Merge pull request #33461 from tengqm/configapi-124

Config API reference for 1.24
2022-05-05 02:14:20 -07:00 · 2022-05-05 02:14:20 -07:00 · 30802fcec2
parent 338a2cae07 a5eeb338f1
commit 30802fcec2
10 changed files with 1051 additions and 1000 deletions
--- a/content/en/docs/reference/_index.md
+++ b/content/en/docs/reference/_index.md
@ -80,6 +80,7 @@ operator to use or manage a cluster.
 * [kubelet configuration (v1alpha1)](/docs/reference/config-api/kubelet-config.v1alpha1/) and
  [kubelet configuration (v1beta1)](/docs/reference/config-api/kubelet-config.v1beta1/)
 * [kubelet credential providers (v1alpha1)](/docs/reference/config-api/kubelet-credentialprovider.v1alpha1/)
 * [kubelet credential providers (v1beta1)](/docs/reference/config-api/kubelet-credentialprovider.v1beta1/)
 * [kube-scheduler configuration (v1beta2)](/docs/reference/config-api/kube-scheduler-config.v1beta2/) and
  [kube-scheduler configuration (v1beta3)](/docs/reference/config-api/kube-scheduler-config.v1beta3/)
 * [kube-proxy configuration (v1alpha1)](/docs/reference/config-api/kube-proxy-config.v1alpha1/)
--- a/content/en/docs/reference/config-api/apiserver-audit.v1.md
+++ b/content/en/docs/reference/config-api/apiserver-audit.v1.md
@ -89,7 +89,15 @@ For non-resource requests, this is the lower-cased HTTP method.</p>
 <code>[]string</code>
 </td>
 <td>
-   <p>Source IPs, from where the request originated and intermediate proxies.</p>
+   <p>Source IPs, from where the request originated and intermediate proxies.
 The source IPs are listed from (in order):</p>
 <ol>
 <li>X-Forwarded-For request header IPs</li>
 <li>X-Real-Ip header, if not present in the X-Forwarded-For list</li>
 <li>The remote address for the connection, if it doesn't match the last
 IP in the list up to here (X-Forwarded-For or X-Real-Ip).
 Note: All but the last IP can be arbitrarily set by the client.</li>
 </ol>
 </td>
 </tr>
 <tr><td><code>userAgent</code><br/>
--- a/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md
+++ b/content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md
@ -193,6 +193,50 @@ An empty string slice is meant to select all network interfaces.</p>
   <p>DetectLocalMode determines mode to use for detecting local traffic, defaults to LocalModeClusterCIDR</p>
 </td>
 </tr>
 <tr><td><code>detectLocal</code> <B>[Required]</B><br/>
 <a href="#kubeproxy-config-k8s-io-v1alpha1-DetectLocalConfiguration"><code>DetectLocalConfiguration</code></a>
 </td>
 <td>
   <p>DetectLocal contains optional configuration settings related to DetectLocalMode.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `DetectLocalConfiguration`     {#kubeproxy-config-k8s-io-v1alpha1-DetectLocalConfiguration}
 **Appears in:**
 - [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
 <p>DetectLocalConfiguration contains optional settings related to DetectLocalMode option</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>bridgeInterface</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>BridgeInterface is a string argument which represents a single bridge interface name.
 Kube-proxy considers traffic as local if originating from this given bridge.
 This argument should be set if DetectLocalMode is set to LocalModeBridgeInterface.</p>
 </td>
 </tr>
 <tr><td><code>interfaceNamePrefix</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>InterfaceNamePrefix is a string argument which represents a single interface prefix name.
 Kube-proxy considers traffic as local if originating from one or more interfaces which match
 the given prefix. This argument should be set if DetectLocalMode is set to LocalModeInterfaceNamePrefix.</p>
 </td>
 </tr>
 </tbody>
 </table>
@ -424,6 +468,22 @@ NAT when loadbalancing</p>
 with DSR</p>
 </td>
 </tr>
 <tr><td><code>rootHnsEndpointName</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>RootHnsEndpointName is the name of hnsendpoint that is attached to
 l2bridge for root network namespace</p>
 </td>
 </tr>
 <tr><td><code>forwardHealthCheckVip</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>ForwardHealthCheckVip forwards service VIP for health check port on
 Windows</p>
 </td>
 </tr>
 </tbody>
 </table>
@ -747,8 +807,9 @@ default value of format is <code>text</code></p>
 <a href="https://pkg.go.dev/time#Duration"><code>time.Duration</code></a>
 </td>
 <td>
-   <p>Maximum number of seconds between log flushes. Ignored if the
+   <p>Maximum number of nanoseconds (i.e. 1s = 1000000000) between log
-selected logging backend writes log messages without buffering.</p>
+flushes.  Ignored if the selected logging backend writes log
 messages without buffering.</p>
 </td>
 </tr>
 <tr><td><code>verbosity</code> <B>[Required]</B><br/>
@ -769,14 +830,6 @@ are always logged.</p>
 Only supported for &quot;text&quot; log format.</p>
 </td>
 </tr>
 <tr><td><code>sanitization</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>[Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens).
 Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)</p>
 </td>
 </tr>
 <tr><td><code>options</code> <B>[Required]</B><br/>
 <a href="#FormatOptions"><code>FormatOptions</code></a>
 </td>
--- a/content/en/docs/reference/config-api/kube-scheduler-config.v1beta2.md
+++ b/content/en/docs/reference/config-api/kube-scheduler-config.v1beta2.md
@ -285,8 +285,9 @@ default value of format is <code>text</code></p>
 <a href="https://pkg.go.dev/time#Duration"><code>time.Duration</code></a>
 </td>
 <td>
-   <p>Maximum number of seconds between log flushes. Ignored if the
+   <p>Maximum number of nanoseconds (i.e. 1s = 1000000000) between log
-selected logging backend writes log messages without buffering.</p>
+flushes.  Ignored if the selected logging backend writes log
 messages without buffering.</p>
 </td>
 </tr>
 <tr><td><code>verbosity</code> <B>[Required]</B><br/>
@ -307,14 +308,6 @@ are always logged.</p>
 Only supported for &quot;text&quot; log format.</p>
 </td>
 </tr>
 <tr><td><code>sanitization</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>[Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens).
 Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)</p>
 </td>
 </tr>
 <tr><td><code>options</code> <B>[Required]</B><br/>
 <a href="#FormatOptions"><code>FormatOptions</code></a>
 </td>
@ -663,8 +656,7 @@ of &quot;System&quot; or &quot;List&quot;.</p>
 Nodes and Zones.</li>
 <li>&quot;List&quot;: Use constraints defined in .defaultConstraints.</li>
 </ul>
-<p>Defaults to &quot;List&quot; if feature gate DefaultPodTopologySpread is disabled
+<p>Defaults to &quot;System&quot;.</p>
 and to &quot;System&quot; if enabled.</p>
 </td>
 </tr>
 </tbody>
--- a/content/en/docs/reference/config-api/kube-scheduler-config.v1beta3.md
+++ b/content/en/docs/reference/config-api/kube-scheduler-config.v1beta3.md
@ -20,6 +20,329 @@ auto_generated: true
 ## `ClientConnectionConfiguration`     {#ClientConnectionConfiguration}
 **Appears in:**
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
 <p>ClientConnectionConfiguration contains details for constructing a client.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>kubeconfig</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>kubeconfig is the path to a KubeConfig file.</p>
 </td>
 </tr>
 <tr><td><code>acceptContentTypes</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
 default value of 'application/json'. This field will control all connections to the server used by a particular
 client.</p>
 </td>
 </tr>
 <tr><td><code>contentType</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>contentType is the content type used when sending data to the server from this client.</p>
 </td>
 </tr>
 <tr><td><code>qps</code> <B>[Required]</B><br/>
 <code>float32</code>
 </td>
 <td>
   <p>qps controls the number of queries per second allowed for this connection.</p>
 </td>
 </tr>
 <tr><td><code>burst</code> <B>[Required]</B><br/>
 <code>int32</code>
 </td>
 <td>
   <p>burst allows extra queries to accumulate when a client is exceeding its rate.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `DebuggingConfiguration`     {#DebuggingConfiguration}
 **Appears in:**
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
 <p>DebuggingConfiguration holds configuration for Debugging related features.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>enableProfiling</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>enableProfiling enables profiling via web interface host:port/debug/pprof/</p>
 </td>
 </tr>
 <tr><td><code>enableContentionProfiling</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>enableContentionProfiling enables lock contention profiling, if
 enableProfiling is true.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `FormatOptions`     {#FormatOptions}
 **Appears in:**
 - [LoggingConfiguration](#LoggingConfiguration)
 <p>FormatOptions contains options for the different logging formats.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>json</code> <B>[Required]</B><br/>
 <a href="#JSONOptions"><code>JSONOptions</code></a>
 </td>
 <td>
   <p>[Experimental] JSON contains options for logging format &quot;json&quot;.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `JSONOptions`     {#JSONOptions}
 **Appears in:**
 - [FormatOptions](#FormatOptions)
 <p>JSONOptions contains options for logging format &quot;json&quot;.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>splitStream</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>[Experimental] SplitStream redirects error messages to stderr while
 info messages go to stdout, with buffering. The default is to write
 both to stdout, without buffering.</p>
 </td>
 </tr>
 <tr><td><code>infoBufferSize</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#QuantityValue"><code>k8s.io/apimachinery/pkg/api/resource.QuantityValue</code></a>
 </td>
 <td>
   <p>[Experimental] InfoBufferSize sets the size of the info stream when
 using split streams. The default is zero, which disables buffering.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `LeaderElectionConfiguration`     {#LeaderElectionConfiguration}
 **Appears in:**
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
 <p>LeaderElectionConfiguration defines the configuration of leader election
 clients for components that can run with leader election enabled.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>leaderElect</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>leaderElect enables a leader election client to gain leadership
 before executing the main loop. Enable this when running replicated
 components for high availability.</p>
 </td>
 </tr>
 <tr><td><code>leaseDuration</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>leaseDuration is the duration that non-leader candidates will wait
 after observing a leadership renewal until attempting to acquire
 leadership of a led but unrenewed leader slot. This is effectively the
 maximum duration that a leader can be stopped before it is replaced
 by another candidate. This is only applicable if leader election is
 enabled.</p>
 </td>
 </tr>
 <tr><td><code>renewDeadline</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>renewDeadline is the interval between attempts by the acting master to
 renew a leadership slot before it stops leading. This must be less
 than or equal to the lease duration. This is only applicable if leader
 election is enabled.</p>
 </td>
 </tr>
 <tr><td><code>retryPeriod</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>retryPeriod is the duration the clients should wait between attempting
 acquisition and renewal of a leadership. This is only applicable if
 leader election is enabled.</p>
 </td>
 </tr>
 <tr><td><code>resourceLock</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>resourceLock indicates the resource object type that will be used to lock
 during leader election cycles.</p>
 </td>
 </tr>
 <tr><td><code>resourceName</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>resourceName indicates the name of resource object that will be used to lock
 during leader election cycles.</p>
 </td>
 </tr>
 <tr><td><code>resourceNamespace</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>resourceName indicates the namespace of resource object that will be used to lock
 during leader election cycles.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `LoggingConfiguration`     {#LoggingConfiguration}
 **Appears in:**
 - [KubeletConfiguration](#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
 <p>LoggingConfiguration contains logging options
 Refer <a href="https://github.com/kubernetes/component-base/blob/master/logs/options.go">Logs Options</a> for more information.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>format</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>Format Flag specifies the structure of log messages.
 default value of format is <code>text</code></p>
 </td>
 </tr>
 <tr><td><code>flushFrequency</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/time#Duration"><code>time.Duration</code></a>
 </td>
 <td>
   <p>Maximum number of nanoseconds (i.e. 1s = 1000000000) between log
 flushes.  Ignored if the selected logging backend writes log
 messages without buffering.</p>
 </td>
 </tr>
 <tr><td><code>verbosity</code> <B>[Required]</B><br/>
 <code>uint32</code>
 </td>
 <td>
   <p>Verbosity is the threshold that determines which log messages are
 logged. Default is zero which logs only the most important
 messages. Higher values enable additional messages. Error messages
 are always logged.</p>
 </td>
 </tr>
 <tr><td><code>vmodule</code> <B>[Required]</B><br/>
 <a href="#VModuleConfiguration"><code>VModuleConfiguration</code></a>
 </td>
 <td>
   <p>VModule overrides the verbosity threshold for individual files.
