diff --git a/_data/glossary/node.yaml b/_data/glossary/node.yaml
index 3586dd5ca089f..fe0b91a15882f 100644
--- a/_data/glossary/node.yaml
+++ b/_data/glossary/node.yaml
@@ -1,6 +1,6 @@
 id: node
 name: Node
-full-link: /docs/concepts/architecture/node
+full-link: /docs/concepts/architecture/nodes/
 aka:
 - Minion
 related:
diff --git a/_data/glossary/replica-set.yml b/_data/glossary/replica-set.yml
new file mode 100644
index 0000000000000..74d987b588654
--- /dev/null
+++ b/_data/glossary/replica-set.yml
@@ -0,0 +1,13 @@
+id: replica-set
+name: ReplicaSet
+full-link: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+related:
+- replication-controller
+tags:
+- core-object
+- architecture
+short-description: >
+  ReplicaSet is the next-generation Replication Controller.
+long-description: >
+  ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time.
+  ReplicaSet supports the new set-based selector requirements as described in the labels user guide, whereas a Replication Controller only supports equality-based selector requirements.
diff --git a/_data/glossary/volume.yaml b/_data/glossary/volume.yaml
index 60d0fe231e77d..b89b139d52500 100644
--- a/_data/glossary/volume.yaml
+++ b/_data/glossary/volume.yaml
@@ -1,6 +1,6 @@
 id: volume
 name: Volume
-full-link: kubernetes.io/docs/concepts/storage/volumes/
+full-link: /docs/concepts/storage/volumes/
 related:
 - pod
 - container
diff --git a/_data/tools.yml b/_data/tools.yml
index b5e3a29e7f8af..53a9e5ef434be 100644
--- a/_data/tools.yml
+++ b/_data/tools.yml
@@ -6,7 +6,7 @@ toc:
 - title: Native Tools
   section:
   - title: Kubectl
-    path: /docs/user-guide/kubectl/
+    path: /docs/reference/kubectl/overview/
   - title: Kubeadm
     path: /docs/getting-started-guides/kubeadm
   - title: Kubefed
diff --git a/_redirects b/_redirects
index 345d65d01f509..f10c8d57d03a1 100644
--- a/_redirects
+++ b/_redirects
@@ -140,8 +140,8 @@
 /docs/contribute/style-guide/     /docs/home/contribute/style-guide/ 301
 
 /docs/contribute/write-new-topic/        /docs/home/contribute/write-new-topic/ 301
-/docs/deprecate/     /ddocs/reference/deprecation-policy/ 301
-/docs/deprecated/     /ddocs/reference/deprecation-policy/ 301
+/docs/deprecate/     /docs/reference/deprecation-policy/ 301
+/docs/deprecated/     /docs/reference/deprecation-policy/ 301
 /docs/deprecation-policy/     /docs/reference/deprecation-policy/ 301
 
