zh-translation: docs/setup/additional-setup/requirements/index.md (#5472)

* zh-translation: docs/setup/additional-setup/requirements/index.md

* adjust description and capability translation as review

content/zh/docs/setup/additional-setup/requirements/index.md

@@ -1,72 +1,58 @@
 ---
-title: Pods and Services
-description:  Prepare your Kubernetes pods and services to run in an Istio-enabled cluster.
+title: Pod 和 Service
+description:  在启用了 Istio 的集群中运行 Kubernetes 的 Pod 和 Service，您需要做些准备。
 weight: 5
 aliases:
-    - /docs/setup/kubernetes/spec-requirements/
-    - /docs/setup/kubernetes/prepare/spec-requirements/
-    - /docs/setup/kubernetes/prepare/requirements/
-    - /docs/setup/kubernetes/additional-setup/requirements/
+    - /zh/docs/setup/kubernetes/spec-requirements/
+    - /zh/docs/setup/kubernetes/prepare/spec-requirements/
+    - /zh/docs/setup/kubernetes/prepare/requirements/
+    - /zh/docs/setup/kubernetes/additional-setup/requirements/
 keywords: [kubernetes,sidecar,sidecar-injection]
 ---
 
-To be a part of an Istio service mesh, pods and services in a Kubernetes
-cluster must satisfy the following requirements:
+作为 Istio 服务网格中的一部分，Kubernetes 集群中的 Pod 和 Service 必须满足以下要求：
 
-- **Named service ports**: Service ports must be named. The port name key/value
-  pairs must have the following syntax: `name: <protocol>[-<suffix>]`. See [Protocol Selection](/docs/ops/traffic-management/protocol-selection/) for more details.
+- **命名的服务端口**: Service 的端口必须命名。端口名键值对必须按以下格式：`name: <protocol>[-<suffix>]`。更多说明请参看[协议选择](/zh/docs/ops/traffic-management/protocol-selection/)。
 
-- **Service association**: A pod must belong to at least one Kubernetes
-  service even if the pod does NOT expose any port.
-  If a pod belongs to multiple [Kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/),
-  the services cannot use the same port number for different protocols, for
-  instance HTTP and TCP.
+- **Service 关联**: 每个 Pod 必须至少属于一个 Kubernetes Service，不管这个 Pod 是否对外暴露端口。如果一个 Pod 同时属于多个 [Kubernetes Service](https://kubernetes.io/docs/concepts/services-networking/service/)，
+  那么这些 Service 不能同时在一个端口号上使用不同的协议（比如：HTTP 和 TCP）。
 
-- **Deployments with app and version labels**: We recommend adding an explicit
-  `app` label and `version` label to deployments. Add the labels  to the
-  deployment specification of pods deployed using the Kubernetes `Deployment`.
-  The `app` and `version` labels add contextual information to the metrics and
-  telemetry Istio collects.
+- **带有 app 和 version 标签（label） 的 Deployment**: 我们建议显式地给 Deployment 加上 `app` 和 `version` 标签。给使用 Kubernetes
+  `Deployment` 部署的 Pod 部署配置中增加这些标签，可以给 Istio 收集的指标和遥测信息中增加上下文信息。
 
-    - The `app` label: Each deployment specification should have a distinct
-      `app` label with a meaningful value. The `app` label is used to add
-      contextual information in distributed tracing.
+    - `app` 标签：每个部署配置应该有一个不同的 `app` 标签并且该标签的值应该有一定意义。`app` label 用于在分布式追踪中添加上下文信息。
 
-    - The `version` label: This label indicates the version of the application
-      corresponding to the particular deployment.
+    - `version` 标签：这个标签用于在特定方式部署的应用中表示版本。
 
-- **Application UIDs**: Ensure your pods do **not** run applications as a user
-  with the user ID (UID) value of **1337**.
+- **应用 UID**: 确保你的 Pod 不会以用户 ID（UID）为 1337 的用户运行应用。
 
