// Name must be an IANA_SVC_NAME.
  optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2;

  // Host name to connect to, defaults to the pod IP. You probably want to set
  // "Host" in httpHeaders instead.
  // +optional
  optional string host = 3;

  // Scheme to use for connecting to the host.
  // Defaults to HTTP.
  // +optional
  optional string scheme = 4;

    /**
     * Get the value for the key 'virtual.host.headers'. <br>
     * The value is, e.g.  <br>
     * comment: Virtual Host: Host:fess.codelibs.org=fess
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */
    String getVirtualHostHeaders();

    /**
     * Get the value for the key 'virtual.host.headers' as {@link Integer}. <br>

  - [Changelog since v1.21.4](#changelog-since-v1214)
  - [Important Security Information](#important-security-information)
    - [CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access](#cve-2021-25741-symlink-exchange-can-allow-host-filesystem-access)
  - [Changes by Kind](#changes-by-kind-8)
    - [Feature](#feature-6)
    - [Bug or Regression](#bug-or-regression-8)

*   Fixed bad conversion in host port chain name generating func which led to some unreachable host ports. ([#55153](https://github.com/kubernetes/kubernetes/pull/55153),[ @chenchun](https://github.com/chenchun))

- Fixed `DaemonSet` to update the status even if it fails to create a pod. ([#113787](https://github.com/kubernetes/kubernetes/pull/113787), [@gjkim42](https://github.com/gjkim42))
- Fixed `SELinux` label for host path volumes created by host path provisioner ([#112021](https://github.com/kubernetes/kubernetes/pull/112021), [@mrunalp](https://github.com/mrunalp))

- Kube-controller-manager: volume plugins can be restricted from contacting local and loopback addresses by setting `--volume-host-allow-local-loopback=false`, or from contacting specific CIDR ranges by setting `--volume-host-cidr-denylist` (for example, `--volume-host-cidr-denylist=127.0.0.1/28,feed::/16`) ([#91785](https://github.com/kubernetes/kubernetes/pull/91785), [@mattcary](https://github.com/mattcary)) [SIG API Machinery, Apps, Auth, CLI,...

  - The `ValidateProxyRedirects` feature was promoted to Beta and enabled by default. This feature restricts redirect-following from the apiserver to same-host redirects.  If nodes are configured to respond to CRI streaming requests on a different host interface than what the apiserver makes requests on (only the case if not using the built-in dockershim & setting the kubelet flag `--redirect-container-streaming=true`), then these requests will be broken....

  - [Changelog since v1.22.1](#changelog-since-v1221)
  - [Important Security Information](#important-security-information-2)
    - [CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access](#cve-2021-25741-symlink-exchange-can-allow-host-filesystem-access)
  - [Changes by Kind](#changes-by-kind-14)
    - [Feature](#feature-7)
    - [Bug or Regression](#bug-or-regression-14)
  - [Dependencies](#dependencies-15)

* - fluentd-gcp runs with a dedicated fluentd-gcp service account ([#54175](https://github.com/kubernetes/kubernetes/pull/54175), [@tallclair](https://github.com/tallclair))
    * - Stop mounting the host certificates into fluentd's prometheus-to-sd container

- Kubeadm: fix a bug when using external CA mode and trying to upgrade to 1.29 using "kubeadm upgrade apply". Show a warning that kubeadm cannot sign the new "super-admin.conf" as the host does not have a CA and show some instructions on how to manually migrate to the separate "admin.conf" and "super-admin.conf" kubeconfig files. ([#124682](https://github.com/kubernetes/kubernetes/pull/124682), [@neolit123](https://github.com/neolit123))...