[zh-cn]sync token-request-v1

my-git9 · my-git9 · commit c40dcf2dab3a · 2026-04-29T10:47:41.000+08:00
Signed-off-by: xin.li &lt;xin.li@daocloud.io&gt;
diff --git a/content/zh-cn/docs/reference/kubernetes-api/authentication-resources/self-subject-review-v1.md b/content/zh-cn/docs/reference/kubernetes-api/authentication-resources/self-subject-review-v1.md
@@ -42,17 +42,19 @@ SelfSubjectReview 包含 kube-apiserver 所拥有的与发出此请求的用户
 - **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
 
   <!--
-  Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+  metadata is standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
   -->
-  标准的对象元数据。更多信息：
+  
+  `metadata` 是标准的对象元数据。更多信息：
   https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 - **status** (<a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReviewStatus" >}}">SelfSubjectReviewStatus</a>)
 
   <!--
-  Status is filled in by the server with the user attributes.
+  status is filled in by the server with the user attributes.
   -->
-  status 由服务器以用户属性进行填充。
+  
+  `status` 由服务器以用户属性进行填充。
 
 ## SelfSubjectReviewStatus {#SelfSubjectReviewStatus}
 
@@ -66,51 +68,53 @@ SelfSubjectReviewStatus 由 kube-apiserver 进行填充并发送回用户。
 - **userInfo** (UserInfo)
 
   <!--
-  User attributes of the user making this request.
+  userInfo is a set of attributes belonging to the user making this request.
   -->
-  发出此请求的用户的用户属性。
+  
+  `userInfo` 是属于发出此请求的用户的一组属性。
 
   <a name="UserInfo"></a>
   <!--
   *UserInfo holds the information about the user needed to implement the user.Info interface.*
   -->
+  
   **userInfo 包含实现 user.Info 接口所需的用户相关信息。**
 
   - **userInfo.extra** (map[string][]string)
 
     <!--
-    Any additional information provided by the authenticator.
+    extra is any additional information provided by the authenticator.
     -->
 
-    由身份认证组件提供的所有附加信息。
+    `extra` 是指身份验证器提供的任何附加信息。
 
   - **userInfo.groups** ([]string)
 
     <!--
     *Atomic: will be replaced during a merge*
-    
-    The names of groups this user is a part of.
+
+    groups is the names of groups this user is a part of.
     -->
-    
+
     **原子性：合并期间将被替换**
 
-    此用户所属的用户组的名称。
+    `groups` 是该用户所属的群组名称。
 
   - **userInfo.uid** (string)
 
     <!--
-    A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.
+    uid is a unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.
     -->
 
-    跨时间标识此用户的唯一值。如果此用户被删除且另一个同名用户被添加，他们将具有不同的 UID。
+    `uid` 是跨时间标识此用户的唯一值。如果此用户被删除且另一个同名用户被添加，他们将具有不同的 UID。
 
   - **userInfo.username** (string)
 
     <!--
-    The name that uniquely identifies this user among all active users.
+    username is the name that uniquely identifies this user among all active users.
     -->
 
-    在所有活跃用户中标识此用户的名称。
+    `username` 是在所有活跃用户中标识此用户的名称。
 
 <!--
 ## Operations {#Operations}
@@ -153,7 +157,7 @@ POST /apis/authentication.k8s.io/v1/selfsubjectreviews
 -->
 #### 参数
 
-- **body**: <a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReview" >}}">SelfSubjectReview</a>, 必需
+- **body**: <a href="{{< ref "../authentication-resources/self-subject-review-v1#SelfSubjectReview" >}}">SelfSubjectReview</a>，必需
 
 - **dryRun** (**查询参数**): string
 
diff --git a/content/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md b/content/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md
@@ -39,26 +39,26 @@ TokenRequest 为给定的服务账号请求一个令牌。
 
 <!--
 - **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
-  Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+  metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
-- **spec** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestSpec" >}}">TokenRequestSpec</a>), required
-  Spec holds information about the request being evaluated
+- **spec** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestSpec" >}}">TokenRequestSpec</a>)
+  spec holds information about the request being evaluated
 - **status** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestStatus" >}}">TokenRequestStatus</a>)
 
-  Status is filled in by the server and indicates whether the token can be authenticated.
+  status is filled in by the server and indicates whether the token can be authenticated.
 -->
 - **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
 
-  标准的对象元数据。更多信息：
+  `metadata` 是标准的对象元数据。更多信息：
   https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
-- **spec** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestSpec" >}}">TokenRequestSpec</a>)，必需
+- **spec** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestSpec" >}}">TokenRequestSpec</a>)
 
-  spec 包含与正被评估的请求相关的信息。
+  `spec` 包含与正被评估的请求相关的信息。
 
 - **status** (<a href="{{< ref "../authentication-resources/token-request-v1#TokenRequestStatus" >}}">TokenRequestStatus</a>)
 
