From b0571ccbf90b2a08009ab5fc33ab630ab0474da9 Mon Sep 17 00:00:00 2001
From: Alessio Greggi <ale_grey_91@hotmail.it>
Date: Tue, 30 Sep 2025 06:10:16 +0200
Subject: [PATCH] docs(hardening): fix broken link (#12577)

Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
---
 docs/operations/hardening.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operations/hardening.md b/docs/operations/hardening.md
index a6c4984a3..b3f687f80 100644
--- a/docs/operations/hardening.md
+++ b/docs/operations/hardening.md
@@ -123,7 +123,7 @@ Let's take a deep look to the resultant **kubernetes** configuration:
 * The `rotateCertificates` in `KubeletConfiguration` is set to `true` along with `serverTLSBootstrap`. This could be used in alternative to `tlsCertFile` and `tlsPrivateKeyFile` parameters. Additionally it automatically generates certificates by itself. By default the CSRs are approved automatically via [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver). You can customize approval configuration by modifying Helm values via `kubelet_csr_approver_values`.
   See <https://kubernetes.io/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/> for more information on the subject.
 * The `kubelet_systemd_hardening`, both with `kubelet_secure_addresses` setup a minimal firewall on the system. To better understand how these variables work, here's an explanatory image:
-  ![kubelet hardening](img/kubelet-hardening.png)
+  ![kubelet hardening](../img/kubelet-hardening.png)
 
 Once you have the file properly filled, you can run the **Ansible** command to start the installation: