From 7a8ed1c30f189854f50d1ce98b5226f25a9db9a9 Mon Sep 17 00:00:00 2001
From: Austin Cawley-Edwards <austin.cawley@gmail.com>
Date: Wed, 25 Oct 2023 16:52:55 -0400
Subject: [PATCH 01/11] docs: Small fixes to the Resource deletion section of
 API Concept

- Finalizers are a string array
- Small grammar error
---
 content/en/docs/reference/using-api/api-concepts.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/en/docs/reference/using-api/api-concepts.md b/content/en/docs/reference/using-api/api-concepts.md
index f32ade251bfa8..844d0042a5fb5 100644
--- a/content/en/docs/reference/using-api/api-concepts.md
+++ b/content/en/docs/reference/using-api/api-concepts.md
@@ -724,13 +724,13 @@ When you **delete** a resource this takes place in two phases.
   "kind": "ConfigMap",
   "apiVersion": "v1",
   "metadata": {
-    "finalizers": {"url.io/neat-finalization", "other-url.io/my-finalizer"},
+    "finalizers": ["url.io/neat-finalization", "other-url.io/my-finalizer"],
     "deletionTimestamp": nil,
   }
 }
 ```
 
-When a client first sends a **delete** to request removal of a resource, the `.metadata.deletionTimestamp` is set to the current time.
+When a client first sends a **delete** to request the removal of a resource, the `.metadata.deletionTimestamp` is set to the current time.
 Once the `.metadata.deletionTimestamp` is set, external controllers that act on finalizers
 may start performing their cleanup work at any time, in any order.
 

From 5c49e610e39a70f236ddf8dec09def82ee0fbd59 Mon Sep 17 00:00:00 2001
From: PranitRout07 <pranitrout72@gmail.com>
Date: Sat, 28 Oct 2023 16:19:00 +0530
Subject: [PATCH 02/11] Changed yellow color to orange color for better
 visibility

---
 .../public/images/module_05_scaling1.svg      | 24 +++++++++----------
 .../public/images/module_05_scaling2.svg      | 24 +++++++++----------
 .../images/module_06_rollingupdates1.svg      | 24 +++++++++----------
 .../images/module_06_rollingupdates2.svg      | 24 +++++++++----------
 .../images/module_06_rollingupdates3.svg      | 24 +++++++++----------
 .../images/module_06_rollingupdates4.svg      | 24 +++++++++----------
 6 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling1.svg b/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling1.svg
index 45458cf88ba44..14513aee8bea4 100644
--- a/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling1.svg
+++ b/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling1.svg
@@ -24,13 +24,13 @@
 	.st18{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
 	.st19{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3749,1.5832;}
 	.st20{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4006,1.6004;}
-	.st21{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st22{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st23{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
-	.st24{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
-	.st25{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
-	.st26{opacity:0.1;fill:#EEF406;}
-	.st27{opacity:2.000000e-02;fill:#EEF406;}
+	.st21{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st22{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st23{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
+	.st24{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
+	.st25{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
+	.st26{opacity:0.1;fill:#F29202;}
+	.st27{opacity:2.000000e-02;fill:#F29202;}
 	.st28{opacity:0.1;fill:#06F7C9;}
 	.st29{fill:none;stroke:#006DE9;stroke-width:0.8;stroke-miterlimit:10;}
 	.st30{opacity:0.1;fill:url(#SVGID_3_);}
@@ -43,12 +43,12 @@
 	.st37{opacity:0.1;fill:url(#SVGID_9_);}
 	.st38{opacity:0.1;fill:url(#SVGID_10_);}
 	.st39{fill:none;stroke:#326DE6;stroke-width:2;stroke-miterlimit:10;}
-	.st40{opacity:0.4;fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st41{fill:none;stroke:#EEF406;stroke-width:2.4596;stroke-miterlimit:10;}
+	.st40{opacity:0.4;fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st41{fill:none;stroke:#F29202;stroke-width:2.4596;stroke-miterlimit:10;}
 	.st42{fill:#011F38;}
 	.st43{opacity:0.4;}
 	.st44{opacity:0.1;}
-	.st45{fill:#326DE6;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
+	.st45{fill:#326DE6;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
 	.st46{fill:none;stroke:#FFFFFF;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
 	.st47{fill:#06F7C9;stroke:#FFFFFF;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st48{fill:none;stroke:#011F38;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
@@ -57,10 +57,10 @@
 	.st51{fill:#8115FF;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st52{opacity:0.3;}
 	.st53{opacity:0.2;fill:#6D6E71;}
-	.st54{fill:#EEF406;}
+	.st54{fill:#F29202;}
 	.st55{fill:#06F7C9;}
 	.st56{fill:#FFFFFF;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st57{fill:#FFFFFF;stroke:#EEF406;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st57{fill:#FFFFFF;stroke:#F29202;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
 	.st58{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4938,1.6626;}
 	.st59{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.0084,1.3389;}
 	.st60{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.724,1.816;}
diff --git a/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling2.svg b/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling2.svg
index 53971c5a21c37..86be02afb272e 100644
--- a/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling2.svg
+++ b/content/en/docs/tutorials/kubernetes-basics/public/images/module_05_scaling2.svg
@@ -24,13 +24,13 @@
 	.st18{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
 	.st19{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3749,1.5832;}
 	.st20{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4006,1.6004;}
-	.st21{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st22{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st23{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
-	.st24{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
-	.st25{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
-	.st26{opacity:0.1;fill:#EEF406;}
-	.st27{opacity:2.000000e-02;fill:#EEF406;}
+	.st21{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st22{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st23{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
+	.st24{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
+	.st25{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
+	.st26{opacity:0.1;fill:#F29202;}
+	.st27{opacity:2.000000e-02;fill:#F29202;}
 	.st28{opacity:0.1;fill:#06F7C9;}
 	.st29{fill:none;stroke:#006DE9;stroke-width:0.8;stroke-miterlimit:10;}
 	.st30{opacity:0.1;fill:url(#SVGID_3_);}
@@ -43,12 +43,12 @@
 	.st37{opacity:0.1;fill:url(#SVGID_9_);}
 	.st38{opacity:0.1;fill:url(#SVGID_10_);}
 	.st39{fill:none;stroke:#326DE6;stroke-width:2;stroke-miterlimit:10;}
-	.st40{opacity:0.4;fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st41{fill:none;stroke:#EEF406;stroke-width:2.4596;stroke-miterlimit:10;}
+	.st40{opacity:0.4;fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st41{fill:none;stroke:#F29202;stroke-width:2.4596;stroke-miterlimit:10;}
 	.st42{fill:#011F38;}
 	.st43{opacity:0.4;}
 	.st44{opacity:0.1;}
-	.st45{fill:#326DE6;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
+	.st45{fill:#326DE6;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
 	.st46{fill:none;stroke:#FFFFFF;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
 	.st47{fill:#06F7C9;stroke:#FFFFFF;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st48{fill:none;stroke:#011F38;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
@@ -57,10 +57,10 @@
 	.st51{fill:#8115FF;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st52{opacity:0.3;}
 	.st53{opacity:0.2;fill:#6D6E71;}
-	.st54{fill:#EEF406;}
+	.st54{fill:#F29202;}
 	.st55{fill:#06F7C9;}
 	.st56{fill:#FFFFFF;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st57{fill:#FFFFFF;stroke:#EEF406;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st57{fill:#FFFFFF;stroke:#F29202;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
 	.st58{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4938,1.6626;}
 	.st59{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.0084,1.3389;}
 	.st60{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.724,1.816;}
diff --git a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates1.svg b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates1.svg
index 53971c5a21c37..86be02afb272e 100644
--- a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates1.svg
+++ b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates1.svg
@@ -24,13 +24,13 @@
 	.st18{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
 	.st19{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3749,1.5832;}
 	.st20{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4006,1.6004;}
-	.st21{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st22{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st23{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
-	.st24{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
-	.st25{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
-	.st26{opacity:0.1;fill:#EEF406;}
-	.st27{opacity:2.000000e-02;fill:#EEF406;}
+	.st21{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st22{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st23{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
+	.st24{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
+	.st25{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
+	.st26{opacity:0.1;fill:#F29202;}
+	.st27{opacity:2.000000e-02;fill:#F29202;}
 	.st28{opacity:0.1;fill:#06F7C9;}
 	.st29{fill:none;stroke:#006DE9;stroke-width:0.8;stroke-miterlimit:10;}
 	.st30{opacity:0.1;fill:url(#SVGID_3_);}
@@ -43,12 +43,12 @@
 	.st37{opacity:0.1;fill:url(#SVGID_9_);}
 	.st38{opacity:0.1;fill:url(#SVGID_10_);}
 	.st39{fill:none;stroke:#326DE6;stroke-width:2;stroke-miterlimit:10;}
-	.st40{opacity:0.4;fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st41{fill:none;stroke:#EEF406;stroke-width:2.4596;stroke-miterlimit:10;}
+	.st40{opacity:0.4;fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st41{fill:none;stroke:#F29202;stroke-width:2.4596;stroke-miterlimit:10;}
 	.st42{fill:#011F38;}
 	.st43{opacity:0.4;}
 	.st44{opacity:0.1;}
-	.st45{fill:#326DE6;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
+	.st45{fill:#326DE6;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
 	.st46{fill:none;stroke:#FFFFFF;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
 	.st47{fill:#06F7C9;stroke:#FFFFFF;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st48{fill:none;stroke:#011F38;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
@@ -57,10 +57,10 @@
 	.st51{fill:#8115FF;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st52{opacity:0.3;}
 	.st53{opacity:0.2;fill:#6D6E71;}
-	.st54{fill:#EEF406;}
+	.st54{fill:#F29202;}
 	.st55{fill:#06F7C9;}
 	.st56{fill:#FFFFFF;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st57{fill:#FFFFFF;stroke:#EEF406;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st57{fill:#FFFFFF;stroke:#F29202;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
 	.st58{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4938,1.6626;}
