diff --git a/content/posts/hello-the-infra-guy.md b/content/posts/hello-the-infra-guy.md
index f0f519f..d5018ac 100644
--- a/content/posts/hello-the-infra-guy.md
+++ b/content/posts/hello-the-infra-guy.md
@@ -6,7 +6,7 @@ draft: false
 
 This post describes how I created this blog website using a couple of hours.
 
-## Objective 
+## Objective
 
 The objective is to build a website using Hugo and Github Pages.
 
@@ -16,7 +16,7 @@ Follow the steps listed below:
 
 1. Create a Github account if you do not have one
 
-2. Create a Github Repository 
+2. Create a Github Repository
 
   Keep in mind, you can't use user name and password to access Git Repo now.
   You have to use a token a SSH key for the sake of security.
diff --git a/content/posts/kubernetes-cluster-architecture-illustrated.md b/content/posts/kubernetes-cluster-architecture-illustrated.md
index 4f46d94..7716462 100644
--- a/content/posts/kubernetes-cluster-architecture-illustrated.md
+++ b/content/posts/kubernetes-cluster-architecture-illustrated.md
@@ -2,7 +2,7 @@
 title: "Kubernetes Cluster Illustrated"
 date: 2023-05-20T13:36:28-08:00
 categories: kubernetes
-draft: fasle 
+draft: fasle
 ---
 
 ## Objective
@@ -13,7 +13,7 @@ To illustrate kubernetes cluster architecture and understand critical Kubernetes
 
 ![Kubernetes Cluster Architecture](/images/kubernetes-cluster-architecture.png)
 
-## Control Plane Components 
+## Control Plane Components
 
 Control Plane components run on one or mulptile control plane nodes.
 
@@ -23,7 +23,7 @@ Control Plane components run on one or mulptile control plane nodes.
 
 kube-apiserver runs as a [static pod](https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/) or systemd daemon, configured using Pod specification or systemd unit and configuration file in /etc.
 
-### etcd 
+### etcd
 
 [etcd](https://etcd.io/docs/) is a consistent and highly-available key value store used for storing Kubernetes' cluster data.
 
@@ -37,7 +37,7 @@ kube-scheduler runs as a [static pod](https://kubernetes.io/docs/tasks/configure
 
 ### kube-controller-manager
 
-kube-controller-manager implements Node, Job, EndpointSlice and ServiceAccount controllers. 
+kube-controller-manager implements Node, Job, EndpointSlice and ServiceAccount controllers.
 
 kube-controller-manager runs as a [static pod](https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/) or systemd daemon, configured using Pod specification or systemd unit and configuration file in /etc..
 
@@ -71,14 +71,14 @@ Container runtime such as [containerd](https://github.com/containerd/containerd)
 
 Containerd runs as a system daemon, configured using systemd unit and configuration file in /etc
 
-## Kubernete Nodes 
+## Kubernete Nodes
 
 A Kubernetes cluster consists of two kinds of nodes: control plane nodes and worker nodes.
 
-Node can run on hardware, virtual platform like vSphere and KVM, cloud platform like Amazon AWS, MicrsoftAzure, Google GCP. Linux is the common Operating System running Kubernetes. Binaries and libraries are built on top of Linux Kernel, e.g Systemd, Kubelet, Containerd. Containerd/Runc is the most common container runtime. etcd, kube-apiserver, kube-scheduler, kube-control-manager, cloud-control-manager usually run as static pods on control plane nodes. kube-proxy runs as a daemonset. 
+Node can run on hardware, virtual platform like vSphere and KVM, cloud platform like Amazon AWS, MicrsoftAzure, Google GCP. Linux is the common Operating System running Kubernetes. Binaries and libraries are built on top of Linux Kernel, e.g Systemd, Kubelet, Containerd. Containerd/Runc is the most common container runtime. etcd, kube-apiserver, kube-scheduler, kube-control-manager, cloud-control-manager usually run as static pods on control plane nodes. kube-proxy runs as a daemonset.
 
