulation of the
+cgroup filesystem on the host in order to manage cgroup sandboxes.
+* `systemd` is an alternative driver that manages cgroup sandboxes using
+transient slices for resources that are supported by that init system.
+
+Depending on the configuration of the associated container runtime,
+operators may have to choose a particular cgroup driver to ensure
+proper system behavior. For example, if operators use the `systemd`
+cgroup driver provided by the `docker` runtime, the `kubelet` must
+be configured to use the `systemd` cgroup driver.
+-->
+### 配置 cgroup 驱动
+
+`kubelet` 支持在主机上使用 cgroup 驱动操作 cgroup 层次结构。驱动通过 `--cgroup-driver` 标志配置。
+
+支持的参数值如下：
+
+* `cgroupfs` 是默认的驱动，在主机上直接操作 cgroup 文件系统以对 cgroup 沙箱进行管理。
+* `systemd` 是可选的驱动，使用 init 系统支持的资源的瞬时切片管理 cgroup 沙箱。
+
+取决于相关容器运行时的配置，操作员可能需要选择一个特定的 cgroup 驱动来保证系统正常运行。例如如果操作员使用 `docker` 运行时提供的 `systemd` cgroup 驱动时，必须配置 `kubelet` 使用 `systemd` cgroup 驱动。
+
+<!--
+### Kube Reserved
+
+- **Kubelet Flag**: `--kube-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]`
+- **Kubelet Flag**: `--kube-reserved-cgroup=`
+
+`kube-reserved` is meant to capture resource reservation for kubernetes system
+daemons like the `kubelet`, `container runtime`, `node problem detector`, etc.
+It is not meant to reserve resources for system daemons that are run as pods.
+`kube-reserved` is typically a function of `pod density` on the nodes. [This
+performance dashboard](http://node-perf-dash.k8s.io/#/builds) exposes `cpu` and
+`memory` usage profiles of `kubelet` and `docker engine` at multiple levels of
+pod density. [This blog
+post](https://kubernetes.io/blog/2016/11/visualize-kubelet-performance-with-node-dashboard)
+explains how the dashboard can be interpreted to come up with a suitable
+`kube-reserved` reservation.
+
+In addition to `cpu`, `memory`, and `ephemeral-storage`, `pid` may be
+specified to reserve the specified number of process IDs for
+kubernetes system daemons.
+
+To optionally enforce `kube-reserved` on system daemons, specify the parent
+control group for kube daemons as the value for `--kube-reserved-cgroup` kubelet
+flag.
+
+It is recommended that the kubernetes system daemons are placed under a top
+level control group (`runtime.slice` on systemd machines for example). Each
+system daemon should ideally run within its own child control group. Refer to
+[this
+doc](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md#recommended-cgroups-setup)
+for more details on recommended control group hierarchy.
+
+Note that Kubelet **does not** create `--kube-reserved-cgroup` if it doesn't
+exist. Kubelet will fail if an invalid cgroup is specified.
+-->
+### Kube 预留值
+
+- **Kubelet Flag**: `--kube-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]`
+- **Kubelet Flag**: `--kube-reserved-cgroup=`
+
+`kube-reserved` 是为了给诸如 `kubelet`、`container runtime`、`node problem detector` 等 kubernetes 系统守护进程争取资源预留。
+这并不代表要给以 pod 形式运行的系统守护进程保留资源。`kube-reserved` 通常是节点上的一个 `pod 密度` 功能。
+[这个性能仪表盘](http://node-perf-dash.k8s.io/#/builds) 从 pod 密度的多个层面展示了 `kubelet` 和 `docker engine` 的 `cpu` 和 `内存` 使用情况。
+[这个博文](https://kubernetes.io/blog/2016/11/visualize-kubelet-performance-with-node-dashboard)解释了如何仪表板以提出合适的 `kube-reserved` 预留。
+
+除了 `cpu`，`内存` 和 `ephemeral-storage` 之外，`pid` 可能是指定为 kubernetes 系统守护进程预留指定数量的进程 ID。
+
+要选择性的在系统守护进程上执行 `kube-reserved`，需要把 kubelet 的 `--kube-reserved-cgroup` 标志的值设置为 kube 守护进程的父控制组。
+
+推荐将 kubernetes 系统守护进程放置于顶级控制组之下（例如 systemd 机器上的 `runtime.slice`）。理想情况下每个系统守护进程都应该在其自己的子控制组中运行。请参考[这篇文档](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md#recommended-cgroups-setup)，获取更过关于推荐控制组层次结构的细节。
+
+请注意，如果 `--kube-reserved-cgroup` 不存在，Kubelet 将**不会**创建它。如果指定了一个无效的 cgroup，Kubelet 将会失败。
+
+<!--
+### System Reserved
+
+- **Kubelet Flag**: `--system-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]`
+- **Kubelet Flag**: `--system-reserved-cgroup=`
+
+
+`system-reserved` is meant to capture resource reservation for OS system daemons
+like `sshd`, `udev`, etc. `system-reserved` should reserve `memory` for the
+`kernel` too since `kernel` memory is not accounted to pods in Kubernetes at this time.
+Reserving resources for user login sessions is also recommended (`user.slice` in
+systemd world).
+
+In addition to `cpu`, `memory`, and `ephemeral-storage`, `pid` may be
+specified to reserve the specified number of process IDs for OS system
+daemons.
+
+To optionally enforce `system-reserved` on system daemons, specify the parent
+control group for OS system daemons as the value for `--system-reserved-cgroup`
+kubelet flag.
+
+It is recommended that the OS system daemons are placed under a top level
+control group (`system.slice` on systemd machines for example).
+
+Note that Kubelet **does not** create `--system-reserved-cgroup` if it doesn't
+exist. Kubelet will fail if an invalid cgroup is specified.
+-->
+### 系统预留值
+
+- **Kubelet Flag**: `--system-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]`
+- **Kubelet Flag**: `--system-reserved-cgroup=`
+
+`system-reserved` 用于为诸如 `sshd`、`udev` 等系统守护进程争取资源预留。
+`system-reserved` 也应该为 `kernel` 预留 `内存`，因为目前 `kernel` 使用的内存并不记在 Kubernetes 的 pod 上。
+同时还推荐为用户登录会话预留资源（systemd 体系中的 `user.slice`）。
+
+除了 `cpu`，`内存` 和 `ephemeral-storage` 之外，`pid` 可能是指定为 kubernetes 系统守护进程预留指定数量的进程 ID。
+
+要想在系统守护进程上可选地执行 `system-reserved`，请指定 `--system-reserved-cgroup` kubelet 标志的值为 OS 系统守护进程的父级控制组。
+
+推荐将 OS 系统守护进程放在一个顶级控制组之下（例如 systemd 机器上的 `system.slice`）。
+
+请注意，如果 `--system-reserved-cgroup` 不存在，Kubelet **不会**创建它。如果指定了无效的 cgroup，Kubelet 将会失败。
+
+<!--
+### Eviction Thresholds
+
+- **Kubelet Flag**: `--eviction-hard=[memory.available<500Mi]`
+
+Memory pressure at the node level leads to System OOMs which affects the entire
+node and all pods running on it. Nodes can go offline temporarily until memory
+has been reclaimed. To avoid (or reduce the probability of) system OOMs kubelet
+provides [`Out of Resource`](./out-of-resource.md) management. Evictions are
+supported for `memory` and `ephemeral-storage` only. By reserving some memory via
+`--eviction-hard` flag, the `kubelet` attempts to `evict` pods whenever memory
+availability on the node drops below the reserved value. Hypothetically, if
+system daemons did not exist on a node, pods cannot use more than `capacity -
+eviction-hard`. For this reason, resources reserved for evictions are not
+available for pods.
+-->
+### 驱逐阈值
+
+- **Kubelet Flag**: `--eviction-hard=[memory.available<500Mi]`
+
+节点级别的内存压力将导致系统内存不足，这将影响到整个节点及其上运行的所有 pod。节点可以暂时离线直到内存已经回收为止。
+为了防止（或减少可能性）系统内存不足，kubelet 提供了[资源不足](./out-of-resource.md)管理。驱逐操作只支持 `memory` 和 `ephemeral-storage`。
+通过 `--eviction-hard` 标志预留一些内存后，当节点上的可用内存降至保留值以下时，`kubelet` 将尝试`驱逐` pod。
+假设，如果节点上不存在系统守护进程，pod 将不能使用超过 `capacity-eviction-hard` 的资源。因此，为驱逐而预留的资源对 pod 是不可用的。
+
+<!--
+### Enforcing Node Allocatable
+
+- **Kubelet Flag**: `--enforce-node-allocatable=pods[,][system-reserved][,][kube-reserved]`
+
+The scheduler treats `Allocatable` as the available `capacity` for pods.
+
+`kubelet` enforce `Allocatable` across pods by default. Enforcement is performed
+by evicting pods whenever the overall usage across all pods exceeds
+`Allocatable`. More details on eviction policy can be found
+[here](./out-of-resource.md#eviction-policy). This enforcement is controlled by
+specifying `pods` value to the kubelet flag `--enforce-node-allocatable`.
+
+
+Optionally, `kubelet` can be made to enforce `kube-reserved` and
+`system-reserved` by specifying `kube-reserved` & `system-reserved` values in
+the same flag. Note that to enforce `kube-reserved` or `system-reserved`,
+`--kube-reserved-cgroup` or `--system-reserved-cgroup` needs to be specified
+respectively.
+-->
+### 执行节点分配
+
+- **Kubelet Flag**: `--enforce-node-allocatable=pods[,][system-reserved][,][kube-reserved]`
+
+调度器将 `Allocatable` 按 pod 的可用 `capacity` 对待。
+
+`kubelet` 默认在 pod 中执行 `Allocatable`。无论何时，如果所有 pod 的总用量超过了 `Allocatable`，驱逐 pod 的措施将被执行。有关驱逐策略的更多细节可以在[这里](./out-of-resource.md#eviction-policy)找到。请通过设置 kubelet `--enforce-node-allocatable` 标志值为 `pods` 控制这个措施。
+
+可选的，通过在相同标志中同时指定 `kube-reserved` 和 `system-reserved` 值能够使 `kubelet` 执行 `kube-reserved` 和 `system-reserved`。请注意，要想执行 `kube-reserved` 或者 `system-reserved` 时，需要分别指定 `--kube-reserved-cgroup` 或者 `--system-reserved-cgroup`。
+
+<!--
+## General Guidelines
+
+System daemons are expected to be treated similar to `Guaranteed` pods. System
+daemons can burst within their bounding control groups and this behavior needs
+to be managed as part of kubernetes deployments. For example, `kubelet` should
+have its own control group and share `Kube-reserved` resources with the
+container runtime. However, Kubelet cannot burst and use up all available Node
+resources if `kube-reserved` is enforced.
+
+Be extra careful while enforcing `system-reserved` reservation since it can lead
+to critical system services being CPU starved, OOM killed, or unable
+to fork on the node. The
+recommendation is to enforce `system-reserved` only if a user has profiled their
+nodes exhaustively to come up with precise estimates and is confident in their
+ability to recover if any process in that group is oom_killed.
+
+* To begin with enforce `Allocatable` on `pods`.
+* Once adequate monitoring and alerting is in place to track kube system
+  daemons, attempt to enforce `kube-reserved` based on usage heuristics.
+* If absolutely necessary, enforce `system-reserved` over time.
+
+The resource requirements of kube system daemons may grow over time as more and
+more features are added. Over time, kubernetes project will attempt to bring
+down utilization of node system daemons, but that is not a priority as of now.
+So expect a drop in `Allocatable` capacity in future releases.
+-->
+## 一般原则
+
+系统守护进程期望被按照类似 `Guaranteed` pod 一样对待。系统守护进程可以在其范围控制组中爆发式增长，您需要将这个行为作为 kubernetes 部署的一部分进行管理。
+例如，`kubelet` 应该有它自己的控制组并和容器运行时共享 `Kube-reserved` 资源。然而，如果执行了 `kube-reserved`，则 kubelet 不能突然爆发并耗尽节点的所有可用资源。
+
+在执行 `system-reserved` 预留操作时请加倍小心，因为它可能导致节点上的关键系统服务 CPU 资源短缺或因为内存不足而被终止。
+建议只有当用户详尽地描述了他们的节点以得出精确的估计时才强制执行 `system-reserved`，并且如果该组中的任何进程都是 oom_killed，则对他们恢复的能力充满信心。
+
+* 在 `pods` 上执行 `Allocatable` 作为开始。
+* 一旦足够用于追踪系统守护进程的监控和告警的机制到位，请尝试基于用量探索方式执行 `kube-reserved`。
+* 随着时间推进，如果绝对必要，可以执行 `system-reserved`。
+
+随着时间的增长以及越来越多特性的加入，kube 系统守护进程对资源的需求可能也会增加。以后 kubernetes 项目将尝试减少对节点系统守护进程的利用，但目前那并不是优先事项。所以，请期待在将来的发布中将 `Allocatable` 容量降低。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Example Scenario
+
+Here is an example to illustrate Node Allocatable computation:
+
+* Node has `32Gi` of `memory`, `16 CPUs` and `100Gi` of `Storage`
+* `--kube-reserved` is set to `cpu=1,memory=2Gi,ephemeral-storage=1Gi`
+* `--system-reserved` is set to `cpu=500m,memory=1Gi,ephemeral-storage=1Gi`
+* `--eviction-hard` is set to `memory.available<500Mi,nodefs.available<10%`
+
+Under this scenario, `Allocatable` will be `14.5 CPUs`, `28.5Gi` of memory and
+`88Gi` of local storage.
+Scheduler ensures that the total memory `requests` across all pods on this node does
+not exceed `28.5Gi` and storage doesn't exceed `88Gi`.
+Kubelet evicts pods whenever the overall memory usage across pods exceeds `28.5Gi`,
+or if overall disk usage exceeds `88Gi` If all processes on the node consume as
+much CPU as they can, pods together cannot consume more than `14.5 CPUs`.
+
+If `kube-reserved` and/or `system-reserved` is not enforced and system daemons
+exceed their reservation, `kubelet` evicts pods whenever the overall node memory
+usage is higher than `31.5Gi` or `storage` is greater than `90Gi`
+-->
+## 示例场景
+
+这是一个用于说明节点分配计算方式的示例：
+
+* 节点拥有 `32Gi 内存`，`16 核 CPU` 和 `100Gi 存储`
+* `--kube-reserved` 设置为 `cpu=1,memory=2Gi,ephemeral-storage=1Gi`
+* `--system-reserved` 设置为 `cpu=500m,memory=1Gi,ephemeral-storage=1Gi`
+* `--eviction-hard` 设置为 `memory.available<500Mi,nodefs.available<10%`
+
+在这个场景下，`Allocatable` 将会是 `14.5 CPUs`、`28.5Gi` 内存以及 `88Gi` 本地存储。
+调度器保证这个节点上的所有 pod `请求`的内存总量不超过 `28.5Gi`，存储不超过 `88Gi`。
+当 pod 的内存使用总量超过 `28.5Gi` 或者磁盘使用总量超过 `88Gi` 时，Kubelet 将会驱逐它们。如果节点上的所有进程都尽可能多的使用 CPU，则 pod 加起来不能使用超过 `14.5 CPUs` 的资源。
+
+当没有执行 `kube-reserved` 和/或 `system-reserved` 且系统守护进程使用量超过其预留时，如果节点内存用量高于 `31.5Gi` 或`存储`大于 `90Gi`，kubelet 将会驱逐 pod。
+
+<!--
+## Feature Availability
+
+As of Kubernetes version 1.2, it has been possible to **optionally** specify
+`kube-reserved` and `system-reserved` reservations. The scheduler switched to
+using `Allocatable` instead of `Capacity` when available in the same release.
+
+As of Kubernetes version 1.6, `eviction-thresholds` are being considered by
+computing `Allocatable`. To revert to the old behavior set
+`--experimental-allocatable-ignore-eviction` kubelet flag to `true`.
+
+As of Kubernetes version 1.6, `kubelet` enforces `Allocatable` on pods using
+control groups. To revert to the old behavior unset `--enforce-node-allocatable`
+kubelet flag. Note that unless `--kube-reserved`, or `--system-reserved` or
+`--eviction-hard` flags have non-default values, `Allocatable` enforcement does
+not affect existing deployments.
+
+As of Kubernetes version 1.6, `kubelet` launches pods in their own cgroup
+sandbox in a dedicated part of the cgroup hierarchy it manages. Operators are
+required to drain their nodes prior to upgrade of the `kubelet` from prior
+versions in order to ensure pods and their associated containers are launched in
+the proper part of the cgroup hierarchy.
+
+As of Kubernetes version 1.7, `kubelet` supports specifying `storage` as a resource
+for `kube-reserved` and `system-reserved`.
+
+As of Kubernetes version 1.8, the `storage` key name was changed to `ephemeral-storage`
+for the alpha release.
+-->
+## 可用特性
+
+截至 Kubernetes 1.2 版本，已经可以**可选**的指定 `kube-reserved` 和 `system-reserved` 预留。当在相同的发布中都可用时，调度器将转为使用 `Allocatable` 替代 `Capacity`。
+
+截至 Kubernetes 1.6 版本，`eviction-thresholds` 是通过计算 `Allocatable` 进行考虑。要使用旧版本的行为，请设置 `--experimental-allocatable-ignore-eviction` kubelet 标志为 `true`。
+
+截至 Kubernetes 1.6 版本，`kubelet` 使用控制组在 pod 上执行 `Allocatable`。要使用旧版本行为，请取消设置 `--enforce-node-allocatable` kubelet 标志。请注意，除非 `--kube-reserved` 或者 `--system-reserved` 或者 `--eviction-hard` 标志没有默认参数，否则 `Allocatable` 的实施不会影响已经存在的 deployment。
+
+截至 Kubernetes 1.6 版本，`kubelet` 在 pod 自己的 cgroup 沙箱中启动它们，这个 cgroup 沙箱在 `kubelet` 管理的 cgroup 层次结构中的一个独占部分中。在从前一个版本升级 kubelet 之前，要求操作员 drain 节点，以保证 pod 及其关联的容器在 cgroup 层次结构中合适的部分中启动。
+
+截至 Kubernetes 1.7 版本，`kubelet` 支持指定 `storage` 为 `kube-reserved` 和 `system-reserved` 的资源。
+
+截至 Kubernetes 1.8 版本，对于 alpha 版本，`storage` 键值名称已更改为 `ephemeral-storage`。
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/running-cloud-controller.md b/content/zh/docs/tasks/administer-cluster/running-cloud-controller.md
new file mode 100644
index 0000000000000..014bb69dfcec4
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/running-cloud-controller.md
@@ -0,0 +1,180 @@
+---
+reviewers:
+- luxas
+- thockin
+- wlan0
+title: Kubernetes 云管理控制器
+content_template: templates/concept
+---
+<!--
+---
+reviewers:
+- luxas
+- thockin
+- wlan0
+title: Kubernetes Cloud Controller Manager
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+{{< feature-state state="beta" >}}
+<!--
+Kubernetes v1.6 introduced a new binary called `cloud-controller-manager`. `cloud-controller-manager` is a daemon that embeds cloud-specific control loops. These cloud-specific control loops were originally in the `kube-controller-manager`. Since cloud providers develop and release at a different pace compared to the Kubernetes project, abstracting the provider-specific code to the `cloud-controller-manager` binary allows cloud vendors to evolve independently from the core Kubernetes code.
+
+The `cloud-controller-manager` can be linked to any cloud provider that satisfies [cloudprovider.Interface](https://github.com/kubernetes/cloud-provider/blob/master/cloud.go). For backwards compatibility, the [cloud-controller-manager](https://github.com/kubernetes/kubernetes/tree/master/cmd/cloud-controller-manager) provided in the core Kubernetes project uses the same cloud libraries as `kube-controller-manager`. Cloud providers already supported in Kubernetes core are expected to use the in-tree cloud-controller-manager to transition out of Kubernetes core. In future Kubernetes releases, all cloud controller managers will be developed outside of the core Kubernetes project managed by sig leads or cloud vendors.
+-->
+Kubernetes v1.6 包含一个新的二进制文件，叫做 `cloud-controller-manager`。`cloud-controller-manager` 是一个嵌入了特定云服务控制循环逻辑的守护进程。这些特定云服务控制循环逻辑最初存在于 `kube-controller-manager` 中。由于云服务提供商开发和发布的速度与 Kubernetes 项目不同，将服务提供商专用代码从 `cloud-controller-manager` 二进制中抽象出来有助于云服务厂商在 Kubernetes 核心代码之外独立进行开发。
+
+`cloud-controller-manager` 可以被链接到任何满足 [cloudprovider.Interface](https://github.com/kubernetes/cloud-provider/blob/master/cloud.go) 约束的云服务提供商。为了兼容旧版本，Kubernetes 核心项目中提供的 [cloud-controller-manager](https://github.com/kubernetes/kubernetes/tree/master/cmd/cloud-controller-manager) 使用和 `kube-controller-manager` 相同的云服务类库。已经在 Kubernetes 核心项目中支持的云服务提供商预计将通过使用 in-tree 的 cloud-controller-manager 过渡到 Kubernetes 核心之外。在将来的 Kubernetes 发布中，所有的云管理控制器将在 Kubernetes 核心项目之外，由 sig 领导者或者云服务厂商进行开发。 
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Administration
+
+### Requirements
+
+Every cloud has their own set of requirements for running their own cloud provider integration, it should not be too different from the requirements when running `kube-controller-manager`. As a general rule of thumb you'll need:
+
+* cloud authentication/authorization: your cloud may require a token or IAM rules to allow access to their APIs
+* kubernetes authentication/authorization: cloud-controller-manager may need RBAC rules set to speak to the kubernetes apiserver
+* high availability: like kube-controller-manager, you may want a high available setup for cloud controller manager using leader election (on by default).
+-->
+## 管理
+
+### 需求
+
+每个云服务都有一套各自的需求用于系统平台的集成，这不应与运行 `kube-controller-manager` 的需求有太大差异。作为经验法则，你需要：
+
+* 云服务认证 / 授权：您的云服务可能需要使用令牌或者 IAM 规则以允许对其 API 的访问
+* kubernetes 认证 / 授权：cloud-controller-manager 可能需要 RBAC 规则以访问 kubernetes apiserver
+* 高可用：类似于 kube-controller-manager，您可能希望通过主节点选举（默认开启）配置一个高可用的云管理控制器。
+
+<!--
+### Running cloud-controller-manager
+
+Successfully running cloud-controller-manager requires some changes to your cluster configuration.
+
+* `kube-apiserver` and `kube-controller-manager` MUST NOT specify the `--cloud-provider` flag. This ensures that it does not run any cloud specific loops that would be run by cloud controller manager. In the future, this flag will be deprecated and removed.
+* `kubelet` must run with `--cloud-provider=external`. This is to ensure that the kubelet is aware that it must be initialized by the cloud controller manager before it is scheduled any work.
+
+Keep in mind that setting up your cluster to use cloud controller manager will change your cluster behaviour in a few ways:
+
+* kubelets specifying `--cloud-provider=external` will add a taint `node.cloudprovider.kubernetes.io/uninitialized` with an effect `NoSchedule` during initialization. This marks the node as needing a second initialization from an external controller before it can be scheduled work. Note that in the event that cloud controller manager is not available, new nodes in the cluster will be left unschedulable. The taint is important since the scheduler may require cloud specific information about nodes such as their region or type (high cpu, gpu, high memory, spot instance, etc).
+* cloud information about nodes in the cluster will no longer be retrieved using local metadata, but instead all API calls to retrieve node information will go through cloud controller manager. This may mean you can restrict access to your cloud API on the kubelets for better security. For larger clusters you may want to consider if cloud controller manager will hit rate limits since it is now responsible for almost all API calls to your cloud from within the cluster.
+
+
+As of v1.8, cloud controller manager can implement:
+
+* node controller - responsible for updating kubernetes nodes using cloud APIs and deleting kubernetes nodes that were deleted on your cloud.
+* service controller - responsible for loadbalancers on your cloud against services of type LoadBalancer.
+* route controller - responsible for setting up network routes on your cloud
+* any other features you would like to implement if you are running an out-of-tree provider.
+-->
+### 运行云管理控制器
+
+您需要对集群配置做适当的修改以成功地运行云管理控制器：
+
+* 一定不要为 `kube-apiserver` 和 `kube-controller-manager` 指定 `--cloud-provider` 标志。这将保证它们不会运行任何云服务专用循环逻辑，这将会由云管理控制器运行。未来这个标记将被废弃并去除。
+* `kubelet` 必须使用 `--cloud-provider=external` 运行。这是为了保证让 kubelet 知道在执行任何任务前，它必须被云管理控制器初始化。
+
+请记住，设置群集使用云管理控制器将用多种方式更改群集行为：
+
+* 指定了 `--cloud-provider=external` 的 kubelet 将被添加一个 `node.cloudprovider.kubernetes.io/uninitialized` 的污点，导致其在初始化过程中不可调度（`NoSchedule`）。这将标记该节点在能够正常调度前，需要外部的控制器进行二次初始化。请注意，如果云管理控制器不可用，集群中的新节点会一直处于不可调度的状态。这个污点很重要，因为调度器可能需要关于节点的云服务特定的信息，比如他们的区域或类型（high cpu, gpu, high memory, spot instance 等）。
+* 集群中节点的云服务信息将不再能够从本地元数据中获取，取而代之的是所有获取节点信息的 API 调用都将通过云管理控制器。这意味着你可以通过限制到 kubelet 云服务 API 的访问来提升安全性。在更大的集群中您可能需要考虑云管理控制器是否会遇到速率限制，因为它现在负责集群中几乎所有到云服务的 API 调用。
+
+
+对于 v1.8 版本，云管理控制器可以实现：
+
+* node 控制器 - 负责使用云服务 API 更新 kubernetes 节点并删除在云服务上已经删除的 kubernetes 节点。
+* service 控制器 - 负责在云服务上为类型为 LoadBalancer 的 service 提供负载均衡器。
+* route 控制器 - 负责在云服务上配置网络路由。
+* 如果您使用的是 out-of-tree 提供商，请按需实现其余任意特性。
+
+<!--
+## Examples
+
+If you are using a cloud that is currently supported in Kubernetes core and would like to adopt cloud controller manager, see the [cloud controller manager in kubernetes core](https://github.com/kubernetes/kubernetes/tree/master/cmd/cloud-controller-manager).
+
+For cloud controller managers not in Kubernetes core, you can find the respective projects in repos maintained by cloud vendors or sig leads.
+
+* [DigitalOcean](https://github.com/digitalocean/digitalocean-cloud-controller-manager)
+* [keepalived](https://github.com/munnerz/keepalived-cloud-provider)
+* [Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager)
+* [Rancher](https://github.com/rancher/rancher-cloud-controller-manager)
+
+For providers already in Kubernetes core, you can run the in-tree cloud controller manager as a Daemonset in your cluster, use the following as a guideline:
+
+{{< codenew file="admin/cloud/ccm-example.yaml" >}}
+-->
+## 示例
+
+如果当前 Kubernetes 内核支持您使用的云服务，并且想要采用云管理控制器，请参见 [kubernetes 内核中的云管理控制器](https://github.com/kubernetes/kubernetes/tree/master/cmd/cloud-controller-manager)。
+
+对于不在 Kubernetes 内核中的云管理控制器，您可以在云服务厂商或 sig 领导者的源中找到对应的项目。
+
+* [DigitalOcean](https://github.com/digitalocean/digitalocean-cloud-controller-manager)
+* [keepalived](https://github.com/munnerz/keepalived-cloud-provider)
+* [Oracle Cloud Infrastructure](https://github.com/oracle/oci-cloud-controller-manager)
+* [Rancher](https://github.com/rancher/rancher-cloud-controller-manager)
+
+对于已经存在于 Kubernetes 内核中的提供商，您可以在集群中将 in-tree 云管理控制器作为守护进程运行。请使用如下指南：
+
+{{< codenew file="admin/cloud/ccm-example.yaml" >}}
+
+<!--
+## Limitations
+
+Running cloud controller manager comes with a few possible limitations. Although these limitations are being addressed in upcoming releases, it's important that you are aware of these limitations for production workloads.
+
+### Support for Volumes
+
+Cloud controller manager does not implement any of the volume controllers found in `kube-controller-manager` as the volume integrations also require coordination with kubelets. As we evolve CSI (container storage interface) and add stronger support for flex volume plugins, necessary support will be added to cloud controller manager so that clouds can fully integrate with volumes. Learn more about out-of-tree CSI volume plugins [here](https://github.com/kubernetes/features/issues/178).
+
+### Scalability
+
+In the previous architecture for cloud providers, we relied on kubelets using a local metadata service to retrieve node information about itself. With this new architecture, we now fully rely on the cloud controller managers to retrieve information for all nodes. For very larger clusters, you should consider possible bottle necks such as resource requirements and API rate limiting.
+-->
+## 限制
+
+运行云管理控制器会有一些可能的限制。虽然以后的版本将处理这些限制，但是知道这些生产负载的限制很重要。
+
+### 对 Volume 的支持
+
+云管理控制器未实现 `kube-controller-manager` 中的任何 volume 控制器，因为和 volume 的集成还需要与 kubelet 协作。由于我们引入了 CSI (容器存储接口，container storage interface) 并对弹性 volume 插件添加了更强大的支持，云管理控制器将添加必要的支持，以使云服务同 volume 更好的集成。请在 [这里](https://github.com/kubernetes/features/issues/178) 了解更多关于 out-of-tree CSI volume 插件的信息。
+
+### 可扩展性
+
+在以前为云服务提供商提供的架构中，我们依赖 kubelet 的本地元数据服务来获取关于它本身的节点信息。通过这个新的架构，现在我们完全依赖云管理控制器来获取所有节点的信息。对于非常大的集群，您需要考虑可能的瓶颈，例如资源需求和 API 速率限制。
+
+<!--
+### Chicken and Egg
+
+The goal of the cloud controller manager project is to decouple development of cloud features from the core Kubernetes project. Unfortunately, many aspects of the Kubernetes project has assumptions that cloud provider features are tightly integrated into the project. As a result, adopting this new architecture can create several situations where a request is being made for information from a cloud provider, but the cloud controller manager may not be able to return that information without the original request being complete.
+
+A good example of this is the TLS bootstrapping feature in the Kubelet. Currently, TLS bootstrapping assumes that the Kubelet has the ability to ask the cloud provider (or a local metadata service) for all its address types (private, public, etc) but cloud controller manager cannot set a node's address types without being initialized in the first place which requires that the kubelet has TLS certificates to communicate with the apiserver.
+
+As this initiative evolves, changes will be made to address these issues in upcoming releases.
+
+## Developing your own Cloud Controller Manager
+
+To build and develop your own cloud controller manager, read the [Developing Cloud Controller Manager](/docs/tasks/administer-cluster/developing-cloud-controller-manager.md) doc.
+-->
+### 鸡和蛋的问题
+
+云管理控制器的目标是将云服务特性的开发从 Kubernetes 核心项目中解耦。不幸的是，Kubernetes 项目的许多方面都假设云服务提供商的特性同项目紧密结合。因此，这种新架构的采用可能导致某些场景下，当一个请求需要从云服务提供商获取信息时，在该请求没有完成的情况下云管理控制器不能返回那些信息。
+
+Kubelet 中的 TLS 引导特性是一个很好的例子。目前，TLS 引导认为 Kubelet 有能力从云提供商（或本地元数据服务）获取所有的地址类型（私有、公用等），但在被初始化之前，云管理控制器不能设置节点地址类型，而这需要 kubelet 拥有 TLS 证书以和 apiserver 通信。
+
+随着这种措施的演进，将来的发行版中将作出改变来解决这些问题。
+
+## 开发自己的云管理控制器
+
+要构建和开发您自己的云管理控制器，请阅读 [开发云管理控制器](/docs/tasks/administer-cluster/developing-cloud-controller-manager.md) 文档。
+
+{{% /capture %}}
\ No newline at end of file
diff --git a/content/zh/docs/tasks/administer-cluster/securing-a-cluster.md b/content/zh/docs/tasks/administer-cluster/securing-a-cluster.md
new file mode 100644
index 0000000000000..56b8b572a8ecd
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/securing-a-cluster.md
@@ -0,0 +1,370 @@
+---
+reviewers:
+- smarterclayton
+- liggitt
+- ericchiang
+- destijl
+title: 集群安全
+content_template: templates/task
+---
+<!--
+---
+reviewers:
+- smarterclayton
+- liggitt
+- ericchiang
+- destijl
+title: Securing a Cluster
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This document covers topics related to protecting a cluster from accidental or malicious access
+and provides recommendations on overall security.
+-->
+本文档涉及与保护集群免受意外或恶意访问有关的主题，并对总体安全性提出建议。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Controlling access to the Kubernetes API
+
+As Kubernetes is entirely API driven, controlling and limiting who can access the cluster and what actions
+they are allowed to perform is the first line of defense.
+-->
+## 控制对 Kubernetes API 的访问
+
+因为 Kubernetes 是完全通过 API 驱动的，所以，控制和限制谁可以通过 API 访问集群，以及允许这些访问者执行什么样的 API 动作，就成为了安全控制的第一道防线。
+
+<!--
+### Use Transport Level Security (TLS) for all API traffic
+
+Kubernetes expects that all API communication in the cluster is encrypted by default with TLS, and the
+majority of installation methods will allow the necessary certificates to be created and distributed to 
+the cluster components. Note that some components and installation methods may enable local ports over 
+HTTP and administrators should familiarize themselves with the settings of each component to identify 
+potentially unsecured traffic.
+-->
+### 为 API 交互提供传输层安全 （TLS）
+
+Kubernetes 期望集群中所有的 API 通信在默认情况下都使用 TLS 加密，大多数安装方法也允许创建所需的证书并且分发到集群组件中。请注意，某些组件和安装方法可能使用 HTTP 来访问本地端口， 管理员应该熟悉每个组件的设置，以识别潜在的不安全的流量。
+
+<!--
+### API Authentication
+
+Choose an authentication mechanism for the API servers to use that matches the common access patterns 
+when you install a cluster. For instance, small single user clusters may wish to use a simple certificate 
+or static Bearer token approach. Larger clusters may wish to integrate an existing OIDC or LDAP server that
+allow users to be subdivided into groups. 
+
+All API clients must be authenticated, even those that are part of the infrastructure like nodes,
+proxies, the scheduler, and volume plugins. These clients are typically [service accounts](/docs/reference/access-authn-authz/service-accounts-admin/) or use x509 client certificates, and they are created automatically at cluster startup or are setup as part of the cluster installation.
+
+Consult the [authentication reference document](/docs/reference/access-authn-authz/authentication/) for more information.
+-->
+### API 认证
+
+安装集群时，选择一个 API 服务器的身份验证机制，去使用与之匹配的公共访问模式。例如，小型的单用户集群可能希望使用简单的证书或静态承载令牌方法。更大的集群则可能希望整合现有的、OIDC、LDAP 等允许用户分组的服务器。
+
+所有 API 客户端都必须经过身份验证，即使它是基础设施的一部分，比如节点、代理、调度程序和卷插件。这些客户端通常使用 [服务帐户](/docs/reference/access-authn-authz/service-accounts-admin/) 或 X509 客户端证书，并在集群启动时自动创建或是作为集群安装的一部分进行设置。
+
+如果您希望获取更多信息，请参考 [认证参考文档](/docs/reference/access-authn-authz/authentication/)。
+
+<!--
+### API Authorization
+
+Once authenticated, every API call is also expected to pass an authorization check. Kubernetes ships
+an integrated [Role-Based Access Control (RBAC)](/docs/reference/access-authn-authz/rbac/) component that matches an incoming user or group to a
+set of permissions bundled into roles. These permissions combine verbs (get, create, delete) with
+resources (pods, services, nodes) and can be namespace or cluster scoped. A set of out of the box
+roles are provided that offer reasonable default separation of responsibility depending on what
+actions a client might want to perform. It is recommended that you use the [Node](/docs/reference/access-authn-authz/node/) and [RBAC](/docs/reference/access-authn-authz/rbac/) authorizers together, in combination with the
+[NodeRestriction](/docs/reference/access-authn-authz/admission-controllers/#noderestriction) admission plugin.
+
+As with authentication, simple and broad roles may be appropriate for smaller clusters, but as
+more users interact with the cluster, it may become necessary to separate teams into separate
+namespaces with more limited roles.
+
+With authorization, it is important to understand how updates on one object may cause actions in 
+other places. For instance, a user may not be able to create pods directly, but allowing them to 
+create a deployment, which creates pods on their behalf, will let them create those pods 
+indirectly. Likewise, deleting a node from the API will result in the pods scheduled to that node 
+being terminated and recreated on other nodes. The out of the box roles represent a balance
+between flexibility and the common use cases, but more limited roles should be carefully reviewed
+to prevent accidental escalation. You can make roles specific to your use case if the out-of-box ones don't meet your needs.
+
+Consult the [authorization reference section](/docs/reference/access-authn-authz/authorization/) for more information.
+-->
+### API 授权
+
+一旦使用授权，每个 API 的调用都将通过授权检查。Kubernetes 集成 [基于访问控制（RBAC）](/docs/reference/access-authn-authz/rbac/) 的组件，将传入的用户或组与一组绑定到角色的权限匹配。这些权限将动作（get，create，delete）和资源（pod，service, node）在命名空间或者集群范围内结合起来，根据客户可能希望执行的操作，提供了一组提供合理的违约责任分离的外包角色。建议您将[节点](/docs/reference/access-authn-authz/node/) 和 [RBAC](/docs/reference/access-authn-authz/rbac/) 一起作为授权者，再与 [NodeRestriction](/docs/reference/access-authn-authz/admission-controllers/#noderestriction) 准入插件结合使用。
+
+与身份验证一样，简单而广泛的角色可能适合于较小的集群，但是随着更多的用户与集群交互，可能需要将团队划分成有更多角色限制的单独的命名空间。
+
+使用授权时，理解怎么样更新一个对象可能导致在其它地方的发生什么样的行为是非常重要的。例如，用户可能不能直接创建 pod，但允许他们通过创建一个 deployment 来创建这些 pod，这将让他们间接创建这些 pod。同样地，从 API 删除一个节点将导致调度到这些节点上的 pod 被中止，并在其他节点上重新创建。外包角色代表了灵活性和常见用例之间的平衡，但有限制的角色应该仔细审查，以防止意外升级。如果外包角色不满足您的需求，则可以为用例指定特定的角色。
+
+如果您希望获取更多信息，请参考 [授权参考部分](/docs/reference/access-authn-authz/authorization/)。
+
+<!--
+## Controlling access to the Kubelet
+
+Kubelets expose HTTPS endpoints which grant powerful control over the node and containers. By default Kubelets allow unauthenticated access to this API.
+
+Production clusters should enable Kubelet authentication and authorization.
+
+Consult the [Kubelet authentication/authorization reference](/docs/admin/kubelet-authentication-authorization) for more information.
+-->
+## 控制对 Kubelet 的访问
+
+Kubelet 公开 HTTPS 端点，这些端点授予节点和容器强大的控制权。默认情况下，Kubelet 允许对此 API 进行未经身份验证的访问。
+
+生产级别的集群应启用 Kubelet 身份验证和授权。
+
+如果您希望获取更多信息，请参考 [Kubelet 身份验证 / 授权参考](/docs/admin/kubelet-authentication-authorization)。
+
+<!--
+## Controlling the capabilities of a workload or user at runtime
+
+Authorization in Kubernetes is intentionally high level, focused on coarse actions on resources.
+More powerful controls exist as **policies** to limit by use case how those objects act on the 
+cluster, themselves, and other resources.
+-->
+## 控制运行时负载或用户的能力
+
+Kubernetes 中的授权故意设置为了高层级，它侧重于对资源的粗行为。更强大的控制是以通过用例限制这些对象如何作用于集群、自身和其他资源上的**策略**存在的。
+
+<!--
+### Limiting resource usage on a cluster
+
+[Resource quota](/docs/concepts/policy/resource-quotas/) limits the number or capacity of
+resources granted to a namespace. This is most often used to limit the amount of CPU, memory,
+or persistent disk a namespace can allocate, but can also control how many pods, services, or
+volumes exist in each namespace. 
+
+[Limit ranges](/docs/tasks/administer-cluster/memory-default-namespace/) restrict the maximum or minimum size of some of the
+resources above, to prevent users from requesting unreasonably high or low values for commonly
+reserved resources like memory, or to provide default limits when none are specified.
+-->
+### 限制集群上的资源使用
+
+[资源配额](/docs/concepts/policy/resource-quotas/)限制了授予命名空间的资源的数量或容量。这通常用于限制命名空间可以分配的 CPU、内存或持久磁盘的数量，但也可以控制每个命名空间中有多少个 pod、服务或卷的存在。
+
+[限制范围](/docs/tasks/administer-cluster/memory-default-namespace/)限制了上述某些资源的最大值或者最小值，以防止用户使用类似内存这样的通用保留资源时请求不合理的过高或过低的值，或者在没有指定的情况下提供默认限制。
+
+
+<!--
+### Controlling what privileges containers run with
+
+A pod definition contains a [security context](/docs/tasks/configure-pod-container/security-context/)
+that allows it to request access to running as a specific Linux user on a node (like root),
+access to run privileged or access the host network, and other controls that would otherwise
+allow it to run unfettered on a hosting node. [Pod security policies](/docs/concepts/policy/pod-security-policy/) 
+can limit which users or service accounts can provide dangerous security context settings. For example, pod security policies can limit volume mounts, especially `hostPath`, which are aspects of a pod that should be controlled.
+
+Generally, most application workloads need limited access to host resources so they can 
+successfully run as a root process (uid 0) without access to host information. However, 
+considering the privileges associated with the root user, you should write application 
+containers to run as a non-root user. Similarly, administrators who wish to prevent 
+client applications from escaping their containers should use a restrictive pod security 
+policy.
+-->
+### 控制容器运行的特权
+
+pod 定义包含了一个[安全上下文](/docs/tasks/configure-pod-container/security-context/)，用于描述允许它请求访问某个节点上的特定 Linux 用户（如 root）、获得特权或访问主机网络、以及允许它在主机节点上不受约束地运行的其它控件。[Pod 安全策略](/docs/concepts/policy/pod-security-policy/)可以限制哪些用户或服务帐户可以提供危险的安全上下文设置。例如，pod 的安全策略可以限制卷挂载，尤其是 `hostpath`，这些都是 pod 应该控制的一些方面。 
+
+一般来说，大多数应用程序需要限制对主机资源的访问，他们可以在不能访问主机信息的情况下成功以根进程（UID 0）运行。但是，考虑到与 root 用户相关的特权，在编写应用程序容器时，您应该使用非 root 用户运行。类似地，希望阻止客户端应用程序逃避其容器的管理员，应该使用限制性的 pod 安全策略。
+
+<!--
+### Restricting network access
+
+The [network policies](/docs/tasks/administer-cluster/declare-network-policy/) for a namespace 
+allows application authors to restrict which pods in other namespaces may access pods and ports 
+within their namespaces. Many of the supported [Kubernetes networking providers](/docs/concepts/cluster-administration/networking/)
+now respect network policy.
+
+Quota and limit ranges can also be used to control whether users may request node ports or
+load balanced services, which on many clusters can control whether those users applications
+are visible outside of the cluster.
+
+Additional protections may be available that control network rules on a per plugin or per
+environment basis, such as per-node firewalls, physically separating cluster nodes to 
+prevent cross talk, or advanced networking policy.
+-->
+### 限制网络访问
+
+基于命名空间的[网络策略](/docs/tasks/administer-cluster/declare-network-policy/)允许应用程序作者限制其它命名空间中的哪些 pod 可以访问它们命名空间内的 pod 和端口。现在已经有许多支持网络策略的 [Kubernetes 网络供应商](/docs/concepts/cluster-administration/networking/)。
+
+对于可以控制用户的应用程序是否在集群之外可见的许多集群，配额和限制范围也可用于控制用户是否可以请求节点端口或负载均衡服务。
+
+在插件或者环境基础上控制网络规则可以增加额外的保护措施，比如节点防火墙、物理分离群集节点以防止串扰、或者高级的网络策略。
+
+<!--
+### Restricting cloud metadata API access
+
+Cloud platforms (AWS, Azure, GCE, etc.) often expose metadata services locally to instances.
+By default these APIs are accessible by pods running on an instance and can contain cloud
+credentials for that node, or provisioning data such as kubelet credentials. These credentials
+can be used to escalate within the cluster or to other cloud services under the same account.
+
+When running Kubernetes on a cloud platform limit permissions given to instance credentials, use
+[network policies](/docs/tasks/administer-cluster/declare-network-policy/) to restrict pod access
+to the metadata API, and avoid using provisioning data to deliver secrets.
+-->
+### 限制云 metadata API 访问
+
+云平台（AWS,  Azure, GCE 等）经常讲 metadate 本地服务暴露给实例。默认情况下，这些 API 可由运行在实例上的 pod 访问，并且可以包含该云节点的凭据或配置数据（如 kubelet 凭据）。这些凭据可以用于在集群内升级或在同一账户下升级到其他云服务。
+
+在云平台上运行 Kubernetes 时，限制对实例凭据的权限，使用[网络策略](/docs/tasks/administer-cluster/declare-network-policy/)限制对 metadate API 的 pod 访问，并避免使用配置数据来传递机密。
+
+<!--
+### Controlling which nodes pods may access
+
+By default, there are no restrictions on which nodes may run a pod.  Kubernetes offers a 
+[rich set of policies for controlling placement of pods onto nodes](/docs/concepts/configuration/assign-pod-node/)
+and the [taint based pod placement and eviction](/docs/concepts/configuration/taint-and-toleration/)
+that are available to end users. For many clusters use of these policies to separate workloads
+can be a convention that authors adopt or enforce via tooling.
+
+As an administrator, a beta admission plugin `PodNodeSelector` can be used to force pods 
+within a namespace to default or require a specific node selector, and if end users cannot 
+alter namespaces, this can strongly limit the placement of all of the pods in a specific workload.
+-->
+### 控制 pod 可以访问那些节点
+
+默认情况下，对哪些节点可以运行 pod 没有任何限制。Kubernetes 给最终用户提供了[一组丰富的策略用于控制 pod 放在节点上的位置](/docs/concepts/configuration/assign-pod-node/)，以及[基于 pod 位置和驱逐的污点](/docs/concepts/configuration/taint-and-toleration/)。对于许多集群，可以约定由作者采用或者强制通过工具使用这些策略来分离工作负载。
+
+作为管理员，β 特性的准入插件 `PodNodeSelector` 可用于强制命名空间中的 pod 使用默认或需要使用特定的节点选择器。如果最终用户无法改变命名空间，这可以强烈地限制所有的 pod 在特定工作负载的位置。
+
+<!--
+## Protecting cluster components from compromise
+
+This section describes some common patterns for protecting clusters from compromise.
+-->
+## 保护集群组件免受破坏
+
+本节描述保护集群免受破坏的一些常见模式。
+
+<!--
+### Restrict access to etcd
+
+Write access to the etcd backend for the API is equivalent to gaining root on the entire cluster,
+and read access can be used to escalate fairly quickly. Administrators should always use strong
+credentials from the API servers to their etcd server, such as mutual auth via TLS client certificates,
+and it is often recommended to isolate the etcd servers behind a firewall that only the API servers
+may access. 
+
+{{< caution >}}
+Allowing other components within the cluster to access the master etcd instance with
+read or write access to the full keyspace is equivalent to granting cluster-admin access. Using
+separate etcd instances for non-master components or using etcd ACLs to restrict read and write
+access to a subset of the keyspace is strongly recommended.
+{{< /caution >}}
+-->
+### 限制访问 etcd
+
+对于 API 来说，拥有 etcd 后端的写访问权限，相当于获得了整个集群的 root 权限，并且可以使用写访问权限来相当快速地升级。从 API 服务器访问它们的 etcd 服务器，管理员应该使用广受信任的凭证，如通过 TLS 客户端证书的相互认证。往往，我们建议将 etcd 服务器隔离到只有API服务器可以访问的防火墙后面。
+
+{{< caution >}}
+允许集群中其它组件拥有读或写全空间的权限去访问 etcd 实例，相当于授予群集管理员访问的权限。对于非 master 组件，强烈推荐使用单独的 etcd 实例，或者使用 etcd 的访问控制列表去限制只能读或者写空间的一个子集。
+{{< /caution >}}
+
+<!--
+### Enable audit logging
+
+The [audit logger](/docs/tasks/debug-application-cluster/audit/) is a beta feature that records actions taken by the
+API for later analysis in the event of a compromise. It is recommended to enable audit logging 
+and archive the audit file on a secure server.
+-->
+### 开启审计日志
+
+[审计日志](/docs/tasks/debug-application-cluster/audit/)是 β 特性，记录了 API 在发生破坏时进行后续分析的操作。建议启用审计日志，并将审计文件归档到安全服务器上。
+
+<!--
+### Restrict access to alpha or beta features
+
+Alpha and beta Kubernetes features are in active development and may have limitations or bugs
+that result in security vulnerabilities. Always assess the value an alpha or beta feature may
+provide against the possible risk to your security posture. When in doubt, disable features you
+do not use.
+-->
+### 限制使用 α 和 β 特性
+
+Kubernetes 的 α 和 β 特性还在积极发展当中，可能存在导致安全漏洞的缺陷或错误。要始终评估 α 和 β 特性可能为您的安全态势带来的风险。当您怀疑存在风险时，可以禁用那些不需要使用的特性。
+
+<!--
+### Rotate infrastructure credentials frequently
+
+The shorter the lifetime of a secret or credential the harder it is for an attacker to make
+use of that credential. Set short lifetimes on certificates and automate their rotation. Use
+an authentication provider that can control how long issued tokens are available and use short
+lifetimes where possible. If you use service account tokens in external integrations, plan to
+rotate those tokens frequently. For example, once the bootstrap phase is complete, a bootstrap token used for setting up nodes should be revoked or its authorization removed.
+-->
+### 频繁回收基础证书
+
+一个 secret 或凭据的寿命越短，攻击者就越难使用该凭据，在证书上设置短生命周期并实现自动回收，是控制安全的一个好方法。因此，使用身份验证提供程序时，应该要求可以控制发布令牌的可用时间，并尽可能使用短寿命。如果在外部集成中使用服务帐户令牌，则应该频繁地回收这些令牌。例如，一旦引导阶段完成，就应该撤销用于设置节点的引导令牌，或者取消它的授权。
+
+<!--
+### Review third party integrations before enabling them
+
+Many third party integrations to Kubernetes may alter the security profile of your cluster. When
+enabling an integration, always review the permissions that an extension requests before granting
+it access. For example, many security integrations may request access to view all secrets on
+your cluster which is effectively making that component a cluster admin. When in doubt, 
+restrict the integration to functioning in a single namespace if possible. 
+
+Components that create pods may also be unexpectedly powerful if they can do so inside namespaces
+like the `kube-system` namespace, because those pods can gain access to service account secrets
+or run with elevated permissions if those service accounts are granted access to permissive
+[pod security policies](/docs/concepts/policy/pod-security-policy/).
+-->
+### 在启用第三方集成之前，请先审查它们
+
+许多集成到 Kubernetes 的第三方都可以改变您集群的安全配置。启用集成时，在授予访问权限之前，您应该始终检查扩展请求的权限。例如，许多安全集成可以请求访问来查看集群上的所有 secret，从而有效地使该组件成为集群管理。当有疑问时，如果可能的话，将集成限制在单个命名空间中运行。
+
+如果组件创建的 pod 能够在命名空间中做一些类似 `kube-system` 命名空间中的事情，那么它也可能是出乎意料的强大。因为这些 pod 可以访问服务账户的 secret，或者，如果这些服务帐户被授予访问许可的 [pod 安全策略](/docs/concepts/policy/pod-security-policy/)的权限，它们能以高权限运行。
+
+<!--
+### Encrypt secrets at rest
+
+In general, the etcd database will contain any information accessible via the Kubernetes API
+and may grant an attacker significant visibility into the state of your cluster. Always encrypt
+your backups using a well reviewed backup and encryption solution, and consider using full disk
+encryption where possible.
+
+Kubernetes 1.7 contains [encryption at rest](/docs/tasks/administer-cluster/encrypt-data/), an alpha feature that will encrypt `Secret` resources in etcd, preventing
+parties that gain access to your etcd backups from viewing the content of those secrets. While
+this feature is currently experimental, it may offer an additional level of defense when backups
+are not encrypted or an attacker gains read access to etcd.
+-->
+### 使用加密的 rest
+
+一般情况下，etcd 数据库包含了通过 Kubernetes API 可以访问到的所有信息，并且可以授予攻击者对集群状态的可见性。始终使用经过良好审查的备份和加密解决方案来加密备份，并考虑在可能的情况下使用全磁盘加密。
+
+Kubernetes 1.7 包含了 [rest 加密](/docs/tasks/administer-cluster/encrypt-data/)，它是一个 α 特性，会加密 etcd 里面的 `Secret` 资源，以防止某一方通过查看这些 secret 的内容获取 etcd 的备份。虽然目前这还只是实验性的功能，但是在备份没有加密或者攻击者获取到 etcd 的读访问权限的时候，它能提供额外的防御层级。
+
+<!--
+### Receiving alerts for security updates and reporting vulnerabilities
+
+Join the [kubernetes-announce](https://groups.google.com/forum/#!forum/kubernetes-announce) 
+group for emails about security announcements. See the [security reporting](/security/)
+page for more on how to report vulnerabilities.
+-->
+### 接收安全更新和报告漏洞的警报
+
+加入 [kubernetes-announce](https://groups.google.com/forum/#!forum/kubernetes-announce) 组，能够获取有关安全公告的邮件。有关如何报告漏洞的更多信息，请参见 [安全报告](/security/)页面。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-cluster/static-pod.md b/content/zh/docs/tasks/administer-cluster/static-pod.md
index 0539e1e8ed32d..2e225902e8c24 100644
--- a/content/zh/docs/tasks/administer-cluster/static-pod.md
+++ b/content/zh/docs/tasks/administer-cluster/static-pod.md
@@ -1,32 +1,82 @@
 ---
-approvers:
+reviewers:
 - jsafrane
-title: 静态Pods
+title: 静态 Pods
+content_template: templates/concept
 ---
+<!--
+---
+reviewers:
+- jsafrane
+title: Static Pods
+content_template: templates/concept
+---
+--->
+
+{{% capture overview %}}
+
+<!--
+**If you are running clustered Kubernetes and are using static pods to run a pod on every node, you should probably be using a [DaemonSet](/docs/concepts/workloads/controllers/daemonset/)!**
+--->
+**如果你正在运行 Kubernetes 集群并且使用静态 pods 在每个节点上起一个 pod，那么
+最好使用 [DaemonSet](/docs/concepts/workloads/controllers/daemonset/)!**
+
+<!--
+*Static pods* are managed directly by kubelet daemon on a specific node, without the API server observing it. It does not have an associated replication controller, and kubelet daemon itself watches it and restarts it when it crashes. There is no health check. Static pods are always bound to one kubelet daemon and always run on the same node with it.
+--->
+*静态 pods* 直接由特定节点上的 kubelet 进程来管理，不通过主控节点上的 API 服务
+器。静态 pod 不关联任何 replication controller，它由 kubelet 进程自己来监控，当 pod 崩溃时重启该 pod。对于静态 pod 没有健康检查。静态 pod 始终绑定在某一个 kubelet，并且始终运行在同一个节点上。
+
+<!--
+Kubelet automatically tries to create a *mirror pod* on the Kubernetes API server for each static pod.
+This means that the pods are visible on the API server but cannot be controlled from there.
+--->
+Kubelet 自动为每一个静态 pod 在 Kubernetes 的 API 服务器上创建一个 *镜像 Pod* (*mirror pod*)，因此可以在 API 服务器查询到该 pod，但是不被 API 服务器控制(例如不能删除)。
 
-**如果你正在运行Kubernetes集群并且使用静态pods在每个节点上起一个pod，那么最好使用[DaemonSet](/cn/docs/concepts/workloads/controllers/daemonset/)!**
+{{% /capture %}}
 
-*静态pods*直接由特定节点上的kubelet进程来管理，不通过主控节点上的API服务器。静态pod不关联任何replication controller，它由kubelet进程自己来监控，当pod崩溃时重启该pod。对于静态pod没有健康检查。静态pod始终绑定在某一个kubelet，并且始终运行在同一个节点上。
 
-Kubelet自动为每一个静态pod在Kubernetes的API服务器上创建一个镜像Pod（Mirror Pod），因此可以在API服务器查询到该pod，但是不被API服务器控制（例如不能删除）。
+{{% capture body %}}
 
-## 静态pod创建
+<!--
+## Static pod creation
 
-静态pod有两种创建方式：用配置文件或者通过HTTP。
+Static pod can be created in two ways: either by using configuration file(s) or by HTTP.
+--->
+## 静态 pod 创建
 
+静态 pod 有两种创建方式：用配置文件或者通过 HTTP。
+
+<!--
+### Configuration files
+
+The configuration files are just standard pod definitions in json or yaml format in a specific directory. Use `kubelet --pod-manifest-path=<the directory>` to start kubelet daemon or add the `staticPodPath: <the directory>` field in the [KubeletConfiguration file](/docs/tasks/administer-cluster/kubelet-config-file), which periodically scans the directory and creates/deletes static pods as yaml/json files appear/disappear there.
+Note that kubelet will ignore files starting with dots when scanning the specified directory.
+--->
 ### 配置文件
 
-配置文件就是放在特定目录下的标准的JSON或YAML格式的pod定义文件。用`kubelet --pod-manifest-path=<the directory>`来启动kubelet进程，kubelet将会周期扫描<the directory>这个目录，根据这个目录下出现或消失的YAML/JSON文件来创建或删除静态pod。
+配置文件就是放在特定目录下的标准的 JSON 或 YAML 格式的 pod 定义文件。用 `kubelet --pod-manifest-path=<the directory>` 来启动 kubelet 进程或者在 [KubeletConfiguration 文件](/docs/tasks/administer-cluster/kubelet-config-file)中添加 `staticPodPath: <the directory>` 字段，kubelet 将会周期扫描 `<the directory>` 这个目录，根据这个目录下出现或消失的 YAML/JSON 文件来创建或删除静态 pod。
+
+<!--
+For example, this is how to start a simple web server as a static pod:
+
+1. Choose a node where we want to run the static pod. In this example, it's `my-node1`.
+
+    ```
+    [joe@host ~] $ ssh my-node1
+    ```
 
-下面例子用静态pod的方式启动一个nginx的Web服务器：
+2. Choose a directory, say `/etc/kubelet.d` and place a web server pod definition there, e.g. `/etc/kubelet.d/static-web.yaml`:
+--->
+下面例子用静态 pod 的方式启动一个简单的 web 服务器：
 
-1. 选择一个节点来运行静态pod。这个例子中就是`my-node1`。
+1. 选择一个节点来运行静态 pod。这个例子中就是 `my-node1`。
 
     ```
     [joe@host ~] $ ssh my-node1
     ```
 
-2. 选择一个目录，例如/etc/kubelet.d，把web服务器的pod定义文件放在这个目录下，例如`/etc/kubelet.d/static-web.yaml`:
+2. 选择一个目录，例如/etc/kubelet.d，把 web 服务器的 pod 定义文件放在这个目录下，例如`/etc/kubelet.d/static-web.yaml`:
 
     ```
     [root@my-node1 ~] $ mkdir /etc/kubelet.d/
@@ -48,27 +98,50 @@ Kubelet自动为每一个静态pod在Kubernetes的API服务器上创建一个镜
     EOF
     ```
 
-3.配置节点上的kubelet使用这个目录，kubelet启动时增加`--pod-manifest-path=/etc/kubelet.d/`参数。如果是Fedora系统，在Kubelet配置文件/etc/kubernetes/kubelet中添加下面这行：
-	
+<!--
+3. Configure your kubelet daemon on the node to use this directory by running it with `--pod-manifest-path=/etc/kubelet.d/` argument or add the `staticPodPath: <the directory>` field in the [KubeletConfiguration file](/docs/tasks/administer-cluster/kubelet-config-file).
+    On Fedora edit `/etc/kubernetes/kubelet` to include this line:
+
     ```
     KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
     ```
 
-如果是其它Linux发行版或者其它Kubernetes安装方式，配置方法可能会不一样。
+    Instructions for other distributions or Kubernetes installations may vary.
+--->
+3.配置节点上的 kubelet 使用这个目录，kubelet 启动时增加 `--pod-manifest-path=/etc/kubelet.d/` 参数或者在 [KubeletConfiguration 文件](/docs/tasks/administer-cluster/kubelet-config-file)中增加 `staticPodPath: <the directory>` 字段。如果是 Fedora 系统，在 Kubelet 配置文件 /etc/kubernetes/kubelet 中添加下面这行配置代码：
+
+    ```
+    KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
+    ```
 
-4. 重启kubelet。如果是Fedora系统，就是：
+如果是其它 Linux 发行版或者其它 Kubernetes 安装方式，配置方法可能会不一样。
+
+<!--
+4. Restart kubelet. On Fedora, this is:
+--->
+4. 重启 kubelet。如果是 Fedora 系统，就是：
 
     ```
     [root@my-node1 ~] $ systemctl restart kubelet
     ```
+<!--
+### Pods created via HTTP
+
+Kubelet periodically downloads a file specified by `--manifest-url=<URL>` argument and interprets it as a json/yaml file with a pod definition. It works the same as `--pod-manifest-path=<directory>`, i.e. it's reloaded every now and then and changes are applied to running static pods (see below).
+--->
+## 通过 HTTP 创建静态 Pods
 
-## 通过HTTP创建静态Pods
+Kubelet 周期地从 --manifest-url=<URL> 参数指定的地址下载文件，并且把它翻译成 JSON/YAML 格式的 pod 定义。此后的操作方式与 --pod-manifest-path=<directory> 相同，kubelet 会不时地重新下载该文件，当文件变化时对应地终止或启动静态 pod(如下)。
 
-Kubelet周期地从--manifest-url=<URL>参数指定的地址下载文件，并且把它翻译成JSON/YAML格式的pod定义。此后的操作方式与--pod-manifest-path=<directory>相同，kubelet会不时地重新下载该文件，当文件变化时对应地终止或启动静态pod（如下）。
+<!--
+## Behavior of static pods
 
-## 静态pods的动作行为
+When kubelet starts, it automatically starts all pods defined in directory specified in `--pod-manifest-path=` or `--manifest-url=` arguments or add the `staticPodPath: <the directory>` field in the [KubeletConfiguration file](/docs/tasks/administer-cluster/kubelet-config-file), i.e. our static-web.  (It may take some time to pull nginx image, be patient…):
+--->
+## 静态 pods 的行为
 
-kubelet启动时，由`--pod-manifest-path=` or `--manifest-url=`参数指定的目录下定义的所有pod都会自动创建，例如，我们示例中的static-web。 （可能要花些时间拉取nginx镜像，耐心等待...）
+kubelet 启动时，`--pod-manifest-path=` 或者 `--manifest-url=` 或者[KubeletConfiguration 文件](/docs/tasks/administer-cluster/kubelet-config-file)中的`staticPodPath: <the directory>` 参数指定的目录下定义的所有 pod 都会自动创建，例如，我们示例中的 static-web。 (可能要花些时
+间拉取 nginx 镜像，耐心等待...)
 
 ```shell
 [joe@my-node1 ~] $ docker ps
@@ -76,7 +149,10 @@ CONTAINER ID IMAGE         COMMAND  CREATED        STATUS         PORTS     NAME
 f6d05272b57e nginx:latest  "nginx"  8 minutes ago  Up 8 minutes             k8s_web.6f802af4_static-web-fk-node1_default_67e24ed9466ba55986d120c867395f3c_378e5f3c
 ```
 
-如果我们查看Kubernetes的API服务器（运行在主机 `my-master`），可以看到这里创建了一个新的镜像Pod：
+<!--
+If we look at our Kubernetes API server (running on host `my-master`), we see that a new mirror-pod was created there too:
+--->
+如果我们查看 Kubernetes 的 API 服务器(运行在主机 `my-master`)，可以看到这里创建了一个新的镜像 Pod：
 
 ```shell
 [joe@host ~] $ ssh my-master
@@ -85,19 +161,35 @@ NAME                       READY     STATUS    RESTARTS   AGE
 static-web-my-node1        1/1       Running   0          2m
 ```
 
-静态pod的标签会传递给镜像Pod，可以用来过滤或筛选。
+<!--
+Labels from the static pod are propagated into the mirror-pod and can be used as usual for filtering.
+
+Notice we cannot delete the pod with the API server (e.g. via [`kubectl`](/docs/user-guide/kubectl/) command), kubelet simply won't remove it.
+--->
+静态 pod 的标签会传递给镜像 Pod，可以用来过滤或筛选。
 
-需要注意的是，我们不能通过API服务器来删除静态pod（例如，通过 [`kubectl`](/docs/user-guide/kubectl/) 命令），kebelet不会删除它。
+需要注意的是，我们不能通过 API 服务器来删除静态 pod(例如，通过 [`kubectl`](/docs/user-guide/kubectl/) 命令)，kubelet 不会删除它。
 
+<!--
+{{< note >}}
+Make sure the kubelet has permission to create the mirror pod in the API server. If not, the creation request is rejected by the API server. See
+[PodSecurityPolicy](/docs/concepts/policy/pod-security-policy/).
+{{< /note >}}
+--->
+{{< note >}}
+需要确保 kubelet 有权限在 API 服务器上创建镜像 pod。如果没有权限，API 服务器会拒绝创建请求，请参考 [PodSecurityPolicy](/docs/concepts/policy/pod-security-policy/)。
+{{< /note >}}
 ```shell
 [joe@my-master ~] $ kubectl delete pod static-web-my-node1
-pods/static-web-my-node1
+pod "static-web-my-node1" deleted
 [joe@my-master ~] $ kubectl get pods
 NAME                       READY     STATUS    RESTARTS   AGE
 static-web-my-node1        1/1       Running   0          12s
 ```
-
-返回`my-node1`主机，我们尝试手动终止容器，可以看到kubelet很快就会自动重启容器。
+<!--
+Back to our `my-node1` host, we can try to stop the container manually and see, that kubelet automatically restarts it in a while:
+--->
+返回 `my-node1` 主机，我们尝试手动终止容器，可以看到 kubelet 很快就会自动重启容器。
 
 ```shell
 [joe@host ~] $ ssh my-node1
@@ -108,9 +200,14 @@ CONTAINER ID        IMAGE         COMMAND                CREATED       ...
 5b920cbaf8b1        nginx:latest  "nginx -g 'daemon of   2 seconds ago ...
 ```
 
-## 静态pods的动态增加和删除
+<!--
+## Dynamic addition and removal of static pods
+
+Running kubelet periodically scans the configured directory (`/etc/kubelet.d` in our example) for changes and adds/removes pods as files appear/disappear in this directory.
+--->
+## 静态 pods 的动态增加和删除
 
-运行中的kubelet周期扫描配置的目录（我们这个例子中就是`/etc/kubelet.d`）下文件的变化，当这个目录中有文件出现或消失时创建或删除pods。
+运行中的 kubelet 周期扫描配置的目录(我们这个例子中就是`/etc/kubelet.d`)下文件的变化，当这个目录中有文件出现或消失时创建或删除 pods。
 