 Only supported for &quot;text&quot; log format.</p>
 </td>
 </tr>
 <tr><td><code>options</code> <B>[Required]</B><br/>
 <a href="#FormatOptions"><code>FormatOptions</code></a>
 </td>
 <td>
   <p>[Experimental] Options holds additional parameters that are specific
 to the different logging formats. Only the options for the selected
 format get used, but all of them get validated.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `VModuleConfiguration`     {#VModuleConfiguration}
 (Alias of `[]k8s.io/component-base/config/v1alpha1.VModuleItem`)
 **Appears in:**
 - [LoggingConfiguration](#LoggingConfiguration)
 <p>VModuleConfiguration is a collection of individual file names or patterns
 and the corresponding verbosity threshold.</p>
 ## `DefaultPreemptionArgs`     {#kubescheduler-config-k8s-io-v1beta3-DefaultPreemptionArgs}
@ -323,8 +646,7 @@ of &quot;System&quot; or &quot;List&quot;.</p>
 Nodes and Zones.</li>
 <li>&quot;List&quot;: Use constraints defined in .defaultConstraints.</li>
 </ul>
-<p>Defaults to &quot;List&quot; if feature gate DefaultPodTopologySpread is disabled
+<p>Defaults to &quot;System&quot;.</p>
 and to &quot;System&quot; if enabled.</p>
 </td>
 </tr>
 </tbody>
@ -1061,333 +1383,3 @@ Weight defaults to 1 if not specified or explicitly set to 0.</p>
 </tbody>
 </table>
 ## `ClientConnectionConfiguration`     {#ClientConnectionConfiguration}
 **Appears in:**
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
 <p>ClientConnectionConfiguration contains details for constructing a client.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>kubeconfig</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>kubeconfig is the path to a KubeConfig file.</p>
 </td>
 </tr>
 <tr><td><code>acceptContentTypes</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
 default value of 'application/json'. This field will control all connections to the server used by a particular
 client.</p>
 </td>
 </tr>
 <tr><td><code>contentType</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>contentType is the content type used when sending data to the server from this client.</p>
 </td>
 </tr>
 <tr><td><code>qps</code> <B>[Required]</B><br/>
 <code>float32</code>
 </td>
 <td>
   <p>qps controls the number of queries per second allowed for this connection.</p>
 </td>
 </tr>
 <tr><td><code>burst</code> <B>[Required]</B><br/>
 <code>int32</code>
 </td>
 <td>
   <p>burst allows extra queries to accumulate when a client is exceeding its rate.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `DebuggingConfiguration`     {#DebuggingConfiguration}
 **Appears in:**
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
 <p>DebuggingConfiguration holds configuration for Debugging related features.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>enableProfiling</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>enableProfiling enables profiling via web interface host:port/debug/pprof/</p>
 </td>
 </tr>
 <tr><td><code>enableContentionProfiling</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>enableContentionProfiling enables lock contention profiling, if
 enableProfiling is true.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `FormatOptions`     {#FormatOptions}
 **Appears in:**
 - [LoggingConfiguration](#LoggingConfiguration)
 <p>FormatOptions contains options for the different logging formats.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>json</code> <B>[Required]</B><br/>
 <a href="#JSONOptions"><code>JSONOptions</code></a>
 </td>
 <td>
   <p>[Experimental] JSON contains options for logging format &quot;json&quot;.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `JSONOptions`     {#JSONOptions}
 **Appears in:**
 - [FormatOptions](#FormatOptions)
 <p>JSONOptions contains options for logging format &quot;json&quot;.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>splitStream</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>[Experimental] SplitStream redirects error messages to stderr while
 info messages go to stdout, with buffering. The default is to write
 both to stdout, without buffering.</p>
 </td>
 </tr>
 <tr><td><code>infoBufferSize</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#QuantityValue"><code>k8s.io/apimachinery/pkg/api/resource.QuantityValue</code></a>
 </td>
 <td>
   <p>[Experimental] InfoBufferSize sets the size of the info stream when
 using split streams. The default is zero, which disables buffering.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `LeaderElectionConfiguration`     {#LeaderElectionConfiguration}
 **Appears in:**
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
 - [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
 <p>LeaderElectionConfiguration defines the configuration of leader election
 clients for components that can run with leader election enabled.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>leaderElect</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>leaderElect enables a leader election client to gain leadership
 before executing the main loop. Enable this when running replicated
 components for high availability.</p>
 </td>
 </tr>
 <tr><td><code>leaseDuration</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>leaseDuration is the duration that non-leader candidates will wait
 after observing a leadership renewal until attempting to acquire
 leadership of a led but unrenewed leader slot. This is effectively the
 maximum duration that a leader can be stopped before it is replaced
 by another candidate. This is only applicable if leader election is
 enabled.</p>
 </td>
 </tr>
 <tr><td><code>renewDeadline</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>renewDeadline is the interval between attempts by the acting master to
 renew a leadership slot before it stops leading. This must be less
 than or equal to the lease duration. This is only applicable if leader
 election is enabled.</p>
 </td>
 </tr>
 <tr><td><code>retryPeriod</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>retryPeriod is the duration the clients should wait between attempting
 acquisition and renewal of a leadership. This is only applicable if
 leader election is enabled.</p>
 </td>
 </tr>
 <tr><td><code>resourceLock</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>resourceLock indicates the resource object type that will be used to lock
 during leader election cycles.</p>
 </td>
 </tr>
 <tr><td><code>resourceName</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>resourceName indicates the name of resource object that will be used to lock
 during leader election cycles.</p>
 </td>
 </tr>
 <tr><td><code>resourceNamespace</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>resourceName indicates the namespace of resource object that will be used to lock
 during leader election cycles.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `LoggingConfiguration`     {#LoggingConfiguration}
 **Appears in:**
 - [KubeletConfiguration](#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
 <p>LoggingConfiguration contains logging options
 Refer <a href="https://github.com/kubernetes/component-base/blob/master/logs/options.go">Logs Options</a> for more information.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>format</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>Format Flag specifies the structure of log messages.