 	.st59{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.0084,1.3389;}
 	.st60{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.724,1.816;}
diff --git a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates2.svg b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates2.svg
index 9773502d209cf..9544b8b56898b 100644
--- a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates2.svg
+++ b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates2.svg
@@ -24,13 +24,13 @@
 	.st18{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
 	.st19{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3749,1.5832;}
 	.st20{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4006,1.6004;}
-	.st21{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st22{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st23{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
-	.st24{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
-	.st25{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
-	.st26{opacity:0.1;fill:#EEF406;}
-	.st27{opacity:2.000000e-02;fill:#EEF406;}
+	.st21{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st22{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st23{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
+	.st24{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
+	.st25{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
+	.st26{opacity:0.1;fill:#F29202;}
+	.st27{opacity:2.000000e-02;fill:#F29202;}
 	.st28{opacity:0.1;fill:#06F7C9;}
 	.st29{fill:none;stroke:#006DE9;stroke-width:0.8;stroke-miterlimit:10;}
 	.st30{opacity:0.1;fill:url(#SVGID_3_);}
@@ -43,12 +43,12 @@
 	.st37{opacity:0.1;fill:url(#SVGID_9_);}
 	.st38{opacity:0.1;fill:url(#SVGID_10_);}
 	.st39{fill:none;stroke:#326DE6;stroke-width:2;stroke-miterlimit:10;}
-	.st40{opacity:0.4;fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st41{fill:none;stroke:#EEF406;stroke-width:2.4596;stroke-miterlimit:10;}
+	.st40{opacity:0.4;fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st41{fill:none;stroke:#F29202;stroke-width:2.4596;stroke-miterlimit:10;}
 	.st42{fill:#011F38;}
 	.st43{opacity:0.4;}
 	.st44{opacity:0.1;}
-	.st45{fill:#326DE6;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
+	.st45{fill:#326DE6;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
 	.st46{fill:none;stroke:#FFFFFF;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
 	.st47{fill:#06F7C9;stroke:#FFFFFF;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st48{fill:none;stroke:#011F38;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
@@ -57,10 +57,10 @@
 	.st51{fill:#8115FF;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st52{opacity:0.3;}
 	.st53{opacity:0.2;fill:#6D6E71;}
-	.st54{fill:#EEF406;}
+	.st54{fill:#F29202;}
 	.st55{fill:#06F7C9;}
 	.st56{fill:#FFFFFF;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st57{fill:#FFFFFF;stroke:#EEF406;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st57{fill:#FFFFFF;stroke:#F29202;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
 	.st58{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4938,1.6626;}
 	.st59{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.0084,1.3389;}
 	.st60{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.724,1.816;}
diff --git a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates3.svg b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates3.svg
index 15bd6e6033ebe..55a392dc4c9d2 100644
--- a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates3.svg
+++ b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates3.svg
@@ -24,13 +24,13 @@
 	.st18{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
 	.st19{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3749,1.5832;}
 	.st20{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4006,1.6004;}
-	.st21{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st22{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st23{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
-	.st24{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
-	.st25{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
-	.st26{opacity:0.1;fill:#EEF406;}
-	.st27{opacity:2.000000e-02;fill:#EEF406;}
+	.st21{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st22{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st23{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
+	.st24{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
+	.st25{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
+	.st26{opacity:0.1;fill:#F29202;}
+	.st27{opacity:2.000000e-02;fill:#F29202;}
 	.st28{opacity:0.1;fill:#06F7C9;}
 	.st29{fill:none;stroke:#006DE9;stroke-width:0.8;stroke-miterlimit:10;}
 	.st30{opacity:0.1;fill:url(#SVGID_3_);}
@@ -43,12 +43,12 @@
 	.st37{opacity:0.1;fill:url(#SVGID_9_);}
 	.st38{opacity:0.1;fill:url(#SVGID_10_);}
 	.st39{fill:none;stroke:#326DE6;stroke-width:2;stroke-miterlimit:10;}
-	.st40{opacity:0.4;fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st41{fill:none;stroke:#EEF406;stroke-width:2.4596;stroke-miterlimit:10;}
+	.st40{opacity:0.4;fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st41{fill:none;stroke:#F29202;stroke-width:2.4596;stroke-miterlimit:10;}
 	.st42{fill:#011F38;}
 	.st43{opacity:0.4;}
 	.st44{opacity:0.1;}
-	.st45{fill:#326DE6;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
+	.st45{fill:#326DE6;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
 	.st46{fill:none;stroke:#FFFFFF;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
 	.st47{fill:#06F7C9;stroke:#FFFFFF;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st48{fill:none;stroke:#011F38;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
@@ -57,10 +57,10 @@
 	.st51{fill:#8115FF;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st52{opacity:0.3;}
 	.st53{opacity:0.2;fill:#6D6E71;}
-	.st54{fill:#EEF406;}
+	.st54{fill:#F29202;}
 	.st55{fill:#06F7C9;}
 	.st56{fill:#FFFFFF;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st57{fill:#FFFFFF;stroke:#EEF406;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st57{fill:#FFFFFF;stroke:#F29202;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
 	.st58{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4938,1.6626;}
 	.st59{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.0084,1.3389;}
 	.st60{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.724,1.816;}
diff --git a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates4.svg b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates4.svg
index a326317a50a1d..39437d7e7dc2b 100644
--- a/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates4.svg
+++ b/content/en/docs/tutorials/kubernetes-basics/public/images/module_06_rollingupdates4.svg
@@ -24,13 +24,13 @@
 	.st18{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
 	.st19{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3749,1.5832;}
 	.st20{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4006,1.6004;}
-	.st21{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st22{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st23{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
-	.st24{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
-	.st25{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
-	.st26{opacity:0.1;fill:#EEF406;}
-	.st27{opacity:2.000000e-02;fill:#EEF406;}
+	.st21{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st22{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st23{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
+	.st24{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
+	.st25{fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
+	.st26{opacity:0.1;fill:#F29202;}
+	.st27{opacity:2.000000e-02;fill:#F29202;}
 	.st28{opacity:0.1;fill:#06F7C9;}
 	.st29{fill:none;stroke:#006DE9;stroke-width:0.8;stroke-miterlimit:10;}
 	.st30{opacity:0.1;fill:url(#SVGID_3_);}
@@ -43,12 +43,12 @@
 	.st37{opacity:0.1;fill:url(#SVGID_9_);}
 	.st38{opacity:0.1;fill:url(#SVGID_10_);}
 	.st39{fill:none;stroke:#326DE6;stroke-width:2;stroke-miterlimit:10;}
-	.st40{opacity:0.4;fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st41{fill:none;stroke:#EEF406;stroke-width:2.4596;stroke-miterlimit:10;}
+	.st40{opacity:0.4;fill:none;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
+	.st41{fill:none;stroke:#F29202;stroke-width:2.4596;stroke-miterlimit:10;}
 	.st42{fill:#011F38;}
 	.st43{opacity:0.4;}
 	.st44{opacity:0.1;}
-	.st45{fill:#326DE6;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
+	.st45{fill:#326DE6;stroke:#F29202;stroke-width:2;stroke-miterlimit:10;}
 	.st46{fill:none;stroke:#FFFFFF;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
 	.st47{fill:#06F7C9;stroke:#FFFFFF;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st48{fill:none;stroke:#011F38;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
@@ -57,10 +57,10 @@
 	.st51{fill:#8115FF;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
 	.st52{opacity:0.3;}
 	.st53{opacity:0.2;fill:#6D6E71;}
-	.st54{fill:#EEF406;}
+	.st54{fill:#F29202;}
 	.st55{fill:#06F7C9;}
 	.st56{fill:#FFFFFF;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st57{fill:#FFFFFF;stroke:#EEF406;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
+	.st57{fill:#FFFFFF;stroke:#F29202;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
 	.st58{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4938,1.6626;}
 	.st59{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.0084,1.3389;}
 	.st60{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.724,1.816;}

From d174742c461e8f1ea8806858f9870898ff7dd708 Mon Sep 17 00:00:00 2001
From: "Lubomir I. Ivanov" <lubomirivanov@vmware.com>
Date: Thu, 9 Nov 2023 13:44:36 +0200
Subject: [PATCH 03/11] kubeadm: add section on how to use the "generate-csr"
 command

The "generate-csr" command is useful in cases users don't
wish to use the default certificate duration that kubeadm has
hardcoded to 1 year. The command can also be used when the
certificate rotation process is done manually, out of bounds
with an external CA.
---
 .../setup-tools/kubeadm/kubeadm-certs.md      |   4 +-
 .../kubeadm/kubeadm-certs.md                  | 268 ++++++++++++++++--
 2 files changed, 250 insertions(+), 22 deletions(-)

diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md
index 3bce10ccf0b67..f4951290cf804 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md
@@ -60,7 +60,9 @@ For more details see
 ## kubeadm certs generate-csr {#cmd-certs-generate-csr}
 
 This command can be used to generate keys and CSRs for all control-plane certificates and kubeconfig files.
-The user can then sign the CSRs with a CA of their choice.
+The user can then sign the CSRs with a CA of their choice. To read more information
+on how to use the command see
+[Signing certificate signing requests (CSR) generated by kubeadm](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs#signing-csr).
 
 {{< tabs name="tab-certs-generate-csr" >}}
 {{< tab name="generate-csr" include="generated/kubeadm_certs_generate-csr.md" />}}
diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
index fead85f7e6af4..b745a22792c75 100644
--- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
+++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
@@ -225,28 +225,11 @@ A CSR represents a request to a CA for a signed certificate for a client.
