Fix Vale Spelling and Terms lint violations across docs#2597
Open
ctauchen wants to merge 2 commits intotigera:mainfrom
Open
Fix Vale Spelling and Terms lint violations across docs#2597ctauchen wants to merge 2 commits intotigera:mainfrom
ctauchen wants to merge 2 commits intotigera:mainfrom
Conversation
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
❌ Deploy Preview for tigera failed. Why did it fail? →Built without sensitive environment variables
|
Resolve ~1700 Vale lint violations (from 2183 down to ~460 false positives): - Add code font (backticks) to parameter names, field names, and values in tables and prose across all three product doc sets - Fix capitalization/casing for technical terms (YAML, BGP, DNS, IPAM, Kubernetes, DaemonSet, ConfigMap, WireGuard, CoreDNS, etc.) - Apply correct substitutions (for example, integers instead of ints, destination instead of dest, and so on instead of etc.) - Expand Vale vocabulary accept lists for legitimate technical terms, acronyms, tool names, brand names, and doc-specific names - Fix miscellaneous issues: missing spaces, incorrect casing of proper nouns (Intel, OpenDev), informal language (rearchitected -> redesigned) - Add helper scripts for automated vale fix application Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ctauchen
commented
Mar 24, 2026
calico-cloud/compliance/overview.mdx
Outdated
| Report permissions are granted using the standard Kubernetes RBAC based on ClusterRole and ClusterRoleBindings. The following table outlines the required RBAC verbs for each resource type for a specific user actions. | ||
|
|
||
| | **Action** | **globalreporttypes** | **globalreports** | **globalreports/status** | | ||
| | **Action** | **`globalreporttypes`** | **`globalreports`** | **`globalreports`/status** | |
Collaborator
Author
There was a problem hiding this comment.
globalreports/status needs to be globalreports/status
Comment on lines
401
to
411
| @@ -410,9 +410,9 @@ kubectl get tigerastatus | |||
| | 8 | monitor | TRUE | FALSE | FALSE | 11m | | |||
| | 9 | runtime-security | TRUE | FALSE | FALSE | 10m | | |||
Collaborator
Author
There was a problem hiding this comment.
Error in original. Remove the backticks from apiserver, put the entire section in a code block.
| ### Allow ICMP matching protocol type and code, all Kubernetes pods | ||
|
|
||
| In this example, only Kubernetes pods that match the selector **projectcalico.org/orchestrator == 'kubernetes'** are allowed to receive ICMPv4 **code: 1 host unreachable** messages. | ||
| In this example, only Kubernetes pods that match the selector **projectcalico.org/orchestrator == 'Kubernetes'** are allowed to receive ICMPv4 **code: 1 host unreachable** messages. |
Collaborator
Author
There was a problem hiding this comment.
revert, change bold to code font.
projectcalico.org/orchestrator == 'kubernetes'
| ``` | ||
|
|
||
| To allow ingress traffic from endpoints in other namespaces, use a **namespaceSelector** in the policy rule. A namespaceSelector matches one or more namespaces based on the labels that are applied on the namespace. In the following example, ingress traffic is also allowed from endpoints with **color: blue** in namespaces with **shape: circle**. | ||
| To allow ingress traffic from endpoints in other namespaces, use a **`namespaceSelector`** in the policy rule. A `namespaceSelector` matches one or more namespaces based on the labels that are applied on the namespace. In the following example, ingress traffic is also allowed from endpoints with **color: blue** in namespaces with **shape: circle**. |
Collaborator
Author
There was a problem hiding this comment.
Here, change bold to just code font.
For all similar changes, do the following:
- If the term is one of these code parameter things AND it makes sense for it to be in bold (table header, part of list with other bold items, etc.), then keep it ad bold and code font.
- If the term is in normal body text, and the bold is just being used in place of code font, then change to just code font.
Do this globally.
| | Calico label | Usage requirements | Use in these resources... | | ||
| | --------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | | ||
| | `projectcalico.org/name` | Use with a **namespaceSelector** or **serviceAccountSelector**. | - Network policy<br />- Staged network policy<br /><br />Namespaced resources that apply only to workload endpoint resources in the namespace.<br /> | | ||
| | `projectcalico.org/name` | Use with a **`namespaceSelector`** or **serviceAccountSelector**. | - Network policy<br />- Staged network policy<br /><br />Namespaced resources that apply only to workload endpoint resources in the namespace.<br /> | |
Collaborator
Author
There was a problem hiding this comment.
Here, for example, nameSpaceSelector and serviceAccoutnSelector should both be in code font.
| | `vxlanTunnelMACAddr` | MAC address of the VXLAN tunnel. This is system configured and should not be updated manually. | | string | | ||
| | `vxlanTunnelMACAddrV6` | MAC address of the IPv6 VXLAN tunnel. This is system configured and should not be updated manually. | | string | | ||
| | `orchRefs` | Correlates this node to a node in another orchestrator. | | list of [OrchRefs](#orchref) | | ||
| | `wireguard` | WireGuard configuration for this node. This is applicable only if WireGuard is enabled in [Felix Configuration](felixconfig.mdx). | | [WireGuard](#WireGuard) | |
Collaborator
Author
There was a problem hiding this comment.