 /docs/federation/api-reference/     /docs/reference/federation/v1/operations/ 301
@@ -167,6 +167,7 @@
 /docs/getting-started-guides/juju/     /docs/getting-started-guides/ubuntu/installation/ 301
 /docs/getting-started-guides/kargo/     /docs/getting-started-guides/kubespray/ 301
 /docs/getting-started-guides/kubeadm/     /docs/setup/independent/create-cluster-kubeadm/ 301
+/docs/getting-started-guides/kubectl/     /docs/reference/kubectl/overview/ 301
 /docs/getting-started-guides/logging/     /docs/concepts/cluster-administration/logging/ 301
 /docs/getting-started-guides/logging-elasticsearch/     /docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/ 301
 /docs/getting-started-guides/meanstack/     https://medium.com/google-cloud/running-a-mean-stack-on-google-cloud-platform-with-kubernetes-149ca81c2b5d/ 301
@@ -235,6 +236,7 @@
 /docs/tasks/configure-pod-container/downward-api-volume-expose-pod-information/     /docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/ 301
 /docs/tasks/configure-pod-container/environment-variable-expose-pod-information/     /docs/tasks/inject-data-application/environment-variable-expose-pod-information/ 301
 /docs/tasks/configure-pod-container/limit-range/     /docs/tasks/administer-cluster/cpu-memory-limit/ 301
+/docs/tasks/configure-pod-container/opaque-integer-resource/    /docs/concepts/configuration/manage-compute-resources-container/#opaque-integer-resources-alpha-feature 301
 /docs/tasks/configure-pod-container/projected-volume/     /docs/tasks/configure-pod-container/configure-projected-volume-storage/ 301
 /docs/tasks/configure-pod-container/romana-network-policy/     /docs/tasks/administer-cluster/romana-network-policy/ 301
 /docs/tasks/configure-pod-container/weave-network-policy/     /docs/tasks/administer-cluster/weave-network-policy/ 301
@@ -343,7 +345,7 @@
 /docs/user-guide/kubectl-conventions/     /docs/reference/kubectl/conventions/
 /docs/user-guide/kubectl-cheatsheet/     /docs/reference/kubectl/cheatsheet/  
 /docs/user-guide/kubectl/1_5/*     https://v1-5.docs.kubernetes.io/docs/user-guide/kubectl/v1.5/ 301
-/docs/user-guide/kubectl/kubectl_*/     /docs/user-guide/kubectl/v1.7/#:splat 301
+/docs/user-guide/kubectl/kubectl_*/     /docs/reference/generated/kubectl/kubectl-commands#:splat 301
 /docs/user-guide/kubectl/v1.5/node_modules/*     https://v1-5.docs.kubernetes.io/docs/user-guide/kubectl/v1.5/ 301
 /docs/user-guide/kubectl/v1.6/node_modules/*     https://v1-6.docs.kubernetes.io/docs/user-guide/kubectl/v1.6/ 301
 /docs/user-guide/labels/     /docs/concepts/overview/working-with-objects/labels/ 301
@@ -422,7 +424,7 @@
 /v1.1/docs/admin/networking.html     /docs/concepts/cluster-administration/networking/     301
 /v1.1/docs/getting-started-guides/     /docs/tutorials/kubernetes-basics/ 301
 
-https://kubernetes-io-v1-7.netlify.com/*    https://v1-7.docs.kubernetes.io/"splat 301
+https://kubernetes-io-v1-7.netlify.com/*    https://v1-7.docs.kubernetes.io/:splat 301
 
 /docs/admin/cloud-controller-manager/     /docs/reference/generated/cloud-controller-manager/ 301
 /docs/admin/kube-apiserver/     /docs/reference/generated/kube-apiserver/ 301
diff --git a/docs/admin/authentication.md b/docs/admin/authentication.md
index 95604f4e7929a..2dc4e9fd5887b 100644
--- a/docs/admin/authentication.md
+++ b/docs/admin/authentication.md
@@ -317,7 +317,7 @@ For an identity provider to work with Kubernetes it must:
 3.  Have a CA signed certificate (even if the CA is not a commercial CA or is self signed)
 
 A note about requirement #3 above, requiring a CA signed certificate.  If you deploy your own identity provider (as opposed to one of the cloud providers like Google or Microsoft) you MUST have your identity provider's web server certificate signed by a certificate with the `CA` flag set to `TRUE`, even if it is self signed.  This is due to GoLang's TLS client implementation being very strict to the standards around certificate validation.  If you don't have a CA handy, you can use [this script](https://github.com/coreos/dex/blob/1ee5920c54f5926d6468d2607c728b71cfe98092/examples/k8s/gencert.sh) from the CoreOS team to create a simple CA and a signed certificate and key pair.
-Or you can use [this similar script](https://raw.githubusercontent.com/TremoloSecurity/openunison-qs-kubernetes/master/makecerts.sh) that generates SHA256 certs with a longer life and larger key size.
+Or you can use [this similar script](https://raw.githubusercontent.com/TremoloSecurity/openunison-qs-kubernetes/master/src/main/bash/makessl.sh) that generates SHA256 certs with a longer life and larger key size.
 
 Setup instructions for specific systems:
 
diff --git a/docs/concepts/cluster-administration/device-plugins.md b/docs/concepts/cluster-administration/device-plugins.md
index 635c8232b299c..310c2793df5ce 100644
--- a/docs/concepts/cluster-administration/device-plugins.md
+++ b/docs/concepts/cluster-administration/device-plugins.md
@@ -48,7 +48,7 @@ to advertise 2 `vendor-domain/foo`.
 Then, developers can request devices in a
 [Container](/docs/api-reference/{{page.version}}/#container-v1-core)
 specification by using the same process that is used for
-[opaque integer resources](/docs/tasks/configure-pod-container/opaque-integer-resource/).
+[opaque integer resources](/docs/concepts/configuration/manage-compute-resources-container/#opaque-integer-resources-alpha-feature).
 In version 1.8, extended resources are supported only as integer resources and must have
 `limit` equal to `request` in the Container specification.
 