 In kubeadm terms, any certificate that would normally be signed by an on-disk CA can be produced
 as a CSR instead. A CA, however, cannot be produced as a CSR.
 
-### Create certificate signing requests (CSR)
-
-You can create certificate signing requests with `kubeadm certs renew --csr-only`.
-
-Both the CSR and the accompanying private key are given in the output.
-You can pass in a directory with `--csr-dir` to output the CSRs to the specified location.
-If `--csr-dir` is not specified, the default certificate directory (`/etc/kubernetes/pki`) is used.
-
-Certificates can be renewed with `kubeadm certs renew --csr-only`.
-As with `kubeadm init`, an output directory can be specified with the `--csr-dir` flag.
-
-A CSR contains a certificate's name, domains, and IPs, but it does not specify usages.
-It is the responsibility of the CA to specify [the correct cert usages](/docs/setup/best-practices/certificates/#all-certificates)
-when issuing a certificate.
+### Renewal by using certificate signing requests (CSR)
 
-* In `openssl` this is done with the
-  [`openssl ca` command](https://superuser.com/questions/738612/openssl-ca-keyusage-extension).
-* In `cfssl` you specify
-  [usages in the config file](https://github.com/cloudflare/cfssl/blob/master/doc/cmd/cfssl.txt#L170).
-
-After a certificate is signed using your preferred method, the certificate and the private key
-must be copied to the PKI directory (by default `/etc/kubernetes/pki`).
+Renewal of ceritficates is possible by generating new CSRs and signing them with the external CA.
+For more details about working with CSRs generated by kubeadm see the section
+[Signing certificate signing requests (CSR) generated by kubeadm](#signing-csr).
 
 ## Certificate authority (CA) rotation {#certificate-authority-rotation}
 
@@ -373,3 +356,246 @@ The following example will generate a kubeconfig file with administrator credent
 ```shell
 kubeadm kubeconfig user --config example.yaml --client-name admin --validity-period 168h
 ```
+
+## Signing certificate signing requests (CSR) generated by kubeadm {#signing-csr}
+
+You can create certificate signing requests with `kubeadm certs generate-csr`.
+Calling this command will generate `.csr` / `.key` file pairs for regular
+certificates. For certificates embedded in kubeconfig files, the command will
+generate a `.csr` / `.conf` pair where the key is already embedded in the `.conf` file.
+
+A CSR file contains all relevant information for a CA to sign a certificate.
+kubeadm uses a
+[well defined specification](/docs/setup/best-practices/certificates/#all-certificates)
+for all its certificates and CSRs.
+
+The default certificate directory is `/etc/kubernetes/pki`, while the default
+directory for kubeconfig files is `/etc/kubernetes`. These defaults can be
+overridden with the flags `--cert-dir` and `--kubeconfig-dir`, respectively.
+
+To pass custom options to `kubeadm certs generate-csr` use the `--config` flag,
+which accepts a [kubeadm configuration](/docs/reference/config-api/kubeadm-config.v1beta3/)
+file, similarly to commands such as `kubeadm init`. Any specification such
+as extra SANs and custom IP addresses must be stored in the same configuration
+file and used for all relevant kubeadm commands by passing it as `--config`.
+
+{{< note >}}
+This guide will cover the usage of the `openssl` command for singing the CSRs,
+but you can use your preferred tools.
+{{< /note >}}
+
+{{< note >}}
+This guide will use the default Kubernetes directory `/etc/kubernetes`, which requires
+a super user. If you are following this guide with permissive directories
+(by passing `--cert-dir` and `--kubeconfig-dir`) you can omit the `sudo` command).
+But note that the resulted files must be copied to the `/etc/kubernetes` tree,
+so that `kubeadm init` or `kubeadm join` will find them.
+{{< /note >}}
+
+### Preparing CA and service account files
+
+On the primary control plane node, where `kubeadm init` will be executed, call the following
+commands:
+
+```shell
+sudo kubeadm init phase certs ca
+sudo kubeadm init phase certs etcd-ca
+sudo kubeadm init phase certs front-proxy-ca
+sudo kubeadm init phase certs sa
+```
+
+This will populate the folders `/etc/kubernetes/pki` and `/etc/kubernetes/pki/etcd`
+with all self-signed CA files (certificates and keys) and service account (public and
+private keys) that kubeadm needs for a control plane node.
+
+{{< note >}}
+If you are using an external CA, you must generate the same files out of band and manually
+copy them to the primary control plane node in `/etc/kubernetes`. Once all CSRs
+are signed, you can delete the root CA key (`ca.key`) as noted in the
+[External CA mode](#external-ca-mode) section.
+{{< /note >}}
+
+For secondary control plane nodes (`kubeadm join --control-plane`) there is no need to call
+the above commands. Depending on how you setup the
+[High Availability](/docs/setup/production-environment/tools/kubeadm/high-availability)
+cluster, you either have to manually copy the same files from the primary
+control plane node, or use the automated `--upload-certs` functionality of `kubeadm init`.
+
+### Generate CSRs
+
+The `kubeadm certs generate-csr` command generates CSRs for all known certificates
+managed by kubeadm. Once the command is done you must manually delete `.csr`, `.conf`
+or `.key` files that you don't need.
+
+#### Considerations for kubelet.conf {#considerations-kubelet-conf}
+
+This section applies to both control plane and worker nodes.
+
+If you have deleted the `ca.key` file from control plane nodes
+([External CA mode](#external-ca-mode)), the active kube-controller-manager in
+this cluster will not be able to sign kubelet client certificates. If no external
+method for signing these certificates exists in your setup (such as an
+[external signer](#set-up-a-signer), you could manually sign the `kubelet.conf.csr`
+as explained in this guide.
+
+Note that this also means that the automatic
+[kubelet client certificate rotation](/docs/tasks/tls/certificate-rotation/#enabling-client-certificate-rotation)
+will be disabled. If so, close to certificate expiration, you must generate
+a new `kubelet.conf.csr`, sign the certificate, embed it in `kubelet.conf`
+and restart the kubelet.
+
+If this does not apply to your setup, you can skip processing the `kubelet.conf.csr`
+on secondary control plane and on workers nodes (all nodes tha call `kubeadm join ...`).
+That is because the active kube-controller-manager will be responsible
+for signing new kubelet client certificates.
+
+{{< note >}}
+Processing the `kubelet.conf.csr` on the primary control plane node
+(`kubeadm init`) is required, because that is considered the node that
+bootstraps the cluster and a pre-populated `kubelet.conf` is needed.
+{{< /note >}}
+
+#### Control plane nodes
+
+Execute the following command on primary (`kubeadm init`) and secondary
+(`kubeadm join --control-plane`) control plane nodes to generate all CSR files:
+
+```shell
+sudo kubeadm certs generate-csr
+```
+
+If external etcd is to be used, follow the
+[External etcd with kubeadm](docs/setup/production-environment/tools/kubeadm/high-availability/#external-etcd-nodes)
+guide to understand what CSR files are needed on the kubeadm and etcd nodes. Other
+`.csr` and `.key` files under `/etc/kubernetes/pki/etcd` can be removed.
+
+Based on the explanation in
+[Considerations for kubelet.conf](#considerations-kubelet-conf) keep or delete
+the `kubelet.conf` and `kubelet.conf.csr` files.
+
+#### Worker nodes
+
+Based on the explanation in
+[Considerations for kubelet.conf](#considerations-kubelet-conf), optionally call:
+
+```shell
+sudo kubeadm certs generate-csr
+```
+
+and keep only the `kubelet.conf` and `kubelet.conf.csr` files. Alternatively skip
+the steps for worker nodes entirely.
+
+### Signing CSRs for all certificates
+
+{{< note >}}
+If you are using external CA and already have CA serial number files (`.srl`) for
+`openssl` you can copy such files to a kubeadm node where CSRs will be processed.
+`.srl` files to copy are `/etc/kubernetes/pki/ca.srl`,
+`/etc/kubernetes/pki/front-proxy-ca.srl` and `/etc/kubernetes/pki/etcd/ca.srl`.
+The files can be then moved to a new node where CSR files will be processed.
+
+If a `.srl` file is missing for a CA on a node, the script below will generate a new SRL file
+with a random starting serial number.
+
+To read more about `.srl` files see the
+[`openssl`](https://www.openssl.org/docs/man3.0/man1/openssl-x509.html)
+documentation for the `--CAserial` flag.
+{{< /note >}}
+
+Repeat this step for all nodes that have CSR files.
+
+Write the following script in the `/etc/kubernetes` directory, navigate to the directory
+and execute the script. The script will generate certificates for all CSR files that are
+present in the `/etc/kubernetes` tree.
+
+```bash
+#!/bin/bash
+
+# Set certificate expiration time in days
+DAYS=365
+
+# Process all CSR files except those for front-proxy and etcd
+find ./ -name "*.csr" | grep -v "pki/etcd" | grep -v "front-proxy" | while read -r FILE;
+do
+    echo "* Processing ${FILE} ..."
+    FILE=${FILE%.*} # Trim the extension
+    if [ -f "./pki/ca.srl" ]; then
+        SERIAL_FLAG="-CAserial ./pki/ca.srl"
+    else
+        SERIAL_FLAG="-CAcreateserial"
+    fi
+    openssl x509 -req -days "${DAYS}" -CA ./pki/ca.crt -CAkey ./pki/ca.key ${SERIAL_FLAG} \
+        -in "${FILE}.csr" -out "${FILE}.crt"
+    sleep 2
+done
+
+# Process all etcd CSRs
+find ./pki/etcd -name "*.csr" | while read -r FILE;
+do
+    echo "* Processing ${FILE} ..."
