Fix links to relocated kubelet TLS bootstrapping topic (#9332)

Fixes: #9330

content/en/docs/concepts/architecture/master-node-communication.md

@@ -38,8 +38,8 @@ Nodes should be provisioned with the public root certificate for the cluster
 such that they can connect securely to the apiserver along with valid client
 credentials. For example, on a default GCE deployment, the client credentials
 provided to the kubelet are in the form of a client certificate. See
-[kubelet TLS bootstrapping](/docs/admin/kubelet-tls-bootstrapping/) for
-automated provisioning of kubelet client certificates.
+[kubelet TLS bootstrapping](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/)
+for automated provisioning of kubelet client certificates.
 
 Pods that wish to connect to the apiserver can do so securely by leveraging a
 service account so that Kubernetes will automatically inject the public root

content/en/docs/concepts/cluster-administration/cluster-administration-overview.md

@@ -62,7 +62,7 @@ If you are using a guide involving Salt, see [Configuring Kubernetes with Salt](
 
 ### Securing the kubelet
   * [Master-Node communication](/docs/concepts/architecture/master-node-communication/)
-  * [TLS bootstrapping](/docs/admin/kubelet-tls-bootstrapping/)
+  * [TLS bootstrapping](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/)
   * [Kubelet authentication/authorization](/docs/admin/kubelet-authentication-authorization/)
 
 ## Optional Cluster Services

content/en/docs/reference/access-authn-authz/rbac.md

@@ -607,7 +607,8 @@ This is commonly used by add-on API servers for unified authentication and autho
 <tr>
 <td><b>system:node-bootstrapper</b></td>
 <td>None</td>
-<td>Allows access to the resources required to perform <a href="/docs/admin/kubelet-tls-bootstrapping/">Kubelet TLS bootstrapping</a>.</td>
+<td>Allows access to the resources required to perform
+<a href="/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/">Kubelet TLS bootstrapping</a>.</td>
 </tr>
 <tr>
 <td><b>system:node-problem-detector</b></td>

content/en/docs/reference/setup-tools/kubeadm/implementation-details.md

@@ -234,7 +234,8 @@ The static Pod manifest for the API server is affected by following parameters p
 Other API server flags that are set unconditionally are:
 
  - `--insecure-port=0` to avoid insecure connections to the api server
- - `--enable-bootstrap-token-auth=true` to enable the `BootstrapTokenAuthenticator` authentication module. see [TLS Bootstrapping](/docs/admin/kubelet-tls-bootstrapping.md) for more details
+ - `--enable-bootstrap-token-auth=true` to enable the `BootstrapTokenAuthenticator` authentication module.
+   See [TLS Bootstrapping](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/) for more details
  - `--allow-privileged` to `true` (required e.g. by kube proxy)
  - `--requestheader-client-ca-file` to `front-proxy-ca.crt`
  - `--enable-admission-plugins` to:
@@ -282,7 +283,7 @@ The static Pod manifest for the API server is affected by following parameters p
 Other flags that are set unconditionally are:
 
  - `--controllers` enabling all the default controllers plus `BootstrapSigner` and `TokenCleaner` controllers for TLS bootstrap.
-    see [TLS Bootstrapping](/docs/admin/kubelet-tls-bootstrapping.md) for more details
+   See [TLS Bootstrapping](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/) for more details
  - `--use-service-account-credentials` to `true`
  - Flags for using certificates generated in previous steps:
     - `--root-ca-file` to `ca.crt`

content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md

@@ -68,7 +68,7 @@ following steps:
 
 1. Makes all the necessary configurations for allowing node joining with the
    [Bootstrap Tokens](/docs/admin/bootstrap-tokens/) and
-   [TLS Bootstrap](/docs/admin/kubelet-tls-bootstrapping/)
+   [TLS Bootstrap](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/)
    mechanism:
 
    - Write a ConfigMap for making available all the information required