From fd32dc115979644d5ab9bb36f434a1ecf06dea4f Mon Sep 17 00:00:00 2001
From: "xin.li" <xin.li@daocloud.io>
Date: Mon, 18 Apr 2022 20:53:45 +0800
Subject: [PATCH] [zh] Update access-cluster.md

Signed-off-by: xin.li <xin.li@daocloud.io>
---
 .../access-cluster.md                         | 72 +++----------------
 1 file changed, 11 insertions(+), 61 deletions(-)

diff --git a/content/zh/docs/tasks/access-application-cluster/access-cluster.md b/content/zh/docs/tasks/access-application-cluster/access-cluster.md
index 1dd18f0c90..591652dc9e 100644
--- a/content/zh/docs/tasks/access-application-cluster/access-cluster.md
+++ b/content/zh/docs/tasks/access-application-cluster/access-cluster.md
@@ -316,82 +316,32 @@ Python 客户端可以像 kubectl CLI 一样使用相同的
 ## Accessing the API from a Pod
 
 When accessing the API from a pod, locating and authenticating
-to the apiserver are somewhat different.
-
-The recommended way to locate the apiserver within the pod is with
-the `kubernetes.default.svc` DNS name, which resolves to a Service IP which in turn
-will be routed to an apiserver.
-
-The recommended way to authenticate to the apiserver is with a
-[service account](/docs/tasks/configure-pod-container/configure-service-account/) credential. By kube-system, a pod
-is associated with a service account, and a credential (token) for that
-service account is placed into the filesystem tree of each container in that pod,
-at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
+to the API server are somewhat different.
 -->
 ### 从 Pod 中访问 API   {#accessing-the-api-from-a-pod}
 
-当你从 Pod 中访问 API 时，定位和验证 apiserver 会有些许不同。
-
-在 Pod 中定位 apiserver 的推荐方式是通过 `kubernetes.default.svc`
-这个 DNS 名称，该名称将会解析为服务 IP，然后服务 IP 将会路由到 apiserver。
-
-向 apiserver 进行身份验证的推荐方法是使用
-[服务帐户](/zh/docs/tasks/configure-pod-container/configure-service-account/) 凭据。
-通过 kube-system，Pod 与服务帐户相关联，并且该服务帐户的凭证（token）
-被放置在该 Pod 中每个容器的文件系统中，位于
-`/var/run/secrets/kubernetes.io/serviceaccount/token`。
+当你从 Pod 中访问 API 时，定位和验证 API 服务器会有些许不同。
 
 <!--
-If available, a certificate bundle is placed into the filesystem tree of each
-container at `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`, and should be
-used to verify the serving certificate of the apiserver.
-
-Finally, the default namespace to be used for namespaced API operations is placed in a file
-at `/var/run/secrets/kubernetes.io/serviceaccount/namespace` in each container.
+Please check [Accessing the API from within a Pod](/docs/tasks/run-application/access-api-from-pod/)
+for more details.
 -->
-如果可用，则将证书放入每个容器的文件系统中的
-`/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`，
-并且应该用于验证 apiserver 的服务证书。
-
-最后，名字空间作用域的 API 操作所使用的 default 名字空间将被放置在
-每个容器的 `/var/run/secrets/kubernetes.io/serviceaccount/namespace`
-文件中。
-
-<!--
-From within a pod the recommended ways to connect to API are:
-
-  - run `kubectl proxy` in a sidecar container in the pod, or as a background
-    process within the container. This proxies the
-    Kubernetes API to the localhost interface of the pod, so that other processes
-    in any container of the pod can access it.
-  - use the Go client library, and create a client using the `rest.InClusterConfig()` and `kubernetes.NewForConfig()` functions.
-    They handle locating and authenticating to the apiserver. [example](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go)
-
-In each case, the credentials of the pod are used to communicate securely with the apiserver.
--->
-在 Pod 中，建议连接 API 的方法是：
-
-- 在 Pod 的边车容器中运行 `kubectl proxy`，或者以后台进程的形式运行。
-  这将把 Kubernetes API 代理到当前 Pod 的 localhost 接口，
-  所以 Pod 中的所有容器中的进程都能访问它。
-- 使用 Go 客户端库，并使用 `rest.InClusterConfig()` 和
-  `kubernetes.NewForConfig()` 函数创建一个客户端。
-  他们处理 apiserver 的定位和身份验证。
-  [示例](https://git.k8s.io/client-go/examples/in-cluster-client-configuration/main.go)
-
-在每种情况下，Pod 的凭证都是为了与 apiserver 安全地通信。
+请参阅[从 Pod 中访问 API](/zh/docs/tasks/run-application/access-api-from-pod/)
+了解更多详情。
 
 <!--
 ## Accessing services running on the cluster
 
-The previous section describes how to connect to the Kubernetes API server. For information about connecting to other services running on a Kubernetes cluster, see [Access Cluster Services.](/docs/tasks/administer-cluster/access-cluster-services/)
+The previous section describes how to connect to the Kubernetes API server. 
+For information about connecting to other services running on a Kubernetes cluster, see
+[Access Cluster Services](/docs/tasks/administer-cluster/access-cluster-services/).
 -->
 
 ## 访问集群上运行的服务  {#accessing-services-running-on-the-cluster}
 
 上一节介绍了如何连接到 Kubernetes API 服务器。
-有关连接到 Kubernetes 集群上运行的其他服务的信息，请参阅[访问集群服务](/zh/docs/tasks/administer-cluster/access-cluster-services/)。
-
+有关连接到 Kubernetes 集群上运行的其他服务的信息，请参阅
+[访问集群服务](/zh/docs/tasks/administer-cluster/access-cluster-services/)。
 
 <!--
 ## Requesting redirects