 ```shell
 [joe@my-node1 ~] $ mv /etc/kubelet.d/static-web.yaml /tmp
@@ -123,3 +220,5 @@ CONTAINER ID        IMAGE         COMMAND                CREATED       ...
 CONTAINER ID        IMAGE         COMMAND                CREATED           ...
 e7a62e3427f1        nginx:latest  "nginx -g 'daemon of   27 seconds ago
 ```
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-cluster/storage-object-in-use-protection.md b/content/zh/docs/tasks/administer-cluster/storage-object-in-use-protection.md
new file mode 100644
index 0000000000000..c173b854ab96e
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/storage-object-in-use-protection.md
@@ -0,0 +1,442 @@
+<!--
+---
+reviewers:
+- msau42
+- jsafrane
+title: Storage Object in Use Protection
+content_template: templates/task
+---
+-->
+
+---
+reviewers:
+- msau42
+- jsafrane
+
+title: 保护使用的存储对象
+content_template: templates/task
+---
+
+{{% capture overview %}}
+
+<!--
+Persistent volume claims (PVCs) that are in active use by a pod and persistent volumes (PVs) that are bound to PVCs can be protected from premature removal.
+-->
+
+Kubernetes 可以对被 Pod 持续使用的永久卷声明（PVCs）和绑定到 PVC 的永久卷（PVs）进行保护，以避免它们被用户不小心删除掉。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+The Storage Object in Use Protection feature is enabled in one of the below Kubernetes versions:
+-->
+
+在下面列出的 Kubernetes 版本中，激活了在用存储对象的保护特性：
+
+{{< feature-state for_k8s_version="v1.10" state="beta" >}}
+
+
+{{< feature-state for_k8s_version="v1.11" state="stable" >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+ <!--
+## Storage Object in Use Protection feature used for PVC Protection
+
+The example below uses a GCE PD `StorageClass`, however, similar steps can be performed for any volume type.
+
+Create a `StorageClass` for convenient storage provisioning:
+-->
+
+## 在用存储对象的保护功能用于 PVC 的保护
+
+下面的例子中使用了 GCE PD `StorageClass`, 但是类似的步骤可以在任意的卷类型上执行。
+
+创建 `StorageClass` 以便提供存储：
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: slow
+provisioner: kubernetes.io/gce-pd
+parameters:
+  type: pd-standard
+```
+
+<!--
+Verification scenarios follow below.
+-->
+
+下面列出了验证场景。
+
+<!--
+### Scenario 1: The PVC is not in active use by a pod
+-->
+
+### 场景1: PVC 没有被 Pod 使用
+
+<!--
+- Create a PVC:
+-->
+
+- 创建 PVC
+
+```yaml
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: slzc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: slow
+  resources:
+    requests:
+      storage: 3.7Gi
+```
+
+<!--
+- Check that the PVC has the finalizer `kubernetes.io/pvc-protection` set:
+-->
+
+- 检查 PVC 设置了终结器 `kubernetes.io/pvc-protection`：
+
+```shell
+kubectl describe pvc slzc
+Name:          slzc
+Namespace:     default
+StorageClass:  slow
+Status:        Bound
+Volume:        pvc-bee8c30a-d6a3-11e7-9af0-42010a800002
+Labels:        <none>
+Annotations:   pv.kubernetes.io/bind-completed=yes
+               pv.kubernetes.io/bound-by-controller=yes
+               volume.beta.kubernetes.io/storage-provisioner=kubernetes.io/gce-pd
+Finalizers:    [kubernetes.io/pvc-protection]
+Capacity:      4Gi
+Access Modes:  RWO
+Events:
+  Type    Reason                 Age   From                         Message
+  ----    ------                 ----  ----                         -------
+  Normal  ProvisioningSucceeded  2m    persistentvolume-controller  Successfully provisioned volume pvc-bee8c30a-d6a3-11e7-9af0-42010a800002 using kubernetes.io/gce-pd
+```
+
+<!--
+- Delete the PVC and check that the PVC (not in active use by a pod) was removed successfully.
+-->
+
+- 删除 PVC 并检查 PVC （当前未被某 Pod 使用）被成功删除。
+
+<!--
+### Scenario 2: The PVC is in active use by a pod
+
+- Again, create the same PVC.
+- Create a pod that uses the PVC:
+-->
+
+### 场景 2: PVC 被 Pod 使用
+
+- 再来一次，创建相同的 PVC。
+- 创建一个 Pod ，并使用上面创建的 PVC：
+
+```yaml
+kind: Pod
+apiVersion: v1
+metadata:
+  name: app1
+spec:
+  containers:
+  - name: test-pod
+    image: k8s.gcr.io/busybox:1.24
+    command:
+      - "/bin/sh"
+    args:
+      - "-c"
+      - "date > /mnt/app1.txt; sleep 60 && exit 0 || exit 1"
+    volumeMounts:
+      - name: path-pvc
+        mountPath: "/mnt"
+  restartPolicy: "Never"
+  volumes:
+    - name: path-pvc
+      persistentVolumeClaim:
+        claimName: slzc
+```
+<!--
+- Wait until the pod status is `Running`, i.e. the PVC becomes in active use.
+- Delete the PVC that is now in active use by a pod and verify that the PVC is not removed but its status is `Terminating`:
+-->
+
+- 等到 Pod 的状态为 `Running`，即 PVC 变为在用状态。
+- 删除被 Pod 使用的 PVC 并确认其没有被删除成功，但它的状态为 `Terminating`:
+
+```shell
+Name:          slzc
+Namespace:     default
+StorageClass:  slow
+Status:        Terminating (since Fri, 01 Dec 2017 14:47:55 +0000)
+Volume:        pvc-803a1f4d-d6a6-11e7-9af0-42010a800002
+Labels:        <none>
+Annotations:   pv.kubernetes.io/bind-completed=yes
+               pv.kubernetes.io/bound-by-controller=yes
+               volume.beta.kubernetes.io/storage-provisioner=kubernetes.io/gce-pd
+Finalizers:    [kubernetes.io/pvc-protection]
+Capacity:      4Gi
+Access Modes:  RWO
+Events:
+  Type    Reason                 Age   From                         Message
+  ----    ------                 ----  ----                         -------
+  Normal  ProvisioningSucceeded  52s   persistentvolume-controller  Successfully provisioned volume pvc-803a1f4d-d6a6-11e7-9af0-42010a800002 using kubernetes.io/gce-pd
+```
+
+<!--
+-  Wait until the pod status is `Terminated` (either delete the pod or wait until it finishes). Afterwards, check that the PVC is removed.
+-->
+
+- 等到 Pod 的状态变为 `Terminated` （删除 Pod 或者等到它结束），紧接着确认 PVC 被删除掉了。
+
+<!--
+### Scenario 3: A pod starts using a PVC that is in Terminating state
+
+- Again, create the same PVC.
+- Create a first pod that uses the PVC:
+-->
+
+### 场景 3: Pod 开始使用正在停止状态（Terminating）的 PVC
+
+- 再次创建相同的 PVC。
+- 创建使用这个 PVC 的第一个 Pod：
+
+```yaml
+kind: Pod
+apiVersion: v1
+metadata:
+  name: app1
+spec:
+  containers:
+  - name: test-pod
+    image: k8s.gcr.io/busybox:1.24
+    command:
+      - "/bin/sh"
+    args:
+      - "-c"
+      - "date > /mnt/app1.txt; sleep 600 && exit 0 || exit 1"
+    volumeMounts:
+      - name: path-pvc
+        mountPath: "/mnt"
+  restartPolicy: "Never"
+  volumes:
+    - name: path-pvc
+      persistentVolumeClaim:
+        claimName: slzc
+```
+
+<!--
+- Wait until the pod status is `Running`, i.e. the PVC becomes in active use.
+- Delete the PVC that is now in active use by a pod and verify that the PVC is not removed but its status is `Terminating`:
+-->
+
+- 等到 Pod 状态为 `Running`，即 PVC 变为使用状态。
+- 删除被 Pod 使用的 PVC 并确认其没有被删除成功，但它的状态为 `Terminating`:
+
+```shell
+Name:          slzc
+Namespace:     default
+StorageClass:  slow
+Status:        Terminating (since Fri, 01 Dec 2017 14:47:55 +0000)
+Volume:        pvc-803a1f4d-d6a6-11e7-9af0-42010a800002
+Labels:        <none>
+Annotations:   pv.kubernetes.io/bind-completed=yes
+               pv.kubernetes.io/bound-by-controller=yes
+               volume.beta.kubernetes.io/storage-provisioner=kubernetes.io/gce-pd
+Finalizers:    [kubernetes.io/pvc-protection]
+Capacity:      4Gi
+Access Modes:  RWO
+Events:
+  Type    Reason                 Age   From                         Message
+  ----    ------                 ----  ----                         -------
+  Normal  ProvisioningSucceeded  52s   persistentvolume-controller  Successfully provisioned volume pvc-803a1f4d-d6a6-11e7-9af0-42010a800002 using kubernetes.io/gce-pd
+```
+
+<!--
+- Create a second pod that uses the same PVC:
+-->
+
+- 创建使用这个 PVC 的第二个 Pod：
+
+```yaml
+kind: Pod
+apiVersion: v1
+metadata:
+  name: app2
+spec:
+  containers:
+  - name: test-pod
+    image: gcr.io/google_containers/busybox:1.24
+    command:
+      - "/bin/sh"
+    args:
+      - "-c"
+      - "date > /mnt/app1.txt; sleep 600 && exit 0 || exit 1"
+    volumeMounts:
+      - name: path-pvc
+        mountPath: "/mnt"
+  restartPolicy: "Never"
+  volumes:
+    - name: path-pvc
+      persistentVolumeClaim:
+        claimName: slzc
+```
+
+<!--
+- Verify that the scheduling of the second pod fails with the below warning:
+-->
+
+- 检查第二个 Pod 因为下面的警告而导致调度失败：
+
+```shell
+Warning  FailedScheduling  18s (x4 over 21s)  default-scheduler persistentvolumeclaim "slzc" is being deleted
+```
+
+<!--
+- Wait until the pod status of both pods is `Terminated` or `Completed` (either delete the pods or wait until they finish). Afterwards, check that the PVC is removed.
+-->
+
+- 等到两个 Pod 的状态为 `Terminated` 或者 `Completed`（删除 Pod 或者等待它们结束），紧接着检查 PVC 被删除掉了。
+
+<!--
+## Storage Object in Use Protection feature used for PV Protection
+
+The example below uses a `HostPath` PV.
+
+Verification scenarios follow below.
+
+### Scenario 1: The PV is not bound to a PVC
+
+- Create a PV:
+-->
+
+## 使用在用存储对象保护的功能来保护 PV
+
+下面的示例使用了 `HostPath` PV。
+
+下面列出了验证场景。
+
+### 场景 1: PV 没有绑定到 PVC
+
+- 创建 PV:
+
+```yaml
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: task-pv-volume
+  labels:
+    type: local
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Delete
+  storageClassName: standard
+  hostPath:
+    path: "/tmp/data"
+```
+
+<!--
+- Check that the PV has the finalizer `kubernetes.io/pv-protection` set:
+-->
+
+- 检查 PV 设置了终结器 `kubernetes.io/pv-protection`：
+
+```shell
+Name:            task-pv-volume
+Labels:          type=local
+Annotations:     pv.kubernetes.io/bound-by-controller=yes
+Finalizers:      [kubernetes.io/pv-protection]
+StorageClass:    standard
+Status:          Terminating (lasts 1m)
+Claim:           default/task-pv-claim
+Reclaim Policy:  Delete
+Access Modes:    RWO
+Capacity:        1Gi
+Message:         
+Source:
+    Type:          HostPath (bare host directory volume)
+    Path:          /tmp/data
+    HostPathType:  
+Events:            <none>
+```
+
+<!--
+- Delete the PV and check that the PV (not bound to a PVC) is removed successfully.
+
+### Scenario 2: The PV is bound to a PVC
+
+- Again, create the same PV.
+
+- Create a PVC
+-->
+
+- 删除 PV 并检查该 PV（没有绑定到 PVC ）被成功删除。
+
+### 场景 2: PV 绑定了 PVC。
+
+- 再次创建相同的 PV。
+
+- 创建一个 PVC：
+
+```yaml
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: task-pv-claim
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+```
+
+<!--
+- Wait until the PV and PVC are bound to each other.
+- Delete the PV and verify that the PV is not removed but its status is `Terminating`:
+-->
+
+- 等到 PV 和 PVC 相互绑定。
+- 删除 PV 并确认该 PV 没有被删除掉，但它的状态是 `Terminating`：
+
+```shell
+NAME             CAPACITY     ACCESS MODES   RECLAIM POLICY   STATUS        CLAIM                   STORAGECLASS   REASON    AGE
+task-pv-volume   1Gi          RWO            Delete           Terminating   default/task-pv-claim   standard                 59s
+
+```
+
+<!--
+-  Delete the PVC and verify that the PV is removed too.
+-->
+
+- 删除 PVC 并确认 PV 也一同被删除了。
+
+```shell
+kubectl delete pvc task-pv-claim
+persistentvolumeclaim "task-pv-claim" deleted
+$ kubectl get pvc
+No resources found.
+$ kubectl get pv
+No resources found.
+```
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-federation/_index.md b/content/zh/docs/tasks/administer-federation/_index.md
index 1ab6c7e5d637d..44abdee8cc81e 100644
--- a/content/zh/docs/tasks/administer-federation/_index.md
+++ b/content/zh/docs/tasks/administer-federation/_index.md
@@ -1,12 +1,12 @@
-<!--
 ---
-title: "Federation - Run an App on Multiple Clusters"
+title: "联邦：在多个集群上运行一个应用"
 weight: 160
 ---
--->
 
+<!--
 ---
-title: "联邦：在多个集群上运行一个应用"
+title: "Federation - Run an App on Multiple Clusters"
 weight: 160
 ---
+-->
 
diff --git a/content/zh/docs/tasks/administer-federation/cluster.md b/content/zh/docs/tasks/administer-federation/cluster.md
new file mode 100644
index 0000000000000..b6d7b30a09744
--- /dev/null
+++ b/content/zh/docs/tasks/administer-federation/cluster.md
@@ -0,0 +1,224 @@
+---
+title: 联邦 Cluster
+content_template: templates/task
+---
+
+<!--
+---
+title: Federated Cluster
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+<!--
+This guide explains how to use Clusters API resource in a Federation control plane.
+
+Different than other Kubernetes resources, such as Deployments, Services and ConfigMaps,
+clusters only exist in the federation context, i.e. those requests must be submitted to the
+federation api-server.
+-->
+
+本指南介绍了如何在联邦控制平面中使用集群 API 资源。
+
+与 Deployment、Service 和 ConfigMap 等 Kubernetes 资源不同，cluster 只存在于联邦上下文中，即这些请求必须提交给联邦 api-server。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+
+<!--
+* You should also have a basic [working knowledge of Kubernetes](/docs/setup/pick-right-solution/) in
+general.
+-->
+
+* 你需要具备基本的 [Kubernetes 工作知识](/docs/setup/pick-right-solution/)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Listing Clusters
+-->
+
+## 集群列表
+
+<!--
+To list the clusters available in your federation, you can use [kubectl](/docs/user-guide/kubectl/) by
+running:
+-->
+
+要列出联邦中可用的 cluster，可以使用 [kubectl](/docs/user-guide/kubectl/)
+运行:
+
+```shell
+kubectl --context=federation get clusters
+```
+
+<!--
+The `--context=federation` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster. If you submit it to a k8s cluster, you will receive an error saying
+-->
+
+`--context=federation` 参数告诉 kubectl 将请求提交给联邦 apiserver，
+而不是将其发送给 Kubernetes 集群。如果您将其提交给 k8s 集群，则会收到错误消息
+
+
+```
+the server doesn't have a resource type "clusters"
+```
+
+<!--
+If you passed the correct Federation context but received a message error saying
+-->
+
+如果您传递了正确的联邦上下文，但是收到了一条消息错误
+
+```
+No resources found.
+```
+
+<!--
+it means that you haven't
+added any cluster to the Federation yet.
+-->
+这表示着没有向联邦添加任何集群。
+
+<!--
+## Creating a Federated Cluster
+-->
+
+## 创建一个联邦集群
+
+<!--
+Creating a `cluster` resource in federation means joining it to the federation. To do so, you can use
+`kubefed join`. Basically, you need to give the new cluster a name and say what is the name of the
+context that corresponds to a cluster that hosts the federation. The following example command adds
+the cluster `gondor` to the federation running on host cluster `rivendell`:
+-->
+在联邦中创建`集群`资源意味着将其加入到联邦中。因此，您可以使用 `kubefed join`。基本上，您需要为新群集指定一个名称，
+并说明与承载联邦的集群相对应的上下文的名称。下面的示例命令将集群 `gondor` 添加到运行在主机集群 `rivendell` 上的联邦：
+
+
+```shell
+kubefed join gondor --host-cluster-context=rivendell
+```
+
+<!--
+You can find more details on how to do that in the respective section in the
+[kubefed guide](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#adding-a-cluster-to-a-federation).
+-->
+您可以在 [kubefed 指南](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#adding-a-cluster-to-a-federation)的相关章节中找到更多关于如何实现这一点的详细信息。
+
+<!--
+## Deleting a Federated Cluster
+-->
+
+## 删除一个联邦集群
+
+<!--
+Converse to creating a cluster, deleting a cluster means unjoining this cluster from the
+federation. This can be done with `kubefed unjoin` command. To remove the `gondor` cluster, just do:
+-->
+与创建集群相反，删除集群意味着从联邦中取消加入这个集群。这可以通过 `kubefed unjoin` 命令完成。要删除 `gondor` 群集，需要执行以下操作：
+
+```shell
+kubefed unjoin gondor --host-cluster-context=rivendell
+```
+
+<!--
+You can find more details on unjoin in the
+[kubefed guide](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#removing-a-cluster-from-a-federation).
+-->
+你可以在 [kubefed 指南](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#removing-a-cluster-from-a-federation)中找到更多关于取消加入的详细信息。
+
+<!--
+## Labeling Clusters
+-->
+
+## 标记集群
+
+<!--
+You can label clusters the same way as any other Kubernetes object, which can help with grouping clusters and can also be leveraged by the ClusterSelector.
+-->
+您可以使用与其他任何 Kubernetes 对象相同的方法标记集群，这有助于对集群进行分组，也可以配合使用 ClusterSelector。
+
+``` shell
+kubectl --context=rivendell label cluster gondor key1=value1 key2=value2
+```
+
+<!--
+## ClusterSelector Annotation
+-->
+
+## ClusterSelector 注解
+
+<!--
+Starting in Kubernetes 1.7, there is alpha support for directing objects across the federated clusters with the annotation `federation.alpha.kubernetes.io/cluster-selector`. The *ClusterSelector* is conceptually similar to `nodeSelector`, but instead of selecting against labels on nodes, it selects against labels on federated clusters.
+
+The annotation value must be JSON formatted and must be parsable into the [ClusterSelector API type](/docs/reference/federation/v1beta1/definitions/#_v1beta1_clusterselector). For example: `[{"key": "load", "operator": "Lt", "values": ["10"]}]`. Content that doesn't parse correctly will throw an error and prevent distribution of the object to any federated clusters. Objects of type ConfigMap, Secret, Daemonset, Service and Ingress are included in the alpha implementation.
+
+Here is an example ClusterSelector annotation, which will only select clusters WITH the label `pci=true` and WITHOUT the label `environment=test`:
+-->
+
+从 Kubernetes 1.7 开始，alpha 支持通过注解 `federation.alpha.kubernetes.io/cluster-selector` 在联邦集群中引导对象。。
+*ClusterSelector* 在概念上类似于 `nodeSelector`，但是它不是针对节点上的标签进行选择，而是针对联邦集群上的标签进行选择。
+
+注解值必须是 JSON 格式并且必须可解析为 [ClusterSelector API 类型](/docs/reference/federation/v1beta1/definitions/#_v1beta1_clusterselector)。
+例如：`[{"key": "load", "operator": "Lt", "values": ["10"]}]`，不能正确解析的内容将抛出一个错误，并阻止将对象分发到任何联邦集群。alpha 实现包含 ConfigMap、Secret、Daemonset、Service 和 Ingress 类型的对象。
+
+下面是一个 ClusterSelector 注释示例，它只会选择带有标签 `pci=true` 不选择标签为 `environment=test` 的集群：
+
+```yaml
+  metadata:
+    annotations:
+      federation.alpha.kubernetes.io/cluster-selector: '[{"key": "pci", "operator":
+        "In", "values": ["true"]}, {"key": "environment", "operator": "NotIn", "values":
+        ["test"]}]'
+```
+
+<!--
+The *key* is matched against label names on the federated clusters.
+
+The *values* are matched against the label values on the federated clusters.
+
+The possible *operators* are: `In`, `NotIn`, `Exists`, `DoesNotExist`, `Gt`, `Lt`.
+
+The *values* field is expected to be empty when `Exists` or `DoesNotExist` is specified and may include more than one string when `In` or `NotIn` are used.
+
+Currently, only integers are supported with `Gt` or `Lt`.
+-->
+
+*key* 与联邦集群上的标签名称匹配。
+
+*values* 与联邦集群上的标签值匹配。
+
+可能的*操作符*有：`In`、`NotIn`、`Exists`、`DoesNotExist`、`Gt`、`Lt`。
+
+*values* 字段在指定 `Exists` 或 `DoesNotExist` 时为空，在使用 `In` 或 `NotIn` 时可能包含多个字符串。
+
+目前，`Gt` 和 `Lt` 操作符只支持整数。
+
+<!--
+## Clusters API reference
+
+The full clusters API reference is currently in `federation/v1beta1` and more details can be found in the
+[Federation API reference page](/docs/reference/federation/).
+-->
+
+## 集群 API 参考
+
+完整的集群 API 参考目前在 `federation/v1beta1` 中，更多细节可以在[联邦 API 参考页面](/docs/reference/federation/)中找到。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-federation/configmap.md b/content/zh/docs/tasks/administer-federation/configmap.md
new file mode 100644
index 0000000000000..8ac208f32d75c
--- /dev/null
+++ b/content/zh/docs/tasks/administer-federation/configmap.md
@@ -0,0 +1,129 @@
+---
+title: 联邦 ConfigMap
+content_template: templates/task
+---
+
+<!-- ---
+title: Federated ConfigMap
+content_template: templates/task
+--- -->
+
+{{% capture overview %}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+<!-- This guide explains how to use ConfigMaps in a Federation control plane. -->
+
+这个指南介绍了如何在联邦控制平面中使用 ConfigMaps。
+
+<!-- Federated ConfigMaps are very similar to the traditional [Kubernetes
+ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) and provide the same functionality.
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation. -->
+
+联邦 ConfigMaps 与传统的 [Kubernetes
+ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) 十分相似，并且提供相同的功能。
+在联邦控制平面中创建它们可确保它们在联邦集群间的同步。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- * {{< include "federated-task-tutorial-prereqs.md" >}} -->
+<!-- * You should also have a basic
+[working knowledge of Kubernetes](/docs/setup/pick-right-solution/) in
+general and [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) in particular. -->
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* 你还需要有基本的[Kubernetes 工作常识](/docs/setup/pick-right-solution/)，尤其是[ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Creating a Federated ConfigMap -->
+
+## 创建一个 Federated ConfigMap
+
+<!-- The API for Federated ConfigMap is 100% compatible with the
+API for traditional Kubernetes ConfigMap. You can create a ConfigMap by sending
+a request to the federation apiserver. -->
+
+Federated ConfigMap 的 API 100% 兼容传统的 Kubernetes ConfigMap。你可以通过发送一个请求到联邦 apiserver 来创建一个 ConfigMap。
+
+<!-- You can do that using [kubectl](/docs/user-guide/kubectl/) by running: -->
+
+你可以使用[kubectl](/docs/user-guide/kubectl/)执行：
+
+``` shell
+kubectl --context=federation-cluster create -f myconfigmap.yaml
+```
+
+<!-- The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster. -->
+
+`--context=federation-cluster` 参数告诉 kubectl 发送请求至联邦 apiserver 而不是 Kubernetes 集群。
+
+<!-- Once a Federated ConfigMap is created, the federation control plane will create
+a matching ConfigMap in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example: -->
+
+一旦联邦 ConfigMap 创建成功，联邦控制平面会在所有底层 Kubernetes 集群中创建匹配的 ConfigMap。你可以通过检查每个底层的集群来验证这点，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get configmap myconfigmap
+```
+
+<!-- The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone. -->
+
+以上是假设你在客户端中为该区域中的集群配置了一个名为 'gce-asia-east1a' 的上下文。
+
+<!-- These ConfigMaps in underlying clusters will match the Federated ConfigMap. -->
+这些在底层集群中的 ConfigMaps 会自动匹配联邦 ConfigMap。
+
+
+<!-- ## Updating a Federated ConfigMap -->
+
+## 更新一个联邦 ConfigMap
+
+<!-- You can update a Federated ConfigMap as you would update a Kubernetes
+ConfigMap; however, for a Federated ConfigMap, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+The federation control plane ensures that whenever the Federated ConfigMap is
+updated, it updates the corresponding ConfigMaps in all underlying clusters to
+match it. -->
+
+你可以像更新 Kubernetes ConfigMap 一样更新一个联邦 ConfigMap。然而，对于联邦 ConfigMap，你必须发送请求至联邦 apiserver 而不是指定的 Kubernetes 集群。
+联邦控制平面会确保无论何时联邦 ConfigMap 被更新，它都会更新所有底层集群中想相匹配的 ConfigMaps。
+
+<!-- ## Deleting a Federated ConfigMap -->
+
+## 删除一个联邦 ConfigMap
+
+<!-- You can delete a Federated ConfigMap as you would delete a Kubernetes
+ConfigMap; however, for a Federated ConfigMap, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster. -->
+
+你可以像删除一个 Kubernetes ConfigMap 一样删除一个联邦 ConfigMap。然而，对于联邦 ConfigMap，你必须发送请求至联邦 apiserver 而不是指定的 Kubernetes 集群。
+
+<!-- For example, you can do that using kubectl by running: -->
+
+例如，你可以使用 kubectl 执行：
+
+```shell
+kubectl --context=federation-cluster delete configmap
+```
+
+{{< note >}}
+<!-- Deleting a Federated ConfigMap does not delete the corresponding ConfigMaps from underlying clusters. You must delete the underlying ConfigMaps manually. -->
+
+删除一个联邦 ConfigMap 不会从底层集群中删除相应的 ConfigMaps。你必须手动地删除底层 ConfigMaps。
+{{< /note >}}
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-federation/daemonset.md b/content/zh/docs/tasks/administer-federation/daemonset.md
new file mode 100644
index 0000000000000..d213a1410413e
--- /dev/null
+++ b/content/zh/docs/tasks/administer-federation/daemonset.md
@@ -0,0 +1,156 @@
+---
+title: 联邦（Federated） DaemonSet
+content_template: templates/task
+---
+<!--
+---
+title: Federated DaemonSet
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+<!--
+This guide explains how to use DaemonSets in a federation control plane.
+-->
+本指南介绍了如何在联邦控制平面中使用 DaemonSet。
+
+<!--
+DaemonSets in the federation control plane ("Federated Daemonsets" in
+this guide) are very similar to the traditional Kubernetes
+[DaemonSets](/docs/concepts/workloads/controllers/daemonset/) and provide the same functionality.
+-->
+联邦控制平面中的 DaemonSet （即本指南中的联邦 DaemonSet）与传统的 Kubernetes [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) 非常相似，并提供相同的功能。
+
+<!--
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation.
+-->
+在联邦控制平面中创建它们可以确保它们跨联邦中的所有集群保持同步。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* You are also expected to have a basic
+[working knowledge of Kubernetes](/docs/setup/pick-right-solution/) in
+general and [DaemonSets](/docs/concepts/workloads/controllers/daemonset/) in particular.
+* -->
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* 您还需要具备基本的 [Kubernetes 工作知识](/docs/setup/pick-right-solution/)，特别是关于 [DaemonSet](/docs/concepts/workloads/controllers/daemonset/)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Creating a Federated Daemonset
+-->
+## 创建一个联邦 DaemonSet
+
+<!--
+The API for Federated Daemonset is 100% compatible with the
+API for traditional Kubernetes DaemonSet.
+-->
+用于联邦 DaemonSet 的 API 与用于传统 Kubernetes DaemonSet 的 API 100% 兼容。
+<!--
+You can create a DaemonSet by sending a request to the federation apiserver.
+-->
+您可以通过向联邦 apiserver 发送请求来创建 DaemonSet。
+
+<!--
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+-->
+您可以通过使用 [kubectl](/docs/user-guide/kubectl/) 运行以下命令来执行此操作：
+
+``` shell
+kubectl --context=federation-cluster create -f mydaemonset.yaml
+```
+
+<!--
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+-->
+`--context=federation-cluster` 参数告诉 kubectl 将请求提交给联邦 apiserver，
+而不是发送给 Kubernetes 集群。
+
+<!--
+Once a Federated Daemonset is created, the federation control plane will create
+a matching DaemonSet in all underlying Kubernetes clusters.
+-->
+一旦创建了联邦 DaemonSet，联邦控制平面将在所有底层 Kubernetes 集群中创建匹配的 DaemonSet。
+<!--
+You can verify this by checking each of the underlying clusters, for example:
+-->
+您可以通过检查每个基础集群来验证这一点，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get daemonset mydaemonset
+```
+
+<!--
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone.
+-->
+上面假设您的客户机中为该区域中的集群配置了一个名为 'gce-asia-east1a' 的上下文。
+
+<!--
+## Updating a Federated Daemonset
+-->
+## 更新联邦 DaemonSet
+
+<!--
+You can update a Federated Daemonset as you would update a Kubernetes DaemonSet;
+-->
+您可以像更新 Kubernetes DaemonSet 一样更新联邦 DaemonSet；
+<!--
+however, for a Federated Daemonset, you must send the request to
+-->
+但是，对于联邦 DaemonSet，您必须将请求发送到
+<!--
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+-->
+联邦 apiserver 而不是将其发送到特定的 Kubernetes 集群。
+<!--
+The federation control plane ensures that whenever the Federated Daemonset is
+updated, it updates the corresponding DaemonSets in all underlying clusters to
+match it.
+-->
+联邦控制平面确保每当更新联邦 DaemonSet 时，它都会更新所有底层集群中的相应 DaemonSet 以匹配它。
+
+<!--
+## Deleting a Federated Daemonset
+-->
+## 删除联邦 DaemonSet
+
+<!--
+You can delete a Federated Daemonset as you would delete a Kubernetes DaemonSet; 
+-->
+您可以删除联邦 DaemonSet，就像删除 Kubernetes DaemonSet 一样；
+<!--
+however, for a Federated Daemonset, you must send the request to
+-->
+但是，对于联邦 DaemonSet，您必须将请求发送到
+<!--
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+-->
+联邦 apiserver 而不是将其发送到特定的 Kubernetes 集群。
+
+<!--
+For example, you can do that using kubectl by running:
+-->
+例如，您可以通过使用 kubectl 运行以下命令执行此操作：
+
+```shell
+kubectl --context=federation-cluster delete daemonset mydaemonset
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-federation/events.md b/content/zh/docs/tasks/administer-federation/events.md
new file mode 100644
index 0000000000000..385db13674fc5
--- /dev/null
+++ b/content/zh/docs/tasks/administer-federation/events.md
@@ -0,0 +1,85 @@
+---
+title: 联邦事件
+content_template: templates/concept
+---
+
+<!--
+---
+title: Federated Events
+content_template: templates/concept
+---
+-->
+
+
+{{% capture overview %}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+<!--
+This guide explains how to use events in federation control plane to help in debugging.
+-->
+本指南介绍如何在联邦控制平面中使用事件来帮助调试。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Prerequisites
+-->
+## 前提条件
+
+<!--
+This guide assumes that you have a running Kubernetes Cluster
+Federation installation. If not, then head over to the
+[federation admin guide](/docs/concepts/cluster-administration/federation/) to learn how to
+bring up a cluster federation (or have your cluster administrator do
+this for you). Other tutorials, for example
+[this one](https://github.com/kelseyhightower/kubernetes-cluster-federation)
+by Kelsey Hightower, are also available to help you.
+-->
+本指南假设您已安装好了 Kubernetes 集群联邦。如果没有，请先查看 [联邦管理指南](/docs/admin/federation/) 来学习怎样安装集群联邦（也可以让您的管理员替您完成安装）。
+其他的教程，例如 Kelsey Hightower 编写的 [这个教程](https://github.com/kelseyhightower/kubernetes-cluster-federation) 也会帮到你。
+
+<!--
+You are also expected to have a basic
+[working knowledge of Kubernetes](/docs/setup/) in
+general.
+-->
+您还应该具备 [Kubernetes 的基本操作](/docs/setup) 的知识。
+
+<!--
+## View federation events
+-->
+## 查看联邦事件
+
+<!--
+Events in federation control plane (referred to as "federation events" in
+this guide) are very similar to the traditional Kubernetes
+Events providing the same functionality.
+Federation Events are stored only in federation control plane and are not passed on to the underlying Kubernetes clusters.
+-->
+联邦控制平面的事件（本指南中称为“联邦事件”）与传统的 Kubernetes 事件非常相似，提供相同功能。
+联邦事件仅存储在联邦控制平面中，不会传递给下层 Kubernetes 集群。
+
+<!--
+Federation controllers create events as they process API resources to surface to the
+user, the state that they are in.
+You can get all events from federation apiserver by running:
+-->
+联邦控制器在处理 API 资源时创建事件，以向用户显示它们所处的状态。
+您可以通过运行以下命令从联邦 API 服务器获取所有事件：
+
+```shell
+kubectl --context=federation-cluster get events
+```
+
+<!--
+The standard kubectl get, update, delete commands will all work.
+-->
+标准的 kubectl get、update、delete 命令都可以正常工作。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-federation/hpa.md b/content/zh/docs/tasks/administer-federation/hpa.md
new file mode 100644
index 0000000000000..2608ce6447aa8
--- /dev/null
+++ b/content/zh/docs/tasks/administer-federation/hpa.md
@@ -0,0 +1,292 @@
+---
+title: 联邦横向 Pod 伸缩器 (HPA)
+content_template: templates/task
+---
+<!--
+---
+title: Federated Horizontal Pod Autoscalers (HPA)
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< feature-state state="alpha" >}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+<!--
+This guide explains how to use federated horizontal pod autoscalers (HPAs) in the federation control plane.
+
+HPAs in the federation control plane are similar to the traditional [Kubernetes
+HPAs](/docs/tasks/run-application/horizontal-pod-autoscale/), and provide the same functionality.
+Creating an HPA targeting a federated object in the federation control plane ensures that the
+desired number of replicas of the target object are scaled across the registered clusters,
+instead of a single cluster. Also, the control plane keeps monitoring the status of each
+individual HPA in the federated clusters and ensures the workload replicas move where they are
+needed most by manipulating the min and max limits of the HPA objects in the federated clusters.
+-->
+本指南介绍了如何在联邦控制平面中使用联邦横向 pod 自动伸缩器 （HPAs）。
+
+联邦控制平面中的 HPA 与传统的 [Kubernetes HPA](/docs/tasks/run-application/horizontal-pod-autoscale/) 非常相似，提供相同的功能。
+ 在联邦控制平面中针对联邦对象创建的 HPA 将保证目标对象的期望副本在所有注册集群上进行伸缩，而不是在单个集群上。此外，控制平面持续监控联邦集群中单个 HPA 的状态，通过操作联邦集群中 HPA 对象的最小和最大限制值来确保工作副本被移动到最需要的地方。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* You are also expected to have a basic
+[working knowledge of Kubernetes](/docs/setup/) in
+general and [HPAs](/docs/tasks/run-application/horizontal-pod-autoscale/) in particular.
+
+The federated HPA is an alpha feature. The API is not enabled by default on the
+federated API server. To use this feature, the user or the admin deploying the federation control
+plane needs to run the federated API server with option `--runtime-config=api/all=true` to
+enable all APIs, including alpha APIs. Additionally, the federated HPA only works
+when used with CPU utilization metrics.
+-->
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* 通常您还应当拥有基本的 [Kubernetes 应用知识](/docs/setup/)，特别是 [HPA](/docs/tasks/run-application/horizontal-pod-autoscale/) 。
+
+联邦 HPA 是一个 alpha 特性。默认情况下该 API 没有在联邦 API server 上启用。要使用此特性，部署联邦控制平面的用户或管理员需要使用 `--runtime-config=api/all=true` 选项运行联邦 API server 以启用所有 API（包括 alpha API）。此外，联邦 HPA 只能和 CPU 使用率度量一起使用。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Creating a federated HPA
+
+The API for federated HPAs is 100% compatible with the
+API for traditional Kubernetes HPA. You can create an HPA by sending
+a request to the federation API server.
+
+You can do that with [kubectl](/docs/user-guide/kubectl/) by running:
+
+```shell
+cat <<EOF | kubectl --context=federation-cluster create -f -
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: php-apache
+  namespace: default
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1beta1
+    kind: Deployment
+    name: php-apache
+  minReplicas: 1
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 50
+EOF
+```
+
+The `--context=federation-cluster` flag tells `kubectl` to submit the
+request to the federation API server instead of sending it to a Kubernetes
+cluster.
+
+Once a federated HPA is created, the federation control plane partitions and
+creates the HPA in all underlying Kubernetes clusters. As of Kubernetes V1.7,
+[cluster selectors](/docs/tasks/administer-federation/cluster/#clusterselector-annotation)
+can also be used to restrict any federated object, including the HPAs in a subset
+of clusters.
+
+You can verify the creation by checking each of the underlying clusters. For example, with a context named `gce-asia-east1a`
+configured in your client for your cluster in that zone:
+
+```shell
+kubectl --context=gce-asia-east1a get HPA php-apache
+```
+
+The HPA in the underlying clusters will match the federation HPA
+except in the number of min and max replicas. The federation control plane ensures that the sum of max replicas in each cluster matches the specified
+max replicas on the federated HPA object, and the sum of minimum replicas will be greater
+than or equal to the minimum specified on the federated HPA object. 
+
+{{< note >}}
+A particular cluster cannot have a minimum replica sum of 0.
+{{< /note >}}
+-->
+## 创建联邦 HPA
+
+联邦 HPA 的 API 100% 兼容传统 Kubernetes HPA 的 API。您可以通过向联邦 API server 发送请求来创建 HPA。
+
+您可以使用 [kubectl](/docs/user-guide/kubectl/) 运行命令：
+
+```shell
+cat <<EOF | kubectl --context=federation-cluster create -f -
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: php-apache
+  namespace: default
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1beta1
+    kind: Deployment
+    name: php-apache
+  minReplicas: 1
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 50
+EOF
+```
+
+`--context=federation-cluster` 参数告诉 `kubectl` 将请求提交到联邦 API server 而不是发送给某一个 Kubernetes 集群。
+
+一旦创建了联邦 HPA，联邦控制平面就会对其进行分区，并在所有基础集群中创建 HPA。从 Kubernetes v1.7 开始，[cluster selectors](/docs/tasks/administer-federation/cluster/#clusterselector-annotation) 同样可以用来限制任何联邦对象，包括集群子集中的 HPA。
+
+您可以通过检查每个基础集群来验证创建是否成功。例如，您的客户端配置了名为 `gce-asia-east1a` 的上下文，集群处于该区域中：
+
+```shell
+kubectl --context=gce-asia-east1a get HPA php-apache
+```
+
+除了最小和最大副本的数量之外，基础集群中的 HPA 将与联邦 HPA 相匹配。联邦控制平面将保证每个集群的最大副本数总和等于联邦 HPA 对象的最大副本数，并且最小副本总和大于等于联邦 HPA 对象的最小副本数。
+
+{{< note >}}
+集群的最小副本总和不能为 0。
+{{< /note >}}
+
+<!--
+### Spreading HPA min and max replicas in underlying clusters
+
+By default, first max replicas are spread equally in all the underlying clusters, then min replicas are distributed to those clusters that received their maximum value. This means
+that each cluster will get an HPA if the specified max replicas are greater than
+the total clusters participating in this federation, and some clusters will be
+skipped if specified max replicas are less than the total clusters participating
+in the federation.
+
+For example: if you have 3 registered clusters and you create a federated HPA with
+`spec.maxReplicas = 9`, and `spec.minReplicas = 2`, then each HPA in the 3 clusters
+will get `spec.maxReplicas=3` and `spec.minReplicas = 1`.
+
+Currently the default distribution is only available on the federated HPA, but in the
+future, users preferences could also be specified to control and/or restrict this
+distribution.
+-->
+### 在基础集群中分发 HPA 的最小和最大副本数
+
+默认情况下，首先将最大副本数在所有基础集群中平均分布，然后再将最小副本数分发给已接收了最大副本数的集群。这意味着，如果指定的最大副本数大于联邦的集群数，则每个集群都将获得一个 HPA。反之，如果指定的最大副本数小于联邦的集群数，则会跳过某些集群。
+
+举例说明：如果您有3个注册集群，并且您使用参数 `spec.maxReplicas = 9` 和 `spec.minReplicas = 2` 创建了一个联邦 HPA，那么3个集群中的每个 HPA 都将获得 `spec.maxReplicas=3` 和 `spec.minReplicas = 1` 的参数。
+
+目前，联邦 HPA 仅可以使用默认的分发机制，但在将来，用户将可以设置偏好来控制和/或限制分发过程。
+
+<!--
+## Updating a federated HPA
+
+You can update a federated HPA as you would update a Kubernetes
+HPA; however, for a federated HPA, you must send the request to
+the federation API server instead of sending it to a specific Kubernetes cluster.
+The Federation control plane ensures that whenever the federated HPA is
+updated, it updates the corresponding HPA in all underlying clusters to
+match it.
+
+If your update includes a change in the number of replicas, the federation
+control plane will change the number of replicas in underlying clusters to
+ensure that the sum of the max and min replicas remains matched as specified
+in the previous section.
+-->
+## 更新联邦 HPA
+
+您可以像更新 Kubernetes HPA 一样更新联邦 HPA；但是，对于联邦 HPA 您必须将请求发送给联邦 API server 而不是发送到一个特定的 Kubernetes 集群。联邦控制平面将保证在联邦 HPA 被更新后，它会对所有基础集群中与之对应的 HPA 进行更新。
+
+如果您的更新修改了副本数量，联邦控制平面将修改基础集群中的副本数量，保证最小副本总数和最大副本总数仍然符合要求正如前文所述。
+
+<!--
+## Deleting a federated HPA
+
+You can delete a federated HPA as you would delete a Kubernetes
+HPA; however, for a federated HPA, you must send the request to
+the federation API server instead of to a specific Kubernetes cluster.
+
+{{< note >}}
+For the federated resource to be deleted from all underlying clusters, [cascading deletion](/docs/concepts/cluster-administration/federation/#cascading-deletion) should be used.
+{{< /note >}}
+
+For example, you can do that using `kubectl` by running:
+
+```shell
+kubectl --context=federation-cluster delete HPA php-apache
+```
+-->
+## 删除联邦 HPA
+
+您可以像删除 Kubernetes HPA 一样删除联邦 HPA；但是，对于联邦 HPA， 您必须将请求发送给联邦 API server 而不是发送到一个特定的 Kubernetes 集群。
+
+{{< note >}}
+如果要删除所有基础集群中的联邦资源，应该使用 [级联删除](/docs/concepts/cluster-administration/federation/#cascading-deletion)。
+{{< /note >}}
+
+例如，您可以使用 `kubectl` 运行命令：
+
+```shell
+kubectl --context=federation-cluster delete HPA php-apache
+```
+
+<!--
+## Alternative ways to use federated HPA
+
+To a federation user interacting with federated control plane (or simply federation),
+the interaction is almost identical to interacting with a normal Kubernetes cluster (but
+with a limited set of APIs that are federated). As both Deployments and
+HorizontalPodAutoscalers are now federated, `kubectl` commands like `kubectl run`
+and `kubectl autoscale` work on federation. Given this fact, the mechanism specified in
+[horizontal pod autoscaler walkthrough](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/)
+will also work when used with federation.
+Care however will need to be taken that when
+[generating load on a target deployment](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#step-three-increase-load),
+it should be done against a specific federated cluster (or multiple clusters) not the federation.
+-->
+## 使用联邦 HPA 的其他方法
+
+对于和联邦控制平面（或简称联邦）交互的用户，这种交互几乎和与一个普通 Kubernetes 集群的交互完全相同（但只能使用有限的联邦 API 集合）。由于目前 Deployment 和 HorizontalPodAutoscaler 都有联邦版本，类似 `kubectl run` 和 `kubectl autoscale` 的 `kubectl` 命令都可以在联邦上运行。鉴于这个事实，[horizontal pod autoscaler walkthrough](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/) 中指定的机制同样可以在联邦中运行。但也需要注意，当[在目标 deployment 上生成负载](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#step-three-increase-load) 时，应该针对一个特定的联邦集群（或多个集群）而不是整个联邦。
+
+<!--
+## Conclusion
+
+The use of federated HPA is to ensure workload replicas move to the cluster(s) where
+they are needed most, or in other words where the load is beyond expected threshold.
+The federated HPA feature achieves this by manipulating the min and max replicas on the
+HPAs it creates in the federated clusters. It does not directly monitor the target
+object metrics from the federated clusters. It actually relies on the in-cluster HPA
+controllers to monitor the metrics and update relevant fields. The in-cluster HPA
+controller monitors the target pod metrics and updates the fields like desired
+replicas (after metrics based calculations) and current replicas (observing the
+current status of in cluster pods). The federated HPA controller, on the other hand,
+monitors only the cluster-specific HPA object fields and updates the min replica and
+max replica fields of those in cluster HPA objects, which have replicas matching thresholds.
+
+For example, if a cluster has both desired replicas and current replicas the same as the max replicas,
+and averaged current CPU utilization still higher than the target CPU utilization (all of which
+are fields on local HPA object), then the target app in this cluster
+needs more replicas, and the scaling is currently restricted by max replicas set on this local
+HPA object. In such a scenario, the federated HPA controller scans all clusters and tries to
+find clusters which do not have such a condition (meaning the desired replicas are less
+than the max, and current averaged CPU utilization is lower then the threshold). If it finds such
+a cluster, it reduces the max replica on the HPA in this cluster and increases the max replicas
+on the HPA in the cluster which needed the replicas.
+
+There are many other similar conditions which the federated HPA controller checks and moves the max
+replicas and min replicas around the local HPAs in federated clusters to eventually ensure that
+the replicas move (or remain) in the cluster(s) which need them.
+
+For more information, see ["federated HPA design proposal"](https://github.com/kubernetes/community/pull/593).
+-->
+## 结论
+
+使用联邦 HPA 是为了保证工作副本移动到最需要它们的地方，换句话说，是移动到负载超过期望阈值的地方。联邦 HPA 功能通过操作其在联邦集群中创建的 HPA 的最小和最大副本数来实现此目的。它并不直接监控联邦集群中目标对象的度量值，实际上依赖于集群内部的 HPA 控制器来监控目标 pod 的度量值并更新相关字段。集群内部的 HPA 控制器监控目标 pod 的度量值并更新相关字段，如期望的副本数（在基于度量的计算之后）和当前副本数（通过观察集群中 pod 的当前状态）。另一方面，联邦 HPA 控制器只监控集群特定的 HPA 对象字段并更新集群中 HPA 对象的最小和最大副本数字段，这些对象的副本数和阈值匹配。
+
+例如，如果一个集群同时拥有期望副本数和当前副本数，其值与最大副本数相同，但当前 CPU 的平均利用率仍然高于目标使用率（它们都是本地 HPA 对象上的字段）时，集群中的目标应用程序就需要更多的副本，但是扩容动作被本地 HPA 对象上设置的最大副本数限制。在这种场景下，联邦 HPA 控制器将会扫描所有集群并尝试查找没有这种条件的集群（意思是期望副本数小于最大值且当前 CPU 平均使用率低于阈值）。如果找到了这样的集群，它会减少该集群中 HPA 的最大副本数，并增加最需要副本的集群上的 HPA 的最大副本数。
+
+还存在许多类似的情况导致联邦 HPA 控制器检查并移动联邦集群中本地 HPA 的最大和最小副本数，以确保副本最终移动（或保留）到最需要它们的集群中。
+
+更多相关信息请参考["联邦 HPA 设计提议"](https://github.com/kubernetes/community/pull/593)。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/administer-federation/namespaces.md b/content/zh/docs/tasks/administer-federation/namespaces.md
new file mode 100644
index 0000000000000..04261c46a8498
--- /dev/null
+++ b/content/zh/docs/tasks/administer-federation/namespaces.md
@@ -0,0 +1,140 @@
+---
+title: 联邦命名空间
+content_template: templates/task
+---
+
+{{% capture overview %}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+本指南介绍如何在联邦控制平面中使用命名空间。
+
+联邦控制平面中的命名空间（在本指南中称为“联邦命名空间”）与提供相同功能的传统 [Kubernetes 命名空间](/docs/concepts/overview/working-with-objects/namespaces/)非常相似。在联邦控制平面中创建它们可确保它们在联邦中的所有集群之间同步。
+
+<!--
+This guide explains how to use Namespaces in Federation control plane.
+
+Namespaces in federation control plane (referred to as "federated Namespaces" in
+this guide) are very similar to the traditional [Kubernetes
+Namespaces](/docs/concepts/overview/working-with-objects/namespaces/) providing the same functionality.
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation.
+-->
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* 一般来说您还应具备 [Kubernetes 的基本工作知识](/docs/setup/pick-right-solution/)，尤其是[命名空间](/docs/concepts/overview/working-with-objects/namespaces/)。
+
+<!--
+* You are also expected to have a basic
+[working knowledge of Kubernetes](/docs/setup/pick-right-solution/) in
+general and [Namespaces](/docs/concepts/overview/working-with-objects/namespaces/) in particular.
+-->
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+## 创建联邦命名空间
+
+联邦命名空间的 API 与传统 Kubernetes 命名空间的 API 100％兼容。您可以通过给联邦 API 服务器发送请求来创建一个命名空间。
+
+您可以通过运行以下 kubectl 命令来执行此操作：
+
+<!--
+## Creating a Federated Namespace
+
+The API for Federated Namespaces is 100% compatible with the
+API for traditional Kubernetes Namespaces. You can create a Namespace by sending
+a request to the federation apiserver.
+
+You can do that using kubectl by running:
+-->
+
+``` shell
+kubectl --context=federation-cluster create -f myns.yaml
+```
+
+参数 `--context=federation-cluster` 用于告知 kubectl 要向联邦 API 服务器提交请求而不是 Kubernetes 集群。
+
+一旦联邦命名空间被创建，联邦控制平面将在所有基础的 Kubernetes 集群中创建与之相匹配的命名空间。
+您可以通过检查每个基础集群来验证这一点，例如：
+
+<!--
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+
+Once a federated Namespace is created, the federation control plane will create
+a matching Namespace in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+-->
+
+``` shell
+kubectl --context=gce-asia-east1a get namespaces myns
+```
+
+以上假设您在客户机中为该区域的集群配置了一个名为 'gce-asia-east1a' 的上下文。基础命名空间的名称和 spec 将与您在上面创建的联合命名空间的名称和 spec 相匹配。
+
+
+<!--
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone. The name and
+spec of the underlying Namespace will match those of
+the Federated Namespace that you created above.
+-->
+
+## 更新联邦命名空间
+
+您可以像更新 Kubernetes 命名空间一样更新联邦命名空间，只需要将请求发送给联邦的 API 服务器，而不是发送给特定的 Kubernetes 集群。
+联邦控制平面将确保每当更新联邦命名空间时，它都会更新所有基础集群中的相应命名空间以与其匹配。
+
+<!--
+## Updating a Federated Namespace
+
+You can update a federated Namespace as you would update a Kubernetes
+Namespace, just send the request to federation apiserver instead of sending it
+to a specific Kubernetes cluster.
+Federation control plan will ensure that whenever the federated Namespace is
+updated, it updates the corresponding Namespaces in all underlying clusters to
+match it.
+-->
+
+## 删除联邦命名空间
+
+您可以删除联邦命名空间就像删除 Kubernetes 命名空间一样，只需要将请求发送给联邦的 API 服务器，而不是发送给特定的 Kubernetes 集群。
+
+例如，您可以通过运行以下 kubectl 命令来执行此操作：
+
+<!--
+## Deleting a Federated Namespace
+
+You can delete a federated Namespace as you would delete a Kubernetes
+Namespace, just send the request to federation apiserver instead of sending it
+to a specific Kubernetes cluster.
+
+For example, you can do that using kubectl by running:
+-->
+```shell
+kubectl --context=federation-cluster delete ns myns
+```
+
+与在 Kubernetes 中一样，删除联邦命名空间将从联邦控制平面中删除该命名空间中的所有资源。
+
+<!--
+As in Kubernetes, deleting a federated Namespace will delete all resources in that
+Namespace from the federation control plane.
+-->
+
+{{< note >}}
+就此，删除联邦命名空间不会从基础集群中删除相应的命名空间或这些命名空间中的资源。用户必须手动删除它们。我们打算在将来解决这个问题。
+<!--
+At this point, deleting a federated Namespace will not delete the corresponding Namespace, or resources in those Namespaces, from underlying clusters. Users must delete them manually. We intend to fix this in the future.
+-->
+{{< /note >}}
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/administer-federation/secret.md b/content/zh/docs/tasks/administer-federation/secret.md
new file mode 100644
index 0000000000000..c13f095d0b027
--- /dev/null
+++ b/content/zh/docs/tasks/administer-federation/secret.md
@@ -0,0 +1,156 @@
+---
+title: 联邦 Secret
+content_template: templates/concept
+---
+
+<!--
+---
+title: Federated Secrets
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+<!--
+This guide explains how to use secrets in Federation control plane.
+
+Secrets in federation control plane (referred to as "federated secrets" in
+this guide) are very similar to the traditional [Kubernetes
+Secrets](/docs/concepts/configuration/secret/) providing the same functionality.
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation.
+-->
+
+本指南解释了怎样使用联邦控制平面中的 secret。
+
+联邦控制平面中的 secret (请参考本文的 "联邦 secrets" 章节) 和传统的[Kubernetes Secrets](/docs/concepts/configuration/secret/)非常类似并提供相同的功能。
+在联邦控制平面中创建它们可以确保它们在联邦中的所有集群之间同步。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Prerequisites
+
+This guide assumes that you have a running Kubernetes Cluster
+Federation installation. If not, then head over to the
+[federation admin guide](/docs/admin/federation/) to learn how to
+bring up a cluster federation (or have your cluster administrator do
+this for you). Other tutorials, for example
+[this one](https://github.com/kelseyhightower/kubernetes-cluster-federation)
+by Kelsey Hightower, are also available to help you.
+-->
+
+## 前提条件
+
+本指南假设您安装好了 Kubernetes 集群联邦。如果没有，请先查看 [federation admin guide](/docs/admin/federation/) 来学习怎样安装集群联邦（也可以让您的管理员替您完成安装）。
+其他的教程，例如 Kelsey Hightower 编写的 [这个教程](https://github.com/kelseyhightower/kubernetes-cluster-federation) 也会帮到你。
+
+<!--
+You are also expected to have a basic
+[working knowledge of Kubernetes](/docs/setup/) in
+general and [Secrets](/docs/concepts/configuration/secret/) in particular.
+-->
+
+也希望您大概了解一些基本的 [Kubernetes 知识](/docs/setup/) 特别是和 [Secrets](/docs/concepts/configuration/secret/) 相关的知识。
+
+<!--
+## Creating a Federated Secret
+
+The API for Federated Secret is 100% compatible with the
+API for traditional Kubernetes Secret. You can create a secret by sending
+a request to the federation apiserver.
+
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+-->
+
+## 创建联邦 Secret
+
+联邦 Secret 的 API 与传统的 Kubernetes Secret 的 API 100% 兼容。
+你可以通过向联邦的 ApiServer 发出请求来创建 Secret。
+
+``` shell
+kubectl --context=federation-cluster create -f mysecret.yaml
+```
+
+<!--
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+-->
+
+`--context=federation-cluster` 参数告诉 kubectl 将请求提交给联邦 ApiServer 而不是将其发送到 Kubernetes 集群上。
+
+<!--
+Once a federated secret is created, the federation control plane will create
+a matching secret in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+-->
+
+在创建完联邦 secret 后，联邦控制平面将在所有底层 Kubernetes 集群中创建匹配的 secret。
+您可以通过检查每个底层集群来验证这一点，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get secret mysecret
+```
+
+<!--
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone.
+
+These secrets in underlying clusters will match the federated secret.
+-->
+
+以上假设您在客户端上为该区域的集群配置了一个名为 'gce-asia-east1a' 的上下文。
+
+底层集群中的这些 secret 将与联邦 secret 相匹配。
+
+<!--
+## Updating a Federated Secret
+
+You can update a federated secret as you would update a Kubernetes
+secret; however, for a federated secret, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+The Federation control plan ensures that whenever the federated secret is
+updated, it updates the corresponding secrets in all underlying clusters to
+match it.
+-->
+
+## 更新联邦 secret
+
+您可以像更新 Kubernetes secret 那样更新联邦 secret；但是，对于联邦 secret，必须将请求发送到联邦 ApiServer，而非某个 Kubernetes 集群上。
+联邦控制平面确保每当联邦 secret 被更新时，它来更新所有底层集群中的相应 secret ，以便相互匹配。
+
+<!--
+## Deleting a Federated Secret
+
+You can delete a federated secret as you would delete a Kubernetes
+secret; however, for a federated secret, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+
+For example, you can do that using kubectl by running:
+-->
+
+## 删除联邦 Secret
+
+您可以像删除 Kubernetes secret 那样删除联邦 secret；但是，对于联邦 secret，必须将请求发送到联邦 ApiServer，而不是将其发送到特定的 Kubernetes 集群。
+
+例如，您可以使用 kubectl 来进行删除：
+
+```shell
+kubectl --context=federation-cluster delete secret mysecret
+```
+
+{{< note >}}
+<!--At this point, deleting a federated secret will not delete the corresponding secrets from underlying clusters. You must delete the underlying secrets manually. We intend to fix this in the future.-->
+目前，删除联邦 secret 并不会从底层集群中删除相应的 secret。您必须手动删除底层 secret。我们考虑在将来解决这个问题。
+{{< /note >}}
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/configure-pod-container/_index.md b/content/zh/docs/tasks/configure-pod-container/_index.md
index 2e7dd9a95ad27..de5e02d5a089f 100644
--- a/content/zh/docs/tasks/configure-pod-container/_index.md
+++ b/content/zh/docs/tasks/configure-pod-container/_index.md
@@ -1,12 +1,10 @@
-<!--
 ---
-title: "Configure Pods and Containers"
+title: "配置 Pods 和容器"
 weight: 20
 ---
--->
 
----
-title: "配置 Pod 和 容器"
+<!--
+title: "Configure Pods and Containers"
 weight: 20
----
+-->
 
diff --git a/content/zh/docs/tasks/configure-pod-container/assign-pods-nodes.md b/content/zh/docs/tasks/configure-pod-container/assign-pods-nodes.md
index ec3952530487e..770c429b9b346 100644
--- a/content/zh/docs/tasks/configure-pod-container/assign-pods-nodes.md
+++ b/content/zh/docs/tasks/configure-pod-container/assign-pods-nodes.md
@@ -66,7 +66,7 @@ Kubernetes cluster.
 -->
 1. 验证你选择的节点是否有 `disktype=ssd` 标签：
 
-       kubectl get nodes --show-labels
+        kubectl get nodes --show-labels
 
 
     <!--
diff --git a/content/zh/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md b/content/zh/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md
index 746c123a3d3f4..be1bbfa5989b0 100644
--- a/content/zh/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md
+++ b/content/zh/docs/tasks/configure-pod-container/attach-handler-lifecycle-event.md
@@ -32,7 +32,6 @@ Kubernetes 将发送一个 preStop 事件。
 
 {{% /capture %}}
 
-
 {{% capture steps %}}
 
 <!--
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md b/content/zh/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md
new file mode 100644
index 0000000000000..51143113fe04a
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md
@@ -0,0 +1,375 @@
+---
+title: 配置 Pod 以使用 PersistentVolume 作为存储
+content_template: templates/task
+weight: 60
+---
+
+<!--
+---
+title: Configure a Pod to Use a PersistentVolume for Storage
+content_template: templates/task
+weight: 60
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to configure a Pod to use a PersistentVolumeClaim for storage.
+Here is a summary of the process:
+
+1. A cluster administrator creates a PersistentVolume that is backed by physical
+storage. The administrator does not associate the volume with any Pod.
+
+1. A cluster user creates a PersistentVolumeClaim, which gets automatically
+bound to a suitable PersistentVolume.
+
+1. The user creates a Pod that uses the PersistentVolumeClaim as storage.
+-->
+
+本文介绍如何配置 Pod 使用 PersistentVolumeClaim 作为存储。
+以下是该过程的总结：
+
+1. 集群管理员创建由物理存储支持的 PersistentVolume。管理员不将卷与任何 Pod 关联。
+
+1. 群集用户创建一个 PersistentVolumeClaim，它将自动绑定到合适的 PersistentVolume。
+
+1. 用户创建一个使用 PersistentVolumeClaim 作为存储的 Pod。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* You need to have a Kubernetes cluster that has only one Node, and the kubectl
+command-line tool must be configured to communicate with your cluster. If you
+do not already have a single-node cluster, you can create one by using
+[Minikube](/docs/getting-started-guides/minikube).
+
+* Familiarize yourself with the material in
+[Persistent Volumes](/docs/concepts/storage/persistent-volumes/).
+-->
+
+* 您需要一个包含单个节点的 Kubernetes 集群，并且必须配置 kubectl 命令行工具以便与集群交互。
+如果还没有单节点集群，可以使用 [Minikube](/docs/getting-started-guides/minikube) 创建一个。
+
+* 熟悉[持久卷](/docs/concepts/storage/persistent-volumes/)中的材料。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Create an index.html file on your Node
+
+Open a shell to the Node in your cluster. How you open a shell depends on how
+you set up your cluster. For example, if you are using Minikube, you can open a
+shell to your Node by entering `minikube ssh`.
+
+In your shell, create a `/mnt/data` directory:
+-->
+
+## 在你的节点上创建一个 index.html 文件
+
+打开集群中节点的一个 shell。
+如何打开 shell 取决于集群的设置。
+例如，如果您正在使用 Minikube，那么可以通过输入 `minikube ssh` 来打开节点的 shell。
+
+在 shell 中，创建一个 `/mnt/data` 目录：
+
+    mkdir /mnt/data
+
+<!--
+In the `/mnt/data` directory, create an `index.html` file:
+-->
+
+在 `/mnt/data` 目录中创建一个 index.html 文件：
+
+    echo 'Hello from Kubernetes storage' > /mnt/data/index.html
+
+<!--
+## Create a PersistentVolume
+
+In this exercise, you create a *hostPath* PersistentVolume. Kubernetes supports
+hostPath for development and testing on a single-node cluster. A hostPath
+PersistentVolume uses a file or directory on the Node to emulate network-attached storage.
+-->
+
+## 创建 PersistentVolume
+
+在本练习中，您将创建一个 *hostPath* 类型的 PersistentVolume。
+Kubernetes 支持用于在单节点集群上开发和测试的 hostPath 类型的 PersistentVolume。
+hostPath 类型的 PersistentVolume 使用节点上的文件或目录来模拟附带网络的存储。
+
+<!--
+In a production cluster, you would not use hostPath. Instead a cluster administrator
+would provision a network resource like a Google Compute Engine persistent disk,
+an NFS share, or an Amazon Elastic Block Store volume. Cluster administrators can also
+use [StorageClasses](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#storageclass-v1-storage)
+to set up
+[dynamic provisioning](https://kubernetes.io/blog/2016/10/dynamic-provisioning-and-storage-in-kubernetes).
+
+Here is the configuration file for the hostPath PersistentVolume:
+-->
+
+在生产集群中，您不会使用 hostPath。集群管理员会提供网络存储资源，比如 Google Compute Engine 持久盘卷、NFS 共享卷或 Amazon Elastic Block Store 卷。
+集群管理员还可以使用 [StorageClasses](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#storageclass-v1-storage) 来设置[动态提供存储](https://kubernetes.io/blog/2016/10/dynamic-provisioning-and-storage-in-kubernetes)。
+
+下面是 hostPath PersistentVolume 的配置文件：
+
+{{< codenew file="pods/storage/pv-volume.yaml" >}}
+
+<!--
+The configuration file specifies that the volume is at `/mnt/data` on the
+cluster's Node. The configuration also specifies a size of 10 gibibytes and
+an access mode of `ReadWriteOnce`, which means the volume can be mounted as
+read-write by a single Node. It defines the [StorageClass name](/docs/concepts/storage/persistent-volumes/#class)
+`manual` for the PersistentVolume, which will be used to bind
+PersistentVolumeClaim requests to this PersistentVolume.
+
+Create the PersistentVolume:
+-->
+
+配置文件指定了该卷位于集群节点上的 `/mnt/data` 目录。
+该配置还指定了 10 吉比特的卷大小和 `ReadWriteOnce` 的访问模式，这意味着该卷可以在单个节点上以读写方式挂载。
+它为 PersistentVolume 定义了 [StorageClass 名称](/docs/concepts/storage/persistent-volumes/#class) 为 `manual`，StorageClass 名称用来将 PersistentVolumeClaim 请求绑定到该 PersistentVolum。
+
+创建 PersistentVolume：
+
+    kubectl create -f https://k8s.io/examples/pods/storage/pv-volume.yaml
+
+<!--
+View information about the PersistentVolume:
+-->
+
+查看 PersistentVolume 的信息：
+
+    kubectl get pv task-pv-volume
+
+<!--
+The output shows that the PersistentVolume has a `STATUS` of `Available`. This
+means it has not yet been bound to a PersistentVolumeClaim.
+-->
+
+输出结果显示该 PersistentVolume 的`状态（STATUS）` 为 `Available`。
+这意味着它还没有被绑定给 PersistentVolumeClaim。
+
+    NAME             CAPACITY   ACCESSMODES   RECLAIMPOLICY   STATUS      CLAIM     STORAGECLASS   REASON    AGE
+    task-pv-volume   10Gi       RWO           Retain          Available             manual                   4s
+
+<!--
+## Create a PersistentVolumeClaim
+
+The next step is to create a PersistentVolumeClaim. Pods use PersistentVolumeClaims
+to request physical storage. In this exercise, you create a PersistentVolumeClaim
+that requests a volume of at least three gibibytes that can provide read-write
+access for at least one Node.
+
+Here is the configuration file for the PersistentVolumeClaim:
+-->
+
+## 创建 PersistentVolumeClaim
+
+下一步是创建一个 PersistentVolumeClaim。
+Pod 使用 PersistentVolumeClaim 来请求物理存储。
+在本练习中，您将创建一个 PersistentVolumeClaim，它请求至少 3 吉比特容量的卷，该卷至少可以为一个节点提供读写访问。
+
+下面是 PersistentVolumeClaim 的配置文件：
+
+{{< codenew file="pods/storage/pv-claim.yaml" >}}
+
+<!--
+Create the PersistentVolumeClaim:
+-->
+
+创建 PersistentVolumeClaim：
+
+    kubectl create -f https://k8s.io/examples/pods/storage/pv-claim.yaml
+
+<!--
+After you create the PersistentVolumeClaim, the Kubernetes control plane looks
+for a PersistentVolume that satisfies the claim's requirements. If the control
+plane finds a suitable PersistentVolume with the same StorageClass, it binds the
+claim to the volume.
+
+Look again at the PersistentVolume:
+-->
+
+创建 PersistentVolumeClaim 之后，Kubernetes 控制平面将查找满足申领要求的 PersistentVolume。
+如果控制平面找到具有相同 StorageClass 的适当的 PersistentVolume，则将 PersistentVolumeClaim 绑定到该 PersistentVolume 上。
+
+再次查看 PersistentVolume 信息：
+
+    kubectl get pv task-pv-volume
+
+<!--
+Now the output shows a `STATUS` of `Bound`.
+-->
+现在输出的 `STATUS` 为 `Bound`。
+
+    NAME             CAPACITY   ACCESSMODES   RECLAIMPOLICY   STATUS    CLAIM                   STORAGECLASS   REASON    AGE
+    task-pv-volume   10Gi       RWO           Retain          Bound     default/task-pv-claim   manual                   2m
+
+<!--
+Look at the PersistentVolumeClaim:
+-->
+查看 PersistentVolumeClaim：
+
+    kubectl get pvc task-pv-claim
+
+<!--
+The output shows that the PersistentVolumeClaim is bound to your PersistentVolume,
+`task-pv-volume`.
+-->
+
+输出结果表明该 PersistentVolumeClaim 绑定了你的 PersistentVolume `task-pv-volume`。
+
+    NAME            STATUS    VOLUME           CAPACITY   ACCESSMODES   STORAGECLASS   AGE
+    task-pv-claim   Bound     task-pv-volume   10Gi       RWO           manual         30s
+
+<!--
+## Create a Pod
+
+The next step is to create a Pod that uses your PersistentVolumeClaim as a volume.
+
+Here is the configuration file for the Pod:
+-->
+
+## 创建 Pod
+
+下一步是创建一个 Pod， 该 Pod 使用你的 PersistentVolumeClaim 作为存储卷。
+
+下面是 Pod 的 配置文件：
+
+{{< codenew file="pods/storage/pv-pod.yaml" >}}
+
+<!--
+Notice that the Pod's configuration file specifies a PersistentVolumeClaim, but
+it does not specify a PersistentVolume. From the Pod's point of view, the claim
+is a volume.
+
+Create the Pod:
+-->
+
+注意 Pod 的配置文件指定了 PersistentVolumeClaim，但没有指定 PersistentVolume。对 Pod 而言，PersistentVolumeClaim 就是一个存储卷。
+
+创建 Pod：
+
+    kubectl create -f https://k8s.io/examples/pods/storage/pv-pod.yaml
+
+<!--
+Verify that the Container in the Pod is running;
+-->
+
+检查 Pod 中的容器是否运行正常：
+
+    kubectl get pod task-pv-pod
+
+<!--
+Get a shell to the Container running in your Pod:
+-->
+
+打开一个 shell 访问 Pod 中的容器：
+
+    kubectl exec -it task-pv-pod -- /bin/bash
+
+<!--
+In your shell, verify that nginx is serving the `index.html` file from the
+hostPath volume:
+-->
+
+在 shell 中，验证 nginx 是否正在从 hostPath 卷提供 `index.html` 文件：
+
+    root@task-pv-pod:/# apt-get update
+    root@task-pv-pod:/# apt-get install curl
+    root@task-pv-pod:/# curl localhost
+
+<!--
+The output shows the text that you wrote to the `index.html` file on the
+hostPath volume:
+-->
+
+输出结果是你之前写到 hostPath 卷中的 `index.html` 文件中的内容：
+
+    Hello from Kubernetes storage
+
+{{% /capture %}}
+
+
+{{% capture discussion %}}
+
+<!--
+## Access control
+
+Storage configured with a group ID (GID) allows writing only by Pods using the same
+GID. Mismatched or missing GIDs cause permission denied errors. To reduce the
+need for coordination with users, an administrator can annotate a PersistentVolume
+with a GID. Then the GID is automatically added to any Pod that uses the
+PersistentVolume.
+
+Use the `pv.beta.kubernetes.io/gid` annotation as follows:
+-->
+
+## 访问控制
+
+使用 group ID（GID）配置的存储仅允许 Pod 使用相同的 GID 进行写入。
+GID 不匹配或缺少将会导致许可被拒绝的错误。
+为了减少与用户的协调，管理员可以使用 GID 对 PersistentVolume 进行注解。
+这样 GID 就能自动的添加到使用 PersistentVolume 的任何 Pod 中。
+
+使用 `pv.beta.kubernetes.io/gid` 注解的方法如下所示：
+
+```yaml
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: pv1
+  annotations:
+    pv.beta.kubernetes.io/gid: "1234"
+```
+
+<!--
+When a Pod consumes a PersistentVolume that has a GID annotation, the annotated GID
+is applied to all Containers in the Pod in the same way that GIDs specified in the
+Pod’s security context are. Every GID, whether it originates from a PersistentVolume
+annotation or the Pod’s specification, is applied to the first process run in
+each Container.
+-->
+
+当 Pod 使用带有 GID 注解的 PersistentVolume 时，注解的 GID 会被应用于 Pod 中的所有容器，应用的方法与 Pod 的安全上下文中指定的 GID 相同。
+每个 GID，无论是来自 PersistentVolume 注解还是来自 Pod 的规范，都应用于每个容器中运行的第一个进程。
+
+{{< note >}}
+<!--
+When a Pod consumes a PersistentVolume, the GIDs associated with the
+PersistentVolume are not present on the Pod resource itself.
+-->
+当 Pod 使用 PersistentVolume 时，与 PersistentVolume 关联的 GID 不会在 Pod 本身的资源对象上出现。
+{{< /note >}}
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about [PersistentVolumes](/docs/concepts/storage/persistent-volumes/).
+* Read the [Persistent Storage design document](https://git.k8s.io/community/contributors/design-proposals/storage/persistent-storage.md).
+-->
+
+* 进一步了解 [PersistentVolumes](/docs/concepts/storage/persistent-volumes/)。
+* 阅读[持久存储设计文档](https://git.k8s.io/community/contributors/design-proposals/storage/persistent-storage.md)。
+
+<!--
+### Reference
+-->
+
+### 参考
+
+* [PersistentVolume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolume-v1-core)
+* [PersistentVolumeSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumespec-v1-core)
+* [PersistentVolumeClaim](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumeclaim-v1-core)
+* [PersistentVolumeClaimSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumeclaimspec-v1-core)
+
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-pod-configmap.md b/content/zh/docs/tasks/configure-pod-container/configure-pod-configmap.md
new file mode 100644
index 0000000000000..1d4dce70ce7da
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/configure-pod-configmap.md
@@ -0,0 +1,848 @@
+---
+title: 使用 ConfigMap 配置 Pod
+content_template: templates/task
+weight: 150
+card:
+  name: tasks
+  weight: 50
+---
+<!-- ---
+title: Configure a Pod to Use a ConfigMap
+content_template: templates/task
+weight: 150
+card:
+  name: tasks
+  weight: 50
+--- -->
+
+{{% capture overview %}}
+<!-- ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable. This page provides a series of usage examples demonstrating how to create ConfigMaps and configure Pods using data stored in ConfigMaps. -->
+ConfigMap 允许您将配置文件与镜像文件分离，以使容器化的应用程序具有可移植性。该页面提供了一系列使用示例，这些示例演示了如何使用存储在 ConfigMap 中的数据创建 ConfigMap 和配置 Pod。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+
+<!-- ## Create a ConfigMap
+You can use either `kubectl create configmap` or a ConfigMap generator in `kustomization.yaml` to create a ConfigMap. Note that `kubectl` starts to support `kustomization.yaml` since 1.14. -->
+## 创建 ConfigMap
+您可以在 `kustomization.yaml` 中使用 `kubectl create configmap` 或 ConfigMap 生成器来创建ConfigMap。注意，从 1.14 版本开始， `kubectl` 开始支持 `kustomization.yaml`。
+
+<!-- ### Create a ConfigMap Using kubectl create configmap -->
+### 使用 kubectl 创建 ConfigMap
+
+<!-- Use the `kubectl create configmap` command to create configmaps from [directories](#create-configmaps-from-directories), [files](#create-configmaps-from-files), or [literal values](#create-configmaps-from-literal-values): -->
+在[目录](#create-configmaps-from-directories), [文件](#create-configmaps-from-files), 或者[文字值](#create-configmaps-from-literal-values)中使用 `kubectl create configmap` 命令创建configmap：
+
+```shell
+kubectl create configmap <map-name> <data-source>
+```
+
+<!-- where \<map-name> is the name you want to assign to the ConfigMap and \<data-source> is the directory, file, or literal value to draw the data from. -->
+其中， \<map-name> 是要分配给 ConfigMap 的名称，\<data-source> 是要从中提取数据的目录，文件或者文字值。
+
+<!-- The data source corresponds to a key-value pair in the ConfigMap, where -->
+数据源对应于 ConfigMap 中的 key-value (键值对)
+
+<!-- * key = the file name or the key you provided on the command line, and
+* value = the file contents or the literal value you provided on the command line. -->
+* key = 您在命令行上提供的文件名或者密钥
+* value = 您在命令行上提供的文件内容或者文字值
+
+<!-- You can use [`kubectl describe`](/docs/reference/generated/kubectl/kubectl-commands/#describe) or
+[`kubectl get`](/docs/reference/generated/kubectl/kubectl-commands/#get) to retrieve information
+about a ConfigMap. -->
+您可以使用[`kubectl describe`](/docs/reference/generated/kubectl/kubectl-commands/#describe)或者
+[`kubectl get`](/docs/reference/generated/kubectl/kubectl-commands/#get)检索有关 ConfigMap 的信息。
+
+<!-- #### Create ConfigMaps from directories
+
+You can use `kubectl create configmap` to create a ConfigMap from multiple files in the same directory. -->
+#### 根据目录创建 ConfigMap
+
+<!-- You can use `kubectl create configmap` to create a ConfigMap from multiple files in the same directory.
+
+For example: -->
+你可以使用 `kubectl create configmap` 从同一目录中的多个文件创建 ConfigMap。
+
+例如：
+
+# Create the local directory
+# Download the sample files into `configure-pod-container/configmap/` directory
+# Create the configmap
+```shell
+# 创建本地目录
+mkdir -p configure-pod-container/configmap/
+
+# 将样本文件下载到 `configure-pod-container/configmap/` 目录
+wget https://kubernetes.io/examples/configmap/game.properties -O configure-pod-container/configmap/game.properties
+wget https://kubernetes.io/examples/configmap/ui.properties -O configure-pod-container/configmap/ui.properties
+
+# 创建 configmap
+kubectl create c game-config --from-file=configure-pod-container/configmap/
+```
+
+<!-- combines the contents of the `configure-pod-container/configmap/` directory -->
+合并 `configure-pod-container/configmap/` 目录的内容
+
+```shell
+game.properties
+ui.properties
+```
+
+<!-- into the following ConfigMap: -->
+进入以下 ConfigMap 中：
+
+```shell
+kubectl describe configmaps game-config
+```
+
+<!-- where the output is similar to this: -->
+输出类似以下内容：
+```
+Name:           game-config
+Namespace:      default
+Labels:         <none>
+Annotations:    <none>
+
+Data
+====
+game.properties:        158 bytes
+ui.properties:          83 bytes
+```
+
+<!-- The `game.properties` and `ui.properties` files in the `configure-pod-container/configmap/` directory are represented in the `data` section of the ConfigMap. -->
+`configure-pod-container/configmap/` 目录中的 `game.properties` 和 `ui.properties` 文件在 ConfigMap 的 `data` 部分中表示。
+
+```shell
+kubectl get configmaps game-config -o yaml
+```
+<!-- The output is similar to this: -->
+输出类似以下内容:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2016-02-18T18:52:05Z
+  name: game-config
+  namespace: default
+  resourceVersion: "516"
+  selfLink: /api/v1/namespaces/default/configmaps/game-config
+  uid: b4952dc3-d670-11e5-8cd0-68f728db1985
+data:
+  game.properties: |
+    enemies=aliens
+    lives=3
+    enemies.cheat=true
+    enemies.cheat.level=noGoodRotten
+    secret.code.passphrase=UUDDLRLRBABAS
+    secret.code.allowed=true
+    secret.code.lives=30
+  ui.properties: |
+    color.good=purple
+    color.bad=yellow
+    allow.textmode=true
+    how.nice.to.look=fairlyNice
+```
+
+<!-- #### Create ConfigMaps from files -->
+#### 根据文件创建 ConfigMap
+
+<!-- You can use `kubectl create configmap` to create a ConfigMap from an individual file, or from multiple files.
+
+For example, -->
+您可以使用 `kubectl create configmap` 从单个文件或多个文件创建 ConfigMap。
+
+例如
+
+```shell
+kubectl create configmap game-config-2 --from-file=configure-pod-container/configmap/game.properties
+```
+
+<!-- would produce the following ConfigMap: -->
+将产生以下 ConfigMap:
+
+```shell
+kubectl describe configmaps game-config-2
+```
+
+<!-- where the output is similar to this: -->
+输出类似以下内容:
+
+```
+Name:           game-config-2
+Namespace:      default
+Labels:         <none>
+Annotations:    <none>
+
+Data
+====
+game.properties:        158 bytes
+```
+
+<!-- You can pass in the `--from-file` argument multiple times to create a ConfigMap from multiple data sources. -->
+您可以传入多个 `--from-file` 参数，从多个数据源创建 ConfigMap。
+
+```shell
+kubectl create configmap game-config-2 --from-file=configure-pod-container/configmap/game.properties --from-file=configure-pod-container/configmap/ui.properties
+```
+
+<!-- Describe the above `game-config-2` configmap created -->
+描述上面创建的 `game-config-2` configmap
+
+```shell
+kubectl describe configmaps game-config-2
+```
+
+<!-- The output is similar to this: -->
+输出类似以下内容:
+
+```
+Name:           game-config-2
+Namespace:      default
+Labels:         <none>
+Annotations:    <none>
+
+Data
+====
+game.properties:        158 bytes
+ui.properties:          83 bytes
+```
+
+<!-- Use the option `--from-env-file` to create a ConfigMap from an env-file, for example: -->
+使用 `--from-env-file` 选项从环境文件创建 ConfigMap，例如：
+
+<!-- ```shell
+# Env-files contain a list of environment variables.
+# These syntax rules apply:
+#   Each line in an env file has to be in VAR=VAL format.
+#   Lines beginning with # (i.e. comments) are ignored.
+#   Blank lines are ignored.
+#   There is no special handling of quotation marks (i.e. they will be part of the ConfigMap value)).
+
+# Download the sample files into `configure-pod-container/configmap/` directory
+wget https://kubernetes.io/examples/configmap/game-env-file.properties -O configure-pod-container/configmap/game-env-file.properties
+
+# The env-file `game-env-file.properties` looks like below
+cat configure-pod-container/configmap/game-env-file.properties
+enemies=aliens
+lives=3
+allowed="true" -->
+```shell
+# 环境文件包含环境变量列表。
+# 语法规则:
+#   env 文件中的每一行必须为 VAR = VAL 格式。
+#   以＃开头的行(即注释)将被忽略。
+#   空行将被忽略。
+#   引号没有特殊处理(即它们将成为 ConfigMap 值的一部分)。 
+
+# 将样本文件下载到 `configure-pod-container/configmap/` 目录
+wget https://kubernetes.io/examples/configmap/game-env-file.properties -O configure-pod-container/configmap/game-env-file.properties
+
+# env文件 `game-env-file.properties` 如下所示
+cat configure-pod-container/configmap/game-env-file.properties
+enemies=aliens
+lives=3
+allowed="true"
+
+# 注释及其上方的空行将被忽略
+```
+
+```shell
+kubectl create configmap game-config-env-file \
+       --from-env-file=configure-pod-container/configmap/game-env-file.properties
+```
+
+<!-- would produce the following ConfigMap: -->
+将产生以下 ConfigMap:
+
+```shell
+kubectl get configmap game-config-env-file -o yaml
+```
+
+<!-- where the output is similar to this: -->
+输出类似以下内容:
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2017-12-27T18:36:28Z
+  name: game-config-env-file
+  namespace: default
+  resourceVersion: "809965"
+  selfLink: /api/v1/namespaces/default/configmaps/game-config-env-file
+  uid: d9d1ca5b-eb34-11e7-887b-42010a8002b8
+data:
+  allowed: '"true"'
+  enemies: aliens
+  lives: "3"
+```
+
+<!-- When passing `--from-env-file` multiple times to create a ConfigMap from multiple data sources, only the last env-file is used: -->
+当使用多个 `--from-env-file` 来从多个数据源创建 ConfigMap 时，仅仅最后一个 env 文件有效:
+
+<!-- ```shell
+# Download the sample files into `configure-pod-container/configmap/` directory
+wget https://k8s.io/examples/configmap/ui-env-file.properties -O configure-pod-container/configmap/ui-env-file.properties
+
+# Create the configmap
+kubectl create configmap config-multi-env-files \
+        --from-env-file=configure-pod-container/configmap/game-env-file.properties \
+        --from-env-file=configure-pod-container/configmap/ui-env-file.properties
+``` -->
+```shell
+# 将样本文件下载到 `configure-pod-container/configmap/` 目录
+wget https://k8s.io/examples/configmap/ui-env-file.properties -O configure-pod-container/configmap/ui-env-file.properties
+
+# 创建 configmap
+kubectl create configmap config-multi-env-files \
+        --from-env-file=configure-pod-container/configmap/game-env-file.properties \
+        --from-env-file=configure-pod-container/configmap/ui-env-file.properties
+```
+
+<!-- would produce the following ConfigMap: -->
+将产生以下 ConfigMap:
+
+```shell
+kubectl get configmap config-multi-env-files -o yaml
+```
+
+<!-- where the output is similar to this: -->
+输出类似以下内容:
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2017-12-27T18:38:34Z
+  name: config-multi-env-files
+  namespace: default
+  resourceVersion: "810136"
+  selfLink: /api/v1/namespaces/default/configmaps/config-multi-env-files
+  uid: 252c4572-eb35-11e7-887b-42010a8002b8
+data:
+  color: purple
+  how: fairlyNice
+  textmode: "true"
+```
+
+<!-- #### Define the key to use when creating a ConfigMap from a file -->
+#### 定义从文件创建 ConfigMa p时要使用的密钥
+
+<!-- You can define a key other than the file name to use in the `data` section of your ConfigMap when using the `--from-file` argument: -->
+您可以在使用 `--from-file` 参数时,在 ConfigMap 的 `data` 部分中定义除文件名以外的其他键:
+
+```shell
+kubectl create configmap game-config-3 --from-file=<my-key-name>=<path-to-file>
+```
+
+<!-- where `<my-key-name>` is the key you want to use in the ConfigMap and `<path-to-file>` is the location of the data source file you want the key to represent. -->
+`<my-key-name>` 是您要在 ConfigMap 中使用的密钥， `<path-to-file>` 是您想要键表示数据源文件的位置。
+
+<!-- For example: -->
+例如:
+
+```shell
+kubectl create configmap game-config-3 --from-file=game-special-key=configure-pod-container/configmap/game.properties
+```
+
+<!-- would produce the following ConfigMap: -->
+将产生以下 ConfigMap:
+```
+kubectl get configmaps game-config-3 -o yaml
+```
+
+<!-- where the output is similar to this: -->
+输出类似以下内容:
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2016-02-18T18:54:22Z
+  name: game-config-3
+  namespace: default
+  resourceVersion: "530"
+  selfLink: /api/v1/namespaces/default/configmaps/game-config-3
+  uid: 05f8da22-d671-11e5-8cd0-68f728db1985
+data:
+  game-special-key: |
+    enemies=aliens
+    lives=3
+    enemies.cheat=true
+    enemies.cheat.level=noGoodRotten
+    secret.code.passphrase=UUDDLRLRBABAS
+    secret.code.allowed=true
+    secret.code.lives=30
+```
+
+<!-- #### Create ConfigMaps from literal values -->
+#### 根据文字值创建 ConfigMap
+
+<!-- You can use `kubectl create configmap` with the `--from-literal` argument to define a literal value from the command line: -->
+您可以将 `kubectl create configmap` 与 `--from-literal` 参数一起使用，从命令行定义文字值:
+
+```shell
+kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm
+```
+
+<!-- You can pass in multiple key-value pairs. Each pair provided on the command line is represented as a separate entry in the `data` section of the ConfigMap. -->
+您可以传入多个键值对。命令行中提供的每对在 ConfigMap 的 `data` 部分中均表示为单独的条目。
+
+```shell
+kubectl get configmaps special-config -o yaml
+```
+
+<!-- The output is similar to this: -->
+输出类似以下内容:
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2016-02-18T19:14:38Z
+  name: special-config
+  namespace: default
+  resourceVersion: "651"
+  selfLink: /api/v1/namespaces/default/configmaps/special-config
+  uid: dadce046-d673-11e5-8cd0-68f728db1985
+data:
+  special.how: very
+  special.type: charm
+```
+
+<!-- ### Create a ConfigMap from generator -->
+#### 根据生成器创建 ConfigMap
+<!-- `kubectl` supports `kustomization.yaml` since 1.14.
+You can also create a ConfigMap from generators and then apply it to create the object on
+the Apiserver. The generators
+should be specified in a `kustomization.yaml` inside a directory. -->
+自 1.14 开始， `kubectl` 开始支持 `kustomization.yaml`。
+您还可以从生成器创建 ConfigMap，然后将其应用于 Apiserver 创建对象。生成器应在目录内的 `kustomization.yaml` 中指定。
+
+<!-- #### Generate ConfigMaps from files -->
+#### 根据文件生成 ConfigMap
+<!-- For example, to generate a ConfigMap from files `configure-pod-container/configmap/kubectl/game.properties`
+```shell
+# Create a kustomization.yaml file with ConfigMapGenerator
+cat <<EOF >./kustomization.yaml
+configMapGenerator:
+- name: game-config-4
+  files:
+  - configure-pod-container/configmap/kubectl/game.properties
+EOF
+``` -->
+例如，要从 `configure-pod-container/configmap/kubectl/game.properties` 文件生成一个 ConfigMap
+```shell
+# 使用 ConfigMapGenerator 创建 kustomization.yaml 文件
+cat <<EOF >./kustomization.yaml
+configMapGenerator:
+- name: game-config-4
+  files:
+  - configure-pod-container/configmap/kubectl/game.properties
+EOF
+```
+
+<!-- Apply the kustomization directory to create the ConfigMap object. -->
+使用 kustomization 目录创建 ConfigMap 对象
+```shell
+kubectl apply -k .
+configmap/game-config-4-m9dm2f92bt created
+```
+
+<!-- You can check that the ConfigMap was created like this: -->
+您可以检查 ConfigMap 是这样创建的:
+
+```shell
+kubectl get configmap
+NAME                       DATA   AGE
+game-config-4-m9dm2f92bt   1      37s
+
+
+kubectl describe configmaps/game-config-4-m9dm2f92bt
+Name:         game-config-4-m9dm2f92bt
+Namespace:    default
+Labels:       <none>
+Annotations:  kubectl.kubernetes.io/last-applied-configuration:
+                {"apiVersion":"v1","data":{"game.properties":"enemies=aliens\nlives=3\nenemies.cheat=true\nenemies.cheat.level=noGoodRotten\nsecret.code.p...
+
+Data
+====
+game.properties:
+----
+enemies=aliens
+lives=3
+enemies.cheat=true
+enemies.cheat.level=noGoodRotten
+secret.code.passphrase=UUDDLRLRBABAS
+secret.code.allowed=true
+secret.code.lives=30
+Events:  <none>
+```
+
+<!-- Note that the generated ConfigMap name has a suffix appended by hashing the contents. This ensures that a
+new ConfigMap is generated each time the content is modified. -->
+请注意，生成的 ConfigMap 名称具有通过对内容进行散列而附加的后缀，这样可以确保每次修改内容时都会生成新的 ConfigMap。
+
+<!-- #### Define the key to use when generating a ConfigMap from a file -->
+#### 定义从文件生成 ConfigMap 时要使用的密钥
+<!-- You can define a key other than the file name to use in the ConfigMap generator.
+For example, to generate a ConfigMap from files `configure-pod-container/configmap/kubectl/game.properties`
+with the key `game-special-key` -->
+您可以定义一个非文件名的键，在 ConfigMap 生成器中使用。例如，使用 `game-special-key` 从 `configure-pod-container / configmap / kubectl / game.properties` 文件生成 ConfigMap。
+
+<!-- ```shell
+# Create a kustomization.yaml file with ConfigMapGenerator
+cat <<EOF >./kustomization.yaml
+configMapGenerator:
+- name: game-config-5
+  files:
+  - game-special-key=configure-pod-container/configmap/kubectl/game.properties
+EOF
+``` -->
+```shell
+# 使用 ConfigMapGenerator 创建 kustomization.yaml 文件
+cat <<EOF >./kustomization.yaml
+configMapGenerator:
+- name: game-config-5
+  files:
+  - game-special-key=configure-pod-container/configmap/kubectl/game.properties
+EOF
+```
+
+<!-- Apply the kustomization directory to create the ConfigMap object. -->
+使用 Kustomization 目录创建 ConfigMap 对象。
+```shell
+kubectl apply -k .
+configmap/game-config-5-m67dt67794 created
+```
+
+<!-- #### Generate ConfigMaps from Literals -->
+#### 从文字值生成 ConfigMap
+<!-- To generate a ConfigMap from literals `special.type=charm` and `special.how=very`,
+you can specify the ConfigMap generator in `kusotmization.yaml` as -->
+要从文字 `special.type=charm` 和 `special.how=very` 生成 ConfigMap，可以在 `kusotmization.yaml` 中将 ConfigMap 生成器指定。
+<!-- ```shell
+# Create a kustomization.yaml file with ConfigMapGenerator
+cat <<EOF >./kustomization.yaml
+configMapGenerator:
+- name: special-config-2
+  literals:
+  - special.how=very
+  - special.type=charm
+EOF
+``` -->
+```shell
+# 使用 ConfigMapGenerator 创建 kustomization.yaml 文件
+cat <<EOF >./kustomization.yaml
+configMapGenerator:
+- name: special-config-2
+  literals:
+  - special.how=very
+  - special.type=charm
+EOF
+```
+<!-- Apply the kustomization directory to create the ConfigMap object. -->
+使用 Kustomization 目录创建 ConfigMap 对象。
+```shell
+kubectl apply -k .
+configmap/special-config-2-c92b5mmcf2 created
+```
+
+<!-- ## Define container environment variables using ConfigMap data -->
+## 使用 ConfigMap 数据定义容器环境变量
+
+<!-- ### Define a container environment variable with data from a single ConfigMap -->
+### 使用单个 ConfigMap 中的数据定义容器环境变量
+
+<!-- 1.  Define an environment variable as a key-value pair in a ConfigMap: -->
+1.  在 ConfigMap 中将环境变量定义为键值对:
+
+    ```shell
+    kubectl create configmap special-config --from-literal=special.how=very
+    ```
+
+<!-- 2.  Assign the `special.how` value defined in the ConfigMap to the `SPECIAL_LEVEL_KEY` environment variable in the Pod specification. -->
+2. 将 ConfigMap 中定义的 `special.how` 值分配给 Pod 规范中的 `SPECIAL_LEVEL_KEY` 环境变量。
+
+   {{< codenew file="pods/pod-single-configmap-env-variable.yaml" >}}
+
+   <!-- Create the Pod: -->
+   创建 Pod:
+
+ ```shell
+ kubectl create -f https://kubernetes.io/examples/pods/pod-single-configmap-env-variable.yaml
+ ```
+
+   <!-- Now, the Pod's output includes environment variable `SPECIAL_LEVEL_KEY=very`. -->
+   现在，Pod 的输出包含环境变量 `SPECIAL_LEVEL_KEY=very`。
+
+<!-- ### Define container environment variables with data from multiple ConfigMaps -->
+### 使用来自多个 ConfigMap 的数据定义容器环境变量
+
+ <!-- * As with the previous example, create the ConfigMaps first. -->
+ * 与前面的示例一样，首先创建 ConfigMap。
+
+   {{< codenew file="configmap/configmaps.yaml" >}}
+
+   <!-- Create the ConfigMap: -->
+   创建 ConfigMap:
+
+ ```shell
+ kubectl create -f https://kubernetes.io/examples/configmap/configmaps.yaml
+ ```
+
+<!-- * Define the environment variables in the Pod specification. -->
+* 在 Pod 规范中定义环境变量。
+
+  {{< codenew file="pods/pod-multiple-configmap-env-variable.yaml" >}}
+
+  <!-- Create the Pod: -->
+  创建 Pod:
+
+ ```shell
+ kubectl create -f https://kubernetes.io/examples/pods/pod-multiple-configmap-env-variable.yaml
+ ```
+
+  <!-- Now, the Pod's output includes environment variables `SPECIAL_LEVEL_KEY=very` and `LOG_LEVEL=INFO`. -->
+  现在，Pod 的输出包含环境变量 `SPECIAL_LEVEL_KEY=very` 和 `LOG_LEVEL=INFO`。
+
+<!-- ## Configure all key-value pairs in a ConfigMap as container environment variables -->
+## 将 ConfigMap 中的所有键值对配置为容器环境变量
+
+{{< note >}}
+<!-- This functionality is available in Kubernetes v1.6 and later. -->
+Kubernetes v1.6 和更高版本提供了此功能。
+{{< /note >}}
+
+<!-- * Create a ConfigMap containing multiple key-value pairs. -->
+* 创建一个包含多个键值对的 ConfigMap。
+
+  {{< codenew file="configmap/configmap-multikeys.yaml" >}}
+
+  <!-- Create the ConfigMap: -->
+  创建 ConfigMap:
+
+ ```shell
+ kubectl create -f https://kubernetes.io/examples/configmap/configmap-multikeys.yaml
+ ```
+
+<!-- * Use `envFrom` to define all of the ConfigMap's data as container environment variables. The key from the ConfigMap becomes the environment variable name in the Pod. -->
+* 使用 `envFrom` 将所有 ConfigMap 的数据定义为容器环境变量，ConfigMap 中的键成为 Pod 中的环境变量名称。
+
+ {{< codenew file="pods/pod-configmap-envFrom.yaml" >}}
+
+ <!-- Create the Pod: -->
+创建 Pod:
+
+ ```shell
+ kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-envFrom.yaml
+ ```
+
+ <!-- Now, the Pod's output includes environment variables `SPECIAL_LEVEL=very` and `SPECIAL_TYPE=charm`. -->
+现在，Pod 的输出包含环境变量 `SPECIAL_LEVEL=very` 和 `SPECIAL_TYPE=charm`。
+
+
+<!-- ## Use ConfigMap-defined environment variables in Pod commands -->
+## 在 Pod 命令中使用 ConfigMap 定义的环境变量
+
+<!-- You can use ConfigMap-defined environment variables in the `command` section of the Pod specification using the `$(VAR_NAME)` Kubernetes substitution syntax. -->
+您可以使用 `$(VAR_NAME)` Kubernetes 替换语法在 Pod 规范的 `command` 部分中使用 ConfigMap 定义的环境变量。
+
+<!-- For example, the following Pod specification -->
+例如，以下 Pod 规范
+
+{{< codenew file="pods/pod-configmap-env-var-valueFrom.yaml" >}}
+
+<!-- created by running -->
+通过运行创建
+
+```shell
+kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-env-var-valueFrom.yaml
+```
+
+<!-- produces the following output in the `test-container` container: -->
+在 `test-container` 容器中产生以下输出:
+
+```shell
+very charm
+```
+
+<!-- ## Add ConfigMap data to a Volume -->
+## 将 ConfigMap 数据添加到一个容器中
+
+<!-- As explained in [Create ConfigMaps from files](#create-configmaps-from-files), when you create a ConfigMap using ``--from-file``, the filename becomes a key stored in the `data` section of the ConfigMap. The file contents become the key's value. -->
+如[根据文件创建ConfigMap](＃create-configmaps-from-files)中所述，当您使用 ``--from-file`` 创建 ConfigMap 时，文件名成为存储在 ConfigMap 的 `data` 部分中的密钥，文件内容成为密钥的值。
+
+<!-- The examples in this section refer to a ConfigMap named special-config, shown below. -->
+本节中的示例引用了一个名为 special-config 的 ConfigMap，如下所示：
+
+{{< codenew file="configmap/configmap-multikeys.yaml" >}}
+
+<!-- Create the ConfigMap: -->
+创建 ConfigMap:
+
+```shell
+kubectl create -f https://kubernetes.io/examples/configmap/configmap-multikeys.yaml
+```
+
+<!-- ### Populate a Volume with data stored in a ConfigMap -->
+### 使用存储在 ConfigMap 中的数据填充容器
+
+<!-- Add the ConfigMap name under the `volumes` section of the Pod specification.
+This adds the ConfigMap data to the directory specified as `volumeMounts.mountPath` (in this case, `/etc/config`).
+The `command` section references the `special.level` item stored in the ConfigMap. -->
+在 Pod 规范的 `volumes` 部分下添加 ConfigMap 名称。
+这会将 ConfigMap 数据添加到指定为 `volumeMounts.mountPath` 的目录(在本例中为`/etc/config`)。
+`command` 引用存储在 ConfigMap 中的 `special.level`。
+
+{{< codenew file="pods/pod-configmap-volume.yaml" >}}
+
+<!-- Create the Pod: -->
+创建Pod:
+
+```shell
+kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-volume.yaml
+```
+
+<!-- When the pod runs, the command `ls /etc/config/` produces the output below: -->
+运行命令 `ls /etc/config/` 产生下面的输出:
+
+```shell
+SPECIAL_LEVEL
+SPECIAL_TYPE
+```
+
+{{< caution >}}
+<!-- If there are some files in the `/etc/config/` directory, they will be deleted. -->
+如果在 `/etc/config/` 目录中有一些文件，它们将被删除。
+{{< /caution >}}
+
+<!-- ### Add ConfigMap data to a specific path in the Volume -->
+### 将 ConfigMap 数据添加到容器中的特定路径
+
+<!-- Use the `path` field to specify the desired file path for specific ConfigMap items.
+In this case, the `SPECIAL_LEVEL` item will be mounted in the `config-volume` volume at `/etc/config/keys`. -->
+使用 `path` 字段为特定的 ConfigMap 项目指定所需的文件路径。
+在这种情况下, `SPECIAL_LEVEL` 将安装在 `/etc/config/keys` 目录下的 `config-volume` 容器中。
+
+{{< codenew file="pods/pod-configmap-volume-specific-key.yaml" >}}
+
+<!-- Create the Pod: -->
+创建Pod:
+
+```shell
+kubectl create -f https://kubernetes.io/examples/pods/pod-configmap-volume-specific-key.yaml
+```
+
+<!-- When the pod runs, the command `cat /etc/config/keys` produces the output below: -->
+当 pod 运行时，命令 `cat /etc/config/keys` 产生以下输出:
+
+```shell
+very
+```
+
+{{< caution >}}
+<!-- Like before, all previous files in the `/etc/config/` directory will be deleted. -->
+和以前一样，`/etc/config/` 目录中的所有先前文件都将被删除。
+{{< /caution >}}
+
+<!-- ### Project keys to specific paths and file permissions -->
+### 项目密钥以指定路径和文件权限
+
+<!-- You can project keys to specific paths and specific permissions on a per-file
+basis. The [Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) user guide explains the syntax. -->
+您可以将密钥映射到每个文件的特定路径和特定权限。[Secrets](/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod) 用户指南说明了语法。
+
+<!-- ### Mounted ConfigMaps are updated automatically -->
+### 挂载的 ConfigMap 将自动更新
+
+<!-- When a ConfigMap already being consumed in a volume is updated, projected keys are eventually updated as well. Kubelet is checking whether the mounted ConfigMap is fresh on every periodic sync. However, it is using its local ttl-based cache for getting the current value of the ConfigMap. As a result, the total delay from the moment when the ConfigMap is updated to the moment when new keys are projected to the pod can be as long as kubelet sync period + ttl of ConfigMaps cache in kubelet. -->
+更新已经在容器中使用的 ConfigMap 时，最终也会更新映射键。Kubelet 实时检查是否在每个定期同步中都更新已安装的 ConfigMap。它使用其基于本地 ttl 的缓存来获取 ConfigMap 的当前值。结果，从更新 ConfigMap 到将新密钥映射到 Pod 的总延迟可以与 ConfigMap 在 kubelet 中缓存的 kubelet 同步周期 ttl 一样长。
+
+{{< note >}}
+<!-- A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes/#using-subpath) volume will not receive ConfigMap updates. -->
+使用 ConfigMap 作为子路径[subPath](/docs/concepts/storage/volumes/#using-subpath)的容器将不会收到 ConfigMap 更新。
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!-- ## Understanding ConfigMaps and Pods -->
+## 了解 ConfigMap 和 Pod
+
+<!-- The ConfigMap API resource stores configuration data as key-value pairs. The data can be consumed in pods or provide the configurations for system components such as controllers. ConfigMap is similar to [Secrets](/docs/concepts/configuration/secret/), but provides a means of working with strings that don't contain sensitive information. Users and system components alike can store configuration data in ConfigMap. -->
+ConfigMap API 资源将配置数据存储为键值对。数据可以在 Pod 中使用，也可以提供系统组件(如控制器)的配置。ConfigMap 与 [Secrets](/docs/concepts/configuration/secret/)类似，但是提供了一种使用不包含敏感信息的字符串的方法。用户和系统组件都可以在 ConfigMap 中存储配置数据。
+
+{{< note >}}
+<!-- ConfigMaps should reference properties files, not replace them. Think of the ConfigMap as representing something similar to the Linux `/etc` directory and its contents. For example, if you create a [Kubernetes Volume](/docs/concepts/storage/volumes/) from a ConfigMap, each data item in the ConfigMap is represented by an individual file in the volume. -->
+ConfigMap 应该引用属性文件，而不是替换它们。可以将 ConfigMap 表示为类似于 Linux `/etc` 目录及其内容的东西。例如，如果您从 ConfigMap 创建[Kubernetes Volume](/docs/concepts/storage/volumes/)，则 ConfigMap 中的每个数据项都由该容器中的单个文件表示。
+{{< /note >}}
+
+<!-- The ConfigMap's `data` field contains the configuration data. As shown in the example below, this can be simple -- like individual properties defined using `--from-literal` -- or complex -- like configuration files or JSON blobs defined using `--from-file`. -->
+ConfigMap 的 `data` 字段包含配置数据。如下例所示，它可以很简单 -- 就像使用 `--from-literal` -- 定义的单个属性一样，也可以很复杂 -- 例如使用 `--from-file` 定义的配置文件或 JSON blob。
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: 2016-02-18T19:14:38Z
+  name: example-config
+  namespace: default
+data:
+  # example of a simple property defined using --from-literal
+  example.property.1: hello
+  example.property.2: world
+  # example of a complex property defined using --from-file
+  example.property.file: |-
+    property.1=value-1
+    property.2=value-2
+    property.3=value-3
+```
+
+<!-- ### Restrictions -->
+### 限制规定
+
+<!-- - You must create a ConfigMap before referencing it in a Pod specification (unless you mark the ConfigMap as "optional"). If you reference a ConfigMap that doesn't exist, the Pod won't start. Likewise, references to keys that don't exist in the ConfigMap will prevent the pod from starting. -->
+- 在 Pod 规范中引用它之前，必须先创建一个 ConfigMap(除非将 ConfigMap 标记为"可选")。如果引用的 ConfigMap 不存在，则 Pod 将不会启动。同样，对 ConfigMap 中不存在的键的引用将阻止容器启动。
+
+<!-- - If you use `envFrom` to define environment variables from ConfigMaps, keys that are considered invalid will be skipped. The pod will be allowed to start, but the invalid names will be recorded in the event log (`InvalidVariableNames`). The log message lists each skipped key. For example: -->
+- 如果您使用 `envFrom` 从 ConfigMap 中定义环境变量，那么将忽略被认为无效的键。可以启动 Pod，但无效名称将记录在事件日志中(InvalidVariableNames)。日志消息列出了每个跳过的键。例如:
+
+   ```shell
+   kubectl get events
+   ```
+
+   <!-- The output is similar to this: -->
+   输出与此类似:
+   ```
+   LASTSEEN FIRSTSEEN COUNT NAME          KIND  SUBOBJECT  TYPE      REASON                            SOURCE                MESSAGE
+   0s       0s        1     dapi-test-pod Pod              Warning   InvalidEnvironmentVariableNames   {kubelet, 127.0.0.1}  Keys [1badkey, 2alsobad] from the EnvFrom configMap default/myconfig were skipped since they are considered invalid environment variable names.
+   ```
+
+<!-- - ConfigMaps reside in a specific [namespace](/docs/concepts/overview/working-with-objects/namespaces/). A ConfigMap can only be referenced by pods residing in the same namespace. -->
+- ConfigMaps reside in a specific [命令空间](/docs/concepts/overview/working-with-objects/namespaces/). A ConfigMap can only be referenced by pods residing in the same namespace.
+ConfigMap 驻留在特定的[命令空间](/docs/concepts/overview/working-with-objects/namespaces/)中。ConfigMap 只能由位于相同命令空间中的 Pod 引用。
+
+<!-- - Kubelet doesn't support the use of ConfigMaps for pods not found on the API server. This includes pods created via the Kubelet's `--manifest-url` flag, `--config` flag, or the Kubelet REST API. -->
+- Kubelet 不支持将 ConfigMap 用于未在 API 服务器上找到的 Pod。这包括通过 Kubelet 的 `--manifest-url` 参数，`--config` 参数或者 Kubelet REST API 创建的容器。
+
+  {{< note >}}
+  <!-- These are not commonly-used ways to create pods. -->
+  这些不是创建 pods 的常用方法。
+  {{< /note >}}
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!-- * Follow a real world example of [Configuring Redis using a ConfigMap](/docs/tutorials/configuration/configure-redis-using-configmap/). -->
+* 遵循[使用ConfigMap配置Redis](/docs/tutorials/configuration/configure-redis-using-configmap/)的真实案例。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-pod-initialization.md b/content/zh/docs/tasks/configure-pod-container/configure-pod-initialization.md
new file mode 100644
index 0000000000000..c9c875c476a45
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/configure-pod-initialization.md
@@ -0,0 +1,151 @@
+---
+title: 配置 Pod 初始化
+content_template: templates/task
+weight: 130
+---
+
+<!--
+---
+title: Configure Pod Initialization
+content_template: templates/task
+weight: 130
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page shows how to use an Init Container to initialize a Pod before an
+application Container runs.
+-->
+本文介绍在应用容器运行前，怎样利用 Init 容器初始化 Pod。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Create a Pod that has an Init Container
+
+In this exercise you create a Pod that has one application Container and one
+Init Container. The init container runs to completion before the application
+container starts.
+
+Here is the configuration file for the Pod:
+-->
+
+## 创建一个包含 Init 容器的 Pod
+
+本例中您将创建一个包含一个应用容器和一个 Init 容器的 Pod。Init 容器在应用容器启动前运行完成。
+
+下面是 Pod 的配置文件：
+
+{{< codenew file="pods/init-containers.yaml" >}}
+
+<!--
+In the configuration file, you can see that the Pod has a Volume that the init
+container and the application container share.
+
+The init container mounts the
+shared Volume at `/work-dir`, and the application container mounts the shared
+Volume at `/usr/share/nginx/html`. The init container runs the following command
+and then terminates:
+-->
+
+配置文件中，您可以看到应用容器和 Init 容器共享了一个卷。
+
+Init 容器将共享卷挂载到了 `/work-dir` 目录，应用容器将共享卷挂载到了 `/usr/share/nginx/html` 目录。
+Init 容器执行完下面的命令就终止：
+
+    wget -O /work-dir/index.html http://kubernetes.io
+
+<!--
+Notice that the init container writes the `index.html` file in the root directory
+of the nginx server.
+
+Create the Pod:
+-->
+
+请注意 Init 容器在 nginx 服务器的根目录写入 `index.html`。
+
+创建 Pod：
+
+    kubectl create -f https://k8s.io/examples/pods/init-containers.yaml
+
+<!--
+Verify that the nginx container is running:
+-->
+
+检查 nginx 容器运行正常：
+
+    kubectl get pod init-demo
+
+<!--
+The output shows that the nginx container is running:
+-->
+
+结果表明 nginx 容器运行正常：
+
+    NAME        READY     STATUS    RESTARTS   AGE
+    init-demo   1/1       Running   0          1m
+
+<!--
+Get a shell into the nginx container running in the init-demo Pod:
+-->
+
+通过 shell 进入 init-demo Pod 中的 nginx 容器：
+
+    kubectl exec -it init-demo -- /bin/bash
+
+<!--
+In your shell, send a GET request to the nginx server:
+-->
+
+在 shell 中，发送个 GET 请求到 nginx 服务器：
+
+    root@nginx:~# apt-get update
+    root@nginx:~# apt-get install curl
+    root@nginx:~# curl localhost
+
+<!--
+The output shows that nginx is serving the web page that was written by the init container:
+-->
+
+结果表明 nginx 正在为 Init 容器编写的 web 页面服务：
+
+    <!Doctype html>
+    <html id="home">
+
+    <head>
+    ...
+    "url": "http://kubernetes.io/"}</script>
+    </head>
+    <body>
+      ...
+      <p>Kubernetes is open source giving you the freedom to take advantage ...</p>
+      ...
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about
+[communicating between Containers running in the same Pod](/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume/).
+* Learn more about [Init Containers](/docs/concepts/workloads/pods/init-containers/).
+* Learn more about [Volumes](/docs/concepts/storage/volumes/).
+* Learn more about [Debugging Init Containers](/docs/tasks/debug-application-cluster/debug-init-containers/)
+-->
+
+* 进一步了解 [相同 Pod 中的容器间的通信](/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume/)。
+* 进一步了解 [Init 容器](/docs/concepts/workloads/pods/init-containers/)。
+* 进一步了解 [卷](/docs/concepts/storage/volumes/)。
+* 进一步了解 [Init 容器排错](/docs/tasks/debug-application-cluster/debug-init-containers/)。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-projected-volume-storage.md b/content/zh/docs/tasks/configure-pod-container/configure-projected-volume-storage.md
new file mode 100644
index 0000000000000..ec892fe01e5f0
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/configure-projected-volume-storage.md
@@ -0,0 +1,110 @@
+---
+reviewers:
+- jpeeler
+- pmorie
+title: 配置 Pod 使用投射卷作存储
+content_template: templates/task
+weight: 70
+---
+
+<!--
+---
+reviewers:
+- jpeeler
+- pmorie
+title: Configure a Pod to Use a Projected Volume for Storage
+content_template: templates/task
+weight: 70
+---
+-->
+
+{{% capture overview %}}
+<!--
+This page shows how to use a [`projected`](/docs/concepts/storage/volumes/#projected) volume to mount
+several existing volume sources into the same directory. Currently, `secret`, `configMap`, `downwardAPI`,
+and `serviceAccountToken` volumes can be projected.
+-->
+
+本文介绍怎样通过[`投射`](/docs/concepts/storage/volumes/#projected) 卷将现有的多个卷资源挂载到相同的目录。
+当前，`secret`、`configMap`、`downwardAPI` 和 `serviceAccountToken` 卷可以被投射。
+
+{{< note >}}
+<!--
+`serviceAccountToken` is not a volume type.
+-->
+`serviceAccountToken` 不是一种卷类型
+{{< /note >}}
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Configure a projected volume for a pod
+
+In this exercise, you create username and password Secrets from local files. You then create a Pod that runs one Container, using a [`projected`](/docs/concepts/storage/volumes/#projected) Volume to mount the Secrets into the same shared directory.
+
+Here is the configuration file for the Pod:
+-->
+
+## 为 Pod 配置投射卷
+
+本练习中，您将从本地文件来创建包含有用户名和密码的 Secret。然后创建运行一个容器的 Pod，该 Pod 使用[`投射`](/docs/concepts/storage/volumes/#projected) 卷将 Secret 挂载到相同的路径下。
+
+下面是 Pod 的配置文件：
+
+{{< codenew file="pods/storage/projected.yaml" >}}
+
+1. <!--Create the Secrets:-->创建 Secrets:
+```shell
+    <!--# Create files containing the username and password:--># 创建包含用户名和密码的文件:
+       echo -n "admin" > ./username.txt
+       echo -n "1f2d1e2e67df" > ./password.txt-->
+
+    <!--# Package these files into secrets:--># 将上述文件引用到 Secret：
+       kubectl create secret generic user --from-file=./username.txt
+       kubectl create secret generic pass --from-file=./password.txt
+```
+
+1. <!--Create the Pod:-->创建 Pod：
+
+```shell
+       kubectl create -f https://k8s.io/examples/pods/storage/projected.yaml
+```
+
+<!--Verify that the Pod's Container is running, and then watch for changes to
+the Pod:-->确认 Pod 中的容器运行正常，然后监视 Pod 的变化：
+
+```shell
+       kubectl get --watch pod test-projected-volume
+```
+
+    <!--The output looks like this:-->输出结果和下面类似：
+       NAME                    READY     STATUS    RESTARTS   AGE
+       test-projected-volume   1/1       Running   0          14s
+
+1. <!--In another terminal, get a shell to the running Container:-->在另外一个终端中，打开容器的 shell：
+```shell
+       kubectl exec -it test-projected-volume -- /bin/sh
+```
+
+1. <!--In your shell, verify that the `projected-volume` directory contains your projected sources:-->在 shell 中，确认 `projected-volume` 目录包含你的投射源：
+```shell
+       ls /projected-volume/
+```
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about [`projected`](/docs/concepts/storage/volumes/#projected) volumes.
+* Read the [all-in-one volume](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md) design document.
+-->
+
+* 进一步了解[`投射`](/docs/concepts/storage/volumes/#projected) 卷。
+* 阅读[一体卷](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md)设计文档。
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-service-account.md b/content/zh/docs/tasks/configure-pod-container/configure-service-account.md
new file mode 100644
index 0000000000000..0c8414e4e653d
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/configure-service-account.md
@@ -0,0 +1,454 @@
+---
+reviewers:
+- bprashanth
+- liggitt
+- thockin
+title: 为 Pod 配置服务账户
+content_template: templates/task
+weight: 90
+---
+
+<!--
+---
+reviewers:
+- bprashanth
+- liggitt
+- thockin
+title: Configure Service Accounts for Pods
+content_template: templates/task
+weight: 90
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+A service account provides an identity for processes that run in a Pod.
+
+*This is a user introduction to Service Accounts.  See also the
+[Cluster Admin Guide to Service Accounts](/docs/reference/access-authn-authz/service-accounts-admin/).*
+-->
+
+服务账户为 Pod 中运行的进程提供了一个标识。
+
+*本文是服务账户的用户使用介绍。您也可以参考[集群管理指南之服务账户](/docs/reference/access-authn-authz/service-accounts-admin/)。*
+
+
+{{< note >}}
+<!--
+This document describes how service accounts behave in a cluster set up
+as recommended by the Kubernetes project.  Your cluster administrator may have
+customized the behavior in your cluster, in which case this documentation may
+not apply.
+-->
+
+本文档描述 Kubernetes 项目推荐的集群中服务帐户的行为。
+集群管理员也可能已经定制了服务账户在集群中的属性，在这种情况下，本文档可能并不适用。
+
+{{< /note >}}
+
+<!--
+When you (a human) access the cluster (for example, using `kubectl`), you are
+authenticated by the apiserver as a particular User Account (currently this is
+usually `admin`, unless your cluster administrator has customized your
+cluster).  Processes in containers inside pods can also contact the apiserver.
+When they do, they are authenticated as a particular Service Account (for example,
+`default`).
+-->
+
+当您（人类）访问集群时（例如，使用 `kubectl`），api 服务器将您的身份验证为特定的用户帐户（当前这通常是 `admin`，除非您的集群管理员已经定制了您的集群配置）。
+Pod 内的容器中的进程也可以与 api 服务器接触。
+当它们进行身份验证时，它们被验证为特定的服务帐户（例如，`default`）。
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Use the Default Service Account to access the API server.
+
+When you create a pod, if you do not specify a service account, it is
+automatically assigned the `default` service account in the same namespace.
+If you get the raw json or yaml for a pod you have created (for example, `kubectl get pods/podname -o yaml`),
+you can see the `spec.serviceAccountName` field has been
+[automatically set](/docs/user-guide/working-with-resources/#resources-are-automatically-modified).
+-->
+
+## 使用默认的服务账户访问 API 服务器
+
+当您创建 Pod 时，如果没有指定服务账户，Pod 会被指定命名空间中的`default`服务账户。
+如果您查看 Pod 的原始 json 或 yaml（例如：`kubectl get pods/podname -o yaml`），
+您可以看到 `spec.serviceAccountName` 字段已经被[自动设置](/docs/user-guide/working-with-resources/#resources-are-automatically-modified)了。
+
+<!--
+You can access the API from inside a pod using automatically mounted service account credentials,
+as described in [Accessing the Cluster](/docs/user-guide/accessing-the-cluster/#accessing-the-api-from-a-pod).
+The API permissions of the service account depend on the [authorization plugin and policy](/docs/reference/access-authn-authz/authorization/#authorization-modules) in use.
+
+In version 1.6+, you can opt out of automounting API credentials for a service account by setting
+`automountServiceAccountToken: false` on the service account:
+-->
+
+您可以使用自动挂载给 Pod 的服务账户凭据访问 API，[访问集群](/docs/user-guide/accessing-the-cluster/#accessing-the-api-from-a-pod) 中有相关描述。
+服务账户的 API 许可取决于您所使用的[授权插件和策略](/docs/reference/access-authn-authz/authorization/#authorization-modules)。
+
+在 1.6 以上版本中，您可以通过在服务账户上设置 `automountServiceAccountToken: false` 来实现不给服务账号自动挂载 API 凭据：
+
+
+```yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: build-robot
+automountServiceAccountToken: false
+...
+```
+
+<!--
+In version 1.6+, you can also opt out of automounting API credentials for a particular pod:
+-->
+
+在 1.6 以上版本中，您也可以选择不给特定 Pod 自动挂载 API 凭据：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+spec:
+  serviceAccountName: build-robot
+  automountServiceAccountToken: false
+  ...
+```
+
+<!--
+The pod spec takes precedence over the service account if both specify a `automountServiceAccountToken` value.
+
+## Use Multiple Service Accounts.
+
+Every namespace has a default service account resource called `default`.
+You can list this and any other serviceAccount resources in the namespace with this command:
+-->
+
+如果 Pod 和服务账户都指定了 `automountServiceAccountToken` 值，则 Pod 的 spec 优先于服务帐户。
+
+## 使用多个服务账户
+
+每个命名空间都有一个名为 `default` 的服务账户资源。
+您可以用下面的命令查询这个服务账户以及命名空间中的其他 serviceAccount 资源：
+
+```shell
+kubectl get serviceAccounts
+NAME      SECRETS    AGE
+default   1          1d
+```
+
+<!--
+You can create additional ServiceAccount objects like this:
+-->
+
+您可以像这样来创建额外的 ServiceAccount 对象：
+
+```shell
+kubectl create -f - <<EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: build-robot
+EOF
+serviceaccount/build-robot created
+```
+
+<!--
+If you get a complete dump of the service account object, like this:
+-->
+
+如果您查询服务帐户对象的完整信息，如下所示：
+
+```shell
+kubectl get serviceaccounts/build-robot -o yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: 2015-06-16T00:12:59Z
+  name: build-robot
+  namespace: default
+  resourceVersion: "272500"
+  selfLink: /api/v1/namespaces/default/serviceaccounts/build-robot
+  uid: 721ab723-13bc-11e5-aec2-42010af0021e
+secrets:
+- name: build-robot-token-bvbk5
+```
+
+<!--
+then you will see that a token has automatically been created and is referenced by the service account.
+
+You may use authorization plugins to [set permissions on service accounts](/docs/reference/access-authn-authz/rbac/#service-account-permissions).
+
+To use a non-default service account, simply set the `spec.serviceAccountName`
+field of a pod to the name of the service account you wish to use.
+-->
+
+那么您就能看到系统已经自动创建了一个令牌并且被服务账户所引用。
+
+您可以使用授权插件来 [设置服务账户的访问许可](/docs/reference/access-authn-authz/rbac/#service-account-permissions)。
+
+要使用非默认的服务账户，只需简单的将 Pod 的 `spec.serviceAccountName` 字段设置为您想用的服务账户名称。
+
+<!--
+The service account has to exist at the time the pod is created, or it will be rejected.
+
+You cannot update the service account of an already created pod.
+
+You can clean up the service account from this example like this:
+-->
+
+Pod 被创建时服务账户必须存在，否则会被拒绝。
+
+您不能更新已经创建好的 Pod 的服务账户。
+
+您可以清除服务账户，如下所示：
+
+```shell
+kubectl delete serviceaccount/build-robot
+```
+
+<!--
+## Manually create a service account API token.
+
+Suppose we have an existing service account named "build-robot" as mentioned above, and we create
+a new secret manually.
+-->
+
+## 手动创建服务账户 API 令牌
+
+假设我们有一个上面提到的名为 "build-robot" 的服务账户，然后我们手动创建一个新的 Secret。
+
+```shell
+kubectl create -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: build-robot-secret
+  annotations:
+    kubernetes.io/service-account.name: build-robot
+type: kubernetes.io/service-account-token
+EOF
+secret/build-robot-secret created
+```
+
+<!--
+Now you can confirm that the newly built secret is populated with an API token for the "build-robot" service account.
+
+Any tokens for non-existent service accounts will be cleaned up by the token controller.
+-->
+
+现在，您可以确认新构建的 Secret 中填充了 "build-robot" 服务帐户的 API 令牌。
+
+令牌控制器将清理不存在的服务帐户的所有令牌。
+
+```shell
+kubectl describe secrets/build-robot-secret
+Name:           build-robot-secret
+Namespace:      default
+Labels:         <none>
+Annotations:    kubernetes.io/service-account.name=build-robot
+                kubernetes.io/service-account.uid=da68f9c6-9d26-11e7-b84e-002dc52800da
+
+Type:   kubernetes.io/service-account-token
+
+Data
+====
+ca.crt:         1338 bytes
+namespace:      7 bytes
+token:          ...
+```
+
+{{< note >}}
+<!--
+The content of `token` is elided here.
+-->
+这里省略了 `token` 的内容。
+{{< /note >}}
+
+<!--
+## Add ImagePullSecrets to a service account
+
+First, create an imagePullSecret, as described [here](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod).
+Next, verify it has been created.  For example:
+-->
+
+## 为服务账户添加 ImagePullSecrets
+
+首先，创建一个 ImagePullSecrets，可以参考[这里](/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) 的描述。
+然后，确认创建是否成功。例如：
+
+```shell
+kubectl get secrets myregistrykey
+NAME             TYPE                              DATA    AGE
+myregistrykey    kubernetes.io/.dockerconfigjson   1       1d
+```
+<!--
+Next, modify the default service account for the namespace to use this secret as an imagePullSecret.
+-->
+
+接着修改命名空间的默认服务帐户，以将该 Secret 用作 imagePullSecret。
+
+```shell
+kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}'
+```
+
+<!--
+Interactive version requiring manual edit:
+-->
+
+需要手动编辑的交互式版本：
+
+```shell
+kubectl get serviceaccounts default -o yaml > ./sa.yaml
+
+cat sa.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: 2015-08-07T22:02:39Z
+  name: default
+  namespace: default
+  resourceVersion: "243024"
+  selfLink: /api/v1/namespaces/default/serviceaccounts/default
+  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
+secrets:
+- name: default-token-uudge
+
+vi sa.yaml
+[editor session not shown]
+[delete line with key "resourceVersion"]
+[add lines with "imagePullSecrets:"]
+
+cat sa.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: 2015-08-07T22:02:39Z
+  name: default
+  namespace: default
+  selfLink: /api/v1/namespaces/default/serviceaccounts/default
+  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
+secrets:
+- name: default-token-uudge
+imagePullSecrets:
+- name: myregistrykey
+
+kubectl replace serviceaccount default -f ./sa.yaml
+serviceaccounts/default
+```
+
+<!--
+Now, any new pods created in the current namespace will have this added to their spec:
+-->
+
+现在，在当前命名空间中创建的每个新 Pod 的 spec 中都会添加下面的内容：
+
+```yaml
+spec:
+  imagePullSecrets:
+  - name: myregistrykey
+```
+
+<!--## Adding Secrets to a service account.
+
+TODO: Test and explain how to use additional non-K8s secrets with an existing service account.
+-->
+
+<!--
+## Service Account Token Volume Projection
+-->
+
+## 服务帐户令牌卷投影
+
+{{< feature-state for_k8s_version="v1.12" state="beta" >}}
+
+{{< note >}}
+<!--
+This ServiceAccountTokenVolumeProjection is __beta__ in 1.12 and
+enabled by passing all of the following flags to the API server:
+
+* `--service-account-issuer`
+* `--service-account-signing-key-file`
+* `--service-account-api-audiences`
+-->
+
+ServiceAccountTokenVolumeProjection 在 1.12 版本中是 __beta__ 阶段，可以通过向 API 服务器传递以下所有参数来启用它：
+
+* `--service-account-issuer`
+* `--service-account-signing-key-file`
+* `--service-account-api-audiences`
+
+{{< /note >}}
+
+<！--
+The kubelet can also project a service account token into a Pod. You can
+specify desired properties of the token, such as the audience and the validity
+duration. These properties are not configurable on the default service account
+token. The service account token will also become invalid against the API when
+the Pod or the ServiceAccount is deleted.
+-->
+
+kubelet 还可以将服务帐户令牌投影到 Pod 中。
+您可以指定令牌的所需属性，例如受众和有效持续时间。
+这些属性在默认服务帐户令牌上无法配置。
+当删除 Pod 或 ServiceAccount 时，服务帐户令牌也将对 API 无效。
+
+<!--
+This behavior is configured on a PodSpec using a ProjectedVolume type called
+[ServiceAccountToken](/docs/concepts/storage/volumes/#projected). To provide a
+pod with a token with an audience of "vault" and a validity duration of two
+hours, you would configure the following in your PodSpec:
+-->
+
+使用名为 [ServiceAccountToken](/docs/concepts/storage/volumes/#projected) 的 ProjectedVolume 类型在 PodSpec 上配置此功能。
+要向 Pod 提供具有 "vault" 观众以及两个小时有效期的令牌，可以在 PodSpec 中配置以下内容：
+
+```yaml
+kind: Pod
+apiVersion: v1
+spec:
+  containers:
+  - image: nginx
+    name: nginx
+    volumeMounts:
+    - mountPath: /var/run/secrets/tokens
+      name: vault-token
+  volumes:
+  - name: vault-token
+    projected:
+      sources:
+      - serviceAccountToken:
+          path: vault-token
+          expirationSeconds: 7200
+          audience: vault
+```
+
+<!--
+The kubelet will request and store the token on behalf of the pod, make the
+token available to the pod at a configurable file path, and refresh the token as
+it approaches expiration. Kubelet proactively rotates the token if it is older
+than 80% of its total TTL, or if the token is older than 24 hours.
+
+The application is responsible for reloading the token when it rotates. Periodic
+reloading (e.g. once every 5 minutes) is sufficient for most usecases.
+-->
+
+Kubelet 将代表 Pod 请求和存储令牌，使令牌在可配置的文件路径上对 Pod 可用，并在令牌接近到期时刷新令牌。
+如果令牌存活时间大于其总 TTL 的 80% 或者大于 24 小时，Kubelet 则会主动旋转令牌。
+
+应用程序负责在令牌旋转时重新加载令牌。
+对于大多数情况，定期重新加载（例如，每 5 分钟一次）就足够了。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-volume-storage.md b/content/zh/docs/tasks/configure-pod-container/configure-volume-storage.md
new file mode 100644
index 0000000000000..8d5395f68cc1a
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/configure-volume-storage.md
@@ -0,0 +1,198 @@
+---
+title: 配置 Pod 以使用卷进行存储
+content_template: templates/task
+weight: 50
+---
+
+<!--
+---
+title: Configure a Pod to Use a Volume for Storage
+content_template: templates/task
+weight: 50
+---
+-->
+
+{{% capture overview %}}
+
+此页面展示了如何配置 Pod 以使用卷进行存储。
+
+只要容器存在，容器的文件系统就会存在，因此当一个容器终止并重新启动，对该容器的文件系统改动将丢失。对于独立于容器的持久化存储，您可以使用[卷](/docs/concepts/storage/volumes/)。这对于有状态应用程序尤为重要，例如键值存储（如 Redis）和数据库。
+
+<!--
+This page shows how to configure a Pod to use a Volume for storage.
+
+A Container's file system lives only as long as the Container does. So when a
+Container terminates and restarts, filesystem changes are lost. For more
+consistent storage that is independent of the Container, you can use a
+[Volume](/docs/concepts/storage/volumes/). This is especially important for stateful
+applications, such as key-value stores (such as Redis) and databases.
+-->
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+## 为 Pod 配置卷
+
+在本练习中，您将创建一个运行 Pod，该 Pod 仅运行一个容器并拥有一个类型为 [emptyDir](/docs/concepts/storage/volumes/#emptydir) 的卷，在整个 Pod 生命周期中一直存在，即使 Pod 中的容器被终止和重启。以下是 Pod 的配置：
+
+
+<!--
+## Configure a volume for a Pod
+
+In this exercise, you create a Pod that runs one Container. This Pod has a
+Volume of type
+[emptyDir](/docs/concepts/storage/volumes/#emptydir)
+that lasts for the life of the Pod, even if the Container terminates and
+restarts. Here is the configuration file for the Pod:
+-->
+{{< codenew file="pods/storage/redis.yaml" >}}
+
+1. 创建 Pod:
+    <!--
+    1.Create the Pod:
+    -->
+    ```shell
+    kubectl create -f https://k8s.io/examples/pods/storage/redis.yaml
+    ```
+
+1. 验证 Pod 中的容器是否正在运行，然后留意 Pod 的更改：
+    <!--
+    1.Verify that the Pod's Container is running, and then watch for changes to
+    the Pod:
+    -->
+    ```shell
+    kubectl get pod redis --watch
+    ```
+
+    输出如下：
+
+    ```shell
+    NAME      READY     STATUS    RESTARTS   AGE
+    redis     1/1       Running   0          13s
+    ```
+
+1. 在另一个终端，用 shell 连接正在运行的容器：
+    <!--
+    1.In another terminal, get a shell to the running Container:
+    -->
+    ```shell
+    kubectl exec -it redis -- /bin/bash
+    ```
+
+1. 在您的 shell 终端中，切换到 `/data/redis` 目录下，然后创建一个文件：
+    <!--
+    1.In your shell, go to `/data/redis`, and then create a file:
+    -->
+    ```shell
+    root@redis:/data# cd /data/redis/
+    root@redis:/data/redis# echo Hello > test-file
+    ```
+
+1. 在您的 shell 终端中，列出正在运行的进程：
+    <!--
+    1.In your shell, list the running processes:
+    -->
+    ```shell
+    root@redis:/data/redis# apt-get update
+    root@redis:/data/redis# apt-get install procps
+    root@redis:/data/redis# ps aux
+    ```
+
+    输出类似于：
+
+    ```shell
+    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
+    redis        1  0.1  0.1  33308  3828 ?        Ssl  00:46   0:00 redis-server *:6379
+    root        12  0.0  0.0  20228  3020 ?        Ss   00:47   0:00 /bin/bash
+    root        15  0.0  0.0  17500  2072 ?        R+   00:48   0:00 ps aux
+    ```
+
+1. 在您的 shell 终端中，结束 Redis 进程：
+    <!--
+    1.In your shell, kill the Redis process:
+    -->
+    ```shell
+    root@redis:/data/redis# kill <pid>
+    ```
+
+    其中 `<pid>` 是 Redis 进程的 ID (PID)。
+
+1. 在您原先终端中，留意 Redis Pod 的更改。最终您将会看到和下面类似的输出：
+    <!--
+    1. In your original terminal, watch for changes to the Redis Pod. Eventually,
+    you will see something like this:
+    -->
+    ```shell
+    NAME      READY     STATUS     RESTARTS   AGE
+    redis     1/1       Running    0          13s
+    redis     0/1       Completed  0         6m
+    redis     1/1       Running    1         6m
+    ```
+
+此时，容器已经终止并重新启动。这是因为 Redis Pod 的 [restartPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core) 为 `Always`。
+
+<!--
+At this point, the Container has terminated and restarted. This is because the
+Redis Pod has a
+[restartPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core)
+of `Always`.
+-->
+1. 用 shell 终端进入重新启动的容器中：
+
+    <!--
+    1.Get a shell into the restarted Container:
+    -->
+    ```shell
+    kubectl exec -it redis -- /bin/bash
+    ```
+
+1. 在您的 shell 终端中，进入到 `/data/redis` 目录下，并确认 `test-file` 文件是否仍然存在。
+
+    <!--
+    1.In your shell, goto `/data/redis`, and verify that `test-file` is still there.
+    -->
+    ```shell
+    root@redis:/data/redis# cd /data/redis/
+    root@redis:/data/redis# ls
+    test-file
+    ```
+
+1. 删除为此练习所创建的 Pod：
+
+    <!--
+    1.Delete the Pod that you created for this exercise:
+    -->
+    ```shell
+    kubectl delete pod redis
+    ```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+* 参阅[卷](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core)。
+
+* 参阅 [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core)。
+
+* 除了 `emptyDir` 提供的本地磁盘存储外，Kubernetes 还支持许多不同的网络附加存储解决方案，包括 GCE 上的 PD 和 EC2 上的 EBS，它们是关键数据的首选，并将处理节点上的一些细节，例如安装和卸载设备。了解更多详情请参阅[卷](/docs/concepts/storage/volumes/)。
+
+<!--
+* See [Volume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volume-v1-core).
+
+* See [Pod](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#pod-v1-core).
+
+* In addition to the local disk storage provided by `emptyDir`, Kubernetes
+supports many different network-attached storage solutions, including PD on
+GCE and EBS on EC2, which are preferred for critical data and will handle
+details such as mounting and unmounting the devices on the nodes. See
+[Volumes](/docs/concepts/storage/volumes/) for more details.
+-->
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/configure-pod-container/extended-resource.md b/content/zh/docs/tasks/configure-pod-container/extended-resource.md
new file mode 100644
index 0000000000000..a2e12287869d4
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/extended-resource.md
@@ -0,0 +1,235 @@
+---
+title: 为容器分派扩展资源 
+content_template: templates/task
+weight: 40
+---
+
+<!--
+---
+title: Assign Extended Resources to a Container
+content_template: templates/task
+weight: 40
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to assign extended resources to a Container.
+-->
+
+本文介绍如何为容器指定扩展资源。
+
+{{< feature-state state="stable" >}}
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!--
+Before you do this exercise, do the exercise in
+[Advertise Extended Resources for a Node](/docs/tasks/administer-cluster/extended-resource-node/).
+That will configure one of your Nodes to advertise a dongle resource.
+-->
+
+在您开始此练习前，请先练习[为节点广播扩展资源](/docs/tasks/administer-cluster/extended-resource-node/)。
+在那个练习中将配置您的一个节点来广播 dongle 资源。
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Assign an extended resource to a Pod
+
+To request an extended resource, include the `resources:requests` field in your
+Container manifest. Extended resources are fully qualified with any domain outside of
+`*.kubernetes.io/`. Valid extended resource names have the form `example.com/foo` where
+`example.com` is replaced with your organization's domain and `foo` is a
+descriptive resource name.
+
+Here is the configuration file for a Pod that has one Container:
+-->
+
+## 给 Pod 分派扩展资源
+
+要请求扩展资源，需要在您的容器清单中包括 `resources:requests` 字段。
+扩展资源可以使用任何完全限定名称，只是不能使用 `*.kubernetes.io/`。
+有效的扩展资源名的格式为 `example.com/foo`，其中 `example.com` 应被替换为您的组织的域名，而 `foo` 则是描述性的资源名称。
+
+下面是包含一个容器的 Pod 配置文件：
+
+{{< codenew file="pods/resource/extended-resource-pod.yaml" >}}
+
+<!--
+In the configuration file, you can see that the Container requests 3 dongles.
+
+Create a Pod:
+-->
+
+在配置文件中，您可以看到容器请求了 3 个 dongles。
+
+创建 Pod：
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/resource/extended-resource-pod.yaml
+```
+
+<!--
+Verify that the Pod is running:
+-->
+
+检查 Pod 是否运行正常：
+
+```shell
+kubectl get pod extended-resource-demo
+```
+
+<!--
+Describe the Pod:
+-->
+
+描述 Pod:
+
+```shell
+kubectl describe pod extended-resource-demo
+```
+
+<!--
+The output shows dongle requests:
+-->
+
+输出结果显示 dongle 请求如下：
+
+```yaml
+Limits:
+  example.com/dongle: 3
+Requests:
+  example.com/dongle: 3
+```
+
+<!--
+## Attempt to create a second Pod
+
+Here is the configuration file for a Pod that has one Container. The Container requests
+two dongles.
+-->
+
+## 尝试创建第二个 Pod
+
+下面是包含一个容器的 Pod 配置文件，容器请求了 2 个 dongles。
+
+{{< codenew file="pods/resource/extended-resource-pod-2.yaml" >}}
+
+<!--
+Kubernetes will not be able to satisfy the request for two dongles, because the first Pod
+used three of the four available dongles.
+
+Attempt to create a Pod:
+-->
+
+Kubernetes 将不能满足 2 个 dongles 的请求，因为第一个 Pod 已经使用了 4 个可用 dongles 中的 3 个。
+
+尝试创建 Pod：
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/resource/extended-resource-pod-2.yaml
+```
+
+<!--
+Describe the Pod
+-->
+
+描述 Pod
+
+```shell
+kubectl describe pod extended-resource-demo-2
+```
+
+<!--
+The output shows that the Pod cannot be scheduled, because there is no Node that has
+2 dongles available:
+-->
+
+输出结果表明 Pod 不能被调度，因为没有一个节点上存在两个可用的 dongles。
+
+```
+Conditions:
+  Type    Status
+  PodScheduled  False
+...
+Events:
+  ...
+  ... Warning   FailedScheduling  pod (extended-resource-demo-2) failed to fit in any node
+fit failure summary on nodes : Insufficient example.com/dongle (1)
+```
+
+<!--
+View the Pod status:
+-->
+
+查看 Pod 的状态：
+
+```shell
+kubectl get pod extended-resource-demo-2
+```
+
+<!--
+The output shows that the Pod was created, but not scheduled to run on a Node.
+It has a status of Pending:
+-->
+
+输出结果表明 Pod 虽然被创建了，但没有被调度到节点上正常运行。Pod 的状态为 Pending：
+
+```yaml
+NAME                       READY     STATUS    RESTARTS   AGE
+extended-resource-demo-2   0/1       Pending   0          6m
+```
+
+<!--
+## Clean up
+
+Delete the Pods that you created for this exercise:
+-->
+
+## 环境清理
+
+删除本练习中创建的 Pod：
+
+```shell
+kubectl delete pod extended-resource-demo
+kubectl delete pod extended-resource-demo-2
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+### For application developers
+
+* [Assign Memory Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-memory-resource/)
+* [Assign CPU Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+-->
+
+## 应用开发者参考
+
+* [为容器和 Pod 分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
+* [为容器和 Pod 分配 CPU 资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+
+<!--
+### For cluster administrators
+
+* [Advertise Extended Resources for a Node](/docs/tasks/administer-cluster/extended-resource-node/)
+-->
+
+### 集群管理员参考
+
+* [为节点广播扩展资源](/docs/tasks/administer-cluster/extended-resource-node/)
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/configure-pod-container/pull-image-private-registry.md b/content/zh/docs/tasks/configure-pod-container/pull-image-private-registry.md
new file mode 100644
index 0000000000000..7a2cc0d7c28a0
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/pull-image-private-registry.md
@@ -0,0 +1,286 @@
+---
+title: 从私有仓库拉取镜像
+content_template: templates/task
+weight: 100
+---
+
+<!--
+---
+title: Pull an Image from a Private Registry
+content_template: templates/task
+weight: 100
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to create a Pod that uses a Secret to pull an image from a
+private Docker registry or repository.
+-->
+
+本文介绍如何使用 Secret 从私有的 Docker 镜像仓库或代码仓库拉取镜像来创建 Pod。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!--
+* To do this exercise, you need a
+[Docker ID](https://docs.docker.com/docker-id/) and password.
+-->
+
+您需要 [Docker ID](https://docs.docker.com/docker-id/) 和密码来进行本练习。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Log in to Docker
+
+On your laptop, you must authenticate with a registry in order to pull a private image:
+-->
+
+## 登录 Docker 镜像仓库
+
+在个人电脑上，要想拉取私有镜像必须在镜像仓库上进行身份验证。
+
+```shell
+docker login
+```
+
+<!--
+When prompted, enter your Docker username and password.
+
+The login process creates or updates a `config.json` file that holds an authorization token.
+
+View the `config.json` file:
+-->
+
+当提示时，输入 Docker 用户名和密码。
+
+登录过程会创建或更新保存有授权令牌的 `config.json` 文件。
+
+查看 `config.json` 文件：
+
+```shell
+cat ~/.docker/config.json
+```
+
+<!--
+The output contains a section similar to this:
+-->
+
+输出结果包含类似于以下内容的部分：
+
+```json
+{
+    "auths": {
+        "https://index.docker.io/v1/": {
+            "auth": "c3R...zE2"
+        }
+    }
+}
+```
+
+{{< note >}}
+<!--
+If you use a Docker credentials store, you won't see that `auth` entry but a `credsStore` entry with the name of the store as value.
+-->
+如果使用 Docker 凭证仓库，则不会看到 `auth` 条目，看到的将是以仓库名称作为值的 `credsStore` 条目。
+{{< /note >}}
+
+<!--
+## Create a Secret in the cluster that holds your authorization token
+
+A Kubernetes cluster uses the Secret of `docker-registry` type to authenticate with a container registry to pull a private image.
+
+Create this Secret, naming it `regcred`:
+-->
+
+## 在集群中创建保存授权令牌的 Secret
+
+Kubernetes 集群使用 `docker-registry` 类型的 Secret 来通过容器仓库的身份验证，进而提取私有映像。
+
+创建 Secret，命名为 `regcred`：
+
+```shell
+kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
+```
+
+<!--
+where:
+
+* `<your-registry-server>` is your Private Docker Registry FQDN. (https://index.docker.io/v1/ for DockerHub)
+* `<your-name>` is your Docker username.
+* `<your-pword>` is your Docker password.
+* `<your-email>` is your Docker email.
+
+You have successfully set your Docker credentials in the cluster as a Secret called `regcred`.
+-->
+
+在这里：
+
+* `<your-registry-server>` 是你的私有 Docker 仓库全限定域名（FQDN）。(参考 https://index.docker.io/v1/ 中关于 DockerHub 的部分)
+* `<your-name>` 是你的 Docker 用户名。
+* `<your-pword>` 是你的 Docker 密码。
+* `<your-email>` 是你的 Docker 邮箱。
+
+这样您就成功地将集群中的 Docker 凭据设置为名为 `regcred` 的 Secret。
+
+<!--
+## Inspecting the Secret `regcred`
+
+To understand the contents of the `regcred` Secret you just created, start by viewing the Secret in YAML format:
+-->
+
+## 检查 Secret `regcred`
+
+要了解你创建的 `regcred` Secret 的内容，可以用 YAML 格式进行查看：
+
+```shell
+kubectl get secret regcred --output=yaml
+```
+
+<!--
+The output is similar to this:
+-->
+
+输出和下面类似：
+
+```yaml
+apiVersion: v1
+data:
+  .dockerconfigjson: eyJodHRwczovL2luZGV4L ... J0QUl6RTIifX0=
+kind: Secret
+metadata:
+  ...
+  name: regcred
+  ...
+type: kubernetes.io/dockerconfigjson
+```
+
+<!--
+The value of the `.dockerconfigjson` field is a base64 representation of your Docker credentials.
+
+To understand what is in the `.dockerconfigjson` field, convert the secret data to a
+readable format:
+-->
+
+`.dockerconfigjson` 字段的值是 Docker 凭据的 base64 表示。
+
+要了解 `dockerconfigjson` 字段中的内容，请将 Secret 数据转换为可读格式：
+
+```shell
+kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
+```
+
+<!--
+The output is similar to this:
+-->
+
+输出和下面类似：
+
+```json
+{"auths":{"yourprivateregistry.com":{"username":"janedoe","password":"xxxxxxxxxxx","email":"jdoe@example.com","auth":"c3R...zE2"}}}
+```
+
+<!--
+To understand what is in the `auth` field, convert the base64-encoded data to a readable format:
+-->
+
+要了解 `auth` 字段中的内容，请将 base64 编码过的数据转换为可读格式：
+
+```shell
+echo "c3R...zE2" | base64 --decode
+```
+
+<!--
+The output, username and password concatenated with a `:`, is similar to this:
+-->
+
+输出结果中，用户名和密码用 `:` 链接，类似下面这样：
+
+```none
+janedoe:xxxxxxxxxxx
+```
+
+<!--
+Notice that the Secret data contains the authorization token similar to your local `~/.docker/config.json` file.
+
+You have successfully set your Docker credentials as a Secret called `regcred` in the cluster.
+
+## Create a Pod that uses your Secret
+
+Here is a configuration file for a Pod that needs access to your Docker credentials in `regcred`:
+-->
+
+注意，Secret 数据包含与本地 `~/.docker/config.json` 文件类似的授权令牌。
+
+这样您就已经成功地将 Docker 凭据设置为集群中的名为 `regcred` 的 Secret。
+
+## 创建一个使用您的 Secret 的 Pod
+
+下面是一个 Pod 配置文件，它需要访问 `regcred` 中的 Docker 凭据：
+
+{{< codenew file="pods/private-reg-pod.yaml" >}}
+
+<!--
+Download the above file:
+-->
+
+下载上述文件：
+
+```shell
+wget -O my-private-reg-pod.yaml https://k8s.io/examples/pods/private-reg-pod.yaml
+```
+
+<!--
+In file `my-private-reg-pod.yaml`, replace `<your-private-image>` with the path to an image in a private registry such as:
+-->
+
+在`my-private-reg-pod.yaml` 文件中，使用私有仓库的镜像路径替换 `<your-private-image>`，例如：
+
+```none
+janedoe/jdoe-private:v1
+```
+
+<!--
+To pull the image from the private registry, Kubernetes needs credentials.
+The `imagePullSecrets` field in the configuration file specifies that Kubernetes should get the credentials from a Secret named `regcred`.
+
+Create a Pod that uses your Secret, and verify that the Pod is running:
+-->
+
+要从私有仓库拉取镜像，Kubernetes 需要凭证。
+配置文件中的 `imagePullSecrets` 字段表明 Kubernetes 应该通过名为 `regcred` 的 Secret 获取凭证。
+
+创建使用了你的 Secret 的 Pod，并检查它是否正常运行：
+
+```shell
+kubectl create -f my-private-reg-pod.yaml
+kubectl get pod private-reg
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about [Secrets](/docs/concepts/configuration/secret/).
+* Learn more about [using a private registry](/docs/concepts/containers/images/#using-a-private-registry).
+* See [kubectl create secret docker-registry](/docs/reference/generated/kubectl/kubectl-commands/#-em-secret-docker-registry-em-).
+* See [Secret](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core).
+* See the `imagePullSecrets` field of [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core).
+-->
+
+* 进一步了解 [Secrets](/docs/concepts/configuration/secret/)。
+* 进一步了解 [使用私有仓库](/docs/concepts/containers/images/#using-a-private-registry)。
+* 参考 [kubectl create secret docker-registry](/docs/reference/generated/kubectl/kubectl-commands/#-em-secret-docker-registry-em-)。
+* 参考 [Secret](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core)。
+* 参考 [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core) 中的 `imagePullSecrets` 字段 。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/configure-pod-container/quality-service-pod.md b/content/zh/docs/tasks/configure-pod-container/quality-service-pod.md
new file mode 100644
index 0000000000000..1be7afdddc1e0
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/quality-service-pod.md
@@ -0,0 +1,440 @@
+---
+title: 配置 Pod 的服务质量
+content_template: templates/task
+weight: 30
+---
+
+<!--
+---
+title: Configure Quality of Service for Pods
+content_template: templates/task
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to configure Pods so that they will be assigned particular
+Quality of Service (QoS) classes. Kubernetes uses QoS classes to make decisions about
+scheduling and evicting Pods.
+-->
+
+本文介绍怎样配置 Pod 让其获得特定的服务质量（QoS）类。Kubernetes 使用 QoS 类来决定 Pod 的调度和驱逐策略。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## QoS classes
+
+When Kubernetes creates a Pod it assigns one of these QoS classes to the Pod:
+-->
+
+## QoS 类
+
+Kubernetes 创建 Pod 时就给它指定了下列一种 QoS 类：
+
+* Guaranteed
+* Burstable
+* BestEffort
+
+<!--
+## Create a namespace
+
+Create a namespace so that the resources you create in this exercise are
+isolated from the rest of your cluster.
+-->
+
+## 创建命名空间
+
+创建一个命名空间，以便将本练习所创建的资源与集群的其余资源相隔离。
+
+```shell
+kubectl create namespace qos-example
+```
+
+<!--
+## Create a Pod that gets assigned a QoS class of Guaranteed
+
+For a Pod to be given a QoS class of Guaranteed:
+
+* Every Container in the Pod must have a memory limit and a memory request, and they must be the same.
+* Every Container in the Pod must have a CPU limit and a CPU request, and they must be the same.
+
+Here is the configuration file for a Pod that has one Container. The Container has a memory limit and a
+memory request, both equal to 200 MiB. The Container has a CPU limit and a CPU request, both equal to 700 milliCPU:
+-->
+
+## 创建一个 QoS 类为 Guaranteed 的 Pod
+
+对于 QoS 类为 Guaranteed 的 Pod：
+
+* Pod 中的每个容器必须指定内存请求和内存限制，并且两者要相等。
+* Pod 中的每个容器必须指定 CPU 请求和 CPU 限制，并且两者要相等。
+
+下面是包含一个容器的 Pod 配置文件。
+容器设置了内存请求和内存限制，值都是 200 MiB。
+容器设置了 CPU 请求和 CPU 限制，值都是 700 milliCPU：
+
+{{< codenew file="pods/qos/qos-pod.yaml" >}}
+
+<!--
+Create the Pod:
+-->
+
+创建 Pod：
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/qos/qos-pod.yaml --namespace=qos-example
+```
+
+<!--
+View detailed information about the Pod:
+-->
+
+查看 Pod 详情：
+
+```shell
+kubectl get pod qos-demo --namespace=qos-example --output=yaml
+```
+
+<!--
+The output shows that Kubernetes gave the Pod a QoS class of Guaranteed. The output also
+verifies that the Pod Container has a memory request that matches its memory limit, and it has
+a CPU request that matches its CPU limit.
+-->
+
+结果表明 Kubernetes 为 Pod 配置的 QoS 类为 Guaranteed。
+结果也确认了 Pod 容器设置了与内存限制匹配的内存请求，设置了与 CPU 限制匹配的 CPU 请求。
+
+```yaml
+spec:
+  containers:
+    ...
+    resources:
+      limits:
+        cpu: 700m
+        memory: 200Mi
+      requests:
+        cpu: 700m
+        memory: 200Mi
+...
+  qosClass: Guaranteed
+```
+
+{{< note >}}
+<!--
+If a Container specifies its own memory limit, but does not specify a memory request, Kubernetes
+automatically assigns a memory request that matches the limit. Similarly, if a Container specifies its own
+CPU limit, but does not specify a CPU request, Kubernetes automatically assigns a CPU request that matches
+the limit.
+-->
+
+如果容器指定了自己的内存限制，但没有指定内存请求，Kubernetes 会自动为它指定与内存限制匹配的内存请求。
+同样，如果容器指定了自己的 CPU 限制，但没有指定 CPU 请求，Kubernetes 会自动为它指定与 CPU 限制匹配的 CPU 请求。
+{{< /note >}}
+
+<!--
+Delete your Pod:
+-->
+
+删除 Pod：
+
+```shell
+kubectl delete pod qos-demo --namespace=qos-example
+```
+
+<!--
+## Create a Pod that gets assigned a QoS class of Burstable
+
+A Pod is given a QoS class of Burstable if:
+
+* The Pod does not meet the criteria for QoS class Guaranteed.
+* At least one Container in the Pod has a memory or CPU request.
+
+Here is the configuration file for a Pod that has one Container. The Container has a memory limit of 200 MiB
+and a memory request of 100 MiB.
+-->
+
+## 创建一个 QoS 类为 Burstable 的 Pod
+
+如果满足下面条件，将会指定 Pod 的 QoS 类为 Burstable：
+
+* Pod 不符合 Guaranteed QoS 类的标准。
+* Pod 中至少一个容器具有内存或 CPU 请求。
+
+下面是包含一个容器的 Pod 配置文件。
+容器设置了内存限制 200 MiB 和内存请求 100 MiB。
+
+{{< codenew file="pods/qos/qos-pod-2.yaml" >}}
+
+<!--
+Create the Pod:
+-->
+
+创建 Pod：
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/qos/qos-pod-2.yaml --namespace=qos-example
+```
+
+<!--
+View detailed information about the Pod:
+-->
+
+查看 Pod 详情：
+
+```shell
+kubectl get pod qos-demo-2 --namespace=qos-example --output=yaml
+```
+
+<!--
+The output shows that Kubernetes gave the Pod a QoS class of Burstable.
+-->
+
+结果表明 Kubernetes 为 Pod 配置的 QoS 类为 Burstable。
+
+```yaml
+spec:
+  containers:
+  - image: nginx
+    imagePullPolicy: Always
+    name: qos-demo-2-ctr
+    resources:
+      limits:
+        memory: 200Mi
+      requests:
+        memory: 100Mi
+...
+  qosClass: Burstable
+```
+
+<!--
+Delete your Pod:
+-->
+
+删除 Pod：
+
+```shell
+kubectl delete pod qos-demo-2 --namespace=qos-example
+```
+
+<!--
+## Create a Pod that gets assigned a QoS class of BestEffort
+
+For a Pod to be given a QoS class of BestEffort, the Containers in the Pod must not
+have any memory or CPU limits or requests.
+
+Here is the configuration file for a Pod that has one Container. The Container has no memory or CPU
+limits or requests:
+-->
+
+## 创建一个 QoS 类为 BestEffort 的 Pod
+
+对于 QoS 类为 BestEffort 的 Pod，Pod 中的容器必须没有设置内存和 CPU 限制或请求。
+
+下面是包含一个容器的 Pod 配置文件。
+容器没有设置内存和 CPU 限制或请求。
+
+
+
+{{< codenew file="pods/qos/qos-pod-3.yaml" >}}
+
+<!--
+Create the Pod:
+-->
+
+创建 Pod：
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/qos/qos-pod-3.yaml --namespace=qos-example
+```
+
+<!--
+View detailed information about the Pod:
+-->
+
+查看 Pod 详情：
+
+```shell
+kubectl get pod qos-demo-3 --namespace=qos-example --output=yaml
+```
+
+<!--
+The output shows that Kubernetes gave the Pod a QoS class of BestEffort.
+-->
+
+结果表明 Kubernetes 为 Pod 配置的 QoS 类为 BestEffort。
+
+```yaml
+spec:
+  containers:
+    ...
+    resources: {}
+  ...
+  qosClass: BestEffort
+```
+
+<!--
+Delete your Pod:
+-->
+
+删除 Pod：
+
+```shell
+kubectl delete pod qos-demo-3 --namespace=qos-example
+```
+
+<!--
+## Create a Pod that has two Containers
+
+Here is the configuration file for a Pod that has two Containers. One container specifies a memory
+request of 200 MiB. The other Container does not specify any requests or limits.
+-->
+
+## 创建包含两个容器的 Pod
+
+下面是包含两个容器的 Pod 配置文件。
+一个容器指定了内存请求 200 MiB。
+另外一个容器没有指定任何请求和限制。
+
+
+{{< codenew file="pods/qos/qos-pod-4.yaml" >}}
+
+<!--
+Notice that this Pod meets the criteria for QoS class Burstable. That is, it does not meet the
+criteria for QoS class Guaranteed, and one of its Containers has a memory request.
+
+Create the Pod:
+-->
+
+注意此 Pod 满足 Burstable QoS 类的标准。
+也就是说它不满足 Guaranteed QoS 类标准，因为它的一个容器设有内存请求。
+
+创建 Pod：
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/qos/qos-pod-4.yaml --namespace=qos-example
+```
+
+<!--
+View detailed information about the Pod:
+-->
+
+查看 Pod 详情：
+
+```shell
+kubectl get pod qos-demo-4 --namespace=qos-example --output=yaml
+```
+
+<!--
+The output shows that Kubernetes gave the Pod a QoS class of Burstable:
+-->
+
+结果表明 Kubernetes 为 Pod 配置的 QoS 类为 Burstable：
+
+```yaml
+spec:
+  containers:
+    ...
+    name: qos-demo-4-ctr-1
+    resources:
+      requests:
+        memory: 200Mi
+    ...
+    name: qos-demo-4-ctr-2
+    resources: {}
+    ...
+  qosClass: Burstable
+```
+
+<!--
+Delete your Pod:
+-->
+
+删除 Pod：
+
+```shell
+kubectl delete pod qos-demo-4 --namespace=qos-example
+```
+
+<!--
+## Clean up
+
+Delete your namespace:
+-->
+
+## 环境清理
+
+删除命名空间：
+
+```shell
+kubectl delete namespace qos-example
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+
+<!--
+### For app developers
+
+* [Assign Memory Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-memory-resource/)
+
+* [Assign CPU Resources to Containers and Pods](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+-->
+
+### 应用开发者参考
+
+* [为 Pod 和容器分配内存资源](/docs/tasks/configure-pod-container/assign-memory-resource/)
+
+* [为 Pod 和容器分配 CPU 资源](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+
+<!--
+### For cluster administrators
+
+* [Configure Default Memory Requests and Limits for a Namespace](/docs/tasks/administer-cluster/memory-default-namespace/)
+
+* [Configure Default CPU Requests and Limits for a Namespace](/docs/tasks/administer-cluster/cpu-default-namespace/)
+
+* [Configure Minimum and Maximum Memory Constraints for a Namespace](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+
+* [Configure Minimum and Maximum CPU Constraints for a Namespace](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+
+* [Configure Memory and CPU Quotas for a Namespace](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+
+* [Configure a Pod Quota for a Namespace](/docs/tasks/administer-cluster/quota-pod-namespace/)
+
+* [Configure Quotas for API Objects](/docs/tasks/administer-cluster/quota-api-object/)
+-->
+
+### 集群管理员参考
+
+* [为命名空间配置默认的内存请求和限制](/docs/tasks/administer-cluster/memory-default-namespace/)
+
+* [为命名空间配置默认的 CPU 请求和限制](/docs/tasks/administer-cluster/cpu-default-namespace/)
+
+* [为命名空间配置最小和最大内存限制](/docs/tasks/administer-cluster/memory-constraint-namespace/)
+
+* [为命名空间配置最小和最大 CPU 限制](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
+
+* [为命名空间配置内存和 CPU 配额](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
+
+* [为命名空间配置 Pod 配额](/docs/tasks/administer-cluster/quota-pod-namespace/)
+
+* [为 API 对象配置配额](/docs/tasks/administer-cluster/quota-api-object/)
+
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/configure-pod-container/share-process-namespace.md b/content/zh/docs/tasks/configure-pod-container/share-process-namespace.md
new file mode 100644
index 0000000000000..9e745c9e93f4b
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/share-process-namespace.md
@@ -0,0 +1,187 @@
+---
+title: 在 Pod 中的容器之间共享进程命名空间
+min-kubernetes-server-version: v1.10
+content_template: templates/task
+weight: 160
+---
+<!--
+---
+title: Share Process Namespace between Containers in a Pod
+min-kubernetes-server-version: v1.10
+reviewers:
+- verb
+- yujuhong
+- dchen1107
+content_template: templates/task
+weight: 160
+---
+-->
+
+{{% capture overview %}}
+
+{{< feature-state state="beta" >}}
+
+<!--
+This page shows how to configure process namespace sharing for a pod. When
+process namespace sharing is enabled, processes in a container are visible
+to all other containers in that pod.
+-->
+此页面展示如何为 pod 配置进程命名空间共享。
+当启用进程命名空间共享时，容器中的进程对该 pod 中的所有其他容器都是可见的。
+
+<!--
+You can use this feature to configure cooperating containers, such as a log
+handler sidecar container, or to troubleshoot container images that don't
+include debugging utilities like a shell.
+-->
+您可以使用此功能来配置协作容器，比如日志处理 sidecar 容器，或者对那些不包含诸如 shell 等调试实用工具的镜像进行故障排查。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!--
+Process Namespace Sharing is a **beta** feature that is enabled by default. It
+may be disabled by setting `--feature-gates=PodShareProcessNamespace=false`.
+-->
+进程命名空间共享是默认启用的 **beta** 版功能。
+您可以通过设置 `--feature-gates=PodShareProcessNamespace=false` 禁用此功能。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Configure a Pod
+-->
+## 配置 Pod
+
+<!--
+Process Namespace Sharing is enabled using the `ShareProcessNamespace` field of
+`v1.PodSpec`. For example:
+-->
+进程命名空间共享使用 `v1.PodSpec` 中的 `ShareProcessNamespace` 字段启用。例如：
+
+{{< codenew file="pods/share-process-namespace.yaml" >}}
+
+<!--
+1. Create the pod `nginx` on your cluster:
+
+        kubectl create -f https://k8s.io/examples/pods/share-process-namespace.yaml
+
+2. Attach to the `shell` container and run `ps`:
+
+        ```
+        kubectl attach -it nginx -c shell
+        ```
+
+        If you don't see a command prompt, try pressing enter.
+
+        ```
+        / # ps ax
+        PID   USER     TIME  COMMAND
+            1 root      0:00 /pause
+            8 root      0:00 nginx: master process nginx -g daemon off;
+           14 101       0:00 nginx: worker process
+           15 root      0:00 sh
+           21 root      0:00 ps ax
+        ```
+-->
+1. 在集群中创建 `nginx` pod：
+
+        kubectl create -f https://k8s.io/examples/pods/share-process-namespace.yaml
+
+2. 获取容器 `shell`，执行 `ps`：
+
+        ```
+        kubectl attach -it nginx -c shell
+        ```
+
+        如果没有看到命令提示符，请按 enter 回车键。
+
+        ```
+        / # ps ax
+        PID   USER     TIME  COMMAND
+            1 root      0:00 /pause
+            8 root      0:00 nginx: master process nginx -g daemon off;
+           14 101       0:00 nginx: worker process
+           15 root      0:00 sh
+           21 root      0:00 ps ax
+        ```
+<!--
+You can signal processes in other containers. For example, send `SIGHUP` to
+nginx to restart the worker process. This requires the `SYS_PTRACE` capability.
+-->
+您可以在其他容器中对进程发出信号。例如，发送 `SIGHUP` 到 nginx 以重启工作进程。这需要 `SYS_PTRACE` 功能。
+
+        / # kill -HUP 8
+        / # ps ax
+        PID   USER     TIME  COMMAND
+            1 root      0:00 /pause
+            8 root      0:00 nginx: master process nginx -g daemon off;
+           15 root      0:00 sh
+           22 101       0:00 nginx: worker process
+           23 root      0:00 ps ax
+
+<!--
+It's even possible to access another container image using the
+`/proc/$pid/root` link.
+-->
+甚至可以使用 `/proc/$pid/root` 链接访问另一个容器镜像。
+
+        / # head /proc/8/root/etc/nginx/nginx.conf
+
+        user  nginx;
+        worker_processes  1;
+
+        error_log  /var/log/nginx/error.log warn;
+        pid        /var/run/nginx.pid;
+
+
+        events {
+            worker_connections  1024;
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Understanding Process Namespace Sharing
+-->
+## 理解进程命名空间共享
+
+<!--
+Pods share many resources so it makes sense they would also share a process
+namespace. Some container images may expect to be isolated from other
+containers, though, so it's important to understand these differences:
+-->
+Pod 共享许多资源，因此它们共享进程命名空间是很有意义的。
+不过，有些容器镜像可能希望与其他容器隔离，因此了解这些差异很重要:
+
+<!--
+1. **The container process no longer has PID 1.** Some container images refuse
+   to start without PID 1 (for example, containers using `systemd`) or run
+   commands like `kill -HUP 1` to signal the container process. In pods with a
+   shared process namespace, `kill -HUP 1` will signal the pod sandbox.
+   (`/pause` in the above example.)
+
+2. **Processes are visible to other containers in the pod.** This includes all
+   information visible in `/proc`, such as passwords that were passed as arguments
+   or environment variables. These are protected only by regular Unix permissions.
+
+3. **Container filesystems are visible to other containers in the pod through the
+   `/proc/$pid/root` link.** This makes debugging easier, but it also means
+   that filesystem secrets are protected only by filesystem permissions.
+-->
+
+1. **容器进程不再具有 PID 1。** 在没有 PID 1 的情况下，一些容器镜像拒绝启动（例如，使用 `systemd` 的容器)，或者拒绝执行 `kill -HUP 1` 之类的命令来通知容器进程。在具有共享进程命名空间的 pod 中，`kill -HUP 1` 将通知 pod 沙箱（在上面的例子中是 `/pause`）。
+
+2. **进程对 pod 中的其他容器可见。** 这包括 `/proc` 中可见的所有信息，例如作为参数或环境变量传递的密码。这些仅受常规 Unix 权限的保护。
+
+3. **容器文件系统通过 `/proc/$pid/root` 链接对 pod 中的其他容器可见。** 这使调试更加容易，但也意味着文件系统安全性只受文件系统权限的保护。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/configure-pod-container/translate-compose-kubernetes.md b/content/zh/docs/tasks/configure-pod-container/translate-compose-kubernetes.md
new file mode 100644
index 0000000000000..7623a8d99143c
--- /dev/null
+++ b/content/zh/docs/tasks/configure-pod-container/translate-compose-kubernetes.md
@@ -0,0 +1,844 @@
+---
+reviewers:
+- cdrage
+title: 将 Docker Compose 文件转换为 Kubernetes 资源
+content_template: templates/task
+weight: 170
+---
+
+<!--
+---
+reviewers:
+- cdrage
+title: Translate a Docker Compose File to Kubernetes Resources
+content_template: templates/task
+weight: 170
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+What's Kompose? It's a conversion tool for all things compose (namely Docker Compose) to container orchestrators (Kubernetes or OpenShift).
+-->
+
+Kompose 是什么？它是个转换工具，可将 compose（即 Docker Compose）所组装的所有内容转换成容器编排器（Kubernetes 或 OpenShift）可识别的形式。
+
+<!--
+More information can be found on the Kompose website at [http://kompose.io](http://kompose.io).
+-->
+
+更多信息请参考 Kompose 官网 [http://kompose.io](http://kompose.io)。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Install Kompose
+-->
+
+## 安装 Kompose
+
+<!--
+We have multiple ways to install Kompose. Our preferred method is downloading the binary from the latest GitHub release.
+-->
+
+我们有很多种方式安装 Kompose。首选方式是从最新的 GitHub 发布页面下载二进制文件。
+
+<!--
+## GitHub release
+-->
+
+## GitHub 发布版本
+
+<!--
+Kompose is released via GitHub on a three-week cycle, you can see all current releases on the [GitHub release page](https://github.com/kubernetes/kompose/releases).
+-->
+
+Kompose 通过 GitHub 发布版本，发布周期为三星期。您可以在[GitHub 发布页面](https://github.com/kubernetes/kompose/releases)上看到所有当前版本。
+
+```sh
+# Linux
+curl -L https://github.com/kubernetes/kompose/releases/download/v1.16.0/kompose-linux-amd64 -o kompose
+
+# macOS
+curl -L https://github.com/kubernetes/kompose/releases/download/v1.16.0/kompose-darwin-amd64 -o kompose
+
+# Windows
+curl -L https://github.com/kubernetes/kompose/releases/download/v1.16.0/kompose-windows-amd64.exe -o kompose.exe
+
+chmod +x kompose
+sudo mv ./kompose /usr/local/bin/kompose
+```
+
+<!--
+Alternatively, you can download the [tarball](https://github.com/kubernetes/kompose/releases).
+-->
+或者，您可以下载 [tarball](https://github.com/kubernetes/kompose/releases)。
+
+## Go
+
+<!--
+Installing using `go get` pulls from the master branch with the latest development changes.
+-->
+
+用 `go get` 命令从主分支拉取最新的开发变更的方法安装 Kompose。
+
+
+```sh
+go get -u github.com/kubernetes/kompose
+```
+
+## CentOS
+
+<!--
+Kompose is in [EPEL](https://fedoraproject.org/wiki/EPEL) CentOS repository.
+If you don't have [EPEL](https://fedoraproject.org/wiki/EPEL) repository already installed and enabled you can do it by running  `sudo yum install epel-release`
+-->
+
+Kompose 位于 [EPEL](https://fedoraproject.org/wiki/EPEL) CentOS 代码仓库。
+如果您还没有安装启用 [EPEL](https://fedoraproject.org/wiki/EPEL) 代码仓库，请运行命令 `sudo yum install epel-release`。
+
+<!--
+If you have [EPEL](https://fedoraproject.org/wiki/EPEL) enabled in your system, you can install Kompose like any other package.
+-->
+
+如果您的系统中已经启用了 [EPEL](https://fedoraproject.org/wiki/EPEL)，您就可以像安装其他软件包一样安装 Kompose。
+
+```bash
+sudo yum -y install kompose
+```
+
+## Fedora
+
+<!--
+Kompose is in Fedora 24, 25 and 26 repositories. You can install it just like any other package.
+-->
+
+Kompose 位于 Fedora 24、25 和 26 的代码仓库。您可以像安装其他软件包一样安装 Kompose。
+
+```bash
+sudo dnf -y install kompose
+```
+
+## macOS
+
+<!--
+On macOS you can install latest release via [Homebrew](https://brew.sh):
+-->
+
+在 macOS 上您可以通过 [Homebrew](https://brew.sh) 安装 Kompose 的最新版本：
+
+```bash
+brew install kompose
+
+```
+<!--
+## Use Kompose
+-->
+
+## 使用 Kompose
+
+<!--
+In just a few steps, we'll take you from Docker Compose to Kubernetes. All
+you need is an existing `docker-compose.yml` file.
+-->
+
+再需几步，我们就把你从 Docker Compose 带到 Kubernetes。
+您只需要一个现有的 `docker-compose.yml` 文件。
+
+1.  <!--Go to the directory containing your `docker-compose.yml` file. If you don't
+    have one, test using this one.-->
+    进入 `docker-compose.yml` 文件所在的目录。如果没有，请使用下面这个进行测试。
+
+      ```yaml
+      version: "2"
+
+      services:
+
+        redis-master:
+          image: k8s.gcr.io/redis:e2e
+          ports:
+            - "6379"
+
+        redis-slave:
+          image: gcr.io/google_samples/gb-redisslave:v1
+          ports:
+            - "6379"
+          environment:
+            - GET_HOSTS_FROM=dns
+
+        frontend:
+          image: gcr.io/google-samples/gb-frontend:v4
+          ports:
+            - "80:80"
+          environment:
+            - GET_HOSTS_FROM=dns
+          labels:
+            kompose.service.type: LoadBalancer
+      ```
+
+
+2.  <!--Run the `kompose up` command to deploy to Kubernetes directly, or skip to
+    the next step instead to generate a file to use with `kubectl`.-->
+    运行 `kompose up` 命令直接部署到 Kubernetes，或者跳到下一步，生成 `kubectl` 使用的文件。
+
+      ```bash
+      $ kompose up
+      We are going to create Kubernetes Deployments, Services and PersistentVolumeClaims for your Dockerized application.
+      If you need different kind of resources, use the 'kompose convert' and 'kubectl create -f' commands instead.
+
+      INFO Successfully created Service: redis          
+      INFO Successfully created Service: web            
+      INFO Successfully created Deployment: redis       
+      INFO Successfully created Deployment: web         
+
+      Your application has been deployed to Kubernetes. You can run 'kubectl get deployment,svc,pods,pvc' for details.
+      ```
+
+
+3.  <!--To convert the `docker-compose.yml` file to files that you can use with
+    `kubectl`, run `kompose convert` and then `kubectl create -f <output file>`.-->
+    要将 `docker-compose.yml` 转换为 `kubectl` 可用的文件，请运行 `kompose convert` 命令进行转换，然后运行 `kubectl create -f <output file>` 进行创建。
+
+      ```bash
+      $ kompose convert                           
+      INFO Kubernetes file "frontend-service.yaml" created         
+      INFO Kubernetes file "redis-master-service.yaml" created     
+      INFO Kubernetes file "redis-slave-service.yaml" created      
+      INFO Kubernetes file "frontend-deployment.yaml" created      
+      INFO Kubernetes file "redis-master-deployment.yaml" created  
+      INFO Kubernetes file "redis-slave-deployment.yaml" created   
+      ```
+
+      ```bash
+      $ kubectl create -f frontend-service.yaml,redis-master-service.yaml,redis-slave-service.yaml,frontend-deployment.yaml,redis-master-deployment.yaml,redis-slave-deployment.yaml
+      service/frontend created
+      service/redis-master created
+      service/redis-slave created
+      deployment.apps/frontend created
+      deployment.apps/redis-master created
+      deployment.apps/redis-slave created
+      ```
+<!--
+      Your deployments are running in Kubernetes.
+-->
+      您部署的应用在 Kubernetes 中运行起来了。
+
+
+4.  <!--Access your application.-->访问您的应用。
+
+      <!--If you're already using `minikube` for your development process:-->
+
+      如果您在开发过程中使用 `minikube`，请执行：
+
+      ```bash
+      $ minikube service frontend
+      ```
+
+      <!--Otherwise, let's look up what IP your service is using!-->
+      否则，我们要查看一下您的服务使用了什么 IP！
+
+      ```sh
+      $ kubectl describe svc frontend
+      Name:                   frontend
+      Namespace:              default
+      Labels:                 service=frontend
+      Selector:               service=frontend
+      Type:                   LoadBalancer
+      IP:                     10.0.0.183
+      LoadBalancer Ingress:   123.45.67.89
+      Port:                   80      80/TCP
+      NodePort:               80      31144/TCP
+      Endpoints:              172.17.0.4:80
+      Session Affinity:       None
+      No events.
+
+      ```
+
+      <!--If you're using a cloud provider, your IP will be listed next to `LoadBalancer Ingress`.-->
+      如果您使用的是云提供商，您的 IP 将在 `LoadBalancer Ingress` 字段给出。
+
+      ```sh
+      $ curl http://123.45.67.89
+      ```
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## User Guide
+-->
+
+## 用户指南
+
+<!--
+- CLI
+  - [`kompose convert`](#kompose-convert)
+  - [`kompose up`](#kompose-up)
+  - [`kompose down`](#kompose-down)
+- Documentation
+  - [Build and Push Docker Images](#build-and-push-docker-images)
+  - [Alternative Conversions](#alternative-conversions)
+  - [Labels](#labels)
+  - [Restart](#restart)
+  - [Docker Compose Versions](#docker-compose-versions)
+-->
+
+- CLI
+  - [`kompose convert`](#kompose-convert)
+  - [`kompose up`](#kompose-up)
+  - [`kompose down`](#kompose-down)
+- 文档
+  - [构建和推送 Docker 镜像](#构建和推送-docker-镜像)
+  - [其他转换方式](#其他转换方式)
+  - [标签](#标签)
+  - [重启](#重启)
+  - [Docker Compose 版本](#docker-compose-版本)
+
+<!--
+Kompose has support for two providers: OpenShift and Kubernetes.
+You can choose a targeted provider using global option `--provider`. If no provider is specified, Kubernetes is set by default.
+-->
+
+Kompose 支持两种驱动：OpenShift 和 Kubernetes。
+您可以通过全局选项 `--provider` 选择驱动方式。如果没有指定，会将 Kubernetes 作为默认驱动。
+
+## `kompose convert`
+
+Kompose 支持将 V1、V2 和 V3 版本的 Docker Compose 文件转换为 Kubernetes 和 OpenShift 资源对象。
+
+### Kubernetes
+
+```sh
+$ kompose --file docker-voting.yml convert
+WARN Unsupported key networks - ignoring
+WARN Unsupported key build - ignoring
+INFO Kubernetes file "worker-svc.yaml" created
+INFO Kubernetes file "db-svc.yaml" created
+INFO Kubernetes file "redis-svc.yaml" created
+INFO Kubernetes file "result-svc.yaml" created
+INFO Kubernetes file "vote-svc.yaml" created
+INFO Kubernetes file "redis-deployment.yaml" created
+INFO Kubernetes file "result-deployment.yaml" created
+INFO Kubernetes file "vote-deployment.yaml" created
+INFO Kubernetes file "worker-deployment.yaml" created
+INFO Kubernetes file "db-deployment.yaml" created
+
+$ ls
+db-deployment.yaml  docker-compose.yml         docker-gitlab.yml  redis-deployment.yaml  result-deployment.yaml  vote-deployment.yaml  worker-deployment.yaml
+db-svc.yaml         docker-voting.yml          redis-svc.yaml     result-svc.yaml        vote-svc.yaml           worker-svc.yaml
+```
+
+<!--
+You can also provide multiple docker-compose files at the same time:
+-->
+
+您也可以同时提供多个 docker-compose 文件进行转换：
+
+```sh
+$ kompose -f docker-compose.yml -f docker-guestbook.yml convert
+INFO Kubernetes file "frontend-service.yaml" created         
+INFO Kubernetes file "mlbparks-service.yaml" created         
+INFO Kubernetes file "mongodb-service.yaml" created          
+INFO Kubernetes file "redis-master-service.yaml" created     
+INFO Kubernetes file "redis-slave-service.yaml" created      
+INFO Kubernetes file "frontend-deployment.yaml" created      
+INFO Kubernetes file "mlbparks-deployment.yaml" created      
+INFO Kubernetes file "mongodb-deployment.yaml" created       
+INFO Kubernetes file "mongodb-claim0-persistentvolumeclaim.yaml" created
+INFO Kubernetes file "redis-master-deployment.yaml" created  
+INFO Kubernetes file "redis-slave-deployment.yaml" created   
+
+$ ls
+mlbparks-deployment.yaml  mongodb-service.yaml                       redis-slave-service.jsonmlbparks-service.yaml  
+frontend-deployment.yaml  mongodb-claim0-persistentvolumeclaim.yaml  redis-master-service.yaml
+frontend-service.yaml     mongodb-deployment.yaml                    redis-slave-deployment.yaml
+redis-master-deployment.yaml
+```
+
+<!--
+When multiple docker-compose files are provided the configuration is merged. Any configuration that is common will be over ridden by subsequent file.
+-->
+
+当提供多个 docker-compose 文件时，配置将会合并。任何通用的配置都将被后续文件覆盖。
+
+### OpenShift
+
+```sh
+$ kompose --provider openshift --file docker-voting.yml convert
+WARN [worker] Service cannot be created because of missing port.
+INFO OpenShift file "vote-service.yaml" created             
+INFO OpenShift file "db-service.yaml" created               
+INFO OpenShift file "redis-service.yaml" created            
+INFO OpenShift file "result-service.yaml" created           
+INFO OpenShift file "vote-deploymentconfig.yaml" created    
+INFO OpenShift file "vote-imagestream.yaml" created         
+INFO OpenShift file "worker-deploymentconfig.yaml" created  
+INFO OpenShift file "worker-imagestream.yaml" created       
+INFO OpenShift file "db-deploymentconfig.yaml" created      
+INFO OpenShift file "db-imagestream.yaml" created           
+INFO OpenShift file "redis-deploymentconfig.yaml" created   
+INFO OpenShift file "redis-imagestream.yaml" created        
+INFO OpenShift file "result-deploymentconfig.yaml" created  
+INFO OpenShift file "result-imagestream.yaml" created  
+```
+
+<!--
+It also supports creating buildconfig for build directive in a service. By default, it uses the remote repo for the current git branch as the source repo, and the current branch as the source branch for the build. You can specify a different source repo and branch using ``--build-repo`` and ``--build-branch`` options respectively.
+-->
+
+kompose 还支持为服务中的构建指令创建 buildconfig。
+默认情况下，它使用当前 git 分支的 remote 仓库作为源仓库，使用当前分支作为构建的源分支。
+您可以分别使用 ``--build-repo`` 和 ``--build-branch`` 选项指定不同的源仓库和分支。
+
+```sh
+$ kompose --provider openshift --file buildconfig/docker-compose.yml convert
+WARN [foo] Service cannot be created because of missing port.
+INFO OpenShift Buildconfig using git@github.com:rtnpro/kompose.git::master as source.
+INFO OpenShift file "foo-deploymentconfig.yaml" created     
+INFO OpenShift file "foo-imagestream.yaml" created          
+INFO OpenShift file "foo-buildconfig.yaml" created
+```
+
+{{< note >}}
+<!--
+If you are manually pushing the Openshift artifacts using ``oc create -f``, you need to ensure that you push the imagestream artifact before the buildconfig artifact, to workaround this Openshift issue: https://github.com/openshift/origin/issues/4518 .
+-->
+
+如果使用 ``oc create -f`` 手动推送 Openshift 工件，则需要确保在构建配置工件之前推送 imagestream 工件，以解决 Openshift 的这个问题：https://github.com/openshift/origin/issues/4518 。
+{{< /note >}}
+
+## `kompose up`
+
+<!--
+Kompose supports a straightforward way to deploy your "composed" application to Kubernetes or OpenShift via `kompose up`.
+-->
+
+Kompose 支持通过 `kompose up` 直接将您的"复合的（composed）" 应用程序部署到 Kubernetes 或 OpenShift。
+
+### Kubernetes
+
+```sh
+$ kompose --file ./examples/docker-guestbook.yml up
+We are going to create Kubernetes deployments and services for your Dockerized application.
+If you need different kind of resources, use the 'kompose convert' and 'kubectl create -f' commands instead.
+
+INFO Successfully created service: redis-master   
+INFO Successfully created service: redis-slave    
+INFO Successfully created service: frontend       
+INFO Successfully created deployment: redis-master
+INFO Successfully created deployment: redis-slave
+INFO Successfully created deployment: frontend    
+
+Your application has been deployed to Kubernetes. You can run 'kubectl get deployment,svc,pods' for details.
+
+$ kubectl get deployment,svc,pods
+NAME                                              DESIRED       CURRENT       UP-TO-DATE   AVAILABLE   AGE
+deployment.extensions/frontend                    1             1             1            1           4m
+deployment.extensions/redis-master                1             1             1            1           4m
+deployment.extensions/redis-slave                 1             1             1            1           4m
+
+NAME                         TYPE               CLUSTER-IP    EXTERNAL-IP   PORT(S)      AGE
+service/frontend             ClusterIP          10.0.174.12   <none>        80/TCP       4m
+service/kubernetes           ClusterIP          10.0.0.1      <none>        443/TCP      13d
+service/redis-master         ClusterIP          10.0.202.43   <none>        6379/TCP     4m
+service/redis-slave          ClusterIP          10.0.1.85     <none>        6379/TCP     4m
+
+NAME                                READY         STATUS        RESTARTS     AGE
+pod/frontend-2768218532-cs5t5       1/1           Running       0            4m
+pod/redis-master-1432129712-63jn8   1/1           Running       0            4m
+pod/redis-slave-2504961300-nve7b    1/1           Running       0            4m
+```
+
+<!--
+**Note**:
+- You must have a running Kubernetes cluster with a pre-configured kubectl context.
+- Only deployments and services are generated and deployed to Kubernetes. If you need different kind of resources, use the `kompose convert` and `kubectl create -f` commands instead.
+-->
+
+**注意**：
+
+- 您必须有一个运行正常的 Kubernetes 集群，该集群具有预先配置的 kubectl 上下文。
+- 此操作仅生成 Deployment 和 Service 对象并将其部署到 Kubernetes。如果需要部署其他不同类型的资源，请使用 `kompose convert` 和 `kubectl create -f` 命令。
+
+
+### OpenShift
+```sh
+$ kompose --file ./examples/docker-guestbook.yml --provider openshift up
+We are going to create OpenShift DeploymentConfigs and Services for your Dockerized application.
+If you need different kind of resources, use the 'kompose convert' and 'oc create -f' commands instead.
+
+INFO Successfully created service: redis-slave    
+INFO Successfully created service: frontend       
+INFO Successfully created service: redis-master   
+INFO Successfully created deployment: redis-slave
+INFO Successfully created ImageStream: redis-slave
+INFO Successfully created deployment: frontend    
+INFO Successfully created ImageStream: frontend   
+INFO Successfully created deployment: redis-master
+INFO Successfully created ImageStream: redis-master
+
+Your application has been deployed to OpenShift. You can run 'oc get dc,svc,is' for details.
+
+$ oc get dc,svc,is
+NAME               REVISION                              DESIRED       CURRENT    TRIGGERED BY
+dc/frontend        0                                     1             0          config,image(frontend:v4)
+dc/redis-master    0                                     1             0          config,image(redis-master:e2e)
+dc/redis-slave     0                                     1             0          config,image(redis-slave:v1)
+NAME               CLUSTER-IP                            EXTERNAL-IP   PORT(S)    AGE
+svc/frontend       172.30.46.64                          <none>        80/TCP     8s
+svc/redis-master   172.30.144.56                         <none>        6379/TCP   8s
+svc/redis-slave    172.30.75.245                         <none>        6379/TCP   8s
+NAME               DOCKER REPO                           TAGS          UPDATED
+is/frontend        172.30.12.200:5000/fff/frontend                     
+is/redis-master    172.30.12.200:5000/fff/redis-master                 
+is/redis-slave     172.30.12.200:5000/fff/redis-slave    v1  
+```
+
+<!--
+**Note**:
+- You must have a running OpenShift cluster with a pre-configured `oc` context (`oc login`)
+-->
+
+**注意**：
+
+- 您必须有一个运行正常的 OpenShift 集群，该集群具有预先配置的 `oc` 上下文 (`oc login`)。
+
+## `kompose down`
+
+<!--
+Once you have deployed "composed" application to Kubernetes, `$ kompose down` will help you to take the application out by deleting its deployments and services. If you need to remove other resources, use the 'kubectl' command.
+-->
+
+您一旦将"复合(composed)" 应用部署到 Kubernetes，`$ kompose down` 命令将能帮您通过删除 Deployment 和 Service 对象来删除应用。如果需要删除其他资源，请使用 'kubectl' 命令。
+
+```sh
+$ kompose --file docker-guestbook.yml down
+INFO Successfully deleted service: redis-master   
+INFO Successfully deleted deployment: redis-master
+INFO Successfully deleted service: redis-slave    
+INFO Successfully deleted deployment: redis-slave
+INFO Successfully deleted service: frontend       
+INFO Successfully deleted deployment: frontend
+```
+
+<!--
+**Note**:
+- You must have a running Kubernetes cluster with a pre-configured kubectl context.
+## Build and Push Docker Images
+Kompose supports both building and pushing Docker images. When using the `build` key within your Docker Compose file, your image will:
+  - Automatically be built with Docker using the `image` key specified within your file
+  - Be pushed to the correct Docker repository using local credentials (located at `.docker/config`)
+Using an [example Docker Compose file](https://raw.githubusercontent.com/kubernetes/kompose/master/examples/buildconfig/docker-compose.yml):
+-->
+
+**注意**：
+
+- 您必须有一个运行正常的 Kubernetes 集群，该集群具有预先配置的 kubectl 上下文。
+
+## 构建和推送 Docker 镜像
+
+Kompose 支持构建和推送 Docker 镜像。如果 Docker Compose 文件中使用了 `build` 关键字，您的镜像将会：
+
+  - 使用文档中指定的 `image` 键自动构建 Docker 镜像
+  - 使用本地凭据推送到正确的 Docker 仓库
+
+使用 [Docker Compose 文件示例](https://raw.githubusercontent.com/kubernetes/kompose/master/examples/buildconfig/docker-compose.yml)
+
+```yaml
+version: "2"
+
+services:
+    foo:
+        build: "./build"
+        image: docker.io/foo/bar
+```
+
+<!--
+Using `kompose up` with a `build` key:
+-->
+
+使用带有 `build` 键的 `kompose up` 命令：
+
+```none
+$ kompose up
+INFO Build key detected. Attempting to build and push image 'docker.io/foo/bar'
+INFO Building image 'docker.io/foo/bar' from directory 'build'
+INFO Image 'docker.io/foo/bar' from directory 'build' built successfully
+INFO Pushing image 'foo/bar:latest' to registry 'docker.io'
+INFO Attempting authentication credentials 'https://index.docker.io/v1/
+INFO Successfully pushed image 'foo/bar:latest' to registry 'docker.io'
+INFO We are going to create Kubernetes Deployments, Services and PersistentVolumeClaims for your Dockerized application. If you need different kind of resources, use the 'kompose convert' and 'kubectl create -f' commands instead.
+
+INFO Deploying application in "default" namespace
+INFO Successfully created Service: foo            
+INFO Successfully created Deployment: foo         
+
+Your application has been deployed to Kubernetes. You can run 'kubectl get deployment,svc,pods,pvc' for details.
+```
+
+<!--
+In order to disable the functionality, or choose to use BuildConfig generation (with OpenShift) `--build (local|build-config|none)` can be passed.
+-->
+
+要想禁用该功能，或者使用 BuildConfig 中的版本（在 OpenShift 中），可以通过传递 `--build (local|build-config|none)` 参数来实现。
+
+```sh
+# Disable building/pushing Docker images
+$ kompose up --build none
+
+# Generate Build Config artifacts for OpenShift
+$ kompose up --provider openshift --build build-config
+```
+
+<!--
+## Alternative Conversions
+The default `kompose` transformation will generate Kubernetes [Deployments](/docs/concepts/workloads/controllers/deployment/) and [Services](/docs/concepts/services-networking/service/), in yaml format. You have alternative option to generate json with `-j`. Also, you can alternatively generate [Replication Controllers](/docs/concepts/workloads/controllers/replicationcontroller/) objects, [Daemon Sets](/docs/concepts/workloads/controllers/daemonset/), or [Helm](https://github.com/helm/helm) charts.
+-->
+
+## 其他转换方式
+
+默认的 `kompose` 转换会生成 yaml 格式的 Kubernetes [Deployment](/docs/concepts/workloads/controllers/deployment/) 和 [Service](/docs/concepts/services-networking/service/) 对象。
+您可以选择通过 `-j` 参数生成 json 格式的对象。
+您也可以替换生成 [Replication Controllers](/docs/concepts/workloads/controllers/replicationcontroller/) 对象、[Daemon Sets](/docs/concepts/workloads/controllers/daemonset/) 或 [Helm](https://github.com/helm/helm) charts。
+
+```sh
+$ kompose convert -j
+INFO Kubernetes file "redis-svc.json" created
+INFO Kubernetes file "web-svc.json" created
+INFO Kubernetes file "redis-deployment.json" created
+INFO Kubernetes file "web-deployment.json" created
+```
+
+<!--
+The `*-deployment.json` files contain the Deployment objects.
+-->
+
+`*-deployment.json` 文件中包含 Deployment 对象。
+
+```sh
+$ kompose convert --replication-controller
+INFO Kubernetes file "redis-svc.yaml" created
+INFO Kubernetes file "web-svc.yaml" created
+INFO Kubernetes file "redis-replicationcontroller.yaml" created
+INFO Kubernetes file "web-replicationcontroller.yaml" created
+```
+
+<!--
+The `*-replicationcontroller.yaml` files contain the Replication Controller objects. If you want to specify replicas (default is 1), use `--replicas` flag: `$ kompose convert --replication-controller --replicas 3`
+-->
+
+`*-replicationcontroller.yaml` 文件包含 Replication Controller 对象。如果您想指定副本数（默认为 1），可以使用 `--replicas` 参数：`$ kompose convert --replication-controller --replicas 3`
+
+```sh
+$ kompose convert --daemon-set
+INFO Kubernetes file "redis-svc.yaml" created
+INFO Kubernetes file "web-svc.yaml" created
+INFO Kubernetes file "redis-daemonset.yaml" created
+INFO Kubernetes file "web-daemonset.yaml" created
+```
+
+<!--
+The `*-daemonset.yaml` files contain the Daemon Set objects
+If you want to generate a Chart to be used with [Helm](https://github.com/kubernetes/helm) simply do:
+-->
+
+`*-daemonset.yaml` 文件包含 Daemon Set 对象。
+
+如果您想生成 [Helm](https://github.com/kubernetes/helm) 可用的 Chart，只需简单的执行下面的命令：
+
+```sh
+$ kompose convert -c
+INFO Kubernetes file "web-svc.yaml" created
+INFO Kubernetes file "redis-svc.yaml" created
+INFO Kubernetes file "web-deployment.yaml" created
+INFO Kubernetes file "redis-deployment.yaml" created
+chart created in "./docker-compose/"
+
+$ tree docker-compose/
+docker-compose
+├── Chart.yaml
+├── README.md
+└── templates
+    ├── redis-deployment.yaml
+    ├── redis-svc.yaml
+    ├── web-deployment.yaml
+    └── web-svc.yaml
+```
+
+<!--
+The chart structure is aimed at providing a skeleton for building your Helm charts.
+## Labels
+`kompose` supports Kompose-specific labels within the `docker-compose.yml` file in order to explicitly define a service's behavior upon conversion.
+- `kompose.service.type` defines the type of service to be created.
+For example:
+-->
+
+这个图标结构旨在为构建 Helm Chart 提供框架。
+
+## 标签
+
+`kompose` 支持 `docker-compose.yml` 文件中用于 Kompose 的标签，以便在转换时明确定义 Service 的行为。
+
+- `kompose.service.type` 定义要创建的 Service 类型。
+
+
+
+```yaml
+version: "2"
+services:
+  nginx:
+    image: nginx
+    dockerfile: foobar
+    build: ./foobar
+    cap_add:
+      - ALL
+    container_name: foobar
+    labels:
+      kompose.service.type: nodeport
+```
+
+<!--
+- `kompose.service.expose` defines if the service needs to be made accessible from outside the cluster or not. If the value is set to "true", the provider sets the endpoint automatically, and for any other value, the value is set as the hostname. If multiple ports are defined in a service, the first one is chosen to be the exposed.
+  - For the Kubernetes provider, an ingress resource is created and it is assumed that an ingress controller has already been configured.
+  - For the OpenShift provider, a route is created.
+For example:
+-->
+
+- `kompose.service.expose` 定义 是否允许从集群外部访问 Service。如果该值被设置为 "true"，提供程序将自动设置端点，对于任何其他值，该值将被设置为主机名。如果在 Service 中定义了多个端口，则选择第一个端口作为公开端口。
+  - 对于 Kubernetes 驱动程序，创建了一个 Ingress 资源，并且假定已经配置了相应的 Ingress 控制器。
+  - 对于 OpenShift 驱动程序, 创建一个 route。
+
+例如：
+
+```yaml
+version: "2"
+services:
+  web:
+    image: tuna/docker-counter23
+    ports:
+     - "5000:5000"
+    links:
+     - redis
+    labels:
+      kompose.service.expose: "counter.example.com"
+  redis:
+    image: redis:3.0
+    ports:
+     - "6379"
+```
+
+<!--
+The currently supported options are:
+| Key                  | Value                               |
+|----------------------|-------------------------------------|
+| kompose.service.type | nodeport / clusterip / loadbalancer |
+| kompose.service.expose| true / hostname |
+-->
+
+当前支持的选项有:
+
+| 键                    | 值                                 |
+|----------------------|-------------------------------------|
+| kompose.service.type | nodeport / clusterip / loadbalancer |
+| kompose.service.expose| true / hostname |
+
+
+{{< note >}}
+<!--
+The `kompose.service.type` label should be defined with `ports` only, otherwise `kompose` will fail.
+-->
+`kompose.service.type` 标签应该只用`ports`来定义，否则 `kompose` 会失败。
+{{< /note >}}
+
+<!--
+## Restart
+If you want to create normal pods without controllers you can use `restart` construct of docker-compose to define that. Follow table below to see what happens on the `restart` value.
+-->
+
+## 重启
+
+如果你想创建没有控制器的普通 Pod，可以使用 docker-compose 的 `restart` 结构来定义它。请参考下表了解 `restart` 的不同参数。
+
+<!--
+| `docker-compose` `restart` | object created    | Pod `restartPolicy` |
+|----------------------------|-------------------|---------------------|
+| `""`                       | controller object | `Always`            |
+| `always`                   | controller object | `Always`            |
+| `on-failure`               | Pod               | `OnFailure`         |
+| `no`                       | Pod               | `Never`             |
+-->
+
+| `docker-compose` `restart` | 创建的对象          | Pod `restartPolicy` |
+|----------------------------|-------------------|---------------------|
+| `""`                       | 控制器对象         | `Always`            |
+| `always`                   | 控制器对象         | `Always`            |
+| `on-failure`               | Pod               | `OnFailure`         |
+| `no`                       | Pod               | `Never`             |
+
+
+
+{{< note >}}
+<!--
+The controller object could be `deployment` or `replicationcontroller`, etc.
+-->
+控制器对象可以是 `deployment` 或 `replicationcontroller` 等。
+{{< /note >}}
+
+<!--
+For e.g. `pival` service will become pod down here. This container calculated value of `pi`.
+-->
+
+例如，`pival` Service 将在这里变成 Pod。这个容器的计算值为 `pi`。
+
+```yaml
+version: '2'
+
+services:
+  pival:
+    image: perl
+    command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+    restart: "on-failure"
+```
+
+<!--
+### Warning about Deployment Config's
+If the Docker Compose file has a volume specified for a service, the Deployment (Kubernetes) or DeploymentConfig (OpenShift) strategy is changed to "Recreate" instead of "RollingUpdate" (default). This is done to avoid multiple instances of a service from accessing a volume at the same time.
+-->
+
+### 关于 Deployment Config 的提醒
+
+如果 Docker Compose 文件中为服务声明了卷，Deployment (Kubernetes) 或 DeploymentConfig (OpenShift) 的策略会从 "RollingUpdate" (默认) 变为 "Recreate"。
+这样做的目的是为了避免服务的多个实例同时访问卷。
+
+<!--
+If the Docker Compose file has service name with `_` in it (eg.`web_service`), then it will be replaced by `-` and the service name will be renamed accordingly (eg.`web-service`). Kompose does this because "Kubernetes" doesn't allow `_` in object name.
+Please note that changing service name might break some `docker-compose` files.
+-->
+
+如果 Docker Compose 文件中的服务名包含 `_` (例如 `web_service`)，那么将会被替换为 `-`，服务也相应的会重命名(例如 `web-service`)。
+Kompose 这样做的原因是 "Kubernetes" 不允许对象名称中包含 `_`。 
+
+<!--
+## Docker Compose Versions
+Kompose supports Docker Compose versions: 1, 2 and 3. We have limited support on versions 2.1 and 3.2 due to their experimental nature.
+A full list on compatibility between all three versions is listed in our [conversion document](https://github.com/kubernetes/kompose/blob/master/docs/conversion.md) including a list of all incompatible Docker Compose keys.
+-->
+
+## Docker Compose 版本
+
+Kompose 支持的 Docker Compose 版本包括：1、2 和 3。有限支持 2.1 和 3.2 版本，因为它们还在实验阶段。
+
+所有三个版本的兼容性列表请查看我们的 [转换文档](https://github.com/kubernetes/kompose/blob/master/docs/conversion.md)，文档中列出了所有不兼容的 Docker Compose 关键字。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/_index.md b/content/zh/docs/tasks/debug-application-cluster/_index.md
index d78ae89c63e82..8932f3e7eef20 100644
--- a/content/zh/docs/tasks/debug-application-cluster/_index.md
+++ b/content/zh/docs/tasks/debug-application-cluster/_index.md
@@ -1,12 +1,11 @@
-<!--
 ---
-title: "Monitor, Log, and Debug"
+title: "监控、日志和排错"
 weight: 80
 ---
--->
 
+<!--
 ---
-title: "监控、日志和排错"
+title: "Monitor, Log, and Debug"
 weight: 80
 ---
-
+-->
diff --git a/content/zh/docs/tasks/debug-application-cluster/audit.md b/content/zh/docs/tasks/debug-application-cluster/audit.md
index f833d148b4fbd..2a1a9c25ebb7c 100644
--- a/content/zh/docs/tasks/debug-application-cluster/audit.md
+++ b/content/zh/docs/tasks/debug-application-cluster/audit.md
@@ -602,7 +602,7 @@ Kubernetes 可能会在创建新的日志文件时删除旧的日志文件; 您
 [auditing-proposal]: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/auditing.md
 [auditing-api]: https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go
 [gce-audit-profile]: https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh#L735
-[kubeconfig]: https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/
+[kubeconfig]: /docs/tasks/access-application-cluster/configure-access-multiple-clusters/
 [fluentd]: http://www.fluentd.org/
 [fluentd_install_doc]: http://docs.fluentd.org/v0.12/articles/quickstart#step1-installing-fluentd
 [logstash]: https://www.elastic.co/products/logstash
diff --git a/content/zh/docs/tasks/debug-application-cluster/core-metrics-pipeline.md b/content/zh/docs/tasks/debug-application-cluster/core-metrics-pipeline.md
new file mode 100644
index 0000000000000..35429257c5f65
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/core-metrics-pipeline.md
@@ -0,0 +1,120 @@
+---
+reviewers:
+- fgrzadkowski
+- piosz
+title: 核心指标传递管道
+content_template: templates/concept
+---
+
+<!--
+---
+reviewers:
+- fgrzadkowski
+- piosz
+title: Core metrics pipeline
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Starting from Kubernetes 1.8, resource usage metrics, such as container CPU and memory usage,
+are available in Kubernetes through the Metrics API. These metrics can be either accessed directly
+by user, for example by using `kubectl top` command, or used by a controller in the cluster, e.g.
+Horizontal Pod Autoscaler, to make decisions.
+-->
+
+从 Kubernetes 1.8 版本开始，用户在 Kubernetes 中可以通过度量 API 获取资源使用度量（如容器 CPU 和内存使用率）。
+这些度量可以由用户直接访问，例如使用 `kubectl top` 命令，也可以由集群中的控制器（例如 Pod 水平自动扩缩器）用来做决策。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## The Metrics API
+-->
+
+## 度量 API
+
+<!--
+Through the Metrics API you can get the amount of resource currently used
+by a given node or a given pod. This API doesn't store the metric values,
+so it's not possible for example to get the amount of resources used by a
+given node 10 minutes ago.
+-->
+
+通过度量 API，您可以获得给定节点或给定 Pod 当前使用的资源数量。
+此 API 不存储度量值，因此不可能获得 10 分钟前给定节点使用的资源数量。
+
+<!--
+The API is no different from any other API:
+-->
+
+度量 API 和其他 API 没有什么不同：
+
+<!--
+- it is discoverable through the same endpoint as the other Kubernetes APIs under `/apis/metrics.k8s.io/` path
+- it offers the same security, scalability and reliability guarantees
+-->
+
+- 它可通过与 `/apis/metrics.k8s.io/` 路径下的其他 Kubernetes API 相同的端点来发现
+- 它提供相同的安全性、可扩展性和可靠性保证
+
+
+<!--
+The API is defined in [k8s.io/metrics](https://github.com/kubernetes/metrics/blob/master/pkg/apis/metrics/v1beta1/types.go)
+repository. You can find more information about the API there.
+-->
+
+度量 API 是在 [k8s.io/metrics](https://github.com/kubernetes/metrics/blob/master/pkg/apis/metrics/v1beta1/types.go) 仓库进行定义的。您可以在那里找到该 API 相关的更多信息。
+
+{{< note >}}
+<!--The API requires metrics server to be deployed in the cluster. Otherwise it will be not available.-->
+度量 API 要求在集群中部署度量服务器。否则它将不可用。
+{{< /note >}}
+
+<!--
+## Metrics Server 
+-->
+
+## 度量服务器
+
+<!--
+[Metrics Server](https://github.com/kubernetes-incubator/metrics-server) is a cluster-wide aggregator of resource usage data.
+Starting from Kubernetes 1.8 it's deployed by default in clusters created by `kube-up.sh` script
+as a Deployment object. If you use a different Kubernetes setup mechanism you can deploy it using the provided
+[deployment yamls](https://github.com/kubernetes-incubator/metrics-server/tree/master/deploy).
+It's supported in Kubernetes 1.7+ (see details below).
+-->
+
+[指标服务器](https://github.com/kubernetes-incubator/metrics-server)是集群范围内的资源使用数据的聚合器。
+从 Kubernetes 1.8 版本开始，它作为部署对象默认部署在由 `kube-up.sh` 脚本创建的集群中。
+如果您使用了不同的 Kubernetes 安装机制，则可以使用提供的[部署 yaml](https://github.com/kubernetes孵化器/metrics-server/tree/master/deploy)。
+它在 Kubernetes 1.7 以上版本中被支持（请参见下面的详细信息）。
+
+
+<!--
+Metric server collects metrics from the Summary API, exposed by [Kubelet](/docs/admin/kubelet/) on each node.
+-->
+
+度量服务器通过 Summary API 获取度量值，该 API 由 [Kubelet](/docs/admin/kubelet/) 在每个节点上进行暴露。
+
+<!--
+Metrics Server registered in the main API server through
+[Kubernetes aggregator](/docs/concepts/api-extension/apiserver-aggregation/),
+which was introduced in Kubernetes 1.7.
+-->
+
+度量服务器通过 [Kubernetes 聚合器](/docs/concepts/api-extension/apiserver-aggregation/)在主 API 服务器中注册，该聚合器是在 Kubernetes 1.7 版本中引入的。
+
+
+<!--
+Learn more about the metrics server in [the design doc](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/metrics-server.md).
+-->
+
+进一步了解度量服务器请参考[设计文档](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/metrics-server.md)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/crictl.md b/content/zh/docs/tasks/debug-application-cluster/crictl.md
new file mode 100644
index 0000000000000..aa25f7cd11629
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/crictl.md
@@ -0,0 +1,485 @@
+---
+reviewers:
+- Random-Liu
+- feiskyer
+- mrunalp
+title: 使用 crictl 对 Kubernetes 节点进行调试
+content_template: templates/task
+---
+
+<!--
+---
+reviewers:
+- Random-Liu
+- feiskyer
+- mrunalp
+title: Debugging Kubernetes nodes with crictl
+content_template: templates/task
+---
+-->
+
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.11" state="stable" >}}
+
+<!--
+`crictl` is a command-line interface for CRI-compatible container runtimes.
+You can use it to inspect and debug container runtimes and applications on a
+Kubernetes node. `crictl` and its source are hosted in the
+[cri-tools](https://github.com/kubernetes-incubator/cri-tools) repository.
+-->
+
+`crictl` 是 CRI 兼容的容器运行时命令行接口。
+您可以使用它来检查和调试 Kubernetes 节点上的容器运行时和应用程序。
+`crictl`和它的源代码在 [cri-tools](https://github.com/kubernetes-incubator/cri-tools) 代码库.
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+`crictl` requires a Linux operating system with a CRI runtime.
+-->
+
+`crictl` 需要带有 CRI 运行时的 Linux 操作系统。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Installing crictl
+
+You can download a compressed archive `crictl` from the cri-tools [release
+page](https://github.com/kubernetes-incubator/cri-tools/releases), for several
+different architectures. Download the version that corresponds to your version
+of Kubernetes. Extract it and move it to a location on your system path, such as
+`/usr/local/bin/`.
+-->
+
+## 安装 crictl
+
+您可以从 cri-tools [发布页面](https://github.com/kubernetes-incubator/cri-tools/releases)下载一个压缩的 `crictl` 归档文件，用于几种不同的架构。
+下载与您的 kubernetes 版本相对应的版本。
+提取它并将其移动到系统路径上的某个位置，例如`/usr/local/bin/`。
+
+<!--
+## General usage
+-->
+
+## 一般用法
+
+<!--
+The `crictl` command has several subcommands and runtime flags. Use
+`crictl help` or `crictl <subcommand> help` for more details.
+-->
+
+`crictl` 命令有几个子命令和运行时参数。
+有关详细信息，请使用 `crictl help` 或 `crictl <subcommand> help` 获取帮助信息。
+
+<!--
+`crictl` connects to `unix:///var/run/dockershim.sock` by default. For other
+runtimes, you can set the endpoint in multiple different ways:
+-->
+
+`crictl` 默认连接到 `unix:///var/run/dockershim.sock`。
+对于其他的运行时，您可以用多种不同的方法设置端点：
+
+<!--
+- By setting flags `--runtime-endpoint` and `--image-endpoint`
+- By setting environment variables `CONTAINER_RUNTIME_ENDPOINT` and `IMAGE_SERVICE_ENDPOINT`
+- By setting the endpoint in the config file `--config=/etc/crictl.yaml`
+-->
+
+- 通过设置参数 `--runtime-endpoint` 和 `--image-endpoint`
+- 通过设置环境变量 `CONTAINER_RUNTIME_ENDPOINT` 和 `IMAGE_SERVICE_ENDPOINT`
+- 通过在配置文件中设置端点 `--config=/etc/crictl.yaml`
+
+
+<!--
+You can also specify timeout values when connecting to the server and enable or
+disable debugging, by specifying `timeout` or `debug` values in the configuration
+file or using the `--timeout` and `--debug` command-line flags.
+-->
+
+您还可以在连接到服务器并启用或禁用调试时指定超时值，方法是在配置文件中指定 `timeout` 或 `debug` 值，或者使用 `--timeout` 和 `--debug` 命令行参数。
+
+<!--
+To view or edit the current configuration, view or edit the contents of
+`/etc/crictl.yaml`.
+-->
+
+要查看或编辑当前配置，请查看或编辑 `/etc/crictl.yaml` 的内容。
+
+```sh
+cat /etc/crictl.yaml
+runtime-endpoint: unix:///var/run/dockershim.sock
+image-endpoint: unix:///var/run/dockershim.sock
+timeout: 10
+debug: true
+```
+
+<!--
+## Example crictl commands
+
+The following examples show some `crictl` commands and example output.
+-->
+
+## crictl 命令示例
+
+{{< warning >}}
+<!--If you use `crictl` to create pod sandboxes or containers on a running
+Kubernetes cluster, the Kubelet will eventually delete them. `crictl` is not a
+general purpose workflow tool, but a tool that is useful for debugging.-->
+如果使用 `crictl` 在正在运行的 Kubernetes 集群上创建 Pod 沙盒或容器，kubelet 最终将删除它们。
+`crictl` 不是一个通用的工作流工具，而是一个对调试有用的工具。
+{{< /warning >}}
+
+<!--
+### List pods
+
+List all pods:
+-->
+
+### 打印 Pod 清单
+
+打印所有 Pod 的清单：
+
+```bash
+crictl pods
+```
+```none
+POD ID              CREATED              STATE               NAME                         NAMESPACE           ATTEMPT
+926f1b5a1d33a       About a minute ago   Ready               sh-84d7dcf559-4r2gq          default             0
+4dccb216c4adb       About a minute ago   Ready               nginx-65899c769f-wv2gp       default             0
+a86316e96fa89       17 hours ago         Ready               kube-proxy-gblk4             kube-system         0
+919630b8f81f1       17 hours ago         Ready               nvidia-device-plugin-zgbbv   kube-system         0
+```
+
+<!--
+List pods by name:
+-->
+
+根据名称打印 Pod 清单：
+
+```bash
+crictl pods --name nginx-65899c769f-wv2gp
+```
+```none
+POD ID              CREATED             STATE               NAME                     NAMESPACE           ATTEMPT
+4dccb216c4adb       2 minutes ago       Ready               nginx-65899c769f-wv2gp   default             0
+```
+
+<!--
+List pods by label:
+-->
+
+根据标签打印 Pod 清单：
+
+```bash
+crictl pods --label run=nginx
+```
+```none
+POD ID              CREATED             STATE               NAME                     NAMESPACE           ATTEMPT
+4dccb216c4adb       2 minutes ago       Ready               nginx-65899c769f-wv2gp   default             0
+```
+
+<!--
+### List images
+
+List all images:
+-->
+
+### 打印镜像清单
+
+打印所有镜像清单：
+
+```bash
+crictl images
+```
+```none
+IMAGE                                     TAG                 IMAGE ID            SIZE
+busybox                                   latest              8c811b4aec35f       1.15MB
+k8s-gcrio.azureedge.net/hyperkube-amd64   v1.10.3             e179bbfe5d238       665MB
+k8s-gcrio.azureedge.net/pause-amd64       3.1                 da86e6ba6ca19       742kB
+nginx                                     latest              cd5239a0906a6       109MB
+```
+
+<!--
+List images by repository:
+-->
+
+根据仓库打印镜像清单：
+
+```bash
+crictl images nginx
+```
+```none
+IMAGE               TAG                 IMAGE ID            SIZE
+nginx               latest              cd5239a0906a6       109MB
+```
+
+<!--
+Only list image IDs:
+-->
+
+只打印镜像 ID：
+
+```bash
+crictl images -q
+```
+```none
+sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a
+sha256:e179bbfe5d238de6069f3b03fccbecc3fb4f2019af741bfff1233c4d7b2970c5
+sha256:da86e6ba6ca197bf6bc5e9d900febd906b133eaa4750e6bed647b0fbe50ed43e
+sha256:cd5239a0906a6ccf0562354852fae04bc5b52d72a2aff9a871ddb6bd57553569
+```
+
+<!--
+### List containers
+
+List all containers:
+-->
+
+### 打印容器清单
+
+打印所有容器清单：
+
+```bash
+crictl ps -a
+```
+```none
+CONTAINER ID        IMAGE                                                                                                             CREATED             STATE               NAME                       ATTEMPT
+1f73f2d81bf98       busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47                                   7 minutes ago       Running             sh                         1
+9c5951df22c78       busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47                                   8 minutes ago       Exited              sh                         0
+87d3992f84f74       nginx@sha256:d0a8828cccb73397acb0073bf34f4d7d8aa315263f1e7806bf8c55d8ac139d5f                                     8 minutes ago       Running             nginx                      0
+1941fb4da154f       k8s-gcrio.azureedge.net/hyperkube-amd64@sha256:00d814b1f7763f4ab5be80c58e98140dfc69df107f253d7fdd714b30a714260a   18 hours ago        Running             kube-proxy                 0
+```
+
+<!--
+List running containers:
+-->
+
+打印正在运行的容器清单：
+
+```bash
+crictl ps
+```
+```none
+CONTAINER ID        IMAGE                                                                                                             CREATED             STATE               NAME                       ATTEMPT
+1f73f2d81bf98       busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47                                   6 minutes ago       Running             sh                         1
+87d3992f84f74       nginx@sha256:d0a8828cccb73397acb0073bf34f4d7d8aa315263f1e7806bf8c55d8ac139d5f                                     7 minutes ago       Running             nginx                      0
+1941fb4da154f       k8s-gcrio.azureedge.net/hyperkube-amd64@sha256:00d814b1f7763f4ab5be80c58e98140dfc69df107f253d7fdd714b30a714260a   17 hours ago        Running             kube-proxy                 0
+```
+
+<!--
+### Execute a command in a running container
+-->
+
+### 在正在运行的容器上执行命令
+
+```bash
+crictl exec -i -t 1f73f2d81bf98 ls
+```
+```none
+bin   dev   etc   home  proc  root  sys   tmp   usr   var
+```
+
+<!--
+### Get a container's logs
+
+Get all container logs:
+-->
+
+### 获取容器日志
+
+获取容器的所有日志：
+
+```bash
+crictl logs 87d3992f84f74
+```
+```none
+10.240.0.96 - - [06/Jun/2018:02:45:49 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0" "-"
+10.240.0.96 - - [06/Jun/2018:02:45:50 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0" "-"
+10.240.0.96 - - [06/Jun/2018:02:45:51 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0" "-"
+```
+
+<!--
+Get only the latest `N` lines of logs:
+-->
+
+获取最近的 `N` 行日志：
+
+```bash
+crictl logs --tail=1 87d3992f84f74
+```
+```none
+10.240.0.96 - - [06/Jun/2018:02:45:51 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0" "-"
+```
+
+<!--
+### Run a pod sandbox
+
+Using `crictl` to run a pod sandbox is useful for debugging container runtimes.
+On a running Kubernetes cluster, the sandbox will eventually be stopped and
+deleted by the Kubelet.
+-->
+
+### 运行 Pod 沙盒
+
+用 `crictl` 运行 Pod 沙盒对容器运行时排错很有帮助。
+在运行的 Kubernetes 集群中，沙盒会随机地被 kubelet 停止和删除。
+
+1.  <!--Create a JSON file like the following:-->
+    编写下面的 JSON 文件：
+
+      ```json
+      {
+          "metadata": {
+              "name": "nginx-sandbox",
+              "namespace": "default",
+              "attempt": 1,
+              "uid": "hdishd83djaidwnduwk28bcsb"
+          },
+          "logDirectory": "/tmp",
+          "linux": {
+          }
+      }
+      ```
+
+2.  <!--Use the `crictl runp` command to apply the JSON and run the sandbox.-->
+    使用 `crictl runp` 命令应用 JSON 文件并运行沙盒。
+
+      ```bash
+      crictl runp pod-config.json
+      ```
+
+      <!--The ID of the sandbox is returned.-->
+      返回了沙盒的 ID。
+
+<!--
+### Create a container
+
+Using `crictl` to create a container is useful for debugging container runtimes.
+On a running Kubernetes cluster, the sandbox will eventually be stopped and
+deleted by the Kubelet.
+-->
+
+### 创建容器
+
+用 `crictl` 创建容器对容器运行时排错很有帮助。
+在运行的 Kubernetes 集群中，沙盒会随机的被 kubelet 停止和删除。
+
+
+1.  <!--Pull a busybox image-->
+    拉取 busybox 镜像
+
+      ```bash
+      crictl pull busybox
+      Image is up to date for busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47
+      ```
+
+2.  <!--Create configs for the pod and the container:-->
+    创建 Pod 和容器的配置：
+
+      <!--**Pod config**:-->
+      **Pod 配置**：
+      ```yaml
+      {
+          "metadata": {
+              "name": "nginx-sandbox",
+              "namespace": "default",
+              "attempt": 1,
+              "uid": "hdishd83djaidwnduwk28bcsb"
+          },
+          "log_directory": "/tmp",
+          "linux": {
+          }
+      }
+      ```
+
+      <!--**Container config**:-->
+      **容器配置**：
+      ```yaml
+      {
+        "metadata": {
+            "name": "busybox"
+        },
+        "image":{
+            "image": "busybox"
+        },
+        "command": [
+            "top"
+        ],
+        "log_path":"busybox/0.log",
+        "linux": {
+        }
+      }
+      ```
+
+3.  <!--Create the container, passing the ID of the previously-created pod, the
+    container config file, and the pod config file. The ID of the container is
+    returned.-->
+    创建容器，传递先前创建的 Pod 的 ID、容器配置文件和 Pod 配置文件。返回容器的 ID。
+
+      ```bash
+      crictl create f84dd361f8dc51518ed291fbadd6db537b0496536c1d2d6c05ff943ce8c9a54f container-config.json pod-config.json
+      ```
+
+4.  <!--List all containers and verify that the newly-created container has its
+    state set to `Created`.-->
+    查询所有容器并确认新创建的容器状态为 `Created`。
+
+      ```bash
+      crictl ps -a
+      ```
+      ```none
+      CONTAINER ID        IMAGE               CREATED             STATE               NAME                ATTEMPT
+      3e025dd50a72d       busybox             32 seconds ago      Created             busybox             0
+      ```
+
+<!--
+### Start a container
+
+To start a container, pass its ID to `crictl start`:
+-->
+
+### 启动容器
+
+要启动容器，要将容器 ID 传给 `crictl start`：
+
+```bash
+crictl start 3e025dd50a72d956c4f14881fbb5b1080c9275674e95fb67f965f6478a957d60
+```
+```none
+3e025dd50a72d956c4f14881fbb5b1080c9275674e95fb67f965f6478a957d60
+```
+
+<!--
+Check the container has its state set to `Running`.
+-->
+
+确认容器的状态为 `Running`。
+
+```bash
+crictl ps
+```
+```none
+CONTAINER ID        IMAGE               CREATED              STATE               NAME                ATTEMPT
+3e025dd50a72d       busybox             About a minute ago   Running             busybox             0
+```
+
+{{% /capture %}}
+
+
+{{% capture discussion %}}
+
+<!--
+See [kubernetes-incubator/cri-tools](https://github.com/kubernetes-incubator/cri-tools)
+for more information.
+-->
+
+更多信息请参考 [kubernetes-incubator/cri-tools](https://github.com/kubernetes-incubator/cri-tools)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/debug-application-introspection.md b/content/zh/docs/tasks/debug-application-cluster/debug-application-introspection.md
new file mode 100644
index 0000000000000..d0189474d7c6c
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/debug-application-introspection.md
@@ -0,0 +1,546 @@
+---
+reviewers:
+- janetkuo
+- thockin
+content_template: templates/concept
+title: 应用自测与调试
+---
+
+{{% capture overview %}}
+
+<!--
+Once your application is running, you'll inevitably need to debug problems with it.
+Earlier we described how you can use `kubectl get pods` to retrieve simple status information about
+your pods. But there are a number of ways to get even more information about your application.
+-->
+运行应用时，不可避免的需要定位问题。
+前面我们介绍了如何使用 `kubectl get pods` 来查询 pod 的简单信息。
+除此之外，还有一系列的方法来获取应用的更详细信息。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Using `kubectl describe pod` to fetch details about pods
+-->
+## 使用 `kubectl describe pod` 命令获取 pod 详情
+
+<!--
+For this example we'll use a Deployment to create two pods, similar to the earlier example.
+-->
+与之前的例子类似，我们使用一个 Deployment 来创建两个 pod。
+
+{{< codenew file="application/nginx-with-request.yaml" >}}
+
+<!--
+Create deployment by running following command:
+-->
+使用如下命令创建 deployment：
+
+```shell
+kubectl apply -f https://k8s.io/examples/application/nginx-with-request.yaml
+```
+
+```none
+deployment.apps/nginx-deployment created
+```
+
+<!--
+Check pod status by following command:
+-->
+使用如下命令查看 pod 状态：
+
+```shell
+kubectl get pods
+```
+
+```none
+NAME                                READY     STATUS    RESTARTS   AGE
+nginx-deployment-1006230814-6winp   1/1       Running   0          11s
+nginx-deployment-1006230814-fmgu3   1/1       Running   0          11s
+```
+
+<!--
+We can retrieve a lot more information about each of these pods using `kubectl describe pod`. For example:
+-->
+我们可以使用 `kubectl describe pod` 命令来查询每个 pod 的更多信息，比如：
+
+```shell
+kubectl describe pod nginx-deployment-1006230814-6winp
+```
+
+```none
+Name:		nginx-deployment-1006230814-6winp
+Namespace:	default
+Node:		kubernetes-node-wul5/10.240.0.9
+Start Time:	Thu, 24 Mar 2016 01:39:49 +0000
+Labels:		app=nginx,pod-template-hash=1006230814
+Annotations:    kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"nginx-deployment-1956810328","uid":"14e607e7-8ba1-11e7-b5cb-fa16" ...
+Status:		Running
+IP:		10.244.0.6
+Controllers:	ReplicaSet/nginx-deployment-1006230814
+Containers:
+  nginx:
+    Container ID:	docker://90315cc9f513c724e9957a4788d3e625a078de84750f244a40f97ae355eb1149
+    Image:		nginx
+    Image ID:		docker://6f62f48c4e55d700cf3eb1b5e33fa051802986b77b874cc351cce539e5163707
+    Port:		80/TCP
+    QoS Tier:
+      cpu:	Guaranteed
+      memory:	Guaranteed
+    Limits:
+      cpu:	500m
+      memory:	128Mi
+    Requests:
+      memory:		128Mi
+      cpu:		500m
+    State:		Running
+      Started:		Thu, 24 Mar 2016 01:39:51 +0000
+    Ready:		True
+    Restart Count:	0
+    Environment:        <none>
+    Mounts:
+      /var/run/secrets/kubernetes.io/serviceaccount from default-token-5kdvl (ro)
+Conditions:
+  Type          Status
+  Initialized   True
+  Ready         True
+  PodScheduled  True
+Volumes:
+  default-token-4bcbi:
+    Type:	Secret (a volume populated by a Secret)
+    SecretName:	default-token-4bcbi
+    Optional:   false
+QoS Class:      Guaranteed
+Node-Selectors: <none>
+Tolerations:    <none>
+Events:
+  FirstSeen	LastSeen	Count	From					SubobjectPath		Type		Reason		Message
+  ---------	--------	-----	----					-------------		--------	------		-------
+  54s		54s		1	{default-scheduler }						Normal		Scheduled	Successfully assigned nginx-deployment-1006230814-6winp to kubernetes-node-wul5
+  54s		54s		1	{kubelet kubernetes-node-wul5}	spec.containers{nginx}	Normal		Pulling		pulling image "nginx"
+  53s		53s		1	{kubelet kubernetes-node-wul5}	spec.containers{nginx}	Normal		Pulled		Successfully pulled image "nginx"
+  53s		53s		1	{kubelet kubernetes-node-wul5}	spec.containers{nginx}	Normal		Created		Created container with docker id 90315cc9f513
+  53s		53s		1	{kubelet kubernetes-node-wul5}	spec.containers{nginx}	Normal		Started		Started container with docker id 90315cc9f513
+```
+
+<!--
+Here you can see configuration information about the container(s) and Pod (labels, resource requirements, etc.), 
+as well as status information about the container(s) and Pod (state, readiness, restart count, events, etc.).
+-->
+这里可以看到容器和 pod 的 label、资源需求等配置信息，还可以看到状态、就绪状态、重启次数、事件等状态信息。
+
+<!--
+The container state is one of Waiting, Running, or Terminated. 
+Depending on the state, additional information will be provided -- here you can see that for a container in Running state, the system tells you when the container started.
+-->
+容器状态包括 Waiting、Running 和 Terminated。
+根据状态的不同，将提供额外的信息——在这里您可以看到，对于处于运行状态的容器，系统会告诉您容器的启动时间。
+
+<!--
+Ready tells you whether the container passed its last readiness probe. 
+(In this case, the container does not have a readiness probe configured; the container is assumed to be ready if no readiness probe is configured.)
+-->
+Ready 指示是否通过了最后一个就绪探测。
+(在本例中，容器没有配置就绪探测；如果没有配置就绪探测，则假定容器已经就绪。)
+
+<!--
+Restart Count tells you how many times the container has been restarted; 
+this information can be useful for detecting crash loops in containers that are configured with a restart policy of 'always.'
+-->
+Restart Count 告诉您容器已重启的次数；
+这些信息对于定位配置了“always”重启策略的容器持续崩溃问题非常有用。
+
+<!--
+Currently the only Condition associated with a Pod is the binary Ready condition, 
+which indicates that the pod is able to service requests and should be added to the load balancing pools of all matching services.
+-->
+目前，唯一与 Pod 有关的状态是就绪状态，这表明 Pod 能够为请求提供服务，并且应该添加到相应服务的负载平衡池中。
+
+<!--
+Lastly, you see a log of recent events related to your Pod. 
+The system compresses multiple identical events by indicating the first and last time it was seen and the number of times it was seen. 
+"From" indicates the component that is logging the event, 
+"SubobjectPath" tells you which object (e.g. container within the pod) is being referred to, 
+and "Reason" and "Message" tell you what happened.
+-->
+最后，您将看到与 Pod 相关的近期事件。
+系统通过指示第一次和最后一次看到它以及看到它的次数来压缩多个相同的事件。
+“From”表示记录事件的组件，
+“SubobjectPath”告诉您引用了哪个对象(例如pod中的容器)，
+“Reason”和“Message”告诉您发生了什么。
+
+
+<!--
+## Example: debugging Pending Pods
+-->
+## 例子: 调试 Pending Pods
+
+<!--
+A common scenario that you can detect using events is when you've created a Pod that won't fit on any node. 
+For example, the Pod might request more resources than are free on any node, 
+or it might specify a label selector that doesn't match any nodes. 
+Let's say we created the previous Deployment with 5 replicas (instead of 2) and requesting 600 millicores instead of 500, 
+on a four-node cluster where each (virtual) machine has 1 CPU. 
+In that case one of the Pods will not be able to schedule. 
+(Note that because of the cluster addon pods such as fluentd, skydns, etc., that run on each node, if we requested 1000 millicores then none of the Pods would be able to schedule.)
+-->
+一个常见的场景是，当你创建了一个 Pod，但是他没有被调度到任何一个 node，可以使用 event 来调试。
+比如说，这个 Pod 需求的资源比较多，没有任何一个 node 能够满足，或者它指定了一个标签，没有 node 被匹配到。
+假如，我们创建之前的 Deployment 时指定副本数是5（不再是2），并且需求 600 millicore（不再是 500），
+对于一个4个节点的集群并且每个节点只有1个CPU。
+这个情况下，至少有一个 Pod 不能被调度。
+（需要注意的是，其他集群组件，比如 fluentd、skydns等等会在每个 node 上运行，
+如果我们需求 1000 millicore，那么将不会有 Pod 会被调度。）
+
+```shell
+kubectl get pods
+```
+
+```none
+NAME                                READY     STATUS    RESTARTS   AGE
+nginx-deployment-1006230814-6winp   1/1       Running   0          7m
+nginx-deployment-1006230814-fmgu3   1/1       Running   0          7m
+nginx-deployment-1370807587-6ekbw   1/1       Running   0          1m
+nginx-deployment-1370807587-fg172   0/1       Pending   0          1m
+nginx-deployment-1370807587-fz9sd   0/1       Pending   0          1m
+```
+
+<!--
+To find out why the nginx-deployment-1370807587-fz9sd pod is not running, we can use `kubectl describe pod` on the pending Pod and look at its events:
+-->
+为了查找 Pod nginx-deployment-1370807587-fz9sd 没有运行的原因，我们可以使用 `kubectl describe pod` 命令查询处理 pending 状态的 Pod：
+
+```shell
+kubectl describe pod nginx-deployment-1370807587-fz9sd
+```
+
+```none
+  Name:		nginx-deployment-1370807587-fz9sd
+  Namespace:	default
+  Node:		/
+  Labels:		app=nginx,pod-template-hash=1370807587
+  Status:		Pending
+  IP:
+  Controllers:	ReplicaSet/nginx-deployment-1370807587
+  Containers:
+    nginx:
+      Image:	nginx
+      Port:	80/TCP
+      QoS Tier:
+        memory:	Guaranteed
+        cpu:	Guaranteed
+      Limits:
+        cpu:	1
+        memory:	128Mi
+      Requests:
+        cpu:	1
+        memory:	128Mi
+      Environment Variables:
+  Volumes:
+    default-token-4bcbi:
+      Type:	Secret (a volume populated by a Secret)
+      SecretName:	default-token-4bcbi
+  Events:
+    FirstSeen	LastSeen	Count	From			        SubobjectPath	Type		Reason			    Message
+    ---------	--------	-----	----			        -------------	--------	------			    -------
+    1m		    48s		    7	    {default-scheduler }			        Warning		FailedScheduling	pod (nginx-deployment-1370807587-fz9sd) failed to fit in any node
+  fit failure on node (kubernetes-node-6ta5): Node didn't have enough resource: CPU, requested: 1000, used: 1420, capacity: 2000
+  fit failure on node (kubernetes-node-wul5): Node didn't have enough resource: CPU, requested: 1000, used: 1100, capacity: 2000
+```
+
+<!--
+Here you can see the event generated by the scheduler saying that the Pod failed to schedule for reason `FailedScheduling` (and possibly others).  
+The message tells us that there were not enough resources for the Pod on any of the nodes.
+-->
+这里你可以看到由调度器记录的事件，它表明了 Pod 不能被调度的原因是 `FailedScheduling`（也可能是其他值）。
+这个信息表明，没有任何 node 拥有足够多的资源。
+
+<!--
+To correct this situation, you can use `kubectl scale` to update your Deployment to specify four or fewer replicas. 
+(Or you could just leave the one Pod pending, which is harmless.)
+-->
+要纠正这种情况，可以使用“kubectl scale”更新部署，以指定四个或更少的副本。
+(或者你可以让 Pod 继续保持这个状态，这是无害的。)
+
+<!--
+Events such as the ones you saw at the end of `kubectl describe pod` are persisted in etcd and 
+provide high-level information on what is happening in the cluster. 
+To list all events you can use
+-->
+与您在“kubectl describe pod”结尾处看到的一样，这些事件都将保存在 etcd 中，并提供关于集群中正在发生的事情的高级信息。
+如果需要列出所有事件，可使用命令：
+
+```shell
+kubectl get events
+```
+
+<!--
+but you have to remember that events are namespaced. 
+This means that if you're interested in events for some namespaced object 
+(e.g. what happened with Pods in namespace `my-namespace`) you need to explicitly provide a namespace to the command:
+-->
+但是，需要注意的是，事件是按照 namespace 分组的。
+如果你对些些 namespace 下的对象感兴趣（比如查看 namespace `my-namespace` 下的 Pod 事件）,
+你需要显式的在命令行中指定 namespace：
+
+```shell
+kubectl get events --namespace=my-namespace
+```
+
+<!--
+To see events from all namespaces, you can use the `--all-namespaces` argument.
+-->
+查看所有 namespace 的事件，可使用 `--all-namespaces` 参数：
+
+<!--
+In addition to `kubectl describe pod`, another way to get extra information about a pod (beyond what is provided by `kubectl get pod`) is 
+to pass the `-o yaml` output format flag to `kubectl get pod`. 
+This will give you, in YAML format, even more information than `kubectl describe pod`--essentially all of the information the system has about the Pod. 
+Here you will see things like annotations (which are key-value metadata without the label restrictions, that is used internally by Kubernetes system components), 
+restart policy, ports, and volumes.
+-->
+除了 `kubectl describe pod` 以外，另一种获取 Pod 额外信息（超越 `kubectl get pod`）的方法是给 `kubectl get pod` 增加 `-o yaml` 输出格式参数。
+这将以YAML格式为您提供比“kubectl describe pod”更多的信息——实际上是系统拥有的关于pod的所有信息。
+在这里，您将看到注释(没有标签限制的键值元数据，由Kubernetes系统组件在内部使用)、重启策略、端口和卷。
+
+```shell
+kubectl get pod nginx-deployment-1006230814-6winp -o yaml
+```
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    kubernetes.io/created-by: |
+      {"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"nginx-deployment-1006230814","uid":"4c84c175-f161-11e5-9a78-42010af00005","apiVersion":"extensions","resourceVersion":"133434"}}
+  creationTimestamp: 2016-03-24T01:39:50Z
+  generateName: nginx-deployment-1006230814-
+  labels:
+    app: nginx
+    pod-template-hash: "1006230814"
+  name: nginx-deployment-1006230814-6winp
+  namespace: default
+  resourceVersion: "133447"
+  selfLink: /api/v1/namespaces/default/pods/nginx-deployment-1006230814-6winp
+  uid: 4c879808-f161-11e5-9a78-42010af00005
+spec:
+  containers:
+  - image: nginx
+    imagePullPolicy: Always
+    name: nginx
+    ports:
+    - containerPort: 80
+      protocol: TCP
+    resources:
+      limits:
+        cpu: 500m
+        memory: 128Mi
+      requests:
+        cpu: 500m
+        memory: 128Mi
+    terminationMessagePath: /dev/termination-log
+    volumeMounts:
+    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+      name: default-token-4bcbi
+      readOnly: true
+  dnsPolicy: ClusterFirst
+  nodeName: kubernetes-node-wul5
+  restartPolicy: Always
+  securityContext: {}
+  serviceAccount: default
+  serviceAccountName: default
+  terminationGracePeriodSeconds: 30
+  volumes:
+  - name: default-token-4bcbi
+    secret:
+      secretName: default-token-4bcbi
+status:
+  conditions:
+  - lastProbeTime: null
+    lastTransitionTime: 2016-03-24T01:39:51Z
+    status: "True"
+    type: Ready
+  containerStatuses:
+  - containerID: docker://90315cc9f513c724e9957a4788d3e625a078de84750f244a40f97ae355eb1149
+    image: nginx
+    imageID: docker://6f62f48c4e55d700cf3eb1b5e33fa051802986b77b874cc351cce539e5163707
+    lastState: {}
+    name: nginx
+    ready: true
+    restartCount: 0
+    state:
+      running:
+        startedAt: 2016-03-24T01:39:51Z
+  hostIP: 10.240.0.9
+  phase: Running
+  podIP: 10.244.0.6
+  startTime: 2016-03-24T01:39:49Z
+```
+
+<!--
+## Example: debugging a down/unreachable node
+-->
+## 例子: 调试 down/unreachable node
+
+<!--
+Sometimes when debugging it can be useful to look at the status of a node 
+-- for example, because you've noticed strange behavior of a Pod that's running on the node, 
+or to find out why a Pod won't schedule onto the node. 
+As with Pods, you can use `kubectl describe node` and `kubectl get node -o yaml` to 
+retrieve detailed information about nodes. 
+For example, here's what you'll see if a node is down 
+(disconnected from the network, or kubelet dies and won't restart, etc.). 
+Notice the events that show the node is NotReady, and 
+also notice that the pods are no longer running 
+(they are evicted after five minutes of NotReady status).
+-->
+有时候，在调试时，查看节点的状态是很有用的——例如，因为您已经注意到节点上运行的 Pod 的奇怪行为，
+或者想了解为什么 Pod 不会调度到节点上。
+与Pods一样，您可以使用 `kubectl describe node` 和 `kubectl get node -o yaml` 来查询节点的详细信息。
+例如，如果某个节点关闭(与网络断开连接，或者 kubelet 挂掉，无法重新启动，等等)，您将看到以下情况。
+请注意显示节点未就绪的事件，也请注意 pod 不再运行(它们在5分钟未就绪状态后被驱逐)。
+
+```shell
+kubectl get nodes
+```
+
+```none
+NAME                     STATUS       ROLES     AGE     VERSION
+kubernetes-node-861h     NotReady     <none>    1h      v1.13.0
+kubernetes-node-bols     Ready        <none>    1h      v1.13.0
+kubernetes-node-st6x     Ready        <none>    1h      v1.13.0
+kubernetes-node-unaj     Ready        <none>    1h      v1.13.0
+```
+
+```shell
+kubectl describe node kubernetes-node-861h
+```
+
+```none
+Name:			kubernetes-node-861h
+Role
+Labels:		 kubernetes.io/arch=amd64
+           kubernetes.io/os=linux
+           kubernetes.io/hostname=kubernetes-node-861h
+Annotations:        node.alpha.kubernetes.io/ttl=0
+                    volumes.kubernetes.io/controller-managed-attach-detach=true
+Taints:             <none>
+CreationTimestamp:	Mon, 04 Sep 2017 17:13:23 +0800
+Phase:
+Conditions:
+  Type		Status		LastHeartbeatTime			LastTransitionTime			Reason					Message
+  ----    ------    -----------------     ------------------      ------          -------
+  OutOfDisk             Unknown         Fri, 08 Sep 2017 16:04:28 +0800         Fri, 08 Sep 2017 16:20:58 +0800         NodeStatusUnknown       Kubelet stopped posting node status.
+  MemoryPressure        Unknown         Fri, 08 Sep 2017 16:04:28 +0800         Fri, 08 Sep 2017 16:20:58 +0800         NodeStatusUnknown       Kubelet stopped posting node status.
+  DiskPressure          Unknown         Fri, 08 Sep 2017 16:04:28 +0800         Fri, 08 Sep 2017 16:20:58 +0800         NodeStatusUnknown       Kubelet stopped posting node status.
+  Ready                 Unknown         Fri, 08 Sep 2017 16:04:28 +0800         Fri, 08 Sep 2017 16:20:58 +0800         NodeStatusUnknown       Kubelet stopped posting node status.
+Addresses:	10.240.115.55,104.197.0.26
+Capacity:
+ cpu:           2
+ hugePages:     0
+ memory:        4046788Ki
+ pods:          110
+Allocatable:
+ cpu:           1500m
+ hugePages:     0
+ memory:        1479263Ki
+ pods:          110
+System Info:
+ Machine ID:                    8e025a21a4254e11b028584d9d8b12c4
+ System UUID:                   349075D1-D169-4F25-9F2A-E886850C47E3
+ Boot ID:                       5cd18b37-c5bd-4658-94e0-e436d3f110e0
+ Kernel Version:                4.4.0-31-generic
+ OS Image:                      Debian GNU/Linux 8 (jessie)
+ Operating System:              linux
+ Architecture:                  amd64
+ Container Runtime Version:     docker://1.12.5
+ Kubelet Version:               v1.6.9+a3d1dfa6f4335
+ Kube-Proxy Version:            v1.6.9+a3d1dfa6f4335
+ExternalID:                     15233045891481496305
+Non-terminated Pods:            (9 in total)
+  Namespace                     Name                                            CPU Requests    CPU Limits      Memory Requests Memory Limits
+  ---------                     ----                                            ------------    ----------      --------------- -------------
+......
+Allocated resources:
+  (Total limits may be over 100 percent, i.e., overcommitted.)
+  CPU Requests  CPU Limits      Memory Requests         Memory Limits
+  ------------  ----------      ---------------         -------------
+  900m (60%)    2200m (146%)    1009286400 (66%)        5681286400 (375%)
+Events:         <none>
+```
+
+```shell
+kubectl get node kubernetes-node-861h -o yaml
+```
+
+```yaml
+apiVersion: v1
+kind: Node
+metadata:
+  creationTimestamp: 2015-07-10T21:32:29Z
+  labels:
+    kubernetes.io/hostname: kubernetes-node-861h
+  name: kubernetes-node-861h
+  resourceVersion: "757"
+  selfLink: /api/v1/nodes/kubernetes-node-861h
+  uid: 2a69374e-274b-11e5-a234-42010af0d969
+spec:
+  externalID: "15233045891481496305"
+  podCIDR: 10.244.0.0/24
+  providerID: gce://striped-torus-760/us-central1-b/kubernetes-node-861h
+status:
+  addresses:
+  - address: 10.240.115.55
+    type: InternalIP
+  - address: 104.197.0.26
+    type: ExternalIP
+  capacity:
+    cpu: "1"
+    memory: 3800808Ki
+    pods: "100"
+  conditions:
+  - lastHeartbeatTime: 2015-07-10T21:34:32Z
+    lastTransitionTime: 2015-07-10T21:35:15Z
+    reason: Kubelet stopped posting node status.
+    status: Unknown
+    type: Ready
+  nodeInfo:
+    bootID: 4e316776-b40d-4f78-a4ea-ab0d73390897
+    containerRuntimeVersion: docker://Unknown
+    kernelVersion: 3.16.0-0.bpo.4-amd64
+    kubeProxyVersion: v0.21.1-185-gffc5a86098dc01
+    kubeletVersion: v0.21.1-185-gffc5a86098dc01
+    machineID: ""
+    osImage: Debian GNU/Linux 7 (wheezy)
+    systemUUID: ABE5F6B4-D44B-108B-C46A-24CCE16C8B6E
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Learn about additional debugging tools, including:
+-->
+了解更多的调试工具：
+
+<!--
+* [Logging](/docs/concepts/cluster-administration/logging/)
+* [Monitoring](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)
+* [Getting into containers via `exec`](/docs/tasks/debug-application-cluster/get-shell-running-container/)
+* [Connecting to containers via proxies](/docs/tasks/access-kubernetes-api/http-proxy-access-api/)
+* [Connecting to containers via port forwarding](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/)
+* [Inspect Kubernetes node with crictl](/docs/tasks/debug-application-cluster/crictl/)
+-->
+* [日志](/docs/concepts/cluster-administration/logging/)
+* [监控](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)
+* [使用 `exec` 进入容器](/docs/tasks/debug-application-cluster/get-shell-running-container/)
+* [使用代理连接容器](/docs/tasks/access-kubernetes-api/http-proxy-access-api/)
+* [使用端口转发连接容器](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/)
+* [使用 crictl 检查节点](/docs/tasks/debug-application-cluster/crictl/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/debug-init-containers.md b/content/zh/docs/tasks/debug-application-cluster/debug-init-containers.md
new file mode 100644
index 0000000000000..95d1abc891aa1
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/debug-init-containers.md
@@ -0,0 +1,224 @@
+---
+reviewers:
+- bprashanth
+- enisoc
+- erictune
+- foxish
+- janetkuo
+- kow3ns
+- smarterclayton
+title: 调试 Init 容器
+content_template: templates/task
+---
+
+<!--
+---
+reviewers:
+- bprashanth
+- enisoc
+- erictune
+- foxish
+- janetkuo
+- kow3ns
+- smarterclayton
+title: Debug Init Containers
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to investigate problems related to the execution of
+Init Containers. The example command lines below refer to the Pod as
+  `<pod-name>` and the Init Containers as `<init-container-1>` and
+  `<init-container-2>`.
+-->
+
+此页显示如何核查与 init 容器执行相关的问题。
+下面的示例命令行将 Pod 称为 `<pod-name>`，而 init 容器称为 `<init-container-1>` 和 `<init-container-2>`。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+<!--
+* You should be familiar with the basics of
+  [Init Containers](/docs/concepts/abstractions/init-containers/).
+* You should have [Configured an Init Container](/docs/tasks/configure-pod-container/configure-pod-initialization/#creating-a-pod-that-has-an-init-container/).
+-->
+
+* 您应该熟悉 [Init 容器](/docs/concepts/abstractions/init-containers/)的基础知识。
+* 您应该已经[配置好一个 Init 容器](/docs/tasks/configure-pod-container/configure-pod-initialization/#creating-a-pod-that-has-an-init-container/)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Checking the status of Init Containers
+
+Display the status of your pod:
+-->
+
+## 检查 Init 容器的状态
+
+显示你的 Pod 的状态：
+
+```shell
+kubectl get pod <pod-name>
+```
+
+<!--
+For example, a status of `Init:1/2` indicates that one of two Init Containers
+has completed successfully:
+-->
+
+例如，状态 `Init:1/2` 表明两个 Init 容器中的一个已经成功完成：
+
+```
+NAME         READY     STATUS     RESTARTS   AGE
+<pod-name>   0/1       Init:1/2   0          7s
+```
+
+<!--
+See [Understanding Pod status](#understanding-pod-status) for more examples of
+status values and their meanings.
+-->
+
+更多状态值及其含义请参考[了解 Pod 的状态](#understanding-pod-status)。
+
+<!--
+## Getting details about Init Containers
+-->
+
+## 获取 Init 容器详情
+
+<!--
+View more detailed information about Init Container execution:
+-->
+
+查看 Init 容器运行的更多详情：
+
+```shell
+kubectl describe pod <pod-name>
+```
+
+<!--
+For example, a Pod with two Init Containers might show the following:
+-->
+
+例如，对于包含两个 Init 容器的 Pod 应该显示如下信息：
+
+```
+Init Containers:
+  <init-container-1>:
+    Container ID:    ...
+    ...
+    State:           Terminated
+      Reason:        Completed
+      Exit Code:     0
+      Started:       ...
+      Finished:      ...
+    Ready:           True
+    Restart Count:   0
+    ...
+  <init-container-2>:
+    Container ID:    ...
+    ...
+    State:           Waiting
+      Reason:        CrashLoopBackOff
+    Last State:      Terminated
+      Reason:        Error
+      Exit Code:     1
+      Started:       ...
+      Finished:      ...
+    Ready:           False
+    Restart Count:   3
+    ...
+```
+
+<!--
+You can also access the Init Container statuses programmatically by reading the
+`status.initContainerStatuses` field on the Pod Spec:
+-->
+
+您还可以通过读取 Pod Spec 上的 `status.initContainerStatuses` 字段以编程方式了解 Init 容器的状态：
+
+```shell
+kubectl get pod nginx --template '{{.status.initContainerStatuses}}'
+```
+
+<!--
+This command will return the same information as above in raw JSON.
+-->
+
+此命令将返回与原始 JSON 中相同的信息.
+
+<!--
+## Accessing logs from Init Containers
+-->
+
+## 通过 Init 容器访问日志
+
+<!--
+Pass the Init Container name along with the Pod name
+to access its logs.
+-->
+
+一起传递 Init 容器名称与 Pod 名称来访问它的日志。
+
+```shell
+kubectl logs <pod-name> -c <init-container-2>
+```
+
+<!--
+Init Containers that run a shell script print
+commands as they're executed. For example, you can do this in Bash by running
+`set -x` at the beginning of the script.
+-->
+
+运行 shell 脚本打印命令的init容器,执行 shell 脚本。
+例如，您可以在 Bash 中通过在脚本的开头运行 `set -x` 来实现。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Understanding Pod status
+-->
+
+## 了解 Pod 的状态
+
+<!--
+A Pod status beginning with `Init:` summarizes the status of Init Container
+execution. The table below describes some example status values that you might
+see while debugging Init Containers.
+-->
+
+以 `Init:` 开头的 Pod 状态汇总了 Init 容器执行的状态。
+下表介绍调试 Init 容器时可能看到的一些状态值示例。
+
+<!--
+Status | Meaning
+------ | -------
+`Init:N/M` | The Pod has `M` Init Containers, and `N` have completed so far.
+`Init:Error` | An Init Container has failed to execute.
+`Init:CrashLoopBackOff` | An Init Container has failed repeatedly.
+`Pending` | The Pod has not yet begun executing Init Containers.
+`PodInitializing` or `Running` | The Pod has already finished executing Init Containers.
+-->
+
+状态 | 含义
+------ | -------
+`Init:N/M` | Pod 包含 `M` 个 Init 容器，其中 `N` 个已经运行完成。
+`Init:Error` | Init 容器已执行失败。
+`Init:CrashLoopBackOff` | Init 容器反复执行失败。
+`Pending` | Pod 还没有开始执行 Init 容器。
+`PodInitializing` or `Running` | Pod 已经完成执行 Init 容器。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/debug-application-cluster/debug-service.md b/content/zh/docs/tasks/debug-application-cluster/debug-service.md
new file mode 100644
index 0000000000000..999f10d6e89ed
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/debug-service.md
@@ -0,0 +1,1181 @@
+---
+reviewers:
+- thockin
+- bowei
+content_template: templates/concept
+title: 调试 Service
+---
+
+<!--
+---
+reviewers:
+- thockin
+- bowei
+content_template: templates/concept
+title: Debug Services
+---
+-->
+
+{{% capture overview %}}
+<!--
+An issue that comes up rather frequently for new installations of Kubernetes is
+that a `Service` is not working properly.  You've run your `Deployment` and
+created a `Service`, but you get no response when you try to access it.
+This document will hopefully help you to figure out what's going wrong.
+-->
+对于新安装的 Kubernetes，经常出现的一个问题是 `Service` 没有正常工作。如果您已经运行了 `Deployment` 并创建了一个 `Service`，但是当您尝试访问它时没有得到响应，希望这份文档能帮助您找出问题所在。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Conventions
+
+Throughout this doc you will see various commands that you can run.  Some
+commands need to be run within a `Pod`, others on a Kubernetes `Node`, and others
+can run anywhere you have `kubectl` and credentials for the cluster.  To make it
+clear what is expected, this document will use the following conventions.
+
+If the command "COMMAND" is expected to run in a `Pod` and produce "OUTPUT":
+
+```shell
+u@pod$ COMMAND
+OUTPUT
+```
+
+If the command "COMMAND" is expected to run on a `Node` and produce "OUTPUT":
+
+```shell
+u@node$ COMMAND
+OUTPUT
+```
+
+If the command is "kubectl ARGS":
+
+```shell
+$ kubectl ARGS
+OUTPUT
+```
+-->
+## 约定
+
+在整个文档中，您将看到各种可以运行的命令。有些命令需要在 `Pod` 中运行，有些命令需要在 Kubernetes `Node` 上运行，还有一些命令可以在您拥有 `kubectl` 和集群凭证的任何地方运行。为了明确预期的效果，本文档将使用以下约定。
+
+如果命令 "COMMAND" 期望在 `Pod` 中运行，并且产生 "OUTPUT"：
+
+```shell
+u@pod$ COMMAND
+OUTPUT
+```
+
+如果命令 "COMMAND" 期望在 `Node` 上运行，并且产生 "OUTPUT"：
+
+```shell
+u@node$ COMMAND
+OUTPUT
+```
+
+如果命令是 "kubectl ARGS"：
+
+```shell
+$ kubectl ARGS
+OUTPUT
+```
+
+<!--
+## Running commands in a Pod
+
+For many steps here you will want to see what a `Pod` running in the cluster
+sees.  The simplest way to do this is to run an interactive busybox `Pod`:
+
+```none
+$ kubectl run -it --rm --restart=Never busybox --image=busybox sh
+If you don't see a command prompt, try pressing enter.
+/ #
+```
+
+If you already have a running `Pod` that you prefer to use, you can run a
+command in it using:
+
+```shell
+$ kubectl exec <POD-NAME> -c <CONTAINER-NAME> -- <COMMAND>
+```
+-->
+## 在 pod 中运行命令
+
+对于这里的许多步骤，您可能希望知道运行在集群中的 `Pod` 看起来是什么样的。最简单的方法是运行一个交互式的 busybox `Pod`：
+
+
+```none
+$ kubectl run -it --rm --restart=Never busybox --image=busybox sh
+如果你没有看到命令提示符，请尝试按 Enter 键。
+/ #
+```
+
+如果您已经有了您喜欢使用的正在运行的 `Pod`，则可以运行一下命令去使用：
+
+```shell
+$ kubectl exec <POD-NAME> -c <CONTAINER-NAME> -- <COMMAND>
+```
+
+<!--
+## Setup
+
+For the purposes of this walk-through, let's run some `Pods`.  Since you're
+probably debugging your own `Service` you can substitute your own details, or you
+can follow along and get a second data point.
+
+```shell
+$ kubectl run hostnames --image=k8s.gcr.io/serve_hostname \
+                        --labels=app=hostnames \
+                        --port=9376 \
+                        --replicas=3
+deployment.apps/hostnames created
+```
+
+`kubectl` commands will print the type and name of the resource created or mutated, which can then be used in subsequent commands.
+{{< note >}}
+This is the same as if you started the `Deployment` with the following YAML:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hostnames
