fix markdownlint err

zrggw · zrggw · commit f06c1c5ae179 · 2025-08-25T10:04:01.000+08:00
Signed-off-by: aicee &lt;hhbin2000@foxmail.com&gt;
diff --git a/content/en/docs/userguide/use_IPsec_in_Kmesh_cluster.md b/content/en/docs/userguide/use_IPsec_in_Kmesh_cluster.md
@@ -17,7 +17,7 @@ IPsec is a mature and widely used encryption method for inter-node communication
 
 ### How to enable IPsec in Kmesh
 
-**Step 1: Generate an IPsec pre-shared key for Kmesh before starting Kmesh. Currently, only the rfc4106 (gcm(AES)) algorithm is supported. The key must be 36 bytes (32 bytes for the algorithm key and 4 bytes for the salt), provided as a 72-character hexadecimal string.**
+#### Step 1: Generate an IPsec pre-shared key for Kmesh before starting Kmesh. Currently, only the rfc4106 (gcm(AES)) algorithm is supported. The key must be 36 bytes (32 bytes for the algorithm key and 4 bytes for the salt), provided as a 72-character hexadecimal string
 
 ``` bash
 kmeshctl secret --key=<aead key>
@@ -35,27 +35,27 @@ If you want to use a custom key, you can use the following command
 kmeshctl secret --key=$(echo -n "{36-bytes user-defined key here}" | xxd -p -c 64)
 ```
 
-**Step 2: Add the parameter --enable-ipsec=true to the Kmesh yaml**
+#### Step 2: Add the parameter --enable-ipsec=true to the Kmesh yaml
 
 ```plaintext
 kmesh.yaml
 ...
 args:
 [
-	"./start_kmesh.sh --mode=dual-engine --enable-bypass=false --enable-ipsec=true",
+    "./start_kmesh.sh --mode=dual-engine --enable-bypass=false --enable-ipsec=true",
 ]
 ...
 ```
 
-**Step 3: Place pods or namespace under the management of Kmesh.**
+#### Step 3: Place pods or namespace under the management of Kmesh
 
 Only when both communicating pods are managed by Kmesh, will they enter the encryption process.
 
 ``` bash
 kubectl label namespace default istio.io/dataplane-mode=Kmesh
 ```
 
-**Step 4: Test whether the data packet has been encrypted**
+#### Step 4: Test whether the data packet has been encrypted
 
 Use tcpdump on nodes to capture packets and check if IPsec has been used during data communication between nodes (determined by ESP packets)
 
@@ -69,7 +69,7 @@ tcpdump -i any |grep ESP
 ...
 ```
 
-**Step 5: Replace pre shared key**
+#### Step 5: Replace pre shared key
 
 After a period of time, the pre-shared key of the cluster can be changed. After changing the pre-shared key, the ESP SPI number of the IPsec used for communication between nodes will be increased by 1 compared to the previous version. This can be observed again through using tcpdump. The initial IPSec SPI version number is 1
 
@@ -85,6 +85,6 @@ root@master:~/kmesh# tcpdump -i any |grep ESP
 
 ### Note
 
-1. IPsec encryption uses mark `0xe0` and `0xd0` as markers for IPsec encryption and decryption. Please ensure that no conflicting Makr is used on the host network, otherwise unknown behavior may occur
+1. IPsec encryption uses mark `0xe0` and `0xd0` as markers for IPsec encryption and decryption. Please ensure that no conflicting Mark is used on the host network, otherwise unknown behavior may occur
 
 2. Please ensure that `address MASQ` is not used on packets encrypted with IPsec. After address MASQ, IPsec cannot accurately match encryption and decryption rules, which can result in packet loss