 default value of format is <code>text</code></p>
 </td>
 </tr>
 <tr><td><code>flushFrequency</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/time#Duration"><code>time.Duration</code></a>
 </td>
 <td>
   <p>Maximum number of seconds between log flushes. Ignored if the
 selected logging backend writes log messages without buffering.</p>
 </td>
 </tr>
 <tr><td><code>verbosity</code> <B>[Required]</B><br/>
 <code>uint32</code>
 </td>
 <td>
   <p>Verbosity is the threshold that determines which log messages are
 logged. Default is zero which logs only the most important
 messages. Higher values enable additional messages. Error messages
 are always logged.</p>
 </td>
 </tr>
 <tr><td><code>vmodule</code> <B>[Required]</B><br/>
 <a href="#VModuleConfiguration"><code>VModuleConfiguration</code></a>
 </td>
 <td>
   <p>VModule overrides the verbosity threshold for individual files.
 Only supported for &quot;text&quot; log format.</p>
 </td>
 </tr>
 <tr><td><code>sanitization</code> <B>[Required]</B><br/>
 <code>bool</code>
 </td>
 <td>
   <p>[Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens).
 Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)</p>
 </td>
 </tr>
 <tr><td><code>options</code> <B>[Required]</B><br/>
 <a href="#FormatOptions"><code>FormatOptions</code></a>
 </td>
 <td>
   <p>[Experimental] Options holds additional parameters that are specific
 to the different logging formats. Only the options for the selected
 format get used, but all of them get validated.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `VModuleConfiguration`     {#VModuleConfiguration}
 (Alias of `[]k8s.io/component-base/config/v1alpha1.VModuleItem`)
 **Appears in:**
 - [LoggingConfiguration](#LoggingConfiguration)
 <p>VModuleConfiguration is a collection of individual file names or patterns
 and the corresponding verbosity threshold.</p>
--- a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
+++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
@ -264,109 +264,6 @@ node only (e.g. the node ip).</p>
 ## `BootstrapToken`     {#BootstrapToken}
 **Appears in:**
 - [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration)
 <p>BootstrapToken describes one bootstrap token, stored as a Secret in the cluster</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>token</code> <B>[Required]</B><br/>
 <a href="#BootstrapTokenString"><code>BootstrapTokenString</code></a>
 </td>
 <td>
   <p><code>token</code> is used for establishing bidirectional trust between nodes and control-planes.
 Used for joining nodes in the cluster.</p>
 </td>
 </tr>
 <tr><td><code>description</code><br/>
 <code>string</code>
 </td>
 <td>
   <p><code>description</code> sets a human-friendly message why this token exists and what it's used
 for, so other administrators can know its purpose.</p>
 </td>
 </tr>
 <tr><td><code>ttl</code><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p><code>ttl</code> defines the time to live for this token. Defaults to <code>24h</code>.
 <code>expires</code> and <code>ttl</code> are mutually exclusive.</p>
 </td>
 </tr>
 <tr><td><code>expires</code><br/>
 <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#time-v1-meta"><code>meta/v1.Time</code></a>
 </td>
 <td>
   <p><code>expires</code> specifies the timestamp when this token expires. Defaults to being set
 dynamically at runtime based on the <code>ttl</code>. <code>expires</code> and <code>ttl</code> are mutually exclusive.</p>
 </td>
 </tr>
 <tr><td><code>usages</code><br/>
 <code>[]string</code>
 </td>
 <td>
   <p><code>usages</code> describes the ways in which this token can be used. Can by default be used
 for establishing bidirectional trust, but that can be changed here.</p>
 </td>
 </tr>
 <tr><td><code>groups</code><br/>
 <code>[]string</code>
 </td>
 <td>
   <p><code>groups</code> specifies the extra groups that this token will authenticate as when/if
 used for authentication</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `BootstrapTokenString`     {#BootstrapTokenString}
 **Appears in:**
 - [BootstrapToken](#BootstrapToken)
 <p>BootstrapTokenString is a token of the format <code>abcdef.abcdef0123456789</code> that is used
 for both validation of the practically of the API server from a joining node's point
 of view and as an authentication method for the node in the bootstrap phase of
 &quot;kubeadm join&quot;. This token is and should be short-lived.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>-</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 <tr><td><code>-</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 </tbody>
 </table>
 ## `ClusterConfiguration`     {#kubeadm-k8s-io-v1beta3-ClusterConfiguration}
@ -1340,3 +1237,106 @@ first alpha-numerically.</p>
 </tbody>
 </table>
 ## `BootstrapToken`     {#BootstrapToken}
 **Appears in:**
 - [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration)
 <p>BootstrapToken describes one bootstrap token, stored as a Secret in the cluster</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>token</code> <B>[Required]</B><br/>
 <a href="#BootstrapTokenString"><code>BootstrapTokenString</code></a>
 </td>
 <td>
   <p><code>token</code> is used for establishing bidirectional trust between nodes and control-planes.
 Used for joining nodes in the cluster.</p>
 </td>
 </tr>
 <tr><td><code>description</code><br/>
 <code>string</code>
 </td>
 <td>
   <p><code>description</code> sets a human-friendly message why this token exists and what it's used
 for, so other administrators can know its purpose.</p>
 </td>
 </tr>
 <tr><td><code>ttl</code><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p><code>ttl</code> defines the time to live for this token. Defaults to <code>24h</code>.
