Fix some links in the En docs

Author: tengqm

content/en/docs/concepts/cluster-administration/dra.md

@@ -111,7 +111,7 @@ While this is a good starting point, you can get a better idea of how to tune
 the different components that have the biggest effect on DRA performance for
 your deployment by monitoring the following metrics. For more information on all
 the stable metrics in Kubernetes, see the [Kubernetes Metrics
-Reference](/docs/reference/generated/metrics/).
+Reference](/docs/reference/instrumentation/metrics/).
 
 ### `kube-controller-manager` metrics
 
@@ -191,4 +191,4 @@ metrics.
 * [Learn more about
   DRA](/docs/concepts/scheduling-eviction/dynamic-resource-allocation/)
 * Read the [Kubernetes Metrics
-Reference](/docs/reference/generated/metrics/)
+Reference](/docs/reference/instrumentation/metrics/)

content/en/docs/concepts/containers/container-lifecycle-hooks.md

@@ -69,7 +69,7 @@ Resources consumed by the command are counted against the Container.
 
 When a Container lifecycle management hook is called,
 the Kubernetes management system executes the handler according to the hook action,
-`httpGet`, `tcpSocket` ([deprecated](/docs/reference/generated/kubernetes-api/v1.31/#lifecyclehandler-v1-core))
+`httpGet`, `tcpSocket` ([deprecated](/docs/reference/generated/kubernetes-api/v1.35/#lifecyclehandler-v1-core))
 and `sleep` are executed by the kubelet process, and `exec` is executed in the container.
 
 The `PostStart` hook handler call is initiated when a container is created,

content/en/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md

@@ -49,8 +49,8 @@ let you meet it.
 * To get the aggregator working in your environment, [configure the aggregation layer](/docs/tasks/extend-kubernetes/configure-aggregation-layer/).
 * Then, [setup an extension api-server](/docs/tasks/extend-kubernetes/setup-extension-api-server/) to work with the aggregation layer.
 * Read about [APIService](/docs/reference/kubernetes-api/cluster-resources/api-service-v1/) in the API reference
-*   Learn about [Declarative Validation Concepts](/docs/reference/using-api/declarative-validation.md), an internal mechanism for defining validation rules that in the future will help support validation for extension API server development.
-
-Alternatively: learn how to
-[extend the Kubernetes API using Custom Resource Definitions](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/).
+* Learn about [Declarative Validation Concepts](/docs/reference/using-api/declarative-validation/),
+  an internal mechanism for defining validation rules that in the future will help support validation for extension API server development.
 
+Alternatively: learn how to extend the Kubernetes API using
+[Custom Resource Definitions](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/).

content/en/docs/concepts/scheduling-eviction/dynamic-resource-allocation.md

@@ -22,43 +22,58 @@ This can aid an attacker with a [Yo-Yo attack](https://arxiv.org/abs/2105.00542)
 
 ### Scheduler authentication & authorization command line options
 
-When setting up authentication configuration, it should be made sure that kube-scheduler's authentication remains consistent with kube-api-server's authentication. 
-If any request has missing authentication headers, 
-the [authentication should happen through the kube-api-server allowing all authentication to be consistent in the cluster](/docs/tasks/extend-kubernetes/configure-aggregation-layer/#original-request-username-and-group).
-
-- `authentication-kubeconfig`: Make sure to provide a proper kubeconfig so that the scheduler can retrieve authentication configuration options from the API Server. This kubeconfig file should be protected with strict file permissions.
-- `authentication-tolerate-lookup-failure`: Set this to `false` to make sure the scheduler _always_ looks up its authentication configuration from the API server.
-- `authentication-skip-lookup`: Set this to `false` to make sure the scheduler _always_ looks up its authentication configuration from the API server.
-- `authorization-always-allow-paths`: These paths should respond with data that is appropriate for anonymous authorization. Defaults to `/healthz,/readyz,/livez`.
-- `profiling`: Set to `false` to disable the profiling endpoints which are provide debugging information but which should not be enabled on production clusters as they present a risk of denial of service or information leakage. The `--profiling` argument is deprecated and can now be provided through the [KubeScheduler DebuggingConfiguration](https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1/#DebuggingConfiguration). Profiling can be disabled through the kube-scheduler config by setting `enableProfiling` to `false`.                                                                                     
+When setting up authentication configuration, it should be made sure that
+kube-scheduler's authentication remains consistent with kube-api-server's authentication. 
+If any request has missing authentication headers, the authentication should happen through the kube-api-server
+[allowing all authentication to be consistent in the cluster](/docs/tasks/extend-kubernetes/configure-aggregation-layer/#original-request-username-and-group).
+
+- `authentication-kubeconfig`: Make sure to provide a proper kubeconfig so that
+  the scheduler can retrieve authentication configuration options from the API Server.
+  This kubeconfig file should be protected with strict file permissions.
+- `authentication-tolerate-lookup-failure`: Set this to `false` to make sure
+  the scheduler _always_ looks up its authentication configuration from the API server.
+- `authentication-skip-lookup`: Set this to `false` to make sure
+  the scheduler _always_ looks up its authentication configuration from the API server.
+- `authorization-always-allow-paths`: These paths should respond with data that is appropriate
+  for anonymous authorization. Defaults to `/healthz,/readyz,/livez`.
+- `profiling`: Set to `false` to disable the profiling endpoints which are provide debugging information
+  but which should not be enabled on production clusters as they present a risk of denial of service
+  or information leakage. The `--profiling` argument is deprecated and can now be provided through the
+  [KubeScheduler DebuggingConfiguration](/docs/reference/config-api/kube-scheduler-config.v1/#DebuggingConfiguration).
+  Profiling can be disabled through the kube-scheduler config by setting `enableProfiling` to `false`. 
 - `requestheader-client-ca-file`: Avoid passing this argument.
 
