diff --git a/content/hi/docs/tutorials/services/_index.md b/content/hi/docs/tutorials/services/_index.md
new file mode 100644
index 0000000000000..cd4811ccb8220
--- /dev/null
+++ b/content/hi/docs/tutorials/services/_index.md
@@ -0,0 +1,5 @@
+---
+title: सर्विसेज
+weight: 70
+---
+
diff --git a/content/hi/docs/tutorials/services/connect-applications-service.md b/content/hi/docs/tutorials/services/connect-applications-service.md
new file mode 100644
index 0000000000000..11772f7f6dc7a
--- /dev/null
+++ b/content/hi/docs/tutorials/services/connect-applications-service.md
@@ -0,0 +1,461 @@
+---
+title: एप्लिकेशन को सेवाओं से जोड़ें
+content_type: tutorial
+weight: 20
+---
+
+
+<!-- overview -->
+
+## कंटेनरों को जोड़ने के लिए कुबेरनेट्स मॉडल
+
+अब चूंकि आपके पास लगातार चलने वाला, रेप्लिकेटेड एप्लीकेशन है, तो आप इसे नेटवर्क पर प्रदर्शित कर सकते हैं।
+
+Kubernetes मानता है कि पॉड अन्य पॉड के साथ संवाद कर सकते हैं, चाहे वे किसी भी होस्ट पर उतरें।
+Kubernetes हर पॉड को अपना क्लस्टर-निजी IP पता देता है, इसलिए आपको पॉड के बीच स्पष्ट रूप से लिंक बनाने या कंटेनर पोर्ट को होस्ट पोर्ट पर मैप करने की आवश्यकता नहीं है। इसका मतलब है कि पॉड के भीतर सभी कंटेनर लोकलहोस्ट पर एक-दूसरे के पोर्ट तक पहुँच सकते हैं, और क्लस्टर में सभी पॉड NAT के बिना एक-दूसरे को देख सकते हैं। इस दस्तावेज़ का बाकी हिस्सा इस बात पर विस्तार से बताता है कि आप इस तरह के नेटवर्किंग मॉडल पर विश्वसनीय सेवाएँ कैसे चला सकते हैं।
+
+यह ट्यूटोरियल अवधारणा को प्रदर्शित करने के लिए एक सरल nginx वेब सर्वर का उपयोग करता है।
+
+<!-- body -->
+
+## पॉड्स को क्लस्टर के सामने लाना
+
+हमने पिछले उदाहरण में ऐसा किया था, लेकिन आइए इसे एक बार फिर से करें और नेटवर्किंग परिप्रेक्ष्य पर ध्यान केंद्रित करें।
+एक nginx पॉड बनाएँ, और ध्यान दें कि इसमें एक कंटेनर पोर्ट विनिर्देश है:
+
+{{% code_sample file="service/networking/run-my-nginx.yaml" %}}
+
+इससे यह आपके क्लस्टर के किसी भी नोड से एक्सेस करने योग्य हो जाता है। पॉड जिस नोड पर चल रहा है, उसे जांचें:
+
+```shell
+kubectl apply -f ./run-my-nginx.yaml
+kubectl get pods -l run=my-nginx -o wide
+```
+```
+NAME                        READY     STATUS    RESTARTS   AGE       IP            NODE
+my-nginx-3800858182-jr4a2   1/1       Running   0          13s       10.244.3.4    kubernetes-minion-905m
+my-nginx-3800858182-kna2y   1/1       Running   0          13s       10.244.2.5    kubernetes-minion-ljyd
+```
+
+अपने पॉड्स के IP की जाँच करें:
+
+```shell
+kubectl get pods -l run=my-nginx -o custom-columns=POD_IP:.status.podIPs
+    POD_IP
+    [map[ip:10.244.3.4]]
+    [map[ip:10.244.2.5]]
+```
+
+आपको अपने क्लस्टर में किसी भी नोड में ssh करने में सक्षम होना चाहिए और दोनों IP के विरुद्ध क्वेरी बनाने के लिए `curl` जैसे टूल का उपयोग करना चाहिए। ध्यान दें कि कंटेनर नोड पर पोर्ट 80 का उपयोग नहीं कर रहे हैं, न ही ट्रैफ़िक को पॉड में रूट करने के लिए कोई विशेष NAT नियम हैं। इसका मतलब है कि आप एक ही नोड पर एक ही `containerPort` का उपयोग करके कई nginx पॉड चला सकते हैं, और पॉड के लिए निर्दिष्ट IP पते का उपयोग करके अपने क्लस्टर में किसी भी अन्य पॉड या नोड से उन्हें एक्सेस कर सकते हैं। यदि आप होस्ट नोड पर किसी विशिष्ट पोर्ट को बैकिंग पॉड्स पर अग्रेषित करने की व्यवस्था करना चाहते हैं, तो आप कर सकते हैं - लेकिन नेटवर्किंग मॉडल का मतलब यह होना चाहिए कि आपको ऐसा करने की आवश्यकता नहीं है।
+
+यदि आप उत्सुक हैं तो आप [कुबेरनेट्स नेटवर्किंग](/docs/concepts/cluster-administration/networking/#the-kubernetes-network-model) मॉडल के बारे में अधिक पढ़ सकते हैं।
+
+## सेवा बनाना
+
+तो हमारे पास फ्लैट, क्लस्टर वाइड, एड्रेस स्पेस में nginx चलाने वाले पॉड्स हैं। सिद्धांत रूप में, आप इन पॉड्स से सीधे बात कर सकते हैं, लेकिन जब कोई नोड समाप्त हो जाता है तो क्या होता है? पॉड्स इसके साथ समाप्त हो जाते हैं, और डिप्लॉयमेंट के अंदर रेप्लिकासेट अलग-अलग आईपी के साथ नए पॉड्स बनाएगा। यह वह समस्या है जिसे सर्विस हल करती है।
+
+कुबेरनेट्स सेवा एक अमूर्तता है जो आपके क्लस्टर में कहीं चल रहे पॉड्स के तार्किक सेट को परिभाषित करती है, जो सभी एक ही कार्यक्षमता प्रदान करते हैं। बनाए जाने पर, प्रत्येक सेवा को एक अद्वितीय IP पता (जिसे क्लस्टरIP भी कहा जाता है) सौंपा जाता है। यह पता सेवा के जीवनकाल से जुड़ा होता है, और सेवा के जीवित रहने के दौरान इसमें कोई बदलाव नहीं होगा। पॉड्स को सेवा से बात करने के लिए कॉन्फ़िगर किया जा सकता है, और यह जान सकते हैं कि सेवा के लिए संचार स्वचालित रूप से कुछ पॉड पर लोड-बैलेंस हो जाएगा जो सेवा का सदस्य है।
+
+आप `kubectl expose` के साथ अपने 2 nginx प्रतिकृतियों के लिए एक सेवा बना सकते हैं:
+
+```shell
+kubectl expose deployment/my-nginx
+```
+```
+service/my-nginx exposed
+```
+
+यह निम्न yaml `kubectl apply -f` के समतुल्य है:
+
+{{% code_sample file="service/networking/nginx-svc.yaml" %}}
+
+यह विनिर्देश एक ऐसी सेवा बनाएगा जो `run: my-nginx` लेबल वाले किसी भी पॉड पर TCP पोर्ट 80 को लक्षित करेगी, और इसे एक अमूर्त सेवा पोर्ट पर प्रदर्शित करेगी। (`targetPort`: वह पोर्ट है जिस पर कंटेनर ट्रैफ़िक स्वीकार करता है, `port`: अमूर्त सेवा पोर्ट है, जो कोई भी पोर्ट हो सकता है जिसका उपयोग अन्य पॉड सेवा तक पहुंचने के लिए करते हैं)।
+
+सेवा परिभाषा में समर्थित फ़ील्ड की सूची देखने के लिए [ServiceAPI](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#service-v1-core) ऑब्जेक्ट देखें।
+
+अपनी सेवा जांचें:
+
+```shell89          
+kubectl get svc my-nginx
+```
+```
+NAME       TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
+my-nginx   ClusterIP   10.0.162.149   <none>        80/TCP    21s
+```
+
+जैसा कि पहले बताया गया है, एक सेवा पॉड्स के एक समूह द्वारा समर्थित होती है। ये पॉड्स 
+{{<glossary_tooltip term_id="endpoint-slice" text="एंडपॉइंट-स्लाइस">}} के माध्यम से उजागर होते हैं।
+सेवा के चयनकर्ता का लगातार मूल्यांकन किया जाएगा और परिणाम एक एंडपॉइंटस्लाइस पर पोस्ट किए जाएंगे जो {{< glossary_tooltip term_id="label" text="लेबल">}} का उपयोग करके सेवा से जुड़ा हुआ है।
+जब कोई पॉड समाप्त हो जाता है, तो उसे स्वचालित रूप से एंडपॉइंटस्लाइस से हटा दिया जाता है जिसमें इसे एंडपॉइंट के रूप में शामिल किया जाता है। सेवा के चयनकर्ता से मेल खाने वाले नए पॉड स्वचालित रूप से उस सेवा के लिए एंडपॉइंटस्लाइस में जुड़ जाएंगे।
+
+एंडपॉइंट की जाँच करें, और ध्यान दें कि आईपी पहले वेरिएबलरण में बनाए गए पॉड के समान हैं:
+
+```shell
+kubectl describe svc my-nginx
+```
+```
+Name:                my-nginx
+Namespace:           default
+Labels:              run=my-nginx
+Annotations:         <none>
+Selector:            run=my-nginx
+Type:                ClusterIP
+IP Family Policy:    SingleStack
+IP Families:         IPv4
+IP:                  10.0.162.149
+IPs:                 10.0.162.149
+Port:                <unset> 80/TCP
+TargetPort:          80/TCP
+Endpoints:           10.244.2.5:80,10.244.3.4:80
+Session Affinity:    None
+Events:              <none>
+```
+```shell
+kubectl get endpointslices -l kubernetes.io/service-name=my-nginx
+```
+```
+NAME             ADDRESSTYPE   PORTS   ENDPOINTS               AGE
+my-nginx-7vzhx   IPv4          80      10.244.2.5,10.244.3.4   21s
+```
+
+अब आप अपने क्लस्टर में किसी भी नोड से `<CLUSTER-IP>:<PORT>` पर nginx सेवा को कर्ल करने में सक्षम होंगे। 
+ध्यान दें कि सेवा IP पूरी तरह से वर्चुअल है, यह कभी भी वायर से नहीं टकराती है। यदि आप इस बारे में उत्सुक हैं कि यह कैसे 
+काम करता है तो आप [सेवा प्रॉक्सी](/docs/reference/networking/virtual-ips/) के बारे में अधिक पढ़ सकते हैं।
+
+
+## सेवा तक पहुँचना
+
+Kubernetes सर्विस खोजने के 2 प्राथमिक तरीकों का समर्थन करता है - पर्यावरण वेरिएबल और DNS। पहला तरीका बिना किसी 
+परेशानी के काम करता है जबकि दूसरे के लिए [CoreDNS]((https://releases.k8s.io/v{{< skew currentPatchVersion >}}/cluster/addons/dns/coredns)) क्लस्टर ऐडऑन की आवश्यकता होती है।
+
+{{< note >}}
+यदि सेवा परिवेश वेरिएबल वांछित नहीं हैं (अपेक्षित प्रोग्राम वेरिएबलरों के साथ संभावित टकराव, प्रक्रिया के लिए बहुत अधिक वेरिएबल, केवल DNS का उपयोग, आदि के कारण) तो आप [पॉड स्पेक](/docs/reference/generated/kubernetes-api/v{{< skew latestVersion >}}/#pod-v1-core) पर `enableServiceLinks` ध्वज को `false` पर सेट करके इस मोड को अक्षम कर सकते हैं।
+{{< /note >}}
+
+
+### पर्यावरण वेरिएबल
+
+जब कोई पॉड किसी नोड पर चलता है, तो क्यूबलेट प्रत्येक सक्रिय सेवा के लिए पर्यावरण वेरिएबल का एक सेट जोड़ता है। यह एक क्रम समस्या का परिचय देता है। इसका कारण जानने के लिए, अपने चल रहे nginx पॉड्स के पर्यावरण का निरीक्षण करें (आपका पॉड नाम अलग होगा):
+
+```shell
+kubectl exec my-nginx-3800858182-jr4a2 -- printenv | grep SERVICE
+```
+```
+KUBERNETES_SERVICE_HOST=10.0.0.1
+KUBERNETES_SERVICE_PORT=443
+KUBERNETES_SERVICE_PORT_HTTPS=443
+```
+
+ध्यान दें कि आपकी सेवा का कोई उल्लेख नहीं है। ऐसा इसलिए है क्योंकि आपने सेवा से पहले प्रतिकृतियां बनाई हैं। ऐसा करने का एक और नुकसान यह है कि शेड्यूलर दोनों पॉड को एक ही मशीन पर रख सकता है, जो आपकी पूरी सेवा को बंद कर देगा यदि यह समाप्त हो जाती है। हम 2 पॉड को समाप्त कर और उन्हें फिर से बनाने के लिए परिनियोजन की प्रतीक्षा करके इसे सही तरीके से कर सकते हैं। इस बार सेवा प्रतिकृतियों से *पहले* मौजूद है। यह आपको अपने पॉड के शेड्यूलर-स्तर की सेवा प्रसार देगा (बशर्ते आपके सभी नोड्स की क्षमता समान हो), साथ ही साथ सही पर्यावरण वेरिएबल:
+
+```shell
+kubectl scale deployment my-nginx --replicas=0; kubectl scale deployment my-nginx --replicas=2;
+
+kubectl get pods -l run=my-nginx -o wide
+```
+```
+NAME                        READY     STATUS    RESTARTS   AGE     IP            NODE
+my-nginx-3800858182-e9ihh   1/1       Running   0          5s      10.244.2.7    kubernetes-minion-ljyd
+my-nginx-3800858182-j4rm4   1/1       Running   0          5s      10.244.3.8    kubernetes-minion-905m
+```
+
+आप देखेंगे कि पॉड्स के अलग-अलग नाम हैं, क्योंकि उन्हें समाप्त कर दिया जाता है और फिर से बनाया जाता है।
+
+```shell
+kubectl exec my-nginx-3800858182-e9ihh -- printenv | grep SERVICE
+```
+```
+KUBERNETES_SERVICE_PORT=443
+MY_NGINX_SERVICE_HOST=10.0.162.149
+KUBERNETES_SERVICE_HOST=10.0.0.1
+MY_NGINX_SERVICE_PORT=80
+KUBERNETES_SERVICE_PORT_HTTPS=443
+```
+
+### डीएनएस
+
+Kubernetes एक DNS क्लस्टर ऐडऑन सेवा प्रदान करता है जो स्वचालित रूप से अन्य सेवाओं को DNS नाम प्रदान करता है। आप जाँच सकते हैं कि यह आपके क्लस्टर पर चल रहा है या नहीं:
+
+```shell
+kubectl get services kube-dns --namespace=kube-system
+```
+```
+NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
+kube-dns   ClusterIP   10.0.0.10    <none>        53/UDP,53/TCP   8m
+```
+
+इस खंड का बाकी हिस्सा यह मान लेगा कि आपके पास एक लंबे समय तक चलने वाली IP सेवा (my-nginx) है, 
+और एक DNS सर्वर है जिसने उस IP को एक नाम दिया है। यहाँ हम CoreDNS क्लस्टर ऐडऑन (एप्लिकेशन नाम `kube-dns`) 
+का उपयोग करते हैं, ताकि आप मानक विधियों (जैसे `gethostbyname()`) का उपयोग करके अपने क्लस्टर में किसी भी पॉड से सेवा 
+से बात कर सकें।
+यदि CoreDNS नहीं चल रहा है, तो आप इसे [CoreDNS README](https://github.com/coredns/deployment/tree/master/kubernetes) 
+या [CoreDNS इंस्टॉल](/docs/tasks/administer-cluster/coredns/#installing-coredns) करने का संदर्भ देकर सक्षम कर सकते हैं।
+
+```shell
+kubectl run curl --image=radial/busyboxplus:curl -i --tty --rm
+```
+```
+Waiting for pod default/curl-131556218-9fnch to be running, status is Pending, pod ready: false
+Hit enter for command prompt
+```
+
+फिर, एंटर दबाएं और `nslookup my-nginx` चलाएं:
+
+```shell
+[ root@curl-131556218-9fnch:/ ]$ nslookup my-nginx
+Server:    10.0.0.10
+Address 1: 10.0.0.10
+
+Name:      my-nginx
+Address 1: 10.0.162.149
+```
+
+## सेवा को सुरक्षित करना
+
+अब तक हमने क्लस्टर के भीतर से ही nginx सर्वर को एक्सेस किया है। सेवा को इंटरनेट पर दिखाने से पहले, आप यह सुनिश्चित करना चाहते हैं कि संचार चैनल सुरक्षित है। इसके लिए, आपको निम्न की आवश्यकता होगी:
+
+* https के लिए स्व-हस्ताक्षरित प्रमाणपत्र (जब तक कि आपके पास पहले से कोई पहचान प्रमाणपत्र न हो)
+* प्रमाणपत्रों का उपयोग करने के लिए कॉन्फ़िगर किया गया एक nginx सर्वर
+* एक [सीक्रेट](/docs/concepts/configuration/secret/) जो प्रमाणपत्रों को पॉड्स के लिए सुलभ बनाता है
+
+आप ये सब [nginx https उदाहरण](https://github.com/kubernetes/examples/tree/master/staging/https-nginx/) 
+से प्राप्त कर सकते हैं।
+इसके लिए go and make tools इंस्टॉल करना आवश्यक है। यदि आप उन्हें इंस्टॉल नहीं करना चाहते हैं, तो बाद में मैन्युअल चरणों का पालन करें। संक्षेप में:
+
+```shell
+make keys KEY=/tmp/nginx.key CERT=/tmp/nginx.crt
+kubectl create secret tls nginxsecret --key /tmp/nginx.key --cert /tmp/nginx.crt
+```
+```
+secret/nginxsecret created
+```
+```shell
+kubectl get secrets
+```
+```
+NAME                  TYPE                                  DATA      AGE
+nginxsecret           kubernetes.io/tls                     2         1m
+```
+और कॉन्फ़िगरेशन मैप भी:
+```shell
+kubectl create configmap nginxconfigmap --from-file=default.conf
+```
+
+आप [Kubernetes उदाहरण प्रोजेक्ट रेपो](https://github.com/kubernetes/examples/tree/bc9ca4ca32bb28762ef216386934bef20f1f9930/staging/https-nginx/) में `default.conf` के लिए उदाहरण पा सकते हैं।
+
+```
+configmap/nginxconfigmap created
+```
+```shell
+kubectl get configmaps
+```
+```
+NAME             DATA   AGE
+nginxconfigmap   1      114s
+```
+
+आप निम्न कमांड का उपयोग करके `nginxconfigmap` ConfigMap का विवरण देख सकते हैं:
+
+```shell
+kubectl describe configmap  nginxconfigmap
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```console
+Name:         nginxconfigmap
+Namespace:    default
+Labels:       <none>
+Annotations:  <none>
+
+Data
+====
+default.conf:
+----
+server {
+        listen 80 default_server;
+        listen [::]:80 default_server ipv6only=on;
+
+        listen 443 ssl;
+
+        root /usr/share/nginx/html;
+        index index.html;
+
+        server_name localhost;
+        ssl_certificate /etc/nginx/ssl/tls.crt;
+        ssl_certificate_key /etc/nginx/ssl/tls.key;
+
+        location / {
+                try_files $uri $uri/ =404;
+        }
+}
+
+BinaryData
+====
+
+Events:  <none>
+```
+
+यदि आपको make चलाने में समस्या आती है (उदाहरण के लिए विंडोज़ पर) तो निम्नलिखित मैनुअल चरणों का पालन करें:
+
+```shell
+# Create a public private key pair
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /d/tmp/nginx.key -out /d/tmp/nginx.crt -subj "/CN=my-nginx/O=my-nginx"
+# Convert the keys to base64 encoding
+cat /d/tmp/nginx.crt | base64
+cat /d/tmp/nginx.key | base64
+```
+ 
+पिछले आदेशों से आउटपुट का उपयोग करके yaml फ़ाइल बनाएँ, जैसा कि नीचे दिया गया है।
+base64 एन्कोडेड मान सभी एक ही पंक्ति में होने चाहिए।
+
+```yaml
+apiVersion: "v1"
+kind: "Secret"
+metadata:
+  name: "nginxsecret"
+  namespace: "default"
+type: kubernetes.io/tls
+data:
+  tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ1l4RVRBUEJnTlYKQkFNVENHNW5hVzU0YzNaak1SRXdEd1lEVlFRS0V3aHVaMmx1ZUhOMll6QWVGdzB4TnpFd01qWXdOekEzTVRKYQpGdzB4T0RFd01qWXdOekEzTVRKYU1DWXhFVEFQQmdOVkJBTVRDRzVuYVc1NGMzWmpNUkV3RHdZRFZRUUtFd2h1CloybHVlSE4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjFxSU1SOVdWM0IKMlZIQlRMRmtobDRONXljMEJxYUhIQktMSnJMcy8vdzZhU3hRS29GbHlJSU94NGUrMlN5ajBFcndCLzlYTnBwbQppeW1CL3JkRldkOXg5UWhBQUxCZkVaTmNiV3NsTVFVcnhBZW50VWt1dk1vLzgvMHRpbGhjc3paenJEYVJ4NEo5Ci82UVRtVVI3a0ZTWUpOWTVQZkR3cGc3dlVvaDZmZ1Voam92VG42eHNVR0M2QURVODBpNXFlZWhNeVI1N2lmU2YKNHZpaXdIY3hnL3lZR1JBRS9mRTRqakxCdmdONjc2SU90S01rZXV3R0ljNDFhd05tNnNTSzRqYUNGeGpYSnZaZQp2by9kTlEybHhHWCtKT2l3SEhXbXNhdGp4WTRaNVk3R1ZoK0QrWnYvcW1mMFgvbVY0Rmo1NzV3ajFMWVBocWtsCmdhSXZYRyt4U1FVQ0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjcKTUI4R0ExVWRJd1FZTUJhQUZPNG9OWkI3YXc1OUlsYkROMzhIYkduYnhFVjdNQXdHQTFVZEV3UUZNQU1CQWY4dwpEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRVhTMW9FU0lFaXdyMDhWcVA0K2NwTHI3TW5FMTducDBvMm14alFvCjRGb0RvRjdRZnZqeE04Tzd2TjB0clcxb2pGSW0vWDE4ZnZaL3k4ZzVaWG40Vm8zc3hKVmRBcStNZC9jTStzUGEKNmJjTkNUekZqeFpUV0UrKzE5NS9zb2dmOUZ3VDVDK3U2Q3B5N0M3MTZvUXRUakViV05VdEt4cXI0Nk1OZWNCMApwRFhWZmdWQTRadkR4NFo3S2RiZDY5eXM3OVFHYmg5ZW1PZ05NZFlsSUswSGt0ejF5WU4vbVpmK3FqTkJqbWZjCkNnMnlwbGQ0Wi8rUUNQZjl3SkoybFIrY2FnT0R4elBWcGxNSEcybzgvTHFDdnh6elZPUDUxeXdLZEtxaUMwSVEKQ0I5T2wwWW5scE9UNEh1b2hSUzBPOStlMm9KdFZsNUIyczRpbDlhZ3RTVXFxUlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+  tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2RhaURFZlZsZHdkbFIKd1V5eFpJWmVEZWNuTkFhbWh4d1NpeWF5N1AvOE9ta3NVQ3FCWmNpQ0RzZUh2dGtzbzlCSzhBZi9WemFhWm9zcApnZjYzUlZuZmNmVUlRQUN3WHhHVFhHMXJKVEVGSzhRSHA3VkpMcnpLUC9QOUxZcFlYTE0yYzZ3MmtjZUNmZitrCkU1bEVlNUJVbUNUV09UM3c4S1lPNzFLSWVuNEZJWTZMMDUrc2JGQmd1Z0ExUE5JdWFubm9UTWtlZTRuMG4rTDQKb3NCM01ZUDhtQmtRQlAzeE9JNHl3YjREZXUraURyU2pKSHJzQmlIT05Xc0RadXJFaXVJMmdoY1kxeWIyWHI2UAozVFVOcGNSbC9pVG9zQngxcHJHclk4V09HZVdPeGxZZmcvbWIvNnBuOUYvNWxlQlkrZStjSTlTMkQ0YXBKWUdpCkwxeHZzVWtGQWdNQkFBRUNnZ0VBZFhCK0xkbk8ySElOTGo5bWRsb25IUGlHWWVzZ294RGQwci9hQ1Zkank4dlEKTjIwL3FQWkUxek1yall6Ry9kVGhTMmMwc0QxaTBXSjdwR1lGb0xtdXlWTjltY0FXUTM5SjM0VHZaU2FFSWZWNgo5TE1jUHhNTmFsNjRLMFRVbUFQZytGam9QSFlhUUxLOERLOUtnNXNrSE5pOWNzMlY5ckd6VWlVZWtBL0RBUlBTClI3L2ZjUFBacDRuRWVBZmI3WTk1R1llb1p5V21SU3VKdlNyblBESGtUdW1vVlVWdkxMRHRzaG9reUxiTWVtN3oKMmJzVmpwSW1GTHJqbGtmQXlpNHg0WjJrV3YyMFRrdWtsZU1jaVlMbjk4QWxiRi9DSmRLM3QraTRoMTVlR2ZQegpoTnh3bk9QdlVTaDR2Q0o3c2Q5TmtEUGJvS2JneVVHOXBYamZhRGR2UVFLQmdRRFFLM01nUkhkQ1pKNVFqZWFKClFGdXF4cHdnNzhZTjQyL1NwenlUYmtGcVFoQWtyczJxWGx1MDZBRzhrZzIzQkswaHkzaE9zSGgxcXRVK3NHZVAKOWRERHBsUWV0ODZsY2FlR3hoc0V0L1R6cEdtNGFKSm5oNzVVaTVGZk9QTDhPTm1FZ3MxMVRhUldhNzZxelRyMgphRlpjQ2pWV1g0YnRSTHVwSkgrMjZnY0FhUUtCZ1FEQmxVSUUzTnNVOFBBZEYvL25sQVB5VWs1T3lDdWc3dmVyClUycXlrdXFzYnBkSi9hODViT1JhM05IVmpVM25uRGpHVHBWaE9JeXg5TEFrc2RwZEFjVmxvcG9HODhXYk9lMTAKMUdqbnkySmdDK3JVWUZiRGtpUGx1K09IYnRnOXFYcGJMSHBzUVpsMGhucDBYSFNYVm9CMUliQndnMGEyOFVadApCbFBtWmc2d1BRS0JnRHVIUVV2SDZHYTNDVUsxNFdmOFhIcFFnMU16M2VvWTBPQm5iSDRvZUZKZmcraEppSXlnCm9RN3hqWldVR3BIc3AyblRtcHErQWlSNzdyRVhsdlhtOElVU2FsbkNiRGlKY01Pc29RdFBZNS9NczJMRm5LQTQKaENmL0pWb2FtZm1nZEN0ZGtFMXNINE9MR2lJVHdEbTRpb0dWZGIwMllnbzFyb2htNUpLMUI3MkpBb0dBUW01UQpHNDhXOTVhL0w1eSt5dCsyZ3YvUHM2VnBvMjZlTzRNQ3lJazJVem9ZWE9IYnNkODJkaC8xT2sybGdHZlI2K3VuCnc1YytZUXRSTHlhQmd3MUtpbGhFZDBKTWU3cGpUSVpnQWJ0LzVPbnlDak9OVXN2aDJjS2lrQ1Z2dTZsZlBjNkQKckliT2ZIaHhxV0RZK2Q1TGN1YSt2NzJ0RkxhenJsSlBsRzlOZHhrQ2dZRUF5elIzT3UyMDNRVVV6bUlCRkwzZAp4Wm5XZ0JLSEo3TnNxcGFWb2RjL0d5aGVycjFDZzE2MmJaSjJDV2RsZkI0VEdtUjZZdmxTZEFOOFRwUWhFbUtKCnFBLzVzdHdxNWd0WGVLOVJmMWxXK29xNThRNTBxMmk1NVdUTThoSDZhTjlaMTltZ0FGdE5VdGNqQUx2dFYxdEYKWSs4WFJkSHJaRnBIWll2NWkwVW1VbGc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
+```
+अब निम्न फ़ाइल का उपयोग करके सीक्रेट्स बनाएं:
+
+```shell
+kubectl apply -f nginxsecrets.yaml
+kubectl get secrets
+```
+```
+NAME                  TYPE                                  DATA      AGE
+nginxsecret           kubernetes.io/tls                     2         1m
+```
+
+अब अपने nginx प्रतिकृतियों को संशोधित करें ताकि सीक्रेट् मे प्रमाण पत्र और सेवा का उपयोग करके एक https सर्वर शुरू किया जा सके, ताकि दोनों पोर्ट (80 और 443) उजागर हो सकें:
+
+{{% code_sample file="service/networking/nginx-secure-app.yaml" %}}
+
+Nginx-secure-app मैनिफ़ेस्ट के बारे में उल्लेखनीय बातें:
+
+- इसमें एक ही फ़ाइल में डिप्लॉयमेंट और सेवा विनिर्देश दोनों शामिल हैं।
+- [nginx सर्वर](https://github.com/kubernetes/examples/tree/master/staging/https-nginx/default.conf) 
+पोर्ट 80 पर HTTP ट्रैफ़िक और 443 पर HTTPS ट्रैफ़िक प्रदान करता है, और nginx सेवा दोनों पोर्ट को उजागर करती है।
+- प्रत्येक कंटेनर को `/etc/nginx/ssl` पर माउंट किए गए वॉल्यूम के माध्यम से कुंजियों तक पहुंच प्राप्त होती है। इसे nginx सर्वर शुरू  होने से पहले सेट किया जाता है।
+
+```shell
+kubectl delete deployments,svc my-nginx; kubectl create -f ./nginx-secure-app.yaml
+```
+
+इस बिंदु पर आप किसी भी नोड से nginx सर्वर तक पहुंच सकते हैं।
+
+```shell
+kubectl get pods -l run=my-nginx -o custom-columns=POD_IP:.status.podIPs
+    POD_IP
+    [map[ip:10.244.3.5]]
+```
+
+```shell
+node $ curl -k https://10.244.3.5
+...
+<h1>Welcome to nginx!</h1>
+```
+
+ध्यान दें कि हमने अंतिम चरण में कर्ल को `-k` पैरामीटर कैसे दिया, ऐसा इसलिए है क्योंकि हम प्रमाणपत्र निर्माण के समय nginx चलाने वाले पॉड्स के बारे में कुछ नहीं जानते हैं, इसलिए हमें कर्ल को CName बेमेल को अनदेखा करने के लिए कहना होगा। एक सेवा बनाकर हमने प्रमाणपत्र में उपयोग किए गए CName को सेवा लुकअप के दौरान पॉड्स द्वारा उपयोग किए जाने वाले वास्तविक DNS नाम से जोड़ा। आइए इसे पॉड से परखें (सरलता के लिए उसी सीक्रेट का पुनः उपयोग किया जा रहा है, पॉड को सेवा तक पहुँचने के लिए केवल nginx.crt की आवश्यकता है):
+
+{{% code_sample file="service/networking/curlpod.yaml" %}}
+
+```shell
+kubectl apply -f ./curlpod.yaml
+kubectl get pods -l app=curlpod
+```
+```
+NAME                               READY     STATUS    RESTARTS   AGE
+curl-deployment-1515033274-1410r   1/1       Running   0          1m
+```
+```shell
+kubectl exec curl-deployment-1515033274-1410r -- curl https://my-nginx --cacert /etc/nginx/ssl/tls.crt
+...
+<title>Welcome to nginx!</title>
+...
+```
+
+## सेवा को उजागर करना
+
+अपने अनुप्रयोगों के कुछ हिस्सों के लिए आप किसी बाहरी IP पते पर सेवा प्रदर्शित करना चाह सकते हैं। 
+Kubernetes ऐसा करने के दो तरीकों का समर्थन करता है: NodePorts और LoadBalancers। पिछले अनुभाग में 
+बनाई गई सेवा पहले से ही `NodePort` का उपयोग करती है, इसलिए यदि आपके नोड में सार्वजनिक IP है, तो 
+आपका nginx HTTPS प्रतिकृति इंटरनेट पर ट्रैफ़िक की सेवा के लिए तैयार है।
+
+```shell
+kubectl get svc my-nginx -o yaml | grep nodePort -C 5
+  uid: 07191fb3-f61a-11e5-8ae5-42010af00002
+spec:
+  clusterIP: 10.0.162.149
+  ports:
+  - name: http
+    nodePort: 31704
+    port: 8080
+    protocol: TCP
+    targetPort: 80
+  - name: https
+    nodePort: 32453
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    run: my-nginx
+```
+```shell
+kubectl get nodes -o yaml | grep ExternalIP -C 1
+    - address: 104.197.41.11
+      type: ExternalIP
+    allocatable:
+--
+    - address: 23.251.152.56
+      type: ExternalIP
+    allocatable:
+...
+
+$ curl https://<EXTERNAL-IP>:<NODE-PORT> -k
+...
+<h1>Welcome to nginx!</h1>
+```
+
+आइए अब क्लाउड लोड बैलेंसर का उपयोग करने के लिए सेवा को फिर से बनाएँ। 
+`my-nginx` सेवा के `Type` को `NodePort` से `LoadBalancer` में बदलें:
+
+```shell
+kubectl edit svc my-nginx
+kubectl get svc my-nginx
+```
+```
+NAME       TYPE           CLUSTER-IP     EXTERNAL-IP        PORT(S)               AGE
+my-nginx   LoadBalancer   10.0.162.149     xx.xxx.xxx.xxx     8080:30163/TCP        21s
+```
+```
+curl https://<EXTERNAL-IP> -k
+...
+<title>Welcome to nginx!</title>
+```
+
+`EXTERNAL-IP` कॉलम में IP पता वह है जो सार्वजनिक इंटरनेट पर उपलब्ध है।
+
+`CLUSTER-IP` केवल आपके क्लस्टर/निजी क्लाउड नेटवर्क के अंदर उपलब्ध है।
+
+ध्यान दें कि AWS पर, `LoadBalancer` टाइप करने पर एक ELB बनता है, जो IP का नहीं, बल्कि एक (लंबे) होस्टनाम का उपयोग करता है। यह मानक `kubectl get svc` आउटपुट में फ़िट होने के लिए बहुत लंबा है, इसलिए आपको इसे देखने के लिए `kubectl description service my-nginx` करना होगा। आपको कुछ इस तरह दिखाई देगा:
+
+```shell
+kubectl describe service my-nginx
+...
+LoadBalancer Ingress:   a320587ffd19711e5a37606cf4a74574-1142138393.us-east-1.elb.amazonaws.com
+...
+```
+
+
+
+## {{% heading "whatsnext" %}}
+
+
+* [क्लस्टर में किसी एप्लिकेशन तक पहुंचने के लिए सेवा का उपयोग](/docs/tasks/access-application-cluster/service-access-application-cluster/) के बारे में अधिक जानें
+* [सेवा का उपयोग करके फ्रंट एंड को बैक एंड से कनेक्ट करने](/docs/tasks/access-application-cluster/connecting-frontend-backend/) के बारे में अधिक जानें
+* [बाहरी लोड बैलेंसर बनाने](/docs/tasks/access-application-cluster/create-external-load-balancer/) के बारे में अधिक जानें
diff --git a/content/hi/docs/tutorials/services/pods-and-endpoint-termination-flow.md b/content/hi/docs/tutorials/services/pods-and-endpoint-termination-flow.md
new file mode 100644
index 0000000000000..b2bee28862ba6
--- /dev/null
+++ b/content/hi/docs/tutorials/services/pods-and-endpoint-termination-flow.md
@@ -0,0 +1,166 @@
+---
+title: पॉड्स और उनके एंडपॉइंट्स के लिए समाप्ति व्यवहार का अन्वेषण करें
+content_type: tutorial
+weight: 60
+---
+
+
+<!-- overview -->
+
+एक बार जब आप अपने एप्लिकेशन को सेवा से कनेक्ट कर लेते हैं, तो [एप्लिकेशन को सेवाओं से कनेक्ट करना](/hi/docs/tutorials/services/connect-applications-service/) में बताए गए चरणों का पालन करते हुए, आपके पास एक निरंतर चलने वाला, प्रतिकृति एप्लिकेशन होता है, जो नेटवर्क पर प्रदर्शित होता है। यह ट्यूटोरियल आपको पॉड्स के लिए समाप्ति प्रवाह को देखने और सुंदर कनेक्शन ड्रेनिंग को लागू करने के तरीकों का पता लगाने में मदद करता है।
+
+
+<!-- body -->
+
+## पॉड्स और उनके एन्डपॉइन्ट्स के लिए समाप्ति प्रक्रिया
+
+अक्सर ऐसे मामले होते हैं जब आपको पॉड को समाप्त करने की आवश्यकता होती है - चाहे वह अपग्रेड के लिए हो या स्केल डाउन के लिए।
+एप्लिकेशन की उपलब्धता में सुधार करने के लिए, उचित सक्रिय कनेक्शन ड्रेनिंग को लागू करना महत्वपूर्ण हो सकता है।
+यह ट्यूटोरियल अवधारणा को प्रदर्शित करने के लिए एक सरल nginx वेब सर्वर का उपयोग करके संगत एंडपॉइंट स्थिति और निष्कासन के संबंध में पॉड समाप्ति के प्रवाह की व्याख्या करता है।
+
+<!-- body -->
+
+## Example flow with endpoint termination
+
+निम्नलिखित उदाहरण [पॉड्स की समाप्ति](/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) दस्तावेज़ में वर्णित प्रवाह है।
+
+मान लीजिए कि आपके पास एक एकल `nginx` प्रतिकृति (केवल प्रदर्शन उद्देश्यों के लिए) और एक सेवा युक्त डिप्लॉयमेंट है:
+
+{{% code_sample file="service/pod-with-graceful-termination.yaml" %}}
+
+{{% code_sample file="service/explore-graceful-termination-nginx.yaml" %}}
+
+अब उपरोक्त फ़ाइलों का उपयोग करके डिप्लॉयमेंट पॉड और सेवा बनाएँ:
+
+```shell
+kubectl apply -f pod-with-graceful-termination.yaml
+kubectl apply -f explore-graceful-termination-nginx.yaml
+```
+
+एक बार पॉड और सेवा चलने के बाद, आप किसी भी संबद्ध एंडपॉइंटस्लाइस का नाम प्राप्त कर सकते हैं:
+
+```shell
+kubectl get endpointslice
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```none
+NAME                  ADDRESSTYPE   PORTS   ENDPOINTS                 AGE
+nginx-service-6tjbr   IPv4          80      10.12.1.199,10.12.1.201   22m
+```
+
+आप इसकी स्थिति देख सकते हैं, और पुष्टि कर सकते हैं कि एक एंडपॉइन्ट पंजीकृत है:
+
+```shell
+kubectl get endpointslices -o json -l kubernetes.io/service-name=nginx-service
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```none
+{
+    "addressType": "IPv4",
+    "apiVersion": "discovery.k8s.io/v1",
+    "endpoints": [
+        {
+            "addresses": [
+                "10.12.1.201"
+            ],
+            "conditions": {
+                "ready": true,
+                "serving": true,
+                "terminating": false
+```
+
+अब आइए पॉड को समाप्त करें और सत्यापित करें कि पॉड को अनुग्रहपूर्ण समाप्ति अवधि (graceful termination period) 
+कॉन्फ़िगरेशन का सम्मान करते हुए समाप्त किया जा रहा है:
+
+```shell
+kubectl delete pod nginx-deployment-7768647bf9-b4b9s
+```
+
+सभी पॉड्स की जानकारी प्राप्त करें:
+
+```shell
+kubectl get pods
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```none
+NAME                                READY   STATUS        RESTARTS      AGE
+nginx-deployment-7768647bf9-b4b9s   1/1     Terminating   0             4m1s
+nginx-deployment-7768647bf9-rkxlw   1/1     Running       0             8s
+```
+
+आप देख सकते हैं कि नया पॉड शेड्यूल हो गया है।
+
+जब तक नए पॉड के लिए नया एंडपॉइंट बनाया जा रहा है, पुराना एंडपॉइंट अभी भी टर्मिनेटिंग अवस्था में है:
+
+```shell
+kubectl get endpointslice -o json nginx-service-6tjbr
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```none
+{
+    "addressType": "IPv4",
+    "apiVersion": "discovery.k8s.io/v1",
+    "endpoints": [
+        {
+            "addresses": [
+                "10.12.1.201"
+            ],
+            "conditions": {
+                "ready": false,
+                "serving": true,
+                "terminating": true
+            },
+            "nodeName": "gke-main-default-pool-dca1511c-d17b",
+            "targetRef": {
+                "kind": "Pod",
+                "name": "nginx-deployment-7768647bf9-b4b9s",
+                "namespace": "default",
+                "uid": "66fa831c-7eb2-407f-bd2c-f96dfe841478"
+            },
+            "zone": "us-central1-c"
+        },
+        {
+            "addresses": [
+                "10.12.1.202"
+            ],
+            "conditions": {
+                "ready": true,
+                "serving": true,
+                "terminating": false
+            },
+            "nodeName": "gke-main-default-pool-dca1511c-d17b",
+            "targetRef": {
+                "kind": "Pod",
+                "name": "nginx-deployment-7768647bf9-rkxlw",
+                "namespace": "default",
+                "uid": "722b1cbe-dcd7-4ed4-8928-4a4d0e2bbe35"
+            },
+            "zone": "us-central1-c"
+```
+
+इससे एप्लिकेशन को समाप्ति के दौरान अपनी स्थिति के बारे में बताने की अनुमति मिलती है
+और क्लाइंट (जैसे लोड बैलेंसर) को कनेक्शन ड्रेनिंग कार्यक्षमता को लागू करने की अनुमति मिलती है।
+ये क्लाइंट समाप्ति के समापन बिंदुओं का पता लगा सकते हैं और उनके लिए एक विशेष तर्क लागू कर सकते हैं।
+
+Kubernetes में, समाप्त होने वाले एंडपॉइंट की `ready` स्थिति हमेशा `false` के रूप में सेट होती है।
+बैकवर्ड संगतता के लिए ऐसा होना ज़रूरी है, ताकि मौजूदा लोड बैलेंसर इसका इस्तेमाल नियमित ट्रैफ़िक के लिए न करें। अगर समाप्त होने वाले पॉड पर ट्रैफ़िक ड्रेनिंग की ज़रूरत है, तो वास्तविक तत्परता को `सर्विंग` की स्थिति के रूप में जाँचा जा सकता है।
+
+जब पॉड समाप्त हो जाता है, तो पुराना एंडपॉइंट भी साथ ही साथ समाप्त हो जाएगा।
+
+
+## {{% heading "whatsnext" %}}
+
+
+* जानें कि [एप्लिकेशन को सेवाओं से कैसे कनेक्ट करें](/docs/tutorials/services/connect-applications-service/)
+* [क्लस्टर में किसी एप्लिकेशन तक पहुंचने के लिए सेवा का उपयोग करना](/docs/tasks/access-application-cluster/service-access-application-cluster/) के बारे में अधिक जानें
+* [सेवा का उपयोग करके फ्रंट एंड को बैक एंड से कनेक्ट करना](/docs/tasks/access-application-cluster/connecting-frontend-backend/) के बारे में अधिक जानें
+* [बाहरी लोड बैलेंसर बनाने](/docs/tasks/access-application-cluster/create-external-load-balancer/) के बारे में अधिक जानें
+
diff --git a/content/hi/docs/tutorials/services/source-ip.md b/content/hi/docs/tutorials/services/source-ip.md
new file mode 100644
index 0000000000000..71fa7276ac0f8
--- /dev/null
+++ b/content/hi/docs/tutorials/services/source-ip.md
@@ -0,0 +1,417 @@
+---
+title: स्रोत आईपी का उपयोग करें
+content_type: tutorial
+min-kubernetes-server-version: v1.5
+weight: 40
+---
+
+<!-- overview -->
+
+Kubernetes क्लस्टर में चलने वाले एप्लिकेशन सर्विस एब्स्ट्रैक्शन के ज़रिए एक-दूसरे और बाहरी दुनिया से संपर्क करते हैं और उनसे संवाद करते हैं। यह दस्तावेज़ बताता है कि अलग-अलग तरह की सेवाओं को भेजे जाने वाले पैकेट के स्रोत IP का क्या होता है और आप अपनी ज़रूरतों के हिसाब से इस व्यवहार को कैसे बदल सकते हैं।
+
+
+
+## {{% heading "prerequisites" %}}
+
+
+### शब्दावली
+
+इस दस्तावेज़ में निम्नलिखित शब्दों का प्रयोग किया गया है:
+
+{{< comment >}}
+यदि इस अनुभाग का स्थानीयकरण किया जा रहा है, तो लक्ष्य स्थानीयकरण के लिए समकक्ष विकिपीडिया पृष्ठों से लिंक करें।
+{{< /comment >}}
+
+[NAT](https://en.wikipedia.org/wiki/Network_address_translation)
+: नेटवर्क एड्रेस ट्रांसलेशन
+
+[Source NAT](https://en.wikipedia.org/wiki/Network_address_translation#SNAT)
+: पैकेट पर स्रोत आईपी को प्रतिस्थापित करना; इस पृष्ठ पर, इसका अर्थ आमतौर पर नोड के आईपी पते के साथ प्रतिस्थापित करना है।
+
+[Destination NAT](https://en.wikipedia.org/wiki/Network_address_translation#DNAT)
+: पैकेट पर गंतव्य आईपी को प्रतिस्थापित करना; इस पृष्ठ पर, इसका मतलब आमतौर पर {{<glossary_tooltip term_id="pod" text="पॉड" >}} के आईपी पते के साथ प्रतिस्थापित करना है 
+
+[VIP](/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+: एक वर्चुअल आईपी पता, जैसे कि कुबेरनेट्स में प्रत्येक {{<glossary_tooltip text="सेवा" term_id="service" >}} को निर्दिष्ट किया गया है
+
+[kube-proxy](/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies)
+: एक नेटवर्क डेमॉन जो प्रत्येक नोड पर सेवा वीआईपी प्रबंधन को व्यवस्थित करता है
+
+### Prerequisites
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+उदाहरणों में एक छोटे nginx वेबसर्वर का उपयोग किया गया है जो HTTP हेडर के माध्यम से प्राप्त अनुरोधों के स्रोत IP को प्रतिध्वनित करता है। आप इसे निम्न प्रकार से बना सकते हैं:
+
+{{< note >}}
+निम्नलिखित कमांड में दी गई छवि केवल AMD64 आर्किटेक्चर पर चलती है।
+{{< /note >}}
+
+```shell
+kubectl create deployment source-ip-app --image=registry.k8s.io/echoserver:1.4
+```
+आउटपुट है:
+```
+deployment.apps/source-ip-app created
+```
+
+
+## {{% heading "objectives" %}}
+
+
+* विभिन्न प्रकार की सेवाओं के माध्यम से एक सरल अनुप्रयोग को उजागर करें
+* समझें कि प्रत्येक सेवा प्रकार स्रोत IP NAT को कैसे संभालता है
+* स्रोत IP को संरक्षित करने में शामिल ट्रेडऑफ़ को समझें
+
+
+
+
+<!-- lessoncontent -->
+
+## `Type=ClusterIP` वाली सेवाओं के लिए स्रोत IP
+
+यदि आप kube-proxy को [iptables मोड](/docs/reference/networking/virtual-ips/#proxy-mode-iptables) 
+(डिफ़ॉल्ट) में चला रहे हैं, तो क्लस्टर के भीतर से ClusterIP को भेजे गए पैकेट कभी भी स्रोत NAT'd नहीं होते हैं। आप kube-proxy मोड को उस नोड पर `http://localhost:10249/proxyMode` लाकर क्वेरी कर सकते हैं जहाँ kube-proxy चल रहा है।
+
+```console
+kubectl get nodes
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+NAME                           STATUS     ROLES    AGE     VERSION
+kubernetes-node-6jst   Ready      <none>   2h      v1.13.0
+kubernetes-node-cx31   Ready      <none>   2h      v1.13.0
+kubernetes-node-jj1t   Ready      <none>   2h      v1.13.0
+```
+
+किसी एक नोड पर प्रॉक्सी मोड प्राप्त करें (kube-proxy पोर्ट 10249 पर सुनता है):
+
+```shell
+# Run this in a shell on the node you want to query.
