[zh] Add four feature gates

windsonsea · windsonsea · commit d32a130d6108 · 2025-05-06T14:26:04.000+08:00
diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidation.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidation.md
@@ -0,0 +1,30 @@
+---
+title: DeclarativeValidation
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: beta
+    defaultValue: true
+    fromVersion: "1.33"
+---
+
+<!--
+Enables declarative validation of in-tree Kubernetes APIs. When enabled, APIs with declarative validation rules
+(defined using IDL tags in the Go code) will have both the generated declarative validation code and the original
+hand-written validation code executed.  The results are compared, and any discrepancies are reported via the
+`declarative_validation_mismatch_total` metric.  Only the hand-written validation result is returned to the user
+(eg: actually validates in the request path).  The original hand-written validation are still the authoritative
+validations when this is enabled but this can be changed if the
+[DeclarativeValidationTakeover feature gate](/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidationTakeover.md)
+is enabled in addition to this gate.  This feature gate only operates on the kube-apiserver.
+-->
+启用 树内 Kubernetes API 的声明式验证。启用后，具有声明式验证规则（使用 Go 代码中的 IDL 标签定义）的
+API 将同时执行生成的声明式验证代码和原始的手动验证代码。两者的结果将进行比较，任何不一致都会通过
+`declarative_validation_mismatch_total` 指标进行报告。
+返回给用户的仅是手动验证的结果（例如：实际在请求路径中进行验证）。
+在启用此特性门控时，原始的手动验证仍然是权威的验证方式，但如果同时启用了
+[DeclarativeValidationTakeover 特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidationTakeover)，
+将发生变化。此特性门控仅作用于 kube-apiserver。
diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidationTakeover.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidationTakeover.md
@@ -0,0 +1,35 @@
+---
+title: DeclarativeValidationTakeover
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: beta
+    defaultValue: false
+    fromVersion: "1.33"
+---
+
+<!--
+When enabled, along with the
+[DeclarativeValidation](/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidation.md)
+feature gate, declarative validation errors are returned directly to the caller, replacing hand-written validation
+errors for rules that have declarative implementations. When disabled (and `DeclarativeValidation` is enabled),
+hand-written validation errors are always returned, effectively putting declarative validation in a
+__mismatch validation mode__ that monitors but does not affect API responses.
+This __mismatch validation mode__  allows for the monitoring of the `declarative_validation_mismatch_total`
+and `declarative_validation_panic_total` metrics which are implementation details for a safer rollout,
+average user shouldn't need to interact with it directly. This feature gate only operates on the kube-apiserver.
+Note: Although declarative validation aims for functional equivalence with hand-written validation,
+the exact description of error messages may differ between the two approaches.
+-->
+启用此特性门控后，若同时启用了
+[DeclarativeValidation](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeclarativeValidation)
+特性门控，具有声明式实现的验证规则将直接返回声明式验证错误，替代手动验证错误。
+若此特性门控被禁用（但启用了 `DeclarativeValidation`），则始终返回手动验证错误，
+这实际上将声明式验证置于一种**不匹配验证模式（mismatch validation mode）**，此模式仅用于监控，不影响 API 响应。
+这种**不匹配验证模式**允许监控 `declarative_validation_mismatch_total` 和 `declarative_validation_panic_total`
+指标，这是为了实现更安全的特性上线所做的实现细节，普通用户通常无需直接与之交互。此特性门控仅作用于 kube-apiserver。
+
+注意：尽管声明式验证旨在实现与手动验证等价的功能，但两者返回的错误消息的确切描述在细节上可能有所不同。
diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeploymentReplicaSetTerminatingReplicas.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/DeploymentReplicaSetTerminatingReplicas.md
@@ -0,0 +1,18 @@
+---
+title: DeploymentReplicaSetTerminatingReplicas
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: alpha
+    defaultValue: false
+    fromVersion: "1.33"
+---
+
+<!--
+Enables a new status field `.status.terminatingReplicas` in Deployments and ReplicaSets to allow tracking of terminating pods.
+-->
+在 Deployment 和 ReplicaSet 中启用新的状态字段 `.status.terminatingReplicas`，
+允许跟踪正在终止的 Pod。
diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/KubeletEnsureSecretPulledImages.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/KubeletEnsureSecretPulledImages.md
@@ -0,0 +1,20 @@
+---
+title: KubeletEnsureSecretPulledImages
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: alpha
+    defaultValue: false
+    fromVersion: "1.33"
+---
+
+<!--
+Ensure that pods requesting an image are authorized to access the image
+with the provided credentials when the image is already present on the node.
+See [Ensure Image Pull Credential Verification](/docs/concepts/containers/images#ensureimagepullcredentialverification).
+-->
+确保请求某镜像的 Pod 在节点上已有此镜像的情况下，能够使用所提供的凭据授权访问此镜像。  
+参见[确保镜像拉取凭据验证](/zh-cn/docs/concepts/containers/images#ensureimagepullcredentialverification)。
