[zh-cn] sync resource-quotas configure-redis-using-configmap tutorial…

…s/security/* hello-minikube

Signed-off-by: xin.li <xin.li@daocloud.io>

content/zh-cn/docs/concepts/policy/resource-quotas.md

@@ -752,11 +752,11 @@ from getting scheduled in a failure domain.
 <!--
 Using this scope operators can prevent certain namespaces (`foo-ns` in the example below)
 from having pods that use cross-namespace pod affinity by creating a resource quota object in
-that namespace with `CrossNamespaceAffinity` scope and hard limit of 0:
+that namespace with `CrossNamespacePodAffinity` scope and hard limit of 0:
 -->
 使用此作用域操作符可以避免某些名字空间（例如下面例子中的 `foo-ns`）运行特别的 Pod，
 这类 Pod 使用跨名字空间的 Pod 亲和性约束，在该名字空间中创建了作用域为
-`CrossNamespaceAffinity` 的、硬性约束为 0 的资源配额对象。
+`CrossNamespacePodAffinity` 的、硬性约束为 0 的资源配额对象。
 
 ```yaml
 apiVersion: v1
@@ -769,17 +769,18 @@ spec:
     pods: "0"
   scopeSelector:
     matchExpressions:
-    - scopeName: CrossNamespaceAffinity
+    - scopeName: CrossNamespacePodAffinity
+      operator: Exists
 ```
 
 <!--
 If operators want to disallow using `namespaces` and `namespaceSelector` by default, and
-only allow it for specific namespaces, they could configure `CrossNamespaceAffinity`
+only allow it for specific namespaces, they could configure `CrossNamespacePodAffinity`
 as a limited resource by setting the kube-apiserver flag --admission-control-config-file
 to the path of the following configuration file:
 -->
 如果集群运维人员希望默认禁止使用 `namespaces` 和 `namespaceSelector`，
-而仅仅允许在特定名字空间中这样做，他们可以将 `CrossNamespaceAffinity`
+而仅仅允许在特定名字空间中这样做，他们可以将 `CrossNamespacePodAffinity`
 作为一个被约束的资源。方法是为 `kube-apiserver` 设置标志
 `--admission-control-config-file`，使之指向如下的配置文件：
 
@@ -794,15 +795,16 @@ plugins:
     limitedResources:
     - resource: pods
       matchScopes:
-      - scopeName: CrossNamespaceAffinity
+      - scopeName: CrossNamespacePodAffinity
+        operator: Exists
 ```
 
 <!--
 With the above configuration, pods can use `namespaces` and `namespaceSelector` in pod affinity only
 if the namespace where they are created have a resource quota object with
-`CrossNamespaceAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
+`CrossNamespacePodAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
 -->
-基于上面的配置，只有名字空间中包含作用域为 `CrossNamespaceAffinity`
+基于上面的配置，只有名字空间中包含作用域为 `CrossNamespacePodAffinity`
 且硬性约束大于或等于使用 `namespaces` 和 `namespaceSelector` 字段的 Pod
 个数时，才可以在该名字空间中继续创建在其 Pod 亲和性规则中设置 `namespaces`
 或 `namespaceSelector` 的新 Pod。

content/zh-cn/docs/tutorials/configuration/configure-redis-using-configmap.md

@@ -13,33 +13,25 @@ content_type: tutorial
 <!-- overview -->
 
 <!--
-This page provides a real world example of how to configure Redis using a ConfigMap and builds upon the [Configure a Pod to Use a ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) task.
+This page provides a real world example of how to configure Redis using a ConfigMap and
+builds upon the [Configure a Pod to Use a ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) task.
 -->
 这篇文档基于[配置 Pod 以使用 ConfigMap](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/)
 这个任务，提供了一个使用 ConfigMap 来配置 Redis 的真实案例。
 
-
-
 ## {{% heading "objectives" %}}
 
-
 <!--
 * Create a ConfigMap with Redis configuration values
 * Create a Redis Pod that mounts and uses the created ConfigMap
 * Verify that the configuration was correctly applied.
 -->
-
 * 使用 Redis 配置的值创建一个 ConfigMap
 * 创建一个 Redis Pod，挂载并使用创建的 ConfigMap
 * 验证配置已经被正确应用
 
-
-
-
-
 ## {{% heading "prerequisites" %}}
 
-
 {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
 
 <!--
@@ -49,11 +41,8 @@ This page provides a real world example of how to configure Redis using a Config
 * 此页面上显示的示例适用于 `kubectl` 1.14 及以上的版本。
 * 理解[配置 Pod 以使用 ConfigMap](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/)。
 
-
-
 <!-- lessoncontent -->
 
-
 <!--
 ## Real World Example: Configuring Redis using a ConfigMap
 
@@ -81,7 +70,7 @@ EOF
 <!--
 Apply the ConfigMap created above, along with a Redis pod manifest:
 -->
-应用上面创建的 ConfigMap 以及 Redis pod 清单：
+应用上面创建的 ConfigMap 以及 Redis Pod 清单：
 
