diff --git a/.markdownlint.json b/.markdownlint.json
new file mode 100644
index 000000000000..77e84eb5ba6b
--- /dev/null
+++ b/.markdownlint.json
@@ -0,0 +1,13 @@
+{
+    "default": false,
+    "MD002": { "level": 2 },
+    "MD007": { "indent": 4 },
+    "MD013": false,
+    "MD026": { "punctuation": ".,;:!" }, 
+    "MD014": false,
+    "MD030": false,
+    "MD032": false,
+    "MD033": false,
+    "MD041": false,
+    "MD046": false
+  }
\ No newline at end of file
diff --git a/common/Makefile.common.mk b/common/Makefile.common.mk
index 6e9b85bb0f80..6ef610b6221d 100644
--- a/common/Makefile.common.mk
+++ b/common/Makefile.common.mk
@@ -50,7 +50,8 @@ lint-python:
 	@${FINDFILES} -name '*.py' \( ! \( -name '*_pb2.py' \) \) -print0 | ${XARGS} autopep8 --max-line-length 160 --exit-code -d
 
 lint-markdown:
-	@${FINDFILES} -name '*.md' -not -path './manifests/addons/dashboards/*' -print0 | ${XARGS} mdl --ignore-front-matter --style common/config/mdl.rb
+	@${FINDFILES} -name '*.md' -not -path './manifests/addons/dashboards/*' -print0 | ${XARGS} markdownlint-cli2 --config .markdownlint.json
+
 
 lint-links:
 	@${FINDFILES} -name '*.md' -print0 | ${XARGS} awesome_bot --skip-save-results --allow_ssl --allow-timeout --allow-dupe --allow-redirect --white-list ${MARKDOWN_LINT_ALLOWLIST}
diff --git a/common/config/mdl.rb b/common/config/mdl.rb
deleted file mode 100644
index 8764f94d7263..000000000000
--- a/common/config/mdl.rb
+++ /dev/null
@@ -1,12 +0,0 @@
-all
-rule 'MD002', :level => 1
-rule 'MD007', :indent => 4
-rule 'MD013', :line_length => 160, :code_blocks => false, :tables => false
-rule 'MD026', :punctuation => ".,;:!"
-exclude_rule 'MD013'
-exclude_rule 'MD014'
-exclude_rule 'MD030'
-exclude_rule 'MD032'
-exclude_rule 'MD033'
-exclude_rule 'MD041'
-exclude_rule 'MD046'
diff --git a/content/en/about/faq/metrics-and-logs/life-of-a-request.md b/content/en/about/faq/metrics-and-logs/life-of-a-request.md
index e729aa8fc498..deace0908cbc 100644
--- a/content/en/about/faq/metrics-and-logs/life-of-a-request.md
+++ b/content/en/about/faq/metrics-and-logs/life-of-a-request.md
@@ -2,7 +2,7 @@
 title: How to figure out what happened to a request in Istio?
 weight: 80
 ---
-
+<!-- markdownlint-disable MD026 -->
 You can enable [tracing](/docs/tasks/observability/distributed-tracing/) to determine the flow of a request in Istio.
 
 Additionally, you can use the following commands to know more about the state of the mesh:
diff --git a/content/en/about/faq/traffic-management/cors.md b/content/en/about/faq/traffic-management/cors.md
index 23b3f5d3a27a..edfafdf23598 100644
--- a/content/en/about/faq/traffic-management/cors.md
+++ b/content/en/about/faq/traffic-management/cors.md
@@ -2,7 +2,7 @@
 title: Why is my CORS configuration not working?
 weight: 40
 ---
-
+<!-- markdownlint-disable MD007 -->
 After applying [CORS configuration](/docs/reference/config/networking/virtual-service/#CorsPolicy), you may find that seemingly nothing happened and wonder what went wrong.
 CORS is a commonly misunderstood HTTP concept that often leads to confusion when configuring.
 
diff --git a/content/en/about/faq/traffic-management/ingress-with-no-route-rules.md b/content/en/about/faq/traffic-management/ingress-with-no-route-rules.md
index 1cbf71a1e88b..de66137d3071 100644
--- a/content/en/about/faq/traffic-management/ingress-with-no-route-rules.md
+++ b/content/en/about/faq/traffic-management/ingress-with-no-route-rules.md
@@ -2,7 +2,7 @@
 title: Can I use standard Ingress specification without any route rules?
 weight: 40
 ---
-
+<!-- markdownlint-disable MD007 -->
 Simple ingress specifications, with host, TLS, and exact path based
 matches will work out of the box without the need for route
 rules. However, note that the path used in the ingress resource should
diff --git a/content/en/blog/2017/0.1-canary/index.md b/content/en/blog/2017/0.1-canary/index.md
index ef4105d991ba..486a47e59396 100644
--- a/content/en/blog/2017/0.1-canary/index.md
+++ b/content/en/blog/2017/0.1-canary/index.md
@@ -8,7 +8,7 @@ keywords: [traffic-management,canary]
 aliases:
     - /blog/canary-deployments-using-istio.html
 ---
-
+<!-- markdownlint-disable MD007 MD026-->
 {{< tip >}}
 This post was updated on May 16, 2018 to use the latest version of the traffic management model.
 {{< /tip >}}
diff --git a/content/en/blog/2017/0.1-using-network-policy/index.md b/content/en/blog/2017/0.1-using-network-policy/index.md
index 772277b8db0d..d36b2ade1328 100644
--- a/content/en/blog/2017/0.1-using-network-policy/index.md
+++ b/content/en/blog/2017/0.1-using-network-policy/index.md
@@ -8,6 +8,7 @@ aliases:
     - /blog/using-network-policy-in-concert-with-istio.html
 target_release: 0.1
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 The use of Network Policy to secure applications running on Kubernetes is a now a widely accepted industry best practice.  Given that Istio also supports policy, we want to spend some time explaining how Istio policy and Kubernetes Network Policy interact and support each other to deliver your application securely.
 
diff --git a/content/en/blog/2018/egress-https/index.md b/content/en/blog/2018/egress-https/index.md
index 518a6b7eb07a..eba9e157e0fc 100644
--- a/content/en/blog/2018/egress-https/index.md
+++ b/content/en/blog/2018/egress-https/index.md
@@ -8,7 +8,7 @@ attribution: Vadim Eisenberg
 keywords: [traffic-management,egress,https]
 target_release: 1.1
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 In many cases, not all the parts of a microservices-based application reside in a _service mesh_. Sometimes, the
 microservices-based applications use functionality provided by legacy systems that reside outside the mesh. You may want
 to migrate these systems to the service mesh gradually. Until these systems are migrated, they must be accessed by the
diff --git a/content/en/blog/2018/egress-mongo/index.md b/content/en/blog/2018/egress-mongo/index.md
index 97c93a40cdb7..779d779f7bac 100644
--- a/content/en/blog/2018/egress-mongo/index.md
+++ b/content/en/blog/2018/egress-mongo/index.md
@@ -8,6 +8,7 @@ attribution: Vadim Eisenberg
 keywords: [traffic-management,egress,tcp,mongo]
 target_release: 1.1
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 In the [Consuming External TCP Services](/blog/2018/egress-tcp/) blog post, I described how external services
 can be consumed by in-mesh Istio applications via TCP. In this post, I demonstrate consuming external MongoDB services.
diff --git a/content/en/blog/2018/export-logs-through-stackdriver/index.md b/content/en/blog/2018/export-logs-through-stackdriver/index.md
index 4bfa7e727324..f279de64f4cc 100644
--- a/content/en/blog/2018/export-logs-through-stackdriver/index.md
+++ b/content/en/blog/2018/export-logs-through-stackdriver/index.md
@@ -6,6 +6,7 @@ subtitle:
 attribution: Nupur Garg and Douglas Reid
 target_release: 0.8
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 This post shows how to direct Istio logs to [Stackdriver](https://cloud.google.com/stackdriver/)
 and export those logs to various configured sinks such as such as
diff --git a/content/en/blog/2018/incremental-traffic-management/index.md b/content/en/blog/2018/incremental-traffic-management/index.md
index 83210ab7ed51..32479b05fa77 100644
--- a/content/en/blog/2018/incremental-traffic-management/index.md
+++ b/content/en/blog/2018/incremental-traffic-management/index.md
@@ -8,7 +8,7 @@ twitter: crcsmnky
 keywords: [traffic-management,gateway]
 target_release: 1.0
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Traffic management is one of the critical benefits provided by Istio. At the heart of Istio’s traffic management is the ability to decouple traffic flow and infrastructure scaling. This lets you control your traffic in ways that aren’t possible without a service mesh like Istio.
 
 For example, let’s say you want to execute a [canary deployment](https://martinfowler.com/bliki/CanaryRelease.html). With Istio, you can specify that **v1** of a service receives 90% of incoming traffic, while **v2** of that service only receives 10%. With standard Kubernetes deployments, the only way to achieve this is to manually control the number of available Pods for each version, for example 9 Pods running v1 and 1 Pod running v2. This type of manual control is hard to implement, and over time may have trouble scaling. For more information, check out [Canary Deployments using Istio](/blog/2017/0.1-canary/).
diff --git a/content/en/blog/2018/istio-authorization/index.md b/content/en/blog/2018/istio-authorization/index.md
index 8961b0da1470..e76fda46c93a 100644
--- a/content/en/blog/2018/istio-authorization/index.md
+++ b/content/en/blog/2018/istio-authorization/index.md
@@ -7,7 +7,7 @@ attribution: Limin Wang
 keywords: [authorization,rbac,security]
 target_release: 0.8
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Micro-segmentation is a security technique that creates secure zones in cloud deployments and allows organizations to
 isolate workloads from one another and secure them individually.
 [Istio's authorization feature](/docs/concepts/security/#authorization), also known as Istio Role Based Access Control,
diff --git a/content/en/blog/2018/traffic-mirroring/index.md b/content/en/blog/2018/traffic-mirroring/index.md
index dfd2283b888e..0341b35f6277 100644
--- a/content/en/blog/2018/traffic-mirroring/index.md
+++ b/content/en/blog/2018/traffic-mirroring/index.md
@@ -7,6 +7,7 @@ attribution: Christian Posta
 keywords: [traffic-management,mirroring]
 target_release: 0.5
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Trying to enumerate all the possible combinations of test cases for testing services in non-production/test environments can be daunting. In some cases, you'll find that all of the effort that goes into cataloging these use cases doesn't match up to real production use cases. Ideally, we could use live production use cases and traffic to help illuminate all of the feature areas of the service under test that we might miss in more contrived testing environments.
 
diff --git a/content/en/blog/2018/v1alpha3-routing/index.md b/content/en/blog/2018/v1alpha3-routing/index.md
index cb3c7688bf85..8e90a4a7709b 100644
--- a/content/en/blog/2018/v1alpha3-routing/index.md
+++ b/content/en/blog/2018/v1alpha3-routing/index.md
@@ -7,7 +7,7 @@ attribution: Frank Budinsky (IBM) and Shriram Rajagopalan (VMware)
 keywords: [traffic-management]
 target_release: 0.7
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Up until now, Istio has provided a simple API for traffic management using four configuration resources:
 `RouteRule`, `DestinationPolicy`, `EgressRule`, and (Kubernetes) `Ingress`.
 With this API, users have been able to easily manage the flow of traffic in an Istio service mesh.
diff --git a/content/en/blog/2019/announcing-istio-client-go/index.md b/content/en/blog/2019/announcing-istio-client-go/index.md
index ff46c9b2b5a7..0a9317b43e05 100644
--- a/content/en/blog/2019/announcing-istio-client-go/index.md
+++ b/content/en/blog/2019/announcing-istio-client-go/index.md
@@ -6,6 +6,7 @@ attribution: Neeraj Poddar (Aspen Mesh)
 keywords: [client-go,tools,crd]
 target_release: 1.4
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 We are pleased to announce the initial release of the Istio
 [client go](https://github.com/istio/client-go) repository which enables developers
diff --git a/content/en/blog/2019/data-plane-setup/index.md b/content/en/blog/2019/data-plane-setup/index.md
index ac17a7de9180..c102feefb566 100644
--- a/content/en/blog/2019/data-plane-setup/index.md
+++ b/content/en/blog/2019/data-plane-setup/index.md
@@ -8,6 +8,7 @@ twitter: chugtum
 keywords: [kubernetes,sidecar-injection, traffic-management]
 target_release: 1.0
 ---
+<!-- markdownlint-disable-file MD007 -->
 A simple overview of an Istio service-mesh architecture always starts with describing the control-plane and data-plane.
 
 [From Istio’s documentation](/docs/ops/deployment/architecture/):
diff --git a/content/en/blog/2019/multicluster-version-routing/index.md b/content/en/blog/2019/multicluster-version-routing/index.md
index 88cf5497937b..b18d2fbf4ecb 100644
--- a/content/en/blog/2019/multicluster-version-routing/index.md
+++ b/content/en/blog/2019/multicluster-version-routing/index.md
@@ -7,7 +7,7 @@ attribution: Frank Budinsky (IBM)
 keywords: [traffic-management,multicluster]
 target_release: 1.0
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 If you've spent any time looking at Istio, you've probably noticed that it includes a lot of features that
 can be demonstrated with simple [tasks](/docs/tasks/) and [examples](/docs/examples/)
 running on a single Kubernetes cluster.
diff --git a/content/en/blog/2019/v1beta1-authorization-policy/index.md b/content/en/blog/2019/v1beta1-authorization-policy/index.md
index 05ddff5dbcec..43d18fb87ac4 100644
--- a/content/en/blog/2019/v1beta1-authorization-policy/index.md
+++ b/content/en/blog/2019/v1beta1-authorization-policy/index.md
@@ -7,7 +7,7 @@ attribution: Yangmin Zhu (Google)
 keywords: [security, RBAC, access control, authorization]
 target_release: 1.4
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Istio 1.4 introduces the
 [`v1beta1` authorization policy](/docs/reference/config/security/authorization-policy/),
 which is a major update to the previous `v1alpha1` role-based access control
diff --git a/content/en/blog/2020/deploy-wasm-declarative/index.md b/content/en/blog/2020/deploy-wasm-declarative/index.md
index a0110b7f7272..4e0ccb3ac7d4 100644
--- a/content/en/blog/2020/deploy-wasm-declarative/index.md
+++ b/content/en/blog/2020/deploy-wasm-declarative/index.md
@@ -6,6 +6,7 @@ publishdate: 2020-03-16
 attribution: "Christian Posta (Solo.io)"
 keywords: [wasm,extensibility,alpha,operator]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 As outlined in the [Istio 2020 trade winds blog](/blog/2020/tradewinds-2020/) and more recently [announced with Istio 1.5](/news/releases/1.5.x/announcing-1.5/), WebAssembly (Wasm) is now an (alpha) option for extending the functionality of the Istio service proxy (Envoy proxy). With Wasm, users can build support for new protocols, custom metrics, loggers, and other filters. Working closely with Google, we in the community ([Solo.io](https://solo.io)) have focused on the user experience of building, socializing, and deploying Wasm extensions to Istio. We've announced [WebAssembly Hub](https://webassemblyhub.io) and [associated tooling](https://docs.solo.io/web-assembly-hub/latest/installation/) to build a "docker-like" experience for working with Wasm.
 
diff --git a/content/en/blog/2020/dns-proxy/index.md b/content/en/blog/2020/dns-proxy/index.md
index 3c3b726e3624..11f2f678d677 100644
--- a/content/en/blog/2020/dns-proxy/index.md
+++ b/content/en/blog/2020/dns-proxy/index.md
@@ -6,7 +6,7 @@ publishdate: 2020-11-12
 attribution: "Shriram Rajagopalan (Tetrate.io) on behalf of Istio Networking WG"
 keywords: [dns,sidecar,multicluster,vm,external services]
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 DNS resolution is a vital component of any application infrastructure
 on Kubernetes. When your application code attempts to access another
 service in the Kubernetes cluster or even a service on the internet,
diff --git a/content/en/blog/2020/multi-cluster-mesh-automation/index.md b/content/en/blog/2020/multi-cluster-mesh-automation/index.md
index 41f1dcc13ff7..c3802471c9f0 100644
--- a/content/en/blog/2020/multi-cluster-mesh-automation/index.md
+++ b/content/en/blog/2020/multi-cluster-mesh-automation/index.md
@@ -7,6 +7,7 @@ attribution: Anil Attuluri (Intuit), Jason Webb (Intuit)
 keywords: [traffic-management,automation,configuration,multicluster,multi-mesh,gateway,federated,globalidentifer]
 target_release: 1.5
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 At Intuit, we read the blog post [Multi-Mesh Deployments for Isolation and Boundary Protection](/blog/2019/isolated-clusters/) and immediately related to some of the problems mentioned.
 We realized that even though we wanted to configure a single multi-cluster mesh, instead of a federation of multiple meshes
diff --git a/content/en/blog/2020/proxying-legacy-services-using-egress-gateways/index.md b/content/en/blog/2020/proxying-legacy-services-using-egress-gateways/index.md
index 897eb271143c..2d0b02ab70c5 100644
--- a/content/en/blog/2020/proxying-legacy-services-using-egress-gateways/index.md
+++ b/content/en/blog/2020/proxying-legacy-services-using-egress-gateways/index.md
@@ -7,6 +7,7 @@ attribution: Antonio Berben (Deutsche Telekom - PAN-NET)
 keywords: [configuration,egress,gateway,external,service]
 target_release: 1.8.0
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 At [Deutsche Telekom Pan-Net](https://pan-net.cloud/aboutus), we have embraced Istio as the umbrella to cover our services. Unfortunately, there are services which have not yet been migrated to Kubernetes, or cannot be.
 
diff --git a/content/en/blog/2020/show-source-ip/index.md b/content/en/blog/2020/show-source-ip/index.md
index 9c64ce4ac8b7..5811dcc7078a 100644
--- a/content/en/blog/2020/show-source-ip/index.md
+++ b/content/en/blog/2020/show-source-ip/index.md
@@ -5,6 +5,7 @@ publishdate: 2020-12-11
 attribution: "Xinhui Li (Salesforce) "
 keywords: [trafficManagement,protocol extending]
 ---
+<!-- markdownlint-disable-file MD007 -->
 This blog presents my latest experience about how to configure and enable proxy protocol with stack of AWS NLB and Istio Ingress gateway. The [Proxy Protocol](https://www.haproxy.com/blog/haproxy/proxy-protocol/) was designed to chain proxies and reverse-proxies without losing the client information. The proxy protocol prevents the need for infrastructure changes or `NATing` firewalls, and offers the benefits of being protocol agnostic and providing good scalability. Additionally, we also enable the `X-Forwarded-For` HTTP header in the deployment to make the client IP address easy to read. In this blog, traffic management of Istio ingress is shown with an httpbin service on ports 80 and 443 to demonstrate the use of proxy protocol. Note that both v1 and v2 of the proxy protocol work for the purpose of this example, but because the AWS NLB currently only supports v2, proxy protocol v2 is used in the rest of this blog by default. The following image shows the use of proxy protocol v2 with an AWS NLB.
 
 {{< tip >}}
diff --git a/content/en/blog/2020/workload-entry/index.md b/content/en/blog/2020/workload-entry/index.md
index 5625c9570832..b2d323cdf4b3 100644
--- a/content/en/blog/2020/workload-entry/index.md
+++ b/content/en/blog/2020/workload-entry/index.md
@@ -6,7 +6,7 @@ publishdate: 2020-05-21
 attribution: "Cynthia Coan (Tetrate), Shriram Rajagopalan (Tetrate), Tia Louden (Tetrate), John Howard (Google), Sven Mawson (Google)"
 keywords: [vm,workloadentry,migration,'1.6',baremetal,serviceentry,discovery]
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## Introducing Workload Entries: Bridging Kubernetes and VMs
 
 Historically, Istio has provided great experience to workloads that run on Kubernetes, but it has been less smooth for other types of workloads, such as Virtual Machines (VMs) and bare metal. The gaps included the inability to declaratively specify the properties of a sidecar on a VM, inability to properly respond to the lifecycle changes of the workload (e.g., booting to not ready to ready, or health checks), and cumbersome DNS workarounds as the workloads are migrated into Kubernetes to name a few.
diff --git a/content/en/blog/2021/better-external-authz/index.md b/content/en/blog/2021/better-external-authz/index.md
index 112c819beb31..f466d87060db 100644
--- a/content/en/blog/2021/better-external-authz/index.md
+++ b/content/en/blog/2021/better-external-authz/index.md
@@ -6,7 +6,7 @@ publishdate: 2021-02-09
 attribution: Yangmin Zhu (Google)
 keywords: [authorization,access control,opa,oauth2]
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 ## Background
 
 Istio's authorization policy provides access control for services in the mesh. It is fast, powerful and a widely used
diff --git a/content/en/blog/2021/discovery-selectors/index.md b/content/en/blog/2021/discovery-selectors/index.md
index 8e38d159efbf..c472bcae980c 100644
--- a/content/en/blog/2021/discovery-selectors/index.md
+++ b/content/en/blog/2021/discovery-selectors/index.md
@@ -5,6 +5,7 @@ publishdate: 2021-04-30
 attribution: "Lin Sun (Solo.io), Christian Posta (Solo.io), Harvey Xia (Solo.io)"
 keywords: [discoveryselectors,Istio,namespaces,sidecar]
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 As users move their services to run in the Istio service mesh, they are often surprised that the control plane watches and processes all of the Kubernetes resources, from all namespaces in the cluster, by default. This can be an issue for very large clusters with lots of namespaces and deployments, or even for a moderately sized cluster with rapidly churning resources (for example, Spark jobs).
 
diff --git a/content/en/blog/2021/external-locality-failover/index.md b/content/en/blog/2021/external-locality-failover/index.md
index 13601050fd58..6c75ec852af7 100644
--- a/content/en/blog/2021/external-locality-failover/index.md
+++ b/content/en/blog/2021/external-locality-failover/index.md
@@ -5,6 +5,7 @@ publishdate: 2021-06-04
 attribution: "Ram Vennam (Solo.io)"
 keywords: [locality,region,failover,Istio,outlier,external]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio’s powerful APIs can be used to solve a variety of service mesh use cases. Many users know about its strong ingress and east-west capabilities but it also offers many features for egress (outgoing) traffic. This is especially useful when your application needs to talk to an external service - such as a database endpoint provided by a cloud provider. There are often multiple endpoints to chose from depending on where your workload is running. For example, Amazon's DynamoDB provides [several endpoints](https://docs.aws.amazon.com/general/latest/gr/ddb.html) across their regions. You typically want to choose the endpoint closest to your workload for latency reasons, but you may need to configure automatic failover to another endpoint in case things are not working as expected.
 
diff --git a/content/en/blog/2021/migrate-alpha-policy/index.md b/content/en/blog/2021/migrate-alpha-policy/index.md
index d91addfae0a2..b40b7bcb0886 100644
--- a/content/en/blog/2021/migrate-alpha-policy/index.md
+++ b/content/en/blog/2021/migrate-alpha-policy/index.md
@@ -5,7 +5,7 @@ publishdate: 2021-03-03
 attribution: Yangmin Zhu (Google), Craig Box (Google)
 keywords: [security,policy,migrate,alpha,beta,deprecate,peer,jwt,authorization]
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 In versions of Istio prior to 1.4, security policy was configured using `v1alpha1` APIs (`MeshPolicy`, `Policy`, `ClusterRbacConfig`, `ServiceRole` and `ServiceRoleBinding`). After consulting with our early adopters, we made [major improvements to the policy system](/blog/2019/v1beta1-authorization-policy/) and released `v1beta1` APIs along with Istio 1.4. These refreshed APIs (`PeerAuthentication`, `RequestAuthentication` and `AuthorizationPolicy`) helped standardize how we define policy targets in Istio, helped users understand where policies were applied, and cut the number of configuration objects required.
 
 The old APIs were deprecated in Istio 1.4. Two releases after the `v1beta1` APIs were introduced, Istio 1.6 removed support for the `v1alpha1` APIs.
diff --git a/content/en/blog/2021/proxyless-grpc/index.md b/content/en/blog/2021/proxyless-grpc/index.md
index ef4a7a101c6b..8b6670f44e50 100644
--- a/content/en/blog/2021/proxyless-grpc/index.md
+++ b/content/en/blog/2021/proxyless-grpc/index.md
@@ -4,6 +4,7 @@ description: Introduction to Istio support for gRPC's proxyless service mesh fea
 publishdate: 2021-10-28
 attribution: "Steven Landow (Google)"
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio dynamically configures its Envoy sidecar proxies using a set of discovery APIs, collectively known as the
 [xDS APIs](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/dynamic_configuration).
diff --git a/content/en/blog/2022/cryptomb-privatekeyprovider/index.md b/content/en/blog/2022/cryptomb-privatekeyprovider/index.md
index c036b8dfe067..e1ee4cb5f3f7 100644
--- a/content/en/blog/2022/cryptomb-privatekeyprovider/index.md
+++ b/content/en/blog/2022/cryptomb-privatekeyprovider/index.md
@@ -5,7 +5,7 @@ publishdate: 2022-06-15
 attribution: "Ravi kumar Veeramally (Intel), Ismo Puustinen (Intel), Sakari Poussa (Intel)"
 keywords: [Istio, CryptoMB, gateways, sidecar]
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the "gateways/sidecar" to handle secure connections and intercept the traffic.
 
 Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using `ProxyConfig`.
diff --git a/content/en/blog/2022/get-started-ambient/index.md b/content/en/blog/2022/get-started-ambient/index.md
index 21d782d8aa8f..1d9dafee7998 100644
--- a/content/en/blog/2022/get-started-ambient/index.md
+++ b/content/en/blog/2022/get-started-ambient/index.md
@@ -5,6 +5,7 @@ publishdate: 2022-09-07T08:00:00-06:00
 attribution: "Lin Sun (Solo.io), John Howard (Google)"
 keywords: [ambient,demo,guide]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< warning >}}
 Refer to the latest [getting started with ambient mesh doc](/docs/ambient/getting-started/) for updated instructions.
diff --git a/content/en/blog/2022/getting-started-gtwapi/index.md b/content/en/blog/2022/getting-started-gtwapi/index.md
index 69fb49b99b19..3b08f91a6356 100644
--- a/content/en/blog/2022/getting-started-gtwapi/index.md
+++ b/content/en/blog/2022/getting-started-gtwapi/index.md
@@ -5,6 +5,7 @@ publishdate: 2022-12-14
 attribution: Frank Budinsky (IBM)
 keywords: [traffic-management,gateway,gateway-api,api,gamma,sig-network]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Whether you're running your Kubernetes application services using Istio, or any service mesh for that matter,
 or simply using ordinary services in a Kubernetes cluster, you need to provide access to your application services
diff --git a/content/en/blog/2023/dlb-connection-balancing/index.md b/content/en/blog/2023/dlb-connection-balancing/index.md
index c3c6f0b88973..804ec7b6fe3d 100644
--- a/content/en/blog/2023/dlb-connection-balancing/index.md
+++ b/content/en/blog/2023/dlb-connection-balancing/index.md
@@ -5,6 +5,7 @@ publishdate: 2023-08-08
 attribution: "Loong Dai (Intel)"
 keywords: [Istio, DLB, gateways]
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 ## What is connection load balancing?
 
diff --git a/content/en/blog/2023/egress-sni/index.md b/content/en/blog/2023/egress-sni/index.md
index 68faf4cb76f5..01cc900c58b9 100644
--- a/content/en/blog/2023/egress-sni/index.md
+++ b/content/en/blog/2023/egress-sni/index.md
@@ -5,7 +5,7 @@ publishdate: 2023-12-01
 attribution: "Gergő Huszty (IBM)"
 keywords: [traffic-management,gateway,mesh,mtls,egress,remote]
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 If you are using Istio to handle application-originated traffic to destinations outside of the mesh, you're probably familiar with the concept of egress gateways.
 Egress gateways can be used to monitor and forward traffic from mesh-internal applications to locations outside of the mesh.
 This is a useful feature if your system is operating in a restricted
diff --git a/content/en/blog/2023/native-sidecars/index.md b/content/en/blog/2023/native-sidecars/index.md
index 4b3c69cd1bf1..ab3a337a5490 100644
--- a/content/en/blog/2023/native-sidecars/index.md
+++ b/content/en/blog/2023/native-sidecars/index.md
@@ -5,6 +5,7 @@ publishdate: 2023-08-15
 attribution: "John Howard (Google)"
 keywords: [istio,sidecars,kubernetes]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 If you have heard anything about service meshes, it is that they work using the sidecar pattern: a proxy server is deployed alongside your application code.
 The sidecar pattern is just that: a pattern.
diff --git a/content/en/blog/2023/waypoint-proxy-made-simple/index.md b/content/en/blog/2023/waypoint-proxy-made-simple/index.md
index e3451c09f8aa..b800a5a0a2f7 100644
--- a/content/en/blog/2023/waypoint-proxy-made-simple/index.md
+++ b/content/en/blog/2023/waypoint-proxy-made-simple/index.md
@@ -5,6 +5,7 @@ publishdate: 2023-03-31
 attribution: "Lin Sun (Solo.io), John Howard (Google)"
 keywords: [istio,ambient,waypoint]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Ambient splits Istio’s functionality into two distinct layers, a secure overlay layer and a
 Layer 7 processing layer. The waypoint proxy is an optional component that is Envoy-based
diff --git a/content/en/blog/2024/authz-policy-with-kyverno/index.md b/content/en/blog/2024/authz-policy-with-kyverno/index.md
index 2bd6d1389d6b..b0f9981c37e2 100644
--- a/content/en/blog/2024/authz-policy-with-kyverno/index.md
+++ b/content/en/blog/2024/authz-policy-with-kyverno/index.md
@@ -5,6 +5,7 @@ publishdate: 2024-11-25
 attribution: "Charles-Edouard Brétéché (Nirmata)"
 keywords: [istio,kyverno,policy,platform,authorization]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio supports integration with many different projects.  The Istio blog recently featured a post on [L7 policy functionality with OpenPolicyAgent](../l7-policy-with-opa). Kyverno is a similar project, and today we will dive how Istio and the Kyverno Authz Server can be used together to enforce Layer 7 policies in your platform.
 
diff --git a/content/en/blog/2024/gateway-mesh-ga/index.md b/content/en/blog/2024/gateway-mesh-ga/index.md
index 07dde546c5f9..fd065ed4a43c 100644
--- a/content/en/blog/2024/gateway-mesh-ga/index.md
+++ b/content/en/blog/2024/gateway-mesh-ga/index.md
@@ -6,6 +6,7 @@ attribution: John Howard - solo.io
 keywords: [istio, traffic, API]
 target_release: 1.22
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 We are thrilled to announce that Service Mesh support in the [Gateway API](https://gateway-api.sigs.k8s.io/) is now officially "Stable"!
 With this release (part of Gateway API v1.1 and Istio v1.22), users can make use of the next-generation traffic management APIs for both ingress ("north-south") and service mesh use cases ("east-west").
diff --git a/content/en/blog/2024/inpod-traffic-redirection-ambient/index.md b/content/en/blog/2024/inpod-traffic-redirection-ambient/index.md
index 6e5d28de7cd1..227bfe9ca623 100644
--- a/content/en/blog/2024/inpod-traffic-redirection-ambient/index.md
+++ b/content/en/blog/2024/inpod-traffic-redirection-ambient/index.md
@@ -160,17 +160,17 @@ every popular CNI?
 
 In the new ambient model, this is how application pod is added to the ambient mesh:
 - The `istio-cni` node agent detects a Kubernetes pod (existing or newly-started) with its namespace labeled with `istio.io/dataplane-mode=ambient`, indicating that it should be included in the ambient mesh.
-  - If a *new* pod is started that should be added to the ambient mesh, a CNI plugin (as installed and managed by the `istio-cni` agent) is triggered by the CRI.
+    - If a *new* pod is started that should be added to the ambient mesh, a CNI plugin (as installed and managed by the `istio-cni` agent) is triggered by the CRI.
   This plugin is used to push a new pod event to the node’s `istio-cni` agent, and block pod startup until the agent successfully configures
   redirection. Since CNI plugins are invoked by the CRI as early as possible in the Kubernetes pod creation process, this ensures that we can
   establish traffic redirection early enough to prevent traffic escaping during startup, without relying on things like init containers.
-  - If an *already-running* pod becomes added to the ambient mesh, a new pod event is triggered. The `istio-cni` node agent’s Kubernetes
+    - If an *already-running* pod becomes added to the ambient mesh, a new pod event is triggered. The `istio-cni` node agent’s Kubernetes
   API watcher detects this, and redirection is configured in the same manner.
 - The `istio-cni` node agent enters the pod’s network namespace and establishes network redirection rules inside the pod network namespace, such that packets entering and leaving the pod are intercepted and transparently redirected to the node-local ztunnel proxy instance listening on [well-known ports](https://github.com/istio/ztunnel/blob/master/ARCHITECTURE.md#ports) (15008, 15006, 15001).
 - The `istio-cni` node agent then informs the node ztunnel over a Unix domain socket that it should establish local proxy
 listening ports inside the pod’s network namespace, (on 15008, 15006, and 15001), and provides ztunnel with a low-level
 Linux [file descriptor](https://en.wikipedia.org/wiki/File_descriptor) representing the pod’s network namespace.
-  - While typically sockets are created within a Linux network namespace by the process actually running inside that
+    - While typically sockets are created within a Linux network namespace by the process actually running inside that
 network namespace, it is perfectly possible to leverage Linux’s low-level socket API to allow a process running in one
 network namespace to create listening sockets in another network namespace, assuming the target network namespace is known
 at creation time.
diff --git a/content/en/blog/2025/ambient-performance/index.md b/content/en/blog/2025/ambient-performance/index.md
index 00cddcc7fa8e..9a4aa2c00c4f 100644
--- a/content/en/blog/2025/ambient-performance/index.md
+++ b/content/en/blog/2025/ambient-performance/index.md
@@ -43,9 +43,9 @@ Implementations under test:
 * Istio: version 1.26 (prerelease), default settings
 * <a href="https://linkerd.io/">Linkerd</a>: version `edge-25.2.2`, default settings
 * <a href="https://cilium.io/">Cilium</a>: version `v1.16.6` with `kubeProxyReplacement=true`
-  * WireGuard uses `encryption.type=wireguard`
-  * IPsec uses `encryption.type=ipsec` with the `GCM-128-AES` algorithm
-  * Additionally, both modes were tested with all of the recommendations in <a href="https://docs.cilium.io/en/stable/operations/performance/tuning/">Cilium's tuning guide</a> (including `netkit`, `native` routing mode, BIGTCP (for WireGuard; IPsec is incompatible), BPF masquerade, and BBR bandwidth manager). However, the results were the same with and without these settings applied, so only one result is reported.
+    * WireGuard uses `encryption.type=wireguard`
+    * IPsec uses `encryption.type=ipsec` with the `GCM-128-AES` algorithm
+    * Additionally, both modes were tested with all of the recommendations in <a href="https://docs.cilium.io/en/stable/operations/performance/tuning/">Cilium's tuning guide</a> (including `netkit`, `native` routing mode, BIGTCP (for WireGuard; IPsec is incompatible), BPF masquerade, and BBR bandwidth manager). However, the results were the same with and without these settings applied, so only one result is reported.
 * <a href="https://www.tigera.io/project-calico/">Calico</a>: version `v3.29.2` with `calicoNetwork.linuxDataplane=BPF` and `wireguardEnabled=true`
 * <a href="https://kindnet.es/">Kindnet</a>: version `v1.8.5` with `--ipsec-overlay=true`.
 
diff --git a/content/en/docs/ambient/architecture/data-plane/index.md b/content/en/docs/ambient/architecture/data-plane/index.md
index 2ebe9bc7a380..74b0b8e9634a 100644
--- a/content/en/docs/ambient/architecture/data-plane/index.md
+++ b/content/en/docs/ambient/architecture/data-plane/index.md
@@ -5,6 +5,7 @@ weight: 2
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 In {{< gloss "ambient" >}}ambient mode{{< /gloss >}}, workloads can fall into 3 categories:
 1. **Out of Mesh**: a standard pod without any mesh features enabled. Istio and the ambient {{< gloss >}}data plane{{< /gloss >}} are not enabled.
diff --git a/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md b/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md
index ff3221a378fc..cce01b31d130 100644
--- a/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md
+++ b/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md
@@ -5,6 +5,7 @@ weight: 4
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 After you have added your application to the ambient mesh, you can secure application access using Layer 4 authorization policies.
 
diff --git a/content/en/docs/ambient/getting-started/manage-traffic/index.md b/content/en/docs/ambient/getting-started/manage-traffic/index.md
index 82843988a295..312dfa08202c 100644
--- a/content/en/docs/ambient/getting-started/manage-traffic/index.md
+++ b/content/en/docs/ambient/getting-started/manage-traffic/index.md
@@ -5,6 +5,7 @@ weight: 5
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Now you have a waypoint proxy installed, you will learn how to split traffic between services.
 
diff --git a/content/en/docs/ambient/usage/l4-policy/index.md b/content/en/docs/ambient/usage/l4-policy/index.md
index 1f69854281b2..f48d172e59f4 100644
--- a/content/en/docs/ambient/usage/l4-policy/index.md
+++ b/content/en/docs/ambient/usage/l4-policy/index.md
@@ -5,6 +5,7 @@ weight: 20
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 The Layer 4 (L4) features of Istio's [security policies](/docs/concepts/security) are supported by {{< gloss >}}ztunnel{{< /gloss >}}, and are available in {{< gloss "ambient" >}}ambient mode{{< /gloss >}}. [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) also continue to work if your cluster has a {{< gloss >}}CNI{{< /gloss >}} plugin that supports them, and can be used to provide defense-in-depth.
 
diff --git a/content/en/docs/ambient/usage/l7-features/index.md b/content/en/docs/ambient/usage/l7-features/index.md
index d00558650cae..43eb9d887d3b 100644
--- a/content/en/docs/ambient/usage/l7-features/index.md
+++ b/content/en/docs/ambient/usage/l7-features/index.md
@@ -5,7 +5,7 @@ weight: 50
 owner: istio/wg-networking-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable MD007 -->
 By adding a waypoint proxy to your traffic flow you can enable more of [Istio's features](/docs/concepts). Waypoints are configured using the {{< gloss "gateway api" >}}Kubernetes Gateway API{{< /gloss >}}.
 
 {{< warning >}}
diff --git a/content/en/docs/ambient/usage/networkpolicy/index.md b/content/en/docs/ambient/usage/networkpolicy/index.md
index 0532cc0a4383..9cfab9dc354b 100644
--- a/content/en/docs/ambient/usage/networkpolicy/index.md
+++ b/content/en/docs/ambient/usage/networkpolicy/index.md
@@ -5,7 +5,7 @@ weight: 20
 owner: istio/wg-networking-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable MD007 -->
 Kubernetes [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) allows you to control how layer 4 traffic reaches your pods.
 
 `NetworkPolicy` is typically enforced by the {{< gloss >}}CNI{{< /gloss >}} installed in your cluster. Istio is not a CNI, and does not enforce or manage `NetworkPolicy`, and in all cases respects it - ambient does not and will never bypass Kubernetes `NetworkPolicy` enforcement.
diff --git a/content/en/docs/ambient/usage/waypoint/index.md b/content/en/docs/ambient/usage/waypoint/index.md
index da7a445c1e36..7d5501080928 100644
--- a/content/en/docs/ambient/usage/waypoint/index.md
+++ b/content/en/docs/ambient/usage/waypoint/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 A **waypoint proxy** is an optional deployment of the Envoy-based proxy to add Layer 7 (L7) processing to a defined set of workloads.
 
 Waypoint proxies are installed, upgraded and scaled independently from applications; an application owner should be unaware of their existence. Compared to the sidecar {{< gloss >}}data plane{{< /gloss >}} mode, which runs an instance of the Envoy proxy alongside each workload, the number of proxies required can be substantially reduced.
diff --git a/content/en/docs/concepts/security/index.md b/content/en/docs/concepts/security/index.md
index 0ab4c8a34f23..ad26cb04df34 100644
--- a/content/en/docs/concepts/security/index.md
+++ b/content/en/docs/concepts/security/index.md
@@ -13,7 +13,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 Breaking down a monolithic application into atomic services offers various
 benefits, including better agility, better scalability and better ability to
 reuse services. However, microservices also have particular security needs:
diff --git a/content/en/docs/concepts/traffic-management/index.md b/content/en/docs/concepts/traffic-management/index.md
index 5798ef939e0e..45c227c27790 100644
--- a/content/en/docs/concepts/traffic-management/index.md
+++ b/content/en/docs/concepts/traffic-management/index.md
@@ -15,7 +15,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable MD007 -->
 Istio’s traffic routing rules let you easily control the flow
 of traffic and API calls between services. Istio simplifies configuration of
 service-level properties like circuit breakers, timeouts, and retries, and makes
diff --git a/content/en/docs/examples/virtual-machines/index.md b/content/en/docs/examples/virtual-machines/index.md
index bb341b3007c0..134b543bbc20 100644
--- a/content/en/docs/examples/virtual-machines/index.md
+++ b/content/en/docs/examples/virtual-machines/index.md
@@ -14,6 +14,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This example deploys the Bookinfo application across Kubernetes with one
 service running on a virtual machine (VM), and illustrates how to control
diff --git a/content/en/docs/ops/best-practices/image-signing-validation/index.md b/content/en/docs/ops/best-practices/image-signing-validation/index.md
index 5c43a93bcc70..7cd86d8af489 100644
--- a/content/en/docs/ops/best-practices/image-signing-validation/index.md
+++ b/content/en/docs/ops/best-practices/image-signing-validation/index.md
@@ -7,6 +7,7 @@ keywords: [install,signing]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This page describes how to use [Cosign](https://github.com/sigstore/cosign) to
 validate the provenance of Istio image artifacts.
diff --git a/content/en/docs/ops/best-practices/observability/index.md b/content/en/docs/ops/best-practices/observability/index.md
index 3b47041c6154..60f677f4fab3 100644
--- a/content/en/docs/ops/best-practices/observability/index.md
+++ b/content/en/docs/ops/best-practices/observability/index.md
@@ -6,6 +6,7 @@ weight: 50
 owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Using Prometheus for production-scale monitoring
 
diff --git a/content/en/docs/ops/best-practices/security/index.md b/content/en/docs/ops/best-practices/security/index.md
index a459bb6941e9..00c8f8ea1c69 100644
--- a/content/en/docs/ops/best-practices/security/index.md
+++ b/content/en/docs/ops/best-practices/security/index.md
@@ -6,7 +6,7 @@ weight: 30
 owner: istio/wg-security-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Istio security features provide strong identity, powerful policy, transparent TLS encryption, and authentication, authorization and audit (AAA) tools to protect your services and data.
 However, to fully make use of these features securely, care must be taken to follow best practices. It is recommended to review the [Security overview](/docs/concepts/security/) before proceeding.
 
diff --git a/content/en/docs/ops/best-practices/traffic-management/index.md b/content/en/docs/ops/best-practices/traffic-management/index.md
index 5f0fdf9a9990..cfc55d41036c 100644
--- a/content/en/docs/ops/best-practices/traffic-management/index.md
+++ b/content/en/docs/ops/best-practices/traffic-management/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 This section provides specific deployment or configuration guidelines to avoid networking or traffic management issues.
 
 ## Set default routes for services
diff --git a/content/en/docs/ops/common-problems/injection/index.md b/content/en/docs/ops/common-problems/injection/index.md
index dbf8a42e8996..cf210330c334 100644
--- a/content/en/docs/ops/common-problems/injection/index.md
+++ b/content/en/docs/ops/common-problems/injection/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## The result of sidecar injection was not what I expected
 
diff --git a/content/en/docs/ops/common-problems/network-issues/index.md b/content/en/docs/ops/common-problems/network-issues/index.md
index 70f63ce51e84..df29021eaf2c 100644
--- a/content/en/docs/ops/common-problems/network-issues/index.md
+++ b/content/en/docs/ops/common-problems/network-issues/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## Requests are rejected by Envoy
 
 Requests may be rejected for various reasons. The best way to understand why requests are being rejected is
diff --git a/content/en/docs/ops/common-problems/security-issues/index.md b/content/en/docs/ops/common-problems/security-issues/index.md
index da2e6176952a..2c1a80ddd4ee 100644
--- a/content/en/docs/ops/common-problems/security-issues/index.md
+++ b/content/en/docs/ops/common-problems/security-issues/index.md
@@ -11,6 +11,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## End-user authentication fails
 
diff --git a/content/en/docs/ops/common-problems/upgrade-issues/index.md b/content/en/docs/ops/common-problems/upgrade-issues/index.md
index 7dc6bc55257f..b62ed0eeacf3 100644
--- a/content/en/docs/ops/common-problems/upgrade-issues/index.md
+++ b/content/en/docs/ops/common-problems/upgrade-issues/index.md
@@ -5,6 +5,7 @@ weight: 60
 owner: istio/wg-policies-and-telemetry-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## EnvoyFilter migration
 
diff --git a/content/en/docs/ops/common-problems/validation/index.md b/content/en/docs/ops/common-problems/validation/index.md
index 41076acfb0a1..8e2714df1ec0 100644
--- a/content/en/docs/ops/common-problems/validation/index.md
+++ b/content/en/docs/ops/common-problems/validation/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 ## Seemingly valid configuration is rejected
 
diff --git a/content/en/docs/ops/configuration/mesh/configuration-scoping/index.md b/content/en/docs/ops/configuration/mesh/configuration-scoping/index.md
index 31bb8c2f63a7..0cfa471d56b4 100644
--- a/content/en/docs/ops/configuration/mesh/configuration-scoping/index.md
+++ b/content/en/docs/ops/configuration/mesh/configuration-scoping/index.md
@@ -6,6 +6,7 @@ keywords: [scalability]
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 In order to program the service mesh, the Istio control plane (Istiod) reads a variety of configurations, including core Kubernetes types like `Service` and `Node`,
 and Istio's own types like `Gateway`.
diff --git a/content/en/docs/ops/configuration/security/security-policy-examples/index.md b/content/en/docs/ops/configuration/security/security-policy-examples/index.md
index 40187978472e..c934c6a5c08b 100644
--- a/content/en/docs/ops/configuration/security/security-policy-examples/index.md
+++ b/content/en/docs/ops/configuration/security/security-policy-examples/index.md
@@ -5,7 +5,7 @@ weight: 60
 owner: istio/wg-security-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## Background
 
 This page shows common patterns of using Istio security policies. You may find them useful in your deployment or use this
diff --git a/content/en/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md b/content/en/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
index bc1c74c01a36..2b83c2af0e21 100644
--- a/content/en/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
+++ b/content/en/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Overview
 
diff --git a/content/en/docs/ops/configuration/traffic-management/dns-proxy/index.md b/content/en/docs/ops/configuration/traffic-management/dns-proxy/index.md
index e1950f8446bc..2d2bff91c239 100644
--- a/content/en/docs/ops/configuration/traffic-management/dns-proxy/index.md
+++ b/content/en/docs/ops/configuration/traffic-management/dns-proxy/index.md
@@ -6,6 +6,7 @@ keywords: [traffic-management,dns,virtual-machine]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 In addition to capturing application traffic, Istio can also capture DNS requests to improve the performance and usability of your mesh.
 When proxying DNS, all DNS requests from an application will be redirected to the sidecar or ztunnel proxy, which stores a local mapping of domain names to IP addresses. If the request can be handled by the proxy, it will directly return a response to the application, avoiding a roundtrip to the upstream DNS server. Otherwise, the request is forwarded upstream following the standard `/etc/resolv.conf` DNS configuration.
diff --git a/content/en/docs/ops/configuration/traffic-management/multicluster/index.md b/content/en/docs/ops/configuration/traffic-management/multicluster/index.md
index a48d733ca45d..4b56bee6872d 100644
--- a/content/en/docs/ops/configuration/traffic-management/multicluster/index.md
+++ b/content/en/docs/ops/configuration/traffic-management/multicluster/index.md
@@ -6,6 +6,7 @@ keywords: [traffic-management,multicluster]
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Within a multicluster mesh, traffic rules specific to the cluster topology may be desirable. This document describes
 a few ways to manage traffic in a multicluster mesh. Before reading this guide:
diff --git a/content/en/docs/ops/configuration/traffic-management/protocol-selection/index.md b/content/en/docs/ops/configuration/traffic-management/protocol-selection/index.md
index 6d58f2c25099..480a3d400517 100644
--- a/content/en/docs/ops/configuration/traffic-management/protocol-selection/index.md
+++ b/content/en/docs/ops/configuration/traffic-management/protocol-selection/index.md
@@ -11,6 +11,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio supports proxying any TCP traffic. This includes HTTP, HTTPS, gRPC, as well as raw TCP protocols.
 In order to provide additional capabilities, such as routing and rich metrics, the protocol must be determined. This can be done automatically or explicitly specified.
diff --git a/content/en/docs/ops/configuration/traffic-management/tls-configuration/index.md b/content/en/docs/ops/configuration/traffic-management/tls-configuration/index.md
index bf8bb93396e1..a3f4e905ff98 100644
--- a/content/en/docs/ops/configuration/traffic-management/tls-configuration/index.md
+++ b/content/en/docs/ops/configuration/traffic-management/tls-configuration/index.md
@@ -7,6 +7,7 @@ keywords: [traffic-management,proxy]
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 One of Istio's most important features is the ability to lock down and secure network traffic to, from,
 and within the mesh. However, configuring TLS settings can be confusing and a common source of misconfiguration.
diff --git a/content/en/docs/ops/diagnostic-tools/istioctl-analyze/index.md b/content/en/docs/ops/diagnostic-tools/istioctl-analyze/index.md
index e2486c56ff09..6d66f02ca611 100644
--- a/content/en/docs/ops/diagnostic-tools/istioctl-analyze/index.md
+++ b/content/en/docs/ops/diagnostic-tools/istioctl-analyze/index.md
@@ -6,6 +6,7 @@ keywords: [istioctl, debugging, kubernetes]
 owner: istio/wg-user-experience-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 `istioctl analyze` is a diagnostic tool that can detect potential issues with your
 Istio configuration. It can run against a live cluster or a set of local configuration files.
diff --git a/content/en/docs/ops/integrations/certmanager/index.md b/content/en/docs/ops/integrations/certmanager/index.md
index 029b72e927f3..ffdd8ba8c2a3 100644
--- a/content/en/docs/ops/integrations/certmanager/index.md
+++ b/content/en/docs/ops/integrations/certmanager/index.md
@@ -9,6 +9,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [cert-manager](https://cert-manager.io/) is a tool that automates certificate management.
 This can be integrated with Istio gateways to manage TLS certificates.
diff --git a/content/en/docs/ops/integrations/prometheus/index.md b/content/en/docs/ops/integrations/prometheus/index.md
index 8d94fd47759f..9aae3da9f948 100644
--- a/content/en/docs/ops/integrations/prometheus/index.md
+++ b/content/en/docs/ops/integrations/prometheus/index.md
@@ -6,6 +6,7 @@ keywords: [integration,prometheus]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [Prometheus](https://prometheus.io/) is an open source monitoring system and time series database.
 You can use Prometheus with Istio to record metrics that track the health of Istio and of
diff --git a/content/en/docs/reference/config/analysis/ist0101/index.md b/content/en/docs/reference/config/analysis/ist0101/index.md
index 756f7da731f5..78d8b32077eb 100644
--- a/content/en/docs/reference/config/analysis/ist0101/index.md
+++ b/content/en/docs/reference/config/analysis/ist0101/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 This message occurs when an Istio resource references another resource that does
 not exist. This will lead to errors when Istio tries to look up the referenced
 resource but cannot find it.
diff --git a/content/en/docs/reference/config/analysis/ist0106/index.md b/content/en/docs/reference/config/analysis/ist0106/index.md
index 3fd316c3e725..81cc07b60b06 100644
--- a/content/en/docs/reference/config/analysis/ist0106/index.md
+++ b/content/en/docs/reference/config/analysis/ist0106/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when your Istio configuration does not successfully pass
 schema validation.
diff --git a/content/en/docs/reference/config/analysis/ist0109/index.md b/content/en/docs/reference/config/analysis/ist0109/index.md
index c536ec57fe77..99f06eb59b8e 100644
--- a/content/en/docs/reference/config/analysis/ist0109/index.md
+++ b/content/en/docs/reference/config/analysis/ist0109/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 This message occurs when Istio detects an overlap between
 [virtual service](/docs/reference/config/networking/virtual-service)
 resources that conflict with one another. For example, multiple virtual
diff --git a/content/en/docs/reference/config/analysis/ist0118/index.md b/content/en/docs/reference/config/analysis/ist0118/index.md
index 310bc20dfa40..acd0ee913cb1 100644
--- a/content/en/docs/reference/config/analysis/ist0118/index.md
+++ b/content/en/docs/reference/config/analysis/ist0118/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when the port doesn't follow the [Istio service port naming convention](/docs/ops/configuration/traffic-management/protocol-selection/)
 or the port is unnamed.
diff --git a/content/en/docs/reference/config/analysis/ist0125/index.md b/content/en/docs/reference/config/analysis/ist0125/index.md
index 16e588777928..8e0529f897a0 100644
--- a/content/en/docs/reference/config/analysis/ist0125/index.md
+++ b/content/en/docs/reference/config/analysis/ist0125/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when an `annotation` mentions `istio.io` but the annotation
 
diff --git a/content/en/docs/reference/config/analysis/ist0130/index.md b/content/en/docs/reference/config/analysis/ist0130/index.md
index 6a38f8690a65..4136ba1adbaa 100644
--- a/content/en/docs/reference/config/analysis/ist0130/index.md
+++ b/content/en/docs/reference/config/analysis/ist0130/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when a virtual service contains a match rule that will never be used because a previous rule specifies the same match.  It also occurs when there is more
 than one rule without any match at all.
diff --git a/content/en/docs/reference/config/analysis/ist0131/index.md b/content/en/docs/reference/config/analysis/ist0131/index.md
index c79785cb8249..662bf2b03a82 100644
--- a/content/en/docs/reference/config/analysis/ist0131/index.md
+++ b/content/en/docs/reference/config/analysis/ist0131/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when a virtual service contains a match rule that will never be used because a previous rule specifies the same match.
 
