diff --git a/content/bn/examples/secret/tls-auth-secret.yaml b/content/bn/examples/secret/tls-auth-secret.yaml
index dde9abd8cb376..f20738d45b8a9 100644
--- a/content/bn/examples/secret/tls-auth-secret.yaml
+++ b/content/bn/examples/secret/tls-auth-secret.yaml
@@ -6,23 +6,6 @@ type: kubernetes.io/tls
 data:
   # values are base64 encoded, which obscures them but does NOT provide
   # any useful level of confidentiality
-  tls.crt: |
-    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVakNDQWJzQ0FnMytNQTBHQ1NxR1NJYjNE
-    UUVCQlFVQU1JR2JNUXN3Q1FZRFZRUUdFd0pLVURFT01Bd0cKQTFVRUNCTUZWRzlyZVc4eEVEQU9C
-    Z05WQkFjVEIwTm9kVzh0YTNVeEVUQVBCZ05WQkFvVENFWnlZVzVyTkVSRQpNUmd3RmdZRFZRUUxF
-    dzlYWldKRFpYSjBJRk4xY0hCdmNuUXhHREFXQmdOVkJBTVREMFp5WVc1ck5FUkVJRmRsCllpQkRR
-    VEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVjM1Z3Y0c5eWRFQm1jbUZ1YXpSa1pDNWpiMjB3SGhjTk1U
-    TXcKTVRFeE1EUTFNVE01V2hjTk1UZ3dNVEV3TURRMU1UTTVXakJMTVFzd0NRWURWUVFHREFKS1VE
-    RVBNQTBHQTFVRQpDQXdHWEZSdmEzbHZNUkV3RHdZRFZRUUtEQWhHY21GdWF6UkVSREVZTUJZR0Ex
-    VUVBd3dQZDNkM0xtVjRZVzF3CmJHVXVZMjl0TUlHYU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHSUFE
-    Q0JoQUo5WThFaUhmeHhNL25PbjJTbkkxWHgKRHdPdEJEVDFKRjBReTliMVlKanV2YjdjaTEwZjVN
-    Vm1UQllqMUZTVWZNOU1vejJDVVFZdW4yRFljV29IcFA4ZQpqSG1BUFVrNVd5cDJRN1ArMjh1bklI
-    QkphVGZlQ09PekZSUFY2MEdTWWUzNmFScG04L3dVVm16eGFLOGtCOWVaCmhPN3F1TjdtSWQxL2pW
-    cTNKODhDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQU1meTQzeE15OHh3QTUKVjF2T2NS
-    OEtyNWNaSXdtbFhCUU8xeFEzazlxSGtyNFlUY1JxTVQ5WjVKTm1rWHYxK2VSaGcwTi9WMW5NUTRZ
-    RgpnWXcxbnlESnBnOTduZUV4VzQyeXVlMFlHSDYyV1hYUUhyOVNVREgrRlowVnQvRGZsdklVTWRj
-    UUFEZjM4aU9zCjlQbG1kb3YrcE0vNCs5a1h5aDhSUEkzZXZ6OS9NQT09Ci0tLS0tRU5EIENFUlRJ
-    RklDQVRFLS0tLS0K
-  # In this example, the key data is not a real PEM-encoded private key
-  tls.key: |
-    RXhhbXBsZSBkYXRhIGZvciB0aGUgVExTIGNydCBmaWVsZA==
+  # Note: Replace the following values with your own base64-encoded certificate and key.
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
\ No newline at end of file
diff --git a/content/en/blog/_posts/2025-06-25-image-compatibility-in-cloud-native-environments/index.md b/content/en/blog/_posts/2025-06-25-image-compatibility-in-cloud-native-environments/index.md
index 812fa3a064c2a..fed8b2c8b90d2 100644
--- a/content/en/blog/_posts/2025-06-25-image-compatibility-in-cloud-native-environments/index.md
+++ b/content/en/blog/_posts/2025-06-25-image-compatibility-in-cloud-native-environments/index.md
@@ -27,7 +27,7 @@ A container image is built on a base image, which provides a minimal runtime env
   Host driver versions must match the supported range of a library version inside the container to avoid compatibility problems. Examples include GPUs and network drivers.
 - **Libraries or Software**:
   The container must come with a specific version or range of versions for a library or software to run optimally in the environment. Examples from high performance computing are MPI, EFA, or Infiniband.
-- **Kernel Modules or Features:**:
+- **Kernel Modules or Features**:
   Specific kernel features or modules must be present. Examples include having support of write protected huge page faults, or the presence of VFIO
 - And more…
 
@@ -121,33 +121,41 @@ Additionally, it could potentially enable automatic node configuration to some e
 
 ### Examples of usage
 
-1. **Define image compatibility metadata**  
-A [container image](/docs/concepts/containers/images) can have metadata that describes its requirements based on features discovered from nodes, like kernel modules or CPU models.
-The previous compatibility specification example in this article exemplified this use case.
-
-2. **Attach the artifact to the image**  
-The image compatibility specification is stored as an OCI artifact.
-You can attach this metadata to your container image using the [oras](https://oras.land/) tool.
-The registry only needs to support OCI artifacts, support for arbitrary types is not required.
-Keep in mind that the container image and the artifact must be stored in the same registry.
-Use the following command to attach the artifact to the image:
-
-```bash
-oras attach \ 
---artifact-type application/vnd.nfd.image-compatibility.v1alpha1 <image-url> \ 
-<path-to-spec>.yaml:application/vnd.nfd.image-compatibility.spec.v1alpha1+yaml
-```
+1. **Define image compatibility metadata**
+
+   A [container image](/docs/concepts/containers/images) can have metadata that describes
+   its requirements based on features discovered from nodes, like kernel modules or CPU models.
+   The previous compatibility specification example in this article exemplified this use case.
+
+2. **Attach the artifact to the image**
+
+   The image compatibility specification is stored as an OCI artifact.
+   You can attach this metadata to your container image using the [oras](https://oras.land/) tool.
+   The registry only needs to support OCI artifacts, support for arbitrary types is not required.
+   Keep in mind that the container image and the artifact must be stored in the same registry.
+   Use the following command to attach the artifact to the image:
+
+   ```bash
+   oras attach \
+   --artifact-type application/vnd.nfd.image-compatibility.v1alpha1 <image-url> \ 
+   <path-to-spec>.yaml:application/vnd.nfd.image-compatibility.spec.v1alpha1+yaml
+   ```
+
+3. **Validate image compatibility**
+
+   After attaching the compatibility specification, you can validate whether a node meets the
+   image's requirements. This validation can be done using the
+   [nfd client](https://kubernetes-sigs.github.io/node-feature-discovery/v0.17/reference/node-feature-client-reference.html):
 
-3. **Validate image compatibility**  
-After attaching the compatibility specification, you can validate whether a node meets the image's requirements.
-This validation can be done using the [nfd client](https://kubernetes-sigs.github.io/node-feature-discovery/v0.17/reference/node-feature-client-reference.html):
+   ```bash
+   nfd compat validate-node --image <image-url>
+   ```
 
-`nfd compat validate-node --image <image-url>`
+4. **Read the output from the client**
 
-4. **Read the output from the client**  
-Finally you can read the report generated by the tool or use your own tools to act based on the generated JSON report.
+   Finally you can read the report generated by the tool or use your own tools to act based on the generated JSON report.
 
-![validate-node command output](validate-node-output.png)
+   ![validate-node command output](validate-node-output.png)
 
 ## Conclusion
 
diff --git a/content/en/blog/_posts/2025-01-14-devices-failure-handling/index.md b/content/en/blog/_posts/2025-07-03-devices-failure-handling/index.md
similarity index 99%
rename from content/en/blog/_posts/2025-01-14-devices-failure-handling/index.md
rename to content/en/blog/_posts/2025-07-03-devices-failure-handling/index.md
index 48592799a8894..3ee2f6c43becc 100644
--- a/content/en/blog/_posts/2025-01-14-devices-failure-handling/index.md
+++ b/content/en/blog/_posts/2025-07-03-devices-failure-handling/index.md
@@ -1,9 +1,9 @@
 ---
 layout: blog
 title: "Navigating Failures in Pods With Devices"
-date: 2025-04-01
+date: 2025-07-03
 slug: navigating-failures-in-pods-with-devices
-draft: true
+draft: false
 author: >
   Sergey Kanzhelev (Google)
   Mrunal Patel (RedHat)
diff --git a/content/en/blog/_posts/2025-01-14-devices-failure-handling/inplace-pod-restarts.svg b/content/en/blog/_posts/2025-07-03-devices-failure-handling/inplace-pod-restarts.svg
similarity index 100%
rename from content/en/blog/_posts/2025-01-14-devices-failure-handling/inplace-pod-restarts.svg
rename to content/en/blog/_posts/2025-07-03-devices-failure-handling/inplace-pod-restarts.svg
diff --git a/content/en/blog/_posts/2025-01-14-devices-failure-handling/k8s-infra-devices.svg b/content/en/blog/_posts/2025-07-03-devices-failure-handling/k8s-infra-devices.svg
similarity index 100%
rename from content/en/blog/_posts/2025-01-14-devices-failure-handling/k8s-infra-devices.svg
rename to content/en/blog/_posts/2025-07-03-devices-failure-handling/k8s-infra-devices.svg
diff --git a/content/en/blog/_posts/2025-01-14-devices-failure-handling/k8s-infra-failures.svg b/content/en/blog/_posts/2025-07-03-devices-failure-handling/k8s-infra-failures.svg
similarity index 100%
rename from content/en/blog/_posts/2025-01-14-devices-failure-handling/k8s-infra-failures.svg
rename to content/en/blog/_posts/2025-07-03-devices-failure-handling/k8s-infra-failures.svg
diff --git a/content/en/docs/concepts/architecture/cri.md b/content/en/docs/concepts/architecture/cri.md
index c12ee19e78a4f..ae57ebf366cd1 100644
--- a/content/en/docs/concepts/architecture/cri.md
+++ b/content/en/docs/concepts/architecture/cri.md
@@ -26,25 +26,22 @@ each Node in your cluster, so that the
 The kubelet acts as a client when connecting to the container runtime via gRPC.
 The runtime and image service endpoints have to be available in the container
 runtime, which can be configured separately within the kubelet by using the
-`--image-service-endpoint` [command line flags](/docs/reference/command-line-tools-reference/kubelet).
+`--container-runtime-endpoint`
+[command line flag](/docs/reference/command-line-tools-reference/kubelet/).
 
-For Kubernetes v{{< skew currentVersion >}}, the kubelet prefers to use CRI `v1`.
-If a container runtime does not support `v1` of the CRI, then the kubelet tries to
-negotiate any older supported version.
-The v{{< skew currentVersion >}} kubelet can also negotiate CRI `v1alpha2`, but
-this version is considered as deprecated.
-If the kubelet cannot negotiate a supported CRI version, the kubelet gives up
-and doesn't register as a node.
+For Kubernetes v1.26 and later, the kubelet requires that the container runtime
+supports the `v1` CRI API. If a container runtime does not support the `v1` API,
+the kubelet will not register the node.
 
 ## Upgrading
 
-When upgrading Kubernetes, the kubelet tries to automatically select the
-latest CRI version on restart of the component. If that fails, then the fallback
-will take place as mentioned above. If a gRPC re-dial was required because the
-container runtime has been upgraded, then the container runtime must also
-support the initially selected version or the redial is expected to fail. This
-requires a restart of the kubelet.
+When upgrading the Kubernetes version on a node, the kubelet restarts. If the
+container runtime does not support the `v1` CRI API, the kubelet will fail to
+register and report an error. If a gRPC re-dial is required because the container
+runtime has been upgraded, the runtime must support the `v1` CRI API for the
+connection to succeed. This might require a restart of the kubelet after the
+container runtime is correctly configured.
 
 ## {{% heading "whatsnext" %}}
 
-- Learn more about the CRI [protocol definition](https://github.com/kubernetes/cri-api/blob/c75ef5b/pkg/apis/runtime/v1/api.proto)
+- Learn more about the CRI [protocol definition](https://github.com/kubernetes/cri-api/blob/v0.33.1/pkg/apis/runtime/v1/api.proto)
diff --git a/content/en/docs/concepts/cluster-administration/addons.md b/content/en/docs/concepts/cluster-administration/addons.md
index 63d04204141f2..8e1078a9ff5c9 100644
--- a/content/en/docs/concepts/cluster-administration/addons.md
+++ b/content/en/docs/concepts/cluster-administration/addons.md
@@ -82,6 +82,9 @@ installation instructions. The list does not try to be exhaustive.
 * [Spiderpool](https://github.com/spidernet-io/spiderpool) is an underlay and RDMA
   networking solution for Kubernetes. Spiderpool is supported on bare metal, virtual machines,
   and public cloud environments.
+* [Terway](https://github.com/AliyunContainerService/terway/) is a suite of CNI plugins
+  based on AlibabaCloud's VPC and ECS network products. It provides native VPC networking
+  and network policies in AlibabaCloud environments.
 * [Weave Net](https://github.com/rajch/weave#using-weave-on-kubernetes)
   provides networking and network policy, will carry on working on both sides
   of a network partition, and does not require an external database.
diff --git a/content/en/docs/concepts/policy/resource-quotas.md b/content/en/docs/concepts/policy/resource-quotas.md
index fda05c4fead58..720257b738bc2 100644
--- a/content/en/docs/concepts/policy/resource-quotas.md
+++ b/content/en/docs/concepts/policy/resource-quotas.md
@@ -18,7 +18,7 @@ _Resource quotas_ are a tool for administrators to address this concern.
 
 A resource quota, defined by a ResourceQuota object, provides constraints that limit
 aggregate resource consumption per {{< glossary_tooltip text="namespace" term_id="namespace" >}}. A ResourceQuota can also
-limit the [quantity of objects that can be created in a namespace](#quota-on-object-count) by API kind, as well as the total
+limit the [quantity of objects that can be created in a namespace](#object-count-quota) by API kind, as well as the total
 amount of {{< glossary_tooltip text="infrastructure resources" term_id="infrastructure-resource" >}} that may be consumed by
 API objects found in that namespace.
 
diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md
index 0097a68f8c4b4..40eb258bf1434 100644
--- a/content/en/docs/concepts/storage/volumes.md
+++ b/content/en/docs/concepts/storage/volumes.md
@@ -975,7 +975,7 @@ spec:
 
 ## Resources
 
-The storage media (such as Disk or SSD) of an `emptyDir` volume is determined by the
+The storage medium (such as Disk or SSD) of an `emptyDir` volume is determined by the
 medium of the filesystem holding the kubelet root dir (typically
 `/var/lib/kubelet`). There is no limit on how much space an `emptyDir` or
 `hostPath` volume can consume, and no isolation between containers or
diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md
index 12b13caec5838..d21603d809ea7 100644
--- a/content/en/docs/reference/labels-annotations-taints/_index.md
+++ b/content/en/docs/reference/labels-annotations-taints/_index.md
@@ -1820,7 +1820,7 @@ volume detach operations for the Pods terminating on the node will happen immedi
 This allows the Pods on the out-of-service node to recover quickly on a different node.
 
 {{< caution >}}
-Refer to [Non-graceful node shutdown](/docs/concepts/architecture/nodes/#non-graceful-node-shutdown)
+Refer to [Non-graceful node shutdown](/docs/concepts/cluster-administration/node-shutdown/#non-graceful-node-shutdown)
 for further details about when and how to use this taint.
 {{< /caution >}}
 
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md
index 80ba1cb0f8791..f41678724fa38 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md
@@ -9,7 +9,7 @@ content_type: concept
 Using the phases of `kubeadm upgrade apply`, you can choose to execute the separate steps of the initial upgrade
 of a control plane node.
 
-{{< tabs name="tab-phase" >}}
+{{< tabs name="tab-apply-phase" >}}
 {{< tab name="phase" include="generated/kubeadm_upgrade/kubeadm_upgrade_apply_phase.md" />}}
 {{< tab name="preflight" include="generated/kubeadm_upgrade/kubeadm_upgrade_apply_phase_preflight.md" />}}
 {{< tab name="control-plane" include="generated/kubeadm_upgrade/kubeadm_upgrade_apply_phase_control-plane.md" />}}
@@ -25,7 +25,7 @@ of a control plane node.
 Using the phases of `kubeadm upgrade node` you can choose to execute the separate steps of the upgrade of
 secondary control-plane or worker nodes.
 
-{{< tabs name="tab-phase" >}}
+{{< tabs name="tab-upgrade-phase" >}}
 {{< tab name="phase" include="generated/kubeadm_upgrade/kubeadm_upgrade_node_phase.md" />}}
 {{< tab name="preflight" include="generated/kubeadm_upgrade/kubeadm_upgrade_node_phase_preflight.md" />}}
 {{< tab name="control-plane" include="generated/kubeadm_upgrade/kubeadm_upgrade_node_phase_control-plane.md" />}}
diff --git a/content/en/docs/tasks/configure-pod-container/security-context.md b/content/en/docs/tasks/configure-pod-container/security-context.md
index 2b248c770732e..7e46633d73942 100644
--- a/content/en/docs/tasks/configure-pod-container/security-context.md
+++ b/content/en/docs/tasks/configure-pod-container/security-context.md
@@ -392,7 +392,7 @@ securityContext:
 This field has no effect on ephemeral volume types such as
 [`secret`](/docs/concepts/storage/volumes/#secret),
 [`configMap`](/docs/concepts/storage/volumes/#configmap),
-and [`emptydir`](/docs/concepts/storage/volumes/#emptydir).
+and [`emptyDir`](/docs/concepts/storage/volumes/#emptydir).
 {{< /note >}}
 
 ## Delegating volume permission and ownership change to CSI driver
diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
index 1c1152994d787..e40c794158904 100644
--- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
+++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
@@ -242,12 +242,13 @@ The HorizontalPodAutoscaler (HPA) controller includes two flags that influence h
 - If a Pod rapidly toggles between `Ready` and `Unready`, metrics are ignored until it’s considered stably `Ready`.
 
 #### Best Practice:
-If your Pod has a startup phase with high CPU usage, configure both:
-- `--horizontal-pod-autoscaler-cpu-initialization-period` to **cover the startup duration**.
-- Ensure your **readinessProbe** only reports `Ready` **after the CPU spike subsides**, using `initialDelaySeconds`.
 
-This avoids scaling based on temporary spikes that do not reflect long-term workload needs.
+If your Pod has a startup phase with high CPU usage:
 
+- Configure a `startupProbe` that doesn't pass until the high CPU usage has passed, or
+- Ensure your `readinessProbe` only reports `Ready` **after** the CPU spike subsides, using `initialDelaySeconds`.
+
+And ideally also set `--horizontal-pod-autoscaler-cpu-initialization-period` to **cover the startup duration**.
 
 ## API Object
 
diff --git a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.md b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.md
index 4d13e1d3e1141..13f06fb3986d3 100644
--- a/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.md
+++ b/content/en/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.md
@@ -61,7 +61,7 @@ discuss how you can scale and update your Deployments.
 For your first Deployment, you'll use a hello-node application packaged in a Docker
 container that uses NGINX to echo back all the requests. (If you didn't already try
 creating a hello-node application and deploying it using a container, you can do
-that first by following the instructions from the [Hello Minikube tutorial](/docs/tutorials/hello-minikube/).
+that first by following the instructions from the [Hello Minikube tutorial](/docs/tutorials/hello-minikube/).)
 