diff --git a/docs/concepts/configuration/assign-pod-node.md b/docs/concepts/configuration/assign-pod-node.md
index e57e11ff51c1e..c6fc8ebf3a988 100644
--- a/docs/concepts/configuration/assign-pod-node.md
+++ b/docs/concepts/configuration/assign-pod-node.md
@@ -316,7 +316,7 @@ Highly Available database statefulset has one master and three replicas, one may
 |:--------------------:|:-------------------:|:------------------:|:------------------:|
 | *DB-MASTER*          | *DB-REPLICA-1*      | *DB-REPLICA-2*     | *DB-REPLICA-3*     |
 
-[Here](https://kubernetes.io/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure) is an example of zookeper statefulset configured with anti-affinity for high availability.
+[Here](https://kubernetes.io/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure) is an example of Zookeeper statefulset configured with anti-affinity for high availability.
 
 For more information on inter-pod affinity/anti-affinity, see the design doc
 [here](https://git.k8s.io/community/contributors/design-proposals/scheduling/podaffinity.md).
diff --git a/docs/concepts/overview/extending.md b/docs/concepts/overview/extending.md
index 89c34a40c4110..889b2df9c8f9a 100644
--- a/docs/concepts/overview/extending.md
+++ b/docs/concepts/overview/extending.md
@@ -94,13 +94,13 @@ This diagram shows the extension points in a Kubernetes system.
 
 <!-- image source diagrams: https://docs.google.com/drawings/d/1k2YdJgNTtNfW7_A8moIIkij-DmVgEhNrn3y2OODwqQQ/view -->
 
-1.   Users often interact with the Kubernetes API using `kubectl`. [Kubectl plugins](docs/tasks/extend-kubectl/kubectl-plugins) extend the kubectl binary. They only affect the individual user's local environment, and so cannot enforce site-wide policies.
-2.   The apiserver handles all requests. Several types of extension points in the apiserver allow authenticating requests, or blocking them based on their content, editing content, and handling deletion. These are described in the [API Access Extensions](docs/concepts/overview/extending#api-access-extensions) section.
-3.   The apiserver serves various kinds of *resources*. *Built-in resource kinds*, like `pods`, are defined by the Kubernetes project and can't be changed. You can also add resources that you define, or that other projects have defined, called *Custom Resources*, as explained in the [Custom Resources](docs/concepts/overview/extending#custom-resources) section. Custom Resources are often used with API Access Extensions.
-4.   The Kubernetes scheduler decides which nodes to place pods on. There are several ways to extend scheduling. These are described in the [Scheduler Extensions](docs/concepts/overview/extending#shceduler-extensions) section.
+1.   Users often interact with the Kubernetes API using `kubectl`. [Kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/) extend the kubectl binary. They only affect the individual user's local environment, and so cannot enforce site-wide policies.
+2.   The apiserver handles all requests. Several types of extension points in the apiserver allow authenticating requests, or blocking them based on their content, editing content, and handling deletion. These are described in the [API Access Extensions](/docs/concepts/overview/extending#api-access-extensions) section.
+3.   The apiserver serves various kinds of *resources*. *Built-in resource kinds*, like `pods`, are defined by the Kubernetes project and can't be changed. You can also add resources that you define, or that other projects have defined, called *Custom Resources*, as explained in the [Custom Resources](/docs/concepts/overview/extending#custom-resources) section. Custom Resources are often used with API Access Extensions.
+4.   The Kubernetes scheduler decides which nodes to place pods on. There are several ways to extend scheduling. These are described in the [Scheduler Extensions](/docs/concepts/overview/extending#scheduler-extensions) section.
 5.   Much of the behavior of Kubernetes is implemented by programs called Controllers which are clients of the API-Server. Controllers are often used in conjunction with Custom Resources.
-6.   The kubelet runs on servers, and helps pods appear like virtual servers with their own IPs on the cluster network. [Network Plugins](docs/concepts/overview/extending#network-plugins) allow for different implementations of pod networking.
-7.  The kubelet also mounts and unmounts volumes for containers. New types of storage can be supported via [Storage Plugins](docs/concepts/overview/extending#storage-plugins).
+6.   The kubelet runs on servers, and helps pods appear like virtual servers with their own IPs on the cluster network. [Network Plugins](/docs/concepts/overview/extending#network-plugins) allow for different implementations of pod networking.
+7.  The kubelet also mounts and unmounts volumes for containers. New types of storage can be supported via [Storage Plugins](/docs/concepts/overview/extending#storage-plugins).
 
