Manually fix nits in the generated reference.

content/en/docs/reference/config-api/apiserver-config.v1.md

@@ -45,8 +45,8 @@ auto_generated: true
 
 <p>EncryptionConfiguration stores the complete configuration for encryption providers.
 It also allows the use of wildcards to specify the resources that should be encrypted.
-Use '<em>.<!-- raw HTML omitted -->' to encrypt all resources within a group or '</em>.<em>' to encrypt all resources.
-'</em>.' can be used to encrypt all resource in the core group.  '<em>.</em>' will encrypt all
+Use '&ast;.&lt;group&gt;' to encrypt all resources within a group or '&ast;.&ast;' to encrypt all resources.
+'&ast;.' can be used to encrypt all resource in the core group.  '&ast;.&ast;' will encrypt all
 resources, even custom resources that are added after API server start.
 Use of wildcards that overlap within the same resource list or across multiple
 entries are not allowed since part of the configuration would be ineffective.
@@ -351,9 +351,9 @@ Set to a negative value to disable caching. This field is only allowed for KMS v
 <td>
    <p>resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from <code>resource</code> or <code>resource.group</code> of the group/version/resource.
 eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas.
-Use '<em>.</em>' to encrypt all resources and '<em>.<!-- raw HTML omitted -->' to encrypt all resources in a specific group.
-eg: '</em>.awesome.bears.example' will encrypt all resources in the group 'awesome.bears.example'.
-eg: '*.' will encrypt all resources in the core group (such as pods, configmaps, etc).</p>
+Use '&ast;.&ast;' to encrypt all resources and '&ast;.&lt;group&gt;' to encrypt all resources in a specific group.
+eg: '&ast;.awesome.bears.example' will encrypt all resources in the group 'awesome.bears.example'.
+eg: '&ast;.' will encrypt all resources in the core group (such as pods, configmaps, etc).</p>
 </td>
 </tr>
 <tr><td><code>providers</code> <B>[Required]</B><br/>
@@ -393,4 +393,4 @@ Each key has to be 32 bytes long.</p>
 </tr>
 </tbody>
 </table>
-
+

content/en/docs/reference/config-api/apiserver-config.v1alpha1.md

@@ -119,7 +119,7 @@ JWT authenticator will attempt to cryptographically validate the token.</p>
 &quot;iss&quot;: &quot;https://issuer.example.com&quot;,
 &quot;aud&quot;: [&quot;audience&quot;],
 &quot;exp&quot;: 1234567890,
-&quot;<!-- raw HTML omitted -->&quot;: &quot;username&quot;
+&quot;&lt;username claim&gt;&quot;: &quot;username&quot;
 }</p>
 </td>
 </tr>
@@ -331,7 +331,7 @@ The claim's value must be a singular string.
 Same as the --oidc-username-claim and --oidc-username-prefix flags.
 If username.expression is set, the expression must produce a string value.
 If username.expression uses 'claims.email', then 'claims.email_verified' must be used in
-username.expression or extra[<em>].valueExpression or claimValidationRules[</em>].expression.
+username.expression or extra[&ast;].valueExpression or claimValidationRules[&ast;].expression.
 An example claim validation rule expression that matches the validation automatically
 applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'.</p>
 <p>In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set,
@@ -341,8 +341,8 @@ For prefix:
 (1) --oidc-username-prefix=&quot;-&quot;, no prefix was added to the username. For the same behavior using authentication config,
 set username.prefix=&quot;&quot;
 (2) --oidc-username-prefix=&quot;&quot; and  --oidc-username-claim != &quot;email&quot;, prefix was &quot;&lt;value of --oidc-issuer-url&gt;#&quot;. For the same
-behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->#&quot;
-(3) --oidc-username-prefix=&quot;<!-- raw HTML omitted -->&quot;. For the same behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->&quot;</p>
+behavior using authentication config, set username.prefix=&quot;&lt;value of issuer.url&gt;#&quot;
+(3) --oidc-username-prefix=&quot;&lt;value&gt;&quot;. For the same behavior using authentication config, set username.prefix=&quot;&lt;value&gt;&quot;</p>
 </td>
 </tr>
 <tr><td><code>groups</code><br/>
@@ -1202,4 +1202,4 @@ the contents would be converted to the v1 version before evaluating the CEL expr
 </tr>
 </tbody>
 </table>
-
+