 You will need to have installed kubectl as well. If you need to install it, visit
 [install tools](/docs/tasks/tools/#kubectl).
diff --git a/content/en/docs/tutorials/services/connect-applications-service.md b/content/en/docs/tutorials/services/connect-applications-service.md
index 64215919ceaea..f5ba691cdd8a7 100644
--- a/content/en/docs/tutorials/services/connect-applications-service.md
+++ b/content/en/docs/tutorials/services/connect-applications-service.md
@@ -370,8 +370,9 @@ metadata:
   namespace: "default"
 type: kubernetes.io/tls
 data:
-  tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ1l4RVRBUEJnTlYKQkFNVENHNW5hVzU0YzNaak1SRXdEd1lEVlFRS0V3aHVaMmx1ZUhOMll6QWVGdzB4TnpFd01qWXdOekEzTVRKYQpGdzB4T0RFd01qWXdOekEzTVRKYU1DWXhFVEFQQmdOVkJBTVRDRzVuYVc1NGMzWmpNUkV3RHdZRFZRUUtFd2h1CloybHVlSE4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjFxSU1SOVdWM0IKMlZIQlRMRmtobDRONXljMEJxYUhIQktMSnJMcy8vdzZhU3hRS29GbHlJSU94NGUrMlN5ajBFcndCLzlYTnBwbQppeW1CL3JkRldkOXg5UWhBQUxCZkVaTmNiV3NsTVFVcnhBZW50VWt1dk1vLzgvMHRpbGhjc3paenJEYVJ4NEo5Ci82UVRtVVI3a0ZTWUpOWTVQZkR3cGc3dlVvaDZmZ1Voam92VG42eHNVR0M2QURVODBpNXFlZWhNeVI1N2lmU2YKNHZpaXdIY3hnL3lZR1JBRS9mRTRqakxCdmdONjc2SU90S01rZXV3R0ljNDFhd05tNnNTSzRqYUNGeGpYSnZaZQp2by9kTlEybHhHWCtKT2l3SEhXbXNhdGp4WTRaNVk3R1ZoK0QrWnYvcW1mMFgvbVY0Rmo1NzV3ajFMWVBocWtsCmdhSXZYRyt4U1FVQ0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjcKTUI4R0ExVWRJd1FZTUJhQUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjdNQXdHQTFVZEV3UUZNQU1CQWY4dwpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRVhTMW9FU0lFaXdyMDhWcVA0K2NwTHI3TW5FMTducDBvMm14alFvCjRGb0RvRjdRZnZqeE04Tzd2TjB0clcxb2pGSW0vWDE4ZnZaL3k4ZzVaWG40Vm8zc3hKVmRBcStNZC9jTStzUGEKNmJjTkNUekZqeFpUV0UrKzE5NS9zb2dmOUZ3VDVDK3U2Q3B5N0M3MTZvUXRUakViV05VdEt4cXI0Nk1OZWNCMApwRFhWZmdWQTRadkR4NFo3S2RiZDY5eXM3OVFHYmg5ZW1PZ05NZFlsSUswSGt0ejF5WU4vbVpmK3FqTkJqbWZjCkNnMnlwbGQ0Wi8rUUNQZjl3SkoybFIrY2FnT0R4elBWcGxNSEcybzgvTHFDdnh6elZPUDUxeXdLZEtxaUMwSVEKQ0I5T2wwWW5scE9UNEh1b2hSUzBPOStlMm9KdFZsNUIyczRpbDlhZ3RTVXFxUlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
-  tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2RhaURFZlZsZHdkbFIKd1V5eFpJWmVEZWNuTkFhbWh4d1NpeWF5N1AvOE9ta3NVQ3FCWmNpQ0RzZUh2dGtzbzlCSzhBZi9WemFhWm9zcApnZjYzUlZuZmNmVUlRQUN3WHhHVFhHMXJKVEVGSzhRSHA3VkpMcnpLUC9QOUxZcFlYTE0yYzZ3MmtjZUNmZitrCkU1bEVlNUJVbUNUV09UM3c4S1lPNzFLSWVuNEZJWTZMMDUrc2JGQmd1Z0ExUE5JdWFubm9UTWtlZTRuMG4rTDQKb3NCM01ZUDhtQmtRQlAzeE9JNHl3YjREZXUraURyU2pKSHJzQmlIT05Xc0RadXJFaXVJMmdoY1kxeWIyWHI2UAozVFVOcGNSbC9pVG9zQngxcHJHclk4V09HZVdPeGxZZmcvbWIvNnBuOUYvNWxlQlkrZStjSTlTMkQ0YXBKWUdpCkwxeHZzVWtGQWdNQkFBRUNnZ0VBZFhCK0xkbk8ySElOTGo5bWRsb25IUGlHWWVzZ294RGQwci9hQ1Zkank4dlEKTjIwL3FQWkUxek1yall6Ry9kVGhTMmMwc0QxaTBXSjdwR1lGb0xtdXlWTjltY0FXUTM5SjM0VHZaU2FFSWZWNgo5TE1jUHhNTmFsNjRLMFRVbUFQZytGam9QSFlhUUxLOERLOUtnNXNrSE5pOWNzMlY5ckd6VWlVZWtBL0RBUlBTClI3L2ZjUFBacDRuRWVBZmI3WTk1R1llb1p5V21SU3VKdlNyblBESGtUdW1vVlVWdkxMRHRzaG9reUxiTWVtN3oKMmJzVmpwSW1GTHJqbGtmQXlpNHg0WjJrV3YyMFRrdWtsZU1jaVlMbjk4QWxiRi9DSmRLM3QraTRoMTVlR2ZQegpoTnh3bk9QdlVTaDR2Q0o3c2Q5TmtEUGJvS2JneVVHOXBYamZhRGR2UVFLQmdRRFFLM01nUkhkQ1pKNVFqZWFKClFGdXF4cHdnNzhZTjQyL1NwenlUYmtGcVFoQWtyczJxWGx1MDZBRzhrZzIzQkswaHkzaE9zSGgxcXRVK3NHZVAKOWRERHBsUWV0ODZsY2FlR3hoc0V0L1R6cEdtNGFKSm5oNzVVaTVGZk9QTDhPTm1FZ3MxMVRhUldhNzZxelRyMgphRlpjQ2pWV1g0YnRSTHVwSkgrMjZnY0FhUUtCZ1FEQmxVSUUzTnNVOFBBZEYvL25sQVB5VWs1T3lDdWc3dmVyClUycXlrdXFzYnBkSi9hODViT1JhM05IVmpVM25uRGpHVHBWaE9JeXg5TEFrc2RwZEFjVmxvcG9HODhXYk9lMTAKMUdqbnkySmdDK3JVWUZiRGtpUGx1K09IYnRnOXFYcGJMSHBzUVpsMGhucDBYSFNYVm9CMUliQndnMGEyOFVadApCbFBtWmc2d1BRS0JnRHVIUVV2SDZHYTNDVUsxNFdmOFhIcFFnMU16M2VvWTBPQm5iSDRvZUZKZmcraEppSXlnCm9RN3hqWldVR3BIc3AyblRtcHErQWlSNzdyRVhsdlhtOElVU2FsbkNiRGlKY01Pc29RdFBZNS9NczJMRm5LQTQKaENmL0pWb2FtZm1nZEN0ZGtFMXNINE9MR2lJVHdEbTRpb0dWZGIwMllnbzFyb2htNUpLMUI3MkpBb0dBUW01UQpHNDhXOTVhL0w1eSt5dCsyZ3YvUHM2VnBvMjZlTzRNQ3lJazJVem9ZWE9IYnNkODJkaC8xT2sybGdHZlI2K3VuCnc1YytZUXRSTHlhQmd3MUtpbGhFZDBKTWU3cGpUSVpnQWJ0LzVPbnlDak9OVXN2aDJjS2lrQ1Z2dTZsZlBjNkQKckliT2ZIaHhxV0RZK2Q1TGN1YSt2NzJ0RkxhenJsSlBsRzlOZHhrQ2dZRUF5elIzT3UyMDNRVVV6bUlCRkwzZAp4Wm5XZ0JLSEo3TnNxcGFWb2RjL0d5aGVycjFDZzE2MmJaSjJDV2RsZkI0VEdtUjZZdmxTZEFOOFRwUWhFbUtKCnFBLzVzdHdxNWd0WGVLOVJmMWxXK29xNThRNTBxMmk1NVdUTThoSDZhTjlaMTltZ0FGdE5VdGNqQUx2dFYxdEYKWSs4WFJkSHJaRnBIWll2NWkwVW1VbGc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
+ # NOTE: Replace the following values with your own base64-encoded certificate and key.
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
 ```
 Now create the secrets using the file:
 
diff --git a/content/en/examples/secret/tls-auth-secret.yaml b/content/en/examples/secret/tls-auth-secret.yaml
index 1e14b8e00ac47..a31e7b76a95d3 100644
--- a/content/en/examples/secret/tls-auth-secret.yaml
+++ b/content/en/examples/secret/tls-auth-secret.yaml
@@ -6,23 +6,6 @@ type: kubernetes.io/tls
 data:
   # values are base64 encoded, which obscures them but does NOT provide
   # any useful level of confidentiality
-  tls.crt: |
-    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVakNDQWJzQ0FnMytNQTBHQ1NxR1NJYjNE
-    UUVCQlFVQU1JR2JNUXN3Q1FZRFZRUUdFd0pLVURFT01Bd0cKQTFVRUNCTUZWRzlyZVc4eEVEQU9C
-    Z05WQkFjVEIwTm9kVzh0YTNVeEVUQVBCZ05WQkFvVENFWnlZVzVyTkVSRQpNUmd3RmdZRFZRUUxF
-    dzlYWldKRFpYSjBJRk4xY0hCdmNuUXhHREFXQmdOVkJBTVREMFp5WVc1ck5FUkVJRmRsCllpQkRR
-    VEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVjM1Z3Y0c5eWRFQm1jbUZ1YXpSa1pDNWpiMjB3SGhjTk1U
-    TXcKTVRFeE1EUTFNVE01V2hjTk1UZ3dNVEV3TURRMU1UTTVXakJMTVFzd0NRWURWUVFHREFKS1VE
-    RVBNQTBHQTFVRQpDQXdHWEZSdmEzbHZNUkV3RHdZRFZRUUtEQWhHY21GdWF6UkVSREVZTUJZR0Ex
-    VUVBd3dQZDNkM0xtVjRZVzF3CmJHVXVZMjl0TUlHYU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHSUFE
-    Q0JoQUo5WThFaUhmeHhNL25PbjJTbkkxWHgKRHdPdEJEVDFKRjBReTliMVlKanV2YjdjaTEwZjVN
-    Vm1UQllqMUZTVWZNOU1vejJDVVFZdW4yRFljV29IcFA4ZQpqSG1BUFVrNVd5cDJRN1ArMjh1bklI
-    QkphVGZlQ09PekZSUFY2MEdTWWUzNmFScG04L3dVVm16eGFLOGtCOWVaCmhPN3F1TjdtSWQxL2pW
-    cTNKODhDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQU1meTQzeE15OHh3QTUKVjF2T2NS
-    OEtyNWNaSXdtbFhCUU8xeFEzazlxSGtyNFlUY1JxTVQ5WjVKTm1rWHYxK2VSaGcwTi9WMW5NUTRZ
-    RgpnWXcxbnlESnBnOTduZUV4VzQyeXVlMFlHSDYyV1hYUUhyOVNVREgrRlowVnQvRGZsdklVTWRj
-    UUFEZjM4aU9zCjlQbG1kb3YrcE0vNCs5a1h5aDhSUEkzZXZ6OS9NQT09Ci0tLS0tRU5EIENFUlRJ
-    RklDQVRFLS0tLS0K
-  # In this example, the key data is not a real PEM-encoded private key
-  tls.key: |
-    RXhhbXBsZSBkYXRhIGZvciB0aGUgVExTIGNydCBmaWVsZA==
\ No newline at end of file
+  # Replace the following values with your own base64-encoded certificate and key.
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
\ No newline at end of file
diff --git a/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md b/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md
index ce0cce6be63dc..e5c739d63f461 100644
--- a/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md
+++ b/content/es/docs/tasks/tools/included/optional-kubectl-configs-bash-mac.md
@@ -12,7 +12,7 @@ Sin embargo, el script de finalización de kubectl depende de [**bash-completion
 
 {{< warning>}}
 Hay dos versiones de bash-complete, v1 y v2. V1 es para Bash 3.2 (
-que es el predeterminado en macOS), y v2 es para Bash 4.1+. El script de completado de kubectl **no funciona** correctamente con bash-complete v1 y Bash 3.2. Requiere **bash-complete v2** y **Bash 4.1+**. Por lo tanto, para poder usar correctamente la finalización de kubectl en macOS, debe instalar y usar Bash 4.1+ ([*instrucciones*](https://itnext.io/upgrading-bash-on-macos-7138bd1066ba)). Las siguientes instrucciones asumen que usa Bash 4.1+ (es decir, cualquier versión de Bash de 4.1 o posterior).
+que es el predeterminado en macOS), y v2 es para Bash 4.1+. El script de completado de kubectl **no funciona** correctamente con bash-complete v1 y Bash 3.2. Requiere **bash-complete v2** y **Bash 4.1+**. Por lo tanto, para poder usar correctamente la finalización de kubectl en macOS, debe instalar y usar Bash 4.1+ ([*instrucciones*](https://apple.stackexchange.com/a/292760)). Las siguientes instrucciones asumen que usa Bash 4.1+ (es decir, cualquier versión de Bash de 4.1 o posterior).
 {{< /warning >}}
 
 ### Actualizar Bash
diff --git a/content/hi/examples/secret/tls-auth-secret.yaml b/content/hi/examples/secret/tls-auth-secret.yaml
index 1e14b8e00ac47..f20738d45b8a9 100644
--- a/content/hi/examples/secret/tls-auth-secret.yaml
+++ b/content/hi/examples/secret/tls-auth-secret.yaml
@@ -6,23 +6,6 @@ type: kubernetes.io/tls
 data:
   # values are base64 encoded, which obscures them but does NOT provide
   # any useful level of confidentiality
-  tls.crt: |
-    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVakNDQWJzQ0FnMytNQTBHQ1NxR1NJYjNE
-    UUVCQlFVQU1JR2JNUXN3Q1FZRFZRUUdFd0pLVURFT01Bd0cKQTFVRUNCTUZWRzlyZVc4eEVEQU9C
-    Z05WQkFjVEIwTm9kVzh0YTNVeEVUQVBCZ05WQkFvVENFWnlZVzVyTkVSRQpNUmd3RmdZRFZRUUxF
-    dzlYWldKRFpYSjBJRk4xY0hCdmNuUXhHREFXQmdOVkJBTVREMFp5WVc1ck5FUkVJRmRsCllpQkRR
-    VEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVjM1Z3Y0c5eWRFQm1jbUZ1YXpSa1pDNWpiMjB3SGhjTk1U
-    TXcKTVRFeE1EUTFNVE01V2hjTk1UZ3dNVEV3TURRMU1UTTVXakJMTVFzd0NRWURWUVFHREFKS1VE
-    RVBNQTBHQTFVRQpDQXdHWEZSdmEzbHZNUkV3RHdZRFZRUUtEQWhHY21GdWF6UkVSREVZTUJZR0Ex
-    VUVBd3dQZDNkM0xtVjRZVzF3CmJHVXVZMjl0TUlHYU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHSUFE
-    Q0JoQUo5WThFaUhmeHhNL25PbjJTbkkxWHgKRHdPdEJEVDFKRjBReTliMVlKanV2YjdjaTEwZjVN
-    Vm1UQllqMUZTVWZNOU1vejJDVVFZdW4yRFljV29IcFA4ZQpqSG1BUFVrNVd5cDJRN1ArMjh1bklI
-    QkphVGZlQ09PekZSUFY2MEdTWWUzNmFScG04L3dVVm16eGFLOGtCOWVaCmhPN3F1TjdtSWQxL2pW
-    cTNKODhDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQU1meTQzeE15OHh3QTUKVjF2T2NS
-    OEtyNWNaSXdtbFhCUU8xeFEzazlxSGtyNFlUY1JxTVQ5WjVKTm1rWHYxK2VSaGcwTi9WMW5NUTRZ
-    RgpnWXcxbnlESnBnOTduZUV4VzQyeXVlMFlHSDYyV1hYUUhyOVNVREgrRlowVnQvRGZsdklVTWRj
-    UUFEZjM4aU9zCjlQbG1kb3YrcE0vNCs5a1h5aDhSUEkzZXZ6OS9NQT09Ci0tLS0tRU5EIENFUlRJ
-    RklDQVRFLS0tLS0K
-  # In this example, the key data is not a real PEM-encoded private key
-  tls.key: |
-    RXhhbXBsZSBkYXRhIGZvciB0aGUgVExTIGNydCBmaWVsZA==
\ No newline at end of file
+  # Note: Replace the following values with your own base64-encoded certificate and key.
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
\ No newline at end of file
diff --git a/content/id/docs/concepts/services-networking/connect-applications-service.md b/content/id/docs/concepts/services-networking/connect-applications-service.md
index b4fee74d27dae..e354cc2acbeab 100644
--- a/content/id/docs/concepts/services-networking/connect-applications-service.md
+++ b/content/id/docs/concepts/services-networking/connect-applications-service.md
@@ -237,8 +237,9 @@ metadata:
   name: "nginxsecret"
   namespace: "default"
 data:
-  nginx.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ1l4RVRBUEJnTlYKQkFNVENHNW5hVzU0YzNaak1SRXdEd1lEVlFRS0V3aHVaMmx1ZUhOMll6QWVGdzB4TnpFd01qWXdOekEzTVRKYQpGdzB4T0RFd01qWXdOekEzTVRKYU1DWXhFVEFQQmdOVkJBTVRDRzVuYVc1NGMzWmpNUkV3RHdZRFZRUUtFd2h1CloybHVlSE4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjFxSU1SOVdWM0IKMlZIQlRMRmtobDRONXljMEJxYUhIQktMSnJMcy8vdzZhU3hRS29GbHlJSU94NGUrMlN5ajBFcndCLzlYTnBwbQppeW1CL3JkRldkOXg5UWhBQUxCZkVaTmNiV3NsTVFVcnhBZW50VWt1dk1vLzgvMHRpbGhjc3paenJEYVJ4NEo5Ci82UVRtVVI3a0ZTWUpOWTVQZkR3cGc3dlVvaDZmZ1Voam92VG42eHNVR0M2QURVODBpNXFlZWhNeVI1N2lmU2YKNHZpaXdIY3hnL3lZR1JBRS9mRTRqakxCdmdONjc2SU90S01rZXV3R0ljNDFhd05tNnNTSzRqYUNGeGpYSnZaZQp2by9kTlEybHhHWCtKT2l3SEhXbXNhdGp4WTRaNVk3R1ZoK0QrWnYvcW1mMFgvbVY0Rmo1NzV3ajFMWVBocWtsCmdhSXZYRyt4U1FVQ0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjcKTUI4R0ExVWRJd1FZTUJhQUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjdNQXdHQTFVZEV3UUZNQU1CQWY4dwpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRVhTMW9FU0lFaXdyMDhWcVA0K2NwTHI3TW5FMTducDBvMm14alFvCjRGb0RvRjdRZnZqeE04Tzd2TjB0clcxb2pGSW0vWDE4ZnZaL3k4ZzVaWG40Vm8zc3hKVmRBcStNZC9jTStzUGEKNmJjTkNUekZqeFpUV0UrKzE5NS9zb2dmOUZ3VDVDK3U2Q3B5N0M3MTZvUXRUakViV05VdEt4cXI0Nk1OZWNCMApwRFhWZmdWQTRadkR4NFo3S2RiZDY5eXM3OVFHYmg5ZW1PZ05NZFlsSUswSGt0ejF5WU4vbVpmK3FqTkJqbWZjCkNnMnlwbGQ0Wi8rUUNQZjl3SkoybFIrY2FnT0R4elBWcGxNSEcybzgvTHFDdnh6elZPUDUxeXdLZEtxaUMwSVEKQ0I5T2wwWW5scE9UNEh1b2hSUzBPOStlMm9KdFZsNUIyczRpbDlhZ3RTVXFxUlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
-  nginx.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2RhaURFZlZsZHdkbFIKd1V5eFpJWmVEZWNuTkFhbWh4d1NpeWF5N1AvOE9ta3NVQ3FCWmNpQ0RzZUh2dGtzbzlCSzhBZi9WemFhWm9zcApnZjYzUlZuZmNmVUlRQUN3WHhHVFhHMXJKVEVGSzhRSHA3VkpMcnpLUC9QOUxZcFlYTE0yYzZ3MmtjZUNmZitrCkU1bEVlNUJVbUNUV09UM3c4S1lPNzFLSWVuNEZJWTZMMDUrc2JGQmd1Z0ExUE5JdWFubm9UTWtlZTRuMG4rTDQKb3NCM01ZUDhtQmtRQlAzeE9JNHl3YjREZXUraURyU2pKSHJzQmlIT05Xc0RadXJFaXVJMmdoY1kxeWIyWHI2UAozVFVOcGNSbC9pVG9zQngxcHJHclk4V09HZVdPeGxZZmcvbWIvNnBuOUYvNWxlQlkrZStjSTlTMkQ0YXBKWUdpCkwxeHZzVWtGQWdNQkFBRUNnZ0VBZFhCK0xkbk8ySElOTGo5bWRsb25IUGlHWWVzZ294RGQwci9hQ1Zkank4dlEKTjIwL3FQWkUxek1yall6Ry9kVGhTMmMwc0QxaTBXSjdwR1lGb0xtdXlWTjltY0FXUTM5SjM0VHZaU2FFSWZWNgo5TE1jUHhNTmFsNjRLMFRVbUFQZytGam9QSFlhUUxLOERLOUtnNXNrSE5pOWNzMlY5ckd6VWlVZWtBL0RBUlBTClI3L2ZjUFBacDRuRWVBZmI3WTk1R1llb1p5V21SU3VKdlNyblBESGtUdW1vVlVWdkxMRHRzaG9reUxiTWVtN3oKMmJzVmpwSW1GTHJqbGtmQXlpNHg0WjJrV3YyMFRrdWtsZU1jaVlMbjk4QWxiRi9DSmRLM3QraTRoMTVlR2ZQegpoTnh3bk9QdlVTaDR2Q0o3c2Q5TmtEUGJvS2JneVVHOXBYamZhRGR2UVFLQmdRRFFLM01nUkhkQ1pKNVFqZWFKClFGdXF4cHdnNzhZTjQyL1NwenlUYmtGcVFoQWtyczJxWGx1MDZBRzhrZzIzQkswaHkzaE9zSGgxcXRVK3NHZVAKOWRERHBsUWV0ODZsY2FlR3hoc0V0L1R6cEdtNGFKSm5oNzVVaTVGZk9QTDhPTm1FZ3MxMVRhUldhNzZxelRyMgphRlpjQ2pWV1g0YnRSTHVwSkgrMjZnY0FhUUtCZ1FEQmxVSUUzTnNVOFBBZEYvL25sQVB5VWs1T3lDdWc3dmVyClUycXlrdXFzYnBkSi9hODViT1JhM05IVmpVM25uRGpHVHBWaE9JeXg5TEFrc2RwZEFjVmxvcG9HODhXYk9lMTAKMUdqbnkySmdDK3JVWUZiRGtpUGx1K09IYnRnOXFYcGJMSHBzUVpsMGhucDBYSFNYVm9CMUliQndnMGEyOFVadApCbFBtWmc2d1BRS0JnRHVIUVV2SDZHYTNDVUsxNFdmOFhIcFFnMU16M2VvWTBPQm5iSDRvZUZKZmcraEppSXlnCm9RN3hqWldVR3BIc3AyblRtcHErQWlSNzdyRVhsdlhtOElVU2FsbkNiRGlKY01Pc29RdFBZNS9NczJMRm5LQTQKaENmL0pWb2FtZm1nZEN0ZGtFMXNINE9MR2lJVHdEbTRpb0dWZGIwMllnbzFyb2htNUpLMUI3MkpBb0dBUW01UQpHNDhXOTVhL0w1eSt5dCsyZ3YvUHM2VnBvMjZlTzRNQ3lJazJVem9ZWE9IYnNkODJkaC8xT2sybGdHZlI2K3VuCnc1YytZUXRSTHlhQmd3MUtpbGhFZDBKTWU3cGpUSVpnQWJ0LzVPbnlDak9OVXN2aDJjS2lrQ1Z2dTZsZlBjNkQKckliT2ZIaHhxV0RZK2Q1TGN1YSt2NzJ0RkxhenJsSlBsRzlOZHhrQ2dZRUF5elIzT3UyMDNRVVV6bUlCRkwzZAp4Wm5XZ0JLSEo3TnNxcGFWb2RjL0d5aGVycjFDZzE2MmJaSjJDV2RsZkI0VEdtUjZZdmxTZEFOOFRwUWhFbUtKCnFBLzVzdHdxNWd0WGVLOVJmMWxXK29xNThRNTBxMmk1NVdUTThoSDZhTjlaMTltZ0FGdE5VdGNqQUx2dFYxdEYKWSs4WFJkSHJaRnBIWll2NWkwVW1VbGc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
+  # CATATAN: Ganti nilai berikut dengan sertifikat dan kunci hasil encoding base64 milik Anda sendiri.
+  nginx.crt: "REPLACE_WITH_BASE64_CERT"
+  nginx.key: "REPLACE_WITH_BASE64_KEY"
 ```
 Sekarang buat *secrets* menggunakan file tersebut:
 ```shell
diff --git a/content/ja/_index.html b/content/ja/_index.html
index 44629d7823b74..51c9041b846e1 100644
--- a/content/ja/_index.html
+++ b/content/ja/_index.html
@@ -45,8 +45,6 @@ <h2>150以上のマイクロサービスをKubernetes上に移行する挑戦</h
         <button id="desktopShowVideoButton" onclick="kub.showVideo()">ビデオを見る</button>
 
     <h3>今後のKubeCon + CloudNativeConイベントに参加する</h3>
-        <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-china/" class="desktopKCButton"><strong>China</strong>(香港、6月10日〜11日)</a>
-        <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-japan/" class="desktopKCButton"><strong>Japan</strong>(東京、6月16日〜17日)</a>
         <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-india/" class="desktopKCButton"><strong>India</strong>(ハイデラバード、8月6日〜7日)</a>
         <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/" class="desktopKCButton"><strong>North America</strong>(アトランタ、11月10日〜13日)</a>
         <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe-2026/" class="desktopKCButton"><strong>Europe</strong>(アムステルダム、2026年3月23日〜26日)</a>
diff --git a/content/ja/docs/concepts/services-networking/connect-applications-service.md b/content/ja/docs/concepts/services-networking/connect-applications-service.md
index 90979a25685c8..38fa2c5b43a06 100644
--- a/content/ja/docs/concepts/services-networking/connect-applications-service.md
+++ b/content/ja/docs/concepts/services-networking/connect-applications-service.md
@@ -291,8 +291,9 @@ metadata:
   namespace: "default"
   type: kubernetes.io/tls
 data:
-  nginx.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ1l4RVRBUEJnTlYKQkFNVENHNW5hVzU0YzNaak1SRXdEd1lEVlFRS0V3aHVaMmx1ZUhOMll6QWVGdzB4TnpFd01qWXdOekEzTVRKYQpGdzB4T0RFd01qWXdOekEzTVRKYU1DWXhFVEFQQmdOVkJBTVRDRzVuYVc1NGMzWmpNUkV3RHdZRFZRUUtFd2h1CloybHVlSE4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjFxSU1SOVdWM0IKMlZIQlRMRmtobDRONXljMEJxYUhIQktMSnJMcy8vdzZhU3hRS29GbHlJSU94NGUrMlN5ajBFcndCLzlYTnBwbQppeW1CL3JkRldkOXg5UWhBQUxCZkVaTmNiV3NsTVFVcnhBZW50VWt1dk1vLzgvMHRpbGhjc3paenJEYVJ4NEo5Ci82UVRtVVI3a0ZTWUpOWTVQZkR3cGc3dlVvaDZmZ1Voam92VG42eHNVR0M2QURVODBpNXFlZWhNeVI1N2lmU2YKNHZpaXdIY3hnL3lZR1JBRS9mRTRqakxCdmdONjc2SU90S01rZXV3R0ljNDFhd05tNnNTSzRqYUNGeGpYSnZaZQp2by9kTlEybHhHWCtKT2l3SEhXbXNhdGp4WTRaNVk3R1ZoK0QrWnYvcW1mMFgvbVY0Rmo1NzV3ajFMWVBocWtsCmdhSXZYRyt4U1FVQ0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjcKTUI4R0ExVWRJd1FZTUJhQUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjdNQXdHQTFVZEV3UUZNQU1CQWY4dwpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRVhTMW9FU0lFaXdyMDhWcVA0K2NwTHI3TW5FMTducDBvMm14alFvCjRGb0RvRjdRZnZqeE04Tzd2TjB0clcxb2pGSW0vWDE4ZnZaL3k4ZzVaWG40Vm8zc3hKVmRBcStNZC9jTStzUGEKNmJjTkNUekZqeFpUV0UrKzE5NS9zb2dmOUZ3VDVDK3U2Q3B5N0M3MTZvUXRUakViV05VdEt4cXI0Nk1OZWNCMApwRFhWZmdWQTRadkR4NFo3S2RiZDY5eXM3OVFHYmg5ZW1PZ05NZFlsSUswSGt0ejF5WU4vbVpmK3FqTkJqbWZjCkNnMnlwbGQ0Wi8rUUNQZjl3SkoybFIrY2FnT0R4elBWcGxNSEcybzgvTHFDdnh6elZPUDUxeXdLZEtxaUMwSVEKQ0I5T2wwWW5scE9UNEh1b2hSUzBPOStlMm9KdFZsNUIyczRpbDlhZ3RTVXFxUlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
-  nginx.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2RhaURFZlZsZHdkbFIKd1V5eFpJWmVEZWNuTkFhbWh4d1NpeWF5N1AvOE9ta3NVQ3FCWmNpQ0RzZUh2dGtzbzlCSzhBZi9WemFhWm9zcApnZjYzUlZuZmNmVUlRQUN3WHhHVFhHMXJKVEVGSzhRSHA3VkpMcnpLUC9QOUxZcFlYTE0yYzZ3MmtjZUNmZitrCkU1bEVlNUJVbUNUV09UM3c4S1lPNzFLSWVuNEZJWTZMMDUrc2JGQmd1Z0ExUE5JdWFubm9UTWtlZTRuMG4rTDQKb3NCM01ZUDhtQmtRQlAzeE9JNHl3YjREZXUraURyU2pKSHJzQmlIT05Xc0RadXJFaXVJMmdoY1kxeWIyWHI2UAozVFVOcGNSbC9pVG9zQngxcHJHclk4V09HZVdPeGxZZmcvbWIvNnBuOUYvNWxlQlkrZStjSTlTMkQ0YXBKWUdpCkwxeHZzVWtGQWdNQkFBRUNnZ0VBZFhCK0xkbk8ySElOTGo5bWRsb25IUGlHWWVzZ294RGQwci9hQ1Zkank4dlEKTjIwL3FQWkUxek1yall6Ry9kVGhTMmMwc0QxaTBXSjdwR1lGb0xtdXlWTjltY0FXUTM5SjM0VHZaU2FFSWZWNgo5TE1jUHhNTmFsNjRLMFRVbUFQZytGam9QSFlhUUxLOERLOUtnNXNrSE5pOWNzMlY5ckd6VWlVZWtBL0RBUlBTClI3L2ZjUFBacDRuRWVBZmI3WTk1R1llb1p5V21SU3VKdlNyblBESGtUdW1vVlVWdkxMRHRzaG9reUxiTWVtN3oKMmJzVmpwSW1GTHJqbGtmQXlpNHg0WjJrV3YyMFRrdWtsZU1jaVlMbjk4QWxiRi9DSmRLM3QraTRoMTVlR2ZQegpoTnh3bk9QdlVTaDR2Q0o3c2Q5TmtEUGJvS2JneVVHOXBYamZhRGR2UVFLQmdRRFFLM01nUkhkQ1pKNVFqZWFKClFGdXF4cHdnNzhZTjQyL1NwenlUYmtGcVFoQWtyczJxWGx1MDZBRzhrZzIzQkswaHkzaE9zSGgxcXRVK3NHZVAKOWRERHBsUWV0ODZsY2FlR3hoc0V0L1R6cEdtNGFKSm5oNzVVaTVGZk9QTDhPTm1FZ3MxMVRhUldhNzZxelRyMgphRlpjQ2pWV1g0YnRSTHVwSkgrMjZnY0FhUUtCZ1FEQmxVSUUzTnNVOFBBZEYvL25sQVB5VWs1T3lDdWc3dmVyClUycXlrdXFzYnBkSi9hODViT1JhM05IVmpVM25uRGpHVHBWaE9JeXg5TEFrc2RwZEFjVmxvcG9HODhXYk9lMTAKMUdqbnkySmdDK3JVWUZiRGtpUGx1K09IYnRnOXFYcGJMSHBzUVpsMGhucDBYSFNYVm9CMUliQndnMGEyOFVadApCbFBtWmc2d1BRS0JnRHVIUVV2SDZHYTNDVUsxNFdmOFhIcFFnMU16M2VvWTBPQm5iSDRvZUZKZmcraEppSXlnCm9RN3hqWldVR3BIc3AyblRtcHErQWlSNzdyRVhsdlhtOElVU2FsbkNiRGlKY01Pc29RdFBZNS9NczJMRm5LQTQKaENmL0pWb2FtZm1nZEN0ZGtFMXNINE9MR2lJVHdEbTRpb0dWZGIwMllnbzFyb2htNUpLMUI3MkpBb0dBUW01UQpHNDhXOTVhL0w1eSt5dCsyZ3YvUHM2VnBvMjZlTzRNQ3lJazJVem9ZWE9IYnNkODJkaC8xT2sybGdHZlI2K3VuCnc1YytZUXRSTHlhQmd3MUtpbGhFZDBKTWU3cGpUSVpnQWJ0LzVPbnlDak9OVXN2aDJjS2lrQ1Z2dTZsZlBjNkQKckliT2ZIaHhxV0RZK2Q1TGN1YSt2NzJ0RkxhenJsSlBsRzlOZHhrQ2dZRUF5elIzT3UyMDNRVVV6bUlCRkwzZAp4Wm5XZ0JLSEo3TnNxcGFWb2RjL0d5aGVycjFDZzE2MmJaSjJDV2RsZkI0VEdtUjZZdmxTZEFOOFRwUWhFbUtKCnFBLzVzdHdxNWd0WGVLOVJmMWxXK29xNThRNTBxMmk1NVdUTThoSDZhTjlaMTltZ0FGdE5VdGNqQUx2dFYxdEYKWSs4WFJkSHJaRnBIWll2NWkwVW1VbGc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
+  # 注意: 以下の値はご自身で base64 エンコードした証明書と鍵に置き換えてください。
+  nginx.crt: "REPLACE_WITH_BASE64_CERT"
+  nginx.key: "REPLACE_WITH_BASE64_KEY"
 ```
 ファイルを使用してSecretを作成します:
 
diff --git a/content/ja/docs/tutorials/services/connect-applications-service.md b/content/ja/docs/tutorials/services/connect-applications-service.md
index 4d6ad1cf7515b..09497fab893a1 100644
--- a/content/ja/docs/tutorials/services/connect-applications-service.md
+++ b/content/ja/docs/tutorials/services/connect-applications-service.md
@@ -287,8 +287,9 @@ metadata:
   namespace: "default"
 type: kubernetes.io/tls
 data:
-  tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ1l4RVRBUEJnTlYKQkFNVENHNW5hVzU0YzNaak1SRXdEd1lEVlFRS0V3aHVaMmx1ZUhOMll6QWVGdzB4TnpFd01qWXdOekEzTVRKYQpGdzB4T0RFd01qWXdOekEzTVRKYU1DWXhFVEFQQmdOVkJBTVRDRzVuYVc1NGMzWmpNUkV3RHdZRFZRUUtFd2h1CloybHVlSE4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjFxSU1SOVdWM0IKMlZIQlRMRmtobDRONXljMEJxYUhIQktMSnJMcy8vdzZhU3hRS29GbHlJSU94NGUrMlN5ajBFcndCLzlYTnBwbQppeW1CL3JkRldkOXg5UWhBQUxCZkVaTmNiV3NsTVFVcnhBZW50VWt1dk1vLzgvMHRpbGhjc3paenJEYVJ4NEo5Ci82UVRtVVI3a0ZTWUpOWTVQZkR3cGc3dlVvaDZmZ1Voam92VG42eHNVR0M2QURVODBpNXFlZWhNeVI1N2lmU2YKNHZpaXdIY3hnL3lZR1JBRS9mRTRqakxCdmdONjc2SU90S01rZXV3R0ljNDFhd05tNnNTSzRqYUNGeGpYSnZaZQp2by9kTlEybHhHWCtKT2l3SEhXbXNhdGp4WTRaNVk3R1ZoK0QrWnYvcW1mMFgvbVY0Rmo1NzV3ajFMWVBocWtsCmdhSXZYRyt4U1FVQ0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjcKTUI4R0ExVWRJd1FZTUJhQUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjdNQXdHQTFVZEV3UUZNQU1CQWY4dwpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRVhTMW9FU0lFaXdyMDhWcVA0K2NwTHI3TW5FMTducDBvMm14alFvCjRGb0RvRjdRZnZqeE04Tzd2TjB0clcxb2pGSW0vWDE4ZnZaL3k4ZzVaWG40Vm8zc3hKVmRBcStNZC9jTStzUGEKNmJjTkNUekZqeFpUV0UrKzE5NS9zb2dmOUZ3VDVDK3U2Q3B5N0M3MTZvUXRUakViV05VdEt4cXI0Nk1OZWNCMApwRFhWZmdWQTRadkR4NFo3S2RiZDY5eXM3OVFHYmg5ZW1PZ05NZFlsSUswSGt0ejF5WU4vbVpmK3FqTkJqbWZjCkNnMnlwbGQ0Wi8rUUNQZjl3SkoybFIrY2FnT0R4elBWcGxNSEcybzgvTHFDdnh6elZPUDUxeXdLZEtxaUMwSVEKQ0I5T2wwWW5scE9UNEh1b2hSUzBPOStlMm9KdFZsNUIyczRpbDlhZ3RTVXFxUlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
-  tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2RhaURFZlZsZHdkbFIKd1V5eFpJWmVEZWNuTkFhbWh4d1NpeWF5N1AvOE9ta3NVQ3FCWmNpQ0RzZUh2dGtzbzlCSzhBZi9WemFhWm9zcApnZjYzUlZuZmNmVUlRQUN3WHhHVFhHMXJKVEVGSzhRSHA3VkpMcnpLUC9QOUxZcFlYTE0yYzZ3MmtjZUNmZitrCkU1bEVlNUJVbUNUV09UM3c4S1lPNzFLSWVuNEZJWTZMMDUrc2JGQmd1Z0ExUE5JdWFubm9UTWtlZTRuMG4rTDQKb3NCM01ZUDhtQmtRQlAzeE9JNHl3YjREZXUraURyU2pKSHJzQmlIT05Xc0RadXJFaXVJMmdoY1kxeWIyWHI2UAozVFVOcGNSbC9pVG9zQngxcHJHclk4V09HZVdPeGxZZmcvbWIvNnBuOUYvNWxlQlkrZStjSTlTMkQ0YXBKWUdpCkwxeHZzVWtGQWdNQkFBRUNnZ0VBZFhCK0xkbk8ySElOTGo5bWRsb25IUGlHWWVzZ294RGQwci9hQ1Zkank4dlEKTjIwL3FQWkUxek1yall6Ry9kVGhTMmMwc0QxaTBXSjdwR1lGb0xtdXlWTjltY0FXUTM5SjM0VHZaU2FFSWZWNgo5TE1jUHhNTmFsNjRLMFRVbUFQZytGam9QSFlhUUxLOERLOUtnNXNrSE5pOWNzMlY5ckd6VWlVZWtBL0RBUlBTClI3L2ZjUFBacDRuRWVBZmI3WTk1R1llb1p5V21SU3VKdlNyblBESGtUdW1vVlVWdkxMRHRzaG9reUxiTWVtN3oKMmJzVmpwSW1GTHJqbGtmQXlpNHg0WjJrV3YyMFRrdWtsZU1jaVlMbjk4QWxiRi9DSmRLM3QraTRoMTVlR2ZQegpoTnh3bk9QdlVTaDR2Q0o3c2Q5TmtEUGJvS2JneVVHOXBYamZhRGR2UVFLQmdRRFFLM01nUkhkQ1pKNVFqZWFKClFGdXF4cHdnNzhZTjQyL1NwenlUYmtGcVFoQWtyczJxWGx1MDZBRzhrZzIzQkswaHkzaE9zSGgxcXRVK3NHZVAKOWRERHBsUWV0ODZsY2FlR3hoc0V0L1R6cEdtNGFKSm5oNzVVaTVGZk9QTDhPTm1FZ3MxMVRhUldhNzZxelRyMgphRlpjQ2pWV1g0YnRSTHVwSkgrMjZnY0FhUUtCZ1FEQmxVSUUzTnNVOFBBZEYvL25sQVB5VWs1T3lDdWc3dmVyClUycXlrdXFzYnBkSi9hODViT1JhM05IVmpVM25uRGpHVHBWaE9JeXg5TEFrc2RwZEFjVmxvcG9HODhXYk9lMTAKMUdqbnkySmdDK3JVWUZiRGtpUGx1K09IYnRnOXFYcGJMSHBzUVpsMGhucDBYSFNYVm9CMUliQndnMGEyOFVadApCbFBtWmc2d1BRS0JnRHVIUVV2SDZHYTNDVUsxNFdmOFhIcFFnMU16M2VvWTBPQm5iSDRvZUZKZmcraEppSXlnCm9RN3hqWldVR3BIc3AyblRtcHErQWlSNzdyRVhsdlhtOElVU2FsbkNiRGlKY01Pc29RdFBZNS9NczJMRm5LQTQKaENmL0pWb2FtZm1nZEN0ZGtFMXNINE9MR2lJVHdEbTRpb0dWZGIwMllnbzFyb2htNUpLMUI3MkpBb0dBUW01UQpHNDhXOTVhL0w1eSt5dCsyZ3YvUHM2VnBvMjZlTzRNQ3lJazJVem9ZWE9IYnNkODJkaC8xT2sybGdHZlI2K3VuCnc1YytZUXRSTHlhQmd3MUtpbGhFZDBKTWU3cGpUSVpnQWJ0LzVPbnlDak9OVXN2aDJjS2lrQ1Z2dTZsZlBjNkQKckliT2ZIaHhxV0RZK2Q1TGN1YSt2NzJ0RkxhenJsSlBsRzlOZHhrQ2dZRUF5elIzT3UyMDNRVVV6bUlCRkwzZAp4Wm5XZ0JLSEo3TnNxcGFWb2RjL0d5aGVycjFDZzE2MmJaSjJDV2RsZkI0VEdtUjZZdmxTZEFOOFRwUWhFbUtKCnFBLzVzdHdxNWd0WGVLOVJmMWxXK29xNThRNTBxMmk1NVdUTThoSDZhTjlaMTltZ0FGdE5VdGNqQUx2dFYxdEYKWSs4WFJkSHJaRnBIWll2NWkwVW1VbGc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
+  # 注意: 以下の値はご自身で base64 エンコードした証明書と鍵に置き換えてください。
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
 ```
 では、このファイルを使ってSecretを作成します:
 
diff --git a/content/ko/docs/tutorials/services/connect-applications-service.md b/content/ko/docs/tutorials/services/connect-applications-service.md
index bf88cebedd491..7c2eaf726fa69 100644
--- a/content/ko/docs/tutorials/services/connect-applications-service.md
+++ b/content/ko/docs/tutorials/services/connect-applications-service.md
@@ -281,9 +281,10 @@ metadata:
   name: "nginxsecret"
   namespace: "default"
 type: kubernetes.io/tls
-data:
-  tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ1l4RVRBUEJnTlYKQkFNVENHNW5hVzU0YzNaak1SRXdEd1lEVlFRS0V3aHVaMmx1ZUhOMll6QWVGdzB4TnpFd01qWXdOekEzTVRKYQpGdzB4T0RFd01qWXdOekEzTVRKYU1DWXhFVEFQQmdOVkJBTVRDRzVuYVc1NGMzWmpNUkV3RHdZRFZRUUtFd2h1CloybHVlSE4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjFxSU1SOVdWM0IKMlZIQlRMRmtobDRONXljMEJxYUhIQktMSnJMcy8vdzZhU3hRS29GbHlJSU94NGUrMlN5ajBFcndCLzlYTnBwbQppeW1CL3JkRldkOXg5UWhBQUxCZkVaTmNiV3NsTVFVcnhBZW50VWt1dk1vLzgvMHRpbGhjc3paenJEYVJ4NEo5Ci82UVRtVVI3a0ZTWUpOWTVQZkR3cGc3dlVvaDZmZ1Voam92VG42eHNVR0M2QURVODBpNXFlZWhNeVI1N2lmU2YKNHZpaXdIY3hnL3lZR1JBRS9mRTRqakxCdmdONjc2SU90S01rZXV3R0ljNDFhd05tNnNTSzRqYUNGeGpYSnZaZQp2by9kTlEybHhHWCtKT2l3SEhXbXNhdGp4WTRaNVk3R1ZoK0QrWnYvcW1mMFgvbVY0Rmo1NzV3ajFMWVBocWtsCmdhSXZYRyt4U1FVQ0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjcKTUI4R0ExVWRJd1FZTUJhQUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjdNQXdHQTFVZEV3UUZNQU1CQWY4dwpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRVhTMW9FU0lFaXdyMDhWcVA0K2NwTHI3TW5FMTducDBvMm14alFvCjRGb0RvRjdRZnZqeE04Tzd2TjB0clcxb2pGSW0vWDE4ZnZaL3k4ZzVaWG40Vm8zc3hKVmRBcStNZC9jTStzUGEKNmJjTkNUekZqeFpUV0UrKzE5NS9zb2dmOUZ3VDVDK3U2Q3B5N0M3MTZvUXRUakViV05VdEt4cXI0Nk1OZWNCMApwRFhWZmdWQTRadkR4NFo3S2RiZDY5eXM3OVFHYmg5ZW1PZ05NZFlsSUswSGt0ejF5WU4vbVpmK3FqTkJqbWZjCkNnMnlwbGQ0Wi8rUUNQZjl3SkoybFIrY2FnT0R4elBWcGxNSEcybzgvTHFDdnh6elZPUDUxeXdLZEtxaUMwSVEKQ0I5T2wwWW5scE9UNEh1b2hSUzBPOStlMm9KdFZsNUIyczRpbDlhZ3RTVXFxUlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
-  tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2RhaURFZlZsZHdkbFIKd1V5eFpJWmVEZWNuTkFhbWh4d1NpeWF5N1AvOE9ta3NVQ3FCWmNpQ0RzZUh2dGtzbzlCSzhBZi9WemFhWm9zcApnZjYzUlZuZmNmVUlRQUN3WHhHVFhHMXJKVEVGSzhRSHA3VkpMcnpLUC9QOUxZcFlYTE0yYzZ3MmtjZUNmZitrCkU1bEVlNUJVbUNUV09UM3c4S1lPNzFLSWVuNEZJWTZMMDUrc2JGQmd1Z0ExUE5JdWFubm9UTWtlZTRuMG4rTDQKb3NCM01ZUDhtQmtRQlAzeE9JNHl3YjREZXUraURyU2pKSHJzQmlIT05Xc0RadXJFaXVJMmdoY1kxeWIyWHI2UAozVFVOcGNSbC9pVG9zQngxcHJHclk4V09HZVdPeGxZZmcvbWIvNnBuOUYvNWxlQlkrZStjSTlTMkQ0YXBKWUdpCkwxeHZzVWtGQWdNQkFBRUNnZ0VBZFhCK0xkbk8ySElOTGo5bWRsb25IUGlHWWVzZ294RGQwci9hQ1Zkank4dlEKTjIwL3FQWkUxek1yall6Ry9kVGhTMmMwc0QxaTBXSjdwR1lGb0xtdXlWTjltY0FXUTM5SjM0VHZaU2FFSWZWNgo5TE1jUHhNTmFsNjRLMFRVbUFQZytGam9QSFlhUUxLOERLOUtnNXNrSE5pOWNzMlY5ckd6VWlVZWtBL0RBUlBTClI3L2ZjUFBacDRuRWVBZmI3WTk1R1llb1p5V21SU3VKdlNyblBESGtUdW1vVlVWdkxMRHRzaG9reUxiTWVtN3oKMmJzVmpwSW1GTHJqbGtmQXlpNHg0WjJrV3YyMFRrdWtsZU1jaVlMbjk4QWxiRi9DSmRLM3QraTRoMTVlR2ZQegpoTnh3bk9QdlVTaDR2Q0o3c2Q5TmtEUGJvS2JneVVHOXBYamZhRGR2UVFLQmdRRFFLM01nUkhkQ1pKNVFqZWFKClFGdXF4cHdnNzhZTjQyL1NwenlUYmtGcVFoQWtyczJxWGx1MDZBRzhrZzIzQkswaHkzaE9zSGgxcXRVK3NHZVAKOWRERHBsUWV0ODZsY2FlR3hoc0V0L1R6cEdtNGFKSm5oNzVVaTVGZk9QTDhPTm1FZ3MxMVRhUldhNzZxelRyMgphRlpjQ2pWV1g0YnRSTHVwSkgrMjZnY0FhUUtCZ1FEQmxVSUUzTnNVOFBBZEYvL25sQVB5VWs1T3lDdWc3dmVyClUycXlrdXFzYnBkSi9hODViT1JhM05IVmpVM25uRGpHVHBWaE9JeXg5TEFrc2RwZEFjVmxvcG9HODhXYk9lMTAKMUdqbnkySmdDK3JVWUZiRGtpUGx1K09IYnRnOXFYcGJMSHBzUVpsMGhucDBYSFNYVm9CMUliQndnMGEyOFVadApCbFBtWmc2d1BRS0JnRHVIUVV2SDZHYTNDVUsxNFdmOFhIcFFnMU16M2VvWTBPQm5iSDRvZUZKZmcraEppSXlnCm9RN3hqWldVR3BIc3AyblRtcHErQWlSNzdyRVhsdlhtOElVU2FsbkNiRGlKY01Pc29RdFBZNS9NczJMRm5LQTQKaENmL0pWb2FtZm1nZEN0ZGtFMXNINE9MR2lJVHdEbTRpb0dWZGIwMllnbzFyb2htNUpLMUI3MkpBb0dBUW01UQpHNDhXOTVhL0w1eSt5dCsyZ3YvUHM2VnBvMjZlTzRNQ3lJazJVem9ZWE9IYnNkODJkaC8xT2sybGdHZlI2K3VuCnc1YytZUXRSTHlhQmd3MUtpbGhFZDBKTWU3cGpUSVpnQWJ0LzVPbnlDak9OVXN2aDJjS2lrQ1Z2dTZsZlBjNkQKckliT2ZIaHhxV0RZK2Q1TGN1YSt2NzJ0RkxhenJsSlBsRzlOZHhrQ2dZRUF5elIzT3UyMDNRVVV6bUlCRkwzZAp4Wm5XZ0JLSEo3TnNxcGFWb2RjL0d5aGVycjFDZzE2MmJaSjJDV2RsZkI0VEdtUjZZdmxTZEFOOFRwUWhFbUtKCnFBLzVzdHdxNWd0WGVLOVJmMWxXK29xNThRNTBxMmk1NVdUTThoSDZhTjlaMTltZ0FGdE5VdGNqQUx2dFYxdEYKWSs4WFJkSHJaRnBIWll2NWkwVW1VbGc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
+data: 
+  # 참고: 아래 값들을 직접 base64로 인코딩한 인증서와 키로 교체하세요.
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
 ```
 이제 파일을 사용해서 시크릿을 생성한다.
 