 If you are unsure where to start, this flowchart can help. Note that some solutions may involve several types of extensions.
 
@@ -116,7 +116,7 @@ Consider adding a Custom Resource to Kubernetes if you want to define new contro
 
 Do not use a Custom Resource as data storage for application, user, or monitoring data.
 
-For more about Custom Resources, see the [Custom Resources concept guide](/docs/concepts/api-extension/custom-resources.md).
+For more about Custom Resources, see the [Custom Resources concept guide](/docs/concepts/api-extension/custom-resources/).
 
 
 ### Combining New APIs with Automation
@@ -200,11 +200,11 @@ the nodes chosen for a pod.
 {% capture whatsnext %}
 
 * Learn more about [Custom Resources](/docs/concepts/api-extension/custom-resources/)
-* Learn about [Dynamic admission control](/docs/admin/extensible-admission-controller)
+* Learn about [Dynamic admission control](/docs/admin/extensible-admission-controllers/)
 * Learn more about Infrastructure extensions
-  * [Network Plugins](/docs/concepts/cluster-administration/network-plugin)
-  * [Device Plugins](/docs/concepts/cluster-administration/device-plugins.md)
-* Learn about [kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugin)
+  * [Network Plugins](/docs/concepts/cluster-administration/network-plugins/)
+  * [Device Plugins](/docs/concepts/cluster-administration/device-plugins/)
+* Learn about [kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/)
 * See examples of Automation
   * [List of Operators](https://github.com/coreos/awesome-kubernetes-extensions)
 
diff --git a/docs/concepts/policy/pod-security-policy.md b/docs/concepts/policy/pod-security-policy.md
index 884ad55fc61e5..cf56b9900cf22 100644
--- a/docs/concepts/policy/pod-security-policy.md
+++ b/docs/concepts/policy/pod-security-policy.md
@@ -171,8 +171,86 @@ make sure `volumes` contains the `flexVolume` volume type, no flex volume driver
 otherwise. For example:
 
 ```yaml
-apiVersion: extensions/v1beta1
-kind: PodSecurityPolicy
+# Authorize all service accounts in a namespace:
+- kind: Group
+  apiGroup: rbac.authorization.k8s.io
+  name: system:serviceaccounts
+# Or equivalently, all authenticated users in a namespace:
+- kind: Group
+  apiGroup: rbac.authorization.k8s.io
+  name: system:authenticated
+```
+
+For more examples of RBAC bindings, see [Role Binding
+Examples](/docs/admin/authorization/rbac/#role-binding-examples). For a complete
+example of authorizing a PodSecurityPolicy, see
+[below](#example).
+
+
+### Troubleshooting
+
+- The [Controller Manager](/docs/admin/kube-controller-manager/) must be run
+against [the secured API port](/docs/admin/accessing-the-api/), and must not
+have superuser permissions. Otherwise requests would bypass authentication and
+authorization modules, all PodSecurityPolicy objects would be allowed, and users
+would be able to create privileged containers. For more details on configuring
+Controller Manager authorization, see [Controller
+Roles](/docs/admin/authorization/rbac/#controller-roles).
+
+## Policy Order
+
+In addition to restricting pod creation and update, pod security policies can
+also be used to provide default values for many of the fields that it
+controls. When multiple policies are available, the pod security policy
+controller selects policies in the following order:
+
+1. If any policies successfully validate the pod without altering it, they are
+   used.
+2. Otherwise, the first valid policy in alphabetical order is used.
+
+## Example
+
+_This example assumes you have a running cluster with the PodSecurityPolicy
+admission controller enabled and you have cluster admin privileges._
+
+### Set up
+
+Set up a namespace and a service account to act as for this example. We'll use
+this service account to mock a non-admin user.
+
+```shell
+$ kubectl create namespace psp-example
+$ kubectl create serviceaccount -n psp-example fake-user
+$ kubectl create rolebinding -n psp-example fake-editor --clusterrole=edit --serviceaccount=psp-example:fake-user
+```
+
+To make it clear which user we're acting as and save some typing, create 2
+aliases:
+
+```shell
+$ alias kubectl-admin='kubectl -n psp-example'
+$ alias kubectl-user='kubectl --as=system:serviceaccount:psp-example:fake-user -n psp-example'
+```
+
+### Create a policy and a pod
+
+Define the example PodSecurityPolicy object in a file. This is a policy that
+simply prevents the creation of privileged pods.
+
+{% include code.html language="yaml" file="example-psp.yaml" ghlink="/docs/concepts/policy/example-psp.yaml" %}
+
+And create it with kubectl:
+
+```shell
+$ kubectl-admin create -f example-psp.yaml
+```
+
+Now, as the unprivileged user, try to create a simple pod:
+
+```shell
+$ kubectl-user create -f- <<EOF
+apiVersion: v1
+kind: Pod
 metadata:
   name: allow-flex-volumes
 spec:
diff --git a/docs/tasks/administer-cluster/access-cluster-api.md b/docs/tasks/administer-cluster/access-cluster-api.md
index c7fa3107e3842..8cf2ae92bc5d7 100644
--- a/docs/tasks/administer-cluster/access-cluster-api.md
+++ b/docs/tasks/administer-cluster/access-cluster-api.md
@@ -32,7 +32,7 @@ $ kubectl config view
 ```
 
