diff --git a/website/content/api-docs/auth/kubernetes.mdx b/website/content/api-docs/auth/kubernetes.mdx
index 76e8bdc89ece..4ef714b3971e 100644
--- a/website/content/api-docs/auth/kubernetes.mdx
+++ b/website/content/api-docs/auth/kubernetes.mdx
@@ -45,7 +45,7 @@ access the Kubernetes API.
 
 - `disable_iss_validation` `(bool: true)` **Deprecated** Disable JWT issuer validation. Allows to skip ISS validation.
 
-- `issuer` `(string: "")` **Deprecated** Optional JWT issuer. If no issuer is specified, then this plugin will use `kubernetes/serviceaccount` as the default issuer. 
+- `issuer` `(string: "")` **Deprecated** Optional JWT issuer. If no issuer is specified, then this plugin will use `kubernetes/serviceaccount` as the default issuer.
 See [these instructions](/docs/auth/kubernetes#discovering-the-service-account-issuer) for looking up the issuer for a given Kubernetes cluster.
 
 ### Caveats
@@ -134,7 +134,8 @@ entities attempting to login.
   While it is strongly advised that you use `serviceaccount_uid`, you may also use `serviceaccount_name` in cases where
   you want to set the alias ahead of time, and the risks are mitigated or otherwise acceptable given your use case.
   It is very important to limit who is able to delete/create service accounts within a given cluster.
-  Please see (/api-docs/secret/identity/entity-alias#create-an-entity-alias), which further elaborates on the related security implications.
+  See the [Create an Entity Alias](/api-docs/secret/identity/entity-alias#create-an-entity-alias) document
+  which further expands on the potential security implications mentioned above.
 
 @include 'tokenfields.mdx'