diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES
index 978be7ca33..01894721d1 100644
--- a/OWNERS_ALIASES
+++ b/OWNERS_ALIASES
@@ -92,15 +92,21 @@ aliases:
     - daminisatya
     - mittalyashu
   sig-docs-id-owners: # Admins for Indonesian content
-    - girikuncoro
-    - irvifa
-  sig-docs-id-reviews: # PR reviews for Indonesian content
+    - ariscahyadi
+    - danninov
     - girikuncoro
     - habibrosyad
     - irvifa
-    - wahyuoi
     - phanama
+    - wahyuoi
+  sig-docs-id-reviews: # PR reviews for Indonesian content
+    - ariscahyadi
     - danninov
+    - girikuncoro
+    - habibrosyad
+    - irvifa
+    - phanama
+    - wahyuoi
   sig-docs-it-owners: # Admins for Italian content
     - fabriziopandini
     - Fale
diff --git a/README-pt.md b/README-pt.md
index 3154b77bab..0992f6c045 100644
--- a/README-pt.md
+++ b/README-pt.md
@@ -1,76 +1,184 @@
 # A documentação do Kubernetes
 
-[![Build Status](https://api.travis-ci.org/kubernetes/website.svg?branch=master)](https://travis-ci.org/kubernetes/website)
-[![GitHub release](https://img.shields.io/github/release/kubernetes/website.svg)](https://github.com/kubernetes/website/releases/latest)
+[![Netlify Status](https://api.netlify.com/api/v1/badges/be93b718-a6df-402a-b4a4-855ba186c97d/deploy-status)](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [![GitHub release](https://img.shields.io/github/release/kubernetes/website.svg)](https://github.com/kubernetes/website/releases/latest)
 
-Bem vindos! Este repositório abriga todos os recursos necessários para criar o [site e documentação do Kubernetes](https://kubernetes.io/). Estamos muito satisfeitos por você querer contribuir!
+Bem-vindos! Este repositório contém todos os recursos necessários para criar o [website e documentação do Kubernetes](https://kubernetes.io/). Estamos muito satisfeitos por você querer contribuir!
 
-## Contribuindo com os documentos
+# Utilizando este repositório
 
-Você pode clicar no botão **Fork** na área superior direita da tela para criar uma cópia desse repositório na sua conta do GitHub. Esta cópia é chamada de *fork*. Faça as alterações desejadas no seu fork e, quando estiver pronto para enviar as alterações para nós, vá até o fork e crie uma nova solicitação de pull para nos informar sobre isso.
+Você pode executar o website localmente utilizando o Hugo (versão Extended), ou você pode executa-ló em um container runtime. É altamente recomendável utilizar um container runtime, pois garante a consistência na implantação do website real.
 
-Depois que seu **pull request** for criado, um revisor do Kubernetes assumirá a responsabilidade de fornecer um feedback claro e objetivo. Como proprietário do pull request, **é sua responsabilidade modificar seu pull request para abordar o feedback que foi fornecido a você pelo revisor do Kubernetes.** Observe também que você pode acabar tendo mais de um revisor do Kubernetes para fornecer seu feedback ou você pode acabar obtendo feedback de um revisor do Kubernetes que é diferente daquele originalmente designado para lhe fornecer feedback. Além disso, em alguns casos, um de seus revisores pode solicitar uma revisão técnica de um [revisor de tecnologia Kubernetes](https://github.com/kubernetes/website/wiki/Tech-reviewers) quando necessário. Os revisores farão o melhor para fornecer feedback em tempo hábil, mas o tempo de resposta pode variar de acordo com as circunstâncias.
+## Pré-requisitos
+
+Para usar este repositório, você precisa instalar:
+
+- [npm](https://www.npmjs.com/)
+- [Go](https://golang.org/)
+- [Hugo (versão Extended)](https://gohugo.io/)
+- Um container runtime, por exemplo [Docker](https://www.docker.com/).
+
+Antes de você iniciar, instale as dependências, clone o repositório e navegue até o diretório:
+
+```
+git clone https://github.com/kubernetes/website.git
+cd website
+```
+
+O website do Kubernetes utiliza o [tema Docsy Hugo](https://github.com/google/docsy#readme). Mesmo se você planeje executar o website em um container, é altamente recomendado baixar os submódulos e outras dependências executando o seguinte comando:
+
+```
+# Baixar o submódulo Docsy
+git submodule update --init --recursive --depth 1
+```
+
+## Executando o website usando um container
+
+Para executar o build do website em um container, execute o comando abaixo para criar a imagem do container e executa-lá:
+
+```
+make container-image
+make container-serve
+```
+
+Abra seu navegador em http://localhost:1313 para visualizar o website. Conforme você faz alterações nos arquivos fontes, o Hugo atualiza o website e força a atualização do navegador.
+
+## Executando o website localmente utilizando o Hugo
+
+Consulte a [documentação oficial do Hugo](https://gohugo.io/getting-started/installing/) para instruções de instalação do Hugo. Certifique-se de instalar a versão do Hugo especificada pela variável de ambiente `HUGO_VERSION` no arquivo [`netlify.toml`](netlify.toml#L9).
+
+Para executar o build e testar o website localmente, execute:
+
+```bash
+# instalar dependências
+npm ci
+make serve
+```
+
+Isso iniciará localmente o Hugo na porta 1313. Abra o seu navegador em http://localhost:1313 para visualizar o website. Conforme você faz alterações nos arquivos fontes, o Hugo atualiza o website e força uma atualização no navegador.
+
+## Construindo a página de referência da API
+
+A página de referência da API localizada em `content/en/docs/reference/kubernetes-api` é construída a partir da especificação do Swagger utilizando https://github.com/kubernetes-sigs/reference-docs/tree/master/gen-resourcesdocs.
+
+Siga os passos abaixo para atualizar a página de referência para uma nova versão do Kubernetes:
+
+OBS: modifique o "v1.20" no exemplo a seguir pela versão a ser atualizada
+
+1. Obter o submódulo `kubernetes-resources-reference`:
+
+```
+git submodule update --init --recursive --depth 1
+```
+
+2. Criar a nova versão da API no submódulo e adicionar à especificação do Swagger:
+
+```
+mkdir api-ref-generator/gen-resourcesdocs/api/v1.20
+curl 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json' > api-ref-generator/gen-resourcesdocs/api/v1.20/swagger.json
+```
+
+3. Copiar o sumário e os campos de configuração para a nova versão a partir da versão anterior:
+
+```
+mkdir api-ref-generator/gen-resourcesdocs/api/v1.20
+cp api-ref-generator/gen-resourcesdocs/api/v1.19/* api-ref-generator/gen-resourcesdocs/api/v1.20/
+```
+
+4. Ajustar os arquivos `toc.yaml` e `fields.yaml` para refletir as mudanças entre as duas versões.
+
+5. Em seguida, gerar as páginas:
+
+```
+make api-reference
+```
+
+Você pode validar o resultado localmente gerando e disponibilizando o site a partir da imagem do container:
+
+```
+make container-image
+make container-serve
+```
+
+Abra o seu navegador em http://localhost:1313/docs/reference/kubernetes-api/ para visualizar a página de referência da API.
+
+6. Quando todas as mudanças forem refletidas nos arquivos de configuração `toc.yaml` e `fields.yaml`, crie um pull request com a nova página de referência de API.
+
+## Troubleshooting
+### error: failed to transform resource: TOCSS: failed to transform "scss/main.scss" (text/x-scss): this feature is not available in your current Hugo version
+
+Por motivos técnicos, o Hugo é disponibilizado em dois conjuntos de binários. O website atual funciona apenas na versão **Hugo Extended**. Na [página de releases](https://github.com/gohugoio/hugo/releases) procure por arquivos com `extended` no nome. Para confirmar, execute `hugo version` e procure pela palavra `extended`.
+
+### Troubleshooting macOS for too many open files
+
+Se você executar o comando `make serve` no macOS e retornar o seguinte erro:
+
+```
+ERROR 2020/08/01 19:09:18 Error: listen tcp 127.0.0.1:1313: socket: too many open files
+make: *** [serve] Error 1
+```
+
+Verifique o limite atual para arquivos abertos:
+
+`launchctl limit maxfiles`
+
+Em seguida, execute os seguintes comandos (adaptado de https://gist.github.com/tombigel/d503800a282fcadbee14b537735d202c):
+
+```shell
+#!/bin/sh
+
+# Esse são os links do gist original, vinculados ao meu gists agora.
+# curl -O https://gist.githubusercontent.com/a2ikm/761c2ab02b7b3935679e55af5d81786a/raw/ab644cb92f216c019a2f032bbf25e258b01d87f9/limit.maxfiles.plist
+# curl -O https://gist.githubusercontent.com/a2ikm/761c2ab02b7b3935679e55af5d81786a/raw/ab644cb92f216c019a2f032bbf25e258b01d87f9/limit.maxproc.plist
+
+curl -O https://gist.githubusercontent.com/tombigel/d503800a282fcadbee14b537735d202c/raw/ed73cacf82906fdde59976a0c8248cce8b44f906/limit.maxfiles.plist
+curl -O https://gist.githubusercontent.com/tombigel/d503800a282fcadbee14b537735d202c/raw/ed73cacf82906fdde59976a0c8248cce8b44f906/limit.maxproc.plist
+
+sudo mv limit.maxfiles.plist /Library/LaunchDaemons
+sudo mv limit.maxproc.plist /Library/LaunchDaemons
+
+sudo chown root:wheel /Library/LaunchDaemons/limit.maxfiles.plist
+sudo chown root:wheel /Library/LaunchDaemons/limit.maxproc.plist
+
+sudo launchctl load -w /Library/LaunchDaemons/limit.maxfiles.plist
+```
+
+Esta solução funciona tanto para o MacOS Catalina quanto para o MacOS Mojave.
+
+# Comunidade, discussão, contribuição e apoio
+
+Saiba mais sobre a comunidade Kubernetes SIG Docs e reuniões na [página da comunidade](http://kubernetes.io/community/).
+
+Você também pode entrar em contato com os mantenedores deste projeto em:
+
+- [Slack](https://kubernetes.slack.com/messages/sig-docs) ([Obter o convide para o este slack](https://slack.k8s.io/))
+- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)
+
+# Contribuindo com os documentos
+
+Você pode clicar no botão **Fork** na área superior direita da tela para criar uma cópia desse repositório na sua conta do GitHub. Esta cópia é chamada de *fork*. Faça as alterações desejadas no seu fork e, quando estiver pronto para enviar as alterações para nós, vá até o fork e crie um novo **pull request** para nos informar sobre isso.
+
+Depois que seu **pull request** for criado, um revisor do Kubernetes assumirá a responsabilidade de fornecer um feedback claro e objetivo. Como proprietário do pull request, **é sua responsabilidade modificar seu pull request para atender ao feedback que foi fornecido a você pelo revisor do Kubernetes.**
+
+Observe também que você pode acabar tendo mais de um revisor do Kubernetes para fornecer seu feedback ou você pode acabar obtendo feedback de um outro revisor do Kubernetes diferente daquele originalmente designado para lhe fornecer o feedback.
+
+Além disso, em alguns casos, um de seus revisores pode solicitar uma revisão técnica de um [revisor técnico do Kubernetes](https://github.com/kubernetes/website/wiki/Tech-reviewers) quando necessário. Os revisores farão o melhor para fornecer feedbacks em tempo hábil, mas o tempo de resposta pode variar de acordo com as circunstâncias.
 
 Para mais informações sobre como contribuir com a documentação do Kubernetes, consulte:
 
-* [Comece a contribuir](https://kubernetes.io/docs/contribute/start/)
-* [Preparando suas alterações na documentação](http://kubernetes.io/docs/contribute/intermediate#view-your-changes-locally)
-* [Usando Modelos de Página](http://kubernetes.io/docs/contribute/style/page-templates/)
+* [Contribua com a documentação do Kubernetes](https://kubernetes.io/docs/contribute/)
+* [Tipos de conteúdo de página](https://kubernetes.io/docs/contribute/style/page-content-types/)
 * [Guia de Estilo da Documentação](http://kubernetes.io/docs/contribute/style/style-guide/)
 * [Localizando documentação do Kubernetes](https://kubernetes.io/docs/contribute/localization/)
 
-Você pode contactar os mantenedores da localização em Português em:
+Você pode contatar os mantenedores da localização em Português em:
 
 * Felipe ([GitHub - @femrtnz](https://github.com/femrtnz))
 * [Slack channel](https://kubernetes.slack.com/messages/kubernetes-docs-pt)
 
-## Executando o site localmente usando o Docker
-
-A maneira recomendada de executar o site do Kubernetes localmente é executar uma imagem especializada do [Docker](https://docker.com) que inclui o gerador de site estático [Hugo](https://gohugo.io).
-
-> Se você está rodando no Windows, você precisará de mais algumas ferramentas que você pode instalar com o [Chocolatey](https://chocolatey.org). `choco install make`
-
-> Se você preferir executar o site localmente sem o Docker, consulte [Executando o site localmente usando o Hugo](#executando-o-site-localmente-usando-o-hugo) abaixo.
-
-Se você tiver o Docker [em funcionamento](https://www.docker.com/get-started), crie a imagem do Docker do `kubernetes-hugo` localmente:
-
-```bash
-make container-image
-```
-
-Depois que a imagem foi criada, você pode executar o site localmente:
-
-```bash
-make container-serve
-```
-
-Abra seu navegador para http://localhost:1313 para visualizar o site. Conforme você faz alterações nos arquivos de origem, Hugo atualiza o site e força a atualização do navegador.
-
-## Executando o site localmente usando o Hugo
-
-Veja a [documentação oficial do Hugo](https://gohugo.io/getting-started/installing/) para instruções de instalação do Hugo. Certifique-se de instalar a versão do Hugo especificada pela variável de ambiente `HUGO_VERSION` no arquivo [`netlify.toml`](netlify.toml#L9).
-
-Para executar o site localmente quando você tiver o Hugo instalado:
-
-```bash
-make serve
-```
-
-Isso iniciará o servidor Hugo local na porta 1313. Abra o navegador para http://localhost:1313 para visualizar o site. Conforme você faz alterações nos arquivos de origem, Hugo atualiza o site e força a atualização do navegador.
-
-## Comunidade, discussão, contribuição e apoio
-
-Aprenda a se envolver com a comunidade do Kubernetes na [página da comunidade](http://kubernetes.io/community/).
-
-Você pode falar com os mantenedores deste projeto:
-
-- [Slack](https://kubernetes.slack.com/messages/sig-docs)
-- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)
-
-### Código de conduta
+# Código de conduta
 
 A participação na comunidade Kubernetes é regida pelo [Código de Conduta da Kubernetes](code-of-conduct.md).
 
-## Obrigado!
+# Obrigado!
 
-O Kubernetes conta com a participação da comunidade e nós realmente agradecemos suas contribuições para o nosso site e nossa documentação!
+O Kubernetes prospera com a participação da comunidade e nós realmente agradecemos suas contribuições para o nosso website e nossa documentação!
\ No newline at end of file
diff --git a/README.md b/README.md
index 44dcc7a7ca..8ec876eef2 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,8 @@ make container-image
 make container-serve
 ```
 
+In a web browser, go to http://localhost:1313/docs/reference/kubernetes-api/ to view the API reference.
+
 6. When all changes of the new contract are reflected into the configuration files `toc.yaml` and `fields.yaml`, create a Pull Request with the newly generated API reference pages.
 
 ## Troubleshooting
diff --git a/assets/scss/_base.scss b/assets/scss/_base.scss
index 1bf749b67a..b1b112cb38 100644
--- a/assets/scss/_base.scss
+++ b/assets/scss/_base.scss
@@ -810,6 +810,13 @@ section#cncf {
   }
 }
 
+.td-search {
+  header > .header-filler {
+    height: $hero-padding-top;
+    background-color: black;
+  }
+}
+
 // Docs specific
 
 #editPageButton {
diff --git a/content/en/community/_index.html b/content/en/community/_index.html
index e1ebb9e9cb..ad9cab5d94 100644
--- a/content/en/community/_index.html
+++ b/content/en/community/_index.html
@@ -19,6 +19,7 @@ cid: community
 
 <div class="community__navbar">
 
+<a href="#values">Community Values</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 <a href="#conduct">Code of conduct </a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 <a href="#videos">Videos</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 <a href="#discuss">Discussions</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
@@ -41,10 +42,28 @@ cid: community
     <img src="/images/community/kubernetes-community-final-05.jpg" alt="Kubernetes Conference Gallery" style="width:100%;margin-right:0% important" class="desktop">
   </div>
   <img src="/images/community/kubernetes-community-04-mobile.jpg" alt="Kubernetes Conference Gallery" style="width:100%;margin-bottom:3%" class="mobile">
-
-<a name="conduct"></a>
+<a name="values"></a>
 </div>
 
+<div><a name="values"></a></div>
+<div class="conduct">
+<div class="conducttext">
+<br class="mobile"><br class="mobile">
+<br class="tablet"><br class="tablet">
+<div class="conducttextnobutton" style="margin-bottom:2%"><h1>Community Values</h1>
+The Kubernetes Community values are the keystone to the ongoing success of the project.<br>
+These principles guide every aspect of the Kubernetes project.
+<br>
+<a href="/community/values/">
+<br class="mobile"><br class="mobile">
+<span class="fullbutton">
+  READ MORE
+  </span>
+  </a>
+  </div><a name="conduct"></a>
+  </div>
+  </div>
+
 
 
 <div class="conduct">
diff --git a/content/en/community/static/community-values.md b/content/en/community/static/community-values.md
new file mode 100644
index 0000000000..f6469a3e61
--- /dev/null
+++ b/content/en/community/static/community-values.md
@@ -0,0 +1,28 @@
+<!-- Do not edit this file directly. Get the latest from
+     https://git.k8s.io/community/values.md -->
+
+# Kubernetes Community Values
+
+Kubernetes Community culture is frequently cited as a substantial contributor to the meteoric rise of this Open Source project.  Below are the distilled values which have evolved over the last many years in our community pushing our project and peers toward constant improvement.
+
+## Distribution is better than centralization
+
+The scale of the Kubernetes project is only viable through high-trust and high-visibility distribution of work, which includes delegation of authority, decision making, technical design, code ownership, and documentation.  Distributed asynchronous ownership, collaboration, communication and decision making are the cornerstone of our world-wide community.
+
+## Community over product or company
+
+We are here as a community first, our allegiance is to the intentional stewardship of the Kubernetes project for the benefit of all its members and users everywhere.  We support working together publicly for the common goal of a vibrant interoperable ecosystem providing an excellent experience for our users. Individuals gain status through work, companies gain status through their commitments to support this community and fund the resources necessary for the project  to operate.
+
+## Automation over process
+
+Large projects have a lot of less exciting, yet, hard work.  We value time spent automating repetitive work more highly than toil. Where that work cannot be automated, it is our culture to recognize and reward all types of contributions. However, heroism is not sustainable.
+
+## Inclusive is better than exclusive
+
+Broadly successful and useful technology requires different perspectives and skill sets which can only be heard in a welcoming and respectful environment.  Community membership is a privilege, not a right. Community Leadership is earned through effort, scope, quality, quantity, and duration of contributions. Our community shows respect for the time and effort put into a discussion regardless of where a contributor is on their growth path.
+
+## Evolution is better than stagnation
+
+Openness to new ideas and studied technological evolution make Kubernetes a stronger project.  Continual improvement, servant leadership, mentorship and respect are the foundations of the Kubernetes project culture. It is the duty for leaders in the Kubernetes community to find, sponsor, and promote new community members. Leaders should expect to step aside. Community members should expect to step up.
+
+**"Culture eats strategy for breakfast."   --Peter Drucker**
diff --git a/content/en/community/values.md b/content/en/community/values.md
new file mode 100644
index 0000000000..4ae1fe30b6
--- /dev/null
+++ b/content/en/community/values.md
@@ -0,0 +1,13 @@
+---
+title: Community
+layout: basic
+cid: community
+css: /css/community.css
+---
+
+<div class="community_main">
+
+<div class="cncf_coc_container">
+{{< include "/static/community-values.md" >}}
+</div>
+</div>
diff --git a/content/en/docs/concepts/architecture/controller.md b/content/en/docs/concepts/architecture/controller.md
index 5ab2cb970a..711cf38363 100644
--- a/content/en/docs/concepts/architecture/controller.md
+++ b/content/en/docs/concepts/architecture/controller.md
@@ -102,7 +102,7 @@ Other control loops can observe that reported data and take their own actions.
 In the thermostat example, if the room is very cold then a different controller
 might also turn on a frost protection heater. With Kubernetes clusters, the control
 plane indirectly works with IP address management tools, storage services,
-cloud provider APIS, and other services by
+cloud provider APIs, and other services by
 [extending Kubernetes](/docs/concepts/extend-kubernetes/) to implement that.
 
 ## Desired versus current state {#desired-vs-current}
diff --git a/content/en/docs/concepts/architecture/nodes.md b/content/en/docs/concepts/architecture/nodes.md
index 7bd4b355b6..de08e48d8c 100644
--- a/content/en/docs/concepts/architecture/nodes.md
+++ b/content/en/docs/concepts/architecture/nodes.md
@@ -11,9 +11,10 @@ weight: 10
 
 Kubernetes runs your workload by placing containers into Pods to run on _Nodes_.
 A node may be a virtual or physical machine, depending on the cluster. Each node
-contains the services necessary to run
-{{< glossary_tooltip text="Pods" term_id="pod" >}}, managed by the
-{{< glossary_tooltip text="control plane" term_id="control-plane" >}}.
+is managed by the
+{{< glossary_tooltip text="control plane" term_id="control-plane" >}}
+and contains the services necessary to run
+{{< glossary_tooltip text="Pods" term_id="pod" >}}
 
 Typically you have several nodes in a cluster; in a learning or resource-limited
 environment, you might have just one.
diff --git a/content/en/docs/concepts/cluster-administration/_index.md b/content/en/docs/concepts/cluster-administration/_index.md
index 14b8165ebf..cac156b53b 100644
--- a/content/en/docs/concepts/cluster-administration/_index.md
+++ b/content/en/docs/concepts/cluster-administration/_index.md
@@ -26,12 +26,12 @@ See the guides in [Setup](/docs/setup/) for examples of how to plan, set up, and
 
 Before choosing a guide, here are some considerations:
 
- - Do you just want to try out Kubernetes on your computer, or do you want to build a high-availability, multi-node cluster? Choose distros best suited for your needs.
+ - Do you want to try out Kubernetes on your computer, or do you want to build a high-availability, multi-node cluster? Choose distros best suited for your needs.
  - Will you be using **a hosted Kubernetes cluster**, such as [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/), or **hosting your own cluster**?
  - Will your cluster be **on-premises**, or **in the cloud (IaaS)**? Kubernetes does not directly support hybrid clusters. Instead, you can set up multiple clusters.
  - **If you are configuring Kubernetes on-premises**, consider which [networking model](/docs/concepts/cluster-administration/networking/) fits best.
  - Will you be running Kubernetes on **"bare metal" hardware** or on **virtual machines (VMs)**?
- - Do you **just want to run a cluster**, or do you expect to do **active development of Kubernetes project code**? If the
+ - Do you **want to run a cluster**, or do you expect to do **active development of Kubernetes project code**? If the
    latter, choose an actively-developed distro. Some distros only use binary releases, but
    offer a greater variety of choices.
  - Familiarize yourself with the [components](/docs/concepts/overview/components/) needed to run a cluster.
diff --git a/content/en/docs/concepts/cluster-administration/logging.md b/content/en/docs/concepts/cluster-administration/logging.md
index 80c610f963..d8c0a0615c 100644
--- a/content/en/docs/concepts/cluster-administration/logging.md
+++ b/content/en/docs/concepts/cluster-administration/logging.md
@@ -9,23 +9,22 @@ weight: 60
 
 <!-- overview -->
 
-Application logs can help you understand what is happening inside your application. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism; as such, most container engines are likewise designed to support some kind of logging. The easiest and most embraced logging method for containerized applications is to write to the standard output and standard error streams.
+Application logs can help you understand what is happening inside your application. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism. Likewise, container engines are designed to support logging. The easiest and most adopted logging method for containerized applications is writing to standard output and standard error streams.
 
-However, the native functionality provided by a container engine or runtime is usually not enough for a complete logging solution. For example, if a container crashes, a pod is evicted, or a node dies, you'll usually still want to access your application's logs. As such, logs should have a separate storage and lifecycle independent of nodes, pods, or containers. This concept is called _cluster-level-logging_. Cluster-level logging requires a separate backend to store, analyze, and query logs. Kubernetes provides no native storage solution for log data, but you can integrate many existing logging solutions into your Kubernetes cluster.
+However, the native functionality provided by a container engine or runtime is usually not enough for a complete logging solution.
+For example, you may want access your application's logs if a container crashes; a pod gets evicted; or a node dies.
+In a cluster, logs should have a separate storage and lifecycle independent of nodes, pods, or containers. This concept is called _cluster-level logging_.
 
 <!-- body -->
 
-Cluster-level logging architectures are described in assumption that
-a logging backend is present inside or outside of your cluster. If you're
-not interested in having cluster-level logging, you might still find
-the description of how logs are stored and handled on the node to be useful.
+Cluster-level logging architectures require a separate backend to store, analyze, and query logs. Kubernetes
+does not provide a native storage solution for log data. Instead, there are many logging solutions that
+integrate with Kubernetes. The following sections describe how to handle and store logs on nodes.
 
 ## Basic logging in Kubernetes
 
-In this section, you can see an example of basic logging in Kubernetes that
-outputs data to the standard output stream. This demonstration uses
-a pod specification with a container that writes some text to standard output
-once per second.
+This example uses a `Pod` specification with a container
+to write text to the standard output stream once per second.
 
 {{< codenew file="debug/counter-pod.yaml" >}}
 
@@ -34,8 +33,10 @@ To run this pod, use the following command:
 ```shell
 kubectl apply -f https://k8s.io/examples/debug/counter-pod.yaml
 ```
+
 The output is:
-```
+
+```console
 pod/counter created
 ```
 
@@ -44,73 +45,73 @@ To fetch the logs, use the `kubectl logs` command, as follows:
 ```shell
 kubectl logs counter
 ```
+
 The output is:
-```
+
+```console
 0: Mon Jan  1 00:00:00 UTC 2001
 1: Mon Jan  1 00:00:01 UTC 2001
 2: Mon Jan  1 00:00:02 UTC 2001
 ...
 ```
 
-You can use `kubectl logs` to retrieve logs from a previous instantiation of a container with `--previous` flag, in case the container has crashed. If your pod has multiple containers, you should specify which container's logs you want to access by appending a container name to the command. See the [`kubectl logs` documentation](/docs/reference/generated/kubectl/kubectl-commands#logs) for more details.
+You can use `kubectl logs --previous` to retrieve logs from a previous instantiation of a container. If your pod has multiple containers, specify which container's logs you want to access by appending a container name to the command. See the [`kubectl logs` documentation](/docs/reference/generated/kubectl/kubectl-commands#logs) for more details.
 
 ## Logging at the node level
 
 ![Node level logging](/images/docs/user-guide/logging/logging-node-level.png)
 
-Everything a containerized application writes to `stdout` and `stderr` is handled and redirected somewhere by a container engine. For example, the Docker container engine redirects those two streams to [a logging driver](https://docs.docker.com/engine/admin/logging/overview), which is configured in Kubernetes to write to a file in json format.
+A container engine handles and redirects any output generated to a containerized application's `stdout` and `stderr` streams.
+For example, the Docker container engine redirects those two streams to [a logging driver](https://docs.docker.com/engine/admin/logging/overview), which is configured in Kubernetes to write to a file in JSON format.
 
 {{< note >}}
-The Docker json logging driver treats each line as a separate message. When using the Docker logging driver, there is no direct support for multi-line messages. You need to handle multi-line messages at the logging agent level or higher.
+The Docker JSON logging driver treats each line as a separate message. When using the Docker logging driver, there is no direct support for multi-line messages. You need to handle multi-line messages at the logging agent level or higher.
 {{< /note >}}
 
 By default, if a container restarts, the kubelet keeps one terminated container with its logs. If a pod is evicted from the node, all corresponding containers are also evicted, along with their logs.
 
 An important consideration in node-level logging is implementing log rotation,
 so that logs don't consume all available storage on the node. Kubernetes
-currently is not responsible for rotating logs, but rather a deployment tool
+is not responsible for rotating logs, but rather a deployment tool
 should set up a solution to address that.
 For example, in Kubernetes clusters, deployed by the `kube-up.sh` script,
 there is a [`logrotate`](https://linux.die.net/man/8/logrotate)
 tool configured to run each hour. You can also set up a container runtime to
-rotate application's logs automatically, for example by using Docker's `log-opt`.
-In the `kube-up.sh` script, the latter approach is used for COS image on GCP,
-and the former approach is used in any other environment. In both cases, by
-default rotation is configured to take place when log file exceeds 10MB.
+rotate an application's logs automatically.
 
 As an example, you can find detailed information about how `kube-up.sh` sets
 up logging for COS image on GCP in the corresponding
-[script](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh).
+[`configure-helper` script](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh).
 
 When you run [`kubectl logs`](/docs/reference/generated/kubectl/kubectl-commands#logs) as in
 the basic logging example, the kubelet on the node handles the request and
-reads directly from the log file, returning the contents in the response.
+reads directly from the log file. The kubelet returns the content of the log file.
 
 {{< note >}}
-Currently, if some external system has performed the rotation,
+If an external system has performed the rotation,
 only the contents of the latest log file will be available through
-`kubectl logs`. E.g. if there's a 10MB file, `logrotate` performs
-the rotation and there are two files, one 10MB in size and one empty,
-`kubectl logs` will return an empty response.
+`kubectl logs`. For example, if there's a 10MB file, `logrotate` performs
+the rotation and there are two files: one file that is 10MB in size and a second file that is empty.
+`kubectl logs` returns the latest log file which in this example is an empty response.
 {{< /note >}}
 
-[cosConfigureHelper]: https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh
 ### System component logs
 
 There are two types of system components: those that run in a container and those
 that do not run in a container. For example:
 
 * The Kubernetes scheduler and kube-proxy run in a container.
-* The kubelet and container runtime, for example Docker, do not run in containers.
+* The kubelet and container runtime do not run in containers.
 
 On machines with systemd, the kubelet and container runtime write to journald. If
-systemd is not present, they write to `.log` files in the `/var/log` directory.
-System components inside containers always write to the `/var/log` directory,
-bypassing the default logging mechanism. They use the [klog](https://github.com/kubernetes/klog)
+systemd is not present, the kubelet and container runtime write to `.log` files
+in the `/var/log` directory. System components inside containers always write
+to the `/var/log` directory, bypassing the default logging mechanism.
+They use the [`klog`](https://github.com/kubernetes/klog)
 logging library. You can find the conventions for logging severity for those
 components in the [development docs on logging](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md).
 
-Similarly to the container logs, system component logs in the `/var/log`
+Similar to the container logs, system component logs in the `/var/log`
 directory should be rotated. In Kubernetes clusters brought up by
 the `kube-up.sh` script, those logs are configured to be rotated by
 the `logrotate` tool daily or once the size exceeds 100MB.
@@ -129,13 +130,14 @@ While Kubernetes does not provide a native solution for cluster-level logging, t
 
 You can implement cluster-level logging by including a _node-level logging agent_ on each node. The logging agent is a dedicated tool that exposes logs or pushes logs to a backend. Commonly, the logging agent is a container that has access to a directory with log files from all of the application containers on that node.
 
-Because the logging agent must run on every node, it's common to implement it as either a DaemonSet replica, a manifest pod, or a dedicated native process on the node. However the latter two approaches are deprecated and highly discouraged.
+Because the logging agent must run on every node, it is recommended to run the agent
+as a `DaemonSet`.
 
-Using a node-level logging agent is the most common and encouraged approach for a Kubernetes cluster, because it creates only one agent per node, and it doesn't require any changes to the applications running on the node. However, node-level logging _only works for applications' standard output and standard error_.
+Node-level logging creates only one agent per node and doesn't require any changes to the applications running on the node.
 
-Kubernetes doesn't specify a logging agent, but two optional logging agents are packaged with the Kubernetes release: [Stackdriver Logging](/docs/tasks/debug-application-cluster/logging-stackdriver/) for use with Google Cloud Platform, and [Elasticsearch](/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/). You can find more information and instructions in the dedicated documents. Both use [fluentd](https://www.fluentd.org/) with custom configuration as an agent on the node.
+Containers write stdout and stderr, but with no agreed format. A node-level agent collects these logs and forwards them for aggregation.
 
-### Using a sidecar container with the logging agent
+### Using a sidecar container with the logging agent {#sidecar-container-with-logging-agent}
 
 You can use a sidecar container in one of the following ways:
 
@@ -146,28 +148,27 @@ You can use a sidecar container in one of the following ways:
 
 ![Sidecar container with a streaming container](/images/docs/user-guide/logging/logging-with-streaming-sidecar.png)
 
-By having your sidecar containers stream to their own `stdout` and `stderr`
+By having your sidecar containers write to their own `stdout` and `stderr`
 streams, you can take advantage of the kubelet and the logging agent that
 already run on each node. The sidecar containers read logs from a file, a socket,
-or the journald. Each individual sidecar container prints log to its own `stdout`
-or `stderr` stream.
+or journald. Each sidecar container prints a log to its own `stdout` or `stderr` stream.
 
 This approach allows you to separate several log streams from different
 parts of your application, some of which can lack support
 for writing to `stdout` or `stderr`. The logic behind redirecting logs
-is minimal, so it's hardly a significant overhead. Additionally, because
+is minimal, so it's not a significant overhead. Additionally, because
 `stdout` and `stderr` are handled by the kubelet, you can use built-in tools
 like `kubectl logs`.
 
-Consider the following example. A pod runs a single container, and the container
-writes to two different log files, using two different formats. Here's a
+For example, a pod runs a single container, and the container
+writes to two different log files using two different formats. Here's a
 configuration file for the Pod:
 
 {{< codenew file="admin/logging/two-files-counter-pod.yaml" >}}
 
-It would be a mess to have log entries of different formats in the same log
+It is not recommended to write log entries with different formats to the same log
 stream, even if you managed to redirect both components to the `stdout` stream of
-the container. Instead, you could introduce two sidecar containers. Each sidecar
+the container. Instead, you can create two sidecar containers. Each sidecar
 container could tail a particular log file from a shared volume and then redirect
 the logs to its own `stdout` stream.
 
@@ -181,7 +182,10 @@ running the following commands:
 ```shell
 kubectl logs counter count-log-1
 ```
-```
+
+The output is:
+
+```console
 0: Mon Jan  1 00:00:00 UTC 2001
 1: Mon Jan  1 00:00:01 UTC 2001
 2: Mon Jan  1 00:00:02 UTC 2001
@@ -191,7 +195,10 @@ kubectl logs counter count-log-1
 ```shell
 kubectl logs counter count-log-2
 ```
-```
+
+The output is:
+
+```console
 Mon Jan  1 00:00:00 UTC 2001 INFO 0
 Mon Jan  1 00:00:01 UTC 2001 INFO 1
 Mon Jan  1 00:00:02 UTC 2001 INFO 2
@@ -202,16 +209,15 @@ The node-level agent installed in your cluster picks up those log streams
 automatically without any further configuration. If you like, you can configure
 the agent to parse log lines depending on the source container.
 
-Note, that despite low CPU and memory usage (order of couple of millicores
+Note, that despite low CPU and memory usage (order of a couple of millicores
 for cpu and order of several megabytes for memory), writing logs to a file and
 then streaming them to `stdout` can double disk usage. If you have
-an application that writes to a single file, it's generally better to set
-`/dev/stdout` as destination rather than implementing the streaming sidecar
+an application that writes to a single file, it's recommended to set
+`/dev/stdout` as the destination rather than implement the streaming sidecar
 container approach.
 
 Sidecar containers can also be used to rotate log files that cannot be
-rotated by the application itself. An example
-of this approach is a small container running logrotate periodically.
+rotated by the application itself. An example of this approach is a small container running `logrotate` periodically.
 However, it's recommended to use `stdout` and `stderr` directly and leave rotation
 and retention policies to the kubelet.
 
@@ -226,21 +232,17 @@ configured specifically to run with your application.
 {{< note >}}
 Using a logging agent in a sidecar container can lead
 to significant resource consumption. Moreover, you won't be able to access
-those logs using `kubectl logs` command, because they are not controlled
+those logs using `kubectl logs` because they are not controlled
 by the kubelet.
 {{< /note >}}
 
-As an example, you could use [Stackdriver](/docs/tasks/debug-application-cluster/logging-stackdriver/),
-which uses fluentd as a logging agent. Here are two configuration files that
-you can use to implement this approach. The first file contains
-a [ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) to configure fluentd.
+Here are two configuration files that you can use to implement a sidecar container with a logging agent. The first file contains
+a [`ConfigMap`](/docs/tasks/configure-pod-container/configure-pod-configmap/) to configure fluentd.
 
 {{< codenew file="admin/logging/fluentd-sidecar-config.yaml" >}}
 
 {{< note >}}
-The configuration of fluentd is beyond the scope of this article. For
-information about configuring fluentd, see the
-[official fluentd documentation](https://docs.fluentd.org/).
+For information about configuring fluentd, see the [fluentd documentation](https://docs.fluentd.org/).
 {{< /note >}}
 
 The second file describes a pod that has a sidecar container running fluentd.
@@ -248,18 +250,10 @@ The pod mounts a volume where fluentd can pick up its configuration data.
 
 {{< codenew file="admin/logging/two-files-counter-pod-agent-sidecar.yaml" >}}
 
-After some time you can find log messages in the Stackdriver interface.
-
-Remember, that this is just an example and you can actually replace fluentd
-with any logging agent, reading from any source inside an application
-container.
+In the sample configurations, you can replace fluentd with any logging agent, reading from any source inside an application container.
 
 ### Exposing logs directly from the application
 
 ![Exposing logs directly from the application](/images/docs/user-guide/logging/logging-from-application.png)
 
-You can implement cluster-level logging by exposing or pushing logs directly from
-every application; however, the implementation for such a logging mechanism
-is outside the scope of Kubernetes.
-
-
+Cluster-logging that exposes or pushes logs directly from every application is outside the scope of Kubernetes.
diff --git a/content/en/docs/concepts/cluster-administration/manage-deployment.md b/content/en/docs/concepts/cluster-administration/manage-deployment.md
index 50ed69ff42..d9814a887a 100644
--- a/content/en/docs/concepts/cluster-administration/manage-deployment.md
+++ b/content/en/docs/concepts/cluster-administration/manage-deployment.md
@@ -70,7 +70,7 @@ deployment.apps "my-nginx" deleted
 service "my-nginx-svc" deleted
 ```
 
-In the case of just two resources, it's also easy to specify both on the command line using the resource/name syntax:
+In the case of two resources, you can specify both resources on the command line using the resource/name syntax:
 
 ```shell
 kubectl delete deployments/my-nginx services/my-nginx-svc
@@ -87,10 +87,11 @@ deployment.apps "my-nginx" deleted
 service "my-nginx-svc" deleted
 ```
 
-Because `kubectl` outputs resource names in the same syntax it accepts, it's easy to chain operations using `$()` or `xargs`:
+Because `kubectl` outputs resource names in the same syntax it accepts, you can chain operations using `$()` or `xargs`:
 
 ```shell
 kubectl get $(kubectl create -f docs/concepts/cluster-administration/nginx/ -o name | grep service)
+kubectl create -f docs/concepts/cluster-administration/nginx/ -o name | grep service | xargs -i kubectl get {}
 ```
 
 ```shell
@@ -301,6 +302,7 @@ Sometimes you would want to attach annotations to resources. Annotations are arb
 kubectl annotate pods my-nginx-v4-9gw19 description='my frontend running nginx'
 kubectl get pods my-nginx-v4-9gw19 -o yaml
 ```
+
 ```shell
 apiVersion: v1
 kind: pod
@@ -314,11 +316,12 @@ For more information, please see [annotations](/docs/concepts/overview/working-w
 
 ## Scaling your application
 
-When load on your application grows or shrinks, it's easy to scale with `kubectl`. For instance, to decrease the number of nginx replicas from 3 to 1, do:
+When load on your application grows or shrinks, use `kubectl` to scale your application. For instance, to decrease the number of nginx replicas from 3 to 1, do:
 
 ```shell
 kubectl scale deployment/my-nginx --replicas=1
 ```
+
 ```shell
 deployment.apps/my-nginx scaled
 ```
@@ -328,6 +331,7 @@ Now you only have one pod managed by the deployment.
 ```shell
 kubectl get pods -l app=nginx
 ```
+
 ```shell
 NAME                        READY     STATUS    RESTARTS   AGE
 my-nginx-2035384211-j5fhi   1/1       Running   0          30m
@@ -338,6 +342,7 @@ To have the system automatically choose the number of nginx replicas as needed,
 ```shell
 kubectl autoscale deployment/my-nginx --min=1 --max=3
 ```
+
 ```shell
 horizontalpodautoscaler.autoscaling/my-nginx autoscaled
 ```
@@ -411,6 +416,7 @@ In some cases, you may need to update resource fields that cannot be updated onc
 ```shell
 kubectl replace -f https://k8s.io/examples/application/nginx/nginx-deployment.yaml --force
 ```
+
 ```shell
 deployment.apps/my-nginx deleted
 deployment.apps/my-nginx replaced
@@ -427,14 +433,17 @@ Let's say you were running version 1.14.2 of nginx:
 ```shell
 kubectl create deployment my-nginx --image=nginx:1.14.2
 ```
+
 ```shell
 deployment.apps/my-nginx created
 ```
 
 with 3 replicas (so the old and new revisions can coexist):
+
 ```shell
 kubectl scale deployment my-nginx --current-replicas=1 --replicas=3
 ```
+
 ```
 deployment.apps/my-nginx scaled
 ```
diff --git a/content/en/docs/concepts/cluster-administration/system-logs.md b/content/en/docs/concepts/cluster-administration/system-logs.md
index 9ccae3adf7..0466837356 100644
--- a/content/en/docs/concepts/cluster-administration/system-logs.md
+++ b/content/en/docs/concepts/cluster-administration/system-logs.md
@@ -31,22 +31,24 @@ I1025 00:15:15.525108       1 httplog.go:79] GET /api/v1/namespaces/kube-system/
 
 {{< feature-state for_k8s_version="v1.19" state="alpha" >}}
 
-{{<warning>}}
+{{< warning >}}
 Migration to structured log messages is an ongoing process. Not all log messages are structured in this version. When parsing log files, you must also handle unstructured log messages.
 
 Log formatting and value serialization are subject to change.
 {{< /warning>}}
 
-Structured logging is a effort to introduce a uniform structure in log messages allowing for easy extraction of information, making logs easier and cheaper to store and process.
+Structured logging introduces a uniform structure in log messages allowing for programmatic extraction of information. You can store and process structured logs with less effort and cost.
 New message format is backward compatible and enabled by default.
 
 Format of structured logs:
-```
+
+```ini
 <klog header> "<message>" <key1>="<value1>" <key2>="<value2>" ...
 ```
 
 Example:
-```
+
+```ini
 I1025 00:15:15.525108       1 controller_utils.go:116] "Pod status updated" pod="kube-system/kubedns" status="ready"
 ```
 
diff --git a/content/en/docs/concepts/configuration/overview.md b/content/en/docs/concepts/configuration/overview.md
index 2239fe08ac..fce8a0c7a8 100644
--- a/content/en/docs/concepts/configuration/overview.md
+++ b/content/en/docs/concepts/configuration/overview.md
@@ -59,13 +59,13 @@ DNS server watches the Kubernetes API for new `Services` and creates a set of DN
 
 - Avoid using `hostNetwork`, for the same reasons as `hostPort`.
 
-- Use [headless Services](/docs/concepts/services-networking/service/#headless-services) (which have a `ClusterIP` of `None`) for easy service discovery when you don't need `kube-proxy` load balancing.
+- Use [headless Services](/docs/concepts/services-networking/service/#headless-services) (which have a `ClusterIP` of `None`) for service discovery when you don't need `kube-proxy` load balancing.
 
 ## Using Labels
 
 - Define and use [labels](/docs/concepts/overview/working-with-objects/labels/) that identify __semantic attributes__ of your application or Deployment, such as `{ app: myapp, tier: frontend, phase: test, deployment: v3 }`. You can use these labels to select the appropriate Pods for other resources; for example, a Service that selects all `tier: frontend` Pods, or all `phase: test` components of `app: myapp`. See the [guestbook](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/) app for examples of this approach.
 
-A Service can be made to span multiple Deployments by omitting release-specific labels from its selector. [Deployments](/docs/concepts/workloads/controllers/deployment/) make it easy to update a running service without downtime.
+A Service can be made to span multiple Deployments by omitting release-specific labels from its selector. When you need to update a running service without downtime, use a [Deployment](/docs/concepts/workloads/controllers/deployment/).
 
 A desired state of an object is described by a Deployment, and if changes to that spec are _applied_, the deployment controller changes the actual state to the desired state at a controlled rate.
 
diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md
index 58b57a0b04..5a6a0dd092 100644
--- a/content/en/docs/concepts/configuration/secret.md
+++ b/content/en/docs/concepts/configuration/secret.md
@@ -116,7 +116,7 @@ In this case, `0` means we have just created an empty Secret.
 A `kubernetes.io/service-account-token` type of Secret is used to store a
 token that identifies a service account. When using this Secret type, you need
 to ensure that the `kubernetes.io/service-account.name` annotation is set to an
-existing service account name. An Kubernetes controller fills in some other
+existing service account name. A Kubernetes controller fills in some other
 fields such as the `kubernetes.io/service-account.uid` annotation and the
 `token` key in the `data` field set to actual token content.
 
@@ -801,11 +801,6 @@ field set to that of the service account.
 See [Add ImagePullSecrets to a service account](/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account)
  for a detailed explanation of that process.
 
-### Automatic mounting of manually created Secrets
-
-Manually created secrets (for example, one containing a token for accessing a GitHub account)
-can be automatically attached to pods based on their service account.
-
 ## Details
 
 ### Restrictions
diff --git a/content/en/docs/concepts/containers/container-lifecycle-hooks.md b/content/en/docs/concepts/containers/container-lifecycle-hooks.md
index b315ba6f59..96569f9518 100644
--- a/content/en/docs/concepts/containers/container-lifecycle-hooks.md
+++ b/content/en/docs/concepts/containers/container-lifecycle-hooks.md
@@ -36,10 +36,13 @@ No parameters are passed to the handler.
 
 `PreStop`
 
-This hook is called immediately before a container is terminated due to an API request or management event such as liveness probe failure, preemption, resource contention and others. A call to the preStop hook fails if the container is already in terminated or completed state.
-It is blocking, meaning it is synchronous,
-so it must complete before the signal to stop the container can be sent.
-No parameters are passed to the handler.
+This hook is called immediately before a container is terminated due to an API request or management
+event such as a liveness/startup probe failure, preemption, resource contention and others. A call
+to the `PreStop` hook fails if the container is already in a terminated or completed state and the
+hook must complete before the TERM signal to stop the container can be sent. The Pod's termination
+grace period countdown begins before the `PreStop` hook is executed, so regardless of the outcome of
+the handler, the container will eventually terminate within the Pod's termination grace period. No
+parameters are passed to the handler.
 
 A more detailed description of the termination behavior can be found in
 [Termination of Pods](/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination).
@@ -65,19 +68,15 @@ the Container ENTRYPOINT and hook fire asynchronously.
 However, if the hook takes too long to run or hangs,
 the Container cannot reach a `running` state.
 
-`PreStop` hooks are not executed asynchronously from the signal
-to stop the Container; the hook must complete its execution before
-the signal can be sent.
-If a `PreStop` hook hangs during execution,
-the Pod's phase will be `Terminating` and remain there until the Pod is
-killed after its `terminationGracePeriodSeconds` expires.
-This grace period applies to the total time it takes for both
-the `PreStop` hook to execute and for the Container to stop normally.
-If, for example, `terminationGracePeriodSeconds` is 60, and the hook
-takes 55 seconds to complete, and the Container takes 10 seconds to stop
-normally after receiving the signal, then the Container will be killed
-before it can stop normally, since `terminationGracePeriodSeconds` is
-less than the total time (55+10) it takes for these two things to happen.
+`PreStop` hooks are not executed asynchronously from the signal to stop the Container; the hook must
+complete its execution before the TERM signal can be sent. If a `PreStop` hook hangs during
+execution, the Pod's phase will be `Terminating` and remain there until the Pod is killed after its
+`terminationGracePeriodSeconds` expires. This grace period applies to the total time it takes for
+both the `PreStop` hook to execute and for the Container to stop normally. If, for example,
+`terminationGracePeriodSeconds` is 60, and the hook takes 55 seconds to complete, and the Container
+takes 10 seconds to stop normally after receiving the signal, then the Container will be killed
+before it can stop normally, since `terminationGracePeriodSeconds` is less than the total time
+(55+10) it takes for these two things to happen.
 
 If either a `PostStart` or `PreStop` hook fails,
 it kills the Container.
diff --git a/content/en/docs/concepts/overview/what-is-kubernetes.md b/content/en/docs/concepts/overview/what-is-kubernetes.md
index f3c4a1da02..b19c4155ce 100644
--- a/content/en/docs/concepts/overview/what-is-kubernetes.md
+++ b/content/en/docs/concepts/overview/what-is-kubernetes.md
@@ -43,7 +43,7 @@ Each VM is a full machine running all the components, including its own operatin
 Containers have become popular because they provide extra benefits, such as:
 
 * Agile application creation and deployment: increased ease and efficiency of container image creation compared to VM image use.
-* Continuous development, integration, and deployment: provides for reliable and frequent container image build and deployment with quick and easy rollbacks (due to image immutability).
+* Continuous development, integration, and deployment: provides for reliable and frequent container image build and deployment with quick and efficient rollbacks (due to image immutability).
 * Dev and Ops separation of concerns: create application container images at build/release time rather than deployment time, thereby decoupling applications from infrastructure.
 * Observability not only surfaces OS-level information and metrics, but also application health and other signals.
 * Environmental consistency across development, testing, and production: Runs the same on a laptop as it does in the cloud.
diff --git a/content/en/docs/concepts/overview/working-with-objects/labels.md b/content/en/docs/concepts/overview/working-with-objects/labels.md
index 560ab23dff..2feec43801 100644
--- a/content/en/docs/concepts/overview/working-with-objects/labels.md
+++ b/content/en/docs/concepts/overview/working-with-objects/labels.md
@@ -42,7 +42,7 @@ Example labels:
    * `"partition" : "customerA"`, `"partition" : "customerB"`
    * `"track" : "daily"`, `"track" : "weekly"`
 
-These are just examples of commonly used labels; you are free to develop your own conventions. Keep in mind that label Key must be unique for a given object.
+These are examples of commonly used labels; you are free to develop your own conventions. Keep in mind that label Key must be unique for a given object.
 
 ## Syntax and character set
 
diff --git a/content/en/docs/concepts/overview/working-with-objects/object-management.md b/content/en/docs/concepts/overview/working-with-objects/object-management.md
index a2dd737e77..b85c622823 100644
--- a/content/en/docs/concepts/overview/working-with-objects/object-management.md
+++ b/content/en/docs/concepts/overview/working-with-objects/object-management.md
@@ -31,7 +31,7 @@ When using imperative commands, a user operates directly on live objects
 in a cluster. The user provides operations to
 the `kubectl` command as arguments or flags.
 
-This is the simplest way to get started or to run a one-off task in
+This is the recommended way to get started or to run a one-off task in
 a cluster. Because this technique operates directly on live
 objects, it provides no history of previous configurations.
 
@@ -47,7 +47,7 @@ kubectl create deployment nginx --image nginx
 
 Advantages compared to object configuration:
 
-- Commands are simple, easy to learn and easy to remember.
+- Commands are expressed as a single action word.
 - Commands require only a single step to make changes to the cluster.
 
 Disadvantages compared to object configuration:
diff --git a/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md b/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md
index 61b6619d01..ae32f840fd 100644
--- a/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md
+++ b/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md
@@ -10,11 +10,9 @@ weight: 70
 
 {{< feature-state for_k8s_version="v1.15" state="alpha" >}}
 
-The scheduling framework is a pluggable architecture for Kubernetes Scheduler
-that makes scheduler customizations easy. It adds a new set of "plugin" APIs to
-the existing scheduler. Plugins are compiled into the scheduler. The APIs
-allow most scheduling features to be implemented as plugins, while keeping the
-scheduling "core" simple and maintainable. Refer to the [design proposal of the
+The scheduling framework is a pluggable architecture for the Kubernetes scheduler.
+It adds a new set of "plugin" APIs to the existing scheduler. Plugins are compiled into the scheduler. The APIs allow most scheduling features to be implemented as plugins, while keeping the
+scheduling "core" lightweight and maintainable. Refer to the [design proposal of the
 scheduling framework][kep] for more technical information on the design of the
 framework.
 
diff --git a/content/en/docs/concepts/services-networking/dual-stack.md b/content/en/docs/concepts/services-networking/dual-stack.md
index 2981bffec8..d8b900847f 100644
--- a/content/en/docs/concepts/services-networking/dual-stack.md
+++ b/content/en/docs/concepts/services-networking/dual-stack.md
@@ -74,7 +74,7 @@ An example of an IPv6 CIDR: `fdXY:IJKL:MNOP:15::/64` (this shows the format but
 
 If your cluster has dual-stack enabled, you can create {{< glossary_tooltip text="Services" term_id="service" >}} which can use IPv4, IPv6, or both. 
 
-The address family of a Service defaults to the address family of the first service cluster IP range (configured via the `--service-cluster-ip-range` flag to the kube-controller-manager).
+The address family of a Service defaults to the address family of the first service cluster IP range (configured via the `--service-cluster-ip-range` flag to the kube-apiserver).
 
 When you define a Service you can optionally configure it as dual stack. To specify the behavior you want, you
 set the `.spec.ipFamilyPolicy` field to one of the following values:
diff --git a/content/en/docs/concepts/services-networking/ingress-controllers.md b/content/en/docs/concepts/services-networking/ingress-controllers.md
index 25f7f43639..119958b915 100644
--- a/content/en/docs/concepts/services-networking/ingress-controllers.md
+++ b/content/en/docs/concepts/services-networking/ingress-controllers.md
@@ -31,14 +31,15 @@ Kubernetes as a project supports and maintains [AWS](https://github.com/kubernet
 * The [Citrix ingress controller](https://github.com/citrix/citrix-k8s-ingress-controller#readme) works with
   Citrix Application Delivery Controller.
 * [Contour](https://projectcontour.io/) is an [Envoy](https://www.envoyproxy.io/) based ingress controller.
+* [EnRoute](https://getenroute.io/) is an [Envoy](https://www.envoyproxy.io) based API gateway that can run as an ingress controller.
 * F5 BIG-IP [Container Ingress Services for Kubernetes](https://clouddocs.f5.com/containers/latest/userguide/kubernetes/)
   lets you use an Ingress to configure F5 BIG-IP virtual servers.
 * [Gloo](https://gloo.solo.io) is an open-source ingress controller based on [Envoy](https://www.envoyproxy.io),
   which offers API gateway functionality.
 * [HAProxy Ingress](https://haproxy-ingress.github.io/) is an ingress controller for
-  [HAProxy](http://www.haproxy.org/#desc).
+  [HAProxy](https://www.haproxy.org/#desc).
 * The [HAProxy Ingress Controller for Kubernetes](https://github.com/haproxytech/kubernetes-ingress#readme)
-  is also an ingress controller for [HAProxy](http://www.haproxy.org/#desc).
+  is also an ingress controller for [HAProxy](https://www.haproxy.org/#desc).
 * [Istio Ingress](https://istio.io/latest/docs/tasks/traffic-management/ingress/kubernetes-ingress/)
   is an [Istio](https://istio.io/) based ingress controller.
 * The [Kong Ingress Controller for Kubernetes](https://github.com/Kong/kubernetes-ingress-controller#readme)
@@ -49,7 +50,7 @@ Kubernetes as a project supports and maintains [AWS](https://github.com/kubernet
 * The [Traefik Kubernetes Ingress provider](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) is an
   ingress controller for the [Traefik](https://traefik.io/traefik/) proxy.
 * [Voyager](https://appscode.com/products/voyager) is an ingress controller for
-  [HAProxy](http://www.haproxy.org/#desc).
+  [HAProxy](https://www.haproxy.org/#desc).
 
 ## Using multiple Ingress controllers
 
diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md
index 368bf02fb1..348c1616ce 100644
--- a/content/en/docs/concepts/services-networking/service.md
+++ b/content/en/docs/concepts/services-networking/service.md
@@ -151,9 +151,9 @@ spec:
       targetPort: 9376
 ```
 
-Because this Service has no selector, the corresponding Endpoint object is not
+Because this Service has no selector, the corresponding Endpoints object is not
 created automatically. You can manually map the Service to the network address and port
-where it's running, by adding an Endpoint object manually:
+where it's running, by adding an Endpoints object manually:
 
 ```yaml
 apiVersion: v1
diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md
index 971939d882..3423c575db 100644
--- a/content/en/docs/concepts/storage/persistent-volumes.md
+++ b/content/en/docs/concepts/storage/persistent-volumes.md
@@ -629,6 +629,11 @@ spec:
 
 PersistentVolumes binds are exclusive, and since PersistentVolumeClaims are namespaced objects, mounting claims with "Many" modes (`ROX`, `RWX`) is only possible within one namespace.
 
+### PersistentVolumes typed `hostPath`
+
+A `hostPath` PersistentVolume uses a file or directory on the Node to emulate network-attached storage.
+See [an example of `hostPath` typed volume](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume).
+
 ## Raw Block Volume Support
 
 {{< feature-state for_k8s_version="v1.18" state="stable" >}}
diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md
index cc5ea38b4e..f8475d6284 100644
--- a/content/en/docs/concepts/storage/volumes.md
+++ b/content/en/docs/concepts/storage/volumes.md
@@ -210,8 +210,8 @@ spec:
 
 The `CSIMigration` feature for Cinder, when enabled, redirects all plugin operations
 from the existing in-tree plugin to the `cinder.csi.openstack.org` Container
-Storage Interface (CSI) Driver. In order to use this feature, the [Openstack Cinder CSI
-Driver](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-cinder-csi-plugin.md)
+Storage Interface (CSI) Driver. In order to use this feature, the [OpenStack Cinder CSI
+Driver](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md)
 must be installed on the cluster and the `CSIMigration` and `CSIMigrationOpenStack`
 beta features must be enabled.
 
diff --git a/content/en/docs/concepts/workloads/controllers/cron-jobs.md b/content/en/docs/concepts/workloads/controllers/cron-jobs.md
index 481c6f5017..3624135a20 100644
--- a/content/en/docs/concepts/workloads/controllers/cron-jobs.md
+++ b/content/en/docs/concepts/workloads/controllers/cron-jobs.md
@@ -90,6 +90,11 @@ If `startingDeadlineSeconds` is set to a large value or left unset (the default)
 and if `concurrencyPolicy` is set to `Allow`, the jobs will always run
 at least once.
 
+{{< caution >}}
+If `startingDeadlineSeconds` is set to a value less than 10 seconds, the CronJob may not be scheduled. This is because the CronJob controller checks things every 10 seconds.
+{{< /caution >}}
+
+
 For every CronJob, the CronJob {{< glossary_tooltip term_id="controller" >}} checks how many schedules it missed in the duration from its last scheduled time until now. If there are more than 100 missed schedules, then it does not start the job and logs the error
 
 ````
@@ -128,4 +133,3 @@ documents the format of CronJob `schedule` fields.
 For instructions on creating and working with cron jobs, and for an example of CronJob
 manifest, see [Running automated tasks with cron jobs](/docs/tasks/job/automated-tasks-with-cron-jobs).
 
-
diff --git a/content/en/docs/concepts/workloads/controllers/daemonset.md b/content/en/docs/concepts/workloads/controllers/daemonset.md
index 4dd784d905..5a98dcf7cb 100644
--- a/content/en/docs/concepts/workloads/controllers/daemonset.md
+++ b/content/en/docs/concepts/workloads/controllers/daemonset.md
@@ -147,8 +147,8 @@ the related features.
 | ---------------------------------------- | ---------- | ------- | ----------- |
 | `node.kubernetes.io/not-ready`           | NoExecute  | 1.13+   | DaemonSet pods will not be evicted when there are node problems such as a network partition. |
 | `node.kubernetes.io/unreachable`         | NoExecute  | 1.13+   | DaemonSet pods will not be evicted when there are node problems such as a network partition. |
-| `node.kubernetes.io/disk-pressure`       | NoSchedule | 1.8+    | |
-| `node.kubernetes.io/memory-pressure`     | NoSchedule | 1.8+    | |
+| `node.kubernetes.io/disk-pressure`       | NoSchedule | 1.8+    | DaemonSet pods tolerate disk-pressure attributes by default scheduler. |
+| `node.kubernetes.io/memory-pressure`     | NoSchedule | 1.8+    | DaemonSet pods tolerate memory-pressure attributes by default scheduler. |
 | `node.kubernetes.io/unschedulable`       | NoSchedule | 1.12+   | DaemonSet pods tolerate unschedulable attributes by default scheduler. |
 | `node.kubernetes.io/network-unavailable` | NoSchedule | 1.12+   | DaemonSet pods, who uses host network, tolerate network-unavailable attributes by default scheduler. |
 
diff --git a/content/en/docs/concepts/workloads/controllers/replicationcontroller.md b/content/en/docs/concepts/workloads/controllers/replicationcontroller.md
index 36ae4a880a..a6427bedb3 100644
--- a/content/en/docs/concepts/workloads/controllers/replicationcontroller.md
+++ b/content/en/docs/concepts/workloads/controllers/replicationcontroller.md
@@ -208,7 +208,8 @@ As mentioned above, whether you have 1 pod you want to keep running, or 1000, a
 
 ### Scaling
 
-The ReplicationController makes it easy to scale the number of replicas up or down, either manually or by an auto-scaling control agent, by simply updating the `replicas` field.
+The ReplicationController scales the number of replicas up or down by setting the `replicas` field.
+You can configure the ReplicationController to manage the replicas manually or by an auto-scaling control agent.
 
 ### Rolling updates
 
diff --git a/content/en/docs/concepts/workloads/pods/ephemeral-containers.md b/content/en/docs/concepts/workloads/pods/ephemeral-containers.md
index 153f2cf3ae..49894937e3 100644
--- a/content/en/docs/concepts/workloads/pods/ephemeral-containers.md
+++ b/content/en/docs/concepts/workloads/pods/ephemeral-containers.md
@@ -78,7 +78,7 @@ sharing](/docs/tasks/configure-pod-container/share-process-namespace/) so
 you can view processes in other containers.
 
 See [Debugging with Ephemeral Debug Container](
-/docs/tasks/debug-application-cluster/debug-running-pod/#debugging-with-ephemeral-debug-container)
+/docs/tasks/debug-application-cluster/debug-running-pod/#ephemeral-container)
 for examples of troubleshooting using ephemeral containers.
 
 ## Ephemeral containers API
diff --git a/content/en/docs/contribute/style/style-guide.md b/content/en/docs/contribute/style/style-guide.md
index b4864dbabf..0047799fb0 100644
--- a/content/en/docs/contribute/style/style-guide.md
+++ b/content/en/docs/contribute/style/style-guide.md
@@ -44,22 +44,25 @@ The English-language documentation uses U.S. English spelling and grammar.
 
 ### Use upper camel case for API objects
 
-When you refer specifically to interacting with an API object, use [UpperCamelCase](https://en.wikipedia.org/wiki/Camel_case), also known as Pascal Case. When you are generally discussing an API object, use [sentence-style capitalization](https://docs.microsoft.com/en-us/style-guide/text-formatting/using-type/use-sentence-style-capitalization).
+When you refer specifically to interacting with an API object, use [UpperCamelCase](https://en.wikipedia.org/wiki/Camel_case), also known as Pascal case. You may see different capitalization, such as "configMap", in the [API Reference](/docs/reference/kubernetes-api/). When writing general documentation, it's better to use upper camel case, calling it "ConfigMap" instead.
+
+When you are generally discussing an API object, use [sentence-style capitalization](https://docs.microsoft.com/en-us/style-guide/text-formatting/using-type/use-sentence-style-capitalization).
+
+You may use the word "resource", "API", or "object" to clarify a Kubernetes resource type in a sentence. 
 
 Don't split the API object name into separate words. For example, use
 PodTemplateList, not Pod Template List.
 
-Refer to API objects without saying "object," unless omitting "object"
-leads to an awkward construction.
+The following examples focus on capitalization. Review the related guidance on [Code Style](#code-style-inline-code) for more information on formatting API objects. 
 
-{{< table caption = "Do and Don't - API objects" >}}
+{{< table caption = "Do and Don't - Use Pascal case for API objects" >}}
 Do | Don't
 :--| :-----
-The pod has two containers. | The Pod has two containers.
-The HorizontalPodAutoscaler is responsible for ... | The HorizontalPodAutoscaler object is responsible for ...
-A PodList is a list of pods. | A Pod List is a list of pods.
-The two ContainerPorts ... | The two ContainerPort objects ...
-The two ContainerStateTerminated objects ... | The two ContainerStateTerminateds ...
+The HorizontalPodAutoscaler resource is responsible for ... | The Horizontal pod autoscaler is responsible for ...
+A PodList object is a list of pods. | A Pod List object is a list of pods.
+The Volume object contains a `hostPath` field. | The volume object contains a hostPath field.
+Every ConfigMap object is part of a namespace. | Every configMap object is part of a namespace.
+For managing confidential data, consider using the Secret API. | For managing confidential data, consider using the secret API.
 {{< /table >}}
 
 
@@ -113,12 +116,12 @@ The copy is called a "fork". | The copy is called a "fork."
 
 ## Inline code formatting
 
-### Use code style for inline code, commands, and API objects
+### Use code style for inline code, commands, and API objects {#code-style-inline-code}
 
 For inline code in an HTML document, use the `<code>` tag. In a Markdown
 document, use the backtick (`` ` ``).
 
-{{< table caption = "Do and Don't - Use code style for inline code and commands" >}}
+{{< table caption = "Do and Don't - Use code style for inline code, commands, and API objects" >}}
 Do | Don't
 :--| :-----
 The `kubectl run` command creates a `Pod`. | The "kubectl run" command creates a pod.
diff --git a/content/en/docs/reference/access-authn-authz/admission-controllers.md b/content/en/docs/reference/access-authn-authz/admission-controllers.md
index 0cdcbf2f36..3ff113bb63 100644
--- a/content/en/docs/reference/access-authn-authz/admission-controllers.md
+++ b/content/en/docs/reference/access-authn-authz/admission-controllers.md
@@ -462,8 +462,6 @@ and the [example of Limit Range](/docs/tasks/administer-cluster/manage-resources
 
 ### MutatingAdmissionWebhook {#mutatingadmissionwebhook}
 
-{{< feature-state for_k8s_version="v1.13" state="beta" >}}
-
 This admission controller calls any mutating webhooks which match the request. Matching
 webhooks are called in serial; each one may modify the object if it desires.
 
@@ -474,7 +472,7 @@ If a webhook called by this has side effects (for example, decrementing quota) i
 webhooks or validating admission controllers will permit the request to finish.
 
 If you disable the MutatingAdmissionWebhook, you must also disable the
-`MutatingWebhookConfiguration` object in the `admissionregistration.k8s.io/v1beta1`
+`MutatingWebhookConfiguration` object in the `admissionregistration.k8s.io/v1`
 group/version via the `--runtime-config` flag (both are on by default in
 versions >= 1.9).
 
@@ -486,8 +484,6 @@ versions >= 1.9).
    different when read back.
    * Setting originally unset fields is less likely to cause problems than
      overwriting fields set in the original request. Avoid doing the latter.
- * This is a beta feature. Future versions of Kubernetes may restrict the types of
-   mutations these webhooks can make.
  * Future changes to control loops for built-in resources or third-party resources
    may break webhooks that work well today. Even when the webhook installation API
    is finalized, not all possible webhook behaviors will be guaranteed to be supported
@@ -766,8 +762,6 @@ This admission controller {{< glossary_tooltip text="taints" term_id="taint" >}}
 
 ### ValidatingAdmissionWebhook {#validatingadmissionwebhook}
 
-{{< feature-state for_k8s_version="v1.13" state="beta" >}}
-
 This admission controller calls any validating webhooks which match the request. Matching
 webhooks are called in parallel; if any of them rejects the request, the request
 fails. This admission controller only runs in the validation phase; the webhooks it calls may not
@@ -778,7 +772,7 @@ If a webhook called by this has side effects (for example, decrementing quota) i
 webhooks or other validating admission controllers will permit the request to finish.
 
 If you disable the ValidatingAdmissionWebhook, you must also disable the
-`ValidatingWebhookConfiguration` object in the `admissionregistration.k8s.io/v1beta1`
+`ValidatingWebhookConfiguration` object in the `admissionregistration.k8s.io/v1`
 group/version via the `--runtime-config` flag (both are on by default in
 versions 1.9 and later).
 
diff --git a/content/en/docs/reference/access-authn-authz/authentication.md b/content/en/docs/reference/access-authn-authz/authentication.md
index c385a15fda..8c2c4fa520 100644
--- a/content/en/docs/reference/access-authn-authz/authentication.md
+++ b/content/en/docs/reference/access-authn-authz/authentication.md
@@ -68,8 +68,8 @@ when interpreted by an [authorizer](/docs/reference/access-authn-authz/authoriza
 
 You can enable multiple authentication methods at once. You should usually use at least two methods:
 
- - service account tokens for service accounts
- - at least one other method for user authentication.
+- service account tokens for service accounts
+- at least one other method for user authentication.
 
 When multiple authenticator modules are enabled, the first module
 to successfully authenticate the request short-circuits evaluation.
@@ -321,13 +321,11 @@ sequenceDiagram
 9.  `kubectl` provides feedback to the user
 
 Since all of the data needed to validate who you are is in the `id_token`, Kubernetes doesn't need to
-"phone home" to the identity provider.  In a model where every request is stateless this provides a very scalable
-solution for authentication.  It does offer a few challenges:
-
-1.  Kubernetes has no "web interface" to trigger the authentication process.  There is no browser or interface to collect credentials which is why you need to authenticate to your identity provider first.
-2.  The `id_token` can't be revoked, it's like a certificate so it should be short-lived (only a few minutes) so it can be very annoying to have to get a new token every few minutes.
-3.  There's no easy way to authenticate to the Kubernetes dashboard without using the `kubectl proxy` command or a reverse proxy that injects the `id_token`.
+"phone home" to the identity provider.  In a model where every request is stateless this provides a very scalable solution for authentication.  It does offer a few challenges:
 
+1. Kubernetes has no "web interface" to trigger the authentication process.  There is no browser or interface to collect credentials which is why you need to authenticate to your identity provider first.
+2. The `id_token` can't be revoked, it's like a certificate so it should be short-lived (only a few minutes) so it can be very annoying to have to get a new token every few minutes.
+3. To authenticate to the Kubernetes dashboard, you must the `kubectl proxy` command or a reverse proxy that injects the `id_token`.
 
 #### Configuring the API Server
 
@@ -1004,14 +1002,12 @@ RFC3339 timestamp. Presence or absence of an expiry has the following impact:
   }
 }
 ```
-
-The plugin can optionally be called with an environment variable, `KUBERNETES_EXEC_INFO`,
-that contains information about the cluster for which this plugin is obtaining
-credentials. This information can be used to perform cluster-specific credential
-acquisition logic. In order to enable this behavior, the `provideClusterInfo` field must
-be set on the exec user field in the
-[kubeconfig](/docs/concepts/configuration/organize-cluster-access-kubeconfig/). Here is an
-example of the aforementioned `KUBERNETES_EXEC_INFO` environment variable.
+To enable the exec plugin to obtain cluster-specific information, set `provideClusterInfo` on the `user.exec`
+field in the [kubeconfig](/docs/concepts/configuration/organize-cluster-access-kubeconfig/).
+The plugin will then be supplied with an environment variable, `KUBERNETES_EXEC_INFO`.
+Information from this environment variable can be used to perform cluster-specific
+credential acquisition logic.
+The following `ExecCredential` manifest describes a cluster information sample.
 
 ```json
 {
diff --git a/content/en/docs/reference/access-authn-authz/authorization.md b/content/en/docs/reference/access-authn-authz/authorization.md
index a084a7e54e..04963e10ee 100644
--- a/content/en/docs/reference/access-authn-authz/authorization.md
+++ b/content/en/docs/reference/access-authn-authz/authorization.md
@@ -104,6 +104,9 @@ a given action, and works regardless of the authorization mode used.
 ```bash
 kubectl auth can-i create deployments --namespace dev
 ```
+
+The output is similar to this:
+
 ```
 yes
 ```
@@ -111,6 +114,9 @@ yes
 ```shell
 kubectl auth can-i create deployments --namespace prod
 ```
+
+The output is similar to this:
+
 ```
 no
 ```
@@ -121,6 +127,9 @@ to determine what action other users can perform.
 ```bash
 kubectl auth can-i list secrets --namespace dev --as dave
 ```
+
+The output is similar to this:
+
 ```
 no
 ```
@@ -150,7 +159,7 @@ EOF
 ```
 
 The generated `SelfSubjectAccessReview` is:
-```
+```yaml
 apiVersion: authorization.k8s.io/v1
 kind: SelfSubjectAccessReview
 metadata:
diff --git a/content/en/docs/reference/access-authn-authz/extensible-admission-controllers.md b/content/en/docs/reference/access-authn-authz/extensible-admission-controllers.md
index a3f4f9c5b9..018195f817 100644
--- a/content/en/docs/reference/access-authn-authz/extensible-admission-controllers.md
+++ b/content/en/docs/reference/access-authn-authz/extensible-admission-controllers.md
@@ -1093,8 +1093,8 @@ be a layering violation). `host` may also be an IP address.
 Please note that using `localhost` or `127.0.0.1` as a `host` is
 risky unless you take great care to run this webhook on all hosts
 which run an apiserver which might need to make calls to this
-webhook. Such installs are likely to be non-portable, i.e., not easy
-to turn up in a new cluster.
+webhook. Such installations are likely to be non-portable or not readily
+run in a new cluster.
 
 The scheme must be "https"; the URL must begin with "https://".
 
diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md
index ed18f36c77..d9754afb56 100644
--- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md
@@ -1,6 +1,6 @@
 ---
-weight: 10
 title: Feature Gates
+weight: 10
 content_type: concept
 ---
 
@@ -48,13 +48,15 @@ different Kubernetes components.
 
 | Feature | Default | Stage | Since | Until |
 |---------|---------|-------|-------|-------|
-| `AnyVolumeDataSource` | `false` | Alpha | 1.18 | |
 | `APIListChunking` | `false` | Alpha | 1.8 | 1.8 |
 | `APIListChunking` | `true` | Beta | 1.9 | |
 | `APIPriorityAndFairness` | `false` | Alpha | 1.17 | 1.19 |
 | `APIPriorityAndFairness` | `true` | Beta | 1.20 | |
-| `APIResponseCompression` | `false` | Alpha | 1.7 | |
+| `APIResponseCompression` | `false` | Alpha | 1.7 | 1.15 |
+| `APIResponseCompression` | `false` | Beta | 1.16 | |
 | `APIServerIdentity` | `false` | Alpha | 1.20 | |
+| `AllowInsecureBackendProxy` | `true` | Beta | 1.17 | |
+| `AnyVolumeDataSource` | `false` | Alpha | 1.18 | |
 | `AppArmor` | `true` | Beta | 1.4 | |
 | `BalanceAttachedNodeVolumes` | `false` | Alpha | 1.11 | |
 | `BoundServiceAccountTokenVolume` | `false` | Alpha | 1.13 | |
@@ -77,7 +79,8 @@ different Kubernetes components.
 | `CSIMigrationGCE` | `false` | Alpha | 1.14 | 1.16 |
 | `CSIMigrationGCE` | `false` | Beta | 1.17 | |
 | `CSIMigrationGCEComplete` | `false` | Alpha | 1.17 | |
-| `CSIMigrationOpenStack` | `false` | Alpha | 1.14 | |
+| `CSIMigrationOpenStack` | `false` | Alpha | 1.14 | 1.17 |
+| `CSIMigrationOpenStack` | `true` | Beta | 1.18 | |
 | `CSIMigrationOpenStackComplete` | `false` | Alpha | 1.17 | |
 | `CSIMigrationvSphere` | `false` | Beta | 1.19 | |
 | `CSIMigrationvSphereComplete` | `false` | Beta | 1.19 | |
@@ -89,26 +92,23 @@ different Kubernetes components.
 | `ConfigurableFSGroupPolicy` | `true` | Beta | 1.20 | |
 | `CronJobControllerV2` | `false` | Alpha | 1.20 | |
 | `CustomCPUCFSQuotaPeriod` | `false` | Alpha | 1.12 | |
-| `CustomResourceDefaulting` | `false` | Alpha| 1.15 | 1.15 |
-| `CustomResourceDefaulting` | `true` | Beta | 1.16 | |
 | `DefaultPodTopologySpread` | `false` | Alpha | 1.19 | 1.19 |
 | `DefaultPodTopologySpread` | `true` | Beta | 1.20 | |
 | `DevicePlugins` | `false` | Alpha | 1.8 | 1.9 |
 | `DevicePlugins` | `true` | Beta | 1.10 | |
 | `DisableAcceleratorUsageMetrics` | `false` | Alpha | 1.19 | 1.19 |
-| `DisableAcceleratorUsageMetrics` | `true` | Beta | 1.20 | 1.22 |
+| `DisableAcceleratorUsageMetrics` | `true` | Beta | 1.20 | |
 | `DownwardAPIHugePages` | `false` | Alpha | 1.20 | |
-| `DryRun` | `false` | Alpha | 1.12 | 1.12 |
-| `DryRun` | `true` | Beta | 1.13 | |
 | `DynamicKubeletConfig` | `false` | Alpha | 1.4 | 1.10 |
 | `DynamicKubeletConfig` | `true` | Beta | 1.11 | |
+| `EfficientWatchResumption` | `false` | Alpha | 1.20 | |
 | `EndpointSlice` | `false` | Alpha | 1.16 | 1.16 |
 | `EndpointSlice` | `false` | Beta | 1.17 | |
 | `EndpointSlice` | `true` | Beta | 1.18 | |
 | `EndpointSliceNodeName` | `false` | Alpha | 1.20 | |
 | `EndpointSliceProxying` | `false` | Alpha | 1.18 | 1.18 |
 | `EndpointSliceProxying` | `true` | Beta | 1.19 | |
-| `EndpointSliceTerminating` | `false` | Alpha | 1.20 | |
+| `EndpointSliceTerminatingCondition` | `false` | Alpha | 1.20 | |
 | `EphemeralContainers` | `false` | Alpha | 1.16 | |
 | `ExpandCSIVolumes` | `false` | Alpha | 1.14 | 1.15 |
 | `ExpandCSIVolumes` | `true` | Beta | 1.16 | |
@@ -119,19 +119,22 @@ different Kubernetes components.
 | `ExperimentalHostUserNamespaceDefaulting` | `false` | Beta | 1.5 | |
 | `GenericEphemeralVolume` | `false` | Alpha | 1.19 | |
 | `GracefulNodeShutdown` | `false` | Alpha | 1.20 | |
+| `HPAContainerMetrics` | `false` | Alpha | 1.20 | |
 | `HPAScaleToZero` | `false` | Alpha | 1.16 | |
 | `HugePageStorageMediumSize` | `false` | Alpha | 1.18 | 1.18 |
 | `HugePageStorageMediumSize` | `true` | Beta | 1.19 | |
-| `HyperVContainer` | `false` | Alpha | 1.10 | |
+| `IPv6DualStack` | `false` | Alpha | 1.15 | |
 | `ImmutableEphemeralVolumes` | `false` | Alpha | 1.18 | 1.18 |
 | `ImmutableEphemeralVolumes` | `true` | Beta | 1.19 | |
-| `IPv6DualStack` | `false` | Alpha | 1.16 | |
-| `LegacyNodeRoleBehavior` | `true` | Alpha | 1.16 | |
+| `KubeletCredentialProviders` | `false` | Alpha | 1.20 | |
+| `KubeletPodResources` | `true` | Alpha | 1.13 | 1.14 |
+| `KubeletPodResources` | `true` | Beta | 1.15 | |
+| `LegacyNodeRoleBehavior` | `false` | Alpha | 1.16 | 1.18 |
+| `LegacyNodeRoleBehavior` | `true` | True | 1.19 |  |
 | `LocalStorageCapacityIsolation` | `false` | Alpha | 1.7 | 1.9 |
 | `LocalStorageCapacityIsolation` | `true` | Beta | 1.10 | |
 | `LocalStorageCapacityIsolationFSQuotaMonitoring` | `false` | Alpha | 1.15 | |
 | `MixedProtocolLBService` | `false` | Alpha | 1.20 | |
-| `MountContainers` | `false` | Alpha | 1.9 | |
 | `NodeDisruptionExclusion` | `false` | Alpha | 1.16 | 1.18 |
 | `NodeDisruptionExclusion` | `true` | Beta | 1.19 | |
 | `NonPreemptingPriority` | `false` | Alpha | 1.15 | 1.18 |
@@ -143,25 +146,27 @@ different Kubernetes components.
 | `ProcMountType` | `false` | Alpha | 1.12 | |
 | `QOSReserved` | `false` | Alpha | 1.11 | |
 | `RemainingItemCount` | `false` | Alpha | 1.15 | |
+| `RemoveSelfLink` | `false` | Alpha | 1.16 | 1.19 |
+| `RemoveSelfLink` | `true` | Beta | 1.20 | |
 | `RootCAConfigMap` | `false` | Alpha | 1.13 | 1.19 |
 | `RootCAConfigMap` | `true` | Beta | 1.20 | |
 | `RotateKubeletServerCertificate` | `false` | Alpha | 1.7 | 1.11 |
 | `RotateKubeletServerCertificate` | `true` | Beta | 1.12 | |
 | `RunAsGroup` | `true` | Beta | 1.14 | |
-| `RuntimeClass` | `false` | Alpha | 1.12 | 1.13 |
-| `RuntimeClass` | `true` | Beta | 1.14 | |
 | `SCTPSupport` | `false` | Alpha | 1.12 | 1.18 |
 | `SCTPSupport` | `true` | Beta | 1.19 | |
 | `ServerSideApply` | `false` | Alpha | 1.14 | 1.15 |
 | `ServerSideApply` | `true` | Beta | 1.16 | |
-| `ServiceAccountIssuerDiscovery` | `false` | Alpha | 1.18 | |
-| `ServiceLBNodePortControl` | `false` | Alpha | 1.20 | 1.20 |
+| `ServiceAccountIssuerDiscovery` | `false` | Alpha | 1.18 | 1.19 |
+| `ServiceAccountIssuerDiscovery` | `true` | Beta | 1.20 | |
+| `ServiceLBNodePortControl` | `false` | Alpha | 1.20 | |
 | `ServiceNodeExclusion` | `false` | Alpha | 1.8 | 1.18 |
 | `ServiceNodeExclusion` | `true` | Beta | 1.19 | |
 | `ServiceTopology` | `false` | Alpha | 1.17 | |
-| `SizeMemoryBackedVolumes` | `false` | Alpha | 1.20 | |
 | `SetHostnameAsFQDN` | `false` | Alpha | 1.19 | 1.19 |
 | `SetHostnameAsFQDN` | `true` | Beta | 1.20 | |
+| `SizeMemoryBackedVolumes` | `false` | Alpha | 1.20 | |
+| `StorageVersionAPI` | `false` | Alpha | 1.20 | |
 | `StorageVersionHash` | `false` | Alpha | 1.14 | 1.14 |
 | `StorageVersionHash` | `true` | Beta | 1.15 | |
 | `Sysctls` | `true` | Beta | 1.11 | |
@@ -170,11 +175,11 @@ different Kubernetes components.
 | `TopologyManager` | `true` | Beta | 1.18 | |
 | `ValidateProxyRedirects` | `false` | Alpha | 1.12 | 1.13 |
 | `ValidateProxyRedirects` | `true` | Beta | 1.14 | |
-| `WindowsEndpointSliceProxying` | `false` | Alpha | 1.19 | |
-| `WindowsGMSA` | `false` | Alpha | 1.14 | |
-| `WindowsGMSA` | `true` | Beta | 1.16 | |
+| `WarningHeaders` | `true` | Beta | 1.19 | |
 | `WinDSR` | `false` | Alpha | 1.14 | |
-| `WinOverlay` | `false` | Alpha | 1.14 | |
+| `WinOverlay` | `false` | Alpha | 1.14 | 1.19 |
+| `WinOverlay` | `true` | Beta | 1.20 | |
+| `WindowsEndpointSliceProxying` | `false` | Alpha | 1.19 | |
 {{< /table >}}
 
 ### Feature gates for graduated or deprecated features
@@ -228,6 +233,9 @@ different Kubernetes components.
 | `CustomResourceWebhookConversion` | `false` | Alpha | 1.13 | 1.14 |
 | `CustomResourceWebhookConversion` | `true` | Beta | 1.15 | 1.15 |
 | `CustomResourceWebhookConversion` | `true` | GA | 1.16 | - |
+| `DryRun` | `false` | Alpha | 1.12 | 1.12 |
+| `DryRun` | `true` | Beta | 1.13 | 1.18 |
+| `DryRun` | `true` | GA | 1.19 | - |
 | `DynamicAuditing` | `false` | Alpha | 1.13 | 1.18 |
 | `DynamicAuditing` | - | Deprecated | 1.19 | - |
 | `DynamicProvisioningScheduling` | `false` | Alpha | 1.11 | 1.11 |
@@ -247,23 +255,28 @@ different Kubernetes components.
 | `HugePages` | `false` | Alpha | 1.8 | 1.9 |
 | `HugePages` | `true` | Beta| 1.10 | 1.13 |
 | `HugePages` | `true` | GA | 1.14 | - |
+| `HyperVContainer` | `false` | Alpha | 1.10 | 1.19 |
+| `HyperVContainer` | `false` | Deprecated | 1.20 | - |
 | `Initializers` | `false` | Alpha | 1.7 | 1.13 |
 | `Initializers` | - | Deprecated | 1.14 | - |
 | `KubeletConfigFile` | `false` | Alpha | 1.8 | 1.9 |
 | `KubeletConfigFile` | - | Deprecated | 1.10 | - |
-| `KubeletCredentialProviders` | `false` | Alpha | 1.20 | 1.20 |
 | `KubeletPluginsWatcher` | `false` | Alpha | 1.11 | 1.11 |
 | `KubeletPluginsWatcher` | `true` | Beta | 1.12 | 1.12 |
 | `KubeletPluginsWatcher` | `true` | GA | 1.13 | - |
 | `KubeletPodResources` | `false` | Alpha | 1.13 | 1.14 |
 | `KubeletPodResources` | `true` | Beta | 1.15 | |
 | `KubeletPodResources` | `true` | GA | 1.20 | |
+| `MountContainers` | `false` | Alpha | 1.9 | 1.16 |
+| `MountContainers` | `false` | Deprecated | 1.17 | - |
 | `MountPropagation` | `false` | Alpha | 1.8 | 1.9 |
 | `MountPropagation` | `true` | Beta | 1.10 | 1.11 |
 | `MountPropagation` | `true` | GA | 1.12 | - |
 | `NodeLease` | `false` | Alpha | 1.12 | 1.13 |
 | `NodeLease` | `true` | Beta | 1.14 | 1.16 |
 | `NodeLease` | `true` | GA | 1.17 | - |
+| `PVCProtection` | `false` | Alpha | 1.9 | 1.9 |
+| `PVCProtection` | - | Deprecated | 1.10 | - |
 | `PersistentLocalVolumes` | `false` | Alpha | 1.7 | 1.9 |
 | `PersistentLocalVolumes` | `true` | Beta | 1.10 | 1.13 |
 | `PersistentLocalVolumes` | `true` | GA | 1.14 | - |
@@ -276,8 +289,6 @@ different Kubernetes components.
 | `PodShareProcessNamespace` | `false` | Alpha | 1.10 | 1.11 |
 | `PodShareProcessNamespace` | `true` | Beta | 1.12 | 1.16 |
 | `PodShareProcessNamespace` | `true` | GA | 1.17 | - |
-| `PVCProtection` | `false` | Alpha | 1.9 | 1.9 |
-| `PVCProtection` | - | Deprecated | 1.10 | - |
 | `RequestManagement` | `false` | Alpha | 1.15 | 1.16 |
 | `ResourceLimitsPriorityFunction` | `false` | Alpha | 1.9 | 1.18 |
 | `ResourceLimitsPriorityFunction` | - | Deprecated | 1.19 | - |
@@ -398,65 +409,134 @@ A *General Availability* (GA) feature is also referred to as a *stable* feature.
 
 Each feature gate is designed for enabling/disabling a specific feature:
 
+- `APIListChunking`: Enable the API clients to retrieve (`LIST` or `GET`)
+  resources from API server in chunks.
+- `APIPriorityAndFairness`: Enable managing request concurrency with
+  prioritization and fairness at each server. (Renamed from `RequestManagement`)
+- `APIResponseCompression`: Compress the API responses for `LIST` or `GET` requests.
+- `APIServerIdentity`: Assign each API server an ID in a cluster.
 - `Accelerators`: Enable Nvidia GPU support when using Docker
 - `AdvancedAuditing`: Enable [advanced auditing](/docs/tasks/debug-application-cluster/audit/#advanced-audit)
-- `AffinityInAnnotations`(*deprecated*): Enable setting [Pod affinity or anti-affinity](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
+- `AffinityInAnnotations`(*deprecated*): Enable setting
+  [Pod affinity or anti-affinity](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
 - `AllowExtTrafficLocalEndpoints`: Enable a service to route external requests to node local endpoints.
+- `AllowInsecureBackendProxy`: Enable the users to skip TLS verification of
+  kubelets on Pod log requests.
 - `AnyVolumeDataSource`: Enable use of any custom resource as the `DataSource` of a
   {{< glossary_tooltip text="PVC" term_id="persistent-volume-claim" >}}.
-- `APIListChunking`: Enable the API clients to retrieve (`LIST` or `GET`) resources from API server in chunks.
-- `APIPriorityAndFairness`: Enable managing request concurrency with prioritization and fairness at each server. (Renamed from `RequestManagement`)
-- `APIResponseCompression`: Compress the API responses for `LIST` or `GET` requests.
-- `APIServerIdentity`: Assign each kube-apiserver an ID in a cluster.
 - `AppArmor`: Enable AppArmor based mandatory access control on Linux nodes when using Docker.
-   See [AppArmor Tutorial](/docs/tutorials/clusters/apparmor/) for more details.
+  See [AppArmor Tutorial](/docs/tutorials/clusters/apparmor/) for more details.
 - `AttachVolumeLimit`: Enable volume plugins to report limits on number of volumes
   that can be attached to a node.
-   See [dynamic volume limits](/docs/concepts/storage/storage-limits/#dynamic-volume-limits) for more details.
+  See [dynamic volume limits](/docs/concepts/storage/storage-limits/#dynamic-volume-limits) for more details.
 - `BalanceAttachedNodeVolumes`: Include volume count on node to be considered for balanced resource allocation
   while scheduling. A node which has closer CPU, memory utilization, and volume count is favored by the scheduler
   while making decisions.
 - `BlockVolume`: Enable the definition and consumption of raw block devices in Pods.
-   See [Raw Block Volume Support](/docs/concepts/storage/persistent-volumes/#raw-block-volume-support)
-   for more details.
+  See [Raw Block Volume Support](/docs/concepts/storage/persistent-volumes/#raw-block-volume-support)
+  for more details.
 - `BoundServiceAccountTokenVolume`: Migrate ServiceAccount volumes to use a projected volume consisting of a
-   ServiceAccountTokenVolumeProjection. Cluster admins can use metric `serviceaccount_stale_tokens_total` to
-   monitor workloads that are depending on the extended tokens. If there are no such workloads, turn off
-   extended tokens by starting `kube-apiserver` with flag `--service-account-extend-token-expiration=false`.
-   Check [Bound Service Account Tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md)
+  ServiceAccountTokenVolumeProjection. Cluster admins can use metric `serviceaccount_stale_tokens_total` to
+  monitor workloads that are depending on the extended tokens. If there are no such workloads, turn off
+  extended tokens by starting `kube-apiserver` with flag `--service-account-extend-token-expiration=false`.
+  Check [Bound Service Account Tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md)
    for more details.
-- `ConfigurableFSGroupPolicy`: Allows user to configure volume permission change policy for fsGroups when mounting a volume in a Pod. See [Configure volume permission and ownership change policy for Pods](/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods) for more details.
-- `CronJobControllerV2`: Use an alternative implementation of the {{< glossary_tooltip text="CronJob" term_id="cronjob" >}} controller. Otherwise, version 1 of the same controller is selected. The version 2 controller provides experimental performance improvements.
-- `CPUManager`: Enable container level CPU affinity support, see [CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/).
+- `CPUManager`: Enable container level CPU affinity support, see
+  [CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/).
 - `CRIContainerLogRotation`: Enable container log rotation for cri container runtime.
-- `CSIBlockVolume`: Enable external CSI volume drivers to support block storage. See the [`csi` raw block volume support](/docs/concepts/storage/volumes/#csi-raw-block-volume-support) documentation for more details.
-- `CSIDriverRegistry`: Enable all logic related to the CSIDriver API object in csi.storage.k8s.io.
+- `CSIBlockVolume`: Enable external CSI volume drivers to support block storage.
+  See the [`csi` raw block volume support](/docs/concepts/storage/volumes/#csi-raw-block-volume-support)
+  documentation for more details.
+- `CSIDriverRegistry`: Enable all logic related to the CSIDriver API object in
+  csi.storage.k8s.io.
 - `CSIInlineVolume`: Enable CSI Inline volumes support for pods.
-- `CSIMigration`: Enables shims and translation logic to route volume operations from in-tree plugins to corresponding pre-installed CSI plugins
-- `CSIMigrationAWS`: Enables shims and translation logic to route volume operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Supports falling back to in-tree EBS plugin if a node does not have EBS CSI plugin installed and configured. Requires CSIMigration feature flag enabled.
-- `CSIMigrationAWSComplete`: Stops registering the EBS in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Requires CSIMigration and CSIMigrationAWS feature flags enabled and EBS CSI plugin installed and configured on all nodes in the cluster.
-- `CSIMigrationAzureDisk`: Enables shims and translation logic to route volume operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin. Supports falling back to in-tree AzureDisk plugin if a node does not have AzureDisk CSI plugin installed and configured. Requires CSIMigration feature flag enabled.
-- `CSIMigrationAzureDiskComplete`: Stops registering the Azure-Disk in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin. Requires CSIMigration and CSIMigrationAzureDisk feature flags enabled and AzureDisk CSI plugin installed and configured on all nodes in the cluster.
-- `CSIMigrationAzureFile`: Enables shims and translation logic to route volume operations from the Azure-File in-tree plugin to AzureFile CSI plugin. Supports falling back to in-tree AzureFile plugin if a node does not have AzureFile CSI plugin installed and configured. Requires CSIMigration feature flag enabled.
-- `CSIMigrationAzureFileComplete`: Stops registering the Azure-File in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the Azure-File in-tree plugin to AzureFile CSI plugin. Requires CSIMigration and CSIMigrationAzureFile feature flags  enabled and AzureFile CSI plugin installed and configured on all nodes in the cluster.
-- `CSIMigrationGCE`: Enables shims and translation logic to route volume operations from the GCE-PD in-tree plugin to PD CSI plugin. Supports falling back to in-tree GCE plugin if a node does not have PD CSI plugin installed and configured. Requires CSIMigration feature flag enabled.
-- `CSIMigrationGCEComplete`: Stops registering the GCE-PD in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the GCE-PD in-tree plugin to PD CSI plugin. Requires CSIMigration and CSIMigrationGCE feature flags enabled and PD CSI plugin installed and configured on all nodes in the cluster.
-- `CSIMigrationOpenStack`: Enables shims and translation logic to route volume operations from the Cinder in-tree plugin to Cinder CSI plugin. Supports falling back to in-tree Cinder plugin if a node does not have Cinder CSI plugin installed and configured. Requires CSIMigration feature flag enabled.
-- `CSIMigrationOpenStackComplete`: Stops registering the Cinder in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the Cinder in-tree plugin to Cinder CSI plugin. Requires CSIMigration and CSIMigrationOpenStack feature flags enabled and Cinder CSI plugin installed and configured on all nodes in the cluster.
-- `CSIMigrationvSphere`: Enables shims and translation logic to route volume operations from the vSphere in-tree plugin to vSphere CSI plugin. Supports falling back to in-tree vSphere plugin if a node does not have vSphere CSI plugin installed and configured. Requires CSIMigration feature flag enabled.
-- `CSIMigrationvSphereComplete`: Stops registering the vSphere in-tree plugin in kubelet and volume controllers and enables shims and translation logic to route volume operations from the vSphere in-tree plugin to vSphere CSI plugin. Requires CSIMigration and CSIMigrationvSphere feature flags enabled and vSphere CSI plugin installed and configured on all nodes in the cluster.
+- `CSIMigration`: Enables shims and translation logic to route volume
+  operations from in-tree plugins to corresponding pre-installed CSI plugins
+- `CSIMigrationAWS`: Enables shims and translation logic to route volume
+  operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Supports
+  falling back to in-tree EBS plugin if a node does not have EBS CSI plugin
+  installed and configured. Requires CSIMigration feature flag enabled.
+- `CSIMigrationAWSComplete`: Stops registering the EBS in-tree plugin in
+  kubelet and volume controllers and enables shims and translation logic to
+  route volume operations from the AWS-EBS in-tree plugin to EBS CSI plugin.
+  Requires CSIMigration and CSIMigrationAWS feature flags enabled and EBS CSI
+  plugin installed and configured on all nodes in the cluster.
+- `CSIMigrationAzureDisk`: Enables shims and translation logic to route volume
+  operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin.
+  Supports falling back to in-tree AzureDisk plugin if a node does not have
+  AzureDisk CSI plugin installed and configured. Requires CSIMigration feature
+  flag enabled.
+- `CSIMigrationAzureDiskComplete`: Stops registering the Azure-Disk in-tree
+  plugin in kubelet and volume controllers and enables shims and translation
+  logic to route volume operations from the Azure-Disk in-tree plugin to
+  AzureDisk CSI plugin. Requires CSIMigration and CSIMigrationAzureDisk feature
+  flags enabled and AzureDisk CSI plugin installed and configured on all nodes
+  in the cluster.
+- `CSIMigrationAzureFile`: Enables shims and translation logic to route volume
+  operations from the Azure-File in-tree plugin to AzureFile CSI plugin.
+  Supports falling back to in-tree AzureFile plugin if a node does not have
+  AzureFile CSI plugin installed and configured. Requires CSIMigration feature
+  flag enabled.
+- `CSIMigrationAzureFileComplete`: Stops registering the Azure-File in-tree
+  plugin in kubelet and volume controllers and enables shims and translation
+  logic to route volume operations from the Azure-File in-tree plugin to
+  AzureFile CSI plugin. Requires CSIMigration and CSIMigrationAzureFile feature
+  flags  enabled and AzureFile CSI plugin installed and configured on all nodes
+  in the cluster.
+- `CSIMigrationGCE`: Enables shims and translation logic to route volume
+  operations from the GCE-PD in-tree plugin to PD CSI plugin. Supports falling
+  back to in-tree GCE plugin if a node does not have PD CSI plugin installed and
+  configured. Requires CSIMigration feature flag enabled.
+- `CSIMigrationGCEComplete`: Stops registering the GCE-PD in-tree plugin in
+  kubelet and volume controllers and enables shims and translation logic to
+  route volume operations from the GCE-PD in-tree plugin to PD CSI plugin.
+  Requires CSIMigration and CSIMigrationGCE feature flags enabled and PD CSI
+  plugin installed and configured on all nodes in the cluster.
+- `CSIMigrationOpenStack`: Enables shims and translation logic to route volume
+  operations from the Cinder in-tree plugin to Cinder CSI plugin. Supports
+  falling back to in-tree Cinder plugin if a node does not have Cinder CSI
+  plugin installed and configured. Requires CSIMigration feature flag enabled.
+- `CSIMigrationOpenStackComplete`: Stops registering the Cinder in-tree plugin in
+  kubelet and volume controllers and enables shims and translation logic to route
+  volume operations from the Cinder in-tree plugin to Cinder CSI plugin.
+  Requires CSIMigration and CSIMigrationOpenStack feature flags enabled and Cinder
+  CSI plugin installed and configured on all nodes in the cluster.
+- `CSIMigrationvSphere`: Enables shims and translation logic to route volume operations
+  from the vSphere in-tree plugin to vSphere CSI plugin.
+  Supports falling back to in-tree vSphere plugin if a node does not have vSphere
+  CSI plugin installed and configured. Requires CSIMigration feature flag enabled.
+- `CSIMigrationvSphereComplete`: Stops registering the vSphere in-tree plugin in kubelet
+  and volume controllers and enables shims and translation logic to route volume operations
+  from the vSphere in-tree plugin to vSphere CSI plugin. Requires CSIMigration and
+  CSIMigrationvSphere feature flags enabled and vSphere CSI plugin installed and
+  configured on all nodes in the cluster.
 - `CSINodeInfo`: Enable all logic related to the CSINodeInfo API object in csi.storage.k8s.io.
 - `CSIPersistentVolume`: Enable discovering and mounting volumes provisioned through a
   [CSI (Container Storage Interface)](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/container-storage-interface.md)
   compatible volume plugin.
-- `CSIServiceAccountToken`: Enable CSI drivers to receive the pods' service account token that they mount volumes for. See [Token Requests](https://kubernetes-csi.github.io/docs/token-requests.html).
-- `CSIStorageCapacity`: Enables CSI drivers to publish storage capacity information and the Kubernetes scheduler to use that information when scheduling pods. See [Storage Capacity](/docs/concepts/storage/storage-capacity/).
+- `CSIServiceAccountToken`: Enable CSI drivers to receive the pods' service account token
+  that they mount volumes for. See
+  [Token Requests](https://kubernetes-csi.github.io/docs/token-requests.html).
+- `CSIStorageCapacity`: Enables CSI drivers to publish storage capacity information
+  and the Kubernetes scheduler to use that information when scheduling pods. See
+  [Storage Capacity](/docs/concepts/storage/storage-capacity/).
   Check the [`csi` volume type](/docs/concepts/storage/volumes/#csi) documentation for more details.
-- `CSIVolumeFSGroupPolicy`: Allows CSIDrivers to use the `fsGroupPolicy` field. This field controls whether volumes created by a CSIDriver support volume ownership and permission modifications when these volumes are mounted.
-- `CustomCPUCFSQuotaPeriod`: Enable nodes to change CPUCFSQuotaPeriod.
+- `CSIVolumeFSGroupPolicy`: Allows CSIDrivers to use the `fsGroupPolicy` field.
+  This field controls whether volumes created by a CSIDriver support volume ownership
+  and permission modifications when these volumes are mounted.
+- `ConfigurableFSGroupPolicy`: Allows user to configure volume permission change policy
+  for fsGroups when mounting a volume in a Pod. See
+  [Configure volume permission and ownership change policy for Pods](/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods)
+  for more details.
+- `CronJobControllerV2`: Use an alternative implementation of the
+  {{< glossary_tooltip text="CronJob" term_id="cronjob" >}} controller. Otherwise,
+  version 1 of the same controller is selected.
+  The version 2 controller provides experimental performance improvements.
+- `CustomCPUCFSQuotaPeriod`: Enable nodes to change `cpuCFSQuotaPeriod` in
+  [kubelet config](/docs/tasks/administer-cluster/kubelet-config-file/).
 - `CustomPodDNS`: Enable customizing the DNS settings for a Pod using its `dnsConfig` property.
-   Check [Pod's DNS Config](/docs/concepts/services-networking/dns-pod-service/#pods-dns-config)
-   for more details.
+  Check [Pod's DNS Config](/docs/concepts/services-networking/dns-pod-service/#pods-dns-config)
+  for more details.
 - `CustomResourceDefaulting`: Enable CRD support for default values in OpenAPI v3 validation schemas.
 - `CustomResourcePublishOpenAPI`: Enables publishing of CRD OpenAPI specs.
 - `CustomResourceSubresources`: Enable `/status` and `/scale` subresources
@@ -466,147 +546,253 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `CustomResourceWebhookConversion`: Enable webhook-based conversion
   on resources created from [CustomResourceDefinition](/docs/concepts/extend-kubernetes/api-extension/custom-resources/).
   troubleshoot a running Pod.
-- `DisableAcceleratorUsageMetrics`: [Disable accelerator metrics collected by the kubelet](/docs/concepts/cluster-administration/system-metrics/#disable-accelerator-metrics).
-- `DevicePlugins`: Enable the [device-plugins](/docs/concepts/cluster-administration/device-plugins/)
-  based resource provisioning on nodes.
 - `DefaultPodTopologySpread`: Enables the use of `PodTopologySpread` scheduling plugin to do
   [default spreading](/docs/concepts/workloads/pods/pod-topology-spread-constraints/#internal-default-constraints).
-- `DownwardAPIHugePages`: Enables usage of hugepages in downward API.
+- `DevicePlugins`: Enable the [device-plugins](/docs/concepts/cluster-administration/device-plugins/)
+  based resource provisioning on nodes.
+- `DisableAcceleratorUsageMetrics`:
+  [Disable accelerator metrics collected by the kubelet](/docs/concepts/cluster-administration/system-metrics/#disable-accelerator-metrics).
+- `DownwardAPIHugePages`: Enables usage of hugepages in
+  [downward API](/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information).
 - `DryRun`: Enable server-side [dry run](/docs/reference/using-api/api-concepts/#dry-run) requests
   so that validation, merging, and mutation can be tested without committing.
 - `DynamicAuditing`(*deprecated*): Used to enable dynamic auditing before v1.19.
-- `DynamicKubeletConfig`: Enable the dynamic configuration of kubelet. See [Reconfigure kubelet](/docs/tasks/administer-cluster/reconfigure-kubelet/).
-- `DynamicProvisioningScheduling`: Extend the default scheduler to be aware of volume topology and handle PV provisioning.
+- `DynamicKubeletConfig`: Enable the dynamic configuration of kubelet. See
+  [Reconfigure kubelet](/docs/tasks/administer-cluster/reconfigure-kubelet/).
+- `DynamicProvisioningScheduling`: Extend the default scheduler to be aware of
+  volume topology and handle PV provisioning.
   This feature is superseded by the `VolumeScheduling` feature completely in v1.12.
-- `DynamicVolumeProvisioning`(*deprecated*): Enable the [dynamic provisioning](/docs/concepts/storage/dynamic-provisioning/) of persistent volumes to Pods.
-- `EnableAggregatedDiscoveryTimeout` (*deprecated*): Enable the five second timeout on aggregated discovery calls.
-- `EnableEquivalenceClassCache`: Enable the scheduler to cache equivalence of nodes when scheduling Pods.
-- `EphemeralContainers`: Enable the ability to add {{< glossary_tooltip text="ephemeral containers"
-  term_id="ephemeral-container" >}} to running pods.
-- `EvenPodsSpread`: Enable pods to be scheduled evenly across topology domains. See [Pod Topology Spread Constraints](/docs/concepts/workloads/pods/pod-topology-spread-constraints/).
-- `ExecProbeTimeout`: Ensure kubelet respects exec probe timeouts. This feature gate exists in case any of your existing workloads depend on a now-corrected fault where Kubernetes ignored exec probe timeouts. See [readiness probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes).
-- `ExpandInUsePersistentVolumes`: Enable expanding in-use PVCs. See [Resizing an in-use PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim).
-- `ExpandPersistentVolumes`: Enable the expanding of persistent volumes. See [Expanding Persistent Volumes Claims](/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims).
-- `ExperimentalCriticalPodAnnotation`: Enable annotating specific pods as *critical* so that their [scheduling is guaranteed](/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/).
-  This feature is deprecated by Pod Priority and Preemption as of v1.13.
-- `ExperimentalHostUserNamespaceDefaultingGate`: Enabling the defaulting user
-   namespace to host. This is for containers that are using other host namespaces,
-   host mounts, or containers that are privileged or using specific non-namespaced
-   capabilities (e.g. `MKNODE`, `SYS_MODULE` etc.). This should only be enabled
-   if user namespace remapping is enabled in the Docker daemon.
-- `EndpointSlice`: Enables Endpoint Slices for more scalable and extensible
-   network endpoints. See [Enabling Endpoint Slices](/docs/tasks/administer-cluster/enabling-endpointslices/).
+- `DynamicVolumeProvisioning`(*deprecated*): Enable the
+  [dynamic provisioning](/docs/concepts/storage/dynamic-provisioning/) of persistent volumes to Pods.
+- `EfficientWatchResumption`: Allows for storage-originated bookmark (progress
+  notify) events to be delivered to the users. This is only applied to watch
+  operations.
+- `EnableAggregatedDiscoveryTimeout` (*deprecated*): Enable the five second
+  timeout on aggregated discovery calls.
+- `EnableEquivalenceClassCache`: Enable the scheduler to cache equivalence of
+  nodes when scheduling Pods.
+- `EndpointSlice`: Enables EndpointSlices for more scalable and extensible
+   network endpoints. See [Enabling EndpointSlices](/docs/tasks/administer-cluster/enabling-endpointslices/).
 - `EndpointSliceNodeName`: Enables EndpointSlice `nodeName` field.
-- `EndpointSliceTerminating`: Enables EndpointSlice `terminating` and `serving`
-   condition fields.
-- `EndpointSliceProxying`: When this feature gate is enabled, kube-proxy running
+- `EndpointSliceProxying`: When enabled, kube-proxy running
    on Linux will use EndpointSlices as the primary data source instead of
    Endpoints, enabling scalability and performance improvements. See
    [Enabling Endpoint Slices](/docs/tasks/administer-cluster/enabling-endpointslices/).
-- `WindowsEndpointSliceProxying`: When this feature gate is enabled, kube-proxy
-   running on Windows will use EndpointSlices as the primary data source instead
-   of Endpoints, enabling scalability and performance improvements. See
-   [Enabling Endpoint Slices](/docs/tasks/administer-cluster/enabling-endpointslices/).
+- `EndpointSliceTerminatingCondition`: Enables EndpointSlice `terminating` and `serving`
+   condition fields.
+- `EphemeralContainers`: Enable the ability to add
+  {{< glossary_tooltip text="ephemeral containers" term_id="ephemeral-container" >}}
+  to running pods.
+- `EvenPodsSpread`: Enable pods to be scheduled evenly across topology domains. See
+  [Pod Topology Spread Constraints](/docs/concepts/workloads/pods/pod-topology-spread-constraints/).
+- `ExecProbeTimeout`: Ensure kubelet respects exec probe timeouts.
+  This feature gate exists in case any of your existing workloads depend on a
+  now-corrected fault where Kubernetes ignored exec probe timeouts. See
+  [readiness probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes).
+- `ExpandCSIVolumes`: Enable the expanding of CSI volumes.
+- `ExpandInUsePersistentVolumes`: Enable expanding in-use PVCs. See
+  [Resizing an in-use PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim).
+- `ExpandPersistentVolumes`: Enable the expanding of persistent volumes. See
+  [Expanding Persistent Volumes Claims](/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims).
+- `ExperimentalCriticalPodAnnotation`: Enable annotating specific pods as *critical*
+  so that their [scheduling is guaranteed](/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/).
+  This feature is deprecated by Pod Priority and Preemption as of v1.13.
+- `ExperimentalHostUserNamespaceDefaulting`: Enabling the defaulting user
+  namespace to host. This is for containers that are using other host namespaces,
+  host mounts, or containers that are privileged or using specific non-namespaced
+  capabilities (e.g. `MKNODE`, `SYS_MODULE` etc.). This should only be enabled
+  if user namespace remapping is enabled in the Docker daemon.
 - `GCERegionalPersistentDisk`: Enable the regional PD feature on GCE.
-- `GenericEphemeralVolume`: Enables ephemeral, inline volumes that support all features of normal volumes (can be provided by third-party storage vendors, storage capacity tracking, restore from snapshot, etc.). See [Ephemeral Volumes](/docs/concepts/storage/ephemeral-volumes/).
-- `GracefulNodeShutdown`: Enables support for graceful shutdown in kubelet. During a system shutdown, kubelet will attempt to detect the shutdown event and gracefully terminate pods running on the node. See [Graceful Node Shutdown](/docs/concepts/architecture/nodes/#graceful-node-shutdown) for more details.
-- `HugePages`: Enable the allocation and consumption of pre-allocated [huge pages](/docs/tasks/manage-hugepages/scheduling-hugepages/).
-- `HugePageStorageMediumSize`: Enable support for multiple sizes pre-allocated [huge pages](/docs/tasks/manage-hugepages/scheduling-hugepages/).
-- `HyperVContainer`: Enable [Hyper-V isolation](https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container) for Windows containers.
-- `HPAScaleToZero`: Enables setting `minReplicas` to 0 for `HorizontalPodAutoscaler` resources when using custom or external metrics.
-- `ImmutableEphemeralVolumes`: Allows for marking individual Secrets and ConfigMaps as immutable for better safety and performance.
-- `KubeletConfigFile`: Enable loading kubelet configuration from a file specified using a config file.
-  See [setting kubelet parameters via a config file](/docs/tasks/administer-cluster/kubelet-config-file/) for more details.
+- `GenericEphemeralVolume`: Enables ephemeral, inline volumes that support all features
+  of normal volumes (can be provided by third-party storage vendors, storage capacity tracking,
+  restore from snapshot, etc.).
+  See [Ephemeral Volumes](/docs/concepts/storage/ephemeral-volumes/).
+- `GracefulNodeShutdown`: Enables support for graceful shutdown in kubelet.
+  During a system shutdown, kubelet will attempt to detect the shutdown event
+  and gracefully terminate pods running on the node. See
+  [Graceful Node Shutdown](/docs/concepts/architecture/nodes/#graceful-node-shutdown)
+  for more details.
+- `HPAContainerMetrics`: Enable the `HorizontalPodAutoscaler` to scale based on
+  metrics from individual containers in target pods.
+- `HPAScaleToZero`: Enables setting `minReplicas` to 0 for `HorizontalPodAutoscaler`
+  resources when using custom or external metrics.
+- `HugePages`: Enable the allocation and consumption of pre-allocated
+  [huge pages](/docs/tasks/manage-hugepages/scheduling-hugepages/).
+- `HugePageStorageMediumSize`: Enable support for multiple sizes pre-allocated
+  [huge pages](/docs/tasks/manage-hugepages/scheduling-hugepages/).
+- `HyperVContainer`: Enable
+  [Hyper-V isolation](https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container)
+  for Windows containers.
+- `IPv6DualStack`: Enable [dual stack](/docs/concepts/services-networking/dual-stack/)
+  support for IPv6.
+- `ImmutableEphemeralVolumes`: Allows for marking individual Secrets and ConfigMaps as
+  immutable for better safety and performance.
+- `KubeletConfigFile` (*deprecated*): Enable loading kubelet configuration from
+  a file specified using a config file.
+  See [setting kubelet parameters via a config file](/docs/tasks/administer-cluster/kubelet-config-file/)
+  for more details.
 - `KubeletCredentialProviders`: Enable kubelet exec credential providers for image pull credentials.
 - `KubeletPluginsWatcher`: Enable probe-based plugin watcher utility to enable kubelet
   to discover plugins such as [CSI volume drivers](/docs/concepts/storage/volumes/#csi).
-- `KubeletPodResources`: Enable the kubelet's pod resources grpc endpoint.
-   See [Support Device Monitoring](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/compute-device-assignment.md) for more details.
-- `LegacyNodeRoleBehavior`: When disabled, legacy behavior in service load balancers and node disruption will ignore the `node-role.kubernetes.io/master` label in favor of the feature-specific labels provided by `NodeDisruptionExclusion` and `ServiceNodeExclusion`.
-- `LocalStorageCapacityIsolation`: Enable the consumption of [local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/) and also the `sizeLimit` property of an [emptyDir volume](/docs/concepts/storage/volumes/#emptydir).
-- `LocalStorageCapacityIsolationFSQuotaMonitoring`: When `LocalStorageCapacityIsolation` is enabled for [local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/) and the backing filesystem for [emptyDir volumes](/docs/concepts/storage/volumes/#emptydir) supports project quotas and they are enabled, use project quotas to monitor [emptyDir volume](/docs/concepts/storage/volumes/#emptydir) storage consumption rather than filesystem walk for better performance and accuracy.
-- `MixedProtocolLBService`: Enable using different protocols in the same LoadBalancer type Service instance.
-- `MountContainers`: Enable using utility containers on host as the volume mounter.
+- `KubeletPodResources`: Enable the kubelet's pod resources GRPC endpoint. See
+  [Support Device Monitoring](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/compute-device-assignment.md)
+  for more details.
+- `LegacyNodeRoleBehavior`: When disabled, legacy behavior in service load balancers and
+  node disruption will ignore the `node-role.kubernetes.io/master` label in favor of the
+  feature-specific labels provided by `NodeDisruptionExclusion` and `ServiceNodeExclusion`.
+- `LocalStorageCapacityIsolation`: Enable the consumption of
+  [local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/)
+  and also the `sizeLimit` property of an
+  [emptyDir volume](/docs/concepts/storage/volumes/#emptydir).
+- `LocalStorageCapacityIsolationFSQuotaMonitoring`: When `LocalStorageCapacityIsolation`
+  is enabled for
+  [local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/)
+  and the backing filesystem for [emptyDir volumes](/docs/concepts/storage/volumes/#emptydir)
+  supports project quotas and they are enabled, use project quotas to monitor
+  [emptyDir volume](/docs/concepts/storage/volumes/#emptydir) storage consumption rather than
+  filesystem walk for better performance and accuracy.
+- `MixedProtocolLBService`: Enable using different protocols in the same `LoadBalancer` type
+  Service instance.
+- `MountContainers` (*deprecated*): Enable using utility containers on host as
+  the volume mounter.
 - `MountPropagation`: Enable sharing volume mounted by one container to other containers or pods.
   For more details, please see [mount propagation](/docs/concepts/storage/volumes/#mount-propagation).
-- `NodeDisruptionExclusion`: Enable use of the node label `node.kubernetes.io/exclude-disruption` which prevents nodes from being evacuated during zone failures.
+- `NodeDisruptionExclusion`: Enable use of the Node label `node.kubernetes.io/exclude-disruption`
+  which prevents nodes from being evacuated during zone failures.
 - `NodeLease`: Enable the new Lease API to report node heartbeats, which could be used as a node health signal.
-- `NonPreemptingPriority`: Enable NonPreempting option for PriorityClass and Pod.
+- `NonPreemptingPriority`: Enable `preemptionPolicy` field for PriorityClass and Pod.
+- `PVCProtection`: Enable the prevention of a PersistentVolumeClaim (PVC) from
+  being deleted when it is still used by any Pod.
 - `PersistentLocalVolumes`: Enable the usage of `local` volume type in Pods.
   Pod affinity has to be specified if requesting a `local` volume.
 - `PodDisruptionBudget`: Enable the [PodDisruptionBudget](/docs/tasks/run-application/configure-pdb/) feature.
-- `PodOverhead`: Enable the [PodOverhead](/docs/concepts/scheduling-eviction/pod-overhead/) feature to account for pod overheads.
-- `PodPriority`: Enable the descheduling and preemption of Pods based on their [priorities](/docs/concepts/configuration/pod-priority-preemption/).
+- `PodOverhead`: Enable the [PodOverhead](/docs/concepts/scheduling-eviction/pod-overhead/)
+  feature to account for pod overheads.
+- `PodPriority`: Enable the descheduling and preemption of Pods based on their
+  [priorities](/docs/concepts/configuration/pod-priority-preemption/).
 - `PodReadinessGates`: Enable the setting of `PodReadinessGate` field for extending
   Pod readiness evaluation.  See [Pod readiness gate](/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)
   for more details.
 - `PodShareProcessNamespace`: Enable the setting of `shareProcessNamespace` in a Pod for sharing
   a single process namespace between containers running in a pod.  More details can be found in
   [Share Process Namespace between Containers in a Pod](/docs/tasks/configure-pod-container/share-process-namespace/).
-- `ProcMountType`: Enables control over ProcMountType for containers.
-- `PVCProtection`: Enable the prevention of a PersistentVolumeClaim (PVC) from
-  being deleted when it is still used by any Pod.
-- `QOSReserved`: Allows resource reservations at the QoS level preventing pods at lower QoS levels from
-  bursting into resources requested at higher QoS levels (memory only for now).
+- `ProcMountType`: Enables control over the type proc mounts for containers
+  by setting the `procMount` field of a SecurityContext.
+- `QOSReserved`: Allows resource reservations at the QoS level preventing pods
+  at lower QoS levels from bursting into resources requested at higher QoS levels
+  (memory only for now).
+- `RemainingItemCount`: Allow the API servers to show a count of remaining
+  items in the response to a
+  [chunking list request](/docs/reference/using-api/api-concepts/#retrieving-large-results-sets-in-chunks).
+- `RemoveSelfLink`: Deprecates and removes `selfLink` from ObjectMeta and
+  ListMeta.
 - `ResourceLimitsPriorityFunction` (*deprecated*): Enable a scheduler priority function that
   assigns a lowest possible score of 1 to a node that satisfies at least one of
   the input Pod's cpu and memory limits. The intent is to break ties between
   nodes with same scores.
 - `ResourceQuotaScopeSelectors`: Enable resource quota scope selectors.
-- `RootCAConfigMap`: Configure the kube-controller-manager to publish a {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} named `kube-root-ca.crt` to every namespace. This ConfigMap contains a CA bundle used for verifying connections to the kube-apiserver.
-   See [Bound Service Account Tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md) for more details.
+- `RootCAConfigMap`: Configure the `kube-controller-manager` to publish a
+  {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}} named `kube-root-ca.crt`
+  to every namespace. This ConfigMap contains a CA bundle used for verifying connections
+  to the kube-apiserver. See
+  [Bound Service Account Tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md)
+  for more details.
 - `RotateKubeletClientCertificate`: Enable the rotation of the client TLS certificate on the kubelet.
   See [kubelet configuration](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#kubelet-configuration) for more details.
 - `RotateKubeletServerCertificate`: Enable the rotation of the server TLS certificate on the kubelet.
-  See [kubelet configuration](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#kubelet-configuration) for more details.
-- `RunAsGroup`: Enable control over the primary group ID set on the init processes of containers.
-- `RuntimeClass`: Enable the [RuntimeClass](/docs/concepts/containers/runtime-class/) feature for selecting container runtime configurations.
-- `ScheduleDaemonSetPods`: Enable DaemonSet Pods to be scheduled by the default scheduler instead of the DaemonSet controller.
-- `SCTPSupport`: Enables the _SCTP_ `protocol` value in Pod, Service, Endpoints, EndpointSlice, and NetworkPolicy definitions.
-- `ServerSideApply`: Enables the [Sever Side Apply (SSA)](/docs/reference/using-api/server-side-apply/) path at the API Server.
-- `ServiceAccountIssuerDiscovery`: Enable OIDC discovery endpoints (issuer and JWKS URLs) for the service account issuer in the API server. See [Configure Service Accounts for Pods](/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery) for more details.
+  See [kubelet configuration](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#kubelet-configuration)
+  for more details.
+- `RunAsGroup`: Enable control over the primary group ID set on the init
+  processes of containers.
+- `RuntimeClass`: Enable the [RuntimeClass](/docs/concepts/containers/runtime-class/) feature
+  for selecting container runtime configurations.
+- `ScheduleDaemonSetPods`: Enable DaemonSet Pods to be scheduled by the default scheduler
+  instead of the DaemonSet controller.
+- `SCTPSupport`: Enables the _SCTP_ `protocol` value in Pod, Service,
+  Endpoints, EndpointSlice, and NetworkPolicy definitions.
+- `ServerSideApply`: Enables the [Sever Side Apply (SSA)](/docs/reference/using-api/server-side-apply/)
+  feature on the API Server.
+- `ServiceAccountIssuerDiscovery`: Enable OIDC discovery endpoints (issuer and
+  JWKS URLs) for the service account issuer in the API server. See
+  [Configure Service Accounts for Pods](/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery)
+  for more details.
 - `ServiceAppProtocol`: Enables the `AppProtocol` field on Services and Endpoints.
-- `ServiceLBNodePortControl`: Enables the `spec.allocateLoadBalancerNodePorts` field on Services.
+- `ServiceLBNodePortControl`: Enables the `spec.allocateLoadBalancerNodePorts`
+  field on Services.
 - `ServiceLoadBalancerFinalizer`: Enable finalizer protection for Service load balancers.
-- `ServiceNodeExclusion`: Enable the exclusion of nodes from load balancers created by a cloud provider.
-  A node is eligible for exclusion if labelled with "`alpha.service-controller.kubernetes.io/exclude-balancer`" key or `node.kubernetes.io/exclude-from-external-load-balancers`.
-- `ServiceTopology`: Enable service to route traffic based upon the Node topology of the cluster. See [ServiceTopology](/docs/concepts/services-networking/service-topology/) for more details.
-- `SizeMemoryBackedVolumes`: Enables kubelet support to size memory backed volumes.  See [volumes](docs/concepts/storage/volumes) for more details.
-- `SetHostnameAsFQDN`: Enable the ability of setting Fully Qualified Domain Name(FQDN) as hostname of pod. See [Pod's `setHostnameAsFQDN` field](/docs/concepts/services-networking/dns-pod-service/#pod-sethostnameasfqdn-field).
-- `StartupProbe`: Enable the [startup](/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-startup-probe) probe in the kubelet.
+- `ServiceNodeExclusion`: Enable the exclusion of nodes from load balancers
+  created by a cloud provider. A node is eligible for exclusion if labelled with
+  "`node.kubernetes.io/exclude-from-external-load-balancers`".
+- `ServiceTopology`: Enable service to route traffic based upon the Node
+  topology of the cluster. See
+  [ServiceTopology](/docs/concepts/services-networking/service-topology/)
+  for more details.
+- `SizeMemoryBackedVolumes`: Enables kubelet support to size memory backed volumes.
+  See [volumes](docs/concepts/storage/volumes) for more details.
+- `SetHostnameAsFQDN`: Enable the ability of setting Fully Qualified Domain
+  Name(FQDN) as the hostname of a pod. See
+  [Pod's `setHostnameAsFQDN` field](/docs/concepts/services-networking/dns-pod-service/#pod-sethostnameasfqdn-field).
+- `SizeMemoryBackedVolumes`: Enable kubelets to determine the size limit for
+  memory-backed volumes (mainly `emptyDir` volumes).
+- `StartupProbe`: Enable the
+  [startup](/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-startup-probe)
+  probe in the kubelet.
 - `StorageObjectInUseProtection`: Postpone the deletion of PersistentVolume or
   PersistentVolumeClaim objects if they are still being used.
-- `StorageVersionHash`: Allow apiservers to expose the storage version hash in the discovery.
+- `StorageVersionAPI`: Enable the
+  [storage version API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#storageversion-v1alpha1-internal-apiserver-k8s-io).
+- `StorageVersionHash`: Allow API servers to expose the storage version hash in the
+  discovery.
 - `StreamingProxyRedirects`: Instructs the API server to intercept (and follow)
-   redirects from the backend (kubelet) for streaming requests.
+  redirects from the backend (kubelet) for streaming requests.
   Examples of streaming requests include the `exec`, `attach` and `port-forward` requests.
 - `SupportIPVSProxyMode`: Enable providing in-cluster service load balancing using IPVS.
   See [service proxies](/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies) for more details.
 - `SupportPodPidsLimit`: Enable the support to limiting PIDs in Pods.
-- `SupportNodePidsLimit`: Enable the support to limiting PIDs on the Node. The parameter `pid=<number>` in the `--system-reserved` and `--kube-reserved` options can be specified to ensure that the specified number of process IDs will be reserved for the system as a whole and for Kubernetes system daemons respectively.
-- `Sysctls`: Enable support for namespaced kernel parameters (sysctls) that can be set for each pod.
-  See [sysctls](/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
-- `TaintBasedEvictions`: Enable evicting pods from nodes based on taints on nodes and tolerations on Pods.
-  See [taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/) for more details.
-- `TaintNodesByCondition`: Enable automatic tainting nodes based on [node conditions](/docs/concepts/architecture/nodes/#condition).
+- `SupportNodePidsLimit`: Enable the support to limiting PIDs on the Node.
+  The parameter `pid=<number>` in the `--system-reserved` and `--kube-reserved`
+  options can be specified to ensure that the specified number of process IDs
+  will be reserved for the system as a whole and for Kubernetes system daemons
+  respectively.
+- `Sysctls`: Enable support for namespaced kernel parameters (sysctls) that can be
+  set for each pod. See
+  [sysctls](/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
+- `TTLAfterFinished`: Allow a
+  [TTL controller](/docs/concepts/workloads/controllers/ttlafterfinished/)
+  to clean up resources after they finish execution.
+- `TaintBasedEvictions`: Enable evicting pods from nodes based on taints on Nodes
+  and tolerations on Pods.
+  See [taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/)
+  for more details.
+- `TaintNodesByCondition`: Enable automatic tainting nodes based on
+  [node conditions](/docs/concepts/architecture/nodes/#condition).
 - `TokenRequest`: Enable the `TokenRequest` endpoint on service account resources.
-- `TokenRequestProjection`: Enable the injection of service account tokens into
-  a Pod through the [`projected` volume](/docs/concepts/storage/volumes/#projected).
-- `TopologyManager`: Enable a mechanism to coordinate fine-grained hardware resource assignments for different components in Kubernetes. See [Control Topology Management Policies on a node](/docs/tasks/administer-cluster/topology-manager/).
-- `TTLAfterFinished`: Allow a [TTL controller](/docs/concepts/workloads/controllers/ttlafterfinished/) to clean up resources after they finish execution.
+- `TokenRequestProjection`: Enable the injection of service account tokens into a
+  Pod through a [`projected` volume](/docs/concepts/storage/volumes/#projected).
+- `TopologyManager`: Enable a mechanism to coordinate fine-grained hardware resource
+  assignments for different components in Kubernetes. See
+  [Control Topology Management Policies on a node](/docs/tasks/administer-cluster/topology-manager/).
 - `VolumePVCDataSource`: Enable support for specifying an existing PVC as a DataSource.
 - `VolumeScheduling`: Enable volume topology aware scheduling and make the
   PersistentVolumeClaim (PVC) binding aware of scheduling decisions. It also
   enables the usage of [`local`](/docs/concepts/storage/volumes/#local) volume
   type when used together with the `PersistentLocalVolumes` feature gate.
 - `VolumeSnapshotDataSource`: Enable volume snapshot data source support.
-- `VolumeSubpathEnvExpansion`: Enable `subPathExpr` field for expanding environment variables into a `subPath`.
+- `VolumeSubpathEnvExpansion`: Enable `subPathExpr` field for expanding environment
+  variables into a `subPath`.
+- `WarningHeaders`: Allow sending warning headers in API responses.
 - `WatchBookmark`: Enable support for watch bookmark events.
-- `WindowsGMSA`: Enables passing of GMSA credential specs from pods to container runtimes.
-- `WindowsRunAsUserName` : Enable support for running applications in Windows containers with as a non-default user.
-  See [Configuring RunAsUserName](/docs/tasks/configure-pod-container/configure-runasusername) for more details.
 - `WinDSR`: Allows kube-proxy to create DSR loadbalancers for Windows.
 - `WinOverlay`: Allows kube-proxy to run in overlay mode for Windows.
+- `WindowsGMSA`: Enables passing of GMSA credential specs from pods to container runtimes.
+- `WindowsRunAsUserName` : Enable support for running applications in Windows containers
+  with as a non-default user. See
+  [Configuring RunAsUserName](/docs/tasks/configure-pod-container/configure-runasusername)
+  for more details.
+- `WindowsEndpointSliceProxying`: When enabled, kube-proxy running on Windows
+  will use EndpointSlices as the primary data source instead of Endpoints,
+  enabling scalability and performance improvements. See
+  [Enabling Endpoint Slices](/docs/tasks/administer-cluster/enabling-endpointslices/).
 
 
 ## {{% heading "whatsnext" %}}
diff --git a/content/en/docs/reference/glossary/api-group.md b/content/en/docs/reference/glossary/api-group.md
index 6f87e3b041..0eccd9bf6f 100644
--- a/content/en/docs/reference/glossary/api-group.md
+++ b/content/en/docs/reference/glossary/api-group.md
@@ -2,7 +2,7 @@
 title: API Group
 id: api-group
 date: 2019-09-02
-full_link: /docs/concepts/overview/kubernetes-api/#api-groups
+full_link: /docs/concepts/overview/kubernetes-api/#api-groups-and-versioning
 short_description: >
   A set of related paths in the Kubernetes API.
 
diff --git a/content/en/docs/reference/glossary/wg.md b/content/en/docs/reference/glossary/wg.md
index 2a3b8786f6..89ea85fca7 100755
--- a/content/en/docs/reference/glossary/wg.md
+++ b/content/en/docs/reference/glossary/wg.md
@@ -12,9 +12,8 @@ tags:
 ---
  Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, {{< glossary_tooltip text="SIG" term_id="sig" >}}, or cross-SIG effort.
 
-<!--more--> 
+<!--more-->
 
-Working groups are a way of organizing people to accomplish a discrete task, and are relatively easy to create and deprecate when inactive.
+Working groups are a way of organizing people to accomplish a discrete task.
 
 For more information, see the [kubernetes/community](https://github.com/kubernetes/community) repo and the current list of [SIGs and working groups](https://github.com/kubernetes/community/blob/master/sig-list.md).
-
diff --git a/content/en/docs/reference/kubectl/cheatsheet.md b/content/en/docs/reference/kubectl/cheatsheet.md
index 2ed62c2e2a..79ca330bd5 100644
--- a/content/en/docs/reference/kubectl/cheatsheet.md
+++ b/content/en/docs/reference/kubectl/cheatsheet.md
@@ -195,7 +195,7 @@ JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.ty
  && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
 
 # Output decoded secrets without external tools
-kubectl get secret ${secret_name} -o go-template='{{range $k,$v := .data}}{{$k}}={{$v|base64decode}}{{"\n"}}{{end}}'
+kubectl get secret my-secret -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"\n"}}{{$v|base64decode}}{{"\n\n"}}{{end}}'
 
 # List all Secrets currently in use by a pod
 kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq
@@ -337,7 +337,7 @@ kubectl taint nodes foo dedicated=special-user:NoSchedule
 
 ### Resource types
 
-List all supported resource types along with their shortnames, [API group](/docs/concepts/overview/kubernetes-api/#api-groups), whether they are [namespaced](/docs/concepts/overview/working-with-objects/namespaces), and [Kind](/docs/concepts/overview/working-with-objects/kubernetes-objects):
+List all supported resource types along with their shortnames, [API group](/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning), whether they are [namespaced](/docs/concepts/overview/working-with-objects/namespaces), and [Kind](/docs/concepts/overview/working-with-objects/kubernetes-objects):
 
 ```bash
 kubectl api-resources
diff --git a/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md b/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
index 3fa3bc9a74..8aa8ed0c78 100644
--- a/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
+++ b/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
@@ -250,15 +250,15 @@ CustomResourceDefinitionSpec describes how a user wants their resource to appear
   - **conversion.webhook.clientConfig.url** (string)
 
     url gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
-    
+
     The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
-    
-    Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
-    
+
+    Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installations are likely to be non-portable or not readily run in a new cluster.
+
     The scheme must be "https"; the URL must begin with "https://".
-    
+
     A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
-    
+
     Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
 
 - **preserveUnknownFields** (boolean)
diff --git a/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md b/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
index ac32c9aaaa..9e17c11ae3 100644
--- a/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
+++ b/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
@@ -82,15 +82,15 @@ MutatingWebhookConfiguration describes the configuration of and admission webhoo
   - **webhooks.clientConfig.url** (string)
 
     `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
-    
+
     The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
-    
-    Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
-    
+
+    Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installations are likely to be non-portable or not readily run in a new cluster.
+
     The scheme must be "https"; the URL must begin with "https://".
-    
+
     A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
-    
+
     Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
 
   - **webhooks.name** (string), required
diff --git a/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md b/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
index a680b1f7aa..84d26265a3 100644
--- a/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
+++ b/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
@@ -82,15 +82,15 @@ ValidatingWebhookConfiguration describes the configuration of and admission webh
   - **webhooks.clientConfig.url** (string)
 
     `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
-    
+
     The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
-    
-    Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
-    
+
+    Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installations are likely to be non-portable or not readily run in a new cluster.
+
     The scheme must be "https"; the URL must begin with "https://".
-    
+
     A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
-    
+
     Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
 
   - **webhooks.name** (string), required
diff --git a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md
index 6da8963f17..5a321ec670 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md
@@ -28,7 +28,7 @@ The cluster that `kubeadm init` and `kubeadm join` set up should be:
    - lock-down the kubelet API
    - locking down access to the API for system components like the kube-proxy and CoreDNS
    - locking down what a Bootstrap Token can access
- - **Easy to use**: The user should not have to run anything more than a couple of commands:
+ - **User-friendly**: The user should not have to run anything more than a couple of commands:
    - `kubeadm init`
    - `export KUBECONFIG=/etc/kubernetes/admin.conf`
    - `kubectl apply -f <network-of-choice.yaml>`
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md
index 0a39f70927..53ca4a789b 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md
@@ -108,7 +108,7 @@ if the `kubeadm init` command was called with `--upload-certs`.
   control-plane node even if other worker nodes or the network are compromised.
 