 Many of the [examples](https://github.com/kubernetes/examples/tree/{{page.githubbranch}}/) provide an introduction to using
-kubectl. Complete documentation is found in the [kubectl manual](/docs/user-guide/kubectl/index).
+kubectl. Complete documentation is found in the [kubectl manual](/docs/reference/kubectl/overview/).
 
 ### Directly accessing the REST API
 
diff --git a/docs/tasks/debug-application-cluster/audit.md b/docs/tasks/debug-application-cluster/audit.md
index b133b5928c69b..a47fc04c9bef3 100644
--- a/docs/tasks/debug-application-cluster/audit.md
+++ b/docs/tasks/debug-application-cluster/audit.md
@@ -37,11 +37,48 @@ of rules in order. The first matching rule sets the [audit level][auditing-level
 of the event. The audit policy object structure is defined in the
 [`audit.k8s.io` API group][auditing-api].
 
-You can pass a file with the policy to [kube-apiserver][kube-apiserver]
-using the `--audit-policy-file` flag. If the flag is omitted, no events are logged.
-__Note:__ `kind` and `apiVersion` fields along with `rules` __must__ be provided
-in the audit policy file. A policy with no (0) rules, or a policy that doesn't
-provide valid `apiVersion` and `kind` values is treated as illegal.
+`AdvancedAuditing` is customizable in two ways. Policy, which determines what's recorded,
+and backends, which persist records. Backend implementations include logs files and
+webhooks.
+
+The structure of audit events changes when enabling the `AdvancedAuditing` feature
+flag. This includes some cleanups, such as the `method` reflecting the verb evaluated
+by the [authorization layer](/docs/admin/authorization/) instead of the [HTTP verb](/docs/admin/authorization/#determine-the-request-verb).
+Also, instead of always generating two events per request, events are recorded with an associated "stage".
+The known stages are:
+
+- `RequestReceived` - The stage for events generated as soon as the audit handler receives the request.
+- `ResponseStarted` - Once the response headers are sent, but before the response body is sent. This stage is only generated for long-running requests (e.g. watch).
+- `ResponseComplete` - Once the response body has been completed.
+- `Panic` - Events generated when a panic occurred.
+
+### Audit Policy
+
+Audit policy is a document defining rules about what events should be recorded.
+The policy is passed to the [kube-apiserver][kube-apiserver] using the
+`--audit-policy-file` flag.
+
+```
+--audit-policy-file=/etc/kubernetes/audit-policy.yaml
+```
+
+If `AdvancedAuditing` is enabled and this flag is omitted, no events are logged.
+
+The policy file holds rules that determine the level of an event. Known audit levels are:
+
+- `None` - don't log events that match this rule.
+- `Metadata` - log request metadata (requesting user, timestamp, resource, verb, etc.) but not request or response body.
+- `Request` - log event metadata and request body but not response body.
+- `RequestResponse` - log event metadata, request and response bodies.
+
+When an event is processed, it's compared against the list of rules in order.
+The first matching rule sets the audit level of the event. The audit policy is
+defined by the [`audit.k8s.io` API group][audit-api].
+Some new fields are supported in beta version, like `resourceNames` and `omitStages`.
+
+In Kubernetes 1.8 `kind` and `apiVersion` along with `rules` __must__ be provided in
+the audit policy file. A policy file with 0 rules, or a policy file that doesn't provide
+a valid `apiVersion` and `kind` value will be treated as illegal.
 