+spec:
+  selector:
+    matchLabels:
+      app: hostnames
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: hostnames
+    spec:
+      containers:
+      - name: hostnames
+        image: k8s.gcr.io/serve_hostname
+        ports:
+        - containerPort: 9376
+          protocol: TCP
+```
+{{< /note >}}
+
+Confirm your `Pods` are running:
+
+```shell
+$ kubectl get pods -l app=hostnames
+NAME                        READY     STATUS    RESTARTS   AGE
+hostnames-632524106-bbpiw   1/1       Running   0          2m
+hostnames-632524106-ly40y   1/1       Running   0          2m
+hostnames-632524106-tlaok   1/1       Running   0          2m
+```
+-->
+## 设置
+
+为了完成本次演练的目的，我们先运行几个 `Pod`。因为可能正在调试您自己的 `Service`，所以，您可以使用自己的详细信息进行替换，或者，您也可以跟随并开始下面的步骤来获得第二个数据点。
+
+```shell
+$ kubectl run hostnames --image=k8s.gcr.io/serve_hostname \
+                        --labels=app=hostnames \
+                        --port=9376 \
+                        --replicas=3
+deployment.apps/hostnames created
+```
+
+`kubectl` 命令将打印创建或变更的资源的类型和名称，它们可以在后续命令中使用。
+{{< note >}}
+这与您使用以下 YAML 启动 `Deployment` 相同：
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hostnames
+spec:
+  selector:
+    matchLabels:
+      app: hostnames
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: hostnames
+    spec:
+      containers:
+      - name: hostnames
+        image: k8s.gcr.io/serve_hostname
+        ports:
+        - containerPort: 9376
+          protocol: TCP
+```
+{{< /note >}}
+
+确认您的 `Pods` 是运行状态:
+
+```shell
+$ kubectl get pods -l app=hostnames
+NAME                        READY     STATUS    RESTARTS   AGE
+hostnames-632524106-bbpiw   1/1       Running   0          2m
+hostnames-632524106-ly40y   1/1       Running   0          2m
+hostnames-632524106-tlaok   1/1       Running   0          2m
+```
+
+<!--
+## Does the Service exist?
+
+The astute reader will have noticed that we did not actually create a `Service`
+yet - that is intentional.  This is a step that sometimes gets forgotten, and
+is the first thing to check.
+
+So what would happen if I tried to access a non-existent `Service`?  Assuming you
+have another `Pod` that consumes this `Service` by name you would get something
+like:
+
+```shell
+u@pod$ wget -O- hostnames
+Resolving hostnames (hostnames)... failed: Name or service not known.
+wget: unable to resolve host address 'hostnames'
+```
+
+So the first thing to check is whether that `Service` actually exists:
+
+```shell
+$ kubectl get svc hostnames
+No resources found.
+Error from server (NotFound): services "hostnames" not found
+```
+
+So we have a culprit, let's create the `Service`.  As before, this is for the
+walk-through - you can use your own `Service`'s details here.
+
+```shell
+$ kubectl expose deployment hostnames --port=80 --target-port=9376
+service/hostnames exposed
+```
+
+And read it back, just to be sure:
+
+```shell
+$ kubectl get svc hostnames
+NAME        TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
+hostnames   ClusterIP   10.0.1.175   <none>        80/TCP    5s
+```
+
+As before, this is the same as if you had started the `Service` with YAML:
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: hostnames
+spec:
+  selector:
+    app: hostnames
+  ports:
+  - name: default
+    protocol: TCP
+    port: 80
+    targetPort: 9376
+```
+
+Now you can confirm that the `Service` exists.
+-->
+## Service 存在吗？
+
+细心的读者会注意到我们还没有真正创建一个 `Service` - 其实这是我们有意的。这是一个有时会被遗忘的步骤，也是第一件要检查的事情。
+
+那么，如果我试图访问一个不存在的 `Service`，会发生什么呢？假设您有另一个 `Pod`，想通过名称使用这个 `Service`，您将得到如下内容：
+
+```shell
+u@pod$ wget -O- hostnames
+Resolving hostnames (hostnames)... failed: Name or service not known.
+wget: unable to resolve host address 'hostnames'
+```
+
+因此，首先要检查的是 `Service` 是否确实存在：
+
+```shell
+$ kubectl get svc hostnames
+No resources found.
+Error from server (NotFound): services "hostnames" not found
+```
+
+我们已经有一个罪魁祸首了，让我们来创建 `Service`。就像前面一样，这里的内容仅仅是为了步骤的执行 - 在这里您可以使用自己的 `Service` 细节。
+
+```shell
+$ kubectl expose deployment hostnames --port=80 --target-port=9376
+service/hostnames exposed
+```
+
+再查询一遍，确定一下：
+
+```shell
+$ kubectl get svc hostnames
+NAME        TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
+hostnames   ClusterIP   10.0.1.175   <none>        80/TCP    5s
+```
+
+与前面相同，这与您使用 YAML 启动的 `Service` 一样：
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: hostnames
+spec:
+  selector:
+    app: hostnames
+  ports:
+  - name: default
+    protocol: TCP
+    port: 80
+    targetPort: 9376
+```
+
+现在您可以确认 `Service` 存在。
+
+<!--
+## Does the Service work by DNS?
+
+From a `Pod` in the same `Namespace`:
+
+```shell
+u@pod$ nslookup hostnames
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      hostnames
+Address 1: 10.0.1.175 hostnames.default.svc.cluster.local
+```
+
+If this fails, perhaps your `Pod` and `Service` are in different
+`Namespaces`, try a namespace-qualified name:
+
+```shell
+u@pod$ nslookup hostnames.default
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      hostnames.default
+Address 1: 10.0.1.175 hostnames.default.svc.cluster.local
+```
+
+If this works, you'll need to adjust your app to use a cross-namespace name, or
+run your app and `Service` in the same `Namespace`.  If this still fails, try a
+fully-qualified name:
+
+```shell
+u@pod$ nslookup hostnames.default.svc.cluster.local
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      hostnames.default.svc.cluster.local
+Address 1: 10.0.1.175 hostnames.default.svc.cluster.local
+```
+
+Note the suffix here: "default.svc.cluster.local".  The "default" is the
+`Namespace` we're operating in.  The "svc" denotes that this is a `Service`.
+The "cluster.local" is your cluster domain, which COULD be different in your
+own cluster.
+
+You can also try this from a `Node` in the cluster:
+
+{{< note >}}
+10.0.0.10 is my DNS `Service`, yours might be different).
+{{< /note >}}
+
+```shell
+u@node$ nslookup hostnames.default.svc.cluster.local 10.0.0.10
+Server:         10.0.0.10
+Address:        10.0.0.10#53
+
+Name:   hostnames.default.svc.cluster.local
+Address: 10.0.1.175
+```
+
+If you are able to do a fully-qualified name lookup but not a relative one, you
+need to check that your `/etc/resolv.conf` file is correct.
+
+```shell
+u@pod$ cat /etc/resolv.conf
+nameserver 10.0.0.10
+search default.svc.cluster.local svc.cluster.local cluster.local example.com
+options ndots:5
+```
+
+The `nameserver` line must indicate your cluster's DNS `Service`.  This is
+passed into `kubelet` with the `--cluster-dns` flag.
+
+The `search` line must include an appropriate suffix for you to find the
+`Service` name.  In this case it is looking for `Services` in the local
+`Namespace` (`default.svc.cluster.local`), `Services` in all `Namespaces`
+(`svc.cluster.local`), and the cluster (`cluster.local`).  Depending on your own
+install you might have additional records after that (up to 6 total).  The
+cluster suffix is passed into `kubelet` with the `--cluster-domain` flag.  We
+assume that is "cluster.local" in this document, but yours might be different,
+in which case you should change that in all of the commands above.
+
+The `options` line must set `ndots` high enough that your DNS client library
+considers search paths at all.  Kubernetes sets this to 5 by default, which is
+high enough to cover all of the DNS names it generates.
+-->
+## Service 是否通过 DNS 工作？
+
+从相同 `Namespace` 下的 `Pod` 中运行：
+
+```shell
+u@pod$ nslookup hostnames
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      hostnames
+Address 1: 10.0.1.175 hostnames.default.svc.cluster.local
+```
+
+如果失败，那么您的 `Pod` 和 `Service` 可能位于不同的 `Namespace` 中，请尝试使用限定命名空间的名称：
+
+```shell
+u@pod$ nslookup hostnames.default
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      hostnames.default
+Address 1: 10.0.1.175 hostnames.default.svc.cluster.local
+```
+
+如果成功，那么需要调整您的应用，使用跨命名空间的名称去访问服务，或者，在相同的 `Namespace` 中运行应用和 `Service`。如果仍然失败，请尝试一个完全限定的名称：
+
+```shell
+u@pod$ nslookup hostnames.default.svc.cluster.local
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      hostnames.default.svc.cluster.local
+Address 1: 10.0.1.175 hostnames.default.svc.cluster.local
+```
+
+注意这里的后缀："default.svc.cluster.local"。"default" 是我们正在操作的 `Namespace`。"svc" 表示这是一个 `Service`。"cluster.local" 是您的集群域，在您自己的集群中可能会有所不同。
+
+您也可以在集群中的 Node 上尝试此操作：
+
+{{< note >}}
+10.0.0.10 是我的 DNS `Service`，您的可能不同）.
+{{< /note >}}
+
+```shell
+u@node$ nslookup hostnames.default.svc.cluster.local 10.0.0.10
+Server:         10.0.0.10
+Address:        10.0.0.10#53
+
+Name:   hostnames.default.svc.cluster.local
+Address: 10.0.1.175
+```
+
+如果您能够使用完全限定的名称查找，但不能使用相对名称，则需要检查 `/etc/resolv.conf` 文件是否正确。
+
+```shell
+u@pod$ cat /etc/resolv.conf
+nameserver 10.0.0.10
+search default.svc.cluster.local svc.cluster.local cluster.local example.com
+options ndots:5
+```
+
+`nameserver` 行必须指示您的集群的 DNS `Service`，它通过 `--cluster-dns` 标志传递到 `kubelet`。
+
+`search` 行必须包含一个适当的后缀，以便查找 `Service` 名称。在本例中，它在本地 `Namespace`（`default.svc.cluster.local`）、所有 `Namespace` 中的 `Service`（`svc.cluster.local`）以及集群（`cluster.local`）中查找服务。 根据您自己的安装情况，可能会有额外的记录（最多 6 条）。集群后缀通过 `--cluster-domain` 标志传递给 `kubelet`。 本文档中，我们假定它是 “cluster.local”，但是您的可能不同，这种情况下，您应该在上面的所有命令中更改它。
+
+`options` 行必须设置足够高的 `ndots`，以便 DNS 客户端库考虑搜索路径。在默认情况下，Kubernetes 将这个值设置为 5，这个值足够高，足以覆盖它生成的所有 DNS 名称。
+
+<!--
+### Does any Service exist in DNS?
+
+If the above still fails - DNS lookups are not working for your `Service` - we
+can take a step back and see what else is not working.  The Kubernetes master
+`Service` should always work:
+
+```shell
+u@pod$ nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      kubernetes.default
+Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
+```
+
+If this fails, you might need to go to the kube-proxy section of this doc, or
+even go back to the top of this document and start over, but instead of
+debugging your own `Service`, debug DNS.
+
+## Does the Service work by IP?
+
+Assuming we can confirm that DNS works, the next thing to test is whether your
+`Service` works at all.  From a node in your cluster, access the `Service`'s
+IP (from `kubectl get` above).
+
+```shell
+u@node$ curl 10.0.1.175:80
+hostnames-0uton
+
+u@node$ curl 10.0.1.175:80
+hostnames-yp2kp
+
+u@node$ curl 10.0.1.175:80
+hostnames-bvc05
+```
+
+If your `Service` is working, you should get correct responses.  If not, there
+are a number of things that could be going wrong.  Read on.
+-->
+### DNS 中是否存在任何服务？
+
+如果上面仍然失败 - DNS 查找不到您需要的 `Service` - 我们可以后退一步，看看还有什么不起作用。Kubernetes 主 `Service` 应该一直是工作的：
+
+```shell
+u@pod$ nslookup kubernetes.default
+Server:    10.0.0.10
+Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
+
+Name:      kubernetes.default
+Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
+```
+
+如果失败，您可能需要转到这个文档的 kube-proxy 部分，或者甚至回到文档的顶部重新开始，但不是调试您自己的 `Service`，而是调试 DNS。
+
+### Service 能够通过 IP 访问么？
+
+假设我们可以确认 DNS 工作正常，那么接下来要测试的是您的 `Service` 是否工作正常。从集群中的一个节点，访问 `Service` 的 IP（从上面的 `kubectl get` 命令获取）。
+
+```shell
+u@node$ curl 10.0.1.175:80
+hostnames-0uton
+
+u@node$ curl 10.0.1.175:80
+hostnames-yp2kp
+
+u@node$ curl 10.0.1.175:80
+hostnames-bvc05
+```
+
+如果 `Service` 是正常的，您应该得到正确的响应。如果没有，有很多可能出错的地方，请继续。
+
+<!--
+## Is the Service correct?
+
+It might sound silly, but you should really double and triple check that your
+`Service` is correct and matches your `Pod`'s port.  Read back your `Service`
+and verify it:
+
+```shell
+$ kubectl get service hostnames -o json
+```
+```json
+{
+    "kind": "Service",
+    "apiVersion": "v1",
+    "metadata": {
+        "name": "hostnames",
+        "namespace": "default",
+        "selfLink": "/api/v1/namespaces/default/services/hostnames",
+        "uid": "428c8b6c-24bc-11e5-936d-42010af0a9bc",
+        "resourceVersion": "347189",
+        "creationTimestamp": "2015-07-07T15:24:29Z",
+        "labels": {
+            "app": "hostnames"
+        }
+    },
+    "spec": {
+        "ports": [
+            {
+                "name": "default",
+                "protocol": "TCP",
+                "port": 80,
+                "targetPort": 9376,
+                "nodePort": 0
+            }
+        ],
+        "selector": {
+            "app": "hostnames"
+        },
+        "clusterIP": "10.0.1.175",
+        "type": "ClusterIP",
+        "sessionAffinity": "None"
+    },
+    "status": {
+        "loadBalancer": {}
+    }
+}
+```
+
+Is the port you are trying to access in `spec.ports[]`?  Is the `targetPort`
+correct for your `Pods` (many `Pods` choose to use a different port than the
+`Service`)?  If you meant it to be a numeric port, is it a number (9376) or a
+string "9376"?  If you meant it to be a named port, do your `Pods` expose a port
+with the same name?  Is the port's `protocol` the same as the `Pod`'s?
+-->
+## Service 是对的吗？
+
+这听起来可能很愚蠢，但您应该加倍甚至三倍检查您的 `Service` 是否正确，并且与您的 `Pod` 匹配。查看您的 `Service` 并验证它：
+
+```shell
+$ kubectl get service hostnames -o json
+```
+```json
+{
+    "kind": "Service",
+    "apiVersion": "v1",
+    "metadata": {
+        "name": "hostnames",
+        "namespace": "default",
+        "selfLink": "/api/v1/namespaces/default/services/hostnames",
+        "uid": "428c8b6c-24bc-11e5-936d-42010af0a9bc",
+        "resourceVersion": "347189",
+        "creationTimestamp": "2015-07-07T15:24:29Z",
+        "labels": {
+            "app": "hostnames"
+        }
+    },
+    "spec": {
+        "ports": [
+            {
+                "name": "default",
+                "protocol": "TCP",
+                "port": 80,
+                "targetPort": 9376,
+                "nodePort": 0
+            }
+        ],
+        "selector": {
+            "app": "hostnames"
+        },
+        "clusterIP": "10.0.1.175",
+        "type": "ClusterIP",
+        "sessionAffinity": "None"
+    },
+    "status": {
+        "loadBalancer": {}
+    }
+}
+```
+
+`spec.ports[]` 中描述的是您想要尝试访问的端口吗？`targetPort` 对您的 `Pod` 来说正确吗（许多 `Pod` 选择使用与 `Service` 不同的端口）？如果您想把它变成一个数字端口，那么它是一个数字（9376）还是字符串 “9376”？如果您想把它当作一个指定的端口，那么您的 `Pod` 是否公开了一个同名端口？端口的 `protocol` 和 `Pod` 的一样吗？
+
+<!--
+## Does the Service have any Endpoints?
+
+If you got this far, we assume that you have confirmed that your `Service`
+exists and is resolved by DNS.  Now let's check that the `Pods` you ran are
+actually being selected by the `Service`.
+
+Earlier we saw that the `Pods` were running.  We can re-check that:
+
+```shell
+$ kubectl get pods -l app=hostnames
+NAME              READY     STATUS    RESTARTS   AGE
+hostnames-0uton   1/1       Running   0          1h
+hostnames-bvc05   1/1       Running   0          1h
+hostnames-yp2kp   1/1       Running   0          1h
+```
+
+The "AGE" column says that these `Pods` are about an hour old, which implies that
+they are running fine and not crashing.
+
+The `-l app=hostnames` argument is a label selector - just like our `Service`
+has.  Inside the Kubernetes system is a control loop which evaluates the
+selector of every `Service` and saves the results into an `Endpoints` object.
+
+```shell
+$ kubectl get endpoints hostnames
+NAME        ENDPOINTS
+hostnames   10.244.0.5:9376,10.244.0.6:9376,10.244.0.7:9376
+```
+
+This confirms that the endpoints controller has found the correct `Pods` for
+your `Service`.  If the `hostnames` row is blank, you should check that the
+`spec.selector` field of your `Service` actually selects for `metadata.labels`
+values on your `Pods`.  A common mistake is to have a typo or other error, such
+as the `Service` selecting for `run=hostnames`, but the `Deployment` specifying
+`app=hostnames`.
+-->
+## Service 有端点吗？
+
+如果您已经走到了这一步，我们假设您已经确认您的 `Service` 存在，并能通过 DNS 解析。现在，让我们检查一下，您运行的 `Pod` 确实是由 `Service` 选择的。
+
+早些时候，我们已经看到 `Pod` 是运行状态。我们可以再检查一下：
+
+```shell
+$ kubectl get pods -l app=hostnames
+NAME              READY     STATUS    RESTARTS   AGE
+hostnames-0uton   1/1       Running   0          1h
+hostnames-bvc05   1/1       Running   0          1h
+hostnames-yp2kp   1/1       Running   0          1h
+```
+
+"AGE" 列表明这些 `Pod` 已经启动一个小时了，这意味着它们运行良好，而不是崩溃。
+
+`-l app=hostnames` 参数是一个标签选择器 - 就像我们的 `Service` 一样。在 Kubernetes 系统中有一个控制循环，它评估每个 `Service` 的选择器，并将结果保存到 `Endpoints` 对象中。
+
+```shell
+$ kubectl get endpoints hostnames
+NAME        ENDPOINTS
+hostnames   10.244.0.5:9376,10.244.0.6:9376,10.244.0.7:9376
+```
+
+这证实 endpoints 控制器已经为您的 `Service` 找到了正确的 `Pods`。如果 `hostnames` 行为空，则应检查 `Service` 的 `spec.selector` 字段，以及您实际想选择的 `Pods` 的 `metadata.labels` 的值。常见的错误是输入错误或其他错误，例如 `Service` 想选择 `run=hostnames`，但是 `Deployment` 指定的是 `app=hostnames`。
+
+<!--
+## Are the Pods working?
+
+At this point, we know that your `Service` exists and has selected your `Pods`.
+Let's check that the `Pods` are actually working - we can bypass the `Service`
+mechanism and go straight to the `Pods`.
+
+{{< note >}}
+These commands use the `Pod` port (9376), rather than the `Service` port (80).
+{{< /note >}}
+
+```shell
+u@pod$ wget -qO- 10.244.0.5:9376
+hostnames-0uton
+
+pod $ wget -qO- 10.244.0.6:9376
+hostnames-bvc05
+
+u@pod$ wget -qO- 10.244.0.7:9376
+hostnames-yp2kp
+```
+
+We expect each `Pod` in the `Endpoints` list to return its own hostname.  If
+this is not what happens (or whatever the correct behavior is for your own
+`Pods`), you should investigate what's happening there.  You might find
+`kubectl logs` to be useful or `kubectl exec` directly to your `Pods` and check
+service from there.
+
+Another thing to check is that your `Pods` are not crashing or being restarted.
+Frequent restarts could lead to intermittent connectivity issues.
+
+```shell
+$ kubectl get pods -l app=hostnames
+NAME                        READY     STATUS    RESTARTS   AGE
+hostnames-632524106-bbpiw   1/1       Running   0          2m
+hostnames-632524106-ly40y   1/1       Running   0          2m
+hostnames-632524106-tlaok   1/1       Running   0          2m
+```
+
+If the restart count is high, read more about how to [debug
+pods](/docs/tasks/debug-application-cluster/debug-pod-replication-controller/#debugging-pods).
+-->
+## Pod 正常工作吗？
+
+到了这步，我们知道您的 `Service` 存在并选择了您的 `Pods`。让我们检查一下 `Pod` 是否真的在工作 - 我们可以绕过 `Service` 机制，直接进入 `Pod`。
+
+{{< note >}}
+这些命令使用的是 `Pod` 端口（9376），而不是 `Service` 端口（80）。
+{{< /note >}}
+
+```shell
+u@pod$ wget -qO- 10.244.0.5:9376
+hostnames-0uton
+
+pod $ wget -qO- 10.244.0.6:9376
+hostnames-bvc05
+
+u@pod$ wget -qO- 10.244.0.7:9376
+hostnames-yp2kp
+```
+
+我们期望的是 `Endpoints` 列表中的每个 `Pod` 返回自己的主机名。如果这没有发生（或者您自己的 `Pod` 的正确行为没有发生），您应该调查发生了什么。您会发现 `kubectl logs` 这个时候非常有用，或者使用 `kubectl exec` 直接进入到您的 `Pod`，并从那里检查服务。
+
+另一件要检查的事情是，您的 Pod 没有崩溃或正在重新启动。频繁的重新启动可能会导致断断续续的连接问题。
+
+```shell
+$ kubectl get pods -l app=hostnames
+NAME                        READY     STATUS    RESTARTS   AGE
+hostnames-632524106-bbpiw   1/1       Running   0          2m
+hostnames-632524106-ly40y   1/1       Running   0          2m
+hostnames-632524106-tlaok   1/1       Running   0          2m
+```
+
+如果重新启动计数很高，请查阅有关如何[调试 pods](/docs/tasks/debug-application-cluster/debug-pod-replication-controller/#debugging-pods) 获取更多信息。
+
+<!--
+## Is the kube-proxy working?
+
+If you get here, your `Service` is running, has `Endpoints`, and your `Pods`
+are actually serving.  At this point, the whole `Service` proxy mechanism is
+suspect.  Let's confirm it, piece by piece.
+-->
+## kube-proxy 正常工作吗？
+
+如果您到了这里，那么您的 `Service` 正在运行，也有 `Endpoints`，而您的 `Pod` 实际上也正在服务。在这一点上，整个 `Service` 代理机制是否正常就是可疑的了。我们来确认一下，一部分一部分来。
+
+<!--
+### Is kube-proxy running?
+
+Confirm that `kube-proxy` is running on your `Nodes`.  You should get something
+like the below:
+
+```shell
+u@node$ ps auxw | grep kube-proxy
+root  4194  0.4  0.1 101864 17696 ?    Sl Jul04  25:43 /usr/local/bin/kube-proxy --master=https://kubernetes-master --kubeconfig=/var/lib/kube-proxy/kubeconfig --v=2
+```
+
+Next, confirm that it is not failing something obvious, like contacting the
+master.  To do this, you'll have to look at the logs.  Accessing the logs
+depends on your `Node` OS.  On some OSes it is a file, such as
+/var/log/kube-proxy.log, while other OSes use `journalctl` to access logs.  You
+should see something like:
+
+```none
+I1027 22:14:53.995134    5063 server.go:200] Running in resource-only container "/kube-proxy"
+I1027 22:14:53.998163    5063 server.go:247] Using iptables Proxier.
+I1027 22:14:53.999055    5063 server.go:255] Tearing down userspace rules. Errors here are acceptable.
+I1027 22:14:54.038140    5063 proxier.go:352] Setting endpoints for "kube-system/kube-dns:dns-tcp" to [10.244.1.3:53]
+I1027 22:14:54.038164    5063 proxier.go:352] Setting endpoints for "kube-system/kube-dns:dns" to [10.244.1.3:53]
+I1027 22:14:54.038209    5063 proxier.go:352] Setting endpoints for "default/kubernetes:https" to [10.240.0.2:443]
+I1027 22:14:54.038238    5063 proxier.go:429] Not syncing iptables until Services and Endpoints have been received from master
+I1027 22:14:54.040048    5063 proxier.go:294] Adding new service "default/kubernetes:https" at 10.0.0.1:443/TCP
+I1027 22:14:54.040154    5063 proxier.go:294] Adding new service "kube-system/kube-dns:dns" at 10.0.0.10:53/UDP
+I1027 22:14:54.040223    5063 proxier.go:294] Adding new service "kube-system/kube-dns:dns-tcp" at 10.0.0.10:53/TCP
+```
+
+If you see error messages about not being able to contact the master, you
+should double-check your `Node` configuration and installation steps.
+
+One of the possible reasons that `kube-proxy` cannot run correctly is that the
+required `conntrack` binary cannot be found. This may happen on some Linux
+systems, depending on how you are installing the cluster, for example, you are
+installing Kubernetes from scratch. If this is the case, you need to manually
+install the `conntrack` package (e.g. `sudo apt install conntrack` on Ubuntu)
+and then retry.
+-->
+### kube-proxy 在运行吗？
+
+确认 `kube-proxy` 正在您的 `Nodes` 上运行。您应该得到如下内容：
+
+```shell
+u@node$ ps auxw | grep kube-proxy
+root  4194  0.4  0.1 101864 17696 ?    Sl Jul04  25:43 /usr/local/bin/kube-proxy --master=https://kubernetes-master --kubeconfig=/var/lib/kube-proxy/kubeconfig --v=2
+```
+
+下一步，确认它并没有出现明显的失败，比如连接主节点失败。要做到这一点，您必须查看日志。访问日志取决于您的 `Node` 操作系统。在某些操作系统是一个文件，如 /var/log/messages kube-proxy.log，而其他操作系统使用 `journalctl` 访问日志。您应该看到类似的东西：
+
+```none
+I1027 22:14:53.995134    5063 server.go:200] Running in resource-only container "/kube-proxy"
+I1027 22:14:53.998163    5063 server.go:247] Using iptables Proxier.
+I1027 22:14:53.999055    5063 server.go:255] Tearing down userspace rules. Errors here are acceptable.
+I1027 22:14:54.038140    5063 proxier.go:352] Setting endpoints for "kube-system/kube-dns:dns-tcp" to [10.244.1.3:53]
+I1027 22:14:54.038164    5063 proxier.go:352] Setting endpoints for "kube-system/kube-dns:dns" to [10.244.1.3:53]
+I1027 22:14:54.038209    5063 proxier.go:352] Setting endpoints for "default/kubernetes:https" to [10.240.0.2:443]
+I1027 22:14:54.038238    5063 proxier.go:429] Not syncing iptables until Services and Endpoints have been received from master
+I1027 22:14:54.040048    5063 proxier.go:294] Adding new service "default/kubernetes:https" at 10.0.0.1:443/TCP
+I1027 22:14:54.040154    5063 proxier.go:294] Adding new service "kube-system/kube-dns:dns" at 10.0.0.10:53/UDP
+I1027 22:14:54.040223    5063 proxier.go:294] Adding new service "kube-system/kube-dns:dns-tcp" at 10.0.0.10:53/TCP
+```
+
+如果您看到有关无法连接主节点的错误消息，则应再次检查节点配置和安装步骤。
+
+`kube-proxy` 无法正确运行的可能原因之一是找不到所需的 `conntrack` 二进制文件。在一些 Linux 系统上，这也是可能发生的，这取决于您如何安装集群，例如，您正在从头开始安装 Kubernetes。如果是这样的话，您需要手动安装 `conntrack` 包（例如，在 Ubuntu 上使用 `sudo apt install conntrack`），然后重试。
+
+<!--
+### Is kube-proxy writing iptables rules?
+
+One of the main responsibilities of `kube-proxy` is to write the `iptables`
+rules which implement `Services`.  Let's check that those rules are getting
+written.
+
+The kube-proxy can run in "userspace" mode, "iptables" mode or "ipvs" mode.
+Hopefully you are using the "iptables" mode or "ipvs" mode.  You
+should see one of the following cases.
+
+#### Userspace
+
+```shell
+u@node$ iptables-save | grep hostnames
+-A KUBE-PORTALS-CONTAINER -d 10.0.1.175/32 -p tcp -m comment --comment "default/hostnames:default" -m tcp --dport 80 -j REDIRECT --to-ports 48577
+-A KUBE-PORTALS-HOST -d 10.0.1.175/32 -p tcp -m comment --comment "default/hostnames:default" -m tcp --dport 80 -j DNAT --to-destination 10.240.115.247:48577
+```
+
+There should be 2 rules for each port on your `Service` (just one in this
+example) - a "KUBE-PORTALS-CONTAINER" and a "KUBE-PORTALS-HOST".  If you do
+not see these, try restarting `kube-proxy` with the `-V` flag set to 4, and
+then look at the logs again.
+
+Almost nobody should be using the "userspace" mode any more, so we won't spend
+more time on it here.
+-->
+### kube-proxy 是否在写 iptables 规则？
+
+`kube-proxy` 的主要职责之一是写实现 `Services` 的 `iptables` 规则。让我们检查一下这些规则是否已经被写好了。
+
+kube-proxy 可以在 "userspace" 模式、 "iptables" 模式或者 "ipvs" 模式下运行。
+希望您正在使用 "iptables" 模式或者 "ipvs" 模式。您应该看到以下情况之一。
+
+#### Userpace
+
+```shell
+u@node$ iptables-save | grep hostnames
+-A KUBE-PORTALS-CONTAINER -d 10.0.1.175/32 -p tcp -m comment --comment "default/hostnames:default" -m tcp --dport 80 -j REDIRECT --to-ports 48577
+-A KUBE-PORTALS-HOST -d 10.0.1.175/32 -p tcp -m comment --comment "default/hostnames:default" -m tcp --dport 80 -j DNAT --to-destination 10.240.115.247:48577
+```
+
+您的 `Service` 上的每个端口应该有两个规则（本例中只有一个）- "KUBE-PORTALS-CONTAINER" 和 "KUBE-PORTALS-HOST"。如果您没有看到这些，请尝试将 `-V` 标志设置为 4 之后重新启动 `kube-proxy`，然后再次查看日志。
+
+几乎没有人应该再使用 "userspace" 模式了，所以我们不会在这里花费更多的时间。
+
+<!--
+#### Iptables
+
+```shell
+u@node$ iptables-save | grep hostnames
+-A KUBE-SEP-57KPRZ3JQVENLNBR -s 10.244.3.6/32 -m comment --comment "default/hostnames:" -j MARK --set-xmark 0x00004000/0x00004000
+-A KUBE-SEP-57KPRZ3JQVENLNBR -p tcp -m comment --comment "default/hostnames:" -m tcp -j DNAT --to-destination 10.244.3.6:9376
+-A KUBE-SEP-WNBA2IHDGP2BOBGZ -s 10.244.1.7/32 -m comment --comment "default/hostnames:" -j MARK --set-xmark 0x00004000/0x00004000
+-A KUBE-SEP-WNBA2IHDGP2BOBGZ -p tcp -m comment --comment "default/hostnames:" -m tcp -j DNAT --to-destination 10.244.1.7:9376
+-A KUBE-SEP-X3P2623AGDH6CDF3 -s 10.244.2.3/32 -m comment --comment "default/hostnames:" -j MARK --set-xmark 0x00004000/0x00004000
+-A KUBE-SEP-X3P2623AGDH6CDF3 -p tcp -m comment --comment "default/hostnames:" -m tcp -j DNAT --to-destination 10.244.2.3:9376
+-A KUBE-SERVICES -d 10.0.1.175/32 -p tcp -m comment --comment "default/hostnames: cluster IP" -m tcp --dport 80 -j KUBE-SVC-NWV5X2332I4OT4T3
+-A KUBE-SVC-NWV5X2332I4OT4T3 -m comment --comment "default/hostnames:" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-WNBA2IHDGP2BOBGZ
+-A KUBE-SVC-NWV5X2332I4OT4T3 -m comment --comment "default/hostnames:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-X3P2623AGDH6CDF3
+-A KUBE-SVC-NWV5X2332I4OT4T3 -m comment --comment "default/hostnames:" -j KUBE-SEP-57KPRZ3JQVENLNBR
+```
+
+There should be 1 rule in `KUBE-SERVICES`, 1 or 2 rules per endpoint in
+`KUBE-SVC-(hash)` (depending on `SessionAffinity`), one `KUBE-SEP-(hash)` chain
+per endpoint, and a few rules in each `KUBE-SEP-(hash)` chain.  The exact rules
+will vary based on your exact config (including node-ports and load-balancers).
+-->
+#### Iptables
+
+```shell
+u@node$ iptables-save | grep hostnames
+-A KUBE-SEP-57KPRZ3JQVENLNBR -s 10.244.3.6/32 -m comment --comment "default/hostnames:" -j MARK --set-xmark 0x00004000/0x00004000
+-A KUBE-SEP-57KPRZ3JQVENLNBR -p tcp -m comment --comment "default/hostnames:" -m tcp -j DNAT --to-destination 10.244.3.6:9376
+-A KUBE-SEP-WNBA2IHDGP2BOBGZ -s 10.244.1.7/32 -m comment --comment "default/hostnames:" -j MARK --set-xmark 0x00004000/0x00004000
+-A KUBE-SEP-WNBA2IHDGP2BOBGZ -p tcp -m comment --comment "default/hostnames:" -m tcp -j DNAT --to-destination 10.244.1.7:9376
+-A KUBE-SEP-X3P2623AGDH6CDF3 -s 10.244.2.3/32 -m comment --comment "default/hostnames:" -j MARK --set-xmark 0x00004000/0x00004000
+-A KUBE-SEP-X3P2623AGDH6CDF3 -p tcp -m comment --comment "default/hostnames:" -m tcp -j DNAT --to-destination 10.244.2.3:9376
+-A KUBE-SERVICES -d 10.0.1.175/32 -p tcp -m comment --comment "default/hostnames: cluster IP" -m tcp --dport 80 -j KUBE-SVC-NWV5X2332I4OT4T3
+-A KUBE-SVC-NWV5X2332I4OT4T3 -m comment --comment "default/hostnames:" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-WNBA2IHDGP2BOBGZ
+-A KUBE-SVC-NWV5X2332I4OT4T3 -m comment --comment "default/hostnames:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-X3P2623AGDH6CDF3
+-A KUBE-SVC-NWV5X2332I4OT4T3 -m comment --comment "default/hostnames:" -j KUBE-SEP-57KPRZ3JQVENLNBR
+```
+
+`KUBE-SERVICES` 中应该有 1 条规则，`KUBE-SVC-(hash)` 中每个端点有 1 或 2 条规则（取决于 `SessionAffinity`），每个端点中应有 1 条 `KUBE-SEP-(hash)` 链。准确的规则将根据您的确切配置（包括节点、端口组合以及负载均衡器设置）而有所不同。
+
+<!--
+#### IPVS
+
+```shell
+u@node$ ipvsadm -ln
+Prot LocalAddress:Port Scheduler Flags
+  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
+...
+TCP  10.0.1.175:80 rr
+  -> 10.244.0.5:9376               Masq    1      0          0
+  -> 10.244.0.6:9376               Masq    1      0          0
+  -> 10.244.0.7:9376               Masq    1      0          0
+...
+```
+
+IPVS proxy will create a virtual server for each service address(e.g. Cluster IP, External IP, NodePort IP, Load Balancer IP etc.) and some corresponding real servers for endpoints of the service, if any. In this example, service hostnames(`10.0.1.175:80`) has 3 endpoints(`10.244.0.5:9376`, `10.244.0.6:9376`, `10.244.0.7:9376`) and you'll get results similar to above.
+-->
+#### IPVS
+
+```shell
+u@node$ ipvsadm -ln
+Prot LocalAddress:Port Scheduler Flags
+  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
+...
+TCP  10.0.1.175:80 rr
+  -> 10.244.0.5:9376               Masq    1      0          0
+  -> 10.244.0.6:9376               Masq    1      0          0
+  -> 10.244.0.7:9376               Masq    1      0          0
+...
+```
+
+IPVS 代理将为每个服务器地址（例如集群 IP、外部 IP、节点端口 IP、负载均衡 IP等）创建虚拟服务器，并为服务的端点创建一些相应的真实服务器（如果有）。在这个例子中，服务器主机名（`10.0.1.175:80`）有 3 个端点(`10.244.0.5:9376`, `10.244.0.6:9376`, `10.244.0.7:9376`)，你会得到类似上面的结果。
+
+
+<!--
+### Is kube-proxy proxying?
+
+Assuming you do see the above rules, try again to access your `Service` by IP:
+
+```shell
+u@node$ curl 10.0.1.175:80
+hostnames-0uton
+```
+
+If this fails and you are using the userspace proxy, you can try accessing the
+proxy directly.  If you are using the iptables proxy, skip this section.
+
+Look back at the `iptables-save` output above, and extract the
+port number that `kube-proxy` is using for your `Service`.  In the above
+examples it is "48577".  Now connect to that:
+
+```shell
+u@node$ curl localhost:48577
+hostnames-yp2kp
+```
+
+If this still fails, look at the `kube-proxy` logs for specific lines like:
+
+```shell
+Setting endpoints for default/hostnames:default to [10.244.0.5:9376 10.244.0.6:9376 10.244.0.7:9376]
+```
+
+If you don't see those, try restarting `kube-proxy` with the `-V` flag set to 4, and
+then look at the logs again.
+-->
+### kube-proxy 在执行代理操作么？
+
+假设您确实看到了上述规则，请再次尝试通过 IP 访问您的 `Service`：
+
+```shell
+u@node$ curl 10.0.1.175:80
+hostnames-0uton
+```
+
+如果失败了，并且您正在使用 userspace 代理，您可以尝试直接访问代理。如果您使用的是 iptables 代理，请跳过本节。
+
+回顾上面的 `iptables-save` 输出，并提取 `kube-proxy` 用于您的 `Service` 的端口号。在上面的例子中，它是 “48577”。现在连接到它：
+
+```shell
+u@node$ curl localhost:48577
+hostnames-yp2kp
+```
+
+如果仍然失败，请查看 `kube-proxy` 日志中的特定行，如：
+
+```shell
+Setting endpoints for default/hostnames:default to [10.244.0.5:9376 10.244.0.6:9376 10.244.0.7:9376]
+```
+
+如果您没有看到这些，请尝试将 `-V` 标志设置为 4 并重新启动 `kube-proxy`，然后再查看日志。
+
+<!--
+### A Pod cannot reach itself via Service IP
+
+This can happen when the network is not properly configured for "hairpin"
+traffic, usually when `kube-proxy` is running in `iptables` mode and Pods
+are connected with bridge network. The `Kubelet` exposes a `hairpin-mode`
+[flag](/docs/admin/kubelet/) that allows endpoints of a Service to loadbalance back to themselves
+if they try to access their own Service VIP. The `hairpin-mode` flag must either be
+set to `hairpin-veth` or `promiscuous-bridge`.
+
+The common steps to trouble shoot this are as follows:
+
+* Confirm `hairpin-mode` is set to `hairpin-veth` or `promiscuous-bridge`.
+You should see something like the below. `hairpin-mode` is set to
+`promiscuous-bridge` in the following example.
+
+```shell
+u@node$ ps auxw|grep kubelet
+root      3392  1.1  0.8 186804 65208 ?        Sl   00:51  11:11 /usr/local/bin/kubelet --enable-debugging-handlers=true --config=/etc/kubernetes/manifests --allow-privileged=True --v=4 --cluster-dns=10.0.0.10 --cluster-domain=cluster.local --configure-cbr0=true --cgroup-root=/ --system-cgroups=/system --hairpin-mode=promiscuous-bridge --runtime-cgroups=/docker-daemon --kubelet-cgroups=/kubelet --babysit-daemons=true --max-pods=110 --serialize-image-pulls=false --outofdisk-transition-frequency=0
+
+```
+
+* Confirm the effective `hairpin-mode`. To do this, you'll have to look at
+kubelet log. Accessing the logs depends on your Node OS. On some OSes it
+is a file, such as /var/log/kubelet.log, while other OSes use `journalctl`
+to access logs. Please be noted that the effective hairpin mode may not
+match `--hairpin-mode` flag due to compatibility. Check if there is any log
+lines with key word `hairpin` in kubelet.log. There should be log lines
+indicating the effective hairpin mode, like something below.
+
+```shell
+I0629 00:51:43.648698    3252 kubelet.go:380] Hairpin mode set to "promiscuous-bridge"
+```
+
+* If the effective hairpin mode is `hairpin-veth`, ensure the `Kubelet` has
+the permission to operate in `/sys` on node. If everything works properly,
+you should see something like:
+
+```shell
+for intf in /sys/devices/virtual/net/cbr0/brif/*; do cat $intf/hairpin_mode; done
+1
+1
+1
+1
+```
+
+* If the effective hairpin mode is `promiscuous-bridge`, ensure `Kubelet`
+has the permission to manipulate linux bridge on node. If cbr0` bridge is
+used and configured properly, you should see:
+
+```shell
+u@node$ ifconfig cbr0 |grep PROMISC
+UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1460  Metric:1
+
+```
+
+* Seek help if none of above works out.
+-->
+### Pod 无法通过 Service IP 访问自己
+
+如果网络没有为“发夹模式”流量生成正确配置，通常当 `kube-proxy` 以 `iptables` 模式运行，并且 Pod 与桥接网络连接时，就会发生这种情况。`Kubelet` 公开了一个 `hairpin-mode` 标志，如果 pod 试图访问它们自己的 Service VIP，就可以让 Service 的端点重新负载到他们自己身上。`hairpin-mode` 标志必须设置为 `hairpin-veth` 或者 `promiscuous-bridge`。
+
+解决这一问题的常见步骤如下：
+
+* 确认 `hairpin-mode` 被设置为 `hairpin-veth` 或者 `promiscuous-bridge`。您应该看到下面这样的内容。在下面的示例中，`hairpin-mode` 被设置为 `promiscuous-bridge`。
+
+```shell
+u@node$ ps auxw|grep kubelet
+root      3392  1.1  0.8 186804 65208 ?        Sl   00:51  11:11 /usr/local/bin/kubelet --enable-debugging-handlers=true --config=/etc/kubernetes/manifests --allow-privileged=True --v=4 --cluster-dns=10.0.0.10 --cluster-domain=cluster.local --configure-cbr0=true --cgroup-root=/ --system-cgroups=/system --hairpin-mode=promiscuous-bridge --runtime-cgroups=/docker-daemon --kubelet-cgroups=/kubelet --babysit-daemons=true --max-pods=110 --serialize-image-pulls=false --outofdisk-transition-frequency=0
+
+```
+
+* 确认有效的 `hairpin-mode`。要做到这一点，您必须查看 kubelet 日志。访问日志取决于节点的操作系统。在一些操作系统上，它是一个文件，如 /var/log/kubelet.log，而其他操作系统则使用 `journalctl` 访问日志。请注意，由于兼容性，有效的 `hairpin-mode` 可能不匹配 `--hairpin-mode` 标志。在 kubelet.log 中检查是否有带有关键字 `hairpin` 的日志行。应该有日志行指示有效的 `hairpin-mode`，比如下面的内容。
+```shell
+I0629 00:51:43.648698    3252 kubelet.go:380] Hairpin mode set to "promiscuous-bridge"
+```
+
+* 如果有效的发夹模式是 `hairpin-veth`，请确保 `Kubelet` 具有在节点上的 `/sys` 中操作的权限。如果一切正常工作，您应该看到如下内容：
+
+```shell
+for intf in /sys/devices/virtual/net/cbr0/brif/*; do cat $intf/hairpin_mode; done
+1
+1
+1
+1
+```
+
+* 如果有效的发夹模式是 `promiscuous-bridge`，则请确保 `Kubelet` 拥有在节点上操纵 Linux 网桥的权限。如果正确使用和配置了 cbr0 网桥，您应该看到：
+
+```shell
+u@node$ ifconfig cbr0 |grep PROMISC
+UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1460  Metric:1
+
+```
+
+* 如果上述任何一项都没有效果，请寻求帮助。
+
+<!--
+## Seek help
+
+If you get this far, something very strange is happening.  Your `Service` is
+running, has `Endpoints`, and your `Pods` are actually serving.  You have DNS
+working, `iptables` rules installed, and `kube-proxy` does not seem to be
+misbehaving.  And yet your `Service` is not working.  You should probably let
+us know, so we can help investigate!
+
+Contact us on
+[Slack](/docs/troubleshooting/#slack) or
+[Forum](https://discuss.kubernetes.io) or
+[GitHub](https://github.com/kubernetes/kubernetes).
+-->
+## 寻求帮助
+
+如果您走到这一步，那么就真的是奇怪的事情发生了。您的 `Service` 正在运行，有 `Endpoints`，您的 `Pods` 也确实在服务中。您的 DNS 正常，`iptables` 规则已经安装，`kube-proxy` 看起来也正常。然而 `Service` 不起作用。这种情况下，您应该让我们知道，这样我们可以帮助调查！
+
+使用 [Slack](/docs/troubleshooting/#slack) 或者 [Forum](https://discuss.kubernetes.io) 或者 [GitHub](https://github.com/kubernetes/kubernetes) 联系我们。
+
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Visit [troubleshooting document](/docs/troubleshooting/) for more information.
+-->
+访问[故障排查文档](/docs/troubleshooting/)获取更多信息。
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md b/content/zh/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
new file mode 100644
index 0000000000000..8e1b947be63c7
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
@@ -0,0 +1,172 @@
+---
+title: 确定 Pod 失败的原因
+content_template: templates/task
+---
+
+<!--
+---
+title: Determine the Reason for Pod Failure
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to write and read a Container
+termination message.
+-->
+
+本文介绍如何编写和读取容器的终止消息。
+
+<!--
+Termination messages provide a way for containers to write information about 
+fatal events to a location where it can be easily retrieved and surfaced by 
+tools like dashboards and monitoring software. In most cases, information that 
+you put in a termination message should also be written to the general 
+[Kubernetes logs](/docs/concepts/cluster-administration/logging/).
+-->
+
+终止消息为容器提供了一种方法，可以将有关致命事件的信息写入某个位置，在该位置可以通过仪表板和监控软件等工具轻松检索和显示致命事件。
+在大多数情况下，您放入终止消息中的信息也应该写入[常规 Kubernetes 日志](/docs/concepts/cluster-administration/logging/)。
+
+
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Writing and reading a termination message
+
+In this exercise, you create a Pod that runs one container.
+The configuration file specifies a command that runs when
+the container starts.
+-->
+
+## 读写终止消息
+
+在本练习中，您将创建运行一个容器的 Pod。
+配置文件指定在容器启动时要运行的命令。
+
+{{< codenew file="debug/termination.yaml" >}}
+
+1. <!--Create a Pod based on the YAML configuration file:-->基于 YAML 配置文件创建 Pod：
+
+        kubectl create -f https://k8s.io/examples/debug/termination.yaml
+
+    <!--In the YAML file, in the `cmd` and `args` fields, you can see that the
+    container sleeps for 10 seconds and then writes "Sleep expired" to
+    the `/dev/termination-log` file. After the container writes
+    the "Sleep expired" message, it terminates.-->
+    YAML 文件中，在 `cmd` 和 `args` 字段，你可以看到容器休眠 10 秒然后将 "Sleep expired" 写入 `/dev/termination-log` 文件。
+    容器写完 "Sleep expired" 消息后，它就终止了。
+
+1. <!--Display information about the Pod:-->显示 Pod 的信息：
+
+        kubectl get pod termination-demo
+
+    <!--Repeat the preceding command until the Pod is no longer running.-->
+    重复前面的命令直到 Pod 不再运行。
+
+1. <!--Display detailed information about the Pod:-->显示 Pod 的详细信息：
+
+        kubectl get pod --output=yaml
+
+    <!--The output includes the "Sleep expired" message:-->输出结果包含 "Sleep expired" 消息：
+
+        apiVersion: v1
+        kind: Pod
+        ...
+            lastState:
+              terminated:
+                containerID: ...
+                exitCode: 0
+                finishedAt: ...
+                message: |
+                  Sleep expired
+                ...
+
+1. <!--Use a Go template to filter the output so that it includes only the termination message:-->使用 Go 模板过滤输出结果，使其只含有终止消息：
+
+        kubectl get pod termination-demo -o go-template="{{range .status.containerStatuses}}{{.lastState.terminated.message}}{{end}}"
+
+<!--
+## Customizing the termination message
+-->
+
+## 定制终止消息
+
+<!--
+Kubernetes retrieves termination messages from the termination message file
+specified in the `terminationMessagePath` field of a Container, which as a default
+value of `/dev/termination-log`. By customizing this field, you can tell Kubernetes
+to use a different file. Kubernetes use the contents from the specified file to
+populate the Container's status message on both success and failure.
+-->
+
+Kubernetes 从容器的 `terminationMessagePath` 字段中指定的终止消息文件中检索终止消息，默认值为 `/dev/termination-log`。
+通过定制这个字段，您可以告诉 Kubernetes 使用不同的文件。
+Kubernetes 使用指定文件中的内容在成功和失败时填充容器的状态消息。
+
+<!--
+In the following example, the container writes termination messages to
+`/tmp/my-log` for Kubernetes to retrieve:
+-->
+
+在下例中，容器将终止消息写入 `/tmp/my-log` 给 Kubernetes 来接收：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: msg-path-demo
+spec:
+  containers:
+  - name: msg-path-demo-container
+    image: debian
+    terminationMessagePath: "/tmp/my-log"
+```
+
+<!--
+Moreover, users can set the `terminationMessagePolicy` field of a Container for
+further customization. This field defaults to "`File`" which means the termination
+messages are retrieved only from the termination message file. By setting the
+`terminationMessagePolicy` to "`FallbackToLogsOnError`", you can tell Kubernetes
+to use the last chunk of container log output if the termination message file
+is empty and the container exited with an error. The log output is limited to
+2048 bytes or 80 lines, whichever is smaller.
+-->
+
+此外，用户可以设置容器的 `terminationMessagePolicy` 字段，以便进一步自定义。
+此字段默认为 "`File`"，这意味着仅从终止消息文件中检索终止消息。
+通过将 `terminationMessagePolicy` 设置为 "`FallbackToLogsOnError`"，你就可以告诉 Kubernetes，在容器因错误退出时，如果终止消息文件为空，则使用容器日志输出的最后一块作为终止消息。
+日志输出限制为 2048 字节或 80 行，以较小者为准。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* See the `terminationMessagePath` field in
+  [Container](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#container-v1-core).
+* Learn about [retrieving logs](/docs/concepts/cluster-administration/logging/).
+* Learn about [Go templates](https://golang.org/pkg/text/template/).
+-->
+
+* 参考[容器](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#container-v1-core)的 `terminationMessagePath` 字段。
+* 了解[接收日志](/docs/concepts/cluster-administration/logging/)。
+* 了解 [Go 模版](https://golang.org/pkg/text/template/)。
+
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/tasks/debug-application-cluster/events-stackdriver.md b/content/zh/docs/tasks/debug-application-cluster/events-stackdriver.md
new file mode 100644
index 0000000000000..0dbda745d5a66
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/events-stackdriver.md
@@ -0,0 +1,167 @@
+---
+reviewers:
+- piosz
+- x13n
+content_template: templates/concept
+title: StackDriver 中的事件
+---
+
+<!--
+---
+reviewers:
+- piosz
+- x13n
+content_template: templates/concept
+title: Events in Stackdriver
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Kubernetes events are objects that provide insight into what is happening
+inside a cluster, such as what decisions were made by scheduler or why some
+pods were evicted from the node. You can read more about using events
+for debugging your application in the [Application Introspection and Debugging
+](/docs/tasks/debug-application-cluster/debug-application-introspection/)
+section.
+-->
+
+Kubernetes 事件是一种对象，它为用户提供了洞察集群内发生的事情的能力，例如调度程序做出了什么决定，或者为什么某些 Pod 被逐出节点。
+您可以在[应用程序自检和调试](/docs/tasks/debug-application-cluster/debug-application-introspection/)中阅读有关使用事件调试应用程序的更多信息。
+
+<!--
+Since events are API objects, they are stored in the apiserver on master. To
+avoid filling up master's disk, a retention policy is enforced: events are
+removed one hour after the last occurrence. To provide longer history
+and aggregation capabilities, a third party solution should be installed
+to capture events.
+-->
+
+由于事件是 API 对象，因此它们存储在主节点上的 apiserver 中。
+为了避免主节点磁盘空间被填满，将强制执行保留策略：在最后一次事件发生一小时后删除事件。
+为了提供更长的历史记录和聚合能力，应该安装第三方解决方案来捕获事件。
+
+<!--
+This article describes a solution that exports Kubernetes events to
+Stackdriver Logging, where they can be processed and analyzed.
+-->
+
+本文描述了一个将 Kubernetes 事件导出为 Stackdriver Logging 的解决方案，在这里可以对它们进行处理和分析。
+
+{{< note >}}
+<!--
+It is not guaranteed that all events happening in a cluster will be
+exported to Stackdriver. One possible scenario when events will not be
+exported is when event exporter is not running (e.g. during restart or
+upgrade). In most cases it's fine to use events for purposes like setting up
+[metrics][sdLogMetrics] and [alerts][sdAlerts], but you should be aware
+of the potential inaccuracy.
+-->
+不能保证集群中发生的所有事件都将导出到 Stackdriver。
+事件不能导出的一种可能情况是事件导出器没有运行（例如，在重新启动或升级期间）。
+在大多数情况下，可以将事件用于设置 [metrics][sdLogMetrics] 和 [alerts][sdAlerts] 等目的，但您应该注意潜在的不准确性。
+{{< /note >}}
+
+[sdLogMetrics]: https://cloud.google.com/logging/docs/view/logs_based_metrics
+[sdAlerts]: https://cloud.google.com/logging/docs/view/logs_based_metrics#creating_an_alerting_policy
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Deployment
+-->
+
+## 部署
+
+### Google Kubernetes Engine
+
+<!--
+In Google Kubernetes Engine, if cloud logging is enabled, event exporter
+is deployed by default to the clusters with master running version 1.7 and
+higher. To prevent disturbing your workloads, event exporter does not have
+resources set and is in the best effort QOS class, which means that it will
+be the first to be killed in the case of resource starvation. If you want
+your events to be exported, make sure you have enough resources to facilitate
+the event exporter pod. This may vary depending on the workload, but on
+average, approximately 100Mb RAM and 100m CPU is needed.
+-->
+
+在 Google Kubernetes Engine 中，如果启用了云日志，那么事件导出器默认部署在主节点运行版本为 1.7 及更高版本的集群中。
+为了防止干扰您的工作负载，事件导出器没有设置资源，并且处于尽力而为的 QoS 类型中，这意味着它将在资源匮乏的情况下第一个被杀死。
+如果要导出事件，请确保有足够的资源给事件导出器 Pod 使用。
+这可能会因为工作负载的不同而有所不同，但平均而言，需要大约 100MB 的内存和 100m 的 CPU。
+
+<!--
+### Deploying to the Existing Cluster
+-->
+
+### 部署到现有集群
+
+<!--
+Deploy event exporter to your cluster using the following command:
+-->
+
+使用下面的命令将事件导出器部署到您的集群：
+
+```shell
+kubectl create -f https://k8s.io/examples/debug/event-exporter.yaml
+```
+
+<!--
+Since event exporter accesses the Kubernetes API, it requires permissions to
+do so. The following deployment is configured to work with RBAC
+authorization. It sets up a service account and a cluster role binding
+to allow event exporter to read events. To make sure that event exporter
+pod will not be evicted from the node, you can additionally set up resource
+requests. As mentioned earlier, 100Mb RAM and 100m CPU should be enough.
+-->
+
+由于事件导出器访问 Kubernetes API，因此它需要权限才能访问。
+以下的部署配置为使用 RBAC 授权。
+它设置服务帐户和集群角色绑定，以允许事件导出器读取事件。
+为了确保事件导出器 Pod 不会从节点中退出，您可以另外设置资源请求。
+如前所述，100MB 内存和 100m CPU 应该就足够了。
+
+{{< codenew file="debug/event-exporter.yaml" >}}
+
+<!--
+## User Guide
+-->
+
+## 用户指南
+
+<!--
+Events are exported to the `GKE Cluster` resource in Stackdriver Logging.
+You can find them by selecting an appropriate option from a drop-down menu
+of available resources:
+-->
+
+事件在 Stackdriver Logging 中被导出到 `GKE Cluster` 资源。
+您可以通过从可用资源的下拉菜单中选择适当的选项来找到它们：
+
+<img src="/images/docs/stackdriver-event-exporter-resource.png" alt="Events location in the Stackdriver Logging interface" width="500">
+
+<!--
+You can filter based on the event object fields using Stackdriver Logging
+[filtering mechanism](https://cloud.google.com/logging/docs/view/advanced_filters).
+For example, the following query will show events from the scheduler
+about pods from deployment `nginx-deployment`:
+-->
+
+您可以使用 Stackdriver Logging 的[过滤机制](https://cloud.google.com/logging/docs/view/advanced_filters)基于事件对象字段进行过滤。
+例如，下面的查询将显示调度程序中有关 Deployment `nginx-deployment` 中的 Pod 的事件：
+
+```
+resource.type="gke_cluster"
+jsonPayload.kind="Event"
+jsonPayload.source.component="default-scheduler"
+jsonPayload.involvedObject.name:"nginx-deployment"
+```
+
+{{< figure src="/images/docs/stackdriver-event-exporter-filter.png" alt="Filtered events in the Stackdriver Logging interface" width="500" >}}
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/get-shell-running-container.md b/content/zh/docs/tasks/debug-application-cluster/get-shell-running-container.md
new file mode 100644
index 0000000000000..15d5331f3db04
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/get-shell-running-container.md
@@ -0,0 +1,241 @@
+---
+reviewers:
+- caesarxuchao
+- mikedanese
+title: 获取正在运行容器的 Shell
+content_template: templates/task
+---
+
+<!--
+---
+reviewers:
+- caesarxuchao
+- mikedanese
+title: Get a Shell to a Running Container
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to use `kubectl exec` to get a shell to a
+running Container.
+-->
+
+本文介绍怎样使用 `kubectl exec` 命令获取正在运行容器的 Shell。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Getting a shell to a Container
+-->
+
+## 获取容器的 Shell
+
+<!--
+In this exercise, you create a Pod that has one Container. The Container
+runs the nginx image. Here is the configuration file for the Pod:
+-->
+
+在本练习中，你将创建包含一个容器的 Pod。容器运行 nginx 镜像。下面是 Pod 的配置文件：
+
+{{< codenew file="application/shell-demo.yaml" >}}
+
+<!--
+Create the Pod:
+-->
+
+创建 Pod：
+
+```shell
+kubectl create -f https://k8s.io/examples/application/shell-demo.yaml
+```
+
+<!--
+Verify that the Container is running:
+-->
+
+检查容器是否运行正常：
+
+```shell
+kubectl get pod shell-demo
+```
+
+<!--
+Get a shell to the running Container:
+-->
+
+获取正在运行容器的 Shell：
+
+```shell
+kubectl exec -it shell-demo -- /bin/bash
+```
+{{< note >}}
+
+<!--
+The double dash symbol "--" is used to separate the arguments you want to pass to the command from the kubectl arguments.
+-->
+双破折号 "--" 用于将要传递给命令的参数与 kubectl 的参数分开。
+note >}}
+
+<!--
+In your shell, list the root directory:
+-->
+
+在 shell 中，打印根目录：
+
+```shell
+root@shell-demo:/# ls /
+```
+
+<!--
+In your shell, experiment with other commands. Here are
+some examples:
+-->
+
+在 shell 中，实验其他命令。下面是一些示例：
+
+```shell
+root@shell-demo:/# ls /
+root@shell-demo:/# cat /proc/mounts
+root@shell-demo:/# cat /proc/1/maps
+root@shell-demo:/# apt-get update
+root@shell-demo:/# apt-get install -y tcpdump
+root@shell-demo:/# tcpdump
+root@shell-demo:/# apt-get install -y lsof
+root@shell-demo:/# lsof
+root@shell-demo:/# apt-get install -y procps
+root@shell-demo:/# ps aux
+root@shell-demo:/# ps aux | grep nginx
+```
+
+<!--
+## Writing the root page for nginx
+-->
+
+## 编写 nginx 的 根页面
+
+<!--
+Look again at the configuration file for your Pod. The Pod
+has an `emptyDir` volume, and the Container mounts the volume
+at `/usr/share/nginx/html`.
+-->
+
+在看一下 Pod 的配置文件。该 Pod 有个 `emptyDir` 卷，容器将该卷挂载到了 `/usr/share/nginx/html`。
+
+<!--
+In your shell, create an `index.html` file in the `/usr/share/nginx/html`
+directory:
+-->
+
+在 shell 中，在 `/usr/share/nginx/html` 目录创建一个 `index.html 文件：
+
+```shell
+root@shell-demo:/# echo Hello shell demo > /usr/share/nginx/html/index.html
+```
+
+<!--
+In your shell, send a GET request to the nginx server:
+-->
+
+在 shell 中，向 nginx 服务器发送 GET 请求：
+
+```shell
+root@shell-demo:/# apt-get update
+root@shell-demo:/# apt-get install curl
+root@shell-demo:/# curl localhost
+```
+
+<!--
+The output shows the text that you wrote to the `index.html` file:
+-->
+
+输出结果显示了你在 `index.html` 中写入的文本。
+
+```shell
+Hello shell demo
+```
+
+<!--
+When you are finished with your shell, enter `exit`.
+-->
+
+当用完 shell 后，输入 `exit` 退出。
+
+<!--
+## Running individual commands in a Container
+-->
+
+## 在容器中运行单个命令
+
+<!--
+In an ordinary command window, not your shell, list the environment
+variables in the running Container:
+-->
+
+在普通的命令窗口（而不是 shell）中，打印环境运行容器中的变量：
+
+```shell
+kubectl exec shell-demo env
+```
+
+<!--
+Experiment running other commands. Here are some examples:
+-->
+
+实验运行其他命令。下面是一些示例：
+
+```shell
+kubectl exec shell-demo ps aux
+kubectl exec shell-demo ls /
+kubectl exec shell-demo cat /proc/1/mounts
+```
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Opening a shell when a Pod has more than one Container
+-->
+
+## 当 Pod 包含多个容器时打开 shell
+
+<!--
+If a Pod has more than one Container, use `--container` or `-c` to
+specify a Container in the `kubectl exec` command. For example,
+suppose you have a Pod named my-pod, and the Pod has two containers
+named main-app and helper-app. The following command would open a
+shell to the main-app Container.
+-->
+
+如果 Pod 有多个容器，`--container` 或者 `-c` 可以在 `kubectl exec` 命令中指定容器。
+例如，您有个名为 my-pod 的容器，该 Pod 有两个容器分别为 main-app 和 healper-app。
+下面的命令将会打开一个 shell 访问 main-app 容器。
+
+```shell
+kubectl exec -it my-pod --container main-app -- /bin/bash
+```
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+* [kubectl exec](/docs/reference/generated/kubectl/kubectl-commands/#exec)
+
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/tasks/debug-application-cluster/local-debugging.md b/content/zh/docs/tasks/debug-application-cluster/local-debugging.md
new file mode 100644
index 0000000000000..cdcb6bbd1a77a
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/local-debugging.md
@@ -0,0 +1,126 @@
+---
+title: 在本地开发和调试服务
+content_template: templates/task
+---
+
+<!--
+---
+title: Developing and debugging services locally
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Kubernetes applications usually consist of multiple, separate services, each running in its own container. Developing and debugging these services on a remote Kubernetes cluster can be cumbersome, requiring you to [get a shell on a running container](/docs/tasks/debug-application-cluster/get-shell-running-container/) and running your tools inside the remote shell.
+-->
+
+Kubernetes 应用程序通常由多个独立的服务组成，每个服务都在自己的容器中运行。
+在远端的 Kubernetes 集群上开发和调试这些服务可能很麻烦，需要[在运行的容器上打开 shell](/docs/tasks/debug-application-cluster/get-shell-running-container/)，然后在远端 shell 中运行您所需的工具。
+
+<!--
+`telepresence` is a tool to ease the process of developing and debugging services locally, while proxying the service to a remote Kubernetes cluster. Using `telepresence` allows you to use custom tools, such as a debugger and IDE, for a local service and provides the service full access to ConfigMap, secrets, and the services running on the remote cluster.
+-->
+
+`telepresence` 是一种工具，用于在本地轻松开发和调试服务，同时将服务代理到远程 Kubernetes 集群。
+使用 `telepresence` 可以为本地服务使用自定义工具（如调试器和 IDE），并提供对 Configmap、Secrets 和远程集群上运行的服务的完全访问。
+
+<!--
+This document describes using `telepresence` to develop and debug services running on a remote cluster locally.
+--
+
+本文档描述如何在本地使用 `telepresence` 开发和调试远程集群上运行的服务。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* Kubernetes cluster is installed
+* `kubectl` is configured to communicate with the cluster
+* [Telepresence](https://www.telepresence.io/reference/install) is installed
+-->
+
+* Kubernetes 集群安装完毕
+* 配置好 `kubectl` 与集群交互
+* [Telepresence](https://www.telepresence.io/reference/install) 安装完毕
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Getting a shell on a remote cluster
+
+Open a terminal and run `telepresence` with no arguments to get a `telepresence` shell. This shell runs locally, giving you full access to your local filesystem.
+-->
+
+打开终端，不带参数运行 `telepresence`，以打开 `telepresence` shell。这个 shell 在本地运行，使您可以完全访问本地文件系统。
+
+<!--
+The `telepresence` shell can be used in a variety of ways. For example, write a shell script on your laptop, and run it directly from the shell in real time. You can do this on a remote shell as well, but you might not be able to use your preferred code editor, and the script is deleted when the container is terminated.
+
+Enter `exit` to quit and close the shell.
+-->
+
+`telepresence` shell 的使用方式多种多样。
+例如，在你的笔记本电脑上写一个 shell 脚本，然后直接在 shell 中实时运行它。
+您也可以在远端 shell 上执行此操作，但这样可能无法使用首选的代码编辑器，并且在容器终止时脚本将被删除。
+
+<!--
+## Developing or debugging an existing service
+
+When developing an application on Kubernetes, you typically program or debug a single service. The service might require access to other services for testing and debugging. One option is to use the continuous deployment pipeline, but even the fastest deployment pipeline introduces a delay in the program or debug cycle.
+-->
+
+## 开发和调试现有的服务
+
+在 Kubernetes 上开发应用程序时，通常对单个服务进行编程或调试。
+服务可能需要访问其他服务以进行测试和调试。
+一种选择是使用连续部署管道，但即使最快的部署管道也会在程序或调试周期中引入延迟。
+
+<!--
+Use the `--swap-deployment` option to swap an existing deployment with the Telepresence proxy. Swapping allows you to run a service locally and connect to the remote Kubernetes cluster. The services in the remote cluster can now access the locally running instance.
+
+To run telepresence with `--swap-deployment`, enter:
+-->
+
+使用 `--swap-deployment` 选项将现有部署与 Telepresence 代理交换。交换允许您在本地运行服务并能够连接到远端的 Kubernetes 集群。远端的集群中的服务现在就可以访问本地运行的实例。
+
+到运行 telepresence 并带有 `--swap-deployment` 选项，请输入：
+
+`telepresence --swap-deployment $DEPLOYMENT_NAME`
+
+<!--
+where $DEPLOYMENT_NAME is the name of your existing deployment.
+
+Running this command spawns a shell. In the shell, start your service. You can then make edits to the source code locally, save, and see the changes take effect immediately. You can also run your service in a debugger, or any other local development tool.
+-->
+
+这里的 $DEPLOYMENT_NAME 是您现有的部署名称。
+
+运行此命令将生成 shell。在 shell 中，启动您的服务。
+然后，您就可以在本地对源代码进行编辑、保存并能看到更改立即生效。您还可以在调试器或任何其他本地开发工具中运行服务。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+If you're interested in a hands-on tutorial, check out [this tutorial](https://cloud.google.com/community/tutorials/developing-services-with-k8s) that walks through locally developing the Guestbook application on Google Kubernetes Engine.
+-->
+
+如果您对实践教程感兴趣，请查看[本教程](https://cloud.google.com/community/tutorials/developing-services-with-k8s)，其中介绍了在 Google Kubernetes Engine 上本地开发 Guestbook 应用程序。
+
+<!--
+Telepresence has [numerous proxying options](https://www.telepresence.io/reference/methods), depending on your situation.
+
+For further reading, visit the [Telepresence website](https://www.telepresence.io).
+-->
+
+Telepresence 有[多种代理选项](https://www.telepresence.io/reference/methods)，以满足您的各种情况。
+
+要了解更多信息，请访问 [Telepresence 网站](https://www.telepresence.io)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana.md b/content/zh/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana.md
new file mode 100644
index 0000000000000..d815f17ed98d2
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana.md
@@ -0,0 +1,193 @@
+---
+reviewers:
+- piosz
+- x13n
+content_template: templates/concept
+title: 使用 ElasticSearch 和 Kibana 进行日志管理
+---
+
+<!--
+---
+reviewers:
+- piosz
+- x13n
+content_template: templates/concept
+title: Logging Using Elasticsearch and Kibana
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+On the Google Compute Engine (GCE) platform, the default logging support targets
+[Stackdriver Logging](https://cloud.google.com/logging/), which is described in detail
+in the [Logging With Stackdriver Logging](/docs/user-guide/logging/stackdriver).
+-->
+
+在 Google Compute Engine (GCE) 平台上，默认的日志管理支持目标是 [Stackdriver Logging](https://cloud.google.com/logging/)，在 [使用 Stackdriver Logging 管理日志](/docs/user-guide/logging/stackdriver)中详细描述了这一点。
+
+<!--
+This article describes how to set up a cluster to ingest logs into
+[Elasticsearch](https://www.elastic.co/products/elasticsearch) and view
+them using [Kibana](https://www.elastic.co/products/kibana), as an alternative to
+Stackdriver Logging when running on GCE. 
+-->
+
+本文介绍了如何设置一个集群，将日志导入[Elasticsearch](https://www.elastic.co/products/elasticsearch)，并使用 [Kibana](https://www.elastic.co/products/kibana) 查看日志，作为在 GCE 上运行应用时使用 Stackdriver Logging 管理日志的替代方案。
+
+{{< note >}}
+<!--
+You cannot automatically deploy Elasticsearch and Kibana in the Kubernetes cluster hosted on Google Kubernetes Engine. You have to deploy them manually.
+-->
+您不能在 Google Kubernetes Engine 平台运行的 Kubernetes 集群上自动的部署 Elasticsearch 和 Kibana。您必须手动部署它们。
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+To use Elasticsearch and Kibana for cluster logging, you should set the
+following environment variable as shown below when creating your cluster with
+kube-up.sh:
+-->
+
+要使用 Elasticsearch 和 Kibana 处理集群日志，您应该在使用 kube-up.sh 脚本创建集群时设置下面所示的环境变量：
+
+```shell
+KUBE_LOGGING_DESTINATION=elasticsearch
+```
+
+<!--
+You should also ensure that `KUBE_ENABLE_NODE_LOGGING=true` (which is the default for the GCE platform).
+-->
+
+您还应该确保设置了 `KUBE_ENABLE_NODE_LOGGING=true` （这是 GCE 平台的默认设置）。
+
+<!--
+Now, when you create a cluster, a message will indicate that the Fluentd log
+collection daemons that run on each node will target Elasticsearch:
+-->
+
+现在，当您创建集群时，将有一条消息将指示每个节点上运行的 Fluentd 日志收集守护进程以 ElasticSearch 为日志输出目标：
+
+```shell
+$ cluster/kube-up.sh
+...
+Project: kubernetes-satnam
+Zone: us-central1-b
+... calling kube-up
+Project: kubernetes-satnam
+Zone: us-central1-b
++++ Staging server tars to Google Storage: gs://kubernetes-staging-e6d0e81793/devel
++++ kubernetes-server-linux-amd64.tar.gz uploaded (sha1 = 6987c098277871b6d69623141276924ab687f89d)
++++ kubernetes-salt.tar.gz uploaded (sha1 = bdfc83ed6b60fa9e3bff9004b542cfc643464cd0)
+Looking for already existing resources
+Starting master and configuring firewalls
+Created [https://www.googleapis.com/compute/v1/projects/kubernetes-satnam/zones/us-central1-b/disks/kubernetes-master-pd].
+NAME                 ZONE          SIZE_GB TYPE   STATUS
+kubernetes-master-pd us-central1-b 20      pd-ssd READY
+Created [https://www.googleapis.com/compute/v1/projects/kubernetes-satnam/regions/us-central1/addresses/kubernetes-master-ip].
++++ Logging using Fluentd to elasticsearch
+```
+
+<!--
+The per-node Fluentd pods, the Elasticsearch pods, and the Kibana pods should
+all be running in the kube-system namespace soon after the cluster comes to
+life.
+-->
+
+每个节点的 Fluentd pod、Elasticsearch pod 和 Kibana pod 都应该在集群启动后不久运行在 kube-system 命名空间中。
+
+```shell
+$ kubectl get pods --namespace=kube-system
+NAME                                           READY     STATUS    RESTARTS   AGE
+elasticsearch-logging-v1-78nog                 1/1       Running   0          2h
+elasticsearch-logging-v1-nj2nb                 1/1       Running   0          2h
+fluentd-elasticsearch-kubernetes-node-5oq0     1/1       Running   0          2h
+fluentd-elasticsearch-kubernetes-node-6896     1/1       Running   0          2h
+fluentd-elasticsearch-kubernetes-node-l1ds     1/1       Running   0          2h
+fluentd-elasticsearch-kubernetes-node-lz9j     1/1       Running   0          2h
+kibana-logging-v1-bhpo8                        1/1       Running   0          2h
+kube-dns-v3-7r1l9                              3/3       Running   0          2h
+monitoring-heapster-v4-yl332                   1/1       Running   1          2h
+monitoring-influx-grafana-v1-o79xf             2/2       Running   0          2h
+```
+
+<!--
+The `fluentd-elasticsearch` pods gather logs from each node and send them to
+the `elasticsearch-logging` pods, which are part of a
+[service](/docs/concepts/services-networking/service/) named `elasticsearch-logging`. These
+Elasticsearch pods store the logs and expose them via a REST API.
+The `kibana-logging` pod provides a web UI for reading the logs stored in
+Elasticsearch, and is part of a service named `kibana-logging`.
+-->
+
+`fluentd-elasticsearch` pod 从每个节点收集日志并将其发送到 `elasticsearch-logging` pods，该 pod 是名为 `elasticsearch-logging` 的[服务](/docs/concepts/services-networking/service/)的一部分。
+这些 ElasticSearch pod 存储日志，并通过 REST API 将其公开。
+`kibana-logging` pod 提供了一个用于读取 ElasticSearch 中存储的日志的 Web UI，它是名为 `kibana-logging` 的服务的一部分。
+
+<!--
+The Elasticsearch and Kibana services are both in the `kube-system` namespace
+and are not directly exposed via a publicly reachable IP address. To reach them,
+follow the instructions for [Accessing services running in a cluster](/docs/concepts/cluster-administration/access-cluster/#accessing-services-running-on-the-cluster).
+-->
+
+Elasticsearch 和 Kibana 服务都位于 `kube-system` 命名空间中，并且没有通过可公开访问的 IP 地址直接暴露。
+要访问它们，请参照[访问集群中运行的服务](/docs/concepts/cluster-administration/access-cluster/#accessing-services-running-on-the-cluster)的说明进行操作。
+
+<!--
+If you try accessing the `elasticsearch-logging` service in your browser, you'll
+see a status page that looks something like this:
+-->
+
+如果你想在浏览器中访问 `elasticsearch-logging` 服务，你将看到类似下面的状态页面：
+
+![Elasticsearch Status](/images/docs/es-browser.png)
+
+<!--
+You can now type Elasticsearch queries directly into the browser, if you'd
+like. See [Elasticsearch's documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html)
+for more details on how to do so.
+-->
+
+现在你可以直接在浏览器中输入 Elasticsearch 查询，如果你愿意的话。
+请参考 [Elasticsearch 的文档](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html) 以了解这样做的更多细节。
+
+<!--
+Alternatively, you can view your cluster's logs using Kibana (again using the
+[instructions for accessing a service running in the cluster](/docs/user-guide/accessing-the-cluster/#accessing-services-running-on-the-cluster)).
+The first time you visit the Kibana URL you will be presented with a page that
+asks you to configure your view of the ingested logs. Select the option for
+timeseries values and select `@timestamp`. On the following page select the
+`Discover` tab and then you should be able to see the ingested logs.
+You can set the refresh interval to 5 seconds to have the logs
+regularly refreshed.
+-->
+
+或者，您可以使用 Kibana 查看集群的日志（再次使用[访问集群中运行的服务的说明](/docs/user-guide/accessing-the-cluster/#accessing-services-running-on-the-cluster)）。
+第一次访问 Kibana URL 时，将显示一个页面，要求您配置所接收日志的视图。
+选择时间序列值的选项，然后选择 `@timestamp`。
+在下面的页面中选择 `Discover` 选项卡，然后您应该能够看到所摄取的日志。
+您可以将刷新间隔设置为 5 秒，以便定期刷新日志。
+
+<!--
+Here is a typical view of ingested logs from the Kibana viewer:
+-->
+
+以下是从 Kibana 查看器中摄取日志的典型视图：
+
+![Kibana logs](/images/docs/kibana-logs.png)
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Kibana opens up all sorts of powerful options for exploring your logs! For some
+ideas on how to dig into it, check out [Kibana's documentation](https://www.elastic.co/guide/en/kibana/current/discover.html).
+-->
+
+Kibana 为浏览您的日志提供了各种强大的选项！有关如何深入研究它的一些想法，请查看 [Kibana 的文档](https://www.elastic.co/guide/en/kibana/current/discover.html)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/monitor-node-health.md b/content/zh/docs/tasks/debug-application-cluster/monitor-node-health.md
new file mode 100644
index 0000000000000..f01fe7095670d
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/monitor-node-health.md
@@ -0,0 +1,315 @@
+---
+content_template: templates/task
+title: 节点健康监测
+---
+<!-- 
+---
+reviewers:
+- Random-Liu
+- dchen1107
+content_template: templates/task
+title: Monitor Node Health
+--- 
+-->
+
+{{% capture overview %}}
+
+*节点问题探测器* 是一个 [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) 用来监控节点健康。它从各种守护进程收集节点问题，并以[NodeCondition](/docs/concepts/architecture/nodes/#condition) 和 [Event](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#event-v1-core) 的形式报告给 apiserver 。 
+<!-- 
+*Node problem detector* is a [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) monitoring the
+node health. It collects node problems from various daemons and reports them
+to the apiserver as [NodeCondition](/docs/concepts/architecture/nodes/#condition)
+and [Event](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#event-v1-core). 
+-->
+
+<!-- 
+It supports some known kernel issue detection now, and will detect more and
+more node problems over time. 
+-->
+它现在支持一些已知的内核问题检测，并将随着时间的推移，检测更多节点问题。
+
+<!-- 
+Currently Kubernetes won't take any action on the node conditions and events
+generated by node problem detector. In the future, a remedy system could be
+introduced to deal with node problems. 
+-->
+目前，Kubernetes 不会对节点问题检测器监测到的节点状态和事件采取任何操作。将来可能会引入一个补救系统来处理这些节点问题。
+
+<!-- 
+See more information
+[here](https://github.com/kubernetes/node-problem-detector). 
+-->
+更多信息请参阅 [这里](https://github.com/kubernetes/node-problem-detector)。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- 
+## Limitations 
+-->
+## 局限性
+
+<!-- 
+* The kernel issue detection of node problem detector only supports file based
+kernel log now. It doesn't support log tools like journald. 
+-->
+* 节点问题检测器的内核问题检测现在只支持基于文件类型的内核日志。 它不支持像 journald 这样的命令行日志工具。
+
+<!-- 
+* The kernel issue detection of node problem detector has assumption on kernel
+log format, and now it only works on Ubuntu and Debian. However, it is easy to extend
+it to [support other log format](/docs/tasks/debug-application-cluster/monitor-node-health/#support-other-log-format). 
+-->
+* 节点问题检测器的内核问题检测对内核日志格式有一定要求，现在它只适用于 Ubuntu 和 Debian。但是，将其扩展为 [支持其它日志格式](/docs/tasks/debug-application-cluster/monitor-node-health/#support-other-log-format) 也很容易。
+
+<!-- 
+## Enable/Disable in GCE cluster 
+-->
+## 在 GCE 集群中启用/禁用
+
+<!-- 
+Node problem detector is [running as a cluster addon](/docs/setup/cluster-large/#addon-resources) enabled by default in the
+gce cluster. 
+-->
+节点问题检测器在 gce 集群中以[集群插件的形式](/docs/setup/cluster-large/#addon-resources)默认启用。
+
+<!-- 
+You can enable/disable it by setting the environment variable
+`KUBE_ENABLE_NODE_PROBLEM_DETECTOR` before `kube-up.sh`. 
+-->
+您可以在运行 `kube-up.sh` 之前，以设置环境变量 `KUBE_ENABLE_NODE_PROBLEM_DETECTOR` 的形式启用/禁用它。
+
+<!-- 
+## Use in Other Environment 
+-->
+## 在其它环境中使用
+
+<!-- 
+To enable node problem detector in other environment outside of GCE, you can use
+either `kubectl` or addon pod. 
+-->
+要在 GCE 之外的其他环境中启用节点问题检测器，您可以使用 `kubectl` 或插件 pod。
+
+<!-- 
+### Kubectl 
+-->
+### Kubectl
+
+<!-- 
+This is the recommended way to start node problem detector outside of GCE. It
+provides more flexible management, such as overwriting the default
+configuration to fit it into your environment or detect
+customized node problems. 
+-->
+这是在 GCE 之外启动节点问题检测器的推荐方法。它的管理更加灵活，例如覆盖默认配置以使其适合您的环境或检测自定义节点问题。
+
+<!-- 
+* **Step 1:** `node-problem-detector.yaml`: 
+-->
+* **步骤 1:** `node-problem-detector.yaml`:
+
+{{< codenew file="debug/node-problem-detector.yaml" >}}
+
+
+<!-- 
+***Notice that you should make sure the system log directory is right for your
+OS distro.*** 
+-->
+***请注意保证您的系统日志路径与您的 OS 发行版相对应。***
+
+<!-- 
+* **Step 2:** Start node problem detector with `kubectl`: 
+-->
+* **步骤 2:** 执行 `kubectl` 来启动节点问题检测器：
+
+```shell
+ kubectl create -f https://k8s.io/examples/debug/node-problem-detector.yaml
+```
+
+<!-- 
+### Addon Pod 
+-->
+### 插件 Pod
+
+<!-- 
+This is for those who have their own cluster bootstrap solution, and don't need
+to overwrite the default configuration. They could leverage the addon pod to
+further automate the deployment. 
+-->
+这适用于拥有自己的集群引导程序解决方案的用户，并且不需要覆盖默认配置。 他们可以利用插件 Pod 进一步自动化部署。
+
+<!-- 
+Just create `node-problem-detector.yaml`, and put it under the addon pods directory
+`/etc/kubernetes/addons/node-problem-detector` on master node. 
+-->
+只需创建 `node-problem-detector.yaml`，并将其放在主节点上的插件 pod 目录 `/etc/kubernetes/addons/node-problem-detector` 下。
+
+
+<!-- 
+## Overwrite the Configuration 
+-->
+## 覆盖配置文件
+
+<!-- 
+The [default configuration](https://github.com/kubernetes/node-problem-detector/tree/v0.1/config)
+is embedded when building the docker image of node problem detector. 
+-->
+构建节点问题检测器的 docker 镜像时，会嵌入[默认配置](https://github.com/kubernetes/node-problem-detector/tree/v0.1/config)。
+
+<!-- 
+However, you can use [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) to overwrite it
+following the steps: 
+-->
+不过，您可以像下面这样使用 [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) 将其覆盖：
+
+<!-- 
+* **Step 1:** Change the config files in `config/`.
+* **Step 2:** Create the ConfigMap `node-problem-detector-config` with `kubectl create configmap
+node-problem-detector-config --from-file=config/`.
+* **Step 3:** Change the `node-problem-detector.yaml` to use the ConfigMap:
+ -->
+* **步骤 1:** 在 `config/` 中更改配置文件。
+* **步骤 2:** 使用 `kubectl create configmap node-problem-detector-config --from-file=config/` 创建 `node-problem-detector-config` 。
+* **步骤 3:** 更改 `node-problem-detector.yaml` 以使用 ConfigMap:
+
+{{< codenew file="debug/node-problem-detector-configmap.yaml" >}}
+
+
+<!-- 
+* **Step 4:** Re-create the node problem detector with the new yaml file: 
+-->
+* **步骤 4:** 使用新的 yaml 文件重新创建节点问题检测器：
+
+```shell
+ kubectl delete -f https://k8s.io/examples/debug/node-problem-detector.yaml # If you have a node-problem-detector running
+ kubectl create -f https://k8s.io/examples/debug/node-problem-detector-configmap.yaml
+```
+
+<!-- 
+***Notice that this approach only applies to node problem detector started with `kubectl`.*** 
+-->
+***请注意，此方法仅适用于通过 `kubectl` 启动的节点问题检测器。***
+
+<!-- 
+For node problem detector running as cluster addon, because addon manager doesn't support
+ConfigMap, configuration overwriting is not supported now. 
+-->
+由于插件管理器不支持ConfigMap，因此现在不支持对于作为集群插件运行的节点问题检测器的配置进行覆盖。
+
+<!-- 
+## Kernel Monitor 
+-->
+## 内核监视器
+
+<!-- 
+*Kernel Monitor* is a problem daemon in node problem detector. It monitors kernel log
+and detects known kernel issues following predefined rules. 
+-->
+*内核监视器* 是节点问题检测器中的问题守护进程。它监视内核日志并按照预定义规则检测已知内核问题。
+
+<!-- 
+The Kernel Monitor matches kernel issues according to a set of predefined rule list in
+[`config/kernel-monitor.json`](https://github.com/kubernetes/node-problem-detector/blob/v0.1/config/kernel-monitor.json).
+The rule list is extensible, and you can always extend it by overwriting the
+configuration. 
+-->
+内核监视器根据 [`config/kernel-monitor.json`](https://github.com/kubernetes/node-problem-detector/blob/v0.1/config/kernel-monitor.json) 中的一组预定义规则列表匹配内核问题。
+规则列表是可扩展的，您始终可以通过覆盖配置来扩展它。
+
+<!-- 
+### Add New NodeConditions 
+-->
+### 添加新的 NodeCondition
+
+<!-- 
+To support new node conditions, you can extend the `conditions` field in
+`config/kernel-monitor.json` with new condition definition: 
+-->
+您可以使用新的状态描述来扩展 `config/kernel-monitor.json` 中的 `conditions` 字段以支持新的节点状态。
+
+```json
+{
+  "type": "NodeConditionType",
+  "reason": "CamelCaseDefaultNodeConditionReason",
+  "message": "arbitrary default node condition message"
+}
+```
+
+<!-- 
+### Detect New Problems 
+-->
+### 检测新的问题
+
+<!-- 
+To detect new problems, you can extend the `rules` field in `config/kernel-monitor.json`
+with new rule definition: 
+-->
+您可以使用新的规则描述来扩展 `config/kernel-monitor.json` 中的 `rules` 字段以检测新问题。
+
+```json
+{
+  "type": "temporary/permanent",
+  "condition": "NodeConditionOfPermanentIssue",
+  "reason": "CamelCaseShortReason",
+  "message": "regexp matching the issue in the kernel log"
+}
+```
+
+<!-- 
+### Change Log Path 
+-->
+### 更改日志路径
+
+<!-- 
+Kernel log in different OS distros may locate in different path. The `log`
+field in `config/kernel-monitor.json` is the log path inside the container.
+You can always configure it to match your OS distro. 
+-->
+不同操作系统发行版的内核日志的可能不同。 `config/kernel-monitor.json` 中的 `log` 字段是容器内的日志路径。您始终可以修改配置使其与您的 OS 发行版匹配。
+
+<!-- 
+### Support Other Log Format 
+-->
+### 支持其它日志格式
+
+<!-- 
+Kernel monitor uses [`Translator`](https://github.com/kubernetes/node-problem-detector/blob/v0.1/pkg/kernelmonitor/translator/translator.go)
+plugin to translate kernel log the internal data structure. It is easy to
+implement a new translator for a new log format. 
+-->
+内核监视器使用 [`Translator`] 插件将内核日志转换为内部数据结构。我们可以很容易为新的日志格式实现新的翻译器。
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!-- 
+## Caveats 
+-->
+## 注意事项 
+
+<!-- 
+It is recommended to run the node problem detector in your cluster to monitor
+the node health. However, you should be aware that this will introduce extra
+resource overhead on each node. Usually this is fine, because: 
+-->
+我们建议在集群中运行节点问题检测器来监视节点运行状况。但是，您应该知道这将在每个节点上引入额外的资源开销。一般情况下没有影响，因为：
+
+<!-- 
+* The kernel log is generated relatively slowly.
+* Resource limit is set for node problem detector.
+* Even under high load, the resource usage is acceptable.
+(see [benchmark result](https://github.com/kubernetes/node-problem-detector/issues/2#issuecomment-220255629)) 
+-->
+* 内核日志生成相对较慢。
+* 节点问题检测器有资源限制。
+* 即使在高负载下，资源使用也是可以接受的。
+(参阅 [基准测试结果](https://github.com/kubernetes/node-problem-detector/issues/2#issuecomment-220255629)) 
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/resource-metrics-pipeline.md b/content/zh/docs/tasks/debug-application-cluster/resource-metrics-pipeline.md
new file mode 100644
index 0000000000000..149f58f7d54ad
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/resource-metrics-pipeline.md
@@ -0,0 +1,105 @@
+---
+reviewers:
+- fgrzadkowski
+- piosz
+title: 资源指标管道
+content_template: templates/concept
+---
+<!--
+---
+reviewers:
+- fgrzadkowski
+- piosz
+title: Resource metrics pipeline
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Starting from Kubernetes 1.8, resource usage metrics, such as container CPU and memory usage,
+are available in Kubernetes through the Metrics API. These metrics can be either accessed directly
+by user, for example by using `kubectl top` command, or used by a controller in the cluster, e.g.
+Horizontal Pod Autoscaler, to make decisions.
+-->
+从 Kubernetes 1.8开始，资源使用指标，例如容器 CPU 和内存使用率，可通过 Metrics API 在 Kubernetes 中获得。这些指标可以直接被用户访问，比如使用`kubectl top`命令行，或者这些指标由集群中的控制器使用，例如，Horizontal Pod Autoscaler，使用这些指标来做决策。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## The Metrics API
+-->
+## Metrics API
+
+<!--
+Through the Metrics API you can get the amount of resource currently used
+by a given node or a given pod. This API doesn't store the metric values,
+so it's not possible for example to get the amount of resources used by a
+given node 10 minutes ago.
+-->
+通过 Metrics API，您可以获得指定节点或 pod 当前使用的资源量。此 API 不存储指标值，因此想要获取某个指定节点10分钟前的资源使用量是不可能的。
+
+<!--
+The API is no different from any other API:
+-->
+此 API 与其他 API 没有区别：
+
+<!--
+- it is discoverable through the same endpoint as the other Kubernetes APIs under `/apis/metrics.k8s.io/` path
+- it offers the same security, scalability and reliability guarantees
+-->
+- 此 API 和其它 Kubernetes API 一起位于同一端点（endpoint）之下，是可发现的，路径为`/apis/metrics.k8s.io/` 
+- 它提供相同的安全性、可扩展性和可靠性保证
+
+<!--
+The API is defined in [k8s.io/metrics](https://github.com/kubernetes/metrics/blob/master/pkg/apis/metrics/v1beta1/types.go)
+repository. You can find more information about the API there.
+-->
+Metrics API 在[k8s.io/metrics](https://github.com/kubernetes/metrics/blob/master/pkg/apis/metrics/v1beta1/types.go)
+仓库中定义。您可以在那里找到有关 Metrics API 的更多信息。
+
+<!--
+The API requires metrics server to be deployed in the cluster. Otherwise it will be not available.
+-->
+{{< note >}}
+Metrics API 需要在集群中部署 Metrics Server。否则它将不可用。
+{{< /note >}}
+
+<!--
+## Metrics Server
+-->
+## Metrics Server
+
+<!--
+[Metrics Server](https://github.com/kubernetes-incubator/metrics-server) is a cluster-wide aggregator of resource usage data.
+Starting from Kubernetes 1.8 it's deployed by default in clusters created by `kube-up.sh` script
+as a Deployment object. If you use a different Kubernetes setup mechanism you can deploy it using the provided
+[deployment yamls](https://github.com/kubernetes-incubator/metrics-server/tree/master/deploy).
+It's supported in Kubernetes 1.7+ (see details below).
+-->
+[Metrics Server](https://github.com/kubernetes-incubator/metrics-server)是集群范围资源使用数据的聚合器。
+从 Kubernetes 1.8开始，它作为 Deployment 对象，被默认部署在由`kube-up.sh`脚本创建的集群中。
+如果您使用不同的 Kubernetes 安装方法，则可以使用提供的[deployment yamls](https://github.com/kubernetes-incubator/metrics-server/tree/master/deploy)来部署。它在 Kubernetes 1.7+中得到支持（详见下文）。
+
+<!--
+Metric server collects metrics from the Summary API, exposed by [Kubelet](/docs/admin/kubelet/) on each node.
+-->
+Metric server 从每个节点上的 [Kubelet](/docs/admin/kubelet/) 公开的 Summary API 中采集指标信息。
+
+<!--
+Metrics Server registered in the main API server through
+[Kubernetes aggregator](/docs/concepts/api-extension/apiserver-aggregation/),
+which was introduced in Kubernetes 1.7.
+-->
+通过在主 API server 中注册的 Metrics Server [Kubernetes 聚合器](/docs/concepts/api-extension/apiserver-aggregation/) 来采集指标信息， 这是在 Kubernetes 1.7 中引入的。
+
+<!--
+Learn more about the metrics server in [the design doc](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/metrics-server.md).
+-->
+在[设计文档](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/metrics-server.md)中可以了解到有关 Metrics Server 的更多信息。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/resource-usage-monitoring.md b/content/zh/docs/tasks/debug-application-cluster/resource-usage-monitoring.md
new file mode 100644
index 0000000000000..6e96cdc25760f
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/resource-usage-monitoring.md
@@ -0,0 +1,217 @@
+---
+reviewers:
+- mikedanese
+content_template: templates/concept
+title: 资源监控工具
+---
+
+<!--
+---
+reviewers:
+- mikedanese
+content_template: templates/concept
+title: Tools for Monitoring Resources
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+To scale an application and provide a reliable service, you need to
+understand how the application behaves when it is deployed. You can examine
+application performance in a Kubernetes cluster by examining the containers,
+[pods](/docs/user-guide/pods), [services](/docs/user-guide/services), and
+the characteristics of the overall cluster. Kubernetes provides detailed
+information about an application's resource usage at each of these levels.
+This information allows you to evaluate your application's performance and
+where bottlenecks can be removed to improve overall performance.
+-->
+
+要扩展应用程序并提供可靠的服务，您需要了解应用程序部署时的行为。
+您可以通过检查容器、[pod](/docs/user-guide/pods)、[服务](/docs/user-guide/services) 和整个集群的特性来检查 Kubernetes 集群中的应用程序性能。
+Kubernetes 在每一个级别上提供了关于应用程序资源使用的详细信息。
+此信息允许您评估应用程序的性能，以及在何处可以消除瓶颈以提高整体性能。
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+In Kubernetes, application monitoring does not depend on a single monitoring
+solution. On new clusters, you can use two separate pipelines to collect
+monitoring statistics by default:
+-->
+
+在 Kubernetes 中，应用程序监控不依赖单个监控解决方案。
+默认情况下，新集群上可以使用两个单独的管道来收集监控统计信息：
+
+<!--
+- The [**resource metrics pipeline**](#resource-metrics-pipeline) provides a limited set of metrics related
+  to cluster components such as the HorizontalPodAutoscaler controller, as well
+  as the `kubectl top` utility. These metrics are collected by
+  [metrics-server](https://github.com/kubernetes-incubator/metrics-server)
+  and are exposed via the `metrics.k8s.io` API. `metrics-server` discovers
+  all nodes on the cluster and queries each node's [Kubelet](/docs/admin/kubelet)
+  for CPU and memory usage. The Kubelet fetches the data from
+  [cAdvisor](https://github.com/google/cadvisor). `metrics-server` is a
+  lightweight short-term in-memory store.
+-->
+
+- [**资源度量管道**](#resource-metrics-pipeline)提供了一组与集群组件（如 HorizontalPodautoScaler 控制器）以及 `kubectl top` 实用程序相关的有限度量。
+  这些度量由[度量服务器](https://github.com/kubernetes-incubator/metrics-server)收集，并通过 `metrics.k8s.io` API 公开。
+  `度量服务器`发现群集中的所有节点，并查询每个节点的 [Kubelet](/docs/admin/kubelet) 以获取 CPU 和内存使用情况。
+  Kubelet 从 [cAdvisor](https://github.com/google/cadvisor) 获取数据。
+  `度量服务器`是一个轻量级的短期内存存储。
+
+<!--
+- A [**full metrics pipeline**](#full-metrics-pipelines), such as Prometheus, gives you access to richer
+  metrics. In addition, Kubernetes can respond to these metrics by automatically
+  scaling or adapting the cluster based on its current state, using mechanisms
+  such as the Horizontal Pod Autoscaler. The monitoring pipeline fetches
+  metrics from the Kubelet, and then exposes them to Kubernetes via an adapter
+  by implementing either the `custom.metrics.k8s.io` or
+  `external.metrics.k8s.io` API.
+-->
+
+- 一个[**完整度量管道**](#full-metrics-pipelines)，如 Prometheus，可以让您访问更丰富的度量。
+  此外，Kubernetes 还可以根据集群的当前状态，使用 Pod 水平自动扩缩器等机制，通过自动调用扩展或调整集群来响应这些度量。
+  监控管道从 kubelet 获取度量，然后通过适配器将它们公开给 Kubernetes，方法是实现 `custom.metrics.k8s.io` 或 `external.metrics.k8s.io` API。
+
+<!--
+## Resource metrics pipeline
+-->
+
+## 资源度量管道
+
+
+### Kubelet
+
+<!--
+The Kubelet acts as a bridge between the Kubernetes master and the nodes. It manages the pods and containers running on a machine. Kubelet translates each pod into its constituent containers and fetches individual container usage statistics from cAdvisor. It then exposes the aggregated pod resource usage statistics via a REST API.
+-->
+
+Kubelet充当 Kubernetes 主节点和节点之间的桥梁。
+它管理机器上运行的 Pod 和容器。
+Kubelet 将每个 Pod 转换为它的组成容器，并从 cAdvisor 获取各个容器的使用统计信息。然后它通过一个 REST API 公开聚合的 Pod 资源使用统计信息。
+
+### cAdvisor
+
+<!--
+cAdvisor is an open source container resource usage and performance analysis agent. It is purpose-built for containers and supports Docker containers natively. In Kubernetes, cAdvisor is integrated into the Kubelet binary. cAdvisor auto-discovers all containers in the machine and collects CPU, memory, filesystem, and network usage statistics. cAdvisor also provides the overall machine usage by analyzing the 'root' container on the machine.
+-->
+
+cAdvisor 是一个开源容器资源使用和性能分析代理。
+它是专门为容器构造的，并原生支持 Docker 容器。
+在 Kubernetes 中，cAdvisor 被集成到了 kubelet 二进制文件中。
+cAdvisor 自动发现机器中的所有容器，并收集 CPU、内存、文件系统和网络使用统计信息。
+cAdvisor 还通过分析机器上的 'root' 容器来提供机器的总体使用情况。
+
+<!--
+On most Kubernetes clusters, cAdvisor exposes a simple UI for on-machine containers on port 4194. Here is a snapshot of part of cAdvisor's UI that shows the overall machine usage:
+-->
+
+在大多数 Kubernetes 集群中，cAdvisor 在端口 4194 上为机上容器提供了一个简单的用户界面。以下是 cAdvisor 的部分用户界面的快照，其中显示了机器的总体使用情况：
+
+![cAdvisor](/images/docs/cadvisor.png)
+
+<!--
+## Full metrics pipelines
+-->
+
+## 完整度量管道
+
+<!--
+Many full metrics solutions exist for Kubernetes.
+-->
+
+现有许多用于 Kubernetes 的完整度量解决方案。
+
+### Prometheus
+
+<!--
+[Prometheus](https://prometheus.io) can natively monitor kubernetes, nodes, and prometheus itself.
+The [Prometheus Operator](https://coreos.com/operators/prometheus/docs/latest/)
+simplifies Prometheus setup on Kubernetes, and allows you to serve the
+custom metrics API using the
+[Prometheus adapter](https://github.com/directxman12/k8s-prometheus-adapter).
+Prometheus provides a robust query language and a built-in dashboard for
+querying and visualizing your data. Prometheus is also a supported
+data source for [Grafana](https://prometheus.io/docs/visualization/grafana/).
+-->
+
+[Prometheus](https://prometheus.io) 可以原生监控 Kubernetes、节点和 Prometheus 自身。
+[Prometheus Operator](https://coreos.com/operators/prometheus/docs/latest/) 简化了 Kubernetes 上的 Prometheus 安装，并允许您使用 [Prometheus adapter](https://github.com/directxman12/k8s-prometheus-adapter) 为自定义度量 API 提供支持。
+Prometheus 提供了一种强大的查询语言和一个内置的仪表板，用于查询和可视化您的数据。
+Prometheus 也是支持 [Grafana](https://prometheus.io/docs/visualization/grafana/) 的数据源。
+
+### Google Cloud Monitoring
+
+<!--
+Google Cloud Monitoring is a hosted monitoring service you can use to
+visualize and alert on important metrics in your application. can collect
+metrics from Kubernetes, and you can access them
+using the [Cloud Monitoring Console](https://app.google.stackdriver.com/).
+You can create and customize dashboards to visualize the data gathered
+from your Kubernetes cluster.
+-->
+
+Google Cloud Monitoring 是一个托管的监控服务，您可以使用它对应用程序中的重要指标进行可视化和警报。
+可以从 Kubernetes 收集度量，并且可以使用 [Cloud Monitoring Console](https://app.google.stackdriver.com/) 访问它们。
+您可以创建和自定义仪表板，从而可视化从您的 Kubernetes 集群中收集的数据。
+
+<!--
+This video shows how to configure and run a Google Cloud Monitoring backed Heapster:
+-->
+
+下面的视频介绍了如何配置和运行 Google Cloud Monitoring 支持的 Heapster：
+
+
+[![how to setup and run a Google Cloud Monitoring backed Heapster](https://img.youtube.com/vi/xSMNR2fcoLs/0.jpg)](https://www.youtube.com/watch?v=xSMNR2fcoLs)
+
+
+{{< figure src="/images/docs/gcm.png" alt="Google Cloud Monitoring dashboard example" title="Google Cloud Monitoring dashboard example" caption="This dashboard shows cluster-wide resource usage." >}}
+
+<!--
+## CronJob monitoring
+-->
+
+## CronJob 监控
+
+### Kubernetes Job Monitor
+
+<!--
+With the [Kubernetes Job Monitor](https://github.com/pietervogelaar/kubernetes-job-monitor) dashboard a Cluster Administrator can see which jobs are running and view the status of completed jobs.
+-->
+
+使用 [Kubernetes Job Monitor](https://github.com/pietervogelaar/kubernetes-job-monitor) 仪表板，集群管理员可以看到哪些 job 在运行以及查看已完成 job 的状态。
+
+<!--
+### New Relic Kubernetes monitoring integration
+-->
+
+### New Recil Kubernetes 监控集成
+
+<!--
+[New Relic Kubernetes](https://docs.newrelic.com/docs/integrations/host-integrations/host-integrations-list/kubernetes-monitoring-integration) integration provides increased visibility into the performance of your Kubernetes environment. New Relic's Kubernetes integration instruments the container orchestration layer by reporting metrics from Kubernetes objects. The integration gives you insight into your Kubernetes nodes, namespaces, deployments, replica sets, pods, and containers.
+-->
+
+[New Relic Kubernetes](https://docs.newrelic.com/docs/integrations/host-integrations/host-integrations-list/kubernetes-monitoring-integration)集成提高了对 Kubernetes 环境性能的可视性。
+New Relic 的 Kubernetes 集成通过报告来自 Kubernetes 对象的指标，为容器编排层提供参数。
+该集成让您可以深入了解 Kubernetes 节点、名称空间、部署、副本集、pod 和容器。
+
+<!--
+Marquee capabilities:
+View your data in pre-built dashboards for immediate insight into your Kubernetes environment.
+Create your own custom queries and charts in Insights from automatically reported data.
+Create alert conditions on Kubernetes data.
+Learn more on this [page](https://docs.newrelic.com/docs/integrations/host-integrations/host-integrations-list/kubernetes-monitoring-integration).
+-->
+
+移动文字功能：
+在预构建的仪表板中查看数据，以便立即了解 Kubernetes 环境信息。
+根据自动报告的数据创建自己的自定义查询和图表。
+对 Kubernetes 数据创建警告条件。
+进一步了解该功能请参考这个[页面](https://docs.newrelic.com/docs/integrations/host-integrations/host-integrations-list/kubernetes-monitoring-integration)。
+
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/debug-application-cluster/troubleshooting.md b/content/zh/docs/tasks/debug-application-cluster/troubleshooting.md
new file mode 100644
index 0000000000000..f2206d28d62ee
--- /dev/null
+++ b/content/zh/docs/tasks/debug-application-cluster/troubleshooting.md
@@ -0,0 +1,220 @@
+---
+reviewers:
+- brendandburns
+- davidopp
+content_template: templates/concept
+title: 排错
+---
+
+<!--
+---
+reviewers:
+- brendandburns
+- davidopp
+content_template: templates/concept
+title: Troubleshooting
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Sometimes things go wrong. This guide is aimed at making them right. It has
+two sections:
+-->
+
+有时候事情会出错。本指南旨在正确解决这些问题。它包含两个部分：
+
+<!--
+   * [Troubleshooting your application](/docs/tasks/debug-application-cluster/debug-application/) - Useful for users who are deploying code into Kubernetes and wondering why it is not working.
+   * [Troubleshooting your cluster](/docs/tasks/debug-application-cluster/debug-cluster/) - Useful for cluster administrators and people whose Kubernetes cluster is unhappy.
+-->
+
+   * [应用排错](/docs/tasks/debug-application-cluster/debug-application/) - 用于部署代码到 Kubernetes 并想知道代码为什么不能正常运行的用户。
+   * [集群排错](/docs/tasks/debug-application-cluster/debug-cluster/) - 用于集群管理员以及 Kubernetes 集群表现异常的用户。
+
+<!--
+You should also check the known issues for the [release](https://github.com/kubernetes/kubernetes/releases)
+you're using.
+-->
+
+您也应该查看所用[版本](https://github.com/kubernetes/kubernetes/releases)的已知问题。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Getting help
+
+If your problem isn't answered by any of the guides above, there are variety of
+ways for you to get help from the Kubernetes team.
+-->
+
+## 获取帮助
+
+如果您的问题在上述指南中没有得到答案，您还有另外几种方式从 Kubernetes 团队获得帮助。
+
+<!--
+### Questions
+
+The documentation on this site has been structured to provide answers to a wide
+range of questions. [Concepts](/docs/concepts/) explain the Kubernetes
+architecture and how each component works, while [Setup](/docs/setup/) provides
+practical instructions for getting started. [Tasks](/docs/tasks/) show how to
+accomplish commonly used tasks, and [Tutorials](/docs/tutorials/) are more
+comprehensive walkthroughs of real-world, industry-specific, or end-to-end
+development scenarios. The [Reference](/docs/reference/) section provides
+detailed documentation on the [Kubernetes API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/)
+and command-line interfaces (CLIs), such as [`kubectl`](/docs/user-guide/kubectl-overview/).
+-->
+
+### 提问
+
+网站上的文档针对回答各类问题进行了结构化组织和分类。
+[概念](/docs/concepts/)部分解释了 Kubernetes 体系结构以及每个组件的工作方式，[安装](/docs/setup/)部分提供了入门的实用说明。
+[任务](/docs/tasks/)部分展示了如何完成常用任务，[入门](/docs/tutorials/)部分则是对现实世界、特定行业或端到端开发场景的更全面的演练。
+[参考](/docs/reference/)部分提供了详细的 [Kubernetes API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/) 文档和命令行 (CLI) 接口，例如[`kubectl`](/docs/user-guide/kubectl-overview/)。
+
+<!--
+You may also find the Stack Overflow topics relevant:
+-->
+
+您还可以找到堆栈溢出相关的主题：
+
+   * [Kubernetes](http://stackoverflow.com/questions/tagged/kubernetes)
+   * [Google Kubernetes Engine](http://stackoverflow.com/questions/tagged/google-container-engine)
+
+<!--
+## Help! My question isn't covered!  I need help now!
+-->
+
+## 求救！我的问题还没有解决！我需要立即得到帮助！
+
+<!--
+### Stack Overflow
+-->
+
+### 堆栈溢出
+
+<!--
+Someone else from the community may have already asked a similar question or may
+be able to help with your problem. The Kubernetes team will also monitor
+[posts tagged Kubernetes](http://stackoverflow.com/questions/tagged/kubernetes).
+If there aren't any existing questions that help, please [ask a new one](http://stackoverflow.com/questions/ask?tags=kubernetes)!
+-->
+
+社区中的其他人可能已经问过和您类似的问题，这或许能帮助解决您的问题。
+Kubernetes 团队还会监视[带有 Kubernetes 标签的帖子](http://stackoverflow.com/questions/tagged/kubernetes)。
+如果现有的问题对您没有帮助，请[问一个新问题](http://stackoverflow.com/questions/ask?tags=kubernetes)!
+
+<!--
+### Slack
+
+The Kubernetes team hangs out on Slack in the `#kubernetes-users` channel. You
+can participate in discussion with the Kubernetes team [here](https://kubernetes.slack.com).
+Slack requires registration, but the Kubernetes team is open invitation to
+anyone to register [here](http://slack.kubernetes.io). Feel free to come and ask
+any and all questions.
+-->
+
+### Slack
+
+Kubernetes 团队在 Slack 中建有 `#kubernetes-users` 频道。
+您可以[在这里](https://kubernetes.slack.com)参加与 Kubernetes 团队的讨论。
+Slack 需要注册，但 Kubernetes 团队公开邀请任何人[在这里](http://slack.kubernetes.io)注册。
+欢迎您随时来问任何问题。
+
+<!--
+Once registered, browse the growing list of channels for various subjects of
+interest. For example, people new to Kubernetes may also want to join the
+`#kubernetes-novice` channel. As another example, developers should join the
+`#kubernetes-dev` channel.
+-->
+
+一旦注册完成，您就可以浏览各种感兴趣的频道列表。
+例如，Kubernetes 新人可能还想加入 `#kubernetes-novice` 频道。作为另一个例子，开发人员应该加入 `#kubernetes-dev` 频道。
+
+<!--
+There are also many country specific/local language channels. Feel free to join
+these channels for localized support and info:
+-->
+
+还有许多国家/地区语言频道。请随时加入这些频道以获得本地化支持和信息：
+
+<!--
+- China: `#cn-users`, `#cn-events`
+- France: `#fr-users`, `#fr-events`
+- Germany: `#de-users`, `#de-events`
+- India: `#in-users`, `#in-events`
+- Italy: `#it-users`, `#it-events`
+- Japan: `#jp-users`, `#jp-events`
+- Korea: `#kr-users`
+- Netherlands: `#nl-users`
+- Norway: `#norw-users`
+- Poland: `#pl-users`
+- Russia: `#ru-users`
+- Spain: `#es-users`
+- Turkey: `#tr-users`, `#tr-events`
+-->
+
+- 中国： `#cn-users`, `#cn-events`
+- 法国： `#fr-users`, `#fr-events`
+- 德国： `#de-users`, `#de-events`
+- 印度： `#in-users`, `#in-events`
+- 意大利： `#it-users`, `#it-events`
+- 日本： `#jp-users`, `#jp-events`
+- 韩国： `#kr-users`
+- 荷兰： `#nl-users`
+- 挪威： `#norw-users`
+- 波兰： `#pl-users`
+- 俄罗斯： `#ru-users`
+- 西班牙： `#es-users`
+- 土耳其： `#tr-users`, `#tr-events`
+
+
+<!--
+### Forum
+
+The Kubernetes Official Forum [discuss.kubernetes.io](https://discuss.kubernetes.io)
+-->
+
+### 论坛
+
+Kubernetes 官方论坛 [discuss.kubernetes.io](https://discuss.kubernetes.io)
+
+
+<!--
+### Bugs and Feature requests
+
+If you have what looks like a bug, or you would like to make a feature request,
+please use the [Github issue tracking system](https://github.com/kubernetes/kubernetes/issues).
+-->
+
+如果你发现一个看起来像 bug 的东西，或者你想提出一个功能请求，请使用[Github 问题跟踪系统](https://github.com/kubernetes/kubernetes/issues)。
+
+
+<!--
+Before you file an issue, please search existing issues to see if your issue is
+already covered.
+
+If filing a bug, please include detailed information about how to reproduce the
+problem, such as:
+-->
+
+在提交问题之前，请搜索现有问题以查看是否已涵盖您的问题。
+
+如果提交 bug，请提供如何重现问题的详细信息，例如：
+
+<!--
+* Kubernetes version: `kubectl version`
+* Cloud provider, OS distro, network configuration, and Docker version
+* Steps to reproduce the problem
+-->
+
+* Kubernetes 版本：获取版本的命令为 `kubectl version`
+* 云提供商，OS 发行版、网络配置和 Docker 版本
+* 重现问题的步骤
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/dns-horizontal-autoscaling.md b/content/zh/docs/tasks/dns-horizontal-autoscaling.md
new file mode 100644
index 0000000000000..336b24b7ff543
--- /dev/null
+++ b/content/zh/docs/tasks/dns-horizontal-autoscaling.md
@@ -0,0 +1,485 @@
+---
+title: 自动伸缩集群中的 DNS 服务
+content_template: templates/task
+---
+
+<!--
+---
+title: Autoscale the DNS Service in a Cluster
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to enable and configure autoscaling of the DNS service in a
+Kubernetes cluster.
+-->
+此页面展示如何启用和配置集群中 DNS 服务的自动伸缩。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+* Make sure the [DNS feature](/docs/concepts/services-networking/dns-pod-service/) itself is enabled.
+
+* Kubernetes version 1.4.0 or later is recommended.
+-->
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+* 确保 [DNS 特性](/docs/concepts/services-networking/dns-pod-service/)是启用的。
+
+* 推荐使用 Kubernetes 1.4.0 或更高版本。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Determining whether DNS horizontal autoscaling is already enabled
+-->
+## 确定 DNS 水平自动伸缩是否已经启用
+
+<!--
+List the Deployments in your cluster in the kube-system namespace:
+-->
+列出集群中命名空间 kube-system 下的 Deployment：
+
+    kubectl get deployment --namespace=kube-system
+
+<!--
+The output is similar to this:
+-->
+输出类似：
+
+    NAME                  DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    dns-autoscaler        1         1         1            1           ...
+    ...
+
+<!--
+If you see "dns-autoscaler" in the output, DNS horizontal autoscaling is
+already enabled, and you can skip to
+[Tuning autoscaling parameters](#tuning-autoscaling-parameters).
+-->
+如果在输出中看到 `dns-autoscaler`，则表示已启用 DNS 水平自动缩放，
+可以跳过阅读[优化自动缩放参数](#tuning-autoscaling-parameters)章节。
+
+<!--
+## Getting the name of your DNS Deployment or ReplicationController
+-->
+
+## 获取 DNS Deployment 名或 ReplicationController 名
+
+<!--
+List the Deployments in your cluster in the kube-system namespace:
+-->
+列出集群中命名空间 kube-system 下的 Deployment：
+
+    kubectl get deployment --namespace=kube-system
+
+<!--
+The output is similar to this:
+->
+
+输出类似：
+
+    NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    coredns      2         2         2            2           ...
+    ...
+
+
+<!--
+In Kubernetes versions earlier than 1.12, the DNS Deployment was called "kube-dns".
+-->
+
+在早于 1.12 的 Kubernetes 版本中，DNS Deployment 称之为 `kube-dns`。
+
+<!--
+In Kubernetes versions earlier than 1.5 DNS was implemented using a
+ReplicationController instead of a Deployment. So if you don't see kube-dns,
+or a similar name, in the preceding output, list the ReplicationControllers in
+your cluster in the kube-system namespace:
+-->
+
+在 Kubernetes 1.5 之前的版本中，DNS 是使用 ReplicationController 而不是 Deployment 来实现的。
+因此，如果在前面的输出中没有看到 kube-dns 或类似的名称，请在 kube-system 名称空间中列出集群中的 ReplicationControllers:
+
+    kubectl get rc --namespace=kube-system
+
+<!--
+The output is similar to this:
+-->
+
+输出类似：
+
+    NAME            DESIRED   CURRENT   READY     AGE
+    ...
+    kube-dns-v20    1         1         1         ...
+    ...
+
+<!--
+## Determining your scale target
+-->
+
+## 确定规模目标
+
+<!--
+If you have a DNS Deployment, your scale target is:
+-->
+
+如果是 DNS Deployment，则伸缩目标是：
+
+    Deployment/<your-deployment-name>
+
+<!--
+where <dns-deployment-name> is the name of your DNS Deployment. For example, if
+your DNS Deployment name is coredns, your scale target is Deployment/coredns.
+-->
+
+其中，<dns-deployment-name> 是 DNS Deployment 的名称。
+例如，如果 DNS Deployment 名是 coredns，
+则伸缩目标是 Deployment/coredns。
+
+<!--
+If you have a DNS ReplicationController, your scale target is:
+-->
+
+如果是 DNS ReplicationController，则伸缩目标是:
+
+    ReplicationController/<your-rc-name>
+
+<!--
+where <your-rc-name> is the name of your DNS ReplicationController. For example,
+if your DNS ReplicationController name is kube-dns-v20, your scale target is
+ReplicationController/kube-dns-v20.
+-->
+
+其中，<your-rc-name> 是 DNS ReplicationController 的名称。
+例如，如果 DNS ReplicationController 的名称为 kube-dns-v20，则伸缩目标是 ReplicationControlle/kube-dns-v20。
+
+<!--
+## Enabling DNS horizontal autoscaling
+-->
+
+## 启用 DNS 水平自动扩缩
+
+<!--
+In this section, you create a Deployment. The Pods in the Deployment run a
+container based on the `cluster-proportional-autoscaler-amd64` image.
+-->
+
+在本节中，您将创建一个 Deployment。Deployment 中的 Pod 根据 `cluster-proportional-autoscaler-amd64` 镜像运行容器。
+
+<!--
+Create a file named `dns-horizontal-autoscaler.yaml` with this content:
+-->
+
+创建一个名为 `dns-horizontal-autoscaler.yaml` 的文件内容如下:
+
+{{< codenew file="admin/dns/dns-horizontal-autoscaler.yaml" >}}
+
+<!--
+In the file, replace `<SCALE_TARGET>` with your scale target.
+-->
+
+在文件中，将 `<SCALE_TARGET>` 替换为扩缩目标。
+
+<!--
+Go to the directory that contains your configuration file, and enter this
+command to create the Deployment:
+-->
+
+转至包含配置文件的目录，然后输入以下命令以创建 Deployment：
+
+    kubectl create -f dns-horizontal-autoscaler.yaml
+
+<!--
+The output of a successful command is:
+-->
+
+运行成功后的输出结果为：
+
+    deployment.apps/kube-dns-autoscaler created
+
+<!--
+DNS horizontal autoscaling is now enabled.
+-->
+
+现在启用了 DNS 水平自动扩缩。
+
+<!--
+## Tuning autoscaling parameters
+-->
+
+## 调优自动扩缩参数
+
+<!--
+Verify that the dns-autoscaler ConfigMap exists:
+-->
+
+验证 dns-autoscaler ConfigMap 存在:
+
+    kubectl get configmap --namespace=kube-system
+
+<!--
+The output is similar to this:
+-->
+
+输出类似：
+
+    NAME                  DATA      AGE
+    ...
+    dns-autoscaler        1         ...
+    ...
+
+<!--
+Modify the data in the ConfigMap:
+-->
+
+修改 ConfigMap 中的数据：
+
+    kubectl edit configmap dns-autoscaler --namespace=kube-system
+
+<!--
+Look for this line:
+-->
+
+寻找这一行：
+
+    linear: '{"coresPerReplica":256,"min":1,"nodesPerReplica":16}'
+
+<!--
+Modify the fields according to your needs. The "min" field indicates the
+minimal number of DNS backends. The actual number of backends number is
+calculated using this equation:
+-->
+
+根据需要修改字段。`min` 字段表示 DNS 后端的最小数量。实际后端数的计算公式为：
+
+    replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
+
+<!--
+Note that the values of both `coresPerReplica` and `nodesPerReplica` are
+integers.
+-->
+
+注意，`coresPerReplica` 和 `nodesPerReplica` 的值都是整数。
+
+<!--
+The idea is that when a cluster is using nodes that have many cores,
+`coresPerReplica` dominates. When a cluster is using nodes that have fewer
+cores, `nodesPerReplica` dominates.
+-->
+
+其思想是，当集群使用具有多个核心的节点时，`coresPerReplica` 占主导地位。
+当集群使用内核较少的节点时，`nodesPerReplica` 占主导地位。
+
+<!--
+There are other supported scaling patterns. For details, see
+[cluster-proportional-autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler).
+-->
+
+还有其他受支持的扩展模式。有关详细信息，请参见 [cluster-proportion -autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler)。
+
+<!--
+## Disable DNS horizontal autoscaling
+-->
+
+## 禁用 DNS 水平自动扩缩
+
+<!--
+There are a few options for tuning DNS horizontal autoscaling. Which option to
+use depends on different conditions.
+-->
+
+有一些选项可用于调优 DNS 水平自动扩缩。使用哪个选项取决于不同的条件。
+
+<!--
+### Option 1: Scale down the dns-autoscaler deployment to 0 replicas
+-->
+
+### 选项 1：将 dns-autoscaler deployment 降低到 0 个副本
+
+<!--
+This option works for all situations. Enter this command:
+-->
+
+此选项适用于所有情况。输入这个命令：
+
+    kubectl scale deployment --replicas=0 dns-autoscaler --namespace=kube-system
+
+<!--
+The output is:
+-->
+
+输出是：
+
+    deployment.extensions/dns-autoscaler scaled
+
+<!--
+Verify that the replica count is zero:
+-->
+
+验证副本计数是否为零：
+
+    kubectl get deployment --namespace=kube-system
+
+<!--
+The output displays 0 in the DESIRED and CURRENT columns:
+-->
+
+输出在 DESIRED 和 CURRENT 列中显示 0：
+
+    NAME                  DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    ...
+    dns-autoscaler        0         0         0            0           ...
+    ...
+
+<!--
+### Option 2: Delete the dns-autoscaler deployment
+-->
+
+### 选项 2：删除 dns-autoscaler deployment
+
+<!--
+This option works if dns-autoscaler is under your own control, which means
+no one will re-create it:
+-->
+
+如果 dns-autoscaler 在您自己的控制之下，则此选项有效，这意味着没有人会重新创建它：
+
+    kubectl delete deployment dns-autoscaler --namespace=kube-system
+
+<!--
+The output is:
+-->
+
+输出是：
+
+    deployment.extensions "dns-autoscaler" deleted
+
+<!--
+### Option 3: Delete the dns-autoscaler manifest file from the master node
+-->
+
+### 选项 3：从主节点中删除 dns-autoscaler 清单文件
+
+<!--
+This option works if dns-autoscaler is under control of the
+[Addon Manager](https://git.k8s.io/kubernetes/cluster/addons/README.md)'s
+control, and you have write access to the master node.
+-->
+
+此选项可行的前提是，dns-autoscaler 在[附加组件管理器](https://git.k8s.io/kubernetes/cluster/addons/README.md) 的控制之下，
+并且有对主节点的写访问权。
+
+<!--
+Sign in to the master node and delete the corresponding manifest file.
+The common path for this dns-autoscaler is:
+-->
+
+登录主节点并删除相应的清单文件。这个 dns-autoscaler 的通用路径是：
+
+    /etc/kubernetes/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
+
+<!--
+After the manifest file is deleted, the Addon Manager will delete the
+dns-autoscaler Deployment.
+-->
+
+删除清单文件后，附加组件管理器将删除 dns-autoscaler Deployment。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Understanding how DNS horizontal autoscaling works
+-->
+
+了解 DNS 水平自动缩放的工作原理
+
+<!--
+* The cluster-proportional-autoscaler application is deployed separately from
+the DNS service.
+
+* An autoscaler Pod runs a client that polls the Kubernetes API server for the
+number of nodes and cores in the cluster.
+
+* A desired replica count is calculated and applied to the DNS backends based on
+the current schedulable nodes and cores and the given scaling parameters.
+
+* The scaling parameters and data points are provided via a ConfigMap to the
+autoscaler, and it refreshes its parameters table every poll interval to be up
+to date with the latest desired scaling parameters.
+
+* Changes to the scaling parameters are allowed without rebuilding or restarting
+the autoscaler Pod.
+
+* The autoscaler provides a controller interface to support two control
+patterns: *linear* and *ladder*.
+-->
+
+* 集群比例自动伸缩器应用程序与 DNS 服务分开部署。
+
+* 一个自动伸缩 Pod 运行一个客户端，该客户端轮询 Kubernetes API 服务器以获得集群中的节点和核心的数量。
+
+* 根据当前可调度节点和核心以及给定的缩放参数，计算并应用所需的副本计数到 DNS 后端。
+
+* 缩放参数和数据点是通过 ConfigMap 提供给 autoscaler 的，它会在每个轮询间隔刷新参数表，以更新所需的最新缩放参数。
+
+* 允许在不重新构建或重新启动自动缩放Pod的情况下更改缩放参数。
+
+* autoscaler 提供了一个控制器接口来支持两种控制模式：*linear* 和 *ladder*。
+
+<!--
+## Future enhancements
+-->
+
+## 未来的改进
+
+<!--
+Control patterns, in addition to linear and ladder, that consider custom metrics
+are under consideration as a future development.
+-->
+
+除了线性和梯形之外，未来将考虑自定义度量的控制模式。
+
+<!--
+Scaling of DNS backends based on DNS-specific metrics is under consideration as
+a future development. The current implementation, which uses the number of nodes
+and cores in cluster, is limited.
+-->
+
+基于 DNS 特定指标的 DNS 后端扩展正在考虑作为未来发展。当前实现使用集群中的节点和核心数量是有限的。
+
+<!--
+Support for custom metrics, similar to that provided by
+[Horizontal Pod Autoscaling](/docs/tasks/run-application/horizontal-pod-autoscale/),
+is under consideration as a future development.
+-->
+
+未来将考虑支持类似于[水平 Pod 自动伸缩](/docs/tasks/run-application/horizontal-pod-autoscale/)
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Learn more about the
+[implementation of cluster-proportional-autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler).
+-->
+
+了解更多关于[实施 of cluster-proportional-autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler)。
+
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/tasks/example-task-template.md b/content/zh/docs/tasks/example-task-template.md
new file mode 100644
index 0000000000000..3d3bec9b53a32
--- /dev/null
+++ b/content/zh/docs/tasks/example-task-template.md
@@ -0,0 +1,105 @@
+---
+title: 示例任务的模板
+reviewers:
+- chenopis
+content_template: templates/task
+toc_hide: true
+---
+
+<!--
+---
+title: Example Task Template
+reviewers:
+- chenopis
+content_template: templates/task
+toc_hide: true
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Be sure to also [create an entry in the table of contents](/docs/home/contribute/write-new-topic/#creating-an-entry-in-the-table-of-contents) for your new document.
+-->
+
+{{< note >}}
+还要确保为新文档[在目录中创建一个条目](/docs/home/contribute/write-new-topic/#creating-an-entry-in-the-table-of-contents)。
+{{< /note >}}
+
+<!--
+This page shows how to ...
+-->
+这个页面展示了如何...
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+* Do this.
+* Do this too.
+-->
+
+
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+* 做这个。
+* 也做这个。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Doing ...
+-->
+
+## 做...
+
+<!--
+1. Do this.
+1. Do this next. Possibly read this [related explanation](...).
+-->
+
+1. 做这个。
+1. 接下来做这个。可能需要阅读一下这个[相关解释](...).
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Understanding ...
+**[Optional Section]**
+-->
+
+## 理解 ...
+
+**[可选部分]**
+
+<!--
+Here's an interesting thing to know about the steps you just did.
+-->
+关于你刚才所做的过程，有一点是需要知道的。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+**[Optional Section]**
+-->
+
+**[可选部分]**
+
+<!--
+* Learn more about [Writing a New Topic](/docs/home/contribute/write-new-topic/).
+* See [Using Page Templates - Task template](/docs/home/contribute/page-templates/#task_template) for how to use this template.
+-->
+
+* 了解更多关于[撰写新主题](/docs/home/contribute/write-new-topic/).
+* 查看[使用页面模板-任务模板](/docs/home/contribute/page-templates/#task_template) for how to use this template.
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/extend-kubectl/kubectl-plugins.md b/content/zh/docs/tasks/extend-kubectl/kubectl-plugins.md
new file mode 100644
index 0000000000000..77ab2f5c5b6d2
--- /dev/null
+++ b/content/zh/docs/tasks/extend-kubectl/kubectl-plugins.md
@@ -0,0 +1,512 @@
+---
+title: 用插件扩展 kubectl
+reviewers:
+- juanvallejo
+- soltysh
+description: 使用 kubectl 插件，你可以通过添加新的子命令来扩展 kubectl 命令的功能。
+---
+
+<!--
+title: Extend kubectl with plugins
+reviewers:
+- juanvallejo
+- soltysh
+description: With kubectl plugins, you can extend the functionality of the kubectl command by adding new subcommands.
+content_template: templates/task
+-->
+
+{{% capture overview %}}
+
+{{< feature-state state="stable" >}}
+
+<!--
+This guide demonstrates how to install and write extensions for [kubectl](/docs/reference/kubectl/kubectl/). By thinking of core `kubectl` commands as essential building blocks for interacting with a Kubernetes cluster, a cluster administrator can think
+of plugins as a means of utilizing these building blocks to create more complex behavior. Plugins extend `kubectl` with new sub-commands, allowing for new and custom features not included in the main distribution of `kubectl`.
+-->
+本指南演示了如何为 [kubectl](/docs/reference/kubectl/kubectl/) 安装和编写扩展。
+通过将核心 `kubectl` 命令看作与 Kubernetes 集群交互的基本构建块，集群管理员可以将插件视为一种利用这些构建块创建更复杂行为的方法。
+插件用新的子命令扩展了 `kubectl`，允许新的和自定义的特性不包括在 `kubectl` 的主要发行版中。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+You need to have a working `kubectl` binary installed.
+-->
+您需要安装一个工作的二进制 `kubectl`。
+
+{{< note >}}
+
+<!--
+Plugins were officially introduced as an alpha feature in the v1.8.0 release. They have been re-worked in the v1.12.0 release to support a wider range of use-cases. So, while some parts of the plugins feature were already available in previous versions, a `kubectl` version of 1.12.0 or later is recommended if you are following these docs.
+-->
+插件在 v1.8.0 版本中正式作为 alpha 特性引入。它们已经在 v1.12.0 版本中工作，以支持更广泛的用例。因此，虽然在以前的版本中已经提供了部分插件特性，但如果您遵循这些文档，建议使用 1.12.0 或更高版本的 `kubectl`。
+
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Installing kubectl plugins
+-->
+
+## 安装 kubectl 插件
+
+<!--
+A plugin is nothing more than a standalone executable file, whose name begins with `kubectl-`. To install a plugin, simply move this executable file to anywhere on your PATH.
+-->
+插件只不过是一个独立的可执行文件，名称以 `kubectl-` 开头。要安装插件，只需将此可执行文件移动到路径上的任何位置。
+
+{{< note >}}
+
+<!--
+Kubernetes does not provide a package manager or anything similar to install or update plugins. It is your responsibility to ensure that plugin executables have a filename that begins with `kubectl-`, and that they are placed somewhere on your PATH.
+-->
+Kubernetes 不提供包管理器或任何类似于安装或更新插件的东西。你有责任确保插件可执行文件的文件名以 `kubectl-` 开头，并将它们放在你路径的某个位置。
+{{< /note >}}
+
+<!--
+### Discovering plugins
+-->
+
+### 发现插件
+
+<!--
+`kubectl` provides a command `kubectl plugin list` that searches your PATH for valid plugin executables.
+Executing this command causes a traversal of all files in your PATH. Any files that are executable, and begin with `kubectl-` will show up *in the order in which they are present in your PATH* in this command's output.
+A warning will be included for any files beginning with `kubectl-` that are *not* executable.
+A warning will also be included for any valid plugin files that overlap each other's name.
+-->
+`kubectl` 提供一个命令 `kubectl plugin list`，用于搜索路径查找有效的插件可执行文件。
+执行此命令将遍历路径中的所有文件。任何以 `kubectl-` 开头的可执行文件都将在这个命令的输出中以它们在路径中出现的顺序显示。
+任何以 `kubectl-` 开头的文件如果`不可执行`，都将包含一个警告。
+对于任何相同的有效插件文件，都将包含一个警告。
+
+<!--
+#### Limitations
+-->
+
+#### 限制
+
+<!--
+It is currently not possible to create plugins that overwrite existing `kubectl` commands. For example, creating a plugin `kubectl-version` will cause that plugin to never be executed, as the existing `kubectl version` command will always take precedence over it. Due to this limitation, it is also *not* possible to use plugins to add new subcommands to existing `kubectl` commands. For example, adding a subcommand `kubectl create foo` by naming your plugin `kubectl-create-foo` will cause that plugin to be ignored. Warnings will appear under the output of `kubectl plugin list` for any valid plugins that attempt to do this.
+-->
+目前无法创建覆盖现有 `kubectl` 命令的插件，例如，创建一个插件 `kubectl-version` 将导致该插件永远不会被执行，因为现有的 `kubectl-version` 命令总是优先于它执行。
+由于这个限制，也不可能使用插件将新的子命令添加到现有的 `kubectl` 命令中。例如，通过将插件命名为 `kubectl-create-foo` 来添加子命令 `kubectl create foo` 将导致该插件被忽略。对于任何试图这样做的有效插件 `kubectl plugin list` 的输出中将显示警告。
+
+<!--
+## Writing kubectl plugins
+-->
+
+## 编写 kubectl 插件
+
+<!--
+You can write a plugin in any programming language or script that allows you to write command-line commands.
+-->
+你可以用任何编程语言或脚本编写插件，允许您编写命令行命令。
+
+<!--
+There is no plugin installation or pre-loading required. Plugin executables receive the inherited environment from the `kubectl` binary.
+A plugin determines which command path it wishes to implement based on its name. For example, a plugin wanting to provide a new command
+`kubectl foo`, would simply be named `kubectl-foo`, and live somewhere in the user's PATH.
+-->
+不需要安装插件或预加载，插件可执行程序从 `kubectl` 二进制文件接收继承的环境，插件根据其名称确定它希望实现的命令路径。
+例如，一个插件想要提供一个新的命令 `kubectl foo`，它将被简单地命名为 `kubectl-foo`，并且位于用户路径的某个位置。
+
+<!--
+### Example plugin
+-->
+
+### 示例插件
+
+```
+#!/bin/bash
+
+# optional argument handling
+if [[ "$1" == "version" ]]
+then
+    echo "1.0.0"
+    exit 0
+fi
+
+# optional argument handling
+if [[ "$1" == "config" ]]
+then
+    echo $KUBECONFIG
+    exit 0
+fi
+
+echo "I am a plugin named kubectl-foo"
+```
+
+<!--
+### Using a plugin
+-->
+
+### 使用插件
+
+<!--
+To use the above plugin, simply make it executable:
+-->
+要使用上面的插件，只需使其可执行：
+
+```
+sudo chmod +x ./kubectl-foo
+```
+
+<!--
+and place it anywhere in your PATH:
+-->
+并将它放在你的路径中的任何地方：
+
+```
+sudo mv ./kubectl-foo /usr/local/bin
+```
+
+<!--
+You may now invoke your plugin as a `kubectl` command:
+-->
+你现在可以调用你的插件作为 `kubectl` 命令：
+
+```
+kubectl foo
+```
+```
+I am a plugin named kubectl-foo
+```
+
+<!--
+All args and flags are passed as-is to the executable:
+-->
+所有参数和标记按原样传递给可执行文件：
+
+```
+kubectl foo version
+```
+```
+1.0.0
+```
+
+<!--
+All environment variables are also passed as-is to the executable:
+-->
+所有环境变量也按原样传递给可执行文件：
+
+```bash
+export KUBECONFIG=~/.kube/config
+kubectl foo config
+```
+```
+/home/<user>/.kube/config
+```
+
+```shell
+KUBECONFIG=/etc/kube/config kubectl foo config
+```
+```
+/etc/kube/config
+```
+
+<!--
+Additionally, the first argument that is passed to a plugin will always be the full path to the location where it was invoked (`$0` would equal `/usr/local/bin/kubectl-foo` in our example above).
+-->
+此外，传递给插件的第一个参数总是调用它的位置的绝对路径（在上面的例子中，`$0` 将等于 `/usr/local/bin/kubectl-foo`）。
+
+<!--
+### Naming a plugin
+-->
+
+### 命名插件
+
+<!--
+As seen in the example above, a plugin determines the command path that it will implement based on its filename. Every sub-command in the command path that a plugin targets, is separated by a dash (`-`).
+For example, a plugin that wishes to be invoked whenever the command `kubectl foo bar baz` is invoked by the user, would have the filename of `kubectl-foo-bar-baz`.
+-->
+如上面的例子所示，插件根据文件名确定要实现的命令路径，插件所针对的命令路径中的每个子命令都由破折号（`-`）分隔。
+例如，当用户调用命令 `kubectl foo bar baz` 时，希望调用该命令的插件的文件名为 `kubectl-foo-bar-baz`。
+
+<!--
+#### Flags and argument handling
+-->
+
+#### 参数和标记处理
+
+{{< note >}}
+<!--
+Unlike previous versions of `kubectl`, the plugin mechanism will _not_ create any custom, plugin-specific values or environment variables to a plugin process.
+This means that environment variables such as `KUBECTL_PLUGINS_CURRENT_NAMESPACE` are no longer provided to a plugin. Plugins must parse all of the arguments passed to them by a user,
+and handle flag validation as part of their own implementation. For plugins written in Go, a set of utilities has been provided under [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) to assist with this.
+-->
+与以前版本的 `kubectl` 不同，插件机制不会为插件进程创建任何定制的、特定于插件的值或环境变量，这意味着像 `KUBECTL_PLUGINS_CURRENT_NAMESPACE` 这样的环境变量不再提供给插件。
+插件必须解析用户传递给它们的所有参数，并将参数验证作为它们自己实现的一部分处理。对于用 Go 编写的插件，在 [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) 下提供了一组实用程序来帮助实现这一点。
+
+{{< /note >}}
+
+<!--
+Taking our `kubectl-foo-bar-baz` plugin from the above scenario, we further explore additional cases where users invoke our plugin while providing additional flags and arguments.
+For example, in a situation where a user invokes the command `kubectl foo bar baz arg1 --flag=value arg2`, the plugin mechanism will first try to find the plugin with the longest possible name, which in this case
+would be `kubectl-foo-bar-baz-arg1`. Upon not finding that plugin, it then treats the last dash-separated value as an argument (`arg1` in this case), and attempts to find the next longest possible name, `kubectl-foo-bar-baz`.
+Upon finding a plugin with this name, it then invokes that plugin, passing all args and flags after its name to the plugin executable.
+-->
+从上面的场景中使用我们的 `kubectl-foo-bar-baz` 插件，我们将进一步研究用户在提供额外标记和参数的同时调用我们的插件的其他情况。
+例如，在用户调用命令 `kubectl foo bar baz arg1 --flag=value arg2` 的情况下，插件机制将首先尝试找到名称可能最长的插件，在本例中是 `kubectl-foo-bar-baz-arg1`。
+当没有找到这个插件时，它就会将最后一个以破折号分隔的值视为参数（在本例中为 `arg1`），并尝试找到下一个最长的名称 `kubectl-foo-bar-baz`。
+在找到具有此名称的插件后，它将调用该插件，并在其名称之后将所有参数和标志传递给插件可执行文件。
+
+<!--
+Example:
+-->
+示例：
+
+```bash
+# create a plugin
+echo '#!/bin/bash\n\necho "My first command-line argument was $1"' > kubectl-foo-bar-baz
+sudo chmod +x ./kubectl-foo-bar-baz
+
+# "install" our plugin by placing it on our PATH
+sudo mv ./kubectl-foo-bar-baz /usr/local/bin
+
+# ensure our plugin is recognized by kubectl
+kubectl plugin list
+```
+```
+The following kubectl-compatible plugins are available:
+
+/usr/local/bin/kubectl-foo-bar-baz
+```
+```
+# test that calling our plugin via a "kubectl" command works
+# even when additional arguments and flags are passed to our
+# plugin executable by the user.
+kubectl foo bar baz arg1 --meaningless-flag=true
+```
+```
+My first command-line argument was arg1
+```
+
+<!--
+As you can see, our plugin was found based on the `kubectl` command specified by a user, and all extra arguments and flags were passed as-is to the plugin executable once it was found.
+-->
+正如你所看到的，我们的插件是基于用户指定的 `kubectl` 命令找到的，所有额外的参数和标记都是按原样传递给插件可执行文件的。
+
+<!--
+#### Names with dashes and underscores
+-->
+
+#### 带有破折号和下划线的名称
+
+<!--
+Although the `kubectl` plugin mechanism uses the dash (`-`) in plugin filenames to separate the sequence of sub-commands processed by the plugin, it is still possible to create a plugin
+command containing dashes in its commandline invocation by using underscores (`_`) in its filename.
+-->
+虽然 `kubectl` 插件机制在插件文件名中使用破折号（`-`）分隔插件处理的子命令序列，但是仍然可以通过在文件名中使用下划线（`-`）来创建命令行中包含破折号的插件命令。
+
+<!--
+Example:
+-->
+
+例子：
+
+```bash
+# create a plugin containing an underscore in its filename
+echo '#!/bin/bash\n\necho "I am a plugin with a dash in my name"' > ./kubectl-foo_bar
+sudo chmod +x ./kubectl-foo_bar
+
+# move the plugin into your PATH
+sudo mv ./kubectl-foo_bar /usr/local/bin
+
+# our plugin can now be invoked from `kubectl` like so:
+kubectl foo-bar
+```
+```
+I am a plugin with a dash in my name
+```
+
+<!--
+Note that the introduction of underscores to a plugin filename does not prevent us from having commands such as `kubectl foo_bar`.
+The command from the above example, can be invoked using either a dash (`-`) or an underscore (`_`):
+-->
+请注意，在插件文件名中引入下划线并不会阻止我们使用 `kubectl foo_bar` 之类的命令。可以使用破折号（`-`）或下划线（`-`）调用上面示例中的命令:
+
+```bash
+# our plugin can be invoked with a dash
+kubectl foo-bar
+```
+```
+I am a plugin with a dash in my name
+```
+
+```bash
+# it can also be invoked using an underscore
+kubectl foo_bar
+```
+```
+I am a plugin with a dash in my name
+```
+
+<!--
+#### Name conflicts and overshadowing
+-->
+
+#### 命名冲突和弊端
+
+<!--
+It is possible to have multiple plugins with the same filename in different locations throughout your PATH.
+For example, given a PATH with the following value: `PATH=/usr/local/bin/plugins:/usr/local/bin/moreplugins`, a copy of plugin `kubectl-foo` could exist in `/usr/local/bin/plugins` and `/usr/local/bin/moreplugins`,
+such that the output of the `kubectl plugin list` command is:
+-->
+可以在路径的不同位置使用多个文件名相同的插件，
+例如，给定一个路径的值为: `PATH=/usr/local/bin/plugins:/usr/local/bin/moreplugins`，在 `/usr/local/bin/plugins` 和 `/usr/local/bin/moreplugins` 中可以存在一个插件 `kubectl-foo` 的副本，这样 `kubectl plugin list` 命令的输出就是:
+
+```bash
+PATH=/usr/local/bin/plugins:/usr/local/bin/moreplugins kubectl plugin list
+```
+```bash
+The following kubectl-compatible plugins are available:
+
+/usr/local/bin/plugins/kubectl-foo
+/usr/local/bin/moreplugins/kubectl-foo
+  - warning: /usr/local/bin/moreplugins/kubectl-foo is overshadowed by a similarly named plugin: /usr/local/bin/plugins/kubectl-foo
+
+error: one plugin warning was found
+```
+
+<!--
+In the above scenario, the warning under `/usr/local/bin/moreplugins/kubectl-foo` tells us that this plugin will never be executed. Instead, the executable that appears first in our PATH, `/usr/local/bin/plugins/kubectl-foo`, will always be found and executed first by the `kubectl` plugin mechanism.
+-->
+在上面的场景中 `/usr/local/bin/moreplugins/kubectl-foo` 下的警告告诉我们这个插件永远不会被执行。相反，首先出现在我们路径中的可执行文件 `/usr/local/bin/plugins/kubectl-foo` 总是首先被 `kubectl` 插件机制找到并执行。
+
+<!--
+A way to resolve this issue is to ensure that the location of the plugin that you wish to use with `kubectl` always comes first in your PATH. For example, if we wanted to always use `/usr/local/bin/moreplugins/kubectl-foo` anytime that the `kubectl` command `kubectl foo` was invoked, we would simply change the value of our PATH to be `PATH=/usr/local/bin/moreplugins:/usr/local/bin/plugins`.
+-->
+解决这个问题的一种方法是你确保你希望与 `kubectl` 一起使用的插件的位置总是在你的路径中首先出现。
+例如，如果我们总是想使用 `/usr/local/bin/moreplugins/kubectl foo`，那么在调用 `kubectl` 命令 `kubectl foo` 时，我们只需将路径的值更改为 `PATH=/usr/local/bin/moreplugins:/usr/local/bin/plugins`。
+
+
+<!--
+#### Invocation of the longest executable filename
+-->
+
+#### 调用最长的可执行文件名
+
+<!--
+There is another kind of overshadowing that can occur with plugin filenames. Given two plugins present in a user's PATH `kubectl-foo-bar` and `kubectl-foo-bar-baz`, the `kubectl` plugin mechanism will always choose the longest possible plugin name for a given user command. Some examples below, clarify this further:
+-->
+对于插件文件名而言还有另一种弊端，给定用户路径中的两个插件 `kubectl-foo-bar` 和 `kubectl-foo-bar-baz` ，`kubectl` 插件机制总是为给定的用户命令选择尽可能长的插件名称。下面的一些例子进一步的说明了这一点：
+
+```bash
+# for a given kubectl command, the plugin with the longest possible filename will always be preferred
+kubectl foo bar baz
+```
+```
+Plugin kubectl-foo-bar-baz is executed
+```
+
+```bash
+kubectl foo bar
+```
+```
+Plugin kubectl-foo-bar is executed
+```
+
+```bash
+kubectl foo bar baz buz
+```
+```
+Plugin kubectl-foo-bar-baz is executed, with "buz" as its first argument
+```
+
+```bash
+kubectl foo bar buz
+```
+```
+Plugin kubectl-foo-bar is executed, with "buz" as its first argument
+```
+
+<!--
+This design choice ensures that plugin sub-commands can be implemented across multiple files, if needed, and that these sub-commands can be nested under a "parent" plugin command:
+-->
+这种设计选择确保插件子命令可以跨多个文件实现，如果需要，这些子命令可以嵌套在"父"插件命令下：
+
+```bash
+ls ./plugin_command_tree
+```
+```
+kubectl-parent
+kubectl-parent-subcommand
+kubectl-parent-subcommand-subsubcommand
+```
+
+<!--
+### Checking for plugin warnings
+-->
+
+### 检查插件警告
+
+<!--
+You can use the aforementioned `kubectl plugin list` command to ensure that your plugin is visible by `kubectl`, and verify that there are no warnings preventing it from being called as a `kubectl` command.
+-->
+你可以使用前面提到的 `kubectl plugin list` 命令来确保你的插件可以被 `kubectl` 看到，并且验证没有警告防止它被称为 `kubectl` 命令。
+
+```bash
+kubectl plugin list
+```
+```
+The following kubectl-compatible plugins are available:
+
+test/fixtures/pkg/kubectl/plugins/kubectl-foo
+/usr/local/bin/kubectl-foo
+  - warning: /usr/local/bin/kubectl-foo is overshadowed by a similarly named plugin: test/fixtures/pkg/kubectl/plugins/kubectl-foo
+plugins/kubectl-invalid
+  - warning: plugins/kubectl-invalid identified as a kubectl plugin, but it is not executable
+
+error: 2 plugin warnings were found
+```
+
+<!--
+### Using the command line runtime package
+-->
+
+### 使用命令行 runtime 包
+
+<!--
+As part of the plugin mechanism update in the v1.12.0 release, an additional set of utilities have been made available to plugin authors. These utilities
+exist under the [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) repository, and can be used by plugins written in Go to parse and update
+a user's KUBECONFIG file, obtain REST clients to talk to the API server, and automatically bind flags associated with configuration and printing.
+-->
+作为 v1.12.0 版本中插件机制更新的一部分，插件作者可以使用另外一组实用程序。这些实用程序在，
+[k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) 存储库，并且可以被编写在 Go 中的插件用来解析和更新，
+用户的 KUBECONFIG 文件，获取 REST 客户端与 API 服务器通信，并自动绑定与配置和打印相关的参数。
+
+<!--
+Plugins *do not* have to be written in Go in order to be recognized as valid plugins by `kubectl`, but they do have to use Go in order to take advantage of
+the tools and utilities in the CLI Runtime repository.
+-->
+插件*不*必须用 Go 编写才能被 `kubectl` 识别为有效的插件，但是它们必须使用 Go 才能使用的 CLI Runtime 存储库中的工具和实用程序。
+
+<!--
+See the [Sample CLI Plugin](https://github.com/kubernetes/sample-cli-plugin) for an example usage of the tools provided in the CLI Runtime repo.
+-->
+参见 [CLI 插件示例](https://github.com/kubernetes/sample-cli-plugin)了解 CLI Runtime 存储库中提供的工具的使用示例。
+
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Check the Sample CLI Plugin repository for [a detailed example](https://github.com/kubernetes/sample-cli-plugin) of a plugin written in Go.
+* In case of any questions, feel free to reach out to the [CLI SIG team](https://github.com/kubernetes/community/tree/master/sig-cli).
+* Binary plugins are a beta feature, so this is the time to contribute ideas and improvements to the codebase. We're also excited to hear about what you're planning to implement with plugins, so [let us know](https://github.com/kubernetes/community/tree/master/sig-cli)!
+-->
+
+* 查看 CLI 插件库示例，查看用 Go 编写的插件的[详细示例](https://github.com/kubernetes/sample-cli-plugin)
+* 如有任何问题，请随时联系 [CLI SIG 小组](https://github.com/kubernetes/community/tree/master/sig-cli)
+* 二进制插件是 beta 版的特性，所以现在是时候为代码库贡献一些想法和改进了。我们也很高兴听到您计划用插件实现什么，所以[让我们知道](https://github.com/kubernetes/community/tree/master/sig-cli)！
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/_index.md b/content/zh/docs/tasks/federation/_index.md
old mode 100644
new mode 100755
index 4885914869041..c583d43de14fe
--- a/content/zh/docs/tasks/federation/_index.md
+++ b/content/zh/docs/tasks/federation/_index.md
@@ -1,12 +1,11 @@
-<!--
 ---
-title: "Federation - Run an App on Multiple Clusters"
+title: "联邦 - 在多个集群上运行一个应用"
 weight: 120
 ---
--->
 
+<!--
 ---
-title: "联邦 - 在多个集群上运行一个应用"
+title: "Federation - Run an App on Multiple Clusters"
 weight: 120
 ---
-
+-->
diff --git a/content/zh/docs/tasks/federation/administer-federation/_index.md b/content/zh/docs/tasks/federation/administer-federation/_index.md
new file mode 100644
index 0000000000000..2f73e13d47697
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/_index.md
@@ -0,0 +1,11 @@
+---
+title: "管理联邦控制平面"
+weight: 160
+---
+
+<!--
+---
+title: "Administer Federation Control Plane"
+weight: 160
+---
+-->
diff --git a/content/zh/docs/tasks/federation/administer-federation/configmap.md b/content/zh/docs/tasks/federation/administer-federation/configmap.md
new file mode 100644
index 0000000000000..db52ac77521b9
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/configmap.md
@@ -0,0 +1,147 @@
+---
+title: 联邦 ConfigMap
+content_template: templates/task
+---
+<!--
+---
+title: Federated ConfigMap
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+<!--
+This guide explains how to use ConfigMaps in a Federation control plane.
+
+Federated ConfigMaps are very similar to the traditional [Kubernetes
+ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) and provide the same functionality.
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation.
+-->
+本指南介绍如何在联邦控制平面中使用 ConfigMap。
+
+联邦 ConfigMap 与传统 [Kubernetes
+ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) 非常相似且提供相同的功能。
+在联邦控制平面中创建它们可以确保它们在联邦的所有集群中同步。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+<!--
+* You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general and [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/) in particular.
+-->
+* 通常我们还期望您拥有基本的 [Kubernetes 应用知识](/docs/tutorials/kubernetes-basics/)，
+特别是 [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) 相关的应用知识。
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Creating a Federated ConfigMap
+
+The API for Federated ConfigMap is 100% compatible with the
+API for traditional Kubernetes ConfigMap. You can create a ConfigMap by sending
+a request to the federation apiserver.
+
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+
+``` shell
+kubectl --context=federation-cluster create -f myconfigmap.yaml
+```
+
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+
+Once a Federated ConfigMap is created, the federation control plane will create
+a matching ConfigMap in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+
+``` shell
+kubectl --context=gce-asia-east1a get configmap myconfigmap
+```
+
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone.
+
+These ConfigMaps in underlying clusters will match the Federated ConfigMap.
+-->
+## 创建联邦 ConfigMap
+
+联邦 ConfigMap 的 API 100% 兼容传统 Kubernetes ConfigMap 的 API。您可以通过向联邦 apiserver 发送请求来创建 ConfigMap。
+您可以通过使用 [kubectl](/docs/user-guide/kubectl/) 运行下面的指令来创建联邦 ConfigMap：
+
+``` shell
+kubectl --context=federation-cluster create -f myconfigmap.yaml
+```
+
+`--context=federation-cluster` 参数告诉 kubectl 将请求提交到联邦 apiserver 而不是发送给某一个 Kubernetes 集群。
+
+一旦联邦 ConfigMap 被创建，联邦控制平面就会在所有底层 Kubernetes 集群中创建匹配的 ConfigMap。
+您可以通过检查底层每个集群来对其进行验证，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get configmap myconfigmap
+```
+
+上面的命令假定您在客户端中配置了一个叫做 ‘gce-asia-east1a’ 的上下文。
+
+这些底层集群中的 ConfigMap 将与 联邦 ConfigMap 相匹配。
+
+<!--
+## Updating a Federated ConfigMap
+
+You can update a Federated ConfigMap as you would update a Kubernetes
+ConfigMap; however, for a Federated ConfigMap, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+The federation control plane ensures that whenever the Federated ConfigMap is
+updated, it updates the corresponding ConfigMaps in all underlying clusters to
+match it.
+-->
+## 更新联邦 ConfigMap
+
+您可以像更新 Kubernetes ConfigMap 一样更新联邦 ConfigMap。
+但是对于联邦 ConfigMap，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。
+联邦控制平面会确保每当联邦 ConfigMap 更新时，它会更新所有底层集群中的 ConfigMap 来和更新后的内容保持一致。
+
+<!--
+## Deleting a Federated ConfigMap
+
+You can delete a Federated ConfigMap as you would delete a Kubernetes
+ConfigMap; however, for a Federated ConfigMap, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+
+For example, you can do that using kubectl by running:
+
+```shell
+kubectl --context=federation-cluster delete configmap
+```
+-->
+## 删除联邦 ConfigMap
+
+您可以像删除 Kubernetes ConfigMap 一样删除联邦 ConfigMap。
+但是，对于联邦 ConfigMap，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。
+例如，您可以使用 kubectl 运行下面的命令来删除联邦 ConfigMap：
+
+```shell
+kubectl --context=federation-cluster delete configmap
+```
+
+{{< note >}}
+<!--
+Deleting a Federated ConfigMap does not delete the corresponding ConfigMaps from underlying clusters. You must delete the underlying ConfigMaps manually.
+-->
+要注意的是这时删除联邦 ConfigMap 并不会删除底层集群中对应的 ConfigMap。您必须自己手动删除底层集群中的 ConfigMap。
+{{< /note >}}
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/administer-federation/daemonset.md b/content/zh/docs/tasks/federation/administer-federation/daemonset.md
new file mode 100644
index 0000000000000..5c121ace0c04c
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/daemonset.md
@@ -0,0 +1,135 @@
+---
+title: 联邦 DaemonSet
+content_template: templates/task
+---
+<!--
+---
+title: Federated DaemonSet
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use DaemonSets in a federation control plane.
+
+DaemonSets in the federation control plane ("Federated Daemonsets" in
+this guide) are very similar to the traditional Kubernetes
+[DaemonSets](/docs/concepts/workloads/controllers/daemonset/) and provide the same functionality.
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation.
+-->
+本指南说明了如何在联邦控制平面中使用 DaemonSet。
+
+联邦控制平面中的 DaemonSet（在本指南中称为 “联邦 DaemonSet”）与传统的 Kubernetes [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) 非常类似，并提供相同的功能。在联邦控制平面中创建联邦 DaemonSet 可以确保它们同步到联邦的所有集群中。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+<!--
+* You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general and [DaemonSets](/docs/concepts/workloads/controllers/daemonset/) in particular.
+-->
+* 你还应该具备基本的 [Kubernetes 应用知识](/docs/tutorials/kubernetes-basics/)，特别是 [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) 相关的应用知识。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Creating a Federated Daemonset
+
+The API for Federated Daemonset is 100% compatible with the
+API for traditional Kubernetes DaemonSet. You can create a DaemonSet by sending
+a request to the federation apiserver.
+
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+
+``` shell
+kubectl --context=federation-cluster create -f mydaemonset.yaml
+```
+
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+
+Once a Federated Daemonset is created, the federation control plane will create
+a matching DaemonSet in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+
+``` shell
+kubectl --context=gce-asia-east1a get daemonset mydaemonset
+```
+
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone.
+-->
+## 创建联邦 Daemonset
+
+联邦 Daemonset 的 API 和传统的 Kubernetes Daemonset API 是 100% 兼容的。您可以通过向联邦 apiserver 发送请求来创建一个 DaemonSet。
+
+您可以通过使用 [kubectl](/docs/user-guide/kubectl/) 运行下面的指令来创建联邦 Daemonset：
+
+``` shell
+kubectl --context=federation-cluster create -f mydaemonset.yaml
+```
+
+`--context=federation-cluster` 参数告诉 kubectl 发送请求到联邦 apiserver 而不是某个 Kubernetes 集群。
+
+一旦联邦 Daemonset 被创建，联邦控制平面就会在所有底层 Kubernetes 集群中创建匹配的 Daemonset。您可以通过检查底层每个集群来对其进行验证，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get daemonset mydaemonset
+```
+
+上面的命令假定您在客户端中配置了一个叫做 ‘gce-asia-east1a’ 的上下文。
+
+
+<!--
+## Updating a Federated Daemonset
+
+You can update a Federated Daemonset as you would update a Kubernetes
+DaemonSet; however, for a Federated Daemonset, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+The federation control plane ensures that whenever the Federated Daemonset is
+updated, it updates the corresponding DaemonSets in all underlying clusters to
+match it.
+-->
+## 更新联邦 Daemonset
+
+您可以像更新 Kubernetes Daemonset 一样更新联邦 Daemonset。但是，对于联邦 Daemonset，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。联邦控制平面会确保每当联邦 Daemonset 更新时，它会更新所有底层集群中的 Daemonset 来和更新后的内容保持一致。
+
+<!--
+## Deleting a Federated Daemonset
+
+You can delete a Federated Daemonset as you would delete a Kubernetes
+DaemonSet; however, for a Federated Daemonset, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+
+For example, you can do that using kubectl by running:
+
+```shell
+kubectl --context=federation-cluster delete daemonset mydaemonset
+```
+-->
+## 删除联邦 Daemonset
+
+您可以像删除 Kubernetes Daemonset 一样删除联邦 Daemonset。但是，对于联邦 Daemonset，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。
+
+例如，您可以使用 kubectl 运行下面的命令来删除联邦 Daemonset：
+
+```shell
+kubectl --context=federation-cluster delete daemonset mydaemonset
+```
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/administer-federation/deployment.md b/content/zh/docs/tasks/federation/administer-federation/deployment.md
new file mode 100644
index 0000000000000..3af526f5b3a73
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/deployment.md
@@ -0,0 +1,176 @@
+---
+title: 联邦 Deployment
+content_template: templates/task
+---
+<!--
+---
+title: Federated Deployment
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use Deployments in the Federation control plane.
+
+Deployments in the federation control plane (referred to as "Federated Deployments" in
+this guide) are very similar to the traditional [Kubernetes
+Deployment](/docs/concepts/workloads/controllers/deployment/) and provide the same functionality.
+Creating them in the federation control plane ensures that the desired number of
+replicas exist across the registered clusters.
+-->
+本指南说明了如何在联邦控制平面中使用 Deployment。
+
+联邦控制平面中的 Deployment（在本指南中称为 “联邦 Deployment”）与传统的 [Kubernetes
+Deployment](/docs/concepts/workloads/controllers/deployment/) 非常类似，并提供相同的功能。在联邦控制平面中创建联邦 Deployment 确保所需的副本数存在于注册的群集中。
+
+{{< feature-state for_k8s_version="1.5" state="alpha" >}}
+
+<!--
+Some features
+(such as full rollout compatibility) are still in development.
+-->
+一些特性（例如完整的 rollout 兼容性）仍在开发中。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+<!--
+* You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general and [Deployments](/docs/concepts/workloads/controllers/deployment/) in particular.
+-->
+* 您还应当拥有基本的 [Kubernetes 应用知识](/docs/tutorials/kubernetes-basics/)，特别是在 [Deployments](/docs/concepts/workloads/controllers/deployment/) 方面。 
+
+{{% /capture %}}
+
+{{% capture steps %}}
+<!--
+## Creating a Federated Deployment
+
+The API for Federated Deployment is compatible with the
+API for traditional Kubernetes Deployment. You can create a Deployment by sending
+a request to the federation apiserver.
+
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+
+``` shell
+kubectl --context=federation-cluster create -f mydeployment.yaml
+```
+
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+
+Once a Federated Deployment is created, the federation control plane will create
+a Deployment in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+
+``` shell
+kubectl --context=gce-asia-east1a get deployment mydep
+```
+
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone.
+
+These Deployments in underlying clusters will match the federation Deployment
+_except_ in the number of replicas and revision-related annotations.
+Federation control plane ensures that the
+sum of replicas in each cluster combined matches the desired number of replicas in the
+Federated Deployment.
+-->
+## 创建联邦 Deployment
+
+联邦 Deployment 的 API 和传统的 Kubernetes Deployment API 是兼容的。 您可以通过向联邦 apiserver 发送请求来创建一个 Deployment。
+
+您可以通过使用 [kubectl](/docs/user-guide/kubectl/) 运行下面的指令：
+
+``` shell
+kubectl --context=federation-cluster create -f mydeployment.yaml
+```
+
+`--context=federation-cluster`  参数告诉 kubectl 发送请求到联邦 apiserver 而不是某个 Kubernetes 集群。
+
+一旦联邦 Deployment 被创建，联邦控制平面会在所有底层 Kubernetes 集群中创建一个 Deployment。 您可以通过检查底层每个集群来对其进行验证，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get deployment mydep
+```
+
+上面的命令假定您在客户端中配置了一个叫做 ‘gce-asia-east1a’ 的上下文，
+
+底层集群中的这些 Deployment 会匹配联邦 Deployment 中副本数和修订版本相关注解_之外_的信息。 联邦控制平面确保所有集群中的副本总数与联邦 Deployment 中请求的副本数量匹配。
+
+<!--
+### Spreading Replicas in Underlying Clusters
+
+By default, replicas are spread equally in all the underlying clusters. For example:
+if you have 3 registered clusters and you create a Federated Deployment with
+`spec.replicas = 9`, then each Deployment in the 3 clusters will have
+`spec.replicas=3`.
+To modify the number of replicas in each cluster, you can specify
+[FederatedReplicaSetPreference](https://github.com/kubernetes/federation/blob/{{< param "githubbranch" >}}/apis/federation/types.go)
+as an annotation with key `federation.kubernetes.io/deployment-preferences`
+on Federated Deployment.
+-->
+### 在底层集群中分布副本
+
+默认情况下，副本会被平均分布到所有的底层集群中。例如：如果您有 3 个注册的集群并且创建了一个副本数为 9(`spec.replicas = 9`) 的联邦 Deployment，那么这 3 个集群中的每个 Deployment 都将有 3 个副本 (`spec.replicas=3`)。
+为修改每个集群中的副本数，您可以在联邦 Deployment 中以注解的形式指定 [FederatedReplicaSetPreference](https://github.com/kubernetes/federation/blob/{{< param "githubbranch" >}}/apis/federation/types.go)，其中注解的键为 `federation.kubernetes.io/deployment-preferences`。  
+
+
+<!--
+## Updating a Federated Deployment
+
+You can update a Federated Deployment as you would update a Kubernetes
+Deployment; however, for a Federated Deployment, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+The federation control plane ensures that whenever the Federated Deployment is
+updated, it updates the corresponding Deployments in all underlying clusters to
+match it. So if the rolling update strategy was chosen then the underlying
+cluster will do the rolling update independently and `maxSurge` and `maxUnavailable`
+will apply only to individual clusters. This behavior may change in the future.
+
+If your update includes a change in number of replicas, the federation
+control plane will change the number of replicas in underlying clusters to
+ensure that their sum remains equal to the number of desired replicas in
+Federated Deployment.
+-->
+## 更新联邦 Deployment
+
+您可以像更新 Kubernetes Deployment 一样更新联邦 Deployment。但是，对于联邦 Deployment，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。联邦控制平面会确保每当联邦 Deployment 更新时，它会更新所有底层集群中相应的 Deployment 来和更新后的内容保持一致。 所以如果（在联邦 Deployment 中）选择了滚动更新，那么底层集群会独立地进行滚动更新，并且联邦 Deployment 中的 `maxSurge` 和 `maxUnavailable` 只会应用于独立的集群中。将来这种行为可能会改变。
+
+如果您的更新包括副本数量的变化，联邦控制平面会改变底层集群中的副本数量，以确保它们的总数等于联邦 Deployment 中请求的数量。
+
+<!--
+## Deleting a Federated Deployment
+
+You can delete a Federated Deployment as you would delete a Kubernetes
+Deployment; however, for a Federated Deployment, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+
+For example, you can do that using kubectl by running:
+
+```shell
+kubectl --context=federation-cluster delete deployment mydep
+```
+-->
+## 删除联邦 Deployment
+
+您可以像删除 Kubernetes Deployment 一样删除联邦 Deployment。但是，对于联邦 Deployment，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。
+
+例如，您可以使用 kubectl 运行下面的命令来删除联邦 Deployment：
+
+```shell
+kubectl --context=federation-cluster delete deployment mydep
+```
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/administer-federation/events.md b/content/zh/docs/tasks/federation/administer-federation/events.md
new file mode 100644
index 0000000000000..824f62d7e003b
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/events.md
@@ -0,0 +1,87 @@
+---
+title: 联邦事件
+content_template: templates/concept
+---
+
+<!--
+---
+title: Federated Events
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use events in federation control plane to help in debugging.
+-->
+本指南介绍如何在联邦控制平面中使用事件来帮助调试。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Prerequisites
+-->
+
+## 先决条件
+
+<!--
+This guide assumes that you have a running Kubernetes Cluster
+Federation installation. If not, then head over to the
+[federation admin guide](/docs/concepts/cluster-administration/federation/) to learn how to
+bring up a cluster federation (or have your cluster administrator do
+this for you). Other tutorials, for example
+[this one](https://github.com/kelseyhightower/kubernetes-cluster-federation)
+by Kelsey Hightower, are also available to help you.
+-->
+
+本指南假定您正在运行 Kubernetes 集群联邦安装。
+如果没有，请转到[联邦管理员指南](/docs/concepts/cluster-administration/federation/)，了解如何启动集群联邦（或让集群管理员为您执行此操作）。
+其他教程，例如[这个](https://github.com/kelseyhightower/kubernetes-cluster-federation)由 Kelsey Hightower，也可为您提供帮助。
+
+<!--
+You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general.
+-->
+你还应该具备 [kubernetes 基本工作知识](/docs/tutorials/kubernetes-basics/)。
+
+<!--
+## View federation events
+-->
+
+## 查看联邦事件
+
+<!--
+Events in federation control plane (referred to as "federation events" in
+this guide) are very similar to the traditional Kubernetes
+Events providing the same functionality.
+Federation Events are stored only in federation control plane and are not passed on to the underlying Kubernetes clusters.
+-->
+联邦控制平面中的事件（本指南中称为“联邦事件”）与提供相同功能的传统 Kubernetes 事件非常相似。
+联邦事件仅存储在联邦控制平面中，不会传递给基础 Kubernetes 集群。
+
+<!--
+Federation controllers create events as they process API resources to surface to the
+user, the state that they are in.
+You can get all events from federation apiserver by running:
+-->
+联邦控制器在处理 API 资源时创建事件，以便向用户显示它们所处的状态。您可以通过运行以下命令从联邦 apiserver 获取所有事件：
+
+```shell
+kubectl --context=federation-cluster get events
+```
+
+<!--
+The standard kubectl get, update, delete commands will all work.
+-->
+标准的 kubectl get，update，delete 命令都可以正常工作。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/federation/administer-federation/job.md b/content/zh/docs/tasks/federation/administer-federation/job.md
new file mode 100644
index 0000000000000..b86cba363fed6
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/job.md
@@ -0,0 +1,189 @@
+---
+title: 联邦 Job
+content_template: templates/task
+---
+
+<!--
+---
+title: Federated Jobs
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use jobs in the federation control plane.
+
+Jobs in the federation control plane (referred to as "federated jobs" in
+this guide) are similar to the traditional [Kubernetes
+jobs](/docs/concepts/workloads/controllers/job/), and provide the same functionality.
+Creating jobs in the federation control plane ensures that the desired number of
+parallelism and completions exist across the registered clusters.
+-->
+本指南解释了如何在联邦控制平面中使用 job。
+
+联邦控制平面中的一次性任务（在本指南中称为“联邦一次性任务”）类似于传统的 [Kubernetes 一次性任务](/docs/concepts/workloads/controllers/job/)，并且提供相同的功能。
+在联邦控制平面中创建 job 可以确保在已注册的集群中存在所需的并行性和完成数。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* 你需要具备基本的 [Kubernetes 的工作知识](/docs/tutorials/kubernetes-basics/)，特别是 [job](/docs/concepts/workloads/controllers/jobs-run-to-completion/)。
+<!--
+* You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general and [jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/) in particular.
+-->
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Creating a federated job
+-->
+
+## 创建一个联邦 job
+
+<!--
+The API for federated jobs is fully compatible with the
+API for traditional Kubernetes jobs. You can create a job by sending
+a request to the federation apiserver.
+
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+-->
+
+用于联邦 job 的 API 与用于传统 Kubernetes job 的 API 完全兼容。您可以通过向联邦 apiserver 发送请求来创建 job。
+
+你可以使用 [kubectl](/docs/user-guide/kubectl/) 来运行：
+
+``` shell
+kubectl --context=federation-cluster create -f myjob.yaml
+```
+
+<!--
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the federation API server instead of sending it to a Kubernetes
+cluster.
+-->
+`--context=federation-cluster` 参数告诉 kubectl 将请求提交到联邦 API 服务器，而不是发送到 Kubernetes 集群。
+
+<!--
+Once a federated job is created, the federation control plane creates
+a job in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+-->
+一旦创建了联邦 job，联邦控制平面将在所有底层 Kubernetes 集群中创建一个 job。
+你可以通过检查每个集群底层来验证这一点，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get job myjob
+```
+
+<!--
+The previous example assumes that you have a context named `gce-asia-east1a`
+configured in your client for your cluster in that zone.
+-->
+前面的示例假设你的客户端中为该区域中的集群配置了一个名为 `gce-asia-east1a` 的上下文。
+
+<!--
+The jobs in the underlying clusters match the federated job
+except in the number of parallelism and completions. The federation control plane ensures that the
+sum of the parallelism and completions in each cluster matches the desired number of parallelism and completions in the
+federated job.
+-->
+集群底层中的 job 与联邦 job 匹配，但并行性和完成数不匹配。
+联邦控制平面确保每个集群中的并行性和完成数之和与联合作业中所需的并行度和完成数匹配。
+
+<!--
+### Spreading job tasks in underlying clusters
+-->
+
+### 将 job 任务分散到集群底层中
+
+<!--
+By default, parallelism and completions are spread equally in all underlying clusters. For example:
+if you have 3 registered clusters and you create a federated job with
+`spec.parallelism = 9` and `spec.completions = 18`, then each job in the 3 clusters has
+`spec.parallelism = 3` and `spec.completions = 6`.
+To modify the number of parallelism and completions in each cluster, you can specify
+[ReplicaAllocationPreferences](https://github.com/kubernetes/federation/blob/{{< param "githubbranch" >}}/apis/federation/types.go)
+as an annotation with key `federation.kubernetes.io/job-preferences`
+on the federated job.
+-->
+默认情况下，并行性和完成数在所有底层集群中平均分布。例如：
+如果你有 3 个已注册的集群，并且创建了一个联邦 job
+`spec.parallelism = 9` 和 `spec.completions = 18`，那么 3 个集群中的每个 job 都有 `spec.parallelism = 3` 和 `spec.completions = 6`。
+要修改每个集群中的并行性和完成数，可以指定 [ReplicaAllocationPreferences](https://github.com/kubernetes/federation/blob/{{< param "githubbranch" >}}/apis/federation/types.go)
+作为 `federation.kubernetes.io/job-preferences` 联邦 job 上的 key 的注释。
+
+<!--
+## Updating a federated job
+-->
+
+## 更新联邦 job
+
+<!--
+You can update a federated job as you would update a Kubernetes
+job; however, for a federated job, you must send the request to
+the federation API server instead of sending it to a specific Kubernetes cluster.
+The federation control plane ensures that whenever the federated job is
+updated, it updates the corresponding job in all underlying clusters to
+match it.
+-->
+可以像更新 Kubernetes job 一样更新联邦 job；但是，对于联邦 job，必须将请求发送到联邦 API 服务器，不是发送到指定的 Kubernetes 集群。
+联邦控制平面确保无论何时更新联邦 job，它都会更新所有集群底层中的相应 job 以匹配它。
+
+<!--
+If your update includes a change in number of parallelism and completions, the federation
+control plane changes the number of parallelism and completions in underlying clusters to
+ensure that their sum remains equal to the number of desired parallelism and completions in
+federated job.
+-->
+如果您的更新包含并行性和完成数的更改，则联邦控制平面将更改集群底层中的并行性和完成数，
+确保它们的总和仍然等于联邦 job 中所需的并行性和完成数。
+
+<!--
+## Deleting a federated job
+-->
+
+## 删除联邦 job
+
+<!--
+You can delete a federated job as you would delete a Kubernetes
+job; however, for a federated job, you must send the request to
+the federation API server instead of sending it to a specific Kubernetes cluster.
+-->
+可以删除联邦 job，就像删除 Kubernetes job 一样;但是，对于联邦 job，必须将请求发送到联邦 API 服务器，不是发送到指定的 Kubernetes 集群。
+
+<!--
+For example, with kubectl:
+-->
+例如，使用 kubectl：
+
+```shell
+kubectl --context=federation-cluster delete job myjob
+```
+
+{{< note >}}
+
+<!--
+Deleting a federated job will not delete the
+corresponding jobs from underlying clusters.
+You must delete the underlying jobs manually.
+-->
+删除联邦作业不会从基础集群中删除相应的 job。
+您必须手动删除基础 job。
+
+{{< /note >}}
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/administer-federation/namespaces.md b/content/zh/docs/tasks/federation/administer-federation/namespaces.md
new file mode 100644
index 0000000000000..8ed098eaf80e8
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/namespaces.md
@@ -0,0 +1,157 @@
+---
+title: 联邦命名空间
+content_template: templates/task
+---
+
+<!--
+---
+title: Federated Namespaces
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use Namespaces in Federation control plane.
+-->
+本指南介绍如何在联邦控制平面中使用命名空间。
+
+<!--
+Namespaces in federation control plane (referred to as "federated Namespaces" in
+this guide) are very similar to the traditional [Kubernetes
+Namespaces](/docs/concepts/overview/working-with-objects/namespaces/) providing the same functionality.
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation.
+-->
+联邦控制平面中的命名空间（本指南中称为“联邦命名空间”）与提供相同功能的传统 Kubernetes 命名空间非常相似。
+在联邦控制平面中创建它们可确保它们在联邦中的所有集群之间同步
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+* 您还需要具备基本的 [Kubernetes 工作知识](/docs/tutorials/Kubernetes-basics/)，
+特别是[命名空间](/docs/concepts/overview/working-objects/Namespaces/)。
+
+<!--
+You are also expected to have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general and [Namespaces](/docs/concepts/overview/working-with-objects/namespaces/) in particular.
+-->
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Creating a Federated Namespace
+-->
+
+## 创建联邦命名空间
+
+<!--
+The API for Federated Namespaces is 100% compatible with the
+API for traditional Kubernetes Namespaces. You can create a Namespace by sending
+a request to the federation apiserver.
+-->
+联邦命名空间的 API 与传统 Kubernetes 命名空间的 API 100％ 兼容。您可以通过向联邦身份验证程序发送请求来创建命名空间。
+
+<!--
+You can do that using kubectl by running:
+-->
+您可以通过运行以下命令使用 kubectl 执行此操作：
+
+``` shell
+kubectl --context=federation-cluster create -f myns.yaml
+```
+
+<!--
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+-->
+`--context=federation-cluster` 参数通知 kubectl 将请求提交给联邦 apiserver，而不是将其发送到 Kubernetes 集群。
+
+<!--
+Once a federated Namespace is created, the federation control plane will create
+a matching Namespace in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+-->
+创建联邦命名空间后，联邦控制平面将在所有基础 Kubernetes 集群中创建匹配的命名空间。您可以通过检查每个基础集群来验证这一点，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get namespaces myns
+```
+
+<!--
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone. The name and
+spec of the underlying Namespace will match those of
+the Federated Namespace that you created above.
+-->
+以上假设您在客户端中为该区域中的集群配置了名为 “gce-asia-east1a” 的上下文。
+基础命名空间的名称和规范将与您在上面创建的联邦命名空间的名称和规范相匹配。
+
+<!--
+## Updating a Federated Namespace
+-->
+
+## 更新联邦命名空间
+
+<!--
+You can update a federated Namespace as you would update a Kubernetes
+Namespace, just send the request to federation apiserver instead of sending it
+to a specific Kubernetes cluster.
+Federation control plane will ensure that whenever the federated Namespace is
+updated, it updates the corresponding Namespaces in all underlying clusters to
+match it.
+-->
+您可以像更新 Kubernetes 命名空间一样更新联邦命名空间，只需将请求发送到联邦身份验证程序，而不是将其发送到指定的 Kubernetes 集群。
+联邦控制平面将确保每当更新联邦命名空间时，它都会更新所有基础集群中的相应命名空间以与其匹配。
+
+<!--
+## Deleting a Federated Namespace
+-->
+
+## 删除联邦命名空间
+
+<!--
+You can delete a federated Namespace as you would delete a Kubernetes
+Namespace, just send the request to federation apiserver instead of sending it
+to a specific Kubernetes cluster.
+-->
+你可以删除联邦命名空间，就像删除 Kubernetes 命名空间一样，只需将请求发送到联邦身份验证器，而不是发送到指定的 Kubernetes 群集。
+
+<!--
+For example, you can do that using kubectl by running:
+-->
+例如，您可以通过运行以下命令使用 kubectl 执行此操作：
+
+```shell
+kubectl --context=federation-cluster delete ns myns
+```
+
+<!--
+As in Kubernetes, deleting a federated Namespace will delete all resources in that
+Namespace from the federation control plane.
+-->
+与在 Kubernetes 中一样，删除联邦命名空间将从联邦控制平面中删除该命名空间中的所有资源。
+
+{{< note >}}
+
+<!--
+At this point, deleting a federated Namespace will not delete the corresponding Namespace, or resources in those Namespaces, from underlying clusters. Users must delete them manually. We intend to fix this in the future.
+-->
+此时，删除联邦命名空间，不会从底层集群中删除相应的命名空间或这些命名空间中的资源。用户必须手动删除它们。我们打算将来解决这个问题。
+
+{{< /note >}}
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/administer-federation/replicaset.md b/content/zh/docs/tasks/federation/administer-federation/replicaset.md
new file mode 100644
index 0000000000000..b68bca653d826
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/replicaset.md
@@ -0,0 +1,219 @@
+---
+title: 联邦 ReplicaSet
+content_template: templates/task
+---
+<!--
+---
+title: Federated ReplicaSets
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use ReplicaSets in the Federation control plane.
+
+ReplicaSets in the federation control plane (referred to as "federated ReplicaSets" in
+this guide) are very similar to the traditional [Kubernetes
+ReplicaSets](/docs/concepts/workloads/controllers/replicaset/), and provide the same functionality.
+Creating them in the federation control plane ensures that the desired number of
+replicas exist across the registered clusters.
+-->
+本指南阐述了如何在联邦控制平面中使用 ReplicaSet。
+在联邦控制平面中的 ReplicaSet (在本指南中称为”联邦 ReplicaSet”) 和传统的 [Kubernetes
+ReplicaSet](/docs/concepts/workloads/controllers/replicaset/) 很相似，提供了一样的功能。在联邦控制平面中创建联邦 ReplicaSet 可以确保在联邦的所有集群中都有预期数量的副本。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+<!--
+* You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general and [ReplicaSets](/docs/concepts/workloads/controllers/replicaset/) in particular.
+-->
+* 你还应该具备基本的 [Kubernetes 应用知识](/docs/tutorials/kubernetes-basics/)，特别是 [ReplicaSets](/docs/concepts/workloads/controllers/replicaset/) 相关的应用知识。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Creating a Federated ReplicaSet
+
+The API for Federated ReplicaSet is 100% compatible with the
+API for traditional Kubernetes ReplicaSet. You can create a ReplicaSet by sending
+a request to the federation apiserver.
+
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+
+``` shell
+kubectl --context=federation-cluster create -f myrs.yaml
+```
+
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+
+Once a federated ReplicaSet is created, the federation control plane will create
+a ReplicaSet in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+
+``` shell
+kubectl --context=gce-asia-east1a get rs myrs
+```
+
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone.
+
+The ReplicaSets in the underlying clusters will match the federation ReplicaSet
+except in the number of replicas. The federation control plane will ensure that the
+sum of the replicas in each cluster match the desired number of replicas in the
+federation ReplicaSet.
+-->
+## 创建联邦 ReplicaSet
+
+联邦 ReplicaSet 的 API 和传统的 Kubernetes ReplicaSet API 是 100% 兼容的。您可以通过请求联邦 apiserver 来创建联邦 ReplicaSet。
+
+您可以通过使用 [kubectl](/docs/user-guide/kubectl/) 运行下面的指令来创建联邦 ReplicaSet：
+
+``` shell
+kubectl --context=federation-cluster create -f myrs.yaml
+```
+
+`--context=federation-cluster` 参数告诉 kubectl 发送请求到联邦 apiserver 而不是某个 Kubernetes 集群。
+
+一旦联邦 ReplicaSet 被创建了，联邦控制平面就会在所有底层 Kubernetes 集群中创建一个 ReplicaSet。您可以通过检查底层每个集群来对其进行验证，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get rs myrs
+```
+
+上面的命令假定您在客户端中配置了一个叫做 ‘gce-asia-east1a’ 的上下文。
+
+底层集群中的 ReplicaSet 的副本数将会和联邦 ReplicaSet 的副本数保持一致。联邦控制平面将确保联邦的所有集群都和联邦 ReplicaSet 有同样的副本数。
+
+<!--
+### Spreading Replicas in Underlying Clusters
+
+By default, replicas are spread equally in all the underlying clusters. For example:
+if you have 3 registered clusters and you create a federated ReplicaSet with
+`spec.replicas = 9`, then each ReplicaSet in the 3 clusters will have
+`spec.replicas=3`.
+To modify the number of replicas in each cluster, you can add an annotation with
+key `federation.kubernetes.io/replica-set-preferences` to the federated ReplicaSet.
+The value of the annoation is a serialized JSON that contains fields shown in
+the following example:
+
+```
+{
+  "rebalance": true,
+  "clusters": {
+    "foo": {
+      "minReplicas": 10,
+      "maxReplicas": 50,
+      "weight": 100
+    },
+    "bar": {
+      "minReplicas": 10,
+      "maxReplicas": 100,
+      "weight": 200
+    }
+  }
+}
+```
+
+The `rebalance` boolean field specifies whether replicas already scheduled and running
+may be moved in order to match current state to the specified preferences.
+The `clusters` object field contains a map where users can specify the constraints
+for replica placement across the clusters (`foo` and `bar` in the example).
+For each cluster, you can specify the minimum number of replicas that should be
+assigned to it (default is zero), the maximum number of replicas the cluster can
+accept (default is unbounded) and a number expressing the relative weight of
+preferences to place additional replicas to that cluster.
+-->
+### 底层集群中副本的分布
+
+默认情况下，副本在所有底层集群中是均匀分布的。例如：如果您有 3 个注册的集群并且用 `spec.replicas = 9` 参数创建了一个联邦 ReplicaSet，然后在这 3 个集群中每个 ReplicaSet 的副本数会是 `spec.replicas=3`。
+如果要修改每个集群中的副本数，您可以在联邦 ReplicaSet 中使用 `federation.kubernetes.io/replica-set-preferences` 作为注解键值来修改联合副本集。
+注解的键值是序列化的 JSON，其中包含以下示例中显示的字段：
+
+```
+{
+  "rebalance": true,
+  "clusters": {
+    "foo": {
+      "minReplicas": 10,
+      "maxReplicas": 50,
+      "weight": 100
+    },
+    "bar": {
+      "minReplicas": 10,
+      "maxReplicas": 100,
+      "weight": 200
+    }
+  }
+}
+```
+`rebalance` 布尔字段指定是否可以移动已调度和正在运行的副本，以便将当前状态与指定的首选项相匹配。
+`clusters` 对象字段包含一个映射，用户可以在其中指定跨集群的副本放置的约束（示例中为 `foo` 和 `bar`）。
+对于每个集群，您可以指定应分配给它的最小副本数（默认值为零），集群可以接受的最大副本数（默认为无限制）以及表示要添加该群集的副本的首选项的相对权重的数字。
+
+<!--
+## Updating a Federated ReplicaSet
+
+You can update a federated ReplicaSet as you would update a Kubernetes
+ReplicaSet; however, for a federated ReplicaSet, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+The Federation control plane ensures that whenever the federated ReplicaSet is
+updated, it updates the corresponding ReplicaSet in all underlying clusters to
+match it.
+If your update includes a change in number of replicas, the federation
+control plane will change the number of replicas in underlying clusters to
+ensure that their sum remains equal to the number of desired replicas in
+federated ReplicaSet.
+-->
+## 更新联邦 ReplicaSet
+
+您可以像更新 Kubernetes ReplicaSet 一样更新联邦 ReplicaSet。但是对于联邦 ReplicaSet，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。联邦控制平面会确保任何时候联邦 ReplicaSet 更新后，它会将对应的 ReplicaSet 更新到所有的底层集群中来和它保持一致。
+
+如果您做了包含副本数量的更改，联邦控制平面将会更改底层集群中的副本数以确保它们的总数和联邦 ReplicaSet 期望的副本数保持一致。
+
+<!--
+## Deleting a Federated ReplicaSet
+
+You can delete a federated ReplicaSet as you would delete a Kubernetes
+ReplicaSet; however, for a federated ReplicaSet, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+
+For example, you can do that using kubectl by running:
+
+```shell
+kubectl --context=federation-cluster delete rs myrs
+```
+-->
+## 删除联邦 ReplicaSet
+
+您可以像删除 Kubernetes ReplicaSet 一样删除联邦 ReplicaSet。但是对于联邦 ReplicaSet ，您必须发送请求到联邦 apiserver 而不是某个特定的 Kubernetes 集群。
+
+例如，您可以使用 kubectl 运行下面的命令来删除联邦 ReplicaSet：
+
+```shell
+kubectl --context=federation-cluster delete rs myrs
+```
+
+{{< note >}}
+<!--
+At this point, deleting a federated ReplicaSet will not delete the corresponding ReplicaSets from underlying clusters. You must delete the underlying ReplicaSets manually. We intend to fix this in the future.
+-->
+要注意的是这时删除联邦 ReplicaSet 并不会删除底层集群中对应的 ReplicaSet。您必须自己手动删除底层集群中的 ReplicaSet。我们打算在将来修复这个问题。
+{{< /note >}}
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/administer-federation/secret.md b/content/zh/docs/tasks/federation/administer-federation/secret.md
new file mode 100644
index 0000000000000..b3a7a83fb2ce2
--- /dev/null
+++ b/content/zh/docs/tasks/federation/administer-federation/secret.md
@@ -0,0 +1,164 @@
+---
+title: 联邦 Secret
+content_template: templates/concept
+---
+
+<!--
+---
+title: Federated Secrets
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use secrets in Federation control plane.
+
+Secrets in federation control plane (referred to as "federated secrets" in
+this guide) are very similar to the traditional [Kubernetes
+Secrets](/docs/concepts/configuration/secret/) providing the same functionality.
+Creating them in the federation control plane ensures that they are synchronized
+across all the clusters in federation.
+-->
+本指南解释了如何在联邦控制平面中使用 secret。
+
+联邦控制平面中的 Secret（在本指南中称为“联邦 secret”）与提供相同功能的传统 [Kubernetes Secret](/docs/concepts/configuration/secret/) 非常相似。
+在联邦控制平面中创建它们可以确保它们跨联邦中的所有集群同步。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Prerequisites
+-->
+
+## 先决条件
+
+<!--
+This guide assumes that you have a running Kubernetes Cluster
+Federation installation. If not, then head over to the
+[federation admin guide](/docs/admin/federation/) to learn how to
+bring up a cluster federation (or have your cluster administrator do
+this for you). Other tutorials, for example
+[this one](https://github.com/kelseyhightower/kubernetes-cluster-federation)
+by Kelsey Hightower, are also available to help you.
+-->
+本指南假设你有一个正在运行的 Kubernetes 集群联邦安装。
+如果没有，请访问[联邦管理指南](/docs/admin/federation/)，了解如何启动联邦集群（或者让集群管理员为你做这件事）。
+其他教程，例如[这里](https://github.com/kelseyhightower/kubernetes-cluster-federation) Kelsey Hightower，也可以帮助您。
+
+<!--
+You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general and [Secrets](/docs/concepts/configuration/secret/) in particular.
+-->
+你还应该具有一个基本的 [Kubernetes 工作知识](/docs/tutorials/kubernetes-basics/)，
+特别是 [Secret](/docs/concepts/configuration/secret/)。
+
+<!--
+## Creating a Federated Secret
+-->
+
+## 创建联邦 Secret
+
+<!--
+The API for Federated Secret is 100% compatible with the
+API for traditional Kubernetes Secret. You can create a secret by sending
+a request to the federation apiserver.
+-->
+用于联邦 Secret 的 API 与用于传统的 Kubernetes Secret 的 API 100% 兼容。
+您可以通过向联邦 apiserver 发送请求来创建一个 Secret。
+
+<!--
+You can do that using [kubectl](/docs/user-guide/kubectl/) by running:
+-->
+你可以使用 [kubectl](/docs/user-guide/kubectl/) 来运行：
+
+``` shell
+kubectl --context=federation-cluster create -f mysecret.yaml
+```
+
+<!--
+The `--context=federation-cluster` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster.
+-->
+`--context=federation-cluster` 参数通知 kubectl 将请求提交给联邦 apiserver，而不是将其发送到 Kubernetes 集群。
+
+<!--
+Once a federated secret is created, the federation control plane will create
+a matching secret in all underlying Kubernetes clusters.
+You can verify this by checking each of the underlying clusters, for example:
+-->
+创建联邦命名空间后，联邦控制平面将在所有基础 Kubernetes 集群中创建匹配的命名空间。您可以通过检查每个基础集群来验证这一点，例如：
+
+``` shell
+kubectl --context=gce-asia-east1a get secret mysecret
+```
+
+<!--
+The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone.
+
+These secrets in underlying clusters will match the federated secret.
+-->
+以上假设您在客户端中为该区域中的集群配置了名为 “gce-asia-east1a” 的上下文。
+集群底层中的这些 secret 将与联邦 secret 匹配。
+
+<!--
+## Updating a Federated Secret
+-->
+
+## 更新联邦 Secret
+
+<!--
+You can update a federated secret as you would update a Kubernetes
+secret; however, for a federated secret, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+The Federation control plane ensures that whenever the federated secret is
+updated, it updates the corresponding secrets in all underlying clusters to
+match it.
+-->
+您可以像更新 Kubernetes secret 一样更新联邦 secret，但是，对于联邦 secret 必须将请求发送到联邦 apiserver，
+而不是将其发送到指定的 Kubernetes 集群。联邦控制平面将确保每当更新联邦 secret 时，它都会更新所有基础集群中的相应 secret 以与其匹配。
+
+<!--
+## Deleting a Federated Secret
+-->
+
+## 删除联邦 Secret
+
+<!--
+You can delete a federated secret as you would delete a Kubernetes
+secret; however, for a federated secret, you must send the request to
+the federation apiserver instead of sending it to a specific Kubernetes cluster.
+-->
+你可以删除一个联邦 secret，就像删除一个 Kubernetes secret 一样；但是，
+对于联邦 secret，必须将请求发送到联邦 apiserver，而不是发送到指定的 Kubernetes 集群。
+
+<!--
+For example, you can do that using kubectl by running:
+-->
+例如，您可以通过运行以下命令使用 kubectl 执行此操作：
+
+```shell
+kubectl --context=federation-cluster delete secret mysecret
+```
+
+{{< note >}}
+
+<!--
+At this point, deleting a federated secret will not delete the corresponding secrets from underlying clusters. You must delete the underlying secrets manually. We intend to fix this in the future.
+-->
+此时，删除联邦 secret 不会从集群底层中删除相应的 secret。你必须手动删除底层 secret。我们打算将来解决这个问题。
+
+{{< /note >}}
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/federation/cluster.md b/content/zh/docs/tasks/federation/cluster.md
new file mode 100644
index 0000000000000..b63438d9d2a87
--- /dev/null
+++ b/content/zh/docs/tasks/federation/cluster.md
@@ -0,0 +1,218 @@
+---
+title: 联邦集群
+content_template: templates/task
+---
+
+<!--
+---
+title: Federated Cluster
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This guide explains how to use Clusters API resource in a Federation control plane.
+
+Different than other Kubernetes resources, such as Deployments, Services and ConfigMaps,
+clusters only exist in the federation context, i.e. those requests must be submitted to the
+federation api-server.
+-->
+本指南介绍了如何在联邦控制平面中使用集群 API 资源。
+
+与其他 Kubernetes 资源（例如 Deployment，Service 和 ConfigMap）不同， 集群资源仅存在于联邦上下文中，即这些请求必须提交给联邦 api-server。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+* {{< include "federated-task-tutorial-prereqs.md" >}}
+<!--
+* You should also have a basic [working knowledge of Kubernetes](/docs/setup/pick-right-solution/) in
+general.
+-->
+* 你还应该对 [Kubernetes 的工作方式](/docs/setup/pick-right-solution/)有基本的认识。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Listing Clusters
+
+To list the clusters available in your federation, you can use [kubectl](/docs/user-guide/kubectl/) by
+running:
+
+``` shell
+kubectl --context=federation get clusters
+```
+
+The `--context=federation` flag tells kubectl to submit the
+request to the Federation apiserver instead of sending it to a Kubernetes
+cluster. If you submit it to a k8s cluster, you will receive an error saying
+
+```the server doesn't have a resource type "clusters"```
+
+If you passed the correct Federation context but received a message error saying
+
+```No resources found.```
+
+it means that you haven't
+added any cluster to the Federation yet.
+-->
+## 列出集群
+
+要列出联邦中可用的集群，可以使用 [kubectl](/docs/user-guide/kubectl/) 运行：
+
+``` shell
+kubectl --context=federation get clusters
+```
+
+`--context=federation`  参数告诉 kubectl 将请求提交到联邦 apiserver 而不是发送给 Kubernetes 集群。如果您将其提交给 k8s 集群，您将会收到如下的错误信息：
+
+```the server doesn't have a resource type "clusters"```
+
+如果您传递了正确的联邦上下文，但却收到错误消息：
+
+```No resources found.```
+
+这表示您尚未将任何集群添加到联邦。
+
+<!--
+## Creating a Federated Cluster
+
+Creating a `cluster` resource in federation means joining it to the federation. To do so, you can use
+`kubefed join`. Basically, you need to give the new cluster a name and say what is the name of the
+context that corresponds to a cluster that hosts the federation. The following example command adds
+the cluster `gondor` to the federation running on host cluster `rivendell`:
+
+``` shell
+kubefed join gondor --host-cluster-context=rivendell
+```
+
+You can find more details on how to do that in the respective section in the
+[kubefed guide](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#adding-a-cluster-to-a-federation).
+-->
+## 创建联邦集群
+
+在联邦中创建 `cluster` 资源意味着将其加入联邦。您也可以使用 `kubefed join` 命令实现该操作。大体上，您需要给新的集群一个名字，并指出联邦主集群对应的上下文名称。以下示例命令将集群 `gondor` 加入运行于主集群 `rivendell` 上的联邦中：
+
+``` shell
+kubefed join gondor --host-cluster-context=rivendell
+```
+
+您可以在 [kubefed 指南](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#adding-a-cluster-to-a-federation)的相应部分找到更多关于如何做到这一点的详细介绍。
+
+<!--
+## Deleting a Federated Cluster
+
+Converse to creating a cluster, deleting a cluster means unjoining this cluster from the
+federation. This can be done with `kubefed unjoin` command. To remove the `gondor` cluster, just do:
+
+``` shell
+kubefed unjoin gondor --host-cluster-context=rivendell
+```
+
+You can find more details on unjoin in the
+[kubefed guide](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#removing-a-cluster-from-a-federation).
+-->
+
+##  删除联邦集群
+
+与创建集群相反，删除集群表示将集群从联邦中退出。这可以通过 `kubefed unjoin` 完成。要删除 `gondor` 集群，只需要执行：
+
+``` shell
+kubefed unjoin gondor --host-cluster-context=rivendell
+```
+
+您可以在 [kubefed 指南](/docs/tutorials/federation/set-up-cluster-federation-kubefed/#adding-a-cluster-to-a-federation)中找到更多关于 unjoin 的详细介绍。
+
+<!--
+## Labeling Clusters
+
+You can label clusters the same way as any other Kubernetes object, which can help with grouping clusters and can also be leveraged by the ClusterSelector.
+
+``` shell
+kubectl --context=rivendell label cluster gondor key1=value1 key2=value2
+```
+-->
+## 标记集群
+
+您可以使用与其它 Kubernetes 对象相同的方式标记集群，这有助于集群分组，也可以被 ClusterSelector 利用。
+
+``` shell
+kubectl --context=rivendell label cluster gondor key1=value1 key2=value2
+```
+
+<!--
+## ClusterSelector Annotation
+
+Starting in Kubernetes 1.7, there is alpha support for directing objects across the federated clusters with the annotation `federation.alpha.kubernetes.io/cluster-selector`. The *ClusterSelector* is conceptually similar to `nodeSelector`, but instead of selecting against labels on nodes, it selects against labels on federated clusters.
+
+The annotation value must be JSON formatted and must be parsable into the [ClusterSelector API type](/docs/reference/federation/v1beta1/definitions/#_v1beta1_clusterselector). For example: `[{"key": "load", "operator": "Lt", "values": ["10"]}]`. Content that doesn't parse correctly will throw an error and prevent distribution of the object to any federated clusters. Objects of type ConfigMap, Secret, Daemonset, Service and Ingress are included in the alpha implementation.
+
+Here is an example ClusterSelector annotation, which will only select clusters WITH the label `pci=true` and WITHOUT the label `environment=test`:
+
+``` yaml
+  metadata:
+    annotations:
+      federation.alpha.kubernetes.io/cluster-selector: '[{"key": "pci", "operator":
+        "In", "values": ["true"]}, {"key": "environment", "operator": "NotIn", "values":
+        ["test"]}]'
+```
+
+The *key* is matched against label names on the federated clusters.
+
+The *values* are matched against the label values on the federated clusters.
+
+The possible *operators* are: `In`, `NotIn`, `Exists`, `DoesNotExist`, `Gt`, `Lt`.
+
+The *values* field is expected to be empty when `Exists` or `DoesNotExist` is specified and may include more than one string when `In` or `NotIn` are used.
+
+Currently, only integers are supported with `Gt` or `Lt`.
+-->
+## ClusterSelector 注解
+
+从 Kubernetes 1.7 版本开始，alpha 支持通过注解 `federation.alpha.kubernetes.io/cluster-selector` 来指示跨联邦集群的对象。*ClusterSelector* 在概念上与 `nodeSelector` 类似，但不是针对节点上的标签进行选择，而是针对联邦集群上的标签进行选择。
+
+注解值必须为 JSON 格式，并且必须可以解析为 [ClusterSelector API 类型](/docs/reference/federation/v1beta1/definitions/#_v1beta1_clusterselector)。例如：`[{"key": "load", "operator": "Lt", "values": ["10"]}]`。无法正确解析的内容将引发错误并阻止将对象分发到任何联邦集群。Alpha 实现中包含 ConfigMap、Secret、Daemonset、Service 和 Ingress 类型的对象。
+
+下面是一个 ClusterSelector 注解的示例，它只会选择带有 `pci=true` 且没有 `environment=test` 的集群：
+
+``` yaml
+  metadata:
+    annotations:
+      federation.alpha.kubernetes.io/cluster-selector: '[{"key": "pci", "operator":
+        "In", "values": ["true"]}, {"key": "environment", "operator": "NotIn", "values":
+        ["test"]}]'
+```
+
+*key* 用于匹配联邦集群上的标签名。
+
+*values* 用于匹配联邦集群上的标签值。
+
+可能的 *operator* 有：`In`、`NotIn`、`Exists`、`DoesNotExist`、`Gt`、`Lt`。
+
+当指定 `Exists` 或 `DoesNotExist` 时，*values* 字段应为空。使用 `In` 或 `NotIn` 时，可能包含多个字符串。
+
+目前，`Gt` 或 `Lt` 仅支持整数。
+
+
+<!--
+## Clusters API reference
+
+The full clusters API reference is currently in `federation/v1beta1` and more details can be found in the
+[Federation API reference page](/docs/reference/federation/).
+-->
+## 集群 API 参考
+
+完整的集群 API 参考在 `federation/v1beta1` 中，更多细节可以在 [联邦 API 参考页面](/docs/reference/federation/)找到。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/federation-service-discovery.md b/content/zh/docs/tasks/federation/federation-service-discovery.md
new file mode 100644
index 0000000000000..a242731e5789e
--- /dev/null
+++ b/content/zh/docs/tasks/federation/federation-service-discovery.md
@@ -0,0 +1,508 @@
+---
+title: 使用联合服务来实现跨集群的服务发现
+content_template: templates/task
+weight: 140
+---
+<!-- ---
+title: Cross-cluster Service Discovery using Federated Services
+reviewers:
+- bprashanth
+- quinton-hoole
+content_template: templates/task
+weight: 140
+--- -->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!-- This guide explains how to use Kubernetes Federated Services to deploy
+a common Service across multiple Kubernetes clusters. This makes it
+easy to achieve cross-cluster service discovery and availability zone
+fault tolerance for your Kubernetes applications. -->
+本指南说明了如何使用 Kubernetes 联合服务跨多个 Kubernetes 集群部署通用服务。这样可以轻松实现 Kubernetes 应用程序的跨集群服务发现和可用区容错。
+
+
+<!-- Federated Services are created in much that same way as traditional
+[Kubernetes Services](/docs/concepts/services-networking/service/) by making an API
+call which specifies the desired properties of your service. In the
+case of Federated Services, this API call is directed to the
+Federation API endpoint, rather than a Kubernetes cluster API
+endpoint. The API for Federated Services is 100% compatible with the
+API for traditional Kubernetes Services. -->
+联合服务的创建与传统服务几乎相同 [Kubernetes Services](/docs/concepts/services-networking/service/) 即通过 API 调用来指定所需的服务属性。对于联合服务，此 API 调用定向到联合身份验证 API 接入点，而不是 Kubernetes 集群 API 接入点。联合服务的 API 与传统 Kubernetes 服务的 API 是 100% 兼容的。
+
+<!-- Once created, the Federated Service automatically: -->
+创建后，联合服务会自动:
+
+<!-- 1. Creates matching Kubernetes Services in every cluster underlying your Cluster Federation,
+2. Monitors the health of those service "shards" (and the clusters in which they reside), and
+3. Manages a set of DNS records in a public DNS provider (like Google Cloud DNS, or AWS Route 53), thus ensuring that clients
+of your federated service can seamlessly locate an appropriate healthy service endpoint at all times, even in the event of cluster,
+availability zone or regional outages. -->
+1. 在基础集群联合的每个集群中创建匹配的 Kubernetes 服务,
+2. 监视那些服务 "分片"(及其驻留的集群)的运行状况,以及
+3. 在公共 DNS 提供商(例如 Google Cloud DNS 或 AWS Route 53)中管理一组 DNS 记录,即使在集群可用区域中断的情况下，也能确保您联合服务的客户端始终可以无缝地定位合适的健康服务接入点。
+
+<!-- Clients inside your federated Kubernetes clusters (that is Pods) will
+automatically find the local shard of the Federated Service in their
+cluster if it exists and is healthy, or the closest healthy shard in a
+different cluster if it does not. -->
+如果存在健康的分片，联合 Kubernetes 集群(即 Pods )中的客户端将自动在其中找到联合服务的本地分片集群或者集群中最接近的健康分片;如果不存在，则使用最接近的其他集群的健康分片。
+
+{{% /capture %}}
+
+{{< toc >}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Prerequisites -->
+## 前提
+
+<!-- This guide assumes that you have a running Kubernetes Cluster
+Federation installation. If not, then head over to the
+[federation admin guide](/docs/admin/federation/) to learn how to
+bring up a cluster federation (or have your cluster administrator do
+this for you). Other tutorials, for example
+[this one](https://github.com/kelseyhightower/kubernetes-cluster-federation)
+by Kelsey Hightower, are also available to help you. -->
+本指南假设您已经安装 Kubernetes 联合集群。如果没有，则访问 [联合集群管理指南](/docs/admin/federation/)了解如何建立联合集群(或让您的集群管理员为您执行此操作)。其他教程，例如 Kelsey Hightower 编写的 [案例](https://github.com/kelseyhightower/kubernetes-cluster-federation)或许有用。
+
+<!-- You should also have a basic
+[working knowledge of Kubernetes](/docs/tutorials/kubernetes-basics/) in
+general, and [Services](/docs/concepts/services-networking/service/) in particular. -->
+一般而言，您应该还有基本的 [Kubernetes 工作常识](/docs/tutorials/kubernetes-basics/)，特别是 [Services](/docs/concepts/services-networking/service/)。
+
+<!-- ## Hybrid cloud capabilities -->
+## 混合云功能
+
+<!-- Federations of Kubernetes Clusters can include clusters running in
+different cloud providers (such as Google Cloud or AWS), and on-premises
+(such as on OpenStack). Simply create all of the clusters that you
+require, in the appropriate cloud providers and/or locations, and
+register each cluster's API endpoint and credentials with your
+Federation API Server (See the
+[federation admin guide](/docs/admin/federation/) for details). -->
+Kubernetes 联合集群需要可以在不同的云提供商(例如 Google Cloud 或 AWS)和本地(例如 OpenStack)环境中运行。只需在合适的云提供商创建所需的所有集群，向您的联合身份验证 API 服务器注册每个集群的 API 接入点和凭据(有关详细信息，请参见 [联合管理指南](/docs/admin/federation/))。
+
+<!-- Thereafter, your applications and services can span different clusters
+and cloud providers as described in more detail below. -->
+此后，您的应用程序和服务可以跨越不同的集群和云提供商，如下所述。
+
+<!-- ## Creating a federated service -->
+## 创建联合服务
+
+<!-- This is done in the usual way, for example: -->
+常见方式创建，例如:
+
+``` shell
+kubectl --context=federation-cluster create -f services/nginx.yaml
+```
+
+<!-- The '--context=federation-cluster' flag tells kubectl to submit the
+request to the Federation API endpoint, with the appropriate
+credentials. If you have not yet configured such a context, visit the
+[federation admin guide](/docs/admin/federation/) or one of the
+[administration tutorials](https://github.com/kelseyhightower/kubernetes-cluster-federation)
+to find out how to do so. -->
+'--context=federation-cluster' 标志通知 kubectl 使用合适的凭据将请求提交到联合 API 接入点。如果您尚未配置此类上下文，请访问 [联合管理指南](/docs/admin/federation/)或者 [管理教程](https://github.com/kelseyhightower/kubernetes-cluster-federation)找出解决方案。
+
+<!-- As described above, the Federated Service will automatically create
+and maintain matching Kubernetes services in all of the clusters
+underlying your federation. -->
+如上所述，联合服务将自动创建并在所有集群中维护匹配的 Kubernetes 服务以支持联合。
+
+<!-- You can verify this by checking in each of the underlying clusters, for example: -->
+您可以通过核对每个基础集群的信息来验证这一点, 例如:
+
+``` shell
+kubectl --context=gce-asia-east1a get services nginx
+NAME     TYPE        CLUSTER-IP     EXTERNAL-IP      PORT(S)   AGE
+nginx    ClusterIP   10.63.250.98   104.199.136.89   80/TCP    9m
+```
+
+<!-- The above assumes that you have a context named 'gce-asia-east1a'
+configured in your client for your cluster in that zone. The name and
+namespace of the underlying services will automatically match those of
+the Federated Service that you created above (and if you happen to
+have had services of the same name and namespace already existing in
+any of those clusters, they will be automatically adopted by the
+Federation and updated to conform with the specification of your
+Federated Service - either way, the end result will be the same). -->
+以上假设您有一个名为 'gce-asia-east1a' 上下文在客户端中为该区域中的集群配置。基础服务的名称和命名空间将自动与您在上面创建的联合服务匹配(如果服务的名称和命名空间与集群中任意一个服务器的名称和命名空间相同，它们将被联合并更新为符合您的规范联合服务 - 无论哪种方式，最终结果都是相同的)。
+
+<!-- The status of your Federated Service will automatically reflect the
+real-time status of the underlying Kubernetes services, for example: -->
+联合服务的状态将自动反映基础 Kubernetes 服务的实时状态，例如:
+
+``` shell
+kubectl --context=federation-cluster describe services nginx
+```
+```
+Name:                   nginx
+Namespace:              default
+Labels:                 run=nginx
+Annotations:            <none>
+Selector:               run=nginx
+Type:                   LoadBalancer
+IP:                     10.63.250.98
+LoadBalancer Ingress:   104.197.246.190, 130.211.57.243, 104.196.14.231, 104.199.136.89, ...
+Port:                   http    80/TCP
+Endpoints:              <none>
+Session Affinity:       None
+Events:                 <none>
+```
+
+<!-- {{< note >}}
+The 'LoadBalancer Ingress' addresses of your Federated Service
+correspond with the 'LoadBalancer Ingress' addresses of all of the
+underlying Kubernetes services (once these have been allocated - this
+may take a few seconds). For inter-cluster and inter-cloud-provider
+networking between service shards to work correctly, your services
+need to have an externally visible IP address. [Service Type:
+Loadbalancer](/docs/concepts/services-networking/service/#loadbalancer)
+is typically used for this, although other options
+(for example [External IPs](/docs/concepts/services-networking/service/#external-ips)) exist.
+{{< /note >}} -->
+{{< note >}}
+联合服务的 'LoadBalancer Ingress' 地址与所有基础 Kubernetes 服务的 'LoadBalancer Ingress' 地址相对应(一旦分配了这些地址，这可能需要几秒钟)。为了使服务分片之间的集群和云提供商之间的网络正常工作，您的服务需要具有一个外部可见的 IP 地址。[Service Type:Loadbalancer](/docs/concepts/services-networking/service/#loadbalancer)。尽管存在其他选项(例如 [外部 IP](/docs/concepts/services-networking/service/#external-ips)),但通常会使用 [Service 类型:Loadbalancer](/docs/concepts/services-networking/service/#loadbalancer)。
+{{< /note >}}
+
+<!-- Note also that we have not yet provisioned any backend Pods to receive
+the network traffic directed to these addresses (that is 'Service
+Endpoints'), so the Federated Service does not yet consider these to
+be healthy service shards, and has accordingly not yet added their
+addresses to the DNS records for this Federated Service (more on this
+aspect later). -->
+还要注意，我们尚未设置任何后端 Pod 来接收定向到这些地址的网络流量(即 'Service Endpoints')，因此联合服务尚未将它们视为健康的服务分片，并且尚未将其地址添加到联合服务的 DNS 记录中(稍后在此方面进行介绍)。
+
+<!-- ## Adding backend pods -->
+## 添加后端 pods
+
+<!-- To render the underlying service shards healthy, we need to add
+backend Pods behind them. This is currently done directly against the
+API endpoints of the underlying clusters (although in future the
+Federation server will be able to do all this for you with a single
+command, to save you the trouble). For example, to create backend Pods
+in 13 underlying clusters: -->
+为了使基础服务分片健康，我们需要在它们后面添加后端 Pod。当前，这是直接针对基础集群 API 接入点完成的(尽管将来，联合服务将能够通过单个命令为您完成所有这些操作，从而省去了麻烦)。例如，在13个基础集群中创建后端 Pod:
+
+``` shell
+for CLUSTER in asia-east1-c asia-east1-a asia-east1-b \
+                        europe-west1-d europe-west1-c europe-west1-b \
+                        us-central1-f us-central1-a us-central1-b us-central1-c \
+                        us-east1-d us-east1-c us-east1-b
+do
+  kubectl --context=$CLUSTER run nginx --image=nginx:1.11.1-alpine --port=80
+done
+```
+
+<!-- Note that `kubectl run` automatically adds the `run=nginx` labels required to associate the backend pods with their services. -->
+注意，`kubectl run` 会自动添加 `run=nginx` 标签，这是将后端 pod 与其服务关联起来所必需的。
+
+<!-- ## Verifying public DNS records -->
+## 验证公共 DNS 记录
+
+<!-- Once the above Pods have successfully started and have begun listening
+for connections, Kubernetes will report them as healthy endpoints of
+the service in that cluster (through automatic health checks). The Cluster
+Federation will in turn consider each of these
+service 'shards' to be healthy, and place them in serving by
+automatically configuring corresponding public DNS records. You can
+use your preferred interface to your configured DNS provider to verify
+this. For example, if your Federation is configured to use Google
+Cloud DNS, and a managed DNS domain 'example.com': -->
+一旦上述 Pod 成功启动并开始侦听连接，Kubernetes 就会将它们报告为该集群中服务的正常接入点(通过自动运行状况检查)。反过来，联合集群会将这些服务 '分片' 中的每一个视为健康，并通过自动配置相应的公共 DNS 记录将其置于服务中。您可以使用首选接口访问已配置的 DNS 提供程序来进行验证。例如，如果您的联邦配置为使用 Google Cloud DNS 和托管 DNS 域名 'example.com'。
+
+``` shell
+gcloud dns managed-zones describe example-dot-com
+```
+```
+creationTime: '2016-06-26T18:18:39.229Z'
+description: Example domain for Kubernetes Cluster Federation
+dnsName: example.com.
+id: '3229332181334243121'
+kind: dns#managedZone
+name: example-dot-com
+nameServers:
+- ns-cloud-a1.googledomains.com.
+- ns-cloud-a2.googledomains.com.
+- ns-cloud-a3.googledomains.com.
+- ns-cloud-a4.googledomains.com.
+```
+
+```shell
+gcloud dns record-sets list --zone example-dot-com
+```
+```
+NAME                                                            TYPE      TTL     DATA
+example.com.                                                    NS        21600   ns-cloud-e1.googledomains.com., ns-cloud-e2.googledomains.com.
+example.com.                                                    OA        21600   ns-cloud-e1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 1209600 300
+nginx.mynamespace.myfederation.svc.example.com.                 A         180     104.197.246.190, 130.211.57.243, 104.196.14.231, 104.199.136.89,...
+nginx.mynamespace.myfederation.svc.us-central1-a.example.com.   A         180     104.197.247.191
+nginx.mynamespace.myfederation.svc.us-central1-b.example.com.   A         180     104.197.244.180
+nginx.mynamespace.myfederation.svc.us-central1-c.example.com.   A         180     104.197.245.170
+nginx.mynamespace.myfederation.svc.us-central1-f.example.com.   CNAME     180     nginx.mynamespace.myfederation.svc.us-central1.example.com.
+nginx.mynamespace.myfederation.svc.us-central1.example.com.     A         180     104.197.247.191, 104.197.244.180, 104.197.245.170
+nginx.mynamespace.myfederation.svc.asia-east1-a.example.com.    A         180     130.211.57.243
+nginx.mynamespace.myfederation.svc.asia-east1-b.example.com.    CNAME     180     nginx.mynamespace.myfederation.svc.asia-east1.example.com.
+nginx.mynamespace.myfederation.svc.asia-east1-c.example.com.    A         180     130.211.56.221
+nginx.mynamespace.myfederation.svc.asia-east1.example.com.      A         180     130.211.57.243, 130.211.56.221
+nginx.mynamespace.myfederation.svc.europe-west1.example.com.    CNAME     180     nginx.mynamespace.myfederation.svc.example.com.
+nginx.mynamespace.myfederation.svc.europe-west1-d.example.com.  CNAME     180     nginx.mynamespace.myfederation.svc.europe-west1.example.com.
+... etc.
+```
+
+<!-- {{< note >}}
+If your Federation is configured to use AWS Route53, you can use one of the equivalent AWS tools, for example:
+
+``` shell
+aws route53 list-hosted-zones
+```
+and
+
+``` shell
+aws route53 list-resource-record-sets --hosted-zone-id Z3ECL0L9QLOVBX
+```
+{{< /note >}} -->
+{{< note >}}
+如果您的联邦配置为使用 AWS Route53，则可以使用类似的 AWS 工具，例如:
+
+``` shell
+aws route53 list-hosted-zones
+```
+和
+
+``` shell
+aws route53 list-resource-record-sets --hosted-zone-id Z3ECL0L9QLOVBX
+```
+{{< /note >}}
+
+<!-- Whatever DNS provider you use, any DNS query tool (for example 'dig'
+or 'nslookup') will of course also allow you to see the records
+created by the Federation for you. Note that you should either point
+these tools directly at your DNS provider (such as `dig
+@ns-cloud-e1.googledomains.com...`) or expect delays in the order of
+your configured TTL (180 seconds, by default) before seeing updates,
+due to caching by intermediate DNS servers. -->
+无论使用哪种 DNS 提供商，任何 DNS 查询工具(例如 'dig' 或者 'nslookup')都将允许您查看联邦会为您创建的记录。请注意，您应该将这些工具直接指向您的 DNS 提供商(例如 `dig @ ns-cloud-e1.googledomains.com ...`),或者由于中间 DNS 服务器进行了缓存，因此在看到更新之前，预计延迟会按照配置的 TTL 顺序(默认为 180 秒)进行。
+
+<!-- ### Some notes about the above example -->
+### 有关上述示例的一些注意事项
+
+<!-- 1. Notice that there is a normal ('A') record for each service shard that has at least one healthy backend endpoint. For example, in us-central1-a, 104.197.247.191 is the external IP address of the service shard in that zone, and in asia-east1-a the address is 130.211.56.221.
+2. Similarly, there are regional 'A' records which include all healthy shards in that region. For example, 'us-central1'.  These regional records are useful for clients which do not have a particular zone preference, and as a building block for the automated locality and failover mechanism described below.
+3. For zones where there are currently no healthy backend endpoints, a CNAME ('Canonical Name') record is used to alias (automatically redirect) those queries to the next closest healthy zone.  In the example, the service shard in us-central1-f currently has no healthy backend endpoints (that is Pods), so a CNAME record has been created to automatically redirect queries to other shards in that region (us-central1 in this case).
+4. Similarly, if no healthy shards exist in the enclosing region, the search progresses further afield. In the europe-west1-d availability zone, there are no healthy backends, so queries are redirected to the broader europe-west1 region (which also has no healthy backends), and onward to the global set of healthy addresses (' nginx.mynamespace.myfederation.svc.example.com.'). -->
+1. 请注意，每个具有至少一个正常后端端点的服务分片都有一条正常('A')记录。例如，在 us-central1-a 中，104.197.247.191 是该区域中服务分片的外部 IP 地址，在 asia-east1-a 中，该地址是 130.211.56.221。
+2. 同样，也有区域 'A' 记录，其中包括该区域中所有健康的分片。例如，'us-central1'。这些区域记录对于没有特定区域首选项的客户很有用，并且作为下文所述的自动位置和故障转移机制的基础。
+3. 对于当前没有健康后端终结点的区域，将使用 CNAME ('Canonical Name') 记录将这些查询别名(自动重定向)到下一个最接近的健康区域。在此示例中，us-central1-f 中的服务分片当前没有健康的后端端点(即Pods)，因此已创建 CNAME 记录来自动将查询重定向到该区域中的其他分片(在本例中为 us-central1)。
+4. 类似地，如果封闭区域中不存在健康分片，则搜索将进一步进行。在 europe-west1-d 可用性区域中,没有健康的后端,因此查询将重定向到更广阔的 Europe-west1 区域(也没有健康的后端),然后再重定向到全局的健康地址集('nginx.mynamespace.myfederation.svc.example.com.')。
+
+<!-- The above set of DNS records is automatically kept in sync with the
+current state of health of all service shards globally by the
+Federated Service system. DNS resolver libraries (which are invoked by
+all clients) automatically traverse the hierarchy of 'CNAME' and 'A'
+records to return the correct set of healthy IP addresses. Clients can
+then select any one of the returned addresses to initiate a network
+connection (and fail over automatically to one of the other equivalent
+addresses if required). -->
+上面的 DNS 记录集由联邦服务系统自动与全球所有服务分片的当前健康状况保持同步。DNS 解析库(由所有客户端调用)自动遍历 'CNAME' 与 'A' 记录的层次结构，以返回正确健康的 IP 地址集。然后，客户端可以选择任何返回的地址来启动网络连接(并根据需要自动故障转移到其他等效地址之一)。
+
+<!-- ## Discovering a federated service -->
+## 发现联合服务
+
+<!-- ### From pods inside your federated clusters -->
+### 从联合集群内的 Pods 来发现
+
+<!-- By default, Kubernetes clusters come pre-configured with a
+cluster-local DNS server ('KubeDNS'), as well as an intelligently
+constructed DNS search path which together ensure that DNS queries
+like "myservice", "myservice.mynamespace",
+"bobsservice.othernamespace" etc issued by your software running
+inside Pods are automatically expanded and resolved correctly to the
+appropriate service IP of services running in the local cluster. -->
+默认情况下，Kubernetes 集群预先配置了本地集群 DNS 服务器('KubeDNS')以及智能构建的 DNS 搜索路径，这些路径共同确保由 Pods 内部运行软件发出的 DNS 查询如 "myservice", "myservice.mynamespace","bobsservice.othernamespace" 等，会自动扩展并正确解析为本地集群运行服务的相应服务 IP。
+
+<!-- With the introduction of Federated Services and Cross-Cluster Service
+Discovery, this concept is extended to cover Kubernetes services
+running in any other cluster across your Cluster Federation, globally.
+To take advantage of this extended range, you use a slightly different
+DNS name of the form ```"<servicename>.<namespace>.<federationname>"```
+to resolve Federated Services. For example, you might use
+`myservice.mynamespace.myfederation`. Using a different DNS name also
+avoids having your existing applications accidentally traversing
+cross-zone or cross-region networks and you incurring perhaps unwanted
+network charges or latency, without you explicitly opting in to this
+behavior. -->
+随着联合服务和跨集群服务发现的引入，该概念已扩展到涵盖在全球集群联盟中任何其他集群中运行的 Kubernetes 服务。要利用此扩展范围，您可以使用形式稍有不同的 DNS 名称，形式为 ```"<servicename>.<namespace>.<federationname>"``` 来解析联合服务。例如，您可以使用 `myservice.mynamespace.myfederation`。使用不同的 DNS 名称还可以避免现有应用程序意外穿越跨区域或跨区域网络，并且可能招致不必要的网络费用或延迟，而无需您明确选择采取这种行为。
+
+<!-- So, using our NGINX example service above, and the Federated Service
+DNS name form just described, let's consider an example: A Pod in a
+cluster in the `us-central1-f` availability zone needs to contact our
+NGINX service. Rather than use the service's traditional cluster-local
+DNS name (`"nginx.mynamespace"`, which is automatically expanded
+to `"nginx.mynamespace.svc.cluster.local"`) it can now use the
+service's Federated DNS name, which is
+`"nginx.mynamespace.myfederation"`. This will be automatically
+expanded and resolved to the closest healthy shard of my NGINX
+service, wherever in the world that may be. If a healthy shard exists
+in the local cluster, that service's cluster-local (typically
+10.x.y.z) IP address will be returned (by the cluster-local KubeDNS).
+This is almost exactly equivalent to non-federated service resolution
+(almost because KubeDNS actually returns both a CNAME and an A record
+for local federated services, but applications will be oblivious
+to this minor technical difference). -->
+因此，使用上面的 NGINX 示例服务和刚才描述的联合服务 DNS 名称表单，让我们考虑一个示例:`us-central1-f` 可用性区域集群中的 Pod 需要联系我们的 NGINX 服务。现在，可以使用服务的联合 DNS 名称，而不是使用服务的传统集群本地 DNS 名称(`"nginx.mynamespace"` 会自动扩展为 `"nginx.mynamespace.svc.cluster.local"`)。无论位于世界何处，它都会自动扩展并解析为我的 NGINX 服务中最接近的健康分片。如果本地集群中存在健康的分片，则将返回该服务的集群本地(通常为10.x.y.z)的 IP 地址(由集群本地的 KubeDNS)。这几乎完全等同于非联合服务解析(几乎是因为 KubeDNS 实际上为本地联合服务返回了 CNAME 和 A 记录，但是应用程序将忽略这种微小的技术差异)。
+
+<!-- But if the service does not exist in the local cluster (or it exists
+but has no healthy backend pods), the DNS query is automatically
+expanded to ```"nginx.mynamespace.myfederation.svc.us-central1-f.example.com"```
+(that is, logically "find the external IP of one of the shards closest to
+my availability zone"). This expansion is performed automatically by
+KubeDNS, which returns the associated CNAME record. This results in
+automatic traversal of the hierarchy of DNS records in the above
+example, and ends up at one of the external IPs of the Federated
+Service in the local us-central1 region (that is 104.197.247.191,
+104.197.244.180 or 104.197.245.170). -->
+但是，如果服务在本地集群中不存在(或者存在但没有正常的后端 Pod),则 DNS 查询会自动扩展为 ```"nginx.mynamespace.myfederation.svc.us-central1-f.example.com"```(也就是说，从逻辑上 "找到最接近我可用区的一个分片的外部 IP")。此扩展由 KubeDNS 自动执行，它返回关联的 CNAME 记录。这将导致在上面的示例中自动遍历 DNS 记录的层次结构，并最终到达本地 us-central1 区域中联合服务的外部 IP 之一(即 104.197.247.191, 104.197.244.180 或 104.197.245.170 )。
+
+<!-- It is of course possible to explicitly target service shards in
+availability zones and regions other than the ones local to a Pod by
+specifying the appropriate DNS names explicitly, and not relying on
+automatic DNS expansion. For example,
+"nginx.mynamespace.myfederation.svc.europe-west1.example.com" will
+resolve to all of the currently healthy service shards in Europe, even
+if the Pod issuing the lookup is located in the U.S., and irrespective
+of whether or not there are healthy shards of the service in the U.S.
+This is useful for remote monitoring and other similar applications. -->
+当然，可以通过明确地指定合适的 DNS 名称而不依赖于自动 DNS 扩展，在 Pod 本地的可用区域和可用区域之外的区域中明确地定位服务分片。例如，即使发出查询的 Pod 位于美国，"nginx.mynamespace.myfederation.svc.europe-west1.example.com" 也将解析欧洲目前所有健康的服务分片,并且无论美国是否有健康的服务分片。这对于远程监视和其他类似应用程序很有用。
+
+<!-- ### From other clients outside your federated clusters -->
+### 来自联合集群之外的其他客户端
+
+<!-- Much of the above discussion applies equally to external clients,
+except that the automatic DNS expansion described is no longer
+possible.  So external clients need to specify one of the fully
+qualified DNS names of the Federated Service, be that a zonal,
+regional or global name. For convenience reasons, it is often a good
+idea to manually configure additional static CNAME records in your
+service, for example: -->
+上面大部分讨论都同样适用于外部客户端，除了不再描述所描述的自动 DNS 扩展。因此，外部客户端需要指定联合服务的标准 DNS 名称，可以是地带名称，区域名称或者全局名称。为了方便起见，通常最好在服务中手动配置其他静态 CNAME 记录，例如:
+
+``` shell
+eu.nginx.acme.com        CNAME nginx.mynamespace.myfederation.svc.europe-west1.example.com.
+us.nginx.acme.com        CNAME nginx.mynamespace.myfederation.svc.us-central1.example.com.
+nginx.acme.com           CNAME nginx.mynamespace.myfederation.svc.example.com.
+```
+<!-- That way your clients can always use the short form on the left, and
+always be automatically routed to the closest healthy shard on their
+home continent.  All of the required failover is handled for you
+automatically by Kubernetes Cluster Federation.  Future releases will
+improve upon this even further. -->
+这样，您的客户就可以始终使用左侧的缩写形式，并始终被自动路由到其本国大陆上最接近的健康分片。Kubernetes 联邦集群自动为您处理所有必需的故障转移。将来的发行版将对此进行进一步改进。
+
+<!-- ## Handling failures of backend pods and whole clusters -->
+## 处理后端 Pod 和整个集群的故障
+
+<!-- Standard Kubernetes service cluster-IP's already ensure that
+non-responsive individual Pod endpoints are automatically taken out of
+service with low latency (a few seconds). In addition, as alluded
+above, the Kubernetes Cluster Federation system automatically monitors
+the health of clusters and the endpoints behind all of the shards of
+your Federated Service, taking shards in and out of service as
+required (for example, when all of the endpoints behind a service, or perhaps
+the entire cluster or availability zone go down, or conversely recover
+from an outage). Due to the latency inherent in DNS caching (the cache
+timeout, or TTL for Federated Service DNS records is configured to 3
+minutes, by default, but can be adjusted), it may take up to that long
+for all clients to completely fail over to an alternative cluster in
+the case of catastrophic failure. However, given the number of
+discrete IP addresses which can be returned for each regional service
+endpoint (such as us-central1 above, which has three alternatives)
+many clients will fail over automatically to one of the alternative
+IP's in less time than that given appropriate configuration. -->
+标准的 Kubernetes 服务集群 IP 已确保无响应的单个 Pod 端点以低延迟(几秒钟)自动退出服务。此外，如上所述，Kubernetes 联邦集群系统会自动监视集群的状态以及联合服务的所有分片后面的端点，并根据需要使分片进入和退出服务(例如，当服务后面的所有端点或者整个集群或可用性区域出现故障时，或者相反地从中断中恢复时)。由于 DNS 缓存固有的延迟(默认情况下,缓存超时或联合服务 DNS 记录的 TTL 配置为3分钟，可以调整),在灾难性故障的情况下，所有客户端可能要花费很长时间才能完全故障转移到备用集群。但是，鉴于每个区域服务端点可以返回的离散 IP 地址数量(例如上面的 us-central1，它有三个替代方案),与给定的合适配置相比，许多客户端将在更少的时间内自动故障转移到其他 IP。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!-- ## Troubleshooting -->
+## 故障排除
+
+<!-- ### I cannot connect to my cluster federation API -->
+### 我无法连接到联合集群 API
+<!-- Check that your -->
+检查您的
+
+<!-- 1. Client (typically kubectl) is correctly configured (including API endpoints and login credentials).
+2. Cluster Federation API server is running and network-reachable. -->
+1. 客户端(通常是 kubectl)已正确配置(包括 API 端点和登录凭据)。
+2. 联合集群 API 服务器正在运行并且可以访问网络。
+
+<!-- See the [federation admin guide](/docs/admin/federation/) to learn
+how to bring up a cluster federation correctly (or have your cluster administrator do this for you), and how to correctly configure your client. -->
+请参阅 [联合集群管理员指南](/docs/admin/federation/)了解如何正确启动联邦集群(或让您的集群管理员为您执行此操作),以及如何正确配置客户端。
+
+<!-- ### I can create a federated service successfully against the cluster federation API, but no matching services are created in my underlying clusters -->
+### 我可以针对联合集群 API 成功创建联合服务,但是在我的基础集群中没有创建匹配的服务。
+<!-- Check that: -->
+检查:
+
+<!-- 1. Your clusters are correctly registered in the Cluster Federation API (`kubectl describe clusters`).
+2. Your clusters are all 'Active'. This means that the cluster Federation system was able to connect and authenticate against the clusters' endpoints. If not, consult the logs of the federation-controller-manager pod to ascertain what the failure might be. 
+      ```
+      kubectl --namespace=federation logs $(kubectl get pods --namespace=federation -l module=federation-controller-manager -o name)
+      ```
+3. That the login credentials provided to the Cluster Federation API for the clusters have the correct authorization and quota to create services in the relevant namespace in the clusters.  Again you should see associated error messages providing more detail in the above log file if this is not the case.
+4. Whether any other error is preventing the service creation operation from succeeding (look for `service-controller` errors in the output of `kubectl logs federation-controller-manager --namespace federation`). -->
+1. 您的集群已在联合集群 API 中正确注册(`kubectl describe clusters`)。
+2. 您的集群都是 "活跃的"。这意味着集群联合身份验证系统能够针对集群的端点进行连接和身份验证。如果不是，请查阅federation-controller-manager pod 的日志，以确定可能是什么故障。
+      ```
+      kubectl --namespace=federation logs $(kubectl get pods --namespace=federation -l module=federation-controller-manager -o name)
+      ```
+3. 集群提供给联合集群 API 的登录凭据具有正确的授权和配额，可以在集群的相关命名空间中创建服务。如果不是这种情况，您将再次在上述日志文件中看到相关的错误消息，以提供更多详细信息。
+4. 是否有其他错误阻止服务创建操作成功(请在 `kubectl logs federation-controller-manager --namespace federation` 的输出中查找 `service-controller` 错误)。
+
+<!-- ### I can create a federated service successfully, but no matching DNS records are created in my DNS provider.
+Check that: -->
+### 我可以成功创建联合服务，但是在我的 DNS 提供程序中没有创建匹配的 DNS 记录。
+检查:
+
+<!-- 1. Your federation name, DNS provider, DNS domain name are configured correctly.  Consult the [federation admin guide](/docs/admin/federation/) or  [tutorial](https://github.com/kelseyhightower/kubernetes-cluster-federation) to learn
+how to configure your Cluster Federation system's DNS provider (or have your cluster administrator do this for you).
+2. Confirm that the Cluster Federation's service-controller is successfully connecting to and authenticating against your selected DNS provider (look for `service-controller` errors or successes in the output of `kubectl logs federation-controller-manager --namespace federation`).
+3. Confirm that the Cluster Federation's service-controller is successfully creating DNS records in your DNS provider (or outputting errors in its logs explaining in more detail what's failing). -->
+1. 您的联邦集群名称，DNS 提供程序，DNS 域名已正确配置。请参阅 [联邦集群管理指南](/docs/admin/federation/)或者 [教程](https://github.com/kelseyhightower/kubernetes-cluster-federation)了解如何配置联合集群系统的 DNS 提供程序(或让您的集群管理员为您执行此操作)。
+2. 确认联合集群的服务控制器已成功连接到所选的 DNS 提供程序并对其进行身份验证(在 `kubectl logs federation-controller-manager --namespace federation` 的输出中查找 `service-controller` 错误或者成功)。
+3. 确认联合集群的服务控制器已在您的 DNS 提供程序中成功创建了 DNS 记录(或在其日志中输出错误，以更详细地解释失败原因)。
+
+<!-- ### Matching DNS records are created in my DNS provider, but clients are unable to resolve against those names
+Check that: -->
+### 在我的 DNS 提供程序中创建了匹配的 DNS 记录，但是客户端无法根据这些名称进行解析
+检查:
+
+<!-- 1. The DNS registrar that manages your federation DNS domain has been correctly configured to point to your configured DNS provider's nameservers.  See for example [Google Domains Documentation](https://support.google.com/domains/answer/3290309?hl=en&ref_topic=3251230) and [Google Cloud DNS Documentation](https://cloud.google.com/dns/update-name-servers), or equivalent guidance from your domain registrar and DNS provider. -->
+1. 已正确配置用于管理联合 DNS 域名的 DNS 注册器，使其指向已配置的 DNS 提供程序的名称服务器。例如，请参见 [Google Domains 文档](https://support.google.com/domains/answer/3290309?hl=en&ref_topic=3251230)与 [Google Cloud DNS 文档](https://cloud.google.com/dns/update-name-servers),或者域名注册商和 DNS 提供商的等效指南。
+
+<!-- ### This troubleshooting guide did not help me solve my problem -->
+### 此疑难解答指南没有帮助我解决问题
+
+<!-- 1. Please use one of our [support channels](/docs/tasks/debug-application-cluster/troubleshooting/) to seek assistance. -->
+1. 请使用我们的 [支持渠道](/docs/tasks/debug-application-cluster/troubleshooting/)寻求帮助。
+
+<!-- ## For more information -->
+## 更多信息
+
+ <!-- * [Federation proposal](https://git.k8s.io/community/contributors/design-proposals/multicluster/federation.md) details use cases that motivated this work. -->
+ * [联合提议](https://git.k8s.io/community/contributors/design-proposals/multicluster/federation.md) 详细介绍了促进这项工作的用例。
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/federation/policy.rego b/content/zh/docs/tasks/federation/policy.rego
new file mode 100644
index 0000000000000..49827b6ae96e2
--- /dev/null
+++ b/content/zh/docs/tasks/federation/policy.rego
@@ -0,0 +1,74 @@
+# OPA supports a high-level declarative language named Rego for authoring and
+# enforcing policies. For more information on Rego, visit
+# http://openpolicyagent.org.
+
+# Rego policies are namespaced by the "package" directive.
+package kubernetes.placement
+
+# Imports provide aliases for data inside the policy engine. In this case, the
+# policy simply refers to "clusters" below.
+import data.kubernetes.clusters
+
+# The "annotations" rule generates a JSON object containing the key
+# "federation.kubernetes.io/replica-set-preferences" mapped to <preferences>.
+# The preferences values is generated dynamically by OPA when it evaluates the
+# rule.
+#
+# The SchedulingPolicy Admission Controller running inside the Federation API
+# server will merge these annotations into incoming Federated resources. By
+# setting replica-set-preferences, we can control the placement of Federated
+# ReplicaSets.
+#
+# Rules are defined to generate JSON values (booleans, strings, objects, etc.)
+# When OPA evaluates a rule, it generates a value IF all of the expressions in
+# the body evaluate successfully. All rules can be understood intuitively as
+# <head> if <body> where <body> is true if <expr-1> AND <expr-2> AND ...
+# <expr-N> is true (for some set of data.)
+annotations["federation.kubernetes.io/replica-set-preferences"] = preferences {
+    input.kind = "ReplicaSet"
+    value = {"clusters": cluster_map, "rebalance": true}
+    json.marshal(value, preferences)
+}
+
+# This "annotations" rule generates a value for the "federation.alpha.kubernetes.io/cluster-selector"
+# annotation.
+#
+# In English, the policy asserts that resources in the "production" namespace
+# that are not annotated with "criticality=low" MUST be placed on clusters
+# labelled with "on-premises=true".
+annotations["federation.alpha.kubernetes.io/cluster-selector"] = selector {
+    input.metadata.namespace = "production"
+    not input.metadata.annotations.criticality = "low"
+    json.marshal([{
+        "operator": "=",
+        "key": "on-premises",
+        "values": "[true]",
+    }], selector)
+}
+
+# Generates a set of cluster names that satisfy the incoming Federated
+# ReplicaSet's requirements. In this case, just PCI compliance.
+replica_set_clusters[cluster_name] {
+    clusters[cluster_name]
+    not insufficient_pci[cluster_name]
+}
+
+# Generates a set of clusters that must not be used for Federated ReplicaSets
+# that request PCI compliance.
+insufficient_pci[cluster_name] {
+    clusters[cluster_name]
+    input.metadata.annotations["requires-pci"] = "true"
+    not pci_clusters[cluster_name]
+}
+
+# Generates a set of clusters that are PCI certified. In this case, we assume
+# clusters are annotated to indicate if they have passed PCI compliance audits.
+pci_clusters[cluster_name] {
+    clusters[cluster_name].metadata.annotations["pci-certified"] = "true"
+}
+
+# Helper rule to generate a mapping of desired clusters to weights. In this
+# case, weights are static.
+cluster_map[cluster_name] = {"weight": 1} {
+    replica_set_clusters[cluster_name]
+}
diff --git a/content/zh/docs/tasks/federation/set-up-coredns-provider-federation.md b/content/zh/docs/tasks/federation/set-up-coredns-provider-federation.md
new file mode 100644
index 0000000000000..03508536a5c9c
--- /dev/null
+++ b/content/zh/docs/tasks/federation/set-up-coredns-provider-federation.md
@@ -0,0 +1,252 @@
+---
+title: 将 CoreDNS 设置为联邦集群的 DNS 提供者
+content_template: templates/tutorial
+weight: 130
+---
+
+<!--
+---
+title: Set up CoreDNS as DNS provider for Cluster Federation
+content_template: templates/tutorial
+weight: 130
+---
+-->
+
+{{% capture overview %}}
+
+{{< deprecationfilewarning >}}
+{{< include "federation-deprecation-warning-note.md" >}}
+{{< /deprecationfilewarning >}}
+
+<!--
+This page shows how to configure and deploy CoreDNS to be used as the
+DNS provider for Cluster Federation.
+-->
+此页面显示如何配置和部署 CoreDNS，将其用作联邦集群的 DNS 提供者
+
+{{% /capture %}}
+
+
+{{% capture objectives %}}
+
+<!--
+* Configure and deploy CoreDNS server
+* Bring up federation with CoreDNS as dns provider
+* Setup CoreDNS server in nameserver lookup chain
+-->
+
+* 配置和部署 CoreDNS 服务器
+* 使用 CoreDNS 作为 dns 提供者设置联邦
+* 在 nameserver 查找链中设置 CoreDNS 服务器
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+<!--
+* You need to have a running Kubernetes cluster (which is
+referenced as host cluster). Please see one of the
+[getting started](/docs/setup/) guides for
+installation instructions for your platform.
+* Support for `LoadBalancer` services in member clusters of federation is
+mandatory to enable `CoreDNS` for service discovery across federated clusters.
+-->
+
+* 你需要有一个正在运行的 Kubernetes 集群（作为主机集群引用）。请参阅[入门指南](/docs/setup/)，了解平台的安装说明。
+* 必须在联邦的集群成员中支持 `LoadBalancer` 服务，用来支持跨联邦集群的 `CoreDNS` 服务发现。
+
+{{% /capture %}}
+
+
+{{% capture lessoncontent %}}
+
+<!--
+## Deploying CoreDNS and etcd charts
+-->
+
+## 部署 CoreDNS 和 etcd 图表
+
+<!--
+CoreDNS can be deployed in various configurations. Explained below is a
+reference and can be tweaked to suit the needs of the platform and the
+cluster federation.
+-->
+CoreDNS 可以部署在各种配置中。下面解释的是一个参考，可以根据平台和联邦集群的需要进行调整。
+
+<!--
+To deploy CoreDNS, we shall make use of helm charts. CoreDNS will be
+deployed with [etcd](https://coreos.com/etcd) as the backend and should
+be pre-installed. etcd can also be deployed using helm charts. Shown
+below are the instructions to deploy etcd.
+--->
+为了部署 CoreDNS，我们将利用图表。
+CoreDNS 将部署 [etcd](https://coreos.com/etcd) 作为后端，并且应该预先安装。etcd 也可以使用图表进行部署。下面显示了部署 etcd 的说明。
+
+    helm install --namespace my-namespace --name etcd-operator stable/etcd-operator
+    helm upgrade --namespace my-namespace --set cluster.enabled=true etcd-operator stable/etcd-operator
+
+<!--
+*Note: etcd default deployment configurations can be overridden, suiting the
+host cluster.*
+-->
+*注意：etcd 默认部署配置可以被覆盖，适合主机集群。*
+
+<!--
+After deployment succeeds, etcd can be accessed with the
+[http://etcd-cluster.my-namespace:2379](http://etcd-cluster.my-namespace:2379) endpoint within the host cluster.
+-->
+部署成功后，可以使用主机集群中的 [http://etcd-cluster.my-namespace:2379](http://etcd-cluster.my-namespace:2379) 端点访问 etcd。
+
+<!--
+The CoreDNS default configuration should be customized to suit the federation.
+Shown below is the Values.yaml, which overrides the default
+configuration parameters on the CoreDNS chart.
+-->
+应该定制 CoreDNS 默认配置适应联邦。
+下面显示的是 Values.yaml，它覆盖了 CoreDNS 图表上的默认配置参数。
+
+```yaml
+isClusterService: false
+serviceType: "LoadBalancer"
+plugins:
+  kubernetes:
+    enabled: false
+  etcd:
+    enabled: true
+    zones:
+    - "example.com."
+    endpoint: "http://etcd-cluster.my-namespace:2379"
+```
+
+<!--
+The above configuration file needs some explanation:
+-->
+以上配置文件需要说明：
+
+<!--
+ - `isClusterService` specifies whether CoreDNS should be deployed as a
+cluster-service, which is the default. You need to set it to false, so
+that CoreDNS is deployed as a Kubernetes application service.
+ - `serviceType` specifies the type of Kubernetes service to be created
+for CoreDNS. You need to choose either "LoadBalancer" or "NodePort" to
+make the CoreDNS service accessible outside the Kubernetes cluster.
+ - Disable `plugins.kubernetes`, which is enabled by default by
+setting `plugins.kubernetes.enabled` to false.
+ - Enable `plugins.etcd` by setting `plugins.etcd.enabled` to
+true.
+ - Configure the DNS zone (federation domain) for which CoreDNS is
+authoritative by setting `plugins.etcd.zones` as shown above.
+ - Configure the etcd endpoint which was deployed earlier by setting
+`plugins.etcd.endpoint`
+-->
+ - `isClusterService` 指定是否应该将 CoreDNS 部署为集群服务，这是默认值。
+你需要将其设置为 false，以便将 CoreDNS 部署为 Kubernetes 应用程序服务。
+ - `serviceType` 指定为核心用户创建的 Kubernetes 服务的类型。
+你需要选择 `LoadBalancer` 或 `NodePort`，以便在 Kubernetes 集群之外访问 CoreDNS 服务。
+ - 禁用 `plugins.kubernetes`，默认情况下通过设置 `plugins.kubernetes.enabled` 为 false。
+ - 启用 `plugins.etcd`，通过设置 `plugins.etcd.enabled` 为 true。 
+ - 通过设置 `plugins.etcd.zones` 来配置 CoreDNS 具有权威性的 DNS 域（联邦域）。如上所示。
+ - 通过设置 `plugins.etcd.endpoint` 来配置早期部署的 etcd 端点
+ 
+<!-- 
+Now deploy CoreDNS by running
+
+    helm install --namespace my-namespace --name coredns -f Values.yaml stable/coredns
+
+Verify that both etcd and CoreDNS pods are running as expected.
+-->
+现在部署 CoreDNS 来运行
+
+    helm install --namespace my-namespace --name coredns -f Values.yaml stable/coredns
+
+验证 etcd 和 CoreDNS，pod 都按预期运行。
+
+<!--
+## Deploying Federation with CoreDNS as DNS provider
+-->
+
+## 使用 CoreDNS 作为 DNS 提供者部署联邦
+
+<!--
+The Federation control plane can be deployed using `kubefed init`. CoreDNS
+can be chosen as the DNS provider by specifying two additional parameters.
+-->
+可以使用 `kubefed init` 部署联邦控制平面。通过指定两个附加参数，可以选择 CoreDNS 作为 DNS 提供者。
+
+    --dns-provider=coredns
+    --dns-provider-config=coredns-provider.conf
+
+<!--
+coredns-provider.conf has below format:
+-->
+coredns-provider.conf 的格式如下：
+
+    [Global]
+    etcd-endpoints = http://etcd-cluster.my-namespace:2379
+    zones = example.com.
+    coredns-endpoints = <coredns-server-ip>:<port>
+
+<!--
+ - `etcd-endpoints` is the endpoint to access etcd.
+ - `zones` is the federation domain for which CoreDNS is authoritative and is same as --dns-zone-name flag of `kubefed init`.
+ - `coredns-endpoints` is the endpoint to access CoreDNS server. This is an optional parameter introduced from v1.7 onwards.
+-->
+
+ - `etcd-endpoints` 是访问 etcd 的端点。
+ - `zones` 是 CoreDNS 具有权威性的联邦域，它与 `kubefed init` 的 --dns-zone-name 参数相同。
+ - `coredns-endpoints` 是访问 CoreDNS 服务器的端点。这是从 v1.7 开始引入的一个可选参数。
+
+{{< note >}}
+<!--
+`plugins.etcd.zones` in the CoreDNS configuration and the `--dns-zone-name` flag to `kubefed init` should match.
+-->
+CoreDNS 配置中的 `plugins.etcd.zones` 和 `kubefed init` 的 `--dns-zone-name` 参数应该匹配。 
+{{< /note >}}
+
+<!--
+## Setup CoreDNS server in nameserver resolv.conf chain
+-->
+
+## 在 nameserver resolv.conf 链中设置 CoreDNS 服务器
+
+{{< note >}}
+<!--
+The following section applies only to versions prior to v1.7
+and will be automatically taken care of if the `coredns-endpoints`
+parameter is configured in `coredns-provider.conf` as described in
+section above.
+-->
+下面的部分只适用于 v1.7 之前的版本，如果 `coredns-endpoint` 参数是
+在 `coredns-provider.conf` 中配置的，就会自动处理。
+
+{{< /note >}}
+
+<!--
+Once the federation control plane is deployed and federated clusters
+are joined to the federation, you need to add the CoreDNS server to the
+pod's nameserver resolv.conf chain in all the federated clusters as this
+self hosted CoreDNS server is not discoverable publicly. This can be
+achieved by adding the below line to `dnsmasq` container's arg in
+`kube-dns` deployment.
+-->
+一旦部署了联邦控制平面并将联邦集群连接到联邦，
+你需要将 CoreDNS 服务器添加到所有联邦集群中 pod 的 nameserver resolv.conf 链，因为这个自托管的 CoreDNS 服务器是不可公开发现的。
+这可以通过在 `kube-dns` 部署中将下面的行添加到 `dnsmasq` 容器的参数中来实现。
+
+
+    --server=/example.com./<CoreDNS endpoint>
+
+<!--
+Replace `example.com` above with federation domain.
+-->
+将上面的 `example.com` 替换为联邦域。
+
+<!--
+Now the federated cluster is ready for cross-cluster service discovery!
+-->
+现在联邦集群已经为跨集群服务发现做好了准备！
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/federation/set-up-placement-policies-federation.md b/content/zh/docs/tasks/federation/set-up-placement-policies-federation.md
new file mode 100644
index 0000000000000..e113b82622ebd
--- /dev/null
+++ b/content/zh/docs/tasks/federation/set-up-placement-policies-federation.md
@@ -0,0 +1,255 @@
+---
+title: 在联邦中设置放置策略
+content_template: templates/task
+---
+
+<!--
+title: Set up placement policies in Federation
+content_template: templates/task
+-->
+
+{{% capture overview %}}
+
+{{< note >}}
+{{< include "federation-current-state.md" >}}
+{{< /note >}}
+
+<!--
+This page shows how to enforce policy-based placement decisions over Federated
+resources using an external policy engine.
+-->
+此页面显示如何使用外部策略引擎对联邦资源强制执行基于策略的放置决策。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+You need to have a running Kubernetes cluster (which is referenced as host
+cluster). Please see one of the [getting started](/docs/setup/)
+guides for installation instructions for your platform.
+-->
+您需要一个正在运行的 Kubernetes 集群(它被引用为主机集群)。有关您的平台的安装说明，请参阅[入门](/docs/setup/)指南。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Deploying Federation and configuring an external policy engine
+-->
+## Deploying 联邦并配置外部策略引擎
+
+<!--
+The Federation control plane can be deployed using `kubefed init`.
+-->
+可以使用 `kubefed init` 部署联邦控制平面。
+
+<!--
+After deploying the Federation control plane, you must configure an Admission
+Controller in the Federation API server that enforces placement decisions
+received from the external policy engine.
+-->
+Deploying 联邦控制平面之后，必须在联邦 API 服务器中配置一个准入控制器，该控制器强制执行从外部策略引擎接收到的放置决策。
+
+
+    kubectl create -f scheduling-policy-admission.yaml
+
+<!--
+Shown below is an example ConfigMap for the Admission Controller:
+-->
+下图是准入控制器的 ConfigMap 示例：
+
+{{< codenew file="federation/scheduling-policy-admission.yaml" >}}
+
+<!--
+The ConfigMap contains three files:
+-->
+ConfigMap 包含三个文件：
+
+<!--
+* `config.yml` specifies the location of the `SchedulingPolicy` Admission
+  Controller config file.
+* `scheduling-policy-config.yml` specifies the location of the kubeconfig file
+  required to contact the external policy engine. This file can also include a
+  `retryBackoff` value that controls the initial retry backoff delay in
+  milliseconds.
+* `opa-kubeconfig` is a standard kubeconfig containing the URL and credentials
+  needed to contact the external policy engine.
+-->
+* `config.yml` 指定 `调度策略` 准入控制器配置文件的位置。
+* `scheduling-policy-config.yml` 指定与外部策略引擎联系所需的 kubeconfig 文件的位置。
+该文件还可以包含一个 `retryBackoff` 值，该值以毫秒为单位控制初始重试 backoff 延迟。
+* `opa-kubeconfig` 是一个标准的 kubeconfig，包含联系外部策略引擎所需的 URL 和凭证。
+
+<!--
+Edit the Federation API server deployment to enable the `SchedulingPolicy`
+Admission Controller.
+-->
+编辑联邦 API 服务器部署以启用 `SchedulingPolicy` 准入控制器。
+
+	kubectl -n federation-system edit deployment federation-apiserver
+
+<!--
+Update the Federation API server command line arguments to enable the Admission
+Controller and mount the ConfigMap into the container. If there's an existing
+`--enable-admission-plugins` flag, append `,SchedulingPolicy` instead of adding
+another line.
+-->
+更新 Federation API 服务器命令行参数以启用准入控制器，
+并将 ConfigMap 挂载到容器中。如果存在现有的 `-enable-admissionplugins` 参数，则追加 `SchedulingPolicy` 而不是添加另一行。
+
+
+    --enable-admission-plugins=SchedulingPolicy
+    --admission-control-config-file=/etc/kubernetes/admission/config.yml
+
+<!--
+Add the following volume to the Federation API server pod:
+-->
+将以下卷添加到联邦 API 服务器 pod：
+
+    - name: admission-config
+      configMap:
+        name: admission
+
+<!--
+Add the following volume mount the Federation API server `apiserver` container:
+-->
+添加以下卷挂载联邦 API 服务器的 `apiserver` 容器：
+
+    volumeMounts:
+    - name: admission-config
+      mountPath: /etc/kubernetes/admission
+
+<!--
+## Deploying an external policy engine
+-->
+
+## Deploying 外部策略引擎
+
+<!--
+The [Open Policy Agent (OPA)](http://openpolicyagent.org) is an open source,
+general-purpose policy engine that you can use to enforce policy-based placement
+decisions in the Federation control plane.
+-->
+[Open Policy Agent (OPA)](http://openpolicyagent.org) 是一个开源的通用策略引擎，
+您可以使用它在联邦控制平面中执行基于策略的放置决策。
+
+<!--
+Create a Service in the host cluster to contact the external policy engine:
+-->
+在主机群集中创建服务以联系外部策略引擎：
+
+    kubectl create -f policy-engine-service.yaml
+
+<!--
+Shown below is an example Service for OPA.
+-->
+下面显示的是 OPA 的示例服务。
+
+{{< codenew file="federation/policy-engine-service.yaml" >}}
+
+<!--
+Create a Deployment in the host cluster with the Federation control plane:
+-->
+使用联邦控制平面在主机群集中创建部署：
+
+    kubectl create -f policy-engine-deployment.yaml
+
+<!--
+Shown below is an example Deployment for OPA.
+-->
+下面显示的是 OPA 的部署示例。
+
+{{< codenew file="federation/policy-engine-deployment.yaml" >}}
+
+<!--
+## Configuring placement policies via ConfigMaps
+-->
+
+## 通过 ConfigMaps 配置放置策略
+
+<!--
+The external policy engine will discover placement policies created in the
+`kube-federation-scheduling-policy` namespace in the Federation API server.
+-->
+外部策略引擎将发现在 Federation API 服务器的 `kube-federation-scheduling-policy` 
+命名空间中创建的放置策略。
+
+<!--
+Create the namespace if it does not already exist:
+-->
+如果命名空间尚不存在，请创建它：
+
+    kubectl --context=federation create namespace kube-federation-scheduling-policy
+
+<!--
+Configure a sample policy to test the external policy engine:
+-->
+配置一个示例策略来测试外部策略引擎:
+
+{{< code file="policy.rego" >}}
+
+<!--
+Shown below is the command to create the sample policy:
+-->
+下面显示的是创建示例策略的命令：
+
+    kubectl --context=federation -n kube-federation-scheduling-policy create configmap scheduling-policy --from-file=policy.rego
+
+<!--
+This sample policy illustrates a few key ideas:
+-->
+这个示例策略说明了一些关键思想：
+
+<!--
+* Placement policies can refer to any field in Federated resources.
+* Placement policies can leverage external context (for example, Cluster
+  metadata) to make decisions.
+* Administrative policy can be managed centrally.
+* Policies can define simple interfaces (such as the `requires-pci` annotation) to
+  avoid duplicating logic in manifests.
+-->
+
+* 位置策略可以引用联邦资源中的任何字段。
+* 放置策略可以利用外部上下文(例如，集群元数据)来做出决策。
+* 管理策略可以集中管理。
+* 策略可以定义简单的接口(例如 `requirements -pci` 注解)，以避免在清单中重复逻辑。
+
+<!--
+## Testing placement policies
+-->
+
+## 测试放置政策
+
+<!--
+Annotate one of the clusters to indicate that it is PCI certified.
+-->
+注释其中一个集群以表明它是经过 PCI 认证的。
+
+    kubectl --context=federation annotate clusters cluster-name-1 pci-certified=true
+
+<!--
+Deploy a Federated ReplicaSet to test the placement policy.
+-->
+部署联邦副本来测试放置策略。
+
+{{< codenew file="federation/replicaset-example-policy.yaml" >}}
+
+<!--
+Shown below is the command to deploy a ReplicaSet that *does* match the policy.
+-->
+下面显示的命令用于部署与策略匹配的副本集。
+
+    kubectl --context=federation create -f replicaset-example-policy.yaml
+
+<!--
+Inspect the ReplicaSet to confirm the appropriate annotations have been applied:
+-->
+检查副本集以确认已应用适当的注解：
+
+    kubectl --context=federation get rs nginx-pci -o jsonpath='{.metadata.annotations}'
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/inject-data-application/_index.md b/content/zh/docs/tasks/inject-data-application/_index.md
index c979d4d97f6aa..7cf635bc76f6f 100644
--- a/content/zh/docs/tasks/inject-data-application/_index.md
+++ b/content/zh/docs/tasks/inject-data-application/_index.md
@@ -1,13 +1,15 @@
-<!--
 ---
-title: "Inject Data Into Applications"
+title: "给应用注入数据"
 weight: 30
 ---
--->
 
+<!--
 ---
-title: "给应用注入数据"
+title: "Inject Data Into Applications"
 weight: 30
 ---
+-->
+
+
 
 
diff --git a/content/zh/docs/tasks/inject-data-application/define-environment-variable-container.md b/content/zh/docs/tasks/inject-data-application/define-environment-variable-container.md
index 8823041a0919f..f9d5376fa13d9 100644
--- a/content/zh/docs/tasks/inject-data-application/define-environment-variable-container.md
+++ b/content/zh/docs/tasks/inject-data-application/define-environment-variable-container.md
@@ -33,22 +33,22 @@ content_template: templates/task
     ```shell
     kubectl create -f https://k8s.io/docs/tasks/inject-data-application/envars.yaml
     ```
-
+       
 1. 获取一下当前正在运行的Pods信息:
 
     ```shell
     kubectl get pods -l purpose=demonstrate-envars
     ```
-
+       
     查询结果应为:
-
-    ```log
+    
+    ```shell
     NAME            READY     STATUS    RESTARTS   AGE
     envar-demo      1/1       Running   0          9s
     ```
-
+      
 1. 进入该Pod下的容器并打开一个命令终端:
-
+    
     ```shell
     kubectl exec -it envar-demo -- /bin/bash
     ```
@@ -58,17 +58,17 @@ content_template: templates/task
     ```shell
     root@envar-demo:/# printenv
     ```
-
+    
     打印结果应为:
-
-    ```log
+    
+    ```shell
     NODE_VERSION=4.4.2
     EXAMPLE_SERVICE_PORT_8080_TCP_ADDR=10.3.245.237
     HOSTNAME=envar-demo
     ...
     DEMO_GREETING=Hello from the environment
     ```
-
+        
 1. 通过键入`exit`退出命令终端。
 