+curl http://localhost:10249/proxyMode
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+iptables
+```
+
+आप स्रोत IP ऐप पर सेवा बनाकर स्रोत IP संरक्षण का परीक्षण कर सकते हैं:
+
+```shell
+kubectl expose deployment source-ip-app --name=clusterip --port=80 --target-port=8080
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+service/clusterip exposed
+```
+
+```shell
+kubectl get svc clusterip
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
+clusterip    ClusterIP   10.0.170.92   <none>        80/TCP    51s
+```
+
+और उसी क्लस्टर में एक पॉड से `ClusterIP` को हिट करना:
+
+```shell
+kubectl run busybox -it --image=busybox:1.28 --restart=Never --rm
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+Waiting for pod default/busybox to be running, status is Pending, pod ready: false
+If you don't see a command prompt, try pressing enter.
+
+```
+
+फिर आप उस पॉड के अंदर एक कमांड चला सकते हैं:
+
+```shell
+# Run this inside the terminal from "kubectl run"
+ip addr
+```
+```
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host
+       valid_lft forever preferred_lft forever
+3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc noqueue
+    link/ether 0a:58:0a:f4:03:08 brd ff:ff:ff:ff:ff:ff
+    inet 10.244.3.8/24 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::188a:84ff:feb0:26a5/64 scope link
+       valid_lft forever preferred_lft forever
+```
+
+…फिर लोकल वेबसर्वर को क्वेरी करने के लिए `wget` का उपयोग करें
+
+```shell
+# Replace "10.0.170.92" with the IPv4 address of the Service named "clusterip"
+wget -qO - 10.0.170.92
+```
+
+```
+CLIENT VALUES:
+client_address=10.244.3.8
+command=GET
+...
+```
+
+`client_address` हमेशा क्लाइंट पॉड का IP पता होता है, चाहे क्लाइंट पॉड और सर्वर पॉड एक ही नोड में हों या अलग-अलग नोड्स में हों।
+
+## `Type=NodePort` वाली सेवाओं के लिए स्रोत IP
+
+[`Type=NodePort`](/docs/concepts/services-networking/service/#type-nodeport) के साथ सेवाओं को भेजे गए पैकेट 
+डिफ़ॉल्ट रूप से स्रोत NAT'd होते हैं। आप `NodePort` सेवा बनाकर इसका परीक्षण कर सकते हैं:
+
+
+```shell
+kubectl expose deployment source-ip-app --name=nodeport --port=80 --target-port=8080 --type=NodePort
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+service/nodeport exposed
+```
+
+```shell
+NODEPORT=$(kubectl get -o jsonpath="{.spec.ports[0].nodePort}" services nodeport)
+NODES=$(kubectl get nodes -o jsonpath='{ $.items[*].status.addresses[?(@.type=="InternalIP")].address }')
+```
+
+यदि आप क्लाउड प्रोवाइडर पर चल रहे हैं, तो आपको ऊपर बताए गए `nodes:nodeport` के लिए फ़ायरवॉल-नियम खोलने की आवश्यकता हो सकती है। अब आप ऊपर आवंटित नोड पोर्ट के माध्यम से क्लस्टर के बाहर से सेवा तक पहुँचने का प्रयास कर सकते हैं।
+
+```shell
+for node in $NODES; do curl -s $node:$NODEPORT | grep -i client_address; done
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+client_address=10.180.1.1
+client_address=10.240.0.5
+client_address=10.240.0.3
+```
+
+ध्यान दें कि ये सही क्लाइंट IP नहीं हैं, ये क्लस्टर के आंतरिक IP हैं। यह इस तरह काम करता है:
+
+* क्लाइंट पैकेट को `node2:nodePort` पर भेजता है
+* `node2` पैकेट में मौजूद सोर्स IP एड्रेस (SNAT) को अपने IP एड्रेस से बदल देता है
+* `node2` पैकेट पर मौजूद डेस्टिनेशन IP को पॉड IP से बदल देता है
+* पैकेट को नोड 1 और फिर एंडपॉइंट पर भेजा जाता है
+* पॉड का जवाब वापस नोड 2 पर भेजा जाता है
+* पॉड का जवाब वापस क्लाइंट को भेजा जाता है
+
+दृश्यात्मक रूप से:
+
+{{< figure src="/docs/images/tutor-service-nodePort-fig01.svg" alt="source IP nodeport figure 01" class="diagram-large" caption="Figure. Source IP Type=NodePort using SNAT" link="https://mermaid.live/edit#pako:eNqNkV9rwyAUxb-K3LysYEqS_WFYKAzat9GHdW9zDxKvi9RoMIZtlH732ZjSbE970cu5v3s86hFqJxEYfHjRNeT5ZcUtIbXRaMNN2hZ5vrYRqt52cSXV-4iMSuwkZiYtyX739EqWaahMQ-V1qPxDVLNOvkYrO6fj2dupWMR2iiT6foOKdEZoS5Q2hmVSStoH7w7IMqXUVOefWoaG3XVftHbGeZYVRbH6ZXJ47CeL2-qhxvt_ucTe1SUlpuMN6CX12XeGpLdJiaMMFFr0rdAyvvfxjHEIDbbIgcVSohKDCRy4PUV06KQIuJU6OA9MCdMjBTEEt_-2NbDgB7xAGy3i97VJPP0ABRmcqg" >}}
+
+इससे बचने के लिए, Kubernetes में [क्लाइंट स्रोत IP को संरक्षित](/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) करने की सुविधा है।
+यदि आप `service.spec.externalTrafficPolicy` को `Local` मान पर सेट करते हैं, तो kube-proxy केवल स्थानीय एंडपॉइंट पर प्रॉक्सी अनुरोधों को प्रॉक्सी करता है, और ट्रैफ़िक को अन्य नोड्स पर अग्रेषित नहीं करता है। यह दृष्टिकोण मूल स्रोत IP पते को संरक्षित करता है। यदि कोई स्थानीय एंडपॉइंट नहीं हैं, तो नोड पर भेजे गए पैकेट ड्रॉप हो जाते हैं, इसलिए आप किसी भी पैकेट प्रोसेसिंग नियम में सही स्रोत-आईपी पर भरोसा कर सकते हैं, आप एक पैकेट लागू कर सकते हैं जो एंडपॉइंट तक पहुंचता है।
+
+`service.spec.externalTrafficPolicy` फ़ील्ड को निम्न प्रकार से सेट करें:
+
+```shell
+kubectl patch svc nodeport -p '{"spec":{"externalTrafficPolicy":"Local"}}'
+```
+
+इसका आउटपुट कुछ इस प्रकार है:
+
+```
+service/nodeport patched
+```
+
+अब, परीक्षण पुनः चलाएँ:
+
+```shell
+for node in $NODES; do curl --connect-timeout 1 -s $node:$NODEPORT | grep -i client_address; done
+```
+
+आउटपुट इस प्रकार है:
+
+```
+client_address=198.51.100.79
+```
+
+ध्यान दें कि आपको केवल एक उत्तर मिला है, *सही* क्लाइंट IP के साथ, उस नोड से जिस पर एंडपॉइंट पॉड चल रहा है।
+
+यह कुछ इस तरह काम करता है:
+
+* क्लाइंट पैकेट को `node2:nodePort` पर भेजता है, जिसमें कोई एंडपॉइंट नहीं है
+* पैकेट को छोड़ दिया जाता है
+* क्लाइंट पैकेट को `node1:nodePort` पर भेजता है, जिसमें *एंडपॉइंट* हैं
+* node1 पैकेट को सही सोर्स IP वाले एंडपॉइंट पर रूट करता है
+
+दृश्यात्मक रूप से:
+
+
+{{< figure src="/docs/images/tutor-service-nodePort-fig02.svg" alt="source IP nodeport figure 02" class="diagram-large" caption="Figure. Source IP Type=NodePort preserves client source IP address" link="" >}}
+
+## `Type=LoadBalancer` वाली सेवाओं के लिए स्रोत IP
+
+[`Type=LoadBalancer`](/docs/concepts/services-networking/service/#loadbalancer) के साथ सेवाओं को भेजे गए पैकेट 
+डिफ़ॉल्ट रूप से स्रोत NAT'd होते हैं, क्योंकि `Ready` स्थिति में सभी शेड्यूल करने योग्य Kubernetes नोड लोड-बैलेंस्ड ट्रैफ़िक के लिए पात्र होते हैं। इसलिए यदि पैकेट बिना किसी एंडपॉइंट के नोड पर पहुंचते हैं, तो सिस्टम इसे एक एंडपॉइंट वाले नोड पर प्रॉक्सी करता है, पैकेट पर स्रोत IP को नोड के IP से बदल देता है (जैसा कि पिछले अनुभाग में वर्णित है)।
+
+आप लोड बैलेंसर के माध्यम से स्रोत-आईपी-ऐप को उजागर करके इसका परीक्षण कर सकते हैं:
+
+```shell
+kubectl expose deployment source-ip-app --name=loadbalancer --port=80 --target-port=8080 --type=LoadBalancer
+```
+
+आउटपुट इस प्रकार है::
+
+```
+service/loadbalancer exposed
+```
+
+सेवा के आईपी पते का प्रिंट आउट लें:
+
+```console
+kubectl get svc loadbalancer
+```
+
+आउटपुट इस प्रकार है: 
+
+```
+NAME           TYPE           CLUSTER-IP    EXTERNAL-IP       PORT(S)   AGE
+loadbalancer   LoadBalancer   10.0.65.118   203.0.113.140     80/TCP    5m
+```
+
+इसके बाद, इस सेवा के बाहरी-आईपी को अनुरोध भेजें:
+
+```shell
+curl 203.0.113.140
+```
+
+आउटपुट इस प्रकार है: 
+
+```
+CLIENT VALUES:
+client_address=10.240.0.5
+...
+```
+
+हालाँकि, यदि आप Google Kubernetes Engine/GCE पर चल रहे हैं, तो उसी `service.spec.externalTrafficPolicy` 
+फ़ील्ड को `Local` पर सेट करने से सेवा समापन बिंदुओं के बिना नोड्स को जानबूझकर स्वास्थ्य जांच में विफल होने के कारण लोडबैलेंस्ड ट्रैफ़िक के लिए योग्य नोड्स की सूची से खुद को हटाने के लिए मजबूर होना पड़ता है।
+
+दृश्यात्मक रूप से:
+
+![Source IP with externalTrafficPolicy](/images/docs/sourceip-externaltrafficpolicy.svg)
+
+आप एनोटेशन सेट करके इसका परीक्षण कर सकते हैं:
+
+```shell
+kubectl patch svc loadbalancer -p '{"spec":{"externalTrafficPolicy":"Local"}}'
+```
+
+आपको तुरंत Kubernetes द्वारा आवंटित `service.spec.healthCheckNodePort` फ़ील्ड दिखाई देगी:
+
+```shell
+kubectl get svc loadbalancer -o yaml | grep -i healthCheckNodePort
+```
+
+आउटपुट इस प्रकार है:
+
+```yaml
+healthCheckNodePort: 32122
+```
+
+`service.spec.healthCheckNodePort` फ़ील्ड `/healthz` पर स्वास्थ्य जाँच करने वाले प्रत्येक नोड पर एक पोर्ट की ओर इशारा करता है। 
+आप इसका परीक्षण कर सकते हैं:
+
+```shell
+kubectl get pod -o wide -l app=source-ip-app
+```
+
+आउटपुट इस प्रकार है: 
+
+```
+NAME                            READY     STATUS    RESTARTS   AGE       IP             NODE
+source-ip-app-826191075-qehz4   1/1       Running   0          20h       10.180.1.136   kubernetes-node-6jst
+```
+
+विभिन्न नोड्स पर `/healthz` एंडपॉइंट लाने के लिए `curl` का उपयोग करें:
+
+```shell
+# Run this locally on a node you choose
+curl localhost:32122/healthz
+```
+
+```
+1 Service Endpoints found
+```
+
+किसी भिन्न नोड पर आपको भिन्न परिणाम मिल सकता है:
+
+```shell
+# Run this locally on a node you choose
+curl localhost:32122/healthz
+```
+
+```
+No Service Endpoints Found
+```
+
+{{<glossary_tooltip text="कंट्रोल प्लेन" term_id="control-plane" >}} पर चलने वाला एक कंट्रोलर क्लाउड लोड बैलेंसर को आवंटित करने के लिए जिम्मेदार होता है। वही कंट्रोलर प्रत्येक नोड पर इस पोर्ट/पथ की ओर इशारा करते हुए HTTP स्वास्थ्य जांच भी आवंटित करता है। स्वास्थ्य जांच में विफल होने के लिए एंडपॉइंट के बिना 2 नोड्स के लिए लगभग 10 सेकंड प्रतीक्षा करें, फिर लोड बैलेंसर के IPv4 पते को क्वेरी करने के लिए `curl` का उपयोग करें:
+
+```shell
+curl 203.0.113.140
+```
+
+आउटपुट इस प्रकार है: 
+
+```
+CLIENT VALUES:
+client_address=198.51.100.79
+...
+```
+
+## क्रॉस-प्लेटफ़ॉर्म समर्थन
+
+केवल कुछ क्लाउड प्रदाता ही `Type=LoadBalancer` वाली सेवाओं के माध्यम से स्रोत IP संरक्षण के लिए समर्थन प्रदान करते हैं।
+आप जिस क्लाउड प्रदाता पर काम कर रहे हैं, वह कुछ अलग-अलग तरीकों से लोडबैलेंसर के लिए अनुरोध को पूरा कर सकता है:
+
+1. एक प्रॉक्सी के साथ जो क्लाइंट कनेक्शन को समाप्त करता है और आपके नोड्स/एंडपॉइंट्स के लिए एक नया कनेक्शन खोलता है। ऐसे मामलों में स्रोत IP हमेशा क्लाउड LB का होगा, क्लाइंट का नहीं।
+
+2. एक पैकेट फ़ॉरवर्डर के साथ, जैसे कि क्लाइंट से लोडबैलेंसर VIP को भेजे गए अनुरोध क्लाइंट के स्रोत IP वाले नोड पर समाप्त होते हैं, न कि किसी मध्यवर्ती प्रॉक्सी पर।
+
+पहली श्रेणी के लोड बैलेंसर को लोडबैलेंसर और बैकएंड के बीच HTTP [फॉरवर्डेड](https://tools.ietf.org/html/rfc7239#section-5.2) या [X-FORWARDED-FOR](https://en.wikipedia.org/wiki/X-Forwarded-For) हेडर या 
+[प्रॉक्सी प्रोटोकॉल](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) जैसे वास्तविक क्लाइंट IP को संप्रेषित करने के लिए सहमत प्रोटोकॉल का उपयोग करना चाहिए। दूसरी श्रेणी के लोड बैलेंसर सेवा पर `service.spec.healthCheckNodePort` फ़ील्ड में संग्रहीत पोर्ट पर इंगित HTTP स्वास्थ्य जांच बनाकर ऊपर वर्णित सुविधा का लाभ उठा सकते हैं।
+
+
+## {{% heading "cleanup" %}}
+
+
+सेवाएँ समाप्त करें:
+
+```shell
+kubectl delete svc -l app=source-ip-app
+```
+
+डिप्लॉयमेंट, रेप्लिका सेट और पॉड को समाप्त करें:
+
+```shell
+kubectl delete deployment source-ip-app
+```
+
+
+
+## {{% heading "whatsnext" %}}
+
+* [सेवाओं के माध्यम से एप्लिकेशन कनेक्ट करने](/docs/tutorials/services/connect-applications-service/) के बारे में अधिक जानें
+* [बाहरी लोड बैलेंसर बनाने का तरीका](/docs/tasks/access-application-cluster/create-external-load-balancer/) पढ़ें
diff --git a/content/hi/examples/README.md b/content/hi/examples/README.md
new file mode 100644
index 0000000000000..27fc3da7f55d3
--- /dev/null
+++ b/content/hi/examples/README.md
@@ -0,0 +1,11 @@
+स्थानीयकरण हेतु परीक्षण चलाने के लिए, निम्नलिखित आदेश का उपयोग करें:
+
+```
+go test k8s.io/website/content/<lang>/examples
+```
+
+जहाँ `<lang>` किसी भाषा का दो अक्षर वाला प्रतिनिधित्व है। उदाहरण के लिए:
+
+```
+go test k8s.io/website/content/en/examples
+```
diff --git a/content/hi/examples/access/certificate-signing-request/clusterrole-approve.yaml b/content/hi/examples/access/certificate-signing-request/clusterrole-approve.yaml
new file mode 100644
index 0000000000000..e5bcfdc44e2d8
--- /dev/null
+++ b/content/hi/examples/access/certificate-signing-request/clusterrole-approve.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csr-approver
+rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests/approval
+  verbs:
+  - update
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - signers
+  resourceNames:
+  - example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
+  verbs:
+  - approve
+
diff --git a/content/hi/examples/access/certificate-signing-request/clusterrole-create.yaml b/content/hi/examples/access/certificate-signing-request/clusterrole-create.yaml
new file mode 100644
index 0000000000000..def1b879d8e88
--- /dev/null
+++ b/content/hi/examples/access/certificate-signing-request/clusterrole-create.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csr-creator
+rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - create
+  - get
+  - list
+  - watch
diff --git a/content/hi/examples/access/certificate-signing-request/clusterrole-sign.yaml b/content/hi/examples/access/certificate-signing-request/clusterrole-sign.yaml
new file mode 100644
index 0000000000000..6d1a2f7882cd1
--- /dev/null
+++ b/content/hi/examples/access/certificate-signing-request/clusterrole-sign.yaml
@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csr-signer
+rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests/status
+  verbs:
+  - update
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - signers
+  resourceNames:
+  - example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
+  verbs:
+  - sign
diff --git a/content/hi/examples/access/deployment-replicas-policy.yaml b/content/hi/examples/access/deployment-replicas-policy.yaml
new file mode 100644
index 0000000000000..d7d11e9a20ced
--- /dev/null
+++ b/content/hi/examples/access/deployment-replicas-policy.yaml
@@ -0,0 +1,19 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "deploy-replica-policy.example.com"
+spec:
+  paramKind:
+    apiVersion: rules.example.com/v1
+    kind: ReplicaLimit
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments"]
+  validations:
+  - expression: "object.spec.replicas <= params.maxReplicas"
+    messageExpression: "'object.spec.replicas must be no greater than ' + string(params.maxReplicas)"
+    reason: Invalid
+
diff --git a/content/hi/examples/access/endpoints-aggregated.yaml b/content/hi/examples/access/endpoints-aggregated.yaml
new file mode 100644
index 0000000000000..d238820056afb
--- /dev/null
+++ b/content/hi/examples/access/endpoints-aggregated.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    kubernetes.io/description: |-
+      Add endpoints write permissions to the edit and admin roles. This was
+      removed by default in 1.22 because of CVE-2021-25740. See
+      https://issue.k8s.io/103675. This can allow writers to direct LoadBalancer
+      or Ingress implementations to expose backend IPs that would not otherwise
+      be accessible, and can circumvent network policies or security controls
+      intended to prevent/isolate access to those backends.
+      EndpointSlices were never included in the edit or admin roles, so there
+      is nothing to restore for the EndpointSlice API.
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  name: custom:aggregate-to-edit:endpoints # you can change this if you wish
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["create", "delete", "deletecollection", "patch", "update"]
diff --git a/content/hi/examples/access/image-matches-namespace-environment.policy.yaml b/content/hi/examples/access/image-matches-namespace-environment.policy.yaml
new file mode 100644
index 0000000000000..cf7508d253091
--- /dev/null
+++ b/content/hi/examples/access/image-matches-namespace-environment.policy.yaml
@@ -0,0 +1,28 @@
+# This policy enforces that all containers of a deployment has the image repo match the environment label of its namespace.
+# Except for "exempt" deployments, or any containers that do not belong to the "example.com" organization (e.g. common sidecars).
+# For example, if the namespace has a label of {"environment": "staging"}, all container images must be either staging.example.com/*
+# or do not contain "example.com" at all, unless the deployment has {"exempt": "true"} label.
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "image-matches-namespace-environment.policy.example.com"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments"]
+  variables:
+  - name: environment
+    expression: "'environment' in namespaceObject.metadata.labels ? namespaceObject.metadata.labels['environment'] : 'prod'"
+  - name: exempt
+    expression: "'exempt' in object.metadata.labels && object.metadata.labels['exempt'] == 'true'"
+  - name: containers
+    expression: "object.spec.template.spec.containers"
+  - name: containersToCheck
+    expression: "variables.containers.filter(c, c.image.contains('example.com/'))"
+  validations:
+  - expression: "variables.exempt || variables.containersToCheck.all(c, c.image.startsWith(variables.environment + '.'))"
+    messageExpression: "'only ' + variables.environment + ' images are allowed in namespace ' + namespaceObject.metadata.name"
\ No newline at end of file
diff --git a/content/hi/examples/access/validating-admission-policy-audit-annotation.yaml b/content/hi/examples/access/validating-admission-policy-audit-annotation.yaml
new file mode 100644
index 0000000000000..1c422a825447f
--- /dev/null
+++ b/content/hi/examples/access/validating-admission-policy-audit-annotation.yaml
@@ -0,0 +1,18 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "demo-policy.example.com"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments"]
+  validations:
+    - expression: "object.spec.replicas > 50"
+      messageExpression: "'Deployment spec.replicas set to ' + string(object.spec.replicas)"
+  auditAnnotations:
+    - key: "high-replica-count"
+      valueExpression: "'Deployment spec.replicas set to ' + string(object.spec.replicas)"
diff --git a/content/hi/examples/access/validating-admission-policy-match-conditions.yaml b/content/hi/examples/access/validating-admission-policy-match-conditions.yaml
new file mode 100644
index 0000000000000..eafebd2c2c274
--- /dev/null
+++ b/content/hi/examples/access/validating-admission-policy-match-conditions.yaml
@@ -0,0 +1,22 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "demo-policy.example.com"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+      - apiGroups:   ["*"]
+        apiVersions: ["*"]
+        operations:  ["CREATE", "UPDATE"]
+        resources:   ["*"]
+  matchConditions:
+    - name: 'exclude-leases' # Each match condition must have a unique name
+      expression: '!(request.resource.group == "coordination.k8s.io" && request.resource.resource == "leases")' # Match non-lease resources.
+    - name: 'exclude-kubelet-requests'
+      expression: '!("system:nodes" in request.userInfo.groups)' # Match requests made by non-node users.
+    - name: 'rbac' # Skip RBAC requests.
+      expression: 'request.resource.group != "rbac.authorization.k8s.io"'
+  validations:
+    - expression: "!object.metadata.name.contains('demo') || object.metadata.namespace == 'demo'"
+
diff --git a/content/hi/examples/admin/cloud/ccm-example.yaml b/content/hi/examples/admin/cloud/ccm-example.yaml
new file mode 100644
index 0000000000000..91b7ef2b8944f
--- /dev/null
+++ b/content/hi/examples/admin/cloud/ccm-example.yaml
@@ -0,0 +1,73 @@
+# This is an example of how to set up cloud-controller-manager as a Daemonset in your cluster.
+# It assumes that your masters can run pods and has the role node-role.kubernetes.io/master
+# Note that this Daemonset will not work straight out of the box for your cloud, this is
+# meant to be a guideline.
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: cloud-controller-manager
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: cloud-controller-manager
+  name: cloud-controller-manager
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      k8s-app: cloud-controller-manager
+  template:
+    metadata:
+      labels:
+        k8s-app: cloud-controller-manager
+    spec:
+      serviceAccountName: cloud-controller-manager
+      containers:
+      - name: cloud-controller-manager
+        # for in-tree providers we use registry.k8s.io/cloud-controller-manager
+        # this can be replaced with any other image for out-of-tree providers
+        image: registry.k8s.io/cloud-controller-manager:v1.8.0
+        command:
+        - /usr/local/bin/cloud-controller-manager
+        - --cloud-provider=[YOUR_CLOUD_PROVIDER]  # Add your own cloud provider here!
+        - --leader-elect=true
+        - --use-service-account-credentials
+        # these flags will vary for every cloud provider
+        - --allocate-node-cidrs=true
+        - --configure-cloud-routes=true
+        - --cluster-cidr=172.17.0.0/16
+      tolerations:
+      # this is required so CCM can bootstrap itself
+      - key: node.cloudprovider.kubernetes.io/uninitialized
+        value: "true"
+        effect: NoSchedule
+      # these tolerations are to have the daemonset runnable on control plane nodes
+      # remove them if your control plane nodes should not run pods
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      # this is to restrict CCM to only run on master nodes
+      # the node selector may vary depending on your cluster setup
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
diff --git a/content/hi/examples/admin/dns/busybox.yaml b/content/hi/examples/admin/dns/busybox.yaml
new file mode 100644
index 0000000000000..31f009d307291
--- /dev/null
+++ b/content/hi/examples/admin/dns/busybox.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox
+  namespace: default
+spec:
+  containers:
+  - name: busybox
+    image: busybox:1.28
+    command:
+      - sleep
+      - "3600"
+    imagePullPolicy: IfNotPresent
+  restartPolicy: Always
diff --git a/content/hi/examples/admin/dns/dns-horizontal-autoscaler.yaml b/content/hi/examples/admin/dns/dns-horizontal-autoscaler.yaml
new file mode 100644
index 0000000000000..3182fed3c8052
--- /dev/null
+++ b/content/hi/examples/admin/dns/dns-horizontal-autoscaler.yaml
@@ -0,0 +1,87 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: kube-dns-autoscaler
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-dns-autoscaler
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list", "watch"]
+  - apiGroups: [""]
+    resources: ["replicationcontrollers/scale"]
+    verbs: ["get", "update"]
+  - apiGroups: ["apps"]
+    resources: ["deployments/scale", "replicasets/scale"]
+    verbs: ["get", "update"]
+# Remove the configmaps rule once below issue is fixed:
+# kubernetes-incubator/cluster-proportional-autoscaler#16
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "create"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-dns-autoscaler
+subjects:
+  - kind: ServiceAccount
+    name: kube-dns-autoscaler
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: system:kube-dns-autoscaler
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-dns-autoscaler
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns-autoscaler
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-dns-autoscaler
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns-autoscaler
+    spec:
+      priorityClassName: system-cluster-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        supplementalGroups: [ 65534 ]
+        fsGroup: 65534
+      nodeSelector:
+        kubernetes.io/os: linux
+      containers:
+      - name: autoscaler
+        image: registry.k8s.io/cpa/cluster-proportional-autoscaler:1.8.4
+        resources:
+            requests:
+                cpu: "20m"
+                memory: "10Mi"
+        command:
+          - /cluster-proportional-autoscaler
+          - --namespace=kube-system
+          - --configmap=kube-dns-autoscaler
+          # Should keep target in sync with cluster/addons/dns/kube-dns.yaml.base
+          - --target=<SCALE_TARGET>
+          # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+          # If using small nodes, "nodesPerReplica" should dominate.
+          - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true,"includeUnschedulableNodes":true}}
+          - --logtostderr=true
+          - --v=2
+      tolerations:
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      serviceAccountName: kube-dns-autoscaler
diff --git a/content/hi/examples/admin/dns/dnsutils.yaml b/content/hi/examples/admin/dns/dnsutils.yaml
new file mode 100644
index 0000000000000..e1b3ace336f99
--- /dev/null
+++ b/content/hi/examples/admin/dns/dnsutils.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dnsutils
+  namespace: default
+spec:
+  containers:
+  - name: dnsutils
+    image: registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3
+    command:
+      - sleep
+      - "infinity"
+    imagePullPolicy: IfNotPresent
+  restartPolicy: Always
diff --git a/content/hi/examples/admin/konnectivity/egress-selector-configuration.yaml b/content/hi/examples/admin/konnectivity/egress-selector-configuration.yaml
new file mode 100644
index 0000000000000..631e6cc26862e
--- /dev/null
+++ b/content/hi/examples/admin/konnectivity/egress-selector-configuration.yaml
@@ -0,0 +1,21 @@
+apiVersion: apiserver.k8s.io/v1beta1
+kind: EgressSelectorConfiguration
+egressSelections:
+# Since we want to control the egress traffic to the cluster, we use the
+# "cluster" as the name. Other supported values are "etcd", and "controlplane".
+- name: cluster
+  connection:
+    # This controls the protocol between the API Server and the Konnectivity
+    # server. Supported values are "GRPC" and "HTTPConnect". There is no
+    # end user visible difference between the two modes. You need to set the
+    # Konnectivity server to work in the same mode.
+    proxyProtocol: GRPC
+    transport:
+      # This controls what transport the API Server uses to communicate with the
+      # Konnectivity server. UDS is recommended if the Konnectivity server
+      # locates on the same machine as the API Server. You need to configure the
+      # Konnectivity server to listen on the same UDS socket.
+      # The other supported transport is "tcp". You will need to set up TLS 
+      # config to secure the TCP transport.
+      uds:
+        udsName: /etc/kubernetes/konnectivity-server/konnectivity-server.socket
diff --git a/content/hi/examples/admin/konnectivity/konnectivity-agent.yaml b/content/hi/examples/admin/konnectivity/konnectivity-agent.yaml
new file mode 100644
index 0000000000000..cbcbf89114a94
--- /dev/null
+++ b/content/hi/examples/admin/konnectivity/konnectivity-agent.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+# Alternatively, you can deploy the agents as Deployments. It is not necessary
+# to have an agent on each node.
+kind: DaemonSet
+metadata:
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    k8s-app: konnectivity-agent
+  namespace: kube-system
+  name: konnectivity-agent
+spec:
+  selector:
+    matchLabels:
+      k8s-app: konnectivity-agent
+  template:
+    metadata:
+      labels:
+        k8s-app: konnectivity-agent
+    spec:
+      priorityClassName: system-cluster-critical
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      containers:
+        - image: us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.37
+          name: konnectivity-agent
+          command: ["/proxy-agent"]
+          args: [
+                  "--logtostderr=true",
+                  "--ca-cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+                  # Since the konnectivity server runs with hostNetwork=true,
+                  # this is the IP address of the master machine.
+                  "--proxy-server-host=35.225.206.7",
+                  "--proxy-server-port=8132",
+                  "--admin-server-port=8133",
+                  "--health-server-port=8134",
+                  "--service-account-token-path=/var/run/secrets/tokens/konnectivity-agent-token"
+                  ]
+          volumeMounts:
+            - mountPath: /var/run/secrets/tokens
+              name: konnectivity-agent-token
+          livenessProbe:
+            httpGet:
+              port: 8134
+              path: /healthz
+            initialDelaySeconds: 15
+            timeoutSeconds: 15
+      serviceAccountName: konnectivity-agent
+      volumes:
+        - name: konnectivity-agent-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  path: konnectivity-agent-token
+                  audience: system:konnectivity-server
diff --git a/content/hi/examples/admin/konnectivity/konnectivity-rbac.yaml b/content/hi/examples/admin/konnectivity/konnectivity-rbac.yaml
new file mode 100644
index 0000000000000..7687f49b77e82
--- /dev/null
+++ b/content/hi/examples/admin/konnectivity/konnectivity-rbac.yaml
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:konnectivity-server
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: system:konnectivity-server
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: konnectivity-agent
+  namespace: kube-system
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
diff --git a/content/hi/examples/admin/konnectivity/konnectivity-server.yaml b/content/hi/examples/admin/konnectivity/konnectivity-server.yaml
new file mode 100644
index 0000000000000..4dfbf5db9d11a
--- /dev/null
+++ b/content/hi/examples/admin/konnectivity/konnectivity-server.yaml
@@ -0,0 +1,73 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: konnectivity-server
+  namespace: kube-system
+spec:
+  priorityClassName: system-cluster-critical
+  hostNetwork: true
+  containers:
+  - name: konnectivity-server-container
+    image: registry.k8s.io/kas-network-proxy/proxy-server:v0.0.37
+    command: ["/proxy-server"]
+    args: [
+            "--logtostderr=true",
+            # This needs to be consistent with the value set in egressSelectorConfiguration.
+            "--uds-name=/etc/kubernetes/konnectivity-server/konnectivity-server.socket",
+            "--delete-existing-uds-file",
+            # The following two lines assume the Konnectivity server is
+            # deployed on the same machine as the apiserver, and the certs and
+            # key of the API Server are at the specified location.
+            "--cluster-cert=/etc/kubernetes/pki/apiserver.crt",
+            "--cluster-key=/etc/kubernetes/pki/apiserver.key",
+            # This needs to be consistent with the value set in egressSelectorConfiguration.