 - Convenient to execute manually since all of the information required fits
-  into a single `kubeadm join` command that is easy to copy and paste.
+  into a single `kubeadm join` command.
 
 **Disadvantages:**
 
diff --git a/content/en/docs/reference/tools.md b/content/en/docs/reference/tools.md
index ceeadbb279..41d8ef4d1c 100644
--- a/content/en/docs/reference/tools.md
+++ b/content/en/docs/reference/tools.md
@@ -20,8 +20,8 @@ Kubernetes contains several built-in tools to help you work with the Kubernetes
 
 ## Minikube
 
-[`minikube`](https://minikube.sigs.k8s.io/docs/) is a tool that makes it
-easy to run a single-node Kubernetes cluster locally on your workstation for
+[`minikube`](https://minikube.sigs.k8s.io/docs/) is a tool that
+runs a single-node Kubernetes cluster locally on your workstation for
 development and testing purposes.
 
 ## Dashboard
@@ -51,4 +51,3 @@ Use Kompose to:
 * Translate a Docker Compose file into Kubernetes objects
 * Go from local Docker development to managing your application via Kubernetes
 * Convert v1 or v2 Docker Compose `yaml` files or [Distributed Application Bundles](https://docs.docker.com/compose/bundles/)
-
diff --git a/content/en/docs/reference/using-api/server-side-apply.md b/content/en/docs/reference/using-api/server-side-apply.md
index c281eb9400..302ae94d8b 100644
--- a/content/en/docs/reference/using-api/server-side-apply.md
+++ b/content/en/docs/reference/using-api/server-side-apply.md
@@ -297,7 +297,7 @@ is not what the user wants to happen, even temporarily.
 
 There are two solutions:
 
-- (easy) Leave `replicas` in the configuration; when HPA eventually writes to that
+- (basic) Leave `replicas` in the configuration; when HPA eventually writes to that
   field, the system gives the user a conflict over it. At that point, it is safe
   to remove from the configuration.
 
diff --git a/content/en/docs/setup/production-environment/container-runtimes.md b/content/en/docs/setup/production-environment/container-runtimes.md
index 15bd4a131d..59725188d8 100644
--- a/content/en/docs/setup/production-environment/container-runtimes.md
+++ b/content/en/docs/setup/production-environment/container-runtimes.md
@@ -122,7 +122,7 @@ sudo apt-get update && sudo apt-get install -y containerd.io
 ```shell
 # Configure containerd
 sudo mkdir -p /etc/containerd
-sudo containerd config default | sudo tee /etc/containerd/config.toml
+containerd config default | sudo tee /etc/containerd/config.toml
 ```
 
 ```shell
@@ -140,7 +140,7 @@ sudo apt-get update && sudo apt-get install -y containerd
 ```shell
 # Configure containerd
 sudo mkdir -p /etc/containerd
-sudo containerd config default | sudo tee /etc/containerd/config.toml
+containerd config default | sudo tee /etc/containerd/config.toml
 ```
 
 ```shell
@@ -210,7 +210,7 @@ sudo yum update -y && sudo yum install -y containerd.io
 ```shell
 ## Configure containerd
 sudo mkdir -p /etc/containerd
-sudo containerd config default | sudo tee /etc/containerd/config.toml
+containerd config default | sudo tee /etc/containerd/config.toml
 ```
 
 ```shell
diff --git a/content/en/docs/setup/production-environment/tools/kops.md b/content/en/docs/setup/production-environment/tools/kops.md
index 8394c28faf..13a2474600 100644
--- a/content/en/docs/setup/production-environment/tools/kops.md
+++ b/content/en/docs/setup/production-environment/tools/kops.md
@@ -39,7 +39,7 @@ kops is an automated provisioning system:
 
 #### Installation
 
-Download kops from the [releases page](https://github.com/kubernetes/kops/releases) (it is also easy to build from source):
+Download kops from the [releases page](https://github.com/kubernetes/kops/releases) (it is also convenient to build from source):
 
 {{< tabs name="kops_installation" >}}
 {{% tab name="macOS" %}}
@@ -147,7 +147,7 @@ You must then set up your NS records in the parent domain, so that records in th
 you would create NS records in `example.com` for `dev`.  If it is a root domain name you would configure the NS
 records at your domain registrar (e.g. `example.com` would need to be configured where you bought `example.com`).
 
-This step is easy to mess up (it is the #1 cause of problems!)  You can double-check that
+Verify your route53 domain setup (it is the #1 cause of problems!). You can double-check that
 your cluster is configured correctly if you have the dig tool by running:
 
 `dig NS dev.example.com`
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
index 9c6acf5560..4d932e3e05 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
@@ -8,7 +8,7 @@ weight: 30
 
 <!-- overview -->
 
-<img src="https://raw.githubusercontent.com/kubernetes/kubeadm/master/logos/stacked/color/kubeadm-stacked-color.png" align="right" width="150px">Creating a minimum viable Kubernetes cluster that conforms to best practices. In fact, you can use `kubeadm` to set up a cluster that will pass the [Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification).
+<img src="https://raw.githubusercontent.com/kubernetes/kubeadm/master/logos/stacked/color/kubeadm-stacked-color.png" align="right" width="150px">Using `kubeadm`, you can create a minimum viable Kubernetes cluster that conforms to best practices. In fact, you can use `kubeadm` to set up a cluster that will pass the [Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification).
 `kubeadm` also supports other cluster
 lifecycle functions, such as [bootstrap tokens](/docs/reference/access-authn-authz/bootstrap-tokens/) and cluster upgrades.
 
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
index 7c44f6e689..394820324d 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
@@ -236,8 +236,8 @@ curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_
 Define the directory to download command files  
 
 {{< note >}}
-The DOWNLOAD_DIR variable must be set to a writable directory.
-If you are running Flatcar Container Linux, set DOWNLOAD_DIR=/opt/bin.
+The `DOWNLOAD_DIR` variable must be set to a writable directory.
+If you are running Flatcar Container Linux, set `DOWNLOAD_DIR=/opt/bin`.
 {{< /note >}}
 
 ```bash
@@ -308,13 +308,6 @@ or `/etc/default/kubelet`(`/etc/sysconfig/kubelet` for RPMs), please remove it a
 (stored in `/var/lib/kubelet/config.yaml` by default).
 {{< /note >}}
 
-Restarting the kubelet is required:
-
-```bash
-sudo systemctl daemon-reload
-sudo systemctl restart kubelet
-```
-
 The automatic detection of cgroup driver for other container runtimes
 like CRI-O and containerd is work in progress.
 
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md
index ded4250787..717ad579d4 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md
@@ -363,7 +363,7 @@ kubectl taint nodes NODE_NAME node-role.kubernetes.io/master:NoSchedule-
 
 ## `/usr` is mounted read-only on nodes {#usr-mounted-read-only}
 
-On Linux distributions such as Fedora CoreOS, the directory `/usr` is mounted as a read-only filesystem.
+On Linux distributions such as Fedora CoreOS or Flatcar Container Linux, the directory `/usr` is mounted as a read-only filesystem.
 For [flex-volume support](https://github.com/kubernetes/community/blob/ab55d85/contributors/devel/sig-storage/flexvolume.md),
 Kubernetes components like the kubelet and kube-controller-manager use the default path of
 `/usr/libexec/kubernetes/kubelet-plugins/volume/exec/`, yet the flex-volume directory _must be writeable_
diff --git a/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md b/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
index 25eeb18050..03ff264816 100644
--- a/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
+++ b/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
@@ -15,7 +15,7 @@ Windows applications constitute a large portion of the services and applications
 
 ## Windows containers in Kubernetes
 
-To enable the orchestration of Windows containers in Kubernetes, simply include Windows nodes in your existing Linux cluster. Scheduling Windows containers in {{< glossary_tooltip text="Pods" term_id="pod" >}} on Kubernetes is as simple and easy as scheduling Linux-based containers.
+To enable the orchestration of Windows containers in Kubernetes, include Windows nodes in your existing Linux cluster. Scheduling Windows containers in {{< glossary_tooltip text="Pods" term_id="pod" >}} on Kubernetes is similar to scheduling Linux-based containers.
 
 In order to run Windows containers, your Kubernetes cluster must include multiple operating systems, with control plane nodes running Linux and workers running either Windows or Linux depending on your workload needs. Windows Server 2019 is the only Windows operating system supported, enabling [Kubernetes Node](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/architecture.md#the-kubernetes-node) on Windows (including kubelet, [container runtime](https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/containerd), and kube-proxy). For a detailed explanation of Windows distribution channels see the [Microsoft documentation](https://docs.microsoft.com/en-us/windows-server/get-started-19/servicing-channels-19).
 
diff --git a/content/en/docs/setup/release/notes.md b/content/en/docs/setup/release/notes.md
index 34d669e746..adbdb7c48e 100644
--- a/content/en/docs/setup/release/notes.md
+++ b/content/en/docs/setup/release/notes.md
@@ -92,7 +92,7 @@ We expect this implementation to progress from alpha to beta and GA in coming re
 
 ### go1.15.5
 
-go1.15.5 has been integrated to Kubernets project as of this release, [including other infrastructure related updates on this effort](https://github.com/kubernetes/kubernetes/pull/95776).
+go1.15.5 has been integrated to Kubernetes project as of this release, [including other infrastructure related updates on this effort](https://github.com/kubernetes/kubernetes/pull/95776).
 
 ### CSI Volume Snapshot graduates to General Availability
 
@@ -190,7 +190,7 @@ Currently, cadvisor_stats_provider provides AcceleratorStats but cri_stats_provi
   PodSubnet validates against the corresponding cluster "--node-cidr-mask-size" of the kube-controller-manager, it fail if the values are not compatible.
   kubeadm no longer sets the node-mask automatically on IPv6 deployments, you must check that your IPv6 service subnet mask is compatible with the default node mask /64 or set it accordenly. 
   Previously, for IPv6, if the podSubnet had a mask lower than /112, kubeadm calculated a node-mask to be multiple of eight and splitting the available bits to maximise the number used for nodes. ([#95723](https://github.com/kubernetes/kubernetes/pull/95723), [@aojea](https://github.com/aojea)) [SIG Cluster Lifecycle]
-- The deprecated flag --experimental-kustomize is now removed from kubeadm commands. Use --experimental-patches instead, which was introduced in 1.19. Migration infromation available in --help description for --exprimental-patches. ([#94871](https://github.com/kubernetes/kubernetes/pull/94871), [@neolit123](https://github.com/neolit123))
+- The deprecated flag --experimental-kustomize is now removed from kubeadm commands. Use --experimental-patches instead, which was introduced in 1.19. Migration information available in --help description for --experimental-patches. ([#94871](https://github.com/kubernetes/kubernetes/pull/94871), [@neolit123](https://github.com/neolit123))
 - Windows hyper-v container featuregate is deprecated in 1.20 and will be removed in 1.21 ([#95505](https://github.com/kubernetes/kubernetes/pull/95505), [@wawa0210](https://github.com/wawa0210)) [SIG Node and Windows]
 - The kube-apiserver ability to serve on an insecure port, deprecated since v1.10, has been removed. The insecure address flags `--address` and `--insecure-bind-address` have no effect in kube-apiserver and will be removed in v1.24. The insecure port flags `--port` and `--insecure-port` may only be set to 0 and will be removed in v1.24. ([#95856](https://github.com/kubernetes/kubernetes/pull/95856), [@knight42](https://github.com/knight42), [SIG API Machinery, Node, Testing])
 - Add dual-stack Services (alpha).  This is a BREAKING CHANGE to an alpha API.
@@ -2138,4 +2138,4 @@ filename | sha512 hash
 - github.com/godbus/dbus: [ade71ed](https://github.com/godbus/dbus/tree/ade71ed)
 - github.com/xlab/handysort: [fb3537e](https://github.com/xlab/handysort/tree/fb3537e)
 - sigs.k8s.io/structured-merge-diff/v3: v3.0.0
-- vbom.ml/util: db5cfe1
\ No newline at end of file
+- vbom.ml/util: db5cfe1
diff --git a/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md b/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md
index 16fce652cc..72f069d6ac 100644
--- a/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md
+++ b/content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md
@@ -163,7 +163,7 @@ Backing up an etcd cluster can be accomplished in two ways: etcd built-in snapsh
 
 ### Built-in snapshot
 
-etcd supports built-in snapshot, so backing up an etcd cluster is easy. A snapshot may either be taken from a live member with the `etcdctl snapshot save` command or by copying the `member/snap/db` file from an etcd [data directory](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#--data-dir) that is not currently used by an etcd process. Taking the snapshot will normally not affect the performance of the member.
+etcd supports built-in snapshot. A snapshot may either be taken from a live member with the `etcdctl snapshot save` command or by copying the `member/snap/db` file from an etcd [data directory](https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#--data-dir) that is not currently used by an etcd process. Taking the snapshot will normally not affect the performance of the member.
 
 Below is an example for taking a snapshot of the keyspace served by `$ENDPOINT` to the file `snapshotdb`:
 
diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md b/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
index 3897d6566e..2f23379400 100644
--- a/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
+++ b/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
@@ -72,7 +72,7 @@ Once you have a Linux-based Kubernetes control-plane node you are ready to choos
           "Network": "10.244.0.0/16",
           "Backend": {
             "Type": "vxlan",
-            "VNI" : 4096,
+            "VNI": 4096,
             "Port": 4789
           }
         }
diff --git a/content/en/docs/tasks/administer-cluster/limit-storage-consumption.md b/content/en/docs/tasks/administer-cluster/limit-storage-consumption.md
index 89f130a010..c982a9cb7c 100644
--- a/content/en/docs/tasks/administer-cluster/limit-storage-consumption.md
+++ b/content/en/docs/tasks/administer-cluster/limit-storage-consumption.md
@@ -5,7 +5,7 @@ content_type: task
 
 <!-- overview -->
 
-This example demonstrates an easy way to limit the amount of storage consumed in a namespace.
+This example demonstrates how to limit the amount of storage consumed in a namespace.
 
 The following resources are used in the demonstration: [ResourceQuota](/docs/concepts/policy/resource-quotas/),
 [LimitRange](/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/),
diff --git a/content/en/docs/tasks/administer-cluster/out-of-resource.md b/content/en/docs/tasks/administer-cluster/out-of-resource.md
index c45a773c45..f750dd2585 100644
--- a/content/en/docs/tasks/administer-cluster/out-of-resource.md
+++ b/content/en/docs/tasks/administer-cluster/out-of-resource.md
@@ -117,9 +117,10 @@ The `kubelet` has the following default hard eviction threshold:
 
 * `memory.available<100Mi`
 * `nodefs.available<10%`
-* `nodefs.inodesFree<5%`
 * `imagefs.available<15%`
 
+On a Linux node, the default value also includes `nodefs.inodesFree<5%`.
+
 ### Eviction Monitoring Interval
 
 The `kubelet` evaluates eviction thresholds per its configured housekeeping interval.
@@ -140,6 +141,7 @@ The following node conditions are defined that correspond to the specified evict
 |-------------------|---------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|
 | `MemoryPressure`  | `memory.available`                                                                    | Available memory on the node has satisfied an eviction threshold                                                             |
 | `DiskPressure`    | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, or `imagefs.inodesFree` | Available disk space and inodes on either the node's root filesystem or image filesystem has satisfied an eviction threshold |
+| `PIDPressure`     | `pid.available`                                                                       | Available processes identifiers on the (Linux) node has fallen below an eviction threshold                                   |                                                         |
 
 The `kubelet` continues to report node status updates at the frequency specified by
 `--node-status-update-frequency` which defaults to `10s`.
diff --git a/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md b/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md
index 7f56e4ec85..4f71db554a 100644
--- a/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md
+++ b/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md
@@ -23,7 +23,7 @@ dynamically, you need a strong understanding of how that change will affect your
 cluster's behavior. Always carefully test configuration changes on a small set
 of nodes before rolling them out cluster-wide. Advice on configuring specific
 fields is available in the inline `KubeletConfiguration`
-[type documentation](https://github.com/kubernetes/kubernetes/blob/release-1.11/pkg/kubelet/apis/kubeletconfig/v1beta1/types.go).
+[type documentation (for v1.20)](https://github.com/kubernetes/kubernetes/blob/release-1.20/staging/src/k8s.io/kubelet/config/v1beta1/types.go).
 {{< /warning >}}
 
 
diff --git a/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md b/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md
index 8ed9730415..23f85f109b 100644
--- a/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md
+++ b/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md
@@ -187,7 +187,7 @@ Where `YWRtaW5pc3RyYXRvcg==` decodes to `administrator`.
 To delete the Secret you have just created:
 
 ```shell
-kubectl delete secret db-user-pass
+kubectl delete secret mysecret
 ```
 
 ## {{% heading "whatsnext" %}}
diff --git a/content/en/docs/tasks/configure-pod-container/static-pod.md b/content/en/docs/tasks/configure-pod-container/static-pod.md
index cf31d822d6..071c1614fc 100644
--- a/content/en/docs/tasks/configure-pod-container/static-pod.md
+++ b/content/en/docs/tasks/configure-pod-container/static-pod.md
@@ -22,6 +22,7 @@ The kubelet automatically tries to create a {{< glossary_tooltip text="mirror Po
 on the Kubernetes API server for each static Pod.
 This means that the Pods running on a node are visible on the API server,
 but cannot be controlled from there.
+The Pod names will suffixed with the node hostname with a leading hyphen
 
 {{< note >}}
 If you are running clustered Kubernetes and are using static
@@ -237,4 +238,3 @@ CONTAINER ID        IMAGE         COMMAND                CREATED           ...
 e7a62e3427f1        nginx:latest  "nginx -g 'daemon of   27 seconds ago
 ```
 
-
diff --git a/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md b/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md
index 4fadbb3f42..cc4d5c9e3c 100644
--- a/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md
+++ b/content/en/docs/tasks/configure-pod-container/translate-compose-kubernetes.md
@@ -35,13 +35,13 @@ Kompose is released via GitHub on a three-week cycle, you can see all current re
 
 ```sh
 # Linux
-curl -L https://github.com/kubernetes/kompose/releases/download/v1.21.0/kompose-linux-amd64 -o kompose
+curl -L https://github.com/kubernetes/kompose/releases/download/v1.22.0/kompose-linux-amd64 -o kompose
 
 # macOS
-curl -L https://github.com/kubernetes/kompose/releases/download/v1.21.0/kompose-darwin-amd64 -o kompose
+curl -L https://github.com/kubernetes/kompose/releases/download/v1.22.0/kompose-darwin-amd64 -o kompose
 
 # Windows
-curl -L https://github.com/kubernetes/kompose/releases/download/v1.21.0/kompose-windows-amd64.exe -o kompose.exe
+curl -L https://github.com/kubernetes/kompose/releases/download/v1.22.0/kompose-windows-amd64.exe -o kompose.exe
 
 chmod +x kompose
 sudo mv ./kompose /usr/local/bin/kompose
@@ -127,23 +127,7 @@ you need is an existing `docker-compose.yml` file.
             kompose.service.type: LoadBalancer
       ```
 
-2.  Run the `kompose up` command to deploy to Kubernetes directly, or skip to
-    the next step instead to generate a file to use with `kubectl`.
-
-      ```bash
-      $ kompose up
-      We are going to create Kubernetes Deployments, Services and PersistentVolumeClaims for your Dockerized application.
-      If you need different kind of resources, use the 'kompose convert' and 'kubectl apply -f' commands instead.
-
-      INFO Successfully created Service: redis          
-      INFO Successfully created Service: web            
-      INFO Successfully created Deployment: redis       
-      INFO Successfully created Deployment: web         
-
-      Your application has been deployed to Kubernetes. You can run 'kubectl get deployment,svc,pods,pvc' for details.
-      ```
-
-3.  To convert the `docker-compose.yml` file to files that you can use with
+2.  To convert the `docker-compose.yml` file to files that you can use with
     `kubectl`, run `kompose convert` and then `kubectl apply -f <output file>`.
 
       ```bash
@@ -168,7 +152,7 @@ you need is an existing `docker-compose.yml` file.
 
       Your deployments are running in Kubernetes.
 
-4.  Access your application.
+3.  Access your application.
 
       If you're already using `minikube` for your development process:
 
diff --git a/content/en/docs/tasks/debug-application-cluster/debug-service.md b/content/en/docs/tasks/debug-application-cluster/debug-service.md
index 4ee9d6f490..ba141135fa 100644
--- a/content/en/docs/tasks/debug-application-cluster/debug-service.md
+++ b/content/en/docs/tasks/debug-application-cluster/debug-service.md
@@ -18,10 +18,10 @@ you to figure out what's going wrong.
 ## Running commands in a Pod
 
 For many steps here you will want to see what a Pod running in the cluster
-sees.  The simplest way to do this is to run an interactive alpine Pod:
+sees.  The simplest way to do this is to run an interactive busybox Pod:
 
 ```none
-kubectl run -it --rm --restart=Never alpine --image=alpine sh
+kubectl run -it --rm --restart=Never busybox --image=gcr.io/google-containers/busybox sh
 ```
 
 {{< note >}}
diff --git a/content/en/docs/tasks/debug-application-cluster/events-stackdriver.md b/content/en/docs/tasks/debug-application-cluster/events-stackdriver.md
deleted file mode 100644
index 859c163307..0000000000
--- a/content/en/docs/tasks/debug-application-cluster/events-stackdriver.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-reviewers:
-- piosz
-- x13n
-content_type: concept
-title: Events in Stackdriver
----
-
-<!-- overview -->
-
-Kubernetes events are objects that provide insight into what is happening
-inside a cluster, such as what decisions were made by scheduler or why some
-pods were evicted from the node. You can read more about using events
-for debugging your application in the [Application Introspection and Debugging
-](/docs/tasks/debug-application-cluster/debug-application-introspection/)
-section.
-
-Since events are API objects, they are stored in the apiserver on master. To
-avoid filling up master's disk, a retention policy is enforced: events are
-removed one hour after the last occurrence. To provide longer history
-and aggregation capabilities, a third party solution should be installed
-to capture events.
-
-This article describes a solution that exports Kubernetes events to
-Stackdriver Logging, where they can be processed and analyzed.
-
-{{< note >}}
-It is not guaranteed that all events happening in a cluster will be
-exported to Stackdriver. One possible scenario when events will not be
-exported is when event exporter is not running (e.g. during restart or
-upgrade). In most cases it's fine to use events for purposes like setting up
-[metrics](https://cloud.google.com/logging/docs/logs-based-metrics/) and [alerts](https://cloud.google.com/logging/docs/logs-based-metrics/charts-and-alerts), but you should be aware
-of the potential inaccuracy.
-{{< /note >}}
-
-
-
-
-
-<!-- body -->
-
-## Deployment
-
-### Google Kubernetes Engine
-
-In Google Kubernetes Engine, if cloud logging is enabled, event exporter
-is deployed by default to the clusters with master running version 1.7 and
-higher. To prevent disturbing your workloads, event exporter does not have
-resources set and is in the best effort QOS class, which means that it will
-be the first to be killed in the case of resource starvation. If you want
-your events to be exported, make sure you have enough resources to facilitate
-the event exporter pod. This may vary depending on the workload, but on
-average, approximately 100Mb RAM and 100m CPU is needed.
-
-### Deploying to the Existing Cluster
-
-Deploy event exporter to your cluster using the following command:
-
-```shell
-kubectl apply -f https://k8s.io/examples/debug/event-exporter.yaml
-```
-
-Since event exporter accesses the Kubernetes API, it requires permissions to
-do so. The following deployment is configured to work with RBAC
-authorization. It sets up a service account and a cluster role binding
-to allow event exporter to read events. To make sure that event exporter
-pod will not be evicted from the node, you can additionally set up resource
-requests. As mentioned earlier, 100Mb RAM and 100m CPU should be enough.
-
-{{< codenew file="debug/event-exporter.yaml" >}}
-
-## User Guide
-
-Events are exported to the `GKE Cluster` resource in Stackdriver Logging.
-You can find them by selecting an appropriate option from a drop-down menu
-of available resources:
-
-<img src="/images/docs/stackdriver-event-exporter-resource.png" alt="Events location in the Stackdriver Logging interface" width="500">
-
-You can filter based on the event object fields using Stackdriver Logging
-[filtering mechanism](https://cloud.google.com/logging/docs/view/advanced_filters).
-For example, the following query will show events from the scheduler
-about pods from deployment `nginx-deployment`:
-
-```
-resource.type="gke_cluster"
-jsonPayload.kind="Event"
-jsonPayload.source.component="default-scheduler"
-jsonPayload.involvedObject.name:"nginx-deployment"
-```
-
-{{< figure src="/images/docs/stackdriver-event-exporter-filter.png" alt="Filtered events in the Stackdriver Logging interface" width="500" >}}
-
-
diff --git a/content/en/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana.md b/content/en/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana.md
deleted file mode 100644
index 17e2ac45a2..0000000000
--- a/content/en/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana.md
+++ /dev/null
@@ -1,126 +0,0 @@
----
-reviewers:
-- piosz
-- x13n
-content_type: concept
-title: Logging Using Elasticsearch and Kibana
----
-
-<!-- overview -->
-
-On the Google Compute Engine (GCE) platform, the default logging support targets
-[Stackdriver Logging](https://cloud.google.com/logging/), which is described in detail
-in the [Logging With Stackdriver Logging](/docs/tasks/debug-application-cluster/logging-stackdriver).
-
-This article describes how to set up a cluster to ingest logs into
-[Elasticsearch](https://www.elastic.co/products/elasticsearch) and view
-them using [Kibana](https://www.elastic.co/products/kibana), as an alternative to
-Stackdriver Logging when running on GCE. 
-
-{{< note >}}
-You cannot automatically deploy Elasticsearch and Kibana in the Kubernetes cluster hosted on Google Kubernetes Engine. You have to deploy them manually.
-{{< /note >}}
-
-
-
-<!-- body -->
-
-To use Elasticsearch and Kibana for cluster logging, you should set the
-following environment variable as shown below when creating your cluster with
-kube-up.sh:
-
-```shell
-KUBE_LOGGING_DESTINATION=elasticsearch
-```
-
-You should also ensure that `KUBE_ENABLE_NODE_LOGGING=true` (which is the default for the GCE platform).
-
-Now, when you create a cluster, a message will indicate that the Fluentd log
-collection daemons that run on each node will target Elasticsearch:
-
-```shell
-cluster/kube-up.sh
-```
-```
-...
-Project: kubernetes-satnam
-Zone: us-central1-b
-... calling kube-up
-Project: kubernetes-satnam
-Zone: us-central1-b
-+++ Staging server tars to Google Storage: gs://kubernetes-staging-e6d0e81793/devel
-+++ kubernetes-server-linux-amd64.tar.gz uploaded (sha1 = 6987c098277871b6d69623141276924ab687f89d)
-+++ kubernetes-salt.tar.gz uploaded (sha1 = bdfc83ed6b60fa9e3bff9004b542cfc643464cd0)
-Looking for already existing resources
-Starting master and configuring firewalls
-Created [https://www.googleapis.com/compute/v1/projects/kubernetes-satnam/zones/us-central1-b/disks/kubernetes-master-pd].
-NAME                 ZONE          SIZE_GB TYPE   STATUS
-kubernetes-master-pd us-central1-b 20      pd-ssd READY
-Created [https://www.googleapis.com/compute/v1/projects/kubernetes-satnam/regions/us-central1/addresses/kubernetes-master-ip].
-+++ Logging using Fluentd to elasticsearch
-```
-
-The per-node Fluentd pods, the Elasticsearch pods, and the Kibana pods should
-all be running in the kube-system namespace soon after the cluster comes to
-life.
-
-```shell
-kubectl get pods --namespace=kube-system
-```
-```
-NAME                                           READY     STATUS    RESTARTS   AGE
-elasticsearch-logging-v1-78nog                 1/1       Running   0          2h
-elasticsearch-logging-v1-nj2nb                 1/1       Running   0          2h
-fluentd-elasticsearch-kubernetes-node-5oq0     1/1       Running   0          2h
-fluentd-elasticsearch-kubernetes-node-6896     1/1       Running   0          2h
-fluentd-elasticsearch-kubernetes-node-l1ds     1/1       Running   0          2h
-fluentd-elasticsearch-kubernetes-node-lz9j     1/1       Running   0          2h
-kibana-logging-v1-bhpo8                        1/1       Running   0          2h
-kube-dns-v3-7r1l9                              3/3       Running   0          2h
-monitoring-heapster-v4-yl332                   1/1       Running   1          2h
-monitoring-influx-grafana-v1-o79xf             2/2       Running   0          2h
-```
-
-The `fluentd-elasticsearch` pods gather logs from each node and send them to
-the `elasticsearch-logging` pods, which are part of a
-[service](/docs/concepts/services-networking/service/) named `elasticsearch-logging`. These
-Elasticsearch pods store the logs and expose them via a REST API.
-The `kibana-logging` pod provides a web UI for reading the logs stored in
-Elasticsearch, and is part of a service named `kibana-logging`.
-
-The Elasticsearch and Kibana services are both in the `kube-system` namespace
-and are not directly exposed via a publicly reachable IP address. To reach them,
-follow the instructions for
-[Accessing services running in a cluster](/docs/tasks/access-application-cluster/access-cluster/#accessing-services-running-on-the-cluster).
-
-If you try accessing the `elasticsearch-logging` service in your browser, you'll
-see a status page that looks something like this:
-
-![Elasticsearch Status](/images/docs/es-browser.png)
-
-You can now type Elasticsearch queries directly into the browser, if you'd
-like. See [Elasticsearch's documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html)
-for more details on how to do so.
-
-Alternatively, you can view your cluster's logs using Kibana (again using the
-[instructions for accessing a service running in the cluster](/docs/tasks/access-application-cluster/access-cluster/#accessing-services-running-on-the-cluster)).
-The first time you visit the Kibana URL you will be presented with a page that
-asks you to configure your view of the ingested logs. Select the option for
-timeseries values and select `@timestamp`. On the following page select the
-`Discover` tab and then you should be able to see the ingested logs.
-You can set the refresh interval to 5 seconds to have the logs
-regularly refreshed.
-
-Here is a typical view of ingested logs from the Kibana viewer:
-
-![Kibana logs](/images/docs/kibana-logs.png)
-
-
-
-## {{% heading "whatsnext" %}}
-
-
-Kibana opens up all sorts of powerful options for exploring your logs! For some
-ideas on how to dig into it, check out [Kibana's documentation](https://www.elastic.co/guide/en/kibana/current/discover.html).
-
-
diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md
index 71ca43d530..b48d44a078 100644
--- a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md
+++ b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md
@@ -583,14 +583,13 @@ and can optionally include a custom CA bundle to use to verify the TLS connectio
 The `host` should not refer to a service running in the cluster; use
 a service reference by specifying the `service` field instead.
 The host might be resolved via external DNS in some apiservers
-(i.e., `kube-apiserver` cannot resolve in-cluster DNS as that would 
+(i.e., `kube-apiserver` cannot resolve in-cluster DNS as that would
 be a layering violation). `host` may also be an IP address.
 
 Please note that using `localhost` or `127.0.0.1` as a `host` is
 risky unless you take great care to run this webhook on all hosts
 which run an apiserver which might need to make calls to this
-webhook. Such installs are likely to be non-portable, i.e., not easy
-to turn up in a new cluster.
+webhook. Such installations are likely to be non-portable or not readily run in a new cluster.
 
 The scheme must be "https"; the URL must begin with "https://".
 
diff --git a/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md b/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md
index 1bbb49a256..ce7da0b453 100644
--- a/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md
+++ b/content/en/docs/tasks/job/coarse-parallel-processing-work-queue.md
@@ -35,7 +35,7 @@ non-parallel, use of [Job](/docs/concepts/workloads/controllers/job/).
 
 ## Starting a message queue service
 
-This example uses RabbitMQ, but it should be easy to adapt to another AMQP-type message service.
+This example uses RabbitMQ, however, you can adapt the example to use another AMQP-type message service.
 
 In practice you could set up a message queue service once in a
 cluster and reuse it for many jobs, as well as for long-running services.
diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
index ff51598f79..56a48c8b30 100644
--- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
+++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
@@ -191,7 +191,7 @@ We can create a new autoscaler using `kubectl create` command.
 We can list autoscalers by `kubectl get hpa` and get detailed description by `kubectl describe hpa`.
 Finally, we can delete an autoscaler using `kubectl delete hpa`.
 
-In addition, there is a special `kubectl autoscale` command for easy creation of a Horizontal Pod Autoscaler.
+In addition, there is a special `kubectl autoscale` command for creating a HorizontalPodAutoscaler object.
 For instance, executing `kubectl autoscale rs foo --min=2 --max=5 --cpu-percent=80`
 will create an autoscaler for replication set *foo*, with target CPU utilization set to `80%`
 and the number of replicas between 2 and 5.
@@ -221,9 +221,9 @@ the global HPA settings exposed as flags for the `kube-controller-manager` compo
 Starting from v1.12, a new algorithmic update removes the need for the
 upscale delay.
 
-- `--horizontal-pod-autoscaler-downscale-stabilization`: The value for this option is a
-  duration that specifies how long the autoscaler has to wait before another
-  downscale operation can be performed after the current one has completed.
+- `--horizontal-pod-autoscaler-downscale-stabilization`: Specifies the duration of the
+  downscale stabilization time window. Horizontal Pod Autoscaler remembers
+  the historical recommended sizes and only acts on the largest size within this time window.
   The default value is 5 minutes (`5m0s`).
 
 {{< note >}}
diff --git a/content/en/docs/tutorials/_index.md b/content/en/docs/tutorials/_index.md
index b4f0709a76..630c04f5f6 100644
--- a/content/en/docs/tutorials/_index.md
+++ b/content/en/docs/tutorials/_index.md
@@ -33,7 +33,7 @@ Before walking through each tutorial, you may want to bookmark the
 
 * [Exposing an External IP Address to Access an Application in a Cluster](/docs/tutorials/stateless-application/expose-external-ip-address/)
 
-* [Example: Deploying PHP Guestbook application with Redis](/docs/tutorials/stateless-application/guestbook/)
+* [Example: Deploying PHP Guestbook application with MongoDB](/docs/tutorials/stateless-application/guestbook/)
 
 ## Stateful Applications
 
diff --git a/content/en/docs/tutorials/kubernetes-basics/_index.html b/content/en/docs/tutorials/kubernetes-basics/_index.html
index fe4b7cb9de..afec8f26a8 100644
--- a/content/en/docs/tutorials/kubernetes-basics/_index.html
+++ b/content/en/docs/tutorials/kubernetes-basics/_index.html
@@ -41,7 +41,7 @@ card:
     <div class="row">
       <div class="col-md-9">
         <h2>What can Kubernetes do for you?</h2>
-        <p>With modern web services, users expect applications to be available 24/7, and developers expect to deploy new versions of those applications several times a day. Containerization helps package software to serve these goals, enabling applications to be released and updated in an easy and fast way without downtime. Kubernetes helps you make sure those containerized applications run where and when you want, and helps them find the resources and tools they need to work. Kubernetes is a production-ready, open source platform designed with Google's accumulated experience in container orchestration, combined with best-of-breed ideas from the community.</p>
+        <p>With modern web services, users expect applications to be available 24/7, and developers expect to deploy new versions of those applications several times a day. Containerization helps package software to serve these goals, enabling applications to be released and updated without downtime. Kubernetes helps you make sure those containerized applications run where and when you want, and helps them find the resources and tools they need to work. Kubernetes is a production-ready, open source platform designed with Google's accumulated experience in container orchestration, combined with best-of-breed ideas from the community.</p>
       </div>
     </div>
 