 {{% /capture %}}
diff --git a/content/zh/docs/tasks/job/_index.md b/content/zh/docs/tasks/job/_index.md
index 92bcf81909031..06c6528ac686c 100644
--- a/content/zh/docs/tasks/job/_index.md
+++ b/content/zh/docs/tasks/job/_index.md
@@ -1,12 +1,11 @@
-<!--
 ---
-title: "Run Jobs"
+title: "运行 Jobs"
 weight: 50
 ---
--->
 
+<!--
 ---
-title: "运行任务"
+title: "Run Jobs"
 weight: 50
 ---
-
+-->
diff --git a/content/zh/docs/tasks/job/coarse-parallel-processing-work-queue.md b/content/zh/docs/tasks/job/coarse-parallel-processing-work-queue.md
new file mode 100644
index 0000000000000..6b9913392eb25
--- /dev/null
+++ b/content/zh/docs/tasks/job/coarse-parallel-processing-work-queue.md
@@ -0,0 +1,504 @@
+---
+title: 使用工作队列进行粗粒度并行处理
+content_template: templates/task
+weight: 30
+---
+
+<!--
+---
+title: Coarse Parallel Processing Using a Work Queue
+content_template: templates/task
+weight: 30
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+In this example, we will run a Kubernetes Job with multiple parallel
+worker processes.
+
+In this example, as each pod is created, it picks up one unit of work
+from a task queue, completes it, deletes it from the queue, and exits.
+
+Here is an overview of the steps in this example:
+
+1. **Start a message queue service.**  In this example, we use RabbitMQ, but you could use another
+  one.  In practice you would set up a message queue service once and reuse it for many jobs.
+1. **Create a queue, and fill it with messages.**  Each message represents one task to be done.  In
+  this example, a message is just an integer that we will do a lengthy computation on.
+1. **Start a Job that works on tasks from the queue**.  The Job starts several pods.  Each pod takes
+  one task from the message queue, processes it, and repeats until the end of the queue is reached.
+-->
+
+本例中，我们会运行包含多个并行工作进程的 Kubernetes Job。
+
+本例中，每个 Pod 一旦被创建，会立即从任务队列中取走一个工作单元并完成它，然后将工作单元从队列中删除后再退出。
+
+下面是本次示例的主要步骤：
+
+1. **启动一个消息队列服务**  本例中，我们使用 RabbitMQ，你也可以用其他的消息队列服务。在实际工作环境中，你可以创建一次消息队列服务然后在多个任务中重复使用。
+
+1. **创建一个队列，放上消息数据**  每个消息表示一个要执行的任务。本例中，每个消息是一个整数值。我们将基于这个整数值执行很长的计算操作。
+
+1. **启动一个在队列中执行这些任务的 Job**。该 Job 启动多个 Pod。每个 Pod 从消息队列中取走一个任务，处理它，然后重复执行，直到队列的队尾。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+<!--
+Be familiar with the basic,
+non-parallel, use of [Job](/docs/concepts/jobs/run-to-completion-finite-workloads/).
+-->
+
+要熟悉 Job 基本用法（非并行的），请参考 [Job](/docs/concepts/jobs/run-to-completion-finite-workloads/)。
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Starting a message queue service
+
+This example uses RabbitMQ, but it should be easy to adapt to another AMQP-type message service.
+
+In practice you could set up a message queue service once in a
+cluster and reuse it for many jobs, as well as for long-running services.
+
+Start RabbitMQ as follows:
+-->
+
+## 启动消息队列服务
+
+本例使用了 RabbitMQ，使用其他 AMQP 类型的消息服务应该比较容易。
+
+在实际工作中，在集群中一次性部署某个消息队列服务，之后在很多 Job 中复用，包括需要长期运行的服务。
+
+按下面的方法启动 RabbitMQ：
+
+```shell
+$ kubectl create -f examples/celery-rabbitmq/rabbitmq-service.yaml
+service "rabbitmq-service" created
+$ kubectl create -f examples/celery-rabbitmq/rabbitmq-controller.yaml
+replicationcontroller "rabbitmq-controller" created
+```
+
+<!--
+We will only use the rabbitmq part from the [celery-rabbitmq example](https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/celery-rabbitmq).
+-->
+
+我们仅用到 [celery-rabbitmq 示例](https://github.com/kubernetes/kubernetes/tree/release-1.3/examples/celery-rabbitmq) 中描述的部分功能。
+
+<!--
+## Testing the message queue service
+
+Now, we can experiment with accessing the message queue.  We will
+create a temporary interactive pod, install some tools on it,
+and experiment with queues.
+
+First create a temporary interactive Pod.
+-->
+
+## 测试消息队列服务
+
+现在，我们可以试着访问消息队列。我们将会创建一个临时的可交互的 Pod，在它上面安装一些工具，然后用队列做实验。
+
+首先创建一个临时的可交互的 Pod：
+
+```shell
+# 创建一个临时的可交互的 Pod
+$ kubectl run -i --tty temp --image ubuntu:14.04
+Waiting for pod default/temp-loe07 to be running, status is Pending, pod ready: false
+... [ previous line repeats several times .. hit return when it stops ] ...
+```
+
+<!--
+Note that your pod name and command prompt will be different.
+
+Next install the `amqp-tools` so we can work with message queues.
+-->
+
+请注意你的 Pod 名称和命令提示符将会不同。
+
+接下来安装 `amqp-tools` ，这样我们就能用消息队列了。
+
+```shell
+# 安装一些工具
+root@temp-loe07:/# apt-get update
+.... [ lots of output ] ....
+root@temp-loe07:/# apt-get install -y curl ca-certificates amqp-tools python dnsutils
+.... [ lots of output ] ....
+```
+
+<!--
+Later, we will make a docker image that includes these packages.
+
+Next, we will check that we can discover the rabbitmq service:
+-->
+
+后续，我们将制作一个包含这些包的 Docker 镜像。
+
+接着，我们将要验证我们发现 RabbitMQ 服务：
+
+<!--
+# Note the rabbitmq-service has a DNS name, provided by Kubernetes:
+-->
+<!--
+# Your address will vary.
+-->
+
+```
+# 请注意 rabbitmq-service 有Kubernetes 提供的 DNS 名称，
+
+root@temp-loe07:/# nslookup rabbitmq-service
+Server:        10.0.0.10
+Address:    10.0.0.10#53
+
+Name:    rabbitmq-service.default.svc.cluster.local
+Address: 10.0.147.152
+
+# 你的 IP 地址将会发生变化。
+```
+
+<!--
+If Kube-DNS is not setup correctly, the previous step may not work for you.
+You can also find the service IP in an env var:
+-->
+
+如果 Kube-DNS 没有正确安装，上一步可能会出错。
+你也可以在环境变量中找到服务 IP。
+
+<!--
+# Your address will vary.
+-->
+
+```
+# env | grep RABBIT | grep HOST
+RABBITMQ_SERVICE_SERVICE_HOST=10.0.147.152
+
+# 你的 IP 地址将会发生变化。
+```
+
+<!--
+Next we will verify we can create a queue, and publish and consume messages.
+-->
+
+接着我们将要确认可以创建队列，并能发布消息和消费消息。
+
+<!--
+# In the next line, rabbitmq-service is the hostname where the rabbitmq-service
+# can be reached.  5672 is the standard port for rabbitmq.
+-->
+<!--
+# If you could not resolve "rabbitmq-service" in the previous step,
+# then use this command instead:
+# root@temp-loe07:/# BROKER_URL=amqp://guest:guest@$RABBITMQ_SERVICE_SERVICE_HOST:5672
+
+# Now create a queue:
+
+-->
+<!-- 
+# and publish a message to it:
+-->
+<!--
+# and get it back.
+-->
+
+
+```shell
+# 下一行，rabbitmq-service 是访问 rabbitmq-service 的主机名。5672是 rabbitmq 的标准端口。
+
+root@temp-loe07:/# export BROKER_URL=amqp://guest:guest@rabbitmq-service:5672
+
+# 如果上一步中你不能解析 "rabbitmq-service"，可以用下面的命令替换：
+# root@temp-loe07:/# BROKER_URL=amqp://guest:guest@$RABBITMQ_SERVICE_SERVICE_HOST:5672
+
+# 现在创建队列：
+
+root@temp-loe07:/# /usr/bin/amqp-declare-queue --url=$BROKER_URL -q foo -d foo
+
+# 向它推送一条消息:
+
+root@temp-loe07:/# /usr/bin/amqp-publish --url=$BROKER_URL -r foo -p -b Hello
+
+# 然后取回它.
+
+root@temp-loe07:/# /usr/bin/amqp-consume --url=$BROKER_URL -q foo -c 1 cat && echo
+Hello
+root@temp-loe07:/#
+```
+<!--
+In the last command, the `amqp-consume` tool takes one message (`-c 1`)
+from the queue, and passes that message to the standard input of an arbitrary command.  In this case, the program `cat` is just printing
+out what it gets on the standard input, and the echo is just to add a carriage
+return so the example is readable.
+-->
+
+最后一个命令中， `amqp-consume` 工具从队列中取走了一个消息，并把该消息传递给了随机命令的标准输出。在这种情况下，`cat` 只会打印它从标准输入或得的内容，echo 只会添加回车符以便示例可读。
+
+<!--
+## Filling the Queue with tasks
+
+Now lets fill the queue with some "tasks".  In our example, our tasks are just strings to be
+printed.
+
+In a practice, the content of the messages might be:
+
+- names of files to that need to be processed
+- extra flags to the program
+- ranges of keys in a database table
+- configuration parameters to a simulation
+- frame numbers of a scene to be rendered
+-->
+
+## 为队列增加任务
+
+现在让我们给队列增加一些任务。在我们的示例中，任务是多个待打印的字符串。
+
+实践中，消息的内容可以是：
+
+- 待处理的文件名
+- 程序额外的参数
+- 数据库表的关键字范围
+- 模拟任务的配置参数
+- 待渲染的场景的帧序列号
+
+<!--
+In practice, if there is large data that is needed in a read-only mode by all pods
+of the Job, you will typically put that in a shared file system like NFS and mount
+that readonly on all the pods, or the program in the pod will natively read data from
+a cluster file system like HDFS.
+
+For our example, we will create the queue and fill it using the amqp command line tools.
+In practice, you might write a program to fill the queue using an amqp client library.
+-->
+
+本例中，如果有大量的数据需要被 Job 的所有 Pod 读取，典型的做法是把它们放在一个共享文件系统中，如NFS，并以只读的方式挂载到所有 Pod，或者 Pod 中的程序从类似 HDFS 的集群文件系统中读取。
+
+例如，我们创建队列并使用 amqp 命令行工具向队列中填充消息。实践中，你可以写个程序来利用 amqp 客户端库来填充这些队列。
+
+```shell
+$ /usr/bin/amqp-declare-queue --url=$BROKER_URL -q job1  -d job1
+$ for f in apple banana cherry date fig grape lemon melon 
+
+do
+  /usr/bin/amqp-publish --url=$BROKER_URL -r job1 -p -b $f
+done
+```
+
+<!--
+So, we filled the queue with 8 messages.
+
+## Create an Image
+
+Now we are ready to create an image that we will run as a job.
+
+We will use the `amqp-consume` utility to read the message
+from the queue and run our actual program.  Here is a very simple
+example program:
+-->
+
+这样，我们给队列中填充了8个消息。
+
+## 创建镜像
+
+现在我们可以创建一个做为 Job 来运行的镜像。
+
+我们将用 `amqp-consume` 来从队列中读取消息并实际运行我们的程序。这里给出一个非常简单的示例程序：
+
+{{< codenew language="python" file="application/job/rabbitmq/worker.py" >}}
+
+<!--
+Now, build an image.  If you are working in the source
+tree, then change directory to `examples/job/work-queue-1`.
+Otherwise, make a temporary directory, change to it,
+download the [Dockerfile](/examples/application/job/rabbitmq/Dockerfile),
+and [worker.py](/examples/application/job/rabbitmq/worker.py).  In either case,
+build the image with this command:
+-->
+
+现在，编译镜像。如果你在用源代码树，那么切换到目录 `examples/job/work-queue-1`。否则的话，创建一个临时目录，切换到这个目录。下载 [Dockerfile](/examples/application/job/rabbitmq/Dockerfile)，和 [worker.py](/examples/application/job/rabbitmq/worker.py)。无论哪种情况，都可以用下面的命令编译镜像
+
+```shell
+$ docker build -t job-wq-1 .
+```
+
+<!--
+For the [Docker Hub](https://hub.docker.com/), tag your app image with
+your username and push to the Hub with the below commands. Replace
+`<username>` with your Hub username.
+-->
+
+对于 [Docker Hub](https://hub.docker.com/), 给你的应用镜像打上标签，标签为你的用户名，然后用下面的命令推送到 Hub。用你的 Hub 用户名替换 `<username>`。 
+
+```shell
+docker tag job-wq-1 <username>/job-wq-1
+docker push <username>/job-wq-1
+```
+
+<!--
+If you are using [Google Container
+Registry](https://cloud.google.com/tools/container-registry/), tag
+your app image with your project ID, and push to GCR. Replace
+`<project>` with your project ID.
+-->
+
+如果你在用[谷歌容器仓库](https://cloud.google.com/tools/container-registry/)，用你的项目 ID 作为标签打到你的应用镜像上，然后推送到 GCR。用你的项目 ID 替换 `<project>`。
+
+```shell
+docker tag job-wq-1 gcr.io/<project>/job-wq-1
+gcloud docker -- push gcr.io/<project>/job-wq-1
+```
+
+<!--
+## Defining a Job
+
+Here is a job definition.  You'll need to make a copy of the Job and edit the
+image to match the name you used, and call it `./job.yaml`.
+-->
+
+## 定义 Job
+
+这里给出一个 Job 定义 yaml文件。你需要拷贝一份并编辑镜像以匹配你使用的名称，保存为 `./job.yaml`。
+
+{{< codenew file="application/job/rabbitmq/job.yaml" >}}
+
+<!--
+In this example, each pod works on one item from the queue and then exits.
+So, the completion count of the Job corresponds to the number of work items
+done.  So we set, `.spec.completions: 8` for the example, since we put 8 items in the queue.
+
+## Running the Job
+
+So, now run the Job:
+-->
+
+本例中，每个 Pod 使用队列中的一个消息然后退出。这样，Job 的完成计数就代表了完成的工作项的数量。本例中我们设置 `.spec.completions: 8`，因为我们放了8项内容在队列中。
+
+## 运行 Job
+
+现在我们运行 Job：
+
+```shell
+kubectl create -f ./job.yaml
+```
+
+<!--
+Now wait a bit, then check on the job.
+-->
+
+稍等片刻，然后检查 Job。
+
+```shell
+$ kubectl describe jobs/job-wq-1
+Name:             job-wq-1
+Namespace:        default
+Selector:         controller-uid=41d75705-92df-11e7-b85e-fa163ee3c11f
+Labels:           controller-uid=41d75705-92df-11e7-b85e-fa163ee3c11f
+                  job-name=job-wq-1
+Annotations:      <none>
+Parallelism:      2
+Completions:      8
+Start Time:       Wed, 06 Sep 2017 16:42:02 +0800
+Pods Statuses:    0 Running / 8 Succeeded / 0 Failed
+Pod Template:
+  Labels:       controller-uid=41d75705-92df-11e7-b85e-fa163ee3c11f
+                job-name=job-wq-1
+  Containers:
+   c:
+    Image:      gcr.io/causal-jigsaw-637/job-wq-1
+    Port:
+    Environment:
+      BROKER_URL:       amqp://guest:guest@rabbitmq-service:5672
+      QUEUE:            job1
+    Mounts:             <none>
+  Volumes:              <none>
+Events:
+  FirstSeen  LastSeen   Count    From    SubobjectPath    Type      Reason              Message
+  ─────────  ────────   ─────    ────    ─────────────    ──────    ──────              ───────
+  27s        27s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-hcobb
+  27s        27s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-weytj
+  27s        27s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-qaam5
+  27s        27s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-b67sr
+  26s        26s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-xe5hj
+  15s        15s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-w2zqe
+  14s        14s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-d6ppa
+  14s        14s        1        {job }                   Normal    SuccessfulCreate    Created pod: job-wq-1-p17e0
+```
+
+<!--
+All our pods succeeded.  Yay.
+-->
+
+我们所有的 Pod 都成功了。耶！
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Alternatives
+
+This approach has the advantage that you
+do not need to modify your "worker" program to be aware that there is a work queue.
+
+It does require that you run a message queue service.
+If running a queue service is inconvenient, you may
+want to consider one of the other [job patterns](/docs/concepts/jobs/run-to-completion-finite-workloads/#job-patterns).
+-->
+
+## 替代方案
+
+本文所讲述的处理方法的好处是你不需要修改你的 "worker" 程序使其知道工作队列的存在。
+
+ 本文所描述的方法需要你运行一个消息队列服务。如果不方便运行消息队列服务，你也许会考虑另外一种[任务模式](/docs/concepts/jobs/run-to-completion-finite-workloads/#job-patterns)。
+
+<!--
+This approach creates a pod for every work item.  If your work items only take a few seconds,
+though, creating a Pod for every work item may add a lot of overhead.  Consider another
+[example](/docs/tasks/job/fine-parallel-processing-work-queue/), that executes multiple work items per Pod.
+
+In this example, we used use the `amqp-consume` utility to read the message
+from the queue and run our actual program.  This has the advantage that you
+do not need to modify your program to be aware of the queue.
+A [different example](/docs/tasks/job/fine-parallel-processing-work-queue/), shows how to
+communicate with the work queue using a client library.
+-->
+
+本文所述的方法为每个工作项创建了一个 Pod。如果你的工作项仅需数秒钟，为每个工作项创建 Pod会增加很多的常规消耗。可以考虑另外的方案请参考[示例](/docs/tasks/job/fine-parallel-processing-work-queue/)，这种方案可以实现每个 Pod 执行多个工作项。
+
+示例中，我们使用 `amqp-consume` 从消息队列读取消息并执行我们真正的程序。这样的好处是你不需要修改你的程序使其知道队列的存在。要了解怎样使用客户端库和工作队列通信，请参考[不同的示例](/docs/tasks/job/fine-parallel-processing-work-queue/)。
+
+<!--
+## Caveats
+
+If the number of completions is set to less than the number of items in the queue, then
+not all items will be processed.
+
+If the number of completions is set to more than the number of items in the queue,
+then the Job will not appear to be completed, even though all items in the queue
+have been processed.  It will start additional pods which will block waiting
+for a message.
+
+There is an unlikely race with this pattern.  If the container is killed in between the time
+that the message is acknowledged by the amqp-consume command and the time that the container
+exits with success, or if the node crashes before the kubelet is able to post the success of the pod
+back to the api-server, then the Job will not appear to be complete, even though all items
+in the queue have been processed.
+-->
+
+## 友情提醒
+
+如果设置的完成数量小于队列中的消息数量，会导致一部分消息项不会被执行。
+
+如果设置的完成数量大于队列中的消息数量，当队列中所有的消息都处理完成后，Job 也会显示为未完成。Job 将创建 Pod 并阻塞等待消息输入。
+
+当发生下面两种情况时，即使队列中所有的消息都处理完了，Job 也不会显示为完成状态：
+* 在 amqp-consume 命令拿到消息和容器成功退出之间的时间段内，执行杀死容器操作；
+* 在 kubelet 向 api-server 传回 Pod 成功运行之前，发生节点崩溃。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md b/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md
index 4d4d3432dca14..6b1dc65a81bfe 100755
--- a/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md
+++ b/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md
@@ -40,17 +40,22 @@ Here is an overview of the steps in this example:
   detect when a finite-length work queue is empty.  In practice you would set up a store such
   as Redis once and reuse it for the work queues of many jobs, and other things.
 -->
+
 1. **启动存储服务用于保存工作队列。** 在这个例子中，我们使用 Redis 来存储工作项。在上一个例子中，我们使用了 RabbitMQ。在这个例子中，由于 AMQP 不能为客户端提供一个良好的方法来检测一个有限长度的工作队列是否为空，我们使用了 Redis 和一个自定义的工作队列客户端库。在实践中，您可能会设置一个类似于 Redis 的存储库，并将其同时用于多项任务或其他事务的工作队列。
+
 <!--
 1. **Create a queue, and fill it with messages.**  Each message represents one task to be done.  In
   this example, a message is just an integer that we will do a lengthy computation on.
 -->
-1. **创建一个队列，然后向其中填充消息。** 每个消息表示一个将要被处理的工作任务。在这个例子中，消息只是一个我们将用于进行长度计算的整数。
+
+2. **创建一个队列，然后向其中填充消息。** 每个消息表示一个将要被处理的工作任务。在这个例子中，消息只是一个我们将用于进行长度计算的整数。
+
 <!--
 1. **Start a Job that works on tasks from the queue**.  The Job starts several pods.  Each pod takes
   one task from the message queue, processes it, and repeats until the end of the queue is reached.
 -->
-1. **启动一个 Job 对队列中的任务进行处理**。这个 Job 启动了若干个 Pod 。每个 Pod 从消息队列中取出一个工作任务，处理它，然后重复，直到到达队列的尾部。
+
+3. **启动一个 Job 对队列中的任务进行处理**。这个 Job 启动了若干个 Pod 。每个 Pod 从消息队列中取出一个工作任务，处理它，然后重复，直到到达队列的尾部。
 
 {{% /capture %}}
 
diff --git a/content/zh/docs/tasks/job/parallel-processing-expansion.md b/content/zh/docs/tasks/job/parallel-processing-expansion.md
new file mode 100644
index 0000000000000..5cbdc3e8dac29
--- /dev/null
+++ b/content/zh/docs/tasks/job/parallel-processing-expansion.md
@@ -0,0 +1,302 @@
+---
+title: 使用扩展进行并行处理
+content_template: templates/concept
+weight: 20
+---
+
+<!--
+---
+title: Parallel Processing using Expansions
+content_template: templates/concept
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+In this example, we will run multiple Kubernetes Jobs created from
+a common template.  You may want to be familiar with the basic,
+non-parallel, use of [Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/) first.
+-->
+在这个示例中，我们将运行从一个公共模板创建的多个 Kubernetes 作业。您可能希望熟悉
+[Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/) 的基本、非并行使用。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## Basic Template Expansion
+-->
+
+## 基本模板扩展
+
+<!--
+First, download the following template of a job to a file called `job-tmpl.yaml`
+-->
+首先，将以下作业模板下载到名为 `job-tmpl.yaml` 的文件中
+
+{{< codenew file="application/job/job-tmpl.yaml" >}}
+
+<!--
+Unlike a *pod template*, our *job template* is not a Kubernetes API type.  It is just
+a yaml representation of a Job object that has some placeholders that need to be filled
+in before it can be used.  The `$ITEM` syntax is not meaningful to Kubernetes.
+-->
+与 *pod 模板*不同，我们的 *job 模板*不是 Kubernetes API 类型。它只是作业对象的 yaml 表示，
+YAML 文件有一些占位符，在使用它之前需要填充这些占位符。`$ITEM` 语法对 Kubernetes 没有意义。
+
+<!--
+In this example, the only processing the container does is to `echo` a string and sleep for a bit.
+In a real use case, the processing would be some substantial computation, such as rendering a frame
+of a movie, or processing a range of rows in a database.  The `$ITEM` parameter would specify for
+example, the frame number or the row range.
+-->
+在这个例子中，容器所做的唯一处理是 `echo` 一个字符串并休眠一段时间。
+在真实的用例中，处理将是一些重要的计算，例如呈现电影的帧，或者处理数据库中的一系列行。例如，`$ITEM` 参数将指定帧号或行范围。
+
+<!--
+This Job and its Pod template have a label: `jobgroup=jobexample`.  There is nothing special
+to the system about this label.  
+This label makes it convenient to operate on all the jobs in this group at once.
+We also put the same label on the pod template so that we can check on all Pods of these Jobs
+with a single command.
+After the job is created, the system will add more labels that distinguish one Job's pods
+from another Job's pods.
+Note that the label key `jobgroup` is not special to Kubernetes. You can pick your own label scheme.
+-->
+这个作业及其 Pod 模板有一个标签: `jobgroup=jobexample`。这个标签在系统中没有什么特别之处。
+这个标签使得我们可以方便地同时操作组中的所有作业。
+我们还将相同的标签放在 pod 模板上，这样我们就可以用一个命令检查这些作业的所有 pod。
+创建作业之后，系统将添加更多的标签来区分一个作业的 pod 和另一个作业的 pod。
+注意，标签键 `jobgroup` 对 Kubernetes 并无特殊含义。您可以选择自己的标签方案。
+
+<!--
+Next, expand the template into multiple files, one for each item to be processed.
+-->
+下一步，将模板展开到多个文件中，每个文件对应要处理的项。
+
+```shell
+# Expand files into a temporary directory
+$ mkdir ./jobs
+$ for i in apple banana cherry
+do
+  cat job-tmpl.yaml | sed "s/\$ITEM/$i/" > ./jobs/job-$i.yaml
+done
+```
+
+<!--
+Check if it worked:
+-->
+检查是否工作正常：
+
+```shell
+$ ls jobs/
+job-apple.yaml
+job-banana.yaml
+job-cherry.yaml
+```
+
+<!--
+Here, we used `sed` to replace the string `$ITEM` with the loop variable.
+You could use any type of template language (jinja2, erb) or write a program
+to generate the Job objects.
+-->
+在这里，我们使用 `sed` 将字符串 `$ITEM` 替换为循环变量。
+您可以使用任何类型的模板语言(jinja2, erb) 或编写程序来生成作业对象。
+
+<!--
+Next, create all the jobs with one kubectl command:
+-->
+接下来，使用 kubectl 命令创建所有作业：
+
+```shell
+$ kubectl create -f ./jobs
+job "process-item-apple" created
+job "process-item-banana" created
+job "process-item-cherry" created
+```
+
+<!--
+Now, check on the jobs:
+-->
+现在，检查这些作业：
+
+```shell
+$ kubectl get jobs -l jobgroup=jobexample
+NAME                  DESIRED   SUCCESSFUL   AGE
+process-item-apple    1         1            31s
+process-item-banana   1         1            31s
+process-item-cherry   1         1            31s
+```
+
+<!--
+Here we use the `-l` option to select all jobs that are part of this
+group of jobs.  (There might be other unrelated jobs in the system that we
+do not care to see.)
+-->
+在这里，我们使用 `-l` 选项选择属于这组作业的所有作业。(系统中可能还有其他不相关的工作，我们不想看到。)
+
+<!--
+We can check on the pods as well using the same label selector:
+-->
+我们可以检查 pod 以及使用同样地标签选择器：
+
+```shell
+$ kubectl get pods -l jobgroup=jobexample
+NAME                        READY     STATUS      RESTARTS   AGE
+process-item-apple-kixwv    0/1       Completed   0          4m
+process-item-banana-wrsf7   0/1       Completed   0          4m
+process-item-cherry-dnfu9   0/1       Completed   0          4m
+```
+
+<!--
+There is not a single command to check on the output of all jobs at once,
+but looping over all the pods is pretty easy:
+-->
+没有一个命令可以一次检查所有作业的输出，但是循环遍历所有 pod 非常简单：
+
+```shell
+$ for p in $(kubectl get pods -l jobgroup=jobexample -o name)
+do
+  kubectl logs $p
+done
+Processing item apple
+Processing item banana
+Processing item cherry
+```
+
+<!--
+## Multiple Template Parameters
+-->
+
+## 多个模板参数
+
+<!--
+In the first example, each instance of the template had one parameter, and that parameter was also
+used as a label.  However label keys are limited in [what characters they can
+contain](/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set).
+-->
+在第一个示例中，模板的每个实例都有一个参数，该参数也用作标签。
+但是标签的键名在[可包含的字符](/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set)方面有一定的约束。
+
+<!--
+This slightly more complex example uses the jinja2 template language to generate our objects.
+We will use a one-line python script to convert the template to a file.
+-->
+这个稍微复杂一点的示例使用 jinja2 板语言来生成我们的对象。
+我们将使用一行 python 脚本将模板转换为文件。
+
+<!--
+First, copy and paste the following template of a Job object, into a file called `job.yaml.jinja2`:
+-->
+首先，粘贴作业对象的以下模板到一个名为 `job.yaml.jinja2` 的文件中：
+
+```liquid
+{%- set params = [{ "name": "apple", "url": "http://www.orangepippin.com/apples", },
+                  { "name": "banana", "url": "https://en.wikipedia.org/wiki/Banana", },
+                  { "name": "raspberry", "url": "https://www.raspberrypi.org/" }]
+%}
+{%- for p in params %}
+{%- set name = p["name"] %}
+{%- set url = p["url"] %}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: jobexample-{{ name }}
+  labels:
+    jobgroup: jobexample
+spec:
+  template:
+    metadata:
+      name: jobexample
+      labels:
+        jobgroup: jobexample
+    spec:
+      containers:
+      - name: c
+        image: busybox
+        command: ["sh", "-c", "echo Processing URL {{ url }} && sleep 5"]
+      restartPolicy: Never
+---
+{%- endfor %}
+
+```
+
+<!--
+The above template defines parameters for each job object using a list of
+python dicts (lines 1-4).  Then a for loop emits one job yaml object
+for each set of parameters (remaining lines).
+We take advantage of the fact that multiple yaml documents can be concatenated
+with the `---` separator (second to last line).
+.)  We can pipe the output directly to kubectl to
+create the objects.
+-->
+上面的模板使用 python dicts 列表（第1-4行）定义每个作业对象的参数。
+然后 for 循环为每组参数（剩余行）生成一个作业 yaml 对象。
+我们利用了多个 yaml 文档可以与 `---` 分隔符连接的事实（倒数第二行）。
+我们可以将输出直接传递给 kubectl 来创建对象。
+
+<!--
+You will need the jinja2 package if you do not already have it: `pip install --user jinja2`.
+Now, use this one-line python program to expand the template:
+-->
+如果您还没有 jinja2 包则需要安装它: `pip install --user jinja2`。
+现在，使用这个一行 python 程序来展开模板:
+
+```shell
+alias render_template='python -c "from jinja2 import Template; import sys; print(Template(sys.stdin.read()).render());"'
+```
+
+
+<!--
+The output can be saved to a file, like this:
+-->
+输出可以保存到一个文件，像这样：
+
+```shell
+cat job.yaml.jinja2 | render_template > jobs.yaml
+```
+
+<!--
+Or sent directly to kubectl, like this:
+-->
+或直接发送到 kubectl，如下所示：
+
+```shell
+cat job.yaml.jinja2 | render_template | kubectl create -f -
+```
+
+<!--
+## Alternatives
+-->
+## 替代方案
+
+<!--
+If you have a large number of job objects, you may find that:
+-->
+如果您有大量作业对象，您可能会发现：
+
+<!--
+- Even using labels, managing so many Job objects is cumbersome.
+- You exceed resource quota when creating all the Jobs at once,
+  and do not want to wait to create them incrementally.
+- Very large numbers of jobs created at once overload the
+  Kubernetes apiserver, controller, or scheduler.
+-->
+
+- 即使使用标签，管理这么多作业对象也很麻烦。
+- 在一次创建所有作业时，您超过了资源配额，可是您也不希望以递增方式创建作业并等待其完成。
+- 同时创建的大量作业会使 Kubernetes apiserver、控制器或调度程序过载。
+  
+
+<!--
+In this case, you can consider one of the
+other [job patterns](/docs/concepts/jobs/run-to-completion-finite-workloads/#job-patterns).
+-->
+在这种情况下，您可以考虑
+其他[工作模式](/docs/concepts/jobs/run-to-completion-finite-workloads/#job-patterns)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/manage-daemon/_index.md b/content/zh/docs/tasks/manage-daemon/_index.md
new file mode 100644
index 0000000000000..6291829ea9fc4
--- /dev/null
+++ b/content/zh/docs/tasks/manage-daemon/_index.md
@@ -0,0 +1,11 @@
+---
+title: "管理集群守护进程"
+weight: 130
+---
+
+<!--
+---
+title: "Manage Cluster Daemons"
+weight: 130
+---
+-->
diff --git a/content/zh/docs/tasks/manage-daemon/update-daemon-set.md b/content/zh/docs/tasks/manage-daemon/update-daemon-set.md
new file mode 100644
index 0000000000000..aa8c9a241b36e
--- /dev/null
+++ b/content/zh/docs/tasks/manage-daemon/update-daemon-set.md
@@ -0,0 +1,333 @@
+---
+reviewers:
+- janetkuo
+title: 对 DaemonSet 执行滚动更新
+content_template: templates/task
+---
+
+<!--
+---
+reviewers:
+- janetkuo
+title: Perform a Rolling Update on a DaemonSet
+content_template: templates/task
+---
+--->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to perform a rolling update on a DaemonSet.
+--->
+本文介绍了如何对 DaemonSet 执行滚动更新。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+<!--
+* The DaemonSet rolling update feature is only supported in Kubernetes version 1.6 or later.
+--->
+* Kubernetes 1.6 或者更高版本中才支持 DaemonSet 滚动更新功能。
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## DaemonSet Update Strategy
+--->
+## DaemonSet 更新策略
+
+<!--
+DaemonSet has two update strategy types:
+--->
+DaemonSet 有两种更新策略：
+
+<!--
+* OnDelete:  With `OnDelete` update strategy, after you update a DaemonSet template, new
+  DaemonSet pods will *only* be created when you manually delete old DaemonSet
+  pods. This is the same behavior of DaemonSet in Kubernetes version 1.5 or
+  before.
+* RollingUpdate: This is the default update strategy.  
+  With `RollingUpdate` update strategy, after you update a
+  DaemonSet template, old DaemonSet pods will be killed, and new DaemonSet pods
+  will be created automatically, in a controlled fashion.
+--->
+* OnDelete:  使用 `OnDelete` 更新策略时，在更新 DaemonSet 模板后，只有当您手动删除老的 DaemonSet pods 之后，新的 DaemonSet pods *才会*被自动创建。跟 Kubernetes 1.6 以前的版本类似。
+* RollingUpdate: 这是默认的更新策略。使用 `RollingUpdate` 更新策略时，在更新 DaemonSet 模板后，老的 DaemonSet pods 将被终止，并且将以受控方式自动创建新的 DaemonSet pods。
+
+<!--
+## Performing a Rolling Update
+--->
+## 执行滚动更新
+
+<!--
+To enable the rolling update feature of a DaemonSet, you must set its
+`.spec.updateStrategy.type` to `RollingUpdate`.
+--->
+要启用 DaemonSet 的滚动更新功能，必须设置 `.spec.updateStrategy.type` 为 `RollingUpdate`。
+
+<!--
+You may want to set [`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/docs/concepts/workloads/controllers/deployment/#max-unavailable) (default
+to 1) and [`.spec.minReadySeconds`](/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) (default to 0) as well.
+--->
+您可能想设置[`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/docs/concepts/workloads/controllers/deployment/#max-unavailable) (默认为 1) 和[`.spec.minReadySeconds`](/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) (默认为 0)。 
+
+<!--
+### Step 1: Checking DaemonSet `RollingUpdate` update strategy
+--->
+### 步骤 1: 检查 DaemonSet 的滚动更新策略
+
+<!--
+First, check the update strategy of your DaemonSet, and make sure it's set to
+`RollingUpdate`:
+--->
+首先，检查 DaemonSet 的更新策略，确保已经将其设置为 `RollingUpdate`:
+
+```shell
+kubectl get ds/<daemonset-name> -o go-template='{{.spec.updateStrategy.type}}{{"\n"}}'
+```
+
+<!--
+If you haven't created the DaemonSet in the system, check your DaemonSet
+manifest with the following command instead:
+--->
+如果还没在系统中创建 DaemonSet，请使用以下命令检查 DaemonSet 的清单：
+
+```shell
+kubectl create -f ds.yaml --dry-run -o go-template='{{.spec.updateStrategy.type}}{{"\n"}}'
+```
+<!--
+The output from both commands should be:
+--->
+两个命令的输出都应该为：
+
+```shell
+RollingUpdate
+```
+
+<!--
+If the output isn't `RollingUpdate`, go back and modify the DaemonSet object or
+manifest accordingly.
+--->
+如果输出不是 `RollingUpdate`，请返回并相应地修改 DaemonSet 对象或者清单。
+
+<!--
+### Step 2: Creating a DaemonSet with `RollingUpdate` update strategy
+--->
+### 步骤 2：使用 `RollingUpdate` 更新策略创建 DaemonSet
+
+<!--
+If you have already created the DaemonSet, you may skip this step and jump to
+step 3.
+--->
+如果已经创建了 DaemonSet，则可以跳过该步骤并跳转到步骤 3。
+
+<!--
+After verifying the update strategy of the DaemonSet manifest, create the DaemonSet:
+--->
+验证 DaemonSet 清单的更新策略后，创建 DaemonSet：
+
+```shell
+kubectl create -f ds.yaml
+```
+
+<!--
+Alternatively, use `kubectl apply` to create the same DaemonSet if you plan to
+update the DaemonSet with `kubectl apply`.
+--->
+或者，您打算使用 `kubectl apply` 更新 DaemonSet，请使用 `kubectl apply` 创建相同的 DaemonSet。
+
+```shell
+kubectl apply -f ds.yaml
+```
+
+<!--
+### Step 3: Updating a DaemonSet template
+--->
+### 步骤 3：更新 DaemonSet 模板
+
+<!--
+Any updates to a `RollingUpdate` DaemonSet `.spec.template` will trigger a rolling
+update. This can be done with several different `kubectl` commands.
+--->
+对 `RollingUpdate` DaemonSet `.spec.template` 的任何更新都将触发滚动更新。这可以通过几个不同的 `kubectl` 命令来完成。
+
+<!--
+#### Declarative commands
+--->
+#### 声明式命令
+
+<!--
+If you update DaemonSets using
+[configuration files](/docs/concepts/overview/object-management-kubectl/declarative-config/),
+use `kubectl apply`:
+--->
+如果您使用[配置文件](/docs/concepts/overview/object-management-kubectl/declarative-config/)来更新 DaemonSets，请使用 `kubectl apply`:
+
+```shell
+kubectl apply -f ds-v2.yaml
+```
+
+<!--
+#### Imperative commands
+--->
+#### 命令式命令
+
+<!--
+If you update DaemonSets using
+[imperative commands](/docs/concepts/overview/object-management-kubectl/imperative-command/),
+use `kubectl edit` or `kubectl patch`:
+--->
+如果您使用[命令式命令](/docs/concepts/overview/object-management-kubectl/imperative-command/)来更新 DaemonSets，请使用`kubectl edit` 或者 `kubectl patch`:
+
+```shell
+kubectl edit ds/<daemonset-name>
+```
+
+```shell
+kubectl patch ds/<daemonset-name> -p=<strategic-merge-patch>
+```
+
+<!--
+##### Updating only the container image
+--->
+##### 只更新容器镜像
+
+<!--
+If you just need to update the container image in the DaemonSet template, i.e.
+`.spec.template.spec.containers[*].image`, use `kubectl set image`:
+--->
+如果您只需要更新 DaemonSet 模板里的容器镜像，比如，`.spec.template.spec.containers[*].image`, 请使用 `kubectl set image`:
+
+```shell
+kubectl set image ds/<daemonset-name> <container-name>=<container-new-image>
+```
+
+<!--
+### Step 4: Watching the rolling update status
+--->
+### 步骤 4：查看滚动更新状态
+
+<!--
+Finally, watch the rollout status of the latest DaemonSet rolling update:
+--->
+最后，观察 DaemonSet 最新滚动更新的进度：
+
+```shell
+kubectl rollout status ds/<daemonset-name>
+```
+
+<!--
+When the rollout is complete, the output is similar to this:
+--->
+当滚动更新完成时，输出结果如下：
+
+```shell
+daemonset "<daemonset-name>" successfully rolled out
+```
+
+<!--
+## Troubleshooting
+--->
+## 故障排查
+
+<!--
+### DaemonSet rolling update is stuck
+--->
+### DaemonSet 滚动更新卡住
+
+<!--
+Sometimes, a DaemonSet rolling update may be stuck. Here are some possible
+causes:
+--->
+有时，DaemonSet 滚动更新可能会卡住。可能原因如下：
+
+<!--
+#### Some nodes run out of resources
+--->
+#### 一些节点资源用尽
+
+<!--
+The rollout is stuck because new DaemonSet pods can't be scheduled on at least one
+node. This is possible when the node is
+[running out of resources](/docs/tasks/administer-cluster/out-of-resource/).
+--->
+由于新 DaemonSet pods 无法调度到至少一个节点时，滚动更新就会卡住。这可能是由于节点已经[资源用尽](/docs/tasks/administer-cluster/out-of-resource/)。
+
+<!--
+When this happens, find the nodes that don't have the DaemonSet pods scheduled on
+by comparing the output of `kubectl get nodes` and the output of:
+--->
+发生这种情况时，通过对 `kubectl get nodes` 和下面命令行的输出作比较，找出没有调度部署 DaemonSet pods 的节点：
+
+```shell
+kubectl get pods -l <daemonset-selector-key>=<daemonset-selector-value> -o wide
+```
+
+<!--
+Once you've found those nodes, delete some non-DaemonSet pods from the node to
+make room for new DaemonSet pods.
+--->
+一旦找到这些节点，从节点上删除一些非 DaemonSet pods，为新的 DaemonSet pods 腾出空间。
+
+<!--
+{{< note >}}
+This will cause service disruption when deleted pods are not controlled by any controllers or pods are not
+replicated. This does not respect [PodDisruptionBudget](/docs/tasks/configure-pod-container/configure-pod-disruption-budget/)
+either.
+{{< /note >}}
+--->
+{{< note >}}
+当所删除的 pods 不受任何控制器管理，也不是多副本的 pods，上述操作将导致服务中断。
+同时，上述操作也不会考虑 [PodDisruptionBudget](/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) 所施加的约束。
+
+{{< /note >}}
+
+<!--
+#### Broken rollout
+--->
+#### 滚动中断
+
+<!--
+If the recent DaemonSet template update is broken, for example, the container is
+crash looping, or the container image doesn't exist (often due to a typo),
+DaemonSet rollout won't progress.
+--->
+如果最近的 DaemonSet 模板更新被破坏了，比如，容器处于崩溃循环状态或者容器镜像不存在(通常由于拼写错误)，就会发生 DaemonSet 滚动更新中断。
+
+<!--
+To fix this, just update the DaemonSet template again. New rollout won't be
+blocked by previous unhealthy rollouts.
+--->
+要解决此问题，只需再次更新 DaemonSet 模板即可。以前不健康的滚动更新不会阻止新的滚动更新。
+
+<!--
+#### Clock skew
+--->
+#### 时钟偏差
+
+<!--
+If `.spec.minReadySeconds` is specified in the DaemonSet, clock skew between
+master and nodes will make DaemonSet unable to detect the right rollout
+progress.
+--->
+如果在 DaemonSet 中指定了 `.spec.minReadySeconds`，主节点和工作节点之间的时钟偏差会使 DaemonSet 无法检测到正确的滚动更新进度。
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+<!--
+* See [Task: Performing a rollback on a
+  DaemonSet](/docs/tasks/manage-daemon/rollback-daemon-set/)
+* See [Concepts: Creating a DaemonSet to adopt existing DaemonSet pods](/docs/concepts/workloads/controllers/daemonset/)
+--->
+* 查看[任务: 在 DaemonSet 上执行回滚](/docs/tasks/manage-daemon/rollback-daemon-set/)
+* 查看[概念: 创建 DaemonSet 以适应现有的 DaemonSet pods](/docs/concepts/workloads/controllers/daemonset/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md b/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md
index 7750980c9b464..09b0883f062c5 100644
--- a/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md
+++ b/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md
@@ -1,179 +1,364 @@
 ---
-approvers:
+reviewers:
 - vishh
-title: 调度 GPU
-content_template: templates/task
+content_template: templates/concept
+title: 调度 GPUs
 ---
+<!--
+---
+reviewers:
+- vishh
+content_template: templates/concept
+title: Schedule GPUs
+---
+--->
 
 {{% capture overview %}}
 
+<!--
+Kubernetes includes **experimental** support for managing AMD and NVIDIA GPUs spread
+across nodes. The support for NVIDIA GPUs was added in v1.6 and has gone through
+multiple backwards incompatible iterations.  The support for AMD GPUs was added in
+v1.9 via [device plugin](#deploying-amd-gpu-device-plugin).
 
-Kubernetes 提供对分布在节点上的 NVIDIA GPU 进行管理的**实验**支持。本页描述用户如何使用 GPU 以及当前使用的一些限制
-
-{{% /capture %}}
-
-{{% capture prerequisites %}}
+This page describes how users can consume GPUs across different Kubernetes versions
+and the current limitations.
+--->
+Kubernetes 支持对节点上的 AMD 和 NVIDA GPU 进行管理，目前处于**实验**状态。对 NVIDIA GPU 的支持在 v1.6 中加入，已经经历了多次不向后兼容的迭代。而对 AMD GPU 的支持则在 v1.9 中通过 [设备插件](#deploying-amd-gpu-device-plugin) 加入。
 
+这个页面介绍了用户如何在不同的 Kubernetes 版本中使用 GPU，以及当前存在的一些限制。
 
-1. Kubernetes 节点必须预先安装好 NVIDIA 驱动，否则，Kubelet 将检测不到可用的GPU信息；如果节点的 Capacity 属性中没有出现 NIVIDA GPU 的数量，有可能是驱动没有安装或者安装失败，请尝试重新安装
-
-2. 在整个 Kubernetes 系统中，feature-gates 里面特定的 **alpha** 特性参数 `Accelerators` 必须设置为 true：`--feature-gates="Accelerators=true"`
+{{% /capture %}}
 
-3. Kubernetes 节点必须使用 `docker` 引擎作为容器的运行引擎
 
+{{% capture body %}}
+
+<!--
+## v1.8 onwards
+
+**From 1.8 onwards, the recommended way to consume GPUs is to use [device
+plugins](/docs/concepts/cluster-administration/device-plugins).**
+
+To enable GPU support through device plugins before 1.10, the `DevicePlugins`
+feature gate has to be explicitly set to true across the system:
+`--feature-gates="DevicePlugins=true"`. This is no longer required starting
+from 1.10.
+--->
+## 从 v1.8 起
+
+**从 1.8 版本开始，我们推荐通过 [设备插件](/docs/concepts/cluster-administration/device-plugins) 的方式来使用 GPU。**
+
+在 1.10 版本之前，为了通过设备插件开启 GPU 的支持，我们需要在系统中将 `DevicePlugins` 这一特性开关显式地设置为 true：`--feature-gates="DevicePlugins=true"`。不过，
+从 1.10 版本开始，我们就不需要这一步骤了。
+
+<!--
+Then you have to install GPU drivers from the corresponding vendor on the nodes
+and run the corresponding device plugin from the GPU vendor
+([AMD](#deploying-amd-gpu-device-plugin), [NVIDIA](#deploying-nvidia-gpu-device-plugin)).
+
+When the above conditions are true, Kubernetes will expose `nvidia.com/gpu` or
+`amd.com/gpu` as a schedulable resource.
+--->
+接着你需要在主机节点上安装对应厂商的 GPU 驱动并运行对应厂商的设备插件 ([AMD](#deploying-amd-gpu-device-plugin)、[NVIDIA](#deploying-nvidia-gpu-device-plugin))。
+
+当上面的条件都满足，Kubernetes 将会暴露 `nvidia.com/gpu` 或 `amd.com/gpu` 来作为
+一种可调度的资源。
+
+<!--
+You can consume these GPUs from your containers by requesting
+`<vendor>.com/gpu` just like you request `cpu` or `memory`.
+However, there are some limitations in how you specify the resource requirements
+when using GPUs:
+--->
+你也能通过像请求 `cpu` 或 `memory` 一样请求 `<vendor>.com/gpu` 来在容器中使用 GPU。然而，当你要通过指定资源请求来使用 GPU 时，存在着以下几点限制：
+
+<!--
+- GPUs are only supposed to be specified in the `limits` section, which means:
+  * You can specify GPU `limits` without specifying `requests` because
+    Kubernetes will use the limit as the request value by default.
+  * You can specify GPU in both `limits` and `requests` but these two values
+    must be equal.
+  * You cannot specify GPU `requests` without specifying `limits`.
+- Containers (and pods) do not share GPUs. There's no overcommitting of GPUs.
+- Each container can request one or more GPUs. It is not possible to request a
+  fraction of a GPU.
+
+Here's an example:
+--->
+- GPU 仅仅支持在 `limits` 部分被指定，这表明：
+  * 你可以仅仅指定 GPU 的 `limits` 字段而不必须指定 `requests` 字段，因为 Kubernetes 会默认使用 limit 字段的值来作为 request 字段的默认值。
+  * 你能同时指定 GPU 的 `limits` 和 `requests` 字段，但这两个值必须相等。
+  * 你不能仅仅指定 GPU 的 `request` 字段而不指定 `limits`。
+- 容器（以及 pod）并不会共享 GPU，也不存在对 GPU 的过量使用。
+- 每一个容器能够请求一个或多个 GPU。然而只请求一个 GPU 的一部分是不允许的。
+
+下面是一个例子:
 
-上述预备工作完成后，节点会自动发现它上面的 NVIDIA GPU，并将其作为可调度资源暴露
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cuda-vector-add
+spec:
+  restartPolicy: OnFailure
+  containers:
+    - name: cuda-vector-add
+      # https://github.com/kubernetes/kubernetes/blob/v1.7.11/test/images/nvidia-cuda/Dockerfile
+      image: "k8s.gcr.io/cuda-vector-add:v0.1"
+      resources:
+        limits:
+          nvidia.com/gpu: 1 # requesting 1 GPU
+```
 
-{{% /capture %}}
+<!--
+### Deploying AMD GPU device plugin
 
-{{% capture steps %}}
+The [official AMD GPU device plugin](https://github.com/RadeonOpenCompute/k8s-device-plugin)
+has the following requirements:
+--->
+### 部署 AMD GPU 设备插件
 
-## API
+[官方的 AMD GPU 设备插件](https://github.com/RadeonOpenCompute/k8s-device-plugin) 有以下要求：
 
+<!--
+- Kubernetes nodes have to be pre-installed with AMD GPU Linux driver.
 