-  status 由服务器填充，表示该令牌是否可用于身份认证。
+  `status` 由服务器填充，表示该令牌是否可用于身份认证。
 
 ## TokenRequestSpec {#TokenRequestSpec}
 
@@ -70,47 +70,48 @@ TokenRequestSpec 包含客户端提供的令牌请求参数。
 <hr>
 
 <!--
-- **audiences** ([]string), required
+- **audiences** ([]string)
 
   *Atomic: will be replaced during a merge*
 
-  Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
+  audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
 -->
-- **audiences** ([]string)，必需
+- **audiences** ([]string)
 
   **原子：将在合并期间被替换**
 
-  audiences 是令牌预期的受众。
+  `audiences` 是令牌预期的受众。
   令牌的接收方必须在令牌的受众列表中用一个标识符来标识自己，否则应拒绝该令牌。
   为多个受众签发的令牌可用于认证所列举的任意受众的身份，但这意味着目标受众彼此之间的信任程度较高。
 
 - **boundObjectRef** (BoundObjectReference)
 
   <!--
-  BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.
+  boundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.
 
   <a name="BoundObjectReference"></a>
   *BoundObjectReference is a reference to an object that a token is bound to.*
   -->
-  boundObjectRef 是对令牌所绑定的一个对象的引用。该令牌只有在绑定对象存在时才有效。
-  注：API 服务器的 TokenReview 端点将校验 boundObjectRef，但其他受众可能不用这样。
-  如果你想要快速撤销，请为 expirationSeconds 设一个较小的值。
+  
+  `boundObjectRef` 是对令牌所绑定的一个对象的引用。该令牌只有在绑定对象存在时才有效。
+  注：API 服务器的 TokenReview 端点将校验 `boundObjectRef`，但其他受众可能不用这样。
+  如果你想要快速撤销，请为 `expirationSeconds` 设一个较小的值。
 
   <a name="BoundObjectReference"></a>
   **BoundObjectReference 是对令牌所绑定的一个对象的引用。**
 
   <!--
   - **boundObjectRef.apiVersion** (string)
-    API version of the referent.
+    apiVersion of the referent.
 
   - **boundObjectRef.kind** (string)
-    Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
+    kind of the referent. Valid kinds are 'Pod' and 'Secret'.
 
   - **boundObjectRef.name** (string)
-    Name of the referent.
+    name of the referent.
   
   - **boundObjectRef.uid** (string)
-    UID of the referent.
+    uid of the referent.
   -->
 
   - **boundObjectRef.apiVersion** (string)
@@ -131,11 +132,11 @@ TokenRequestSpec 包含客户端提供的令牌请求参数。
 <!--
 - **expirationSeconds** (int64)
 
-  ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.
+  expirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.
 -->
 - **expirationSeconds** (int64)
 
-  expirationSeconds 是请求生效的持续时间。
+  `expirationSeconds` 是请求生效的持续时间。
   令牌签发方可能返回一个生效期不同的令牌，因此客户端需要检查响应中的 “expiration” 字段。
 
 ## TokenRequestStatus {#TokenRequestStatus}
@@ -148,25 +149,25 @@ TokenRequestStatus 是一个令牌请求的结果。
 <hr>
 
 <!--
-- **expirationTimestamp** (Time), required
-  ExpirationTimestamp is the time of expiration of the returned token.
+- **expirationTimestamp** (Time)
+  expirationTimestamp is the time of expiration of the returned token.
 
   <a name="Time"></a>
   *Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON.  Wrappers are provided for many of the factory methods that the time package offers.*
 
-- **token** (string), required
-  Token is the opaque bearer token.
+- **token** (string)
+  token is the opaque bearer token.
 -->
-- **expirationTimestamp** (Time)，必需
+- **expirationTimestamp** (Time)
 
-  expirationTimestamp 是已返回令牌的到期时间。
+  `expirationTimestamp` 是已返回令牌的到期时间。
 
   <a name="Time"></a>
   **Time 是 time.Time 的包装器，支持正确编组为 YAML 和 JSON。为 time 包提供的许多工厂方法提供了包装器。**
 
-- **token** (string)，必需
+- **token** (string)
 
-  token 是不透明的持有者令牌（Bearer Token）。
+  `token` 是不透明的持有者令牌（Bearer Token）。
 
 <!--
 ## Operations {#Operations}
@@ -199,7 +200,7 @@ POST /api/v1/namespaces/{namespace}/serviceaccounts/{name}/token
 
 - **name** (**路径参数**): string，必需
 
-  TokenRequest 的名称
+  TokenRequest 的名称。
 
 - **namespace** (**路径参数**): string，必需
 