 Some example audit policy files:
 
@@ -109,57 +146,66 @@ In this example, we will use fluentd to split audit events by different namespac
 1. install [fluentd, fluent-plugin-forest and fluent-plugin-rewrite-tag-filter][fluentd_install_doc] in the kube-apiserver node
 1. create a config file for fluentd
 
-          $ cat <<EOF > /etc/fluentd/config
-          # fluentd conf runs in the same host with kube-apiserver
-          <source>
-              @type tail
-              # audit log path of kube-apiserver
-              path /var/log/audit
-              pos_file /var/log/audit.pos
-              format json
-              time_key time
-              time_format %Y-%m-%dT%H:%M:%S.%N%z
-              tag audit
-          </source>
-          
-          <filter audit>
-              #https://github.com/fluent/fluent-plugin-rewrite-tag-filter/issues/13
-              type record_transformer
-              enable_ruby
-              <record>
-              	namespace ${record["objectRef"].nil? ? "none":(record["objectRef"]["namespace"].nil? ?  "none":record["objectRef"]["namespace"])}
-              </record>
-          </filter>
-          
-          <match audit>
-              # route audit according to namespace element in context
-              @type rewrite_tag_filter
-              rewriterule1 namespace ^(.+) ${tag}.$1
-          </match>
-          
-          <filter audit.**>
-          	  @type record_transformer
-          	  remove_keys namespace
-          </filter>
-          
-          <match audit.**>
-              @type forest
-              subtype file
-              remove_prefix audit
-              <template>
-                  time_slice_format %Y%m%d%H
-                  compress gz
-                  path /var/log/audit-${tag}.*.log
-                  format json
-                  include_time_key true
-              </template>
-          </match>
+   ```shell
+   $ cat <<EOF > /etc/fluentd/config
+   # fluentd conf runs in the same host with kube-apiserver
+   <source>
+       @type tail
+       # audit log path of kube-apiserver
+       path /var/log/audit
+       pos_file /var/log/audit.pos
+       format json
+       time_key time
+       time_format %Y-%m-%dT%H:%M:%S.%N%z
+       tag audit
+   </source>
+
+   <filter audit>
+       #https://github.com/fluent/fluent-plugin-rewrite-tag-filter/issues/13
+       type record_transformer
+       enable_ruby
+       <record>
+        namespace ${record["objectRef"].nil? ? "none":(record["objectRef"]["namespace"].nil? ?  "none":record["objectRef"]["namespace"])}
+       </record>
+   </filter>
+
+   <match audit>
+       # route audit according to namespace element in context
+       @type rewrite_tag_filter
+       rewriterule1 namespace ^(.+) ${tag}.$1
+   </match>
+
+   <filter audit.**>
+      @type record_transformer
+      remove_keys namespace
+   </filter>
+
+   <match audit.**>
+       @type forest
+       subtype file
+       remove_prefix audit
+       <template>
+           time_slice_format %Y%m%d%H
+           compress gz
+           path /var/log/audit-${tag}.*.log
+           format json
+           include_time_key true
+       </template>
+   </match>
+   ```
+
 1. start fluentd
 
-          $ fluentd -c /etc/fluentd/config  -vv
+   ```shell
+   $ fluentd -c /etc/fluentd/config  -vv
+   ```
+
 1. start kube-apiserver with the following options:
 
-          --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/kube-audit --audit-log-format=json
+   ```shell
+   --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/kube-audit --audit-log-format=json
+   ```
+
 1. check audits for different namespaces in /var/log/audit-*.log
 
 ### Use logstash to collect and distribute audit events from webhook backend
@@ -171,56 +217,68 @@ different users into different files.
 1. install [logstash][logstash_install_doc]
 1. create config file for logstash
 