diff --git a/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html b/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html
index c610b6e9f4..1d8a069984 100644
--- a/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html
+++ b/content/en/docs/tutorials/kubernetes-basics/expose/expose-intro.html
@@ -63,13 +63,7 @@ weight: 10
 				<h3>Services and Labels</h3>
 			</div>
 		</div>
-
-		<div class="row">
-			<div class="col-md-8">
-				<p><img src="/docs/tutorials/kubernetes-basics/public/images/module_04_services.svg" width="150%" height="150%"></p>
-			</div>
-		</div>
-
+		
 		<div class="row">
 			<div class="col-md-8">
 				<p>A Service routes traffic across a set of Pods. Services are the abstraction that allow pods to die and replicate in Kubernetes without impacting your application. Discovery and routing among dependent Pods (such as the frontend and backend components in an application) is handled by Kubernetes Services.</p>
diff --git a/content/en/docs/tutorials/kubernetes-basics/public/images/module_04_labels.svg b/content/en/docs/tutorials/kubernetes-basics/public/images/module_04_labels.svg
index 31cd8638a1..781bfa0888 100644
--- a/content/en/docs/tutorials/kubernetes-basics/public/images/module_04_labels.svg
+++ b/content/en/docs/tutorials/kubernetes-basics/public/images/module_04_labels.svg
@@ -1,710 +1,1054 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 394 440.4" style="enable-background:new 0 0 394 440.4;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:#FFFFFF;stroke:#326DE6;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st1{opacity:0.71;fill:#326CE6;}
-	.st2{opacity:0.45;fill:#FFFFFF;}
-	.st3{fill:#FFFFFF;stroke:#006DE9;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st4{fill:#006DE9;}
-	.st5{fill:#A0CAEA;}
-	.st6{fill:#FFFFFF;}
-	.st7{opacity:0.13;}
-	.st8{fill:url(#SVGID_1_);}
-	.st9{fill:url(#SVGID_2_);}
-	.st10{fill:#FFFFFF;stroke:#006DE9;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st11{fill:#FFFFFF;stroke:#006DE9;stroke-width:6;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st12{fill:#FFFFFF;stroke:#326DE6;stroke-width:3.2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st13{fill:#326DE6;}
-	.st14{fill:none;stroke:#326DE6;stroke-width:2.4;stroke-miterlimit:10;}
-	.st15{fill:#A0CAE9;}
-	.st16{fill:#FFFFFF;stroke:#326DE6;stroke-width:1.6;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st17{fill:#FFFFFF;stroke:#326DE6;stroke-width:1.6;stroke-miterlimit:10;}
-	.st18{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
-	.st19{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3749,1.5832;}
-	.st20{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4006,1.6004;}
-	.st21{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st22{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st23{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3975,1.5984;}
-	.st24{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.395,1.5966;}
-	.st25{fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.3963,1.5976;}
-	.st26{opacity:0.1;fill:#EEF406;}
-	.st27{opacity:2.000000e-02;fill:#EEF406;}
-	.st28{opacity:0.1;fill:#06F7C9;}
-	.st29{fill:none;stroke:#006DE9;stroke-width:0.8;stroke-miterlimit:10;}
-	.st30{opacity:0.1;fill:url(#SVGID_3_);}
-	.st31{opacity:0.1;fill:url(#SVGID_4_);}
-	.st32{opacity:0.1;fill:url(#SVGID_5_);}
-	.st33{opacity:0.1;fill:url(#SVGID_6_);}
-	.st34{fill:none;stroke:#326DE6;stroke-width:1.2;stroke-miterlimit:10;}
-	.st35{opacity:0.1;fill:url(#SVGID_7_);}
-	.st36{opacity:0.1;fill:url(#SVGID_8_);}
-	.st37{opacity:0.1;fill:url(#SVGID_9_);}
-	.st38{opacity:0.1;fill:url(#SVGID_10_);}
-	.st39{fill:none;stroke:#326DE6;stroke-width:2;stroke-miterlimit:10;}
-	.st40{opacity:0.4;fill:none;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st41{fill:none;stroke:#EEF406;stroke-width:2.4596;stroke-miterlimit:10;}
-	.st42{fill:#011F38;}
-	.st43{opacity:0.4;}
-	.st44{opacity:0.1;}
-	.st45{fill:#326DE6;stroke:#EEF406;stroke-width:2;stroke-miterlimit:10;}
-	.st46{fill:none;stroke:#FFFFFF;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
-	.st47{fill:#06F7C9;stroke:#FFFFFF;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st48{fill:none;stroke:#011F38;stroke-width:1.2;stroke-linecap:round;stroke-linejoin:round;}
-	.st49{fill:#326DE6;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;}
-	.st50{fill:#06F7C9;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st51{fill:#8115FF;stroke:#011F38;stroke-width:0.8;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st52{opacity:0.3;}
-	.st53{opacity:0.2;fill:#6D6E71;}
-	.st54{fill:#EEF406;}
-	.st55{fill:#06F7C9;}
-	.st56{fill:#FFFFFF;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st57{fill:#FFFFFF;stroke:#EEF406;stroke-width:1.6;stroke-miterlimit:10;stroke-dasharray:2.4,1.6;}
-	.st58{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.4938,1.6626;}
-	.st59{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.0084,1.3389;}
-	.st60{fill:none;stroke:#06F7C9;stroke-width:2;stroke-miterlimit:10;stroke-dasharray:2.724,1.816;}
-	.st61{fill:#011F38;stroke:#414042;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st62{fill:none;stroke:#011F38;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-	.st63{fill:none;stroke:#011F38;stroke-width:0.2813;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-</style>
-<symbol  id="node_high_level" viewBox="-81 -93 162 186.1">
-	<polygon class="st0" points="-80,-46 -80,46 0,92 80,46 80,-46 0,-92 	"/>
-	<g id="Isolation_Mode_3_">
-	</g>
-</symbol>
-<symbol  id="node_x5F_empty" viewBox="-87.5 -100.6 175.1 201.1">
-	
-		<use xlink:href="#node_high_level"  width="162" height="186.1" id="XMLID_201_" x="-81" y="-93" transform="matrix(1.0808 0 0 1.0808 -3.292006e-05 -3.749943e-05)" style="overflow:visible;"/>
-	<g>
-		<polygon class="st1" points="76.8,-28.1 -14,-80.3 0,-88.3 76.7,-44.4 		"/>
-		<polygon class="st2" points="76.8,-28.1 32.1,-53.8 38.8,-66.1 76.7,-44.4 		"/>
-	</g>
-</symbol>
-<symbol  id="node_x5F_new" viewBox="-87.6 -101 175.2 202">
-	<polygon class="st3" points="0,-100 -86.6,-50 -86.6,50 0,100 86.6,50 86.6,-50 	"/>
-	<polygon class="st4" points="-86.6,-20.2 -86.6,-50 0,-100 25.8,-85.1 	"/>
-	<polygon class="st5" points="-40.8,-70.7 -32.9,-57 15.7,-85.1 0,-94.3 	"/>
-	
-		<text transform="matrix(0.866 -0.5 -0.5 -0.866 -33.9256 -70.7388)" class="st6" style="font-family:'RobotoSlab-Regular'; font-size:11.3632px;">Docker</text>
-	
-		<text transform="matrix(0.866 -0.5 -0.5 -0.866 -76.0668 -46.4087)" class="st6" style="font-family:'RobotoSlab-Regular'; font-size:11.3632px;">Kubelt</text>
-</symbol>
-<g id="CLUSTER">
-</g>
-<g id="master">
-	<g id="master_x5F_level1">
-	</g>
-	<polygon class="st12" points="130.9,265.9 106.7,235.6 115.3,197.8 150.2,181 185.1,197.8 193.8,235.6 169.6,265.9 	"/>
-</g>
-<g id="Node">
-	<g id="Node_x5F_level3_x5F_1">
-		<g id="Isolation_Mode">
-		</g>
-	</g>
-	<g>
-		<polygon class="st17" points="213.8,179.8 155.7,146.2 155.7,79.1 213.8,45.6 271.9,79.1 271.9,146.2 		"/>
-	</g>
-	<g>
-		<polygon class="st17" points="86.6,179.7 28.6,146.1 28.6,79.1 86.6,45.5 144.7,79.1 144.7,146.1 		"/>
-	</g>
-	<g>
-		<polygon class="st17" points="86.6,401.4 28.6,367.9 28.6,300.8 86.6,267.2 144.7,300.8 144.7,367.9 		"/>
-	</g>
-</g>
-<g id="service">
-	<g>
-		<g>
-			<path class="st18" d="M85.4,154.7c0.4,0,0.8,0,1.2,0h1.2"/>
-			<line class="st19" x1="89.4" y1="154.7" x2="235.1" y2="154.7"/>
-			<path class="st18" d="M235.9,154.7h1.2c0.4,0,0.8,0,1.2,0"/>
-			<path class="st20" d="M239.9,154.7c24.1-1.5,43.3-21.5,43.3-46c0-25.4-20.7-46.1-46.1-46.1H86.6c-25.4,0-46.1,20.7-46.1,46.1
-				c0,24.8,19.6,45,44.1,46.1"/>
-		</g>
-	</g>
-	<path class="st21" d="M86,384.5c-25.4,0-46.1-20.7-46.1-46.1c0-25.4,20.7-46.1,46.1-46.1s46.1,20.7,46.1,46.1
-		C132.1,363.8,111.4,384.5,86,384.5z"/>
-</g>
-<g id="pods">
-	<circle class="st26" cx="86" cy="338.3" r="34.1"/>
-	<circle class="st22" cx="86" cy="338.3" r="34.1"/>
-	<circle class="st28" cx="190.6" cy="108.6" r="20.5"/>
-	<circle class="st28" cx="237.1" cy="108.6" r="20.5"/>
-	<circle class="st28" cx="86.6" cy="108.6" r="34.1"/>
-	<circle class="st18" cx="190.6" cy="108.6" r="20.5"/>
-	<circle class="st18" cx="237.1" cy="108.6" r="20.5"/>
-	<circle class="st18" cx="86.6" cy="108.6" r="34.1"/>
-</g>
-<g id="IP">
-	<g>
-		<path class="st42" d="M171.6,95.3l0.5-0.8l-3.4-2.6l-0.5,0.9l-0.2-0.2l0.6-1.3l3.8,2.9l0.6-0.7l0.2,0.2l-1.4,1.8L171.6,95.3z"/>
-		<path class="st42" d="M174.5,89.6c0.5,0.5,0.7,0.9,0.8,1.4s-0.1,0.8-0.5,1.2c-0.4,0.3-0.8,0.5-1.2,0.4s-0.9-0.3-1.4-0.8l-0.8-0.8
-			c-0.5-0.5-0.7-0.9-0.8-1.4c0-0.5,0.1-0.9,0.5-1.2c0.4-0.3,0.8-0.5,1.2-0.4s0.9,0.3,1.4,0.8L174.5,89.6z M173.3,89
-			c-0.4-0.4-0.7-0.6-1.1-0.7c-0.3-0.1-0.6,0-0.9,0.3c-0.3,0.3-0.4,0.6-0.3,0.9s0.3,0.7,0.6,1.1l0.9,0.9c0.4,0.4,0.7,0.6,1.1,0.7
-			c0.3,0.1,0.7,0,0.9-0.3c0.3-0.3,0.4-0.6,0.3-0.9c-0.1-0.3-0.3-0.7-0.6-1.1L173.3,89z"/>
-		<path class="st42" d="M176.9,90.3l-0.4,0.3l-0.3-0.5l0.4-0.3L176.9,90.3z"/>
-		<path class="st42" d="M177.5,89.4l0.8-0.5l-2.3-3.7l-0.8,0.7l-0.2-0.3l1.1-1l2.5,4.1l0.8-0.4l0.2,0.3l-1.9,1.2L177.5,89.4z"/>
-		<path class="st42" d="M182.1,85.2c0.3,0.6,0.3,1.1,0.2,1.6s-0.4,0.8-0.9,1c-0.5,0.2-0.9,0.2-1.3,0s-0.7-0.6-1-1.2l-0.5-1
-			c-0.3-0.6-0.3-1.1-0.2-1.6c0.1-0.4,0.4-0.8,0.9-1c0.5-0.2,0.9-0.2,1.3,0c0.4,0.2,0.7,0.6,1,1.2L182.1,85.2z M181.3,84.2
-			c-0.2-0.5-0.5-0.8-0.8-1c-0.3-0.2-0.6-0.2-1,0c-0.3,0.2-0.6,0.4-0.6,0.7c-0.1,0.3,0,0.7,0.2,1.2l0.5,1.2c0.2,0.5,0.5,0.8,0.8,1
-			c0.3,0.2,0.6,0.2,1,0c0.3-0.2,0.6-0.4,0.6-0.7c0.1-0.3,0-0.8-0.2-1.2L181.3,84.2z"/>
-		<path class="st42" d="M184.2,86.6l-0.5,0.1l-0.2-0.6l0.5-0.1L184.2,86.6z"/>
-		<path class="st42" d="M185,86.1l0.9-0.2l-0.8-4.2l-1,0.3l-0.1-0.3l1.3-0.6l0.9,4.7l0.9-0.1l0.1,0.3l-2.2,0.4L185,86.1z"/>
-		<path class="st42" d="M190.9,83.7c0,0.7-0.1,1.2-0.3,1.5c-0.3,0.4-0.6,0.6-1.1,0.6c-0.5,0-0.9-0.1-1.2-0.5
-			c-0.3-0.3-0.5-0.8-0.5-1.5l-0.1-1.1c0-0.7,0.1-1.2,0.3-1.5c0.3-0.4,0.6-0.6,1.1-0.6c0.5,0,0.9,0.1,1.2,0.5s0.5,0.8,0.5,1.5
-			L190.9,83.7z M190.4,82.5c0-0.5-0.1-0.9-0.4-1.2c-0.2-0.3-0.5-0.4-0.9-0.4c-0.4,0-0.7,0.2-0.8,0.5c-0.2,0.3-0.3,0.7-0.2,1.2
-			l0.1,1.3c0,0.5,0.1,0.9,0.4,1.2s0.5,0.4,0.9,0.4c0.4,0,0.7-0.2,0.8-0.5c0.2-0.3,0.3-0.7,0.2-1.2L190.4,82.5z"/>
-		<path class="st42" d="M192.3,85.8l-0.5,0l0-0.6l0.5,0L192.3,85.8z"/>
-		<path class="st42" d="M196.1,84.7l0.8,0.1l-0.1,0.3l-0.8-0.1l-0.2,0.9l0.6,0.2l-0.1,0.3l-1.5-0.3l0.1-0.3l0.6,0.1l0.2-0.9
-			l-2.4-0.4l0-0.2l3-3.1l0.5,0.1L196.1,84.7z M193.9,84.3l1.9,0.4l0.5-2.9l0,0l-0.2,0.3L193.9,84.3z"/>
-	</g>
-	<g>
-		<path class="st42" d="M218.1,95.3l0.5-0.8l-3.4-2.6l-0.5,0.9l-0.2-0.2l0.6-1.3l3.8,2.9l0.6-0.7l0.2,0.2l-1.4,1.8L218.1,95.3z"/>
-		<path class="st42" d="M221,89.6c0.5,0.5,0.7,0.9,0.8,1.4s-0.1,0.8-0.5,1.2c-0.4,0.3-0.8,0.5-1.2,0.4s-0.9-0.3-1.4-0.8l-0.8-0.8
-			c-0.5-0.5-0.7-0.9-0.8-1.4c0-0.5,0.1-0.9,0.5-1.2c0.4-0.3,0.8-0.5,1.2-0.4s0.9,0.3,1.4,0.8L221,89.6z M219.8,89
-			c-0.4-0.4-0.7-0.6-1.1-0.7c-0.3-0.1-0.6,0-0.9,0.3c-0.3,0.3-0.4,0.6-0.3,0.9s0.3,0.7,0.6,1.1l0.9,0.9c0.4,0.4,0.7,0.6,1.1,0.7
-			c0.3,0.1,0.7,0,0.9-0.3c0.3-0.3,0.4-0.6,0.3-0.9c-0.1-0.3-0.3-0.7-0.6-1.1L219.8,89z"/>
-		<path class="st42" d="M223.4,90.3l-0.4,0.3l-0.3-0.5l0.4-0.3L223.4,90.3z"/>
-		<path class="st42" d="M224,89.4l0.8-0.5l-2.3-3.7l-0.8,0.7l-0.2-0.3l1.1-1l2.5,4.1l0.8-0.4l0.2,0.3l-1.9,1.2L224,89.4z"/>
-		<path class="st42" d="M228.6,85.2c0.3,0.6,0.3,1.1,0.2,1.6s-0.4,0.8-0.9,1c-0.5,0.2-0.9,0.2-1.3,0s-0.7-0.6-1-1.2l-0.5-1
-			c-0.3-0.6-0.3-1.1-0.2-1.6c0.1-0.4,0.4-0.8,0.9-1c0.5-0.2,0.9-0.2,1.3,0c0.4,0.2,0.7,0.6,1,1.2L228.6,85.2z M227.8,84.2
-			c-0.2-0.5-0.5-0.8-0.8-1c-0.3-0.2-0.6-0.2-1,0c-0.3,0.2-0.6,0.4-0.6,0.7c-0.1,0.3,0,0.7,0.2,1.2l0.5,1.2c0.2,0.5,0.5,0.8,0.8,1
-			c0.3,0.2,0.6,0.2,1,0c0.3-0.2,0.6-0.4,0.6-0.7c0.1-0.3,0-0.8-0.2-1.2L227.8,84.2z"/>
-		<path class="st42" d="M230.7,86.6l-0.5,0.1l-0.2-0.6l0.5-0.1L230.7,86.6z"/>
-		<path class="st42" d="M231.6,86.1l0.9-0.2l-0.8-4.2l-1,0.3l-0.1-0.3l1.3-0.6l0.9,4.7l0.9-0.1l0.1,0.3l-2.2,0.4L231.6,86.1z"/>
-		<path class="st42" d="M237.4,83.7c0,0.7-0.1,1.2-0.3,1.5c-0.3,0.4-0.6,0.6-1.1,0.6c-0.5,0-0.9-0.1-1.2-0.5
-			c-0.3-0.3-0.5-0.8-0.5-1.5l-0.1-1.1c0-0.7,0.1-1.2,0.3-1.5c0.3-0.4,0.6-0.6,1.1-0.6c0.5,0,0.9,0.1,1.2,0.5s0.5,0.8,0.5,1.5
-			L237.4,83.7z M236.9,82.5c0-0.5-0.1-0.9-0.4-1.2c-0.2-0.3-0.5-0.4-0.9-0.4c-0.4,0-0.7,0.2-0.8,0.5c-0.2,0.3-0.3,0.7-0.2,1.2
-			l0.1,1.3c0,0.5,0.1,0.9,0.4,1.2s0.5,0.4,0.9,0.4c0.4,0,0.7-0.2,0.8-0.5c0.2-0.3,0.3-0.7,0.2-1.2L236.9,82.5z"/>
-		<path class="st42" d="M238.8,85.8l-0.5,0l0-0.6l0.5,0L238.8,85.8z"/>
-		<path class="st42" d="M241.1,83.2l0.5,0.1c0.4,0.1,0.7,0,0.9-0.1s0.4-0.4,0.4-0.7c0.1-0.3,0-0.6-0.1-0.8c-0.1-0.2-0.4-0.4-0.7-0.4
-			c-0.3-0.1-0.6,0-0.8,0.1s-0.4,0.4-0.4,0.7l-0.4-0.1l0,0c0.1-0.4,0.3-0.7,0.6-0.9c0.3-0.2,0.7-0.3,1.2-0.2c0.4,0.1,0.8,0.3,1,0.6
-			c0.2,0.3,0.3,0.7,0.2,1.1c0,0.2-0.2,0.4-0.3,0.6c-0.2,0.2-0.4,0.3-0.7,0.4c0.3,0.1,0.5,0.3,0.6,0.6c0.1,0.2,0.1,0.5,0.1,0.8
-			c-0.1,0.4-0.3,0.8-0.6,1c-0.3,0.2-0.7,0.3-1.2,0.2c-0.4-0.1-0.8-0.3-1.1-0.6c-0.3-0.3-0.4-0.7-0.3-1.1l0,0l0.4,0.1
-			c-0.1,0.3,0,0.6,0.2,0.8c0.2,0.2,0.5,0.4,0.8,0.5c0.4,0.1,0.7,0,0.9-0.1c0.2-0.1,0.4-0.4,0.4-0.7c0.1-0.4,0-0.6-0.2-0.8
-			c-0.2-0.2-0.5-0.3-0.9-0.4l-0.5-0.1L241.1,83.2z"/>
-	</g>
-	<g>
-		<path class="st42" d="M53.2,93.2l0.4-0.8l-3.9-1.9l-0.3,1l-0.3-0.1l0.4-1.4l4.3,2.1l0.5-0.8l0.3,0.1l-1,2L53.2,93.2z"/>
-		<path class="st42" d="M54.7,87c0.6,0.3,0.9,0.7,1.1,1.2c0.2,0.4,0.1,0.9-0.2,1.3c-0.3,0.4-0.6,0.7-1.1,0.7c-0.5,0.1-1-0.1-1.5-0.4
-			l-1-0.6c-0.6-0.3-0.9-0.7-1.1-1.2c-0.2-0.4-0.1-0.9,0.2-1.3c0.3-0.4,0.6-0.7,1.1-0.7c0.5-0.1,1,0.1,1.5,0.4L54.7,87z M53.5,86.7
-			c-0.4-0.3-0.8-0.4-1.2-0.4c-0.3,0-0.6,0.2-0.8,0.5c-0.2,0.3-0.2,0.6-0.1,1c0.1,0.3,0.4,0.6,0.9,0.9l1.1,0.7
-			c0.4,0.3,0.8,0.4,1.2,0.4c0.4,0,0.6-0.2,0.8-0.5c0.2-0.3,0.2-0.6,0.1-1c-0.1-0.3-0.4-0.6-0.9-0.9L53.5,86.7z"/>
-		<path class="st42" d="M57.2,87l-0.3,0.4L56.5,87l0.3-0.4L57.2,87z"/>
-		<path class="st42" d="M57.6,86l0.5-0.7l-3.3-2.7l-0.5,0.9L54,83.2l0.7-1.3l3.7,3l0.6-0.7l0.2,0.2l-1.4,1.7L57.6,86z"/>
-		<path class="st42" d="M60.5,80.3c0.5,0.5,0.7,0.9,0.8,1.4c0.1,0.4-0.1,0.9-0.4,1.2c-0.3,0.4-0.8,0.5-1.2,0.5
-			c-0.5-0.1-0.9-0.3-1.4-0.8l-0.8-0.8c-0.5-0.5-0.7-0.9-0.8-1.4c-0.1-0.5,0.1-0.9,0.4-1.2c0.4-0.4,0.8-0.5,1.2-0.5
-			c0.5,0.1,0.9,0.3,1.4,0.8L60.5,80.3z M59.3,79.8c-0.4-0.4-0.7-0.6-1.1-0.6c-0.3-0.1-0.6,0.1-0.9,0.3C57,79.7,56.9,80,57,80.4
-			c0.1,0.3,0.3,0.7,0.6,1.1l0.9,0.9c0.4,0.4,0.7,0.6,1.1,0.6c0.3,0.1,0.7,0,0.9-0.3c0.3-0.3,0.4-0.6,0.3-0.9
-			c-0.1-0.3-0.3-0.7-0.6-1.1L59.3,79.8z"/>
-		<path class="st42" d="M62.9,80.9l-0.4,0.3l-0.4-0.4l0.4-0.3L62.9,80.9z"/>
-		<path class="st42" d="M63.5,80l0.7-0.6L61.5,76l-0.7,0.7l-0.2-0.2l0.9-1.1l2.9,3.8l0.8-0.5l0.2,0.2l-1.8,1.4L63.5,80z"/>
-		<path class="st42" d="M67.5,75.1c0.4,0.6,0.5,1.1,0.5,1.5c0,0.5-0.3,0.8-0.7,1.1C66.9,78,66.4,78,66,77.9
-			c-0.4-0.2-0.8-0.5-1.2-1.1l-0.6-1c-0.4-0.6-0.5-1.1-0.5-1.5s0.3-0.8,0.7-1.1c0.4-0.3,0.8-0.3,1.3-0.2c0.4,0.2,0.8,0.5,1.2,1.1
-			L67.5,75.1z M66.5,74.3c-0.3-0.4-0.6-0.7-0.9-0.9c-0.3-0.1-0.6-0.1-1,0.1c-0.3,0.2-0.5,0.5-0.5,0.8c0,0.3,0.1,0.7,0.4,1.2l0.7,1.1
-			c0.3,0.4,0.6,0.7,0.9,0.9c0.3,0.1,0.6,0.1,1-0.1c0.3-0.2,0.5-0.5,0.5-0.8c0-0.3-0.1-0.7-0.4-1.2L66.5,74.3z"/>
-		<path class="st42" d="M69.8,76.2l-0.4,0.2l-0.3-0.5l0.4-0.2L69.8,76.2z"/>
-		<path class="st42" d="M70.6,75.7l-0.1-0.3l0.8-2.4c0.1-0.4,0.2-0.8,0.3-1.1c0-0.3,0-0.5-0.1-0.7c-0.1-0.3-0.3-0.5-0.6-0.6
-			c-0.2-0.1-0.5-0.1-0.8,0c-0.4,0.2-0.6,0.4-0.7,0.7c-0.1,0.3-0.1,0.6,0.1,0.9l-0.4,0.2l0,0c-0.2-0.4-0.2-0.8-0.1-1.2
-			c0.1-0.4,0.4-0.7,0.9-0.9c0.4-0.2,0.8-0.2,1.1-0.1s0.6,0.4,0.8,0.8c0.1,0.3,0.1,0.6,0.1,0.9c0,0.3-0.1,0.7-0.3,1.2l-0.7,2l0,0
-			l2-0.9l-0.3-0.7l0.3-0.1l0.4,1L70.6,75.7z"/>
-	</g>
-	<g>
-		<path class="st42" d="M52.5,322.9l0.4-0.8l-3.9-1.9l-0.3,1l-0.3-0.1l0.4-1.4l4.3,2.1l0.5-0.8l0.3,0.1l-1,2L52.5,322.9z"/>
-		<path class="st42" d="M54.1,316.7c0.6,0.3,0.9,0.7,1.1,1.2s0.1,0.9-0.2,1.3c-0.3,0.4-0.6,0.7-1.1,0.7c-0.5,0.1-1-0.1-1.5-0.4
-			l-1-0.6c-0.6-0.3-0.9-0.7-1.1-1.2c-0.2-0.4-0.1-0.9,0.2-1.3c0.3-0.4,0.6-0.7,1.1-0.7c0.5-0.1,1,0.1,1.5,0.4L54.1,316.7z
-			 M52.8,316.5c-0.4-0.3-0.8-0.4-1.2-0.4s-0.6,0.2-0.8,0.5c-0.2,0.3-0.2,0.6-0.1,1c0.1,0.3,0.4,0.6,0.9,0.9l1.1,0.7
-			c0.4,0.3,0.8,0.4,1.2,0.4c0.4,0,0.6-0.2,0.8-0.5c0.2-0.3,0.2-0.6,0.1-1c-0.1-0.3-0.4-0.6-0.9-0.9L52.8,316.5z"/>
-		<path class="st42" d="M56.6,316.7l-0.3,0.4l-0.5-0.3l0.3-0.4L56.6,316.7z"/>
-		<path class="st42" d="M56.9,315.7l0.5-0.7l-3.3-2.7l-0.5,0.9l-0.2-0.2l0.7-1.3l3.7,3l0.6-0.7l0.2,0.2l-1.4,1.7L56.9,315.7z"/>
-		<path class="st42" d="M59.8,310.1c0.5,0.5,0.7,0.9,0.8,1.4c0.1,0.5-0.1,0.9-0.4,1.2c-0.3,0.4-0.8,0.5-1.2,0.5
-			c-0.5-0.1-0.9-0.3-1.4-0.8l-0.8-0.8c-0.5-0.5-0.7-0.9-0.8-1.4c-0.1-0.5,0.1-0.9,0.4-1.2c0.4-0.4,0.8-0.5,1.2-0.5
-			c0.5,0.1,0.9,0.3,1.4,0.8L59.8,310.1z M58.7,309.5c-0.4-0.4-0.7-0.6-1.1-0.6c-0.3-0.1-0.6,0-0.9,0.3c-0.3,0.3-0.4,0.6-0.3,0.9
-			c0.1,0.3,0.3,0.7,0.6,1.1l0.9,0.9c0.4,0.4,0.7,0.6,1.1,0.6c0.3,0.1,0.7,0,0.9-0.3c0.3-0.3,0.4-0.6,0.3-0.9s-0.3-0.7-0.6-1.1
-			L58.7,309.5z"/>
-		<path class="st42" d="M62.3,310.6l-0.4,0.3l-0.4-0.4l0.4-0.3L62.3,310.6z"/>
-		<path class="st42" d="M62.8,309.7l0.7-0.6l-2.6-3.4l-0.7,0.7l-0.2-0.2l0.9-1.1l2.9,3.8l0.8-0.5l0.2,0.2L63,310L62.8,309.7z"/>
-		<path class="st42" d="M66.9,304.9c0.4,0.6,0.5,1.1,0.5,1.5c0,0.5-0.3,0.8-0.7,1.1c-0.4,0.3-0.8,0.3-1.3,0.2
-			c-0.4-0.2-0.8-0.5-1.2-1.1l-0.6-1c-0.4-0.6-0.5-1.1-0.5-1.5c0-0.5,0.3-0.8,0.7-1.1c0.4-0.3,0.8-0.3,1.3-0.2
-			c0.4,0.2,0.8,0.5,1.2,1.1L66.9,304.9z M65.9,304.1c-0.3-0.4-0.6-0.7-0.9-0.9c-0.3-0.1-0.6-0.1-1,0.1c-0.3,0.2-0.5,0.5-0.5,0.8
-			c0,0.3,0.1,0.7,0.4,1.2l0.7,1.1c0.3,0.4,0.6,0.7,0.9,0.9s0.6,0.1,1-0.1c0.3-0.2,0.5-0.5,0.5-0.8c0-0.3-0.1-0.7-0.4-1.2L65.9,304.1
-			z"/>
-		<path class="st42" d="M69.2,305.9l-0.4,0.2l-0.3-0.5l0.4-0.2L69.2,305.9z"/>
-		<path class="st42" d="M69.9,305.2l0.8-0.4l-1.8-3.9l-0.9,0.5l-0.1-0.3l1.2-0.9l2,4.4l0.9-0.3l0.1,0.3l-2.1,0.9L69.9,305.2z"/>
-	</g>
-	<g>
-		<path class="st42" d="M38.2,313.2l-0.4,0.9l-0.9-0.2c-0.1,0.1-0.3,0.2-0.4,0.4c-0.1,0.2-0.3,0.4-0.4,0.6c-0.2,0.3-0.2,0.6-0.2,0.9
-			c0.1,0.3,0.2,0.4,0.4,0.5c0.2,0.1,0.4,0.1,0.7,0s0.5-0.4,0.9-0.8c0.5-0.6,1-1,1.5-1.2s1-0.2,1.5,0c0.5,0.2,0.8,0.7,1,1.2
-			c0.1,0.6,0,1.2-0.3,1.9c-0.2,0.5-0.5,0.9-0.9,1.2s-0.7,0.5-1.1,0.7l-1.3-0.6l0.5-1l0.9,0.3c0.2-0.1,0.3-0.2,0.5-0.4
-			s0.3-0.4,0.4-0.7c0.2-0.3,0.2-0.6,0.2-0.9c-0.1-0.2-0.2-0.4-0.4-0.5c-0.2-0.1-0.5-0.1-0.7,0c-0.2,0.1-0.5,0.3-0.8,0.7
-			c-0.6,0.6-1.1,1.1-1.5,1.3s-1,0.2-1.5,0c-0.5-0.2-0.8-0.6-0.9-1.2c-0.1-0.6,0-1.2,0.3-1.8c0.2-0.5,0.5-0.9,0.8-1.2
-			c0.3-0.3,0.7-0.6,1-0.7L38.2,313.2z"/>
-		<path class="st42" d="M44,312.7c-0.4,0.6-0.9,1-1.5,1.1c-0.6,0.1-1.2,0-1.9-0.4l-0.2-0.1c-0.6-0.4-1.1-0.9-1.3-1.5
-			c-0.2-0.6-0.1-1.2,0.2-1.8c0.4-0.6,0.8-0.9,1.4-1s1.1,0,1.7,0.4l0.6,0.4l-1.6,2.6l0,0c0.3,0.2,0.6,0.2,0.9,0.1s0.5-0.2,0.7-0.5
-			c0.2-0.3,0.3-0.5,0.3-0.7s0.1-0.4,0.1-0.7l0.9,0.1c0,0.3,0,0.6-0.1,0.9C44.4,312,44.2,312.3,44,312.7z M40.3,310.6
-			c-0.1,0.2-0.2,0.4-0.1,0.7s0.3,0.4,0.5,0.6l0,0l0.9-1.4l-0.1-0.1c-0.2-0.2-0.5-0.2-0.7-0.2C40.7,310.2,40.5,310.4,40.3,310.6z"/>
-		<path class="st42" d="M44.7,309.9l0.3-0.6l-2.5-1.9l-0.5,0.5l-0.7-0.5l1.2-1.6l0.6,0.4c-0.1-0.3-0.2-0.5-0.2-0.7s0.1-0.5,0.2-0.7
-			c0-0.1,0.1-0.1,0.1-0.2c0.1-0.1,0.1-0.1,0.2-0.1l0.9,0.9l-0.3,0.4c-0.1,0.2-0.2,0.3-0.2,0.5c0,0.2,0,0.3,0.1,0.4l2,1.5l0.5-0.4
-			l0.7,0.5l-1.6,2.2L44.7,309.9z"/>
-		<path class="st42" d="M45.9,302.8l-0.3,0.4l2.1,1l0.4,0.3l0,0l-0.3-0.4l-1.2-2l-0.4,0.3l-0.6-0.6l1.5-1.7l0.6,0.5l-0.2,0.4
-			l2.1,3.9l-0.9,1l-4.1-1.7l-0.3,0.3l-0.6-0.6l1.5-1.7L45.9,302.8z"/>
-		<path class="st42" d="M48.4,297.4l-1,0.9l-0.7-0.7l1-0.9L48.4,297.4z M50.6,302.8l0.4-0.6l-2.2-2.3l-0.6,0.4l-0.6-0.6l1.5-1.4
-			l2.8,3l0.6-0.3l0.6,0.6l-2,1.8L50.6,302.8z"/>
-		<path class="st42" d="M54.7,299c0.2-0.2,0.3-0.3,0.3-0.5c0-0.2,0-0.4-0.2-0.6l1-0.8l0,0c0.3,0.4,0.5,0.8,0.4,1.4
-			c-0.1,0.5-0.4,1-0.8,1.3c-0.6,0.5-1.2,0.7-1.8,0.5c-0.6-0.1-1.2-0.5-1.6-1.1l-0.1-0.1c-0.5-0.6-0.7-1.2-0.7-1.8
-			c0-0.6,0.3-1.2,0.9-1.7c0.3-0.3,0.6-0.4,1-0.5c0.3-0.1,0.6-0.1,1-0.1l0.9,1l-0.9,0.7l-0.7-0.5c-0.1,0-0.2,0-0.3,0
-			s-0.2,0.1-0.3,0.2c-0.3,0.2-0.4,0.5-0.4,0.8c0.1,0.3,0.2,0.7,0.5,1l0.1,0.1c0.3,0.4,0.6,0.6,0.9,0.7
-			C54.1,299.3,54.4,299.3,54.7,299z"/>
-		<path class="st42" d="M59.3,297c-0.6,0.4-1.2,0.5-1.9,0.4s-1.1-0.5-1.5-1.1l-0.1-0.2c-0.4-0.6-0.6-1.3-0.5-1.9s0.4-1.1,1-1.5
-			c0.6-0.4,1.1-0.5,1.7-0.4c0.5,0.1,1,0.5,1.4,1.1l0.4,0.6l-2.5,1.7l0,0c0.2,0.3,0.4,0.4,0.7,0.5s0.6,0,0.9-0.2
-			c0.3-0.2,0.4-0.3,0.6-0.5c0.1-0.2,0.3-0.4,0.4-0.6l0.8,0.5c-0.1,0.3-0.2,0.5-0.5,0.8C59.9,296.5,59.6,296.8,59.3,297z M56.9,293.5
-			c-0.2,0.1-0.3,0.3-0.3,0.6c0,0.2,0,0.5,0.2,0.8l0,0l1.4-0.9l-0.1-0.1c-0.2-0.2-0.3-0.4-0.6-0.5C57.3,293.4,57.1,293.4,56.9,293.5z
-			"/>
-		<path class="st42" d="M62.9,293.7l0.4-0.3l-0.5-6.3l1.3-0.6l4.3,4.6l0.5-0.1l0.3,0.8l-2.1,0.9l-0.3-0.8l0.4-0.3l-0.7-0.7l-2,0.9
-			l0.1,1l0.5-0.1l0.3,0.8l-2.1,0.9L62.9,293.7z M64.3,290.9l1.4-0.6l-1.7-1.9l0,0L64.3,290.9z"/>
-		<path class="st42" d="M73.7,289.7l1.1-0.4l-1-4.5l-1.1,0.2l-0.2-0.8l2.4-1l1.2,5.7l1.2-0.1l0.2,0.8l-3.6,0.8L73.7,289.7z"/>
-		<path class="st42" d="M82.3,286.4c0.1,0.9,0,1.6-0.4,2.1c-0.4,0.5-0.9,0.8-1.6,0.9c-0.7,0.1-1.3-0.1-1.8-0.5
-			c-0.5-0.4-0.8-1.1-0.9-2l-0.2-1.5c-0.1-0.9,0-1.6,0.4-2.1c0.4-0.5,0.9-0.8,1.6-0.9c0.7-0.1,1.3,0.1,1.8,0.5c0.5,0.4,0.8,1.1,0.9,2
-			L82.3,286.4z M80.8,284.9c-0.1-0.5-0.2-0.9-0.4-1.2s-0.4-0.3-0.7-0.3c-0.3,0-0.5,0.2-0.7,0.5s-0.2,0.7-0.1,1.2l0.2,1.8
-			c0.1,0.5,0.2,0.9,0.4,1.2c0.2,0.2,0.4,0.3,0.7,0.3c0.3,0,0.5-0.2,0.7-0.5s0.2-0.7,0.1-1.2L80.8,284.9z"/>
-		<path class="st42" d="M84.9,289l-1.4,0.1l0-1.2l1.4-0.1L84.9,289z"/>
-		<path class="st42" d="M85.6,288.2l1.2-0.1l0.1-4.6l-1.2,0l0-0.8l2.5-0.4l-0.2,5.9l1.1,0.2l0,0.8l-3.7-0.1L85.6,288.2z"/>
-		<path class="st42" d="M94.7,287c-0.1,0.9-0.4,1.6-0.9,2c-0.5,0.4-1.1,0.6-1.8,0.5c-0.7-0.1-1.2-0.4-1.6-0.9s-0.5-1.2-0.4-2.1
-			l0.2-1.5c0.1-0.9,0.4-1.5,0.9-2c0.5-0.4,1.1-0.6,1.8-0.5c0.7,0.1,1.2,0.4,1.6,0.9c0.4,0.5,0.5,1.2,0.4,2.1L94.7,287z M93.6,285.2
-			c0.1-0.5,0-0.9-0.1-1.2c-0.1-0.3-0.3-0.4-0.7-0.5c-0.3,0-0.6,0.1-0.7,0.3c-0.2,0.2-0.3,0.6-0.4,1.2l-0.2,1.8c-0.1,0.5,0,1,0.1,1.2
-			c0.1,0.3,0.3,0.4,0.7,0.5c0.3,0,0.5-0.1,0.7-0.3c0.2-0.2,0.3-0.6,0.4-1.2L93.6,285.2z"/>
-		<path class="st42" d="M96.6,290.1l-1.3-0.3l0.2-1.2l1.3,0.3L96.6,290.1z"/>
-		<path class="st42" d="M99.5,289.9c0.4,0.1,0.7,0,1-0.2s0.5-0.6,0.7-1.1l0-0.1c-0.2,0.1-0.4,0.2-0.7,0.3c-0.2,0-0.5,0-0.7,0
-			c-0.6-0.2-1-0.5-1.3-1c-0.2-0.5-0.2-1.1,0-1.8c0.2-0.7,0.6-1.2,1.1-1.5c0.5-0.3,1.1-0.4,1.8-0.2c0.7,0.2,1.1,0.6,1.4,1.2
-			c0.3,0.6,0.3,1.3,0.1,2.1l-0.4,1.4c-0.2,0.9-0.7,1.4-1.3,1.8c-0.6,0.3-1.3,0.4-2,0.2c-0.2-0.1-0.5-0.2-0.7-0.3
-			c-0.2-0.1-0.4-0.2-0.6-0.4l0.4-0.9c0.2,0.1,0.4,0.2,0.5,0.3C99,289.7,99.2,289.8,99.5,289.9z M100.3,287.8c0.2,0.1,0.4,0.1,0.6,0
-			c0.2,0,0.3-0.1,0.5-0.2l0.2-0.7c0.1-0.5,0.2-0.9,0.1-1.2c-0.1-0.3-0.3-0.5-0.6-0.6c-0.3-0.1-0.5,0-0.8,0.2
-			c-0.2,0.2-0.4,0.5-0.5,0.9c-0.1,0.4-0.1,0.7,0,1C99.8,287.6,100,287.8,100.3,287.8z"/>
-		<path class="st42" d="M103.8,292.3l-1.3-0.5l0.4-1.1l1.3,0.5L103.8,292.3z"/>
-		<path class="st42" d="M104.8,291.8l1.1,0.3l1.9-4.2l-1.1-0.5l0.3-0.7l2.5,0.6l-2.4,5.4l1,0.6l-0.3,0.7l-3.3-1.5L104.8,291.8z"/>
-	</g>
-	<g>
-		<path class="st42" d="M115,54.6h-1l-0.2-0.9c-0.1-0.1-0.3-0.1-0.5-0.2c-0.2-0.1-0.5-0.1-0.7-0.1c-0.4,0-0.7,0.1-0.9,0.2
-			c-0.2,0.2-0.3,0.4-0.3,0.6c0,0.2,0.1,0.4,0.3,0.6s0.6,0.3,1.1,0.5c0.8,0.2,1.3,0.5,1.7,0.8c0.4,0.3,0.6,0.8,0.6,1.4
-			c0,0.6-0.2,1-0.7,1.4s-1.1,0.5-1.8,0.5c-0.5,0-1-0.1-1.5-0.3s-0.8-0.4-1.1-0.7V57h1.1l0.1,1c0.1,0.1,0.3,0.2,0.6,0.3
-			c0.2,0.1,0.5,0.1,0.8,0.1c0.4,0,0.7-0.1,0.9-0.2c0.2-0.2,0.3-0.4,0.3-0.6c0-0.3-0.1-0.5-0.3-0.6c-0.2-0.2-0.5-0.3-1-0.5
-			c-0.8-0.2-1.4-0.5-1.8-0.8c-0.4-0.3-0.6-0.8-0.6-1.3c0-0.6,0.2-1,0.7-1.4s1.1-0.5,1.8-0.5c0.5,0,1,0.1,1.4,0.2s0.8,0.4,1.1,0.6
-			V54.6z"/>
-		<path class="st42" d="M118.1,59.4c-0.7,0-1.3-0.2-1.8-0.7s-0.7-1.1-0.7-1.8v-0.2c0-0.8,0.2-1.4,0.6-1.9c0.4-0.5,1-0.7,1.7-0.7
-			c0.7,0,1.2,0.2,1.6,0.6s0.6,1,0.6,1.7v0.7h-3l0,0c0,0.3,0.1,0.6,0.3,0.8c0.2,0.2,0.5,0.3,0.8,0.3c0.3,0,0.6,0,0.8-0.1
-			c0.2-0.1,0.4-0.2,0.7-0.3l0.4,0.8c-0.2,0.2-0.5,0.3-0.8,0.4S118.5,59.4,118.1,59.4z M118,55.2c-0.3,0-0.5,0.1-0.6,0.3
-			c-0.1,0.2-0.2,0.4-0.3,0.8l0,0h1.7v-0.1c0-0.3-0.1-0.5-0.2-0.7C118.5,55.3,118.3,55.2,118,55.2z"/>
-		<path class="st42" d="M120.9,58.5l0.7-0.1v-3.1l-0.7-0.1v-0.8h2l0.1,0.7c0.1-0.3,0.3-0.5,0.5-0.6s0.4-0.2,0.7-0.2
-			c0.1,0,0.1,0,0.2,0c0.1,0,0.1,0,0.2,0l-0.1,1.2l-0.6,0c-0.2,0-0.4,0-0.5,0.1c-0.1,0.1-0.2,0.2-0.3,0.3v2.5l0.7,0.1v0.8h-2.7V58.5z
-			"/>
-		<path class="st42" d="M127.1,55l-0.5,0.1l0.7,2.3l0.1,0.5h0l0.1-0.5l0.7-2.3l-0.5-0.1v-0.8h2.3V55l-0.4,0.1l-1.5,4.2h-1.3
-			l-1.5-4.2l-0.4-0.1v-0.8h2.3V55z"/>
-		<path class="st42" d="M130.4,58.5l0.7-0.1v-3.1l-0.7-0.1v-0.8h2.1v4.1l0.7,0.1v0.8h-2.7V58.5z M132.4,53H131v-1h1.4V53z"/>
-		<path class="st42" d="M135.9,58.3c0.2,0,0.4-0.1,0.6-0.2c0.1-0.1,0.2-0.3,0.2-0.6h1.2l0,0c0,0.5-0.2,0.9-0.6,1.3
-			c-0.4,0.3-0.9,0.5-1.5,0.5c-0.8,0-1.3-0.2-1.7-0.7c-0.4-0.5-0.6-1.1-0.6-1.8v-0.1c0-0.7,0.2-1.4,0.6-1.8c0.4-0.5,1-0.7,1.8-0.7
-			c0.4,0,0.8,0.1,1.1,0.2c0.3,0.1,0.6,0.3,0.8,0.5l0,1.4h-1.1l-0.2-0.8c-0.1-0.1-0.2-0.1-0.3-0.1c-0.1,0-0.2-0.1-0.3-0.1
-			c-0.4,0-0.7,0.1-0.8,0.4s-0.2,0.6-0.2,1.1v0.1c0,0.5,0.1,0.8,0.2,1.1C135.3,58.2,135.5,58.3,135.9,58.3z"/>
-		<path class="st42" d="M141,59.4c-0.7,0-1.3-0.2-1.8-0.7s-0.7-1.1-0.7-1.8v-0.2c0-0.8,0.2-1.4,0.6-1.9c0.4-0.5,1-0.7,1.7-0.7
-			c0.7,0,1.2,0.2,1.6,0.6s0.6,1,0.6,1.7v0.7h-3l0,0c0,0.3,0.1,0.6,0.3,0.8c0.2,0.2,0.5,0.3,0.8,0.3c0.3,0,0.6,0,0.8-0.1
-			c0.2-0.1,0.4-0.2,0.7-0.3l0.4,0.8c-0.2,0.2-0.5,0.3-0.8,0.4S141.4,59.4,141,59.4z M140.9,55.2c-0.3,0-0.5,0.1-0.6,0.3
-			c-0.1,0.2-0.2,0.4-0.3,0.8l0,0h1.7v-0.1c0-0.3-0.1-0.5-0.2-0.7C141.4,55.3,141.1,55.2,140.9,55.2z"/>
-		<path class="st42" d="M149,52.5c0.8,0,1.4,0.2,1.9,0.5s0.7,0.8,0.7,1.4c0,0.3-0.1,0.6-0.2,0.8c-0.2,0.2-0.4,0.4-0.7,0.6
-			c0.4,0.1,0.7,0.3,0.9,0.6c0.2,0.3,0.3,0.6,0.3,1c0,0.7-0.2,1.1-0.6,1.5c-0.4,0.3-1,0.5-1.8,0.5H146v-0.8l0.7-0.1v-4.9l-0.7-0.1
-			v-0.8h0.7H149z M148.1,55.3h1c0.4,0,0.6-0.1,0.8-0.2c0.2-0.2,0.3-0.4,0.3-0.7c0-0.3-0.1-0.5-0.3-0.7s-0.5-0.2-0.9-0.2h-0.9V55.3z
-			 M148.1,56.3v2h1.3c0.4,0,0.6-0.1,0.8-0.2s0.3-0.4,0.3-0.7c0-0.3-0.1-0.6-0.2-0.8c-0.2-0.2-0.4-0.3-0.8-0.3H148.1z"/>
-		<path class="st42" d="M154.8,58.5l1.2-0.1v-4.6h-1.2v-0.8l2.5-0.5v5.9l1.2,0.1v0.8h-3.7V58.5z"/>
-		<path class="st42" d="M163.8,56.6c0,0.9-0.2,1.6-0.6,2.1c-0.4,0.5-1,0.7-1.7,0.7c-0.7,0-1.3-0.2-1.7-0.7c-0.4-0.5-0.6-1.2-0.6-2.1
-			v-1.5c0-0.9,0.2-1.6,0.6-2.1c0.4-0.5,1-0.7,1.7-0.7c0.7,0,1.3,0.2,1.7,0.7c0.4,0.5,0.6,1.2,0.6,2.1V56.6z M162.4,55
-			c0-0.5-0.1-0.9-0.2-1.2c-0.2-0.3-0.4-0.4-0.7-0.4c-0.3,0-0.5,0.1-0.7,0.4s-0.2,0.6-0.2,1.2v1.8c0,0.5,0.1,0.9,0.2,1.2
-			c0.2,0.2,0.4,0.4,0.7,0.4c0.3,0,0.5-0.1,0.7-0.4s0.2-0.6,0.2-1.2V55z"/>
-		<path class="st42" d="M166.1,59.3h-1.4v-1.2h1.4V59.3z"/>
-		<path class="st42" d="M166.9,58.5l1.2-0.1v-4.6h-1.2v-0.8l2.5-0.5v5.9l1.2,0.1v0.8h-3.7V58.5z"/>
-		<path class="st42" d="M175.9,56.6c0,0.9-0.2,1.6-0.6,2.1c-0.4,0.5-1,0.7-1.7,0.7c-0.7,0-1.3-0.2-1.7-0.7c-0.4-0.5-0.6-1.2-0.6-2.1
-			v-1.5c0-0.9,0.2-1.6,0.6-2.1c0.4-0.5,1-0.7,1.7-0.7c0.7,0,1.3,0.2,1.7,0.7c0.4,0.5,0.6,1.2,0.6,2.1V56.6z M174.6,55
-			c0-0.5-0.1-0.9-0.2-1.2c-0.2-0.3-0.4-0.4-0.7-0.4c-0.3,0-0.5,0.1-0.7,0.4s-0.2,0.6-0.2,1.2v1.8c0,0.5,0.1,0.9,0.2,1.2
-			c0.2,0.2,0.4,0.4,0.7,0.4c0.3,0,0.5-0.1,0.7-0.4s0.2-0.6,0.2-1.2V55z"/>
-		<path class="st42" d="M178.3,59.3H177v-1.2h1.4V59.3z"/>
-		<path class="st42" d="M181.2,58.3c0.4,0,0.7-0.1,0.9-0.4s0.3-0.7,0.3-1.3v-0.1c-0.2,0.2-0.3,0.3-0.5,0.4s-0.4,0.2-0.7,0.2
-			c-0.6,0-1.1-0.2-1.5-0.6c-0.4-0.4-0.5-1-0.5-1.7c0-0.7,0.2-1.3,0.6-1.7s1-0.7,1.6-0.7c0.7,0,1.3,0.2,1.7,0.7
-			c0.4,0.5,0.7,1.2,0.7,2v1.5c0,0.9-0.2,1.6-0.7,2.1c-0.5,0.5-1.1,0.7-1.9,0.7c-0.2,0-0.5,0-0.7-0.1c-0.3,0-0.5-0.1-0.7-0.2l0.2-1
-			c0.2,0.1,0.4,0.1,0.6,0.2C180.7,58.3,180.9,58.3,181.2,58.3z M181.4,56.2c0.2,0,0.4,0,0.6-0.1c0.2-0.1,0.3-0.2,0.4-0.3V55
-			c0-0.5-0.1-0.9-0.3-1.1c-0.2-0.3-0.4-0.4-0.7-0.4c-0.3,0-0.5,0.1-0.7,0.4c-0.2,0.3-0.3,0.6-0.3,1c0,0.4,0.1,0.7,0.2,1
-			C180.9,56,181.1,56.2,181.4,56.2z"/>
-		<path class="st42" d="M186.1,59.3h-1.4v-1.2h1.4V59.3z"/>
-		<path class="st42" d="M187,59.3v-0.9l2.2-2.4c0.3-0.4,0.5-0.7,0.7-0.9c0.1-0.3,0.2-0.5,0.2-0.7c0-0.3-0.1-0.5-0.2-0.7
-			c-0.2-0.2-0.4-0.3-0.7-0.3c-0.3,0-0.6,0.1-0.7,0.3c-0.2,0.2-0.2,0.5-0.2,0.9h-1.3l0,0c0-0.6,0.2-1.1,0.6-1.6
-			c0.4-0.4,1-0.6,1.7-0.6c0.7,0,1.3,0.2,1.7,0.5s0.6,0.9,0.6,1.5c0,0.4-0.1,0.8-0.3,1.1c-0.2,0.3-0.6,0.8-1.1,1.4l-1.2,1.3l0,0h1.8
-			l0.1-0.7h1v1.7H187z"/>
-	</g>
-</g>
-<g id="deployments">
-	<g>
-		<g>
-			<circle class="st45" cx="140.6" cy="241.8" r="14.1"/>
-			<g>
-				<g>
-					<path class="st46" d="M145,233.5c3,1.6,5,4.7,5,8.3c0,5.2-4.2,9.4-9.4,9.4s-9.4-4.2-9.4-9.4c0-4.1,2.6-7.6,6.3-8.9"/>
-					<g>
-						<polygon class="st6" points="146.4,236.4 145.4,233.7 148,232.6 146.5,231.9 143.8,233 144.8,235.6 						"/>
-					</g>
-				</g>
-			</g>
-			<g>
-				<path class="st6" d="M135.4,245.5l0.8-0.1l3.3-9.5h2.2l3.3,9.5l0.8,0.1v1.3h-3.7v-1.3l0.8-0.1l-0.5-1.5h-3.5l-0.5,1.5l0.8,0.1
-					v1.3h-3.7V245.5z M139.4,242.3h2.5l-1.2-3.8h0L139.4,242.3z"/>
-			</g>
-		</g>
-		<g>
-			<circle class="st49" cx="159.9" cy="211.5" r="14.1"/>
-			<g>
-				<g>
-					<path class="st46" d="M164.3,203.2c3,1.6,5,4.7,5,8.3c0,5.2-4.2,9.4-9.4,9.4s-9.4-4.2-9.4-9.4c0-4.1,2.6-7.6,6.3-8.9"/>
-					<g>
-						<polygon class="st6" points="165.7,206.1 164.6,203.4 167.3,202.4 165.7,201.7 163,202.7 164.1,205.4 						"/>
-					</g>
-				</g>
-			</g>
-			<g>
-				<path class="st6" d="M160.1,205.8c1.3,0,2.3,0.2,3,0.7s1.1,1.2,1.1,2.2c0,0.5-0.1,1-0.4,1.3c-0.3,0.4-0.7,0.7-1.2,0.9
-					c0.7,0.1,1.1,0.4,1.5,0.9s0.5,1,0.5,1.6c0,1-0.3,1.8-1,2.4c-0.7,0.5-1.7,0.8-2.9,0.8h-5.3v-1.3l1.2-0.2v-7.8l-1.2-0.2v-1.3h1.2
-					H160.1z M158.6,210.3h1.6c0.6,0,1-0.1,1.3-0.4c0.3-0.2,0.5-0.6,0.5-1c0-0.5-0.2-0.9-0.5-1.1c-0.3-0.2-0.8-0.4-1.4-0.4h-1.5
-					V210.3z M158.6,211.8v3.1h2c0.6,0,1-0.1,1.3-0.4c0.3-0.3,0.5-0.6,0.5-1.1c0-0.5-0.1-0.9-0.4-1.2c-0.3-0.3-0.7-0.4-1.2-0.4H158.6
-					z"/>
-			</g>
-		</g>
-	</g>
-</g>
-<g id="containers_x2F_volumes">
-	<g>
-		<polygon class="st51" points="74.8,101.8 86.6,94.9 98.5,101.8 86.6,108.6 		"/>
-		<polygon class="st51" points="74.8,115.4 74.8,101.8 86.6,108.6 86.6,122.3 		"/>
-		<polygon class="st51" points="86.6,122.3 86.6,108.6 98.5,101.8 98.5,115.4 		"/>
-	</g>
-	<g>
-		<polygon class="st51" points="74.2,331.5 86,324.6 97.9,331.5 86,338.3 		"/>
-		<polygon class="st51" points="74.2,345.2 74.2,331.5 86,338.3 86,352 		"/>
-		<polygon class="st51" points="86,352 86,338.3 97.9,331.5 97.9,345.2 		"/>
-	</g>
-	<g>
-		<polygon class="st51" points="178.7,101.8 190.6,94.9 202.4,101.8 190.6,108.6 		"/>
-		<polygon class="st51" points="178.7,115.4 178.7,101.8 190.6,108.6 190.6,122.3 		"/>
-		<polygon class="st51" points="190.6,122.3 190.6,108.6 202.4,101.8 202.4,115.4 		"/>
-	</g>
-	<g>
-		<polygon class="st51" points="225.2,101.8 237.1,94.9 248.9,101.8 237.1,108.6 		"/>
-		<polygon class="st51" points="225.2,115.4 225.2,101.8 237.1,108.6 237.1,122.3 		"/>
-		<polygon class="st51" points="237.1,122.3 237.1,108.6 248.9,101.8 248.9,115.4 		"/>
-	</g>
-</g>
-<g id="labels_x2F_selectors">
-	<polygon class="st53" points="145.5,335.5 110.8,335.5 105.4,326.6 110.8,317.7 145.5,317.7 	"/>
-	<polygon class="st54" points="144,334 109.3,334 103.9,325.1 109.3,316.2 144,316.2 	"/>
-	<g>
-		<g>
-			<path class="st42" d="M114.7,328.5c0-0.1-0.1-0.3-0.1-0.4s0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-				c-0.5,0-1-0.1-1.3-0.4c-0.3-0.3-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1v-0.6c0-0.3-0.1-0.6-0.3-0.7
-				c-0.2-0.2-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6h-0.7v-1c0.2-0.2,0.5-0.3,0.9-0.5
-				c0.3-0.1,0.7-0.2,1.1-0.2c0.6,0,1.1,0.2,1.5,0.5s0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6H114.7z
-				 M113.2,327.8c0.3,0,0.6-0.1,0.9-0.2s0.5-0.3,0.6-0.6v-0.9h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7
-				c0,0.2,0.1,0.4,0.2,0.5C112.7,327.7,112.9,327.8,113.2,327.8z"/>
-			<path class="st42" d="M116.7,329.9l0.8-0.1V324l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V329.9z M121,325.9c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6c-0.3,0-0.5,0.1-0.7,0.2
-				s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5s0.4-0.8,0.4-1.3V325.9z"/>
-			<path class="st42" d="M122.7,329.9l0.8-0.1V324l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V329.9z M127.1,325.9c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6
-				c-0.3,0-0.5,0.1-0.7,0.2s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-				s0.4-0.8,0.4-1.3V325.9z"/>
-			<path class="st42" d="M133.3,324.5h-4.1v-0.8h4.1V324.5z M133.3,326.5h-4.1v-0.8h4.1V326.5z"/>
-			<path class="st42" d="M134.3,327.9l0.5-0.1l2.5-6.4h0.8l2.4,6.4l0.5,0.1v0.6h-2v-0.6l0.5-0.1l-0.5-1.3h-2.8l-0.5,1.3l0.5,0.1v0.6
-				h-2V327.9z M136.5,325.7h2.3l-1.1-3.1h0L136.5,325.7z"/>
-		</g>
-	</g>
-	<polygon class="st53" points="147,132 112.3,132 106.9,123 112.3,114.1 147,114.1 	"/>
-	<polygon class="st55" points="145.5,130.5 110.8,130.5 105.4,121.5 110.8,112.6 145.5,112.6 	"/>
-	<g>
-		<g>
-			<path class="st42" d="M116.2,124.9c0-0.1-0.1-0.3-0.1-0.4c0-0.1,0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-				c-0.5,0-1-0.1-1.3-0.4s-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1v-0.6c0-0.3-0.1-0.6-0.3-0.7
-				s-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6h-0.7v-1c0.2-0.2,0.5-0.3,0.9-0.5
-				c0.3-0.1,0.7-0.2,1.1-0.2c0.6,0,1.1,0.2,1.5,0.5c0.4,0.3,0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6
-				H116.2z M114.7,124.2c0.3,0,0.6-0.1,0.9-0.2c0.3-0.2,0.5-0.3,0.6-0.6v-0.9h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7
-				c0,0.2,0.1,0.4,0.2,0.5S114.4,124.2,114.7,124.2z"/>
-			<path class="st42" d="M118.2,126.3l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V126.3z M122.5,122.4c0-0.6-0.1-1.1-0.4-1.5c-0.2-0.4-0.6-0.6-1-0.6
-				c-0.3,0-0.5,0.1-0.7,0.2c-0.2,0.1-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-				s0.4-0.8,0.4-1.3V122.4z"/>
-			<path class="st42" d="M124.2,126.3l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V126.3z M128.5,122.4c0-0.6-0.1-1.1-0.4-1.5c-0.2-0.4-0.6-0.6-1-0.6
-				c-0.3,0-0.5,0.1-0.7,0.2c-0.2,0.1-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-				s0.4-0.8,0.4-1.3V122.4z"/>
-			<path class="st42" d="M134.7,120.9h-4.1v-0.8h4.1V120.9z M134.7,122.9h-4.1v-0.8h4.1V122.9z"/>
-			<path class="st42" d="M138.9,117.8c0.7,0,1.3,0.2,1.7,0.5c0.4,0.3,0.6,0.8,0.6,1.4c0,0.3-0.1,0.6-0.3,0.8
-				c-0.2,0.2-0.5,0.4-0.8,0.6c0.4,0.1,0.8,0.3,1,0.6c0.2,0.3,0.4,0.7,0.4,1.1c0,0.7-0.2,1.1-0.6,1.5c-0.4,0.3-1,0.5-1.7,0.5h-3.4
-				v-0.6l0.8-0.1v-5.6l-0.8-0.1v-0.6h0.8H138.9z M137.6,120.8h1.6c0.3,0,0.6-0.1,0.8-0.3c0.2-0.2,0.3-0.5,0.3-0.8
-				c0-0.4-0.1-0.7-0.4-0.9s-0.6-0.3-1-0.3h-1.4V120.8z M137.6,121.6v2.6h1.7c0.4,0,0.8-0.1,1-0.3c0.2-0.2,0.4-0.5,0.4-0.9
-				c0-0.4-0.1-0.7-0.3-1c-0.2-0.2-0.5-0.4-0.9-0.4H137.6z"/>
-		</g>
-	</g>
-	<polygon class="st53" points="241.2,132 206.5,132 201.1,123 206.5,114.1 241.2,114.1 	"/>
-	<polygon class="st55" points="239.7,130.5 205,130.5 199.6,121.5 205,112.6 239.7,112.6 	"/>
-	<g>
-		<g>
-			<path class="st42" d="M210.4,124.9c0-0.1-0.1-0.3-0.1-0.4c0-0.1,0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-				c-0.5,0-1-0.1-1.3-0.4s-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1v-0.6c0-0.3-0.1-0.6-0.3-0.7
-				s-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6h-0.7v-1c0.2-0.2,0.5-0.3,0.9-0.5
-				c0.3-0.1,0.7-0.2,1.1-0.2c0.6,0,1.1,0.2,1.5,0.5c0.4,0.3,0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6
-				H210.4z M208.9,124.2c0.3,0,0.6-0.1,0.9-0.2c0.3-0.2,0.5-0.3,0.6-0.6v-0.9h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7
-				c0,0.2,0.1,0.4,0.2,0.5S208.6,124.2,208.9,124.2z"/>
-			<path class="st42" d="M212.4,126.3l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V126.3z M216.7,122.4c0-0.6-0.1-1.1-0.4-1.5c-0.2-0.4-0.6-0.6-1-0.6
-				c-0.3,0-0.5,0.1-0.7,0.2c-0.2,0.1-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-				s0.4-0.8,0.4-1.3V122.4z"/>
-			<path class="st42" d="M218.4,126.3l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V126.3z M222.7,122.4c0-0.6-0.1-1.1-0.4-1.5c-0.2-0.4-0.6-0.6-1-0.6
-				c-0.3,0-0.5,0.1-0.7,0.2c-0.2,0.1-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-				s0.4-0.8,0.4-1.3V122.4z"/>
-			<path class="st42" d="M228.9,120.9h-4.1v-0.8h4.1V120.9z M228.9,122.9h-4.1v-0.8h4.1V122.9z"/>
-			<path class="st42" d="M233.1,117.8c0.7,0,1.3,0.2,1.7,0.5c0.4,0.3,0.6,0.8,0.6,1.4c0,0.3-0.1,0.6-0.3,0.8
-				c-0.2,0.2-0.5,0.4-0.8,0.6c0.4,0.1,0.8,0.3,1,0.6c0.2,0.3,0.4,0.7,0.4,1.1c0,0.7-0.2,1.1-0.6,1.5c-0.4,0.3-1,0.5-1.7,0.5H230
-				v-0.6l0.8-0.1v-5.6l-0.8-0.1v-0.6h0.8H233.1z M231.8,120.8h1.6c0.3,0,0.6-0.1,0.8-0.3c0.2-0.2,0.3-0.5,0.3-0.8
-				c0-0.4-0.1-0.7-0.4-0.9s-0.6-0.3-1-0.3h-1.4V120.8z M231.8,121.6v2.6h1.7c0.4,0,0.8-0.1,1-0.3c0.2-0.2,0.4-0.5,0.4-0.9
-				c0-0.4-0.1-0.7-0.3-1c-0.2-0.2-0.5-0.4-0.9-0.4H231.8z"/>
-		</g>
-	</g>
-	<polygon class="st53" points="284.6,107.5 249.9,107.5 244.5,98.5 249.9,89.6 284.6,89.6 	"/>
-	<polygon class="st55" points="283.1,106 248.4,106 243,97 248.4,88.1 283.1,88.1 	"/>
-	<g>
-		<g>
-			<path class="st42" d="M253.8,100.4c0-0.1-0.1-0.3-0.1-0.4c0-0.1,0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-				c-0.5,0-1-0.1-1.3-0.4s-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1v-0.6c0-0.3-0.1-0.6-0.3-0.7
-				s-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6h-0.7v-1c0.2-0.2,0.5-0.3,0.9-0.5
-				c0.3-0.1,0.7-0.2,1.1-0.2c0.6,0,1.1,0.2,1.5,0.5c0.4,0.3,0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6
-				H253.8z M252.3,99.7c0.3,0,0.6-0.1,0.9-0.2c0.3-0.2,0.5-0.3,0.6-0.6v-0.9h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7
-				c0,0.2,0.1,0.4,0.2,0.5S252,99.7,252.3,99.7z"/>
-			<path class="st42" d="M255.8,101.8l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1V98c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V101.8z M260.1,97.9c0-0.6-0.1-1.1-0.4-1.5c-0.2-0.4-0.6-0.6-1-0.6
-				c-0.3,0-0.5,0.1-0.7,0.2c-0.2,0.1-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-				s0.4-0.8,0.4-1.3V97.9z"/>
-			<path class="st42" d="M261.8,101.8l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-				c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1V98c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-				c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V101.8z M266.2,97.9c0-0.6-0.1-1.1-0.4-1.5c-0.2-0.4-0.6-0.6-1-0.6
-				c-0.3,0-0.5,0.1-0.7,0.2c-0.2,0.1-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-				s0.4-0.8,0.4-1.3V97.9z"/>
-			<path class="st42" d="M272.4,96.4h-4.1v-0.8h4.1V96.4z M272.4,98.4h-4.1v-0.8h4.1V98.4z"/>
-			<path class="st42" d="M276.5,93.3c0.7,0,1.3,0.2,1.7,0.5c0.4,0.3,0.6,0.8,0.6,1.4c0,0.3-0.1,0.6-0.3,0.8
-				c-0.2,0.2-0.5,0.4-0.8,0.6c0.4,0.1,0.8,0.3,1,0.6c0.2,0.3,0.4,0.7,0.4,1.1c0,0.7-0.2,1.1-0.6,1.5c-0.4,0.3-1,0.5-1.7,0.5h-3.4
-				v-0.6l0.8-0.1v-5.6l-0.8-0.1v-0.6h0.8H276.5z M275.2,96.3h1.6c0.3,0,0.6-0.1,0.8-0.3c0.2-0.2,0.3-0.5,0.3-0.8
-				c0-0.4-0.1-0.7-0.4-0.9s-0.6-0.3-1-0.3h-1.4V96.3z M275.2,97.1v2.6h1.7c0.4,0,0.8-0.1,1-0.3c0.2-0.2,0.4-0.5,0.4-0.9
-				c0-0.4-0.1-0.7-0.3-1c-0.2-0.2-0.5-0.4-0.9-0.4H275.2z"/>
-		</g>
-	</g>
-	<polygon class="st53" points="212.9,229.9 171.4,229.9 166,221 171.4,212 212.9,212 	"/>
-	<polygon class="st56" points="211.4,228.4 169.9,228.4 164.5,219.5 169.9,210.5 211.4,210.5 	"/>
-	<g>
-		<path class="st42" d="M175.6,219.2h-0.7l-0.2-0.6c-0.1-0.1-0.3-0.2-0.4-0.3c-0.2-0.1-0.4-0.1-0.6-0.1c-0.3,0-0.6,0.1-0.8,0.2
-			s-0.2,0.3-0.2,0.5c0,0.2,0.1,0.4,0.2,0.5s0.4,0.2,0.9,0.3c0.7,0.1,1.2,0.3,1.5,0.6s0.5,0.6,0.5,1c0,0.5-0.2,0.8-0.6,1.1
-			c-0.4,0.3-0.9,0.4-1.5,0.4c-0.4,0-0.8,0-1.1-0.1s-0.6-0.2-0.9-0.4l0-1.2h0.7l0.2,0.7c0.1,0.1,0.3,0.2,0.5,0.2
-			c0.2,0,0.4,0.1,0.6,0.1c0.3,0,0.6-0.1,0.8-0.2c0.2-0.1,0.3-0.3,0.3-0.5c0-0.2-0.1-0.4-0.2-0.5c-0.2-0.1-0.5-0.3-0.9-0.4
-			c-0.6-0.1-1.1-0.3-1.5-0.6s-0.5-0.6-0.5-1c0-0.4,0.2-0.8,0.5-1.1c0.4-0.3,0.8-0.5,1.4-0.5c0.4,0,0.8,0.1,1.1,0.2s0.6,0.2,0.8,0.4
-			L175.6,219.2z"/>
-		<path class="st42" d="M177.8,218.5h-1v-1h1V218.5z M177.8,222.8h-1v-1h1V222.8z"/>
-		<path class="st42" d="M182.1,222.8c0-0.1-0.1-0.3-0.1-0.4s0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-			c-0.5,0-1-0.1-1.3-0.4s-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1v-0.6c0-0.3-0.1-0.6-0.3-0.7
-			s-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6H179v-1c0.2-0.2,0.5-0.3,0.9-0.5s0.7-0.2,1.1-0.2
-			c0.6,0,1.1,0.2,1.5,0.5s0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6H182.1z M180.6,222.1
-			c0.3,0,0.6-0.1,0.9-0.2s0.5-0.3,0.6-0.6v-0.9h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7c0,0.2,0.1,0.4,0.2,0.5
-			S180.3,222.1,180.6,222.1z"/>
-		<path class="st42" d="M184,224.2l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8s-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6H184V224.2z M188.4,220.3c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6c-0.3,0-0.5,0.1-0.7,0.2
-			s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5s0.4-0.8,0.4-1.3V220.3z"/>
-		<path class="st42" d="M190.1,224.2l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8s-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V224.2z M194.4,220.3c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6
-			c-0.3,0-0.5,0.1-0.7,0.2s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-			s0.4-0.8,0.4-1.3V220.3z"/>
-		<path class="st42" d="M200.6,218.8h-4.1V218h4.1V218.8z M200.6,220.8h-4.1V220h4.1V220.8z"/>
-		<path class="st42" d="M204.8,215.7c0.7,0,1.3,0.2,1.7,0.5c0.4,0.3,0.6,0.8,0.6,1.4c0,0.3-0.1,0.6-0.3,0.8
-			c-0.2,0.2-0.5,0.4-0.8,0.6c0.4,0.1,0.8,0.3,1,0.6s0.4,0.7,0.4,1.1c0,0.7-0.2,1.1-0.6,1.5s-1,0.5-1.7,0.5h-3.4v-0.6l0.8-0.1v-5.6
-			l-0.8-0.1v-0.6h0.8H204.8z M203.4,218.7h1.6c0.3,0,0.6-0.1,0.8-0.3c0.2-0.2,0.3-0.5,0.3-0.8c0-0.4-0.1-0.7-0.4-0.9s-0.6-0.3-1-0.3
-			h-1.4V218.7z M203.4,219.5v2.6h1.7c0.4,0,0.8-0.1,1-0.3c0.2-0.2,0.4-0.5,0.4-0.9c0-0.4-0.1-0.7-0.3-1c-0.2-0.2-0.5-0.4-0.9-0.4
-			H203.4z"/>
-	</g>
-	<polygon class="st53" points="194.3,258.7 152.8,258.7 147.4,249.8 152.8,240.8 194.3,240.8 	"/>
-	<polygon class="st57" points="192.8,257.2 151.3,257.2 145.9,248.3 151.3,239.3 192.8,239.3 	"/>
-	<g>
-		<path class="st42" d="M156.9,248h-0.7l-0.2-0.6c-0.1-0.1-0.3-0.2-0.4-0.3c-0.2-0.1-0.4-0.1-0.6-0.1c-0.3,0-0.6,0.1-0.8,0.2
-			s-0.2,0.3-0.2,0.5c0,0.2,0.1,0.4,0.2,0.5s0.4,0.2,0.9,0.3c0.7,0.1,1.2,0.3,1.5,0.6s0.5,0.6,0.5,1c0,0.5-0.2,0.8-0.6,1.1
-			c-0.4,0.3-0.9,0.4-1.5,0.4c-0.4,0-0.8,0-1.1-0.1s-0.6-0.2-0.9-0.4l0-1.2h0.7l0.2,0.7c0.1,0.1,0.3,0.2,0.5,0.2
-			c0.2,0,0.4,0.1,0.6,0.1c0.3,0,0.6-0.1,0.8-0.2c0.2-0.1,0.3-0.3,0.3-0.5c0-0.2-0.1-0.4-0.2-0.5c-0.2-0.1-0.5-0.3-0.9-0.4
-			c-0.6-0.1-1.1-0.3-1.5-0.6s-0.5-0.6-0.5-1c0-0.4,0.2-0.8,0.5-1.1c0.4-0.3,0.8-0.5,1.4-0.5c0.4,0,0.8,0.1,1.1,0.2s0.6,0.2,0.8,0.4
-			L156.9,248z"/>
-		<path class="st42" d="M159.2,247.3h-1v-1h1V247.3z M159.2,251.6h-1v-1h1V251.6z"/>
-		<path class="st42" d="M163.5,251.6c0-0.1-0.1-0.3-0.1-0.4s0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-			c-0.5,0-1-0.1-1.3-0.4s-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1V248c0-0.3-0.1-0.6-0.3-0.7
-			s-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6h-0.7v-1c0.2-0.2,0.5-0.3,0.9-0.5s0.7-0.2,1.1-0.2
-			c0.6,0,1.1,0.2,1.5,0.5s0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6H163.5z M161.9,250.9
-			c0.3,0,0.6-0.1,0.9-0.2s0.5-0.3,0.6-0.6v-0.9h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7c0,0.2,0.1,0.4,0.2,0.5
-			S161.6,250.9,161.9,250.9z"/>
-		<path class="st42" d="M165.4,253l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8s-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V253z M169.8,249.1c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6c-0.3,0-0.5,0.1-0.7,0.2
-			s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5s0.4-0.8,0.4-1.3V249.1z"/>
-		<path class="st42" d="M171.5,253l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8s-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V253z M175.8,249.1c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6c-0.3,0-0.5,0.1-0.7,0.2
-			s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5s0.4-0.8,0.4-1.3V249.1z"/>
-		<path class="st42" d="M182,247.6h-4.1v-0.8h4.1V247.6z M182,249.6h-4.1v-0.8h4.1V249.6z"/>
-		<path class="st42" d="M183,251l0.5-0.1l2.5-6.4h0.8l2.4,6.4l0.5,0.1v0.6h-2V251l0.5-0.1l-0.5-1.3H185l-0.5,1.3l0.5,0.1v0.6h-2V251
-			z M185.3,248.8h2.3l-1.1-3.1h0L185.3,248.8z"/>
-	</g>
-	<polygon class="st53" points="162.4,376.4 120.9,376.4 115.5,367.5 120.9,358.6 162.4,358.6 	"/>
-	<polygon class="st57" points="160.9,374.9 119.4,374.9 114,366 119.4,357.1 160.9,357.1 	"/>
-	<g>
-		<path class="st42" d="M125,365.8h-0.7l-0.2-0.6c-0.1-0.1-0.3-0.2-0.4-0.3c-0.2-0.1-0.4-0.1-0.6-0.1c-0.3,0-0.6,0.1-0.8,0.2
-			s-0.2,0.3-0.2,0.5c0,0.2,0.1,0.4,0.2,0.5s0.4,0.2,0.9,0.3c0.7,0.1,1.2,0.3,1.5,0.6c0.3,0.2,0.5,0.6,0.5,1c0,0.5-0.2,0.8-0.6,1.1
-			c-0.4,0.3-0.9,0.4-1.5,0.4c-0.4,0-0.8,0-1.1-0.1c-0.3-0.1-0.6-0.2-0.9-0.4l0-1.2h0.7l0.2,0.7c0.1,0.1,0.3,0.2,0.5,0.2
-			c0.2,0,0.4,0.1,0.6,0.1c0.3,0,0.6-0.1,0.8-0.2c0.2-0.1,0.3-0.3,0.3-0.5c0-0.2-0.1-0.4-0.2-0.5c-0.2-0.1-0.5-0.3-0.9-0.4
-			c-0.6-0.1-1.1-0.3-1.5-0.6s-0.5-0.6-0.5-1c0-0.4,0.2-0.8,0.5-1.1c0.4-0.3,0.8-0.5,1.4-0.5c0.4,0,0.8,0.1,1.1,0.2s0.6,0.2,0.8,0.4
-			L125,365.8z"/>
-		<path class="st42" d="M127.3,365.1h-1v-1h1V365.1z M127.3,369.4h-1v-1h1V369.4z"/>
-		<path class="st42" d="M131.5,369.4c0-0.1-0.1-0.3-0.1-0.4s0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-			c-0.5,0-1-0.1-1.3-0.4c-0.3-0.3-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1v-0.6c0-0.3-0.1-0.6-0.3-0.7
-			c-0.2-0.2-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6h-0.7v-1c0.2-0.2,0.5-0.3,0.9-0.5
-			c0.3-0.1,0.7-0.2,1.1-0.2c0.6,0,1.1,0.2,1.5,0.5s0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6H131.5z
-			 M130,368.7c0.3,0,0.6-0.1,0.9-0.2s0.5-0.3,0.6-0.6V367h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7
-			c0,0.2,0.1,0.4,0.2,0.5C129.5,368.6,129.7,368.7,130,368.7z"/>
-		<path class="st42" d="M133.5,370.8l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V370.8z M137.8,366.9c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6
-			c-0.3,0-0.5,0.1-0.7,0.2s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-			s0.4-0.8,0.4-1.3V366.9z"/>
-		<path class="st42" d="M139.5,370.8l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8c-0.4,0.5-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V370.8z M143.9,366.9c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6
-			c-0.3,0-0.5,0.1-0.7,0.2s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5
-			s0.4-0.8,0.4-1.3V366.9z"/>
-		<path class="st42" d="M150.1,365.4H146v-0.8h4.1V365.4z M150.1,367.4H146v-0.8h4.1V367.4z"/>
-		<path class="st42" d="M151,368.8l0.5-0.1l2.5-6.4h0.8l2.4,6.4l0.5,0.1v0.6h-2v-0.6l0.5-0.1l-0.5-1.3H153l-0.5,1.3l0.5,0.1v0.6h-2
-			V368.8z M153.3,366.6h2.3l-1.1-3.1h0L153.3,366.6z"/>
-	</g>
-	<polygon class="st53" points="304.3,157.7 262.8,157.7 257.4,148.7 262.8,139.8 304.3,139.8 	"/>
-	<g>
-		<polygon class="st6" points="302.8,156.2 261.3,156.2 255.9,147.2 261.3,138.3 302.8,138.3 		"/>
-		<g>
-			<polyline class="st18" points="302.8,155 302.8,156.2 301.6,156.2 			"/>
-			<line class="st58" x1="299.9" y1="156.2" x2="263.3" y2="156.2"/>
-			<polyline class="st18" points="262.5,156.2 261.3,156.2 260.7,155.1 			"/>
-			<line class="st59" x1="260" y1="154" x2="256.9" y2="148.8"/>
-			<polyline class="st18" points="256.5,148.3 255.9,147.2 256.5,146.2 			"/>
-			<line class="st59" x1="257.2" y1="145.1" x2="260.3" y2="139.9"/>
-			<polyline class="st18" points="260.7,139.3 261.3,138.3 262.5,138.3 			"/>
-			<line class="st58" x1="264.2" y1="138.3" x2="300.7" y2="138.3"/>
-			<polyline class="st18" points="301.6,138.3 302.8,138.3 302.8,139.5 			"/>
-			<line class="st60" x1="302.8" y1="141.3" x2="302.8" y2="154"/>
-		</g>
-	</g>
-	<g>
-		<path class="st42" d="M266.9,147h-0.7l-0.2-0.6c-0.1-0.1-0.3-0.2-0.4-0.3c-0.2-0.1-0.4-0.1-0.6-0.1c-0.3,0-0.6,0.1-0.8,0.2
-			s-0.2,0.3-0.2,0.5c0,0.2,0.1,0.4,0.2,0.5s0.4,0.2,0.9,0.3c0.7,0.1,1.2,0.3,1.5,0.6s0.5,0.6,0.5,1c0,0.5-0.2,0.8-0.6,1.1
-			c-0.4,0.3-0.9,0.4-1.5,0.4c-0.4,0-0.8,0-1.1-0.1s-0.6-0.2-0.9-0.4l0-1.2h0.7l0.2,0.7c0.1,0.1,0.3,0.2,0.5,0.2
-			c0.2,0,0.4,0.1,0.6,0.1c0.3,0,0.6-0.1,0.8-0.2c0.2-0.1,0.3-0.3,0.3-0.5c0-0.2-0.1-0.4-0.2-0.5c-0.2-0.1-0.5-0.3-0.9-0.4
-			c-0.6-0.1-1.1-0.3-1.5-0.6s-0.5-0.6-0.5-1c0-0.4,0.2-0.8,0.5-1.1c0.4-0.3,0.8-0.5,1.4-0.5c0.4,0,0.8,0.1,1.1,0.2s0.6,0.2,0.8,0.4
-			L266.9,147z"/>
-		<path class="st42" d="M269.2,146.3h-1v-1h1V146.3z M269.2,150.6h-1v-1h1V150.6z"/>
-		<path class="st42" d="M273.5,150.6c0-0.1-0.1-0.3-0.1-0.4s0-0.2,0-0.3c-0.2,0.2-0.4,0.4-0.7,0.6c-0.3,0.2-0.6,0.2-0.9,0.2
-			c-0.5,0-1-0.1-1.3-0.4s-0.4-0.6-0.4-1.1c0-0.5,0.2-0.9,0.6-1.2c0.4-0.3,1-0.4,1.7-0.4h1V147c0-0.3-0.1-0.6-0.3-0.7
-			s-0.5-0.3-0.8-0.3c-0.2,0-0.5,0-0.6,0.1c-0.2,0.1-0.3,0.1-0.4,0.3l-0.1,0.6h-0.7v-1c0.2-0.2,0.5-0.3,0.9-0.5s0.7-0.2,1.1-0.2
-			c0.6,0,1.1,0.2,1.5,0.5s0.6,0.7,0.6,1.3v2.5c0,0.1,0,0.1,0,0.2c0,0.1,0,0.1,0,0.2l0.4,0.1v0.6H273.5z M271.9,149.9
-			c0.3,0,0.6-0.1,0.9-0.2s0.5-0.3,0.6-0.6v-0.9h-1c-0.4,0-0.7,0.1-0.9,0.3c-0.2,0.2-0.3,0.4-0.3,0.7c0,0.2,0.1,0.4,0.2,0.5
-			S271.6,149.9,271.9,149.9z"/>
-		<path class="st42" d="M275.4,152l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8s-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V152z M279.7,148.1c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6c-0.3,0-0.5,0.1-0.7,0.2
-			s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5s0.4-0.8,0.4-1.3V148.1z"/>
-		<path class="st42" d="M281.5,152l0.8-0.1v-5.8l-0.8-0.1v-0.6h1.6l0.1,0.6c0.2-0.2,0.4-0.4,0.6-0.6c0.3-0.1,0.5-0.2,0.9-0.2
-			c0.7,0,1.2,0.3,1.5,0.8c0.4,0.5,0.5,1.2,0.5,2.1v0.1c0,0.8-0.2,1.4-0.5,1.8s-0.9,0.7-1.5,0.7c-0.3,0-0.6-0.1-0.9-0.2
-			c-0.2-0.1-0.5-0.3-0.6-0.5v1.8l0.8,0.1v0.6h-2.6V152z M285.8,148.1c0-0.6-0.1-1.1-0.4-1.5s-0.6-0.6-1-0.6c-0.3,0-0.5,0.1-0.7,0.2
-			s-0.4,0.3-0.5,0.5v2.6c0.1,0.2,0.3,0.4,0.5,0.5c0.2,0.1,0.4,0.2,0.7,0.2c0.5,0,0.8-0.2,1-0.5s0.4-0.8,0.4-1.3V148.1z"/>
-		<path class="st42" d="M292,146.6h-4.1v-0.8h4.1V146.6z M292,148.6h-4.1v-0.8h4.1V148.6z"/>
-		<path class="st42" d="M296.2,143.5c0.7,0,1.3,0.2,1.7,0.5c0.4,0.3,0.6,0.8,0.6,1.4c0,0.3-0.1,0.6-0.3,0.8
-			c-0.2,0.2-0.5,0.4-0.8,0.6c0.4,0.1,0.8,0.3,1,0.6s0.4,0.7,0.4,1.1c0,0.7-0.2,1.1-0.6,1.5s-1,0.5-1.7,0.5H293V150l0.8-0.1v-5.6
-			l-0.8-0.1v-0.6h0.8H296.2z M294.8,146.5h1.6c0.3,0,0.6-0.1,0.8-0.3c0.2-0.2,0.3-0.5,0.3-0.8c0-0.4-0.1-0.7-0.4-0.9s-0.6-0.3-1-0.3
-			h-1.4V146.5z M294.8,147.3v2.6h1.7c0.4,0,0.8-0.1,1-0.3c0.2-0.2,0.4-0.5,0.4-0.9c0-0.4-0.1-0.7-0.3-1c-0.2-0.2-0.5-0.4-0.9-0.4
-			H294.8z"/>
-	</g>
-</g>
-<g id="description">
-	<g>
-		<path class="st42" d="M260.8,256.6v-0.7l1-0.2V249l-1-0.2v-0.7h1h1.2h1v0.7l-1,0.2v6.7h3l0.1-1h1v1.9H260.8z"/>
-		<path class="st42" d="M272.1,256.6c0-0.2-0.1-0.3-0.1-0.5s0-0.3,0-0.4c-0.2,0.3-0.5,0.5-0.8,0.7s-0.7,0.3-1.1,0.3
-			c-0.7,0-1.2-0.2-1.5-0.5s-0.5-0.8-0.5-1.4c0-0.6,0.2-1.1,0.7-1.4s1.2-0.5,2-0.5h1.2v-0.7c0-0.4-0.1-0.7-0.4-0.9s-0.6-0.3-1-0.3
-			c-0.3,0-0.5,0-0.8,0.1s-0.4,0.2-0.5,0.3l-0.1,0.7h-0.9v-1.2c0.3-0.2,0.6-0.4,1-0.6s0.9-0.2,1.3-0.2c0.7,0,1.3,0.2,1.7,0.6
-			s0.7,0.9,0.7,1.6v3.1c0,0.1,0,0.2,0,0.2s0,0.2,0,0.2l0.5,0.1v0.7H272.1z M270.3,255.8c0.4,0,0.7-0.1,1-0.3s0.5-0.4,0.7-0.7v-1
-			h-1.2c-0.5,0-0.8,0.1-1.1,0.3s-0.4,0.5-0.4,0.8c0,0.3,0.1,0.5,0.3,0.6S269.9,255.8,270.3,255.8z"/>
-		<path class="st42" d="M280.4,253.7c0,0.9-0.2,1.7-0.7,2.2s-1,0.8-1.8,0.8c-0.4,0-0.8-0.1-1.1-0.2s-0.6-0.4-0.8-0.7l-0.1,0.8h-1
-			v-8.2l-1-0.2v-0.7h2.1v3.6c0.2-0.3,0.4-0.5,0.7-0.6s0.6-0.2,1-0.2c0.8,0,1.4,0.3,1.8,0.9s0.7,1.4,0.7,2.5V253.7z M279.2,253.6
-			c0-0.7-0.1-1.3-0.4-1.8s-0.7-0.7-1.2-0.7c-0.4,0-0.7,0.1-0.9,0.3s-0.4,0.4-0.6,0.7v2.8c0.1,0.3,0.3,0.5,0.6,0.7s0.5,0.3,0.9,0.3
-			c0.5,0,0.9-0.2,1.2-0.6s0.4-0.9,0.4-1.5V253.6z"/>
-		<path class="st42" d="M284.4,256.7c-0.9,0-1.6-0.3-2.1-0.9s-0.8-1.4-0.8-2.3v-0.3c0-0.9,0.3-1.7,0.8-2.3s1.2-0.9,1.9-0.9
-			c0.9,0,1.5,0.3,1.9,0.8s0.7,1.2,0.7,2.1v0.7h-4.1l0,0c0,0.6,0.2,1.1,0.5,1.5s0.7,0.6,1.2,0.6c0.4,0,0.7-0.1,1-0.2s0.5-0.3,0.8-0.5
-			l0.5,0.8c-0.2,0.2-0.5,0.4-0.9,0.6S285,256.7,284.4,256.7z M284.3,251.1c-0.4,0-0.7,0.2-1,0.5s-0.4,0.7-0.5,1.2l0,0h2.9v-0.2
-			c0-0.5-0.1-0.8-0.4-1.1S284.7,251.1,284.3,251.1z"/>
-		<path class="st42" d="M287.8,248.2v-0.7h2.1v8.2l1,0.2v0.7h-3.1v-0.7l1-0.2v-7.3L287.8,248.2z"/>
-		<path class="st42" d="M300.8,250.6h-0.9l-0.2-1.2c-0.2-0.1-0.4-0.3-0.7-0.4s-0.6-0.1-1-0.1c-0.6,0-1.1,0.1-1.4,0.4s-0.5,0.6-0.5,1
-			c0,0.4,0.2,0.7,0.5,0.9s0.9,0.5,1.6,0.7c0.9,0.2,1.6,0.6,2,1s0.7,1,0.7,1.6c0,0.7-0.3,1.2-0.8,1.7s-1.3,0.6-2.2,0.6
-			c-0.7,0-1.2-0.1-1.7-0.3s-0.9-0.5-1.2-0.8V254h0.9l0.2,1.2c0.2,0.2,0.5,0.3,0.8,0.5s0.7,0.2,1.1,0.2c0.6,0,1-0.1,1.4-0.4
-			s0.5-0.6,0.5-1c0-0.4-0.1-0.7-0.4-1s-0.8-0.5-1.6-0.7c-0.9-0.2-1.6-0.5-2.1-0.9s-0.8-0.9-0.8-1.6c0-0.7,0.3-1.2,0.8-1.7
-			s1.3-0.7,2.2-0.7c0.6,0,1.1,0.1,1.6,0.3s0.9,0.5,1.2,0.7V250.6z"/>
-		<path class="st42" d="M305,256.7c-0.9,0-1.6-0.3-2.1-0.9s-0.8-1.4-0.8-2.3v-0.3c0-0.9,0.3-1.7,0.8-2.3s1.2-0.9,1.9-0.9
-			c0.9,0,1.5,0.3,1.9,0.8s0.7,1.2,0.7,2.1v0.7h-4.1l0,0c0,0.6,0.2,1.1,0.5,1.5s0.7,0.6,1.2,0.6c0.4,0,0.7-0.1,1-0.2s0.5-0.3,0.8-0.5
-			l0.5,0.8c-0.2,0.2-0.5,0.4-0.9,0.6S305.5,256.7,305,256.7z M304.8,251.1c-0.4,0-0.7,0.2-1,0.5s-0.4,0.7-0.5,1.2l0,0h2.9v-0.2
-			c0-0.5-0.1-0.8-0.4-1.1S305.3,251.1,304.8,251.1z"/>
-		<path class="st42" d="M308.4,248.2v-0.7h2.1v8.2l1,0.2v0.7h-3.1v-0.7l1-0.2v-7.3L308.4,248.2z"/>
-		<path class="st42" d="M315.2,256.7c-0.9,0-1.6-0.3-2.1-0.9s-0.8-1.4-0.8-2.3v-0.3c0-0.9,0.3-1.7,0.8-2.3s1.2-0.9,1.9-0.9
-			c0.9,0,1.5,0.3,1.9,0.8s0.7,1.2,0.7,2.1v0.7h-4.1l0,0c0,0.6,0.2,1.1,0.5,1.5s0.7,0.6,1.2,0.6c0.4,0,0.7-0.1,1-0.2s0.5-0.3,0.8-0.5
-			l0.5,0.8c-0.2,0.2-0.5,0.4-0.9,0.6S315.7,256.7,315.2,256.7z M315,251.1c-0.4,0-0.7,0.2-1,0.5s-0.4,0.7-0.5,1.2l0,0h2.9v-0.2
-			c0-0.5-0.1-0.8-0.4-1.1S315.5,251.1,315,251.1z"/>
-		<path class="st42" d="M321.6,255.8c0.4,0,0.7-0.1,1-0.4s0.4-0.5,0.4-0.9h1l0,0c0,0.5-0.2,1-0.7,1.5s-1.1,0.6-1.8,0.6
-			c-0.9,0-1.6-0.3-2.1-0.9s-0.7-1.4-0.7-2.3v-0.2c0-0.9,0.2-1.7,0.7-2.3s1.2-0.9,2.1-0.9c0.5,0,1,0.1,1.4,0.3s0.7,0.4,1,0.7l0.1,1.4
-			h-0.9l-0.3-1c-0.1-0.1-0.3-0.2-0.5-0.3s-0.5-0.1-0.7-0.1c-0.6,0-1,0.2-1.3,0.7s-0.4,1-0.4,1.6v0.2c0,0.6,0.1,1.2,0.4,1.6
-			S321,255.8,321.6,255.8z"/>
-		<path class="st42" d="M327.2,248.7v1.5h1.2v0.9h-1.2v3.8c0,0.3,0.1,0.5,0.2,0.6s0.3,0.2,0.5,0.2c0.1,0,0.2,0,0.3,0s0.2,0,0.3-0.1
-			l0.2,0.8c-0.1,0.1-0.3,0.1-0.5,0.2s-0.4,0.1-0.6,0.1c-0.5,0-0.8-0.1-1.1-0.4s-0.4-0.7-0.4-1.3v-3.8h-1v-0.9h1v-1.5H327.2z"/>
-		<path class="st42" d="M329.5,253.4c0-0.9,0.3-1.7,0.8-2.3s1.2-0.9,2.1-0.9c0.9,0,1.6,0.3,2.1,0.9s0.8,1.4,0.8,2.3v0.1
-			c0,0.9-0.3,1.7-0.8,2.3s-1.2,0.9-2.1,0.9c-0.9,0-1.6-0.3-2.1-0.9s-0.8-1.4-0.8-2.3V253.4z M330.6,253.5c0,0.7,0.1,1.2,0.4,1.7
-			s0.7,0.7,1.3,0.7c0.5,0,1-0.2,1.2-0.7s0.4-1,0.4-1.7v-0.1c0-0.7-0.1-1.2-0.4-1.7s-0.7-0.7-1.3-0.7s-1,0.2-1.3,0.7s-0.4,1-0.4,1.7
-			V253.5z"/>
-		<path class="st42" d="M336.2,251v-0.7h2l0.1,0.9c0.2-0.3,0.4-0.6,0.7-0.8s0.6-0.3,0.9-0.3c0.1,0,0.2,0,0.3,0s0.2,0,0.2,0l-0.2,1.1
-			l-0.7,0c-0.3,0-0.6,0.1-0.8,0.2s-0.4,0.3-0.5,0.6v3.6l1,0.2v0.7h-3.1v-0.7l1-0.2v-4.5L336.2,251z"/>
-	</g>
-	<line class="st63" x1="258.9" y1="254.2" x2="189.5" y2="254.2"/>
-	<g>
-		<path class="st42" d="M309.7,105.4v-0.7l1-0.2v-6.7l-1-0.2v-0.7h1h1.2h1v0.7l-1,0.2v6.7h3l0.1-1h1v1.9H309.7z"/>
-		<path class="st42" d="M321,105.4c0-0.2-0.1-0.3-0.1-0.5s0-0.3,0-0.4c-0.2,0.3-0.5,0.5-0.8,0.7s-0.7,0.3-1.1,0.3
-			c-0.7,0-1.2-0.2-1.5-0.5s-0.5-0.8-0.5-1.4c0-0.6,0.2-1.1,0.7-1.4s1.2-0.5,2-0.5h1.2V101c0-0.4-0.1-0.7-0.4-0.9s-0.6-0.3-1-0.3
-			c-0.3,0-0.5,0-0.8,0.1s-0.4,0.2-0.5,0.3l-0.1,0.7h-0.9v-1.2c0.3-0.2,0.6-0.4,1-0.6s0.9-0.2,1.3-0.2c0.7,0,1.3,0.2,1.7,0.6
-			s0.7,0.9,0.7,1.6v3.1c0,0.1,0,0.2,0,0.2s0,0.2,0,0.2l0.5,0.1v0.7H321z M319.2,104.5c0.4,0,0.7-0.1,1-0.3s0.5-0.4,0.7-0.7v-1h-1.2
-			c-0.5,0-0.8,0.1-1.1,0.3s-0.4,0.5-0.4,0.8c0,0.3,0.1,0.5,0.3,0.6S318.8,104.5,319.2,104.5z"/>
-		<path class="st42" d="M329.3,102.4c0,0.9-0.2,1.7-0.7,2.2s-1,0.8-1.8,0.8c-0.4,0-0.8-0.1-1.1-0.2s-0.6-0.4-0.8-0.7l-0.1,0.8h-1
-			v-8.2l-1-0.2v-0.7h2.1v3.6c0.2-0.3,0.4-0.5,0.7-0.6s0.6-0.2,1-0.2c0.8,0,1.4,0.3,1.8,0.9s0.7,1.4,0.7,2.5V102.4z M328.1,102.3
-			c0-0.7-0.1-1.3-0.4-1.8s-0.7-0.7-1.2-0.7c-0.4,0-0.7,0.1-0.9,0.3s-0.4,0.4-0.6,0.7v2.8c0.1,0.3,0.3,0.5,0.6,0.7s0.5,0.3,0.9,0.3
-			c0.5,0,0.9-0.2,1.2-0.6s0.4-0.9,0.4-1.5V102.3z"/>
-		<path class="st42" d="M333.3,105.5c-0.9,0-1.6-0.3-2.1-0.9s-0.8-1.4-0.8-2.3V102c0-0.9,0.3-1.7,0.8-2.3s1.2-0.9,1.9-0.9
-			c0.9,0,1.5,0.3,1.9,0.8s0.7,1.2,0.7,2.1v0.7h-4.1l0,0c0,0.6,0.2,1.1,0.5,1.5s0.7,0.6,1.2,0.6c0.4,0,0.7-0.1,1-0.2s0.5-0.3,0.8-0.5
-			l0.5,0.8c-0.2,0.2-0.5,0.4-0.9,0.6S333.9,105.5,333.3,105.5z M333.2,99.8c-0.4,0-0.7,0.2-1,0.5s-0.4,0.7-0.5,1.2l0,0h2.9v-0.2
-			c0-0.5-0.1-0.8-0.4-1.1S333.6,99.8,333.2,99.8z"/>
-		<path class="st42" d="M336.7,97v-0.7h2.1v8.2l1,0.2v0.7h-3.1v-0.7l1-0.2v-7.3L336.7,97z"/>
-	</g>
-	<line class="st62" x1="307.3" y1="103" x2="278" y2="103"/>
-</g>
-<g id="Layer_14">
-</g>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="915px" height="678px" viewBox="0 0 915 678" enable-background="new 0 0 915 678" xml:space="preserve">  <image id="image0" width="915" height="678" x="0" y="0"
+    xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA5MAAAKmCAIAAABfTV10AAAABGdBTUEAALGPC/xhBQAAACBjSFJN
+AAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAACA
+AElEQVR42uzde1zT9f4H8DeDsbHGGDAQFBRQ5CJeJoooWEKiide89Mt7Rikd09/xWkctNbHSUjua
+v6Mmp5PXSjQpxRIDOoogClOcXARBnbIJA+bALxsb2++PAQ4YsLGNbfB+PvoDt+/38/1sAXvx+X4+
+n7eVUqkEhBBCCCGEzB7J1B1ACCGEkClJZcoXEqUCB7KQJbAxdQcQQgghZALyBjif8WJ/oviFpDG0
+DvawWT3DIdSfYmVl6s4h1A4rnC2AEEII9SryBuWZa8Ses881RgBnhvW2RcyxmF+RWcLkihBCCPUW
+hFSZmEF8ffZ5p0c6Maz/Mc9hwjAqCecVInOCyRUhhBDq+QipMv6Pmv8k1+p0lq2N1Zb5zCmj7DC/
+IjOByRUhhBDqyQip8rvfa45d0S2zqiNbW22Z7zBlNM0a8ysyNUyuCCGEUM/0QqL87lLN8ZSuZ1Z1
+NtaweT5zKuZXZFKYXBFCCKGepqZOeeRSzalUw2RWddYk2Pw2c9oYzK/INDC5IoQQQj1HTZ3iSFLN
+qbQXRr0KiQSb/4c5PRTzK+pumFwRQgihnkBMKA4l1fz0l3EzqzoSCf7xlsOM0FdsrE394lGvgckV
+IYQQsmxiQvGvizU//7f7Mqs6khV89JbDrLGYX1F3wOSKEEIIWapyUUP85dqEq6bJrOpIVrDxLYfp
+ITSqLRYwQEaEyRUhhBCyPM9EDV/+/Py/dyWm7kgLVlbw/hv2SyfSMb8iI8HkihBCCFkSQXXDFz89
+v3bPvDKrOisreHeS/bJJdDvMr8jQMLkihBBCloFf1fDFT8/T88w3s7YSMxnzKzIwTK4IIYSQueNX
+Nez88XlGvsVkVnXvRNnHTKbTKJhfkQFgckUIIYTMV1llQ9xp0Y1Cqak7oq+lE+nvvWGP+RXpCZMr
+QgghZI6qaxUb46tzii0+s6p7J8o+NppOtsH8iroIkytCCCFkdnKK61fsFyp64kd0H0frH9axXBxw
+91fUFZhcEUIIIfNy87409kClYdv08yCPHGQ7ypdib2cV7EtRf6qmTnH/iazwibzwqSynSFpW1dAN
+rzFtl5s9DUvHIp1hckUIIYTMiFIJk7c8qxQbJj72dbKeP4E+YTi1r5O2Y5yFT2Sn0l78lSupqVMY
+72W+/dorG+Y6GK991FNhckUIIYTMyL1H9Uu+FurfTrAvZcUUeqvhVe3V1ClOpb44nfbCePn1v1+5
+v0LFCa9INzam7gBCCCGEXrqQVadnC32drJdH208fQ9OnEXs70opo+wURrxxOqjmdZpTqsvce1Yf4
+dTFYo14Lp5gghBBCZuRcul4xccIw6qmPXfSMrc3s7Ujr5zgcWe1sb2f4wHCVa5Hb0yLTwuSKEEII
+mYsXEqVcjwmu2xYx97zvZPCUGexL+W27q58H2bDNnk0nDNsg6g0wuSKEEELmgieUd/ncbYuYhhpq
+bcvejnR4tbNh25fKlFIZLrZBusHkihBCCJmLrK7WyjJqbFWxtyMZ/CqPy7ue1FHvhMkVIYQQMhcp
+t7sy9bMbYqv6tQw4beDuw/ru6TbqMTC5IoQQQmahQdGVJLcg4pVui60qhw23YOvSLVykhXSDu2Ih
+hBBCZqGqRufFWX4e5HWzddjP/8IN4lZRfVlVw/0nMtVGrX2drN2dbSKGUYN9bQf302ow1d6OtOd9
+x+X7DVDlK6dYqlSCFW7qirSGyRUhhBAyC3mPZbqesnUhU5vDausUhy/V/JZZ17asQFlVQ1lVQ3aR
+FAD6Olmvm+MwYRi10waDfSkLIl45lWqAfV4raxQsBt4BRtrC7xWEEELILGQW6LY8a0W0vTZTTtNy
+JdO2lp9K7bwaVllVw7rvqpbvr+RXdT76u3yKvUHmDJTwdc7rqDfD5IoQQgiZBZ1qENjbkeZPeKXT
+w7adEK37rkqnCq7ZRdL5X1ZkF3cy49bejrQgovMOdArrESCdYHJFCCGETE/XGgQLIl7pdMhz2wnR
+bze6stt/TZ1i+T+FabmdZMr5EzrvQ6ewHgHSCSZXhBBCyPR0rUEwrbP9BPace9612Nps2wnR/acd
+3cq3tyNND7XT84VjPQKkE0yuCCGEkOnpVINgwjBqXyfrDg5Iy5Xov3yqpk6x7khVbYczDeZPoOv/
+2rEeAdIeJleEEELI9FLv6DDdM6LD5f+1dYptJ0QG6VVZVcOptI4ScF8na/0LE2A9AqQ9TK4IIYSQ
+iTUoILdUh/Q20pfSwbOn0jrfRkB7h5NqOt5qINjXVs9LYD0CpD1MrgghhJCJ6VSDwM+D3PFUgd8y
+DbzmqeOlWhOG6TvVVVWPACFtYHJFCCGETEynGgTunc1wLdNiN1adnEqt7eDZwf0MUNWossZgg8So
+Z8PkihBCCJmYTjUIOp5X2vFuAF1TVtXQQbP2diT998bCegRIS5hcEUIIIRPTqQZBx1MFbhUZZbVT
+WWVH47iD9V6khfUIkJYMMMKPUC+kVMILqZJsDRSylan7ghCybLrWIHB37uizO7tItxKyrUwcoXnS
+qryh9URUSb2yeVrCkP5kx1c0jIVduV2n5XXPphPr5jjo03PUS2ByRUg3JQL5vnPi6/mNwwN2tlZv
+jqO9O9nekY53MBBCXaFrDQKjihpJncjWasUV1dbKx60xRfzvLEarZ28USP92sFL766rqEeBYAOoU
+ftYipK0SgXzJ18J5O8ubYysA1NUrT6W9mPgPQdxpkagWVxgghHR2U5caBMZ2IUvbUdIO3Hsk2xBf
+petZWI8AaQPHXBHqXAFPFvejKL/Dxb+/XCd+uU7MDKW9P8W+45W/CCGkLkWXGgTGdpUr4VXIPV26
+Hg8eV8g3xle9kOi8zdXN+1LffvrOl0U9Ho65ItSROyX1s7aXL9xdka/dnjWJmcS0rc9WHqzseDUD
+Qgip6FqDoFP6V7TSZ9i1ulaxMb5aUN2VX4CpuWY09ozMFo65IqSBEuDOg/qtJ0RPujT/LLNAOn3b
+szF+lM3zmf2ccfwVaau2tjYrKys3Nzc/P7+0tPTp06cVFRU1NTVSqVSJG7X3OBwOZ8SIEX+kZAL0
+1+nE7CJp8KB2y1bR9d6g6mIW8cFU+y6cKG9QboyvKurqtlw5xVKFEkg40xV1CJMrQi0oAW4/qP/0
+uKisUt8ZVzcKpTO2PRs9mLJlPtODhfkVtSs9Pf3SpUtXrly5ceOGqfuCugmTyRwxYgQA3MwX6Zpc
+OxYxjKrn9gL8qobUO5KI4VRdT9wYX51TrNf4cVWNgsXAu8GoI5hcEWqkVALnQf3WEwbIrOpu3pfO
+3P5slC/lkwUOHiz8iUMvFRYWHj9+/Mcff3zw4IGp+4K6myq2AsCDSoau594qql8+pd1nXxtG/frs
+cz27dyGL0DW5bj0u+uuuvhN28x/Xjw/SOTGjXgU/RxECpRKyi+u3nqgWGLpkYrNbRdKZ28tHDqJ8
+usBBn6UPqGdISUk5ePDguXPnTN0RZDITJkxQfcGt6Gel4yDj/Scd3Y7v62Qd7EvRc9hVVUK2r9aL
+Tb9KeH4hi9D/bckqlGJyRR2zwrlTqDdTKuFWUf3WE9XPurSeoGvYA20/XcDs74r5tTdKT0//4osv
+Ll682N4BQUFBo0aNGjp0qK+v74ABA1xdXR0cHKhUqpUVzv7rgV5IlK9u4HfhxNMfuwxufxl+dpF0
++X4d9lLV6IOp9u+9odVs10NJNd9dqjHIG0IhW13f626QplBPhZ+dqJdSKuHmfenWE6JyUXdvAsB5
+UP/mjvIRPrafLmQOwPzaa1RWVm7atOnIkSNtn7K1tZ09e/bUqVMnTpzo5uZm6p6i7tO1NaAA8NsN
+Yt3sditOBftSJgyjpuXqde/+QladNsn1ZGqtoWIrAEhlSkKqpFHw7zTULvzURL2OQgnX7kk+//F5
+xXNTblx1u6R+9o7yYd62m/7HAbcw7PFOnDixdu3aioqKVo+PGzfu3XffXbBggZ2dVlWLUA+T1dUa
+BGl3JB0kVwBYN8chu6i+pq7r5VF4FfKrXEnH9+5/zST2nhMb9j15KpTjr0TUAVzBh3oRhRIuZ9eN
+X89fc7jKtLG1WW5p/dtfVszdWc591MV9ZJD5W7FixeLFi1vF1ilTply+fDk9PT0mJgZja6/V5RoE
+ZVUNHQ+p9nWyPrza2V6/HbI63tg19Y5k+0mRwd+Tm/dxV1fUEUyuqFdQKOD37Lrwdfx//KdaUm92
+c7tLBfKlX1fM2VHOfYj5tUcpLCwMDQ1tNUMgODj4119/TUpKioqKMnUHkSkplHrVIDiV9qLjA/w8
+yOvmMPQJr1c4de3Np7pVJN2oe31XbWA9AtQxTK6oh1Mo4NKturD1/M3/qZbKzC6zqntYLl+6p2L2
+jnLDFtRBppKSkjJ+/PhWW7Tu3Lnz1q1b06dPN3XvkOlVivW685NdJM3ubPPU6WNoh1c7a79FQFsX
+NQ27Fj6RbTharTDOL1RVPQKE2oPJFfVYCgVczKoLW8ff8kN1vXlnVnWPyuXL9grf/Kz8TgnmVwuW
+mJg4ceJE9RkCwcHBN27c2LRpk6m7hsxFnnY1pTuwR4t9W/08yKc+dlk+pSs1sQCg7V5XTysbNsRX
+iYmuz6DtVFWNERtHls5627Ztpu4DQgbWoIBLN+uWfi3883Zdg2X+AnxOKBIziaSbdQH9yX0crXGd
+rWVJTEycNWuW+iPvvPPOxYsXPTw8TN01ZEZ+zST0/AO1UqywsoJgX0rHh1HIVqN8KdNDaQBQJVbU
+1Onwl7zohWKol23zLtRiQvH3w1WlAkOWa2krYjjVzRHrDiLNcG8B1KMoAZKy6j49Xm3qjhjGE6E8
+Zp/Qzcl61zKnIC9cbGsZUlJS3nzzTfVHPv300+3bt5u6X8jsGGT+0qnUFxOGUQdrsRi/r5P1+jkO
+6+c4FD6R8asaCp/IACC7uL7TmgUXs4hxgRQAUCphY3x1Ac/o0/EVljnigLoHzhZAPYdMrlx3pKrH
+xNZmgqqGpXsqvv2txmJmPPRihYWFb7/9tnqFlz179mBsRRrVyw3wM11Tp1h3pKpWl92v/DzIE4ZR
+V0Tbr4i2H+Vr2+nxv2fXqW7fb4yv6p6F/zjPFXUAkyvqIZRKmLWjXP+q2Wbr+8s1X53RtxY5Mral
+S5eqz23ds2fP2rVrTd0pZKYmDDPMbmhlVQ36V8zq2IUs4rOToi7v4aUrv36Wf0OYc2jFihUrVhzi
+mLojPY/lf3MgBAAAN4ukgiqz2KLVeH7674sPptnruUEjMp4VK1ao7yTw6aefYmxFHQj1p5CsDDO+
+WPhEtu2EaNsipq4narntwI9pL551V7nBeeNfsadp8VuOc0hzLCTTGM5u/iEREePYPo44yaoHwo9A
+1ENsPS4ydRe6Q/wftabuAtLsxIkT6vu2vvPOOzhJAHXMmgT7P3A2VGu/3SCW76/UadoAALg7azWA
+1W2xFQA+nNHFbRAayQixoCTr1/hdH3+44Ztk40/KRd0Nx1xRTyAmFOXd+IvVhE6m1P59FsPUvUCt
+VVZWqg+vBgcH//vf/zZ1p5AFGBtAmRv+SsK1F/o3BQDZRdLl+yu3LWJqs2DLPH270plO1WlMjR17
+OJb98p8yQvxcUJh1OSmJUyYT5yfEffwgZmtsCP7WNE/cY2sOlERt3xbtpsNJOOaKeoKiMuNu0WI+
+FErQpxA5MpJNmzapT2/9v//7Pysr3MoMaeXjtxwG9TXYKFLhE9nyf1ae7qy8lnla/Dp9rD9FvzbI
+NAbLZ3R07NZvv1oZxiIB1HLitx8rwN+aZombzSF0PwuTK+oJrt3rsQuz2nrQa2K6pUhPT1efJ7Bz
+586QkBBTdwpZDCsr+M9aFxvD7V5aU6f4+uzz5fsrO62wZVYG9bX535mGHBplDFuyeTmbBgC16cd/
+4Zn69aE2FNyc210IrjhbAPUIf2TX6d+ITrz62IQPoYoJRXqepFLcrX/O5xTXjxjY+UY2qNt88cUX
+zV8HBwdjlSykKzuK1amPXN/6vNyAbWYXSZf/UxrsS1kRbR88yNx/Y9jaWB1b72LwGxU0dmzMuDUH
+rhPCKxc5b8ayWw/WyYSc5IRLqVyeWKYAINMYff0mzVkQ5dc6QHOOrDiUrZqX0PoU9wEhUW9NDRug
+W+YWP0q/+HNyDo8vlgIAkBmefqERs6LCPNWaEV+J23CGB7SwVXuWBGkcZuQlbI5LFgIj6qOv5vo0
+LVljxxyODVG1n/WIT8gASGSGq+fIKTFzQ1lkAJAJs349fTmzkCeWAQCZ7u4ZHLVgWotL6/cWgbgw
++cyv6Vz1q09cMDXMk9H8KhRC7i+nf0jlimUAwE/cuiKx6Rn3Gdu2TXXv+N3D5IosXr1c+ay6mya5
+jh5MCQukjAukDnR/+bNz+0F9ep4kPU+q2tnb2BIziXcn07vn9aJOpaSkXLx4sfmfW7duNXWPkEUa
+6G6zbjZjzzmxYZtV5de+TtYThlMnDLNrG2HNJNSe/tiFQjbKBJug8WGM68liBefGHWCrzYcFBT/t
+m92nC9XG/GSE+BEnYS/ncmjs9mVsWpumhIISzvf/OpQpVj+FX5x27PO01IkfrZ3nQwMtKPhp+/ee
+zm/xP1om5nEvH+NeSQpbuXlJUGMzjPGTgs7Gc4n01Kz5QaEaJi7zsjhCAHAeM8ZH7dGn/KxLccfO
+q61MU8jEgpK07zfn5Md+Mpm///NE9VVrslp+yV/H4rLvxu6Ibf2adX+LBGUl3HvxB64KodXVT8Sl
+X525+eNod1V4FXKTbz4GOzLIZABAZjDsmu45ONA6n6KNyRVZPIGRYyuDRgoLpIQNoYYFUhia9moZ
+MdB2xEDbldPhqbBBFWGv50mMt5P2E6Fc3gAGvLeI9HHw4MHmr6dMmTJ9+nRT9whZqgUR9NxSWTLH
+8HeQyqoaTqW+OJX6AgCCfSl9naz7OlsDgL0dyRzmzW9bxPTqY7Q04hM0lJacTgCPxwd282AewTm6
++3QhAXT/me/FRAUwyACgkPHT4/ee4ogzD+1127ZlSuuRP97FvYdkZP8ZaxZP9GdRAABk1SVpP/0r
+gSPmXdkV32/fqnGdZleCc3T36XwCSKyQpbHzgz1VOU1WWZB8PD4xX5h+cC/rky3RfQEAgBISEXqa
+e53g3syShYa1CXQlN24KAcA9LMxT/eHypPjzwGDPXfs/Exo3BRMXJB09nFhIiDPjN2XLZA2skGUf
+LglxJ5MAQCbOT9y/P5lXyzl2hsteGtS6qzq+RfwLuw4oyO7jYmLmsZtem7jg/P59V3iyR4k/Xg1f
+8xoDAMB1wpovJ4AgadvWRD64R6/DFVqol7mtX+Hv9gx0t1nyOv3waufUXW5xSx2njLJjdLbFYD+W
+9VuvvvLPWKdre9y/es9p1jiaK9MoAdPYYR1pqbCw8Ny5c83/XLNmjal7hCzbjqVMdyfjjihlF0l/
+u0EcTqo5nFTz9dnnh5NqTPuS3wi2mz7mZeC70IbeV3BgMQAAhALBy8fyE45lE0DynLluTbQqkwEA
+iew+PvaTt3wAgPdrQlbbYmEymeeMjWumNsZWACA7+kTFbo9h0wCAezaxpNO+qK4LtLDVO2NCPZuH
+F8nO/tF/3x7DpoGCl/htQvOc3KAQVdOpaW1LQ+ZfS68GAM+wcW3urQ+a/0ls1Mu9bBn+0bFzg0gA
+IJPJaCEfbIsJVcVWACAzAuaunuMJAMTtnIK2XdX1LVKA+9TN25aGqL02hv+8tUuCAAAKcu8a5L4k
+Jldk8a5xDbk8a4w/Ze1sxtktrj9vcv3fWYxRvl1Z6EohW0UOp34yn3lpR5/v17Lee8M+sL8hN6np
+nmkJqFPHjx9v/nrcuHFRUVGm7hGybGRrq+/XOveefSncnWy2L2Ya+yKsNtGOczWdAKCFzmoc3VTD
+GBceBAAKbk5em5ZI7KlT2k7BpIVMDWMBQG3WtfxOuqK6LgTNnR8AGtr5n2hPAKhMT21uJyAizBkA
+eGkprVeYcbM4BAAMCh/j2Loh9sQJrWeh0vwG9gMAALeo6GGtP4wYgUNZAEDwBWpTGLr4FkFQ1GQN
+b9HQIB8AgHKhEAwAZwtYqrxn90zdBXPxzjR4Z1rnhy2Oc2zvKUc6KSyQOi6QEhZIoRu6QtUwb9th
+3rYfTLXnVzWk50mu50nT86TyBr0mE1zh1L0+gmrYfqIu+PHHH5u/fvfdd03dHdQTuDhY/zPWefW/
+jFvN1RxYWcGx9Swb6xY5fdo0LX6b60Yma/2XfsmDEgAAv8AgDYdTfPq7ArccBGXqswsAAKBff0+N
+nw+eI9mOycnVxOOHQghgtd+Tgrv5AAA+QUM1j2Q4Bg11TeCVE4VFfAhQXdpzUqRn8hmeMPsGb47n
+y1kBTavyg8aHtVlY5dm/X9umWe6uADyAfu4aVj+RyGQAgDqCAGDo9xZ5DvTTNNrDYDoAAJTzBQCd
+LL/SAiZX1KsNdLdZEEEPC6S4OBh93qi7k/Xc8Ffmhr9SIpBfz5Ps+6XrSzGucOq+WObY5dORQaSn
+pz948ED1ta2t7YIFC0zdI9RDhAUasjyB2TrwgbOTfTfc+BU+bzXQpxAKqwEAOEdXrDiqS0uu7u3E
+UhbLGaAaKiuFAB0k1zqCAABwYLa3EYG7ez+ActXEhsaA17hOqzI9lTt3SXOMzMvhEAAkdnhI2wzM
+cndttwfu/bSbT2r4t8iQMLmiXu0BX77jlAgAhnvbjhtCCQukBngaq/bMjULp9Txpep6kVKDvhqyq
+egT2hh4eRjq5dOlS89ezZ8+2s7MzdY9Qz/HxWw7ZxVL9f1eYrcWv08cG6Fl0QDsK3mMBAIBn85Bl
+uVA141V9SXtb2ixyb8JwcAAAIIgOV9dVdn6vnNz2lzolJJwdz80mONncJUGN0ZVzXXUrP5xtpA8B
+w79FhoTJFfVqjnSSjbVVxfOGO6X1d0rr/3Whpp+z9bhAalggJSyQStL7l4KoVqHaaiA9T6q+hneg
+u80Dvl6fSQ/K5Lirq2lduXKl+eupU6eaujuoR7GyghMbXV7bwJd3bTXmQtfsUNLNc4LY1K6cvWi1
+2xoP2b6NlSeM8+pG+NgatuhAR/IKCgEAaP29mkYDHR2cAfgA7MVfxQwzyDXEz58DANBoHf756sxi
+AXRcEUGmaacH9rgwWnY6kZma9XZQCAVAmnWNAwA0dkgQGInh3yJDwuSKejV7O9Ivn7reflB/9Z4k
+PU9a9FT2tLLhzNUXZ66+sCVbqfLruEBKHx23CCguk6XnSdPzpNlFLdZeBg+yDRtCDR9CdaSTojYJ
+dGqzFaxHYFq1tbU3btxo/ufEiRNN3SPU01DJVic3uv7PF4YsT2AObG2s/u/DbluFRqSnphMAQGOH
+NC+Kojg70AAIEFaKm+d1auUpv828TpWyx2UAAM7OHd8qd2A5AlTDc1F71+XznwIAsNxa3tMPighz
+Tk+u5N7gyEJCyTLODa4CwDksIgCMpctvUbfA5IpQ44asq2bAw2fya/ckV7nSW0XSepky9Y4k9Y4E
+AIZ62aoKEAwZ0NHNkcwCaXqeJP2e9FH5y/FUW7JVeCAlPIg6fgi1eVJXVY2+eyhiPQLTysrKav46
+KCjIzU2X3QgR0s6gvjab33bY+eNzU3fEkM5sdjVS0YG2+Bf3HuMCAPjMmOX/8uGB/oMgPRdKMm6I
+I6J0yGWCByVScG87x4HHLSSgxbCuZj7+AbTk60QJ5y4REaZh69dq7t1yAKD5+baKx43rtLg3s2Sh
+IZxsLgCwgsd4gvF09S3qFphcEXrJq4+NVx/6okh6da3i2j3JtXvSa/ckknrl3Yf1dx/WH0qqcXO0
+Vo3Chg+hqJbEVtUoVJMB0vMkLyQvdwxwZVqHD6GED6GGD6FaG2Eq0hOhvEEBxmgZaSM3N7f561Gj
+Rpm6O6jHmh32SlZhvVblCRa6ZoeqPtMVN4ta/G38yZa+s/pA41NNUwhUUwLOPyHP8lX9HpGfX1W+
+Q1PDaqdDaWbZ3JMAwEw4QGMViSfsr1W7eufzE7YuYnqwuqWMikJccCn+8K88AADPmUteU09f5JDI
+sNO56cSjpFOZY2JDtQ9m3OQ/+GEzWsVKcdqPyULQahA0KDKMdT1ZWJhwjMNuU7GKyPopiddOO4yQ
+cJ8zp0u4OVnV5BwuAHhOiDRmcO36W6QLV5YbAB/4j/kAuvztj8kVIQ0c6aTpY2jTx9CUSlBF2Kv3
+JM+qGwTVDWfTX5xNf2FjbRUWSKmpU+QUt6iDMLgfOWwIZfwQ6nAfo9/K51c1dNNnAGojP//lzo1D
+hw41dXdQT7ZjKZP7SMav6nBm/ELX7FCbxlgZ4Zw2mwLQGF4/2dJ3Vp+mVLrQNXt234S+qvQJYEeZ
+5SHdt6ryhOqwA67QOrzSD+1mjLZTOz20bwKUzT0puvOMNsuDsghqVXNhP/G2gTrptQ5jaxTbbsYY
+rSqkdp2UEJc/vpublvwHh6+aq+UZ9dHapqKjzQLmLgnmHMomON9v2lY4f8m0EB9nMgCAQkYIedyb
+qakl/Zesimo9MYAE/Iu798mWvD2N3TjyqipPVQwANPa86M6zpOfcxePT910lOEd2xqvX0KouSP4h
+PjGfAKCFvD1TQzuMsIhhp0tyuXfPkLkKgAFjxhh7d5muvUU6IXn2dwOOADgXEwoGzvVnAADIZDIy
+uZOFX5hcEeqIlRWMD6KOD6L+AxxyS+vT70mv3pMUPpHJG5R/3X1ZAWH0YEr4EMr4IOoA1+77mSp8
+IsPkaiqlpaXNX/v6+pq6O6gnI1tbHVvPmrRZoGx3G2j6oeE28IxozKOplUeHuq1RfVdGOL/eB0oz
+m/LoyfLz3n1nDXdedFK1X6zi5qXGZVg74ojhB2ivr6bvaB5GBYCFtNF2ipvnNJy+o1Q+K5QcHgEn
+UgGAObwP1BRJO1jR5e5ks/MdY6QtzqEVKzQ/Q2L4T4uJmeLP0HBvisZ+b3sMeUd8pph//diu68da
+P++mIZIxXlsytSzh9OVD2y63/l/kOWtjmzFUzfwXbF8Fuw5cFWZ9H5f1fesOh7z7ScwwjbmNHPJa
+2OncdE42BwCCJkww/h38rrxFOnKPmhOSfDCL4CXv25BMZjCgVixjxx5ezu74NEyuCGmrsabANPvH
+FfJrXOmec88BYPsiZvgQKpNugtv2WI/AhJ4+fdr89YABA0zdHdTDOdmT/rnCefWh9soT2LDsoPSO
+qPnfJyoVa3xJALBoKNke5H+efHnojlL5rFBrb4BSAKiTqY2Siu48o81itEgFi5xJAIqnqa1OJ4dH
+wImT9aWhNP+hdEithYW23qC4ebe2ne41Fh3ontlNZAaD5TowKHTSpFAfRgeDdyRGyLKv2JOzEs9e
+vvFQIK6VAQCQyAwHt/6jI6ZGhrTNZWIxbcLa3UGc5IRLqVyeWKYAINPcB4REvTU1bIDWSZLECFq0
+86vx6Zd/Tb1RxBNLVX329AuNmBUV5tlBM43rtABIQWOCu2U7Kt3fIl2Rh8VsX9v/1Nkk7iNCJhaT
+6QxPt843hMXkipDO+rvY2FEaJwkEDrA1SWwFrEdgUhUVFc1fu7q66tESQloJG0JZEEE/laopHUZY
+swBa7BVa1lDzsrq7zawDfWe1OEGXLfnqGko1PyE6X0Rd40FZBLXenU0VOLyaZfiiA+zYw4f1bYPc
+N2TuqpC5upzBYkfHsqP17B5jQNjcVWG6XBcA3NzdASoB2OEhGnfC7fCK7OXtP+kWve1wu69Iy7eo
+o/Y77BvDLyp2k251szG5IktB5Bw6erUMHMLmvzPZxdSdeUmpVxlXvWA9AhOqqalp/tpBtQs5Qka2
+9k1GRr6mUiapDcLZLR/pa23/8h+al14tav0AvR8DoG1pPztr79YPNY7Cnrgre8+XHB7BZHU4VWDx
+6/TgQbiFn96knJw8AKCFjWPr3ZZlw888ZCH4ObllAADPc+481HdHKQMwYWBV96Csx5bYMXNS6cud
+eqlUnLOBuoOqPIGNhsntcmEdeHszm/+9yLnxw/1EpQKA1C/i5aGLVrtl73ZujK125PCXT9mw7KC0
+VKTebtvTP/G2eTkKmyotqCP5h9myQFHQzlSBbi060KOJr15u3MbVaPUHLAUmV2QZKnKLnwMACaAu
+706u6eOaEswiurba2QB1G6Xa3y5W3bWpOkJUstXPm9rOTqmNvSOHPrSEhQAAEOH8nm/Th/vJ8vPP
+SKNnu34CL58qvdNcHIs0ekpjiv1kC827Tnr+ZMuGTxI369ROX+g6qw+onV577YnCvo+NfYv5si91
+b9GBHk1RcP4SDwA8IycZdTcsi4DJFVkCxcM7OWIAl5FjvQDgYXYeYeoeNecWpUlHXxMzTf5OIIS6
+1QBXm81vt5mgcrI8OFPuHdo3+0Df7NnkgqKXf97viCs7/8xm1gHVUxRhZtOWWAAA8ptPyGsO9M0+
+0HcWQ6qp3Gtt7Ea100NJN8+pnw4n7spqAGqeaJ4q8NMml24rOtCTiQsSvvw2vRaAHjY3EgewcZ4r
+sgTy3Nx7dQBMT/8wBj/9If/RvQLxsJGm/fl9mVxN2YsnQrlMriTb4GcDQr2I5vIEJ8uDT2o+fkdc
+2Y52mnq6XxDb5sET+wUntDsd+lrbt7OrwOa3Hfq7YMboOv7FbdsuCGlkGaGamkTynLluiT+ON2Jy
+7eHkBP92TtatgnIhQdQDANjQnFwGB46dNNKzVd1Q4c3j+zOqWGMXrx7tVFtxLy01hyusIuQAYEN3
+GRASMj58oION3qeA9MG54xduEzae4fPfH+mk7csg8rIfAoDDED8XuuMQ3zR+UUVuRsVIk67TUrb5
+wlSeiRS4qytCvc3Odxw7L09gfJ9428Azom3drCi23eywV0zbN0tHpjnQrPmEFIBM8xwWPfftKH8c
+bwUATK49GZF3bvcVXtNiJhs6zVpCSIkq/u1r53ILx/5tfkjbuVJVVdXlN38/lFGh9stQXlvxIOXi
+g0yvibEzhjD1O6X+Afc2AQByXl6xcGRI57u2AQCAuID7CACcAoNdAMBvqNeVoofPc+48jJroZQZ/
+fZp8qdadknoPlp2p3waEULeyJsGx9ayoTQJTdWDRarc1viSok+7bKGr1lNGKDphMJ1s+GQcrYs2+
+CP2b6YEwufZctMFD/K/L6SPHBg9xd6eo/k/LK/MufnflIVGRkVw4cqFf6//9ige/HyqUO/i98daE
+gapTFPKqgmu/J+RWEA+v/Pua09/DW9fQ0+kUWxqFpCpJaKv9auyKjNwKAOgbGMQCALAJ9PM6//Bh
+3YPiBxO9TFe6yOSBtdm1e5KpIZhcEep1nOxJh1axYg8Iu3Z6qykBhjrdygpOfdRNRQdQ74TfXD2Y
+jd/b7701baRnU2wFABvnwJkzBgIAFBY/0nCKXG47cNryyX7Np5BsnAInLIgd7QQAopyMW4R+p3i9
+On+s3wi/kfPeGEYHrTSuzQJ3tn9jZT1bv+HDKQDSe1mFJrxP9nK2gKkj7JVWc90QQr3G6MG2CyK0
+/GXaTQ6vYjFoGC2QEeG3V+/Tx9UFAKC6UtMf6k6hYwe2Hb9zHR3iBwDAu1tM6HcKzW/0G7Mnjx+q
+7WydxrVZJK/haiWhvYIGUgCgMCdXrGUzhvdybwGTdaGRqh6BqXuBEDKNtW8ywgMp+rdjEOtmOwT7
+YtEBZFyYXHsfZ6cOYqOLu8Z1UzYDA70AAHj8ckOcojX5g3sPAQB8/Qaq/zL09RtkBwAVuRkVXWrW
+kEw+5gpYjwChXszKCr6JdZ4eQtO/KT19tthxQQSuykJGh/NcezSFvKo0996dJ7yS8heKeqK203zj
+5OSs+QkbBo0CIFU8F9cC0PU8RWvi3OxCAICB7FZTcj2Hj2TcSxc/v1dYMdnFJFsMmENgbXY9Xzpi
+II5zINRLWVnBtsXM6WPtkrLqzmd09x7P9nakGaG0RZGvuDJxkxPUHTC59lhEYdrZn3Ibt0yxpdGo
+trS+Hp6uFKirelhYIdW1OQeHVwCkUC+RaB1Du3BKS41rswAe/Lj/nxqPEN27UxQ+0RTrtJTmsZ+r
+yh/ZdX+bZq9/OwghyxU8iBI8iPLJAmYXpg/dvn27+esRI0Zof6INycqOgvtJo26FybWHenDl2Mk8
+KYDDiImTJw52Z6j9jxbePN6F5Pr8+QsAnfYE6Mop6prWZnVIei+rcIKvn0m/j00fXbEeAUKomb2d
+zvMAx48daepeI6QtTK49kvze9TwpAPQNf2t2oC6zn6rKywE0bbNKCKukAEByYND1P0U7D4qL6wDA
+Zfz6+RrLZRHXT3/3ewUU3smr9dN2pwKNb1aD0sZa58ynbAqsXRtzrZMaOO9iPQKEUJcdOnSo+evY
+2Fg9WkLI6DC59kjiF9UAAE7+Xm1jq5zHr2r/TP5jAQS6aTipWAAA4OnuaohTtCAvzMqTAoDfyGHt
+LCijjRrpdfmPhwoBN5cYNq6LqxMeV8hnbCtfPsV+lo4tdHlvAYUCjvxe892lmq51uD1YjwAhQ1Eq
+4YVUSbYGCrm33Mf44IMPmr/G5IrMHO4t0JO9qG5zt11RdfPqww5OITjZhW23B32QlloIAOAVrGEE
+V6dTnt+9lnj819RbHYRnAGhem0UZEtL+TIDGjV2hIjNHny0GnokadpwWxXwjvFGg8xwK0HHMNTGT
+mLH9mcFjKwBcuycxeJsI9TYlAvmq/6satbrstQ38cWv54ev4e84+r67FXecQMiOYXHskJ28/BgBI
+72RcfUA0bSggl/ILfz9wIqvj0Ch98PuRP+7xXp71/PYf/zmeJwUA97Hjh9nod8rDjLM5D4se5v56
+Jbe2o140rs1iDhne4eorr9AhDqBap6XvW3b7Qf3fDlZu+aH6UblWO0zpOuaaVSh9/5/Cz06K+FUN
++vZVk8s5WI8Aoa4rEciXfC2ct7P8ev7LPwLr6pWn0l5M/Icg7rRIhPkVIfOAswV6JpdXxw/kXHxA
+VOT8cDSHZEOjW9eLpXIAIDGGLHz9laRfsio1nuc1fg4t92zele8Kr7R6hu437Z3RTiT9TqknpI2/
+/DvecKCi4J4YAFxCR3ay45X7yGF9c66WSYu5Dyf6eun/vl26VXfpVt27k+jLo+3JHU5+VWr4SrMn
+QvmRSzUXs4ybLK16y11NhAysgCeL+1GU/1jWwTG/XCd+uU7MDKW9P8Xe3QknlCNkSphceyi7gdPW
+v1P4++9ZXGEVISfEchuak/vgwLGTRnrS4aEngObkKpa7z3hn/fB7aak5XGEVIQcAG7rLgJCQ8eED
+HWz0PsV2YNCI6w9vE7SBwwaxoF1Fd+6JAEhewaM6nXtKGxbqdfXcQ+mdXHjTy1Bv3r8v117Iqls+
+xf7N9ie/arMrVoMCjlyqOfq74ecGdNAfhJCW7pTUbz0u4gm1LeSRmEkkZhKh/pTNbzP7OmN+Rcg0
+rJT4iWeZ8p7dM2RzwpvH92dUgdPY1YtCWEY7xaQWxznqespwH9vlU+xD/TVUVvzhSu3+RDEAxP+d
+pbEKwPkM4rtLNYJqo8wNaGve+Fc+fsuhe66FAMBKbZQbf4taFiXAnQf1W0+InmidWdsa40fZPJ/Z
+r6fkV/x+RhYEx1wRatedkvqVByvfGGW3fIr9ANcWPywdzHPNKpQeuVTDeVDfnV1diZUIEOqMEuD2
+g/pPj4vKKvUtmHyjUDpj27PRgylb5jNxQzqEuhMmV4Q68futut9v1b07if7+FHvbNrv9qw9P8Crk
+3/1u9CmtbS2OpNvTcLUlQu1SKoHzoH7rCQNkVnU370tnbn82ypfyyQIHDxZ+niLUHfAnDSGtqCa/
+vv+G/ewwGrQZc21QwJGkmqN/dMeU1lb6u9isnsnQvx2EeiSlErKL67eeqBYYZ1sPALhVJJ25vXzk
+IMqnCxw8XfBTFSHjwp8xhLRVLmrY+aPowg1iebS92t4Cym6e0qrOmgTHN7JION6KUBtKJdwqqt96
+ovpZt/xs5hRLZ31Wzh5o++kCZn9X/GxFyFhwhZalMvAKrV6gCyu0OjBppJ1qC1X2QNtuntKq7od1
+LkFeZFNdvTfDFS3mTKmEm/elW0+IykUm+HsSAEb42H66kDnAcvIrfj8jC4LJ1VJhctWVYZOrOVg9
+k7F0Il3/dlAX4Ce9eVIo4do9yec/Pq94bprMqm6Yt+2m/3Hw7WcBf1vi9zOyIBbzFyFCSN0YP8oS
+jK0INVEo4UpO3fZTIkm9uQSv3NL6t7+s8Haz2bbIMWiABeRXhCwCJleELI8r0/qfsU5YNgshAFAo
+4DKn7rOTIqnMXDKrulKBfOnXFV6uNtsXO+LcHoT0h8kVIcvzn7Ussg0GV9TbKRTwR07dZ6dE9WaZ
+WdU9LJcv3VMxwNVm2yLmMG9b/RtEqNfC5IqQhfniHcc+jrjzOerVFAq4dKsu7rSoXm7umVXdo3L5
+sr3C/i422xYxh/tgfkWoK3CFFuoJFAqYE1f+uMKQe4ybp2khtO2LmabuBcIVLSbToIDfb9XtOCWS
+NVj22+7Bstm+mDncx9Yc7p7g9zOyIJhcUQ8hJhQT/yFoUJi6H8bU38Xm7BZX3L3VHOAnffdTAiRl
+1X16vNrUHTEkNyfrXcucTD7/Fb+fkQXB5Ip6jtzS+mV7habuhbFYkyBllxudirnVLOAnfTeTyZUf
+/bv6r7sSU3fEKJZNsl853d6Eg6/4/YwsCH4Kop5jmLftymnmVAd1oWv2AbdDEYZp7PgGF4ytqHdS
+KmHWjvKeGlsB4PvLNV+deW7qXiBkGfCDEPUoyybTg30ppu6F4a2eyfDzwP10UC91s0gqqDJ9ZQGj
++um/L2rqevRsJ4QMBPcWQD2KFcC3HzhN314uNIMKOoYSMZyKRQdQb7b1uMjgbQb7UoIHaVjdz69q
++O0Gof5IXyfraWNoHbeWXVyfXSRVf2T6GJq7U4s9QC7cIMo6zN/xf9T+fZY53TVCyCxhckU9jS3Z
+6vu1rOlbn+nXDDPhAA0yCQileQMAQE2ReML+WvVnvRu/lp9fVb6j+byFrtmhqh8rxc0iA4yguDKt
+v3jH0RxWHyNkEmJCUS4y/B+ie953tLfTcNcxu7i+VXJ1d7ZZEW3fcWtHLtW0Tq6htFbJeNRgyvJ/
+djQR/2QKJleEOoezBVAP1NfJOm6po/7teIfSILMseFVZ8Dkp+DLSVtMBACKc0w7QvJ8RwavKgleV
+nX9mM+uA6yeqExa6ZofalDaeIvP3NcBfhlh0APVyRWVG2e1OY2w1Ko1DvOoUSsAJAwh1CsdcUc80
+ZZRdZr70QhahVyvPiLknAQAgtfLoULc1vrRPoBbCKPZ10n1xItUhO+KI4Qdor6+m79gPh4bbtDlF
+r+vvXe6ERQdQL3ftnhEXZrWdG1BW2Xp8l18pP3KppuN2bhXVt3rkt0yieRR2+ZROhmybPSiTjxiI
+FQoQ6ggmV9RjbV3I5JTUPxV2fcCmtFTU/PWJu7L3fMn9IujAABA3nHh5lOjOM9osD8oiaGDZQekd
+tVMqFWt8uz6uMy2E9tpQqinfQYTMwB/ZdcZrvKyq4XBSjf7HtKUeiLVPrjnF9ZhcEeoYzhZAPRaJ
+BCc3skhGuNNeI9aUhiOsWa0eKWvQ+eOuiao+pFHfH4TMX71c+ay656y27FRipn63iRDqBXDMFfVk
+9nako39nvbvPEOUJ+lo3D5vYM9r84IgbTqTCrNntnqITaxIc38iywtmtqNcTGC22Lt9fCQC1Zjav
+9IlQLm8AG5wihFD7cMwV9XDDfbpensDbm9n89SJnEtTJrqXWPhUDMKwXvTyKObyPahRWLqxrc0qX
+HMOiAwgBAMDtknr9G9Eou0iaXSQtfCIz9UtszXhhHaGeAcdcUc+3bDL97qP6/3ahAE8fWsJC0dyT
+ABHO7/mSSjMrTwBAuvT12ZQ1W5gn4kQA8MkWmjfIz++vBYDYO7Ts0BanAOg8orN6JsMfiw4gBAAA
+17h6Lc+ytyO9Noza16n1GGbbrVU7nYradi2Xxh1h7z+VpeW27nN2sQ75u/CJzIOFg64ItQuTK+r5
+rAB2LXPsQnmCmiIphPbNDgUAKM0sa940YEIqM+EALfsADQCgTrpvVWXjgq2T5cHgmt14iuJmkXy0
+jiu0Xh2KRQcQaqQE+PO2Xsl1eqjdutkObR/PLq5vlVw73bG17T6vo3xtNebdBbsqWg3lLv+nEMAK
+QKlNn69w6l4fgUszEWoXJlfUK3S1PIF07qpKTY+L5q4SaT7jZHnwyS52kuVgvWsZFh1AqFENoe8k
+1AnD7Lq/2xOGUfWZhHCFU/fFMgNsR41QT4XJFfUWfZ2sv3rPacPRKlN3pF0nNrBsyRhcEWpkwBoE
+raYH8Ctbt9zpjq1t93m9VVQP8PKs9srJ6kpVj6D7CyUgZCkwuaJeJHI49Y1gu9+NuT1kl+1538nF
+ASe3IfSSAWsQ/HqjrlV11la6sGOrao1X8z9XRHdeJUtLWI8AoQ5gckW9S9xSx7uPZFqUJ2h/PoAR
+vPXqKxOG4cw2hFowag0Cc4b1CBDqAN6PQL2LlZWxyhN0WX8Xm41zHfRvB6GepCfVIAgeZKv6T8vj
+sR4BQh3AMVfU69jbkX7a5DJvZ4WpO9LYmVMfuWDRAYRaMUhs/S2TUN3Qbzux1eCap73eKmq9B9aR
+/22srxe8qkybpp4I5Q0KsMaRJYQ0weSKeiMfN/KvW/vMiSuXNWi1T42ReLnanPzYhYqrshBqg6NL
+DQI/D/JrQzXPt1EqAQCmjaEZsG81dYoLN+pqWtbfajXtVU/8qgbc1RUhjTC5ol6qH8s6bbfbT/99
+8futuvtPu7uOTmgAJXoULXq0HY62IqSRTjUIDq927ubF+KN8Keu+M+JGJViPAKH2YHJFvRfV1mrp
+RPrSiXSZXCmRdd/g6ytUkllNtEXI3OhUgyDYl9L9e0gZe0kl1iNAqD2YXBECso0V2QazJELmQv8a
+BJYO6xEg1B6cAY4QQsi8GLAGgYVS1SMwdS8QMkc45ooQQsi8GLAGQbdprqGVXVxvkKVaWI8AIY1w
+zBUhhJB5scQaBKN8bVdE26+Ith/la5i4mVOsw+4KCPUemFwRQgiZkZ5Ug0AfWI8AIY0wuSKEEDIj
+GFtVngjlMrkpN5xGyDxhckUIIWRGdKpB0LM9E+EiLYRawxVaCCFkXmpray9evHj16lU+n8/n8wUC
+AZ/Pl0gsb9GSTmbNmvXLL78AwA+J9wD6mbo7XRc8iLJ8CvCrGn670Xi7P7urM1bvlNR7sOxM/YIQ
+Mi+YXBFCyCyUlZWdO3cuKSnp0qVLpu6LCUyYMAEAnj8XP6yx4NgKAMG+tsG+ttnF9c3Jdfk/hQBW
+ADrf+r92TzI1BJMrQi1gckUIIROrqan58ssvv/zyS4Wi994dHjFiBADczS8FcDF1X4yhKzNWsR4B
+Qm1hckUIIVPavXv3l19+WV1dbeqOmNhrr70GADe4zyw9uar2cy2rNMA6M1U9gu6vbYuQOcPkihBC
+ppGXl7d48eKcnJy2TwUGBk6dOjU4ONjd3d3Nzc3d3d3e3t7U/e0ONi6hALWm7oVesoukh5NqDNUa
+1iNAqBVMrgghZAK//fbb4sWLnz9/rv6gh4fH6tWro6OjhwwZYuoOmoYl1iAwquv5UkyuCKnDexAI
+IdTdvvnmmxkzZqjHVnt7+507dz569GjDhg29NrZiDYK2MMoj1AqOuSJzJ3mYkXS1VAJU74josR5U
+DUfIRfmpSecupZSKAGyoTN9xc96MHjuIqdNFBLdSUvJFQHUbOyXSmw5GuYpclJ+cxBECsNjRUQFM
+jT98otKMS+fOXs0XSQBsmN5jo2dPjwxgad2yJsyh0dEjdHo3kHF98803a9asUX8kJibmq6++cnTs
+7WtxLDq2llU2qHa/MsgM12aqegRkGytTvz6EzIWVUoklOpDZkghSD65bsv7UEwAYG3c1aXM4s/Uh
+Ik78xoXvfZff8tGx636Oj5sXQNXmInJRxvfrY5bH5wOA/8qLyd9Ge4DhryLKP/VZzMJ9GQBAXXwy
+78gC7zanSQrObXl/zp5rLR/1jzl6/OuYUcyOGq/Nj3838L0zmp+M3p9zdhVbq04irVlZvUwSOv0W
+/e2332bMmKH+yOeff/6Pf/zD1C/ILPx6g9h+QqTrWcG+lCOrnbu/t8v/2fjHIr+qoazKiJk7cWsf
+D5a1UV9Ll7+fEep+OFsAmSuJIONADDtSFVvbPSZp98qmQMmOXhyz4E02AABk7HkrZk+qoPOrCDnx
+qyPHqWKr0a4i4p5bPztQFVvb70nGwbVNsXVQ9IJlC2aHUwEACuLfW7bl3MMOd6GXiwRCQOZPtSSr
++Z8UCuWnn37C2NrsGteSqi0c+V+W6r/poTSjXugOFhVDSA0mV2SOJIKM+NXR41af6jgVirgnD36R
+AQAw/es/edcvHjt68lwO/+rXs+kAkLHlX2fzO1yjLLp9av1bI9/7FweMdxW5JP+3nQvHztmT2skr
+zv/t27hLAABj/3GxhHPx5L9Pnk3l5xyJcQMA7sGDpzkieQdn11VXAACM/ex6tUzZykUccDUbrZZk
+HTt27K233jJ1p8yFEuDP25aUXLvNtXv4tiD0EiZXZH7kIs53W977jgMA3ou/Prp7AVPzcaL81KQk
+AIDIuI0xkU1TYN3CY7Z8Fg0AcOZcElfU7lVEnJOfLdyTCgDU2Z8d/fb9ADDCVSQPz+3525akWgCI
+XHfk6LrQdo6rLb1+6ZQIAEas2/K36MaJtjZM9vx1cfOpAJDy89mc9kdVJRKRSAQA4M5iUnHuurna
+vXu3+gZYn3/+OcZWdYTEwm5SZxfXq/4z7MTWti7n4CIthF7C5IrMjw1z7Pub46YHzP78zz//b2Wk
+l53mIcNafk5GCgBAeGSkP1PtCab32MhIAICUlJul7Q5WMNkLN327YETk5nM5JzfMCWC1My6p31Wo
+g2av+zyGHb7yJOds3LyR7u3syCkRcDKuAgAERESOdFN7gu49LiIaAOD29YxiUbvvWG119RMAoFKZ
+OLpqplRVspr/GRMTg5MEWlFY2vTK5f8Uqv5rrvJqJFa4OgshNTg+g8ySW+TmUzkSOpUKUNreMbX8
+0iIAAGZAgFvL3QCYbt4BXpDyEPKL+CI5262db3PmqJXxV2OodCrIRWCsq1AD5n97/U0qlQ7Q/kUk
+Qn6eAAAgIMC75Z4DVPdBAWwADmTklVZLwjUnU0mtiA8A4O1Ot8Poap7Uq2TZ29t/9dVXpu6R2enF
+hW87YWmRHiHjwuSKzBWd2nEIk9QK+E8AAALcmI6tvpGZ7u4eAA+hVMCvloAbvd1GqPROkp4BrmJD
+pdKhk6tUlAoAALzd3RxbdYjq4u4OwAEQCAQS8Nbc3bpqCQBA/rl/rROdEeVk8L3HjnT3CBgXFR09
+vp3tt1A3KisrUx9w/fjjj3EDrLYYNBLzFZLoBQbY1uaNf8XUXUDIjOBnGrJYkjqJCADAzs6uzTcy
+lWoHAAC1Iolcx2ZNcZU6iaRO1aCGn8jGBF9dXQdyzT+yEpFqzBVKL52KBwAATjEHAA5+sd57/tdH
+d6+M9MChWFM6d+6comlE0cPD4+OPPzZ1j8yRlRX87yzG9pMiU3fE7Kyc1isK/yKkJUyuyGLJVZFS
+E5umuKdnbO2mq0hAUtfuLgpUOyoLoMNNr5ijF8atyt+ZQR071N2OzmTKRXxB3qlfMgCg9PT6qUC9
+/n8r2Uy93wrUVUmqNX4AALBq1SoSCRcYaDYthPb95drHFfr/3PYciyPp9jT8hkHoJUyuyGLZUJnt
+PSUHiWrNlI3e3+PdcRUqUO3cADSHV0mdRAgA0MGmAVSPsTH7/4xp+WD8w5Q9q1/f8htITh88uXgO
+e4obIFOora29dOlS8z+nTp1q6h6ZLxIJfljPmvgPQQNOGQAAgP4uNqtnMkzdC4TMC/4lhywW1c7R
+DQCguqau9ainvGkxDF3vxfbdchU7OtMRAKBaVNtm+xu5asMrsLO30ykfU70iV26MGwsAkJ9yNU+E
+w1gmcvHixeavAwMDhwwZYuoemTUGjXT0753WO27h/hNZ9/fz/lOjX9SaBMc3snCAHqFWcMwVWSoq
+083NA0AA+U8E1XJQX4ckqRUJVEv1Pdwd9QuV3XMVpou7O0A+CPgCkQRAvTFRRTUfAIDq5uGm60Wo
+HgGBHpDxBPgiEW5lbirXrr2s5xsdHW3q7liAYd62706y//flGi2Pr6lTrPuuakFEZwshDaeGUBy5
+pG33uuzfa1zoVMytCLWGyRVZLLp34FA3uCWQ3M0pFS3wVrsZLinNyVFtCODrre/K+m65CtUtgB0E
+KVzIuVvKl7DVdhAQ8bkZ+QAA7EBP3eOxpLpaAADgzsSNXk2Gz+c3fz1q1ChTd8cy/G26/Z3S+uwi
+qZbHp+VK0nJ71F9nq2cygrzIpu4F0hnnyIpD2QDBsYeXs18+KkiOi0vg2U1Ys2u+P/4xojdMrshi
+Ud3Z48fB9+fgdkoSRxDZPI9TLshJTuIAAESOY7s3JTaJoLi0muoe4ME0x6uwAsaN997DLRUkJ2U8
+ifYe1NSeKD8lOQUAYMS4sYOa2pSISh/ywc3buzGOSiS1GjfekpRmpCTJAYA5cqg31tYyFfXk6u7u
+buruWAYrgG8/cIr4WCCp7417mY7xoyyZ2H1DyJaKc2jFoba1u8k0R5abX8ikyVHsvuYS/YWcGzwZ
+gKywpBz8u2fFgZiXfuFUMofHFzdOayEzGG79R44MHRM+wodhLm9MF2H4R5aLGhAVsy4IADh7Po07
+dVsEACAXcc58vf4LDgDAvNnRQUwAAJDkfxfD9g0M9Ixc/1upjiMz3XIVqnfkvJixAPAwfsvn8RkC
+CQBAbWnSgS3rLwEARL41Z6Rq7p+k9NzGcT4BgT6jPzxV0HjYydVzPtx3LqNA8PKitYKM41s+fPeU
+BAD8F0aPdccxV1PB5No1tmSrM5tdTd0LE3BlWv8z1gnLZnWVjKjml2QmHtr+4YZD6ULzWOrHYo/x
+JAPZje3fLd/R/NR9Gz6KO/ZXSXNsBQCZWMzjpiUe3bXhSJYJJoYbFI7DIEvmERmzMebckvjSWwcX
+sg8ubPFc9NerFwaohi1qS68nnxIAAHDOJeevn+LtptM3frdchTl2wfo1Z+fs45R+/+G47z9s8Vzo
+5nWL2aoJCRIBJ+mXfACA4viLNzfP9vemAkhE5w6uPXdwrcaG2es+XxfthcHVZNSTq5sb7vCgg75O
+1juXOm7+odrUHelW/1nLIttgcNUeO/ZwbPONeRkhfi64m3zmfFqJWMw5tvOU875F/qbuIYBb1JZv
+o7rnUrLc+N0/FhAAZLew+Uujh7o5MGhAiOsI4WMOJzX9r0LnYLZeQ67cY2sOlERt3xZtul9mOOaK
+LBo1YH7cyf+LCWj1sNvsuF+/XRnObPynDdWR5d34jEsXFlN1y1Wo3rM/jT+5Zmzrx6PWnf1ufXRT
+KQEqldkUfgLcmXZUALBx9A6K1Nxm0IJvU87GvemNudWEJJKXQ+H29rilvG7eGGU3LYRm6l50ny/e
+cezjaG3qXlgwMo3B8gmb/9H22GAaABDpyVnaTpbuGcTpf2QRAOAWvXnrkjAfFoNGBiDTGAyWT1DU
+nFXb9n+7KlS/4JrNIUz9InHMFZk7x6EL9hwbWweOgRoHDm3cxn5wNGfKypSMnNKHpSK6t7dX4Njx
+Y72ZasdQvaPXfvs1PanUflzMB2M1rKayoXpHbznpWw107wAmGOsqVPdxH5w8Oh/s3NiOGn/ymOwF
+e1Mil1y/fje/tEgEnt7eg9iRYwNarK5yG/fh7qNwhgPs2R9GuQEAUN2iP/uz+l1Ozs38UhG/9G6+
+iBnA9nV3Dxg7boTeC9QQMrWtC5m5pfW9oTzBtBDapGA7U/eiZ6CxZ0S5ZyfyFdy7hRAyzNTd6T6P
+H5QAAPhMiHA3xsikgptzmwBwMO2LtFIqe+P8d4QQ0oeV1cv7uR3/FtX+SNQeMaHo8eUJ+rvYnN3i
+aqrdWy3yu7RxhVaL2QJtnw5a+u2qca1GGWVCTnLCpVQuTyxTAJBpjL5+k+YsiPJrXfRBtVEAO/Zw
+LLv1Ke4DQqLemho2QPMprfcW6KirMnF+2pkL6QU8vlgKAECmM9y8xkTMig7zfHm3QVZdkpVyMfXm
+Y8FzsUwBAGSam2fQ+JnzIv0ZLb5nuPEfHMhSgM/bX30UoUMNC/Gj9Is/J2c94hMyABKZ4eo5ckrM
+3FDWyzdOIeT+cvqHVK64zSRZ9xnbtk3t1hn8OCCDEELIrKnKEyzbK9S/KfOkXnSgsrKysrKy+Sln
+Z2dnZ2f1g1sd0OVjegkyuWVsVfDTvtl9ulDtjreMED/iJOzlXA6N3b6M3XZuilBQwvn+X4cyxeqn
+8IvTjn2eljrxo7XzfLo+naVtZwBktWIeNzk1YFKYZ+MjxNV9a04UNP6DRGY4kuuqCUJQknVmX1bm
+zG2botWGV/sP9IGsYijh3iUiwrTrGME9sfPAVbUfLoVMLChJ+35zesrMzR83NS7kJt98DHZkkMkA
+gMxg2DXNanGgdfdWBZhcEUIImbth3rYrpzEOXhDr35QZOr6hsehAbW1tRkaG+lODBw9um0rv37+v
+/zEXLlxo/vq3334DgOnTp7fqmPoxKtOmTTPhMTooefAAAIDBavGiCc7R3acLCaD7z3wvJiqAQQYA
+hYyfHr/3FEeceWiv27YtU1oPH/Iu7j0kI/vPWLN4oj+LAgAgqy5J++lfCRwx78qu+H77Vo3rWnZt
+6gyJ4T9xwdwpQZ40MihkhJDHvVlAC3k5YkoLCWNfrHeYODN83EDPxpgoE149tPMEl+AlJmRFqU1d
+ZYSNDzpdzAXusZ3fk9csCmF1lir5F/ceuCoEEitk6YdLQtzJJACQifMT9x9M5j1K3P1D/93LgsgA
+4DphzZcTQJC0bWsiH9yj1+EKLYQQQqhDyybTg30ppu6F4a2eyfDzaMwX9fX1g1tqO1Dq7OxskGN6
+NCLrcroYAJzHjPFRezg/4Vg2ASTPmevWRAc07WpKIruPj/3kLR8A4P2aoGFFl0zmOWPjmqmNsRUA
+yI4+UbHbY9g0AOCeTSzpWh+5CceyCQAae/n2NXPYjZGURKa5+oRMjQ5Sv9VPCYn98qP5E/09X45u
+klnjVy0JBgDg5nLVWyWHxsSGMgBAmBm/ec2GXafSS6rb3wWrOu3YBR4Ajb18c0yoKrYCAJkRMHfL
+yjAaAJF5OpHX7f/3OoNjrgghhCyAqjzB9O3lwucNpu6LwUQMp6oXHXBycnJycur4FG3u+2tzjPqI
+pvo81/aO0aYdYx/TORkh5HGSf0xIe0QAyXPmh3M91Z7kXE0nAGihs6L7tj6PMS486McSroKbkwch
+reaikthTp7Sdx0kLmRqWyEkW1mZdy5/vEwC64lxPJwDAb+4SdhenG3h6ekI2D57y+cBW6x+Nvezz
+nQGnvz2RzpeJS/46tuuvY2TnoAnz5s4c3pxNG/Gvp5UoAAZEL2jbh4DwMMf05GohN5c/19O8NqLG
+5IoQQsgy2JKtvl/Lmr71mcFbXrTabQ1DdpNBGW0H8IwIjhN9sqXvrD6Nz9YUiSfsrzX4RV2Z1l+8
+44h7t+qHc2jFiraPkh3Z89fGhLXY+b9Ete7eLzBIQzMUn/6uwC0HQVnLHAgA/fp7arw/7TmS7Zic
+XE08fiiEAJaO3S64mw8A4MMe2uVpsiw3FoDGEVEyK3TJtpBZvPTL51PSuGUyWSU3+RA3meE/c8WK
+6EHNF5SVlPABgBUUpGkxl09/L4Bq4D8VAGByRainUM0kGzx4sKk7glBv0dfJOm6p4xZjlCfoQ/Ev
+EgfvrwWAT7b0ncWQ7ltVeQIAIpzTZjMSFtbOPWngC2LRASOhha5qnJ2pTiEUVgMAcI6uWHFUl+Zc
+3duJpSyWM0A1VFYKAXRMrgoxQQAAODC12wFAyi+4mp6eX1Dw9DkQYrE2m9SSGJ7j564aP1dWXZJ1
+6cz5qyVicUHiV5sfx+6MbRxhFQrLAQCEF7etuKjfO969MLki1HWqZQ3r1q0zdUcQ6kWmjLLLzJde
+yDL4hujyPxsHVun9GADihhOqh1MrJ6Qa/lXsXe6ERQcMocVWU+LUXRt+LCGyzidPCWq9hKhcKACA
+luvi29JlpTzDwQEAgCDqdO51Y2fc+3c6mqkQc3/ce+gvvqy58zSGp6+/Ox2Ip1wur/OfArKjT9iC
+j8KmcY99dSC9nOAcS+AOXxJEAgABvxwAgExn2HXwoundvXVApzC5ItRF9+/fV4253r9/H4ddEepO
+WxcyOSX1T4UGLU9Q11Da+FXttSf00b607AO251eV7zBC/6eF0F4birXtDI/x2pLotG1JAl7i8bTw
+DRNajGc6OjgD8AHYi7+KMUxtAvHz5wAANJru9SMaO8N/zAfocJF+wamtB64SQGKFLIiZF+rDUIuR
+/IvbtEmuTW9N0JJlUXd3JYsJTk7hkqAAAHBgOQJUg9vEj7ZM0XW2gynh3gIIdZFqwFX9C4RQ9yCR
+4ORGFslod9pP7BcEZ8oBbGYd6Jt9oG/2budFhmu8v4vNtkXMbniXeiOS+8ylUSwAKD79w/WWqY7i
+7EADABBW6ri32lM+X/MTZY/LAACcnXWPfRQHGgkA4Lmow85I05OvEgDgOeejmPEtYmtX+AwcCABA
+EI0VqVmqLcMqKy1sp2RMrgh1RfOAa6uvEULdw96OdPTvxhwoOlkevKoseFVZcKYc7ChrtjAN0qqq
+6IAVzm41Hp+Z80NpAMA9c6zljJKB/oMAAEoybugWXQUPSjTOK+VxCwkAoPX36sL3oZ9/IABASV6B
+rIOjqp9XAgC4j9SwhqpxfZUOpETjlIPGyRKMgT4sACCys7gWVaAOkytCXdFqnBWHXRHqfsN9bFdO
+06HEZRedLN9XpACGtUGGXY81FR1ARkMO+p/5bBoAwTn9E1ctF5JDIsNoAPAo6VSmTtmVm/xH24wo
+TvsxWQgAzmERum+JBUAOGR0EAJB7Op7T6R3/58K2o6JlScncNg92GED5fyRzAYAUNNSv8RHPyCgf
+EgCRnvArr6MA3cyV5QYAqkkOpoM/PwjprO0gKw67ImQSyybTXzX8hFH6od19s18OsjJn+ZJqnkhP
+6N3u6pkMfw+zW+/SA9FCFszwAQAiM/50vtrjAXOXBNMACM73m7b9kF5S2ZTWFDKivCTrYvyuA8ka
+IhkJ+Bd37zvL4TePvIoLkvZuPV0MADT2vGhP6Apy6NL5gwCA4BzZeuhKibCpcVktr+BKwumbQgAA
+t6FBzgBApJ9PKGguKCAjeJnxm3ck8dsmuPKkuNXbDpxNzsrnicWNI6wgJcQ8TsI3G7Zd5AOA57S5
+Ic0FPRwnLJnmCQD8S3Gbvkng8IiX1xDzCq4kHNh+rEU8Jnn2dwMA4FxMKGgK/zKZVqHXgHCFFkI6
+0zjC+ttvv+EmAwh1MyuAXcscDV2eoDZ2Ixzazcg+0LTz5TMiWO/9XF8d2qLoADIqRsSSmWnbEgVE
++vGE8Li5Po0hj8Z+b3sMeUd8pph//diu68dan+amYak/47UlU8sSTl8+tO1yq2fInrM2xna1jgAA
+Y8LKj4Tf7E1+JOac2cU50+I59xlhAADgGT2PnX6IQ/CS932cDBQGg1wnrpUBALiGrVrkcHpvUqvR
+WLmUz72cwL2s8Ypkz0lr105t8Rrdp360BXbt+pUnzk8+FJfc5hR2eMt+Rc0JST6YRfCS921IJjMY
+UCuWsWMPL2dDN8LkipBu2hteVT2Omwwg1M0MUp7gxH5ByyHV2tiNhiw9wHKw3rUMiw50J/fopVHp
+u5KFlcnHLoRtm9EU10iMkGVfsSdnJZ69fOOhoDEFksgMB7f+oyOmRoa0ja5iMW3C2t1BnOSES6lc
+nlimACDT3AeERL01NWyAfpNVaD5zN+2bwElOuJRaWNY4RkqmM9z8ImaFNnaExo7dvSMr4YekrEd8
+QioWS8k0N5+g8TPnRfozSFwfErRIrq5RK2Ih7VpOztPKuuqmAVS1V+fj2HbIn+w5dcu+cQVp5xPT
+83h8ceNUWJojy80vZNLkqFaZlDwsZvva/qfOJnEfETKxmExneLp1974EVkqlspsviZBF27NnT3sT
+AwYPHozDrr2EerXMjn+Lan8k0kfKHcmGo1Wm7kW7fo/r4+Jgvru34nepRpwjKw5lAwR395gi6hjO
+c0VIBx3PZ8XZrgiZSuRw6hvBum+r2S32vO9kzrEVIcuCyRUhHXS6hwBuMoCQqcQtdezHMrspcG+9
++sqEYVh0ACGDweSKkLa0GVLFYVeETMXKyrjlCbqgv4vNxrkOpu4FQj0KJleEtKXleCoOuyJkKvZ2
+pJ82uZi6Fy87c+ojFyw6gJBhYXJFSCttB1PHjh3b6ov2jkQIdRsfN/KvW/uQrU0cGL1cbX7f2ceO
+grkVIQPD5IqQVtRHUseOHfv555+/8847qn++8847n3/+uXp+xWFXhEyoH8s6bbfb6pmMwf1MsO1/
+aADls8WOCVtcqWSMrQgZHu6KhVDn7t+/v2fPHgAYO3bs9OnTnZ2dVY+vWLECAA4fPqz6Z2Vl5W+/
+/ZaRkQEA69atw71dezDcFctSyORKiUznt/327dvNX48YMUL7E1+hksxqoq2W8LsUWRBMrgh1bs+e
+Pc7OzuqZVaVVclVR5dfKykrc27UHw+SKehL8LkUWxOw2EEHI3BAE8c4777TKrB1wdnZ+5513Kisr
+CYKg0bpcGBAhZDKHDh1q/jo2NtbU3UEIvYRjrgh1ncYxV9Qb4Jhrz9bb/q/1tteLLBqu0EIIIYQQ
+QpYBkytCCCGEELIMmFwRQgghhJBlwOSKEEIIIYQsAyZXhBBCCCFkGTC5IoQQQgghy4DJFSGEEEII
+WQZMrgghhBBCyDJgckUIIYQQQpYBkytCCCGEELIMmFwRQgghhJBlwOSKEEIIIYQsAyZXhBBCCCFk
+GTC5IoQQQgghy4DJFSGEEEIIWQZMrgghhBBCyDJgckUIIYQQQpYBkytCCCGEELIMmFwRQgghhJBl
+wOSKEEKo65RKqJUopTKlqTuCEOoVbEzdAYQQQhapRCDfd058PV+i+qedrdWb42jvTrZ3pOOYCELI
+WDC5IoQQ0k2JQL7thOjeo3r1B+vqlafSXpxKe/HmONqH0xlMzK8IISPA5IoQQkhbBTxZ3I+i/Mey
+Do755Trxy3ViZijt/Sn27k7Wpu4yQqhHweSKEEKoc3dK6rceF/GEci2PT8wkEjOJUH/K5reZfZ0x
+vyKEDAOTK0IIoXYpAe48qN96QvRE68yqLrNAOn3bszF+lM3zmf0wvyKE9IbJFSGEkAZKgNsP6j89
+Liqr7EpmVXejUDpj27PRgylb5jM9WJhfEUJdh8kVIYRQC0olcB7Ubz1hgMyq7uZ96cztz0b5Uj5Z
+4ODBwk8fhFBX4O8OhBBCjZRKyC6u33qiWlDVYKRL3CqSztxePnIQ5dMFDp4u+BmEENIN/tZACCEE
+SiXcKqrfeqL6WbWxMqu6nGLprM/K2QNtP13A7O+Kn0QIIW3h7wuEEOrVlEq4eV+69YSoXNQdmVUd
+50H9mzvKR/jYfrqQOQDzK0JIC/ibAiGEeimFEq7dk3z+4/OK592dWdXdLqmfvaN8mLftpv9x8O1H
+NvW7ghAya5hcEUKo11Eo4UpO3fZTIkm90tR9aZRbWv/2lxXebjbbFjkGDcD8ihDSDJMrQgj1IgoF
+XObUfXZSJJWZS2ZVVyqQL/26wsvVZvtixyAvzK8IodYwuSKEUK+gUMAfOXWfnRLVm2VmVfewXL50
+T8UAV5tti5jDvG1N3R2EkBnB5IoQQj2cQgGXbtXFnRbVy809s6p7VC5ftlfY38Vm2yLmcB/Mrwgh
+AEyuCCHUgzUo4PdbdTtOiWQNlpRZ1T2ukL+7T+jBstm+mDncx9bK1P1BCJmWeSRXzqEVhzgA7NjD
+sWxT9wUhhHoAJUBSVt2nx6tN3RHDeCKUx+wTujlZ71rmhPNfEerNdEyuYl76hVPJHB5fLFM9QGYw
+3PqPHBk6JnyEDwN/mSCEkBmQyZUf/bv6r7sSU3fEwARVDUv3VCybZL9yuj0OviLUO+mQXPmp+/b+
+XCBWtHhQJhbzuGk8blrisJhvV4ZgdkUIIdNSKmHWjnLjlW81ue8v1xASxcZ5DqbuCELIBLRNrrLc
++N0/FhAAZLew+Uujh7o5MGhAiOsI4WMOJzX9r0LnYLbFxNbq5LiPE1g4NQEh1BPdLJL24Niq8tN/
+X3wwzd7ejmTqjiCEupuWyVWc/kcWAQBu0Zu3znRv+l1BY5BpjKAon6CoOaZ+HboQZ9/gAbBM3Q2E
+EDKGrcdFpu5Cd4j/o/bvsxim7gVCqLtp+Qfr4wclAAA+EyLcLf5PXPGNLJ6p+4AQQkYhJhTloh4+
+4KpyMqXW1F1ACJmAkfcWUK3oyubxa2UAQGa4e7KjY+aFsHSZWCB+lH7x5+SsR3xCBkAiM1w9R06J
+mRvaXhsycX7amQvpBTy+WAoAQKYz3LzGRMyKDvME3tWE+DPpfCkAAOfQihXNJwXHHl7ObnvRnOZG
+GJ5+oRGzosI82/6Fr9oYQdWCQlyQcirhEpdXKwMgh636dkmQcd9ghBBSV1QmN3UXuolCCTV1Cpww
+gFBvo2Vy7T/QB7KKoYR7l4gIo2l3DsE9tvNgulBtRZdMzC/5K37z9cszN22J7qtdGyd2HrgqfPmA
+QiYWlKR9vzk9Zebmj6NbDwAr+Gnf7D5dSKg/JqsV87jJqQGTwjwfX7t49wWNRpYSMgAynWHXHH7p
+5BaN7N97Ol/cohExj3v5GPdKUtjKzUuCNL0BUkKm4Cd/vi3x5Xgui4UzEhBC3evavZ62n0AHHpTJ
+RwzECgUI9S5aJldG2Pig08Vc4B7b+T15zSItBk3LkvYeTBcqgBUa8+GCEHcKAICsuiDxX98mP+Il
+7onv/3lMEKWTNvgX9x64KgQSK2Tph0tC3MkkAJCJ8xP3H0zmPUrc/UP/3cuC1DpCcI7uPl1IAInh
+P3HB3ClBnjQyKGSEkMe9WUALYQAEzf/yq/lNm8cGLfpK0wotgnN09+l8AkiskKWx84M9aWQAAFll
+QfLx+MR8YfrBvaxPNMVu4ePkowmJPJr/pCVzJwd50oEQy8h0E/1fRQj1Vn9k13XzFb362IQPoYoJ
+RXqepLLV7jNGllNcj8kVod5G2/ss5NCY2FAGAAgz4zev2bDrVHpJtaz9w8VpJxN5CqAFx25e1hhb
+AYDs6D/34w/D6AC1WacvdDbZtDrt2AUeAI29fHNMqCq2AgCZETB3y8owGgCReTpRvQ1uwrFsAoDG
+Xr59zRx2Y+QkkWmuPiFTo4O0nMef39hI2OqdMaGNbQAA2dk/+u/bY9g0UPASv03Q0HVBWmI2sGN3
+rpnD9qSTAcg0Bo2Md7EQQt2oXq58Vt1Nk1xHD6b8fRbj502uZ7e4rnmTsXUh8/JOt/i/s96dRPfz
+6KadZhIzCf0bQQhZFu2zFY297POdy8LcyQAycclfx3Z9/OGHmw4kcPiytn9jC66lFQOAZ/Q8dus7
+6yT/cFUCzr3L7/B6/OtpJQqAAdEL2rQBAeFhjgAg5Oa+bINzPZ0AAL+5S9haTmfQgHM1nQCAoLnz
+AzS8AyH/E+0JAJXpqfma3qBxMbF6XBohhPQkMHJsZdBIU0bZxS11TN3ldmiV8+LX6QPdW9y4GzHQ
+duV0xqmPXH7d2uejeQ7hQ6gkYxYMeCKUy3vFajSE0Es6rdAis0KXbAuZxUu/fD4ljVsmk1Vykw9x
+kxn+M1esiB70MrTJSh7wAcB1aJCjhlZ8vAYCcEDwWADg3u61ZCUlfABgBWkcLfXp7wVQDfynzW0U
+3M0HAPBhD9UjPDY1EjRU84iBY9BQ1wReOVFYxIeAVn1nhI3H1VgIIVO6XVJvjGYHutuEBVLDhlBG
++XY2x6tJP5b1W6++8tarr0hlyvQ8aXqe5Hqe1BibHgiqGzxY1sZ41Qgh86T73gIkhuf4uavGz5VV
+l2RdOnP+aolYXJD41ebHsTubRxyFQgEAQHnSthVJXe2YUFgOACC8uG3FRS0OV4gJAgDAganP9n51
+nTXi7t4PoByEgrape+BAHz2ujBBCervGNeTyrDH+lLBASlgg1atP13ehoZCtIodTI4dTASC3tD49
+T3o9T5L3WNblBlspfCLD5IpQr9L130dkR5+wBR+FTeMe++pAejnBOZbAHb4kiAQAIBAIAQDINAa9
+g/YdOpwJJeCXA7TaAaCt5j0BylVh2b2/O3RdpVDY2SE4dRUhZJ6UAH/e1je5OtJJYYHUcYGUsEAK
+3dAbTg3zth3mbfvBVHt+VYNqFDY9TypvUHZ81vEt1R0+X533zLDdBAC4J+A2f5337J7hL2BMgX2G
+mLoLCBmR3vu5MoKWLIu6uytZTHByCpcEBQAAODgyAMTgFvXRluiubgzlwHIEqAa3iR9tmaJFG44O
+zgB84D/mA7h19bU4s1gAHS8ck3XrwlmEENJWDaHXr6eB7jYLIuhhgRQXB6MPYbo7Wc8Nf2Vu+Csl
+Avn1PMm+X8T6t4kQ6iUMUYnAZ+BASOYAQTT9tc9isQDEqiHMriZXFssZoBoqK7Vrg+JAIwEo4LlI
+DNDlCQONcbn9Rvj8pwAALLcup2OEEDIKPWsQPODLd5wSAcBwb9txQyhhgdQAT2NtEXCjUHo9T5qe
+JykV9Ja6CQghQzFEcpUSqilL5KY/1BmDBrKgREhwsrhL/Lu4bIkx0IcFxUIiO4u7wD+o83tWfv6B
+kMWFkrwCWURIV3/d+vgH0JKvEyWcdgouVHPvlgMAzc9Xn0kJCCFkeHrWIHCkk2ysrSqeN9wprb9T
+Wv+vCzX9nK3HBVJVU11Jek8cENUqVJNc0/OkNXUvh4cHuts84GN+RQhpS7vfRh3eg+L/kcwFAFLQ
+UL+mhzwnRQ0CACL9TCKvqxPxPSOjfEgARHrCr9q0QQ4ZHQQAkHs6ntPxDn9u7q4AAIIyDbtyBUWG
+sQCgMOGYhkaIrJ+SeADgHBYRAAghZFb0rEFgb0f6Pa5P/N9Z70TRffuRAeBpZcOZqy/+frgqbD1/
+/dGqX64Tz3TfHKC4TPbDldrl+ytf/4fg0+PVv2fXqWJr8CDb1TMZP29yPbQKiw0ihHSg3ZhreVLc
+51kOr4WNCfT37+dsx6CRAUBKiMsLL589lZwvBgDPaXNDXu6XwpiwcOa1HYk8QVLcppKoBXOjg5qK
+URFiwaMbN66kE69tWzKsw4s6Tlgy7dq2X3n8S3GbHkYtmNOijcdZN5LTiYitS5qHdMmhS+df3XC6
+mOAc2Xpozgdzx/uwVIW7ankPMm9wHCbMH636/eje3xOgHPgpCemjY8NcVU3KgEwGAPCcu3h8+r6r
+BOfIznj1GlrVBck/xCfmEwC0kLdnepr6fxtCCKkzVA2CEQNtRwy0XTUDHj6TX7snucqV3iqS1suU
+qXckqXckADDUyzYskDIukDpkQEc3tzILpOl5kvR70kflL8dTbclW4YGU8CDq+CFUJ/vGcZOqGlw9
+gBDSgbazBeRSPvdyAveyxifJnpPWrp3a8gZ63+iPNsGuXYk8cUHyobjkNuewwzu/qPvUj7bArl2/
+8sT52rTBmLDyI+E3e5MfiTlndnHOtGxqRtjL02bM9OQk8mq5xz758DSdQZaKCeeZ27ZHq16A/4Lt
+q2DXgavCrO/jsr5veUESI+TdT2KGdVN5GIQQ0pLBS2d59bHx6kNfFEmvrlVcuye5dk967Z5EUq+8
++7D+7sP6Q0k1bo7Wql0IwodQbKytAKCqRqGaDJCeJ3khebljgCvTOnwIJXwINXwI1Rq3Z0EI6Ue7
+5OoatSIW0q7l5DytrKtunNUKJDLDwa3/6IipkSE+jhrCHNkzesu+8IK/ziReLeCVi1Wr8sl0BsvN
+P2RidNRwbS5M9py6Zd+4grTziel5PL64cT4tzZHl5hcyaXIUu9XhNJ+5m/ZN4CQnXEotLBOrOkqm
+M9z8ImaFqgVrt+iPtrMSfkhMLxHKasUyCsPdk/VK87MkRtCinV+NT7/8a+qNIp5YCgBAZnj6hUbM
+igrz1Ge7WIQQMg6OcWoQAIAjnTR9DG36GJpSCaoIe/We5Fl1g6C64Wz6i7PpL2ysrcICKTV1ipzi
+Fn0Y3I8cNoQyfgh1uI+tqd8ehFDPYaVUKvVvBaHeacWKFQBw+PBhU3cEdTcrq5dVTTv+Lar9kfrY
+GF+l52au/V1sfvnUVcuDc0vr0+9Jr96TFD5pvQxh9GBK+BDK+CDqAFetRkaqahRRmwQdHNDZfq6o
+tS7s59o936UIGYQh9hZACCFkOgapQaCTxpoC0+wfV8ivcaV7zj0HgO2LmOFDqEw6TghACBkR/opB
+CCHLpmcNAn30d7GxozQO1wUOsMXYihAyNhxzRQghy6ZnDQJDwZvMBkLkHDp6tQwcwua/M9nF1J1B
+yOzg38cIIWTZ9KxBoCcMrAbGz8ktAwB4nnPnIe4YhlAbmFwRQsiy6VmDQE9KwOhqSBW5xc8BgARQ
+l3cn1yxG03shzpEVK1asWHGEY9GX6KkwuSKEkAUzVA2CLmsec8U16QageHgnRwzgMnKsFwA8zM4j
+9G2xR+McWrFixYoVhzD99SqYXBFCyIKZNrYCALxMrqZ+LyyfPDf3Xh0A09M/zMsdAB7dKxCbuk8I
+mRlcoYUQQhbMeDUItKRs84UJyAn+7ZysWwXlQoKoBwCwoTm5DA4cO2mkJ73lkcKbx/dnVLHGLl49
+2qm24l5aag5XWEXIAcCG7jIgJGR8+EAHG71PAemDc8cv3CZsPMPnvz/SSduXQeRlPwQAhyF+LnTH
+Ib5p/KKK3IyKkbhOCyE1OOaKEEIW7BrXlMuz1JlszJXIOxd39Odfcx6WEUQ92NBpFBuQE1X829fO
+fX06q1zTKVVV1eU3T+09fSVLoMqgACCvrXiQcvE/X/96T6T3KfUPuLcJAJDz8oqFWr8QcQH3EQA4
+BQa7ANj4DfUCXKeFUBs45ooQQpaq+2sQaOiDyScJ0AYP8b8up48cGzzE3Z2i+lSTV+Zd/O7KQ6Ii
+I7lw5EK/1h91ige/HyqUO/i98daEgapTFPKqgmu/J+RWEA+v/Pua09/D3Ul6nGJLo5AAFABgS6Vq
++zoqMnIrAKBvYBALAMAm0M/r/MOHdQ+KH0z08jX1m4yQ2bDs5HrhwgUAmDZtmqk7ghBCJmDCGgTN
+Xs4WMFmEtfF7+z2/Vg85B86cUfrPHx9AYfEj8BvY+hS53HbgtOWTB9o1PUCycQqcsCCWcvzbm1Wi
+nIxbI2eH0PQ4xevV+WPhXtUrvmOH0UErjWuzwJ3t39iKrd/w4WkPOdJ7WYUTfP0s+9PaPMiqS7JS
+LqbefCx4LpYpAIBMc/MMGj9zXqQ/o9070DJhZuLplBuFPLFMAUCmuQ8IiXpratgARrvHc5ITLqVy
+m45n9PWbNGdBlF97xyOd4WwBhBCyVOZQg+Dl3gKm7klrfVxdAACqKzXdr3cKHfsygzZzHR3iBwDA
+u1tM6HcKzW/0G7Mnjx+qbV5pXJtF8hrOfpmYvYIGUgCgMCcX12npjbi678OPdx27zOVVi2VAZjjS
+yCAjBCVZZ/Zt+DyJr/lvQGH6wY2bv0/mPlIlXQAZwS9OO/b5prizJRq2fVDw0/Zu3HwokaN2vPgR
+J2Hvhg3fc3CbCEPBv+IQQshkeDze7du3X3/9dRqN1oXTTVuDoBXTTxtoxdmJAVDRzpMu7hrXTdkM
+DPSCwofA45fDMC+9T9Ga/MG9hwAAvn4DbdUe9vUbZJd3rw7XaRkALSSMfbHeYeLM8HEDPWlkAACQ
+Ca8e2nmCS/ASE7KiVoWSW5/DSTimoPnPWLN4oj+LAgAAUn7WqW/jM4W8y7vi3fetGqf+Y0twju4+
+XUgA3X/mezFRAQwyAChk/PT4vac44sxDe922bZnibuq3oSfA5IoQQibj6en5888/p6SkvP7665GR
+kbrmV9PWIFAxi8CqkFeV5t6784RXUv5CUU/UdjoU7eTkrPkJGwaNAiBVPBfXAtD1PEVr4tzsQgCA
+gexWswI8h49k3EsXP79XWDHZRdfoqppQp67t5DrVMb/99ptB2umeY7qIEhL7ZUjLh8is8auW5K84
+lA3cXC6EslufogD3qRvXTFWLmxT3kGU7GeQ1+64S3LOJJePm+zQ/lZ9wLJsAkufMdWui+zY9SCK7
+j4/9RL5rw48lvF8TsiJXhVAM82p6M0yuCCFkStOnT9+zZ89vv/32559/6pRfTV6DQEVp6v1cicK0
+sz/lVqnCqi2NRrWl9fXwdKVAXdXDwgqprs05OLwCIIV6iUTrGNqFU1pqXJsF8ODH/f/UeITo3p2i
+8Im4TssIPD09IZsHT/l8YLcZEQ2KmqxhlNR/arTn1QRebda1/Pk+AY0Pcq6mEwC00FkvY2sTxrjw
+oB9LuApuTh6EsAHpCZMrQgiZ0uDBgwcPHnz//n2CIHTKr+YQW1syRXR9cOXYyTwpgMOIiZMnDnZn
+qH2oCW8e70Jyff78BYBOewJ05RR1TWuzOtSVdVrajFaqjrGysmp+pG0tNO3b6Z5jDIvlxgLgaX7O
+baCPxiFSx6Chrgm8cuLxQyEEsAAAoORBCQCAX2CQhuMpPv1dgVsOgjJN8RjpyLKTK+4qgBDqAVTD
+rqqvtc+vBq9BIG9Q2lhb6XqWsimwdm3MtU6qT96V37ueJwWAvuFvzQ7UZaZFVXk5AEvDE4SwSgoA
+JAcGXf9TtPOguLgOAFzGr58/UtOCLuL66e9+r4DCO3m1ftruVIA0kvILrqan5xcUPH0OhFjc6Z81
+/dzbiZmvODAAyqGyUtj4PaEQCqsBADhHV6w4auqX2dNZdnJFCKEeoHnYtfkRbfKrYWsQPK6Qz9hW
+vnyK/axxus217fLeAgoFHPm95rtLNXr0WvyiGgDAyd+rbaflPH5V+2fyHwsg0E3DScUCAABPd1dD
+nKIFeWFWnhQA/EYOa2cfAtqokV6X/3ioEHBziWE6/t9BjRRi7o97D/3FlwEAAJnBsKMxPH393elA
+POVyebqu+2c4OAAAEETTRPNyoaC5Zet2T3OgkTttGnUKkytCCJme+rBrsw7yqzFqEDwTNew4Lfot
+i1j+hv0Yf50Xkug05pqYSXx3qYZfZZgJDy+qxQAtF/4rqm5efdjBKQQnu/C1qX6tdrl6kJZaCADg
+FaxhBFenU57fvZZ2u4oREB4xqsPir41rsyhDQtqfCdC0sWtFZk7FuHDcYqALCk5tPXCVABIrZEHM
+vFAfhlqA5F/cpntyFT9/DgBAozV9Nzg6OAPwAdiLv4oZZupX29Phfq4IIWR6qmFXjU+p8uvmzZsv
+XLhAEI0fsYTEWJNKbz+o/9vByi0/VD8q12qzWF3HXLMKpe//U/jZSZEhYquTtx8DAKR3Mq4+aCrJ
+CnIpv/D3Ayeyqjo8Vfrg9yN/3OO9POv57T/+czxPCgDuY8cPs9HvlIcZZ3MeFj3M/fVKbm1HvWhc
+m8UcMrzD1VdeoUMcQLVOS+/3rBeSpidfJQDAc85HMeNbxNZOPOXzNT8hFFYCADg7N00foTg70AAA
+hJW49a7R4ZgrQsiytR2q7Abqk+w77oD2R9bVdbTFVfP46/bt2xkMhsLIK/kv3aq7dKvu3Un05dH2
+5A4nvyo1fKXZE6H8yKWai1mG3MnL5dXxAzkXHxAVOT8czSHZ0OjW9WKpHABIjCELX38l6ZesSo3n
+eY2fQ8s9m3flu8IrrZ6h+017Z7QTSb9T6glp4872HW84UFFwTwwALqEjOxlJdR85rG/O1TJpMffh
+RF8vA76BvUL180oAAPeRQW0nZMhKSvjtnih4UCIF97a3HwQF3GoAoPX3ap74PNB/EKTnQknGDXFE
+FNbLMipMrgghy6Y+PbTb9O37cuebjjug/ZHaIAiCwWAAgKJbyr7++3Lthay65VPs32x/eqU2u2I1
+KODIpZqjv+szpbUddgOnrX+n8Pffs7jCKkJOiOU2NCf3wYFjJ430pMNDTwDNyVUsd5/xzvrh99JS
+c7jCKkIOADZ0lwEhIePDBzrY6H2K7cCgEdcf3iZoA4cNYkG7iu7cEwGQvIJHdTp7lTYs1OvquYfS
+O7nwppfh38Ze4blQCNBqonJZUjK3g1O4yX/ww2a0WqZFZJ1P5gOAc1hEQPOD5JDIsNO56cSjpFOZ
+Y2JDMbsakWUnV9WWxbjDAEJo7dq13Xm5iIiI5q9TU1MNcmRGRkZGRkYHB9jZ2b3++utKpdLKyopB
+IzFfIYleGD3Alosa4k6LfrtBLJ9iH6r75FcAOJ9BfHepRmC8PbxsGH7T3vLT9DngNXv1/85u/0S6
+y5Bpbw3R6QNE21MoA2e/19GlVXwnxn42UdtXOWLG/44w5NvWg8gIsbidm/Q2dgwa2W1okHMiv5JI
+P58Q0m+mvyNZdRIv+/ShH7KEJID2foxIwL+4e59sydvT2O7qNbQ4BACNPS/aU/3ggLlLgjmHsgnO
+95u2Fc5fMi3Ex5kMAKCQEUIe92Zqakn/JauicE8s/Vl2ckUIIRU/P7/uvBxfbf5bx5fW8kiCIA4d
+OtTes6rMql4k1soK/ncWY/tJUfe83jsl9SsPVr4xym75FPsBri0+ODqY55pVKD1yqYbzwMC7dyHU
+EvfYhg3tPMWOPRzLBs/oeez0QxyCl7zv42SgMBjkOnGtDADANWzVIofTe5OEmk4OWvDR0JsHTl8+
+tO1yq2fInrM2xrJbjZTT2O9tjyHviM8U868f23X9WOvm3DC1GgYmV4QQMr0///yzefWVuraZtdm0
+ENr3l2sfV2i1jsogfr9V9/utuncn0d+fYm9r03ryq/psAV6F/LvfDTylFaEuo7Fjd+/ISvghKesR
+n5CKxVIyzc0naPzMeZH+DBLXhwSakqvnQD+fCeN3B3GSEy6lcnlimQKATHMfEBL11tSwAZrmA5AY
+Icu+Yk/OSjx7+cZDQWM4JpEZDm79R0dMjQzB6GoQmFwRQsjECIJISUlp9WAHmVWFRIIf1rMm/kPQ
+0C1zXpupJr++/4b97DAatBlzbVDAkaSao38YYUorQq2wYw8f1vZYsmvI/A0h8zU8ExTzr8MxrRpe
+3twwmcWOjmVHa98pct+QuatC5nba9+Xa9x21gMkVIYRMrNWAa6eZtRmDRjr6d9ayvULoXuWihp0/
+ii7cIJZH26vtLaA0+pRWhFCvh8kVIYRMSX3AVfvM2myYt+27k+z/fdkEY5x3SutXHqycNLJxM/Z/
+XbSEKa2s0Ys/G230UxBCRmPZyRV3FUCmdRjv9iC9qQZcu5BZm/1tuv2d0vrsok6rsBvF5ZzGyawW
+EFsRQpbPspMrQghZNIIgMjIypk2b1rXMqmIF8O0HThEfCyT1xi1PgBBCJofJFSGETKaurm7Lli1d
+zqzNbMlWZza7Tt/6zNQvCCGEjAuTq/n6Y96bpu5CDzH5zC8Gb1OphBdSJdkaKGQr/VtDvZazs7Oh
+murrZL1zqePmH6pN/ZoQQsiIMLkipJsSgXzfOfH1fInqn3a2Vm+Oo7072d6RTtKvYYT09cYou4x8
+6YUsQv+mEELIPGFyNXcTNm0xdRcsWNrncQZsrUQg33ZCdO9Ri2UodfXKU2kvTqW9eHMc7cPpDCbm
+V2RSWxcyc0vru7M8gbEtjnPU+Pi0ENr2xUwjXdTK6uW9FKUSZw8jZEYs+1P2woULFy5cMHUvUM9X
+wJMt+qpi3s7yVrFV3S/Xidf/IfjspIhfhZtZIpNRlSewtuxf7Z3r72KzdSHT1L1ACJlAT//1hpB+
+7pTUz9pevnB3Rf5jmTbHJ2YS07Y+W3mwsqwS8ysyDVV5AlP3woisSXB8I4uEH18I9Ur4o4+QBkqA
+2w/qZ24vf3efkCfU+cZrZoF0+rZnf/u28inmV2QKw7xtV05j6N+OwSx0zT7gdijCMI0d3+BCp+KH
+F0K9FM5zRagFVWb99LiorFLfmYI3CqUztj0bPZiyZT7Tg2Vt6leGepdlk+mZhVJTlScwntUzGX4e
+ZFP3AiFkMvhnK0KNlErIKa6fsa38vW+E+sfWZjfvS2duf7Zif+UT3cduEeoyVXkClkOP+pMpYjh1
+yUS6qXuBEDIlHHNFCJRKyC6u33qiWmC0xVW3iqQzt5ePHET5dIGDpwv+3KHuYEu2+n4tS+/yBMyE
+AzTIJCCU5g0AADVF4gn7a9Wf9W78Wn5+VfmO5vMWumaHqr7VFTeLFPq/HFem9RfvOOL+yQj1cpY9
+5jpt2rRp06aZuhfIgimVcPN+/dStz1bsFxovtjbLKZbO+qz8vW+Ej8tx/BV1h75O1nFLHfVvxzuU
+BpllwavKgs9JwZeRtpoOABDhnHaA5v2MCF5VFryq7Pwzm1kHXD9RnbDQNTvUprTxFJm/rwH+WvvP
+WhbZBoMrQr2dZSdXhLpMqYSsQmn0p89iDwifVXfrOirOg/o3d5TH7BM+wvyKjG/KKLtpIfpWl4Vn
+xNyTAACQWnm0SGHvS/sE4JMwin2ddF+cSHXIjjiiFGxeX00HoB8abtPqFD2vv3e5Ux/HHjXzASHU
+NZhckbl6/NfHh46sPnzplla7UelAoYT/ciVTPnn2wbeV5SKTrf2/XVI/e0f5sr3CoqeGfoUItbR1
+IbMfS69Rz9JSUfPXJ+7KaoDUL4LejwEgbjjx8ijRnWdg70FZBDYsu5anVOqVXKeF0F4bSjXNe4cQ
+MjOYXJF5arh1r5AAACUvJb/OUI0qlHA5u278ev6aw1UVz81iv6rc0vq3v6yYu7Oc+wjzKzIWEglO
+bmSRjHCnvUas6b5BhHXr7WTLGmq6eon+LjbbFjGN+v4ghCwIJldklmSltx4DWAEAPLl754ne7SkU
+8Ht2Xfg6/j/+Uy2pN7tajqUC+dKvK+bsKOc+xPyKjMLeznDlCfpa2zc3y2gzlCtuOJHaIGz/FJ2o
+ig5Y4exWhFATTK7IHNXk38lTAvgOi6QD1BT+V7/oeulWXdh6/ub/VEtlZpdZ1T0sly/dUzF7R3lu
+ab3+rSHUynCfrpcn8PZmNn+9yJkEdbJrqbVPxQAM60Uvj2IO76MahZUL69qc0iXHsOgAQqgly/6N
+cOHChQsXLpi6F8jgKv+8WwkAgR6jA/tTAKS5RTx9mtvyQ3W9eWdWdY/K5cv2Ct/8rPxOCeZXZGDL
+JtNf7dqE0T60hIUAABDh/J4vqfRO5QmAHenSGjvKmi1M1SGfbKF5g/zP/bUAtbF35K1O6cI1V89k
++GPRAYRQS7ivZM8hqypNuZ2bXSaqrJXKAMDK2p7Vd/TQ8KmD7Vv+7q/+48czF0WOU9+eN9mh7kl+
+zs+5xU9FUhkAkO08+gdNDhk2vM3u5XeSj8Q/gOGTl8d4N1SW5p7P4eYJ62RKAGuKm8ugyLCRoS52
+BnslT7iZNQBWnqO8rQc7+Nnn5dbc594K9xzVmz7CHlfI390n9GDZbF/MHO5jizdLkUFYAexa5jh9
+e7lQx3neNUVSCO2bHQoAUJpZ1rxpwIRUZsIBWvYBGgBAnXTfqsrGBVsny4PBNbvxFMXNIvloHcPr
+q0Ox6ABCSANMrj3Ew+vH9+Y2rWSyptjbymvqGmoqeCkppzMfRX0a5d1mU5zqZ9XVf/x57mKF2geY
+rO7Jg5vxD3IDI2bH+mmYllZZ/exO6eX4+2pLphqkAsG9U2fv/XfYzA/H9Xl5ldLk1X+Udtrt4ZOX
+x3i3fjCv6CEBAD7+o8gAfXxH2+em1PBS8utGDTNcOLYQT4TymH1CNyfrXcucgrx6U3JHRtPV8gTS
+uasqNT0umrtKpPmMk+XBJ7vYSZaD9a5lWHQAIaQBJtcewmuwr9vjmuBRw0YN6OOsSjjKuvsZSd/m
+VhIPMi+zvWe1WZtx58o5mYI2KnLS3IHONGsAAFlV6fnUlKsV0rzUC+eZ82f1aX3Kk+wL8Q02g0dP
+nT+sn+oqstpnV9Mvny+te5KbeMx5aawfpfFQa5o9vfOgyWi7P6Os+L/3pQCUUD9VpHUeNdA+5XbN
+k6KimmHDurbIw9IJqhqW7qlYNsl+5XR7/CxH+uvrZP3Ve04bjlaZuiPtOrGBZUvGb3aEkAaYXHsK
+Vuimt1s+YmU3eFzk1MdnLopq8h5Vz2K1rqMja7AZPnn2Em9K8yNkJ+95s2fTfjrzh6gmJeve69OH
+tE6KDQ0eo2d/GPyyKTK9T+Tktxh//HisVJqXceuhX5iX6on+YTsXhXXhdTSuzaJ4jerf+IhH0BCP
+25lPKu79KRw2y0Broy3R95drCIli4zwHU3cE9QSRw6lvBNv9nm2wLecMaM/7Ti4OWHQAIaRZD0yu
+bddsta0Qa4nHdImjpyuACARVIoA2FSCZw6aqxdZGVo6TRnr+kcKDp8W364aMbzVsauU9eWTbSpKU
+UcF+F0tzKyXF15+EeXno0+HGtVnOAUGDmx+j+45yyXxSUZN5lzcrwtMQb4ul+um/Lz6YZm9vZ9kL
+K5GZiFvqePeR7Kmw00Ju7c8HMIK3Xn1lwjAsOoAQapdlJ1cDxbuezMnBEaBa83OuLDdND5O9fQKB
+lwfPSsth/ICWzzmzPDTewWN5D6fnptRKn5TXgIcet/SFRXdqAMB++CBntUftRvv1OV/xjOjGdVrn
+P3X10K/mULOLN4mtx0WG6lj8H7V/n9XFjY0QUmdlBSc3siI/EijMZuON/i42G+fiXQWEUEcsO7lq
+pE2ctcRjOiWrfXansPgOr6ykVtJQV0d0tnTYzaGddbtkOoMCIAVhTR1Ay0FXB6az5nMYznSAWqiq
+FQN0Pbnm3S2sBACmf2jLWQH2fkMC05/lKXm3ShtGDe6m24jmufn5yRRMrshg7O1IP21ymbezwtQd
+aezMqY9czPPnDiFkPnpgcu2NGipTLiWdf6KasmZNo9ta2zl6uTizyCDkFz/UueoizdkOQAoSqaR1
+cm2XHeMVAABC2rQF6eP0zf8t6fS0Ea8untc0n7VpbRaA6Obnh25qPD7v7r2awb10nZaKQgk1dQqc
+MIAMxceN/OvWPnPiymUNphx69XK1OfmxCxVXZSGEOoPJtQeou/rb2fMCAGq/yNfGTfVyVP/lfye5
+OF7n5EpU1gEAUCnazzarE78AAKBRbBsfaCBqajtf/CFWGxhuXJvVsV6/TgsAHpTJRwy01b8dhFT6
+sazTdrv99N8Xv9+qu/+0u+sPhwZQokfRokfb4WgrQkgbmFwt37M7vwsAgBIaOXVWfx3O07xsCwDq
+RAIpAADLvs2Aa6VIAKBpdmwVrxoAwInedCPbO2p/rE4vo+5mUSUA0PymfKlxGZaSd+o/lzKlNZl5
+T2e92s/o76oZyymux+SKDItqa7V0In3pRLpMrpR0Y8G5V6gkEgZWhJAuMLlaPqKmBgCg7xANsfVZ
+aQfbjT979hC8vdo8LOM9fggA0Mfbtc1zIsFDGbi1XSMl5BVJAYDi4drVO/nCO1crAMA+dGg7uwdY
+eb4aYJ95u4Z4UJw3vl9gL/60S8wk3p2MtYWQUZBtrMg2vfinCyFk9nC2XI8hrqxt/RBRnJtZ2/4Z
+tYV/FktbP6h8euY6DwBgwJBQDXNceSm32+5UUHf1Wm4lANj7vdrVLbEa12a5DHm9/ZkAHkFDPABA
+WvjfIt0KV/YwT4Ryea9+AxBCCPVemFwtn4d3oBUAVF6+WihonqImq7mfffGzK6VEB6MnVtI7f547
+lvespikGyZ4XH/vxYqYEwMp56phBGrafsgJB9q/fZpa+vFDd0z9++/mMAAAow8exuxhcm9ZmBQ4d
+0tGYLX1I5AAA1TotE73ZZkJQjdEVIYRQb4SzBSwfedCsUXfyblYSj/76PP4vMtWO2lBXIwMAoPUL
+2+hXtjulVON5gWMiGfkpmf9NvPXflk9Y2Y2aNG2yk4ZT7Ie89kZ15pnbyZ/fbvWMtUfIjJi2dQ20
+IystylMCUPxe9e14xyvrUUP8Eh4VEhVFN2uHRfbiG+aFT2QeLCwyhBBCqNfBMdeewC14zs7poWzK
+gxcAAGjFSURBVMNd7MhWIJPU1cit7V08IyPn75g+xKMPq71x0KoG5wVvL9746hAvJqVxeJVs5zFw
+dMzbC5a0k0Fr6mzHT1+0dfJo1bUAAKwpbm5DFsxZsHGkI3RR3dW7PABwDgjqfPZq/6BQewCovMqt
+NOlbbmJXOOZYtBMhhBAyNhxz7SHs+w2LmTNMwxMO7I2x7HZPs7LzCAxbGximy6Wsnb3ZMd5sXU7p
+mF3knOWR2h7sPGvh8lmGu7aFusKp+2JZl/9UQAghhCwVJleENOA+knEfdbSxpZuTtROdBAC8ioaa
+OkU3dw/rESCEEOqdMLkipMGWH6o7PuDC9j7uTtYAcKOwftfPou7vIdYjQAgh1AvhmA1CFimnuF7/
+RhBCCCHLgskVIYuUmEmYugsIIYRQd8PZAr2Q4+S3l0/W8ZzhUcv3R5m640jNE6G8QQHW+LcnQgih
+3gQ/9xCyVPwqrEeAEEKod8HkipClKnwi078RhBBCyIJgckXIUmE9AoQQQr0NznM1d2mfx5m6C8hM
+YT2C3kbyMCPpaqkEqN4R0WM9qBqOkIvyU5POXUopFQHYUJm+4+a8GT12EFOniwhupaTki4DqNnZK
+pLfGGsv6X0Uuyk9O4ggBWOzoqACmxg8iUWnGpXNnr+aLJAA2TO+x0bOnRwawdHkp2lwFIWRp8EcZ
+IUuF9Qh6E4kg9eC6JetPPQGAsXFXIzUkVxEnfuPC977LV3vo4J6NY9f9HB83L4CqzUXkoozv18cs
+j88HAP+VF8dqSq76X0WUf+qzmIX7MgCAuvhkXoSGTCkpOLfl/Tl7rqk99N2eLf4xR49/HTOKqdUb
+psVVEEKWCH+UzdfkM7+Yugtm7Z+J4mNXart8+oRh1MH9yF0+vTkvDulPXj7Fvsvt/HVXos90VaxH
+0CtIBBnfrZu9+pSgw2OSdq9sCpTs6MUjmbU5p37hAGTseSvGMeXc5gi3Tq4i5MR/GvPevzhgzKuI
+uOfiVs/Zk9pxTzIOrm2KrYOiF4xnSorOnbsmgYL495ZRHX/7erYX1QBXQQhZJkyuyFL9kd31WZ7T
+x9C2LWIapBtDBpCHDOh6Al4RbT9967Oyru4SkFNcj8m1Z5MIMk5+uvK97zgdHybinjz4RQYAwPSv
+//y/lZEeVADYc23Pyinrz9VmbPnX2dmjVwbQ2z/99qm4tQs7jXp6XUUuyb+0Z/2CLUmd/L0pyf/t
+27hLAABj/3Hx5KZobzqAXMT5fn308ngB9+DB0wsjN4xtdwBV26sghCwV3mdEFqlernxW3fU9ofo6
+W5v6Fbzk7tz1PyCxHkEPJxdxvtuiiq3ei78+unsBU/NxovzUpCQAgMi4jTGRTRMJ3MJjtnwWDQBw
+5lwSV9TuVUSck5+pYit19mdHv30/AIxwFcnDc3v+pgqUkeuOHF0X2s5xtaXXL50SAcCIdVv+Ft04
+XcGGyZ6/Lm4+FQBSfj6bIwR9r4IQslg45ooskj6xVV12cX12kbQLJ4b4UUb42OrTwvQxNHcnfQP0
+E6FcJleSbawM8m4gs2PDHPv+5rib/Jyx3369ahxc+lDzbfJafk5GCgBAeGSkP1PtCab32MhISEqB
+lJSbpStD2ZpPZ7IXbvr2euk570+/3TLF/fpnB8EIV6EOmr3u85icI9T1B+Jme5UePKP5IhIBJ+Mq
+AEBARORI9akHdO9xEdFw+hzcvp5RLIp0Y4IeV0EIWS5MrsgicUrqDdJOdpH0cFJN185tTK5dbSHY
+l6J/cgWAZyKFB8uMhpCRgblFbj6VI6FTqQCl7R1Tyy8tAgBgBgS4tbxZz3TzDvCClIeQX8QXydlu
+7fzKZ45aGX81hkqnglwExroKNWD+t9ffpFLpAO1fRCLk5wkAAAICvFtOCaC6DwpgA3AgI6+0WhLO
+bGeuq1ZXQQhZLpwtgCzSNa7E1F0wF3cMFOKR+aJTO16RJKkV8J8AAAS4MR1bpUamu7sHAECpgF/d
+4Q8Nld7JsicDXMWGSm1/rm3jVSpKBQAA3u5ujq06RHVxdwcAAIFA0NFL0eIqCCHLhWOuyPIoAf68
+jcm10bV7kqkhdq0eXLFihan7hbqRpE4iAgCws7Nr80udSlV9d9SKJHILuEqdRFKnalDDp1Njgq+u
+rgM5fnwh1EvhmCuyPDWEwtRdMCNYSQuBXBUpNbFpint6xtZuuooEJHXtbv5FtaPqVIkAIdQT4R+t
+yPIUlen/IdxzaKxHcPjwYVP3q/vgADPYUJntPSUHier+hI3ev++74ypUoNq5AWgOr5I6iRAAgIof
+XAj1Yj1xzFWQHPfhihUbThfgwFwPde0eThVo4QFG+V6OaufoBgBQXVPXetRTXl1dDQAAdKZWBa5M
+fRU7OtMRAKBaVNvmZoJcJFIdY2+Hoy4I9Vq6/vTLhJzkhEuphWViQlX3h0xjOLsNHDZywtgJ/n27
+vh+7AQk5N3gyAFlhSTn4d1Y1BlkifWoQ9EjX86VYj6A3ozLd3DwABJD/RFAtB/Ul+ZJakUC1VN/D
+3VG/UNk9V2G6uLsD5IOALxBJANQbE1VU8wEAqG4ebvqmcISQxdJlzJXgnt66ZvOhRM6jptgKADJC
+LCjhXE7Yt31bAs/UrwYAAFjsMZ5kILux/V1N3RVkBHrWIOiRMMr3dnTvwKFuACC5m1MqavGMpDQn
+R7UhgK83U89xym65CtUtgB0EAJBzt5Tf4uaKiM/NyAcAYAd66hmPEUIWTPvfMfykvQfSBAAkhv/E
+BXOj/NzoNLKMEEsry+7cTc9M5VSzx3ia+tWouEVt+TbK1J1AxoKxtS2sR9DbUd3Z48fB9+fgdkoS
+RxA5pelmk1yQk5zEAQCIHMd2b0p7EkFxaTXVPcCDaY5XYQWMG++9h1sqSE7KeBLtPaipPVF+SnIK
+AMCIcWMHNbUpEZU+5IObt7feUyEQQpZC6+San5zMAwAa+93tsaNpjQ9SaAwKjTHe0398tKlfCOot
+dK1B0MfRevoYWtsHbxXVq7547w37Vs8e/b1FZQHffuTXhlL1aSGwP3lcYOsWxC8UqhZeDaKy29zr
+b9VCp7AeQe9GDYiKWRd0bg+Xs+fTuJHucQtGMEEu4pz5ev0XHACAebOjg5gAACDJ/y4mcvkpAbDX
+/Xo2brq3LomvW65C9Y6cFzP2X1syHsZv+Zzt/XnMWDcq1JYmHdiy/hIAQORbc0aqdhiQlJ7bOHXO
+gXwYFHPyt28X+GN4RahX0Da5Ch8+JgCAxp4wmqblKQgZQxdqEHww1b69p0b5to6MsgZlq9Qob1Dq
+1IKYULTNnTq1IKhu0DW53imp92DZ6XQK6lE8ImM2xpxbEl966+BC9sGFLZ6L/nr1wgDV5vy1pdeT
+TwkAADjnkvPXT/F20+nmfrdchTl2wfo1Z+fs45R+/+G47z9s8Vzo5nWL2aoJCRIBJ+mXfACA4viL
+NzfP9tcphSOELJWR12fKhJzLCRfTuDyxDADIdIab36S5b0f5M1odx0/aui1R4D5z+7ZoN5CVZyX8
+kJheIpQpAAbM/UfIjS/O8IAWtmrPkiCN83J5CZvjkoXAitqyc64nAOfQikMcAHbs4Vh2mw6J89PO
+XEgv4PHFUmjskteYiFnRYZ4tErn4UfrFn5OzHvEJGQCJzHD1HDklZm4oyyzWoPViWIOgPRrrEaDe
+hBowP+5kLcT8LT5f/WG32XFHvl4Zzmz8pw3VkeWtqiPr5tKF2aLdchWq9+xP40/CyoX7Mlo8HrXu
+7N710R6N7VGpTDc3gCcAEODOtMPYilAvoW1yZXn1pwGPIAq5JeDvo905ZWn79pwuqH35gKxWzMtO
+2Me5HLJ8ewy77djtC4IAgnNo8yEO8fLCLK+QcJ8zp0sITk7ekqAgDdcp+CtdCAADJkzqeKKtgp/2
+ze7ThYT6Y7JaMY+bnBowKezluQT3xM4DV4VqJ8rEgpK07zenp8zc/HG0e0/cScxSEBKlqbtgpi7n
+1H2xzNHUvUDG5Th0wZ5jY+vAMdBLU06zcRv7wdGcKStTMnJKH5aK6N7eXoFjx4/1ZqodQ/WOXvvt
+1/SkUvtxMR+M1bCayobqHb3lpG810L0DmGCsq1Ddx31w8uh8sHNjO2r8FGKyF+xNiVxy/frd/NIi
+EXh6ew9iR44NaDGd1W3ch7uPwhkOsGd/GKVpH5lOr4IQskBa/zQHRIQ5pydXCpMP7qMtj4n2Y3Ry
+PME5tOd0QS3Q/GauWBbl70gGAJDy07/fe4wjzjqy133rlujWv2rEQm7S3kscwjVkybKZbE8WTUGI
+G8hAg4hhp0tyifS/suYHhbQe9VRws7IJAPAMGcPouENHd58uJBpXmE0J8qSRQSEjhDzuzQJayMtT
++Rf3HrgqBBIrZOmHS0LcySQAkInzE/cfTOY9Stz9Q//dy4Jw5NVUFEpMrppZ4eqsXoDpH7nAv5Nj
+qF7saC92RwcMil63u4OVCVTv8Nne4Ua+CtVt7JsLxnZ2EbcRkbNHRHZ0QERMXERHz2txFYSQhdH+
+71DPuR/OLPg8kVdbkLh3Q1JfdvSMmVHDVcFOg4Jzxzi1AJ4zN/5dbZCS4h4W+4nsqw2ni3mJZ7Oi
+VraOoZyLieA5c9um5lNoqkQZMo4dn8sB7g2ONCSE0vKcvBwOAUAKmjS+w+DKTTiWTQDQ2Mu3xzYP
+95LINFefkKlqY8jVaccu8ABo7OWb1UaFyYyAuVtWEmu+SScyTydO3Dm3s10ULly40OqRadOmmfMx
+lZWVlZWV6o84Ozs7OzubzzGDBw8GAAVWl2gHRnqEEEK9gS53UPpGb/ncJ+nf8Yn5YlkZJ/EQJ5FM
+8xw9d8GMEB/HlhFUwUlLJwBoYbPa3ltnhIUFnS7mAjeHqwhht37Wc+5KTbfjh4eH0TjpBPdGtixk
+nPq1ZFl/pRMAEDSGTYEOcK6nEwDgN3cJu6MVZvzraSUKgAHRC9oeFhAe5pieXC3k5vLnerob7f+I
+aVRWVt6/f1/9kcGDB7dNkyY8xtvbm0wmM2gk5isk0QsMsK3NG/+KqbuAEEIIGZ2Oc38Y/tF//yqq
+nJN88XJqdolYRvCuH9t1/bT7uCUfLg5hNSfOhw8eKADAzz9QQxtkr/4s4AoVAn45sFtNGAiKmKBx
+qh4pKHwcI/2KmJueLh434eXgqpRzgwsAtLDXQjq8g19wNx8AwIc9tMOdEWQlJXwAYAUFaRq/9env
+BVAN/KcCgE6Sa9tRTzM/xtnZWTWoqf6IWR0jl8vJZLKVFfzvLMb2k6JOX3Jvs3Kavf6NIIQQQmau
+K7PWya7s6GXs6KUy/p3kxPNJHIGMfz1+M0/48i5/pVAMAMCJ/2BFvC4tu/v4tBdAfULHsK4kC4uv
+3aieENWUbmXZN7gKABo7JKjDdhViggAAcGB2PD1XKCwHABBe3LbiomHfZ3PX9n692R4zLYT2/eXa
+xxVyQE0WR9LtabhyECGEUM+nx6cdiezOjo7dvm/LPH8aAPAS41PEqmf45QLVAQxHRvv/Oej2Ues5
+acIAAOClX+c3PSROT+cCACs8opNFC+VCAQCAe/9OhkoF/HIAADKd0VHP6bhAy5RIJPhhPcsac1qT
+/i42q2d2tmISIYQQ6hH03ymE7Dnxw7n5Hx7jAo+TI544gQHAcnQG4AOwl34ZE6T3BZowxoR4Jjzi
+8dPTeVPnegJA9Y1rxQDgHhbW2YIpRwdnAD7wH/MB3Do4zoHlCFANbhM/2jKFZbCOI0Nj0EhH/85a
+tleof1OWzpoExzeySJjjEUII9Q4G+cQj+/i4AwDUEi9U/3Z0oAGAQigUG7KvjPGTgkgAlZwbPAAA
+cfYNHgAMCAt36+xMSuP47nNRxx1isZwBACorMRKZu2Hetu9Owpmd8O81LnQq5laEEEK9hWF2Z65T
+RVYyNN5H9/H3IaVzFSXXssQTJhruPiaFPSYIuLnCG5klcz3trl3lAUDQhAlaXMDPPxCyuFCSVyCL
+6GAtF2OgDwuKhUR2FneBfxDmAfP2t+n2d0rrs4uknR45e0e5Phd6Vt2gZwsvJEo9W9Bo9UxGkBfO
+XUEIIdSLaJ1cFe2PzxJZl6+LAYAVMLTxFjslJCrsNPcqwbt4KiskNsRg2ZUc8lrY6dx0cXZOyXha
+lgCAFDQmWJtPbnLI6KBjXC7kno7nBMW2vzGWZ2SUz5XTJUR6wq8RfrM8MRSYMyuAbz9wivhYIKnv
+aC/TZ9UNel6IkCofleu1IEzP0zUa40dZMpFu8GYRQgghc6btuCLn6IcbvopPusotKRcTjYNcMkIs
+LLl6bNvGeA4BQGfPnfJyvqn/7CVsOgDBid+07djVEmHzuJiUEJZkJX2/68BlvpaXbiEoPMwRoJqb
+eimHD0ALjQihaHUeOXTp/EEAQHCObD105WV/ZLW8gisJp282TQ9wnLBkmicA8C/FbfomgcMjZE0H
+EmJewZWEA9uPcbvn/wzSgi3Z6sxmV1P3wgRcmdb/jHXCslkIIYR6G+1nC8jExVmJxVmJGp9ksJd8
+3HIok8aO3RoTvyM+S8xPP7Er/UTrM9xndK3DPmNGs5Iv87MyQYvdsFp0ccLKj4Tf7E1+JOac2cU5
+06ozYS+/nvrRFti161eeOD/5UFxym3bYnZVFRN2qr5P1zqWOm3+oNnVHutV/1rLINhhckVlQKuGF
+VEm2BgoZvycRQkanbXINmvfREufL13IfCKvF4qYBSzKdwXLzD5kYrbkMLCMkZhc7OisxIeVGSZm4
+cfSSwmC49R8zfuqk0C6WofKMnOB5OYEHAM5hEQG6nEnzmbtp3wROcsKl1MKm/pDpDDe/iFktOkP2
+nLpl37iCtPOJ6Xk8vljVbzLNkeXmFzJpchRbl2uibvDGKLuMfOmFLMLUHekmX7zj2MfR2tS9QAhK
+BPJ958TX8yWqf9rZWr05jvbuZHtHOq4SQAgZi5US650jy6dQwJy48t5QnmBaCG37Yqape2FeVqxY
+AQCHDx/uzotaWb0cX+z4t6j2R1qQEoF82wnRvUf1Gp99cxztw+kMpiXn1x75fw1fL+oZLPg3C0LN
+ekl5gv4uNlsXMk3dC9SrFfBki76qmLezvL3YCgC/XCde/4fgs5MifpW+6yMRQqiVnv5Rj3oNVXkC
+U/fCiLDoADKtOyX1s7aXL9xdkf9Yps3xiZnEtK3PVh6sLKvE/IoQMhj8GEQ9xzBv25XTemwd1OMb
+sOgAMgElwO0H9TO3l7+7T8gT6jwhJ7NAOn3bs799W/kU8ytCyBAMU4kAITOxbDI9s1CqTXkCy7J6
+JsPPA/cXRt1KlVk/PS4qq9R3BvmNQumMbc9GD6Zsmc/0YOH6QoRQ1+EQDupRVOUJWA496qMxYjgV
+iw6g7qRUQk5x/Yxt5e99I9Q/tja7eV86c/uzFfsrn+g+dosQQio45op6Gluy1fdrWdO3PjNAWxHO
+abMp9o3/kJ9fVb4D6Id2M0aLieA4UdNB9EO7Gf5PxBP21wIwEw7QvFscry9XpvUX7zjiPpmoeyiV
+kF1cv/VEtcBoi6tuFUlnbi8fOYjy6QIHTxf8DEII6QbHXFEP1NfJOm6po76tRDinzaYIM8uCV5UF
+ryo7/8xm1m7nRVB77YkC+th+8vIwir+douBuLUQ4px2gsYrEquP3FZFmHXD9RI/rq2DRAdQ9lEq4
+eb9+6tZnK/YLjRdbm+UUS2d9Vv7eN8LHRqiNjBDqwfDvXdQzTRlll6lneYK+1vagKChr/NeOuLLG
+AdS7svd8KcMXApwEAFg0lGxfJ7uWCotWk+3rpPv216qOOrFfcKILF21p73InLDqAjE2phJv3pVtP
+iMpF3b2IivOg/s0d5SN8bD9dyBzgip9HCKHO4Zgr6rG2LmT2Y+nxWXiyvhRIo2f3TVvdco5pqrSg
+Dry9mQAAwJzlS6p5Ij0B9HAPEogb9E+rzaaF0F4bSjXBG4d6DYUS/suVTPnk2QffVnZ/bG12u6R+
+9o7yZXuFRU+12m8LIdSbYXJFPRaJBCc3skhdv9MumrtKfLMO7H0Z2Qf6Zh/om7BQ9bjahIGFtv/f
+3r3HNV3vfwB/AwPGHDAQEEyTiYoMU8ErFzuJWomaRyrP8VYpZnU89TuFeTrqyTKP9et4Ob+y30lT
+q6OYXaSLiZaG9kPAUEERhog4THMTkE3AXWCw3x/DOWDMwS7ffbfX8+EfG/t+vp/Pd9tnn7ef7+ci
+pLYL59v7WRsbbHbf8/5QzhsLBQy+e+Da2nT04xnVpBXSl7fV195yivWqSiTNf3yn9ol/1JReQfwK
+AN1C5AquzN/Pyu0Jmp5fqR/n2nBKRcKJ4R9OJiLac76lkTijFtDfhRxStZw4die7ANvc7tRvOuCB
+0a1gB21tdPiMKjlD+rdP5Opmp9vnUyLTPr2x9vG3akqrEb8CgAmIXMHFjRpsk+0Jmp5fqZSQZ0h/
+IjIMGAgb1Y8ar2n2EBE1/dZAFOC10BZl/g82HQA7aGujQ6dVSSukqz+Ra1qcLmY1Vl2jfXpTbdpb
+NSWSZuvPBgCuBK0juL7Fj/Af7MWA0QVhZ95v72QlooUvcYWkPZepf6YfMMAxHirwVp6m0c93qWFQ
+bMfklntpdsBwbDoANtXWRgcLVUkZ0jWfypudO2Y1dqVGu3hz3Zx1NecuI34FgHYeOh1rfsUAeq25
+RTfrzZq6no7nWxB2ZqJhAEDbqSzZ83cGBrQv9arSbFl502hWlvF6rh2Pt8yDD3A3LwvGMIEeee65
+54ho27ZtjszUw2gwh/lfUcuPtIfWNjp8WvXWXkVLK7t/6geEcN5cJBg12McxtYPZT83x3O16gdUQ
+uYK7uF7fapvtCewmJNDrwNowH28Erj2DyNUkHVF2oer13XJHvi32Fh7s9d+Lg0dE2v2mhLtFcu52
+vcBqGC0A7qJ/sNc/lwYzXQpz9rwagrAVbKJFq8vYXu9iYSsRyepbn95Uu/VAI2IrALeFyBXcSMoo
+7qNj/JguhWmbng0ODcSmA2ADOh39/q2an8+rmS6IvXz8Y+M/v7zFdCkAgBmIXMG9rH86yKrtCexj
+7oN9HhqJTQfANk5VahywfSuzPv+/242qNqZLAQAMQOQK7sXDw8rtCWzv/lDOyicCmS4FuI61uxVM
+F8ERdv7QxHQRAIABiFzB7fj7eX6+KpTpUtwtzN6/hmLTAbCVBmUbg/u4OlJmDiJXAHeEyBXc0eBw
+7+/W9vP2YjhgjAzjHP5HPz9fxK1gM5XXbbYFsZNr0xEGDAC4Iacb8AfgGPeFeB1/N/zz/7t9+LTq
+4m+O3mdyYoxv6lhe6jg/9LaCbZ0oc9mJWV1VXdeOjvJhuhQA4FCIXMF9cX08np7Kf3oqv0WrUztw
+Y6E+XE+nGmgLruSHMyoH5xjZj5Mcy21QtuWJ1TcbHNoJWnSpGZErgLtB5ApA3hwPbw5iSWC9Zq3u
+htxBg1zHDfNNEvkmirhREXfbkbNVzXlidZ5YU3HNEfcxvj2pXPII3/rzAACLIHIFAHARMjuHrQE8
+zySRb1IsN0nkG8AzMU1idJTP6Cif5bPot7pWfQibL1a32e1+xrU6rbaVOFgHGcCdIHIFAHARZy83
+2+O0URGcJBE3KdZ37FBfC5PcF+I198E+cx/so2nR5Yk1eWJ1vlhjj0UPZPLWASEIXQHcCCJXAAAX
+caLUltOzJgz3TRL5Jom4kf1631L4enukjOKmjOISUYmkWd8LK/7VZmMJKq61IHIFcCuIXAEAXIGO
+6Kez1kauQXzPJBE3UeSbJPLl+9l42cSRQp+RQp8XZvhL61v1vbB5Yo229R6DCXavkZt9XS6+Ydti
+EhGVyUoNj8U3ymyfgT2J+sUyXQQAO0LkCgDgChqVVs3rj4rgzJ/MTxL5hgbavQszItjrieQ+TyT3
+uSzT5ovVW75ucNzbBAAsh8gVAMAVWLkHQZVU+9ZeBRGNEvokxvomibgxA73tVNRfKjT5Yk2eWC2R
+ucu+CQBgK4hcAQBcgZV7EATxPTleHrW3Ws9Jms9Jmv/9feN9fb0SRVz9UFdPqwcOKJra9INc88Qa
+472voiI4VVLErwBgKUSuAACuwMo9CPz9PL9+PexsVXNumTpPrKn8reW3m61f5t7+Mve2j7eHPn5N
+FPn2E/RsLMGl6y15Yk2eWHOmUmP89zFDfJJiucmx3CC+57RVMqbfPABgDUSuAACsZ6s9CPQLsr74
+GFXf0J4oU+eWak5XappbdMfOqY+dUxPRA5E++g0IYgeZG0tw8oImT6zOK9Ncqbnbn+rj7ZEs8k0e
+wZ0Uyw32b+/FrW906LZbAMB2iFwBAFjP5ltnRfbjRPbjL0zhy5vaTpSpT5RpTpSp1c2689XN56ub
+P8xuDA/y0vfCJsf6crw8iKi+sU0/GCBPrL6tvrtiQJjAKznWNzmWmxzL9bLxcgUA4HYQuQIAsF6x
+ffYgIKIgvuesCbxZE3g6HelD2Nwy9Q15q0zeuj/v9v682xwvjySRb6OqrehShzIMu887KdZ3Uix3
+1GAfpt8eAHAdiFzBpWkV5Ueyi+uIQuJSp8UIevR9tyYtqWWnc3LKFcQNT5ieIuzZzurWpAU3Zds9
+CEzy8KBJI7iTRnD/RoElkua8Mk1umbriWou2Vffz+bu5jxvmmxzrO2kEd1AY2hcAsD38soDrUpTv
+XZe+YEsBEXEXZYon9yT6tCatVlHw8Yr0ZTvLiWj48oMJPYk+rUkL7somexD0SPueAjP9f63VnijV
+bMq6RURvLhQkx3IFfAwIAAA7wk8MuCZFadaKNJE+9HRkWqor3vlSSqI+9HRkWnBjVu5BYI37Qzl+
+vh76x6JBPghbAcDe0OcKLkerLj+0acX8NdlNjk1LpDi7d/0rCzYdc3RacHNW7kFgKzqd9ecAIlIW
+fbgj9zoFJs175pFQpgsD4HTw/2NwNerqrE1/0oeeKRnbd2RMdFBaUhRnrtOHnty0dTu2PhvjoLTg
+9qzcg8BKCFhtTFpUcp2I6FbRuWqsGAbQBSJXcDXcIWkZG9LjkpdnFu9f/2R8hL+D0pIgbsGqrfNH
+p6zOKsp89fGYEK6D0oLbs3IPAivpCKGrLdWWXLpFRJ5EKvG5EqfoTQdwKhgtAK6HGzNva/4cLpdP
+pHBkWhKMXb4zN53L55K2x4mtSQvuzFZ7EPSaoc9Vh95X67VVnytqIAqNT+hTlFddfUasHD2Sx3Sh
+AJwK+lzBFXG43F5PybcmLRGX3/vuUmvSgttiNmwlIrobuTL9XrCftqSkTEUkGDg8KTKCiK6UXWhg
+ukwATgZ9rgAALGa/PQgspOvygAFapfRsUeHpCzV1SmUzERGHFxw6TJTwcPzATv8RrTu1+72C+pCE
+RS+NC26qLTt+rKi0rl6pJSIOP3TQ+PGTkqMCOVYnIU1V1u7vzyo5A5PnPRsfbOllKMVnqokoMDY6
+lB8UO/S4tLK2pKA2HvO0AIygzxUAgMUcsAeBhRjrc1WKs9bv+OK7ourrSmUzcfg8Xw5plfXSsyey
+Nn5WWGMqSX29vObU3s2fHS2U6WNQItI21VblHPxk43dlCquTNFeVnlUSkfaq+FKdxRfScKH0ChEF
+i8aEEnGiH4gkzNMC6AJ9rgAAbOX4PQhMlIHxQQK8YbHD87X8+IQxsRERvvpWTXtTfPCjo9XK2oIj
+FfELojs3dW1Vhz+s0AZGPzr3oSh9kjZt/YUTh78qqVVWH911IvgvyRGeViTx4fl6ErURkQ/X4kFA
+tQUltUTUXzQihIiII4qO/Ka6WlV1qWpq5FCm32QAp4E+VwAAtmJwDwKDu6MFGAthOdF/XDp3ZvzA
+O2ErEXH6imY/FkVEVHHpiokkWq1P1Mxlj0QbknhygkUPzX9+XDARKYoKTiutSxL54LyE6NHR8U8+
+OtLCcfPtc7MoIm54+5Qsn+hRo3yJNGWFFVhiAMAAkSsAAFs5wx4Ed9cWYLoknfULCyUikt80db8+
+eGJClF+Xv4aNGx9NRHT1/CWldUl40eMeTXtk0gMBFha2fW6WZ+SouLtrCUSOiPIlooqiEszTArgD
+kSsAADOUSqWVZ2B2D4JOmB820EnfYDNhY2iEyXlTnChRJBHRVWmNLZJYTFtVVk1ENDQ6ysfoz0Oj
+h/gRUW1JQa0j3zkAZ4ZxruDO1LJLEjk3ImaAwLFpSX1NIlH7CSPDuaiCbuzs2bOVlZUzZ87s27dv
+787A7B4Eek4RsLZp6yUlZeeuXb1cc7utWdl0z67o4OBu3nJOAM+XSNN2q6GJiG9lEos1lJypICKK
+ius0JHfgqPiAsryGW2UVtY+EYokBAELkCm5MXf5ResqyvTKKy/hu//pZwp4spmpNWlKc3LQgYUU2
+UcqGn/a/miJALXRXiYmJ33//fX5+fmJiYi/iV8b3INDTMb2eq7Li+P7PS+r1waoPj8f14fUfMDDM
+l1T11RW1mp6eLjCwD5GGmtVqi8PQXiTpqH1uFlHVvvf+x+QRirJzlclTMU8LAJEruK8mSf6RvTIi
+ouKsI+UrpgvDLa8N1qQlRXludjYREeV8l1P+bEpCCNNvBTBn5syZn376aX5+fi/iV2cIWztiInSt
+OvqfTLGGKHD01EemDosIMKqKdad29yJyvXXrNlGP1gToTRJjd+ZmmaUpK6x4aGg02mwA1AJwVxxu
+UIiQSEJE4aFBPWtxrElLXEGIoP1haEQvmzpwFfpu15s3bxJRT+NXm+9BoG3Vcbw8eppKdydg7V2f
+q0pjTbyrLcsXa4iof/LcNFFPdkmtr6khMvWfRmVdvYaIPAMD+NYnsUzVpUsqIgqdtGJevKmRucr8
+zz46XEsV58RN0ZauVADguhC5gkvjRiS+kLljHvmFxwV1+rJzhamvbN3Iz5b4J6a/kGDilr01aTlc
+YeqazKFy4gtjBJ3PGzNn/f46YfbVoNRlC+L4PUoLLkjf7Wp4ann8ats9CH6t1T72Rs2y6f6/T+xJ
+BGjF2gJtbbT9cONHhxqtKHXDbTkRUfDwyK6F1l6V1nefUvqrjEThJhJdkhERDYwIs0USC2grCsUa
+IoqOH9nNhDLe2PjIH3+obpOVlihH9vDTAXA9iFzBpXHDE+bMT+juxSGpGe+m2iUtcYXJacLkbl4U
+xKS9ujGtd2nB5Rh3u+p5eHjcM361xx4ENxStb32mOFCoXPao/4Thvj1N3qM+129PKj861Citt82A
+h9vyBqKOE//b6k/lVptJoiw+U/G7GdGdVrmqOn6sgogocoyJHtweJbl1/sTxs/UBMcmTx5rd/LV9
+bpZv7PjuRwL4RI8adby6WFN7sqg2MRnztMDNYVUsAACGzZw50/ip7k4MmJ+fv2rVqk2bNl28eLFT
+EqXaXoNKz1Y1/+mDm2s+lV+psWix2J72uRZWaJ79n7p1mQpbhK3BwugAItKcK8iturMlK2k10orD
+7+8prDebVFN1ePsPZVfvprp19odPdos1RBSRMGkkx7ok1QX7i6orq0u+O1rSZK4U7XOzBLGjzM6+
+ipwYG0j6eVpWv2cALIc+VwAAhnXtdjV28eLFTZs2DRs2bNasWcOGDdP/sc3OM/kPnVYdOq1a8jB/
+Waq/t9nBrzoTj0y7VqfdfqjxYKEtV/IKfXBSVPHBKmVt0ac7ijw5PL5Xc4NGS0SeAbELpvTJ/rrQ
+9JsaOelxXsl+8dGPKo52eoUfPfOZccGe1iVpVmradzczv+BA7YWyBiIKnRh/j57UiPiR/Ytyr2su
+lVZPHRppwzcQgHUQuQKAK3juueccmd2yZcsszNryI80zxK8ZGRlE1OaQbV93/dj0faFq2XT/Od0P
+r7RkVazWNtp+qHHHYWuGtHbDL2rmimcqDh8uLK2rV2qVDVoOLzhimCjh4fiBfKoeSGQ6cm3QRjz2
+zIpRZcePFZXW1Su1RMThhw4aP35SclQgx+okPlEjRudXn1XyokYOMbN4SOW5MgWRZ+SYsfccvcob
+OTEyN6tac66E5kTa/m0EYA9ErgAA7ODn5zds2DCdTufh4RHA8xT08VTctnsAW6NoXf+Z4sAvymXT
+/Sf2fPArEX1ToPzoUKPMfmt4cQKiZ86Nnmnilci0l/6r+xHlxA+NnTk3dib1gKVJfKPSlprLWm/o
+1OfXTbX0Kkc/9l+jbfm2AbAUIlcAcAXbtm1zZHYeHndvoOvM3ri35EilUrl69Wozm8H6+flNmTJl
+ypQpPB7vzmnpv34f8GamwjHXe+5y8/IPbj461m/ZdP9BYR0aDjPjXAsrNNsPNRZX2Xj1LgBwZ4hc
+AQAY9tNPP3UXtnaNWQ1mjud9/GPTr7UWzaOyicOnVYdPq5Y8zH92ur8Pp/PgV+Ow/Gqt9qPDNh7S
+CgBAiFwBABhXUFDQ9Y9mYlY9T0/6dEXI1L/JWh0y5tVAP/j12Uf905J41KXPtbWNtmc37vjBDkNa
+AQAQuQIAMCs/P7/TqgL3jFkNAnieO/4SsnhznYPLXKNo/cc+xfe/KJel+hutLaCz+5BWAHB7iFwB
+AJj0/fffGx5bHrMajBT6LHnYf9ePDPRxnpM0L//g5sPx7Uvz//sgG4a0hoxbtG6c3ZMAgN0gcgUA
+YIyhw7UXMavBn2b5n5M0n6nUMHIJPxa1D2ZlQdgKAOyHyBUAgDHff/+9NTGrngfR1heCJ78mUzfb
+d3sCAADGIXIFAGDG2bNnExISrIlZDXy8Pb5cHTZr7Q2mrwkAwL48rT8FAAD0wujRo2fNmmV92KrX
+P9jrH08HMX1NAAD2hcgVAMBFPDrWb+Z428TBAADOCaMFAABcx9oFghJJsyO3J7C3RetNdyTPHM97
+c5HATplavkcaADgY+lwBAFyHfnsCL1f/ab8/lLN2gYDpUgAAA1z95w0AwM3otydguhR25OVJu1eG
+eKL5AnBLqPoAAK5mpNBn+cwApkthZEHYmffDP5xsm5PtfjWUz0XjBeCmUPkBAFzQ4kf4Y4b6Ml0K
+23tpdkD0AG+mSwEAjEHkCgDggvTbE4QEejFdEFuaPIr71FQ+06UAACZhbQEAANfk4+3x8SshVm9P
+IPjqfR6dVNJEnpCIiBorGx56r8n4VWH7Y+03L9a8ZUi3IOzMRH0T03aqss36ywkTeL39TJCH9ScC
+ADZDnysAgMvqH+y13hbbEwgn8ujk9TEvXh+TpaGhAcdf4hMRTe57/H2e8IZyzIvXx7x4/ZsbnN+/
+H/Z3fYIFYWcmciTtSVqGD7VBL8knr4R4cxC4Arg7RK4AAK5suk22J7ihfCKTiIiO3dxR2eY/lPd3
+or8n+fqrNFvWK/SHvLVeKSHOlJf4RPwPR3E6JbEy/83LgvsFudTIBwDoHUSuAAAubu0CwX0hVvV6
+SiQKw+M951sayfO+yfz7AogaWvfcPUpx7gb5D/BdSJwQv45JbloVuc4cz/vdA1xm3jsAcDKIXAEA
+XJynJ2WuDPG0w532xgZTm3VN9uq8nOz11sbeZnF/KOeNhQK7vj8AwCKIXAEAXJ+/n+22J+jv5W84
+bUCXrtyG1j3HWuu6T9Ij+k0HPDC6FQDuQOQKAOAWRg3u/fYEQqHA8HhhX09StZw41vRbA1GA18K7
+RwlG9dP3wmrrVF2S9Mp/sOkAAHSEXwQAAHex+BH+g70bMNqP99UCIiKa3HfpUE/JuZt7iN7K0zT6
++b68RqA/5O9reELS/vReE1HT8+e0nZL0Is+XZgcMx6YDANAR1nMFAHAXHkT/vTho1ps1dbdae5Sw
+sVJDE/ufmUhEJDl53bBowEPHBF+9zzvzPo+ISKXZ8uLN9glbmTVjKOxMe5K2U5XacT0MXh98AJsO
+AIAJiFwBANxIb7cn0Dzx4k1Tf1c88aLCdIrMmjGZvSxkSKDXfy/GpgMAYAJGCwAAuJf+wV7/XBrM
+dCnM2fNqiI83AlcAMAGRKwCA20kZxX10jB/TpTBt07PBoYHYdAAATMNoAQAAd7T+6aDzV1p+q9Pe
+68DuxwPYwdwH+zw0EpsOAEC30OcKAOCOPDzstT1Br90fyln5RCDTpQAAp4bIFQDATfn7eX6+KpTp
+UtwtzN6/hmLTAQAwD5ErAID7Ghzu/d3aft5eDAeMkWGcw//o5+eLuBUA7gHjXAEA3Np9IV7H3w3/
+/P9uHz6tuvhbi4NznxjjmzqWlzrOD72tAGAJRK4AAO6O6+Px9FT+01P5LVqdukXnsHz7cD2daqAt
+ADg/RK4AANDOm+PhzUEsCQDOC+NcAQAAAIAdELkCAAAAADsgcgUAAAAAdkDkCgAAAADsgMgVAAAA
+ANgBkSsAAAAAsAMiVwAAAABgB0SuAAAAAMAOiFwBAAAAgB0QuQIAAAAAOyByBQAAAAB2QOQKAAAA
+AOyAyBUAAAAA2IHDdAEAAMAi6uqC7FyJmrjCyakJA7gmjtAqyo9lZx3KkSiIOFzB0MTH56QmDBH0
+KBPZ6ZyccgVxwxOmpwj5ZJdctIryI9nFdUQhcanTYgQmGyKFpOBQ1v7ccoWaiCMQJqSmzUqJCbHs
+Gq4V5xeUl18oKpYoiMMNj0uZMT01IZJrUWIAcHI6AAA2W7Zs2bJlyxycqeW/ojb6vVVJczbOH6A/
+TcL6XLmJQ+RFO56N6fIbn5DxhVhlYSYt8vzt6e2nGL784FWdXXKRizNfTtAn4y7KvGwqmap8f0Zy
+l0yGp+84Jb/HyRsv//ReepyJti4mfVeRvMXSt9vdWkl3u15gNYwWAABwbmpZwfvpcSkr9l4zd0z2
+u8uXflRORERxqYvS58/Rx28Fm+ambzomu3cudcU7X0pJXLaznOyYi6I0a0WaaMGWArMlKfjglcc3
+nSAioiGp8xfPT0vmEhFd2Ll08ZqsanX3Zy/YNHfwlJd2FhMRkXDa/PTF6fOnCYmIqHznkvT1hyRq
+AgCWYzp0BgCwimv3uaqk+Tue7dSHaKLPVX5qY6r+xVkbf7ra3o0pzd2Ypr/d/+RWcaO5XOTFmRmT
+O2Ziqs/VqlxaVOLv1qd2HH5gqs9VJd41X6C/zr8dvKw/YYu8aHt6OBERpWzI777rVCXeuzyGKOXV
+zPyrhvOqLmdltL+DT+4w/z7Y6lNjHXe7XmA19LkCADgrraL4ozVLPyomIuGijTvebQ/pulCUH8vO
+JiJKWb8yPeXOENjw5PQ161KJiL7Myi5VdJuLojhz3YJNx4iIm7Zux1YTgwFskIu6OmvTn9ZkNxFR
+Ssb2HRkTuzmuSZJ/aK+CiEZnrPlTavtAW44gbl7G+nlcIsr5Yn9RXXeZcGOeXH+wXHpww3yjccBc
+4bT05fOIiKi4WNL92wAArIDIFQDAWXEECc+uXj8rJm3DTz/97/KUSD/Tk4yapEUFOUREySkpwwVG
+LwiECSkpREQ5Oae6v1EuiFuwauv80Smrs4oyX308JqSbmUzW5cIdkpaxIT0ueXlm8f71T8ZH+Js+
+TC0rLsglIoqZnBIfbvQCX5g4OZWI6Gx+wSWFmXdMODyc22nKFzcoSBBORKRWq7UYLwDAblhbAADA
+iYWnrN5bpOZzuUSS7o5pkkoqiYgEMTHhHW/HC8KFMZGUU03llVKFNi68m598wdjlO3PTuXwuaRVk
+r1y4MfO25s/hcvlE3WeirpOKZUREMTHCjmsOcCOGxMQRFVOBWCJXJwt6sFKAWiq5JiMiihRG8LHC
+AAC7oc8VAMC58bnmoy11k0x6jYgoJlwQ1ClqFEREDCAiksikcrO9jdx7hXQ2yIXD5fLJPHWtREZE
+JIwID+pUIG5oRAQREclksh51nCrOZu8/QEQUNylBKOhJSgBwPohcAQBYTq1SK4iI/Pz8utxI43L9
+iIioSaHWsiAXlVqt0p/QRMdtewQvl6vI8lwUxTvfXVNARJSanhYfjhuNACyHyBUAgOW0+pDSFM6d
+cM/KsNVBuahJrep2bS2uH9eynQiMzifJWpe+4gARUdp76xeMFlj9LgAAwxC5AgCwHIcr6O4lLan1
+d9Y5Vs9rcEQuXOL6hXf3olqlriMi4lqYhVqW88+lj28pJqK4F/dvXBwnQIcrAPshcgUAYDmuX1A4
+EZG8scttdK1cLiciIn5PpjQxl4sfXxBERCRXNKk6v6ZVKPTH+PvdOz7WynLeT5/yeg4RhS/aunNd
+mvBeQ2wBgBUQuQIAsBtXEB4+gIio/JpM3jGmVDcpZPqp+gMigqwLKh2Ti6B9GpZMKlN0moalqJVL
+iYi44QPC75GJVpazJX3KymwiEjy5MWvz8jiBtW8yADgJRK4AACzHF4oeCCci9fmiTivtqyVFRfoF
+AYYKrb1X7pBcuOExcSOIiIrOS6QdQleFtLSgnIgoTjTQbHhsFLaGL9qasz0joaejYwHAiSFyBQBg
+OW5E3KREIqKzOdnFRhOctLKiI9nFREQpiXERd6I9texSefk1hZPmEhKTOElIRLIj2QXXjEJXRXnO
+kRwiotGJCUMEdzJRSC6US4w7ZzuGrdnvobcVwNUgcgUAYDtuzLT0jBFEVLzp9fV7zyqIiLSK4i83
+rni7mIjoybTUEQIiIlKXf5QeN1QkGpiy4oCkh9tJOSQXrjDlyfQEIqreuWbDzgL9yq1Nkuz316w4
+RESUMvfxeH0fqlqStTJxcIxo8Lg/772gJuoQttKI5esXJ3KvlZeXdvx3qWdrwQKAs0HkCgDAfgNS
+0lemC4no9AcL4oI8PDw8vIPi528qJiJK3fjSghj9/KQmSf6RvTIiouKsI+WKni5i5ZBcBAnzV7wc
+R0SSj/+cGOHn4eHh4T94xus5REQTV2csal8iQC0rzv66nIjo0s6Dp6RqInVp5j/0YSsRlX6wNCVe
+9ICo87+V+yVNTH9YAGAFRK4AAC6AGzNvfeb/psd0+nN42vrvti5PFrQ/5XCDQoTtr4T2YjKVQ3Lh
+CtNe35n5ckLnv0/L2P/RitQB7efjcgXh7QtoxUQI/LCpK4Cb8NDpdEyXAQCg95577jki2rZtmyMz
+9fDwMDw2/ytq+ZH3pLiQk31KoqIg0eTUhAGmQzV1dXFOQZGkWqLgC4WRooQu+52qL2V/sD1b4p+Y
+/sL8OBNTl9SSE9kFlXLiCxOmp3S3kpS1uahlBYdyxAryC49LnRbTzaQutexsfv75ckmlggYKhUPi
+UhJiOq65pZYdy9z6ZTHFpf15UUo4l0hWnHWkSG62i9cvJD51+r0XdrXhp8YK7na9wGqIXAGA3dwn
+cgWHcbdPzd2uF1gNowUAAAAAgB0QuQIAAAAAOyByBQAAAAB2QOQKAAAAAOyAyBUAAAAA2AGRKwAA
+AACwAyJXAAAAAGAHRK4AAAAAwA6IXAEAAACAHRC5AgAAAAA7IHIF6A2djprUOk0LtkkEd4e6AACO
+xGG6AAAsc1mm3ZLVkF+u1j/18/GYk8hb8oh/EB//DwT3groAAI7nodPhP8oAFrks076xR1F2pdnk
+q3MSeX+eFSBAm+1wzz33HBFt27bNkZl6eHgYHpv/FbX8SBZx+brgkp8arhdcA/pcAe7twtWW9fsU
+5b+2mDnm63zl1/nK2RN5z073jwj2YrrIAHaBugAAzELkCmDOucvNa3crrtZpLTz+25PKb08qJw73
+Xf1HQf++aLPBdaAuAIAzwGgBABN0ROeqmtfuUVyzuJ3uakK07+p5gvvQZtsZRgvYlXvWBbZ/arhe
+cGGIXAE60BGdrWp+fbfi+s3et9PGxg3zXTNPMCCENW026yBytRN3rgvs/dRwveDyELkCtNPpqLiq
+ee0em7XTxsYO9f37/MABIRifY3uIXG0OdYGNnxquF9wEIlcA0unozKXmtXvksvpWu2YUP8T39fmB
+A0Odus1mHUSuNoS6oMeuTw3XC27FSX81ABxDp6PTlc1r98hvyO3bTusVXdL8fl1NXJTP6/MF94eh
+9oETQV0AAFbA7wW4KZ2OTl3UrN2jqFE4op02VlzVPOetmtGDfV5fIBiENhuYhroAACyCXwpwO206
+OlGm3rDvVu0tR7fTxs5ebk57q2ak0GfVHwKH3ufN9LsC7gh1AQBYB5EruJE2HR0tUr25V6FudpaB
+XCWS5j++UysM57yxMGjEILTZ4CCoCwDAUohcwS20tdGPxap1mQpNi7O008YkMu3TG2sjwzhvLgoa
+EYk2G+wIdQEAWA2RK7i4tjb6oUi1bq+i2SnbaWPVNdqnN9UOCuO8sVAwUujDdHHA1aAuAIALQOQK
+LqutjQ6dVq3/TNGsdfZ22tiVGu3izXX3h3LeWCgYNRhtNtgA6gIAuAxEruCCWtvo8GnVW3sVLa1s
+aqeN/VqrXbKlbkAI581FglGDfTysPyO4JdQFAHAxiFzBpeiIsgtVr++WM10Q27hWp03fUhce7PXf
+i4Mx5g96BHUBAFySJ9MFALCZFq0uY3u9yzTVBrL61qc31W490MjWTjNwONQFAHBV6HMFF6HT0e/f
+qrH3lpUM+vjHRqW6beWTgUwXBJwd6gIAuDD0uYKLOFWpceGmWu/z/7vdqGpjuhTg7FAXAMCFIXIF
+F7F2t4LpIjjCzh+amC4CODvUBQBwYYhcwRU0KNscv+U6IzJz0FqDOagLAODaELmCK6i8rmW6CA7S
+piPcJAUzUBcAwLUhcgVXcKJMzXQRHKfKbUIT6AXUBQBwbYhcwRX8cEbl4Bwj+3EWpvAfm8jrG+Do
+SlR0qdnBOQKLoC4AgGvDqljAes1a3Q25gwb2jRvmmyTyTRRxoyLu1p2zVc15YnWeWFNxrcUBZfj2
+pHLJI3zHXC+wC+oCALg8RK7AejI7N9UBPM8kkW9SLDdJ5BvAM9GrNDrKZ3SUz/JZ9Ftdq77Zzher
+2+y2VPq1Oq22lThedr1oYCXUBQBweYhc2Up8o4zpIjiR3Wvufcyi9UE9OmdUBCdJxE2K9R071NfC
+JPeFeM19sM/cB/toWnR5Yk2eWJ0v1thjordM3jogBM01dHb2sl3unqMuAIDzQOQK0MGE4b5JIt8k
+ETeyX+9rh6+3R8oobsooLhGVSJr1PU/iX212/7TiWgtaa+jqRKktp2ehLgCAE0Lkym6ifrFMF4EF
+7tk/HcT3TBJxE0W+SSJfvp+NZ5mMFPqMFPq8MMNfWt+q73nKE2u0rVbdQD1arJoymmvv9w3YRUf0
+01lrI1cnrAu718jNvi4X37BtMYmIymSlhsesu8GFdgFcGyJXcGtREZz5k/lJIt/QQLt320QEez2R
+3OeJ5D6XZdp8sXrL1w29PtXRYtXbi3s2+AFcXqPSqsVNWVoXAMDdIHIFt1Yl1b61V0FEo4Q+ibG+
+SSJuzEBvO+X1S4UmX6zJE6slMmsXodSvwe5v6y4xYDUr9yBgaV0AAHeDyBXcWhDfk+PlUXur9Zyk
++Zyk+d/fN97X1ytRxNUP7/O0OjJUNLXpB/bliTXG+/1ERXCqpNbFGde1o6N8mH7/wIlYuQcBe+sC
+ALgVRK7g1vz9PL9+PexsVXNumTpPrKn8reW3m61f5t7+Mve2j7eHvs1OFPn2E/Ts/uml6y15Yk2e
+WHOmUmP89zFDfJJiucmx3CC+57RVMmtKXnSpGZErGLNyDwL21gUAcCuIXAHaF6F88TGqvqE9UabO
+LdWcrtQ0t+iOnVMfO6cmogciffSLrscOMnf/9OQFTZ5YnVemuVJztw/Jx9sjWeSbPII7KZYb7N/e
+c1XfaO1+61iDHYzZag8CNtYFAHAriFwB7orsx4nsx1+Ywpc3tZ0oU58o05woU6ubdeerm89XN3+Y
+3Rge5KXveUqO9eV4eRBRfWOb/gZonlh9W313lnSYwCs51jc5lpscy/Wyw3jUa3Xa1jayx5mBjWy+
+dRaL6gIAuBVErgAmBPE9Z03gzZrA0+lI32znlqlvyFtl8tb9ebf3593meHkkiXwbVW2ddk4fdp93
+UqzvpFjuqMF2v5Uvrcca7NCu2D57EBBL6gIAuA9ErgDmeHjQpBHcSSO4f6PAEklzXpkmt0xdca1F
+26r7+fzdCTHjhvkmx/pOGsEdFOa4OoU12MHAtnsQmOTMdQEA3Ad+WcBpFX/43IfFXf/s6R0QGBIS
+PX5ySvL4QQGOLFD7Ouoz/X+t1Z4o1WzKukVEby4UJMdyBXwGboJiPwLQs8keBD3ibHUBANwHfmKA
+bdpaGuTSyye/3bnh1Vf/dVzKxOyO+0M5fr4e+seiQT5MNdVHi62aSw4uw8o9CKzhJHUBANwH+lzB
+2cU9v+35uLtPW5QNt2Tnj3z5zfHLDQ3ln727N3zLwuEMFk9n1TauVsF+BKBn5R4EtsJgXXAtyqIP
+d+Rep8Ckec88Esp0YQCcDto8YBlvXkDI4KR5f30zPY5HRMq848VM9Dc5SSNd5RwhCzDLyj0IrOQk
+dcF1SItKrhMR3So6V40VwwC6QOQKLMUb/7s4HhG1yaQ1DGSvI6dorjvN5gb3ZOUeBFZykrrgMmpL
+Lt0iIk8ilfhcCf5rCtAZRgu4shb55cKcg8dO/Sq71dDSRkTevPCBIybNfjJleECn/7PoZ0ONeX7b
+sriWmuIj3xw8Vnq1QdOeZPzU+TOSBtogibJ459oPC5u8B89Z/deHI6y9vKCQQCIlQ++toZ9Jx2iP
+E/YjAFvtQdBrTlIXXERb9bmiBqLQ+IQ+RXnV1WfEytEjeUwXCsCpIHJ1WcrcLS/vudD+xNM7IMhb
+JVcqZZcLv9xSeHL2G6tSI7p2uNdILxcX/Xt7YcPdW1QtStnl43vWH/952l9feWIwz6okLWdPFDYQ
+UcvlvGLpwxHWhq7yultERH48Rn7X77bWTOR+x7U6bYtW583xYLIQwChmw1YiZ6kLrkFbUlKmIhIM
+HJ4UIM2rll4pu9AwMt6ha6gAODtEri6LNz4p7mBz4NTZyYlRA3n6fRpb6nI//MeeUuXVb78qnPbi
+xC6bN/6WvXl7i/fQ2S8/PW14X28iopaGyz/v/ff+4oarR/57Z8SWF5N4ViTx5t95yOf1sfb6lIU/
+FyuJaOTkJCZ+1nVdHjDlhqINq7q6M/vtQWAhp6gLWqX0bFHh6Qs1dUplMxERhxccOkyU8HD8wE73
+JOpO7X6voD4kYdFL44KbasuOHysqratXaomIww8dNH78pOSoQI7VSUhTlbX7+7NKzsDkec/GB1t6
+GUrxmWoiCoyNDuUHxQ49Lq2sLSmojcc8LQAjGOfqunzHP//OX+dNHX4nbCUi75BJLz41hoiotKTU
+RJK2lpb7Zq/8S2p7DEpE3gGDpz7/5pI4HhGVfvXtJeuSjHjyxcfGj584LX3JQ72PNttalFeLv/rX
+2p3FSgoY//zi8d69PpUtMN7PdI7pwAWY5YA9CCzEWF1QirPW7/jiu6Lq60plM3H4PF8OaZX10rMn
+sjZ+VmhyHHx9vbzm1N7Nnx0tlOljUCLSNtVW5Rz8ZON3ZQqrkzRXlZ5VEpH2qvhSncUX0nCh9AoR
+BYvGhBJxoh+IJMzTAugCfa5uZ+DAgXTmKv0mlVJc1/v1cTNMjCLgjZuR9HXxkZvKwpMX5g0Z3vsk
+ngEjZqSP6GGBiz987rkuf/QOGjz+yfQnfzc8gKG4lfGA1eBEmXrGeD+mSwHMcPweBCbKwHhd4A2L
+HZ6v5ccnjImNiPDVt2ram+KDHx2tVtYWHKmIXxDdualrqzr8YYU2MPrRuQ9F6ZO0aesvnDj8VUmt
+svrorhPBf0nu/LPWoyQ+PF9PojYi8uFavFtIbUFJLRH1F40IISLiiKIjv6muVlVdqpoaOZTpNxnA
+aaDP1e2EhId0/+LA++8z/ff4uAAiUlZfrrNBEhtokV8uzvn24Jm6Fge8ZabcvUPKdLON/QjcGYN7
+EBg4QV3gRP9x6dyZ8QPvhK1ExOkrmv1YFBFRxaUrJpJotT5RM5c9Em1I4skJFj00//lxwUSkKCo4
+rbQuSeSD8xKiR0fHP/noSAunULbPzaKIuOHtw6p8okeN8iXSlBVWYIkBAAP0ubo0jfRCbl5e+YUL
+v90iZUOD5p4JQiLCunkhJISogW7W1RGFWJukZzrtREBELU1Xq04e2/dN3vGPV+flzF79mqnZZnZ2
+dz61o3PuDPsRuDNn2IPAeepCZ/3CQqmqluQ36yiqy29Q8MSEqK73KsLGjY8+dbiCrp6/pBzfeVJ/
+j5Lwosc9Gt2DwrbPzfKMHBV3N9vIEVG+xWJNRVFJQzTmaQHoobVzUW0NpXvf+PNLb2z58khh6VVV
+KxEvYOCI8eMnjh8xsDdT8QMEgURESqXl/Xu9SGIhb/7A4VOfeuP1JwZ7UsuVb7cdktrrbbQA432u
+hP0IWCs/P7+goMCaMzC7B0EnzlAXOugbbCbYC40wOW+KEyWKJCK6amKd6F4ksZi2qqyaiGhodJSP
+0Z+HRg/xI6LakoJaR75zAM4Mfa6u6cLete/nKskzZPz89CcnDjYeDCo9+Ebp1R6vgtqguEVExONZ
+PqCyF0l6Jmza5FFfXS4maXFx3YwIa7p1e8GpGun8cs3oDs0dsMPo0aNXrVp14MCBWbNmJSQk9OIM
+zO5BoOcUdaFNWy8pKTt37erlmtttzcqme/5fLji4r+kXOAE8XyJN262GJiK+lUks1lBypoKIKCqu
+05DcgaPiA8ryGm6VVdQ+EoolBgAIkatr0uQdyVUS0cDH/5o+qUd3mGRSGcWFm3jh+m8yIqK+ISE2
+SGIzA/uHUHEdtZDjR7vqnGkNyx/OqP4005/pUkCP8Xi8KVOmfP/995988kkv4lfG9yDQY7wuKCuO
+7/+8pF4frPrweFwfXv8BA8N8SVVfXVF770FSnQQG9iHSULNabXEY2oskHbXPzSKq2vfe/5g8QlF2
+rjJ5KuZpASBydU3yWzeJiCLiR3QNW1suXzZzb11adbmFwrtO179aKlYSES9ycIgNkthKy+Ur9pj9
+1VPMh67Yj4C9pkyZ8tNPP6lUqps3b/Y0fnWGsLUjJupC1dH/ZIo1RIGjpz4ydVhEgFGjVndqdy8i
+11u3bhP1aE2A3iQxdmdullmassKKh4ZGo80GQC1wYbfq6og69YZezz5Sai5N6Q/Z0omzO014aji2
+98hNIgpJ+t1wq5K01RV+/dkv10PiH5+X1N/q67tzLbyhg63ZjkvbquN49TjmM+zV3rt+JpXGxm08
+9iNgKUO3q/5pj+JXm+9BwMK6oC3LF2uIqH/y3DRRT4bw19fUmJ46qqyr1xCRZ2AA3/oklqm6dElF
+RKGTVswzOQ1Lmf/ZR4drqeKcuCna0pUKAFwXZmi5ovAHRvQlImXeN19dkN+5kd6ivHpy5+q3sqVm
+PnNPIln2u//6qvj6nVRtDRcOblm77zIR8cY8kTrQuiSl3+78sbS09Ph/Mo/fs4fBjJamq8UHP3xj
+Q7aUiDxHPJE2vNen+rVW+9gbNd/k93jgb6/nU7e10YfZjY+9ecOKN8AE7EfAXlOmTPHz6zAaXB+/
+rlq1yvz8LdvuQcDOutBwW05EFDw8smvYqr0qre8+pfRXmak/a69ekhERDTSxaEovklhAW1Eo1hBR
+dPzIbsZ28cbGR3oSkay0pMefDoDrQZ+rSxqY+mRc3ofFyqtHtrx2hHwDArxVDU0tRERhSS8uDPxs
+c7bpu+yBDz31iOyrfUc+fPNIp1e8B81euTSOZ12SlqY7P7tNyttEFo7ANbkTQTv+8Cf+8nxSbxZL
+uOuGovWtzxQHCpXLHvWfMNy3p8l71M/07UnlR4capfW2v8mL/QjYq1O3q4H5/ld77EHA3rpwW95A
+1HHif1v9qdxqM0mUxWcqfjcjulOlqTp+rIKIKHKMiR7cHiW5df7E8bP1ATHJk8ea3fy1fW6Wb+z4
+7kcC+ESPGnW8ulhTe7KoNjEZ87TAzaHP1TXx4p5/9630h4ZE8LyJNA0NTcQLHzz+yZf/+eZTI6Kj
+Bnf3sctv8Sa//O5bz88eMzCgvdny5oUPfmjhmg3drZnakyTeo5PHBxB5BgxPibPm/j558wIGjZi2
+8K//fOflaQNts4nW2armP31wc82n8is1Fq0w1dN+psIKzbP/U7cuU2GPsJWIfixifo459FrXbleD
+7vpflWp7DSplVV0IFkYHEJHmXEFu1Z0tWUmrkVYcfn9PYb3ZpJqqw9t/KLt6N9Wtsz98slusIaKI
+hEkjOdYlqS7YX1RdWV3y3dGSJnOlaJ+bJYgdZXb2VeTE2EDSz9Oy+j0DYDn0ubos77Dx814dP8/E
+KyPS/70t3VzCuNRlcak9y8uyJLy49H+ay7qjuOe3bXPc+0VERIdOqw6dVi15mL8s1d/b7IA/nYlH
+pl2r024/1Hiw0L6RpYfbz87atGmTI7ObOXOmhVlbeCSPx1Opuv2SdO1/bbPzTH621IXQBydFFR+s
+UtYWfbqjyJPD43s1N2i0ROQZELtgSp/srwtvmkwXOelxXsl+8dGPKo52eoUfPfOZccGe1iVpVmra
+dzczv+BA7YWyBiIKnRh/j57UiPiR/Ytyr2sulVZPHRppwzcQgHUQuQJ0tuvHpu8LVcum+89J7HYg
+giUrAbW20fZDjTsONzqgzM6wOBezLl686Mjs+ve/O8fQfNaWH3lPN2/ezM/Pb49cHbLtKwvqgl/U
+zBXPVBw+XFhaV6/UKhu0HF5wxDBRwsPxA/lUPZDIdOTaoI147JkVo8qOHysqratXaomIww8dNH78
+pOSoQI7VSXyiRozOrz6r5EWNHGJmdZXKc2UKIs/IMWPvOeaJN3JiZG5WteZcCc2JtP3bCMAeiFwB
+TKhRtK7/THHgF+Wy6f4Tez7gj4i+KVB+dKhR5qh1i56c1Mehb5AzeeWVVxyf6eTJkw2Pjx07Zv2R
+X3zxxbVr18ycZ9iwYbNmzRo2bJj+aQDPU9DHU3Hb7gEsC+oCJyB65tzomSZeiUx76b/Suk/ID42d
+OTd2JvWApUl8o9KWmstab+jU59dNtfQqRz/2X6Nt+bYBsBQiV4BunbvcvPyDm4+O9Vs23X9QWIfK
+YmZsX2GFZvuhxuIqh072X+7GOxFER/dke3gbkUrvrotsvgCWHHnx4kUzYWunmFXPw4P+6/cBb2Yq
+HHO9LKoLAODaELkC3MPh06rDp1VLHuY/O93fp8tq/8Z3SK/Waj86bPchrV0tSuH78zDbksUOHDhg
+8u8mY1aDmeN5H//Y9GutRfOobML56wIAuDxErkBEvZoNxcAEKibpB/w9+6h/WhKPuvQztbbR9uzG
+HT84YkhrJ/eHcl6a3aM9fsG5XLx4sev4V/Mxq56nJ326ImTq32StDhnzauC0dQEA3AEiVwBL1Sha
+/7FP8f0vymWp/kbzqXUOHtJqzMuTdq8M8UR/K5t16nC1JGY1COB57vhLyOLNjt4G2QnrAgC4CQ8d
+5iSzk/hGGRGJ+sUyXRAW0L9Xi9YH2fCcD8f76ZdQjYvyYXAY36cZoSMibbOiLfSIh9E6ZOZ/Rc0f
+efHiRcNSWT2KWY19cKBx14+M9XHauy7sXiNn6tJYqhftguXfZwDGoc8VoDcMK/8zGLa+NDsAYSvb
+6Ttc+/btO3fu3NGjR/fuJH+a5X9O0nymUsPIJThDXQAA94HIld30vYnghiZE+z41lW/9eYBBFy9e
+vHnz5tNPP52YmGjNeTyItr4QPPk1mboZvWUA4OIwPg6AfcIEXv/zfLDbb5vFen5+fhs2bLAybNXz
+8fb4cnUY0xcEAGB36HNlK4xwNTh8WrX6U/caCffJKyHeHASurDdw4EAbnq1/sNc/ng5yt7oAAO4G
+fa7Aeo+O9Zs5/p57J7qOt58J6hfkxXQpwBm5W10AADeEtQXAFbS10ePraxy5JDtTZo7nvblIwHQp
+wGZrC9gc6oJNuNtce3e7XmA19LmCK9Avye7l6l/n+0M5axcImC4FODXUBQBwba7+8wZuQ78kO9Ol
+sCNsOgAWQl0AABeGqg+uY6TQZ/lMZ9oHdUHYmffDP5xsm5PtfjWUz0WFBYugLgCAq0LlB5ey+BH+
+mKG+TJfC9l6aHRA9AJsOQA+gLgCAS0LkCi5FvyR7SKBLTb2fPIqLTQegp1AXAMAlYT1XcDU+3h4f
+vxIya+0N604j+Op9Hp1U0kSekIiIGisbHnqvyfhVYftj7Tcv1rxlSLcg7MxEfbVqO1XZZv3lhAm8
+3n4mCGu3Qi+gLgCA60GfK7ig/sFe658Osv48wok8Onl9zIvXx2RpaGjA8Zf4REST+x5/nye8oRzz
+4vUxL17/5gbn9++H/V2fYEHYmYkcSXuSluFDbfA/Q2w6ANZAXQAAF4PIFVzTdJssyX5D+UQmEREd
+u7mjss1/KO/vRH9P8vVXabasV+gPeWu9UkKcKS/xifgfjuJ0SmJl/puXBWPTAbAS6gIAuBJEruCy
+1i4Q3BdiVU+PRKIwPN5zvqWRPO+bzL8vgKihdc/doxTnbpD/AN+FxAnx65jkplWt9czxvN89wGXm
+vQPXgroAAC4DkSu4LE9PylwZ4mmHu4uNDaY2KJrs1XkJzeutjb3N4v5QzhsLBXZ9f8B9oC4AgMtA
+5AquzN/Pdkuy9/fyN5w2oEv3VUPrnmOtdd0n6RH9QuseGNEHtoO6AACuAZEruLhRg3u/JLtQKDA8
+XtjXk1QtJ441/dZAFOC18O5RglH99D1P2jpVlyS98h8stA52gLoAAC4Avwjg+hY/wn+wd4Pk+vG+
+WkBERJP7Lh3qKTl3cw/RW3maRj/fl9cI9If8fQ1PSNqf3msianr+nLZTkl7k+dLsgOFYaB3sA3UB
+ANjOQ6fTMV0GALtrbtHNerOm7larxSkEX73PC6nU1A311a9VKTl5vX2i9J1X29ewVGm2rLx5d5JK
+xzUsxw31PJUle/6Ypbk++AB387Jg3Bp1fh5GN7DN/4pafqRjoC5Ywtk+NVwvgAEiV3AX1+tbe7Ik
+u761Nl5x3e5CAr0OrA3z8UbgygLsjVwJdcECTvip4XoB9DBaANxF/2Cvfy4NZroU5ux5NQRhKzgA
+6gIAsBciV3AjKaO4j47xY7oUpm16NjjUtbaYB2eGugAALIXRAuBedDqava7mtzqt9aeyobkP9vnr
+k4FMlwJ6gNWjBe4UBnWhW077qeF6AdDnCu7Fw8NeS7L32v2hnJVPMN9Ug7tBXQAANkLkCm7H38/z
+81WhTJfibmH2/jUUC60DI1AXAIB1ELmCOxoc7v3d2n7eXgw3kpFhnMP/6Ofni7YaGIO6AADsgnGu
+4L7UzbrP/+/24dOqi7+1ODjriTG+qWN5qeP80MPEUi4wztUY6kInrPjUcL3gnhC5AlCLVqducVxF
+6MP1dKrBhdALLha5GqAu6LHrU8P1gltB5AoA0GOuGrmCnrt9au52vcBqGOcKAAAAAOyAyBUAAAAA
+2AGRKwAAAACwAyJXAAAAAGAHRK4AAAAAwA6IXAEAAACAHRC5AgAAAAA7IHIFAAAAAHZA5AoAAAAA
+7IDIFQAAAADYAZErAAAAALADIlcAAAAAYAdErgAAAADADhymCwBwD+rqguxciZq4wsmpCQO4Jo7Q
+KsqPZWcdypEoiDhcwdDEx+ekJgwR9CgT2emcnHIFccMTpqcI+WSXXLSK8iPZxXVEIXGp02IEJiuf
+QlJwKGt/brlCTcQRCBNS02alxIT0/F3TynL+vXFvsYIEcfNXLk8Jt81nAcxCXbCoLmjVstKcnNz8
+/PMytZaIww1/IDFlckriiHCuBakBwNnpAJyXSpqzcf4A/Vc1YX2u3MQh8qIdz8Z0+V4nZHwhVlmY
+SYs8f3t6+ymGLz94VWeXXOTizJcT9Mm4izIvm0qmKt+fkdwlk+HpO07JLczEcKbLWRlx+uTh6ZmV
+lpYRLGf5r6iNfm9RFyypCypp7o6MaaYbu5S/77/caOnb7W6tpLtdL7AavqPgrFTS/PfmG/UVmmqt
+VdKDf0u4c0Bc6qL0+XPi7h6fI713LrVFO16Iu5uJydba6lzk5/dnTL6bienWujZ/4/Q7RwxJnb94
+flrynR6iEcv3S3oQfaoq9y8fcedUiFztw6GRK+qCZXVBVb5jvsDobZozP31x+vxZd+Ps1PeK5C02
+/nxdg7tdL7AavqPgjFTS/B3PxlEHJlpr+amNqfoXZ2386Wp7eybN3Zimv8X55Fax2S4WeXGmcSPa
+XWttVS4tKvF361M73nI11VqrxLva29yEvx1s7xlqkRdtT9fHKykb8i1scXWNlzOfFd7NDJGrfTgs
+ckVd0Oksrwvyou3zhcPT1u/Nl94tiepuCceu/smCGN76T4113O16gdXwHQXn0yLPX5ei/w0VLtq4
+4119M9a1tZbnv6s/LKXjS/KizfrmNWVjgbzbXORFW+e0t55p63Zs1d8ANdFaW5WLqjIzvf0Ob0rG
+9h0ZE7tprRvFO54kIqLRGR0K0CjeMY+r/7tlLe7dVj98ACJXO3JQ5Iq6YPx3S+pCi0rV9fveIt3/
+gpCIiJO2o9yi6uBukZy7XS+wGtYWAOfDESQ8u3r9rJi0DT/99L/LUyL9TM+raJIWFeQQESWnpAwX
+GL0gECakpBAR5eSckqi7y0UQt2DV1vmjU1ZnFWW++nhMSDeTN6zLhTskLWNDelzy8szi/eufjI/w
+N32YWlZckEtEFDM5Jd54NhVfmDg5lYjobH7BJcU93znF6Z1rXtmrIIp5YccHf0q1/UcDDoa6YGBh
+XeBwuaaKz8VsZABXgdoMTik8ZfXeIjWfyyWSdHdMk1RSSUQkiIkJ73gLUhAujImknGoqr5QqtHHh
+3XzNBWOX78xN5/K5pFWQvXLhxszbmj+Hy+UTdZ+Juk4qlhERxcQIO86z5kYMiYkjKqYCsUSuThaY
+mxytKM58989ZCqKxGRtXzoj4eq9dPhpwMNSFO8l7UBc6nfNSTtYhCRHRpHgRFhgAYDn0uYKz4nPN
+tzDqJpn0GhFRTLggqFNLKYiIGEBEJJFJ5WpzJ+Hy79GM2SAXDpfLJ/PUtRIZEZEwIjyoU4G4oRER
+REQkk8nMXYpWUfDRmj9/SUQJqzesSB3AVZu9cGAT1AV9CS2sC4ZTySTlZwuyP1rx+OQFOy8RkXD5
+s/PjBJa+6wDgnNDnCqylVqkVRER+fn5dvshcrh8RETUp1FoW5KJSq1X6E5qoke1Ri1yuIm23VVaR
++8GaldlElLJh/YrJ4cRRWHfZwCqoC8a0ipzXU6a8Xdzhj4LU1bs2rpklRI8rANuhzxVYS6tvRk3h
+3GnirGyqHZSLmtQqWXcvcv2491x9XZaz8fU1OUQ0feP6Z1ME+A+pu0FduCdFdkFufrFFfbUA4NTQ
+xAFrcbiC7l7SUvu9co7V33FH5MIlrl84kekGW61S1xGZmWKilmVvXvOPE0SUtnVdekKvm3ZgL9SF
+juUUpq7JHCpX6RNdK87e9UF2NeVsWZp4QZH/nwzUEQBWQ+QKrMX1CwonkpG8scutQ61cLiciIn4P
+pnEwmIsfXxBEJCO5oknV+TWtQqE/xt/PVH1VSw5tXPPPAiKKe/HxeI60vFSqTyWRyomIZFJpZXm5
+mkuCiJgBApu9+eBUUBc6FlSYnCY02oJr+csZWa8//viWYjq0ceeRtLh5GDMAwGIYLQBsxRWE65cs
+Lb8mk3e8R6luUsj005MHRARZ10Y5JhdB+9QTmVSm6HQ7U1ErlxIRccMHmJoUrSjP+miTfkBf8fsL
+EuNEogdEogdEorjEBe/r/5y9IjVe9IBowf8WKay/XwxOCXXhHvjC1KfSU4mIZEXnJdaO9wUARiFy
+BdbiC0UPhBOR+nyRRNHhFbWkqEg/CXqo0NpBnw7JhRseEzeCiKjovETaoblWSEsLyomI4kQDuwkJ
+0AwzwcPDw/BY13Eh906M1xdtbGy0S2lQF+5d+CCBgIhIrb73qhvGHxOX6/r9s8ZfYOMvNoBzQuQK
+rMWNiJuUSER0Nie72GhcnFZWdCS7mIgoJTEu4k6zo5ZdKi+/pnDSXEJiEicJiUh2JLvgmlHDqijP
+OZJDRDQ6MWGI4E4mCsmFcom+Q4obkfhC5o5dO7r827p6jv74uPR3d+zYlbkmVYjF2G3I19fX8Nh8
+LBTRvpQTEZFUKrVLaVAX2kvS3UnV0uL8AgURkXBgxD1ja5ns7tUZf3yuyvgLbPzFBnBSTG/iBXAP
+l7/Q71duYq923dWDGSOIiGjs8sxiuU6n07XIi/ZmtO/yfncXdZV4+/xwIqK4jO8um9j8sUX+09/i
+iEzv1W6zXORFG6cRmd6rXSfPWZ9ARETCxVvzpSqdTqdrvHzwzs6fd/dqV13e/2IMEdGQ9Exz+1jK
+8zekEGH3V3sJDQ01/IpKpeZ25k1ISDAc+fPPP1uTKeqC+bogz12fNidj6xf5YqnRSVVy8Xcb50fq
+U6duLZbr7uXnn382fGSJiYnWfGSsYPwfqtDQUKaLA3APiFzB2ZlrrXUq8X/Shab/U5a60XC8YSd0
+IuGLB6UtXU5jvrW2VS5mW2ud6vL+l+NMZzJx9cGr7QlUkv13Nn+n+f+53H1MisjVvkQikeHzOXfu
+nJkj09LSDEfu27fPmkxRF8zXBXnu+gTjg8empAzokDpt852o16x9+/YZkjz++OPWfGSscO7cOcP1
+ikQiposDcA8YLQCsxo2Ztz7zf9NjOv05PG39d1uXJwvan3K4QSHtrW14aC8mkDgkF64w7fWdmS8n
+dP77tIz9H61IHdB+Pi5XEN6+mXtMhMDP9YfgOav77rvP8PjKlStmjjS+3XzmzBm7lQh1gbgCYfxY
+o+NP5+RcMzxJyfhP0c4XEywZhnv69GnDY3cYLWD8BTb+YgM4Jw+d2bkFAIxTXMjJPiVRUZBocmrC
+ANONoLq6OKegSFItUfCFwkhRwqQEoaDjAZeyP9ieLfFPTH9hfpyJ1RzVkhPZBZVy4gsTpqcIu9mg
+0tpc1LKCQzliBfmFx6VOi+mmBVXLzubnny+XVCpooFA4JC4lIabjOkNq2bHMrV8WU1zanxeldD/F
+Wi07mZ1TLieuMG56SoyAwLaee+657du36x9v2rTplVde6e7Izz///I9//KP+sUgkKisr63WmqAv3
+rgtataQ0v/i8RK6QFZ+XcIVxMQOCIoRx8WNjLF+PIDY2ViwWGz6+uXPn9vojY4XNmzdnZGToHy9b
+tmzbtm1MlwjAHESuAAA99q9//evll1/WP37mmWc+/vjj7o5samry9/c3PC0tLY2NjWW6+NCtsrKy
+ESNGGJ42Njby+XwrzscCixcv/uSTT/SPt2zZ8pe//IXpEgGYg9ECAAA9NnLkSMNj45vLXfH5/OnT
+pxueZmdnM112MOfgwYOGx9OnT3f5sJU6foGNv9gAzgmRKwBAj40fP97wuLS01Hgdpa5SU1MNj997
+7722tjamiw+mtbW1vf/++4anM2bMYLpEdieTyUpLSw1Pjb/YAM4JkSsAQI/x+fwJEyYYnh49etTM
+wWlpaZ6e7T+2165de+edd5guPpj2zjvvXLvWPqvL09Nzzpw5TJfI7oy/uhMmTHCHPmZgO0SuAAC9
+MXXqVMNj41vMXfXv3/+1114zPH3nnXfkcjnTxYfO5HK58X8qXnvttf79+zNdKLsz/uoaf6UBnBZm
+aAEA9EZeXl5ycrL+sY+Pj0Kh8PPz6+7gxsbGQYMGGQLW9PT0HTt2MH0F0MHSpUt37typfxwUFHTl
+yhXjqXUuSaVSCQSC5uZm/dMTJ04kJSUxXSiAe0CfKwBAbyQlJUVFRekfNzc3792718zB/v7+xt2u
+O3fufPvtt5m+Arjr7bffNoStRPTaa6+5fNhKRHv37jWErVFRUQhbgRUQuQIA9JJhoVYi2rVrl/mD
+V65cGR8fb3i6atWqL774gukrACKiL774YtWqVYan8fHxK1euZLpQjmD8pTX+MgM4M0SuAAC9tGjR
+IsPj/Pz8I0eOmD9+9+7dgYGBhqdPPfUUglfGffHFF0899ZThaWBg4O7du5kulCMcOXIkPz/f8NT4
+ywzgzBC5AgD0UnR0dFpamuHpli1bzB8vEomMoyKNRvOHP/wBwwYY9Pbbb//hD3/QaDSGv+zevVsk
+EjFdLkcw/rqmpaVFR0czXSIAiyByBQDoveXLlxseHzp06MCBA+aPnzVrVqcAd9WqVUuXLsVqAw4m
+l8uXLl1qPEiAiLZs2TJr1iymi+YIBw4cOHTokOGp8dcYwMlhbQEAAKvMnDnTsLTQmDFjzG+ppWe8
+eayefgrXa6+9Zlj5Feykra3tnXfeeeeddxobG43/7lYbn44dO/bMmTP6xzNmzPj++++ZLhGApbze
+eOMNpssAAMBigwYNMsx0kUqlPj4+kyZNMp9k4sSJY8aMyc7ONtynbm5uzsnJ2bVrl1arFQgEYWFh
+TF+WCyorK/v000/nzZv3zTffGObUE1FgYOCXX3759NNPM11AB9mwYcOePXsMTz/++OP777+f6UIB
+WAp9rgAA1nruuee2b99uePrLL79YsoumWCxetGhRUVFR15dEIlFqaurYsWMjIiIiIiLCw8PdYZEm
+22psbJRKpTKZTCqVnjlz5uDBg2KxuOth8fHx7jO2lYgKCwuNt39btmzZtm3bmC4UQA8gcgUAsNbN
+mzdjYmJqa2v1T8eMGXPq1CkPDw9L0r777rvYVYsRQUFBr732mpssgKWn0+nGjRtnGCcQGhpaXl7e
+t29fpssF0AMYUAUAYK2+fftu3rzZ8PTMmTNLliyxMO3KlSuvXLmyatUqjHB1GE9Pz1WrVl25csWt
+wlYiWrJkiSFsJaLNmzcjbAXWQZ8rAIBtdBoz8Prrr7/55puWJ79+/XpWVlZ2drbxpG+wrenTp6em
+pqalpfXv35/psjja2rVr161bZ3iKcQLAUohcAQBsZuLEib/88ovh6aZNm1555ZWenqSpqengwYMn
+TpyQGlGr1UxfHMtwudwII8nJyTNmzODz+UyXixmbN2/OyMgwPJ0wYcLJkyeZLhRAbyByBQCwmYqK
+ikmTJhkGvFJvg1cAG+oUtoaGhubm5mLrAWApDKsCALCZ6Ojoffv2Gc/NysjIWLt2LdPlAve1du1a
+47DVw8Nj3759CFuBvdDnCgBgY99+++3vf/97478888wzu3btsnC1AQCb0Ol0S5Ys+eSTT4z/+M03
+38yePZvpogH0HvpcAQBsbPbs2d98841xnPrJJ5+MGzeusLCQ6aKBuygsLBw3bpxx2Orh4YGwFVwA
+IlcAANubPXv20aNHQ0NDDX85c+bMhAkTNmzYwHTRwPVt2LBhwoQJxgtghYaGHj16FGEruABErgAA
+dpGSkpKbm2u8XxERrV69euzYsQcOHGC6dOCaDhw4MHbs2NWrVxv/ccKECbm5uSkpKUyXDsAGMM4V
+AMC+Oq3zqjd9+vSXX3552rRpTJcOXMSRI0e2bNnSdTFgrNsKLgaRKwCA3e3Zs+eVV14xXi1LLzEx
+ccmSJfPnz/fz82O6jMBKKpVq7969u3btys/P7/RSaGjo5s2bFy5cyHQZAWwJkSsAgCPcvHlz1apV
+XTtficjHxyctLW3GjBlTp04NDw9nuqTAAjKZ7OjRowcPHszKympubu56wLJlyzZs2IDNXcH1IHIF
+AHCcvLy8t99+++DBg90dMGLEiLFjxz7wwANDhw4dNGhQWFhYYGAgl8vFilruSafTqdXqW7du1dTU
+XLlypbKy8vz586dPny4tLe0uyYwZM/72t78lJSUxXXYAu0DkCgDgaDk5OR988EFWVhbTBQGXkpaW
+tnz5cszEAteGyBUAgBkVFRW7d+/et29fVVUV02UBFouKivrjH/+4aNEi7IwF7gCRKwAAw/Ly8g4d
+OnT06NFffvmF6bIAa0yYMGHq1KnTp0/HwABwK4hcAQCcRVNTU2FhYUlJSXl5uUQi+e2332praxsb
+GzUaDX6r3ZOHh4evr6+/v39oaOh9990nFApjYmJGjhw5fvx4Pp/PdOkAGIDIFQAAAADYAXtoAQAA
+AAA7IHIFAAAAAHZA5AoAAAAA7IDIFQAAAADYAZErAAAAALADIlcAAAAAYAdErgAAAADADohcAQAA
+AIAdELkCAAAAADsgcgUAAAAAdkDkCgAAAADsgMgVAAAAANgBkSsAAAAAsAMiVwAAAABgB0SuAAAA
+AMAOiFwBAAAAgB0QuQIAAAAAOyByBQAAAAB2QOQKAAAAAOzw/4tu/bmaDcLXAAAAJXRFWHRkYXRl
+OmNyZWF0ZQAyMDIwLTEyLTI1VDE1OjEyOjQ1KzAzOjAwMrbFvwAAACV0RVh0ZGF0ZTptb2RpZnkA
+MjAyMC0xMi0yNVQxNToxMjo0NSswMzowMEPrfQMAAAAASUVORK5CYII=" />
 </svg>
diff --git a/content/en/docs/tutorials/stateful-application/basic-stateful-set.md b/content/en/docs/tutorials/stateful-application/basic-stateful-set.md
index 64073549ef..f43af0e15e 100644
--- a/content/en/docs/tutorials/stateful-application/basic-stateful-set.md
+++ b/content/en/docs/tutorials/stateful-application/basic-stateful-set.md
@@ -552,7 +552,7 @@ In another terminal, watch the Pods in the StatefulSet:
 ```shell
 kubectl get pod -l app=nginx -w
 ```
-The output is simular to:
+The output is similar to:
 ```
 NAME      READY     STATUS    RESTARTS   AGE
 web-0     1/1       Running   0          7m
diff --git a/content/en/docs/tutorials/stateful-application/zookeeper.md b/content/en/docs/tutorials/stateful-application/zookeeper.md
index c044532e5f..6d517ef229 100644
--- a/content/en/docs/tutorials/stateful-application/zookeeper.md
+++ b/content/en/docs/tutorials/stateful-application/zookeeper.md
@@ -21,39 +21,37 @@ and [PodAntiAffinity](/docs/concepts/scheduling-eviction/assign-pod-node/#affini
 ## {{% heading "prerequisites" %}}
 
 Before starting this tutorial, you should be familiar with the following
-Kubernetes concepts.
+Kubernetes concepts:
 
--   [Pods](/docs/concepts/workloads/pods/)
--   [Cluster DNS](/docs/concepts/services-networking/dns-pod-service/)
--   [Headless Services](/docs/concepts/services-networking/service/#headless-services)
--   [PersistentVolumes](/docs/concepts/storage/persistent-volumes/)
--   [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/persistent-volume-provisioning/)
--   [StatefulSets](/docs/concepts/workloads/controllers/statefulset/)
--   [PodDisruptionBudgets](/docs/concepts/workloads/pods/disruptions/#pod-disruption-budget)
--   [PodAntiAffinity](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
--   [kubectl CLI](/docs/reference/kubectl/kubectl/)
+- [Pods](/docs/concepts/workloads/pods/)
+- [Cluster DNS](/docs/concepts/services-networking/dns-pod-service/)
+- [Headless Services](/docs/concepts/services-networking/service/#headless-services)
+- [PersistentVolumes](/docs/concepts/storage/volumes/)
+- [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/persistent-volume-provisioning/)
+- [StatefulSets](/docs/concepts/workloads/controllers/statefulset/)
+- [PodDisruptionBudgets](/docs/concepts/workloads/pods/disruptions/#pod-disruption-budget)
+- [PodAntiAffinity](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
+- [kubectl CLI](/docs/reference/kubectl/kubectl/)
 
-You will require a cluster with at least four nodes, and each node requires at least 2 CPUs and 4 GiB of memory. In this tutorial you will cordon and drain the cluster's nodes. **This means that the cluster will terminate and evict all Pods on its nodes, and the nodes will temporarily become unschedulable.** You should use a dedicated cluster for this tutorial, or you should ensure that the disruption you cause will not interfere with other tenants.
+You must have a cluster with at least four nodes, and each node requires at least 2 CPUs and 4 GiB of memory. In this tutorial you will cordon and drain the cluster's nodes. **This means that the cluster will terminate and evict all Pods on its nodes, and the nodes will temporarily become unschedulable.** You should use a dedicated cluster for this tutorial, or you should ensure that the disruption you cause will not interfere with other tenants.
 
 This tutorial assumes that you have configured your cluster to dynamically provision
 PersistentVolumes. If your cluster is not configured to do so, you
 will have to manually provision three 20 GiB volumes before starting this
 tutorial.
 
-
 ## {{% heading "objectives" %}}
 
 After this tutorial, you will know the following.
 
--   How to deploy a ZooKeeper ensemble using StatefulSet.
--   How to consistently configure the ensemble.
--   How to spread the deployment of ZooKeeper servers in the ensemble.
--   How to use PodDisruptionBudgets to ensure service availability during planned maintenance.
-
+- How to deploy a ZooKeeper ensemble using StatefulSet.
+- How to consistently configure the ensemble.
+- How to spread the deployment of ZooKeeper servers in the ensemble.
+- How to use PodDisruptionBudgets to ensure service availability during planned maintenance.
 
 <!-- lessoncontent -->
 
-### ZooKeeper Basics
+### ZooKeeper
 
 [Apache ZooKeeper](https://zookeeper.apache.org/doc/current/) is a
 distributed, open-source coordination service for distributed applications.
@@ -68,7 +66,7 @@ The ensemble uses the Zab protocol to elect a leader, and the ensemble cannot wr
 
 ZooKeeper servers keep their entire state machine in memory, and write every mutation to a durable WAL (Write Ahead Log) on storage media. When a server crashes, it can recover its previous state by replaying the WAL. To prevent the WAL from growing without bound, ZooKeeper servers will periodically snapshot them in memory state to storage media. These snapshots can be loaded directly into memory, and all WAL entries that preceded the snapshot may be discarded.
 
-## Creating a ZooKeeper Ensemble
+## Creating a ZooKeeper ensemble
 
 The manifest below contains a
 [Headless Service](/docs/concepts/services-networking/service/#headless-services),
@@ -127,7 +125,7 @@ zk-2      1/1       Running   0         40s
 The StatefulSet controller creates three Pods, and each Pod has a container with
 a [ZooKeeper](https://www-us.apache.org/dist/zookeeper/stable/) server.
 
-### Facilitating Leader Election
+### Facilitating leader election
 
 Because there is no terminating algorithm for electing a leader in an anonymous network, Zab requires explicit membership configuration to perform leader election. Each server in the ensemble needs to have a unique identifier, all servers need to know the global set of identifiers, and each identifier needs to be associated with a network address.
 
@@ -211,7 +209,7 @@ server.2=zk-1.zk-hs.default.svc.cluster.local:2888:3888
 server.3=zk-2.zk-hs.default.svc.cluster.local:2888:3888
 ```
 