 ```shell
 kubectl apply -f example-redis-config.yaml
@@ -109,7 +98,7 @@ ConfigMap above as `/redis-master/redis.conf` inside the Pod.
 这样做的最终效果是将上面 `example-redis-config` 配置中 `data.redis-config`
 的数据作为 Pod 中的 `/redis-master/redis.conf` 公开。
 
-{{< codenew file="pods/config/redis-pod.yaml" >}}
+{{% code_sample file="pods/config/redis-pod.yaml" %}}
 
 <!--
 Examine the created objects:
@@ -210,12 +199,12 @@ Now let's add some configuration values to the `example-redis-config` ConfigMap:
 -->
 现在，向 `example-redis-config` ConfigMap 添加一些配置：
 
-{{< codenew file="pods/config/example-redis-config.yaml" >}}
+{{% code_sample file="pods/config/example-redis-config.yaml" %}}
 
 <!--
 Apply the updated ConfigMap:
 -->
-应用更新的 ConfigMap:
+应用更新的 ConfigMap：
 
 ```shell
 kubectl apply -f example-redis-config.yaml
@@ -366,11 +355,7 @@ kubectl delete pod/redis configmap/example-redis-config
 
 ## {{% heading "whatsnext" %}}
 
-
 <!--
 * Learn more about [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/).
 -->
-* 了解有关 [ConfigMaps](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/) 的更多信息。
-
-
-
+* 了解有关 [ConfigMap](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/) 的更多信息。

content/zh-cn/docs/tutorials/hello-minikube.md

@@ -88,6 +88,7 @@ Open the Kubernetes dashboard. You can do this two different ways:
 Open a **new** terminal, and run:
 -->
 打开一个**新的**终端，然后运行：
+
 ```shell
 # 启动一个新的终端，并保持此命令运行。
 minikube dashboard
@@ -241,6 +242,25 @@ Deployment 是管理 Pod 创建和扩展的推荐方法。
    kubectl config view
    ```
 
+<!--
+1. View application logs for a container in a pod.
+-->
+1. 查看 Pod 中容器的应用程序日志。
+
+   ```shell
+   kubectl logs hello-node-5f76cf6ccf-br9b5
+   ```
+
+   <!--
+   The output is similar to:
+   -->
+   输出类似于：
+
+   ```
+   I0911 09:19:26.677397       1 log.go:195] Started HTTP server on port 8080
+   I0911 09:19:26.677586       1 log.go:195] Started UDP server on port  8081
+   ```
+
 {{< note >}}
 <!--
 For more information about `kubectl` commands, see the [kubectl overview](/docs/reference/kubectl/).
@@ -332,7 +352,8 @@ Kubernetes [*Service*](/docs/concepts/services-networking/service/).
 <!--
 ## Enable addons
 
-The minikube tool includes a set of built-in {{< glossary_tooltip text="addons" term_id="addons" >}} that can be enabled, disabled and opened in the local Kubernetes environment.
+The minikube tool includes a set of built-in {{< glossary_tooltip text="addons" term_id="addons" >}}
+hat can be enabled, disabled and opened in the local Kubernetes environment.
 
 1. List the currently supported addons:
 -->
@@ -487,11 +508,12 @@ If you want to use minikube again to learn more about Kubernetes, you don't need
 ## {{% heading "whatsnext" %}}
 
 <!--
+* Tutorial to _[deploy your first app on Kubernetes with kubectl](/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/)_.
 * Learn more about [Deployment objects](/docs/concepts/workloads/controllers/deployment/).
 * Learn more about [Deploying applications](/docs/tasks/run-application/run-stateless-application-deployment/).
 * Learn more about [Service objects](/docs/concepts/services-networking/service/).
 -->
+* **[使用 kubectl 在 Kubernetes 上部署你的第一个应用程序](/zh-cn/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/)**教程。
 * 进一步了解 [Deployment 对象](/zh-cn/docs/concepts/workloads/controllers/deployment/)。
 * 进一步了解[部署应用](/zh-cn/docs/tasks/run-application/run-stateless-application-deployment/)。
 * 进一步了解 [Service 对象](/zh-cn/docs/concepts/services-networking/service/)。
-

content/zh-cn/docs/tutorials/security/apparmor.md

@@ -203,7 +203,7 @@ AppArmor 目前处于 Beta 阶段，因此选项以注解形式设定。
 AppArmor profiles are specified *per-container*. To specify the AppArmor profile to run a Pod
 container with, add an annotation to the Pod's metadata:
 -->
-AppArmor 配置文件是按 **逐个容器** 的形式来设置的。
+AppArmor 配置文件是按**逐个容器**的形式来设置的。
 要指定用来运行 Pod 容器的 AppArmor 配置文件，请向 Pod 的 metadata 添加注解：
 
 ```yaml
@@ -329,7 +329,7 @@ Next, we'll run a simple "Hello AppArmor" pod with the deny-write profile:
 -->
 接下来，我们将运行一个带有拒绝写入配置文件的简单 “Hello AppArmor” Pod：
 
-{{< codenew file="pods/security/hello-apparmor.yaml" >}}
+{{% code_sample file="pods/security/hello-apparmor.yaml" %}}
 