 ![Kubernetes Nodes](/images/kubernetes-node.png)
-   
+
 ## References
 
 * [Kubernetes Components](https://kubernetes.io/docs/concepts/overview/components/)
diff --git a/content/posts/kubernetes-container-stack-illustrated.md b/content/posts/kubernetes-container-stack-illustrated.md
index 6c050ad..2053a76 100644
--- a/content/posts/kubernetes-container-stack-illustrated.md
+++ b/content/posts/kubernetes-container-stack-illustrated.md
@@ -5,7 +5,7 @@ categories: kubernetes
 draft: false
 ---
 
-In Kubernetes 1.24, [dockershim](https://kubernetes.io/blog/2021/11/12/are-you-ready-for-dockershim-removal/) will be removed. What does it mean, let's take a look the container stackbefore and after dockershim removal. 
+In Kubernetes 1.24, [dockershim](https://kubernetes.io/blog/2021/11/12/are-you-ready-for-dockershim-removal/) will be removed. What does it mean, let's take a look the container stackbefore and after dockershim removal.
 
 ## Objective
 
@@ -44,4 +44,4 @@ The biggest change in Kubernetes 1.24 is dockershim removal from kubelet source
 
 Performance, security and compability results in multiple OCI compatible runtimes in Kubernetes Ecosystem.
 
-[runc](https://github.com/opencontainers/runc) is the default OCI runtime in kubernetes that spawns and runs containers on Linux. While [crun](https://github.com/containers/crun) is a fast and low-memory footprint OCI Ctontainer Runtime fully written in C. [runsc](https://github.com/google/gvisor) in gVisor implement a sandbox mechanism by mapping system calls invoked in applications to less Linux system calls on the host kernel. [runnc](https://github.com/nabla-containers/runnc) in [Nabla Containers](https://nabla-containers.github.io/) achieve the same by using less Linux system calls. [kata-runtime](https://github.com/kata-containers/kata-containers/tree/main/src/runtime) is the OCI runtime in [Kata Containers](https://katacontainers.io/) that builds a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. 
+[runc](https://github.com/opencontainers/runc) is the default OCI runtime in kubernetes that spawns and runs containers on Linux. While [crun](https://github.com/containers/crun) is a fast and low-memory footprint OCI Ctontainer Runtime fully written in C. [runsc](https://github.com/google/gvisor) in gVisor implement a sandbox mechanism by mapping system calls invoked in applications to less Linux system calls on the host kernel. [runnc](https://github.com/nabla-containers/runnc) in [Nabla Containers](https://nabla-containers.github.io/) achieve the same by using less Linux system calls. [kata-runtime](https://github.com/kata-containers/kata-containers/tree/main/src/runtime) is the OCI runtime in [Kata Containers](https://katacontainers.io/) that builds a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
diff --git a/content/posts/kubernetes-service-illustrated.md b/content/posts/kubernetes-service-illustrated.md
index 58e7c88..4b7ce57 100644
--- a/content/posts/kubernetes-service-illustrated.md
+++ b/content/posts/kubernetes-service-illustrated.md
@@ -1,7 +1,7 @@
 ---
 title: "Kubernetes Service Illustrated"
 date: 2023-05-13T14:17:22-07:00
-draft: false 
+draft: false
 ---
 
 ## Objective
@@ -59,12 +59,11 @@ corresponds to `containerPort` in the Pod spec. `port` in `Sevice` spec is the p
 ### Service, Load Balancer, Ingress
 
 [Service](https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/types.go##L3999) is the main approach to [expose applications running either within or outside of the cluster](https://kubernetes.io/docs/tutorials/services/connect-applications-service/).
-Service can be exposed by LoadBalancer by [creating an external Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) such as F5. Service usually works at Layer 4 within cluster. 
+Service can be exposed by LoadBalancer by [creating an external Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) such as F5. Service usually works at Layer 4 within cluster.
 
-While [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is one way to manage external access to the Service in a Kubernete cluster via HTTP or HTTPS protocol. An Ingress may be configured to give Services externally-reachable URLs, load blance traffice, terminate SSL/TLS, and ususlly require an [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) such as [Istio Ingress](https://istio.io/latest/docs/tasks/traffic-management/ingress/kubernetes-ingress/). Ingress usually works at Layer 7. 
- 
+While [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is one way to manage external access to the Service in a Kubernete cluster via HTTP or HTTPS protocol. An Ingress may be configured to give Services externally-reachable URLs, load blance traffice, terminate SSL/TLS, and ususlly require an [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) such as [Istio Ingress](https://istio.io/latest/docs/tasks/traffic-management/ingress/kubernetes-ingress/). Ingress usually works at Layer 7.
 