-### Achieving Consensus
+### Achieving consensus
 
 Consensus protocols require that the identifiers of each participant be unique. No two participants in the Zab protocol should claim the same unique identifier. This is necessary to allow the processes in the system to agree on which processes have committed which data. If two Pods are launched with the same ordinal, two ZooKeeper servers would both identify themselves as the same server.
 
@@ -260,7 +258,7 @@ server.3=zk-2.zk-hs.default.svc.cluster.local:2888:3888
 
 When the servers use the Zab protocol to attempt to commit a value, they will either achieve consensus and commit the value (if leader election has succeeded and at least two of the Pods are Running and Ready), or they will fail to do so (if either of the conditions are not met). No state will arise where one server acknowledges a write on behalf of another.
 
-### Sanity Testing the Ensemble
+### Sanity testing the ensemble
 
 The most basic sanity test is to write data to one ZooKeeper server and
 to read the data from another.
@@ -270,6 +268,7 @@ The command below executes the `zkCli.sh` script to write `world` to the path `/
 ```shell
 kubectl exec zk-0 zkCli.sh create /hello world
 ```
+
 ```
 WATCHER::
 
@@ -304,7 +303,7 @@ dataLength = 5
 numChildren = 0
 ```
 
-### Providing Durable Storage
+### Providing durable storage
 
 As mentioned in the [ZooKeeper Basics](#zookeeper-basics) section,
 ZooKeeper commits all entries to a durable WAL, and periodically writes snapshots
@@ -445,8 +444,8 @@ The `volumeMounts` section of the `StatefulSet`'s container `template` mounts th
 
 ```shell
 volumeMounts:
-        - name: datadir
-          mountPath: /var/lib/zookeeper
+- name: datadir
+  mountPath: /var/lib/zookeeper
 ```
 
 When a Pod in the `zk` `StatefulSet` is (re)scheduled, it will always have the
@@ -454,7 +453,7 @@ same `PersistentVolume` mounted to the ZooKeeper server's data directory.
 Even when the Pods are rescheduled, all the writes made to the ZooKeeper
 servers' WALs, and all their snapshots, remain durable.
 
-## Ensuring Consistent Configuration
+## Ensuring consistent configuration
 
 As noted in the [Facilitating Leader Election](#facilitating-leader-election) and
 [Achieving Consensus](#achieving-consensus) sections, the servers in a
@@ -469,6 +468,7 @@ Get the `zk` StatefulSet.
 ```shell
 kubectl get sts zk -o yaml
 ```
+
 ```
 …
 command:
@@ -497,7 +497,7 @@ command:
 
 The command used to start the ZooKeeper servers passed the configuration as command line parameter. You can also use environment variables to pass configuration to the ensemble.
 
-### Configuring Logging
+### Configuring logging
 
 One of the files generated by the `zkGenConfig.sh` script controls ZooKeeper's logging.
 ZooKeeper uses [Log4j](https://logging.apache.org/log4j/2.x/), and, by default,
@@ -558,13 +558,11 @@ You can view application logs written to standard out or standard error using `k
 2016-12-06 19:34:46,230 [myid:1] - INFO  [Thread-1142:NIOServerCnxn@1008] - Closed socket connection for client /127.0.0.1:52768 (no session established for client)
 ```
 
-Kubernetes supports more powerful, but more complex, logging integrations
-with [Stackdriver](/docs/tasks/debug-application-cluster/logging-stackdriver/)
-and [Elasticsearch and Kibana](/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/).
-For cluster level log shipping and aggregation, consider deploying a [sidecar](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns)
-container to rotate and ship your logs.
+Kubernetes integrates with many logging solutions. You can choose a logging solution
+that best fits your cluster and applications. For cluster-level logging and aggregation,
+consider deploying a [sidecar container](/docs/concepts/cluster-administration/logging#sidecar-container-with-logging-agent) to rotate and ship your logs.
 
-### Configuring a Non-Privileged User
+### Configuring a non-privileged user
 
 The best practices to allow an application to run as a privileged
 user inside of a container are a matter of debate. If your organization requires
@@ -612,7 +610,7 @@ Because the `fsGroup` field of the `securityContext` object is set to 1000, the
 drwxr-sr-x 3 zookeeper zookeeper 4096 Dec  5 20:45 /var/lib/zookeeper/data
 ```
 
-## Managing the ZooKeeper Process
+## Managing the ZooKeeper process
 
 The [ZooKeeper documentation](https://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_supervision)
 mentions that "You will want to have a supervisory process that
@@ -622,7 +620,7 @@ common pattern. When deploying an application in Kubernetes, rather than using
 an external utility as a supervisory process, you should use Kubernetes as the
 watchdog for your application.
 
-### Updating the Ensemble
+### Updating the ensemble
 
 The `zk` `StatefulSet` is configured to use the `RollingUpdate` update strategy.
 
@@ -631,6 +629,7 @@ You can use `kubectl patch` to update the number of `cpus` allocated to the serv
 ```shell
 kubectl patch sts zk --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/resources/requests/cpu", "value":"0.3"}]'
 ```
+
 ```
 statefulset.apps/zk patched
 ```
@@ -640,6 +639,7 @@ Use `kubectl rollout status` to watch the status of the update.
 ```shell
 kubectl rollout status sts/zk
 ```
+
 ```
 waiting for statefulset rolling update to complete 0 pods at revision zk-5db4499664...
 Waiting for 1 pods to be ready...
@@ -678,7 +678,7 @@ kubectl rollout undo sts/zk
 statefulset.apps/zk rolled back
 ```
 
-### Handling Process Failure
+### Handling process failure
 
 [Restart Policies](/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) control how
 Kubernetes handles process failures for the entry point of the container in a Pod.
@@ -731,7 +731,7 @@ that implements the application's business logic, the script must terminate with
 child process. This ensures that Kubernetes will restart the application's
 container when the process implementing the application's business logic fails.
 
-### Testing for Liveness
+### Testing for liveness
 
 Configuring your application to restart failed processes is not enough to
 keep a distributed system healthy. There are scenarios where
@@ -795,7 +795,7 @@ zk-0      0/1       Running   1         1h
 zk-0      1/1       Running   1         1h
 ```
 
-### Testing for Readiness
+### Testing for readiness
 
 Readiness is not the same as liveness. If a process is alive, it is scheduled
 and healthy. If a process is ready, it is able to process input. Liveness is
@@ -824,7 +824,7 @@ Even though the liveness and readiness probes are identical, it is important
 to specify both. This ensures that only healthy servers in the ZooKeeper
 ensemble receive network traffic.
 
-## Tolerating Node Failure
+## Tolerating Node failure
 
 ZooKeeper needs a quorum of servers to successfully commit mutations
 to data. For a three server ensemble, two servers must be healthy for
@@ -879,10 +879,10 @@ as `zk` in the domain defined by the `topologyKey`. The `topologyKey`
 different rules, labels, and selectors, you can extend this technique to spread
 your ensemble across physical, network, and power failure domains.
 
-## Surviving Maintenance
+## Surviving maintenance
 
-**In this section you will cordon and drain nodes. If you are using this tutorial
-on a shared cluster, be sure that this will not adversely affect other tenants.**
+In this section you will cordon and drain nodes. If you are using this tutorial
+on a shared cluster, be sure that this will not adversely affect other tenants.
 
