kubernetes · k8s-ci-robot · Mar 13, 2023 · Mar 12, 2023
diff --git a/content/en/blog/_posts/2021-04-20-annotating-k8s-for-humans.md b/content/en/blog/_posts/2021-04-20-annotating-k8s-for-humans.md
@@ -83,6 +83,7 @@ Adopting a common convention for annotations ensures consistency and understanda
 | `a8r.io/uptime`                            | Link to external uptime dashboard. |
 | `a8r.io/performance`                       | Link to external performance dashboard. |
 | `a8r.io/dependencies`                      | Unstructured text describing the service dependencies for humans. |
+{{< /table >}}
 
 
 ## Visualizing annotations: Service Catalogs

diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates-removed.md b/content/en/docs/reference/command-line-tools-reference/feature-gates-removed.md
@@ -333,6 +333,7 @@ In the following table:
 | `WindowsRunAsUserName` | `false` | Alpha | 1.16 | 1.16 |
 | `WindowsRunAsUserName` | `true` | Beta | 1.17 | 1.17 |
 | `WindowsRunAsUserName` | `true` | GA | 1.18 | 1.20 |
+{{< /table >}}
 
 ## Descriptions for removed feature gates
 

diff --git a/content/en/docs/reference/using-api/cel.md b/content/en/docs/reference/using-api/cel.md
@@ -59,6 +59,7 @@ Example CEL expressions:
 | `self.metadata.name == 'singleton'`                                                | Validate that an object's name matches a specific value (making it a singleton)   |
 | `self.set1.all(e, !(e in self.set2))`                                              | Validate that two listSets are disjoint                                           |
 | `self.names.size() == self.details.size() && self.names.all(n, n in self.details)` | Validate the 'details' map is keyed by the items in the 'names' listSet           |
+{{< /table >}}
 
 ## CEL community libraries
 
@@ -95,6 +96,7 @@ Examples:
 | `items.map(x, x.weight).sum() == 1.0`                                              | Verify that the "weights" of a list of objects sum to 1.0 |
 | `lowPriorities.map(x, x.priority).max() < highPriorities.map(x, x.priority).min()` | Verify that two sets of priorities do not overlap         |
 | `names.indexOf('should-be-first') == 1`                                            | Require that the first name in a list if a specific value | 
+{{< /table >}}
 
 See the [Kubernetes List Library](https://pkg.go.dev/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/library#Lists)
 godoc for more information.
@@ -112,6 +114,7 @@ Examples:
 |-------------------------------------------------------------|----------------------------------------------------------|
 | `"abc 123".find('[0-9]*')`                                  | Find the first number in a string                        |
 | `"1, 2, 3, 4".findAll('[0-9]*').map(x, int(x)).sum() < 100` | Verify that the numbers in a string sum to less than 100 |
+{{< /table >}}
 
 See the [Kubernetes regex library](https://pkg.go.dev/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/library#Regex)
 godoc for more information.
@@ -136,6 +139,7 @@ Examples:
 |-----------------------------------------------------------------|------------------------------------------------|
 | `url('https://example.com:80/').getHost()`                      | Get the 'example.com:80' host part of the URL. |
 | `url('https://example.com/path with spaces/').getEscapedPath()` | Returns '/path%20with%20spaces/'               |
+{{< /table >}}
 
 See the [Kubernetes URL library](https://pkg.go.dev/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/library#URLs)
 godoc for more information.
@@ -191,6 +195,7 @@ has(object.namex) ? object.namex == 'special' : request.name == 'special'
 | 'string' with format=date                          | timestamp (google.protobuf.Timestamp)                                                                                        |
 | 'string' with format=datetime                      | timestamp (google.protobuf.Timestamp)                                                                                        |
 | 'string' with format=duration                      | duration (google.protobuf.Duration)                                                                                          |
+{{< /table >}}
 
 Also see: [CEL types](https://github.com/google/cel-spec/blob/v0.6.0/doc/langdef.md#values),
 [OpenAPI types](https://swagger.io/specification/#data-types),
@@ -225,6 +230,7 @@ expression:
 | `__dash__`        | `-`                                                                                          |
 | `__slash__`       | `/`                                                                                          |
 | `__{keyword}__`   | [CEL **RESERVED** keyword](https://github.com/google/cel-spec/blob/v0.6.0/doc/langdef.md#syntax) |
+{{< /table >}}
 
 When you escape any of CEL's **RESERVED** keywords you need to match the exact property name
 use the underscore escaping
@@ -239,6 +245,7 @@ Examples on escaping:
 | `x-prop`      | `self.x__dash__prop > 0`          |
 | `redact__d`   | `self.redact__underscores__d > 0` |
 | `string`      | `self.startsWith('kube')`         |
+{{< /table >}}
 
 ## Resource constraints
 

diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md
@@ -103,6 +103,7 @@ Name | Encryption | Strength | Speed | Key Length | Other Considerations
 `aesgcm` | AES-GCM with random nonce | Must be rotated every 200k writes | Fastest | 16, 24, or 32-byte | Is not recommended for use except when an automated key rotation scheme is implemented.
 `aescbc` | AES-CBC with [PKCS#7](https://datatracker.ietf.org/doc/html/rfc2315) padding | Weak | Fast | 32-byte | Not recommended due to CBC's vulnerability to padding oracle attacks.
 `kms` | Uses envelope encryption scheme: Data is encrypted by data encryption keys (DEKs) using AES-CBC with [PKCS#7](https://datatracker.ietf.org/doc/html/rfc2315) padding (prior to v1.25), using AES-GCM starting from v1.25, DEKs are encrypted by key encryption keys (KEKs) according to configuration in Key Management Service (KMS) | Strongest | Fast | 32-bytes |  The recommended choice for using a third party tool for key management. Simplifies key rotation, with a new DEK generated for each encryption, and KEK rotation controlled by the user. [Configure the KMS provider](/docs/tasks/administer-cluster/kms-provider/).
+{{< /table >}}
 
 Each provider supports multiple keys - the keys are tried in order for decryption, and if the provider
 is the first provider, the first key is used for encryption.