 <code>expires</code> and <code>ttl</code> are mutually exclusive.</p>
 </td>
 </tr>
 <tr><td><code>expires</code><br/>
 <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#time-v1-meta"><code>meta/v1.Time</code></a>
 </td>
 <td>
   <p><code>expires</code> specifies the timestamp when this token expires. Defaults to being set
 dynamically at runtime based on the <code>ttl</code>. <code>expires</code> and <code>ttl</code> are mutually exclusive.</p>
 </td>
 </tr>
 <tr><td><code>usages</code><br/>
 <code>[]string</code>
 </td>
 <td>
   <p><code>usages</code> describes the ways in which this token can be used. Can by default be used
 for establishing bidirectional trust, but that can be changed here.</p>
 </td>
 </tr>
 <tr><td><code>groups</code><br/>
 <code>[]string</code>
 </td>
 <td>
   <p><code>groups</code> specifies the extra groups that this token will authenticate as when/if
 used for authentication</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `BootstrapTokenString`     {#BootstrapTokenString}
 **Appears in:**
 - [BootstrapToken](#BootstrapToken)
 <p>BootstrapTokenString is a token of the format <code>abcdef.abcdef0123456789</code> that is used
 for both validation of the practically of the API server from a joining node's point
 of view and as an authentication method for the node in the bootstrap phase of
 &quot;kubeadm join&quot;. This token is and should be short-lived.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>-</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 <tr><td><code>-</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 </tbody>
 </table>
--- a/content/en/docs/reference/config-api/kubelet-config.v1alpha1.md
+++ b/content/en/docs/reference/config-api/kubelet-config.v1alpha1.md
@ -13,166 +13,6 @@ auto_generated: true
 ## `CredentialProviderConfig`     {#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig}
 <p>CredentialProviderConfig is the configuration containing information about
 each exec credential provider. Kubelet reads this configuration from disk and enables
 each provider as specified by the CredentialProvider type.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>apiVersion</code><br/>string</td><td><code>kubelet.config.k8s.io/v1alpha1</code></td></tr>
 <tr><td><code>kind</code><br/>string</td><td><code>CredentialProviderConfig</code></td></tr>
 <tr><td><code>providers</code> <B>[Required]</B><br/>
 <a href="#kubelet-config-k8s-io-v1alpha1-CredentialProvider"><code>[]CredentialProvider</code></a>
 </td>
 <td>
   <p>providers is a list of credential provider plugins that will be enabled by the kubelet.
 Multiple providers may match against a single image, in which case credentials
 from all providers will be returned to the kubelet. If multiple providers are called
 for a single image, the results are combined. If providers return overlapping
 auth keys, the value from the provider earlier in this list is used.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `CredentialProvider`     {#kubelet-config-k8s-io-v1alpha1-CredentialProvider}
 **Appears in:**
 - [CredentialProviderConfig](#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig)
 <p>CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only
 invoked when an image being pulled matches the images handled by the plugin (see matchImages).</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>name</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>name is the required name of the credential provider. It must match the name of the
 provider executable as seen by the kubelet. The executable must be in the kubelet's
 bin directory (set by the --image-credential-provider-bin-dir flag).</p>
 </td>
 </tr>
 <tr><td><code>matchImages</code> <B>[Required]</B><br/>
 <code>[]string</code>
 </td>
 <td>
   <p>matchImages is a required list of strings used to match against images in order to
 determine if this provider should be invoked. If one of the strings matches the
 requested image from the kubelet, the plugin will be invoked and given a chance
 to provide credentials. Images are expected to contain the registry domain
 and URL path.</p>
 <p>Each entry in matchImages is a pattern which can optionally contain a port and a path.
 Globs can be used in the domain, but not in the port or the path. Globs are supported
 as subdomains like '<em>.k8s.io' or 'k8s.</em>.io', and top-level-domains such as 'k8s.<em>'.
 Matching partial subdomains like 'app</em>.k8s.io' is also supported. Each glob can only match
 a single subdomain segment, so *.io does not match *.k8s.io.</p>
 <p>A match exists between an image and a matchImage when all of the below are true:</p>
 <ul>
 <li>Both contain the same number of domain parts and each part matches.</li>
 <li>The URL path of an imageMatch must be a prefix of the target image URL path.</li>
 <li>If the imageMatch contains a port, then the port must match in the image as well.</li>
 </ul>
 <p>Example values of matchImages:</p>
 <ul>
 <li>123456789.dkr.ecr.us-east-1.amazonaws.com</li>
 <li>*.azurecr.io</li>
 <li>gcr.io</li>
 <li><em>.</em>.registry.io</li>
 <li>registry.io:8080/path</li>
 </ul>
 </td>
 </tr>
 <tr><td><code>defaultCacheDuration</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>defaultCacheDuration is the default duration the plugin will cache credentials in-memory
 if a cache duration is not provided in the plugin response. This field is required.</p>
 </td>
 </tr>
 <tr><td><code>apiVersion</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
 MUST use the same encoding version as the input. Current supported values are:</p>
 <ul>
 <li>credentialprovider.kubelet.k8s.io/v1alpha1</li>
 </ul>
 </td>
 </tr>
 <tr><td><code>args</code><br/>
 <code>[]string</code>
 </td>
 <td>
   <p>Arguments to pass to the command when executing it.</p>
 </td>
 </tr>
 <tr><td><code>env</code><br/>
 <a href="#kubelet-config-k8s-io-v1alpha1-ExecEnvVar"><code>[]ExecEnvVar</code></a>
 </td>
 <td>
   <p>Env defines additional environment variables to expose to the process. These
 are unioned with the host's environment, as well as variables client-go uses
 to pass argument to the plugin.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `ExecEnvVar`     {#kubelet-config-k8s-io-v1alpha1-ExecEnvVar}
 **Appears in:**
 - [CredentialProvider](#kubelet-config-k8s-io-v1alpha1-CredentialProvider)
 <p>ExecEnvVar is used for setting environment variables when executing an exec-based
 credential plugin.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>name</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 <tr><td><code>value</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 </tbody>
 </table>
 ## `FormatOptions`     {#FormatOptions}
@ -247,3 +87,163 @@ and the corresponding verbosity threshold.</p>
 ## `CredentialProviderConfig`     {#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig}
 <p>CredentialProviderConfig is the configuration containing information about
 each exec credential provider. Kubelet reads this configuration from disk and enables
 each provider as specified by the CredentialProvider type.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>apiVersion</code><br/>string</td><td><code>kubelet.config.k8s.io/v1alpha1</code></td></tr>
 <tr><td><code>kind</code><br/>string</td><td><code>CredentialProviderConfig</code></td></tr>
 <tr><td><code>providers</code> <B>[Required]</B><br/>
 <a href="#kubelet-config-k8s-io-v1alpha1-CredentialProvider"><code>[]CredentialProvider</code></a>
 </td>
 <td>
   <p>providers is a list of credential provider plugins that will be enabled by the kubelet.