diff --git a/content/en/docs/reference/config/analysis/ist0132/index.md b/content/en/docs/reference/config/analysis/ist0132/index.md
index 025c64fc84b5..ba59b57ea642 100644
--- a/content/en/docs/reference/config/analysis/ist0132/index.md
+++ b/content/en/docs/reference/config/analysis/ist0132/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when a `host` defined in a virtual service is not found in the corresponding gateway.
 
diff --git a/content/en/docs/reference/config/analysis/ist0143/index.md b/content/en/docs/reference/config/analysis/ist0143/index.md
index 97b2e08a5369..40cc785ab3d3 100644
--- a/content/en/docs/reference/config/analysis/ist0143/index.md
+++ b/content/en/docs/reference/config/analysis/ist0143/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when a workload is listening on a `localhost` network interface, but the port is exposed in the Service.
 When this occurs, the port will not be accessible to other pods.
diff --git a/content/en/docs/reference/config/analysis/ist0150/index.md b/content/en/docs/reference/config/analysis/ist0150/index.md
index 716946eb9a17..ae7c957aaa76 100644
--- a/content/en/docs/reference/config/analysis/ist0150/index.md
+++ b/content/en/docs/reference/config/analysis/ist0150/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs for services of type ExternalName when the port doesn't follow Istio service port naming convention, the port is unnamed or the port is named tcp.
 
diff --git a/content/en/docs/reference/config/analysis/ist0151/index.md b/content/en/docs/reference/config/analysis/ist0151/index.md
index 2bc4499d2e0f..3274ad497458 100644
--- a/content/en/docs/reference/config/analysis/ist0151/index.md
+++ b/content/en/docs/reference/config/analysis/ist0151/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when an `EnvoyFilter` does not have a priority and uses a relative patch operation (`INVALID`, `MERGE`, `REMOVE`, `INSERT_BEFORE`, `INSERT_AFTER`, `REPLACE`).  Using a relative patch operation means that the operation depends on another filter being there when the current `EnvoyFilter` filter is evaluated.  To ensure that the `EnvoyFilters` are applied in the order that the users want then a priority should be given or an non-relative operation (`ADD` or `INSERT_FIRST`) should be used.
 
diff --git a/content/en/docs/reference/config/analysis/ist0152/index.md b/content/en/docs/reference/config/analysis/ist0152/index.md
index 8a1e9774a539..1787ea8b8d98 100644
--- a/content/en/docs/reference/config/analysis/ist0152/index.md
+++ b/content/en/docs/reference/config/analysis/ist0152/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when an `EnvoyFilter` uses the `REPLACE` operation and `ApplyTo` is set to `HTTP_FILTER` or `NETWORK_FILTER`.  This will cause the `REPLACE` operation to be ignored as `HTTP_FILTER` and `NETWORK_FILTER` are not valid for `REPLACE`.
 
diff --git a/content/en/docs/reference/config/analysis/ist0153/index.md b/content/en/docs/reference/config/analysis/ist0153/index.md
index 31acf4fde18f..239bfa4954ee 100644
--- a/content/en/docs/reference/config/analysis/ist0153/index.md
+++ b/content/en/docs/reference/config/analysis/ist0153/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when an `EnvoyFilter` uses the `ADD` operation and `ApplyTo` is set to `ROUTE_CONFIGURATION` or `HTTP_ROUTE`.  This will cause the `ADD` operation to be ignored.  At the moment only the `MERGE` operation can be used for `ROUTE_CONFIGURATION`.
 
diff --git a/content/en/docs/reference/config/analysis/ist0154/index.md b/content/en/docs/reference/config/analysis/ist0154/index.md
index 4e9fdd1fa4c7..95605a798681 100644
--- a/content/en/docs/reference/config/analysis/ist0154/index.md
+++ b/content/en/docs/reference/config/analysis/ist0154/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when an `EnvoyFilter` uses the `REMOVE` operation and `ApplyTo` is set to `ROUTE_CONFIGURATION` or `HTTP_ROUTE`.  This will cause the `REMOVE` operation to be ignored.  At the moment only the `MERGE` operation can be used for `ROUTE_CONFIGURATION`.
 
diff --git a/content/en/docs/reference/config/analysis/ist0155/index.md b/content/en/docs/reference/config/analysis/ist0155/index.md
index dbfe8f929da1..ee7be283967c 100644
--- a/content/en/docs/reference/config/analysis/ist0155/index.md
+++ b/content/en/docs/reference/config/analysis/ist0155/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when an `EnvoyFilter` does not have a priority and uses a relative patch operation (`INSERT_BEFORE/AFTER`, `REPLACE`, `MERGE`, `DELETE`) and `proxyVersion` set which can cause the `EnvoyFilter` not to be applied during an upgrade. Using the `INSERT_FIRST` or `ADD` option or setting the priority may help in ensuring the `EnvoyFilter` is applied correctly."  The reason for concern with the `proxyVersion` is that after an upgrade the `proxyVersion` would likely have changed and the order it is applied would now be different than before.
 
diff --git a/content/en/docs/reference/config/analysis/ist0162/index.md b/content/en/docs/reference/config/analysis/ist0162/index.md
index 035d6892b632..049d981c87d7 100644
--- a/content/en/docs/reference/config/analysis/ist0162/index.md
+++ b/content/en/docs/reference/config/analysis/ist0162/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 This message occurs when a gateway (usually `istio-ingressgateway`) offers a
 port that the Kubernetes service workload selected by the gateway does not.
 
diff --git a/content/en/docs/reference/config/analysis/ist0163/index.md b/content/en/docs/reference/config/analysis/ist0163/index.md
index 801290e5af54..8784ec979e12 100644
--- a/content/en/docs/reference/config/analysis/ist0163/index.md
+++ b/content/en/docs/reference/config/analysis/ist0163/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 This message occurs when the address provided for the ingress gateway on the external control plane is not valid. The address could be invalid for several reasons including: the hostname address is malformed, the hostname cannot be resolved to an IP address via a DNS lookup, or the hostname resolves to zero IP addresses.
 
 ## Example
diff --git a/content/en/docs/reference/config/analysis/ist0164/index.md b/content/en/docs/reference/config/analysis/ist0164/index.md
index 8b113bacdd78..ae709bc11e6e 100644
--- a/content/en/docs/reference/config/analysis/ist0164/index.md
+++ b/content/en/docs/reference/config/analysis/ist0164/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 This message occurs when the address provided for the ingress gateway on the external control plane is an IP address and not a hostname.
 
 ## Example
diff --git a/content/en/docs/reference/config/analysis/ist0166/index.md b/content/en/docs/reference/config/analysis/ist0166/index.md
index 8baeaf46893f..58af0bb3a0c6 100644
--- a/content/en/docs/reference/config/analysis/ist0166/index.md
+++ b/content/en/docs/reference/config/analysis/ist0166/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This message occurs when a workload selector in policies
 like `AuthorizationPolicy`, `RequestAuthentication`, `Telemetry`, or
diff --git a/content/en/docs/reference/config/config-status/index.md b/content/en/docs/reference/config/config-status/index.md
index 298056c5cedd..08acf44d4099 100644
--- a/content/en/docs/reference/config/config-status/index.md
+++ b/content/en/docs/reference/config/config-status/index.md
@@ -5,6 +5,7 @@ weight: 21
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< warning >}}
 This feature is in the Alpha stage, see
diff --git a/content/en/docs/setup/additional-setup/customize-installation/index.md b/content/en/docs/setup/additional-setup/customize-installation/index.md
index 123587bd986b..b005a25df892 100644
--- a/content/en/docs/setup/additional-setup/customize-installation/index.md
+++ b/content/en/docs/setup/additional-setup/customize-installation/index.md
@@ -6,7 +6,7 @@ keywords: [profiles,install,helm]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## Prerequisites
 
 Before you begin, check the following prerequisites:
diff --git a/content/en/docs/setup/additional-setup/gateway/index.md b/content/en/docs/setup/additional-setup/gateway/index.md
index fb3115aea257..c2324533ba63 100644
--- a/content/en/docs/setup/additional-setup/gateway/index.md
+++ b/content/en/docs/setup/additional-setup/gateway/index.md
@@ -6,7 +6,7 @@ keywords: [install,gateway,kubernetes]
 owner: istio/wg-environments-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 {{< tip >}}
 {{< boilerplate gateway-api-future >}}
 If you use the Gateway API, you will not need to install and manage a gateway `Deployment` as described in this document.
diff --git a/content/en/docs/setup/additional-setup/sidecar-injection/index.md b/content/en/docs/setup/additional-setup/sidecar-injection/index.md
index 84c7a13e9f68..9f0bfae04d65 100644
--- a/content/en/docs/setup/additional-setup/sidecar-injection/index.md
+++ b/content/en/docs/setup/additional-setup/sidecar-injection/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Injection
 
diff --git a/content/en/docs/setup/platform-setup/huaweicloud/index.md b/content/en/docs/setup/platform-setup/huaweicloud/index.md
index ae4fef61db08..5908d49dec55 100644
--- a/content/en/docs/setup/platform-setup/huaweicloud/index.md
+++ b/content/en/docs/setup/platform-setup/huaweicloud/index.md
@@ -10,6 +10,7 @@ keywords: [platform-setup,huawei,huaweicloud,cce]
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Follow these instructions to prepare a cluster for Istio using the
 [Huawei Cloud Container Engine](https://www.huaweicloud.com/intl/product/cce.html).
diff --git a/content/en/docs/setup/platform-setup/kubesphere/index.md b/content/en/docs/setup/platform-setup/kubesphere/index.md
index 9a0745abcf70..6e9e2a63e22a 100644
--- a/content/en/docs/setup/platform-setup/kubesphere/index.md
+++ b/content/en/docs/setup/platform-setup/kubesphere/index.md
@@ -7,6 +7,7 @@ keywords: [platform-setup,kubesphere,kubernetes]
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 This page was last updated March 9, 2021.
 
diff --git a/content/en/docs/tasks/observability/distributed-tracing/jaeger/index.md b/content/en/docs/tasks/observability/distributed-tracing/jaeger/index.md
index 2809947bcbad..964dcf7d6173 100644
--- a/content/en/docs/tasks/observability/distributed-tracing/jaeger/index.md
+++ b/content/en/docs/tasks/observability/distributed-tracing/jaeger/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 After completing this task, you understand how to have your application participate in tracing with [Jaeger](https://www.jaegertracing.io/),
 regardless of the language, framework, or platform you use to build your application.
diff --git a/content/en/docs/tasks/observability/distributed-tracing/opentelemetry/index.md b/content/en/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
index 23dad81268ae..aa4812ec36f3 100644
--- a/content/en/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
+++ b/content/en/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [OpenTelemetry](https://opentelemetry.io/) (OTel) is a vendor-neutral, open source observability framework for instrumenting, generating, collecting, and exporting telemetry data. [OpenTelemetry Protocol](https://opentelemetry.io/docs/specs/otlp/) (OTLP) traces can be sent to [Jaeger](/docs/tasks/observability/distributed-tracing/jaeger/), as well as many commercial services.
 
diff --git a/content/en/docs/tasks/observability/distributed-tracing/sampling/index.md b/content/en/docs/tasks/observability/distributed-tracing/sampling/index.md
index b790db369e93..e4a7ff9a087b 100644
--- a/content/en/docs/tasks/observability/distributed-tracing/sampling/index.md
+++ b/content/en/docs/tasks/observability/distributed-tracing/sampling/index.md
@@ -6,6 +6,7 @@ keywords: [sampling,telemetry,tracing,opentelemetry]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio provides multiple ways to configure trace sampling. In this page you will learn and understand
 all the different ways sampling can be configured.
diff --git a/content/en/docs/tasks/observability/distributed-tracing/skywalking/index.md b/content/en/docs/tasks/observability/distributed-tracing/skywalking/index.md
index cd23f9dfd72b..878369cea0bc 100644
--- a/content/en/docs/tasks/observability/distributed-tracing/skywalking/index.md
+++ b/content/en/docs/tasks/observability/distributed-tracing/skywalking/index.md
@@ -6,6 +6,7 @@ keywords: [telemetry,tracing,skywalking,span,port-forwarding]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 After completing this task, you will understand how to have your application participate in tracing with [Apache SkyWalking](https://skywalking.apache.org),
 regardless of the language, framework, or platform you use to build it.
diff --git a/content/en/docs/tasks/observability/distributed-tracing/telemetry-api/index.md b/content/en/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
index 34b81630761e..c1ea1336868b 100644
--- a/content/en/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
+++ b/content/en/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
@@ -6,6 +6,7 @@ keywords: [telemetry,tracing]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio provides the ability to configure tracing options, such as sampling rate and adding custom tags to reported spans.
 This task shows you how to customize the tracing options with Telemetry API.
diff --git a/content/en/docs/tasks/observability/distributed-tracing/zipkin/index.md b/content/en/docs/tasks/observability/distributed-tracing/zipkin/index.md
index d69bf445f6aa..f64c16f7f549 100644
--- a/content/en/docs/tasks/observability/distributed-tracing/zipkin/index.md
+++ b/content/en/docs/tasks/observability/distributed-tracing/zipkin/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 After completing this task, you understand how to have your application participate in tracing with [Zipkin](https://zipkin.io/),
 regardless of the language, framework, or platform you use to build your application.
diff --git a/content/en/docs/tasks/observability/metrics/customize-metrics/index.md b/content/en/docs/tasks/observability/metrics/customize-metrics/index.md
index 388959a5216b..7e9caef67672 100644
--- a/content/en/docs/tasks/observability/metrics/customize-metrics/index.md
+++ b/content/en/docs/tasks/observability/metrics/customize-metrics/index.md
@@ -6,6 +6,7 @@ keywords: [telemetry,metrics,customize]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This task shows you how to customize the metrics that Istio generates.
 
diff --git a/content/en/docs/tasks/observability/telemetry/index.md b/content/en/docs/tasks/observability/telemetry/index.md
index 69a324919f49..a34477637826 100644
--- a/content/en/docs/tasks/observability/telemetry/index.md
+++ b/content/en/docs/tasks/observability/telemetry/index.md
@@ -7,6 +7,7 @@ owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 status: Stable
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio provides a [Telemetry API](/docs/reference/config/telemetry/) that enables flexible configuration of
 [metrics](/docs/tasks/observability/metrics/), [access logs](/docs/tasks/observability/logs/), and [tracing](/docs/tasks/observability/distributed-tracing/).
diff --git a/content/en/docs/tasks/security/authentication/authn-policy/index.md b/content/en/docs/tasks/security/authentication/authn-policy/index.md
index 892cfa2d2ea5..196b2c56a5db 100644
--- a/content/en/docs/tasks/security/authentication/authn-policy/index.md
+++ b/content/en/docs/tasks/security/authentication/authn-policy/index.md
@@ -9,6 +9,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 This task covers the primary activities you might need to perform when enabling, configuring, and using Istio authentication policies. Find out more about
 the underlying concepts in the [authentication overview](/docs/concepts/security/#authentication).
diff --git a/content/en/docs/tasks/security/authorization/authz-custom/index.md b/content/en/docs/tasks/security/authorization/authz-custom/index.md
index 87c338a6b7ed..d0aa67e80637 100644
--- a/content/en/docs/tasks/security/authorization/authz-custom/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-custom/index.md
@@ -6,7 +6,7 @@ keywords: [security,access-control,rbac,authorization,custom, opa, oauth, oauth2
 owner: istio/wg-security-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 This task shows you how to set up an Istio authorization policy using a new value for the [action field](/docs/reference/config/security/authorization-policy/#AuthorizationPolicy-Action), `CUSTOM`,
 to delegate the access control to an external authorization system. This can be used to integrate with [OPA authorization](https://www.openpolicyagent.org/docs/latest/envoy-introduction/),
 [`oauth2-proxy`](https://github.com/oauth2-proxy/oauth2-proxy), your own custom external authorization server and more.
diff --git a/content/en/docs/tasks/security/authorization/authz-ingress/index.md b/content/en/docs/tasks/security/authorization/authz-ingress/index.md
index 66abee85ed92..6d40400d1a6b 100644
--- a/content/en/docs/tasks/security/authorization/authz-ingress/index.md
+++ b/content/en/docs/tasks/security/authorization/authz-ingress/index.md
@@ -6,7 +6,7 @@ keywords: [security,access-control,rbac,authorization,ingress,ip,allowlist,denyl
 owner: istio/wg-security-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 This task shows you how to enforce IP-based access control on an Istio ingress gateway using an authorization policy.
 
 {{< boilerplate gateway-api-support >}}
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
index 91afa380304d..20281a4aac67 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
@@ -9,6 +9,7 @@ keywords: [traffic-management,egress]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Because all outbound traffic from an Istio-enabled pod is redirected to its sidecar proxy by default,
 accessibility of URLs outside of the cluster depends on the configuration of the proxy.
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md b/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
index b8f1e4c6889f..5d8bdc81ee43 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 The [TLS Origination for Egress Traffic](/docs/tasks/traffic-management/egress/egress-tls-origination/)
 example shows how to configure Istio to perform {{< gloss >}}TLS origination{{< /gloss >}}
 for traffic to an external service. The [Configure an Egress Gateway](/docs/tasks/traffic-management/egress/egress-gateway/)
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md b/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
index 9c383dc26715..aedd2840f00a 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 {{<warning>}}
 This example does not work in Minikube.
 {{</warning>}}
diff --git a/content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md b/content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
index 1fa052680f96..ae80883cd8f3 100644
--- a/content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 The [Accessing External Services](/docs/tasks/traffic-management/egress/egress-control) task and
 the [Configure an Egress Gateway](/docs/tasks/traffic-management/egress/egress-gateway/) example
 describe how to configure egress traffic for specific hostnames, like `edition.cnn.com`.
diff --git a/content/en/docs/tasks/traffic-management/ingress/gateway-api/index.md b/content/en/docs/tasks/traffic-management/ingress/gateway-api/index.md
index 367276d877f8..3a7778fa9dcc 100644
--- a/content/en/docs/tasks/traffic-management/ingress/gateway-api/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/gateway-api/index.md
@@ -9,7 +9,8 @@ keywords: [traffic-management,ingress, gateway-api]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
+<!-- markdownlint-disable MD026 -->
 In addition to its own traffic management API,
 {{< boilerplate gateway-api-future >}}
 This document describes the differences between the Istio and Kubernetes APIs and provides a simple example
diff --git a/content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md b/content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
index 7ce6a65468b1..f477ee2072ff 100644
--- a/content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/ingress-control/index.md
@@ -9,7 +9,8 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
+<!-- markdownlint-disable MD026 -->
 Along with support for Kubernetes [Ingress](/docs/tasks/traffic-management/ingress/kubernetes-ingress/) resources, Istio also allows you to configure ingress traffic
 using either an [Istio Gateway](/docs/concepts/traffic-management/#gateways) or [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/) resource.
 A `Gateway` provides more extensive customization and flexibility than `Ingress`, and allows Istio features such as monitoring and route rules to be applied to traffic entering the cluster.
diff --git a/content/en/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md b/content/en/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
index f4e1ddd57c43..f7a541396842 100644
--- a/content/en/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,ingress,https]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 In a regular Istio mesh deployment, the TLS termination for downstream requests is performed at the Ingress Gateway.
 Although this satisfies most use cases, for some (like an API Gateway in the mesh) the Ingress Gateway is not necessarily needed. This task shows how to eliminate the additional hop introduced by the Istio Ingress Gateway and let the Envoy sidecar, running alongside the application, perform TLS termination for requests coming from outside of the service mesh.
 
diff --git a/content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md b/content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md
index 6db9a71bc930..2fc563e479e1 100644
--- a/content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 The [Securing Gateways with HTTPS](/docs/tasks/traffic-management/ingress/secure-ingress/) task describes how to configure HTTPS
 ingress access to an HTTP service. This example describes how to configure HTTPS ingress access to an HTTPS service,
 i.e., configure an ingress gateway to perform SNI passthrough, instead of TLS termination on incoming requests.
diff --git a/content/en/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md b/content/en/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
index 14a70a83b8f6..7d575160b79b 100644
--- a/content/en/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,ingress]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 This task describes how to configure Istio to expose a service outside of the service mesh cluster, using the Kubernetes [Ingress Resource](https://kubernetes.io/docs/concepts/services-networking/ingress/).
 
 {{< tip >}}
diff --git a/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md b/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
index 3c41680f4428..e082f34d29c5 100644
--- a/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
+++ b/content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
@@ -9,7 +9,7 @@ keywords: [traffic-management,ingress,sds-credentials]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 The [Control Ingress Traffic task](/docs/tasks/traffic-management/ingress/ingress-control)
 describes how to configure an ingress gateway to expose an HTTP service to external traffic.
 This task shows how to expose a secure HTTPS service using either simple or mutual TLS.
diff --git a/content/en/docs/tasks/traffic-management/request-routing/index.md b/content/en/docs/tasks/traffic-management/request-routing/index.md
index 1511738d9e1b..f3a76f4d6bdd 100644
--- a/content/en/docs/tasks/traffic-management/request-routing/index.md
+++ b/content/en/docs/tasks/traffic-management/request-routing/index.md
@@ -8,7 +8,7 @@ keywords: [traffic-management,routing]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 This task shows you how to route requests dynamically to multiple versions of a
 microservice.
 
diff --git a/content/en/docs/tasks/traffic-management/request-timeouts/index.md b/content/en/docs/tasks/traffic-management/request-timeouts/index.md
index d1e5321217a0..882b57a34b8d 100644
--- a/content/en/docs/tasks/traffic-management/request-timeouts/index.md
+++ b/content/en/docs/tasks/traffic-management/request-timeouts/index.md
@@ -8,7 +8,7 @@ keywords: [traffic-management,timeouts]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 This task shows you how to set up request timeouts in Envoy using Istio.
 
 {{< boilerplate gateway-api-support >}}
diff --git a/content/en/docs/tasks/traffic-management/tcp-traffic-shifting/index.md b/content/en/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
index 6e717668cdf5..48d9f74bfc8f 100644
--- a/content/en/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
+++ b/content/en/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 This task shows you how to shift TCP traffic from one version of a microservice to another.
 
 A common use case is to migrate TCP traffic gradually from an older version of a microservice to a new one.
diff --git a/content/en/docs/tasks/traffic-management/traffic-shifting/index.md b/content/en/docs/tasks/traffic-management/traffic-shifting/index.md
index cf09505fe16c..9d048e1fab9f 100644
--- a/content/en/docs/tasks/traffic-management/traffic-shifting/index.md
+++ b/content/en/docs/tasks/traffic-management/traffic-shifting/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 This task shows you how to shift traffic from one version of a microservice to another.
 
 A common use case is to migrate traffic gradually from an older version of a microservice to a new one.
diff --git a/content/en/news/releases/1.1.x/announcing-1.1.13/index.md b/content/en/news/releases/1.1.x/announcing-1.1.13/index.md
index cfce286b8a9e..881fc9addc5a 100644
--- a/content/en/news/releases/1.1.x/announcing-1.1.13/index.md
+++ b/content/en/news/releases/1.1.x/announcing-1.1.13/index.md
@@ -22,13 +22,13 @@ This release contains fixes for the security vulnerabilities described in [ISTIO
 [ISTIO-SECURITY-2019-004](/news/security/istio-security-2019-004/). Specifically:
 
 __ISTIO-SECURITY-2019-003__: An Envoy user reported publicly an issue (c.f. [Envoy Issue 7728](https://github.com/envoyproxy/envoy/issues/7728)) about regular expressions matching that crashes Envoy with very large URIs.
-  * __[CVE-2019-14993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14993)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio, if users are employing regular expressions in some of the Istio APIs: `JWT`, `VirtualService`, `HTTPAPISpecBinding`, `QuotaSpecBinding`.
+* __[CVE-2019-14993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14993)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio, if users are employing regular expressions in some of the Istio APIs: `JWT`, `VirtualService`, `HTTPAPISpecBinding`, `QuotaSpecBinding`.
 
 __ISTIO-SECURITY-2019-004__: Envoy, and subsequently Istio are vulnerable to a series of trivial HTTP/2-based DoS attacks:
-  * __[CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512)__: HTTP/2 flood using `PING` frames and queuing of response `PING` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513)__: HTTP/2 flood using PRIORITY frames that results in excessive CPU usage and starvation of other clients.
-  * __[CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514)__: HTTP/2 flood using `HEADERS` frames with invalid HTTP headers and queuing of response `RST_STREAM` frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515)__: HTTP/2 flood using `SETTINGS` frames and queuing of `SETTINGS` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518)__: HTTP/2 flood using frames with an empty payload that results in excessive CPU usage and starvation of other clients.
+* __[CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512)__: HTTP/2 flood using `PING` frames and queuing of response `PING` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
+* __[CVE-2019-9513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513)__: HTTP/2 flood using PRIORITY frames that results in excessive CPU usage and starvation of other clients.
+* __[CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514)__: HTTP/2 flood using `HEADERS` frames with invalid HTTP headers and queuing of response `RST_STREAM` frames that results in unbounded memory growth (which can lead to out of memory conditions).
+* __[CVE-2019-9515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515)__: HTTP/2 flood using `SETTINGS` frames and queuing of `SETTINGS` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
+* __[CVE-2019-9518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518)__: HTTP/2 flood using frames with an empty payload that results in excessive CPU usage and starvation of other clients.
 
 Nothing else is included in this release except for the above security fixes.
diff --git a/content/en/news/releases/1.1.x/announcing-1.1.16/index.md b/content/en/news/releases/1.1.x/announcing-1.1.16/index.md
index 440031fd0436..47d4a05e4867 100644
--- a/content/en/news/releases/1.1.x/announcing-1.1.16/index.md
+++ b/content/en/news/releases/1.1.x/announcing-1.1.16/index.md
@@ -19,6 +19,6 @@ We're pleased to announce the availability of Istio 1.1.16. Please see below for
 This release contains fixes for the security vulnerability described in [our October 8th, 2019 news post](/news/security/istio-security-2019-005).  Specifically:
 
 __ISTIO-SECURITY-2019-005__:  A DoS vulnerability has been discovered by the Envoy community.
-  * __[CVE-2019-15226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15226)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio if an attacker uses a high quantity of very small headers.
+* __[CVE-2019-15226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15226)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio if an attacker uses a high quantity of very small headers.
 