+    FILE=${FILE%.*} # Trim the extension
+    if [ -f "./pki/etcd/ca.srl" ]; then
+        SERIAL_FLAG=-CAserial ./pki/etcd/ca.srl
+    else
+        SERIAL_FLAG=-CAcreateserial
+    fi
+    openssl x509 -req -days "${DAYS}" -CA ./pki/etcd/ca.crt -CAkey ./pki/etcd/ca.key ${SERIAL_FLAG} \
+        -in "${FILE}.csr" -out "${FILE}.crt"
+done
+
+# Process front-proxy CSRs
+echo "* Processing ./pki/front-proxy-client.csr ..."
+openssl x509 -req -days "${DAYS}" -CA ./pki/front-proxy-ca.crt -CAkey ./pki/front-proxy-ca.key -CAcreateserial \
+    -in ./pki/front-proxy-client.csr -out ./pki/front-proxy-client.crt
+```
+
+### Embedding certificates in kubeconfig files
+
+Repeat this step for all nodes that have CSR files.
+
+Write the following script in the `/etc/kubernetes` directory, navigate to the directory
+and execute the script. The script will take the `.crt` files that were signed for
+kubeconfig files from CSRs in the previous step and will embed them in the kubeconfig files.
+
+```bash
+#!/bin/bash
+
+CLUSTER=kubernetes
+find ./ -name "*.conf" | while read -r FILE;
+do
+    echo "* Processing ${FILE} ..."
+    KUBECONFIG="${FILE}" kubectl config set-cluster "${CLUSTER}" --certificate-authority ./pki/ca.crt --embed-certs
+    USER=$(KUBECONFIG="${FILE}" kubectl config view -o jsonpath='{.users[0].name}')
+    KUBECONFIG="${FILE}" kubectl config set-credentials "${USER}" --client-certificate "${FILE}.crt" --embed-certs
+done
+```
+
+### Performing cleanup {#post-csr-cleanup}
+
+Perform this step on all nodes that have CSR files.
+
+Write the following script in the `/etc/kubernetes` directory, navigate to the directory
+and execute the script.
+
+```bash
+#!/bin/bash
+
+# Cleanup CSR files
+rm -f ./*.csr ./pki/*.csr ./pki/etcd/*.csr # Clean all CSR files
+
+# Cleanup CRT files that were already embedded in kubeconfig files
+rm -f ./*.crt
+```
+
+Optionally, move `.srl` files to the next node to be processed.
+
+Optionally, if using external CA remove the `/etc/kubernetes/pki/ca.key` file,
+as explained in the [External CA node](#external-ca-mode) section.
+
+### kubeadm node initialization
+
+Once CSR files have been signed and required certificates are in place on the hosts
+you want to use as nodes, you can use the commands `kubeadm init` and `kubeadm join`
+to create a Kubernetes cluster from these nodes. During `init` and `join`, kubeadm
+uses existing certificates, encryption keys and kubeconfig files that it finds in the
+`/etc/kubernetes` tree on the host's local filesystem.

From bc7c1dbd9697d3aa0af5e298ed8bc9e174c7d925 Mon Sep 17 00:00:00 2001
From: lakshmi <thummala.prasuna@india.nec.com>
Date: Fri, 6 Oct 2023 16:31:14 +0530
Subject: [PATCH 04/11] added a new concept page Sidecar containers and revise
 details details of init containers and pod lifecycle.

---
 .../workloads/pods/init-containers.md         |  86 +++++-------
 .../concepts/workloads/pods/pod-lifecycle.md  |  23 +++-
 .../workloads/pods/sidecar-containers.md      | 123 ++++++++++++++++++
 3 files changed, 177 insertions(+), 55 deletions(-)
 create mode 100644 content/en/docs/concepts/workloads/pods/sidecar-containers.md

diff --git a/content/en/docs/concepts/workloads/pods/init-containers.md b/content/en/docs/concepts/workloads/pods/init-containers.md
index 2533c286d7907..e9e1b748abfb7 100644
--- a/content/en/docs/concepts/workloads/pods/init-containers.md
+++ b/content/en/docs/concepts/workloads/pods/init-containers.md
@@ -14,6 +14,9 @@ Init containers can contain utilities or setup scripts not present in an app ima
 You can specify init containers in the Pod specification alongside the `containers`
 array (which describes app containers).
 
+In Kubernetes, a [sidecar container](/docs/concepts/workloads/pods/sidecar-containers/) is a container that
+starts before the main application container and _continues to run_. This document is about init containers:
+containers that run to completion during Pod initialization.
 
 <!-- body -->
 
@@ -48,14 +51,33 @@ including resource limits, [volumes](/docs/concepts/storage/volumes/), and secur
 resource requests and limits for an init container are handled differently,
 as documented in [Resource sharing within containers](#resource-sharing-within-containers).
 
-Also, init containers do not support `lifecycle`, `livenessProbe`, `readinessProbe`, or
-`startupProbe` because they must run to completion before the Pod can be ready.
+Regular init containers (in other words: excluding sidecar containers) do not support the
+`lifecycle`, `livenessProbe`, `readinessProbe`, or `startupProbe` fields. Init containers
+must run to completion before the Pod can be ready; sidecar containers continue running
+during a Pod's lifetime, and _do_ support some probes. See [sidecar container](/docs/concepts/workloads/pods/sidecar-containers/)
+for further details about sidecar containers.
 
 If you specify multiple init containers for a Pod, kubelet runs each init
 container sequentially. Each init container must succeed before the next can run.
 When all of the init containers have run to completion, kubelet initializes
 the application containers for the Pod and runs them as usual.
 
+### Differences from sidecar containers
+
+Init containers run and complete their tasks before the main application container starts.
+Unlike [sidecar containers](/docs/concepts/workloads/pods/sidecar-containers),
+init containers are not continuously running alongside the main containers.
+
+Init containers run to completion sequentially, and the main container does not start
+until all the init containers have successfully completed.
+
+init containers do not support `lifecycle`, `livenessProbe`, `readinessProbe`, or
+`startupProbe` whereas sidecar containers support all these [probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe) to control their lifecycle.
+
+Init containers share the same resources (CPU, memory, network) with the main application
+containers but do not interact directly with them. They can, however, use shared volumes
+for data exchange.
+
 ## Using init containers
 
 Because init containers have separate images from app containers, they
@@ -289,51 +311,9 @@ The Pod which is already running correctly would be killed by `activeDeadlineSec
 The name of each app and init container in a Pod must be unique; a
 validation error is thrown for any container sharing a name with another.
 
-#### API for sidecar containers
-
-{{< feature-state for_k8s_version="v1.28" state="alpha" >}}
-
-Starting with Kubernetes 1.28 in alpha, a feature gate named `SidecarContainers`
-allows you to specify a `restartPolicy` for init containers which is independent of
-the Pod and other init containers. Container [probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe)
-can also be added to control their lifecycle.
-
-If an init container is created with its `restartPolicy` set to `Always`, it will
-start and remain running during the entire life of the Pod, which is useful for
-running supporting services separated from the main application containers.
-
-If a `readinessProbe` is specified for this init container, its result will be used
-to determine the `ready` state of the Pod.
-
-Since these containers are defined as init containers, they benefit from the same
-ordering and sequential guarantees as other init containers, allowing them to
-be mixed with other init containers into complex Pod initialization flows.
-
-Compared to regular init containers, sidecar-style init containers continue to
-run and the next init container can begin starting once the kubelet has set
-the `started` container status for the sidecar-style init container to true.
-That status either becomes true because there is a process running in the
-container and no startup probe defined, or
-as a result of its `startupProbe` succeeding.
-
-This feature can be used to implement the sidecar container pattern in a more
-robust way, as the kubelet always restarts a sidecar container if it fails.
-
-Here's an example of a Deployment with two containers, one of which is a sidecar:
-
-{{% code_sample language="yaml" file="application/deployment-sidecar.yaml" %}}
-
-This feature is also useful for running Jobs with sidecars, as the sidecar
-container will not prevent the Job from completing after the main container
-has finished.
-
-Here's an example of a Job with two containers, one of which is a sidecar:
-
-{{% code_sample language="yaml" file="application/job/job-sidecar.yaml" %}}
-
-#### Resource sharing within containers
+### Resource sharing within containers
 
-Given the ordering and execution for init containers, the following rules
+Given the order of execution for init, sidecar and app containers, the following rules
 for resource usage apply:
 
 * The highest of any particular resource request or limit defined on all init
@@ -354,6 +334,10 @@ limit.
 Pod level control groups (cgroups) are based on the effective Pod request and
 limit, the same as the scheduler.
 
+{{< comment >}}
+This section also present under [sidecar containers](/docs/concepts/workloads/pods/sidecar-containers/) page.
+If you're editing this section, change both places.
+{{< /comment >}}
 
 ### Pod restart reasons
 
@@ -373,7 +357,9 @@ Kubernetes, consult the documentation for the version you are using.
 
 ## {{% heading "whatsnext" %}}
 
-* Read about [creating a Pod that has an init container](/docs/tasks/configure-pod-container/configure-pod-initialization/#create-a-pod-that-has-an-init-container)
-* Learn how to [debug init containers](/docs/tasks/debug/debug-application/debug-init-containers/)
-* Read about an overview of [kubelet](/docs/reference/command-line-tools-reference/kubelet/) and [kubectl](/docs/reference/kubectl/)
-* Learn about the [types of probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe): liveness, readiness, startup probe.
+Learn more about the following:
+* [Creating a Pod that has an init container](/docs/tasks/configure-pod-container/configure-pod-initialization/#create-a-pod-that-has-an-init-container).
+* [Debug init containers](/docs/tasks/debug/debug-application/debug-init-containers/).
+* Overview of [kubelet](/docs/reference/command-line-tools-reference/kubelet/) and [kubectl](/docs/reference/kubectl/).
+* [Types of probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe): liveness, readiness, startup probe.
+* [Sidecar containers](/docs/concepts/workloads/pods/sidecar-containers).