 Multiple providers may match against a single image, in which case credentials
 from all providers will be returned to the kubelet. If multiple providers are called
 for a single image, the results are combined. If providers return overlapping
 auth keys, the value from the provider earlier in this list is used.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `CredentialProvider`     {#kubelet-config-k8s-io-v1alpha1-CredentialProvider}
 **Appears in:**
 - [CredentialProviderConfig](#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig)
 <p>CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only
 invoked when an image being pulled matches the images handled by the plugin (see matchImages).</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>name</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>name is the required name of the credential provider. It must match the name of the
 provider executable as seen by the kubelet. The executable must be in the kubelet's
 bin directory (set by the --image-credential-provider-bin-dir flag).</p>
 </td>
 </tr>
 <tr><td><code>matchImages</code> <B>[Required]</B><br/>
 <code>[]string</code>
 </td>
 <td>
   <p>matchImages is a required list of strings used to match against images in order to
 determine if this provider should be invoked. If one of the strings matches the
 requested image from the kubelet, the plugin will be invoked and given a chance
 to provide credentials. Images are expected to contain the registry domain
 and URL path.</p>
 <p>Each entry in matchImages is a pattern which can optionally contain a port and a path.
 Globs can be used in the domain, but not in the port or the path. Globs are supported
 as subdomains like <code>*.k8s.io</code> or <code>k8s.*.io</code>, and top-level-domains such as <code>k8s.*</code>.
 Matching partial subdomains like <code>app*.k8s.io</code> is also supported. Each glob can only match
 a single subdomain segment, so <code>*.io</code> does not match <code>*.k8s.io</code>.</p>
 <p>A match exists between an image and a matchImage when all of the below are true:</p>
 <ul>
 <li>Both contain the same number of domain parts and each part matches.</li>
 <li>The URL path of an imageMatch must be a prefix of the target image URL path.</li>
 <li>If the imageMatch contains a port, then the port must match in the image as well.</li>
 </ul>
 <p>Example values of matchImages:</p>
 <ul>
 <li><code>123456789.dkr.ecr.us-east-1.amazonaws.com</code></li>
 <li><code>*.azurecr.io</code></li>
 <li><code>gcr.io</code></li>
 <li><code>*.*.registry.io</code></li>
 <li><code>registry.io:8080/path</code></li>
 </ul>
 </td>
 </tr>
 <tr><td><code>defaultCacheDuration</code> <B>[Required]</B><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>defaultCacheDuration is the default duration the plugin will cache credentials in-memory
 if a cache duration is not provided in the plugin response. This field is required.</p>
 </td>
 </tr>
 <tr><td><code>apiVersion</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
 MUST use the same encoding version as the input. Current supported values are:</p>
 <ul>
 <li>credentialprovider.kubelet.k8s.io/v1alpha1</li>
 </ul>
 </td>
 </tr>
 <tr><td><code>args</code><br/>
 <code>[]string</code>
 </td>
 <td>
   <p>Arguments to pass to the command when executing it.</p>
 </td>
 </tr>
 <tr><td><code>env</code><br/>
 <a href="#kubelet-config-k8s-io-v1alpha1-ExecEnvVar"><code>[]ExecEnvVar</code></a>
 </td>
 <td>
   <p>Env defines additional environment variables to expose to the process. These
 are unioned with the host's environment, as well as variables client-go uses
 to pass argument to the plugin.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `ExecEnvVar`     {#kubelet-config-k8s-io-v1alpha1-ExecEnvVar}
 **Appears in:**
 - [CredentialProvider](#kubelet-config-k8s-io-v1alpha1-CredentialProvider)
 <p>ExecEnvVar is used for setting environment variables when executing an exec-based
 credential plugin.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>name</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 <tr><td><code>value</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <span class="text-muted">No description provided.</span></td>
 </tr>
 </tbody>
 </table>
--- a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md
+++ b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md
--- a/content/en/docs/reference/config-api/kubelet-credentialprovider.v1alpha1.md
+++ b/content/en/docs/reference/config-api/kubelet-credentialprovider.v1alpha1.md
@ -14,16 +14,14 @@ auto_generated: true
 ## `CredentialProviderRequest`     {#credentialprovider-kubelet-k8s-io-v1alpha1-CredentialProviderRequest}
-
+<p>CredentialProviderRequest includes the image that the kubelet requires authentication for.
 CredentialProviderRequest includes the image that the kubelet requires authentication for.
 Kubelet will pass this request object to the plugin via stdin. In general, plugins should
-prefer responding with the same apiVersion they were sent.
+prefer responding with the same apiVersion they were sent.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -32,33 +30,27 @@ prefer responding with the same apiVersion they were sent.
 <tr><td><code>apiVersion</code><br/>string</td><td><code>credentialprovider.kubelet.k8s.io/v1alpha1</code></td></tr>
 <tr><td><code>kind</code><br/>string</td><td><code>CredentialProviderRequest</code></td></tr>
 <tr><td><code>image</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
-   image is the container image that is being pulled as part of the
+   <p>image is the container image that is being pulled as part of the
 credential provider plugin request. Plugins may optionally parse the image
-to extract any information required to fetch credentials.</td>
+to extract any information required to fetch credentials.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `CredentialProviderResponse`     {#credentialprovider-kubelet-k8s-io-v1alpha1-CredentialProviderResponse}
-
+<p>CredentialProviderResponse holds credentials that the kubelet should use for the specified
 CredentialProviderResponse holds credentials that the kubelet should use for the specified
 image provided in the original request. Kubelet will read the response from the plugin via stdout.
-This response should be set to the same apiVersion as CredentialProviderRequest.
+This response should be set to the same apiVersion as CredentialProviderRequest.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -67,119 +59,106 @@ This response should be set to the same apiVersion as CredentialProviderRequest.