 Nothing else is included in this release except for the above security fix.
diff --git a/content/en/news/releases/1.10.x/announcing-1.10/upgrade-notes/index.md b/content/en/news/releases/1.10.x/announcing-1.10/upgrade-notes/index.md
index ae582fb81b31..789fb47a462c 100644
--- a/content/en/news/releases/1.10.x/announcing-1.10/upgrade-notes/index.md
+++ b/content/en/news/releases/1.10.x/announcing-1.10/upgrade-notes/index.md
@@ -5,6 +5,7 @@ publishdate: 2021-05-18
 linktitle: 1.10 Upgrade Notes
 weight: 20
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 When you upgrade from Istio 1.9 to Istio 1.10, you need to consider the changes on this page.
 These notes detail the changes which purposefully break backwards compatibility with Istio 1.9.
diff --git a/content/en/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md b/content/en/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md
index 3ccf249353c7..3848b9277933 100644
--- a/content/en/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md
+++ b/content/en/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md
@@ -4,6 +4,7 @@ description: Important changes to consider when upgrading to Istio 1.19.
 weight: 20
 publishdate: 2023-09-05
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 When you upgrade from Istio 1.18.x to Istio 1.19.x, you need to consider the changes on this page.
 These notes detail the changes which purposefully break backwards compatibility with Istio `1.18.x.`
diff --git a/content/en/news/releases/1.2.x/announcing-1.2.4/index.md b/content/en/news/releases/1.2.x/announcing-1.2.4/index.md
index 0ecfa3800988..ff7a5c72defb 100644
--- a/content/en/news/releases/1.2.x/announcing-1.2.4/index.md
+++ b/content/en/news/releases/1.2.x/announcing-1.2.4/index.md
@@ -22,13 +22,13 @@ This release contains fixes for the security vulnerabilities described in [ISTIO
 [ISTIO-SECURITY-2019-004](/news/security/istio-security-2019-004/).  Specifically:
 
 __ISTIO-SECURITY-2019-003__: An Envoy user reported publicly an issue (c.f. [Envoy Issue 7728](https://github.com/envoyproxy/envoy/issues/7728)) about regular expressions matching that crashes Envoy with very large URIs.
-  * __[CVE-2019-14993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14993)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio, if users are employing regular expressions in some of the Istio APIs: `JWT`, `VirtualService`, `HTTPAPISpecBinding`, `QuotaSpecBinding`.
+* __[CVE-2019-14993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14993)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio, if users are employing regular expressions in some of the Istio APIs: `JWT`, `VirtualService`, `HTTPAPISpecBinding`, `QuotaSpecBinding`.
 
 __ISTIO-SECURITY-2019-004__: Envoy, and subsequently Istio are vulnerable to a series of trivial HTTP/2-based DoS attacks:
-  * __[CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512)__: HTTP/2 flood using `PING` frames and queuing of response `PING` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513)__: HTTP/2 flood using PRIORITY frames that results in excessive CPU usage and starvation of other clients.
-  * __[CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514)__: HTTP/2 flood using `HEADERS` frames with invalid HTTP headers and queuing of response `RST_STREAM` frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515)__: HTTP/2 flood using `SETTINGS` frames and queuing of `SETTINGS` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
-  * __[CVE-2019-9518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518)__: HTTP/2 flood using frames with an empty payload that results in excessive CPU usage and starvation of other clients.
+* __[CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512)__: HTTP/2 flood using `PING` frames and queuing of response `PING` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
+* __[CVE-2019-9513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513)__: HTTP/2 flood using PRIORITY frames that results in excessive CPU usage and starvation of other clients.
+* __[CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514)__: HTTP/2 flood using `HEADERS` frames with invalid HTTP headers and queuing of response `RST_STREAM` frames that results in unbounded memory growth (which can lead to out of memory conditions).
+* __[CVE-2019-9515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515)__: HTTP/2 flood using `SETTINGS` frames and queuing of `SETTINGS` ACK frames that results in unbounded memory growth (which can lead to out of memory conditions).
+* __[CVE-2019-9518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518)__: HTTP/2 flood using frames with an empty payload that results in excessive CPU usage and starvation of other clients.
 
 Nothing else is included in this release except for the above security fixes.
diff --git a/content/en/news/releases/1.2.x/announcing-1.2.7/index.md b/content/en/news/releases/1.2.x/announcing-1.2.7/index.md
index 9f6310a380f3..210eca489938 100644
--- a/content/en/news/releases/1.2.x/announcing-1.2.7/index.md
+++ b/content/en/news/releases/1.2.x/announcing-1.2.7/index.md
@@ -19,7 +19,7 @@ We're pleased to announce the availability of Istio 1.2.7. Please see below for
 This release contains fixes for the security vulnerability described in [our October 8th, 2019 news post](/news/security/istio-security-2019-005).  Specifically:
 
 __ISTIO-SECURITY-2019-005__:  A DoS vulnerability has been discovered by the Envoy community.
-  * __[CVE-2019-15226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15226)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio if an attacker uses a high quantity of very small headers.
+* __[CVE-2019-15226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15226)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio if an attacker uses a high quantity of very small headers.
 
 ## Bug fix
 
diff --git a/content/en/news/releases/1.3.x/announcing-1.3.2/index.md b/content/en/news/releases/1.3.x/announcing-1.3.2/index.md
index 3d798e9fe0ae..457a5a71ec98 100644
--- a/content/en/news/releases/1.3.x/announcing-1.3.2/index.md
+++ b/content/en/news/releases/1.3.x/announcing-1.3.2/index.md
@@ -19,6 +19,6 @@ We're pleased to announce the availability of Istio 1.3.2. Please see below for
 This release contains fixes for the security vulnerability described in [our October 8th, 2019 news post](/news/security/istio-security-2019-005).  Specifically:
 
 __ISTIO-SECURITY-2019-005__:  A DoS vulnerability has been discovered by the Envoy community.
-  * __[CVE-2019-15226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15226)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio if an attacker  uses a high quantity of very small headers.
+* __[CVE-2019-15226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15226)__: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio if an attacker  uses a high quantity of very small headers.
 
 Nothing else is included in this release except for the above security fix. Distroless images will be available in a few days.
diff --git a/content/en/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md b/content/en/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md
index 8cc4e878472e..0e28a9c5449f 100644
--- a/content/en/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md
+++ b/content/en/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md
@@ -7,6 +7,7 @@ subtitle: Minor Release
 linktitle: 1.9 Upgrade Notes
 publishdate: 2021-02-09
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 When you upgrade from Istio 1.8 to Istio 1.9.x, you need to consider the changes on this page.
 These notes detail the changes which purposefully break backwards compatibility with Istio 1.8.
diff --git a/content/en/news/security/istio-security-2020-006/index.md b/content/en/news/security/istio-security-2020-006/index.md
index 1e4d6ea3f0f0..e77693bf03fa 100644
--- a/content/en/news/security/istio-security-2020-006/index.md
+++ b/content/en/news/security/istio-security-2020-006/index.md
@@ -10,6 +10,7 @@ publishdate: 2020-06-11
 keywords: [CVE]
 skip_seealso: true
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< security_bulletin >}}
 
diff --git a/content/en/news/security/istio-security-2020-009/index.md b/content/en/news/security/istio-security-2020-009/index.md
index 0859a1446d16..7759fb538ffd 100644
--- a/content/en/news/security/istio-security-2020-009/index.md
+++ b/content/en/news/security/istio-security-2020-009/index.md
@@ -10,6 +10,7 @@ publishdate: 2020-08-11
 keywords: [CVE]
 skip_seealso: true
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< security_bulletin >}}
 
diff --git a/content/en/news/security/istio-security-2021-004/index.md b/content/en/news/security/istio-security-2021-004/index.md
index b96ca80ebd4a..d07c10ec2d04 100644
--- a/content/en/news/security/istio-security-2021-004/index.md
+++ b/content/en/news/security/istio-security-2021-004/index.md
@@ -10,6 +10,7 @@ publishdate: 2021-04-15
 keywords: [CVE]
 skip_seealso: true
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 {{< security_bulletin >}}
 
diff --git a/content/en/news/security/istio-security-2021-005/index.md b/content/en/news/security/istio-security-2021-005/index.md
index ce0a629b6dc4..c43f820cb942 100644
--- a/content/en/news/security/istio-security-2021-005/index.md
+++ b/content/en/news/security/istio-security-2021-005/index.md
@@ -75,9 +75,9 @@ Your cluster is **NOT impacted** by this vulnerability if:
 
 1. Update your cluster to the latest supported version.
    These versions support configuring the Envoy proxies in the system with more normalization options:
-  * Istio 1.8.6, if using 1.8.x
-  * Istio 1.9.5 or up
-  * The patch version specified by your cloud provider
+* Istio 1.8.6, if using 1.8.x
+* Istio 1.9.5 or up
+* The patch version specified by your cloud provider
 1. Follow the [security best practices](/docs/ops/best-practices/security/#authorization-policies)
    to configure your authorization policies.
 
diff --git a/content/en/news/security/istio-security-2021-008/index.md b/content/en/news/security/istio-security-2021-008/index.md
index df45f6902c1e..26e0d9754e1f 100644
--- a/content/en/news/security/istio-security-2021-008/index.md
+++ b/content/en/news/security/istio-security-2021-008/index.md
@@ -10,6 +10,7 @@ publishdate: 2021-08-24
 keywords: [CVE]
 skip_seealso: true
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< security_bulletin >}}
 
diff --git a/content/en/test/tb/index.md b/content/en/test/tb/index.md
index 5af90c6017aa..2143912a98be 100644
--- a/content/en/test/tb/index.md
+++ b/content/en/test/tb/index.md
@@ -3,7 +3,7 @@ title: Text Blocks
 description: Basic text blocks.
 skip_sitemap: true
 ---
-
+<!-- markdownlint-disable MD007 -->
 Plain text block with html tag
 
 {{< text plain >}}
diff --git a/content/uk/about/faq/metrics-and-logs/life-of-a-request.md b/content/uk/about/faq/metrics-and-logs/life-of-a-request.md
index bed54842c8d8..807798a6b8fe 100644
--- a/content/uk/about/faq/metrics-and-logs/life-of-a-request.md
+++ b/content/uk/about/faq/metrics-and-logs/life-of-a-request.md
@@ -2,6 +2,7 @@
 title: Як дізнатися, що сталося з запитом в Istio?
 weight: 80
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 Ви можете включити [трейсинг](/docs/tasks/observability/distributed-tracing/), щоб визначити маршрут запиту в Istio.
 
diff --git a/content/uk/about/faq/traffic-management/cors.md b/content/uk/about/faq/traffic-management/cors.md
index cb72e2ddc861..10aea27fc7b4 100644
--- a/content/uk/about/faq/traffic-management/cors.md
+++ b/content/uk/about/faq/traffic-management/cors.md
@@ -2,6 +2,7 @@
 title: Чому моя конфігурація CORS не працює?
 weight: 40
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Після застосування [конфігурації CORS](/docs/reference/config/networking/virtual-service/#CorsPolicy) ви можете помітити, що ніби нічого не змінилося, і запитати, що пішло не так. CORS є часто неправильно зрозумілим HTTP-концептом, що часто призводить до плутанини при конфігурації.
 
diff --git a/content/uk/about/faq/traffic-management/ingress-with-no-route-rules.md b/content/uk/about/faq/traffic-management/ingress-with-no-route-rules.md
index 7ae0cadcef99..9821690e31e4 100644
--- a/content/uk/about/faq/traffic-management/ingress-with-no-route-rules.md
+++ b/content/uk/about/faq/traffic-management/ingress-with-no-route-rules.md
@@ -2,6 +2,7 @@
 title: Чи можу я використовувати стандартну специфікацію Ingress без будь-яких правил маршрутизації?
 weight: 40
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Прості специфікації ingress, що включають хост, TLS і точні відповідності шляхів, будуть працювати без потреби в правилах маршрутизації. Однак зверніть увагу, що шлях, використаний у ресурсі ingress, не повинен містити символи `.`.
 
diff --git a/content/uk/blog/2024/authz-policy-with-kyverno/index.md b/content/uk/blog/2024/authz-policy-with-kyverno/index.md
index fe2eb4af3140..88ee32dcdfdc 100644
--- a/content/uk/blog/2024/authz-policy-with-kyverno/index.md
+++ b/content/uk/blog/2024/authz-policy-with-kyverno/index.md
@@ -5,6 +5,7 @@ publishdate: 2024-11-25
 attribution: "Charles-Edouard Brétéché (Nirmata)"
 keywords: [istio,kyverno,policy,platform,authorization]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio підтримує інтеграцію з багатьма різними проєктами. Нещодавно в блозі Istio була опублікована стаття про [функціональність політик L7 з OpenPolicyAgent](../l7-policy-with-opa). Kyverno є подібним проєктом, і сьогодні ми розглянемо, як Istio та сервер авторизації Kyverno можуть використовуватися разом для забезпечення політик Layer 7 у вашій платформі.
 
diff --git a/content/uk/blog/2025/ambient-performance/index.md b/content/uk/blog/2025/ambient-performance/index.md
index 86361552e888..95bd5938fcde 100644
--- a/content/uk/blog/2025/ambient-performance/index.md
+++ b/content/uk/blog/2025/ambient-performance/index.md
@@ -5,7 +5,7 @@ publishdate: 2025-03-06
 attribution: "Джон Говард (Solo.io)"
 keywords: [istio,performance,ambient]
 ---
-
+<!-- markdownlint-disable MD007 -->
 Шифрування під час передачі є базовою вимогою для майже всіх середовищ Kubernetes сьогодні і створює основу для безпеки з нульовою довірою.
 
 Однак проблема з безпекою полягає в тому, що вона не обходиться без витрат: часто це компроміс між складністю, зручністю користування та продуктивністю.
diff --git a/content/uk/docs/ambient/architecture/data-plane/index.md b/content/uk/docs/ambient/architecture/data-plane/index.md
index 100e204f7e4d..1fe4380176cd 100644
--- a/content/uk/docs/ambient/architecture/data-plane/index.md
+++ b/content/uk/docs/ambient/architecture/data-plane/index.md
@@ -5,6 +5,7 @@ weight: 3
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 В {{< gloss "ambient" >}}режимі ambient{{< /gloss >}} навантаження може потрапляти в 3 категорії:
 
diff --git a/content/uk/docs/ambient/architecture/traffic-redirection/index.md b/content/uk/docs/ambient/architecture/traffic-redirection/index.md
index 50fa01285571..4547181e76bf 100644
--- a/content/uk/docs/ambient/architecture/traffic-redirection/index.md
+++ b/content/uk/docs/ambient/architecture/traffic-redirection/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 У контексті режиму ambient, _перенаправлення трафіку_ стосується функціональності панелі даних, яка перехоплює трафік, що надходить до і з навантажень, увімкнених в ambient, маршрутизуючи його через проксі вузлів {{< gloss >}}ztunnel{{< /gloss >}}, які обробляють основний шлях даних. Іноді також використовується термін _захоплення трафіку_.
 
diff --git a/content/uk/docs/ambient/getting-started/enforce-auth-policies/index.md b/content/uk/docs/ambient/getting-started/enforce-auth-policies/index.md
index 4978b34f7291..db5b29285e27 100644
--- a/content/uk/docs/ambient/getting-started/enforce-auth-policies/index.md
+++ b/content/uk/docs/ambient/getting-started/enforce-auth-policies/index.md
@@ -5,6 +5,7 @@ weight: 4
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Після того, як ви додали застосунок до ambient mesh, ви можете забезпечити доступ до нього, використовуючи політики авторизації Layer 4.
 
diff --git a/content/uk/docs/ambient/getting-started/manage-traffic/index.md b/content/uk/docs/ambient/getting-started/manage-traffic/index.md
index 3ef91952e155..68e9fd5126d6 100644
--- a/content/uk/docs/ambient/getting-started/manage-traffic/index.md
+++ b/content/uk/docs/ambient/getting-started/manage-traffic/index.md
@@ -5,6 +5,7 @@ weight: 5
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Тепер, коли у нас встановлено проксі waypoint, ми дізнаємось як розподіляти трафік між сервісами.
 
diff --git a/content/uk/docs/ambient/usage/l4-policy/index.md b/content/uk/docs/ambient/usage/l4-policy/index.md
index 24c2cf36b75a..329c7eaca85c 100644
--- a/content/uk/docs/ambient/usage/l4-policy/index.md
+++ b/content/uk/docs/ambient/usage/l4-policy/index.md
@@ -5,6 +5,7 @@ weight: 20
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Функції рівня 4 (L4) в політиках безпеки Istio [підтримуються](/docs/concepts/security) {{< gloss >}}ztunnel{{< /gloss >}}, і доступні в {{< gloss "ambient" >}}ambient режимі{{< /gloss >}}. [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) також продовжують працювати, якщо у вашому кластері є {{< gloss >}}CNI{{< /gloss >}} втулок, що їх підтримує, і можуть використовуватися для забезпечення глибокого захисту.
 
diff --git a/content/uk/docs/ambient/usage/l7-features/index.md b/content/uk/docs/ambient/usage/l7-features/index.md
index af04a00c847a..2e903e84dd4c 100644
--- a/content/uk/docs/ambient/usage/l7-features/index.md
+++ b/content/uk/docs/ambient/usage/l7-features/index.md
@@ -5,6 +5,7 @@ weight: 50
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Додавши waypoint-проксі до потоку вашого трафіку, ви можете увімкнути більше [функцій Istio](/docs/concepts). Waypoints налаштовуються за допомогою {{< gloss "gateway api" >}}Kubernetes Gateway API{{< /gloss >}}.
 
diff --git a/content/uk/docs/ambient/usage/networkpolicy/index.md b/content/uk/docs/ambient/usage/networkpolicy/index.md
index 822f5523946e..25393743224a 100644
--- a/content/uk/docs/ambient/usage/networkpolicy/index.md
+++ b/content/uk/docs/ambient/usage/networkpolicy/index.md
@@ -5,6 +5,7 @@ weight: 20
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Kubernetes [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) дозволяє контролювати, як трафік рівня 4 досягає ваших podʼів.
 
diff --git a/content/uk/docs/ambient/usage/waypoint/index.md b/content/uk/docs/ambient/usage/waypoint/index.md
index 0853bd037151..2a2700c97f52 100644
--- a/content/uk/docs/ambient/usage/waypoint/index.md
+++ b/content/uk/docs/ambient/usage/waypoint/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 **Waypoint-проксі** є необовʼязковим розгортанням проксі на основі Envoy, що додає обробку на рівні 7 (L7) для визначеного набору робочих навантажень.
 
diff --git a/content/uk/docs/concepts/security/index.md b/content/uk/docs/concepts/security/index.md
index 793adbc86107..d523e0258321 100644
--- a/content/uk/docs/concepts/security/index.md
+++ b/content/uk/docs/concepts/security/index.md
@@ -13,6 +13,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 Розбиття монолітного застосунку на атомарні сервіси пропонує різні переваги, включаючи покращену гнучкість, масштабованість і можливість повторного використання сервісів. Однак мікросервіси мають особливі потреби в безпеці:
 
diff --git a/content/uk/docs/concepts/traffic-management/index.md b/content/uk/docs/concepts/traffic-management/index.md
index 369b74350237..969cf220b83a 100644
--- a/content/uk/docs/concepts/traffic-management/index.md
+++ b/content/uk/docs/concepts/traffic-management/index.md
@@ -15,6 +15,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Правила маршрутизації трафіку Istio дозволяють легко контролювати потік трафіку та API-викликів між сервісами. Istio спрощує конфігурацію властивостей на рівні сервісів, таких як запобіжники, тайм-аути та повторні спроби, і полегшує налаштування важливих завдань, таких як A/B тестування, канарейкові розгортання та поетапні розгортання з розподілом трафіку за відсотками. Також забезпечуються вбудовані функції надійності, які допомагають зробити ваш застосунок більш стійким до збоїв залежних сервісів або мережі.
 
diff --git a/content/uk/docs/examples/virtual-machines/index.md b/content/uk/docs/examples/virtual-machines/index.md
index 72ca09a0b049..5bb3c82a9566 100644
--- a/content/uk/docs/examples/virtual-machines/index.md
+++ b/content/uk/docs/examples/virtual-machines/index.md
@@ -13,6 +13,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Цей приклад розгортає застосунок Bookinfo у Kubernetes з одним сервісом, що працює на віртуальній машині (VM), і ілюструє, як контролювати цю інфраструктуру як єдину мережу.
 
diff --git a/content/uk/docs/ops/best-practices/image-signing-validation/index.md b/content/uk/docs/ops/best-practices/image-signing-validation/index.md
index ae00bba35c85..0f4edef845a4 100644
--- a/content/uk/docs/ops/best-practices/image-signing-validation/index.md
+++ b/content/uk/docs/ops/best-practices/image-signing-validation/index.md
@@ -7,6 +7,7 @@ keywords: [install,signing]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Ця сторінка описує, як використовувати [Cosign](https://github.com/sigstore/cosign) для валідації походження артефактів образів Istio.
 
diff --git a/content/uk/docs/ops/best-practices/observability/index.md b/content/uk/docs/ops/best-practices/observability/index.md
index 7e8567f4a1e6..0413107cc154 100644
--- a/content/uk/docs/ops/best-practices/observability/index.md
+++ b/content/uk/docs/ops/best-practices/observability/index.md
@@ -6,6 +6,7 @@ weight: 50
 owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Використання Prometheus для моніторингу у промисловому масштабі {#using-prometheus-for-production-scale-monitoring}
 
diff --git a/content/uk/docs/ops/best-practices/security/index.md b/content/uk/docs/ops/best-practices/security/index.md
index a02fd279e5d3..794550e57320 100644
--- a/content/uk/docs/ops/best-practices/security/index.md
+++ b/content/uk/docs/ops/best-practices/security/index.md
@@ -6,7 +6,7 @@ weight: 30
 owner: istio/wg-security-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Особливості безпеки Istio забезпечують надійну ідентифікацію, потужну політику, прозоре шифрування TLS і інструменти автентифікації, авторизації та аудиту (AAA) для захисту ваших сервісів та даних. Однак, щоб повною мірою використовувати ці функції безпечно, слід дотримуватися найкращих практик. Рекомендується переглянути розділ [Огляд безпеки](/docs/concepts/security/) перед тим, як продовжити.
 
 ## Взаємне TLS шифрування {#mutual-tls}
diff --git a/content/uk/docs/ops/best-practices/traffic-management/index.md b/content/uk/docs/ops/best-practices/traffic-management/index.md
index 3fbc53e79514..6d556ee02f82 100644
--- a/content/uk/docs/ops/best-practices/traffic-management/index.md
+++ b/content/uk/docs/ops/best-practices/traffic-management/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Цей розділ надає конкретні вказівки щодо розгортання або конфігурації для уникнення проблем з мережею або управлінням трафіком.
 
 ## Встановіть стандартні маршрути для сервісів {#set-default-routes-for-services}
diff --git a/content/uk/docs/ops/common-problems/injection/index.md b/content/uk/docs/ops/common-problems/injection/index.md
index c165997ff5ca..0a2320a7c3dc 100644
--- a/content/uk/docs/ops/common-problems/injection/index.md
+++ b/content/uk/docs/ops/common-problems/injection/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Результат інʼєкції sidecar не відповідає очікуванням {#the-result-of-sidecar-injection-was-not-what-i-expected}
 
diff --git a/content/uk/docs/ops/common-problems/network-issues/index.md b/content/uk/docs/ops/common-problems/network-issues/index.md
index 4556254ef9b0..2ea6eb50155d 100644
--- a/content/uk/docs/ops/common-problems/network-issues/index.md
+++ b/content/uk/docs/ops/common-problems/network-issues/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## Запити відхиляються Envoy {#requests-are-rejected-by-envoy}
 
 Запити можуть бути відхилені з різних причин. Найкращий спосіб зрозуміти, чому запити відхиляються — це перевірити журнали доступу Envoy. Стандартно журнали доступу виводяться на стандартний вихід контейнера. Виконайте наступну команду, щоб переглянути журнал:
diff --git a/content/uk/docs/ops/common-problems/security-issues/index.md b/content/uk/docs/ops/common-problems/security-issues/index.md
index 696b592e606b..52c681826854 100644
--- a/content/uk/docs/ops/common-problems/security-issues/index.md
+++ b/content/uk/docs/ops/common-problems/security-issues/index.md
@@ -11,6 +11,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Неправильна автентифікація кінцевого користувача {#end-user-authentication-fails}
 
diff --git a/content/uk/docs/ops/common-problems/upgrade-issues/index.md b/content/uk/docs/ops/common-problems/upgrade-issues/index.md
index b8c1c13641b1..f9d0071d42a6 100644
--- a/content/uk/docs/ops/common-problems/upgrade-issues/index.md
+++ b/content/uk/docs/ops/common-problems/upgrade-issues/index.md
@@ -5,6 +5,7 @@ weight: 60
 owner: istio/wg-policies-and-telemetry-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Міграція EnvoyFilter {#envoyfilter-migration}
 
diff --git a/content/uk/docs/ops/common-problems/validation/index.md b/content/uk/docs/ops/common-problems/validation/index.md
index 1a0de6710e07..b2daca95e512 100644
--- a/content/uk/docs/ops/common-problems/validation/index.md
+++ b/content/uk/docs/ops/common-problems/validation/index.md
@@ -11,6 +11,7 @@ owner: istio/wg-user-experience-maintainers
 test: no
 
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 ## Здається, що конфігурація є правильною, але вона відхиляєтсья {#seemingly-valid-configuration-is-rejected}
 
diff --git a/content/uk/docs/ops/configuration/mesh/configuration-scoping/index.md b/content/uk/docs/ops/configuration/mesh/configuration-scoping/index.md
index 39097aa492ae..658bd77f2c01 100644
--- a/content/uk/docs/ops/configuration/mesh/configuration-scoping/index.md
+++ b/content/uk/docs/ops/configuration/mesh/configuration-scoping/index.md
@@ -6,6 +6,7 @@ keywords: [scalability]
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Щоб налаштувати сервісну мережу, панель управління Istio (Istiod) читає різні конфігурації, включаючи основні типи Kubernetes, такі як `Service` і `Node`, а також власні типи Istio, такі як `Gateway`. Ці конфігурації потім надсилаються до панелі даних (див. [Архітектура](/docs/ops/deployment/architecture/) для отримання додаткової інформації).
 
diff --git a/content/uk/docs/ops/configuration/security/security-policy-examples/index.md b/content/uk/docs/ops/configuration/security/security-policy-examples/index.md
index 629975b2f3c4..87ab2d145e7d 100644
--- a/content/uk/docs/ops/configuration/security/security-policy-examples/index.md
+++ b/content/uk/docs/ops/configuration/security/security-policy-examples/index.md
@@ -5,7 +5,7 @@ weight: 60
 owner: istio/wg-security-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## Передумови {#background}
 
