From d97b08d7597794dc62b32ecbb6034cdae94e3ca3 Mon Sep 17 00:00:00 2001
From: Michael <cloudyonspring@126.com>
Date: Fri, 21 Oct 2022 07:52:22 +0800
Subject: [PATCH] [zh] sync endpoints-aggregated.yaml

---
 .../zh-cn/examples/access/endpoints-aggregated.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/content/zh-cn/examples/access/endpoints-aggregated.yaml b/content/zh-cn/examples/access/endpoints-aggregated.yaml
index 02eeaa4a47..aec8a29423 100644
--- a/content/zh-cn/examples/access/endpoints-aggregated.yaml
+++ b/content/zh-cn/examples/access/endpoints-aggregated.yaml
@@ -3,12 +3,13 @@ kind: ClusterRole
 metadata:
   annotations:
     kubernetes.io/description: |-
-      Add endpoints write permissions to the edit and admin roles. This was
-      removed by default in 1.22 because of CVE-2021-25740. See
-      https://issue.k8s.io/103675. This can allow writers to direct LoadBalancer
-      or Ingress implementations to expose backend IPs that would not otherwise
-      be accessible, and can circumvent network policies or security controls
-      intended to prevent/isolate access to those backends.
+      将端点写入权限添加到 edit 和 admin 角色。此特性因 CVE-2021-25740 在 1.22
+      中默认被移除。请参阅 https://issue.k8s.io/103675
+      这一设置将允许写者要求 LoadBalancer 或 Ingress 的实现向外暴露后端 IP 地址，
+      所暴露的 IP 地址无法通过其他方式访问，
+      并且可以规避对这些后端访问进行预防/隔离的网络策略或安全控制机制。
+      EndpointSlice 从未包含在 edit 和 admin 角色中，
+      因此 EndpointSlice API 没有什么可恢复的。
   labels:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: custom:aggregate-to-edit:endpoints # 你可以随意愿更改这个 name