\ No newline at end of file
diff --git a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md
index 1f73ccbe3ff99..6453bfcb23353 100644
--- a/content/en/docs/concepts/workloads/pods/pod-lifecycle.md
+++ b/content/en/docs/concepts/workloads/pods/pod-lifecycle.md
@@ -150,11 +150,22 @@ the `Terminated` state.
 The `spec` of a Pod has a `restartPolicy` field with possible values Always, OnFailure,
 and Never. The default value is Always.
 
-The `restartPolicy` applies to all containers in the Pod. `restartPolicy` only
-refers to restarts of the containers by the kubelet on the same node. After containers
-in a Pod exit, the kubelet restarts them with an exponential back-off delay (10s, 20s,
-40s, …), that is capped at five minutes. Once a container has executed for 10 minutes
-without any problems, the kubelet resets the restart backoff timer for that container.
+The `restartPolicy` for a Pod applies to {{< glossary_tooltip text="app containers" term_id="app-container" >}}
+in the Pod and to regular [init containers](/docs/concepts/workloads/pods/init-containers/).
+[Sidecar containers](/docs/concepts/workloads/pods/sidecar-containers/)
+ignore the Pod-level `restartPolicy` field: in Kubernetes, a sidecar is defined as an
+entry inside `initContainers` that has its container-level `restartPolicy` set to `Always`.
+For init containers that exit with an error, the kubelet restarts the init container if
+the Pod level `restartPolicy` is either `OnFailure` or `Always`.
+
+When the kubelet is handling container restarts according to the configured restart
+policy, that only applies to restarts that make replacement containers inside the
+same Pod and running on the same node. After containers in a Pod exit, the kubelet
+restarts them with an exponential back-off delay (10s, 20s,40s, …), that is capped at
+five minutes. Once a container has executed for 10 minutes without any problems, the
+kubelet resets the restart backoff timer for that container.
+[Sidecar containers and Pod lifecycle](/docs/concepts/workloads/pods/sidecar-containers/#sidecar-containers-and-pod-lifecycle)
+explains the behaviour of `init containers` when specify `restartpolicy` field on it.
 
 ## Pod conditions
 
@@ -582,6 +593,8 @@ for more details.
 
 * Learn more about [container lifecycle hooks](/docs/concepts/containers/container-lifecycle-hooks/).
 
+* Learn more about [sidecar containers](/docs/concepts/workloads/pods/sidecar-containers/).
+
 * For detailed information about Pod and container status in the API, see
   the API reference documentation covering
   [`status`](/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodStatus) for Pod.
diff --git a/content/en/docs/concepts/workloads/pods/sidecar-containers.md b/content/en/docs/concepts/workloads/pods/sidecar-containers.md
new file mode 100644
index 0000000000000..6d36283add31b
--- /dev/null
+++ b/content/en/docs/concepts/workloads/pods/sidecar-containers.md
@@ -0,0 +1,123 @@
+---
+title: Sidecar Containers
+content_type: concept
+weight: 50
+---
+
+<!-- overview -->
+{{< feature-state for_k8s_version="v1.28" state="alpha" >}}
+
+Sidecar containers are the secondary containers that run along with the main
+application container within the same {{< glossary_tooltip text="Pod" term_id="pod" >}}.
+These containers are used to enhance or to extend the functionality of the main application
+container by providing additional services, or functionality such as logging, monitoring,
+security, or data synchronization, without directly altering the primary application code.
+
+<!-- body -->
+
+## Enabling sidecar containers
+
+Starting with Kubernetes 1.28, a
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) named
+`SidecarContainers` allows you to specify a `restartPolicy` for containers listed in a
+Pod's `initContainers` field. These restartable _sidecar_ containers are independent with
+other [init containers](/docs/concepts/workloads/pods/init-containers/) and main
+application container within the same pod. These can be started, stopped, or restarted
+without effecting the main application container and other init containers.
+
+## Sidecar containers and Pod lifecycle
+
+If an init container is created with its `restartPolicy` set to `Always`, it will
+start and remain running during the entire life of the Pod. This can be helpful for
+running supporting services separated from the main application containers.
+
+If a `readinessProbe` is specified for this init container, its result will be used
+to determine the `ready` state of the Pod.
+
+Since these containers are defined as init containers, they benefit from the same
+ordering and sequential guarantees as other init containers, allowing them to
+be mixed with other init containers into complex Pod initialization flows.
+
+Compared to regular init containers, sidecars defined within `initContainers` continue to
+run after they have started. This is important when there is more than one entry inside
+`.spec.initContainers` for a Pod. After a sidecar-style init container is running (the kubelet
+has set the `started` status for that init container to true), the kubelet then starts the
+next init container from the ordered `.spec.initContainers` list.
+That status either becomes true because there is a process running in the
+container and no startup probe defined, or as a result of its `startupProbe` succeeding.
+
+Here's an example of a Deployment with two containers, one of which is a sidecar:
+
+{{% code_sample language="yaml" file="application/deployment-sidecar.yaml" %}}
+
+This feature is also useful for running Jobs with sidecars, as the sidecar
+container will not prevent the Job from completing after the main container
+has finished.
+
+Here's an example of a Job with two containers, one of which is a sidecar:
+
+{{% code_sample language="yaml" file="application/job/job-sidecar.yaml" %}}
+By default, this feature is not available in Kubernetes. To avail this feature, you
+need to enable the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+named `SidecarContainers`.
+
+## Differences from regular containers
+
+Sidecar containers run alongside regular containers in the same pod. However, they do not
+execute the primary application logic; instead, they provide supporting functionality to
+the main application.
+
+Sidecar containers have their own independent lifecycles. They can be started, stopped,
+and restarted independently of regular containers. This means you can update, scale, or
+maintain sidecar containers without affecting the primary application.
+
+Sidecar containers share the same network and storage namespaces with the primary
+container This co-location allows them to interact closely and share resources.
+
+## Differences from init containers
+
+Sidecar containers work alongside the main container, extending its functionality and
+providing additional services.
+
+Sidecar containers run concurrently with the main application container. They are active
+throughout the lifecycle of the pod and can be started and stopped independently of the
+main container. Unlike [init containers](/docs/concepts/workloads/pods/init-containers/),
+sidecar containers support [probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe) to control their lifecycle.
+
+These containers can interact directly with the main application containers, sharing
+the same network namespace, filesystem, and environment variables. They work closely
+together to provide additional functionality.
+
+## Resource sharing within containers
+
+{{< comment >}}
+This section is also present in the [init containers](/docs/concepts/workloads/pods/init-containers/) page.
+If you're editing this section, change both places.
+{{< /comment >}}
+
+Given the order of execution for init, sidecar and app containers, the following rules
+for resource usage apply:
+
+* The highest of any particular resource request or limit defined on all init
+  containers is the *effective init request/limit*. If any resource has no
+  resource limit specified this is considered as the highest limit.
+* The Pod's *effective request/limit* for a resource is the higher of:
+  * the sum of all app containers request/limit for a resource
+  * the effective init request/limit for a resource
+* Scheduling is done based on effective requests/limits, which means
+  init containers can reserve resources for initialization that are not used
+  during the life of the Pod.
+* The QoS (quality of service) tier of the Pod's *effective QoS tier* is the
+  QoS tier for init containers and app containers alike.
+
+Quota and limits are applied based on the effective Pod request and
+limit.
+
+Pod level control groups (cgroups) are based on the effective Pod request and
+limit, the same as the scheduler.
+
+## {{% heading "whatsnext" %}}
+
+* Read a blog post on [native sidecar containers](/blog/2023/08/25/native-sidecar-containers/).
+* Read about [creating a Pod that has an init container](/docs/tasks/configure-pod-container/configure-pod-initialization/#create-a-pod-that-has-an-init-container).
+* Learn about the [types of probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe): liveness, readiness, startup probe.
\ No newline at end of file

From 7518e4ef6d9e39348f7208d5937de1f75d407074 Mon Sep 17 00:00:00 2001
From: Arhell <arhell333@gmail.com>
Date: Mon, 4 Dec 2023 01:40:53 +0200
Subject: [PATCH 05/11] [pt] Update "Operator White Paper" link on operator.md
 page

---
 content/pt-br/docs/concepts/extend-kubernetes/operator.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/pt-br/docs/concepts/extend-kubernetes/operator.md b/content/pt-br/docs/concepts/extend-kubernetes/operator.md
index 771ba008e8b65..d7d7df1816625 100644
--- a/content/pt-br/docs/concepts/extend-kubernetes/operator.md
+++ b/content/pt-br/docs/concepts/extend-kubernetes/operator.md
@@ -93,7 +93,7 @@ A seguir estão algumas bibliotecas e ferramentas que você pode usar para escre
 ## {{% heading "whatsnext" %}} 
 
 
-* Leia o [whitepaper sobre operadores](https://github.com/cncf/tag-app-delivery/blob/eece8f7307f2970f46f100f51932db106db46968/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md) da {{< glossary_tooltip text="CNCF" term_id="cncf" >}}
+* Leia o [whitepaper sobre operadores](https://github.com/cncf/tag-app-delivery/blob/163962c4b1cd70d085107fc579e3e04c2e14d59c/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md) da {{< glossary_tooltip text="CNCF" term_id="cncf" >}}
 * Saiba mais sobre [Custom Resources](/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
 * Encontre operadores prontos em [OperatorHub.io](https://operatorhub.io/) para atender ao seu caso de uso
 * [Publique](https://operatorhub.io/) seu operador para outras pessoas usarem

From 83b1334ec3a4243e75f25e758d6029cabb99dc08 Mon Sep 17 00:00:00 2001
From: Rohan Kapse <112313349+rohan-kapse@users.noreply.github.com>
Date: Fri, 8 Dec 2023 18:27:56 +0530
Subject: [PATCH 06/11] Update service.md

---
 content/en/docs/concepts/services-networking/service.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md
index 53a1a9ac47984..d7fb1c365f0cc 100644
--- a/content/en/docs/concepts/services-networking/service.md
+++ b/content/en/docs/concepts/services-networking/service.md
@@ -866,10 +866,7 @@ finding a Service: environment variables and DNS.