+            "--mode=grpc",
+            "--server-port=0",
+            "--agent-port=8132",
+            "--admin-port=8133",
+            "--health-port=8134",
+            "--agent-namespace=kube-system",
+            "--agent-service-account=konnectivity-agent",
+            "--kubeconfig=/etc/kubernetes/konnectivity-server.conf",
+            "--authentication-audience=system:konnectivity-server"
+            ]
+    livenessProbe:
+      httpGet:
+        scheme: HTTP
+        host: 127.0.0.1
+        port: 8134
+        path: /healthz
+      initialDelaySeconds: 30
+      timeoutSeconds: 60
+    ports:
+    - name: agentport
+      containerPort: 8132
+      hostPort: 8132
+    - name: adminport
+      containerPort: 8133
+      hostPort: 8133
+    - name: healthport
+      containerPort: 8134
+      hostPort: 8134
+    volumeMounts:
+    - name: k8s-certs
+      mountPath: /etc/kubernetes/pki
+      readOnly: true
+    - name: kubeconfig
+      mountPath: /etc/kubernetes/konnectivity-server.conf
+      readOnly: true
+    - name: konnectivity-uds
+      mountPath: /etc/kubernetes/konnectivity-server
+      readOnly: false
+  volumes:
+  - name: k8s-certs
+    hostPath:
+      path: /etc/kubernetes/pki
+  - name: kubeconfig
+    hostPath:
+      path: /etc/kubernetes/konnectivity-server.conf
+      type: FileOrCreate
+  - name: konnectivity-uds
+    hostPath:
+      path: /etc/kubernetes/konnectivity-server
+      type: DirectoryOrCreate
diff --git a/content/hi/examples/admin/logging/fluentd-sidecar-config.yaml b/content/hi/examples/admin/logging/fluentd-sidecar-config.yaml
new file mode 100644
index 0000000000000..eea1849b033fa
--- /dev/null
+++ b/content/hi/examples/admin/logging/fluentd-sidecar-config.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fluentd-config
+data:
+  fluentd.conf: |
+    <source>
+      type tail
+      format none
+      path /var/log/1.log
+      pos_file /var/log/1.log.pos
+      tag count.format1
+    </source>
+
+    <source>
+      type tail
+      format none
+      path /var/log/2.log
+      pos_file /var/log/2.log.pos
+      tag count.format2
+    </source>
+
+    <match **>
+      type google_cloud
+    </match>
diff --git a/content/hi/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml b/content/hi/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml
new file mode 100644
index 0000000000000..a621a9fb2acce
--- /dev/null
+++ b/content/hi/examples/admin/logging/two-files-counter-pod-agent-sidecar.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox:1.28
+    args:
+    - /bin/sh
+    - -c
+    - >
+      i=0;
+      while true;
+      do
+        echo "$i: $(date)" >> /var/log/1.log;
+        echo "$(date) INFO $i" >> /var/log/2.log;
+        i=$((i+1));
+        sleep 1;
+      done
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  - name: count-agent
+    image: registry.k8s.io/fluentd-gcp:1.30
+    env:
+    - name: FLUENTD_ARGS
+      value: -c /etc/fluentd-config/fluentd.conf
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+    - name: config-volume
+      mountPath: /etc/fluentd-config
+  volumes:
+  - name: varlog
+    emptyDir: {}
+  - name: config-volume
+    configMap:
+      name: fluentd-config
diff --git a/content/hi/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml b/content/hi/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml
new file mode 100644
index 0000000000000..ac19efe4a2350
--- /dev/null
+++ b/content/hi/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox:1.28
+    args:
+    - /bin/sh
+    - -c
+    - >
+      i=0;
+      while true;
+      do
+        echo "$i: $(date)" >> /var/log/1.log;
+        echo "$(date) INFO $i" >> /var/log/2.log;
+        i=$((i+1));
+        sleep 1;
+      done
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  - name: count-log-1
+    image: busybox:1.28
+    args: [/bin/sh, -c, 'tail -n+1 -F /var/log/1.log']
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  - name: count-log-2
+    image: busybox:1.28
+    args: [/bin/sh, -c, 'tail -n+1 -F /var/log/2.log']
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  volumes:
+  - name: varlog
+    emptyDir: {}
diff --git a/content/hi/examples/admin/logging/two-files-counter-pod.yaml b/content/hi/examples/admin/logging/two-files-counter-pod.yaml
new file mode 100644
index 0000000000000..31bbed3cf8683
--- /dev/null
+++ b/content/hi/examples/admin/logging/two-files-counter-pod.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox:1.28
+    args:
+    - /bin/sh
+    - -c
+    - >
+      i=0;
+      while true;
+      do
+        echo "$i: $(date)" >> /var/log/1.log;
+        echo "$(date) INFO $i" >> /var/log/2.log;
+        i=$((i+1));
+        sleep 1;
+      done
+    volumeMounts:
+    - name: varlog
+      mountPath: /var/log
+  volumes:
+  - name: varlog
+    emptyDir: {}
diff --git a/content/hi/examples/admin/namespace-dev.json b/content/hi/examples/admin/namespace-dev.json
new file mode 100644
index 0000000000000..cb3ed7cdc1efa
--- /dev/null
+++ b/content/hi/examples/admin/namespace-dev.json
@@ -0,0 +1,10 @@
+{
+  "apiVersion": "v1",
+  "kind": "Namespace",
+  "metadata": {
+    "name": "development",
+    "labels": {
+      "name": "development"
+    }
+  }
+}
diff --git a/content/hi/examples/admin/namespace-dev.yaml b/content/hi/examples/admin/namespace-dev.yaml
new file mode 100644
index 0000000000000..5e753b693f03b
--- /dev/null
+++ b/content/hi/examples/admin/namespace-dev.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: development
+  labels:
+    name: development
diff --git a/content/hi/examples/admin/namespace-prod.json b/content/hi/examples/admin/namespace-prod.json
new file mode 100644
index 0000000000000..878ba7866ca59
--- /dev/null
+++ b/content/hi/examples/admin/namespace-prod.json
@@ -0,0 +1,10 @@
+{
+  "apiVersion": "v1",
+  "kind": "Namespace",
+  "metadata": {
+    "name": "production",
+    "labels": {
+      "name": "production"
+    }
+  }
+}
diff --git a/content/hi/examples/admin/namespace-prod.yaml b/content/hi/examples/admin/namespace-prod.yaml
new file mode 100644
index 0000000000000..761d6325cb404
--- /dev/null
+++ b/content/hi/examples/admin/namespace-prod.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: production
+  labels:
+    name: production
diff --git a/content/hi/examples/admin/resource/cpu-constraints-pod-2.yaml b/content/hi/examples/admin/resource/cpu-constraints-pod-2.yaml
new file mode 100644
index 0000000000000..b5c7348f26ee0
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-constraints-pod-2.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-cpu-demo-2
+spec:
+  containers:
+  - name: constraints-cpu-demo-2-ctr
+    image: nginx
+    resources:
+      limits:
+        cpu: "1.5"
+      requests:
+        cpu: "500m"
diff --git a/content/hi/examples/admin/resource/cpu-constraints-pod-3.yaml b/content/hi/examples/admin/resource/cpu-constraints-pod-3.yaml
new file mode 100644
index 0000000000000..0a2083acd8ec6
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-constraints-pod-3.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-cpu-demo-3
+spec:
+  containers:
+  - name: constraints-cpu-demo-3-ctr
+    image: nginx
+    resources:
+      limits:
+        cpu: "800m"
+      requests:
+        cpu: "100m"
diff --git a/content/hi/examples/admin/resource/cpu-constraints-pod-4.yaml b/content/hi/examples/admin/resource/cpu-constraints-pod-4.yaml
new file mode 100644
index 0000000000000..3c102158db509
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-constraints-pod-4.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-cpu-demo-4
+spec:
+  containers:
+  - name: constraints-cpu-demo-4-ctr
+    image: vish/stress
diff --git a/content/hi/examples/admin/resource/cpu-constraints-pod.yaml b/content/hi/examples/admin/resource/cpu-constraints-pod.yaml
new file mode 100644
index 0000000000000..7db23f26c8842
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-constraints-pod.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-cpu-demo
+spec:
+  containers:
+  - name: constraints-cpu-demo-ctr
+    image: nginx
+    resources:
+      limits:
+        cpu: "800m"
+      requests:
+        cpu: "500m"
diff --git a/content/hi/examples/admin/resource/cpu-constraints.yaml b/content/hi/examples/admin/resource/cpu-constraints.yaml
new file mode 100644
index 0000000000000..6fc4239027c86
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-constraints.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: cpu-min-max-demo-lr
+spec:
+  limits:
+  - max:
+      cpu: "800m"
+    min:
+      cpu: "200m"
+    type: Container
diff --git a/content/hi/examples/admin/resource/cpu-defaults-pod-2.yaml b/content/hi/examples/admin/resource/cpu-defaults-pod-2.yaml
new file mode 100644
index 0000000000000..9ca216dee1557
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-defaults-pod-2.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-cpu-demo-2
+spec:
+  containers:
+  - name: default-cpu-demo-2-ctr
+    image: nginx
+    resources:
+      limits:
+        cpu: "1"
diff --git a/content/hi/examples/admin/resource/cpu-defaults-pod-3.yaml b/content/hi/examples/admin/resource/cpu-defaults-pod-3.yaml
new file mode 100644
index 0000000000000..214cdee34bfff
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-defaults-pod-3.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-cpu-demo-3
+spec:
+  containers:
+  - name: default-cpu-demo-3-ctr
+    image: nginx
+    resources:
+      requests:
+        cpu: "0.75"
diff --git a/content/hi/examples/admin/resource/cpu-defaults-pod.yaml b/content/hi/examples/admin/resource/cpu-defaults-pod.yaml
new file mode 100644
index 0000000000000..56b06d9a690e5
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-defaults-pod.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-cpu-demo
+spec:
+  containers:
+  - name: default-cpu-demo-ctr
+    image: nginx
diff --git a/content/hi/examples/admin/resource/cpu-defaults.yaml b/content/hi/examples/admin/resource/cpu-defaults.yaml
new file mode 100644
index 0000000000000..b53d297181683
--- /dev/null
+++ b/content/hi/examples/admin/resource/cpu-defaults.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: cpu-limit-range
+spec:
+  limits:
+  - default:
+      cpu: 1
+    defaultRequest:
+      cpu: 0.5
+    type: Container
diff --git a/content/hi/examples/admin/resource/limit-mem-cpu-container.yaml b/content/hi/examples/admin/resource/limit-mem-cpu-container.yaml
new file mode 100644
index 0000000000000..3c2b30f29ccef
--- /dev/null
+++ b/content/hi/examples/admin/resource/limit-mem-cpu-container.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: limit-mem-cpu-per-container
+spec:
+  limits:
+  - max:
+      cpu: "800m"
+      memory: "1Gi"
+    min:
+      cpu: "100m"
+      memory: "99Mi"
+    default:
+      cpu: "700m"
+      memory: "900Mi"
+    defaultRequest:
+      cpu: "110m"
+      memory: "111Mi"
+    type: Container
diff --git a/content/hi/examples/admin/resource/limit-mem-cpu-pod.yaml b/content/hi/examples/admin/resource/limit-mem-cpu-pod.yaml
new file mode 100644
index 0000000000000..0ce0f69ac8130
--- /dev/null
+++ b/content/hi/examples/admin/resource/limit-mem-cpu-pod.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: limit-mem-cpu-per-pod
+spec:
+  limits:
+  - max:
+      cpu: "2"
+      memory: "2Gi"
+    type: Pod
diff --git a/content/hi/examples/admin/resource/limit-memory-ratio-pod.yaml b/content/hi/examples/admin/resource/limit-memory-ratio-pod.yaml
new file mode 100644
index 0000000000000..859fc20ecec38
--- /dev/null
+++ b/content/hi/examples/admin/resource/limit-memory-ratio-pod.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: limit-memory-ratio-pod
+spec:
+  limits:
+  - maxLimitRequestRatio:
+      memory: 2
+    type: Pod
diff --git a/content/hi/examples/admin/resource/limit-range-pod-1.yaml b/content/hi/examples/admin/resource/limit-range-pod-1.yaml
new file mode 100644
index 0000000000000..b9bd20d06a2c7
--- /dev/null
+++ b/content/hi/examples/admin/resource/limit-range-pod-1.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox1
+spec:
+  containers:
+  - name: busybox-cnt01
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]
+    resources:
+      requests:
+        memory: "100Mi"
+        cpu: "100m"
+      limits:
+        memory: "200Mi"
+        cpu: "500m"
+  - name: busybox-cnt02
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt02; sleep 10;done"]
+    resources:
+      requests:
+        memory: "100Mi"
+        cpu: "100m"
+  - name: busybox-cnt03
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt03; sleep 10;done"]
+    resources:
+      limits:
+        memory: "200Mi"
+        cpu: "500m"
+  - name: busybox-cnt04
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt04; sleep 10;done"]
diff --git a/content/hi/examples/admin/resource/limit-range-pod-2.yaml b/content/hi/examples/admin/resource/limit-range-pod-2.yaml
new file mode 100644
index 0000000000000..40da19c1aee05
--- /dev/null
+++ b/content/hi/examples/admin/resource/limit-range-pod-2.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox2
+spec:
+  containers:
+  - name: busybox-cnt01
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]
+    resources:
+      requests:
+        memory: "100Mi"
+        cpu: "100m"
+      limits:
+        memory: "200Mi"
+        cpu: "500m"
+  - name: busybox-cnt02
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt02; sleep 10;done"]
+    resources:
+      requests:
+        memory: "100Mi"
+        cpu: "100m"
+  - name: busybox-cnt03
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt03; sleep 10;done"]
+    resources:
+      limits:
+        memory: "200Mi"
+        cpu: "500m"
+  - name: busybox-cnt04
+    image: busybox:1.28
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello from cnt04; sleep 10;done"]
diff --git a/content/hi/examples/admin/resource/limit-range-pod-3.yaml b/content/hi/examples/admin/resource/limit-range-pod-3.yaml
new file mode 100644
index 0000000000000..5b6b835e38b62
--- /dev/null
+++ b/content/hi/examples/admin/resource/limit-range-pod-3.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox3
+spec:
+  containers:
+  - name: busybox-cnt01
+    image: busybox:1.28
+    command: ["sleep", "3600"]
+    resources:
+      limits:
+        memory: "300Mi"
+      requests:
+        memory: "100Mi"
diff --git a/content/hi/examples/admin/resource/memory-available-cgroupv2.sh b/content/hi/examples/admin/resource/memory-available-cgroupv2.sh
new file mode 100644
index 0000000000000..47b9f6802bdfd
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-available-cgroupv2.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# This script reproduces what the kubelet does
+# to calculate memory.available relative to kubepods cgroup.
+
+# current memory usage
+memory_capacity_in_kb=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}')
+memory_capacity_in_bytes=$((memory_capacity_in_kb * 1024))
+memory_usage_in_bytes=$(cat /sys/fs/cgroup/kubepods.slice/memory.current)
+memory_total_inactive_file=$(cat /sys/fs/cgroup/kubepods.slice/memory.stat | grep inactive_file | awk '{print $2}')
+
+memory_working_set=${memory_usage_in_bytes}
+if [ "$memory_working_set" -lt "$memory_total_inactive_file" ];
+then
+    memory_working_set=0
+else
+    memory_working_set=$((memory_usage_in_bytes - memory_total_inactive_file))
+fi
+
+memory_available_in_bytes=$((memory_capacity_in_bytes - memory_working_set))
+memory_available_in_kb=$((memory_available_in_bytes / 1024))
+memory_available_in_mb=$((memory_available_in_kb / 1024))
+
+echo "memory.capacity_in_bytes $memory_capacity_in_bytes"
+echo "memory.usage_in_bytes $memory_usage_in_bytes"
+echo "memory.total_inactive_file $memory_total_inactive_file"
+echo "memory.working_set $memory_working_set"
+echo "memory.available_in_bytes $memory_available_in_bytes"
+echo "memory.available_in_kb $memory_available_in_kb"
+echo "memory.available_in_mb $memory_available_in_mb"
diff --git a/content/hi/examples/admin/resource/memory-available.sh b/content/hi/examples/admin/resource/memory-available.sh
new file mode 100644
index 0000000000000..a699b1d2e2046
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-available.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#!/usr/bin/env bash
+
+# This script reproduces what the kubelet does
+# to calculate memory.available relative to root cgroup.
+
+# current memory usage
+memory_capacity_in_kb=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}')
+memory_capacity_in_bytes=$((memory_capacity_in_kb * 1024))
+memory_usage_in_bytes=$(cat /sys/fs/cgroup/memory/memory.usage_in_bytes)
+memory_total_inactive_file=$(cat /sys/fs/cgroup/memory/memory.stat | grep total_inactive_file | awk '{print $2}')
+
+memory_working_set=${memory_usage_in_bytes}
+if [ "$memory_working_set" -lt "$memory_total_inactive_file" ];
+then
+    memory_working_set=0
+else
+    memory_working_set=$((memory_usage_in_bytes - memory_total_inactive_file))
+fi
+
+memory_available_in_bytes=$((memory_capacity_in_bytes - memory_working_set))
+memory_available_in_kb=$((memory_available_in_bytes / 1024))
+memory_available_in_mb=$((memory_available_in_kb / 1024))
+
+echo "memory.capacity_in_bytes $memory_capacity_in_bytes"
+echo "memory.usage_in_bytes $memory_usage_in_bytes"
+echo "memory.total_inactive_file $memory_total_inactive_file"
+echo "memory.working_set $memory_working_set"
+echo "memory.available_in_bytes $memory_available_in_bytes"
+echo "memory.available_in_kb $memory_available_in_kb"
+echo "memory.available_in_mb $memory_available_in_mb"
diff --git a/content/hi/examples/admin/resource/memory-constraints-pod-2.yaml b/content/hi/examples/admin/resource/memory-constraints-pod-2.yaml
new file mode 100644
index 0000000000000..0b1ae569c4962
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-constraints-pod-2.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-mem-demo-2
+spec:
+  containers:
+  - name: constraints-mem-demo-2-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "1.5Gi"
+      requests:
+        memory: "800Mi"
diff --git a/content/hi/examples/admin/resource/memory-constraints-pod-3.yaml b/content/hi/examples/admin/resource/memory-constraints-pod-3.yaml
new file mode 100644
index 0000000000000..f97cd4a8ac07f
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-constraints-pod-3.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-mem-demo-3
+spec:
+  containers:
+  - name: constraints-mem-demo-3-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "800Mi"
+      requests:
+        memory: "100Mi"
diff --git a/content/hi/examples/admin/resource/memory-constraints-pod-4.yaml b/content/hi/examples/admin/resource/memory-constraints-pod-4.yaml
new file mode 100644
index 0000000000000..657530c41e7fc
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-constraints-pod-4.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-mem-demo-4
+spec:
+  containers:
+  - name: constraints-mem-demo-4-ctr
+    image: nginx
+
diff --git a/content/hi/examples/admin/resource/memory-constraints-pod.yaml b/content/hi/examples/admin/resource/memory-constraints-pod.yaml
new file mode 100644
index 0000000000000..06954d10d65ad
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-constraints-pod.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: constraints-mem-demo
+spec:
+  containers:
+  - name: constraints-mem-demo-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "800Mi"
+      requests:
+        memory: "600Mi"
diff --git a/content/hi/examples/admin/resource/memory-constraints.yaml b/content/hi/examples/admin/resource/memory-constraints.yaml
new file mode 100644
index 0000000000000..3a2924c032e50
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-constraints.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: mem-min-max-demo-lr
+spec:
+  limits:
+  - max:
+      memory: 1Gi
+    min:
+      memory: 500Mi
+    type: Container
diff --git a/content/hi/examples/admin/resource/memory-defaults-pod-2.yaml b/content/hi/examples/admin/resource/memory-defaults-pod-2.yaml
new file mode 100644
index 0000000000000..aa80610d84492
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-defaults-pod-2.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-mem-demo-2
+spec:
+  containers:
+  - name: default-mem-demo-2-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "1Gi"
diff --git a/content/hi/examples/admin/resource/memory-defaults-pod-3.yaml b/content/hi/examples/admin/resource/memory-defaults-pod-3.yaml
new file mode 100644
index 0000000000000..09ee8b39a9b42
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-defaults-pod-3.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-mem-demo-3
+spec:
+  containers:
+  - name: default-mem-demo-3-ctr
+    image: nginx
+    resources:
+      requests:
+        memory: "128Mi"
diff --git a/content/hi/examples/admin/resource/memory-defaults-pod.yaml b/content/hi/examples/admin/resource/memory-defaults-pod.yaml
new file mode 100644
index 0000000000000..ce7a50fb555e0
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-defaults-pod.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-mem-demo
+spec:
+  containers:
+  - name: default-mem-demo-ctr
+    image: nginx
diff --git a/content/hi/examples/admin/resource/memory-defaults.yaml b/content/hi/examples/admin/resource/memory-defaults.yaml
new file mode 100644
index 0000000000000..b98a5ae262561
--- /dev/null
+++ b/content/hi/examples/admin/resource/memory-defaults.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: mem-limit-range
+spec:
+  limits:
+  - default:
+      memory: 512Mi
+    defaultRequest:
+      memory: 256Mi
+    type: Container
diff --git a/content/hi/examples/admin/resource/pvc-limit-greater.yaml b/content/hi/examples/admin/resource/pvc-limit-greater.yaml
new file mode 100644
index 0000000000000..2d92bf92b3121
--- /dev/null
+++ b/content/hi/examples/admin/resource/pvc-limit-greater.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-limit-greater
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/content/hi/examples/admin/resource/pvc-limit-lower.yaml b/content/hi/examples/admin/resource/pvc-limit-lower.yaml
new file mode 100644
index 0000000000000..ef819b6292049
--- /dev/null
+++ b/content/hi/examples/admin/resource/pvc-limit-lower.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-limit-lower
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi
diff --git a/content/hi/examples/admin/resource/quota-mem-cpu-pod-2.yaml b/content/hi/examples/admin/resource/quota-mem-cpu-pod-2.yaml
new file mode 100644
index 0000000000000..380e900fda52f
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-mem-cpu-pod-2.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: quota-mem-cpu-demo-2
+spec:
+  containers:
+  - name: quota-mem-cpu-demo-2-ctr
+    image: redis
+    resources:
+      limits:
+        memory: "1Gi"
+        cpu: "800m"
+      requests:
+        memory: "700Mi"
+        cpu: "400m"
diff --git a/content/hi/examples/admin/resource/quota-mem-cpu-pod.yaml b/content/hi/examples/admin/resource/quota-mem-cpu-pod.yaml
new file mode 100644
index 0000000000000..b0fd0a9451bf2
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-mem-cpu-pod.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: quota-mem-cpu-demo
+spec:
+  containers:
+  - name: quota-mem-cpu-demo-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "800Mi"
+        cpu: "800m"
+      requests:
+        memory: "600Mi"
+        cpu: "400m"
diff --git a/content/hi/examples/admin/resource/quota-mem-cpu.yaml b/content/hi/examples/admin/resource/quota-mem-cpu.yaml
new file mode 100644
index 0000000000000..5c4bcd81b8b35
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-mem-cpu.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: mem-cpu-demo
+spec:
+  hard:
+    requests.cpu: "1"
+    requests.memory: 1Gi
+    limits.cpu: "2"
+    limits.memory: 2Gi
diff --git a/content/hi/examples/admin/resource/quota-objects-pvc-2.yaml b/content/hi/examples/admin/resource/quota-objects-pvc-2.yaml
new file mode 100644
index 0000000000000..2539c2d3093a8
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-objects-pvc-2.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-quota-demo-2
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4Gi
diff --git a/content/hi/examples/admin/resource/quota-objects-pvc.yaml b/content/hi/examples/admin/resource/quota-objects-pvc.yaml
new file mode 100644
index 0000000000000..728bb4d708c27
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-objects-pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-quota-demo
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/content/hi/examples/admin/resource/quota-objects.yaml b/content/hi/examples/admin/resource/quota-objects.yaml
new file mode 100644
index 0000000000000..e97748decd53a
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-objects.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: object-quota-demo
+spec:
+  hard:
+    persistentvolumeclaims: "1"
+    services.loadbalancers: "2"
+    services.nodeports: "0"
diff --git a/content/hi/examples/admin/resource/quota-pod-deployment.yaml b/content/hi/examples/admin/resource/quota-pod-deployment.yaml
new file mode 100644
index 0000000000000..86e85aa468e13
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-pod-deployment.yaml
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pod-quota-demo
+spec:
+  selector:
+    matchLabels:
+      purpose: quota-demo
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        purpose: quota-demo
+    spec:
+      containers:
+      - name: pod-quota-demo
+        image: nginx
diff --git a/content/hi/examples/admin/resource/quota-pod.yaml b/content/hi/examples/admin/resource/quota-pod.yaml
new file mode 100644
index 0000000000000..0a07f055ca853
--- /dev/null
+++ b/content/hi/examples/admin/resource/quota-pod.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: pod-demo
+spec:
+  hard:
+    pods: "2"
diff --git a/content/hi/examples/admin/resource/storagelimits.yaml b/content/hi/examples/admin/resource/storagelimits.yaml
new file mode 100644
index 0000000000000..7f597e4dfe9b1
--- /dev/null
+++ b/content/hi/examples/admin/resource/storagelimits.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: storagelimits
+spec:
+  limits:
+  - type: PersistentVolumeClaim
+    max:
+      storage: 2Gi
+    min:
+      storage: 1Gi
diff --git a/content/hi/examples/admin/sched/clusterrole.yaml b/content/hi/examples/admin/sched/clusterrole.yaml
new file mode 100644
index 0000000000000..554b8659db5b0
--- /dev/null
+++ b/content/hi/examples/admin/sched/clusterrole.yaml
@@ -0,0 +1,37 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:kube-scheduler
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resourceNames:
+      - kube-scheduler
+      - my-scheduler
+    resources:
+      - leases
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kube-scheduler
+      - my-scheduler
+    resources:
+      - endpoints
+    verbs:
+      - delete
+      - get
+      - patch
+      - update
diff --git a/content/hi/examples/admin/sched/my-scheduler.yaml b/content/hi/examples/admin/sched/my-scheduler.yaml
new file mode 100644
index 0000000000000..fa1c65bf9a462
--- /dev/null
+++ b/content/hi/examples/admin/sched/my-scheduler.yaml
@@ -0,0 +1,113 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: my-scheduler
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: my-scheduler-as-kube-scheduler
+subjects:
+- kind: ServiceAccount
+  name: my-scheduler
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: system:kube-scheduler
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: my-scheduler-as-volume-scheduler
+subjects:
+- kind: ServiceAccount
+  name: my-scheduler
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: system:volume-scheduler
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: my-scheduler-extension-apiserver-authentication-reader
+  namespace: kube-system
+roleRef:
+  kind: Role
+  name: extension-apiserver-authentication-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+  name: my-scheduler
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-scheduler-config
+  namespace: kube-system
+data:
+  my-scheduler-config.yaml: |
+    apiVersion: kubescheduler.config.k8s.io/v1beta2
+    kind: KubeSchedulerConfiguration
+    profiles:
+      - schedulerName: my-scheduler
+    leaderElection:
+      leaderElect: false
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    component: scheduler
+    tier: control-plane
+  name: my-scheduler
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      component: scheduler
+      tier: control-plane
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: scheduler
+        tier: control-plane
+        version: second
+    spec:
+      serviceAccountName: my-scheduler
+      containers:
+      - command:
+        - /usr/local/bin/kube-scheduler
+        - --config=/etc/kubernetes/my-scheduler/my-scheduler-config.yaml
+        image: gcr.io/my-gcp-project/my-kube-scheduler:1.0
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 10259
+            scheme: HTTPS
+          initialDelaySeconds: 15
+        name: kube-second-scheduler
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 10259
+            scheme: HTTPS
+        resources:
+          requests:
+            cpu: '0.1'
+        securityContext:
+          privileged: false
+        volumeMounts:
+          - name: config-volume
+            mountPath: /etc/kubernetes/my-scheduler
+      hostNetwork: false
+      hostPID: false
+      volumes:
+        - name: config-volume
+          configMap:
+            name: my-scheduler-config
diff --git a/content/hi/examples/admin/sched/pod1.yaml b/content/hi/examples/admin/sched/pod1.yaml
new file mode 100644
index 0000000000000..7183dd62c0f12
--- /dev/null
+++ b/content/hi/examples/admin/sched/pod1.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: no-annotation
+  labels:
+    name: multischeduler-example
+spec:
+  containers:
+  - name: pod-with-no-annotation-container
+    image: registry.k8s.io/pause:2.0
\ No newline at end of file
diff --git a/content/hi/examples/admin/sched/pod2.yaml b/content/hi/examples/admin/sched/pod2.yaml
new file mode 100644
index 0000000000000..b78ab64a4bc4a
--- /dev/null
+++ b/content/hi/examples/admin/sched/pod2.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: annotation-default-scheduler
+  labels:
+    name: multischeduler-example
+spec:
+  schedulerName: default-scheduler
+  containers:
+  - name: pod-with-default-annotation-container
+    image: registry.k8s.io/pause:2.0
diff --git a/content/hi/examples/admin/sched/pod3.yaml b/content/hi/examples/admin/sched/pod3.yaml
new file mode 100644
index 0000000000000..661414382913f
--- /dev/null
+++ b/content/hi/examples/admin/sched/pod3.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: annotation-second-scheduler
+  labels:
+    name: multischeduler-example
+spec:
+  schedulerName: my-scheduler
+  containers:
+  - name: pod-with-second-annotation-container
+    image: registry.k8s.io/pause:2.0
diff --git a/content/hi/examples/admin/snowflake-deployment.yaml b/content/hi/examples/admin/snowflake-deployment.yaml
new file mode 100644
index 0000000000000..21b6738ba4e6d
--- /dev/null
+++ b/content/hi/examples/admin/snowflake-deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: snowflake
+  name: snowflake
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: snowflake
+  template:
+    metadata:
+      labels:
+        app: snowflake
+    spec:
+      containers:
+      - image: registry.k8s.io/serve_hostname
+        imagePullPolicy: Always
+        name: snowflake
diff --git a/content/hi/examples/application/cassandra/cassandra-service.yaml b/content/hi/examples/application/cassandra/cassandra-service.yaml
new file mode 100644
index 0000000000000..31bee74b58732
--- /dev/null
+++ b/content/hi/examples/application/cassandra/cassandra-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: cassandra
+  name: cassandra
+spec:
+  clusterIP: None
+  ports:
+  - port: 9042
+  selector:
+    app: cassandra
diff --git a/content/hi/examples/application/cassandra/cassandra-statefulset.yaml b/content/hi/examples/application/cassandra/cassandra-statefulset.yaml
new file mode 100644
index 0000000000000..7e8bf30d85add
--- /dev/null
+++ b/content/hi/examples/application/cassandra/cassandra-statefulset.yaml
@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: cassandra
+  labels:
+    app: cassandra
+spec:
+  serviceName: cassandra
+  replicas: 3
+  selector:
+    matchLabels:
+      app: cassandra
+  template:
+    metadata:
+      labels:
+        app: cassandra
+    spec:
+      terminationGracePeriodSeconds: 500
+      containers:
+      - name: cassandra
+        image: gcr.io/google-samples/cassandra:v13
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 7000
+          name: intra-node
+        - containerPort: 7001
+          name: tls-intra-node
+        - containerPort: 7199
+          name: jmx
+        - containerPort: 9042
+          name: cql
+        resources:
+          limits:
+            cpu: "500m"
+            memory: 1Gi
+          requests:
+            cpu: "500m"
+            memory: 1Gi
+        securityContext:
+          capabilities:
+            add:
+              - IPC_LOCK
+        lifecycle:
+          preStop:
+            exec:
+              command: 
+              - /bin/sh
+              - -c
+              - nodetool drain
+        env:
+          - name: MAX_HEAP_SIZE
+            value: 512M
+          - name: HEAP_NEWSIZE
+            value: 100M
+          - name: CASSANDRA_SEEDS
+            value: "cassandra-0.cassandra.default.svc.cluster.local"
+          - name: CASSANDRA_CLUSTER_NAME
+            value: "K8Demo"
+          - name: CASSANDRA_DC
+            value: "DC1-K8Demo"
+          - name: CASSANDRA_RACK
+            value: "Rack1-K8Demo"
+          - name: POD_IP
+            valueFrom:
+              fieldRef:
+                fieldPath: status.podIP
+        readinessProbe:
+          exec:
+            command:
+            - /bin/bash
+            - -c
+            - /ready-probe.sh
+          initialDelaySeconds: 15
+          timeoutSeconds: 5
+        # These volume mounts are persistent. They are like inline claims,
+        # but not exactly because the names need to match exactly one of
+        # the stateful pod volumes.
+        volumeMounts:
+        - name: cassandra-data
+          mountPath: /cassandra_data
+  # These are converted to volume claims by the controller
+  # and mounted at the paths mentioned above.
+  # do not use these in production until ssd GCEPersistentDisk or other ssd pd
+  volumeClaimTemplates:
+  - metadata:
+      name: cassandra-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: fast
+      resources:
+        requests:
+          storage: 1Gi
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: fast
+provisioner: k8s.io/minikube-hostpath
+parameters:
+  type: pd-ssd
diff --git a/content/hi/examples/application/deployment-patch.yaml b/content/hi/examples/application/deployment-patch.yaml
new file mode 100644
index 0000000000000..af12f4cb0c4ec
--- /dev/null
+++ b/content/hi/examples/application/deployment-patch.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: patch-demo
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: patch-demo-ctr
+        image: nginx
+      tolerations:
+      - effect: NoSchedule
+        key: dedicated
+        value: test-team
diff --git a/content/hi/examples/application/deployment-retainkeys.yaml b/content/hi/examples/application/deployment-retainkeys.yaml
new file mode 100644
index 0000000000000..af63f46d37294
--- /dev/null
+++ b/content/hi/examples/application/deployment-retainkeys.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: retainkeys-demo
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  strategy:
+    rollingUpdate:
+      maxSurge: 30%
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: retainkeys-demo-ctr
+        image: nginx
diff --git a/content/hi/examples/application/deployment-scale.yaml b/content/hi/examples/application/deployment-scale.yaml
new file mode 100644
index 0000000000000..838576375ef6f
--- /dev/null
+++ b/content/hi/examples/application/deployment-scale.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 4 # Update the replicas from 2 to 4
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.16.1
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/deployment-sidecar.yaml b/content/hi/examples/application/deployment-sidecar.yaml
new file mode 100644
index 0000000000000..3f1b841d31ebf
--- /dev/null
+++ b/content/hi/examples/application/deployment-sidecar.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myapp
+  labels:
+    app: myapp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: myapp
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      containers:
+        - name: myapp
+          image: alpine:latest
+          command: ['sh', '-c', 'while true; do echo "logging" >> /opt/logs.txt; sleep 1; done']
+          volumeMounts:
+            - name: data
+              mountPath: /opt
+      initContainers:
+        - name: logshipper
+          image: alpine:latest
+          restartPolicy: Always
+          command: ['sh', '-c', 'tail -F /opt/logs.txt']
+          volumeMounts:
+            - name: data
+              mountPath: /opt
+      volumes:
+        - name: data
+          emptyDir: {}
\ No newline at end of file
diff --git a/content/hi/examples/application/deployment-update.yaml b/content/hi/examples/application/deployment-update.yaml
new file mode 100644
index 0000000000000..1c0b9d1ab8a4f
--- /dev/null
+++ b/content/hi/examples/application/deployment-update.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.16.1 # Update the version of nginx from 1.14.2 to 1.16.1
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/deployment.yaml b/content/hi/examples/application/deployment.yaml
new file mode 100644
index 0000000000000..dbed8bc72b9fc
--- /dev/null
+++ b/content/hi/examples/application/deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2 # tells deployment to run 2 pods matching the template
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/guestbook/frontend-deployment.yaml b/content/hi/examples/application/guestbook/frontend-deployment.yaml
new file mode 100644
index 0000000000000..b4639929ad424
--- /dev/null
+++ b/content/hi/examples/application/guestbook/frontend-deployment.yaml
@@ -0,0 +1,29 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+        app: guestbook
+        tier: frontend
+  template:
+    metadata:
+      labels:
+        app: guestbook
+        tier: frontend
+    spec:
+      containers:
+      - name: php-redis
+        image: us-docker.pkg.dev/google-samples/containers/gke/gb-frontend:v5
+        env:
+        - name: GET_HOSTS_FROM
+          value: "dns"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/guestbook/frontend-service.yaml b/content/hi/examples/application/guestbook/frontend-service.yaml
new file mode 100644
index 0000000000000..410c6bbaf2950
--- /dev/null
+++ b/content/hi/examples/application/guestbook/frontend-service.yaml
@@ -0,0 +1,19 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+  labels:
+    app: guestbook
+    tier: frontend
+spec:
+  # if your cluster supports it, uncomment the following to automatically create
+  # an external load-balanced IP for the frontend service.
+  # type: LoadBalancer
+  #type: LoadBalancer
+  ports:
+    # the port that this service should serve on
+  - port: 80
+  selector:
+    app: guestbook
+    tier: frontend
\ No newline at end of file
diff --git a/content/hi/examples/application/guestbook/redis-follower-deployment.yaml b/content/hi/examples/application/guestbook/redis-follower-deployment.yaml
new file mode 100644
index 0000000000000..c32a16e46c879
--- /dev/null
+++ b/content/hi/examples/application/guestbook/redis-follower-deployment.yaml
@@ -0,0 +1,30 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis-follower
+  labels:
+    app: redis
+    role: follower
+    tier: backend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: follower
+        tier: backend
+    spec:
+      containers:
+      - name: follower
+        image: us-docker.pkg.dev/google-samples/containers/gke/gb-redis-follower:v2
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 6379
\ No newline at end of file
diff --git a/content/hi/examples/application/guestbook/redis-follower-service.yaml b/content/hi/examples/application/guestbook/redis-follower-service.yaml
new file mode 100644
index 0000000000000..53283d35c423e
--- /dev/null
+++ b/content/hi/examples/application/guestbook/redis-follower-service.yaml
@@ -0,0 +1,17 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-follower
+  labels:
+    app: redis
+    role: follower
+    tier: backend
+spec:
+  ports:
+    # the port that this service should serve on
+  - port: 6379
+  selector:
+    app: redis
+    role: follower
+    tier: backend
\ No newline at end of file
diff --git a/content/hi/examples/application/guestbook/redis-leader-deployment.yaml b/content/hi/examples/application/guestbook/redis-leader-deployment.yaml
new file mode 100644
index 0000000000000..9c7547291c376
--- /dev/null
+++ b/content/hi/examples/application/guestbook/redis-leader-deployment.yaml
@@ -0,0 +1,30 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis-leader
+  labels:
+    app: redis
+    role: leader
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: leader
+        tier: backend
+    spec:
+      containers:
+      - name: leader
+        image: "docker.io/redis:6.0.5"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 6379
\ No newline at end of file
diff --git a/content/hi/examples/application/guestbook/redis-leader-service.yaml b/content/hi/examples/application/guestbook/redis-leader-service.yaml
new file mode 100644
index 0000000000000..e04cc183d09bf
--- /dev/null
+++ b/content/hi/examples/application/guestbook/redis-leader-service.yaml
@@ -0,0 +1,17 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-leader
+  labels:
+    app: redis
+    role: leader
+    tier: backend
+spec:
+  ports:
+  - port: 6379
+    targetPort: 6379
+  selector:
+    app: redis
+    role: leader
+    tier: backend
\ No newline at end of file
diff --git a/content/hi/examples/application/hpa/php-apache.yaml b/content/hi/examples/application/hpa/php-apache.yaml
new file mode 100644
index 0000000000000..1c49aca6a1ff5
--- /dev/null
+++ b/content/hi/examples/application/hpa/php-apache.yaml
@@ -0,0 +1,18 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: php-apache
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: php-apache
+  minReplicas: 1
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50
diff --git a/content/hi/examples/application/job/cronjob.yaml b/content/hi/examples/application/job/cronjob.yaml
new file mode 100644
index 0000000000000..78d0e2d314792
--- /dev/null
+++ b/content/hi/examples/application/job/cronjob.yaml
@@ -0,0 +1,19 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: hello
+spec:
+  schedule: "* * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: hello
+            image: busybox:1.28
+            imagePullPolicy: IfNotPresent
+            command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          restartPolicy: OnFailure
diff --git a/content/hi/examples/application/job/indexed-job-vol.yaml b/content/hi/examples/application/job/indexed-job-vol.yaml
new file mode 100644
index 0000000000000..ed40e1cc44606
--- /dev/null
+++ b/content/hi/examples/application/job/indexed-job-vol.yaml
@@ -0,0 +1,27 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: 'indexed-job'
+spec:
+  completions: 5
+  parallelism: 3
+  completionMode: Indexed
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: 'worker'
+        image: 'docker.io/library/busybox'
+        command:
+        - "rev"
+        - "/input/data.txt"
+        volumeMounts:
+        - mountPath: /input
+          name: input
+      volumes:
+      - name: input
+        downwardAPI:
+          items:
+          - path: "data.txt"
+            fieldRef:
+              fieldPath: metadata.annotations['batch.kubernetes.io/job-completion-index']
\ No newline at end of file
diff --git a/content/hi/examples/application/job/indexed-job.yaml b/content/hi/examples/application/job/indexed-job.yaml
new file mode 100644
index 0000000000000..5b80d3526491f
--- /dev/null
+++ b/content/hi/examples/application/job/indexed-job.yaml
@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: 'indexed-job'
+spec:
+  completions: 5
+  parallelism: 3
+  completionMode: Indexed
+  template:
+    spec:
+      restartPolicy: Never
+      initContainers:
+      - name: 'input'
+        image: 'docker.io/library/bash'
+        command:
+        - "bash"
+        - "-c"
+        - |
+          items=(foo bar baz qux xyz)
+          echo ${items[$JOB_COMPLETION_INDEX]} > /input/data.txt
+        volumeMounts:
+        - mountPath: /input
+          name: input
+      containers:
+      - name: 'worker'
+        image: 'docker.io/library/busybox'
+        command:
+        - "rev"
+        - "/input/data.txt"
+        volumeMounts:
+        - mountPath: /input
+          name: input
+      volumes:
+      - name: input
+        emptyDir: {}
diff --git a/content/hi/examples/application/job/job-sidecar.yaml b/content/hi/examples/application/job/job-sidecar.yaml
new file mode 100644
index 0000000000000..9787ad88515b2
--- /dev/null
+++ b/content/hi/examples/application/job/job-sidecar.yaml
@@ -0,0 +1,26 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: myjob
+spec:
+  template:
+    spec:
+      containers:
+        - name: myjob
+          image: alpine:latest
+          command: ['sh', '-c', 'echo "logging" > /opt/logs.txt']
+          volumeMounts:
+            - name: data
+              mountPath: /opt
+      initContainers:
+        - name: logshipper
+          image: alpine:latest
+          restartPolicy: Always
+          command: ['sh', '-c', 'tail -F /opt/logs.txt']
+          volumeMounts:
+            - name: data
+              mountPath: /opt
+      restartPolicy: Never
+      volumes:
+        - name: data
+          emptyDir: {}
\ No newline at end of file
diff --git a/content/hi/examples/application/job/job-tmpl.yaml b/content/hi/examples/application/job/job-tmpl.yaml
new file mode 100644
index 0000000000000..d7dbbafd62bc5
--- /dev/null
+++ b/content/hi/examples/application/job/job-tmpl.yaml
@@ -0,0 +1,18 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: process-item-$ITEM
+  labels:
+    jobgroup: jobexample
+spec:
+  template:
+    metadata:
+      name: jobexample
+      labels:
+        jobgroup: jobexample
+    spec:
+      containers:
+      - name: c
+        image: busybox:1.28
+        command: ["sh", "-c", "echo Processing item $ITEM && sleep 5"]
+      restartPolicy: Never
diff --git a/content/hi/examples/application/job/rabbitmq/Dockerfile b/content/hi/examples/application/job/rabbitmq/Dockerfile
new file mode 100644
index 0000000000000..50faab23f439c
--- /dev/null
+++ b/content/hi/examples/application/job/rabbitmq/Dockerfile
@@ -0,0 +1,10 @@
+# Specify BROKER_URL and QUEUE when running
+FROM ubuntu:18.04
+
+RUN apt-get update && \
+    apt-get install -y curl ca-certificates amqp-tools python \
+       --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
+COPY ./worker.py /worker.py
+
+CMD  /usr/bin/amqp-consume --url=$BROKER_URL -q $QUEUE -c 1 /worker.py
diff --git a/content/hi/examples/application/job/rabbitmq/job.yaml b/content/hi/examples/application/job/rabbitmq/job.yaml
new file mode 100644
index 0000000000000..4e1a61892be6b
--- /dev/null
+++ b/content/hi/examples/application/job/rabbitmq/job.yaml
@@ -0,0 +1,20 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-wq-1
+spec:
+  completions: 8
+  parallelism: 2
+  template:
+    metadata:
+      name: job-wq-1
+    spec:
+      containers:
+      - name: c
+        image: gcr.io/<project>/job-wq-1
+        env:
+        - name: BROKER_URL
+          value: amqp://guest:guest@rabbitmq-service:5672
+        - name: QUEUE
+          value: job1
+      restartPolicy: OnFailure
diff --git a/content/hi/examples/application/job/rabbitmq/rabbitmq-service.yaml b/content/hi/examples/application/job/rabbitmq/rabbitmq-service.yaml
new file mode 100644
index 0000000000000..2f7fb06dcfed6
--- /dev/null
+++ b/content/hi/examples/application/job/rabbitmq/rabbitmq-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    component: rabbitmq
+  name: rabbitmq-service
+spec:
+  ports:
+  - port: 5672
+  selector:
+    app.kubernetes.io/name: task-queue
+    app.kubernetes.io/component: rabbitmq
diff --git a/content/hi/examples/application/job/rabbitmq/rabbitmq-statefulset.yaml b/content/hi/examples/application/job/rabbitmq/rabbitmq-statefulset.yaml
new file mode 100644
index 0000000000000..502598ddf947e
--- /dev/null
+++ b/content/hi/examples/application/job/rabbitmq/rabbitmq-statefulset.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    component: rabbitmq
+  name: rabbitmq
+spec:
+  replicas: 1
+  serviceName: rabbitmq-service
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: task-queue
+      app.kubernetes.io/component: rabbitmq
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: task-queue
+        app.kubernetes.io/component: rabbitmq
+    spec:
+      containers:
+      - image: rabbitmq
+        name: rabbitmq
+        ports:
+        - containerPort: 5672
+        resources:
+          requests:
+            memory: 16M
+          limits:
+            cpu: 250m
+            memory: 512M
+        volumeMounts:
+        - mountPath: /var/lib/rabbitmq
+          name: rabbitmq-data
+      volumes:
+      - name: rabbitmq-data
+        emptyDir: {}
diff --git a/content/hi/examples/application/job/rabbitmq/worker.py b/content/hi/examples/application/job/rabbitmq/worker.py
new file mode 100644
index 0000000000000..88a7fcf96d91a
--- /dev/null
+++ b/content/hi/examples/application/job/rabbitmq/worker.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+
+# Just prints standard out and sleeps for 10 seconds.
+import sys
+import time
+print("Processing " + sys.stdin.readlines()[0])
+time.sleep(10)
diff --git a/content/hi/examples/application/job/redis/Dockerfile b/content/hi/examples/application/job/redis/Dockerfile
new file mode 100644
index 0000000000000..2de23b3c98340
--- /dev/null
+++ b/content/hi/examples/application/job/redis/Dockerfile
@@ -0,0 +1,6 @@
+FROM python
+RUN pip install redis
+COPY ./worker.py /worker.py
+COPY ./rediswq.py /rediswq.py
+
+CMD  python worker.py
diff --git a/content/hi/examples/application/job/redis/job.yaml b/content/hi/examples/application/job/redis/job.yaml
new file mode 100644
index 0000000000000..ee7a06c732986
--- /dev/null
+++ b/content/hi/examples/application/job/redis/job.yaml
@@ -0,0 +1,14 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-wq-2
+spec:
+  parallelism: 2
+  template:
+    metadata:
+      name: job-wq-2
+    spec:
+      containers:
+      - name: c
+        image: gcr.io/myproject/job-wq-2
+      restartPolicy: OnFailure
diff --git a/content/hi/examples/application/job/redis/redis-pod.yaml b/content/hi/examples/application/job/redis/redis-pod.yaml
new file mode 100644
index 0000000000000..ae0c43a793570
--- /dev/null
+++ b/content/hi/examples/application/job/redis/redis-pod.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: redis-master
+  labels:
+    app: redis
+spec:
+  containers:
+    - name: master
+      image: redis
+      env:
+        - name: MASTER
+          value: "true"
+      ports:
+        - containerPort: 6379
diff --git a/content/hi/examples/application/job/redis/redis-service.yaml b/content/hi/examples/application/job/redis/redis-service.yaml
new file mode 100644
index 0000000000000..85f2ca2271d0b
--- /dev/null
+++ b/content/hi/examples/application/job/redis/redis-service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  ports:
+    - port: 6379
+      targetPort: 6379
+  selector:
+    app: redis
diff --git a/content/hi/examples/application/job/redis/rediswq.py b/content/hi/examples/application/job/redis/rediswq.py
new file mode 100644
index 0000000000000..2b8e81ceab79d
--- /dev/null
+++ b/content/hi/examples/application/job/redis/rediswq.py
@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+
+# Based on http://peter-hoffmann.com/2012/python-simple-queue-redis-queue.html 
+# and the suggestion in the redis documentation for RPOPLPUSH, at 
+# http://redis.io/commands/rpoplpush, which suggests how to implement a work-queue.
+
+ 
+import redis
+import uuid
+import hashlib
+
+class RedisWQ(object):
+    """Simple Finite Work Queue with Redis Backend
+
+    This work queue is finite: as long as no more work is added
+    after workers start, the workers can detect when the queue
+    is completely empty.
+
+    The items in the work queue are assumed to have unique values.
+
+    This object is not intended to be used by multiple threads
+    concurrently.