 ```shell
 kubectl create -f ./hello-apparmor.yaml

content/zh-cn/docs/tutorials/security/cluster-level-pss.md

@@ -45,12 +45,12 @@ Pod 安全是一个准入控制器，当新的 Pod 被创建时，它会根据 K
 <!--
 Install the following on your workstation:
 
-- [KinD](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
 - [kubectl](/docs/tasks/tools/)
 -->
 在你的工作站中安装以下内容：
 
-- [KinD](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
 - [kubectl](/zh-cn/docs/tasks/tools/)
 
 <!--
@@ -368,11 +368,11 @@ following:
 
    {{<note>}}
    <!--
-   If you use Docker Desktop with KinD on macOS, you can
+   If you use Docker Desktop with *kind* on macOS, you can
    add `/tmp` as a Shared Directory under the menu item
    **Preferences > Resources > File Sharing**.
    -->
-   如果你在 macOS 上使用 Docker Desktop 和 KinD，
+   如果你在 macOS 上使用 Docker Desktop 和 kind，
    你可以在菜单项 **Preferences > Resources > File Sharing**
    下添加 `/tmp` 作为共享目录。
    {{</note>}}
@@ -411,7 +411,7 @@ following:
 <!--
 1. Point kubectl to the cluster:
 -->
-6. 将 kubectl 指向集群
+6. 将 kubectl 指向集群：
 
    ```shell
    kubectl cluster-info --context kind-psa-with-cluster-pss

content/zh-cn/docs/tutorials/security/seccomp.md

@@ -123,13 +123,13 @@ into the cluster.
 
 {{< tabs name="tab_with_code" >}}
 {{< tab name="audit.json" >}}
-{{< codenew file="pods/security/seccomp/profiles/audit.json" >}}
+{{% code_sample file="pods/security/seccomp/profiles/audit.json" %}}
 {{< /tab >}}
 {{< tab name="violation.json" >}}
-{{< codenew file="pods/security/seccomp/profiles/violation.json" >}}
+{{% code_sample file="pods/security/seccomp/profiles/violation.json" %}}
 {{< /tab >}}
 {{< tab name="fine-grained.json" >}}
-{{< codenew file="pods/security/seccomp/profiles/fine-grained.json" >}}
+{{% code_sample file="pods/security/seccomp/profiles/fine-grained.json" %}}
 {{< /tab >}}
 {{< /tabs >}}
 
@@ -170,7 +170,7 @@ onto a node.
 Kind 在 Docker 中运行 Kubernetes，因此集群的每个节点都是一个容器。
 这允许将文件挂载到每个容器的文件系统中，类似于将文件加载到节点上。
 
-{{< codenew file="pods/security/seccomp/kind.yaml" >}}
+{{% code_sample file="pods/security/seccomp/kind.yaml" %}}
 
 <!-- 
 Download that example kind configuration, and save it to a file named `kind.yaml`:
@@ -298,7 +298,7 @@ for all its containers:
 -->
 这是一个 Pod 的清单，它要求其所有容器使用 `RuntimeDefault` seccomp 配置文件：
 
-{{< codenew file="pods/security/seccomp/ga/default-pod.yaml" >}}
+{{% code_sample file="pods/security/seccomp/ga/default-pod.yaml" %}}
 
 <!--
 Create that Pod:
@@ -346,7 +346,7 @@ Here's a manifest for that Pod:
 
 这是该 Pod 的清单：
 
-{{< codenew file="pods/security/seccomp/ga/audit-pod.yaml" >}}
+{{% code_sample file="pods/security/seccomp/ga/audit-pod.yaml" %}}
 
 {{< note >}}
 <!-- 
@@ -515,7 +515,7 @@ The manifest for this demonstration is:
 
 此演示的清单是：
 
-{{< codenew file="pods/security/seccomp/ga/violation-pod.yaml" >}}
+{{% code_sample file="pods/security/seccomp/ga/violation-pod.yaml" %}}
 
 <!--
 Attempt to create the Pod in the cluster:
@@ -585,7 +585,7 @@ The manifest for this example is:
 
 此示例的清单是：
 
-{{< codenew file="pods/security/seccomp/ga/fine-pod.yaml" >}}
+{{% code_sample file="pods/security/seccomp/ga/fine-pod.yaml" %}}
 
 <!--
 Create the Pod in your cluster: