fix typos

Author: Takashiidobe

content/en/docs/concepts/cluster-administration/system-metrics.md

@@ -214,7 +214,7 @@ allow-list:
 
 Additionally, the `cardinality_enforcement_unexpected_categorizations_total` meta-metric records the
 count of unexpected categorizations during cardinality enforcement, that is, whenever a label value
-is encountered that is not allowed with respect to the allow-list contraints.
+is encountered that is not allowed with respect to the allow-list constraints.
 
 ## {{% heading "whatsnext" %}}
 

content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md

@@ -114,7 +114,7 @@ The general workflow of a device plugin includes the following steps:
  // informed allocation decision when possible.
  rpc GetPreferredAllocation(PreferredAllocationRequest) returns (PreferredAllocationResponse) {}
 
- // PreStartContainer is called, if indicated by Device Plugin during registeration phase,
+ // PreStartContainer is called, if indicated by Device Plugin during registration phase,
  // before each container start. Device plugin can run device specific operations
  // such as resetting the device before making devices available to the container.
  rpc PreStartContainer(PreStartContainerRequest) returns (PreStartContainerResponse) {}
@@ -346,7 +346,7 @@ update and Kubelet needs to be restarted to reflect the correct resource capacit
 {{< /note >}}
 
 ```gRPC
-// AllocatableResourcesResponses contains informations about all the devices known by the kubelet
+// AllocatableResourcesResponses contains information about all the devices known by the kubelet
 message AllocatableResourcesResponse {
  repeated ContainerDevices devices = 1;
  repeated int64 cpu_ids = 2;

content/en/docs/concepts/policy/_index.md

@@ -64,5 +64,5 @@ Dynamic Admission Controllers that act as flexible policy engines are being deve
 ## Apply policies using Kubelet configurations
 
 Kubernetes allows configuring the Kubelet on each worker node. Some Kubelet configurations act as policies:
-* [Process ID limts and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs.
+* [Process ID limits and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs.
 * [Node Resource Managers](/docs/concepts/policy/node-resource-managers/) can manage compute, memory, and device resources for latency-critical and high-throughput workloads. 

content/en/docs/concepts/security/security-checklist.md

@@ -390,7 +390,7 @@ availability state and recommended to improve your security posture:
 
 [`NodeRestriction`](/docs/reference/access-authn-authz/admission-controllers/#noderestriction)
 : Restricts kubelet's permissions to only modify the pods API resources they own
-or the node API ressource that represent themselves. It also prevents kubelet
+or the node API resource that represent themselves. It also prevents kubelet
 from using the `node-restriction.kubernetes.io/` annotation, which can be used
 by an attacker with access to the kubelet's credentials to influence pod
 placement to the controlled node.

content/en/docs/concepts/services-networking/endpoint-slices.md

@@ -210,7 +210,7 @@ perfectly full distribution of EndpointSlices. As an example, if there are 10
 new endpoints to add and 2 EndpointSlices with room for 5 more endpoints each,
 this approach will create a new EndpointSlice instead of filling up the 2
 existing EndpointSlices. In other words, a single EndpointSlice creation is
-preferrable to multiple EndpointSlice updates.
+preferable to multiple EndpointSlice updates.
 
 With kube-proxy running on each Node and watching EndpointSlices, every change
 to an EndpointSlice becomes relatively expensive since it will be transmitted to

content/en/docs/concepts/workloads/controllers/job.md

@@ -395,7 +395,7 @@ for pod failures independently for each index. To do so, set the
 `.spec.backoffLimitPerIndex` to specify the maximal number of pod failures
 per index.
 
-When the per-index backoff limit is exceeded for an index, Kuberentes considers the index as failed and adds it to the
+When the per-index backoff limit is exceeded for an index, Kubernetes considers the index as failed and adds it to the
 `.status.failedIndexes` field. The succeeded indexes, those with a successfully
 executed pods, are recorded in the `.status.completedIndexes` field, regardless of whether you set
 the `backoffLimitPerIndex` field.
@@ -940,7 +940,7 @@ the Job status, allowing the Pod to be removed by other controllers or users.
 
 {{< note >}}
 See [My pod stays terminating](/docs/tasks/debug/debug-application/debug-pods/) if you
-observe that pods from a Job are stucked with the tracking finalizer.
+observe that pods from a Job are stuck with the tracking finalizer.
 {{< /note >}}
 
 ### Elastic Indexed Jobs

content/en/docs/concepts/workloads/controllers/replicaset.md

@@ -225,7 +225,7 @@ pod1 1/1 Running 0 36s
 pod2 1/1 Running 0 36s
 ```
 
-In this manner, a ReplicaSet can own a non-homogenous set of Pods
+In this manner, a ReplicaSet can own a non-homogeneous set of Pods
 
 ## Writing a ReplicaSet manifest
 

content/en/docs/contribute/style/diagram-guide.md

@@ -624,7 +624,7 @@ caption and the diagram referral.
 flowchart
 A[Diagram<br><br>Inline Mermaid or<br>SVG image files]
 B[Diagram Caption<br><br>Add Figure Number. and<br>Caption Text]
-C[Diagram Referral<br><br>Referenence Figure Number<br>in text]
+C[Diagram Referral<br><br>Reference Figure Number<br>in text]
 
  classDef box fill:#fff,stroke:#000,stroke-width:1px,color:#000;
  class A,B,C box

content/en/docs/reference/access-authn-authz/certificate-signing-requests.md

@@ -438,7 +438,7 @@ controller in the cluster, so they have several security features:
  `<signerNameDomain>/*`.
 * Signer-linked ClusterTrustBundles **must** be named with a prefix derived from
  their `spec.signerName` field. Slashes (`/`) are replaced with colons (`:`),
- and a final colon is appended. This is followed by an arbitary name. For
+ and a final colon is appended. This is followed by an arbitrary name. For
  example, the signer `example.com/mysigner` can be linked to a
  ClusterTrustBundle `example.com:mysigner:<arbitrary-name>`.
 

content/en/docs/reference/access-authn-authz/service-accounts-admin.md

@@ -166,7 +166,7 @@ purged by the control plane.
 If users use an invalidated auto-generated token, the token validator will
 
 1. add an audit annotation for the key-value pair
- `authentication.k8s.io/legacy-token-invalidated: <secret name>/<namepace>`,
+ `authentication.k8s.io/legacy-token-invalidated: <secret name>/<namespace>`,
 1. increment the `invalid_legacy_auto_token_uses_total` metric count,
 1. update the Secret label `kubernetes.io/legacy-token-last-used` with the new
  date,