content/en/docs/reference/config-api/apiserver-config.v1beta1.md

@@ -95,7 +95,7 @@ JWT authenticator will attempt to cryptographically validate the token.</p>
 &quot;iss&quot;: &quot;https://issuer.example.com&quot;,
 &quot;aud&quot;: [&quot;audience&quot;],
 &quot;exp&quot;: 1234567890,
-&quot;<!-- raw HTML omitted -->&quot;: &quot;username&quot;
+&quot;&lt;username claim&gt;&quot;: &quot;username&quot;
 }</p>
 </td>
 </tr>
@@ -264,7 +264,7 @@ The claim's value must be a singular string.
 Same as the --oidc-username-claim and --oidc-username-prefix flags.
 If username.expression is set, the expression must produce a string value.
 If username.expression uses 'claims.email', then 'claims.email_verified' must be used in
-username.expression or extra[<em>].valueExpression or claimValidationRules[</em>].expression.
+username.expression or extra[&ast;].valueExpression or claimValidationRules[&ast;].expression.
 An example claim validation rule expression that matches the validation automatically
 applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'.</p>
 <p>In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set,
@@ -274,8 +274,8 @@ For prefix:
 (1) --oidc-username-prefix=&quot;-&quot;, no prefix was added to the username. For the same behavior using authentication config,
 set username.prefix=&quot;&quot;
 (2) --oidc-username-prefix=&quot;&quot; and  --oidc-username-claim != &quot;email&quot;, prefix was &quot;&lt;value of --oidc-issuer-url&gt;#&quot;. For the same
-behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->#&quot;
-(3) --oidc-username-prefix=&quot;<!-- raw HTML omitted -->&quot;. For the same behavior using authentication config, set username.prefix=&quot;<!-- raw HTML omitted -->&quot;</p>
+behavior using authentication config, set username.prefix=&quot;&lt;value of issuer.url&gt;#&quot;
+(3) --oidc-username-prefix=&quot;&lt;value&gt;&quot;. For the same behavior using authentication config, set username.prefix=&quot;&lt;value&gt;&quot;</p>
 </td>
 </tr>
 <tr><td><code>groups</code><br/>
@@ -1135,4 +1135,4 @@ the contents would be converted to the v1 version before evaluating the CEL expr
 </tr>
 </tbody>
 </table>
-
+

content/en/docs/reference/config-api/kubelet-config.v1.md

@@ -80,9 +80,9 @@ to provide credentials. Images are expected to contain the registry domain
 and URL path.</p>
 <p>Each entry in matchImages is a pattern which can optionally contain a port and a path.
 Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like '<em>.k8s.io' or 'k8s.</em>.io', and top-level-domains such as 'k8s.<em>'.
-Matching partial subdomains like 'app</em>.k8s.io' is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.</p>
+as subdomains like '&ast;.k8s.io' or 'k8s.&ast;.io', and top-level-domains such as 'k8s.&ast;'.
+Matching partial subdomains like 'app&ast;.k8s.io' is also supported. Each glob can only match
+a single subdomain segment, so '&ast;.io' does not match '&ast;.k8s.io'.</p>
 <p>A match exists between an image and a matchImage when all of the below are true:</p>
 <ul>
 <li>Both contain the same number of domain parts and each part matches.</li>
@@ -92,9 +92,9 @@ a single subdomain segment, so *.io does not match *.k8s.io.</p>
 <p>Example values of matchImages:</p>
 <ul>
 <li>123456789.dkr.ecr.us-east-1.amazonaws.com</li>
-<li>*.azurecr.io</li>
+<li>&ast;.azurecr.io</li>
 <li>gcr.io</li>
-<li><em>.</em>.registry.io</li>
+<li>&ast;.&ast;.registry.io</li>
 <li>registry.io:8080/path</li>
 </ul>
 </td>
@@ -168,4 +168,4 @@ credential plugin.</p>
 </tr>
 </tbody>
 </table>
-
+