-
 ### Scheduler networking command line options
 
-- `bind-address`: In most cases, the kube-scheduler does not need to be externally accessible. Setting the bind address to `localhost` is a secure practice.
-- `permit-address-sharing`: Set this to `false` to  disable connection sharing through `SO_REUSEADDR`. `SO_REUSEADDR` can lead to reuse of terminated connections that are in `TIME_WAIT` state.
+- `bind-address`: In most cases, the kube-scheduler does not need to be externally accessible.
+  Setting the bind address to `localhost` is a secure practice.
+- `permit-address-sharing`: Set this to `false` to  disable connection sharing through `SO_REUSEADDR`.
+  `SO_REUSEADDR` can lead to reuse of terminated connections that are in `TIME_WAIT` state.
 - `permit-port-sharing`: Default `false`. Use the default unless you are confident you understand the security implications.
 
-
 ### Scheduler TLS command line options
 
-- `tls-cipher-suites`: Always provide a list of preferred cipher suites. This ensures encryption never happens with insecure cipher suites. 
-
+- `tls-cipher-suites`: Always provide a list of preferred cipher suites.
+  This ensures encryption never happens with insecure cipher suites. 
 
 ## Scheduling configurations for custom schedulers
 
 When using custom schedulers based on the Kubernetes scheduling code, cluster administrators need to be careful with
 plugins that use the `queueSort`, `prefilter`, `filter`, or `permit` [extension points](/docs/reference/scheduling/config/#extension-points).
-These extension points control various stages of a scheduling process, and the wrong configuration can impact the kube-scheduler's behavior in your cluster.
+These extension points control various stages of a scheduling process,
+and the wrong configuration can impact the kube-scheduler's behavior in your cluster.
 
 ### Key considerations
 
-- Exactly one plugin that uses the `queueSort` extension point can be enabled at a time. Any plugins that use `queueSort` should be scrutinized.
-- Plugins that implement the `prefilter` or `filter` extension point can potentially mark all nodes as unschedulable. This can bring scheduling of new pods to a halt.
-- Plugins that implement the `permit` extension point can prevent or delay the binding of a Pod. Such plugins should be thoroughly reviewed by the cluster administrator.
+- Exactly one plugin that uses the `queueSort` extension point can be enabled at a time.
+  Any plugins that use `queueSort` should be scrutinized.
+- Plugins that implement the `prefilter` or `filter` extension point can potentially mark all nodes as unschedulable.
+  This can bring scheduling of new pods to a halt.
+- Plugins that implement the `permit` extension point can prevent or delay the binding of a Pod.
+  Such plugins should be thoroughly reviewed by the cluster administrator.
 