-容器可以通过名称为 `alpha.kubernetes.io/nvidia-gpu` 的标识来申请需要使用的 NVIDIA GPU 的数量
+To deploy the AMD device plugin once your cluster is running and the above
+requirements are satisfied:
+```
+# For Kubernetes v1.9
+kubectl create -f https://raw.githubusercontent.com/RadeonOpenCompute/k8s-device-plugin/r1.9/k8s-ds-amdgpu-dp.yaml
 
-```yaml
-apiVersion: v1
-kind: Pod 
-metadata:
-  name: gpu-pod
-spec: 
-  containers: 
-    - 
-      name: gpu-container-1
-      image: k8s.gcr.io/pause:2.0
-      resources: 
-        limits: 
-          alpha.kubernetes.io/nvidia-gpu: 2 # requesting 2 GPUs
-    -
-      name: gpu-container-2
-      image: k8s.gcr.io/pause:2.0
-      resources: 
-        limits: 
-          alpha.kubernetes.io/nvidia-gpu: 3 # requesting 3 GPUs
+# For Kubernetes v1.10
+kubectl create -f https://raw.githubusercontent.com/RadeonOpenCompute/k8s-device-plugin/r1.10/k8s-ds-amdgpu-dp.yaml
 ```
+--->
+- Kubernetes 节点必须预先安装 AMD GPU 的 Linux 驱动。
 
+如果你的集群已经启动并且满足上述要求的话，可以这样部署 AMD 设备插件：
+```
+# 针对 Kubernetes v1.9
+kubectl create -f https://raw.githubusercontent.com/RadeonOpenCompute/k8s-device-plugin/r1.9/k8s-ds-amdgpu-dp.yaml
 
-- GPU 只能在容器资源的 `limits` 中配置
+# 针对 Kubernetes v1.10
+kubectl create -f https://raw.githubusercontent.com/RadeonOpenCompute/k8s-device-plugin/r1.10/k8s-ds-amdgpu-dp.yaml
+```
 
-- 容器和 Pod 都不支持共享 GPU
+<!--
+Report issues with this device plugin to [RadeonOpenCompute/k8s-device-plugin](https://github.com/RadeonOpenCompute/k8s-device-plugin).
+--->
+请到 [RadeonOpenCompute/k8s-device-plugin](https://github.com/RadeonOpenCompute/k8s-device-plugin) 报告有关此设备插件的问题。
 
-- 每个容器可以申请使用一个或者多个 GPU
+<!--
+### Deploying NVIDIA GPU device plugin
 
-- GPU 必须以整数为单位被申请使用
+There are currently two device plugin implementations for NVIDIA GPUs:
 
-- 所有节点的 GPU 硬件要求相同
+#### Official NVIDIA GPU device plugin
 
+The [official NVIDIA GPU device plugin](https://github.com/NVIDIA/k8s-device-plugin)
+has the following requirements:
+--->
+### 部署 NVIDIA GPU 设备插件
 
-如果在不同的节点上面安装了不同版本的 GPU，可以通过设置节点标签以及使用节点选择器的方式将 pod 调度到期望运行的节点上。工作流程如下：
+对于 NVIDIA GPUs，目前存在两种设备插件的实现：
 
+#### 官方的 NVIDIA GPU 设备插件
 
-在节点上，识别出 GPU 硬件类型，然后将其作为节点标签进行暴露
+[官方的 NVIDIA GPU 设备插件](https://github.com/NVIDIA/k8s-device-plugin) 有以下要求:
 
-```shell
-NVIDIA_GPU_NAME=$(nvidia-smi --query-gpu=gpu_name --format=csv,noheader --id=0)
-source /etc/default/kubelet
-KUBELET_OPTS="$KUBELET_OPTS --node-labels='alpha.kubernetes.io/nvidia-gpu-name=$NVIDIA_GPU_NAME'"
-echo "KUBELET_OPTS=$KUBELET_OPTS" > /etc/default/kubelet
-```
+<!--
+- Kubernetes nodes have to be pre-installed with NVIDIA drivers.
+- Kubernetes nodes have to be pre-installed with [nvidia-docker 2.0](https://github.com/NVIDIA/nvidia-docker)
+- nvidia-container-runtime must be configured as the [default runtime](https://github.com/NVIDIA/k8s-device-plugin#preparing-your-gpu-nodes)
+  for docker instead of runc.
+- NVIDIA drivers ~= 361.93
 
+To deploy the NVIDIA device plugin once your cluster is running and the above
+requirements are satisfied:
+--->
+- Kubernetes 的节点必须预先安装了 NVIDIA 驱动
+- Kubernetes 的节点必须预先安装 [nvidia-docker 2.0](https://github.com/NVIDIA/nvidia-docker)
+- Docker 的[默认运行时](https://github.com/NVIDIA/k8s-device-plugin#preparing-your-gpu-nodes)必须设置为 nvidia-container-runtime，而不是 runc
+- NVIDIA 驱动版本 ~= 361.93
 
-在 pod 上，通过节点[亲和性](/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)规则为它指定可以使用的 GPU 类型
+如果你的集群已经启动并且满足上述要求的话，可以这样部署 NVIDIA 设备插件：
 
-```yaml
-kind: pod
-apiVersion: v1
-metadata:
-  annotations:
-    scheduler.alpha.kubernetes.io/affinity: >
-      {
-        "nodeAffinity": {
-          "requiredDuringSchedulingIgnoredDuringExecution": {
-            "nodeSelectorTerms": [
-              {
-                "matchExpressions": [
-                  {
-                    "key": "alpha.kubernetes.io/nvidia-gpu-name",
-                    "operator": "In",
-                    "values": ["Tesla K80", "Tesla P100"]
-                  }
-                ]
-              }
-            ]
-          }
-        }
-      }
-spec:
-  containers:
-    -
-      name: gpu-container-1
-      resources:
-        limits:
-          alpha.kubernetes.io/nvidia-gpu: 2
+<!--
 ```
+# For Kubernetes v1.8
+kubectl create -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v1.8/nvidia-device-plugin.yml
 
+# For Kubernetes v1.9
+kubectl create -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v1.9/nvidia-device-plugin.yml
+```
 
-上述设定可以确保 pod 会被调度到包含名称为 `alpha.kubernetes.io/nvidia-gpu-name` 的标签并且标签的值为 `Tesla K80` 或者 `Tesla P100` 的节点上
-
+Report issues with this device plugin to [NVIDIA/k8s-device-plugin](https://github.com/NVIDIA/k8s-device-plugin).
+--->
+```
+# 针对 Kubernetes v1.8
+kubectl create -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v1.8/nvidia-device-plugin.yml
 
-### 警告
+# 针对 Kubernetes v1.9
+kubectl create -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v1.9/nvidia-device-plugin.yml
+```
 
+请到 [NVIDIA/k8s-device-plugin](https://github.com/NVIDIA/k8s-device-plugin) 报告有关此设备插件的问题。
 
-当未来的 Kubernetes 版本能够更好的支持GPU以及一般的硬件加速器时，这里的 API 描述**将会随之做出变更**
+<!--
+#### NVIDIA GPU device plugin used by GCE
 
+The [NVIDIA GPU device plugin used by GCE](https://github.com/GoogleCloudPlatform/container-engine-accelerators/tree/master/cmd/nvidia_gpu)
+doesn't require using nvidia-docker and should work with any container runtime
+that is compatible with the Kubernetes Container Runtime Interface (CRI). It's tested
+on [Container-Optimized OS](https://cloud.google.com/container-optimized-os/)
+and has experimental code for Ubuntu from 1.9 onwards.
+--->
+#### GCE 中使用的 NVIDIA GPU 设备插件
 
-## 访问 CUDA 库
+[GCE 使用的 NVIDIA GPU 设备插件](https://github.com/GoogleCloudPlatform/container-engine-accelerators/tree/master/cmd/nvidia_gpu) 并不要求使用 nvidia-docker，并且对于任何实现了 Kubernetes CRI 的容器运行时，都应该能够使用。这一实现已经在 [Container-Optimized OS](https://cloud.google.com/container-optimized-os/) 上进行了测试，并且在 1.9 版本之后会有对于 Ubuntu 的实验性代码。
 
+<!--
+On your 1.12 cluster, you can use the following commands to install the NVIDIA drivers and device plugin:
 
-到目前为止，还需要预先在节点上安装 CUDA 库
+```
+# Install NVIDIA drivers on Container-Optimized OS:
+kubectl create -f https://raw.githubusercontent.com/GoogleCloudPlatform/container-engine-accelerators/stable/daemonset.yaml
 
+# Install NVIDIA drivers on Ubuntu (experimental):
+kubectl create -f https://raw.githubusercontent.com/GoogleCloudPlatform/container-engine-accelerators/stable/nvidia-driver-installer/ubuntu/daemonset.yaml
 
-为了避免后面使用库出现问题，可以将库放到 ``/var/lib/`` 下的某个文件夹下，或者直接改变库目录的权限(以后的版本会自动完成这一过程)
+# Install the device plugin:
+kubectl create -f https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.12/cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml
+```
+--->
+在你 1.12 版本的集群上，你能使用下面的命令来安装 NVIDIA 驱动以及设备插件：
 
+```
+# 在容器优化的操作系统上安装 NVIDIA 驱动:
+kubectl create -f https://raw.githubusercontent.com/GoogleCloudPlatform/container-engine-accelerators/stable/daemonset.yaml
 
-Pods能够通过 `hostPath` 卷来访问库
+# 在 Ubuntu 上安装 NVIDIA 驱动 (实验性质):
+kubectl create -f https://raw.githubusercontent.com/GoogleCloudPlatform/container-engine-accelerators/stable/nvidia-driver-installer/ubuntu/daemonset.yaml
 
-```yaml
-kind: Pod
-apiVersion: v1
-metadata:
-  name: gpu-pod
-spec:
-  containers:
-  - name: gpu-container-1
-    image: k8s.gcr.io/pause:2.0
-    resources:
-      limits:
-        alpha.kubernetes.io/nvidia-gpu: 1
-    volumeMounts:
-    - mountPath: /usr/local/nvidia/bin
-      name: bin
-    - mountPath: /usr/lib/nvidia
-      name: lib
-  volumes:
-  - hostPath:
-      path: /usr/lib/nvidia-375/bin
-    name: bin
-  - hostPath:
-      path: /usr/lib/nvidia-375
-    name: lib
+# 安装设备插件:
+kubectl create -f https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.12/cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml
 ```
 
+<!--
+Report issues with this device plugin and installation method to [GoogleCloudPlatform/container-engine-accelerators](https://github.com/GoogleCloudPlatform/container-engine-accelerators).
 
-## 未来
+Instructions for using NVIDIA GPUs on GKE are
+[here](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus)
+--->
+请到 [GoogleCloudPlatform/container-engine-accelerators](https://github.com/GoogleCloudPlatform/container-engine-accelerators) 报告有关此设备插件以及安装方法的问题。
 
+<!--
+## Clusters containing different types of GPUs
 
-- Kubernetes 对硬件加速器的支持还处在早期阶段
+If different nodes in your cluster have different types of GPUs, then you
+can use [Node Labels and Node Selectors](/docs/tasks/configure-pod-container/assign-pods-nodes/)
+to schedule pods to appropriate nodes.
 
-- GPU 和其它的加速器很快会成为系统的本地计算资源
+For example:
+--->
+## 集群内存在不同类型的 NVIDIA GPU
 
-- 将引入更好的 API 以可扩展的方式提供和使用加速器
+如果集群内部的不同节点上有不同类型的 NVIDIA GPU，那么你可以使用 [节点标签和节点选择器](/docs/tasks/configure-pod-container/assign-pods-nodes/) 来将 pod 调度到合适的节点上。
 
-- Kubernetes 将会自动确保应用在使用 GPU 时得到最佳性能
+例如：
 
-- 类似访问 CUDA 库这种关键的可用性问题将得到解决
+<!--
+```shell
+# Label your nodes with the accelerator type they have.
+kubectl label nodes <node-with-k80> accelerator=nvidia-tesla-k80
+kubectl label nodes <node-with-p100> accelerator=nvidia-tesla-p100
+```
+--->
+```shell
+# 为你的节点加上它们所拥有的加速器类型的标签
+kubectl label nodes <node-with-k80> accelerator=nvidia-tesla-k80
+kubectl label nodes <node-with-p100> accelerator=nvidia-tesla-p100
+```
 
-{{% /capture %}}
+<!--
+For AMD GPUs, you can deploy [Node Labeller](https://github.com/RadeonOpenCompute/k8s-device-plugin/tree/master/cmd/k8s-node-labeller), which automatically labels your nodes with GPU properties. Currently supported properties:
+--->
+对于 AMD GPUs，您可以部署 [节点标签器](https://github.com/RadeonOpenCompute/k8s-device-plugin/tree/master/cmd/k8s-node-labeller)，它会自动给节点打上 GPU 属性标签。目前支持的属性：
+
+<!--
+* Device ID (-device-id)
+* VRAM Size (-vram)
+* Number of SIMD (-simd-count)
+* Number of Compute Unit (-cu-count)
+* Firmware and Feature Versions (-firmware)
+* GPU Family, in two letters acronym (-family)
+  * SI - Southern Islands
+  * CI - Sea Islands
+  * KV - Kaveri
+  * VI - Volcanic Islands
+  * CZ - Carrizo
+  * AI - Arctic Islands
+  * RV - Raven
+
+Example result:
+--->
+* 设备 ID (-device-id)
+* VRAM 大小 (-vram)
+* SIMD 数量(-simd-count)
+* 计算单位数量(-cu-count)
+* 固件和特性版本 (-firmware)
+* GPU 系列，两个字母的首字母缩写(-family)
+  * SI - Southern Islands
+  * CI - Sea Islands
+  * KV - Kaveri
+  * VI - Volcanic Islands
+  * CZ - Carrizo
+  * AI - Arctic Islands
+  * RV - Raven
+
+示例:
+
+    $ kubectl describe node cluster-node-23
+    Name:               cluster-node-23
+    Roles:              <none>
+    Labels:             beta.amd.com/gpu.cu-count.64=1
+                        beta.amd.com/gpu.device-id.6860=1
+                        beta.amd.com/gpu.family.AI=1
+                        beta.amd.com/gpu.simd-count.256=1
+                        beta.amd.com/gpu.vram.16G=1
+                        beta.kubernetes.io/arch=amd64
+                        beta.kubernetes.io/os=linux
+                        kubernetes.io/hostname=cluster-node-23
+    Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
+                        node.alpha.kubernetes.io/ttl: 0
+    ......
+
+<!--
+Specify the GPU type in the pod spec:
+--->
+在 pod 的 spec 字段中指定 GPU 的类型：
 
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cuda-vector-add
+spec:
+  restartPolicy: OnFailure
+  containers:
+    - name: cuda-vector-add
+      # https://github.com/kubernetes/kubernetes/blob/v1.7.11/test/images/nvidia-cuda/Dockerfile
+      image: "k8s.gcr.io/cuda-vector-add:v0.1"
+      resources:
+        limits:
+          nvidia.com/gpu: 1
+  nodeSelector:
+    accelerator: nvidia-tesla-p100 # or nvidia-tesla-k80 etc.
+```
 
+<!--
+This will ensure that the pod will be scheduled to a node that has the GPU type
+you specified.
+--->
+这能够保证 pod 能够被调度到你所指定类型的 GPU 的节点上去。
diff --git a/content/zh/docs/tasks/manage-hugepages/scheduling-hugepages.md b/content/zh/docs/tasks/manage-hugepages/scheduling-hugepages.md
index eb1666d8731f4..7e6171358b0ce 100644
--- a/content/zh/docs/tasks/manage-hugepages/scheduling-hugepages.md
+++ b/content/zh/docs/tasks/manage-hugepages/scheduling-hugepages.md
@@ -1,22 +1,41 @@
 ---
-approvers:
+reviewers:
 - derekwaynecarr
 title: 管理巨页（HugePages）
 content_template: templates/task
 ---
+<!--
+---
+reviewers:
+- derekwaynecarr
+title: Manage HugePages
+content_template: templates/task
+---
+--->
 
 {{% capture overview %}}
-{{< feature-state state="alpha" >}}
+{{< feature-state state="stable" >}}
 
-作为 **alpha** 特性，Kubernetes 支持在 Pod 应用中使用预先分配的巨页（或称“大页面”，下文统称为“巨页”）。  本文描述了用户如何使用巨页，以及当前的限制。
+<!--
+Kubernetes supports the allocation and consumption of pre-allocated huge pages
+by applications in a Pod as a **GA** feature. This page describes how users
+can consume huge pages and the current limitations.
+--->
+作为 **GA** 特性，Kubernetes 支持在 Pod 应用中使用预先分配的巨页。本文描述了用户如何使用巨页，以及当前的限制。
 
 {{% /capture %}}
 
 {{% capture prerequisites %}}
 
-1. 为了使节点能够上报巨页容量，Kubernetes 节点必须预先分配巨页。
-   每个节点只能预先分配一种特定规格的巨页。
-1. 用户必须在整个系统中将专用的 **alpha** 特性开关 `HugePages` 设置为 true： `--feature-gates=HugePages=true`。
+<!--
+1. Kubernetes nodes must pre-allocate huge pages in order for the node to report
+   its huge page capacity. A node may only pre-allocate huge pages for a single
+   size.
+
+The nodes will automatically discover and report all huge page resources as a
+schedulable resource.
+--->
+1. 为了使节点能够上报巨页容量，Kubernetes 节点必须预先分配巨页。每个节点只能预先分配一种特定规格的巨页。
 
 节点会自动发现全部巨页资源，并作为可供调度的资源进行上报。
 
@@ -26,7 +45,18 @@ content_template: templates/task
 
 ## API
 
+<!--
+Huge pages can be consumed via container level resource requirements using the
+resource name `hugepages-<size>`, where size is the most compact binary notation
+using integer values supported on a particular node. For example, if a node
+supports 2048KiB page sizes, it will expose a schedulable resource
+`hugepages-2Mi`. Unlike CPU or memory, huge pages do not support overcommit. Note
+that when requesting hugepage resources, either memory or CPU resources must
+be requested as well.
+--->
+
 用户可以通过在容器级别的资源需求中使用资源名称 `hugepages-<size>` 来使用巨页，其中的 size 是特定节点上支持的以整数值表示的最小二进制单位。 例如，如果节点支持 2048KiB 的页面规格， 它将暴露可供调度的资源 `hugepages-2Mi`。 与 CPU 或内存不同，巨页不支持过量使用（overcommit）。
+注意，在请求巨页资源时，还必须请求内存或 CPU 资源。
 
 ```yaml
 apiVersion: v1
@@ -46,23 +76,49 @@ spec:
     resources:
       limits:
         hugepages-2Mi: 100Mi
+        memory: 100Mi
+      requests:
+        memory: 100Mi
   volumes:
   - name: hugepage
     emptyDir:
       medium: HugePages
 ```
 
-- 巨页的资源需求和限制必须相等。 该条件在指定了资源限制，而没有指定需求的情况下默认成立。
+<!--
+- Huge page requests must equal the limits. This is the default if limits are
+  specified, but requests are not.
+- Huge pages are isolated at a pod scope, container isolation is planned in a
+  future iteration.
+- EmptyDir volumes backed by huge pages may not consume more huge page memory
+  than the pod request.
+- Applications that consume huge pages via `shmget()` with `SHM_HUGETLB` must
+  run with a supplemental group that matches `proc/sys/vm/hugetlb_shm_group`.
+- Huge page usage in a namespace is controllable via ResourceQuota similar
+to other compute resources like `cpu` or `memory` using the `hugepages-<size>`
+token.
+--->
+
+- 巨页的资源请求值必须等于其限制值。该条件在指定了资源限制，而没有指定请求的情况下默认成立。
 - 巨页是被隔离在 pod 作用域的，计划在将来的迭代中实现容器级别的隔离。
-- 巨页对 EmptyDir 卷提供支持，EmptyDir 卷所使用的巨页，不能够超出 pod 请求的内存容量。
+- 巨页可用于 EmptyDir 卷，不过 EmptyDir 卷所使用的巨页数量不能够超出 Pod 请求的巨页数量。
 - 通过带有 `SHM_HUGETLB` 的 `shmget()` 使用巨页的应用，必须运行在一个与
    `proc/sys/vm/hugetlb_shm_group` 匹配的补充组下。
+- 通过 ResourceQuota 资源，可以使用 `hugepages-<size>` 标记控制每个命名空间下的巨页使用量，
+  类似于使用 `cpu` 或 `memory` 来控制其他计算资源。
+
+<!--
+## Future
+
+- Support container isolation of huge pages in addition to pod isolation.
+- NUMA locality guarantees as a feature of quality of service.
+- LimitRange support.
+--->
 
-## （待实现的）特性
+## 待实现的特性
 
 - 在 pod 级别隔离的基础上，支持巨页在容器级别的隔离。
 - 作为服务质量特性，保证巨页的 NUMA 局部性。
-- 支持 ResourceQuota 。
 - 支持 LimitRange 。
 
 {{% /capture %}}
diff --git a/content/zh/docs/tasks/network-policy-provider/_index.md b/content/zh/docs/tasks/network-policy-provider/_index.md
new file mode 100644
index 0000000000000..b66f21bfa8be6
--- /dev/null
+++ b/content/zh/docs/tasks/network-policy-provider/_index.md
@@ -0,0 +1,11 @@
+---
+title: 安装网络策略驱动
+weight: 30
+---
+
+<!--
+---
+title: Install a Network Policy Provider
+weight: 30
+---
+-->
diff --git a/content/zh/docs/tasks/run-application/_index.md b/content/zh/docs/tasks/run-application/_index.md
new file mode 100644
index 0000000000000..795623eb40825
--- /dev/null
+++ b/content/zh/docs/tasks/run-application/_index.md
@@ -0,0 +1,11 @@
+---
+title: "运行应用"
+weight: 40
+---
+
+<!--
+---
+title: "Run Applications"
+weight: 40
+---
+-->
diff --git a/content/zh/docs/tasks/run-application/configure-pdb.md b/content/zh/docs/tasks/run-application/configure-pdb.md
new file mode 100644
index 0000000000000..f0da9fa965748
--- /dev/null
+++ b/content/zh/docs/tasks/run-application/configure-pdb.md
@@ -0,0 +1,334 @@
+---
+title: 指定应用程序的中断预算（Disruption Budget）
+content_template: templates/task
+weight: 110
+---
+
+<!-- ---
+title: Specifying a Disruption Budget for your Application
+content_template: templates/task
+weight: 110
+--- -->
+
+{{% capture overview %}}
+
+<!-- This page shows how to limit the number of concurrent disruptions
+that your application experiences, allowing for higher availability
+while permitting the cluster administrator to manage the clusters
+nodes. -->
+
+本文展示了如何限制应用程序的并发中断数量，在允许集群管理员管理集群节点的同时保证高可用。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- * You are the owner of an application running on a Kubernetes cluster that requires
+  high availability. -->
+* 用户是 Kubernetes 集群中有高可用需求的应用的所有者。
+
+<!-- * You should know how to deploy [Replicated Stateless Applications](/docs/tasks/run-application/run-stateless-application-deployment/)
+  and/or [Replicated Stateful Applications](/docs/tasks/run-application/run-replicated-stateful-application/). -->
+* 用户应了解如何部署 [无状态应用](/docs/tasks/run-application/run-stateless-application-deployment/) 
+和/或 [有状态应用](/docs/tasks/run-application/run-replicated-stateful-application/)。
+
+<!-- * You should have read about [Pod Disruptions](/docs/concepts/workloads/pods/disruptions/). -->
+* 用户应当已经阅读过关于 [Pod 中断](/docs/concepts/workloads/pods/disruptions/) 的文档。
+
+<!-- * You should confirm with your cluster owner or service provider that they respect
+  Pod Disruption Budgets. -->
+* 用户应当与集群所有者或服务提供者确认其遵从 Pod 中断预算（Pod Disruption Budgets）的规则。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!-- ## Protecting an Application with a PodDisruptionBudget -->
+## 用 PodDisruptionBudget 来保护应用
+
+<!-- 1. Identify what application you want to protect with a PodDisruptionBudget (PDB).
+1. Think about how your application reacts to disruptions.
+1. Create a PDB definition as a YAML file.
+1. Create the PDB object from the YAML file. -->
+
+1. 确定想要使用 PodDisruptionBudget (PDB) 来保护的应用。
+1. 考虑应用对中断的反应。
+1. 以 YAML 文件形式定义 PDB 。
+1. 通过 YAML 文件创建 PDB 对象。
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!-- ## Identify an Application to Protect -->
+## 确定要保护的应用
+
+<!-- The most common use case when you want to protect an application
+specified by one of the built-in Kubernetes controllers: -->
+用户想要保护通过内置的 Kubernetes 控制器指定的应用，这是最常见的使用场景：
+
+- Deployment
+- ReplicationController
+- ReplicaSet
+- StatefulSet
+
+<!-- In this case, make a note of the controller's `.spec.selector`; the same
+selector goes into the PDBs `.spec.selector`. -->
+在这种情况下，在控制器的 `.spec.selector` 字段中做记录，并在 PDB 的 `.spec.selector` 字段中加入同样的选择器。
+
+<!-- You can also use PDBs with pods which are not controlled by one of the above
+controllers, or arbitrary groups of pods, but there are some restrictions,
+described in [Arbitrary Controllers and Selectors](#arbitrary-controllers-and-selectors). -->
+用户也可以用 PDB 来保护不受上述控制器控制的 pod，或任意组（arbitrary groups）的 pod， 但是正如 [任意控制器和选择器](#arbitrary-controllers-and-selectors) 中描述的，这里存在一些限制。
+
+<!-- ## Think about how your application reacts to disruptions -->
+## 考虑应用对中断的反应
+
+<!-- Decide how many instances can be down at the same time for a short period
+due to a voluntary disruption. -->
+确定在自发中断时，多少实例可以在短时间内同时关闭。
+
+<!-- - Stateless frontends:
+  - Concern: don't reduce serving capacity by more than 10%. 
+    - Solution: use PDB with minAvailable 90% for example.
+- Single-instance Stateful Application:
+  - Concern: do not terminate this application without talking to me.
+    - Possible Solution 1: Do not use a PDB and tolerate occasional downtime.
+    - Possible Solution 2: Set PDB with maxUnavailable=0.  Have an understanding
+      (outside of Kubernetes) that the cluster operator needs to consult you before
+      termination.  When the cluster operator contacts you, prepare for downtime,
+      and then delete the PDB to indicate readiness for disruption.  Recreate afterwards.
+- Multiple-instance Stateful application such as Consul, ZooKeeper, or etcd:
+  - Concern: Do not reduce number of instances below quorum, otherwise writes fail.
+    - Possible Solution 1: set maxUnavailable to 1 (works with varying scale of application).
+    - Possible Solution 2: set minAvailable to quorum-size (e.g. 3 when scale is 5).  (Allows more disruptions at once).
+- Restartable Batch Job:
+  - Concern: Job needs to complete in case of voluntary disruption.
+    - Possible solution: Do not create a PDB.  The Job controller will create a replacement pod. -->
+
+- 无状态的前端：
+    - 关注：不能降低服务能力 10% 以上。
+        - 解决方案：例如，使用 PDB，指定其 minAvailable 值为 90%。
+- 单实例有状态应用：
+    - 关注：不要在不通知的情况下终止该应用。
+        - 可能的解决方案 1：不使用 PDB，并忍受偶尔的停机。
+        - 可能的解决方案 2：设置 maxUnavailable=0 的 PDB。意为（Kubernetes 范畴之外的） 集群操作人员需要在终止应用前与用户协商，协商后准备停机，然后删除 PDB 表示准备中断，后续再重新创建。
+- 多实例有状态应用， 如 Consul、ZooKeeper 或 etcd：
+    - 关注：不要将实例数量减少至低于仲裁规模（below quorum），否则将写入失败。
+        - 可能的解决方案 1：设置 maxUnavailable 值为 1 (适用于不同规模的应用)。
+        - 可能的解决方案 2：设置 minAvailable 值为仲裁规模（例如规模为 5 时设置为 3）。 (允许每次更多的中断)。
+- 可重新启动的批处理任务：
+    - 关注： 自发中断的情况下，需要确保任务完成。
+        - 可能的解决方案：不创建 PDB。 任务控制器会创建一个替换的 pod。
+
+<!-- ### Rounding logic when specifying percentages -->
+### 指定百分比时的舍入逻辑
+
+<!-- Values for `minAvailable` or `maxUnavailable` can be expressed as integers or as a percentage. -->
+`minAvailable` 或 `maxUnavailable` 的值可以表示为整数或百分比。
+
+<!-- - When you specify an integer, it represents a number of Pods. For instance, if you set `minAvailable` to 10, then 10
+  Pods must always be available, even during a disruption. -->
+- 指定整数时，它表示许多Pod。 例如，如果将minAvailable设置为10，那么即使在中断期间，也必须始终有10个Pod可用。
+<!-- - When you specify a percentage by setting the value to a string representation of a percentage (eg. `"50%"`), it represents a percentage of
+  total Pods. For instance, if you set `minUnavailable` to `"50%"`, then only 50% of the Pods can be unavailable during a
+  disruption. -->
+- 通过将值设置为百分比的字符串表示形式（例如“50％”）来指定百分比时，它表示总 Pod 数的百分比。例如，如果将 "minUnavailable" 设置为“50％”，则只有50％的 Pod 可以中断。
+
+<!-- When you specify the value as a percentage, it may not map to an exact number of Pods. For example, if you have 7 Pods and
+you set `minAvailable` to `"50%"`, it's not immediately obvious whether that means 3 Pods or 4 Pods must be available.
+Kubernetes rounds up to the nearest integer, so in this case, 4 Pods must be available. You can examine the
+[code](https://github.com/kubernetes/kubernetes/blob/23be9587a0f8677eb8091464098881df939c44a9/pkg/controller/disruption/disruption.go#L539)
+that controls this behavior. -->
+如果将值指定为百分比，则可能无法映射到确切数量的 Pod 。例如，如果您有 7 个 Pod ，并且你将 `minAvailable` 设置为 `"50％"`，这不清楚是 3 个 Pod 或 4 个 Pod 必须可用。
+Kubernetes 向上取整到最接近的整数，因此在这种情况下，必须有 4 个 Pod 。
+您可以检查控制此行为的[代码](https://github.com/kubernetes/kubernetes/blob/23be9587a0f8677eb8091464098881df939c44a9/pkg/controller/disruption/disruption.go#L539)。
+
+<!-- ## Specifying a PodDisruptionBudget -->
+## 指定 PodDisruptionBudget
+
+<!-- A `PodDisruptionBudget` has three fields:  -->
+一个 `PodDisruptionBudget` 有 3 个字段：
+
+<!-- * A label selector `.spec.selector` to specify the set of
+pods to which it applies. This field is required.
+* `.spec.minAvailable` which is a description of the number of pods from that
+set that must still be available after the eviction, even in the absence
+of the evicted pod. `minAvailable` can be either an absolute number or a percentage.
+* `.spec.maxUnavailable` (available in Kubernetes 1.7 and higher) which is a description 
+of the number of pods from that set that can be unavailable after the eviction. 
+It can be either an absolute number or a percentage. -->
+* 标签选择器 `.spec.selector` ，用于指定其所作用的 pod 集合， 该字段为必须字段。
+* `.spec.minAvailable` 表示驱逐后仍然保证可用的 pod 数量。即使因此影响到 pod 驱逐（即该条件在和 pod 驱逐发生冲突时优先保证）。
+ `minAvailable` 值可以是绝对值，也可以是百分比。
+* `.spec.maxUnavailable` （Kubernetes 1.7 及更高的版本中可用）表示驱逐后允许不可用的 pod 的最大数量。
+其值可以是绝对值或是百分比。
+
+{{< note >}}
+<!-- For versions 1.8 and earlier: When creating a `PodDisruptionBudget`
+object using the `kubectl` command line tool, the `minAvailable` field has a
+default value of 1 if neither `minAvailable` nor `maxUnavailable` is specified. -->
+对于1.8及更早的版本：当你用 `kubectl` 命令行工具创建 `PodDisruptionBudget`对象时，如果既未指定 `minAvailable` 也未指定 `maxUnavailable`，
+则 `minAvailable` 字段有一个默认值1。
+{{< /note >}}
+
+<!-- You can specify only one of `maxUnavailable` and `minAvailable` in a single `PodDisruptionBudget`. 
+`maxUnavailable` can only be used to control the eviction of pods 
+that have an associated controller managing them. In the examples below, "desired replicas"
+is the `scale` of the controller managing the pods being selected by the
+`PodDisruptionBudget`. -->
+用户在同一个 `PodDisruptionBudget` 中只能够指定 `maxUnavailable` 和 `minAvailable` 中的一个。`maxUnavailable` 
+只能够用于控制存在相应控制器的 pod 的驱逐（即不受控制器控制的 pod 不在 `maxUnavailable` 控制范围内）。在下面的示例中，
+“所需副本” 指的是相应控制器的 `scale`， 控制器对 `PodDisruptionBudget` 所选择的 pod 进行管理。
+
+<!-- Example 1: With a `minAvailable` of 5, evictions are allowed as long as they leave behind
+5 or more healthy pods among those selected by the PodDisruptionBudget's `selector`. -->
+示例 1：设置 `minAvailable` 值为 5 的情况下，驱逐时需保证 PodDisruptionBudget 的 `selector` 选中的 pod 中 5 个 或 5 个以上处于健康状态。
+
+<!-- Example 2: With a `minAvailable` of 30%, evictions are allowed as long as at least 30%
+of the number of desired replicas are healthy.  -->
+示例 2：设置 `minAvailable` 值为 30% 的情况下，驱逐时需保证 pod 所需副本的至少 30% 处于健康状态。
+
+<!-- Example 3: With a `maxUnavailable` of 5, evictions are allowed as long as there are at most 5
+unhealthy replicas among the total number of desired replicas. -->
+示例 3：设置 `maxUnavailable` 值为 5 的情况下，驱逐时需保证所需副本中最多 5 个处于不可用状态。
+
+Example 4: With a `maxUnavailable` of 30%, evictions are allowed as long as no more than 30% 
+of the desired replicas are unhealthy.
+示例4： 设置 `maxUnavailable` 值为 30% 的情况下，驱逐时需保证所需副本中最多 30% 处于不可用状态。
+
+<!-- In typical usage, a single budget would be used for a collection of pods managed by
+a controller—for example, the pods in a single ReplicaSet or StatefulSet.  -->
+在典型用法中，中断预算会被用于一个控制器管理的一组 pod 中——例如：一个 ReplicaSet 或 StatefulSet 中的 pod。
+
+{{< note >}}
+<!-- A disruption budget does not truly guarantee that the specified
+number/percentage of pods will always be up.  For example, a node that hosts a
+pod from the collection may fail when the collection is at the minimum size
+specified in the budget, thus bringing the number of available pods from the
+collection below the specified size. The budget can only protect against
+voluntary evictions, not all causes of unavailability. -->
+注意：中断预算并不能真正保证指定数量/百分比的 pod 一直处于运行状态。例如： 当 pod 集合的
+规模处于预算指定的最小值时，承载集合中某个 pod 的节点发生了故障，这样就导致集合中可用 pod 的
+数量低于预算指定值。预算只能够针对自发的驱逐提供保护，而不能针对所有 pod 不可用的诱因。
+{{< /note >}}
+
+<!-- A `maxUnavailable` of 0% (or 0) or a `minAvailable` of 100% (or equal to the
+number of replicas) may block node drains entirely. This is permitted as per the 
+semantics of `PodDisruptionBudget`. -->
+设置 `maxUnavailable` 值为 0% （或 0 ）或设置 `minAvailable` 值为 100% （或等于副本数） 可能会
+阻塞节点，导致资源耗尽。按照 `PodDisruptionBudget` 的语义，这是允许的。
+
+<!-- You can find examples of pod disruption budgets defined below. They match pods with the label 
+`app: zookeeper`. -->
+用户可以在下面看到 pod 中断预算定义的示例，它们与带有 `app: zookeeper` 标签的 pod 相匹配：
+
+<!-- Example PDB Using minAvailable: -->
+使用 minAvailable 的PDB 示例：
+
+{{< codenew file="policy/zookeeper-pod-disruption-budget-minavailable.yaml" >}}
+
+<!-- Example PDB Using maxUnavailable (Kubernetes 1.7 or higher): -->
+使用 maxUnavailable 的 PDB 示例（Kubernetes 1.7 或更高的版本）：
+
+{{< codenew file="policy/zookeeper-pod-disruption-budget-maxunavailable.yaml" >}}
+
+<!-- For example, if the above `zk-pdb` object selects the pods of a StatefulSet of size 3, both
+specifications have the exact same meaning. The use of `maxUnavailable` is recommended as it
+automatically responds to changes in the number of replicas of the corresponding controller. -->
+例如，如果上述 `zk-pdb` 选择的是一个规格为 3 的 StatefulSet 对应的 pod，那么上面两种规范的含义完全相同。
+推荐使用 `maxUnavailable` ，因为它自动响应控制器副本数量的变化。
+
+## Create the PDB object
+## 创建 PDB 对象
+
+<!-- You can create the PDB object with a command like `kubectl apply -f mypdb.yaml`. -->
+用户可以通过类似 `kubectl create -f mypdb.yaml` 的命令来创建 PDB。
+
+<!-- You cannot update PDB objects.  They must be deleted and re-created. -->
+PDB 对象无法更新，必须删除后重新创建。
+
+## Check the status of the PDB
+## 检查 PDB 的状态
+
+<!-- Use kubectl to check that your PDB is created. -->
+使用 kubectl 来确认 PDB 被创建。
+
+<!-- Assuming you don't actually have pods matching `app: zookeeper` in your namespace,
+then you'll see something like this: -->
+假设用户的名字空间下没有匹配 `app: zookeeper` 的 pod，用户会看到类似下面的信息：
+
+```shell
+kubectl get poddisruptionbudgets
+```
+```
+NAME      MIN-AVAILABLE   ALLOWED-DISRUPTIONS   AGE
+zk-pdb    2               0                     7s
+```
+
+<!-- If there are matching pods (say, 3), then you would see something like this: -->
+假设有匹配的 pod (比如说 3 个), 那么用户会看到类似下面的信息：
+
+```shell
+kubectl get poddisruptionbudgets
+```
+```
+NAME      MIN-AVAILABLE   ALLOWED-DISRUPTIONS   AGE
+zk-pdb    2               1                     7s
+```
+
+<!-- The non-zero value for `ALLOWED-DISRUPTIONS` means that the disruption controller has seen the pods,
+counted the matching pods, and updated the status of the PDB. -->
+`ALLOWED-DISRUPTIONS` 值非 0 意味着中断控制器已经感知到相应的 pod， 对匹配的 pod 进行统计，并更新了 PDB 的状态。
+
+<!-- You can get more information about the status of a PDB with this command: -->
+用户可以通过以下命令获取更多 PDB 状态相关信息：
+
+```shell
+kubectl get poddisruptionbudgets zk-pdb -o yaml
+```
+```yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  creationTimestamp: 2017-08-28T02:38:26Z
+  generation: 1
+  name: zk-pdb
+…
+status:
+  currentHealthy: 3
+  desiredHealthy: 3
+  disruptedPods: null
+  disruptionsAllowed: 1
+  expectedPods: 3
+  observedGeneration: 1
+```
+
+<!-- ## Arbitrary Controllers and Selectors -->
+## 任意控制器和选择器
+
+<!-- You can skip this section if you only use PDBs with the built-in
+application controllers (Deployment, ReplicationController, ReplicaSet, and StatefulSet),
+with the PDB selector matching the controller's selector. -->
+如果用户只使用与内置的应用控制器（Deployment、ReplicationController、ReplicaSet 和 StatefulSet） 
+对应的 PDB，也就是 PDB 的选择器与 控制器的选择器相匹配，那么可以跳过这一节。
+
+<!-- You can use a PDB with pods controlled by another type of controller, by an
+"operator", or bare pods, but with these restrictions: -->
+用户可以使用这样的 PDB：它对应的 pod 可能由其他类型的控制器控制，可能由 "operator" 控制，
+也可能为“裸的（不受控制器控制）” pod，但该类 PDB 存在以下限制：
+
+- only `.spec.minAvailable` can be used, not `.spec.maxUnavailable`.
+- only an integer value can be used with `.spec.minAvailable`, not a percentage.
+- 只能够使用 `.spec.minAvailable` ，而不能够使用 `.spec.maxUnavailable。`
+- 只能够使用整数作为 `.spec.minAvailable` 的值，而不能使用百分比。
+
+<!-- You can use a selector which selects a subset or superset of the pods belonging to a built-in
+controller.  However, when there are multiple PDBs in a namespace, you must be careful not
+to create PDBs whose selectors overlap. -->
+用户可以令选择器选择一个内置控制器所控制 pod 的子集或父集。然而，当名字空间下存在多个 PDB 时，
+用户必须小心，保证 PDB 的选择器之间不重叠。
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/run-application/force-delete-stateful-set-pod.md b/content/zh/docs/tasks/run-application/force-delete-stateful-set-pod.md
new file mode 100644
index 0000000000000..7197d8034d116
--- /dev/null
+++ b/content/zh/docs/tasks/run-application/force-delete-stateful-set-pod.md
@@ -0,0 +1,158 @@
+---
+reviewers:
+- bprashanth
+- erictune
+- foxish
+- smarterclayton
+title: 强制删除 StatefulSet 类型的 Pods
+content_template: templates/task
+weight: 70
+---
+
+<!--
+---
+reviewers:
+- bprashanth
+- erictune
+- foxish
+- smarterclayton
+title: Force Delete StatefulSet Pods
+content_template: templates/task
+weight: 70
+---
+--->
+
+{{% capture overview %}}
+<!--
+This page shows how to delete Pods which are part of a stateful set, and explains the considerations to keep in mind when doing so.
+--->
+本文介绍了如何删除 StatefulSet 管理的部分 pods，并且解释了这样操作时需要记住的注意事项。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* This is a fairly advanced task and has the potential to violate some of the properties inherent to StatefulSet.
+* Before proceeding, make yourself familiar with the considerations enumerated below.
+--->
+* 这是一项相当高级的任务，并且可能会违反 StatefulSet 固有的某些属性。
+* 继续任务之前，请熟悉下面列举的注意事项。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## StatefulSet considerations
+--->
+## StatefulSet 注意事项
+
+<!--
+In normal operation of a StatefulSet, there is **never** a need to force delete a StatefulSet Pod. The StatefulSet controller is responsible for creating, scaling and deleting members of the StatefulSet. It tries to ensure that the specified number of Pods from ordinal 0 through N-1 are alive and ready. StatefulSet ensures that, at any time, there is at most one Pod with a given identity running in a cluster. This is referred to as *at most one* semantics provided by a StatefulSet.
+--->
+在 StatefulSet 的正常操作中，**永远不**需要强制删除 StatefulSet 管理的 pod。StatefulSet 控制器负责创建，扩容和删除 StatefulSet 管理的 pods。它尝试确保从序号 0 到 N-1 指定数量的 pods 处于活动状态并准备就绪。StatefulSet 确保在任何时候，集群中最多只有一个具有给定标识的 pod。这就是所谓的由 StatefulSet 提供的*最多一个*的语义。
+
+<!--
+Manual force deletion should be undertaken with caution, as it has the potential to violate the at most one semantics inherent to StatefulSet. StatefulSets may be used to run distributed and clustered applications which have a need for a stable network identity and stable storage. These applications often have configuration which relies on an ensemble of a fixed number of members with fixed identities. Having multiple members with the same identity can be disastrous and may lead to data loss (e.g. split brain scenario in quorum-based systems).
+--->
+应谨慎进行手动强制删除操作，因为它可能会违反 StatefulSet 固有的至多一个的语义。StatefulSets 可用于运行分布式和集群级的应用，这些应用需要稳定的网络标识和可靠的存储。这些应用通常配置为具有固定标识固定数量的成员集合。具有相同身份的多个成员可能是灾难性的，并且可能导致数据丢失 (e.g. 基于 quorum 系统中的脑裂场景)。
+
+<!--
+## Delete Pods
+--->
+## 删除 Pods
+
+<!--
+You can perform a graceful pod deletion with the following command:
+--->
+您可以使用下面的命令执行优雅地删除 pod:
+
+```shell
+kubectl delete pods <pod>
+```
+
+<!--
+For the above to lead to graceful termination, the Pod **must not** specify a `pod.Spec.TerminationGracePeriodSeconds` of 0. The practice of setting a `pod.Spec.TerminationGracePeriodSeconds` of 0 seconds is unsafe and strongly discouraged for StatefulSet Pods. Graceful deletion is safe and will ensure that the [Pod shuts down gracefully](/docs/user-guide/pods/#termination-of-pods) before the kubelet deletes the name from the apiserver.
+--->
+为了使上面的方法能够正常终止，Pod **一定不能**设置  `pod.Spec.TerminationGracePeriodSeconds` 为 0。将 `pod.Spec.TerminationGracePeriodSeconds` 设置为 0s 的做法是不安全的，强烈建议 StatefulSet 类型的 pods 不要使用。优雅删除是安全的，并且会在 kubelet 从 apiserver 中删除名称之前确保 [优雅地关闭 pod ](/docs/user-guide/pods/#termination-of-pods)。
+
+<!--
+Kubernetes (versions 1.5 or newer) will not delete Pods just because a Node is unreachable. The Pods running on an unreachable Node enter the 'Terminating' or 'Unknown' state after a [timeout](/docs/admin/node/#node-condition). Pods may also enter these states when the user attempts graceful deletion of a Pod on an unreachable Node. The only ways in which a Pod in such a state can be removed from the apiserver are as follows:
+--->
+Kubernetes (1.5 版本或者更新版本)不会因为一个 Node 无法访问而删除 pods。在无法访问节点上运行的 pods 在[超时](/docs/admin/node/#node-condition)后会进入'Terminating' 或者 'Unknown' 状态。当用户尝试优雅删除无法访问节点上的 pod 时，pods 也可能会进入这些状态。从 apiserver 中删除处于这些状态 pod 的唯一方法如下：
+
+<!--
+   * The Node object is deleted (either by you, or by the [Node Controller](/docs/admin/node)).<br/>
+   * The kubelet on the unresponsive Node starts responding, kills the Pod and removes the entry from the apiserver.<br/>
+   * Force deletion of the Pod by the user.
+--->
+   * Node 对象被删除(要么您删除, 或者[Node Controller](/docs/admin/node))。<br/>
+   * 无响应节点上的 kubelet 开始响应，杀死 pod 并从 apiserver 中移除该条目。<br/>
+   * 用户强制删除 pod。
+
+<!--
+The recommended best practice is to use the first or second approach. If a Node is confirmed to be dead (e.g. permanently disconnected from the network, powered down, etc), then delete the Node object. If the Node is suffering from a network partition, then try to resolve this or wait for it to resolve. When the partition heals, the kubelet will complete the deletion of the Pod and free up its name in the apiserver.
+--->
+推荐使用第一种或者第二种方法。如果确认节点已经不可用了 (比如，永久断开网络，断电等)，则删除 Node 对象。如果节点遇到网裂，请尝试解决该问题或者等待其解决。当网裂愈合时，kubelet 将完成 pod 的删除并从 apiserver 中释放其名字。
+
+<!--
+Normally, the system completes the deletion once the Pod is no longer running on a Node, or the Node is deleted by an administrator. You may override this by force deleting the Pod.
+--->
+通常，pod 一旦不在节点上运行，或者管理员删除了节点，系统就会完成删除。你可以通过强制删除 pod 来覆盖它。
+
+<!--
+### Force Deletion
+--->
+### 强制删除
+
+<!--
+Force deletions **do not** wait for confirmation from the kubelet that the Pod has been terminated. Irrespective of whether a force deletion is successful in killing a Pod, it will immediately free up the name from the apiserver. This would let the StatefulSet controller create a replacement Pod with that same identity; this can lead to the duplication of a still-running Pod, and if said Pod can still communicate with the other members of the StatefulSet, will violate the at most one semantics that StatefulSet is designed to guarantee.
+--->
+强制删除**不要**等待来自 kubelet 的确认 pod 已被终止。无论强制删除是否成功杀死了 pod，它都会立即从 apiserver 中释放该名字。这将让 StatefulSet 控制器创建一个具有相同标识的替换 pod；这可能导致正在运行 pod 的重复，并且如果所述 pod 仍然可以与 StatefulSet 的成员通信，则将违反 StatefulSet 旨在保证的最多一个的语义。
+
+<!--
+When you force delete a StatefulSet pod, you are asserting that the Pod in question will never again make contact with other Pods in the StatefulSet and its name can be safely freed up for a replacement to be created.
+--->
+当你强制删除 StatefulSet 类型的 pod 时，你要确保有问题的 pod 不会再和 StatefulSet 管理的其他 pods通信，并且可以安全地释放其名字以便创建替换 pod。
+
+<!--
+If you want to delete a Pod forcibly using kubectl version >= 1.5, do the following:
+--->
+如果要使用 kubectl version >= 1.5 强制删除 pod，请执行下面命令：
+
+```shell
+kubectl delete pods <pod> --grace-period=0 --force
+```
+
+<!--
+If you're using any version of kubectl <= 1.4, you should omit the `--force` option and use:
+--->
+如果您使用 kubectl <= 1.4 的任何版本，则应省略 `--force` 选项：
+
+```shell
+kubectl delete pods <pod> --grace-period=0
+```
+<!--
+If even after these commands the pod is stuck on `Unknown` state, use the following command to remove the pod from the cluster:
+--->
+如果在这些命令后 pod 仍处于`Unknown`状态，请使用以下命令从集群中删除 pod:
+
+```shell
+kubectl patch pod <pod> -p '{"metadata":{"finalizers":null}}'
+```
+
+<!--
+Always perform force deletion of StatefulSet Pods carefully and with complete knowledge of the risks involved.
+--->
+请始终谨慎地执行强制删除 StatefulSet 类型的 pods，并完全了解所涉及地风险。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Learn more about [debugging a StatefulSet](/docs/tasks/debug-application-cluster/debug-stateful-set/).
+--->
+进一步了解[调试 StatefulSet](/docs/tasks/debug-application-cluster/debug-stateful-set/)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/content/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
new file mode 100644
index 0000000000000..2bd4c43219469
--- /dev/null
+++ b/content/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
@@ -0,0 +1,695 @@
+---
+reviewers:
+- fgrzadkowski
+- jszczepkowski
+- justinsb
+- directxman12
+title: Horizontal Pod Autoscaler演练
+content_template: templates/task
+weight: 100
+---
+
+{{% capture overview %}}
+
+<!--
+Horizontal Pod Autoscaler automatically scales the number of pods
+in a replication controller, deployment or replica set based on observed CPU utilization
+(or, with beta support, on some other, application-provided metrics).
+-->
+Horizontal Pod Autoscaler 可以根据CPU利用率自动伸缩 replication controller、deployment 或者 replica set 中的Pod数量
+（也可以基于其他应用程序提供的度量指标，目前这一功能处于 beta 版本）。
+
+<!--
+This document walks you through an example of enabling Horizontal Pod Autoscaler for the php-apache server.  For more information on how Horizontal Pod Autoscaler behaves, see the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/).
+-->
+本文将引导您了解如何为 php-apache 服务器配置和使用 Horizontal Pod Autoscaler。
+更多 Horizontal Pod Autoscaler 的信息请参阅 [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/)。
+
+{{% /capture %}}
+
+
+
+{{% capture prerequisites %}}
+
+<!--
+This example requires a running Kubernetes cluster and kubectl, version 1.2 or later.
+[metrics-server](https://github.com/kubernetes-incubator/metrics-server/) monitoring needs to be deployed in the cluster
+to provide metrics via the resource metrics API, as Horizontal Pod Autoscaler uses this API to collect metrics. The instructions for deploying this are on the GitHub repository of [metrics-server](https://github.com/kubernetes-incubator/metrics-server/), if you followed [getting started on GCE guide](/docs/setup/production-environment/turnkey/gce/),
+metrics-server monitoring will be turned-on by default.
+-->
+本文示例需要一个1.2或者更高版本的可运行的 Kubernetes 集群以及 kubectl。 
+[metrics-server](https://github.com/kubernetes-incubator/metrics-server/) 也需要部署到集群中，
+它可以通过 resource metrics API 对外提供度量数据，Horizontal Pod Autoscaler 正是根据此 API 来获取度量数据，部署方法请参考 [metrics-server](https://github.com/kubernetes-incubator/metrics-server/) 。
+如果你正在使用GCE，按照 [getting started on GCE guide](/docs/setup/production-environment/turnkey/gce/) 操作，metrics-server 会默认启动。
+
+<!--
+To specify multiple resource metrics for a Horizontal Pod Autoscaler, you must have a Kubernetes cluster
+and kubectl at version 1.6 or later.  Furthermore, in order to make use of custom metrics, your cluster
+must be able to communicate with the API server providing the custom metrics API. Finally, to use metrics
+not related to any Kubernetes object you must have a Kubernetes cluster at version 1.10 or later, and
+you must be able to communicate with the API server that provides the external metrics API.
+See the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics) for more details.
+-->
+如果需要为 Horizontal Pod Autoscaler 指定多种资源度量指标，您的 Kubernetes 集群以及 kubectl 至少需要达到1.6版本。 
+此外，如果要使用自定义度量指标，您的Kubernetes 集群还必须能够与提供这些自定义指标的API服务器通信。
+最后，如果要使用与 Kubernetes 对象无关的度量指标，则 Kubernetes 集群版本至少需要达到1.10版本，同样，需要保证集群能够与提供这些外部指标的API服务器通信。
+更多详细信息，请参阅[Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics)。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Run & expose php-apache server
+-->
+## 第一步：运行 php-apache 服务器并暴露服务
+
+<!--
+To demonstrate Horizontal Pod Autoscaler we will use a custom docker image based on the php-apache image.
+The Dockerfile has the following content:
+-->
+为了演示 Horizontal Pod Autoscaler，我们将使用一个基于 php-apache 镜像的定制 Docker 镜像。
+Dockerfile 内容如下： 
+
+```
+FROM php:5-apache
+ADD index.php /var/www/html/index.php
+RUN chmod a+rx index.php
+```
+<!--
+It defines an index.php page which performs some CPU intensive computations:
+-->
+它定义一个 index.php 页面来执行一些 CPU 密集型计算：
+
+```
+<?php
+  $x = 0.0001;
+  for ($i = 0; $i <= 1000000; $i++) {
+    $x += sqrt($x);
+  }
+  echo "OK!";
+?>
+```
+<!--
+First, we will start a deployment running the image and expose it as a service:
+-->
+首先，我们先启动一个 deployment 来运行这个镜像并暴露一个服务:
+
+```shell
+kubectl run php-apache --image=k8s.gcr.io/hpa-example --requests=cpu=200m --expose --port=80
+```
+```
+service/php-apache created
+deployment.apps/php-apache created
+```
+
+<!--
+## Create Horizontal Pod Autoscaler
+-->
+## 创建 Horizontal Pod Autoscaler
+
+<!--
+Now that the server is running, we will create the autoscaler using
+[kubectl autoscale](/docs/reference/generated/kubectl/kubectl-commands#autoscale).
+The following command will create a Horizontal Pod Autoscaler that maintains between 1 and 10 replicas of the Pods
+controlled by the php-apache deployment we created in the first step of these instructions.
+Roughly speaking, HPA will increase and decrease the number of replicas
+(via the deployment) to maintain an average CPU utilization across all Pods of 50%
+(since each pod requests 200 milli-cores by [kubectl run](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/docs/user-guide/kubectl/kubectl_run.md), this means average CPU usage of 100 milli-cores).
+See [here](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md#autoscaling-algorithm) for more details on the algorithm.
+-->
+现在，php-apache服务器已经运行，我们将通过 [kubectl autoscale](/docs/reference/generated/kubectl/kubectl-commands#autoscale) 命令创建 Horizontal Pod Autoscaler。 
+以下命令将创建一个 Horizontal Pod Autoscaler 用于控制我们上一步骤中创建的 deployment，使 Pod 的副本数量在维持在1到10之间。
+大致来说，HPA 将通过增加或者减少 Pod 副本的数量（通过 Deployment ）以保持所有 Pod 的平均CPU利用率在50%以内
+（由于每个 Pod 通过 [kubectl run](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/docs/user-guide/kubectl/kubectl_run.md)
+申请了200 milli-cores CPU，所以50%的 CPU 利用率意味着平均 CPU 利用率为100 milli-cores）。 
+相关算法的详情请参阅[here](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md#autoscaling-algorithm)。
+
+```shell
+kubectl autoscale deployment php-apache --cpu-percent=50 --min=1 --max=10
+```
+```
+horizontalpodautoscaler.autoscaling/php-apache autoscaled
+```
+
+<!--
+We may check the current status of autoscaler by running:
+-->
+我们可以通过以下命令查看 autoscaler 的状态：
+
+```shell
+kubectl get hpa
+```
+```
+NAME         REFERENCE                     TARGET    MINPODS   MAXPODS   REPLICAS   AGE
+php-apache   Deployment/php-apache/scale   0% / 50%  1         10        1          18s
+
+```
+
+<!--
+Please note that the current CPU consumption is 0% as we are not sending any requests to the server
+(the ``CURRENT`` column shows the average across all the pods controlled by the corresponding deployment).
+-->
+请注意在上面的命令输出中，当前的CPU利用率是0%，这是由于我们尚未发送任何请求到服务器
+（``CURRENT`` 列显示了相应 deployment 所控制的所有 Pod 的平均 CPU 利用率）。
+
+<!--
+## Increase load
+-->
+## 增加负载
+
+<!--
+Now, we will see how the autoscaler reacts to increased load.
+We will start a container, and send an infinite loop of queries to the php-apache service (please run it in a different terminal):
+-->
+现在，我们将看到 autoscaler 如何对增加负载作出反应。 
+我们将启动一个容器，并通过一个循环向 php-apache 服务器发送无限的查询请求（请在另一个终端中运行以下命令）：
+
+```shell
+kubectl run -i --tty load-generator --image=busybox /bin/sh
+
+Hit enter for command prompt
+
+while true; do wget -q -O- http://php-apache.default.svc.cluster.local; done
+```
+
+<!--
+Within a minute or so, we should see the higher CPU load by executing:
+-->
+在几分钟时间内，通过以下命令，我们可以看到CPU负载升高了：
+
+```shell
+kubectl get hpa
+```
+```
+NAME         REFERENCE                     TARGET      CURRENT   MINPODS   MAXPODS   REPLICAS   AGE
+php-apache   Deployment/php-apache/scale   305% / 50%  305%      1         10        1          3m
+
+```
+
+<!--
+Here, CPU consumption has increased to 305% of the request.
+As a result, the deployment was resized to 7 replicas:
+-->
+这时，由于请求增多，CPU利用率已经升至305%。 可以看到，deployment 的副本数量已经增长到了7：
+
+```shell
+kubectl get deployment php-apache
+```
+```
+NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+php-apache   7         7         7            7           19m
+```
+
+<!--
+{{< note >}}
+It may take a few minutes to stabilize the number of replicas. Since the amount
+of load is not controlled in any way it may happen that the final number of replicas
+will differ from this example.
+{{< /note >}}
+-->
+{{< note >}}
+有时最终副本的数量可能需要几分钟才能稳定下来。 由于环境的差异，不同环境中最终的副本数量可能与本示例中的数量不同。
+{{< /note >}}
+
+<!--
+## Stop load
+-->
+## 停止负载
+
+<!--
+We will finish our example by stopping the user load.
+
+In the terminal where we created the container with `busybox` image, terminate
+the load generation by typing `<Ctrl> + C`.
+
+Then we will verify the result state (after a minute or so):
+-->
+我们将通过停止负载来结束我们的示例。
+
+在我们创建 busybox 容器的终端中，输入`<Ctrl> + C`来终止负载的产生。
+
+然后我们可以再次查看负载状态（等待几分钟时间）：
+
+```shell
+kubectl get hpa
+```
+```
+NAME         REFERENCE                     TARGET       MINPODS   MAXPODS   REPLICAS   AGE
+php-apache   Deployment/php-apache/scale   0% / 50%     1         10        1          11m
+```
+
+```shell
+kubectl get deployment php-apache
+```
+```
+NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+php-apache   1         1         1            1           27m
+```
+
+<!--
+Here CPU utilization dropped to 0, and so HPA autoscaled the number of replicas back down to 1.
+-->
+这时，CPU利用率已经降到0，所以 HPA 将自动缩减副本数量至1。
+
+<!--
+{{< note >}}
+Autoscaling the replicas may take a few minutes.
+{{< /note >}}
+-->
+{{< note >}}
+自动伸缩完成副本数量的改变可能需要几分钟的时间。
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture discussion %}}
+
+<!--
+## Autoscaling on multiple metrics and custom metrics
+-->
+## 基于多项度量指标和自定义度量指标自动伸缩
+
+<!--
+You can introduce additional metrics to use when autoscaling the `php-apache` Deployment
+by making use of the `autoscaling/v2beta2` API version.
+-->
+利用`autoscaling/v2beta2`API版本，您可以在自动伸缩 php-apache 这个 Deployment 时引入其他度量指标。
+
+<!--
+First, get the YAML of your HorizontalPodAutoscaler in the `autoscaling/v2beta2` form:
+-->
+首先，获取`autoscaling/v2beta2`格式的 HorizontalPodAutoscaler 的YAML文件：
+
+```shell
+kubectl get hpa.v2beta2.autoscaling -o yaml > /tmp/hpa-v2.yaml
+```
+
+<!--
+Open the `/tmp/hpa-v2.yaml` file in an editor, and you should see YAML which looks like this:
+-->
+在编辑器中打开`/tmp/hpa-v2.yaml`：
+
+```yaml
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: php-apache
+  namespace: default
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: php-apache
+  minReplicas: 1
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50
+status:
+  observedGeneration: 1
+  lastScaleTime: <some-time>
+  currentReplicas: 1
+  desiredReplicas: 1
+  currentMetrics:
+  - type: Resource
+    resource:
+      name: cpu
+      current:
+        averageUtilization: 0
+        averageValue: 0
+```
+
+<!--
+Notice that the `targetCPUUtilizationPercentage` field has been replaced with an array called `metrics`.
+The CPU utilization metric is a *resource metric*, since it is represented as a percentage of a resource
+specified on pod containers.  Notice that you can specify other resource metrics besides CPU.  By default,
+the only other supported resource metric is memory.  These resources do not change names from cluster
+to cluster, and should always be available, as long as the `metrics.k8s.io` API is available.
+-->
+需要注意的是，`targetCPUUtilizationPercentage` 字段已经被名为 `metrics` 的数组所取代。
+CPU利用率这个度量指标是一个*resource metric*(资源度量指标)，因为它表示容器上指定资源的百分比。
+除CPU外，您还可以指定其他资源度量指标。默认情况下，目前唯一支持的其他资源度量指标为内存。
+只要`metrics.k8s.io` API存在，这些资源度量指标就是可用的，并且他们不会在不同的Kubernetes集群中改变名称。
+
+<!--
+You can also specify resource metrics in terms of direct values, instead of as percentages of the
+requested value, by using a `target` type of `AverageValue` instead of `AverageUtilization`, and
+setting the corresponding `target.averageValue` field instead of the `target.averageUtilization`.
+-->
+您还可以指定资源度量指标使用绝对数值，而不是百分比，你需要将`target`类型`AverageUtilization`替换成`AverageValue`，同时
+将`target.averageUtilization`替换成`target.averageValue`并设定相应的值。
+
+<!--
+There are two other types of metrics, both of which are considered *custom metrics*: pod metrics and
+object metrics.  These metrics may have names which are cluster specific, and require a more
+advanced cluster monitoring setup.
+-->
+还有两种其他类型的度量指标，他们被认为是*custom metrics*（自定义度量指标）：
+即 Pod 度量指标和对象度量指标（pod metrics and object metrics）。
+这些度量指标可能具有特定于集群的名称，并且需要更高级的集群监控设置。
+
+<!--
+The first of these alternative metric types is *pod metrics*.  These metrics describe pods, and
+are averaged together across pods and compared with a target value to determine the replica count.
+They work much like resource metrics, except that they *only* support a `target` type of `AverageValue`.
+-->
+第一种可选的度量指标类型是 Pod 度量指标。这些指标从某一方面描述了Pod，在不同Pod之间进行平均，并通过与一个目标值比对来确定副本的数量。
+它们的工作方式与资源度量指标非常相像，差别是它们仅支持`target` 类型为`AverageValue`。
+
+<!--
+Pod metrics are specified using a metric block like this:
+-->
+Pod 度量指标通过如下代码块定义：
+
+```yaml
+type: Pods
+pods:
+  metric:
+    name: packets-per-second
+  target:
+    type: AverageValue
+    averageValue: 1k
+```
+
+<!--
+The second alternative metric type is *object metrics*. These metrics describe a different
+object in the same namespace, instead of describing pods. The metrics are not necessarily
+fetched from the object; they only describe it. Object metrics support `target` types of
+both `Value` and `AverageValue`.  With `Value`, the target is compared directly to the returned
+metric from the API. With `AverageValue`, the value returned from the custom metrics API is divided
+by the number of pods before being compared to the target. The following example is the YAML
+representation of the `requests-per-second` metric.
+-->
+第二种可选的度量指标类型是对象度量指标。相对于描述 Pod，这些度量指标用于描述一个在相同名字空间(namespace)中的其他对象。
+请注意这些度量指标用于描述这些对象，并非从对象中获取。
+对象度量指标支持的`target`类型包括`Value`和`AverageValue`。如果是`Value`类型，target值将直接与API返回的度量指标比较，
+而`AverageValue`类型，API返回的度量指标将按照 Pod 数量拆分，然后再与target值比较。
+下面的 YAML 文件展示了一个表示`requests-per-second`的度量指标。
+
+```yaml
+type: Object
+object:
+  metric:
+    name: requests-per-second
+  describedObject:
+    apiVersion: networking.k8s.io/v1beta1
+    kind: Ingress
+    name: main-route
+  target:
+    type: Value
+    value: 2k
+```
+
+<!--
+If you provide multiple such metric blocks, the HorizontalPodAutoscaler will consider each metric in turn.
+The HorizontalPodAutoscaler will calculate proposed replica counts for each metric, and then choose the
+one with the highest replica count.
+-->
+如果您指定了多个上述类型的度量指标，HorizontalPodAutoscaler 将会依次考量各个指标。
+HorizontalPodAutoscaler 将会计算每一个指标所提议的副本数量，然后最终选择一个最高值。
+
+<!--
+For example, if you had your monitoring system collecting metrics about network traffic,
+you could update the definition above using `kubectl edit` to look like this:
+-->
+比如，如果您的监控系统能够提供网络流量数据，您可以通过`kubectl edit`命令将上述 Horizontal Pod Autoscaler 的定义更改为：
+
+```yaml
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: php-apache
+  namespace: default
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: php-apache
+  minReplicas: 1
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: AverageUtilization
+        averageUtilization: 50
+  - type: Pods
+    pods:
+      metric:
+        name: packets-per-second
+      targetAverageValue: 1k
+  - type: Object
+    object:
+      metric:
+        name: requests-per-second
+      describedObject:
+        apiVersion: networking.k8s.io/v1beta1
+        kind: Ingress
+        name: main-route
+      target:
+        kind: Value
+        value: 10k
+status:
+  observedGeneration: 1
+  lastScaleTime: <some-time>
+  currentReplicas: 1
+  desiredReplicas: 1
+  currentMetrics:
+  - type: Resource
+    resource:
+      name: cpu
+    current:
+      averageUtilization: 0
+      averageValue: 0
+  - type: Object
+    object:
+      metric:
+        name: requests-per-second
+      describedObject:
+        apiVersion: networking.k8s.io/v1beta1
+        kind: Ingress
+        name: main-route
+      current:
+        value: 10k
+```
+
+<!--
+Then, your HorizontalPodAutoscaler would attempt to ensure that each pod was consuming roughly
+50% of its requested CPU, serving 1000 packets per second, and that all pods behind the main-route
+Ingress were serving a total of 10000 requests per second.
+-->
+然后，您的 HorizontalPodAutoscaler 将会尝试确保每个Pod的CPU利用率在50%以内，每秒能够服务1000个数据包请求，
+并确保所有在Ingress后的Pod每秒能够服务的请求总数达到10000个。
+
+<!--
+### Autoscaling on more specific metrics
+-->
+### 多个度量指标下伸缩
+
+<!--
+Many metrics pipelines allow you to describe metrics either by name or by a set of additional
+descriptors called _labels_. For all non-resource metric types (pod, object, and external,
+described below), you can specify an additional label selector which is passed to your metric
+pipeline. For instance, if you collect a metric `http_requests` with the `verb`
+label, you can specify the following metric block to scale only on GET requests:
+-->
+许多度量管道允许您通过名称或附加的_labels_来描述度量指标。对于所有非资源类型度量指标(pod、object和后面将介绍的external)，
+，可以额外指定一个标签选择器。例如，如果你希望收集包含`verb`标签的`http_requests`度量指标，
+你可以在 GET 请求中指定需要的度量指标，如下所示：
+
+```yaml
+type: Object
+object:
+  metric:
+    name: `http_requests`
+    selector: `verb=GET`
+```
+
+<!--
+This selector uses the same syntax as the full Kubernetes label selectors. The monitoring pipeline
+determines how to collapse multiple series into a single value, if the name and selector
+match multiple series. The selector is additive, and cannot select metrics
+that describe objects that are **not** the target object (the target pods in the case of the `Pods`
+type, and the described object in the case of the `Object` type).
+-->
+这个选择器使用与 Kubernetes 标签选择器相同的语法。
+如果名称和标签选择器匹配到多个系列，监测管道会决定如何将多个系列合并成单个值。
+选择器是附加的，它不会选择目标以外的对象（类型为`Pods`的目标和类型为`Object`的目标）。
+
+<!--
+### Autoscaling on metrics not related to Kubernetes objects
+-->
+### 基于Kubernetes以外的度量指标伸缩
+
+<!--
+Applications running on Kubernetes may need to autoscale based on metrics that don't have an obvious
+relationship to any object in the Kubernetes cluster, such as metrics describing a hosted service with
+no direct correlation to Kubernetes namespaces. In Kubernetes 1.10 and later, you can address this use case
+with *external metrics*.
+-->
+运行在 Kubernetes 上的应用程序可能需要基于与 Kubernetes 集群中的任何对象没有明显关系的度量指标进行自动伸缩，
+例如那些描述不在 Kubernetes 任何 namespaces 服务的度量指标。
+
+<!--
+Using external metrics requires knowledge of your monitoring system; the setup is
+similar to that required when using custom metrics. External metrics allow you to autoscale your cluster
+based on any metric available in your monitoring system. Just provide a `metric` block with a
+`name` and `selector`, as above, and use the `External` metric type instead of `Object`.
+If multiple time series are matched by the `metricSelector`,
+the sum of their values is used by the HorizontalPodAutoscaler.
+External metrics support both the `Value` and `AverageValue` target types, which function exactly the same
+as when you use the `Object` type.
+-->
+使用外部的度量指标，需要了解你使用的监控系统，相关的设置与使用自定义试题指标类似。
+External metrics 可以使用你的监控系统的任何指标来自动伸缩你的集群。你只需要在`metric`块中提供`name` 和 `selector`，同时将类型由`Object`改为`External`。
+如果`metricSelector`匹配到多个度量指标，HorizontalPodAutoscaler 将会把它们加和。
+External metrics 同时支持`Value`和`AverageValue`类型，这与`Object`类型的度量指标相同。
+
+<!--
+For example if your application processes tasks from a hosted queue service, you could add the following
+section to your HorizontalPodAutoscaler manifest to specify that you need one worker per 30 outstanding tasks.
+-->
+例如，如果你的应用程序处理主机上的消息队列，
+为了让每30个任务有1个worker，你可以将下面的内容添加到 HorizontalPodAutoscaler 的配置中。
+
+```yaml
+- type: External
+  external:
+    metric:
+      name: queue_messages_ready
+      selector: "queue=worker_tasks"
+    target:
+      type: AverageValue
+      averageValue: 30
+```
+
+<!--
+When possible, it's preferable to use the custom metric target types instead of external metrics, since it's
+easier for cluster administrators to secure the custom metrics API.  The external metrics API potentially allows
+access to any metric, so cluster administrators should take care when exposing it.
+-->
+如果可能，还是推荐 custom metric 而不是 external metrics，因为这便于让系统管理员加固 custom metrics API。
+而 external metrics API 可以允许访问所有的度量指标，当暴露这些服务时，系统管理员需要仔细考虑这个问题。
+
+<!--
+## Appendix: Horizontal Pod Autoscaler Status Conditions
+-->
+## 附录：Horizontal Pod Autoscaler状态条件
+
+<!--
+When using the `autoscaling/v2beta2` form of the HorizontalPodAutoscaler, you will be able to see
+*status conditions* set by Kubernetes on the HorizontalPodAutoscaler.  These status conditions indicate
+whether or not the HorizontalPodAutoscaler is able to scale, and whether or not it is currently restricted
+in any way.
+-->
+当使用`autoscaling/v2beta2`格式的 HorizontalPodAutoscaler 时，您将可以看到 Kubernetes 为 HorizongtalPodAutoscaler 设置的状态条件（status conditions）。
+这些状态条件可以显示当前 HorizontalPodAutoscaler 是否能够执行伸缩以及是否受到一定的限制。
+
+<!--
+The conditions appear in the `status.conditions` field.  To see the conditions affecting a HorizontalPodAutoscaler,
+we can use `kubectl describe hpa`:
+-->
+`status.conditions`字段展示了这些状态条件。
+可以通过`kubectl describe hpa`命令查看当前影响 HorizontalPodAutoscaler 的各种状态条件信息：
+
+```shell
+kubectl describe hpa cm-test
+```
+```shell
+Name:                           cm-test
+Namespace:                      prom
+Labels:                         <none>
+Annotations:                    <none>
+CreationTimestamp:              Fri, 16 Jun 2017 18:09:22 +0000
+Reference:                      ReplicationController/cm-test
+Metrics:                        ( current / target )
+  "http_requests" on pods:      66m / 500m
+Min replicas:                   1
+Max replicas:                   4
+ReplicationController pods:     1 current / 1 desired
+Conditions:
+  Type                  Status  Reason                  Message
+  ----                  ------  ------                  -------
+  AbleToScale           True    ReadyForNewScale        the last scale time was sufficiently old as to warrant a new scale
+  ScalingActive         True    ValidMetricFound        the HPA was able to successfully calculate a replica count from pods metric http_requests
+  ScalingLimited        False   DesiredWithinRange      the desired replica count is within the acceptable range
+Events:
+```
+
+<!--
+For this HorizontalPodAutoscaler, we can see several conditions in a healthy state.  The first,
+`AbleToScale`, indicates whether or not the HPA is able to fetch and update scales, as well as
+whether or not any backoff-related conditions would prevent scaling.  The second, `ScalingActive`,
+indicates whether or not the HPA is enabled (i.e. the replica count of the target is not zero) and
+is able to calculate desired scales. When it is `False`, it generally indicates problems with
+fetching metrics.  Finally, the last condition, `ScalingLimited`, indicates that the desired scale
+was capped by the maximum or minimum of the HorizontalPodAutoscaler.  This is an indication that
+you may wish to raise or lower the minimum or maximum replica count constraints on your
+HorizontalPodAutoscaler.
+-->
+对于上面展示的这个 HorizontalPodAutoscaler，我们可以看出有若干状态条件处于健康状态。
+首先，`AbleToScale` 表明 HPA 是否可以获取和更新伸缩信息，以及是否存在阻止伸缩的各种回退条件。
+其次，`ScalingActive` 表明HPA是否被启用（即目标的副本数量不为零） 以及是否能够完成伸缩计算。
+当这一状态为 `False` 时，通常表明获取度量指标存在问题。
+最后一个条件 `ScalingLimitted` 表明所需伸缩的值被 HorizontalPodAutoscaler 所定义的最大或者最小值所限制（即已经达到最大或者最小伸缩值）。
+这通常表明您可能需要调整 HorizontalPodAutoscaler 所定义的最大或者最小副本数量的限制了。
+
+<!--
+## Appendix: Quantities
+-->
+## 附录：Quantities
+
+<!--
+All metrics in the HorizontalPodAutoscaler and metrics APIs are specified using
+a special whole-number notation known in Kubernetes as a *quantity*.  For example,
+the quantity `10500m` would be written as `10.5` in decimal notation.  The metrics APIs
+will return whole numbers without a suffix when possible, and will generally return
+quantities in milli-units otherwise.  This means you might see your metric value fluctuate
+between `1` and `1500m`, or `1` and `1.5` when written in decimal notation.  See the
+[glossary entry on quantities](/docs/reference/glossary?core-object=true#term-quantity) for more information.
+-->
+HorizontalPodAutoscaler 和 metrics api 中的所有的度量指标使用 Kubernetes 中称为 *quantity* （）殊整数表示。
+例如，数量`10500m`用十进制表示为`10.5`。
+如果可能的话，metrics api 将返回没有后缀的整数，否则返回以千分单位的数量。
+这意味着您可能会看到您的度量指标在`1`和`1500m`之间波动，或者在十进制记数法中的`1`和`1.5`。
+更多信息，请参阅[度量术语](/docs/reference/glossary?core-object=true#term-quantity)
+
+<!--
+## Appendix: Other possible scenarios
+-->
+## 附录：其他可能的情况
+
+<!--
+### Creating the autoscaler declaratively
+-->
+### 使用YAML文件创建 autoscaler
+
+<!--
+Instead of using `kubectl autoscale` command to create a HorizontalPodAutoscaler imperatively we
+can use the following file to create it declaratively:
+-->
+除了使用 `kubectl autoscale` 命令，也可以文件创建 HorizontalPodAutoscaler ：
+
+{{< codenew file="application/hpa/php-apache.yaml" >}}
+
+<!--
+We will create the autoscaler by executing the following command:
+-->
+使用如下命令创建 autoscaler：
+
+
+
+```shell
+kubectl create -f https://k8s.io/examples/application/hpa/php-apache.yaml
+```
+```
+horizontalpodautoscaler.autoscaling/php-apache created
+```
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/zh/docs/tasks/run-application/horizontal-pod-autoscale.md
new file mode 100644
index 0000000000000..dde0f6cc9a183
--- /dev/null
+++ b/content/zh/docs/tasks/run-application/horizontal-pod-autoscale.md
@@ -0,0 +1,559 @@
+---
+reviewers:
+- fgrzadkowski
+- jszczepkowski
+- directxman12
+title: Pod 水平自动伸缩
+feature:
+  title: 水平伸缩 
+  description: >
+    使用一个简单的命令、一个UI或基于CPU使用情况自动对应用程序进行伸缩。
+
+content_template: templates/concept
+weight: 90
+---
+
+{{% capture overview %}}
+
+<!--
+The Horizontal Pod Autoscaler automatically scales the number of pods
+in a replication controller, deployment or replica set based on observed CPU utilization (or, with
+[custom metrics](https://git.k8s.io/community/contributors/design-proposals/instrumentation/custom-metrics-api.md)
+support, on some other application-provided metrics). Note that Horizontal
+Pod Autoscaling does not apply to objects that can't be scaled, for example, DaemonSets.
+-->
+Pod 水平自动伸缩（Horizontal Pod Autoscaler）特性，
+可以基于CPU利用率自动伸缩 replication controller、deployment和 replica set 中的 pod 数量，（除了 CPU 利用率）也可以
+基于其他应程序提供的度量指标[custom metrics](https://git.k8s.io/community/contributors/design-proposals/instrumentation/custom-metrics-api.md)。
+pod 自动缩放不适用于无法缩放的对象，比如 DaemonSets。
+
+<!--
+The Horizontal Pod Autoscaler is implemented as a Kubernetes API resource and a controller.
+The resource determines the behavior of the controller.
+The controller periodically adjusts the number of replicas in a replication controller or deployment
+to match the observed average CPU utilization to the target specified by user.
+-->
+Pod 水平自动伸缩特性由 Kubernetes API 资源和控制器实现。资源决定了控制器的行为。
+控制器会周期性的获取平均 CPU 利用率，并与目标值相比较后来调整 replication controller 或 deployment 中的副本数量。
+
+{{% /capture %}}
+
+
+{{% capture body %}}
+
+<!--
+## How does the Horizontal Pod Autoscaler work?
+-->
+## Pod 水平自动伸缩工作机制
+
+![水平自动伸缩示意图](/images/docs/horizontal-pod-autoscaler.svg)
+
+<!--
+The Horizontal Pod Autoscaler is implemented as a control loop, with a period controlled
+by the controller manager's `--horizontal-pod-autoscaler-sync-period` flag (with a default
+value of 15 seconds).
+-->
+Pod 水平自动伸缩的实现是一个控制循环，由 controller manager 的 `--horizontal-pod-autoscaler-sync-period` 参数
+指定周期（默认值为15秒）。
+
+<!--
+During each period, the controller manager queries the resource utilization against the
+metrics specified in each HorizontalPodAutoscaler definition.  The controller manager
+obtains the metrics from either the resource metrics API (for per-pod resource metrics),
+or the custom metrics API (for all other metrics).
+-->
+每个周期内，controller manager 根据每个 HorizontalPodAutoscaler 定义中指定的指标查询资源利用率。
+controller manager 可以从 resource metrics API（每个pod 资源指标）和 custom metrics API（其他指标）获取指标。
+
+<!--
+* For per-pod resource metrics (like CPU), the controller fetches the metrics
+  from the resource metrics API for each pod targeted by the HorizontalPodAutoscaler.
+  Then, if a target utilization value is set, the controller calculates the utilization
+  value as a percentage of the equivalent resource request on the containers in
+  each pod.  If a target raw value is set, the raw metric values are used directly.
+  The controller then takes the mean of the utilization or the raw value (depending on the type
+  of target specified) across all targeted pods, and produces a ratio used to scale
+  the number of desired replicas.
+-->
+* 对于每个 pod 的资源指标（如 CPU），控制器从资源指标 API 中获取每一个 HorizontalPodAutoscaler 指定
+的 pod 的指标，然后，如果设置了目标使用率，控制器获取每个 pod 中的容器资源使用情况，并计算资源使用率。
+如果使用原始值，将直接使用原始数据（不再计算百分比）。
+然后，控制器根据平均的资源使用率或原始值计算出缩放的比例，进而计算出目标副本数。
+
+<!--
+  Please note that if some of the pod's containers do not have the relevant resource request set,
+  CPU utilization for the pod will not be defined and the autoscaler will
+  not take any action for that metric. See the [algorithm
+  details](#algorithm-details) section below for more information about
+  how the autoscaling algorithm works.
+-->
+需要注意的是，如果 pod 某些容器不支持资源采集，那么控制器将不会使用该 pod 的 CPU 使用率。
+下面的[算法细节](#algorithm-details)章节将会介绍详细的算法。
+
+<!--
+* For per-pod custom metrics, the controller functions similarly to per-pod resource metrics,
+  except that it works with raw values, not utilization values.
+-->
+* 如果 pod 使用自定义指示，控制器机制与资源指标类似，区别在于自定义指标只使用原始值，而不是使用率。
+
+<!--
+* For object metrics and external metrics, a single metric is fetched, which describes
+  the object in question. This metric is compared to the target
+  value, to produce a ratio as above. In the `autoscaling/v2beta2` API
+  version, this value can optionally be divided by the number of pods before the
+  comparison is made.
+-->
+* 如果pod 使用对象指标和外部指标（每个指标描述一个对象信息）。
+  这个指标将直接跟据目标设定值相比较，并生成一个上面提到的缩放比例。在 `autoscaling/v2beta2` 版本API中，
+  这个指标也可以根据 pod 数量平分后再计算。
+
+<!--
+The HorizontalPodAutoscaler normally fetches metrics from a series of aggregated APIs (`metrics.k8s.io`,
+`custom.metrics.k8s.io`, and `external.metrics.k8s.io`).  The `metrics.k8s.io` API is usually provided by
+metrics-server, which needs to be launched separately. See
+[metrics-server](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/#metrics-server)
+for instructions. The HorizontalPodAutoscaler can also fetch metrics directly from Heapster.
+-->
+通常情况下，控制器将从一系列的聚合 API（`metrics.k8s.io`、`custom.metrics.k8s.io`和`external.metrics.k8s.io`）
+中获取指标数据。
+`metrics.k8s.io` API 通常由 metrics-server（需要额外启动）提供。
+可以从[metrics-server](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/#metrics-server) 获取更多信息。
+另外，控制器也可以直接从 Heapster 获取指标。
+
+{{< note >}}
+{{< feature-state state="deprecated" for_k8s_version="1.11" >}}
+<!--
+Fetching metrics from Heapster is deprecated as of Kubernetes 1.11.
+-->
+自 Kubernetes 1.11起，从 Heapster 获取指标特性已废弃。
+{{< /note >}}
+
+<!--
+See [Support for metrics APIs](#support-for-metrics-apis) for more details.
+-->
+关于指标 API 更多信息，请参考[Support for metrics APIs](#support-for-metrics-apis)。
+
+<!--
+The autoscaler accesses corresponding scalable controllers (such as replication controllers, deployments, and replica sets)
+by using the scale sub-resource. Scale is an interface that allows you to dynamically set the number of replicas and examine
+each of their current states. More details on scale sub-resource can be found
+[here](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md#scale-subresource).
+-->
+自动缩放控制器使用 scale sub-resource 访问相应可支持缩放的控制器（如replication controllers、deployments 和 replica sets）。
+`scale` 是一个可以动态设定副本数量和检查当前状态的接口。
+更多关于 scale sub-resource 的信息，请参考[这里](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md#scale-subresource).
+
+<!--
+### Algorithm Details
+-->
+### 算法细节
+
+<!--
+From the most basic perspective, the Horizontal Pod Autoscaler controller
+operates on the ratio between desired metric value and current metric
+value:
+-->
+从最基本的角度来看，pod 水平自动缩放控制器跟据当前指标和期望指标来计算缩放比例。
+
+<!--
+```
+desiredReplicas = ceil[currentReplicas * ( currentMetricValue / desiredMetricValue )]
+```
+-->
+```
+期望副本数 = ceil[当前副本数 * ( 当前指标 / 期望指标 )]
+```
+
+<!--
+For example, if the current metric value is `200m`, and the desired value
+is `100m`, the number of replicas will be doubled, since `200.0 / 100.0 ==
+2.0` If the current value is instead `50m`, we'll halve the number of
+replicas, since `50.0 / 100.0 == 0.5`.  We'll skip scaling if the ratio is
+sufficiently close to 1.0 (within a globally-configurable tolerance, from
+the `--horizontal-pod-autoscaler-tolerance` flag, which defaults to 0.1).
+-->
+例如，当前指标为`200m`，目标设定值为`100m`,那么由于`200.0 / 100.0 == 2.0`，
+副本数量将会翻倍。
+如果当前指标为`50m`，副本数量将会减半，因为`50.0 / 100.0 == 0.5`。
+如果计算出的缩放比例接近1.0（跟据`--horizontal-pod-autoscaler-tolerance` 参数全局配置的容忍值，默认为0.1），
+将会放弃本次缩放。
+
+<!--
+When a `targetAverageValue` or `targetAverageUtilization` is specified,
+the `currentMetricValue` is computed by taking the average of the given
+metric across all Pods in the HorizontalPodAutoscaler's scale target.
+Before checking the tolerance and deciding on the final values, we take
+pod readiness and missing metrics into consideration, however.
+-->
+如果 HorizontalPodAutoscaler 指定的是`targetAverageValue` 或 `targetAverageUtilization`，
+那么将会把指定pod的平均指标做为`currentMetricValue`。
+然而，在检查容忍度和决定最终缩放值前，我们仍然会把那些无法获取指标的pod统计进去。
+
+<!--
+All Pods with a deletion timestamp set (i.e. Pods in the process of being
+shut down) and all failed Pods are discarded.
+-->
+所有被标记了删除时间戳(Pod正在关闭过程中)的 pod 和 失败的 pod 都会被忽略。
+
+<!--
+If a particular Pod is missing metrics, it is set aside for later; Pods
+with missing metrics will be used to adjust the final scaling amount.
+-->
+如果某个 pod 缺失指标信息，它将会被搁置，只在最终确定缩值时再考虑。
+
+<!--
+When scaling on CPU, if any pod has yet to become ready (i.e. it's still
+initializing) *or* the most recent metric point for the pod was before it
+became ready, that pod is set aside as well.
+-->
+当使用 CPU 指标来缩放时，任何还未就绪（例如还在初始化）状态的 pod *或* 最近的指标为就绪状态前的 pod，
+也会被搁置
+
+<!--
+Due to technical constraints, the HorizontalPodAutoscaler controller
+cannot exactly determine the first time a pod becomes ready when
+determining whether to set aside certain CPU metrics. Instead, it
+considers a Pod "not yet ready" if it's unready and transitioned to
+unready within a short, configurable window of time since it started.
+This value is configured with the `--horizontal-pod-autoscaler-initial-readiness-delay` flag, and its default is 30
+seconds.  Once a pod has become ready, it considers any transition to
+ready to be the first if it occurred within a longer, configurable time
+since it started. This value is configured with the `--horizontal-pod-autoscaler-cpu-initialization-period` flag, and its
+default is 5 minutes.
+-->
+由于受技术限制，pod 水平缩放控制器无法准确的知道 pod 什么时候就绪，
+也就无法决定是否暂时搁置该 pod。
+`--horizontal-pod-autoscaler-initial-readiness-delay` 参数（默认为30s），用于设置 pod 准备时间，
+在此时间内的 pod 统统被认为未就绪。
+`--horizontal-pod-autoscaler-cpu-initialization-period`参数（默认为5分钟），用于设置 pod 的初始化时间，
+在此时间内的 pod，CPU 资源指标将不会被采纳。
+
+<!--
+The `currentMetricValue / desiredMetricValue` base scale ratio is then
+calculated using the remaining pods not set aside or discarded from above.
+-->
+在排除掉被搁置的 pod 后，缩放比例就会跟据`currentMetricValue / desiredMetricValue`计算出来。
+
+<!--
+If there were any missing metrics, we recompute the average more
+conservatively, assuming those pods were consuming 100% of the desired
+value in case of a scale down, and 0% in case of a scale up.  This dampens
+the magnitude of any potential scale.
+-->
+如果有任何 pod 的指标缺失，我们会更保守地重新计算平均值，
+在需要缩小时假设这些 pod 消耗了目标值的 100%，
+在需要放大时假设这些 pod 消耗了0%目标值。
+这可以在一定程度上抑制伸缩的幅度。
+
+<!--
+Furthermore, if any not-yet-ready pods were present, and we would have
+scaled up without factoring in missing metrics or not-yet-ready pods, we
+conservatively assume the not-yet-ready pods are consuming 0% of the
+desired metric, further dampening the magnitude of a scale up.
+-->
+此外，如果存在任何尚未就绪的pod，我们可以在不考虑遗漏指标或尚未就绪的pods的情况下进行伸缩，
+我们保守地假设尚未就绪的pods消耗了试题指标的0%，从而进一步降低了伸缩的幅度。
+
+<!--
+After factoring in the not-yet-ready pods and missing metrics, we
+recalculate the usage ratio.  If the new ratio reverses the scale
+direction, or is within the tolerance, we skip scaling.  Otherwise, we use
+the new ratio to scale.
+-->
+在缩放方向（缩小或放大）确定后，我们会把未就绪的 pod 和缺少指标的 pod 考虑进来再次计算使用率。
+如果新的比率与缩放方向相反，或者在容忍范围内，则跳过缩放。
+否则，我们使用新的缩放比例。
+
+<!--
+Note that the *original* value for the average utilization is reported
+back via the HorizontalPodAutoscaler status, without factoring in the
+not-yet-ready pods or missing metrics, even when the new usage ratio is
+used.
+-->
+注意，平均利用率的*原始*值会通过 HorizontalPodAutoscaler 的状态体现（
+即使使用了新的使用率，也不考虑未就绪 pod 和 缺少指标的 pod)。
+
+<!--
+If multiple metrics are specified in a HorizontalPodAutoscaler, this
+calculation is done for each metric, and then the largest of the desired
+replica counts is chosen.  If any of those metrics cannot be converted
+into a desired replica count (e.g. due to an error fetching the metrics
+from the metrics APIs), scaling is skipped.
+-->
+如果创建 HorizontalPodAutoscaler 时指定了多个指标，
+那么会按照每个指标分别计算缩放副本数，取最大的进行缩放。
+如果任何一个指标无法顺利的计算出缩放副本数（比如，通过 API 获取指标时出错），
+那么本次缩放会被跳过。
+
+<!--
+Finally, just before HPA scales the target, the scale recommendation is recorded.  The
+controller considers all recommendations within a configurable window choosing the
+highest recommendation from within that window. 
+This value can be configured using the `--horizontal-pod-autoscaler-downscale-stabilization` flag, which defaults to 5 minutes.
+This means that scaledowns will occur gradually, smoothing out the impact of rapidly
+fluctuating metric values.
+-->
+最后，在 HPA 控制器执行缩放操作之前，会记录缩放建议信息（scale recommendation）。
+控制器会在操作时间窗口中考虑所有的建议信息，并从中选择得分最高的建议。
+这个值可通过 kube-controller-manager 服务的启动参数 `--horizontal-pod-autoscaler-downscale-stabilization` 进行配置，
+默认值为 5min。
+这个配置可以让系统更为平滑地进行缩容操作，从而消除短时间内指标值快速波动产生的影响。
+
+<!--
+## API Object
+-->
+## API 对象
+
+<!--
+The Horizontal Pod Autoscaler is an API resource in the Kubernetes `autoscaling` API group.
+The current stable version, which only includes support for CPU autoscaling,
+can be found in the `autoscaling/v1` API version.
+-->
+HorizontalPodAutoscaler 是 Kubernetes `autoscaling` API 组的资源。
+在当前稳定版本（`autoscaling/v1`）中只支持基于CPU指标的缩放。
+
+<!--
+The beta version, which includes support for scaling on memory and custom metrics,
+can be found in `autoscaling/v2beta2`. The new fields introduced in `autoscaling/v2beta2`
+are preserved as annotations when working with `autoscaling/v1`.
+-->
+在 beta 版本（`autoscaling/v2beta2`），引入了基于内存和自定义指标的缩放。
+在`autoscaling/v2beta2`版本中新引入的字段在`autoscaling/v1`版本中基于 annotation 实现。
+
+<!--
+More details about the API object can be found at
+[HorizontalPodAutoscaler Object](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md#horizontalpodautoscaler-object).
+-->
+更多有关 API 对象的信息，请查阅[HorizontalPodAutoscaler Object](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md#horizontalpodautoscaler-object)。
+
+<!--
+## Support for Horizontal Pod Autoscaler in kubectl
+-->
+## 使用 kubectl 操作 Horizontal Pod Autoscaler
+
+<!--
+Horizontal Pod Autoscaler, like every API resource, is supported in a standard way by `kubectl`.
+We can create a new autoscaler using `kubectl create` command.
+We can list autoscalers by `kubectl get hpa` and get detailed description by `kubectl describe hpa`.
+Finally, we can delete an autoscaler using `kubectl delete hpa`.
+-->
+与其他 API 资源类似，`kubectl` 也标准支持 Pod 自动伸缩。
+我们可以通过 `kubectl create` 命令创建一个自动伸缩对象，
+通过 `kubectl get hpa` 命令来获取所有自动伸缩对象，
+通过 `kubectl describe hpa` 命令来查看自动伸缩对象的详细信息。
+最后，可以使用 `kubectl delete hpa` 命令删除对象。
+
+<!--
+In addition, there is a special `kubectl autoscale` command for easy creation of a Horizontal Pod Autoscaler.
+For instance, executing `kubectl autoscale rs foo --min=2 --max=5 --cpu-percent=80`
+will create an autoscaler for replication set *foo*, with target CPU utilization set to `80%`
+and the number of replicas between 2 and 5.
+The detailed documentation of `kubectl autoscale` can be found [here](/docs/reference/generated/kubectl/kubectl-commands/#autoscale).
+-->
+此外，还有个简便的命令 `kubectl autoscale` 来创建自动伸缩对象。
+例如，命令 `kubectl autoscale rs foo --min=2 --max=5 --cpu-percent=80` 将会为名
+为 *foo* 的 replication set 创建一个自动伸缩对象，
+对象目标CPU使用率为 `80%`，副本数量配置为 2 到 5 之间。
+
+<!--
+## Autoscaling during rolling update
+-->
+
+## 滚动升级时缩放
+
+<!--
+Currently in Kubernetes, it is possible to perform a [rolling update](/docs/tasks/run-application/rolling-update-replication-controller/) 
+by managing replication controllers directly,
+or by using the deployment object, which manages the underlying replica sets for you.
+Horizontal Pod Autoscaler only supports the latter approach: the Horizontal Pod Autoscaler is bound to the deployment object,
+it sets the size for the deployment object, and the deployment is responsible for setting sizes of underlying replica sets.
+-->
+目前在 Kubernetes 中，可以针对 replication controllers 或 deployment 执行
+滚动升级[rolling update](/docs/tasks/run-application/rolling-update-replication-controller/)，他们会为你管理底层副本数。
+Pod 水平缩放只支持后一种：Horizontal Pod Autoscaler 会被绑定到 deployment 对象中，Horizontal Pod Autoscaler 设置副本数量时，
+deployment 会设置底层副本数。
+
+<!--
+Horizontal Pod Autoscaler does not work with rolling update using direct manipulation of replication controllers,
+i.e. you cannot bind a Horizontal Pod Autoscaler to a replication controller and do rolling update (e.g. using `kubectl rolling-update`).
+The reason this doesn't work is that when rolling update creates a new replication controller,
+the Horizontal Pod Autoscaler will not be bound to the new replication controller.
+-->
+当使用 replication controllers 执行滚动升级时， Horizontal Pod Autoscaler 不能工作，
+也就是说你不能将 Horizontal Pod Autoscaler 绑定到某个 replication controller 
+再执行滚动升级（例如使用 `kubectl rolling-update` 命令）。
+Horizontal Pod Autoscaler 不能工作的原因是，Horizontal Pod Autoscaler 无法绑定到滚动升级时创建的新副本。
+
+<!--
+## Support for cooldown/delay
+-->
+## 冷却/延迟
+
+<!--
+When managing the scale of a group of replicas using the Horizontal Pod Autoscaler,
+it is possible that the number of replicas keeps fluctuating frequently due to the
+dynamic nature of the metrics evaluated. This is sometimes referred to as *thrashing*.
+-->
+当使用 Horizontal Pod Autoscaler 管理一组副本缩放时，
+有可能因为指标动态的变化造成副本数量频繁的变化，有时这被称为 *抖动*。
+
+<!--
+Starting from v1.6, a cluster operator can mitigate this problem by tuning
+the global HPA settings exposed as flags for the `kube-controller-manager` component:
+-->
+从 v1.6 版本起，集群操作员可以开启某些 `kube-controller-manager` 全局的参数来缓和这个问题。
+
+<!--
+Starting from v1.12, a new algorithmic update removes the need for the
+upscale delay.
+-->
+从 v1.12 开始，算法调整后，就不用这么做了。
+
+<!--
+- `--horizontal-pod-autoscaler-downscale-stabilization`: The value for this option is a
+  duration that specifies how long the autoscaler has to wait before another
+  downscale operation can be performed after the current one has completed.
+  The default value is 5 minutes (`5m0s`).
+-->
+- `--horizontal-pod-autoscaler-downscale-stabilization`: 这个 `kube-controller-manager` 的参数表示缩容冷却时间。
+  即自从上次缩容执行结束后，多久可以再次执行缩容，默认时间是5分钟(`5m0s`)。
+
+{{< note >}}
+<!--
+When tuning these parameter values, a cluster operator should be aware of the possible
+consequences. If the delay (cooldown) value is set too long, there could be complaints
+that the Horizontal Pod Autoscaler is not responsive to workload changes. However, if
+the delay value is set too short, the scale of the replicas set may keep thrashing as
+usual.
+-->
+当启用这个参数时，集群操作员需要明白其可能的影响。
+如果延迟（冷却）时间设置的太长，那么 Horizontal Pod Autoscaler 可能会不能很好的改变负载。
+如果延迟（冷却）时间设备的太短，那么副本数量有可能跟以前一样抖动。
+{{< /note >}}
+
+<!--
+## Support for multiple metrics
+-->
+## 多指标支持
+
+<!--
+Kubernetes 1.6 adds support for scaling based on multiple metrics. You can use the `autoscaling/v2beta2` API
+version to specify multiple metrics for the Horizontal Pod Autoscaler to scale on. Then, the Horizontal Pod
+Autoscaler controller will evaluate each metric, and propose a new scale based on that metric. The largest of the
+proposed scales will be used as the new scale.
+-->
+在 Kubernetes 1.6 支持了基于多个指标进行缩放。
+你可以使用 `autoscaling/v2beta2` API 来为 Horizontal Pod Autoscaler 指定多个指标。
+Horizontal Pod Autoscaler 会跟据每个指标计算，并生成一个缩放建议。
+幅度最大的缩放建议会被采纳。
+
+<!--
+## Support for custom metrics
+-->
+## 自定义指标支持
+
+{{< note >}}
+<!--
+Kubernetes 1.2 added alpha support for scaling based on application-specific metrics using special annotations.
+Support for these annotations was removed in Kubernetes 1.6 in favor of the new autoscaling API.  While the old method for collecting
+custom metrics is still available, these metrics will not be available for use by the Horizontal Pod Autoscaler, and the former
+annotations for specifying which custom metrics to scale on are no longer honored by the Horizontal Pod Autoscaler controller.
+-->
+在 Kubernetes 1.2 增加的 alpha 的缩放支持基于特定的 annotation。
+自从 Kubernetes 1.6 起，由于缩放 API 的引入，这些 annotation 就不再支持了。
+虽然收集自定义指标的旧方法仍然可用，但是 Horizontal Pod Autoscaler 调度器将不会再使用这些指标，
+同时，Horizontal Pod Autoscaler 也不再使用之前的用于指定用户自定义指标的 annotation 了。
+{{< /note >}}
+
+<!--
+Kubernetes 1.6 adds support for making use of custom metrics in the Horizontal Pod Autoscaler.
+You can add custom metrics for the Horizontal Pod Autoscaler to use in the `autoscaling/v2beta2` API.
+Kubernetes then queries the new custom metrics API to fetch the values of the appropriate custom metrics.
+-->
+自 Kubernetes 1.6 起，Horizontal Pod Autoscaler 支持使用自定义指标。
+你可以使用 `autoscaling/v2beta2` API 为 Horizontal Pod Autoscaler 指定用户自定义指标。
+Kubernetes 会通过用户自定义指标 API 来获取相应的指标。
+
+<!--
+See [Support for metrics APIs](#support-for-metrics-apis) for the requirements.
+-->
+关于指标 API 的要求，请查阅 [Support for metrics APIs](#support-for-metrics-apis)。
+
+<!--
+## Support for metrics APIs
+-->
+## 指标 API
+
+<!--
+By default, the HorizontalPodAutoscaler controller retrieves metrics from a series of APIs.  In order for it to access these
+APIs, cluster administrators must ensure that:
+-->
+默认情况下，HorizontalPodAutoscaler 控制器会从一系列的 API 中请求指标数据。
+集群管理员需要确保下述条件，以保证这些 API 可以访问：
+
+<!--
+* The [API aggregation layer](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/) is enabled.
+-->
+* [API aggregation layer](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/) 已开启
+
+<!--
+* The corresponding APIs are registered:
+
+   * For resource metrics, this is the `metrics.k8s.io` API, generally provided by [metrics-server](https://github.com/kubernetes-incubator/metrics-server).
+     It can be launched as a cluster addon.
+
+   * For custom metrics, this is the `custom.metrics.k8s.io` API.  It's provided by "adapter" API servers provided by metrics solution vendors.
+     Check with your metrics pipeline, or the [list of known solutions](https://github.com/kubernetes/metrics/blob/master/IMPLEMENTATIONS.md#custom-metrics-api).
+     If you would like to write your own, check out the [boilerplate](https://github.com/kubernetes-incubator/custom-metrics-apiserver) to get started.
+
+   * For external metrics, this is the `external.metrics.k8s.io` API.  It may be provided by the custom metrics adapters provided above.
+-->
+
+* 相应的 API 已注册：
+
+   * 资源指标会使用 `metrics.k8s.io` API，一般由 [metrics-server](https://github.com/kubernetes-incubator/metrics-server) 提供。
+     它可以做为集群组件启动。
+  * 用户指标会使用 `custom.metrics.k8s.io` API。
+     它由其他厂商的“适配器”API 服务器提供。
+     确认你的指标管道，或者查看 [list of known solutions](https://github.com/kubernetes/metrics/blob/master/IMPLEMENTATIONS.md#custom-metrics-api)。
+   * 外部指标会使用 `external.metrics.k8s.io` API。可能由上面的用户指标适配器提供。
+
+<!--
+* The `--horizontal-pod-autoscaler-use-rest-clients` is `true` or unset.  Setting this to false switches to Heapster-based autoscaling, which is deprecated.
+-->
+* `--horizontal-pod-autoscaler-use-rest-clients` 参数设置为 `true` 或者不设置。 
+  如果设置为 false，则会切换到基于 Heapster 的自动缩放，这个特性已经被弃用了。
+
+<!--  
+For more information on these different metrics paths and how they differ please see the relevant design proposals for
+[the HPA V2](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/autoscaling/hpa-v2.md),
+[custom.metrics.k8s.io](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/custom-metrics-api.md)
+and [external.metrics.k8s.io](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/external-metrics-api.md).
+-->
+更多关于指标来源以及其区别，请参阅相关的设计文档，
+[the HPA V2](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/autoscaling/hpa-v2.md)、
+[custom.metrics.k8s.io](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/custom-metrics-api.md)和
+[external.metrics.k8s.io](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/external-metrics-api.md)。
+
+<!--
+For examples of how to use them see [the walkthrough for using custom metrics](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics)
+and [the walkthrough for using external metrics](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-metrics-not-related-to-kubernetes-objects).
+-->
+如何使用它们的示例，请参考 
+[the walkthrough for using custom metrics](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics)
+和 [the walkthrough for using external metrics](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-metrics-not-related-to-kubernetes-objects)。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Design documentation: [Horizontal Pod Autoscaling](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md).
+* kubectl autoscale command: [kubectl autoscale](/docs/reference/generated/kubectl/kubectl-commands/#autoscale).
+* Usage example of [Horizontal Pod Autoscaler](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/).
+-->
+* 设计文档：[Horizontal Pod Autoscaling](https://git.k8s.io/community/contributors/design-proposals/autoscaling/horizontal-pod-autoscaler.md).
+* kubectl 自动缩放命令： [kubectl autoscale](/docs/reference/generated/kubectl/kubectl-commands/#autoscale).
+* 使用示例：[Horizontal Pod Autoscaler](/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/).
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/run-application/rolling-update-replication-controller.md b/content/zh/docs/tasks/run-application/rolling-update-replication-controller.md
index b4956d0d8a62c..573339ed3bb5f 100644
--- a/content/zh/docs/tasks/run-application/rolling-update-replication-controller.md
+++ b/content/zh/docs/tasks/run-application/rolling-update-replication-controller.md
@@ -1,32 +1,81 @@
 ---
-approvers:
+reviewers:
 - janetkuo
 title: 基于Replication Controller执行滚动升级
+content_template: templates/concept
+weight: 80
 ---
-
-{{< toc >}}
+<!-- 
+---
+reviewers:
+- janetkuo
+title: Perform Rolling Update Using a Replication Controller
+content_template: templates/concept
+weight: 80
+--- 
+-->
 
 ## 概述
 
 **注**: 创建副本应用的首选方法是使用[Deployment](/docs/api-reference/{{< param "version" >}}/#deployment-v1beta1-apps)，Deployment使用[ReplicaSet](/docs/api-reference/{{< param "version" >}}/#replicaset-v1beta1-extensions)来进行副本控制。
 更多信息, 查看[使用Deployment运行一个无状态应用](/docs/tasks/run-application/run-stateless-application-deployment/)。
 
+<!-- 
+{{< note >}}
+**Note**: The preferred way to create a replicated application is to use a
+[Deployment](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#deployment-v1-apps),
+which in turn uses a
+[ReplicaSet](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#replicaset-v1-apps).
+For more information, see
+[Running a Stateless Application Using a Deployment](/docs/tasks/run-application/run-stateless-application-deployment/).
+{{< /note >}}
+-->
+
 为了在更新服务的同时不中断业务， `kubectl` 支持['滚动更新'](/docs/user-guide/kubectl/v1.6/#rolling-update)，它一次更新一个pod，而不是同时停止整个服务。 有关更多信息，请参阅 [滚动更新设计文档](https://git.k8s.io/community/contributors/design-proposals/cli/simple-rolling-update.md) 和 [滚动更新示例](/docs/tasks/run-application/rolling-update-replication-controller/)。
+<!-- 
+To update a service without an outage, `kubectl` supports what is called [rolling update](/docs/reference/generated/kubectl/kubectl-commands/#rolling-update), which updates one pod at a time, rather than taking down the entire service at the same time. See the [rolling update design document](https://git.k8s.io/community/contributors/design-proposals/cli/simple-rolling-update.md) for more information.
+-->
 
 请注意， `kubectl rolling-update` 仅支持Replication Controllers。 但是，如果使用Replication Controllers部署应用，请考虑将其切换到[Deployments](/docs/concepts/workloads/controllers/deployment/). Deployment是一种被推荐使用的更高级别的控制器，它可以对应用进行声明性的自动滚动更新。 如果您仍然希望保留您的Replication Controllers并使用 `kubectl rolling-update`进行滚动更新， 请继续往下阅读：
+<!-- 
+Note that `kubectl rolling-update` only supports Replication Controllers. However, if you deploy applications with Replication Controllers,
+consider switching them to [Deployments](/docs/concepts/workloads/controllers/deployment/). A Deployment is a higher-level controller that automates rolling updates
+of applications declaratively, and therefore is recommended. If you still want to keep your Replication Controllers and use `kubectl rolling-update`, keep reading:
+-->
 
 滚动更新可以对replication controller所管理的Pod的配置进行变更，变更可以通过一个新的配置文件来进行，或者，如果只更新镜像，则可以直接指定新的容器镜像。
+<!--
+A rolling update applies changes to the configuration of pods being managed by
+a replication controller. The changes can be passed as a new replication
+controller configuration file; or, if only updating the image, a new container
+image can be specified directly.
+-->
 
 滚动更新的工作流程：
+<!--
+A rolling update works by:
+-->
 
 1. 通过新的配置创建一个replication controller
 2. 在新的控制器上增加副本数，在旧的上面减少副本数，直到副本数达到期望值
 3. 删除之前的replication controller
+<!--
+1. Creating a new replication controller with the updated configuration.
+2. Increasing/decreasing the replica count on the new and old controllers until
+   the correct number of replicas is reached.
+3. Deleting the original replication controller.
+-->
 
 使用`kubectl rolling-update`命令来进行滚动更新：
 
     $ kubectl rolling-update NAME \
         ([NEW_NAME] --image=IMAGE | -f FILE)
+<!--
+Rolling updates are initiated with the `kubectl rolling-update` command:
+
+    $ kubectl rolling-update NAME \
+        ([NEW_NAME] --image=IMAGE | -f FILE)
+-->
 
 ## 通过配置文件更新
 
@@ -43,6 +92,25 @@ title: 基于Replication Controller执行滚动升级
 * `metadata.namespace`字段必须相同
 
 Replication Controllers的配置文件详细介绍见[创建Replication Controllers](/docs/tutorials/stateless-application/run-stateless-ap-replication-controller/).
+<!--
+## Passing a configuration file
+
+To initiate a rolling update using a configuration file, pass the new file to
+`kubectl rolling-update`:
+
+    $ kubectl rolling-update NAME -f FILE
+
+The configuration file must:
+
+* Specify a different `metadata.name` value.
+
+* Overwrite at least one common label in its `spec.selector` field.
+
+* Use the same `metadata.namespace`.
+
+Replication controller configuration files are described in
+[Creating Replication Controllers](/docs/tutorials/stateless-application/run-stateless-ap-replication-controller/).
+-->
 
 ### 示例
 
@@ -51,6 +119,15 @@ Replication Controllers的配置文件详细介绍见[创建Replication Controll
 
     // 将frontend-v2.json数据传到标准输入来更新frontend-v1的pods
     $ cat frontend-v2.json | kubectl rolling-update frontend-v1 -f -
+<!--
+### Examples
+
+    // Update pods of frontend-v1 using new replication controller data in frontend-v2.json.
+    $ kubectl rolling-update frontend-v1 -f frontend-v2.json
+
+    // Update pods of frontend-v1 using JSON data passed into stdin.
+    $ cat frontend-v2.json | kubectl rolling-update frontend-v1 -f -
+-->
 
 ## 更新容器镜像
 
@@ -64,6 +141,28 @@ Replication Controllers的配置文件详细介绍见[创建Replication Controll
 
 如果`IMAGE:TAG` 和当前值相同，更新就会失败。 因此，我们建议使用版本号来作为标签，而不是使用 `:latest`。从一个 `image:latest`镜像升级到一个新的 `image:latest` 镜像将会失败，即使这两个镜像不是相同的。
 所以，我们不建议使用 `:latest` 来作为标签，详细信息见[最佳配置实践](/docs/concepts/configuration/overview/#container-images) 。
+<!--
+## Updating the container image
+
+To update only the container image, pass a new image name and tag with the
+`--image` flag and (optionally) a new controller name:
+
+    $ kubectl rolling-update NAME [NEW_NAME] --image=IMAGE:TAG
+
+The `--image` flag is only supported for single-container pods. Specifying
+`--image` with multi-container pods returns an error.
+
+If no `NEW_NAME` is specified, a new replication controller is created with
+a temporary name. Once the rollout is complete, the old controller is deleted,
+and the new controller is updated to use the original name.
+
+The update will fail if `IMAGE:TAG` is identical to the
+current value. For this reason, we recommend the use of versioned tags as
+opposed to values such as `:latest`. Doing a rolling update from `image:latest`
+to a new `image:latest` will fail, even if the image at that tag has changed.
+Moreover, the use of `:latest` is not recommended, see
+[Best Practices for Configuration](/docs/concepts/configuration/overview/#container-images) for more information.
+-->
 
 ### 示例
 
@@ -72,6 +171,15 @@ Replication Controllers的配置文件详细介绍见[创建Replication Controll
 
     // 更新frontend的pods，不更改replication controller的名称
     $ kubectl rolling-update frontend --image=image:v2
+<!--
+### Examples
+
+    // Update the pods of frontend-v1 to frontend-v2
+    $ kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2
+
+    // Update the pods of frontend, keeping the replication controller name
+    $ kubectl rolling-update frontend --image=image:v2
+-->
 
 ## 必选和可选字段
 
@@ -98,6 +206,46 @@ Replication Controllers的配置文件详细介绍见[创建Replication Controll
 * `--update-period DURATION`: 更新两个pod之间等待的时间，默认值是`1m0s`。有效单位如`--poll-interval`所述。
 
 有关`kubectl rolling-update`命令的更多信息见[`kubectl`参考](/docs/user-guide/kubectl/v1.6/#rolling-update).
+<!--
+## Required and optional fields
+
+Required fields are:
+
+* `NAME`: The name of the replication controller to update.
+
+as well as either:
+
+* `-f FILE`: A replication controller configuration file, in either JSON or
+  YAML format. The configuration file must specify a new top-level `id` value
+  and include at least one of the existing `spec.selector` key:value pairs.
+  See the
+  [Run Stateless AP Replication Controller](/docs/tutorials/stateless-application/run-stateless-ap-replication-controller/#replication-controller-configuration-file)
+  page for details.
+<br>
+<br>
+    or:
+<br>
+<br>
+* `--image IMAGE:TAG`: The name and tag of the image to update to. Must be
+  different than the current image:tag currently specified.
+
+Optional fields are:
+
+* `NEW_NAME`: Only used in conjunction with `--image` (not with `-f FILE`). The
+  name to assign to the new replication controller.
+* `--poll-interval DURATION`: The time between polling the controller status
+  after update. Valid units are `ns` (nanoseconds), `us` or `µs` (microseconds),
+  `ms` (milliseconds), `s` (seconds), `m` (minutes), or `h` (hours). Units can
+  be combined (e.g. `1m30s`). The default is `3s`.
+* `--timeout DURATION`: The maximum time to wait for the controller to update a
+  pod before exiting. Default is `5m0s`. Valid units are as described for
+  `--poll-interval` above.
+* `--update-period DURATION`: The time to wait between updating pods. Default
+  is `1m0s`. Valid units are as described for `--poll-interval` above.
+
+Additional information about the `kubectl rolling-update` command is available
+from the [`kubectl` reference](/docs/reference/generated/kubectl/kubectl-commands/#rolling-update).
+-->
 
 ## 实践
 
@@ -214,6 +362,123 @@ Scaling my-nginx-v4 up to 5
 Update succeeded. Deleting old controller: my-nginx
 replicationcontroller "my-nginx-v4" rolling updated
 ```
+<!--
+## Walkthrough
+
+Let's say you were running version 1.7.9 of nginx:
+
+```yaml
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: my-nginx
+spec:
+  replicas: 5
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.7.9
+        ports:
+        - containerPort: 80
+```
+
+To update to version 1.9.1, you can use [`kubectl rolling-update --image`](https://git.k8s.io/community/contributors/design-proposals/cli/simple-rolling-update.md) to specify the new image:
+
+```shell
+$ kubectl rolling-update my-nginx --image=nginx:1.9.1
+Created my-nginx-ccba8fbd8cc8160970f63f9a2696fc46
+```
+
+In another window, you can see that `kubectl` added a `deployment` label to the pods, whose value is a hash of the configuration, to distinguish the new pods from the old:
+
+```shell
+$ kubectl get pods -l app=nginx -L deployment
+NAME                                              READY     STATUS    RESTARTS   AGE       DEPLOYMENT
+my-nginx-ccba8fbd8cc8160970f63f9a2696fc46-k156z   1/1       Running   0          1m        ccba8fbd8cc8160970f63f9a2696fc46
+my-nginx-ccba8fbd8cc8160970f63f9a2696fc46-v95yh   1/1       Running   0          35s       ccba8fbd8cc8160970f63f9a2696fc46
+my-nginx-divi2                                    1/1       Running   0          2h        2d1d7a8f682934a254002b56404b813e
+my-nginx-o0ef1                                    1/1       Running   0          2h        2d1d7a8f682934a254002b56404b813e
+my-nginx-q6all                                    1/1       Running   0          8m        2d1d7a8f682934a254002b56404b813e
+```
+
+`kubectl rolling-update` reports progress as it progresses:
+
+```
+Scaling up my-nginx-ccba8fbd8cc8160970f63f9a2696fc46 from 0 to 3, scaling down my-nginx from 3 to 0 (keep 3 pods available, don't exceed 4 pods)
+Scaling my-nginx-ccba8fbd8cc8160970f63f9a2696fc46 up to 1
+Scaling my-nginx down to 2
+Scaling my-nginx-ccba8fbd8cc8160970f63f9a2696fc46 up to 2
+Scaling my-nginx down to 1
+Scaling my-nginx-ccba8fbd8cc8160970f63f9a2696fc46 up to 3
+Scaling my-nginx down to 0
+Update succeeded. Deleting old controller: my-nginx
+Renaming my-nginx-ccba8fbd8cc8160970f63f9a2696fc46 to my-nginx
+replicationcontroller "my-nginx" rolling updated
+```
+
+If you encounter a problem, you can stop the rolling update midway and revert to the previous version using `--rollback`:
+
+```shell
+$ kubectl rolling-update my-nginx --rollback
+Setting "my-nginx" replicas to 1
+Continuing update with existing controller my-nginx.
+Scaling up nginx from 1 to 1, scaling down my-nginx-ccba8fbd8cc8160970f63f9a2696fc46 from 1 to 0 (keep 1 pods available, don't exceed 2 pods)
+Scaling my-nginx-ccba8fbd8cc8160970f63f9a2696fc46 down to 0
+Update succeeded. Deleting my-nginx-ccba8fbd8cc8160970f63f9a2696fc46
+replicationcontroller "my-nginx" rolling updated
+```
+
+This is one example where the immutability of containers is a huge asset.
+
+If you need to update more than just the image (e.g., command arguments, environment variables), you can create a new replication controller, with a new name and distinguishing label value, such as:
+
+```yaml
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: my-nginx-v4
+spec:
+  replicas: 5
+  selector:
+    app: nginx
+    deployment: v4
+  template:
+    metadata:
+      labels:
+        app: nginx
+        deployment: v4
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.9.2
+        args: ["nginx", "-T"]
+        ports:
+        - containerPort: 80
+```
+
+and roll it out:
+
+```shell
+$ kubectl rolling-update my-nginx -f ./nginx-rc.yaml
+Created my-nginx-v4
+Scaling up my-nginx-v4 from 0 to 5, scaling down my-nginx from 4 to 0 (keep 4 pods available, don't exceed 5 pods)
+Scaling my-nginx-v4 up to 1
+Scaling my-nginx down to 3
+Scaling my-nginx-v4 up to 2
+Scaling my-nginx down to 2
+Scaling my-nginx-v4 up to 3
+Scaling my-nginx down to 1
+Scaling my-nginx-v4 up to 4
+Scaling my-nginx down to 0
+Scaling my-nginx-v4 up to 5
+Update succeeded. Deleting old controller: my-nginx
+replicationcontroller "my-nginx-v4" rolling updated
+```
+-->
 
 ## 故障分析
 
@@ -222,3 +487,15 @@ replicationcontroller "my-nginx-v4" rolling updated
 如果更新失败，可以尝试使用同样的命令来继续更新过程。
 
 在尝试更新之前如果需要回滚到之前的状态，可在之前的命令后面添加`--rollback=true`参数，这将回退所有的更改。
+<!--
+## Troubleshooting
+
+If the `timeout` duration is reached during a rolling update, the operation will
+fail with some pods belonging to the new replication controller, and some to the
+original controller.
+
+To continue the update from where it failed, retry using the same command.
+
+To roll back to the original state before the attempted update, append the
+`--rollback=true` flag to the original command. This will revert all changes.
+-->
diff --git a/content/zh/docs/tasks/run-application/run-replicated-stateful-application.md b/content/zh/docs/tasks/run-application/run-replicated-stateful-application.md
new file mode 100644
index 0000000000000..407c7f5c18d03
--- /dev/null
+++ b/content/zh/docs/tasks/run-application/run-replicated-stateful-application.md
@@ -0,0 +1,656 @@
+---
+title: 运行一个有状态的应用程序
+content_template: templates/tutorial
+weight: 30
+---
+<!-- ---
+reviewers:
+- enisoc
+- erictune
+- foxish
+- janetkuo
+- kow3ns
+- smarterclayton
+title: Run a Replicated Stateful Application
+content_template: templates/tutorial
+weight: 30
+--- -->
+
+{{% capture overview %}}
+
+<!-- This page shows how to run a replicated stateful application using a
+[StatefulSet](/docs/concepts/workloads/controllers/statefulset/) controller.
+The example is a MySQL single-master topology with multiple slaves running
+asynchronous replication. -->
+该页面显示如何使用[StatefulSet](/docs/concepts/workloads/controllers/statefulset/) 控制器去运行一个有状态的应用程序。此例是一主多从的 MySQL 集群。
+
+<!-- Note that **this is not a production configuration**.
+In particular, MySQL settings remain on insecure defaults to keep the focus
+on general patterns for running stateful applications in Kubernetes. -->
+请注意 **这不是生产配置**。
+重点是， MySQL 设置保留在不安全的默认值上，使重点放在 Kubernetes 中运行有状态应用程序的常规模式。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- * {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+* {{< include "default-storage-class-prereqs.md" >}}
+* This tutorial assumes you are familiar with
+  [PersistentVolumes](/docs/concepts/storage/persistent-volumes/)
+  and [StatefulSets](/docs/concepts/workloads/controllers/statefulset/),
+  as well as other core concepts like [Pods](/docs/concepts/workloads/pods/pod/),
+  [Services](/docs/concepts/services-networking/service/), and
+  [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/).
+* Some familiarity with MySQL helps, but this tutorial aims to present
+  general patterns that should be useful for other systems. -->
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+* {{< include "default-storage-class-prereqs.md" >}}
+* 本教程假定您熟悉
+  [PersistentVolumes](/docs/concepts/storage/persistent-volumes/)
+  与 [StatefulSets](/docs/concepts/workloads/controllers/statefulset/),
+  以及其他核心概念，例如[Pods](/docs/concepts/workloads/pods/pod/),
+  [Services](/docs/concepts/services-networking/service/), 与
+  [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/).
+* 熟悉 MySQL 会有所帮助，但是本教程旨在介绍对其他系统应该有用的常规模式。
+
+{{% /capture %}}
+
+{{% capture objectives %}}
+
+<!-- * Deploy a replicated MySQL topology with a StatefulSet controller.
+* Send MySQL client traffic.
+* Observe resistance to downtime.
+* Scale the StatefulSet up and down. -->
+* 使用 StatefulSet 控制器部署复制的 MySQL 拓扑。
+* 发送 MySQL 客户端流量。
+* 观察对宕机的抵抗力。
+* 缩放 StatefulSet 的大小。
+
+{{% /capture %}}
+
+{{% capture lessoncontent %}}
+
+<!-- ## Deploy MySQL -->
+## 部署 MySQL
+
+<!-- The example MySQL deployment consists of a ConfigMap, two Services,
+and a StatefulSet. -->
+部署 MySQL 示例，包含一个 ConfigMap，两个 Services，与一个 StatefulSet。
+
+### ConfigMap
+
+<!-- Create the ConfigMap from the following YAML configuration file: -->
+从以下的 YAML 配置文件创建 ConfigMap ：
+
+{{< codenew file="application/mysql/mysql-configmap.yaml" >}}
+
+```shell
+kubectl apply -f https://k8s.io/examples/application/mysql/mysql-configmap.yaml
+```
+
+<!-- This ConfigMap provides `my.cnf` overrides that let you independently control
+configuration on the MySQL master and slaves.
+In this case, you want the master to be able to serve replication logs to slaves
+and you want slaves to reject any writes that don't come via replication. -->
+这个 ConfigMap 提供 `my.cnf` 覆盖，使您可以独立控制 MySQL 主服务器和从服务器的配置。
+在这种情况下，您希望主服务器能够将复制日志提供给从服务器，并且希望从服务器拒绝任何不是通过复制进行的写操作。
+
+<!-- There's nothing special about the ConfigMap itself that causes different
+portions to apply to different Pods.
+Each Pod decides which portion to look at as it's initializing,
+based on information provided by the StatefulSet controller. -->
+ConfigMap 本身没有什么特别之处，它可以使不同部分应用于不同的 Pod。
+每个 Pod 都会决定在初始化时要看基于 StatefulSet 控制器提供的信息。
+
+<!-- ### Services -->
+### Services
+
+<!-- Create the Services from the following YAML configuration file: -->
+从以下 YAML 配置文件创建服务：
+
+{{< codenew file="application/mysql/mysql-services.yaml" >}}
+
+```shell
+kubectl apply -f https://k8s.io/examples/application/mysql/mysql-services.yaml
+```
+
+<!-- The Headless Service provides a home for the DNS entries that the StatefulSet
+controller creates for each Pod that's part of the set.
+Because the Headless Service is named `mysql`, the Pods are accessible by
+resolving `<pod-name>.mysql` from within any other Pod in the same Kubernetes
+cluster and namespace. -->
+Headless Service 给 StatefulSet 控制器为集合中每个 Pod 创建的 DNS 条目提供了一个宿主。因为 Headless Service 名为 `mysql`，所以可以通过在同一 Kubernetes 集群和 namespace 中的任何其他 Pod 内解析 `<pod-name>.mysql` 来访问 Pod。
+
+<!-- The Client Service, called `mysql-read`, is a normal Service with its own
+cluster IP that distributes connections across all MySQL Pods that report
+being Ready. The set of potential endpoints includes the MySQL master and all
+slaves. -->
+客户端 Service 称为 `mysql-read`，是一种常规 Service，具有其自己的群集 IP，该群集 IP 在报告为就绪的所有MySQL Pod 中分配连接。可能端点的集合包括 MySQL 主节点和所有从节点。
+
+<!-- Note that only read queries can use the load-balanced Client Service.
+Because there is only one MySQL master, clients should connect directly to the
+MySQL master Pod (through its DNS entry within the Headless Service) to execute
+writes. -->
+请注意，只有读取查询才能使用负载平衡的客户端 Service。因为只有一个 MySQL 主服务器，所以客户端应直接连接到 MySQL 主服务器 Pod (通过其在 Headless Service 中的 DNS 条目)以执行写入操作。
+
+### StatefulSet
+
+<!-- Finally, create the StatefulSet from the following YAML configuration file: -->
+最后，从以下 YAML 配置文件创建 StatefulSet：
+
+{{< codenew file="application/mysql/mysql-statefulset.yaml" >}}
+
+```shell
+kubectl apply -f https://k8s.io/examples/application/mysql/mysql-statefulset.yaml
+```
+
+<!-- You can watch the startup progress by running: -->
+您可以通过运行以下命令查看启动进度：
+
+```shell
+kubectl get pods -l app=mysql --watch
+```
+
+<!-- After a while, you should see all 3 Pods become Running: -->
+一段时间后，您应该看到所有3个 Pod 都开始运行：
+
+```
+NAME      READY     STATUS    RESTARTS   AGE
+mysql-0   2/2       Running   0          2m
+mysql-1   2/2       Running   0          1m
+mysql-2   2/2       Running   0          1m
+```
+
+<!-- Press **Ctrl+C** to cancel the watch.
+If you don't see any progress, make sure you have a dynamic PersistentVolume
+provisioner enabled as mentioned in the [prerequisites](#before-you-begin). -->
+输入**Ctrl+C**取消观察。
+如果您看不到任何进度，确保已启用[前提条件](#before-you-begin)中提到的动态 PersistentVolume 预配器。
+
+
+<!-- This manifest uses a variety of techniques for managing stateful Pods as part of
+a StatefulSet. The next section highlights some of these techniques to explain
+what happens as the StatefulSet creates Pods. -->
+该清单使用多种技术来管理作为 StatefulSet 一部分的有状态 Pod。下一节重点介绍其中一些技巧，以解释 StatefulSet 创建 Pod 时发生的状况。
+
+<!-- ## Understanding stateful Pod initialization -->
+## 了解有状态的 Pod 初始化
+
+<!-- The StatefulSet controller starts Pods one at a time, in order by their
+ordinal index.
+It waits until each Pod reports being Ready before starting the next one. -->
+StatefulSet 控制器一次按顺序启动 Pod 序数索引。它一直等到每个 Pod 报告就绪为止，然后再开始下一个 Pod。
+
+<!-- In addition, the controller assigns each Pod a unique, stable name of the form
+`<statefulset-name>-<ordinal-index>`, which results in Pods named `mysql-0`,
+`mysql-1`, and `mysql-2`. -->
+此外，控制器为每个 Pod 分配一个唯一，稳定的表单名称 `<statefulset-name>-<ordinal-index>` 其结果是 Pods 名为 mysql-0，mysql-1 和 mysql-2。
+
+<!-- The Pod template in the above StatefulSet manifest takes advantage of these
+properties to perform orderly startup of MySQL replication. -->
+上述 StatefulSet 清单中的 Pod 模板利用这些属性来执行 MySQL 复制的有序启动。
+
+<!-- ### Generating configuration -->
+### 生成配置
+
+<!-- Before starting any of the containers in the Pod spec, the Pod first runs any
+[Init Containers](/docs/concepts/workloads/pods/init-containers/)
+in the order defined. -->
+在启动 Pod 规范中的任何容器之前， Pod 首先运行任何[初始容器](/docs/concepts/workloads/pods/init-containers/)按照定义的顺序。
+
+<!-- The first Init Container, named `init-mysql`, generates special MySQL config
+files based on the ordinal index. -->
+第一个名为 `init-mysql` 的初始化容器，根据序号索引生成特殊的 MySQL 配置文件。
+
+<!-- The script determines its own ordinal index by extracting it from the end of
+the Pod name, which is returned by the `hostname` command.
+Then it saves the ordinal (with a numeric offset to avoid reserved values)
+into a file called `server-id.cnf` in the MySQL `conf.d` directory.
+This translates the unique, stable identity provided by the StatefulSet
+controller into the domain of MySQL server IDs, which require the same
+properties. -->
+该脚本通过从 Pod 名称的末尾提取索引来确定自己的序号索引，该名称由 `hostname` 命令返回。
+然后将序数(带有数字偏移量以避免保留值)保存到 MySQL conf.d 目录中的文件 server-id.cnf 中。
+这将转换 StatefulSet 提供的唯一，稳定的身份控制器进入需要相同属性的 MySQL 服务器 ID 的范围。
+
+<!-- The script in the `init-mysql` container also applies either `master.cnf` or
+`slave.cnf` from the ConfigMap by copying the contents into `conf.d`.
+Because the example topology consists of a single MySQL master and any number of
+slaves, the script simply assigns ordinal `0` to be the master, and everyone
+else to be slaves. -->
+通过将内容复制到 conf.d 中，init-mysql 容器中的脚本也可以应用 ConfigMap 中的 master.cnf 或 slave.cnf。由于示例拓扑由单个 MySQL 主节点和任意数量的从节点组成，因此脚本仅将序数 `0` 指定为主节点，而将其他所有人指定为从节点。与 StatefulSet 控制器的[部署顺序保证](/docs/concepts/workloads/controllers/statefulset/#deployment-and-scaling-guarantees/),这样可以确保 MySQL 主服务器在创建从服务器之前已准备就绪，以便它们可以开始复制。
+
+<!-- ### Cloning existing data -->
+### 克隆现有数据
+
+<!-- In general, when a new Pod joins the set as a slave, it must assume the MySQL
+master might already have data on it. It also must assume that the replication
+logs might not go all the way back to the beginning of time. -->
+通常，当新的 Pod 作为从节点加入集合时，必须假定 MySQL 主节点可能已经有数据。还必须假设复制日志可能不会一直追溯到时间的开始。
+<!-- These conservative assumptions are the key to allow a running StatefulSet
+to scale up and down over time, rather than being fixed at its initial size. -->
+这些保守假设的关键是允许正在运行的 StatefulSet 随时间扩大和缩小而不是固定在其初始大小。
+
+<!-- The second Init Container, named `clone-mysql`, performs a clone operation on
+a slave Pod the first time it starts up on an empty PersistentVolume.
+That means it copies all existing data from another running Pod,
+so its local state is consistent enough to begin replicating from the master. -->
+第二个名为 `clone-mysql` 的初始化容器，第一次在从属 Pod 上以空 PersistentVolume 启动时，会对从属 Pod 执行克隆操作。这意味着它将从另一个运行的 Pod 复制所有现有数据，因此其本地状态足够一致，可以开始主从服务器复制。
+
+<!-- MySQL itself does not provide a mechanism to do this, so the example uses a
+popular open-source tool called Percona XtraBackup.
+During the clone, the source MySQL server might suffer reduced performance.
+To minimize impact on the MySQL master, the script instructs each Pod to clone
+from the Pod whose ordinal index is one lower.
+This works because the StatefulSet controller always ensures Pod `N` is
+Ready before starting Pod `N+1`. -->
+MySQL 本身不提供执行此操作的机制，因此该示例使用了一种流行的开源工具 Percona XtraBackup。
+在克隆期间，源 MySQL 服务器可能会降低性能。
+为了最大程度地减少对 MySQL 主机的影响，该脚本指示每个 Pod 从序号较低的 Pod 中克隆。
+可以这样做的原因是 StatefulSet 控制器始终确保在启动 Pod N + 1 之前 Pod N 已准备就绪。
+
+<!-- ### Starting replication -->
+### 开始复制
+
+<!-- After the Init Containers complete successfully, the regular containers run.
+The MySQL Pods consist of a `mysql` container that runs the actual `mysqld`
+server, and an `xtrabackup` container that acts as a
+[sidecar](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns). -->
+初始化容器成功完成后，常规容器将运行。
+MySQL Pods 由运行实际 `mysqld` 服务器的 `mysql` 容器和充当[辅助工具](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns)的 xtrabackup 容器组成。
+
+<!-- The `xtrabackup` sidecar looks at the cloned data files and determines if
+it's necessary to initialize MySQL replication on the slave.
+If so, it waits for `mysqld` to be ready and then executes the
+`CHANGE MASTER TO` and `START SLAVE` commands with replication parameters
+extracted from the XtraBackup clone files. -->
+`xtrabackup` 辅助工具查看克隆的数据文件，并确定是否有必要在从属服务器上初始化 MySQL 复制。
+如果是这样，它将等待 `mysqld` 准备就绪，然后执行带有从 XtraBackup 克隆文件中提取的复制参数 `CHANGE MASTER TO` 和 `START SLAVE` 命令。
+
+<!-- Once a slave begins replication, it remembers its MySQL master and
+reconnects automatically if the server restarts or the connection dies.
+Also, because slaves look for the master at its stable DNS name
+(`mysql-0.mysql`), they automatically find the master even if it gets a new
+Pod IP due to being rescheduled. -->
+一旦从服务器开始复制后，它会记住其 MySQL 主服务器。并且如果服务器重新启动或连接中断，则会自动重新连接。
+另外，因为从服务器会以其稳定的 DNS 名称查找主服务器(`mysql-0.mysql`)，即使由于重新安排而获得新的 Pod IP，他们也会自动找到主服务器。
+
+<!-- Lastly, after starting replication, the `xtrabackup` container listens for
+connections from other Pods requesting a data clone.
+This server remains up indefinitely in case the StatefulSet scales up, or in
+case the next Pod loses its PersistentVolumeClaim and needs to redo the clone. -->
+最后，开始复制后，`xtrabackup` 容器监听来自其他 Pod 的连接数据克隆请求。
+如果 StatefulSet 扩大规模，或者下一个 Pod 失去其 PersistentVolumeClaim 并需要重新克隆，则此服务器将无限期保持运行。
+
+<!-- ## Sending client traffic -->
+## 发送客户端流量
+
+<!-- You can send test queries to the MySQL master (hostname `mysql-0.mysql`)
+by running a temporary container with the `mysql:5.7` image and running the
+`mysql` client binary. -->
+您可以通过运行带有 `mysql:5.7` 镜像的临时容器并运行 `mysql` 客户端二进制文件，将测试查询发送到 MySQL 主服务器(主机名 `mysql-0.mysql` )。
+
+```shell
+kubectl run mysql-client --image=mysql:5.7 -i --rm --restart=Never --\
+  mysql -h mysql-0.mysql <<EOF
+CREATE DATABASE test;
+CREATE TABLE test.messages (message VARCHAR(250));
+INSERT INTO test.messages VALUES ('hello');
+EOF
+```
+
+<!-- Use the hostname `mysql-read` to send test queries to any server that reports
+being Ready: -->
+使用主机名 `mysql-read` 将测试查询发送到任何报告为就绪的服务器：
+
+```shell
+kubectl run mysql-client --image=mysql:5.7 -i -t --rm --restart=Never --\
+  mysql -h mysql-read -e "SELECT * FROM test.messages"
+```
+
+<!-- You should get output like this: -->
+您应该获得如下输出：
+
+```
+Waiting for pod default/mysql-client to be running, status is Pending, pod ready: false
++---------+
+| message |
++---------+
+| hello   |
++---------+
+pod "mysql-client" deleted
+```
+
+<!-- To demonstrate that the `mysql-read` Service distributes connections across
+servers, you can run `SELECT @@server_id` in a loop: -->
+为了演示 `mysql-read` 服务在服务器之间分配连接，您可以在循环中运行 `SELECT @@server_id`：
+
+```shell
+kubectl run mysql-client-loop --image=mysql:5.7 -i -t --rm --restart=Never --\
+  bash -ic "while sleep 1; do mysql -h mysql-read -e 'SELECT @@server_id,NOW()'; done"
+```
+
+<!-- You should see the reported `@@server_id` change randomly, because a different
+endpoint might be selected upon each connection attempt: -->
+您应该看到报告的 `@@server_id` 发生随机变化，因为每次尝试连接时都可能选择了不同的端点：
+
+```
++-------------+---------------------+
+| @@server_id | NOW()               |
++-------------+---------------------+
+|         100 | 2006-01-02 15:04:05 |
++-------------+---------------------+
++-------------+---------------------+
+| @@server_id | NOW()               |
++-------------+---------------------+
+|         102 | 2006-01-02 15:04:06 |
++-------------+---------------------+
++-------------+---------------------+
+| @@server_id | NOW()               |
++-------------+---------------------+
+|         101 | 2006-01-02 15:04:07 |
++-------------+---------------------+
+```
+
+<!-- You can press **Ctrl+C** when you want to stop the loop, but it's useful to keep
+it running in another window so you can see the effects of the following steps. -->
+要停止循环时可以按 **Ctrl+C** ，但是让它在另一个窗口中运行非常有用，这样您就可以看到以下步骤的效果。
+
+<!-- ## Simulating Pod and Node downtime -->
+## 模拟 Pod 和 Node 的宕机时间
+
+<!-- To demonstrate the increased availability of reading from the pool of slaves
+instead of a single server, keep the `SELECT @@server_id` loop from above
+running while you force a Pod out of the Ready state. -->
+为了证明从从节点缓存而不是单个服务器读取数据的可用性提高，请在使 Pod 退出 Ready 状态时，保持 `SELECT @@server_id` 循环从上面运行。
+
+<!-- ### Break the Readiness Probe -->
+### 退出 Readiness Probe
+
+<!-- The [readiness probe](/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-readiness-probes)
+for the `mysql` container runs the command `mysql -h 127.0.0.1 -e 'SELECT 1'`
+to make sure the server is up and able to execute queries. -->
+`mysql` 容器的[readiness probe](/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#define-readiness-probes)运行命令 `mysql -h 127.0.0.1 -e 'SELECT 1'`，以确保服务器已启动并能够执行查询。
+
+<!-- One way to force this readiness probe to fail is to break that command: -->
+迫使 readiness probe 失败的一种方法就是执行该命令：
+
+```shell
+kubectl exec mysql-2 -c mysql -- mv /usr/bin/mysql /usr/bin/mysql.off
+```
+
+<!-- This reaches into the actual container's filesystem for Pod `mysql-2` and
+renames the `mysql` command so the readiness probe can't find it.
+After a few seconds, the Pod should report one of its containers as not Ready,
+which you can check by running: -->
+这进入 Pod `mysql-2` 的实际容器文件系统，并重命名 `mysql` 命令，以便 readiness probe 无法找到它。
+几秒钟后， Pod 会将其中一个容器报告为未就绪，您可以通过运行以下命令进行检查：
+
+```shell
+kubectl get pod mysql-2
+```
+
+<!-- Look for `1/2` in the `READY` column: -->
+在 `就绪` 列中查找 ` 1/2` ：
+
+```
+NAME      READY     STATUS    RESTARTS   AGE
+mysql-2   1/2       Running   0          3m
+```
+
+<!-- At this point, you should see your `SELECT @@server_id` loop continue to run,
+although it never reports `102` anymore.
+Recall that the `init-mysql` script defined `server-id` as `100 + $ordinal`,
+so server ID `102` corresponds to Pod `mysql-2`. -->
+此时，您应该会看到 `SELECT @@server_id` 循环继续运行，尽管它不再报告 `102` 。
+回想一下，`init-mysql` 脚本将 `server-id` 定义为 `100 + $ordinal` ，因此服务器 ID `102` 对应于 Pod `mysql-2`。
+
+<!-- Now repair the Pod and it should reappear in the loop output
+after a few seconds: -->
+现在修复 Pod，几秒钟后它应该重新出现在循环输出中：
+
+```shell
+kubectl exec mysql-2 -c mysql -- mv /usr/bin/mysql.off /usr/bin/mysql
+```
+
+<!-- ### Delete Pods -->
+### 删除 Pods
+
+<!-- The StatefulSet also recreates Pods if they're deleted, similar to what a
+ReplicaSet does for stateless Pods. -->
+如果删除了 Pod，则 StatefulSet 还会重新创建 Pod，类似于 ReplicaSet 对无状态 Pod 所做的操作。
+
+```shell
+kubectl delete pod mysql-2
+```
+
+<!-- The StatefulSet controller notices that no `mysql-2` Pod exists anymore,
+and creates a new one with the same name and linked to the same
+PersistentVolumeClaim.
+You should see server ID `102` disappear from the loop output for a while
+and then return on its own. -->
+StatefulSet 控制器注意到不再存在 `mysql-2` Pod，并创建了一个具有相同名称并链接到相同    PersistentVolumeClaim 的新 Pod。
+您应该看到服务器 ID `102` 从循环输出中消失了一段时间，然后自行返回。
+
+<!-- ### Drain a Node -->
+### 排除 Node
+
+<!-- If your Kubernetes cluster has multiple Nodes, you can simulate Node downtime
+(such as when Nodes are upgraded) by issuing a
+[drain](/docs/reference/generated/kubectl/kubectl-commands/#drain). -->
+如果您的 Kubernetes 集群具有多个节点，则可以通过发出以下命令[drain](/docs/reference/generated/kubectl/kubectl-commands/#drain)来模拟节点停机时间(例如升级节点时)。
+
+<!-- First determine which Node one of the MySQL Pods is on: -->
+首先确定 MySQL Pods 之一在哪个节点上：
+
+```shell
+kubectl get pod mysql-2 -o wide
+```
+
+<!-- The Node name should show up in the last column: -->
+节点名称应显示在最后一列中：
+
+```
+NAME      READY     STATUS    RESTARTS   AGE       IP            NODE
+mysql-2   2/2       Running   0          15m       10.244.5.27   kubernetes-node-9l2t
+```
+
+<!-- Then drain the Node by running the following command, which cordons it so
+no new Pods may schedule there, and then evicts any existing Pods.
+Replace `<node-name>` with the name of the Node you found in the last step. -->
+然后通过运行以下命令耗尽节点，该命令将其封锁，以使新的 Pod 不能在那里调度，然后驱逐任何现有的 Pod。
+将 `<node-name>` 替换为在上一步中找到的 Node 的名称。
+
+
+<!-- This might impact other applications on the Node, so it's best to
+**only do this in a test cluster**. -->
+这可能会影响节点上的其他应用程序，因此最好
+**仅在测试集群中执行此操作**。
+
+```shell
+kubectl drain <node-name> --force --delete-local-data --ignore-daemonsets
+```
+
+<!-- Now you can watch as the Pod reschedules on a different Node: -->
+现在，您可以观察 Pod 在其他节点上的重新安排：
+
+```shell
+kubectl get pod mysql-2 -o wide --watch
+```
+
+<!-- It should look something like this: -->
+它看起来应该像这样：
+
+```
+NAME      READY   STATUS          RESTARTS   AGE       IP            NODE
+mysql-2   2/2     Terminating     0          15m       10.244.1.56   kubernetes-node-9l2t
+[...]
+mysql-2   0/2     Pending         0          0s        <none>        kubernetes-node-fjlm
+mysql-2   0/2     Init:0/2        0          0s        <none>        kubernetes-node-fjlm
+mysql-2   0/2     Init:1/2        0          20s       10.244.5.32   kubernetes-node-fjlm
+mysql-2   0/2     PodInitializing 0          21s       10.244.5.32   kubernetes-node-fjlm
+mysql-2   1/2     Running         0          22s       10.244.5.32   kubernetes-node-fjlm
+mysql-2   2/2     Running         0          30s       10.244.5.32   kubernetes-node-fjlm
+```
+
+<!-- And again, you should see server ID `102` disappear from the
+`SELECT @@server_id` loop output for a while and then return. -->
+再次，您应该看到服务器 ID `102` 从 `SELECT @@server_id` 循环输出一段时间，然后返回。
+
+<!-- Now uncordon the Node to return it to a normal state: -->
+现在 uncordon 节点,使其恢复为正常模式:
+
+```shell
+kubectl uncordon <node-name>
+```
+
+<!-- ## Scaling the number of slaves -->
+## 扩展从节点数量
+
+<!-- With MySQL replication, you can scale your read query capacity by adding slaves.
+With StatefulSet, you can do this with a single command: -->
+使用 MySQL 复制，您可以通过添加从节点来扩展读取查询的能力。
+使用 StatefulSet，您可以使用单个命令执行此操作：
+
+```shell
+kubectl scale statefulset mysql  --replicas=5
+```
+
+<!-- Watch the new Pods come up by running: -->
+查看新的 Pod 的运行情况：
+
+```shell
+kubectl get pods -l app=mysql --watch
+```
+
+<!-- Once they're up, you should see server IDs `103` and `104` start appearing in
+the `SELECT @@server_id` loop output.
+
+You can also verify that these new servers have the data you added before they
+existed: -->
+一旦 Pod 启动，您应该看到服务器 IDs `103` 和 `104` 开始出现在 `SELECT @@server_id` 循环输出中。
+
+您还可以验证这些新服务器在存在之前已添加了数据：
+
+```shell
+kubectl run mysql-client --image=mysql:5.7 -i -t --rm --restart=Never --\
+  mysql -h mysql-3.mysql -e "SELECT * FROM test.messages"
+```
+
+```
+Waiting for pod default/mysql-client to be running, status is Pending, pod ready: false
++---------+
+| message |
++---------+
+| hello   |
++---------+
+pod "mysql-client" deleted
+```
+
+<!-- Scaling back down is also seamless: -->
+向下缩放也是不停顿的：
+
+```shell
+kubectl scale statefulset mysql --replicas=3
+```
+
+<!-- Note, however, that while scaling up creates new PersistentVolumeClaims
+automatically, scaling down does not automatically delete these PVCs.
+This gives you the choice to keep those initialized PVCs around to make
+scaling back up quicker, or to extract data before deleting them. -->
+但是请注意，按比例放大会自动创建新的 PersistentVolumeClaims，而按比例缩小不会自动删除这些 PVC。
+这使您可以选择保留那些初始化的 PVC，以更快地进行缩放，或者在删除它们之前提取数据。
+
+<!-- You can see this by running: -->
+您可以通过运行以下命令查看此信息：
+
+```shell
+kubectl get pvc -l app=mysql
+```
+
+<!-- Which shows that all 5 PVCs still exist, despite having scaled the
+StatefulSet down to 3: -->
+这表明，尽管将 StatefulSet 缩小为3，所有5个 PVC 仍然存在：
+
+```
+NAME           STATUS    VOLUME                                     CAPACITY   ACCESSMODES   AGE
+data-mysql-0   Bound     pvc-8acbf5dc-b103-11e6-93fa-42010a800002   10Gi       RWO           20m
+data-mysql-1   Bound     pvc-8ad39820-b103-11e6-93fa-42010a800002   10Gi       RWO           20m
+data-mysql-2   Bound     pvc-8ad69a6d-b103-11e6-93fa-42010a800002   10Gi       RWO           20m
+data-mysql-3   Bound     pvc-50043c45-b1c5-11e6-93fa-42010a800002   10Gi       RWO           2m
+data-mysql-4   Bound     pvc-500a9957-b1c5-11e6-93fa-42010a800002   10Gi       RWO           2m
+```
+
+<!-- If you don't intend to reuse the extra PVCs, you can delete them: -->
+如果您不打算重复使用多余的 PVC，则可以删除它们：
+
+```shell
+kubectl delete pvc data-mysql-3
+kubectl delete pvc data-mysql-4
+```
+
+{{% /capture %}}
+
+{{% capture cleanup %}}
+
+<!-- 1. Cancel the `SELECT @@server_id` loop by pressing **Ctrl+C** in its terminal,
+   or running the following from another terminal: -->
+1. 通过在终端上按 **Ctrl+C** 取消 `SELECT @@server_id` 循环，或从另一个终端运行以下命令：
+
+   ```shell
+   kubectl delete pod mysql-client-loop --now
+   ```
+
+<!-- 1. Delete the StatefulSet. This also begins terminating the Pods. -->
+1. 删除 StatefulSet。这也开始终止 Pod。
+
+   ```shell
+   kubectl delete statefulset mysql
+   ```
+
+<!-- 1. Verify that the Pods disappear.
+   They might take some time to finish terminating. -->
+1. 验证 Pod 消失。
+   他们可能需要一些时间才能完成终止。
+
+   ```shell
+   kubectl get pods -l app=mysql
+   ```
+
+   <!-- You'll know the Pods have terminated when the above returns: -->
+   当以上内容返回时，您将知道 Pod 已终止：
+
+   ```
+   No resources found.
+   ```
+
+<!-- 1. Delete the ConfigMap, Services, and PersistentVolumeClaims. -->
+1. 删除 ConfigMap，Services 和 PersistentVolumeClaims。
+
+   ```shell
+   kubectl delete configmap,service,pvc -l app=mysql
+   ```
+
+<!-- 1. If you manually provisioned PersistentVolumes, you also need to manually
+   delete them, as well as release the underlying resources.
+   If you used a dynamic provisioner, it automatically deletes the
+   PersistentVolumes when it sees that you deleted the PersistentVolumeClaims.
+   Some dynamic provisioners (such as those for EBS and PD) also release the
+   underlying resources upon deleting the PersistentVolumes. -->
+1. 如果您手动设置 PersistentVolume，则还需要手动删除它们，并释放基础资源。
+   如果您使用了动态预配器，当得知您删除 PersistentVolumeClaims 时，它将自动删除 PersistentVolumes。
+   一些动态预配器(例如用于 EBS 和 PD 的预配器)也会在删除 PersistentVolumes 时释放基础资源。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!-- * Look in the [Helm Charts repository](https://github.com/kubernetes/charts)
+  for other stateful application examples. -->
+* 在[Helm Charts 存储库](https://github.com/kubernetes/charts)中查找其他有状态的应用程序示例。
+
+{{% /capture %}}
+
+
+
diff --git a/content/zh/docs/tasks/run-application/run-single-instance-stateful-application.md b/content/zh/docs/tasks/run-application/run-single-instance-stateful-application.md
index 7d0bfb87e6c5c..bd4c6164047a8 100644
--- a/content/zh/docs/tasks/run-application/run-single-instance-stateful-application.md
+++ b/content/zh/docs/tasks/run-application/run-single-instance-stateful-application.md
@@ -5,16 +5,16 @@ content_template: templates/tutorial
 
 {{% capture overview %}}
 
-本文介绍在Kubernetes中使用PersistentVolume和Deployment如何运行一个单实例有状态应用. 该应用是MySQL.
+本文介绍在 Kubernetes 中使用 PersistentVolume 和 Deployment 如何运行一个单实例有状态应用. 该应用是 MySQL.
 
 {{% /capture %}}
 
 
 {{% capture objectives %}}
 
-* 在环境中通过磁盘创建一个PersistentVolume.
-* 创建一个MySQL Deployment.
-* 在集群内以一个已知的DNS名将MySQL暴露给其他pods.
+* 在环境中通过磁盘创建一个 PersistentVolume.
+* 创建一个 MySQL Deployment.
+* 在集群内以一个已知的 DNS 名将 MySQL 暴露给其他 pods.
 
 {{% /capture %}}
 
@@ -23,59 +23,39 @@ content_template: templates/tutorial
 
 * {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
 
-* 为了数据持久性我们将在环境上通过磁盘创建一个持久卷. 环境支持的类型见这里[here](/docs/user-guide/persistent-volumes/#types-of-persistent-volumes). 本篇文档将介绍 `GCEPersistentDisk` . `GCEPersistentDisk`卷只能工作在Google Compute Engine平台上.
+* {{< include "default-storage-class-prereqs.md" >}}
 
 {{% /capture %}}
 
 
 {{% capture lessoncontent %}}
 
-## 在环境中设置一个磁盘
-
-你可以为有状态的应用使用任何类型的持久卷. 有关支持环境的磁盘列表，请参考持久卷类型[Types of Persistent Volumes](/docs/user-guide/persistent-volumes/#types-of-persistent-volumes). 对于Google Compute Engine, 请运行:
-
-```
-gcloud compute disks create --size=20GB mysql-disk
-```
-
-
-接下来创建一个指向刚创建的 `mysql-disk`磁盘的PersistentVolume. 下面是一个PersistentVolume的配置文件，它指向上面创建的Compute Engine磁盘:
-
-{{< code file="gce-volume.yaml" >}}
-
-注意`pdName: mysql-disk` 这行与Compute Engine环境中的磁盘名称相匹配. 有关为其
-他环境编写PersistentVolume配置文件的详细信息，请参见持久卷[Persistent Volumes](/docs/concepts/storage/persistent-volumes/).
-
-
-创建持久卷:
-
-```
-kubectl create -f https://k8s.io/docs/tasks/run-application/gce-volume.yaml
-```
 
+## 部署 MySQL
 
+通过创建 Kubernetes Deployment 并使用 PersistentVolumeClaim 将其连接到现已存在的 PersistentVolume 上来运行一个有状态的应用.  例如, 下面这个 YAML 文件描述了一个运行 MySQL
+并引用 PersistentVolumeClaim 的 Deployment. 该文件定义了一个 volume 其挂载目录为 `/var/lib/mysql`, 然后创建一个大小为 20G 的卷的 PersistentVolumeClaim. 此申领可以通过任
+何符合需求的已有卷来满足, 或者被动态分配.
 
-## 部署MySQL
 
-通过创建Kubernetes Deployment并使用PersistentVolumeClaim将其连接到现已存在的PersistentVolume上来运行一个有状态的应用.  例如, 下面这个YAML文件描述了一个运行MySQL
-并引用PersistentVolumeClaim的Deployment. 该文件定义了一个volume其挂载目录为/var/lib/mysql, 然后创建一个内存为20G的卷的PersistentVolumeClaim. 此申领可以通过任
-何符合需求的卷来满足, 在本例中满足上面创建的卷.
-
-
-注意: 在配置的yaml文件中定义密码的做法是不安全的. 具体安全解决方案请参考
+注意: 在配置的 yaml 文件中定义密码的做法是不安全的. 具体安全解决方案请参考
 [Kubernetes Secrets](/docs/concepts/configuration/secret/).
 
-{{< code file="mysql-deployment.yaml" >}}
+{{< codenew file="application/mysql/mysql-deployment.yaml" >}}
+{{< codenew file="application/mysql/mysql-pv.yaml" >}}
+
 
+1. 部署 YAML 文件中定义的 PV 和 PVC:
 
-1. 部署YAML文件中定义的内容:
+        kubectl apply -f https://k8s.io/examples/application/mysql/mysql-pv.yaml
 
-       kubectl create -f https://k8s.io/docs/tasks/run-application/mysql-deployment.yaml
+1. 部署 YAML 文件中定义的内容:
 
+        kubectl apply -f https://k8s.io/examples/application/mysql/mysql-deployment.yaml
 
-1. 展示Deployment相关信息:
+1. 展示 Deployment 相关信息:
 
-       kubectl describe deployment mysql
+        kubectl describe deployment mysql
 
         Name:                 mysql
         Namespace:            default
@@ -101,77 +81,57 @@ kubectl create -f https://k8s.io/docs/tasks/run-application/gce-volume.yaml
             Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
             ClaimName:  mysql-pv-claim
             ReadOnly:   false
-        Conditions:
-          Type          Status  Reason
-          ----          ------  ------
-          Available     False   MinimumReplicasUnavailable
-          Progressing   True    ReplicaSetUpdated
-        OldReplicaSets:       <none>
-        NewReplicaSet:        mysql-63082529 (1/1 replicas created)
-        Events:
-          FirstSeen    LastSeen    Count    From                SubobjectPath    Type        Reason            Message
-          ---------    --------    -----    ----                -------------    --------    ------            -------
-          33s          33s         1        {deployment-controller }             Normal      ScalingReplicaSet Scaled up replica set mysql-63082529 to 1
+            Conditions:
+              Type          Status  Reason
+              ----          ------  ------
+              Available     False   MinimumReplicasUnavailable
+              Progressing   True    ReplicaSetUpdated
+              OldReplicaSets:       <none>
+              NewReplicaSet:        mysql-63082529 (1/1 replicas created)
+              Events:
+                FirstSeen    LastSeen    Count    From                SubobjectPath    Type        Reason            Message
+                ---------    --------    -----    ----                -------------    --------    ------            -------
+                33s          33s         1        {deployment-controller }             Normal      ScalingReplicaSet Scaled up replica set mysql-63082529 to 1
 
 
-1. 列举出Deployment创建的pods:
+1. 列举出 Deployment 创建的 pods:
 
-       kubectl get pods -l app=mysql
+        kubectl get pods -l app=mysql
 
         NAME                   READY     STATUS    RESTARTS   AGE
         mysql-63082529-2z3ki   1/1       Running   0          3m
 
+1. 查看 PersistentVolumeClaim:
 
-1. 查看持久卷:
-
-       kubectl describe pv mysql-pv
-
-        Name:            mysql-pv
-        Labels:          <none>
-        Status:          Bound
-        Claim:           default/mysql-pv-claim
-        Reclaim Policy:  Retain
-        Access Modes:    RWO
-        Capacity:        20Gi
-        Message:
-        Source:
-            Type:        GCEPersistentDisk (a Persistent Disk resource in Google Compute Engine)
-            PDName:      mysql-disk
-            FSType:      ext4
-            Partition:   0
-            ReadOnly:    false
-        No events.
-
-
-1. 查看PersistentVolumeClaim:
-
-       kubectl describe pvc mysql-pv-claim
+        kubectl describe pvc mysql-pv-claim
 
         Name:         mysql-pv-claim
         Namespace:    default
+        StorageClass:
         Status:       Bound
-        Volume:       mysql-pv
+        Volume:       mysql-pv-volume
         Labels:       <none>
+        Annotations:    pv.kubernetes.io/bind-completed=yes
+                        pv.kubernetes.io/bound-by-controller=yes
         Capacity:     20Gi
         Access Modes: RWO
-        No events.
-
+        Events:       <none>
 
-## 访问MySQL实例
+## 访问 MySQL 实例
 
 
-前面YAML文件中创建了一个允许集群内其他pods访问数据库的服务. 该服务中选项
-`clusterIP: None` 让服务DNS名称直接解析为Pod的IP地址. 当在一个服务下只有一个pod
-并且不打算增加pods的数量这是最好的.
+前面 YAML 文件中创建了一个允许集群内其他 pods 访问数据库的服务. 该服务中选项
+`clusterIP: None` 让服务 DNS 名称直接解析为 Pod 的 IP 地址. 当在一个服务下只有一个 pod
+并且不打算增加 pods 的数量这是最好的.
 