diff --git a/content/pt-br/docs/tasks/run-application/run-single-instance-stateful-application.md b/content/pt-br/docs/tasks/run-application/run-single-instance-stateful-application.md
new file mode 100644
index 0000000000000..bd7ae674b4d2f
--- /dev/null
+++ b/content/pt-br/docs/tasks/run-application/run-single-instance-stateful-application.md
@@ -0,0 +1,181 @@
+---
+title: Executar uma Aplicação Com Estado e de Instância Única
+content_type: tutorial
+weight: 20
+---
+
+<!-- overview -->
+
+Esta página mostra como executar um aplicativo com estado e de instância única no Kubernetes utilizando um PersistentVolume e um Deployment.
+O aplicativo utilizado é o MySQL.
+
+## {{% heading "objectives" %}}
+
+- Crie um PersistentVolume referenciando um disco no seu ambiente.
+- Crie um Deployment do MySQL.
+- Exponha o MySQL para outros pods no cluster em um nome DNS conhecido.
+
+## {{% heading "prerequisites" %}}
+
+- {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+- {{< include "default-storage-class-prereqs.md" >}}
+
+<!-- lessoncontent -->
+
+## Fazer o deploy do MySQL
+
+Você pode executar um aplicativo com estado criando um Deployment do Kubernetes e conectando-o a um PersistentVolume existente usando um PersistentVolumeClaim. Por exemplo, este arquivo YAML descreve um Deployment que executa o MySQL e faz referência ao PersistentVolumeClaim. O arquivo define um volume mount para /var/lib/mysql e, em seguida, cria um PersistentVolumeClaim que procura por um volume de 20G. Essa requisição é atendida por qualquer volume existente que atenda aos requisitos ou por um provisionador dinâmico.
+
+Note: A senha é definida no arquivo de configuração yaml, e isso não é seguro. Veja
+[Secrets do Kubernetes](/docs/concepts/configuration/secret/) para uma solução segura.
+
+{{% code_sample file="application/mysql/mysql-deployment.yaml" %}}
+{{% code_sample file="application/mysql/mysql-pv.yaml" %}}
+
+1. Faça o deploy do PV e do PVC do arquivo YAML:
+
+   ```shell
+   kubectl apply -f https://k8s.io/examples/application/mysql/mysql-pv.yaml
+   ```
+
+1. Faça o deploy do conteúdo do arquivo YAML:
+
+   ```shell
+   kubectl apply -f https://k8s.io/examples/application/mysql/mysql-deployment.yaml
+   ```
+
+1. Exiba informações sobre o Deployment:
+
+   ```shell
+   kubectl describe deployment mysql
+   ```
+
+   A saída é semelhante a esta:
+
+   ```
+   Name:                 mysql
+   Namespace:            default
+   CreationTimestamp:    Tue, 01 Nov 2016 11:18:45 -0700
+   Labels:               app=mysql
+   Annotations:          deployment.kubernetes.io/revision=1
+   Selector:             app=mysql
+   Replicas:             1 desired | 1 updated | 1 total | 0 available | 1 unavailable
+   StrategyType:         Recreate
+   MinReadySeconds:      0
+   Pod Template:
+     Labels:       app=mysql
+     Containers:
+       mysql:
+       Image:      mysql:9
+       Port:       3306/TCP
+       Environment:
+         MYSQL_ROOT_PASSWORD:      password
+       Mounts:
+         /var/lib/mysql from mysql-persistent-storage (rw)
+     Volumes:
+       mysql-persistent-storage:
+       Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
+       ClaimName:  mysql-pv-claim
+       ReadOnly:   false
+   Conditions:
+     Type          Status  Reason
+     ----          ------  ------
+     Available     False   MinimumReplicasUnavailable
+     Progressing   True    ReplicaSetUpdated
+   OldReplicaSets:       <none>
+   NewReplicaSet:        mysql-63082529 (1/1 replicas created)
+   Events:
+     FirstSeen    LastSeen    Count    From                SubobjectPath    Type        Reason            Message
+     ---------    --------    -----    ----                -------------    --------    ------            -------
+     33s          33s         1        {deployment-controller }             Normal      ScalingReplicaSet Scaled up replica set mysql-63082529 to 1
+   ```
+
+1. Liste os pods criados pelo Deployment:
+
+   ```shell
+   kubectl get pods -l app=mysql
+   ```
+
+   A saída é semelhante a esta:
+
+   ```
+   NAME                   READY     STATUS    RESTARTS   AGE
+   mysql-63082529-2z3ki   1/1       Running   0          3m
+   ```
+
+1. Inspecione o PersistentVolumeClaim:
+
+   ```shell
+   kubectl describe pvc mysql-pv-claim
+   ```
+
+   A saída é semelhante a esta:
+
+   ```
+   Name:         mysql-pv-claim
+   Namespace:    default
+   StorageClass:
+   Status:       Bound
+   Volume:       mysql-pv-volume
+   Labels:       <none>
+   Annotations:    pv.kubernetes.io/bind-completed=yes
+                   pv.kubernetes.io/bound-by-controller=yes
+   Capacity:     20Gi
+   Access Modes: RWO
+   Events:       <none>
+   ```
+
+## Acessando a instância do MySQL
+
+O arquivo YAML anterior cria um Service que permite que outros Pods no cluster acessem o banco de dados. A opção `clusterIP: None` faz com que o nome DNS do Service resolva diretamente para o endereço IP do Pod. Isso é ideal quando você tem apenas um Pod por trás do Service e não pretende aumentar o número de Pods.
+
+Execute um cliente MySQL para se conectar ao servidor:
+
+```shell
+kubectl run -it --rm --image=mysql:9 --restart=Never mysql-client -- mysql -h mysql -ppassword
+```
+
+Este comando cria um novo Pod no cluster executando um cliente MySQL e o conecta ao servidor por meio do Service. Se a conexão for bem-sucedida, você saberá que seu banco de dados MySQL com estado está em funcionamento.
+
+```
+Waiting for pod default/mysql-client-274442439-zyp6i to be running, status is Pending, pod ready: false
+If you don't see a command prompt, try pressing enter.
+
+mysql>
+```
+
+## Atualizando
+
+A imagem ou qualquer outra parte do Deployment pode ser atualizada normalmente
+com o comando `kubectl apply`. Aqui estão algumas precauções específicas para aplicativos com estado:
+
+- Não faça o escalonamento do aplicativo. Esta configuração é apenas para aplicativos de instância única.
+  O PersistentVolume subjacente só pode ser montado em um Pod. Para aplicativos com estado em cluster, consulte a
+  [documentação do StatefulSet](/docs/concepts/workloads/controllers/statefulset/).
+- Use `strategy:` `type: Recreate` no arquivo YAML de configuração do Deployment.
+  Isso instrui o Kubernetes a _não_ usar atualizações graduais. Atualizações graduais não funcionarão, pois não é possível ter mais de um Pod em execução ao mesmo tempo. A estratégia `Recreate` irá parar o primeiro Pod antes de criar um novo com a configuração atualizada.
+
+## Excluindo um deployment
+
+Exclua os objetos implantados pelo nome:
+
+```shell
+kubectl delete deployment,svc mysql
+kubectl delete pvc mysql-pv-claim
+kubectl delete pv mysql-pv-volume
+```
+
+Se você provisionou manualmente um PersistentVolume, também precisará excluí-lo manualmente, assim como liberar o recurso subjacente.
+Se você usou um provisionador dinâmico, ele exclui automaticamente o PersistentVolume ao detectar que você excluiu o PersistentVolumeClaim.
+Alguns provisionadores dinâmicos (como os de EBS e PD) também liberam o recurso subjacente ao excluir o PersistentVolume.
+
+## {{% heading "whatsnext" %}}
+
+- Saiba mais sobre [objetos Deployment](/docs/concepts/workloads/controllers/deployment/).
+
+- Saiba mais sobre [implantação de aplicativos](/docs/tasks/run-application/run-stateless-application-deployment/)
+
+- [Documentação do kubectl run](/docs/reference/generated/kubectl/kubectl-commands/#run)
+
+- [Volumes](/docs/concepts/storage/volumes/) e [Persistent Volumes](/docs/concepts/storage/persistent-volumes/)
diff --git a/content/pt-br/examples/application/mysql/mysql-deployment.yaml b/content/pt-br/examples/application/mysql/mysql-deployment.yaml
new file mode 100644
index 0000000000000..b0ef083631bc0
--- /dev/null
+++ b/content/pt-br/examples/application/mysql/mysql-deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+spec:
+  ports:
+  - port: 3306
+  selector:
+    app: mysql
+  clusterIP: None
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - image: mysql:9
+        name: mysql
+        env:
+          # Em cenários reais, utilize um Secret
+        - name: MYSQL_ROOT_PASSWORD
+          value: password
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim
diff --git a/content/pt-br/examples/application/mysql/mysql-pv.yaml b/content/pt-br/examples/application/mysql/mysql-pv.yaml
new file mode 100644
index 0000000000000..c89779a83fd23
--- /dev/null
+++ b/content/pt-br/examples/application/mysql/mysql-pv.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mysql-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
diff --git a/content/pt-br/includes/default-storage-class-prereqs.md b/content/pt-br/includes/default-storage-class-prereqs.md
new file mode 100644
index 0000000000000..d624ff5e3f47c
--- /dev/null
+++ b/content/pt-br/includes/default-storage-class-prereqs.md
@@ -0,0 +1,5 @@
+Você precisa ter um [provisionador dinâmico de PersistentVolume](/docs/concepts/storage/dynamic-provisioning/) com uma
+[StorageClass](/docs/concepts/storage/storage-classes/) padrão,
+ou [provisionar PersistentVolumes estaticamente](/docs/concepts/storage/persistent-volumes/#provisioning)
+por conta própria para atender aos [PersistentVolumeClaims](/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)
+utilizados aqui.
diff --git a/content/zh-cn/blog/_posts/2025-05-02-mutable-csi-node-allocatable.md b/content/zh-cn/blog/_posts/2025-05-02-mutable-csi-node-allocatable.md
new file mode 100644
index 0000000000000..605ab65666d4f
--- /dev/null
+++ b/content/zh-cn/blog/_posts/2025-05-02-mutable-csi-node-allocatable.md
@@ -0,0 +1,156 @@
+---
+layout: blog
+title: "Kubernetes v1.33：可变的 CSI 节点可分配数"
+date: 2025-05-02T10:30:00-08:00
+slug: kubernetes-1-33-mutable-csi-node-allocatable-count
+author: Eddie Torres (Amazon Web Services)
+translator: Michael Yao (DaoCloud)
+---
+<!--
+layout: blog
+title: "Kubernetes v1.33: Mutable CSI Node Allocatable Count"
+date: 2025-05-02T10:30:00-08:00
+slug: kubernetes-1-33-mutable-csi-node-allocatable-count
+author: Eddie Torres (Amazon Web Services)
+-->
+
+<!--
+Scheduling stateful applications reliably depends heavily on accurate information about resource availability on nodes.
+Kubernetes v1.33 introduces an alpha feature called *mutable CSI node allocatable count*, allowing Container Storage Interface (CSI) drivers to dynamically update the reported maximum number of volumes that a node can handle.
+This capability significantly enhances the accuracy of pod scheduling decisions and reduces scheduling failures caused by outdated volume capacity information.
+-->
+可靠调度有状态应用极度依赖于节点上资源可用性的准确信息。  
+Kubernetes v1.33 引入一个名为**可变的 CSI 节点可分配计数**的 Alpha 特性，允许
+CSI（容器存储接口）驱动动态更新节点可以处理的最大卷数量。  
+这一能力显著提升 Pod 调度决策的准确性，并减少因卷容量信息过时而导致的调度失败。
+
+<!--
+## Background
+
+Traditionally, Kubernetes CSI drivers report a static maximum volume attachment limit when initializing. However, actual attachment capacities can change during a node's lifecycle for various reasons, such as:
+
+- Manual or external operations attaching/detaching volumes outside of Kubernetes control.
+- Dynamically attached network interfaces or specialized hardware (GPUs, NICs, etc.) consuming available slots.
+- Multi-driver scenarios, where one CSI driver’s operations affect available capacity reported by another.
+-->
+
+## 背景   {#background}
+
+传统上，Kubernetes 中的 CSI 驱动在初始化时会报告一个静态的最大卷挂接限制。
+然而，在节点生命周期内，实际的挂接容量可能会由于多种原因发生变化，例如：
+
+- 在 Kubernetes 控制之外的手动或外部操作挂接/解除挂接卷。
+- 动态挂接的网络接口或专用硬件（如 GPU、NIC 等）占用可用的插槽。
+- 在多驱动场景中，一个 CSI 驱动的操作会影响另一个驱动所报告的可用容量。
+
+<!--
+Static reporting can cause Kubernetes to schedule pods onto nodes that appear to have capacity but don't, leading to pods stuck in a `ContainerCreating` state.
+
+## Dynamically adapting CSI volume limits
+
+With the new feature gate `MutableCSINodeAllocatableCount`, Kubernetes enables CSI drivers to dynamically adjust and report node attachment capacities at runtime. This ensures that the scheduler has the most accurate, up-to-date view of node capacity.
+-->
+静态报告可能导致 Kubernetes 将 Pod 调度到看似有容量但实际没有的节点上，进而造成
+Pod 长时间卡在 `ContainerCreating` 状态。
+
+## 动态适应 CSI 卷限制   {#dynamically-adapting-csi-volume-limits}
+
+借助新的特性门控 `MutableCSINodeAllocatableCount`，Kubernetes 允许 CSI
+驱动在运行时动态调整并报告节点的挂接容量。如此确保调度器能获取到最准确、最新的节点容量信息。
+
+<!--
+### How it works
+
+When this feature is enabled, Kubernetes supports two mechanisms for updating the reported node volume limits:
+
+- **Periodic Updates:** CSI drivers specify an interval to periodically refresh the node's allocatable capacity.
+- **Reactive Updates:** An immediate update triggered when a volume attachment fails due to exhausted resources (`ResourceExhausted` error).
+-->
+### 工作原理   {#how-it-works}
+
+启用此特性后，Kubernetes 支持通过以下两种机制来更新节点卷限制的报告值：
+
+- **周期性更新：** CSI 驱动指定一个间隔时间，来定期刷新节点的可分配容量。
+- **响应式更新：** 当因资源耗尽（`ResourceExhausted` 错误）导致卷挂接失败时，立即触发更新。
+
+<!--
+### Enabling the feature
+
+To use this alpha feature, you must enable the `MutableCSINodeAllocatableCount` feature gate in these components:
+-->
+### 启用此特性   {#enabling-the-feature}
+
+要使用此 Alpha 特性，你必须在以下组件中启用 `MutableCSINodeAllocatableCount` 特性门控：
+
+- `kube-apiserver`
+- `kubelet`
+
+<!--
+### Example CSI driver configuration
+
+Below is an example of configuring a CSI driver to enable periodic updates every 60 seconds:
+-->
+### CSI 驱动配置示例   {#example-csi-driver-configuration}
+
+以下是配置 CSI 驱动以每 60 秒进行一次周期性更新的示例：
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: example.csi.k8s.io
+spec:
+  nodeAllocatableUpdatePeriodSeconds: 60
+```
+
+<!--
+This configuration directs Kubelet to periodically call the CSI driver's `NodeGetInfo` method every 60 seconds, updating the node’s allocatable volume count. Kubernetes enforces a minimum update interval of 10 seconds to balance accuracy and resource usage.
+-->
+此配置会指示 Kubelet 每 60 秒调用一次 CSI 驱动的 `NodeGetInfo` 方法，从而更新节点的可分配卷数量。  
+Kubernetes 强制要求最小更新间隔时间为 10 秒，以平衡准确性和资源使用量。
+
+<!--
+### Immediate updates on attachment failures
+
+In addition to periodic updates, Kubernetes now reacts to attachment failures. Specifically, if a volume attachment fails with a `ResourceExhausted` error (gRPC code `8`), an immediate update is triggered to correct the allocatable count promptly.
+
+This proactive correction prevents repeated scheduling errors and helps maintain cluster health.
+-->
+### 挂接失败时的即时更新   {#immediate-updates-on-attachment-failures}
+
+除了周期性更新外，Kubernetes 现在也能对挂接失败做出响应。  
+具体来说，如果卷挂接由于 `ResourceExhausted` 错误（gRPC 错误码 `8`）而失败，将立即触发更新，以快速纠正可分配数量。
+
+这种主动纠正可以防止重复的调度错误，有助于保持集群的健康状态。
+
+<!--
+## Getting started
+
+To experiment with mutable CSI node allocatable count in your Kubernetes v1.33 cluster:
+
+1. Enable the feature gate `MutableCSINodeAllocatableCount` on the `kube-apiserver` and `kubelet` components.
+2. Update your CSI driver configuration by setting `nodeAllocatableUpdatePeriodSeconds`.
+3. Monitor and observe improvements in scheduling accuracy and pod placement reliability.
+-->
+## 快速开始    {#getting-started}
+
+要在 Kubernetes v1.33 集群中试用可变的 CSI 节点可分配数：
+
+1. 在 `kube-apiserver` 和 `kubelet` 组件上启用特性门控 `MutableCSINodeAllocatableCount`。
+2. 在 CSI 驱动配置中设置 `nodeAllocatableUpdatePeriodSeconds`。
+3. 监控并观察调度准确性和 Pod 放置可靠性的提升程度。
+
+<!--
+## Next steps
+
+This feature is currently in alpha and the Kubernetes community welcomes your feedback. Test it, share your experiences, and help guide its evolution toward beta and GA stability.
+
+Join discussions in the [Kubernetes Storage Special Interest Group (SIG-Storage)](https://github.com/kubernetes/community/tree/master/sig-storage) to shape the future of Kubernetes storage capabilities.
+-->
+## 后续计划   {#next-steps}
+
+此特性目前处于 Alpha 阶段，Kubernetes 社区欢迎你的反馈。
+无论是参与测试、分享你的经验，都有助于推动此特性向 Beta 和 GA（正式发布）稳定版迈进。
+
+欢迎加入 [Kubernetes SIG-Storage](https://github.com/kubernetes/community/tree/master/sig-storage)
+的讨论，共同塑造 Kubernetes 存储能力的未来。
diff --git a/content/zh-cn/blog/_posts/2025-06-10-enhancing-kubernetes-event-management-custom-aggregation.md b/content/zh-cn/blog/_posts/2025-06-10-enhancing-kubernetes-event-management-custom-aggregation.md
new file mode 100644
index 0000000000000..b711f77c3c7a6
--- /dev/null
+++ b/content/zh-cn/blog/_posts/2025-06-10-enhancing-kubernetes-event-management-custom-aggregation.md
@@ -0,0 +1,613 @@
+---
+layout: blog
+title: "通过自定义聚合增强 Kubernetes Event 管理"
+date: 2025-06-10
+draft: false
+slug: enhancing-kubernetes-event-management-custom-aggregation
+Author: >
+  [Rez Moss](https://github.com/rezmoss)
+translator: >
+  [Xin Li](https://github.com/my-git9) (DaoCloud)
+---
+<!--
+layout: blog
+title: "Enhancing Kubernetes Event Management with Custom Aggregation"
+date: 2025-06-10
+draft: false
+slug: enhancing-kubernetes-event-management-custom-aggregation
+Author: >
+  [Rez Moss](https://github.com/rezmoss)
+-->
+
+<!--
+Kubernetes [Events](/docs/reference/kubernetes-api/cluster-resources/event-v1/) provide crucial insights into cluster operations, but as clusters grow, managing and analyzing these events becomes increasingly challenging. This blog post explores how to build custom event aggregation systems that help engineering teams better understand cluster behavior and troubleshoot issues more effectively.
+-->
+Kubernetes [Event](/zh-cn/docs/reference/kubernetes-api/cluster-resources/event-v1/)
+提供了集群操作的关键洞察信息，但随着集群的增长，管理和分析这些 Event 变得越来越具有挑战性。
+这篇博客文章探讨了如何构建自定义 Event 聚合系统，以帮助工程团队更好地理解集群行为并更有效地解决问题。
+
+<!--
+## The challenge with Kubernetes events
+
+In a Kubernetes cluster, events are generated for various operations - from pod scheduling and container starts to volume mounts and network configurations. While these events are invaluable for debugging and monitoring, several challenges emerge in production environments:
+-->
+## Kubernetes Event 的挑战
+
+在 Kubernetes 集群中，从 Pod 调度、容器启动到卷挂载和网络配置，
+各种操作都会生成 Event。虽然这些 Event 对于调试和监控非常有价值，