-When using a plugin that is not one of the [default plugins](/docs/reference/scheduling/config/#scheduling-plugins), consider disabling the `queueSort`, `filter` and `permit` extension points as follows:
+When using a plugin that is not one of the [default plugins](/docs/reference/scheduling/config/#scheduling-plugins),
+consider disabling the `queueSort`, `filter` and `permit` extension points as follows:
 
 ```yaml
 apiVersion: kubescheduler.config.k8s.io/v1
@@ -84,7 +99,8 @@ profiles:
 This creates a scheduler profile ` my-scheduler`.
 Whenever the `.spec` of a Pod does not have a value for `.spec.schedulerName`, the kube-scheduler runs for that Pod, 
 using its main configuration, and default plugins.
-If you define a Pod with `.spec.schedulerName` set to `my-scheduler`, the kube-scheduler runs but with a custom configuration; in that custom configuration,
+If you define a Pod with `.spec.schedulerName` set to `my-scheduler`, the kube-scheduler runs
+but with a custom configuration; in that custom configuration,
 the  `queueSort`, `filter` and `permit` extension points are disabled.
 If you use this KubeSchedulerConfiguration, and don't run any custom scheduler, 
 and you then define a Pod with  `.spec.schedulerName` set to `nonexistent-scheduler` 

content/en/docs/concepts/security/hardening-guide/scheduler.md

@@ -77,12 +77,18 @@ volume mount will not receive updates for those volume sources.
 {{< feature-state feature_gate_name="ClusterTrustBundleProjection" >}}
 
 {{< note >}}
-To use this feature in Kubernetes {{< skew currentVersion >}}, you must enable support for ClusterTrustBundle objects with the `ClusterTrustBundle` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) and `--runtime-config=certificates.k8s.io/v1beta1/clustertrustbundles=true` kube-apiserver flag, then enable the `ClusterTrustBundleProjection` feature gate.
+To use this feature in Kubernetes {{< skew currentVersion >}}, you must enable support for ClusterTrustBundle objects
+with the `ClusterTrustBundle` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) and
+`--runtime-config=certificates.k8s.io/v1beta1/clustertrustbundles=true` kube-apiserver flag,
+then enable the `ClusterTrustBundleProjection` feature gate.
 {{< /note >}}
 
-The `clusterTrustBundle` projected volume source injects the contents of one or more [ClusterTrustBundle](/docs/reference/access-authn-authz/certificate-signing-requests#cluster-trust-bundles) objects as an automatically-updating file in the container filesystem.
+The `clusterTrustBundle` projected volume source injects the contents of one or more
+[ClusterTrustBundle](/docs/reference/access-authn-authz/certificate-signing-requests#cluster-trust-bundles)
+objects as an automatically-updating file in the container filesystem.
 
-ClusterTrustBundles can be selected either by [name](/docs/reference/access-authn-authz/certificate-signing-requests#ctb-signer-unlinked) or by [signer name](/docs/reference/access-authn-authz/certificate-signing-requests#ctb-signer-linked).
+ClusterTrustBundles can be selected either by [name](/docs/reference/access-authn-authz/certificate-signing-requests#ctb-signer-unlinked)
+or by [signer name](/docs/reference/access-authn-authz/certificate-signing-requests#ctb-signer-linked).
 
 To select by name, use the `name` field to designate a single ClusterTrustBundle object.
 
@@ -91,22 +97,26 @@ To select by signer name, use the `signerName` field (and optionally the
 the given signer name. If `labelSelector` is not present, then all
 ClusterTrustBundles for that signer are selected.
 
-The kubelet deduplicates the certificates in the selected ClusterTrustBundle objects, normalizes the PEM representations (discarding comments and headers), reorders the certificates, and writes them into the file named by `path`. As the set of selected ClusterTrustBundles or their content changes, kubelet keeps the file up-to-date.
+The kubelet deduplicates the certificates in the selected ClusterTrustBundle objects,
+normalizes the PEM representations (discarding comments and headers), reorders the certificates,
+and writes them into the file named by `path`.
+As the set of selected ClusterTrustBundles or their content changes, kubelet keeps the file up-to-date.
 
-By default, the kubelet will prevent the pod from starting if the named ClusterTrustBundle is not found, or if `signerName` / `labelSelector` do not match any ClusterTrustBundles.  If this behavior is not what you want, then set the `optional` field to `true`, and the pod will start up with an empty file at `path`.
+By default, the kubelet will prevent the pod from starting if the named ClusterTrustBundle is not found,
+or if `signerName` / `labelSelector` do not match any ClusterTrustBundles.