 When a Pod is run on a Node, the kubelet adds a set of environment variables
 for each active Service. It adds `{SVCNAME}_SERVICE_HOST` and `{SVCNAME}_SERVICE_PORT` variables,
 where the Service name is upper-cased and dashes are converted to underscores.
-It also supports variables
-(see [makeLinkVariables](https://github.com/kubernetes/kubernetes/blob/dd2d12f6dc0e654c15d5db57a5f9f6ba61192726/pkg/kubelet/envvars/envvars.go#L72))
-that are compatible with Docker Engine's
-"_[legacy container links](https://docs.docker.com/network/links/)_" feature.
+
 
 For example, the Service `redis-primary` which exposes TCP port 6379 and has been
 allocated cluster IP address 10.0.0.11, produces the following environment

From 6edfcadcd217286d7d9fc0a8fc9e915b755896be Mon Sep 17 00:00:00 2001
From: Sarthak Patel <sarthakpatel230204@gmail.com>
Date: Fri, 8 Dec 2023 22:58:19 +0530
Subject: [PATCH 07/11] Fix Broken voyager link in ingress-controllers.md

---
 .../en/docs/concepts/services-networking/ingress-controllers.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/en/docs/concepts/services-networking/ingress-controllers.md b/content/en/docs/concepts/services-networking/ingress-controllers.md
index 3b7c50378f63a..1546e5e1a59a7 100644
--- a/content/en/docs/concepts/services-networking/ingress-controllers.md
+++ b/content/en/docs/concepts/services-networking/ingress-controllers.md
@@ -64,7 +64,7 @@ Kubernetes as a project supports and maintains [AWS](https://github.com/kubernet
 * The [Traefik Kubernetes Ingress provider](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) is an
   ingress controller for the [Traefik](https://traefik.io/traefik/) proxy.
 * [Tyk Operator](https://github.com/TykTechnologies/tyk-operator) extends Ingress with Custom Resources to bring API Management capabilities to Ingress. Tyk Operator works with the Open Source Tyk Gateway & Tyk Cloud control plane.
-* [Voyager](https://appscode.com/products/voyager) is an ingress controller for
+* [Voyager](https://voyagermesh.com) is an ingress controller for
   [HAProxy](https://www.haproxy.org/#desc).
 * [Wallarm Ingress Controller](https://www.wallarm.com/solutions/waf-for-kubernetes) is an Ingress Controller that provides WAAP (WAF) and API Security capabilities.
 

From d2492b5322d03130d7b335b0501e5adbf7fdf51a Mon Sep 17 00:00:00 2001
From: "xin.li" <xin.li@daocloud.io>
Date: Sat, 9 Dec 2023 22:48:05 +0800
Subject: [PATCH 08/11] [zh-cn] sync secret cheatsheet php-apache.yaml

Signed-off-by: xin.li <xin.li@daocloud.io>
---
 content/zh-cn/docs/concepts/configuration/secret.md    |  4 ++--
 content/zh-cn/docs/reference/kubectl/cheatsheet.md     |  2 +-
 content/zh-cn/examples/application/hpa/php-apache.yaml | 10 ++++++++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/content/zh-cn/docs/concepts/configuration/secret.md b/content/zh-cn/docs/concepts/configuration/secret.md
index ba68b02a2f646..0d463587de0e1 100644
--- a/content/zh-cn/docs/concepts/configuration/secret.md
+++ b/content/zh-cn/docs/concepts/configuration/secret.md
@@ -705,7 +705,7 @@ TLS Secret 的一种典型用法是为 [Ingress](/zh-cn/docs/concepts/services-n
 <!--
 The TLS Secret type is provided only for convenience.
 You can create an `Opaque` type for credentials used for TLS authentication.
-However, using the defined and public Secret type (`kubernetes.io/ssh-auth`)
+However, using the defined and public Secret type (`kubernetes.io/tls`)
 helps ensure the consistency of Secret format in your project. The API server
 verifies if the required keys are set for a Secret of this type.
 
@@ -713,7 +713,7 @@ To create a TLS Secret using `kubectl`, use the `tls` subcommand:
 -->
 提供 TLS 类型的 Secret 仅仅是出于方便性考虑。
 你可以创建 `Opaque` 类型的 Secret 来保存用于 TLS 身份认证的凭据。
-不过，使用已定义和公开的 Secret 类型有助于确保你自己项目中的 Secret 格式的一致性。
+不过，使用已定义和公开的 Secret 类型（`kubernetes.io/tls`）有助于确保你自己项目中的 Secret 格式的一致性。
 API 服务器会验证这种类型的 Secret 是否设定了所需的主键。
 
 要使用 `kubectl` 创建 TLS Secret，你可以使用 `tls` 子命令：
diff --git a/content/zh-cn/docs/reference/kubectl/cheatsheet.md b/content/zh-cn/docs/reference/kubectl/cheatsheet.md
index b63c4b7651ba0..1889d71141a50 100644
--- a/content/zh-cn/docs/reference/kubectl/cheatsheet.md
+++ b/content/zh-cn/docs/reference/kubectl/cheatsheet.md
@@ -700,7 +700,7 @@ kubectl logs my-pod                                 # dump pod logs (stdout)
 kubectl logs -l name=myLabel                        # dump pod logs, with label name=myLabel (stdout)
 kubectl logs my-pod --previous                      # dump pod logs (stdout) for a previous instantiation of a container
 kubectl logs my-pod -c my-container                 # dump pod container logs (stdout, multi-container case)
-kubectl logs -l name=myLabel -c my-container        # dump pod logs, with label name=myLabel (stdout)
+kubectl logs -l name=myLabel -c my-container        # dump pod container logs, with label name=myLabel (stdout)
 kubectl logs my-pod -c my-container --previous      # dump pod container logs (stdout, multi-container case) for a previous instantiation of a container
 kubectl logs -f my-pod                              # stream pod logs (stdout)
 kubectl logs -f my-pod -c my-container              # stream pod container logs (stdout, multi-container case)
diff --git a/content/zh-cn/examples/application/hpa/php-apache.yaml b/content/zh-cn/examples/application/hpa/php-apache.yaml
index f3f1ef5d4f912..1c49aca6a1ff5 100644
--- a/content/zh-cn/examples/application/hpa/php-apache.yaml
+++ b/content/zh-cn/examples/application/hpa/php-apache.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: php-apache
@@ -9,4 +9,10 @@ spec:
     name: php-apache
   minReplicas: 1
   maxReplicas: 10
-  targetCPUUtilizationPercentage: 50
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50

From 2ceb4a43944c18258782caa48b2173f60ce6260b Mon Sep 17 00:00:00 2001
From: Manish-hr14 <18bcs6611@cuchd.in>
Date: Sun, 10 Dec 2023 03:53:19 +0530
