passwordSecret:
                description: passwordSecret is name of the authentication secret for
                  BGP Peer. the secret must be of type "kubernetes.io/basic-auth",
                  and created in the same namespace as the MetalLB deployment. The
                  password is stored in the secret as the key "password".
                properties:
                  name:

    },
    {
      "@type": "type.googleapis.com/envoy.admin.v3.SecretsConfigDump",
      "dynamic_active_secrets": [
        {
          "name": "default",
          "last_updated": "2023-05-15T01:32:52.262Z",
          "secret": {
            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
            "name": "default",
            "tls_certificate": {
              "certificate_chain": {

                                            "address": {
                                                "pipe": {
                                                    "path": "./var/run/secrets/workload-spiffe-uds/socket"
                                                }
                                            },
                                            "health_check_config": {}

* Add federation api and cm servers to hyperkube ([#27586](https://github.com/kubernetes/kubernetes/pull/27586), [@colhom](https://github.com/colhom))
* federation: Creating kubeconfig files to be used for creating secrets for clusters on aws and gke ([#27332](https://github.com/kubernetes/kubernetes/pull/27332), [@nikhiljindal](https://github.com/nikhiljindal))

                "uid": "${datasource}"
              },
              "expr": "sum(irate(pilot_xds_pushes{type=\"sds\"}[1m]))",
              "interval": "",
              "legendFormat": "Secrets",
              "refId": "B"
            },
            {
              "datasource": {
                "type": "prometheus",
                "uid": "${datasource}"
              },

                        },
                        "alpn_protocols": [
                          "h2"
                        ],
                        "tls_certificate_sds_secret_configs": [
                          {
                            "name": "default",
                            "sds_config": {
                              "api_config_source": {
                                "api_type": "GRPC",

                        },
                        "alpn_protocols": [
                          "h2"
                        ],
                        "tls_certificate_sds_secret_configs": [
                          {
                            "name": "default",
                            "sds_config": {
                              "api_config_source": {
                                "api_type": "GRPC",

	if err != nil {
		secretKey, err := getTokenSigningKey()
		if err != nil {
			return nil, err
		}
		// Session tokens for STS creds will be generated with root secret or site-replicator-0 secret
		jwtClaims, err = auth.ExtractClaims(u.Credentials.SessionToken, secretKey)
		if err != nil {
			return nil, err
		}
	}
	return jwtClaims, nil
}

 *  Fix: Don't leak a connection when a call is canceled immediately preceding the `onFailure()`
    callback.

 *  Fix: Apply call timeouts when connecting duplex calls, web sockets, and server-sent events.
    Once the streams are established no further timeout is enforced.

 *  Fix: Retain the `Route` when a connection is reused on a redirect or other follow-up. This was

		Code:           "InvalidArgument",
		Description:    "The secret key was invalid for the specified algorithm.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrMissingSSECustomerKey: {
		Code:           "InvalidArgument",
		Description:    "Requests specifying Server Side Encryption with Customer provided keys must provide an appropriate secret key.",
		HTTPStatusCode: http.StatusBadRequest,
	},