// cachingMode is the Host Caching mode: None, Read Only, Read Write.
  // +optional
  optional string cachingMode = 3;

  // fsType is Filesystem type to mount.
  // Must be a filesystem type supported by the host operating system.
  // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
  // +optional
  optional string fsType = 4;

  // readOnly Defaults to false (read/write). ReadOnly here will force

### Bug or Regression

- Kube-Proxy now correctly filters out unready endpoints for Services with Topology Aware Hints enabled. (#106507, @robscott) [SIG Network]
- Kubelet: the printing of flags at the start of kubelet now uses the final logging configuration (#106520, @pohly) [SIG Node]
- Topology Aware Hints now ignores unready endpoints when assigning hints. (#106510, @robscott) [SIG Apps and Network]

## Dependencies

* The annotation `service.alpha.kubernetes.io/tolerate-unready-endpoints` is deprecated.  Users should use Service.spec.publishNotReadyAddresses...

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

* Retry 'connection refused' errors when setting up clusters on GCE. ([#57394](https://github.com/kubernetes/kubernetes/pull/57394), [@mborsz](https://github.com/mborsz))

* YAMLDecoder Read now returns the number of bytes read ([#57000](https://github.com/kubernetes/kubernetes/pull/57000), [@sel](https://github.com/sel))

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

* Cluster Autoscaler publishes its status to kube-system/cluster-autoscaler-status ConfigMap.
* Cluster Autoscaler can continue operations while some nodes are broken or unready.
* Cluster Autoscaler respects Pod Disruption Budgets when removing a node.

### DaemonSet

  - [1.14 What’s New](#114-whats-new)
  - [Known Issues](#known-issues-1)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
  - [Deprecations](#deprecations)
  - [Removed and deprecated metrics](#removed-and-deprecated-metrics)
    - [Removed metrics](#removed-metrics)

    /**
     * Get the value for the key 'indexer.thread.dump.enabled'. <br>
     * The value is, e.g. true <br>
     * comment: indexer
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */
    String getIndexerThreadDumpEnabled();

    /**
     * Is the property for the key 'indexer.thread.dump.enabled' true? <br>
     * The value is, e.g. true <br>

- Pod spread constraints have been added in alpha. You can use these constraints to control how Pods are spread across the cluster among failure-domains. ([#77327](https://github.com/kubernetes/kubernetes/pull/77327), [#77760](https://github.com/kubernetes/kubernetes/pull/77760), [#77828](https://github.com/...