 ## Reference
 *  [Explained: Kubernete Service Ports](https://nigelpoulton.com/explained-kubernetes-service-ports/)
 *  [Understanding Kubernetes service & ingress networking](https://www.cortex.io/post/understanding-kubernetes-services-ingress-networking)
-*  [Service](https://kubernetes.io/docs/concepts/services-networking/service/) 
+*  [Service](https://kubernetes.io/docs/concepts/services-networking/service/)
diff --git a/content/posts/productivity-tools.md b/content/posts/productivity-tools.md
index f8b0ab8..128a226 100644
--- a/content/posts/productivity-tools.md
+++ b/content/posts/productivity-tools.md
@@ -10,19 +10,19 @@ This post collects productivity tools used in my daily worklife.
 1. [Excalidraw](https://excalidraw.com/): Draw a diagram
 2. [DokuWiki](https://www.dokuwiki.org/dokuwiki): a Wiki for yourself
 
-## Programming 
+## Programming
 1. [Visual Studio Code](https://code.visualstudio.com/): Code editor
 2. [SourceGraph](https://sourcegraph.com/search): Search the code in Github
 3. [OpenGrok](https://oracle.github.io/opengrok/): Search any code, host your own
 4. [git](https://git-scm.com/): Distributed version control system
 4. [github.com](github.com): Well known code repository
 5. [Review Board](https://www.reviewboard.org/): Code review tool
-6. [Gerrit Code Review](https://www.gerritcodereview.com/): Another code review tool: Another code review tool 
+6. [Gerrit Code Review](https://www.gerritcodereview.com/): Another code review tool: Another code review tool
 7. [Jenkins](https://www.jenkins.io/): CI/CD tools
 8. [JIRA](https://jira.atlassian.com/): an enterprise bug tracking system
-9. [Bugzilla](https://www.bugzilla.org/): an open source bug tracking system 
+9. [Bugzilla](https://www.bugzilla.org/): an open source bug tracking system
 10. [remark](https://github.com/gnab/remark): A simple, in-browser, markdown-driven slideshow tool.
 
 ## Linux Kernel
-1. [Linux Kernel Cross Reference](https://elixir.bootlin.com/linux/latest/source) 
-1. [Linux Kernel CVEs](https://www.linuxkernelcves.com/cves/) 
+1. [Linux Kernel Cross Reference](https://elixir.bootlin.com/linux/latest/source)
+1. [Linux Kernel CVEs](https://www.linuxkernelcves.com/cves/)
diff --git a/content/posts/security-concepts-illustrated.md b/content/posts/security-concepts-illustrated.md
index 07c8db9..0447535 100644
--- a/content/posts/security-concepts-illustrated.md
+++ b/content/posts/security-concepts-illustrated.md
@@ -51,6 +51,7 @@ The CSR will be approve and signed by a Certificate Authority(CA), and come back
 Once you got the certicate, you can understand [how TLS/SSL cetificates work](https://www.digicert.com/how-tls-ssl-certificates-work)
 
 ## References
+1. [Learning SSL](https://www.bbkane.com/blog/learn-ssl/)
 1. [How PGP works](http://users.ece.cmu.edu/~adrian/630-f04/PGP-intro.html)
 1. [Overview of Symmetric Encryption](https://www.cryptomathic.com/news-events/blog/an-overview-of-symmetric-encryption-and-the-key-lifecycle)
 1. [OpenSSL 3.0 Doc](https://www.openssl.org/docs/man3.0/)
diff --git a/content/posts/vsphere-csi-driver-illustrated.md b/content/posts/vsphere-csi-driver-illustrated.md
index b40c661..4f389af 100644
--- a/content/posts/vsphere-csi-driver-illustrated.md
+++ b/content/posts/vsphere-csi-driver-illustrated.md
@@ -10,7 +10,7 @@ draft: false
 
 To understand how [vSphere CSI driver](https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/2.0/vmware-vsphere-csp-getting-started/GUID-74AF02D7-1562-48BD-A9FE-C81A53342AC3.html) works and is being deployed.
 
-## vSphere CSI Driver Architecture 
+## vSphere CSI Driver Architecture
 ![vSphere CSI Driver Architecture](/images/vsphere-csi-driver-architecture.png)
 
 ## vSphere CSI Driver Deployment
@@ -34,7 +34,7 @@ and triggers `ControllerExpandVolume` operation.
 See [Description](https://kubernetes-csi.github.io/docs/external-resizer.html##description) and [Github](https://github.com/kubernetes-csi/external-resizer) for further details.
 