Subject: [PATCH 09/11] Modified community index and added x-org image

---
 content/en/community/_index.html  |   4 ++--
 static/images/community/x-org.png | Bin 0 -> 5914 bytes
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 static/images/community/x-org.png

diff --git a/content/en/community/_index.html b/content/en/community/_index.html
index 0e5a4daff69b3..8fa4c2461411a 100644
--- a/content/en/community/_index.html
+++ b/content/en/community/_index.html
@@ -122,9 +122,9 @@ <h2>Discussions</h2>
 
     <div id="twitter" class="community-resource">
       <a href="https://twitter.com/kubernetesio">
-        <img src="/images/community/twitter.png" alt="Twitter">
+        <img src="/images/community/x-org.png" alt="𝕏.org">
       </a>
-      <a href="https://twitter.com/kubernetesio">Twitter&nbsp;&#9654;</a>
+      <a href="https://twitter.com/kubernetesio">𝕏&nbsp;&#9654;</a>
       <p><em>#kubernetesio</em></p>
       <p>Real-time announcements of blog posts, events, news, ideas.</p>
     </div>
diff --git a/static/images/community/x-org.png b/static/images/community/x-org.png
new file mode 100644
index 0000000000000000000000000000000000000000..f1ea120b0f0ccf442c565f19b64cdc39d9a47bf8
GIT binary patch
literal 5914
zcmb_g3p~^N-*?H#-BGTo8H$*V&21XyI<(~8q%ylOVJ>r<F0^v%6h@LFM7eg#p&SVv
zDvL5g=#Va_u!A}gQhL7A<(%hvb<XSmdY)&m*S6pH_x*g{pZDkb{cY(xcR0yNs!0k7
z3CTF)?LEMEr{FCC0iU(IE*F8XwGnt?w2)Augy1b4udPucBm`-pd+lQGB5cQy8DWMb
z3L}te7#|h^q=kgGS;t3^$or{GXdpF+9*%|0-e`qE=@cx?*Mxv1MA%V->3CKY)swZu
zi_F?jwxGbQt)ScDF#sTp$|OPK!$QNOG4WW~DlP_G3vMG|&{YxUek=?pFbLg6*a@{`
zL{Xs@hDLBQ5@`fAvoIu?Q_yB6D71wE)EH@uLLgBHV-(y7g+ZEN&?e9?FBmWwMWJCl
z>>a<D11l^nn8}R5AP{kJafWdyLq=2(!pOqH0)aF}7#qWZ1Uxz+oJop@hevCDMX;wv
zlcVSnOgbYRDnKL!GGdrm7$E!Ei?E1qu;I~PA_ZcGh$lrLj0}+iuT}*q<Zp5jF;Stb
z#wlb3HIy1g4QECJS)*^V5y1>5BRZJz576JX|C<32T>{~ojqh>^3;Sjwn&}V=-1riZ
z?@C8|B}7mW9@J<?Oca^w5DRE(3A~BG*hNuEOh%L!gAw{QS3AE_h8m*{&7isj5}6(@
za6<2IDpY$ClZu52@&-3Df*V<QA(0ppBMi#I@3RzvL7~$UzAFV1Z1hzMR11Z~B>kHl
zg^ZywqQXePM|v13h>C~^4}w9zMGj-f2xUY8bAS$N)i!~EaSo4WlETSUXL~FRxM@hI
zQ!wThMpUGU2?}m(f+WGwlt3ih!qhYnPBo#SDI{}a6EiCMtG+#h93x1kK>u@TQy64`
z@t0MSDVat!vmnEfCgw;u#SCo<x1a$?3Ylb%CYu<e0!iQ4xJA)HcacK>jw)b90f<Ob
z8k&YSGlx@<rf4`CNhZSsN#Mhrh5}nOvp_&uP{4m#{)&PF{zZe_MSp1!TT;-Mt5CYt
z_empZfhHCp2yjy}+8Az*MkC?oz<szm(ill1A<2PgbL2LJpf>;n^z+qcSj4~EU#(aS
zo-W{%@P&mZHS!xD=xUK-NMu3tVPRxJ)ln(1FSqI6$<}`qmoNHp!BhbH{aXBNIGRCY
z#*w0^xFC?!|Dezj|HzyX9!rh-8}|rO6bZ~cYE(29MvG#EK}iu2p>#4y;3y(CobqLk
zd<!3x$$<V<#{Xz1niTu*@%hiH`Lp-mjn9`Z{NKgrOW?`Dr0^grI4%${fhVh#^EvH^
z|5*{Mdw-k2U&X;#7hHZjQo!Qdp+pS_&{5#XIr?IuNk~Xu#MvI_6@PBJFtMIS*0^gu
z+r8lq6)DX|rrj#mR5*4fO}pHCrrzJvxeH!X_tLhub1RBlp5{@KehRi{G|%?VC_dkz
zy)h*_(&FKn2g4t)5?)3<h<<nIQ0uGVp0VWxB7fmYcS37o>+*8T^5~O~qi$QejHTNr
z&TD#0A%Dy@VymQxqS8p_$p71giqDHpF_=Q5wu{LPUiY83{Z{3GPBRR!?Rb<pRj6nG
zbaPl9l`VT^^U|#xllUSbAH8djeiZTF(Y!FD7r<1FbU3+e&?Tw9CctUjTEVO-<BU6P
zi@K=svH00x{Wcm^ECngi##JzDu3GXKE(|lcb<1W`<XCn1c)JzMPPI(bU!DHEx<ITg
z*2;1;0JgMp{EgMT$nuh;3{^f!q0JgLeYA=ud!=di0Yh)M$WIEhSPT(nT80z41{up}
zL{;VUxvfSgZV{E^3*u+*%at9mQ(rSak!D#|WpRuA<oXGPHqnkmw{W2p7l*q@iH@7O
zzPIOuHf{Z7_OZS4Yw>3{H!TS1(<L&gSx?(OD#Yzv|5h4V_1g?XMp<$8pl)GIV;Z1A
zNIL8^g!6uIVrVwI{ETh$$JtY0gD#(RFg<SiMwLbFcnd?cp%dfZVJgu!cSPO)5mDj~
z4`vWLKfPa@AK`us*Ob&Md!>YMMmeeB_)HeWqq?TuVLe26m)xTAz@|>kSG0A8sKKle
zs)k{eu|(TU+u_O;8(E8-do#HOo?SrJoz2WpDSoJTQ25pMfV#}r!tuvG6#t?4;e=vR
zBqnM??43}!_xnV>hhiU;hERR{QJFs=%^H6?NFIJIz6eQfuB_0265c4(sgRSGGFW@H
zt*3)A4fiqrUI`fuX#-rw`-dY5H{0$WxZT{2%U~Ign-+Xbq)5K$E-8v>#NUDz@2g|2
zSJ6^f<6l*=MfAZBQ_iPGf;0?0j3g#b*UX6IDNgjZU@s~UxfXA6*xZ){__{#Wy4StG
zyz}AaHhu;R-7@S^Vnj?mo+~Z#UZ>jX#d(al?i9DPb-3whLDfZfu+zV~v()y|mY}?K
zikrlcn)h;kUMH)pr?zI!)kjWLUvkbs?zifSOLB|#Hg4Yi*B(7}t%3-D<P2mUW!=g8
zl)~#n$qnHv^h}i%dN%Y5G}X23xl{O(iwAi(%PbU!PhHF3zPZSvlm?ia3Ya$~haD?;
z;Mt#({bc1l=EMVxe_6OZ4?(;S@mW8yHuA<wkQmDrl^suX+7yA$t=)>(kQPD8jG8?&
z>#VxU7e(k#opFO*TIXtXQi-BrI2D*Be|}_(q{%d)XeMMbL1GuK!Z~Mfbw_|YFJviY
zQh1?ai&m>ku1M`YjDJ5@5ZMCP7782Dp7ePAJf)2!f>o<G1SMm}7TWHxAj9z?KiWK7
zynix5bjY^Y$%PO6ib3PkI0IfK7e{#?X=jfaEG?9u0ujWht?4r$7FL1`87fZcx$gfN
zh?+>0`PQk4d~kMmgKW^`d8VY-n*;P9cG4m46r(fz<1VTA9qw*s$i2mvBx-vAr%|ZJ
zxEk|G+uNfBo3pI<xV!c|e{p(`T>$Ye6zs{<boA-mDQPO!S89GPm8u~Yd<19HN|}e$
zaR%ha7X-z#E4irrYRv^G!AM}ducdELrg>j+P^1B07oW45=JQhX!TabrW9ia)F}bC5
zL9Jk1Dki<C*w%HyKvkQ7k~peIblwq$X^Rm+#>;6aUa7f&CZJdSaXw^tx%`s&P-O={
zQ){;EF4D>IJ_rn9)!UJcqffNlME9?YAC2MN+=U$K2l4Esu$jV#aSQjYohv5SP_bs?
zrqdG7E*ts_nkz>}P?g6zU42HlpY%kVA0Q3*@(-D88<tMBLK``QrPTLn0M><B7tF>%
zZ*m5fJAEDd(9;#SS5~xtpN=6+gGh%N;WKoq5nK67qn3{o<nv-GdX?BVhy2jWH`y1I
zmskgU^`^LEONj-(_aKi~CipQO7YPvIMJO;VBgXQ9Z1nC|j8@BuX$(HQYQtw@EPVr6
z4a}L~3pm@{nu}{qG|FqXyg&<_ab(-%a|Tvy3D!P?ih*ipfKc_SR>U~Y0Xy<=2sm|C
zMr86-&7IO4!4-pO3{Z+)^+)v7JpR%fVyYAh4<LF0gxBD6%M+6^i-8cXb1lVWL!+B}
z=4?HTA3=g7oOa9h;krDor(QA<sC06++buwI@@n4s4tg^E068Svz&VX`Y7YJT0V<YF
z5R@k^iwg2N;!u1^s?pOubH5*;hh)!XzGH1dWFhLGcR^kd?eWp|rUDD9`IQqJldeN8
ze|nM{fz9**Q>7a!niI&Kvb@JKHsD7DLLwDQDLO=Ml~kjhyPG3MpT9X>l@j5hPplPh
zuBmus5<pHaawJ3a?l?~z3VCv(hB6=dCqoO4l@rmIm_sX}@J530NtqmUCH9EfVo!8P
zdz_QkskReirHGj6lwHcs$K6vXr8FF~=?NZBpkg_FzR!{DT&Ek>R#HUnl-5K_L0_Nm
z1tfd1WKUg_M@3LoU6JcimKs~NBNO0|*RWEA4totoH`=(7fl!VgHv~RTbigt=h~|eO
z-B4pdb=u|7!j-(DyPZFcH7KFd&e11|M*K4YRTI!iYwP<rf_nffS?RW(t@vU?-Ns2f
z-H_v|_No0YK3d6#w@yt$uC1S_gwy1)z?ngXiDBW<vj#z;)e>|4KcLbKJ$tbY*?BcP
z+y_y1#pQYVIHsVbJc}=hesCf7M2cV=+NDc-rY0`Cj=3I6yn(0|cH25d6bjwK^VIK#
zlJK>ZdEq}rcf0m%_*3r49WrFCQ;1IWb5JU83;Y7WN<2S(2DgMQxu|-NwPW3s^F|cj
zT-N@&(v4v4@{6Z>;Rok=ukVVT!Towgzv<P7<C*o829wv<N{fP$+(od?WJqt2RKP}3
z_toGs5U^A8zv1l;X9AK$_0iqi{I%f3JtZ}-m?cHpM(l~Ju%&`YBOq#p;NAG)b({md
zZ}~2#L%Otm=iF>D+_;Z3koV%YE*#sJ%G{C)LL`;OIO%{ACkDq|sVh25=RLEe$y<zw
z>736_i9M~yKcmg#tfR@Rmek3fU#beQOc9mS4Ve^sCqLl~L8V!1{w#Ywdj&tXE`E=D
zk84{Kpc?>rqvbgG6a_2^-(!Vec-iXI4gEd+Ow8hs^^};abwvz`daskJWgEOH8dlMH
z0qUp4XT1CSr2f$1dFs)!o_U>$S=^Y*;S4199@HJHZc|Avx`$-1yL7LnJ?N#d`r2#0
z%O&w~n*5)=j;NNY=m8KA0fO&f^ko}YoqQbRmHe;p*5<jn;!pBTZ^a(BY-noz<$aQy
z<edFo>1Ug1gT3M#aC<}gn$wY@vWkDO=aYTcHQ?PomIi`u8Y14!y}dUP70~kRNnT!!
