sync install-kubeadm verify-signed-artifacts custom-resource-definitions

Update install-kubeadm.md

content/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md

@@ -38,7 +38,7 @@ see the [Creating a cluster with kubeadm](/docs/setup/production-environment/too
 * A compatible Linux host. The Kubernetes project provides generic instructions for Linux distributions
   based on Debian and Red Hat, and those distributions without a package manager.
 * 2 GB or more of RAM per machine (any less will leave little room for your apps).
-* 2 CPUs or more.
+* 2 CPUs or more for control plane machines.
 * Full network connectivity between all machines in the cluster (public or private network is fine).
 * Unique hostname, MAC address, and product_uuid for every node. See [here](#verify-mac-address) for more details.
 * Certain ports are open on your machines. See [here](#check-required-ports) for more details.
@@ -51,7 +51,7 @@ see the [Creating a cluster with kubeadm](/docs/setup/production-environment/too
 * 一台兼容的 Linux 主机。Kubernetes 项目为基于 Debian 和 Red Hat 的 Linux
   发行版以及一些不提供包管理器的发行版提供通用的指令。
 * 每台机器 2 GB 或更多的 RAM（如果少于这个数字将会影响你应用的运行内存）。
-* CPU 2 核心及以上。
+* 控制平面机器需要 CPU 2 核心或更多。
 * 集群中的所有机器的网络彼此均能相互连接（公网和内网都可以）。
 * 节点之中不可以有重复的主机名、MAC 地址或 product_uuid。请参见[这里](#verify-mac-address)了解更多详细信息。
 * 开启机器上的某些端口。请参见[这里](#check-required-ports)了解更多详细信息。

content/zh-cn/docs/tasks/administer-cluster/verify-signed-artifacts.md

@@ -20,13 +20,13 @@ weight: 420
 <!--
 You will need to have the following tools installed:
 
-- `cosign` ([install guide](https://docs.sigstore.dev/cosign/installation/))
+- `cosign` ([install guide](https://docs.sigstore.dev/cosign/system_config/installation/))
 - `curl` (often provided by your operating system)
 - `jq` ([download jq](https://jqlang.github.io/jq/download/))
 -->
 你需要安装以下工具：
 
-- `cosign`（[安装指南](https://docs.sigstore.dev/cosign/installation/)）
+- `cosign`（[安装指南](https://docs.sigstore.dev/cosign/system_config/installation/))
 - `curl`（通常由你的操作系统提供）
 - `jq`（[下载 jq](https://jqlang.github.io/jq/download/)）
 
@@ -77,7 +77,7 @@ cosign verify-blob "$BINARY" \
 <!-- 
 Cosign 2.0 requires the `--certificate-identity` and `--certificate-oidc-issuer` options.
 
-To learn more about keyless signing, please refer to [Keyless Signatures](https://docs.sigstore.dev/signing/overview/).
+To learn more about keyless signing, please refer to [Keyless Signatures](https://docs.sigstore.dev/cosign/signing/overview/).
 
 Previous versions of Cosign required that you set `COSIGN_EXPERIMENTAL=1`.
 
@@ -86,7 +86,7 @@ For additional information, please refer to the [sigstore Blog](https://blog.sig
 Cosign 2.0 需要指定 `--certificate-identity` 和 `--certificate-oidc-issuer` 选项。
 
 想要进一步了解无密钥签名，请参考
-[Keyless Signatures](https://docs.sigstore.dev/signing/overview/)。
+[Keyless Signatures](https://docs.sigstore.dev/cosign/signing/overview/)。
 
 Cosign 的早期版本还需要设置 `COSIGN_EXPERIMENTAL=1`。
 

content/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md

@@ -1144,7 +1144,7 @@ cluster.
 才能使用这种行为，并将其应用到集群中的所有 CustomResourceDefinition。
 
 <!--
-Provided you enabled the feature gate, Kubernetes implements _validation racheting_
+Provided you enabled the feature gate, Kubernetes implements _validation ratcheting_
 for CustomResourceDefinitions. The API server is willing to accept updates to resources that
 are not valid after the update, provided that each part of the resource that failed to validate
 was not changed by the update operation. In other words, any invalid part of the resource