 
-运行MySQL客户端以连接到服务器:
+运行 MySQL 客户端以连接到服务器:
 
 ```
-kubectl run -it --rm --image=mysql:5.6 mysql-client -- mysql -h <pod-ip> -p <password>
+kubectl run -it --rm --image=mysql:5.6 --restart=Never mysql-client -- mysql -h mysql -ppassword
 ```
 
-此命令在集群内创建一个新的Pod并运行MySQL客户端,并通过服务将其连接到服务器.如果连接成功,你就知道有状态的MySQL database正处于运行状态.
+此命令在集群内创建一个新的 Pod 并运行 MySQL 客户端,并通过 Service 将其连接到服务器.如果连接成功,你就知道有状态的 MySQL 数据库正处于运行状态.
 
 ```
 Waiting for pod default/mysql-client-274442439-zyp6i to be running, status is Pending, pod ready: false
@@ -183,16 +143,16 @@ mysql>
 ## 更新
 
 
-Deployment中镜像或其他部分同往常一样可以通过 `kubectl apply` 命令更新. 以下是
+Deployment 中镜像或其他部分同往常一样可以通过 `kubectl apply` 命令更新. 以下是
 特定于有状态应用的一些注意事项:
 
-* 不要弹性伸缩. 弹性伸缩仅适用于单实例应用. 下层的PersistentVolume仅只能挂载一个pod. 对于集群级有状态应用, 请参考StatefulSet文档
+* 不要弹性伸缩. 弹性伸缩仅适用于单实例应用. 下层的 PersistentVolume 仅只能挂载一个 pod. 对于集群级有状态应用, 请参考 StatefulSet 文档
   [StatefulSet documentation](/docs/concepts/workloads/controllers/statefulset/).
-* 在Deployment的YAML文件中使用 `strategy:` `type: Recreate` . 该选项指示Kubernetes不使用滚动升级. 滚动升级将无法工作, 由于一次不能运行多个pod. 在更新配置文件
-创建一个新的pod前 `Recreate`策略将先停止第一个pod.
+* 在 Deployment 的 YAML 文件中使用 `strategy:` `type: Recreate` . 该选项指示 Kubernetes 不使用滚动升级. 滚动升级将无法工作, 由于一次不能运行多个 pod. 在更新配置文件
+创建一个新的 pod 前 `Recreate` 策略将先停止第一个 pod.
 
 
-## 删除deployment
+## 删除 Deployment
 
 
 通过名称删除部署的对象:
@@ -200,27 +160,24 @@ Deployment中镜像或其他部分同往常一样可以通过 `kubectl apply` 
 ```
 kubectl delete deployment,svc mysql
 kubectl delete pvc mysql-pv-claim
-kubectl delete pv mysql-pv
+kubectl delete pv mysql-pv-volume
 ```
 
-如果使用Compute Engine磁盘，也可以使用如下命令:
-
-```
-gcloud compute disks delete mysql-disk
-```
+如果通过手动的方式分配 PersistentVolume, 那么也需要手动的删除它，以及释放下层资源.
+如果是用过动态分配 PersistentVolume 的方式，在删除 PersistentVolumeClaim 后 PersistentVolume 将被自动的删除. 一些存储服务(比如 EBS 和 PD)也会在 PersistentVolume 被删除时自动回收下层资源.
 
 {{% /capture %}}
 
 
 {{% capture whatsnext %}}
 
-* 了解更多Deployment对象请参考 [Deployment objects](/docs/concepts/workloads/controllers/deployment/).
+* 了解更多 Deployment 对象请参考 [Deployment objects](/docs/concepts/workloads/controllers/deployment/).
 
-* 了解更多Deployment应用请参考 [Deploying applications](/docs/user-guide/deploying-applications/)
+* 了解更多 Deployment 应用请参考 [Deploying applications](/docs/user-guide/deploying-applications/)
 
-* kubectl run文档请参考[kubectl run documentation](/docs/user-guide/kubectl/v1.6/#run)
+* kubectl run 文档请参考[kubectl run documentation](/docs/reference/generated/kubectl/kubectl-commands/#run)
 
-* 卷和持久卷请参考[Volumes](/docs/concepts/storage/volumes/) and [Persistent Volumes](/docs/concepts/storage/persistent-volumes/)
+* 卷和持久卷请参考 [Volumes](/docs/concepts/storage/volumes/) 和 [Persistent Volumes](/docs/concepts/storage/persistent-volumes/)
 
 {{% /capture %}}
 
diff --git a/content/zh/docs/tasks/run-application/update-api-object-kubectl-patch.md b/content/zh/docs/tasks/run-application/update-api-object-kubectl-patch.md
new file mode 100644
index 0000000000000..c2a9354e4aeb0
--- /dev/null
+++ b/content/zh/docs/tasks/run-application/update-api-object-kubectl-patch.md
@@ -0,0 +1,507 @@
+---
+title: 使用 kubectl patch 更新 API 对象
+description: 使用 kubectl patch 更新 Kubernetes API 对象。做一个策略性的合并 patch 或 JSON 合并 patch。
+content_template: templates/task
+weight: 40
+---
+
+<!--
+---
+title: Update API Objects in Place Using kubectl patch
+description: Use kubectl patch to update Kubernetes API objects in place. Do a strategic merge patch or a JSON merge patch.
+content_template: templates/task
+weight: 40
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This task shows how to use `kubectl patch` to update an API object in place. The exercises
+in this task demonstrate a strategic merge patch and a JSON merge patch.
+-->
+
+这个任务展示了如何使用 `kubectl patch` 就地更新 API 对象。这个任务中的练习演示了一个策略性合并 patch 和一个 JSON 合并 patch。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Use a strategic merge patch to update a Deployment
+-->
+
+## 使用策略合并 patch 更新 Deployment
+
+<!--
+Here's the configuration file for a Deployment that has two replicas. Each replica
+is a Pod that has one container:
+-->
+
+下面是具有两个副本的 Deployment 的配置文件。每个副本是一个 Pod，有一个容器：
+
+{{< codenew file="application/deployment-patch.yaml" >}}
+
+<!--
+Create the Deployment:
+-->
+
+创建 Deployment：
+
+```shell
+kubectl create -f https://k8s.io/examples/application/deployment-patch.yaml
+```
+
+<!--
+View the Pods associated with your Deployment:
+-->
+查看与 Deployment 相关的 Pod：
+
+```shell
+kubectl get pods
+```
+
+<!--
+The output shows that the Deployment has two Pods. The `1/1` indicates that
+each Pod has one container:
+-->
+输出显示 Deployment 有两个 Pod。`1/1` 表示每个 Pod 有一个容器:
+
+```
+NAME                        READY     STATUS    RESTARTS   AGE
+patch-demo-28633765-670qr   1/1       Running   0          23s
+patch-demo-28633765-j5qs3   1/1       Running   0          23s
+```
+
+<!--
+Make a note of the names of the running Pods. Later, you will see that these Pods
+get terminated and replaced by new ones.
+-->
+把运行的 Pod 的名字记下来。稍后，您将看到这些 Pod 被终止并被新的 Pod 替换。
+
+<!--
+At this point, each Pod has one Container that runs the nginx image. Now suppose
+you want each Pod to have two containers: one that runs nginx and one that runs redis.
+-->
+此时，每个 Pod 都有一个运行 nginx 镜像的容器。现在假设您希望每个 Pod 有两个容器：一个运行 nginx，另一个运行 redis。
+
+<!--
+Create a file named `patch-file-containers.yaml` that has this content:
+-->
+创建一个名为 `patch-file-containers.yaml` 的文件。内容如下:
+
+```yaml
+spec:
+  template:
+    spec:
+      containers:
+      - name: patch-demo-ctr-2
+        image: redis
+```
+
+<!--
+Patch your Deployment:
+-->
+修补您的 Deployment：
+
+```shell
+kubectl patch deployment patch-demo --patch "$(cat patch-file-containers.yaml)"
+```
+<!--
+View the patched Deployment:
+-->
+查看修补后的 Deployment：
+
+```shell
+kubectl get deployment patch-demo --output yaml
+```
+
+<!--
+The output shows that the PodSpec in the Deployment has two Containers:
+-->
+输出显示 Deployment 中的 PodSpec 有两个容器:
+
+```shell
+containers:
+- image: redis
+  imagePullPolicy: Always
+  name: patch-demo-ctr-2
+  ...
+- image: nginx
+  imagePullPolicy: Always
+  name: patch-demo-ctr
+  ...
+```
+
+<!--
+View the Pods associated with your patched Deployment:
+-->
+查看与 patch Deployment 相关的 Pod:
+
+```shell
+kubectl get pods
+```
+
+<!--
+The output shows that the running Pods have different names from the Pods that
+were running previously. The Deployment terminated the old Pods and created two
+new Pods that comply with the updated Deployment spec. The `2/2` indicates that
+each Pod has two Containers:
+-->
+输出显示正在运行的 Pod 与以前运行的 Pod 有不同的名称。Deployment 终止了旧的 Pod，并创建了两个
+符合更新的部署规范的新 Pod。`2/2` 表示每个 Pod 有两个容器:
+
+```
+NAME                          READY     STATUS    RESTARTS   AGE
+patch-demo-1081991389-2wrn5   2/2       Running   0          1m
+patch-demo-1081991389-jmg7b   2/2       Running   0          1m
+```
+
+<!--
+Take a closer look at one of the patch-demo Pods:
+-->
+仔细查看其中一个 patch-demo Pod:
+
+```shell
+kubectl get pod <your-pod-name> --output yaml
+```
+
+<!--
+The output shows that the Pod has two Containers: one running nginx and one running redis:
+-->
+输出显示 Pod 有两个容器:一个运行 nginx，一个运行 redis:
+
+```
+containers:
+- image: redis
+  ...
+- image: nginx
+  ...
+```
+
+<!--
+### Notes on the strategic merge patch
+-->
+
+### 策略性合并类的 patch
+
+<!--
+The patch you did in the preceding exercise is called a *strategic merge patch*.
+Notice that the patch did not replace the `containers` list. Instead it added a new
+Container to the list. In other words, the list in the patch was merged with the
+existing list. This is not always what happens when you use a strategic merge patch on a list.
+In some cases, the list is replaced, not merged.
+-->
+您在前面的练习中所做的 patch 称为`策略性合并 patch`。
+请注意，patch 没有替换`容器`列表。相反，它向列表中添加了一个新容器。换句话说，
+patch 中的列表与现有列表合并。当您在列表中使用策略性合并 patch 时，并不总是这样。
+在某些情况下，列表是替换的，而不是合并的。
+
+<!--
+With a strategic merge patch, a list is either replaced or merged depending on its
+patch strategy. The patch strategy is specified by the value of the `patchStrategy` key
+in a field tag in the Kubernetes source code. For example, the `Containers` field of `PodSpec`
+struct has a `patchStrategy` of `merge`:
+-->
+对于策略性合并 patch，列表可以根据其 patch 策略进行替换或合并。patch 策略由 Kubernetes 源代码中字段标记中的 `patchStrategy` 键的值指定。
+例如，`PodSpec` 结构体的 `Containers` 字段有 `merge` 的 `patchStrategy`：
+
+```go
+type PodSpec struct {
+  ...
+  Containers []Container `json:"containers" patchStrategy:"merge" patchMergeKey:"name" ...`
+```
+
+<!--
+You can also see the patch strategy in the
+[OpenApi spec](https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json):
+-->
+
+您还可以在 [OpenApi spec](https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json)
+规范中看到 patch 策略：
+
+```json
+"io.k8s.api.core.v1.PodSpec": {
+    ...
+     "containers": {
+      "description": "List of containers belonging to the pod. ...
+      },
+      "x-kubernetes-patch-merge-key": "name",
+      "x-kubernetes-patch-strategy": "merge"
+     },
+```
+
+<!--
+And you can see the patch strategy in the
+[Kubernetes API documentation](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core).
+-->
+您可以在 [Kubernetes API 文档](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core)
+中看到 patch 策略
+
+<!--
+Create a file named `patch-file-tolerations.yaml` that has this content:
+-->
+创建一个名为 `patch-file-tolerations.yaml` 的文件。内容如下:
+
+```yaml
+spec:
+  template:
+    spec:
+      tolerations:
+      - effect: NoSchedule
+        key: disktype
+        value: ssd
+```
+
+<!--
+Patch your Deployment:
+-->
+patch Deployment：
+
+```shell
+kubectl patch deployment patch-demo --patch "$(cat patch-file-tolerations.yaml)"
+```
+
+<!--
+View the patched Deployment:
+-->
+查看 patch Deployment：
+
+```shell
+kubectl get deployment patch-demo --output yaml
+```
+
+<!--
+The output shows that the PodSpec in the Deployment has only one Toleration:
+-->
+输出结果显示部署中的 PodSpec 只有一个默认：
+
+```shell
+tolerations:
+      - effect: NoSchedule
+        key: disktype
+        value: ssd
+```
+
+<!--
+Notice that the `tolerations` list in the PodSpec was replaced, not merged. This is because
+the Tolerations field of PodSpec does not have a `patchStrategy` key in its field tag. So the
+strategic merge patch uses the default patch strategy, which is `replace`.
+-->
+请注意，PodSpec 中的 `tolerations` 列表被替换，而不是合并。这是因为 PodSpec 的 tolerance 字段的字段标签中没有
+`patchStrategy` 键。所以策略合并 patch 使用默认的 patch 策略，也就是 `replace`。
+
+```go
+type PodSpec struct {
+  ...
+  Tolerations []Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"`
+```
+
+<!--
+## Use a JSON merge patch to update a Deployment
+-->
+## 使用 JSON 合并 patch 更新部署
+
+<!--
+A strategic merge patch is different from a
+[JSON merge patch](https://tools.ietf.org/html/rfc7386).
+With a JSON merge patch, if you
+want to update a list, you have to specify the entire new list. And the new list completely
+replaces the existing list.
+-->
+策略性合并 patch 不同于 [JSON 合并 patch](https://tools.ietf.org/html/rfc7386)。
+使用 JSON 合并 patch，如果您想更新列表，您必须指定整个新列表。新的列表完全取代了现有的列表。
+
+<!--
+The `kubectl patch` command has a `type` parameter that you can set to one of these values:
+-->
+`kubectl patch` 命令有一个 `type` 参数，您可以将其设置为以下值之一:
+
+<table>
+  <tr><th>Parameter value</th><th>Merge type</th></tr>
+  <tr><td>json</td><td><a href="https://tools.ietf.org/html/rfc6902">JSON Patch, RFC 6902</a></td></tr>
+  <tr><td>merge</td><td><a href="https://tools.ietf.org/html/rfc7386">JSON Merge Patch, RFC 7386</a></td></tr>
+  <tr><td>strategic</td><td>Strategic merge patch</td></tr>
+</table>
+
+<!--
+For a comparison of JSON patch and JSON merge patch, see
+[JSON Patch and JSON Merge Patch](http://erosb.github.io/post/json-patch-vs-merge-patch/).
+-->
+有关 JSON patch 和 JSON 合并 patch 的比较，查看[ JSON patch 和 JSON 合并 patch](http://erosb.github.io/post/json-patch-vs-merge-patch/)。
+
+<!--
+The default value for the `type` parameter is `strategic`. So in the preceding exercise, you
+did a strategic merge patch.
+-->
+`type` 参数的默认值是 `strategic`。在前面的练习中，我们做了一个策略性的合并 patch。
+
+<!--
+Next, do a JSON merge patch on your same Deployment. Create a file named `patch-file-2.yaml`
+that has this content:
+-->
+下一步，在相同的部署上执行 JSON 合并 patch。创建一个名为 `patch-file-2` 的文件。内容如下:
+
+```yaml
+spec:
+  template:
+    spec:
+      containers:
+      - name: patch-demo-ctr-3
+        image: gcr.io/google-samples/node-hello:1.0
+```
+
+<!--
+In your patch command, set `type` to `merge`:
+-->
+在 patch 命令中，将 `type` 设置为 `merge`：
+
+```shell
+kubectl patch deployment patch-demo --type merge --patch "$(cat patch-file-2.yaml)"
+```
+
+<!--
+View the patched Deployment:
+-->
+查看 patch 部署：
+
+```shell
+kubectl get deployment patch-demo --output yaml
+```
+
+<!--
+The `containers` list that you specified in the patch has only one Container.
+The output shows that your list of one Container replaced the existing `containers` list.
+-->
+patch 中指定的`容器`列表只有一个容器。
+输出显示您的一个容器列表替换了现有的`容器`列表。
+
+```shell
+spec:
+  containers:
+  - image: gcr.io/google-samples/node-hello:1.0
+    ...
+    name: patch-demo-ctr-3
+```
+
+<!--
+List the running Pods:
+-->
+列表中运行的 Pod：
+
+```shell
+kubectl get pods
+```
+
+<!--
+In the output, you can see that the existing Pods were terminated, and new Pods
+were created. The `1/1` indicates that each new Pod is running only one Container.
+-->
+在输出中，您可以看到已经终止了现有的 Pod，并创建了新的 Pod。`1/1` 表示每个新 Pod只运行一个容器。
+
+```shell
+NAME                          READY     STATUS    RESTARTS   AGE
+patch-demo-1307768864-69308   1/1       Running   0          1m
+patch-demo-1307768864-c86dc   1/1       Running   0          1m
+```
+
+<!--
+## Alternate forms of the kubectl patch command
+-->
+
+## kubectl patch 命令的其他形式
+
+<!--
+The `kubectl patch` command takes YAML or JSON. It can take the patch as a file or
+directly on the command line.
+-->
+ `kubectl patch` 命令使用 YAML 或 JSON。它可以将 patch 作为文件，也可以直接在命令行中使用。
+
+<!--
+Create a file named `patch-file.json` that has this content:
+-->
+创建一个文件名称是 `patch-file.json` 内容如下：
+
+```json
+{
+   "spec": {
+      "template": {
+         "spec": {
+            "containers": [
+               {
+                  "name": "patch-demo-ctr-2",
+                  "image": "redis"
+               }
+            ]
+         }
+      }
+   }
+}
+```
+
+<!--
+The following commands are equivalent:
+-->
+以下命令是相同的：
+
+```shell
+kubectl patch deployment patch-demo --patch "$(cat patch-file.yaml)"
+kubectl patch deployment patch-demo --patch 'spec:\n template:\n  spec:\n   containers:\n   - name: patch-demo-ctr-2\n     image: redis'
+
+kubectl patch deployment patch-demo --patch "$(cat patch-file.json)"
+kubectl patch deployment patch-demo --patch '{"spec": {"template": {"spec": {"containers": [{"name": "patch-demo-ctr-2","image": "redis"}]}}}}'
+```
+
+<!--
+## Summary
+-->
+
+## 总结
+
+<!--
+In this exercise, you used `kubectl patch` to change the live configuration
+of a Deployment object. You did not change the configuration file that you originally used to
+create the Deployment object. Other commands for updating API objects include
+[kubectl annotate](/docs/reference/generated/kubectl/kubectl-commands/#annotate),
+[kubectl edit](/docs/reference/generated/kubectl/kubectl-commands/#edit),
+[kubectl replace](/docs/reference/generated/kubectl/kubectl-commands/#replace),
+[kubectl scale](/docs/reference/generated/kubectl/kubectl-commands/#scale),
+and
+[kubectl apply](/docs/reference/generated/kubectl/kubectl-commands/#apply).
+-->
+在本练习中，您使用 `kubectl patch` 更改部署对象的实时配置。您没有更改最初用于创建部署对象的配置文件。
+用于更新 API 对象的其他命令包括
+[kubectl annotate](/docs/reference/generated/kubectl/kubectl-commands/#annotate)，
+[kubectl edit](/docs/reference/generated/kubectl/kubectl-commands/#edit)，
+[kubectl replace](/docs/reference/generated/kubectl/kubectl-commands/#replace)，
+[kubectl scale](/docs/reference/generated/kubectl/kubectl-commands/#scale)，
+和
+[kubectl apply](/docs/reference/generated/kubectl/kubectl-commands/#apply)。
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+<!--
+* [Kubernetes Object Management](/docs/concepts/overview/object-management-kubectl/overview/)
+* [Managing Kubernetes Objects Using Imperative Commands](/docs/concepts/overview/object-management-kubectl/imperative-command/)
+* [Imperative Management of Kubernetes Objects Using Configuration Files](/docs/concepts/overview/object-management-kubectl/imperative-config/)
+* [Declarative Management of Kubernetes Objects Using Configuration Files](/docs/concepts/overview/object-management-kubectl/declarative-config/)
+-->
+
+* [Kubernetes 对象管理器](/docs/concepts/overview/object-management-kubectl/overview/)
+* [使用命令管理 Kubernetes 对象](/docs/concepts/overview/object-management-kubectl/imperative-command/)
+* [使用配置文件强制管理 Kubernetes 对象](/docs/concepts/overview/object-management-kubectl/imperative-config/)
+* [使用配置文件对 Kubernetes 对象进行声明式管理](/docs/concepts/overview/object-management-kubectl/declarative-config/)
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/tasks/service-catalog/_index.md b/content/zh/docs/tasks/service-catalog/_index.md
new file mode 100644
index 0000000000000..e8c5c78485c1e
--- /dev/null
+++ b/content/zh/docs/tasks/service-catalog/_index.md
@@ -0,0 +1,11 @@
+---
+title: "安装服务目录"
+weight: 150
+---
+
+<!--
+---
+title: "Install Service Catalog"
+weight: 150
+---
+-->
diff --git a/content/zh/docs/tasks/service-catalog/install-service-catalog-using-helm.md b/content/zh/docs/tasks/service-catalog/install-service-catalog-using-helm.md
new file mode 100644
index 0000000000000..94f5d511ffab0
--- /dev/null
+++ b/content/zh/docs/tasks/service-catalog/install-service-catalog-using-helm.md
@@ -0,0 +1,159 @@
+---
+title: 使用 Helm 安装 Service Catalog
+content_template: templates/task
+---
+<!--
+---
+title: Install Service Catalog using Helm
+reviewers:
+- chenopis
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+{{< glossary_definition term_id="service-catalog" length="all" prepend="Service Catalog is" >}}
+
+<!--
+Use [Helm](https://helm.sh/) to install Service Catalog on your Kubernetes cluster. Up to date information on this process can be found at the [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog/blob/master/docs/install.md) repo.
+-->
+使用 [Helm](https://helm.sh/) 在 Kubernetes 集群上安装 Service Catalog。
+要获取有关此过程的最新信息，请浏览 [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog/blob/master/docs/install.md) 仓库。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!--
+* Understand the key concepts of [Service Catalog](/docs/concepts/service-catalog/).
+* Service Catalog requires a Kubernetes cluster running version 1.7 or higher.
+* You must have a Kubernetes cluster with cluster DNS enabled.
+    * If you are using a cloud-based Kubernetes cluster or {{< glossary_tooltip text="Minikube" term_id="minikube" >}}, you may already have cluster DNS enabled.
+    * If you are using `hack/local-up-cluster.sh`, ensure that the `KUBE_ENABLE_CLUSTER_DNS` environment variable is set, then run the install script.
+* [Install and setup kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) v1.7 or higher. Make sure it is configured to connect to the Kubernetes cluster.
+* Install [Helm](http://helm.sh/) v2.7.0 or newer.
+    * Follow the [Helm install instructions](https://github.com/kubernetes/helm/blob/master/docs/install.md).
+    * If you already have an appropriate version of Helm installed, execute `helm init` to install Tiller, the server-side component of Helm.
+-->
+* 理解 [Service Catalog](/docs/concepts/service-catalog/) 的关键概念。
+* Service Catalog 需要 Kubernetes 集群版本在 1.7 或更高版本。
+* 您必须启用 Kubernetes 集群的 DNS 功能。
+    * 如果使用基于云的 Kubernetes 集群或 {{< glossary_tooltip text="Minikube" term_id="minikube" >}}，则可能已经启用了集群 DNS。
+    * 如果您正在使用 `hack/local-up-cluster.sh`，请确保设置了 `KUBE_ENABLE_CLUSTER_DNS` 环境变量，然后运行安装脚本。
+* [安装和设置 v1.7 或更高版本的 kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)，确保将其配置为连接到 Kubernetes 集群。
+* 安装 v2.7.0 或更高版本的 [Helm](http://helm.sh/)。
+    * 遵照 [Helm 安装说明](https://github.com/kubernetes/helm/blob/master/docs/install.md)。
+    * 如果已经安装了适当版本的 Helm，请执行 `helm init` 来安装 Helm 的服务器端组件 Tiller。
+
+{{% /capture %}}
+
+{{% capture steps %}}
+<!--
+## Add the service-catalog Helm repository
+-->
+## 添加 service-catalog Helm 仓库
+
+<!--
+Once Helm is installed, add the *service-catalog* Helm repository to your local machine by executing the following command:
+-->
+安装 Helm 后，通过执行以下命令将 *service-catalog* Helm 存储库添加到本地计算机：
+
+```shell
+helm repo add svc-cat https://svc-catalog-charts.storage.googleapis.com
+```
+
+<!--
+Check to make sure that it installed successfully by executing the following command:
+-->
+通过执行以下命令进行检查，以确保安装成功：
+
+```shell
+helm search service-catalog
+```
+
+<!--
+If the installation was successful, the command should output the following:
+-->
+如果安装成功，该命令应输出以下内容：
+
+```
+NAME            VERSION DESCRIPTION
+svc-cat/catalog 0.0.1   service-catalog API server and controller-manag...
+```
+
+<!--
+## Enable RBAC
+-->
+## 启用 RBAC
+
+<!--
+Your Kubernetes cluster must have RBAC enabled, which requires your Tiller Pod(s) to have `cluster-admin` access.
+-->
+您的 Kubernetes 集群必须启用 RBAC，这需要您的 Tiller Pod 具有 `cluster-admin` 访问权限。
+
+<!--
+If you are using Minikube, run the `minikube start` command with the following flag:
+-->
+如果您使用的是 Minikube，请使用以下参数运行 `minikube start` 命令：
+
+```shell
+minikube start --extra-config=apiserver.Authorization.Mode=RBAC
+```
+
+<!--
+If you are using `hack/local-up-cluster.sh`, set the `AUTHORIZATION_MODE` environment variable with the following values:
+-->
+如果您使用 `hack/local-up-cluster.sh`，请使用以下值设置 `AUTHORIZATION_MODE` 环境变量：
+
+```
+AUTHORIZATION_MODE=Node,RBAC hack/local-up-cluster.sh -O
+```
+
+<!--
+By default, `helm init` installs the Tiller Pod into the `kube-system` namespace, with Tiller configured to use the `default` service account.
+-->
+默认情况下，`helm init` 将 Tiller Pod 安装到 `kube-system` 命名空间，Tiller 配置为使用 `default` 服务帐户。
+
+{{< note >}}
+<!--
+If you used the `--tiller-namespace` or `--service-account` flags when running `helm init`, the `--serviceaccount` flag in the following command needs to be adjusted to reference the appropriate namespace and ServiceAccount name.
+-->
+如果在运行 `helm init` 时使用了 `--tiller-namespace` 或 `--service-account` 参数，则需要调整以下命令中的 `--serviceaccount` 参数以引用相应的 namespace 和 ServiceAccount 名称。
+{{< /note >}}
+
+<!--
+Configure Tiller to have `cluster-admin` access:
+-->
+配置 Tiller 以获得 `cluster-admin` 访问权限：
+
+```shell
+kubectl create clusterrolebinding tiller-cluster-admin \
+    --clusterrole=cluster-admin \
+    --serviceaccount=kube-system:default
+```
+
+<!--
+## Install Service Catalog in your Kubernetes cluster
+-->
+## 在 Kubernetes 集群中安装 Service Catalog
+
+<!--
+Install Service Catalog from the root of the Helm repository using the following command:
+-->
+使用以下命令从 Helm 存储库的根目录安装 Service Catalog：
+
+```shell
+helm install svc-cat/catalog \
+    --name catalog --namespace catalog
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* View [sample service brokers](https://github.com/openservicebrokerapi/servicebroker/blob/master/gettingStarted.md#sample-service-brokers).
+* Explore the [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog) project.
+-->
+* 查看[示例服务代理](https://github.com/openservicebrokerapi/servicebroker/blob/mastergettingStarted.md#sample-service-brokers)。
+* 探索 [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog) 项目。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/service-catalog/install-service-catalog-using-sc.md b/content/zh/docs/tasks/service-catalog/install-service-catalog-using-sc.md
new file mode 100644
index 0000000000000..706d624898f4b
--- /dev/null
+++ b/content/zh/docs/tasks/service-catalog/install-service-catalog-using-sc.md
@@ -0,0 +1,128 @@
+---
+title: 使用 SC 安装服务目录
+reviewers:
+- chenopis
+content_template: templates/task
+---
+
+<!--
+---
+title: Install Service Catalog using SC
+reviewers:
+- chenopis
+content_template: templates/task
+---
+-->
+
+{{% capture overview %}}
+{{< glossary_definition term_id="service-catalog" length="all" prepend="Service Catalog is" >}}
+
+<!--
+Use the [Service Catalog Installer](https://github.com/GoogleCloudPlatform/k8s-service-catalog#installation) tool to easily install or uninstall Service Catalog on your Kubernetes cluster. This CLI tool is installed as `sc` in your local environment.
+-->
+使用[服务目录安装程序](https://github.com/GoogleCloudPlatform/k8s-service-catalog#installation)工具可以轻松地在 Kubernetes 集群上安装或卸载服务目录。
+这个 CLI 工具以 `sc` 命令形式被安装在您的本地环境中。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+<!--
+* Understand the key concepts of [Service Catalog](/docs/concepts/service-catalog/).
+* Install [Go 1.6+](https://golang.org/dl/) and set the `GOPATH`.
+* Install the [cfssl](https://github.com/cloudflare/cfssl) tool needed for generating SSL artifacts.
+* Service Catalog requires Kubernetes version 1.7+.
+* [Install and setup kubectl](/docs/tasks/tools/install-kubectl/) so that it is configured to connect to a Kubernetes v1.7+ cluster.
+* The kubectl user must be bound to the *cluster-admin* role for it to install Service Catalog. To ensure that this is true, run the following command:
+
+        kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=<user-name>
+-->
+* 了解[服务目录](/docs/concepts/service-catalog/)的主要概念。
+* 安装 [Go 1.6+](https://golang.org/dl/) 以及设置 `GOPATH`。
+* 安装生成 SSL 工件所需的 [cfssl](https://github.com/cloudflare/cfssl) 工具。
+* 服务目录需要 Kubernetes 1.7+ 版本。
+* [安装和设置 kubectl](/docs/tasks/tools/install-kubectl/)，以便将其配置为连接到 Kubernetes v1.7+ 集群。
+* 要安装服务目录，kubectl 用户必须绑定到 *cluster-admin* 角色。为了确保这是正确的，请运行以下命令：
+
+        kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=<user-name>
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+<!--
+## Install `sc` in your local environment
+-->
+## 在本地环境中安装 `sc`
+
+<!--
+Install the `sc` CLI tool using the `go get` command:
+-->
+使用 `go get` 命令安装 `sc` CLI 工具：
+
+```Go
+go get github.com/GoogleCloudPlatform/k8s-service-catalog/installer/cmd/sc
+```
+
+<!--
+After running the above command, `sc` should be installed in your `GOPATH/bin` directory.
+-->
+执行上述命令后，`sc` 应被安装在 `GOPATH/bin` 目录中了。
+
+<!--
+## Install Service Catalog in your Kubernetes cluster
+-->
+## 在 Kubernetes 集群中安装服务目录
+
+<!--
+First, verify that all dependencies have been installed. Run:
+-->
+首先，检查是否已经安装了所有依赖项。运行：
+
+```shell
+sc check
+```
+
+<!--
+If the check is successful, it should return:
+-->
+如检查通过，应输出：
+
+```
+Dependency check passed. You are good to go.
+```
+
+<!--
+Next, run the install command and specify the `storageclass` that you want to use for the backup:
+-->
+接下来，运行安装命令并指定要用于备份的 `storageclass`：
+
+```shell
+sc install --etcd-backup-storageclass "standard"
+```
+
+<!--
+## Uninstall Service Catalog
+-->
+## 卸载服务目录
+
+<!--
+If you would like to uninstall Service Catalog from your Kubernetes cluster using the `sc` tool, run:
+-->
+如果您想使用 `sc` 工具从 Kubernetes 集群卸载服务目录，请运行：
+
+```shell
+sc uninstall
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+* View [sample service brokers](https://github.com/openservicebrokerapi/servicebroker/blob/master/gettingStarted.md#sample-service-brokers).
+* Explore the [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog) project.
+-->
+* 查看 [服务代理示例](https://github.com/openservicebrokerapi/servicebroker/blob/master/gettingStarted.md#sample-service-brokers)。
+* 探索 [kubernetes-incubator/service-catalog](https://github.com/kubernetes-incubator/service-catalog) 项目。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/tls/_index.md b/content/zh/docs/tasks/tls/_index.md
new file mode 100755
index 0000000000000..3bf0ceffcaec4
--- /dev/null
+++ b/content/zh/docs/tasks/tls/_index.md
@@ -0,0 +1,4 @@
+---
+title: "TLS"
+weight: 100
+---
diff --git a/content/zh/docs/tasks/tls/managing-tls-in-a-cluster.md b/content/zh/docs/tasks/tls/managing-tls-in-a-cluster.md
new file mode 100644
index 0000000000000..4ee542f35ca57
--- /dev/null
+++ b/content/zh/docs/tasks/tls/managing-tls-in-a-cluster.md
@@ -0,0 +1,390 @@
+---
+title: 管理集群中的 TLS 认证
+content_template: templates/task
+reviewers:
+- mikedanese
+- beacham
+- liggit
+---
+<!--
+---
+title: Manage TLS Certificates in a Cluster
+content_template: templates/task
+reviewers:
+- mikedanese
+- beacham
+- liggit
+---
+-->
+
+{{% capture overview %}}
+<!--
+Every Kubernetes cluster has a cluster root Certificate Authority (CA). The CA
+is generally used by cluster components to validate the API server's
+certificate, by the API server to validate kubelet client certificates, etc. To
+support this, the CA certificate bundle is distributed to every node in the
+cluster and is distributed as a secret attached to default service accounts.
+Optionally, your workloads can use this CA to establish trust. Your application
+can request a certificate signing using the `certificates.k8s.io` API using a
+protocol that is similar to the
+[ACME draft](https://github.com/ietf-wg-acme/acme/).
+-->
+每个 Kubernetes 集群都有一个集群根证书颁发机构（CA）。集群中的组件通常使用 CA 来验证 API server 的证书，由 API 服务器验证 kubelet 客户端证书等。为了支持这一点，CA 证书包被分发到集群中的每个节点，并作为一个 secret 附加分发到默认 service account 上。 或者，您的工作负载可以使用此 CA 建立信任。您的应用程序可以使用类似于 [ACME 草案](https://github.com/ietf-wg-acme/acme/)的协议，使用 `certificates.k8s.io` API 请求证书签名。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+<!--
+## Trusting TLS in a Cluster
+
+Trusting the cluster root CA from an application running as a pod usually
+requires some extra application configuration. You will need to add the CA
+certificate bundle to the list of CA certificates that the TLS client or server
+trusts. For example, you would do this with a golang TLS config by parsing the
+certificate chain and adding the parsed certificates to the `RootCAs` field
+in the [`tls.Config`](https://godoc.org/crypto/tls#Config) struct.
+
+The CA certificate bundle is automatically mounted into pods using the default
+service account at the path `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
+If you are not using the default service account, ask a cluster administrator to
+build a configmap containing the certificate bundle that you have access to use.
+-->
+## 集群中的 TLS 信任
+
+让 Pod 中运行的应用程序信任集群根 CA 通常需要一些额外的应用程序配置。您将需要将 CA 证书包添加到 TLS 客户端或服务器信任的 CA 证书列表中。例如，您可以使用 golang TLS 配置通过解析证书链并将解析的证书添加到 [`tls.Config`](https://godoc.org/crypto/tls#Config) 结构中的 `RootCAs` 字段中。
+
+CA 证书捆绑包将使用默认服务账户自动加载到 pod 中，路径为 `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`。如果您没有使用默认服务账户，请请求集群管理员构建包含您有权访问使用的证书包的 configmap。
+
+<!--
+## Requesting a Certificate
+
+The following section demonstrates how to create a TLS certificate for a
+Kubernetes service accessed through DNS.
+
+{{< note >}}
+This tutorial uses CFSSL: Cloudflare's PKI and TLS toolkit [click here](https://blog.cloudflare.com/introducing-cfssl/) to know more.
+{{< /note >}}
+-->
+## 请求认证
+
+以下部分演示如何为通过 DNS 访问的 Kubernetes 服务创建 TLS 证书。
+
+{{< note >}}
+本教程使用 CFSSL：Cloudflare's PKI 和 TLS 工具包[点击此处](https://blog.cloudflare.com/introducing-cfssl/)了解更多信息。
+{{< /note >}}
+
+<!--
+## Download and install CFSSL
+
+The cfssl tools used in this example can be downloaded at
+[https://pkg.cfssl.org/](https://pkg.cfssl.org/).
+-->
+## 下载并安装 CFSSL
+
+本例中使用的 cfssl 工具可以在 [https://pkg.cfssl.org/](https://pkg.cfssl.org/) 下载。
+
+<!--
+## Create a Certificate Signing Request
+
+Generate a private key and certificate signing request (or CSR) by running
+the following command:
+
+```shell
+cat <<EOF | cfssl genkey - | cfssljson -bare server
+{
+  "hosts": [
+    "my-svc.my-namespace.svc.cluster.local",
+    "my-pod.my-namespace.pod.cluster.local",
+    "172.168.0.24",
+    "10.0.34.2"
+  ],
+  "CN": "my-pod.my-namespace.pod.cluster.local",
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  }
+}
+EOF
+```
+
+Where `172.168.0.24` is the service's cluster IP,
+`my-svc.my-namespace.svc.cluster.local` is the service's DNS name,
+`10.0.34.2` is the pod's IP and `my-pod.my-namespace.pod.cluster.local`
+is the pod's DNS name. You should see the following output:
+
+```
+2017/03/21 06:48:17 [INFO] generate received request
+2017/03/21 06:48:17 [INFO] received CSR
+2017/03/21 06:48:17 [INFO] generating key: ecdsa-256
+2017/03/21 06:48:17 [INFO] encoded CSR
+```
+
+This command generates two files; it generates `server.csr` containing the PEM
+encoded [pkcs#10](https://tools.ietf.org/html/rfc2986) certification request,
+and `server-key.pem` containing the PEM encoded key to the certificate that
+is still to be created.
+-->
+## 创建证书签名请求
+
+通过运行以下命令生成私钥和证书签名请求（或 CSR）:
+
+```shell
+cat <<EOF | cfssl genkey - | cfssljson -bare server
+{
+  "hosts": [
+    "my-svc.my-namespace.svc.cluster.local",
+    "my-pod.my-namespace.pod.cluster.local",
+    "172.168.0.24",
+    "10.0.34.2"
+  ],
+  "CN": "my-pod.my-namespace.pod.cluster.local",
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  }
+}
+EOF
+```
+
+其中 `172.168.0.24` 是服务的集群 IP，`my-svc.my-namespace.svc.cluster.local` 是服务的 DNS 名称，`10.0.34.2` 是 pod 的 IP 和 `my-pod.my-namespace.pod.cluster.local` 是 pod 的 DNS 名称。您能看到以下的输出：
+
+```
+2017/03/21 06:48:17 [INFO] generate received request
+2017/03/21 06:48:17 [INFO] received CSR
+2017/03/21 06:48:17 [INFO] generating key: ecdsa-256
+2017/03/21 06:48:17 [INFO] encoded CSR
+```
+
+该命令生成两个文件；它生成包含 PEM 编码 [pkcs#10](https://tools.ietf.org/html/rfc2986) 认证请求的 `server.csr`，以及包含证书的 PEM 编码密钥的 `server-key.pem` 还有待生成。
+
+<!--
+## Create a Certificate Signing Request object to send to the Kubernetes API
+
+Generate a CSR yaml blob and send it to the apiserver by running the following
+command:
+
+```shell
+cat <<EOF | kubectl apply -f -
+apiVersion: certificates.k8s.io/v1beta1
+kind: CertificateSigningRequest
+metadata:
+  name: my-svc.my-namespace
+spec:
+  groups:
+  - system:authenticated
+  request: $(cat server.csr | base64 | tr -d '\n')
+  usages:
+  - digital signature
+  - key encipherment
+  - server auth
+EOF
+```
+
+Notice that the `server.csr` file created in step 1 is base64 encoded
+and stashed in the `.spec.request` field. We are also requesting a
+certificate with the "digital signature", "key encipherment", and "server
+auth" key usages. We support all key usages and extended key usages listed
+[here](https://godoc.org/k8s.io/api/certificates/v1beta1#KeyUsage)
+so you can request client certificates and other certificates using this
+same API.
+
+The CSR should now be visible from the API in a Pending state. You can see
+it by running:
+
+```shell
+kubectl describe csr my-svc.my-namespace
+```
+
+```none
+Name:                   my-svc.my-namespace
+Labels:                 <none>
+Annotations:            <none>
+CreationTimestamp:      Tue, 21 Mar 2017 07:03:51 -0700
+Requesting User:        yourname@example.com
+Status:                 Pending
+Subject:
+        Common Name:    my-svc.my-namespace.svc.cluster.local
+        Serial Number:
+Subject Alternative Names:
+        DNS Names:      my-svc.my-namespace.svc.cluster.local
+        IP Addresses:   172.168.0.24
+                        10.0.34.2
+Events: <none>
+```
+-->
+## 创建证书签名请求对象发送到 Kubernetes API
+
+使用以下命令创建 CSR yaml 文件，并发送到 API server：
+
+```shell
+cat <<EOF | kubectl apply -f -
+apiVersion: certificates.k8s.io/v1beta1
+kind: CertificateSigningRequest
+metadata:
+  name: my-svc.my-namespace
+spec:
+  groups:
+  - system:authenticated
+  request: $(cat server.csr | base64 | tr -d '\n')
+  usages:
+  - digital signature
+  - key encipherment
+  - server auth
+EOF
+```
+
+请注意，在步骤1中创建的 `server.csr` 文件是 base64 编码并存储在 `.spec.request` 字段中的，我们还要求提供 “数字签名”，“密钥加密” 和 “服务器身份验证” 密钥用途的证书。我们[这里](https://godoc.org/k8s.io/api/certificates/v1beta1#KeyUsage)支持列出的所有关键用途和扩展的关键用途，以便您可以使用相同的 API 请求客户端证书和其他证书。
+
+在 API server 中可以看到这些 CSR 处于 pending 状态。执行下面的命令您将可以看到：
+
+```shell
+kubectl describe csr my-svc.my-namespace
+```
+
+```none
+Name:                   my-svc.my-namespace
+Labels:                 <none>
+Annotations:            <none>
+CreationTimestamp:      Tue, 21 Mar 2017 07:03:51 -0700
+Requesting User:        yourname@example.com
+Status:                 Pending
+Subject:
+        Common Name:    my-svc.my-namespace.svc.cluster.local
+        Serial Number:
+Subject Alternative Names:
+        DNS Names:      my-svc.my-namespace.svc.cluster.local
+        IP Addresses:   172.168.0.24
+                        10.0.34.2
+Events: <none>
+```
+
+<!--
+## Get the Certificate Signing Request Approved
+
+Approving the certificate signing request is either done by an automated
+approval process or on a one off basis by a cluster administrator. More
+information on what this involves is covered below.
+-->
+## 获取批准的证书签名请求
+
+批准证书签名请求是通过自动批准过程完成的，或由集群管理员一次性完成。有关这方面涉及的更多信息，请参见下文。
+
+<!--
+## Download the Certificate and Use It
+
+Once the CSR is signed and approved you should see the following:
+
+```shell
+kubectl get csr
+```
+
+```none
+NAME                  AGE       REQUESTOR               CONDITION
+my-svc.my-namespace   10m       yourname@example.com    Approved,Issued
+```
+
+You can download the issued certificate and save it to a `server.crt` file
+by running the following:
+
+```shell
+kubectl get csr my-svc.my-namespace -o jsonpath='{.status.certificate}' \
+    | base64 --decode > server.crt
+```
+
+Now you can use `server.crt` and `server-key.pem` as the keypair to start
+your HTTPS server.
+-->
+## 下载证书并使用它
+
+CSR 被签署并获得批准后，您应该看到以下内容：
+
+```shell
+kubectl get csr
+```
+
+```none
+NAME                  AGE       REQUESTOR               CONDITION
+my-svc.my-namespace   10m       yourname@example.com    Approved,Issued
+```
+
+您可以通过运行以下命令下载颁发的证书并将其保存到 `server.crt` 文件中：
+
+```shell
+kubectl get csr my-svc.my-namespace -o jsonpath='{.status.certificate}' \
+    | base64 --decode > server.crt
+```
+
+现在您可以将 `server.crt` 和 `server-key.pem` 作为键值对来启动 HTTPS 服务器。
+
+<!--
+## Approving Certificate Signing Requests
+
+A Kubernetes administrator (with appropriate permissions) can manually approve
+(or deny) Certificate Signing Requests by using the `kubectl certificate
+approve` and `kubectl certificate deny` commands. However if you intend
+to make heavy usage of this API, you might consider writing an automated
+certificates controller.
+
+Whether a machine or a human using kubectl as above, the role of the approver is
+to verify that the CSR satisfies two requirements:
+
+1. The subject of the CSR controls the private key used to sign the CSR. This
+   addresses the threat of a third party masquerading as an authorized subject.
+   In the above example, this step would be to verify that the pod controls the
+   private key used to generate the CSR.
+2. The subject of the CSR is authorized to act in the requested context. This
+   addresses the threat of an undesired subject joining the cluster. In the
+   above example, this step would be to verify that the pod is allowed to
+   participate in the requested service.
+
+If and only if these two requirements are met, the approver should approve
+the CSR and otherwise should deny the CSR.
+-->
+## 批准证书签名请求
+
+Kubernetes 管理员（具有适当权限）可以使用 `kubectl certificate approve` 和 `kubectl certificate deny` 命令手动批准（或拒绝）证书签名请求。但是，如果您打算大量使用此 API，则可以考虑编写自动化的证书控制器。
+
+无论上述机器或人使用 kubectl，批准者的作用是验证 CSR 满足如下两个要求：
+
+ 1. CSR 的主体控制用于签署 CSR 的私钥。这解决了伪装成授权主体的第三方的威胁。在上述示例中，此步骤将验证该 pod 控制了用于生成 CSR 的私钥。
+ 2. CSR 的主体被授权在请求的上下文中执行。这解决了我们加入群集的我们不期望的主体的威胁。在上述示例中，此步骤将是验证该 pod 是否被允许加入到所请求的服务中。
+
+当且仅当满足这两个要求时，审批者应该批准 CSR，否则拒绝 CSR。
+
+<!--
+## A Word of Warning on the Approval Permission
+
+The ability to approve CSRs decides who trusts who within the cluster. This
+includes who the Kubernetes API trusts. The ability to approve CSRs should
+not be granted broadly or lightly. The requirements of the challenge
+noted in the previous section and the repercussions of issuing a specific
+certificate should be fully understood before granting this permission. See
+[here](/docs/reference/access-authn-authz/authentication/#x509-client-certs) for information on how
+certificates interact with authentication.
+-->
+## 关于批准许可的警告
+
+批准 CSR 的能力决定谁信任群集中的谁。这包括 Kubernetes API 信任的人。批准 CSR 的能力不能过于广泛和轻率。在给予本许可之前，应充分了解上一节中提到的挑战和发布特定证书的后果。有关证书与认证交互的信息，请参阅[此处](/docs/reference/access-authn-authz/authentication/#x509-client-certs)。
+
+<!--
+## A Note to Cluster Administrators
+
+This tutorial assumes that a signer is setup to serve the certificates API. The
+Kubernetes controller manager provides a default implementation of a signer. To
+enable it, pass the `--cluster-signing-cert-file` and
+`--cluster-signing-key-file` parameters to the controller manager with paths to
+your Certificate Authority's keypair.
+-->
+## 给集群管理员的一个建议
+
+本教程假设将签名者设置为服务证书 API。Kubernetes controller manager 提供了一个签名者的默认实现。 要启用它，请将`--cluster-signing-cert-file` 和 `--cluster-signing-key-file` 参数传递给 controller manager，并配置具有证书颁发机构的密钥对的路径。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tasks/tools/_index.md b/content/zh/docs/tasks/tools/_index.md
new file mode 100644
index 0000000000000..b45ce8b48f456
--- /dev/null
+++ b/content/zh/docs/tasks/tools/_index.md
@@ -0,0 +1,11 @@
+---
+title: "安装工具"
+weight: 10
+---
+
+<!--
+---
+title: "Install Tools"
+weight: 10
+---
+-->
diff --git a/content/zh/docs/tasks/tools/install-kubectl.md b/content/zh/docs/tasks/tools/install-kubectl.md
new file mode 100644
index 0000000000000..5fa6d426e8aff
--- /dev/null
+++ b/content/zh/docs/tasks/tools/install-kubectl.md
@@ -0,0 +1,703 @@
+---
+reviewers:
+- bgrant0607
+- mikedanese
+title: 安装并设置 kubectl
+content_template: templates/task
+weight: 10
+---
+<!--
+---
+reviewers:
+- bgrant0607
+- mikedanese
+title: Install and Set Up kubectl
+content_template: templates/task
+weight: 10
+---
+-->
+{{% capture overview %}}
+<!--
+ Use the Kubernetes command-line tool, [kubectl](/docs/user-guide/kubectl/), to deploy and manage applications on Kubernetes. Using kubectl, you can inspect cluster resources; create, delete, and update components; look at your new cluster; and bring up example apps.
+ -->
+ 在 Kubernetes 上使用 Kubernetes 命令行工具 [kubectl](/docs/user-guide/kubectl/) 部署和管理应用程序。使用 kubectl，您可以检查集群资源；创建、删除和更新组件；查看您的新集群；并启动实例应用程序。
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!--
+You must use a kubectl version that is within one minor version difference of your cluster. For example, a v1.2 client should work with v1.1, v1.2, and v1.3 master. Using the latest version of kubectl helps avoid unforeseen issues.
+-->
+您必须使用与集群小版本号差别为一的 kubectl 版本。例如，1.2版本的客户端应该与1.1版本、1.2版本和1.3版本的主节点一起使用。使用最新版本的 kubectl 有助于避免无法预料的问题。
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+<!--
+## Install kubectl
+
+Here are a few methods to install kubectl.
+-->
+## 安装 kubectl
+
+以下是一些安装 kubectl 的方法。
+
+<!--
+## Install kubectl binary using native package management
+
+{{< tabs name="kubectl_install" >}}
+{{< tab name="Ubuntu, Debian or HypriotOS" codelang="bash" >}}
+sudo apt-get update && sudo apt-get install -y apt-transport-https
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
+sudo apt-get update
+sudo apt-get install -y kubectl
+{{< /tab >}}
+{{< tab name="CentOS, RHEL or Fedora" codelang="bash" >}}cat <<EOF > /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+EOF
+yum install -y kubectl
+{{< /tab >}}
+{{< /tabs >}}
+-->
+## 使用本地软件包管理软件安装 kubectl 二进制文件
+
+{{< tabs name="kubectl_install" >}}
+{{< tab name="Ubuntu, Debian or HypriotOS" codelang="bash" >}}
+sudo apt-get update && sudo apt-get install -y apt-transport-https
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
+sudo apt-get update
+sudo apt-get install -y kubectl
+{{< /tab >}}
+{{< tab name="CentOS, RHEL or Fedora" codelang="bash" >}}cat <<EOF > /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+EOF
+yum install -y kubectl
+{{< /tab >}}
+{{< /tabs >}}
+
+
+<!--
+## Install with snap on Ubuntu
+
+If you are on Ubuntu or one of other Linux distributions that support [snap](https://snapcraft.io/docs/core/install) package manager, kubectl is available as a [snap](https://snapcraft.io/) application.
+
+1. Switch to the snap user and run the installation command:
+
+    ```
+    sudo snap install kubectl --classic
+    ```
+
+2. Test to ensure the version you installed is sufficiently up-to-date:
+
+    ```
+    kubectl version
+    ```
+-->
+## 在 Ubuntu 上使用 snap 安装 kubectl
+
+如果您使用的是 Ubuntu 或其他支持 [snap](https://snapcraft.io/docs/core/install) 软件包管理器的Linux发行版，kubectl 可以作为一个 [snap](https://snapcraft.io/) 应用程序使用。
+
+1. 切换到 snap 用户并运行安装命令：
+
+    ```
+    sudo snap install kubectl --classic
+    ```
+
+2. 测试以确保您安装的版本是最新的：
+
+    ```
+    kubectl version
+    ```
+
+<!--
+## Install with Homebrew on macOS
+
+If you are on macOS and using [Homebrew](https://brew.sh/) package manager, you can install kubectl with Homebrew.
+
+1. Run the installation command:
+
+    ```
+    brew install kubernetes-cli
+    ```
+
+2. Test to ensure the version you installed is sufficiently up-to-date:
+
+    ```
+    kubectl version
+    ```
+-->
+## <span id = "jump"> 在 macOS 上用 Homebrew 安装 kubectl </span>
+
+如果您使用的是 macOS 系统并使用 [Homebrew](https://brew.sh/) 包管理器，您可以通过 Homebrew 安装 kubectl。
+
+1. 运行安装命令：
+   
+    ```
+    brew install kubernetes-cli
+    ```
+
+2. 测试以确保您安装的版本是最新的：
+   
+    ```
+    kubectl version
+    ```
+    
+
+<!--
+## Install with Macports on macOS
+
+If you are on macOS and using [Macports](https://macports.org/) package manager, you can install kubectl with Macports.
+
+1. Run the installation command:
+
+    ```
+    port install kubectl
+    ```
+
+2. Test to ensure the version you installed is sufficiently up-to-date:
+
+    ```
+    kubectl version
+    ```
+-->
+
+## 在 macOS 上用 Macports 安装 kubectl
+
+如果您使用的是 macOS 系统并使用 [Macports](https://macports.org/) 包管理器，您可以通过 Macports 安装 kubectl。
+
+1. 运行安装命令：
+   
+    ```
+    port install kubectl
+    ```
+
+2. 测试以确保您安装的版本是最新的：
+
+     ```
+    kubectl version
+    ```
+
+<!--
+## Install with Powershell from PSGallery
+
+If you are on Windows and using [Powershell Gallery](https://www.powershellgallery.com/) package manager, you can install and update kubectl with Powershell.
+
+1. Run the installation commands (making sure to specify a `DownloadLocation`):
+
+    ```
+    Install-Script -Name install-kubectl -Scope CurrentUser -Force
+    install-kubectl.ps1 [-DownloadLocation <path>]
+    ```
+
+    {{< note >}}
+    If you do not specify a `DownloadLocation`, `kubectl` will be installed in the user's temp Directory.
+    {{< /note >}}
+
+    The installer creates `$HOME/.kube` and instructs it to create a config file
+
+2. Test to ensure the version you installed is sufficiently up-to-date:
+
+    ```
+    kubectl version
+    ```
+
+    {{< note >}}
+    Updating the installation is performed by rerunning the two commands listed in step 1.
+    {{< /note >}}
+-->
+## 从 PSGallery 通过 Powershell 安装 kubectl
+
+如果您使用的是 Windows 系统并使用 [Powershell Gallery](https://www.powershellgallery.com/) 软件包管理器，您可以使用 Powershell 安装和更新 kubectl。
+
+1. 运行安装命令（确保指定 `DownloadLocation`）：
+
+    ```
+    Install-Script -Name install-kubectl -Scope CurrentUser -Force
+    install-kubectl.ps1 [-DownloadLocation <path>]
+    ```
+
+    {{< note >}}
+    如果你没有指定 `DownloadLocation`，那么 `kubectl` 将安装在用户的临时目录中。
+    {{< /note >}}
+
+    安装程序创建 `$ HOME/.kube` 并指示它创建配置文件
+
+2. 测试以确保您安装的版本是最新的：
+    ```
+    kubectl version
+    ```
+
+    {{< note >}}
+    通过重新运行步骤1中列出的两个命令来执行更新安装。
+    {{< /note >}}
+
+<!--
+## Install with Chocolatey on Windows
+
+If you are on Windows and using [Chocolatey](https://chocolatey.org) package manager, you can install kubectl with Chocolatey.
+
+1. Run the installation command:
+
+    ```
+    choco install kubernetes-cli
+    ```
+
+2. Test to ensure the version you installed is sufficiently up-to-date:
+
+    ```
+    kubectl version
+    ```
+3. Change to your %HOME% directory:
+
+    For example: `cd C:\users\yourusername`
+
+4. Create the .kube directory:
+
+    ```
+    mkdir .kube
+    ```
+
+5. Change to the .kube directory you just created:
+
+    ```
+    cd .kube
+    ```
+
+6. Configure kubectl to use a remote Kubernetes cluster:
+
+    ```
+    New-Item config -type file
+    ```
+
+    {{< note >}}
+    Edit the config file with a text editor of your choice, such as Notepad.
+    {{< /note >}}
+-->
+## 在 Windows 上用 Chocolatey 安装 kubectl
+
+如果您使用的是 Windows 系统并使用 [Chocolatey](https://chocolatey.org) 包管理器，您可以使用 Chocolatey 安装 kubectl。
+
+1. 运行安装命令：
+
+    ```
+    choco install kubernetes-cli
+    ```
+
+2. 测试以确保您安装的版本是最新的：
+
+    ```
+    kubectl version
+    ```
+3. 切换到 %HOME% 目录：
+
+    例如：`cd C:\users\yourusername`
+
+4. 创建 .kube 目录：
+
+    ```
+    mkdir .kube
+    ```
+
+5. 切换到刚刚创建的 .kube 目录：
+
+    ```
+    cd .kube
+    ```
+
+6. 配置 kubectl 以使用远程 Kubernetes 集群：
+
+    ```
+    New-Item config -type file
+    ```
+
+    {{< note >}}
+    使用您偏爱的编辑器编辑配置文件，例如 Notepad。
+    {{< /note >}}
+
+<!--
+## Download as part of the Google Cloud SDK
+
+You can install kubectl as part of the Google Cloud SDK.
+
+1. Install the [Google Cloud SDK](https://cloud.google.com/sdk/).
+2. Run the `kubectl` installation command:
+
+    ```
+    gcloud components install kubectl
+    ```
+
+3. Test to ensure the version you installed is sufficiently up-to-date:
+
+    ```
+    kubectl version
+    ```
+-->
+## 将 kubectl 作为 Google Cloud SDK 的一部分下载
+
+kubectl 可以作为 Google Cloud SDK 的一部分进行安装。
+
+1. 安装 [Google Cloud SDK](https://cloud.google.com/sdk/).
+2. 运行以下命令安装 `kubectl`：
+
+    ```
+    gcloud components install kubectl
+    ```
+
+3. 测试以确保您安装的版本是最新的：
+
+    ```
+    kubectl version
+    ```
+
+<!--
+## Install kubectl binary using curl
+
+{{< tabs name="kubectl_install_curl" >}}
+{{% tab name="macOS" %}}
+1. Download the latest release:
+
+    ```		 
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl
+    ```
+
+    To download a specific version, replace the `$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)` portion of the command with the specific version.
+
+    For example, to download version {{< param "fullversion" >}} on macOS, type:
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/darwin/amd64/kubectl
+    ```
+
+2. Make the kubectl binary executable.
+
+    ```
+    chmod +x ./kubectl
+    ```
+
+3. Move the binary in to your PATH.
+
+    ```
+    sudo mv ./kubectl /usr/local/bin/kubectl
+    ```
+{{% /tab %}}
+{{% tab name="Linux" %}}
+
+1. Download the latest release with the command:
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+    ```
+
+    To download a specific version, replace the `$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)` portion of the command with the specific version.
+
+    For example, to download version {{< param "fullversion" >}} on Linux, type:
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/linux/amd64/kubectl
+    ```
+
+2. Make the kubectl binary executable.
+
+    ```
+    chmod +x ./kubectl
+    ```
+
+3. Move the binary in to your PATH.
+
+    ```
+    sudo mv ./kubectl /usr/local/bin/kubectl
+    ```
+{{% /tab %}}
+{{% tab name="Windows" %}}
+1. Download the latest release {{< param "fullversion" >}} from [this link](https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe).
+
+    Or if you have `curl` installed, use this command:
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe
+    ```
+
+    To find out the latest stable version (for example, for scripting), take a look at [https://storage.googleapis.com/kubernetes-release/release/stable.txt](https://storage.googleapis.com/kubernetes-release/release/stable.txt).
+
+2. Add the binary in to your PATH.
+{{% /tab %}}
+{{< /tabs >}}
+-->
+## 通过 curl 命令安装 kubectl 可执行文件
+
+{{< tabs name="kubectl_install_curl" >}}
+{{% tab name="macOS" %}}
+1. 通过以下命令下载 kubectl 的最新版本：
+
+    ```		 
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl
+    ```
+
+    若需要下载特定版本的 kubectl，请将上述命令中的 `$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)` 部分替换成为需要下载的 kubectl 的具体版本即可。
+
+     例如，如果需要下载 {{< param "fullversion" >}} 版本在 macOS 系统上,需要使用如下命令：
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/darwin/amd64/kubectl
+    ```
+
+2. 修改所下载的 kubectl 二进制文件为可执行模式。
+
+    ```
+    chmod +x ./kubectl
+    ```
+
+3. 将 kubectl 可执行文件放置到你的 PATH 目录下。
+
+
+    ```
+    sudo mv ./kubectl /usr/local/bin/kubectl
+    ```
+{{% /tab %}}
+{{% tab name="Linux" %}}
+
+1. 通过以下命令下载 kubectl 的最新版本：
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+    ```
+
+    若需要下载特定版本的 kubectl，请将上述命令中的 `$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)` 部分替换成为需要下载的 kubectl 的具体版本即可。
+
+    例如，如果需要下载用于 Linux 的 {{< param "fullversion" >}} 版本，需要使用如下命令：
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/linux/amd64/kubectl
+    ```
+
+2. 修改所下载的 kubectl 二进制文件为可执行模式。
+
+    ```
+    chmod +x ./kubectl
+    ```
+
+3. 将 kubectl 可执行文件放置到你的 PATH 目录下。
+
+    ```
+    sudo mv ./kubectl /usr/local/bin/kubectl
+    ```
+{{% /tab %}}
+{{% tab name="Windows" %}}
+1. 从[本链接](https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe)下载 kubectl 的最新版 {{< param "fullversion" >}}。
+
+   或者如果您已经在系统中安装了 `curl` 工具，也可以通过以下命令下载：
+
+    ```
+    curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe
+    ```
+
+若要查找最新的稳定版本（例如脚本等），请查看 [https://storage.googleapis.com/kubernetes-release/release/stable.txt](https://storage.googleapis.com/kubernetes-release/release/stable.txt).
+
+2. 将 kubectl 可执行文件添加到你的 PATH 目录。
+{{% /tab %}}
+{{< /tabs >}}
+
+
+
+<!--
+## Configure kubectl
+
+In order for kubectl to find and access a Kubernetes cluster, it needs a [kubeconfig file](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/), which is created automatically when you create a cluster using kube-up.sh or successfully deploy a Minikube cluster. See the [getting started guides](/docs/setup/) for more about creating clusters. If you need access to a cluster you didn't create, see the [Sharing Cluster Access document](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/).
+By default, kubectl configuration is located at `~/.kube/config`.
+-->
+## 配置 kubectl 
+
+kubectl 需要一个 [kubeconfig 配置文件](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/)使其找到并访问 Kubernetes 集群。当您使用 kube-up.sh 脚本创建 Kubernetes 集群或者部署 Minikube 集群时，会自动生成 kubeconfig 配置文件。请参阅[入门指南](/docs/setup/)以了解更多创建集群相关的信息。如果您需要访问一个并非由您创建的集群，请参阅[如何共享集群的访问](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/)。默认情况下，kubectl 配置文件位于 `~/.kube/config`。
+
+<!--
+## Check the kubectl configuration
+Check that kubectl is properly configured by getting the cluster state:
+
+```shell
+kubectl cluster-info
+```
+If you see a URL response, kubectl is correctly configured to access your cluster.
+
+If you see a message similar to the following, kubectl is not correctly configured or not able to connect to a Kubernetes cluster.
+
+```shell
+The connection to the server <server-name:port> was refused - did you specify the right host or port?
+```
+
+For example, if you are intending to run a Kubernetes cluster on your laptop (locally), you will need a tool like minikube to be installed first and then re-run the commands stated above.
+
+If kubectl cluster-info returns the url response but you can't access your cluster, to check whether it is configured properly, use:
+
+```shell
+kubectl cluster-info dump
+```
+-->
+## 检查 kubectl 的配置
+通过获取集群状态检查 kubectl 是否被正确配置：
+
+```shell
+kubectl cluster-info
+```
+如果您看到一个 URL 被返回，那么 kubectl 已经被正确配置，能够正常访问您的 Kubernetes 集群。
+
+如果您看到类似以下的信息被返回，那么 kubectl 没有被正确配置，无法正常访问您的 Kubernetes 集群。
+
+```shell
+The connection to the server <server-name:port> was refused - did you specify the right host or port?
+```
+
+例如，如果您打算在笔记本电脑（本地）上运行 Kubernetes 集群，则需要首先安装 minikube 等工具，然后重新运行上述命令。
+
+如果 kubectl cluster-info 能够返回 url 响应，但您无法访问您的集群，可以使用下面的命令检查配置是否正确：
+
+```shell
+kubectl cluster-info dump
+```
+
+<!--
+## Enabling shell autocompletion
+
+kubectl includes autocompletion support, which can save a lot of typing!
+
+The completion script itself is generated by kubectl, so you typically just need to invoke it from your profile.
+
+Common examples are provided here. For more details, consult `kubectl completion -h`.
+-->
+## 启用 shell 自动补全功能
+
+kubectl 支持自动补全功能，可以节省大量输入！
+
+自动补全脚本由 kubectl 产生，您仅需要在您的 shell 配置文件中调用即可。
+
+以下仅提供了使用命令补全的常用示例，更多详细信息，请查阅 `kubectl completion -h` 帮助命令的输出。
+
+<!--
+### On Linux, using bash
+On CentOS Linux, you may need to install the bash-completion package which is not installed by default.
+
+```shell
+yum install bash-completion -y
+```
+
+To add kubectl autocompletion to your current shell, run `source <(kubectl completion bash)`.
+
+To add kubectl autocompletion to your profile, so it is automatically loaded in future shells run:
+
+```shell
+echo "source <(kubectl completion bash)" >> ~/.bashrc
+```
+-->
+### Linux 系统，使用 bash
+在 CentOS Linux系统上，您可能需要安装默认情况下未安装的 bash-completion 软件包。
+
+```shell
+yum install bash-completion -y
+```
+
+执行 `source <(kubectl completion bash)` 命令在您目前正在运行的 shell 中开启 kubectl 自动补全功能。
+
+可以将上述命令添加到 shell 配置文件中，这样在今后运行的 shell 中将自动开启 kubectl 自动补全：
+
+```shell
+echo "source <(kubectl completion bash)" >> ~/.bashrc
+```
+
+<!--
+### On macOS, using bash
+On macOS, you will need to install bash-completion support via [Homebrew](https://brew.sh/) first:
+
+```shell
+## If running Bash 3.2 included with macOS
+brew install bash-completion
+## or, if running Bash 4.1+
+brew install bash-completion@2
+```
+
+Follow the "caveats" section of brew's output to add the appropriate bash completion path to your local .bashrc.
+
+If you installed kubectl using the [Homebrew instructions](#install-with-homebrew-on-macos) then kubectl completion should start working immediately.
+
+If you have installed kubectl manually, you need to add kubectl autocompletion to the bash-completion:
+
+```shell
+kubectl completion bash > $(brew --prefix)/etc/bash_completion.d/kubectl
+```
+
+The Homebrew project is independent from Kubernetes, so the bash-completion packages are not guaranteed to work.
+-->
+### macOS 系统，使用 bash
+macOS 系统需要先通过 [Homebrew](https://brew.sh/) 安装 bash-completion：
+
+```shell
+## 如果您运行的是 macOS 自带的 Bash 3.2，请运行：
+brew install bash-completion
+## 如果您使用的是 Bash 4.1+，请运行：
+brew install bash-completion@2
+```
+
+请根据 Homebrew 输出的”注意事项（caveats）”部分的内容将 bash-completion 的路径添加到本地 .bashrc 文件中。
+
+如果您是按照 [Homebrew 指示](#jump)中的步骤安装的 kubectl，那么无需其他配置，kubectl 的自动补全功能已经被启用。
+
+如果您是手工下载并安装的 kubectl，那么您需要将 kubectl 自动补全添加到 bash-completion：
+
+```shell
+kubectl completion bash > $(brew --prefix)/etc/bash_completion.d/kubectl
+```
+
+由于 Homebrew 项目与 Kubernetes 无关，所以并不能保证 bash-completion 总能够支持 kubectl 的自动补全功能。
+
+<!--
+### Using Zsh
+If you are using zsh edit the ~/.zshrc file and add the following code to enable kubectl autocompletion:
+
+```shell
+if [ $commands[kubectl] ]; then
+  source <(kubectl completion zsh)
+fi
+```
+
+Or when using [Oh-My-Zsh](http://ohmyz.sh/), edit the ~/.zshrc file and update the `plugins=` line to include the kubectl plugin.
+
+```shell
+plugins=(kubectl)
+```
+-->
+### 使用 Zsh
+如果您使用的是 zsh,请编辑 ~/.zshrc 文件并添加以下代码以启用 kubectl 自动补全功能。
+
+
+```shell
+if [ $commands[kubectl] ]; then
+  source <(kubectl completion zsh)
+fi
+```
+
+如果您使用的是 [Oh-My-Zsh](http://ohmyz.sh/)，请编辑 ~/.zshrc 文件并更新 `plugins=` 行以包含 kubectl 插件。
+
+```shell
+plugins=(kubectl)
+```
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+<!--
+[Learn how to launch and expose your application.](/docs/tasks/access-application-cluster/service-access-application-cluster/)
+-->
+[了解如何启动并对外暴露您的应用程序](/docs/tasks/access-application-cluster/service-access-application-cluster/)
+{{% /capture %}}
+
diff --git a/content/zh/docs/tasks/tools/install-minikube.md b/content/zh/docs/tasks/tools/install-minikube.md
new file mode 100644
index 0000000000000..5f22328883bf5
--- /dev/null
+++ b/content/zh/docs/tasks/tools/install-minikube.md
@@ -0,0 +1,112 @@
+---
+title: 安装 Minikube
+content_template: templates/task
+weight: 20
+---
+
+<!--
+---
+title: Install Minikube
+content_template: templates/task
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+
+本页面讲述如何安装 Minikube。
+<!--
+This page shows how to install Minikube.
+-->
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+您的计算机必须在 BIOS 中启用 VT-x 或 AMD-v 虚拟化。
+<!--
+VT-x or AMD-v virtualization must be enabled in your computer's BIOS.
+-->
+
+{{% /capture %}}
+
+{{% capture steps %}}
+
+## 安装 Hypervisor
+<!--
+## Install a Hypervisor
+-->
+
+如果还没有装过 hypervisor，以下是一些不错的选择：
+<!--
+If you do not already have a hypervisor installed, install the appropriate one for your OS now:
+-->
+<!--
+* macOS: [VirtualBox](https://www.virtualbox.org/wiki/Downloads) or [VMware Fusion](https://www.vmware.com/products/fusion), or [HyperKit](https://github.com/moby/hyperkit).
+-->
+<!--
+* Linux: [VirtualBox](https://www.virtualbox.org/wiki/Downloads) or [KVM](http://www.linux-kvm.org/).
+-->
+
+* macOS：[VirtualBox](https://www.virtualbox.org/wiki/Downloads) 或者
+[VMware Fusion](https://www.vmware.com/products/fusion)，或者
+[HyperKit](https://github.com/moby/hyperkit)。
+* Linux：[VirtualBox](https://www.virtualbox.org/wiki/Downloads) 或者
+[KVM](http://www.linux-kvm.org/)。
+
+
+  {{< note >}}
+
+  Minikube 也支持 `-\-vm-driver=none` 选项，该选项在主机而非 VM 上运行 Kubernetes 组件。
+  使用这个驱动程序需要 Docker 和 linux 环境，而不需要 hypervisor。
+  
+  <!--
+  Minikube also supports a `-\-vm-driver=none` option that runs the Kubernetes components on the host and not in a VM.  Using this driver requires Docker and a linux environment, but not a hypervisor.
+  -->
+  <!--
+* Windows: [VirtualBox](https://www.virtualbox.org/wiki/Downloads) or
+[Hyper-V](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install).
+-->
+
+  {{< /note >}}
+
+* Windows：[VirtualBox](https://www.virtualbox.org/wiki/Downloads) 或者
+[Hyper-V](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install)。
+
+## 安装 kubectl
+
+<!--
+* Install kubectl according to the instructions in [Install and Set Up kubectl](/docs/tasks/tools/install-kubectl/).
+-->
+<!--
+## Install kubectl
+-->
+
+* 请参照 [安装与设置 kubectl](/docs/tasks/tools/install-kubectl/) 中的说明安装 kubectl。
+
+## 安装 Minikube
+
+<!--
+## Install Minikube
+-->
+<!--
+* Install Minikube according to the instructions for the [latest release](https://github.com/kubernetes/minikube/releases).
+-->
+
+* 请参照[最新发行](https://github.com/kubernetes/minikube/releases)指导安装 Minikube。
+
+
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+* [使用 Minikube 在本地运行 Kubernetes](/docs/getting-started-guides/minikube/)
+
+<!--
+* [Running Kubernetes Locally via Minikube](/docs/getting-started-guides/minikube/)
+-->
+
+{{% /capture %}}
+
+
diff --git a/content/zh/docs/templates/feature-state-alpha.txt b/content/zh/docs/templates/feature-state-alpha.txt
new file mode 100644
index 0000000000000..37b3ef9753c79
--- /dev/null
+++ b/content/zh/docs/templates/feature-state-alpha.txt
@@ -0,0 +1,7 @@
+该功能目前处于 *alpha* 状态，意味着：
+
+* 版本名称包含 alpha（例如 v1alpha1）。
+* 可能存在问题，启用该功能可能会暴露 bug。默认情况下被禁用。
+* 对该功能的支持可能在任何时候被取消，而不另行通知。
+* API 可能会在以后的软件版本中以不兼容的方式被更改，而不另行通知。
+* 建议仅在短期测试集群中使用该功能，这是因为使用该功能会增加出现 bug 的风险，而且缺乏长期支持。
\ No newline at end of file
diff --git a/content/zh/docs/templates/feature-state-beta.txt b/content/zh/docs/templates/feature-state-beta.txt
new file mode 100644
index 0000000000000..34765b6e8e9b4
--- /dev/null
+++ b/content/zh/docs/templates/feature-state-beta.txt
@@ -0,0 +1,8 @@
+该功能目前处于 *beta* 状态，意味着：
+
+* 版本名称包含 beta （例如 v2beta3）。
+* 代码经过了充分测试，启用该功能被认为是安全的。默认情况下被启用。
+* 对整体功能的支持在未来不会被移除，尽管细节上可能会做更改。
+* 在后续的 beta 或稳定版本中，对象的模式、语义可能以不兼容的方式发生变化。当这种情况发生时，我们将提供迁移到下一个版本的说明。这可能需要删除、编辑和重建 API 对象，编辑过程可能需要一些思考。这可能导致依赖该功能的应用程序停机一段时间。
+* 建议仅在非业务关键场景使用该功能，因为在后续版本中可能会发生不兼容的更改。如果您有多个可以独立升级的集群，那么您可能可以放松这个限制。
+* **请尝试使用我们的 beta 版功能，并给出反馈！在它们退出 beta 测试阶段之后，我们将很难去做更多的更改。**
\ No newline at end of file
diff --git a/content/zh/docs/templates/feature-state-deprecated.txt b/content/zh/docs/templates/feature-state-deprecated.txt
new file mode 100644
index 0000000000000..06a0a436609c0
--- /dev/null
+++ b/content/zh/docs/templates/feature-state-deprecated.txt
@@ -0,0 +1,2 @@
+
+该功能已被*弃用*。有关此状态的更多信息，请参见[Kubernetes 弃用策略](/docs/reference/deprecation-policy/)。
diff --git a/content/zh/docs/templates/feature-state-stable.txt b/content/zh/docs/templates/feature-state-stable.txt
new file mode 100644
index 0000000000000..aa422b9f1a24b
--- /dev/null
+++ b/content/zh/docs/templates/feature-state-stable.txt
@@ -0,0 +1,5 @@
+
+该功能是“稳定的”，意味着：
+
+* 版本名是 vX，其中 X 是整数。
+* 该功能将出现在多个后续释出的软件稳定版中。
diff --git a/content/zh/docs/templates/index.md b/content/zh/docs/templates/index.md
index ca03031f1ee91..cddc5576cc8e0 100644
--- a/content/zh/docs/templates/index.md
+++ b/content/zh/docs/templates/index.md
@@ -1,3 +1,29 @@
 ---
 headless: true
+
+resources:
+- src: "*alpha*"
+  title: "alpha"
+- src: "*beta*"
+  title: "beta"
+- src: "*deprecated*"
+  title: "废弃"
+- src: "*stable*"
+  title: "稳定"
 ---
+
+<!--
+---
+headless: true
+
+resources:
+- src: "*alpha*"
+  title: "alpha"
+- src: "*beta*"
+  title: "beta"
+- src: "*deprecated*"
+  title: "deprecated"
+- src: "*stable*"
+  title: "stable"
+---
+-->
diff --git a/content/zh/docs/tutorials/_index.md b/content/zh/docs/tutorials/_index.md
new file mode 100644
index 0000000000000..0c99aa6d98e2b
--- /dev/null
+++ b/content/zh/docs/tutorials/_index.md
@@ -0,0 +1,189 @@
+---
+title: 教程
+main_menu: true
+weight: 60
+content_template: templates/concept
+---
+
+<!--
+---
+title: Tutorials
+main_menu: true
+weight: 60
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+Kubernetes 文档的这一部分包含教程。一个教程展示了如何完成一个比单个[任务](/docs/tasks/)更大的目标。
+通常一个教程有几个部分，每个部分都有一系列步骤。在浏览每个教程之前，
+您可能希望将[标准化术语表](/docs/reference/glossary/)页面添加到书签，供以后参考。
+
+<!--
+This section of the Kubernetes documentation contains tutorials.
+A tutorial shows how to accomplish a goal that is larger than a single
+[task](/docs/tasks/). Typically a tutorial has several sections,
+each of which has a sequence of steps.
+Before walking through each tutorial, you may want to bookmark the
+[Standardized Glossary](/docs/reference/glossary/) page for later references.
+-->
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+## 基础知识
+
+<!--
+## Basics
+-->
+
+* [Kubernetes 基础知识](/docs/tutorials/Kubernetes-Basics/)是一个深入的交互式教程，帮助您理解 Kubernetes 系统，并尝试一些基本的 Kubernetes 特性。
+
+<!--
+* [Kubernetes Basics](/docs/tutorials/kubernetes-basics/) is an in-depth interactive tutorial that helps you understand the Kubernetes system and try out some basic Kubernetes features.
+-->
+
+* [使用 Kubernetes (Udacity) 的可伸缩微服务](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615)
+
+<!--
+* [Scalable Microservices with Kubernetes (Udacity)](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615)
+-->
+
+* [介绍 Kubernetes (edx)](https://www.edx.org/course/introduction-kubernetes-linuxfoundationx-lfs158x#)
+
+<!--
+* [Introduction to Kubernetes (edX)](https://www.edx.org/course/introduction-kubernetes-linuxfoundationx-lfs158x#)
+-->
+
+* [你好 Minikube](/docs/tutorials/hello-minikube/)
+
+<!--
+* [Hello Minikube](/docs/tutorials/hello-minikube/)
+-->
+
+## 配置
+
+<!--
+## Configuration
+-->
+
+* [使用一个 ConfigMap 配置 Redis](/docs/tutorials/configuration/configure-redis-using-configmap/)
+
+<!--
+* [Configuring Redis Using a ConfigMap](/docs/tutorials/configuration/configure-redis-using-configmap/)
+-->
+
+## 无状态应用程序
+
+<!--
+## Stateless Applications
+-->
+
+* [公开外部 IP 地址访问集群中的应用程序](/docs/tutorials/stateless-application/expose-external-ip-address/)
+
+<!--
+* [Exposing an External IP Address to Access an Application in a Cluster](/docs/tutorials/stateless-application/expose-external-ip-address/)
+-->
+
+* [示例：使用 Redis 部署 PHP 留言板应用程序](/docs/tutorials/stateless-application/guestbook/)
+
+<!--
+* [Example: Deploying PHP Guestbook application with Redis](/docs/tutorials/stateless-application/guestbook/)
+-->
+
+## 有状态应用程序
+
+<!--
+## Stateful Applications
+-->
+
+* [StatefulSet 基础](/docs/tutorials/stateful-application/basic-stateful-set/)
+
+<!--
+* [StatefulSet Basics](/docs/tutorials/stateful-application/basic-stateful-set/)
+-->
+
+* [示例：WordPress 和 MySQL 使用持久卷](/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/)
+
+<!--
+* [Example: WordPress and MySQL with Persistent Volumes](/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/)
+-->
+
+* [示例：使用有状态集部署 Cassandra](/docs/tutorials/stateful-application/cassandra/)
+
+<!--
+* [Example: Deploying Cassandra with Stateful Sets](/docs/tutorials/stateful-application/cassandra/)
+-->
+
+* [运行 ZooKeeper，CP 分布式系统](/docs/tutorials/stateful-application/zookeeper/)
+
+<!--
+* [Running ZooKeeper, A CP Distributed System](/docs/tutorials/stateful-application/zookeeper/)
+-->
+
+## CI/CD 管道
+
+<!--
+## CI/CD Pipeline
+-->
+
+* [用 Kubernetes 第一部分：概述建立 CI/CD 管道](https://www.linux.com/blog/learn/chapter/Intro-to-Kubernetes/2017/5/set-cicd-pipeline-kubernetes-part-1-overview)
+
+<!--
+* [Set Up a CI/CD Pipeline with Kubernetes Part 1: Overview](https://www.linux.com/blog/learn/chapter/Intro-to-Kubernetes/2017/5/set-cicd-pipeline-kubernetes-part-1-overview)
+-->
+
+* [与 Kubernetes 中的 Jenkins Pod 一起建立 CI/CD 管道(第二部分)](https://www.linux.com/blog/learn/chapter/Intro-to-Kubernetes/2017/6/set-cicd-pipeline-jenkins-pod-kubernetes-part-2)
+
+<!--
+* [Set Up a CI/CD Pipeline with a Jenkins Pod in Kubernetes (Part 2)](https://www.linux.com/blog/learn/chapter/Intro-to-Kubernetes/2017/6/set-cicd-pipeline-jenkins-pod-kubernetes-part-2)
+-->
+
+* [在 Kubernetes 上运行并扩展一个带有 CI/CD 的分布式填字游戏应用程序(第三部分)](https://www.linux.com/blog/learn/chapter/intro-to-kubernetes/2017/6/run-and-scale-distributed-crossword-puzzle-app-cicd-kubernetes-part-3)
+
+<!--
+* [Run and Scale a Distributed Crossword Puzzle App with CI/CD on Kubernetes (Part 3)](https://www.linux.com/blog/learn/chapter/intro-to-kubernetes/2017/6/run-and-scale-distributed-crossword-puzzle-app-cicd-kubernetes-part-3)
+-->
+
+* [为 Kubernetes 上的分布式填字游戏应用程序设置 CI/CD (第四部分))](https://www.linux.com/blog/learn/chapter/intro-to-kubernetes/2017/6/set-cicd-distributed-crossword-puzzle-app-kubernetes-part-4)
+
+<!--
+* [Set Up CI/CD for a Distributed Crossword Puzzle App on Kubernetes (Part 4)](https://www.linux.com/blog/learn/chapter/intro-to-kubernetes/2017/6/set-cicd-distributed-crossword-puzzle-app-kubernetes-part-4)
+-->
+
+## 集群
+
+* [AppArmor](/docs/tutorials/clusters/apparmor/)
+
+<!--
+## Clusters
+
+* [AppArmor](/docs/tutorials/clusters/apparmor/)
+-->
+
+## 服务
+
+* [使用源 IP](/docs/tutorials/services/source-ip/)
+
+<!--
+## Services
+
+* [Using Source IP](/docs/tutorials/services/source-ip/)
+-->
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+如果您想编写教程，请参阅[使用页面模板](/docs/home/contribute/page-templates/)
+以获取有关教程页面类型和教程模板的信息。
+<!--
+If you would like to write a tutorial, see
+[Using Page Templates](/docs/home/contribute/page-templates/)
+for information about the tutorial page type and the tutorial template.
+-->
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/tutorials/clusters/_index.md b/content/zh/docs/tutorials/clusters/_index.md
new file mode 100644
index 0000000000000..1909047b2d90e
--- /dev/null
+++ b/content/zh/docs/tutorials/clusters/_index.md
@@ -0,0 +1,11 @@
+---
+title: "集群"
+weight: 60
+---
+
+<!--
+---
+title: "Clusters"
+weight: 60
+---
+-->
diff --git a/content/zh/docs/tutorials/clusters/apparmor.md b/content/zh/docs/tutorials/clusters/apparmor.md
new file mode 100644
index 0000000000000..137fe15b0243f
--- /dev/null
+++ b/content/zh/docs/tutorials/clusters/apparmor.md
@@ -0,0 +1,601 @@
+---
+title: AppArmor
+content_template: templates/tutorial
+---
+<!-- ---
+reviewers:
+- stclair
+title: AppArmor
+content_template: templates/tutorial
+--- -->
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.4" state="beta" >}}
+
+
+<!-- AppArmor is a Linux kernel security module that supplements the standard Linux user and group based
+permissions to confine programs to a limited set of resources. AppArmor can be configured for any
+application to reduce its potential attack surface and provide greater in-depth defense. It is
+configured through profiles tuned to whitelist the access needed by a specific program or container,
+such as Linux capabilities, network access, file permissions, etc. Each profile can be run in either
+*enforcing* mode, which blocks access to disallowed resources, or *complain* mode, which only reports
+violations. -->
+Apparmor 是一个 Linux 内核安全模块，它补充了标准的基于 Linux 用户和组的安全模块将程序限制为有限资源集的权限。AppArmor 可以配置为任何应用程序减少潜在的攻击面，并且提供更加深入的防御。AppArmor 是通过配置文件进行配置的，这些配置文件被调整为报名单，列出了特定程序或者容器所需要的访问权限，如 Linux 功能、网络访问、文件权限等。每个配置文件都可以在*强制*模式(阻止访问不允许的资源)或*投诉*模式(仅报告冲突)下运行。
+
+
+{{% /capture %}}
+
+{{% capture objectives %}}
+
+<!-- * See an example of how to load a profile on a node
+* Learn how to enforce the profile on a Pod
+* Learn how to check that the profile is loaded
+* See what happens when a profile is violated
+* See what happens when a profile cannot be loaded -->
+* 查看如何在节点上加载配置文件示例
+* 了解如何在 Pod 上强制执行配置文件
+* 了解如何检查配置文件是否已加载
+* 查看违反配置文件时会发生什么情况
+* 查看无法加载配置文件时会发生什么情况
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!-- Make sure: -->
+务必：
+
+<!-- 1. Kubernetes version is at least v1.4 -- Kubernetes support for AppArmor was added in
+   v1.4. Kubernetes components older than v1.4 are not aware of the new AppArmor annotations, and
+   will **silently ignore** any AppArmor settings that are provided. To ensure that your Pods are
+   receiving the expected protections, it is important to verify the Kubelet version of your nodes:
+
+   ```shell
+   kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {@.status.nodeInfo.kubeletVersion}\n{end}'
+   ```
+   ```
+   gke-test-default-pool-239f5d02-gyn2: v1.4.0
+   gke-test-default-pool-239f5d02-x1kf: v1.4.0
+   gke-test-default-pool-239f5d02-xwux: v1.4.0
+   ``` -->
+1. Kubernetes 版本至少是 v1.4 -- AppArmor 在 Kubernetes v1.4 版本中才添加了对 AppArmor 的支持。早于 v1.4 版本的 Kubernetes 组件不知道新的 AppArmor 注释，并且将会 **默认忽略** 提供的任何 AppArmor 设置。为了确保您的 Pods 能够得到预期的保护，必须验证节点的 Kubelet 版本：
+
+  ```shell
+   kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {@.status.nodeInfo.kubeletVersion}\n{end}'
+   ```
+   ```
+   gke-test-default-pool-239f5d02-gyn2: v1.4.0
+   gke-test-default-pool-239f5d02-x1kf: v1.4.0
+   gke-test-default-pool-239f5d02-xwux: v1.4.0
+   ```
+
+<!-- 2. AppArmor kernel module is enabled -- For the Linux kernel to enforce an AppArmor profile, the
+   AppArmor kernel module must be installed and enabled. Several distributions enable the module by
+   default, such as Ubuntu and SUSE, and many others provide optional support. To check whether the
+   module is enabled, check the `/sys/module/apparmor/parameters/enabled` file:
+
+   ```shell
+   cat /sys/module/apparmor/parameters/enabled
+   Y
+   ```
+
+   If the Kubelet contains AppArmor support (>= v1.4), it will refuse to run a Pod with AppArmor
+   options if the kernel module is not enabled.
+
+  {{< note >}}
+  Ubuntu carries many AppArmor patches that have not been merged into the upstream Linux
+  kernel, including patches that add additional hooks and features. Kubernetes has only been
+  tested with the upstream version, and does not promise support for other features.
+  {{< /note >}} -->
+2. AppArmor 内核模块已启用 -- 要使 Linux 内核强制执行 AppArmor 配置文件，必须安装并且启动 AppArmor 内核模块。默认情况下，有几个发行版支持该模块，如 Ubuntu 和 SUSE，还有许多发行版提供可选支持。要检查模块是否已启用，请检查 
+`/sys/module/apparmor/parameters/enabled` 文件：
+  ```shell
+   cat /sys/module/apparmor/parameters/enabled
+   Y
+   ```
+   如果 Kubelet 包含 AppArmor 支持(>=v1.4)，如果内核模块未启用，它将拒绝运行带有 AppArmor 选项的 Pod。
+
+  {{< note >}}
+  Ubuntu 携带了许多没有合并到上游 Linux 内核中的 AppArmor 补丁，包括添加附加钩子和特性的补丁。Kubernetes 只在上游版本中测试过，不承诺支持其他特性。
+  {{< /note >}}
+
+<!-- 3. Container runtime is Docker -- Currently the only Kubernetes-supported container runtime that
+   also supports AppArmor is Docker. As more runtimes add AppArmor support, the options will be
+   expanded. You can verify that your nodes are running docker with:
+
+   ```shell
+   kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {@.status.nodeInfo.containerRuntimeVersion}\n{end}'
+   ```
+   ```
+   gke-test-default-pool-239f5d02-gyn2: docker://1.11.2
+   gke-test-default-pool-239f5d02-x1kf: docker://1.11.2
+   gke-test-default-pool-239f5d02-xwux: docker://1.11.2
+   ```
+
+   If the Kubelet contains AppArmor support (>= v1.4), it will refuse to run a Pod with AppArmor
+   options if the runtime is not Docker. -->
+3. Docker 作为容器运行环境 -- 目前，支持 Kubernetes 运行的容器中只有 Docker 也支持 AppArmor。随着更多的运行时添加 AppArmor 的支持，可选项将会增多。您可以使用以下命令验证节点是否正在运行 Docker:
+   ```shell
+   kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {@.status.nodeInfo.containerRuntimeVersion}\n{end}'
+   ```
+   ```
+   gke-test-default-pool-239f5d02-gyn2: docker://1.11.2
+   gke-test-default-pool-239f5d02-x1kf: docker://1.11.2
+   gke-test-default-pool-239f5d02-xwux: docker://1.11.2
+   ```
+
+   如果 Kubelet 包含 AppArmor 支持(>=v1.4)，如果运行环境不是 Docker，它将拒绝运行带有 AppArmor 选项的 Pod。
+
+<!-- 4. Profile is loaded -- AppArmor is applied to a Pod by specifying an AppArmor profile that each
+   container should be run with. If any of the specified profiles is not already loaded in the
+   kernel, the Kubelet (>= v1.4) will reject the Pod. You can view which profiles are loaded on a
+   node by checking the `/sys/kernel/security/apparmor/profiles` file. For example:
+
+   ```shell
+   ssh gke-test-default-pool-239f5d02-gyn2 "sudo cat /sys/kernel/security/apparmor/profiles | sort"
+   ```
+   ```
+   apparmor-test-deny-write (enforce)
+   apparmor-test-audit-write (enforce)
+   docker-default (enforce)
+   k8s-nginx (enforce)
+   ```
+
+   For more details on loading profiles on nodes, see
+   [Setting up nodes with profiles](#setting-up-nodes-with-profiles). -->
+4. 配置文件已加载 -- 通过指定每个容器都应使用 AppArmor 配置文件，AppArmor 应用于 Pod。如果指定的任何配置文件尚未加载到内核， Kubelet (>=v1.4) 将拒绝 Pod。通过检查 `/sys/kernel/security/apparmor/profiles` 文件，可以查看节点加载了哪些配置文件。例如:
+
+   ```shell
+   ssh gke-test-default-pool-239f5d02-gyn2 "sudo cat /sys/kernel/security/apparmor/profiles | sort"
+   ```
+   ```
+   apparmor-test-deny-write (enforce)
+   apparmor-test-audit-write (enforce)
+   docker-default (enforce)
+   k8s-nginx (enforce)
+   ```
+
+   <!-- For more details on loading profiles on nodes, see
+   [Setting up nodes with profiles](#setting-up-nodes-with-profiles). -->
+   有关在节点上加载配置文件的详细信息，请参见[使用配置文件设置节点](#setting-up-nodes-with-profiles)。
+
+<!-- As long as the Kubelet version includes AppArmor support (>= v1.4), the Kubelet will reject a Pod
+with AppArmor options if any of the prerequisites are not met. You can also verify AppArmor support
+on nodes by checking the node ready condition message (though this is likely to be removed in a
+later release): -->
+只要 Kubelet 版本包含 AppArmor 支持(>=v1.4)，如果不满足任何先决条件，Kubelet 将拒绝带有 AppArmor 选项的 Pod。您还可以通过检查节点就绪状况消息来验证节点上的 AppArmor 支持(尽管这可能会在以后的版本中删除)：
+
+```shell
+kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}'
+```
+```
+gke-test-default-pool-239f5d02-gyn2: kubelet is posting ready status. AppArmor enabled
+gke-test-default-pool-239f5d02-x1kf: kubelet is posting ready status. AppArmor enabled
+gke-test-default-pool-239f5d02-xwux: kubelet is posting ready status. AppArmor enabled
+```
+
+{{% /capture %}}
+
+{{% capture lessoncontent %}}
+
+<!-- ## Securing a Pod -->
+## 保护 Pod
+
+{{< note >}}
+<!-- AppArmor is currently in beta, so options are specified as annotations. Once support graduates to
+general availability, the annotations will be replaced with first-class fields (more details in
+[Upgrade path to GA](#upgrade-path-to-general-availability)). -->
+AppArmor 目前处于测试阶段，因此选项被指定为注释。一旦 AppArmor 被授予支持通用，注释将替换为首要的字段(更多详情参见[升级到 GA 的途径](#upgrade-path-to-general-availability))。
+{{< /note >}}
+
+<!-- AppArmor profiles are specified *per-container*. To specify the AppArmor profile to run a Pod
+container with, add an annotation to the Pod's metadata: -->
+AppArmor 配置文件被指定为 *per-container*。要指定要用其运行 Pod 容器的 AppArmor 配置文件，请向 Pod 的元数据添加注释：
+
+```yaml
+container.apparmor.security.beta.kubernetes.io/<container_name>: <profile_ref>
+```
+
+<!-- Where `<container_name>` is the name of the container to apply the profile to, and `<profile_ref>`
+specifies the profile to apply. The `profile_ref` can be one of: -->
+`<container_name>` 的名称是容器的简称，用以描述简介，并且简称为 `<profile_ref>` 。`<profile_ref>` 可以作为其中之一：
+
+<!-- * `runtime/default` to apply the runtime's default profile
+* `localhost/<profile_name>` to apply the profile loaded on the host with the name `<profile_name>`
+* `unconfined` to indicate that no profiles will be loaded -->
+* `runtime/default` 应用运行时的默认配置
+* `localhost/<profile_name>` 应用在名为 `<profile_name>` 的主机上加载的配置文件
+* `unconfined` 表示不加载配置文件
+
+<!-- See the [API Reference](#api-reference) for the full details on the annotation and profile name formats. -->
+有关注释和配置文件名称格式的详细信息，请参阅[API 参考](#api-reference)。
+
+<!-- Kubernetes AppArmor enforcement works by first checking that all the prerequisites have been
+met, and then forwarding the profile selection to the container runtime for enforcement. If the
+prerequisites have not been met, the Pod will be rejected, and will not run. -->
+Kubernetes AppArmor 强制首先通过检查所有先决条件都已满足，然后将配置文件选择转发到容器运行时进行强制。如果未满足先决条件， Pod 将被拒绝，并且不会运行。
+
+<!-- To verify that the profile was applied, you can look for the AppArmor security option listed in the container created event: -->
+要验证是否应用了配置文件，可以查找容器创建事件中列出的 AppArmor 安全选项：
+
+```shell
+kubectl get events | grep Created
+```
+```
+22s        22s         1         hello-apparmor     Pod       spec.containers{hello}   Normal    Created     {kubelet e2e-test-stclair-node-pool-31nt}   Created container with docker id 269a53b202d3; Security:[seccomp=unconfined apparmor=k8s-apparmor-example-deny-write]
+```
+
+<!-- You can also verify directly that the container's root process is running with the correct profile by checking its proc attr: -->
+您还可以通过检查容器的 proc attr，直接验证容器的根进程是否以正确的配置文件运行：
+
+```shell
+kubectl exec <pod_name> cat /proc/1/attr/current
+```
+```
+k8s-apparmor-example-deny-write (enforce)
+```
+
+<!-- ## Example -->
+## 举例
+
+<!-- *This example assumes you have already set up a cluster with AppArmor support.* -->
+*本例假设您已经使用 AppArmor 支持设置了一个集群。*
+
+<!-- First, we need to load the profile we want to use onto our nodes. The profile we'll use simply
+denies all file writes: -->
+首先，我们需要将要使用的配置文件加载到节点上。我们将使用的配置文件仅拒绝所有文件写入：
+
+```shell
+#include <tunables/global>
+profile k8s-apparmor-example-deny-write flags=(attach_disconnected) {
+  #include <abstractions/base>
+  file,
+  # Deny all file writes.
+  deny /** w,
+}
+```
+
+<!-- Since we don't know where the Pod will be scheduled, we'll need to load the profile on all our
+nodes. For this example we'll just use SSH to install the profiles, but other approaches are
+discussed in [Setting up nodes with profiles](#setting-up-nodes-with-profiles). -->
+由于我们不知道 Pod 将被安排在那里，我们需要在所有节点上加载配置文件。在本例中，我们将只使用 SSH 来安装概要文件，但是在[使用配置文件设置节点](#setting-up-nodes-with-profiles)中讨论了其他方法。
+
+```shell
+NODES=(
+    # The SSH-accessible domain names of your nodes
+    gke-test-default-pool-239f5d02-gyn2.us-central1-a.my-k8s
+    gke-test-default-pool-239f5d02-x1kf.us-central1-a.my-k8s
+    gke-test-default-pool-239f5d02-xwux.us-central1-a.my-k8s)
+for NODE in ${NODES[*]}; do ssh $NODE 'sudo apparmor_parser -q <<EOF
+#include <tunables/global>
+
+profile k8s-apparmor-example-deny-write flags=(attach_disconnected) {
+  #include <abstractions/base>
+
+  file,
+
+  # Deny all file writes.
+  deny /** w,
+}
+EOF'
+done
+```
+
+<!-- Next, we'll run a simple "Hello AppArmor" pod with the deny-write profile: -->
+接下来，我们将运行一个带有拒绝写入配置文件的简单 "Hello AppArmor" pod：
+
+{{< codenew file="pods/security/hello-apparmor.yaml" >}}
+
+```shell
+kubectl create -f ./hello-apparmor.yaml
+```
+
+<!-- If we look at the pod events, we can see that the Pod container was created with the AppArmor
+profile "k8s-apparmor-example-deny-write": -->
+如果我们查看 pod 事件，我们可以看到 pod 容器是用 AppArmor 配置文件 "k8s-apparmor-example-deny-write" 所创建的：
+
+```shell
+kubectl get events | grep hello-apparmor
+```
+```
+14s        14s         1         hello-apparmor   Pod                                Normal    Scheduled   {default-scheduler }                           Successfully assigned hello-apparmor to gke-test-default-pool-239f5d02-gyn2
+14s        14s         1         hello-apparmor   Pod       spec.containers{hello}   Normal    Pulling     {kubelet gke-test-default-pool-239f5d02-gyn2}   pulling image "busybox"
+13s        13s         1         hello-apparmor   Pod       spec.containers{hello}   Normal    Pulled      {kubelet gke-test-default-pool-239f5d02-gyn2}   Successfully pulled image "busybox"
+13s        13s         1         hello-apparmor   Pod       spec.containers{hello}   Normal    Created     {kubelet gke-test-default-pool-239f5d02-gyn2}   Created container with docker id 06b6cd1c0989; Security:[seccomp=unconfined apparmor=k8s-apparmor-example-deny-write]
+13s        13s         1         hello-apparmor   Pod       spec.containers{hello}   Normal    Started     {kubelet gke-test-default-pool-239f5d02-gyn2}   Started container with docker id 06b6cd1c0989
+```
+
+<!-- We can verify that the container is actually running with that profile by checking its proc attr: -->
+我们可以通过检查该配置文件的 proc attr 来验证容器是否实际使用该配置文件运行：
+
+```shell
+kubectl exec hello-apparmor cat /proc/1/attr/current
+```
+```
+k8s-apparmor-example-deny-write (enforce)
+```
+
+<!-- Finally, we can see what happens if we try to violate the profile by writing to a file: -->
+最后，我们可以看到如果试图通过写入文件来违反配置文件，会发生什么情况：
+
+```shell
+kubectl exec hello-apparmor touch /tmp/test
+```
+```
+touch: /tmp/test: Permission denied
+error: error executing remote command: command terminated with non-zero exit code: Error executing in Docker Container: 1
+```
+
+<!-- To wrap up, let's look at what happens if we try to specify a profile that hasn't been loaded: -->
+最后，让我们看看如果我们试图指定一个尚未加载的配置文件会发生什么：
+
+```shell
+kubectl create -f /dev/stdin <<EOF
+```
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hello-apparmor-2
+  annotations:
+    container.apparmor.security.beta.kubernetes.io/hello: localhost/k8s-apparmor-example-allow-write
+spec:
+  containers:
+  - name: hello
+    image: busybox
+    command: [ "sh", "-c", "echo 'Hello AppArmor!' && sleep 1h" ]
+EOF
+pod/hello-apparmor-2 created
+```
+
+```shell
+kubectl describe pod hello-apparmor-2
+```
+```
+Name:          hello-apparmor-2
+Namespace:     default
+Node:          gke-test-default-pool-239f5d02-x1kf/
+Start Time:    Tue, 30 Aug 2016 17:58:56 -0700
+Labels:        <none>
+Annotations:   container.apparmor.security.beta.kubernetes.io/hello=localhost/k8s-apparmor-example-allow-write
+Status:        Pending
+Reason:        AppArmor
+Message:       Pod Cannot enforce AppArmor: profile "k8s-apparmor-example-allow-write" is not loaded
+IP:
+Controllers:   <none>
+Containers:
+  hello:
+    Container ID:
+    Image:     busybox
+    Image ID:
+    Port:
+    Command:
+      sh
+      -c
+      echo 'Hello AppArmor!' && sleep 1h
+    State:              Waiting
+      Reason:           Blocked
+    Ready:              False
+    Restart Count:      0
+    Environment:        <none>
+    Mounts:
+      /var/run/secrets/kubernetes.io/serviceaccount from default-token-dnz7v (ro)
+Conditions:
+  Type          Status
+  Initialized   True
+  Ready         False
+  PodScheduled  True
+Volumes:
+  default-token-dnz7v:
+    Type:    Secret (a volume populated by a Secret)
+    SecretName:    default-token-dnz7v
+    Optional:   false
+QoS Class:      BestEffort
+Node-Selectors: <none>
+Tolerations:    <none>
+Events:
+  FirstSeen    LastSeen    Count    From                        SubobjectPath    Type        Reason        Message
+  ---------    --------    -----    ----                        -------------    --------    ------        -------
+  23s          23s         1        {default-scheduler }                         Normal      Scheduled     Successfully assigned hello-apparmor-2 to e2e-test-stclair-node-pool-t1f5
+  23s          23s         1        {kubelet e2e-test-stclair-node-pool-t1f5}             Warning        AppArmor    Cannot enforce AppArmor: profile "k8s-apparmor-example-allow-write" is not loaded
+```
+
+<!-- Note the pod status is Failed, with a helpful error message: `Pod Cannot enforce AppArmor: profile
+"k8s-apparmor-example-allow-write" is not loaded`. An event was also recorded with the same message. -->
+注意 pod 呈现失败状态，并且显示一条有用的错误信息：`Pod Cannot enforce AppArmor: profile
+"k8s-apparmor-example-allow-write" 未加载`。还用相同的消息记录了一个事件。
+
+<!-- ## Administration -->
+## 管理
+
+<!-- ### Setting up nodes with profiles -->
+### 使用配置文件设置节点
+
+<!-- Kubernetes does not currently provide any native mechanisms for loading AppArmor profiles onto
+nodes. There are lots of ways to setup the profiles though, such as: -->
+Kubernetes 目前不提供任何本地机制来将 AppArmor 配置文件加载到节点上。有很多方法可以设置配置文件，例如：
+
+<!-- * Through a [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) that runs a Pod on each node to
+  ensure the correct profiles are loaded. An example implementation can be found
+  [here](https://git.k8s.io/kubernetes/test/images/apparmor-loader).
+* At node initialization time, using your node initialization scripts (e.g. Salt, Ansible, etc.) or
+  image.
+* By copying the profiles to each node and loading them through SSH, as demonstrated in the
+  [Example](#example). -->
+* 通过在每个节点上运行 Pod 的[DaemonSet](/docs/concepts/workloads/controllers/daemonset/)确保加载了正确的配置文件。可以找到一个示例实现[这里](https://git.k8s.io/kubernetes/test/images/apparmor loader)。
+* 在节点初始化时，使用节点初始化脚本(例如 Salt 、Ansible 等)或图像。
+* 通过将配置文件复制到每个节点并通过 SSH 加载它们，如[示例](#example)。
+
+<!-- The scheduler is not aware of which profiles are loaded onto which node, so the full set of profiles
+must be loaded onto every node.  An alternative approach is to add a node label for each profile (or
+class of profiles) on the node, and use a
+[node selector](/docs/concepts/configuration/assign-pod-node/) to ensure the Pod is run on a
+node with the required profile. -->
+调度程序不知道哪些配置文件加载到哪个节点上，因此必须将全套配置文件加载到每个节点上。另一种方法是为节点上的每个配置文件(或配置文件类)添加节点标签，并使用[节点选择器](/docs/concepts/configuration/assign pod node/)确保 Pod 在具有所需配置文件的节点上运行。
+
+<!-- ### Restricting profiles with the PodSecurityPolicy -->
+### 使用 PodSecurityPolicy 限制配置文件
+
+<!-- If the PodSecurityPolicy extension is enabled, cluster-wide AppArmor restrictions can be applied. To
+enable the PodSecurityPolicy, the following flag must be set on the `apiserver`: -->
+如果启用了 PodSecurityPolicy 扩展，则可以应用群集范围的 AppArmor 限制。要启用 PodSecurityPolicy，必须在“apiserver”上设置以下标志：
+
+```
+--enable-admission-plugins=PodSecurityPolicy[,others...]
+```
+
+<!-- The AppArmor options can be specified as annotations on the PodSecurityPolicy: -->
+AppArmor 选项可以指定为 PodSecurityPolicy 上的注释：
+
+```yaml
+apparmor.security.beta.kubernetes.io/defaultProfileName: <profile_ref>
+apparmor.security.beta.kubernetes.io/allowedProfileNames: <profile_ref>[,others...]
+```
+
+<!-- The default profile name option specifies the profile to apply to containers by default when none is
+specified. The allowed profile names option specifies a list of profiles that Pod containers are
+allowed to be run with. If both options are provided, the default must be allowed. The profiles are
+specified in the same format as on containers. See the [API Reference](#api-reference) for the full
+specification. -->
+默认配置文件名选项指定默认情况下在未指定任何配置文件时应用于容器的配置文件。节点允许配置文件名选项指定允许 Pod 容器运行时的配置文件列表。配置文件的指定格式与容器上的相同。完整规范见[API 参考](#api-reference)。
+
+<!-- ### Disabling AppArmor -->
+### 禁用 AppArmor
+
+<!-- If you do not want AppArmor to be available on your cluster, it can be disabled by a command-line flag: -->
+如果您不希望 AppArmor 在集群上可用，可以通过命令行标志禁用它：
+
+```
+--feature-gates=AppArmor=false
+```
+
+<!-- When disabled, any Pod that includes an AppArmor profile will fail validation with a "Forbidden"
+error. Note that by default docker always enables the "docker-default" profile on non-privileged
+pods (if the AppArmor kernel module is enabled), and will continue to do so even if the feature-gate
+is disabled. The option to disable AppArmor will be removed when AppArmor graduates to general
+availability (GA). -->
+禁用时，任何包含 AppArmor 配置文件的 Pod 都将因 "Forbidden" 错误而导致验证失败。注意，默认情况下，docker 总是在非特权 pods 上启用 "docker-default" 配置文件(如果 AppArmor 内核模块已启用)，并且即使功能门已禁用，也将继续启用该配置文件。当 AppArmor 应用于通用(GA)时，禁用 Apparmor 的选项将被删除。
+
+<!-- ### Upgrading to Kubernetes v1.4 with AppArmor -->
+### 使用 AppArmor 升级到 Kubernetes v1.4
+
+<!-- No action is required with respect to AppArmor to upgrade your cluster to v1.4. However, if any
+existing pods had an AppArmor annotation, they will not go through validation (or PodSecurityPolicy
+admission). If permissive profiles are loaded on the nodes, a malicious user could pre-apply a
+permissive profile to escalate the pod privileges above the docker-default. If this is a concern, it
+is recommended to scrub the cluster of any pods containing an annotation with
+`apparmor.security.beta.kubernetes.io`. -->
+不需要对 AppArmor 执行任何操作即可将集群升级到 v1.4。但是，如果任何现有的 pods 有一个 AppArmor 注释，它们将不会通过验证(或 PodSecurityPolicy 认证)。如果节点上加载了许可配置文件，恶意用户可以预先应用许可配置文件，将 pod 权限提升到 docker-default 权限之上。如果存在这个问题，建议清除包含 `apparmor.security.beta.kubernetes.io` 注释的任何 pods 的集群。
+
+<!-- ### Upgrade path to General Availability -->
+### 升级到一般可用性的途径
+
+<!-- When AppArmor is ready to be graduated to general availability (GA), the options currently specified
+through annotations will be converted to fields. Supporting all the upgrade and downgrade paths
+through the transition is very nuanced, and will be explained in detail when the transition
+occurs. We will commit to supporting both fields and annotations for at least 2 releases, and will
+explicitly reject the annotations for at least 2 releases after that. -->
+当 Apparmor 准备升级到通用(GA)时，当前指定的选项通过注释将转换为字段。通过转换支持所有升级和降级路径是非常微妙的，并将在转换发生时详细解释。我们将承诺在至少两个版本中同时支持字段和注释，并在之后的至少两个版本中显式拒绝注释。
+
+<!-- ## Authoring Profiles -->
+## 编写配置文件
+
+<!-- Getting AppArmor profiles specified correctly can be a tricky business. Fortunately there are some
+tools to help with that: -->
+获得正确指定的 AppArmor 配置文件可能是一件棘手的事情。幸运的是，有一些工具可以帮助您做到这一点：
+
+<!-- * `aa-genprof` and `aa-logprof` generate profile rules by monitoring an application's activity and
+  logs, and admitting the actions it takes. Further instructions are provided by the
+  [AppArmor documentation](https://gitlab.com/apparmor/apparmor/wikis/Profiling_with_tools).
+* [bane](https://github.com/jfrazelle/bane) is an AppArmor profile generator for Docker that uses a
+  simplified profile language. -->
+* `aa-genprof` and `aa-logprof` 通过监视应用程序的活动和日志并承认它所采取的操作来生成配置文件规则。更多说明由[AppArmor 文档](https://gitlab.com/apparmor/apparmor/wikis/Profiling_with_tools)提供。
+* [bane](https://github.com/jfrazelle/bane)是一个用于 Docker的 AppArmor 档案生成器，它使用简化的档案语言。
+
+<!-- It is recommended to run your application through Docker on a development workstation to generate
+the profiles, but there is nothing preventing running the tools on the Kubernetes node where your
+Pod is running. -->
+建议在开发工作站上通过 Docker 运行应用程序以生成配置文件，但是没有什么可以阻止在运行 Pod 的 Kubernetes 节点上运行工具。
+
+<!-- To debug problems with AppArmor, you can check the system logs to see what, specifically, was
+denied. AppArmor logs verbose messages to `dmesg`, and errors can usually be found in the system
+logs or through `journalctl`. More information is provided in
+[AppArmor failures](https://gitlab.com/apparmor/apparmor/wikis/AppArmor_Failures). -->
+想要调试 AppArmor 的问题，您可以检查系统日志，查看具体拒绝了什么。AppArmor 将详细消息记录到 `dmesg` ，错误通常可以在系统日志中或通过 `journalctl` 找到。更多详细信息见[AppArmor 失败](https://gitlab.com/apparmor/apparmor/wikis/AppArmor_Failures)。
+
+<!-- ## API Reference -->
+## API 参考 
+
+<!-- ### Pod Annotation -->
+### Pod 注释
+
+<!-- Specifying the profile a container will run with: -->
+指定容器将使用的配置文件：
+
+<!-- - **key**: `container.apparmor.security.beta.kubernetes.io/<container_name>`
+  Where `<container_name>` matches the name of a container in the Pod.
+  A separate profile can be specified for each container in the Pod.
+- **value**: a profile reference, described below -->
+- **key**: `container.apparmor.security.beta.kubernetes.io/<container_name>` 中的 `<container_name>` 匹配 Pod 中的容器名称。
+  可以为 Pod 中的每个容器指定单独的配置文件。
+- **value**: 配置文件参考，如下所述
+
+<!-- ### Profile Reference -->
+### 配置文件参考
+
+<!-- - `runtime/default`: Refers to the default runtime profile.
+  - Equivalent to not specifying a profile (without a PodSecurityPolicy default), except it still
+    requires AppArmor to be enabled.
+  - For Docker, this resolves to the
+    [`docker-default`](https://docs.docker.com/engine/security/apparmor/) profile for non-privileged
+    containers, and unconfined (no profile) for privileged containers.
+- `localhost/<profile_name>`: Refers to a profile loaded on the node (localhost) by name.
+  - The possible profile names are detailed in the
+    [core policy reference](https://gitlab.com/apparmor/apparmor/wikis/AppArmor_Core_Policy_Reference#profile-names-and-attachment-specifications).
+- `unconfined`: This effectively disables AppArmor on the container. -->
+- `runtime/default`: 指默认运行时配置文件。
+  - 等同于不指定配置文件(没有 PodSecurityPolicy 默认值)，除非它仍然需要启用 AppArmor。
+  - 对于 Docker，这将解析为非特权容器的[`Docker default`](https://docs.docker.com/engine/security/apparmor/)配置文件，特权容器的配置文件为未定义(无配置文件)。
+- `localhost/<profile_name>`: 指按名称加载到节点(localhost)上的配置文件。
+  - 可能的配置文件名在 [核心策略参考](https://gitlab.com/apparmor/apparmor/wikis/AppArmor_Core_Policy_Reference#profile-names-and-attachment-specifications)。
+- `unconfined`: 这有效地禁用了容器上的 AppArmor 。
+
+<!-- Any other profile reference format is invalid. -->
+任何其他配置文件引用格式无效。
+
+<!-- ### PodSecurityPolicy Annotations -->
+### PodSecurityPolicy 注解
+
+<!-- Specifying the default profile to apply to containers when none is provided: -->
+指定在未提供容器时应用于容器的默认配置文件：
+
+<!-- * **key**: `apparmor.security.beta.kubernetes.io/defaultProfileName`
+* **value**: a profile reference, described above -->
+* **key**: `apparmor.security.beta.kubernetes.io/defaultProfileName`
+* **value**: 如上述文件参考所述
+
+<!-- Specifying the list of profiles Pod containers is allowed to specify: -->
+上面描述的指定配置文件， Pod 容器列表的配置文件引用允许指定：
+
+<!-- * **key**: `apparmor.security.beta.kubernetes.io/allowedProfileNames`
+* **value**: a comma-separated list of profile references (described above)
+  - Although an escaped comma is a legal character in a profile name, it cannot be explicitly
+    allowed here. -->
+* **key**: `apparmor.security.beta.kubernetes.io/allowedProfileNames`
+* **value**: 配置文件引用的逗号分隔列表(如上所述)
+  - 尽管转义逗号是配置文件名中的合法字符，但此处不能显式允许。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!-- Additional resources: -->
+其他资源
+
+<!-- * [Quick guide to the AppArmor profile language](https://gitlab.com/apparmor/apparmor/wikis/QuickProfileLanguage)
+* [AppArmor core policy reference](https://gitlab.com/apparmor/apparmor/wikis/Policy_Layout) -->
+* [Apparmor 配置文件语言快速指南](https://gitlab.com/apparmor/apparmor/wikis/QuickProfileLanguage)
+* [Apparmor 核心策略参考](https://gitlab.com/apparmor/apparmor/wikis/Policy_Layout)
+
+{{% /capture %}}
diff --git a/content/zh/docs/tutorials/clusters/deny-write.profile b/content/zh/docs/tutorials/clusters/deny-write.profile
new file mode 100644
index 0000000000000..c2653c7112865
--- /dev/null
+++ b/content/zh/docs/tutorials/clusters/deny-write.profile
@@ -0,0 +1,10 @@
+#include <tunables/global>
+
+profile k8s-apparmor-example-deny-write flags=(attach_disconnected) {
+  #include <abstractions/base>
+
+  file,
+
+  # Deny all file writes.
+  deny /** w,
+}
diff --git a/content/zh/docs/tutorials/configuration/_index.md b/content/zh/docs/tutorials/configuration/_index.md
new file mode 100644
index 0000000000000..a83d20d37e987
--- /dev/null
+++ b/content/zh/docs/tutorials/configuration/_index.md
@@ -0,0 +1,11 @@
+---
+title: "配置"
+weight: 30
+---
+
+<!--
+---
+title: "Configuration"
+weight: 30
+---
+-->
\ No newline at end of file
diff --git a/content/zh/docs/tutorials/hello-minikube.md b/content/zh/docs/tutorials/hello-minikube.md
new file mode 100644
index 0000000000000..7550f80dffc34
--- /dev/null
+++ b/content/zh/docs/tutorials/hello-minikube.md
@@ -0,0 +1,524 @@
+---
+title: 你好 Minikube
+content_template: templates/tutorial
+weight: 5
+menu:
+  main:
+    title: "Get Started"
+    weight: 10
+    post: >
+      <p>Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.</p>
+card:
+  name: tutorials
+  weight: 10
+---
+<!--
+---
+title: Hello Minikube
+content_template: templates/tutorial
+weight: 5
+menu:
+  main:
+    title: "Get Started"
+    weight: 10
+    post: >
+      <p>Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.</p>
+card:
+  name: tutorials
+  weight: 10
+---
+-->
+
+{{% capture overview %}}
+<!--
+This tutorial shows you how to run a simple Hello World Node.js app
+on Kubernetes using [Minikube](/docs/getting-started-guides/minikube) and Katacoda.
+Katacoda provides a free, in-browser Kubernetes environment.
+-->
+本教程向您展示如何使用 [Minikube](/docs/getting-started-guides/minikube) 和 Katacoda 在 Kubernetes 上运行一个简单的 “Hello World” Node.js 应用程序。Katacoda 提供免费的浏览器内 Kubernetes 环境。
+
+{{< note >}}
+<!--
+You can also follow this tutorial if you've installed [Minikube locally](/docs/tasks/tools/install-minikube/).
+-->
+如果您已在本地安装 [Minikube](/docs/tasks/tools/install-minikube/)，也可以按照本教程操作。
+
+{{< /note >}}
+
+{{% /capture %}}
+
+{{% capture objectives %}}
+<!--
+* Deploy a hello world application to Minikube.
+* Run the app.
+* View application logs.
+-->
+* 将 "Hello World" 应用程序部署到 Minikube。
+* 运行应用程序。
+* 查看应用日志
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+<!--
+This tutorial provides a container image built from the following files:
+-->
+本教程提供了从以下文件构建的容器镜像：
+
+{{< codenew language="js" file="minikube/server.js" >}}
+
+{{< codenew language="conf" file="minikube/Dockerfile" >}}
+<!--
+For more information on the `docker build` command, read the [Docker documentation](https://docs.docker.com/engine/reference/commandline/build/).
+-->
+有关 `docker build` 命令的更多信息，请参阅 [Docker 文档](https://docs.docker.com/engine/reference/commandline/build/)。
+
+{{% /capture %}}
+
+{{% capture lessoncontent %}}
+
+<!--
+## Create a Minikube cluster
+
+1. Click **Launch Terminal**
+
+    {{< kat-button >}}
+
+    {{< note >}}If you installed Minikube locally, run `minikube start`.{{< /note >}}
+
+2. Open the Kubernetes dashboard in a browser:
+
+    ```shell
+    minikube dashboard
+    ```
+
+3. Katacoda environment only: At the top of the terminal pane, click the plus sign, and then click **Select port to view on Host 1**.
+
+4. Katacoda environment only: Type `30000`, and then click **Display Port**.
+-->
+## 创建 Minikube 集群
+
+1. 点击 **启动终端**
+    {{< kat-button >}}
+
+    {{< note >}}如果您本地安装了 Minikube, 运行 `minikube start`.{{< /note >}}
+
+2. 在浏览器中打开 Kubernetes dashboard：
+
+    ```shell
+    minikube dashboard
+    ```
+
+3. 仅限 Katacoda 环境：在终端窗口的顶部，单击加号，然后单击 **选择要在主机 1 上查看的端口**。
+
+4. 仅限 Katacoda 环境：输入“30000”，然后单击 **显示端口**。
+
+<!--
+## Create a Deployment
+
+A Kubernetes [*Pod*](/docs/concepts/workloads/pods/pod/) is a group of one or more Containers,
+tied together for the purposes of administration and networking. The Pod in this
+tutorial has only one Container. A Kubernetes
+[*Deployment*](/docs/concepts/workloads/controllers/deployment/) checks on the health of your
+Pod and restarts the Pod's Container if it terminates. Deployments are the
+recommended way to manage the creation and scaling of Pods.
+
+1. Use the `kubectl create` command to create a Deployment that manages a Pod. The
+Pod runs a Container based on the provided Docker image.
+
+    ```shell
+    kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-node
+    ```
+
+2. View the Deployment:
+
+    ```shell
+    kubectl get deployments
+    ```
+
+    Output:
+
+    ```shell
+    NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    hello-node   1         1         1            1           1m
+    ```
+
+3. View the Pod:
+
+    ```shell
+    kubectl get pods
+    ```
+    Output:
+
+    ```shell
+    NAME                          READY     STATUS    RESTARTS   AGE
+    hello-node-5f76cf6ccf-br9b5   1/1       Running   0          1m
+    ```
+
+4. View cluster events:
+
+    ```shell
+    kubectl get events
+    ```
+
+5. View the `kubectl` configuration:
+
+    ```shell
+    kubectl config view
+    ```
+
+    {{< note >}}For more information about `kubectl`commands, see the [kubectl overview](/docs/user-guide/kubectl-overview/).{{< /note >}}
+-->
+## 创建 Deployment
+
+Kubernetes [*Pod*](/docs/concepts/workloads/pods/pod/) 是由一个或多个容器为了管理和联网的目的而绑定在一起构成的组。本教程中的 Pod 只有一个容器。Kubernetes [*Deployment*](/docs/concepts/workloads/controllers/deployment/) 检查 Pod 的健康状况，并在 Pod 中的容器终止的情况下重新启动新的容器。Deployment 是管理 Pod 创建和扩展的推荐方法。
+
+1. 使用 `kubectl create` 命令创建管理 Pod 的 Deployment。该 Pod 根据提供的 Docker 镜像运行 Container。
+
+    ```shell
+    kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-node
+    ```
+
+2. 查看 Deployment：
+
+    ```shell
+    kubectl get deployments
+    ```
+
+    输出:
+
+    ```shell
+    NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+    hello-node   1         1         1            1           1m
+    ```
+
+3. 查看 Pod：
+
+    ```shell
+    kubectl get pods
+    ```
+    输出:
+
+    ```shell
+    NAME                          READY     STATUS    RESTARTS   AGE
+    hello-node-5f76cf6ccf-br9b5   1/1       Running   0          1m
+    ```
+
+4. 查看集群事件：
+
+    ```shell
+    kubectl get events
+    ```
+
+5. 查看 `kubectl` 配置：
+
+    ```shell
+    kubectl config view
+    ```
+    {{< note >}}有关 kubectl 命令的更多信息，请参阅 [kubectl 概述](/docs/user-guide/kubectl-overview/)。{{< /note >}}
+
+<!--
+## Create a Service
+
+By default, the Pod is only accessible by its internal IP address within the
+Kubernetes cluster. To make the `hello-node` Container accessible from outside the
+Kubernetes virtual network, you have to expose the Pod as a
+Kubernetes [*Service*](/docs/concepts/services-networking/service/).
+
+1. Expose the Pod to the public internet using the `kubectl expose` command:
+
+    ```shell
+    kubectl expose deployment hello-node --type=LoadBalancer --port=8080
+    ```
+
+    The `--type=LoadBalancer` flag indicates that you want to expose your Service
+    outside of the cluster.
+
+2. View the Service you just created:
+
+    ```shell
+    kubectl get services
+    ```
+
+    Output:
+
+    ```shell
+    NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
+    hello-node   LoadBalancer   10.108.144.78   <pending>     8080:30369/TCP   21s
+    kubernetes   ClusterIP      10.96.0.1       <none>        443/TCP          23m
+    ```
+
+    On cloud providers that support load balancers,
+    an external IP address would be provisioned to access the Service. On Minikube,
+    the `LoadBalancer` type makes the Service accessible through the `minikube service`
+    command.
+
+3. Run the following command:
+
+    ```shell
+    minikube service hello-node
+    ```
+
+4. Katacoda environment only: Click the plus sign, and then click **Select port to view on Host 1**.
+
+5. Katacoda environment only: Type `30369` (see port opposite to `8080` in services output), and then click
+
+    This opens up a browser window that serves your app and shows the "Hello World" message.
+-->
+## 创建 Service
+
+默认情况下，Pod 只能通过 Kubernetes 集群中的内部 IP 地址访问。要使得 `hello-node` 容器可以从 Kubernetes 虚拟网络的外部访问，您必须将 Pod 暴露为 Kubernetes [*Service*](/docs/concepts/services-networking/service/)。
+
+1. 使用 `kubectl expose` 命令将 Pod 暴露给公网：
+
+    ```shell
+    kubectl expose deployment hello-node --type=LoadBalancer --port=8080
+    ```
+
+    The `--type=LoadBalancer` flag indicates that you want to expose your Service
+    outside of the cluster.
+
+2. 查看您刚刚创建的服务:
+
+    ```shell
+    kubectl get services
+    ```
+
+    输出:
+
+    ```shell
+    NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
+    hello-node   LoadBalancer   10.108.144.78   <pending>     8080:30369/TCP   21s
+    kubernetes   ClusterIP      10.96.0.1       <none>        443/TCP          23m
+    ```
+
+    在支持负载均衡器的云服务提供商上，将提供一个外部 IP 来访问该服务。在 Minikube 上，`LoadBalancer` 使得服务可以通过命令 `minikube service` 访问。
+
+3. 运行下面的命令：
+
+    ```shell
+    minikube service hello-node
+    ```
+
+4. 仅限 Katacoda 环境：单击加号，然后单击 **选择要在主机 1 上查看的端口**。
+
+5. 仅限 Katacoda 环境：输入 `30369`（请参阅服务输出中与 `8080` 相对的端口），然后单击
+
+    这将打开一个浏览器窗口，为您的应用程序提供服务并显示 “Hello World” 消息。
+
+<!--
+## Enable addons
+
+Minikube has a set of built-in addons that can be enabled, disabled and opened in the local Kubernetes environment.
+
+1. List the currently supported addons:
+
+    ```shell
+    minikube addons list
+    ```
+
+    Output:
+
+    ```shell
+    addon-manager: enabled
+    coredns: disabled
+    dashboard: enabled
+    default-storageclass: enabled
+    efk: disabled
+    freshpod: disabled
+    heapster: disabled
+    ingress: disabled
+    kube-dns: enabled
+    metrics-server: disabled
+    nvidia-driver-installer: disabled
+    nvidia-gpu-device-plugin: disabled
+    registry: disabled
+    registry-creds: disabled
+    storage-provisioner: enabled
+    ```
+
+2. Enable an addon, for example, `heapster`:
+
+    ```shell
+    minikube addons enable heapster
+    ```
+
+    Output:
+
+    ```shell
+    heapster was successfully enabled
+    ```
+
+3. View the Pod and Service you just created:
+
+    ```shell
+    kubectl get pod,svc -n kube-system
+    ```
+
+    Output:
+
+    ```shell
+    NAME                                        READY     STATUS    RESTARTS   AGE
+    pod/heapster-9jttx                          1/1       Running   0          26s
+    pod/influxdb-grafana-b29w8                  2/2       Running   0          26s
+    pod/kube-addon-manager-minikube             1/1       Running   0          34m
+    pod/kube-dns-6dcb57bcc8-gv7mw               3/3       Running   0          34m
+    pod/kubernetes-dashboard-5498ccf677-cgspw   1/1       Running   0          34m
+    pod/storage-provisioner                     1/1       Running   0          34m
+
+    NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
+    service/heapster               ClusterIP   10.96.241.45    <none>        80/TCP              26s
+    service/kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP       34m
+    service/kubernetes-dashboard   NodePort    10.109.29.1     <none>        80:30000/TCP        34m
+    service/monitoring-grafana     NodePort    10.99.24.54     <none>        80:30002/TCP        26s
+    service/monitoring-influxdb    ClusterIP   10.111.169.94   <none>        8083/TCP,8086/TCP   26s
+    ```
+
+4. Disable `heapster`:
+
+    ```shell
+    minikube addons disable heapster
+    ```
+
+    Output:
+
+    ```shell
+    heapster was successfully disabled
+    ```
+-->
+## 启用插件
+
+Minikube 有一组内置的插件，可以在本地 Kubernetes 环境中启用、禁用和打开。
+
+1. 列出当前支持的插件：
+
+    ```shell
+    minikube addons list
+    ```
+
+    输出:
+
+    ```shell
+    addon-manager: enabled
+    coredns: disabled
+    dashboard: enabled
+    default-storageclass: enabled
+    efk: disabled
+    freshpod: disabled
+    heapster: disabled
+    ingress: disabled
+    kube-dns: enabled
+    metrics-server: disabled
+    nvidia-driver-installer: disabled
+    nvidia-gpu-device-plugin: disabled
+    registry: disabled
+    registry-creds: disabled
+    storage-provisioner: enabled
+    ```
+
+2. 启用插件，例如 `heapster`：
+
+    ```shell
+    minikube addons enable heapster
+    ```
+
+    输出:
+
+    ```shell
+    heapster was successfully enabled
+    ```
+
+3. 查看刚才创建的 Pod 和 Service：
+
+    ```shell
+    kubectl get pod,svc -n kube-system
+    ```
+
+    输出:
+
+    ```shell
+    NAME                                        READY     STATUS    RESTARTS   AGE
+    pod/heapster-9jttx                          1/1       Running   0          26s
+    pod/influxdb-grafana-b29w8                  2/2       Running   0          26s
+    pod/kube-addon-manager-minikube             1/1       Running   0          34m
+    pod/kube-dns-6dcb57bcc8-gv7mw               3/3       Running   0          34m
+    pod/kubernetes-dashboard-5498ccf677-cgspw   1/1       Running   0          34m
+    pod/storage-provisioner                     1/1       Running   0          34m
+
+    NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
+    service/heapster               ClusterIP   10.96.241.45    <none>        80/TCP              26s
+    service/kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP       34m
+    service/kubernetes-dashboard   NodePort    10.109.29.1     <none>        80:30000/TCP        34m
+    service/monitoring-grafana     NodePort    10.99.24.54     <none>        80:30002/TCP        26s
+    service/monitoring-influxdb    ClusterIP   10.111.169.94   <none>        8083/TCP,8086/TCP   26s
+    ```
+
+4. 禁用 `heapster`：
+
+    ```shell
+    minikube addons disable heapster
+    ```
+
+    输出:
+
+    ```shell
+    heapster was successfully disabled
+    ```
+
+<!--
+## Clean up
+
+Now you can clean up the resources you created in your cluster:
+
+```shell
+kubectl delete service hello-node
+kubectl delete deployment hello-node
+```
+
+Optionally, stop the Minikube virtual machine (VM):
+
+```shell
+minikube stop
+```
+
+Optionally, delete the Minikube VM:
+
+```shell
+minikube delete
+```
+-->
+## 清理
+
+现在可以清理您在集群中创建的资源：
+
+```shell
+kubectl delete service hello-node
+kubectl delete deployment hello-node
+```
+
+可以停止 Minikube VM：
+
+```shell
+minikube stop
+```
+
+或者，删除 Minikube VM：
+
+```shell
+minikube delete
+```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Learn more about [Deployment objects](/docs/concepts/workloads/controllers/deployment/).
+* Learn more about [Deploying applications](/docs/user-guide/deploying-applications/).
+* Learn more about [Service objects](/docs/concepts/services-networking/service/).
+-->
+* 进一步了解 [Deployment 对象](/docs/concepts/workloads/controllers/deployment/)。
+* 学习更多关于 [部署应用](/docs/user-guide/deploying-applications/)。
+* 学习更多关于 [Service 对象](/docs/concepts/services-networking/service/)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tutorials/k8s101.md b/content/zh/docs/tutorials/k8s101.md
new file mode 100644
index 0000000000000..6e3abf48f0adf
--- /dev/null
+++ b/content/zh/docs/tutorials/k8s101.md
@@ -0,0 +1,296 @@
+---
+reviewers:
+- eparis
+- mikedanese
+title: Kubernetes 101
+content_template: templates/tutorial
+---
+
+{{% capture overview %}}
+
+<!--
+For Kubernetes 101, we will cover kubectl, Pods, Volumes, and multiple containers.
+-->
+关于 Kubernetes 101，我们将涵盖 kubectl, Pods, Volumes 和多个容器这些内容。
+
+{{% /capture %}}
+
+{{% capture objectives %}}
+
+<!--
+* What is `kubectl`.
+* Manage a Pod.
+* Create and mount a volume.
+* Create multiple containers in a Pod.
+-->
+* `kubectl` 是什么。
+* 管理 Pod。
+* 创建和挂载卷。
+* 在一个 Pod 中创建多个容器。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+<!--
+* In order for the kubectl usage examples to work, make sure you have an example directory locally, either from [a release](https://github.com/kubernetes/kubernetes/releases) or the latest `.yaml` files located [here](https://github.com/kubernetes/website/tree/master/content/en/docs/tutorials).
+-->
+* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+* 为了 kubectl 使用示例能正常工作，请确保您在本地有一个示例目录，可以从 [一个发行版本](https://github.com/kubernetes/kubernetes/releases) 或者最新的 `.yaml` 文件 [这里](https://github.com/kubernetes/website/tree/master/content/en/docs/tutorials) 获取。
+
+{{% /capture %}}
+
+{{% capture lessoncontent %}}
+
+<!--
+## Kubectl CLI
+
+The easiest way to interact with Kubernetes is through the kubectl command-line interface.
+
+For more info about kubectl, including its usage, commands, and parameters, see [Overview of kubectl](/docs/reference/kubectl/overview/).
+
+For more information about installing and configuring kubectl, see [Install and Set Up kubectl](/docs/tasks/tools/install-kubectl/).
+-->
+## Kubectl 命令行
+
+与 Kubernetes 进行交互最简单的方法就是通过 kubectl 命令行。
+
+想要了解更多关于 kubectl，包括它的使用、命令和参数，查看 [kubectl 概览](/docs/reference/kubectl/overview/)。
+
+想要了解更多关于 kubectl 的安装和配置，查看 [安装和设置 kubectl](/docs/tasks/tools/install-kubectl/)。
+
+<!--
+## Pods
+
+In Kubernetes, a group of one or more containers is called a _Pod_. Containers in a Pod are deployed together, and are started, stopped, and replicated as a group.
+
+For more information, see [Pods](/docs/concepts/workloads/pods/pod/).
+-->
+## Pods
+
+在 Kubernetes 中，一组一个或者多个容器被称为  _Pod_ 。在一个 Pod 里的容器是在一起部署的，它们作为一组一起启动、停止和伸缩。
+
+想要了解更多, 查看 [Pods](/docs/concepts/workloads/pods/pod/)。
+
+<!--
+#### Pod Definition
+
+The simplest Pod definition describes the deployment of a single container.  For example, an nginx web server Pod might be defined as:
+
+{{< codenew file="pods/simple-pod.yaml" >}}
+
+A Pod definition is a declaration of a _desired state_.  Desired state is a very important concept in the Kubernetes model.  Many things present a desired state to the system, and Kubernetes' ensures that the current state matches the desired state.  For example, when you create a Pod and declare that the containers in it to be running. If the containers happen not to be running because of a program failure, Kubernetes continues to (re-)create the Pod in order to drive the pod to the desired state. This process continues until you delete the Pod.
+
+For more information, see [Kubernetes Design Documents and Proposals](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/README.md).
+-->
+#### Pod 定义
+
+最简单的 Pod 定义描述了 Deployment 中的单个容器。例如，一个 nginx web 服务器 Pod 可能被定义为：
+
+{{< codenew file="pods/simple-pod.yaml" >}}
+
+Pod 是对预期状态的声明的定义。预期状态在 Kubernetes 模型中是一个非常重要的概念。在这个系统中的很多东西都呈现为预期的状态，Kubernetes 保证现在的状态和预期的状态保持一致。例如，当您创建了一个 Pod 并且声明了将要在里面运行的容器。如果这些容器因为程序故障没有运行，Kubernetes 将继续创建或者重新创建这个 Pod 以使这个 Pod 达到期望状态。这个过程会一直持续直到您删除这个 Pod。
+
+想了解更多信息，请查看 [Kubernetes Design Documents and Proposals](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/README.md)。
+
+
+<!--
+#### Pod Management
+
+Create a Pod containing an nginx server ([simple-pod.yaml](/examples/pods/simple-pod.yaml)):
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/simple-pod.yaml
+```
+
+List all Pods:
+
+```shell
+kubectl get pods
+```
+-->
+#### Pod 管理
+
+创建一个包含 nginx 服务器的 Pod ([simple-pod.yaml](/examples/pods/simple-pod.yaml)):
+
+```shell
+kubectl create -f https://k8s.io/examples/pods/simple-pod.yaml
+```
+
+ 列出所有的 Pod:
+
+```shell
+kubectl get pods
+```
+
+<!--
+On most providers, the Pod IPs are not externally accessible. The easiest way to test that the pod is working is to create a busybox Pod and exec commands on it remotely. For more information, see [Get a Shell to a Running Container](/docs/tasks/debug-application-cluster/get-shell-running-container/).
+
+If the IP of the Pod is accessible, you can access its http endpoint with wget on port 80:
+-->
+
+对于大多数服务提供商，Pod IP 无法从外部访问。测试 Pod 是否工作的最简单方法是创建一个 busybox Pod 并且远程执行 exec 命令。有关更多信息，请参阅 [获取正在运行的容器的Shell](/docs/tasks/debug-application-cluster/get-shell-running-container/).
+
+如果可以访问 Pod 的 IP，则可以使用端口 80 上的 wget 访问其 http 端点：
+
+```shell
+kubectl run busybox --image=busybox --restart=Never --tty -i --generator=run-pod/v1 --env "POD_IP=$(kubectl get pod nginx -o go-template='{{.status.podIP}}')"
+u@busybox$ wget -qO- http://$POD_IP # Run in the busybox container
+u@busybox$ exit # Exit the busybox container
+```
+
+```shell
+kubectl delete pod busybox # Clean up the pod we created with "kubectl run"
+```
+
+<!--
+To delete a Pod named nginx:
+-->
+删除一个名为 nginx 的 Pod:
+
+```shell
+kubectl delete pod nginx
+```
+
+
+<!--
+#### Volumes
+
+That's great for a simple static web server, but what about persistent storage?
+
+The container file system only lives as long as the container does. So if your app's state needs to survive relocation, reboots, and crashes, you'll need to configure some persistent storage.
+
+In this example you can create a Redis Pod with a named volume, and a volume mount that defines the path to mount the Volume.
+-->
+#### 卷
+
+这对于简单的静态 Web 服务器来说非常棒，但是持久存储呢？
+
+容器文件系统只在容器中存在。因此，如果您的应用程序的状态需要在重定位，重新启动和崩溃中存活，您将需要配置一些持久存储。
+
+在此示例中，您将创建一个具有数据卷的 Redis Pod,并将数据卷挂载到指定的路径。
+
+<!--
+1. Define a Volume:
+-->
+1. 定义一个卷:
+
+
+      ```yaml
+      volumes:
+        - name: redis-storage
+          emptyDir: {}
+      ```
+
+<!--
+1. Define a Volume mount within a container definition:
+-->
+1. 在容器定义中定义卷挂载：
+
+      ```yaml
+      volumeMounts:
+        # name must match the volume name defined in volumes
+        - name: redis-storage
+          # mount path within the container
+          mountPath: /data/redis
+      ```
+
+<!--
+Here is an example of Redis Pod definition with a persistent storage volume ([redis.yaml](/examples/pods/storage/redis.yaml)):
+-->
+以下是具有持久存储卷的 Redis Pod 定义的示例 ([redis.yaml](/examples/pods/storage/redis.yaml)):
+
+{{< codenew file="pods/storage/redis.yaml" >}}
+
+<!--
+Where:
+
+- The `volumeMounts` `name` is a reference to a specific  `volumes` `name`.
+- The `volumeMounts` `mountPath` is the path to mount the volume within the container.
+-->
+
+其中：
+
+- `volumeMounts` `name` 是特定 `volumes` `name` 的引用。
+- `volumeMounts` `mountPath` 是在容器中挂载卷的路径。
+
+<!--
+##### Volume Types
+
+- **EmptyDir**: Creates a new directory that exists as long as the Pod is running on the node, but it can persist across container failures and restarts.
+- **HostPath**: Mounts an existing directory on the node's file system. For example (`/var/logs`).
+-->
+##### 卷类型
+
+- **EmptyDir**: 只要 Pod 在节点上运行，就会创建一个新目录，但它可以在容器故障和重新启动之间保持不变。
+- **HostPath**: 在节点的文件系统上安装现有目录。例如 (`/var/logs`).
+
+<!--
+For more information, see [Volumes](/docs/concepts/storage/volumes/).
+-->
+有关更多信息，请参阅 [卷](/docs/concepts/storage/volumes/).
+
+<!--
+#### Multiple Containers
+
+{{< note >}}
+**Note:** The examples below are syntactically correct, but some of the images (e.g. kubernetes/git-monitor) don't exist yet.  We're working on turning these into working examples.
+{{< /note >}}
+-->
+#### 多个容器
+
+{{< note >}}
+**注意:** 以下示例在语法上是正确的，但某些镜像（例如 kubernetes/git-monitor）尚不存在。我们正在努力将这些变成可以工作的示例。
+{{< /note >}}
+
+<!--
+However, often you want to have two different containers that work together.  An example of this would be a web server, and a helper job that polls a git repository for new updates:
+-->
+但是，通常您希望有两个不同的容器一起工作。这方面的一个例子是 Web 服务器和一个帮助程序作业，它可以轮询 git 仓库以获取更新：
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: www
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - mountPath: /srv/www
+      name: www-data
+      readOnly: true
+  - name: git-monitor
+    image: kubernetes/git-monitor
+    env:
+    - name: GIT_REPO
+      value: http://github.com/some/repo.git
+    volumeMounts:
+    - mountPath: /data
+      name: www-data
+  volumes:
+  - name: www-data
+    emptyDir: {}
+```
+
+<!--
+Note that we have also added a Volume here.  In this case, the Volume is mounted into both containers.  It is marked `readOnly` in the web server's case, since it doesn't need to write to the directory.
+
+Finally, we have also introduced an environment variable to the `git-monitor` container, which allows us to parameterize that container with the particular git repository that we want to track.
+-->
+请注意，我们在此处还添加了一个卷。在这种情况下，卷安装在两个容器中。它在 Web 服务器容器的情况下标记为 `readOnly`，因为它不需要写入目录。
+
+最后，我们还向 `git-monitor` 容器引入了一个环境变量，它允许我们使用我们想要跟踪的特定 git 仓库来参数化该容器。
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+Continue on to [Kubernetes 201](/docs/tutorials/k8s201/) or
+for a complete application see the [guestbook example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/)
+-->
+继续阅读 [Kubernetes 201](/docs/tutorials/k8s201/) 或者有关完整的应用程序，请参阅 [guestbook 示例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/tutorials/kubernetes-basics/_index.html b/content/zh/docs/tutorials/kubernetes-basics/_index.html
index 562a6094f928a..71faee990b2a1 100644
--- a/content/zh/docs/tutorials/kubernetes-basics/_index.html
+++ b/content/zh/docs/tutorials/kubernetes-basics/_index.html
@@ -9,7 +9,7 @@
 
 <body>
 
-<link href="./public/css/styles.css" rel="stylesheet">
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
 
 <div class="layout" id="top">
 
@@ -19,14 +19,14 @@
       <div class="col-md-9">
         <h2>Kubernetes 基础</h2>
         <p>本教程介绍了 Kubernetes 集群编排系统的基础知识。每个模块包含关于 Kubernetes 主要特性和概念的一些背景信息，并包括一个在线互动教程。这些互动教程让您可以自己管理一个简单的集群及其容器化应用程序。</p>
-        <p>使用互动教程，您可以学习:</p>
+        <p>使用互动教程，您可以学习：</p>
         <ul>
         <li>在集群上部署容器化应用程序</li>
         <li>弹性部署</li>
         <li>使用新的软件版本，更新容器化应用程序</li>
         <li>调试容器化应用程序</li>
         </ul>
-        <p>教程 Katacoda 在您的浏览器中运行一个虚拟终端，在浏览器中运行 Minikube，这是一个可在任何地方小规模本地部署的 Kubernetes 集群。不需要安装任何软件或进行任何配置; 每个交互性教程都直接从您的网页浏览器上运行。</p>
+        <p>教程 Katacoda 在您的浏览器中运行一个虚拟终端，在浏览器中运行 Minikube，这是一个可在任何地方小规模本地部署的 Kubernetes 集群。不需要安装任何软件或进行任何配置；每个交互性教程都直接从您的网页浏览器上运行。</p>
       </div>
     </div>
 
@@ -35,7 +35,7 @@ <h2>Kubernetes 基础</h2>
     <div class="row">
       <div class="col-md-9">
         <h2>Kubernetes 可以为您做些什么?</h2>
-        <p>通过现代的 Web 服务，用户希望应用程序能够 24/7 全天候使用，开发人员希望每天可以多次发布部署新版本的应用程序。 容器化可以帮助软件包达成这些目标，使应用程序能够以简单快速的方式发布和更新，而无需停机。Kubernetes 帮助您确保这些容器化的应用程序在您想要的时间和地点运行，并帮助应用程序找到它们需要的资源和工具。 <a href="http://kubernetes.io/docs/whatisk8s/">Kubernetes</a>  是一个可用于生产的开源平台，根据 Google 容器集群方面积累的经验，以及来自社区的最佳实践而设计。</p>
+        <p>通过现代的 Web 服务，用户希望应用程序能够 24/7 全天候使用，开发人员希望每天可以多次发布部署新版本的应用程序。 容器化可以帮助软件包达成这些目标，使应用程序能够以简单快速的方式发布和更新，而无需停机。Kubernetes 帮助您确保这些容器化的应用程序在您想要的时间和地点运行，并帮助应用程序找到它们需要的资源和工具。 <a href="/docs/whatisk8s/">Kubernetes</a>  是一个可用于生产的开源平台，根据 Google 容器集群方面积累的经验，以及来自社区的最佳实践而设计。</p>
       </div>
     </div>
 
@@ -44,7 +44,7 @@ <h2>Kubernetes 基础模块</h2>
       <div class="row">
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/cluster-intro/"><img src="./public/images/module_01.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/cluster-intro/"><img src="/docs/tutorials/kubernetes-basics/public/images/module_01.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="cluster-intro/"><h5>1. 创建一个 Kubernetes 集群</h5></a>
             </div>
@@ -52,7 +52,7 @@ <h2>Kubernetes 基础模块</h2>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/deploy-intro/"><img src="./public/images/module_02.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/deploy-intro/"><img src="/docs/tutorials/kubernetes-basics/public/images/module_02.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="deploy-intro/"><h5>2. 部署应用程序</h5></a>
             </div>
@@ -60,7 +60,7 @@ <h2>Kubernetes 基础模块</h2>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/explore-intro/"><img src="./public/images/module_03.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/explore-intro/"><img src="/docs/tutorials/kubernetes-basics/public/images/module_03.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="explore-intro/"><h5>3. 应用程序探索</h5></a>
             </div>
@@ -68,7 +68,7 @@ <h2>Kubernetes 基础模块</h2>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/expose-intro/"><img src="./public/images/module_04.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/expose-intro/"><img src="/docs/tutorials/kubernetes-basics/public/images/module_04.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="expose-intro/"><h5>4. 应用外部可见</h5></a>
             </div>
@@ -76,7 +76,7 @@ <h2>Kubernetes 基础模块</h2>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/scale-intro/"><img src="./public/images/module_05.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/scale-intro/"><img src="/docs/tutorials/kubernetes-basics/public/images/module_05.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="scale-intro/"><h5>5. 应用可扩展</h5></a>
             </div>
@@ -84,7 +84,7 @@ <h2>Kubernetes 基础模块</h2>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/update-intro/"><img src="./public/images/module_06.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/update-intro/"><img src="/docs/tutorials/kubernetes-basics/public/images/module_06.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="update-intro/"><h5>6. 应用更新</h5></a>
             </div>
diff --git a/content/zh/docs/tutorials/kubernetes-basics/cluster-intro.html b/content/zh/docs/tutorials/kubernetes-basics/cluster-intro.html
index 628496d1d1463..1b948a5e0e1ef 100644
--- a/content/zh/docs/tutorials/kubernetes-basics/cluster-intro.html
+++ b/content/zh/docs/tutorials/kubernetes-basics/cluster-intro.html
@@ -1,7 +1,3 @@
----
-title: 使用 Minikube 创建一个集群
----
-
 <!DOCTYPE html>
 
 <html lang="en">
@@ -12,96 +8,118 @@
 
 <div class="layout" id="top">
 
-	<main class="content">
+    <main class="content">
 
-		<div class="row">
+        <div class="row">
 
       <div class="col-md-8">
-      	<h3>目标</h3>
-				<ul>
-					<li>了解什么是 Kubernetes 集群</li>
-					<li>了解什么是 Minikube</li>
-					<li>使用在线终端启动 Kubernetes 集群</li>
-				</ul>
-			</div>
-
-			<div class="col-md-8">
-				<h3>Kubernetes 集群</h3>
-				<p>
-				<b>Kubernetes 用于协调高度可用的计算机集群，这些计算机群集被连接作为单个单元工作。</b> Kubernetes 的抽象性允许您将容器化的应用程序部署到集群，而不必专门将其绑定到单个计算机。为了利用这种新的部署模型，应用程序需要以将它们与各个主机分离的方式打包: 它们需要被容器化。容器化应用程序比过去的部署模型更灵活和可用，其中应用程序直接安装到特定机器上，作为深入集成到主机中的软件包。 <b>Kubernetes 在一个集群上以更有效的方式自动分发和调度容器应用程序。</b> Kubernetes 是一个 <a href="https://github.com/kubernetes/kubernetes">开源</a> 平台，可满足生产环境的需要。
-				</p>
-				<p>Kubernetes 集群由两种类型的资源组成:
-					<ul>
-			            <li>一个 <b>Master</b> 是集群的调度节点</li>
-			            <li><b>Nodes</b> 是应用程序实际运行的工作节点</li>
-			        </ul>
-			    </p>
-			</div>
-
-			<div class="col-md-4">
-				<div class="content__box content__box_lined">
-					<h3>概要:</h3>
-					<ul>
-						<li>Kubernetes 集群</li>
-						<li>Minikube</li>
-					</ul>
-				</div>
-				<div class="content__box content__box_fill">
-					<p><i>
-						Kubernetes 是一个生产级的开源平台，用于协调计算机集群内部和跨计算机集群的应用程序容器的分发(调度)和运行。
-					</i></p>
-				</div>
-			</div>
-		</div>
-		<br>
-
-		<div class="row">
-			<div class="col-md-8">
-				<h2 style="color: #3771e3;">集群图</h2>
-			</div>
-		</div>
-
-		<div class="row">
-			<div class="col-md-8">
-				<p><img src="/docs/tutorials/kubernetes-basics/public/images/module_01_cluster.svg"></p>
-			</div>
-		</div>
-		<br>
-
-		<div class="row">
-			<div class="col-md-8">
-				<p><b>Master 负责管理集群。</b> master 协调集群中的所有活动，例如调度应用程序、维护应用程序的所需状态、扩展应用程序和滚动更新。</p>
-				<p><b>节点 是 Kubernetes 集群中的工作机器，可以是物理机或虚拟机。</b> 每个工作节点都有一个 Kubelet，它是管理 节点 并与 Kubernetes Master 节点进行通信的代理。节点 上还应具有处理容器操作的工作，例如 <a href="https://www.docker.com/">Docker</a> 或 <a href="https://coreos.com/rkt/">rkt</a>。一个 Kubernetes 工作集群至少有三个节点。</p>
-
-			</div>
-			<div class="col-md-4">
-				<div class="content__box content__box_fill">
-					<p><i> Master 管理集群，而 节点 用于托管正在运行的应用程序。  </i></p>
-				</div>
-			</div>
-		</div>
-
-		<div class="row">
-			<div class="col-md-8">
-				<p>当您在 Kubernetes 上部署应用程序时，您可以告诉 master 启动应用程序容器。Master 调度容器在集群的 节点 上运行。<b> 节点 使用 Master 公开的 Kubernetes API 与 Master 通信</b>。最终用户还可以直接使用 Kubernetes 的 API 与集群交互。</p>
-
-				<p>Kubernetes 集群可以部署在物理机或虚拟机上。要开始使用 Kubernetes 开发，您可以使用 <a href="https://github.com/kubernetes/minikube">Minikube</a>。Minikube 是一个轻量级的 Kubernetes 实现，会在本机创建一台虚拟机，并部署一个只包含一个节点的简单集群。 Minikube 适用于 Linux, Mac OS 和 Windows 系统。Minikube CLI 提供了集群的基本引导操作，包括启动、停止、状态和删除。为了完成此基础训练，您将使用预先安装了 Minikube 的在线终端。</p>
-
-				<p>现在您已经知道 Kubernetes 是什么，让我们使用在线教程，开始我们的第一个集群!</p>
-
-			</div>
-		</div>
-		<br>
-
-		<div class="row">
-			<div class="col-md-12">
-				<a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/cluster-interactive/" role="button">启动互动教程 <span class="btn__next">›</span></a>
-			</div>
-		</div>
-
-	</main>
+          <!-- <h3>Objectives</h3> -->
+          <h3>目标</h3>
+                <!-- <ul>
+                    <li>Learn what a Kubernetes cluster is.</li>
+                    <li>Learn what Minikube is.</li>
+                    <li>Start a Kubernetes cluster using an online terminal.</li>
+                </ul> -->
+                <ul>
+                    <li>了解 Kubernetes 集群是什么。</li>
+                    <li>了解 Minikube 是什么。</li>
+                    <li>使用在线终端启动 Kubernetes 集群。</li>
+                </ul>
+            </div>
+
+            <div class="col-md-8">
+                <!-- <h3>Kubernetes Clusters</h3> -->
+                <h3> Kubernetes 集群</h3>
+                <p>
+                <!-- <b>Kubernetes coordinates a highly available cluster of computers that are connected to work as a single unit.</b> The abstractions in Kubernetes allow you to deploy containerized applications to a cluster without tying them specifically to individual machines. To make use of this new model of deployment, applications need to be packaged in a way that decouples them from individual hosts: they need to be containerized. Containerized applications are more flexible and available than in past deployment models, where applications were installed directly onto specific machines as packages deeply integrated into the host. <b>Kubernetes automates the distribution and scheduling of application containers across a cluster in a more efficient way.</b> Kubernetes is an open-source platform and is production-ready. -->
+                <b>Kubernetes 是一个高可用集群，协调算力连接成一个单元工作。</b> Kubernetes 中允许您的应用抽象为容器进行部署，而无需将他们绑定在某个专门的节点上。要使用这种新的部署模式，需要将应用与主机解耦的方式打包应用：它们需要容器化。与以往的部署模式相比，容器化应用更加灵活可用，应用可以安装在指定的机器上，因为应用深度集成在主机中。</b> Kubernetes 以更有效的方式自动化跨集群分发和调度应用容器。</b> Kubernetes 是一个开源平台，可用在生产环境。
+                </p>
+                <!-- <p>A Kubernetes cluster consists of two types of resources: -->
+                <p>Kubernetes 集群包含两种资源类型：
+                    <ul>
+                        <!-- <li>The <b>Master</b> coordinates the cluster</li> -->
+                        <li> <b> 主节点 </b> 协调集群</li>
+                        <!-- <li><b>Nodes</b> are the workers that run applications</li> -->
+                        <li><b> 工作节点 </b> 运行应用的工作节点</li>
+                    </ul>
+                </p>
+            </div>
+
+            <div class="col-md-4">
+                <div class="content__box content__box_lined">
+                    <!-- <h3>Summary:</h3> -->
+                    <h3>总结:</h3>
+                    <ul>
+                        <!-- <li>Kubernetes cluster</li> -->
+                        <li>Kubernetes 集群</li>
+                        <li>Minikube</li>
+                    </ul>
+                </div>
+                <div class="content__box content__box_fill">
+                    <p><i>
+                        <!-- Kubernetes is a production-grade, open-source platform that orchestrates the placement (scheduling) and execution of application containers within and across computer clusters. -->
+                        Kubernetes 是一个生产级的开源平台，用于协调集群内部和跨集群的应用程序容器的承载（调度）和执行。
+                    </i></p>
+                </div>
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-8">
+                <!-- <h2 style="color: #3771e3;">Cluster Diagram</h2> -->
+                <h2 style="color: #3771e3;">集群示意图</h2>
+            </div>
+        </div>
+
+        <div class="row">
+            <div class="col-md-8">
+                <p><img src="/docs/tutorials/kubernetes-basics/public/images/module_01_cluster.svg"></p>
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-8">
+                <!-- <p><b>The Master is responsible for managing the cluster.</b> The master coordinates all activities in your cluster, such as scheduling applications, maintaining applications' desired state, scaling applications, and rolling out new updates.</p> -->
+                <p><b> 主节点负责管理集群</b> 主节点负责协调集群中的所有活动，例如调度应用程序，维护应用程序的所需状态，扩展应用程序以及回滚更新。</p>
+                <!-- <p><b>A node is a VM or a physical computer that serves as a worker machine in a Kubernetes cluster.</b> Each node has a Kubelet, which is an agent for managing the node and communicating with the Kubernetes master. The node should also have tools for handling container operations, such as Docker or rkt. A Kubernetes cluster that handles production traffic should have a minimum of three nodes.</p> -->
+                <p><b> 工作节点是虚拟机或物理机，充当 Kubernetes 集群中的计算节点。</b>每个节点都有一个 Kubelet ，它是一个管理节点并与 Kubernetes 主节点通信的代理。该节点还应具有用于处理容器操作的工具，例如 Docker 或 rkt 。应用于生产的 Kubernetes 集群应至少有三个节点。</p>
+
+            </div>
+            <div class="col-md-4">
+                <div class="content__box content__box_fill">
+                    <!-- <p><i>Masters manage the cluster and the nodes are used to host the running applications.</i></p> -->
+                    <p><i> 主节点管理集群，工作节点用于承载运行的应用程序。</i></p>
+                </div>
+            </div>
+        </div>
+
+        <div class="row">
+            <div class="col-md-8">
+                <!-- <p>When you deploy applications on Kubernetes, you tell the master to start the application containers. The master schedules the containers to run on the cluster's nodes. <b>The nodes communicate with the master using the Kubernetes API</b>, which the master exposes. End users can also use the Kubernetes API directly to interact with the cluster.</p> -->
+                <p>在 Kubernetes 上部署应用程序时，您可以与主节点交互启动应用容器。 master 节点调度容器以在集群的工作节点上运行。 <b> 工作节点使用主节点公开的 Kubernetes API </b>与主节点进行通信。最终用户还可以直接使用 Kubernetes API 与群集进行交互。</p>
+
+                <!-- <p>A Kubernetes cluster can be deployed on either physical or virtual machines. To get started with Kubernetes development, you can use Minikube.  Minikube is a lightweight Kubernetes implementation that creates a VM on your local machine and deploys a simple cluster containing only one node. Minikube is available for Linux, macOS, and Windows systems. The Minikube CLI provides basic bootstrapping operations for working with your cluster, including start, stop, status, and delete. For this tutorial, however, you'll use a provided online terminal with Minikube pre-installed.</p> -->
+                <p> Kubernetes 集群可以部署在物理机或虚拟机上。要使用 Kubernetes ，您可以使用 Minikube 。 Minikube 是一种轻量级的 Kubernetes ，可以在本地机器上创建虚拟机并部署只有一个节点的简单集群。 Minikube 使用与 Linux， macOS 和 Windows 系统。Minikube CLI 提供了与集群一起使用的基本引导操作，包括启动，停止，状态和删除。但是对于本教程，您将使用预先安装了 Minikube 的在线终端。</p>
+
+                <!-- <p>Now that you know what Kubernetes is, let's go to the online tutorial and start our first cluster!</p> -->
+                <p>现在你知道 Kubernetes 是什么了，让我们去在线教程开始我们的第一个集群!</p>
+
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-12">
+                <!-- <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive/" role="button">Start Interactive Tutorial <span class="btn__next">›</span></a> -->
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive/" role="button">开始交互式教程 <span class="btn__next">›</span></a>
+            </div>
+        </div>
+
+    </main>
 