Doublecheck all changes to pagerefs. Generally they should all be lowercase, I think.
| ``` | ||
|
|
||
| The configuration file starts with importing the appropriate rule set config. We use Coraza WAF's recommended [Core Rule Set setup](https://coraza.io/docs/tutorials/coreruleset/) files: | ||
| The configuration file starts with importing the appropriate rule set config. We use Coraza WAF's recommended [Core Rule Set setup](https://coraza.io/docs/tutorials/`coreruleset`/) files: |
Collaborator
Author
There was a problem hiding this comment.
Come one. Backticks in URL?
|
|
||
| 1. Coraza recommended configuration with [coraza.conf](https://github.com/corazawaf/coraza-coreruleset/blob/main/rules/%40coraza.conf-recommended) and [crs-setup.conf](https://github.com/corazawaf/coraza-coreruleset/blob/main/rules/%40crs-setup.conf.example) (kept in the same ConfigMap) | ||
| 1. The rest of the [coreruleset](https://github.com/corazawaf/coraza-coreruleset/tree/main/rules/%40owasp_crs) files, currently [v4.7.0](https://github.com/corazawaf/coraza-coreruleset/tree/v4.7.0/rules/%40owasp_crs) | ||
| 1. Coraza recommended configuration with [coraza.conf](https://github.com/corazawaf/coraza-`coreruleset`/blob/main/rules/%40coraza.conf-recommended) and [crs-setup.conf](https://github.com/corazawaf/coraza-`coreruleset`/blob/main/rules/%40crs-setup.conf.example) (kept in the same ConfigMap) |
|
|
||
| It is important to adhere to the [Core Rule Set documentation](https://coreruleset.org/docs) on how to edit the behaviour of | ||
| your WAF. A good place to begin at is the [Installing Core Rule Set](https://coreruleset.org/docs/1-getting-started/1-1-crs-installation/). | ||
| It is important to adhere to the [Core Rule Set documentation](https://`coreruleset`.org/docs) on how to edit the behaviour of |
Collaborator
Author
There was a problem hiding this comment.
Rediculous. You can't modify URLS like this. Check all URLS in the diff and make this go away.
Comment on lines
286
to
290
| - User.Read | ||
| - OpenId permissions: | ||
| - openid | ||
| - `openid` | ||
| - profile No newline at end of file |
Collaborator
Author
There was a problem hiding this comment.
THis looks like a list that should be either all code or all not code.
…nd links - Revert backticks inserted into URLs (coreruleset, openid, avf, etc.) - Revert backticks inserted into markdown link paths (bgpconfig, felixconfig, eval, etc.) - Restore deleted selector expression descriptions in containeradmissionpolicy - Restore deleted felixconfig row description - Fix uppercase page ref anchors to lowercase (BGP, WireGuard, ICMP, Fluentd) - Fix bold-to-code-font: body text gets code only, not bold+code - Fix split backticks in slash-separated paths (globalreports/status) - Revert label value case change (kubernetes not Kubernetes in selectors) - Ensure consistent code font in table columns and lists - Replace inline backticks with code block in operator-checklist Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ctauchen
commented
Mar 24, 2026
| ``` | ||
|
|
||
| To allow ingress traffic from endpoints in other namespaces, use a **namespaceSelector** in the policy rule. A namespaceSelector matches namespaces based on the labels that are applied in the namespace. In the following example, ingress traffic is allowed from endpoints in namespaces that match **shape == circle**. | ||
| To allow ingress traffic from endpoints in other namespaces, use a **`namespaceSelector`** in the policy rule. A `namespaceSelector` matches namespaces based on the labels that are applied in the namespace. In the following example, ingress traffic is allowed from endpoints in namespaces that match **shape == circle**. |
Collaborator
Author
There was a problem hiding this comment.
This has asterisks that should be only backtickts. same with shape == circle.
| > In the left navigation menu, select **Service Graph**, **Default**. | ||
|
|
||
| The default view in Service Graph provides a representation of how namespaces within the cluster are communicating with each other. Each namespace is represented with the standard Kubernetes icon for namespaces. There are some demo namespaces - **hipstershop**, **storefront**, and **acme** - and other Tigera namespaces that are used for $[prodname]. Egress traffic leaving the cluster is represented with globe icons. Under the hood, each of these globe icons is a custom resource called a **NetworkSet**. | ||
| The default view in Service Graph provides a representation of how namespaces within the cluster are communicating with each other. Each namespace is represented with the standard Kubernetes icon for namespaces. There are some demo namespaces - **`hipstershop`**, **storefront**, and **acme** - and other Tigera namespaces that are used for $[prodname]. Egress traffic leaving the cluster is represented with globe icons. Under the hood, each of these globe icons is a custom resource called a **NetworkSet**. |
Collaborator
Author
There was a problem hiding this comment.