+    """
+    def __init__(self, name, **redis_kwargs):
+       """The default connection parameters are: host='localhost', port=6379, db=0
+
+       The work queue is identified by "name".  The library may create other
+       keys with "name" as a prefix. 
+       """
+       self._db = redis.StrictRedis(**redis_kwargs)
+       # The session ID will uniquely identify this "worker".
+       self._session = str(uuid.uuid4())
+       # Work queue is implemented as two queues: main, and processing.
+       # Work is initially in main, and moved to processing when a client picks it up.
+       self._main_q_key = name
+       self._processing_q_key = name + ":processing"
+       self._lease_key_prefix = name + ":leased_by_session:"
+
+    def sessionID(self):
+        """Return the ID for this session."""
+        return self._session
+
+    def _main_qsize(self):
+        """Return the size of the main queue."""
+        return self._db.llen(self._main_q_key)
+
+    def _processing_qsize(self):
+        """Return the size of the main queue."""
+        return self._db.llen(self._processing_q_key)
+
+    def empty(self):
+        """Return True if the queue is empty, including work being done, False otherwise.
+
+        False does not necessarily mean that there is work available to work on right now,
+        """
+        return self._main_qsize() == 0 and self._processing_qsize() == 0
+
+# TODO: implement this
+#    def check_expired_leases(self):
+#        """Return to the work queueReturn True if the queue is empty, False otherwise."""
+#        # Processing list should not be _too_ long since it is approximately as long
+#        # as the number of active and recently active workers.
+#        processing = self._db.lrange(self._processing_q_key, 0, -1)
+#        for item in processing:
+#          # If the lease key is not present for an item (it expired or was 
+#          # never created because the client crashed before creating it)
+#          # then move the item back to the main queue so others can work on it.
+#          if not self._lease_exists(item):
+#            TODO: transactionally move the key from processing queue to
+#            to main queue, while detecting if a new lease is created
+#            or if either queue is modified.
+
+    def _itemkey(self, item):
+        """Returns a string that uniquely identifies an item (bytes)."""
+        return hashlib.sha224(item).hexdigest()
+
+    def _lease_exists(self, item):
+        """True if a lease on 'item' exists."""
+        return self._db.exists(self._lease_key_prefix + self._itemkey(item))
+
+    def lease(self, lease_secs=60, block=True, timeout=None):
+        """Begin working on an item the work queue. 
+
+        Lease the item for lease_secs.  After that time, other
+        workers may consider this client to have crashed or stalled
+        and pick up the item instead.
+
+        If optional args block is true and timeout is None (the default), block
+        if necessary until an item is available."""
+        if block:
+            item = self._db.brpoplpush(self._main_q_key, self._processing_q_key, timeout=timeout)
+        else:
+            item = self._db.rpoplpush(self._main_q_key, self._processing_q_key)
+        if item:
+            # Record that we (this session id) are working on a key.  Expire that
+            # note after the lease timeout.
+            # Note: if we crash at this line of the program, then GC will see no lease
+            # for this item a later return it to the main queue.
+            itemkey = self._itemkey(item)
+            self._db.setex(self._lease_key_prefix + itemkey, lease_secs, self._session)
+        return item
+
+    def complete(self, value):
+        """Complete working on the item with 'value'.
+
+        If the lease expired, the item may not have completed, and some
+        other worker may have picked it up.  There is no indication
+        of what happened.
+        """
+        self._db.lrem(self._processing_q_key, 0, value)
+        # If we crash here, then the GC code will try to move the value, but it will
+        # not be here, which is fine.  So this does not need to be a transaction.
+        itemkey = self._itemkey(value)
+        self._db.delete(self._lease_key_prefix + itemkey)
+
+# TODO: add functions to clean up all keys associated with "name" when
+# processing is complete.
+
+# TODO: add a function to add an item to the queue.  Atomically
+# check if the queue is empty and if so fail to add the item
+# since other workers might think work is done and be in the process
+# of exiting.
+
+# TODO(etune): move to my own github for hosting, e.g. github.com/erictune/rediswq-py and
+# make it so it can be pip installed by anyone (see
+# http://stackoverflow.com/questions/8247605/configuring-so-that-pip-install-can-work-from-github)
+
+# TODO(etune): finish code to GC expired leases, and call periodically
+#  e.g. each time lease times out.
+
diff --git a/content/hi/examples/application/job/redis/worker.py b/content/hi/examples/application/job/redis/worker.py
new file mode 100644
index 0000000000000..c3523a4e21a48
--- /dev/null
+++ b/content/hi/examples/application/job/redis/worker.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+import time
+import rediswq
+
+host="redis"
+# Uncomment next two lines if you do not have Kube-DNS working.
+# import os
+# host = os.getenv("REDIS_SERVICE_HOST")
+
+q = rediswq.RedisWQ(name="job2", host=host)
+print("Worker with sessionID: " +  q.sessionID())
+print("Initial queue state: empty=" + str(q.empty()))
+while not q.empty():
+  item = q.lease(lease_secs=10, block=True, timeout=2) 
+  if item is not None:
+    itemstr = item.decode("utf-8")
+    print("Working on " + itemstr)
+    time.sleep(10) # Put your actual work here instead of sleep.
+    q.complete(item)
+  else:
+    print("Waiting for work")
+print("Queue empty, exiting")
diff --git a/content/hi/examples/application/mongodb/mongo-deployment.yaml b/content/hi/examples/application/mongodb/mongo-deployment.yaml
new file mode 100644
index 0000000000000..04908ce25b1dc
--- /dev/null
+++ b/content/hi/examples/application/mongodb/mongo-deployment.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mongo
+  labels:
+    app.kubernetes.io/name: mongo
+    app.kubernetes.io/component: backend
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: mongo
+      app.kubernetes.io/component: backend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: mongo
+        app.kubernetes.io/component: backend
+    spec:
+      containers:
+      - name: mongo
+        image: mongo:4.2
+        args:
+          - --bind_ip
+          - 0.0.0.0
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 27017
diff --git a/content/hi/examples/application/mongodb/mongo-service.yaml b/content/hi/examples/application/mongodb/mongo-service.yaml
new file mode 100644
index 0000000000000..b9cef607bcf79
--- /dev/null
+++ b/content/hi/examples/application/mongodb/mongo-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongo
+  labels:
+    app.kubernetes.io/name: mongo
+    app.kubernetes.io/component: backend
+spec:
+  ports:
+  - port: 27017
+    targetPort: 27017
+  selector:
+    app.kubernetes.io/name: mongo
+    app.kubernetes.io/component: backend
diff --git a/content/hi/examples/application/mysql/mysql-configmap.yaml b/content/hi/examples/application/mysql/mysql-configmap.yaml
new file mode 100644
index 0000000000000..9adb0344a31a6
--- /dev/null
+++ b/content/hi/examples/application/mysql/mysql-configmap.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mysql
+  labels:
+    app: mysql
+    app.kubernetes.io/name: mysql
+data:
+  primary.cnf: |
+    # Apply this config only on the primary.
+    [mysqld]
+    log-bin
+  replica.cnf: |
+    # Apply this config only on replicas.
+    [mysqld]
+    super-read-only
+
diff --git a/content/hi/examples/application/mysql/mysql-deployment.yaml b/content/hi/examples/application/mysql/mysql-deployment.yaml
new file mode 100644
index 0000000000000..419fbe03d3ff0
--- /dev/null
+++ b/content/hi/examples/application/mysql/mysql-deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+spec:
+  ports:
+  - port: 3306
+  selector:
+    app: mysql
+  clusterIP: None
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - image: mysql:5.6
+        name: mysql
+        env:
+          # Use secret in real usage
+        - name: MYSQL_ROOT_PASSWORD
+          value: password
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim
diff --git a/content/hi/examples/application/mysql/mysql-pv.yaml b/content/hi/examples/application/mysql/mysql-pv.yaml
new file mode 100644
index 0000000000000..c89779a83fd23
--- /dev/null
+++ b/content/hi/examples/application/mysql/mysql-pv.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mysql-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
diff --git a/content/hi/examples/application/mysql/mysql-services.yaml b/content/hi/examples/application/mysql/mysql-services.yaml
new file mode 100644
index 0000000000000..bc015066780c3
--- /dev/null
+++ b/content/hi/examples/application/mysql/mysql-services.yaml
@@ -0,0 +1,32 @@
+# Headless service for stable DNS entries of StatefulSet members.
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  labels:
+    app: mysql
+    app.kubernetes.io/name: mysql
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+  clusterIP: None
+  selector:
+    app: mysql
+---
+# Client service for connecting to any MySQL instance for reads.
+# For writes, you must instead connect to the primary: mysql-0.mysql.
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql-read
+  labels:
+    app: mysql
+    app.kubernetes.io/name: mysql
+    readonly: "true"
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+  selector:
+    app: mysql
diff --git a/content/hi/examples/application/mysql/mysql-statefulset.yaml b/content/hi/examples/application/mysql/mysql-statefulset.yaml
new file mode 100644
index 0000000000000..67755dbb9e830
--- /dev/null
+++ b/content/hi/examples/application/mysql/mysql-statefulset.yaml
@@ -0,0 +1,168 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mysql
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+      app.kubernetes.io/name: mysql
+  serviceName: mysql
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: mysql
+        app.kubernetes.io/name: mysql
+    spec:
+      initContainers:
+      - name: init-mysql
+        image: mysql:5.7
+        command:
+        - bash
+        - "-c"
+        - |
+          set -ex
+          # Generate mysql server-id from pod ordinal index.
+          [[ $HOSTNAME =~ -([0-9]+)$ ]] || exit 1
+          ordinal=${BASH_REMATCH[1]}
+          echo [mysqld] > /mnt/conf.d/server-id.cnf
+          # Add an offset to avoid reserved server-id=0 value.
+          echo server-id=$((100 + $ordinal)) >> /mnt/conf.d/server-id.cnf
+          # Copy appropriate conf.d files from config-map to emptyDir.
+          if [[ $ordinal -eq 0 ]]; then
+            cp /mnt/config-map/primary.cnf /mnt/conf.d/
+          else
+            cp /mnt/config-map/replica.cnf /mnt/conf.d/
+          fi
+        volumeMounts:
+        - name: conf
+          mountPath: /mnt/conf.d
+        - name: config-map
+          mountPath: /mnt/config-map
+      - name: clone-mysql
+        image: gcr.io/google-samples/xtrabackup:1.0
+        command:
+        - bash
+        - "-c"
+        - |
+          set -ex
+          # Skip the clone if data already exists.
+          [[ -d /var/lib/mysql/mysql ]] && exit 0
+          # Skip the clone on primary (ordinal index 0).
+          [[ `hostname` =~ -([0-9]+)$ ]] || exit 1
+          ordinal=${BASH_REMATCH[1]}
+          [[ $ordinal -eq 0 ]] && exit 0
+          # Clone data from previous peer.
+          ncat --recv-only mysql-$(($ordinal-1)).mysql 3307 | xbstream -x -C /var/lib/mysql
+          # Prepare the backup.
+          xtrabackup --prepare --target-dir=/var/lib/mysql
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        - name: conf
+          mountPath: /etc/mysql/conf.d
+      containers:
+      - name: mysql
+        image: mysql:5.7
+        env:
+        - name: MYSQL_ALLOW_EMPTY_PASSWORD
+          value: "1"
+        ports:
+        - name: mysql
+          containerPort: 3306
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        - name: conf
+          mountPath: /etc/mysql/conf.d
+        resources:
+          requests:
+            cpu: 500m
+            memory: 1Gi
+        livenessProbe:
+          exec:
+            command: ["mysqladmin", "ping"]
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            # Check we can execute queries over TCP (skip-networking is off).
+            command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]
+          initialDelaySeconds: 5
+          periodSeconds: 2
+          timeoutSeconds: 1
+      - name: xtrabackup
+        image: gcr.io/google-samples/xtrabackup:1.0
+        ports:
+        - name: xtrabackup
+          containerPort: 3307
+        command:
+        - bash
+        - "-c"
+        - |
+          set -ex
+          cd /var/lib/mysql
+
+          # Determine binlog position of cloned data, if any.
+          if [[ -f xtrabackup_slave_info && "x$(<xtrabackup_slave_info)" != "x" ]]; then
+            # XtraBackup already generated a partial "CHANGE MASTER TO" query
+            # because we're cloning from an existing replica. (Need to remove the tailing semicolon!)
+            cat xtrabackup_slave_info | sed -E 's/;$//g' > change_master_to.sql.in
+            # Ignore xtrabackup_binlog_info in this case (it's useless).
+            rm -f xtrabackup_slave_info xtrabackup_binlog_info
+          elif [[ -f xtrabackup_binlog_info ]]; then
+            # We're cloning directly from primary. Parse binlog position.
+            [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1
+            rm -f xtrabackup_binlog_info xtrabackup_slave_info
+            echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\
+                  MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in
+          fi
+
+          # Check if we need to complete a clone by starting replication.
+          if [[ -f change_master_to.sql.in ]]; then
+            echo "Waiting for mysqld to be ready (accepting connections)"
+            until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done
+
+            echo "Initializing replication from clone position"
+            mysql -h 127.0.0.1 \
+                  -e "$(<change_master_to.sql.in), \
+                          MASTER_HOST='mysql-0.mysql', \
+                          MASTER_USER='root', \
+                          MASTER_PASSWORD='', \
+                          MASTER_CONNECT_RETRY=10; \
+                        START SLAVE;" || exit 1
+            # In case of container restart, attempt this at-most-once.
+            mv change_master_to.sql.in change_master_to.sql.orig
+          fi
+
+          # Start a server to send backups when requested by peers.
+          exec ncat --listen --keep-open --send-only --max-conns=1 3307 -c \
+            "xtrabackup --backup --slave-info --stream=xbstream --host=127.0.0.1 --user=root"
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        - name: conf
+          mountPath: /etc/mysql/conf.d
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      volumes:
+      - name: conf
+        emptyDir: {}
+      - name: config-map
+        configMap:
+          name: mysql
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 10Gi
diff --git a/content/hi/examples/application/nginx-app.yaml b/content/hi/examples/application/nginx-app.yaml
new file mode 100644
index 0000000000000..d00682e1fcbba
--- /dev/null
+++ b/content/hi/examples/application/nginx-app.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx-svc
+  labels:
+    app: nginx
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/nginx-with-request.yaml b/content/hi/examples/application/nginx-with-request.yaml
new file mode 100644
index 0000000000000..dd9d002a60446
--- /dev/null
+++ b/content/hi/examples/application/nginx-with-request.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/nginx/nginx-deployment.yaml b/content/hi/examples/application/nginx/nginx-deployment.yaml
new file mode 100644
index 0000000000000..7f608bc47fa5a
--- /dev/null
+++ b/content/hi/examples/application/nginx/nginx-deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/nginx/nginx-svc.yaml b/content/hi/examples/application/nginx/nginx-svc.yaml
new file mode 100644
index 0000000000000..79963bc5aea8e
--- /dev/null
+++ b/content/hi/examples/application/nginx/nginx-svc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx-svc
+  labels:
+    app: nginx
+spec:
+  type: LoadBalancer
+  ports:
+  - port: 80
+  selector:
+    app: nginx
diff --git a/content/hi/examples/application/php-apache.yaml b/content/hi/examples/application/php-apache.yaml
new file mode 100644
index 0000000000000..a194dce6f958a
--- /dev/null
+++ b/content/hi/examples/application/php-apache.yaml
@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: php-apache
+spec:
+  selector:
+    matchLabels:
+      run: php-apache
+  template:
+    metadata:
+      labels:
+        run: php-apache
+    spec:
+      containers:
+      - name: php-apache
+        image: registry.k8s.io/hpa-example
+        ports:
+        - containerPort: 80
+        resources:
+          limits:
+            cpu: 500m
+          requests:
+            cpu: 200m
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: php-apache
+  labels:
+    run: php-apache
+spec:
+  ports:
+  - port: 80
+  selector:
+    run: php-apache
diff --git a/content/hi/examples/application/shell-demo.yaml b/content/hi/examples/application/shell-demo.yaml
new file mode 100644
index 0000000000000..9eb140d80f1ca
--- /dev/null
+++ b/content/hi/examples/application/shell-demo.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: shell-demo
+spec:
+  volumes:
+  - name: shared-data
+    emptyDir: {}
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - name: shared-data
+      mountPath: /usr/share/nginx/html
+  hostNetwork: true
+  dnsPolicy: Default
diff --git a/content/hi/examples/application/simple_deployment.yaml b/content/hi/examples/application/simple_deployment.yaml
new file mode 100644
index 0000000000000..d9c74af8c577b
--- /dev/null
+++ b/content/hi/examples/application/simple_deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  minReadySeconds: 5
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/ssa/nginx-deployment-no-replicas.yaml b/content/hi/examples/application/ssa/nginx-deployment-no-replicas.yaml
new file mode 100644
index 0000000000000..c18bdd35c010e
--- /dev/null
+++ b/content/hi/examples/application/ssa/nginx-deployment-no-replicas.yaml
@@ -0,0 +1,18 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
diff --git a/content/hi/examples/application/ssa/nginx-deployment.yaml b/content/hi/examples/application/ssa/nginx-deployment.yaml
new file mode 100644
index 0000000000000..7797b13d9aabd
--- /dev/null
+++ b/content/hi/examples/application/ssa/nginx-deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
diff --git a/content/hi/examples/application/update_deployment.yaml b/content/hi/examples/application/update_deployment.yaml
new file mode 100644
index 0000000000000..2d7603acb956c
--- /dev/null
+++ b/content/hi/examples/application/update_deployment.yaml
@@ -0,0 +1,18 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.16.1 # update the image
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/application/web/web-parallel.yaml b/content/hi/examples/application/web/web-parallel.yaml
new file mode 100644
index 0000000000000..3664c63c106f7
--- /dev/null
+++ b/content/hi/examples/application/web/web-parallel.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  ports:
+  - port: 80
+    name: web
+  clusterIP: None
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web
+spec:
+  serviceName: "nginx"
+  podManagementPolicy: "Parallel"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: registry.k8s.io/nginx-slim:0.24
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /usr/share/nginx/html
+  volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi
diff --git a/content/hi/examples/application/web/web.yaml b/content/hi/examples/application/web/web.yaml
new file mode 100644
index 0000000000000..6f8f5133ffed9
--- /dev/null
+++ b/content/hi/examples/application/web/web.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  ports:
+  - port: 80
+    name: web
+  clusterIP: None
+  selector:
+    app: nginx
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web
+spec:
+  serviceName: "nginx"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: registry.k8s.io/nginx-slim:0.21
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /usr/share/nginx/html
+  volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi
+
diff --git a/content/hi/examples/application/wordpress/mysql-deployment.yaml b/content/hi/examples/application/wordpress/mysql-deployment.yaml
new file mode 100644
index 0000000000000..a3b007ea5cbf6
--- /dev/null
+++ b/content/hi/examples/application/wordpress/mysql-deployment.yaml
@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  ports:
+    - port: 3306
+  selector:
+    app: wordpress
+    tier: mysql
+  clusterIP: None
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+  labels:
+    app: wordpress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+      tier: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wordpress
+        tier: mysql
+    spec:
+      containers:
+      - image: mysql:8.0
+        name: mysql
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-pass
+              key: password
+        - name: MYSQL_DATABASE
+          value: wordpress
+        - name: MYSQL_USER
+          value: wordpress
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-pass
+              key: password
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim
diff --git a/content/hi/examples/application/wordpress/wordpress-deployment.yaml b/content/hi/examples/application/wordpress/wordpress-deployment.yaml
new file mode 100644
index 0000000000000..43d95258c9dc5
--- /dev/null
+++ b/content/hi/examples/application/wordpress/wordpress-deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress
+  labels:
+    app: wordpress
+spec:
+  ports:
+    - port: 80
+  selector:
+    app: wordpress
+    tier: frontend
+  type: LoadBalancer
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wp-pv-claim
+  labels:
+    app: wordpress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wordpress
+  labels:
+    app: wordpress
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+      tier: frontend
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wordpress
+        tier: frontend
+    spec:
+      containers:
+      - image: wordpress:6.2.1-apache
+        name: wordpress
+        env:
+        - name: WORDPRESS_DB_HOST
+          value: wordpress-mysql
+        - name: WORDPRESS_DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-pass
+              key: password
+        - name: WORDPRESS_DB_USER
+          value: wordpress
+        ports:
+        - containerPort: 80
+          name: wordpress
+        volumeMounts:
+        - name: wordpress-persistent-storage
+          mountPath: /var/www/html
+      volumes:
+      - name: wordpress-persistent-storage
+        persistentVolumeClaim:
+          claimName: wp-pv-claim
diff --git a/content/hi/examples/application/zookeeper/zookeeper.yaml b/content/hi/examples/application/zookeeper/zookeeper.yaml
new file mode 100644
index 0000000000000..0f3f6cf9d1858
--- /dev/null
+++ b/content/hi/examples/application/zookeeper/zookeeper.yaml
@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: zk-hs
+  labels:
+    app: zk
+spec:
+  ports:
+  - port: 2888
+    name: server
+  - port: 3888
+    name: leader-election
+  clusterIP: None
+  selector:
+    app: zk
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: zk-cs
+  labels:
+    app: zk
+spec:
+  ports:
+  - port: 2181
+    name: client
+  selector:
+    app: zk
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: zk-pdb
+spec:
+  selector:
+    matchLabels:
+      app: zk
+  maxUnavailable: 1
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: zk
+spec:
+  selector:
+    matchLabels:
+      app: zk
+  serviceName: zk-hs
+  replicas: 3
+  updateStrategy:
+    type: RollingUpdate
+  podManagementPolicy: OrderedReady
+  template:
+    metadata:
+      labels:
+        app: zk
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: "app"
+                    operator: In
+                    values:
+                    - zk
+              topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: kubernetes-zookeeper
+        imagePullPolicy: Always
+        image: "registry.k8s.io/kubernetes-zookeeper:1.0-3.4.10"
+        resources:
+          requests:
+            memory: "1Gi"
+            cpu: "0.5"
+        ports:
+        - containerPort: 2181
+          name: client
+        - containerPort: 2888
+          name: server
+        - containerPort: 3888
+          name: leader-election
+        command:
+        - sh
+        - -c
+        - "start-zookeeper \
+          --servers=3 \
+          --data_dir=/var/lib/zookeeper/data \
+          --data_log_dir=/var/lib/zookeeper/data/log \
+          --conf_dir=/opt/zookeeper/conf \
+          --client_port=2181 \
+          --election_port=3888 \
+          --server_port=2888 \
+          --tick_time=2000 \
+          --init_limit=10 \
+          --sync_limit=5 \
+          --heap=512M \
+          --max_client_cnxns=60 \
+          --snap_retain_count=3 \
+          --purge_interval=12 \
+          --max_session_timeout=40000 \
+          --min_session_timeout=4000 \
+          --log_level=INFO"
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "zookeeper-ready 2181"
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "zookeeper-ready 2181"
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+        volumeMounts:
+        - name: datadir
+          mountPath: /var/lib/zookeeper
+      securityContext:
+        runAsUser: 1000
+        fsGroup: 1000
+  volumeClaimTemplates:
+  - metadata:
+      name: datadir
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 10Gi
diff --git a/content/hi/examples/audit/audit-policy.yaml b/content/hi/examples/audit/audit-policy.yaml
new file mode 100644
index 0000000000000..25b8fd0070e51
--- /dev/null
+++ b/content/hi/examples/audit/audit-policy.yaml
@@ -0,0 +1,68 @@
+apiVersion: audit.k8s.io/v1 # This is required.
+kind: Policy
+# Don't generate audit events for all requests in RequestReceived stage.
+omitStages:
+  - "RequestReceived"
+rules:
+  # Log pod changes at RequestResponse level
+  - level: RequestResponse
+    resources:
+    - group: ""
+      # Resource "pods" doesn't match requests to any subresource of pods,
+      # which is consistent with the RBAC policy.
+      resources: ["pods"]
+  # Log "pods/log", "pods/status" at Metadata level
+  - level: Metadata
+    resources:
+    - group: ""
+      resources: ["pods/log", "pods/status"]
+
+  # Don't log requests to a configmap called "controller-leader"
+  - level: None
+    resources:
+    - group: ""
+      resources: ["configmaps"]
+      resourceNames: ["controller-leader"]
+
+  # Don't log watch requests by the "system:kube-proxy" on endpoints or services
+  - level: None
+    users: ["system:kube-proxy"]
+    verbs: ["watch"]
+    resources:
+    - group: "" # core API group
+      resources: ["endpoints", "services"]
+
+  # Don't log authenticated requests to certain non-resource URL paths.
+  - level: None
+    userGroups: ["system:authenticated"]
+    nonResourceURLs:
+    - "/api*" # Wildcard matching.
+    - "/version"
+
+  # Log the request body of configmap changes in kube-system.
+  - level: Request
+    resources:
+    - group: "" # core API group
+      resources: ["configmaps"]
+    # This rule only applies to resources in the "kube-system" namespace.
+    # The empty string "" can be used to select non-namespaced resources.
+    namespaces: ["kube-system"]
+
+  # Log configmap and secret changes in all other namespaces at the Metadata level.
+  - level: Metadata
+    resources:
+    - group: "" # core API group
+      resources: ["secrets", "configmaps"]
+
+  # Log all other resources in core and extensions at the Request level.
+  - level: Request
+    resources:
+    - group: "" # core API group
+    - group: "extensions" # Version of group should NOT be included.
+
+  # A catch-all rule to log all other requests at the Metadata level.
+  - level: Metadata
+    # Long-running requests like watches that fall under this rule will not
+    # generate an audit event in RequestReceived.
+    omitStages:
+      - "RequestReceived"
diff --git a/content/hi/examples/concepts/policy/limit-range/example-conflict-with-limitrange-cpu.yaml b/content/hi/examples/concepts/policy/limit-range/example-conflict-with-limitrange-cpu.yaml
new file mode 100644
index 0000000000000..0b3aa3a6f9b44
--- /dev/null
+++ b/content/hi/examples/concepts/policy/limit-range/example-conflict-with-limitrange-cpu.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example-conflict-with-limitrange-cpu
+spec:
+  containers:
+  - name: demo
+    image: registry.k8s.io/pause:2.0
+    resources:
+      requests:
+        cpu: 700m
diff --git a/content/hi/examples/concepts/policy/limit-range/example-no-conflict-with-limitrange-cpu.yaml b/content/hi/examples/concepts/policy/limit-range/example-no-conflict-with-limitrange-cpu.yaml
new file mode 100644
index 0000000000000..7001aec0d7b28
--- /dev/null
+++ b/content/hi/examples/concepts/policy/limit-range/example-no-conflict-with-limitrange-cpu.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example-no-conflict-with-limitrange-cpu
+spec:
+  containers:
+  - name: demo
+    image: registry.k8s.io/pause:2.0
+    resources:
+      requests:
+        cpu: 700m
+      limits:
+        cpu: 700m
diff --git a/content/hi/examples/concepts/policy/limit-range/problematic-limit-range.yaml b/content/hi/examples/concepts/policy/limit-range/problematic-limit-range.yaml
new file mode 100644
index 0000000000000..ee89cb79faf4f
--- /dev/null
+++ b/content/hi/examples/concepts/policy/limit-range/problematic-limit-range.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: cpu-resource-constraint
+spec:
+  limits:
+  - default: # this section defines default limits
+      cpu: 500m
+    defaultRequest: # this section defines default requests
+      cpu: 500m
+    max: # max and min define the limit range
+      cpu: "1"
+    min:
+      cpu: 100m
+    type: Container
diff --git a/content/hi/examples/configmap/configmap-multikeys.yaml b/content/hi/examples/configmap/configmap-multikeys.yaml
new file mode 100644
index 0000000000000..289702d123caf
--- /dev/null
+++ b/content/hi/examples/configmap/configmap-multikeys.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: special-config
+  namespace: default
+data:
+  SPECIAL_LEVEL: very
+  SPECIAL_TYPE: charm
diff --git a/content/hi/examples/configmap/configmaps.yaml b/content/hi/examples/configmap/configmaps.yaml
new file mode 100644
index 0000000000000..91b9f29755c2e
--- /dev/null
+++ b/content/hi/examples/configmap/configmaps.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: special-config
+  namespace: default
+data:
+  special.how: very
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: env-config
+  namespace: default
+data:
+  log_level: INFO
diff --git a/content/hi/examples/configmap/configure-pod.yaml b/content/hi/examples/configmap/configure-pod.yaml
new file mode 100644
index 0000000000000..1b31d0b2aff13
--- /dev/null
+++ b/content/hi/examples/configmap/configure-pod.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: configmap-demo-pod
+spec:
+  containers:
+    - name: demo
+      image: alpine
+      command: ["sleep", "3600"]
+      env:
+        # Define the environment variable
+        - name: PLAYER_INITIAL_LIVES # Notice that the case is different here
+                                     # from the key name in the ConfigMap.
+          valueFrom:
+            configMapKeyRef:
+              name: game-demo           # The ConfigMap this value comes from.
+              key: player_initial_lives # The key to fetch.
+        - name: UI_PROPERTIES_FILE_NAME
+          valueFrom:
+            configMapKeyRef:
+              name: game-demo
+              key: ui_properties_file_name
+      volumeMounts:
+      - name: config
+        mountPath: "/config"
+        readOnly: true
+  volumes:
+  # You set volumes at the Pod level, then mount them into containers inside that Pod
+  - name: config
+    configMap:
+      # Provide the name of the ConfigMap you want to mount.
+      name: game-demo
+      # An array of keys from the ConfigMap to create as files
+      items:
+      - key: "game.properties"
+        path: "game.properties"
+      - key: "user-interface.properties"
+        path: "user-interface.properties"
+        
\ No newline at end of file
diff --git a/content/hi/examples/configmap/game-env-file.properties b/content/hi/examples/configmap/game-env-file.properties
new file mode 100644
index 0000000000000..a96a12eaa721c
--- /dev/null
+++ b/content/hi/examples/configmap/game-env-file.properties
@@ -0,0 +1,5 @@
+enemies=aliens
+lives=3
+allowed="true"
+
+# This comment and the empty line above it are ignored
diff --git a/content/hi/examples/configmap/game.properties b/content/hi/examples/configmap/game.properties
new file mode 100644
index 0000000000000..8ba4184c22e18
--- /dev/null
+++ b/content/hi/examples/configmap/game.properties
@@ -0,0 +1,7 @@
+enemies=aliens
+lives=3
+enemies.cheat=true
+enemies.cheat.level=noGoodRotten
+secret.code.passphrase=UUDDLRLRBABAS
+secret.code.allowed=true
+secret.code.lives=30
\ No newline at end of file
diff --git a/content/hi/examples/configmap/immutable-configmap.yaml b/content/hi/examples/configmap/immutable-configmap.yaml
new file mode 100644
index 0000000000000..032cf424d0332
--- /dev/null
+++ b/content/hi/examples/configmap/immutable-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  company_name: "ACME, Inc." # existing fictional company name
+kind: ConfigMap
+immutable: true
+metadata:
+  name: company-name-20150801
\ No newline at end of file
diff --git a/content/hi/examples/configmap/new-immutable-configmap.yaml b/content/hi/examples/configmap/new-immutable-configmap.yaml
new file mode 100644
index 0000000000000..2ac9c8bc4d0bd
--- /dev/null
+++ b/content/hi/examples/configmap/new-immutable-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  company_name: "Fiktivesunternehmen GmbH" # new fictional company name
+kind: ConfigMap
+immutable: true
+metadata:
+  name: company-name-20240312
\ No newline at end of file
diff --git a/content/hi/examples/configmap/ui-env-file.properties b/content/hi/examples/configmap/ui-env-file.properties
new file mode 100644
index 0000000000000..1b5c76999497d
--- /dev/null
+++ b/content/hi/examples/configmap/ui-env-file.properties
@@ -0,0 +1,3 @@
+color=purple
+textmode=true
+how=fairlyNice
diff --git a/content/hi/examples/configmap/ui.properties b/content/hi/examples/configmap/ui.properties
new file mode 100644
index 0000000000000..487bea0347e7d
--- /dev/null
+++ b/content/hi/examples/configmap/ui.properties
@@ -0,0 +1,4 @@
+color.good=purple
+color.bad=yellow
+allow.textmode=true
+how.nice.to.look=fairlyNice
diff --git a/content/hi/examples/controllers/daemonset-label-selector.yaml b/content/hi/examples/controllers/daemonset-label-selector.yaml
new file mode 100644
index 0000000000000..458e19ceb46b3
--- /dev/null
+++ b/content/hi/examples/controllers/daemonset-label-selector.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: ssd-driver
+  labels:
+    app: nginx
+spec:
+  selector:
+    matchLabels:
+      app: ssd-driver-pod
+  template:
+    metadata:
+      labels:
+        app: ssd-driver-pod
+    spec:
+      nodeSelector:
+        ssd: "true"
+      containers:
+        - name: example-container
+          image: example-image
\ No newline at end of file
diff --git a/content/hi/examples/controllers/daemonset.yaml b/content/hi/examples/controllers/daemonset.yaml
new file mode 100644
index 0000000000000..1650ecce4ac31
--- /dev/null
+++ b/content/hi/examples/controllers/daemonset.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-elasticsearch
+  namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+spec:
+  selector:
+    matchLabels:
+      name: fluentd-elasticsearch
+  template:
+    metadata:
+      labels:
+        name: fluentd-elasticsearch
+    spec:
+      tolerations:
+      # these tolerations are to have the daemonset runnable on control plane nodes
+      # remove them if your control plane nodes should not run pods
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: fluentd-elasticsearch
+        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+      # it may be desirable to set a high priority class to ensure that a DaemonSet Pod
+      # preempts running Pods
+      # priorityClassName: important
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
diff --git a/content/hi/examples/controllers/fluentd-daemonset-update.yaml b/content/hi/examples/controllers/fluentd-daemonset-update.yaml
new file mode 100644
index 0000000000000..9521e73b00c0c
--- /dev/null
+++ b/content/hi/examples/controllers/fluentd-daemonset-update.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-elasticsearch
+  namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+spec:
+  selector:
+    matchLabels:
+      name: fluentd-elasticsearch
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+        name: fluentd-elasticsearch
+    spec:
+      tolerations:
+      # these tolerations are to have the daemonset runnable on control plane nodes
+      # remove them if your control plane nodes should not run pods
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: fluentd-elasticsearch
+        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
diff --git a/content/hi/examples/controllers/fluentd-daemonset.yaml b/content/hi/examples/controllers/fluentd-daemonset.yaml
new file mode 100644
index 0000000000000..653636fc57458
--- /dev/null
+++ b/content/hi/examples/controllers/fluentd-daemonset.yaml
@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-elasticsearch
+  namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+spec:
+  selector:
+    matchLabels:
+      name: fluentd-elasticsearch
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+        name: fluentd-elasticsearch
+    spec:
+      tolerations:
+      # these tolerations are to have the daemonset runnable on control plane nodes
+      # remove them if your control plane nodes should not run pods
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: fluentd-elasticsearch
+        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
diff --git a/content/hi/examples/controllers/frontend.yaml b/content/hi/examples/controllers/frontend.yaml
new file mode 100644
index 0000000000000..30d9590e47d70
--- /dev/null
+++ b/content/hi/examples/controllers/frontend.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  name: frontend
+  labels:
+    app: guestbook
+    tier: frontend
+spec:
+  # modify replicas according to your case
+  replicas: 3
+  selector:
+    matchLabels:
+      tier: frontend
+  template:
+    metadata:
+      labels:
+        tier: frontend
+    spec:
+      containers:
+      - name: php-redis
+        image: us-docker.pkg.dev/google-samples/containers/gke/gb-frontend:v5
diff --git a/content/hi/examples/controllers/hpa-rs.yaml b/content/hi/examples/controllers/hpa-rs.yaml
new file mode 100644
index 0000000000000..a8388530dcba1
--- /dev/null
+++ b/content/hi/examples/controllers/hpa-rs.yaml
@@ -0,0 +1,11 @@
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: frontend-scaler
+spec:
+  scaleTargetRef:
+    kind: ReplicaSet
+    name: frontend
+  minReplicas: 3
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 50
diff --git a/content/hi/examples/controllers/job-backoff-limit-per-index-example.yaml b/content/hi/examples/controllers/job-backoff-limit-per-index-example.yaml
new file mode 100644
index 0000000000000..c238479f904fb
--- /dev/null
+++ b/content/hi/examples/controllers/job-backoff-limit-per-index-example.yaml
@@ -0,0 +1,26 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-backoff-limit-per-index-example
+spec:
+  completions: 10
+  parallelism: 3
+  completionMode: Indexed  # required for the feature
+  backoffLimitPerIndex: 1  # maximal number of failures per index
+  maxFailedIndexes: 5      # maximal number of failed indexes before terminating the Job execution
+  template:
+    spec:
+      restartPolicy: Never # required for the feature
+      containers:
+      - name: example
+        image: python
+        command:           # The jobs fails as there is at least one failed index
+                           # (all even indexes fail in here), yet all indexes
+                           # are executed as maxFailedIndexes is not exceeded.
+        - python3
+        - -c
+        - |
+          import os, sys
+          print("Hello world")
+          if int(os.environ.get("JOB_COMPLETION_INDEX")) % 2 == 0:
+            sys.exit(1)
diff --git a/content/hi/examples/controllers/job-pod-failure-policy-config-issue.yaml b/content/hi/examples/controllers/job-pod-failure-policy-config-issue.yaml
new file mode 100644
index 0000000000000..fc82ca188c081
--- /dev/null
+++ b/content/hi/examples/controllers/job-pod-failure-policy-config-issue.yaml
@@ -0,0 +1,19 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-pod-failure-policy-config-issue
+spec:
+  completions: 8
+  parallelism: 2
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: main
+        image: "non-existing-repo/non-existing-image:example"
+  backoffLimit: 6
+  podFailurePolicy:
+    rules:
+    - action: FailJob
+      onPodConditions:
+      - type: ConfigIssue
diff --git a/content/hi/examples/controllers/job-pod-failure-policy-example.yaml b/content/hi/examples/controllers/job-pod-failure-policy-example.yaml
new file mode 100644
index 0000000000000..f75d4d6bb14cf
--- /dev/null
+++ b/content/hi/examples/controllers/job-pod-failure-policy-example.yaml
@@ -0,0 +1,28 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-pod-failure-policy-example
+spec:
+  completions: 12
+  parallelism: 3
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: main
+        image: docker.io/library/bash:5
+        command: ["bash"]        # example command simulating a bug which triggers the FailJob action
+        args:
+        - -c
+        - echo "Hello world!" && sleep 5 && exit 42
+  backoffLimit: 6
+  podFailurePolicy:
+    rules:
+    - action: FailJob
+      onExitCodes:
+        containerName: main      # optional
+        operator: In             # one of: In, NotIn
+        values: [42]
+    - action: Ignore             # one of: Ignore, FailJob, Count
+      onPodConditions:
+      - type: DisruptionTarget   # indicates Pod disruption
diff --git a/content/hi/examples/controllers/job-pod-failure-policy-failjob.yaml b/content/hi/examples/controllers/job-pod-failure-policy-failjob.yaml
new file mode 100644
index 0000000000000..a83abe84c1c5a
--- /dev/null
+++ b/content/hi/examples/controllers/job-pod-failure-policy-failjob.yaml
@@ -0,0 +1,25 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-pod-failure-policy-failjob
+spec:
+  completions: 8
+  parallelism: 2
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: main
+        image: docker.io/library/bash:5
+        command: ["bash"]
+        args:
+        - -c
+        - echo "Hello world! I'm going to exit with 42 to simulate a software bug." && sleep 30 && exit 42
+  backoffLimit: 6
+  podFailurePolicy:
+    rules:
+    - action: FailJob
+      onExitCodes:
+        containerName: main
+        operator: In
+        values: [42]
diff --git a/content/hi/examples/controllers/job-pod-failure-policy-ignore.yaml b/content/hi/examples/controllers/job-pod-failure-policy-ignore.yaml
new file mode 100644
index 0000000000000..9747644ff2cf2
--- /dev/null
+++ b/content/hi/examples/controllers/job-pod-failure-policy-ignore.yaml
@@ -0,0 +1,23 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-pod-failure-policy-ignore
+spec:
+  completions: 4
+  parallelism: 2
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: main
+        image: docker.io/library/bash:5
+        command: ["bash"]
+        args:
+        - -c
+        - echo "Hello world! I'm going to exit with 0 (success)." && sleep 90 && exit 0
+  backoffLimit: 0
+  podFailurePolicy:
+    rules:
+    - action: Ignore
+      onPodConditions:
+      - type: DisruptionTarget
diff --git a/content/hi/examples/controllers/job-success-policy.yaml b/content/hi/examples/controllers/job-success-policy.yaml
new file mode 100644
index 0000000000000..3cd8fd7454850
--- /dev/null
+++ b/content/hi/examples/controllers/job-success-policy.yaml
@@ -0,0 +1,28 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: job-success
+spec:
+  parallelism: 10
+  completions: 10
+  completionMode: Indexed # Required for the success policy
+  successPolicy:
+    rules:
+      - succeededIndexes: 0,2-3
+        succeededCount: 1
+  template:
+    spec:
+      containers:
+      - name: main
+        image: python
+        command:          # Provided that at least one of the Pods with 0, 2, and 3 indexes has succeeded,
+                          # the overall Job is a success.