 Ця сторінка демонструє поширені шаблони використання політик безпеки Istio. Ви можете знайти їх корисними для вашого розгортання або використовувати як швидкий довідник щодо прикладів політик.
diff --git a/content/uk/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md b/content/uk/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
index 81af37593b25..4cb8bb0b7818 100644
--- a/content/uk/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
+++ b/content/uk/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Огляд {#overview}
 
diff --git a/content/uk/docs/ops/configuration/traffic-management/dns-proxy/index.md b/content/uk/docs/ops/configuration/traffic-management/dns-proxy/index.md
index f580b61a0d53..2e48d209fb57 100644
--- a/content/uk/docs/ops/configuration/traffic-management/dns-proxy/index.md
+++ b/content/uk/docs/ops/configuration/traffic-management/dns-proxy/index.md
@@ -6,6 +6,7 @@ keywords: [traffic-management,dns,virtual-machine]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Окрім перехоплення трафіку застосунків, Istio також може перехоплювати DNS-запити для покращення продуктивності та зручності використання вашої mesh-мережі. При проксіюванні DNS усі DNS-запити з застосунку будуть перенаправлені на sidecar або проксі ztunnel, який зберігає локальне відображення доменних імен на IP-адреси. Якщо запит може бути оброблений проксі, він безпосередньо поверне відповідь застосунку, уникаючи запиту до upstream DNS-сервера. В іншому випадку запит пересилається на upstream відповідно до стандартної конфігурації DNS з `/etc/resolv.conf`.
 
diff --git a/content/uk/docs/ops/configuration/traffic-management/multicluster/index.md b/content/uk/docs/ops/configuration/traffic-management/multicluster/index.md
index 2c85edb2a428..aecc46879afc 100644
--- a/content/uk/docs/ops/configuration/traffic-management/multicluster/index.md
+++ b/content/uk/docs/ops/configuration/traffic-management/multicluster/index.md
@@ -6,6 +6,7 @@ keywords: [traffic-management,multicluster]
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 У межах мультикластерної mesh-мережі можуть бути бажаними правила трафіку, специфічні для топології кластерів. У цьому документі описані кілька способів керування трафіком у мультикластерній mesh-мережі. Перед тим, як прочитати цей посібник:
 
diff --git a/content/uk/docs/ops/configuration/traffic-management/protocol-selection/index.md b/content/uk/docs/ops/configuration/traffic-management/protocol-selection/index.md
index 7420fbe74ad8..7f36968a32e4 100644
--- a/content/uk/docs/ops/configuration/traffic-management/protocol-selection/index.md
+++ b/content/uk/docs/ops/configuration/traffic-management/protocol-selection/index.md
@@ -11,6 +11,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio підтримує проксіювання будь-якого TCP трафіку. Це включає HTTP, HTTPS, gRPC, а також необроблений TCP протоколи. Для надання додаткових можливостей, таких як маршрутизація і розширені метрики, протокол повинен бути визначений. Це можна зробити автоматично або явно вказати.
 
diff --git a/content/uk/docs/ops/configuration/traffic-management/tls-configuration/index.md b/content/uk/docs/ops/configuration/traffic-management/tls-configuration/index.md
index 7d0b22b4f179..3b87f9da1d81 100644
--- a/content/uk/docs/ops/configuration/traffic-management/tls-configuration/index.md
+++ b/content/uk/docs/ops/configuration/traffic-management/tls-configuration/index.md
@@ -7,6 +7,7 @@ keywords: [traffic-management,proxy]
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Однією з найважливіших можливостей Istio є здатність блокувати та захищати мережевий трафік до, з, і всередині mesh. Однак налаштування параметрів TLS може бути заплутаним і часто стає джерелом помилок конфігурації. Цей документ намагається пояснити різні зʼєднання, що задіяні під час надсилання запитів в Istio, і як налаштовуються їх відповідні параметри TLS. Дивіться [помилки конфігурації TLS](/docs/ops/common-problems/network-issues/#tls-configuration-mistakes) для огляду деяких з найпоширеніших проблем налаштування TLS.
 
diff --git a/content/uk/docs/ops/deployment/application-requirements/index.md b/content/uk/docs/ops/deployment/application-requirements/index.md
index 9ce25e61ff20..e9fe2f175398 100644
--- a/content/uk/docs/ops/deployment/application-requirements/index.md
+++ b/content/uk/docs/ops/deployment/application-requirements/index.md
@@ -22,6 +22,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio надає широкі функціональні можливості застосункам з мінімальним або взагалі без впливу на код самого застосунку. Багато застосунків у Kubernetes можуть бути розгорнуті в кластері з підтримкою Istio без жодних змін. Однак, є деякі особливості моделі sidecar в Istio, які можуть потребувати спеціальної уваги при розгортанні застосунку з підтримкою Istio. Цей документ описує ці особливості та специфічні вимоги до застосунків з підтримкою Istio.
 
diff --git a/content/uk/docs/ops/diagnostic-tools/istioctl-analyze/index.md b/content/uk/docs/ops/diagnostic-tools/istioctl-analyze/index.md
index eb1c767dd259..e35013015081 100644
--- a/content/uk/docs/ops/diagnostic-tools/istioctl-analyze/index.md
+++ b/content/uk/docs/ops/diagnostic-tools/istioctl-analyze/index.md
@@ -6,6 +6,7 @@ keywords: [istioctl, debugging, kubernetes]
 owner: istio/wg-user-experience-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 `istioctl analyze` є інструментом діагностики, який може виявляти потенційні проблеми з вашою конфігурацією Istio. Він може працювати з живим кластером або з набором локальних конфігураційних файлів. Також він може працювати з комбінацією обох, що дозволяє виявити проблеми до того, як ви застосуєте зміни до кластера.
 
diff --git a/content/uk/docs/ops/diagnostic-tools/multicluster/index.md b/content/uk/docs/ops/diagnostic-tools/multicluster/index.md
index 373bcf59352c..9ff51de90477 100644
--- a/content/uk/docs/ops/diagnostic-tools/multicluster/index.md
+++ b/content/uk/docs/ops/diagnostic-tools/multicluster/index.md
@@ -6,6 +6,7 @@ keywords: [debug,multicluster,multi-network,envoy]
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Ця сторінка описує, як усувати проблеми з Istio, розгорнутим на кількох кластерах та/або мережах. Перед тим як читати це, слід виконати кроки, зазначені у [Встановлення мультикластера](/docs/setup/install/multicluster/) та ознайомитися з [Моделями розгортання](/docs/ops/deployment/deployment-models/).
 
diff --git a/content/uk/docs/ops/integrations/certmanager/index.md b/content/uk/docs/ops/integrations/certmanager/index.md
index 929756d96799..968041f17aba 100644
--- a/content/uk/docs/ops/integrations/certmanager/index.md
+++ b/content/uk/docs/ops/integrations/certmanager/index.md
@@ -9,6 +9,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [cert-manager](https://cert-manager.io/) — це інструмент для автоматизації управління сертифікатами. Його можна інтегрувати зі шлюзами Istio для управління TLS сертифікатами.
 
diff --git a/content/uk/docs/ops/integrations/prometheus/index.md b/content/uk/docs/ops/integrations/prometheus/index.md
index b637d881c8a6..d1ceb54a61aa 100644
--- a/content/uk/docs/ops/integrations/prometheus/index.md
+++ b/content/uk/docs/ops/integrations/prometheus/index.md
@@ -6,6 +6,7 @@ keywords: [integration,prometheus]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [Prometheus](https://prometheus.io/) — це система моніторингу з відкритим вихідним кодом і база даних часових рядів. Ви можете використовувати Prometheus з Istio для запису метрик, що відстежують стан Istio та застосунків у сервісній мережі. Ви можете візуалізувати метрики за допомогою таких інструментів, як [Grafana](/docs/ops/integrations/grafana/) та [Kiali](/docs/tasks/observability/kiali/).
 
diff --git a/content/uk/docs/setup/additional-setup/customize-installation/index.md b/content/uk/docs/setup/additional-setup/customize-installation/index.md
index 71b1c7bf7615..9f3ee22d7db7 100644
--- a/content/uk/docs/setup/additional-setup/customize-installation/index.md
+++ b/content/uk/docs/setup/additional-setup/customize-installation/index.md
@@ -6,7 +6,7 @@ keywords: [profiles,install,helm]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ### Передумови {#prerequisites}
 
 Перш ніж почати, перевірте наступні передумови:
diff --git a/content/uk/docs/setup/additional-setup/gateway/index.md b/content/uk/docs/setup/additional-setup/gateway/index.md
index 993ae06ee134..f59ce5c3ef00 100644
--- a/content/uk/docs/setup/additional-setup/gateway/index.md
+++ b/content/uk/docs/setup/additional-setup/gateway/index.md
@@ -6,7 +6,7 @@ keywords: [install,gateway,kubernetes]
 owner: istio/wg-environments-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 {{< tip >}}
 {{< boilerplate gateway-api-future >}}
 Якщо ви використовуєте Gateway API, вам не потрібно буде встановлювати та керувати `Deployment` gateway, як це описано в цьому документі. Стандартно, `Deployment` шлюза та `Service` автоматично надаються на основі конфігурації `Gateway`. Зверніться до [завдання Gateway API](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) для отримання додаткових деталей.
diff --git a/content/uk/docs/setup/additional-setup/sidecar-injection/index.md b/content/uk/docs/setup/additional-setup/sidecar-injection/index.md
index 2ee6ecffe058..58221182d336 100644
--- a/content/uk/docs/setup/additional-setup/sidecar-injection/index.md
+++ b/content/uk/docs/setup/additional-setup/sidecar-injection/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## Виконання інʼєкції {#injection}
 
diff --git a/content/uk/docs/setup/platform-setup/huaweicloud/index.md b/content/uk/docs/setup/platform-setup/huaweicloud/index.md
index 1e9707d83725..7d65874e4521 100644
--- a/content/uk/docs/setup/platform-setup/huaweicloud/index.md
+++ b/content/uk/docs/setup/platform-setup/huaweicloud/index.md
@@ -10,6 +10,7 @@ keywords: [platform-setup,huawei,huaweicloud,cce]
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Дотримуйтесь цих інструкцій, щоб підготувати кластер для Istio за допомогою [Huawei Cloud Container Engine](https://www.huaweicloud.com/intl/product/cce.html). Ви можете швидко і легко розгорнути кластер Kubernetes на Huawei Cloud у `Cloud Container Engine Console`, який повністю підтримує Istio.
 
diff --git a/content/uk/docs/setup/platform-setup/kubesphere/index.md b/content/uk/docs/setup/platform-setup/kubesphere/index.md
index 4c41db1bcff0..15f0aae6bb69 100644
--- a/content/uk/docs/setup/platform-setup/kubesphere/index.md
+++ b/content/uk/docs/setup/platform-setup/kubesphere/index.md
@@ -7,6 +7,7 @@ keywords: [platform-setup,kubesphere,kubernetes]
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 Ця сторінка була останній раз оновлена 9 березня 2021 року.
 
diff --git a/content/uk/docs/tasks/observability/distributed-tracing/jaeger/index.md b/content/uk/docs/tasks/observability/distributed-tracing/jaeger/index.md
index dba49d711dec..2e7f622e0bd2 100644
--- a/content/uk/docs/tasks/observability/distributed-tracing/jaeger/index.md
+++ b/content/uk/docs/tasks/observability/distributed-tracing/jaeger/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Після завершення цього завдання ви зможете зрозуміти, як ваш застосунок може брати участь у трейсингу з [Jaeger](https://www.jaegertracing.io/), незалежно від мови, фреймворка або платформи, який ви використовуєте для створення застосунку.
 
diff --git a/content/uk/docs/tasks/observability/distributed-tracing/opentelemetry/index.md b/content/uk/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
index 8a2a22aa3904..9c0720abf719 100644
--- a/content/uk/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
+++ b/content/uk/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [OpenTelemetry](https://opentelemetry.io/) (OTel) — це незалежна від постачальника платформа з відкритим вихідним кодом для вимірювання, генерації, збору та експорту телеметричних даних. Трейси [OpenTelemetry Protocol](https://opentelemetry.io/docs/specs/otlp/) (OTLP) можна надсилати до [Jaeger](/docs/tasks/observability/distributed-tracing/jaeger/), а також до багатьох комерційних сервісів.
 
diff --git a/content/uk/docs/tasks/observability/distributed-tracing/sampling/index.md b/content/uk/docs/tasks/observability/distributed-tracing/sampling/index.md
index f111f3a01259..0fb0b31abf9f 100644
--- a/content/uk/docs/tasks/observability/distributed-tracing/sampling/index.md
+++ b/content/uk/docs/tasks/observability/distributed-tracing/sampling/index.md
@@ -6,6 +6,7 @@ keywords: [sampling, telemetry, tracing, opentelemetry]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio надає кілька способів налаштування вибірки трейсів. На цій сторінці ви дізнаєтеся і зрозумієте всі різні способи налаштування вибірки.
 
diff --git a/content/uk/docs/tasks/observability/distributed-tracing/skywalking/index.md b/content/uk/docs/tasks/observability/distributed-tracing/skywalking/index.md
index 4f1d77e0c571..63e9fd223c55 100644
--- a/content/uk/docs/tasks/observability/distributed-tracing/skywalking/index.md
+++ b/content/uk/docs/tasks/observability/distributed-tracing/skywalking/index.md
@@ -6,6 +6,7 @@ keywords: [телеметрія,трейсинг,skywalking,спан,порт-ф
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Після завершення цього завдання ви зможете зрозуміти, як ваш застосунок може брати участь у трейсингу з [Apache SkyWalking](https://skywalking.apache.org), незалежно від мови, фреймворка або платформи, яку ви використовуєте для його створення.
 
diff --git a/content/uk/docs/tasks/observability/distributed-tracing/telemetry-api/index.md b/content/uk/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
index ae24168db60f..f97943b54104 100644
--- a/content/uk/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
+++ b/content/uk/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
@@ -6,6 +6,7 @@ keywords: [телеметрія,трейсинг,telemetry,tracing]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio надає можливість налаштувати розширені параметри трейсингу, такі як швидкість відбору і додавання власних теґів до звітів про відрізки (span). Це завдання показує, як налаштувати параметри трейсингу за допомогою Telemetry API.
 
diff --git a/content/uk/docs/tasks/observability/distributed-tracing/zipkin/index.md b/content/uk/docs/tasks/observability/distributed-tracing/zipkin/index.md
index 85e564cba223..c490a357761a 100644
--- a/content/uk/docs/tasks/observability/distributed-tracing/zipkin/index.md
+++ b/content/uk/docs/tasks/observability/distributed-tracing/zipkin/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Після виконання цього завдання ви дізнаєтесь, як забезпечити участь вашого застосунку у зборі трейсів за допомогою [Zipkin](https://zipkin.io/), незалежно від мови програмування, фреймворку або платформи, яку ви використовуєте для створення застосунку.
 
diff --git a/content/uk/docs/tasks/observability/metrics/customize-metrics/index.md b/content/uk/docs/tasks/observability/metrics/customize-metrics/index.md
index 4abd47b5c278..a45471c1da9c 100644
--- a/content/uk/docs/tasks/observability/metrics/customize-metrics/index.md
+++ b/content/uk/docs/tasks/observability/metrics/customize-metrics/index.md
@@ -6,6 +6,7 @@ keywords: [telemetry,metrics,customize]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Це завдання показує, як налаштувати метрики, які генерує Istio.
 
diff --git a/content/uk/docs/tasks/observability/telemetry/index.md b/content/uk/docs/tasks/observability/telemetry/index.md
index b3221cff9c36..41042e1da4ef 100644
--- a/content/uk/docs/tasks/observability/telemetry/index.md
+++ b/content/uk/docs/tasks/observability/telemetry/index.md
@@ -7,6 +7,7 @@ owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 status: Stable
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio надає [Telemetry API](/docs/reference/config/telemetry/), яке забезпечує гнучке налаштування [метрик](/docs/tasks/observability/metrics/), [доступ до логів](/docs/tasks/observability/logs/), та [трейси](/docs/tasks/observability/distributed-tracing/).
 
diff --git a/content/uk/docs/tasks/security/authentication/authn-policy/index.md b/content/uk/docs/tasks/security/authentication/authn-policy/index.md
index 4cd838999df2..5673ea44396f 100644
--- a/content/uk/docs/tasks/security/authentication/authn-policy/index.md
+++ b/content/uk/docs/tasks/security/authentication/authn-policy/index.md
@@ -9,6 +9,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Це завдання охоплює основні дії, які можуть знадобитися для увімкнення, налаштування та використання політик автентифікації Istio. Дізнайтеся більше про основні концепції у [огляді автентифікації](/docs/concepts/security/#authentication).
 
diff --git a/content/uk/docs/tasks/security/authorization/authz-custom/index.md b/content/uk/docs/tasks/security/authorization/authz-custom/index.md
index f2450c89e058..7fc389ceafd4 100644
--- a/content/uk/docs/tasks/security/authorization/authz-custom/index.md
+++ b/content/uk/docs/tasks/security/authorization/authz-custom/index.md
@@ -6,6 +6,7 @@ keywords: [security,access-control,rbac,authorization,custom, opa, oauth, oauth2
 owner: istio/wg-security-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 Це завдання показує, як налаштувати політику авторизації Istio, використовуючи нове значення для [поля action](/docs/reference/config/security/authorization-policy/#AuthorizationPolicy-Action), `CUSTOM`, для делегування контролю доступу зовнішній системі авторизації. Це можна використовувати для інтеграції з [OPA авторизацією](https://www.openpolicyagent.org/docs/latest/envoy-introduction/), [`oauth2-proxy`](https://github.com/oauth2-proxy/oauth2-proxy), власним зовнішнім сервером авторизації nf іншим.
 
diff --git a/content/uk/docs/tasks/security/authorization/authz-ingress/index.md b/content/uk/docs/tasks/security/authorization/authz-ingress/index.md
index f83e0fa403b0..81c93d64e9ab 100644
--- a/content/uk/docs/tasks/security/authorization/authz-ingress/index.md
+++ b/content/uk/docs/tasks/security/authorization/authz-ingress/index.md
@@ -6,7 +6,7 @@ keywords: [security,access-control,rbac,authorization,ingress,ip,allowlist,denyl
 owner: istio/wg-security-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 Це завдання показує, як застосувати контроль доступу на основі IP до вхідного шлюзу Istio за допомогою політики авторизації.
 
 {{< boilerplate gateway-api-support >}}
diff --git a/content/uk/docs/tasks/traffic-management/egress/egress-control/index.md b/content/uk/docs/tasks/traffic-management/egress/egress-control/index.md
index 1a51819df440..2be8396401bc 100644
--- a/content/uk/docs/tasks/traffic-management/egress/egress-control/index.md
+++ b/content/uk/docs/tasks/traffic-management/egress/egress-control/index.md
@@ -9,6 +9,7 @@ keywords: [traffic-management,egress]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Оскільки весь вихідний трафік з podʼа, який використовує Istio, стандартно перенаправляється до його sidecar proxy, доступність URL-адрес за межами кластера залежить від конфігурації проксі. Типово Istio налаштовує проксі Envoy для пропуску запитів до невідомих сервісів. Попри те, що це зручний спосіб почати роботу з Istio, зазвичай бажано налаштовувати більш суворий контроль.
 
diff --git a/content/uk/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md b/content/uk/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
index dd37d02f74ee..068e77b595e5 100644
--- a/content/uk/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
+++ b/content/uk/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 [Приклад створення TLS для вихідного трафіку](/docs/tasks/traffic-management/egress/egress-tls-origination/) показує, як налаштувати Istio для виконання {{< gloss "Створення TLS" >}}створення TLS{{< /gloss >}} для трафіку до зовнішнього сервісу. [Приклад Налаштування Egress Gateway](/docs/tasks/traffic-management/egress/egress-gateway/) показує, як налаштувати Istio для направлення вихідного трафіку через спеціалізований сервіс _egress gateway_. Цей приклад поєднує два попередні, описуючи, як налаштувати вихідний шлюз для виконання створення TLS для трафіку до зовнішніх сервісів.
 {{< boilerplate gateway-api-support >}}
 
diff --git a/content/uk/docs/tasks/traffic-management/egress/egress-gateway/index.md b/content/uk/docs/tasks/traffic-management/egress/egress-gateway/index.md
index 594aa4af79bf..b1b85650c7fc 100644
--- a/content/uk/docs/tasks/traffic-management/egress/egress-gateway/index.md
+++ b/content/uk/docs/tasks/traffic-management/egress/egress-gateway/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 {{<warning>}}
 Цей приклад не працює в Minikube.
 {{</warning>}}
diff --git a/content/uk/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md b/content/uk/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
index 63e905fee66c..8ae562e304c9 100644
--- a/content/uk/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
+++ b/content/uk/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Завдання [Доступ до зовнішніх сервісів](/docs/tasks/traffic-management/egress/egress-control) та приклад [Налаштування Egress Gateway](/docs/tasks/traffic-management/egress/egress-gateway/) описують, як налаштувати вихідний трафік для конкретних доменів, таких як `edition.cnn.com`. Цей приклад показує, як увімкнути вихідний трафік для набору хостів у спільному домені, наприклад `*.wikipedia.org`, замість того, щоб налаштовувати кожен хост окремо.
 
 ## Контекст {#background}
diff --git a/content/uk/docs/tasks/traffic-management/fault-injection/index.md b/content/uk/docs/tasks/traffic-management/fault-injection/index.md
index 328d51328d55..803dc7b6d68a 100644
--- a/content/uk/docs/tasks/traffic-management/fault-injection/index.md
+++ b/content/uk/docs/tasks/traffic-management/fault-injection/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Це завдання показує, як ініціювати збої для перевірки стійкості вашого застосунку.
 
diff --git a/content/uk/docs/tasks/traffic-management/ingress/gateway-api/index.md b/content/uk/docs/tasks/traffic-management/ingress/gateway-api/index.md
index a2ecf4426583..9ce631285ed9 100644
--- a/content/uk/docs/tasks/traffic-management/ingress/gateway-api/index.md
+++ b/content/uk/docs/tasks/traffic-management/ingress/gateway-api/index.md
@@ -9,7 +9,7 @@ keywords: [traffic-management,ingress, gateway-api]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 Окрім власного API для управління трафіком,
 {{< boilerplate gateway-api-future >}}
 Цей документ описує відмінності між API Istio та Kubernetes і надає простий приклад, який показує, як налаштувати Istio для експонування сервісу за межі кластера службової мережі, використовуючи Gateway API. Зверніть увагу, що ці API є активно еволюціями API Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) та [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/), що активно розвиваються.
diff --git a/content/uk/docs/tasks/traffic-management/ingress/ingress-control/index.md b/content/uk/docs/tasks/traffic-management/ingress/ingress-control/index.md
index f50d5c01407b..7b5f5baf43f6 100644
--- a/content/uk/docs/tasks/traffic-management/ingress/ingress-control/index.md
+++ b/content/uk/docs/tasks/traffic-management/ingress/ingress-control/index.md
@@ -9,7 +9,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 Разом із підтримкою ресурсів [Ingress](/docs/tasks/traffic-management/ingress/kubernetes-ingress/) Kubernetes, Istio також дозволяє налаштувати вхідний трафік, використовуючи ресурс [Istio Gateway](/docs/concepts/traffic-management/#gateways) або [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/). `Gateway` забезпечує ширші налаштування та гнучкість, ніж `Ingress`, і дозволяє застосовувати функції Istio, такі як моніторинг та правила маршрутизації, до трафіку, що входить у кластер.
 
 Ця задача описує, як налаштувати Istio для експонування сервісу за межами сервісної мережі, використовуючи `Gateway`.
diff --git a/content/uk/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md b/content/uk/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
index e710405bbe7e..6e1abeca8393 100644
--- a/content/uk/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
+++ b/content/uk/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,ingress,https]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 У звичайному розгортанні Istio mesh термінація TLS для запитів від клієнтів відбувається в Ingress Gateway. Хоча це задовольняє більшість випадків використання, для деяких сценаріїв (наприклад, API Gateway у mesh) шлюз входу може бути непотрібний. Це завдання показує, як усунути додатковий перехід, введений Ingress Gateway Istio, і дозволити Envoy sidecar, що працює поруч з застосунком, виконувати темінацію TLS для запитів, що надходять ззовні службової мережі.
 
 Приклад HTTPS-сервісу, що використовується для цього завдання, є простий сервіс [httpbin](https://httpbin.org). У наступних кроках ви розгорнете сервіс httpbin всередині вашої сервісної мережі і налаштуєте його.
diff --git a/content/uk/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md b/content/uk/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md
index c232565156d3..b02f06a43fdc 100644
--- a/content/uk/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md
+++ b/content/uk/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Завдання [Захист Gateways з HTTPS](/docs/tasks/traffic-management/ingress/secure-ingress/) описує, як налаштувати доступ до HTTP-сервісу через HTTPS шлюз входу. У цьому прикладі розглядається, як налаштувати доступ до HTTPS-сервісу через HTTPS шлюз входу, тобто налаштувати шлюз входу для пропуску SNI, замість термінації TLS на вхідних запитах.
 
diff --git a/content/uk/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md b/content/uk/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
index 41252eaa9b64..8177b618b9e9 100644
--- a/content/uk/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
+++ b/content/uk/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,ingress]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Це завдання описує, як налаштувати Istio для експонування сервісу за межі кластера сервісної мережі, використовуючи [Ingress Resource](https://kubernetes.io/docs/concepts/services-networking/ingress/).
 
 {{< tip >}}
diff --git a/content/uk/docs/tasks/traffic-management/ingress/secure-ingress/index.md b/content/uk/docs/tasks/traffic-management/ingress/secure-ingress/index.md
index bbf0061e621b..553e79c6aa75 100644
--- a/content/uk/docs/tasks/traffic-management/ingress/secure-ingress/index.md
+++ b/content/uk/docs/tasks/traffic-management/ingress/secure-ingress/index.md
@@ -9,6 +9,7 @@ keywords: [traffic-management,ingress,sds-credentials]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Завдання [Контроль вхідного трафіку](/docs/tasks/traffic-management/ingress/ingress-control) описує, як налаштувати ingress gateway, щоб відкрити HTTP-сервіс для зовнішнього трафіку. Це завдання показує, як експонувати захищений HTTPS-сервіс за допомогою простого або взаємного TLS.
 
diff --git a/content/uk/docs/tasks/traffic-management/request-routing/index.md b/content/uk/docs/tasks/traffic-management/request-routing/index.md
index 27d197db5ff6..8c0da09b19ad 100644
--- a/content/uk/docs/tasks/traffic-management/request-routing/index.md
+++ b/content/uk/docs/tasks/traffic-management/request-routing/index.md
@@ -8,6 +8,7 @@ keywords: [traffic-management,routing]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Це завдання показує, як налаштувати динамічну маршрутизацію запитів до декількох версій мікросервісу.
 
diff --git a/content/uk/docs/tasks/traffic-management/request-timeouts/index.md b/content/uk/docs/tasks/traffic-management/request-timeouts/index.md
index feefb8882756..2736f2bc3cc3 100644
--- a/content/uk/docs/tasks/traffic-management/request-timeouts/index.md
+++ b/content/uk/docs/tasks/traffic-management/request-timeouts/index.md
@@ -8,6 +8,7 @@ keywords: [traffic-management,timeouts]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 У цьому завданні показано, як налаштувати таймаути запитів в Envoy за допомогою Istio.
 
diff --git a/content/uk/docs/tasks/traffic-management/tcp-traffic-shifting/index.md b/content/uk/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
index 44b5fb6b7823..62ce05f60777 100644
--- a/content/uk/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
+++ b/content/uk/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 Це завдання показує, як перенести TCP-трафік з одної версії мікросервісу на іншу.
 