+If this behavior is not what you want, then set the `optional` field to `true`,
+and the pod will start up with an empty file at `path`.
 
 {{% code_sample file="pods/storage/projected-clustertrustbundle.yaml" %}}
 
-
 ## podCertificate projected volumes {#podcertificate}
 
 {{< feature-state feature_gate_name="PodCertificateRequest" >}}
 
 {{< note >}}
 In Kubernetes {{< skew currentVersion >}}, you must enable support for Pod
-Certificates using the `PodCertificateRequest` [feature
-gate](/docs/reference/command-line-tools-reference/feature-gates/) and the
-`--runtime-config=certificates.k8s.io/v1beta1/podcertificaterequests=true`
+Certificates using the `PodCertificateRequest` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+and the `--runtime-config=certificates.k8s.io/v1beta1/podcertificaterequests=true`
 kube-apiserver flag.
 {{< /note >}}
 
@@ -140,7 +150,8 @@ Each `podCertificate` projection supports the following configuration fields:
   write *just* the private key or certificate chain.
 * `userAnnotations`: a map that allows you to pass additional information to
   the signer implementation. It is copied verbatim into the
-  `spec.unverifiedUserAnnotations` field of the [PodCertificateRequest](docs/reference/access-authn-authz/certificate-signing-requests#pod-certificate-requests) objects
+  `spec.unverifiedUserAnnotations` field of the
+  [PodCertificateRequest](/docs/reference/access-authn-authz/certificate-signing-requests#pod-certificate-requests) objects
   that Kubelet creates. Entries are subject to the same validation as object
   metadata annotations, with the addition that all keys must be domain-prefixed.
   No restrictions are placed on values, except an overall size limitation on the
@@ -167,7 +178,9 @@ resulting in your application loading a mismatched key and certificate.
 
 ## SecurityContext interactions
 
-The [proposal](https://git.k8s.io/enhancements/keps/sig-storage/2451-service-account-token-volumes#proposal) for file permission handling in projected service account volume enhancement introduced the projected files having the correct owner permissions set.
+The [proposal](https://git.k8s.io/enhancements/keps/sig-storage/2451-service-account-token-volumes#proposal)
+for file permission handling in projected service account volume enhancement
+introduced the projected files having the correct owner permissions set.
 
 ### Linux
 

content/en/docs/concepts/storage/projected-volumes.md

@@ -121,7 +121,7 @@ Tools such as {{< glossary_tooltip text="kubectl" term_id="kubectl" >}}
 can work with different formats / encodings. These include:
 
 * [CBOR](https://cbor.io/), used on the network but **not** available as a kubectl output format
-  * See [CBOR resource encoding](https://kubernetes.io/docs/reference/using-api/api-concepts/#cbor-encoding)
+  * See [CBOR resource encoding](/docs/reference/using-api/api-concepts/#cbor-encoding)
 * [JSON](https://www.json.org/), available as a `kubectl` output format and also used at the HTTP layer
 * [KYAML](/docs/reference/encodings/kyaml), a Kubernetes dialect of YAML
   * KYAML is essentially an _output format_; any place where you can provide KYAML to Kubernetes, you can also provide any other valid YAML input
@@ -130,4 +130,4 @@ can work with different formats / encodings. These include:
 Kubernetes also has a custom [protobuf encoding](/docs/reference/using-api/api-concepts/#protobuf-encoding) that is only used within HTTP messages.
 
 The `kubectl` tool supports some other output formats, such as _custom columns_;
-see [output formats](/docs/reference/kubectl/#output-options) in the kubectl reference.
+see [output formats](/docs/reference/kubectl/#output-options) in the kubectl reference.

content/en/docs/reference/_index.md

@@ -788,10 +788,10 @@ The PodTopologyLabels admission controller mutates the `pods/binding` subresourc
 for all pods bound to a Node, adding topology labels matching those of the bound Node.
 This allows Node topology labels to be available as pod labels,
 which can be surfaced to running containers using the
-[Downward API](docs/concepts/workloads/pods/downward-api/).
+[Downward API](/docs/concepts/workloads/pods/downward-api/).
 The labels available as a result of this controller are the
-[topology.kubernetes.io/region](docs/reference/labels-annotations-taints/#topologykubernetesioregion) and
-[topology.kuberentes.io/zone](docs/reference/labels-annotations-taints/#topologykubernetesiozone) labels.
+[topology.kubernetes.io/region](/docs/reference/labels-annotations-taints/#topologykubernetesioregion) and
+[topology.kuberentes.io/zone](/docs/reference/labels-annotations-taints/#topologykubernetesiozone) labels.
 
 {{<note>}}
 If any mutating admission webhook adds or modifies labels of the `pods/binding` subresource,