Propagate changes to cloud-container-engine-api-ref from PreProd environment

umn/source/add-ons/cloud_native_ai_add-ons/cce_ai_suite_nvidia_gpu.rst

@@ -154,7 +154,7 @@ If an add-on upgrade fails or any other exceptions occur, you have the option to
    If you have modified the add-on startup parameters, check and delete the custom parameters before the rollback. If you do not perform these operations, the rollback may fail because the target version does not support these parameters.
 
 #. Log in to the CCE console and click the cluster name to access the cluster console.
-#. In the navigation pane, choose **Add-ons**. In the right pane, find the CCE AI Suite (NVIDIA GPU) add-on and choose **More** > **Roll Back**.
+#. In the navigation pane, choose **Add-ons**. In the right pane, find the CCE AI Suite (NVIDIA GPU) add-on and click **Roll Back**.
 #. In the **Roll Back Add-on** dialog box displayed, check that the target version is correct and click **Yes**. If the add-on status transitions from **Rolling back** to **Running**, the rollback is successful.
 
 Upgrading a GPU Driver

umn/source/add-ons/cloud_native_observability_add-ons/cce_node_problem_detector.rst

@@ -158,7 +158,7 @@ Check items cover events and statuses.
       |                                   |                                                                                                           |                                                                                                                                         |
       |                                   |                                                                                                           | .. note::                                                                                                                               |
       |                                   |                                                                                                           |                                                                                                                                         |
-      |                                   |                                                                                                           |    The Ubuntu and HCE 2.0 OSs do not support the preceding check items due to incompatible log formats.                                 |
+      |                                   |                                                                                                           |    Ubuntu and HCE OS 2.0 do not support the preceding check items due to incompatible log formats.                                      |
       +-----------------------------------+-----------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
       | Frequent restarts of Docker       | Periodically backtrack system logs to check whether the container runtime Docker restarts frequently.     |                                                                                                                                         |
       |                                   |                                                                                                           |                                                                                                                                         |

umn/source/add-ons/scheduling_and_elasticity_add-ons/cce_cluster_autoscaler.rst

@@ -241,6 +241,8 @@ Change History
    +-----------------+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------+
    | Add-on Version  | Supported Cluster Version | New Feature                                                                                                                                                   | Community Version                                                                            |
    +=================+===========================+===============================================================================================================================================================+==============================================================================================+
+   | 1.25.200        | v1.25                     | Fixed some issues.                                                                                                                                            | `1.25.0 <https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.25.0>`__ |
+   +-----------------+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------+
    | 1.25.184        | v1.25                     | The scale-down delay and scale-down utilization thresholds can be configured for node pools.                                                                  | `1.25.0 <https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.25.0>`__ |
    +-----------------+---------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------+
    | 1.25.153        | v1.25                     | Fixed some issues.                                                                                                                                            | `1.25.0 <https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.25.0>`__ |

umn/source/add-ons/scheduling_and_elasticity_add-ons/volcano_scheduler.rst

@@ -489,7 +489,7 @@ Modifying the volcano-scheduler Configurations Using the Console
 
 volcano-scheduler is the component responsible for pod scheduling. It consists of a series of actions and plugins. Actions should be executed in every step. Plugins provide the action algorithm details in different scenarios. volcano-scheduler is highly scalable. You can specify and implement actions and plugins based on your requirements.
 
-After the add-on is installed, you can choose **Settings** in the navigation pane, switch to the **Scheduling** tab, and configure the basic scheduling capabilities. You can also use the expert mode of the Volcano scheduler to customize advanced scheduling policies based on service scenarios.
+After the add-on is installed, you can choose **Settings** in the navigation pane, switch to the **Scheduling** tab, and configure the basic scheduling capabilities. You can also use the expert mode to customize advanced scheduling policies based on service scenarios.
 
 This section describes how to configure volcano-scheduler.
 

umn/source/best_practice/permission/performing_rbac_authentication_on_a_namespace_using_kubectl_commands.rst

@@ -95,7 +95,7 @@ The definition of a Role is simple. You just specify a namespace and some rules.
 
 For details, see `Using RBAC Authorization <https://kubernetes.io/docs/reference/access-authn-authz/rbac/>`__.
 
-After creating a Role, you can bind the Role to a specific user, which is called RoleBinding. The following shows an example:
+After creating a Role, you can bind the Role to a specific user. This is called RoleBinding. The following shows an example:
 
 .. code-block::
 

umn/source/best_practice/security/configuration_suggestions_on_cce_node_security.rst

@@ -23,7 +23,7 @@ CCE is a universal container platform. Its default security group rules apply to
 Hardening Nodes on Demand
 -------------------------
 
-CCE cluster nodes use the default settings of open source OSs. After a node is created, you need to perform security hardening according to your service requirements.
+CCE cluster nodes use the default settings of open-source OSs. After a node is created, you need to perform security hardening according to your service requirements.
 