+但在生产环境中出现了几个挑战：
+
+<!--
+1. **Volume**: Large clusters can generate thousands of events per minute
+2. **Retention**: Default event retention is limited to one hour
+3. **Correlation**: Related events from different components are not automatically linked
+4. **Classification**: Events lack standardized severity or category classifications
+5. **Aggregation**: Similar events are not automatically grouped
+-->
+1. **量**：大型集群每分钟可以生成数千个 Event
+2. **保留**：默认 Event 保留时间限制为一小时
+3. **关联**：不同组件的相关 Event 不会自动链接
+4. **分类**：Event 缺乏标准化的严重性或类别分类
+5. **聚合**：相似的 Event 不会自动分组
+
+<!--
+To learn more about Events in Kubernetes, read the [Event](/docs/reference/kubernetes-api/cluster-resources/event-v1/) API reference.
+-->
+要了解更多关于 Kubernetes Event 的信息，请阅读
+[Event](/zh-cn/docs/reference/kubernetes-api/cluster-resources/event-v1/)
+API 参考。
+
+<!--
+## Real-World value
+
+Consider a production environment with tens of microservices where the users report intermittent transaction failures:
+
+**Traditional event aggregation process:** Engineers are wasting hours sifting through thousands of standalone events spread across namespaces. By the time they look into it, the older events have long since purged, and correlating pod restarts to node-level issues is practically impossible.
+-->
+## 现实世界的价值
+
+考虑一个拥有数十个微服务的生产环境中，用户报告间歇性事务失败的情况：
+
+**传统的 Event 聚合过程：** 工程师浪费数小时筛选分散在各个命名空间中的成千上万的独立 Event。
+等到他们查看时，较旧的 Event 早已被清除，将 Pod 重启与节点级别问题关联实际上是不可能的。
+
+<!--
+**With its event aggregation in its custom events:** The system groups events across resources, instantly surfacing correlation patterns such as volume mount timeouts before pod restarts. History indicates it occurred during past record traffic spikes, highlighting a storage scalability issue in minutes rather than hours.
+
+The benefit of this approach is that organizations that implement it commonly cut down their troubleshooting time significantly along with increasing the reliability of systems by detecting patterns early.
+-->
+**在自定义 Event 中使用 Event 聚合器：** 系统跨资源分组 Event，
+即时浮现如卷挂载超时等关联模式，这些模式出现在 Pod 重启之前。
+历史记录表明，这发生在过去的流量高峰期间，突显了存储扩缩问题，
+在几分钟内而不是几小时内发现问题。
+
+这种方法的好处是，实施它的组织通常可以显著减少故障排除时间，
+并通过早期检测模式来提高系统的可靠性。
+
+<!--
+## Building an Event aggregation system
+
+This post explores how to build a custom event aggregation system that addresses these challenges, aligned to Kubernetes best practices. I've picked the Go programming language for my example.
+-->
+## 构建 Event 聚合系统
+
+本文探讨了如何构建一个解决这些问题的自定义 Event 聚合系统，
+该系统符合 Kubernetes 最佳实践。我选择了 Go 编程语言作为示例。
+
+<!--
+### Architecture overview
+
+This event aggregation system consists of three main components:
+
+1. **Event Watcher**: Monitors the Kubernetes API for new events
+2. **Event Processor**: Processes, categorizes, and correlates events
+3. **Storage Backend**: Stores processed events for longer retention
+
+Here's a sketch for how to implement the event watcher:
+-->
+### 架构概述
+
+这个 Event 聚合系统由三个主要组件组成：
+
+1. **Event 监视器**：监控 Kubernetes API 的新 Event
+2. **Event 处理器**：处理、分类和关联 Event
+3. **存储后端**：存储处理过的 Event 以实现更长的保留期
+
+以下是实现 Event 监视器的示例代码：
+
+```go
+package main
+
+import (
+    "context"
+    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+    "k8s.io/client-go/kubernetes"
+    "k8s.io/client-go/rest"
+    eventsv1 "k8s.io/api/events/v1"
+)
+
+type EventWatcher struct {
+    clientset *kubernetes.Clientset
+}
+
+func NewEventWatcher(config *rest.Config) (*EventWatcher, error) {
+    clientset, err := kubernetes.NewForConfig(config)
+    if err != nil {
+        return nil, err
+    }
+    return &EventWatcher{clientset: clientset}, nil
+}
+
+func (w *EventWatcher) Watch(ctx context.Context) (<-chan *eventsv1.Event, error) {
+    events := make(chan *eventsv1.Event)
+    
+    watcher, err := w.clientset.EventsV1().Events("").Watch(ctx, metav1.ListOptions{})
+    if err != nil {
+        return nil, err
+    }
+
+    go func() {
+        defer close(events)
+        for {
+            select {
+            case event := <-watcher.ResultChan():
+                if e, ok := event.Object.(*eventsv1.Event); ok {
+                    events <- e
+                }
+            case <-ctx.Done():
+                watcher.Stop()
+                return
+            }
+        }
+    }()
+
+    return events, nil
+}
+```
+
+<!--
+### Event processing and classification
+
+The event processor enriches events with additional context and classification:
+-->
+### Event 处理和分类
+
+Event 处理器为 Event 添加额外的上下文和分类：
+
+<!--
+```go
+type EventProcessor struct {
+    categoryRules []CategoryRule
+    correlationRules []CorrelationRule
+}
+
+type ProcessedEvent struct {
+    Event     *eventsv1.Event
+    Category  string
+    Severity  string
+    CorrelationID string
+    Metadata  map[string]string
+}
+
+func (p *EventProcessor) Process(event *eventsv1.Event) *ProcessedEvent {
+    processed := &ProcessedEvent{
+        Event:    event,
+        Metadata: make(map[string]string),
+    }
+    
+    // Apply classification rules
+    processed.Category = p.classifyEvent(event)
+    processed.Severity = p.determineSeverity(event)
+    
+    // Generate correlation ID for related events
+    processed.CorrelationID = p.correlateEvent(event)
+    
+    // Add useful metadata
+    processed.Metadata = p.extractMetadata(event)
+    
+    return processed
+}
+```
+-->
+```go
+type EventProcessor struct {
+    categoryRules []CategoryRule
+    correlationRules []CorrelationRule
+}
+
+type ProcessedEvent struct {
+    Event     *eventsv1.Event
+    Category  string
+    Severity  string
+    CorrelationID string
+    Metadata  map[string]string
+}
+
+func (p *EventProcessor) Process(event *eventsv1.Event) *ProcessedEvent {
+    processed := &ProcessedEvent{
+        Event:    event,
+        Metadata: make(map[string]string),
+    }
+    
+    // 应用分类规则
+    processed.Category = p.classifyEvent(event)
+    processed.Severity = p.determineSeverity(event)
+    
+    // 为相关 Event 生成关联 ID
+    processed.CorrelationID = p.correlateEvent(event)
+    
+    // 添加有用的元数据
+    processed.Metadata = p.extractMetadata(event)
+    
+    return processed
+}
+```
+
+<!--
+### Implementing Event correlation
+
+One of the key features you could implement is a way of correlating related Events.
+Here's an example correlation strategy:
+-->
+### 实现 Event 关联
+
+你可以实现的一个关键特性是关联相关 Event 的方法，这里有一个示例关联策略：
+
+<!--
+```go
+func (p *EventProcessor) correlateEvent(event *eventsv1.Event) string {
+    // Correlation strategies:
+    // 1. Time-based: Events within a time window
+    // 2. Resource-based: Events affecting the same resource
+    // 3. Causation-based: Events with cause-effect relationships
+
+    correlationKey := generateCorrelationKey(event)
+    return correlationKey
+}
+
+func generateCorrelationKey(event *eventsv1.Event) string {
+    // Example: Combine namespace, resource type, and name
+    return fmt.Sprintf("%s/%s/%s",
+        event.InvolvedObject.Namespace,
+        event.InvolvedObject.Kind,
+        event.InvolvedObject.Name,
+    )
+}
+```
+-->
+```go
+func (p *EventProcessor) correlateEvent(event *eventsv1.Event) string {
+    // 相关策略：
+    // 1. 基于时间的：时间窗口内的事件
+    // 2. 基于资源的：影响同一资源的事件
+    // 3. 基于因果关系的：具有因果关系的事件
+
+    correlationKey := generateCorrelationKey(event)
+    return correlationKey
+}
+
+func generateCorrelationKey(event *eventsv1.Event) string {
+    // 示例：结合命名空间、资源类型和名称
+    return fmt.Sprintf("%s/%s/%s",
+        event.InvolvedObject.Namespace,
+        event.InvolvedObject.Kind,
+        event.InvolvedObject.Name,
+    )
+}
+```
+
+<!--
+## Event storage and retention
+
+For long-term storage and analysis, you'll probably want a backend that supports:
+- Efficient querying of large event volumes
+- Flexible retention policies
+- Support for aggregation queries
+
+Here's a sample storage interface:
+-->
+## Event 存储和保留
+
+对于长期存储和分析，你可能需要一个支持以下功能的后端：
+- 大量 Event 的高效查询
+- 灵活的保留策略
+- 支持聚合查询
+
+这里是一个示例存储接口：
+
+```go
+type EventStorage interface {
+    Store(context.Context, *ProcessedEvent) error
+    Query(context.Context, EventQuery) ([]ProcessedEvent, error)
+    Aggregate(context.Context, AggregationParams) ([]EventAggregate, error)
+}
+
+type EventQuery struct {
+    TimeRange     TimeRange
+    Categories    []string
+    Severity      []string
+    CorrelationID string
+    Limit         int
+}
+
+type AggregationParams struct {
+    GroupBy    []string
+    TimeWindow string
+    Metrics    []string
+}
+```
+
+<!--
+## Good practices for Event management
+
+1. **Resource Efficiency**
+   - Implement rate limiting for event processing
+   - Use efficient filtering at the API server level
+   - Batch events for storage operations
+-->
+## Event 管理的良好实践
+
+1. **资源效率**
+   - 为 Event 处理实现速率限制
+   - 在 API 服务器级别使用高效的过滤
+   - 对存储操作批量处理 Event
+
+<!--
+2. **Scalability**
+   - Distribute event processing across multiple workers
+   - Use leader election for coordination
+   - Implement backoff strategies for API rate limits
+
+3. **Reliability**
+   - Handle API server disconnections gracefully
+   - Buffer events during storage backend unavailability
+   - Implement retry mechanisms with exponential backoff
+-->
+2. **扩缩性**
+   - 将 Event 处理分派给多个工作线程
+   - 使用领导者选举进行协调
+   - 实施 API 速率限制的退避策略
+
+3. **可靠性**
+   - 优雅地处理 API 服务器断开连接
+   - 在存储后端不可用期间缓冲 Event
+   - 实施带有指数退避的重试机制
+
+<!--
+## Advanced features
+
+### Pattern detection
+
+Implement pattern detection to identify recurring issues:
+-->
+## 高级特性
+
+### 模式检测
+
+实现模式检测以识别重复出现的问题：
+
+<!--
+```go
+type PatternDetector struct {
+    patterns map[string]*Pattern
+    threshold int
+}
+
+func (d *PatternDetector) Detect(events []ProcessedEvent) []Pattern {
+    // Group similar events
+    groups := groupSimilarEvents(events)
+    
+    // Analyze frequency and timing
+    patterns := identifyPatterns(groups)
+    
+    return patterns
+}
+
+func groupSimilarEvents(events []ProcessedEvent) map[string][]ProcessedEvent {
+    groups := make(map[string][]ProcessedEvent)
+    
+    for _, event := range events {
+        // Create similarity key based on event characteristics
+        similarityKey := fmt.Sprintf("%s:%s:%s",
+            event.Event.Reason,
+            event.Event.InvolvedObject.Kind,
+            event.Event.InvolvedObject.Namespace,
+        )
+        
+        // Group events with the same key
+        groups[similarityKey] = append(groups[similarityKey], event)
+    }
+    
+    return groups
+}
+
+
+func identifyPatterns(groups map[string][]ProcessedEvent) []Pattern {
+    var patterns []Pattern
+    
+    for key, events := range groups {
+        // Only consider groups with enough events to form a pattern
+        if len(events) < 3 {
+            continue
+        }
+        
+        // Sort events by time
+        sort.Slice(events, func(i, j int) bool {
+            return events[i].Event.LastTimestamp.Time.Before(events[j].Event.LastTimestamp.Time)
+        })
+        
+        // Calculate time range and frequency
+        firstSeen := events[0].Event.FirstTimestamp.Time
+        lastSeen := events[len(events)-1].Event.LastTimestamp.Time
+        duration := lastSeen.Sub(firstSeen).Minutes()
+        
+        var frequency float64
+        if duration > 0 {
+            frequency = float64(len(events)) / duration
+        }
+        
+        // Create a pattern if it meets threshold criteria
+        if frequency > 0.5 { // More than 1 event per 2 minutes
+            pattern := Pattern{
+                Type:         key,
+                Count:        len(events),
+                FirstSeen:    firstSeen,
+                LastSeen:     lastSeen,
+                Frequency:    frequency,
+                EventSamples: events[:min(3, len(events))], // Keep up to 3 samples
+            }
+            patterns = append(patterns, pattern)
+        }
+    }
+    
+    return patterns
+}
+```
+-->
+```go
+type PatternDetector struct {
+    patterns map[string]*Pattern
+    threshold int
+}
+
+func (d *PatternDetector) Detect(events []ProcessedEvent) []Pattern {
+    // 将类似 Event 分组
+    groups := groupSimilarEvents(events)
+    
+    // Analyze frequency and timing
+    patterns := identifyPatterns(groups)
+    
+    return patterns
+}
+
+func groupSimilarEvents(events []ProcessedEvent) map[string][]ProcessedEvent {
+    groups := make(map[string][]ProcessedEvent)
+    
+    for _, event := range events {
+        // 根据 Event 特征创建相似性键
+        similarityKey := fmt.Sprintf("%s:%s:%s",
+            event.Event.Reason,
+            event.Event.InvolvedObject.Kind,
+            event.Event.InvolvedObject.Namespace,
+        )
+        
+        // 用相同的键对 Event 进行分组
+        groups[similarityKey] = append(groups[similarityKey], event)
+    }
+    
+    return groups
+}
+
+
+func identifyPatterns(groups map[string][]ProcessedEvent) []Pattern {
+    var patterns []Pattern
+    
+    for key, events := range groups {
+        // 只考虑具有足够 Event 以形成模式的组
+        if len(events) < 3 {
+            continue
+        }
+        
+        // 按时间对 Event 进行排序
+        sort.Slice(events, func(i, j int) bool {
+            return events[i].Event.LastTimestamp.Time.Before(events[j].Event.LastTimestamp.Time)
+        })
+        
+        // 计算时间范围和频率
+        firstSeen := events[0].Event.FirstTimestamp.Time
+        lastSeen := events[len(events)-1].Event.LastTimestamp.Time
+        duration := lastSeen.Sub(firstSeen).Minutes()
+        
+        var frequency float64
+        if duration > 0 {
+            frequency = float64(len(events)) / duration
+        }
+        
+        // 如果满足阈值标准，则创建模式
+        if frequency > 0.5 { // 每 2 分钟发生超过 1 个事件
+            pattern := Pattern{
+                Type:         key,
+                Count:        len(events),
+                FirstSeen:    firstSeen,
+                LastSeen:     lastSeen,
+                Frequency:    frequency,
+                EventSamples: events[:min(3, len(events))], // 最多保留 3 个样本
+            }
+            patterns = append(patterns, pattern)
+        }
+    }
+    
+    return patterns
+}
+```
+
+<!--
+With this implementation, the system can identify recurring patterns such as node pressure events, pod scheduling failures, or networking issues that occur with a specific frequency.
+-->
+通过此实现，系统可以识别诸如节点压力 Event、Pod
+调度失败或以特定频率发生的网络问题等重复出现的模式。
+
+<!--
+### Real-time alerts
+
+The following example provides a starting point for building an alerting system based on event patterns. It is not a complete solution but a conceptual sketch to illustrate the approach.
+-->
+### 实时警报
+
+以下示例提供了一个基于 Event 模式构建警报系统的基础起点。
+它不是一个完整的解决方案，而是一个用于说明方法的概念性草图。
+
+```go
+type AlertManager struct {
+    rules []AlertRule
+    notifiers []Notifier
+}
+
+func (a *AlertManager) EvaluateEvents(events []ProcessedEvent) {
+    for _, rule := range a.rules {
+        if rule.Matches(events) {
+            alert := rule.GenerateAlert(events)
+            a.notify(alert)
+        }
+    }
+}
+```
+
+<!--
+## Conclusion
+
+A well-designed event aggregation system can significantly improve cluster observability and troubleshooting capabilities. By implementing custom event processing, correlation, and storage, operators can better understand cluster behavior and respond to issues more effectively.
+
+The solutions presented here can be extended and customized based on specific requirements while maintaining compatibility with the Kubernetes API and following best practices for scalability and reliability.
+-->
+## 结论
+
+一个设计良好的 Event 聚合系统可以显著提高集群的可观测性和故障排查能力。
+通过实现自定义的 Event 处理、关联和存储，操作员可以更好地理解集群行为并更有效地响应问题。
+
+这里介绍的解决方案可以根据具体需求进行扩展和定制，同时保持与
+Kubernetes API的兼容性，并遵循可扩展性和可靠性方面的最佳实践。
+
+<!--
+## Next steps
+
+Future enhancements could include:
+- Machine learning for anomaly detection
+- Integration with popular observability platforms
+- Custom event APIs for application-specific events
+- Enhanced visualization and reporting capabilities
+-->
+## 下一步
+
+未来的增强功能可能包括：
+- 用于异常检测的机器学习
+- 与流行的可观测性平台集成
+- 面向应用 Event 的自定义 Event API
+- 增强的可视化和报告能力
+
+<!--
+For more information on Kubernetes events and custom [controllers](/docs/concepts/architecture/controller/),
+refer to the official Kubernetes [documentation](/docs/).
+-->
+有关 Kubernetes Event 和自定义[控制器](/zh-cn/docs/concepts/architecture/controller/) 的更多信息，
+请参阅官方 Kubernetes [文档](/zh-cn/docs/)。
diff --git a/content/zh-cn/docs/concepts/cluster-administration/addons.md b/content/zh-cn/docs/concepts/cluster-administration/addons.md
index 7b847c214059e..5e8e4d78315bf 100644
--- a/content/zh-cn/docs/concepts/cluster-administration/addons.md
+++ b/content/zh-cn/docs/concepts/cluster-administration/addons.md
@@ -148,6 +148,9 @@ Add-on 扩展了 Kubernetes 的功能。
 * [Spiderpool](https://github.com/spidernet-io/spiderpool) is an underlay and RDMA
   networking solution for Kubernetes. Spiderpool is supported on bare metal, virtual machines,
   and public cloud environments.
+* [Terway](https://github.com/AliyunContainerService/terway/) is a suite of CNI plugins
+  based on AlibabaCloud's VPC and ECS network products. It provides native VPC networking
+  and network policies in AlibabaCloud environments.
 * [Weave Net](https://github.com/rajch/weave#using-weave-on-kubernetes)
   provides networking and network policy, will carry on working on both sides
   of a network partition, and does not require an external database.
@@ -161,6 +164,8 @@ Add-on 扩展了 Kubernetes 的功能。
   [NetworkPolicy](/zh-cn/docs/concepts/services-networking/network-policies/) API。
 * [Spiderpool](https://github.com/spidernet-io/spiderpool) 为 Kubernetes
   提供了下层网络和 RDMA 高速网络解决方案，兼容裸金属、虚拟机和公有云等运行环境。
+* [Terway](https://github.com/AliyunContainerService/terway/)
+  是一套基于阿里云 VPC 和 ECS 网络产品的 CNI 插件，能够在阿里云环境中提供原生的 VPC 网络和网络策略支持。
 * [Weave Net](https://github.com/rajch/weave#using-weave-on-kubernetes)
   提供在网络分组两端参与工作的联网和网络策略，并且不需要额外的数据库。
 