 The previous section showed you how to spread your Pods across nodes to survive
 unplanned node failures, but you also need to plan for temporary node failures
@@ -1017,6 +1017,7 @@ Continue to watch the Pods of the stateful set, and drain the node on which
 ```shell
 kubectl drain $(kubectl get pod zk-2 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-local-data
 ```
+
 ```
 node "kubernetes-node-i4c4" cordoned
 
@@ -1059,6 +1060,7 @@ Use [`kubectl uncordon`](/docs/reference/generated/kubectl/kubectl-commands/#unc
 ```shell
 kubectl uncordon kubernetes-node-pb41
 ```
+
 ```
 node "kubernetes-node-pb41" uncordoned
 ```
@@ -1068,6 +1070,7 @@ node "kubernetes-node-pb41" uncordoned
 ```shell
 kubectl get pods -w -l app=zk
 ```
+
 ```
 NAME      READY     STATUS    RESTARTS   AGE
 zk-0      1/1       Running   2          1h
@@ -1130,9 +1133,7 @@ You should always allocate additional capacity for critical services so that the
 
 ## {{% heading "cleanup" %}}
 
-
 - Use `kubectl uncordon` to uncordon all the nodes in your cluster.
-- You will need to delete the persistent storage media for the PersistentVolumes
-  used in this tutorial. Follow the necessary steps, based on your environment,
-  storage configuration, and provisioning method, to ensure that all storage is
-  reclaimed.
+- You must delete the persistent storage media for the PersistentVolumes used in this tutorial.
+  Follow the necessary steps, based on your environment, storage configuration,
+  and provisioning method, to ensure that all storage is reclaimed.
diff --git a/content/en/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk.md b/content/en/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk.md
deleted file mode 100644
index d3a38c4df5..0000000000
--- a/content/en/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk.md
+++ /dev/null
@@ -1,460 +0,0 @@
----
-title: "Example: Add logging and metrics to the PHP / Redis Guestbook example"
-reviewers:
-- sftim
-content_type: tutorial
-weight: 21
-card:
-  name: tutorials
-  weight: 31
-  title: "Example: Add logging and metrics to the PHP / Redis Guestbook example"
----
-
-<!-- overview -->
-This tutorial builds upon the [PHP Guestbook with Redis](/docs/tutorials/stateless-application/guestbook) tutorial. Lightweight log, metric, and network data open source shippers, or *Beats*, from Elastic are deployed in the same Kubernetes cluster as the guestbook. The Beats collect, parse, and index the data into Elasticsearch so that you can view and analyze the resulting operational information in Kibana. This example consists of the following components:
-
-* A running instance of the [PHP Guestbook with Redis tutorial](/docs/tutorials/stateless-application/guestbook)
-* Elasticsearch and Kibana
-* Filebeat
-* Metricbeat
-* Packetbeat
-
-## {{% heading "objectives" %}}
-
-* Start up the PHP Guestbook with Redis.
-* Install kube-state-metrics.
-* Create a Kubernetes Secret.
-* Deploy the Beats.
-* View dashboards of your logs and metrics.
-
-## {{% heading "prerequisites" %}}
-
-
-{{< include "task-tutorial-prereqs.md" >}}
-{{< version-check >}}
-
-Additionally you need:
-
-* A running deployment of the [PHP Guestbook with Redis](/docs/tutorials/stateless-application/guestbook) tutorial.
-
-* A running Elasticsearch and Kibana deployment. You can use [Elasticsearch Service in Elastic Cloud](https://cloud.elastic.co),
-  run the [downloaded files](https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-elastic-stack.html)
-  on your workstation or servers, or the [Elastic Helm Charts](https://github.com/elastic/helm-charts).
-
-<!-- lessoncontent -->
-
-## Start up the  PHP Guestbook with Redis
-
-This tutorial builds on the [PHP Guestbook with Redis](/docs/tutorials/stateless-application/guestbook) tutorial.  If you have the guestbook application running, then you can monitor that.  If you do not have it running then follow the instructions to deploy the guestbook and do not perform the **Cleanup** steps.  Come back to this page when you have the guestbook running.
-
-## Add a Cluster role binding
-
-Create a [cluster level role binding](/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) so that you can deploy kube-state-metrics and the Beats at the cluster level (in kube-system).
-
-```shell
-kubectl create clusterrolebinding cluster-admin-binding \
- --clusterrole=cluster-admin --user=<your email associated with the k8s provider account>
-```
-
-## Install kube-state-metrics
-
-Kubernetes [*kube-state-metrics*](https://github.com/kubernetes/kube-state-metrics) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.  Metricbeat reports these metrics.  Add kube-state-metrics to the Kubernetes cluster that the guestbook is running in.
-
-```shell
-git clone https://github.com/kubernetes/kube-state-metrics.git kube-state-metrics
-kubectl apply -f kube-state-metrics/examples/standard
-```
-
-### Check to see if kube-state-metrics is running
-
-```shell
-kubectl get pods --namespace=kube-system -l app.kubernetes.io/name=kube-state-metrics
-```
-
-Output:
-
-```
-NAME                                 READY   STATUS    RESTARTS   AGE
-kube-state-metrics-89d656bf8-vdthm   1/1     Running     0          21s
-```
-
-## Clone the Elastic examples GitHub repo
-
-```shell
-git clone https://github.com/elastic/examples.git
-```
-
-The rest of the commands will reference files in the `examples/beats-k8s-send-anywhere` directory, so change dir there:
-
-```shell
-cd examples/beats-k8s-send-anywhere
-```
-
-## Create a Kubernetes Secret
-
-A Kubernetes {{< glossary_tooltip text="Secret" term_id="secret" >}} is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image; putting it in a Secret object allows for more control over how it is used, and reduces the risk of accidental exposure.
-
-{{< note >}}
-There are two sets of steps here, one for *self managed* Elasticsearch and Kibana (running on your servers or using the Elastic Helm Charts), and a second separate set for the *managed service* Elasticsearch Service in Elastic Cloud.  Only create the secret for the type of Elasticsearch and Kibana system that you will use for this tutorial.
-{{< /note >}}
-
-{{< tabs name="tab_with_md" >}}
-{{% tab name="Self Managed" %}}
-
-### Self managed
-
-Switch to the **Managed service** tab if you are connecting to Elasticsearch Service in Elastic Cloud.
-
-### Set the credentials
-
-There are four files to edit to create a k8s secret when you are connecting to self managed Elasticsearch and Kibana (self managed is effectively anything other than the managed Elasticsearch Service in Elastic Cloud).  The files are:
-
-1. `ELASTICSEARCH_HOSTS`
-1. `ELASTICSEARCH_PASSWORD`
-1. `ELASTICSEARCH_USERNAME`
-1. `KIBANA_HOST`
-
-Set these with the information for your Elasticsearch cluster and your Kibana host.  Here are some examples (also see [*this configuration*](https://stackoverflow.com/questions/59892896/how-to-connect-from-minikube-to-elasticsearch-installed-on-host-local-developme/59892897#59892897))
-
-#### `ELASTICSEARCH_HOSTS`
-
-1. A nodeGroup from the Elastic Elasticsearch Helm Chart:
-
-   ```
-   ["http://elasticsearch-master.default.svc.cluster.local:9200"]
-   ```
-
-1. A single Elasticsearch node running on a Mac where your Beats are running in Docker for Mac:
-
-   ```
-   ["http://host.docker.internal:9200"]
-   ```
-
-1. Two Elasticsearch nodes running in VMs or on physical hardware:
-
-   ```
-   ["http://host1.example.com:9200", "http://host2.example.com:9200"]
-   ```
-
-Edit `ELASTICSEARCH_HOSTS`:
-
-```shell
-vi ELASTICSEARCH_HOSTS
-```
-
-#### `ELASTICSEARCH_PASSWORD`
-
-Just the password; no whitespace, quotes, `<` or `>`:
-
-```
-<yoursecretpassword>
-```
-
-Edit `ELASTICSEARCH_PASSWORD`:
-
-```shell
-vi ELASTICSEARCH_PASSWORD
-```
-
-#### `ELASTICSEARCH_USERNAME`
-
-Just the username; no whitespace, quotes, `<` or `>`:
-
-```
-<your ingest username for Elasticsearch>
-```
-
-Edit `ELASTICSEARCH_USERNAME`:
-
-```shell
-vi ELASTICSEARCH_USERNAME
-```
-
-#### `KIBANA_HOST`
-
-1. The Kibana instance from the Elastic Kibana Helm Chart.  The subdomain `default` refers to the default namespace.  If you have deployed the Helm Chart using a different namespace, then your subdomain will be different:
-
-   ```
-   "kibana-kibana.default.svc.cluster.local:5601"
-   ```
-
-1. A Kibana instance running on a Mac where your Beats are running in Docker for Mac:
-
-   ```
-   "host.docker.internal:5601"
-   ```
-1. Two Elasticsearch nodes running in VMs or on physical hardware:
-
-   ```
-   "host1.example.com:5601"
-   ```
-
-Edit `KIBANA_HOST`:
-
-```shell
-vi KIBANA_HOST
-```
-
-### Create a Kubernetes Secret
-
-This command creates a Secret in the Kubernetes system level namespace (`kube-system`) based on the files you just edited:
-
-```shell
-kubectl create secret generic dynamic-logging \
-  --from-file=./ELASTICSEARCH_HOSTS \
-  --from-file=./ELASTICSEARCH_PASSWORD \
-  --from-file=./ELASTICSEARCH_USERNAME \
-  --from-file=./KIBANA_HOST \
-  --namespace=kube-system
-```
-
-{{% /tab %}}
-{{% tab name="Managed service" %}}
-
-## Managed service
-
-This tab is for Elasticsearch Service in Elastic Cloud only, if you have already created a secret for a self managed Elasticsearch and Kibana deployment, then continue with [Deploy the Beats](#deploy-the-beats).
-
-### Set the credentials
-
-There are two files to edit to create a Kubernetes Secret when you are connecting to the managed Elasticsearch Service in Elastic Cloud.  The files are:
-
-1. `ELASTIC_CLOUD_AUTH`
-1. `ELASTIC_CLOUD_ID`
-
-Set these with the information provided to you from the Elasticsearch Service console when you created the deployment.  Here are some examples:
-
-#### `ELASTIC_CLOUD_ID`
-
-```
-devk8s:ABC123def456ghi789jkl123mno456pqr789stu123vwx456yza789bcd012efg345hijj678klm901nop345zEwOTJjMTc5YWQ0YzQ5OThlN2U5MjAwYTg4NTIzZQ==
-```
-
-#### `ELASTIC_CLOUD_AUTH`
-
-Just the username, a colon (`:`), and the password, no whitespace or quotes:
-
-```
-elastic:VFxJJf9Tjwer90wnfTghsn8w
-```
-
-### Edit the required files:
-
-```shell
-vi ELASTIC_CLOUD_ID
-vi ELASTIC_CLOUD_AUTH
-```
-
-### Create a Kubernetes Secret
-
-This command creates a Secret in the Kubernetes system level namespace (`kube-system`) based on the files you just edited:
-
-```shell
-kubectl create secret generic dynamic-logging \
-  --from-file=./ELASTIC_CLOUD_ID \
-  --from-file=./ELASTIC_CLOUD_AUTH \
-  --namespace=kube-system
-```
-
-{{% /tab %}}
-
-{{< /tabs >}}
-
-## Deploy the Beats
-
-Manifest files are provided for each Beat.  These manifest files use the secret created earlier to configure the Beats to connect to your Elasticsearch and Kibana servers.
-
-### About Filebeat
-
-Filebeat will collect logs from the Kubernetes nodes and the containers running in each pod running on those nodes.  Filebeat is deployed as a {{< glossary_tooltip text="DaemonSet" term_id="daemonset" >}}.  Filebeat can autodiscover applications running in your Kubernetes cluster. At startup Filebeat scans existing containers and launches the proper configurations for them, then it will watch for new start/stop events.
-
-Here is the autodiscover configuration that enables Filebeat to locate and parse Redis logs from the Redis containers deployed with the guestbook application.  This configuration is in the file `filebeat-kubernetes.yaml`:
-
-```yaml
-- condition.contains:
-    kubernetes.labels.app: redis
-  config:
-    - module: redis
-      log:
-        input:
-          type: docker
-          containers.ids:
-            - ${data.kubernetes.container.id}
-      slowlog:
-        enabled: true
-        var.hosts: ["${data.host}:${data.port}"]
-```
-
-This configures Filebeat to apply the Filebeat module `redis` when a container is detected with a label `app` containing the string `redis`.  The redis module has the ability to collect the `log` stream from the container by using the docker input type (reading the file on the Kubernetes node associated with the STDOUT stream from this Redis container).  Additionally, the module has the ability to collect Redis `slowlog` entries by connecting to the proper pod host and port, which is provided in the container metadata.
-
-### Deploy Filebeat:
-
-```shell
-kubectl create -f filebeat-kubernetes.yaml
-```
-
-#### Verify
-
-```shell
-kubectl get pods -n kube-system -l k8s-app=filebeat-dynamic
-```
-
-### About Metricbeat
-
-Metricbeat autodiscover is configured in the same way as Filebeat.  Here is the Metricbeat autodiscover configuration for the Redis containers.  This configuration is in the file `metricbeat-kubernetes.yaml`:
-
-```yaml
-- condition.equals:
-    kubernetes.labels.tier: backend
-  config:
-    - module: redis
-      metricsets: ["info", "keyspace"]
-      period: 10s
-
-      # Redis hosts
-      hosts: ["${data.host}:${data.port}"]
-```
-
-This configures Metricbeat to apply the Metricbeat module `redis` when a container is detected with a label `tier` equal to the string `backend`.  The `redis` module has the ability to collect the `info` and `keyspace` metrics from the container by connecting to the proper pod host and port, which is provided in the container metadata.
-
-### Deploy Metricbeat
-
-```shell
-kubectl create -f metricbeat-kubernetes.yaml
-```
-
-#### Verify
-
-```shell
-kubectl get pods -n kube-system -l k8s-app=metricbeat
-```
-
-### About Packetbeat
-
-Packetbeat configuration is different than Filebeat and Metricbeat.  Rather than specify patterns to match against container labels the configuration is based on the protocols and port numbers involved.  Shown below is a subset of the port numbers.
-
-{{< note >}}
-If you are running a service on a non-standard port add that port number to the appropriate type in `filebeat.yaml` and delete/create the Packetbeat DaemonSet.
-{{< /note >}}
-
-```yaml
-packetbeat.interfaces.device: any
-
-packetbeat.protocols:
-- type: dns
-  ports: [53]
-  include_authorities: true
-  include_additionals: true
-
-- type: http
-  ports: [80, 8000, 8080, 9200]
-
-- type: mysql
-  ports: [3306]
-
-- type: redis
-  ports: [6379]
-
-packetbeat.flows:
-  timeout: 30s
-  period: 10s
-```
-
-#### Deploy Packetbeat
-
-```shell
-kubectl create -f packetbeat-kubernetes.yaml
-```
-
-#### Verify
-
-```shell
-kubectl get pods -n kube-system -l k8s-app=packetbeat-dynamic
-```
-
-## View in Kibana
-
-Open Kibana in your browser and then open the **Dashboard** application.  In the search bar type Kubernetes and click on the Metricbeat dashboard for Kubernetes.  This dashboard reports on the state of your Nodes, deployments, etc.
-
-Search for Packetbeat on the Dashboard page, and view the Packetbeat overview.
-
-Similarly, view dashboards for Apache and Redis.  You will see dashboards for logs and metrics for each.  The Apache Metricbeat dashboard will be blank.  Look at the Apache Filebeat dashboard and scroll to the bottom to view the Apache error logs.  This will tell you why there are no metrics available for Apache.
-
-To enable Metricbeat to retrieve the Apache metrics, enable server-status by adding a ConfigMap including a mod-status configuration file and re-deploy the guestbook.
-
-## Scale your Deployments and see new pods being monitored
-
-List the existing Deployments:
-
-```shell
-kubectl get deployments
-```
-
-The output:
-
-```
-NAME            READY   UP-TO-DATE   AVAILABLE   AGE
-frontend        3/3     3            3           3h27m
-redis-master    1/1     1            1           3h27m
-redis-slave     2/2     2            2           3h27m
-```
-
-Scale the frontend down to two pods:
-
-```shell
-kubectl scale --replicas=2 deployment/frontend
-```
-
-The output:
-
-```
-deployment.extensions/frontend scaled
-```
-
-Scale the frontend back up to three pods:
-
-```shell
-kubectl scale --replicas=3 deployment/frontend
-```
-
-## View the changes in Kibana
-
-See the screenshot, add the indicated filters and then add the columns to the view.  You can see the ScalingReplicaSet entry that is marked, following from there to the top of the list of events shows the image being pulled, the volumes mounted, the pod starting, etc.
-![Kibana Discover](https://raw.githubusercontent.com/elastic/examples/master/beats-k8s-send-anywhere/scaling-up.png)
-
-## {{% heading "cleanup" %}}
-
-Deleting the Deployments and Services also deletes any running Pods. Use labels to delete multiple resources with one command.
-
-1. Run the following commands to delete all Pods, Deployments, and Services.
-
-   ```shell
-   kubectl delete deployment -l app=redis
-   kubectl delete service -l app=redis
-   kubectl delete deployment -l app=guestbook
-   kubectl delete service -l app=guestbook
-   kubectl delete -f filebeat-kubernetes.yaml
-   kubectl delete -f metricbeat-kubernetes.yaml
-   kubectl delete -f packetbeat-kubernetes.yaml
-   kubectl delete secret dynamic-logging -n kube-system
-   ```
-
-1. Query the list of Pods to verify that no Pods are running:
-
-   ```shell
-   kubectl get pods
-   ```
-
-   The response should be this:
-
-   ```
-   No resources found.
-   ```
-
-## {{% heading "whatsnext" %}}
-
-* Learn about [tools for monitoring resources](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)
-* Read more about [logging architecture](/docs/concepts/cluster-administration/logging/)
-* Read more about [application introspection and debugging](/docs/tasks/debug-application-cluster/)
-* Read more about [troubleshoot applications](/docs/tasks/debug-application-cluster/resource-usage-monitoring/)
-
diff --git a/content/en/docs/tutorials/stateless-application/guestbook.md b/content/en/docs/tutorials/stateless-application/guestbook.md
index 2b6eef90fa..817526c6d1 100644
--- a/content/en/docs/tutorials/stateless-application/guestbook.md
+++ b/content/en/docs/tutorials/stateless-application/guestbook.md
@@ -1,5 +1,5 @@
 ---
-title: "Example: Deploying PHP Guestbook application with Redis"
+title: "Example: Deploying PHP Guestbook application with MongoDB"
 reviewers:
 - ahmetb
 content_type: tutorial
@@ -7,22 +7,19 @@ weight: 20
 card:
   name: tutorials
   weight: 30
-  title: "Stateless Example: PHP Guestbook with Redis"
+  title: "Stateless Example: PHP Guestbook with MongoDB"
+min-kubernetes-server-version: v1.14
 ---
 
 <!-- overview -->
-This tutorial shows you how to build and deploy a simple, multi-tier web application using Kubernetes and [Docker](https://www.docker.com/). This example consists of the following components:
+This tutorial shows you how to build and deploy a simple _(not production ready)_, multi-tier web application using Kubernetes and [Docker](https://www.docker.com/). This example consists of the following components:
 
-* A single-instance [Redis](https://redis.io/) master to store guestbook entries
-* Multiple [replicated Redis](https://redis.io/topics/replication) instances to serve reads
+* A single-instance [MongoDB](https://www.mongodb.com/) to store guestbook entries
 * Multiple web frontend instances
 
-
-
 ## {{% heading "objectives" %}}
 
-* Start up a Redis master.
-* Start up Redis slaves.
+* Start up a Mongo database.
 * Start up the guestbook frontend.
 * Expose and view the Frontend Service.
 * Clean up.
@@ -39,24 +36,28 @@ This tutorial shows you how to build and deploy a simple, multi-tier web applica
 
 <!-- lessoncontent -->
 
-## Start up the Redis Master
+## Start up the Mongo Database
 
-The guestbook application uses Redis to store its data. It writes its data to a Redis master instance and reads data from multiple Redis slave instances.
+The guestbook application uses MongoDB to store its data.
 
-### Creating the Redis Master Deployment
+### Creating the Mongo Deployment
 
-The manifest file, included below, specifies a Deployment controller that runs a single replica Redis master Pod.
+The manifest file, included below, specifies a Deployment controller that runs a single replica MongoDB Pod.
 
-{{< codenew file="application/guestbook/redis-master-deployment.yaml" >}}
+{{< codenew file="application/guestbook/mongo-deployment.yaml" >}}
 
 1. Launch a terminal window in the directory you downloaded the manifest files.
-1. Apply the Redis Master Deployment from the `redis-master-deployment.yaml` file:
+1. Apply the MongoDB Deployment from the `mongo-deployment.yaml` file:
 
       ```shell
-      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-master-deployment.yaml
+      kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-deployment.yaml
       ```
+<!---
+for local testing of the content via relative file path
+kubectl apply -f ./content/en/examples/application/guestbook/mongo-deployment.yaml
+-->
 
-1. Query the list of Pods to verify that the Redis Master Pod is running:
+1. Query the list of Pods to verify that the MongoDB Pod is running:
 
       ```shell
       kubectl get pods
@@ -66,32 +67,33 @@ The manifest file, included below, specifies a Deployment controller that runs a
 
       ```shell
       NAME                            READY     STATUS    RESTARTS   AGE
-      redis-master-1068406935-3lswp   1/1       Running   0          28s
+      mongo-5cfd459dd4-lrcjb          1/1       Running   0          28s
       ```
 
-1. Run the following command to view the logs from the Redis Master Pod:
+1. Run the following command to view the logs from the MongoDB Deployment:
 
      ```shell
-     kubectl logs -f POD-NAME
+     kubectl logs -f deployment/mongo
      ```
 
-{{< note >}}
-Replace POD-NAME with the name of your Pod.
-{{< /note >}}
+### Creating the MongoDB Service
 
-### Creating the Redis Master Service
+The guestbook application needs to communicate to the MongoDB to write its data. You need to apply a [Service](/docs/concepts/services-networking/service/) to proxy the traffic to the MongoDB Pod. A Service defines a policy to access the Pods.
 
-The guestbook application needs to communicate to the Redis master to write its data. You need to apply a [Service](/docs/concepts/services-networking/service/) to proxy the traffic to the Redis master Pod. A Service defines a policy to access the Pods.
+{{< codenew file="application/guestbook/mongo-service.yaml" >}}
 
-{{< codenew file="application/guestbook/redis-master-service.yaml" >}}
-
-1. Apply the Redis Master Service from the following `redis-master-service.yaml` file:
+1. Apply the MongoDB Service from the following `mongo-service.yaml` file:
 
       ```shell
-      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-master-service.yaml
+      kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-service.yaml
       ```
 
-1. Query the list of Services to verify that the Redis Master Service is running:
+<!---
+for local testing of the content via relative file path
+kubectl apply -f ./content/en/examples/application/guestbook/mongo-service.yaml
+-->
+
+1. Query the list of Services to verify that the MongoDB Service is running:
 
       ```shell
       kubectl get service
@@ -102,77 +104,17 @@ The guestbook application needs to communicate to the Redis master to write its
       ```shell
       NAME           TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
       kubernetes     ClusterIP   10.0.0.1     <none>        443/TCP    1m
-      redis-master   ClusterIP   10.0.0.151   <none>        6379/TCP   8s
+      mongo          ClusterIP   10.0.0.151   <none>        6379/TCP   8s
       ```
 
 {{< note >}}
-This manifest file creates a Service named `redis-master` with a set of labels that match the labels previously defined, so the Service routes network traffic to the Redis master Pod.   
+This manifest file creates a Service named `mongo` with a set of labels that match the labels previously defined, so the Service routes network traffic to the MongoDB Pod.
 {{< /note >}}
 
 
-## Start up the Redis Slaves
-
-Although the Redis master is a single pod, you can make it highly available to meet traffic demands by adding replica Redis slaves.
-
-### Creating the Redis Slave Deployment
-
-Deployments scale based off of the configurations set in the manifest file. In this case, the Deployment object specifies two replicas.
-
-If there are not any replicas running, this Deployment would start the two replicas on your container cluster. Conversely, if there are more than two replicas running, it would scale down until two replicas are running.
-
-{{< codenew file="application/guestbook/redis-slave-deployment.yaml" >}}
-
-1. Apply the Redis Slave Deployment from the `redis-slave-deployment.yaml` file:
-
-      ```shell
-      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-slave-deployment.yaml
-      ```
-
-1. Query the list of Pods to verify that the Redis Slave Pods are running:
-
-      ```shell
-      kubectl get pods
-      ```
-
-      The response should be similar to this:
-
-      ```shell
-      NAME                            READY     STATUS              RESTARTS   AGE
-      redis-master-1068406935-3lswp   1/1       Running             0          1m
-      redis-slave-2005841000-fpvqc    0/1       ContainerCreating   0          6s
-      redis-slave-2005841000-phfv9    0/1       ContainerCreating   0          6s
-      ```
-
-### Creating the Redis Slave Service
-
-The guestbook application needs to communicate to Redis slaves to read data. To make the Redis slaves discoverable, you need to set up a Service. A Service provides transparent load balancing to a set of Pods.
-
-{{< codenew file="application/guestbook/redis-slave-service.yaml" >}}
-
-1. Apply the Redis Slave Service from the following `redis-slave-service.yaml` file:
-
-      ```shell
-      kubectl apply -f https://k8s.io/examples/application/guestbook/redis-slave-service.yaml
-      ```
-
-1. Query the list of Services to verify that the Redis slave service is running:
-
-      ```shell
-      kubectl get services
-      ```
-
-      The response should be similar to this:
-
-      ```
-      NAME           TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
-      kubernetes     ClusterIP   10.0.0.1     <none>        443/TCP    2m
-      redis-master   ClusterIP   10.0.0.151   <none>        6379/TCP   1m
-      redis-slave    ClusterIP   10.0.0.223   <none>        6379/TCP   6s
-      ```
-
 ## Set up and Expose the Guestbook Frontend
 
-The guestbook application has a web frontend serving the HTTP requests written in PHP. It is configured to connect to the `redis-master` Service for write requests and the `redis-slave` service for Read requests.
+The guestbook application has a web frontend serving the HTTP requests written in PHP. It is configured to connect to the `mongo` Service to store Guestbook entries.
 
 ### Creating the Guestbook Frontend Deployment
 
@@ -184,6 +126,11 @@ The guestbook application has a web frontend serving the HTTP requests written i
       kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-deployment.yaml
       ```
 
+<!---
+for local testing of the content via relative file path
+kubectl apply -f ./content/en/examples/application/guestbook/frontend-deployment.yaml
+-->
+
 1. Query the list of Pods to verify that the three frontend replicas are running:
 
       ```shell
@@ -201,12 +148,12 @@ The guestbook application has a web frontend serving the HTTP requests written i
 
 ### Creating the Frontend Service
 
-The `redis-slave` and `redis-master` Services you applied are only accessible within the container cluster because the default type for a Service is [ClusterIP](/docs/concepts/services-networking/service/#publishing-services---service-types). `ClusterIP` provides a single IP address for the set of Pods the Service is pointing to. This IP address is accessible only within the cluster.
+The `mongo` Services you applied is only accessible within the Kubernetes cluster because the default type for a Service is [ClusterIP](/docs/concepts/services-networking/service/#publishing-services---service-types). `ClusterIP` provides a single IP address for the set of Pods the Service is pointing to. This IP address is accessible only within the cluster.
 
-If you want guests to be able to access your guestbook, you must configure the frontend Service to be externally visible, so a client can request the Service from outside the container cluster. Minikube can only expose Services through `NodePort`.  
+If you want guests to be able to access your guestbook, you must configure the frontend Service to be externally visible, so a client can request the Service from outside the Kubernetes cluster. However a Kubernetes user you can use `kubectl port-forward` to access the service even though it uses a `ClusterIP`.
 
 {{< note >}}
-Some cloud providers, like Google Compute Engine or Google Kubernetes Engine, support external load balancers. If your cloud provider supports load balancers and you want to use it, simply delete or comment out `type: NodePort`, and uncomment `type: LoadBalancer`.
+Some cloud providers, like Google Compute Engine or Google Kubernetes Engine, support external load balancers. If your cloud provider supports load balancers and you want to use it, simply uncomment `type: LoadBalancer`.
 {{< /note >}}
 
 {{< codenew file="application/guestbook/frontend-service.yaml" >}}
@@ -217,6 +164,11 @@ Some cloud providers, like Google Compute Engine or Google Kubernetes Engine, su
       kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-service.yaml
       ```
 
+<!---
+for local testing of the content via relative file path
+kubectl apply -f ./content/en/examples/application/guestbook/frontend-service.yaml
+-->
+
 1. Query the list of Services to verify that the frontend Service is running:
 
       ```shell
@@ -227,29 +179,27 @@ Some cloud providers, like Google Compute Engine or Google Kubernetes Engine, su
 
       ```
       NAME           TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
-      frontend       NodePort    10.0.0.112   <none>       80:31323/TCP   6s
+      frontend       ClusterIP   10.0.0.112   <none>       80/TCP   6s
       kubernetes     ClusterIP   10.0.0.1     <none>        443/TCP        4m
-      redis-master   ClusterIP   10.0.0.151   <none>        6379/TCP       2m
-      redis-slave    ClusterIP   10.0.0.223   <none>        6379/TCP       1m
+      mongo          ClusterIP   10.0.0.151   <none>        6379/TCP       2m
       ```
 
-### Viewing the Frontend Service via `NodePort`
+### Viewing the Frontend Service via `kubectl port-forward`
 
-If you deployed this application to Minikube or a local cluster, you need to find the IP address to view your Guestbook.
-
-1. Run the following command to get the IP address for the frontend Service.
+1. Run the following command to forward port `8080` on your local machine to port `80` on the service.
 
       ```shell
-      minikube service frontend --url
+      kubectl port-forward svc/frontend 8080:80
       ```
 
       The response should be similar to this:
 
       ```
-      http://192.168.99.100:31323
+      Forwarding from 127.0.0.1:8080 -> 80
+      Forwarding from [::1]:8080 -> 80
       ```
 
-1. Copy the IP address, and load the page in your browser to view your guestbook.
+1. load the page [http://localhost:8080](http://localhost:8080) in your browser to view your guestbook.
 
 ### Viewing the Frontend Service via `LoadBalancer`
 
@@ -272,7 +222,7 @@ If you deployed the `frontend-service.yaml` manifest with type: `LoadBalancer` y
 
 ## Scale the Web Frontend
 
-Scaling up or down is easy because your servers are defined as a Service that uses a Deployment controller.
+You can scale up or down as needed because your servers are defined as a Service that uses a Deployment controller.
 
 1. Run the following command to scale up the number of frontend Pods:
 
@@ -295,9 +245,7 @@ Scaling up or down is easy because your servers are defined as a Service that us
       frontend-3823415956-k22zn       1/1       Running   0          54m
       frontend-3823415956-w9gbt       1/1       Running   0          54m
       frontend-3823415956-x2pld       1/1       Running   0          5s
-      redis-master-1068406935-3lswp   1/1       Running   0          56m
-      redis-slave-2005841000-fpvqc    1/1       Running   0          55m
-      redis-slave-2005841000-phfv9    1/1       Running   0          55m
+      mongo-1068406935-3lswp   1/1       Running   0          56m
       ```
 
 1. Run the following command to scale down the number of frontend Pods:
@@ -318,9 +266,7 @@ Scaling up or down is easy because your servers are defined as a Service that us
       NAME                            READY     STATUS    RESTARTS   AGE
       frontend-3823415956-k22zn       1/1       Running   0          1h
       frontend-3823415956-w9gbt       1/1       Running   0          1h
-      redis-master-1068406935-3lswp   1/1       Running   0          1h
-      redis-slave-2005841000-fpvqc    1/1       Running   0          1h
-      redis-slave-2005841000-phfv9    1/1       Running   0          1h
+      mongo-1068406935-3lswp   1/1       Running   0          1h
       ```
 
 
@@ -332,20 +278,18 @@ Deleting the Deployments and Services also deletes any running Pods. Use labels
 1. Run the following commands to delete all Pods, Deployments, and Services.
 
       ```shell
-      kubectl delete deployment -l app=redis
-      kubectl delete service -l app=redis
-      kubectl delete deployment -l app=guestbook
-      kubectl delete service -l app=guestbook
+      kubectl delete deployment -l app.kubernetes.io/name=mongo
+      kubectl delete service -l app.kubernetes.io/name=mongo
+      kubectl delete deployment -l app.kubernetes.io/name=guestbook
+      kubectl delete service -l app.kubernetes.io/name=guestbook
       ```
 
       The responses should be:
 
       ```
-      deployment.apps "redis-master" deleted
-      deployment.apps "redis-slave" deleted
-      service "redis-master" deleted
-      service "redis-slave" deleted
-      deployment.apps "frontend" deleted    
+      deployment.apps "mongo" deleted
+      service "mongo" deleted
+      deployment.apps "frontend" deleted
       service "frontend" deleted
       ```
 
@@ -365,9 +309,7 @@ Deleting the Deployments and Services also deletes any running Pods. Use labels
 
 ## {{% heading "whatsnext" %}}
 
-* Add [ELK logging and monitoring](/docs/tutorials/stateless-application/guestbook-logs-metrics-with-elk/) to your Guestbook application
 * Complete the [Kubernetes Basics](/docs/tutorials/kubernetes-basics/) Interactive Tutorials
 * Use Kubernetes to create a blog using [Persistent Volumes for MySQL and Wordpress](/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/#visit-your-new-wordpress-blog)
 * Read more about [connecting applications](/docs/concepts/services-networking/connect-applications-service/)
 * Read more about [Managing Resources](/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively)
-
diff --git a/content/en/examples/access/certificate-signing-request/clusterrole-sign.yaml b/content/en/examples/access/certificate-signing-request/clusterrole-sign.yaml
index 29bbc6a9cd..6d1a2f7882 100644
--- a/content/en/examples/access/certificate-signing-request/clusterrole-sign.yaml
+++ b/content/en/examples/access/certificate-signing-request/clusterrole-sign.yaml
@@ -21,7 +21,7 @@ rules:
   - certificates.k8s.io
   resources:
   - signers
-  resourceName:
+  resourceNames:
   - example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
   verbs:
   - sign
diff --git a/content/en/examples/application/guestbook/frontend-deployment.yaml b/content/en/examples/application/guestbook/frontend-deployment.yaml
index 23d64be644..613c654aa9 100644
--- a/content/en/examples/application/guestbook/frontend-deployment.yaml
+++ b/content/en/examples/application/guestbook/frontend-deployment.yaml
@@ -3,22 +3,24 @@ kind: Deployment
 metadata:
   name: frontend
   labels:
-    app: guestbook
+    app.kubernetes.io/name: guestbook
+    app.kubernetes.io/component: frontend
 spec:
   selector:
     matchLabels:
-      app: guestbook
-      tier: frontend
+      app.kubernetes.io/name: guestbook
+      app.kubernetes.io/component: frontend
   replicas: 3
   template:
     metadata:
       labels:
-        app: guestbook
-        tier: frontend
+        app.kubernetes.io/name: guestbook
+        app.kubernetes.io/component: frontend
     spec:
       containers:
-      - name: php-redis
-        image: gcr.io/google-samples/gb-frontend:v4
+      - name: guestbook
+        image: paulczar/gb-frontend:v5
+        # image: gcr.io/google-samples/gb-frontend:v4
         resources:
           requests:
             cpu: 100m
@@ -26,13 +28,5 @@ spec:
         env:
         - name: GET_HOSTS_FROM
           value: dns
-          # Using `GET_HOSTS_FROM=dns` requires your cluster to
-          # provide a dns service. As of Kubernetes 1.3, DNS is a built-in
-          # service launched automatically. However, if the cluster you are using
-          # does not have a built-in DNS service, you can instead
-          # access an environment variable to find the master
-          # service's host. To do so, comment out the 'value: dns' line above, and
-          # uncomment the line below:
-          # value: env
         ports:
         - containerPort: 80
diff --git a/content/en/examples/application/guestbook/frontend-service.yaml b/content/en/examples/application/guestbook/frontend-service.yaml
index 6f283f347b..34ad3771d7 100644
--- a/content/en/examples/application/guestbook/frontend-service.yaml
+++ b/content/en/examples/application/guestbook/frontend-service.yaml
@@ -3,16 +3,14 @@ kind: Service
 metadata:
   name: frontend
   labels:
-    app: guestbook
-    tier: frontend
+    app.kubernetes.io/name: guestbook
+    app.kubernetes.io/component: frontend
 spec:
-  # comment or delete the following line if you want to use a LoadBalancer
-  type: NodePort 
   # if your cluster supports it, uncomment the following to automatically create
   # an external load-balanced IP for the frontend service.
   # type: LoadBalancer
   ports:
   - port: 80
   selector:
-    app: guestbook
-    tier: frontend
+    app.kubernetes.io/name: guestbook
+    app.kubernetes.io/component: frontend
diff --git a/content/en/examples/application/guestbook/mongo-deployment.yaml b/content/en/examples/application/guestbook/mongo-deployment.yaml
new file mode 100644
index 0000000000..04908ce25b
--- /dev/null
+++ b/content/en/examples/application/guestbook/mongo-deployment.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mongo
+  labels:
+    app.kubernetes.io/name: mongo
+    app.kubernetes.io/component: backend
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: mongo
+      app.kubernetes.io/component: backend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: mongo
+        app.kubernetes.io/component: backend
+    spec:
+      containers:
+      - name: mongo
+        image: mongo:4.2
+        args:
+          - --bind_ip
+          - 0.0.0.0
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 27017
diff --git a/content/en/examples/application/guestbook/mongo-service.yaml b/content/en/examples/application/guestbook/mongo-service.yaml
new file mode 100644
index 0000000000..b9cef607bc
--- /dev/null
+++ b/content/en/examples/application/guestbook/mongo-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongo
+  labels:
+    app.kubernetes.io/name: mongo
+    app.kubernetes.io/component: backend
+spec:
+  ports:
+  - port: 27017
+    targetPort: 27017
+  selector:
+    app.kubernetes.io/name: mongo
+    app.kubernetes.io/component: backend
diff --git a/content/en/examples/application/guestbook/redis-master-deployment.yaml b/content/en/examples/application/guestbook/redis-master-deployment.yaml
deleted file mode 100644
index 478216d1ac..0000000000
--- a/content/en/examples/application/guestbook/redis-master-deployment.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: redis-master
-  labels:
-    app: redis
-spec:
-  selector:
-    matchLabels:
-      app: redis
-      role: master
-      tier: backend
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: redis
-        role: master
-        tier: backend
-    spec:
-      containers:
-      - name: master
-        image: k8s.gcr.io/redis:e2e  # or just image: redis
-        resources:
-          requests:
-            cpu: 100m
-            memory: 100Mi
-        ports:
-        - containerPort: 6379
diff --git a/content/en/examples/application/guestbook/redis-master-service.yaml b/content/en/examples/application/guestbook/redis-master-service.yaml
deleted file mode 100644
index 65cef2191c..0000000000
--- a/content/en/examples/application/guestbook/redis-master-service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: redis-master
-  labels:
-    app: redis
-    role: master
-    tier: backend
-spec:
-  ports:
-  - name: redis
-    port: 6379
-    targetPort: 6379
-  selector:
-    app: redis
-    role: master
-    tier: backend
diff --git a/content/en/examples/application/guestbook/redis-slave-deployment.yaml b/content/en/examples/application/guestbook/redis-slave-deployment.yaml
deleted file mode 100644
index 1a7b04386a..0000000000
--- a/content/en/examples/application/guestbook/redis-slave-deployment.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: redis-slave
-  labels:
-    app: redis
-spec:
-  selector:
-    matchLabels:
-      app: redis
-      role: slave
-      tier: backend
-  replicas: 2
-  template:
-    metadata:
-      labels:
-        app: redis
-        role: slave
-        tier: backend
-    spec:
-      containers:
-      - name: slave
-        image: gcr.io/google_samples/gb-redisslave:v3
-        resources:
-          requests:
-            cpu: 100m
-            memory: 100Mi
-        env:
-        - name: GET_HOSTS_FROM
-          value: dns
-          # Using `GET_HOSTS_FROM=dns` requires your cluster to
-          # provide a dns service. As of Kubernetes 1.3, DNS is a built-in
-          # service launched automatically. However, if the cluster you are using
-          # does not have a built-in DNS service, you can instead
-          # access an environment variable to find the master
-          # service's host. To do so, comment out the 'value: dns' line above, and
-          # uncomment the line below:
-          # value: env
-        ports:
-        - containerPort: 6379
diff --git a/content/en/examples/application/guestbook/redis-slave-service.yaml b/content/en/examples/application/guestbook/redis-slave-service.yaml
deleted file mode 100644
index 238fd63fb6..0000000000
--- a/content/en/examples/application/guestbook/redis-slave-service.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: redis-slave
-  labels:
-    app: redis
-    role: slave
-    tier: backend
-spec:
-  ports:
-  - port: 6379
-  selector:
-    app: redis
-    role: slave
-    tier: backend
diff --git a/content/en/examples/examples_test.go b/content/en/examples/examples_test.go
index 012a2acaa7..982ddbd693 100644
--- a/content/en/examples/examples_test.go
+++ b/content/en/examples/examples_test.go
@@ -148,6 +148,11 @@ func getCodecForObject(obj runtime.Object) (runtime.Codec, error) {
 }
 
 func validateObject(obj runtime.Object) (errors field.ErrorList) {
+	podValidationOptions := validation.PodValidationOptions{
+		AllowMultipleHugePageResources: true,
+		AllowDownwardAPIHugePages:      true,
+	}
+
 	// Enable CustomPodDNS for testing
 	// feature.DefaultFeatureGate.Set("CustomPodDNS=true")
 	switch t := obj.(type) {
@@ -182,7 +187,7 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
 		opts := validation.PodValidationOptions{
 			AllowMultipleHugePageResources: true,
 		}
-		errors = validation.ValidatePod(t, opts)
+		errors = validation.ValidatePodCreate(t, opts)
 	case *api.PodList:
 		for i := range t.Items {
 			errors = append(errors, validateObject(&t.Items[i])...)
@@ -191,12 +196,12 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
 		}
-		errors = validation.ValidatePodTemplate(t)
+		errors = validation.ValidatePodTemplate(t, podValidationOptions)
 	case *api.ReplicationController:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
 		}
-		errors = validation.ValidateReplicationController(t)
+		errors = validation.ValidateReplicationController(t, podValidationOptions)
 	case *api.ReplicationControllerList:
 		for i := range t.Items {
 			errors = append(errors, validateObject(&t.Items[i])...)
@@ -215,7 +220,11 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
 		}
-		errors = validation.ValidateService(t, true)
+		// handle clusterIPs, logic copied from service strategy
+		if len(t.Spec.ClusterIP) > 0 && len(t.Spec.ClusterIPs) == 0 {
+			t.Spec.ClusterIPs = []string{t.Spec.ClusterIP}
+		}
+		errors = validation.ValidateService(t)
 	case *api.ServiceAccount:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
@@ -250,12 +259,12 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
 		}
-		errors = apps_validation.ValidateDaemonSet(t)
+		errors = apps_validation.ValidateDaemonSet(t, podValidationOptions)
 	case *apps.Deployment:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
 		}
-		errors = apps_validation.ValidateDeployment(t)
+		errors = apps_validation.ValidateDeployment(t, podValidationOptions)
 	case *networking.Ingress:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
@@ -265,18 +274,30 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
 			Version: legacyscheme.Scheme.PrioritizedVersionsForGroup(networking.GroupName)[0].Version,
 		}
 		errors = networking_validation.ValidateIngressCreate(t, gv)
+	case *networking.IngressClass:
+		/*
+			if t.Namespace == "" {
+				t.Namespace = api.NamespaceDefault
+			}
+			gv := schema.GroupVersion{
+				Group:   networking.GroupName,
+				Version: legacyscheme.Scheme.PrioritizedVersionsForGroup(networking.GroupName)[0].Version,
+			}
+		*/
+		errors = networking_validation.ValidateIngressClass(t)
+
 	case *policy.PodSecurityPolicy:
 		errors = policy_validation.ValidatePodSecurityPolicy(t)
 	case *apps.ReplicaSet:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
 		}
-		errors = apps_validation.ValidateReplicaSet(t)
+		errors = apps_validation.ValidateReplicaSet(t, podValidationOptions)
 	case *batch.CronJob:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
 		}
-		errors = batch_validation.ValidateCronJob(t)
+		errors = batch_validation.ValidateCronJob(t, podValidationOptions)
 	case *networking.NetworkPolicy:
 		if t.Namespace == "" {
 			t.Namespace = api.NamespaceDefault
@@ -287,6 +308,9 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
 			t.Namespace = api.NamespaceDefault
 		}
 		errors = policy_validation.ValidatePodDisruptionBudget(t)
+	case *rbac.ClusterRole:
+		// clusterole does not accept namespace
+		errors = rbac_validation.ValidateClusterRole(t)
 	case *rbac.ClusterRoleBinding:
 		// clusterolebinding does not accept namespace
 		errors = rbac_validation.ValidateClusterRoleBinding(t)
@@ -414,6 +438,7 @@ func TestExampleObjectSchemas(t *testing.T) {
 			"storagelimits":            {&api.LimitRange{}},
 		},
 		"admin/sched": {
+			"clusterrole":  {&rbac.ClusterRole{}},
 			"my-scheduler": {&api.ServiceAccount{}, &rbac.ClusterRoleBinding{}, &rbac.ClusterRoleBinding{}, &apps.Deployment{}},
 			"pod1":         {&api.Pod{}},
 			"pod2":         {&api.Pod{}},
@@ -539,6 +564,7 @@ func TestExampleObjectSchemas(t *testing.T) {
 			"dapi-envars-pod":                  {&api.Pod{}},
 			"dapi-volume":                      {&api.Pod{}},
 			"dapi-volume-resources":            {&api.Pod{}},
+			"dependent-envars":                 {&api.Pod{}},
 			"envars":                           {&api.Pod{}},
 			"pod-multiple-secret-env-variable": {&api.Pod{}},
 			"pod-secret-envFrom":               {&api.Pod{}},
@@ -596,29 +622,41 @@ func TestExampleObjectSchemas(t *testing.T) {
 			"load-balancer-example": {&apps.Deployment{}},
 		},
 		"service/access": {
-			"frontend":          {&api.Service{}, &apps.Deployment{}},
-			"hello-application": {&apps.Deployment{}},
-			"hello-service":     {&api.Service{}},
-			"hello":             {&apps.Deployment{}},
+			"backend-deployment":  {&apps.Deployment{}},
+			"backend-service":     {&api.Service{}},
+			"frontend-deployment": {&apps.Deployment{}},
+			"frontend-service":    {&api.Service{}},
+			"hello-application":   {&apps.Deployment{}},
 		},
 		"service/networking": {
-			"curlpod":                             {&apps.Deployment{}},
-			"custom-dns":                          {&api.Pod{}},
-			"dual-stack-default-svc":              {&api.Service{}},
-			"dual-stack-ipv4-svc":                 {&api.Service{}},
-			"dual-stack-ipv6-lb-svc":              {&api.Service{}},
-			"dual-stack-ipv6-svc":                 {&api.Service{}},
-			"hostaliases-pod":                     {&api.Pod{}},
-			"ingress":                             {&networking.Ingress{}},
-			"network-policy-allow-all-egress":     {&networking.NetworkPolicy{}},
-			"network-policy-allow-all-ingress":    {&networking.NetworkPolicy{}},
-			"network-policy-default-deny-egress":  {&networking.NetworkPolicy{}},
-			"network-policy-default-deny-ingress": {&networking.NetworkPolicy{}},
-			"network-policy-default-deny-all":     {&networking.NetworkPolicy{}},
-			"nginx-policy":                        {&networking.NetworkPolicy{}},
-			"nginx-secure-app":                    {&api.Service{}, &apps.Deployment{}},
-			"nginx-svc":                           {&api.Service{}},
-			"run-my-nginx":                        {&apps.Deployment{}},
+			"curlpod":                                 {&apps.Deployment{}},
+			"custom-dns":                              {&api.Pod{}},
+			"dual-stack-default-svc":                  {&api.Service{}},
+			"dual-stack-ipfamilies-ipv6":              {&api.Service{}},
+			"dual-stack-ipv6-svc":                     {&api.Service{}},
+			"dual-stack-prefer-ipv6-lb-svc":           {&api.Service{}},
+			"dual-stack-preferred-ipfamilies-svc":     {&api.Service{}},
+			"dual-stack-preferred-svc":                {&api.Service{}},
+			"external-lb":                             {&networking.IngressClass{}},
+			"example-ingress":                         {&networking.Ingress{}},
+			"hostaliases-pod":                         {&api.Pod{}},
+			"ingress-resource-backend":                {&networking.Ingress{}},
+			"ingress-wildcard-host":                   {&networking.Ingress{}},
+			"minimal-ingress":                         {&networking.Ingress{}},
+			"name-virtual-host-ingress":               {&networking.Ingress{}},
+			"name-virtual-host-ingress-no-third-host": {&networking.Ingress{}},
+			"network-policy-allow-all-egress":         {&networking.NetworkPolicy{}},
+			"network-policy-allow-all-ingress":        {&networking.NetworkPolicy{}},
+			"network-policy-default-deny-egress":      {&networking.NetworkPolicy{}},
+			"network-policy-default-deny-ingress":     {&networking.NetworkPolicy{}},
+			"network-policy-default-deny-all":         {&networking.NetworkPolicy{}},
+			"nginx-policy":                            {&networking.NetworkPolicy{}},
+			"nginx-secure-app":                        {&api.Service{}, &apps.Deployment{}},
+			"nginx-svc":                               {&api.Service{}},
+			"run-my-nginx":                            {&apps.Deployment{}},
+			"simple-fanout-example":                   {&networking.Ingress{}},
+			"test-ingress":                            {&networking.Ingress{}},
+			"tls-example-ingress":                     {&networking.Ingress{}},
 		},
 		"windows": {
 			"configmap-pod":             {&api.ConfigMap{}, &api.Pod{}},
diff --git a/content/fr/community/static/cncf-code-of-conduct.md b/content/fr/community/static/cncf-code-of-conduct.md
index 8d67a9c21a..93ac779477 100644
--- a/content/fr/community/static/cncf-code-of-conduct.md
+++ b/content/fr/community/static/cncf-code-of-conduct.md
@@ -24,7 +24,7 @@ Ce Code de conduite s’applique à la fois dans le cadre du projet et dans le c
 
 Des cas de conduite abusive, de harcèlement ou autre pratique inacceptable ayant cours sur Kubernetes peuvent être signalés en contactant le [comité pour le code de conduite de Kubernetes](https://git.k8s.io/community/committee-code-of-conduct) via l'adresse <conduct@kubernetes.io>.  Pour d'autres projets, bien vouloir contacter un responsable de projet CNCF ou notre médiateur, Mishi Choudhary à l'adresse <mishi@linux.com>.
 
-Ce Code de conduite est inspiré du « Contributor Covenant » (http://contributor-covenant.org) version 1.2.0, disponible à l’adresse http://contributor-covenant.org/version/1/2/0/.
+Ce Code de conduite est inspiré du « Contributor Covenant » (https://contributor-covenant.org) version 1.2.0, disponible à l’adresse https://contributor-covenant.org/version/1/2/0/.
 
 ### Code de conduite pour les événements de la CNCF
 
diff --git a/content/fr/docs/concepts/services-networking/ingress.md b/content/fr/docs/concepts/services-networking/ingress.md
index 81018b3ede..5a611a6ad7 100644
--- a/content/fr/docs/concepts/services-networking/ingress.md
+++ b/content/fr/docs/concepts/services-networking/ingress.md
@@ -328,30 +328,10 @@ metadata:
 type: kubernetes.io/tls
 ```
 
-Référencer ce secret dans un Ingress indiquera au contrôleur d'ingress de sécuriser le canal du client au load-balancer à l'aide de TLS. Vous devez vous assurer que le secret TLS que vous avez créé provenait d'un certificat contenant un CN pour `sslexample.foo.com`.
+Référencer ce secret dans un Ingress indiquera au contrôleur d'Ingress de sécuriser le canal du client au load-balancer à l'aide de TLS. Vous devez vous assurer que le secret TLS que vous avez créé provenait d'un certificat contenant un Common Name (CN), aussi appelé nom de domaine pleinement qualifié (FQDN), pour `https-example.foo.com`.
+
+{{< codenew file="service/networking/tls-example-ingress.yaml" >}}
 
-```yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: tls-example-ingress
-spec:
-  tls:
-  - hosts:
-    - sslexample.foo.com
-    secretName: testsecret-tls
-  rules:
-    - host: sslexample.foo.com
-      http:
-        paths:
-        - path: /
-          pathType: Prefix
-          backend:
-            service:
-              name: service1
-              port:
-                number: 80
-```
 
 {{< note >}}
 Les fonctionnalités TLS prisent en charge par les différents contrôleurs peuvent être différentes. Veuillez vous référer à la documentation sur
diff --git a/content/fr/docs/setup/learning-environment/minikube.md b/content/fr/docs/setup/learning-environment/minikube.md
index 77be61831f..2ab0b3ae5a 100644
--- a/content/fr/docs/setup/learning-environment/minikube.md
+++ b/content/fr/docs/setup/learning-environment/minikube.md
@@ -48,10 +48,10 @@ Suivez les étapes ci-dessous pour commencer et explorer Minikube.
     Starting local Kubernetes cluster...
     ```
 
-    Pour plus d'informations sur le démarrage de votre cluster avec une version spécifique de Kubernetes, une machine virtuelle ou un environnement de conteneur, voir [Démarrage d'un cluster].(#starting-a-cluster).
+    Pour plus d'informations sur le démarrage de votre cluster avec une version spécifique de Kubernetes, une machine virtuelle ou un environnement de conteneur, voir [Démarrage d'un cluster](#starting-a-cluster).
 
 2. Vous pouvez maintenant interagir avec votre cluster à l'aide de kubectl.
-   Pour plus d'informations, voir [Interagir avec votre cluster.](#interacting-with-your-cluster).
+   Pour plus d'informations, voir [Interagir avec votre cluster](#interacting-with-your-cluster).
 
     Créons un déploiement Kubernetes en utilisant une image existante nommée `echoserver`, qui est un serveur HTTP, et exposez-la sur le port 8080 à l’aide de `--port`.
 
@@ -529,5 +529,3 @@ Les contributions, questions et commentaires sont les bienvenus et sont encourag
 Les développeurs de minikube sont dans le canal #minikube du [Slack](https://kubernetes.slack.com) de Kubernetes (recevoir une invitation [ici](http://slack.kubernetes.io/)).
 Nous avons également la liste de diffusion [kubernetes-dev Google Groupes](https://groups.google.com/forum/#!forum/kubernetes-dev).
 Si vous publiez sur la liste, veuillez préfixer votre sujet avec "minikube:".
-
-
diff --git a/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
index bcf325df43..06c6d2f53c 100644
--- a/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
+++ b/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
@@ -40,7 +40,7 @@ Pour plus d'informations sur la création d'un cluster avec kubeadm, une fois qu
 ## Vérifiez que les adresses MAC et product_uuid sont uniques pour chaque nœud {#verify-mac-address}
 
 * Vous pouvez obtenir l'adresse MAC des interfaces réseau en utilisant la commande `ip link` ou` ifconfig -a`
-* Le product_uuid peut être vérifié en utilisant la commande `sudo cat/sys/class/dmi/id/product_uuid`
+* Le product_uuid peut être vérifié en utilisant la commande `sudo cat /sys/class/dmi/id/product_uuid`
 
 Il est très probable que les périphériques matériels aient des adresses uniques, bien que
 certaines machines virtuelles puissent avoir des valeurs identiques. Kubernetes utilise ces valeurs pour identifier de manière unique les nœuds du cluster.
diff --git a/content/fr/docs/tasks/configure-pod-container/assign-cpu-resource.md b/content/fr/docs/tasks/configure-pod-container/assign-cpu-resource.md
index 0845cf2806..284024b425 100644
--- a/content/fr/docs/tasks/configure-pod-container/assign-cpu-resource.md
+++ b/content/fr/docs/tasks/configure-pod-container/assign-cpu-resource.md
@@ -114,7 +114,7 @@ cpu-demo                    974m         <something>
 Souvenez-vous qu'en réglant `-cpu "2"`, vous avez configuré le conteneur pour faire en sorte qu'il utilise 2 CPU, mais que le conteneur ne peut utiliser qu'environ 1 CPU. L'utilisation du CPU du conteneur est entravée, car le conteneur tente d'utiliser plus de ressources CPU que sa limite.
 
 {{< note >}}
-Une autre explication possible de la la restriction du CPU est que le Nœud pourrait ne pas avoir
+Une autre explication possible de la restriction du CPU est que le Nœud pourrait ne pas avoir
 suffisamment de ressources CPU disponibles. Rappelons que les conditions préalables à cet exercice exigent que chacun de vos Nœuds doit avoir au moins 1 CPU.
 Si votre conteneur fonctionne sur un nœud qui n'a qu'un seul CPU, le conteneur ne peut pas utiliser plus que 1 CPU, quelle que soit la limite de CPU spécifiée pour le conteneur.
 {{< /note >}}
diff --git a/content/fr/docs/tasks/tools/install-minikube.md b/content/fr/docs/tasks/tools/install-minikube.md
index b079eba6ec..745f1e4c22 100644
--- a/content/fr/docs/tasks/tools/install-minikube.md
+++ b/content/fr/docs/tasks/tools/install-minikube.md
@@ -84,7 +84,7 @@ Vous pouvez télécharger les packages `.deb` depuis [Docker](https://www.docker
 
 {{< caution >}}
 Le pilote VM `none` peut entraîner des problèmes de sécurité et de perte de données.
-Avant d'utiliser `--driver=none`, consultez [cette documentation] (https://minikube.sigs.k8s.io/docs/reference/drivers/none/) pour plus d'informations.
+Avant d'utiliser `--driver=none`, consultez [cette documentation](https://minikube.sigs.k8s.io/docs/reference/drivers/none/) pour plus d'informations.
 {{</ caution >}}
 
 Minikube prend également en charge un `vm-driver=podman` similaire au pilote Docker. Podman est exécuté en tant que superutilisateur (utilisateur root), c'est le meilleur moyen de garantir que vos conteneurs ont un accès complet à toutes les fonctionnalités disponibles sur votre système.
diff --git a/content/fr/examples/service/networking/tls-example-ingress.yaml b/content/fr/examples/service/networking/tls-example-ingress.yaml
new file mode 100644
index 0000000000..fe5d52a0cb
--- /dev/null
+++ b/content/fr/examples/service/networking/tls-example-ingress.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tls-example-ingress
+spec:
+  tls:
+  - hosts:
+      - https-example.foo.com
+    secretName: testsecret-tls
+  rules:
+  - host: https-example.foo.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: service1
+            port:
+              number: 80
diff --git a/content/id/docs/contribute/_index.md b/content/id/docs/contribute/_index.md
index d793a78967..0105a29791 100644
--- a/content/id/docs/contribute/_index.md
+++ b/content/id/docs/contribute/_index.md
@@ -75,5 +75,5 @@ terhadap dokumentasi Kubernetes, tetapi daftar ini dapat membantumu memulainya.
 
 - Untuk berkontribusi ke komunitas Kubernetes melalui forum-forum daring seperti Twitter atau Stack Overflow, atau mengetahui tentang pertemuan komunitas (_meetup_) lokal dan acara-acara Kubernetes, kunjungi [situs komunitas Kubernetes](/community/).
 - Untuk mulai berkontribusi ke pengembangan fitur, baca [_cheatseet_ kontributor](https://github.com/kubernetes/community/tree/master/contributors/guide/contributor-cheatsheet).
-
+- Untuk kontribusi khusus ke halaman Bahansa Indonesia, baca [Dokumentasi Khusus Untuk Translasi Bahasa Indonesia](/docs/contribute/localization_id.md)
 
diff --git a/content/id/docs/contribute/localization_id.md b/content/id/docs/contribute/localization_id.md
new file mode 100644
index 0000000000..5a9c491297
--- /dev/null
+++ b/content/id/docs/contribute/localization_id.md
@@ -0,0 +1,178 @@
+---
+title: Dokumentasi Khusus Untuk Translasi Bahasa Indonesia
+content_type: concept
+---
+
+<!-- overview -->
+
+Panduan khusus untuk bergabung ke komunitas SIG DOC Indonesia dan melakukan 
+kontribusi untuk mentranslasikan dokumentasi Kubernetes ke dalam Bahasa 
+Indonesia.
+
+<!-- body -->
+
+## Manajemen _Milestone_ Tim {#manajemen-milestone-tim}
+
+Secara umum siklus translasi dokumentasi ke Bahasa Indonesia akan dilakukan 
+3 kali dalam setahun (sekitar setiap 4 bulan). Untuk menentukan dan mengevaluasi 
+pencapaian atau _milestone_ dalam kurun waktu tersebut [jadwal rapat daring 
+reguler tim Bahasa Indonesia](https://zoom.us/j/6072809193) dilakukan secara 
+konsisten setiap dua minggu sekali. Dalam [agenda rapat ini](https://docs.google.com/document/d/1Qrj-WUAMA11V6KmcfxJsXcPeWwMbFsyBGV4RGbrSRXY) 
+juga dilakukan pemilihan PR _Wrangler_ untuk dua minggu ke depan. Tugas PR 
+_Wrangler_ tim Bahasa Indonesia serupa dengan PR _Wrangler_ dari proyek 
+_upstream_.
+
+Target pencapaian atau _milestone_ tim akan dirilis sebagai 
+[_issue tracking_ seperti ini](https://github.com/kubernetes/website/issues/22296) 
+pada Kubernetes GitHub Website setiap 4 bulan. Dan bersama dengan informasi 
+PR _Wrangler_ yang dipilih setiap dua minggu, keduanya akan diumumkan di Slack 
+_channel_ [#kubernetes-docs-id](https://kubernetes.slack.com/archives/CJ1LUCUHM) 
+dari Komunitas Kubernetes.
+
+## Cara Memulai Translasi
+
+Untuk menerjemahkan satu halaman Bahasa Inggris ke Bahasa Indonesia, lakukan 
+langkah-langkah berikut ini:
+
+* Check halaman _issue_ di GitHub dan pastikan tidak ada orang lain yang sudah 
+mengklaim halaman kamu dalam daftar periksa atau komentar-komentar sebelumnya.
+* Klaim halaman kamu pada _issue_ di GitHub dengan memberikan komentar di bawah 
+dengan nama halaman yang ingin kamu terjemahkan dan ambillah hanya satu halaman 
+dalam satu waktu.
+* _Fork_ [repo ini](https://github.com/kubernetes/website), buat terjemahan 
+kamu, dan kirimkan PR (_pull request_) dengan label `language/id`
+* Setelah dikirim, pengulas akan memberikan komentar dalam beberapa hari, dan 
+tolong untuk menjawab semua komentar. Direkomendasikan juga untuk melakukan 
+[_squash_](https://github.com/wprig/wprig/wiki/How-to-squash-commits) _commit_ 
+kamu dengan pesan _commit_ yang baik.
+
+
+## Informasi Acuan Untuk Translasi
+
+Tidak ada panduan gaya khusus untuk menulis translasi ke bahasa Indonesia. 
+Namun, secara umum kita dapat mengikuti panduan gaya bahasa Inggris dengan 
+beberapa tambahan untuk kata-kata impor yang dicetak miring.
+
+Harap berkomitmen dengan terjemahan kamu dan pada saat kamu mendapatkan komentar
+dari pengulas, silahkan atasi sebaik-baiknya. Kami berharap halaman yang 
+diklaim akan diterjemahkan dalam waktu kurang lebih dua minggu. Jika ternyata 
+kamu tidak dapat berkomitmen lagi, beri tahu para pengulas agar mereka dapat 
+meberikan halaman tersebut ke orang lain.
+
+Beberapa acuan tambahan dalam melakukan translasi silahkan lihat informasi 
+berikut ini:
+
+### Daftara Glosarium Translasi dari tim SIG DOC Indonesia
+Untuk kata-kata selengkapnya silahkan baca glosariumnya 
+[disini](#glosarium-indonesia)
+
+### KBBI
+Konsultasikan dengan KBBI (Kamus Besar Bahasa Indonesia) 
+[disini](https://kbbi.web.id/) dari 
+[Kemendikbud](https://kbbi.kemdikbud.go.id/).
+
+### RSNI Glosarium dari Ivan Lanin
+[RSNI Glosarium](https://github.com/jk8s/sig-docs-id-localization-how-tos/blob/master/resources/RSNI-glossarium.pdf)
+dapat digunakan untuk memahami bagaimana menerjemahkan berbagai istilah teknis 
+dan khusus Kubernetes.
+
+
+## Panduan Penulisan _Source Code_
+
+### Mengikuti kode asli dari dokumentasi bahasa Inggris
+
+Untuk kenyamanan pemeliharaan, ikuti lebar teks asli dalam kode bahasa Inggris.
+Dengan kata lain, jika teks asli ditulis dalam baris yang panjang tanpa putus 
+atu baris, maka teks tersebut ditulis panjang dalam satu baris meskipun dalam 
+bahasa Indonesia. Jagalah agar tetap serupa.
+
+### Hapus nama reviewer di kode asli bahasa Inggris
+
+Terkadang _reviewer_ ditentukan di bagian atas kode di teks asli Bahasa Inggris. 
+Secara umum, _reviewer-reviewer_ halaman aslinya akan kesulitan untuk meninjau 
+halaman  dalam bahasa Indonesia, jadi hapus kode yang terkait dengan informasi 
+_reviewer_ dari metadata kode tersebut.
+
+
+## Panduan Penulisan Kata-kata Translasi
+
+### Panduan umum
+
+* Gunakan "kamu" daripada "Anda" sebagai subyek agar lebih bersahabat dengan 
+para pembaca dokumentasi.
+* Tulislah miring untuk kata-kata bahasa Inggris yang diimpor jika kamu tidak 
+dapat menemukan kata-kata tersebut dalam bahasa Indonesia.
+*Benar*: _controller_. *Salah*: controller, `controller`
+
+### Panduan untuk kata-kata API Objek Kubernetes
+
+Gunakan gaya "CamelCase" untuk menulis objek API Kubernetes, lihat daftar 
+lengkapnya [di sini](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/).
+Sebagai contoh:
+
+* *Benar*: PersistentVolume. *Salah*: volume persisten, `PersistentVolume`, 
+persistentVolume
+* *Benar*: Pod. *Salah*: pod, `pod`, "pod"
+
+*Tips* : Biasanya API objek sudah ditulis dalam huruf kapital pada halaman asli
+bahasa Inggris.
+
+### Panduan untuk kata-kata yang sama dengan API Objek Kubernetes
+
+Ada beberapa kata-kata yang serupa dengan nama API objek dari Kubernetes dan 
+dapat mengacu ke arti yang lebih umum (tidak selalu dalam konteks Kubernetes).
+Sebagai contoh: _service_, _container_, _node_ , dan lain sebagainya. Kata-kata
+sebaiknya ditranslasikan ke Bahasa Indonesia sebagai contoh _service_ menjadi 
+layanan, _container_ menjadi kontainer.
+
+*Tips* : Biasanya kata-kata yang mengacu ke arti yang lebih umum sudah *tidak* 
+ditulis dalam huruf kapital pada halaman asli bahasa Inggris.
+
+### Panduan untuk "Feature Gate" Kubernetes
+
+Istilah [_functional gate_](https://kubernetes.io/ko/docs/reference/command-line-tools-reference/feature-gates/) 
+Kubernetes tidak perlu diterjemahkan ke dalam bahasa Indonesia dan tetap 
+dipertahankan dalam bentuk aslinya.
+
+Contoh dari _functional gate_ adalah sebagai berikut:
+
+- Akselerator
+- AdvancedAuditing
+- AffinityInAnnotations
+- AllowExtTrafficLocalEndpoints
+- ...
+
+### Glosarium Indonesia {#glosarium-indonesia}
+
+Inggris | Tipe Kata | Indonesia | Sumber | Contoh Kalimat
+---|---|---|---|---
+cluster |  | klaster |  |  
+container |  | kontainer |  |
+node | kata benda | node |  |
+file |  | berkas |  |
+service | kata benda | layanan |  |
+set |  | sekumpulan |  |
+resource |  | sumber daya |  |
+default |  | bawaan atau standar (tergantung context) |  | Secara bawaan, ...; Pada konfigurasi dan instalasi standar, ...
+deploy |  | menggelar |  |
+image |  | _image_ |  |
+request |  | permintaan |  |
+object | kata benda | objek | https://kbbi.web.id/objek | 
+command |  | perintah | https://kbbi.web.id/perintah | 
+view |  | tampilan |  |
+support |  | tersedia atau dukungan (tergantung konteks) | "This feature is supported on version X; Fitur ini tersedia pada versi X; Supported by community; Didukung oleh komunitas"
+release | kata benda | rilis | https://kbbi.web.id/rilis | 
+tool |  | perangkat |  |
+deployment |  | penggelaran |  |
+client |  | klien |  |
+reference |  | rujukan |  |
+update |  | pembaruan |  | The latest update... ; Pembaruan terkini...
+state |  | _state_ |  |
+task |  | _task_ |  |
+certificate |  | sertifikat |  |
+install |  | instalasi | https://kbbi.web.id/instalasi | 
+scale |  | skala |  |
+process | kata kerja | memproses | https://kbbi.web.id/proses | 
+replica | kata benda | replika | https://kbbi.web.id/replika | 
+flag |  | tanda, parameter, argumen |  |
+event |  | _event_ |  | 
\ No newline at end of file
diff --git a/content/it/community/static/cncf-code-of-conduct.md b/content/it/community/static/cncf-code-of-conduct.md
index 0622b9edab..046cc20584 100644
--- a/content/it/community/static/cncf-code-of-conduct.md
+++ b/content/it/community/static/cncf-code-of-conduct.md
@@ -21,7 +21,7 @@ I responsabili di progetto hanno il diritto e la responsabilità di rimuovere, m
 
 Casi di comportamenti abusivi, molestie o altri comportamenti inaccettabili in Kubernetes potranno essere denunciati contattando [Il comitato del codice di condotta Kubernetes (CNCF)](https://git.k8s.io/community/committee-code-of-conduct) attraverso <conduct@kubernetes.io>. Per altri progetti, contattare il Project manager del CNCF o il nostro mediatore, Mishi Choudhary <mishi@linux.com>. 
 
-Il codice di condotta è stato adattato dal Contributor Covenant (http://contributor-covenant.org), versione 1.2.0, disponibile su http://contributor-covenant.org/version/1/2/0/
+Il codice di condotta è stato adattato dal Contributor Covenant (https://contributor-covenant.org), versione 1.2.0, disponibile su https://contributor-covenant.org/version/1/2/0/
 
 ### CNCF Codice di condotta negli eventi
 
diff --git a/content/ja/community/static/cncf-code-of-conduct.md b/content/ja/community/static/cncf-code-of-conduct.md
index f61005e387..61255d92d9 100644
--- a/content/ja/community/static/cncf-code-of-conduct.md
+++ b/content/ja/community/static/cncf-code-of-conduct.md
@@ -25,7 +25,7 @@ CNCF コミュニティ行動規範 v1.0
 
 Kubernetesで虐待的、嫌がらせ、または許されない行動があった場合には、<conduct@kubernetes.io>から[Kubernetes Code of Conduct Committee](https://git.k8s.io/community/committee-code-of-conduct)（行動規範委員会）にご連絡ください。その他のプロジェクトにつきましては、CNCFプロジェクト管理者または仲介者<mishi@linux.com>にご連絡ください。
 
-本行動規範は、コントリビューターの合意 (http://contributor-covenant.org) バージョン 1.2.0 http://contributor-covenant.org/version/1/2/0/ から適応されています。
+本行動規範は、コントリビューターの合意 (https://contributor-covenant.org) バージョン 1.2.0 https://contributor-covenant.org/version/1/2/0/ から適応されています。
 
 ### CNCF イベント行動規範
 
diff --git a/content/ja/docs/concepts/workloads/controllers/ttlafterfinished.md b/content/ja/docs/concepts/workloads/controllers/ttlafterfinished.md
index f863cb4e92..728e0346fe 100644
--- a/content/ja/docs/concepts/workloads/controllers/ttlafterfinished.md
+++ b/content/ja/docs/concepts/workloads/controllers/ttlafterfinished.md
@@ -52,4 +52,4 @@ Kubernetesにおいてタイムスキューを避けるために、全てのNode
 
 * [Jobの自動クリーンアップ](/ja/docs/concepts/workloads/controllers/job/#clean-up-finished-jobs-automatically)
 
-* [設計ドキュメント](https://github.com/kubernetes/enhancements/blob/master/keps/sig-apps/0026-ttl-after-finish.md)
+* [設計ドキュメント](https://github.com/kubernetes/enhancements/blob/master/keps/sig-apps/592-ttl-after-finish/README.md)
diff --git a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md
index 2fc9f826f7..11334045fc 100644
--- a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md
@@ -137,7 +137,8 @@ content_type: concept
 | `TokenRequestProjection` | `false` | Alpha | 1.11 | 1.11 |
 | `TokenRequestProjection` | `true` | Beta | 1.12 | |
 | `TTLAfterFinished` | `false` | Alpha | 1.12 | |
-| `TopologyManager` | `false` | Alpha | 1.16 | |
+| `TopologyManager` | `false` | Alpha | 1.16 | 1.17 |
+| `TopologyManager` | `true` | Beta | 1.18 | |
 | `ValidateProxyRedirects` | `false` | Alpha | 1.12 | 1.13 |
 | `ValidateProxyRedirects` | `true` | Beta | 1.14 | |
 | `VolumePVCDataSource` | `false` | Alpha | 1.15 | 1.15 |
diff --git a/content/ja/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace.md b/content/ja/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace.md
new file mode 100644
index 0000000000..1bc1b7951d
--- /dev/null
+++ b/content/ja/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace.md
@@ -0,0 +1,258 @@
+---
+title: Namespaceに対する最小および最大メモリー制約の構成
+
+content_type: task
+weight: 30
+---
+
+
+<!-- overview -->
+
+このページでは、Namespaceで実行されるコンテナが使用するメモリーの最小値と最大値を設定する方法を説明します。
+[LimitRange](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#limitrange-v1-core) で最小値と最大値のメモリー値を指定します。
+PodがLimitRangeによって課される制約を満たさない場合、そのNamespaceではPodを作成できません。
+
+
+## {{% heading "prerequisites" %}}
+
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+クラスター内の各ノードには、少なくとも1GiBのメモリーが必要です。
+
+
+<!-- steps -->
+
+## Namespaceの作成
+
+この演習で作成したリソースがクラスターの他の部分から分離されるように、Namespaceを作成します。
+
+
+```shell
+kubectl create namespace constraints-mem-example
+```
+
+## LimitRangeとPodを作成
+
+LimitRangeの設定ファイルです。
+
+{{< codenew file="admin/resource/memory-constraints.yaml" >}}
+
+LimitRangeを作成します。
+
+```shell
+kubectl apply -f https://k8s.io/examples/admin/resource/memory-constraints.yaml --namespace=constraints-mem-example
+```
+
+LimitRangeの詳細情報を表示します。
+
+
+```shell
+kubectl get limitrange mem-min-max-demo-lr --namespace=constraints-mem-example --output=yaml
+```
+
+出力されるのは、予想通りメモリー制約の最小値と最大値を示しています。
+しかし、LimitRangeの設定ファイルでデフォルト値を指定していないにもかかわらず、
+自動的に作成されていることに気づきます。
+
+
+```
+  limits:
+  - default:
+      memory: 1Gi
+    defaultRequest:
+      memory: 1Gi
+    max:
+      memory: 1Gi
+    min:
+      memory: 500Mi
+    type: Container
+```
+
+
+constraints-mem-exampleNamespaceにコンテナが作成されるたびに、
+Kubernetesは以下の手順を実行するようになっています。
+
+* コンテナが独自のメモリー要求と制限を指定しない場合は、デフォルトのメモリー要求と制限をコンテナに割り当てます。
+
+* コンテナに500MiB以上のメモリー要求があることを確認します。
+
+* コンテナのメモリー制限が1GiB以下であることを確認します。
+
+以下は、1つのコンテナを持つPodの設定ファイルです。設定ファイルのコンテナ(containers)では、600MiBのメモリー要求と800MiBのメモリー制限が指定されています。これらはLimitRangeによって課される最小と最大のメモリー制約を満たしています。
+
+
+{{< codenew file="admin/resource/memory-constraints-pod.yaml" >}}
+
+Podの作成
+
+```shell
+kubectl apply -f https://k8s.io/examples/admin/resource/memory-constraints-pod.yaml --namespace=constraints-mem-example
+```
+
+Podのコンテナが実行されていることを確認します。
+
+```shell
+kubectl get pod constraints-mem-demo --namespace=constraints-mem-example
+```
+
+Podの詳細情報を見ます
+
+```shell
+kubectl get pod constraints-mem-demo --output=yaml --namespace=constraints-mem-example
+```
+
+出力は、コンテナが600MiBのメモリ要求と800MiBのメモリー制限になっていることを示しています。これらはLimitRangeによって課される制約を満たしています。
+
+
+```yaml
+resources:
+  limits:
+     memory: 800Mi
+  requests:
+    memory: 600Mi
+```
+
+Podを消します。
+
+```shell
+kubectl delete pod constraints-mem-demo --namespace=constraints-mem-example
+```
+
+## 最大メモリ制約を超えるPodの作成の試み
+
+これは、1つのコンテナを持つPodの設定ファイルです。コンテナは800MiBのメモリー要求と1.5GiBのメモリー制限を指定しています。
+
+
+{{< codenew file="admin/resource/memory-constraints-pod-2.yaml" >}}
+
+Podを作成してみます。
+
+```shell
+kubectl apply -f https://k8s.io/examples/admin/resource/memory-constraints-pod-2.yaml --namespace=constraints-mem-example
+```
+
+出力は、コンテナが大きすぎるメモリー制限を指定しているため、Podが作成されないことを示しています。
+
+
+```
+Error from server (Forbidden): error when creating "examples/admin/resource/memory-constraints-pod-2.yaml":
+pods "constraints-mem-demo-2" is forbidden: maximum memory usage per Container is 1Gi, but limit is 1536Mi.
+```
+
+## 最低限のメモリ要求を満たさないPodの作成の試み
+
+
+これは、1つのコンテナを持つPodの設定ファイルです。コンテナは100MiBのメモリー要求と800MiBのメモリー制限を指定しています。
+
+
+{{< codenew file="admin/resource/memory-constraints-pod-3.yaml" >}}
+
+Podを作成してみます。
+
+```shell
+kubectl apply -f https://k8s.io/examples/admin/resource/memory-constraints-pod-3.yaml --namespace=constraints-mem-example
+```
+
+出力は、コンテナが小さすぎるメモリー要求を指定しているため、Podが作成されないことを示しています。
+
+```
+Error from server (Forbidden): error when creating "examples/admin/resource/memory-constraints-pod-3.yaml":
+pods "constraints-mem-demo-3" is forbidden: minimum memory usage per Container is 500Mi, but request is 100Mi.
+```
+
+## メモリ要求や制限を指定しないPodの作成
+
+
+これは、1つのコンテナを持つPodの設定ファイルです。コンテナはメモリー要求を指定しておらず、メモリー制限も指定していません。
+
+{{< codenew file="admin/resource/memory-constraints-pod-4.yaml" >}}
+
+Podを作成します。
+
+```shell
+kubectl apply -f https://k8s.io/examples/admin/resource/memory-constraints-pod-4.yaml --namespace=constraints-mem-example
+```
+
+Podの詳細情報を見ます
+
+```
+kubectl get pod constraints-mem-demo-4 --namespace=constraints-mem-example --output=yaml
+```
+
+出力を見ると、Podのコンテナのメモリ要求は1GiB、メモリー制限は1GiBであることがわかります。
+コンテナはどのようにしてこれらの値を取得したのでしょうか？
+
+
+```
+resources:
+  limits:
+    memory: 1Gi
+  requests:
+    memory: 1Gi
+```
+
+コンテナが独自のメモリー要求と制限を指定していなかったため、LimitRangeから与えられのです。
+コンテナが独自のメモリー要求と制限を指定していなかったため、LimitRangeから[デフォルトのメモリー要求と制限](/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/)が与えられたのです。
+
+この時点で、コンテナは起動しているかもしれませんし、起動していないかもしれません。このタスクの前提条件は、ノードが少なくとも1GiBのメモリーを持っていることであることを思い出してください。それぞれのノードが1GiBのメモリーしか持っていない場合、どのノードにも1GiBのメモリー要求に対応するのに十分な割り当て可能なメモリーがありません。たまたま2GiBのメモリーを持つノードを使用しているのであれば、おそらく1GiBのメモリーリクエストに対応するのに十分なスペースを持っていることになります。
+
+
+Podを削除します。
+
+```
+kubectl delete pod constraints-mem-demo-4 --namespace=constraints-mem-example
+```
+
+## 最小および最大メモリー制約の強制
+
+LimitRangeによってNamespaceに課される最大および最小のメモリー制約は、Podが作成または更新されたときにのみ適用されます。LimitRangeを変更しても、以前に作成されたPodには影響しません。
+
+
+## 最小・最大メモリー制約の動機
+
+
+クラスター管理者としては、Podが使用できるメモリー量に制限を課したいと思うかもしれません。
+
+
+例:
+
+* クラスター内の各ノードは2GBのメモリーを持っています。クラスタ内のどのノードもその要求をサポートできないため、2GB以上のメモリーを要求するPodは受け入れたくありません。
+
+
+* クラスターは運用部門と開発部門で共有されています。 本番用のワークロードでは最大8GBのメモリーを消費しますが、開発用のワークロードでは512MBに制限したいとします。本番用と開発用に別々のNamespaceを作成し、それぞれのNamespaceにメモリー制限を適用します。
+
+## クリーンアップ
+
+Namespaceを削除します。
+
+```shell
+kubectl delete namespace constraints-mem-example
+```
+
+
+
+## {{% heading "whatsnext" %}}
+
+
+### クラスター管理者向け
+
+* [名前空間に対するデフォルトのメモリー要求と制限の構成](/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/)
+
+* [名前空間に対するデフォルトのCPU要求と制限の構成](/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/)
+
+* [名前空間に対する最小および最大CPU制約の構成](/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace/)
+
+* [名前空間に対するメモリーとCPUのクォータの構成](/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/)
+
+* [名前空間に対するPodクォータの設定](/docs/tasks/administer-cluster/manage-resources/quota-pod-namespace/)
+
+* [APIオブジェクトのクォータの設定](/docs/tasks/administer-cluster/quota-api-object/)
+
+### アプリケーション開発者向け
+
+* [コンテナとPodへのメモリーリソースの割り当て](/docs/tasks/configure-pod-container/assign-memory-resource/)
+
+* [コンテナとPodへのCPUリソースの割り当て](/docs/tasks/configure-pod-container/assign-cpu-resource/)
+
+* [PodのQoS(サービス品質)を設定](/docs/tasks/configure-pod-container/quality-service-pod/)
diff --git a/content/ko/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md b/content/ko/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md
index de7d44ecad..b7550a3d83 100644
--- a/content/ko/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md
+++ b/content/ko/blog/_posts/2020-12-02-dont-panic-kubernetes-and-docker.md
@@ -70,7 +70,7 @@ containerd가 정말 필요로 하는 것들을 확보하기 위해서 도커심
 컨테이너 런타임을 도커에서 지원되는 다른 컨테이너 런타임으로 변경하기만 하면 됩니다.
 
 참고할 사항 한 가지: 현재 클러스터 내 워크플로의 일부가 기본 도커 소켓
-(/var/run/docker.sock)에 의존하고 있는 경우, 다른
+(`/var/run/docker.sock`)에 의존하고 있는 경우, 다른
 런타임으로 전환하는 것은 해당 워크플로의 사용에 문제를 일으킵니다. 이 패턴은 종종
 도커 내의 도커라고 합니다. 이런 특정 유스케이스에 대해서
 [kaniko](https://github.com/GoogleContainerTools/kaniko),
@@ -82,11 +82,11 @@ containerd가 정말 필요로 하는 것들을 확보하기 위해서 도커심
 
 이 변경 사항은 사람들(folks)이 보통 도커와 상호 작용하는 데 사용하는 것과는 다른 환경을
 제시합니다. 개발에 사용하는 도커의 설치는 쿠버네티스 클러스터 내의
-도커 런타임과 관련이 없습니다. 혼란스럽죠, 우리도 알고 있습니다. 개발자에게
-도커는 이 변경 사항이 발표되기 전과 마찬가지로 여전히
+도커 런타임과 관련이 없습니다. 혼란스럽죠, 우리도 알고 있습니다.
+개발자에게 도커는 이 변경 사항이 발표되기 전과 마찬가지로 여전히
 유용합니다. 도커가 생성하는 이미지는 실제로는
 도커에만 특정된 이미지가 아니라 OCI([Open Container Initiative](https://opencontainers.org/)) 이미지입니다.
-모든 OCI 호환 이미지는 해당 이미지를 빌드하는 데 사용하는 도구에 관계없이 
+모든 OCI 호환 이미지는 해당 이미지를 빌드하는 데 사용하는 도구에 관계없이
 쿠버네티스에서 동일하게 보입니다. [containerd](https://containerd.io/)와
 [CRI-O](https://cri-o.io/)는 모두 해당 이미지를 가져와 실행하는 방법을 알고 있습니다. 이것이
 컨테이너가 어떤 모습이어야 하는지에 대한 표준이 있는 이유입니다.
@@ -98,7 +98,7 @@ containerd가 정말 필요로 하는 것들을 확보하기 위해서 도커심
 혼란스럽더라도 괜찮습니다. 이에 대해서 많은 일이 진행되고 있습니다. 쿠버네티스에는 변화되는
 부분이 많이 있고, 이에 대해 100% 전문가는 없습니다. 경험 수준이나
 복잡성에 관계없이 어떤 질문이든 하시기 바랍니다! 우리의 목표는
-모든 사람이 다가오는 변경 사항에 대해 최대한 많은 교육을 받을 수 있도록 하는 것입니다. `<3` 이 글이
-여러분이 가지는 대부분의 질문에 대한 답이 되었고, 불안을 약간은 진정시켰기를 바랍니다!
+모든 사람이 다가오는 변경 사항에 대해 최대한 많은 교육을 받을 수 있도록 하는 것입니다. 이 글이
+여러분이 가지는 대부분의 질문에 대한 답이 되었고, 불안을 약간은 진정시켰기를 바랍니다! ❤️
 
 더 많은 답변을 찾고 계신가요? 함께 제공되는 [도커심 사용 중단 FAQ](/blog/2020/12/02/dockershim-faq/)를 확인하세요.
diff --git a/content/ko/docs/concepts/architecture/nodes.md b/content/ko/docs/concepts/architecture/nodes.md
index 18133b6577..c951d60ca8 100644
--- a/content/ko/docs/concepts/architecture/nodes.md
+++ b/content/ko/docs/concepts/architecture/nodes.md
@@ -7,10 +7,10 @@ weight: 10
 <!-- overview -->
 
 쿠버네티스는 컨테이너를 파드내에 배치하고 _노드_ 에서 실행함으로 워크로드를 구동한다.
-노드는 클러스터에 따라 가상 또는 물리적 머신일 수 있다. 각 노드에는
-{{< glossary_tooltip text="컨트롤 플레인" term_id="control-plane" >}}이라는
+노드는 클러스터에 따라 가상 또는 물리적 머신일 수 있다. 각 노드는
+{{< glossary_tooltip text="컨트롤 플레인" term_id="control-plane" >}}에 의해 관리되며
 {{< glossary_tooltip text="파드" term_id="pod" >}}를
-실행하는데 필요한 서비스가 포함되어 있다.
+실행하는데 필요한 서비스를 포함한다.
 
 일반적으로 클러스터에는 여러 개의 노드가 있으며, 학습 또는 리소스가 제한되는
 환경에서는 하나만 있을 수도 있다.
@@ -239,7 +239,7 @@ NodeStatus의 NodeReady 컨디션을 ConditionUnknown으로 업데이트 하는
 쿠버네티스 노드에서 보내는 하트비트는 노드의 가용성을 결정하는데 도움이 된다.
 
 하트비트의 두 가지 형태는 `NodeStatus` 와
-[리스(Lease) 오브젝트](/docs/reference/generated/kubernetes-api/{{< latest-version >}}/#lease-v1-coordination-k8s-io) 이다.
+[리스(Lease) 오브젝트](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#lease-v1-coordination-k8s-io)이다.
 각 노드에는 `kube-node-lease` 라는
 {{< glossary_tooltip term_id="namespace" text="네임스페이스">}} 에 관련된 리스 오브젝트가 있다.
 리스는 경량 리소스로, 클러스터가 확장될 때
@@ -355,4 +355,3 @@ Kubelet은 노드가 종료되는 동안 파드가 일반 [파드 종료 프로
 * 아키텍처 디자인 문서의 [노드](https://git.k8s.io/community/contributors/design-proposals/architecture/architecture.md#the-kubernetes-node)
   섹션을 읽어본다.
 * [테인트와 톨러레이션](/ko/docs/concepts/scheduling-eviction/taint-and-toleration/)을 읽어본다.
-
diff --git a/content/ko/docs/concepts/cluster-administration/certificates.md b/content/ko/docs/concepts/cluster-administration/certificates.md
index d7051e4145..7b71b9c344 100644
--- a/content/ko/docs/concepts/cluster-administration/certificates.md
+++ b/content/ko/docs/concepts/cluster-administration/certificates.md
@@ -34,7 +34,7 @@ weight: 20
     이름을 설정한다. `MASTER_CLUSTER_IP` 는 일반적으로 API 서버와
     컨트롤러 관리자 컴포넌트에 대해 `--service-cluster-ip-range` 인수로
     지정된 서비스 CIDR의 첫 번째 IP이다. `--days` 인수는 인증서가 만료되는
-    일 수를 설정하는데 사용된다. 
+    일 수를 설정하는데 사용된다.
     또한, 아래 샘플은 기본 DNS 이름으로 `cluster.local` 을
     사용한다고 가정한다.
 
@@ -130,11 +130,11 @@ weight: 20
     사용 중인 하드웨어 아키텍처 및 cfssl 버전에 따라 샘플
     명령을 조정해야 할 수도 있다.
 
-        curl -L https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssl_1.4.1_linux_amd64 -o cfssl
+        curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl_1.5.0_linux_amd64 -o cfssl
         chmod +x cfssl
-        curl -L https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssljson_1.4.1_linux_amd64 -o cfssljson
+        curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssljson_1.5.0_linux_amd64 -o cfssljson
         chmod +x cfssljson
-        curl -L https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssl-certinfo_1.4.1_linux_amd64 -o cfssl-certinfo
+        curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl-certinfo_1.5.0_linux_amd64 -o cfssl-certinfo
         chmod +x cfssl-certinfo
 1.  아티팩트(artifact)를 보유할 디렉터리를 생성하고 cfssl을 초기화한다.
 
@@ -248,5 +248,3 @@ done.
 `certificates.k8s.io` API를 사용해서
 [여기](/docs/tasks/tls/managing-tls-in-a-cluster)에
 설명된 대로 인증에 사용할 x509 인증서를 프로비전 할 수 있다.
-
-
diff --git a/content/ko/docs/concepts/configuration/overview.md b/content/ko/docs/concepts/configuration/overview.md
index 5e2047b367..6bcec1d6c0 100644
--- a/content/ko/docs/concepts/configuration/overview.md
+++ b/content/ko/docs/concepts/configuration/overview.md
@@ -1,4 +1,6 @@
 ---
+
+
 title: 구성 모범 사례
 content_type: concept
 weight: 10
@@ -67,6 +69,8 @@ DNS 서버는 새로운 `서비스`를 위한 쿠버네티스 API를 Watch하며
 
 오브젝트의 의도한 상태는 디플로이먼트에 의해 기술되며, 만약 그 스펙에 대한 변화가 _적용될_ 경우, 디플로이먼트 컨트롤러는 일정한 비율로 실제 상태를 의도한 상태로 변화시킨다.
 
+- 일반적인 활용 사례인 경우 [쿠버네티스 공통 레이블](/ko/docs/concepts/overview/working-with-objects/common-labels/)을 사용한다. 이 표준화된 레이블은 `kubectl` 및 [대시보드](/ko/docs/tasks/access-application-cluster/web-ui-dashboard)와 같은 도구들이 상호 운용이 가능한 방식으로 동작할 수 있도록 메타데이터를 향상시킨다.
+
 - 디버깅을 위해 레이블을 조작할 수 있다. (레플리카셋과 같은) 쿠버네티스 컨트롤러와 서비스는 셀렉터 레이블을 사용해 파드를 선택하기 때문에, 관련된 레이블을 파드에서 삭제하는 것은 컨트롤러로부터 관리되거나 서비스로부터 트래픽을 전달받는 것을 중단시킨다. 만약 이미 존재하는 파드의 레이블을 삭제한다면, 파드의 컨트롤러는 그 자리를 대신할 새로운 파드를 생성한다. 이것은 이전에 "살아 있는" 파드를 "격리된" 환경에서 디버그할 수 있는 유용한 방법이다. 레이블을 상호적으로 추가하고 삭제하기 위해서, [`kubectl label`](/docs/reference/generated/kubectl/kubectl-commands#label)를 사용할 수 있다.
 
 ## 컨테이너 이미지
diff --git a/content/ko/docs/concepts/configuration/secret.md b/content/ko/docs/concepts/configuration/secret.md
index f120b0002d..e5466b8dec 100644
--- a/content/ko/docs/concepts/configuration/secret.md
+++ b/content/ko/docs/concepts/configuration/secret.md
@@ -767,7 +767,7 @@ immutable: true
 `imagePullSecrets` 필드는 동일한 네임스페이스의 시크릿에 대한 참조 목록이다.
 `imagePullSecretsDocker` 를 사용하여 도커(또는 다른 컨테이너) 이미지 레지스트리
 비밀번호가 포함된 시크릿을 kubelet에 전달할 수 있다. kubelet은 이 정보를 사용해서 파드를 대신하여 프라이빗 이미지를 가져온다.
-`imagePullSecrets` 필드에 대한 자세한 정보는 [PodSpec API](/docs/reference/generated/kubernetes-api/{{< latest-version >}}/#podspec-v1-core)를 참고한다.
+`imagePullSecrets` 필드에 대한 자세한 정보는 [PodSpec API](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core)를 참고한다.
 
 #### imagePullSecret 수동으로 지정하기
 
diff --git a/content/ko/docs/concepts/containers/runtime-class.md b/content/ko/docs/concepts/containers/runtime-class.md
index 674f47b32a..b31cabe888 100644
--- a/content/ko/docs/concepts/containers/runtime-class.md
+++ b/content/ko/docs/concepts/containers/runtime-class.md
@@ -1,4 +1,7 @@
 ---
+
+
+
 title: 런타임클래스(RuntimeClass)
 content_type: concept
 weight: 20
@@ -34,10 +37,10 @@ weight: 20
 
 런타임클래스 기능 게이트가 활성화(기본값)된 것을 확인한다.
 기능 게이트 활성화에 대한 설명은 [기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)를
-참고한다. `RuntimeClass` 기능 게이트는 apiservers _및_ kubelets에서 활성화되어야 한다.
+참고한다. `RuntimeClass` 기능 게이트는 API 서버 _및_ kubelets에서 활성화되어야 한다.
 
-1. CRI 구현(implementation)을 노드에 설정(런타임에 따라서)
-2. 상응하는 런타임클래스 리소스 생성
+1. CRI 구현(implementation)을 노드에 설정(런타임에 따라서).
+2. 상응하는 런타임클래스 리소스 생성.
 
 ### 1. CRI 구현을 노드에 설정
 
@@ -48,7 +51,7 @@ weight: 20
 {{< note >}}
 런타임클래스는 기본적으로 클러스터 전체에 걸쳐 동질의 노드 설정
 (모든 노드가 컨테이너 런타임에 준하는 동일한 방식으로 설정되었음을 의미)을 가정한다.
-이종의(heterogenous) 노드 설정을 지원하기 위해서는, 아래 [스케줄](#스케줄)을 참고한다.
+이종의(heterogeneous) 노드 설정을 지원하기 위해서는, 아래 [스케줄](#스케줄)을 참고한다.
 {{< /note >}}
 
 해당 설정은 상응하는 `handler` 이름을 가지며, 이는 런타임클래스에 의해서 참조된다.
@@ -95,7 +98,7 @@ spec:
   # ...
 ```
 
-이것은 Kubelet이 지명된 런타임클래스를 사용하여 해당 파드를 실행하도록 지시할 것이다.
+이것은 kubelet이 지명된 런타임클래스를 사용하여 해당 파드를 실행하도록 지시할 것이다.
 만약 지명된 런타임클래스가 없거나, CRI가 상응하는 핸들러를 실행할 수 없는 경우, 파드는
 `Failed` 터미널 [단계](/ko/docs/concepts/workloads/pods/pod-lifecycle/#파드의-단계-phase)로 들어간다.
 에러 메시지에 상응하는 [이벤트](/docs/tasks/debug-application-cluster/debug-application-introspection/)를
diff --git a/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
index 56230e5911..5f58604cd7 100644
--- a/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
+++ b/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
@@ -1,4 +1,5 @@
 ---
+
 title: 장치 플러그인
 description: GPU, NIC, FPGA, InfiniBand 및 공급 업체별 설정이 필요한 유사한 리소스를 위한 플러그인을 구현하는데 쿠버네티스 장치 플러그인 프레임워크를 사용한다.
 content_type: concept
@@ -199,7 +200,7 @@ gRPC 서비스는 `/var/lib/kubelet/pod-resources/kubelet.sock` 의 유닉스 
 장치 플러그인 리소스에 대한 모니터링 에이전트는 데몬 또는 데몬셋으로 배포할 수 있다.
 표준 디렉터리 `/var/lib/kubelet/pod-resources` 에는 특권을 가진 접근이 필요하므로, 모니터링
 에이전트는 특권을 가진 ​​보안 컨텍스트에서 실행해야 한다. 장치 모니터링 에이전트가
-데몬셋으로 실행 중인 경우, 플러그인의 [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core)에서
+데몬셋으로 실행 중인 경우, 해당 장치 모니터링 에이전트의 [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core)에서
 `/var/lib/kubelet/pod-resources` 를
 {{< glossary_tooltip text="볼륨" term_id="volume" >}}으로 마운트해야 한다.
 
diff --git a/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md b/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md
index 76c2bdd003..7542ac0add 100644
--- a/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md
+++ b/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins.md
@@ -155,5 +155,5 @@ AWS에서 `eth0` MTU는 일반적으로 9001이므로, `--network-plugin-mtu=900
 ## 용법 요약
 
 * `--network-plugin=cni` 는 `--cni-bin-dir`(기본값 `/opt/cni/bin`)에 있는 실제 CNI 플러그인 바이너리와 `--cni-conf-dir`(기본값 `/etc/cni/net.d`)에 있는 CNI 플러그인 구성과 함께 `cni` 네트워크 플러그인을 사용하도록 지정한다.
-* `--network-plugin=kubenet` 은 `/opt/cni/bin` 또는 `cni-bin-dir` 에 있는 CNI `bridge` 및 `host-local` 플러그인과 함께 kubenet 네트워크 플러그인을 사용하도록 지정한다.
+* `--network-plugin=kubenet` 은 `/opt/cni/bin` 또는 `cni-bin-dir` 에 있는 CNI `bridge`, `lo` 및 `host-local` 플러그인과 함께 `kubenet` 네트워크 플러그인을 사용하도록 지정한다.
 * 현재 kubenet 네트워크 플러그인에서만 사용하는 `--network-plugin-mtu=9001` 은 사용할 MTU를 지정한다.
diff --git a/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md
index edbe7daf39..ebbc00f91e 100644
--- a/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md
+++ b/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md
@@ -1,4 +1,8 @@
 ---
+
+
+
+
 title: 노드에 파드 할당하기
 content_type: concept
 weight: 50
@@ -62,7 +66,7 @@ spec:
 {{< codenew file="pods/pod-nginx.yaml" >}}
 
 그런 다음에 `kubectl apply -f https://k8s.io/examples/pods/pod-nginx.yaml` 을
-실행하면, 레이블이 붙여진 노드에 파드가 스케줄 된다.
+실행하면, 레이블이 붙여진 노드에 파드가 스케줄된다.
 `kubectl get pods -o wide` 를 실행해서 파드가 할당된
 "NODE" 를 보면 작동하는지 검증할 수 있다.
 
@@ -100,7 +104,7 @@ spec:
 1. 어피니티/안티-어피니티 언어가 더 표현적이다. 언어는 논리 연산자인 AND 연산으로 작성된
    정확한 매칭 항목 이외에 더 많은 매칭 규칙을 제공한다.
 2. 규칙이 엄격한 요구 사항이 아니라 "유연한(soft)"/"선호(preference)" 규칙을 나타낼 수 있기에 스케줄러가 규칙을 만족할 수 없더라도,
-   파드가 계속 스케줄 되도록 한다.
+   파드가 계속 스케줄되도록 한다.
 3. 노드 자체에 레이블을 붙이기보다는 노드(또는 다른 토폴로지 도메인)에서 실행 중인 다른 파드의 레이블을 제한할 수 있다.
    이를 통해 어떤 파드가 함께 위치할 수 있는지와 없는지에 대한 규칙을 적용할 수 있다.
 
@@ -115,7 +119,7 @@ spec:
 스케줄할 수 있는 노드를 제한할 수 있다.
 
 여기에 현재 `requiredDuringSchedulingIgnoredDuringExecution` 와 `preferredDuringSchedulingIgnoredDuringExecution` 로 부르는
-두 가지 종류의 노드 어피니티가 있다. 전자는 파드가 노드에 스케줄 되도록 *반드시*
+두 가지 종류의 노드 어피니티가 있다. 전자는 파드가 노드에 스케줄되도록 *반드시*
 규칙을 만족해야 하는 것(`nodeSelector` 와 같으나 보다 표현적인 구문을 사용해서)을 지정하고,
 후자는 스케줄러가 시도하려고는 하지만, 보증하지 않는 *선호(preferences)* 를 지정한다는 점에서
 이를 각각 "엄격함(hard)" 과 "유연함(soft)" 으로 생각할 수 있다.
@@ -143,14 +147,14 @@ spec:
 `NotIn` 과 `DoesNotExist` 를 사용해서 안티-어피니티를 수행하거나,
 특정 노드에서 파드를 쫓아내는 [노드 테인트(taint)](/ko/docs/concepts/scheduling-eviction/taint-and-toleration/)를 설정할 수 있다.
 
-`nodeSelector` 와 `nodeAffinity` 를 모두 지정한다면 파드가 후보 노드에 스케줄 되기 위해서는
+`nodeSelector` 와 `nodeAffinity` 를 모두 지정한다면 파드가 후보 노드에 스케줄되기 위해서는
 *둘 다* 반드시 만족해야 한다.
 
-`nodeAffinity` 유형과 연관된 `nodeSelectorTerms` 를 지정하면, 파드는 `nodeSelectorTerms` 를 **모두** 만족하는 노드에만 스케줄할 수 있다.
+`nodeAffinity` 유형과 연관된 `nodeSelectorTerms` 를 지정하면, `nodeSelectorTerms` 중 **하나라도** 만족시키는 노드에 파드가 스케줄된다.
 
-`nodeSelectorTerms` 와 연관된 여러 `matchExpressions` 를 지정하면, 파드는 `matchExpressions` 이 지정된 것 중 **한 가지**라도 만족하는 노드에만 스케줄할 수 있다.
+`nodeSelectorTerms` 와 연관된 여러 `matchExpressions` 를 지정하면, 파드는 `matchExpressions` 를 **모두** 만족하는 노드에만 스케줄된다.
 
-파드가 스케줄 된 노드의 레이블을 지우거나 변경해도 파드는 제거되지 않는다. 다시 말해서 어피니티 선택은 파드를 스케줄링 하는 시점에만 작동한다.
+파드가 스케줄된 노드의 레이블을 지우거나 변경해도 파드는 제거되지 않는다. 다시 말해서 어피니티 선택은 파드를 스케줄링 하는 시점에만 작동한다.
 
 `preferredDuringSchedulingIgnoredDuringExecution` 의 `weight` 필드의 범위는 1-100이다. 모든 스케줄링 요구 사항 (리소스 요청, RequiredDuringScheduling 어피니티 표현식 등)을 만족하는 각 노드들에 대해 스케줄러는 이 필드의 요소들을 반복해서 합계를 계산하고 노드가 MatchExpressions 에 일치하는 경우 합계에 "가중치(weight)"를 추가한다. 이후에 이 점수는 노드에 대한 다른 우선순위 함수의 점수와 합쳐진다. 전체 점수가 가장 높은 노드를 가장 선호한다.
 
@@ -158,9 +162,9 @@ spec:
 
 {{< feature-state for_k8s_version="v1.20" state="beta" >}}
 
-여러 [스케줄링 프로파일](/ko/docs/reference/scheduling/config/#여러-프로파일)을 구성할 때 
+여러 [스케줄링 프로파일](/ko/docs/reference/scheduling/config/#여러-프로파일)을 구성할 때
 노드 어피니티가 있는 프로파일을 연결할 수 있는데, 이는 프로파일이 특정 노드 집합에만 적용되는 경우 유용하다.
-이렇게 하려면 [스케줄러 구성](/ko/docs/reference/scheduling/config/)에 있는 
+이렇게 하려면 [스케줄러 구성](/ko/docs/reference/scheduling/config/)에 있는
 [`NodeAffinity` 플러그인](/ko/docs/reference/scheduling/config/#스케줄링-플러그인-1)의 인수에 `addedAffinity`를 추가한다. 예를 들면
 
 ```yaml
@@ -183,15 +187,15 @@ profiles:
                   - foo
 ```
 
-`addedAffinity`는 `.spec.schedulerName`을 `foo-scheduler`로 설정하는 모든 파드에 적용되며 
+`addedAffinity`는 `.spec.schedulerName`을 `foo-scheduler`로 설정하는 모든 파드에 적용되며
 PodSpec에 지정된 NodeAffinity도 적용된다.
 즉, 파드를 매칭시키려면, 노드가 `addedAffinity`와 파드의 `.spec.NodeAffinity`를 충족해야 한다.
 
-`addedAffinity`는 엔드 유저에게 표시되지 않으므로, 예상치 못한 동작이 일어날 수 있다. 프로파일의 
+`addedAffinity`는 엔드 유저에게 표시되지 않으므로, 예상치 못한 동작이 일어날 수 있다. 프로파일의
 스케줄러 이름과 명확한 상관 관계가 있는 노드 레이블을 사용하는 것이 좋다.
 
 {{< note >}}
-[데몬셋용 파드를 생성](/ko/docs/concepts/workloads/controllers/daemonset/#기본-스케줄러로-스케줄)하는 데몬셋 컨트롤러는 
+[데몬셋용 파드를 생성](/ko/docs/concepts/workloads/controllers/daemonset/#기본-스케줄러로-스케줄)하는 데몬셋 컨트롤러는
 스케줄링 프로파일을 인식하지 못한다.
 따라서 `addedAffinity`없이 `default-scheduler`와 같은 스케줄러 프로파일을 유지하는 것이 좋다. 그런 다음 데몬셋의 파드 템플릿이 스케줄러 이름을 사용해야 한다.
 그렇지 않으면, 데몬셋 컨트롤러에 의해 생성된 일부 파드가 스케줄되지 않은 상태로 유지될 수 있다.
@@ -429,5 +433,3 @@ spec:
 파드가 노드에 할당되면 kubelet은 파드를 실행하고 노드의 로컬 리소스를 할당한다.
 [토폴로지 매니저](/docs/tasks/administer-cluster/topology-manager/)는
 노드 수준의 리소스 할당 결정에 참여할 수 있다.
-
-
diff --git a/content/ko/docs/concepts/scheduling-eviction/pod-overhead.md b/content/ko/docs/concepts/scheduling-eviction/pod-overhead.md
index 29ab845af2..0f474338d9 100644
--- a/content/ko/docs/concepts/scheduling-eviction/pod-overhead.md
+++ b/content/ko/docs/concepts/scheduling-eviction/pod-overhead.md
@@ -26,7 +26,7 @@ _파드 오버헤드_ 는 컨테이너 리소스 요청과 상한 위에서 파
 이 수행될 때 지정된다.
 
 파드 오버헤드가 활성화 되면, 파드를 노드에 스케줄링 할 때 컨테이너 리소스 요청의 합에
-파드의 오버헤드를 추가해서 스케줄링을 고려한다. 마찬가지로, Kubelet은 파드의 cgroups 크기를 변경하거나
+파드의 오버헤드를 추가해서 스케줄링을 고려한다. 마찬가지로, kubelet은 파드의 cgroups 크기를 변경하거나
 파드의 축출 등급을 부여할 때에도 파드의 오버헤드를 포함하여 고려한다.
 
 ## 파드 오버헤드 활성화하기 {#set-up}
@@ -190,4 +190,4 @@ sudo crictl inspectp -o=json $POD_ID | grep cgroupsPath
 
 
 * [런타임클래스](/ko/docs/concepts/containers/runtime-class/)
-* [파드오버헤드 디자인](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190226-pod-overhead.md)
+* [파드오버헤드 디자인](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/688-pod-overhead)
diff --git a/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md b/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md
index 124f009020..f23396d936 100644
--- a/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md
+++ b/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md
@@ -1,4 +1,8 @@
 ---
+
+
+
+
 title: 확장된 리소스를 위한 리소스 빈 패킹(bin packing)
 content_type: concept
 weight: 50
@@ -8,8 +12,9 @@ weight: 50
 
 {{< feature-state for_k8s_version="v1.16" state="alpha" >}}
 
-kube-scheduler는 `RequestedToCapacityRatioResourceAllocation` 우선 순위 기능을 사용해서
-확장된 리소스와 함께 리소스의 빈 패킹이 가능하도록 구성할 수 있다. 우선 순위 기능을 사용해서 맞춤 요구에 따라
+kube-scheduler는 `RequestedToCapacityRatioResourceAllocation`
+우선 순위 기능을 사용해서 확장된 리소스와 함께 리소스의 빈 패킹이 가능하도록
+구성할 수 있다. 우선 순위 기능을 사용해서 맞춤 요구에 따라
 kube-scheduler를 미세 조정할 수 있다.
 
 <!-- body -->
diff --git a/content/ko/docs/concepts/services-networking/ingress-controllers.md b/content/ko/docs/concepts/services-networking/ingress-controllers.md
index 7690669757..3af939488e 100644
--- a/content/ko/docs/concepts/services-networking/ingress-controllers.md
+++ b/content/ko/docs/concepts/services-networking/ingress-controllers.md
@@ -17,7 +17,6 @@ kube-controller-manager 바이너리의 일부로 실행되는 컨트롤러의 
   [nginx](https://git.k8s.io/ingress-nginx/README.md#readme) 인그레스 컨트롤러를 지원하고 유지한다.
 
 
-
 <!-- body -->
 
 ## 추가 컨트롤러
@@ -27,6 +26,7 @@ kube-controller-manager 바이너리의 일부로 실행되는 컨트롤러의 
 * [AKS 애플리케이션 게이트웨이 인그레스 컨트롤러] (https://azure.github.io/application-gateway-kubernetes-ingress/)는 [Azure 애플리케이션 게이트웨이](https://docs.microsoft.com)를 구성하는 인그레스 컨트롤러다.
 * [Ambassador](https://www.getambassador.io/) API 게이트웨이는 [Envoy](https://www.envoyproxy.io) 기반 인그레스
   컨트롤러다.
+* [Avi 쿠버네티스 오퍼레이터](https://github.com/vmware/load-balancer-and-ingress-services-for-kubernetes)는 [VMware NSX Advanced Load Balancer](https://avinetworks.com/)을 사용하는 L4-L7 로드 밸런싱을 제공한다.
 * [Citrix 인그레스 컨트롤러](https://github.com/citrix/citrix-k8s-ingress-controller#readme)는
   Citrix 애플리케이션 딜리버리 컨트롤러에서 작동한다.
 * [Contour](https://projectcontour.io/)는 [Envoy](https://www.envoyproxy.io/) 기반 인그레스 컨트롤러다.
@@ -73,4 +73,3 @@ kube-controller-manager 바이너리의 일부로 실행되는 컨트롤러의 
 
 * [인그레스](/ko/docs/concepts/services-networking/ingress/)에 대해 자세히 알아보기.
 * [NGINX 컨트롤러로 Minikube에서 인그레스를 설정하기](/docs/tasks/access-application-cluster/ingress-minikube).
-
diff --git a/content/ko/docs/concepts/services-networking/network-policies.md b/content/ko/docs/concepts/services-networking/network-policies.md
index be145f78c9..d7872b1d92 100644
--- a/content/ko/docs/concepts/services-networking/network-policies.md
+++ b/content/ko/docs/concepts/services-networking/network-policies.md
@@ -1,4 +1,8 @@
 ---
+
+
+
+
 title: 네트워크 정책
 content_type: concept
 weight: 50
@@ -31,6 +35,8 @@ pod- 또는 namespace- 기반의 네트워크폴리시를 정의할 때, {{< glo
 
 네트워크 정책은 충돌하지 않으며, 추가된다. 만약 어떤 정책 또는 정책들이 파드를 선택하면, 해당 정책의 인그레스(수신)/이그레스(송신) 규칙을 통합하여 허용되는 범위로 파드가 제한된다. 따라서 평가 순서는 정책 결과에 영향을 미치지 않는다.
 
+두 파드간 네트워크 흐름을 허용하기 위해서는, 소스 파드의 이그레스 정책과 목적지 파드의 인그레스 정책 모두가 해당 트래픽을 허용해야 한다. 만약 소스의 이그레스 정책이나 목적지의 인그레스 정책 중 한쪽이라도 트래픽을 거절하게 되어 있다면, 해당 트래픽은 거절될 것이다.
+
 ## 네트워크폴리시 리소스 {#networkpolicy-resource}
 
 리소스에 대한 전체 정의에 대한 참조는 [네트워크폴리시](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#networkpolicy-v1-networking-k8s-io) 를 본다.
diff --git a/content/ko/docs/concepts/services-networking/service.md b/content/ko/docs/concepts/services-networking/service.md
index 3270c498aa..da9d353d6f 100644
--- a/content/ko/docs/concepts/services-networking/service.md
+++ b/content/ko/docs/concepts/services-networking/service.md
@@ -1,4 +1,6 @@
 ---
+
+
 title: 서비스
 feature:
   title: 서비스 디스커버리와 로드 밸런싱
@@ -204,10 +206,10 @@ API 리소스이다. 개념적으로 엔드포인트와 매우 유사하지만,
 {{< feature-state for_k8s_version="v1.20" state="stable" >}}
 
 `appProtocol` 필드는 각 서비스 포트에 대한 애플리케이션 프로토콜을 지정하는 방법을 제공한다.
-이 필드의 값은 해당 엔드포인트와 엔드포인트슬라이스 
+이 필드의 값은 해당 엔드포인트와 엔드포인트슬라이스
 오브젝트에 의해 미러링된다.
 
-이 필드는 표준 쿠버네티스 레이블 구문을 따른다. 값은 
+이 필드는 표준 쿠버네티스 레이블 구문을 따른다. 값은
 [IANA 표준 서비스 이름](http://www.iana.org/assignments/service-names) 또는
 `mycompany.com/my-custom-protocol`과 같은 도메인 접두사 이름 중 하나여야 한다.
 
@@ -236,7 +238,7 @@ DNS 레코드를 구성하고, 라운드-로빈 이름 확인 방식을
 
 ### 유저 스페이스(User space) 프록시 모드 {#proxy-mode-userspace}
 
-이 모드에서는, kube-proxy는 쿠버네티스 마스터의 서비스, 엔드포인트 오브젝트의
+이 모드에서는, kube-proxy는 쿠버네티스 컨트롤 플레인의 서비스 및 엔드포인트 오브젝트의
 추가와 제거를 감시한다. 각 서비스는 로컬 노드에서
 포트(임의로 선택됨)를 연다. 이 "프록시 포트"에 대한 모든
 연결은 (엔드포인트를 통해 보고된 대로) 서비스의 백엔드 파드 중 하나로 프록시된다.
@@ -602,8 +604,8 @@ status:
 
 {{< feature-state for_k8s_version="v1.20" state="alpha" >}}
 
-기본적으로 로드밸런서 서비스 유형의 경우 둘 이상의 포트가 정의되어 있을 때 모든 
-포트는 동일한 프로토콜을 가져야 하며 프로토콜은 클라우드 공급자가 
+기본적으로 로드밸런서 서비스 유형의 경우 둘 이상의 포트가 정의되어 있을 때 모든
+포트는 동일한 프로토콜을 가져야 하며 프로토콜은 클라우드 공급자가
 지원하는 프로토콜이어야 한다.
 
 kube-apiserver에 대해 기능 게이트 `MixedProtocolLBService`가 활성화된 경우 둘 이상의 포트가 정의되어 있을 때 다른 프로토콜을 사용할 수 있다.
@@ -618,7 +620,7 @@ kube-apiserver에 대해 기능 게이트 `MixedProtocolLBService`가 활성화
 
 {{< feature-state for_k8s_version="v1.20" state="alpha" >}}
 
-v1.20부터는 `spec.allocateLoadBalancerNodePorts`필드를 `false`로 설정하여 서비스 Type=LoadBalancer에 
+v1.20부터는 `spec.allocateLoadBalancerNodePorts` 필드를 `false`로 설정하여 서비스 Type=LoadBalancer에
 대한 노드 포트 할당을 선택적으로 비활성화 할 수 있다.
 노드 포트를 사용하는 대신 트래픽을 파드로 직접 라우팅하는 로드 밸런서 구현에만 사용해야 한다.
 기본적으로 `spec.allocateLoadBalancerNodePorts`는 `true`이며 로드밸런서 서비스 유형은 계속해서 노드 포트를 할당한다.
@@ -1210,8 +1212,8 @@ IPVS는 로드 밸런싱을 위해 설계되었고 커널-내부 해시 테이
 
 {{< feature-state for_k8s_version="v1.20" state="stable" >}}
 
-SCTP 트래픽을 지원하는 네트워크 플러그인을 사용하는 경우 대부분의 서비스에 SCTP를 사용할 수 있다. 
-type=LoadBalancer 서비스의 경우 SCTP 지원은 이 기능을 제공하는 
+SCTP 트래픽을 지원하는 네트워크 플러그인을 사용하는 경우 대부분의 서비스에 SCTP를 사용할 수 있다.
+type=LoadBalancer 서비스의 경우 SCTP 지원은 이 기능을 제공하는
 클라우드 공급자에 따라 다르다. (대부분 그렇지 않음)
 
 #### 경고 {#caveat-sctp-overview}
diff --git a/content/ko/docs/concepts/storage/persistent-volumes.md b/content/ko/docs/concepts/storage/persistent-volumes.md
index 2b421c7fb2..9ce1eba6cf 100644
--- a/content/ko/docs/concepts/storage/persistent-volumes.md
+++ b/content/ko/docs/concepts/storage/persistent-volumes.md
@@ -1,4 +1,10 @@
 ---
+
+
+
+
+
+
 title: 퍼시스턴트 볼륨
 feature:
   title: 스토리지 오케스트레이션
@@ -225,7 +231,7 @@ spec:
 * Azure Disk
 * Portworx
 * FlexVolumes
-* CSI
+* {{< glossary_tooltip text="CSI" term_id="csi" >}}
 
 스토리지 클래스의 `allowVolumeExpansion` 필드가 true로 설정된 경우에만 PVC를 확장할 수 있다.
 
@@ -317,14 +323,14 @@ EBS 볼륨 확장은 시간이 많이 걸리는 작업이다. 또한 6시간마
 * [`gcePersistentDisk`](/ko/docs/concepts/storage/volumes/#gcepersistentdisk) - GCE Persistent Disk
 * [`glusterfs`](/ko/docs/concepts/storage/volumes/#glusterfs) - Glusterfs 볼륨
 * [`hostPath`](/ko/docs/concepts/storage/volumes/#hostpath) - HostPath 볼륨
-  (단일 노드 테스트 전용. 다중-노드 클러스터에서 작동하지 않음. 
+  (단일 노드 테스트 전용. 다중-노드 클러스터에서 작동하지 않음.
   대신 `로컬` 볼륨 사용 고려)
 * [`iscsi`](/ko/docs/concepts/storage/volumes/#iscsi) - iSCSI (SCSI over IP) 스토리지
-* [`local`](/ko/docs/concepts/storage/volumes/#local) - 노드에 마운트된 
+* [`local`](/ko/docs/concepts/storage/volumes/#local) - 노드에 마운트된
   로컬 스토리지 디바이스
 * [`nfs`](/ko/docs/concepts/storage/volumes/#nfs) - 네트워크 파일 시스템 (NFS) 스토리지
 * `photonPersistentDisk` - Photon 컨트롤러 퍼시스턴트 디스크.
-  (이 볼륨 유형은 해당 클라우드 공급자가 없어진 이후 더 이상 
+  (이 볼륨 유형은 해당 클라우드 공급자가 없어진 이후 더 이상
   작동하지 않는다.)
 * [`portworxVolume`](/ko/docs/concepts/storage/volumes/#portworxvolume) - Portworx 볼륨
 * [`quobyte`](/ko/docs/concepts/storage/volumes/#quobyte) - Quobyte 볼륨
diff --git a/content/ko/docs/concepts/storage/volume-snapshot-classes.md b/content/ko/docs/concepts/storage/volume-snapshot-classes.md
index 11708eeec5..e5b6002e6e 100644
--- a/content/ko/docs/concepts/storage/volume-snapshot-classes.md
+++ b/content/ko/docs/concepts/storage/volume-snapshot-classes.md
@@ -1,4 +1,11 @@
 ---
+
+
+
+
+
+
+
 title: 볼륨 스냅샷 클래스
 content_type: concept
 weight: 30
@@ -65,7 +72,7 @@ parameters:
 
 ### 삭제정책(DeletionPolicy)
 
-볼륨 스냅샷 클래스는 삭제정책을 가지고 있다. 바인딩된 볼륨스냅샷 오브젝트를 삭제할 때 VolumeSnapshotContent의 상황을 구성할 수 있다. 볼륨 스냅삿의 삭제정책은 `Retain` 또는 `Delete` 일 수 있다. 이 필드는 반드시 지정해야 한다.
+볼륨 스냅샷 클래스는 삭제정책을 가지고 있다. 바인딩된 볼륨스냅샷 오브젝트를 삭제할 때 VolumeSnapshotContent의 상황을 구성할 수 있다. 볼륨 스냅샷 클래스의 삭제정책은 `Retain` 또는 `Delete` 일 수 있다. 이 필드는 반드시 지정해야 한다.
 
 삭제정책이 `Delete` 인 경우 기본 스토리지 스냅샷이 VolumeSnapshotContent 오브젝트와 함께 삭제된다. 삭제정책이 `Retain` 인 경우 기본 스냅샷과 VolumeSnapshotContent 모두 유지된다.
 
diff --git a/content/ko/docs/concepts/workloads/controllers/garbage-collection.md b/content/ko/docs/concepts/workloads/controllers/garbage-collection.md
index a93b455948..a3ed4ea68d 100644
--- a/content/ko/docs/concepts/workloads/controllers/garbage-collection.md
+++ b/content/ko/docs/concepts/workloads/controllers/garbage-collection.md
@@ -150,9 +150,12 @@ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/replicasets/my-rep
 ```
 
 kubectl도 캐스케이딩 삭제를 지원한다.
-kubectl을 사용해서 종속 항목을 자동으로 삭제하려면 `--cascade` 를 true로 설정한다. 종속 항목을
-분리하기 위해서는 `--cascade` 를 false로 설정한다. `--cascade` 의 기본값은
-true 이다.
+
+kubectl을 사용해서 포어그라운드의 종속 항목을 삭제하려면 `--cascade=foreground` 를 설정한다. 종속 항목을
+분리하기 위해서는 `--cascade=orphan` 를 설정한다.
+
+기본 동작은 백그라운드의 종속 항목을 삭제하는 것이며,
+이는 `--cascade` 를 생략하거나 명시적으로 `background` 를 설정한 경우의 동작에 해당한다.
 
 여기에 레플리카셋의 종속 항목을 분리로 만드는 예시가 있다.
 
diff --git a/content/ko/docs/concepts/workloads/controllers/replicaset.md b/content/ko/docs/concepts/workloads/controllers/replicaset.md
index c5a6832fd9..8966029620 100644
--- a/content/ko/docs/concepts/workloads/controllers/replicaset.md
+++ b/content/ko/docs/concepts/workloads/controllers/replicaset.md
@@ -1,4 +1,8 @@
 ---
+
+
+
+
 title: 레플리카셋
 content_type: concept
 weight: 20
@@ -279,7 +283,7 @@ curl -X DELETE  'localhost:8080/apis/apps/v1/namespaces/default/replicasets/fron
 
 ### 레플리카셋만 삭제하기
 
-레플리카셋을 `--cascade=false` 옵션과 함께 [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete)를 사용하면 연관 파드에 영향을 주지 않고 삭제할 수 있다.
+레플리카셋을 `--cascade=orphan` 옵션과 함께 [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands#delete)를 사용하면 연관 파드에 영향을 주지 않고 삭제할 수 있다.
 REST API 또는 `client-go` 라이브러리를 이용할 때는 `propagationPolicy`에 `Orphan`을 설정해야 한다.
 예시:
 ```shell
diff --git a/content/ko/docs/concepts/workloads/controllers/replicationcontroller.md b/content/ko/docs/concepts/workloads/controllers/replicationcontroller.md
index 5c5b5c750f..9c3450851a 100644
--- a/content/ko/docs/concepts/workloads/controllers/replicationcontroller.md
+++ b/content/ko/docs/concepts/workloads/controllers/replicationcontroller.md
@@ -1,4 +1,7 @@
 ---
+
+
+
 title: 레플리케이션 컨트롤러
 feature:
   title: 자가 치유
@@ -51,15 +54,17 @@ kubectl 명령에서 숏컷으로 사용된다.
 ```shell
 kubectl apply -f https://k8s.io/examples/controllers/replication.yaml
 ```
+출력 결과는 다음과 같다.
 ```
 replicationcontroller/nginx created
 ```
 
-다음 명령을 사용하여 레플리케이션 컨트롤러의 상태를 확인하라.
+다음 명령을 사용하여 레플리케이션 컨트롤러의 상태를 확인하자.
 
 ```shell
 kubectl describe replicationcontrollers/nginx
 ```
+출력 결과는 다음과 같다.
 ```
 Name:        nginx
 Namespace:   default
@@ -98,6 +103,7 @@ Pods Status:    3 Running / 0 Waiting / 0 Succeeded / 0 Failed
 pods=$(kubectl get pods --selector=app=nginx --output=jsonpath={.items..metadata.name})
 echo $pods
 ```
+출력 결과는 다음과 같다.
 ```
 nginx-3ntk0 nginx-4ok8v nginx-qrm3m
 ```
diff --git a/content/ko/docs/concepts/workloads/pods/_index.md b/content/ko/docs/concepts/workloads/pods/_index.md
index 265f971816..8645053bef 100644
--- a/content/ko/docs/concepts/workloads/pods/_index.md
+++ b/content/ko/docs/concepts/workloads/pods/_index.md
@@ -15,8 +15,7 @@ card:
 _파드(Pod)_ 는 쿠버네티스에서 생성하고 관리할 수 있는 배포 가능한 가장 작은 컴퓨팅 단위이다.
 
 _파드_ (고래 떼(pod of whales)나 콩꼬투리(pea pod)와 마찬가지로)는 하나 이상의
-[컨테이너](/ko/docs/concepts/containers/)의 그룹이다.
-이 그룹은 스토리지/네트워크를 공유하고, 해당 컨테이너를 구동하는 방식에 대한 명세를 갖는다. 파드의 콘텐츠는 항상 함께 배치되고,
+[컨테이너](/ko/docs/concepts/containers/)의 그룹이다. 이 그룹은 스토리지 및 네트워크를 공유하고, 해당 컨테이너를 구동하는 방식에 대한 명세를 갖는다. 파드의 콘텐츠는 항상 함께 배치되고,
 함께 스케줄되며, 공유 콘텍스트에서 실행된다. 파드는
 애플리케이션 별 "논리 호스트"를 모델링한다. 여기에는 상대적으로 밀접하게 결합된 하나 이상의
 애플리케이션 컨테이너가 포함된다.
@@ -217,7 +216,8 @@ spec:
   허용한다.
 
   1. 지정되지 않은 필드를 양수로 설정;
-  1. 필드의 양수를 음수가 아닌 더 작은 숫자로 갱신.
+  1. 필드의 양수를 음수가 아닌 더 작은 숫자로
+     갱신.
 
 ## 리소스 공유와 통신
 
@@ -294,9 +294,10 @@ kubelet은 자동으로 각 정적 파드에 대한 쿠버네티스 API 서버
   오브젝트 정의는 오브젝트를 상세히 설명한다.
 * [분산 시스템 툴킷: 컴포지트 컨테이너에 대한 패턴](https://kubernetes.io/blog/2015/06/the-distributed-system-toolkit-patterns)은 둘 이상의 컨테이너가 있는 파드의 일반적인 레이아웃을 설명한다.
 