 In CCE, you can perform hardening as follows:
 
@@ -54,7 +54,7 @@ For details about how to restore the metadata, see the "Notes" section in `Obtai
 
             iptables -I OUTPUT -s {container_cidr} -d 169.254.169.254 -j REJECT
 
-         *{container_cidr}* indicates the container CIDR of the cluster, for example, **10.0.0.0/16**.
+         *{container_cidr}* indicates the container CIDR block of the cluster, for example, **10.0.0.0/16**.
 
          To ensure configuration persistence, write the command to the **/etc/rc.local** script.
 
@@ -73,7 +73,7 @@ For details about how to restore the metadata, see the "Notes" section in `Obtai
 
             iptables -I FORWARD -s {container_cidr} -d 169.254.169.254 -j REJECT
 
-         *{container_cidr}* indicates the container CIDR of the cluster, for example, **10.0.0.0/16**.
+         *{container_cidr}* indicates the container CIDR block of the cluster, for example, **10.0.0.0/16**.
 
          To ensure configuration persistence, write the command to the **/etc/rc.local** script.
 
@@ -88,7 +88,7 @@ For details about how to restore the metadata, see the "Notes" section in `Obtai
 
       No additional configuration is required for a cluster of a version earlier than v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, or v1.28.3-r0.
 
-      For a cluster of v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, and later version, log in to the CCE console, click the cluster name to access the cluster console. In the navigation pane, choose **Settings**, click the **Network** tab, and view the value of **Pod Access to Metadata**.
+      For a cluster of v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later version, log in to the CCE console, click the cluster name to access the cluster console. In the navigation pane, choose **Settings**, click the **Network** tab, and view the value of **Pod Access to Metadata**.
 
       -  If **Pod Access to Metadata** is not enabled, no additional configuration is required. The container has been disabled from obtaining the node metadata.
       -  If **Pod Access to Metadata** is enabled, take the following steps to disable the container from obtaining the node metadata:

umn/source/best_practice/security/index.rst

@@ -11,7 +11,7 @@ Security
 -  :ref:`Configuration Suggestions on CCE Container Security <cce_bestpractice_0319>`
 -  :ref:`Configuration Suggestions on CCE Container Image Security <cce_bestpractice_10047>`
 -  :ref:`Configuration Suggestions on CCE Secret Security <cce_bestpractice_0320>`
--  :ref:`Configuration Suggestions on CCE Workload Identity Security <cce_bestpractice_0333>`
+-  :ref:`Using OIDC to Authenticate Workloads in a CCE Cluster <cce_bestpractice_0333>`
 
 .. toctree::
    :maxdepth: 1
@@ -23,4 +23,4 @@ Security
    configuration_suggestions_on_cce_container_security
    configuration_suggestions_on_cce_container_image_security
    configuration_suggestions_on_cce_secret_security
-   configuration_suggestions_on_cce_workload_identity_security
+   using_oidc_to_authenticate_workloads_in_a_cce_cluster

umn/source/best_practice/security/configuration_suggestions_on_cce_workload_identity_security.rst → umn/source/best_practice/security/using_oidc_to_authenticate_workloads_in_a_cce_cluster.rst

@@ -2,10 +2,10 @@
 
 .. _cce_bestpractice_0333:
 
-Configuration Suggestions on CCE Workload Identity Security
-===========================================================
+Using OIDC to Authenticate Workloads in a CCE Cluster
+=====================================================
 
-A workload identity enables workloads within a cluster to act as IAM users, granting them access to cloud services without the need for an IAM account's AK/SK. This helps minimize security risks.
+Workload identities enable workloads within a cluster to act as IAM users, granting them access to cloud services without the need for an IAM account's AK/SK. This helps minimize security risks.
 
 This section describes how to use workload identities in CCE.
 
@@ -64,7 +64,10 @@ Step 2: Configure an Identity Provider
 
    **Configuration Information**
 
-   -  **Identity Provider URL**: Enter **https://kubernetes.default.svc.cluster.local**.
+   -  **Identity Provider URL**: The default identity provider of the cluster is **https://kubernetes.default.svc.cluster.local**.
+
+      If **OIDC Provider** is enabled in **Overview** > **Connection Information** of the cluster, you can obtain the identity provider URL in **Service Account Issuer (service-account-issuer)** in **Settings** > **Kubernetes** of the cluster.
+
    -  **Client ID**: Enter a client ID, which will be used when you create a container.
 
       .. caution::
@@ -184,7 +187,7 @@ Step 3: Use a Workload Identity
 
    Specifically:
 
-   -  **{{iam endpoint}}** indicates the endpoint of IAM. For details, see `Regions and Endpoints <https://docs.otc.t-systems.com/regions-and-endpoints/index.html>`__.
+   -  *{{iam endpoint}}* indicates the endpoint of IAM. For details, see `Regions and Endpoints <https://docs.otc.t-systems.com/regions-and-endpoints/index.html>`__.
 
    -  **workload_identity** is the identity provider name, which is the same as that configured in :ref:`Step 2: Configure an Identity Provider <cce_bestpractice_0333__en-us_topic_0000001280331044_section18167152865013>`.