all of these namespaces should be backticks instead of asterisks
| The details panel provides additional information on a selected graph node or edge. The log panel below the graph also automatically updates and/or filters data (if available) for the selection. | ||
|
|
||
| > Click on the edge between the **hipstershop** namespace, and the network set **public network**. The flow logs are automatically filtered below in the Flows tab, and you can expand any of the rows in that tab to view some of the detailed metadata that $[prodname] provides around workload communication. | ||
| > Click on the edge between the **`hipstershop`** namespace, and the network set **public network**. The flow logs are automatically filtered below in the Flows tab, and you can expand any of the rows in that tab to view some of the detailed metadata that $[prodname] provides around workload communication. |
| You can also double-click on a namespace to see services and deployments within a namespace, and how they are communicating externally, and with the rest of the cluster. | ||
|
|
||
| > Double-click **hipstershop** or **storefront**. All of the resources in purple are part of the selected namespace (which is also listed in the breadcrumb in the upper left), and anything external to the namespace is represented in blue. These views are useful when troubleshooting a specific application or microservice running in your cluster. | ||
| > Double-click **`hipstershop`** or **storefront**. All of the resources in purple are part of the selected namespace (which is also listed in the breadcrumb in the upper left), and anything external to the namespace is represented in blue. These views are useful when troubleshooting a specific application or microservice running in your cluster. |
|
|
||
| The following report schedules weekly inventory reports for _all_ endpoints. The jobs that create the reports will run | ||
| on the infrastructure nodes (e.g. nodetype == 'infrastructure'). | ||
| on the infrastructure nodes (e.g. `nodetype` == 'infrastructure'). |
Collaborator
Author
There was a problem hiding this comment.
Suggested change
| on the infrastructure nodes (e.g. `nodetype` == 'infrastructure'). | |
| on the infrastructure nodes (e.g. `nodetype == 'infrastructure'`). |
| --- | ||
|
|
||
| # calicoq eval | ||
| # calicoq `eval` |
Comment on lines
9
to
27
| @@ -26,7 +26,7 @@ Installing $[prodname] on your Kubernetes cluster is managed by the Tigera Opera | |||
| - policy-recommendation | |||
| - secrets | |||
Collaborator
Author
There was a problem hiding this comment.
all the same, this is a list of code font things
| | Field | Description | Accepted Values | Schema | Default | | ||
| | ------- | -------------------------------------------------------------------------- | ----------------------------------- | ------- | ------- | | ||
| | state | State of the affinity with regard to any referenced IPAM blocks. | confirmed, pending, pendingDeletion | string | | | ||
| | state | State of the affinity with regard to any referenced IPAM blocks. | confirmed, pending, `pendingDeletion` | string | | |
Collaborator
Author
There was a problem hiding this comment.
confirmed, pending, pendingDeletion all values, all code font
| | Field | Description | Accepted Values | Schema Default | | ||
| | -------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | -------------- | | ||
| | platform | The platform the cluster runs on. Unless running on OpenShift, can be left empty. | "", "openshift" | "" | | ||
| | platform | The platform the cluster runs on. Unless running on OpenShift, can be left empty. | "", "OpenShift" | "" | |
Collaborator
Author
There was a problem hiding this comment.
if this is a value, then keep openshift
Comment on lines
283
to
288
| | Field | Description | Accepted Values | Schema | | ||
| | -------- | -------------------- | ------------------------------------ | ------ | | ||
| | port | The exact port match | 0-65535 | int | | ||
| | protocol | The protocol match | tcp, udp, sctp | string | | ||
| | protocol | The protocol match | TCP, UDP, SCTP | string | | ||
| | net | The CIDR match | any valid CIDR (e.g. 192.168.0.0/16) | string | | ||
|
|
Collaborator
Author
There was a problem hiding this comment.
Any table with an Accepted Values column:
- If the row contains a description, keep normal.
- The the row contains actual possible values, put them in code font.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
calico/,calico-cloud/, andcalico-enterprise/docsscripts/fix-code-font.py,scripts/fix-substitutions.py,scripts/fix-terms-from-vale.py) for future automated vale fix runsRemaining violations (~460)
All remaining violations are false positives from Vale flagging terms inside compound identifiers, filenames, labels, annotations, or config values (e.g.,
values.yaml,kube-dns,prometheus-operator,cni.projectcalico.org). These cannot be fixed without rewriting legitimate content.Test plan
bash scripts/vale-lint.sh calico/ calico-cloud/ calico-enterprise/to confirm 0 errors and only false-positive warnings remain🤖 Generated with Claude Code