-쿠버네티스가 다른 리소스({{< glossary_tooltip text="스테이트풀셋" term_id="statefulset" >}}이나 {{< glossary_tooltip text="디플로이먼트" term_id="deployment" >}}와 같은)에서 공통 파드 API를 래핑하는 이유에 대한 콘텍스트를 이해하기 위해서, 다음을 포함한 선행 기술에 대해 읽어볼 수 있다.
-  * [Aurora](http://aurora.apache.org/documentation/latest/reference/configuration/#job-schema)
-  * [Borg](https://research.google.com/pubs/pub43438.html)
-  * [Marathon](https://mesosphere.github.io/marathon/docs/rest-api.html)
-  * [Omega](https://research.google/pubs/pub41684/)
-  * [Tupperware](https://engineering.fb.com/data-center-engineering/tupperware/).
+쿠버네티스가 다른 리소스({{< glossary_tooltip text="스테이트풀셋" term_id="statefulset" >}}이나 {{< glossary_tooltip text="디플로이먼트" term_id="deployment" >}}와 같은)에서 공통 파드 API를 래핑하는 이유에 대한 콘텍스트를 이해하기 위해서, 다음과 같은 선행 기술에 대해 읽어볼 수 있다.
+
+* [Aurora](https://aurora.apache.org/documentation/latest/reference/configuration/#job-schema)
+* [Borg](https://research.google.com/pubs/pub43438.html)
+* [Marathon](https://mesosphere.github.io/marathon/docs/rest-api.html)
+* [Omega](https://research.google/pubs/pub41684/)
+* [Tupperware](https://engineering.fb.com/data-center-engineering/tupperware/).
diff --git a/content/ko/docs/concepts/workloads/pods/disruptions.md b/content/ko/docs/concepts/workloads/pods/disruptions.md
index 5f13dddef9..02647adb70 100644
--- a/content/ko/docs/concepts/workloads/pods/disruptions.md
+++ b/content/ko/docs/concepts/workloads/pods/disruptions.md
@@ -1,4 +1,8 @@
 ---
+
+
+
+
 title: 중단(disruption)
 content_type: concept
 weight: 60
@@ -45,7 +49,7 @@ weight: 60
 
 - 복구 또는 업그레이드를 위한 [노드 드레이닝](/docs/tasks/administer-cluster/safely-drain-node/).
 - 클러스터의 스케일 축소를 위한
-  노드 드레이닝([클러스터 오토스케일링](/ko/docs/tasks/administer-cluster/cluster-management/#클러스터-오토스케일링)에 대해 알아보기
+  노드 드레이닝([클러스터 오토스케일링](https://github.com/kubernetes/autoscaler/#readme)에 대해 알아보기
   ).
 - 노드에 다른 무언가를 추가하기 위해 파드를 제거.
 
diff --git a/content/ko/docs/concepts/workloads/pods/init-containers.md b/content/ko/docs/concepts/workloads/pods/init-containers.md
index c1e3943178..56f59c1d30 100644
--- a/content/ko/docs/concepts/workloads/pods/init-containers.md
+++ b/content/ko/docs/concepts/workloads/pods/init-containers.md
@@ -133,6 +133,7 @@ spec:
 ```shell
 kubectl apply -f myapp.yaml
 ```
+출력 결과는 다음과 같다.
 ```
 pod/myapp-pod created
 ```
@@ -141,6 +142,7 @@ pod/myapp-pod created
 ```shell
 kubectl get -f myapp.yaml
 ```
+출력 결과는 다음과 같다.
 ```
 NAME        READY     STATUS     RESTARTS   AGE
 myapp-pod   0/1       Init:0/2   0          6m
@@ -150,6 +152,7 @@ myapp-pod   0/1       Init:0/2   0          6m
 ```shell
 kubectl describe -f myapp.yaml
 ```
+출력 결과는 다음과 같다.
 ```
 Name:          myapp-pod
 Namespace:     default
@@ -224,6 +227,7 @@ spec:
 ```shell
 kubectl apply -f services.yaml
 ```
+출력 결과는 다음과 같다.
 ```
 service/myservice created
 service/mydb created
@@ -235,6 +239,7 @@ service/mydb created
 ```shell
 kubectl get -f myapp.yaml
 ```
+출력 결과는 다음과 같다.
 ```
 NAME        READY     STATUS    RESTARTS   AGE
 myapp-pod   1/1       Running   0          9m
@@ -257,7 +262,7 @@ myapp-pod   1/1       Running   0          9m
 
 파드는 모든 초기화 컨테이너가 성공되기 전까지 `Ready` 될 수 없다. 초기화 컨테이너의 포트는
 서비스 하에 합쳐지지 않는다. 초기화 중인 파드는 `Pending` 상태이지만
-`Initialized` 가 참이 되는 조건을 가져야 한다.
+`Initialized` 가 거짓이 되는 조건을 가져야 한다.
 
 만약 파드가 [재시작](#파드-재시작-이유)되었다면, 모든 초기화 컨테이너는
 반드시 다시 실행된다.
diff --git a/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md b/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md
index 0c4ea5960c..1066e3eb83 100644
--- a/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md
+++ b/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md
@@ -85,6 +85,13 @@ UID로 정의된 특정 파드는 다른 노드로 절대 "다시 스케줄"되
 `Failed`    | 파드에 있는 모든 컨테이너가 종료되었고, 적어도 하나 이상의 컨테이너가 실패로 종료되었다. 즉, 해당 컨테이너는 non-zero 상태로 빠져나왔거나(exited) 시스템에 의해서 종료(terminated)되었다.
 `Unknown`   | 어떤 이유에 의해서 파드의 상태를 얻을 수 없다. 이 단계는 일반적으로 파드가 실행되어야 하는 노드와의 통신 오류로 인해 발생한다.
 
+{{< note >}}
+파드가 삭제될 때, 일부 kubectl 커맨드에서 `Terminating` 이 표시된다.
+이 `Terminating` 상태는 파드의 단계에 해당하지 않는다.
+파드에는 그레이스풀하게(gracefully) 종료되도록 기간이 부여되며, 그 기본값은 30초이다.
+[강제로 파드를 종료](/ko/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced)하려면 `--force` 플래그를 설정하면 된다.
+{{< /note >}}
+
 노드가 죽거나 클러스터의 나머지와의 연결이 끊어지면, 쿠버네티스는
 손실된 노드의 모든 파드의 `phase` 를 Failed로 설정하는 정책을 적용한다.
 
@@ -142,8 +149,7 @@ Never이다. 기본값은 Always이다.
 동일한 노드에서 kubelet에 의한 컨테이너 재시작만을 의미한다. 파드의 컨테이너가
 종료된 후, kubelet은 5분으로 제한되는 지수 백오프 지연(10초, 20초, 40초, …)으로
 컨테이너를 재시작한다. 컨테이너가 10분 동안 아무런 문제없이 실행되면,
-kubelet은 해당 컨테이너의 재시작 백오프 타이머를
-재설정한다.
+kubelet은 해당 컨테이너의 재시작 백오프 타이머를 재설정한다.
 
 ## 파드의 조건
 
@@ -326,7 +332,7 @@ kubelet은 실행 중인 컨테이너들에 대해서 선택적으로 세 가지
 컨테이너가 보통 `initialDelaySeconds + failureThreshold × periodSeconds`
 이후에 기동된다면, 스타트업 프로브가
 활성화 프로브와 같은 엔드포인트를 확인하도록 지정해야 한다.
-`periodSeconds`의 기본값은 30s 이다. 이 때 컨테이너가 활성화 프로브의
+`periodSeconds`의 기본값은 10s 이다. 이 때 컨테이너가 활성화 프로브의
 기본값 변경 없이 기동되도록 하려면, `failureThreshold` 를 충분히 높게 설정해주어야
 한다. 그래야 데드락(deadlocks)을 방지하는데 도움이 된다.
 
diff --git a/content/ko/docs/reference/command-line-tools-reference/feature-gates.md b/content/ko/docs/reference/command-line-tools-reference/feature-gates.md
index ad9c9a45de..6fa2c58a56 100644
--- a/content/ko/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/ko/docs/reference/command-line-tools-reference/feature-gates.md
@@ -166,7 +166,8 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능 
 | `StorageVersionHash` | `true` | 베타 | 1.15 | |
 | `Sysctls` | `true` | 베타 | 1.11 | |
 | `TTLAfterFinished` | `false` | 알파 | 1.12 | |
-| `TopologyManager` | `false` | 알파 | 1.16 | |
+| `TopologyManager` | `false` | 알파 | 1.16 | 1.17 |
+| `TopologyManager` | `true` | 베타 | 1.18 | |
 | `ValidateProxyRedirects` | `false` | 알파 | 1.12 | 1.13 |
 | `ValidateProxyRedirects` | `true` | 베타 | 1.14 | |
 | `WindowsEndpointSliceProxying` | `false` | 알파 | 1.19 | |
diff --git a/content/ko/docs/reference/kubectl/cheatsheet.md b/content/ko/docs/reference/kubectl/cheatsheet.md
index 7db5ce3bdb..2ac5f6076c 100644
--- a/content/ko/docs/reference/kubectl/cheatsheet.md
+++ b/content/ko/docs/reference/kubectl/cheatsheet.md
@@ -190,6 +190,9 @@ kubectl get pods --show-labels
 JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
  && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
 
+# 외부 도구 없이 디코딩된 시크릿 출력
+kubectl get secret ${secret_name} -o go-template='{{range $k,$v := .data}}{{$k}}={{$v|base64decode}}{{"\n"}}{{end}}'
+
 # 파드에 의해 현재 사용되고 있는 모든 시크릿 목록 조회
 kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq
 
@@ -311,6 +314,7 @@ kubectl exec my-pod -- ls /                         # 기존 파드에서 명령
 kubectl exec --stdin --tty my-pod -- /bin/sh        # 실행 중인 파드로 대화형 셸 액세스(1 컨테이너 경우)
 kubectl exec my-pod -c my-container -- ls /         # 기존 파드에서 명령 실행(멀티-컨테이너 경우)
 kubectl top pod POD_NAME --containers               # 특정 파드와 해당 컨테이너에 대한 메트릭 표시
+kubectl top pod POD_NAME --sort-by=cpu              # 지정한 파드에 대한 메트릭을 표시하고 'cpu' 또는 'memory'별로 정렬
 ```
 
 ## 노드, 클러스터와 상호 작용
@@ -388,6 +392,7 @@ Kubectl 로그 상세 레벨(verbosity)은 `-v` 또는`--v` 플래그와 로그
 `--v=2` | 서비스와 시스템의 중요한 변화와 관련이있는 중요한 로그 메시지에 대한 유용한 정상 상태 정보. 이는 대부분의 시스템에서 권장되는 기본 로그 수준이다.
 `--v=3` | 변경 사항에 대한 확장 정보.
 `--v=4` | 디버그 수준 상세화.
+`--v=5` | 트레이스 수준 상세화.
 `--v=6` | 요청한 리소스를 표시.
 `--v=7` | HTTP 요청 헤더를 표시.
 `--v=8` | HTTP 요청 내용을 표시.
diff --git a/content/ko/docs/reference/kubectl/conventions.md b/content/ko/docs/reference/kubectl/conventions.md
index b18f64b5ef..aa76c0c8bf 100644
--- a/content/ko/docs/reference/kubectl/conventions.md
+++ b/content/ko/docs/reference/kubectl/conventions.md
@@ -1,7 +1,7 @@
 ---
+
+
 title: kubectl 사용 규칙
-
-
 content_type: concept
 ---
 
@@ -36,24 +36,23 @@ content_type: concept
 {{< /note >}}
 
 #### 생성기
-`kubectl create --dry-run -o yaml`라는 kubectl 커맨드를 통해 다음과 같은 리소스를 생성 할 수 있다.
-```
-  clusterrole         클러스터롤(ClusterRole)를 생성한다.
-  clusterrolebinding  특정 클러스터롤에 대한 클러스터롤바인딩(ClusterRoleBinding)을 생성한다.
-  configmap           로컬 파일, 디렉토리 또는 문자 그대로의 값으로 컨피그맵(ConfigMap)을 생성한다.
-  cronjob             지정된 이름으로 크론잡(CronJob)을 생성한다.
-  deployment          지정된 이름으로 디플로이먼트(Deployment)를 생성한다.
-  job                 지정된 이름으로 잡(Job)을 생성한다.
-  namespace           지정된 이름으로 네임스페이스(Namespace)를 생성한다.
-  poddisruptionbudget 지정된 이름으로 pod disruption budget을 생성한다.
-  priorityclass       지정된 이름으로 프라이어리티클래스(PriorityClass)을 생성한다.
-  quota               지정된 이름으로 쿼터(Quota)를 생성한다.
-  role                단일 규칙으로 롤(Role)을 생성한다.
-  rolebinding         특정 롤 또는 클러스터롤에 대한 롤바인딩(RoleBinding)을 생성한다.
-  secret              지정된 하위 커맨드를 사용하여 시크릿(Secret)을 생성한다.
-  service             지정된 하위 커맨드를 사용하여 서비스(Service)를 생성한다.
-  serviceaccount      지정된 이름으로 서비스어카운트(ServiceAccount)을 생성한다.
-```
+`kubectl create --dry-run -o yaml`라는 kubectl 커맨드를 통해 다음과 같은 리소스를 생성할 수 있다.
+
+* `clusterrole`: 클러스터롤(ClusterRole)를 생성한다.
+* `clusterrolebinding`: 특정 클러스터롤에 대한 클러스터롤바인딩(ClusterRoleBinding)을 생성한다.
+* `configmap`: 로컬 파일, 디렉토리 또는 문자 그대로의 값으로 컨피그맵(ConfigMap)을 생성한다.
+* `cronjob`: 지정된 이름으로 크론잡(CronJob)을 생성한다.
+* `deployment`: 지정된 이름으로 디플로이먼트(Deployment)를 생성한다.
+* `job`: 지정된 이름으로 잡(Job)을 생성한다.
+* `namespace`: 지정된 이름으로 네임스페이스(Namespace)를 생성한다.
+* `poddisruptionbudget`: 지정된 이름으로 PodDisruptionBudget을 생성한다.
+* `priorityclass`: 지정된 이름으로 프라이어리티클래스(PriorityClass)을 생성한다.
+* `quota`: 지정된 이름으로 쿼터(Quota)를 생성한다.
+* `role`: 단일 규칙으로 롤(Role)을 생성한다.
+* `rolebinding`: 특정 롤 또는 클러스터롤에 대한 롤바인딩(RoleBinding)을 생성한다.
+* `secret`: 지정된 하위 커맨드를 사용하여 시크릿(Secret)을 생성한다.
+* `service`: 지정된 하위 커맨드를 사용하여 서비스(Service)를 생성한다.
+* `serviceaccount`: 지정된 이름으로 서비스어카운트(ServiceAccount)을 생성한다.
 
 ### `kubectl apply`
 
diff --git a/content/ko/docs/reference/kubectl/docker-cli-to-kubectl.md b/content/ko/docs/reference/kubectl/docker-cli-to-kubectl.md
index e81dd65b4a..1679059871 100644
--- a/content/ko/docs/reference/kubectl/docker-cli-to-kubectl.md
+++ b/content/ko/docs/reference/kubectl/docker-cli-to-kubectl.md
@@ -37,16 +37,11 @@ kubectl:
 # nginx 실행하는 파드를 시작한다
 kubectl create deployment --image=nginx nginx-app
 ```
-
-```shell
-# nginx-app 에 env를 추가한다
-kubectl set env deployment/nginx-app  DOMAIN=cluster
-```
 ```
 deployment.apps/nginx-app created
 ```
 
-```
+```shell
 # nginx-app 에 env를 추가한다
 kubectl set env deployment/nginx-app  DOMAIN=cluster
 ```
@@ -369,4 +364,3 @@ Grafana is running at https://203.0.113.141/api/v1/namespaces/kube-system/servic
 Heapster is running at https://203.0.113.141/api/v1/namespaces/kube-system/services/monitoring-heapster/proxy
 InfluxDB is running at https://203.0.113.141/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
 ```
-
diff --git a/content/ko/docs/setup/production-environment/container-runtimes.md b/content/ko/docs/setup/production-environment/container-runtimes.md
index 8bdd90800b..4b749ab7e5 100644
--- a/content/ko/docs/setup/production-environment/container-runtimes.md
+++ b/content/ko/docs/setup/production-environment/container-runtimes.md
@@ -143,6 +143,44 @@ sudo mkdir -p /etc/containerd
 sudo containerd config default | sudo tee /etc/containerd/config.toml
 ```
 
+```shell
+# containerd 재시작
+sudo systemctl restart containerd
+```
+{{% /tab %}}
+{{% tab name="Debian 9+" %}}
+
+```shell
+# (containerd 설치)
+## 리포지터리 설정
+### HTTPS를 통해 리포지터리를 사용할 수 있도록 패키지 설치
+sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+```
+
+```shell
+## 도커의 공식 GPG 키 추가
+curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/docker.gpg add -
+```
+
+```shell
+## 도커 apt 리포지터리 추가
+sudo add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/debian \
+   $(lsb_release -cs) \
+   stable"
+```
+
+```shell
+## containerd 설치
+sudo apt-get update && sudo apt-get install -y containerd.io
+```
+
+```shell
+# 기본 containerd 구성 설정
+sudo mkdir -p /etc/containerd
+containerd config default | sudo tee /etc/containerd/config.toml
+```
+
 ```shell
 # containerd 재시작
 sudo systemctl restart containerd
@@ -230,12 +268,18 @@ kubeadm을 사용하는 경우,
 
 {{< note >}}
 CRI-O 메이저와 마이너 버전은 쿠버네티스 메이저와 마이너 버전이 일치해야 한다.
-더 자세한 정보는 [CRI-O 호환 매트릭스](https://github.com/cri-o/cri-o)를 본다.
+더 자세한 정보는 [CRI-O 호환 매트릭스](https://github.com/cri-o/cri-o#compatibility-matrix-cri-o--kubernetes)를 본다.
 {{< /note >}}
 
 필수 구성 요소를 설치하고 구성한다.
 
 ```shell
+# .conf 파일을 만들어 부팅 시 모듈을 로드한다
+cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
+overlay
+br_netfilter
+EOF
+
 sudo modprobe overlay
 sudo modprobe br_netfilter
 
@@ -262,9 +306,9 @@ sudo sysctl --system
 
 <br />
 그런 다음, `$VERSION` 을 사용자의 쿠버네티스 버전과 일치하는 CRI-O 버전으로 설정한다.
-예를 들어, CRI-O 1.18을 설치하려면, `VERSION=1.18` 로 설정한다.
+예를 들어, CRI-O 1.20을 설치하려면, `VERSION=1.20` 로 설정한다.
 사용자의 설치를 특정 릴리스에 고정할 수 있다.
-버전 1.18.3을 설치하려면, `VERSION=1.18:1.18.3` 을 설정한다.
+버전 1.20.0을 설치하려면, `VERSION=1.20:1.20.0` 을 설정한다.
 <br />
 
 그런 다음, 아래를 실행한다.
@@ -298,9 +342,9 @@ sudo apt-get install cri-o cri-o-runc
 
 <br />
 그런 다음, `$VERSION` 을 사용자의 쿠버네티스 버전과 일치하는 CRI-O 버전으로 설정한다.
-예를 들어, CRI-O 1.18을 설치하려면, `VERSION=1.18` 로 설정한다.
+예를 들어, CRI-O 1.20을 설치하려면, `VERSION=1.20` 로 설정한다.
 사용자의 설치를 특정 릴리스에 고정할 수 있다.
-버전 1.18.3을 설치하려면, `VERSION=1.18:1.18.3` 을 설정한다.
+버전 1.20.0을 설치하려면, `VERSION=1.20:1.20.0` 을 설정한다.
 <br />
 
 그런 다음, 아래를 실행한다.
@@ -332,9 +376,9 @@ apt-get install cri-o cri-o-runc
 
 <br />
 그런 다음, `$VERSION` 을 사용자의 쿠버네티스 버전과 일치하는 CRI-O 버전으로 설정한다.
-예를 들어, CRI-O 1.18을 설치하려면, `VERSION=1.18` 로 설정한다.
+예를 들어, CRI-O 1.20을 설치하려면, `VERSION=1.20` 로 설정한다.
 사용자의 설치를 특정 릴리스에 고정할 수 있다.
-버전 1.18.3을 설치하려면, `VERSION=1.18:1.18.3` 을 설정한다.
+버전 1.20.0을 설치하려면, `VERSION=1.20:1.20.0` 을 설정한다.
 <br />
 
 그런 다음, 아래를 실행한다.
@@ -355,7 +399,7 @@ sudo zypper install cri-o
 {{% tab name="Fedora" %}}
 
 `$VERSION` 을 사용자의 쿠버네티스 버전과 일치하는 CRI-O 버전으로 설정한다.
-예를 들어, CRI-O 1.18을 설치하려면, `VERSION=1.18` 로 설정한다.
+예를 들어, CRI-O 1.20을 설치하려면, `VERSION=1.20` 로 설정한다.
 
 사용할 수 있는 버전을 찾으려면 다음을 실행한다.
 ```shell
@@ -379,10 +423,26 @@ sudo systemctl daemon-reload
 sudo systemctl start crio
 ```
 
-자세한 사항은 [CRI-O 설치 가이드](https://github.com/kubernetes-sigs/cri-o#getting-started)를
+자세한 사항은 [CRI-O 설치 가이드](https://github.com/cri-o/cri-o/blob/master/install.md)를
 참고한다.
 
 
+#### cgroup 드라이버
+
+CRI-O는 기본적으로 systemd cgroup 드라이버를 사용한다. `cgroupfs` cgroup 드라이버로
+전환하려면, `/etc/crio/crio.conf` 를 수정하거나 `/etc/crio/crio.conf.d/02-cgroup-manager.conf` 에
+드롭-인(drop-in) 구성을 배치한다. 예를 들면, 다음과 같다.
+
+```toml
+[crio.runtime]
+conmon_cgroup = "pod"
+cgroup_manager = "cgroupfs"
+```
+
+또한 `cgroupfs` 와 함께 CRI-O를 사용할 때 `pod` 값으로 설정해야 하는
+변경된 `conmon_cgroup` 에 유의한다. 일반적으로 kubelet(일반적으로 kubeadm을 통해 수행됨)과
+CRI-O의 cgroup 드라이버 구성을 동기화 상태로
+유지해야 한다.
 
 ### 도커
 
@@ -425,6 +485,11 @@ sudo apt-get update && sudo apt-get install -y \
   docker-ce-cli=5:19.03.11~3-0~ubuntu-$(lsb_release -cs)
 ```
 
+```shell
+## /etc/docker 생성
+sudo mkdir /etc/docker
+```
+
 ```shell
 # 도커 데몬 설정
 cat <<EOF | sudo tee /etc/docker/daemon.json
diff --git a/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md b/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md
index e79d655d01..488ea59ff6 100644
--- a/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md
+++ b/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md
@@ -6,17 +6,19 @@ weight: 70
 
 <!-- overview -->
 
-이 작업은 프론트엔드와 마이크로서비스 백엔드를 어떻게 생성하는지를
-설명한다. 백엔드 마이크로서비스는 인사하기(hello greeter)이다.
-프론트엔드와 백엔드는 쿠버네티스 {{< glossary_tooltip term_id="service" text="서비스" >}}
-오브젝트를 이용해 연결되어 있다.
+이 작업은 _프론트엔드_ 와 _백엔드_ 마이크로서비스를 어떻게 생성하는지를 설명한다. 백엔드
+마이크로서비스는 인사하기(hello greeter)이다. 프론트엔드는 nginx 및 쿠버네티스
+{{< glossary_tooltip term_id="service" text="서비스" >}} 오브젝트를 사용해 백엔드를 노출한다.
 
 ## {{% heading "objectives" %}}
 
-* {{< glossary_tooltip term_id="deployment" text="디플로이먼트(Deployment)" >}} 오브젝트를 사용해 마이크로서비스를 생성하고 실행한다.
-* 프론트엔드를 사용하여 백엔드로 트래픽을 전달한다.
-* 프론트엔드 애플리케이션을 백엔드 애플리케이션에 연결하기 위해
-  서비스 오브젝트를 사용한다.
+* {{< glossary_tooltip term_id="deployment" text="디플로이먼트(Deployment)" >}} 오브젝트를 사용해
+  샘플 `hello` 백엔드 마이크로서비스를 생성하고 실행한다.
+* 서비스 오브젝트를 사용하여 백엔드 마이크로서비스의 여러 복제본으로 트래픽을 보낸다.
+* 디플로이먼트 오브젝트를 사용하여 `nginx` 프론트엔드 마이크로서비스를 생성하고 실행한다.
+* 트래픽을 백엔드 마이크로서비스로 보내도록 프론트엔드 마이크로서비스를 구성한다.
+* `type=LoadBalancer` 의 서비스 오브젝트를 사용해 클러스터 외부에 프론트엔드 마이크로서비스를
+  노출한다.
 
 ## {{% heading "prerequisites" %}}
 
@@ -34,24 +36,24 @@ weight: 70
 백엔드는 인사하기라는 간단한 마이크로서비스이다. 여기에 백엔드 디플로이먼트
 구성 파일이 있다.
 
-{{< codenew file="service/access/hello.yaml" >}}
+{{< codenew file="service/access/backend-deployment.yaml" >}}
 
 백엔드 디플로이먼트를 생성한다.
 
 ```shell
-kubectl apply -f https://k8s.io/examples/service/access/hello.yaml
+kubectl apply -f https://k8s.io/examples/service/access/backend-deployment.yaml
 ```
 
 백엔드 디플로이먼트에 관한 정보를 본다.
 
 ```shell
-kubectl describe deployment hello
+kubectl describe deployment backend
 ```
 
 결과는 아래와 같다.
 
 ```
-Name:                           hello
+Name:                           backend
 Namespace:                      default
 CreationTimestamp:              Mon, 24 Oct 2016 14:21:02 -0700
 Labels:                         app=hello
@@ -59,7 +61,7 @@ Labels:                         app=hello
                                 track=stable
 Annotations:                    deployment.kubernetes.io/revision=1
 Selector:                       app=hello,tier=backend,track=stable
-Replicas:                       7 desired | 7 updated | 7 total | 7 available | 0 unavailable
+Replicas:                       3 desired | 3 updated | 3 total | 3 available | 0 unavailable
 StrategyType:                   RollingUpdate
 MinReadySeconds:                0
 RollingUpdateStrategy:          1 max unavailable, 1 max surge
@@ -80,14 +82,14 @@ Conditions:
   Available     True    MinimumReplicasAvailable
   Progressing   True    NewReplicaSetAvailable
 OldReplicaSets:                 <none>
-NewReplicaSet:                  hello-3621623197 (7/7 replicas created)
+NewReplicaSet:                  hello-3621623197 (3/3 replicas created)
 Events:
 ...
 ```
 
-## 백엔드 서비스 오브젝트 생성하기
+## `hello` 서비스 오브젝트 생성하기
 
-프론트엔드와 백엔드를 연결하는 방법은 백엔드
+프론트엔드에서 백엔드로 요청을 보내는 핵심은 백엔드
 서비스이다. 서비스는 백엔드 마이크로서비스에 언제든 도달하기 위해
 변하지 않는 IP 주소와 DNS 이름 항목을 생성한다. 서비스는
 트래픽을 보내는 파드를 찾기 위해
@@ -95,42 +97,51 @@ Events:
 
 먼저, 서비스 구성 파일을 살펴보자.
 
-{{< codenew file="service/access/hello-service.yaml" >}}
+{{< codenew file="service/access/backend-service.yaml" >}}
 
-구성 파일에서 서비스가 `app: hello` 과 `tier: backend` 레이블을 갖는
+구성 파일에서 `hello` 라는 이름의 서비스가 `app: hello` 및 `tier: backend` 레이블을 갖는
 파드에 트래픽을 보내는 것을 볼 수 있다.
 
-`hello` 서비스를 생성한다.
+백엔드 서비스를 생성한다.
 
 ```shell
-kubectl apply -f https://k8s.io/examples/service/access/hello-service.yaml
+kubectl apply -f https://k8s.io/examples/service/access/backend-service.yaml
 ```
 
-이 시점에서, 백엔드 디플로이먼트는 Running 중이며, 해당 백엔드로
-트래픽을 보내는 서비스를 갖고 있다.
+이 시점에서 `hello` 애플리케이션의 복제본 3개를 실행하는 `backend`
+디플로이먼트가 있고, 해당 백엔드로 트래픽을 보내는 서비스가 있다. 그러나, 이
+서비스는 클러스터 외부에서 사용할 수 없거나 확인할 수 없다.
 
 ## 프론트엔드 생성하기
 
-이제 백엔드가 있기 때문에 백엔드와 연결하는 프론트엔드를 생성할 수 있다.
-프론트엔드는 백엔드 서비스에서 제공된 DNS 이름을 사용해 백엔드 워커
-파드에 연결할 수 있다. DNS 이름은 "hello" 이고, 앞선
-서비스 구성 파일의 `name` 항목의 값이다.
+이제 백엔드를 실행했으므로, 클러스터 외부에서 접근할 수 있는
+프론트엔드를 만들고, 백엔드로의 요청을 프록시하여 백엔드에 연결할 수 있다.
 
-프론트엔드 디플로이먼트 안에 파드는 hello 백엔드 서비스를 찾도록
-구성된 nginx 이미지를 실행한다. 여기에 nginx 구성 파일이 있다.
+프론트엔드는 백엔드 서비스에 지정된 DNS 이름을 사용하여 백엔드
+워커 파드에 요청을 보낸다. DNS 이름은
+`examples/service/access/backend-service.yaml` 구성 파일의
+`name` 필드 값인 `hello` 이다.
 
-{{< codenew file="service/access/frontend.conf" >}}
+프론트엔드 디플로이먼트 안의 파드는 `hello` 백엔드 서비스에 대한 요청을
+프록시하도록 구성된 nginx 이미지를 실행한다. 다음은 nginx 구성 파일이다.
 
-백엔드와 같이, 프론트엔드는 디플로이먼트와 서비스를 갖고 있다.
-서비스의 구성은 `type: LoadBalancer` 이며, 이는 서비스가
-클라우드 공급자의 기본 로드 밸런서를 사용하는 것을 의미한다.
+{{< codenew file="service/access/frontend-nginx.conf" >}}
 
-{{< codenew file="service/access/frontend.yaml" >}}
+백엔드와 같이, 프론트엔드는 디플로이먼트와 서비스를 갖고 있다. 백엔드
+서비스와 프론트엔드 서비스 간에 주목해야 할 중요한 차이점은 프론트엔드
+서비스의 구성에 `type: LoadBalancer` 가 있다는 것이다. 즉,
+서비스가 클라우드 공급자가 프로비저닝한 로드 밸런서를 사용하고
+클러스터 외부에서 접근할 수 있음을 의미한다.
+
+{{< codenew file="service/access/frontend-service.yaml" >}}
+
+{{< codenew file="service/access/frontend-deployment.yaml" >}}
 
 프론트엔드 디플로이먼트와 서비스를 생성한다.
 
 ```shell
-kubectl apply -f https://k8s.io/examples/service/access/frontend.yaml
+kubectl apply -f https://k8s.io/examples/service/access/frontend-deployment.yaml
+kubectl apply -f https://k8s.io/examples/service/access/frontend-service.yaml
 ```
 
 결과는 두 리소스가 생성되었음을 확인한다.
@@ -196,17 +207,17 @@ curl http://${EXTERNAL_IP} # 앞의 예에서 본 EXTERNAL-IP로 수정한다
 서비스를 삭제하기 위해, 아래 명령어를 입력하자.
 
 ```shell
-kubectl delete services frontend hello
+kubectl delete services frontend backend
 ```
 
 백엔드와 프론트엔드 애플리케이션에서 실행 중인 디플로이먼트, 레플리카셋, 파드를 삭제하기 위해, 아래 명령어를 입력하자.
 
 ```shell
-kubectl delete deployment frontend hello
+kubectl delete deployment frontend backend
 ```
 
 ## {{% heading "whatsnext" %}}
 
 * [서비스](/ko/docs/concepts/services-networking/service/)에 대해 더 알아본다.
 * [컨피그맵](/docs/tasks/configure-pod-container/configure-pod-configmap/)에 대해 더 알아본다.
-
+* [서비스와 파드용 DNS](/docs/concepts/services-networking/dns-pod-service/)에 대해 더 알아본다.
diff --git a/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md b/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
index ce453789cb..16c84d451c 100644
--- a/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
+++ b/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
@@ -69,7 +69,7 @@ VXLAN/오버레이 네트워킹을 사용하는 경우 [KB4489899](https://suppo
           "Network": "10.244.0.0/16",
           "Backend": {
             "Type": "vxlan",
-            "VNI" : 4096,
+            "VNI": 4096,
             "Port": 4789
           }
         }
diff --git a/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md b/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md
index fd59ccfd4f..c9ed347c56 100644
--- a/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md
+++ b/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md
@@ -392,8 +392,8 @@ spec:
       containers:
       - name: my-nginx
         resources:
-        limits:
-          memory: 512Mi
+          limits:
+            memory: 512Mi
 EOF
 
 cat <<EOF >./kustomization.yaml
@@ -424,11 +424,12 @@ spec:
     spec:
       containers:
       - image: nginx
-        limits:
-          memory: 512Mi
         name: my-nginx
         ports:
         - containerPort: 80
+        resources:
+          limits:
+            memory: 512Mi
 ```
 
 모든 리소스 또는 필드가 전략적 병합 패치를 지원하는 것은 아니다. 임의의 리소스 내 임의의 필드의 수정을 지원하기 위해,
diff --git a/content/ko/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html b/content/ko/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
index 6cf468f0b6..5b41fe207a 100644
--- a/content/ko/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
+++ b/content/ko/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
@@ -103,9 +103,7 @@ weight: 10
         <div class="row">
             <div class="col-md-8">
                 <p>
-                  첫 번째 디플로이먼트로, 도커 컨테이너로 패키지된 Node.js 애플리케이션을 사용해보자.
-                    (Node.js 애플리케이션을 작성하고 컨테이너를 활용해서 배포해보지 않았다면,
-                    <a href="/ko/docs/tutorials/hello-minikube/">Hello Minikube 튜토리얼</a>의 지시를 따른다.)</p>
+                  첫 번째 디플로이먼트로, NGINX를 사용해 모든 요청을 에코(echo)하는 도커 컨테이너로 패키지한 hello-node 애플리케이션을 사용해보자. (아직 hello-node 애플리케이션을 작성하고 컨테이너를 활용해서 배포해보지 않았다면, <a href="/docs/tutorials/hello-minikube/">Hello Minikube 튜토리얼</a>의 지시를 따른다.)
                 <p>
 
                  <p>이제 디플로이먼트를 이해했으니, 온라인 튜토리얼을 통해 우리의 첫 번째 애플리케이션을 배포해보자!</p>
diff --git a/content/ko/examples/application/deployment.yaml b/content/ko/examples/application/deployment.yaml
index 2cd599218d..dbed8bc72b 100644
--- a/content/ko/examples/application/deployment.yaml
+++ b/content/ko/examples/application/deployment.yaml
@@ -1,4 +1,4 @@
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-deployment
diff --git a/content/ko/examples/application/guestbook/frontend-deployment.yaml b/content/ko/examples/application/guestbook/frontend-deployment.yaml
index 50d6e1f0d4..23d64be644 100644
--- a/content/ko/examples/application/guestbook/frontend-deployment.yaml
+++ b/content/ko/examples/application/guestbook/frontend-deployment.yaml
@@ -1,4 +1,4 @@
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: frontend
diff --git a/content/ko/examples/application/guestbook/redis-master-deployment.yaml b/content/ko/examples/application/guestbook/redis-master-deployment.yaml
index fc6f418c39..478216d1ac 100644
--- a/content/ko/examples/application/guestbook/redis-master-deployment.yaml
+++ b/content/ko/examples/application/guestbook/redis-master-deployment.yaml
@@ -1,4 +1,4 @@
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: redis-master
diff --git a/content/ko/examples/application/guestbook/redis-slave-deployment.yaml b/content/ko/examples/application/guestbook/redis-slave-deployment.yaml
index 7dcfb6c263..1a7b04386a 100644
--- a/content/ko/examples/application/guestbook/redis-slave-deployment.yaml
+++ b/content/ko/examples/application/guestbook/redis-slave-deployment.yaml
@@ -1,4 +1,4 @@
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: redis-slave
diff --git a/content/ko/examples/application/mysql/mysql-deployment.yaml b/content/ko/examples/application/mysql/mysql-deployment.yaml
index 518457777e..419fbe03d3 100644
--- a/content/ko/examples/application/mysql/mysql-deployment.yaml
+++ b/content/ko/examples/application/mysql/mysql-deployment.yaml
@@ -9,7 +9,7 @@ spec:
     app: mysql
   clusterIP: None
 ---
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: mysql
diff --git a/content/ko/examples/application/wordpress/mysql-deployment.yaml b/content/ko/examples/application/wordpress/mysql-deployment.yaml
index 8b92b76f54..c6b221512d 100644
--- a/content/ko/examples/application/wordpress/mysql-deployment.yaml
+++ b/content/ko/examples/application/wordpress/mysql-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     requests:
       storage: 20Gi
 ---
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: wordpress-mysql
diff --git a/content/ko/examples/application/wordpress/wordpress-deployment.yaml b/content/ko/examples/application/wordpress/wordpress-deployment.yaml
index d898474211..c8ed239142 100644
--- a/content/ko/examples/application/wordpress/wordpress-deployment.yaml
+++ b/content/ko/examples/application/wordpress/wordpress-deployment.yaml
@@ -25,7 +25,7 @@ spec:
     requests:
       storage: 20Gi
 ---
-apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: wordpress
diff --git a/content/ko/examples/service/access/Dockerfile b/content/ko/examples/service/access/Dockerfile
index b7b09d492a..61c8ce2831 100644
--- a/content/ko/examples/service/access/Dockerfile
+++ b/content/ko/examples/service/access/Dockerfile
@@ -1,4 +1,4 @@
 FROM nginx:1.17.3
 
 RUN rm /etc/nginx/conf.d/default.conf
-COPY frontend.conf /etc/nginx/conf.d
+COPY frontend-nginx.conf /etc/nginx/conf.d
diff --git a/content/ko/examples/service/access/hello.yaml b/content/ko/examples/service/access/backend-deployment.yaml
similarity index 100%
rename from content/ko/examples/service/access/hello.yaml
rename to content/ko/examples/service/access/backend-deployment.yaml
diff --git a/content/ko/examples/service/access/hello-service.yaml b/content/ko/examples/service/access/backend-service.yaml
similarity index 100%
rename from content/ko/examples/service/access/hello-service.yaml
rename to content/ko/examples/service/access/backend-service.yaml
diff --git a/content/ko/examples/service/access/frontend-deployment.yaml b/content/ko/examples/service/access/frontend-deployment.yaml
new file mode 100644
index 0000000000..182b0e708e
--- /dev/null
+++ b/content/ko/examples/service/access/frontend-deployment.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+spec:
+  selector:
+    matchLabels:
+      app: hello
+      tier: frontend
+      track: stable
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: hello
+        tier: frontend
+        track: stable
+    spec:
+      containers:
+        - name: nginx
+          image: "gcr.io/google-samples/hello-frontend:1.0"
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/usr/sbin/nginx","-s","quit"]
+...
\ No newline at end of file
diff --git a/content/ko/examples/service/access/frontend-nginx.conf b/content/ko/examples/service/access/frontend-nginx.conf
new file mode 100644
index 0000000000..39a911a09a
--- /dev/null
+++ b/content/ko/examples/service/access/frontend-nginx.conf
@@ -0,0 +1,14 @@
+# The identifier Backend is internal to nginx, and used to name this specific upstream
+upstream Backend {
+    # hello is the internal DNS name used by the backend Service inside Kubernetes
+    server hello;
+}
+
+server {
+    listen 80;
+
+    location / {
+        # The following statement will proxy traffic to the upstream named Backend
+        proxy_pass http://Backend;
+    }
+}
diff --git a/content/ko/examples/service/access/frontend-service.yaml b/content/ko/examples/service/access/frontend-service.yaml
new file mode 100644
index 0000000000..898a5ed51b
--- /dev/null
+++ b/content/ko/examples/service/access/frontend-service.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+spec:
+  selector:
+    app: hello
+    tier: frontend
+  ports:
+  - protocol: "TCP"
+    port: 80
+    targetPort: 80
+  type: LoadBalancer
+...
\ No newline at end of file
diff --git a/content/ko/examples/service/access/frontend.conf b/content/ko/examples/service/access/frontend.conf
deleted file mode 100644
index 9a1f5a0ed6..0000000000
--- a/content/ko/examples/service/access/frontend.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-upstream hello {
-    server hello;
-}
-
-server {
-    listen 80;
-
-    location / {
-        proxy_pass http://hello;
-    }
-}
diff --git a/content/ko/examples/service/access/frontend.yaml b/content/ko/examples/service/access/frontend.yaml
deleted file mode 100644
index 9f5b6b757f..0000000000
--- a/content/ko/examples/service/access/frontend.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: frontend
-spec:
-  selector:
-    app: hello
-    tier: frontend
-  ports:
-  - protocol: "TCP"
-    port: 80
-    targetPort: 80
-  type: LoadBalancer
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: frontend
-spec:
-  selector:
-    matchLabels:
-      app: hello
-      tier: frontend
-      track: stable
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: hello
-        tier: frontend
-        track: stable
-    spec:
-      containers:
-      - name: nginx
-        image: "gcr.io/google-samples/hello-frontend:1.0"
-        lifecycle:
-          preStop:
-            exec:
-              command: ["/usr/sbin/nginx","-s","quit"]
diff --git a/content/vi/community/static/cncf-code-of-conduct.md b/content/vi/community/static/cncf-code-of-conduct.md
index 9d7008e902..12c5472142 100644
--- a/content/vi/community/static/cncf-code-of-conduct.md
+++ b/content/vi/community/static/cncf-code-of-conduct.md
@@ -23,8 +23,8 @@ Quy tắc ứng xử này áp dụng cả trong không gian dự án và trong k
 
 Các trường hợp lạm dụng, quấy rối hoặc hành vi không thể chấp nhận được trong Kubernetes có thể được báo cáo bằng cách liên hệ với [Ủy ban Quy tắc ứng xử Kubernetes](https://git.k8s.io/community/committee-code-of-conduct) thông qua <conduct@kubernetes.io>. Đối với các dự án khác, vui lòng liên hệ với người bảo trì dự án CNCF hoặc hòa giải viên của chúng tôi, Mishi Choudhary <mishi@linux.com>.
 
-Quy tắc ứng xử này được điều chỉnh từ Giao ước cộng tác viên (http://contributor-covenant.org), phiên bản 1.2.0, có sẵn tại
-http://contributor-covenant.org/version/1/2/0/
+Quy tắc ứng xử này được điều chỉnh từ Giao ước cộng tác viên (https://contributor-covenant.org), phiên bản 1.2.0, có sẵn tại
+https://contributor-covenant.org/version/1/2/0/
 
 ### Quy tắc ứng xử sự kiện CNCF
 
diff --git a/content/zh/blog/_posts/2020-10-01-contributing-to-the-development-guide/index.md b/content/zh/blog/_posts/2020-10-01-contributing-to-the-development-guide/index.md
new file mode 100644
index 0000000000..01c1e2942f
--- /dev/null
+++ b/content/zh/blog/_posts/2020-10-01-contributing-to-the-development-guide/index.md
@@ -0,0 +1,211 @@
+---
+title: "为开发指南做贡献"
+linkTitle: "为开发指南做贡献"
+Author: Erik L. Arneson
+Description: "一位新的贡献者描述了编写和提交对 Kubernetes 开发指南的修改的经验。"
+date: 2020-10-01
+canonicalUrl: https://www.kubernetes.dev/blog/2020/09/28/contributing-to-the-development-guide/
+resources:
+- src: "jorge-castro-code-of-conduct.jpg"
+  title: "Jorge Castro 正在 SIG ContribEx 的周例会上宣布 Kubernetes 的行为准则。"
+---
+
+<!-- 
+---
+title: "Contributing to the Development Guide"
+linkTitle: "Contributing to the Development Guide"
+Author: Erik L. Arneson
+Description: "A new contributor describes the experience of writing and submitting changes to the Kubernetes Development Guide."
+date: 2020-10-01
+canonicalUrl: https://www.kubernetes.dev/blog/2020/09/28/contributing-to-the-development-guide/
+resources:
+- src: "jorge-castro-code-of-conduct.jpg"
+  title: "Jorge Castro announcing the Kubernetes Code of Conduct during a weekly SIG ContribEx meeting."
+--- 
+-->
+
+
+<!-- 
+When most people think of contributing to an open source project, I suspect they probably think of
+contributing code changes, new features, and bug fixes. As a software engineer and a long-time open
+source user and contributor, that's certainly what I thought. Although I have written a good quantity
+of documentation in different workflows, the massive size of the Kubernetes community was a new kind 
+of "client." I just didn't know what to expect when Google asked my compatriots and me at
+[Lion's Way](https://lionswaycontent.com/) to make much-needed updates to the Kubernetes Development Guide.
+
+*This article originally appeared on the [Kubernetes Contributor Community blog](https://www.kubernetes.dev/blog/2020/09/28/contributing-to-the-development-guide/).*
+-->
+
+当大多数人想到为一个开源项目做贡献时，我猜想他们可能想到的是贡献代码修改、新功能和错误修复。作为一个软件工程师和一个长期的开源用户和贡献者，这也正是我的想法。
+虽然我已经在不同的工作流中写了不少文档，但规模庞大的 Kubernetes 社区是一种新型 "客户"。我只是不知道当 Google 要求我和 [Lion's Way](https://lionswaycontent.com/) 的同胞们对 Kubernetes 开发指南进行必要更新时会发生什么。
+
+*本文最初出现在 [Kubernetes Contributor Community blog](https://www.kubernetes.dev/blog/2020/09/28/contributing-to-the-development-guide/)。*
+
+<!--
+ ## The Delights of Working With a Community
+
+As professional writers, we are used to being hired to write very specific pieces. We specialize in
+marketing, training, and documentation for technical services and products, which can range anywhere from relatively fluffy marketing emails to deeply technical white papers targeted at IT and developers. With 
+this kind of professional service, every deliverable tends to have a measurable return on investment. 
+I knew this metric wouldn't be present when working on open source documentation, but I couldn't
+predict how it would change my relationship with the project. 
+-->
+
+## 与社区合作的乐趣
+
+作为专业的写手，我们习惯了受雇于他人去书写非常具体的项目。我们专注于技术服务，产品营销，技术培训以及文档编制，范围从相对宽松的营销邮件到针对 IT 和开发人员的深层技术白皮书。
+在这种专业服务下，每一个可交付的项目往往都有可衡量的投资回报。我知道在从事开源文档工作时不会出现这个指标，但我不确定它将如何改变我与项目的关系。
+
+<!--
+ One of the primary traits of the relationship between our writing and our traditional clients is that we
+always have one or two primary points of contact inside a company. These contacts are responsible
+for reviewing our writing and making sure it matches the voice of the company and targets the
+audience they're looking for. It can be stressful -- which is why I'm so glad that my writing
+partner, eagle-eyed reviewer, and bloodthirsty editor [Joel](https://twitter.com/JoelByronBarker)
+handles most of the client contact. 
+-->
+
+我们的写作和传统客户之间的关系有一个主要的特点，就是我们在一个公司里面总是有一两个主要的对接人。他们负责审查我们的文稿，并确保文稿内容符合公司的声明且对标于他们正在寻找的受众。
+这随之而来的压力--正好解释了为什么我很高兴我的写作伙伴、鹰眼审稿人同时也是嗜血编辑的 [Joel](https://twitter.com/JoelByronBarker) 处理了大部分的客户联系。
+
+
+<!--
+ I was surprised and delighted that all of the stress of client contact went out the window when
+working with the Kubernetes community. 
+-->
+
+在与 Kubernetes 社区合作时，所有与客户接触的压力都消失了，这让我感到惊讶和高兴。
+
+<!--
+ "How delicate do I have to be? What if I screw up? What if I make a developer angry? What if I make
+enemies?" These were all questions that raced through my mind and made me feel like I was
+approaching a field of eggshells when I first joined the `#sig-contribex` channel on the Kubernetes
+Slack and announced that I would be working on the
+[Development Guide](https://github.com/kubernetes/community/blob/master/contributors/devel/development.md). 
+-->
+
+"我必须得多仔细？如果我搞砸了怎么办？如果我让开发商生气了怎么办？如果我树敌了怎么办？"。
+当我第一次加入 Kubernetes Slack 上的  "#sig-contribex "  频道并宣布我将编写 [开发指南](https://github.com/kubernetes/community/blob/master/contributors/devel/development.md) 时，这些问题都在我脑海中奔腾，让我感觉如履薄冰。
+
+<!--
+ {{< imgproc jorge-castro-code-of-conduct Fit "800x450" >}}
+"The Kubernetes Code of Conduct is in effect, so please be excellent to each other." &mdash; Jorge
+Castro, SIG ContribEx co-chair
+{{< /imgproc >}} 
+-->
+
+{{< imgproc jorge-castro-code-of-conduct Fit "800x450" >}}
+"Kubernetes 编码准则已经生效，让我们共同勉励。" &mdash; Jorge
+Castro, SIG ContribEx co-chair
+{{< /imgproc >}}
+
+<!--
+ My fears were unfounded. Immediately, I felt welcome. I like to think this isn't just because I was
+working on a much needed task, but rather because the Kubernetes community is filled
+with friendly, welcoming people. During the weekly SIG ContribEx meetings, our reports on progress
+with the Development Guide were included immediately. In addition, the leader of the meeting would
+always stress that the [Kubernetes Code of Conduct](https://www.kubernetes.dev/resources/code-of-conduct/) was in
+effect, and that we should, like Bill and Ted, be excellent to each other. 
+-->
+
+事实上我的担心是多虑的。很快，我就感觉到自己是被欢迎的。我倾向于认为这不仅仅是因为我正在从事一项急需的任务，而是因为 Kubernetes 社区充满了友好、热情的人们。
+在每周的 SIG ContribEx 会议上，我们关于开发指南进展情况的报告会被立即纳入其中。此外，会议的领导会一直强调 [Kubernetes](https://www.kubernetes.dev/resources/code-of-conduct/) 编码准则，我们应该像 Bill 和 Ted 一样，相互进步。
+
+
+<!--
+ ## This Doesn't Mean It's All Easy
+
+The Development Guide needed a pretty serious overhaul. When we got our hands on it, it was already
+packed with information and lots of steps for new developers to go through, but it was getting dusty
+with age and neglect. Documentation can really require a global look, not just point fixes.
+As a result, I ended up submitting a gargantuan pull request to the
+[Community repo](https://github.com/kubernetes/community): 267 additions and 88 deletions. 
+-->
+
+## 这并不意味着这一切都很简单
+
+开发指南需要一次全面检查。当我们拿到它的时候，它已经捆绑了大量的信息和很多新开发者需要经历的步骤，但随着时间的推移和被忽视，它变得相当陈旧。
+文档的确需要全局观，而不仅仅是点与点的修复。结果，最终我向这个项目提交了一个巨大的 pull 请求。[社区仓库](https://github.com/kubernetes/community)：新增 267 行，删除 88 行。
+
+<!--
+ The life cycle of a pull request requires a certain number of Kubernetes organization members to review and approve changes
+before they can be merged. This is a great practice, as it keeps both documentation and code in
+pretty good shape, but it can be tough to cajole the right people into taking the time for such a hefty
+review. As a result, that massive PR took 26 days from my first submission to final merge. But in
+the end, [it was successful](https://github.com/kubernetes/community/pull/5003). 
+-->
+
+pull 请求的周期需要一定数量的 Kubernetes 组织成员审查和批准更改后才能合并。这是一个很好的做法，因为它使文档和代码都保持在相当不错的状态，
+但要哄骗合适的人花时间来做这样一个赫赫有名的审查是很难的。
+因此，那次大规模的 PR 从我第一次提交到最后合并，用了 26 天。 但最终，[它是成功的](https://github.com/kubernetes/community/pull/5003).
+
+<!--
+ Since Kubernetes is a pretty fast-moving project, and since developers typically aren't really
+excited about writing documentation, I also ran into the problem that sometimes, the secret jewels
+that describe the workings of a Kubernetes subsystem are buried deep within the [labyrinthine mind of
+a brilliant engineer](https://github.com/amwat), and not in plain English in a Markdown file. I ran headlong into this issue
+when it came time to update the getting started documentation for end-to-end (e2e) testing.  
+-->
+
+由于 Kubernetes 是一个发展相当迅速的项目，而且开发人员通常对编写文档并不十分感兴趣，所以我也遇到了一个问题，那就是有时候，
+描述 Kubernetes 子系统工作原理的秘密珍宝被深埋在 [天才工程师的迷宫式思维](https://github.com/amwat) 中，而不是用单纯的英文写在 Markdown 文件中。
+当我要更新端到端（e2e）测试的入门文档时，就一头撞上了这个问题。
+
+<!--
+ This portion of my journey took me out of documentation-writing territory and into the role of a
+brand new user of some unfinished software. I ended up working with one of the developers of the new
+[`kubetest2` framework](https://github.com/kubernetes-sigs/kubetest2) to document the latest process of
+getting up-and-running for e2e testing, but it required a lot of head scratching on my part. You can
+judge the results for yourself by checking out my
+[completed pull request](https://github.com/kubernetes/community/pull/5045). 
+-->
+
+这段旅程将我带出了编写文档的领域，进入到一些未完成软件的全新用户角色。最终我花了很多心思与新的 [kubetest2`框架](https://github.com/kubernetes-sigs/kubetest2) 的开发者之一合作，
+记录了最新 e2e 测试的启动和运行过程。
+你可以通过查看我的 [已完成的 pull request](https://github.com/kubernetes/community/pull/5045) 来自己判断结果。
+
+<!--
+ ## Nobody Is the Boss, and Everybody Gives Feedback
+
+But while I secretly expected chaos, the process of contributing to the Kubernetes Development Guide
+and interacting with the amazing Kubernetes community went incredibly smoothly. There was no
+contention. I made no enemies. Everybody was incredibly friendly and welcoming. It was *enjoyable*. 
+-->
+
+## 没有人是老板，每个人都给出反馈。
+
+但当我暗自期待混乱的时候，为 Kubernetes 开发指南做贡献以及与神奇的 Kubernetes 社区互动的过程却非常顺利。
+没有争执，我也没有树敌。每个人都非常友好和热情。这是令人*愉快的*。
+
+<!--
+ With an open source project, there is no one boss. The Kubernetes project, which approaches being
+gargantuan, is split into many different special interest groups (SIGs), working groups, and
+communities. Each has its own regularly scheduled meetings, assigned duties, and elected
+chairpersons. My work intersected with the efforts of both SIG ContribEx (who watch over and seek to
+improve the contributor experience) and SIG Testing (who are in charge of testing). Both of these
+SIGs proved easy to work with, eager for contributions, and populated with incredibly friendly and
+welcoming people. 
+-->
+
+对于一个开源项目，没人是老板。Kubernetes 项目，一个近乎巨大的项目，被分割成许多不同的特殊兴趣小组（SIG）、工作组和社区。
+每个小组都有自己的定期会议、职责分配和主席推选。我的工作与 SIG ContribEx（负责监督并寻求改善贡献者体验）和 SIG Testing（负责测试）的工作有交集。
+事实证明，这两个 SIG 都很容易合作，他们渴望贡献，而且都是非常友好和热情的人。
+
+<!--
+ In an active, living project like Kubernetes, documentation continues to need maintenance, revision,
+and testing alongside the code base. The Development Guide will continue to be crucial to onboarding
+new contributors to the Kubernetes code base, and as our efforts have shown, it is important that
+this guide keeps pace with the evolution of the Kubernetes project. 
+-->
+
+在 Kubernetes 这样一个活跃的、有生命力的项目中，文档仍然需要与代码库一起进行维护、修订和测试。
+开发指南将继续对 Kubernetes 代码库的新贡献者起到至关重要的作用，正如我们的努力所显示的那样，该指南必须与 Kubernetes 项目的发展保持同步。
+
+<!--
+ Joel and I really enjoy interacting with the Kubernetes community and contributing to
+the Development Guide. I really look forward to continuing to not only contributing more, but to
+continuing to build the new friendships I've made in this vast open source community over the past
+few months. 
+-->
+
+Joel 和我非常喜欢与 Kubernetes 社区互动并为开发指南做出贡献。我真的很期待，不仅能继续做出更多贡献，还能继续与过去几个月在这个庞大的开源社区中结识的新朋友进行合作。
diff --git a/content/zh/blog/_posts/2020-10-01-contributing-to-the-development-guide/jorge-castro-code-of-conduct.jpg b/content/zh/blog/_posts/2020-10-01-contributing-to-the-development-guide/jorge-castro-code-of-conduct.jpg
new file mode 100644
index 0000000000..aeea042a7a
Binary files /dev/null and b/content/zh/blog/_posts/2020-10-01-contributing-to-the-development-guide/jorge-castro-code-of-conduct.jpg differ
diff --git a/content/zh/docs/concepts/cluster-administration/flow-control.md b/content/zh/docs/concepts/cluster-administration/flow-control.md
index 6f6b3fdc12..022596a0f2 100644
--- a/content/zh/docs/concepts/cluster-administration/flow-control.md
+++ b/content/zh/docs/concepts/cluster-administration/flow-control.md
@@ -939,10 +939,10 @@ For background information on design details for API priority and fairness, see
 [enhancement proposal](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190228-priority-and-fairness.md).
 You can make suggestions and feature requests via
 [SIG API Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery)
-or the feature's [slack channel](http://kubernetes.slack.com/messages/api-priority-and-fairness).
+or the feature's [slack channel](https://kubernetes.slack.com/messages/api-priority-and-fairness).
 -->
 有关API优先级和公平性的设计细节的背景信息，
 请参阅[增强建议](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190228-priority-and-fairness.md)。
-你可以通过 [SIG APIMachinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery)
-或特性的 [Slack 频道](http://kubernetes.slack.com/messages/api-priority-and-fairness)
+你可以通过 [SIG APIMachinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery/)
+或特性的 [Slack 频道](https://kubernetes.slack.com/messages/api-priority-and-fairness/)
 提出建议和特性请求。
diff --git a/content/zh/docs/concepts/cluster-administration/system-logs.md b/content/zh/docs/concepts/cluster-administration/system-logs.md
index 14e455641b..799b566f6a 100644
--- a/content/zh/docs/concepts/cluster-administration/system-logs.md
+++ b/content/zh/docs/concepts/cluster-administration/system-logs.md
@@ -153,6 +153,55 @@ List of components currently supporting JSON format:
 * {{< glossary_tooltip term_id="kube-scheduler" text="kube-scheduler" >}}
 * {{< glossary_tooltip term_id="kubelet" text="kubelet" >}}
 
+<!--
+### Log sanitization
+
+{{< feature-state for_k8s_version="v1.20" state="alpha" >}}
+
+{{<warning >}}
+Log sanitization might incur significant computation overhead and therefore should not be enabled in production.
+{{< /warning >}}
+-->
+
+### 日志清理
+
+{{< feature-state for_k8s_version="v1.20" state="alpha" >}}
+
+{{<warning >}}
+日志清理可能会导致大量的计算开销，因此不应启用在生产环境中。
+{{< /warning >}}
+
+<!--
+The `--experimental-logging-sanitization` flag enables the klog sanitization filter.
+If enabled all log arguments are inspected for fields tagged as sensitive data (e.g. passwords, keys, tokens) and logging of these fields will be prevented.
+-->
+
+`--experimental-logging-sanitization` 参数可用来启用 klog 清理过滤器。
+如果启用后，将检查所有日志参数中是否有标记为敏感数据的字段（比如：密码，密钥，令牌），并且将阻止这些字段的记录。
+
+<!--
+List of components currently supporting log sanitization:
+* kube-controller-manager
+* kube-apiserver
+* kube-scheduler
+* kubelet
+
+{{< note >}}
+The Log sanitization filter does not prevent user workload logs from leaking sensitive data.
+{{< /note >}}
+-->
+
+当前支持日志清理的组件列表：
+
+* kube-controller-manager
+* kube-apiserver
+* kube-scheduler
+* kubelet
+
+{{< note >}}
+日志清理过滤器不会阻止用户工作负载日志泄漏敏感数据。
+{{< /note >}}
+
 <!--
 ### Log verbosity level
 
diff --git a/content/zh/docs/concepts/cluster-administration/system-metrics.md b/content/zh/docs/concepts/cluster-administration/system-metrics.md
index e5f31b0a54..cc3cb44fa7 100644
--- a/content/zh/docs/concepts/cluster-administration/system-metrics.md
+++ b/content/zh/docs/concepts/cluster-administration/system-metrics.md
@@ -204,7 +204,7 @@ kubelet 在驱动程序上保持打开状态。这意味着为了执行基础结
 现在，收集加速器指标的责任属于供应商，而不是 kubelet。供应商必须提供一个收集指标的容器，
 并将其公开给指标服务（例如 Prometheus）。
 
-[`DisableAcceleratorUsageMetrics` 特性门控](/zh/docs/references/command-line-tools-reference/feature-gates/)
+[`DisableAcceleratorUsageMetrics` 特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)
 禁止由 kubelet 收集的指标。
 关于[何时会在默认情况下启用此功能也有一定规划](https://github.com/kubernetes/enhancements/tree/411e51027db842355bd489691af897afc1a41a5e/keps/sig-node/1867-disable-accelerator-usage-metrics#graduation-criteria)。
 
diff --git a/content/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md b/content/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
index 5873bdd497..e08fa7690d 100644
--- a/content/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
+++ b/content/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
@@ -90,6 +90,6 @@ to disable the timeout restriction. This deprecated feature gate will be removed
   了解如何在自己的环境中启用聚合器。
 * 接下来，了解[安装扩展 API 服务器](/zh/docs/tasks/extend-kubernetes/setup-extension-api-server/)，
   开始使用聚合层。
-* 也可以学习怎样[使用自定义资源定义扩展 Kubernetes API](zh/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)。
+* 也可以学习怎样[使用自定义资源定义扩展 Kubernetes API](/zh/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)。
 * 阅读 [APIService](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#apiservice-v1-apiregistration-k8s-io) 的规范
 
diff --git a/content/zh/docs/concepts/extend-kubernetes/extend-cluster.md b/content/zh/docs/concepts/extend-kubernetes/extend-cluster.md
index f70f5df34e..05af5323d9 100644
--- a/content/zh/docs/concepts/extend-kubernetes/extend-cluster.md
+++ b/content/zh/docs/concepts/extend-kubernetes/extend-cluster.md
@@ -97,7 +97,7 @@ Extensions are software components that extend and deeply integrate with Kuberne
 They adapt it to support new types and new kinds of hardware.
 
 Most cluster administrators will use a hosted or distribution
-instance of Kubernetes. As a result, most Kubernetes users will need to
+instance of Kubernetes. As a result, most Kubernetes users will not need to
 install extensions and fewer will need to author new ones.
 -->
 ## 扩展程序  {#extension}
@@ -105,7 +105,7 @@ install extensions and fewer will need to author new ones.
 扩展程序是指对 Kubernetes 进行扩展和深度集成的软件组件。它们适合用于支持新的类型和新型硬件。
 
 大多数集群管理员会使用托管的或统一分发的 Kubernetes 实例。
-因此，大多数 Kubernetes 用户需要安装扩展程序，而且还有少部分用户甚至需要编写新的扩展程序。
+因此，大多数 Kubernetes 用户不需要安装扩展程序，而且还有少部分用户甚至需要编写新的扩展程序。
 
 <!--
 ## Extension Patterns
@@ -145,21 +145,20 @@ failure.
 <!--
 In the webhook model, Kubernetes makes a network request to a remote service.
 In the *Binary Plugin* model, Kubernetes executes a binary (program).
-Binary plugins are used by the kubelet (e.g. [Flex Volume
-Plugins](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md)
-and [Network
-Plugins](/docs/concepts/cluster-administration/network-plugins/))
+Binary plugins are used by the kubelet (e.g.
+[Flex Volume Plugins](/docs/concepts/storage/volumes/#flexvolume)
+and [Network Plugins](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/))
 and by kubectl.
 -->
 在 webhook 模型里，Kubernetes 向远程服务发送一个网络请求。
 在 *可执行文件插件* 模型里，Kubernetes 执行一个可执行文件（程序）。
 可执行文件插件被 kubelet（如
-[Flex 卷插件](https://github.com/kubernetes/community/blob/master/contributors/devel/flexvolume.md)和
-[网络插件](/zh/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)和
-`kubectl` 所使用。
+[Flex 卷插件](/zh/docs/concepts/storage/volumes/#flexvolume)
+和[网络插件](/zh/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)
+和 `kubectl` 所使用。
 
 <!--
-Below is a diagram showing how the extensions points interact with the
+Below is a diagram showing how the extension points interact with the
 Kubernetes control plane.
 -->
 下图显示了扩展点如何与 Kubernetes 控制平面进行交互。
@@ -184,13 +183,14 @@ This diagram shows the extension points in a Kubernetes system.
 <!-- image source diagrams: https://docs.google.com/drawings/d/1k2YdJgNTtNfW7_A8moIIkij-DmVgEhNrn3y2OODwqQQ/view -->
 
 <!--
-1.   Users often interact with the Kubernetes API using `kubectl`. [Kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/) extend the kubectl binary. They only affect the individual user's local environment, and so cannot enforce site-wide policies.
-2.   The apiserver handles all requests. Several types of extension points in the apiserver allow authenticating requests, or blocking them based on their content, editing content, and handling deletion. These are described in the [API Access Extensions](/docs/concepts/extend-kubernetes/#api-access-extensions) section.
-3.   The apiserver serves various kinds of *resources*. *Built-in resource kinds*, like `pods`, are defined by the Kubernetes project and can't be changed. You can also add resources that you define, or that other projects have defined, called *Custom Resources*, as explained in the [Custom Resources](/docs/concepts/extend-kubernetes/#user-defined-types) section. Custom Resources are often used with API Access Extensions.
-4.   The Kubernetes scheduler decides which nodes to place pods on. There are several ways to extend scheduling. These are described in the [Scheduler Extensions](/docs/concepts/overview/extending#scheduler-extensions) section.
-5.   Much of the behavior of Kubernetes is implemented by programs called Controllers which are clients of the API-Server. Controllers are often used in conjunction with Custom Resources.
-6.   The kubelet runs on servers, and helps pods appear like virtual servers with their own IPs on the cluster network. [Network Plugins](/docs/concepts/overview/extending#network-plugins) allow for different implementations of pod networking.
-7.  The kubelet also mounts and unmounts volumes for containers. New types of storage can be supported via [Storage Plugins](/docs/concepts/overview/extending#storage-plugins).
+1. Users often interact with the Kubernetes API using `kubectl`. [Kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/) extend the kubectl binary. They only affect the individual user's local environment, and so cannot enforce site-wide policies.
+2. The apiserver handles all requests. Several types of extension points in the apiserver allow authenticating requests, or blocking them based on their content, editing content, and handling deletion. These are described in the [API Access Extensions](/docs/concepts/extend-kubernetes/#api-access-extensions) section.
+3. The apiserver serves various kinds of *resources*. *Built-in resource kinds*, like `pods`, are defined by the Kubernetes project and can't be changed. You can also add resources that you define, or that other projects have defined, called *Custom Resources*, as explained in the [Custom Resources](/docs/concepts/extend-kubernetes/#user-defined-types) section. Custom Resources are often used with API Access Extensions.
+4. The Kubernetes scheduler decides which nodes to place pods on. There are several ways to extend scheduling. These are described in the [Scheduler Extensions](/docs/concepts/extend-kubernetes/#scheduler-extensions) section.
+5. Much of the behavior of Kubernetes is implemented by programs called Controllers which are clients of the API-Server. Controllers are often used in conjunction with Custom Resources.
+6. The kubelet runs on servers, and helps pods appear like virtual servers with their own IPs on the cluster network. [Network Plugins](/docs/concepts/extend-kubernetes/#network-plugins) allow for different implementations of pod networking.
+7. The kubelet also mounts and unmounts volumes for containers. New types of storage can be supported via [Storage Plugins](/docs/concepts/extend-kubernetes/#storage-plugins).
+
 -->
 
 1. 用户通常使用 `kubectl` 与 Kubernetes API 进行交互。
@@ -209,9 +209,9 @@ This diagram shows the extension points in a Kubernetes system.
 5. Kubernetes 的大部分行为都是由称为控制器（Controllers）的程序实现的，这些程序是 API 服务器的客户端。
    控制器通常与自定义资源一起使用。
 6. `kubelet` 在主机上运行，并帮助 Pod 看起来就像在集群网络上拥有自己的 IP 的虚拟服务器。
-   [网络插件](/zh/docs/concepts/extend-kubernetes/#network-plugins/)让你可以实现不同的 pod 网络。
+   [网络插件](/zh/docs/concepts/extend-kubernetes/#network-plugins)让你可以实现不同的 pod 网络。
 7. `kubelet` 也负责为容器挂载和卸载卷。新的存储类型可以通过
-   [存储插件](/zh/docs/concepts/extend-kubernetes/#storage-plugins/)支持。
+   [存储插件](/zh/docs/concepts/extend-kubernetes/#storage-plugins)支持。
 
 <!--
 If you are unsure where to start, this flowchart can help. Note that some solutions may involve several types of extensions.
@@ -230,7 +230,7 @@ Consider adding a Custom Resource to Kubernetes if you want to define new contro
 
 Do not use a Custom Resource as data storage for application, user, or monitoring data.
 
-For more about Custom Resources, see the [Custom Resources concept guide](/docs/concepts/api-extension/custom-resources/).
+For more about Custom Resources, see the [Custom Resources concept guide](/docs/concepts/extend-kubernetes/api-extension/custom-resources/).
 -->
 ## API 扩展  {#api-extensions}
 
@@ -343,24 +343,23 @@ After a request is authorized, if it is a write operation, it also goes through
 
 ### Storage Plugins
 
-[Flex Volumes](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/flexvolume-deployment.md
-) allow users to mount volume types without built-in support by having the
+[Flex Volumes](/docs/concepts/storage/volumes/#flexvolume)
+allow users to mount volume types without built-in support by having the
 Kubelet call a Binary Plugin to mount the volume.
 -->
 ## 基础设施扩展
 
 ### 存储插件
 
-[Flex Volumes](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/flexvolume-deployment.md
-)
+[Flex Volumes](/zh/docs/concepts/storage/volumes/#flexvolume)
 允许用户挂载无内置插件支持的卷类型，它通过 Kubelet 调用一个可执行文件插件来挂载卷。
 
 <!--
 ### Device Plugins
 
 Device plugins allow a node to discover new Node resources (in addition to the
-builtin ones like cpu and memory) via a [Device
-Plugin](/docs/concepts/cluster-administration/device-plugins/).
+builtin ones like cpu and memory) via a
+[Device Plugin](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/).
 -->
 ### 设备插件   {#device-plugins}
 
@@ -371,7 +370,8 @@ Plugin](/docs/concepts/cluster-administration/device-plugins/).
 <!--
 ### Network Plugins
 
-Different networking fabrics can be supported via node-level [Network Plugins](/docs/admin/network-plugins/).
+Different networking fabrics can be supported via node-level
+[Network Plugins](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/).
 -->
 ### 网络插件   {#network-plugins}
 
@@ -408,17 +408,21 @@ the nodes chosen for a pod.
 [Webhook](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/scheduling/scheduler_extender.md)，
 它允许使用一个 Webhook 后端（调度器扩展程序）为 Pod 筛选节点和确定节点的优先级。
 
-## {{% heading "whatsnext" %}}
 
 <!--
-* Learn more about [Custom Resources](/docs/concepts/api-extension/custom-resources/)
+## {{% heading "whatsnext" %}}
+
+* Learn more about [Custom Resources](/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
 * Learn about [Dynamic admission control](/docs/reference/access-authn-authz/extensible-admission-controllers/)
 * Learn more about Infrastructure extensions
-  * [Network Plugins](/docs/concepts/cluster-administration/network-plugins/)
-  * [Device Plugins](/docs/concepts/cluster-administration/device-plugins/)
+  * [Network Plugins](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)
+  * [Device Plugins](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/)
 * Learn about [kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/)
 * Learn about the [Operator pattern](/docs/concepts/extend-kubernetes/operator/)
 -->
+## {{% heading "whatsnext" %}}
+
+
 * 详细了解[自定义资源](/zh/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
 * 了解[动态准入控制](/zh/docs/reference/access-authn-authz/extensible-admission-controllers/)
 * 详细了解基础设施扩展
diff --git a/content/zh/docs/concepts/overview/components.md b/content/zh/docs/concepts/overview/components.md
index 2a862f781a..1e42cdcbaa 100644
--- a/content/zh/docs/concepts/overview/components.md
+++ b/content/zh/docs/concepts/overview/components.md
@@ -35,7 +35,7 @@ Here's the diagram of a Kubernetes cluster with all the components tied together
 -->
 <!-- overview -->
 当你部署完 Kubernetes, 即拥有了一个完整的集群。
-{{< glossary_definition term_id="cluster" length="all" prepend="一个 Kubernetes 集群包含">}}
+{{< glossary_definition term_id="cluster" length="all" prepend="一个 Kubernetes">}}
 
 本文档概述了交付正常运行的 Kubernetes 集群所需的各种组件。
 
diff --git a/content/zh/docs/concepts/overview/working-with-objects/labels.md b/content/zh/docs/concepts/overview/working-with-objects/labels.md
index 93f4a350ca..d5dc5821ae 100644
--- a/content/zh/docs/concepts/overview/working-with-objects/labels.md
+++ b/content/zh/docs/concepts/overview/working-with-objects/labels.md
@@ -162,7 +162,7 @@ Three kinds of operators are admitted `=`,`==`,`!=`. The first two represent _eq
 
 _基于等值_ 或 _基于不等值_ 的需求允许按标签键和值进行过滤。
 匹配对象必须满足所有指定的标签约束，尽管它们也可能具有其他标签。
-可接受的运算符有`=`、`==` 和 `！=` 三种。 
+可接受的运算符有`=`、`==` 和 `!=` 三种。 
 前两个表示 _相等_（并且只是同义词），而后者表示 _不相等_。例如：
 
 ```
diff --git a/content/zh/docs/concepts/policy/pod-security-policy.md b/content/zh/docs/concepts/policy/pod-security-policy.md
index 2c80607ed4..86d5ac24e7 100644
--- a/content/zh/docs/concepts/policy/pod-security-policy.md
+++ b/content/zh/docs/concepts/policy/pod-security-policy.md
@@ -1230,7 +1230,7 @@ By default, all safe sysctls are allowed.
 
 - Refer to [Pod Security Policy Reference](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy) for the api details.
 -->
-- 参阅[Pod 安全标准](zh/docs/concepts/security/pod-security-standards/)
+- 参阅[Pod 安全标准](/zh/docs/concepts/security/pod-security-standards/)
   了解策略建议。
 - 阅读 [Pod 安全策略参考](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy)了解 API 细节。
 
diff --git a/content/zh/docs/concepts/scheduling-eviction/taint-and-toleration.md b/content/zh/docs/concepts/scheduling-eviction/taint-and-toleration.md
index c2631fb958..430f0d60b6 100644
--- a/content/zh/docs/concepts/scheduling-eviction/taint-and-toleration.md
+++ b/content/zh/docs/concepts/scheduling-eviction/taint-and-toleration.md
@@ -169,7 +169,7 @@ scheduled onto the node (if it is not yet running on the node).
   则 Kubernetes 不会将 Pod 分配到该节点。
 * 如果未被过滤的污点中不存在 effect 值为 `NoSchedule` 的污点，
   但是存在 effect 值为 `PreferNoSchedule` 的污点，
-  则 Kubernetes 会 *尝试* 将 Pod 分配到该节点。
+  则 Kubernetes 会 *尝试* 不将 Pod 分配到该节点。
 * 如果未被过滤的污点中存在至少一个 effect 值为 `NoExecute` 的污点，
   则 Kubernetes 不会将 Pod 分配到该节点（如果 Pod 还未在节点上运行），
   或者将 Pod 从该节点驱逐（如果 Pod 已经在节点上运行）。
diff --git a/content/zh/docs/concepts/services-networking/connect-applications-service.md b/content/zh/docs/concepts/services-networking/connect-applications-service.md
index 3327b43986..bf54a0f2d0 100644
--- a/content/zh/docs/concepts/services-networking/connect-applications-service.md
+++ b/content/zh/docs/concepts/services-networking/connect-applications-service.md
@@ -316,7 +316,7 @@ The rest of this section will assume you have a Service with a long lived IP
 所以可以通过标准做法，使在集群中的任何 Pod 都能与该 Service 通信（例如：`gethostbyname()`）。
 如果 CoreDNS 没有在运行，你可以参照 
 [CoreDNS README](https://github.com/coredns/deployment/tree/master/kubernetes) 或者 
-[安装 CoreDNS](/docs/tasks/administer-cluster/coredns/#installing-coredns) 来启用它。 
+[安装 CoreDNS](/zh/docs/tasks/administer-cluster/coredns/#installing-coredns) 来启用它。 
 让我们运行另一个 curl 应用来进行测试：
 
 ```shell
diff --git a/content/zh/docs/concepts/services-networking/ingress-controllers.md b/content/zh/docs/concepts/services-networking/ingress-controllers.md
index 7a9c4a8a26..a50312b63d 100644
--- a/content/zh/docs/concepts/services-networking/ingress-controllers.md
+++ b/content/zh/docs/concepts/services-networking/ingress-controllers.md
@@ -49,6 +49,7 @@ Kubernetes 作为一个项目，目前支持和维护
 * The [Citrix ingress controller](https://github.com/citrix/citrix-k8s-ingress-controller#readme) works with
   Citrix Application Delivery Controller.
 * [Contour](https://projectcontour.io/) is an [Envoy](https://www.envoyproxy.io/) based ingress controller.
+* [EnRoute](https://getenroute.io/) is an [Envoy](https://www.envoyproxy.io) based API gateway that can run as an ingress controller.
 -->
 * [AKS 应用程序网关 Ingress 控制器](https://azure.github.io/application-gateway-kubernetes-ingress/)
   是一个配置 [Azure 应用程序网关](https://docs.microsoft.com/azure/application-gateway/overview)
@@ -62,27 +63,29 @@ Kubernetes 作为一个项目，目前支持和维护
 * [Citrix Ingress 控制器](https://github.com/citrix/citrix-k8s-ingress-controller#readme)
   可以用来与 Citrix Application Delivery Controller 一起使用。
 * [Contour](https://projectcontour.io/) 是一个基于 [Envoy](https://www.envoyproxy.io/) 的 Ingress 控制器。
+* [EnRoute](https://getenroute.io/) 是一个基于 [Envoy](https://www.envoyproxy.io) API 网关，
+  可以作为 Ingress 控制器来执行。
 <!--
 * F5 BIG-IP [Container Ingress Services for Kubernetes](https://clouddocs.f5.com/containers/latest/userguide/kubernetes/)
   lets you use an Ingress to configure F5 BIG-IP virtual servers.
 * [Gloo](https://gloo.solo.io) is an open-source ingress controller based on [Envoy](https://www.envoyproxy.io),
   which offers API gateway functionality.
 * [HAProxy Ingress](https://haproxy-ingress.github.io/) is an ingress controller for
-  [HAProxy](http://www.haproxy.org/#desc).
+  [HAProxy](https://www.haproxy.org/#desc).
 * The [HAProxy Ingress Controller for Kubernetes](https://github.com/haproxytech/kubernetes-ingress#readme)
-  is also an ingress controller for [HAProxy](http://www.haproxy.org/#desc).
+  is also an ingress controller for [HAProxy](https://www.haproxy.org/#desc).
 * [Istio Ingress](https://istio.io/latest/docs/tasks/traffic-management/ingress/kubernetes-ingress/)
   is an [Istio](https://istio.io/) based ingress controller.
 -->
 * F5 BIG-IP 的
-  [用于 Kubernetes 的容器 Ingress 服务](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest)
+  [用于 Kubernetes 的容器 Ingress 服务](https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest)
   让你能够使用 Ingress 来配置 F5 BIG-IP 虚拟服务器。
 * [Gloo](https://gloo.solo.io) 是一个开源的、基于 [Envoy](https://www.envoyproxy.io) 的
   Ingress 控制器，能够提供 API 网关功能，
-* [HAProxy Ingress](https://haproxy-ingress.github.io/) 针对 [HAProxy](http://www.haproxy.org/#desc)
+* [HAProxy Ingress](https://haproxy-ingress.github.io/) 针对 [HAProxy](https://www.haproxy.org/#desc)
   的 Ingress 控制器。
 * [用于 Kubernetes 的 HAProxy Ingress 控制器](https://github.com/haproxytech/kubernetes-ingress#readme)
-  也是一个针对 [HAProxy](http://www.haproxy.org/#desc) 的 Ingress 控制器。
+  也是一个针对 [HAProxy](https://www.haproxy.org/#desc) 的 Ingress 控制器。
 * [Istio Ingress](https://istio.io/latest/docs/tasks/traffic-management/ingress/kubernetes-ingress/)
   是一个基于 [Istio](https://istio.io/) 的 Ingress 控制器。
 <!--
@@ -94,7 +97,7 @@ Kubernetes 作为一个项目，目前支持和维护
 * The [Traefik Kubernetes Ingress provider](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) is an
   ingress controller for the [Traefik](https://traefik.io/traefik/) proxy.
 * [Voyager](https://appscode.com/products/voyager) is an ingress controller for
-  [HAProxy](http://www.haproxy.org/#desc).
+  [HAProxy](https://www.haproxy.org/#desc).
 -->
 * [用于 Kubernetes 的 Kong Ingress 控制器](https://github.com/Kong/kubernetes-ingress-controller#readme)
   是一个用来驱动 [Kong Gateway](https://konghq.com/kong/) 的 Ingress 控制器。
@@ -106,7 +109,7 @@ Kubernetes 作为一个项目，目前支持和维护
   设计用来作为构造你自己的定制代理的库。
 * [Traefik Kubernetes Ingress 提供程序](https://doc.traefik.io/traefik/providers/kubernetes-ingress/)
   是一个用于 [Traefik](https://traefik.io/traefik/) 代理的 Ingress 控制器。
-* [Voyager](https://appscode.com/products/voyager) 是一个针对 [HAProxy](http://www.haproxy.org/#desc)
+* [Voyager](https://appscode.com/products/voyager) 是一个针对 [HAProxy](https://www.haproxy.org/#desc)
   的 Ingress 控制器。
 
 <!--
diff --git a/content/zh/docs/concepts/services-networking/service.md b/content/zh/docs/concepts/services-networking/service.md
index 1e4e1125f7..15af8bc000 100644
--- a/content/zh/docs/concepts/services-networking/service.md
+++ b/content/zh/docs/concepts/services-networking/service.md
@@ -65,7 +65,7 @@ Pod 是非永久性资源。
 每个 Pod 都有自己的 IP 地址，但是在 Deployment 中，在同一时刻运行的 Pod 集合可能与稍后运行该应用程序的 Pod 集合不同。
 
 这导致了一个问题： 如果一组 Pod（称为“后端”）为集群内的其他 Pod（称为“前端”）提供功能，
-那么前端如何找出并跟踪要连接的 IP 地址，以便前端可以使用工作量的后端部分？
+那么前端如何找出并跟踪要连接的 IP 地址，以便前端可以使用提供工作负载的后端部分？
 
 进入 _Services_。
 
@@ -348,7 +348,7 @@ each Service port. The value of this field is mirrored by the corresponding
 Endpoints and EndpointSlice objects.
 
 This field follows standard Kubernetes label syntax. Values should either be
-[IANA standard service names](http://www.iana.org/assignments/service-names) or
+[IANA standard service names](https://www.iana.org/assignments/service-names) or
 domain prefixed names such as `mycompany.com/my-custom-protocol`.
 -->
 ### 应用程序协议   {#application-protocol}
@@ -358,8 +358,8 @@ domain prefixed names such as `mycompany.com/my-custom-protocol`.
 此字段的取值会被映射到对应的 Endpoints 和 EndpointSlices 对象。
 
 该字段遵循标准的 Kubernetes 标签语法。
-其值可以是 [IANA 标准服务名称](http://www.iana.org/assignments/service-names)或以域名前缀的名称，
-如 `mycompany.com/my-custom-protocol`。 
+其值可以是 [IANA 标准服务名称](https://www.iana.org/assignments/service-names)
+或以域名为前缀的名称，如 `mycompany.com/my-custom-protocol`。 
 <!--
 ## Virtual IPs and service proxies
 
diff --git a/content/zh/docs/concepts/storage/storage-classes.md b/content/zh/docs/concepts/storage/storage-classes.md
index ae2dbf89b9..3cffd19a17 100644
--- a/content/zh/docs/concepts/storage/storage-classes.md
+++ b/content/zh/docs/concepts/storage/storage-classes.md
@@ -691,7 +691,7 @@ vSphere 存储类有两种制备器
 [弃用](/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/#why-are-we-migrating-in-tree-plugins-to-csi)。
 更多关于 CSI 制备器的详情，请参阅 
 [Kubernetes vSphere CSI 驱动](https://vsphere-csi-driver.sigs.k8s.io/)
-和 [vSphereVolume CSI 迁移](/docs/concepts/storage/volumes/#csi-migration-5)。
+和 [vSphereVolume CSI 迁移](/zh/docs/concepts/storage/volumes/#csi-migration-5)。
 
 <!--
 #### CSI Provisioner {#vsphere-provisioner-csi}
@@ -1356,4 +1356,4 @@ scheduling constraints when choosing an appropriate PersistentVolume for a
 PersistentVolumeClaim.
 -->
 延迟卷绑定使得调度器在为 PersistentVolumeClaim 选择一个合适的
-PersistentVolume 时能考虑到所有 Pod 的调度限制。
\ No newline at end of file
+PersistentVolume 时能考虑到所有 Pod 的调度限制。
diff --git a/content/zh/docs/concepts/workloads/controllers/deployment.md b/content/zh/docs/concepts/workloads/controllers/deployment.md
index 1a39296d58..14214e7066 100644
--- a/content/zh/docs/concepts/workloads/controllers/deployment.md
+++ b/content/zh/docs/concepts/workloads/controllers/deployment.md
@@ -186,7 +186,7 @@ Follow the steps given below to create the above Deployment:
    -->
    * `NAME` 列出了集群中 Deployment 的名称。
    * `READY` 显示应用程序的可用的 _副本_ 数。显示的模式是“就绪个数/期望个数”。
-   * `UP-TO-DATE` 显示为了打到期望状态已经更新的副本数。
+   * `UP-TO-DATE` 显示为了达到期望状态已经更新的副本数。
    * `AVAILABLE` 显示应用可供用户使用的副本数。
    * `AGE` 显示应用程序运行的时间。
 
diff --git a/content/zh/docs/concepts/workloads/controllers/job.md b/content/zh/docs/concepts/workloads/controllers/job.md
index fa27f617d1..e79bf11dc1 100644
--- a/content/zh/docs/concepts/workloads/controllers/job.md
+++ b/content/zh/docs/concepts/workloads/controllers/job.md
@@ -22,7 +22,7 @@ weight: 50
 
 <!-- overview -->
 <!--
-A Job creates one or more Pods and ensures that a specified number of them successfully terminate.
+A Job creates one or more Pods and will continue to retry execution of the Pods until a specified number of them successfully terminate.
 As pods successfully complete, the Job tracks the successful completions.  When a specified number
 of successful completions is reached, the task (ie, Job) is complete.  Deleting a Job will clean up
 the Pods it created.
@@ -33,7 +33,8 @@ due to a node hardware failure or a node reboot).
 
 You can also use a Job to run multiple Pods in parallel.
 -->
-Job 会创建一个或者多个 Pods，并确保指定数量的 Pods 成功终止。
+
+Job 会创建一个或者多个 Pods，并将继续重试 Pods 的执行，直到指定数量的 Pods 成功终止。
 随着 Pods 成功结束，Job 跟踪记录成功完成的 Pods 个数。
 当数量达到指定的成功个数阈值时，任务（即 Job）结束。
 删除 Job 的操作会清除所创建的全部 Pods。
@@ -383,8 +384,8 @@ other Pods for the Job failing around that time.
 可能意味着遇到了配置错误。
 为了实现这点，可以将 `.spec.backoffLimit` 设置为视 Job 为失败之前的重试次数。
 失效回退的限制值默认为 6。
-与 Job 相关的失效的 Pod 会被 Job 控制器重建，并且以指数型回退计算重试延迟
-（从 10 秒、20 秒到 40 秒，最多 6 分钟）。
+与 Job 相关的失效的 Pod 会被 Job 控制器重建，回退重试时间将会按指数增长
+（从 10 秒、20 秒到 40 秒）最多至 6 分钟。
 当 Job 的 Pod 被删除时，或者 Pod 成功时没有其它 Pod 处于失败状态，失效回退的次数也会被重置（为 0）。
 
 <!--
diff --git a/content/zh/docs/concepts/workloads/controllers/ttlafterfinished.md b/content/zh/docs/concepts/workloads/controllers/ttlafterfinished.md
index 7aecf4dc00..91483c5513 100644
--- a/content/zh/docs/concepts/workloads/controllers/ttlafterfinished.md
+++ b/content/zh/docs/concepts/workloads/controllers/ttlafterfinished.md
@@ -136,8 +136,8 @@ very small. Please be aware of this risk when setting a non-zero TTL.
 
 <!--
 * [Clean up Jobs automatically](/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically)
-* [Design doc](https://github.com/kubernetes/enhancements/blob/master/keps/sig-apps/0026-ttl-after-finish.md)
+* [Design doc](https://github.com/kubernetes/enhancements/blob/master/keps/sig-apps/592-ttl-after-finish/README.md)
 -->
 * [自动清理 Job](/zh/docs/concepts/workloads/controllers/job/#clean-up-finished-jobs-automatically)
-* [设计文档](https://github.com/kubernetes/enhancements/blob/master/keps/sig-apps/0026-ttl-after-finish.md)
+* [设计文档](https://github.com/kubernetes/enhancements/blob/master/keps/sig-apps/592-ttl-after-finish/README.md)
 
diff --git a/content/zh/docs/reference/access-authn-authz/rbac.md b/content/zh/docs/reference/access-authn-authz/rbac.md
index 78cc25e2dd..de429ce909 100644
--- a/content/zh/docs/reference/access-authn-authz/rbac.md
+++ b/content/zh/docs/reference/access-authn-authz/rbac.md
@@ -765,7 +765,7 @@ subjects:
 <!-- 
 For all service accounts in the "dev" group in the "development" namespace:
 -->
-对于 "dev" 名称空间中 "development" 组中的所有服务帐户：
+对于 "development" 名称空间中 "dev" 组中的所有服务帐户：
 
 ```yaml
 subjects:
diff --git a/content/zh/docs/reference/command-line-tools-reference/feature-gates.md b/content/zh/docs/reference/command-line-tools-reference/feature-gates.md
index 35021d0af0..4a302d4793 100644
--- a/content/zh/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/zh/docs/reference/command-line-tools-reference/feature-gates.md
@@ -210,7 +210,8 @@ different Kubernetes components.
 | `TokenRequestProjection` | `false` | Alpha | 1.11 | 1.11 |
 | `TokenRequestProjection` | `true` | Beta | 1.12 | |
 | `TTLAfterFinished` | `false` | Alpha | 1.12 | |
-| `TopologyManager` | `false` | Alpha | 1.16 | |
+| `TopologyManager` | `false` | Alpha | 1.16 | 1.17 |
+| `TopologyManager` | `true` | Beta | 1.18 | |
 | `ValidateProxyRedirects` | `false` | Alpha | 1.12 | 1.13 |
 | `ValidateProxyRedirects` | `true` | Beta | 1.14 | |
 | `VolumeSnapshotDataSource` | `false` | Alpha | 1.12 | 1.16 |
diff --git a/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md b/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md
index a70f08bea1..60f3772c07 100644
--- a/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md
+++ b/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md
@@ -1,148 +1,558 @@
 ---
-approvers:
-- ericchiang
+title: TLS 启动引导
+content_type: concept
+---
+<!--
+reviewers:
 - mikedanese
-- jcbsmpsn
+- liggitt
+- smarterclayton
+- awly
 title: TLS bootstrapping
----
+content_type: concept
+-->
 
-{{< toc >}}
+<!-- overview -->
 
-## Overview
+<!--
+In a Kubernetes cluster, the components on the worker nodes - kubelet and kube-proxy - need to communicate with Kubernetes master components, specifically kube-apiserver.
+In order to ensure that communication is kept private, not interfered with, and ensure that each component of the cluster is talking to another trusted component, we strongly
+recommend using client TLS certificates on nodes.
+-->
+在一个 Kubernetes 集群中，工作节点上的组件（kubelet 和 kube-proxy）需要与
+Kubernetes 主控组件通信，尤其是 kube-apiserver。
+为了确保通信本身是私密的、不被干扰，并且确保集群的每个组件都在与另一个
+可信的组件通信，我们强烈建议使用节点上的客户端 TLS 证书。
 
-This document describes how to set up TLS client certificate bootstrapping for kubelets.
-Kubernetes 1.4 introduced an API for requesting certificates from a cluster-level Certificate Authority (CA). The original intent of this API is to enable provisioning of TLS client certificates for kubelets. The proposal can be found [here](https://github.com/kubernetes/kubernetes/pull/20439)
-and progress on the feature is being tracked as [feature #43](https://github.com/kubernetes/features/issues/43).
+<!--
+The normal process of bootstrapping these components, especially worker nodes that need certificates so they can communicate safely with kube-apiserver,
+can be a challenging process as it is often outside of the scope of Kubernetes and requires significant additional work.
+This in turn, can make it challenging to initialize or scale a cluster.
+-->
+启动引导这些组件的正常过程，尤其是需要证书来与 kube-apiserver 安全通信的
+工作节点，可能会是一个具有挑战性的过程，因为这一过程通常不受 Kubernetes 控制，
+需要不少额外工作。
+这也使得初始化或者扩缩一个集群的操作变得具有挑战性。
 
+<!--
+In order to simplify the process, beginning in version 1.4, Kubernetes introduced a certificate request and signing API to simplify the process. The proposal can be
+found [here](https://github.com/kubernetes/kubernetes/pull/20439).
+
+This document describes the process of node initialization, how to set up TLS client certificate bootstrapping for
+kubelets, and how it works.
+-->
+为了简化这一过程，从 1.4 版本开始，Kubernetes 引入了一个证书请求和签名
+API 以便简化此过程。该提案可在
+[这里](https://github.com/kubernetes/kubernetes/pull/20439)看到。
+
+本文档描述节点初始化的过程，如何为 kubelet 配置 TLS 客户端证书启动引导，
+以及其背后的工作原理。
+
+<!-- body -->
+
+<!--
+## Initialization Process
+
+When a worker node starts up, the kubelet does the following:
+-->
+## 初始化过程   {#initialization-process}
+
+当工作节点启动时，kubelet 执行以下操作：
+
+<!--
+1. Look for its `kubeconfig` file
+2. Retrieve the URL of the API server and credentials, normally a TLS key and signed certificate from the `kubeconfig` file
+3. Attempt to communicate with the API server using the credentials.
+-->
+1. 寻找自己的 `kubeconfig` 文件
+2. 检索 API 服务器的 URL 和凭据，通常是来自 `kubeconfig` 文件中的
+   TLS 密钥和已签名证书
+3. 尝试使用这些凭据来与 API 服务器通信
+
+<!--
+Assuming that the kube-apiserver successfully validates the kubelet's credentials, it will treat the kubelet as a valid node, and begin to assign pods to it.
+
+Note that the above process depends upon:
+
+* Existence of a key and certificate on the local host in the `kubeconfig`
+* The certificate having been signed by a Certificate Authority (CA) trusted by the kube-apiserver
+-->
+假定 kube-apiserver 成功地认证了 kubelet 的凭据数据，它会将 kubelet 视为
+一个合法的节点并开始将 Pods 分派给该节点。
+
+注意，签名的过程依赖于：
+
+* `kubeconfig` 中包含密钥和本地主机的证书
+* 证书被 kube-apiserver 所信任的一个证书机构（CA）所签名
+
+<!--
+All of the following are responsibilities of whoever sets up and manages the cluster:
+
+1. Creating the CA key and certificate
+2. Distributing the CA certificate to the master nodes, where kube-apiserver is running
+3. Creating a key and certificate for each kubelet; strongly recommended to have a unique one, with a unique CN, for each kubelet
+4. Signing the kubelet certificate using the CA key
+5. Distributing the kubelet key and signed certificate to the specific node on which the kubelet is running
+
+The TLS Bootstrapping described in this document is intended to simplify, and partially or even completely automate, steps 3 onwards, as these are the most common when initializing or scaling
+a cluster.
+-->
+负责部署和管理集群的人有以下责任：
+
+1. 创建 CA 密钥和证书
+2. 将 CA 证书发布到 kube-apiserver 运行所在的主控节点上
+3. 为每个 kubelet 创建密钥和证书；强烈建议为每个 kubelet 使用独一无二的、
+   CN 取值与众不同的密钥和证书
+4. 使用 CA 密钥对 kubelet 证书签名
+5. 将 kubelet 密钥和签名的证书发布到 kubelet 运行所在的特定节点上
+
+本文中描述的 TLS 启动引导过程有意简化甚至完全自动化上述过程，尤其是
+第三步之后的操作，因为这些步骤是初始化或者扩缩集群时最常见的操作。
+
+<!--
+### Bootstrap Initialization
+
+In the bootstrap initialization process, the following occurs:
+-->
+### 启动引导初始化   {#bootstrap-initialization}
+
+在启动引导初始化过程中，会发生以下事情：
+
+<!--
+1. kubelet begins
+2. kubelet sees that it does _not_ have a `kubeconfig` file
+3. kubelet searches for and finds a `bootstrap-kubeconfig` file
+4. kubelet reads its bootstrap file, retrieving the URL of the API server and a limited usage "token"
+5. kubelet connects to the API server, authenticates using the token
+6. kubelet now has limited credentials to create and retrieve a certificate signing request (CSR)
+7. kubelet creates a CSR for itself with the signerName set to `kubernetes.io/kube-apiserver-client-kubelet`
+8. CSR is approved in one of two ways:
+  * If configured, kube-controller-manager automatically approves the CSR
+  * If configured, an outside process, possibly a person, approves the CSR using the Kubernetes API or via `kubectl`
+9. Certificate is created for the kubelet
+-->
+1. kubelet 启动
+2. kubelet 看到自己 *没有* 对应的 `kubeconfig` 文件
+3. kubelet 搜索并发现 `bootstrap-kubeconfig` 文件
+4. kubelet 读取该启动引导文件，从中获得 API 服务器的 URL 和用途有限的
+   一个“令牌（Token）”
+5. kubelet 建立与 API 服务器的连接，使用上述令牌执行身份认证
+6. kubelet 现在拥有受限制的凭据来创建和取回证书签名请求（CSR）
+7. kubelet 为自己创建一个 CSR，并将其 signerName 设置为 `kubernetes.io/kube-apiserver-client-kubelet`
+8. CSR 被以如下两种方式之一批复：
+  * 如果配置了，kube-controller-manager 会自动批复该 CSR
+  * 如果配置了，一个外部进程，或者是人，使用 Kubernetes API 或者使用 `kubectl`
+    来批复该 CSR
+9. kubelet 所需要的证书被创建
+<!--
+10. Certificate is issued to the kubelet
+11. kubelet retrieves the certificate
+12. kubelet creates a proper `kubeconfig` with the key and signed certificate
+13. kubelet begins normal operation
+14. Optional: if configured, kubelet automatically requests renewal of the certificate when it is close to expiry
+15. The renewed certificate is approved and issued, either automatically or manually, depending on configuration.
+-->
+10. 证书被发放给 kubelet
+11. kubelet 取回该证书
+12. kubelet 创建一个合适的 `kubeconfig`，其中包含密钥和已签名的证书
+13. kubelet 开始正常操作
+14. 可选地，如果配置了，kubelet 在证书接近于过期时自动请求更新证书
+15. 更新的证书被批复并发放；取决于配置，这一过程可能是自动的或者手动完成
+
+<!--
+The rest of this document describes the necessary steps to configure TLS Bootstrapping, and its limitations.
+-->
+本文的其余部分描述配置 TLS 启动引导的必要步骤及其局限性。
+
+<!--
+## Configuration
+
+To configure for TLS bootstrapping and optional automatic approval, you must configure options on the following components:
+
+* kube-apiserver
+* kube-controller-manager
+* kubelet
+* in-cluster resources: `ClusterRoleBinding` and potentially `ClusterRole`
+
+In addition, you need your Kubernetes Certificate Authority (CA).
+-->
+## 配置    {#configuration}
+
+要配置 TLS 启动引导及可选的自动批复，你必须配置以下组件的选项：
+
+* kube-apiserver
+* kube-controller-manager
+* kubelet
+* 集群内的资源：`ClusterRoleBinding` 以及可能需要的 `ClusterRole`
+
+此外，你需要有 Kubernetes 证书机构（Certificate Authority，CA）。
+
+<!--
+## Certificate Authority
+
+As without bootstrapping, you will need a Certificate Authority (CA) key and certificate. As without bootstrapping, these will be used
+to sign the kubelet certificate. As before, it is your responsibility to distribute them to master nodes.
+-->
+## 证书机构   {#certificate-authority}
+
+就像在没有启动引导的情况下，你会需要证书机构（CA）密钥和证书。
+这些数据会被用来对 kubelet 证书进行签名。
+如前所述，将证书机构密钥和证书发布到主控节点是你的责任。
+
+<!--
+For the purposes of this document, we will assume these have been distributed to master nodes at `/var/lib/kubernetes/ca.pem` (certificate) and `/var/lib/kubernetes/ca-key.pem` (key).
+We will refer to these as "Kubernetes CA certificate and key".
+
+All Kubernetes components that use these certificates - kubelet, kube-apiserver, kube-controller-manager - assume the key and certificate to be PEM-encoded.
+-->
+就本文而言，我们假定这些数据被发布到主控节点上的
+`/var/lib/kubernetes/ca.pem`（证书）和
+`/var/lib/kubernetes/ca-key.pem`（密钥）文件中。
+我们将这两个文件称作“Kubernetes CA 证书和密钥”。
+所有 Kubernetes 组件（kubelet、kube-apiserver、kube-controller-manager）都使用
+这些凭据，并假定这里的密钥和证书都是 PEM 编码的。
+
+<!--
 ## kube-apiserver configuration
 
-The API server should be configured with an [authenticator](/zh/docs/reference/access-authn-authz/authentication/) that can authenticate tokens as a user in the `system:bootstrappers` group.
+The kube-apiserver has several requirements to enable TLS bootstrapping:
 
-This group will later be used in the controller-manager configuration to scope approvals in the default approval
-controller. As this feature matures, you should ensure tokens are bound to a Role-Based Access Control (RBAC) policy which limits requests
-(using the bootstrap token) strictly to client requests related to certificate provisioning. With RBAC in place, scoping the tokens to a group allows for great flexibility (e.g. you could disable a particular bootstrap group's access when you are done provisioning the nodes).
+* Recognizing CA that signs the client certificate
+* Authenticating the bootstrapping kubelet to the `system:bootstrappers` group
+* Authorize the bootstrapping kubelet to create a certificate signing request (CSR)
+-->
+## kube-apiserver 配置   {#kube-apiserver-configuration}
 
-While any authentication strategy can be used for the kubelet's initial bootstrap credentials, the following two authenticators are recommended for ease of provisioning.
+启用 TLS 启动引导对 kube-apiserver 有若干需求：
 
-1. [Bootstrap Tokens](/docs/admin/bootstrap-tokens/) - __alpha__
-2. [Token authentication file](###token-authentication-file)
+* 能够识别对客户端证书进行签名的 CA
+* 能够对启动引导的 kubelet 执行身份认证，并将其置入 `system:bootstrappers` 组
+* 能够对启动引导的 kubelet 执行鉴权操作，允许其创建证书签名请求（CSR）
 
-Using bootstrap tokens is currently __alpha__ and will simplify the management of bootstrap token management especially in a HA scenario.
+<!--
+### Recognizing client certificates
 
-### Token authentication file
-Tokens are arbitrary but should represent at least 128 bits of entropy derived from a secure random number
-generator (such as /dev/urandom on most modern systems). There are multiple ways you can generate a token. For example:
+This is normal for all client certificate authentication.
+If not already set, add the `--client-ca-file=FILENAME` flag to the kube-apiserver command to enable
+client certificate authentication, referencing a certificate authority bundle
+containing the signing certificate, for example
+`--client-ca-file=/var/lib/kubernetes/ca.pem`.
+-->
+### 识别客户证书    {#recognizing-client-certificates}
 
-`head -c 16 /dev/urandom | od -An -t x | tr -d ' '`
+对于所有客户端证书的认证操作而言，这是很常见的。
+如果还没有设置，要为 kube-apiserver 命令添加 `--client-ca-file=FILENAME`
+标志来启用客户端证书认证，在标志中引用一个包含用来签名的证书的证书机构包，
+例如：`--client-ca-file=/var/lib/kubernetes/ca.pem`。
 
-will generate tokens that look like `02b50b05283e98dd0fd71db496ef01e8`
+<!--
+### Initial bootstrap authentication
 
-The token file should look like the following example, where the first three values can be anything and the quoted group
-name should be as depicted:
+In order for the bootstrapping kubelet to connect to kube-apiserver and request a certificate, it must first authenticate to the server.
+You can use any [authenticator](/docs/reference/access-authn-authz/authentication/) that can authenticate the kubelet.
+-->
+### 初始启动引导认证     {#initial-bootstrap-authentication}
+
+为了让启动引导的 kubelet 能够连接到 kube-apiserver 并请求证书，
+它必须首先在服务器上认证自身身份。你可以使用任何一种能够对 kubelet 执行身份认证的
+[身份认证组件](/zh/docs/reference/access-authn-authz/authentication/)。
+
+<!--
+While any authentication strategy can be used for the kubelet's initial
+bootstrap credentials, the following two authenticators are recommended for ease
+of provisioning.
+
+1. [Bootstrap Tokens](#bootstrap-tokens)
+2. [Token authentication file](#token-authentication-file)
+-->
+尽管所有身份认证策略都可以用来对 kubelet 的初始启动凭据来执行认证，
+出于容易准备的因素，建议使用如下两个身份认证组件：
+
+1. [启动引导令牌（Bootstrap Token）](#bootstrap-tokens)
+2. [令牌认证文件](#token-authentication-file)
+
+<!--
+Bootstrap tokens are a simpler and more easily managed method to authenticate kubelets, and do not require any additional flags when starting kube-apiserver.
+Using bootstrap tokens is currently __beta__ as of Kubernetes version 1.12.
+-->
+启动引导令牌是一种对 kubelet 进行身份认证的方法，相对简单且容易管理，
+且不需要在启动 kube-apiserver 时设置额外的标志。
+启动引导令牌从 Kubernetes 1.12 开始是一种 __Beta__ 功能特性。
+
+<!--
+Whichever method you choose, the requirement is that the kubelet be able to authenticate as a user with the rights to:
+
+1. create and retrieve CSRs
+2. be automatically approved to request node client certificates, if automatic approval is enabled.
+-->
+无论选择哪种方法，这里的需求是 kubelet 能够被身份认证为某个具有如下权限的用户：
+
+1. 创建和读取 CSR
+2. 在启用了自动批复时，能够在请求节点客户端证书时得到自动批复
+
+<!--
+A kubelet authenticating using bootstrap tokens is authenticated as a user in the group `system:bootstrappers`, which is the standard method to use.
+-->
+使用启动引导令牌执行身份认证的 kubelet 会被认证为 `system:bootstrappers`
+组中的用户。这是使用启动引导令牌的一种标准方法。
+
+<!--
+As this feature matures, you
+should ensure tokens are bound to a Role Based Access Control (RBAC) policy
+which limits requests (using the [bootstrap
+token](/docs/reference/access-authn-authz/bootstrap-tokens/)) strictly to client
+requests related to certificate provisioning. With RBAC in place, scoping the
+tokens to a group allows for great flexibility. For example, you could disable a
+particular bootstrap group's access when you are done provisioning the nodes.
+-->
+随着这个功能特性的逐渐成熟，你需要确保令牌绑定到某基于角色的的访问控制（RBAC）
+策略上，从而严格限制请求（使用[启动引导令牌](/zh/docs/reference/access-authn-authz/bootstrap-tokens/)）
+仅限于客户端申请提供证书。当 RBAC 被配置启用时，可以将令牌限制到某个组，从而
+提高灵活性。例如，你可以在准备节点期间禁止某特定启动引导组的访问。
+
+<!--
+#### Bootstrap tokens
+
+Bootstrap tokens are described in detail [here](/docs/reference/access-authn-authz/bootstrap-tokens/). These are tokens that are stored as secrets in the Kubernetes cluster,
+and then issued to the individual kubelet. You can use a single token for an entire cluster, or issue one per worker node.
+-->
+#### 启动引导令牌   {#bootstrap-tokens}
+
+启动引导令牌的细节在[这里](/zh/docs/reference/access-authn-authz/bootstrap-tokens/)
+详述。启动引导令牌在 Kubernetes 集群中存储为 Secret 对象，被发放给各个 kubelet。
+你可以在整个集群中使用同一个令牌，也可以为每个节点发放单独的令牌。
+
+<!--
+The process is two-fold:
+
+1. Create a Kubernetes secret with the token ID, secret and scope(s).
+2. Issue the token to the kubelet
+-->
+这一过程有两个方面：
+
+1. 基于令牌 ID、机密数据和范畴信息创建 Kubernetes Secret
+2. 将令牌发放给 kubelet
+
+<!--
+From the kubelet's perspective, one token is like another and has no special meaning.
+From the kube-apiserver's perspective, however, the bootstrap token is special. Due to its `Type`, `namespace` and `name`, kube-apiserver recognizes it as a special token,
+and grants anyone authenticating with that token special bootstrap rights, notably treating them as a member of the `system:bootstrappers` group. This fulfills a basic requirement
+for TLS bootstrapping.
+-->
+从 kubelet 的角度，所有令牌看起来都很像，没有特别的含义。
+从 kube-apiserver 服务器的角度，启动引导令牌是很特殊的。
+根据其 `type`、`namespace` 和 `name`，kube-apiserver 能够将认作特殊的令牌，
+并授予携带该令牌的任何人特殊的启动引导权限，换言之，将其视为
+`system:bootstrappers` 组的成员。这就满足了 TLS 启动引导的基本需求。
+
+<!--
+The details for creating the secret are available [here](/docs/reference/access-authn-authz/bootstrap-tokens/).
+
+If you want to use bootstrap tokens, you must enable it on kube-apiserver with the flag:
+-->
+关于创建 Secret 的进一步细节可访问[这里](/zh/docs/reference/access-authn-authz/bootstrap-tokens/)。
+
+如果你希望使用启动引导令牌，你必须在 kube-apiserver 上使用下面的标志启用之：
+
+```
+--enable-bootstrap-token-auth=true
+```
+
+<!--
+#### Token authentication file
+
+kube-apiserver has an ability to accept tokens as authentication.
+These tokens are arbitrary but should represent at least 128 bits of entropy derived
+from a secure random number generator (such as `/dev/urandom` on most modern Linux
+systems). There are multiple ways you can generate a token. For example:
+-->
+#### 令牌认证文件    {#token-authentication-file}
+
+kube-apiserver 能够将令牌视作身份认证依据。
+这些令牌可以是任意数据，但必须表示为基于某安全的随机数生成器而得到的
+至少 128 位混沌数据。这里的随机数生成器可以是现代 Linux 系统上的
+`/dev/urandom`。生成令牌的方式有很多种。例如：
+
+```
+head -c 16 /dev/urandom | od -An -t x | tr -d ' '
+```
+
+<!--
+will generate tokens that look like `02b50b05283e98dd0fd71db496ef01e8`.
+
+The token file should look like the following example, where the first three
+values can be anything and the quoted group name should be as depicted:
+-->
+上面的命令会生成类似于 `02b50b05283e98dd0fd71db496ef01e8` 这样的令牌。 
+
+令牌文件看起来是下面的例子这样，其中前面三个值可以是任何值，用引号括起来
+的组名称则只能用例子中给的值。
 
 ```
 02b50b05283e98dd0fd71db496ef01e8,kubelet-bootstrap,10001,"system:bootstrappers"
 ```
 
-Add the `--token-auth-file=FILENAME` flag to the kube-apiserver command (in your systemd unit file perhaps) to enable the token file.
-See docs [here](/docs/admin/authentication/#static-token-file) for further details.
+<!--
+Add the `--token-auth-file=FILENAME` flag to the kube-apiserver command (in your
+systemd unit file perhaps) to enable the token file.  See docs
+[here](/docs/reference/access-authn-authz/authentication/#static-token-file) for
+further details.
+-->
+向 kube-apiserver 添加 `--token-auth-file=FILENAME` 标志（或许这要对 systemd
+的单元文件作修改）以启用令牌文件。参见
+[这里](/zh/docs/reference/access-authn-authz/authentication/#static-token-file)
+的文档以了解进一步的细节。
 
-### Client certificate CA bundle
+<!--
+### Authorize kubelet to create CSR
 
-Add the `--client-ca-file=FILENAME` flag to the kube-apiserver command to enable client certificate authentication,
-referencing a certificate authority bundle containing the signing certificate (e.g. `--client-ca-file=/var/lib/kubernetes/ca.pem`).
+Now that the bootstrapping node is _authenticated_ as part of the `system:bootstrappers` group, it needs to be _authorized_ to create a certificate signing request (CSR) as well as retrieve it when done. Fortunately, Kubernetes ships with a `ClusterRole` with precisely these (and just these) permissions, `system:node-bootstrapper`.
 
+To do this, you just need to create a `ClusterRoleBinding` that binds the `system:bootstrappers` group to the cluster role `system:node-bootstrapper`.
+-->
+### 授权 kubelet 创建 CSR    {#authorize-kubelet-to-create-csr}
+
+现在启动引导节点被身份认证为 `system:bootstrapping` 组的成员，它需要被 _授权_
+创建证书签名请求（CSR）并在证书被签名之后将其取回。
+幸运的是，Kubernetes 提供了一个 `ClusterRole`，其中精确地封装了这些许可，
+`system:node-bootstrapper`。
+
+为了实现这一点，你只需要创建 `ClusterRoleBinding`，将 `system:bootstrappers`
+组绑定到集群角色 `system:node-bootstrapper`。
+
+```
+# 允许启动引导节点创建 CSR
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: create-csrs-for-bootstrapping
+subjects:
+- kind: Group
+  name: system:bootstrappers
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: system:node-bootstrapper
+  apiGroup: rbac.authorization.k8s.io
+```
+
+<!--
 ## kube-controller-manager configuration
-The API for requesting certificates adds a certificate-issuing control loop to the Kubernetes Controller Manager. This takes the form of a
-[cfssl](https://blog.cloudflare.com/introducing-cfssl/) local signer using assets on disk. Currently, all certificates issued have one year validity and a default set of key usages.
 
-### Signing assets
-You must provide a Certificate Authority in order to provide the cryptographic materials necessary to issue certificates.
-This CA should be trusted by kube-apiserver for authentication with the `--client-ca-file=FILENAME` flag. The management
-of the CA is beyond the scope of this document but it is recommended that you generate a dedicated CA for Kubernetes.
-Both certificate and key are assumed to be PEM-encoded.
+While the apiserver receives the requests for certificates from the kubelet and authenticates those requests,
+the controller-manager is responsible for issuing actual signed certificates.
+-->
+## kube-controller-manager 配置   {#kube-controller-manager-configuration}
 
-The kube-controller-manager flags are:
+API 服务器从 kubelet 收到证书请求并对这些请求执行身份认证，但真正负责发放
+签名证书的是控制器管理器。
+
+<!--
+The controller-manager performs this function via a certificate-issuing control loop.
+This takes the form of a
+[cfssl](https://blog.cloudflare.com/introducing-cfssl/) local signer using
+assets on disk. Currently, all certificates issued have one year validity and a
+default set of key usages.
+-->
+控制器管理器通过一个证书发放的控制回路来执行此操作。该操作的执行方式是使用磁盘上
+的文件用 [cfssl](https://blog.cloudflare.com/introducing-cfssl/) 本地签名组件
+来完成。目前，所发放的所有证书都有一年的有效期，并设定了默认的一组密钥用法。
+
+<!--
+In order for the controller-manager to sign certificates, it needs the following:
+
+* access to the "Kubernetes CA key and certificate" that you created and distributed
+* enabling CSR signing
+-->
+为了让控制器管理器对证书签名，它需要：
+
+* 能够访问你之前所创建并分发的“Kubernetes CA 密钥和证书”
+* 启用 CSR 签名
+
+<!--
+### Access to key and certificate
+
+As described earlier, you need to create a Kubernetes CA key and certificate, and distribute it to the master nodes.
+These will be used by the controller-manager to sign the kubelet certificates.
+-->
+### 访问密钥和证书   {#access-to-key-and-certificate}
+
+如前所述，你需要创建一个 Kubernetes CA 密钥和证书，并将其发布到主控节点。
+这些数据会被控制器管理器来对 kubelet 证书进行签名。
+
+<!--
+Since these signed certificates will, in turn, be used by the kubelet to authenticate as a regular kubelet to kube-apiserver, it is important that the CA
+provided to the controller-manager at this stage also be trusted by kube-apiserver for authentication. This is provided to kube-apiserver
+with the flag `--client-ca-file=FILENAME` (for example, `--client-ca-file=/var/lib/kubernetes/ca.pem`), as described in the kube-apiserver configuration section.
+
+To provide the Kubernetes CA key and certificate to kube-controller-manager, use the following flags:
+-->
+由于这些被签名的证书反过来会被 kubelet 用来在 kube-apiserver 执行普通的
+kubelet 身份认证，很重要的一点是为控制器管理器所提供的 CA 也被 kube-apiserver
+信任用来执行身份认证。CA 密钥和证书是通过 kube-apiserver 的标志
+`--client-ca-file=FILENAME`（例如，`--client-ca-file=/var/lib/kubernetes/ca.pem`)，
+来设定的，正如 kube-apiserver 配置节所述。
+
+要将 Kubernetes CA 密钥和证书提供给 kube-controller-manager，可使用以下标志：
 
 ```
 --cluster-signing-cert-file="/etc/path/to/kubernetes/ca/ca.crt" --cluster-signing-key-file="/etc/path/to/kubernetes/ca/ca.key"
 ```
 
-### Approval controller
-
-In 1.7 the experimental "group auto approver" controller is dropped in favor of the new `csrapproving` controller
-that ships as part of [kube-controller-manager](/docs/admin/kube-controller-manager/) and is enabled by default.
-The controller uses the [`SubjectAccessReview` API](/docs/admin/authorization/#checking-api-access) to determine
-if a given user is authorized to request a CSR, then approves based on the authorization outcome. To prevent
-conflicts with other approvers, the builtin approver doesn't explicitly deny CSRs, only ignoring unauthorized requests.
-
-The controller categorizes CSRs into three subresources:
-
-1. `nodeclient` - a request by a user for a client certificate with `O=system:nodes` and `CN=system:node:(node name)`.
-2. `selfnodeclient` - a node renewing a client certificate with the same `O` and `CN`.
-3. `selfnodeserver` - a node renewing a serving certificate. (ALPHA, requires feature gate)
-
-The checks to determine if a CSR is a `selfnodeserver` request is currently tied to the kubelet's credential rotation
-implementation, an __alpha__ feature. As such, the definition of `selfnodeserver` will likely change in a future and
-requires the `RotateKubeletServerCertificate` feature gate on the controller manager. The feature progress can be
-tracked at [kubernetes/features#267](https://github.com/kubernetes/features/issues/267).
+<!--
+For example:
+-->
+例如：
 
