[zh-cn] sync intro enforcing-pod-security-standards production-enviro…

…nment

Signed-off-by: xin.li <xin.li@daocloud.io>

content/zh-cn/docs/concepts/windows/intro.md

@@ -387,7 +387,7 @@ work between Windows and Linux:
 * `securityContext.capabilities` -
    POSIX capabilities are not implemented on Windows
 * `securityContext.privileged` -
-   Windows doesn't support privileged containers
+   Windows doesn't support privileged containers, use [HostProcess Containers](/docs/tasks/configure-pod-container/create-hostprocess-pod/) instead
 * `securityContext.procMount` -
    Windows doesn't have a `/proc` filesystem
 * `securityContext.readOnlyRootFilesystem` -
@@ -399,7 +399,8 @@ work between Windows and Linux:
 * `securityContext.allowPrivilegeEscalation` -
   不能在 Windows 上使用；所有权能字都无法生效。
 * `securityContext.capabilities` - POSIX 权能未在 Windows 上实现。
-* `securityContext.privileged` - Windows 不支持特权容器。
+* `securityContext.privileged` - Windows 不支持特权容器，
+  可使用 [HostProcess 容器](/zh-cn/docs/tasks/configure-pod-container/create-hostprocess-pod/)代替。
 * `securityContext.procMount` - Windows 没有 `/proc` 文件系统。
 * `securityContext.readOnlyRootFilesystem` -
   不能在 Windows 上使用；对于容器内运行的注册表和系统进程，写入权限是必需的。

content/zh-cn/docs/setup/best-practices/enforcing-pod-security-standards.md

@@ -27,7 +27,7 @@ This page provides an overview of best practices when it comes to enforcing
 -->
 ## 使用内置的 Pod 安全性准入控制器
 
-{{< feature-state for_k8s_version="v1.23" state="beta" >}}
+{{< feature-state for_k8s_version="v1.25" state="stable" >}}
 
 <!--
 The [Pod Security Admission Controller](/docs/reference/access-authn-authz/admission-controllers/#podsecurity)
@@ -54,11 +54,11 @@ each of them. Unlabeled namespaces should only indicate that they've yet to be e
 
 <!--
 In the scenario that all workloads in all namespaces have the same security requirements,
-we provide an [example](/docs/concepts/security/pod-security-admission/#applying-to-all-namespaces)
+we provide an [example](/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/#applying-to-all-namespaces)
 that illustrates how the PodSecurity labels can be applied in bulk.
 -->
 针对所有名字空间中的所有负载都具有相同的安全性需求的场景，
-我们提供了一个[示例](/zh-cn/docs/concepts/security/pod-security-admission/#applying-to-all-namespaces)
+我们提供了一个[示例](/zh-cn/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/#applying-to-all-namespaces)
 用来展示如何批量应用 Pod 安全性标签。
 
 <!--

content/zh-cn/docs/setup/production-environment/_index.md

@@ -215,7 +215,7 @@ same machines as other control plane services or run on separate machines, for
 extra security and availability. Because etcd stores cluster configuration data,
 backing up the etcd database should be done regularly to ensure that you can
 repair that database if needed.
-See the [etcd FAQ](https://etcd.io/docs/v3.4/faq/) for details on configuring and using etcd.
+See the [etcd FAQ](https://etcd.io/docs/v3.5/faq/) for details on configuring and using etcd.
 See [Operating etcd clusters for Kubernetes](/docs/tasks/administer-cluster/configure-upgrade-etcd/)
 and [Set up a High Availability etcd cluster with kubeadm](/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm/)
 for details.
@@ -224,7 +224,7 @@ for details.
   也可以运行在不同的机器上以获得更好的安全性和可用性。
   因为 etcd 存储着集群的配置数据，应该经常性地对 etcd 数据库进行备份，
   以确保在需要的时候你可以修复该数据库。与配置和使用 etcd 相关的细节可参阅
-  [etcd FAQ](/https://etcd.io/docs/v3.4/faq/)。
+  [etcd FAQ](/https://etcd.io/docs/v3.5/faq/)。
   更多的细节可参阅[为 Kubernetes 运维 etcd 集群](/zh-cn/docs/tasks/administer-cluster/configure-upgrade-etcd/)
   和[使用 kubeadm 配置高可用的 etcd 集群](/zh-cn/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm/)。
 <!--