 </div>
 
 </body>
-</html>
+</html>
\ No newline at end of file
diff --git a/content/zh/docs/tutorials/kubernetes-basics/create-cluster/_index.md b/content/zh/docs/tutorials/kubernetes-basics/create-cluster/_index.md
new file mode 100644
index 0000000000000..28ca16ffe363d
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/create-cluster/_index.md
@@ -0,0 +1,11 @@
+---
+title: 创建集群
+weight: 10
+---
+
+<!--
+---
+title: Create a Cluster
+weight: 10
+---
+-->
diff --git a/content/zh/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html b/content/zh/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
new file mode 100644
index 0000000000000..ae0974c817701
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
@@ -0,0 +1,53 @@
+---
+title: 交互式教程 - 创建集群
+weight: 20
+---
+
+<!--
+---
+title: Interactive Tutorial - Creating a Cluster
+weight: 20
+---
+-->
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+<link href="/docs/tutorials/kubernetes-basics/public/css/overrides.css" rel="stylesheet">
+<script src="https://katacoda.com/embed.js"></script>
+
+<div class="layout" id="top">
+
+    <main class="content katacoda-content">
+
+        <div class="katacoda">
+            <div class="katacoda__alert">
+            
+                <!--
+                To interact with the Terminal, please use the desktop/tablet version
+                -->
+                要与终端交互，请使用桌面/平板
+            
+            </div>
+            <div class="katacoda__box" id="inline-terminal-1"  data-katacoda-id="kubernetes-bootcamp/1" data-katacoda-color="326de6" data-katacoda-secondary="273d6d" data-katacoda-hideintro="false" data-katacoda-font="Roboto" data-katacoda-fontheader="Roboto Slab" data-katacoda-prompt="Kubernetes Bootcamp Terminal" style="height: 600px;"></div>
+        </div>
+        <div class="row">
+            <div class="col-md-12">
+                <!--
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/" role="button">Continue to Module 2<span class="btn__next">›</span></a>
+                -->
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/" role="button">继续阅读第二单元<span class="btn__next">›</span></a>
+                
+            </div>
+        </div>
+
+    </main>
+
+</div>
+
+</body>
+</html>
diff --git a/content/zh/docs/tutorials/kubernetes-basics/deploy-app/_index.md b/content/zh/docs/tutorials/kubernetes-basics/deploy-app/_index.md
new file mode 100644
index 0000000000000..31eb6a0d36ded
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/deploy-app/_index.md
@@ -0,0 +1,11 @@
+---
+title: 部署应用
+weight: 20
+---
+
+<!--
+---
+title: Deploy an App
+weight: 20
+---
+-->
diff --git a/content/zh/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html b/content/zh/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
new file mode 100644
index 0000000000000..96a9257ee5070
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
@@ -0,0 +1,45 @@
+---
+title: 交互式教程 - 部署应用程序
+weight: 20
+---
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+<link href="/docs/tutorials/kubernetes-basics/public/css/overrides.css" rel="stylesheet">
+<script src="https://katacoda.com/embed.js"></script>
+
+<div class="layout" id="top">
+
+    <main class="content katacoda-content">
+
+        <br>
+        <div class="katacoda">
+            <!-- <div class="katacoda__alert">
+                To interact with the Terminal, please use the desktop/tablet version
+            </div> -->
+            <div class="katacoda__alert">
+                要与终端进行交互，请使用桌面/平板电脑版本
+            </div>
+
+            <div class="katacoda__box" id="inline-terminal-1"  data-katacoda-id="kubernetes-bootcamp/7" data-katacoda-color="326de6" data-katacoda-secondary="273d6d" data-katacoda-hideintro="false" data-katacoda-font="Roboto" data-katacoda-fontheader="Roboto Slab" data-katacoda-prompt="Kubernetes Bootcamp Terminal" style="height: 600px;">
+            </div>
+
+        </div>
+        <div class="row">
+            <div class="col-md-12">
+                <!-- <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/explore/explore-intro/" role="button">Continue to Module 3<span class="btn__next">›</span></a> -->
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/explore/explore-intro/" role="button">继续阅读第3单元<span class="btn__next">›</span></a>
+            </div>
+        </div>
+
+    </main>
+
+</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/content/zh/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html b/content/zh/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
new file mode 100644
index 0000000000000..3f4acbf331922
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
@@ -0,0 +1,136 @@
+---
+title: 使用 kubectl 创建 Deployment
+weight: 10
+---
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+
+<div class="layout" id="top">
+
+    <main class="content">
+
+        <div class="row">
+
+         <div class="col-md-8">
+          <!-- <h3>Objectives</h3> -->
+          <h3>目标</h3>
+                <!-- <ul>
+                    <li>Learn about application Deployments.</li>
+                    <li>Deploy your first app on Kubernetes with kubectl.</li>
+                </ul> -->
+                <ul>
+                  <li>学习了解应用的部署</li>
+                  <li>使用 kubectl 在 Kubernetes 上部署第一个应用</li>
+              </ul>
+            </div>
+
+            <div class="col-md-8">
+                <!-- <h3>Kubernetes Deployments</h3> -->
+                <h3>Kubernetes 部署</h3>
+                <!-- <p>
+                Once you have a running Kubernetes cluster, you can deploy your containerized applications on top of it.
+                To do so, you create a Kubernetes <b>Deployment</b> configuration. The Deployment instructs Kubernetes
+                how to create and update instances of your application. Once you've created a Deployment, the Kubernetes
+                master schedules mentioned application instances onto individual Nodes in the cluster.
+                </p> -->
+                <p>
+                  一旦运行了 Kubernetes 集群，就可以在其上部署容器化应用程序。
+                  为此，您需要创建 Kubernetes <b> Deployment </b>配置。Deployment 指挥 Kubernetes 如何创建和更新应用程序的实例。创建 Deployment 后，Kubernetes master 将应用程序实例调度到集群中的各个节点上。
+                  </p>
+
+                <!-- <p>Once the application instances are created, a Kubernetes Deployment Controller continuously monitors those instances. If the Node hosting an instance goes down or is deleted, the Deployment controller replaces the instance with an instance on another Node in the cluster. <b>This provides a self-healing mechanism to address machine failure or maintenance.</b></p> -->
+                <p>创建应用程序实例后，Kubernetes Deployment 控制器会持续监视这些实例。 如果托管实例的节点关闭或被删除，则 Deployment 控制器会将该实例替换为群集中另一个节点上的实例。 <b>这提供了一种自我修复机制来解决机器故障维护问题。</b></p>
+
+                <!-- <p>In a pre-orchestration world, installation scripts would often be used to start applications, but they did not allow recovery from machine failure.  By both creating your application instances and keeping them running across Nodes, Kubernetes Deployments provide a fundamentally different approach to application management. </p> -->
+                <p>在没有 Kubernetes 这种编排系统之前，安装脚本通常用于启动应用程序，但它们不允许从机器故障中恢复。通过创建应用程序实例并使它们在节点之间运行， Kubernetes Deployments 提供了一种与众不同的应用程序管理方法。</p>
+
+            </div>
+
+            <div class="col-md-4">
+                <div class="content__box content__box_lined">
+                    <!-- <h3>Summary:</h3> -->
+                    <h3>总结:</h3>
+                    <ul>
+                        <li>Deployments</li>
+                        <li>Kubectl</li>
+                    </ul>
+                </div>
+                <div class="content__box content__box_fill">
+                    <!-- <p><i>
+                        A Deployment is responsible for creating and updating instances of your application
+                    </i></p> -->
+                    <p><i>
+                      Deployment 负责创建和更新应用程序的实例
+                  </i></p>
+                </div>
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-8">
+                <!-- <h2 style="color: #3771e3;">Deploying your first app on Kubernetes</h2> -->
+                <h2 style="color: #3771e3;">部署你在 Kubernetes 上的第一个应用程序</h2>
+            </div>
+        </div>
+
+        <div class="row">
+            <div class="col-md-8">
+                <p><img src="/docs/tutorials/kubernetes-basics/public/images/module_02_first_app.svg"></p>
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-8">
+
+                <!-- <p>You can create and manage a Deployment by using the Kubernetes command line interface, <b>Kubectl</b>. Kubectl uses the Kubernetes API to interact with the cluster. In this module, you'll learn the most common Kubectl commands needed to create Deployments that run your applications on a Kubernetes cluster.</p> -->
+                <p>您可以使用 Kubernetes 命令行界面创建和管理 Deployment，<b>Kubectl</b>.Kubectl 使用 Kubernetes API 与集群进行交互。在本单元中，您将学习创建在 Kubernetes 集群上运行应用程序的 Deployment 所需的最常见的 Kubectl 命令。</p>
+
+                <!-- <p>When you create a Deployment, you'll need to specify the container image for your application and the number of replicas that you want to run. You can change that information later by updating your Deployment; Modules <a href="/docs/tutorials/kubernetes-basics/scale-intro/">5</a> and <a href="/docs/tutorials/kubernetes-basics/update-intro/">6</a> of the bootcamp discuss how you can scale and update your Deployments.</p> -->
+                <p>创建 Deployment 时，您需要指定应用程序的容器映像以及要运行的副本数。您可以稍后通过更新 Deployment 来更改该信息; 模块 <a href="/docs/tutorials/kubernetes-basics/scale-intro/">5</a> 和 <a href="/docs/tutorials/kubernetes-basics/update-intro/">6</a> 讨论了如何扩展和更新 Deployments。</p>
+
+            </div>
+            <div class="col-md-4">
+                <div class="content__box content__box_fill">
+                    <!-- <p><i> Applications need to be packaged into one of the supported container formats in order to be deployed on Kubernetes </i></p> -->
+                    <p><i> 应用程序需要打包成一种受支持的容器格式，以便部署在 Kubernetes 上 </i></p>
+                </div>
+            </div>
+        </div>
+
+        <div class="row">
+            <div class="col-md-8">
+
+                <!-- <p>For our first Deployment, we'll use a Node.js application packaged in a Docker container.
+                    To create the Node.js application and deploy the Docker container, follow the instructions from the
+                    <a href="/docs/tutorials/hello-minikube/">Hello Minikube tutorial</a>.</p>
+
+                <p>Now that you know what Deployments are, let's go to the online tutorial and deploy our first app!</p> -->
+                <p>对于我们的第一次部署，我们将使用打包在 Docker 容器中的 Node.js 应用程序。
+                    要创建 Node.js 应用程序并部署 Docker 容器，请按照
+                    <a href="/docs/tutorials/hello-minikube/">你好 Minikube 教程</a>.</p>
+
+                <p>现在您已经了解了 Deployment 的内容，让我们转到在线教程并部署我们的第一个应用程序！</p>
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-12">
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive/" role="button">开始交互式教程 <span class="btn__next">›</span></a>
+            </div>
+        </div>
+
+    </main>
+
+</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/content/zh/docs/tutorials/kubernetes-basics/explore/_index.md b/content/zh/docs/tutorials/kubernetes-basics/explore/_index.md
new file mode 100644
index 0000000000000..7cd33c1312157
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/explore/_index.md
@@ -0,0 +1,9 @@
+---
+title: 了解你的应用
+weight: 30
+---
+
+<!-- ---
+title: Explore Your App
+weight: 30
+--- -->
diff --git a/content/zh/docs/tutorials/kubernetes-basics/explore/explore-interactive.html b/content/zh/docs/tutorials/kubernetes-basics/explore/explore-interactive.html
new file mode 100644
index 0000000000000..f5b2f96955068
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/explore/explore-interactive.html
@@ -0,0 +1,54 @@
+---
+title: 交互式教程-探索您的应用程序
+weight: 20
+---
+
+<!--
+---
+title: Interactive Tutorial - Exploring Your App
+weight: 20
+---
+-->
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+<link href="/docs/tutorials/kubernetes-basics/public/css/overrides.css" rel="stylesheet">
+<script src="https://katacoda.com/embed.js"></script>
+
+<div class="layout" id="top">
+
+    <main class="content katacoda-content">
+
+        <br>
+        <div class="katacoda">
+
+<!-- 
+            <div class="katacoda__alert">
+                To interact with the Terminal, please use the desktop/tablet version
+            </div>
+-->
+
+            <div class="katacoda__alert">
+                要与终端交互，请使用桌面/平板 版本
+            </div>
+            
+            <div class="katacoda__box" id="inline-terminal-1"  data-katacoda-id="kubernetes-bootcamp/4" data-katacoda-color="326de6" data-katacoda-secondary="273d6d" data-katacoda-hideintro="false" data-katacoda-font="Roboto" data-katacoda-fontheader="Roboto Slab" data-katacoda-prompt="Kubernetes Bootcamp Terminal" style="height: 600px;">
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-12">
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/expose/expose-intro/" role="button">Continue to Module 4<span class="btn__next">›</span></a>
+            </div>
+        </div>
+
+    </main>
+
+</div>
+
+</body>
+</html>
diff --git a/content/zh/docs/tutorials/kubernetes-basics/explore/explore-intro.html b/content/zh/docs/tutorials/kubernetes-basics/explore/explore-intro.html
new file mode 100644
index 0000000000000..cedde295bbd84
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/explore/explore-intro.html
@@ -0,0 +1,222 @@
+---
+title: 查看 pod 和工作节点
+weight: 10
+---
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+
+
+<div class="layout" id="top">
+
+  <main class="content">
+
+    <div class="row">
+
+      <div class="col-md-8">
+<!--
+        <h3>Objectives</h3>
+-->
+        <h3>目标</h3>
+        <ul>
+<!--
+          <li>Learn about Kubernetes Pods.</li>
+          <li>Learn about Kubernetes Nodes.</li>
+          <li>Troubleshoot deployed applications.</li>
+-->
+          <li>了解 Kubernetes Pod。</li>
+          <li>了解 Kubernetes 工作节点。</li>
+          <li>对已部署的应用故障排除。</li>
+        </ul>
+      </div>
+
+      <div class="col-md-8">
+<!--
+        <h2>Kubernetes Pods</h2>
+-->
+        <h2>Kubernetes Pods</h2>
+<!--
+        <p>When you created a Deployment in Module <a href="/docs/tutorials/kubernetes-basics/deploy-intro/">2</a>, Kubernetes created a <b>Pod</b> to host your application instance. A Pod is a Kubernetes abstraction that represents a group of one or more application containers (such as Docker or rkt), and some shared resources for those containers. Those resources include:</p>
+-->
+        <p>在模块 <a href="/docs/tutorials/kubernetes-basics/deploy-intro/">2</a>创建 Deployment 时, Kubernetes 添加 a <b>Pod</b> 托管你的应用实例。Pod 是 Kubernetes 抽象出来的，表示一组一个或多个应用程序容器（如 Docker 或 rkt ），以及这些容器的一些共享资源。这些资源包括:</p>
+<!--
+        <ul>
+          <li>Shared storage, as Volumes</li>
+          <li>Networking, as a unique cluster IP address</li>
+          <li>Information about how to run each container, such as the container image version or specific ports to use</li>
+        </ul>
+-->
+        <ul>
+          <li>共享存储，当作卷</li>
+          <li>网络，作为唯一的集群 IP 地址</li>
+          <li>有关每个容器如何运行的信息，例如容器映像版本或要使用的特定端口。</li>
+        </ul>
+    <!--
+        <p>A Pod models an application-specific "logical host" and can contain different application containers which are relatively tightly coupled. For example, a Pod might include both the container with your Node.js app as well as a different container that feeds the data to be published by the Node.js webserver. The containers in a Pod share an IP Address and port space, are always co-located and co-scheduled, and run in a shared context on the same Node.</p>
+    -->
+        <p>Pod 为特定于应用程序的“逻辑主机”建模，并且可以包含相对紧耦合的不同应用容器。例如，Pod 可能既包含带有 Node.js 应用的容器，也包含另一个不同的容器，用于提供 Node.js 网络服务器要发布的数据。Pod 中的容器共享 IP 地址和端口，始终位于同一位置并且共同调度，并在同一工作节点上的共享上下文中运行。</p>
+<!--
+        <p>Pods are the atomic unit on the Kubernetes platform. When we create a Deployment on Kubernetes, that Deployment creates Pods with containers inside them (as opposed to creating containers directly). Each Pod is tied to the Node where it is scheduled, and remains there until termination (according to restart policy) or deletion. In case of a Node failure, identical Pods are scheduled on other available Nodes in the cluster.</p>
+-->
+        <p>Pod是 Kubernetes 平台上的原子单元。 当我们在 Kubernetes 上创建 Deployment 时，该 Deployment 会在其中创建包含容器的 Pod （而不是直接创建容器）。每个 Pod 都与调度它的工作节点绑定，并保持在那里直到终止（根据重启策略）或删除。 如果工作节点发生故障，则会在群集中的其他可用工作节点上调度相同的 Pod。</p>
+
+      </div>
+      <div class="col-md-4">
+        <div class="content__box content__box_lined">
+<!--
+          <h3>Summary:</h3>
+-->
+          <h3>总结:</h3>
+          <ul>
+            <li>Pods</li>
+            <li>工作节点</li>
+<!--
+            <li>Kubectl main commands</li>
+-->
+            <li>Kubectl 主要命令</li>
+          </ul>
+        </div>
+        <div class="content__box content__box_fill">
+<!--
+          <p><i>
+              A Pod is a group of one or more application containers (such as Docker or rkt) and includes shared storage (volumes), IP address and information about how to run them.
+            </i></p>
+-->
+          <p><i>
+              Pod 是一组一个或多个应用程序容器（例如 Docker 或 rkt ），包括共享存储（卷), IP 地址和有关如何运行它们的信息。
+            </i></p>
+        </div>
+      </div>
+    </div>
+    <br>
+
+    <div class="row">
+      <div class="col-md-8">
+<!--
+        <h2 style="color: #3771e3;">Pods overview</h2>
+-->
+        <h2 style="color: #3771e3;">Pod 概览</h2>
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-md-8">
+        <p><img src="/docs/tutorials/kubernetes-basics/public/images/module_03_pods.svg"></p>
+      </div>
+    </div>
+    <br>
+
+    <div class="row">
+      <div class="col-md-8">
+<!--
+        <h2>Nodes</h2>
+        <p>A Pod always runs on a <b>Node</b>. A Node is a worker machine in Kubernetes and may be either a virtual or a physical machine, depending on the cluster. Each Node is managed by the Master. A Node can have multiple pods, and the Kubernetes master automatically handles scheduling the pods across the Nodes in the cluster. The Master's automatic scheduling takes into account the available resources on each Node.</p>
+
+        <p>Every Kubernetes Node runs at least:</p>
+        <ul>
+          <li>Kubelet, a process responsible for communication between the Kubernetes Master and the Node; it manages the Pods and the containers running on a machine.</li>
+          <li>A container runtime (like Docker, rkt) responsible for pulling the container image from a registry, unpacking the container, and running the application.</li>
+        </ul>
+-->
+        <h2>工作节点</h2>
+        <p>一个 pod 总是运行在 <b>工作节点</b>。工作节点是 Kubernetes 中的参与计算的机器，可以是虚拟机或物理计算机，具体取决于集群。每个工作节点由主节点管理。工作节点可以有多个 pod ，Kubernetes 主节点会自动处理在群集中的工作节点上调度 pod 。 主节点的自动调度考量了每个工作节点上的可用资源。</p>
+
+        <p>每个 Kubernetes 工作节点至少运行:</p>
+        <ul>
+          <li>Kubelet，负责 Kubernetes 主节点和工作节点之间通信的过程; 它管理 Pod 和机器上运行的容器。</li>
+          <li>容器运行时（如 Docker ，rkt ）负责从仓库中提取容器镜像，解压缩容器以及运行应用程序。</li>
+        </ul>
+      </div>
+      <div class="col-md-4">
+        <div class="content__box content__box_fill">
+<!--
+          <p><i> Containers should only be scheduled together in a single Pod if they are tightly coupled and need to share resources such as disk. </i></p>
+-->
+          <p><i>如果它们紧耦合并且需要共享磁盘等资源，这些容器应在一个 Pod 中编排。</i></p>
+        </div>
+      </div>
+    </div>
+
+    <br>
+
+    <div class="row">
+      <div class="col-md-8">
+<!--
+        <h2 style="color: #3771e3;">Node overview</h2>
+-->
+        <h2 style="color: #3771e3;">工作节点概览</h2>
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-md-8">
+        <p><img src="/docs/tutorials/kubernetes-basics/public/images/module_03_nodes.svg"></p>
+      </div>
+    </div>
+    <br>
+
+    <div class="row">
+      <div class="col-md-8">
+<!--
+        <h2>Troubleshooting with kubectl</h2>
+-->
+        <h2>使用 kubectl 进行故障排除</h2>
+<!--
+        <p>In Module <a href="/docs/tutorials/kubernetes-basics/deploy/deploy-intro/">2</a>, you used Kubectl command-line interface. You'll continue to use it in Module 3 to get information about deployed applications and their environments. The most common operations can be done with the following kubectl commands:</p>
+-->
+        <p>在模块 <a href="/docs/tutorials/kubernetes-basics/deploy/deploy-intro/">2</a>,您使用了 Kubectl 命令行界面。 您将继续在第3单元中使用它来获取有关已部署的应用程序及其环境的信息。 最常见的操作可以使用以下 kubectl 命令完成：</p>
+<!--
+        <ul>
+          <li><b>kubectl get</b> - list resources</li>
+          <li><b>kubectl describe</b> - show detailed information about a resource</li>
+          <li><b>kubectl logs</b> - print the logs from a container in a pod</li>
+          <li><b>kubectl exec</b> - execute a command on a container in a pod</li>
+        </ul>
+-->
+        <ul>
+          <li><b>kubectl get</b> - 列出资源</li>
+          <li><b>kubectl describe</b> - 显示有关资源的详细信息</li>
+          <li><b>kubectl logs</b> - 打印 pod 和其中容器的日志</li>
+          <li><b>kubectl exec</b> - 在 pod 中的容器上执行命令</li>
+        </ul>
+<!--
+        <p>You can use these commands to see when applications were deployed, what their current statuses are, where they are running and what their configurations are.</p>
+-->
+        <p>您可以使用这些命令查看应用程序的部署时间，当前状态，运行位置以及配置。</p>
+<!--
+        <p>Now that we know more about our cluster components and the command line, let's explore our application.</p>
+-->
+        <p>现在我们了解了有关集群组件和命令行的更多信息，让我们来探索一下我们的应用程序。</p>
+
+      </div>
+      <div class="col-md-4">
+        <div class="content__box content__box_fill">
+<!--
+          <p><i> A node is a worker machine in Kubernetes and may be a VM or physical machine, depending on the cluster. Multiple Pods can run on one Node. </i></p>
+-->
+          <p><i>工作节点是 Kubernetes 中的负责计算的机器，可能是VM或物理计算机，具体取决于群集。多个 Pod 可以在一个工作节点上运行。 </i></p>
+        </div>
+      </div>
+    </div>
+    <br>
+
+    <div class="row">
+      <div class="col-md-12">
+<!--
+        <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/explore/explore-interactive/" role="button">Start Interactive Tutorial <span class="btn__next">›</span></a>
+-->
+        <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/explore/explore-interactive/" role="button"> 开始交互式教程 <span class="btn__next">›</span></a>
+      </div>
+    </div>
+
+  </main>
+
+</div>
+
+</body>
+</html>
diff --git a/content/zh/docs/tutorials/kubernetes-basics/expose/_index.md b/content/zh/docs/tutorials/kubernetes-basics/expose/_index.md
new file mode 100644
index 0000000000000..c1325ed082c2f
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/expose/_index.md
@@ -0,0 +1,11 @@
+---
+title: 公开地暴露你的应用
+weight: 40
+---
+
+<!--
+---
+title: Expose Your App Publicly
+weight: 40
+---
+-->
diff --git a/content/zh/docs/tutorials/kubernetes-basics/expose/expose-interactive.html b/content/zh/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
new file mode 100644
index 0000000000000..b4d6a795b8403
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
@@ -0,0 +1,50 @@
+---
+title: 交互式教程 - 发布您的应用程序
+weight: 20
+---
+
+<!--
+---
+title: Interactive Tutorial - Exposing Your App
+weight: 20
+---
+-->
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+<link href="/docs/tutorials/kubernetes-basics/public/css/overrides.css" rel="stylesheet">
+<script src="https://katacoda.com/embed.js"></script>
+
+<div class="layout" id="top">
+
+    <main class="content katacoda-content">
+
+        <div class="katacoda">
+            <div class="katacoda__alert">
+            
+<!--            
+                To interact with the Terminal, please use the desktop/tablet version
+-->
+                要与终端交互，请使用台式机/平板电脑
+                
+            </div>
+            <div class="katacoda__box" id="inline-terminal-1"  data-katacoda-id="kubernetes-bootcamp/8" data-katacoda-color="326de6" data-katacoda-secondary="273d6d" data-katacoda-hideintro="false" data-katacoda-font="Roboto" data-katacoda-fontheader="Roboto Slab" data-katacoda-prompt="Kubernetes Bootcamp Terminal" style="height: 600px;">
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-12">
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/scale/scale-intro/" role="button">Continue to Module 5<span class="btn__next">›</span></a>
+            </div>
+        </div>
+
+    </main>
+
+</div>
+
+</body>
+</html>
diff --git a/content/zh/docs/tutorials/kubernetes-basics/scale-intro.html b/content/zh/docs/tutorials/kubernetes-basics/scale-intro.html
index 05d1e2b47da51..c0f1cc35e543c 100644
--- a/content/zh/docs/tutorials/kubernetes-basics/scale-intro.html
+++ b/content/zh/docs/tutorials/kubernetes-basics/scale-intro.html
@@ -26,7 +26,7 @@ <h3>目标</h3>
 			<div class="col-md-8">
        <h3>应用程序伸缩</h3>
 
-			<p>在之前的模块中，我们创建了一个 <a href="http://kubernetes.io/docs/user-guide/deployments/"> Deployment</a>，然后通过 <a href="http://kubernetes.io/docs/user-guide/services/">Service</a>让应用程序外部可见。
+			<p>在之前的模块中，我们创建了一个 <a href="/docs/user-guide/deployments/"> Deployment</a>，然后通过 <a href="/docs/user-guide/services/">Service</a>让应用程序外部可见。
 				Deployment 仅为我们的应用程序创建了一个 Pod。
 				当流量增加时，我们将需要扩展应用程序以跟上用户需求。</p>
 
@@ -88,7 +88,7 @@ <h2 style="color: #3771e3;">Scaling 概述</h2>
 			<div class="col-md-8">
 
 				<p>扩展 Deployment 将确保创建新的 Pods 并将其调度到拥有可用资源的 Node 节点上，收缩会保证 Pods 数量减少至新的所需状态。
-					Kubernetes 还支持 Pods 的 <a href="http://kubernetes.io/docs/user-guide/horizontal-pod-autoscaling/"> 自动缩放 </a> ，但不在本教程范围之内。收缩到零也是可以的，此时它将终止指定 Deployment 的所有 Pod。 </p>
+					Kubernetes 还支持 Pods 的 <a href="/docs/user-guide/horizontal-pod-autoscaling/"> 自动缩放 </a> ，但不在本教程范围之内。收缩到零也是可以的，此时它将终止指定 Deployment 的所有 Pod。 </p>
 
 				<p>运行应用程序的多个实例需要一种将流量分发给所有实例的方法。服务有内置的负载均衡器，可将网络流量分配给 Deployment 暴露的所有 Pods。服务通过使用 endpoints 持续监控运行的 Pods，以确保流量仅发送到可用的 Pods。</p>
 
diff --git a/content/zh/docs/tutorials/kubernetes-basics/scale/_index.md b/content/zh/docs/tutorials/kubernetes-basics/scale/_index.md
new file mode 100644
index 0000000000000..6f79e3fd83155
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/scale/_index.md
@@ -0,0 +1,11 @@
+---
+title: 伸缩您的应用
+weight: 50
+---
+
+<!--
+---
+title: Scale Your App
+weight: 50
+---
+-->
diff --git a/content/zh/docs/tutorials/kubernetes-basics/scale/scale-interactive.html b/content/zh/docs/tutorials/kubernetes-basics/scale/scale-interactive.html
new file mode 100644
index 0000000000000..489d3dfe25827
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/scale/scale-interactive.html
@@ -0,0 +1,48 @@
+---
+title: 交互教程 - 缩放你的应用程序
+weight: 20
+---
+<!--
+---
+title: Interactive Tutorial - Scaling Your App
+weight: 20
+---
+-->
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+<link href="/docs/tutorials/kubernetes-basics/public/css/overrides.css" rel="stylesheet">
+<script src="https://katacoda.com/embed.js"></script>
+<div class="layout" id="top">
+
+    <main class="content katacoda-content">
+    
+        <div class="katacoda">
+            <div class="katacoda__alert">
+                <!--
+                To interact with the Terminal, please use the desktop/tablet version
+                -->
+                与终端交互，请使用桌面/平板电脑版本
+            </div>
+            <div class="katacoda__box" id="inline-terminal-1"  data-katacoda-id="kubernetes-bootcamp/5" data-katacoda-color="326de6" data-katacoda-secondary="273d6d" data-katacoda-hideintro="false" data-katacoda-font="Roboto" data-katacoda-fontheader="Roboto Slab" data-katacoda-prompt="Kubernetes Bootcamp Terminal" style="height: 600px;">
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-12">
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/update/update-intro/" role="button"><!--Continue to Module 6-->继续参阅第6单元<span class="btn__next">›</span></a>
+            </div>
+        </div>
+    
+    </main>
+
+<a class="scrolltop" href="#top"></a>
+
+</div>
+
+</body>
+</html>
diff --git a/content/zh/docs/tutorials/kubernetes-basics/scale/scale-intro.html b/content/zh/docs/tutorials/kubernetes-basics/scale/scale-intro.html
index c9e45a5dabbd6..5d7ae8c09401e 100644
--- a/content/zh/docs/tutorials/kubernetes-basics/scale/scale-intro.html
+++ b/content/zh/docs/tutorials/kubernetes-basics/scale/scale-intro.html
@@ -30,10 +30,10 @@ <h3>目的</h3>
 			 <!-- <h3>Scaling an application</h3> -->
 			 <h3>扩缩应用程序</h3>
 
-						<!-- <p>In the previous modules we created a <a href="https://kubernetes.io/docs/concepts/workloads/controllers/deployment/"> Deployment</a>,
-							and then exposed it publicly via a <a href="https://kubernetes.io/docs/concepts/services-networking/service/">Service</a>.
+						<!-- <p>In the previous modules we created a <a href="/docs/concepts/workloads/controllers/deployment/"> Deployment</a>,
+							and then exposed it publicly via a <a href="/docs/concepts/services-networking/service/">Service</a>.
 							The Deployment created only one Pod for running our application.  When traffic increases, we will need to scale the application to keep up with  user demand.</p> -->
-						<p>在之前的模块中，我们创建了一个 <a href="http://kubernetes.io/docs/user-guide/deployments/"> Deployment</a>，然后通过 <a href="http://kubernetes.io/docs/user-guide/services/">Service</a>让其可以开放访问。Deployment 仅为跑这个应用程序创建了一个 Pod。 当流量增加时，我们需要扩容应用程序满足用户需求。</p>
+						<p>在之前的模块中，我们创建了一个 <a href="/docs/user-guide/deployments/"> Deployment</a>，然后通过 <a href="/docs/user-guide/services/">Service</a>让其可以开放访问。Deployment 仅为跑这个应用程序创建了一个 Pod。 当流量增加时，我们需要扩容应用程序满足用户需求。</p>
 
 						<!-- <p><b>Scaling</b> is accomplished by changing the number of replicas in a Deployment</p> -->
 						<p><b>扩缩</b> 是通过改变 Deployment 中的副本数量来实现的。</p>
@@ -98,8 +98,8 @@ <h2 style="color: #3771e3;">扩缩概述</h2>
             <div class="col-md-8">
 
                 <!-- <p>Scaling out a Deployment will ensure new Pods are created and scheduled to Nodes with available resources. Scaling in will reduce the number of Pods to the new desired state. Kubernetes also supports
-									<a href="http://kubernetes.io/docs/user-guide/horizontal-pod-autoscaling/">autoscaling</a> of Pods, but it is outside of the scope of this tutorial. Scaling to zero is also possible, and it will terminate all Pods of the specified Deployment.</p> -->
-								<p>扩展 Deployment 将创建新的 Pods，并将资源调度请求分配到有可用资源的节点上，收缩 会将 Pods 数量减少至所需的状态。Kubernetes 还支持 Pods 的<a href="http://kubernetes.io/docs/user-guide/horizontal-pod-autoscaling/">自动缩放</a>，但这并不在本教程的讨论范围内。将 Pods 数量收缩到0也是可以的，但这会终止 Deployment 上所有已经部署的 Pods。</p>
+									<a href="/docs/user-guide/horizontal-pod-autoscaling/">autoscaling</a> of Pods, but it is outside of the scope of this tutorial. Scaling to zero is also possible, and it will terminate all Pods of the specified Deployment.</p> -->
+								<p>扩展 Deployment 将创建新的 Pods，并将资源调度请求分配到有可用资源的节点上，收缩 会将 Pods 数量减少至所需的状态。Kubernetes 还支持 Pods 的<a href="/docs/user-guide/horizontal-pod-autoscaling/">自动缩放</a>，但这并不在本教程的讨论范围内。将 Pods 数量收缩到0也是可以的，但这会终止 Deployment 上所有已经部署的 Pods。</p>
 
 								<!-- <p>Running multiple instances of an application will require a way to distribute the traffic to all of them. Services have an integrated load-balancer that will distribute network traffic to all Pods of an exposed Deployment.
 									Services will monitor continuously the running Pods using endpoints, to ensure the traffic is sent only to available Pods.</p> -->
diff --git a/content/zh/docs/tutorials/kubernetes-basics/update/_index.md b/content/zh/docs/tutorials/kubernetes-basics/update/_index.md
new file mode 100644
index 0000000000000..951286385eb09
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/update/_index.md
@@ -0,0 +1,11 @@
+---
+title: 更新你的应用
+weight: 60
+---
+
+<!--
+---
+title: Update Your App
+weight: 60
+---
+-->
diff --git a/content/zh/docs/tutorials/kubernetes-basics/update/update-interactive.html b/content/zh/docs/tutorials/kubernetes-basics/update/update-interactive.html
new file mode 100644
index 0000000000000..c917534b56b72
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/update/update-interactive.html
@@ -0,0 +1,43 @@
+---
+title: 交互式教程 - 更新应用
+weight: 20
+---
+<!--
+---
+title: Interactive Tutorial - Updating Your App
+weight: 20
+---
+-->
+
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+<link href="/docs/tutorials/kubernetes-basics/public/css/overrides.css" rel="stylesheet">
+<script src="https://katacoda.com/embed.js"></script>
+<div class="layout" id="top">
+
+    <main class="content katacoda-content">
+    
+        <div class="katacoda">
+            <div class="katacoda__alert">
+                要与终端交互，请使用桌面/平板电脑版本
+            </div>
+            <div class="katacoda__box" id="inline-terminal-1"  data-katacoda-id="kubernetes-bootcamp/6" data-katacoda-color="326de6" data-katacoda-secondary="273d6d" data-katacoda-hideintro="false" data-katacoda-font="Roboto" data-katacoda-fontheader="Roboto Slab" data-katacoda-prompt="Kubernetes Bootcamp Terminal" style="height: 600px;">
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-12">
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/" role="button">回到 Kubernetes 的基础<span class="btn__next">›</span></a>
+            </div>
+        </div>
+    </main>
+
+</div>
+
+</body>
+</html>
diff --git a/content/zh/docs/tutorials/kubernetes-basics/update/update-intro.html b/content/zh/docs/tutorials/kubernetes-basics/update/update-intro.html
new file mode 100644
index 0000000000000..0fca436e534c9
--- /dev/null
+++ b/content/zh/docs/tutorials/kubernetes-basics/update/update-intro.html
@@ -0,0 +1,190 @@
+---
+title: 执行滚动更新
+weight: 10
+---
+
+<!--
+---
+title: Performing a Rolling Update
+weight: 10
+---
+-->
+
+<!DOCTYPE html>
+
+<html lang="en">
+
+<body>
+
+<link href="/docs/tutorials/kubernetes-basics/public/css/styles.css" rel="stylesheet">
+<link href="https://fonts.googleapis.com/css?family=Roboto+Slab:300,400,700" rel="stylesheet">
+
+<div class="layout" id="top">
+
+    <main class="content">
+
+        <div class="row">
+
+     <div class="col-md-8">
+          <h3>Objectives</h3>
+                <ul>
+                <!--
+                    <li>Perform a rolling update using kubectl.</li>
+                -->
+                    <li>使用 kubectl 执行滚动更新。</li>
+                </ul>
+            </div>
+
+            <div class="col-md-8">
+            <!--
+            <h3>Updating an application</h3>
+            -->
+            <h3>更新应用程序</h3>
+            
+            <!--
+            <p>Users expect applications to be available all the time and developers are expected to deploy new versions of them several times a day. In Kubernetes this is done with rolling updates. <b>Rolling updates</b> allow Deployments' update to take place with zero downtime by incrementally updating Pods instances with new ones. The new Pods will be scheduled on Nodes with available resources.</p>
+            -->
+            <p>用户希望应用程序始终可用，并且开发人员应该每天多次 developers 新版本的应用程序。在 Kubernetes 中，这些是通过滚动更新（Rolling Updates）完成的。 <b>滚动更新</b> 允许通过使用新的实例逐步更新 Pod 实例，零停机进行 Deployment 更新。新的 Pod 将在具有可用资源的节点上进行调度。</p>
+            
+            <!--
+            <p>In the previous module we scaled our application to run multiple instances. This is a requirement for performing updates without affecting application availability. By default, the maximum number of Pods that can be unavailable during the update and the maximum number of new Pods that can be created, is one. Both options can be configured to either numbers or percentages (of Pods).
+            In Kubernetes, updates are versioned and any Deployment update can be reverted to previous (stable) version.</p>
+            -->
+            <p>在前面的模块中，我们将应用程序扩展为运行多个实例。这是在不影响应用程序可用性的情况下执行更新的要求。默认情况下，更新期间不可用的 pod 的最大值和可以创建的新 pod 数都是 1。这两个选项都可以配置为（pod）数字或百分比。
+            在 Kubernetes 中，更新是经过版本控制的，任何 Deployment 更新都可以恢复到以前的（稳定）版本。</p>
+            
+            
+            </div>
+            <div class="col-md-4">
+                <div class="content__box content__box_lined">
+                <!--
+                    <h3>Summary:</h3>
+                -->
+                    <h3>摘要：</h3>
+                    <ul>
+                    <!--
+                        <li>Updating an app</li>
+                    -->
+                        <li>更新应用</li>
+                    </ul>
+                </div>
+                <div class="content__box content__box_fill">
+                <!--
+                    <p><i>Rolling updates allow Deployments' update to take place with zero downtime by incrementally updating Pods instances with new ones. </i></p>
+                -->
+                    <p><i>滚动更新允许通过使用新的实例逐步更新 Pod 实例从而实现 Deployments 更新，停机时间为零。</i></p>
+                </div>
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-8">
+            <!--
+                <h2 style="color: #3771e3;">Rolling updates overview</h2>
+            -->
+                <h2 style="color: #3771e3;">滚动更新概述</h2>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-1"></div>
+            <div class="col-md-8">
+                <div id="myCarousel" class="carousel" data-ride="carousel" data-interval="3000">
+                    <ol class="carousel-indicators">
+                        <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
+                        <li data-target="#myCarousel" data-slide-to="1"></li>
+                        <li data-target="#myCarousel" data-slide-to="2"></li>
+                        <li data-target="#myCarousel" data-slide-to="3"></li>
+                    </ol>
+                      <div class="carousel-inner" role="listbox">
+                        <div class="item active">
+                          <img src="/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates1.svg" >
+                        </div>
+
+                        <div class="item">
+                          <img src="/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates2.svg">
+                        </div>
+
+                        <div class="item">
+                          <img src="/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates3.svg">
+                        </div>
+
+                        <div class="item">
+                          <img src="/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates4.svg">
+                        </div>
+                      </div>
+
+                      <a class="left carousel-control" href="#myCarousel" role="button" data-slide="prev">
+                        <span class="sr-only ">Previous</span>
+                      </a>
+                      <a class="right carousel-control" href="#myCarousel" role="button" data-slide="next">
+                        <span class="sr-only">Next</span>
+                      </a>
+
+                    </div>
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-8">
+<!--
+                <p>Similar to application Scaling, if a Deployment is exposed publicly, the Service will load-balance the traffic only to available Pods during the update. An available Pod is an instance that is available to the users of the application.</p>
+-->
+                <p>与应用程序扩展类似，如果公开了 Deployment，服务将在更新期间仅对可用的 pod 进行负载均衡。可用 Pod 是应用程序用户可用的实例。</p>
+
+<!--
+                <p>Rolling updates allow the following actions:</p>
+-->
+                <p>滚动更新允许以下操作：</p>
+                <ul>
+                <!--
+                    <li>Promote an application from one environment to another (via container image updates)</li>
+                    <li>Rollback to previous versions</li>
+                    <li>Continuous Integration and Continuous Delivery of applications with zero downtime</li>
+                -->
+                    <li>将应用程序从一个环境提升到另一个环境（通过容器镜像更新）</li>
+                    <li>回滚到以前的版本</li>
+                    <li>持续集成和持续交付应用程序，无需停机</li>
+                </ul>
+
+            </div>
+            <div class="col-md-4">
+                <div class="content__box content__box_fill">
+                <!--
+                    <p><i>If a Deployment is exposed publicly, the Service will load-balance the traffic only to available Pods during the update. </i></p>
+                -->
+                    <p><i>如果 Deployment 是公开的，则服务将仅在更新期间对可用的 pod 进行负载均衡。 </i></p>
+                </div>
+            </div>
+        </div>
+
+        <br>
+
+        <div class="row">
+            <div class="col-md-8">
+            <!--
+                <p> In the following interactive tutorial, we'll update our application to a new version, and also perform a rollback.</p>
+            -->
+                <p> 在下面的交互式教程中，我们将应用程序更新为新版本，并执行回滚。</p>
+            
+            </div>
+        </div>
+        <br>
+
+        <div class="row">
+            <div class="col-md-12">
+                <!--
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/update/update-interactive/" role="button">Start Interactive Tutorial <span class="btn__next">›</span></a>
+                -->
+                <a class="btn btn-lg btn-success" href="/docs/tutorials/kubernetes-basics/update/update-interactive/" role="button">启动交互教程<span class="btn__next">›</span></a>
+                
+            </div>
+        </div>
+
+    </main>
+
+</div>
+
+</body>
+</html>
diff --git a/content/zh/docs/tutorials/object-management-kubectl/object-management.md b/content/zh/docs/tutorials/object-management-kubectl/object-management.md
index 85d95adfc4a1c..04e18e03ab071 100644
--- a/content/zh/docs/tutorials/object-management-kubectl/object-management.md
+++ b/content/zh/docs/tutorials/object-management-kubectl/object-management.md
@@ -57,7 +57,7 @@ kubectl create deployment nginx --image nginx
 
 在命令式对象配置中，`kubectl` 命令指定操作(创建，替换等)，可选标志和至少一个文件名称。指定的文件必须包含对象的完整定义以 YAML 或 JSON 格式。
 
-请参阅[参考资源](https://kubernetes.io/docs/resources-reference/v1.6/)
+请参阅[参考资源](/docs/resources-reference/v1.6/)
 查看有关对象定义的更多细节。
 
 **警告:** 命令式 `replace` 命令用新提供的命令替换现有资源规格，将对配置文件中缺少的对象的所有更改都丢弃。这种方法不应更新与配置文件无关的资源类型。例如，`LoadBalancer` 类型的服务使其 `externalIPs` 字段与集群的配置无关。
@@ -149,5 +149,3 @@ kubectl apply -R -f configs/
  {{< comment >}}
  {{< /comment >}}
  {{% /capture %}}
-
- 
diff --git a/content/zh/docs/tutorials/online-training/_index.md b/content/zh/docs/tutorials/online-training/_index.md
new file mode 100644
index 0000000000000..05dd318a4b664
--- /dev/null
+++ b/content/zh/docs/tutorials/online-training/_index.md
@@ -0,0 +1,11 @@
+---
+title: "在线培训课程"
+weight: 20
+---
+
+<!--
+---
+title: "Online Training Courses"
+weight: 20
+---
+-->
diff --git a/content/zh/docs/tutorials/online-training/overview.md b/content/zh/docs/tutorials/online-training/overview.md
new file mode 100644
index 0000000000000..c89827186b427
--- /dev/null
+++ b/content/zh/docs/tutorials/online-training/overview.md
@@ -0,0 +1,58 @@
+---
+title: Kubernetes 在线培训概述
+content_template: templates/concept
+---
+
+<!--
+---
+title: Overview of Kubernetes Online Training
+content_template: templates/concept
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+Here are some of the sites that offer online training for Kubernetes:
+-->
+以下是一些为 Kubernetes 提供在线培训的网站：
+
+{{% /capture %}}
+
+{{% capture body %}}
+
+<!--
+* [Scalable Microservices with Kubernetes (Udacity)](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615)
+
+* [Introduction to Kubernetes (edX)](https://www.edx.org/course/introduction-kubernetes-linuxfoundationx-lfs158x)
+
+* [Getting Started with Kubernetes (Pluralsight)](https://www.pluralsight.com/courses/getting-started-kubernetes)
+
+* [Hands-on Introduction to Kubernetes (Instruqt)](https://play.instruqt.com/public/topics/getting-started-with-kubernetes)
+
+* [Learn Kubernetes using Interactive Hands-on Scenarios (Katacoda)](https://www.katacoda.com/courses/kubernetes/)
+
+* [Certified Kubernetes Administrator Preparation Course (LinuxAcademy.com)](https://linuxacademy.com/linux/training/course/name/certified-kubernetes-administrator-preparation-course)
+
+* [Kubernetes the Hard Way (LinuxAcademy.com)](https://linuxacademy.com/linux/training/course/name/kubernetes-the-hard-way)
+
+* [Certified Kubernetes Application Developer Preparation Course (KodeKloud.com)](https://kodekloud.com/p/kubernetes-certification-course)
+-->
+
+* [使用 Kubernetes 的可伸缩微服务（Udacity）](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615)
+
+* [Kubernetes 简介（edX）](https://www.edx.org/course/introduction-kubernetes-linuxfoundationx-lfs158x)
+
+* [开始使用 Kubernetes（Pluralsight）](https://www.pluralsight.com/courses/getting-started-kubernetes)
+
+* [Kubernetes 实践手册（Instruqt）](https://play.instruqt.com/public/topics/getting-started-with-kubernetes)
+
+* [使用交互式动手场景学习 Kubernetes（Katacoda）](https://www.katacoda.com/courses/kubernetes/)
+
+* [认证 Kubernetes 管理员预备课程（LinuxAcademy.com）](https://linuxacademy.com/linux/training/course/name/certified-kubernetes-administrator-preparation-course)
+
+* [Kubernetes 坎坷路（LinuxAcademy.com）](https://linuxacademy.com/linux/training/course/name/kubernetes-the-hard-way)
+
+* [认证 Kubernetes 应用程序开发人员准备课程（KodeKloud.com）](https://kodekloud.com/p/kubernetes-certification-course)
+
+{{% /capture %}}
diff --git a/content/zh/docs/tutorials/services/_index.md b/content/zh/docs/tutorials/services/_index.md
new file mode 100644
index 0000000000000..a40568271b8ac
--- /dev/null
+++ b/content/zh/docs/tutorials/services/_index.md
@@ -0,0 +1,11 @@
+---
+title: "Services"
+weight: 70
+---
+
+<!--
+---
+title: "Services"
+weight: 70
+---
+-->
diff --git a/content/zh/docs/tutorials/stateful-application/_index.md b/content/zh/docs/tutorials/stateful-application/_index.md
new file mode 100644
index 0000000000000..9c460f34bc67c
--- /dev/null
+++ b/content/zh/docs/tutorials/stateful-application/_index.md
@@ -0,0 +1,11 @@
+---
+title: "有状态的应用"
+weight: 50
+---
+
+<!--
+---
+title: "Stateful Applications"
+weight: 50
+---
+-->
diff --git a/content/zh/docs/tutorials/stateful-application/basic-stateful-set.md b/content/zh/docs/tutorials/stateful-application/basic-stateful-set.md
index 1ae7c53847f9b..f17c4b7347dd8 100644
--- a/content/zh/docs/tutorials/stateful-application/basic-stateful-set.md
+++ b/content/zh/docs/tutorials/stateful-application/basic-stateful-set.md
@@ -448,7 +448,7 @@ kubectl delete pod web-0
 pod "web-0" deleted
 ```
 
-<--
+<!--
 Watch the `web-0` Pod, and wait for it to transition to Running and Ready.
 -->
 
@@ -482,7 +482,9 @@ web-2   k8s.gcr.io/nginx-slim:0.8
 `web-0` has had its image updated, but `web-0` and `web-1` still have the original 
 image. Complete the update by deleting the remaining Pods.
 -->
-`web-0` 已经更新了它的镜像，但是 `web-1` 和 `web-2` 仍保留了原始镜像。
+
+`web-0` 已经更新了它的容器镜像，但 `web-0` 和 `web-1` 仍然是原始版本的镜像。通过删除剩余的 Pod 来完成更新。
+
 
 ```shell
 kubectl delete pod web-1 web-2
@@ -1051,12 +1053,15 @@ web-2     1/1       Running   0         10s
 web-3     1/1       Running   0         26s
 ```
 
-<!
+<!--
 The StatefulSet controller launched two new Pods, and it did not wait for 
 the first to become Running and Ready prior to launching the second.
+-->
 
+<!--
 Keep this terminal open, and in another terminal delete the `web` StatefulSet.
 -->
+
 StatefulSet 控制器启动了两个新的 Pod，而且在启动第二个之前并没有等待第一个变成 Running 和 Ready 状态。
 
 保持这个终端打开，并在另一个终端删除 `web` StatefulSet。
diff --git a/content/zh/docs/tutorials/stateful-application/cassandra.md b/content/zh/docs/tutorials/stateful-application/cassandra.md
index e12d9a913a369..860cd34912d4e 100644
--- a/content/zh/docs/tutorials/stateful-application/cassandra.md
+++ b/content/zh/docs/tutorials/stateful-application/cassandra.md
@@ -39,7 +39,7 @@ title: "Example: Deploying Cassandra with Stateful Sets"
 ## 准备工作
 
 
-本示例假设你已经安装运行了一个 Kubernetes集群（版本 >=1.2），并且还在某个路径下安装了  [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) 命令行工具。请查看 [getting started guides](https://kubernetes.io/docs/getting-started-guides/) 获取关于你的平台的安装说明。
+本示例假设你已经安装运行了一个 Kubernetes集群（版本 >=1.2），并且还在某个路径下安装了  [`kubectl`](/docs/tasks/tools/install-kubectl/) 命令行工具。请查看 [getting started guides](/docs/getting-started-guides/) 获取关于你的平台的安装说明。
 
 
 本示例还需要一些代码和配置文件。为了避免手动输入，你可以 `git clone` Kubernetes 源到你本地。
@@ -813,4 +813,3 @@ $ kubectl delete daemonset cassandra
 你可能还注意到我们设置了一些 Cassandra 参数（`MAX_HEAP_SIZE`和`HEAP_NEWSIZE`），并且增加了关于 [namespace](/docs/user-guide/namespaces) 的信息。我们还告诉 Kubernetes 容器暴露了 `CQL` 和 `Thrift` API 端口。最后，我们告诉集群管理器我们需要 0.1 cpu（0.1 核）。
 
 [!Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cassandra/README.md?pixel)]()
-
diff --git a/content/zh/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume.md b/content/zh/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume.md
index f3ff5fd6310e6..b1301be37c1cd 100644
--- a/content/zh/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume.md
+++ b/content/zh/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume.md
@@ -13,11 +13,11 @@ approvers:
 
 展示的 Kubernetes 概念：
 
-* [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) 定义持久化磁盘（磁盘生命周期不和 Pods 绑定）。
-* [Services](https://kubernetes.io/docs/concepts/services-networking/service/) 使得 Pods 能够找到其它 Pods。
-* [External Load Balancers](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) 对外暴露 Services。
-* [Deployments](http://kubernetes.io/docs/user-guide/deployments/) 确保 Pods 持续运行。
-* [Secrets](http://kubernetes.io/docs/user-guide/secrets/) 保存敏感密码信息。
+* [Persistent Volumes](/docs/concepts/storage/persistent-volumes/) 定义持久化磁盘（磁盘生命周期不和 Pods 绑定）。
+* [Services](/docs/concepts/services-networking/service/) 使得 Pods 能够找到其它 Pods。
+* [External Load Balancers](/docs/concepts/services-networking/service/#type-loadbalancer) 对外暴露 Services。
+* [Deployments](/docs/user-guide/deployments/) 确保 Pods 持续运行。
+* [Secrets](/docs/user-guide/secrets/) 保存敏感密码信息。
 
 
 ## 快速入门
@@ -66,18 +66,18 @@ kubectl create -f https://raw.githubusercontent.com/kubernetes/examples/master/m
 Kubernetes本质是模块化的，可以在各种环境中运行。但并不是所有集群都相同。此处是本示例的一些要求：
 * 需要 1.2 版本以上的 Kubernetes，以使用更新的特性，例如 PV Claims 和 Deployments。运行 `kubectl version` 来查看你的集群版本。
 * [Cluster DNS](https://github.com/kubernetes/dns) 将被用于服务发现。
-* 一个 [external load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) 将被用于接入 WordPress。
-* 使用了 [Persistent Volume Claims](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)。你必须创建集群中需要的 Persistent Volumes。本示例将展示两种类型的 volume 的创建方法，但是任何类型的 volume 都是足够使用的。
+* 一个 [external load balancer](/docs/concepts/services-networking/service/#type-loadbalancer) 将被用于接入 WordPress。
+* 使用了 [Persistent Volume Claims](/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)。你必须创建集群中需要的 Persistent Volumes。本示例将展示两种类型的 volume 的创建方法，但是任何类型的 volume 都是足够使用的。
 
 
-查阅 [Getting Started Guide](http://kubernetes.io/docs/getting-started-guides/)，搭建一个集群并安装 [kubectl](http://kubernetes.io/docs/user-guide/prereqs/) 命令行工具。
+查阅 [Getting Started Guide](/docs/getting-started-guides/)，搭建一个集群并安装 [kubectl](/docs/user-guide/prereqs/) 命令行工具。
 
 
 ## 决定在哪里存储你的数据
 
 
-MySQL 和 WordPress 各自使用一个 [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) 来存储自己的数据。我们将使用一个 Persistent Volume Claim 来取得一个可用的持久化存储。本示例覆盖了 HostPath 和
-GCEPersistentDisk 卷类型。你可以从两者中选择一个，或者查看 [Persistent Volumes的类型](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#types-of-persistent-volumes)。
+MySQL 和 WordPress 各自使用一个 [Persistent Volume](/docs/concepts/storage/persistent-volumes/) 来存储自己的数据。我们将使用一个 Persistent Volume Claim 来取得一个可用的持久化存储。本示例覆盖了 HostPath 和
+GCEPersistentDisk 卷类型。你可以从两者中选择一个，或者查看 [Persistent Volumes的类型](/docs/concepts/storage/persistent-volumes/#types-of-persistent-volumes)。
 
 
 ### Host Path
@@ -112,7 +112,7 @@ kubectl create -f $KUBE_REPO/mysql-wordpress-pd/local-volumes.yaml
 ### GCE Persistent Disk
 
 
-如果在 [Google Compute Engine](http://kubernetes.io/docs/getting-started-guides/gce/) 上运行集群，你可以使用这个存储选项。
+如果在 [Google Compute Engine](/docs/getting-started-guides/gce/) 上运行集群，你可以使用这个存储选项。
 
 
 创建两个永久磁盘。你需要在和 Kubernetes 集群相同的 [GCE zone](https://cloud.google.com/compute/docs/zones) 中创建这些磁盘。默认的安装脚本将在 `us-central1-b` zone 中创建集群，就像你在 [config-default.sh](https://git.k8s.io/kubernetes/cluster/gce/config-default.sh) 文件中看到的。替换下面的 `<zone>` 为合适的 zone。`wordpress-1` 和 `wordpress-2` 的名字必须和 [gce-volumes.yaml](https://git.k8s.io/examples/mysql-wordpress-pd/gce-volumes.yaml) 指定的 `pdName` 字段匹配。
@@ -134,7 +134,7 @@ kubectl create -f $KUBE_REPO/mysql-wordpress-pd/gce-volumes.yaml
 ## 创建 MySQL 密码 Secret
 
 
-使用一个 [Secret](http://kubernetes.io/docs/user-guide/secrets/) 对象存储 MySQL 密码。首先，创建一个名为 `password.txt` 的文件(和 wordpress 示例文件在相同的文件夹)，并且将你的密码保存于其中。请确保密码文件的结尾没有空行。如果你的编辑器添加了一个，开始的 `tr` 命令将会删除这个空行。然后，创建这个 Secret 对象。
+使用一个 [Secret](/docs/user-guide/secrets/) 对象存储 MySQL 密码。首先，创建一个名为 `password.txt` 的文件(和 wordpress 示例文件在相同的文件夹)，并且将你的密码保存于其中。请确保密码文件的结尾没有空行。如果你的编辑器添加了一个，开始的 `tr` 命令将会删除这个空行。然后，创建这个 Secret 对象。
 
 ```shell
 tr --delete '\n' <password.txt >.strippedpassword.txt && mv .strippedpassword.txt password.txt
@@ -318,11 +318,10 @@ kubectl delete pv wordpress-pv-1 wordpress-pv-2
 
 ## 接下来的步骤
 
-* [Introspection and Debugging](http://kubernetes.io/docs/user-guide/introspection-and-debugging/)
-* [Jobs](http://kubernetes.io/docs/user-guide/jobs/) may be useful to run SQL queries.
-* [Exec](http://kubernetes.io/docs/user-guide/getting-into-containers/)
-* [Port Forwarding](http://kubernetes.io/docs/user-guide/connecting-to-applications-port-forward/)
+* [Introspection and Debugging](/docs/user-guide/introspection-and-debugging/)
+* [Jobs](/docs/user-guide/jobs/) may be useful to run SQL queries.
+* [Exec](/docs/user-guide/getting-into-containers/)
+* [Port Forwarding](/docs/user-guide/connecting-to-applications-port-forward/)
 
 
 [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/examples/mysql-wordpress-pd/README.md?pixel)]()
-
diff --git a/content/zh/docs/tutorials/stateless-application/_index.md b/content/zh/docs/tutorials/stateless-application/_index.md
new file mode 100644
index 0000000000000..83a20836eb327
--- /dev/null
+++ b/content/zh/docs/tutorials/stateless-application/_index.md
@@ -0,0 +1,11 @@
+---
+title: "无状态应用程序"
+weight: 40
+---
+
+<!--
+---
+title: "Stateless Applications"
+weight: 40
+---
+-->
diff --git a/content/zh/docs/tutorials/stateless-application/expose-external-ip-address.md b/content/zh/docs/tutorials/stateless-application/expose-external-ip-address.md
new file mode 100644
index 0000000000000..b22d2a365a529
--- /dev/null
+++ b/content/zh/docs/tutorials/stateless-application/expose-external-ip-address.md
@@ -0,0 +1,257 @@
+---
+title: 公开外部 IP 地址以访问集群中应用程序
+content_template: templates/tutorial
+weight: 10
+---
+
+<!--
+---
+title: Exposing an External IP Address to Access an Application in a Cluster
+content_template: templates/tutorial
+weight: 10
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This page shows how to create a Kubernetes Service object that exposes an
+external IP address.
+-->
+此页面显示如何创建公开外部 IP 地址的 Kubernetes 服务对象。
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}}
+
+<!--
+ * Install [kubectl](/docs/tasks/tools/install-kubectl/).
+
+ * Use a cloud provider like Google Kubernetes Engine or Amazon Web Services to
+ create a Kubernetes cluster. This tutorial creates an
+ [external load balancer](/docs/tasks/access-application-cluster/create-external-load-balancer/),
+ which requires a cloud provider.
+
+ * Configure `kubectl` to communicate with your Kubernetes API server. For
+ instructions, see the documentation for your cloud provider.
+-->
+
+ * 安装 [kubectl](/docs/tasks/tools/install-kubectl/).
+
+ * 使用 Google Kubernetes Engine 或 Amazon Web Services 等云供应商创建 Kubernetes 群集。
+ 本教程创建了一个[外部负载均衡器](/docs/tasks/access-application-cluster/create-external-load-balancer/)，需要云供应商。
+
+ * 配置 `kubectl` 与 Kubernetes API 服务器通信。有关说明，请参阅云供应商文档。
+
+{{% /capture %}}
+
+
+{{% capture objectives %}}
+
+<!--
+* Run five instances of a Hello World application.
+* Create a Service object that exposes an external IP address.
+* Use the Service object to access the running application.
+-->
+
+* 运行 Hello World 应用程序的五个实例。
+* 创建一个公开外部 IP 地址的 Service 对象。
+* 使用 Service 对象访问正在运行的应用程序。
+
+{{% /capture %}}
+
+
+{{% capture lessoncontent %}}
+
+<!--
+## Creating a service for an application running in five pods
+-->
+
+## 为一个在五个 pod 中运行的应用程序创建服务
+
+<!--
+1. Run a Hello World application in your cluster:
+-->
+1. 在集群中运行 Hello World 应用程序：
+
+        kubectl run hello-world --replicas=5 --labels="run=load-balancer-example" --image=gcr.io/google-samples/node-hello:1.0  --port=8080
+
+<!--
+    The preceding command creates a
+    [Deployment](/docs/concepts/workloads/controllers/deployment/)
+    object and an associated
+    [ReplicaSet](/docs/concepts/workloads/controllers/replicaset/)
+    object. The ReplicaSet has five
+    [Pods](/docs/concepts/workloads/pods/pod/),
+    each of which runs the Hello World application.
+-->
+    前面的命令创建一个 [Deployment](/docs/concepts/workloads/controllers/deployment/) 
+    对象和一个关联的 [ReplicaSet](/docs/concepts/workloads/controllers/replicaset/)对象。
+    ReplicaSet 有五个 [Pod](/docs/concepts/workloads/pods/pod/)，每个都运行 Hello World 应用程序。
+
+<!--
+1. Display information about the Deployment:
+-->
+2. 显示有关 Deployment 的信息：
+
+        kubectl get deployments hello-world
+        kubectl describe deployments hello-world
+
+<!--
+1. Display information about your ReplicaSet objects:
+-->
+3. 显示有关 ReplicaSet 对象的信息：
+
+        kubectl get replicasets
+        kubectl describe replicasets
+
+<!--
+1. Create a Service object that exposes the deployment:
+-->
+4. 创建公开 deployment 的 Service 对象：
+
+        kubectl expose deployment hello-world --type=LoadBalancer --name=my-service
+
+<!--
+1. Display information about the Service:
+-->
+5. 显示有关 Service 的信息：
+
+        kubectl get services my-service
+
+<!--
+   The output is similar to this:
+-->
+   输出类似于：
+
+        NAME         TYPE        CLUSTER-IP     EXTERNAL-IP      PORT(S)    AGE
+        my-service   ClusterIP   10.3.245.137   104.198.205.71   8080/TCP   54s
+
+<!--
+   Note: If the external IP address is shown as \<pending\>, wait for a minute
+   and enter the same command again.
+-->
+   注意：如果外部 IP 地址显示为 \<pending\>，请等待一分钟再次输入相同的命令。
+
+<!--
+1. Display detailed information about the Service:
+-->
+6. 显示有关 Service 的详细信息：
+
+        kubectl describe services my-service
+
+<!--
+   The output is similar to this:
+-->
+   输出类似于：
+
+        Name:           my-service
+        Namespace:      default
+        Labels:         run=load-balancer-example
+        Annotations:    <none>
+        Selector:       run=load-balancer-example
+        Type:           LoadBalancer
+        IP:             10.3.245.137
+        LoadBalancer Ingress:   104.198.205.71
+        Port:           <unset> 8080/TCP
+        NodePort:       <unset> 32377/TCP
+        Endpoints:      10.0.0.6:8080,10.0.1.6:8080,10.0.1.7:8080 + 2 more...
+        Session Affinity:   None
+        Events:         <none>
+
+<!--
+   Make a note of the external IP address (`LoadBalancer Ingress`) exposed by
+   your service. In this example, the external IP address is 104.198.205.71.
+   Also note the value of `Port` and `NodePort`. In this example, the `Port`
+   is 8080 and the `NodePort` is 32377.
+-->
+   记下服务公开的外部 IP 地址（`LoadBalancer Ingress`)。
+   在本例中，外部 IP 地址是 104.198.205.71。还要注意 `Port` 和 `NodePort` 的值。
+   在本例中，`Port` 是 8080，`NodePort` 是32377。
+   
+    
+<!--
+1. In the preceding output, you can see that the service has several endpoints:
+   10.0.0.6:8080,10.0.1.6:8080,10.0.1.7:8080 + 2 more. These are internal
+   addresses of the pods that are running the Hello World application. To
+   verify these are pod addresses, enter this command:
+-->
+7. 在前面的输出中，您可以看到服务有几个端点：
+   10.0.0.6:8080、10.0.1.6:8080、10.0.1.7:8080 和另外两个，
+   这些都是正在运行 Hello World 应用程序的 pod 的内部地址。
+   要验证这些是 pod 地址，请输入以下命令：
+
+        kubectl get pods --output=wide
+
+<!--
+   The output is similar to this:
+-->
+   输出类似于：
+
+        NAME                         ...  IP         NODE
+        hello-world-2895499144-1jaz9 ...  10.0.1.6   gke-cluster-1-default-pool-e0b8d269-1afc
+        hello-world-2895499144-2e5uh ...  10.0.1.8   gke-cluster-1-default-pool-e0b8d269-1afc
+        hello-world-2895499144-9m4h1 ...  10.0.0.6   gke-cluster-1-default-pool-e0b8d269-5v7a
+        hello-world-2895499144-o4z13 ...  10.0.1.7   gke-cluster-1-default-pool-e0b8d269-1afc
+        hello-world-2895499144-segjf ...  10.0.2.5   gke-cluster-1-default-pool-e0b8d269-cpuc
+
+<!--
+1. Use the external IP address (`LoadBalancer Ingress`) to access the Hello
+   World application:
+-->
+8. 使用外部 IP 地址（`LoadBalancer Ingress`）访问 Hello World 应用程序:
+
+        curl http://<external-ip>:<port>
+
+<!--
+   where `<external-ip>` is the external IP address (`LoadBalancer Ingress`)
+   of your Service, and `<port>` is the value of `Port` in your Service
+   description.
+   If you are using minikube, typing `minikube service my-service` will
+   automatically open the Hello World application in a browser.
+-->
+   其中 `<external-ip>` 是您的服务的外部 IP 地址（`LoadBalancer Ingress`），
+   `<port>` 是您的服务描述中的 `port` 的值。
+   如果您正在使用 minikube，输入 `minikube service my-service` 将在浏览器中自动打开 Hello World 应用程序。
+  
+<!--  
+   The response to a successful request is a hello message:
+-->
+   成功请求的响应是一条问候消息：
+
+        Hello Kubernetes!
+
+{{% /capture %}}
+
+
+{{% capture cleanup %}}
+
+<!--
+To delete the Service, enter this command:
+-->
+要删除服务，请输入以下命令：
+
+        kubectl delete services my-service
+
+<!--
+To delete the Deployment, the ReplicaSet, and the Pods that are running
+the Hello World application, enter this command:
+-->
+要删除正在运行 Hello World 应用程序的 Deployment，ReplicaSet 和 Pod，请输入以下命令：
+
+        kubectl delete deployment hello-world
+
+{{% /capture %}}
+
+
+{{% capture whatsnext %}}
+
+<!--
+Learn more about
+[connecting applications with services](/docs/concepts/services-networking/connect-applications-service/).
+-->
+
+了解更多关于[将应用程序与服务连接](/docs/concepts/services-networking/connect-applications-service/)。
+
+{{% /capture %}}
diff --git a/content/zh/docs/tutorials/stateless-application/guestbook.md b/content/zh/docs/tutorials/stateless-application/guestbook.md
new file mode 100644
index 0000000000000..0dac40d6550af
--- /dev/null
+++ b/content/zh/docs/tutorials/stateless-application/guestbook.md
@@ -0,0 +1,622 @@
+---
+title: "示例：使用 Redis 部署 PHP 留言板应用程序"
+reviewers:
+- ahmetb
+content_template: templates/tutorial
+weight: 20
+---
+
+<!--
+---
+title: "Example: Deploying PHP Guestbook application with Redis"
+reviewers:
+- ahmetb
+content_template: templates/tutorial
+weight: 20
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+This tutorial shows you how to build and deploy a simple, multi-tier web application using Kubernetes and [Docker](https://www.docker.com/). This example consists of the following components:
+-->
+本教程向您展示如何使用 Kubernetes 和 [Docker](https://www.docker.com/) 构建和部署
+一个简单的多层 web 应用程序。本例由以下组件组成：
+
+<!--
+* A single-instance [Redis](https://redis.io/) master to store guestbook entries 
+* Multiple [replicated Redis](https://redis.io/topics/replication) instances to serve reads 
+* Multiple web frontend instances
+-->
+
+* 单实例 [Redis](https://redis.io/) 主节点保存留言板条目
+* 多个[从 Redis](https://redis.io/topics/replication) 节点用来读取数据
+* 多个 web 前端实例
+
+
+{{% /capture %}}
+
+{{% capture objectives %}}
+
+<!--
+* Start up a Redis master.
+* Start up Redis slaves.
+* Start up the guestbook frontend.
+* Expose and view the Frontend Service.
+* Clean up.
+-->
+
+* 启动 Redis 主节点。
+* 启动 Redis 从节点。
+* 启动留言板前端。
+* 公开并查看前端服务。
+* 清理。
+
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+{{< version-check >}}
+
+{{% /capture %}}
+
+{{% capture lessoncontent %}}
+
+<!--
+## Start up the Redis Master
+-->
+
+##  启动 Redis 主节点
+
+<!--
+The guestbook application uses Redis to store its data. It writes its data to a Redis master instance and reads data from multiple Redis slave instances.
+-->
+留言板应用程序使用 Redis 存储数据。它将数据写入一个 Redis 主实例，并从多个 Redis 读取数据。
+
+<!--
+### Creating the Redis Master Deployment
+-->
+
+### 创建 Redis 主节点的 Deployment
+
+<!--
+The manifest file, included below, specifies a Deployment controller that runs a single replica Redis master Pod.
+-->
+下面包含的清单文件指定了一个 Deployment 控制器，该控制器运行一个 Redis 主节点 Pod 副本。
+
+{{< codenew file="application/guestbook/redis-master-deployment.yaml" >}}
+
+<!--
+1. Launch a terminal window in the directory you downloaded the manifest files.
+1. Apply the Redis Master Deployment from the `redis-master-deployment.yaml` file:
+-->
+1. 在下载清单文件的目录中启动终端窗口。
+2. 从 `redis-master-deployment.yaml` 文件中应用 Redis 主 Deployment：
+
+      ```shell
+      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-master-deployment.yaml
+      ```
+
+<!--
+1. Query the list of Pods to verify that the Redis Master Pod is running:
+-->
+3. 查询 Pod 列表以验证 Redis 主节点 Pod 是否正在运行：
+
+      ```shell
+      kubectl get pods
+      ```
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+
+      ```shell
+      NAME                            READY     STATUS    RESTARTS   AGE
+      redis-master-1068406935-3lswp   1/1       Running   0          28s
+      ```
+
+<!--
+1. Run the following command to view the logs from the Redis Master Pod:
+-->
+4. 运行以下命令查看 Redis 主节点 Pod 中的日志：
+
+     ```shell
+     kubectl logs -f POD-NAME
+     ```
+
+{{< note >}}
+
+<!--
+Replace POD-NAME with the name of your Pod.
+-->
+将 POD-NAME 替换为您的 Pod 名称。
+
+{{< /note >}}
+
+<!--
+### Creating the Redis Master Service
+-->
+
+### 创建 Redis 主节点的服务
+
+<!--
+The guestbook applications needs to communicate to the Redis master to write its data. You need to apply a [Service](/docs/concepts/services-networking/service/) to proxy the traffic to the Redis master Pod. A Service defines a policy to access the Pods.
+-->
+留言板应用程序需要往 Redis 主节点中写数据。因此，需要创建 [Service](/docs/concepts/services-networking/service/) 来代理 Redis 主节点 Pod 的流量。Service 定义了访问 Pod 的策略。
+
+{{< codenew file="application/guestbook/redis-master-service.yaml" >}}
+
+<!--
+1. Apply the Redis Master Service from the following `redis-master-service.yaml` file: 
+-->
+1. 使用下面的 `redis-master-service.yaml` 文件创建 Redis 主节点的服务：
+
+      ```shell
+      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-master-service.yaml
+      ```
+
+<!--
+1. Query the list of Services to verify that the Redis Master Service is running:
+-->
+2. 查询服务列表验证 Redis 主节点服务是否正在运行：
+
+      ```shell
+      kubectl get service
+      ```
+
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+
+      ```shell
+      NAME           TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
+      kubernetes     ClusterIP   10.0.0.1     <none>        443/TCP    1m
+      redis-master   ClusterIP   10.0.0.151   <none>        6379/TCP   8s
+      ```
+
+{{< note >}}
+
+<!--
+This manifest file creates a Service named `redis-master` with a set of labels that match the labels previously defined, so the Service routes network traffic to the Redis master Pod.   
+-->
+这个清单文件创建了一个名为 `Redis-master` 的 Service，其中包含一组与前面定义的标签匹配的标签，因此服务将网络流量路由到 Redis 主节点 Pod 上。
+
+{{< /note >}}
+
+<!--
+## Start up the Redis Slaves
+-->
+
+## 启动 Redis 从节点
+
+<!--
+Although the Redis master is a single pod, you can make it highly available to meet traffic demands by adding replica Redis slaves.
+-->
+尽管 Redis 主节点是一个单独的 pod，但是您可以通过添加 Redis 从节点的方式来使其高可用性，以满足流量需求。
+
+<!--
+### Creating the Redis Slave Deployment
+-->
+
+### 创建 Redis 从节点 Deployment
+
+<!--
+Deployments scale based off of the configurations set in the manifest file. In this case, the Deployment object specifies two replicas. 
+-->
+Deployments 根据清单文件中设置的配置进行伸缩。在这种情况下，Deployment 对象指定两个副本。
+
+<!--
+If there are not any replicas running, this Deployment would start the two replicas on your container cluster. Conversely, if there are more than two replicas are running, it would scale down until two replicas are running. 
+-->
+如果没有任何副本正在运行，则此 Deployment 将启动容器集群上的两个副本。相反，
+如果有两个以上的副本在运行，那么它的规模就会缩小，直到运行两个副本为止。
+
+{{< codenew file="application/guestbook/redis-slave-deployment.yaml" >}}
+
+<!--
+1. Apply the Redis Slave Deployment from the `redis-slave-deployment.yaml` file:
+-->
+1. 从 `redis-slave-deployment.yaml` 文件中应用 Redis Slave Deployment：
+
+      ```shell
+      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-slave-deployment.yaml
+      ```
+
+<!--
+1. Query the list of Pods to verify that the Redis Slave Pods are running:
+-->
+2. 查询 Pod 列表以验证 Redis Slave Pod 正在运行：
+
+      ```shell
+      kubectl get pods
+      ```
+
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+
+      ```shell
+      NAME                            READY     STATUS              RESTARTS   AGE
+      redis-master-1068406935-3lswp   1/1       Running             0          1m
+      redis-slave-2005841000-fpvqc    0/1       ContainerCreating   0          6s
+      redis-slave-2005841000-phfv9    0/1       ContainerCreating   0          6s
+      ```
+
+<!--
+### Creating the Redis Slave Service
+-->
+
+### 创建 Redis 从节点的 Service
+
+<!--
+The guestbook application needs to communicate to Redis slaves to read data. To make the Redis slaves discoverable, you need to set up a Service. A Service provides transparent load balancing to a set of Pods.
+-->
+留言板应用程序需要从 Redis 从节点中读取数据。
+为了便于 Redis 从节点可发现，
+您需要设置一个 Service。Service 为一组 Pod 提供负载均衡。
+
+{{< codenew file="application/guestbook/redis-slave-service.yaml" >}}
+
+<!--
+1. Apply the Redis Slave Service from the following `redis-slave-service.yaml` file:
+-->
+1. 从以下 `redis-slave-service.yaml` 文件应用 Redis Slave 服务：
+
+      ```shell
+      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-slave-service.yaml
+      ```
+
+<!--
+1. Query the list of Services to verify that the Redis slave service is running:
+-->
+2. 查询服务列表以验证 Redis 在服务是否正在运行：
+
+      ```shell
+      kubectl get services
+      ```
+
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+
+      ```
+      NAME           TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
+      kubernetes     ClusterIP   10.0.0.1     <none>        443/TCP    2m
+      redis-master   ClusterIP   10.0.0.151   <none>        6379/TCP   1m
+      redis-slave    ClusterIP   10.0.0.223   <none>        6379/TCP   6s
+      ```
+
+<!--
+## Set up and Expose the Guestbook Frontend
+-->
+
+## 设置并公开留言板前端
+
+<!--
+The guestbook application has a web frontend serving the HTTP requests written in PHP. It is configured to connect to the `redis-master` Service for write requests and the `redis-slave` service for Read requests.
+-->
+留言板应用程序有一个 web 前端，服务于用 PHP 编写的 HTTP 请求。
+它被配置为连接到写请求的 `redis-master` 服务和读请求的 `redis-slave` 服务。
+
+<!--
+### Creating the Guestbook Frontend Deployment
+-->
+
+### 创建留言板前端 Deployment
+
+{{< codenew file="application/guestbook/frontend-deployment.yaml" >}}
+
+<!--
+1. Apply the frontend Deployment from the `frontend-deployment.yaml` file:
+-->
+1. 从 `frontend-deployment.yaml` 应用前端 Deployment 文件：
+
+      ```shell
+      kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-deployment.yaml
+      ```
+
+<!--
+1. Query the list of Pods to verify that the three frontend replicas are running:
+-->
+2. 查询 Pod 列表，验证三个前端副本是否正在运行：
+
+      ```shell
+      kubectl get pods -l app=guestbook -l tier=frontend
+      ```
+
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+
+      ```
+      NAME                        READY     STATUS    RESTARTS   AGE
+      frontend-3823415956-dsvc5   1/1       Running   0          54s
+      frontend-3823415956-k22zn   1/1       Running   0          54s
+      frontend-3823415956-w9gbt   1/1       Running   0          54s
+      ```
+
+<!--
+### Creating the Frontend Service
+-->
+
+### 创建前端服务
+
+<!--
+The `redis-slave` and `redis-master` Services you applied are only accessible within the container cluster because the default type for a Service is [ClusterIP](/docs/concepts/services-networking/service/#publishing-services---service-types). `ClusterIP` provides a single IP address for the set of Pods the Service is pointing to. This IP address is accessible only within the cluster.
+-->
+应用的 `redis-slave` 和 `redis-master` 服务只能在容器集群中访问，因为服务的默认类型是
+[ClusterIP](/docs/concepts/Services-networking/Service/#publishingservices-Service-types)。`ClusterIP` 为服务指向的 Pod 集提供一个 IP 地址。这个 IP 地址只能在集群中访问。
+
+<!--
+If you want guests to be able to access your guestbook, you must configure the frontend Service to be externally visible, so a client can request the Service from outside the container cluster. Minikube can only expose Services through `NodePort`.  
+-->
+如果您希望客人能够访问您的留言板，您必须将前端服务配置为外部可见的，以便客户机可以从容器集群之外请求服务。Minikube 只能通过 `NodePort` 公开服务。
+
+{{< note >}}
+
+<!--
+Some cloud providers, like Google Compute Engine or Google Kubernetes Engine, support external load balancers. If your cloud provider supports load balancers and you want to use it, simply delete or comment out `type: NodePort`, and uncomment `type: LoadBalancer`. 
+-->
+一些云提供商，如 Google Compute Engine 或 Google Kubernetes Engine，支持外部负载均衡器。如果您的云提供商支持负载均衡器，并且您希望使用它，
+只需删除或注释掉 `type: NodePort`，并取消注释 `type: LoadBalancer` 即可。
+
+{{< /note >}}
+
+{{< codenew file="application/guestbook/frontend-service.yaml" >}}
+
+<!--
+1. Apply the frontend Service from the `frontend-service.yaml` file:
+-->
+1. 从 `frontend-service.yaml` 文件中应用前端服务：
+
+      ```shell
+      kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-service.yaml
+      ```
+
+<!--
+1. Query the list of Services to verify that the frontend Service is running:
+-->
+2. 查询服务列表以验证前端服务正在运行:
+
+      ```shell
+      kubectl get services 
+      ```
+
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+      
+      ```
+      NAME           TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
+      frontend       ClusterIP   10.0.0.112   <none>       80:31323/TCP   6s
+      kubernetes     ClusterIP   10.0.0.1     <none>        443/TCP        4m
+      redis-master   ClusterIP   10.0.0.151   <none>        6379/TCP       2m
+      redis-slave    ClusterIP   10.0.0.223   <none>        6379/TCP       1m
+      ```
+
+<!--
+### Viewing the Frontend Service via `NodePort`
+-->
+
+### 通过 `NodePort` 查看前端服务
+
+<!--
+If you deployed this application to Minikube or a local cluster, you need to find the IP address to view your Guestbook.
+-->
+如果您将此应用程序部署到 Minikube 或本地集群，您需要找到 IP 地址来查看您的留言板。
+
+<!--
+1. Run the following command to get the IP address for the frontend Service.
+-->
+1. 运行以下命令获取前端服务的 IP 地址。
+
+      ```shell
+      minikube service frontend --url
+      ```
+
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+
+      ```
+      http://192.168.99.100:31323
+      ```
+
+<!--
+1. Copy the IP address, and load the page in your browser to view your guestbook.
+-->
+2. 复制 IP 地址，然后在浏览器中加载页面以查看留言板。
+
+<!--
+### Viewing the Frontend Service via `LoadBalancer`
+-->
+
+### 通过 `LoadBalancer` 查看前端服务
+
+<!--
+If you deployed the `frontend-service.yaml` manifest with type: `LoadBalancer` you need to find the IP address to view your Guestbook.
+-->
+如果您部署了 `frontend-service.yaml`。你需要找到 IP 地址来查看你的留言板。
+
+<!--
+1. Run the following command to get the IP address for the frontend Service.
+-->
+1. 运行以下命令以获取前端服务的 IP 地址。
+
+      ```shell
+      kubectl get service frontend
+      ```
+
+<!--
+      The response should be similar to this:
+-->
+      响应应该与此类似：
+
+      ```
+      NAME       TYPE        CLUSTER-IP      EXTERNAL-IP        PORT(S)        AGE
+      frontend   ClusterIP   10.51.242.136   109.197.92.229     80:32372/TCP   1m
+      ```
+
+<!--
+1. Copy the external IP address, and load the page in your browser to view your guestbook.
+-->
+2. 复制外部 IP 地址，然后在浏览器中加载页面以查看留言板。
+
+<!--
+## Scale the Web Frontend 
+-->
+
+## 扩展 Web 前端
+
+<!--
+Scaling up or down is easy because your servers are defined as a Service that uses a Deployment controller.
+-->
+伸缩很容易是因为服务器本身被定义为使用一个 Deployment 控制器的 Service。
+
+<!--
+1. Run the following command to scale up the number of frontend Pods:
+-->
+1. 运行以下命令扩展前端 Pod 的数量：
+
+      ```shell
+      kubectl scale deployment frontend --replicas=5
+      ```
+
+<!--
+1. Query the list of Pods to verify the number of frontend Pods running:
+-->
+2. 查询 Pod 列表验证正在运行的前端 Pod 的数量：
+
+      ```shell
+      kubectl get pods
+      ```
+
+<!--
+      The response should look similar to this: 
+-->
+      响应应该类似于这样：
+
+      ```
+      NAME                            READY     STATUS    RESTARTS   AGE
+      frontend-3823415956-70qj5       1/1       Running   0          5s
+      frontend-3823415956-dsvc5       1/1       Running   0          54m
+      frontend-3823415956-k22zn       1/1       Running   0          54m
+      frontend-3823415956-w9gbt       1/1       Running   0          54m
+      frontend-3823415956-x2pld       1/1       Running   0          5s
+      redis-master-1068406935-3lswp   1/1       Running   0          56m
+      redis-slave-2005841000-fpvqc    1/1       Running   0          55m
+      redis-slave-2005841000-phfv9    1/1       Running   0          55m
+      ```
+
+<!--
+1. Run the following command to scale down the number of frontend Pods:
+-->
+3. 运行以下命令缩小前端 Pod 的数量：
+
+      ```shell
+      kubectl scale deployment frontend --replicas=2
+      ```
+
+<!--
+1. Query the list of Pods to verify the number of frontend Pods running:
+-->
+4. 查询 Pod 列表验证正在运行的前端 Pod 的数量：
+
+      ```shell
+      kubectl get pods
+      ```
+
+<!--
+      The response should look similar to this:
+-->
+      响应应该类似于这样：
+
+      ```
+      NAME                            READY     STATUS    RESTARTS   AGE
+      frontend-3823415956-k22zn       1/1       Running   0          1h
+      frontend-3823415956-w9gbt       1/1       Running   0          1h
+      redis-master-1068406935-3lswp   1/1       Running   0          1h
+      redis-slave-2005841000-fpvqc    1/1       Running   0          1h
+      redis-slave-2005841000-phfv9    1/1       Running   0          1h
+      ```
+        
+{{% /capture %}}
+
+{{% capture cleanup %}}
+
+<!--
+Deleting the Deployments and Services also deletes any running Pods. Use labels to delete multiple resources with one command.
+-->
+删除 Deployments 和服务还会删除正在运行的 Pod。使用标签用一个命令删除多个资源。
+
+<!--
+1. Run the following commands to delete all Pods, Deployments, and Services.
+-->
+5. 运行以下命令以删除所有 Pod，Deployments 和 Services。
+
+      ```shell
+      kubectl delete deployment -l app=redis
+      kubectl delete service -l app=redis
+      kubectl delete deployment -l app=guestbook
+      kubectl delete service -l app=guestbook
+      ```
+
+<!--
+      The responses should be:
+-->
+      响应应该是：
+
+      ```
+      deployment.apps "redis-master" deleted
+      deployment.apps "redis-slave" deleted
+      service "redis-master" deleted
+      service "redis-slave" deleted
+      deployment.apps "frontend" deleted    
+      service "frontend" deleted
+      ```
+
+<!--
+1. Query the list of Pods to verify that no Pods are running:
+-->
+6. 查询 Pod 列表，确认没有 Pod 在运行：
+
+      ```shell
+      kubectl get pods
+      ```
+
+<!--
+      The response should be this: 
+-->
+      响应应该是： 
+
+      ```
+      No resources found.
+      ```
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+<!--
+* Complete the [Kubernetes Basics](/docs/tutorials/kubernetes-basics/) Interactive Tutorials
+* Use Kubernetes to create a blog using [Persistent Volumes for MySQL and Wordpress](/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/#visit-your-new-wordpress-blog) 
+* Read more about [connecting applications](/docs/concepts/services-networking/connect-applications-service/)
+* Read more about [Managing Resources](/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively)
+-->
+
+* 完成 [Kubernetes Basics](/docs/tutorials/kubernetes-basics/) 交互式教程
+* 使用 Kubernetes 创建一个博客，使用 [MySQL 和 Wordpress 的持久卷](/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/#visit-your-new-wordpress-blog)
+* 阅读更多关于[连接应用程序](/docs/concepts/services-networking/connect-applications-service/)
+* 阅读更多关于[管理资源](/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively)
+
+{{% /capture %}}
+
diff --git a/content/zh/docs/user-journeys/users/cluster-operator/foundational.md b/content/zh/docs/user-journeys/users/cluster-operator/foundational.md
new file mode 100644
index 0000000000000..a6b40ceebf37c
--- /dev/null
+++ b/content/zh/docs/user-journeys/users/cluster-operator/foundational.md
@@ -0,0 +1,194 @@
+---
+reviewers:
+- chenopis
+layout: docsportal
+css: /css/style_user_journeys.css
+js: https://use.fontawesome.com/4bcc658a89.js, https://cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js
+title: 基础知识
+track: "USERS › CLUSTER OPERATOR › FOUNDATIONAL"
+content_template: templates/user-journey-content
+---
+<!--
+---
+reviewers:
+- chenopis
+layout: docsportal
+css: /css/style_user_journeys.css
+js: https://use.fontawesome.com/4bcc658a89.js, https://cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js
+title: Foundational
+track: "USERS › CLUSTER OPERATOR › FOUNDATIONAL"
+content_template: templates/user-journey-content
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+If you want to learn how to get started managing and operating a Kubernetes cluster, this page and the linked topics introduce you to the foundational concepts and tasks.
+This page introduces you to a Kubernetes cluster and key concepts to understand and manage it. The content focuses primarily on the cluster itself rather than the software running within the cluster.
+-->
+如果您想学习如何开始管理和操作 Kubernetes 集群，本页面和链接主题将向您介绍基础概念和任务。本页面向您介绍 Kubernetes 集群以及理解和管理它的关键概念。内容主要关注集群本身，而不是集群中运行的软件。
+
+{{% /capture %}}
+
+<!-- Foundational
+Nodes, Pods, Networks, Deployments, Services, ConfigMaps, Secrets
+Labels, Selectors, Annotations
+Metrics
+-->
+
+{{% capture body %}}
+
+<!--
+## Get an overview of Kubernetes
+-->
+## Kubernetes 概要
+
+<!--
+If you have not already done so, start your understanding by reading through [What is Kubernetes?](/docs/concepts/overview/what-is-kubernetes/), which introduces a number of basic concepts and terms.
+-->
+如果你还没有这样做，请通过阅读[什么是 Kubernetes?](/docs/concepts/overview/what-is-kubernetes/)开始理解，其中介绍了许多基本概念和术语。
+
+<!--
+Kubernetes is quite flexible, and a cluster can be run in a wide variety of places. You can interact with Kubernetes entirely on your own laptop or local development machine with it running within a virtual machine. Kubernetes can also run on virtual machines hosted either locally or in a cloud provider, and you can run a Kubernetes cluster on bare metal.
+-->
+Kubernetes 非常灵活，集群可以在各种各样的地方运行。您可以在自己的笔记本电脑或本地开发机器上完全与 Kubernetes 交互，并在虚拟机中运行。Kubernetes 还可以在本地或云提供商托管的虚拟机上运行，并且您也可以在裸机上运行 Kubernetes 集群。
+
+<!--
+A cluster is made up of one or more [Nodes](/docs/concepts/architecture/nodes/); where a node is a physical or virtual machine.
+If there is more than one node in your cluster then the nodes are connected with a [cluster network](/docs/concepts/cluster-administration/networking/).
+Regardless of how many nodes, all Kubernetes clusters generally have the same components, which are described in [Kubernetes Components](/docs/concepts/overview/components).
+-->
+集群由一个或多个[节点](/docs/concepts/architecture/nodes/)组成；节点是物理机或虚拟机的位置。
+如果集群中有多个节点，则节点将与[集群网络](/docs/concepts/cluster-administration/networking/)连接。
+无论有多少个节点，所有 Kubernetes 集群通常具有相同的组件，这些组件在[Kubernetes 组件](/docs/concepts/overview/components)中有所描述。
+
+
+<!--
+## Learn about Kubernetes basics
+-->
+## 了解 Kubernetes 基础知识
+
+<!--
+A good way to become familiar with how to manage and operate a Kubernetes cluster is by setting one up.
+One of the most compact ways to experiment with a cluster is [Installing and using Minikube](/docs/tasks/tools/install-minikube/).
+Minikube is a command line tool for setting up and running a single-node cluster within a virtual machine on your local laptop or development computer. Minikube is even available through your browser at the [Katacoda Kubernetes Playground](https://www.katacoda.com/courses/kubernetes/playground).
+Katacoda provides a browser-based connection to a single-node cluster, using minikube behind the scenes, to support a number of tutorials to explore Kubernetes. You can also leverage the web-based [Play with Kubernetes](http://labs.play-with-k8s.com/) to the same ends - a temporary cluster to play with on the web.
+-->
+一个熟悉如果管理和操作 Kubernetes 集群的好方法就是设置一个。
+实验集群最紧凑的方法之一是[安装和使用 Minikube](/docs/tasks/tools/install-minikube/)。
+Minikube 是一个命令行工具，用于在笔记本电脑或开发计算机上的虚拟机中设置和运行单节点集群。甚至可以通过[Katacoda Kubernetes Playground](https://www.katacoda.com/courses/kubernetes/playground)的浏览器获取 Minikube。
+Katacoda 提供一个基于浏览器的连接到单节点集群，在幕后使用 minikube，支持一些教程来探索 Kubernetes。您还可以利用基于网络的[Play with Kubernetes](http://labs.play-with-k8s.com/)来实现相同目的——在网络上使用的临时集群。
+
+<!--
+You interact with Kubernetes either through a dashboard, an API, or using a command-line tool (such as `kubectl`) that interacts with the Kubernetes API.
+Be familiar with [Organizing Cluster Access](/docs/concepts/configuration/organize-cluster-access-kubeconfig/) by using configuration files.
+The Kubernetes API exposes a number of resources that provide the building blocks and abstractions that are used to run software on Kubernetes.
+Learn more about these resources at [Understanding Kubernetes Objects](/docs/concepts/overview/working-with-objects/kubernetes-objects).
+These resources are covered in a number of articles within the Kubernetes documentation.
+-->
+您可以通过 dashboard，API 或者使用命令行工具（例如`kubectl`）与 Kubernetes API 进行交互。
+通过使用配置文件熟悉[组织群集访问](/docs/concepts/configuration/organize-cluster-access-kubeconfig/) 。
+Kubernetes API 公开了许多资源，这些资源提供了在 Kubernetes 上运行软件的构建块和抽象。
+在[Understanding Kubernetes Objects](/docs/concepts/overview/working-with-objects/kubernetes-objects)中了解有关这些资源的更多信息。
+Kubernetes 文档中的许多文章都涵盖了这些资源。
+
+<!--
+* [Pod Overview](/docs/concepts/workloads/pods/pod-overview/)
+  * [Pods](/docs/concepts/workloads/pods/pod/)
+  * [ReplicaSets](/docs/concepts/workloads/controllers/replicaset/)
+  * [Deployments](/docs/concepts/workloads/controllers/deployment/)
+  * [Garbage Collection](/docs/concepts/workloads/controllers/garbage-collection/)
+  * [Container Images](/docs/concepts/containers/images/)
+  * [Container Environment Variables](/docs/concepts/containers/container-environment-variables/)
+* [Labels and Selectors](/docs/concepts/overview/working-with-objects/labels/)
+* [Namespaces](/docs/concepts/overview/working-with-objects/namespaces/)
+  * [Namespaces Walkthrough](/docs/tasks/administer-cluster/namespaces-walkthrough/)
+* [Services](/docs/concepts/services-networking/service/)
+* [Annotations](/docs/concepts/overview/working-with-objects/annotations/)
+* [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/)
+* [Secrets](/docs/concepts/configuration/secret/)
+-->
+* [Pod Overview](/docs/concepts/workloads/pods/pod-overview/)
+  * [Pods](/docs/concepts/workloads/pods/pod/)
+  * [ReplicaSets](/docs/concepts/workloads/controllers/replicaset/)
+  * [Deployments](/docs/concepts/workloads/controllers/deployment/)
+  * [垃圾收集](/docs/concepts/workloads/controllers/garbage-collection/)
+  * [容器镜像](/docs/concepts/containers/images/)
+  * [容器环境变量](/docs/concepts/containers/container-environment-variables/)
+* [标签和选择器](/docs/concepts/overview/working-with-objects/labels/)
+* [Namespaces](/docs/concepts/overview/working-with-objects/namespaces/)
+  * [Namespaces 演练](/docs/tasks/administer-cluster/namespaces-walkthrough/)
+* [服务](/docs/concepts/services-networking/service/)
+* [注解](/docs/concepts/overview/working-with-objects/annotations/)
+* [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/)
+* [Secrets](/docs/concepts/configuration/secret/)
+
+<!--
+As a cluster operator you may not need to use all these resources, although you should be familiar with them to understand how the cluster is being used.
+There are a number of additional resources that you should be aware of, some listed under [Intermediate Resources](/docs/user-journeys/users/cluster-operator/intermediate#section-1).
+You should also be familiar with [how to manage kubernetes resources](/docs/concepts/cluster-administration/manage-deployment/)
+and [supported versions and version skew between cluster components](/docs/setup/release/version-skew-policy/).
+-->
+作为集群运算符，您可能不需要使用所有这些资源，尽管您应该熟悉它们以了解集群的使用方式。
+您应该了解许多其他资源，其中一些列在[中间资源](/docs/user-journeys/users/cluster-operator/intermediate#section-1)下。
+您还应该熟悉[如何管理 kubernetes 资源](/docs/concepts/cluster-administration/manage-deployment/)
+和[支持的版本和集群组件之间的版本偏差](/docs/setup/release/version-skew-policy/)。
+
+<!--
+## Get information about your cluster
+-->
+## 获取有关集群的信息
+
+<!--
+You can [access clusters using the Kubernetes API](/docs/tasks/administer-cluster/access-cluster-api/).
+If you are not already familiar with how to do this, you can review the [introductory tutorial](/docs/tutorials/kubernetes-basics/explore-intro/).
+Using `kubectl`, you can retrieve information about your Kubernetes cluster very quickly.
+To get basic information about the nodes in your cluster run the command `kubectl get nodes`.
+You can get more detailed information for the same nodes with the command `kubectl describe nodes`.
+You can see the status of the core of kubernetes with the command `kubectl get componentstatuses`.
+-->
+您可以[使用 Kubernetes API 访问集群](/docs/tasks/administer-cluster/access-cluster-api/)。
+如果您还不熟悉如何执行此操作，可以查看[入门教程](/docs/tutorials/kubernetes-basics/explore-intro/)。
+使用`kubectl`，您可以快速检索有关 Kubernetes 集群的信息。
+要获取有关集群中节点的基本信息，请运行命令`kubectl get nodes`。
+您可以使用命令`kubectl describe nodes`获取相同节点的更多详细信息。
+您可以使用命令`kubectl get componentstatuses`查看 kubernetes 的核心状态。
+
+<!--
+Some additional resources for getting information about your cluster and how it is operating include:
+
+* [Tools for Monitoring Compute, Storage, and Network Resources](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)
+* [Resource metrics pipeline](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/)
+  * [Metrics](/docs/concepts/cluster-administration/controller-metrics/)
+-->
+用于获取有关集群及其运行方式信息的一些其他资源包括：
+
+* [用于监控计算，存储和网络资源的工具](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)
+* [资源指标管道](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/)
+  * [指标](/docs/concepts/cluster-administration/controller-metrics/)
+
+<!--
+## Explore additional resources
+-->
+## 探索其他资源
+
+<!--
+### Tutorials
+-->
+### 教程
+
+<!--
+* [Kubernetes Basics](/docs/tutorials/kubernetes-basics/)
+* [Configuring Redis with a ConfigMap](/docs/tutorials/configuration/configure-redis-using-configmap/)
+* Stateless Applications
+  * [Deploying PHP Guestbook with Redis](/docs/tutorials/stateless-application/guestbook/)
+  * [Expose an External IP address to access an application](/docs/tutorials/stateless-application/expose-external-ip-address/)
+-->
+* [Kubernetes 基础](/docs/tutorials/kubernetes-basics/)
+* [使用 ConfigMap 配置 Redis](/docs/tutorials/configuration/configure-redis-using-configmap/)
+* 无国籍申请
+  * [使用 Redis 部署 PHP 留言薄](/docs/tutorials/stateless-application/guestbook/)
+  * [公开外部 IP 地址以访问应用程序](/docs/tutorials/stateless-application/expose-external-ip-address/)
+
+{{% /capture %}}
diff --git a/content/zh/docs/user-journeys/users/cluster-operator/intermediate.md b/content/zh/docs/user-journeys/users/cluster-operator/intermediate.md
new file mode 100644
index 0000000000000..41b74a42011c6
--- /dev/null
+++ b/content/zh/docs/user-journeys/users/cluster-operator/intermediate.md
@@ -0,0 +1,221 @@
+---
+reviewers:
+- chenopis
+layout: docsportal
+css: /css/style_user_journeys.css
+js: https://use.fontawesome.com/4bcc658a89.js, https://cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js
+title: 中级
+track: "USERS > CLUSTER OPERATOR > INTERMEDIATE"
+content_template: templates/user-journey-content
+---
+<!--
+---
+reviewers:
+- chenopis
+layout: docsportal
+css: /css/style_user_journeys.css
+js: https://use.fontawesome.com/4bcc658a89.js, https://cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js
+title: Intermediate
+track: "USERS > CLUSTER OPERATOR > INTERMEDIATE"
+content_template: templates/user-journey-content
+---
+-->
+
+{{% capture overview %}}
+
+<!--
+If you are a cluster operator looking to expand your grasp of Kubernetes, this page and its linked topics extend the information provided on the [foundational cluster operator page](/docs/user-journeys/users/cluster-operator/foundational). From this page you can get information on key Kubernetes tasks needed to manage a complete production cluster.
+-->
+如果您是一个集群操作者，希望扩展对 Kubernetes 的理解，本页及其相关主题会扩展[基础集群操作者页面](/docs/user-journeys/users/cluster-operator/foundational)上提供的信息。在本页中，你可以获得如何管理一个完整生产集群的关键 Kubernetes 任务的信息。
+
+{{% /capture %}}
+
+{{% capture body %}}
+<!--
+## Work with ingress, networking, storage, and workloads
+-->
+## 使用 ingress，网络，存储和工作负载
+
+<!--
+Introductions to Kubernetes typically discuss simple stateless applications. As you move into more complex development, testing, and production environments, you need to consider more complex cases:
+-->
+Kubernetes 的介绍通常讨论简单的无状态应用程序。当您进入更复杂的开发，测试和生产环境时，您需要考虑更复杂的情况：
+
+<!--
+Communication: Ingress and Networking
+
+* [Ingress](/docs/concepts/services-networking/ingress/)
+-->
+通信： Ingress 和网络
+
+* [Ingress](/docs/concepts/services-networking/ingress/)
+
+<!--
+Storage: Volumes and PersistentVolumes
+
+* [Volumes](/docs/concepts/storage/volumes/)
+* [Persistent Volumes](/docs/concepts/storage/persistent-volumes/)
+-->
+存储：Volumes 和 PersistentVolumes
+
+* [Volumes](/docs/concepts/storage/volumes/)
+* [Persistent Volumes](/docs/concepts/storage/persistent-volumes/)
+
+<!--
+Workloads
+
+* [DaemonSets](/docs/concepts/workloads/controllers/daemonset/)
+* [Stateful Sets](/docs/concepts/workloads/controllers/statefulset/)
+* [Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/)
+* [CronJobs](/docs/concepts/workloads/controllers/cron-jobs/)
+-->
+工作负载
+
+* [DaemonSets](/docs/concepts/workloads/controllers/daemonset/)
+* [Stateful Sets](/docs/concepts/workloads/controllers/statefulset/)
+* [Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/)
+* [CronJobs](/docs/concepts/workloads/controllers/cron-jobs/)
+
+<!--
+Pods
+
+* [Pod Lifecycle](/docs/concepts/workloads/pods/pod-lifecycle/)
+  * [Init Containers](/docs/concepts/workloads/pods/init-containers/)
+  * [Pod Presets](/docs/concepts/workloads/pods/podpreset/)
+  * [Container Lifecycle Hooks](/docs/concepts/containers/container-lifecycle-hooks/)
+-->
+Pods
+
+* [Pod 生命周期](/docs/concepts/workloads/pods/pod-lifecycle/)
+  * [初始化容器](/docs/concepts/workloads/pods/init-containers/)
+  * [Pod 预置](/docs/concepts/workloads/pods/podpreset/)
+  * [容器生命周期挂钩](/docs/concepts/containers/container-lifecycle-hooks/)
+
+<!--
+And how Pods work with scheduling, priority, disruptions:
+
+* [Taints and Tolerations](/docs/concepts/configuration/taint-and-toleration/)
+* [Pods and Priority](/docs/concepts/configuration/pod-priority-preemption/)
+* [Disruptions](/docs/concepts/workloads/pods/disruptions/)
+* [Assigning Pods to Nodes](/docs/concepts/configuration/assign-pod-node/)
+* [Managing Compute Resources for Containers](/docs/concepts/configuration/manage-compute-resources-container/)
+* [Configuration Best Practices](/docs/concepts/configuration/overview/)
+-->
+以及 Pod 如何处理调度，优先级，中断：
+
+* [污点和容忍度](/docs/concepts/configuration/taint-and-toleration/)
+* [Pod 和优先级](/docs/concepts/configuration/pod-priority-preemption/)
+* [中断](/docs/concepts/workloads/pods/disruptions/)
+* [分配 Pod 到工作节点](/docs/concepts/configuration/assign-pod-node/)
+* [管理容器的计算资源](/docs/concepts/configuration/manage-compute-resources-container/)
+* [配置最佳实践](/docs/concepts/configuration/overview/)
+
+<!--
+## Implement security best practices
+-->
+## 实施安全最佳实践
+
+<!--
+Securing your cluster includes work beyond the scope of Kubernetes itself.
+
+In Kubernetes, you configure access control:
+
+* [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/)
+* [Authenticating](/docs/reference/access-authn-authz/authentication/)
+* [Using Admission Controllers](/docs/reference/access-authn-authz/admission-controllers/)
+-->
+保护集群的工作超出了 Kubernetes 本身的范围。
+
+在Kubernetes中，你可以配置访问的控制：
+
+* [控制对 Kubernetes API 的访问](/docs/reference/access-authn-authz/controlling-access/)
+* [身份认证](/docs/reference/access-authn-authz/authentication/)
+* [使用准入控制](/docs/reference/access-authn-authz/admission-controllers/)
+
+<!--
+You also configure authorization. That is, you determine not just how users and services authenticate to the API server, or whether they have access, but also what resources they have access to. Role-based access control (RBAC) is the recommended mechanism for controlling authorization to Kubernetes resources. Other authorization modes are available for more specific use cases.
+
+* [Authorization Overview](/docs/reference/access-authn-authz/authorization/)
+* [Using RBAC Authorization](/docs/reference/access-authn-authz/rbac/)
+
+You should create Secrets to hold sensitive data such as passwords, tokens, or keys. Be aware, however, that there are limitations to the protections that a Secret can provide. See [the Risks section of the Secrets documentation](/docs/concepts/configuration/secret/#risks).
+-->
+您还可以配置授权。也就是说，您不仅可以决定用户和服务如何向 API 服务器进行身份认证，或者确定他们是否可以访问，还可以决定他们有权访问哪些资源。基于角色的访问控制（RBAC）是控制对 Kubernetes 资源授权的推荐机制。其他授权模式可以用于更具体的使用场景。
+
+* [授权概述](/docs/reference/access-authn-authz/authorization/)
+* [使用 RBAC 授权](/docs/reference/access-authn-authz/rbac/)
+
+您应该创建 Secrets 来保存敏感数据，例如密码，令牌或者密钥。但请注意，Secret 可以提供的保护存在限制。请参阅 [Secrets 文档中的风险部分](/docs/concepts/configuration/secret/#risks)。
+
+<!-- TODO: Other security content? -->
+
+<!--
+## Implement custom logging and monitoring
+-->
+## 实现自定义日志和监控
+
+<!--
+Monitoring the health and state of your cluster is important. Collecting metrics, logging, and providing access to that information are common needs. Kubernetes provides some basic logging structure, and you may want to use additional tools to help aggregate and analyze log data.
+-->
+监控集群的健康和状态非常重要。收集指标，日志，并提供对这些信息的访问是常见的需求。Kubernetes 提供了一些基本的日志记录结构，您可能需要使用其他工具来帮助汇总和分析日志数据。
+
+<!--
+Start with the [basics on Kubernetes logging](/docs/concepts/cluster-administration/logging/) to understand how containers do logging and common patterns. Cluster operators often want to add something to gather and aggregate those logs. See the following topics:
+
+* [Logging Using Elasticsearch and Kibana](/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/)
+* [Logging Using Stackdriver](/docs/tasks/debug-application-cluster/logging-stackdriver/)
+-->
+从 [Kubernetes 日志基础知识](/docs/concepts/cluster-administration/logging/) 开始，了解容器如何执行日志记录和常见模式。集群运维人员通常希望添加一些东西来收集和聚合这些日志。请参阅以下主题：
+
+* [使用 Elasticsearch 和 Kibana 记录日志](/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/)
+* [使用 Stackdriver 记录日志](/docs/tasks/debug-application-cluster/logging-stackdriver/)
+
+<!--
+Like log aggregation, many clusters utilize additional software to help capture metrics and display them. There is an overview of tools at [Tools for Monitoring Compute, Storage, and Network Resources](/docs/tasks/debug-application-cluster/resource-usage-monitoring/).
+Kubernetes also supports a [resource metrics pipeline](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/) which can be used by Horizontal Pod Autoscaler with custom metrics.
+-->
+与日志聚合一样，许多集群使用其他软件来帮助捕获 metrics 并显示它们。这里是相关工具的概述：[用于监视计算，存储和网络资源的工具](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)。Kubernetes 还支持[资源指标管道](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/)，还可以在水平 Pod 自动伸缩器（Horizontal Pod Autoscaler）中使用自定义 metrics。
+
+<!--
+[Prometheus](https://prometheus.io/), which is another CNCF project, is a common choice to support capture and temporary collection of metrics. There are several options for installing Prometheus, including using the [stable/prometheus](https://github.com/kubernetes/charts/tree/master/stable/prometheus) [helm](https://helm.sh/) chart, and CoreOS provides a [prometheus operator](https://github.com/coreos/prometheus-operator) and [kube-prometheus](https://github.com/coreos/prometheus-operator/tree/master/contrib/kube-prometheus), which adds on Grafana dashboards and common configurations.
+-->
+[Prometheus](https://prometheus.io/)是另一个 CNCF 项目，它是支持捕获和临时收集指标的常用选择。安装 Prometheus 有几种方式，包括使用[stable/prometheus](https://github.com/kubernetes/charts/tree/master/stable/prometheus) [helm](https://helm.sh/)chart，CoreOS 提供的[prometheus operator](https://github.com/coreos/prometheus-operator) 和 [kube-prometheus](https://github.com/coreos/prometheus-operator/tree/master/contrib/kube-prometheus)，增加了 Grafana 仪表板和常用配置。
+
+<!--
+A common configuration on [Minikube](https://github.com/kubernetes/minikube) and some Kubernetes clusters uses [Heapster](https://github.com/kubernetes/heapster)
+[along with InfluxDB and Grafana](https://github.com/kubernetes/heapster/blob/master/docs/influxdb.md).
+There is a [walkthrough of how to install this configuration in your cluster](https://blog.kublr.com/how-to-utilize-the-heapster-influxdb-grafana-stack-in-kubernetes-for-monitoring-pods-4a553f4d36c9).
+As of Kubernetes 1.11, Heapster is deprecated, as per [sig-instrumentation](https://github.com/kubernetes/community/tree/master/sig-instrumentation).  See [Prometheus vs. Heapster vs. Kubernetes Metrics APIs](https://brancz.com/2018/01/05/prometheus-vs-heapster-vs-kubernetes-metrics-apis/) for more information alternatives.
+-->
+[Minikube](https://github.com/kubernetes/minikube) 和某些 Kubernetes 集群的通常配置是[与 InfluxDB 和 Grafana 一起](https://github.com/kubernetes/heapster/blob/master/docs/influxdb.md)使用[Heapster](https://github.com/kubernetes/heapster)。这里有一个[如何在集群中安装这个配置的参考](https://blog.kublr.com/how-to-utilize-the-heapster-influxdb-grafana-stack-in-kubernetes-for-monitoring-pods-4a553f4d36c9)。截止 Kubernetes 1.11，根据[sig-instrumentation](https://github.com/kubernetes/community/tree/master/sig-instrumentation)，Heapster 已经弃用。更多信息，请参阅 [Prometheus vs. Heapster vs. Kubernetes Metrics APIs](https://brancz.com/2018/01/05/prometheus-vs-heapster-vs-kubernetes-metrics-apis/) 。
+
+<!--
+Hosted monitoring, APM, or data analytics services such as [Datadog](https://docs.datadoghq.com/integrations/kubernetes/) or [Instana](https://www.instana.com/supported-integrations/kubernetes-monitoring/) also offer Kubernetes integration.
+-->
+托管监控，APM 或数据分析服务，例如[Datadog](https://docs.datadoghq.com/integrations/kubernetes/) 或者 [Instana](https://www.instana.com/supported-integrations/kubernetes-monitoring/) 也提供 Kubernetes 集成。
+
+<!--
+## Additional resources
+-->
+## 其他资源
+
+<!--
+Cluster Administration:
+
+* [Troubleshoot Clusters](/docs/tasks/debug-application-cluster/debug-cluster/)
+* [Debug Pods and Replication Controllers](/docs/tasks/debug-application-cluster/debug-pod-replication-controller/)
+* [Debug Init Containers](/docs/tasks/debug-application-cluster/debug-init-containers/)
+* [Debug Stateful Sets](/docs/tasks/debug-application-cluster/debug-stateful-set/)
+* [Debug Applications](/docs/tasks/debug-application-cluster/debug-application/)
+* [Using explorer to investigate your cluster](https://github.com/kubernetes/examples/blob/master/staging/explorer/README.md)
+-->
+集群管理：
+
+* [集群故障排除](/docs/tasks/debug-application-cluster/debug-cluster/)
+* [调试 Pod 和 Replication Controller](/docs/tasks/debug-application-cluster/debug-pod-replication-controller/)
+* [调试初始化容器](/docs/tasks/debug-application-cluster/debug-init-containers/)
+* [调试 Stateful Set](/docs/tasks/debug-application-cluster/debug-stateful-set/)
+* [调试应用程序](/docs/tasks/debug-application-cluster/debug-application/)
+* [使用资源管理器来调查您的集群](https://github.com/kubernetes/examples/blob/master/staging/explorer/README.md)
+
+{{% /capture %}}
diff --git a/content/zh/examples/README.md b/content/zh/examples/README.md
new file mode 100644
index 0000000000000..dac0f47105eb0
--- /dev/null
+++ b/content/zh/examples/README.md
@@ -0,0 +1,17 @@
+注意：这些测试是从 kubernetes 导入的代码实际上并不打算在存储库之外使用。
+这就导致了供应商依赖问题。因此，我们必须在 travis 配置这些行:
+<!--
+Note: These tests are importing code from kubernetes that isn't really
+meant to be used outside the repo. This causes vendoring problems. As
+a result, we have to work around those with these lines in the travis
+config:
+-->
+
+```
+- rm $GOPATH/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery
+- rm $GOPATH/src/k8s.io/kubernetes/vendor/k8s.io/apiserver
+- rm $GOPATH/src/k8s.io/kubernetes/vendor/k8s.io/client-go
+- cp -r $GOPATH/src/k8s.io/kubernetes/vendor/* $GOPATH/src/
+- rm -rf $GOPATH/src/k8s.io/kubernetes/vendor/*
+- cp -r $GOPATH/src/k8s.io/kubernetes/staging/src/* $GOPATH/src/
+```
diff --git a/content/zh/examples/admin/cloud/ccm-example.yaml b/content/zh/examples/admin/cloud/ccm-example.yaml
new file mode 100644
index 0000000000000..4c98162a70db9
--- /dev/null
+++ b/content/zh/examples/admin/cloud/ccm-example.yaml
@@ -0,0 +1,69 @@
+# This is an example of how to setup cloud-controller-manger as a Daemonset in your cluster.
+# It assumes that your masters can run pods and has the role node-role.kubernetes.io/master
+# Note that this Daemonset will not work straight out of the box for your cloud, this is
+# meant to be a guideline.
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: kube-system
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: cloud-controller-manager
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: cloud-controller-manager
+  name: cloud-controller-manager
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      k8s-app: cloud-controller-manager
+  template:
+    metadata:
+      labels:
+        k8s-app: cloud-controller-manager
+    spec:
+      serviceAccountName: cloud-controller-manager
+      containers:
+      - name: cloud-controller-manager
+        # for in-tree providers we use k8s.gcr.io/cloud-controller-manager
+        # this can be replaced with any other image for out-of-tree providers
+        image: k8s.gcr.io/cloud-controller-manager:v1.8.0
+        command:
+        - /usr/local/bin/cloud-controller-manager
+        - --cloud-provider=<YOUR_CLOUD_PROVIDER>   # Add your own cloud provider here!
+        - --leader-elect=true
+        - --use-service-account-credentials
+        # these flags will vary for every cloud provider
+        - --allocate-node-cidrs=true
+        - --configure-cloud-routes=true
+        - --cluster-cidr=172.17.0.0/16
+      tolerations:
+      # this is required so CCM can bootstrap itself
+      - key: node.cloudprovider.kubernetes.io/uninitialized
+        value: "true"
+        effect: NoSchedule
+      # this is to have the daemonset runnable on master nodes
+      # the taint may vary depending on your cluster setup
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      # this is to restrict CCM to only run on master nodes
+      # the node selector may vary depending on your cluster setup
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
diff --git a/content/zh/examples/admin/cloud/pvl-initializer-config.yaml b/content/zh/examples/admin/cloud/pvl-initializer-config.yaml
new file mode 100644
index 0000000000000..4a2576cc2a55e
--- /dev/null
+++ b/content/zh/examples/admin/cloud/pvl-initializer-config.yaml
@@ -0,0 +1,13 @@
+kind: InitializerConfiguration
+apiVersion: admissionregistration.k8s.io/v1alpha1
+metadata:
+  name: pvlabel.kubernetes.io
+initializers:
+  - name: pvlabel.kubernetes.io
+    rules:
+    - apiGroups:
+      - ""
+      apiVersions:
+      - "*"
+      resources:
+      - persistentvolumes
diff --git a/content/zh/examples/admin/dns/busybox.yaml b/content/zh/examples/admin/dns/busybox.yaml
new file mode 100644
index 0000000000000..31f009d307291
--- /dev/null
+++ b/content/zh/examples/admin/dns/busybox.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox
+  namespace: default
+spec:
+  containers:
+  - name: busybox
+    image: busybox:1.28
+    command:
+      - sleep
+      - "3600"
+    imagePullPolicy: IfNotPresent
+  restartPolicy: Always
diff --git a/content/zh/examples/admin/dns/dns-horizontal-autoscaler.yaml b/content/zh/examples/admin/dns/dns-horizontal-autoscaler.yaml
new file mode 100644
index 0000000000000..5e6d55a6b280a
--- /dev/null
+++ b/content/zh/examples/admin/dns/dns-horizontal-autoscaler.yaml
@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dns-autoscaler
+  namespace: kube-system
+  labels:
+    k8s-app: dns-autoscaler
+spec:
+  selector:
+    matchLabels:
+       k8s-app: dns-autoscaler
+  template:
+    metadata:
+      labels:
+        k8s-app: dns-autoscaler
+    spec:
+      containers:
+      - name: autoscaler
+        image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.1.1
+        resources:
+            requests:
+                cpu: "20m"
+                memory: "10Mi"
+        command:
+          - /cluster-proportional-autoscaler
+          - --namespace=kube-system
+          - --configmap=dns-autoscaler
+          - --target=<SCALE_TARGET>
+          # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+          # If using small nodes, "nodesPerReplica" should dominate.
+          - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"min":1}}
+          - --logtostderr=true
+          - --v=2
diff --git a/content/zh/examples/admin/logging/fluentd-sidecar-config.yaml b/content/zh/examples/admin/logging/fluentd-sidecar-config.yaml
new file mode 100644
index 0000000000000..eea1849b033fa
--- /dev/null
+++ b/content/zh/examples/admin/logging/fluentd-sidecar-config.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fluentd-config
+data:
+  fluentd.conf: |
+    <source>
+      type tail
+      format none
+      path /var/log/1.log
+      pos_file /var/log/1.log.pos
+      tag count.format1
+    </source>
+
+    <source>
+      type tail
+      format none
+      path /var/log/2.log
+      pos_file /var/log/2.log.pos
+      tag count.format2
+    </source>
+
+    <match **>
+      type google_cloud
+    </match>
diff --git a/content/zh/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml b/content/zh/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml
new file mode 100644
index 0000000000000..b37b616e6f7c7
--- /dev/null
+++ b/content/zh/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox
+    args:
+    - /bin/sh
+    - -c
+    - >
+      i=0;
+      while true;
+      do
+        echo "$i: $(date)" >> /var/log/1.log;
+        echo "$(date) INFO $i" >> /var/log/2.log;
+        i=$((i+1));
+        sleep 1;
+      done
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  - name: count-agent
+    image: k8s.gcr.io/fluentd-gcp:1.30
+    env:
+    - name: FLUENTD_ARGS
+      value: -c /etc/fluentd-config/fluentd.conf
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+    - name: config-volume
+      mountPath: /etc/fluentd-config
+  volumes:
+  - name: varlog
+    emptyDir: {}
+  - name: config-volume
+    configMap:
+      name: fluentd-config
diff --git a/content/zh/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml b/content/zh/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml
new file mode 100644
index 0000000000000..87bd198cfdab7
--- /dev/null
+++ b/content/zh/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox
+    args:
+    - /bin/sh
+    - -c
+    - >
+      i=0;
+      while true;
+      do
+        echo "$i: $(date)" >> /var/log/1.log;
+        echo "$(date) INFO $i" >> /var/log/2.log;
+        i=$((i+1));
+        sleep 1;
+      done
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  - name: count-log-1
+    image: busybox
+    args: [/bin/sh, -c, 'tail -n+1 -f /var/log/1.log']
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  - name: count-log-2
+    image: busybox
+    args: [/bin/sh, -c, 'tail -n+1 -f /var/log/2.log']
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  volumes:
+  - name: varlog
+    emptyDir: {}
diff --git a/content/zh/examples/admin/logging/two-files-counter-pod.yaml b/content/zh/examples/admin/logging/two-files-counter-pod.yaml
new file mode 100644
index 0000000000000..6ebeb717a1892
--- /dev/null
+++ b/content/zh/examples/admin/logging/two-files-counter-pod.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox
+    args:
+    - /bin/sh
+    - -c
+    - >
+      i=0;
+      while true;
+      do
+        echo "$i: $(date)" >> /var/log/1.log;
+        echo "$(date) INFO $i" >> /var/log/2.log;
+        i=$((i+1));
+        sleep 1;
+      done
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  volumes:
+  - name: varlog
+    emptyDir: {}
diff --git a/content/zh/examples/admin/namespace-dev.json b/content/zh/examples/admin/namespace-dev.json
new file mode 100644
index 0000000000000..b2b43b0b73294
--- /dev/null
+++ b/content/zh/examples/admin/namespace-dev.json
@@ -0,0 +1,10 @@
+{
+  "kind": "Namespace",
+  "apiVersion": "v1",
+  "metadata": {
+    "name": "development",
+    "labels": {
+      "name": "development"
+    }
+  }
+}
diff --git a/content/zh/examples/admin/namespace-prod.json b/content/zh/examples/admin/namespace-prod.json
new file mode 100644
index 0000000000000..d4503f1ac12cb
--- /dev/null
+++ b/content/zh/examples/admin/namespace-prod.json
@@ -0,0 +1,10 @@
+{
+  "kind": "Namespace",
+  "apiVersion": "v1",
+  "metadata": {
+    "name": "production",
+    "labels": {
+      "name": "production"
+    }
+  }
+}
diff --git a/content/zh/examples/admin/resource/quota-objects-pvc-2.yaml b/content/zh/examples/admin/resource/quota-objects-pvc-2.yaml
new file mode 100644
index 0000000000000..88c165d144dd4
--- /dev/null
+++ b/content/zh/examples/admin/resource/quota-objects-pvc-2.yaml
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: pvc-quota-demo-2
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4Gi
diff --git a/content/zh/examples/admin/resource/quota-objects-pvc.yaml b/content/zh/examples/admin/resource/quota-objects-pvc.yaml
new file mode 100644
index 0000000000000..b38256b897414
--- /dev/null
+++ b/content/zh/examples/admin/resource/quota-objects-pvc.yaml
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: pvc-quota-demo
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/content/zh/examples/admin/resource/quota-objects.yaml b/content/zh/examples/admin/resource/quota-objects.yaml
new file mode 100644
index 0000000000000..e97748decd53a
--- /dev/null
+++ b/content/zh/examples/admin/resource/quota-objects.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: object-quota-demo
+spec:
+  hard:
+    persistentvolumeclaims: "1"
+    services.loadbalancers: "2"
+    services.nodeports: "0"
diff --git a/content/zh/examples/admin/resource/quota-pod-deployment.yaml b/content/zh/examples/admin/resource/quota-pod-deployment.yaml
new file mode 100644
index 0000000000000..86e85aa468e13
--- /dev/null
+++ b/content/zh/examples/admin/resource/quota-pod-deployment.yaml
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pod-quota-demo
+spec:
+  selector:
+    matchLabels:
+      purpose: quota-demo
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        purpose: quota-demo
+    spec:
+      containers:
+      - name: pod-quota-demo
+        image: nginx
diff --git a/content/zh/examples/admin/resource/quota-pod.yaml b/content/zh/examples/admin/resource/quota-pod.yaml
new file mode 100644
index 0000000000000..0a07f055ca853
--- /dev/null
+++ b/content/zh/examples/admin/resource/quota-pod.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: pod-demo
+spec:
+  hard:
+    pods: "2"
diff --git a/content/zh/examples/admin/sched/my-scheduler.yaml b/content/zh/examples/admin/sched/my-scheduler.yaml
new file mode 100644
index 0000000000000..ab0c385cd667f
--- /dev/null
+++ b/content/zh/examples/admin/sched/my-scheduler.yaml
@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: my-scheduler
+  namespace: kube-system
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: my-scheduler-as-kube-scheduler
+subjects:
+- kind: ServiceAccount
+  name: my-scheduler
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: kube-scheduler
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    component: scheduler
+    tier: control-plane
+  name: my-scheduler
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      component: scheduler
+      tier: control-plane
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: scheduler
+        tier: control-plane
+        version: second
+    spec:
+      serviceAccountName: my-scheduler
+      containers:
+      - command:
+        - /usr/local/bin/kube-scheduler
+        - --address=0.0.0.0
+        - --leader-elect=false
+        - --scheduler-name=my-scheduler
+        image: gcr.io/my-gcp-project/my-kube-scheduler:1.0
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 10251
+          initialDelaySeconds: 15
+        name: kube-second-scheduler
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 10251
+        resources:
+          requests:
+            cpu: '0.1'
+        securityContext:
+          privileged: false
+        volumeMounts: []
+      hostNetwork: false
+      hostPID: false
+      volumes: []
diff --git a/content/zh/examples/admin/sched/pod1.yaml b/content/zh/examples/admin/sched/pod1.yaml
new file mode 100644
index 0000000000000..560b6aa0fb34a
--- /dev/null
+++ b/content/zh/examples/admin/sched/pod1.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: no-annotation
+  labels:
+    name: multischeduler-example
+spec:
+  containers:
+  - name: pod-with-no-annotation-container
+    image: k8s.gcr.io/pause:2.0
\ No newline at end of file
diff --git a/content/zh/examples/admin/sched/pod2.yaml b/content/zh/examples/admin/sched/pod2.yaml
new file mode 100644
index 0000000000000..2f065efe65fee
--- /dev/null
+++ b/content/zh/examples/admin/sched/pod2.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: annotation-default-scheduler
+  labels:
+    name: multischeduler-example
+spec:
+  schedulerName: default-scheduler
+  containers:
+  - name: pod-with-default-annotation-container
+    image: k8s.gcr.io/pause:2.0
diff --git a/content/zh/examples/admin/sched/pod3.yaml b/content/zh/examples/admin/sched/pod3.yaml
new file mode 100644
index 0000000000000..a1b8db32008c6
--- /dev/null
+++ b/content/zh/examples/admin/sched/pod3.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: annotation-second-scheduler
+  labels:
+    name: multischeduler-example
+spec:
+  schedulerName: my-scheduler
+  containers:
+  - name: pod-with-second-annotation-container
+    image: k8s.gcr.io/pause:2.0
diff --git a/content/zh/examples/application/cassandra/cassandra-service.yaml b/content/zh/examples/application/cassandra/cassandra-service.yaml
new file mode 100644
index 0000000000000..31bee74b58732
--- /dev/null
+++ b/content/zh/examples/application/cassandra/cassandra-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: cassandra
+  name: cassandra
+spec:
+  clusterIP: None
+  ports:
+  - port: 9042
+  selector:
+    app: cassandra
diff --git a/content/zh/examples/application/cassandra/cassandra-statefulset.yaml b/content/zh/examples/application/cassandra/cassandra-statefulset.yaml
new file mode 100644
index 0000000000000..a7bdbedc9c5aa
--- /dev/null
+++ b/content/zh/examples/application/cassandra/cassandra-statefulset.yaml
@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: cassandra
+  labels:
+    app: cassandra
+spec:
+  serviceName: cassandra
+  replicas: 3
+  selector:
+    matchLabels:
+      app: cassandra
+  template:
+    metadata:
+      labels:
+        app: cassandra
+    spec:
+      terminationGracePeriodSeconds: 1800
+      containers:
+      - name: cassandra
+        image: gcr.io/google-samples/cassandra:v13
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 7000
+          name: intra-node
+        - containerPort: 7001
+          name: tls-intra-node
+        - containerPort: 7199
+          name: jmx
+        - containerPort: 9042
+          name: cql
+        resources:
+          limits:
+            cpu: "500m"
+            memory: 1Gi
+          requests:
+            cpu: "500m"
+            memory: 1Gi
+        securityContext:
+          capabilities:
+            add:
+              - IPC_LOCK
+        lifecycle:
+          preStop:
+            exec:
+              command: 
+              - /bin/sh
+              - -c
+              - nodetool drain
+        env:
+          - name: MAX_HEAP_SIZE
+            value: 512M
+          - name: HEAP_NEWSIZE
+            value: 100M
+          - name: CASSANDRA_SEEDS
+            value: "cassandra-0.cassandra.default.svc.cluster.local"
+          - name: CASSANDRA_CLUSTER_NAME
+            value: "K8Demo"
+          - name: CASSANDRA_DC
+            value: "DC1-K8Demo"
+          - name: CASSANDRA_RACK
+            value: "Rack1-K8Demo"
+          - name: POD_IP
+            valueFrom:
+              fieldRef:
+                fieldPath: status.podIP
+        readinessProbe:
+          exec:
+            command:
+            - /bin/bash
+            - -c
+            - /ready-probe.sh
+          initialDelaySeconds: 15
+          timeoutSeconds: 5
+        # These volume mounts are persistent. They are like inline claims,
+        # but not exactly because the names need to match exactly one of
+        # the stateful pod volumes.
+        volumeMounts:
+        - name: cassandra-data
+          mountPath: /cassandra_data
+  # These are converted to volume claims by the controller
+  # and mounted at the paths mentioned above.
+  # do not use these in production until ssd GCEPersistentDisk or other ssd pd
+  volumeClaimTemplates:
+  - metadata:
+      name: cassandra-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: fast
+      resources:
+        requests:
+          storage: 1Gi
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: fast
+provisioner: k8s.io/minikube-hostpath
+parameters:
+  type: pd-ssd
diff --git a/content/zh/examples/application/deployment-patch.yaml b/content/zh/examples/application/deployment-patch.yaml
new file mode 100644
index 0000000000000..7b32e2fcae461
--- /dev/null
+++ b/content/zh/examples/application/deployment-patch.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: patch-demo
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: patch-demo-ctr
+        image: nginx
+      tolerations:
+      - effect: NoSchedule
+        key: dedicated
+        value: test-team
diff --git a/content/zh/examples/application/deployment-scale.yaml b/content/zh/examples/application/deployment-scale.yaml
new file mode 100644
index 0000000000000..3bdc7b6f5b8e3
--- /dev/null
+++ b/content/zh/examples/application/deployment-scale.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 4 # Update the replicas from 2 to 4
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.8
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/deployment-update.yaml b/content/zh/examples/application/deployment-update.yaml
new file mode 100644
index 0000000000000..8c683d6dc776e
--- /dev/null
+++ b/content/zh/examples/application/deployment-update.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.8 # Update the version of nginx from 1.7.9 to 1.8
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/deployment.yaml b/content/zh/examples/application/deployment.yaml
new file mode 100644
index 0000000000000..0f526b16c0ad2
--- /dev/null
+++ b/content/zh/examples/application/deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2 # tells deployment to run 2 pods matching the template
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.7.9
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/guestbook/frontend-deployment.yaml b/content/zh/examples/application/guestbook/frontend-deployment.yaml
new file mode 100644
index 0000000000000..50d6e1f0d4819
--- /dev/null
+++ b/content/zh/examples/application/guestbook/frontend-deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: frontend
+  labels:
+    app: guestbook
+spec:
+  selector:
+    matchLabels:
+      app: guestbook
+      tier: frontend
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: guestbook
+        tier: frontend
+    spec:
+      containers:
+      - name: php-redis
+        image: gcr.io/google-samples/gb-frontend:v4
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        env:
+        - name: GET_HOSTS_FROM
+          value: dns
+          # Using `GET_HOSTS_FROM=dns` requires your cluster to
+          # provide a dns service. As of Kubernetes 1.3, DNS is a built-in
+          # service launched automatically. However, if the cluster you are using
+          # does not have a built-in DNS service, you can instead
+          # access an environment variable to find the master
+          # service's host. To do so, comment out the 'value: dns' line above, and
+          # uncomment the line below:
+          # value: env
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/guestbook/frontend-service.yaml b/content/zh/examples/application/guestbook/frontend-service.yaml
new file mode 100644
index 0000000000000..6f283f347b93f
--- /dev/null
+++ b/content/zh/examples/application/guestbook/frontend-service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+  labels:
+    app: guestbook
+    tier: frontend
+spec:
+  # comment or delete the following line if you want to use a LoadBalancer
+  type: NodePort 
+  # if your cluster supports it, uncomment the following to automatically create
+  # an external load-balanced IP for the frontend service.
+  # type: LoadBalancer
+  ports:
+  - port: 80
+  selector:
+    app: guestbook
+    tier: frontend
diff --git a/content/zh/examples/application/guestbook/redis-master-deployment.yaml b/content/zh/examples/application/guestbook/redis-master-deployment.yaml
new file mode 100644
index 0000000000000..fc6f418c39ed1
--- /dev/null
+++ b/content/zh/examples/application/guestbook/redis-master-deployment.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: redis-master
+  labels:
+    app: redis
+spec:
+  selector:
+    matchLabels:
+      app: redis
+      role: master
+      tier: backend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: master
+        tier: backend
+    spec:
+      containers:
+      - name: master
+        image: k8s.gcr.io/redis:e2e  # or just image: redis
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 6379
diff --git a/content/zh/examples/application/guestbook/redis-master-service.yaml b/content/zh/examples/application/guestbook/redis-master-service.yaml
new file mode 100644
index 0000000000000..a484014f1fe3b
--- /dev/null
+++ b/content/zh/examples/application/guestbook/redis-master-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-master
+  labels:
+    app: redis
+    role: master
+    tier: backend
+spec:
+  ports:
+  - port: 6379
+    targetPort: 6379
+  selector:
+    app: redis
+    role: master
+    tier: backend
diff --git a/content/zh/examples/application/guestbook/redis-slave-deployment.yaml b/content/zh/examples/application/guestbook/redis-slave-deployment.yaml
new file mode 100644
index 0000000000000..ec4e48bc211a0
--- /dev/null
+++ b/content/zh/examples/application/guestbook/redis-slave-deployment.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: redis-slave
+  labels:
+    app: redis
+spec:
+  selector:
+    matchLabels:
+      app: redis
+      role: slave
+      tier: backend
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: slave
+        tier: backend
+    spec:
+      containers:
+      - name: slave
+        image: gcr.io/google_samples/gb-redisslave:v1
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        env:
+        - name: GET_HOSTS_FROM
+          value: dns
+          # Using `GET_HOSTS_FROM=dns` requires your cluster to
+          # provide a dns service. As of Kubernetes 1.3, DNS is a built-in
+          # service launched automatically. However, if the cluster you are using
+          # does not have a built-in DNS service, you can instead
+          # access an environment variable to find the master
+          # service's host. To do so, comment out the 'value: dns' line above, and
+          # uncomment the line below:
+          # value: env
+        ports:
+        - containerPort: 6379
diff --git a/content/zh/examples/application/guestbook/redis-slave-service.yaml b/content/zh/examples/application/guestbook/redis-slave-service.yaml
new file mode 100644
index 0000000000000..238fd63fb6a29
--- /dev/null
+++ b/content/zh/examples/application/guestbook/redis-slave-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-slave
+  labels:
+    app: redis
+    role: slave
+    tier: backend
+spec:
+  ports:
+  - port: 6379
+  selector:
+    app: redis
+    role: slave
+    tier: backend
diff --git a/content/zh/examples/application/hpa/php-apache.yaml b/content/zh/examples/application/hpa/php-apache.yaml
new file mode 100644
index 0000000000000..c73ae7d631b58
--- /dev/null
+++ b/content/zh/examples/application/hpa/php-apache.yaml
@@ -0,0 +1,13 @@
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: php-apache
+  namespace: default
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: php-apache
+  minReplicas: 1
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 50
diff --git a/content/zh/examples/application/job/job-tmpl.yaml b/content/zh/examples/application/job/job-tmpl.yaml
new file mode 100644
index 0000000000000..790025b38b886
--- /dev/null
+++ b/content/zh/examples/application/job/job-tmpl.yaml
@@ -0,0 +1,18 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: process-item-$ITEM
+  labels:
+    jobgroup: jobexample
+spec:
+  template:
+    metadata:
+      name: jobexample
+      labels:
+        jobgroup: jobexample
+    spec:
+      containers:
+      - name: c
+        image: busybox
+        command: ["sh", "-c", "echo Processing item $ITEM && sleep 5"]
+      restartPolicy: Never
diff --git a/content/zh/examples/application/job/job.yaml b/content/zh/examples/application/job/job.yaml
new file mode 100644
index 0000000000000..4e1a61892be6b
--- /dev/null
+++ b/content/zh/examples/application/job/job.yaml
@@ -0,0 +1,20 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-wq-1
+spec:
+  completions: 8
+  parallelism: 2
+  template:
+    metadata:
+      name: job-wq-1
+    spec:
+      containers:
+      - name: c
+        image: gcr.io/<project>/job-wq-1
+        env:
+        - name: BROKER_URL
+          value: amqp://guest:guest@rabbitmq-service:5672
+        - name: QUEUE
+          value: job1
+      restartPolicy: OnFailure
diff --git a/content/zh/examples/application/job/rabbitmq/Dockerfile b/content/zh/examples/application/job/rabbitmq/Dockerfile
new file mode 100644
index 0000000000000..cbd36bb620303
--- /dev/null
+++ b/content/zh/examples/application/job/rabbitmq/Dockerfile
@@ -0,0 +1,10 @@
+# Specify BROKER_URL and QUEUE when running
+FROM ubuntu:14.04
+
+RUN apt-get update && \
+    apt-get install -y curl ca-certificates amqp-tools python \
+       --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
+COPY ./worker.py /worker.py
+
+CMD  /usr/bin/amqp-consume --url=$BROKER_URL -q $QUEUE -c 1 /worker.py
diff --git a/content/zh/examples/application/job/rabbitmq/job.yaml b/content/zh/examples/application/job/rabbitmq/job.yaml
new file mode 100644
index 0000000000000..4e1a61892be6b
--- /dev/null
+++ b/content/zh/examples/application/job/rabbitmq/job.yaml
@@ -0,0 +1,20 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-wq-1
+spec:
+  completions: 8
+  parallelism: 2
+  template:
+    metadata:
+      name: job-wq-1
+    spec:
+      containers:
+      - name: c
+        image: gcr.io/<project>/job-wq-1
+        env:
+        - name: BROKER_URL
+          value: amqp://guest:guest@rabbitmq-service:5672
+        - name: QUEUE
+          value: job1
+      restartPolicy: OnFailure
diff --git a/content/zh/examples/application/job/rabbitmq/worker.py b/content/zh/examples/application/job/rabbitmq/worker.py
new file mode 100644
index 0000000000000..a20884515daf4
--- /dev/null
+++ b/content/zh/examples/application/job/rabbitmq/worker.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+
+# Just prints standard out and sleeps for 10 seconds.
+import sys
+import time
+print("Processing " + sys.stdin.lines())
+time.sleep(10)
diff --git a/content/zh/examples/application/job/redis/Dockerfile b/content/zh/examples/application/job/redis/Dockerfile
new file mode 100644
index 0000000000000..2de23b3c98340
--- /dev/null
+++ b/content/zh/examples/application/job/redis/Dockerfile
@@ -0,0 +1,6 @@
+FROM python
+RUN pip install redis
+COPY ./worker.py /worker.py
+COPY ./rediswq.py /rediswq.py
+
+CMD  python worker.py
diff --git a/content/zh/examples/application/job/redis/redis-pod.yaml b/content/zh/examples/application/job/redis/redis-pod.yaml
new file mode 100644
index 0000000000000..ae0c43a793570
--- /dev/null
+++ b/content/zh/examples/application/job/redis/redis-pod.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: redis-master
+  labels:
+    app: redis
+spec:
+  containers:
+    - name: master
+      image: redis
+      env:
+        - name: MASTER
+          value: "true"
+      ports:
+        - containerPort: 6379
diff --git a/content/zh/examples/application/job/redis/redis-service.yaml b/content/zh/examples/application/job/redis/redis-service.yaml
new file mode 100644
index 0000000000000..85f2ca2271d0b
--- /dev/null
+++ b/content/zh/examples/application/job/redis/redis-service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  ports:
+    - port: 6379
+      targetPort: 6379
+  selector:
+    app: redis
diff --git a/content/zh/examples/application/job/redis/rediswq.py b/content/zh/examples/application/job/redis/rediswq.py
new file mode 100644
index 0000000000000..ceda8bd1e32e0
--- /dev/null
+++ b/content/zh/examples/application/job/redis/rediswq.py
@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+
+# Based on http://peter-hoffmann.com/2012/python-simple-queue-redis-queue.html 
+# and the suggestion in the redis documentation for RPOPLPUSH, at 
+# http://redis.io/commands/rpoplpush, which suggests how to implement a work-queue.
+
+ 
+import redis
+import uuid
+import hashlib
+
+class RedisWQ(object):
+    """Simple Finite Work Queue with Redis Backend
+
+    This work queue is finite: as long as no more work is added
+    after workers start, the workers can detect when the queue
+    is completely empty.
+
+    The items in the work queue are assumed to have unique values.
+
+    This object is not intended to be used by multiple threads
+    concurrently.
+    """
+    def __init__(self, name, **redis_kwargs):
+       """The default connection parameters are: host='localhost', port=6379, db=0
+
+       The work queue is identified by "name".  The library may create other
+       keys with "name" as a prefix. 
+       """
+       self._db = redis.StrictRedis(**redis_kwargs)
+       # The session ID will uniquely identify this "worker".
+       self._session = str(uuid.uuid4())
+       # Work queue is implemented as two queues: main, and processing.
+       # Work is initially in main, and moved to processing when a client picks it up.
+       self._main_q_key = name
+       self._processing_q_key = name + ":processing"
+       self._lease_key_prefix = name + ":leased_by_session:"
+
+    def sessionID(self):
+        """Return the ID for this session."""
+        return self._session
+
+    def _main_qsize(self):
+        """Return the size of the main queue."""
+        return self._db.llen(self._main_q_key)
+
+    def _processing_qsize(self):
+        """Return the size of the main queue."""
+        return self._db.llen(self._processing_q_key)
+
+    def empty(self):
+        """Return True if the queue is empty, including work being done, False otherwise.
+
+        False does not necessarily mean that there is work available to work on right now,
+        """
+        return self._main_qsize() == 0 and self._processing_qsize() == 0
+
+# TODO: implement this
+#    def check_expired_leases(self):
+#        """Return to the work queueReturn True if the queue is empty, False otherwise."""
+#        # Processing list should not be _too_ long since it is approximately as long
+#        # as the number of active and recently active workers.
+#        processing = self._db.lrange(self._processing_q_key, 0, -1)
+#        for item in processing:
+#          # If the lease key is not present for an item (it expired or was 
+#          # never created because the client crashed before creating it)
+#          # then move the item back to the main queue so others can work on it.
+#          if not self._lease_exists(item):
+#            TODO: transactionally move the key from processing queue to
+#            to main queue, while detecting if a new lease is created
+#            or if either queue is modified.
+
+    def _itemkey(self, item):
+        """Returns a string that uniquely identifies an item (bytes)."""
+        return hashlib.sha224(item).hexdigest()
+
+    def _lease_exists(self, item):
+        """True if a lease on 'item' exists."""
+        return self._db.exists(self._lease_key_prefix + self._itemkey(item))
+
+    def lease(self, lease_secs=60, block=True, timeout=None):
+        """Begin working on an item the work queue. 
+
+        Lease the item for lease_secs.  After that time, other
+        workers may consider this client to have crashed or stalled
+        and pick up the item instead.
+
+        If optional args block is true and timeout is None (the default), block
+        if necessary until an item is available."""
+        if block:
+            item = self._db.brpoplpush(self._main_q_key, self._processing_q_key, timeout=timeout)
+        else:
+            item = self._db.rpoplpush(self._main_q_key, self._processing_q_key)
+        if item:
+            # Record that we (this session id) are working on a key.  Expire that
+            # note after the lease timeout.
+            # Note: if we crash at this line of the program, then GC will see no lease
+            # for this item a later return it to the main queue.
+            itemkey = self._itemkey(item)
+            self._db.setex(self._lease_key_prefix + itemkey, lease_secs, self._session)
+        return item
+
+    def complete(self, value):
+        """Complete working on the item with 'value'.
+
+        If the lease expired, the item may not have completed, and some
+        other worker may have picked it up.  There is no indication
+        of what happened.
+        """
+        self._db.lrem(self._processing_q_key, 0, value)
+        # If we crash here, then the GC code will try to move the value, but it will
+        # not be here, which is fine.  So this does not need to be a transaction.
+        itemkey = self._itemkey(value)
+        self._db.delete(self._lease_key_prefix + itemkey, self._session)
+
+# TODO: add functions to clean up all keys associated with "name" when
+# processing is complete.
+
+# TODO: add a function to add an item to the queue.  Atomically
+# check if the queue is empty and if so fail to add the item
+# since other workers might think work is done and be in the process
+# of exiting.
+
+# TODO(etune): move to my own github for hosting, e.g. github.com/erictune/rediswq-py and
+# make it so it can be pip installed by anyone (see
+# http://stackoverflow.com/questions/8247605/configuring-so-that-pip-install-can-work-from-github)
+
+# TODO(etune): finish code to GC expired leases, and call periodically
+#  e.g. each time lease times out.
+
diff --git a/content/zh/examples/application/job/worker.py b/content/zh/examples/application/job/worker.py
new file mode 100644
index 0000000000000..a20884515daf4
--- /dev/null
+++ b/content/zh/examples/application/job/worker.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+
+# Just prints standard out and sleeps for 10 seconds.
+import sys
+import time
+print("Processing " + sys.stdin.lines())
+time.sleep(10)
diff --git a/content/zh/examples/application/mysql/mysql-configmap.yaml b/content/zh/examples/application/mysql/mysql-configmap.yaml
new file mode 100644
index 0000000000000..46d34e422c459
--- /dev/null
+++ b/content/zh/examples/application/mysql/mysql-configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mysql
+  labels:
+    app: mysql
+data:
+  master.cnf: |
+    # Apply this config only on the master.
+    [mysqld]
+    log-bin
+  slave.cnf: |
+    # Apply this config only on slaves.
+    [mysqld]
+    super-read-only
+
diff --git a/content/zh/examples/application/mysql/mysql-deployment.yaml b/content/zh/examples/application/mysql/mysql-deployment.yaml
new file mode 100644
index 0000000000000..518457777e854
--- /dev/null
+++ b/content/zh/examples/application/mysql/mysql-deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+spec:
+  ports:
+  - port: 3306
+  selector:
+    app: mysql
+  clusterIP: None
+---
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: mysql
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - image: mysql:5.6
+        name: mysql
+        env:
+          # Use secret in real usage
+        - name: MYSQL_ROOT_PASSWORD
+          value: password
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim
diff --git a/content/zh/examples/application/mysql/mysql-pv.yaml b/content/zh/examples/application/mysql/mysql-pv.yaml
new file mode 100644
index 0000000000000..6f4e692f3b155
--- /dev/null
+++ b/content/zh/examples/application/mysql/mysql-pv.yaml
@@ -0,0 +1,26 @@
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: mysql-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
diff --git a/content/zh/examples/application/mysql/mysql-services.yaml b/content/zh/examples/application/mysql/mysql-services.yaml
new file mode 100644
index 0000000000000..f538992566d23
--- /dev/null
+++ b/content/zh/examples/application/mysql/mysql-services.yaml
@@ -0,0 +1,30 @@
+# Headless service for stable DNS entries of StatefulSet members.
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  labels:
+    app: mysql
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+  clusterIP: None
+  selector:
+    app: mysql
+---
+# Client service for connecting to any MySQL instance for reads.
+# For writes, you must instead connect to the master: mysql-0.mysql.
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql-read
+  labels:
+    app: mysql
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+  selector:
+    app: mysql
+
diff --git a/content/zh/examples/application/mysql/mysql-statefulset.yaml b/content/zh/examples/application/mysql/mysql-statefulset.yaml
new file mode 100644
index 0000000000000..e0c04007a872e
--- /dev/null
+++ b/content/zh/examples/application/mysql/mysql-statefulset.yaml
@@ -0,0 +1,167 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mysql
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+  serviceName: mysql
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      initContainers:
+      - name: init-mysql
+        image: mysql:5.7
+        command:
+        - bash
+        - "-c"
+        - |
+          set -ex
+          # Generate mysql server-id from pod ordinal index.
+          [[ `hostname` =~ -([0-9]+)$ ]] || exit 1
+          ordinal=${BASH_REMATCH[1]}
+          echo [mysqld] > /mnt/conf.d/server-id.cnf
+          # Add an offset to avoid reserved server-id=0 value.
+          echo server-id=$((100 + $ordinal)) >> /mnt/conf.d/server-id.cnf
+          # Copy appropriate conf.d files from config-map to emptyDir.
+          if [[ $ordinal -eq 0 ]]; then
+            cp /mnt/config-map/master.cnf /mnt/conf.d/
+          else
+            cp /mnt/config-map/slave.cnf /mnt/conf.d/
+          fi
+        volumeMounts:
+        - name: conf
+          mountPath: /mnt/conf.d
+        - name: config-map
+          mountPath: /mnt/config-map
+      - name: clone-mysql
+        image: gcr.io/google-samples/xtrabackup:1.0
+        command:
+        - bash
+        - "-c"
+        - |
+          set -ex
+          # Skip the clone if data already exists.
+          [[ -d /var/lib/mysql/mysql ]] && exit 0
+          # Skip the clone on master (ordinal index 0).
+          [[ `hostname` =~ -([0-9]+)$ ]] || exit 1
+          ordinal=${BASH_REMATCH[1]}
+          [[ $ordinal -eq 0 ]] && exit 0
+          # Clone data from previous peer.
+          ncat --recv-only mysql-$(($ordinal-1)).mysql 3307 | xbstream -x -C /var/lib/mysql
+          # Prepare the backup.
+          xtrabackup --prepare --target-dir=/var/lib/mysql
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        - name: conf
+          mountPath: /etc/mysql/conf.d
+      containers:
+      - name: mysql
+        image: mysql:5.7
+        env:
+        - name: MYSQL_ALLOW_EMPTY_PASSWORD
+          value: "1"
+        ports:
+        - name: mysql
+          containerPort: 3306
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        - name: conf
+          mountPath: /etc/mysql/conf.d
+        resources:
+          requests:
+            cpu: 500m
+            memory: 1Gi
+        livenessProbe:
+          exec:
+            command: ["mysqladmin", "ping"]
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            # Check we can execute queries over TCP (skip-networking is off).
+            command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]
+          initialDelaySeconds: 5
+          periodSeconds: 2
+          timeoutSeconds: 1
+      - name: xtrabackup
+        image: gcr.io/google-samples/xtrabackup:1.0
+        ports:
+        - name: xtrabackup
+          containerPort: 3307
+        command:
+        - bash
+        - "-c"
+        - |
+          set -ex
+          cd /var/lib/mysql
+
+          # Determine binlog position of cloned data, if any.
+          if [[ -f xtrabackup_slave_info ]]; then
+            # XtraBackup already generated a partial "CHANGE MASTER TO" query
+            # because we're cloning from an existing slave.
+            mv xtrabackup_slave_info change_master_to.sql.in
+            # Ignore xtrabackup_binlog_info in this case (it's useless).
+            rm -f xtrabackup_binlog_info
+          elif [[ -f xtrabackup_binlog_info ]]; then
+            # We're cloning directly from master. Parse binlog position.
+            [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1
+            rm xtrabackup_binlog_info
+            echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\
+                  MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in
+          fi
+
+          # Check if we need to complete a clone by starting replication.
+          if [[ -f change_master_to.sql.in ]]; then
+            echo "Waiting for mysqld to be ready (accepting connections)"
+            until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done
+
+            echo "Initializing replication from clone position"
+            # In case of container restart, attempt this at-most-once.
+            mv change_master_to.sql.in change_master_to.sql.orig
+            mysql -h 127.0.0.1 <<EOF
+          $(<change_master_to.sql.orig),
+            MASTER_HOST='mysql-0.mysql',
+            MASTER_USER='root',
+            MASTER_PASSWORD='',
+            MASTER_CONNECT_RETRY=10;
+          START SLAVE;
+          EOF
+          fi
+
+          # Start a server to send backups when requested by peers.
+          exec ncat --listen --keep-open --send-only --max-conns=1 3307 -c \
+            "xtrabackup --backup --slave-info --stream=xbstream --host=127.0.0.1 --user=root"
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        - name: conf
+          mountPath: /etc/mysql/conf.d
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      volumes:
+      - name: conf
+        emptyDir: {}
+      - name: config-map
+        configMap:
+          name: mysql
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 10Gi
diff --git a/content/zh/examples/application/nginx-app.yaml b/content/zh/examples/application/nginx-app.yaml
new file mode 100644
index 0000000000000..c3f926b74e752
--- /dev/null
+++ b/content/zh/examples/application/nginx-app.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx-svc
+  labels:
+    app: nginx
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.7.9
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/nginx-with-request.yaml b/content/zh/examples/application/nginx-with-request.yaml
new file mode 100644
index 0000000000000..dd9d002a60446
--- /dev/null
+++ b/content/zh/examples/application/nginx-with-request.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/nginx/nginx-deployment.yaml b/content/zh/examples/application/nginx/nginx-deployment.yaml
new file mode 100644
index 0000000000000..f05bfa3c5f557
--- /dev/null
+++ b/content/zh/examples/application/nginx/nginx-deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.7.9
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/nginx/nginx-svc.yaml b/content/zh/examples/application/nginx/nginx-svc.yaml
new file mode 100644
index 0000000000000..79963bc5aea8e
--- /dev/null
+++ b/content/zh/examples/application/nginx/nginx-svc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx-svc
+  labels:
+    app: nginx
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80
+  selector:
+    app: nginx
diff --git a/content/zh/examples/application/shell-demo.yaml b/content/zh/examples/application/shell-demo.yaml
new file mode 100644
index 0000000000000..2a7d274a649ac
--- /dev/null
+++ b/content/zh/examples/application/shell-demo.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: shell-demo
+spec:
+  volumes:
+  - name: shared-data
+    emptyDir: {}
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - name: shared-data
+      mountPath: /usr/share/nginx/html
diff --git a/content/zh/examples/application/simple_deployment.yaml b/content/zh/examples/application/simple_deployment.yaml
new file mode 100644
index 0000000000000..10fa1ddf29999
--- /dev/null
+++ b/content/zh/examples/application/simple_deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  minReadySeconds: 5
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.7.9
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/update_deployment.yaml b/content/zh/examples/application/update_deployment.yaml
new file mode 100644
index 0000000000000..d53aa3e6d2fc8
--- /dev/null
+++ b/content/zh/examples/application/update_deployment.yaml
@@ -0,0 +1,18 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.11.9 # update the image
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/application/web/web-parallel.yaml b/content/zh/examples/application/web/web-parallel.yaml
new file mode 100644
index 0000000000000..4eab2dc206651
--- /dev/null
+++ b/content/zh/examples/application/web/web-parallel.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  ports:
+  - port: 80
+    name: web
+  clusterIP: None
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web
+spec:
+  serviceName: "nginx"
+  podManagementPolicy: "Parallel"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: k8s.gcr.io/nginx-slim:0.8
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /usr/share/nginx/html
+  volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi
diff --git a/content/zh/examples/application/web/web.yaml b/content/zh/examples/application/web/web.yaml
new file mode 100644
index 0000000000000..37c1fabf9c502
--- /dev/null
+++ b/content/zh/examples/application/web/web.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  ports:
+  - port: 80
+    name: web
+  clusterIP: None
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web
+spec:
+  serviceName: "nginx"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: k8s.gcr.io/nginx-slim:0.8
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /usr/share/nginx/html
+  volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi
+
diff --git a/content/zh/examples/application/wordpress/mysql-deployment.yaml b/content/zh/examples/application/wordpress/mysql-deployment.yaml
new file mode 100644
index 0000000000000..8b92b76f549d7
--- /dev/null
+++ b/content/zh/examples/application/wordpress/mysql-deployment.yaml
@@ -0,0 +1,65 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  ports:
+    - port: 3306
+  selector:
+    app: wordpress
+    tier: mysql
+  clusterIP: None
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+  labels:
+    app: wordpress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+      tier: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wordpress
+        tier: mysql
+    spec:
+      containers:
+      - image: mysql:5.6
+        name: mysql
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-pass
+              key: password
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim
diff --git a/content/zh/examples/application/wordpress/wordpress-deployment.yaml b/content/zh/examples/application/wordpress/wordpress-deployment.yaml
new file mode 100644
index 0000000000000..d8984742115ff
--- /dev/null
+++ b/content/zh/examples/application/wordpress/wordpress-deployment.yaml
@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress
+  labels:
+    app: wordpress
+spec:
+  ports:
+    - port: 80
+  selector:
+    app: wordpress
+    tier: frontend
+  type: LoadBalancer
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wp-pv-claim
+  labels:
+    app: wordpress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: wordpress
+  labels:
+    app: wordpress
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+      tier: frontend
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wordpress
+        tier: frontend
+    spec:
+      containers:
+      - image: wordpress:4.8-apache
+        name: wordpress
+        env:
+        - name: WORDPRESS_DB_HOST
+          value: wordpress-mysql
+        - name: WORDPRESS_DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-pass
+              key: password
+        ports:
+        - containerPort: 80
+          name: wordpress
+        volumeMounts:
+        - name: wordpress-persistent-storage
+          mountPath: /var/www/html
+      volumes:
+      - name: wordpress-persistent-storage
+        persistentVolumeClaim:
+          claimName: wp-pv-claim
diff --git a/content/zh/examples/application/zookeeper/zookeeper.yaml b/content/zh/examples/application/zookeeper/zookeeper.yaml
new file mode 100644
index 0000000000000..4afa806a5412b
--- /dev/null
+++ b/content/zh/examples/application/zookeeper/zookeeper.yaml
@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: zk-hs
+  labels:
+    app: zk
+spec:
+  ports:
+  - port: 2888
+    name: server
+  - port: 3888
+    name: leader-election
+  clusterIP: None
+  selector:
+    app: zk
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: zk-cs
+  labels:
+    app: zk
+spec:
+  ports:
+  - port: 2181
+    name: client
+  selector:
+    app: zk
+---
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: zk-pdb
+spec:
+  selector:
+    matchLabels:
+      app: zk
+  maxUnavailable: 1
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: zk
+spec:
+  selector:
+    matchLabels:
+      app: zk
+  serviceName: zk-hs
+  replicas: 3
+  updateStrategy:
+    type: RollingUpdate
+  podManagementPolicy: Parallel
+  template:
+    metadata:
+      labels:
+        app: zk
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: "app"
+                    operator: In
+                    values:
+                    - zk
+              topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: kubernetes-zookeeper
+        imagePullPolicy: Always
+        image: "k8s.gcr.io/kubernetes-zookeeper:1.0-3.4.10"
+        resources:
+          requests:
+            memory: "1Gi"
+            cpu: "0.5"
+        ports:
+        - containerPort: 2181
+          name: client
+        - containerPort: 2888
+          name: server
+        - containerPort: 3888
+          name: leader-election
+        command:
+        - sh
+        - -c
+        - "start-zookeeper \
+          --servers=3 \
+          --data_dir=/var/lib/zookeeper/data \
+          --data_log_dir=/var/lib/zookeeper/data/log \
+          --conf_dir=/opt/zookeeper/conf \
+          --client_port=2181 \
+          --election_port=3888 \
+          --server_port=2888 \
+          --tick_time=2000 \
+          --init_limit=10 \
+          --sync_limit=5 \
+          --heap=512M \
+          --max_client_cnxns=60 \
+          --snap_retain_count=3 \
+          --purge_interval=12 \
+          --max_session_timeout=40000 \
+          --min_session_timeout=4000 \
+          --log_level=INFO"
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "zookeeper-ready 2181"
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "zookeeper-ready 2181"
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+        volumeMounts:
+        - name: datadir
+          mountPath: /var/lib/zookeeper
+      securityContext:
+        runAsUser: 1000
+        fsGroup: 1000
+  volumeClaimTemplates:
+  - metadata:
+      name: datadir
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 10Gi
diff --git a/content/zh/examples/configmap/configmap-multikeys.yaml b/content/zh/examples/configmap/configmap-multikeys.yaml
new file mode 100644
index 0000000000000..289702d123caf
--- /dev/null
+++ b/content/zh/examples/configmap/configmap-multikeys.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: special-config
+  namespace: default
+data:
+  SPECIAL_LEVEL: very
+  SPECIAL_TYPE: charm
diff --git a/content/zh/examples/configmap/configmaps.yaml b/content/zh/examples/configmap/configmaps.yaml
new file mode 100644
index 0000000000000..91b9f29755c2e
--- /dev/null
+++ b/content/zh/examples/configmap/configmaps.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: special-config
+  namespace: default
+data:
+  special.how: very
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: env-config
+  namespace: default
+data:
+  log_level: INFO
diff --git a/content/zh/examples/configmap/game-env-file.properties b/content/zh/examples/configmap/game-env-file.properties
new file mode 100644
index 0000000000000..a96a12eaa721c
--- /dev/null
+++ b/content/zh/examples/configmap/game-env-file.properties
@@ -0,0 +1,5 @@
+enemies=aliens
+lives=3
+allowed="true"
+
+# This comment and the empty line above it are ignored
diff --git a/content/zh/examples/configmap/game.properties b/content/zh/examples/configmap/game.properties
new file mode 100644
index 0000000000000..8ba4184c22e18
--- /dev/null
+++ b/content/zh/examples/configmap/game.properties
@@ -0,0 +1,7 @@
+enemies=aliens
+lives=3
+enemies.cheat=true
+enemies.cheat.level=noGoodRotten
+secret.code.passphrase=UUDDLRLRBABAS
+secret.code.allowed=true
+secret.code.lives=30
\ No newline at end of file
diff --git a/content/zh/examples/configmap/ui-env-file.properties b/content/zh/examples/configmap/ui-env-file.properties
new file mode 100644
index 0000000000000..1b5c76999497d
--- /dev/null
+++ b/content/zh/examples/configmap/ui-env-file.properties
@@ -0,0 +1,3 @@
+color=purple
+textmode=true
+how=fairlyNice
diff --git a/content/zh/examples/configmap/ui.properties b/content/zh/examples/configmap/ui.properties
new file mode 100644
index 0000000000000..487bea0347e7d
--- /dev/null
+++ b/content/zh/examples/configmap/ui.properties
@@ -0,0 +1,4 @@
+color.good=purple
+color.bad=yellow
+allow.textmode=true
+how.nice.to.look=fairlyNice
diff --git a/content/zh/examples/controllers/daemonset.yaml b/content/zh/examples/controllers/daemonset.yaml
new file mode 100644
index 0000000000000..c576ede3777c0
--- /dev/null
+++ b/content/zh/examples/controllers/daemonset.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-elasticsearch
+  namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+spec:
+  selector:
+    matchLabels:
+      name: fluentd-elasticsearch
+  template:
+    metadata:
+      labels:
+        name: fluentd-elasticsearch
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      containers:
+      - name: fluentd-elasticsearch
+        image: k8s.gcr.io/fluentd-elasticsearch:1.20
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
diff --git a/content/zh/examples/controllers/frontend.yaml b/content/zh/examples/controllers/frontend.yaml
new file mode 100644
index 0000000000000..f9dba82b7ef23
--- /dev/null
+++ b/content/zh/examples/controllers/frontend.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  name: frontend
+  labels:
+    app: guestbook
+    tier: frontend
+spec:
+  # modify replicas according to your case
+  replicas: 3
+  selector:
+    matchLabels:
+      tier: frontend
+    matchExpressions:
+      - {key: tier, operator: In, values: [frontend]}
+  template:
+    metadata:
+      labels:
+        app: guestbook
+        tier: frontend
+    spec:
+      containers:
+      - name: php-redis
+        image: gcr.io/google_samples/gb-frontend:v3
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        env:
+        - name: GET_HOSTS_FROM
+          value: dns
+          # If your cluster config does not include a dns service, then to
+          # instead access environment variables to find service host
+          # info, comment out the 'value: dns' line above, and uncomment the
+          # line below.
+          # value: env
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/controllers/hpa-rs.yaml b/content/zh/examples/controllers/hpa-rs.yaml
new file mode 100644
index 0000000000000..a8388530dcba1
--- /dev/null
+++ b/content/zh/examples/controllers/hpa-rs.yaml
@@ -0,0 +1,11 @@
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: frontend-scaler
+spec:
+  scaleTargetRef:
+    kind: ReplicaSet
+    name: frontend
+  minReplicas: 3
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 50
diff --git a/content/zh/examples/controllers/job.yaml b/content/zh/examples/controllers/job.yaml
new file mode 100644
index 0000000000000..b448f2eb81daf
--- /dev/null
+++ b/content/zh/examples/controllers/job.yaml
@@ -0,0 +1,14 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: pi
+spec:
+  template:
+    spec:
+      containers:
+      - name: pi
+        image: perl
+        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+      restartPolicy: Never
+  backoffLimit: 4
+
diff --git a/content/zh/examples/controllers/nginx-deployment.yaml b/content/zh/examples/controllers/nginx-deployment.yaml
new file mode 100644
index 0000000000000..5dd80da371f54
--- /dev/null
+++ b/content/zh/examples/controllers/nginx-deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.15.4
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/controllers/replicaset.yaml b/content/zh/examples/controllers/replicaset.yaml
new file mode 100644
index 0000000000000..e5dfdf6c43ce5
--- /dev/null
+++ b/content/zh/examples/controllers/replicaset.yaml
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  name: my-repset
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      pod-is-for: garbage-collection-example
+  template:
+    metadata:
+      labels:
+        pod-is-for: garbage-collection-example
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
diff --git a/content/zh/examples/controllers/replication.yaml b/content/zh/examples/controllers/replication.yaml
new file mode 100644
index 0000000000000..6eff0b9b57642
--- /dev/null
+++ b/content/zh/examples/controllers/replication.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    app: nginx
+  template:
+    metadata:
+      name: nginx
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+        ports:
+        - containerPort: 80
diff --git a/content/zh/examples/debug/counter-pod.yaml b/content/zh/examples/debug/counter-pod.yaml
new file mode 100644
index 0000000000000..f997886386258
--- /dev/null
+++ b/content/zh/examples/debug/counter-pod.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox
+    args: [/bin/sh, -c,
+            'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
diff --git a/content/zh/examples/debug/event-exporter.yaml b/content/zh/examples/debug/event-exporter.yaml
new file mode 100644
index 0000000000000..64a585b9a5376
--- /dev/null
+++ b/content/zh/examples/debug/event-exporter.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: event-exporter-sa
+  namespace: default
+  labels:
+    app: event-exporter
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: event-exporter-rb
+  labels:
+    app: event-exporter
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: view
+subjects:
+- kind: ServiceAccount
+  name: event-exporter-sa
+  namespace: default
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: event-exporter-v0.2.3
+  namespace: default
+  labels:
+    app: event-exporter
+spec:
+  selector:
+    matchLabels:
+      app: event-exporter
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: event-exporter
+    spec:
+      serviceAccountName: event-exporter-sa
+      containers:
+      - name: event-exporter
+        image: k8s.gcr.io/event-exporter:v0.2.3
+        command:
+        - '/event-exporter'
+      terminationGracePeriodSeconds: 30
diff --git a/content/zh/examples/debug/fluentd-gcp-configmap.yaml b/content/zh/examples/debug/fluentd-gcp-configmap.yaml
new file mode 100644
index 0000000000000..71e0ac5d82cc2
--- /dev/null
+++ b/content/zh/examples/debug/fluentd-gcp-configmap.yaml
@@ -0,0 +1,379 @@
+kind: ConfigMap
+apiVersion: v1
+data:
+  containers.input.conf: |-
+    # This configuration file for Fluentd is used
+    # to watch changes to Docker log files that live in the
+    # directory /var/lib/docker/containers/ and are symbolically
+    # linked to from the /var/log/containers directory using names that capture the
+    # pod name and container name. These logs are then submitted to
+    # Google Cloud Logging which assumes the installation of the cloud-logging plug-in.
+    #
+    # Example
+    # =======
+    # A line in the Docker log file might look like this JSON:
+    #
+    # {"log":"2014/09/25 21:15:03 Got request with path wombat\\n",
+    #  "stream":"stderr",
+    #   "time":"2014-09-25T21:15:03.499185026Z"}
+    #
+    # The record reformer is used to write the tag to focus on the pod name
+    # and the Kubernetes container name. For example a Docker container's logs
+    # might be in the directory:
+    #  /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b
+    # and in the file:
+    #  997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
+    # where 997599971ee6... is the Docker ID of the running container.
+    # The Kubernetes kubelet makes a symbolic link to this file on the host machine
+    # in the /var/log/containers directory which includes the pod name and the Kubernetes
+    # container name:
+    #    synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
+    #    ->
+    #    /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
+    # The /var/log directory on the host is mapped to the /var/log directory in the container
+    # running this instance of Fluentd and we end up collecting the file:
+    #   /var/log/containers/synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
+    # This results in the tag:
+    #  var.log.containers.synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
+    # The record reformer is used is discard the var.log.containers prefix and
+    # the Docker container ID suffix and "kubernetes." is pre-pended giving the tag:
+    #   kubernetes.synthetic-logger-0.25lps-pod_default-synth-lgr
+    # Tag is then parsed by google_cloud plugin and translated to the metadata,
+    # visible in the log viewer
+
+    # Example:
+    # {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"}
+    <source>
+      type tail
+      format json
+      time_key time
+      path /var/log/containers/*.log
+      pos_file /var/log/gcp-containers.log.pos
+      time_format %Y-%m-%dT%H:%M:%S.%N%Z
+      tag reform.*
+      read_from_head true
+    </source>
+
+    <filter reform.**>
+      type parser
+      format /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<log>.*)/
+      reserve_data true
+      suppress_parse_error_log true
+      key_name log
+    </filter>
+
+    <match reform.**>
+      type record_reformer
+      enable_ruby true
+      tag raw.kubernetes.${tag_suffix[4].split('-')[0..-2].join('-')}
+    </match>
+
+    # Detect exceptions in the log output and forward them as one log entry.
+    <match raw.kubernetes.**>
+      @type copy
+
+      <store>
+        @type prometheus
+
+        <metric>
+          type counter
+          name logging_line_count
+          desc Total number of lines generated by application containers
+          <labels>
+            tag ${tag}
+          </labels>
+        </metric>
+      </store>
+      <store>
+        @type detect_exceptions
+
+        remove_tag_prefix raw
+        message log
+        stream stream
+        multiline_flush_interval 5
+        max_bytes 500000
+        max_lines 1000
+      </store>
+    </match>
+  system.input.conf: |-
+    # Example:
+    # Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script
+    <source>
+      type tail
+      format syslog
+      path /var/log/startupscript.log
+      pos_file /var/log/gcp-startupscript.log.pos
+      tag startupscript
+    </source>
+
+    # Examples:
+    # time="2016-02-04T06:51:03.053580605Z" level=info msg="GET /containers/json"
+    # time="2016-02-04T07:53:57.505612354Z" level=error msg="HTTP Error" err="No such image: -f" statusCode=404
+    <source>
+      type tail
+      format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
+      path /var/log/docker.log
+      pos_file /var/log/gcp-docker.log.pos
+      tag docker
+    </source>
+
+    # Example:
+    # 2016/02/04 06:52:38 filePurge: successfully removed file /var/etcd/data/member/wal/00000000000006d0-00000000010a23d1.wal
+    <source>
+      type tail
+      # Not parsing this, because it doesn't have anything particularly useful to
+      # parse out of it (like severities).
+      format none
+      path /var/log/etcd.log
+      pos_file /var/log/gcp-etcd.log.pos
+      tag etcd
+    </source>
+
+    # Multi-line parsing is required for all the kube logs because very large log
+    # statements, such as those that include entire object bodies, get split into
+    # multiple lines by glog.
+
+    # Example:
+    # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kubelet.log
+      pos_file /var/log/gcp-kubelet.log.pos
+      tag kubelet
+    </source>
+
+    # Example:
+    # I1118 21:26:53.975789       6 proxier.go:1096] Port "nodePort for kube-system/default-http-backend:http" (:31429/tcp) was open before and is still needed
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-proxy.log
+      pos_file /var/log/gcp-kube-proxy.log.pos
+      tag kube-proxy
+    </source>
+
+    # Example:
+    # I0204 07:00:19.604280       5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266]
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-apiserver.log
+      pos_file /var/log/gcp-kube-apiserver.log.pos
+      tag kube-apiserver
+    </source>
+
+    # Example:
+    # 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods"
+    # 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200"
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\S+\s+AUDIT:/
+      # Fields must be explicitly captured by name to be parsed into the record.
+      # Fields may not always be present, and order may change, so this just looks
+      # for a list of key="\"quoted\" value" pairs separated by spaces.
+      # Unknown fields are ignored.
+      # Note: We can't separate query/response lines as format1/format2 because
+      #       they don't always come one after the other for a given query.
+      # TODO: Maybe add a JSON output mode to audit log so we can get rid of this?
+      format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/
+      time_format %FT%T.%L%Z
+      path /var/log/kube-apiserver-audit.log
+      pos_file /var/log/gcp-kube-apiserver-audit.log.pos
+      tag kube-apiserver-audit
+    </source>
+
+    # Example:
+    # I0204 06:55:31.872680       5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kubernetes-dashboard
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-controller-manager.log
+      pos_file /var/log/gcp-kube-controller-manager.log.pos
+      tag kube-controller-manager
+    </source>
+
+    # Example:
+    # W0204 06:49:18.239674       7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312]
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-scheduler.log
+      pos_file /var/log/gcp-kube-scheduler.log.pos
+      tag kube-scheduler
+    </source>
+
+    # Example:
+    # I1104 10:36:20.242766       5 rescheduler.go:73] Running Rescheduler
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/rescheduler.log
+      pos_file /var/log/gcp-rescheduler.log.pos
+      tag rescheduler
+    </source>
+
+    # Example:
+    # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/glbc.log
+      pos_file /var/log/gcp-glbc.log.pos
+      tag glbc
+    </source>
+
+    # Example:
+    # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/cluster-autoscaler.log
+      pos_file /var/log/gcp-cluster-autoscaler.log.pos
+      tag cluster-autoscaler
+    </source>
+
+    # Logs from systemd-journal for interesting services.
+    <source>
+      type systemd
+      filters [{ "_SYSTEMD_UNIT": "docker.service" }]
+      pos_file /var/log/gcp-journald-docker.pos
+      read_from_head true
+      tag docker
+    </source>
+
+    <source>
+      type systemd
+      filters [{ "_SYSTEMD_UNIT": "kubelet.service" }]
+      pos_file /var/log/gcp-journald-kubelet.pos
+      read_from_head true
+      tag kubelet
+    </source>
+  monitoring.conf: |-
+    # Prometheus monitoring
+    <source>
+      @type prometheus
+      port 80
+    </source>
+
+    <source>
+      @type prometheus_monitor
+    </source>
+  output.conf: |-
+    # We use 2 output stanzas - one to handle the container logs and one to handle
+    # the node daemon logs, the latter of which explicitly sends its logs to the
+    # compute.googleapis.com service rather than container.googleapis.com to keep
+    # them separate since most users don't care about the node logs.
+    <match kubernetes.**>
+      @type copy
+
+      <store>
+        @type google_cloud
+
+        # Set the buffer type to file to improve the reliability and reduce the memory consumption
+        buffer_type file
+        buffer_path /var/log/fluentd-buffers/kubernetes.containers.buffer
+        # Set queue_full action to block because we want to pause gracefully
+        # in case of the off-the-limits load instead of throwing an exception
+        buffer_queue_full_action block
+        # Set the chunk limit conservatively to avoid exceeding the GCL limit
+        # of 10MiB per write request.
+        buffer_chunk_limit 2M
+        # Cap the combined memory usage of this buffer and the one below to
+        # 2MiB/chunk * (6 + 2) chunks = 16 MiB
+        buffer_queue_limit 6
+        # Never wait more than 5 seconds before flushing logs in the non-error case.
+        flush_interval 5s
+        # Never wait longer than 30 seconds between retries.
+        max_retry_wait 30
+        # Disable the limit on the number of retries (retry forever).
+        disable_retry_limit
+        # Use multiple threads for processing.
+        num_threads 2
+      </store>
+      <store>
+        @type prometheus
+
+        <metric>
+          type counter
+          name logging_entry_count
+          desc Total number of log entries generated by either an application container or a system component
+          <labels>
+            tag ${tag}
+            component container
+          </labels>
+        </metric>
+      </store>
+    </match>
+
+    # Keep a smaller buffer here since these logs are less important than the user's
+    # container logs.
+    <match **>
+      @type copy
+
+      <store>
+        @type google_cloud
+
+        detect_subservice false
+        buffer_type file
+        buffer_path /var/log/fluentd-buffers/kubernetes.system.buffer
+        buffer_queue_full_action block
+        buffer_chunk_limit 2M
+        buffer_queue_limit 2
+        flush_interval 5s
+        max_retry_wait 30
+        disable_retry_limit
+        num_threads 2
+      </store>
+      <store>
+        @type prometheus
+
+        <metric>
+          type counter
+          name logging_entry_count
+          desc Total number of log entries generated by either an application container or a system component
+          <labels>
+            tag ${tag}
+            component system
+          </labels>
+        </metric>
+      </store>
+    </match>
+metadata:
+  name: fluentd-gcp-config
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
diff --git a/content/zh/examples/debug/fluentd-gcp-ds.yaml b/content/zh/examples/debug/fluentd-gcp-ds.yaml
new file mode 100644
index 0000000000000..4ffd5c0093130
--- /dev/null
+++ b/content/zh/examples/debug/fluentd-gcp-ds.yaml
@@ -0,0 +1,113 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-gcp-v2.0
+  labels:
+    k8s-app: fluentd-gcp
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    version: v2.0
+spec:
+  selector:
+    matchLabels:
+      k8s-app: fluentd-gcp
+      kubernetes.io/cluster-service: "true"
+      version: v2.0
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        k8s-app: fluentd-gcp
+        kubernetes.io/cluster-service: "true"
+        version: v2.0
+      # This annotation ensures that fluentd does not get evicted if the node
+      # supports critical pod annotation based priority scheme.
+      # Note that this does not guarantee admission on the nodes (#40573).
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      dnsPolicy: Default
+      containers:
+      - name: fluentd-gcp
+        image: k8s.gcr.io/fluentd-gcp:2.0.2
+        # If fluentd consumes its own logs, the following situation may happen:
+        # fluentd fails to send a chunk to the server => writes it to the log =>
+        # tries to send this message to the server => fails to send a chunk and so on.
+        # Writing to a file, which is not exported to the back-end prevents it.
+        # It also allows to increase the fluentd verbosity by default.
+        command:
+          - '/bin/sh'
+          - '-c'
+          - '/run.sh $FLUENTD_ARGS 2>&1 >>/var/log/fluentd.log'
+        env:
+        - name: FLUENTD_ARGS
+          value: --no-supervisor
+        resources:
+          limits:
+            memory: 300Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+        - name: libsystemddir
+          mountPath: /host/lib
+          readOnly: true
+        - name: config-volume
+          mountPath: /etc/fluent/config.d
+        # Liveness probe is aimed to help in situations where fluentd
+        # silently hangs for no apparent reasons until manual restart.
+        # The idea of this probe is that if fluentd is not queueing or
+        # flushing chunks for 5 minutes, something is not right. If
+        # you want to change the fluentd configuration, reducing amount of
+        # logs fluentd collects, consider changing the threshold or turning
+        # liveness probe off completely.
+        livenessProbe:
+          initialDelaySeconds: 600
+          periodSeconds: 60
+          exec:
+            command:
+            - '/bin/sh'
+            - '-c'
+            - >
+              LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
+              STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
+              if [ ! -e /var/log/fluentd-buffers ];
+              then
+                exit 1;
+              fi;
+              LAST_MODIFIED_DATE=`stat /var/log/fluentd-buffers | grep Modify | sed -r "s/Modify: (.*)/\1/"`;
+              LAST_MODIFIED_TIMESTAMP=`date -d "$LAST_MODIFIED_DATE" +%s`;
+              if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $STUCK_THRESHOLD_SECONDS` ];
+              then
+                rm -rf /var/log/fluentd-buffers;
+                exit 1;
+              fi;
+              if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $LIVENESS_THRESHOLD_SECONDS` ];
+              then
+                exit 1;
+              fi;
+      nodeSelector:
+        beta.kubernetes.io/fluentd-ds-ready: "true"
+      tolerations:
+      - key: "node.alpha.kubernetes.io/ismaster"
+        effect: "NoSchedule"
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
+      - name: libsystemddir
+        hostPath:
+          path: /usr/lib64
+      - name: config-volume
+        configMap:
+          name: fluentd-gcp-config
diff --git a/content/zh/examples/debug/node-problem-detector-configmap.yaml b/content/zh/examples/debug/node-problem-detector-configmap.yaml
new file mode 100644
index 0000000000000..654d35106a9e3
--- /dev/null
+++ b/content/zh/examples/debug/node-problem-detector-configmap.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: node-problem-detector-v0.1
+  namespace: kube-system
+  labels:
+    k8s-app: node-problem-detector
+    version: v0.1
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    matchLabels:
+      k8s-app: node-problem-detector  
+      version: v0.1
+      kubernetes.io/cluster-service: "true"
+  template:
+    metadata:
+      labels:
+        k8s-app: node-problem-detector
+        version: v0.1
+        kubernetes.io/cluster-service: "true"
+    spec:
+      hostNetwork: true
+      containers:
+      - name: node-problem-detector
+        image: k8s.gcr.io/node-problem-detector:v0.1
+        securityContext:
+          privileged: true
+        resources:
+          limits:
+            cpu: "200m"
+            memory: "100Mi"
+          requests:
+            cpu: "20m"
+            memory: "20Mi"
+        volumeMounts:
+        - name: log
+          mountPath: /log
+          readOnly: true
+        - name: config # Overwrite the config/ directory with ConfigMap volume
+          mountPath: /config
+          readOnly: true
+      volumes:
+      - name: log
+        hostPath:
+          path: /var/log/
+      - name: config # Define ConfigMap volume
+        configMap:
+          name: node-problem-detector-config
\ No newline at end of file
diff --git a/content/zh/examples/debug/node-problem-detector.yaml b/content/zh/examples/debug/node-problem-detector.yaml
new file mode 100644
index 0000000000000..6ffa19bcc3a0f
--- /dev/null
+++ b/content/zh/examples/debug/node-problem-detector.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: node-problem-detector-v0.1
+  namespace: kube-system
+  labels:
+    k8s-app: node-problem-detector
+    version: v0.1
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    matchLabels:
+      k8s-app: node-problem-detector  
+      version: v0.1
+      kubernetes.io/cluster-service: "true"
+  template:
+    metadata:
+      labels:
+        k8s-app: node-problem-detector
+        version: v0.1
+        kubernetes.io/cluster-service: "true"
+    spec:
+      hostNetwork: true
+      containers:
+      - name: node-problem-detector
+        image: k8s.gcr.io/node-problem-detector:v0.1
+        securityContext:
+          privileged: true
+        resources:
+          limits:
+            cpu: "200m"
+            memory: "100Mi"
+          requests:
+            cpu: "20m"
+            memory: "20Mi"
+        volumeMounts:
+        - name: log
+          mountPath: /log
+          readOnly: true
+      volumes:
+      - name: log
+        hostPath:
+          path: /var/log/
\ No newline at end of file
diff --git a/content/zh/examples/debug/termination.yaml b/content/zh/examples/debug/termination.yaml
new file mode 100644
index 0000000000000..3f63748f7295f
--- /dev/null
+++ b/content/zh/examples/debug/termination.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: termination-demo
+spec:
+  containers:
+  - name: termination-demo-container
+    image: debian
+    command: ["/bin/sh"]
+    args: ["-c", "sleep 10 && echo Sleep expired > /dev/termination-log"]
diff --git a/content/zh/examples/federation/policy-engine-deployment.yaml b/content/zh/examples/federation/policy-engine-deployment.yaml
new file mode 100644
index 0000000000000..168af7ba4cf0f
--- /dev/null
+++ b/content/zh/examples/federation/policy-engine-deployment.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: opa
+  name: opa
+  namespace: federation-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: opa
+  template:
+    metadata:
+      labels:
+        app: opa
+      name: opa
+    spec:
+      containers:
+        - name: opa
+          image: openpolicyagent/opa:0.4.10
+          args:
+          - "run"
+          - "--server"
+        - name: kube-mgmt
+          image: openpolicyagent/kube-mgmt:0.2
+          args:
+          - "-kubeconfig=/srv/kubernetes/kubeconfig"
+          - "-cluster=federation/v1beta1/clusters"
+          volumeMounts:
+           - name: federation-kubeconfig
+             mountPath: /srv/kubernetes
+             readOnly: true
+      volumes:
+      - name: federation-kubeconfig
+        secret:
+          secretName: federation-controller-manager-kubeconfig
diff --git a/content/zh/examples/federation/policy-engine-service.yaml b/content/zh/examples/federation/policy-engine-service.yaml
new file mode 100644
index 0000000000000..287a972d64ee8
--- /dev/null
+++ b/content/zh/examples/federation/policy-engine-service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: opa
+  namespace: federation-system
+spec:
+  selector:
+    app: opa
+  ports:
+  - name: http
+    protocol: TCP
+    port: 8181
+    targetPort: 8181
\ No newline at end of file
diff --git a/content/zh/examples/federation/replicaset-example-policy.yaml b/content/zh/examples/federation/replicaset-example-policy.yaml
new file mode 100644
index 0000000000000..43dc83b18b200
--- /dev/null
+++ b/content/zh/examples/federation/replicaset-example-policy.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  labels:
+    app: nginx-pci
+  name: nginx-pci
+  annotations:
+    requires-pci: "true"
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx-pci
+  template:
+    metadata:
+      labels:
+        app: nginx-pci
+    spec:
+      containers:
+      - image: nginx
+        name: nginx-pci
diff --git a/content/zh/examples/federation/scheduling-policy-admission.yaml b/content/zh/examples/federation/scheduling-policy-admission.yaml
new file mode 100644
index 0000000000000..a164722425555
--- /dev/null
+++ b/content/zh/examples/federation/scheduling-policy-admission.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: admission
+  namespace: federation-system
+data:
+  config.yml: |
+    apiVersion: apiserver.k8s.io/v1alpha1
+    kind: AdmissionConfiguration
+    plugins:
+    - name: SchedulingPolicy
+      path: /etc/kubernetes/admission/scheduling-policy-config.yml
+  scheduling-policy-config.yml: |
+    kubeconfig: /etc/kubernetes/admission/opa-kubeconfig
+  opa-kubeconfig: |
+    clusters:
+      - name: opa-api
+        cluster:
+          server: http://opa.federation-system.svc.cluster.local:8181/v0/data/kubernetes/placement
+    users:
+      - name: scheduling-policy
+        user:
+          token: deadbeefsecret
+    contexts:
+      - name: default
+        context:
+          cluster: opa-api
+          user: scheduling-policy
+    current-context: default
diff --git a/content/zh/examples/minikube/Dockerfile b/content/zh/examples/minikube/Dockerfile
new file mode 100644
index 0000000000000..1fe745295a47f
--- /dev/null
+++ b/content/zh/examples/minikube/Dockerfile
@@ -0,0 +1,4 @@
+FROM node:6.14.2
+EXPOSE 8080
+COPY server.js .
+CMD node server.js
diff --git a/content/zh/examples/minikube/server.js b/content/zh/examples/minikube/server.js
new file mode 100644
index 0000000000000..76345a17d81db
--- /dev/null
+++ b/content/zh/examples/minikube/server.js
@@ -0,0 +1,9 @@
+var http = require('http');
+
+var handleRequest = function(request, response) {
+  console.log('Received request for URL: ' + request.url);
+  response.writeHead(200);
+  response.end('Hello World!');
+};
+var www = http.createServer(handleRequest);
+www.listen(8080);
diff --git a/content/zh/examples/podpreset/allow-db-merged.yaml b/content/zh/examples/podpreset/allow-db-merged.yaml
new file mode 100644
index 0000000000000..4f5af10abdc46
--- /dev/null
+++ b/content/zh/examples/podpreset/allow-db-merged.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: website
+  labels:
+    app: website
+    role: frontend
+  annotations:
+    podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
+spec:
+  containers:
+    - name: website
+      image: nginx
+      volumeMounts:
+        - mountPath: /cache
+          name: cache-volume
+        - mountPath: /etc/app/config.json
+          readOnly: true
+          name: secret-volume
+      ports:
+        - containerPort: 80
+      env:
+        - name: DB_PORT
+          value: "6379"
+        - name: duplicate_key
+          value: FROM_ENV
+        - name: expansion
+          value: $(REPLACE_ME)
+      envFrom:
+        - configMapRef:
+            name: etcd-env-config
+  volumes:
+    - name: cache-volume
+      emptyDir: {}
+    - name: secret-volume
+      secret:
+         secretName: config-details
diff --git a/content/zh/examples/podpreset/allow-db.yaml b/content/zh/examples/podpreset/allow-db.yaml
new file mode 100644
index 0000000000000..a5504789fea04
--- /dev/null
+++ b/content/zh/examples/podpreset/allow-db.yaml
@@ -0,0 +1,30 @@
+apiVersion: settings.k8s.io/v1alpha1
+kind: PodPreset
+metadata:
+  name: allow-database
+spec:
+  selector:
+    matchLabels:
+      role: frontend
+  env:
+    - name: DB_PORT
+      value: "6379"
+    - name: duplicate_key
+      value: FROM_ENV
+    - name: expansion
+      value: $(REPLACE_ME)
+  envFrom:
+    - configMapRef:
+        name: etcd-env-config
+  volumeMounts:
+    - mountPath: /cache
+      name: cache-volume
+    - mountPath: /etc/app/config.json
+      readOnly: true
+      name: secret-volume
+  volumes:
+    - name: cache-volume
+      emptyDir: {}
+    - name: secret-volume
+      secret:
+         secretName: config-details
diff --git a/content/zh/examples/podpreset/configmap.yaml b/content/zh/examples/podpreset/configmap.yaml
new file mode 100644
index 0000000000000..806a880bff844
--- /dev/null
+++ b/content/zh/examples/podpreset/configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: etcd-env-config
+data:
+  number_of_members: "1"
+  initial_cluster_state: new
+  initial_cluster_token: DUMMY_ETCD_INITIAL_CLUSTER_TOKEN
+  discovery_token: DUMMY_ETCD_DISCOVERY_TOKEN
+  discovery_url: http://etcd_discovery:2379
+  etcdctl_peers: http://etcd:2379
+  duplicate_key: FROM_CONFIG_MAP
+  REPLACE_ME: "a value"
+
diff --git a/content/zh/examples/podpreset/conflict-pod.yaml b/content/zh/examples/podpreset/conflict-pod.yaml
new file mode 100644
index 0000000000000..6949f7e1621e4
--- /dev/null
+++ b/content/zh/examples/podpreset/conflict-pod.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: website
+  labels:
+    app: website
+    role: frontend
+spec:
+  containers:
+    - name: website
+      image: nginx
+      volumeMounts:
+        - mountPath: /cache
+          name: cache-volume
+      ports:
+        - containerPort: 80
+  volumes:
+    - name: cache-volume
+      emptyDir: {}
diff --git a/content/zh/examples/podpreset/conflict-preset.yaml b/content/zh/examples/podpreset/conflict-preset.yaml
new file mode 100644
index 0000000000000..a2ad96c48a930
--- /dev/null
+++ b/content/zh/examples/podpreset/conflict-preset.yaml
@@ -0,0 +1,18 @@
+apiVersion: settings.k8s.io/v1alpha1
+kind: PodPreset
+metadata:
+  name: allow-database
+spec:
+  selector:
+    matchLabels:
+      role: frontend
+  env:
+    - name: DB_PORT
+      value: "6379"
+  volumeMounts:
+    - mountPath: /cache
+      name: other-volume
+  volumes:
+    - name: other-volume
+      emptyDir: {}
+
diff --git a/content/zh/examples/podpreset/merged.yaml b/content/zh/examples/podpreset/merged.yaml
new file mode 100644
index 0000000000000..97c022c86cee4
--- /dev/null
+++ b/content/zh/examples/podpreset/merged.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: website
+  labels:
+    app: website
+    role: frontend
+  annotations:
+    podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
+spec:
+  containers:
+    - name: website
+      image: nginx
+      volumeMounts:
+        - mountPath: /cache
+          name: cache-volume
+      ports:
+        - containerPort: 80
+      env:
+        - name: DB_PORT
+          value: "6379"
+  volumes:
+    - name: cache-volume
+      emptyDir: {}
+
diff --git a/content/zh/examples/podpreset/multi-merged.yaml b/content/zh/examples/podpreset/multi-merged.yaml
new file mode 100644
index 0000000000000..7fcaae62e3328
--- /dev/null
+++ b/content/zh/examples/podpreset/multi-merged.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: website
+  labels:
+    app: website
+    role: frontend
+  annotations:
+    podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
+    podpreset.admission.kubernetes.io/podpreset-proxy: "resource version"
+spec:
+  containers:
+    - name: website
+      image: nginx
+      volumeMounts:
+        - mountPath: /cache
+          name: cache-volume
+        - mountPath: /etc/proxy/configs
+          name: proxy-volume
+      ports:
+        - containerPort: 80
+      env:
+        - name: DB_PORT
+          value: "6379"
+  volumes:
+    - name: cache-volume
+      emptyDir: {}
+    - name: proxy-volume
+      emptyDir: {}
diff --git a/content/zh/examples/podpreset/pod.yaml b/content/zh/examples/podpreset/pod.yaml
new file mode 100644
index 0000000000000..b6b4e60d6e514
--- /dev/null
+++ b/content/zh/examples/podpreset/pod.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: website
+  labels:
+    app: website
+    role: frontend
+spec:
+  containers:
+    - name: website
+      image: nginx
+      ports:
+        - containerPort: 80
+
diff --git a/content/zh/examples/podpreset/preset.yaml b/content/zh/examples/podpreset/preset.yaml
new file mode 100644
index 0000000000000..f300289c822ff
--- /dev/null
+++ b/content/zh/examples/podpreset/preset.yaml
@@ -0,0 +1,17 @@
+apiVersion: settings.k8s.io/v1alpha1
+kind: PodPreset
+metadata:
+  name: allow-database
+spec:
+  selector:
+    matchLabels:
+      role: frontend
+  env:
+    - name: DB_PORT
+      value: "6379"
+  volumeMounts:
+    - mountPath: /cache
+      name: cache-volume
+  volumes:
+    - name: cache-volume
+      emptyDir: {}
diff --git a/content/zh/examples/podpreset/proxy.yaml b/content/zh/examples/podpreset/proxy.yaml
new file mode 100644
index 0000000000000..d854475ac2641
--- /dev/null
+++ b/content/zh/examples/podpreset/proxy.yaml
@@ -0,0 +1,14 @@
+apiVersion: settings.k8s.io/v1alpha1
+kind: PodPreset
+metadata:
+  name: proxy
+spec:
+  selector:
+    matchLabels:
+      role: frontend
+  volumeMounts:
+    - mountPath: /etc/proxy/configs
+      name: proxy-volume
+  volumes:
+    - name: proxy-volume
+      emptyDir: {}
diff --git a/content/zh/examples/podpreset/replicaset-merged.yaml b/content/zh/examples/podpreset/replicaset-merged.yaml
new file mode 100644
index 0000000000000..95cf846ebca46
--- /dev/null
+++ b/content/zh/examples/podpreset/replicaset-merged.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: frontend
+  labels:
+    app: guestbook
+    role: frontend
+  annotations:
+    podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
+spec:
+  containers:
+  - name: php-redis
+    image: gcr.io/google_samples/gb-frontend:v3
+    resources:
+      requests:
+        cpu: 100m
+        memory: 100Mi
+    volumeMounts:
+    - mountPath: /cache
+      name: cache-volume
+    env:
+    - name: GET_HOSTS_FROM
+      value: dns
+    - name: DB_PORT
+      value: "6379"
+    ports:
+    - containerPort: 80
+  volumes:
+  - name: cache-volume
+    emptyDir: {}
+
diff --git a/content/zh/examples/podpreset/replicaset.yaml b/content/zh/examples/podpreset/replicaset.yaml
new file mode 100644
index 0000000000000..e9d49a9d1ddda
--- /dev/null
+++ b/content/zh/examples/podpreset/replicaset.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  name: frontend
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      role: frontend
+    matchExpressions:
+      - {key: role, operator: In, values: [frontend]}
+  template:
+    metadata:
+      labels:
+        app: guestbook
+        role: frontend
+    spec:
+      containers:
+      - name: php-redis
+        image: gcr.io/google_samples/gb-frontend:v3
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        env:
+          - name: GET_HOSTS_FROM
+            value: dns
+        ports:
+          - containerPort: 80
diff --git a/content/zh/examples/pods/commands.yaml b/content/zh/examples/pods/commands.yaml
new file mode 100644
index 0000000000000..2327d2582745f
--- /dev/null
+++ b/content/zh/examples/pods/commands.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: command-demo
+  labels:
+    purpose: demonstrate-command
+spec:
+  containers:
+  - name: command-demo-container
+    image: debian
+    command: ["printenv"]
+    args: ["HOSTNAME", "KUBERNETES_PORT"]
+  restartPolicy: OnFailure
diff --git a/content/zh/examples/pods/config/redis-config b/content/zh/examples/pods/config/redis-config
new file mode 100644
index 0000000000000..ead340713c830
--- /dev/null
+++ b/content/zh/examples/pods/config/redis-config
@@ -0,0 +1,2 @@
+maxmemory 2mb
+maxmemory-policy allkeys-lru
diff --git a/content/zh/examples/pods/config/redis-pod.yaml b/content/zh/examples/pods/config/redis-pod.yaml
new file mode 100644
index 0000000000000..259dbf853aa4c
--- /dev/null
+++ b/content/zh/examples/pods/config/redis-pod.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: redis
+spec:
+  containers:
+  - name: redis
+    image: kubernetes/redis:v1
+    env:
+    - name: MASTER
+      value: "true"
+    ports:
+    - containerPort: 6379
+    resources:
+      limits:
+        cpu: "0.1"
+    volumeMounts:
+    - mountPath: /redis-master-data
+      name: data
+    - mountPath: /redis-master
+      name: config
+  volumes:
+    - name: data
+      emptyDir: {}
+    - name: config
+      configMap:
+        name: example-redis-config
+        items:
+        - key: redis-config
+          path: redis.conf
diff --git a/content/zh/examples/pods/init-containers.yaml b/content/zh/examples/pods/init-containers.yaml
new file mode 100644
index 0000000000000..35c393d7c728e
--- /dev/null
+++ b/content/zh/examples/pods/init-containers.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: init-demo
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    ports:
+    - containerPort: 80
+    volumeMounts:
+    - name: workdir
+      mountPath: /usr/share/nginx/html
+  # These containers are run during pod initialization
+  initContainers:
+  - name: install
+    image: busybox
+    command:
+    - wget
+    - "-O"
+    - "/work-dir/index.html"
+    - http://kubernetes.io
+    volumeMounts:
+    - name: workdir
+      mountPath: "/work-dir"
+  dnsPolicy: Default
+  volumes:
+  - name: workdir
+    emptyDir: {}
+
diff --git a/content/zh/examples/pods/inject/dapi-envars-container.yaml b/content/zh/examples/pods/inject/dapi-envars-container.yaml
new file mode 100644
index 0000000000000..55bd4dd263a00
--- /dev/null
+++ b/content/zh/examples/pods/inject/dapi-envars-container.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-envars-resourcefieldref
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox:1.24
+      command: [ "sh", "-c"]
+      args:
+      - while true; do
+          echo -en '\n';
+          printenv MY_CPU_REQUEST MY_CPU_LIMIT;
+          printenv MY_MEM_REQUEST MY_MEM_LIMIT;
+          sleep 10;
+        done;
+      resources:
+        requests:
+          memory: "32Mi"
+          cpu: "125m"
+        limits:
+          memory: "64Mi"
+          cpu: "250m"
+      env:
+        - name: MY_CPU_REQUEST
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: requests.cpu
+        - name: MY_CPU_LIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: limits.cpu
+        - name: MY_MEM_REQUEST
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: requests.memory
+        - name: MY_MEM_LIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: limits.memory
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/inject/dapi-envars-pod.yaml b/content/zh/examples/pods/inject/dapi-envars-pod.yaml
new file mode 100644
index 0000000000000..071fa82bb3b26
--- /dev/null
+++ b/content/zh/examples/pods/inject/dapi-envars-pod.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-envars-fieldref
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox
+      command: [ "sh", "-c"]
+      args:
+      - while true; do
+          echo -en '\n';
+          printenv MY_NODE_NAME MY_POD_NAME MY_POD_NAMESPACE;
+          printenv MY_POD_IP MY_POD_SERVICE_ACCOUNT;
+          sleep 10;
+        done;
+      env:
+        - name: MY_NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: MY_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MY_POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: MY_POD_SERVICE_ACCOUNT
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.serviceAccountName
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/inject/dapi-volume-resources.yaml b/content/zh/examples/pods/inject/dapi-volume-resources.yaml
new file mode 100644
index 0000000000000..ee9677bec4307
--- /dev/null
+++ b/content/zh/examples/pods/inject/dapi-volume-resources.yaml
@@ -0,0 +1,58 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kubernetes-downwardapi-volume-example-2
+spec:
+  containers:
+    - name: client-container
+      image: k8s.gcr.io/busybox:1.24
+      command: ["sh", "-c"]
+      args:
+      - while true; do
+          echo -en '\n';
+          if [[ -e /etc/podinfo/cpu_limit ]]; then
+            echo -en '\n'; cat /etc/podinfo/cpu_limit; fi;
+          if [[ -e /etc/podinfo/cpu_request ]]; then
+            echo -en '\n'; cat /etc/podinfo/cpu_request; fi;
+          if [[ -e /etc/podinfo/mem_limit ]]; then
+            echo -en '\n'; cat /etc/podinfo/mem_limit; fi;
+          if [[ -e /etc/podinfo/mem_request ]]; then
+            echo -en '\n'; cat /etc/podinfo/mem_request; fi;
+          sleep 5;
+        done;
+      resources:
+        requests:
+          memory: "32Mi"
+          cpu: "125m"
+        limits:
+          memory: "64Mi"
+          cpu: "250m"
+      volumeMounts:
+        - name: podinfo
+          mountPath: /etc/podinfo
+          readOnly: false
+  volumes:
+    - name: podinfo
+      downwardAPI:
+        items:
+          - path: "cpu_limit"
+            resourceFieldRef:
+              containerName: client-container
+              resource: limits.cpu
+              divisor: 1m
+          - path: "cpu_request"
+            resourceFieldRef:
+              containerName: client-container
+              resource: requests.cpu
+              divisor: 1m
+          - path: "mem_limit"
+            resourceFieldRef:
+              containerName: client-container
+              resource: limits.memory
+              divisor: 1Mi
+          - path: "mem_request"
+            resourceFieldRef:
+              containerName: client-container
+              resource: requests.memory
+              divisor: 1Mi
+
diff --git a/content/zh/examples/pods/inject/dapi-volume.yaml b/content/zh/examples/pods/inject/dapi-volume.yaml
new file mode 100644
index 0000000000000..e7515afba5829
--- /dev/null
+++ b/content/zh/examples/pods/inject/dapi-volume.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kubernetes-downwardapi-volume-example
+  labels:
+    zone: us-est-coast
+    cluster: test-cluster1
+    rack: rack-22
+  annotations:
+    build: two
+    builder: john-doe
+spec:
+  containers:
+    - name: client-container
+      image: k8s.gcr.io/busybox
+      command: ["sh", "-c"]
+      args:
+      - while true; do
+          if [[ -e /etc/podinfo/labels ]]; then
+            echo -en '\n\n'; cat /etc/podinfo/labels; fi;
+          if [[ -e /etc/podinfo/annotations ]]; then
+            echo -en '\n\n'; cat /etc/podinfo/annotations; fi;
+          sleep 5;
+        done;
+      volumeMounts:
+        - name: podinfo
+          mountPath: /etc/podinfo
+          readOnly: false
+  volumes:
+    - name: podinfo
+      downwardAPI:
+        items:
+          - path: "labels"
+            fieldRef:
+              fieldPath: metadata.labels
+          - path: "annotations"
+            fieldRef:
+              fieldPath: metadata.annotations
+
diff --git a/content/zh/examples/pods/inject/envars.yaml b/content/zh/examples/pods/inject/envars.yaml
new file mode 100644
index 0000000000000..ebf5214376f19
--- /dev/null
+++ b/content/zh/examples/pods/inject/envars.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: envar-demo
+  labels:
+    purpose: demonstrate-envars
+spec:
+  containers:
+  - name: envar-demo-container
+    image: gcr.io/google-samples/node-hello:1.0
+    env:
+    - name: DEMO_GREETING
+      value: "Hello from the environment"
+    - name: DEMO_FAREWELL
+      value: "Such a sweet sorrow"
diff --git a/content/zh/examples/pods/inject/secret.yaml~HEAD b/content/zh/examples/pods/inject/secret.yaml~HEAD
new file mode 100644
index 0000000000000..706ca8670fa8d
--- /dev/null
+++ b/content/zh/examples/pods/inject/secret.yaml~HEAD
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-secret
+data:
+  username: bXktYXBw
+  password: Mzk1MjgkdmRnN0pi
diff --git a/content/zh/examples/pods/pod-configmap-env-var-valueFrom.yaml b/content/zh/examples/pods/pod-configmap-env-var-valueFrom.yaml
new file mode 100644
index 0000000000000..a72b4335ce3b0
--- /dev/null
+++ b/content/zh/examples/pods/pod-configmap-env-var-valueFrom.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox
+      command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ]
+      env:
+        - name: SPECIAL_LEVEL_KEY
+          valueFrom:
+            configMapKeyRef:
+              name: special-config
+              key: SPECIAL_LEVEL
+        - name: SPECIAL_TYPE_KEY
+          valueFrom:
+            configMapKeyRef:
+              name: special-config
+              key: SPECIAL_TYPE
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/pod-configmap-envFrom.yaml b/content/zh/examples/pods/pod-configmap-envFrom.yaml
new file mode 100644
index 0000000000000..70ae7e5bcfaf9
--- /dev/null
+++ b/content/zh/examples/pods/pod-configmap-envFrom.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox
+      command: [ "/bin/sh", "-c", "env" ]
+      envFrom:
+      - configMapRef:
+          name: special-config
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/pod-configmap-volume-specific-key.yaml b/content/zh/examples/pods/pod-configmap-volume-specific-key.yaml
new file mode 100644
index 0000000000000..72e38fd83635c
--- /dev/null
+++ b/content/zh/examples/pods/pod-configmap-volume-specific-key.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox
+      command: [ "/bin/sh","-c","cat /etc/config/keys" ]
+      volumeMounts:
+      - name: config-volume
+        mountPath: /etc/config
+  volumes:
+    - name: config-volume
+      configMap:
+        name: special-config
+        items:
+        - key: SPECIAL_LEVEL
+          path: keys
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/pod-configmap-volume.yaml b/content/zh/examples/pods/pod-configmap-volume.yaml
new file mode 100644
index 0000000000000..23b0f7718e157
--- /dev/null
+++ b/content/zh/examples/pods/pod-configmap-volume.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox
+      command: [ "/bin/sh", "-c", "ls /etc/config/" ]
+      volumeMounts:
+      - name: config-volume
+        mountPath: /etc/config
+  volumes:
+    - name: config-volume
+      configMap:
+        # Provide the name of the ConfigMap containing the files you want
+        # to add to the container
+        name: special-config
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/pod-multiple-configmap-env-variable.yaml b/content/zh/examples/pods/pod-multiple-configmap-env-variable.yaml
new file mode 100644
index 0000000000000..4790a9c661c84
--- /dev/null
+++ b/content/zh/examples/pods/pod-multiple-configmap-env-variable.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox
+      command: [ "/bin/sh", "-c", "env" ]
+      env:
+        - name: SPECIAL_LEVEL_KEY
+          valueFrom:
+            configMapKeyRef:
+              name: special-config
+              key: special.how
+        - name: LOG_LEVEL
+          valueFrom:
+            configMapKeyRef:
+              name: env-config
+              key: log_level
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/pod-nginx-specific-node.yaml b/content/zh/examples/pods/pod-nginx-specific-node.yaml
new file mode 100644
index 0000000000000..5923400d64534
--- /dev/null
+++ b/content/zh/examples/pods/pod-nginx-specific-node.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  nodeName: foo-node # schedule pod to specific node
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
diff --git a/content/zh/examples/pods/pod-projected-svc-token.yaml b/content/zh/examples/pods/pod-projected-svc-token.yaml
new file mode 100644
index 0000000000000..1c6ba249806cb
--- /dev/null
+++ b/content/zh/examples/pods/pod-projected-svc-token.yaml
@@ -0,0 +1,20 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: nginx
+spec:
+  containers:
+  - image: nginx
+    name: nginx
+    volumeMounts:
+    - mountPath: /var/run/secrets/tokens
+      name: vault-token
+  serviceAccountName: acct
+  volumes:
+  - name: vault-token
+    projected:
+      sources:
+      - serviceAccountToken:
+          path: vault-token
+          expirationSeconds: 7200
+          audience: vault
diff --git a/content/zh/examples/pods/pod-rs.yaml b/content/zh/examples/pods/pod-rs.yaml
new file mode 100644
index 0000000000000..df7b390597c49
--- /dev/null
+++ b/content/zh/examples/pods/pod-rs.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod1
+  labels:
+    tier: frontend
+spec:
+  containers:
+  - name: hello1
+    image: gcr.io/google-samples/hello-app:2.0
+
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod2
+  labels:
+    tier: frontend
+spec:
+  containers:
+  - name: hello2
+    image: gcr.io/google-samples/hello-app:1.0
diff --git a/content/zh/examples/pods/pod-single-configmap-env-variable.yaml b/content/zh/examples/pods/pod-single-configmap-env-variable.yaml
new file mode 100644
index 0000000000000..c86123afd76ce
--- /dev/null
+++ b/content/zh/examples/pods/pod-single-configmap-env-variable.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: k8s.gcr.io/busybox
+      command: [ "/bin/sh", "-c", "env" ]
+      env:
+        # Define the environment variable
+        - name: SPECIAL_LEVEL_KEY
+          valueFrom:
+            configMapKeyRef:
+              # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
+              name: special-config
+              # Specify the key associated with the value
+              key: special.how
+  restartPolicy: Never
diff --git a/content/zh/examples/pods/pod-with-node-affinity.yaml b/content/zh/examples/pods/pod-with-node-affinity.yaml
new file mode 100644
index 0000000000000..253d2b21ea917
--- /dev/null
+++ b/content/zh/examples/pods/pod-with-node-affinity.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: with-node-affinity
+spec:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: kubernetes.io/e2e-az-name
+            operator: In
+            values:
+            - e2e-az1
+            - e2e-az2
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: another-node-label-key
+            operator: In
+            values:
+            - another-node-label-value
+  containers:
+  - name: with-node-affinity
+    image: k8s.gcr.io/pause:2.0
\ No newline at end of file
diff --git a/content/zh/examples/pods/pod-with-pod-affinity.yaml b/content/zh/examples/pods/pod-with-pod-affinity.yaml
new file mode 100644
index 0000000000000..35e645ef1f376
--- /dev/null
+++ b/content/zh/examples/pods/pod-with-pod-affinity.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: with-pod-affinity
+spec:
+  affinity:
+    podAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+          - key: security
+            operator: In
+            values:
+            - S1
+        topologyKey: failure-domain.beta.kubernetes.io/zone
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: security
+              operator: In
+              values:
+              - S2
+          topologyKey: failure-domain.beta.kubernetes.io/zone
+  containers:
+  - name: with-pod-affinity
+    image: k8s.gcr.io/pause:2.0
diff --git a/content/zh/examples/pods/private-reg-pod.yaml b/content/zh/examples/pods/private-reg-pod.yaml
new file mode 100644
index 0000000000000..4029588dd0758
--- /dev/null
+++ b/content/zh/examples/pods/private-reg-pod.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: private-reg
+spec:
+  containers:
+  - name: private-reg-container
+    image: <your-private-image>
+  imagePullSecrets:
+  - name: regcred
+
diff --git a/content/zh/examples/pods/probe/exec-liveness.yaml b/content/zh/examples/pods/probe/exec-liveness.yaml
new file mode 100644
index 0000000000000..07bf75f85c6f3
--- /dev/null
+++ b/content/zh/examples/pods/probe/exec-liveness.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    test: liveness
+  name: liveness-exec
+spec:
+  containers:
+  - name: liveness
+    image: k8s.gcr.io/busybox
+    args:
+    - /bin/sh
+    - -c
+    - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
+    livenessProbe:
+      exec:
+        command:
+        - cat
+        - /tmp/healthy
+      initialDelaySeconds: 5
+      periodSeconds: 5
diff --git a/content/zh/examples/pods/probe/http-liveness.yaml b/content/zh/examples/pods/probe/http-liveness.yaml
new file mode 100644
index 0000000000000..23d37b480a06e
--- /dev/null
+++ b/content/zh/examples/pods/probe/http-liveness.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    test: liveness
+  name: liveness-http
+spec:
+  containers:
+  - name: liveness
+    image: k8s.gcr.io/liveness
+    args:
+    - /server
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: 8080
+        httpHeaders:
+        - name: X-Custom-Header
+          value: Awesome
+      initialDelaySeconds: 3
+      periodSeconds: 3
diff --git a/content/zh/examples/pods/probe/pod-with-http-healthcheck.yaml b/content/zh/examples/pods/probe/pod-with-http-healthcheck.yaml
new file mode 100644
index 0000000000000..3f40854e92cf3
--- /dev/null
+++ b/content/zh/examples/pods/probe/pod-with-http-healthcheck.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-http-healthcheck
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    # defines the health checking
+    livenessProbe:
+      # an http probe
+      httpGet:
+        path: /_status/healthz
+        port: 80
+      # length of time to wait for a pod to initialize
+      # after pod startup, before applying health checking
+      initialDelaySeconds: 30
+      timeoutSeconds: 1
+    ports:
+    - containerPort: 80
diff --git a/content/zh/examples/pods/probe/pod-with-tcp-socket-healthcheck.yaml b/content/zh/examples/pods/probe/pod-with-tcp-socket-healthcheck.yaml
new file mode 100644
index 0000000000000..5f0bca283c30e
--- /dev/null
+++ b/content/zh/examples/pods/probe/pod-with-tcp-socket-healthcheck.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-tcp-socket-healthcheck
+spec:
+  containers:
+  - name: redis
+    image: redis
+    # defines the health checking
+    livenessProbe:
+      # a TCP socket probe
+      tcpSocket:
+        port: 6379
+      # length of time to wait for a pod to initialize
+      # after pod startup, before applying health checking
+      initialDelaySeconds: 30
+      timeoutSeconds: 1
+    ports:
+    - containerPort: 6379
diff --git a/content/zh/examples/pods/probe/tcp-liveness-readiness.yaml b/content/zh/examples/pods/probe/tcp-liveness-readiness.yaml
new file mode 100644
index 0000000000000..08fb77ff0f58c
--- /dev/null
+++ b/content/zh/examples/pods/probe/tcp-liveness-readiness.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: goproxy
+  labels:
+    app: goproxy
+spec:
+  containers:
+  - name: goproxy
+    image: k8s.gcr.io/goproxy:0.1
+    ports:
+    - containerPort: 8080
+    readinessProbe:
+      tcpSocket:
+        port: 8080
+      initialDelaySeconds: 5
+      periodSeconds: 10
+    livenessProbe:
+      tcpSocket:
+        port: 8080
+      initialDelaySeconds: 15
+      periodSeconds: 20
diff --git a/content/zh/examples/pods/qos/qos-pod-2.yaml b/content/zh/examples/pods/qos/qos-pod-2.yaml
new file mode 100644
index 0000000000000..115d4de21e3c2
--- /dev/null
+++ b/content/zh/examples/pods/qos/qos-pod-2.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo-2
+  namespace: qos-example
+spec:
+  containers:
+  - name: qos-demo-2-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "200Mi"
+      requests:
+        memory: "100Mi"
diff --git a/content/zh/examples/pods/qos/qos-pod-3.yaml b/content/zh/examples/pods/qos/qos-pod-3.yaml
new file mode 100644
index 0000000000000..dac362994209d
--- /dev/null
+++ b/content/zh/examples/pods/qos/qos-pod-3.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo-3
+  namespace: qos-example
+spec:
+  containers:
+  - name: qos-demo-3-ctr
+    image: nginx
diff --git a/content/zh/examples/pods/qos/qos-pod-4.yaml b/content/zh/examples/pods/qos/qos-pod-4.yaml
new file mode 100644
index 0000000000000..d4818b277eefa
--- /dev/null
+++ b/content/zh/examples/pods/qos/qos-pod-4.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo-4
+  namespace: qos-example
+spec:
+  containers:
+
+  - name: qos-demo-4-ctr-1
+    image: nginx
+    resources:
+      requests:
+        memory: "200Mi"
+
+  - name: qos-demo-4-ctr-2
+    image: redis
diff --git a/content/zh/examples/pods/qos/qos-pod.yaml b/content/zh/examples/pods/qos/qos-pod.yaml
new file mode 100644
index 0000000000000..b4a6b1ea82902
--- /dev/null
+++ b/content/zh/examples/pods/qos/qos-pod.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo
+  namespace: qos-example
+spec:
+  containers:
+  - name: qos-demo-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "200Mi"
+        cpu: "700m"
+      requests:
+        memory: "200Mi"
+        cpu: "700m"
diff --git a/content/zh/examples/pods/resource/cpu-request-limit-2.yaml b/content/zh/examples/pods/resource/cpu-request-limit-2.yaml
new file mode 100644
index 0000000000000..f505c77fbb91b
--- /dev/null
+++ b/content/zh/examples/pods/resource/cpu-request-limit-2.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cpu-demo-2
+  namespace: cpu-example
+spec:
+  containers:
+  - name: cpu-demo-ctr-2
+    image: vish/stress
+    resources:
+      limits:
+        cpu: "100"
+      requests:
+        cpu: "100"
+    args:
+    - -cpus
+    - "2"
diff --git a/content/zh/examples/pods/resource/cpu-request-limit.yaml b/content/zh/examples/pods/resource/cpu-request-limit.yaml
new file mode 100644
index 0000000000000..2cc0b2cf4f635
--- /dev/null
+++ b/content/zh/examples/pods/resource/cpu-request-limit.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cpu-demo
+  namespace: cpu-example
+spec:
+  containers:
+  - name: cpu-demo-ctr
+    image: vish/stress
+    resources:
+      limits:
+        cpu: "1"
+      requests:
+        cpu: "0.5"
+    args:
+    - -cpus
+    - "2"
diff --git a/content/zh/examples/pods/resource/extended-resource-pod-2.yaml b/content/zh/examples/pods/resource/extended-resource-pod-2.yaml
new file mode 100644
index 0000000000000..9c15d9ec86490
--- /dev/null
+++ b/content/zh/examples/pods/resource/extended-resource-pod-2.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: extended-resource-demo-2
+spec:
+  containers:
+  - name: extended-resource-demo-2-ctr
+    image: nginx
+    resources:
+      requests:
+        example.com/dongle: 2
+      limits:
+        example.com/dongle: 2
diff --git a/content/zh/examples/pods/resource/extended-resource-pod.yaml b/content/zh/examples/pods/resource/extended-resource-pod.yaml
new file mode 100644
index 0000000000000..4fb3de740e082
--- /dev/null
+++ b/content/zh/examples/pods/resource/extended-resource-pod.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: extended-resource-demo
+spec:
+  containers:
+  - name: extended-resource-demo-ctr
+    image: nginx
+    resources:
+      requests:
+        example.com/dongle: 3
+      limits:
+        example.com/dongle: 3
diff --git a/content/zh/examples/pods/resource/memory-request-limit-2.yaml b/content/zh/examples/pods/resource/memory-request-limit-2.yaml
new file mode 100644
index 0000000000000..99032c4fc2adc
--- /dev/null
+++ b/content/zh/examples/pods/resource/memory-request-limit-2.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: memory-demo-2
+  namespace: mem-example
+spec:
+  containers:
+  - name: memory-demo-2-ctr
+    image: polinux/stress
+    resources:
+      requests:
+        memory: "50Mi"
+      limits:
+        memory: "100Mi"
+    command: ["stress"]
+    args: ["--vm", "1", "--vm-bytes", "250M", "--vm-hang", "1"]
diff --git a/content/zh/examples/pods/resource/memory-request-limit-3.yaml b/content/zh/examples/pods/resource/memory-request-limit-3.yaml
new file mode 100644
index 0000000000000..9f089c4a7a2be
--- /dev/null
+++ b/content/zh/examples/pods/resource/memory-request-limit-3.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: memory-demo-3
+  namespace: mem-example
+spec:
+  containers:
+  - name: memory-demo-3-ctr
+    image: polinux/stress
+    resources:
+      limits:
+        memory: "1000Gi"
+      requests:
+        memory: "1000Gi"
+    command: ["stress"]
+    args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]
diff --git a/content/zh/examples/pods/resource/memory-request-limit.yaml b/content/zh/examples/pods/resource/memory-request-limit.yaml
new file mode 100644
index 0000000000000..985b1308d9a00
--- /dev/null
+++ b/content/zh/examples/pods/resource/memory-request-limit.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: memory-demo
+  namespace: mem-example
+spec:
+  containers:
+  - name: memory-demo-ctr
+    image: polinux/stress
+    resources:
+      limits:
+        memory: "200Mi"
+      requests:
+        memory: "100Mi"
+    command: ["stress"]
+    args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]
diff --git a/content/zh/examples/pods/security/hello-apparmor.yaml b/content/zh/examples/pods/security/hello-apparmor.yaml
new file mode 100644
index 0000000000000..3e9b3b2a9c6be
--- /dev/null
+++ b/content/zh/examples/pods/security/hello-apparmor.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hello-apparmor
+  annotations:
+    # Tell Kubernetes to apply the AppArmor profile "k8s-apparmor-example-deny-write".
+    # Note that this is ignored if the Kubernetes node is not running version 1.4 or greater.
+    container.apparmor.security.beta.kubernetes.io/hello: localhost/k8s-apparmor-example-deny-write
+spec:
+  containers:
+  - name: hello
+    image: busybox
+    command: [ "sh", "-c", "echo 'Hello AppArmor!' && sleep 1h" ]
diff --git a/content/zh/examples/pods/security/security-context-2.yaml b/content/zh/examples/pods/security/security-context-2.yaml
new file mode 100644
index 0000000000000..0e3185341e94d
--- /dev/null
+++ b/content/zh/examples/pods/security/security-context-2.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo-2
+spec:
+  securityContext:
+    runAsUser: 1000
+  containers:
+  - name: sec-ctx-demo-2
+    image: gcr.io/google-samples/node-hello:1.0
+    securityContext:
+      runAsUser: 2000
+      allowPrivilegeEscalation: false
diff --git a/content/zh/examples/pods/security/security-context-3.yaml b/content/zh/examples/pods/security/security-context-3.yaml
new file mode 100644
index 0000000000000..05295e1a03800
--- /dev/null
+++ b/content/zh/examples/pods/security/security-context-3.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo-3
+spec:
+  containers:
+  - name: sec-ctx-3
+    image: gcr.io/google-samples/node-hello:1.0
+
+
+
diff --git a/content/zh/examples/pods/security/security-context-4.yaml b/content/zh/examples/pods/security/security-context-4.yaml
new file mode 100644
index 0000000000000..d725308fecb56
--- /dev/null
+++ b/content/zh/examples/pods/security/security-context-4.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo-4
+spec:
+  containers:
+  - name: sec-ctx-4
+    image: gcr.io/google-samples/node-hello:1.0
+    securityContext:
+      capabilities:
+        add: ["NET_ADMIN", "SYS_TIME"]
diff --git a/content/zh/examples/pods/security/security-context.yaml b/content/zh/examples/pods/security/security-context.yaml
new file mode 100644
index 0000000000000..86ca51d39a6f0
--- /dev/null
+++ b/content/zh/examples/pods/security/security-context.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo
+spec:
+  securityContext:
+    runAsUser: 1000
+    fsGroup: 2000
+  volumes:
+  - name: sec-ctx-vol
+    emptyDir: {}
+  containers:
+  - name: sec-ctx-demo
+    image: gcr.io/google-samples/node-hello:1.0
+    volumeMounts:
+    - name: sec-ctx-vol
+      mountPath: /data/demo
+    securityContext:
+      allowPrivilegeEscalation: false
diff --git a/content/zh/examples/pods/share-process-namespace.yaml b/content/zh/examples/pods/share-process-namespace.yaml
new file mode 100644
index 0000000000000..af812732a247a
--- /dev/null
+++ b/content/zh/examples/pods/share-process-namespace.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  shareProcessNamespace: true
+  containers:
+  - name: nginx
+    image: nginx
+  - name: shell
+    image: busybox
+    securityContext:
+      capabilities:
+        add:
+        - SYS_PTRACE
+    stdin: true
+    tty: true
diff --git a/content/zh/examples/pods/simple-pod.yaml b/content/zh/examples/pods/simple-pod.yaml
new file mode 100644
index 0000000000000..4208f4b36536d
--- /dev/null
+++ b/content/zh/examples/pods/simple-pod.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+  - name: nginx
+    image: nginx:1.7.9
+    ports:
+    - containerPort: 80
diff --git a/content/zh/examples/pods/storage/projected.yaml b/content/zh/examples/pods/storage/projected.yaml
new file mode 100644
index 0000000000000..172ca0dee52de
--- /dev/null
+++ b/content/zh/examples/pods/storage/projected.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-projected-volume
+spec:
+  containers:
+  - name: test-projected-volume
+    image: busybox
+    args:
+    - sleep
+    - "86400"
+    volumeMounts:
+    - name: all-in-one
+      mountPath: "/projected-volume"
+      readOnly: true
+  volumes:
+  - name: all-in-one
+    projected:
+      sources:
+      - secret:
+          name: user
+      - secret:
+          name: pass
diff --git a/content/zh/examples/pods/storage/pv-claim.yaml b/content/zh/examples/pods/storage/pv-claim.yaml
new file mode 100644
index 0000000000000..197db917c8c5a
--- /dev/null
+++ b/content/zh/examples/pods/storage/pv-claim.yaml
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: task-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/content/zh/examples/pods/storage/pv-pod.yaml b/content/zh/examples/pods/storage/pv-pod.yaml
new file mode 100644
index 0000000000000..9bb4ca45ad605
--- /dev/null
+++ b/content/zh/examples/pods/storage/pv-pod.yaml
@@ -0,0 +1,20 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: task-pv-pod
+spec:
+  volumes:
+    - name: task-pv-storage
+      persistentVolumeClaim:
+       claimName: task-pv-claim
+  containers:
+    - name: task-pv-container
+      image: nginx
+      ports:
+        - containerPort: 80
+          name: "http-server"
+      volumeMounts:
+        - mountPath: "/usr/share/nginx/html"
+          name: task-pv-storage
+
+
diff --git a/content/zh/examples/pods/storage/pv-volume.yaml b/content/zh/examples/pods/storage/pv-volume.yaml
new file mode 100644
index 0000000000000..33ca6843f4e0d
--- /dev/null
+++ b/content/zh/examples/pods/storage/pv-volume.yaml
@@ -0,0 +1,14 @@
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: task-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
diff --git a/content/zh/examples/pods/storage/redis.yaml b/content/zh/examples/pods/storage/redis.yaml
new file mode 100644
index 0000000000000..cb06456d4b315
--- /dev/null
+++ b/content/zh/examples/pods/storage/redis.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: redis
+spec:
+  containers:
+  - name: redis
+    image: redis
+    volumeMounts:
+    - name: redis-storage
+      mountPath: /data/redis
+  volumes:
+  - name: redis-storage
+    emptyDir: {}
diff --git a/content/zh/examples/pods/two-container-pod.yaml b/content/zh/examples/pods/two-container-pod.yaml
new file mode 100644
index 0000000000000..031ada7112b4c
--- /dev/null
+++ b/content/zh/examples/pods/two-container-pod.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: two-containers
+spec:
+
+  restartPolicy: Never
+
+  volumes:
+  - name: shared-data
+    emptyDir: {}
+
+  containers:
+
+  - name: nginx-container
+    image: nginx
+    volumeMounts:
+    - name: shared-data
+      mountPath: /usr/share/nginx/html
+
+  - name: debian-container
+    image: debian
+    volumeMounts:
+    - name: shared-data
+      mountPath: /pod-data
+    command: ["/bin/sh"]
+    args: ["-c", "echo Hello from the debian container > /pod-data/index.html"]
diff --git a/content/zh/examples/policy/example-psp.yaml b/content/zh/examples/policy/example-psp.yaml
new file mode 100644
index 0000000000000..7531949b650ec
--- /dev/null
+++ b/content/zh/examples/policy/example-psp.yaml
@@ -0,0 +1,17 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: example
+spec:
+  privileged: false  # Don't allow privileged pods!
+  # The rest fills in some required fields.
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  volumes:
+  - '*'
diff --git a/content/zh/examples/policy/privileged-psp.yaml b/content/zh/examples/policy/privileged-psp.yaml
new file mode 100644
index 0000000000000..915c8d37b5460
--- /dev/null
+++ b/content/zh/examples/policy/privileged-psp.yaml
@@ -0,0 +1,27 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: privileged
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  volumes:
+  - '*'
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
diff --git a/content/zh/examples/policy/restricted-psp.yaml b/content/zh/examples/policy/restricted-psp.yaml
new file mode 100644
index 0000000000000..e677ba8e22946
--- /dev/null
+++ b/content/zh/examples/policy/restricted-psp.yaml
@@ -0,0 +1,48 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: restricted
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  # This is redundant with non-root + disallow privilege escalation,
+  # but we can provide it for defense in depth.
+  requiredDropCapabilities:
+    - ALL
+  # Allow core volume types.
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    # Assume that persistentVolumes set up by the cluster admin are safe to use.
+    - 'persistentVolumeClaim'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
diff --git a/content/zh/examples/policy/zookeeper-pod-disruption-budget-maxunavailable.yaml b/content/zh/examples/policy/zookeeper-pod-disruption-budget-maxunavailable.yaml
new file mode 100644
index 0000000000000..a62bef140f2b1
--- /dev/null
+++ b/content/zh/examples/policy/zookeeper-pod-disruption-budget-maxunavailable.yaml
@@ -0,0 +1,9 @@
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: zk-pdb
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: zookeeper
diff --git a/content/zh/examples/policy/zookeeper-pod-disruption-budget-minavailable.yaml b/content/zh/examples/policy/zookeeper-pod-disruption-budget-minavailable.yaml
new file mode 100644
index 0000000000000..c4776ad4c0b04
--- /dev/null
+++ b/content/zh/examples/policy/zookeeper-pod-disruption-budget-minavailable.yaml
@@ -0,0 +1,9 @@
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: zk-pdb
+spec:
+  minAvailable: 2
+  selector:
+    matchLabels:
+      app: zookeeper
diff --git a/content/zh/examples/service/access/frontend.yaml b/content/zh/examples/service/access/frontend.yaml
new file mode 100644
index 0000000000000..9f5b6b757fe8c
--- /dev/null
+++ b/content/zh/examples/service/access/frontend.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+spec:
+  selector:
+    app: hello
+    tier: frontend
+  ports:
+  - protocol: "TCP"
+    port: 80
+    targetPort: 80
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+spec:
+  selector:
+    matchLabels:
+      app: hello
+      tier: frontend
+      track: stable
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: hello
+        tier: frontend
+        track: stable
+    spec:
+      containers:
+      - name: nginx
+        image: "gcr.io/google-samples/hello-frontend:1.0"
+        lifecycle:
+          preStop:
+            exec:
+              command: ["/usr/sbin/nginx","-s","quit"]
diff --git a/content/zh/examples/service/access/hello-service.yaml b/content/zh/examples/service/access/hello-service.yaml
new file mode 100644
index 0000000000000..1e4c7a6c3224d
--- /dev/null
+++ b/content/zh/examples/service/access/hello-service.yaml
@@ -0,0 +1,12 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: hello
+spec:
+  selector:
+    app: hello
+    tier: backend
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: http
diff --git a/content/zh/examples/service/access/hello.yaml b/content/zh/examples/service/access/hello.yaml
new file mode 100644
index 0000000000000..85dff18ee1d80
--- /dev/null
+++ b/content/zh/examples/service/access/hello.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hello
+spec:
+  selector:
+    matchLabels:
+      app: hello
+      tier: backend
+      track: stable
+  replicas: 7
+  template:
+    metadata:
+      labels:
+        app: hello
+        tier: backend
+        track: stable
+    spec:
+      containers:
+        - name: hello
+          image: "gcr.io/google-samples/hello-go-gke:1.0"
+          ports:
+            - name: http
+              containerPort: 80
diff --git a/content/zh/examples/service/networking/curlpod.yaml b/content/zh/examples/service/networking/curlpod.yaml
new file mode 100644
index 0000000000000..c15133641f541
--- /dev/null
+++ b/content/zh/examples/service/networking/curlpod.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: curl-deployment
+spec:
+  selector:
+    matchLabels:
+      app: curlpod
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: curlpod
+    spec:
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: nginxsecret
+      containers:
+      - name: curlpod
+        command:
+        - sh
+        - -c
+        - while true; do sleep 1; done
+        image: radial/busyboxplus:curl
+        volumeMounts:
+        - mountPath: /etc/nginx/ssl
+          name: secret-volume
diff --git a/content/zh/examples/service/networking/custom-dns.yaml b/content/zh/examples/service/networking/custom-dns.yaml
new file mode 100644
index 0000000000000..3e5acd841a218
--- /dev/null
+++ b/content/zh/examples/service/networking/custom-dns.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: default
+  name: dns-example
+spec:
+  containers:
+    - name: test
+      image: nginx
+  dnsPolicy: "None"
+  dnsConfig:
+    nameservers:
+      - 1.2.3.4
+    searches:
+      - ns1.svc.cluster.local
+      - my.dns.search.suffix
+    options:
+      - name: ndots
+        value: "2"
+      - name: edns0
diff --git a/content/zh/examples/service/networking/hostaliases-pod.yaml b/content/zh/examples/service/networking/hostaliases-pod.yaml
new file mode 100644
index 0000000000000..643813b34a13d
--- /dev/null
+++ b/content/zh/examples/service/networking/hostaliases-pod.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hostaliases-pod
+spec:
+  restartPolicy: Never
+  hostAliases:
+  - ip: "127.0.0.1"
+    hostnames:
+    - "foo.local"
+    - "bar.local"
+  - ip: "10.1.2.3"
+    hostnames:
+    - "foo.remote"
+    - "bar.remote"
+  containers:
+  - name: cat-hosts
+    image: busybox
+    command:
+    - cat
+    args:
+    - "/etc/hosts"
diff --git a/content/zh/examples/service/networking/ingress.yaml b/content/zh/examples/service/networking/ingress.yaml
new file mode 100644
index 0000000000000..163c1d5b9d022
--- /dev/null
+++ b/content/zh/examples/service/networking/ingress.yaml
@@ -0,0 +1,9 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: test-ingress
+spec:
+  backend:
+    serviceName: testsvc
+    servicePort: 80
+
diff --git a/content/zh/examples/service/networking/nginx-secure-app.yaml b/content/zh/examples/service/networking/nginx-secure-app.yaml
new file mode 100644
index 0000000000000..ec180a18df3d3
--- /dev/null
+++ b/content/zh/examples/service/networking/nginx-secure-app.yaml
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx
+  labels:
+    run: my-nginx
+spec:
+  type: NodePort
+  ports:
+  - port: 8080
+    targetPort: 80
+    protocol: TCP
+    name: http
+  - port: 443
+    protocol: TCP
+    name: https
+  selector:
+    run: my-nginx
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+spec:
+  selector:
+    matchLabels:
+      run: my-nginx
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        run: my-nginx
+    spec:
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: nginxsecret
+      containers:
+      - name: nginxhttps
+        image: bprashanth/nginxhttps:1.0
+        ports:
+        - containerPort: 443
+        - containerPort: 80
+        volumeMounts:
+        - mountPath: /etc/nginx/ssl
+          name: secret-volume
diff --git a/content/zh/examples/service/networking/nginx-svc.yaml b/content/zh/examples/service/networking/nginx-svc.yaml
new file mode 100644
index 0000000000000..12fcd5d0bfe2b
--- /dev/null
+++ b/content/zh/examples/service/networking/nginx-svc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx
+  labels:
+    run: my-nginx
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+  selector:
+    run: my-nginx
diff --git a/content/zh/examples/service/networking/run-my-nginx.yaml b/content/zh/examples/service/networking/run-my-nginx.yaml
new file mode 100644
index 0000000000000..76a879f5c4c24
--- /dev/null
+++ b/content/zh/examples/service/networking/run-my-nginx.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+spec:
+  selector:
+    matchLabels:
+      run: my-nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        run: my-nginx
+    spec:
+      containers:
+      - name: my-nginx
+        image: nginx
+        ports:
+        - containerPort: 80
+
diff --git a/content/zh/examples/service/nginx-service.yaml b/content/zh/examples/service/nginx-service.yaml
new file mode 100644
index 0000000000000..810f0ec7d8633
--- /dev/null
+++ b/content/zh/examples/service/nginx-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+spec:
+  ports:
+  - port: 8000 # the port that this service should serve on
+    # the container on each pod to connect to, can be a name
+    # (e.g. 'www') or a number (e.g. 80)
+    targetPort: 80
+    protocol: TCP
+  # just like the selector in the deployment,
+  # but this time it identifies the set of pods to load balance
+  # traffic to.
+  selector:
+    app: nginx
diff --git a/content/zh/examples/windows/configmap-pod.yaml b/content/zh/examples/windows/configmap-pod.yaml
new file mode 100644
index 0000000000000..e30939b367044
--- /dev/null
+++ b/content/zh/examples/windows/configmap-pod.yaml
@@ -0,0 +1,31 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: example-config
+data:
+  example.property.1: hello
+  example.property.2: world
+
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: configmap-pod
+spec:
+  containers:
+  - name: configmap-redis
+    image: redis:3.0-nanoserver
+    env:
+      - name: EXAMPLE_PROPERTY_1
+        valueFrom:
+          configMapKeyRef:
+            name: example-config
+            key: example.property.1
+      - name: EXAMPLE_PROPERTY_2
+        valueFrom:
+          configMapKeyRef:
+            name: example-config
+            key: example.property.2
+  nodeSelector:
+    beta.kubernetes.io/os: windows
\ No newline at end of file
diff --git a/content/zh/examples/windows/daemonset.yaml b/content/zh/examples/windows/daemonset.yaml
new file mode 100644
index 0000000000000..d3a7bb6636ebb
--- /dev/null
+++ b/content/zh/examples/windows/daemonset.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: my-daemonset
+  labels:
+    app: foo
+spec:
+  selector:
+    matchLabels:
+      app: foo
+  template:
+    metadata:
+      labels:
+        app: foo
+    spec:
+      containers:
+      - name: foo
+        image: microsoft/windowsservercore:1709
+      nodeSelector:
+        beta.kubernetes.io/os: windows
+
diff --git a/content/zh/examples/windows/deploy-hyperv.yaml b/content/zh/examples/windows/deploy-hyperv.yaml
new file mode 100644
index 0000000000000..c8b71ce8cbddf
--- /dev/null
+++ b/content/zh/examples/windows/deploy-hyperv.yaml
@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: iis
+spec:
+  selector:
+    matchLabels:
+      app: iis
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: iis
+      annotations:
+        experimental.windows.kubernetes.io/isolation-type: hyperv
+    spec:
+      containers:
+      - name: iis
+        image: microsoft/iis
+        ports:
+        - containerPort: 80
+
diff --git a/content/zh/examples/windows/deploy-resource.yaml b/content/zh/examples/windows/deploy-resource.yaml
new file mode 100644
index 0000000000000..81207a3804a49
--- /dev/null
+++ b/content/zh/examples/windows/deploy-resource.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: iis
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: iis
+  template:
+    metadata:
+      labels:
+        app: iis
+    spec:
+      containers:
+      - name: iis
+        image: microsoft/iis
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: 2
+        ports:
+        - containerPort: 80
+
diff --git a/content/zh/examples/windows/emptydir-pod.yaml b/content/zh/examples/windows/emptydir-pod.yaml
new file mode 100644
index 0000000000000..3210576a59cf4
--- /dev/null
+++ b/content/zh/examples/windows/emptydir-pod.yaml
@@ -0,0 +1,20 @@
+ apiVersion: v1
+ kind: Pod
+ metadata:
+   name: my-empty-dir-pod
+ spec:
+   containers:
+   - image: microsoft/windowsservercore:1709
+     name: my-empty-dir-pod
+     volumeMounts:
+     - mountPath: /cache
+       name: cache-volume
+     - mountPath: C:/scratch
+       name: scratch-volume
+   volumes:
+   - name: cache-volume
+     emptyDir: {}
+   - name: scratch-volume
+     emptyDir: {}
+   nodeSelector:
+     beta.kubernetes.io/os: windows
diff --git a/content/zh/examples/windows/hostpath-volume-pod.yaml b/content/zh/examples/windows/hostpath-volume-pod.yaml
new file mode 100644
index 0000000000000..843250c80c613
--- /dev/null
+++ b/content/zh/examples/windows/hostpath-volume-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hostpath-volume-pod
+spec:
+  containers:
+  - name: my-hostpath-volume-pod
+    image: microsoft/windowsservercore:1709
+    volumeMounts:
+    - name: foo
+      mountPath: "C:\\etc\\foo"
+      readOnly: true
+  nodeSelector:
+    beta.kubernetes.io/os: windows
+  volumes:
+  - name: foo
+    hostPath:
+     path: "C:\\etc\\foo"
diff --git a/content/zh/examples/windows/secret-pod.yaml b/content/zh/examples/windows/secret-pod.yaml
new file mode 100644
index 0000000000000..f4a8122c0a694
--- /dev/null
+++ b/content/zh/examples/windows/secret-pod.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysecret
+type: Opaque
+data:
+  username: YWRtaW4=
+  password: MWYyZDFlMmU2N2Rm
+
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-secret-pod
+spec:
+  containers:
+  - name: my-secret-pod
+    image: microsoft/windowsservercore:1709
+    env:
+      - name: USERNAME
+        valueFrom:
+          secretKeyRef:
+            name: mysecret
+            key: username
+      - name: PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: mysecret
+            key: password
+  nodeSelector:
+    beta.kubernetes.io/os: windows
diff --git a/content/zh/examples/windows/simple-pod.yaml b/content/zh/examples/windows/simple-pod.yaml
new file mode 100644
index 0000000000000..f056f3cf0ab50
--- /dev/null
+++ b/content/zh/examples/windows/simple-pod.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: iis
+  labels:
+    name: iis
+spec:
+  containers:
+    - name: iis
+      image: microsoft/iis:windowsservercore-1709
+      ports:
+        - containerPort: 80
+  nodeSelector:
+    "beta.kubernetes.io/os": windows
diff --git a/content/zh/includes/default-storage-class-prereqs.md b/content/zh/includes/default-storage-class-prereqs.md
new file mode 100644
index 0000000000000..2ebaa452286f7
--- /dev/null
+++ b/content/zh/includes/default-storage-class-prereqs.md
@@ -0,0 +1,9 @@
+您需要有一个带有默认[StorageClass](/docs/concepts/storage/storage-classes/)的动态持续卷供应程序，或者自己[静态的提供持久卷](/docs/user-guide/persistent-volumes/#provisioning)来满足这里使用的[持久卷请求](/docs/user-guide/persistent-volumes/#persistentvolumeclaims)。
+
+<!--
+You need to either have a dynamic PersistentVolume provisioner with a default
+[StorageClass](/docs/concepts/storage/storage-classes/),
+or [statically provision PersistentVolumes](/docs/user-guide/persistent-volumes/#provisioning)
+yourself to satisfy the [PersistentVolumeClaims](/docs/user-guide/persistent-volumes/#persistentvolumeclaims)
+used here.
+-->
diff --git a/content/zh/includes/federated-task-tutorial-prereqs.md b/content/zh/includes/federated-task-tutorial-prereqs.md
new file mode 100644
index 0000000000000..565b2f73d0d2d
--- /dev/null
+++ b/content/zh/includes/federated-task-tutorial-prereqs.md
@@ -0,0 +1,16 @@
+<!--
+This guide assumes that you have a running Kubernetes Cluster
+Federation installation. If not, then head over to the
+[federation admin guide](/docs/tutorials/federation/set-up-cluster-federation-kubefed/) to learn how to
+bring up a cluster federation (or have your cluster administrator do
+this for you).
+Other tutorials, such as Kelsey Hightower's 
+[Federated Kubernetes Tutorial](https://github.com/kelseyhightower/kubernetes-cluster-federation),
+might also help you create a Federated Kubernetes cluster.
+-->
+
+本指南假设您已安装有一个正在运行的 Kubernetes 集群联邦。如果没有，那么请转到
+[联邦管理指南](/docs/tutorials/federation/set-up-cluster-federation-kubefed/)，了解如何启动联邦集群(或者让集群管理员为您执行此操作)。
+其他教程，例如 Kelsey Hightower 的[联邦 Kubernetes 教程](https://github.com/kelseyhightower/kubernetes-cluster-federation)，
+也可能帮助您创建联邦 Kubernetes 集群。
+
diff --git a/content/zh/includes/federation-content-moved.md b/content/zh/includes/federation-content-moved.md
index 9453130671a5b..839b6b21a85f2 100644
--- a/content/zh/includes/federation-content-moved.md
+++ b/content/zh/includes/federation-content-moved.md
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 The topics in the [Federation API](/docs/federation/api-reference/) section of the Kubernetes docs
 are being moved to the [Reference](/docs/reference/) section. The content in this topic has moved to:
 -->
diff --git a/content/zh/includes/federation-current-state.md b/content/zh/includes/federation-current-state.md
index 81fe7d0823bff..b8b45f9259824 100644
--- a/content/zh/includes/federation-current-state.md
+++ b/content/zh/includes/federation-current-state.md
@@ -2,4 +2,4 @@
 `Federation V1`, the current Kubernetes federation API which reuses the Kubernetes API resources 'as is', is currently considered alpha for many of its features. There is no clear path to evolve the API to GA; however, there is a `Federation V2` effort in progress to implement a dedicated federation API apart from the Kubernetes API. The details are available at [sig-multicluster community page](https://github.com/kubernetes/community/tree/master/sig-multicluster).
 -->
 
-`Federation V1`， 是当前的 Kubernetes 联邦 API， 它'原样'重用 Kubernetes API 资源， 其许多特性目前被认为是 alpha。 没有明确的途径将 API 发展成 GA； 然而， 除了 Kubernetes API 之外， 还有一个 `Federation V2` 正在努力实现专用的联邦 API。详细信息可在 [sig-multicluster 社区页面](https://github.com/kubernetes/community/tree/master/sig-multicluster) 获得。     
+`Federation V1`， 是当前的 Kubernetes 联邦 API， 它“原样”重用 Kubernetes API 资源， 其许多特性目前被认为是 alpha。 没有明确的途径将 API 发展成 GA； 然而， 除了 Kubernetes API 之外， 还有一个 `Federation V2` 正在努力实现专用的联邦 API。详细信息可在 [sig-multicluster 社区页面](https://github.com/kubernetes/community/tree/master/sig-multicluster) 获得。     
diff --git a/content/zh/includes/federation-deprecation-warning-note.md b/content/zh/includes/federation-deprecation-warning-note.md
new file mode 100644
index 0000000000000..9621879b2f99d
--- /dev/null
+++ b/content/zh/includes/federation-deprecation-warning-note.md
@@ -0,0 +1,8 @@
+<!--
+Use of `Federation v1` is strongly discouraged. `Federation V1` never achieved GA status and is no longer under active development. Documentation is for historical purposes only.
+
+For more information, see the intended replacement, [Kubernetes Federation v2](https://github.com/kubernetes-sigs/federation-v2).
+-->
+强烈建议不要使用`联邦 v1 版本`，`联邦 v1 版本`从未达到 GA 状态，且不再处于积极开发阶段。文档仅作为历史参考。
+
+有关更多信息，请参阅预期的替代品 [Kubernetes 联邦 v2 版本](https://github.com/kubernetes-sigs/federation-v2)。
\ No newline at end of file
diff --git a/content/zh/includes/index.md b/content/zh/includes/index.md
new file mode 100644
index 0000000000000..ca03031f1ee91
--- /dev/null
+++ b/content/zh/includes/index.md
@@ -0,0 +1,3 @@
+---
+headless: true
+---
diff --git a/content/zh/includes/partner-script.js b/content/zh/includes/partner-script.js
new file mode 100644
index 0000000000000..499dc3f2e3829
--- /dev/null
+++ b/content/zh/includes/partner-script.js
@@ -0,0 +1,1609 @@
+;(function () {
+	var partners = [
+		{
+			type: 0,
+			name: 'Sysdig',
+			logo: 'sys_dig',
+			link: 'https://sysdig.com/blog/monitoring-kubernetes-with-sysdig-cloud/',
+			blurb: 'Sysdig is the container intelligence company. Sysdig has created the only unified platform to deliver monitoring, security, and troubleshooting in a microservices-friendly architecture.'
+		},
+		{
+			type: 0,
+			name: 'Puppet',
+			logo: 'puppet',
+			link: 'https://puppet.com/blog/announcing-kream-and-new-kubernetes-helm-and-docker-modules',
+			blurb: 'We\'ve developed tools and products to make your adoption of Kubernetes as efficient as possible, covering your full workflow cycle from development to production. And now Puppet Pipelines for Containers is your complete DevOps dashboard for Kubernetes.'
+		},
+		{
+			type: 0,
+			name: 'Citrix',
+			logo: 'citrix',
+			link: 'https://www.citrix.com/networking/microservices.html',
+			blurb: 'Netscaler CPX gives app developers all the features they need to load balance their microservices and containerized apps with Kubernetes.'
+		},
+		{
+			type: 0,
+			name: 'Cockroach Labs',
+			logo: 'cockroach_labs',
+			link: 'https://www.cockroachlabs.com/blog/running-cockroachdb-on-kubernetes/',
+			blurb: 'CockroachDB is a distributed SQL database whose built-in replication and survivability model pair with Kubernetes to truly make data easy.'
+		},
+		{
+			type: 2,
+			name: 'Weaveworks',
+			logo: 'weave_works',
+			link: ' https://weave.works/kubernetes',
+			blurb: 'Weaveworks enables Developers and Dev/Ops teams to easily connect, deploy, secure, manage, and troubleshoot microservices in Kubernetes.'
+		},
+		{
+			type: 0,
+			name: 'Intel',
+			logo: 'intel',
+			link: 'https://tectonic.com/press/intel-coreos-collaborate-on-openstack-with-kubernetes.html',
+			blurb: 'Powering the GIFEE (Google’s Infrastructure for Everyone Else), to run OpenStack deployments on Kubernetes.'
+		},
+		{
+			type: 3,
+			name: 'Platform9',
+			logo: 'platform9',
+			link: 'https://platform9.com/products/kubernetes/',
+			blurb: 'Platform9 is the open source-as-a-service company that takes all of the goodness of Kubernetes and delivers it as a managed service.'
+		},
+		{
+			type: 0,
+			name: 'Datadog',
+			logo: 'datadog',
+			link: 'http://docs.datadoghq.com/integrations/kubernetes/',
+			blurb: 'Full-stack observability for dynamic infrastructure & applications. Includes precision alerting, analytics and deep Kubernetes integrations. '
+		},
+		{
+			type: 0,
+			name: 'AppFormix',
+			logo: 'appformix',
+			link: 'http://www.appformix.com/solutions/appformix-for-kubernetes/',
+			blurb: 'AppFormix is a cloud infrastructure performance optimization service helping enterprise operators streamline their cloud operations on any Kubernetes cloud. '
+		},
+		{
+			type: 0,
+			name: 'Crunchy',
+			logo: 'crunchy',
+			link: 'http://info.crunchydata.com/blog/advanced-crunchy-containers-for-postgresql',
+			blurb: 'Crunchy PostgreSQL Container Suite is a set of containers for managing PostgreSQL with DBA microservices leveraging Kubernetes and Helm.'
+		},
+		{
+			type: 0,
+			name: 'Aqua',
+			logo: 'aqua',
+			link: 'http://blog.aquasec.com/security-best-practices-for-kubernetes-deployment',
+			blurb: 'Deep, automated security for your containers running on Kubernetes.'
+		},
+		{
+			type: 0,
+			name: 'Distelli',
+			logo: 'distelli',
+			link: 'https://www.distelli.com/',
+			blurb: 'Pipelines from your source repositories to your Kubernetes Clusters on any cloud.'
+		},
+		{
+			type: 0,
+			name: 'Nuage networks',
+			logo: 'nuagenetworks',
+			link: 'https://github.com/nuagenetworks/nuage-kubernetes',
+			blurb: 'The Nuage SDN platform provides policy-based networking between Kubernetes Pods and non-Kubernetes environments with visibility and security monitoring.'
+		},
+		{
+			type: 0,
+			name: 'Sematext',
+			logo: 'sematext',
+			link: 'https://sematext.com/kubernetes/',
+			blurb: 'Logging & Monitoring: Automatic collection and processing of Metrics, Events and Logs for auto-discovered pods and Kubernetes nodes.'
+		},
+		{
+			type: 0,
+			name: 'Diamanti',
+			logo: 'diamanti',
+			link: 'https://www.diamanti.com/products/',
+			blurb: 'Diamanti deploys containers with guaranteed performance using Kubernetes in the first hyperconverged appliance purpose built for containerized applications.'
+				},
+		{
+			type: 0,
+			name: 'Aporeto',
+			logo: 'aporeto',
+			link: 'https://aporeto.com/trireme',
+			blurb: 'Aporeto makes cloud-native applications secure by default without impacting developer velocity and works at any scale, on any cloud.'
+				},
+		{
+  		type: 2,
+ 			name: 'Giant Swarm',
+ 			logo: 'giantswarm',
+ 			link: 'https://giantswarm.io',
+ 			blurb: 'Giant Swarm enables you to simply and rapidly create and use Kubernetes clusters on-demand either on-premises or in the cloud. Contact Giant Swarm to learn about the best way to run cloud native applications anywhere.'
+ 				},
+		{
+		 	type: 3,
+		 	name: 'Giant Swarm',
+		 	logo: 'giantswarm',
+		 	link: 'https://giantswarm.io/product/',
+		 	blurb: 'Giant Swarm enables you to simply and rapidly create and use Kubernetes clusters on-demand either on-premises or in the cloud. Contact Giant Swarm to learn about the best way to run cloud native applications anywhere.'
+		 		},
+		{
+		 	type: 3,
+			name: 'Hasura',
+			logo: 'hasura',
+			link: 'https://hasura.io',
+			blurb: 'Hasura is a Kubernetes-based PaaS and a Postgres-based BaaS that accelerates app development with ready-to-use components.'
+				},
+		{
+ 			type: 3,
+ 			name: 'Mirantis',
+ 			logo: 'mirantis',
+ 			link: 'https://www.mirantis.com/software/kubernetes/',
+ 			blurb: 'Mirantis - Mirantis Cloud Platform'
+ 				},
+		{
+		 	type: 2,
+		 	name: 'Mirantis',
+		 	logo: 'mirantis',
+		 	link: 'https://content.mirantis.com/Containerizing-OpenStack-on-Kubernetes-Video-Landing-Page.html',
+		 	blurb: 'Mirantis builds and manages private clouds with open source software such as OpenStack, deployed as containers orchestrated by Kubernetes.'
+		 		},
+		{
+ 			type: 0,
+ 			name: 'Kubernetic',
+ 			logo: 'kubernetic',
+ 			link: 'https://kubernetic.com/',
+ 			blurb: 'Kubernetic is a Kubernetes Desktop client that simplifies and democratizes cluster management for DevOps.'
+ 				},
+		{
+			type: 1,
+			name: 'Reactive Ops',
+			logo: 'reactive_ops',
+			link: 'https://www.reactiveops.com/the-kubernetes-experts/',
+			blurb: 'ReactiveOps has written automation on best practices for infrastructure as code on GCP & AWS using Kubernetes, helping you build and maintain a world-class infrastructure at a fraction of the price of an internal hire.'
+		},
+		{
+			type: 2,
+			name: 'Livewyer',
+			logo: 'livewyer',
+			link: 'https://livewyer.io/services/kubernetes-experts/',
+			blurb: 'Kubernetes experts that on-board applications and empower IT teams to get the most out of containerised technology.'
+		},
+		{
+			type: 2,
+			name: 'Samsung SDS',
+			logo: 'samsung_sds',
+			link: 'http://www.samsungsdsa.com/cloud-infrastructure_kubernetes',
+			blurb: 'Samsung SDS’s Cloud Native Computing Team offers expert consulting across the range of technical aspects involved in building services targeted at a Kubernetes cluster.'
+		},
+		{
+			type: 2,
+			name: 'Container Solutions',
+			logo: 'container_solutions',
+			link: 'http://container-solutions.com/resources/kubernetes/',
+			blurb: 'Container Solutions is a premium software consultancy that focuses on programmable infrastructure, offering our expertise in software development, strategy and operations to help you innovate at speed and scale.'
+		},
+		{
+			type: 4,
+			name: 'Container Solutions',
+			logo: 'container_solutions',
+			link: 'http://container-solutions.com/resources/kubernetes/',
+			blurb: 'Container Solutions is a premium software consultancy that focuses on programmable infrastructure, offering our expertise in software development, strategy and operations to help you innovate at speed and scale.'
+		},
+		{
+			type: 2,
+			name: 'Jetstack',
+			logo: 'jetstack',
+			link: 'https://www.jetstack.io/',
+			blurb: 'Jetstack is an organisation focused entirely on Kubernetes. They will help you to get the most out of Kubernetes through expert professional services and open source tooling. Get in touch, and accelerate your project.'
+		},
+		{
+			type: 0,
+			name: 'Tigera',
+			logo: 'tigera',
+			link: 'http://docs.projectcalico.org/latest/getting-started/kubernetes/',
+			blurb: 'Tigera builds high performance, policy driven, cloud native networking solutions for Kubernetes.'
+		},
+		{
+ 			type: 1,
+ 			name: 'Harbur',
+ 			logo: 'harbur',
+ 			link: 'https://harbur.io/',
+ 			blurb: 'Based in Barcelona, Harbur is a consulting firm that helps companies deploy self-healing solutions empowered by Container technologies'
+  		},
+		{
+ 			type: 0,
+ 			name: 'Spotinst',
+ 			logo: 'spotinst',
+ 			link: 'http://blog.spotinst.com/2016/08/04/elastigroup-kubernetes-minions-steroids/',
+ 			blurb: 'Your Kubernetes For 80% Less. Run K8s workloads on Spot Instances with 100% availability to save 80% + autoscale your Kubernetes with maximum efficiency in heterogenous environments.'
+  		},
+		{
+ 			type: 2,
+ 			name: 'InwinSTACK',
+ 			logo: 'inwinstack',
+ 			link: 'http://www.inwinstack.com/index.php/en/solutions-en/',
+ 			blurb: 'Our container service leverages OpenStack-based infrastructure and its container orchestration engine Magnum to manage Kubernetes clusters.'
+  		},
+	{
+			type: 4,
+			name: 'InwinSTACK',
+			logo: 'inwinstack',
+			link: 'http://www.inwinstack.com/index.php/en/solutions-en/',
+			blurb: 'Our container service leverages OpenStack-based infrastructure and its container orchestration engine Magnum to manage Kubernetes clusters.'
+			},
+		{
+	 		type: 3,
+	 		name: 'InwinSTACK',
+	 		logo: 'inwinstack',
+	 		link: 'https://github.com/inwinstack/kube-ansible',
+	 		blurb: 'inwinSTACK - kube-ansible'
+	  	},
+		{
+ 			type: 1,
+ 			name: 'Semantix',
+ 			logo: 'semantix',
+ 			link: 'http://www.semantix.com.br/',
+ 			blurb: 'Semantix is a company that works with data analytics and distributed systems. Kubernetes is used to orchestrate services for our customers.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'ASM Technologies Limited',
+ 			logo: 'asm',
+ 			link: 'http://www.asmtech.com/',
+ 			blurb: 'Our technology supply chain portfolio enables your software products to be accessible, viable and available more effectively.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'InfraCloud Technologies',
+ 			logo: 'infracloud',
+ 			link: 'http://blog.infracloud.io/state-of-kubernetes/',
+ 			blurb: 'InfraCloud Technologies is software consultancy which provides services in Containers, Cloud and DevOps.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'SignalFx',
+ 			logo: 'signalfx',
+ 			link: 'https://github.com/signalfx/integrations/tree/master/kubernetes',
+ 			blurb: 'Gain real-time visibility across metrics & the most intelligent alerts for todays architectures, including deep integration with Kubernetes'
+  		},
+		{
+ 			type: 0,
+ 			name: 'NATS',
+ 			logo: 'nats',
+ 			link: 'https://github.com/pires/kubernetes-nats-cluster',
+ 			blurb: 'NATS is a simple, secure, and scalable cloud native messaging system.'
+  		},
+		{
+ 			type: 2,
+ 			name: 'RX-M',
+ 			logo: 'rxm',
+ 			link: 'http://rx-m.com/training/kubernetes-training/',
+ 			blurb: 'Market neutral Kubernetes Dev, DevOps and Production training and consulting services.'
+  		},
+		{
+	 		type: 4,
+	 		name: 'RX-M',
+	 		logo: 'rxm',
+	 		link: 'http://rx-m.com/training/kubernetes-training/',
+	 		blurb: 'Market neutral Kubernetes Dev, DevOps and Production training and consulting services.'
+	  	},
+		{
+ 			type: 1,
+ 			name: 'Emerging Technology Advisors',
+ 			logo: 'eta',
+ 			link: 'https://www.emergingtechnologyadvisors.com/services/kubernetes.html',
+ 			blurb: 'ETA helps companies architect, implement, and manage scalable applications using Kubernetes on public or private cloud.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'CloudPlex.io',
+ 			logo: 'cloudplex',
+ 			link: 'http://www.cloudplex.io',
+ 			blurb: 'CloudPlex enables operations teams to visually deploy, orchestrate, manage, and monitor infrastructure, applications, and services in public or private cloud.'
+  		},
+		{
+ 			type: 2,
+ 			name: 'Kumina',
+ 			logo: 'kumina',
+ 			link: 'https://www.kumina.nl/managed_kubernetes',
+ 			blurb: 'Kumina combines the power of Kubernetes with 10+ years of experience in IT operations. We create, build and support fully managed Kubernetes solutions on your choice of infrastructure. We also provide consulting and training.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'CA Technologies',
+ 			logo: 'ca',
+ 			link: 'https://docops.ca.com/ca-continuous-delivery-director/integrations/en/plug-ins/kubernetes-plug-in',
+ 			blurb: 'The CA Continuous Delivery Director Kubernetes plugin orchestrates deployment of containerized applications within an end-to-end release pipeline.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'CoScale',
+ 			logo: 'coscale',
+ 			link: 'http://www.coscale.com/blog/how-to-monitor-your-kubernetes-cluster',
+ 			blurb: 'Full stack monitoring of containers and microservices orchestrated by Kubernetes. Powered by anomaly detection to find problems faster.'
+  		},
+		{
+ 			type: 2,
+ 			name: 'Supergiant.io',
+ 			logo: 'supergiant',
+ 			link: 'https://supergiant.io/blog/supergiant-packing-algorithm-unique-save-money',
+ 			blurb: 'Supergiant autoscales hardware for Kubernetes. Open-source, it makes HA, distributed, stateful apps easy to deploy, manage, and scale.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'Avi Networks',
+ 			logo: 'avinetworks',
+ 			link: 'https://kb.avinetworks.com/avi-vantage-openshift-installation-guide/',
+ 			blurb: 'Avis elastic application services fabric provides scalable, feature rich & integrated L4-7 networking for K8S environments.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'Codecrux web technologies pvt ltd',
+ 			logo: 'codecrux',
+ 			link: 'http://codecrux.com/kubernetes/',
+ 			blurb: 'At CodeCrux we help your organization get the most out of Containers and Kubernetes, regardless of where you are in your journey'
+  		},
+		{
+ 			type: 0,
+ 			name: 'Greenqloud',
+ 			logo: 'qstack',
+ 			link: 'https://www.qstack.com/application-orchestration/',
+ 			blurb: 'Qstack provides self-serviceable on-site Kubernetes clusters with an intuitive User Interface for Infrastructure and Kubernetes management.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'StackOverdrive.io',
+ 			logo: 'stackoverdrive',
+ 			link: 'http://www.stackoverdrive.net/kubernetes-consulting/',
+ 			blurb: 'StackOverdrive helps organizations of all sizes leverage Kubernetes for container based orchestration and management.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'StackIQ, Inc.',
+ 			logo: 'stackiq',
+ 			link: 'https://www.stackiq.com/kubernetes/',
+ 			blurb: 'With Stacki and the Stacki Pallet for Kubernetes, you can go from bare metal to containers in one step very quickly and easily.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'Cobe',
+ 			logo: 'cobe',
+ 			link: 'https://cobe.io/product-page/',
+ 			blurb: 'Manage Kubernetes clusters with a live, searchable model that captures all relationships and performance data in full visualised context.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'Datawire',
+ 			logo: 'datawire',
+ 			link: 'http://www.datawire.io',
+ 			blurb: 'Datawires open source tools let your microservices developers be awesomely productive on Kubernetes, while letting ops sleep at night.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'Mashape, Inc.',
+ 			logo: 'kong',
+ 			link: 'https://getkong.org/install/kubernetes/',
+ 			blurb: 'Kong is a scalable open source API layer that runs in front of any RESTful API and can be provisioned to a Kubernetes cluster.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'F5 Networks',
+ 			logo: 'f5networks',
+ 			link: 'http://github.com/f5networks',
+ 			blurb: 'We have a LB integration into Kubernetes.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'Lovable Tech',
+ 			logo: 'lovable',
+ 			link: 'http://lovable.tech/',
+ 			blurb: 'World class engineers, designers, and strategic consultants helping you ship Lovable web & mobile technology.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'StackState',
+ 			logo: 'stackstate',
+ 			link: 'http://stackstate.com/platform/container-monitoring',
+ 			blurb: 'Operational Analytics across teams and tools. Includes topology visualization, root cause analysis and anomaly detection for Kubernetes.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'INEXCCO INC',
+ 			logo: 'inexcco',
+ 			link: 'https://www.inexcco.com/',
+ 			blurb: 'Strong DevOps and Cloud talent working with couple clients on kubernetes and helm implementations. '
+  		},
+		{
+ 			type: 2,
+ 			name: 'Bitnami',
+ 			logo: 'bitnami',
+ 			link: 'http://bitnami.com/kubernetes',
+ 			blurb: 'Bitnami brings a catalog of trusted, up to date, and easy to use applications and application building blocks to Kubernetes.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'Nebulaworks',
+ 			logo: 'nebulaworks',
+ 			link: 'http://www.nebulaworks.com/container-platforms',
+ 			blurb: 'Nebulaworks provides services to help the enterprise adopt modern container platforms and optimized processes to enable innovation at scale.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'EASYNUBE',
+ 			logo: 'easynube',
+ 			link: 'http://easynube.co.uk/devopsnube/',
+ 			blurb: 'EasyNube provide architecture, implementation, and manage scalable applications using Kubernetes and Openshift.'
+  		},
+		{
+ 			type: 1,
+ 			name: 'Opcito Technologies',
+ 			logo: 'opcito',
+ 			link: 'http://www.opcito.com/kubernetes/',
+ 			blurb: 'Opcito is a software consultancy that uses Kubernetes to help organisations build, architect & deploy highly scalable applications.'
+  		},
+		{
+ 			type: 0,
+ 			name: 'code by Dell EMC',
+ 			logo: 'codedellemc',
+ 			link: 'https://blog.codedellemc.com',
+ 			blurb: 'Respected as a thought leader in storage persistence for containerized applications. Contributed significant work to K8 and Ecosystem'
+			},
+		{
+	 		type: 0,
+		 	name: 'Instana',
+		 	logo: 'instana',
+		 	link: 'https://www.instana.com/supported-technologies/',
+		 	blurb: 'Instana monitors performance of the applications, infrastructure, containers and services deployed on a Kubernetes cluster.'
+			},
+		{
+		 	type: 0,
+			name: 'Netsil',
+			logo: 'netsil',
+			link: 'https://netsil.com/kubernetes/',
+			blurb: 'Generate a real-time, auto-discovered application topology map! Monitor Kubernetes pods and namespaces without any code instrumentation.'
+			},
+		{
+			type: 2,
+			name: 'Treasure Data',
+			logo: 'treasuredata',
+			link: 'https://fluentd.treasuredata.com/kubernetes-logging/',
+			blurb: 'Fluentd Enterprise brings smart, secure logging to Kubernetes, and brings integrations with backends such as Splunk, Kafka, or AWS S3.'
+			},
+		{
+			type: 2,
+			name: 'Kenzan',
+			logo: 'Kenzan',
+			link: 'http://kenzan.com/?ref=kubernetes',
+			blurb: 'We provide custom consulting services leveraging Kubernetes as our foundation. This involves the platform development, delivery pipelines, and the application development within Kubernetes.'
+			},
+		{
+			type: 2,
+			name: 'New Context',
+			logo: 'newcontext',
+			link: 'https://www.newcontext.com/devsecops-infrastructure-automation-orchestration/',
+			blurb: 'New Context builds and uplifts secure Kubernetes implementations and migrations, from initial design to infrastructure automation and management.'
+			},
+		{
+			type: 2,
+			name: 'Banzai',
+			logo: 'banzai',
+			link: 'https://banzaicloud.com/platform/',
+			blurb: 'Banzai Cloud brings cloud native to the enterprise and simplifies the transition to microservices on Kubernetes.'
+			},
+		{
+			type: 3,
+			name: 'Kublr',
+			logo: 'kublr',
+			link: 'http://kublr.com',
+			blurb: 'Kublr - Accelerate and control the deployment, scaling, monitoring and management of your containerized applications.'
+			},
+		{
+			type: 1,
+			name: 'ControlPlane',
+			logo: 'controlplane',
+			link: 'https://control-plane.io',
+			blurb: 'We are a London-based Kubernetes consultancy with a focus on security and continuous delivery. We offer consulting & training.'
+			},
+		{
+			type: 3,
+			name: 'Nirmata',
+			logo: 'nirmata',
+			link: 'https://www.nirmata.com/',
+			blurb: 'Nirmata - Nirmata Managed Kubernetes'
+				},
+		{
+			type: 2,
+			name: 'Nirmata',
+			logo: 'nirmata',
+			link: 'https://www.nirmata.com/',
+			blurb: 'Nirmata is a software platform that helps DevOps teams deliver enterprise-grade and cloud-provider agnostic Kubernetes based container management solutions.'
+				},
+		{
+			type: 3,
+			name: 'TenxCloud',
+			logo: 'tenxcloud',
+			link: 'https://tenxcloud.com',
+			blurb: 'TenxCloud - TenxCloud Container Engine (TCE)'
+				},
+		{
+			type: 2,
+			name: 'TenxCloud',
+			logo: 'tenxcloud',
+			link: 'https://www.tenxcloud.com/',
+			blurb: 'Founded in October 2014, TenxCloud is a leading enterprise container cloud computing service provider in China, covering the areas such as container PaaS cloud platform, micro-service management, DevOps, development test, AIOps and so on. Provide private cloud PaaS products and solutions for financial, energy, operator, manufacturing, education and other industry customers.'
+				},
+		{
+			type: 0,
+			name: 'Twistlock',
+			logo: 'twistlock',
+			link: 'https://www.twistlock.com/',
+			blurb: 'Security at Kubernetes Scale: Twistlock allows you to deploy fearlessly with assurance that your images and containers are free of vulnerabilities and protected at runtime.'
+				},
+		{
+			type: 0,
+			name: 'Endocode AG',
+			logo: 'endocode',
+			link: 'https://endocode.com/kubernetes/',
+ 			blurb: 'Endocode practices and teaches the open source way. Kernel to cluster - Dev to Ops. We offer Kubernetes trainings, services and support.'
+			},
+		{
+			type: 2,
+			name: 'Accenture',
+			logo: 'accenture',
+			link: 'https://www.accenture.com/us-en/service-application-containers',
+	 		blurb: 'Architecture, implementation and operation of world-class Kubernetes solutions for cloud-native clients.'
+			},
+		{
+			type: 1,
+			name: 'Biarca',
+			logo: 'biarca',
+			link: 'http://biarca.io/',
+		 	blurb: 'Biarca is a cloud services provider and key focus areas Key areas of focus for Biarca include Cloud Adoption Services, Infrastructure Services, DevOps Services and Application Services. Biarca leverages Kubernetes to deliver containerized solutions.'
+			},
+		{
+			type: 2,
+			name: 'Claranet',
+			logo: 'claranet',
+			link: 'http://www.claranet.co.uk/hosting/google-cloud-platform-consulting-managed-services',
+			blurb: 'Claranet helps people migrate to the cloud and take full advantage of the new world it offers. We consult, design, build and proactively manage the right infrastructure and automation tooling for clients to achieve this.'
+			},
+		{
+			type: 1,
+			name: 'CloudKite',
+			logo: 'cloudkite',
+			link: 'https://cloudkite.io/',
+			blurb: 'CloudKite.io helps companies build and maintain highly automated, resilient, and impressively performing software on Kubernetes.'
+			},
+		{
+			type: 2,
+			name: 'CloudOps',
+			logo: 'CloudOps',
+			link: 'https://www.cloudops.com/services/docker-and-kubernetes-workshops/',
+			blurb: 'CloudOps gets you hands-on with the K8s ecosystem via workshop/lab. Get prod ready K8s in cloud(s) of your choice with our managed services.'
+			},
+		{
+			type: 2,
+			name: 'Ghostcloud',
+			logo: 'ghostcloud',
+			link: 'https://www.ghostcloud.cn/ecos-kubernetes',
+			blurb: 'EcOS is an enterprise-grade PaaS / CaaS based on Docker and Kubernetes, which makes it easier to configure, deploy and manage containerized applications.'
+			},
+		{
+			type: 3,
+			name: 'Ghostcloud',
+			logo: 'ghostcloud',
+			link: 'https://www.ghostcloud.cn/ecos-kubernetes',
+			blurb: 'EcOS is an enterprise-grade PaaS / CaaS based on Docker and Kubernetes, which makes it easier to configure, deploy and manage containerized applications.'
+			},
+		{
+			type: 2,
+			name: 'Contino',
+			logo: 'contino',
+			link: 'https://www.contino.io/',
+			blurb: 'We help enterprise organizations adopt DevOps, containers and cloud computing. Contino is a global consultancy that enables regulated organizations to accelerate innovation through the adoption of modern approaches to software delivery.'
+			},
+		{
+			type: 2,
+			name: 'Booz Allen Hamilton',
+			logo: 'boozallenhamilton',
+			link: 'https://www.boozallen.com/',
+			blurb: 'Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise.'
+			},
+		{
+			type: 1,
+			name: 'BigBinary',
+			logo: 'bigbinary',
+			link: 'http://blog.bigbinary.com/categories/Kubernetes',
+			blurb: 'Provider of Digital Solutions for federal and commercial clients, to include DevSecOps, cloud platforms, transformation strategy, cognitive solutions, and UX.'
+				},
+		{
+			type: 0,
+			name: 'CloudPerceptions',
+			logo: 'cloudperceptions',
+			link: 'https://www.meetup.com/Triangle-Kubernetes-Meetup/files/',
+			blurb: 'Container security solution for small-to-medium size enterprises who plan to run Kubernetes on shared infrastructure.'
+				},
+		{
+			type: 2,
+			name: 'Creationline, Inc.',
+			logo: 'creationline',
+			link: 'https://www.creationline.com/ci',
+			blurb: 'Total solution for container based IT resource management.'
+				},
+		{
+			type: 0,
+			name: 'DataCore Software',
+			logo: 'datacore',
+			link: 'https://www.datacore.com/solutions/virtualization/containerization',
+			blurb: 'DataCore provides highly-available, high-performance universal block storage for Kubernetes, radically improving the speed of deployment.'
+				},
+		{
+			type: 0,
+			name: 'Elastifile',
+			logo: 'elastifile',
+			link: 'https://www.elastifile.com/stateful-containers',
+			blurb: 'Elastifile’s cross-cloud data fabric delivers elastically scalable, high performance, software-defined persistent storage for Kubernetes.'
+				},
+		{
+			type: 0,
+			name: 'GitLab',
+			logo: 'gitlab',
+			link: 'https://about.gitlab.com/2016/11/14/idea-to-production/',
+			blurb: 'With GitLab and Kubernetes, you can deploy a complete CI/CD pipeline with multiple environments, automatic deployments, and automatic monitoring.'
+				},
+		{
+			type: 0,
+			name: 'Gravitational, Inc.',
+			logo: 'gravitational',
+			link: 'https://gravitational.com/telekube/',
+			blurb: 'Telekube combines Kubernetes with Teleport, our modern SSH server, so operators can remotely manage a multitude of K8s application deployments.'
+				},
+		{
+			type: 0,
+			name: 'Hitachi Data Systems',
+			logo: 'hitachi',
+			link: 'https://www.hds.com/en-us/products-solutions/application-solutions/unified-compute-platform-with-kubernetes-orchestration.html',
+			blurb: 'Build the Applications You Need to Drive Your Business - DEVELOP AND DEPLOY APPLICATIONS FASTER AND MORE RELIABLY.'
+				},
+		{
+			type: 1,
+			name: 'Infosys Technologies',
+			logo: 'infosys',
+			link: 'https://www.infosys.com',
+			blurb: 'Monolithic to microservices on openshift is a offering that we are building as part of open source practice.'
+				},
+		{
+			type: 0,
+			name: 'JFrog',
+			logo: 'jfrog',
+			link: 'https://www.jfrog.com/use-cases/12584/',
+			blurb: 'You can use Artifactory to store and manage all of your application’s container images and deploy to Kubernetes and setup a build, test, deploy pipeline using Jenkins and Artifactory. Once an image is ready to be rolled out, Artifactory can trigger a rolling-update deployment into a Kubernetes cluster without downtime – automatically!'
+				},
+		{
+			type: 0,
+			name: 'Navops by Univa',
+			logo: 'navops',
+			link: 'https://www.navops.io',
+			blurb: 'Navops is a suite of products that enables enterprises to take full advantage of Kubernetes and provides the ability to quickly and efficiently run containers at scale.'
+				},
+		{
+			type: 0,
+			name: 'NeuVector',
+			logo: 'neuvector',
+			link: 'http://neuvector.com/solutions-for-kubernetes-security/',
+			blurb: 'NeuVector delivers an application and network intelligent container network security solution integrated with and optimized for Kubernetes.'
+				},
+		{
+			type: 1,
+			name: 'OpsZero',
+			logo: 'opszero',
+			link: 'https://www.opszero.com/kubernetes.html',
+			blurb: 'opsZero provides DevOps for Startups. We build and service your Kubernetes and Cloud Infrastructure to accelerate your release cycle.'
+				},
+		{
+			type: 1,
+			name: 'Shiwaforce.com Ltd.',
+			logo: 'shiwaforce',
+			link: 'https://www.shiwaforce.com/en/',
+			blurb: 'Shiwaforce.com is the Agile Partner in Digital Transformation. Our solutions follow business changes quickly, easily and cost-effectively.'
+				},
+		{
+			type: 1,
+			name: 'SoftServe',
+			logo: 'softserve',
+			link: 'https://www.softserveinc.com/en-us/blogs/kubernetes-travis-ci/',
+			blurb: 'SoftServe allows its clients to adopt modern application design patterns and benefit from fully integrated, highly available, cost effective Kubernetes clusters at any scale.'
+				},
+		{
+			type: 1,
+			name: 'Solinea',
+			logo: 'solinea',
+			link: 'https://www.solinea.com/cloud-consulting-services/container-microservices-offerings',
+			blurb: 'Solinea is a digital transformation consultancy that enables businesses to build innovative solutions by adopting cloud native computing.'
+				},
+		{
+			type: 1,
+			name: 'Sphere Software, LLC',
+			logo: 'spheresoftware',
+			link: 'https://sphereinc.com/kubernetes/',
+			blurb: 'The Sphere Software team of experts allows customers to architect and implement scalable applications using Kubernetes in Google Cloud, AWS, and Azure.'
+				},
+		{
+			type: 1,
+			name: 'Altoros',
+			logo: 'altoros',
+			link: 'https://www.altoros.com/container-orchestration-tools-enablement.html',
+			blurb: 'Deployment and configuration of Kubernetes, Optimization of existing solutions, training for developers on using Kubernetes, support.'
+				},
+		{
+			type: 0,
+			name: 'Cloudbase Solutions',
+			logo: 'cloudbase',
+			link: 'https://cloudbase.it/kubernetes',
+			blurb: 'Cloudbase Solutions provides Kubernetes cross-cloud interoperability for Windows and Linux deployments based on open source technologies.'
+				},
+		{
+			type: 0,
+			name: 'Codefresh',
+			logo: 'codefresh',
+			link: 'https://codefresh.io/kubernetes-deploy/',
+			blurb: 'Codefresh is a complete DevOps platform built for containers and Kubernetes. With CI/CD pipelines, image management, and deep integrations into Kubernetes and Helm.'
+				},
+		{
+			type: 0,
+			name: 'NetApp',
+			logo: 'netapp',
+			link: 'http://netapp.io/2016/12/23/introducing-trident-dynamic-persistent-volume-provisioner-kubernetes/',
+			blurb: 'Dynamic provisioning and persistent storage support.'
+				},
+		{
+			type: 0,
+			name: 'OpenEBS',
+			logo: 'OpenEBS',
+			link: 'https://openebs.io/',
+ 			blurb: 'OpenEBS is containerized storage for containers integrated tightly into Kubernetes and based on distributed block storage and containerization of storage control. OpenEBS derives intent from K8s and other YAML or JSON such as per container QoS SLAs, tiering and replica policies, and more. OpenEBS is EBS API compliant.'
+				},
+		{
+			type: 3,
+			name: 'Google Kubernetes Engine',
+			logo: 'google',
+			link: 'https://cloud.google.com/kubernetes-engine/',
+			blurb: 'Google - Google Kubernetes Engine'
+				},
+		{
+			type: 1,
+			name: 'Superorbital',
+			logo: 'superorbital',
+			link: 'https://superorbit.al/workshops/kubernetes/',
+			blurb: 'Helping companies navigate the Cloud Native waters through Kubernetes consulting and training.'
+				},
+		{
+			type: 3,
+			name: 'Apprenda',
+			logo: 'apprenda',
+			link: 'https://apprenda.com/kismatic/',
+			blurb: 'Apprenda - Kismatic Enterprise Toolkit (KET)'
+				},
+		{
+			type: 3,
+			name: 'Red Hat',
+			logo: 'redhat',
+			link: 'https://www.openshift.com',
+			blurb: 'Red Hat - OpenShift Online and OpenShift Container Platform'
+				},
+		{
+			type: 3,
+			name: 'Rancher',
+			logo: 'rancher',
+			link: 'http://rancher.com/kubernetes/',
+			blurb: 'Rancher Inc. - Rancher Kubernetes'
+				},
+		{
+			type: 3,
+			name: 'Canonical',
+			logo: 'canonical',
+			link: 'https://www.ubuntu.com/kubernetes',
+			blurb: 'The Canonical Distribution of Kubernetes enables you to operate Kubernetes clusters on demand on any major public cloud and private infrastructure.'
+				},
+		{
+			type: 2,
+			name: 'Canonical',
+			logo: 'canonical',
+			link: 'https://www.ubuntu.com/kubernetes',
+			blurb: 'Canonical Ltd. - Canonical Distribution of Kubernetes'
+				},
+		{
+			type: 3,
+			name: 'Cisco',
+			logo: 'cisco',
+			link: 'https://www.cisco.com',
+			blurb: 'Cisco Systems - Cisco Container Platform'
+				},
+		{
+			type: 3,
+			name: 'Cloud Foundry',
+			logo: 'cff',
+			link: 'https://www.cloudfoundry.org/container-runtime/',
+			blurb: 'Cloud Foundry - Cloud Foundry Container Runtime'
+				},
+		{
+			type: 3,
+			name: 'IBM',
+			logo: 'ibm',
+			link: 'https://www.ibm.com/cloud/container-service',
+			blurb: 'IBM - IBM Cloud Kubernetes Service'
+				},
+		{
+			type: 2,
+			name: 'IBM',
+			logo: 'ibm',
+			link: 'https://www.ibm.com/cloud-computing/bluemix/containers',
+			blurb: 'The IBM Bluemix Container Service combines Docker and Kubernetes to deliver powerful tools, an intuitive user experiences, and built-in security and isolation to enable rapid delivery of applications all while leveraging Cloud Services including cognitive capabilities from Watson.'
+				},
+		{
+			type: 3,
+			name: 'Samsung',
+			logo: 'samsung_sds',
+			link: 'https://github.com/samsung-cnct/kraken',
+			blurb: 'Samsung SDS - Kraken'
+				},
+		{
+			type: 3,
+			name: 'IBM',
+			logo: 'ibm',
+			link: 'https://www.ibm.com/cloud-computing/products/ibm-cloud-private/',
+			blurb: 'IBM - IBM Cloud Private'
+				},
+		{
+			type: 3,
+			name: 'Kinvolk',
+			logo: 'kinvolk',
+			link: 'https://github.com/kinvolk/kube-spawn',
+			blurb: 'Kinvolk - kube-spawn'
+				},
+		{
+			type: 3,
+			name: 'Heptio',
+			logo: 'heptio',
+			link: 'https://aws.amazon.com/quickstart/architecture/heptio-kubernetes',
+			blurb: 'Heptio - AWS-Quickstart'
+				},
+		{
+			type: 2,
+			name: 'Heptio',
+			logo: 'heptio',
+			link: 'http://heptio.com',
+			blurb: 'Heptio helps businesses of all sizes get closer to the vibrant Kubernetes community.'
+				},
+		{
+			type: 3,
+			name: 'StackPointCloud',
+			logo: 'stackpoint',
+			link: 'https://stackpoint.io',
+			blurb: 'StackPointCloud - StackPointCloud'
+				},
+		{
+			type: 2,
+			name: 'StackPointCloud',
+			logo: 'stackpoint',
+			link: 'https://stackpoint.io',
+			blurb: 'StackPointCloud offers a wide range of support plans for managed Kubernetes clusters built through its universal control plane for Kubernetes Anywhere.'
+				},
+		{
+			type: 3,
+			name: 'Caicloud',
+			logo: 'caicloud',
+			link: 'https://caicloud.io/products/compass',
+			blurb: 'Caicloud - Compass'
+				},
+		{
+			type: 2,
+			name: 'Caicloud',
+			logo: 'caicloud',
+			link: 'https://caicloud.io/',
+			blurb: 'Founded by ex-Googlers,and early Kubernetes contributors, Caicloud leverages Kubernetes to provide container products which have successfully served Fortune 500 enterprises, and  further utilizes Kubernetes as a vehicle to deliver ultra-speed deep learning experience.'
+				},
+		{
+			type: 3,
+			name: 'Alibaba',
+			logo: 'alibaba',
+			link: 'https://www.aliyun.com/product/containerservice?spm=5176.8142029.388261.219.3836dbccRpJ5e9',
+			blurb: 'Alibaba Cloud - Alibaba Cloud Container Service'
+				},
+		{
+			type: 3,
+			name: 'Tencent',
+			logo: 'tencent',
+			link: 'https://cloud.tencent.com/product/ccs?lang=en',
+			blurb: 'Tencent Cloud - Tencent Cloud Container Service'
+				},
+		{
+			type: 3,
+			name: 'Huawei',
+			logo: 'huawei',
+			link: 'http://www.huaweicloud.com/product/cce.html',
+			blurb: 'Huawei - Huawei Cloud Container Engine'
+				},
+		{
+			type: 2,
+			name: 'Huawei',
+			logo: 'huawei',
+			link: 'http://developer.huawei.com/ict/en/site-paas',
+			blurb: 'FusionStage is an enterprise-grade Platform as a Service product, the core of which is based on mainstream open source container technology including Kubernetes and Docker.'
+				},
+		{
+			type: 3,
+			name: 'Google',
+			logo: 'google',
+			link: 'https://github.com/kubernetes/kubernetes/tree/master/cluster',
+			blurb: 'Google - kube-up.sh on Google Compute Engine'
+				},
+		{
+			type: 3,
+			name: 'Poseidon',
+			logo: 'poseidon',
+			link: 'https://typhoon.psdn.io/',
+			blurb: 'Poseidon - Typhoon'
+				},
+		{
+			type: 3,
+			name: 'Netease',
+			logo: 'netease',
+			link: 'https://www.163yun.com/product/container-service-dedicated',
+			blurb: 'Netease - Netease Container Service Dedicated'
+				},
+		{
+			type: 2,
+			name: 'Loodse',
+			logo: 'loodse',
+			link: 'https://loodse.com',
+			blurb: 'Loodse provides Kubernetes training & consulting, and host related events regularly across Europe.'
+				},
+		{
+			type: 4,
+			name: 'Loodse',
+			logo: 'loodse',
+			link: 'https://loodse.com',
+			blurb: 'Loodse provides Kubernetes training & consulting, and host related events regularly across Europe.'
+				},
+		{
+			type: 4,
+			name: 'LF Training',
+			logo: 'lf-training',
+			link: 'https://training.linuxfoundation.org/',
+			blurb: 'The Linux Foundation’s training program combines the broad, foundational knowledge with the networking opportunities that attendees need to thrive in their careers today.'
+				},
+		{
+			type: 3,
+			name: 'Loodse',
+			logo: 'loodse',
+			link: 'https://loodse.com',
+			blurb: 'Loodse - Kubermatic Container Engine'
+				},
+		{
+			type: 1,
+			name: 'LTI',
+			logo: 'lti',
+			link: 'https://www.lntinfotech.com/',
+			blurb: 'LTI helps enterprises architect, develop and support scalable cloud native apps using Docker and Kubernetes for private or public cloud.'
+				},
+		{
+			type: 3,
+			name: 'Microsoft',
+			logo: 'microsoft',
+			link: 'https://github.com/Azure/acs-engine',
+			blurb: 'Microsoft - Azure acs-engine'
+				},
+		{
+			type: 3,
+			name: 'Microsoft',
+			logo: 'microsoft',
+			link: 'https://docs.microsoft.com/en-us/azure/aks/',
+			blurb: 'Microsoft - Azure Container Service AKS'
+			  },
+		{
+			type: 3,
+			name: 'Oracle',
+			logo: 'oracle',
+			link: 'http://www.wercker.com/product',
+			blurb: 'Oracle - Oracle Container Engine'
+				},
+		{
+			type: 3,
+			name: 'Oracle',
+			logo: 'oracle',
+			link: 'https://github.com/oracle/terraform-kubernetes-installer',
+			blurb: 'Oracle -  Oracle Terraform Kubernetes Installer'
+				},
+		{
+			type: 3,
+			name: 'Mesosphere',
+			logo: 'mesosphere',
+			link: 'https://mesosphere.com/kubernetes/',
+			blurb: 'Mesosphere -  Kubernetes on DC/OS'
+				},
+		{
+			type: 3,
+			name: 'Appscode',
+			logo: 'appscode',
+			link: 'https://appscode.com/products/cloud-deployment/',
+			blurb: 'Appscode - Pharmer'
+				},
+		{
+			type: 3,
+			name: 'SAP',
+			logo: 'sap',
+			link: 'https://cloudplatform.sap.com/index.html',
+			blurb: 'SAP - Cloud Platform - Gardener (not yet released)'
+				},
+		{
+			type: 3,
+			name: 'Oracle',
+			logo: 'oracle',
+			link: 'https://www.oracle.com/linux/index.html',
+			blurb: 'Oracle - Oracle Linux Container Services for use with Kubernetes'
+				},
+		{
+			type: 3,
+			name: 'CoreOS',
+			logo: 'coreos',
+			link: 'https://github.com/kubernetes-incubator/bootkube',
+			blurb: 'CoreOS - bootkube'
+				},
+		{
+			type: 2,
+			name: 'CoreOS',
+			logo: 'coreos',
+			link: 'https://coreos.com/',
+			blurb: 'Tectonic is the enterprise-ready Kubernetes product, by CoreOS. It adds key features to allow you to manage, update, and control clusters in production.'
+				},
+		{
+			type: 3,
+			name: 'Weaveworks',
+			logo: 'weave_works',
+			link: '/docs/setup/independent/create-cluster-kubeadm/',
+			blurb: 'Weaveworks - kubeadm'
+				},
+		{
+			type: 3,
+			name: 'Joyent',
+			logo: 'joyent',
+			link: 'https://github.com/joyent/triton-kubernetes',
+			blurb: 'Joyent - Triton Kubernetes'
+				},
+		{
+			type: 3,
+			name: 'Wise2c',
+			logo: 'wise2c',
+			link: 'http://www.wise2c.com/solution',
+			blurb: 'Wise2C Technology - WiseCloud'
+				},
+		{
+			type: 2,
+			name: 'Wise2c',
+			logo: 'wise2c',
+			link: 'http://www.wise2c.com',
+			blurb: 'Using Kubernetes to providing IT continuous delivery and Enterprise grade container management solution to Financial Industry.'
+				},
+		{
+			type: 3,
+			name: 'Docker',
+			logo: 'docker',
+			link: 'https://www.docker.com/enterprise-edition',
+			blurb: 'Docker - Docker Enterprise Edition'
+				},
+		{
+			type: 3,
+			name: 'Daocloud',
+			logo: 'daocloud',
+			link: 'http://www.daocloud.io/dce',
+			blurb: 'DaoCloud - DaoCloud Enterprise'
+				},
+		{
+			type: 2,
+			name: 'Daocloud',
+			logo: 'daocloud',
+			link: 'http://www.daocloud.io/dce',
+			blurb: 'We provide enterprise-level cloud native application platform that supports both Kubernetes and Docker Swarm.'
+				},
+		{
+			type: 4,
+			name: 'Daocloud',
+			logo: 'daocloud',
+			link: 'http://www.daocloud.io/dce',
+			blurb: 'We provide enterprise-level cloud native application platform that supports both Kubernetes and Docker Swarm.'
+				},
+		{
+			type: 3,
+			name: 'SUSE',
+			logo: 'suse',
+			link: 'https://www.suse.com/products/caas-platform/',
+			blurb: 'SUSE - SUSE CaaS (Container as a Service) Platform'
+				},
+		{
+			type: 3,
+			name: 'Pivotal',
+			logo: 'pivotal',
+			link: 'https://cloud.vmware.com/pivotal-container-service',
+			blurb: 'Pivotal/VMware - Pivotal Container Service (PKS)'
+				},
+		{
+			type: 3,
+			name: 'VMware',
+			logo: 'vmware',
+			link: 'https://cloud.vmware.com/pivotal-container-service',
+			blurb: 'Pivotal/VMware - Pivotal Container Service (PKS)'
+				},
+		{
+			type: 3,
+			name: 'Alauda',
+			logo: 'alauda',
+			link: 'http://www.alauda.cn/product/detail/id/68.html',
+			blurb: 'Alauda - Alauda EE'
+				},
+		{
+			type: 4,
+			name: 'Alauda',
+			logo: 'alauda',
+			link: 'http://www.alauda.cn/product/detail/id/68.html',
+			blurb: 'Alauda provides Kubernetes-Centric Enterprise Platform-as-a-Service offerings with a razor focus on delivering Cloud Native capabilities and DevOps best practices to enterprise customers across industries in China.'
+				},
+		{
+			type: 2,
+			name: 'Alauda',
+			logo: 'alauda',
+			link: 'www.alauda.io',
+			blurb: 'Alauda provides Kubernetes-Centric Enterprise Platform-as-a-Service offerings with a razor focus on delivering Cloud Native capabilities and DevOps best practices to enterprise customers across industries in China.'
+				},
+		{
+			type: 3,
+			name: 'EasyStack',
+			logo: 'easystack',
+			link: 'https://easystack.cn/eks/',
+			blurb: 'EasyStack - EasyStack Kubernetes Service (EKS)'
+				},
+		{
+			type: 3,
+			name: 'CoreOS',
+			logo: 'coreos',
+			link: 'https://coreos.com/tectonic/',
+			blurb: 'CoreOS - Tectonic'
+				},
+		{
+			type: 0,
+			name: 'GoPaddle',
+			logo: 'gopaddle',
+			link: 'https://gopaddle.io',
+			blurb: 'goPaddle is a DevOps platform for Kubernetes developers. It simplifies the Kubernetes Service creation and maintenance through source to image conversion, build & version management, team management, access controls and audit logs, single click provision of Kubernetes Clusters across multiple clouds from a single console.'
+				},
+		{
+			type: 0,
+			name: 'Vexxhost',
+			logo: 'vexxhost',
+			link: 'https://vexxhost.com/public-cloud/container-services/kubernetes/',
+			blurb: 'VEXXHOST offers a high-performance container management service powered by Kubernetes and OpenStack Magnum.'
+				},
+		{
+			type: 1,
+			name: 'Component Soft',
+			logo: 'componentsoft',
+			link: 'https://www.componentsoft.eu/?p=3925',
+			blurb: 'Component Soft offers training, consultation and support around open cloud technologies like Kubernetes, Docker, Openstack and Ceph.'
+				},
+		{
+			type: 0,
+			name: 'Datera',
+			logo: 'datera',
+			link: 'http://www.datera.io/kubernetes/',
+			blurb: 'Datera delivers high performance, self-managing elastic block storage with self-service provisioning for deploying Kubernetes at scale.'
+				},
+		{
+			type: 0,
+			name: 'Containership',
+			logo: 'containership',
+			link: 'https://containership.io/',
+			blurb: 'Containership is a cloud agnostic managed kubernetes offering that supports automatic provisioning on over 14 cloud providers.'
+				},
+		{
+			type: 0,
+			name: 'Pure Storage',
+			logo: 'pure_storage',
+			link: 'https://hub.docker.com/r/purestorage/k8s/',
+			blurb: 'Our flexvol driver and dynamic provisioner allow FlashArray/Flashblade storage devices to be consumed as first class persistent storage from within Kubernetes.'
+				},
+		{
+			type: 0,
+			name: 'Elastisys',
+			logo: 'elastisys',
+			link: 'https://elastisys.com/kubernetes/',
+			blurb: 'Predictive autoscaling - detects recurring workload variations, irregular traffic spikes, and everything in between. Runs K8s in any public or private cloud.'
+				},
+		{
+			type: 0,
+			name: 'Portworx',
+			logo: 'portworx',
+			link: 'https://portworx.com/use-case/kubernetes-storage/',
+			blurb: 'With Portworx, you can manage any database or stateful service on any infrastructure using Kubernetes. You get a single data management layer for all of your stateful services, no matter where they run.'
+				},
+		{
+			type: 1,
+			name: 'Object Computing, Inc.',
+			logo: 'objectcomputing',
+			link: 'https://objectcomputing.com/services/software-engineering/devops/kubernetes-services',
+			blurb: 'Our portfolio of DevOps consulting services includes Kubernetes support, development, and training.'
+				},
+		{
+			type: 1,
+			name: 'Isotoma',
+			logo: 'isotoma',
+			link: 'https://www.isotoma.com/blog/2017/10/24/containerisation-tips-for-using-kubernetes-with-aws/',
+			blurb: 'Based in the North of England, Amazon partners who are delivering Kubernetes solutions on AWS for replatforming and native development.'
+				},
+		{
+			type: 1,
+			name: 'Servian',
+			logo: 'servian',
+			link: 'https://www.servian.com/cloud-and-technology/',
+			blurb: 'Based in Australia, Servian provides advisory, consulting and managed services to support both application and data centric kubernetes use cases.'
+				},
+		{
+			type: 1,
+			name: 'Redzara',
+			logo: 'redzara',
+			link: 'http://redzara.com/cloud-service',
+			blurb: 'Redzara has wide and in-depth experience in Cloud automation, now taking one giant step by providing container service offering and services to our customers.'
+				},
+		{
+			type: 0,
+			name: 'Dataspine',
+			logo: 'dataspine',
+			link: 'http://dataspine.xyz/',
+			blurb: 'Dataspine is building a secure, elastic and serverless deployment platform for production ML/AI workloads on top of k8s.'
+				},
+		{
+			type: 1,
+			name: 'CloudBourne',
+			logo: 'cloudbourne',
+			link: 'https://cloudbourne.com/kubernetes-enterprise-hybrid-cloud/',
+			blurb: 'Want to achieve maximum build, deploy and monitoring automation using Kubernetes? We can help.'
+				},
+		{
+			type: 0,
+			name: 'CloudBourne',
+			logo: 'cloudbourne',
+			link: 'https://cloudbourne.com/',
+			blurb: 'Our AppZ Hybrid Cloud Platform can help you achieve your digital transformation goals using the powerful Kubernetes.'
+				},
+		{
+			type: 3,
+			name: 'BoCloud',
+			logo: 'bocloud',
+			link: 'http://www.bocloud.com.cn/en/index.html',
+			blurb: 'BoCloud - BeyondcentContainer'
+				},
+		{
+			type: 2,
+			name: 'Naitways',
+			logo: 'naitways',
+			link: 'https://www.naitways.com/',
+			blurb: 'Naitways is an Operator (AS57119), Integrator and Cloud Services Provider (our own !). We aim to provide value-added services through our mastering of the whole value chain (Infrastructure, Network, Human skills). Private and Public Cloud is available through Kubernetes managed or unmanaged.'
+				},
+		{
+			type: 2,
+			name: 'Kinvolk',
+			logo: 'kinvolk',
+			link: 'https://kinvolk.io/kubernetes/',
+			blurb: 'Kinvolk offers Kubernetes engineering & operations support from cluster to kernel. Leading cloud-native organizations turn to Kinvolk for deep-stack Linux expertise.'
+				},
+		{
+			type: 1,
+			name: 'Cascadeo Corporation',
+			logo: 'cascadeo',
+			link: 'http://www.cascadeo.com/',
+			blurb: 'Cascadeo designs, implements, and manages containerized workloads with Kubernetes, for both existing applications and greenfield development projects.'
+				},
+		{
+			type: 1,
+			name: 'Elastisys AB',
+			logo: 'elastisys',
+			link: 'https://elastisys.com/services/#kubernetes',
+			blurb: 'We design, build, and operate Kubernetes clusters. We are experts in highly available and self-optimizing Kubernetes infrastructures'
+				},
+		{
+			type: 1,
+			name: 'Greenfield Guild',
+			logo: 'greenfield',
+			link: 'http://greenfieldguild.com/',
+			blurb: 'The Greenfield Guild builds quality open source solutions on, and offers training and support for, Kubernetes in any environment.'
+				},
+		{
+			type: 1,
+			name: 'PolarSeven',
+			logo: 'polarseven',
+			link: 'https://polarseven.com/what-we-do/kubernetes/',
+			blurb: 'To get started up and running with Kubernetes (K8s) our PolarSeven consultants can help you with creating a fully functional dockerized environment to run and deploy your applications.'
+				},
+		{
+			type: 1,
+			name: 'Kloia',
+			logo: 'kloia',
+			link: 'https://kloia.com/kubernetes/',
+			blurb: 'Kloia is DevOps and Microservices Consultancy company that helps its customers to migrate their environment to cloud platforms for enabling more scalable and secure environments. We use Kubernetes to provide our customers all-in-one solutions in an cloud-agnostic way.'
+				},
+		{
+			type: 0,
+			name: 'Bluefyre',
+			logo: 'bluefyre',
+			link: 'https://www.bluefyre.io',
+			blurb: 'Bluefyre offers a developer-first security platform that is native to Kubernetes. Bluefyre helps your development team ship secure code on Kubernetes faster!'
+				},
+		{
+			type: 0,
+			name: 'Harness',
+			logo: 'harness',
+			link: 'https://harness.io/harness-continuous-delivery/secret-sauce/smart-automation/',
+			blurb: 'Harness offers Continuous Delivery As-A-Service will full support for containerized apps and Kubernetes clusters.'
+				},
+		{
+			type: 0,
+			name: 'VMware - Wavefront',
+			logo: 'wavefront',
+			link: 'https://www.wavefront.com/solutions/container-monitoring/',
+			blurb: 'The Wavefront platform provides metrics-driven analytics and monitoring for  Kubernetes and container dashboards for DevOps and developer teams delivering visibility into high-level services as well as granular container metrics.'
+				},
+		{
+			type: 0,
+			name: 'Bloombase, Inc.',
+			logo: 'bloombase',
+			link: 'https://www.bloombase.com/go/kubernetes',
+			blurb: 'Bloombase provides high bandwidth, defense-in-depth data-at-rest encryption to lock down Kubernetes crown-jewels at scale.'
+				},
+		{
+			type: 0,
+			name: 'Kasten',
+			logo: 'kasten',
+			link: 'https://kasten.io/product/',
+			blurb: 'Kasten provides enterprise solutions specifically built to address the operational complexity of data management in cloud-native environments.'
+				},
+		{
+			type: 0,
+			name: 'Humio',
+			logo: 'humio',
+			link: 'https://humio.com',
+			blurb: 'Humio is a log aggregation database. We offer a Kubernetes integration that will give you insights to your logs across apps and instances.'
+				},
+		{
+			type: 0,
+			name: 'Outcold Solutions LLC',
+			logo: 'outcold',
+			link: 'https://www.outcoldsolutions.com/#monitoring-kubernetes',
+			blurb: 'Powerful Certified Splunk applications for Monitoring OpenShift, Kubernetes and Docker.'
+				},
+		{
+			type: 0,
+			name: 'SysEleven GmbH',
+			logo: 'syseleven',
+			link: 'http://www.syseleven.de/',
+			blurb: 'Enterprise Customers who are in need of bulletproof operations (High Performance E-Commerce and Enterprise Portals)'
+				},
+		{
+			type: 0,
+			name: 'Landoop',
+			logo: 'landoop',
+			link: 'http://lenses.stream',
+			blurb: 'Lenses for Apache Kafka, to deploy, manage and operate with confidence data streaming pipelines and topologies at scale with confidence and native Kubernetes integration.'
+				},
+		{
+			type: 0,
+			name: 'Redis Labs',
+			logo: 'redis',
+			link: 'https://redislabs.com/blog/getting-started-with-kubernetes-and-redis-using-redis-enterprise/',
+			blurb: 'Redis Enterprise extends open source Redis and delivers stable high performance and linear scaling required for building microservices on the Kubernetes platform.'
+				},
+		{
+			type: 3,
+			name: 'Diamanti',
+			logo: 'diamanti',
+			link: 'https://diamanti.com/',
+			blurb: 'Diamanti - Diamanti-D10'
+				},
+		{
+			type: 3,
+			name: 'Eking',
+			logo: 'eking',
+			link: 'http://www.eking-tech.com/',
+			blurb: 'Hainan eKing Technology Co. - eKing Cloud Container Platform'
+				},
+		{
+			type: 3,
+			name: 'Harmony Cloud',
+			logo: 'harmony',
+			link: 'http://harmonycloud.cn/products/rongqiyun/',
+			blurb: 'Harmonycloud - Harmonycloud Container Platform'
+				},
+		{
+			type: 3,
+			name: 'Woqutech',
+			logo: 'woqutech',
+			link: 'http://woqutech.com/product_qfusion.html',
+			blurb: 'Woqutech - QFusion'
+				},
+		{
+			type: 3,
+			name: 'Baidu',
+			logo: 'baidu',
+			link: 'https://cloud.baidu.com/product/cce.html',
+			blurb: 'Baidu Cloud - Baidu Cloud Container Engine'
+				},
+		{
+			type: 3,
+			name: 'ZTE',
+			logo: 'zte',
+			link: 'https://sdnfv.zte.com.cn/en/home',
+			blurb: 'ZTE - TECS OpenPalette'
+				},
+		{
+			type: 1,
+			name: 'Automatic Server AG',
+			logo: 'asag',
+			link: 'http://www.automatic-server.com/paas.html',
+			blurb: 'We install and operate Kubernetes in big enterprises, create deployment workflows and help to migrate.'
+				},
+		{
+			type: 1,
+			name: 'Circulo Siete',
+			logo: 'circulo',
+			link: 'https://circulosiete.com/consultoria/kubernetes/',
+			blurb: 'We are a Mexico based company offering training, consulting and support to migrate your workloads to Kubernetes, Cloud Native Microservices & Devops.'
+				},
+		{
+			type: 1,
+			name: 'DevOpsGuru',
+			logo: 'devopsguru',
+			link: 'http://devopsguru.ca/workshop',
+			blurb: 'DevOpsGuru work with small business to transform from physical to virtual to containerization.'
+				},
+		{
+			type: 1,
+			name: 'EIN Intelligence Co., Ltd',
+			logo: 'ein',
+			link: 'https://ein.io',
+			blurb: 'Startups and agile enterprises in South Korea.'
+				},
+		{
+			type: 0,
+			name: 'GuardiCore',
+			logo: 'guardicore',
+			link: 'https://www.guardicore.com/',
+			blurb: 'GuardiCore provided process level visibility and network policy enforcement on containerized assets on the Kubernetes platform.'
+				},
+		{
+			type: 0,
+			name: 'Hedvig',
+			logo: 'hedvig',
+			link: 'https://www.hedviginc.com/blog/provisioning-hedvig-storage-with-kubernetes',
+			blurb: 'Hedvig is software-defined storage that uses NFS or iSCSI for persistent volumes for provisioning shared storage for pods and containers.'
+				},
+		{
+			type: 0,
+			name: 'Hewlett Packard Enterprise',
+			logo: 'hpe',
+			link: ' https://www.hpe.com/us/en/storage/containers.html',
+			blurb: 'Persistent Storage that makes data as easy to manage as containers: dynamic provisioning, policy-based performance & protection, QoS, & more.'
+				},
+		{
+			type: 0,
+			name: 'JetBrains',
+			logo: 'jetbrains',
+			link: 'https://blog.jetbrains.com/teamcity/2017/10/teamcity-kubernetes-support-plugin/',
+			blurb: 'Run TeamCity cloud build agents in a Kubernetes cluster. Provides Helm support as a build step.'
+				},
+		{
+			type: 2,
+			name: 'Opensense',
+			logo: 'opensense',
+			link: 'http://www.opensense.fr/en/kubernetes-en/',
+			blurb: 'We provide Kubernetes services (integration, operation, training) as well as development of banking microservices based on our extended experience with cloud of containers, microservices, data management and financial sector.'
+				},
+		{
+			type: 2,
+			name: 'SAP SE',
+			logo: 'sap',
+			link: 'https://cloudplatform.sap.com',
+			blurb: 'The SAP Cloud Platform provides in-memory capabilities and unique business services for building and extending applications. With open sourced Project Gardener, SAP utilizes the power of Kubernetes to enable an open, robust, multi-cloud experience for our customers. You can use simple, modern cloud native design principles and leverage skills your organization already has to deliver agile and transformative applications, while integrating with the latest SAP Leonardo business features.'
+				},
+		{
+			type: 1,
+			name: 'Mobilise Cloud Services Limited',
+			logo: 'mobilise',
+			link: 'https://www.mobilise.cloud/en/services/serverless-application-delivery/',
+			blurb: 'Mobilise helps organisations adopt Kubernetes and integrate with their CI/CD tooling.'
+				},
+		{
+			type: 3,
+			name: 'AWS',
+			logo: 'aws',
+			link: 'https://aws.amazon.com/eks/',
+			blurb: 'Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes clusters.'
+				},
+		{
+			type: 3,
+			name: 'Kontena',
+			logo: 'kontena',
+			link: 'https://pharos.sh',
+			blurb: 'Kontena Pharos - The simple, solid, certified Kubernetes distribution that just works.'
+					},
+		{
+			type: 2,
+			name: 'NTTData',
+			logo: 'nttdata',
+			link: 'http://de.nttdata.com/altemista-cloud',
+			blurb: 'NTT DATA, a member of the NTT Group, brings the power of the worlds leading infrastructure provider in the global K8s community.'
+					},
+		{
+			type: 2,
+			name: 'OCTO',
+			logo: 'octo',
+			link: 'https://www.octo.academy/fr/formation/275-kubernetes-utiliser-architecturer-et-administrer-une-plateforme-de-conteneurs',
+			blurb: 'OCTO technology provides training, architecture, technical consulting and delivery services including containers and Kubernetes.'
+					},
+		{
+			type: 0,
+			name: 'Logdna',
+			logo: 'logdna',
+			link: 'https://logdna.com/kubernetes',
+			blurb: 'Pinpoint production issues instantly with LogDNA, the best logging platform you will ever use. Get started with only 2 kubectl commands.'
+				}
+	]
+
+	var kcspContainer = document.getElementById('kcspContainer')
+	var distContainer = document.getElementById('distContainer')
+	var ktpContainer = document.getElementById('ktpContainer')
+	var isvContainer = document.getElementById('isvContainer')
+	var servContainer = document.getElementById('servContainer')
+
+	var sorted = partners.sort(function (a, b) {
+		if (a.name > b.name) return 1
+		if (a.name < b.name) return -1
+		return 0
+	})
+
+	sorted.forEach(function (obj) {
+		var box = document.createElement('div')
+		box.className = 'partner-box'
+
+		var img = document.createElement('img')
+		img.src = '/images/square-logos/' + obj.logo + '.png'
+
+		var div = document.createElement('div')
+
+		var p = document.createElement('p')
+		p.textContent = obj.blurb
+
+		var link = document.createElement('a')
+		link.href = obj.link
+		link.target = '_blank'
+		link.textContent = 'Learn more'
+
+		div.appendChild(p)
+		div.appendChild(link)
+
+		box.appendChild(img)
+		box.appendChild(div)
+
+		var container;
+    if (obj.type === 0) {
+      container = isvContainer;
+    } else if (obj.type === 1) {
+      container = servContainer;
+    } else if (obj.type === 2) {
+      container = kcspContainer;
+		} else if (obj.type === 3) {
+			container = distContainer;
+		} else if (obj.type === 4) {
+			container = ktpContainer;
+		}
+
+		container.appendChild(box)
+	})
+})();
diff --git a/content/zh/includes/partner-style.css b/content/zh/includes/partner-style.css
new file mode 100644
index 0000000000000..7aeb255dd5abc
--- /dev/null
+++ b/content/zh/includes/partner-style.css
@@ -0,0 +1,202 @@
+/*  SECTIONS  */
+.section {
+	clear: both;
+	padding: 0px;
+	margin-bottom: 2em;
+}
+
+.kcsp_section {
+	clear: both;
+	padding: 0px;
+	margin-bottom: 2em;
+}
+
+/*  COLUMN SETUP  */
+.col {
+	display: block;
+	float:left;
+	margin: 1% 0 1% 1.6%;
+	background-color: #f9f9f9;
+}
+.col:first-child { margin-left: 0; }
+
+
+/*  GROUPING  */
+.group:before,
+.group:after {
+	content:"";
+	display:table;
+}
+.group:after {
+	clear:both;
+}
+.group {
+    zoom:1; /* For IE 6/7 */
+}
+
+/*  GRID OF THREE  */
+.span_3_of_3 {
+	width: 35%;
+	background-color: #f9f9f9;
+	padding: 20px;
+}
+.span_2_of_3 {
+	width: 35%;
+	background-color: #f9f9f9;
+	padding: 20px;
+}
+.span_1_of_3 {
+	width: 35%;
+	background-color: #f9f9f9;
+	padding: 20px;
+}
+
+.col-container {
+    display: table; /* Make the container element behave like a table */
+    width: 100%; /* Set full-width to expand the whole page */
+		padding-bottom: 30px;
+}
+
+.col-nav {
+    display: table-cell; /* Make elements inside the container behave like table cells */
+		width: 18%;
+		background-color: #f9f9f9;
+		padding: 20px;
+		border: 5px solid white;
+}
+
+/*  GO FULL WIDTH AT LESS THAN 480 PIXELS */
+
+@media only screen and (max-width: 480px) {
+	.col { margin: 1% 0 1% 0%;}
+	.span_3_of_3, .span_2_of_3, .span_1_of_3 { width: 100%; }
+}
+
+@media only screen and (max-width: 650px) {
+    .col-nav {
+        display: block;
+        width: 100%;
+    }
+}
+
+.button{
+  max-width: 100%;
+	box-sizing: border-box;
+	font-family: "Roboto", sans-serif;
+	margin: 0;
+	display: inline-block;
+	border-radius: 6px;
+	padding: 0 20px;
+	line-height: 40px;
+	color: #ffffff;
+	font-size: 16px;
+	background-color: #3371e3;
+	text-decoration: none;
+ }
+
+h5 {
+	font-size: 16px;
+	line-height: 1.5em;
+	margin-bottom: 2em;
+}
+
+#usersGrid a {
+	display: inline-block;
+	background-color: #f9f9f9;
+}
+
+#ktpContainer, #distContainer, #kcspContainer, #isvContainer, #servContainer {
+	position: relative;
+	width: 100%;
+	display: flex;
+	justify-content: space-between;
+	flex-wrap: wrap;
+}
+
+#isvContainer {
+	margin-bottom: 80px;
+}
+
+#kcspContainer {
+	margin-bottom: 80px;
+}
+
+#distContainer {
+	margin-bottom: 80px;
+}
+
+#ktpContainer {
+	margin-bottom: 80px;
+}
+
+.partner-box {
+	position: relative;
+	width: 47%;
+	max-width: 48%;
+	min-width: 48%;
+	margin-bottom: 20px;
+	padding: 20px;
+	flex: 1;
+	display: flex;
+	justify-content: left;
+	align-items: flex-start;
+}
+
+.partner-box img {
+	background-color: #f9f9f9;
+}
+
+.partner-box > div {
+	margin-left: 30px;
+}
+
+.partner-box a {
+	color: #3576E3;
+}
+
+@media screen and (max-width: 1024px) {
+	.partner-box {
+		flex-direction: column;
+		justify-content: flex-start;
+	}
+
+	.partner-box > div {
+		margin: 20px 0 0;
+	}
+}
+
+@media screen and (max-width: 568px) {
+	#ktpContainer, #distContainter, #kcspContainer, #isvContainer, #servContainer {
+		justify-content: center;
+	}
+
+	.partner-box {
+		flex-direction: column;
+		justify-content: flex-start;
+		width: 100%;
+		max-width: 100%;
+		min-width: 100%;
+	}
+
+	.partner-box > div {
+		margin: 20px 0 0;
+	}
+}
+
+@media screen and (max-width: 568px) {
+	#ktpContainer, #distContainer, #kcspContainer, #isvContainer, #servContainer {
+		justify-content: center;
+	}
+
+	.partner-box {
+		flex-direction: column;
+		justify-content: flex-start;
+		width: 100%;
+		max-width: 100%;
+		min-width: 100%;
+	}
+
+	.partner-box > div {
+		margin: 20px 0 0;
+	}
+}
diff --git a/content/zh/includes/user-guide-migration-notice.md b/content/zh/includes/user-guide-migration-notice.md
index 263aec847954c..235b63f00d334 100644
--- a/content/zh/includes/user-guide-migration-notice.md
+++ b/content/zh/includes/user-guide-migration-notice.md
@@ -22,4 +22,3 @@
   </td>
 </tr>
 </table>
-
diff --git a/content/zh/partners/_index.html b/content/zh/partners/_index.html
new file mode 100644
index 0000000000000..8c418dd4eaa2c
--- /dev/null
+++ b/content/zh/partners/_index.html
@@ -0,0 +1,125 @@
+---
+title: 合作伙伴
+bigheader: Kubernetes 合作伙伴
+abstract: 发展 Kubernetes 生态圈
+class: gridPage
+cid: partners
+---
+
+<!--
+---
+title: Partners
+bigheader: Kubernetes Partners
+abstract: Growing the Kubernetes ecosystem.
+class: gridPage
+cid: partners
+---
+-->
+
+<section id="users">
+    <main>
+        <!-- <h5>Kubernetes works with partners to create a strong, vibrant codebase that supports a spectrum of complementary platforms.</h5> -->
+        <h5>Kubernetes 与合作伙伴携手打造一个强大、活跃的代码库，支持一系列互补平台。</h5>
+        <div class="col-container">
+          <div class="col-nav">
+            <center>
+              <!-- <h5><b>Kubernetes Certified Service Providers</b></h5> -->
+              <h5><b>Kubernetes 认证服务提供商</b></h5>
+              <!-- <br>Vetted service providers with deep experience helping enterprises successfully adopt Kubernetes. -->
+              <br>经过审核的服务提供商在帮助企业成功采用 Kubernetes 方面有深厚的经验。
+              <br><br><br>
+              <!-- <button id="kcsp" class="button" onClick="updateSrc(this.id)">See KCSP Partners</button> -->
+              <button id="kcsp" class="button" onClick="updateSrc(this.id)">参见 KCSP 合作伙伴</button>
+              <!-- <br><br>Interested in becoming a <a href="https://www.cncf.io/certification/kcsp/">KCSP</a>? -->
+              <br><br>想要成为<a href="https://www.cncf.io/certification/kcsp/">KCSP</a>吗?
+            </center>
+          </div>
+          <div class="col-nav"><center>
+            <h5>
+              <!-- b>Certified Kubernetes Distributions, Hosted Platforms, and Installers</b -->
+              <b>Kubernetes 认证的发行版本、托管平台以及安装工具</b>
+            <!-- </h5>Software conformance ensures that every vendor’s version of Kubernetes supports the required APIs. -->
+            </h5>软件合规性确保各厂商的 Kubernetes 版本都支持必需的 API。
+            <br><br><br>
+            <!-- <button id="conformance" class="button" onClick="updateSrc(this.id)">See Conformance Partners</button> -->
+            <button id="conformance" class="button" onClick="updateSrc(this.id)">参见合规性合作伙伴</button>
+            <!-- <br><br>Interested in becoming<a href="https://www.cncf.io/certification/software-conformance/">Certified Kubernetes</a>? -->
+            <br><br>想要成为<a href="https://www.cncf.io/certification/software-conformance/">Kubernetes 认证的厂商</a>吗?
+          </center></div>
+          <div class="col-nav"><center>
+            <h5>
+              <!-- <b>Kubernetes Training Partners</b> -->
+              <b>Kubernetes 培训合作伙伴</b>
+            </h5>
+            <!-- <br>Vetted training providers who have deep experience in cloud native technology training. -->
+            <br>经过审核的培训机构在云原生技术培训方面有深厚的经验。
+            <br><br><br><br>
+            <!-- <button id="ktp" class="button" onClick="updateSrc(this.id)">See KTP Partners</button> -->
+            <button id="ktp" class="button" onClick="updateSrc(this.id)">参见 KTP 合作伙伴</button>
+            <!-- <br><br>Interested in becoming a <a href="https://www.cncf.io/certification/training/">KTP</a>? -->
+            <br><br>想要成为<a href="https://www.cncf.io/certification/training/">KTP</a>吗?
+          </center></div>
+        </div>
+<script src="https://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
+<script type="text/javascript">
+
+			var defaultLink = "https://landscape.cncf.io/grouping=landscape&landscape=kubernetes-certified-service-provider&embed=true";
+			var firstLink = "https://landscape.cncf.io/grouping=landscape&landscape=certified-kubernetes-distribution,certified-kubernetes-hosted,certified-kubernetes-installer&embed=true";
+      var secondLink = "https://landscape.cncf.io/grouping=landscape&landscape=kubernetes-training-partner&embed=true";
+
+      function updateSrc(buttonId) {
+      	if (buttonId == "kcsp") {
+        		$("#landscape").attr("src",defaultLink);
+            window.location.hash = "#kcsp";
+        }
+        if (buttonId == "conformance") {
+         		$("#landscape").attr("src",firstLink);
+            window.location.hash = "#conformance";
+        }
+        if (buttonId == "ktp") {
+        		$("#landscape").attr("src",secondLink);
+            window.location.hash = "#ktp";
+        }
+      }
+
+      // Automatically load the correct iframe based on the URL fragment
+      document.addEventListener('DOMContentLoaded', function() {
+        var showContent = "kcsp";
+        if (window.location.hash) {
+          console.log('hash is:', window.location.hash.substring(1));
+          showContent = window.location.hash.substring(1);
+        }
+        updateSrc(showContent);
+      });
+</script>
+<body>
+    <div id="frameHolder">
+      <iframe id="landscape" frameBorder="0" scrolling="no" style="width: 1px; min-width: 100%" src=""></iframe>
+      <script src="https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.0/iframeResizer.js"></script>
+      <script>
+        document.addEventListener('DOMContentLoaded', function() {
+          iFrameResize({
+            log:true,
+            messageCallback         : function(messageData){ // Callback fn when message is received
+              if (messageData.message.type === 'showModal') {
+                document.querySelector('body').style.overflow = 'hidden';
+              }
+              if (messageData.message.type === 'hideModal') {
+                document.querySelector('body').style.overflow = 'auto';
+              }
+            },
+          }, '#landscape');
+        });
+      </script>
+    </div>
+</body>
+    </main>
+</section>
+
+<style>
+    {{< include "partner-style.css" >}}
+</style>
+
+<script>
+    {{< include "partner-script.js" >}}
+</script>
diff --git a/i18n/zh.toml b/i18n/zh.toml
index 3f1dc6b192e72..e3048c30afcd8 100644
--- a/i18n/zh.toml
+++ b/i18n/zh.toml
@@ -30,6 +30,15 @@ other = "否"
 [latest_version]
 other = "最新版本。"
 
+[version_check_mustbe]
+other = "您的 Kubernetes 服务器必须是版本 "
+
+[version_check_mustbeorlater]
+other = "您的 Kubernetes 服务器必须等于或高于版本 "
+
+[version_check_tocheck]
+other = "为了检查版本, 输入 "
+
 [main_read_about]
 other = "Read about"