content/en/docs/reference/config-api/kubelet-config.v1beta1.md

@@ -1507,7 +1507,7 @@ Also, avoid specifying:</p>
 <li>Duplicates, the same NUMA node, and memory type, but with a different value.</li>
 <li>zero limits for any memory type.</li>
 <li>NUMAs nodes IDs that do not exist under the machine.</li>
-<li>memory types except for memory and hugepages-<!-- raw HTML omitted --></li>
+<li>memory types except for memory and hugepages-&lt;size&gt;</li>
 </ol>
 <p>Default: nil</p>
 </td>
@@ -1675,9 +1675,9 @@ to provide credentials. Images are expected to contain the registry domain
 and URL path.</p>
 <p>Each entry in matchImages is a pattern which can optionally contain a port and a path.
 Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like '<em>.k8s.io' or 'k8s.</em>.io', and top-level-domains such as 'k8s.<em>'.
-Matching partial subdomains like 'app</em>.k8s.io' is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.</p>
+as subdomains like '&ast;.k8s.io' or 'k8s.&ast;.io', and top-level-domains such as 'k8s.&ast;'.
+Matching partial subdomains like 'app&ast;.k8s.io' is also supported. Each glob can only match
+a single subdomain segment, so '&ast;.io' does not match '&ast;.k8s.io'.</p>
 <p>A match exists between an image and a matchImage when all of the below are true:</p>
 <ul>
 <li>Both contain the same number of domain parts and each part matches.</li>
@@ -1687,9 +1687,9 @@ a single subdomain segment, so *.io does not match *.k8s.io.</p>
 <p>Example values of matchImages:</p>
 <ul>
 <li>123456789.dkr.ecr.us-east-1.amazonaws.com</li>
-<li>*.azurecr.io</li>
+<li>&ast;.azurecr.io</li>
 <li>gcr.io</li>
-<li><em>.</em>.registry.io</li>
+<li>&ast;.&ast;.registry.io</li>
 <li>registry.io:8080/path</li>
 </ul>
 </td>
@@ -2071,4 +2071,4 @@ managers (secret, configmap) are discovering object changes.</p>
 </tr>
 </tbody>
 </table>
-
+

content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md

@@ -88,9 +88,9 @@ should be valid for all images that match against this key. A plugin should set
 this field to null if no valid credentials can be returned for the requested image.</p>
 <p>Each key in the map is a pattern which can optionally contain a port and a path.
 Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like '<em>.k8s.io' or 'k8s.</em>.io', and top-level-domains such as 'k8s.<em>'.
-Matching partial subdomains like 'app</em>.k8s.io' is also supported. Each glob can only match
-a single subdomain segment, so *.io does not match *.k8s.io.</p>
+as subdomains like '&ast;.k8s.io' or 'k8s.&ast;.io', and top-level-domains such as 'k8s.&ast;'.
+Matching partial subdomains like 'app&ast;.k8s.io' is also supported. Each glob can only match
+a single subdomain segment, so '&ast;.io' does not match '&ast;.k8s.io'.</p>
 <p>The kubelet will match images against the key when all of the below are true:</p>
 <ul>
 <li>Both contain the same number of domain parts and each part matches.</li>
@@ -107,9 +107,9 @@ stopping after the first successfully authenticated pull.</p>
 <p>Example keys:</p>
 <ul>
 <li>123456789.dkr.ecr.us-east-1.amazonaws.com</li>
-<li>*.azurecr.io</li>
+<li>&ast;.azurecr.io</li>
 <li>gcr.io</li>
-<li><em>.</em>.registry.io</li>
+<li>&ast;.&ast;.registry.io</li>
 <li>registry.io:8080/path</li>
 </ul>
 </td>
@@ -165,4 +165,4 @@ An empty password is valid.</p>
 
 
 
-
+