 ```
---feature-gates=RotateKubeletServerCertificate=true
+--cluster-signing-cert-file="/var/lib/kubernetes/ca.pem" --cluster-signing-key-file="/var/lib/kubernetes/ca-key.pem"
 ```
 
-The following RBAC `ClusterRoles` represent the `nodeclient`, `selfnodeclient`, and `selfnodeserver` capabilities. Similar roles
-may be automatically created in future releases.
+<!--
+The validity duration of signed certificates can be configured with flag:
+-->
+所签名的证书的合法期限可以通过下面的标志来配置：
 
-```yml
-# A ClusterRole which instructs the CSR approver to approve a user requesting
-# node client credentials.
-kind: ClusterRole
+```
+--cluster-signing-duration
+```
+
+<!--
+### Approval
+
+In order to approve CSRs, you need to tell the controller-manager that it is acceptable to approve them. This is done by granting
+RBAC permissions to the correct group.
+-->
+### 批复    {#approval}
+
+为了对 CSR 进行批复，你需要告诉控制器管理器批复这些 CSR 是可接受的。
+这是通过将 RBAC 访问权限授予正确的组来实现的。
+
+<!--
+There are two distinct sets of permissions:
+
+* `nodeclient`: If a node is creating a new certificate for a node, then it does not have a certificate yet. It is authenticating using one of the tokens listed above, and thus is part of the group `system:bootstrappers`.
+* `selfnodeclient`: If a node is renewing its certificate, then it already has a certificate (by definition), which it uses continuously to authenticate as part of the group `system:nodes`.
+-->
+许可权限有两组：
+
+* `nodeclient`：如果节点在为节点创建新的证书，则该节点还没有证书。该节点
+  使用前文所列的令牌之一来执行身份认证，因此是组 `system:bootstrappers` 组
+  的成员。
+* `selfnodeclient`：如果节点在对证书执行续期操作，则该节点已经拥有一个证书。
+  节点持续使用现有的证书将自己认证为 `system:nodes` 组的成员。
+
+<!--
+To enable the kubelet to request and receive a new certificate, create a `ClusterRoleBinding` that binds the group in which the bootstrapping node is a member `system:bootstrappers` to the `ClusterRole` that grants it permission, `system:certificates.k8s.io:certificatesigningrequests:nodeclient`:
+-->
+要允许 kubelet 请求并接收新的证书，可以创建一个 `ClusterRoleBinding` 将启动
+引导节点所处的组 `system:bootstrappers` 绑定到为其赋予访问权限的
+`ClusterRole` `system:certificates.k8s.io:certificatesigningrequests:nodeclient`：
+
+```yaml
+# 批复 "system:bootstrappers" 组的所有 CSR
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: approve-node-client-csr
-rules:
-- apiGroups: ["certificates.k8s.io"]
-  resources: ["certificatesigningrequests/nodeclient"]
-  verbs: ["create"]
----
-# A ClusterRole which instructs the CSR approver to approve a node renewing its
-# own client credentials.
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: approve-node-client-renewal-csr
-rules:
-- apiGroups: ["certificates.k8s.io"]
-  resources: ["certificatesigningrequests/selfnodeclient"]
-  verbs: ["create"]
----
-# A ClusterRole which instructs the CSR approver to approve a node requesting a
-# serving cert matching its client cert.
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: approve-node-server-renewal-csr
-rules:
-- apiGroups: ["certificates.k8s.io"]
-  resources: ["certificatesigningrequests/selfnodeserver"]
-  verbs: ["create"]
-```
-
-These powers can be granted to credentials, such as bootstrapping tokens. For example, to replicate the behavior
-provided by the removed auto-approval flag, of approving all CSRs by a single group:
-
-```
-# REMOVED: This flag no longer works as of 1.7.
---insecure-experimental-approve-all-kubelet-csrs-for-group="system:bootstrappers"
-```
-
-An admin would create a `ClusterRoleBinding` targeting that group.
-
-```yml
-# Approve all CSRs for the group "system:bootstrappers"
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: auto-approve-csrs-for-group
 subjects:
@@ -151,66 +561,345 @@ subjects:
   apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: ClusterRole
-  name: approve-node-client-csr
+  name: system:certificates.k8s.io:certificatesigningrequests:nodeclient
   apiGroup: rbac.authorization.k8s.io
 ```
 
-To let a node renew its own credentials, an admin can construct a `ClusterRoleBinding` targeting
-that node's credentials:
+<!--
+To enable the kubelet to renew its own client certificate, create a `ClusterRoleBinding` that binds the group in which the fully functioning node is a member `system:nodes` to the `ClusterRole` that
+grants it permission, `system:certificates.k8s.io:certificatesigningrequests:selfnodeclient`:
+-->
+要允许 kubelet 对其客户端证书执行续期操作，可以创建一个 `ClusterRoleBinding`
+将正常工作的节点所处的组 `system:nodes` 绑定到为其授予访问许可的 `ClusterRole`
+`system:certificates.k8s.io:certificatesigningrequests:selfnodeclient`：
 
-```yml
-kind: ClusterRoleBinding
+```yaml
+# 批复 "system:nodes" 组的 CSR 续约请求
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: node1-client-cert-renewal
+  name: auto-approve-renewals-for-nodes
 subjects:
-- kind: User
-  name: system:node:node-1 # Let "node-1" renew its client certificate.
+- kind: Group
+  name: system:nodes
   apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: ClusterRole
-  name: approve-node-client-renewal-csr
+  name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient
   apiGroup: rbac.authorization.k8s.io
 ```
 
-Deleting the binding will prevent the node from renewing its client credentials, effectively
-removing it from the cluster once its certificate expires.
+<!--
+The `csrapproving` controller that ships as part of
+[kube-controller-manager](/docs/admin/kube-controller-manager/) and is enabled
+by default. The controller uses the [`SubjectAccessReview`
+API](/docs/reference/access-authn-authz/authorization/#checking-api-access) to
+determine if a given user is authorized to request a CSR, then approves based on
+the authorization outcome. To prevent conflicts with other approvers, the
+builtin approver doesn't explicitly deny CSRs. It only ignores unauthorized
+requests. The controller also prunes expired certificates as part of garbage
+collection.
+-->
+作为 [kube-controller-manager](/zh/docs/reference/generated/kube-controller-manager/)
+的一部分的 `csrapproving` 控制器是自动被启用的。
+该控制器使用 [`SubjectAccessReview` API](/docs/reference/access-authn-authz/authorization/#checking-api-access)
+来确定是否某给定用户被授权请求 CSR，之后基于鉴权结果执行批复操作。
+为了避免与其它批复组件发生冲突，内置的批复组件不会显式地拒绝任何 CSRs。
+该组件仅是忽略未被授权的请求。
+控制器也会作为垃圾收集的一部分清除已过期的证书。
 
+<!--
 ## kubelet configuration
-To request a client certificate from kube-apiserver, the kubelet first needs a path to a kubeconfig file that contains the
-bootstrap authentication token. You can use `kubectl config set-cluster`, `set-credentials`, and `set-context` to build this kubeconfig. Provide the name `kubelet-bootstrap` to `kubectl config set-credentials` and include `--token=<token-value>` as follows:
 
-```
-kubectl config set-credentials kubelet-bootstrap --token=${BOOTSTRAP_TOKEN} --kubeconfig=bootstrap.kubeconfig
+Finally, with the master nodes properly set up and all of the necessary authentication and authorization in place, we can configure the kubelet.
+-->
+## kubelet 配置   {#kubelet-configuration}
+
+最后，当主控节点被正确配置并且所有必要的身份认证和鉴权机制都就绪时，
+我们可以配置 kubelet。
+
+<!--
+The kubelet requires the following configuration to bootstrap:
+
+* A path to store the key and certificate it generates (optional, can use default)
+* A path to a `kubeconfig` file that does not yet exist; it will place the bootstrapped config file here
+* A path to a bootstrap `kubeconfig` file to provide the URL for the server and bootstrap credentials, e.g. a bootstrap token
+* Optional: instructions to rotate certificates
+-->
+kubelet 需要以下配置来执行启动引导：
+
+* 一个用来存储所生成的密钥和证书的路径（可选，可以使用默认配置）
+* 一个用来指向尚不存在的 `kubeconfig` 文件的路径；kubelet 会将启动引导
+  配置文件放到这个位置
+* 一个指向启动引导 `kubeconfig` 文件的路径，用来提供 API 服务器的 URL
+  和启动引导凭据，例如，启动引导令牌
+* 可选的：轮换证书的指令
+
+<!--
+The bootstrap `kubeconfig` should be in a path available to the kubelet, for example `/var/lib/kubelet/bootstrap-kubeconfig`.
+
+Its format is identical to a normal `kubeconfig` file. A sample file might look as follows:
+-->
+启动引导 `kubeconfig` 文件应该放在一个 kubelet 可访问的路径下，例如
+`/var/lib/kubelet/bootstrap-kubeconfig`。
+
+其格式与普通的 `kubeconfig` 文件完全相同。实例文件可能看起来像这样：
+
+```yaml
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority: /var/lib/kubernetes/ca.pem
+    server: https://my.server.example.com:6443
+  name: bootstrap
+contexts:
+- context:
+    cluster: bootstrap
+    user: kubelet-bootstrap
+  name: bootstrap
+current-context: bootstrap
+preferences: {}
+users:
+- name: kubelet-bootstrap
+  user:
+    token: 07401b.f395accd246ae52d
 ```
 
-When starting the kubelet, if the file specified by `--kubeconfig` does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. On approval of the certificate request and receipt back by the kubelet, a kubeconfig file referencing the generated key and obtained certificate is written to the path specified by `--kubeconfig`. The certificate and key file will be placed in the directory specified by `--cert-dir`.
+<!--
+The important elements to note are:
+
+* `certificate-authority`: path to a CA file, used to validate the server certificate presented by kube-apiserver
+* `server`: URL to kube-apiserver
+* `token`: the token to use
+-->
+需要额外注意的一些因素有：
+
+* `certificate-authority`：指向 CA 文件的路径，用来对 kube-apiserver 所出示
+  的服务器证书进行验证
+* `server`： 用来访问 kube-apiserver 的 URL
+* `token`：要使用的令牌
+
+<!--
+The format of the token does not matter, as long as it matches what kube-apiserver expects. In the above example, we used a bootstrap token.
+As stated earlier, _any_ valid authentication method can be used, not just tokens.
+
+Because the bootstrap `kubeconfig` _is_ a standard `kubeconfig`, you can use `kubectl` to generate it. To create the above example file:
+-->
+令牌的格式并不重要，只要它与 kube-apiserver 的期望匹配即可。
+在上面的例子中，我们使用的是启动引导令牌。
+如前所述，任何合法的身份认证方法都可以使用，不限于令牌。
+
+因为启动引导 `kubeconfig` 文件是一个标准的 `kubeconfig` 文件，你可以使用
+`kubectl` 来生成该文件。要生成上面的示例文件：
+
+```
+kubectl config --kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig set-cluster bootstrap --server='https://my.server.example.com:6443' --certificate-authority=/var/lib/kubernetes/ca.pem
+kubectl config --kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig set-credentials kubelet-bootstrap --token=07401b.f395accd246ae52d
+kubectl config --kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig set-context bootstrap --user=kubelet-bootstrap --cluster=bootstrap
+kubectl config --kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig use-context bootstrap
+```
+
+<!--
+To indicate to the kubelet to use the bootstrap `kubeconfig`, use the following kubelet flag:
+-->
+要指示 kubelet 使用启动引导 `kubeconfig` 文件，可以使用下面的 kubelet 标志：
+
+```
+--bootstrap-kubeconfig="/var/lib/kubelet/bootstrap-kubeconfig" --kubeconfig="/var/lib/kubelet/kubeconfig"
+```
+
+<!--
+When starting the kubelet, if the file specified via `--kubeconfig` does not
+exist, the bootstrap kubeconfig specified via `--bootstrap-kubeconfig` is used
+to request a client certificate from the API server. On approval of the
+certificate request and receipt back by the kubelet, a kubeconfig file
+referencing the generated key and obtained certificate is written to the path
+specified by `--kubeconfig`. The certificate and key file will be placed in the
+directory specified by `--cert-dir`.
+-->
+在启动 kubelet 时，如果 `--kubeconfig` 标志所指定的文件并不存在，会使用通过标志
+`--bootstrap-kubeconfig` 所指定的启动引导 kubeconfig 配置来向 API 服务器请求
+客户端证书。在证书请求被批复并被 kubelet 收回时，一个引用所生成的密钥和所获得
+证书的 kubeconfig 文件会被写入到通过 `--kubeconfig` 所指定的文件路径下。
+证书和密钥文件会被放到 `--cert-dir` 所指定的目录中。
+
+<!--
+### Client and Serving Certificates
+
+All of the above relate to kubelet _client_ certificates, specifically, the certificates a kubelet
+uses to authenticate to kube-apiserver.
+-->
+### 客户和服务证书   {#client-and-serving-certificates}
+
+前文所述的内容都与 kubelet _客户端_ 证书相关，尤其是 kubelet 用来向
+kube-apiserver 认证自身身份的证书。
+
+<!--
+A kubelet also can use _serving_ certificates. The kubelet itself exposes an https endpoint for certain features.
+To secure these, the kubelet can do one of:
+
+* use provided key and certificate, via the `--tls-private-key-file` and `--tls-cert-file` flags
+* create self-signed key and certificate, if a key and certificate are not provided
+* request serving certificates from the cluster server, via the CSR API
+-->
+kubelet 也可以使用 _服务（Serving）_ 证书。kubelet 自身向外提供一个
+HTTPS 末端，包含若干功能特性。要保证这些末端的安全性，kubelet 可以执行以下操作
+之一：
+
+* 使用通过 `--tls-private-key-file` 和 `--tls-cert-file` 所设置的密钥和证书
+* 如果没有提供密钥和证书，则创建自签名的密钥和证书
+* 通过 CSR API 从集群服务器请求服务证书
+
+<!--
+The client certificate provided by TLS bootstrapping is signed, by default, for `client auth` only, and thus cannot
+be used as serving certificates, or `server auth`.
+
+However, you _can_ enable its server certificate, at least partially, via certificate rotation.
+-->
+TLS 启动引导所提供的客户端证书默认被签名为仅用于 `client auth`（客户端认证），
+因此不能作为提供服务的证书，或者 `server auth`。
+
+不过，你可以启用服务器证书，至少可以部分地通过证书轮换来实现这点。
+
+<!--
+### Certificate Rotation
+
+Kubernetes v1.8 and higher kubelet implements __beta__ features for enabling
+rotation of its client and/or serving certificates.  These can be enabled through
+the respective `RotateKubeletClientCertificate` and
+`RotateKubeletServerCertificate` feature flags on the kubelet and are enabled by
+default.
+-->
+### 证书轮换    {#certificate-rotation}
+
+Kubernetes v1.8 和更高版本的 kubelet 实现了对客户端证书与/或服务证书进行轮换
+这一 Beta 特性。这一特性通过 kubelet 对应的 `RotateKubeletClientCertificate` 和
+`RotateKubeletServerCertificate` 特性门控标志来控制，并且是默认启用的。
+
+<!--
+`RotateKubeletClientCertificate` causes the kubelet to rotate its client
+certificates by creating new CSRs as its existing credentials expire. To enable
+this feature pass the following flag to the kubelet:
+-->
+`RotateKubeletClientCertificate` 会导致 kubelet 在其现有凭据即将过期时通过
+创建新的 CSR 来轮换其客户端证书。要启用此功能特性，可将下面的标志传递给
+kubelet：
+
+```
+--rotate-certificates
+```
+
+<!--
+`RotateKubeletServerCertificate` causes the kubelet **both** to request a serving
+certificate after bootstrapping its client credentials **and** to rotate that
+certificate. To enable this feature pass the following flag to the kubelet:
+-->
+`RotateKubeletServerCertificate` 会让 kubelet 在启动引导其客户端凭据之后请求
+一个服务证书 **且** 对该服务证书执行轮换操作。要启用此功能特性，将下面的标志
+传递给 kubelet：
+
+```
+--rotate-server-certificates
+```
 
 {{< note >}}
-The following flags are required to enable this bootstrapping when starting the kubelet:
+<!--
+The CSR approving controllers implemented in core Kubernetes do not
+approve node _serving_ certificates for [security
+reasons](https://github.com/kubernetes/community/pull/1982). To use
+`RotateKubeletServerCertificate` operators need to run a custom approving
+controller, or manually approve the serving certificate requests.
+-->
+Kubernetes 核心中所实现的 CSR 批复控制器出于
+[安全原因](https://github.com/kubernetes/community/pull/1982)
+并不会自动批复节点的 _服务_ 证书。
+要使用 `RotateKubeletServerCertificate` 功能特性，集群运维人员需要运行一个
+定制的控制器或者手动批复服务证书的请求。
 
-```
---bootstrap-kubeconfig="/path/to/bootstrap/kubeconfig"
-```
+<!--
+A deployment-specific approval process for kubelet serving certificates should typically only approve CSRs which:
+
+1. are requested by nodes (ensure the `spec.username` field is of the form 
+   `system:node:<nodeName>` and `spec.groups` contains `system:nodes`) 
+2. request usages for a serving certificate (ensure `spec.usages` contains `server auth`, 
+   optionally contains `digital signature` and `key encipherment`, and contains no other usages)
+3. only have IP and DNS subjectAltNames that belong to the requesting node, 
+   and have no URI and Email subjectAltNames (parse the x509 Certificate Signing Request 
+   in `spec.request` to verify `subjectAltNames`)
+-->
+对 kubelet 服务证书的批复过程因集群部署而异，通常应该仅批复如下 CSR：
+
+1. 由节点发出的请求（确保 `spec.username` 字段形式为 `system:node:<nodeName>`
+   且 `spec.groups` 包含 `system:nodes`）
+2. 请求中包含服务证书用法（确保 `spec.usages` 中包含 `server auth`，可选地也可 
+   包含 `digital signature` 和 `key encipherment`，且不包含其它用法）
+3. 仅包含隶属于请求节点的 IP 和 DNS 的 `subjectAltNames`，没有 URI 和 Email
+   形式的 `subjectAltNames`（解析 `spec.request` 中的 x509 证书签名请求可以
+   检查 `subjectAltNames`）
 {{< /note >}}
 
-Additionally, in 1.7 the kubelet implements __alpha__ features for enabling rotation of both its client and/or serving certs.
-These can be enabled through the respective `RotateKubeletClientCertificate` and `RotateKubeletServerCertificate` feature
-flags on the kubelet, but may change in backward incompatible ways in future releases.
+<!--
+## Other authenticating components
 
-```
---feature-gates=RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true
-```
+All of TLS bootstrapping described in this document relates to the kubelet. However,
+other components may need to communicate directly with kube-apiserver. Notable is kube-proxy, which
+is part of the Kubernetes control plane and runs on every node, but may also include other components such as monitoring or networking.
+-->
+## 其它身份认证组件   {#other-authenticating-components}
 
-`RotateKubeletClientCertificate` causes the kubelet to rotate its client certificates by creating new CSRs as its existing
-credentials expire. `RotateKubeletServerCertificate` causes the kubelet to both request a serving certificate after
-bootstrapping its client credentials and rotate the certificate. The serving cert currently does not request DNS or IP
-SANs.
+本文所描述的所有 TLS 启动引导内容都与 kubelet 相关。不过，其它组件也可能需要
+直接与 kube-apiserver 直接通信。容易想到的是 kube-proxy，同样隶属于
+Kubernetes 的控制面并且运行在所有节点之上，不过也可能包含一些其它负责
+监控或者联网的组件。
 
+<!--
+Like the kubelet, these other components also require a method of authenticating to kube-apiserver.
+You have several options for generating these credentials:
+-->
+与 kubelet 类似，这些其它组件也需要一种向 kube-apiserver 认证身份的方法。
+你可以用几种方法来生成这类凭据：
+
+<!--
+* The old way: Create and distribute certificates the same way you did for kubelet before TLS bootstrapping
+* DaemonSet: Since the kubelet itself is loaded on each node, and is sufficient to start base services, you can run kube-proxy and other node-specific services not as a standalone process, but rather as a daemonset in the `kube-system` namespace. Since it will be in-cluster, you can give it a proper service account with appropriate permissions to perform its activities. This may be the simplest way to configure such services.
+-->
+* 较老的方式：和 kubelet 在 TLS 启动引导之前所做的一样，用类似的方式
+  创建和分发证书
+* DaemonSet：由于 kubelet 自身被加载到所有节点之上，并且有足够能力来启动基本服务，
+  你可以运行将 kube-proxy 和其它特定节点的服务作为 `kube-system` 名字空间中的
+  DaemonSet 来执行，而不是独立的进程。由于 DaemonSet 位于集群内部，你可以为其
+  指派一个合适的服务账户，使之具有适当的访问权限来完成其使命。这也许是配置此类
+  服务的最简单的方法。
+
+<!--
 ## kubectl approval
-The signing controller does not immediately sign all certificate requests. Instead, it waits until they have been flagged with an
-"Approved" status by an appropriately-privileged user. This is intended to eventually be an automated process handled by an external
-approval controller, but for the alpha version of the API it can be done manually by a cluster administrator using kubectl.
-An administrator can list CSRs with `kubectl get csr` and describe one in detail with `kubectl describe csr <name>`. Before the 1.6 release there were
-[no direct approve/deny commands](https://github.com/kubernetes/kubernetes/issues/30163) so an approver had to update
-the Status field directly ([rough how-to](https://github.com/gtank/csrctl)). Later versions of Kubernetes offer `kubectl certificate approve <name>` and `kubectl certificate deny <name>` commands.
+
+CSRs can be approved outside of the approval flows builtin to the controller
+manager.
+-->
+## kubectl 批复    {#kubectl-approval}
+
+CSRs 可以在控制器管理其内置的批复工作流之外被批复。
+
+<!--
+The signing controller does not immediately sign all certificate requests.
+Instead, it waits until they have been flagged with an "Approved" status by an
+appropriately-privileged user. This flow is intended to allow for automated
+approval handled by an external approval controller or the approval controller
+implemented in the core controller-manager. However cluster administrators can
+also manually approve certificate requests using kubectl. An administrator can
+list CSRs with `kubectl get csr` and describe one in detail with `kubectl
+describe csr <name>`. An administrator can approve or deny a CSR with `kubectl
+certificate approve <name>` and `kubectl certificate deny <name>`.
+-->
+签名控制器并不会立即对所有证书请求执行签名操作。相反，它会等待这些请求被某
+具有适当特权的用户标记为 “Approved（已批准）”状态。
+这一流程有意允许由外部批复控制器来自动执行的批复，或者由控制器管理器内置的
+批复控制器来自动批复。
+不过，集群管理员也可以使用 `kubectl` 来手动批准证书请求。
+管理员可以通过 `kubectl get csr` 来列举所有的 CSR，使用
+`kubectl descsribe csr <name>` 来描述某个 CSR 的细节。
+管理员可以使用 `kubectl certificate approve <name` 来批准某 CSR，或者
+`kubectl certificate deny <name>` 来拒绝某 CSR。
+
diff --git a/content/zh/docs/reference/command-line-tools-reference/kubelet.md b/content/zh/docs/reference/command-line-tools-reference/kubelet.md
index 32daddda68..317a3a581e 100644
--- a/content/zh/docs/reference/command-line-tools-reference/kubelet.md
+++ b/content/zh/docs/reference/command-line-tools-reference/kubelet.md
@@ -118,7 +118,7 @@ log to standard error as well as files
 Enables anonymous requests to the Kubelet server. Requests that are not rejected by another authentication method are treated as anonymous requests. Anonymous requests have a username of `system:anonymous`, and a group name of `system:unauthenticated`. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's `--config` flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.)
 -->
 设置为 true 表示 kubelet 服务器可以接受匿名请求。未被任何认证组件拒绝的请求将被视为匿名请求。
-匿名请求的用户名为 <code>system:anonymous</code>，用户组为 </code>system:unauthenticated</code>。
+匿名请求的用户名为 <code>system:anonymous</code>，用户组为 <code>system:unauthenticated</code>。
 已弃用：应在 <code>--config</code> 所给的配置文件中进行设置。
 （<a href="https://kubernetes.io/zh/docs/tasks/administer-cluster/kubelet-config-file/">进一步了解</a>）
 </td>
@@ -1353,7 +1353,6 @@ Content type of requests sent to apiserver. (default "application/vnd.kubernetes
 已弃用：应在 <code>--config</code> 所给的配置文件中进行设置。
 （<a href="https://kubernetes.io/zh/docs/tasks/administer-cluster/kubelet-config-file/">进一步了解</a>）
 </td>
-</td>
 </tr>
 
 <tr>
diff --git a/content/zh/docs/reference/kubectl/conventions.md b/content/zh/docs/reference/kubectl/conventions.md
index de8232d75b..d8f372086e 100644
--- a/content/zh/docs/reference/kubectl/conventions.md
+++ b/content/zh/docs/reference/kubectl/conventions.md
@@ -85,42 +85,42 @@ See the Kubernetes v1.17 documentation for a [list](https://v1-17.docs.kubernete
 #### 生成器
 <!--
 You can generate the following resources with a kubectl command, `kubectl create --dry-run=client -o yaml`:
-```
-  clusterrole         Create a ClusterRole.
-  clusterrolebinding  Create a ClusterRoleBinding for a particular ClusterRole.
-  configmap           Create a configmap from a local file, directory or literal value.
-  cronjob             Create a cronjob with the specified name.
-  deployment          Create a deployment with the specified name.
-  job                 Create a job with the specified name.
-  namespace           Create a namespace with the specified name.
-  poddisruptionbudget Create a pod disruption budget with the specified name.
-  priorityclass       Create a priorityclass with the specified name.
-  quota               Create a quota with the specified name.
-  role                Create a role with single rule.
-  rolebinding         Create a RoleBinding for a particular Role or ClusterRole.
-  secret              Create a secret using specified subcommand.
-  service             Create a service using specified subcommand.
-  serviceaccount      Create a service account with the specified name.
-```
+
+* `clusterrole`: Create a ClusterRole.
+* `clusterrolebinding`: Create a ClusterRoleBinding for a particular ClusterRole.
+* `configmap`: Create a ConfigMap from a local file, directory or literal value.
+* `cronjob`: Create a CronJob with the specified name.
+* `deployment`: Create a Deployment with the specified name.
+* `job`: Create a Job with the specified name.
+* `namespace`: Create a Namespace with the specified name.
+* `poddisruptionbudget`: Create a PodDisruptionBudget with the specified name.
+* `priorityclass`: Create a PriorityClass with the specified name.
+* `quota`: Create a Quota with the specified name.
+* `role`: Create a Role with single rule.
+* `rolebinding`: Create a RoleBinding for a particular Role or ClusterRole.
+* `secret`: Create a Secret using specified subcommand.
+* `service`: Create a Service using specified subcommand.
+* `serviceaccount`: Create a ServiceAccount with the specified name.
+
 -->
 你可以使用 kubectl 命令生成以下资源， `kubectl create --dry-run=client -o yaml`：
-```
-  clusterrole         创建 ClusterRole。
-  clusterrolebinding  为特定的 ClusterRole 创建 ClusterRoleBinding。
-  configmap           使用本地文件、目录或文本值创建 Configmap。
-  cronjob             使用指定的名称创建 Cronjob。
-  deployment          使用指定的名称创建 Deployment。
-  job                 使用指定的名称创建 Job。
-  namespace           使用指定的名称创建名称空间。
-  poddisruptionbudget 使用指定名称创建 Pod 干扰预算。
-  priorityclass       使用指定的名称创建 Priorityclass。
-  quota               使用指定的名称创建配额。
-  role                使用单一规则创建角色。
-  rolebinding         为特定角色或 ClusterRole 创建 RoleBinding。
-  secret              使用指定的子命令创建 Secret。
-  service             使用指定的子命令创建服务。
-  serviceaccount      使用指定的名称创建服务帐户。
-```
+
+* `clusterrole`:         创建 ClusterRole。
+* `clusterrolebinding`:  为特定的 ClusterRole 创建 ClusterRoleBinding。
+* `configmap`:           使用本地文件、目录或文本值创建 Configmap。
+* `cronjob`:             使用指定的名称创建 Cronjob。
+* `deployment`:          使用指定的名称创建 Deployment。
+* `job`:                 使用指定的名称创建 Job。
+* `namespace`:           使用指定的名称创建名称空间。
+* `poddisruptionbudget`: 使用指定名称创建 Pod 干扰预算。
+* `priorityclass`:       使用指定的名称创建 Priorityclass。
+* `quota`:               使用指定的名称创建配额。
+* `role`:                使用单一规则创建角色。
+* `rolebinding`:         为特定角色或 ClusterRole 创建 RoleBinding。
+* `secret`:              使用指定的子命令创建 Secret。
+* `service`:             使用指定的子命令创建服务。
+* `serviceaccount`:      使用指定的名称创建服务帐户。
+
 
 ### `kubectl apply`
 
diff --git a/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md b/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md
index a89f43c32c..b53e6fcd77 100644
--- a/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md
+++ b/content/zh/docs/reference/kubectl/docker-cli-to-kubectl.md
@@ -62,7 +62,7 @@ kubectl create deployment --image=nginx nginx-app
 deployment.apps/nginx-app created
 ```
 
-```
+```shell
 # add env to nginx-app
 kubectl set env deployment/nginx-app  DOMAIN=cluster
 ```
diff --git a/content/zh/docs/reference/using-api/_index.md b/content/zh/docs/reference/using-api/_index.md
index 20bad38482..88b6bce641 100644
--- a/content/zh/docs/reference/using-api/_index.md
+++ b/content/zh/docs/reference/using-api/_index.md
@@ -76,7 +76,7 @@ Here's a summary of each level:
 -->
 下面是每个级别的摘要：
 
-<--
+<!--
 - Alpha:
   - The version names contain `alpha` (for example, `v1alpha1`).
   - The software may contain bugs. Enabling a feature may expose bugs. A
diff --git a/content/zh/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md b/content/zh/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
index 81a70abe77..6fa2bb7158 100644
--- a/content/zh/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
+++ b/content/zh/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
@@ -17,11 +17,12 @@ weight: 30
 <!-- overview -->
 
 <!--
-<img src="https://raw.githubusercontent.com/kubernetes/kubeadm/master/logos/stacked/color/kubeadm-stacked-color.png" align="right" width="150px">Creating a minimum viable Kubernetes cluster that conforms to best practices. In fact, you can use `kubeadm` to set up a cluster that will pass the [Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification).
+<img src="https://raw.githubusercontent.com/kubernetes/kubeadm/master/logos/stacked/color/kubeadm-stacked-color.png" align="right" width="150px">Using `kubeadm`, you can create a minimum viable Kubernetes cluster that conforms to best practices. In fact, you can use `kubeadm` to set up a cluster that will pass the [Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification).
 `kubeadm` also supports other cluster
 lifecycle functions, such as [bootstrap tokens](/docs/reference/access-authn-authz/bootstrap-tokens/) and cluster upgrades.
 -->
-<img src="https://raw.githubusercontent.com/kubernetes/kubeadm/master/logos/stacked/color/kubeadm-stacked-color.png" align="right" width="150px">创建一个符合最佳实践的最小化 Kubernetes 集群。事实上，你可以使用 `kubeadm` 配置一个通过 [Kubernetes 一致性测试](https://kubernetes.io/blog/2017/10/software-conformance-certification) 的集群。
+<img src="https://raw.githubusercontent.com/kubernetes/kubeadm/master/logos/stacked/color/kubeadm-stacked-color.png" align="right" width="150px">使用 `kubeadm`，你
+能创建一个符合最佳实践的最小化 Kubernetes 集群。事实上，你可以使用 `kubeadm` 配置一个通过 [Kubernetes 一致性测试](https://kubernetes.io/blog/2017/10/software-conformance-certification) 的集群。
 `kubeadm` 还支持其他集群生命周期功能，
 例如 [启动引导令牌](/zh/docs/reference/access-authn-authz/bootstrap-tokens/) 和集群升级。
 
@@ -265,9 +266,9 @@ kubeadm 不支持将没有 `--control-plane-endpoint` 参数的单个控制平
 ### 更多信息
 
 <!--
-For more information about `kubeadm init` arguments, see the [kubeadm reference guide](/docs/reference/setup-tools/kubeadm/kubeadm-init/).
+For more information about `kubeadm init` arguments, see the [kubeadm reference guide](/docs/reference/setup-tools/kubeadm/kubeadm/).
 -->
-有关 `kubeadm init` 参数的更多信息，请参见 [kubeadm 参考指南](/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/)。
+有关 `kubeadm init` 参数的更多信息，请参见 [kubeadm 参考指南](/zh/docs/reference/setup-tools/kubeadm/kubeadm/)。
 
 <!--
 To configure `kubeadm init` with a configuration file see [Using kubeadm init with a configuration file](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file).
diff --git a/content/zh/docs/tasks/access-application-cluster/connecting-frontend-backend.md b/content/zh/docs/tasks/access-application-cluster/connecting-frontend-backend.md
index 3fa7626c88..a485d9ba3a 100644
--- a/content/zh/docs/tasks/access-application-cluster/connecting-frontend-backend.md
+++ b/content/zh/docs/tasks/access-application-cluster/connecting-frontend-backend.md
@@ -3,31 +3,40 @@ title: 使用 Service 把前端连接到后端
 content_type: tutorial
 weight: 70
 ---
+<!--
+title: Connect a Frontend to a Backend Using Services
+content_type: tutorial
+weight: 70
+-->
 
 <!-- overview -->
 
 <!--
-This task shows how to create a frontend and a backend
-microservice. The backend microservice is a hello greeter. The
-frontend and backend are connected using a Kubernetes
-{{< glossary_tooltip term_id="service" >}} object.
+This task shows how to create a _frontend_ and a _backend_ microservice. The backend 
+microservice is a hello greeter. The frontend exposes the backend using nginx and a 
+Kubernetes {{< glossary_tooltip term_id="service" >}} object.
 -->
 
-本任务会描述如何创建前端微服务和后端微服务。后端微服务是一个 hello 欢迎程序。
-前端和后端的连接是通过 Kubernetes {{< glossary_tooltip term_id="service" text="服务" >}}
-完成的。
+本任务会描述如何创建前端（Frontend）微服务和后端（Backend）微服务。后端微服务是一个 hello 欢迎程序。
+前端通过 nginx 和一个 Kubernetes {{< glossary_tooltip term_id="service" text="服务" >}}
+暴露后端所提供的服务。
 
 ## {{% heading "objectives" %}}
 
 <!--
-* Create and run a microservice using a {{< glossary_tooltip term_id="deployment" >}} object.
-* Route traffic to the backend using a frontend.
-* Use a Service object to connect the frontend application to the
-  backend application.
+* Create and run a sample `hello` backend microservice using a
+  {{< glossary_tooltip term_id="deployment" >}} object.
+* Use a Service object to send traffic to the backend microservice's multiple replicas.
+* Create and run a `nginx` frontend microservice, also using a Deployment object.
+* Configure the frontend microservice to send traffic to the backend microservice.
+* Use a Service object of `type=LoadBalancer` to expose the frontend microservice
+  outside the cluster.
 -->
-* 使用部署对象（Deployment object）创建并运行一个微服务
-* 从后端将流量路由到前端
-* 使用服务对象把前端应用连接到后端应用
+* 使用部署对象（Deployment object）创建并运行一个 `hello` 后端微服务
+* 使用一个 Service 对象将请求流量发送到后端微服务的多个副本
+* 同样使用一个 Deployment 对象创建并运行一个 `nginx` 前端微服务
+* 配置前端微服务将请求流量发送到后端微服务
+* 使用 `type=LoadBalancer` 的 Service 对象将全段微服务暴露到集群外部
 
 ## {{% heading "prerequisites" %}}
 
@@ -39,8 +48,7 @@ This task uses
 require a supported environment. If your environment does not support this, you can use a Service of type
 [NodePort](/docs/concepts/services-networking/service/#nodeport) instead.
 -->
-
-本任务使用 [外部负载均衡服务](/zh/docs/tasks/access-application-cluster/create-external-load-balancer/)，
+本任务使用[外部负载均衡服务](/zh/docs/tasks/access-application-cluster/create-external-load-balancer/)，
 所以需要对应的可支持此功能的环境。如果你的环境不能支持，你可以使用
 [NodePort](/zh/docs/concepts/services-networking/service/#nodeport)
 类型的服务代替。
@@ -57,7 +65,7 @@ file for the backend Deployment:
 
 后端是一个简单的 hello 欢迎微服务应用。这是后端应用的 Deployment 配置文件：
 
-{{< codenew file="service/access/hello.yaml" >}}
+{{< codenew file="service/access/backend-deployment.yaml" >}}
 
 <!-- 
 Create the backend Deployment:
@@ -65,7 +73,7 @@ Create the backend Deployment:
 创建后端 Deployment：
 
 ```shell
-kubectl apply -f https://k8s.io/examples/service/access/hello.yaml
+kubectl apply -f https://k8s.io/examples/service/access/backend-deployment.yaml
 ```
 
 <!--
@@ -73,7 +81,7 @@ View information about the backend Deployment:
 -->
 查看后端的 Deployment 信息：
 
-```
+```shell
 kubectl describe deployment hello
 ```
 
@@ -83,7 +91,7 @@ The output is similar to this:
 输出类似于：
 
 ```
-Name:                           hello
+Name:                           backend
 Namespace:                      default
 CreationTimestamp:              Mon, 24 Oct 2016 14:21:02 -0700
 Labels:                         app=hello
@@ -91,7 +99,7 @@ Labels:                         app=hello
                                 track=stable
 Annotations:                    deployment.kubernetes.io/revision=1
 Selector:                       app=hello,tier=backend,track=stable
-Replicas:                       7 desired | 7 updated | 7 total | 7 available | 0 unavailable
+Replicas:                       3 desired | 3 updated | 3 total | 3 available | 0 unavailable
 StrategyType:                   RollingUpdate
 MinReadySeconds:                0
 RollingUpdateStrategy:          1 max unavailable, 1 max surge
@@ -112,15 +120,15 @@ Conditions:
   Available     True    MinimumReplicasAvailable
   Progressing   True    NewReplicaSetAvailable
 OldReplicaSets:                 <none>
-NewReplicaSet:                  hello-3621623197 (7/7 replicas created)
+NewReplicaSet:                  hello-3621623197 (3/3 replicas created)
 Events:
 ...
 ```
 
 <!--
-## Creating the backend Service object
+## Creating the `hello` Service object
 
-The key to connecting a frontend to a backend is the backend
+The key to sending requests from a frontend to a backend is the backend
 Service. A Service creates a persistent IP address and DNS name entry
 so that the backend microservice can always be reached. A Service uses
 {{< glossary_tooltip text="selectors" term_id="selector" >}} to find
@@ -128,68 +136,84 @@ the Pods that it routes traffic to.
 
 First, explore the Service configuration file:
 -->
-### 创建后端服务对象
+### 创建 `hello` Service 对象
 
-前端连接到后端的关键是 Service（服务）。Service 创建一个固定 IP 和 DNS 解析名入口，
-使得后端微服务可达。Service 使用
+将请求从前端发送到到后端的关键是后端 Service。Service 创建一个固定 IP 和 DNS 解析名入口，
+使得后端微服务总是可达。Service 使用
 {{< glossary_tooltip text="选择算符" term_id="selector" >}} 
 来寻找目标 Pod。
 
 首先，浏览 Service 的配置文件：
 
-{{< codenew file="service/access/hello-service.yaml" >}}
+{{< codenew file="service/access/backend-service.yaml" >}}
 
 <!--
-In the configuration file, you can see that the Service routes traffic to Pods
-that have the labels `app: hello` and `tier: backend`.
+In the configuration file, you can see that the Service named `hello` routes
+traffic to Pods that have the labels `app: hello` and `tier: backend`.
 -->
-配置文件中，你可以看到 Service 将流量路由到包含 `app: hello` 和 `tier: backend` 标签的 Pod。
+配置文件中，你可以看到名为 `hello` 的 Service 将流量路由到包含 `app: hello`
+和 `tier: backend` 标签的 Pod。
 
 <!--
-Create the `hello` Service:
+Create the backend Service:
 -->
-创建 `hello` Service：
+创建后端 Service：
 
 ```shell
-kubectl apply -f https://k8s.io/examples/service/access/hello-service.yaml
+kubectl apply -f https://k8s.io/examples/service/access/backend-service.yaml
 ```
 
 <!--
-At this point, you have a backend Deployment running, and you have a
-Service that can route traffic to it.
+At this point, you have a `backend` Deployment running three replicas of your `hello`
+application, and you have a Service that can route traffic to them. However, this
+service is neither available nor resolvable outside the cluster.
 -->
-此时，你已经有了一个在运行的后端 Deployment，你也有了一个 Service 用于路由网络流量。
+此时，你已经有了一个运行着 `hello` 应用的三个副本的 `backend` Deployment，你也有了
+一个 Service 用于路由网络流量。不过，这个服务在集群外部无法访问也无法解析。
 
 <!--
 ## Creating the frontend
 
-Now that you have your backend, you can create a frontend that connects to the backend.
-The frontend connects to the backend worker Pods by using the DNS name
-given to the backend Service. The DNS name is "hello", which is the value
-of the `name` field in the preceding Service configuration file.
+Now that you have your backend running, you can create a frontend that is accessible 
+outside the cluster, and connects to the backend by proxying requests to it.
+
+The frontend sends requests to the backend worker Pods by using the DNS name
+given to the backend Service. The DNS name is `hello`, which is the value
+of the `name` field in the `examples/service/access/backend-service.yaml` 
+configuration file.
 
 The Pods in the frontend Deployment run an nginx image that is configured
-to find the hello backend Service. Here is the nginx configuration file:
+to proxy requests to the hello backend Service. Here is the nginx configuration file:
 -->
 ### 创建前端应用
 
-既然你已经有了后端应用，你可以创建一个前端应用连接到后端。前端应用通过 DNS 名连接到后端的工作 Pods。
-DNS 名是 "hello"，也就是 Service 配置文件中 `name` 字段的值。
+现在你已经有了运行中的后端应用，你可以创建一个可在集群外部访问的前端，并通过代理
+前端的请求连接到后端。
 
-前端 Deployment 中的 Pods 运行一个 nginx 镜像，这个已经配置好镜像去寻找后端的 hello Service。
-只是 nginx 的配置文件：
+前端使用被赋予后端 Service 的 DNS 名称将请求发送到后端工作 Pods。这一 DNS
+名称为 `hello`，也就是 `examples/service/access/backend-service.yaml` 配置
+文件中 `name` 字段的取值。
 
-{{< codenew file="service/access/frontend.conf" >}}
+前端 Deployment 中的 Pods 运行一个 nginx 镜像，这个已经配置好的镜像会将请求转发
+给后端的 hello Service。下面是  nginx 的配置文件：
+
+{{< codenew file="service/access/frontend-nginx.conf" >}}
 
 <!--
-Similar to the backend, the frontend has a Deployment and a Service. The
-configuration for the Service has `type: LoadBalancer`, which means that
-the Service uses the default load balancer of your cloud provider.
+Similar to the backend, the frontend has a Deployment and a Service. An important
+difference to notice between the backend and frontend services, is that the
+configuration for the frontend Service has `type: LoadBalancer`, which means that
+the Service uses a load balancer provisioned by your cloud provider and will be
+accessible from outside the cluster.
 -->
-与后端类似，前端用包含一个 Deployment 和一个 Service。Service 的配置文件包含了 `type: LoadBalancer`，
-也就是说，Service 会使用你的云服务商的默认负载均衡设备。
+与后端类似，前端用包含一个 Deployment 和一个 Service。后端与前端服务之间的一个
+重要区别是前端 Service 的配置文件包含了 `type: LoadBalancer`，也就是说，Service
+会使用你的云服务商的默认负载均衡设备，从而实现从集群外访问的目的。
+
+{{< codenew file="service/access/frontend-service.yaml" >}}
+
+{{< codenew file="service/access/frontend-deployment.yaml" >}}
 
-{{< codenew file="service/access/frontend.yaml" >}}
 
 <!--
 Create the frontend Deployment and Service:
@@ -197,7 +221,8 @@ Create the frontend Deployment and Service:
 创建前端 Deployment 和 Service：
 
 ```shell
-kubectl apply -f https://k8s.io/examples/service/access/frontend.yaml
+kubectl apply -f https://k8s.io/examples/service/access/frontend-deployment.yaml
+kubectl apply -f https://k8s.io/examples/service/access/frontend-service.yaml
 ```
 
 <!--
@@ -271,21 +296,22 @@ cluster.
 <!--
 ## Send traffic through the frontend
 
-The frontend and backends are now connected. You can hit the endpoint
+The frontend and backend are now connected. You can hit the endpoint
 by using the curl command on the external IP of your frontend Service.
 -->
 ### 通过前端发送流量
 
-前端和后端已经完成连接了。你可以使用 curl 命令通过你的前端 Service 的外部 IP 访问服务端点。
+前端和后端已经完成连接了。你可以使用 curl 命令通过你的前端 Service 的外部
+IP 访问服务端点。
 
 ```shell
-curl http://<EXTERNAL-IP>
+curl http://${EXTERNAL_IP} # 将 EXTERNAL_P 替换为你之前看到的外部 IP
 ```
 
 <!--
 The output shows the message generated by the backend:
 -->
-后端生成的消息输出如下：
+输出显示后端生成的消息：
 
 ```json
 {"message":"Hello"}
@@ -299,7 +325,7 @@ To delete the Services, enter this command:
 要删除服务，输入下面的命令：
 
 ```shell
-kubectl delete services frontend hello
+kubectl delete services frontend backend
 ```
 
 <!--
@@ -308,14 +334,16 @@ To delete the Deployments, the ReplicaSets and the Pods that are running the bac
 要删除在前端和后端应用中运行的 Deployment、ReplicaSet 和 Pod，输入下面的命令：
 
 ```shell
-kubectl delete deployment frontend hello
+kubectl delete deployment frontend backend
 ```
 ## {{% heading "whatsnext" %}}
 
 <!--
 * Learn more about [Services](/docs/concepts/services-networking/service/)
 * Learn more about [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/)
+* Learn more about [DNS for Service and Pods](/docs/concepts/services-networking/dns-pod-service/)
 -->
-* 进一步了解[Service](/zh/docs/concepts/services-networking/service/)
-* 进一步了解[ConfigMap](/zh/docs/tasks/configure-pod-container/configure-pod-configmap/)
+* 进一步了解 [Service](/zh/docs/concepts/services-networking/service/)
+* 进一步了解 [ConfigMap](/zh/docs/tasks/configure-pod-container/configure-pod-configmap/)
+* 进一步了解 [Service 和 Pods 的 DNS](/docs/concepts/services-networking/dns-pod-service/)
 
diff --git a/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md b/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
index 06791739d7..4219ca4f20 100644
--- a/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
+++ b/content/zh/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
@@ -213,9 +213,22 @@ for database debugging.
    以上所有命令都应该有效。输出应该类似于：
 
    ```
-   I0710 14:43:38.274550    3655 portforward.go:225] Forwarding from 127.0.0.1:7000 -> 6379
-   I0710 14:43:38.274797    3655 portforward.go:225] Forwarding from [::1]:7000 -> 6379
+   Forwarding from 127.0.0.1:7000 -> 6379
+   Forwarding from [::1]:7000 -> 6379  
    ```
+<!--
+{{< note >}}
+
+`kubectl port-forward` does not return. To continue with the exercises, you will need to open another terminal.
+
+{{< /note >}}
+-->
+{{< note >}}
+
+`kubectl port-forward` 不会返回。你需要打开另一个终端来继续这个练习。
+
+{{< /note >}}
+
 
 <!--
 2. Start the Redis command line interface:
@@ -232,13 +245,44 @@ for database debugging.
 3. 在 Redis 命令行提示符下，输入 `ping` 命令：
 
    ```
-   127.0.0.1:7000>ping
+   ping
    ```
 
    <!--
-   A successful ping request returns PONG.
+   A successful ping request returns:
    -->
-   成功的 ping 请求应该返回 PONG。
+   成功的 ping 请求应该返回：
+
+   ```
+   PONG
+   ```
+<!--
+### Optionally let _kubectl_ choose the local port {#let-kubectl-choose-local-port}
+-->
+### （可选操作）让 _kubectl_ 来选择本地端口 {#let-kubectl-choose-local-port}
+
+<!--
+If you don't need a specific local port, you can let `kubectl` choose and allocate 
+the local port and thus relieve you from having to manage local port conflicts, with 
+the slightly simpler syntax:
+-->
+如果你不需要指定特定的本地端口，你可以让 `kubectl` 来选择和分配本地端口，
+以便你不需要管理本地端口冲突。该命令使用稍微不同的语法：
+
+```shell
+kubectl port-forward deployment/redis-master :6379
+```
+<!--
+The `kubectl` tool finds a local port number that is not in use (avoiding low ports numbers,
+because these might be used by other applications). The output is similar to:
+-->
+`kubectl` 工具会找到一个未被使用的本地端口号（避免使用低段位的端口号，因为他们可能会被其他应用程序使用）。输出应该类似于：
+
+```
+Forwarding from 127.0.0.1:62162 -> 6379
+Forwarding from [::1]:62162 -> 6379
+```
+
 
 <!-- discussion -->
 
diff --git a/content/zh/docs/tasks/administer-cluster/highly-available-master.md b/content/zh/docs/tasks/administer-cluster/highly-available-master.md
index be4797477d..6144a634c8 100644
--- a/content/zh/docs/tasks/administer-cluster/highly-available-master.md
+++ b/content/zh/docs/tasks/administer-cluster/highly-available-master.md
@@ -320,6 +320,71 @@ To make such deployment secure, communication between etcd instances is authoriz
 为了允许 etcd 组建集群，需开放 etcd 实例之间通信所需的端口（用于集群内部通信）。
 为了使这种部署安全，etcd 实例之间的通信使用 SSL 进行鉴权。
 
+<!--
+### API server identity
+-->
+### API 服务器标识
+
+{{< feature-state state="alpha"  for_k8s_version="v1.20" >}}
+
+<!--
+The API Server Identity feature is controlled by a
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+and is not enabled by default. You can activate API Server Identity by enabling
+the feature gate named `APIServerIdentity` when you start the
+{{< glossary_tooltip text="API Server" term_id="kube-apiserver" >}}:
+-->
+使用 API 服务器标识功能需要启用[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)，
+该功能默认不启用。
+你可以在启动 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}} 的时候启用特性门控 `APIServerIdentity` 来激活 API 服务器标识：
+
+<!--
+```shell
+kube-apiserver \
+--feature-gates=APIServerIdentity=true \
+ # …and other flags as usual
+```
+-->
+```shell
+kube-apiserver \
+--feature-gates=APIServerIdentity=true \
+ # …其他标记照常
+```
+
+<!--
+During bootstrap, each kube-apiserver assigns a unique ID to itself. The ID is
+in the format of `kube-apiserver-{UUID}`. Each kube-apiserver creates a
+[Lease](/docs/reference/generated/kubernetes-api/{{< param "version" >}}//#lease-v1-coordination-k8s-io)
+in the _kube-system_ {{< glossary_tooltip text="namespaces" term_id="namespace">}}.
+-->
+在启动引导过程中，每个 kube-apiserver 会给自己分配一个唯一 ID。
+该 ID 的格式是 `kube-apiserver-{UUID}`。
+每个 kube-apiserver 会在 _kube-system_ {{< glossary_tooltip text="名字空间" term_id="namespace">}} 里创建一个 [`Lease` 对象](/docs/reference/generated/kubernetes-api/{{< param "version" >}}//#lease-v1-coordination-k8s-io)。
+<!--
+The Lease name is the unique ID for the kube-apiserver. The Lease contains a
+label `k8s.io/component=kube-apiserver`. Each kube-apiserver refreshes its
+Lease every `IdentityLeaseRenewIntervalSeconds` (defaults to 10s). Each
+kube-apiserver also checks all the kube-apiserver identity Leases every
+`IdentityLeaseDurationSeconds` (defaults to 3600s), and deletes Leases that
+hasn't got refreshed for more than `IdentityLeaseDurationSeconds`.
+`IdentityLeaseRenewIntervalSeconds` and `IdentityLeaseDurationSeconds` can be
+configured by kube-apiserver flags `identity-lease-renew-interval-seconds`
+and `identity-lease-duration-seconds`.
+-->
+`Lease` 对象的名字是 kube-apiserver 的唯一 ID。
+`Lease` 对象包含一个标签 `k8s.io/component=kube-apiserver`。
+每个 kube-apiserver 每过 `IdentityLeaseRenewIntervalSeconds`（默认是 10 秒）就会刷新它的 `Lease` 对象。
+每个 kube-apiserver 每过 `IdentityLeaseDurationSeconds`（默认是 3600 秒）也会检查所有 kube-apiserver 的标识 `Lease` 对象，
+并且会删除超过 `IdentityLeaseDurationSeconds` 时间还没被刷新的 `Lease` 对象。
+可以在 kube-apiserver 的 `identity-lease-renew-interval-seconds`
+和 `identity-lease-duration-seconds` 标记里配置 `IdentityLeaseRenewIntervalSeconds` 和 `IdentityLeaseDurationSeconds`。
+
+<!--
+Enabling this feature is a prerequisite for using features that involve HA API
+server coordination (for example, the `StorageVersionAPI` feature gate).
+-->
+启用该功能是使用 HA API 服务器协调相关功能（例如，`StorageVersionAPI` 特性门控）的前提条件。
+
 <!--
 ## Additional reading
 
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md b/content/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
index 8cc9ec2368..1fd811f789 100644
--- a/content/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
@@ -108,7 +108,7 @@ Once you have a Linux-based Kubernetes control-plane node you are ready to choos
           "Network": "10.244.0.0/16",
           "Backend": {
             "Type": "vxlan",
-            "VNI" : 4096,
+            "VNI": 4096,
             "Port": 4789
           }
         }
@@ -136,7 +136,7 @@ Once you have a Linux-based Kubernetes control-plane node you are ready to choos
          "Network": "10.244.0.0/16",
          "Backend": {
             "Type": "vxlan",
-            "VNI" : 4096,
+            "VNI": 4096,
             "Port": 4789
        }
    }
diff --git a/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
index bfe410fe65..905d236d6d 100644
--- a/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
+++ b/content/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
@@ -2,7 +2,6 @@
 title: 升级 kubeadm 集群
 content_type: task
 weight: 20
-min-kubernetes-server-version: 1.19
 ---
 <!--
 reviewers:
@@ -17,10 +16,14 @@ min-kubernetes-server-version: 1.18
 
 <!--
 This page explains how to upgrade a Kubernetes cluster created with kubeadm from version
-1.18.x to version 1.19.x, and from version 1.19.x to 1.19.y (where `y > x`).
+{{< skew latestVersionAddMinor -1 >}}.x to version {{< skew latestVersion >}}.x, and from version
+{{< skew latestVersion >}}.x to {{< skew latestVersion >}}.y (where `y > x`). Skipping MINOR versions
+when upgrading is unsupported.
 -->
-本页介绍如何将 `kubeadm` 创建的 Kubernetes 集群从 1.18.x 版本升级到 1.19.x 版本，
-或者从版本 1.19.x 升级到 1.19.y ，其中 `y > x`。
+本页介绍如何将 `kubeadm` 创建的 Kubernetes 集群从 {{< skew latestVersionAddMinor -1 >}}.x 版本
+升级到 {{< skew latestVersion >}}.x 版本以及从 {{< skew latestVersion >}}.x
+升级到 {{< skew latestVersion >}}.y（其中 `y > x`）。略过次版本号的升级是
+不被支持的。
 
 <!--
 To see information about upgrading clusters created using older versions of kubeadm,
@@ -44,7 +47,7 @@ please refer to following pages instead:
 <!--
 The upgrade workflow at high level is the following:
 
-1. Upgrade the primary control plane node.
+1. Upgrade a primary control plane node.
 1. Upgrade additional control plane nodes.
 1. Upgrade worker nodes.
 -->
@@ -57,60 +60,55 @@ The upgrade workflow at high level is the following:
 ## {{% heading "prerequisites" %}}
 
 <!--
-- You need to have a kubeadm Kubernetes cluster running version 1.18.0 or later.
-- [Swap must be disabled](https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux).
-- The cluster should use a static control plane and etcd pods or external etcd.
 - Make sure you read the [release notes]({{< latest-release-notes >}}) carefully.
+- The cluster should use a static control plane and etcd pods or external etcd.
 - Make sure to back up any important components, such as app-level state stored in a database.
   `kubeadm upgrade` does not touch your workloads, only components internal to Kubernetes, but backups are always a best practice.
 -->
-- 你需要有一个由 `kubeadm` 创建并运行着 1.18.0 或更高版本的 Kubernetes 集群。
-- [禁用交换分区](https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux)。
-- 集群应使用静态的控制平面和 etcd Pod 或者 外部 etcd。
 - 务必仔细认真阅读[发行说明]({{< latest-release-notes >}})。
+- 集群应使用静态的控制平面和 etcd Pod 或者外部 etcd。
 - 务必备份所有重要组件，例如存储在数据库中应用层面的状态。
   `kubeadm upgrade` 不会影响你的工作负载，只会涉及 Kubernetes 内部的组件，但备份终究是好的。
+- [必须禁用交换分区](https://serverfault.com/questions/684771/best-way-to-disable-swap-in-linux)。
 
 <!--
 ### Additional information
 
+- [Draining nodes](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/) before kubelet MINOR version
+  upgrades is required. In the case of control plane nodes, they could be running CoreDNS Pods or other critical workloads.
 - All containers are restarted after upgrade, because the container spec hash value is changed.
-- You only can upgrade from one MINOR version to the next MINOR version,
-  or between PATCH versions of the same MINOR. That is, you cannot skip MINOR versions when you upgrade.
-  For example, you can upgrade from 1.y to 1.y+1, but not from 1.y to 1.y+2.
 -->
 ### 附加信息
 
+- 在对 kubelet 作次版本升级时需要[腾空节点](/zh/docs/tasks/administer-cluster/safely-drain-node/)。
+  对于控制面节点，其上可能运行着 CoreDNS Pods 或者其它非常重要的负载。
 - 升级后，因为容器规约的哈希值已更改，所有容器都会被重新启动。
-- 你只能从一个次版本升级到下一个次版本，或者在次版本相同时升级补丁版本。
-  也就是说，升级时不可以跳过次版本。
-  例如，你只能从 1.y 升级到 1.y+1，而不能从 from 1.y 升级到 1.y+2。
 
 <!-- steps -->
 
 <!--
 ## Determine which version to upgrade to
 
-Find the latest stable 1.19 version:
+Find the latest stable {{< skew latestVersion >}} version using the OS package manager:
 -->
 ## 确定要升级到哪个版本
 
-找到最新的稳定版 1.19：
+使用操作系统的包管理器找到最新的稳定 {{< skew latestVersion >}}：
 
 {{< tabs name="k8s_install_versions" >}}
 {{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
 ```
 apt update
 apt-cache policy kubeadm
-# 在列表中查找最新的 1.19 版本
-# 它看起来应该是 1.19.x-00 ，其中 x 是最新的补丁
+# 在列表中查找最新的 {{< skew latestVersion >}} 版本
+# 它看起来应该是 {{< skew latestVersion >}}.x-00，其中 x 是最新的补丁版本
 ```
 {{% /tab %}}
 {{% tab name="CentOS、RHEL 或 Fedora" %}}
 ```
 yum list --showduplicates kubeadm --disableexcludes=kubernetes
-# 在列表中查找最新的 1.19 版本
-# 它看起来应该是 1.19.x-0 ，其中 x 是最新的补丁版本
+# 在列表中查找最新的 {{< skew latestVersion >}} 版本
+# 它看起来应该是 {{< skew latestVersion >}}.x-0，其中 x 是最新的补丁版本
 ```
 {{% /tab %}}
 {{< /tabs >}}
@@ -118,44 +116,53 @@ yum list --showduplicates kubeadm --disableexcludes=kubernetes
 <!--
 ## Upgrade the control plane node
 
-### Upgrade the first control plane node
+The upgrade procedure on control plane nodes should be executed one node at a time.
+Pick a control plane node that you wish to upgrade first. It must have the `/etc/kubernetes/admin.conf` file.
+
+### Call "kubeadm upgrade"
 -->
 ## 升级控制平面节点
 
-### 升级第一个控制面节点
+控制面节点上的升级过程应该每次处理一个节点。
+首先选择一个要先行升级的控制面节点。该节点上必须拥有
+`/etc/kubernetes/admin.conf` 文件。
+
+### 执行 "kubeadm upgrade"
 
 <!--
-- On your first control plane node, upgrade kubeadm:
+**Upgrade the first control plane node**
 -->
--  在第一个控制平面节点上，升级 kubeadm :
+
+**升级第一个控制面节点**
+
+<!--
+- Upgrade kubeadm:
+-->
+- 升级 kubeadm：
 
 {{< tabs name="k8s_install_kubeadm_first_cp" >}}
 {{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
 ```shell
-# 用最新的修补程序版本替换 1.19.x-00 中的 x
+# 用最新的补丁版本号替换 {{< skew latestVersion >}}.x-00 中的 x
 apt-mark unhold kubeadm && \
-apt-get update && apt-get install -y kubeadm=1.19.x-00 && \
+apt-get update && apt-get install -y kubeadm={{< skew latestVersion >}}.x-00 && \
 apt-mark hold kubeadm
 -
 # 从 apt-get 1.1 版本起，你也可以使用下面的方法
 apt-get update && \
-apt-get install -y --allow-change-held-packages kubeadm=1.19.x-00
+apt-get install -y --allow-change-held-packages kubeadm={{< skew latestVersion >}}.x-00
 ```
 {{% /tab %}}
 {{% tab name="CentOS、RHEL 或 Fedora" %}}
 ```shell
-# 用最新的修补程序版本替换 1.19.x-0 中的 x
-yum install -y kubeadm-1.19.x-0 --disableexcludes=kubernetes
+# 用最新的补丁版本号替换 {{< skew latestVersion >}}.x-0 中的 x
+yum install -y kubeadm-{{< skew latestVersion >}}.x-0 --disableexcludes=kubernetes
 ```
 {{% /tab %}}
 {{< /tabs >}}
 
 <!--
 - Verify that the download works and has the expected version:
-
-  ```shell
-  kubeadm version
-  ```
 -->
 - 验证下载操作正常，并且 kubeadm 版本正确：
 
@@ -164,203 +171,65 @@ yum install -y kubeadm-1.19.x-0 --disableexcludes=kubernetes
   ```
 
 <!--
-- Drain the control plane node:
-  ```shell
-  # replace <cp-node-name> with the name of your control plane node
-  kubectl drain $CP_NODE -ignore-daemonsets
-  ```
+- Verify the upgrade plan:
 -->
-- 腾空控制平面节点：
+- 验证升级计划：
 
   ```shell
-  # 将 <cp-node-name> 替换为你自己的控制面节点名称
-  kubectl drain <cp-node-name> --ignore-daemonsets
-  ```
-
-<!--
-- On the control plane node, run:
--->
-- 在控制面节点上，运行:
-
-  ```shell
-  sudo kubeadm upgrade plan
-  ```
-
-  <!--
-  You should see output similar to this:
-  -->
-  你应该可以看到与下面类似的输出：
-
-  ```none
-  [upgrade/config] Making sure the configuration is correct:
-  [upgrade/config] Reading configuration from the cluster...
-  [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
-  [preflight] Running pre-flight checks.
-  [upgrade] Running cluster health checks
-  [upgrade] Fetching available versions to upgrade to
-  [upgrade/versions] Cluster version: v1.18.4
-  [upgrade/versions] kubeadm version: v1.19.0
-  [upgrade/versions] Latest stable version: v1.19.0
-  [upgrade/versions] Latest version in the v1.18 series: v1.18.4
-
-  Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
-  COMPONENT   CURRENT             AVAILABLE
-  Kubelet     1 x v1.18.4         v1.19.0
-
-  Upgrade to the latest version in the v1.18 series:
-
-  COMPONENT            CURRENT   AVAILABLE
-  API Server           v1.18.4   v1.19.0
-  Controller Manager   v1.18.4   v1.19.0
-  Scheduler            v1.18.4   v1.19.0
-  Kube Proxy           v1.18.4   v1.19.0
-  CoreDNS              1.6.7     1.7.0
-  Etcd                 3.4.3-0   3.4.7-0
-
-  You can now apply the upgrade by executing the following command:
-
-      kubeadm upgrade apply v1.19.0
-
-  _____________________________________________________________________
-
-    The table below shows the current state of component configs as understood by this version of kubeadm.
-    Configs that have a "yes" mark in the "MANUAL UPGRADE REQUIRED" column require manual config upgrade or
-    resetting to kubeadm defaults before a successful upgrade can be performed. The version to manually
-    upgrade to is denoted in the "PREFERRED VERSION" column.
-
-    API GROUP                 CURRENT VERSION   PREFERRED VERSION   MANUAL UPGRADE REQUIRED
-    kubeproxy.config.k8s.io   v1alpha1          v1alpha1            no
-    kubelet.config.k8s.io     v1beta1           v1beta1             no
-    _____________________________________________________________________
+  kubeadm upgrade plan
   ```
 
   <!--
   This command checks that your cluster can be upgraded, and fetches the versions you can upgrade to.
   It also shows a table with the component config version states.
   -->
-  此命令检查你的集群是否可以升级，并可以获取到升级的版本。
-  其中也显示了组件配置版本状态的表格。
+  此命令检查你的集群是否可被升级，并取回你要升级的目标版本。
+  命令也会显示一个包含组件配置版本状态的表格。
 
-<!--
-`kubeadm upgrade` also automatically renews the certificates that it manages on this node.
-To opt-out of certificate renewal the flag `-certificate-renewal=false` can be used.
-For more information see the [certificate management guide](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs).
--->
-{{< note >}}
-`kubeadm upgrade` 也会自动对它在此节点上管理的证书进行续约。
-如果选择不对证书进行续约，可以使用标志 `--certificate-renewal=false`。
-关于更多细节信息，可参见[证书管理指南](/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-certs)。
-{{</ note >}}
+  {{< note >}}
+  <!--
+  `kubeadm upgrade` also automatically renews the certificates that it manages on this node.
+  To opt-out of certificate renewal the flag `--certificate-renewal=false` can be used.
+  For more information see the [certificate management guide](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs).
+  -->
+  `kubeadm upgrade` 也会自动对 kubeadm 在节点上所管理的证书执行续约操作。
+  如果需要略过证书续约操作，可以使用标志 `--certificate-renewal=false`。
+  更多的信息，可参阅[证书管理指南](/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-certs)。
+  {{</ note >}}
 
-{{< note >}}
-<!--
-If `kubeadm upgrade plan` shows any component configs that require manual upgrade, users must provide
-a config file with replacement configs to `kubeadm upgrade apply` via the `--config` command line flag.
-Failing to do so will cause `kubeadm upgrade apply` to exit with an error and not perform an upgrade.
--->
-如果 `kubeadm upgrade plan` 显示有任何组件配置需要手动升级，则用户必须
-通过命令行参数 `--config` 给 `kubeadm upgrade apply` 操作
-提供带有替换配置的配置文件。
-{{</ note >}}
+  {{< note >}}
+  <!--
+  If `kubeadm upgrade plan` shows any component configs that require manual upgrade, users must provide
+  a config file with replacement configs to `kubeadm upgrade apply` via the `--config` command line flag.
+  Failing to do so will cause `kubeadm upgrade apply` to exit with an error and not perform an upgrade.
+  -->
+  如果 `kubeadm upgrade plan` 给出任何需要手动升级的组件配置，用户必须
+  通过 `--config` 命令行标志向 `kubeadm upgrade apply` 命令提供替代的配置文件。
+  如果不这样做，`kubeadm upgrade apply` 会出错并退出，不再执行升级操作。
+  {{</ note >}}
 
 <!--
 - Choose a version to upgrade to, and run the appropriate command. For example:
 
-    ```shell
-    # replace x with the patch version you picked for this upgrade
-    sudo kubeadm upgrade apply v1.19.x
-    ```
+  ```shell
+  # replace x with the patch version you picked for this upgrade
+  sudo kubeadm upgrade apply v{{< skew latestVersion >}}.x
+  ```
 -->
-- 选择要升级到的版本，然后运行相应的命令。例如:
+选择要升级到的目标版本，运行合适的命令。例如：
 
   ```shell
-  # 将 x 替换为你为此次升级所选的补丁版本号
-  sudo kubeadm upgrade apply v1.19.x
+  # 将 x 替换为你为此次升级所选择的补丁版本号
+  sudo kubeadm upgrade apply v{{< skew latestVersion >}}.x
   ```
 
   <!--
-  You should see output similar to this:
+  Once the command finishes you should see:
   -->
-  你应该可以看见与下面类似的输出：
+  一旦该命令结束，你应该会看到：
 
   ```
-  [upgrade/config] Making sure the configuration is correct:
-  [upgrade/config] Reading configuration from the cluster...
-  [upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
-  [preflight] Running pre-flight checks.
-  [upgrade] Running cluster health checks
-  [upgrade/version] You have chosen to change the cluster version to "v1.19.0"
-  [upgrade/versions] Cluster version: v1.18.4
-  [upgrade/versions] kubeadm version: v1.19.0
-  [upgrade/confirm] Are you sure you want to proceed with the upgrade? [y/N]: y
-  [upgrade/prepull] Pulling images required for setting up a Kubernetes cluster
-  [upgrade/prepull] This might take a minute or two, depending on the speed of your internet connection
-  [upgrade/prepull] You can also perform this action in beforehand using 'kubeadm config images pull'
-  [upgrade/apply] Upgrading your Static Pod-hosted control plane to version "v1.19.0"...
-  Static pod: kube-apiserver-kind-control-plane hash: b4c8effe84b4a70031f9a49a20c8b003
-  Static pod: kube-controller-manager-kind-control-plane hash: 9ac092f0ca813f648c61c4d5fcbf39f2
-  Static pod: kube-scheduler-kind-control-plane hash: 7da02f2c78da17af7c2bf1533ecf8c9a
-  [upgrade/etcd] Upgrading to TLS for etcd
-  Static pod: etcd-kind-control-plane hash: 171c56cd0e81c0db85e65d70361ceddf
-  [upgrade/staticpods] Preparing for "etcd" upgrade
-  [upgrade/staticpods] Renewing etcd-server certificate
-  [upgrade/staticpods] Renewing etcd-peer certificate
-  [upgrade/staticpods] Renewing etcd-healthcheck-client certificate
-  [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/etcd.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2020-07-13-16-24-16/etcd.yaml"
-  [upgrade/staticpods] Waiting for the kubelet to restart the component
-  [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
-  Static pod: etcd-kind-control-plane hash: 171c56cd0e81c0db85e65d70361ceddf
-  Static pod: etcd-kind-control-plane hash: 171c56cd0e81c0db85e65d70361ceddf
-  Static pod: etcd-kind-control-plane hash: 59e40b2aab1cd7055e64450b5ee438f0
-  [apiclient] Found 1 Pods for label selector component=etcd
-  [upgrade/staticpods] Component "etcd" upgraded successfully!
-  [upgrade/etcd] Waiting for etcd to become available
-  [upgrade/staticpods] Writing new Static Pod manifests to "/etc/kubernetes/tmp/kubeadm-upgraded-manifests999800980"
-  [upgrade/staticpods] Preparing for "kube-apiserver" upgrade
-  [upgrade/staticpods] Renewing apiserver certificate
-  [upgrade/staticpods] Renewing apiserver-kubelet-client certificate
-  [upgrade/staticpods] Renewing front-proxy-client certificate
-  [upgrade/staticpods] Renewing apiserver-etcd-client certificate
-  [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-apiserver.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2020-07-13-16-24-16/kube-apiserver.yaml"
-  [upgrade/staticpods] Waiting for the kubelet to restart the component
-  [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
-  Static pod: kube-apiserver-kind-control-plane hash: b4c8effe84b4a70031f9a49a20c8b003
-  Static pod: kube-apiserver-kind-control-plane hash: b4c8effe84b4a70031f9a49a20c8b003
-  Static pod: kube-apiserver-kind-control-plane hash: b4c8effe84b4a70031f9a49a20c8b003
-  Static pod: kube-apiserver-kind-control-plane hash: b4c8effe84b4a70031f9a49a20c8b003
-  Static pod: kube-apiserver-kind-control-plane hash: f717874150ba572f020dcd89db8480fc
-  [apiclient] Found 1 Pods for label selector component=kube-apiserver
-  [upgrade/staticpods] Component "kube-apiserver" upgraded successfully!
-  [upgrade/staticpods] Preparing for "kube-controller-manager" upgrade
-  [upgrade/staticpods] Renewing controller-manager.conf certificate
-  [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-controller-manager.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2020-07-13-16-24-16/kube-controller-manager.yaml"
-  [upgrade/staticpods] Waiting for the kubelet to restart the component
-  [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
-  Static pod: kube-controller-manager-kind-control-plane hash: 9ac092f0ca813f648c61c4d5fcbf39f2
-  Static pod: kube-controller-manager-kind-control-plane hash: b155b63c70e798b806e64a866e297dd0
-  [apiclient] Found 1 Pods for label selector component=kube-controller-manager
-  [upgrade/staticpods] Component "kube-controller-manager" upgraded successfully!
-  [upgrade/staticpods] Preparing for "kube-scheduler" upgrade
-  [upgrade/staticpods] Renewing scheduler.conf certificate
-  [upgrade/staticpods] Moved new manifest to "/etc/kubernetes/manifests/kube-scheduler.yaml" and backed up old manifest to "/etc/kubernetes/tmp/kubeadm-backup-manifests-2020-07-13-16-24-16/kube-scheduler.yaml"
-  [upgrade/staticpods] Waiting for the kubelet to restart the component
-  [upgrade/staticpods] This might take a minute or longer depending on the component/version gap (timeout 5m0s)
-  Static pod: kube-scheduler-kind-control-plane hash: 7da02f2c78da17af7c2bf1533ecf8c9a
-  Static pod: kube-scheduler-kind-control-plane hash: 260018ac854dbf1c9fe82493e88aec31
-  [apiclient] Found 1 Pods for label selector component=kube-scheduler
-  [upgrade/staticpods] Component "kube-scheduler" upgraded successfully!
-  [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
-  [kubelet] Creating a ConfigMap "kubelet-config-1.19" in namespace kube-system with the configuration for the kubelets in the cluster
-  [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
-  [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
-  [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
-  [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
-  [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
-  W0713 16:26:14.074656    2986 dns.go:282] the CoreDNS Configuration will not be migrated due to unsupported version of CoreDNS. The existing CoreDNS Corefile configuration and deployment has been retained.
-  [addons] Applied essential addon: CoreDNS
-  [addons] Applied essential addon: kube-proxy
-
-  [upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.19.0". Enjoy!
+  [upgrade/successful] SUCCESS! Your cluster was upgraded to "v{{< skew latestVersion >}}.x". Enjoy!
 
   [upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
   ```
@@ -368,96 +237,127 @@ Failing to do so will cause `kubeadm upgrade apply` to exit with an error and no
 <!--
 - Manually upgrade your CNI provider plugin.
 
-    Your Container Network Interface (CNI) provider may have its own upgrade instructions to follow.
-    Check the [addons](/docs/concepts/cluster-administration/addons/) page to
-    find your CNI provider and see whether additional upgrade steps are required.
+  Your Container Network Interface (CNI) provider may have its own upgrade instructions to follow.
+  Check the [addons](/docs/concepts/cluster-administration/addons/) page to
+  find your CNI provider and see whether additional upgrade steps are required.
 
-    This step is not required on additional control plane nodes if the CNI provider runs as a DaemonSet.
+  This step is not required on additional control plane nodes if the CNI provider runs as a DaemonSet.
 -->
 - 手动升级你的 CNI 驱动插件。
 
   你的容器网络接口（CNI）驱动应该提供了程序自身的升级说明。
-  参阅[插件](/zh/docs/concepts/cluster-administration/addons/)页面查找你 CNI 所提供的程序，
+  参阅[插件](/zh/docs/concepts/cluster-administration/addons/)页面查找你的 CNI 驱动，
   并查看是否需要其他升级步骤。
 
-  如果 CNI 提供程序作为 DaemonSet 运行，则在其他控制平面节点上不需要此步骤。
+  如果 CNI 驱动作为 DaemonSet 运行，则在其他控制平面节点上不需要此步骤。
 
 <!--
-- Uncordon the control plane node
-
-    ```shell
-    # replace <cp-node-name> with the name of your control plane node
-    kubectl uncordon <cp-node-name>
-    ```
+**For the other control plane nodes**
 -->
-- 取消对控制面节点的保护
-
-  ```shell
-  # 将 <cp-node-name> 替换为你的控制面节点名称
-  kubectl uncordon <cp-node-name>
-  ```
+**对于其它控制面节点**
 
 <!--
-### Upgrade additional control plane nodes
-
 Same as the first control plane node but use:
 -->
-### 升级其他控制面节点
-
-与第一个控制面节点类似，不过使用下面的命令：
+与第一个控制面节点相同，但是使用：
 
 ```
 sudo kubeadm upgrade node
 ```
 
-<!-- instead of: -->
+<!--
+instead of:
+-->
 而不是：
 
 ```
 sudo kubeadm upgrade apply
 ```
 
-<!-- Also `sudo kubeadm upgrade plan` is not needed. -->
-同时，也不需要执行 `sudo kubeadm upgrade plan`。
+<!--
+Also calling `kubeadm upgrade plan` and upgrading the CNI provider plugin is no longer needed.
+-->
+此外，不需要执行 `kubeadm upgrade plan` 和更新 CNI 驱动插件的操作。
+
+<!--
+### Drain the node
+
+-  Prepare the node for maintenance by marking it unschedulable and evicting the workloads:
+
+    ```shell
+    # replace <node-to-drain> with the name of your node you are draining
+    kubectl drain <node-to-drain> --ignore-daemonsets
+    ```
+-->
+### 腾空节点
+
+- 通过将节点标记为不可调度并腾空节点为节点作升级准备：
+
+  ```shell
+  # 将 <node-to-drain> 替换为你要腾空的控制面节点名称
+  kubectl drain <node-to-drain> --ignore-daemonsets
+  ```
 
 <!--
 ### Upgrade kubelet and kubectl
+
+-  Upgrade the kubelet and kubectl
 -->
 ### 升级 kubelet 和 kubectl
 
-{{< tabs name="k8s_install_kubelet" >}}
-{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
-```shell
-# 用最新的补丁版本替换 1.19.x-00 中的 x
-apt-mark unhold kubelet kubectl && \
-apt-get update && apt-get install -y kubelet=1.19.x-00 kubectl=1.19.x-00 && \
-apt-mark hold kubelet kubectl
+- 升级 kubelet 和 kubectl
 
-# 从 apt-get 的 1.1 版本开始，你也可以使用下面的方法：
+  {{< tabs name="k8s_install_kubelet" >}}
+  {{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
 
-apt-get update && \
-apt-get install -y --allow-change-held-packages kubelet=1.19.x-00 kubectl=1.19.x-00
-```
-{{% /tab %}}
-{{% tab name="CentOS、RHEL 或 Fedora" %}}
-
-用最新的补丁版本替换 1.19.x-00 中的 x
-
-```shell
-yum install -y kubelet-1.19.x-0 kubectl-1.19.x-0 --disableexcludes=kubernetes
-```
-{{% /tab %}}
-{{< /tabs >}}
+  <pre>
+  # 用最新的补丁版本替换 {{< skew latestVersion >}}.x-00 中的 x
+  apt-mark unhold kubelet kubectl && \
+  apt-get update && apt-get install -y kubelet={{< skew latestVersion >}}.x-00 kubectl={{< skew latestVersion >}}.x-00 && \
+  apt-mark hold kubelet kubectl
+  - 
+  # 从 apt-get 的 1.1 版本开始，你也可以使用下面的方法：
+  apt-get update && \
+  apt-get install -y --allow-change-held-packages kubelet={{< skew latestVersion >}}.x-00 kubectl={{< skew latestVersion >}}.x-00
+  </pre>
+  {{% /tab %}}
+  {{% tab name="CentOS、RHEL 或 Fedora" %}}
+ 
+  <pre> 
+  # 用最新的补丁版本号替换 {{< skew latestVersion >}}.x-00 中的 x
+  yum install -y kubelet-{{< skew latestVersion >}}.x-0 kubectl-{{< skew latestVersion >}}.x-0 --disableexcludes=kubernetes
+  </pre>
+  {{% /tab %}}
+  {{< /tabs >}}
 
 <!--
-Restart the kubelet
+- Restart the kubelet
 -->
-重启 kubelet
+- 重启 kubelet
 
-```shell
-sudo systemctl daemon-reload
-sudo systemctl restart kubelet
-```
+  ```shell
+  sudo systemctl daemon-reload
+  sudo systemctl restart kubelet
+  ```
+
+<!--
+### Uncordon the node
+
+- Bring the node back online by marking it schedulable:
+
+  ```shell
+  # replace <node-to-drain> with the name of your node
+  kubectl uncordon <node-to-drain>
+
+-->
+### 解除节点的保护
+
+- 通过将节点标记为可调度，让其重新上线：
+
+  ```shell
+  # 将 <node-to-drain> 替换为你的节点名称
+  kubectl uncordon <node-to-drain>
+  ```
 
 <!--
 ## Upgrade worker nodes
@@ -476,126 +376,99 @@ without compromising the minimum required capacity for running your workloads.
 ### 升级 kubeadm
 
 <!--
-- Upgrade kubeadm on all worker nodes:
+- Upgrade kubeadm:
 -->
-- 在所有工作节点升级 kubeadm:
-
-{{< tabs name="k8s_install_kubeadm_worker_nodes" >}}
-{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
-
-```shell
-# 将 1.19.x-00 中的 x 替换为最新的补丁版本
-apt-mark unhold kubeadm && \
-apt-get update && apt-get install -y kubeadm=1.19.x-00 && \
-apt-mark hold kubeadm
-
-# 从 apt-get 的 1.1 版本开始，你也可以使用下面的方法：
-
-apt-get update && \
-apt-get install -y --allow-change-held-packages kubeadm=1.19.x-00
-```
-
-{{% /tab %}}
-{{% tab name="CentOS、RHEL 或 Fedora" %}}
-
-```shell
-# 用最新的补丁版本替换 1.19.x-00 中的 x
-yum install -y kubeadm-1.19.x-0 --disableexcludes=kubernetes
-```
-{{% /tab %}}
-{{< /tabs >}}
-
-<!--
-### Drain the node
--->
-### 腾空节点
-
-<!--
-1.  Prepare the node for maintenance by marking it unschedulable and evicting the workloads. Run:
-
-    ```shell
-    # replace <node-to-drain> with the name of your node you are draining
-    kubectl drain <node-to-drain> --ignore-daemonsets
-
-    You should see output similar to this:
-
-    ```shell
-    node/ip-172-31-85-18 cordoned
-    WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-proxy-dj7d7, kube-system/weave-net-z65qx
-    node/ip-172-31-85-18 drained
-    ```
--->
-- 通过将节点标记为不可调度并逐出工作负载，为维护做好准备。运行：
+- 升级 kubeadm：
 
+  {{< tabs name="k8s_install_kubeadm_worker_nodes" >}}
+  {{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
+  
   ```shell
-  # 将 <node-to-drain> 替换为你正在腾空的节点的名称
-  kubectl drain <node-to-drain> --ignore-daemonsets
+  # 将 {{< skew latestVersion >}}.x-00 中的 x 替换为最新的补丁版本号
+  apt-mark unhold kubeadm && \
+  apt-get update && apt-get install -y kubeadm={{< skew latestVersion >}}.x-00 && \
+  apt-mark hold kubeadm
+  - 
+  # 从 apt-get 的 1.1 版本开始，你也可以使用下面的方法：
+  apt-get update && \
+  apt-get install -y --allow-change-held-packages kubeadm={{< skew latestVersion >}}.x-00
   ```
-
-  <!--
-  You should see output similar to this:
-  -->
-  你应该可以看见与下面类似的输出：
-
+  {{% /tab %}}
+  {{% tab name="CentOS、RHEL 或 Fedora" %}}
+  
   ```shell
-  node/ip-172-31-85-18 cordoned
-  WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-proxy-dj7d7, kube-system/weave-net-z65qx
-  node/ip-172-31-85-18 drained
+  # 用最新的补丁版本替换 {{< skew latestVersion >}}.x-00 中的 x
+  yum install -y kubeadm-{{< skew latestVersion >}}.x-0 --disableexcludes=kubernetes
   ```
+  {{% /tab %}}
+  {{< /tabs >}}
 
 <!--
-### Upgrade the kubelet config
--->
-### 升级 kubelet 配置
+### Call "kubeadm upgrade"
 
-<!--
-1.  Upgrade the kubelet config:
-
-    ```shell
-    sudo kubeadm upgrade node
-    ```
+-  For worker nodes this upgrades the local kubelet configuration:
 -->
-- 升级 kubelet 配置:
+### 执行 "kubeadm upgrade"
+
+- 对于工作节点，下面的命令会升级本地的 kubelet 配置：
 
   ```shell
   sudo kubeadm upgrade node
   ```
 
 <!--
-### Upgrade kubelet and kubectl
+### Drain the node
+
+- Prepare the node for maintenance by marking it unschedulable and evicting the workloads:
+
+  ```shell
+  # replace <node-to-drain> with the name of your node you are draining
+  kubectl drain <node-to-drain> --ignore-daemonsets
+  ```
 -->
-### 升级 kubelet 与 kubectl
+### 腾空节点
+
+- 将节点标记为不可调度并驱逐所有负载，准备节点的维护：
+
+  ```shell
+  # 将 <node-to-drain> 替换为你正在腾空的节点的名称
+  kubectl drain <node-to-drain> --ignore-daemonsets
+  ```
 
 <!--
--  Upgrade the kubelet and kubectl on all worker nodes:
+### Upgrade kubelet and kubectl
 -->
-- 在所有工作节点上升级 kubelet 和 kubectl： 
+### 升级 kubelet 和 kubectl
 
-{{< tabs name="k8s_kubelet_and_kubectl" >}}
-{{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
+<!--
+-  Upgrade the kubelet and kubectl:
+-->
+- 升级 kubelet 和 kubectl：
 
-```shell
-# 将 1.19.x-00 中的 x 替换为最新的补丁版本
-apt-mark unhold kubelet kubectl && \
-apt-get update && apt-get install -y kubelet=1.19.x-00 kubectl=1.19.x-00 && \
-apt-mark hold kubelet kubectl
-
-# 从 apt-get 的 1.1 版本开始，你也可以使用下面的方法：
-
-apt-get update && \
-apt-get install -y --allow-change-held-packages kubelet=1.19.x-00 kubectl=1.19.x-00
-```
-
-{{% /tab %}}
-{{% tab name="CentOS, RHEL or Fedora" %}}
-
-```shell
-# 将 1.18.x-00 中的 x 替换为最新的补丁版本
-yum install -y kubelet-1.19.x-0 kubectl-1.19.x-0 --disableexcludes=kubernetes
-```
-
-{{% /tab %}}
-{{< /tabs >}}
+  {{< tabs name="k8s_kubelet_and_kubectl" >}}
+  {{% tab name="Ubuntu、Debian 或 HypriotOS" %}}
+  
+  ```shell
+  # 将 {{< skew latestVersion >}}.x-00 中的 x 替换为最新的补丁版本
+  apt-mark unhold kubelet kubectl && \
+  apt-get update && apt-get install -y kubelet={{< skew latestVersion >}}.x-00 kubectl={{< skew latestVersion >}}.x-00 && \
+  apt-mark hold kubelet kubectl
+  
+  # 从 apt-get 的 1.1 版本开始，你也可以使用下面的方法：
+  
+  apt-get update && \
+  apt-get install -y --allow-change-held-packages kubelet={{< skew latestVersion >}}.x-00 kubectl={{< skew latestVersion >}}.x-00
+  ```
+  
+  {{% /tab %}}
+  {{% tab name="CentOS, RHEL or Fedora" %}}
+  
+  ```shell
+  # 将 {{< skew latestVersion >}}.x-0 x 替换为最新的补丁版本
+  yum install -y kubelet-{{< skew latestVersion >}}.x-0 kubectl-{{< skew latestVersion >}}.x-0 --disableexcludes=kubernetes
+  ```
+  {{% /tab %}}
+  {{< /tabs >}}
 
 <!--
 - Restart the kubelet
@@ -634,7 +507,8 @@ yum install -y kubelet-1.19.x-0 kubectl-1.19.x-0 --disableexcludes=kubernetes
 <!--
 ## Verify the status of the cluster
 
-After the kubelet is upgraded on all nodes verify that all nodes are available again by running the following command from anywhere kubectl can access the cluster:
+After the kubelet is upgraded on all nodes verify that all nodes are available again by running the following command
+from anywhere kubectl can access the cluster:
 
 ```shell
 kubectl get nodes
@@ -642,7 +516,8 @@ kubectl get nodes
 -->
 ## 验证集群的状态
 
-在所有节点上升级 kubelet 后，通过从 kubectl 可以访问集群的任何位置运行以下命令，验证所有节点是否再次可用：
+在所有节点上升级 kubelet 后，通过从 kubectl 可以访问集群的任何位置运行以下命令，
+验证所有节点是否再次可用：
 
 ```shell
 kubectl get nodes
@@ -659,13 +534,14 @@ The `STATUS` column should show `Ready` for all your nodes, and the version numb
 If `kubeadm upgrade` fails and does not roll back, for example because of an unexpected shutdown during execution, you can run `kubeadm upgrade` again.
 This command is idempotent and eventually makes sure that the actual state is the desired state you declare.
 
-To recover from a bad state, you can also run `kubeadm upgrade --force` without changing the version that your cluster is running.
+To recover from a bad state, you can also run `kubeadm upgrade--force` without changing the version that your cluster is running.
 -->
 ## 从故障状态恢复
 
-如果 `kubeadm upgrade` 失败并且没有回滚，例如由于执行期间意外关闭，你可以再次运行 `kubeadm upgrade`。
-此命令是幂等的，并最终确保实际状态是你声明的所需状态。
-要从故障状态恢复，你还可以运行 `kubeadm upgrade --force` 而不去更改集群正在运行的版本。
+如果 `kubeadm upgrade` 失败并且没有回滚，例如由于执行期间节点意外关闭，
+你可以再次运行 `kubeadm upgrade`。
+此命令是幂等的，并最终确保实际状态是你声明的期望状态。
+要从故障状态恢复，你还可以运行 `kubeadm upgrade --force` 而无需更改集群正在运行的版本。
 
 <!--
 During upgrade kubeadm writes the following backup folders under `/etc/kubernetes/tmp`:
@@ -729,6 +605,7 @@ and post-upgrade manifest file for a certain component, a backup file for it wil
 
 <!--
 `kubeadm upgrade node` does the following on additional control plane nodes:
+
 - Fetches the kubeadm `ClusterConfiguration` from the cluster.
 - Optionally backups the kube-apiserver certificate.
 - Upgrades the static Pod manifests for the control plane components.
@@ -737,7 +614,7 @@ and post-upgrade manifest file for a certain component, a backup file for it wil
 `kubeadm upgrade node` 在其他控制平节点上执行以下操作：
 
 - 从集群中获取 kubeadm `ClusterConfiguration`。
-- 可选地备份 kube-apiserver 证书。
+- （可选操作）备份 kube-apiserver 证书。
 - 升级控制平面组件的静态 Pod 清单。
 - 为本节点升级 kubelet 配置
 
@@ -746,11 +623,9 @@ and post-upgrade manifest file for a certain component, a backup file for it wil
 
 - Fetches the kubeadm `ClusterConfiguration` from the cluster.
 - Upgrades the kubelet configuration for this node.
-- Upgrades the static Pod manifests for the control plane components.
-- Upgrades the kubelet configuration for this node.
 -->
 `kubeadm upgrade node` 在工作节点上完成以下工作：
 
 - 从集群取回 kubeadm `ClusterConfiguration`。 
-- 为本节点升级 kubelet 配置
+- 为本节点升级 kubelet 配置。
 
diff --git a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md
new file mode 100755
index 0000000000..1f3e2b823a
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md
@@ -0,0 +1,42 @@
+---
+title: "从 dockershim 迁移"
+weight: 10
+content_type: task 
+---
+<!-- 
+title: "Migrating from dockershim"
+weight: 10
+content_type: task 
+-->
+
+<!-- overview -->
+
+<!-- 
+This section presents information you need to know when migrating from
+dockershim to other container runtimes.
+-->
+本节提供从 dockershim 迁移到其他容器运行时的必备知识。
+
+<!-- 
+Since the announcement of [dockershim deprecation](/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)
+in Kubernetes 1.20, there were questions on how this will affect various workloads and Kubernetes
+installations. You can find this blog post useful to understand the problem better: [Dockershim Deprecation FAQ](/blog/2020/12/02/dockershim-faq/)
+-->
+自从 Kubernetes 1.20 宣布
+[弃用 dockershim](/zh/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)，
+各类疑问随之而来：这对各类工作负载和 Kubernetes 部署会产生什么影响。
+你会发现这篇博文对于更好地理解此问题非常有用：
+[弃用 Dockershim 常见问题](/zh/blog/2020/12/02/dockershim-faq/)
+
+<!-- It is recommended to migrate from dockershim to alternative container runtimes.
+Check out [container runtimes](/docs/setup/production-environment/container-runtimes/)
+section to know your options. Make sure to
+[report issues](https://github.com/kubernetes/kubernetes/issues) you encountered
+with the migration. So the issue can be fixed in a timely manner and your cluster would be
+ready for dockershim removal.
+-->
+建议从 dockershim 迁移到其他替代的容器运行时。
+请参阅[容器运行时](/zh/docs/setup/production-environment/container-runtimes/)
+一节以了解可用的备选项。
+当在迁移过程中遇到麻烦，请[上报问题](https://github.com/kubernetes/kubernetes/issues)。
+那么问题就可以及时修复，你的集群也可以进入移除 dockershim 前的就绪状态。
diff --git a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md
new file mode 100644
index 0000000000..e3d8d89d94
--- /dev/null
+++ b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md
@@ -0,0 +1,164 @@
+---
+title: 检查弃用 Dockershim 对你的影响
+content_type: task 
+weight: 20
+---
+<!-- 
+title: Check whether Dockershim deprecation affects you
+content_type: task 
+reviewers:
+- SergeyKanzhelev
+weight: 20
+-->
+
+<!-- overview -->
+
+<!-- 
+The `dockershim` component of Kubernetes allows to use Docker as a Kubernetes's
+{{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}.
+Kubernetes' built-in `dockershim` component was deprecated in release v1.20.
+-->
+Kubernetes 的 `dockershim` 组件使得你可以把 Docker 用作 Kubernetes 的
+{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}。
+在 Kubernetes v1.20 版本中，内建组件 `dockershim` 被弃用。
+
+<!-- 
+This page explains how your cluster could be using Docker as a container runtime,
+provides details on the role that `dockershim` plays when in use, and shows steps
+you can take to check whether any workloads could be affected by `dockershim` deprecation.
+-->
+本页讲解你的集群把 Docker 用作容器运行时的运作机制，
+并提供使用 `dockershim` 时，它所扮演角色的详细信息，
+继而展示了一组验证步骤，可用来检查弃用 `dockershim` 对你的工作负载的影响。
+
+<!-- 
+## Finding if your app has a dependencies on Docker {#find-docker-dependencies} 
+-->
+## 检查你的应用是否依赖于 Docker {#find-docker-dependencies}
+
+<!-- 
+If you are using Docker for building your application containers, you can still
+run these containers on any container runtime. This use of Docker does not count
+as a dependency on Docker as a container runtime.
+-->
+虽然你通过 Docker 创建了应用容器，但这些容器却可以运行于所有容器运行时。
+所以这种使用 Docker 容器运行时的方式并不构成对 Docker 的依赖。
+
+<!-- 
+When alternative container runtime is used, executing Docker commands may either
+not work or yield unexpected output. This is how you can find whether you have a
+dependency on Docker:
+-->
+当用了替代的容器运行时之后，Docker 命令可能不工作，甚至产生意外的输出。
+这才是判定你是否依赖于 Docker 的方法。
+
+<!-- 
+1. Make sure no privileged Pods execute Docker commands.
+2. Check that scripts and apps running on nodes outside of Kubernetes
+   infrastructure do not execute Docker commands. It might be:
+   - SSH to nodes to troubleshoot;
+   - Node startup scripts;
+   - Monitoring and security agents installed on nodes directly.
+3. Third-party tools that perform above mentioned privileged operations. See
+   [Migrating telemetry and security agents from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents)
+   for more information.
+4. Make sure there is no indirect dependencies on dockershim behavior.
+   This is an edge case and unlikely to affect your application. Some tooling may be configured
+   to react to Docker-specific behaviors, for example, raise alert on specific metrics or search for
+   a specific log message as part of troubleshooting instructions.
+   If you have such tooling configured, test the behavior on test
+   cluster before migration.
+ -->
+1. 确认没有特权 Pod 执行 docker 命令。
+2. 检查 Kubernetes 基础架构外部节点上的脚本和应用，确认它们没有执行 Docker 命令。可能的命令有：
+   - SSH 到节点排查故障；
+   - 节点启动脚本；
+   - 直接安装在节点上的监视和安全代理。
+3. 检查执行了上述特权操作的第三方工具。详细操作请参考:
+   [从 dockershim 迁移遥测和安全代理](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents/)
+4. 确认没有对 dockershim 行为的间接依赖。这是一种极端情况，不太可能影响你的应用。
+   一些工具很可能被配置为使用了 Docker 特性，比如，基于特定指标发警报，或者在故障排查指令的一个环节中搜索特定的日志信息。
+   如果你有此类配置的工具，需要在迁移之前，在测试集群上完成功能验证。
+
+
+<!-- 
+## Dependency on Docker explained {#role-of-dockershim}  
+-->
+## Docker 依赖详解 {#role-of-dockershim}
+
+<!-- 
+A [container runtime](/docs/concepts/containers/#container-runtimes) is software that can
+execute the containers that make up a Kubernetes pod. Kubernetes is responsible for orchestration
+and scheduling of Pods; on each node, the {{< glossary_tooltip text="kubelet" term_id="kubelet" >}}
+uses the container runtime interface as an abstraction so that you can use any compatible
+container runtime.
+ -->
+[容器运行时](/zh/docs/concepts/containers/#container-runtimes)是一个软件，用来运行组成 Kubernetes Pod 的容器。
+Kubernetes 负责编排和调度 Pod；在每一个节点上，
+{{< glossary_tooltip text="kubelet" term_id="kubelet" >}}
+使用抽象的容器运行时接口，所以你可以任意选用兼容的容器运行时。
+
+<!-- 
+In its earliest releases, Kubernetes offered compatibility with just one container runtime: Docker.
+Later in the Kubernetes project's history, cluster operators wanted to adopt additional container runtimes.
+The CRI was designed to allow this kind of flexibility - and the kubelet began supporting CRI. However,
+because Docker existed before the CRI specification was invented, the Kubernetes project created an
+adapter component, `dockershim`. The dockershim adapter allows the kubelet to interact with Docker as
+if Docker were a CRI compatible runtime.
+ -->
+在早期版本中，Kubernetes 提供的兼容性只支持一个容器运行时：Docker。
+在 Kubernetes 发展历史中，集群运营人员希望采用更多的容器运行时。
+于是 CRI 被设计出来满足这类灵活性需要 - 而 kubelet 亦开始支持 CRI。
+然而，因为 Docker 在 CRI 规范创建之前就已经存在，Kubernetes 就创建了一个适配器组件：`dockershim`。
+dockershim 适配器允许 kubelet 与 Docker交互，就好像 Docker 是一个 CRI 兼容的运行时一样。
+
+<!-- 
+You can read about it in [Kubernetes Containerd integration goes GA](/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/) blog post.
+ -->
+你可以阅读博文
+[Kubernetes 容器集成功能的正式发布](/zh/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/)
+
+<!-- Dockershim vs. CRI with Containerd -->
+![Dockershim 和 Containerd CRI 的实现对比图](/images/blog/2018-05-24-kubernetes-containerd-integration-goes-ga/cri-containerd.png)
+
+<!-- 
+Switching to Containerd as a container runtime eliminates the middleman. All the
+same containers can be run by container runtimes like Containerd as before. But
+now, since containers schedule directly with the container runtime, they are not visible to Docker.
+So any Docker tooling or fancy UI you might have used
+before to check on these containers is no longer available.
+ -->
+切换到容器运行时 Containerd 可以消除掉中间环节。
+所有以前遗留的容器可由 Containerd 这类容器运行时来运行和管理，操作体验也和以前一样。
+但是现在，由于直接用容器运行时调度容器，所以它们对 Docker 来说是不可见的。
+因此，你以前用来检查这些容器的 Docker 工具或漂亮的 UI 都不再可用。
+
+<!-- 
+You cannot get container information using `docker ps` or `docker inspect`
+commands. As you cannot list containers, you cannot get logs, stop containers,
+or execute something inside container using `docker exec`.
+ -->
+你不能再使用 `docker ps` 或 `docker inspect` 命令来获取容器信息。
+由于你不能列出容器，因此你不能获取日志、停止容器，甚至不能通过 `docker exec` 在容器中执行命令。
+
+<!-- 
+If you're running workloads via Kubernetes, the best way to stop a container is through
+the Kubernetes API rather than directly through the container runtime (this advice applies
+for all container runtimes, not just Docker).
+ -->
+{{< note >}}
+
+如果你用 Kubernetes 运行工作负载，最好通过 Kubernetes API停止容器，而不是通过容器运行时
+（此建议适用于所有容器运行时，不仅仅是针对 Docker）。
+
+{{< /note >}}
+
+<!-- 
+You can still pull images or build them using `docker build` command. But images
+built or pulled by Docker would not be visible to container runtime and
+Kubernetes. They needed to be pushed to some registry to allow them to be used
+by Kubernetes.
+ -->
+你仍然可以下载镜像，或者用 `docker build` 命令创建它们。
+但用 Docker 创建、下载的镜像，对于容器运行时和 Kubernetes，均不可见。
+为了在 Kubernetes 中使用，需要把镜像推送（push）到某注册中心。
diff --git a/content/zh/docs/tasks/administer-cluster/nodelocaldns.md b/content/zh/docs/tasks/administer-cluster/nodelocaldns.md
index 8654e98818..64cd1a02c6 100644
--- a/content/zh/docs/tasks/administer-cluster/nodelocaldns.md
+++ b/content/zh/docs/tasks/administer-cluster/nodelocaldns.md
@@ -16,6 +16,7 @@ content_type: task
 -->
 
 <!-- overview -->
+{{< feature-state for_k8s_version="v1.18" state="stable" >}}
 <!--
 This page provides an overview of NodeLocal DNSCache feature in Kubernetes.
 -->
@@ -103,57 +104,107 @@ This is the path followed by DNS Queries after NodeLocal DNSCache is enabled:
 ## Configuration
 -->
 ## 配置
+<!--
+{{< note >}} The local listen IP address for NodeLocal DNSCache can be any address that can be guaranteed to not collide with any existing IP in your cluster. It's recommended to use an address with a local scope, per example, from the link-local range 169.254.0.0/16 for IPv4 or from the Unique Local Address range in IPv6 fd00::/8.
+{{< /note >}}
+-->
+{{< note >}} 
+NodeLocal DNSCache 的本地侦听 IP 地址可以是任何地址，只要该地址不和你的集群里现有的 IP 地址发生冲突。
+推荐使用本地范围内的地址，例如，IPv4 链路本地区段 169.254.0.0/16 内的地址，
+或者 IPv6 唯一本地地址区段 fd00::/8 内的地址。
+{{< /note >}}
 
 <!--
-This feature can be enabled using the command:
+This feature can be enabled using the following steps:
 -->
-可以使用以下命令启用此功能：
-
-`KUBE_ENABLE_NODELOCAL_DNS=true go run hack/e2e.go -v --up`
+可以使用以下步骤启动此功能：
 
 <!--
-This works for e2e clusters created on GCE. On all other environments, the following steps will setup NodeLocal DNSCache:
+* Prepare a manifest similar to the sample [`nodelocaldns.yaml`](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml) and save it as `nodelocaldns.yaml.`
 -->
-这适用于在 GCE 上创建 e2e 集群。
-在所有其他环境上，以下步骤将设置 NodeLocal DNSCache ：
+* 根据示例 [`nodelocaldns.yaml`](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml) 
+  准备一个清单，把它保存为 `nodelocaldns.yaml`。
+<!--
+* If using IPv6, the CoreDNS configuration file need to enclose all the IPv6 addresses into square brackets if used in IP:Port format. 
+If you are using the sample manifest from the previous point, this will require to modify [the configuration line L70](https://github.com/kubernetes/kubernetes/blob/b2ecd1b3a3192fbbe2b9e348e095326f51dc43dd/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml#L70) like this `health [__PILLAR__LOCAL__DNS__]:8080`
+-->
+* 如果使用 IPv6，在使用 IP:Port 格式的时候需要把 CoreDNS 配置文件里的所有 IPv6 地址用方括号包起来。
+  如果你使用上述的示例清单，需要把 [配置行 L70](https://github.com/kubernetes/kubernetes/blob/b2ecd1b3a3192fbbe2b9e348e095326f51dc43dd/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml#L70) 
+  修改为 `health [__PILLAR__LOCAL__DNS__]:8080`。
+<!--
+* Substitute the variables in the manifest with the right values:
+
+     * kubedns=`kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}`
+
+     * domain=`<cluster-domain>`
+
+     * localdns=`<node-local-address>`
+
+     `<cluster-domain>` is "cluster.local" by default. `<node-local-address>` is the local listen IP address chosen for NodeLocal DNSCache.
+-->
+* 把清单里的变量更改为正确的值：
+     * kubedns=`kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}`
+
+     * domain=`<cluster-domain>`
+
+     * localdns=`<node-local-address>`
+
+     `<cluster-domain>` 的默认值是 "cluster.local"。 `<node-local-address>` 是 NodeLocal DNSCache 选择的本地侦听 IP 地址。
 
 <!--
-* A yaml similar to [this](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml) can be applied using `kubectl create -f` command.
--->
-* 可以使用 `kubectl create -f` 命令应用类似于[这个](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml)的 Yaml 。
+   * If kube-proxy is running in IPTABLES mode:
 
+     ``` bash
+     sed -i "s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/__PILLAR__DNS__SERVER__/$kubedns/g" nodelocaldns.yaml
+     ```
+
+     `__PILLAR__CLUSTER__DNS__` and `__PILLAR__UPSTREAM__SERVERS__` will be populated by the node-local-dns pods.
+     In this mode, node-local-dns pods listen on both the kube-dns service IP as well as `<node-local-address>`, so pods can lookup DNS records using either IP address.
+-->   
+   * 如果 kube-proxy 运行在 IPTABLES 模式：
+
+     ``` bash
+     sed -i "s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/__PILLAR__DNS__SERVER__/$kubedns/g" nodelocaldns.yaml
+     ```
+
+     node-local-dns Pods 会设置 `__PILLAR__CLUSTER__DNS__` 和 `__PILLAR__UPSTREAM__SERVERS__`。
+     在此模式下, node-local-dns Pods 会同时侦听 kube-dns 服务的 IP 地址和 `<node-local-address>` 的地址，
+     以便 Pods 可以使用其中任何一个 IP 地址来查询 DNS 记录。
 <!--
-* --cluster-dns flag to kubelet needs to be modified to use the LOCAL_DNS IP that NodeLocal DNSCache is listening on (169.254.20.10 by default)
+  * If kube-proxy is running in IPVS mode:
+
+    ``` bash
+     sed -i "s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g" nodelocaldns.yaml
+    ```
+     In this mode, node-local-dns pods listen only on `<node-local-address>`. The node-local-dns interface cannot bind the kube-dns cluster IP since the interface used for IPVS loadbalancing already uses this address.
+     `__PILLAR__UPSTREAM__SERVERS__` will be populated by the node-local-dns pods.
 -->
-* 需要修改 kubelet 的 --cluster-dns 标志以使用 NodeLocal DNSCache 正在侦听的 LOCAL_DNS IP（默认为 169.254.20.10 ）
+   * 如果 kube-proxy 运行在 IPVS 模式：
+
+     ``` bash
+     sed -i "s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g" nodelocaldns.yaml
+     ```
+
+     在此模式下，node-local-dns Pods 只会侦听 `<node-local-address>` 的地址。
+     node-local-dns 接口不能绑定 kube-dns 的集群 IP 地址，因为 IPVS 负载均衡
+     使用的接口已经占用了该地址。
+     node-local-dns Pods 会设置 `__PILLAR__UPSTREAM__SERVERS__`。
+     
+<!--
+* Run `kubectl create -f nodelocaldns.yaml`
+* If using kube-proxy in IPVS mode, `--cluster-dns` flag to kubelet needs to be modified to use `<node-local-address>` that NodeLocal DNSCache is listening on.
+  Otherwise, there is no need to modify the value of the `--cluster-dns` flag, since NodeLocal DNSCache listens on both the kube-dns service IP as well as `<node-local-address>`.
+-->
+* 运行 `kubectl create -f nodelocaldns.yaml`
+* 如果 kube-proxy 运行在 IPVS 模式，需要修改 kubelet 的 `--cluster-dns` 参数为 NodeLocal DNSCache 正在侦听的 `<node-local-address>` 地址。
+  否则，不需要修改 `--cluster-dns` 参数，因为 NodeLocal DNSCache 会同时侦听 kube-dns 服务的 IP 地址和 `<node-local-address>` 的地址。
 
 <!--
 Once enabled, node-local-dns Pods will run in the kube-system namespace on each of the cluster nodes. This Pod runs [CoreDNS](https://github.com/coredns/coredns) in cache mode, so all CoreDNS metrics exposed by the different plugins will be available on a per-node basis.
+
+You can disable this feature by removing the DaemonSet, using `kubectl delete -f <manifest>` . You should also revert any changes you made to the kubelet configuration.
 -->
-启用后，node-local-dns Pods 将在每个集群节点上的 kube-system 名称空间中运行。
+启用后，node-local-dns Pods 将在每个集群节点上的 kube-system 名字空间中运行。
 此 Pod 在缓存模式下运行 [CoreDNS](https://github.com/coredns/coredns) ，因此每个节点都可以使用不同插件公开的所有 CoreDNS 指标。
 
-<!--
-### Feature availability
--->
-### 功能可用性
-
-<!--
-The addon can be applied using the yaml specified above in any k8s version. The feature support is as described:
--->
-可以在任何 K8s 版本中使用上面指定的 yaml 应用该插件。
-功能支持如下所述：
-
-<!--
-| k8s version | Feature support |
-| :---------: |:-----------:|
-| 1.15 | Beta(Not enabled by default) |
-| 1.13 | Alpha(Not enabled by default) |
--->
-| k8s 版本 | 功能支持 |
-| :---------: |:-----------:|
-| 1.15 | Beta(默认情况下未启用) |
-| 1.13 | Alpha(默认情况下未启用) |
-
- 
-
+如果要禁用该功能，你可以使用 `kubectl delete -f <manifest>` 来删除 DaemonSet。你还应该恢复你对 kubelet 配置所做的所有改动。
diff --git a/content/zh/docs/tasks/administer-cluster/out-of-resource.md b/content/zh/docs/tasks/administer-cluster/out-of-resource.md
index 33646a5e09..dd6d5afad3 100644
--- a/content/zh/docs/tasks/administer-cluster/out-of-resource.md
+++ b/content/zh/docs/tasks/administer-cluster/out-of-resource.md
@@ -219,25 +219,28 @@ The `kubelet` has the following default hard eviction threshold:
 
 * `memory.available<100Mi`
 * `nodefs.available<10%`
-* `nodefs.inodesFree<5%`
 * `imagefs.available<15%`
+
+On a Linux node, the default value also includes `nodefs.inodesFree<5%`.
+
 -->
 #### 硬驱逐阈值
 
-硬驱逐阈值没有宽限期，一旦察觉，`kubelet`将立即采取行动回收关联的短缺资源。
-如果满足硬驱逐阈值，`kubelet`将立即结束 pod 而不是优雅终止。
+硬驱逐阈值没有宽限期，一旦察觉，`kubelet` 将立即采取行动回收关联的短缺资源。
+如果满足硬驱逐阈值，`kubelet` 将立即结束 Pod 而不是体面地终止它们。
 
 硬驱逐阈值的配置支持下列标记：
 
-* `eviction-hard` 描述了驱逐阈值的集合（例如 `memory.available<1Gi`），如果满足条件将触发 pod 驱逐。
+* `eviction-hard` 描述了驱逐阈值的集合（例如 `memory.available<1Gi`），如果满足条件将触发 Pod 驱逐。
 
 `kubelet` 有如下所示的默认硬驱逐阈值：
 
 * `memory.available<100Mi`
 * `nodefs.available<10%`
-* `nodefs.inodesFree<5%`
 * `imagefs.available<15%`
 
+在Linux节点上，默认值还包括 `nodefs.inodesFree<5％`。
+
 <!--
 ### Eviction Monitoring Interval
 
@@ -273,6 +276,7 @@ The following node conditions are defined that correspond to the specified evict
 |-------------------------|-------------------------------|--------------------------------------------|
 | `MemoryPressure` | `memory.available` | Available memory on the node has satisfied an eviction threshold |
 | `DiskPressure` | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, or `imagefs.inodesFree` | Available disk space and inodes on either the node's root filesystem or image filesystem has satisfied an eviction threshold |
+| `PIDPressure`     | `pid.available`                                                                       | Available processes identifiers on the (Linux) node has fallen below an eviction threshold                                   |   
 
 The `kubelet` continues to report node status updates at the frequency specified by
 `--node-status-update-frequency` which defaults to `10s`.
@@ -283,6 +287,7 @@ The `kubelet` continues to report node status updates at the frequency specified
 |-------------------------|-------------------------------|--------------------------------------------|
 | `MemoryPressure` | `memory.available` | 节点上可用内存量达到逐出阈值 |
 | `DiskPressure` | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, 或 `imagefs.inodesFree` | 节点或者节点的根文件系统或镜像文件系统上可用磁盘空间和 i 节点个数达到逐出阈值 |
+| `PIDPressure`     | `pid.available`                                                                       | 在（Linux）节点上的可用进程标识符已降至驱逐阈值以下                                   |   
 
 `kubelet` 将以 `--node-status-update-frequency` 指定的频率连续报告节点状态更新，其默认值为 `10s`。
 
diff --git a/content/zh/docs/tasks/administer-cluster/topology-manager.md b/content/zh/docs/tasks/administer-cluster/topology-manager.md
index d197f5dcf7..fe50dbe606 100644
--- a/content/zh/docs/tasks/administer-cluster/topology-manager.md
+++ b/content/zh/docs/tasks/administer-cluster/topology-manager.md
@@ -92,25 +92,37 @@ Support for the Topology Manager requires `TopologyManager` [feature gate](/docs
 从 Kubernetes 1.18 版本开始，这一特性默认是启用的。
 
 <!--
-### Topology Manager Policies
+### Topology Manager Scopes and Policies
 
 The Topology Manager currently:
-
  - Aligns Pods of all QoS classes.
  - Aligns the requested resources that Hint Provider provides topology hints for.
 -->
-### 拓扑管理器策略
+### 拓扑管理器作用域和策略
 
 拓扑管理器目前：
-
 - 对所有 QoS 类的 Pod 执行对齐操作
 - 针对建议提供者所提供的拓扑建议，对请求的资源进行对齐
 
 <!--
-If these conditions are met, Topology Manager will align the requested resources.
+If these conditions are met, the Topology Manager will align the requested resources.
+
+In order to customise how this alignment is carried out, the Topology Manager provides two distinct knobs: `scope` and `policy`.
 -->
 如果满足这些条件，则拓扑管理器将对齐请求的资源。
 
+为了定制如何进行对齐，拓扑管理器提供了两种不同的方式：`scope` 和 `policy`。
+
+<!--
+The `scope` defines the granularity at which you would like resource alignment to be performed (e.g. at the `pod` or `container` level). And the `policy` defines the actual strategy used to carry out the alignment (e.g. `best-effort`, `restricted`, `single-numa-node`, etc.).
+
+Details on the various `scopes` and `policies` available today can be found below.
+-->
+`scope` 定义了资源对齐时你所希望使用的粒度（例如，是在 `pod` 还是 `container` 级别）。
+`policy` 定义了对齐时实际使用的策略（例如，`best-effort`、`restricted`、`single-numa-node` 等等）。
+
+可以在下文找到现今可用的各种 `scopes` 和 `policies` 的具体信息。
+
 <!--
 To align CPU resources with other requested resources in a Pod Spec, the CPU Manager should be enabled and proper CPU Manager policy should be configured on a Node. See [control CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/).
 -->
@@ -120,6 +132,117 @@ To align CPU resources with other requested resources in a Pod Spec, the CPU Man
 参看[控制 CPU 管理策略](/zh/docs/tasks/administer-cluster/cpu-management-policies/).
 {{< /note >}}
 
+<!--
+### Topology Manager Scopes
+
+The Topology Manager can deal with the alignment of resources in a couple of distinct scopes:
+
+* `container` (default)
+* `pod`
+
+Either option can be selected at a time of the kubelet startup, with `--topology-manager-scope` flag.
+-->
+### 拓扑管理器作用域
+
+拓扑管理器可以在以下不同的作用域内进行资源对齐：
+
+* `container` （默认）
+* `pod`
+
+在 kubelet 启动时，可以使用 `--topology-manager-scope` 标志来选择其中任一选项。
+
+<!--
+### container scope
+
+The `container` scope is used by default.
+-->
+### 容器作用域
+
+默认使用的是 `container` 作用域。
+
+<!--
+Within this scope, the Topology Manager performs a number of sequential resource alignments, i.e., for each container (in a pod) a separate alignment is computed. In other words, there is no notion of grouping the containers to a specific set of NUMA nodes, for this particular scope. In effect, the Topology Manager performs an arbitrary alignment of individual containers to NUMA nodes.
+-->
+在该作用域内，拓扑管理器依次进行一系列的资源对齐，
+也就是，对每一个容器（包含在一个 Pod 里）计算单独的对齐。
+换句话说，在该特定的作用域内，没有根据特定的 NUMA 节点集来把容器分组的概念。
+实际上，拓扑管理器会把单个容器任意地对齐到 NUMA 节点上。
+
+<!--
+The notion of grouping the containers was endorsed and implemented on purpose in the following scope, for example the `pod` scope.
+-->
+容器分组的概念是在以下的作用域内特别实现的，也就是 `pod` 作用域。
+
+<!--
+### pod scope
+
+To select the `pod` scope, start the kubelet with the command line option `--topology-manager-scope=pod`.
+-->
+### Pod 作用域
+
+使用命令行选项 `--topology-manager-scope=pod` 来启动 kubelet，就可以选择 `pod` 作用域。
+
+<!--
+This scope allows for grouping all containers in a pod to a common set of NUMA nodes. That is, the Topology Manager treats a pod as a whole and attempts to allocate the entire pod (all containers) to either a single NUMA node or a common set of NUMA nodes. The following examples illustrate the alignments produced by the Topology Manager on different occasions:
+-->
+该作用域允许把一个 Pod 里的所有容器作为一个分组，分配到一个共同的 NUMA 节点集。
+也就是，拓扑管理器会把一个 Pod 当成一个整体，
+并且试图把整个 Pod（所有容器）分配到一个单个的 NUMA 节点或者一个共同的 NUMA 节点集。
+以下的例子说明了拓扑管理器在不同的场景下使用的对齐方式：
+
+<!--
+* all containers can be and are allocated to a single NUMA node;
+* all containers can be and are allocated to a shared set of NUMA nodes.
+-->
+* 所有容器可以被分配到一个单一的 NUMA 节点；
+* 所有容器可以被分配到一个共享的 NUMA 节点集。
+
+<!--
+The total amount of particular resource demanded for the entire pod is calculated according to [effective requests/limits](/docs/concepts/workloads/pods/init-containers/#resources) formula, and thus, this total value is equal to the maximum of:
+* the sum of all app container requests,
+* the maximum of init container requests,
+for a resource.
+-->
+整个 Pod 所请求的某种资源总量是根据
+[有效 request/limit](/zh/docs/concepts/workloads/pods/init-containers/#resources)
+公式来计算的，
+因此，对某一种资源而言，该总量等于以下数值中的最大值：
+* 所有应用容器请求之和；
+* 初始容器请求的最大值。
+
+<!--
+Using the `pod` scope in tandem with `single-numa-node` Topology Manager policy is specifically valuable for workloads that are latency sensitive or for high-throughput applications that perform IPC. By combining both options, you are able to place all containers in a pod onto a single NUMA node; hence, the inter-NUMA communication overhead can be eliminated for that pod.
+-->
+`pod` 作用域与 `single-numa-node` 拓扑管理器策略一起使用，
+对于延时敏感的工作负载，或者对于进行 IPC 的高吞吐量应用程序，都是特别有价值的。
+把这两个选项组合起来，你可以把一个 Pod 里的所有容器都放到一个单个的 NUMA 节点，
+使得该 Pod 消除了 NUMA 之间的通信开销。
+
+<!--
+In the case of `single-numa-node` policy, a pod is accepted only if a suitable set of NUMA nodes is present among possible allocations. Reconsider the example above:
+-->
+在 `single-numa-node` 策略下，只有当可能的分配方案中存在合适的 NUMA 节点集时，Pod 才会被接受。
+重新考虑上述的例子：
+
+<!--
+* a set containing only a single NUMA node - it leads to pod being admitted,
+* whereas a set containing more NUMA nodes - it results in pod rejection (because instead of one NUMA node, two or more NUMA nodes are required to satisfy the allocation).
+-->
+* 节点集只包含单个 NUMA 节点时，Pod 就会被接受，
+* 然而，节点集包含多个 NUMA 节点时，Pod 就会被拒绝
+  （因为满足该分配方案需要两个或以上的 NUMA 节点，而不是单个 NUMA 节点）。
+
+<!--
+To recap, Topology Manager first computes a set of NUMA nodes and then tests it against Topology Manager policy, which either leads to the rejection or admission of the pod.
+-->
+简要地说，拓扑管理器首先计算出 NUMA 节点集，然后使用拓扑管理器策略来测试该集合，
+从而决定拒绝或者接受 Pod。
+
+<!--
+### Topology Manager Policies
+-->
+### 拓扑管理器策略
+
 <!--
 Topology Manager supports four allocation policies. You can set a policy via a Kubelet flag, `--topology-manager-policy`.
 There are four supported policies:
@@ -138,6 +261,17 @@ There are four supported policies:
 * `restricted`
 * `single-numa-node`
 
+<!--
+{{< note >}}
+If Topology Manager is configured with the **pod** scope, the container, which is considered by the policy, is reflecting requirements of the entire pod, and thus each container from the pod will result with **the same** topology alignment decision.
+{{< /note >}}
+-->
+{{< note >}}
+如果拓扑管理器配置使用 **Pod** 作用域，
+那么在策略考量一个容器时，该容器反映的是整个 Pod 的要求，
+于是该 Pod 里的每个容器都会得到 **相同的** 拓扑对齐决定。
+{{< /note >}}
+
 <!--
 ### none policy {#policy-none}
 
diff --git a/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md b/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md
index d020badb3e..06047e93dd 100644
--- a/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md
+++ b/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md
@@ -252,7 +252,7 @@ data:
 删除你刚才创建的 Secret：
 
 ```shell
-kubectl delete secret db-user-pass
+kubectl delete secret mysecret
 ```
 
 ## {{% heading "whatsnext" %}}
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md b/content/zh/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
index 9c3e1cf6fd..a55821b51f 100644
--- a/content/zh/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
+++ b/content/zh/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
@@ -512,23 +512,71 @@ Defaults to 3. Minimum value is 1.
   就绪探测情况下的放弃 Pod 会被打上未就绪的标签。默认值是 3。最小值是 1。
 
 <!--
+Before Kubernetes 1.20, the field `timeoutSeconds` was not respected for exec probes:
+probes continued running indefinitely, even past their configured deadline,
+until a result was returned.
+-->
+在 Kubernetes 1.20 版本之前，exec 探针会忽略 `timeoutSeconds`：探针会无限期地
+持续运行，甚至可能超过所配置的限期，直到返回结果为止。
+ 
+<!--
+This defect was corrected in Kubernetes v1.20. You may have been relying on the previous behavior,
+even without realizing it, as the default timeout is 1 second.
+As a cluster administrator, you can disable the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) `ExecProbeTimeout` (set it to `false`)
+on each kubelet to restore the  behavior from older versions, then remove that override
+once all the exec probes in the cluster have a `timeoutSeconds` value set.  
+If you have pods that are impacted from the default 1 second timeout,
+you should update their probe timeout so that you're ready for the
+eventual removal of that feature gate.
+-->
+这一缺陷在 Kubernetes v1.20 版本中得到修复。你可能一直依赖于之前错误的探测行为，
+甚至你都没有觉察到这一问题的存在，因为默认的超时值是 1 秒钟。
+作为集群管理员，你可以在所有的 kubelet 上禁用 `ExecProbeTimeout`
+[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)
+（将其设置为 `false`），从而恢复之前版本中的运行行为，之后当集群中所有的
+exec 探针都设置了 `timeoutSeconds` 参数后，移除此标志重载。
+如果你有 Pods 受到此默认 1 秒钟超时值的影响，你应该更新 Pod 对应的探针的
+超时值，这样才能为最终去除该特性门控做好准备。
+
+<!--
+With the fix of the defect, for exec probes, on Kubernetes `1.20+` with the `dockershim` container runtime,
+the process inside the container may keep running even after probe returned failure because of the timeout.
+-->
+当此缺陷被修复之后，在使用 `dockershim` 容器运行时的 Kubernetes `1.20+`
+版本中，对于 exec 探针而言，容器中的进程可能会因为超时值的设置保持持续运行，
+即使探针返回了失败状态。
+
+{{< caution >}}
+<!--
+Incorrect implementation of readiness probes may result in an ever growing number
+of processes in the container, and resource starvation if this is left unchecked.
+-->
+如果就绪态探针的实现不正确，可能会导致容器中进程的数量不断上升。
+如果不对其采取措施，很可能导致资源枯竭的状况。
+{{< /caution >}}
+
+<!--
+### HTTP probes
+
 [HTTP probes](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#httpgetaction-v1-core)
 have additional fields that can be set on `httpGet`:
 
 * `host`: Host name to connect to, defaults to the pod IP. You probably want to
 set "Host" in httpHeaders instead.
 * `scheme`: Scheme to use for connecting to the host (HTTP or HTTPS). Defaults to HTTP.
-* `path`: Path to access on the HTTP server.
+* `path`: Path to access on the HTTP server. Defaults to /.
 * `httpHeaders`: Custom headers to set in the request. HTTP allows repeated headers.
 * `port`: Name or number of the port to access on the container. Number must be
 in the range 1 to 65535.
 -->
+### HTTP 探测  {#http-probes}
+
 [HTTP Probes](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#httpgetaction-v1-core)
 可以在 `httpGet` 上配置额外的字段：
 
 * `host`：连接使用的主机名，默认是 Pod 的 IP。也可以在 HTTP 头中设置 “Host” 来代替。
 * `scheme` ：用于设置连接主机的方式（HTTP 还是 HTTPS）。默认是 HTTP。
-* `path`：访问 HTTP 服务的路径。
+* `path`：访问 HTTP 服务的路径。默认值为 "/"。
 * `httpHeaders`：请求中自定义的 HTTP 头。HTTP 头字段允许重复。
 * `port`：访问容器的端口号或者端口名。如果数字必须在 1 ～ 65535 之间。
 
@@ -542,10 +590,6 @@ Here's one scenario where you would set it. Suppose the Container listens on 127
 and the Pod's `hostNetwork` field is true. Then `host`, under `httpGet`, should be set
 to 127.0.0.1. If your pod relies on virtual hosts, which is probably the more common
 case, you should not use `host`, but rather set the `Host` header in `httpHeaders`.
-
-For a TCP probe, the kubelet makes the probe connection at the node, not in the pod, which
-means that you can not use a service name in the `host` parameter since the kubelet is unable
-to resolve it.
 -->
 对于 HTTP 探测，kubelet 发送一个 HTTP 请求到指定的路径和端口来执行检测。
 除非 `httpGet` 中的 `host` 字段设置了，否则 kubelet 默认是给 Pod 的 IP 地址发送探测。
@@ -556,6 +600,61 @@ to resolve it.
 可能更常见的情况是如果 Pod 依赖虚拟主机，你不应该设置 `host` 字段，而是应该在
 `httpHeaders` 中设置 `Host`。
 
+<!--
+For an HTTP probe, the kubelet sends two request headers in addition to the mandatory `Host` header:
+`User-Agent`, and `Accept`. The default values for these headers are `kube-probe/{{< skew latestVersion >}}`
+(where `{{< skew latestVersion >}}` is the version of the kubelet ), and `*/*` respectively.
+
+You can override the default headers by defining `.httpHeaders` for the probe; for example
+-->
+针对 HTTP 探针，kubelet 除了必需的 `Host` 头部之外还发送两个请求头部字段：
+`User-Agent` 和 `Accept`。这些头部的默认值分别是 `kube-probe/{{ skew latestVersion >}}`
+（其中 `{{< skew latestVersion >}}` 是 kubelet 的版本号）和 `*/*`。
+
+你可以通过为探测设置 `.httpHeaders` 来重载默认的头部字段值；例如：
+
+```yaml
+livenessProbe:
+  httpGet:
+    httpHeaders:
+      - name: Accept
+        value: application/json
+
+startupProbe:
+  httpGet:
+    httpHeaders:
+      - name: User-Agent
+        value: MyUserAgent
+```
+
+<!--
+You can also remove these two headers by defining them with an empty value.
+-->
+你也可以通过将这些头部字段定义为空值，从请求中去掉这些头部字段。
+
+```yaml
+livenessProbe:
+  httpGet:
+    httpHeaders:
+      - name: Accept
+        value: ""
+
+startupProbe:
+  httpGet:
+    httpHeaders:
+      - name: User-Agent
+        value: ""
+```
+
+<!--
+### TCP probes
+
+For a TCP probe, the kubelet makes the probe connection at the node, not in the pod, which
+means that you can not use a service name in the `host` parameter since the kubelet is unable
+to resolve it.
+-->
+### TCP 探测  {#tcp-probes}
+
 对于一次 TCP 探测，kubelet 在节点上（不是在 Pod 里面）建立探测连接，
 这意味着你不能在 `host` 参数上配置服务名称，因为 kubelet 不能解析服务名称。
 
diff --git a/content/zh/docs/tasks/configure-pod-container/configure-service-account.md b/content/zh/docs/tasks/configure-pod-container/configure-service-account.md
index 22cc4d2a92..4c33eee483 100644
--- a/content/zh/docs/tasks/configure-pod-container/configure-service-account.md
+++ b/content/zh/docs/tasks/configure-pod-container/configure-service-account.md
@@ -125,6 +125,14 @@ You can list this and any other serviceAccount resources in the namespace with t
 
 ```shell
 kubectl get serviceAccounts
+```
+
+<!--
+The output is similar to this:
+-->
+输出类似于：
+
+```
 NAME      SECRETS    AGE
 default   1          1d
 ```
@@ -141,9 +149,15 @@ kind: ServiceAccount
 metadata:
   name: build-robot
 EOF
-serviceaccount/build-robot created
 ```
 
+<!--
+The name of a ServiceAccount object must be a valid
+[DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names).
+-->
+ServiceAccount 对象的名字必须是一个有效的
+[DNS 子域名](/zh/docs/concepts/overview/working-with-objects/names#dns-subdomain-names).
+
 <!--
 If you get a complete dump of the service account object, like this:
 -->
@@ -151,6 +165,14 @@ If you get a complete dump of the service account object, like this:
 
 ```shell
 kubectl get serviceaccounts/build-robot -o yaml
+```
+
+<!--
+The output is similar to this:
+-->
+输出类似于：
+
+```yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -229,6 +251,14 @@ Any tokens for non-existent service accounts will be cleaned up by the token con
 
 ```shell
 kubectl describe secrets/build-robot-secret
+```
+
+<!--
+The output is similar to this:
+-->
+输出类似于：
+
+```
 Name:           build-robot-secret
 Namespace:      default
 Labels:         <none>
@@ -384,23 +414,26 @@ myregistrykey
 -->
 ## 服务帐户令牌卷投射   {#service-account-token-volume-projection}
 
-{{< feature-state for_k8s_version="v1.12" state="beta" >}}
+{{< feature-state for_k8s_version="v1.20" state="stable" >}}
 
 <!--
-This ServiceAccountTokenVolumeProjection is __beta__ in 1.12 and
-enabled by passing all of the following flags to the API server:
+To enable and use token request projection, you must specify each of the following
+command line arguments to `kube-apiserver`:
 
 * `--service-account-issuer`
+* `--service-account-key-file`
 * `--service-account-signing-key-file`
-* `--service-account-api-audiences`
+* `--api-audiences`
+
 -->
 {{< note >}}
-ServiceAccountTokenVolumeProjection 在 1.12 版本中是 __beta__ 阶段，
-可以通过向 API 服务器传递以下所有参数来启用它：
+为了启用令牌请求投射，你必须为 `kube-apiserver` 设置以下命令行参数：
 
 * `--service-account-issuer`
+* `--service-account-key-file`
 * `--service-account-signing-key-file`
-* `--service-account-api-audiences`
+* `--api-audiences`
+
 {{< /note >}}
 
 <!--
@@ -438,7 +471,8 @@ kubectl create -f https://k8s.io/examples/pods/pod-projected-svc-token.yaml
 
 <!--
 The kubelet will request and store the token on behalf of the pod, make the
-token available to the pod at a configurable file path, and refresh the token as it approaches expiration. Kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours.
+token available to the pod at a configurable file path, and refresh the token as it approaches expiration. 
+The kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours.
 
