Remove superfluous redirects

content/_index.html

@@ -7,7 +7,7 @@ description = "A container sandbox runtime focused on security, efficiency, and
 {{< blocks/cover image_anchor="top" height="auto" color="primary" title="gVisor" >}}
 <div class="mx-auto">
   <p class="lead">A container sandbox runtime focused on <strong>security</strong>, <strong>efficiency</strong>, and <strong>ease of use</strong>.</p>
-  <a class="btn btn-lg btn-primary mr-3 mb-4" href="./docs/user_guide/docker/" >Quick Start<i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
+  <a class="btn btn-lg btn-primary mr-3 mb-4" href="./docs/user_guide/docker/">Quick Start<i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
   <a class="btn btn-lg btn-secondary mr-3 mb-4" href="https://github.com/google/gvisor" rel="noopener">GitHub <i class="fab fa-github ml-2"></i></a>
 </div>
 {{< /blocks/cover >}}
@@ -41,7 +41,7 @@ Read the [documentation](./docs/) to understand gVisor, its architecture and tra
 {{% /blocks/feature %}}
 
 {{% blocks/feature icon="fas fa-code-branch" title="Contribute to gVisor" %}}
-Anyone is welcome to be a gVisor contributor. Please check out the [community information](./docs/community) to get started.
+Anyone is welcome to be a gVisor contributor. Please check out the [community information](./docs/community/) to get started.
 {{% /blocks/feature %}}
 
 {{% blocks/feature icon="fab fa-github" title="Give Feedback" %}}

content/docs/architecture_guide/performance.md

@@ -2,6 +2,7 @@
 title = "Performance Guide"
 weight = 30
 +++
+
 gVisor is designed to provide a secure, virtualized environment while preserving
 key benefits of containerization, such as small fixed overheads and a dynamic
 resource footprint. For containerized infrastructure, this can provide a
@@ -35,7 +36,7 @@ improvements are possible and not possible.
 While we include a variety of workloads here, it’s worth emphasizing that gVisor
 may not be an appropriate solution for every workload, for reasons other than
 performance. For example, a sandbox may provide minimal benefit for a trusted
-database, since *user data would already be inside the sandbox* and there is no
+database, since _user data would already be inside the sandbox_ and there is no
 need for an attacker to break out in the first place.
 
 ## Methodology
@@ -44,11 +45,9 @@ All data below was generated using the [benchmark tools][benchmark-tools]
 repository, and the machines under test are uniform [Google Compute Engine][gce]
 Virtual Machines (VMs) with the following specifications:
 
-```
-Machine type: n1-standard-4 (broadwell)
-Image: Debian GNU/Linux 9 (stretch) 4.19.0-0
-BootDisk: 2048GB SSD persistent disk
-```
+    Machine type: n1-standard-4 (broadwell)
+    Image: Debian GNU/Linux 9 (stretch) 4.19.0-0
+    BootDisk: 2048GB SSD persistent disk
 
 Through this document, `runsc` is used to indicate the runtime provided by
 gVisor. When relevant, we use the name `runsc-platform` to describe a specific
@@ -69,7 +68,7 @@ accesses. Page faults and other Operating System (OS) mechanisms are translated
 through the Sentry, but once mappings are installed and available to the
 application, there is no additional overhead.
 
-{{< graph id="sysbench-memory" url="/performance/sysbench-memory.csv" title="perf.py sysbench.memory --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="sysbench-memory" url="/performance/sysbench-memory.csv" title="perf.py sysbench.memory --runtime=runc --runtime=runsc" >}}
 
 The above figure demonstrates the memory transfer rate as measured by
 `sysbench`.
@@ -85,7 +84,7 @@ For many use cases, fixed memory overheads are a primary concern. This may be
 because sandboxed containers handle a low volume of requests, and it is
 therefore important to achieve high densities for efficiency.
 