-- **`NET_ADMIN` capability**: If your cluster enforces pod security policies,
-  pods must allow the `NET_ADMIN` capability. If you use the [Istio CNI Plugin](/docs/setup/additional-setup/cni/),
-  this requirement no longer applies. To learn more about the `NET_ADMIN`
-  capability, visit [Required Pod Capabilities](/docs/ops/setup/required-pod-capabilities/).
+- **`NET_ADMIN` 功能**: 如果你的集群执行 Pod 安全策略，必须给 Pod 配置 `NET_ADMIN` 功能。如果你使用 [Istio CNI 插件](/zh/docs/setup/additional-setup/cni/)
+  可以不配置。要了解更多 `NET_ADMIN` 功能的知识，请查看[需要的 Pod Capabilities](/zh/docs/ops/setup/required-pod-capabilities/)。
 
-## Ports used by Istio
+## Istio 使用的端口{#ports-used-by-Istio}
 
-The following ports and protocols are used by Istio. Ensure that there are no TCP headless services using a TCP port used by one of Istio's services.
+Istio 使用了如下的端口和协议。请确保没有 TCP Headless Service 使用了 Istio Service 使用的 TCP 端口。
 
-| Port | Protocol | Used by | Description |
+| 端口 | 协议 | 使用者 | 描述 |
 |----|----|----|----|
-| 8060 | HTTP | Citadel | GRPC server |
-| 8080 | HTTP | Citadel agent | SDS service monitoring |
+| 8060 | HTTP | Citadel | GRPC 服务器 |
+| 8080 | HTTP | Citadel agent | SDS service 监控 |
 | 9090 | HTTP |  Prometheus | Prometheus |
-| 9091 | HTTP | Mixer | Policy/Telemetry |
-| 9876 | HTTP | Citadel, Citadel agent |  ControlZ user interface |
-| 9901 | GRPC | Galley| Mesh Configuration Protocol |
-| 15000 | TCP | Envoy | Envoy admin port (commands/diagnostics) |
-| 15001 | TCP | Envoy | Envoy Outbound |
-| 15006 | TCP | Envoy | Envoy Inbound |
-| 15004 | HTTP | Mixer, Pilot | Policy/Telemetry - `mTLS` |
-| 15010 | HTTP | Pilot | Pilot service - XDS pilot - discovery |
-| 15011 | TCP | Pilot | Pilot service - `mTLS` - Proxy - discovery |
-| 15014 | HTTP | Citadel, Citadel agent, Galley, Mixer, Pilot, Sidecar Injector | Control plane monitoring |
-| 15020 | HTTP | Ingress Gateway | Pilot health checks |
-| 15029 | HTTP | Kiali | Kiali User Interface |
-| 15030 | HTTP | Prometheus | Prometheus User Interface |
-| 15031 | HTTP | Grafana | Grafana User Interface |
-| 15032 | HTTP | Tracing | Tracing User Interface |
+| 9091 | HTTP | Mixer | 策略/遥测 |
+| 9876 | HTTP | Citadel, Citadel agent |  ControlZ 用户界面 |
+| 9901 | GRPC | Galley| 网格配置协议 |
+| 15000 | TCP | Envoy | Envoy 管理端口 (commands/diagnostics) |
+| 15001 | TCP | Envoy | Envoy 传出 |
+| 15006 | TCP | Envoy | Envoy 传入 |
+| 15004 | HTTP | Mixer, Pilot | 策略/遥测 - `mTLS` |
+| 15010 | HTTP | Pilot | Pilot service - XDS pilot - 发现 |
+| 15011 | TCP | Pilot | Pilot service - `mTLS` - Proxy - 发现 |
+| 15014 | HTTP | Citadel, Citadel agent, Galley, Mixer, Pilot, Sidecar Injector | 控制平面监控 |
+| 15020 | HTTP | Ingress Gateway | Pilot 健康检查 |
+| 15029 | HTTP | Kiali | Kiali 用户界面 |
+| 15030 | HTTP | Prometheus | Prometheus 用户界面 |
+| 15031 | HTTP | Grafana | Grafana 用户界面 |
+| 15032 | HTTP | Tracing | Tracing 用户界面 |
 | 15443 | TLS | Ingress and Egress Gateways | SNI |
 | 15090 | HTTP | Mixer | Proxy |
-| 42422 | TCP | Mixer | Telemetry - Prometheus |
+| 42422 | TCP | Mixer | 遥测 - Prometheus |