zRr1XBiR~eOCU!{oSzrD6q(1T8-YRzPKC;phe5U1Gbxlx{jVrnv+Vz7azwubIHKD=I
zlAAM<Dtuj^KkQb#MUs}KlU^9J&2}Z=dNNOT+L)rFKb^|#*<xL|T?veXj&4km)+ga@
zDrDZr?B7oO!A-kyVL59iHEI1C){#IkKk|up4+I=o8@61$td$@O&Iq%04U`v`IL=_&
zq!05agx}5a;!oC{RDX>i$_TI2)Vzu=@&lTcoB6Lvy6?q*uPpKtaun^+56Rw}A#3|s
z#)CTel>H8;2O?&_u#h&Fuy3k<7%B+jcKbM;-E?k9U1^?lqkpkO;Wahw@|yP4pTv2u
zcGpQ>4dy8n`SsH;;5@o82PT9b>G5;Xp9a?yfz-)_YVj^Os>^T!2cNd%$Mqa)54N?4
zU@bZON*?yTU9;9eZN!vab}nY|3bx62yew{{=yHXQ=pjvBsqI;5k5pg;p}+sU^P%I%
z<uvBp_GQlZm)h=@_BdVBe){~@iM<E3LDW30C*P(z)Zc=FG;kwL_phx#-(RE&MnlpJ
z?BdVK-eRm~dJ}F?`^hg?yCaF`?oXWt0|9jI$npHWTD)h392t*=ns)JN&Vbh9=^9L1
z!#!5Zv&!3NFRE$B4jM^)1h#Trd<2ahGASJU!-O8eQ>HH$Q2RYOkvHndJyrH*!cgr!
z`bvt8n_fY17RU_$Xb<MVkkBY+K!gI?9b~36d;sC_P#RPNK0!u$dP{aU?j83d$^oug
zH@{Qzp*9<h<-gV}=M3CyyO80hBx0EuqPN{sx-SLT0dya(VO<j$^XNBLR?*?1bO}iO
z**e)xjye1AybmwNyo+C{0Hg@TCHMla;s$OcKV}gr46GmTbn&rv@8@JMkdN#PV%J;n
zU*ndi#%h6|^^6mfVpda?x19@R`d)sv!jPQ%(P3dwW%9aTYySW=FJ>{@kL$7wZoL1o
zYo`-?*Ptd@otYB`o>M%4J*0OrRdtFc--TiFc3jiZsRj@F8GbBxgX#e;P@X8=Q}@2b
zrfc(yOLcyJdqu{ycyA9+1p@IoFhe=ptmcHM@Hmk@B3K)&bRf~m9E|fl6(Ic&l!Ar(
z%+jbDPkUQ9b1KMRJ&(U*>GoBJa@DnIgKrGxL2!SO7(JNKVAG{C?(G17n<R7ac3CJu
zeg@8)d9mb;)AKu<A00=8WbIH8Wnw}!^4PtJLvI7-gc3!~oZ@S9hb0;_w{7na5RTAJ
zi0n#5b#Cgfy^S7!QTM6xwfNx<MiyxIr+&YxC&hBNmQRXWdB&!e#b&Ix<mZ=ZHj&N|
z=Eb8c5@d!NyC2{Mu9o4_INmOAp*l)3gxiAkF`(D*OYy`>@Qe?JS@rvjFa<>(oLFv}
zsx-V-Po<;oBr`ps68o-MIMixLwqit}L|6p@2fvzMIj-iByPRX`@*=PQ<qwbU_)>v$
zQ@7)pu0ECblkPgLhk%E<qTtgt9tCEq<AyJW1nV(>oPgKlg5isN!FuJWF0mZlWiT(_
z1>n)CS0@I^o@Xy8KN;F3*d}hk&x=P@fCF$(eTk7E1E^j@pa5D1+Ke;c2ODa-_~_l2
z)(w|`@@v20qBWw@03j;pz=CT9p|8XYz(k^)@~EQ@D<n;}isSCJ*H(^@(8B)@znTR<
dy4jzEIfZYkV|@$f1^-?<JM6H(Y#VUozW``b;A#K>

literal 0
HcmV?d00001


From 73e33f61b2defc21dcd501b7c981215191ac4586 Mon Sep 17 00:00:00 2001
From: Fan-Lin <150505581+Fan-Lin@users.noreply.github.com>
Date: Mon, 11 Dec 2023 17:21:16 +0800
Subject: [PATCH 10/11] [zh-cn] Update KubeCon dates (#44280)

* [zh-cn] Update KubeCon dates

* [zh-cn] Update KubeCon dates
---
 content/zh-cn/_index.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/content/zh-cn/_index.html b/content/zh-cn/_index.html
index 16ff393fc3fc1..b5b4abc878868 100644
--- a/content/zh-cn/_index.html
+++ b/content/zh-cn/_index.html
@@ -70,14 +70,14 @@ <h2>将 150+ 微服务迁移到 Kubernetes 上的挑战</h2>
         <button id="desktopShowVideoButton" onclick="kub.showVideo()">观看视频</button>
         <br>
         <br>
-        <!-- <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/" button id="desktopKCButton">Attend KubeCon + CloudNativeCon North America on November 6-9, 2023</a> -->
-        <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/" button id="desktopKCButton">参加 2023 年 11 月 6-9 日的北美 KubeCon + CloudNativeCon</a>
+        <!-- <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/" button id="desktopKCButton">Attend KubeCon + CloudNativeCon Europe on March 19-22, 2024</a> -->
+        <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/" button id="desktopKCButton">参加 2024 年 3 月 19-22 日的欧洲 KubeCon + CloudNativeCon</a>
         <br>
         <br>
         <br>
         <br>
-        <!-- <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/" button id="desktopKCButton">Attend KubeCon + CloudNativeCon Europe on March 19-22, 2024</a> -->
-        <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/" button id="desktopKCButton">参加 2024 年 3 月 19-22 日的欧洲 KubeCon + CloudNativeCon</a>
+        <!-- <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america-2024/" button id="desktopKCButton">Attend KubeCon + CloudNativeCon North America on November 12-15, 2024</a> -->
+        <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america-2024/" button id="desktopKCButton">参加 2024 年 11 月 12-15 日的北美 KubeCon + CloudNativeCon</a>
 </div>
 <div id="videoPlayer">
     <iframe data-url="https://www.youtube.com/embed/H06qrNmGqyE?autoplay=1" frameborder="0" allowfullscreen></iframe>

From b23c499c2398110207649a7276e73ce3e70b59a3 Mon Sep 17 00:00:00 2001
From: lakshmi <thummala.prasuna@india.nec.com>
Date: Mon, 11 Dec 2023 17:33:21 +0530
Subject: [PATCH 11/11] Revise details for Resource sharing within containers

---
 .../docs/concepts/workloads/pods/init-containers.md   |  2 +-
 .../concepts/workloads/pods/sidecar-containers.md     | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/content/en/docs/concepts/workloads/pods/init-containers.md b/content/en/docs/concepts/workloads/pods/init-containers.md
index e9e1b748abfb7..480d4cee80b9e 100644
--- a/content/en/docs/concepts/workloads/pods/init-containers.md
+++ b/content/en/docs/concepts/workloads/pods/init-containers.md
@@ -362,4 +362,4 @@ Learn more about the following:
 * [Debug init containers](/docs/tasks/debug/debug-application/debug-init-containers/).
 * Overview of [kubelet](/docs/reference/command-line-tools-reference/kubelet/) and [kubectl](/docs/reference/kubectl/).
 * [Types of probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe): liveness, readiness, startup probe.
-* [Sidecar containers](/docs/concepts/workloads/pods/sidecar-containers).
\ No newline at end of file
+* [Sidecar containers](/docs/concepts/workloads/pods/sidecar-containers).
diff --git a/content/en/docs/concepts/workloads/pods/sidecar-containers.md b/content/en/docs/concepts/workloads/pods/sidecar-containers.md
index 6d36283add31b..a1f5a9fbb8fc9 100644
--- a/content/en/docs/concepts/workloads/pods/sidecar-containers.md
+++ b/content/en/docs/concepts/workloads/pods/sidecar-containers.md
@@ -101,14 +101,16 @@ for resource usage apply:
 * The highest of any particular resource request or limit defined on all init
   containers is the *effective init request/limit*. If any resource has no
   resource limit specified this is considered as the highest limit.
-* The Pod's *effective request/limit* for a resource is the higher of:
-  * the sum of all app containers request/limit for a resource
+* The Pod's *effective request/limit* for a resource is the sum of
+[pod overhead](/docs/concepts/scheduling-eviction/pod-overhead/) and the higher of:
+  * the sum of all non-init containers(app and sidecar containers) request/limit for a
+  resource
   * the effective init request/limit for a resource
 * Scheduling is done based on effective requests/limits, which means
   init containers can reserve resources for initialization that are not used
   during the life of the Pod.
 * The QoS (quality of service) tier of the Pod's *effective QoS tier* is the
-  QoS tier for init containers and app containers alike.
+  QoS tier for all init, sidecar and app containers alike.
 
 Quota and limits are applied based on the effective Pod request and
 limit.
@@ -120,4 +122,5 @@ limit, the same as the scheduler.
 
 * Read a blog post on [native sidecar containers](/blog/2023/08/25/native-sidecar-containers/).
 * Read about [creating a Pod that has an init container](/docs/tasks/configure-pod-container/configure-pod-initialization/#create-a-pod-that-has-an-init-container).
-* Learn about the [types of probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe): liveness, readiness, startup probe.
\ No newline at end of file
+* Learn about the [types of probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe): liveness, readiness, startup probe.
+* Learn about [pod overhead](/docs/concepts/scheduling-eviction/pod-overhead/).