diff --git a/content/zh-cn/docs/concepts/policy/resource-quotas.md b/content/zh-cn/docs/concepts/policy/resource-quotas.md
index 1ef998fff8289..a61bdef692d08 100644
--- a/content/zh-cn/docs/concepts/policy/resource-quotas.md
+++ b/content/zh-cn/docs/concepts/policy/resource-quotas.md
@@ -38,7 +38,7 @@ API objects found in that namespace.
 -->
 资源配额，由 ResourceQuota 对象定义，
 提供了限制每个{{< glossary_tooltip text="命名空间" term_id="namespace" >}}的资源总消耗的约束。
-资源配额还可以限制在命名空间中可以创建的[对象数量](#quota-on-object-count)（按 API 类型计算），
+资源配额还可以限制在命名空间中可以创建的[对象数量](#object-count-quota)（按 API 类型计算），
 以及该命名空间中存在的 API
 对象可能消耗的{{< glossary_tooltip text="基础设施资源" term_id="infrastructure-resource" >}}的总量。
 
diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md b/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md
index 304eeb2a18d66..4096d16b110e5 100644
--- a/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md
+++ b/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md
@@ -3,7 +3,7 @@ title: 节点压力驱逐
 content_type: concept
 weight: 100
 ---
-<!-- 
+<!--
 title: Node-pressure Eviction
 content_type: concept
 weight: 100
@@ -14,6 +14,7 @@ weight: 100
 {{<note>}}
 {{< feature-state feature_gate_name="KubeletSeparateDiskGC" >}}
 <!--
+{{< feature-state feature_gate_name="KubeletSeparateDiskGC" >}}
 The _split image filesystem_ feature, which enables support for the `containerfs`
 filesystem, adds several new eviction signals, thresholds and metrics. To use
 `containerfs`, the Kubernetes release v{{< skew currentVersion >}} requires the
@@ -21,6 +22,7 @@ filesystem, adds several new eviction signals, thresholds and metrics. To use
 to be enabled. Currently, only CRI-O (v1.29 or higher) offers the `containerfs`
 filesystem support.
 -->
+{{< feature-state feature_gate_name="KubeletSeparateDiskGC" >}}
 **拆分镜像文件系统** 功能支持 `containerfs` 文件系统，并增加了几个新的驱逐信号、阈值和指标。
 要使用 `containerfs`，Kubernetes 版本 v{{< skew currentVersion >}} 需要启用 `KubeletSeparateDiskGC`
 [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。
@@ -45,8 +47,9 @@ Node-pressure eviction is not the same as
 当这些资源中的一个或者多个达到特定的消耗水平，
 kubelet 可以主动地使节点上一个或者多个 Pod 失效，以回收资源防止饥饿。
 