+          - python3
+          - -c
+          - |
+            import os, sys
+            if os.environ.get("JOB_COMPLETION_INDEX") == "2":
+              sys.exit(0)
+            else:
+              sys.exit(1)
+      restartPolicy: Never
diff --git a/content/hi/examples/controllers/job.yaml b/content/hi/examples/controllers/job.yaml
new file mode 100644
index 0000000000000..d8befe89dba46
--- /dev/null
+++ b/content/hi/examples/controllers/job.yaml
@@ -0,0 +1,14 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: pi
+spec:
+  template:
+    spec:
+      containers:
+      - name: pi
+        image: perl:5.34.0
+        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+      restartPolicy: Never
+  backoffLimit: 4
+
diff --git a/content/hi/examples/controllers/nginx-deployment.yaml b/content/hi/examples/controllers/nginx-deployment.yaml
new file mode 100644
index 0000000000000..685c17aa68e1d
--- /dev/null
+++ b/content/hi/examples/controllers/nginx-deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/controllers/replicaset.yaml b/content/hi/examples/controllers/replicaset.yaml
new file mode 100644
index 0000000000000..e5dfdf6c43ce5
--- /dev/null
+++ b/content/hi/examples/controllers/replicaset.yaml
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  name: my-repset
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      pod-is-for: garbage-collection-example
+  template:
+    metadata:
+      labels:
+        pod-is-for: garbage-collection-example
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
diff --git a/content/hi/examples/controllers/replication-nginx-1.14.2.yaml b/content/hi/examples/controllers/replication-nginx-1.14.2.yaml
new file mode 100644
index 0000000000000..b74bc81547c44
--- /dev/null
+++ b/content/hi/examples/controllers/replication-nginx-1.14.2.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: my-nginx
+spec:
+  replicas: 5
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/controllers/replication-nginx-1.16.1.yaml b/content/hi/examples/controllers/replication-nginx-1.16.1.yaml
new file mode 100644
index 0000000000000..0708cae4b50e9
--- /dev/null
+++ b/content/hi/examples/controllers/replication-nginx-1.16.1.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: my-nginx-v4
+spec:
+  replicas: 5
+  selector:
+    app: nginx
+    deployment: v4
+  template:
+    metadata:
+      labels:
+        app: nginx
+        deployment: v4
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.16.1
+        args: ["nginx", "-T"]
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/controllers/replication.yaml b/content/hi/examples/controllers/replication.yaml
new file mode 100644
index 0000000000000..6eff0b9b57642
--- /dev/null
+++ b/content/hi/examples/controllers/replication.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    app: nginx
+  template:
+    metadata:
+      name: nginx
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+        ports:
+        - containerPort: 80
diff --git a/content/hi/examples/customresourcedefinition/shirt-resource-definition.yaml b/content/hi/examples/customresourcedefinition/shirt-resource-definition.yaml
new file mode 100644
index 0000000000000..111d0d74896dc
--- /dev/null
+++ b/content/hi/examples/customresourcedefinition/shirt-resource-definition.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: shirts.stable.example.com
+spec:
+  group: stable.example.com
+  scope: Namespaced
+  names:
+    plural: shirts
+    singular: shirt
+    kind: Shirt
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            properties:
+              color:
+                type: string
+              size:
+                type: string
+    selectableFields:
+    - jsonPath: .spec.color
+    - jsonPath: .spec.size
+    additionalPrinterColumns:
+    - jsonPath: .spec.color
+      name: Color
+      type: string
+    - jsonPath: .spec.size
+      name: Size
+      type: string
diff --git a/content/hi/examples/customresourcedefinition/shirt-resources.yaml b/content/hi/examples/customresourcedefinition/shirt-resources.yaml
new file mode 100644
index 0000000000000..8a123333cc715
--- /dev/null
+++ b/content/hi/examples/customresourcedefinition/shirt-resources.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: stable.example.com/v1
+kind: Shirt
+metadata:
+  name: example1
+spec:
+  color: blue
+  size: S
+---
+apiVersion: stable.example.com/v1
+kind: Shirt
+metadata:
+  name: example2
+spec:
+  color: blue
+  size: M
+---
+apiVersion: stable.example.com/v1
+kind: Shirt
+metadata:
+  name: example3
+spec:
+  color: green
+  size: M
diff --git a/content/hi/examples/debug/counter-pod.yaml b/content/hi/examples/debug/counter-pod.yaml
new file mode 100644
index 0000000000000..a91b2f8915830
--- /dev/null
+++ b/content/hi/examples/debug/counter-pod.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox:1.28
+    args: [/bin/sh, -c,
+            'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
diff --git a/content/hi/examples/debug/event-exporter.yaml b/content/hi/examples/debug/event-exporter.yaml
new file mode 100644
index 0000000000000..7d2fe2791ac9a
--- /dev/null
+++ b/content/hi/examples/debug/event-exporter.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: event-exporter-sa
+  namespace: default
+  labels:
+    app: event-exporter
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: event-exporter-rb
+  labels:
+    app: event-exporter
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: view
+subjects:
+- kind: ServiceAccount
+  name: event-exporter-sa
+  namespace: default
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: event-exporter-v0.2.3
+  namespace: default
+  labels:
+    app: event-exporter
+spec:
+  selector:
+    matchLabels:
+      app: event-exporter
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: event-exporter
+    spec:
+      serviceAccountName: event-exporter-sa
+      containers:
+      - name: event-exporter
+        image: registry.k8s.io/event-exporter:v0.2.3
+        command:
+        - '/event-exporter'
+      terminationGracePeriodSeconds: 30
diff --git a/content/hi/examples/debug/fluentd-gcp-configmap.yaml b/content/hi/examples/debug/fluentd-gcp-configmap.yaml
new file mode 100644
index 0000000000000..4abdbc8b910f3
--- /dev/null
+++ b/content/hi/examples/debug/fluentd-gcp-configmap.yaml
@@ -0,0 +1,379 @@
+apiVersion: v1
+kind: ConfigMap
+data:
+  containers.input.conf: |-
+    # This configuration file for Fluentd is used
+    # to watch changes to Docker log files that live in the
+    # directory /var/lib/docker/containers/ and are symbolically
+    # linked to from the /var/log/containers directory using names that capture the
+    # pod name and container name. These logs are then submitted to
+    # Google Cloud Logging which assumes the installation of the cloud-logging plug-in.
+    #
+    # Example
+    # =======
+    # A line in the Docker log file might look like this JSON:
+    #
+    # {"log":"2014/09/25 21:15:03 Got request with path wombat\\n",
+    #  "stream":"stderr",
+    #   "time":"2014-09-25T21:15:03.499185026Z"}
+    #
+    # The record reformer is used to write the tag to focus on the pod name
+    # and the Kubernetes container name. For example a Docker container's logs
+    # might be in the directory:
+    #  /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b
+    # and in the file:
+    #  997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
+    # where 997599971ee6... is the Docker ID of the running container.
+    # The Kubernetes kubelet makes a symbolic link to this file on the host machine
+    # in the /var/log/containers directory which includes the pod name and the Kubernetes
+    # container name:
+    #    synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
+    #    ->
+    #    /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
+    # The /var/log directory on the host is mapped to the /var/log directory in the container
+    # running this instance of Fluentd and we end up collecting the file:
+    #   /var/log/containers/synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
+    # This results in the tag:
+    #  var.log.containers.synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
+    # The record reformer is used is discard the var.log.containers prefix and
+    # the Docker container ID suffix and "kubernetes." is pre-pended giving the tag:
+    #   kubernetes.synthetic-logger-0.25lps-pod_default-synth-lgr
+    # Tag is then parsed by google_cloud plugin and translated to the metadata,
+    # visible in the log viewer
+
+    # Example:
+    # {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"}
+    <source>
+      type tail
+      format json
+      time_key time
+      path /var/log/containers/*.log
+      pos_file /var/log/gcp-containers.log.pos
+      time_format %Y-%m-%dT%H:%M:%S.%N%Z
+      tag reform.*
+      read_from_head true
+    </source>
+
+    <filter reform.**>
+      type parser
+      format /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<log>.*)/
+      reserve_data true
+      suppress_parse_error_log true
+      key_name log
+    </filter>
+
+    <match reform.**>
+      type record_reformer
+      enable_ruby true
+      tag raw.kubernetes.${tag_suffix[4].split('-')[0..-2].join('-')}
+    </match>
+
+    # Detect exceptions in the log output and forward them as one log entry.
+    <match raw.kubernetes.**>
+      @type copy
+
+      <store>
+        @type prometheus
+
+        <metric>
+          type counter
+          name logging_line_count
+          desc Total number of lines generated by application containers
+          <labels>
+            tag ${tag}
+          </labels>
+        </metric>
+      </store>
+      <store>
+        @type detect_exceptions
+
+        remove_tag_prefix raw
+        message log
+        stream stream
+        multiline_flush_interval 5
+        max_bytes 500000
+        max_lines 1000
+      </store>
+    </match>
+  system.input.conf: |-
+    # Example:
+    # Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script
+    <source>
+      type tail
+      format syslog
+      path /var/log/startupscript.log
+      pos_file /var/log/gcp-startupscript.log.pos
+      tag startupscript
+    </source>
+
+    # Examples:
+    # time="2016-02-04T06:51:03.053580605Z" level=info msg="GET /containers/json"
+    # time="2016-02-04T07:53:57.505612354Z" level=error msg="HTTP Error" err="No such image: -f" statusCode=404
+    <source>
+      type tail
+      format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
+      path /var/log/docker.log
+      pos_file /var/log/gcp-docker.log.pos
+      tag docker
+    </source>
+
+    # Example:
+    # 2016/02/04 06:52:38 filePurge: successfully removed file /var/etcd/data/member/wal/00000000000006d0-00000000010a23d1.wal
+    <source>
+      type tail
+      # Not parsing this, because it doesn't have anything particularly useful to
+      # parse out of it (like severities).
+      format none
+      path /var/log/etcd.log
+      pos_file /var/log/gcp-etcd.log.pos
+      tag etcd
+    </source>
+
+    # Multi-line parsing is required for all the kube logs because very large log
+    # statements, such as those that include entire object bodies, get split into
+    # multiple lines by glog.
+
+    # Example:
+    # I0204 07:32:30.020537    3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kubelet.log
+      pos_file /var/log/gcp-kubelet.log.pos
+      tag kubelet
+    </source>
+
+    # Example:
+    # I1118 21:26:53.975789       6 proxier.go:1096] Port "nodePort for kube-system/default-http-backend:http" (:31429/tcp) was open before and is still needed
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-proxy.log
+      pos_file /var/log/gcp-kube-proxy.log.pos
+      tag kube-proxy
+    </source>
+
+    # Example:
+    # I0204 07:00:19.604280       5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266]
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-apiserver.log
+      pos_file /var/log/gcp-kube-apiserver.log.pos
+      tag kube-apiserver
+    </source>
+
+    # Example:
+    # 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods"
+    # 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200"
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\S+\s+AUDIT:/
+      # Fields must be explicitly captured by name to be parsed into the record.
+      # Fields may not always be present, and order may change, so this just looks
+      # for a list of key="\"quoted\" value" pairs separated by spaces.
+      # Unknown fields are ignored.
+      # Note: We can't separate query/response lines as format1/format2 because
+      #       they don't always come one after the other for a given query.
+      # TODO: Maybe add a JSON output mode to audit log so we can get rid of this?
+      format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/
+      time_format %FT%T.%L%Z
+      path /var/log/kube-apiserver-audit.log
+      pos_file /var/log/gcp-kube-apiserver-audit.log.pos
+      tag kube-apiserver-audit
+    </source>
+
+    # Example:
+    # I0204 06:55:31.872680       5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kubernetes-dashboard
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-controller-manager.log
+      pos_file /var/log/gcp-kube-controller-manager.log.pos
+      tag kube-controller-manager
+    </source>
+
+    # Example:
+    # W0204 06:49:18.239674       7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312]
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/kube-scheduler.log
+      pos_file /var/log/gcp-kube-scheduler.log.pos
+      tag kube-scheduler
+    </source>
+
+    # Example:
+    # I1104 10:36:20.242766       5 rescheduler.go:73] Running Rescheduler
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/rescheduler.log
+      pos_file /var/log/gcp-rescheduler.log.pos
+      tag rescheduler
+    </source>
+
+    # Example:
+    # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/glbc.log
+      pos_file /var/log/gcp-glbc.log.pos
+      tag glbc
+    </source>
+
+    # Example:
+    # I0603 15:31:05.793605       6 cluster_manager.go:230] Reading config from path /etc/gce.conf
+    <source>
+      type tail
+      format multiline
+      multiline_flush_interval 5s
+      format_firstline /^\w\d{4}/
+      format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
+      time_format %m%d %H:%M:%S.%N
+      path /var/log/cluster-autoscaler.log
+      pos_file /var/log/gcp-cluster-autoscaler.log.pos
+      tag cluster-autoscaler
+    </source>
+
+    # Logs from systemd-journal for interesting services.
+    <source>
+      type systemd
+      filters [{ "_SYSTEMD_UNIT": "docker.service" }]
+      pos_file /var/log/gcp-journald-docker.pos
+      read_from_head true
+      tag docker
+    </source>
+
+    <source>
+      type systemd
+      filters [{ "_SYSTEMD_UNIT": "kubelet.service" }]
+      pos_file /var/log/gcp-journald-kubelet.pos
+      read_from_head true
+      tag kubelet
+    </source>
+  monitoring.conf: |-
+    # Prometheus monitoring
+    <source>
+      @type prometheus
+      port 80
+    </source>
+
+    <source>
+      @type prometheus_monitor
+    </source>
+  output.conf: |-
+    # We use 2 output stanzas - one to handle the container logs and one to handle
+    # the node daemon logs, the latter of which explicitly sends its logs to the
+    # compute.googleapis.com service rather than container.googleapis.com to keep
+    # them separate since most users don't care about the node logs.
+    <match kubernetes.**>
+      @type copy
+
+      <store>
+        @type google_cloud
+
+        # Set the buffer type to file to improve the reliability and reduce the memory consumption
+        buffer_type file
+        buffer_path /var/log/fluentd-buffers/kubernetes.containers.buffer
+        # Set queue_full action to block because we want to pause gracefully
+        # in case of the off-the-limits load instead of throwing an exception
+        buffer_queue_full_action block
+        # Set the chunk limit conservatively to avoid exceeding the GCL limit
+        # of 10MiB per write request.
+        buffer_chunk_limit 2M
+        # Cap the combined memory usage of this buffer and the one below to
+        # 2MiB/chunk * (6 + 2) chunks = 16 MiB
+        buffer_queue_limit 6
+        # Never wait more than 5 seconds before flushing logs in the non-error case.
+        flush_interval 5s
+        # Never wait longer than 30 seconds between retries.
+        max_retry_wait 30
+        # Disable the limit on the number of retries (retry forever).
+        disable_retry_limit
+        # Use multiple threads for processing.
+        num_threads 2
+      </store>
+      <store>
+        @type prometheus
+
+        <metric>
+          type counter
+          name logging_entry_count
+          desc Total number of log entries generated by either an application container or a system component
+          <labels>
+            tag ${tag}
+            component container
+          </labels>
+        </metric>
+      </store>
+    </match>
+
+    # Keep a smaller buffer here since these logs are less important than the user's
+    # container logs.
+    <match **>
+      @type copy
+
+      <store>
+        @type google_cloud
+
+        detect_subservice false
+        buffer_type file
+        buffer_path /var/log/fluentd-buffers/kubernetes.system.buffer
+        buffer_queue_full_action block
+        buffer_chunk_limit 2M
+        buffer_queue_limit 2
+        flush_interval 5s
+        max_retry_wait 30
+        disable_retry_limit
+        num_threads 2
+      </store>
+      <store>
+        @type prometheus
+
+        <metric>
+          type counter
+          name logging_entry_count
+          desc Total number of log entries generated by either an application container or a system component
+          <labels>
+            tag ${tag}
+            component system
+          </labels>
+        </metric>
+      </store>
+    </match>
+metadata:
+  name: fluentd-gcp-config
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
diff --git a/content/hi/examples/debug/fluentd-gcp-ds.yaml b/content/hi/examples/debug/fluentd-gcp-ds.yaml
new file mode 100644
index 0000000000000..3e4f87f55e096
--- /dev/null
+++ b/content/hi/examples/debug/fluentd-gcp-ds.yaml
@@ -0,0 +1,113 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-gcp-v2.0
+  labels:
+    k8s-app: fluentd-gcp
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    version: v2.0
+spec:
+  selector:
+    matchLabels:
+      k8s-app: fluentd-gcp
+      kubernetes.io/cluster-service: "true"
+      version: v2.0
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        k8s-app: fluentd-gcp
+        kubernetes.io/cluster-service: "true"
+        version: v2.0
+      # This annotation ensures that fluentd does not get evicted if the node
+      # supports critical pod annotation based priority scheme.
+      # Note that this does not guarantee admission on the nodes (#40573).
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      dnsPolicy: Default
+      containers:
+      - name: fluentd-gcp
+        image: registry.k8s.io/fluentd-gcp:2.0.2
+        # If fluentd consumes its own logs, the following situation may happen:
+        # fluentd fails to send a chunk to the server => writes it to the log =>
+        # tries to send this message to the server => fails to send a chunk and so on.
+        # Writing to a file, which is not exported to the back-end prevents it.
+        # It also allows to increase the fluentd verbosity by default.
+        command:
+          - '/bin/sh'
+          - '-c'
+          - '/run.sh $FLUENTD_ARGS 2>&1 >>/var/log/fluentd.log'
+        env:
+        - name: FLUENTD_ARGS
+          value: --no-supervisor
+        resources:
+          limits:
+            memory: 300Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+        - name: libsystemddir
+          mountPath: /host/lib
+          readOnly: true
+        - name: config-volume
+          mountPath: /etc/fluent/config.d
+        # Liveness probe is aimed to help in situations where fluentd
+        # silently hangs for no apparent reasons until manual restart.
+        # The idea of this probe is that if fluentd is not queueing or
+        # flushing chunks for 5 minutes, something is not right. If
+        # you want to change the fluentd configuration, reducing amount of
+        # logs fluentd collects, consider changing the threshold or turning
+        # liveness probe off completely.
+        livenessProbe:
+          initialDelaySeconds: 600
+          periodSeconds: 60
+          exec:
+            command:
+            - '/bin/sh'
+            - '-c'
+            - >
+              LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
+              STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
+              if [ ! -e /var/log/fluentd-buffers ];
+              then
+                exit 1;
+              fi;
+              LAST_MODIFIED_DATE=`stat /var/log/fluentd-buffers | grep Modify | sed -r "s/Modify: (.*)/\1/"`;
+              LAST_MODIFIED_TIMESTAMP=`date -d "$LAST_MODIFIED_DATE" +%s`;
+              if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $STUCK_THRESHOLD_SECONDS` ];
+              then
+                rm -rf /var/log/fluentd-buffers;
+                exit 1;
+              fi;
+              if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $LIVENESS_THRESHOLD_SECONDS` ];
+              then
+                exit 1;
+              fi;
+      nodeSelector:
+        beta.kubernetes.io/fluentd-ds-ready: "true"
+      tolerations:
+      - key: "node.alpha.kubernetes.io/ismaster"
+        effect: "NoSchedule"
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
+      - name: libsystemddir
+        hostPath:
+          path: /usr/lib64
+      - name: config-volume
+        configMap:
+          name: fluentd-gcp-config
diff --git a/content/hi/examples/debug/node-problem-detector-configmap.yaml b/content/hi/examples/debug/node-problem-detector-configmap.yaml
new file mode 100644
index 0000000000000..46bf1ea668a4c
--- /dev/null
+++ b/content/hi/examples/debug/node-problem-detector-configmap.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: node-problem-detector-v0.1
+  namespace: kube-system
+  labels:
+    k8s-app: node-problem-detector
+    version: v0.1
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    matchLabels:
+      k8s-app: node-problem-detector  
+      version: v0.1
+      kubernetes.io/cluster-service: "true"
+  template:
+    metadata:
+      labels:
+        k8s-app: node-problem-detector
+        version: v0.1
+        kubernetes.io/cluster-service: "true"
+    spec:
+      hostNetwork: true
+      containers:
+      - name: node-problem-detector
+        image: registry.k8s.io/node-problem-detector:v0.1
+        securityContext:
+          privileged: true
+        resources:
+          limits:
+            cpu: "200m"
+            memory: "100Mi"
+          requests:
+            cpu: "20m"
+            memory: "20Mi"
+        volumeMounts:
+        - name: log
+          mountPath: /log
+          readOnly: true
+        - name: config # Overwrite the config/ directory with ConfigMap volume
+          mountPath: /config
+          readOnly: true
+      volumes:
+      - name: log
+        hostPath:
+          path: /var/log/
+      - name: config # Define ConfigMap volume
+        configMap:
+          name: node-problem-detector-config
\ No newline at end of file
diff --git a/content/hi/examples/debug/node-problem-detector.yaml b/content/hi/examples/debug/node-problem-detector.yaml
new file mode 100644
index 0000000000000..f106c327efc8b
--- /dev/null
+++ b/content/hi/examples/debug/node-problem-detector.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: node-problem-detector-v0.1
+  namespace: kube-system
+  labels:
+    k8s-app: node-problem-detector
+    version: v0.1
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    matchLabels:
+      k8s-app: node-problem-detector  
+      version: v0.1
+      kubernetes.io/cluster-service: "true"
+  template:
+    metadata:
+      labels:
+        k8s-app: node-problem-detector
+        version: v0.1
+        kubernetes.io/cluster-service: "true"
+    spec:
+      hostNetwork: true
+      containers:
+      - name: node-problem-detector
+        image: registry.k8s.io/node-problem-detector:v0.1
+        securityContext:
+          privileged: true
+        resources:
+          limits:
+            cpu: "200m"
+            memory: "100Mi"
+          requests:
+            cpu: "20m"
+            memory: "20Mi"
+        volumeMounts:
+        - name: log
+          mountPath: /log
+          readOnly: true
+      volumes:
+      - name: log
+        hostPath:
+          path: /var/log/
\ No newline at end of file
diff --git a/content/hi/examples/debug/termination.yaml b/content/hi/examples/debug/termination.yaml
new file mode 100644
index 0000000000000..3f63748f7295f
--- /dev/null
+++ b/content/hi/examples/debug/termination.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: termination-demo
+spec:
+  containers:
+  - name: termination-demo-container
+    image: debian
+    command: ["/bin/sh"]
+    args: ["-c", "sleep 10 && echo Sleep expired > /dev/termination-log"]
diff --git a/content/hi/examples/deployments/deployment-with-configmap-and-sidecar-container.yaml b/content/hi/examples/deployments/deployment-with-configmap-and-sidecar-container.yaml
new file mode 100644
index 0000000000000..5a25efac3f389
--- /dev/null
+++ b/content/hi/examples/deployments/deployment-with-configmap-and-sidecar-container.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: configmap-sidecar-container
+  labels:
+    app.kubernetes.io/name: configmap-sidecar-container
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: configmap-sidecar-container
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: configmap-sidecar-container
+    spec:
+      volumes:
+        - name: shared-data
+          emptyDir: {}
+        - name: config-volume
+          configMap:
+            name: color
+      containers:
+        - name: nginx
+          image: nginx
+          volumeMounts:
+            - name: shared-data
+              mountPath: /usr/share/nginx/html
+      initContainers:
+        - name: alpine
+          image: alpine:3
+          restartPolicy: Always
+          volumeMounts:
+            - name: shared-data
+              mountPath: /pod-data
+            - name: config-volume
+              mountPath: /etc/config
+          command:
+            - /bin/sh
+            - -c
+            - while true; do echo "$(date) My preferred color is $(cat /etc/config/color)" > /pod-data/index.html;
+              sleep 10; done;
diff --git a/content/hi/examples/deployments/deployment-with-configmap-as-envvar.yaml b/content/hi/examples/deployments/deployment-with-configmap-as-envvar.yaml
new file mode 100644
index 0000000000000..8e28b93543c17
--- /dev/null
+++ b/content/hi/examples/deployments/deployment-with-configmap-as-envvar.yaml
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: configmap-env-var
+  labels:
+    app.kubernetes.io/name: configmap-env-var
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: configmap-env-var
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: configmap-env-var
+    spec:
+      containers:
+        - name: alpine
+          image: alpine:3
+          env:
+            - name: FRUITS
+              valueFrom:
+                configMapKeyRef:
+                  key: fruits
+                  name: fruits
+          command:
+            - /bin/sh
+            - -c
+            - while true; do echo "$(date) The basket is full of $FRUITS";
+                sleep 10; done;
+          ports:
+            - containerPort: 80
\ No newline at end of file
diff --git a/content/hi/examples/deployments/deployment-with-configmap-as-volume.yaml b/content/hi/examples/deployments/deployment-with-configmap-as-volume.yaml
new file mode 100644
index 0000000000000..260cc8634107d
--- /dev/null
+++ b/content/hi/examples/deployments/deployment-with-configmap-as-volume.yaml
@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: configmap-volume
+  labels:
+    app.kubernetes.io/name: configmap-volume
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: configmap-volume
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: configmap-volume
+    spec:
+      containers:
+        - name: alpine
+          image: alpine:3
+          command:
+            - /bin/sh
+            - -c
+            - while true; do echo "$(date) My preferred sport is $(cat /etc/config/sport)";
+              sleep 10; done;
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/config
+      volumes:
+        - name: config-volume
+          configMap:
+            name: sport
\ No newline at end of file
diff --git a/content/hi/examples/deployments/deployment-with-configmap-two-containers.yaml b/content/hi/examples/deployments/deployment-with-configmap-two-containers.yaml
new file mode 100644
index 0000000000000..e46e527c603e6
--- /dev/null
+++ b/content/hi/examples/deployments/deployment-with-configmap-two-containers.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: configmap-two-containers
+  labels:
+    app.kubernetes.io/name: configmap-two-containers
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: configmap-two-containers
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: configmap-two-containers
+    spec:
+      volumes:
+        - name: shared-data
+          emptyDir: {}
+        - name: config-volume
+          configMap:
+            name: color
+      containers:
+        - name: nginx
+          image: nginx
+          volumeMounts:
+            - name: shared-data
+              mountPath: /usr/share/nginx/html
+        - name: alpine
+          image: alpine:3
+          volumeMounts:
+            - name: shared-data
+              mountPath: /pod-data
+            - name: config-volume
+              mountPath: /etc/config
+          command:
+            - /bin/sh
+            - -c
+            - while true; do echo "$(date) My preferred color is $(cat /etc/config/color)" > /pod-data/index.html;
+              sleep 10; done;
diff --git a/content/hi/examples/deployments/deployment-with-immutable-configmap-as-volume.yaml b/content/hi/examples/deployments/deployment-with-immutable-configmap-as-volume.yaml
new file mode 100644
index 0000000000000..d536acf675e44
--- /dev/null
+++ b/content/hi/examples/deployments/deployment-with-immutable-configmap-as-volume.yaml
@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: immutable-configmap-volume
+  labels:
+    app.kubernetes.io/name: immutable-configmap-volume
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: immutable-configmap-volume
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: immutable-configmap-volume
+    spec:
+      containers:
+        - name: alpine
+          image: alpine:3
+          command:
+            - /bin/sh
+            - -c
+            - while true; do echo "$(date) The name of the company is $(cat /etc/config/company_name)";
+              sleep 10; done;
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/config
+      volumes:
+        - name: config-volume
+          configMap:
+            name: company-name-20150801
\ No newline at end of file
diff --git a/content/hi/examples/examples.go b/content/hi/examples/examples.go
new file mode 100644
index 0000000000000..9a2cc2ecdc684
--- /dev/null
+++ b/content/hi/examples/examples.go
@@ -0,0 +1,17 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package examples
diff --git a/content/hi/examples/examples_test.go b/content/hi/examples/examples_test.go
new file mode 100644
index 0000000000000..1ace5ff24b36e
--- /dev/null
+++ b/content/hi/examples/examples_test.go
@@ -0,0 +1,853 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package examples_test
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/apimachinery/pkg/util/yaml"
+	"k8s.io/kubernetes/pkg/api/legacyscheme"
+
+	"k8s.io/kubernetes/pkg/apis/admissionregistration"
+	admreg_validation "k8s.io/kubernetes/pkg/apis/admissionregistration/validation"
+
+	"k8s.io/kubernetes/pkg/apis/apps"
+	apps_validation "k8s.io/kubernetes/pkg/apis/apps/validation"
+
+	"k8s.io/kubernetes/pkg/apis/autoscaling"
+	autoscaling_validation "k8s.io/kubernetes/pkg/apis/autoscaling/validation"
+
+	"k8s.io/kubernetes/pkg/apis/batch"
+	batch_validation "k8s.io/kubernetes/pkg/apis/batch/validation"
+
+	api "k8s.io/kubernetes/pkg/apis/core"
+	"k8s.io/kubernetes/pkg/apis/core/validation"
+
+	// "k8s.io/kubernetes/pkg/apis/flowcontrol"
+	// flowcontrol_validation "k8s.io/kubernetes/pkg/apis/flowcontrol/validation"
+
+	"k8s.io/kubernetes/pkg/apis/networking"
+	networking_validation "k8s.io/kubernetes/pkg/apis/networking/validation"
+
+	"k8s.io/kubernetes/pkg/apis/policy"
+	policy_validation "k8s.io/kubernetes/pkg/apis/policy/validation"
+
+	"k8s.io/kubernetes/pkg/apis/rbac"
+	rbac_validation "k8s.io/kubernetes/pkg/apis/rbac/validation"
+
+	"k8s.io/kubernetes/pkg/apis/storage"
+	storage_validation "k8s.io/kubernetes/pkg/apis/storage/validation"
+
+	"k8s.io/kubernetes/pkg/capabilities"
+
+	// initialize install packages
+	_ "k8s.io/kubernetes/pkg/apis/admissionregistration/install"
+	_ "k8s.io/kubernetes/pkg/apis/apps/install"
+	_ "k8s.io/kubernetes/pkg/apis/autoscaling/install"
+	_ "k8s.io/kubernetes/pkg/apis/batch/install"
+	_ "k8s.io/kubernetes/pkg/apis/core/install"
+	_ "k8s.io/kubernetes/pkg/apis/networking/install"
+	_ "k8s.io/kubernetes/pkg/apis/policy/install"
+	_ "k8s.io/kubernetes/pkg/apis/rbac/install"
+	_ "k8s.io/kubernetes/pkg/apis/storage/install"
+)
+
+var (
+	Groups     map[string]TestGroup
+	serializer runtime.SerializerInfo
+)
+
+// TestGroup contains GroupVersion to uniquely identify the API
+type TestGroup struct {
+	externalGroupVersion schema.GroupVersion
+}
+
+// GroupVersion makes copy of schema.GroupVersion
+func (g TestGroup) GroupVersion() *schema.GroupVersion {
+	copyOfGroupVersion := g.externalGroupVersion
+	return &copyOfGroupVersion
+}
+
+// Codec returns the codec for the API version to test against
+func (g TestGroup) Codec() runtime.Codec {
+	if serializer.Serializer == nil {
+		return legacyscheme.Codecs.LegacyCodec(g.externalGroupVersion)
+	}
+	return legacyscheme.Codecs.CodecForVersions(serializer.Serializer, legacyscheme.Codecs.UniversalDeserializer(), schema.GroupVersions{g.externalGroupVersion}, nil)
+}
+
+func initGroups() {
+	Groups = make(map[string]TestGroup)
+	groupNames := []string{
+		admissionregistration.GroupName,
+		api.GroupName,
+		apps.GroupName,
+		autoscaling.GroupName,
+		batch.GroupName,
+		networking.GroupName,
+		policy.GroupName,
+		rbac.GroupName,
+		storage.GroupName,
+	}
+
+	for _, gn := range groupNames {
+		versions := legacyscheme.Scheme.PrioritizedVersionsForGroup(gn)
+		Groups[gn] = TestGroup{
+			externalGroupVersion: schema.GroupVersion{
+				Group:   gn,
+				Version: versions[0].Version,
+			},
+		}
+	}
+}
+
+func getCodecForObject(obj runtime.Object) (runtime.Codec, error) {
+	kinds, _, err := legacyscheme.Scheme.ObjectKinds(obj)
+	if err != nil {
+		return nil, fmt.Errorf("unexpected encoding error: %v", err)
+	}
+	kind := kinds[0]
+
+	for _, group := range Groups {
+		if group.GroupVersion().Group != kind.Group {
+			continue
+		}
+
+		if legacyscheme.Scheme.Recognizes(kind) {
+			return group.Codec(), nil
+		}
+	}
+	// Codec used for unversioned types
+	if legacyscheme.Scheme.Recognizes(kind) {
+		serializer, ok := runtime.SerializerInfoForMediaType(legacyscheme.Codecs.SupportedMediaTypes(), runtime.ContentTypeJSON)
+		if !ok {
+			return nil, fmt.Errorf("no serializer registered for json")
+		}
+		return serializer.Serializer, nil
+	}
+	return nil, fmt.Errorf("unexpected kind: %v", kind)
+}
+
+func validateObject(obj runtime.Object) (errors field.ErrorList) {
+	podValidationOptions := validation.PodValidationOptions{
+		AllowInvalidPodDeletionCost:     false,
+		AllowIndivisibleHugePagesValues: true,
+	}
+	netValidationOptions := networking_validation.NetworkPolicyValidationOptions{
+		AllowInvalidLabelValueInSelector: false,
+	}
+	pdbValidationOptions := policy_validation.PodDisruptionBudgetValidationOptions{
+		AllowInvalidLabelValueInSelector: false,
+	}
+	clusterroleValidationOptions := rbac_validation.ClusterRoleValidationOptions{
+		AllowInvalidLabelValueInSelector: false,
+	}
+
+	// Enable CustomPodDNS for testing
+	// feature.DefaultFeatureGate.Set("CustomPodDNS=true")
+	switch t := obj.(type) {
+	case *admissionregistration.ValidatingWebhookConfiguration:
+		errors = admreg_validation.ValidateValidatingWebhookConfiguration(t)
+	case *admissionregistration.ValidatingAdmissionPolicy:
+		errors = admreg_validation.ValidateValidatingAdmissionPolicy(t)
+	case *api.ConfigMap:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidateConfigMap(t)
+	case *api.Endpoints:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidateEndpointsCreate(t)
+	case *api.LimitRange:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidateLimitRange(t)
+	case *api.Namespace:
+		errors = validation.ValidateNamespace(t)
+	case *api.PersistentVolume:
+		opts := validation.PersistentVolumeSpecValidationOptions{}
+		errors = validation.ValidatePersistentVolume(t, opts)
+	case *api.PersistentVolumeClaim:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		opts := validation.PersistentVolumeClaimSpecValidationOptions{}
+		errors = validation.ValidatePersistentVolumeClaim(t, opts)
+	case *api.Pod:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidatePodCreate(t, podValidationOptions)
+	case *api.PodList:
+		for i := range t.Items {
+			errors = append(errors, validateObject(&t.Items[i])...)
+		}
+	case *api.PodTemplate:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidatePodTemplate(t, podValidationOptions)
+	case *api.ReplicationController:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidateReplicationController(t, podValidationOptions)
+	case *api.ReplicationControllerList:
+		for i := range t.Items {
+			errors = append(errors, validateObject(&t.Items[i])...)
+		}
+	case *api.ResourceQuota:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidateResourceQuota(t)
+	case *api.Secret:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidateSecret(t)
+	case *api.Service:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		// handle clusterIPs, logic copied from service strategy
+		if len(t.Spec.ClusterIP) > 0 && len(t.Spec.ClusterIPs) == 0 {
+			t.Spec.ClusterIPs = []string{t.Spec.ClusterIP}
+		}
+		errors = validation.ValidateService(t)
+	case *api.ServiceAccount:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = validation.ValidateServiceAccount(t)
+	case *api.ServiceList:
+		for i := range t.Items {
+			errors = append(errors, validateObject(&t.Items[i])...)
+		}
+	case *apps.StatefulSet:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = apps_validation.ValidateStatefulSet(t, podValidationOptions)
+	case *apps.DaemonSet:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = apps_validation.ValidateDaemonSet(t, podValidationOptions)
+	case *apps.Deployment:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = apps_validation.ValidateDeployment(t, podValidationOptions)
+	case *apps.ReplicaSet:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = apps_validation.ValidateReplicaSet(t, podValidationOptions)
+	case *autoscaling.HorizontalPodAutoscaler:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = autoscaling_validation.ValidateHorizontalPodAutoscaler(t)
+	case *batch.CronJob:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = batch_validation.ValidateCronJobCreate(t, podValidationOptions)
+	case *batch.Job:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+
+		// Job needs generateSelector called before validation, and job.Validate does this.
+		if strings.Index(t.ObjectMeta.Name, "$") > -1 {
+			t.ObjectMeta.Name = "skip-for-good"
+		}
+		t.ObjectMeta.UID = types.UID("fakeuid")
+		if t.Spec.Template.ObjectMeta.Labels == nil {
+			t.Spec.Template.ObjectMeta.Labels = make(map[string]string)
+		}
+		t.Spec.Template.ObjectMeta.Labels["controller-uid"] = "fakeuid"
+		t.Spec.Template.ObjectMeta.Labels["job-name"] = t.ObjectMeta.Name
+		if t.Spec.Selector == nil {
+			t.Spec.Selector = &metav1.LabelSelector{
+				MatchLabels: map[string]string{
+					"controller-uid": "fakeuid",
+					"job-name":       t.ObjectMeta.Name,
+				},
+			}
+		}
+		opts := batch_validation.JobValidationOptions{
+			RequirePrefixedLabels: false,
+		}
+		errors = batch_validation.ValidateJob(t, opts)
+
+	// case *flowcontrol.FlowSchema:
+	// TODO: This is still failing
+	// errors = flowcontrol_validation.ValidateFlowSchema(t)
+
+	case *networking.Ingress:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = networking_validation.ValidateIngressCreate(t)
+	case *networking.IngressClass:
+		errors = networking_validation.ValidateIngressClass(t)
+	case *networking.NetworkPolicy:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = networking_validation.ValidateNetworkPolicy(t, netValidationOptions)
+	case *policy.PodDisruptionBudget:
+		if t.Namespace == "" {
+			t.Namespace = api.NamespaceDefault
+		}
+		errors = policy_validation.ValidatePodDisruptionBudget(t, pdbValidationOptions)
+	case *rbac.ClusterRole:
+		// clusterole does not accept namespace
+		errors = rbac_validation.ValidateClusterRole(t, clusterroleValidationOptions)
+	case *rbac.ClusterRoleBinding:
+		// clusterolebinding does not accept namespace
+		errors = rbac_validation.ValidateClusterRoleBinding(t)
+	case *rbac.RoleBinding:
+		errors = rbac_validation.ValidateRoleBinding(t)
+	case *storage.StorageClass:
+		// storageclass does not accept namespace
+		errors = storage_validation.ValidateStorageClass(t)
+	default:
+		errors = field.ErrorList{}
+		errors = append(errors, field.InternalError(field.NewPath(""), fmt.Errorf("no validation defined for %#v", obj)))
+	}
+	return errors
+}
+
+// Walks inDir for any json/yaml files. Converts yaml to json, and calls fn for
+// each file found with the contents in data.
+func walkConfigFiles(inDir string, t *testing.T, fn func(name, path string, data [][]byte)) error {
+	return filepath.Walk(inDir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		if info.IsDir() && path != inDir {
+			return filepath.SkipDir
+		}
+
+		file := filepath.Base(path)
+		if ext := filepath.Ext(file); ext == ".json" || ext == ".yaml" {
+			data, err := os.ReadFile(path)
+			if err != nil {
+				return err
+			}
+			name := strings.TrimSuffix(file, ext)
+
+			var docs [][]byte
+			if ext == ".yaml" {
+				// YAML can contain multiple documents.
+				splitter := yaml.NewYAMLReader(bufio.NewReader(bytes.NewBuffer(data)))
+				for {
+					doc, err := splitter.Read()
+					if err == io.EOF {
+						break
+					}
+					if err != nil {
+						return fmt.Errorf("%s: %v", path, err)
+					}
+					out, err := yaml.ToJSON(doc)
+					if err != nil {
+						return fmt.Errorf("%s: %v", path, err)
+					}
+					// deal with "empty" document (e.g. pure comments)
+					if string(out) != "null" {
+						docs = append(docs, out)
+					}
+				}
+			} else {
+				docs = append(docs, data)
+			}
+
+			t.Logf("Checking file %s\n", name)
+			fn(name, path, docs)
+		}
+		return nil
+	})
+}
+
+func TestExampleObjectSchemas(t *testing.T) {
+	initGroups()
+
+	// Please help maintain the alphabeta order in the map
+	cases := map[string]map[string][]runtime.Object{
+		"access": {
+			"deployment-replicas-policy":                   {&admissionregistration.ValidatingAdmissionPolicy{}},
+			"endpoints-aggregated":                         {&rbac.ClusterRole{}},
+			"image-matches-namespace-environment.policy":   {&admissionregistration.ValidatingAdmissionPolicy{}},
+			"validating-admission-policy-audit-annotation": {&admissionregistration.ValidatingAdmissionPolicy{}},
+			"validating-admission-policy-match-conditions": {&admissionregistration.ValidatingAdmissionPolicy{}},
+		},
+		"access/certificate-signing-request": {
+			"clusterrole-approve": {&rbac.ClusterRole{}},
+			"clusterrole-create":  {&rbac.ClusterRole{}},
+			"clusterrole-sign":    {&rbac.ClusterRole{}},
+		},
+		"admin": {
+			"namespace-dev":        {&api.Namespace{}},
+			"namespace-prod":       {&api.Namespace{}},
+			"snowflake-deployment": {&apps.Deployment{}},
+		},
+		"admin/cloud": {
+			"ccm-example": {&api.ServiceAccount{}, &rbac.ClusterRoleBinding{}, &apps.DaemonSet{}},
+		},
+		"admin/dns": {
+			"busybox":                   {&api.Pod{}},
+			"dns-horizontal-autoscaler": {&api.ServiceAccount{}, &rbac.ClusterRole{}, &rbac.ClusterRoleBinding{}, &apps.Deployment{}},
+			"dnsutils":                  {&api.Pod{}},
+		},
+		// TODO: "admin/konnectivity" is not include yet.