-          $ cat <<EOF > /etc/logstash/config
-          input{
-              http{
-                  #TODO, figure out a way to use kubeconfig file to authenticate to logstash
-                  #https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html#plugins-inputs-http-ssl
-                  port=>8888
-              }
-          }
-          filter{
-              split{
-                  # Webhook audit backend sends several events together with EventList
-                  # split each event here.
-                  field=>[items]
-                  # We only need event subelement, remove others.
-                  remove_field=>[headers, metadata, apiVersion, "@timestamp", kind, "@version", host]
-              }
-              mutate{
-                  rename => {items=>event}
-              }
-          }
-          output{
-              file{
-                  # Audit events from different users will be saved into different files.
-                  path=>"/var/log/kube-audit-%{[event][user][username]}/audit"
-              }
-          }
+   ```shell
+   $ cat <<EOF > /etc/logstash/config
+   input{
+       http{
+           #TODO, figure out a way to use kubeconfig file to authenticate to logstash
+           #https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html#plugins-inputs-http-ssl
+           port=>8888
+       }
+   }
+   filter{
+       split{
+           # Webhook audit backend sends several events together with EventList
+           # split each event here.
+           field=>[items]
+           # We only need event subelement, remove others.
+           remove_field=>[headers, metadata, apiVersion, "@timestamp", kind, "@version", host]
+       }
+       mutate{
+           rename => {items=>event}
+       }
+   }
+   output{
+       file{
+           # Audit events from different users will be saved into different files.
+           path=>"/var/log/kube-audit-%{[event][user][username]}/audit"
+       }
+   }
+   ```
+
 1. start logstash
 
-          $ bin/logstash -f /etc/logstash/config --path.settings /etc/logstash/
+   ```shell
+   $ bin/logstash -f /etc/logstash/config --path.settings /etc/logstash/
+   ```
+
 1. create a [kubeconfig file](/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/) for kube-apiserver webhook audit backend
 
-          $ cat <<EOF > /etc/kubernetes/audit-webhook-kubeconfig
-          apiVersion: v1
-          clusters:
-          - cluster:
-              server: http://<ip_of_logstash>:8888
-            name: logstash
-          contexts:
-          - context:
-              cluster: logstash
-              user: ""
-            name: default-context
-          current-context: default-context
-          kind: Config
-          preferences: {}
-          users: []
-          EOF
+   ```shell
+   $ cat <<EOF > /etc/kubernetes/audit-webhook-kubeconfig
+   apiVersion: v1
+   clusters:
+   - cluster:
+       server: http://<ip_of_logstash>:8888
+     name: logstash
+   contexts:
+   - context:
+       cluster: logstash
+       user: ""
+     name: default-context
+   current-context: default-context
+   kind: Config
+   preferences: {}
+   users: []
+   EOF
+   ```
+
 1. start kube-apiserver with the following options:
 
-          --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-webhook-config-file=/etc/kubernetes/audit-webhook-kubeconfig
+   ```shell
+   --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-webhook-config-file=/etc/kubernetes/audit-webhook-kubeconfig
+   ```
+
 1. check audits in logstash node's directories /var/log/kube-audit-*/audit
 
 Note that in addition to file output plugin, logstash has a variety of outputs that
diff --git a/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
index 0a65970345e4f..6fcf333481558 100644
--- a/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
+++ b/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
@@ -11,7 +11,7 @@ Horizontal Pod Autoscaler automatically scales the number of pods
 in a replication controller, deployment or replica set based on observed CPU utilization
 (or, with beta support, on some other, application-provided metrics).
 
-This document walks you through an example of enabling Horizontal Pod Autoscaler for the php-apache server.  For more information on how Horizontal Pod Autoscaler behaves, see the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscaler/).
+This document walks you through an example of enabling Horizontal Pod Autoscaler for the php-apache server.  For more information on how Horizontal Pod Autoscaler behaves, see the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/).
 
 ## Prerequisites
 
@@ -24,7 +24,7 @@ heapster monitoring will be turned-on by default).
 To specify multiple resource metrics for a Horizontal Pod Autoscaler, you must have a Kubernetes cluster
 and kubectl at version 1.6 or later.  Furthermore, in order to make use of custom metrics, your cluster
 must be able to communicate with the API server providing the custom metrics API.
-See the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscaler/#support-for-custom-metrics) for more details.
+See the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics) for more details.
 
 ## Step One: Run & expose php-apache server