-在节点压力驱逐期间，kubelet 将所选 Pod 的[阶段](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase)
-设置为 `Failed` 并终止 Pod。
+在节点压力驱逐期间，kubelet 将所选 Pod
+的[阶段](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase)设置为
+`Failed` 并终止 Pod。
 
 节点压力驱逐不同于 [API 发起的驱逐](/zh-cn/docs/concepts/scheduling-eviction/api-eviction/)。
 
@@ -64,7 +67,7 @@ kubelet 并不理会你配置的 {{<glossary_tooltip term_id="pod-disruption-bud
 如果你使用了[硬驱逐条件](#hard-eviction-thresholds)，kubelet 使用 `0s`
 宽限期（立即关闭）来终止 Pod。
 
-<!-- 
+<!--
 ## Self healing behavior
 
 The kubelet attempts to [reclaim node-level resources](#reclaim-node-resources)
@@ -150,6 +153,18 @@ kubelet 使用驱逐信号，通过将信号与驱逐条件进行比较来做出
 
 kubelet 使用以下驱逐信号：
 
+<!--
+| Eviction Signal          | Description                                                                           | Linux Only |
+|--------------------------|---------------------------------------------------------------------------------------|------------|
+| `memory.available`       | `memory.available` := `node.status.capacity[memory]` - `node.stats.memory.workingSet` |            |
+| `nodefs.available`       | `nodefs.available` := `node.stats.fs.available`                                       |            |
+| `nodefs.inodesFree`      | `nodefs.inodesFree` := `node.stats.fs.inodesFree`                                     |      •     |
+| `imagefs.available`      | `imagefs.available` := `node.stats.runtime.imagefs.available`                         |            |
+| `imagefs.inodesFree`     | `imagefs.inodesFree` := `node.stats.runtime.imagefs.inodesFree`                       |      •     |
+| `containerfs.available`  | `containerfs.available` := `node.stats.runtime.containerfs.available`                 |            |
+| `containerfs.inodesFree` | `containerfs.inodesFree` := `node.stats.runtime.containerfs.inodesFree`               |      •     |
+| `pid.available`          | `pid.available` := `node.stats.rlimit.maxpid` - `node.stats.rlimit.curproc`           |      •     |
+-->
 | 驱逐信号                  | 描述                                                                                  | 仅限于 Linux |
 |--------------------------|---------------------------------------------------------------------------------------|------------|
 | `memory.available`       | `memory.available` := `node.status.capacity[memory]` - `node.stats.memory.workingSet` |            |
@@ -185,16 +200,15 @@ reproduces the same set of steps that the kubelet performs to calculate
 file-backed memory on inactive LRU list) from its calculation as it assumes that
 memory is reclaimable under pressure.
 -->
-
 #### 内存信号 {#memory-signals}
 
 在 Linux 节点上，`memory.available` 的值来自 cgroupfs，而不是像 `free -m` 这样的工具。
-这很重要，因为 `free -m` 在容器中不起作用，如果用户使用
-[节点可分配资源](/zh-cn/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable)
-这一功能特性，资源不足的判定是基于 cgroup 层次结构中的用户 Pod 所处的局部及 cgroup 根节点作出的。
+这很重要，因为 `free -m` 在容器中不起作用，
+如果用户使用[节点可分配资源](/zh-cn/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable)这一功能特性，
+资源不足的判定是基于 cgroup 层次结构中的用户 Pod 所处的局部及 cgroup 根节点作出的。
 这个[脚本](/zh-cn/examples/admin/resource/memory-available.sh)或者
-[cgroupv2 脚本](/zh-cn/examples/admin/resource/memory-available-cgroupv2.sh)
-重现了 kubelet 为计算 `memory.available` 而执行的相同步骤。
+[cgroupv2 脚本](/zh-cn/examples/admin/resource/memory-available-cgroupv2.sh)重现了
+kubelet 为计算 `memory.available` 而执行的相同步骤。
 kubelet 在其计算中排除了 inactive_file（非活动 LRU 列表上基于文件来虚拟的内存的字节数），
 因为它假定在压力下内存是可回收的。
 
@@ -205,7 +219,8 @@ system call) by subtracting the node's global [`CommitTotal`](https://learn.micr
 -->
 在 Windows 节点上，`memory.available` 的值来自节点的全局内存提交级别
 （通过 [`GetPerformanceInfo()`](https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-getperformanceinfo)系统调用查询），
-方法是从节点的 [`CommitLimit`](https://learn.microsoft.com/windows/win32/api/psapi/ns-psapi-performance_information)减去节点的全局
+方法是从节点的 [`CommitLimit`](https://learn.microsoft.com/windows/win32/api/psapi/ns-psapi-performance_information)
+减去节点的全局
 [`CommitTotal`](https://learn.microsoft.com/windows/win32/api/psapi/ns-psapi-performance_information)。
 请注意，如果节点的页面文件大小发生变化，`CommitLimit` 也会发生变化！
 
@@ -498,24 +513,25 @@ The kubelet maps eviction signals to node conditions as follows:
 | `MemoryPressure`  | `memory.available`                                                                    | Available memory on the node has satisfied an eviction threshold                           |
 | `DiskPressure`    | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, `imagefs.inodesFree`, `containerfs.available`, or `containerfs.inodesFree` | Available disk space and inodes on either the node's root filesystem, image filesystem, or container filesystem has satisfied an eviction threshold              |
 | `PIDPressure`     | `pid.available`                                                                       | Available processes identifiers on the (Linux) node has fallen below an eviction threshold |
+-->
+kubelet 根据下表将驱逐信号映射为节点状况：
 
+| 节点状况 | 驱逐信号 | 描述 |
+|---------|--------|------|
+| `MemoryPressure` | `memory.available` | 节点上的可用内存已满足驱逐条件 |
+| `DiskPressure`   | `nodefs.available`、`nodefs.inodesFree`、`imagefs.available`、`imagefs.inodesFree`、`containerfs.available` 或 `containerfs.inodesFree` | 节点的根文件系统、镜像文件系统或容器文件系统上的可用磁盘空间和 inode 已满足驱逐阈值 |
+| `PIDPressure`    | `pid.available` | （Linux）节点上的可用进程标识符已低于驱逐条件 |
+
+<!--
 The control plane also [maps](/docs/concepts/scheduling-eviction/taint-and-toleration/#taint-nodes-by-condition)
 these node conditions to taints.
 
 The kubelet updates the node conditions based on the configured
 `--node-status-update-frequency`, which defaults to `10s`.
 -->
-kubelet 根据下表将驱逐信号映射为节点状况：
-
-| 节点条件 | 驱逐信号 | 描述 |
-|---------|--------|------|
-| `MemoryPressure` | `memory.available` | 节点上的可用内存已满足驱逐条件 |
-| `DiskPressure`   | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, `imagefs.inodesFree`, `containerfs.available`, 或 `containerfs.inodesFree` | 节点的根文件系统、镜像文件系统或容器文件系统上的可用磁盘空间和 inode 已满足驱逐阈值 |
-| `PIDPressure`    | `pid.available` | (Linux) 节点上的可用进程标识符已低于驱逐条件 |
-
 控制平面还将这些节点状况[映射](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/#taint-nodes-by-condition)为其污点。
 
-kubelet 根据配置的 `--node-status-update-frequency` 更新节点条件，默认为 `10s`。
+kubelet 根据配置的 `--node-status-update-frequency` 更新节点状况，默认为 `10s`。
 
 <!--
 ### Node condition oscillation
@@ -531,10 +547,10 @@ condition to a different state. The transition period has a default value of `5m
 ### 节点状况波动   {#node-condition-oscillation}
 
 在某些情况下，节点在软驱逐条件上下振荡，而没有保持定义的宽限期。
-这会导致报告的节点条件在 `true` 和 `false` 之间不断切换，从而导致错误的驱逐决策。
+这会导致报告的节点状况在 `true` 和 `false` 之间不断切换，从而导致错误的驱逐决策。
 
 为了防止振荡，你可以使用 `eviction-pressure-transition-period` 标志，
-该标志控制 kubelet 在将节点条件转换为不同状态之前必须等待的时间。
+该标志控制 kubelet 在将节点状况转换为不同状态之前必须等待的时间。
 过渡期的默认值为 `5m`。
 
 <!--
@@ -600,12 +616,12 @@ reclaim resources as follows:
 - If the `imagefs` filesystem meets the eviction thresholds, the kubelet
   deletes all unused images.
 -->
-#### 使用 `imagefs` 和 `containerfs` {#with-imagefs-and-containerfs}
+#### 有 `imagefs` 和 `containerfs` {#with-imagefs-and-containerfs}
 
 如果节点除了 `imagefs` 文件系统之外还配置了专用的 `containerfs` 以供容器运行时使用，
 则 kubelet 将尝试按如下方式回收资源：
 
-- 如果 `containerfs` 文件系统满足驱逐阈值，则 kubelet 将垃圾收集死机的 pod 和容器。
+- 如果 `containerfs` 文件系统满足驱逐阈值，则 kubelet 将垃圾收集死机的 Pod 和容器。
 
 - 如果 `imagefs` 文件系统满足驱逐阈值，则 kubelet 将删除所有未使用的镜像。
 
@@ -648,7 +664,7 @@ As a result, kubelet ranks and evicts pods in the following order:
 1. 资源使用量少于请求量的 `Guaranteed` Pod 和 `Burstable` Pod 根据其优先级被最后驱逐。
 
 {{<note>}}
-<!-- 
+<!--
 The kubelet does not use the pod's [QoS class](/docs/concepts/workloads/pods/pod-qos/) to determine the eviction order.
 You can use the QoS class to estimate the most likely pod eviction order when
 reclaiming resources like memory. QoS classification does not apply to EphemeralStorage requests,
@@ -740,30 +756,30 @@ kubelet 根据节点是否具有专用的 `imagefs` 文件系统 或者 `contain
 - 如果 `containerfs` 触发驱逐，kubelet 将根据
   `containerfs` 使用情况（`本地卷 + 日志和所有容器的可写层`）对 Pod 进行排序。
 
-- 如果 `imagefs` 触发驱逐，kubelet 将根据
-  `镜像存储` 用量对 Pod 进行排序，该用量表示给定镜像的磁盘使用情况。
+- 如果 `imagefs` 触发驱逐，kubelet
+  将根据`镜像存储`用量对 Pod 进行排序，该用量表示给定镜像的磁盘使用情况。
 
 <!--
 ### Minimum eviction reclaim
+-->
+### 最小驱逐回收 {#minimum-eviction-reclaim}
 
 {{<note>}}
+<!--
 As of Kubernetes v{{< skew currentVersion >}}, you cannot set a custom value
 for the `containerfs.available` metric. The configuration for this specific
 metric will be set automatically to reflect values set for either the `nodefs`
 or `imagefs`, depending on the configuration.
+-->
+在 Kubernetes v{{< skew currentVersion >}} 中，你无法为 `containerfs.available` 指标设置自定义值。
+此特定指标的配置将自动设置为反映为 `nodefs` 或 `imagefs` 设置的值，具体取决于配置。
 {{</note>}}
 
+<!--
 In some cases, pod eviction only reclaims a small amount of the starved resource.
 This can lead to the kubelet repeatedly hitting the configured eviction thresholds
 and triggering multiple evictions.
 -->
-### 最小驱逐回收 {#minimum-eviction-reclaim}
-
-{{<note>}}
-在 Kubernetes v{{< skew currentVersion >}} 中，你无法为 `containerfs.available` 指标设置自定义值。
-此特定指标的配置将自动设置为反映为 `nodefs` 或 `imagefs` 设置的值，具体取决于配置。
-{{</note>}}
-
 在某些情况下，驱逐 Pod 只会回收少量的紧俏资源。
 这可能导致 kubelet 反复达到配置的驱逐条件并触发多次驱逐。
 
@@ -776,8 +792,7 @@ reclaims the quantity you specify.
 For example, the following configuration sets minimum reclaim amounts:
 -->
 你可以使用 `--eviction-minimum-reclaim` 标志或
-[kubelet 配置文件](/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/)
-为每个资源配置最小回收量。
+[kubelet 配置文件](/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/)为每个资源配置最小回收量。
 当 kubelet 注意到某个资源耗尽时，它会继续回收该资源，直到回收到你所指定的数量为止。
 
 例如，以下配置设置最小回收量：
@@ -833,6 +848,13 @@ The kubelet sets an `oom_score_adj` value for each container based on the QoS fo
 
 kubelet 根据 Pod 的服务质量（QoS）为每个容器设置一个 `oom_score_adj` 值。
 
+<!--
+| Quality of Service | `oom_score_adj`                                                                   |
+|--------------------|-----------------------------------------------------------------------------------|
+| `Guaranteed`       | -997                                                                              |
+| `BestEffort`       | 1000                                                                              |
+| `Burstable`        | _min(max(2, 1000 - (1000 × memoryRequestBytes) / machineMemoryCapacityBytes), 999)_ |
+-->
 | 服务质量            | `oom_score_adj`                                                                        |
 |--------------------|---------------------------------------------------------------------------------------|
 | `Guaranteed`       | -997                                                                                  |
@@ -840,13 +862,13 @@ kubelet 根据 Pod 的服务质量（QoS）为每个容器设置一个 `oom_scor
 | `Burstable`        | **min(max(2, 1000 - (1000 * memoryRequestBytes) / machineMemoryCapacityBytes), 999)** |
 
 {{<note>}}
-<!-- 
+<!--
 The kubelet also sets an `oom_score_adj` value of `-997` for any containers in Pods that have
 `system-node-critical` {{<glossary_tooltip text="Priority" term_id="pod-priority">}}.
 -->
 kubelet 还将具有 `system-node-critical`
-{{<glossary_tooltip text="优先级" term_id="pod-priority">}}
-的任何 Pod 中的容器 `oom_score_adj` 值设为 `-997`。
+{{<glossary_tooltip text="优先级" term_id="pod-priority">}}的任何
+Pod 中的容器 `oom_score_adj` 值设为 `-997`。
 {{</note>}}
 
 <!--
@@ -869,7 +891,7 @@ based on its `restartPolicy`.
 这意味着低 QoS Pod 中相对于其调度请求消耗内存较多的容器，将首先被杀死。
 
 与 Pod 驱逐不同，如果容器被 OOM 杀死，
-`kubelet` 可以根据其 `restartPolicy` 重新启动它。
+kubelet 可以根据其 `restartPolicy` 重新启动它。
 
 <!--
 ## Good practices {#node-pressure-eviction-good-practices}
@@ -944,8 +966,7 @@ Pod 优先级是做出驱逐决定的主要因素。
 如果你不希望 kubelet 驱逐属于 DaemonSet 的 Pod，
 请在 Pod 规约中通过指定合适的 `priorityClassName` 为这些 Pod
 提供足够高的 `priorityClass`。
-你还可以使用较低优先级或默认优先级，以便
-仅在有足够资源时才运行 `DaemonSet` Pod。
+你还可以使用较低优先级或默认优先级，以便仅在有足够资源时才运行 `DaemonSet` Pod。
 
 <!--
 ## Known issues
@@ -1013,7 +1034,8 @@ You can work around that behavior by setting the memory limit and memory request
 the same for containers likely to perform intensive I/O activity. You will need
 to estimate or measure an optimal memory limit value for that container.
 -->
-更多细节请参见 [https://github.com/kubernetes/kubernetes/issues/43916](https://github.com/kubernetes/kubernetes/issues/43916)。
+更多细节请参见
+[https://github.com/kubernetes/kubernetes/issues/43916](https://github.com/kubernetes/kubernetes/issues/43916)。
 
 你可以通过为可能执行 I/O 密集型活动的容器设置相同的内存限制和内存请求来应对该行为。
 你将需要估计或测量该容器的最佳内存限制值。
diff --git a/content/zh-cn/docs/concepts/storage/volumes.md b/content/zh-cn/docs/concepts/storage/volumes.md
index 128f933b5c95e..41a0eeed696e1 100644
--- a/content/zh-cn/docs/concepts/storage/volumes.md
+++ b/content/zh-cn/docs/concepts/storage/volumes.md
@@ -1703,7 +1703,7 @@ spec:
 <!--
 ## Resources
 
-The storage media (such as Disk or SSD) of an `emptyDir` volume is determined by the
+The storage medium (such as Disk or SSD) of an `emptyDir` volume is determined by the
 medium of the filesystem holding the kubelet root dir (typically
 `/var/lib/kubelet`). There is no limit on how much space an `emptyDir` or
 `hostPath` volume can consume, and no isolation between containers or
diff --git a/content/zh-cn/docs/reference/labels-annotations-taints/_index.md b/content/zh-cn/docs/reference/labels-annotations-taints/_index.md
index abae14f301b80..c48442669b324 100644
--- a/content/zh-cn/docs/reference/labels-annotations-taints/_index.md
+++ b/content/zh-cn/docs/reference/labels-annotations-taints/_index.md
@@ -3612,11 +3612,11 @@ This allows the Pods on the out-of-service node to recover quickly on a differen
 
 {{< caution >}}
 <!--
-Refer to [Non-graceful node shutdown](/docs/concepts/architecture/nodes/#non-graceful-node-shutdown)
+Refer to [Non-graceful node shutdown](/docs/concepts/cluster-administration/node-shutdown/#non-graceful-node-shutdown)
 for further details about when and how to use this taint.
 -->
 有关何时以及如何使用此污点的更多详细信息，
-请参阅[非正常节点关闭](/zh-cn/docs/concepts/architecture/nodes/#non-graceful-node-shutdown)。
+请参阅[非正常节点关闭](/zh-cn/docs/concepts/cluster-administration/node-shutdown/#non-graceful-node-shutdown)。
 {{< /caution >}}
 
 <!--
diff --git a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_config/kubeadm_config_images_pull.md b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_config/kubeadm_config_images_pull.md
index d07115a0fecf7..0f0b683d04457 100644
--- a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_config/kubeadm_config_images_pull.md
+++ b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_config/kubeadm_config_images_pull.md
@@ -65,18 +65,18 @@ Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this
 <p>
 <!--
 A set of key=value pairs that describe feature gates for various features. Options are:<br/>
-ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)<br/>
-EtcdLearnerMode=true|false (BETA - default=true)<br/>
+ControlPlaneKubeletLocalMode=true|false (BETA - default=true)<br/>
+NodeLocalCRISocket=true|false (ALPHA - default=false)<br/>
 PublicKeysECDSA=true|false (DEPRECATED - default=false)<br/>
 RootlessControlPlane=true|false (ALPHA - default=false)<br/>
-WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)
+WaitForAllControlPlaneComponents=true|false (BETA - default=true)
 -->
 一系列键值对（key=value），用于描述各种特性。可选项是：<br/>
-ControlPlaneKubeletLocalMode=true|false (ALPHA - 默认值=false)<br/>
-EtcdLearnerMode=true|false (BETA - 默认值=true)<br/>
+ControlPlaneKubeletLocalMode=true|false (BETA - 默认值=true)<br/>
+NodeLocalCRISocket=true|false (ALPHA - 默认值=false)<br/>
 PublicKeysECDSA=true|false (DEPRECATED - 默认值=false)<br/>
 RootlessControlPlane=true|false (ALPHA - 默认值=false)<br/>
-WaitForAllControlPlaneComponents=true|false (ALPHA - 默认值=false)
+WaitForAllControlPlaneComponents=true|false (BETA - 默认值=true)
 </p>
 </td>
 </tr>
diff --git a/content/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md b/content/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md
index 42bed9e5b64ee..f141862e327eb 100644
--- a/content/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md
+++ b/content/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase.md
@@ -15,7 +15,7 @@ of a control plane node.
 使用 `kubeadm upgrade apply` 的各个阶段，
 你可以选择执行控制平面节点初始升级的单独步骤。
 