+		"admin/logging": {
+			"fluentd-sidecar-config":                  {&api.ConfigMap{}},
+			"two-files-counter-pod":                   {&api.Pod{}},
+			"two-files-counter-pod-agent-sidecar":     {&api.Pod{}},
+			"two-files-counter-pod-streaming-sidecar": {&api.Pod{}},
+		},
+		"admin/resource": {
+			"cpu-constraints":          {&api.LimitRange{}},
+			"cpu-constraints-pod":      {&api.Pod{}},
+			"cpu-constraints-pod-2":    {&api.Pod{}},
+			"cpu-constraints-pod-3":    {&api.Pod{}},
+			"cpu-constraints-pod-4":    {&api.Pod{}},
+			"cpu-defaults":             {&api.LimitRange{}},
+			"cpu-defaults-pod":         {&api.Pod{}},
+			"cpu-defaults-pod-2":       {&api.Pod{}},
+			"cpu-defaults-pod-3":       {&api.Pod{}},
+			"limit-mem-cpu-container":  {&api.LimitRange{}},
+			"limit-mem-cpu-pod":        {&api.LimitRange{}},
+			"limit-range-pod-1":        {&api.Pod{}},
+			"limit-range-pod-2":        {&api.Pod{}},
+			"limit-range-pod-3":        {&api.Pod{}},
+			"limit-memory-ratio-pod":   {&api.LimitRange{}},
+			"memory-constraints":       {&api.LimitRange{}},
+			"memory-constraints-pod":   {&api.Pod{}},
+			"memory-constraints-pod-2": {&api.Pod{}},
+			"memory-constraints-pod-3": {&api.Pod{}},
+			"memory-constraints-pod-4": {&api.Pod{}},
+			"memory-defaults":          {&api.LimitRange{}},
+			"memory-defaults-pod":      {&api.Pod{}},
+			"memory-defaults-pod-2":    {&api.Pod{}},
+			"memory-defaults-pod-3":    {&api.Pod{}},
+			"pvc-limit-lower":          {&api.PersistentVolumeClaim{}},
+			"pvc-limit-greater":        {&api.PersistentVolumeClaim{}},
+			"quota-mem-cpu":            {&api.ResourceQuota{}},
+			"quota-mem-cpu-pod":        {&api.Pod{}},
+			"quota-mem-cpu-pod-2":      {&api.Pod{}},
+			"quota-objects":            {&api.ResourceQuota{}},
+			"quota-objects-pvc":        {&api.PersistentVolumeClaim{}},
+			"quota-objects-pvc-2":      {&api.PersistentVolumeClaim{}},
+			"quota-pod":                {&api.ResourceQuota{}},
+			"quota-pod-deployment":     {&apps.Deployment{}},
+			"storagelimits":            {&api.LimitRange{}},
+		},
+		"admin/sched": {
+			"clusterrole":  {&rbac.ClusterRole{}},
+			"my-scheduler": {&api.ServiceAccount{}, &rbac.ClusterRoleBinding{}, &rbac.ClusterRoleBinding{}, &rbac.RoleBinding{}, &api.ConfigMap{}, &apps.Deployment{}},
+			"pod1":         {&api.Pod{}},
+			"pod2":         {&api.Pod{}},
+			"pod3":         {&api.Pod{}},
+		},
+		"application": {
+			"deployment":            {&apps.Deployment{}},
+			"deployment-patch":      {&apps.Deployment{}},
+			"deployment-retainkeys": {&apps.Deployment{}},
+			"deployment-scale":      {&apps.Deployment{}},
+			"deployment-sidecar":    {&apps.Deployment{}},
+			"deployment-update":     {&apps.Deployment{}},
+			"nginx-app":             {&api.Service{}, &apps.Deployment{}},
+			"nginx-with-request":    {&apps.Deployment{}},
+			"php-apache":            {&apps.Deployment{}, &api.Service{}},
+			"shell-demo":            {&api.Pod{}},
+			"simple_deployment":     {&apps.Deployment{}},
+			"update_deployment":     {&apps.Deployment{}},
+		},
+		"application/cassandra": {
+			"cassandra-service":     {&api.Service{}},
+			"cassandra-statefulset": {&apps.StatefulSet{}, &storage.StorageClass{}},
+		},
+		"application/guestbook": {
+			"frontend-deployment":       {&apps.Deployment{}},
+			"frontend-service":          {&api.Service{}},
+			"redis-follower-deployment": {&apps.Deployment{}},
+			"redis-follower-service":    {&api.Service{}},
+			"redis-leader-deployment":   {&apps.Deployment{}},
+			"redis-leader-service":      {&api.Service{}},
+		},
+		"application/hpa": {
+			"php-apache": {&autoscaling.HorizontalPodAutoscaler{}},
+		},
+		"application/job": {
+			"cronjob":         {&batch.CronJob{}},
+			"job-sidecar":     {&batch.Job{}},
+			"job-tmpl":        {&batch.Job{}},
+			"indexed-job":     {&batch.Job{}},
+			"indexed-job-vol": {&batch.Job{}},
+		},
+		"application/job/rabbitmq": {
+			"job":                  {&batch.Job{}},
+			"rabbitmq-statefulset": {&apps.StatefulSet{}},
+			"rabbitmq-service":     {&api.Service{}},
+		},
+		"application/job/redis": {
+			"job":           {&batch.Job{}},
+			"redis-pod":     {&api.Pod{}},
+			"redis-service": {&api.Service{}},
+		},
+		"application/mongodb": {
+			"mongo-deployment": {&apps.Deployment{}},
+			"mongo-service":    {&api.Service{}},
+		},
+		"application/mysql": {
+			"mysql-configmap":   {&api.ConfigMap{}},
+			"mysql-deployment":  {&api.Service{}, &apps.Deployment{}},
+			"mysql-pv":          {&api.PersistentVolume{}, &api.PersistentVolumeClaim{}},
+			"mysql-services":    {&api.Service{}, &api.Service{}},
+			"mysql-statefulset": {&apps.StatefulSet{}},
+		},
+		"application/nginx": {
+			"nginx-deployment": {&apps.Deployment{}},
+			"nginx-svc":        {&api.Service{}},
+		},
+		"application/ssa": {
+			"nginx-deployment":             {&apps.Deployment{}},
+			"nginx-deployment-no-replicas": {&apps.Deployment{}},
+		},
+		"application/web": {
+			"web":          {&api.Service{}, &apps.StatefulSet{}},
+			"web-parallel": {&api.Service{}, &apps.StatefulSet{}},
+		},
+		"application/wordpress": {
+			"mysql-deployment":     {&api.Service{}, &api.PersistentVolumeClaim{}, &apps.Deployment{}},
+			"wordpress-deployment": {&api.Service{}, &api.PersistentVolumeClaim{}, &apps.Deployment{}},
+		},
+		"application/zookeeper": {
+			"zookeeper": {&api.Service{}, &api.Service{}, &policy.PodDisruptionBudget{}, &apps.StatefulSet{}},
+		},
+		"concepts/policy/limit-range": {
+			"example-conflict-with-limitrange-cpu":    {&api.Pod{}},
+			"problematic-limit-range":                 {&api.LimitRange{}},
+			"example-no-conflict-with-limitrange-cpu": {&api.Pod{}},
+		},
+		"configmap": {
+			"configmaps":              {&api.ConfigMap{}, &api.ConfigMap{}},
+			"configmap-multikeys":     {&api.ConfigMap{}},
+			"configure-pod":           {&api.Pod{}},
+			"immutable-configmap":     {&api.ConfigMap{}},
+			"new-immutable-configmap": {&api.ConfigMap{}},
+		},
+		"controllers": {
+			"daemonset":                           {&apps.DaemonSet{}},
+			"daemonset-label-selector":            {&apps.DaemonSet{}},
+			"fluentd-daemonset":                   {&apps.DaemonSet{}},
+			"fluentd-daemonset-update":            {&apps.DaemonSet{}},
+			"frontend":                            {&apps.ReplicaSet{}},
+			"hpa-rs":                              {&autoscaling.HorizontalPodAutoscaler{}},
+			"job":                                 {&batch.Job{}},
+			"job-backoff-limit-per-index-example": {&batch.Job{}},
+			"job-pod-failure-policy-config-issue": {&batch.Job{}},
+			"job-pod-failure-policy-example":      {&batch.Job{}},
+			"job-pod-failure-policy-failjob":      {&batch.Job{}},
+			"job-pod-failure-policy-ignore":       {&batch.Job{}},
+			"job-success-policy":                  {&batch.Job{}},
+			"replicaset":                          {&apps.ReplicaSet{}},
+			"replication":                         {&api.ReplicationController{}},
+			"replication-nginx-1.14.2":            {&api.ReplicationController{}},
+			"replication-nginx-1.16.1":            {&api.ReplicationController{}},
+			"nginx-deployment":                    {&apps.Deployment{}},
+		},
+		"debug": {
+			"counter-pod":                     {&api.Pod{}},
+			"event-exporter":                  {&api.ServiceAccount{}, &rbac.ClusterRoleBinding{}, &apps.Deployment{}},
+			"fluentd-gcp-configmap":           {&api.ConfigMap{}},
+			"fluentd-gcp-ds":                  {&apps.DaemonSet{}},
+			"node-problem-detector":           {&apps.DaemonSet{}},
+			"node-problem-detector-configmap": {&apps.DaemonSet{}},
+			"termination":                     {&api.Pod{}},
+		},
+		"pods": {
+			"commands":                            {&api.Pod{}},
+			"init-containers":                     {&api.Pod{}},
+			"lifecycle-events":                    {&api.Pod{}},
+			"pod-configmap-env-var-valueFrom":     {&api.Pod{}},
+			"pod-configmap-envFrom":               {&api.Pod{}},
+			"pod-configmap-volume":                {&api.Pod{}},
+			"pod-configmap-volume-specific-key":   {&api.Pod{}},
+			"pod-multiple-configmap-env-variable": {&api.Pod{}},
+			"pod-nginx-preferred-affinity":        {&api.Pod{}},
+			"pod-nginx-required-affinity":         {&api.Pod{}},
+			"pod-nginx-specific-node":             {&api.Pod{}},
+			"pod-nginx":                           {&api.Pod{}},
+			"pod-projected-svc-token":             {&api.Pod{}},
+			"pod-rs":                              {&api.Pod{}, &api.Pod{}},
+			"pod-single-configmap-env-variable":   {&api.Pod{}},
+			"pod-with-affinity-preferred-weight":  {&api.Pod{}},
+			"pod-with-node-affinity":              {&api.Pod{}},
+			"pod-with-pod-affinity":               {&api.Pod{}},
+			"pod-with-scheduling-gates":           {&api.Pod{}},
+			"pod-with-toleration":                 {&api.Pod{}},
+			"pod-without-scheduling-gates":        {&api.Pod{}},
+			"private-reg-pod":                     {&api.Pod{}},
+			"share-process-namespace":             {&api.Pod{}},
+			"simple-pod":                          {&api.Pod{}},
+			"two-container-pod":                   {&api.Pod{}},
+			"user-namespaces-stateless":           {&api.Pod{}},
+		},
+		"pods/config": {
+			"redis-pod":            {&api.Pod{}},
+			"example-redis-config": {&api.ConfigMap{}},
+		},
+		"pods/inject": {
+			"dapi-envars-container":            {&api.Pod{}},
+			"dapi-envars-pod":                  {&api.Pod{}},
+			"dapi-volume":                      {&api.Pod{}},
+			"dapi-volume-resources":            {&api.Pod{}},
+			"dependent-envars":                 {&api.Pod{}},
+			"envars":                           {&api.Pod{}},
+			"pod-multiple-secret-env-variable": {&api.Pod{}},
+			"pod-secret-envFrom":               {&api.Pod{}},
+			"pod-single-secret-env-variable":   {&api.Pod{}},
+			"secret":                           {&api.Secret{}},
+			"secret-envars-pod":                {&api.Pod{}},
+			"secret-pod":                       {&api.Pod{}},
+		},
+		"pods/probe": {
+			"exec-liveness":                   {&api.Pod{}},
+			"grpc-liveness":                   {&api.Pod{}},
+			"http-liveness":                   {&api.Pod{}},
+			"pod-with-http-healthcheck":       {&api.Pod{}},
+			"pod-with-tcp-socket-healthcheck": {&api.Pod{}},
+			"tcp-liveness-readiness":          {&api.Pod{}},
+		},
+		"pods/qos": {
+			"qos-pod":   {&api.Pod{}},
+			"qos-pod-2": {&api.Pod{}},
+			"qos-pod-3": {&api.Pod{}},
+			"qos-pod-4": {&api.Pod{}},
+			"qos-pod-5": {&api.Pod{}},
+		},
+		"pods/resource": {
+			"cpu-request-limit":       {&api.Pod{}},
+			"cpu-request-limit-2":     {&api.Pod{}},
+			"extended-resource-pod":   {&api.Pod{}},
+			"extended-resource-pod-2": {&api.Pod{}},
+			"memory-request-limit":    {&api.Pod{}},
+			"memory-request-limit-2":  {&api.Pod{}},
+			"memory-request-limit-3":  {&api.Pod{}},
+		},
+		"pods/security": {
+			"hello-apparmor":     {&api.Pod{}},
+			"security-context":   {&api.Pod{}},
+			"security-context-2": {&api.Pod{}},
+			"security-context-3": {&api.Pod{}},
+			"security-context-4": {&api.Pod{}},
+		},
+		"pods/storage": {
+			"projected":                                    {&api.Pod{}},
+			"projected-secret-downwardapi-configmap":       {&api.Pod{}},
+			"projected-secrets-nondefault-permission-mode": {&api.Pod{}},
+			"projected-service-account-token":              {&api.Pod{}},
+			"pv-claim":                                     {&api.PersistentVolumeClaim{}},
+			"pv-duplicate":                                 {&api.Pod{}},
+			"pv-pod":                                       {&api.Pod{}},
+			"pv-volume":                                    {&api.PersistentVolume{}},
+			"redis":                                        {&api.Pod{}},
+			"projected-clustertrustbundle":                 {&api.Pod{}},
+		},
+		"pods/topology-spread-constraints": {
+			"one-constraint":                   {&api.Pod{}},
+			"one-constraint-with-nodeaffinity": {&api.Pod{}},
+			"two-constraints":                  {&api.Pod{}},
+		},
+		"policy": {
+			"priority-class-resourcequota":                   {&api.ResourceQuota{}},
+			"zookeeper-pod-disruption-budget-maxunavailable": {&policy.PodDisruptionBudget{}},
+			"zookeeper-pod-disruption-budget-minavailable":   {&policy.PodDisruptionBudget{}},
+		},
+		/* TODO: This doesn't work yet.
+		"priority-and-fairness": {
+			"health-for-strangers": {&flowcontrol.FlowSchema{}},
+		},
+		*/
+		"secret/serviceaccount": {
+			"mysecretname": {&api.Secret{}},
+		},
+		"security": {
+			"example-baseline-pod":   {&api.Pod{}},
+			"podsecurity-baseline":   {&api.Namespace{}},
+			"podsecurity-privileged": {&api.Namespace{}},
+			"podsecurity-restricted": {&api.Namespace{}},
+		},
+		"service": {
+			"nginx-service":                      {&api.Service{}},
+			"load-balancer-example":              {&apps.Deployment{}},
+			"pod-with-graceful-termination":      {&apps.Deployment{}},
+			"explore-graceful-termination-nginx": {&api.Service{}},
+		},
+		"service/access": {
+			"backend-deployment":  {&apps.Deployment{}},
+			"backend-service":     {&api.Service{}},
+			"frontend-deployment": {&apps.Deployment{}},
+			"frontend-service":    {&api.Service{}},
+			"hello-application":   {&apps.Deployment{}},
+		},
+		"service/networking": {
+			"curlpod":                                 {&apps.Deployment{}},
+			"custom-dns":                              {&api.Pod{}},
+			"default-ingressclass":                    {&networking.IngressClass{}},
+			"dual-stack-default-svc":                  {&api.Service{}},
+			"dual-stack-ipfamilies-ipv6":              {&api.Service{}},
+			"dual-stack-ipv6-svc":                     {&api.Service{}},
+			"dual-stack-prefer-ipv6-lb-svc":           {&api.Service{}},
+			"dual-stack-preferred-ipfamilies-svc":     {&api.Service{}},
+			"dual-stack-preferred-svc":                {&api.Service{}},
+			"external-lb":                             {&networking.IngressClass{}},
+			"example-ingress":                         {&networking.Ingress{}},
+			"hostaliases-pod":                         {&api.Pod{}},
+			"ingress-resource-backend":                {&networking.Ingress{}},
+			"ingress-wildcard-host":                   {&networking.Ingress{}},
+			"minimal-ingress":                         {&networking.Ingress{}},
+			"name-virtual-host-ingress":               {&networking.Ingress{}},
+			"name-virtual-host-ingress-no-third-host": {&networking.Ingress{}},
+			"namespaced-params":                       {&networking.IngressClass{}},
+			"networkpolicy":                           {&networking.NetworkPolicy{}},
+			"networkpolicy-multiport-egress":          {&networking.NetworkPolicy{}},
+			"network-policy-allow-all-egress":         {&networking.NetworkPolicy{}},
+			"network-policy-allow-all-ingress":        {&networking.NetworkPolicy{}},
+			"network-policy-default-deny-egress":      {&networking.NetworkPolicy{}},
+			"network-policy-default-deny-ingress":     {&networking.NetworkPolicy{}},
+			"network-policy-default-deny-all":         {&networking.NetworkPolicy{}},
+			"nginx-policy":                            {&networking.NetworkPolicy{}},
+			"nginx-secure-app":                        {&api.Service{}, &apps.Deployment{}},
+			"nginx-svc":                               {&api.Service{}},
+			"run-my-nginx":                            {&apps.Deployment{}},
+			"simple-fanout-example":                   {&networking.Ingress{}},
+			"test-ingress":                            {&networking.Ingress{}},
+			"tls-example-ingress":                     {&networking.Ingress{}},
+		},
+		"windows": {
+			"configmap-pod":             {&api.ConfigMap{}, &api.Pod{}},
+			"daemonset":                 {&apps.DaemonSet{}},
+			"deploy-hyperv":             {&apps.Deployment{}},
+			"deploy-resource":           {&apps.Deployment{}},
+			"emptydir-pod":              {&api.Pod{}},
+			"hostpath-volume-pod":       {&api.Pod{}},
+			"run-as-username-container": {&api.Pod{}},
+			"run-as-username-pod":       {&api.Pod{}},
+			"secret-pod":                {&api.Secret{}, &api.Pod{}},
+			"simple-pod":                {&api.Pod{}},
+		},
+	}
+
+	// Note a key in the following map has to be complete relative path
+	filesIgnore := map[string]map[string]bool{
+		"audit": {
+			"audit-policy": true,
+		},
+		// PSP is dropped in v1.29, do not validate them
+		"policy": {
+			"baseline-psp":   true,
+			"example-psp":    true,
+			"privileged-psp": true,
+			"restricted-psp": true,
+		},
+	}
+	capabilities.SetForTests(capabilities.Capabilities{
+		AllowPrivileged: true,
+	})
+
+	for dir, expected := range cases {
+		tested := 0
+		numExpected := 0
+		path := dir
+		// Test if artifacts do exist
+		for name := range expected {
+			fn := path + "/" + name
+			_, err1 := os.Stat(fn + ".yaml")
+			_, err2 := os.Stat(fn + ".json")
+			if err1 != nil && err2 != nil {
+				t.Errorf("Test case defined for non-existent file %s", fn)
+			}
+		}
+		t.Logf("Checking path %s/\n", path)
+		err := walkConfigFiles(path, t, func(name, path string, docs [][]byte) {
+			expectedTypes, found := expected[name]
+			if !found {
+				p := filepath.Dir(path)
+				if files, ok := filesIgnore[p]; ok {
+					if files[name] {
+						return
+					}
+				}
+				t.Errorf("%s: %s does not have a test case defined", path, name)
+				return
+			}
+			numExpected += len(expectedTypes)
+			if len(expectedTypes) != len(docs) {
+				t.Errorf("%s: number of expected types (%v) doesn't match number of docs in YAML (%v)", path, len(expectedTypes), len(docs))
+				return
+			}
+			for i, data := range docs {
+				expectedType := expectedTypes[i]
+				tested++
+				if expectedType == nil {
+					t.Logf("skipping : %s/%s\n", path, name)
+					return
+				}
+
+				codec, err := getCodecForObject(expectedType)
+				if err != nil {
+					t.Errorf("Could not get codec for %s: %s", expectedType, err)
+				}
+				if err := runtime.DecodeInto(codec, data, expectedType); err != nil {
+					t.Errorf("%s did not decode correctly: %v\n%s", path, err, string(data))
+					return
+				}
+				if errors := validateObject(expectedType); len(errors) > 0 {
+					t.Errorf("%s did not validate correctly: %v", path, errors)
+				}
+			}
+		})
+		if err != nil {
+			t.Errorf("Expected no error, Got %v on Path %v", err, path)
+		}
+		if tested != numExpected {
+			t.Errorf("Directory %v: Expected %d examples, Got %d", path, len(expected), tested)
+		}
+	}
+}
diff --git a/content/hi/examples/pods/commands.yaml b/content/hi/examples/pods/commands.yaml
new file mode 100644
index 0000000000000..2327d2582745f
--- /dev/null
+++ b/content/hi/examples/pods/commands.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: command-demo
+  labels:
+    purpose: demonstrate-command
+spec:
+  containers:
+  - name: command-demo-container
+    image: debian
+    command: ["printenv"]
+    args: ["HOSTNAME", "KUBERNETES_PORT"]
+  restartPolicy: OnFailure
diff --git a/content/hi/examples/pods/config/example-redis-config.yaml b/content/hi/examples/pods/config/example-redis-config.yaml
new file mode 100644
index 0000000000000..5b093b12136b8
--- /dev/null
+++ b/content/hi/examples/pods/config/example-redis-config.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: example-redis-config
+data:
+  redis-config: |
+    maxmemory 2mb
+    maxmemory-policy allkeys-lru
diff --git a/content/hi/examples/pods/config/redis-config b/content/hi/examples/pods/config/redis-config
new file mode 100644
index 0000000000000..ead340713c830
--- /dev/null
+++ b/content/hi/examples/pods/config/redis-config
@@ -0,0 +1,2 @@
+maxmemory 2mb
+maxmemory-policy allkeys-lru
diff --git a/content/hi/examples/pods/config/redis-pod.yaml b/content/hi/examples/pods/config/redis-pod.yaml
new file mode 100644
index 0000000000000..b1714c26e5ff8
--- /dev/null
+++ b/content/hi/examples/pods/config/redis-pod.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: redis
+spec:
+  containers:
+  - name: redis
+    image: redis:5.0.4
+    command:
+      - redis-server
+      - "/redis-master/redis.conf"
+    env:
+    - name: MASTER
+      value: "true"
+    ports:
+    - containerPort: 6379
+    resources:
+      limits:
+        cpu: "0.1"
+    volumeMounts:
+    - mountPath: /redis-master-data
+      name: data
+    - mountPath: /redis-master
+      name: config
+  volumes:
+    - name: data
+      emptyDir: {}
+    - name: config
+      configMap:
+        name: example-redis-config
+        items:
+        - key: redis-config
+          path: redis.conf
diff --git a/content/hi/examples/pods/init-containers.yaml b/content/hi/examples/pods/init-containers.yaml
new file mode 100644
index 0000000000000..e55895d673f38
--- /dev/null
+++ b/content/hi/examples/pods/init-containers.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: init-demo
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    ports:
+    - containerPort: 80
+    volumeMounts:
+    - name: workdir
+      mountPath: /usr/share/nginx/html
+  # These containers are run during pod initialization
+  initContainers:
+  - name: install
+    image: busybox:1.28
+    command:
+    - wget
+    - "-O"
+    - "/work-dir/index.html"
+    - http://info.cern.ch
+    volumeMounts:
+    - name: workdir
+      mountPath: "/work-dir"
+  dnsPolicy: Default
+  volumes:
+  - name: workdir
+    emptyDir: {}
+
diff --git a/content/hi/examples/pods/inject/dapi-envars-container.yaml b/content/hi/examples/pods/inject/dapi-envars-container.yaml
new file mode 100644
index 0000000000000..4267053a069a0
--- /dev/null
+++ b/content/hi/examples/pods/inject/dapi-envars-container.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-envars-resourcefieldref
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox:1.24
+      command: [ "sh", "-c"]
+      args:
+      - while true; do
+          echo -en '\n';
+          printenv MY_CPU_REQUEST MY_CPU_LIMIT;
+          printenv MY_MEM_REQUEST MY_MEM_LIMIT;
+          sleep 10;
+        done;
+      resources:
+        requests:
+          memory: "32Mi"
+          cpu: "125m"
+        limits:
+          memory: "64Mi"
+          cpu: "250m"
+      env:
+        - name: MY_CPU_REQUEST
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: requests.cpu
+        - name: MY_CPU_LIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: limits.cpu
+        - name: MY_MEM_REQUEST
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: requests.memory
+        - name: MY_MEM_LIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: test-container
+              resource: limits.memory
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/inject/dapi-envars-pod.yaml b/content/hi/examples/pods/inject/dapi-envars-pod.yaml
new file mode 100644
index 0000000000000..d5a646e087798
--- /dev/null
+++ b/content/hi/examples/pods/inject/dapi-envars-pod.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-envars-fieldref
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox
+      command: [ "sh", "-c"]
+      args:
+      - while true; do
+          echo -en '\n';
+          printenv MY_NODE_NAME MY_POD_NAME MY_POD_NAMESPACE;
+          printenv MY_POD_IP MY_POD_SERVICE_ACCOUNT;
+          sleep 10;
+        done;
+      env:
+        - name: MY_NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: MY_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MY_POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: MY_POD_SERVICE_ACCOUNT
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.serviceAccountName
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/inject/dapi-volume-resources.yaml b/content/hi/examples/pods/inject/dapi-volume-resources.yaml
new file mode 100644
index 0000000000000..5b52bf8448f3c
--- /dev/null
+++ b/content/hi/examples/pods/inject/dapi-volume-resources.yaml
@@ -0,0 +1,57 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kubernetes-downwardapi-volume-example-2
+spec:
+  containers:
+    - name: client-container
+      image: registry.k8s.io/busybox:1.24
+      command: ["sh", "-c"]
+      args:
+      - while true; do
+          echo -en '\n';
+          if [[ -e /etc/podinfo/cpu_limit ]]; then
+            echo -en '\n'; cat /etc/podinfo/cpu_limit; fi;
+          if [[ -e /etc/podinfo/cpu_request ]]; then
+            echo -en '\n'; cat /etc/podinfo/cpu_request; fi;
+          if [[ -e /etc/podinfo/mem_limit ]]; then
+            echo -en '\n'; cat /etc/podinfo/mem_limit; fi;
+          if [[ -e /etc/podinfo/mem_request ]]; then
+            echo -en '\n'; cat /etc/podinfo/mem_request; fi;
+          sleep 5;
+        done;
+      resources:
+        requests:
+          memory: "32Mi"
+          cpu: "125m"
+        limits:
+          memory: "64Mi"
+          cpu: "250m"
+      volumeMounts:
+        - name: podinfo
+          mountPath: /etc/podinfo
+  volumes:
+    - name: podinfo
+      downwardAPI:
+        items:
+          - path: "cpu_limit"
+            resourceFieldRef:
+              containerName: client-container
+              resource: limits.cpu
+              divisor: 1m
+          - path: "cpu_request"
+            resourceFieldRef:
+              containerName: client-container
+              resource: requests.cpu
+              divisor: 1m
+          - path: "mem_limit"
+            resourceFieldRef:
+              containerName: client-container
+              resource: limits.memory
+              divisor: 1Mi
+          - path: "mem_request"
+            resourceFieldRef:
+              containerName: client-container
+              resource: requests.memory
+              divisor: 1Mi
+
diff --git a/content/hi/examples/pods/inject/dapi-volume.yaml b/content/hi/examples/pods/inject/dapi-volume.yaml
new file mode 100644
index 0000000000000..682098d27f392
--- /dev/null
+++ b/content/hi/examples/pods/inject/dapi-volume.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kubernetes-downwardapi-volume-example
+  labels:
+    zone: us-est-coast
+    cluster: test-cluster1
+    rack: rack-22
+  annotations:
+    build: two
+    builder: john-doe
+spec:
+  containers:
+    - name: client-container
+      image: registry.k8s.io/busybox
+      command: ["sh", "-c"]
+      args:
+      - while true; do
+          if [[ -e /etc/podinfo/labels ]]; then
+            echo -en '\n\n'; cat /etc/podinfo/labels; fi;
+          if [[ -e /etc/podinfo/annotations ]]; then
+            echo -en '\n\n'; cat /etc/podinfo/annotations; fi;
+          sleep 5;
+        done;
+      volumeMounts:
+        - name: podinfo
+          mountPath: /etc/podinfo
+  volumes:
+    - name: podinfo
+      downwardAPI:
+        items:
+          - path: "labels"
+            fieldRef:
+              fieldPath: metadata.labels
+          - path: "annotations"
+            fieldRef:
+              fieldPath: metadata.annotations
+
diff --git a/content/hi/examples/pods/inject/dependent-envars.yaml b/content/hi/examples/pods/inject/dependent-envars.yaml
new file mode 100644
index 0000000000000..67d07098baec6
--- /dev/null
+++ b/content/hi/examples/pods/inject/dependent-envars.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dependent-envars-demo
+spec:
+  containers:
+    - name: dependent-envars-demo
+      args:
+        - while true; do echo -en '\n'; printf UNCHANGED_REFERENCE=$UNCHANGED_REFERENCE'\n'; printf SERVICE_ADDRESS=$SERVICE_ADDRESS'\n';printf ESCAPED_REFERENCE=$ESCAPED_REFERENCE'\n'; sleep 30; done;
+      command:
+        - sh
+        - -c
+      image: busybox:1.28
+      env:
+        - name: SERVICE_PORT
+          value: "80"
+        - name: SERVICE_IP
+          value: "172.17.0.1"
+        - name: UNCHANGED_REFERENCE
+          value: "$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)"
+        - name: PROTOCOL
+          value: "https"
+        - name: SERVICE_ADDRESS
+          value: "$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)"
+        - name: ESCAPED_REFERENCE
+          value: "$$(PROTOCOL)://$(SERVICE_IP):$(SERVICE_PORT)"
diff --git a/content/hi/examples/pods/inject/envars.yaml b/content/hi/examples/pods/inject/envars.yaml
new file mode 100644
index 0000000000000..7bfca7b64b055
--- /dev/null
+++ b/content/hi/examples/pods/inject/envars.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: envar-demo
+  labels:
+    purpose: demonstrate-envars
+spec:
+  containers:
+  - name: envar-demo-container
+    image: gcr.io/google-samples/hello-app:2.0
+    env:
+    - name: DEMO_GREETING
+      value: "Hello from the environment"
+    - name: DEMO_FAREWELL
+      value: "Such a sweet sorrow"
diff --git a/content/hi/examples/pods/inject/pod-multiple-secret-env-variable.yaml b/content/hi/examples/pods/inject/pod-multiple-secret-env-variable.yaml
new file mode 100644
index 0000000000000..f285e4193262c
--- /dev/null
+++ b/content/hi/examples/pods/inject/pod-multiple-secret-env-variable.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: envvars-multiple-secrets
+spec:
+  containers:
+  - name: envars-test-container
+    image: nginx
+    env:
+    - name: BACKEND_USERNAME
+      valueFrom:
+        secretKeyRef:
+          name: backend-user
+          key: backend-username
+    - name: DB_USERNAME
+      valueFrom:
+        secretKeyRef:
+          name: db-user
+          key: db-username
diff --git a/content/hi/examples/pods/inject/pod-secret-envFrom.yaml b/content/hi/examples/pods/inject/pod-secret-envFrom.yaml
new file mode 100644
index 0000000000000..eb1d3213efe34
--- /dev/null
+++ b/content/hi/examples/pods/inject/pod-secret-envFrom.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: envfrom-secret
+spec:
+  containers:
+  - name: envars-test-container
+    image: nginx
+    envFrom:
+    - secretRef:
+        name: test-secret
diff --git a/content/hi/examples/pods/inject/pod-single-secret-env-variable.yaml b/content/hi/examples/pods/inject/pod-single-secret-env-variable.yaml
new file mode 100644
index 0000000000000..af4cf8732fe38
--- /dev/null
+++ b/content/hi/examples/pods/inject/pod-single-secret-env-variable.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: env-single-secret
+spec:
+  containers:
+  - name: envars-test-container
+    image: nginx
+    env:
+    - name: SECRET_USERNAME
+      valueFrom:
+        secretKeyRef:
+          name: backend-user
+          key: backend-username
diff --git a/content/hi/examples/pods/inject/secret-envars-pod.yaml b/content/hi/examples/pods/inject/secret-envars-pod.yaml
new file mode 100644
index 0000000000000..1637c0eac3560
--- /dev/null
+++ b/content/hi/examples/pods/inject/secret-envars-pod.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: secret-envars-test-pod
+spec:
+  containers:
+  - name: envars-test-container
+    image: nginx
+    env:
+    - name: SECRET_USERNAME
+      valueFrom:
+        secretKeyRef:
+          name: test-secret
+          key: username
+    - name: SECRET_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: test-secret
+          key: password
diff --git a/content/hi/examples/pods/inject/secret-pod.yaml b/content/hi/examples/pods/inject/secret-pod.yaml
new file mode 100644
index 0000000000000..8487da8d1c14d
--- /dev/null
+++ b/content/hi/examples/pods/inject/secret-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: secret-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: nginx
+      volumeMounts:
+        # name must match the volume name below
+        - name: secret-volume
+          mountPath: /etc/secret-volume
+          readOnly: true
+  # The secret data is exposed to Containers in the Pod through a Volume.
+  volumes:
+    - name: secret-volume
+      secret:
+        secretName: test-secret
diff --git a/content/hi/examples/pods/inject/secret.yaml b/content/hi/examples/pods/inject/secret.yaml
new file mode 100644
index 0000000000000..706ca8670fa8d
--- /dev/null
+++ b/content/hi/examples/pods/inject/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-secret
+data:
+  username: bXktYXBw
+  password: Mzk1MjgkdmRnN0pi
diff --git a/content/hi/examples/pods/lifecycle-events.yaml b/content/hi/examples/pods/lifecycle-events.yaml
new file mode 100644
index 0000000000000..4b79d7289c568
--- /dev/null
+++ b/content/hi/examples/pods/lifecycle-events.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: lifecycle-demo
+spec:
+  containers:
+  - name: lifecycle-demo-container
+    image: nginx
+    lifecycle:
+      postStart:
+        exec:
+          command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
+      preStop:
+        exec:
+          command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]
+
diff --git a/content/hi/examples/pods/pod-configmap-env-var-valueFrom.yaml b/content/hi/examples/pods/pod-configmap-env-var-valueFrom.yaml
new file mode 100644
index 0000000000000..fa172abd37135
--- /dev/null
+++ b/content/hi/examples/pods/pod-configmap-env-var-valueFrom.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox
+      command: [ "/bin/echo", "$(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ]
+      env:
+        - name: SPECIAL_LEVEL_KEY
+          valueFrom:
+            configMapKeyRef:
+              name: special-config
+              key: SPECIAL_LEVEL
+        - name: SPECIAL_TYPE_KEY
+          valueFrom:
+            configMapKeyRef:
+              name: special-config
+              key: SPECIAL_TYPE
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/pod-configmap-envFrom.yaml b/content/hi/examples/pods/pod-configmap-envFrom.yaml
new file mode 100644
index 0000000000000..e7b5b60841edc
--- /dev/null
+++ b/content/hi/examples/pods/pod-configmap-envFrom.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox
+      command: [ "/bin/sh", "-c", "env" ]
+      envFrom:
+      - configMapRef:
+          name: special-config
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/pod-configmap-volume-specific-key.yaml b/content/hi/examples/pods/pod-configmap-volume-specific-key.yaml
new file mode 100644
index 0000000000000..ec7a8fb541cf0
--- /dev/null
+++ b/content/hi/examples/pods/pod-configmap-volume-specific-key.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox
+      command: [ "/bin/sh","-c","cat /etc/config/keys" ]
+      volumeMounts:
+      - name: config-volume
+        mountPath: /etc/config
+  volumes:
+    - name: config-volume
+      configMap:
+        name: special-config
+        items:
+        - key: SPECIAL_LEVEL
+          path: keys
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/pod-configmap-volume.yaml b/content/hi/examples/pods/pod-configmap-volume.yaml
new file mode 100644
index 0000000000000..4926a7e6ccd88
--- /dev/null
+++ b/content/hi/examples/pods/pod-configmap-volume.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox
+      command: [ "/bin/sh", "-c", "ls /etc/config/" ]
+      volumeMounts:
+      - name: config-volume
+        mountPath: /etc/config
+  volumes:
+    - name: config-volume
+      configMap:
+        # Provide the name of the ConfigMap containing the files you want
+        # to add to the container
+        name: special-config
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/pod-multiple-configmap-env-variable.yaml b/content/hi/examples/pods/pod-multiple-configmap-env-variable.yaml
new file mode 100644
index 0000000000000..c7b2b7abb8217
--- /dev/null
+++ b/content/hi/examples/pods/pod-multiple-configmap-env-variable.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox
+      command: [ "/bin/sh", "-c", "env" ]
+      env:
+        - name: SPECIAL_LEVEL_KEY
+          valueFrom:
+            configMapKeyRef:
+              name: special-config
+              key: special.how
+        - name: LOG_LEVEL
+          valueFrom:
+            configMapKeyRef:
+              name: env-config
+              key: log_level
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/pod-nginx-preferred-affinity.yaml b/content/hi/examples/pods/pod-nginx-preferred-affinity.yaml
new file mode 100644
index 0000000000000..183ba9f014225
--- /dev/null
+++ b/content/hi/examples/pods/pod-nginx-preferred-affinity.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  affinity:
+    nodeAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: disktype
+            operator: In
+            values:
+            - ssd          
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
diff --git a/content/hi/examples/pods/pod-nginx-required-affinity.yaml b/content/hi/examples/pods/pod-nginx-required-affinity.yaml
new file mode 100644
index 0000000000000..a3805eaa8d9c9
--- /dev/null
+++ b/content/hi/examples/pods/pod-nginx-required-affinity.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: disktype
+            operator: In
+            values:
+            - ssd            
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
diff --git a/content/hi/examples/pods/pod-nginx-specific-node.yaml b/content/hi/examples/pods/pod-nginx-specific-node.yaml
new file mode 100644
index 0000000000000..5923400d64534
--- /dev/null
+++ b/content/hi/examples/pods/pod-nginx-specific-node.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  nodeName: foo-node # schedule pod to specific node
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
diff --git a/content/hi/examples/pods/pod-nginx.yaml b/content/hi/examples/pods/pod-nginx.yaml
new file mode 100644
index 0000000000000..134ddae2aa1c8
--- /dev/null
+++ b/content/hi/examples/pods/pod-nginx.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+  labels:
+    env: test
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
+  nodeSelector:
+    disktype: ssd
diff --git a/content/hi/examples/pods/pod-projected-svc-token.yaml b/content/hi/examples/pods/pod-projected-svc-token.yaml
new file mode 100644
index 0000000000000..985073c8d39dc
--- /dev/null
+++ b/content/hi/examples/pods/pod-projected-svc-token.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+  - image: nginx
+    name: nginx
+    volumeMounts:
+    - mountPath: /var/run/secrets/tokens
+      name: vault-token
+  serviceAccountName: build-robot
+  volumes:
+  - name: vault-token
+    projected:
+      sources:
+      - serviceAccountToken:
+          path: vault-token
+          expirationSeconds: 7200
+          audience: vault
diff --git a/content/hi/examples/pods/pod-rs.yaml b/content/hi/examples/pods/pod-rs.yaml
new file mode 100644
index 0000000000000..df7b390597c49
--- /dev/null
+++ b/content/hi/examples/pods/pod-rs.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod1
+  labels:
+    tier: frontend
+spec:
+  containers:
+  - name: hello1
+    image: gcr.io/google-samples/hello-app:2.0
+
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod2
+  labels:
+    tier: frontend
+spec:
+  containers:
+  - name: hello2
+    image: gcr.io/google-samples/hello-app:1.0
diff --git a/content/hi/examples/pods/pod-single-configmap-env-variable.yaml b/content/hi/examples/pods/pod-single-configmap-env-variable.yaml
new file mode 100644
index 0000000000000..f543a0d8b4c64
--- /dev/null
+++ b/content/hi/examples/pods/pod-single-configmap-env-variable.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: registry.k8s.io/busybox
+      command: [ "/bin/sh", "-c", "env" ]
+      env:
+        # Define the environment variable
+        - name: SPECIAL_LEVEL_KEY
+          valueFrom:
+            configMapKeyRef:
+              # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
+              name: special-config
+              # Specify the key associated with the value
+              key: special.how
+  restartPolicy: Never
diff --git a/content/hi/examples/pods/pod-with-affinity-preferred-weight.yaml b/content/hi/examples/pods/pod-with-affinity-preferred-weight.yaml
new file mode 100644
index 0000000000000..3b064daaec67e
--- /dev/null
+++ b/content/hi/examples/pods/pod-with-affinity-preferred-weight.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: with-affinity-preferred-weight
+spec:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: kubernetes.io/os
+            operator: In
+            values:
+            - linux
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: label-1
+            operator: In
+            values:
+            - key-1
+      - weight: 50
+        preference:
+          matchExpressions:
+          - key: label-2
+            operator: In
+            values:
+            - key-2
+  containers:
+  - name: with-node-affinity
+    image: registry.k8s.io/pause:2.0
diff --git a/content/hi/examples/pods/pod-with-node-affinity.yaml b/content/hi/examples/pods/pod-with-node-affinity.yaml
new file mode 100644
index 0000000000000..5fedc554bfdd4
--- /dev/null
+++ b/content/hi/examples/pods/pod-with-node-affinity.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: with-node-affinity
+spec:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: topology.kubernetes.io/zone
+            operator: In
+            values:
+            - antarctica-east1
+            - antarctica-west1
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: another-node-label-key
+            operator: In
+            values:
+            - another-node-label-value
+  containers:
+  - name: with-node-affinity
+    image: registry.k8s.io/pause:2.0
\ No newline at end of file
diff --git a/content/hi/examples/pods/pod-with-pod-affinity.yaml b/content/hi/examples/pods/pod-with-pod-affinity.yaml
new file mode 100644
index 0000000000000..1a4fd74fd7aa9
--- /dev/null
+++ b/content/hi/examples/pods/pod-with-pod-affinity.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: with-pod-affinity
+spec:
+  affinity:
+    podAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+          - key: security
+            operator: In
+            values:
+            - S1
+        topologyKey: topology.kubernetes.io/zone
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: security
+              operator: In
+              values:
+              - S2
+          topologyKey: topology.kubernetes.io/zone
+  containers:
+  - name: with-pod-affinity
+    image: registry.k8s.io/pause:2.0
diff --git a/content/hi/examples/pods/pod-with-scheduling-gates.yaml b/content/hi/examples/pods/pod-with-scheduling-gates.yaml
new file mode 100644
index 0000000000000..de761d969460d
--- /dev/null
+++ b/content/hi/examples/pods/pod-with-scheduling-gates.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+spec:
+  schedulingGates:
+  - name: example.com/foo
+  - name: example.com/bar
+  containers:
+  - name: pause
+    image: registry.k8s.io/pause:3.6
diff --git a/content/hi/examples/pods/pod-with-toleration.yaml b/content/hi/examples/pods/pod-with-toleration.yaml
new file mode 100644
index 0000000000000..79f2756a8ce5f
--- /dev/null
+++ b/content/hi/examples/pods/pod-with-toleration.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+  labels:
+    env: test
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
+  tolerations:
+  - key: "example-key"
+    operator: "Exists"
+    effect: "NoSchedule"
diff --git a/content/hi/examples/pods/pod-without-scheduling-gates.yaml b/content/hi/examples/pods/pod-without-scheduling-gates.yaml
new file mode 100644
index 0000000000000..5638b6e97af5f
--- /dev/null
+++ b/content/hi/examples/pods/pod-without-scheduling-gates.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+spec:
+  containers:
+  - name: pause
+    image: registry.k8s.io/pause:3.6
diff --git a/content/hi/examples/pods/private-reg-pod.yaml b/content/hi/examples/pods/private-reg-pod.yaml
new file mode 100644
index 0000000000000..4029588dd0758
--- /dev/null
+++ b/content/hi/examples/pods/private-reg-pod.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: private-reg
+spec:
+  containers:
+  - name: private-reg-container
+    image: <your-private-image>
+  imagePullSecrets:
+  - name: regcred
+
diff --git a/content/hi/examples/pods/probe/exec-liveness.yaml b/content/hi/examples/pods/probe/exec-liveness.yaml
new file mode 100644
index 0000000000000..7d6ca96b3d611
--- /dev/null
+++ b/content/hi/examples/pods/probe/exec-liveness.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    test: liveness
+  name: liveness-exec
+spec:
+  containers:
+  - name: liveness
+    image: registry.k8s.io/busybox
+    args:
+    - /bin/sh
+    - -c
+    - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600
+    livenessProbe:
+      exec:
+        command:
+        - cat
+        - /tmp/healthy
+      initialDelaySeconds: 5
+      periodSeconds: 5
diff --git a/content/hi/examples/pods/probe/grpc-liveness.yaml b/content/hi/examples/pods/probe/grpc-liveness.yaml
new file mode 100644
index 0000000000000..901e47dacc70d
--- /dev/null
+++ b/content/hi/examples/pods/probe/grpc-liveness.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: etcd-with-grpc
+spec:
+  containers:
+  - name: etcd
+    image: registry.k8s.io/etcd:3.5.1-0
+    command: [ "/usr/local/bin/etcd", "--data-dir",  "/var/lib/etcd", "--listen-client-urls", "http://0.0.0.0:2379", "--advertise-client-urls", "http://127.0.0.1:2379", "--log-level", "debug"]
+    ports:
+    - containerPort: 2379
+    livenessProbe:
+      grpc:
+        port: 2379
+      initialDelaySeconds: 10
diff --git a/content/hi/examples/pods/probe/http-liveness.yaml b/content/hi/examples/pods/probe/http-liveness.yaml
new file mode 100644
index 0000000000000..ecc1a6ff2e12e
--- /dev/null
+++ b/content/hi/examples/pods/probe/http-liveness.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    test: liveness
+  name: liveness-http
+spec:
+  containers:
+  - name: liveness
+    image: registry.k8s.io/e2e-test-images/agnhost:2.40
+    args:
+    - liveness
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: 8080
+        httpHeaders:
+        - name: Custom-Header
+          value: Awesome
+      initialDelaySeconds: 3
+      periodSeconds: 3
diff --git a/content/hi/examples/pods/probe/pod-with-http-healthcheck.yaml b/content/hi/examples/pods/probe/pod-with-http-healthcheck.yaml
new file mode 100644
index 0000000000000..3f40854e92cf3
--- /dev/null
+++ b/content/hi/examples/pods/probe/pod-with-http-healthcheck.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-http-healthcheck
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    # defines the health checking
+    livenessProbe:
+      # an http probe
+      httpGet:
+        path: /_status/healthz
+        port: 80
+      # length of time to wait for a pod to initialize
+      # after pod startup, before applying health checking
+      initialDelaySeconds: 30
+      timeoutSeconds: 1
+    ports:
+    - containerPort: 80
diff --git a/content/hi/examples/pods/probe/pod-with-tcp-socket-healthcheck.yaml b/content/hi/examples/pods/probe/pod-with-tcp-socket-healthcheck.yaml
new file mode 100644
index 0000000000000..5f0bca283c30e
--- /dev/null
+++ b/content/hi/examples/pods/probe/pod-with-tcp-socket-healthcheck.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-tcp-socket-healthcheck
+spec:
+  containers:
+  - name: redis
+    image: redis
+    # defines the health checking
+    livenessProbe:
+      # a TCP socket probe
+      tcpSocket:
+        port: 6379
+      # length of time to wait for a pod to initialize
+      # after pod startup, before applying health checking
+      initialDelaySeconds: 30
+      timeoutSeconds: 1
+    ports:
+    - containerPort: 6379
diff --git a/content/hi/examples/pods/probe/tcp-liveness-readiness.yaml b/content/hi/examples/pods/probe/tcp-liveness-readiness.yaml
new file mode 100644
index 0000000000000..d10aae980e961
--- /dev/null
+++ b/content/hi/examples/pods/probe/tcp-liveness-readiness.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: goproxy
+  labels:
+    app: goproxy
+spec:
+  containers:
+  - name: goproxy
+    image: registry.k8s.io/goproxy:0.1
+    ports:
+    - containerPort: 8080
+    readinessProbe:
+      tcpSocket:
+        port: 8080
+      initialDelaySeconds: 15
+      periodSeconds: 10
+    livenessProbe:
+      tcpSocket:
+        port: 8080
+      initialDelaySeconds: 15
+      periodSeconds: 10
diff --git a/content/hi/examples/pods/qos/qos-pod-2.yaml b/content/hi/examples/pods/qos/qos-pod-2.yaml
new file mode 100644
index 0000000000000..115d4de21e3c2
--- /dev/null
+++ b/content/hi/examples/pods/qos/qos-pod-2.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo-2
+  namespace: qos-example
+spec:
+  containers:
+  - name: qos-demo-2-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "200Mi"
+      requests:
+        memory: "100Mi"
diff --git a/content/hi/examples/pods/qos/qos-pod-3.yaml b/content/hi/examples/pods/qos/qos-pod-3.yaml
new file mode 100644
index 0000000000000..dac362994209d
--- /dev/null
+++ b/content/hi/examples/pods/qos/qos-pod-3.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo-3
+  namespace: qos-example
+spec:
+  containers:
+  - name: qos-demo-3-ctr
+    image: nginx
diff --git a/content/hi/examples/pods/qos/qos-pod-4.yaml b/content/hi/examples/pods/qos/qos-pod-4.yaml
new file mode 100644
index 0000000000000..d4818b277eefa
--- /dev/null
+++ b/content/hi/examples/pods/qos/qos-pod-4.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo-4
+  namespace: qos-example
+spec:
+  containers:
+
+  - name: qos-demo-4-ctr-1
+    image: nginx
+    resources:
+      requests:
+        memory: "200Mi"
+
+  - name: qos-demo-4-ctr-2
+    image: redis
diff --git a/content/hi/examples/pods/qos/qos-pod-5.yaml b/content/hi/examples/pods/qos/qos-pod-5.yaml
new file mode 100644
index 0000000000000..c9b0c00c7ee1b
--- /dev/null
+++ b/content/hi/examples/pods/qos/qos-pod-5.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo-5
+  namespace: qos-example
+spec:
+  containers:
+  - name: qos-demo-ctr-5
+    image: nginx
+    resources:
+      limits:
+        memory: "200Mi"
+        cpu: "700m"
+      requests:
+        memory: "200Mi"
+        cpu: "700m"
diff --git a/content/hi/examples/pods/qos/qos-pod.yaml b/content/hi/examples/pods/qos/qos-pod.yaml
new file mode 100644
index 0000000000000..b4a6b1ea82902
--- /dev/null
+++ b/content/hi/examples/pods/qos/qos-pod.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: qos-demo
+  namespace: qos-example
+spec:
+  containers:
+  - name: qos-demo-ctr
+    image: nginx
+    resources:
+      limits:
+        memory: "200Mi"
+        cpu: "700m"
+      requests:
+        memory: "200Mi"
+        cpu: "700m"
diff --git a/content/hi/examples/pods/resource/cpu-request-limit-2.yaml b/content/hi/examples/pods/resource/cpu-request-limit-2.yaml
new file mode 100644
index 0000000000000..f505c77fbb91b
--- /dev/null
+++ b/content/hi/examples/pods/resource/cpu-request-limit-2.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cpu-demo-2
+  namespace: cpu-example
+spec:
+  containers:
+  - name: cpu-demo-ctr-2
+    image: vish/stress
+    resources:
+      limits:
+        cpu: "100"
+      requests:
+        cpu: "100"
+    args:
+    - -cpus
+    - "2"
diff --git a/content/hi/examples/pods/resource/cpu-request-limit.yaml b/content/hi/examples/pods/resource/cpu-request-limit.yaml
new file mode 100644
index 0000000000000..2cc0b2cf4f635
--- /dev/null
+++ b/content/hi/examples/pods/resource/cpu-request-limit.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cpu-demo
+  namespace: cpu-example
+spec:
+  containers:
+  - name: cpu-demo-ctr
+    image: vish/stress
+    resources:
+      limits:
+        cpu: "1"
+      requests:
+        cpu: "0.5"
+    args:
+    - -cpus
+    - "2"
diff --git a/content/hi/examples/pods/resource/extended-resource-pod-2.yaml b/content/hi/examples/pods/resource/extended-resource-pod-2.yaml
new file mode 100644
index 0000000000000..9c15d9ec86490
--- /dev/null
+++ b/content/hi/examples/pods/resource/extended-resource-pod-2.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: extended-resource-demo-2
+spec:
+  containers:
+  - name: extended-resource-demo-2-ctr
+    image: nginx
+    resources:
+      requests:
+        example.com/dongle: 2
+      limits:
+        example.com/dongle: 2
diff --git a/content/hi/examples/pods/resource/extended-resource-pod.yaml b/content/hi/examples/pods/resource/extended-resource-pod.yaml
new file mode 100644
index 0000000000000..4fb3de740e082
--- /dev/null
+++ b/content/hi/examples/pods/resource/extended-resource-pod.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: extended-resource-demo
+spec:
+  containers:
+  - name: extended-resource-demo-ctr
+    image: nginx
+    resources:
+      requests:
+        example.com/dongle: 3
+      limits:
+        example.com/dongle: 3
diff --git a/content/hi/examples/pods/resource/memory-request-limit-2.yaml b/content/hi/examples/pods/resource/memory-request-limit-2.yaml
new file mode 100644
index 0000000000000..99032c4fc2adc
--- /dev/null
+++ b/content/hi/examples/pods/resource/memory-request-limit-2.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: memory-demo-2
+  namespace: mem-example
+spec:
+  containers:
+  - name: memory-demo-2-ctr
+    image: polinux/stress
+    resources:
+      requests:
+        memory: "50Mi"
+      limits:
+        memory: "100Mi"
+    command: ["stress"]
+    args: ["--vm", "1", "--vm-bytes", "250M", "--vm-hang", "1"]
diff --git a/content/hi/examples/pods/resource/memory-request-limit-3.yaml b/content/hi/examples/pods/resource/memory-request-limit-3.yaml
new file mode 100644
index 0000000000000..d816393986621
--- /dev/null
+++ b/content/hi/examples/pods/resource/memory-request-limit-3.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: memory-demo-3
+  namespace: mem-example
+spec:
+  containers:
+  - name: memory-demo-3-ctr
+    image: polinux/stress
+    resources:
+      requests:
+        memory: "1000Gi"
+      limits:
+        memory: "1000Gi"
+    command: ["stress"]
+    args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]
diff --git a/content/hi/examples/pods/resource/memory-request-limit.yaml b/content/hi/examples/pods/resource/memory-request-limit.yaml
new file mode 100644
index 0000000000000..07ce3e7d3c0ba
--- /dev/null
+++ b/content/hi/examples/pods/resource/memory-request-limit.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: memory-demo
+  namespace: mem-example
+spec:
+  containers:
+  - name: memory-demo-ctr
+    image: polinux/stress
+    resources:
+      requests:
+        memory: "100Mi"
+      limits:
+        memory: "200Mi"
+    command: ["stress"]
+    args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]
diff --git a/content/hi/examples/pods/security/hello-apparmor.yaml b/content/hi/examples/pods/security/hello-apparmor.yaml
new file mode 100644
index 0000000000000..a434db1d15bff
--- /dev/null
+++ b/content/hi/examples/pods/security/hello-apparmor.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hello-apparmor
+spec:
+  securityContext:
+    appArmorProfile:
+      type: Localhost
+      localhostProfile: k8s-apparmor-example-deny-write
+  containers:
+  - name: hello
+    image: busybox:1.28
+    command: [ "sh", "-c", "echo 'Hello AppArmor!' && sleep 1h" ]
diff --git a/content/hi/examples/pods/security/seccomp/alpha/audit-pod.yaml b/content/hi/examples/pods/security/seccomp/alpha/audit-pod.yaml
new file mode 100644
index 0000000000000..d2d93d7fba912
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/alpha/audit-pod.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: audit-pod
+  labels:
+    app: audit-pod
+  annotations:
+    seccomp.security.alpha.kubernetes.io/pod: localhost/profiles/audit.json
+spec:
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:0.2.3
+    args:
+    - "-text=just made some syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/alpha/default-pod.yaml b/content/hi/examples/pods/security/seccomp/alpha/default-pod.yaml
new file mode 100644
index 0000000000000..ebb734441891c
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/alpha/default-pod.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-pod
+  labels:
+    app: default-pod
+  annotations:
+    seccomp.security.alpha.kubernetes.io/pod: runtime/default
+spec:
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:0.2.3
+    args:
+    - "-text=just made some syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/alpha/fine-pod.yaml b/content/hi/examples/pods/security/seccomp/alpha/fine-pod.yaml
new file mode 100644
index 0000000000000..abd53585471aa
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/alpha/fine-pod.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: fine-pod
+  labels:
+    app: fine-pod
+  annotations:
+    seccomp.security.alpha.kubernetes.io/pod: localhost/profiles/fine-grained.json
+spec:
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:0.2.3
+    args:
+    - "-text=just made some syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/alpha/violation-pod.yaml b/content/hi/examples/pods/security/seccomp/alpha/violation-pod.yaml
new file mode 100644
index 0000000000000..177f56af8f653
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/alpha/violation-pod.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: violation-pod
+  labels:
+    app: violation-pod
+  annotations:
+    seccomp.security.alpha.kubernetes.io/pod: localhost/profiles/violation.json
+spec:
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:0.2.3
+    args:
+    - "-text=just made some syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/ga/audit-pod.yaml b/content/hi/examples/pods/security/seccomp/ga/audit-pod.yaml
new file mode 100644
index 0000000000000..34aacd7d95343
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/ga/audit-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: audit-pod
+  labels:
+    app: audit-pod
+spec:
+  securityContext:
+    seccompProfile:
+      type: Localhost
+      localhostProfile: profiles/audit.json
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:1.0
+    args:
+    - "-text=just made some syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/ga/default-pod.yaml b/content/hi/examples/pods/security/seccomp/ga/default-pod.yaml
new file mode 100644
index 0000000000000..153031fc9df19
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/ga/default-pod.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: default-pod
+  labels:
+    app: default-pod
+spec:
+  securityContext:
+    seccompProfile:
+      type: RuntimeDefault
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:1.0
+    args:
+    - "-text=just made some more syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/ga/fine-pod.yaml b/content/hi/examples/pods/security/seccomp/ga/fine-pod.yaml
new file mode 100644
index 0000000000000..dd7622fe159ec
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/ga/fine-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: fine-pod
+  labels:
+    app: fine-pod
+spec:
+  securityContext:
+    seccompProfile:
+      type: Localhost
+      localhostProfile: profiles/fine-grained.json
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:1.0
+    args:
+    - "-text=just made some syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/ga/violation-pod.yaml b/content/hi/examples/pods/security/seccomp/ga/violation-pod.yaml
new file mode 100644
index 0000000000000..c4844df37c962
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/ga/violation-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: violation-pod
+  labels:
+    app: violation-pod
+spec:
+  securityContext:
+    seccompProfile:
+      type: Localhost
+      localhostProfile: profiles/violation.json
+  containers:
+  - name: test-container
+    image: hashicorp/http-echo:1.0
+    args:
+    - "-text=just made some syscalls!"