-{{< graph id="density" url="/performance/density.csv" title="perf.py density --runtime=runc --runtime=runsc" log="true" y_min="100000" >}}
+{{&lt; graph id="density" url="/performance/density.csv" title="perf.py density --runtime=runc --runtime=runsc" log="true" y_min="100000" >}}
 
 The above figure demonstrates these costs based on three sample applications.
 This test is the result of running many instances of a container (50, or 5 in
@@ -108,7 +107,7 @@ gVisor does not perform emulation or otherwise interfere with the raw execution
 of CPU instructions by the application. Therefore, there is no runtime cost
 imposed for CPU operations.
 
-{{< graph id="sysbench-cpu" url="/performance/sysbench-cpu.csv" title="perf.py sysbench.cpu --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="sysbench-cpu" url="/performance/sysbench-cpu.csv" title="perf.py sysbench.cpu --runtime=runc --runtime=runsc" >}}
 
 The above figure demonstrates the `sysbench` measurement of CPU events per
 second. Events per second is based on a CPU-bound loop that calculates all prime
@@ -119,7 +118,7 @@ This has important consequences for classes of workloads that are often
 CPU-bound, such as data processing or machine learning. In these cases, `runsc`
 will similarly impose minimal runtime overhead.
 
-{{< graph id="tensorflow" url="/performance/tensorflow.csv" title="perf.py tensorflow --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="tensorflow" url="/performance/tensorflow.csv" title="perf.py tensorflow --runtime=runc --runtime=runsc" >}}
 
 For example, the above figure shows a sample TensorFlow workload, the
 [convolutional neural network example][cnn]. The time indicated includes the
@@ -133,7 +132,7 @@ supports a variety of platforms. These platforms present distinct performance,
 compatibility and security trade-offs. For example, the KVM platform has low
 overhead system call interception but runs poorly with nested virtualization.
 
-{{< graph id="syscall" url="/performance/syscall.csv" title="perf.py syscall --runtime=runc --runtime=runsc-ptrace --runtime=runsc-kvm" y_min="100" log="true" >}}
+{{&lt; graph id="syscall" url="/performance/syscall.csv" title="perf.py syscall --runtime=runc --runtime=runsc-ptrace --runtime=runsc-kvm" y_min="100" log="true" >}}
 
 The above figure demonstrates the time required for a raw system call on various
 platforms. The test is implemented by a custom binary which performs a large
@@ -144,7 +143,7 @@ tend to be high-performance data stores and static network services. In general,
 the impact of system call interception will be lower the more work an
 application does.
 
-{{< graph id="redis" url="/performance/redis.csv" title="perf.py redis --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="redis" url="/performance/redis.csv" title="perf.py redis --runtime=runc --runtime=runsc" >}}
 
 For example, `redis` is an application that performs relatively little work in
 userspace: in general it reads from a connected socket, reads or modifies some
@@ -164,7 +163,7 @@ For many use cases, the ability to spin-up containers quickly and efficiently is
 important. A sandbox may be short-lived and perform minimal user work (e.g. a
 function invocation).
 
-{{< graph id="startup" url="/performance/startup.csv" title="perf.py startup --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="startup" url="/performance/startup.csv" title="perf.py startup --runtime=runc --runtime=runsc" >}}
 
 The above figure indicates how total time required to start a container through
 [Docker][docker]. This benchmark uses three different applications. First, an
@@ -176,7 +175,7 @@ similarly loads a number of modules and binds an HTTP server.
 > Note: most of the time overhead above is associated Docker itself. This is
 > evident with the empty `runc` benchmark. To avoid these costs with `runsc`,
 > you may also consider using `runsc do` mode or invoking the [OCI
-> runtime](../../user_guide/oci) directly.
+> runtime](../../user_guide/oci/) directly.
 
 ## Network
 
@@ -187,14 +186,14 @@ While typically not an important metric in practice for common sandbox use
 cases, nevertheless `iperf` is a common microbenchmark used to measure raw
 throughput.
 