 <tr><td><code>apiVersion</code><br/>string</td><td><code>credentialprovider.kubelet.k8s.io/v1alpha1</code></td></tr>
 <tr><td><code>kind</code><br/>string</td><td><code>CredentialProviderResponse</code></td></tr>
 <tr><td><code>cacheKeyType</code> <B>[Required]</B><br/>
 <a href="#credentialprovider-kubelet-k8s-io-v1alpha1-PluginCacheKeyType"><code>PluginCacheKeyType</code></a>
 </td>
 <td>
-   cacheKeyType indiciates the type of caching key to use based on the image provided
+   <p>cacheKeyType indiciates the type of caching key to use based on the image provided
 in the request. There are three valid values for the cache key type: Image, Registry, and
-Global. If an invalid value is specified, the response will NOT be used by the kubelet.</td>
+Global. If an invalid value is specified, the response will NOT be used by the kubelet.</p>
 </td>
 </tr>
 <tr><td><code>cacheDuration</code><br/>
-<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
+<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
-   cacheDuration indicates the duration the provided credentials should be cached for.
+   <p>cacheDuration indicates the duration the provided credentials should be cached for.
 The kubelet will use this field to set the in-memory cache duration for credentials
 in the AuthConfig. If null, the kubelet will use defaultCacheDuration provided in
-CredentialProviderConfig. If set to 0, the kubelet will not cache the provided AuthConfig.</td>
+CredentialProviderConfig. If set to 0, the kubelet will not cache the provided AuthConfig.</p>
 </td>
 </tr>
 <tr><td><code>auth</code><br/>
 <a href="#credentialprovider-kubelet-k8s-io-v1alpha1-AuthConfig"><code>map[string]k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1.AuthConfig</code></a>
 </td>
 <td>
-   auth is a map containing authentication information passed into the kubelet.
+   <p>auth is a map containing authentication information passed into the kubelet.
 Each key is a match image string (more on this below). The corresponding authConfig value
 should be valid for all images that match against this key. A plugin should set
-this field to null if no valid credentials can be returned for the requested image.
+this field to null if no valid credentials can be returned for the requested image.</p>
-
+<p>Each key in the map is a pattern which can optionally contain a port and a path.
 Each key in the map is a pattern which can optionally contain a port and a path.
 Globs can be used in the domain, but not in the port or the path. Globs are supported
-as subdomains like '&lowast;.k8s.io' or 'k8s.&lowast;.io', and top-level-domains such as 'k8s.&lowast;'.
+as subdomains like '<em>.k8s.io' or 'k8s.</em>.io', and top-level-domains such as 'k8s.<em>'.
-Matching partial subdomains like 'app&lowast;.k8s.io' is also supported. Each glob can only match
+Matching partial subdomains like 'app</em>.k8s.io' is also supported. Each glob can only match
-a single subdomain segment, so &lowast;.io does not match &lowast;.k8s.io.
+a single subdomain segment, so *.io does not match *.k8s.io.</p>
-
+<p>The kubelet will match images against the key when all of the below are true:</p>
-The kubelet will match images against the key when all of the below are true:
+<ul>
- Both contain the same number of domain parts and each part matches.
+<li>Both contain the same number of domain parts and each part matches.</li>
- The URL path of an imageMatch must be a prefix of the target image URL path.
+<li>The URL path of an imageMatch must be a prefix of the target image URL path.</li>
- If the imageMatch contains a port, then the port must match in the image as well.
+<li>If the imageMatch contains a port, then the port must match in the image as well.</li>
-
+</ul>
-When multiple keys are returned, the kubelet will traverse all keys in reverse order so that:
+<p>When multiple keys are returned, the kubelet will traverse all keys in reverse order so that:</p>
- longer keys come before shorter keys with the same prefix
+<ul>
- non-wildcard keys come before wildcard keys with the same prefix.
+<li>longer keys come before shorter keys with the same prefix</li>
-
+<li>non-wildcard keys come before wildcard keys with the same prefix.</li>
-For any given match, the kubelet will attempt an image pull with the provided credentials,
+</ul>
-stopping after the first successfully authenticated pull.
+<p>For any given match, the kubelet will attempt an image pull with the provided credentials,
-
+stopping after the first successfully authenticated pull.</p>
-Example keys:
+<p>Example keys:</p>
-  - 123456789.dkr.ecr.us-east-1.amazonaws.com
+<ul>
-  - &lowast;.azurecr.io
+<li>123456789.dkr.ecr.us-east-1.amazonaws.com</li>
-  - gcr.io
+<li>*.azurecr.io</li>
-  - &lowast;.&lowast;.registry.io
+<li>gcr.io</li>
-  - registry.io:8080/path</td>
+<li><em>.</em>.registry.io</li>
 <li>registry.io:8080/path</li>
 </ul>
 </td>
 </tr>
 </tbody>
 </table>
 ## `AuthConfig`     {#credentialprovider-kubelet-k8s-io-v1alpha1-AuthConfig}
 **Appears in:**
 - [CredentialProviderResponse](#credentialprovider-kubelet-k8s-io-v1alpha1-CredentialProviderResponse)
-AuthConfig contains authentication information for a container registry.
+<p>AuthConfig contains authentication information for a container registry.
 Only username/password based authentication is supported today, but more authentication
-mechanisms may be added in the future.