 The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most use cases.
 -->
@@ -455,7 +489,7 @@ The application is responsible for reloading the token when it rotates. Periodic
 -->
 ## 发现服务账号分发者
 
-{{< feature-state for_k8s_version="v1.18" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.20" state="beta" >}}
 
 <!--
 The Service Account Issuer Discovery feature is enabled by enabling the
@@ -572,4 +606,3 @@ See also:
 - [服务账号的集群管理员指南](/zh/docs/reference/access-authn-authz/service-accounts-admin/)
 - [服务账号签署密钥检索 KEP](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/20190730-oidc-discovery.md)
 - [OIDC 发现规范](https://openid.net/specs/openid-connect-discovery-1_0.html)
-
diff --git a/content/zh/docs/tasks/debug-application-cluster/crictl.md b/content/zh/docs/tasks/debug-application-cluster/crictl.md
index 0ccbba1828..f8e126f281 100644
--- a/content/zh/docs/tasks/debug-application-cluster/crictl.md
+++ b/content/zh/docs/tasks/debug-application-cluster/crictl.md
@@ -454,3 +454,124 @@ for more information.
 -->
 更多信息请参考 [kubernetes-sigs/cri-tools](https://github.com/kubernetes-sigs/cri-tools)。
 
+<!--
+## Mapping from docker cli to crictl
+-->
+## Docker CLI 和 crictl 的映射
+
+<!--
+The exact versions for below mapping table are for docker cli v1.40 and crictl v1.19.0. Please note that the list is not exhaustive. For example, it doesn't include experimental commands of docker cli.
+-->
+以下的映射表格只适用于 Docker CLI v1.40 和 crictl v1.19.0 版本。
+请注意该表格并不详尽。例如，其中不包含 Docker CLI 的实验性命令。
+
+<!--
+{{< note >}}
+The output format of CRICTL is similar to Docker CLI, despite some missing columns for some CLI. Make sure to check output for the specific command if your script output parsing.
+{{< /note >}}
+-->
+{{< note >}}
+尽管有些命令的输出缺少了一些数据列，CRICTL 的输出格式与 Docker CLI 是类似的。
+如果你的脚本程序需要解析命令的输出，请确认检查该特定命令的输出。
+{{< /note >}}
+
+<!--
+### Retrieve Debugging Information
+
+{{< table caption="mapping from docker cli to crictl - retrieve debugging information" >}}
+-->
+### 获取调试信息
+
+{{< table caption="Docker CLI 和 crictl 的映射 - 获取调试信息" >}}
+<!--
+docker cli | crictl | Description | Unsupported Features
+-- | -- | -- | --
+`attach` | `attach` | Attach to a running container | `--detach-keys`, `--sig-proxy`
+`exec` | `exec` | Run a command in a running container | `--privileged`, `--user`, `--detach-keys`
+`images` | `images` | List images |  
+`info` | `info` | Display system-wide information |  
+`inspect` | `inspect`, `inspecti` | Return low-level information on a container, image or task |  
+`logs` | `logs` | Fetch the logs of a container | `--details`
+`ps` | `ps` | List containers |  
+`stats` | `stats` | Display a live stream of container(s) resource usage statistics | Column: NET/BLOCK I/O, PIDs
+`version` | `version` | Show the runtime (Docker, ContainerD, or others) version information |  
+{{< /table >}}
+-->
+docker cli | crictl | 描述 | 不支持的功能
+-- | -- | -- | --
+`attach` | `attach` | 连接到一个运行中的容器 | `--detach-keys`, `--sig-proxy`
+`exec` | `exec` | 在运行中的容器里运行一个命令 | `--privileged`, `--user`, `--detach-keys`
+`images` | `images` | 列举镜像 |  
+`info` | `info` | 显示系统级的信息 |  
+`inspect` | `inspect`, `inspecti` | 返回容器、镜像或者任务的详细信息 |  
+`logs` | `logs` | 获取容器的日志 | `--details`
+`ps` | `ps` | 列举容器 |  
+`stats` | `stats` | 实时显示容器的资源使用统计信息 | 列：NET/BLOCK I/O, PIDs
+`version` | `version` | 显示运行时（Docker、ContainerD、或者其他) 的版本信息 |  
+{{< /table >}}
+
+<!--
+### Perform Changes
+
+{{< table caption="mapping from docker cli to crictl - perform changes" >}}
+-->
+### 进行改动
+
+{{< table caption="Docker CLI 和 crictl 的映射 - 进行改动" >}}
+<!--
+docker cli | crictl | Description | Unsupported Features
+-- | -- | -- | --
+`create` | `create` | Create a new container |  
+`kill` | `stop` (timeout = 0) | Kill one or more running container | `--signal`
+`pull` | `pull` | Pull an image or a repository from a registry | `--all-tags`, `--disable-content-trust`
+`rm` | `rm` | Remove one or more containers |  
+`rmi` | `rmi` | Remove one or more images |  
+`run` | `run` | Run a command in a new container |  
+`start` | `start` | Start one or more stopped containers | `--detach-keys`
+`stop` | `stop` | Stop one or more running containers |  
+`update` | `update` | Update configuration of one or more containers | `--restart`, `--blkio-weight` and some other resource limit not supported by CRI.
+{{< /table >}}
+-->
+docker cli | crictl | 描述 | 不支持的功能
+-- | -- | -- | --
+`create` | `create` | 创建一个新的容器 |  
+`kill` | `stop` (timeout=0) | 杀死一个或多个正在运行的容器 | `--signal`
+`pull` | `pull` | 从镜像仓库拉取镜像或者代码仓库 | `--all-tags`, `--disable-content-trust`
+`rm` | `rm` | 移除一个或多个容器 |  
+`rmi` | `rmi` | 移除一个或多个镜像 |  
+`run` | `run` | 在新容器里运行一个命令 |  
+`start` | `start` | 启动一个或多个停止的容器 | `--detach-keys`
+`stop` | `stop` | 停止一个或多个正运行的容器 |  
+`update` | `update` | 更新一个或多个容器的配置 | CRI 不支持 `--restart`、`--blkio-weight` 以及一些其他的资源限制选项。
+{{< /table >}}
+
+<!--
+### Supported only in crictl
+
+{{< table caption="mapping from docker cli to crictl - supported only in crictl" >}}
+-->
+### 仅 crictl 支持
+
+{{< table caption="Docker CLI 和 crictl 的映射 - 仅 crictl 支持" >}}
+<!--
+crictl | Description
+-- | --
+`imagefsinfo` | Return image filesystem info
+`inspectp` | Display the status of one or more pods
+`port-forward` | Forward local port to a pod
+`pods` | List pods
+`runp` | Run a new pod
+`rmp` | Remove one or more pods
+`stopp` | Stop one or more running pods
+{{< /table >}}
+-->
+crictl | 描述
+-- | --
+`imagefsinfo` | 返回镜像的文件系统信息
+`inspectp` | 显示一个或多个 Pod 的状态
+`port-forward` | 转发本地端口到 Pod 
+`pods` | 列举 Pod
+`runp` | 运行一个新的 Pod
+`rmp` | 移除一个或多个 Pod
+`stopp` | 停止一个或多个正运行的 Pod
+{{< /table >}}
diff --git a/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md b/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md
index bd6688374b..ee6f71ea69 100644
--- a/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md
+++ b/content/zh/docs/tasks/job/fine-parallel-processing-work-queue.md
@@ -85,7 +85,7 @@ of deploying Redis scalably and redundantly.
 <!--
 You could also download the following files directly:
 -->
-你可以直接下载如下文件：
+你也可以直接下载如下文件：
 
 - [`redis-pod.yaml`](/examples/application/job/redis/redis-pod.yaml)
 - [`redis-service.yaml`](/examples/application/job/redis/redis-service.yaml)
@@ -121,7 +121,7 @@ Now hit enter, start the redis CLI, and create a list with some work items in it
 -->
 现在按回车键，启动 redis 命令行界面，然后创建一个存在若干个工作项的列表。
 
-```
+```shell
 # redis-cli -h redis
 redis:6379> rpush job2 "apple"
 (integer) 1
@@ -214,7 +214,7 @@ your username and push to the Hub with the below commands. Replace
 ### Push 镜像
 
 对于 [Docker Hub](https://hub.docker.com/)，请先用你的用户名给镜像打上标签，
-然后使用下面的命令 push 你的镜像到仓库。请将 `<username>` 替换为你自己的用户名。
+然后使用下面的命令 push 你的镜像到仓库。请将 `<username>` 替换为你自己的 Hub 用户名。
 
 ```shell
 docker tag job-wq-2 <username>/job-wq-2
@@ -270,7 +270,7 @@ too.
 -->
 在这个例子中，每个 pod 处理了队列中的多个项目，直到队列中没有项目时便退出。
 因为是由工作程序自行检测工作队列是否为空，并且 Job 控制器不知道工作队列的存在，
-所以依赖于工作程序在完成工作时发出信号。
+这依赖于工作程序在完成工作时发出信号。
 工作程序以成功退出的形式发出信号表示工作队列已经为空。
 所以，只要有任意一个工作程序成功退出，控制器就知道工作已经完成了，所有的 Pod 将很快会退出。
 因此，我们将 Job 的完成计数（Completion Count）设置为 1 。
@@ -360,11 +360,10 @@ want to consider one of the other [job patterns](/docs/concepts/jobs/run-to-comp
 
 <!--
 If you have a continuous stream of background processing work to run, then
-consider running your background workers with a `replicationController` instead,
+consider running your background workers with a `ReplicaSet` instead,
 and consider running a background processing library such as
 [https://github.com/resque/resque](https://github.com/resque/resque).
 -->
-如果你有连续的后台处理业务，那么可以考虑使用 `replicationController` 来运行你的后台业务，
+如果你有持续的后台处理业务，那么可以考虑使用 `ReplicaSet` 来运行你的后台业务，
 和运行一个类似 [https://github.com/resque/resque](https://github.com/resque/resque)
 的后台处理库。
-
diff --git a/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md b/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md
index 8986b2a6e6..85703130b6 100644
--- a/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md
+++ b/content/zh/docs/tasks/manage-gpus/scheduling-gpus.md
@@ -22,7 +22,7 @@ Kubernetes includes **experimental** support for managing AMD and NVIDIA GPUs
 This page describes how users can consume GPUs across different Kubernetes versions
 and the current limitations.
 -->
-Kubernetes 支持对节点上的 AMD 和 NVIDA GPU （图形处理单元）进行管理，目前处于**实验**状态。
+Kubernetes 支持对节点上的 AMD 和 NVIDIA GPU （图形处理单元）进行管理，目前处于**实验**状态。
 
 本页介绍用户如何在不同的 Kubernetes 版本中使用 GPU，以及当前存在的一些限制。
 
diff --git a/content/zh/docs/tasks/run-application/run-replicated-stateful-application.md b/content/zh/docs/tasks/run-application/run-replicated-stateful-application.md
index d41f51a32c..05503836ab 100644
--- a/content/zh/docs/tasks/run-application/run-replicated-stateful-application.md
+++ b/content/zh/docs/tasks/run-application/run-replicated-stateful-application.md
@@ -21,11 +21,14 @@ weight: 30
 <!--
 This page shows how to run a replicated stateful application using a
 [StatefulSet](/docs/concepts/workloads/controllers/statefulset/) controller.
-The example is a MySQL single-master topology with multiple slaves running
-asynchronous replication.
+This application is a replicated MySQL database. The example topology has a
+single primary server and multiple replicas, using asynchronous row-based
+replication.
 -->
 本页展示如何使用 [StatefulSet](/zh/docs/concepts/workloads/controllers/statefulset/)
-控制器运行一个有状态的应用程序。此例是一主多从、异步复制的 MySQL 集群。
+控制器运行一个有状态的应用程序。此例是多副本的 MySQL 数据库。
+示例应用的拓扑结构有一个主服务器和多个副本，使用异步的基于行（Row-Based）
+的数据复制。
 
 <!--
 **this is not a production configuration**.
@@ -101,12 +104,12 @@ kubectl apply -f https://k8s.io/examples/application/mysql/mysql-configmap.yaml
 
 <!--
 This ConfigMap provides `my.cnf` overrides that let you independently control
-configuration on the MySQL master and slaves.
-In this case, you want the master to be able to serve replication logs to slaves
-and you want slaves to reject any writes that don't come via replication. 
+configuration on the primary MySQL server and replicas.
+In this case, you want the primary server to be able to serve replication logs to replicas
+and you want repicas to reject any writes that don't come via replication. 
 -->
 这个 ConfigMap 提供 `my.cnf` 覆盖设置，使你可以独立控制 MySQL 主服务器和从服务器的配置。
-在这里，你希望主服务器能够将复制日志提供给从服务器，并且希望从服务器拒绝任何不是通过
+在这里，你希望主服务器能够将复制日志提供给副本服务器，并且希望副本服务器拒绝任何不是通过
 复制进行的写操作。
 
 <!--
@@ -147,17 +150,17 @@ cluster and namespace.
 <!--
 The Client Service, called `mysql-read`, is a normal Service with its own
 cluster IP that distributes connections across all MySQL Pods that report
-being Ready. The set of potential endpoints includes the MySQL master and all
-slaves. 
+being Ready. The set of potential endpoints includes the primary MySQL server and all
+replicas. 
 -->
 客户端服务称为 `mysql-read`，是一种常规服务，具有其自己的集群 IP。
 该集群 IP 在报告就绪的所有MySQL Pod 之间分配连接。
-可能的端点集合包括 MySQL 主节点和所有从节点。
+可能的端点集合包括 MySQL 主节点和所有副本节点。
 
 <!--
 Note that only read queries can use the load-balanced Client Service.
-Because there is only one MySQL master, clients should connect directly to the
-MySQL master Pod (through its DNS entry within the Headless Service) to execute
+Because there is only one primary MySQL server, clients should connect directly to the
+primary MySQL Pod (through its DNS entry within the Headless Service) to execute
 writes. 
 -->
 请注意，只有读查询才能使用负载平衡的客户端服务。
@@ -274,38 +277,37 @@ properties.
 而这些 ID 也是需要唯一性、稳定性保证的。
 
 <!--
-The script in the `init-mysql` container also applies either `master.cnf` or
-`slave.cnf` from the ConfigMap by copying the contents into `conf.d`.
-Because the example topology consists of a single MySQL master and any number of
-slaves, the script simply assigns ordinal `0` to be the master, and everyone
-else to be slaves. 
+The script in the `init-mysql` container also applies either `primary.cnf` or
+`replica.cnf` from the ConfigMap by copying the contents into `conf.d`.
+Because the example topology consists of a single primary MySQL server and any number of
+replicas, the script simply assigns ordinal `0` to be the primary server, and everyone
+else to be replicas. 
 
 Combined with the StatefulSet controller's
 [deployment order guarantee](/docs/concepts/workloads/controllers/statefulset/#deployment-and-scaling-guarantees/),
-this ensures the MySQL master is Ready before creating slaves, so they can begin
+this ensures the primary MySQL server is Ready before creating replicas, so they can begin
 replicating.
-
 -->
 通过将内容复制到 conf.d 中，`init-mysql` 容器中的脚本也可以应用 ConfigMap 中的
-`master.cnf` 或 `slave.cnf`。
-由于示例部署结构由单个 MySQL 主节点和任意数量的从节点组成，因此脚本仅将序数
-`0` 指定为主节点，而将其他所有节点指定为从节点。
+`primary.cnf` 或 `replica.cnf`。
+由于示例部署结构由单个 MySQL 主节点和任意数量的副本节点组成，因此脚本仅将序数
+`0` 指定为主节点，而将其他所有节点指定为副本节点。
 
 与 StatefulSet 控制器的
 [部署顺序保证](/zh/docs/concepts/workloads/controllers/statefulset/#deployment-and-scaling-guarantees/)
 相结合，
-可以确保 MySQL 主服务器在创建从服务器之前已准备就绪，以便它们可以开始复制。
+可以确保 MySQL 主服务器在创建副本服务器之前已准备就绪，以便它们可以开始复制。
 
 <!--
 ### Cloning existing data 
 
-In general, when a new Pod joins the set as a slave, it must assume the MySQL
-master might already have data on it. It also must assume that the replication
+In general, when a new Pod joins the set as a replica, it must assume the primary MySQL
+server might already have data on it. It also must assume that the replication
 logs might not go all the way back to the beginning of time. 
 -->
 ### 克隆现有数据
 
-通常，当新 Pod 作为从节点加入集合时，必须假定 MySQL 主节点可能已经有数据。
+通常，当新 Pod 作为副本节点加入集合时，必须假定 MySQL 主节点可能已经有数据。
 还必须假设复制日志可能不会一直追溯到时间的开始。
 
 <!--
@@ -316,11 +318,11 @@ to scale up and down over time, rather than being fixed at its initial size.
 
 <!--
 The second Init Container, named `clone-mysql`, performs a clone operation on
-a slave Pod the first time it starts up on an empty PersistentVolume.
+a replica Pod the first time it starts up on an empty PersistentVolume.
 That means it copies all existing data from another running Pod,
-so its local state is consistent enough to begin replicating from the master. 
+so its local state is consistent enough to begin replicating from the primary server.
 -->
-第二个名为 `clone-mysql` 的 Init 容器，第一次在带有空 PersistentVolume 的从属 Pod
+第二个名为 `clone-mysql` 的 Init 容器，第一次在带有空 PersistentVolume 的副本 Pod
 上启动时，会在从属 Pod 上执行克隆操作。
 这意味着它将从另一个运行中的 Pod 复制所有现有数据，使此其本地状态足够一致，
 从而可以开始从主服务器复制。
@@ -329,14 +331,14 @@ so its local state is consistent enough to begin replicating from the master.
 MySQL itself does not provide a mechanism to do this, so the example uses a
 popular open-source tool called Percona XtraBackup.
 During the clone, the source MySQL server might suffer reduced performance.
-To minimize impact on the MySQL master, the script instructs each Pod to clone
+To minimize impact on the primary MySQL server, the script instructs each Pod to clone
 from the Pod whose ordinal index is one lower.
 This works because the StatefulSet controller always ensures Pod `N` is
 Ready before starting Pod `N+1`. 
 -->
 MySQL 本身不提供执行此操作的机制，因此本示例使用了一种流行的开源工具 Percona XtraBackup。
 在克隆期间，源 MySQL 服务器性能可能会受到影响。
-为了最大程度地减少对 MySQL 主节点的影响，该脚本指示每个 Pod 从序号较低的 Pod 中克隆。
+为了最大程度地减少对 MySQL 主服务器的影响，该脚本指示每个 Pod 从序号较低的 Pod 中克隆。
 可以这样做的原因是 StatefulSet 控制器始终确保在启动 Pod N + 1 之前 Pod N 已准备就绪。
 
 <!--
@@ -356,25 +358,26 @@ MySQL Pod 由运行实际 `mysqld` 服务的 `mysql` 容器和充当
 
 <!--
 The `xtrabackup` sidecar looks at the cloned data files and determines if
-it's necessary to initialize MySQL replication on the slave.
+it's necessary to initialize MySQL replication on the replica.
 If so, it waits for `mysqld` to be ready and then executes the
 `CHANGE MASTER TO` and `START SLAVE` commands with replication parameters
 extracted from the XtraBackup clone files. 
 -->
-`xtrabackup` sidecar 容器查看克隆的数据文件，并确定是否有必要在从服务器上初始化 MySQL 复制。
+`xtrabackup` sidecar 容器查看克隆的数据文件，并确定是否有必要在副本服务器上初始化 MySQL 复制。
 如果是这样，它将等待 `mysqld` 准备就绪，然后使用从 XtraBackup 克隆文件中提取的复制参数
 执行  `CHANGE MASTER TO` 和 `START SLAVE` 命令。
 
 <!--
-Once a slave begins replication, it remembers its MySQL master and
+Once a replica begins replication, it remembers its primary MySQL server and
 reconnects automatically if the server restarts or the connection dies.
-Also, because slaves look for the master at its stable DNS name
-(`mysql-0.mysql`), they automatically find the master even if it gets a new
+Also, because replicas look for the primary server at its stable DNS name
+(`mysql-0.mysql`), they automatically find the primary server even if it gets a new
 Pod IP due to being rescheduled. 
 -->
-一旦从服务器开始复制后，它会记住其 MySQL 主服务器，并且如果服务器重新启动或连接中断也会自动重新连接。
-另外，因为从服务器会以其稳定的 DNS 名称查找主服务器（`mysql-0.mysql`），
-即使由于重新调度而获得新的 Pod IP，他们也会自动找到主服务器。
+一旦副本服务器开始复制后，它会记住其 MySQL 主服务器，并且如果服务器重新启动或
+连接中断也会自动重新连接。
+另外，因为副本服务器会以其稳定的 DNS 名称查找主服务器（`mysql-0.mysql`），
+即使由于重新调度而获得新的 Pod IP，它们也会自动找到主服务器。
 
 <!--
 Lastly, after starting replication, the `xtrabackup` container listens for
@@ -389,7 +392,7 @@ case the next Pod loses its PersistentVolumeClaim and needs to redo the clone.
 <!--
 ## Sending client traffic 
 
-You can send test queries to the MySQL master (hostname `mysql-0.mysql`)
+You can send test queries to the primary MySQL server (hostname `mysql-0.mysql`)
 by running a temporary container with the `mysql:5.7` image and running the
 `mysql` client binary. 
 -->
@@ -478,13 +481,13 @@ it running in another window so you can see the effects of the following steps.
 <!--
 ## Simulating Pod and Node downtime 
 
-To demonstrate the increased availability of reading from the pool of slaves
+To demonstrate the increased availability of reading from the pool of replicas
 instead of a single server, keep the `SELECT @@server_id` loop from above
 running while you force a Pod out of the Ready state. 
 -->
 ## 模拟 Pod 和 Node 的宕机时间
 
-为了证明从从节点缓存而不是单个服务器读取数据的可用性提高，请在使 Pod 退出 Ready
+为了证明从副本节点缓存而不是单个服务器读取数据的可用性提高，请在使 Pod 退出 Ready
 状态时，保持上述 `SELECT @@server_id` 循环一直运行。
 
 <!--
@@ -679,14 +682,14 @@ kubectl uncordon <节点名称>
 ```
 
 <!--
-## Scaling the number of slaves 
+## Scaling the number of replicas
 
-With MySQL replication, you can scale your read query capacity by adding slaves.
+With MySQL replication, you can scale your read query capacity by adding replicas.
 With StatefulSet, you can do this with a single command: 
 -->
-## 扩展从节点数量
+## 扩展副本节点数量
 
-使用 MySQL 复制，你可以通过添加从节点来扩展读取查询的能力。
+使用 MySQL 复制，你可以通过添加副本节点来扩展读取查询的能力。
 使用 StatefulSet，你可以使用单个命令执行此操作：
 
 ```shell
diff --git a/content/zh/docs/tasks/tools/install-kubectl.md b/content/zh/docs/tasks/tools/install-kubectl.md
index 2e87c83417..e67a7dcb21 100644
--- a/content/zh/docs/tasks/tools/install-kubectl.md
+++ b/content/zh/docs/tasks/tools/install-kubectl.md
@@ -29,7 +29,7 @@ and view logs. For a complete list of kubectl operations, see
  -->
 使用 Kubernetes 命令行工具 [kubectl](/zh/docs/reference/kubectl/kubectl/)，
 你可以在 Kubernetes 上运行命令。
-使用 kubectl，你可以部署应用、检查和管理集群资源、查看日志。
+使用 kubectl，你可以部署应用、检视和管理集群资源、查看日志。
 要了解 kubectl 操作的完整列表，请参阅
 [kubectl 概览](/zh/docs/reference/kubectl/overview/)。
 
@@ -60,44 +60,97 @@ Using the latest version of kubectl helps avoid unforeseen issues.
 -->
 1. 使用下面命令下载最新的发行版本：
 
-   ```
-   curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
+   ```bash
+   curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
    ```
 
    <!--
-   To download a specific version, replace the `$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)` portion of the command with the specific version.
+   To download a specific version, replace the `$(curl -L -s https://dl.k8s.io/release/stable.txt)` portion of the command with the specific version.
 
    For example, to download version {{< param "fullversion" >}} on Linux, type:
    -->
-   要下载特定版本， `$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)`
+   要下载特定版本，将命令中的 `$(curl -L -s https://dl.k8s.io/release/stable.txt)`
    部分替换为指定版本。
 
    例如，要下载 Linux 上的版本 {{< param "fullversion" >}}，输入：
     
    ```
-   curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/linux/amd64/kubectl
+   curl -LO https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/linux/amd64/kubectl
    ```
 
 <!--
-2. Make the kubectl binary executable.
+1. Validate the binary (optional)
 -->
-2. 标记 kubectl 文件为可执行：
+2. 验证可执行文件（可选步骤）：
 
+   <!--
+   Download the kubectl checksum file:
+   -->
+   下载 kubectl 校验和文件：
+
+   ```bash
+   curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
    ```
-   chmod +x ./kubectl
+
+   <!--
+   Validate the kubectl binary against the checksum file:
+   -->
+   使用校验和文件检查 kubectl 可执行二进制文件：
+
+   ```bash
+   echo "$(<kubectl.sha256) kubectl" | sha256sum --check
    ```
 
+   <!--
+   If valid, the output is:
+   -->
+   如果合法，则输出为：
+
+   ```bash
+   kubectl: OK
+   ```
+
+   <!--
+   If the check fails, `sha256` exits with nonzero status and prints output similar to:
+   -->
+   如果检查失败，则 `sha256` 退出且状态值非 0 并打印类似如下输出：
+
+   ```bash
+   kubectl: FAILED
+   sha256sum: WARNING: 1 computed checksum did NOT match
+   ```
+
+   {{< note >}}
+   <!--
+   Download the same version of the binary and checksum.
+   -->
+   所下载的二进制可执行文件和校验和文件须是同一版本。
+   {{< /note >}}
+
+
 <!--
-3. Move the binary in to your PATH.
+1. Install kubectl
 -->
-3. 将文件放到 PATH 路径下：
+3. 安装 kubectl
 
+   ```bash
+   sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
    ```
-   sudo mv ./kubectl /usr/local/bin/kubectl
+
+   <!--
+   If you do not have root access on the target system, you can still install kubectl to the `~/.local/bin` directory:
+   -->
+   如果你并不拥有目标系统的 root 访问权限，你仍可以将 kubectl 安装到
+   `~/.local/bin` 目录下：
+
+   ```bash
+   mkdir -p ~/.local/bin/kubectl
+   mv ./kubectl ~/.local/bin/kubectl
+   # 之后将 ~/.local/bin/kubectl 添加到环境变量 $PATH 中
    ```
 
 <!--
-4. Test to ensure the version you installed is up-to-date:
+1. Test to ensure the version you installed is up-to-date:
 -->
 4. 测试你所安装的版本是最新的：
 
@@ -118,6 +171,7 @@ echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/
 sudo apt-get update
 sudo apt-get install -y kubectl
 {{< /tab >}}
+
 {{< tab name="CentOS、RHEL 或 Fedora" codelang="bash" >}}
 cat <<EOF > /etc/yum.repos.d/kubernetes.repo
 [kubernetes]
@@ -186,42 +240,95 @@ kubectl version --client
 1. 下载最新发行版本：
 
    ```bash
-   curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl"
+   curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"
    ```
 
    <!--
-   To download a specific version, replace the `$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)` portion of the command with the specific version.
+   To download a specific version, replace the `$(curl -L -s https://dl.k8s.io/release/stable.txt)` portion of the command with the specific version.
 
    For example, to download version {{< param "fullversion" >}} on macOS, type:
    -->
-   要下载特定版本，可将上面命令中的`$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)`
+   要下载特定版本，可将上面命令中的 `$(curl -L -s https://dl.k8s.io/release/stable.txt)`
    部分替换成你想要的版本。
 
    例如，要在 macOS 上安装版本 {{< param "fullversion" >}}，输入：
 
    ```bash
-   curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/darwin/amd64/kubectl
+   curl -LO https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/darwin/amd64/kubectl
    ```
 
-   <!-- Make the kubectl binary executable. -->
-   将二进制文件标记为可执行：
+<!--
+1. Validate the binary (optional)
+-->
+2. 检查二进制可执行文件（可选操作）
+
+   <!--
+   Download the kubectl checksum file:
+   -->
+   下载 kubectl 校验和文件：
+
+   ```bash
+   curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl.sha256"
+   ```
+
+   <!--
+   Validate the kubectl binary against the checksum file:
+   -->
+   使用校验和文件检查 kubectl 二进制可执行文件：
+
+   ```bash
+   echo "$(<kubectl.sha256)  kubectl" | shasum -a 256 --check
+   ```
+
+   <!--
+   If valid, the output is:
+   -->
+   如果合法，则输出为：
+
+   ```bash
+   kubectl: OK
+   ```
+
+   <!--
+   If the check fails, `shasum` exits with nonzero status and prints output similar to:
+   -->
+   如果检查失败，则 `shasum` 退出且状态值为非 0，并打印类似如下的输出：
+
+   ```bash
+   kubectl: FAILED
+   shasum: WARNING: 1 computed checksum did NOT match
+   ```
+
+   {{< note >}}
+   <!--
+   Download the same version of the binary and checksum.
+   -->
+   下载的二进制可执行文件和校验和文件须为同一版本。
+   {{< /note >}}
+
+<!--
+1. Make the kubectl binary executable.
+-->
+3. 设置 kubectl 二进制文件为可执行模式
 
    ```bash
    chmod +x ./kubectl
    ```
+
 <!--
-3. Move the binary in to your PATH.
+1. Move the kubectl binary to a file location on your system `PATH`.
 -->
-3. 将二进制文件放入 PATH 目录下：
+4. 将 kubectl 二进制文件移动到系统 `PATH` 环境变量中的某个位置：
 
    ```bash
-   sudo mv ./kubectl /usr/local/bin/kubectl
+   sudo mv ./kubectl /usr/local/bin/kubectl && \
+   sudo chown root: /usr/local/bin/kubectl
    ```
 
 <!--
 4. Test to ensure the version you installed is up-to-date:
 -->
-4. 测试以确保所安装的版本是最新的：
+5. 测试以确保所安装的版本是最新的：
 
    ```bash
    kubectl version --client
@@ -256,7 +363,7 @@ If you are on macOS and using [Homebrew](https://brew.sh/) package manager, you
    ```
 
 <!--
-2. Test to ensure the version you installed is sufficiently up-to-date:
+1. Test to ensure the version you installed is sufficiently up-to-date:
 -->
 2. 测试以确保你安装的版本是最新的：
 
@@ -271,7 +378,8 @@ If you are on macOS and using [Macports](https://macports.org/) package manager,
 -->
 ### 在 macOS 上用 Macports 安装 kubectl
 
-如果你使用的是 macOS 系统并使用 [Macports](https://macports.org/) 包管理器，你可以通过 Macports 安装 kubectl。
+如果你使用的是 macOS 系统并使用 [Macports](https://macports.org/) 包管理器，
+你可以通过 Macports 安装 kubectl。
 
 <!--
 1. Run the installation command:
@@ -293,7 +401,7 @@ If you are on macOS and using [Macports](https://macports.org/) package manager,
    ```
 
 <!--
-## Install kubectl on Windows
+## Install kubectl on Windows   {#install-kubectl-on-windows}
 
 ### Install kubectl binary with curl on Windows
 -->
@@ -302,36 +410,74 @@ If you are on macOS and using [Macports](https://macports.org/) package manager,
 ### 在 Windows 上使用 curl 安装 kubectl 二进制文件
 
 <!--
-1. Download the latest release {{< param "fullversion" >}} from [this link](https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe).
+1. Download the [latest release {{< param "fullversion" >}}](https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe).
 
    Or if you have `curl` installed, use this command:
 -->
-1. 从[此链接](https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe)
-   下载最新发行版本 {{< param "fullversion" >}}。
+1. 下载[最新发行版本 {{< param "fullversion" >}}](https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe)。
 
    或者如何你安装了 `curl`，使用下面的命令：
 
    ```bash
-   curl -LO https://storage.googleapis.com/kubernetes-release/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe
+   curl -LO https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe
    ```
 
    <!--
-   To find out the latest stable version (for example, for scripting), take a look at [https://storage.googleapis.com/kubernetes-release/release/stable.txt](https://storage.googleapis.com/kubernetes-release/release/stable.txt).
+   To find out the latest stable version (for example, for scripting), take a look at [https://dl.k8s.io/release/stable.txt](https://dl.k8s.io/release/stable.txt).
    -->
-   要了解最新的稳定版本（例如，出于脚本编写目的），可查看
-   [https://storage.googleapis.com/kubernetes-release/release/stable.txt](https://storage.googleapis.com/kubernetes-release/release/stable.txt)。
+   要了解哪个是最新的稳定版本（例如，出于脚本编写目的），可查看
+   [https://dl.k8s.io/release/stable.txt](https://dl.k8s.io/release/stable.txt)。
 
 <!--
-2. Add the binary in to your PATH.
+1. Validate the binary (optional)
 -->
-2. 将可执行文件放到 PATH 目录下。
+2. 验证二进制可执行文件（可选操作）
+
+   <!--
+   Download the kubectl checksum file:
+   -->
+   下载 kubectl 校验和文件：
+
+   ```powershell
+   curl -LO https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe.sha256
+   ```
+
+   <!--
+   Validate the kubectl binary against the checksum file:
+   -->
+   使用校验和文件验证 kubectl 可执行二进制文件：
+
+   <!--
+   - Using Command Prompt to manually compare `CertUtil`'s output to the checksum file downloaded:
+   -->
+   - 使用命令行提示符（Commmand Prompt）来手动比较 `CertUtil` 的输出与
+     所下载的校验和文件：
+
+     ```cmd
+     CertUtil -hashfile kubectl.exe SHA256
+     type kubectl.exe.sha256
+     ```
+
+   <!--
+   - Using PowerShell to automate the verification using the `-eq` operator to get a `True` or `False` result:
+   -->
+   - 使用 PowerShell 的 `-eq` 操作符来自动完成校验操作，获得 `True` 或 `False` 结果：
+
+     ```powershell
+     $($(CertUtil -hashfile .\kubectl.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl.exe.sha256)
+     ```
 
 <!--
-3. Test to ensure the version of `kubectl` is the same as downloaded:
+1. Add the binary in to your PATH.
 -->
-3. 测试以确定所下载的 `kubectl` 版本是正确的的：
+3. 将可执行文件放到 PATH 目录下。
 
-   ```bash
+<!--
+1. Test to ensure the version of `kubectl` is the same as downloaded:
+-->
+4. 测试以确定所下载的 `kubectl` 版本是正确的的：
+
+   ```cmd
    kubectl version --client
    ```
 
@@ -341,20 +487,20 @@ If you have installed Docker Desktop before, you may need to place your PATH ent
 -->
 {{< note >}}
 [Docker Desktop for Windows](https://docs.docker.com/docker-for-windows/#kubernetes)
-会在 PATH 中添加自己的 `kubectl` 程序。
+会将自己的 `kubectl` 程序添加到 PATH 中。
 如果你之前安装过 Docker Desktop，你可能需要将新安装的 PATH 项放到 Docker Desktop
 安装程序所添加的目录之前，或者干脆删除 Docker Desktop 所安装的 `kubectl`。
 {{< /note >}}
 
 <!--
-## Install with Powershell from PSGallery
+## Install with PowerShell from PSGallery
 
-If you are on Windows and using [Powershell Gallery](https://www.powershellgallery.com/) package manager, you can install and update kubectl with Powershell.
+If you are on Windows and using [PowerShell Gallery](https://www.powershellgallery.com/) package manager, you can install and update kubectl with PowerShell.
 -->
 ## 使用 PowerShell 从 PSGallery 安装 kubectl
 
 如果你使用的是 Windows 系统并使用 [Powershell Gallery](https://www.powershellgallery.com/)
-软件包管理器，你可以使用 Powershell 安装和更新 kubectl。
+软件包管理器，你可以使用 PowerShell 安装和更新 kubectl。
 
 <!--
 1. Run the installation commands (making sure to specify a `DownloadLocation`):
@@ -363,14 +509,14 @@ If you are on Windows and using [Powershell Gallery](https://www.powershellgalle
 
    ```powershell
    Install-Script -Name 'install-kubectl' -Scope CurrentUser -Force
-   install-kubectl.ps1 [-DownloadLocation <path>]
+   install-kubectl.ps1 [-DownloadLocation <路径名>]
    ```
 
    <!--
-   If you do not specify a `DownloadLocation`, `kubectl` will be installed in the user's temp Directory.
+   If you do not specify a `DownloadLocation`, `kubectl` will be installed in the user's `temp` Directory.
    -->
    {{< note >}}
-   如果你没有指定 `DownloadLocation`，那么 `kubectl` 将安装在用户的临时目录中。
+   如果你没有指定 `DownloadLocation`，那么 `kubectl` 将安装在用户的 `temp` 目录中。
    {{< /note >}}
 
    <!--
@@ -402,8 +548,6 @@ Updating the installation is performed by rerunning the two commands listed in s
 <!--
 1. To install kubectl on Windows you can use either [Chocolatey](https://chocolatey.org) package manager or [Scoop](https://scoop.sh) command-line installer.
 -->
-
-
 1. 要在 Windows 上用 [Chocolatey](https://chocolatey.org) 或者
    [Scoop](https://scoop.sh) 命令行安装程序安装 kubectl：
 
@@ -421,7 +565,7 @@ Updating the installation is performed by rerunning the two commands listed in s
    {{< /tabs >}}
 
 <!--
-2. Test to ensure the version you installed is up-to-date:
+1. Test to ensure the version you installed is up-to-date:
 -->
 2. 测试以确保你安装的版本是最新的：
 
@@ -430,7 +574,7 @@ Updating the installation is performed by rerunning the two commands listed in s
    ```
 
 <!--
-3. Navigate to your home directory:
+1. Navigate to your home directory:
 -->
 3. 切换到你的 HOME 目录：
 
@@ -440,7 +584,7 @@ Updating the installation is performed by rerunning the two commands listed in s
    ```
 
 <!--
-4. Create the `.kube` directory:
+1. Create the `.kube` directory:
 -->
 4. 创建 `.kube` 目录：
 
@@ -449,7 +593,7 @@ Updating the installation is performed by rerunning the two commands listed in s
    ```
 
 <!--
-5. Change to the `.kube` directory you just created:
+1. Change to the `.kube` directory you just created:
 -->
 5. 进入到刚刚创建的 `.kube` 目录：
 
@@ -458,7 +602,7 @@ Updating the installation is performed by rerunning the two commands listed in s
    ```
 
 <!--
-6. Configure kubectl to use a remote Kubernetes cluster:
+1. Configure kubectl to use a remote Kubernetes cluster:
 -->
 6. 配置 kubectl 以使用远程 Kubernetes 集群：
 
@@ -539,11 +683,13 @@ If you see a URL response, kubectl is correctly configured to access your cluste
 
 If you see a message similar to the following, kubectl is not configured correctly or is not able to connect to a Kubernetes cluster.
 -->
-如果你看到一个 URL 被返回，那么 kubectl 已经被正确配置，能够正常访问你的 Kubernetes 集群。
+如果你看到一个 URL 被返回，那么 kubectl 已经被正确配置，
+能够正常访问你的 Kubernetes 集群。
 
-如果你看到类似以下的信息被返回，那么 kubectl 没有被正确配置，无法正常访问你的 Kubernetes 集群。
+如果你看到类似以下的信息被返回，那么 kubectl 没有被正确配置，
+无法正常访问你的 Kubernetes 集群。
 
-```shell
+```
 The connection to the server <server-name:port> was refused - did you specify the right host or port?
 ```
 
@@ -552,9 +698,11 @@ For example, if you are intending to run a Kubernetes cluster on your laptop (lo
 
 If kubectl cluster-info returns the url response but you can't access your cluster, to check whether it is configured properly, use:
 -->
-例如，如果你打算在笔记本电脑（本地）上运行 Kubernetes 集群，则需要首先安装 minikube 等工具，然后重新运行上述命令。
+例如，如果你打算在笔记本电脑（本地）上运行 Kubernetes 集群，则需要首先安装
+minikube 等工具，然后重新运行上述命令。
 
-如果 kubectl cluster-info 能够返回 URL 响应，但你无法访问你的集群，可以使用下面的命令检查配置是否正确：
+如果 kubectl cluster-info 能够返回 URL 响应，但你无法访问你的集群，可以使用
+下面的命令检查配置是否正确：
 
 ```shell
 kubectl cluster-info dump
diff --git a/content/zh/examples/pods/init-containers.yaml b/content/zh/examples/pods/init-containers.yaml
index 35c393d7c7..667b03eccd 100644
--- a/content/zh/examples/pods/init-containers.yaml
+++ b/content/zh/examples/pods/init-containers.yaml
@@ -19,7 +19,7 @@ spec:
     - wget
     - "-O"
     - "/work-dir/index.html"
-    - http://kubernetes.io
+    - http://info.cern.ch
     volumeMounts:
     - name: workdir
       mountPath: "/work-dir"
diff --git a/content/zh/examples/service/access/hello.yaml b/content/zh/examples/service/access/backend-deployment.yaml
similarity index 91%
rename from content/zh/examples/service/access/hello.yaml
rename to content/zh/examples/service/access/backend-deployment.yaml
index 85dff18ee1..5c95e38a3b 100644
--- a/content/zh/examples/service/access/hello.yaml
+++ b/content/zh/examples/service/access/backend-deployment.yaml
@@ -1,14 +1,15 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: hello
+  name: backend
 spec:
   selector:
     matchLabels:
       app: hello
       tier: backend
       track: stable
-  replicas: 7
+  replicas: 3
   template:
     metadata:
       labels:
@@ -22,3 +23,4 @@ spec:
           ports:
             - name: http
               containerPort: 80
+...
\ No newline at end of file
diff --git a/content/zh/examples/service/access/hello-service.yaml b/content/zh/examples/service/access/backend-service.yaml
similarity index 95%
rename from content/zh/examples/service/access/hello-service.yaml
rename to content/zh/examples/service/access/backend-service.yaml
index 71344ecb8b..9262d29bb8 100644
--- a/content/zh/examples/service/access/hello-service.yaml
+++ b/content/zh/examples/service/access/backend-service.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -10,3 +11,4 @@ spec:
   - protocol: TCP
     port: 80
     targetPort: http
+...
\ No newline at end of file
diff --git a/content/zh/examples/service/access/frontend-deployment.yaml b/content/zh/examples/service/access/frontend-deployment.yaml
new file mode 100644
index 0000000000..182b0e708e
--- /dev/null
+++ b/content/zh/examples/service/access/frontend-deployment.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+spec:
+  selector:
+    matchLabels:
+      app: hello
+      tier: frontend
+      track: stable
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: hello
+        tier: frontend
+        track: stable
+    spec:
+      containers:
+        - name: nginx
+          image: "gcr.io/google-samples/hello-frontend:1.0"
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/usr/sbin/nginx","-s","quit"]
+...
\ No newline at end of file
diff --git a/content/zh/examples/service/access/frontend-nginx.conf b/content/zh/examples/service/access/frontend-nginx.conf
new file mode 100644
index 0000000000..39a911a09a
--- /dev/null
+++ b/content/zh/examples/service/access/frontend-nginx.conf
@@ -0,0 +1,14 @@
+# The identifier Backend is internal to nginx, and used to name this specific upstream
+upstream Backend {
+    # hello is the internal DNS name used by the backend Service inside Kubernetes
+    server hello;
+}
+
+server {
+    listen 80;
+
+    location / {
+        # The following statement will proxy traffic to the upstream named Backend
+        proxy_pass http://Backend;
+    }
+}
diff --git a/content/zh/examples/service/access/frontend-service.yaml b/content/zh/examples/service/access/frontend-service.yaml
new file mode 100644
index 0000000000..898a5ed51b
--- /dev/null
+++ b/content/zh/examples/service/access/frontend-service.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+spec:
+  selector:
+    app: hello
+    tier: frontend
+  ports:
+  - protocol: "TCP"
+    port: 80
+    targetPort: 80
+  type: LoadBalancer
+...
\ No newline at end of file
diff --git a/content/zh/examples/service/access/frontend.conf b/content/zh/examples/service/access/frontend.conf
deleted file mode 100644
index 9a1f5a0ed6..0000000000
--- a/content/zh/examples/service/access/frontend.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-upstream hello {
-    server hello;
-}
-
-server {
-    listen 80;
-
-    location / {
-        proxy_pass http://hello;
-    }
-}
diff --git a/content/zh/examples/service/access/frontend.yaml b/content/zh/examples/service/access/frontend.yaml
deleted file mode 100644
index 9f5b6b757f..0000000000
--- a/content/zh/examples/service/access/frontend.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: frontend
-spec:
-  selector:
-    app: hello
-    tier: frontend
-  ports:
-  - protocol: "TCP"
-    port: 80
-    targetPort: 80
-  type: LoadBalancer
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: frontend
-spec:
-  selector:
-    matchLabels:
-      app: hello
-      tier: frontend
-      track: stable
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: hello
-        tier: frontend
-        track: stable
-    spec:
-      containers:
-      - name: nginx
-        image: "gcr.io/google-samples/hello-frontend:1.0"
-        lifecycle:
-          preStop:
-            exec:
-              command: ["/usr/sbin/nginx","-s","quit"]
diff --git a/go.mod b/go.mod
index 30c6741140..b45ff242a4 100644
--- a/go.mod
+++ b/go.mod
@@ -1,34 +1,38 @@
 module k8s.io/website
 
-go 1.14
+go 1.15
 
 require (
-	k8s.io/apimachinery v0.18.4
-	k8s.io/kubernetes v1.18.4
+	k8s.io/apimachinery v0.20.0
+	k8s.io/kubernetes v1.20.0
 )
 
 replace (
-	k8s.io/api => k8s.io/api v0.18.4
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.18.4
-	k8s.io/apimachinery => k8s.io/apimachinery v0.18.4
-	k8s.io/apiserver => k8s.io/apiserver v0.18.4
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.18.4
-	k8s.io/client-go => k8s.io/client-go v0.18.4
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.18.4
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.18.4
-	k8s.io/code-generator => k8s.io/code-generator v0.18.4
-	k8s.io/component-base => k8s.io/component-base v0.18.4
-	k8s.io/cri-api => k8s.io/cri-api v0.18.4
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.18.4
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.18.4
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.18.4
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.18.4
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.18.4
-	k8s.io/kubectl => k8s.io/kubectl v0.18.4
-	k8s.io/kubelet => k8s.io/kubelet v0.18.4
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.18.4
-	k8s.io/metrics => k8s.io/metrics v0.18.4
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.18.4
-	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.18.4
-	k8s.io/sample-controller => k8s.io/sample-controller v0.18.4
+	k8s.io/api => k8s.io/api v0.20.0
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.20.0
+	k8s.io/apimachinery => k8s.io/apimachinery v0.20.0
+	k8s.io/apiserver => k8s.io/apiserver v0.20.0
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.20.0
+	k8s.io/client-go => k8s.io/client-go v0.20.0
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.20.0
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.20.0
+	k8s.io/code-generator => k8s.io/code-generator v0.20.0
+	k8s.io/component-base => k8s.io/component-base v0.20.0
+	k8s.io/component-helpers => k8s.io/component-helpers v0.20.0
+	k8s.io/controller-manager => k8s.io/controller-manager v0.20.0
+	k8s.io/cri-api => k8s.io/cri-api v0.20.0
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.20.0
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.20.0
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.20.0
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.20.0
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.20.0
+	k8s.io/kubectl => k8s.io/kubectl v0.20.0
+	k8s.io/kubelet => k8s.io/kubelet v0.20.0
+	k8s.io/kubernetes => k8s.io/kubernetes v1.20.0
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.20.0
+	k8s.io/metrics => k8s.io/metrics v0.20.0
+	k8s.io/mount-utils => k8s.io/mount-utils v0.20.0
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.20.0
+	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.20.0
+	k8s.io/sample-controller => k8s.io/sample-controller v0.20.0
 )
diff --git a/go.sum b/go.sum
index d0f82ad655..723fccaf6a 100644
--- a/go.sum
+++ b/go.sum
@@ -2,25 +2,66 @@ bitbucket.org/bertimus9/systemstat v0.0.0-20180207000608-0eeff89b0690/go.mod h1:
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v43.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
+github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
+github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
+github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
+github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
+github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
+github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
+github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
+github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
+github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
 github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8=
 github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
+github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
+github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14=
+github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ=
 github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA=
 github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
+github.com/Microsoft/go-winio v0.4.15/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/hcsshim v0.0.0-20190417211021-672e52e9209d/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
+github.com/Microsoft/hcsshim v0.8.10-0.20200715222032-5eafd1556990/go.mod h1:ay/0dTb7NsG8QMDfsRfLHgZo/6xAJShLe1+ePPflihk=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@@ -33,15 +74,21 @@ github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrU
 github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
 github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7/go.mod h1:LWMyo4iOLWXHGdBki7NIht1kHru/0wM179h+d3g8ATM=
+github.com/aws/aws-sdk-go v1.6.10/go.mod h1:ZRmQr0FajVIyZ4ZzBYKG5P3ZqPz9IHG41ZoMu1ADI3k=
 github.com/aws/aws-sdk-go v1.28.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
 github.com/bazelbuild/bazel-gazelle v0.18.2/go.mod h1:D0ehMSbS+vesFsLGiD6JXu3mVEzOlfUl8wNnq+x/9p0=
 github.com/bazelbuild/bazel-gazelle v0.19.1-0.20191105222053-70208cbdc798/go.mod h1:rPwzNHUqEzngx1iVBfO/2X2npKaT3tqPqqHW6rVsn/A=
 github.com/bazelbuild/buildtools v0.0.0-20190731111112-f720930ceb60/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU=
@@ -50,32 +97,70 @@ github.com/bazelbuild/rules_go v0.0.0-20190719190356-6dae44dc5cab/go.mod h1:MC23
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bifurcation/mint v0.0.0-20180715133206-93c51c6ce115/go.mod h1:zVt7zX3K/aDCk9Tj+VM7YymsX66ERvzCJzw8rFCX2JU=
+github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
+github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver v3.5.0+incompatible h1:CGxCgetQ64DKk7rdZ++Vfnb1+ogGNnB17OJKJXD2Cfs=
 github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
+github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/caddyserver/caddy v1.0.3/go.mod h1:G+ouvOY32gENkJC+jhgl62TyhvqEsFaDiZ4uw0RzP1E=
 github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/prettybench v0.0.0-20150116022406-03b8cfe5406c/go.mod h1:Xe6ZsFhtM8HrDku0pxJ3/Lr51rwykrzgFwpmTzleatY=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
 github.com/checkpoint-restore/go-criu v0.0.0-20181120144056-17b0214f6c48/go.mod h1:TrMrLQfeENAPYPRsJuq3jsqdlRh3lvi6trTZJG8+tho=
+github.com/checkpoint-restore/go-criu/v4 v4.0.2/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
+github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
 github.com/cheekybits/genny v0.0.0-20170328200008-9127e812e1e9/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cilium/ebpf v0.0.0-20191025125908-95b36a581eed/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
+github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
+github.com/cilium/ebpf v0.0.0-20200507155900-a9f01edf17e3/go.mod h1:XT+cAw5wfvsodedcijoh1l9cf7v1x9FlFB/3VmF/O8s=
+github.com/cilium/ebpf v0.0.0-20200601085316-9f1617e5c574/go.mod h1:XT+cAw5wfvsodedcijoh1l9cf7v1x9FlFB/3VmF/O8s=
+github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313/go.mod h1:P1wt9Z3DP8O6W3rvwCt0REIlshg1InHImaLW0t3ObY0=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa h1:OaNxuTZr7kxeODyLWsRMC+OD03aFUH+mW6r2d+MWa5Y=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0=
 github.com/container-storage-interface/spec v1.2.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4=
+github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
 github.com/containerd/console v0.0.0-20170925154832-84eeaae905fa/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
+github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
+github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
 github.com/containerd/containerd v1.0.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/containerd v1.3.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
+github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
+github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
+github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
+github.com/containerd/ttrpc v1.0.0/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
+github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
+github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
 github.com/containerd/typeurl v0.0.0-20190228175220-2a93cfde8c20/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
+github.com/containerd/typeurl v1.0.0/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
+github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
 github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
+github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/coredns/corefile-migration v1.0.6/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E=
+github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -85,10 +170,16 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7
 github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
+github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea h1:n2Ltr3SrfQlf/9nOna1DoGKxLx3qTSI8Ttl6Xrqp6mw=
 github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -97,14 +188,20 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
+github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v1.4.2-0.20200309214505-aa6a9891b09c/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v17.12.0-ce-rc1.0.20200916142827-bd33bbf0497b+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
@@ -115,13 +212,17 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
+github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
@@ -130,10 +231,18 @@ github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0
 github.com/go-acme/lego v2.5.0+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG94USbYxYrZfTkIn0M=
 github.com/go-bindata/go-bindata v3.1.1+incompatible/go.mod h1:xK8Dsgwmeed+BBsSy2XTopBn/8uK2HWuGSnA11C3Joo=
 github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-ini/ini v1.9.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
+github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8=
 github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
 github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
@@ -195,6 +304,7 @@ github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslW
 github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus v0.0.0-20181101234600-2ff6f7ffd60f/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
+github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
@@ -204,15 +314,34 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekf
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903 h1:LbsanbbD6LieFkXbj9YNNBupiGHJgFeLpO0j0Fza1h8=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
 github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
 github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0=
@@ -237,9 +366,17 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/cadvisor v0.35.0/go.mod h1:1nql6U13uTHaLYB8rLS5x9IJc2qT6Xd/Tr1sTX6NE48=
+github.com/google/cadvisor v0.37.0/go.mod h1:OhDE+goNVel0eGY8mR7Ifq1QUI1in5vJBIgIpcajK/I=
+github.com/google/cadvisor v0.38.5/go.mod h1:1OFB9sOOMkBdUBGCO/1SArawTnDscgMzTodacVDe8mA=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -247,56 +384,95 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
+github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I=
+github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
 github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4 h1:z53tR0945TRRQO/fLEVPI6SMv7ZflF0TEaTAoU7tOzg=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5 h1:UImYN5qQ8tuGpGE16ZmjvcTtTw24zw1QAp/SlnNrZhI=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
+github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.0.0-20180201235237-0fb14efe8c47/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
+github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
+github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/heketi/heketi v9.0.1-0.20190917153846-c2e2a4ab7ab9+incompatible/go.mod h1:bB9ly3RchcQqsQ9CpyaQwvva7RS5ytVoSoholZQON6o=
 github.com/heketi/tests v0.0.0-20151005000721-f3775cbcefd6/go.mod h1:xGMAM8JLi7UkZt1i4FQeQy0R2T8GLUwQhOP5M1gBhy4=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a/go.mod h1:wK6yTYYcgjHE1Z1QtXACPDjcFJyBskHEdagmnq3vsP8=
+github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jonboulle/clockwork v0.1.0 h1:VKV+ZcuP6l3yW9doeqz6ziZGgcynBVQO+obU0+0hcPo=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
 github.com/karrick/godirwalk v1.7.5/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34=
+github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM=
@@ -307,9 +483,12 @@ github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM52
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
@@ -344,18 +523,30 @@ github.com/mattn/go-shellwords v1.0.5/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq
 github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
+github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mesos/mesos-go v0.0.9/go.mod h1:kPYCMQ9gsOXVAle1OsoY4I1+9kPu8GHkf88aV59fDr4=
 github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
+github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.4/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY=
 github.com/mistifyio/go-zfs v2.1.1+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
+github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
+github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
+github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/moby/ipvs v1.0.1/go.mod h1:2pngiyseZbIKXNv7hsKj3O9UEz30c53MT9005gt2hxQ=
+github.com/moby/sys/mountinfo v0.1.3/go.mod h1:w2t2Avltqx8vE7gX5l+QiBKxODu2TX0+Syr3h52Tw4o=
+github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -366,6 +557,7 @@ github.com/mohae/deepcopy v0.0.0-20170603005431-491d3605edfb/go.mod h1:TaXosZuwd
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
 github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
+github.com/mrunalp/fileutils v0.0.0-20200520151820-abd8a0e76976/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mvdan/xurls v1.1.0/go.mod h1:tQlNn3BED8bE/15hnSL2HLkDeLWpNPAwtw7wkEq44oU=
@@ -375,6 +567,7 @@ github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h
 github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E=
 github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
 github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -385,12 +578,26 @@ github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc10/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/opencontainers/runc v1.0.0-rc90.0.20200616040943-82d2fa4eb069/go.mod h1:3Sm6Dt7OT8z88EbdQqqcRN2oCT54jbi72tT/HqgflT8=
+github.com/opencontainers/runc v1.0.0-rc91.0.20200707015106-819fcc687efb/go.mod h1:ZuXhqlr4EiRYgDrBDNfSbE4+n9JX4+V107NwAmF7sZA=
+github.com/opencontainers/runc v1.0.0-rc92/go.mod h1:X1zlU4p7wOlX4+WRCz+hvlRv8phdL7UqbYD+vQwNMmE=
 github.com/opencontainers/runtime-spec v1.0.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
+github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
+github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
+github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
@@ -398,25 +605,43 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/pquerna/ffjson v0.0.0-20180717144149-af8b230fcd20/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0 h1:vrDKnkGzuGvhNAL56c7DBz29ZL+KxnoR0x7enabFceM=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA=
+github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1 h1:K0MGApIoQvMw27RTdJkPbr3JZ7DNbtxQNyi5STVM6Kw=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.10.0 h1:RyRA7RzGXQZiW+tGMr7sxa85G1z0yOpM1qq5c8lNawc=
+github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2 h1:6LJUbpNm42llc4HRCuvApCSWB/WfhuNo9K98Q9sNGfs=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.1.3 h1:F0+tqvhOksq22sc6iCHF5WGlWjdwj92p0udFh1VFBS8=
+github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4=
+github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
 github.com/quobyte/api v0.1.2/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI=
+github.com/quobyte/api v0.1.8/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/robfig/cron v1.1.0 h1:jk4/Hud3TTdcrJgUOBgsqrZBarcxl6ADIjSC2iniwLY=
 github.com/robfig/cron v1.1.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k=
@@ -424,27 +649,34 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto=
+github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto=
 github.com/russross/blackfriday v0.0.0-20170610170232-067529f716f4/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
 github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4 h1:0HKaf1o97UwFjHH9o5XsHUOF+tqmdA7KEzXLpiyaw0E=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
@@ -454,6 +686,8 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU
 github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
+github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
+github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
 github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -464,7 +698,10 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/storageos/go-api v0.0.0-20180912212459-343b3eff91fc/go.mod h1:ZrLn+e0ZuF3Y65PNF6dIwbJPZqfmtCXxFm9ckv0agOY=
+github.com/storageos/go-api v2.2.0+incompatible/go.mod h1:ZrLn+e0ZuF3Y65PNF6dIwbJPZqfmtCXxFm9ckv0agOY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
@@ -472,6 +709,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
 github.com/thecodeteam/goscaleio v0.1.0/go.mod h1:68sdkZAsK8bvEwBlbQnlLS+xU+hvLYM/iQ8KXej1AwM=
@@ -479,10 +718,14 @@ github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhV
 github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8 h1:ndzgwNDnKIqyCvHTXaCqh9KlOWKvBry6nuXMJmonVsE=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
 github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s=
@@ -490,22 +733,39 @@ github.com/valyala/quicktemplate v1.1.1/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOV
 github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=
 github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
 github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
+github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20171111001504-be1fbeda1936/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+github.com/vishvananda/netns v0.0.0-20200520041808-52d707b772fe/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
+github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0fZcnECiDrKJsfxka0=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
+go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5 h1:Gqga3zA9tdAcfqobUGjSoCob5L3f8Dt5EuOp3ihNZko=
+go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5/go.mod h1:skWido08r9w6Lq/w70DO5XYIKMu4QFu1+4VsqLQuJy8=
+go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo=
+go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM=
@@ -514,6 +774,7 @@ go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1
 golang.org/x/build v0.0.0-20190927031335-2835ba2e683f/go.mod h1:fYw7AShPAhGMdXqA9gRadk/CcMsvLlClpE5oBwnS3dM=
 golang.org/x/crypto v0.0.0-20180426230345-b49d69b5da94/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -523,24 +784,52 @@ golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190424203555-c05e17bb3b2d/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 h1:hb9wdF1z5waM+dSIICn1l0DkLVDT3hqhhQsDNUmHPRE=
+golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -548,8 +837,10 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -558,19 +849,38 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190328230028-74de082e2cca/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190502183928-7f726cade0ab/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6 h1:pE8b58s1HRDMi8RDc79m0HISf9D4TzseP40cEA6IGfs=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -580,9 +890,11 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -595,23 +907,65 @@ golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7 h1:HmbHVPwrPEKPGLAcHSrMe6+hqSUlvZU0rab6x5EXfGU=
 golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8=
+golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201110211018-35f3e6cf4a65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201112073958-5cba982894dd h1:5CtCZbICpIOFdgO940moixOPjc0178IU44m4EjOO5IY=
+golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s=
+golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -636,12 +990,39 @@ golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190521203540-521d6ed310dd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190909030654-5b82db07426d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
 gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
 gonum.org/v1/gonum v0.6.2/go.mod h1:9mxDZsDKxgMAuccQkewq682L+0eCu4dCN2yonUJTCLU=
@@ -650,27 +1031,77 @@ gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmK
 gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.6.1-0.20190607001116-5213b8090861/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.1-0.20200106000736-b8fc810ca6b5/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.1/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8=
+google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0 h1:rRYRFMVgRv6E0D70Skyfsr28tDXIuuPZyWGMPdMcnXg=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
@@ -678,6 +1109,7 @@ gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
@@ -688,57 +1120,141 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.1.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/gotestsum v0.3.5/go.mod h1:Mnf3e5FUzXbkCfynWBGOwLssY7gTQgCHObK9tMpAriY=
+gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.2/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.18.4 h1:8x49nBRxuXGUlDlwlWd3RMY1SayZrzFfxea3UZSkFw4=
 k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4=
+k8s.io/api v0.19.0 h1:XyrFIJqTYZJ2DU7FBE/bSPz7b1HvbVBuBf07oeo6eTc=
+k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw=
+k8s.io/api v0.20.0 h1:WwrYoZNM1W1aQEbyl8HNG+oWGzLpZQBlcerS9BQw9yI=
+k8s.io/api v0.20.0/go.mod h1:HyLC5l5eoS/ygQYl1BXBgFzWNlkHiAuyNAbevIn+FKg=
 k8s.io/apiextensions-apiserver v0.18.4/go.mod h1:NYeyeYq4SIpFlPxSAB6jHPIdvu3hL0pc36wuRChybio=
+k8s.io/apiextensions-apiserver v0.19.0/go.mod h1:znfQxNpjqz/ZehvbfMg5N6fvBJW5Lqu5HVLTJQdP4Fs=
+k8s.io/apiextensions-apiserver v0.20.0/go.mod h1:ZH+C33L2Bh1LY1+HphoRmN1IQVLTShVcTojivK3N9xg=
 k8s.io/apimachinery v0.18.4 h1:ST2beySjhqwJoIFk6p7Hp5v5O0hYY6Gngq/gUYXTPIA=
 k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
+k8s.io/apimachinery v0.19.0 h1:gjKnAda/HZp5k4xQYjL0K/Yb66IvNqjthCb03QlKpaQ=
+k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA=
+k8s.io/apimachinery v0.20.0 h1:jjzbTJRXk0unNS71L7h3lxGDH/2HPxMPaQY+MjECKL8=
+k8s.io/apimachinery v0.20.0/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apiserver v0.18.4 h1:pn1jSQkfboPSirZopkVpEdLW4FcQLnYMaIY8LFxxj30=
 k8s.io/apiserver v0.18.4/go.mod h1:q+zoFct5ABNnYkGIaGQ3bcbUNdmPyOCoEBcg51LChY8=
+k8s.io/apiserver v0.19.0 h1:jLhrL06wGAADbLUUQm8glSLnAGP6c7y5R3p19grkBoY=
+k8s.io/apiserver v0.19.0/go.mod h1:XvzqavYj73931x7FLtyagh8WibHpePJ1QwWrSJs2CLk=
+k8s.io/apiserver v0.20.0 h1:0MwO4xCoqZwhoLbFyyBSJdu55CScp4V4sAgX6z4oPBY=
+k8s.io/apiserver v0.20.0/go.mod h1:6gRIWiOkvGvQt12WTYmsiYoUyYW0FXSiMdNl4m+sxY8=
 k8s.io/cli-runtime v0.18.4/go.mod h1:9/hS/Cuf7NVzWR5F/5tyS6xsnclxoPLVtwhnkJG1Y4g=
+k8s.io/cli-runtime v0.19.0/go.mod h1:tun9l0eUklT8IHIM0jors17KmUjcrAxn0myoBYwuNuo=
+k8s.io/cli-runtime v0.20.0/go.mod h1:C5tewU1SC1t09D7pmkk83FT4lMAw+bvMDuRxA7f0t2s=
 k8s.io/client-go v0.18.4 h1:un55V1Q/B3JO3A76eS0kUSywgGK/WR3BQ8fHQjNa6Zc=
 k8s.io/client-go v0.18.4/go.mod h1:f5sXwL4yAZRkAtzOxRWUhA/N8XzGCb+nPZI8PfobZ9g=
+k8s.io/client-go v0.19.0 h1:1+0E0zfWFIWeyRhQYWzimJOyAk2UT7TiARaLNwJCf7k=
+k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU=
+k8s.io/client-go v0.20.0 h1:Xlax8PKbZsjX4gFvNtt4F5MoJ1V5prDvCuoq9B7iax0=
+k8s.io/client-go v0.20.0/go.mod h1:4KWh/g+Ocd8KkCwKF8vUNnmqgv+EVnQDK4MBF4oB5tY=
 k8s.io/cloud-provider v0.18.4/go.mod h1:JdI6cuSFPSPANEciv0v5qfwztkeyFCVc1S3krLYrw0E=
+k8s.io/cloud-provider v0.19.0 h1:Ae09nHr6BVPEzmAWbZedYC0gjsIPbt7YsIY0V/NHGr0=
+k8s.io/cloud-provider v0.19.0/go.mod h1:TYh7b7kQ6wiqF7Ftb+u3lN4IwvgOPbBrcvC3TDAW4cw=
+k8s.io/cloud-provider v0.20.0 h1:CVPQ66iyfNgeGomUq2jE/TWrfzE77bdCpemhFS8955U=
+k8s.io/cloud-provider v0.20.0/go.mod h1:Lz/luSVD5BrHDDhtVdjFh0C2qQCRYdf0b9BHQ9L+bXc=
 k8s.io/cluster-bootstrap v0.18.4/go.mod h1:hNG705ec9SMN2BGlJ81R2CnyJjNKfROtAxvI9JXZdiM=
+k8s.io/cluster-bootstrap v0.19.0/go.mod h1:kBn1DKyqoM245wzz+AAnGkuysJ+9GqVbPYveTo4KiaA=
+k8s.io/cluster-bootstrap v0.20.0/go.mod h1:6WZaNIBvcvL7MkPzSRKrZDIr4u+ePW2oIWoRsEFMjmE=
 k8s.io/code-generator v0.18.4/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c=
+k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk=
+k8s.io/code-generator v0.20.0/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
 k8s.io/component-base v0.18.4 h1:Kr53Fp1iCGNsl9Uv4VcRvLy7YyIqi9oaJOQ7SXtKI98=
 k8s.io/component-base v0.18.4/go.mod h1:7jr/Ef5PGmKwQhyAz/pjByxJbC58mhKAhiaDu0vXfPk=
+k8s.io/component-base v0.19.0 h1:OueXf1q3RW7NlLlUCj2Dimwt7E1ys6ZqRnq53l2YuoE=
+k8s.io/component-base v0.19.0/go.mod h1:dKsY8BxkA+9dZIAh2aWJLL/UdASFDNtGYTCItL4LM7Y=
+k8s.io/component-base v0.20.0 h1:BXGL8iitIQD+0NgW49UsM7MraNUUGDU3FBmrfUAtmVQ=
+k8s.io/component-base v0.20.0/go.mod h1:wKPj+RHnAr8LW2EIBIK7AxOHPde4gme2lzXwVSoRXeA=
+k8s.io/component-helpers v0.20.0/go.mod h1:nx6NOtfSfGOxnSZsDJxpGbnsVuUA1UXpwDvZIrtigNk=
+k8s.io/controller-manager v0.20.0/go.mod h1:nD4qym/pmCz2v1tpqvlEBVlHW9CAZwedloM8GrJTLpg=
 k8s.io/cri-api v0.18.4/go.mod h1:OJtpjDvfsKoLGhvcc0qfygved0S0dGX56IJzPbqTG1s=
+k8s.io/cri-api v0.19.0/go.mod h1:UN/iU9Ua0iYdDREBXNE9vqCJ7MIh/FW3VIL0d8pw7Fw=
+k8s.io/cri-api v0.20.0/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
 k8s.io/csi-translation-lib v0.18.4/go.mod h1:FTci2m8/3oN8E+8OyblBXei8w4mwbiH4boNPeob4piE=
+k8s.io/csi-translation-lib v0.19.0/go.mod h1:zGS1YqV8U2So/t4Hz8SoRXMx5y5/KSKnA6BXXxGuo4A=
+k8s.io/csi-translation-lib v0.20.0/go.mod h1:M4CdD66GxEI6ev8aTtsA2NkK9kIF9K5VZQMcw/SsoLs=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/heapster v1.2.0-beta.1/go.mod h1:h1uhptVXMwC8xtZBYsPXKVi8fpdlYkTs6k949KozGrM=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
+k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
+k8s.io/klog/v2 v2.2.0 h1:XRvcwJozkgZ1UQJmfMGpvRthQHOvihEhYtDfAaxMz/A=
+k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
+k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ=
+k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/kube-aggregator v0.18.4/go.mod h1:xOVy4wqhpivXCt07Diwdms2gonG+SONVx+1e7O+GfC0=
+k8s.io/kube-aggregator v0.19.0/go.mod h1:1Ln45PQggFAG8xOqWPIYMxUq8WNtpPnYsbUJ39DpF/A=
+k8s.io/kube-aggregator v0.20.0/go.mod h1:3Is/gzzWmhhG/rA3CpA1+eVye87lreBQDFGcAGT7gzo=
 k8s.io/kube-controller-manager v0.18.4/go.mod h1:GrY1S0F7zA0LQlt0ApOLt4iMpphKTk3mFrQl1+usrfs=
+k8s.io/kube-controller-manager v0.19.0/go.mod h1:uGZyiHK73NxNEN5EZv/Esm3fbCOzeq4ndttMexVZ1L0=
+k8s.io/kube-controller-manager v0.20.0/go.mod h1:Pmli7dnwIVpwKJVeab97yBt35QEFdw65oqT5ti0ikUs=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
+k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
+k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kube-proxy v0.18.4/go.mod h1:h2c+ckQC1XpybDs53mWhLCvvM6txduWVLPQwwvGqR9M=
+k8s.io/kube-proxy v0.19.0/go.mod h1:7NoJCFgsWb7iiMB1F6bW1St5rEXC+ir2aWiJehASmTU=
+k8s.io/kube-proxy v0.20.0/go.mod h1:R97oobM6zSh3ZqFMXi5DzCH/qJXNzua/UzcDmuQRexM=
 k8s.io/kube-scheduler v0.18.4/go.mod h1:vRFb/8Yi7hh670beaPrXttMpjt7H8EooDkgwFm8ts4k=
+k8s.io/kube-scheduler v0.19.0/go.mod h1:1XGjJUgstM0/0x8to+bSGSyCs3Dp3dbCEr3Io/mvd4s=
+k8s.io/kube-scheduler v0.20.0/go.mod h1:cRTGsJU3TfQvbMJBmpoPgq9rBF5cQLpLKoOafKwdZnI=
 k8s.io/kubectl v0.18.4/go.mod h1:EzB+nfeUWk6fm6giXQ8P4Fayw3dsN+M7Wjy23mTRtB0=
+k8s.io/kubectl v0.19.0/go.mod h1:gPCjjsmE6unJzgaUNXIFGZGafiUp5jh0If3F/x7/rRg=
+k8s.io/kubectl v0.20.0/go.mod h1:8x5GzQkgikz7M2eFGGuu6yOfrenwnw5g4RXOUgbjR1M=
 k8s.io/kubelet v0.18.4/go.mod h1:D0V9JYaTJRF+ry+9JfnM4uyg3ySRLQ02XjfQ5f2u4CM=
+k8s.io/kubelet v0.19.0/go.mod h1:cGds22piF/LnFzfAaIT+efvOYBHVYdunqka6NVuNw9g=
+k8s.io/kubelet v0.20.0/go.mod h1:lMdjO1NA+JZXSYtxb48pQmNERmC+vVIXIYkJIugVhl0=
 k8s.io/kubernetes v1.18.4 h1:AYtJ24PIT91P1K8ekCrvay8LK8WctWhC5+NI0HZ8sqE=
 k8s.io/kubernetes v1.18.4/go.mod h1:Efg82S+Ti02A/Mww53bxroc7IgzX2bgPsf6hT8gAs3M=
+k8s.io/kubernetes v1.19.0 h1:ir53YuXsfsuVABmtYHCTUa3xjD41Htxv3o+xoQjJdUo=
+k8s.io/kubernetes v1.19.0/go.mod h1:yhT1/ltQajQsha3tnYc9QPFYSumGM45nlZdjf7WqE1A=
+k8s.io/kubernetes v1.20.0 h1:mnc69esJC3PJgSptxNJomGz2gBthyGLSEy18WiyRH4U=
+k8s.io/kubernetes v1.20.0/go.mod h1:/xrHGNfoQphtkhZvyd5bA1lRmz+QkDVmBZu+O8QMoek=
+k8s.io/kubernetes v1.20.2 h1:EsQROw+yFsDMfjEHp52cKs4JVI6lAHA2SHGAF88cK7s=
 k8s.io/legacy-cloud-providers v0.18.4/go.mod h1:Mnxtra7DxVrODfGZHPsrkLi22lwmZOlWkjyyO3vW+WM=
+k8s.io/legacy-cloud-providers v0.19.0/go.mod h1:Q5czDCPnStdpFohMpcbnqL+MLR75kUhIDIsnmwEm0/o=
+k8s.io/legacy-cloud-providers v0.20.0/go.mod h1:1jEkaU7h9+b1EYdfWDBvhFAr+QpRfUjQfK+dGhxPGfA=
 k8s.io/metrics v0.18.4/go.mod h1:luze4fyI9JG4eLDZy0kFdYEebqNfi0QrG4xNEbPkHOs=
+k8s.io/metrics v0.19.0/go.mod h1:WykpW8B60OeAJx1imdwUgyOID2kDljr/Q+1zrPJ98Wo=
+k8s.io/metrics v0.20.0/go.mod h1:9yiRhfr8K8sjdj2EthQQE9WvpYDvsXIV3CjN4Ruq4Jw=
+k8s.io/mount-utils v0.20.0/go.mod h1:Jv9NRZ5L2LF87A17GaGlArD+r3JAJdZFvo4XD1cG4Kc=
 k8s.io/repo-infra v0.0.1-alpha.1/go.mod h1:wO1t9WaB99V80ljbeENTnayuEEwNZt7gECYh/CEyOJ8=
 k8s.io/sample-apiserver v0.18.4/go.mod h1:j5XH5FUmMd/ztoz+9ch0+hL+lsvWdgxnTV7l3P3Ijoo=
+k8s.io/sample-apiserver v0.19.0/go.mod h1:Bq9UulNoKnT72JqlkWF2JS14cXxJqcmvLtb5+EcwiNA=
+k8s.io/sample-apiserver v0.20.0/go.mod h1:tScvbz/BcUG46IOsu2YLt4EjBP7XeUuMzMbQt2tQYWw=
 k8s.io/system-validators v1.0.4/go.mod h1:HgSgTg4NAGNoYYjKsUyk52gdNi2PVDswQ9Iyn66R7NI=
+k8s.io/system-validators v1.1.2/go.mod h1:bPldcLgkIUK22ALflnsXk8pvkTEndYdNuaHH6gRrl0Q=
+k8s.io/system-validators v1.2.0/go.mod h1:bPldcLgkIUK22ALflnsXk8pvkTEndYdNuaHH6gRrl0Q=
 k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU=
 k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
+k8s.io/utils v0.0.0-20200414100711-2df71ebbae66/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20200729134348-d5654de09c73 h1:uJmqzgNWG7XyClnU/mLPBWwfKKF1K8Hf8whTseBgJcg=
+k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw=
+k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
@@ -747,13 +1263,24 @@ modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
 mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
 mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7 h1:uuHDyjllyzRyCIvvn0OBjiRB0SgBZGqHNYAmjR7fO50=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9 h1:rusRLrDhjBp6aYtl9sGEvQJr6faoHoDLd0YcUBTZguI=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9/go.mod h1:dzAXnQbTRyDlZPJX2SUPEqvnB+j7AJjtlox7PEwigU0=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14 h1:TihvEz9MPj2u0KWds6E2OBUXfwaL4qRJ33c7HGiJpqk=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.1 h1:YXTMot5Qz/X1iBRJhAt+vI+HVttY0WkSqqhKxQ0xVbA=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.2 h1:YHQV7Dajm86OuqnIR6zAelnDWBRjo+YhYV9PmGrh1s8=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/layouts/_default/search.html b/layouts/_default/search.html
index 32c93338cf..286e476de1 100644
--- a/layouts/_default/search.html
+++ b/layouts/_default/search.html
@@ -3,9 +3,10 @@
   <head>
     {{ partial "head.html" . }}
   </head>
-  <body class="td-{{ .Kind }}{{- if ne .Params.cid "" -}}{{- printf " cid-%s" (lower .Params.cid) -}}{{- end -}}">
+  <body class="td-search {{- if ne .Params.cid "" -}}{{- printf " cid-%s" (lower .Params.cid) -}}{{- end -}}">
     <header>
       {{ partial "navbar.html" . }}
+      <div class="header-filler"></div>
     </header>
     {{ block "announcement" . }}
       {{ if .IsHome }}
@@ -16,38 +17,36 @@
     {{ end }}
     <div class="td-outer">
       <main role="main" class="td-main">
-		<section class="row td-search-result">
-	      <div class="col-12 col-md-4 offset-md-2">
-		    <form class="td-sidebar__search d-flex align-items-center">
-		    {{ partial "search-input.html" . }}
-		    <button class="btn btn-link td-sidebar__toggle d-md-none p-0 ml-3 fas fa-bars" type="button" data-toggle="collapse" data-target="#td-section-nav" aria-controls="td-docs-nav" aria-expanded="false" aria-label="Toggle section navigation">
-		    </button>
-			</form>
-		  </div>
-		  <div class="col-12 col-md-8 offset-md-2">
-	        <h2 class="ml-4">{{ .Title }}</h2>
-			{{ if .Site.Params.gcs_engine_id }}
-			<script>
-		    (function() {
-		    var cx = '{{ . }}';
-		    var gcse = document.createElement('script');
-		    gcse.type = 'text/javascript';
-		    gcse.async = true;
-		    gcse.src = 'https://cse.google.com/cse.js?cx=' + cx;
-		    var s = document.getElementsByTagName('script')[0];
-		    s.parentNode.insertBefore(gcse, s);
-		    })();
-	        </script>
-	        <gcse:searchresults-only></gcse:searchresults-only>
-	        {{ else if .Site.Params.k8s_search }}
-		    <script src="{{ "js/search.js" | relURL }}"></script>
-		    <gcse:searchresults-only linktarget="_parent">
-		    <div id="bing-results-container">{{ T "layouts_docs_search_fetching" }}</div>
-		    <div id="bing-pagination-container"></div>
-		    </gcse:searchresults-only>
-	        {{ end }}
-		  </div>
-		</section>
+        <section class="row td-search-result">
+          <div class="col-12 col-md-4 offset-md-2">
+            <form class="td-sidebar__search d-flex align-items-center">
+              {{ partial "search-input.html" . }}
+            </form>
+          </div>
+          <div class="col-12 col-md-8 offset-md-2">
+              <h2 class="ml-4">{{ .Title }}</h2>
+          {{ if .Site.Params.gcs_engine_id }}
+          <script>
+            (function() {
+            var cx = '{{ . }}';
+            var gcse = document.createElement('script');
+            gcse.type = 'text/javascript';
+            gcse.async = true;
+            gcse.src = 'https://cse.google.com/cse.js?cx=' + cx;
+            var s = document.getElementsByTagName('script')[0];
+            s.parentNode.insertBefore(gcse, s);
+            })();
+          </script>
+          <gcse:searchresults-only></gcse:searchresults-only>
+          {{ else if .Site.Params.k8s_search }}
+          <script src="{{ "js/search.js" | relURL }}"></script>
+          <gcse:searchresults-only linktarget="_parent">
+            <div id="bing-results-container">{{ T "layouts_docs_search_fetching" }}</div>
+            <div id="bing-pagination-container"></div>
+          </gcse:searchresults-only>
+          {{ end }}
+          </div>
+        </section>
       </main>
     {{ partial "footer.html" . }}
     </div>
diff --git a/layouts/partials/scripts.html b/layouts/partials/scripts.html
new file mode 100644
index 0000000000..2ee8155b11
--- /dev/null
+++ b/layouts/partials/scripts.html
@@ -0,0 +1,28 @@
+
+<script src="/js/popper-1.14.3.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script>
+<script src="/js/bootstrap-4.3.1.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
+
+{{ if .Site.Params.mermaid.enable }}
+<script src="/js//mermaid.min.js" crossorigin="anonymous"></script>
+
+{{ end }}
+
+{{ $jsBase := resources.Get "js/base.js" }}
+{{ $jsAnchor := resources.Get "js/anchor.js" }}
+{{ $jsSearch := resources.Get "js/search.js" | resources.ExecuteAsTemplate "js/search.js" .Site.Home }}
+{{ $jsMermaid := resources.Get "js/mermaid.js" | resources.ExecuteAsTemplate "js/mermaid.js" . }}
+{{ if .Site.Params.offlineSearch }}
+{{ $jsSearch = resources.Get "js/offline-search.js" }}
+{{ end }}
+{{ $js := (slice $jsBase $jsAnchor $jsSearch $jsMermaid) | resources.Concat "js/main.js" }}
+{{ if .Site.IsServer }}
+<script src="{{ $js.RelPermalink }}"></script>
+{{ else }}
+{{ $js := $js | minify | fingerprint }}
+<script src="{{ $js.RelPermalink }}" integrity="{{ $js.Data.Integrity }}" crossorigin="anonymous"></script>
+{{ end }}
+{{ with .Site.Params.prism_syntax_highlighting }}
+<!-- scripts for prism -->
+<script src='/js/prism.js'></script>
+{{ end }}
+{{ partial "hooks/body-end.html" . }}
diff --git a/static/_redirects b/static/_redirects
index 9027eb903d..fd7eba2713 100644
--- a/static/_redirects
+++ b/static/_redirects
@@ -203,6 +203,8 @@
 
 /docs/reference/kubernetes-api/api-index/ /docs/reference 301
 
+/docs/reference/kubernetes-api/labels-annotations-taints/ /docs/reference/labels-annotations-taints/ 301
+
 /docs/reporting-security-issues/     /security/ 301
 
 /docs/roadmap/     https://github.com/kubernetes/kubernetes/milestones/ 301
@@ -375,9 +377,7 @@
 /docs/user-guide/liveness/     /docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ 301
 /docs/user-guide/load-balancer/     /docs/tasks/access-application-cluster/create-external-load-balancer/ 301
 /docs/user-guide/logging/     /docs/concepts/cluster-administration/logging/ 301
-/docs/user-guide/logging/elasticsearch/     /docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/ 301
 /docs/user-guide/logging/overview/     /docs/concepts/cluster-administration/logging/ 301
-/docs/user-guide/logging/stackdriver/     /docs/tasks/debug-application-cluster/logging-stackdriver/ 301
 /docs/user-guide/managing-deployments/     /docs/concepts/cluster-administration/manage-deployment/ 301
 /docs/user-guide/monitoring/     /docs/tasks/debug-application-cluster/resource-usage-monitoring/ 301
 /docs/user-guide/namespaces/     /docs/concepts/overview/working-with-objects/namespaces/ 301
@@ -466,6 +466,7 @@
 /docs/admin/authorization/     /docs/reference/access-authn-authz/authorization/ 301
 /docs/admin/high-availability/building/     /docs/setup/production-environment/tools/kubeadm/high-availability/   301
 /code-of-conduct/     /community/code-of-conduct/   301
+/values/     /community/values/   302
 
 /docs/setup/version-skew-policy/     /docs/setup/release/version-skew-policy/   301
 
diff --git a/static/js/popper-1.14.3.min.js b/static/js/popper-1.14.3.min.js
new file mode 100644
index 0000000000..79ccbf58b0
--- /dev/null
+++ b/static/js/popper-1.14.3.min.js
@@ -0,0 +1,5 @@
+/*
+ Copyright (C) Federico Zivolo 2018
+ Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).
+ */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll|overlay)/.test(r+s+p)?e:n(o(e))}function r(e){return 11===e?re:10===e?pe:re||pe}function p(e){if(!e)return document.documentElement;for(var o=r(10)?document.body:null,n=e.offsetParent;n===o&&e.nextElementSibling;)n=(e=e.nextElementSibling).offsetParent;var i=n&&n.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(n.nodeName)&&'static'===t(n,'position')?p(n):n:e?e.ownerDocument.documentElement:document.documentElement}function s(e){var t=e.nodeName;return'BODY'!==t&&('HTML'===t||p(e.firstElementChild)===e)}function d(e){return null===e.parentNode?e:d(e.parentNode)}function a(e,t){if(!e||!e.nodeType||!t||!t.nodeType)return document.documentElement;var o=e.compareDocumentPosition(t)&Node.DOCUMENT_POSITION_FOLLOWING,n=o?e:t,i=o?t:e,r=document.createRange();r.setStart(n,0),r.setEnd(i,0);var l=r.commonAncestorContainer;if(e!==l&&t!==l||n.contains(i))return s(l)?l:p(l);var f=d(e);return f.host?a(f.host,t):a(e,d(t).host)}function l(e){var t=1<arguments.length&&void 0!==arguments[1]?arguments[1]:'top',o='top'===t?'scrollTop':'scrollLeft',n=e.nodeName;if('BODY'===n||'HTML'===n){var i=e.ownerDocument.documentElement,r=e.ownerDocument.scrollingElement||i;return r[o]}return e[o]}function f(e,t){var o=2<arguments.length&&void 0!==arguments[2]&&arguments[2],n=l(t,'top'),i=l(t,'left'),r=o?-1:1;return e.top+=n*r,e.bottom+=n*r,e.left+=i*r,e.right+=i*r,e}function m(e,t){var o='x'===t?'Left':'Top',n='Left'==o?'Right':'Bottom';return parseFloat(e['border'+o+'Width'],10)+parseFloat(e['border'+n+'Width'],10)}function h(e,t,o,n){return $(t['offset'+e],t['scroll'+e],o['client'+e],o['offset'+e],o['scroll'+e],r(10)?o['offset'+e]+n['margin'+('Height'===e?'Top':'Left')]+n['margin'+('Height'===e?'Bottom':'Right')]:0)}function c(){var e=document.body,t=document.documentElement,o=r(10)&&getComputedStyle(t);return{height:h('Height',e,t,o),width:h('Width',e,t,o)}}function g(e){return le({},e,{right:e.left+e.width,bottom:e.top+e.height})}function u(e){var o={};try{if(r(10)){o=e.getBoundingClientRect();var n=l(e,'top'),i=l(e,'left');o.top+=n,o.left+=i,o.bottom+=n,o.right+=i}else o=e.getBoundingClientRect()}catch(t){}var p={left:o.left,top:o.top,width:o.right-o.left,height:o.bottom-o.top},s='HTML'===e.nodeName?c():{},d=s.width||e.clientWidth||p.right-p.left,a=s.height||e.clientHeight||p.bottom-p.top,f=e.offsetWidth-d,h=e.offsetHeight-a;if(f||h){var u=t(e);f-=m(u,'x'),h-=m(u,'y'),p.width-=f,p.height-=h}return g(p)}function b(e,o){var i=2<arguments.length&&void 0!==arguments[2]&&arguments[2],p=r(10),s='HTML'===o.nodeName,d=u(e),a=u(o),l=n(e),m=t(o),h=parseFloat(m.borderTopWidth,10),c=parseFloat(m.borderLeftWidth,10);i&&'HTML'===o.nodeName&&(a.top=$(a.top,0),a.left=$(a.left,0));var b=g({top:d.top-a.top-h,left:d.left-a.left-c,width:d.width,height:d.height});if(b.marginTop=0,b.marginLeft=0,!p&&s){var y=parseFloat(m.marginTop,10),w=parseFloat(m.marginLeft,10);b.top-=h-y,b.bottom-=h-y,b.left-=c-w,b.right-=c-w,b.marginTop=y,b.marginLeft=w}return(p&&!i?o.contains(l):o===l&&'BODY'!==l.nodeName)&&(b=f(b,o)),b}function y(e){var t=1<arguments.length&&void 0!==arguments[1]&&arguments[1],o=e.ownerDocument.documentElement,n=b(e,o),i=$(o.clientWidth,window.innerWidth||0),r=$(o.clientHeight,window.innerHeight||0),p=t?0:l(o),s=t?0:l(o,'left'),d={top:p-n.top+n.marginTop,left:s-n.left+n.marginLeft,width:i,height:r};return g(d)}function w(e){var n=e.nodeName;return'BODY'===n||'HTML'===n?!1:'fixed'===t(e,'position')||w(o(e))}function E(e){if(!e||!e.parentElement||r())return document.documentElement;for(var o=e.parentElement;o&&'none'===t(o,'transform');)o=o.parentElement;return o||document.documentElement}function v(e,t,i,r){var p=4<arguments.length&&void 0!==arguments[4]&&arguments[4],s={top:0,left:0},d=p?E(e):a(e,t);if('viewport'===r)s=y(d,p);else{var l;'scrollParent'===r?(l=n(o(t)),'BODY'===l.nodeName&&(l=e.ownerDocument.documentElement)):'window'===r?l=e.ownerDocument.documentElement:l=r;var f=b(l,d,p);if('HTML'===l.nodeName&&!w(d)){var m=c(),h=m.height,g=m.width;s.top+=f.top-f.marginTop,s.bottom=h+f.top,s.left+=f.left-f.marginLeft,s.right=g+f.left}else s=f}return s.left+=i,s.top+=i,s.right-=i,s.bottom-=i,s}function x(e){var t=e.width,o=e.height;return t*o}function O(e,t,o,n,i){var r=5<arguments.length&&void 0!==arguments[5]?arguments[5]:0;if(-1===e.indexOf('auto'))return e;var p=v(o,n,r,i),s={top:{width:p.width,height:t.top-p.top},right:{width:p.right-t.right,height:p.height},bottom:{width:p.width,height:p.bottom-t.bottom},left:{width:t.left-p.left,height:p.height}},d=Object.keys(s).map(function(e){return le({key:e},s[e],{area:x(s[e])})}).sort(function(e,t){return t.area-e.area}),a=d.filter(function(e){var t=e.width,n=e.height;return t>=o.clientWidth&&n>=o.clientHeight}),l=0<a.length?a[0].key:d[0].key,f=e.split('-')[1];return l+(f?'-'+f:'')}function L(e,t,o){var n=3<arguments.length&&void 0!==arguments[3]?arguments[3]:null,i=n?E(t):a(t,o);return b(o,i,n)}function S(e){var t=getComputedStyle(e),o=parseFloat(t.marginTop)+parseFloat(t.marginBottom),n=parseFloat(t.marginLeft)+parseFloat(t.marginRight),i={width:e.offsetWidth+n,height:e.offsetHeight+o};return i}function T(e){var t={left:'right',right:'left',bottom:'top',top:'bottom'};return e.replace(/left|right|bottom|top/g,function(e){return t[e]})}function C(e,t,o){o=o.split('-')[0];var n=S(e),i={width:n.width,height:n.height},r=-1!==['right','left'].indexOf(o),p=r?'top':'left',s=r?'left':'top',d=r?'height':'width',a=r?'width':'height';return i[p]=t[p]+t[d]/2-n[d]/2,i[s]=o===s?t[s]-n[a]:t[T(s)],i}function D(e,t){return Array.prototype.find?e.find(t):e.filter(t)[0]}function N(e,t,o){if(Array.prototype.findIndex)return e.findIndex(function(e){return e[t]===o});var n=D(e,function(e){return e[t]===o});return e.indexOf(n)}function P(t,o,n){var i=void 0===n?t:t.slice(0,N(t,'name',n));return i.forEach(function(t){t['function']&&console.warn('`modifier.function` is deprecated, use `modifier.fn`!');var n=t['function']||t.fn;t.enabled&&e(n)&&(o.offsets.popper=g(o.offsets.popper),o.offsets.reference=g(o.offsets.reference),o=n(o,t))}),o}function k(){if(!this.state.isDestroyed){var e={instance:this,styles:{},arrowStyles:{},attributes:{},flipped:!1,offsets:{}};e.offsets.reference=L(this.state,this.popper,this.reference,this.options.positionFixed),e.placement=O(this.options.placement,e.offsets.reference,this.popper,this.reference,this.options.modifiers.flip.boundariesElement,this.options.modifiers.flip.padding),e.originalPlacement=e.placement,e.positionFixed=this.options.positionFixed,e.offsets.popper=C(this.popper,e.offsets.reference,e.placement),e.offsets.popper.position=this.options.positionFixed?'fixed':'absolute',e=P(this.modifiers,e),this.state.isCreated?this.options.onUpdate(e):(this.state.isCreated=!0,this.options.onCreate(e))}}function W(e,t){return e.some(function(e){var o=e.name,n=e.enabled;return n&&o===t})}function B(e){for(var t=[!1,'ms','Webkit','Moz','O'],o=e.charAt(0).toUpperCase()+e.slice(1),n=0;n<t.length;n++){var i=t[n],r=i?''+i+o:e;if('undefined'!=typeof document.body.style[r])return r}return null}function H(){return this.state.isDestroyed=!0,W(this.modifiers,'applyStyle')&&(this.popper.removeAttribute('x-placement'),this.popper.style.position='',this.popper.style.top='',this.popper.style.left='',this.popper.style.right='',this.popper.style.bottom='',this.popper.style.willChange='',this.popper.style[B('transform')]=''),this.disableEventListeners(),this.options.removeOnDestroy&&this.popper.parentNode.removeChild(this.popper),this}function A(e){var t=e.ownerDocument;return t?t.defaultView:window}function M(e,t,o,i){var r='BODY'===e.nodeName,p=r?e.ownerDocument.defaultView:e;p.addEventListener(t,o,{passive:!0}),r||M(n(p.parentNode),t,o,i),i.push(p)}function I(e,t,o,i){o.updateBound=i,A(e).addEventListener('resize',o.updateBound,{passive:!0});var r=n(e);return M(r,'scroll',o.updateBound,o.scrollParents),o.scrollElement=r,o.eventsEnabled=!0,o}function F(){this.state.eventsEnabled||(this.state=I(this.reference,this.options,this.state,this.scheduleUpdate))}function R(e,t){return A(e).removeEventListener('resize',t.updateBound),t.scrollParents.forEach(function(e){e.removeEventListener('scroll',t.updateBound)}),t.updateBound=null,t.scrollParents=[],t.scrollElement=null,t.eventsEnabled=!1,t}function U(){this.state.eventsEnabled&&(cancelAnimationFrame(this.scheduleUpdate),this.state=R(this.reference,this.state))}function Y(e){return''!==e&&!isNaN(parseFloat(e))&&isFinite(e)}function j(e,t){Object.keys(t).forEach(function(o){var n='';-1!==['width','height','top','right','bottom','left'].indexOf(o)&&Y(t[o])&&(n='px'),e.style[o]=t[o]+n})}function K(e,t){Object.keys(t).forEach(function(o){var n=t[o];!1===n?e.removeAttribute(o):e.setAttribute(o,t[o])})}function q(e,t,o){var n=D(e,function(e){var o=e.name;return o===t}),i=!!n&&e.some(function(e){return e.name===o&&e.enabled&&e.order<n.order});if(!i){var r='`'+t+'`';console.warn('`'+o+'`'+' modifier is required by '+r+' modifier in order to work, be sure to include it before '+r+'!')}return i}function G(e){return'end'===e?'start':'start'===e?'end':e}function z(e){var t=1<arguments.length&&void 0!==arguments[1]&&arguments[1],o=me.indexOf(e),n=me.slice(o+1).concat(me.slice(0,o));return t?n.reverse():n}function V(e,t,o,n){var i=e.match(/((?:\-|\+)?\d*\.?\d*)(.*)/),r=+i[1],p=i[2];if(!r)return e;if(0===p.indexOf('%')){var s;switch(p){case'%p':s=o;break;case'%':case'%r':default:s=n;}var d=g(s);return d[t]/100*r}if('vh'===p||'vw'===p){var a;return a='vh'===p?$(document.documentElement.clientHeight,window.innerHeight||0):$(document.documentElement.clientWidth,window.innerWidth||0),a/100*r}return r}function _(e,t,o,n){var i=[0,0],r=-1!==['right','left'].indexOf(n),p=e.split(/(\+|\-)/).map(function(e){return e.trim()}),s=p.indexOf(D(p,function(e){return-1!==e.search(/,|\s/)}));p[s]&&-1===p[s].indexOf(',')&&console.warn('Offsets separated by white space(s) are deprecated, use a comma (,) instead.');var d=/\s*,\s*|\s+/,a=-1===s?[p]:[p.slice(0,s).concat([p[s].split(d)[0]]),[p[s].split(d)[1]].concat(p.slice(s+1))];return a=a.map(function(e,n){var i=(1===n?!r:r)?'height':'width',p=!1;return e.reduce(function(e,t){return''===e[e.length-1]&&-1!==['+','-'].indexOf(t)?(e[e.length-1]=t,p=!0,e):p?(e[e.length-1]+=t,p=!1,e):e.concat(t)},[]).map(function(e){return V(e,i,t,o)})}),a.forEach(function(e,t){e.forEach(function(o,n){Y(o)&&(i[t]+=o*('-'===e[n-1]?-1:1))})}),i}function X(e,t){var o,n=t.offset,i=e.placement,r=e.offsets,p=r.popper,s=r.reference,d=i.split('-')[0];return o=Y(+n)?[+n,0]:_(n,p,s,d),'left'===d?(p.top+=o[0],p.left-=o[1]):'right'===d?(p.top+=o[0],p.left+=o[1]):'top'===d?(p.left+=o[0],p.top-=o[1]):'bottom'===d&&(p.left+=o[0],p.top+=o[1]),e.popper=p,e}for(var J=Math.min,Q=Math.round,Z=Math.floor,$=Math.max,ee='undefined'!=typeof window&&'undefined'!=typeof document,te=['Edge','Trident','Firefox'],oe=0,ne=0;ne<te.length;ne+=1)if(ee&&0<=navigator.userAgent.indexOf(te[ne])){oe=1;break}var i=ee&&window.Promise,ie=i?function(e){var t=!1;return function(){t||(t=!0,window.Promise.resolve().then(function(){t=!1,e()}))}}:function(e){var t=!1;return function(){t||(t=!0,setTimeout(function(){t=!1,e()},oe))}},re=ee&&!!(window.MSInputMethodContext&&document.documentMode),pe=ee&&/MSIE 10/.test(navigator.userAgent),se=function(e,t){if(!(e instanceof t))throw new TypeError('Cannot call a class as a function')},de=function(){function e(e,t){for(var o,n=0;n<t.length;n++)o=t[n],o.enumerable=o.enumerable||!1,o.configurable=!0,'value'in o&&(o.writable=!0),Object.defineProperty(e,o.key,o)}return function(t,o,n){return o&&e(t.prototype,o),n&&e(t,n),t}}(),ae=function(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e},le=Object.assign||function(e){for(var t,o=1;o<arguments.length;o++)for(var n in t=arguments[o],t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n]);return e},fe=['auto-start','auto','auto-end','top-start','top','top-end','right-start','right','right-end','bottom-end','bottom','bottom-start','left-end','left','left-start'],me=fe.slice(3),he={FLIP:'flip',CLOCKWISE:'clockwise',COUNTERCLOCKWISE:'counterclockwise'},ce=function(){function t(o,n){var i=this,r=2<arguments.length&&void 0!==arguments[2]?arguments[2]:{};se(this,t),this.scheduleUpdate=function(){return requestAnimationFrame(i.update)},this.update=ie(this.update.bind(this)),this.options=le({},t.Defaults,r),this.state={isDestroyed:!1,isCreated:!1,scrollParents:[]},this.reference=o&&o.jquery?o[0]:o,this.popper=n&&n.jquery?n[0]:n,this.options.modifiers={},Object.keys(le({},t.Defaults.modifiers,r.modifiers)).forEach(function(e){i.options.modifiers[e]=le({},t.Defaults.modifiers[e]||{},r.modifiers?r.modifiers[e]:{})}),this.modifiers=Object.keys(this.options.modifiers).map(function(e){return le({name:e},i.options.modifiers[e])}).sort(function(e,t){return e.order-t.order}),this.modifiers.forEach(function(t){t.enabled&&e(t.onLoad)&&t.onLoad(i.reference,i.popper,i.options,t,i.state)}),this.update();var p=this.options.eventsEnabled;p&&this.enableEventListeners(),this.state.eventsEnabled=p}return de(t,[{key:'update',value:function(){return k.call(this)}},{key:'destroy',value:function(){return H.call(this)}},{key:'enableEventListeners',value:function(){return F.call(this)}},{key:'disableEventListeners',value:function(){return U.call(this)}}]),t}();return ce.Utils=('undefined'==typeof window?global:window).PopperUtils,ce.placements=fe,ce.Defaults={placement:'bottom',positionFixed:!1,eventsEnabled:!0,removeOnDestroy:!1,onCreate:function(){},onUpdate:function(){},modifiers:{shift:{order:100,enabled:!0,fn:function(e){var t=e.placement,o=t.split('-')[0],n=t.split('-')[1];if(n){var i=e.offsets,r=i.reference,p=i.popper,s=-1!==['bottom','top'].indexOf(o),d=s?'left':'top',a=s?'width':'height',l={start:ae({},d,r[d]),end:ae({},d,r[d]+r[a]-p[a])};e.offsets.popper=le({},p,l[n])}return e}},offset:{order:200,enabled:!0,fn:X,offset:0},preventOverflow:{order:300,enabled:!0,fn:function(e,t){var o=t.boundariesElement||p(e.instance.popper);e.instance.reference===o&&(o=p(o));var n=B('transform'),i=e.instance.popper.style,r=i.top,s=i.left,d=i[n];i.top='',i.left='',i[n]='';var a=v(e.instance.popper,e.instance.reference,t.padding,o,e.positionFixed);i.top=r,i.left=s,i[n]=d,t.boundaries=a;var l=t.priority,f=e.offsets.popper,m={primary:function(e){var o=f[e];return f[e]<a[e]&&!t.escapeWithReference&&(o=$(f[e],a[e])),ae({},e,o)},secondary:function(e){var o='right'===e?'left':'top',n=f[o];return f[e]>a[e]&&!t.escapeWithReference&&(n=J(f[o],a[e]-('right'===e?f.width:f.height))),ae({},o,n)}};return l.forEach(function(e){var t=-1===['left','top'].indexOf(e)?'secondary':'primary';f=le({},f,m[t](e))}),e.offsets.popper=f,e},priority:['left','right','top','bottom'],padding:5,boundariesElement:'scrollParent'},keepTogether:{order:400,enabled:!0,fn:function(e){var t=e.offsets,o=t.popper,n=t.reference,i=e.placement.split('-')[0],r=Z,p=-1!==['top','bottom'].indexOf(i),s=p?'right':'bottom',d=p?'left':'top',a=p?'width':'height';return o[s]<r(n[d])&&(e.offsets.popper[d]=r(n[d])-o[a]),o[d]>r(n[s])&&(e.offsets.popper[d]=r(n[s])),e}},arrow:{order:500,enabled:!0,fn:function(e,o){var n;if(!q(e.instance.modifiers,'arrow','keepTogether'))return e;var i=o.element;if('string'==typeof i){if(i=e.instance.popper.querySelector(i),!i)return e;}else if(!e.instance.popper.contains(i))return console.warn('WARNING: `arrow.element` must be child of its popper element!'),e;var r=e.placement.split('-')[0],p=e.offsets,s=p.popper,d=p.reference,a=-1!==['left','right'].indexOf(r),l=a?'height':'width',f=a?'Top':'Left',m=f.toLowerCase(),h=a?'left':'top',c=a?'bottom':'right',u=S(i)[l];d[c]-u<s[m]&&(e.offsets.popper[m]-=s[m]-(d[c]-u)),d[m]+u>s[c]&&(e.offsets.popper[m]+=d[m]+u-s[c]),e.offsets.popper=g(e.offsets.popper);var b=d[m]+d[l]/2-u/2,y=t(e.instance.popper),w=parseFloat(y['margin'+f],10),E=parseFloat(y['border'+f+'Width'],10),v=b-e.offsets.popper[m]-w-E;return v=$(J(s[l]-u,v),0),e.arrowElement=i,e.offsets.arrow=(n={},ae(n,m,Q(v)),ae(n,h,''),n),e},element:'[x-arrow]'},flip:{order:600,enabled:!0,fn:function(e,t){if(W(e.instance.modifiers,'inner'))return e;if(e.flipped&&e.placement===e.originalPlacement)return e;var o=v(e.instance.popper,e.instance.reference,t.padding,t.boundariesElement,e.positionFixed),n=e.placement.split('-')[0],i=T(n),r=e.placement.split('-')[1]||'',p=[];switch(t.behavior){case he.FLIP:p=[n,i];break;case he.CLOCKWISE:p=z(n);break;case he.COUNTERCLOCKWISE:p=z(n,!0);break;default:p=t.behavior;}return p.forEach(function(s,d){if(n!==s||p.length===d+1)return e;n=e.placement.split('-')[0],i=T(n);var a=e.offsets.popper,l=e.offsets.reference,f=Z,m='left'===n&&f(a.right)>f(l.left)||'right'===n&&f(a.left)<f(l.right)||'top'===n&&f(a.bottom)>f(l.top)||'bottom'===n&&f(a.top)<f(l.bottom),h=f(a.left)<f(o.left),c=f(a.right)>f(o.right),g=f(a.top)<f(o.top),u=f(a.bottom)>f(o.bottom),b='left'===n&&h||'right'===n&&c||'top'===n&&g||'bottom'===n&&u,y=-1!==['top','bottom'].indexOf(n),w=!!t.flipVariations&&(y&&'start'===r&&h||y&&'end'===r&&c||!y&&'start'===r&&g||!y&&'end'===r&&u);(m||b||w)&&(e.flipped=!0,(m||b)&&(n=p[d+1]),w&&(r=G(r)),e.placement=n+(r?'-'+r:''),e.offsets.popper=le({},e.offsets.popper,C(e.instance.popper,e.offsets.reference,e.placement)),e=P(e.instance.modifiers,e,'flip'))}),e},behavior:'flip',padding:5,boundariesElement:'viewport'},inner:{order:700,enabled:!1,fn:function(e){var t=e.placement,o=t.split('-')[0],n=e.offsets,i=n.popper,r=n.reference,p=-1!==['left','right'].indexOf(o),s=-1===['top','left'].indexOf(o);return i[p?'left':'top']=r[o]-(s?i[p?'width':'height']:0),e.placement=T(t),e.offsets.popper=g(i),e}},hide:{order:800,enabled:!0,fn:function(e){if(!q(e.instance.modifiers,'hide','preventOverflow'))return e;var t=e.offsets.reference,o=D(e.instance.modifiers,function(e){return'preventOverflow'===e.name}).boundaries;if(t.bottom<o.top||t.left>o.right||t.top>o.bottom||t.right<o.left){if(!0===e.hide)return e;e.hide=!0,e.attributes['x-out-of-boundaries']=''}else{if(!1===e.hide)return e;e.hide=!1,e.attributes['x-out-of-boundaries']=!1}return e}},computeStyle:{order:850,enabled:!0,fn:function(e,t){var o=t.x,n=t.y,i=e.offsets.popper,r=D(e.instance.modifiers,function(e){return'applyStyle'===e.name}).gpuAcceleration;void 0!==r&&console.warn('WARNING: `gpuAcceleration` option moved to `computeStyle` modifier and will not be supported in future versions of Popper.js!');var s,d,a=void 0===r?t.gpuAcceleration:r,l=p(e.instance.popper),f=u(l),m={position:i.position},h={left:Z(i.left),top:Q(i.top),bottom:Q(i.bottom),right:Z(i.right)},c='bottom'===o?'top':'bottom',g='right'===n?'left':'right',b=B('transform');if(d='bottom'==c?-f.height+h.bottom:h.top,s='right'==g?-f.width+h.right:h.left,a&&b)m[b]='translate3d('+s+'px, '+d+'px, 0)',m[c]=0,m[g]=0,m.willChange='transform';else{var y='bottom'==c?-1:1,w='right'==g?-1:1;m[c]=d*y,m[g]=s*w,m.willChange=c+', '+g}var E={"x-placement":e.placement};return e.attributes=le({},E,e.attributes),e.styles=le({},m,e.styles),e.arrowStyles=le({},e.offsets.arrow,e.arrowStyles),e},gpuAcceleration:!0,x:'bottom',y:'right'},applyStyle:{order:900,enabled:!0,fn:function(e){return j(e.instance.popper,e.styles),K(e.instance.popper,e.attributes),e.arrowElement&&Object.keys(e.arrowStyles).length&&j(e.arrowElement,e.arrowStyles),e},onLoad:function(e,t,o,n,i){var r=L(i,t,e,o.positionFixed),p=O(o.placement,r,t,e,o.modifiers.flip.boundariesElement,o.modifiers.flip.padding);return t.setAttribute('x-placement',p),j(t,{position:o.positionFixed?'fixed':'absolute'}),o},gpuAcceleration:void 0}}},ce});
+//# sourceMappingURL=popper.min.js.map