-{{< graph id="iperf" url="/performance/iperf.csv" title="perf.py iperf --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="iperf" url="/performance/iperf.csv" title="perf.py iperf --runtime=runc --runtime=runsc" >}}
 
 The above figure shows the result of an `iperf` test between two instances. For
 the upload case, the specified runtime is used for the `iperf` client, and in
 the download case, the specified runtime is the server. A native runtime is
 always used for the other endpoint in the test.
 
-{{< graph id="applications" metric="requests_per_second" url="/performance/applications.csv" title="perf.py http.(node|ruby) --connections=25 --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="applications" metric="requests_per_second" url="/performance/applications.csv" title="perf.py http.(node|ruby) --connections=25 --runtime=runc --runtime=runsc" >}}
 
 The above figure shows the result of simple `node` and `ruby` web services that
 render a template upon receiving a request. Because these synthetic benchmarks
@@ -215,20 +214,20 @@ through the [Gofer](../) as a result of our [security model](../security/), but
 in most cases are dominated by **implementation costs**, due to an internal
 [Virtual File System][vfs] (VFS) implementation that needs improvement.
 
-{{< graph id="fio-bw" url="/performance/fio.csv" title="perf.py fio --engine=sync --runtime=runc --runtime=runsc" log="true" >}}
+{{&lt; graph id="fio-bw" url="/performance/fio.csv" title="perf.py fio --engine=sync --runtime=runc --runtime=runsc" log="true" >}}
 
 The above figures demonstrate the results of `fio` for reads and writes to and
 from the disk. In this case, the disk quickly becomes the bottleneck and
 dominates other costs.
 
-{{< graph id="fio-tmpfs-bw" url="/performance/fio-tmpfs.csv" title="perf.py fio --engine=sync --runtime=runc --tmpfs=True --runtime=runsc" log="true" >}}
+{{&lt; graph id="fio-tmpfs-bw" url="/performance/fio-tmpfs.csv" title="perf.py fio --engine=sync --runtime=runc --tmpfs=True --runtime=runsc" log="true" >}}
 
 The above figure shows the raw I/O performance of using a `tmpfs` mount which is
 sandbox-internal in the case of `runsc`. Generally these operations are
 similarly bound to the cost of copying around data in-memory, and we don't see
 the cost of VFS operations.
 
-{{< graph id="httpd100k" metric="transfer_rate" url="/performance/httpd100k.csv" title="perf.py http.httpd --connections=1 --connections=5 --connections=10 --connections=25 --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="httpd100k" metric="transfer_rate" url="/performance/httpd100k.csv" title="perf.py http.httpd --connections=1 --connections=5 --connections=10 --connections=25 --runtime=runc --runtime=runsc" >}}
 
 The high costs of VFS operations can manifest in benchmarks that execute many
 such operations in the hot path for serving requests, for example. The above
@@ -241,16 +240,22 @@ internal serialization points (since all requests are reading the same file).
 Note that some of some of network stack performance issues also impact this
 benchmark.
 
-{{< graph id="ffmpeg" url="/performance/ffmpeg.csv" title="perf.py media.ffmpeg --runtime=runc --runtime=runsc" >}}
+{{&lt; graph id="ffmpeg" url="/performance/ffmpeg.csv" title="perf.py media.ffmpeg --runtime=runc --runtime=runsc" >}}
 
 For benchmarks that are bound by raw disk I/O and a mix of compute, file system
 operations are less of an issue. The above figure shows the total time required
 for an `ffmpeg` container to start, load and transcode a 27MB input video.
 
 [ab]: https://en.wikipedia.org/wiki/ApacheBench
+
 [benchmark-tools]: https://gvisor.googlesource.com/benchmark-tools
+
 [gce]: https://cloud.google.com/compute/
+
 [cnn]: https://github.com/aymericdamien/TensorFlow-Examples/blob/master/examples/3_NeuralNetworks/convolutional_network.py
+
 [docker]: https://docker.io
+
 [redis-benchmark]: https://redis.io/topics/benchmarks
+
 [vfs]: https://en.wikipedia.org/wiki/Virtual_file_system