- DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([#134452](https://github.com/kubernetes/kubernetes/pull/134452), [@pohly](https://github.com/pohly)) [SIG Auth, Node, Scheduling and Testing]

	defer healTimer.Stop()

	var maxRefreshDurationSecondsForLog float64 = 10 // 10 seconds..

	for {
		select {
		case <-healTimer.C:
			c.RLock()
			enabled := c.enabled
			c.RUnlock()
			if enabled {
				refreshStart := time.Now()
				c.healIAMSystem(ctx, objAPI) // heal IAM system first
				c.healBuckets(ctx, objAPI)   // heal buckets subsequently

	// destination are same objects. Apply this restriction also when
	// metadataOnly is true indicating that we are not overwriting the object.
	// if encryption is enabled we do not need explicit "REPLACE" metadata to
	// be enabled as well - this is to allow for key-rotation.
	if !isDirectiveReplace(r.Header.Get(xhttp.AmzMetadataDirective)) && !isDirectiveReplace(r.Header.Get(xhttp.AmzTagDirective)) &&

**Who is affected?**

Only Kubernetes 1.5.0-1.5.4 installations that do all of the following:
* Enable the PodSecurityPolicy API (which is not enabled by default):
  * `--runtime-config=extensions/v1beta1/podsecuritypolicy=true`
* Enable the PodSecurityPolicy admission plugin (which is not enabled by default):
  * `--admission-control=...,PodSecurityPolicy,...`
* Use authorization to limit users' ability to use specific PodSecurityPolicy objects

* Update GlusterFS provisioning readme with endpoint/service details ([#31854](https://github.com/kubernetes/kubernetes/pull/31854), [@humblec](https://github.com/humblec))
* Add logging for enabled/disabled API Groups ([#32198](https://github.com/kubernetes/kubernetes/pull/32198), [@deads2k](https://github.com/deads2k))

		// Built-in user should be imported without errors even if LDAP is
		// enabled.
		allUsersFile: `{
  "foo": {
    "secretKey": "foobar123",
    "status": "enabled"
  }
}
`,
		// Built-in groups should be imported without errors even if LDAP is
		// enabled.
		allGroupsFile: `{
  "mygroup": {
    "version": 1,
    "status": "enabled",
    "members": [
      "foo"
    ],

          </code>
        </codeSegment>
        <codeSegment>
          <version>4.0.0/4.0.99</version>
          <code>
            <![CDATA[
    public void setEnabled(boolean enabled) {
        setEnabled(String.valueOf(enabled));
    }

            ]]>
          </code>
        </codeSegment>
      </codeSegments>
    </class>

this._getPlacement(),\n      modifiers: {\n        offset: this._getOffset(),\n        flip: {\n          enabled: this._config.flip\n        },\n        preventOverflow: {\n          boundariesElement: this._config.boundary\n        }\n      }\n    }\n\n    // Disable Popper if we have a static display\n    if (this._config.display === 'static') {\n      popperConfig.modifiers.applyStyle = {\n        enabled: false\n      }\n    }\n\n    return {\n      ...popperConfig,\n      ...this._config.popperConfig\n...

					lock, _, _, _, err := clnt.GetObjectLockConfig(ctx, arn.Bucket)
					if err != nil {
						return sameTarget, errorCodes.ToAPIErrWithErr(ErrReplicationDestinationMissingLock, err)
					}
					if lock != objectlock.Enabled {
						return sameTarget, errorCodes.ToAPIErrWithErr(ErrReplicationDestinationMissingLock, nil)
					}
				}
			}
		}
		// if checked bucket, then check the ready is unnecessary

			// Only BucketExists error can be ignored.
			return false, err
		}
		bucketExists = true
	}

	if globalSiteReplicationSys.isEnabled() {
		configData := []byte(`<VersioningConfiguration><Status>Enabled</Status><ExcludedPrefixes><Prefix>speedtest/*</Prefix></ExcludedPrefixes></VersioningConfiguration>`)
		if _, err = globalBucketMetadataSys.Update(ctx, bucketName, bucketVersioningConfig, configData); err != nil {