+    securityContext:
+      allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/kind.yaml b/content/hi/examples/pods/security/seccomp/kind.yaml
new file mode 100644
index 0000000000000..4418359661c78
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/kind.yaml
@@ -0,0 +1,7 @@
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+- role: control-plane
+  extraMounts:
+  - hostPath: "./profiles"
+    containerPath: "/var/lib/kubelet/seccomp/profiles"
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/profiles/audit.json b/content/hi/examples/pods/security/seccomp/profiles/audit.json
new file mode 100644
index 0000000000000..1f2d5df6a4e87
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/profiles/audit.json
@@ -0,0 +1,3 @@
+{
+    "defaultAction": "SCMP_ACT_LOG"
+}
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/profiles/fine-grained.json b/content/hi/examples/pods/security/seccomp/profiles/fine-grained.json
new file mode 100644
index 0000000000000..5b38b68ed41f2
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/profiles/fine-grained.json
@@ -0,0 +1,69 @@
+{
+    "defaultAction": "SCMP_ACT_ERRNO",
+    "architectures": [
+        "SCMP_ARCH_X86_64",
+        "SCMP_ARCH_X86",
+        "SCMP_ARCH_X32"
+    ],
+    "syscalls": [
+        {
+            "names": [
+                "accept4",
+                "epoll_wait",
+                "pselect6",
+                "futex",
+                "madvise",
+                "epoll_ctl",
+                "getsockname",
+                "setsockopt",
+                "vfork",
+                "mmap",
+                "read",
+                "write",
+                "close",
+                "arch_prctl",
+                "sched_getaffinity",
+                "munmap",
+                "brk",
+                "rt_sigaction",
+                "rt_sigprocmask",
+                "sigaltstack",
+                "gettid",
+                "clone",
+                "bind",
+                "socket",
+                "openat",
+                "readlinkat",
+                "exit_group",
+                "epoll_create1",
+                "listen",
+                "rt_sigreturn",
+                "sched_yield",
+                "clock_gettime",
+                "connect",
+                "dup2",
+                "epoll_pwait",
+                "execve",
+                "exit",
+                "fcntl",
+                "getpid",
+                "getuid",
+                "ioctl",
+                "mprotect",
+                "nanosleep",
+                "open",
+                "poll",
+                "recvfrom",
+                "sendto",
+                "set_tid_address",
+                "setitimer",
+                "writev",
+                "fstatfs",
+                "getdents64",
+                "pipe2",
+                "getrlimit"
+            ],
+            "action": "SCMP_ACT_ALLOW"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/seccomp/profiles/violation.json b/content/hi/examples/pods/security/seccomp/profiles/violation.json
new file mode 100644
index 0000000000000..7ce0faa8b06ed
--- /dev/null
+++ b/content/hi/examples/pods/security/seccomp/profiles/violation.json
@@ -0,0 +1,3 @@
+{
+    "defaultAction": "SCMP_ACT_ERRNO"
+}
\ No newline at end of file
diff --git a/content/hi/examples/pods/security/security-context-2.yaml b/content/hi/examples/pods/security/security-context-2.yaml
new file mode 100644
index 0000000000000..004a94c493ca3
--- /dev/null
+++ b/content/hi/examples/pods/security/security-context-2.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo-2
+spec:
+  securityContext:
+    runAsUser: 1000
+  containers:
+  - name: sec-ctx-demo-2
+    image: gcr.io/google-samples/hello-app:2.0
+    securityContext:
+      runAsUser: 2000
+      allowPrivilegeEscalation: false
diff --git a/content/hi/examples/pods/security/security-context-3.yaml b/content/hi/examples/pods/security/security-context-3.yaml
new file mode 100644
index 0000000000000..8fa7ac2cf5813
--- /dev/null
+++ b/content/hi/examples/pods/security/security-context-3.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo-3
+spec:
+  containers:
+  - name: sec-ctx-3
+    image: gcr.io/google-samples/hello-app:2.0
diff --git a/content/hi/examples/pods/security/security-context-4.yaml b/content/hi/examples/pods/security/security-context-4.yaml
new file mode 100644
index 0000000000000..516360c8201d9
--- /dev/null
+++ b/content/hi/examples/pods/security/security-context-4.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo-4
+spec:
+  containers:
+  - name: sec-ctx-4
+    image: gcr.io/google-samples/hello-app:2.0
+    securityContext:
+      capabilities:
+        add: ["NET_ADMIN", "SYS_TIME"]
diff --git a/content/hi/examples/pods/security/security-context.yaml b/content/hi/examples/pods/security/security-context.yaml
new file mode 100644
index 0000000000000..7903c39c6467c
--- /dev/null
+++ b/content/hi/examples/pods/security/security-context.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo
+spec:
+  securityContext:
+    runAsUser: 1000
+    runAsGroup: 3000
+    fsGroup: 2000
+  volumes:
+  - name: sec-ctx-vol
+    emptyDir: {}
+  containers:
+  - name: sec-ctx-demo
+    image: busybox:1.28
+    command: [ "sh", "-c", "sleep 1h" ]
+    volumeMounts:
+    - name: sec-ctx-vol
+      mountPath: /data/demo
+    securityContext:
+      allowPrivilegeEscalation: false
diff --git a/content/hi/examples/pods/share-process-namespace.yaml b/content/hi/examples/pods/share-process-namespace.yaml
new file mode 100644
index 0000000000000..cae161bd3b0d0
--- /dev/null
+++ b/content/hi/examples/pods/share-process-namespace.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  shareProcessNamespace: true
+  containers:
+  - name: nginx
+    image: nginx
+  - name: shell
+    image: busybox:1.28
+    command: ["sleep", "3600"]
+    securityContext:
+      capabilities:
+        add:
+        - SYS_PTRACE
+    stdin: true
+    tty: true
diff --git a/content/hi/examples/pods/simple-pod.yaml b/content/hi/examples/pods/simple-pod.yaml
new file mode 100644
index 0000000000000..0e79d8a3c6128
--- /dev/null
+++ b/content/hi/examples/pods/simple-pod.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+  - name: nginx
+    image: nginx:1.14.2
+    ports:
+    - containerPort: 80
diff --git a/content/hi/examples/pods/storage/projected-clustertrustbundle.yaml b/content/hi/examples/pods/storage/projected-clustertrustbundle.yaml
new file mode 100644
index 0000000000000..bd660c189e12d
--- /dev/null
+++ b/content/hi/examples/pods/storage/projected-clustertrustbundle.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: sa-ctb-name-test
+spec:
+  containers:
+  - name: container-test
+    image: busybox
+    command: ["sleep", "3600"]
+    volumeMounts:
+    - name: token-vol
+      mountPath: "/root-certificates"
+      readOnly: true
+  serviceAccountName: default
+  volumes:
+  - name: token-vol
+    projected:
+      sources:
+      - clusterTrustBundle:
+          name: example
+          path: example-roots.pem
+      - clusterTrustBundle:
+          signerName: "example.com/mysigner"
+          labelSelector:
+            matchLabels:
+              version: live
+          path: mysigner-roots.pem
+          optional: true
diff --git a/content/hi/examples/pods/storage/projected-secret-downwardapi-configmap.yaml b/content/hi/examples/pods/storage/projected-secret-downwardapi-configmap.yaml
new file mode 100644
index 0000000000000..b4686defcab07
--- /dev/null
+++ b/content/hi/examples/pods/storage/projected-secret-downwardapi-configmap.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: volume-test
+spec:
+  containers:
+  - name: container-test
+    image: busybox:1.28
+    command: ["sleep", "3600"]
+    volumeMounts:
+    - name: all-in-one
+      mountPath: "/projected-volume"
+      readOnly: true
+  volumes:
+  - name: all-in-one
+    projected:
+      sources:
+      - secret:
+          name: mysecret
+          items:
+            - key: username
+              path: my-group/my-username
+      - downwardAPI:
+          items:
+            - path: "labels"
+              fieldRef:
+                fieldPath: metadata.labels
+            - path: "cpu_limit"
+              resourceFieldRef:
+                containerName: container-test
+                resource: limits.cpu
+      - configMap:
+          name: myconfigmap
+          items:
+            - key: config
+              path: my-group/my-config
diff --git a/content/hi/examples/pods/storage/projected-secrets-nondefault-permission-mode.yaml b/content/hi/examples/pods/storage/projected-secrets-nondefault-permission-mode.yaml
new file mode 100644
index 0000000000000..caa0ec02a217c
--- /dev/null
+++ b/content/hi/examples/pods/storage/projected-secrets-nondefault-permission-mode.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: volume-test
+spec:
+  containers:
+  - name: container-test
+    image: busybox:1.28
+    command: ["sleep", "3600"]
+    volumeMounts:
+    - name: all-in-one
+      mountPath: "/projected-volume"
+      readOnly: true
+  volumes:
+  - name: all-in-one
+    projected:
+      sources:
+      - secret:
+          name: mysecret
+          items:
+            - key: username
+              path: my-group/my-username
+      - secret:
+          name: mysecret2
+          items:
+            - key: password
+              path: my-group/my-password
+              mode: 511
diff --git a/content/hi/examples/pods/storage/projected-service-account-token.yaml b/content/hi/examples/pods/storage/projected-service-account-token.yaml
new file mode 100644
index 0000000000000..f1025fda2359b
--- /dev/null
+++ b/content/hi/examples/pods/storage/projected-service-account-token.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: sa-token-test
+spec:
+  containers:
+  - name: container-test
+    image: busybox:1.28
+    command: ["sleep", "3600"]
+    volumeMounts:
+    - name: token-vol
+      mountPath: "/service-account"
+      readOnly: true
+  serviceAccountName: default
+  volumes:
+  - name: token-vol
+    projected:
+      sources:
+      - serviceAccountToken:
+          audience: api
+          expirationSeconds: 3600
+          path: token
diff --git a/content/hi/examples/pods/storage/projected.yaml b/content/hi/examples/pods/storage/projected.yaml
new file mode 100644
index 0000000000000..4244048eb7558
--- /dev/null
+++ b/content/hi/examples/pods/storage/projected.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-projected-volume
+spec:
+  containers:
+  - name: test-projected-volume
+    image: busybox:1.28
+    args:
+    - sleep
+    - "86400"
+    volumeMounts:
+    - name: all-in-one
+      mountPath: "/projected-volume"
+      readOnly: true
+  volumes:
+  - name: all-in-one
+    projected:
+      sources:
+      - secret:
+          name: user
+      - secret:
+          name: pass
diff --git a/content/hi/examples/pods/storage/pv-claim.yaml b/content/hi/examples/pods/storage/pv-claim.yaml
new file mode 100644
index 0000000000000..b33f6faa4cbbb
--- /dev/null
+++ b/content/hi/examples/pods/storage/pv-claim.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: task-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/content/hi/examples/pods/storage/pv-duplicate.yaml b/content/hi/examples/pods/storage/pv-duplicate.yaml
new file mode 100644
index 0000000000000..e5a0e6ff69e30
--- /dev/null
+++ b/content/hi/examples/pods/storage/pv-duplicate.yaml
@@ -0,0 +1,22 @@
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test
+spec:
+  containers:
+    - name: test
+      image: nginx
+      volumeMounts:
+        # a mount for site-data
+        - name: config
+          mountPath: /usr/share/nginx/html
+          subPath: html
+        # another mount for nginx config
+        - name: config
+          mountPath: /etc/nginx/nginx.conf
+          subPath: nginx.conf
+  volumes:
+    - name: config
+      persistentVolumeClaim:
+        claimName: test-nfs-claim
diff --git a/content/hi/examples/pods/storage/pv-pod.yaml b/content/hi/examples/pods/storage/pv-pod.yaml
new file mode 100644
index 0000000000000..a2eddcf0886f4
--- /dev/null
+++ b/content/hi/examples/pods/storage/pv-pod.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: task-pv-pod
+spec:
+  volumes:
+    - name: task-pv-storage
+      persistentVolumeClaim:
+        claimName: task-pv-claim
+  containers:
+    - name: task-pv-container
+      image: nginx
+      ports:
+        - containerPort: 80
+          name: "http-server"
+      volumeMounts:
+        - mountPath: "/usr/share/nginx/html"
+          name: task-pv-storage
+
+
diff --git a/content/hi/examples/pods/storage/pv-volume.yaml b/content/hi/examples/pods/storage/pv-volume.yaml
new file mode 100644
index 0000000000000..36fe3c5424792
--- /dev/null
+++ b/content/hi/examples/pods/storage/pv-volume.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: task-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
diff --git a/content/hi/examples/pods/storage/redis.yaml b/content/hi/examples/pods/storage/redis.yaml
new file mode 100644
index 0000000000000..cb06456d4b315
--- /dev/null
+++ b/content/hi/examples/pods/storage/redis.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: redis
+spec:
+  containers:
+  - name: redis
+    image: redis
+    volumeMounts:
+    - name: redis-storage
+      mountPath: /data/redis
+  volumes:
+  - name: redis-storage
+    emptyDir: {}
diff --git a/content/hi/examples/pods/topology-spread-constraints/one-constraint-with-nodeaffinity.yaml b/content/hi/examples/pods/topology-spread-constraints/one-constraint-with-nodeaffinity.yaml
new file mode 100644
index 0000000000000..12b117a8145fb
--- /dev/null
+++ b/content/hi/examples/pods/topology-spread-constraints/one-constraint-with-nodeaffinity.yaml
@@ -0,0 +1,26 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: mypod
+  labels:
+    foo: bar
+spec:
+  topologySpreadConstraints:
+  - maxSkew: 1
+    topologyKey: zone
+    whenUnsatisfiable: DoNotSchedule
+    labelSelector:
+      matchLabels:
+        foo: bar
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: zone
+            operator: NotIn
+            values:
+            - zoneC
+  containers:
+  - name: pause
+    image: registry.k8s.io/pause:3.1
\ No newline at end of file
diff --git a/content/hi/examples/pods/topology-spread-constraints/one-constraint.yaml b/content/hi/examples/pods/topology-spread-constraints/one-constraint.yaml
new file mode 100644
index 0000000000000..02d2c6ca40651
--- /dev/null
+++ b/content/hi/examples/pods/topology-spread-constraints/one-constraint.yaml
@@ -0,0 +1,17 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: mypod
+  labels:
+    foo: bar
+spec:
+  topologySpreadConstraints:
+  - maxSkew: 1
+    topologyKey: zone
+    whenUnsatisfiable: DoNotSchedule
+    labelSelector:
+      matchLabels:
+        foo: bar
+  containers:
+  - name: pause
+    image: registry.k8s.io/pause:3.1
\ No newline at end of file
diff --git a/content/hi/examples/pods/topology-spread-constraints/two-constraints.yaml b/content/hi/examples/pods/topology-spread-constraints/two-constraints.yaml
new file mode 100644
index 0000000000000..c11119515592c
--- /dev/null
+++ b/content/hi/examples/pods/topology-spread-constraints/two-constraints.yaml
@@ -0,0 +1,23 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: mypod
+  labels:
+    foo: bar
+spec:
+  topologySpreadConstraints:
+  - maxSkew: 1
+    topologyKey: zone
+    whenUnsatisfiable: DoNotSchedule
+    labelSelector:
+      matchLabels:
+        foo: bar
+  - maxSkew: 1
+    topologyKey: node
+    whenUnsatisfiable: DoNotSchedule
+    labelSelector:
+      matchLabels:
+        foo: bar
+  containers:
+  - name: pause
+    image: registry.k8s.io/pause:3.1
\ No newline at end of file
diff --git a/content/hi/examples/pods/two-container-pod.yaml b/content/hi/examples/pods/two-container-pod.yaml
new file mode 100644
index 0000000000000..031ada7112b4c
--- /dev/null
+++ b/content/hi/examples/pods/two-container-pod.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: two-containers
+spec:
+
+  restartPolicy: Never
+
+  volumes:
+  - name: shared-data
+    emptyDir: {}
+
+  containers:
+
+  - name: nginx-container
+    image: nginx
+    volumeMounts:
+    - name: shared-data
+      mountPath: /usr/share/nginx/html
+
+  - name: debian-container
+    image: debian
+    volumeMounts:
+    - name: shared-data
+      mountPath: /pod-data
+    command: ["/bin/sh"]
+    args: ["-c", "echo Hello from the debian container > /pod-data/index.html"]
diff --git a/content/hi/examples/pods/user-namespaces-stateless.yaml b/content/hi/examples/pods/user-namespaces-stateless.yaml
new file mode 100644
index 0000000000000..d254259f66cb9
--- /dev/null
+++ b/content/hi/examples/pods/user-namespaces-stateless.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: userns
+spec:
+  hostUsers: false
+  containers:
+  - name: shell
+    command: ["sleep", "infinity"]
+    image: debian
diff --git a/content/hi/examples/policy/baseline-psp.yaml b/content/hi/examples/policy/baseline-psp.yaml
new file mode 100644
index 0000000000000..57258bf313255
--- /dev/null
+++ b/content/hi/examples/policy/baseline-psp.yaml
@@ -0,0 +1,74 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: baseline
+  annotations:
+    # Optional: Allow the default AppArmor profile, requires setting the default.
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: false
+  # The moby default capability set, minus NET_RAW
+  allowedCapabilities:
+    - 'CHOWN'
+    - 'DAC_OVERRIDE'
+    - 'FSETID'
+    - 'FOWNER'
+    - 'MKNOD'
+    - 'SETGID'
+    - 'SETUID'
+    - 'SETFCAP'
+    - 'SETPCAP'
+    - 'NET_BIND_SERVICE'
+    - 'SYS_CHROOT'
+    - 'KILL'
+    - 'AUDIT_WRITE'
+  # Allow all volume types except hostpath
+  volumes:
+    # 'core' volume types
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    # Assume that ephemeral CSI drivers & persistentVolumes set up by the cluster admin are safe to use.
+    - 'csi'
+    - 'persistentVolumeClaim'
+    - 'ephemeral'
+    # Allow all other non-hostpath volume types.
+    - 'awsElasticBlockStore'
+    - 'azureDisk'
+    - 'azureFile'
+    - 'cephFS'
+    - 'cinder'
+    - 'fc'
+    - 'flexVolume'
+    - 'flocker'
+    - 'gcePersistentDisk'
+    - 'gitRepo'
+    - 'glusterfs'
+    - 'iscsi'
+    - 'nfs'
+    - 'photonPersistentDisk'
+    - 'portworxVolume'
+    - 'quobyte'
+    - 'rbd'
+    - 'scaleIO'
+    - 'storageos'
+    - 'vsphereVolume'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  readOnlyRootFilesystem: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    # The PSP SELinux API cannot express the SELinux Pod Security Standards,
+    # so if using SELinux, you must choose a more restrictive default.
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
diff --git a/content/hi/examples/policy/example-psp.yaml b/content/hi/examples/policy/example-psp.yaml
new file mode 100644
index 0000000000000..7531949b650ec
--- /dev/null
+++ b/content/hi/examples/policy/example-psp.yaml
@@ -0,0 +1,17 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: example
+spec:
+  privileged: false  # Don't allow privileged pods!
+  # The rest fills in some required fields.
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  volumes:
+  - '*'
diff --git a/content/hi/examples/policy/priority-class-resourcequota.yaml b/content/hi/examples/policy/priority-class-resourcequota.yaml
new file mode 100644
index 0000000000000..7350d00c8f397
--- /dev/null
+++ b/content/hi/examples/policy/priority-class-resourcequota.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: pods-cluster-services
+spec:
+  scopeSelector:
+    matchExpressions:
+      - operator : In
+        scopeName: PriorityClass
+        values: ["cluster-services"]
\ No newline at end of file
diff --git a/content/hi/examples/policy/privileged-psp.yaml b/content/hi/examples/policy/privileged-psp.yaml
new file mode 100644
index 0000000000000..915c8d37b5460
--- /dev/null
+++ b/content/hi/examples/policy/privileged-psp.yaml
@@ -0,0 +1,27 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: privileged
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  volumes:
+  - '*'
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
diff --git a/content/hi/examples/policy/restricted-psp.yaml b/content/hi/examples/policy/restricted-psp.yaml
new file mode 100644
index 0000000000000..4c9ae156d1fe2
--- /dev/null
+++ b/content/hi/examples/policy/restricted-psp.yaml
@@ -0,0 +1,48 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: restricted
+  annotations:
+    # docker/default identifies a profile for seccomp, but it is not particularly tied to the Docker runtime
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  requiredDropCapabilities:
+    - ALL
+  # Allow core volume types.
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    # Assume that ephemeral CSI drivers & persistentVolumes set up by the cluster admin are safe to use.
+    - 'csi'
+    - 'persistentVolumeClaim'
+    - 'ephemeral'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
diff --git a/content/hi/examples/policy/zookeeper-pod-disruption-budget-maxunavailable.yaml b/content/hi/examples/policy/zookeeper-pod-disruption-budget-maxunavailable.yaml
new file mode 100644
index 0000000000000..ef0b8645bacdf
--- /dev/null
+++ b/content/hi/examples/policy/zookeeper-pod-disruption-budget-maxunavailable.yaml
@@ -0,0 +1,9 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: zk-pdb
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: zookeeper
diff --git a/content/hi/examples/policy/zookeeper-pod-disruption-budget-minavailable.yaml b/content/hi/examples/policy/zookeeper-pod-disruption-budget-minavailable.yaml
new file mode 100644
index 0000000000000..49a66ee66908a
--- /dev/null
+++ b/content/hi/examples/policy/zookeeper-pod-disruption-budget-minavailable.yaml
@@ -0,0 +1,9 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: zk-pdb
+spec:
+  minAvailable: 2
+  selector:
+    matchLabels:
+      app: zookeeper
diff --git a/content/hi/examples/priority-and-fairness/health-for-strangers.yaml b/content/hi/examples/priority-and-fairness/health-for-strangers.yaml
new file mode 100644
index 0000000000000..312f80751ffe8
--- /dev/null
+++ b/content/hi/examples/priority-and-fairness/health-for-strangers.yaml
@@ -0,0 +1,20 @@
+apiVersion: flowcontrol.apiserver.k8s.io/v1
+kind: FlowSchema
+metadata:
+  name: health-for-strangers
+spec:
+  matchingPrecedence: 1000
+  priorityLevelConfiguration:
+    name: exempt
+  rules:
+    - nonResourceRules:
+      - nonResourceURLs:
+          - "/healthz"
+          - "/livez"
+          - "/readyz"
+        verbs:
+          - "*"
+      subjects:
+        - kind: Group
+          group:
+            name: "system:unauthenticated"
diff --git a/content/hi/examples/priority-and-fairness/list-events-default-service-account.yaml b/content/hi/examples/priority-and-fairness/list-events-default-service-account.yaml
new file mode 100644
index 0000000000000..e9e1beab9984d
--- /dev/null
+++ b/content/hi/examples/priority-and-fairness/list-events-default-service-account.yaml
@@ -0,0 +1,25 @@
+apiVersion: flowcontrol.apiserver.k8s.io/v1
+kind: FlowSchema
+metadata:
+  name: list-events-default-service-account
+spec:
+  distinguisherMethod:
+    type: ByUser
+  matchingPrecedence: 8000
+  priorityLevelConfiguration:
+    name: catch-all
+  rules:
+    - resourceRules:
+      - apiGroups:
+          - '*'
+        namespaces:
+          - default
+        resources:
+          - events
+        verbs:
+          - list
+      subjects:
+        - kind: ServiceAccount
+          serviceAccount:
+            name: default
+            namespace: default
\ No newline at end of file
diff --git a/content/hi/examples/secret/basicauth-secret.yaml b/content/hi/examples/secret/basicauth-secret.yaml
new file mode 100644
index 0000000000000..a854b267a01a5
--- /dev/null
+++ b/content/hi/examples/secret/basicauth-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-basic-auth
+type: kubernetes.io/basic-auth
+stringData:
+  username: admin # required field for kubernetes.io/basic-auth
+  password: t0p-Secret # required field for kubernetes.io/basic-auth
\ No newline at end of file
diff --git a/content/hi/examples/secret/bootstrap-token-secret-base64.yaml b/content/hi/examples/secret/bootstrap-token-secret-base64.yaml
new file mode 100644
index 0000000000000..98233758e2e7c
--- /dev/null
+++ b/content/hi/examples/secret/bootstrap-token-secret-base64.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: bootstrap-token-5emitj
+  namespace: kube-system
+type: bootstrap.kubernetes.io/token
+data:
+  auth-extra-groups: c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=
+  expiration: MjAyMC0wOS0xM1QwNDozOToxMFo=
+  token-id: NWVtaXRq
+  token-secret: a3E0Z2lodnN6emduMXAwcg==
+  usage-bootstrap-authentication: dHJ1ZQ==
+  usage-bootstrap-signing: dHJ1ZQ==
\ No newline at end of file
diff --git a/content/hi/examples/secret/bootstrap-token-secret-literal.yaml b/content/hi/examples/secret/bootstrap-token-secret-literal.yaml
new file mode 100644
index 0000000000000..6aec11ce870fc
--- /dev/null
+++ b/content/hi/examples/secret/bootstrap-token-secret-literal.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  # Note how the Secret is named
+  name: bootstrap-token-5emitj
+  # A bootstrap token Secret usually resides in the kube-system namespace
+  namespace: kube-system
+type: bootstrap.kubernetes.io/token
+stringData:
+  auth-extra-groups: "system:bootstrappers:kubeadm:default-node-token"
+  expiration: "2020-09-13T04:39:10Z"
+  # This token ID is used in the name
+  token-id: "5emitj"
+  token-secret: "kq4gihvszzgn1p0r"
+  # This token can be used for authentication
+  usage-bootstrap-authentication: "true"
+  # and it can be used for signing
+  usage-bootstrap-signing: "true"
\ No newline at end of file
diff --git a/content/hi/examples/secret/dockercfg-secret.yaml b/content/hi/examples/secret/dockercfg-secret.yaml
new file mode 100644
index 0000000000000..ccf73bc306f24
--- /dev/null
+++ b/content/hi/examples/secret/dockercfg-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-dockercfg
+type: kubernetes.io/dockercfg
+data:
+  .dockercfg: |
+    eyJhdXRocyI6eyJodHRwczovL2V4YW1wbGUvdjEvIjp7ImF1dGgiOiJvcGVuc2VzYW1lIn19fQo=
\ No newline at end of file
diff --git a/content/hi/examples/secret/dotfile-secret.yaml b/content/hi/examples/secret/dotfile-secret.yaml
new file mode 100644
index 0000000000000..5c7900ad97479
--- /dev/null
+++ b/content/hi/examples/secret/dotfile-secret.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dotfile-secret
+data:
+  .secret-file: dmFsdWUtMg0KDQo=
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: secret-dotfiles-pod
+spec:
+  volumes:
+    - name: secret-volume
+      secret:
+        secretName: dotfile-secret
+  containers:
+    - name: dotfile-test-container
+      image: registry.k8s.io/busybox
+      command:
+        - ls
+        - "-l"
+        - "/etc/secret-volume"
+      volumeMounts:
+        - name: secret-volume
+          readOnly: true
+          mountPath: "/etc/secret-volume"
\ No newline at end of file
diff --git a/content/hi/examples/secret/optional-secret.yaml b/content/hi/examples/secret/optional-secret.yaml
new file mode 100644
index 0000000000000..cc510b9078130
--- /dev/null
+++ b/content/hi/examples/secret/optional-secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mypod
+spec:
+  containers:
+  - name: mypod
+    image: redis
+    volumeMounts:
+    - name: foo
+      mountPath: "/etc/foo"
+      readOnly: true
+  volumes:
+  - name: foo
+    secret:
+      secretName: mysecret
+      optional: true
\ No newline at end of file
diff --git a/content/hi/examples/secret/serviceaccount-token-secret.yaml b/content/hi/examples/secret/serviceaccount-token-secret.yaml
new file mode 100644
index 0000000000000..8ec8fb577d547
--- /dev/null
+++ b/content/hi/examples/secret/serviceaccount-token-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-sa-sample
+  annotations:
+    kubernetes.io/service-account.name: "sa-name"
+type: kubernetes.io/service-account-token
+data:
+  extra: YmFyCg==
\ No newline at end of file
diff --git a/content/hi/examples/secret/serviceaccount/mysecretname.yaml b/content/hi/examples/secret/serviceaccount/mysecretname.yaml
new file mode 100644
index 0000000000000..a0a6062eb9c64
--- /dev/null
+++ b/content/hi/examples/secret/serviceaccount/mysecretname.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: mysecretname
+  annotations:
+    kubernetes.io/service-account.name: myserviceaccount
diff --git a/content/hi/examples/secret/ssh-auth-secret.yaml b/content/hi/examples/secret/ssh-auth-secret.yaml
new file mode 100644
index 0000000000000..9f79cbfb065fd
--- /dev/null
+++ b/content/hi/examples/secret/ssh-auth-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-ssh-auth
+type: kubernetes.io/ssh-auth
+data:
+  # the data is abbreviated in this example
+  ssh-privatekey: |
+    UG91cmluZzYlRW1vdGljb24lU2N1YmE=
\ No newline at end of file
diff --git a/content/hi/examples/secret/tls-auth-secret.yaml b/content/hi/examples/secret/tls-auth-secret.yaml
new file mode 100644
index 0000000000000..1e14b8e00ac47
--- /dev/null
+++ b/content/hi/examples/secret/tls-auth-secret.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-tls
+type: kubernetes.io/tls
+data:
+  # values are base64 encoded, which obscures them but does NOT provide
+  # any useful level of confidentiality
+  tls.crt: |
+    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNVakNDQWJzQ0FnMytNQTBHQ1NxR1NJYjNE
+    UUVCQlFVQU1JR2JNUXN3Q1FZRFZRUUdFd0pLVURFT01Bd0cKQTFVRUNCTUZWRzlyZVc4eEVEQU9C
+    Z05WQkFjVEIwTm9kVzh0YTNVeEVUQVBCZ05WQkFvVENFWnlZVzVyTkVSRQpNUmd3RmdZRFZRUUxF
+    dzlYWldKRFpYSjBJRk4xY0hCdmNuUXhHREFXQmdOVkJBTVREMFp5WVc1ck5FUkVJRmRsCllpQkRR
+    VEVqTUNFR0NTcUdTSWIzRFFFSkFSWVVjM1Z3Y0c5eWRFQm1jbUZ1YXpSa1pDNWpiMjB3SGhjTk1U
+    TXcKTVRFeE1EUTFNVE01V2hjTk1UZ3dNVEV3TURRMU1UTTVXakJMTVFzd0NRWURWUVFHREFKS1VE
+    RVBNQTBHQTFVRQpDQXdHWEZSdmEzbHZNUkV3RHdZRFZRUUtEQWhHY21GdWF6UkVSREVZTUJZR0Ex
+    VUVBd3dQZDNkM0xtVjRZVzF3CmJHVXVZMjl0TUlHYU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHSUFE
+    Q0JoQUo5WThFaUhmeHhNL25PbjJTbkkxWHgKRHdPdEJEVDFKRjBReTliMVlKanV2YjdjaTEwZjVN
+    Vm1UQllqMUZTVWZNOU1vejJDVVFZdW4yRFljV29IcFA4ZQpqSG1BUFVrNVd5cDJRN1ArMjh1bklI
+    QkphVGZlQ09PekZSUFY2MEdTWWUzNmFScG04L3dVVm16eGFLOGtCOWVaCmhPN3F1TjdtSWQxL2pW
+    cTNKODhDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQU1meTQzeE15OHh3QTUKVjF2T2NS
+    OEtyNWNaSXdtbFhCUU8xeFEzazlxSGtyNFlUY1JxTVQ5WjVKTm1rWHYxK2VSaGcwTi9WMW5NUTRZ
+    RgpnWXcxbnlESnBnOTduZUV4VzQyeXVlMFlHSDYyV1hYUUhyOVNVREgrRlowVnQvRGZsdklVTWRj
+    UUFEZjM4aU9zCjlQbG1kb3YrcE0vNCs5a1h5aDhSUEkzZXZ6OS9NQT09Ci0tLS0tRU5EIENFUlRJ
+    RklDQVRFLS0tLS0K
+  # In this example, the key data is not a real PEM-encoded private key
+  tls.key: |
+    RXhhbXBsZSBkYXRhIGZvciB0aGUgVExTIGNydCBmaWVsZA==
\ No newline at end of file
diff --git a/content/hi/examples/security/example-baseline-pod.yaml b/content/hi/examples/security/example-baseline-pod.yaml
new file mode 100644
index 0000000000000..eca57ea4de858
--- /dev/null
+++ b/content/hi/examples/security/example-baseline-pod.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+    - image: nginx
+      name: nginx
+      ports:
+        - containerPort: 80
diff --git a/content/hi/examples/security/kind-with-cluster-level-baseline-pod-security.sh b/content/hi/examples/security/kind-with-cluster-level-baseline-pod-security.sh
new file mode 100644
index 0000000000000..76e092807fd43
--- /dev/null
+++ b/content/hi/examples/security/kind-with-cluster-level-baseline-pod-security.sh
@@ -0,0 +1,84 @@
+#!/bin/sh
+mkdir -p /tmp/pss
+cat <<EOF > /tmp/pss/cluster-level-pss.yaml
+apiVersion: apiserver.config.k8s.io/v1
+kind: AdmissionConfiguration
+plugins:
+- name: PodSecurity
+  configuration:
+    apiVersion: pod-security.admission.config.k8s.io/v1
+    kind: PodSecurityConfiguration
+    defaults:
+      enforce: "baseline"
+      enforce-version: "latest"
+      audit: "restricted"
+      audit-version: "latest"
+      warn: "restricted"
+      warn-version: "latest"
+    exemptions:
+      usernames: []
+      runtimeClasses: []
+      namespaces: [kube-system]
+EOF
+cat <<EOF > /tmp/pss/cluster-config.yaml
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: ClusterConfiguration
+    apiServer:
+        extraArgs:
+          admission-control-config-file: /etc/config/cluster-level-pss.yaml
+        extraVolumes:
+          - name: accf
+            hostPath: /etc/config
+            mountPath: /etc/config
+            readOnly: false
+            pathType: "DirectoryOrCreate"
+  extraMounts:
+  - hostPath: /tmp/pss
+    containerPath: /etc/config
+    # optional: if set, the mount is read-only.