 Поширений випадок використання — це поступове перенесення TCP трафіку зі старої версії мікросервісу на нову. В Istio ви досягаєте цієї мети, конфігуруючи послідовність правил маршрутизації, які перенаправляють відсоток TCP трафіку з одного призначення на інше.
diff --git a/content/uk/docs/tasks/traffic-management/traffic-shifting/index.md b/content/uk/docs/tasks/traffic-management/traffic-shifting/index.md
index 65d0264a9655..2b42a2ad7622 100644
--- a/content/uk/docs/tasks/traffic-management/traffic-shifting/index.md
+++ b/content/uk/docs/tasks/traffic-management/traffic-shifting/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Це завдання показує, як перенести трафік з одної версії мікросервісу на іншу.
 
diff --git a/content/zh/about/faq/traffic-management/cors.md b/content/zh/about/faq/traffic-management/cors.md
index 827e0abab58e..45b83d3a827a 100644
--- a/content/zh/about/faq/traffic-management/cors.md
+++ b/content/zh/about/faq/traffic-management/cors.md
@@ -2,6 +2,7 @@
 title: 为什么我的 CORS（跨源资源共享）配置不起作用？
 weight: 40
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当应用了 [CORS（跨源资源共享）配置](/zh/docs/reference/config/networking/virtual-service/#CorsPolicy)后，
 您可能会发现看似什么也没发生，并想知道哪里出了问题。
diff --git a/content/zh/about/faq/traffic-management/ingress-with-no-route-rules.md b/content/zh/about/faq/traffic-management/ingress-with-no-route-rules.md
index 822fd1a4ee65..1fe1af346aed 100644
--- a/content/zh/about/faq/traffic-management/ingress-with-no-route-rules.md
+++ b/content/zh/about/faq/traffic-management/ingress-with-no-route-rules.md
@@ -2,6 +2,7 @@
 title: 我可以不配置任何路由规则，使用 Ingress 的标准配置吗？
 weight: 40
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 简单的 `Ingress` 规范开箱即用，通过 `Host`、`TLS` 以及基本 `Path`
 精确匹配就可以使用，无需配置路由规则。请注意 `Path` 在使用 `Ingress`
diff --git a/content/zh/blog/2017/0.1-canary/index.md b/content/zh/blog/2017/0.1-canary/index.md
index af4903f10574..05713e2bfac6 100644
--- a/content/zh/blog/2017/0.1-canary/index.md
+++ b/content/zh/blog/2017/0.1-canary/index.md
@@ -8,7 +8,7 @@ keywords: [traffic-management,canary]
 aliases:
     - /zh/blog/canary-deployments-using-istio.html
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 {{< tip >}}
 本篇博客最后更新时间 2018 年 5 月 16 号，采用了最新版本的流量管理模型。
 {{< /tip >}}
diff --git a/content/zh/blog/2017/0.1-using-network-policy/index.md b/content/zh/blog/2017/0.1-using-network-policy/index.md
index c16a016b1963..e2917c97e01c 100644
--- a/content/zh/blog/2017/0.1-using-network-policy/index.md
+++ b/content/zh/blog/2017/0.1-using-network-policy/index.md
@@ -8,6 +8,7 @@ aliases:
     - /zh/blog/using-network-policy-in-concert-with-istio.html
 target_release: 0.1
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 使用网络策略去保护运行在 Kubernetes 上的应用程序现在是一种广泛接受的行业最佳实践。鉴于 Istio 也支持策略，我们希望花一些时间来解释 Istio 策略和 Kubernetes 网络策略的相互作用和互相支持提供应用程序的安全。
 
diff --git a/content/zh/blog/2018/egress-https/index.md b/content/zh/blog/2018/egress-https/index.md
index f948e252a464..a48904060f49 100644
--- a/content/zh/blog/2018/egress-https/index.md
+++ b/content/zh/blog/2018/egress-https/index.md
@@ -8,7 +8,7 @@ attribution: Vadim Eisenberg
 keywords: [traffic-management,egress,https]
 target_release: 1.1
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 在许多情况下，在 _service mesh_ 中的微服务序并不是应用程序的全部，有时，
 网格内部的微服务需要使用在服务网格外部的遗留系统提供的功能，虽然我们希望逐步将这些系统迁移到服务网格中。
 但是在迁移这些系统之前，必须让服务网格内的应用程序能访问它们。还有其他情况，
diff --git a/content/zh/blog/2018/egress-mongo/index.md b/content/zh/blog/2018/egress-mongo/index.md
index c73f51f462b0..45d9c8ca144e 100644
--- a/content/zh/blog/2018/egress-mongo/index.md
+++ b/content/zh/blog/2018/egress-mongo/index.md
@@ -8,6 +8,7 @@ attribution: Vadim Eisenberg
 keywords: [traffic-management,egress,tcp,mongo]
 target_release: 1.1
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 在[使用外部 TCP 服务](/zh/blog/2018/egress-tcp/)博文中，我描述了网格内的 Istio 应用程序如何通过 TCP 使用外部服务。在本文中，我将演示如何使用外部 MongoDB
 服务。您将使用 [Istio Bookinfo 示例应用程序](/zh/docs/examples/bookinfo/)，它的书籍评级数据保存在 MongoDB 数据库中。您会将此数据库部署在集群外部，并配置 `ratings`
diff --git a/content/zh/blog/2018/export-logs-through-stackdriver/index.md b/content/zh/blog/2018/export-logs-through-stackdriver/index.md
index e0d09d2fd208..fd8a0ef6d7ef 100644
--- a/content/zh/blog/2018/export-logs-through-stackdriver/index.md
+++ b/content/zh/blog/2018/export-logs-through-stackdriver/index.md
@@ -6,6 +6,7 @@ subtitle:
 attribution: Nupur Garg and Douglas Reid
 target_release: 0.8
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 这篇文章展示了如何将 Istio 日志指向 [`Stackdriver`](https://cloud.google.com/stackdriver/) 并将这些日志导出到各种配置的接收器，例如 [`BigQuery`](https://cloud.google.com/bigquery/)、[`Google Cloud Storage(GCS)`](https://cloud.google.com/storage/) 或 [`Cloud Pub/Sub`](https://cloud.google.com/pubsub/)。在这篇文章的最后，可以从喜欢的地方（如 BigQuery、GCS 或 Cloud Pub/Sub）对 Istio 数据进行分析。
 
diff --git a/content/zh/blog/2018/incremental-traffic-management/index.md b/content/zh/blog/2018/incremental-traffic-management/index.md
index 16350203dfd3..8266df78a58f 100644
--- a/content/zh/blog/2018/incremental-traffic-management/index.md
+++ b/content/zh/blog/2018/incremental-traffic-management/index.md
@@ -8,7 +8,7 @@ twitter: crcsmnky
 keywords: [traffic-management, gateway]
 target_release: 1.0
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 流量管理是 Istio 提供的重要优势之一。Istio 流量管理的核心是在将通信流量和基础设施的伸缩进行解耦。如果没有 Istio 这样的服务网格，这种流量控制方式是不可能实现的。
 
 例如，您希望执行一次[金丝雀发布](https://martinfowler.com/bliki/CanaryRelease.html)。当使用 Istio 时，您可以指定 service 的 **v1** 版本接收 90% 的传入流量，而该 service **v2** 版本仅接收 10%。如果使用标准的 Kubernetes deployment，实现此目的的唯一方法是手动控制每个版本的可用 Pod 数量，例如使 9 个 Pod 运行 v1 版本，使 1 个 Pod 运行 v2 版本。这种类型的手动控制难以实现，并且随着时间的推移可能无法扩展。有关更多信息，请查看[使用 Istio 进行金丝雀发布](/zh/blog/2017/0.1-canary/)。
diff --git a/content/zh/blog/2018/istio-authorization/index.md b/content/zh/blog/2018/istio-authorization/index.md
index 5fbfc05d65be..b236a30f6029 100644
--- a/content/zh/blog/2018/istio-authorization/index.md
+++ b/content/zh/blog/2018/istio-authorization/index.md
@@ -7,7 +7,7 @@ attribution: Limin Wang
 keywords: [authorization,rbac,security]
 target_release: 0.8
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Micro-Segmentation 是一种安全技术，可在云部署中创建安全区域，并允许各组织将工作负载彼此隔离以单独保护它们。
  [Istio 的授权功能](/zh/docs/concepts/security/#authorization)也称为 Istio 基于角色的访问控制，为 Istio 网格中的服务提供
   Micro-Segmentation。它的特点是：
diff --git a/content/zh/blog/2018/traffic-mirroring/index.md b/content/zh/blog/2018/traffic-mirroring/index.md
index b2476f2aa231..2cb7d6ed1b11 100644
--- a/content/zh/blog/2018/traffic-mirroring/index.md
+++ b/content/zh/blog/2018/traffic-mirroring/index.md
@@ -7,6 +7,7 @@ attribution: Christian Posta
 keywords: [traffic-management,mirroring]
 target_release: 0.5
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 在非生产/测试环境中，尝试穷举一个服务所有可能的测试用例组合是个令人望而生畏的任务，在某些情况下，您会发现编写这些用例的所有工作都与实际生产用例不匹配，理想情况下，我们可以使用实时生产用例和流量来帮助说明我们可能在更人为的测试环境中错过的所测试服务的所有功能区域。
 
diff --git a/content/zh/blog/2018/v1alpha3-routing/index.md b/content/zh/blog/2018/v1alpha3-routing/index.md
index c95e0b4799cf..3c1f4983f948 100644
--- a/content/zh/blog/2018/v1alpha3-routing/index.md
+++ b/content/zh/blog/2018/v1alpha3-routing/index.md
@@ -7,7 +7,7 @@ attribution: Frank Budinsky (IBM) and Shriram Rajagopalan (VMware)
 keywords: [traffic-management]
 target_release: 0.7
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 到目前为止，Istio 提供了一个简单的 API 来进行流量管理，该 API 包括了四种资源：`RouteRule`，`DestinationPolicy`，`EgressRule` 和 （Kubernetes 的）`Ingress`。借助此 API，用户可以轻松管理 Istio 服务网格中的流量。该 API 允许用户将请求路由到特定版本的服务，为弹性测试注入延迟和失败，添加超时和断路器等，所有这些功能都不必更改应用程序本身的代码。
 
 虽然目前 API 的功能已被证明是 Istio 非常引人注目的一部分，但用户的反馈也表明，这个 API 确实有一些缺点，尤其是在使用它来管理包含数千个服务的非常大的应用程序，以及使用 HTTP 以外的协议时。此外，使用 Kubernetes Ingress 资源来配置外部流量的方式已被证明不能满足需求。
diff --git a/content/zh/blog/2019/announcing-istio-client-go/index.md b/content/zh/blog/2019/announcing-istio-client-go/index.md
index 33220132bbb8..7e95cb939197 100644
--- a/content/zh/blog/2019/announcing-istio-client-go/index.md
+++ b/content/zh/blog/2019/announcing-istio-client-go/index.md
@@ -6,6 +6,7 @@ attribution: Neeraj Poddar (Aspen Mesh)
 keywords: [client-go,tools,crd]
 target_release: 1.4
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 我们很高兴地宣布 [Istio client go](https://github.com/istio/client-go) 的第一个版本发布了，该存储库使开发人员能够在 `Kubernetes` 环境中访问 `Istio API` 。在此存储库中的 `Kubernetes` 程序和客户端使开发人员可以轻松地为所有 `Istio` 客户端自定义的资源 `(CRDs)` 创建，读取，更新和删除 `(CRUD)`。
 
diff --git a/content/zh/blog/2019/data-plane-setup/index.md b/content/zh/blog/2019/data-plane-setup/index.md
index 8078ea0fa16b..6354e6131a52 100644
--- a/content/zh/blog/2019/data-plane-setup/index.md
+++ b/content/zh/blog/2019/data-plane-setup/index.md
@@ -8,6 +8,7 @@ twitter: chugtum
 keywords: [kubernetes,sidecar-injection, traffic-management]
 target_release: 1.0
 ---
+<!-- markdownlint-disable-file MD007 -->
 Istio 服务网格体系结构的简单概述总是从控制平面和数据平面开始。
 
 从 [Istio 的文档](/zh/docs/ops/deployment/architecture/) :
diff --git a/content/zh/blog/2019/multicluster-version-routing/index.md b/content/zh/blog/2019/multicluster-version-routing/index.md
index 7211d6270e25..93f985c1149f 100644
--- a/content/zh/blog/2019/multicluster-version-routing/index.md
+++ b/content/zh/blog/2019/multicluster-version-routing/index.md
@@ -7,7 +7,7 @@ attribution: Frank Budinsky (IBM)
 keywords: [traffic-management,multicluster]
 target_release: 1.0
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 如果花一点时间对 Istio 进行了解，你可能会注意到，大量的功能都可以在单一的 Kubernetes 集群中，用简单的[任务](/zh/docs/tasks)和[示例](/zh/docs/examples/)所表达的方式来运行。但是真实世界中的云计算和基于微服务的应用往往不是这么简单的，会需要在不止一个地点分布运行，用户难免会产生怀疑，生产环境中是否还能这样运行？
 
 幸运的是，Istio 提供了多种服务网格的配置方式，应用能够用近乎透明的方式加入一个跨越多个集群运行的服务网格之中，也就是[多集群服务网格](/zh/docs/ops/deployment/deployment-models/#multiple-clusters) 。最简单的设置多集群网格的方式，就是使用[多控制平面拓扑](/zh/docs/ops/deployment/deployment-models/#control-plane-models) ，这种方式不需要特别的网络依赖。在这种条件下，每个 Kubernetes 集群都有自己的控制平面，但是每个控制平面都是同步的，并接受统一的管理。
diff --git a/content/zh/blog/2019/v1beta1-authorization-policy/index.md b/content/zh/blog/2019/v1beta1-authorization-policy/index.md
index 2d15bd4e79ab..d88af350efe6 100644
--- a/content/zh/blog/2019/v1beta1-authorization-policy/index.md
+++ b/content/zh/blog/2019/v1beta1-authorization-policy/index.md
@@ -7,7 +7,7 @@ attribution: Yangmin Zhu (Google)
 keywords: [security, RBAC, access control, authorization]
 target_release: 1.4
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Istio 1.4 引入了 [`v1beta1` 授权策略](/zh/docs/reference/config/security/authorization-policy/)，这是对
 以前 `v1alpha1` 的基于角色的访问控制（RBAC）策略的重要更新。包括以下改进：
 
diff --git a/content/zh/blog/2020/deploy-wasm-declarative/index.md b/content/zh/blog/2020/deploy-wasm-declarative/index.md
index c6215ec08454..94bcf0203441 100644
--- a/content/zh/blog/2020/deploy-wasm-declarative/index.md
+++ b/content/zh/blog/2020/deploy-wasm-declarative/index.md
@@ -6,6 +6,7 @@ publishdate: 2020-03-16
 attribution: "Christian Posta (Solo.io)"
 keywords: [wasm,extensibility,alpha,operator]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 正如 [Istio 2020——为了商用](/zh/blog/2020/tradewinds-2020/)以及最近的 [Istio 1.5 发布公告](/zh/news/releases/1.5.x/announcing-1.5/)中指出的那样，WebAssembly (Wasm) 现在是用于扩展 Istio 服务代理（ Envoy 代理）功能的（alpha）选项。使用 Wasm，用户可以建立对新协议、自定义指标、日志和其他过滤器的支持。我们的社区（[Solo.io](https://solo.io)) 与 Google 紧密合作，专注于提升为 Istio 构建、交流和部署 Wasm 扩展的用户体验。我们发布了 [WebAssembly Hub](https://webassemblyhub.io) 和[相关工具](https://docs.solo.io/web-assembly-hub/latest/installation/)，以便在使用 Wasm 时可以获得“类似 docker ”的体验。
 
diff --git a/content/zh/blog/2020/multi-cluster-mesh-automation/index.md b/content/zh/blog/2020/multi-cluster-mesh-automation/index.md
index 94e64ca1a8a4..d6744f234396 100644
--- a/content/zh/blog/2020/multi-cluster-mesh-automation/index.md
+++ b/content/zh/blog/2020/multi-cluster-mesh-automation/index.md
@@ -7,6 +7,7 @@ attribution: Anil Attuluri (Intuit), Jason Webb (Intuit)
 keywords: [traffic-management,automation,configuration,multicluster,multi-mesh,gateway,federated,globalidentifer]
 target_release: 1.5
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 在 Intuit 公司，我们看到了博客[用于隔离和边界保护的多网格部署](/zh/blog/2019/isolated-clusters/)，其中提到的某些问题与我们有关系。我们意识到，即使我们想要配置单网格多集群，而不是博客中描述的多个网格联邦，我们的环境中也会遇到相同的非统一命名问题。这篇博客介绍了我们如何使用 [Admiral](https://github.com/istio-ecosystem/admiral) 解决这些问题，该项目是 GitHub 组织 `istio-ecosystem` 下的一个开源项目。
 
diff --git a/content/zh/blog/2020/workload-entry/index.md b/content/zh/blog/2020/workload-entry/index.md
index 8c911aab2e1b..77ce57f91b7c 100644
--- a/content/zh/blog/2020/workload-entry/index.md
+++ b/content/zh/blog/2020/workload-entry/index.md
@@ -6,7 +6,7 @@ publishdate: 2020-05-21
 attribution: Cynthia Coan (Tetrate), Shriram Rajagopalan (Tetrate), Tia Louden (Tetrate), John Howard (Google), Sven Mawson (Google)
 keywords: [vm, workloadentry, migration, '1.6', baremetal, serviceentry, discovery]
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## 工作负载条目简介：桥接 Kubernetes 和 VM{#introducing-workload-entries-bridging-Kubernetes-and-VMs}
 
 从历史上看，Istio 为在 Kubernetes 上运行的工作负载提供了很好的体验，但对于其他类型的工作负载，如虚拟机（VM）和裸机，则不太顺利。这些差距包括无法在 VM 上以声明方式指定 Sidecar 的属性，无法正确响应工作负载的生命周期变化（例如，从启动到未准备就绪，或健康检查），以及在工作负载迁移到 Kubernetes 时繁琐的 DNS 解决方法，仅此而已。
diff --git a/content/zh/blog/2021/better-external-authz/index.md b/content/zh/blog/2021/better-external-authz/index.md
index 9ce051a5ed97..ca233e8a2988 100644
--- a/content/zh/blog/2021/better-external-authz/index.md
+++ b/content/zh/blog/2021/better-external-authz/index.md
@@ -6,7 +6,7 @@ publishdate: 2021-02-09
 attribution: Yangmin Zhu (Google); Translated by Wilson Wu (DaoCloud)
 keywords: [authorization,access control,opa,oauth2]
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 ## 背景  {#background}
 
 Istio 的授权策略为网格中的服务提供访问控制。它速度快、功能强大且使用广泛。
diff --git a/content/zh/blog/2021/external-locality-failover/index.md b/content/zh/blog/2021/external-locality-failover/index.md
index f9c198eb6a1a..2531b6dbae29 100644
--- a/content/zh/blog/2021/external-locality-failover/index.md
+++ b/content/zh/blog/2021/external-locality-failover/index.md
@@ -5,6 +5,7 @@ publishdate: 2021-06-04
 attribution: "Ram Vennam (Solo.io)"
 keywords: [locality,region,failover,Istio,outlier,external]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio 强大的 API 可用于解决各种使用服务网格时遇到的问题。
 许多用户对其强大的入口和东西向流量能力都比较了解，但是除此之外它也为出口（向外）流量提供了诸多功能。
diff --git a/content/zh/blog/2021/proxyless-grpc/index.md b/content/zh/blog/2021/proxyless-grpc/index.md
index 029e192c3e83..241541f61b26 100644
--- a/content/zh/blog/2021/proxyless-grpc/index.md
+++ b/content/zh/blog/2021/proxyless-grpc/index.md
@@ -4,6 +4,7 @@ description: 介绍 Istio 对 gRPC 无代理服务网格功能的支持。
 publishdate: 2021-10-28
 attribution: "Steven Landow (Google); Translated by Wilson Wu (DaoCloud)"
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 在 Istio 中，通过使用一组发现 API 对其 Envoy Sidecar 代理进行动态配置，
 这组 API 统称为 [xDS API](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/dynamic_configuration)。
diff --git a/content/zh/blog/2022/cryptomb-privatekeyprovider/index.md b/content/zh/blog/2022/cryptomb-privatekeyprovider/index.md
index f087a0cc0ef9..a2a4229f5802 100644
--- a/content/zh/blog/2022/cryptomb-privatekeyprovider/index.md
+++ b/content/zh/blog/2022/cryptomb-privatekeyprovider/index.md
@@ -5,7 +5,7 @@ publishdate: 2022-05-13
 attribution: "Ravi kumar Veeramally (Intel), Ismo Puustinen (Intel), Sakari Poussa (Intel)"
 keywords: [Istio, CryptoMB, gateways, sidecar]
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 就安全连接而言，加密操作是计算密集型和关键操作之一。Istio 使用 Envoy 作为“网关/边车”来处理安全连接和拦截流量。
 
 根据以往的经验，当入口网关必须处理大量传入的 TLS 和通过 sidecar 代理的安全服务到服务连接时，Envoy 上的负载会增加。潜在的性能取决于许多因素，例如运行 Envoy 中的 cpuset 的大小、传入的流量模式和密钥大小等因素。这些因素可能会影响 Envoy 服务许多新传入的 TLS 请求。为了实现性能的提升和加速握手，Envoy 1.20 和 Istio 1.14 中引入了一项新功能。它可以通过第三代英特尔® 至强® 可扩展处理器、英特尔® 集成性能基元（英特尔® IPP）加密库、Envoy 中 CryptoMB 私钥提供程序方法支持以及 Istio 中使用 `ProxyConfig` 的配置来实现。
diff --git a/content/zh/blog/2022/get-started-ambient/index.md b/content/zh/blog/2022/get-started-ambient/index.md
index 25fe127e5cab..f0764f9d5574 100644
--- a/content/zh/blog/2022/get-started-ambient/index.md
+++ b/content/zh/blog/2022/get-started-ambient/index.md
@@ -5,6 +5,7 @@ publishdate: 2022-09-07T08:00:00-06:00
 attribution: "Lin Sun (Solo.io), John Howard (Google)"
 keywords: [ambient,demo,guide]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< warning >}}
 请参阅最新的 [Ambient 网格入门文档](/zh/docs/ambient/getting-started/)以获取更新的说明。
diff --git a/content/zh/blog/2022/getting-started-gtwapi/index.md b/content/zh/blog/2022/getting-started-gtwapi/index.md
index 99fbc12be31c..2c81124110ae 100644
--- a/content/zh/blog/2022/getting-started-gtwapi/index.md
+++ b/content/zh/blog/2022/getting-started-gtwapi/index.md
@@ -5,6 +5,7 @@ publishdate: 2022-12-14
 attribution: Frank Budinsky (IBM)
 keywords: [traffic-management,gateway,gateway-api,api,gamma,sig-network]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 无论您使用 Istio 或其他服务网格运行 Kubernetes 应用程序服务，
 还是仅在 Kubernetes 集群中使用普通服务，
diff --git a/content/zh/blog/2023/dlb-connection-balancing/index.md b/content/zh/blog/2023/dlb-connection-balancing/index.md
index 15e1645fe507..619fc99b0d8a 100644
--- a/content/zh/blog/2023/dlb-connection-balancing/index.md
+++ b/content/zh/blog/2023/dlb-connection-balancing/index.md
@@ -5,6 +5,7 @@ publishdate: 2023-08-08
 attribution: "Loong Dai (Intel); Translated by Michael Yao (DaoCloud)"
 keywords: [Istio, DLB, gateways]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## 什么是连接负载均衡？ {#what-is-connection-load-balancing}
 
diff --git a/content/zh/blog/2023/egress-sni/index.md b/content/zh/blog/2023/egress-sni/index.md
index 94e1df1a279a..f4bc0073ef95 100644
--- a/content/zh/blog/2023/egress-sni/index.md
+++ b/content/zh/blog/2023/egress-sni/index.md
@@ -5,7 +5,7 @@ publishdate: 2023-12-01
 attribution: "Gergő Huszty (IBM); Translated by Wilson Wu (DaoCloud)"
 keywords: [traffic-management,gateway,mesh,mtls,egress,remote]
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 如果您使用 Istio 处理应用程序发起的流向网格外部目标的流量，您可能熟悉出口网关的概念。
 出口网关可用于监控和转发来自网格内应用程序的流量至网格外部的位置。
 如果您的系统在受限环境中运行并且您想控制从您的网格访问公共互联网的内容，那么这是一个有用的功能。
diff --git a/content/zh/blog/2023/native-sidecars/index.md b/content/zh/blog/2023/native-sidecars/index.md
index 02744f79c6aa..699a400bfe2e 100644
--- a/content/zh/blog/2023/native-sidecars/index.md
+++ b/content/zh/blog/2023/native-sidecars/index.md
@@ -5,6 +5,7 @@ publishdate: 2023-08-15
 attribution: "John Howard (Google); Translated by Wilson Wu (DaoCloud)"
 keywords: [istio,sidecars,kubernetes]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 如果您曾经听说过有关服务网格的些许信息，
 那就会知道它是以 Sidecar 模式工作的：与应用代码并列部署一个代理服务器。
diff --git a/content/zh/blog/2023/waypoint-proxy-made-simple/index.md b/content/zh/blog/2023/waypoint-proxy-made-simple/index.md
index 1f3ccefd9ec5..e873a30cc5f7 100644
--- a/content/zh/blog/2023/waypoint-proxy-made-simple/index.md
+++ b/content/zh/blog/2023/waypoint-proxy-made-simple/index.md
@@ -5,6 +5,7 @@ publishdate: 2023-03-31
 attribution: "Lin Sun (Solo.io), John Howard (Google)"
 keywords: [istio,ambient,waypoint]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Ambient 将 Istio 的功能分为两个不同层级，一个是具备安全机制的 Overlay 层，另一个是 L7 处理层。
 Waypoint Proxy 是一个基于 Envoy 的可选组件，为其管理的工作负载进行 L7 处理。
diff --git a/content/zh/blog/2024/authz-policy-with-kyverno/index.md b/content/zh/blog/2024/authz-policy-with-kyverno/index.md
index 118121cc36c8..d8571e78bccb 100644
--- a/content/zh/blog/2024/authz-policy-with-kyverno/index.md
+++ b/content/zh/blog/2024/authz-policy-with-kyverno/index.md
@@ -5,6 +5,7 @@ publishdate: 2024-11-25
 attribution: "Charles-Edouard Brétéché (Nirmata); Translated by Wilson Wu (DaoCloud)"
 keywords: [istio,kyverno,policy,platform,authorization]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio 支持与许多不同项目的集成。Istio 博客最近发表了一篇关于[使用 OpenPolicyAgent 实现 L7 策略功能](../l7-policy-with-opa)的文章。
 Kyverno 是一个类似的项目，今天我们将深入探讨如何将 Istio 和 Kyverno Authz 服务器结合使用，
diff --git a/content/zh/blog/2024/gateway-mesh-ga/index.md b/content/zh/blog/2024/gateway-mesh-ga/index.md
index b21805b301f2..1733b031c1de 100644
--- a/content/zh/blog/2024/gateway-mesh-ga/index.md
+++ b/content/zh/blog/2024/gateway-mesh-ga/index.md
@@ -6,6 +6,7 @@ attribution: John Howard - solo.io; Translated by Wilson Wu (DaoCloud)
 keywords: [istio, traffic, API]
 target_release: 1.22
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 我们很高兴地宣布 [Gateway API](https://gateway-api.sigs.k8s.io/)
 中的服务网格支持现已正式“稳定”！在此版本中（Gateway API v1.1 和 Istio v1.22 的一部分），
diff --git a/content/zh/blog/2024/inpod-traffic-redirection-ambient/index.md b/content/zh/blog/2024/inpod-traffic-redirection-ambient/index.md
index 8af48c32ee9a..3de81815c3dc 100644
--- a/content/zh/blog/2024/inpod-traffic-redirection-ambient/index.md
+++ b/content/zh/blog/2024/inpod-traffic-redirection-ambient/index.md
@@ -5,6 +5,7 @@ publishdate: 2024-01-29
 attribution: "Ben Leggett (Solo.io), Yuval Kohavi (Solo.io), Lin Sun (Solo.io); Translated by Wilson Wu (DaoCloud)"
 keywords: [Ambient,Istio,CNI,ztunnel,traffic]
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio 项目于 2022 年[宣布推出一种全新的无 Sidecar 数据平面模式：Ambient 网格](/zh/blog/2022/introducing-ambient-mesh/)，
 并于 2023 年初[发布了 Alpha 版实现](/zh/news/releases/1.18.x/announcing-1.18/#ambient-mesh)。
diff --git a/content/zh/blog/2025/ambient-performance/index.md b/content/zh/blog/2025/ambient-performance/index.md
index 0db5b32519c8..7a659ab5ec1a 100644
--- a/content/zh/blog/2025/ambient-performance/index.md
+++ b/content/zh/blog/2025/ambient-performance/index.md
@@ -5,6 +5,7 @@ publishdate: 2025-03-06
 attribution: "John Howard (Solo.io); Translated by Wilson Wu (DaoCloud)"
 keywords: [istio,performance,ambient]
 ---
+<!-- markdownlint-disable MD007 -->
 