 ### csi-attacher
-csi-attacher is a sidecar container that attaches volumes to nodes by calling `ControllerPublish` and `ControllerUnpublish` functions of CSI drivers. 
+csi-attacher is a sidecar container that attaches volumes to nodes by calling `ControllerPublish` and `ControllerUnpublish` functions of CSI drivers.
 
 See [Description](https://kubernetes-csi.github.io/docs/external-attacher.html##description) and [Github](https://github.com/kubernetes-csi/external-attacher) for further details.
 
diff --git a/content/posts/which-node-is-pod-running-on.md b/content/posts/which-node-is-pod-running-on.md
index da24bb5..952d6e2 100644
--- a/content/posts/which-node-is-pod-running-on.md
+++ b/content/posts/which-node-is-pod-running-on.md
@@ -17,7 +17,7 @@ To bind applications to a Kubernete node, there are two ways:
 *  Static Binding
 *  Dynamic Scheduling
 
-### Static Binding 
+### Static Binding
 
 Critical Linux system daemons such as [systemd](https://www.freedesktop.org/wiki/Software/systemd/), [chrony](https://chrony.tuxfamily.org/), [Network Manager](https://networkmanager.dev/), [kubelet](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/), [Container Runtimes](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) are required to run on each node as standalone programs. Kubernetes control plane components are running in [static pods](https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/), which are managed directly by the kubelet daemon using [manifest files](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) under `/etc/kubernetes/manifests`. Static pod can not refer to other Kubernetes objects like Service Account, ConfigMap, Secret, etc, and do not support [ephemeral containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/).
 
@@ -25,7 +25,7 @@ To make system daemons or static pods run on a particular node is to preload or
 
 ![Kubernetes System Applications](/images/kubernetes-system-applications.png)
 
-### Dynamic Scheduling 
+### Dynamic Scheduling
 
 The kube-scheduler dynamically schedules pods to a worker node by considering the pod's preferences specified in PodSpec and the node's [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). Node labels can be attached manually or be well-known labels populated by kubelet.
 
@@ -35,13 +35,13 @@ The kube-scheduler dynamically schedules pods to a worker node by considering th
 
 ![Kubernetes Application NodeSelector](/images/kubernetes-application-nodeselector.png)
 
-### Node affinity 
+### Node affinity
 
 Node affinity is similar to `nodeSelector`, allowing Pod to be scheduled based on node labels. There are two types of node affinity: `requiredDuringSchedulingIgnoredDuringExecution` and `preferredDuringSchedulingIgnoredDuringExecution`. Node affinity can be specified using `.spec.affinity.nodeAffinity` field in Pod spec.
 
 ![Kubernetes Application NodeAffinity](/images/kubernetes-application-nodeaffinity.png)
 
-### Inter-pod affinity and  anti-affinity 
+### Inter-pod affinity and anti-affinity
 
 Inter-pod affinity and anti-affinity allow to contrain which nodes Pods can be scheduled on based on the labels of Pods already running on the node, instead of the node labels. Two types of inter-node affinity and anti-affinity exist: `requiredDuringSchedulingIgnoredDuringExecution` and `preferredDuringSchedulingIgnoredDuringExecution`. `affinity.podAffinity` field is used for inter-pod affinity; while `affinity.podAntiAffinity` field is used for inter-pod anti-affinity.
 
@@ -51,7 +51,7 @@ See [Zookeeper tutorial](https://kubernetes.io/docs/tutorials/stateful-applicati
 
 ### Taints and Tolerations
 
-Node affinity attracts Pods to a set of nodes; while Taints allow a node to repel a set ofpods.  Taints are a special kind of key/value with taint effect that are applied to nodes.The node should not accept any pods that do not tolerate the taints. Toerations are applied to pods. Tolerations allow the scheduler to schedule pods with matching taints. 
+Node affinity attracts Pods to a set of nodes; while Taints allow a node to repel a set ofpods.  Taints are a special kind of key/value with taint effect that are applied to nodes.The node should not accept any pods that do not tolerate the taints. Toerations are applied to pods. Tolerations allow the scheduler to schedule pods with matching taints.
 
 ![Kubernetes Application Taints](/images/kubernetes-application-taints.png)
 
@@ -63,7 +63,7 @@ specify the `nodeName` and overrules `nodeSelector` or affinity and anti-affinit
 
 ![Kubernetes Application NodeName](/images/kubernetes-application-nodename.png)
 
-### Pod topology spread constaints 
+### Pod topology spread constaints
 
 Topology spread constaints is used to control how pods are spread across cluster among failure-domains such as regions, zones, nodes.