+    # default false
+    readOnly: false
+    # optional: if set, the mount needs SELinux relabeling.
+    # default false
+    selinuxRelabel: false
+    # optional: set propagation mode (None, HostToContainer or Bidirectional)
+    # see https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation
+    # default None
+    propagation: None
+EOF
+kind create cluster --name psa-with-cluster-pss --config /tmp/pss/cluster-config.yaml
+kubectl cluster-info --context kind-psa-with-cluster-pss
+
+# Wait for 15 seconds (arbitrary) ServiceAccount Admission Controller to be available
+sleep 15
+cat <<EOF |
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+    - image: nginx
+      name: nginx
+      ports:
+        - containerPort: 80
+EOF
+kubectl apply -f -
+
+# Await input
+sleep 1
+( bash -c 'true' 2>/dev/null && bash -c 'read -p "Press any key to continue... " -n1 -s' ) || \
+    ( printf "Press Enter to continue... " && read ) 1>&2
+
+# Clean up
+printf "\n\nCleaning up:\n" 1>&2
+set -e
+kubectl delete pod --all -n example --now
+kubectl delete ns example
+kind delete cluster --name psa-with-cluster-pss
+rm -f /tmp/pss/cluster-config.yaml
diff --git a/content/hi/examples/security/kind-with-namespace-level-baseline-pod-security.sh b/content/hi/examples/security/kind-with-namespace-level-baseline-pod-security.sh
new file mode 100644
index 0000000000000..637e23df51431
--- /dev/null
+++ b/content/hi/examples/security/kind-with-namespace-level-baseline-pod-security.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+kind create cluster --name psa-ns-level
+kubectl cluster-info --context kind-psa-ns-level
+# Wait for 15 seconds (arbitrary) for ServiceAccount Admission Controller to be available
+sleep 15
+
+# Create and label the namespace
+kubectl create ns example || exit 1 # if namespace exists, don't do the next steps
+kubectl label --overwrite ns example \
+  pod-security.kubernetes.io/enforce=baseline \
+  pod-security.kubernetes.io/enforce-version=latest \
+  pod-security.kubernetes.io/warn=restricted \
+  pod-security.kubernetes.io/warn-version=latest \
+  pod-security.kubernetes.io/audit=restricted \
+  pod-security.kubernetes.io/audit-version=latest
+
+# Try running a Pod
+cat <<EOF |
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+    - image: nginx
+      name: nginx
+      ports:
+        - containerPort: 80
+EOF
+kubectl apply -n example -f -
+
+# Await input
+sleep 1
+( bash -c 'true' 2>/dev/null && bash -c 'read -p "Press any key to continue... " -n1 -s' ) || \
+    ( printf "Press Enter to continue... " && read ) 1>&2
+
+# Clean up
+printf "\n\nCleaning up:\n" 1>&2
+set -e
+kubectl delete pod --all -n example --now
+kubectl delete ns example
+kind delete cluster --name psa-ns-level
diff --git a/content/hi/examples/security/podsecurity-baseline.yaml b/content/hi/examples/security/podsecurity-baseline.yaml
new file mode 100644
index 0000000000000..6251af5d2f15e
--- /dev/null
+++ b/content/hi/examples/security/podsecurity-baseline.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: my-baseline-namespace
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/enforce-version: latest
+    pod-security.kubernetes.io/warn: baseline
+    pod-security.kubernetes.io/warn-version: latest
\ No newline at end of file
diff --git a/content/hi/examples/security/podsecurity-privileged.yaml b/content/hi/examples/security/podsecurity-privileged.yaml
new file mode 100644
index 0000000000000..12471cce282f0
--- /dev/null
+++ b/content/hi/examples/security/podsecurity-privileged.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: my-privileged-namespace
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce-version: latest
\ No newline at end of file
diff --git a/content/hi/examples/security/podsecurity-restricted.yaml b/content/hi/examples/security/podsecurity-restricted.yaml
new file mode 100644
index 0000000000000..8b9c30886d8ee
--- /dev/null
+++ b/content/hi/examples/security/podsecurity-restricted.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: my-restricted-namespace
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce-version: latest
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/warn-version: latest
\ No newline at end of file
diff --git a/content/hi/examples/service/access/Dockerfile b/content/hi/examples/service/access/Dockerfile
new file mode 100644
index 0000000000000..61c8ce2831bed
--- /dev/null
+++ b/content/hi/examples/service/access/Dockerfile
@@ -0,0 +1,4 @@
+FROM nginx:1.17.3
+
+RUN rm /etc/nginx/conf.d/default.conf
+COPY frontend-nginx.conf /etc/nginx/conf.d
diff --git a/content/hi/examples/service/access/backend-deployment.yaml b/content/hi/examples/service/access/backend-deployment.yaml
new file mode 100644
index 0000000000000..5c95e38a3bcc4
--- /dev/null
+++ b/content/hi/examples/service/access/backend-deployment.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+spec:
+  selector:
+    matchLabels:
+      app: hello
+      tier: backend
+      track: stable
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: hello
+        tier: backend
+        track: stable
+    spec:
+      containers:
+        - name: hello
+          image: "gcr.io/google-samples/hello-go-gke:1.0"
+          ports:
+            - name: http
+              containerPort: 80
+...
\ No newline at end of file
diff --git a/content/hi/examples/service/access/backend-service.yaml b/content/hi/examples/service/access/backend-service.yaml
new file mode 100644
index 0000000000000..9262d29bb8de9
--- /dev/null
+++ b/content/hi/examples/service/access/backend-service.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hello
+spec:
+  selector:
+    app: hello
+    tier: backend
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: http
+...
\ No newline at end of file
diff --git a/content/hi/examples/service/access/frontend-deployment.yaml b/content/hi/examples/service/access/frontend-deployment.yaml
new file mode 100644
index 0000000000000..182b0e708ef16
--- /dev/null
+++ b/content/hi/examples/service/access/frontend-deployment.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+spec:
+  selector:
+    matchLabels:
+      app: hello
+      tier: frontend
+      track: stable
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: hello
+        tier: frontend
+        track: stable
+    spec:
+      containers:
+        - name: nginx
+          image: "gcr.io/google-samples/hello-frontend:1.0"
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/usr/sbin/nginx","-s","quit"]
+...
\ No newline at end of file
diff --git a/content/hi/examples/service/access/frontend-nginx.conf b/content/hi/examples/service/access/frontend-nginx.conf
new file mode 100644
index 0000000000000..39a911a09a911
--- /dev/null
+++ b/content/hi/examples/service/access/frontend-nginx.conf
@@ -0,0 +1,14 @@
+# The identifier Backend is internal to nginx, and used to name this specific upstream
+upstream Backend {
+    # hello is the internal DNS name used by the backend Service inside Kubernetes
+    server hello;
+}
+
+server {
+    listen 80;
+
+    location / {
+        # The following statement will proxy traffic to the upstream named Backend
+        proxy_pass http://Backend;
+    }
+}
diff --git a/content/hi/examples/service/access/frontend-service.yaml b/content/hi/examples/service/access/frontend-service.yaml
new file mode 100644
index 0000000000000..898a5ed51b5d2
--- /dev/null
+++ b/content/hi/examples/service/access/frontend-service.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+spec:
+  selector:
+    app: hello
+    tier: frontend
+  ports:
+  - protocol: "TCP"
+    port: 80
+    targetPort: 80
+  type: LoadBalancer
+...
\ No newline at end of file
diff --git a/content/hi/examples/service/access/hello-application.yaml b/content/hi/examples/service/access/hello-application.yaml
new file mode 100644
index 0000000000000..24270db9c9e6b
--- /dev/null
+++ b/content/hi/examples/service/access/hello-application.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hello-world
+spec:
+  selector:
+    matchLabels:
+      run: load-balancer-example
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        run: load-balancer-example
+    spec:
+      containers:
+        - name: hello-world
+          image: us-docker.pkg.dev/google-samples/containers/gke/hello-app:2.0
+          ports:
+            - containerPort: 8080
+              protocol: TCP
diff --git a/content/hi/examples/service/explore-graceful-termination-nginx.yaml b/content/hi/examples/service/explore-graceful-termination-nginx.yaml
new file mode 100644
index 0000000000000..6d1f97a64d990
--- /dev/null
+++ b/content/hi/examples/service/explore-graceful-termination-nginx.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
\ No newline at end of file
diff --git a/content/hi/examples/service/load-balancer-example.yaml b/content/hi/examples/service/load-balancer-example.yaml
new file mode 100644
index 0000000000000..34063b433d8f7
--- /dev/null
+++ b/content/hi/examples/service/load-balancer-example.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: load-balancer-example
+  name: hello-world
+spec:
+  replicas: 5
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: load-balancer-example
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: load-balancer-example
+    spec:
+      containers:
+      - image: gcr.io/google-samples/hello-app:2.0
+        name: hello-world
+        ports:
+        - containerPort: 8080
diff --git a/content/hi/examples/service/networking/curlpod.yaml b/content/hi/examples/service/networking/curlpod.yaml
new file mode 100644
index 0000000000000..c15133641f541
--- /dev/null
+++ b/content/hi/examples/service/networking/curlpod.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: curl-deployment
+spec:
+  selector:
+    matchLabels:
+      app: curlpod
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: curlpod
+    spec:
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: nginxsecret
+      containers:
+      - name: curlpod
+        command:
+        - sh
+        - -c
+        - while true; do sleep 1; done
+        image: radial/busyboxplus:curl
+        volumeMounts:
+        - mountPath: /etc/nginx/ssl
+          name: secret-volume
diff --git a/content/hi/examples/service/networking/custom-dns.yaml b/content/hi/examples/service/networking/custom-dns.yaml
new file mode 100644
index 0000000000000..3a811b5361533
--- /dev/null
+++ b/content/hi/examples/service/networking/custom-dns.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: default
+  name: dns-example
+spec:
+  containers:
+    - name: test
+      image: nginx
+  dnsPolicy: "None"
+  dnsConfig:
+    nameservers:
+      - 192.0.2.1 # this is an example
+    searches:
+      - ns1.svc.cluster-domain.example
+      - my.dns.search.suffix
+    options:
+      - name: ndots
+        value: "2"
+      - name: edns0
diff --git a/content/hi/examples/service/networking/default-ingressclass.yaml b/content/hi/examples/service/networking/default-ingressclass.yaml
new file mode 100644
index 0000000000000..0602ad8c9d16d
--- /dev/null
+++ b/content/hi/examples/service/networking/default-ingressclass.yaml
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+  name: nginx-example
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+spec:
+  controller: k8s.io/ingress-nginx
diff --git a/content/hi/examples/service/networking/dual-stack-default-svc.yaml b/content/hi/examples/service/networking/dual-stack-default-svc.yaml
new file mode 100644
index 0000000000000..a42c7d8a2517d
--- /dev/null
+++ b/content/hi/examples/service/networking/dual-stack-default-svc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-service
+  labels:
+    app.kubernetes.io/name: MyApp
+spec:
+  selector:
+    app.kubernetes.io/name: MyApp
+  ports:
+    - protocol: TCP
+      port: 80
diff --git a/content/hi/examples/service/networking/dual-stack-ipfamilies-ipv6.yaml b/content/hi/examples/service/networking/dual-stack-ipfamilies-ipv6.yaml
new file mode 100644
index 0000000000000..77949c883f095
--- /dev/null
+++ b/content/hi/examples/service/networking/dual-stack-ipfamilies-ipv6.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-service
+  labels:
+    app.kubernetes.io/name: MyApp
+spec:
+  ipFamilies:
+  - IPv6
+  selector:
+    app.kubernetes.io/name: MyApp
+  ports:
+    - protocol: TCP
+      port: 80
diff --git a/content/hi/examples/service/networking/dual-stack-ipv6-svc.yaml b/content/hi/examples/service/networking/dual-stack-ipv6-svc.yaml
new file mode 100644
index 0000000000000..feb12f61a91d8
--- /dev/null
+++ b/content/hi/examples/service/networking/dual-stack-ipv6-svc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-service
+spec:
+  ipFamily: IPv6
+  selector:
+    app.kubernetes.io/name: MyApp
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 9376
diff --git a/content/hi/examples/service/networking/dual-stack-prefer-ipv6-lb-svc.yaml b/content/hi/examples/service/networking/dual-stack-prefer-ipv6-lb-svc.yaml
new file mode 100644
index 0000000000000..5a4a99a45cae1
--- /dev/null
+++ b/content/hi/examples/service/networking/dual-stack-prefer-ipv6-lb-svc.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-service
+  labels:
+    app.kubernetes.io/name: MyApp
+spec:
+  ipFamilyPolicy: PreferDualStack
+  ipFamilies:
+  - IPv6
+  type: LoadBalancer
+  selector:
+    app.kubernetes.io/name: MyApp
+  ports:
+    - protocol: TCP
+      port: 80
diff --git a/content/hi/examples/service/networking/dual-stack-preferred-ipfamilies-svc.yaml b/content/hi/examples/service/networking/dual-stack-preferred-ipfamilies-svc.yaml
new file mode 100644
index 0000000000000..79a4f34a7f749
--- /dev/null
+++ b/content/hi/examples/service/networking/dual-stack-preferred-ipfamilies-svc.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-service
+  labels:
+    app.kubernetes.io/name: MyApp
+spec:
+  ipFamilyPolicy: PreferDualStack
+  ipFamilies:
+  - IPv6
+  - IPv4
+  selector:
+    app.kubernetes.io/name: MyApp
+  ports:
+    - protocol: TCP
+      port: 80
diff --git a/content/hi/examples/service/networking/dual-stack-preferred-svc.yaml b/content/hi/examples/service/networking/dual-stack-preferred-svc.yaml
new file mode 100644
index 0000000000000..66d42b961291d
--- /dev/null
+++ b/content/hi/examples/service/networking/dual-stack-preferred-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-service
+  labels:
+    app.kubernetes.io/name: MyApp
+spec:
+  ipFamilyPolicy: PreferDualStack
+  selector:
+    app.kubernetes.io/name: MyApp
+  ports:
+    - protocol: TCP
+      port: 80
diff --git a/content/hi/examples/service/networking/example-ingress.yaml b/content/hi/examples/service/networking/example-ingress.yaml
new file mode 100644
index 0000000000000..59ea3881e0917
--- /dev/null
+++ b/content/hi/examples/service/networking/example-ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: example-ingress
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: hello-world.example
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: web
+                port:
+                  number: 8080
\ No newline at end of file
diff --git a/content/hi/examples/service/networking/external-lb.yaml b/content/hi/examples/service/networking/external-lb.yaml
new file mode 100644
index 0000000000000..adcf7a2fd0a53
--- /dev/null
+++ b/content/hi/examples/service/networking/external-lb.yaml
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: external-lb
+spec:
+  controller: example.com/ingress-controller
+  parameters:
+    apiGroup: k8s.example.com
+    kind: IngressParameters
+    name: external-lb
diff --git a/content/hi/examples/service/networking/hostaliases-pod.yaml b/content/hi/examples/service/networking/hostaliases-pod.yaml
new file mode 100644
index 0000000000000..268bffbbf5894
--- /dev/null
+++ b/content/hi/examples/service/networking/hostaliases-pod.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hostaliases-pod
+spec:
+  restartPolicy: Never
+  hostAliases:
+  - ip: "127.0.0.1"
+    hostnames:
+    - "foo.local"
+    - "bar.local"
+  - ip: "10.1.2.3"
+    hostnames:
+    - "foo.remote"
+    - "bar.remote"
+  containers:
+  - name: cat-hosts
+    image: busybox:1.28
+    command:
+    - cat
+    args:
+    - "/etc/hosts"
diff --git a/content/hi/examples/service/networking/ingress-resource-backend.yaml b/content/hi/examples/service/networking/ingress-resource-backend.yaml
new file mode 100644
index 0000000000000..87b6bbd0f3757
--- /dev/null
+++ b/content/hi/examples/service/networking/ingress-resource-backend.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-resource-backend
+spec:
+  defaultBackend:
+    resource:
+      apiGroup: k8s.example.com
+      kind: StorageBucket
+      name: static-assets
+  rules:
+    - http:
+        paths:
+          - path: /icons
+            pathType: ImplementationSpecific
+            backend:
+              resource:
+                apiGroup: k8s.example.com
+                kind: StorageBucket
+                name: icon-assets
diff --git a/content/hi/examples/service/networking/ingress-wildcard-host.yaml b/content/hi/examples/service/networking/ingress-wildcard-host.yaml
new file mode 100644
index 0000000000000..2be7016706cee
--- /dev/null
+++ b/content/hi/examples/service/networking/ingress-wildcard-host.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-wildcard-host
+spec:
+  rules:
+  - host: "foo.bar.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/bar"
+        backend:
+          service:
+            name: service1
+            port:
+              number: 80
+  - host: "*.foo.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/foo"
+        backend:
+          service:
+            name: service2
+            port:
+              number: 80
diff --git a/content/hi/examples/service/networking/minimal-ingress.yaml b/content/hi/examples/service/networking/minimal-ingress.yaml
new file mode 100644
index 0000000000000..55a5837510af1
--- /dev/null
+++ b/content/hi/examples/service/networking/minimal-ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minimal-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: nginx-example
+  rules:
+  - http:
+      paths:
+      - path: /testpath
+        pathType: Prefix
+        backend:
+          service:
+            name: test
+            port:
+              number: 80
diff --git a/content/hi/examples/service/networking/name-virtual-host-ingress-no-third-host.yaml b/content/hi/examples/service/networking/name-virtual-host-ingress-no-third-host.yaml
new file mode 100644
index 0000000000000..16a560b1ff287
--- /dev/null
+++ b/content/hi/examples/service/networking/name-virtual-host-ingress-no-third-host.yaml
@@ -0,0 +1,35 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: name-virtual-host-ingress-no-third-host
+spec:
+  rules:
+  - host: first.bar.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: service1
+            port:
+              number: 80
+  - host: second.bar.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: service2
+            port:
+              number: 80
+  - http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: service3
+            port:
+              number: 80
diff --git a/content/hi/examples/service/networking/name-virtual-host-ingress.yaml b/content/hi/examples/service/networking/name-virtual-host-ingress.yaml
new file mode 100644
index 0000000000000..213a73d261250
--- /dev/null
+++ b/content/hi/examples/service/networking/name-virtual-host-ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: name-virtual-host-ingress
+spec:
+  rules:
+  - host: foo.bar.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: service1
+            port:
+              number: 80
+  - host: bar.foo.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: service2
+            port:
+              number: 80
diff --git a/content/hi/examples/service/networking/namespaced-params.yaml b/content/hi/examples/service/networking/namespaced-params.yaml
new file mode 100644
index 0000000000000..dd567247874f4
--- /dev/null
+++ b/content/hi/examples/service/networking/namespaced-params.yaml
@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: external-lb
+spec:
+  controller: example.com/ingress-controller
+  parameters:
+    apiGroup: k8s.example.com
+    kind: IngressParameters
+    name: external-lb
+    namespace: external-configuration
+    scope: Namespace
diff --git a/content/hi/examples/service/networking/network-policy-allow-all-egress.yaml b/content/hi/examples/service/networking/network-policy-allow-all-egress.yaml
new file mode 100644
index 0000000000000..42b2a2a296655
--- /dev/null
+++ b/content/hi/examples/service/networking/network-policy-allow-all-egress.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress
+spec:
+  podSelector: {}
+  egress:
+  - {}
+  policyTypes:
+  - Egress
diff --git a/content/hi/examples/service/networking/network-policy-allow-all-ingress.yaml b/content/hi/examples/service/networking/network-policy-allow-all-ingress.yaml
new file mode 100644
index 0000000000000..462912dae4eb3
--- /dev/null
+++ b/content/hi/examples/service/networking/network-policy-allow-all-ingress.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-ingress
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  policyTypes:
+  - Ingress
diff --git a/content/hi/examples/service/networking/network-policy-default-deny-all.yaml b/content/hi/examples/service/networking/network-policy-default-deny-all.yaml
new file mode 100644
index 0000000000000..5c0086bd71e8b
--- /dev/null
+++ b/content/hi/examples/service/networking/network-policy-default-deny-all.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-all
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/content/hi/examples/service/networking/network-policy-default-deny-egress.yaml b/content/hi/examples/service/networking/network-policy-default-deny-egress.yaml
new file mode 100644
index 0000000000000..a4659e14174db
--- /dev/null
+++ b/content/hi/examples/service/networking/network-policy-default-deny-egress.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-egress
+spec:
+  podSelector: {}
+  policyTypes:
+  - Egress
diff --git a/content/hi/examples/service/networking/network-policy-default-deny-ingress.yaml b/content/hi/examples/service/networking/network-policy-default-deny-ingress.yaml
new file mode 100644
index 0000000000000..e8238024878f4
--- /dev/null
+++ b/content/hi/examples/service/networking/network-policy-default-deny-ingress.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-ingress
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
diff --git a/content/hi/examples/service/networking/networkpolicy-multiport-egress.yaml b/content/hi/examples/service/networking/networkpolicy-multiport-egress.yaml
new file mode 100644
index 0000000000000..f4c914bbec7d0
--- /dev/null
+++ b/content/hi/examples/service/networking/networkpolicy-multiport-egress.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: multi-port-egress
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      role: db
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 10.0.0.0/24
+      ports:
+        - protocol: TCP
+          port: 32000
+          endPort: 32768
+
diff --git a/content/hi/examples/service/networking/networkpolicy.yaml b/content/hi/examples/service/networking/networkpolicy.yaml
new file mode 100644
index 0000000000000..42df933c0cd36
--- /dev/null
+++ b/content/hi/examples/service/networking/networkpolicy.yaml
@@ -0,0 +1,35 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: test-network-policy
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      role: db
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  - from:
+    - ipBlock:
+        cidr: 172.17.0.0/16
+        except:
+        - 172.17.1.0/24
+    - namespaceSelector:
+        matchLabels:
+          project: myproject
+    - podSelector:
+        matchLabels:
+          role: frontend
+    ports:
+    - protocol: TCP
+      port: 6379
+  egress:
+  - to:
+    - ipBlock:
+        cidr: 10.0.0.0/24
+    ports:
+    - protocol: TCP
+      port: 5978
+
diff --git a/content/hi/examples/service/networking/nginx-policy.yaml b/content/hi/examples/service/networking/nginx-policy.yaml
new file mode 100644
index 0000000000000..89ee9886925e7
--- /dev/null
+++ b/content/hi/examples/service/networking/nginx-policy.yaml
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: access-nginx
+spec:
+  podSelector:
+    matchLabels:
+      app: nginx
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          access: "true"
diff --git a/content/hi/examples/service/networking/nginx-secure-app.yaml b/content/hi/examples/service/networking/nginx-secure-app.yaml
new file mode 100644
index 0000000000000..5ef865d52cddf
--- /dev/null
+++ b/content/hi/examples/service/networking/nginx-secure-app.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx
+  labels:
+    run: my-nginx
+spec:
+  type: NodePort
+  ports:
+  - port: 8080
+    targetPort: 80
+    protocol: TCP
+    name: http
+  - port: 443
+    protocol: TCP
+    name: https
+  selector:
+    run: my-nginx
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+spec:
+  selector:
+    matchLabels:
+      run: my-nginx
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        run: my-nginx
+    spec:
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: nginxsecret
+      - name: configmap-volume
+        configMap:
+          name: nginxconfigmap
+      containers:
+      - name: nginxhttps
+        image: bprashanth/nginxhttps:1.0
+        ports:
+        - containerPort: 443
+        - containerPort: 80
+        volumeMounts:
+        - mountPath: /etc/nginx/ssl
+          name: secret-volume
+        - mountPath: /etc/nginx/conf.d
+          name: configmap-volume
diff --git a/content/hi/examples/service/networking/nginx-svc.yaml b/content/hi/examples/service/networking/nginx-svc.yaml
new file mode 100644
index 0000000000000..12fcd5d0bfe2b
--- /dev/null
+++ b/content/hi/examples/service/networking/nginx-svc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-nginx
+  labels:
+    run: my-nginx
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+  selector:
+    run: my-nginx
diff --git a/content/hi/examples/service/networking/run-my-nginx.yaml b/content/hi/examples/service/networking/run-my-nginx.yaml
new file mode 100644
index 0000000000000..76a879f5c4c24
--- /dev/null
+++ b/content/hi/examples/service/networking/run-my-nginx.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-nginx
+spec:
+  selector:
+    matchLabels:
+      run: my-nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        run: my-nginx
+    spec:
+      containers:
+      - name: my-nginx
+        image: nginx
+        ports:
+        - containerPort: 80
+
diff --git a/content/hi/examples/service/networking/simple-fanout-example.yaml b/content/hi/examples/service/networking/simple-fanout-example.yaml
new file mode 100644
index 0000000000000..19fef9455be70
--- /dev/null
+++ b/content/hi/examples/service/networking/simple-fanout-example.yaml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: simple-fanout-example
+spec:
+  rules:
+  - host: foo.bar.com
+    http:
+      paths:
+      - path: /foo
+        pathType: Prefix
+        backend:
+          service:
+            name: service1
+            port:
+              number: 4200
+      - path: /bar
+        pathType: Prefix
+        backend:
+          service:
+            name: service2
+            port:
+              number: 8080
diff --git a/content/hi/examples/service/networking/test-ingress.yaml b/content/hi/examples/service/networking/test-ingress.yaml
new file mode 100644
index 0000000000000..acd384ab5633a
--- /dev/null
+++ b/content/hi/examples/service/networking/test-ingress.yaml
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: test-ingress
+spec:
+  defaultBackend:
+    service:
+      name: test
+      port:
+        number: 80
diff --git a/content/hi/examples/service/networking/tls-example-ingress.yaml b/content/hi/examples/service/networking/tls-example-ingress.yaml
new file mode 100644
index 0000000000000..fe5d52a0cbef0
--- /dev/null
+++ b/content/hi/examples/service/networking/tls-example-ingress.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tls-example-ingress
+spec:
+  tls:
+  - hosts:
+      - https-example.foo.com
+    secretName: testsecret-tls
+  rules:
+  - host: https-example.foo.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: service1
+            port:
+              number: 80
diff --git a/content/hi/examples/service/nginx-service.yaml b/content/hi/examples/service/nginx-service.yaml
new file mode 100644
index 0000000000000..810f0ec7d8633
--- /dev/null
+++ b/content/hi/examples/service/nginx-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+spec:
+  ports:
+  - port: 8000 # the port that this service should serve on
+    # the container on each pod to connect to, can be a name
+    # (e.g. 'www') or a number (e.g. 80)
+    targetPort: 80
+    protocol: TCP
+  # just like the selector in the deployment,
+  # but this time it identifies the set of pods to load balance
+  # traffic to.
+  selector:
+    app: nginx
diff --git a/content/hi/examples/service/pod-with-graceful-termination.yaml b/content/hi/examples/service/pod-with-graceful-termination.yaml
new file mode 100644
index 0000000000000..4a39d2d368a94
--- /dev/null
+++ b/content/hi/examples/service/pod-with-graceful-termination.yaml
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      terminationGracePeriodSeconds: 120 # extra long grace period
+      containers:
+      - name: nginx
+        image: nginx:latest
+        ports:
+        - containerPort: 80
+        lifecycle:
+          preStop:
+            exec:
+              # Real life termination may take any time up to terminationGracePeriodSeconds.
+              # In this example - just hang around for at least the duration of terminationGracePeriodSeconds,
+              # at 120 seconds container will be forcibly terminated.
+              # Note, all this time nginx will keep processing requests.
+              command: [
+                "/bin/sh", "-c", "sleep 180"
+              ]
diff --git a/content/hi/examples/storage/rro.yaml b/content/hi/examples/storage/rro.yaml
new file mode 100644
index 0000000000000..1ffc6b038971b
--- /dev/null
+++ b/content/hi/examples/storage/rro.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: rro
+spec:
+  volumes:
+    - name: mnt
+      hostPath:
+        # tmpfs is mounted on /mnt/tmpfs
+        path: /mnt
+  containers:
+    - name: busybox
+      image: busybox
+      args: ["sleep", "infinity"]
+      volumeMounts:
+        # /mnt-rro/tmpfs is not writable
+        - name: mnt
+          mountPath: /mnt-rro
+          readOnly: true
+          mountPropagation: None
+          recursiveReadOnly: Enabled
+        # /mnt-ro/tmpfs is writable
+        - name: mnt
+          mountPath: /mnt-ro
+          readOnly: true
+        # /mnt-rw/tmpfs is writable
+        - name: mnt
+          mountPath: /mnt-rw
diff --git a/content/hi/examples/storage/storageclass-low-latency.yaml b/content/hi/examples/storage/storageclass-low-latency.yaml
new file mode 100644
index 0000000000000..6a427a6717ba9
--- /dev/null
+++ b/content/hi/examples/storage/storageclass-low-latency.yaml
@@ -0,0 +1,14 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: low-latency
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "false"
+provisioner: csi-driver.example-vendor.example
+reclaimPolicy: Retain # default value is Delete
+allowVolumeExpansion: true
+mountOptions:
+  - discard # this might enable UNMAP / TRIM at the block storage layer
+volumeBindingMode: WaitForFirstConsumer
+parameters:
+  guaranteedReadWriteLatency: "true" # provider-specific
diff --git a/content/hi/examples/tls/server-signing-config.json b/content/hi/examples/tls/server-signing-config.json
new file mode 100644
index 0000000000000..86860d7369a82
--- /dev/null
+++ b/content/hi/examples/tls/server-signing-config.json
@@ -0,0 +1,15 @@
+{
+    "signing": {
+        "default": {
+            "usages": [
+                "digital signature",
+                "key encipherment",
+                "server auth"
+            ],
+            "expiry": "876000h",
+            "ca_constraint": {
+                "is_ca": false
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/basic-example-binding.yaml b/content/hi/examples/validatingadmissionpolicy/basic-example-binding.yaml
new file mode 100644
index 0000000000000..9ad4c6a319a05
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/basic-example-binding.yaml
@@ -0,0 +1,11 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: "demo-binding-test.example.com"
+spec:
+  policyName: "demo-policy.example.com"
+  validationActions: [Deny]
+  matchResources:
+    namespaceSelector:
+      matchLabels:
+        environment: test
diff --git a/content/hi/examples/validatingadmissionpolicy/basic-example-policy.yaml b/content/hi/examples/validatingadmissionpolicy/basic-example-policy.yaml
new file mode 100644
index 0000000000000..720839fd480f2
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/basic-example-policy.yaml
@@ -0,0 +1,14 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "demo-policy.example.com"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments"]
+  validations:
+    - expression: "object.spec.replicas <= 5"
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/binding-with-param-prod.yaml b/content/hi/examples/validatingadmissionpolicy/binding-with-param-prod.yaml
new file mode 100644
index 0000000000000..b0ad21916235f
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/binding-with-param-prod.yaml
@@ -0,0 +1,17 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: "replicalimit-binding-nontest"
+spec:
+  policyName: "replicalimit-policy.example.com"
+  validationActions: [Deny]
+  paramRef:
+    name: "replica-limit-prod.example.com"
+    namespace: "default"
+  matchResources:
+    namespaceSelector:
+      matchExpressions:
+      - key: environment
+        operator: NotIn
+        values:
+        - test
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/binding-with-param.yaml b/content/hi/examples/validatingadmissionpolicy/binding-with-param.yaml
new file mode 100644
index 0000000000000..596d21e459f3a
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/binding-with-param.yaml
@@ -0,0 +1,14 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: "replicalimit-binding-test.example.com"
+spec:
+  policyName: "replicalimit-policy.example.com"
+  validationActions: [Deny]
+  paramRef:
+    name: "replica-limit-test.example.com"
+    namespace: "default"
+  matchResources:
+    namespaceSelector:
+      matchLabels:
+        environment: test
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/failure-policy-ignore.yaml b/content/hi/examples/validatingadmissionpolicy/failure-policy-ignore.yaml
new file mode 100644
index 0000000000000..04fbf2ce9d26b
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/failure-policy-ignore.yaml
@@ -0,0 +1,7 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+spec:
+...
+failurePolicy: Ignore # The default is "Fail"
+validations:
+- expression: "object.spec.xyz == params.x"  
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/policy-with-param.yaml b/content/hi/examples/validatingadmissionpolicy/policy-with-param.yaml
new file mode 100644
index 0000000000000..03977e275d494
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/policy-with-param.yaml
@@ -0,0 +1,18 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "replicalimit-policy.example.com"
+spec:
+  failurePolicy: Fail
+  paramKind:
+    apiVersion: rules.example.com/v1
+    kind: ReplicaLimit
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments"]
+  validations:
+    - expression: "object.spec.replicas <= params.maxReplicas"
+      reason: Invalid
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/replicalimit-param-prod.yaml b/content/hi/examples/validatingadmissionpolicy/replicalimit-param-prod.yaml
new file mode 100644
index 0000000000000..ba1832d16a925
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/replicalimit-param-prod.yaml
@@ -0,0 +1,5 @@
+apiVersion: rules.example.com/v1
+kind: ReplicaLimit
+metadata:
+  name: "replica-limit-prod.example.com"
+maxReplicas: 100
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/replicalimit-param.yaml b/content/hi/examples/validatingadmissionpolicy/replicalimit-param.yaml
new file mode 100644
index 0000000000000..9d8ceee220190
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/replicalimit-param.yaml
@@ -0,0 +1,6 @@
+apiVersion: rules.example.com/v1
+kind: ReplicaLimit
+metadata:
+  name: "replica-limit-test.example.com"
+  namespace: "default"
+maxReplicas: 3
diff --git a/content/hi/examples/validatingadmissionpolicy/typechecking-multiple-match.yaml b/content/hi/examples/validatingadmissionpolicy/typechecking-multiple-match.yaml
new file mode 100644
index 0000000000000..620fea458cae4
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/typechecking-multiple-match.yaml
@@ -0,0 +1,15 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "replica-policy.example.com"
+spec:
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments","replicasets"]
+  validations:
+  - expression: "object.replicas > 1" # should be "object.spec.replicas > 1"
+    message: "must be replicated"
+    reason: Invalid
\ No newline at end of file
diff --git a/content/hi/examples/validatingadmissionpolicy/typechecking.yaml b/content/hi/examples/validatingadmissionpolicy/typechecking.yaml
new file mode 100644
index 0000000000000..a44fdc30893fb
--- /dev/null
+++ b/content/hi/examples/validatingadmissionpolicy/typechecking.yaml
@@ -0,0 +1,15 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "deploy-replica-policy.example.com"
+spec:
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments"]
+  validations:
+  - expression: "object.replicas > 1" # should be "object.spec.replicas > 1"
+    message: "must be replicated"
+    reason: Invalid
diff --git a/content/hi/examples/windows/configmap-pod.yaml b/content/hi/examples/windows/configmap-pod.yaml
new file mode 100644
index 0000000000000..661cb73deeba5
--- /dev/null
+++ b/content/hi/examples/windows/configmap-pod.yaml
@@ -0,0 +1,31 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: example-config
+data:
+  example.property.1: hello
+  example.property.2: world
+
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: configmap-pod
+spec:
+  containers:
+  - name: configmap-redis
+    image: redis:3.0-nanoserver
+    env:
+      - name: EXAMPLE_PROPERTY_1
+        valueFrom:
+          configMapKeyRef:
+            name: example-config
+            key: example.property.1
+      - name: EXAMPLE_PROPERTY_2
+        valueFrom:
+          configMapKeyRef:
+            name: example-config
+            key: example.property.2
+  nodeSelector:
+    kubernetes.io/os: windows
\ No newline at end of file
diff --git a/content/hi/examples/windows/daemonset.yaml b/content/hi/examples/windows/daemonset.yaml
new file mode 100644
index 0000000000000..7483708fc7525
--- /dev/null
+++ b/content/hi/examples/windows/daemonset.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: my-daemonset
+  labels:
+    app: foo
+spec:
+  selector:
+    matchLabels:
+      app: foo
+  template:
+    metadata:
+      labels:
+        app: foo
+    spec:
+      containers:
+      - name: foo
+        image: microsoft/windowsservercore:1709
+      nodeSelector:
+        kubernetes.io/os: windows
+
diff --git a/content/hi/examples/windows/deploy-hyperv.yaml b/content/hi/examples/windows/deploy-hyperv.yaml
new file mode 100644
index 0000000000000..c8b71ce8cbddf
--- /dev/null
+++ b/content/hi/examples/windows/deploy-hyperv.yaml
@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: iis
+spec:
+  selector:
+    matchLabels:
+      app: iis
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: iis
+      annotations:
+        experimental.windows.kubernetes.io/isolation-type: hyperv
+    spec:
+      containers:
+      - name: iis
+        image: microsoft/iis
+        ports:
+        - containerPort: 80
+
diff --git a/content/hi/examples/windows/deploy-resource.yaml b/content/hi/examples/windows/deploy-resource.yaml
new file mode 100644
index 0000000000000..81207a3804a49
--- /dev/null
+++ b/content/hi/examples/windows/deploy-resource.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: iis
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: iis
+  template:
+    metadata:
+      labels:
+        app: iis
+    spec:
+      containers:
+      - name: iis
+        image: microsoft/iis
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: 2
+        ports:
+        - containerPort: 80
+
diff --git a/content/hi/examples/windows/emptydir-pod.yaml b/content/hi/examples/windows/emptydir-pod.yaml
new file mode 100644
index 0000000000000..08d8091391655
--- /dev/null
+++ b/content/hi/examples/windows/emptydir-pod.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-empty-dir-pod
+spec:
+  containers:
+  - image: microsoft/windowsservercore:1709
+    name: my-empty-dir-pod
+    volumeMounts:
+    - mountPath: /cache
+      name: cache-volume
+    - mountPath: C:/scratch
+      name: scratch-volume
+  volumes:
+  - name: cache-volume
+    emptyDir: {}
+  - name: scratch-volume
+    emptyDir: {}
+  nodeSelector:
+    kubernetes.io/os: windows
diff --git a/content/hi/examples/windows/hostpath-volume-pod.yaml b/content/hi/examples/windows/hostpath-volume-pod.yaml
new file mode 100644
index 0000000000000..d95e345b6cde4
--- /dev/null
+++ b/content/hi/examples/windows/hostpath-volume-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hostpath-volume-pod
+spec:
+  containers:
+  - name: my-hostpath-volume-pod
+    image: microsoft/windowsservercore:1709
+    volumeMounts:
+    - name: foo
+      mountPath: "C:\\etc\\foo"
+      readOnly: true
+  nodeSelector:
+    kubernetes.io/os: windows
+  volumes:
+  - name: foo
+    hostPath:
+     path: "C:\\etc\\foo"
diff --git a/content/hi/examples/windows/run-as-username-container.yaml b/content/hi/examples/windows/run-as-username-container.yaml
new file mode 100644
index 0000000000000..77b7b2d18813b
--- /dev/null
+++ b/content/hi/examples/windows/run-as-username-container.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: run-as-username-container-demo
+spec:
+  securityContext:
+    windowsOptions:
+      runAsUserName: "ContainerUser"
+  containers:
+  - name: run-as-username-demo
+    image: mcr.microsoft.com/windows/servercore:ltsc2019
+    command: ["ping", "-t", "localhost"]
+    securityContext:
+        windowsOptions:
+            runAsUserName: "ContainerAdministrator"
+  nodeSelector:
+    kubernetes.io/os: windows
diff --git a/content/hi/examples/windows/run-as-username-pod.yaml b/content/hi/examples/windows/run-as-username-pod.yaml
new file mode 100644
index 0000000000000..281bbda597e38
--- /dev/null
+++ b/content/hi/examples/windows/run-as-username-pod.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: run-as-username-pod-demo
+spec:
+  securityContext:
+    windowsOptions:
+      runAsUserName: "ContainerUser"
+  containers:
+  - name: run-as-username-demo
+    image: mcr.microsoft.com/windows/servercore:ltsc2019
+    command: ["ping", "-t", "localhost"]
+  nodeSelector:
+    kubernetes.io/os: windows
diff --git a/content/hi/examples/windows/secret-pod.yaml b/content/hi/examples/windows/secret-pod.yaml
new file mode 100644
index 0000000000000..69ee9b1f1e4db
--- /dev/null
+++ b/content/hi/examples/windows/secret-pod.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysecret
+type: Opaque
+data:
+  username: YWRtaW4=
+  password: MWYyZDFlMmU2N2Rm
+
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-secret-pod
+spec:
+  containers:
+  - name: my-secret-pod
+    image: microsoft/windowsservercore:1709
+    env:
+      - name: USERNAME
+        valueFrom:
+          secretKeyRef:
+            name: mysecret
+            key: username
+      - name: PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: mysecret
+            key: password
+  nodeSelector:
+    kubernetes.io/os: windows
diff --git a/content/hi/examples/windows/simple-pod.yaml b/content/hi/examples/windows/simple-pod.yaml
new file mode 100644
index 0000000000000..0b1f0ed5c5dd7
--- /dev/null
+++ b/content/hi/examples/windows/simple-pod.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: iis
+  labels:
+    name: iis
+spec:
+  containers:
+    - name: iis
+      image: microsoft/iis:windowsservercore-1709
+      ports:
+        - containerPort: 80
+  nodeSelector:
+    "kubernetes.io/os": windows