 传输过程中加密是当今几乎所有 Kubernetes 环境的基本要求，
 并构成了零信任安全态势的基础。
diff --git a/content/zh/docs/ambient/architecture/data-plane/index.md b/content/zh/docs/ambient/architecture/data-plane/index.md
index 7a136ca73e1a..abad1e3f59fb 100644
--- a/content/zh/docs/ambient/architecture/data-plane/index.md
+++ b/content/zh/docs/ambient/architecture/data-plane/index.md
@@ -5,6 +5,7 @@ weight: 2
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 在 {{< gloss "ambient" >}}Ambient 模式{{< /gloss >}}中，工作负载可以分为 3 类：
 
diff --git a/content/zh/docs/ambient/getting-started/enforce-auth-policies/index.md b/content/zh/docs/ambient/getting-started/enforce-auth-policies/index.md
index 1b43e7efa6b6..8b0acba60057 100644
--- a/content/zh/docs/ambient/getting-started/enforce-auth-policies/index.md
+++ b/content/zh/docs/ambient/getting-started/enforce-auth-policies/index.md
@@ -5,6 +5,7 @@ weight: 4
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 将应用程序添加到 Ambient 网格后，您可以使用四层鉴权策略保护应用程序访问。
 
diff --git a/content/zh/docs/ambient/getting-started/manage-traffic/index.md b/content/zh/docs/ambient/getting-started/manage-traffic/index.md
index 19482732c722..e087a178d5a9 100644
--- a/content/zh/docs/ambient/getting-started/manage-traffic/index.md
+++ b/content/zh/docs/ambient/getting-started/manage-traffic/index.md
@@ -5,6 +5,7 @@ weight: 5
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 现在您已经安装了 waypoint 代理，您将学习如何在服务之间分割流量。
 
diff --git a/content/zh/docs/ambient/usage/l4-policy/index.md b/content/zh/docs/ambient/usage/l4-policy/index.md
index 47a198efbbb3..80c57a95df43 100644
--- a/content/zh/docs/ambient/usage/l4-policy/index.md
+++ b/content/zh/docs/ambient/usage/l4-policy/index.md
@@ -5,6 +5,7 @@ weight: 20
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio [安全策略](/zh/docs/concepts/security)的四层（L4）特性由
 {{< gloss >}}ztunnel{{< /gloss >}} 提供支持，这些 L4 特性可用于
diff --git a/content/zh/docs/ambient/usage/l7-features/index.md b/content/zh/docs/ambient/usage/l7-features/index.md
index 85fd7de803a8..cb3b12238376 100644
--- a/content/zh/docs/ambient/usage/l7-features/index.md
+++ b/content/zh/docs/ambient/usage/l7-features/index.md
@@ -5,6 +5,7 @@ weight: 50
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 通过向您的流量流添加 waypoint 代理，您可以启用更多 [Istio 的功能](/zh/docs/concepts)。
 waypoint 使用 {{< gloss "gateway api" >}}Kubernetes Gateway API{{< /gloss >}} 配置。
diff --git a/content/zh/docs/ambient/usage/networkpolicy/index.md b/content/zh/docs/ambient/usage/networkpolicy/index.md
index 79966b17635a..6798909a7837 100644
--- a/content/zh/docs/ambient/usage/networkpolicy/index.md
+++ b/content/zh/docs/ambient/usage/networkpolicy/index.md
@@ -5,6 +5,7 @@ weight: 20
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Kubernetes [NetworkPolicy](https://kubernetes.io/zh-cn/docs/concepts/services-networking/network-policies/)
 允许您控制 L4 流量如何到达 Pod。
diff --git a/content/zh/docs/ambient/usage/waypoint/index.md b/content/zh/docs/ambient/usage/waypoint/index.md
index 7fb68e9f8fa0..87b90276b7f1 100644
--- a/content/zh/docs/ambient/usage/waypoint/index.md
+++ b/content/zh/docs/ambient/usage/waypoint/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 **waypoint 代理**是基于 Envoy 代理的可选部署，用于将 Layer 7（L7）处理添加到一组定义的工作负载中。
 
diff --git a/content/zh/docs/concepts/security/index.md b/content/zh/docs/concepts/security/index.md
index 7884758411d2..fe42cdd393aa 100644
--- a/content/zh/docs/concepts/security/index.md
+++ b/content/zh/docs/concepts/security/index.md
@@ -13,6 +13,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 将单一应用程序分解为微服务可提供各种好处，包括更好的灵活性、
 可伸缩性以及服务复用的能力。但是，微服务也有特殊的安全需求：
diff --git a/content/zh/docs/concepts/traffic-management/index.md b/content/zh/docs/concepts/traffic-management/index.md
index d14af5ecb975..90dec91997eb 100644
--- a/content/zh/docs/concepts/traffic-management/index.md
+++ b/content/zh/docs/concepts/traffic-management/index.md
@@ -15,6 +15,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio 的流量路由规则可以让您很容易的控制服务之间的流量和 API 调用。
 Istio 简化了服务级别属性的配置，比如熔断器、超时和重试，并且能轻松的设置重要的任务，
diff --git a/content/zh/docs/examples/virtual-machines/index.md b/content/zh/docs/examples/virtual-machines/index.md
index 4a56c179d788..ea21a5e366f7 100644
--- a/content/zh/docs/examples/virtual-machines/index.md
+++ b/content/zh/docs/examples/virtual-machines/index.md
@@ -13,6 +13,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 本示例通过在虚拟机（VM）上运行一项服务来跨 Kubernetes 部署 Bookinfo 应用程序，
 并说明了如何以单个网格的形式控制此基础架构。
diff --git a/content/zh/docs/ops/best-practices/image-signing-validation/index.md b/content/zh/docs/ops/best-practices/image-signing-validation/index.md
index c2dedb7c2bc8..db287de489e2 100644
--- a/content/zh/docs/ops/best-practices/image-signing-validation/index.md
+++ b/content/zh/docs/ops/best-practices/image-signing-validation/index.md
@@ -7,6 +7,7 @@ keywords: [install,signing]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 本页介绍如何使用 [Cosign](https://github.com/sigstore/cosign) 验证 Istio 镜像制品的来源。
 
diff --git a/content/zh/docs/ops/best-practices/observability/index.md b/content/zh/docs/ops/best-practices/observability/index.md
index 039305ecbcd8..a8caf8c0d3eb 100644
--- a/content/zh/docs/ops/best-practices/observability/index.md
+++ b/content/zh/docs/ops/best-practices/observability/index.md
@@ -6,6 +6,7 @@ weight: 50
 owner: istio/wg-policies-and-telemetry-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## 使用 Prometheus 进行生产规模的监控 {#using-Prometheus-for-production-scale-monitoring}
 
diff --git a/content/zh/docs/ops/best-practices/security/index.md b/content/zh/docs/ops/best-practices/security/index.md
index 2489a215e7fb..f4f27237efa0 100644
--- a/content/zh/docs/ops/best-practices/security/index.md
+++ b/content/zh/docs/ops/best-practices/security/index.md
@@ -6,7 +6,7 @@ weight: 30
 owner: istio/wg-security-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 Istio 安全功能提供强大的身份、强大的策略、透明的 TLS 加密、认证、
 授权和审计（AAA）工具来保护您的服务和数据。但是，为了更好地使用这些安全特性，
 必须按照最佳实践操作。这里建议您先回顾[安全概述](/zh/docs/concepts/security/)再阅读下文。
diff --git a/content/zh/docs/ops/best-practices/traffic-management/index.md b/content/zh/docs/ops/best-practices/traffic-management/index.md
index 7f8715854305..fbab38216a98 100644
--- a/content/zh/docs/ops/best-practices/traffic-management/index.md
+++ b/content/zh/docs/ops/best-practices/traffic-management/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 本节提供特定的部署或配置准则，以避免网络或流量管理问题。
 
 ## 为服务设置默认路由 {#set-default-routes-for-services}
diff --git a/content/zh/docs/ops/common-problems/injection/index.md b/content/zh/docs/ops/common-problems/injection/index.md
index 352b56e3156d..7f2b2dbf2cd0 100644
--- a/content/zh/docs/ops/common-problems/injection/index.md
+++ b/content/zh/docs/ops/common-problems/injection/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## 注入的结果和预期不一致 {#the-result-of-sidecar-injection-was-not-what-i-expected}
 
diff --git a/content/zh/docs/ops/common-problems/network-issues/index.md b/content/zh/docs/ops/common-problems/network-issues/index.md
index 823b00425415..971c07e1603f 100644
--- a/content/zh/docs/ops/common-problems/network-issues/index.md
+++ b/content/zh/docs/ops/common-problems/network-issues/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## 请求被 Envoy 拒绝 {#requests-are-rejected-by-envoy}
 
 请求被拒绝有许多原因。弄明白为什么请求被拒绝的最好方式是检查 Envoy 的访问日志。
diff --git a/content/zh/docs/ops/common-problems/security-issues/index.md b/content/zh/docs/ops/common-problems/security-issues/index.md
index 6c0fb0654b49..3eb56cb2a360 100644
--- a/content/zh/docs/ops/common-problems/security-issues/index.md
+++ b/content/zh/docs/ops/common-problems/security-issues/index.md
@@ -11,6 +11,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## 终端用户认证失败 {#end-user-authentication-fails}
 
diff --git a/content/zh/docs/ops/common-problems/upgrade-issues/index.md b/content/zh/docs/ops/common-problems/upgrade-issues/index.md
index 44850fca2d55..c38b64599ce8 100644
--- a/content/zh/docs/ops/common-problems/upgrade-issues/index.md
+++ b/content/zh/docs/ops/common-problems/upgrade-issues/index.md
@@ -5,6 +5,7 @@ weight: 60
 owner: istio/wg-policies-and-telemetry-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## EnvoyFilter 迁移 {#envoyfilter-migration}
 
diff --git a/content/zh/docs/ops/common-problems/validation/index.md b/content/zh/docs/ops/common-problems/validation/index.md
index 6d73a83b742b..94d179eafe00 100644
--- a/content/zh/docs/ops/common-problems/validation/index.md
+++ b/content/zh/docs/ops/common-problems/validation/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## 看似有效的配置不生效 {#valid-configuration-is-rejected}
 
diff --git a/content/zh/docs/ops/configuration/mesh/configuration-scoping/index.md b/content/zh/docs/ops/configuration/mesh/configuration-scoping/index.md
index 92ccd627c285..34a10bb61d34 100644
--- a/content/zh/docs/ops/configuration/mesh/configuration-scoping/index.md
+++ b/content/zh/docs/ops/configuration/mesh/configuration-scoping/index.md
@@ -6,6 +6,7 @@ keywords: [scalability]
 owner: istio/wg-networking-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 为了对服务网格进行编程，Istio 控制平面（Istiod）会读取各种配置，
 包括如 `Service` 和 `Node` 之类的核心 Kubernetes 类型，
diff --git a/content/zh/docs/ops/configuration/security/security-policy-examples/index.md b/content/zh/docs/ops/configuration/security/security-policy-examples/index.md
index 30c7bd517258..e653ed1910b2 100644
--- a/content/zh/docs/ops/configuration/security/security-policy-examples/index.md
+++ b/content/zh/docs/ops/configuration/security/security-policy-examples/index.md
@@ -5,7 +5,7 @@ weight: 60
 owner: istio/wg-security-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## 背景 {#background}
 
 本页展示了使用 Istio 安全策略的通用模式。
diff --git a/content/zh/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md b/content/zh/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
index f3bb81686671..0c8a85b03962 100644
--- a/content/zh/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
+++ b/content/zh/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## 概述{#overview}
 
diff --git a/content/zh/docs/ops/configuration/traffic-management/dns-proxy/index.md b/content/zh/docs/ops/configuration/traffic-management/dns-proxy/index.md
index 98591b449d99..011f56dc3ad8 100644
--- a/content/zh/docs/ops/configuration/traffic-management/dns-proxy/index.md
+++ b/content/zh/docs/ops/configuration/traffic-management/dns-proxy/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,dns,virtual-machine]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable MD007 -->
 除了捕获应用流量，Istio 还可以捕获 DNS 请求，
 以提高网格的性能和可用性。当 Istio 代理 DNS 时，
 所有来自应用程序的 DNS 请求将会被重定向到 Sidecar 或 ztunnel 代理，
diff --git a/content/zh/docs/ops/configuration/traffic-management/multicluster/index.md b/content/zh/docs/ops/configuration/traffic-management/multicluster/index.md
index b4f67f771572..689edd9413db 100644
--- a/content/zh/docs/ops/configuration/traffic-management/multicluster/index.md
+++ b/content/zh/docs/ops/configuration/traffic-management/multicluster/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,multicluster]
 owner: istio/wg-networking-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable MD007 -->
 在多集群网格中，可能需要特定于集群拓扑的流量规则。本文描述了在一个多集群网格中管理流量的几种方法。
 在阅读本指南之前，您需要：
 
diff --git a/content/zh/docs/ops/configuration/traffic-management/protocol-selection/index.md b/content/zh/docs/ops/configuration/traffic-management/protocol-selection/index.md
index 4f19006b9e10..b4eba2973f36 100644
--- a/content/zh/docs/ops/configuration/traffic-management/protocol-selection/index.md
+++ b/content/zh/docs/ops/configuration/traffic-management/protocol-selection/index.md
@@ -12,7 +12,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable MD007 -->
 Istio 默认支持代理所有 TCP 流量。包括 HTTP、HTTPS、gRPC 以及原始 TCP 协议。但为了提供额外的能力，
 比如路由和丰富的指标，必须确定协议。协议可以被自动检测或者手动声明。
 
diff --git a/content/zh/docs/ops/configuration/traffic-management/tls-configuration/index.md b/content/zh/docs/ops/configuration/traffic-management/tls-configuration/index.md
index 64ba28dd0062..26ea6fd240cb 100644
--- a/content/zh/docs/ops/configuration/traffic-management/tls-configuration/index.md
+++ b/content/zh/docs/ops/configuration/traffic-management/tls-configuration/index.md
@@ -7,7 +7,7 @@ keywords: [traffic-management,proxy]
 owner: istio/wg-networking-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable MD007 -->
 Istio 非常重要的一个功能是能够锁定并且保护网格内的来往流量。然而配置 TLS 设置可能会令人困惑，并且是配置错误的一个常见来源。
 这篇文章尝试去说明在 Istio 内发送请求时，其涉及到的各种相关联系，以及怎样去配置其 TLS 的相关设置。
 参考 [TLS 配置错误](/zh/docs/ops/common-problems/network-issues/#tls-configuration-mistakes)，
diff --git a/content/zh/docs/ops/diagnostic-tools/istioctl-analyze/index.md b/content/zh/docs/ops/diagnostic-tools/istioctl-analyze/index.md
index f0b0a5b2e516..87dbab8ed7d9 100644
--- a/content/zh/docs/ops/diagnostic-tools/istioctl-analyze/index.md
+++ b/content/zh/docs/ops/diagnostic-tools/istioctl-analyze/index.md
@@ -6,6 +6,7 @@ keywords: [istioctl, debugging, kubernetes]
 owner: istio/wg-user-experience-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 `istioctl analyze` 是一个诊断工具，可以检测 Istio 配置的潜在问题。
 它检测的目标可以是一个正在运行的集群，也可以是一组本地配置文件。
diff --git a/content/zh/docs/ops/integrations/certmanager/index.md b/content/zh/docs/ops/integrations/certmanager/index.md
index b29ee492e442..fe2853e4727b 100644
--- a/content/zh/docs/ops/integrations/certmanager/index.md
+++ b/content/zh/docs/ops/integrations/certmanager/index.md
@@ -9,6 +9,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [cert-manager](https://cert-manager.io/) 是一种自动执行证书管理的工具，
 它可以与 Istio Gateway 集成以管理 TLS 证书。
diff --git a/content/zh/docs/ops/integrations/prometheus/index.md b/content/zh/docs/ops/integrations/prometheus/index.md
index 3c8acada51b0..3293b61e5961 100644
--- a/content/zh/docs/ops/integrations/prometheus/index.md
+++ b/content/zh/docs/ops/integrations/prometheus/index.md
@@ -6,6 +6,7 @@ keywords: [integration,prometheus]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [Prometheus](https://prometheus.io/) 是一个开源的监控系统、
 时间序列数据库。您可以利用 Prometheus 与 Istio 集成来收集指标（Metrics），
diff --git a/content/zh/docs/reference/config/analysis/ist0101/index.md b/content/zh/docs/reference/config/analysis/ist0101/index.md
index 67cfc52ac7e2..ceaf7f0c93a5 100644
--- a/content/zh/docs/reference/config/analysis/ist0101/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0101/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 当 Istio 资源引用另一个不存在的资源时，会出现此消息。
 这会导致 Istio 尝试查找引用的资源但找不到这类的错误。
 
diff --git a/content/zh/docs/reference/config/analysis/ist0106/index.md b/content/zh/docs/reference/config/analysis/ist0106/index.md
index 5f68513f4909..7caf784f2dc9 100644
--- a/content/zh/docs/reference/config/analysis/ist0106/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0106/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当您的 Istio 配置没有成功通过模式验证时，会出现此消息。
 
diff --git a/content/zh/docs/reference/config/analysis/ist0109/index.md b/content/zh/docs/reference/config/analysis/ist0109/index.md
index 4bc41739b2d5..cb460a393a3a 100644
--- a/content/zh/docs/reference/config/analysis/ist0109/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0109/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 当 Istio 检测到因 [VirtualService](/zh/docs/reference/config/networking/virtual-service)
 资源重复而导致冲突时，会出现此消息。比如，多个 VirtualService 使用相同的主机名且连接网格 Gateway 时，
 会出现一条错误消息。需要注意的是，Istio 支持合并挂接到入口网关的 VirtualService。
diff --git a/content/zh/docs/reference/config/analysis/ist0118/index.md b/content/zh/docs/reference/config/analysis/ist0118/index.md
index 640722e4c72c..790a3e95526d 100644
--- a/content/zh/docs/reference/config/analysis/ist0118/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0118/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当端口不遵循 [Istio 服务端口命名约定](/zh/docs/ops/configuration/traffic-management/protocol-selection/)或端口未命名时，
 会出现此消息。
diff --git a/content/zh/docs/reference/config/analysis/ist0125/index.md b/content/zh/docs/reference/config/analysis/ist0125/index.md
index e52ace61c483..a3e9ca29828b 100644
--- a/content/zh/docs/reference/config/analysis/ist0125/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0125/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当集群的某些资源与 Istio 相关（名称归属 `istio.io`）但注解（annotation）包含以下情况时：
 
diff --git a/content/zh/docs/reference/config/analysis/ist0130/index.md b/content/zh/docs/reference/config/analysis/ist0130/index.md
index cbaa8d72a0f7..8ff9bd215712 100644
--- a/content/zh/docs/reference/config/analysis/ist0130/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0130/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 如果因为之前的规则中指定了相同的匹配规则，在 VirtualService 包含永远不会使用的匹配规则时，
 会出现此消息。当多个规则不存在任何匹配时，此消息也会出现。
diff --git a/content/zh/docs/reference/config/analysis/ist0131/index.md b/content/zh/docs/reference/config/analysis/ist0131/index.md
index 38a6957d837e..31027f551c5a 100644
--- a/content/zh/docs/reference/config/analysis/ist0131/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0131/index.md
@@ -4,7 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
-
+<!-- markdownlint-disable MD007 -->
 当 VirtualService 包含一条因为旧规则指定了相同的匹配而永远不会使用的匹配规则时，会出现此消息。
 
 ## 示例 {#example}
diff --git a/content/zh/docs/reference/config/analysis/ist0132/index.md b/content/zh/docs/reference/config/analysis/ist0132/index.md
index 6341249e5a97..21dabd2ef9b3 100644
--- a/content/zh/docs/reference/config/analysis/ist0132/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0132/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当一个 VirtualService 声明了 `host` 但无法找到相应的网关时，会出现此消息。
 
diff --git a/content/zh/docs/reference/config/analysis/ist0143/index.md b/content/zh/docs/reference/config/analysis/ist0143/index.md
index c7453875a4c0..a41136726478 100644
--- a/content/zh/docs/reference/config/analysis/ist0143/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0143/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当工作负载在监听 `localhost` 网络接口，但该端口在 Service 中已暴露时，会出现此消息。
 当出现这种情况时，其他 Pod 将无法访问该端口。
diff --git a/content/zh/docs/reference/config/analysis/ist0150/index.md b/content/zh/docs/reference/config/analysis/ist0150/index.md
index 43e1895df179..9a943f463a77 100644
--- a/content/zh/docs/reference/config/analysis/ist0150/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0150/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 对于 ExternalName 类型的服务，当端口不遵循 Istio 服务端口命名协议、端口未命名或端口命名为
 TCP 时，会出现此消息。
diff --git a/content/zh/docs/reference/config/analysis/ist0151/index.md b/content/zh/docs/reference/config/analysis/ist0151/index.md
index 124204f29e61..ed4c536195ae 100644
--- a/content/zh/docs/reference/config/analysis/ist0151/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0151/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当 `EnvoyFilter` 没有优先级且使用相对补丁操作（`INVALID`、`MERGE`、`REMOVE`、`INSERT_BEFORE`、`INSERT_AFTER`、`REPLACE`）时，
 会出现此消息。使用相对补丁操作意味着当评估当前的 `EnvoyFilter` 过滤器时该操作依赖于另一个过滤器。
diff --git a/content/zh/docs/reference/config/analysis/ist0152/index.md b/content/zh/docs/reference/config/analysis/ist0152/index.md
index 37079907d573..30795961103f 100644
--- a/content/zh/docs/reference/config/analysis/ist0152/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0152/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当 `EnvoyFilter` 使用 `REPLACE` 操作并且 `ApplyTo` 设置为 `HTTP_FILTER` 或 `NETWORK_FILTER` 时，
 会出现此消息。这将导致 `REPLACE` 操作被忽略，因为 `HTTP_FILTER` 和 `NETWORK_FILTER` 对于 `REPLACE` 无效。
diff --git a/content/zh/docs/reference/config/analysis/ist0153/index.md b/content/zh/docs/reference/config/analysis/ist0153/index.md
index 90f919ea5ac3..9c2fa1a2c2ee 100644
--- a/content/zh/docs/reference/config/analysis/ist0153/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0153/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当 `EnvoyFilter` 使用 `ADD` 操作且 `ApplyTo` 设置为 `ROUTE_CONFIGURATION` 或 `HTTP_ROUTE` 时，会出现此消息。
 这将导致 `ADD` 操作被忽略。目前，只有 `MERGE` 操作可用于 `ROUTE_CONFIGURATION`。
diff --git a/content/zh/docs/reference/config/analysis/ist0154/index.md b/content/zh/docs/reference/config/analysis/ist0154/index.md
index b6b29df741c1..db6c53088aa3 100644
--- a/content/zh/docs/reference/config/analysis/ist0154/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0154/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当 `EnvoyFilter` 使用 `REMOVE` 操作并且 `ApplyTo` 设置为 `ROUTE_CONFIGURATION` 或
 `HTTP_ROUTE` 时会出现此消息。这将导致 `REMOVE` 操作被忽略。
diff --git a/content/zh/docs/reference/config/analysis/ist0155/index.md b/content/zh/docs/reference/config/analysis/ist0155/index.md
index 908fd8594b8e..412efbc7faf5 100644
--- a/content/zh/docs/reference/config/analysis/ist0155/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0155/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当 `EnvoyFilter` 没有设置优先级并没有使用相关补丁操作
 （`INSERT_BEFORE/AFTER`、`REPLACE`、`MERGE`、`DELETE`）
diff --git a/content/zh/docs/reference/config/analysis/ist0162/index.md b/content/zh/docs/reference/config/analysis/ist0162/index.md
index c0aaf491273f..5651d2d8db33 100644
--- a/content/zh/docs/reference/config/analysis/ist0162/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0162/index.md
@@ -35,6 +35,7 @@ spec:
     hosts:
     - "*"
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 # 默认的网关 Service
 
diff --git a/content/zh/docs/reference/config/analysis/ist0163/index.md b/content/zh/docs/reference/config/analysis/ist0163/index.md
index 3e5371a217db..44db1ccd04a5 100644
--- a/content/zh/docs/reference/config/analysis/ist0163/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0163/index.md
@@ -115,6 +115,7 @@ webhooks:
   name: validation.istio.io
 
 ---
+<!-- markdownlint-disable-file MD007 -->
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
diff --git a/content/zh/docs/reference/config/analysis/ist0164/index.md b/content/zh/docs/reference/config/analysis/ist0164/index.md
index 210b9db1ae36..753064b73f28 100644
--- a/content/zh/docs/reference/config/analysis/ist0164/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0164/index.md
@@ -40,6 +40,7 @@ webhooks:
   name: validation.istio.io
 