-{{< tabs name="tab-phase" >}}
+{{< tabs name="tab-apply-phase" >}}
 {{< tab name="phase" include="generated/kubeadm_upgrade/kubeadm_upgrade_apply_phase.md" />}}
 {{< tab name="preflight" include="generated/kubeadm_upgrade/kubeadm_upgrade_apply_phase_preflight.md" />}}
 {{< tab name="control-plane" include="generated/kubeadm_upgrade/kubeadm_upgrade_apply_phase_control-plane.md" />}}
@@ -37,7 +37,7 @@ secondary control-plane or worker nodes.
 -->
 使用 `kubeadm upgrade node` 的各个阶段，你可以选择执行次要控制平面节点或工作节点升级的单独步骤。
 
-{{< tabs name="tab-phase" >}}
+{{< tabs name="tab-apply-phase" >}}
 {{< tab name="phase" include="generated/kubeadm_upgrade/kubeadm_upgrade_node_phase.md" />}}
 {{< tab name="preflight" include="generated/kubeadm_upgrade/kubeadm_upgrade_node_phase_preflight.md" />}}
 {{< tab name="control-plane" include="generated/kubeadm_upgrade/kubeadm_upgrade_node_phase_control-plane.md" />}}
diff --git a/content/zh-cn/docs/tutorials/services/connect-applications-service.md b/content/zh-cn/docs/tutorials/services/connect-applications-service.md
index 773ae3677b7b6..c38642eaf50d7 100644
--- a/content/zh-cn/docs/tutorials/services/connect-applications-service.md
+++ b/content/zh-cn/docs/tutorials/services/connect-applications-service.md
@@ -553,8 +553,9 @@ metadata:
   namespace: "default"
 type: kubernetes.io/tls
 data:
-  tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ1l4RVRBUEJnTlYKQkFNVENHNW5hVzU0YzNaak1SRXdEd1lEVlFRS0V3aHVaMmx1ZUhOMll6QWVGdzB4TnpFd01qWXdOekEzTVRKYQpGdzB4T0RFd01qWXdOekEzTVRKYU1DWXhFVEFQQmdOVkJBTVRDRzVuYVc1NGMzWmpNUkV3RHdZRFZRUUtFd2h1CloybHVlSE4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjFxSU1SOVdWM0IKMlZIQlRMRmtobDRONXljMEJxYUhIQktMSnJMcy8vdzZhU3hRS29GbHlJSU94NGUrMlN5ajBFcndCLzlYTnBwbQppeW1CL3JkRldkOXg5UWhBQUxCZkVaTmNiV3NsTVFVcnhBZW50VWt1dk1vLzgvMHRpbGhjc3paenJEYVJ4NEo5Ci82UVRtVVI3a0ZTWUpOWTVQZkR3cGc3dlVvaDZmZ1Voam92VG42eHNVR0M2QURVODBpNXFlZWhNeVI1N2lmU2YKNHZpaXdIY3hnL3lZR1JBRS9mRTRqakxCdmdONjc2SU90S01rZXV3R0ljNDFhd05tNnNTSzRqYUNGeGpYSnZaZQp2by9kTlEybHhHWCtKT2l3SEhXbXNhdGp4WTRaNVk3R1ZoK0QrWnYvcW1mMFgvbVY0Rmo1NzV3ajFMWVBocWtsCmdhSXZYRyt4U1FVQ0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjcKTUI4R0ExVWRJd1FZTUJhQUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjdNQXdHQTFVZEV3UUZNQU1CQWY4dwpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRVhTMW9FU0lFaXdyMDhWcVA0K2NwTHI3TW5FMTducDBvMm14alFvCjRGb0RvRjdRZnZqeE04Tzd2TjB0clcxb2pGSW0vWDE4ZnZaL3k4ZzVaWG40Vm8zc3hKVmRBcStNZC9jTStzUGEKNmJjTkNUekZqeFpUV0UrKzE5NS9zb2dmOUZ3VDVDK3U2Q3B5N0M3MTZvUXRUakViV05VdEt4cXI0Nk1OZWNCMApwRFhWZmdWQTRadkR4NFo3S2RiZDY5eXM3OVFHYmg5ZW1PZ05NZFlsSUswSGt0ejF5WU4vbVpmK3FqTkJqbWZjCkNnMnlwbGQ0Wi8rUUNQZjl3SkoybFIrY2FnT0R4elBWcGxNSEcybzgvTHFDdnh6elZPUDUxeXdLZEtxaUMwSVEKQ0I5T2wwWW5scE9UNEh1b2hSUzBPOStlMm9KdFZsNUIyczRpbDlhZ3RTVXFxUlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
-  tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2RhaURFZlZsZHdkbFIKd1V5eFpJWmVEZWNuTkFhbWh4d1NpeWF5N1AvOE9ta3NVQ3FCWmNpQ0RzZUh2dGtzbzlCSzhBZi9WemFhWm9zcApnZjYzUlZuZmNmVUlRQUN3WHhHVFhHMXJKVEVGSzhRSHA3VkpMcnpLUC9QOUxZcFlYTE0yYzZ3MmtjZUNmZitrCkU1bEVlNUJVbUNUV09UM3c4S1lPNzFLSWVuNEZJWTZMMDUrc2JGQmd1Z0ExUE5JdWFubm9UTWtlZTRuMG4rTDQKb3NCM01ZUDhtQmtRQlAzeE9JNHl3YjREZXUraURyU2pKSHJzQmlIT05Xc0RadXJFaXVJMmdoY1kxeWIyWHI2UAozVFVOcGNSbC9pVG9zQngxcHJHclk4V09HZVdPeGxZZmcvbWIvNnBuOUYvNWxlQlkrZStjSTlTMkQ0YXBKWUdpCkwxeHZzVWtGQWdNQkFBRUNnZ0VBZFhCK0xkbk8ySElOTGo5bWRsb25IUGlHWWVzZ294RGQwci9hQ1Zkank4dlEKTjIwL3FQWkUxek1yall6Ry9kVGhTMmMwc0QxaTBXSjdwR1lGb0xtdXlWTjltY0FXUTM5SjM0VHZaU2FFSWZWNgo5TE1jUHhNTmFsNjRLMFRVbUFQZytGam9QSFlhUUxLOERLOUtnNXNrSE5pOWNzMlY5ckd6VWlVZWtBL0RBUlBTClI3L2ZjUFBacDRuRWVBZmI3WTk1R1llb1p5V21SU3VKdlNyblBESGtUdW1vVlVWdkxMRHRzaG9reUxiTWVtN3oKMmJzVmpwSW1GTHJqbGtmQXlpNHg0WjJrV3YyMFRrdWtsZU1jaVlMbjk4QWxiRi9DSmRLM3QraTRoMTVlR2ZQegpoTnh3bk9QdlVTaDR2Q0o3c2Q5TmtEUGJvS2JneVVHOXBYamZhRGR2UVFLQmdRRFFLM01nUkhkQ1pKNVFqZWFKClFGdXF4cHdnNzhZTjQyL1NwenlUYmtGcVFoQWtyczJxWGx1MDZBRzhrZzIzQkswaHkzaE9zSGgxcXRVK3NHZVAKOWRERHBsUWV0ODZsY2FlR3hoc0V0L1R6cEdtNGFKSm5oNzVVaTVGZk9QTDhPTm1FZ3MxMVRhUldhNzZxelRyMgphRlpjQ2pWV1g0YnRSTHVwSkgrMjZnY0FhUUtCZ1FEQmxVSUUzTnNVOFBBZEYvL25sQVB5VWs1T3lDdWc3dmVyClUycXlrdXFzYnBkSi9hODViT1JhM05IVmpVM25uRGpHVHBWaE9JeXg5TEFrc2RwZEFjVmxvcG9HODhXYk9lMTAKMUdqbnkySmdDK3JVWUZiRGtpUGx1K09IYnRnOXFYcGJMSHBzUVpsMGhucDBYSFNYVm9CMUliQndnMGEyOFVadApCbFBtWmc2d1BRS0JnRHVIUVV2SDZHYTNDVUsxNFdmOFhIcFFnMU16M2VvWTBPQm5iSDRvZUZKZmcraEppSXlnCm9RN3hqWldVR3BIc3AyblRtcHErQWlSNzdyRVhsdlhtOElVU2FsbkNiRGlKY01Pc29RdFBZNS9NczJMRm5LQTQKaENmL0pWb2FtZm1nZEN0ZGtFMXNINE9MR2lJVHdEbTRpb0dWZGIwMllnbzFyb2htNUpLMUI3MkpBb0dBUW01UQpHNDhXOTVhL0w1eSt5dCsyZ3YvUHM2VnBvMjZlTzRNQ3lJazJVem9ZWE9IYnNkODJkaC8xT2sybGdHZlI2K3VuCnc1YytZUXRSTHlhQmd3MUtpbGhFZDBKTWU3cGpUSVpnQWJ0LzVPbnlDak9OVXN2aDJjS2lrQ1Z2dTZsZlBjNkQKckliT2ZIaHhxV0RZK2Q1TGN1YSt2NzJ0RkxhenJsSlBsRzlOZHhrQ2dZRUF5elIzT3UyMDNRVVV6bUlCRkwzZAp4Wm5XZ0JLSEo3TnNxcGFWb2RjL0d5aGVycjFDZzE2MmJaSjJDV2RsZkI0VEdtUjZZdmxTZEFOOFRwUWhFbUtKCnFBLzVzdHdxNWd0WGVLOVJmMWxXK29xNThRNTBxMmk1NVdUTThoSDZhTjlaMTltZ0FGdE5VdGNqQUx2dFYxdEYKWSs4WFJkSHJaRnBIWll2NWkwVW1VbGc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
+  # 注意：将以下值替换为你自己 base64 编码后的证书和密钥。
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
 ```
 
 <!--
diff --git a/content/zh-cn/examples/secret/tls-auth-secret.yaml b/content/zh-cn/examples/secret/tls-auth-secret.yaml
index d5e38ba7866d0..7bdb4fadcd108 100644
--- a/content/zh-cn/examples/secret/tls-auth-secret.yaml
+++ b/content/zh-cn/examples/secret/tls-auth-secret.yaml
@@ -5,23 +5,6 @@ metadata:
 type: kubernetes.io/tls
 data:
   # 值为 base64 编码，这样会掩盖它们，但不会提供任何有用的机密性级别
-  tls.crt: |
-    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVakNDQWJzQ0FnMytNQTBHQ1NxR1NJYjNE
-    UUVCQlFVQU1JR2JNUXN3Q1FZRFZRUUdFd0pLVURFT01Bd0cKQTFVRUNCTUZWRzlyZVc4eEVEQU9C
-    Z05WQkFjVEIwTm9kVzh0YTNVeEVUQVBCZ05WQkFvVENFWnlZVzVyTkVSRQpNUmd3RmdZRFZRUUxF
-    dzlYWldKRFpYSjBJRk4xY0hCdmNuUXhHREFXQmdOVkJBTVREMFp5WVc1ck5FUkVJRmRsCllpQkRR
-    VEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVjM1Z3Y0c5eWRFQm1jbUZ1YXpSa1pDNWpiMjB3SGhjTk1U
-    TXcKTVRFeE1EUTFNVE01V2hjTk1UZ3dNVEV3TURRMU1UTTVXakJMTVFzd0NRWURWUVFHREFKS1VE
-    RVBNQTBHQTFVRQpDQXdHWEZSdmEzbHZNUkV3RHdZRFZRUUtEQWhHY21GdWF6UkVSREVZTUJZR0Ex
-    VUVBd3dQZDNkM0xtVjRZVzF3CmJHVXVZMjl0TUlHYU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHSUFE
-    Q0JoQUo5WThFaUhmeHhNL25PbjJTbkkxWHgKRHdPdEJEVDFKRjBReTliMVlKanV2YjdjaTEwZjVN
-    Vm1UQllqMUZTVWZNOU1vejJDVVFZdW4yRFljV29IcFA4ZQpqSG1BUFVrNVd5cDJRN1ArMjh1bklI
-    QkphVGZlQ09PekZSUFY2MEdTWWUzNmFScG04L3dVVm16eGFLOGtCOWVaCmhPN3F1TjdtSWQxL2pW
-    cTNKODhDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQU1meTQzeE15OHh3QTUKVjF2T2NS
-    OEtyNWNaSXdtbFhCUU8xeFEzazlxSGtyNFlUY1JxTVQ5WjVKTm1rWHYxK2VSaGcwTi9WMW5NUTRZ
-    RgpnWXcxbnlESnBnOTduZUV4VzQyeXVlMFlHSDYyV1hYUUhyOVNVREgrRlowVnQvRGZsdklVTWRj
-    UUFEZjM4aU9zCjlQbG1kb3YrcE0vNCs5a1h5aDhSUEkzZXZ6OS9NQT09Ci0tLS0tRU5EIENFUlRJ
-    RklDQVRFLS0tLS0K
-  # 在这个例子中，密钥数据不是真正的 PEM 编码的私钥
-  tls.key: |
-    RXhhbXBsZSBkYXRhIGZvciB0aGUgVExTIGNydCBmaWVsZA==
\ No newline at end of file
+  # 注意：将以下值替换为你自己的base64编码的证书和密钥。
+  tls.crt: "REPLACE_WITH_BASE64_CERT" 
+  tls.key: "REPLACE_WITH_BASE64_KEY"
\ No newline at end of file
diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index f32ce463d5a01..b8c7859f78108 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -23,10 +23,8 @@ <h1>{{ block "hero-title" . }}{{ .Params.bigheader | default .Title }}{{ end }}<
 				{{ block "hero-more" . }}{{ end }}
 			</div>
 		</section>
-		{{ block "post-hero" . }}
-    </header>
     {{ end }}
-		{{ end }}
+    </header>
     <div class="td-outer">
       <main role="main" class="td-main" {{ if (or (ne .FirstSection "case-studies") (not .IsSection) ) }}data-pagefind-body{{ end }}>
         {{ block "deprecation_warning" . }}
diff --git a/layouts/blog/baseof.html b/layouts/blog/baseof.html
index e18e45acb338c..5dce9a415d58a 100644
--- a/layouts/blog/baseof.html
+++ b/layouts/blog/baseof.html
@@ -20,7 +20,6 @@
           {{ end }}
         {{ if .IsSection }}</h1>{{ else }}</h2>{{ end }}
       </section>
-         {{ block "hero-more" . }}{{ end }}
       {{ end }}
     </header>
     <div class="container-fluid td-outer">
diff --git a/layouts/docs/baseof.html b/layouts/docs/baseof.html
index 093296e471bd3..f44b951be623c 100644
--- a/layouts/docs/baseof.html
+++ b/layouts/docs/baseof.html
@@ -11,7 +11,6 @@
       {{ block "hero" . }}
         <section class="header-hero filler">
         </section>
-         {{ block "hero-more" . }}{{ end }}
       {{ end }}
     </header>
     <div class="container-fluid td-outer">
diff --git a/layouts/docs/single.html b/layouts/docs/single.html
index 6db1b9a0de70e..8a7e19e9b6121 100644
--- a/layouts/docs/single.html
+++ b/layouts/docs/single.html
@@ -10,10 +10,3 @@
     {{ partial "docs/api-reference-links" . }}
     </div>
 {{ end }}
-{{ define "hero-more" }}
-{{ if .IsHome }}
-{{ with site.GetPage "section" "docs/tutorials/kubernetes-basics" }}
-<a href="{{ .RelPermalink }}" id="quickstartButton" class="button">{{ .LinkTitle }}</a>
-{{ end }}
-{{ end }}
-{{ end }}
\ No newline at end of file
diff --git a/scripts/lsync.sh b/scripts/lsync.sh
index 32c29ac417c20..7fd9a839ba73f 100755
--- a/scripts/lsync.sh
+++ b/scripts/lsync.sh
@@ -19,20 +19,20 @@ fi
 
 if [ -d "$1" ] ; then
   SYNCED=1
-  for f in `find $1 -name "*.md"` ; do
-    EN_VERSION=`echo $f | sed "s/content\/.\{2,5\}\//content\/en\//g"`
-    if [ ! -e $EN_VERSION ]; then
+  while IFS= read -r -d '' f; do
+    EN_VERSION=$(echo "$f" | sed "s/content\/.\{2,5\}\//content\/en\//g")
+    if [ ! -e "$EN_VERSION" ]; then
       echo -e "**removed**\t$EN_VERSION"
       SYNCED=0
       continue
     fi
 
-    LASTCOMMIT=`git log -n 1 --pretty=format:%h -- $f`
-    git diff --exit-code --numstat $LASTCOMMIT...HEAD $EN_VERSION
-    if [ $? -ne 0 ] ; then
+    LASTCOMMIT=$(git log -n 1 --pretty=format:%h -- "$f")
+    if ! git diff --exit-code --numstat "$LASTCOMMIT...HEAD" -- "$EN_VERSION"; then
       SYNCED=0
     fi
-  done
+  done < <(find "$1" -name "*.md" -print0)
+
   if [ $SYNCED -eq 1 ]; then
     echo "$1 is still in sync"
     exit 0
@@ -43,18 +43,18 @@ fi
 LOCALIZED="$1"
 
 # Try get the English version
-EN_VERSION=`echo $LOCALIZED | sed "s/content\/.\{2,5\}\//content\/en\//g"`
-if [ ! -e $EN_VERSION ]; then
+EN_VERSION=$(echo "$LOCALIZED" | sed "s/content\/.\{2,5\}\//content\/en\//g")
+if [ ! -e "$EN_VERSION" ]; then
   echo "$EN_VERSION has been removed."
   exit 3
 fi
 
 # Last commit for the localized path
-LASTCOMMIT=`git log -n 1 --pretty=format:%h -- $LOCALIZED`
+LASTCOMMIT=$(git log -n 1 --pretty=format:%h -- "$LOCALIZED")
 
-git diff --exit-code $LASTCOMMIT...HEAD $EN_VERSION
+diff_output=$(git diff --quiet "$LASTCOMMIT...HEAD" -- "$EN_VERSION" || echo "changed")
 
-if [ "$?" -eq 0 ]; then
+if [ -z "$diff_output" ]; then
   echo "$LOCALIZED is still in sync"
   exit 0
 fi