+mechanisms may be added in the future.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>username</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
-   username is the username used for authenticating to the container registry
+   <p>username is the username used for authenticating to the container registry
-An empty username is valid.</td>
+An empty username is valid.</p>
 </td>
 </tr>
 <tr><td><code>password</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
-   password is the password used for authenticating to the container registry
+   <p>password is the password used for authenticating to the container registry
-An empty password is valid.</td>
+An empty password is valid.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `PluginCacheKeyType`     {#credentialprovider-kubelet-k8s-io-v1alpha1-PluginCacheKeyType}
 (Alias of `string`)
 **Appears in:**
 - [CredentialProviderResponse](#credentialprovider-kubelet-k8s-io-v1alpha1-CredentialProviderResponse)
@ -187,6 +166,4 @@ An empty password is valid.</td>
--- a/content/en/docs/reference/config-api/kubelet-credentialprovider.v1beta1.md
+++ b/content/en/docs/reference/config-api/kubelet-credentialprovider.v1beta1.md
@ -0,0 +1,169 @@
 ---
 title: Kubelet CredentialProvider (v1beta1)
 content_type: tool-reference
 package: credentialprovider.kubelet.k8s.io/v1beta1
 auto_generated: true
 ---
 ## Resource Types 
 - [CredentialProviderRequest](#credentialprovider-kubelet-k8s-io-v1beta1-CredentialProviderRequest)
 - [CredentialProviderResponse](#credentialprovider-kubelet-k8s-io-v1beta1-CredentialProviderResponse)
 ## `CredentialProviderRequest`     {#credentialprovider-kubelet-k8s-io-v1beta1-CredentialProviderRequest}
 <p>CredentialProviderRequest includes the image that the kubelet requires authentication for.
 Kubelet will pass this request object to the plugin via stdin. In general, plugins should
 prefer responding with the same apiVersion they were sent.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>apiVersion</code><br/>string</td><td><code>credentialprovider.kubelet.k8s.io/v1beta1</code></td></tr>
 <tr><td><code>kind</code><br/>string</td><td><code>CredentialProviderRequest</code></td></tr>
 <tr><td><code>image</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>image is the container image that is being pulled as part of the
 credential provider plugin request. Plugins may optionally parse the image
 to extract any information required to fetch credentials.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `CredentialProviderResponse`     {#credentialprovider-kubelet-k8s-io-v1beta1-CredentialProviderResponse}
 <p>CredentialProviderResponse holds credentials that the kubelet should use for the specified
 image provided in the original request. Kubelet will read the response from the plugin via stdout.
 This response should be set to the same apiVersion as CredentialProviderRequest.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>apiVersion</code><br/>string</td><td><code>credentialprovider.kubelet.k8s.io/v1beta1</code></td></tr>
 <tr><td><code>kind</code><br/>string</td><td><code>CredentialProviderResponse</code></td></tr>
 <tr><td><code>cacheKeyType</code> <B>[Required]</B><br/>
 <a href="#credentialprovider-kubelet-k8s-io-v1beta1-PluginCacheKeyType"><code>PluginCacheKeyType</code></a>
 </td>
 <td>
   <p>cacheKeyType indiciates the type of caching key to use based on the image provided
 in the request. There are three valid values for the cache key type: Image, Registry, and
 Global. If an invalid value is specified, the response will NOT be used by the kubelet.</p>
 </td>
 </tr>
 <tr><td><code>cacheDuration</code><br/>
 <a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
 </td>
 <td>
   <p>cacheDuration indicates the duration the provided credentials should be cached for.
 The kubelet will use this field to set the in-memory cache duration for credentials
 in the AuthConfig. If null, the kubelet will use defaultCacheDuration provided in
 CredentialProviderConfig. If set to 0, the kubelet will not cache the provided AuthConfig.</p>
 </td>
 </tr>
 <tr><td><code>auth</code><br/>
 <a href="#credentialprovider-kubelet-k8s-io-v1beta1-AuthConfig"><code>map[string]k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1.AuthConfig</code></a>
 </td>
 <td>
   <p>auth is a map containing authentication information passed into the kubelet.
 Each key is a match image string (more on this below). The corresponding authConfig value
 should be valid for all images that match against this key. A plugin should set
 this field to null if no valid credentials can be returned for the requested image.</p>
 <p>Each key in the map is a pattern which can optionally contain a port and a path.
 Globs can be used in the domain, but not in the port or the path. Globs are supported
 as subdomains like '<em>.k8s.io' or 'k8s.</em>.io', and top-level-domains such as 'k8s.<em>'.
 Matching partial subdomains like 'app</em>.k8s.io' is also supported. Each glob can only match
 a single subdomain segment, so *.io does not match *.k8s.io.</p>
 <p>The kubelet will match images against the key when all of the below are true:</p>
 <ul>
 <li>Both contain the same number of domain parts and each part matches.</li>
 <li>The URL path of an imageMatch must be a prefix of the target image URL path.</li>
 <li>If the imageMatch contains a port, then the port must match in the image as well.</li>
 </ul>
 <p>When multiple keys are returned, the kubelet will traverse all keys in reverse order so that:</p>
 <ul>
 <li>longer keys come before shorter keys with the same prefix</li>
 <li>non-wildcard keys come before wildcard keys with the same prefix.</li>
 </ul>
 <p>For any given match, the kubelet will attempt an image pull with the provided credentials,
 stopping after the first successfully authenticated pull.</p>
 <p>Example keys:</p>
 <ul>
 <li>123456789.dkr.ecr.us-east-1.amazonaws.com</li>
 <li>*.azurecr.io</li>
 <li>gcr.io</li>
 <li><em>.</em>.registry.io</li>
 <li>registry.io:8080/path</li>
 </ul>
 </td>
 </tr>
 </tbody>
 </table>
 ## `AuthConfig`     {#credentialprovider-kubelet-k8s-io-v1beta1-AuthConfig}
 **Appears in:**
 - [CredentialProviderResponse](#credentialprovider-kubelet-k8s-io-v1beta1-CredentialProviderResponse)
 <p>AuthConfig contains authentication information for a container registry.
 Only username/password based authentication is supported today, but more authentication
 mechanisms may be added in the future.</p>
 <table class="table">
 <thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
 <tbody>
 <tr><td><code>username</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>username is the username used for authenticating to the container registry
 An empty username is valid.</p>
 </td>
 </tr>
 <tr><td><code>password</code> <B>[Required]</B><br/>
 <code>string</code>
 </td>
 <td>
   <p>password is the password used for authenticating to the container registry
 An empty password is valid.</p>
 </td>
 </tr>
 </tbody>
 </table>
 ## `PluginCacheKeyType`     {#credentialprovider-kubelet-k8s-io-v1beta1-PluginCacheKeyType}
 (Alias of `string`)
 **Appears in:**
 - [CredentialProviderResponse](#credentialprovider-kubelet-k8s-io-v1beta1-CredentialProviderResponse)