 ---
+<!-- markdownlint-disable-file MD007 -->
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
diff --git a/content/zh/docs/reference/config/analysis/ist0166/index.md b/content/zh/docs/reference/config/analysis/ist0166/index.md
index 873ecae97fd0..dffe361bb598 100644
--- a/content/zh/docs/reference/config/analysis/ist0166/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0166/index.md
@@ -4,6 +4,7 @@ layout: analysis-message
 owner: istio/wg-user-experience-maintainers
 test: n/a
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当 `AuthorizationPolicy`、`RequestAuthentication`、`Telemetry` 或 `WasmPlugin`
 这类策略中的工作负载选择器没有有效指向任何 Kubernetes Gateway Pod 目标时，会出现此消息。
diff --git a/content/zh/docs/reference/config/config-status/index.md b/content/zh/docs/reference/config/config-status/index.md
index 3462bffa39bc..a4a155a44dc1 100644
--- a/content/zh/docs/reference/config/config-status/index.md
+++ b/content/zh/docs/reference/config/config-status/index.md
@@ -3,6 +3,7 @@ title: 状态字段配置
 description: 描述“状态”字段在配置工作流程中的作用。
 weight: 21
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< warning >}}
 此功能处于 Alpha 阶段，请参见 [Istio 功能状态](/zh/about/feature-stages/)。
diff --git a/content/zh/docs/setup/additional-setup/customize-installation/index.md b/content/zh/docs/setup/additional-setup/customize-installation/index.md
index 8d08a8152bcb..72e075ef0a6a 100644
--- a/content/zh/docs/setup/additional-setup/customize-installation/index.md
+++ b/content/zh/docs/setup/additional-setup/customize-installation/index.md
@@ -6,7 +6,7 @@ keywords: [profiles,install,helm]
 owner: istio/wg-environments-maintainers
 test: n/a
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 ## 先决条件 {#prerequisites}
 
 开始之前，检查下列先决条件：
diff --git a/content/zh/docs/setup/additional-setup/gateway/index.md b/content/zh/docs/setup/additional-setup/gateway/index.md
index 37cd6a9e17ef..ff1917091808 100644
--- a/content/zh/docs/setup/additional-setup/gateway/index.md
+++ b/content/zh/docs/setup/additional-setup/gateway/index.md
@@ -6,7 +6,7 @@ keywords: [install,gateway,kubernetes]
 owner: istio/wg-environments-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 {{< tip >}}
 {{< boilerplate gateway-api-future >}}
 如果您使用 Gateway API，将不需要安装和管理本文所述的网关 `Deployment`。
diff --git a/content/zh/docs/setup/additional-setup/sidecar-injection/index.md b/content/zh/docs/setup/additional-setup/sidecar-injection/index.md
index c66b063ee764..3f534d7a1b1a 100644
--- a/content/zh/docs/setup/additional-setup/sidecar-injection/index.md
+++ b/content/zh/docs/setup/additional-setup/sidecar-injection/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 ## 注入  {#injection}
 
diff --git a/content/zh/docs/setup/platform-setup/huaweicloud/index.md b/content/zh/docs/setup/platform-setup/huaweicloud/index.md
index a46800627a97..4a6cefe54b64 100644
--- a/content/zh/docs/setup/platform-setup/huaweicloud/index.md
+++ b/content/zh/docs/setup/platform-setup/huaweicloud/index.md
@@ -10,6 +10,7 @@ keywords: [platform-setup,huawei,huaweicloud,cce]
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 遵循以下说明配置[华为云容器引擎 CCE](https://www.huaweicloud.com/intl/zh-cn/product/cce.html) 集群以便安装运行 Istio。
 您可以在华为云的`云容器引擎控制台`中快速简单地部署一个完全支持 Istio 的 Kubernetes 集群。
diff --git a/content/zh/docs/setup/platform-setup/kubesphere/index.md b/content/zh/docs/setup/platform-setup/kubesphere/index.md
index c1630ebc866f..d162d8fb22a7 100644
--- a/content/zh/docs/setup/platform-setup/kubesphere/index.md
+++ b/content/zh/docs/setup/platform-setup/kubesphere/index.md
@@ -7,6 +7,7 @@ keywords: [platform-setup,kubesphere,kubernetes]
 owner: istio/wg-environments-maintainers
 test: no
 ---
+<!-- markdownlint-disable-file MD007 MD026 -->
 
 该文档最近更新于2021年3月9日。
 
diff --git a/content/zh/docs/tasks/observability/distributed-tracing/jaeger/index.md b/content/zh/docs/tasks/observability/distributed-tracing/jaeger/index.md
index 610cf1f68f7b..471c9d19cd7f 100644
--- a/content/zh/docs/tasks/observability/distributed-tracing/jaeger/index.md
+++ b/content/zh/docs/tasks/observability/distributed-tracing/jaeger/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 完成此任务后，您将了解如何让您的应用程序参与 [Jaeger](https://www.jaegertracing.io/)
 的追踪，无论您用什么语言、框架或平台来构建应用程序。
diff --git a/content/zh/docs/tasks/observability/distributed-tracing/opentelemetry/index.md b/content/zh/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
index 7eee095fc459..2d8c5012e2dc 100644
--- a/content/zh/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
+++ b/content/zh/docs/tasks/observability/distributed-tracing/opentelemetry/index.md
@@ -10,6 +10,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [OpenTelemetry](https://opentelemetry.io/) (OTel) 是一个与供应商无关的开源可观测性框架，
 用于检测、生成、收集和导出遥测数据。
diff --git a/content/zh/docs/tasks/observability/distributed-tracing/sampling/index.md b/content/zh/docs/tasks/observability/distributed-tracing/sampling/index.md
index 6ebb25bcecce..c29433618058 100644
--- a/content/zh/docs/tasks/observability/distributed-tracing/sampling/index.md
+++ b/content/zh/docs/tasks/observability/distributed-tracing/sampling/index.md
@@ -6,6 +6,7 @@ keywords: [sampling,telemetry,tracing,opentelemetry]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio 提供了多种配置链路采样的方法。
 在此页面中，您将学习并了解所有配置采样的不同方式。
diff --git a/content/zh/docs/tasks/observability/distributed-tracing/skywalking/index.md b/content/zh/docs/tasks/observability/distributed-tracing/skywalking/index.md
index c835daea4cb0..83f380e955a2 100644
--- a/content/zh/docs/tasks/observability/distributed-tracing/skywalking/index.md
+++ b/content/zh/docs/tasks/observability/distributed-tracing/skywalking/index.md
@@ -6,6 +6,7 @@ keywords: [telemetry,tracing,skywalking,span,port-forwarding]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 完成本任务之后，您将明白如何使用 [Apache SkyWalking](https://skywalking.apache.org)
 追踪应用，这与用于构建应用的语言、框架或平台无关。
diff --git a/content/zh/docs/tasks/observability/distributed-tracing/telemetry-api/index.md b/content/zh/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
index 191516cfc0d8..b68a0c253701 100644
--- a/content/zh/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
+++ b/content/zh/docs/tasks/observability/distributed-tracing/telemetry-api/index.md
@@ -6,6 +6,7 @@ keywords: [telemetry,tracing]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio 提供了配置链路追踪选项的功能，例如采样率和向报告的 Span 添加自定义标签。
 此任务向您展示如何使用 Telemetry API 自定义链路追踪选项。
diff --git a/content/zh/docs/tasks/observability/distributed-tracing/zipkin/index.md b/content/zh/docs/tasks/observability/distributed-tracing/zipkin/index.md
index a847ccdff1b1..50399d68425a 100644
--- a/content/zh/docs/tasks/observability/distributed-tracing/zipkin/index.md
+++ b/content/zh/docs/tasks/observability/distributed-tracing/zipkin/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 通过本任务，您将了解如何使应用程序可被 [Zipkin](https://zipkin.io/) 追踪，
 而无需考虑应用程序使用何种开发语言、框架或平台。
diff --git a/content/zh/docs/tasks/observability/metrics/customize-metrics/index.md b/content/zh/docs/tasks/observability/metrics/customize-metrics/index.md
index f5fd30bfdaed..b51d935f69cd 100644
--- a/content/zh/docs/tasks/observability/metrics/customize-metrics/index.md
+++ b/content/zh/docs/tasks/observability/metrics/customize-metrics/index.md
@@ -6,6 +6,7 @@ keywords: [telemetry,metrics,customize]
 owner: istio/wg-policies-and-telemetry-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 此任务向您展示如何自定义 Istio 生成的指标。
 
diff --git a/content/zh/docs/tasks/observability/telemetry/index.md b/content/zh/docs/tasks/observability/telemetry/index.md
index 64bc660f3671..0340ea0efb7c 100644
--- a/content/zh/docs/tasks/observability/telemetry/index.md
+++ b/content/zh/docs/tasks/observability/telemetry/index.md
@@ -7,6 +7,7 @@ owner: istio/wg-policies-and-telemetry-maintainers
 test: no
 status: Stable
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 Istio 提供 [Telemetry API](/zh/docs/reference/config/telemetry/)，
 能够灵活地配置[指标](/zh/docs/tasks/observability/metrics/)、
diff --git a/content/zh/docs/tasks/security/authentication/authn-policy/index.md b/content/zh/docs/tasks/security/authentication/authn-policy/index.md
index 73f2cbcba04d..26715ae49b9c 100644
--- a/content/zh/docs/tasks/security/authentication/authn-policy/index.md
+++ b/content/zh/docs/tasks/security/authentication/authn-policy/index.md
@@ -9,6 +9,7 @@ aliases:
 owner: istio/wg-security-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 本任务涵盖了您在启用、配置和使用 Istio 认证策略时可能需要做的主要工作。
 更多基本概念介绍请查看[认证总览](/zh/docs/concepts/security/#authentication)。
diff --git a/content/zh/docs/tasks/security/authorization/authz-custom/index.md b/content/zh/docs/tasks/security/authorization/authz-custom/index.md
index 672b58415ea7..020210677037 100644
--- a/content/zh/docs/tasks/security/authorization/authz-custom/index.md
+++ b/content/zh/docs/tasks/security/authorization/authz-custom/index.md
@@ -6,6 +6,7 @@ keywords: [security,access-control,rbac,authorization,custom, opa, oauth, oauth2
 owner: istio/wg-security-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 此任务介绍如何使用新的 [action](/zh/docs/reference/config/security/authorization-policy/#AuthorizationPolicy-Action)
 字段 - `CUSTOM`，设置 Istio 授权策略将访问控制委派给外部授权系统。这可以用来与
diff --git a/content/zh/docs/tasks/security/authorization/authz-ingress/index.md b/content/zh/docs/tasks/security/authorization/authz-ingress/index.md
index 4447cfa48001..db91e84fb0cb 100644
--- a/content/zh/docs/tasks/security/authorization/authz-ingress/index.md
+++ b/content/zh/docs/tasks/security/authorization/authz-ingress/index.md
@@ -6,7 +6,7 @@ keywords: [security,access-control,rbac,authorization,ingress,ip,allowlist,denyl
 owner: istio/wg-security-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 MD026 -->
 此任务向您展示如何使用授权策略在 Istio Ingress 网关上实施基于 IP 的访问控制。
 
 {{< boilerplate gateway-api-support >}}
diff --git a/content/zh/docs/tasks/traffic-management/egress/egress-control/index.md b/content/zh/docs/tasks/traffic-management/egress/egress-control/index.md
index 77d8923ac0cd..145a5e2d4037 100644
--- a/content/zh/docs/tasks/traffic-management/egress/egress-control/index.md
+++ b/content/zh/docs/tasks/traffic-management/egress/egress-control/index.md
@@ -9,6 +9,7 @@ keywords: [traffic-management,egress]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 由于默认情况下，来自 Istio-enable Pod 的所有出站流量都会重定向到其 Sidecar
 代理，集群外部 URL 的可访问性取决于代理的配置。默认情况下，Istio 将 Envoy
diff --git a/content/zh/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md b/content/zh/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
index 43e741e524ab..7bbd6e888657 100644
--- a/content/zh/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
+++ b/content/zh/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md
@@ -10,7 +10,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 [为出口流量发起 TLS 连接](/zh/docs/tasks/traffic-management/egress/egress-tls-origination/)
 示例中演示了如何配置 Istio 以对外部服务流量实施 {{< gloss >}}TLS origination{{< /gloss >}}。
 [配置 Egress 网关](/zh/docs/tasks/traffic-management/egress/egress-gateway/)示例中演示了如何配置
diff --git a/content/zh/docs/tasks/traffic-management/egress/egress-gateway/index.md b/content/zh/docs/tasks/traffic-management/egress/egress-gateway/index.md
index be3689192699..8641419867e6 100644
--- a/content/zh/docs/tasks/traffic-management/egress/egress-gateway/index.md
+++ b/content/zh/docs/tasks/traffic-management/egress/egress-gateway/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 {{<warning>}}
 此例子对 Minikube 无效。
 {{</warning>}}
diff --git a/content/zh/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md b/content/zh/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
index b0b37cbe9f69..d4f781338eb0 100644
--- a/content/zh/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
+++ b/content/zh/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
@@ -8,7 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 [控制出口流量](/zh/docs/tasks/traffic-management/egress/)任务和
 [配置一个 Egress 网关](/zh/docs/tasks/traffic-management/egress/egress-gateway/)示例描述如何配置特定主机的出口流量，
 如：`edition.cnn.com`。本示例描述如何为通用域中的一组特定主机开启出口流量，
diff --git a/content/zh/docs/tasks/traffic-management/ingress/gateway-api/index.md b/content/zh/docs/tasks/traffic-management/ingress/gateway-api/index.md
index 8434f5213e2f..8b59cf975d7b 100644
--- a/content/zh/docs/tasks/traffic-management/ingress/gateway-api/index.md
+++ b/content/zh/docs/tasks/traffic-management/ingress/gateway-api/index.md
@@ -9,7 +9,7 @@ keywords: [traffic-management,ingress, gateway-api]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 除了它自己的流量管理 API 之外，
 {{< boilerplate gateway-api-future >}}
 本文描述 Istio 和 Kubernetes API 之间的差异，并提供了一个简单的例子，
diff --git a/content/zh/docs/tasks/traffic-management/ingress/ingress-control/index.md b/content/zh/docs/tasks/traffic-management/ingress/ingress-control/index.md
index ff73c657cd5a..be26ab701acc 100644
--- a/content/zh/docs/tasks/traffic-management/ingress/ingress-control/index.md
+++ b/content/zh/docs/tasks/traffic-management/ingress/ingress-control/index.md
@@ -9,7 +9,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 除了支持 Kubernetes [Ingress](/zh/docs/tasks/traffic-management/ingress/kubernetes-ingress/)，
 Istio 还允许使用 [Istio Gateway](/zh-cn/docs/concepts/traffic-management/#gateways)
 或 [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/)
diff --git a/content/zh/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md b/content/zh/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
index d4b8b7affaf1..45bd91b2970d 100644
--- a/content/zh/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
+++ b/content/zh/docs/tasks/traffic-management/ingress/ingress-sidecar-tls-termination/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,ingress,https]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 在常规的 Istio 网格部署中，下游请求的 TLS 终止是在 Ingress Gateway 处执行的。
 虽然这可以满足大多数使用场景，但对于某些场景（如网格中的 API 网关），Ingress Gateway
 并不是必需的。此任务展示了如何消除 Istio Ingress Gateway 引入的额外跃点，
diff --git a/content/zh/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md b/content/zh/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
index 2b013dae3c6a..a92b24cee648 100644
--- a/content/zh/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
+++ b/content/zh/docs/tasks/traffic-management/ingress/kubernetes-ingress/index.md
@@ -6,7 +6,7 @@ keywords: [traffic-management,ingress]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
-
+<!-- markdownlint-disable-file MD007 -->
 此任务描述如何使用 [Kubernetes Ingress](https://kubernetes.io/zh-cn/docs/concepts/services-networking/ingress/)
 为 Istio 配置入口网关以暴露服务网格集群内的服务。
 
diff --git a/content/zh/docs/tasks/traffic-management/ingress/secure-ingress/index.md b/content/zh/docs/tasks/traffic-management/ingress/secure-ingress/index.md
index a661c65e4c23..2a5afd347007 100644
--- a/content/zh/docs/tasks/traffic-management/ingress/secure-ingress/index.md
+++ b/content/zh/docs/tasks/traffic-management/ingress/secure-ingress/index.md
@@ -9,6 +9,7 @@ keywords: [traffic-management,ingress,sds-credentials]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 [Ingress 流量控制任务](/zh/docs/tasks/traffic-management/ingress/ingress-control)描述了如何配置入口网关以向外部公开
 HTTP 服务。此任务描述如何使用 TLS 或 mTLS 公开安全的 HTTPS 服务。
diff --git a/content/zh/docs/tasks/traffic-management/request-routing/index.md b/content/zh/docs/tasks/traffic-management/request-routing/index.md
index edd9ac035a8b..d479fa2b516c 100644
--- a/content/zh/docs/tasks/traffic-management/request-routing/index.md
+++ b/content/zh/docs/tasks/traffic-management/request-routing/index.md
@@ -8,6 +8,7 @@ keywords: [traffic-management,routing]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 此任务将展示如何将请求动态路由到微服务的多个版本。
 
diff --git a/content/zh/docs/tasks/traffic-management/request-timeouts/index.md b/content/zh/docs/tasks/traffic-management/request-timeouts/index.md
index 35b9b0afdd97..8ff7bacea72f 100644
--- a/content/zh/docs/tasks/traffic-management/request-timeouts/index.md
+++ b/content/zh/docs/tasks/traffic-management/request-timeouts/index.md
@@ -8,6 +8,7 @@ keywords: [traffic-management,timeouts]
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 本任务用于示范如何使用 Istio 在 Envoy 中设置请求超时。
 
diff --git a/content/zh/docs/tasks/traffic-management/tcp-traffic-shifting/index.md b/content/zh/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
index 5272d505ff91..ae5d4a247647 100644
--- a/content/zh/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
+++ b/content/zh/docs/tasks/traffic-management/tcp-traffic-shifting/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 本任务展示了如何将 TCP 流量从微服务的一个版本迁移到另一个版本。
 
diff --git a/content/zh/docs/tasks/traffic-management/traffic-shifting/index.md b/content/zh/docs/tasks/traffic-management/traffic-shifting/index.md
index 5229b618d3ac..ff88ed5a3bfd 100644
--- a/content/zh/docs/tasks/traffic-management/traffic-shifting/index.md
+++ b/content/zh/docs/tasks/traffic-management/traffic-shifting/index.md
@@ -8,6 +8,7 @@ aliases:
 owner: istio/wg-networking-maintainers
 test: yes
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 本任务将向您展示如何将流量从微服务的一个版本逐步迁移到另一个版本。
 例如，您可以将流量从旧版本迁移到新版本。
diff --git a/content/zh/news/releases/1.1.x/announcing-1.1.13/index.md b/content/zh/news/releases/1.1.x/announcing-1.1.13/index.md
index 3cff92408fe5..e20622439516 100644
--- a/content/zh/news/releases/1.1.x/announcing-1.1.13/index.md
+++ b/content/zh/news/releases/1.1.x/announcing-1.1.13/index.md
@@ -11,6 +11,7 @@ aliases:
     - /zh/news/2019/announcing-1.1.13
     - /zh/news/announcing-1.1.13
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 我们很高兴地宣布 Istio 1.1.13 现在是可用的，详情请查看如下更改。
 
diff --git a/content/zh/news/releases/1.1.x/announcing-1.1.16/index.md b/content/zh/news/releases/1.1.x/announcing-1.1.16/index.md
index d4a240812186..371d50336635 100644
--- a/content/zh/news/releases/1.1.x/announcing-1.1.16/index.md
+++ b/content/zh/news/releases/1.1.x/announcing-1.1.16/index.md
@@ -9,6 +9,7 @@ aliases:
     - /zh/news/2019/announcing-1.1.16
     - /zh/news/announcing-1.1.16
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 我们很高兴地宣布 Istio 1.1.16 现在是可用的，详情请查看如下更改。
 
diff --git a/content/zh/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md b/content/zh/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md
index d465ea957ec9..b68a6bf8608d 100644
--- a/content/zh/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md
+++ b/content/zh/news/releases/1.19.x/announcing-1.19/upgrade-notes/index.md
@@ -4,6 +4,7 @@ description: 升级到 Istio 1.19 时要考虑的重要变更。
 weight: 20
 publishdate: 2023-09-05
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当您从 Istio 1.18.x 升级到 Istio 1.19.x 时，您需要考虑本页所述的变更。
 这些说明详述了故意打破 Istio `1.18.x` 向后兼容性的一些变更。
diff --git a/content/zh/news/releases/1.2.x/announcing-1.2.4/index.md b/content/zh/news/releases/1.2.x/announcing-1.2.4/index.md
index eb14a6cccad5..599c944a42fb 100644
--- a/content/zh/news/releases/1.2.x/announcing-1.2.4/index.md
+++ b/content/zh/news/releases/1.2.x/announcing-1.2.4/index.md
@@ -11,6 +11,7 @@ aliases:
     - /zh/news/2019/announcing-1.2.4
     - /zh/news/announcing-1.2.4
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 我们很高兴地宣布 Istio 1.2.4 现在是可用的，详情请查看如下更改。
 
diff --git a/content/zh/news/releases/1.2.x/announcing-1.2.7/index.md b/content/zh/news/releases/1.2.x/announcing-1.2.7/index.md
index 2c1b48420237..ecec4a2fcd4c 100644
--- a/content/zh/news/releases/1.2.x/announcing-1.2.7/index.md
+++ b/content/zh/news/releases/1.2.x/announcing-1.2.7/index.md
@@ -9,6 +9,7 @@ aliases:
     - /zh/news/2019/announcing-1.2.7
     - /zh/news/announcing-1.2.7
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 我们很高兴地宣布 Istio 1.2.7 现在是可用的，详情请查看如下更改。
 
diff --git a/content/zh/news/releases/1.3.x/announcing-1.3.2/index.md b/content/zh/news/releases/1.3.x/announcing-1.3.2/index.md
index d53ace44bc0a..b239a0a591cf 100644
--- a/content/zh/news/releases/1.3.x/announcing-1.3.2/index.md
+++ b/content/zh/news/releases/1.3.x/announcing-1.3.2/index.md
@@ -9,6 +9,7 @@ aliases:
     - /zh/news/2019/announcing-1.3.2
     - /zh/news/announcing-1.3.2
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 我们很高兴地宣布 Istio 1.3.2 发布，请查看下面的更改说明。
 
diff --git a/content/zh/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md b/content/zh/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md
index ebeb300e42dd..8e1360484db4 100644
--- a/content/zh/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md
+++ b/content/zh/news/releases/1.9.x/announcing-1.9/upgrade-notes/index.md
@@ -7,6 +7,7 @@ subtitle: 次要版本
 linktitle: 1.9 升级说明
 publishdate: 2021-02-09
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 当您从 Istio 1.8 升级到 Istio 1.9.x 时，您需要考虑此页面上的更改。
 这些注释详细说明了故意破坏与 Istio 1.8 向后兼容性的更改。
diff --git a/content/zh/news/security/istio-security-2020-006/index.md b/content/zh/news/security/istio-security-2020-006/index.md
index 5556e632fb55..bf86a2d60310 100644
--- a/content/zh/news/security/istio-security-2020-006/index.md
+++ b/content/zh/news/security/istio-security-2020-006/index.md
@@ -10,6 +10,7 @@ publishdate: 2020-06-11
 keywords: [CVE]
 skip_seealso: true
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< security_bulletin >}}
 
diff --git a/content/zh/news/security/istio-security-2020-009/index.md b/content/zh/news/security/istio-security-2020-009/index.md
index 6e284c7909b8..b571ee9f55f6 100644
--- a/content/zh/news/security/istio-security-2020-009/index.md
+++ b/content/zh/news/security/istio-security-2020-009/index.md
@@ -10,6 +10,7 @@ publishdate: 2020-08-11
 keywords: [CVE]
 skip_seealso: true
 ---
+<!-- markdownlint-disable-file MD007 -->
 {{< security_bulletin >}}
 
 Istio 容易受到新发现隐患的攻击：
diff --git a/content/zh/news/security/istio-security-2021-008/index.md b/content/zh/news/security/istio-security-2021-008/index.md
index 82aca7b60263..fd68eec86005 100644
--- a/content/zh/news/security/istio-security-2021-008/index.md
+++ b/content/zh/news/security/istio-security-2021-008/index.md
@@ -10,6 +10,7 @@ publishdate: 2021-08-24
 keywords: [CVE]
 skip_seealso: true
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 {{< security_bulletin >}}
 
diff --git a/content/zh/test/tb/index.md b/content/zh/test/tb/index.md
index 6c768f009ffd..1599b6bdfdd8 100644
--- a/content/zh/test/tb/index.md
+++ b/content/zh/test/tb/index.md
@@ -3,6 +3,7 @@ title: 文本块
 description: 基础文本块。
 skip_sitemap: true
 ---
+<!-- markdownlint-disable-file MD007 -->
 
 带 html 标记的普通文本块
 
diff --git a/mdl.rb b/mdl.rb
deleted file mode 100644
index e3e58e962168..000000000000
--- a/mdl.rb
+++ /dev/null
@@ -1,12 +0,0 @@
-all
-rule 'MD002', :level => 2
-rule 'MD007', :indent => 4
-rule 'MD013', :line_length => 160, :code_blocks => false, :tables => false
-rule 'MD026', :punctuation => ".,;:!"
-exclude_rule 'MD013'
-exclude_rule 'MD014'
-exclude_rule 'MD030'
-exclude_rule 'MD032'
-exclude_rule 'MD033'
-exclude_rule 'MD041'
-exclude_rule 'MD046'
diff --git a/scripts/lint_site.sh b/scripts/lint_site.sh
index d538a6b237ec..48cbf2cd276a 100755
--- a/scripts/lint_site.sh
+++ b/scripts/lint_site.sh
@@ -52,7 +52,7 @@ check_content() {
     # create a throwaway copy of the content
     cp -R "${DIR}" "${TMP}"
     cp .spelling "${TMP}"
-    cp mdl.rb "${TMP}"
+    cp .markdownlint.json "${TMP}"
 
     # replace the {{< text >}} shortcodes with ```plain
     find "${TMP}" -type f -name \*.md -exec sed -E -i "s/\\{\\{< text .*>\}\}/\`\`\`plain/g" {} ";"
@@ -83,10 +83,12 @@ check_content() {
         FAILED=1
     fi
 
-    if ! mdl --ignore-front-matter --style mdl.rb .; then
+    if ! markdownlint-cli2 --config .markdownlint.json "**/*.md"; then
         FAILED=1
     fi
 
+
+
     if grep -nrP --include "*.md" -e "\(https://istio.io/(?!v[0-9]\.[0-9]/|archive/)" .; then
         error "Ensure markdown content uses relative references to istio.io"
         FAILED=1