to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4
  - kubelet = v1.32.0

**Fixed Versions**:
  - kubelet 1.29.13
  - kubelet 1.30.9
  - kubelet 1.31.5
  - kubelet 1.32.1

This vulnerability was reported by Peled, Tomer and mitigated by Aravindh Puthiyaprambil. 

to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4
  - kubelet = v1.32.0

**Fixed Versions**:
  - kubelet 1.29.13
  - kubelet 1.30.9
  - kubelet 1.31.5
  - kubelet 1.32.1

This vulnerability was reported by Peled, Tomer and mitigated by Aravindh Puthiyaprambil.

- New configuration is introduced to the kubelet that allows it to track container images and the list of authentication information that leads to their successful pulls. This data is persisted across reboots of the host and restarts of the kubelet.
  

    1. Generate a `/var/lib/kubelet/instance-config.yaml` file to customize the `containerRuntimeEndpoint` field in per-node kubelet configurations.
    2. Remove the `kubeadm.alpha.kubernetes.io/cri-socket` annotation from nodes during upgrade operations.

				break
			}
			if i == 0 {
				globalStorageClass.Update(sc)
			}
		}
	case config.SubnetSubSys:
		subnetConfig, err := subnet.LookupConfig(s[config.SubnetSubSys][config.Default], globalRemoteTargetTransport)
		if err != nil {
			configLogIf(ctx, fmt.Errorf("Unable to parse subnet configuration: %w", err))
		} else {
			globalSubnetConfig.Update(subnetConfig, globalIsCICD)

```sh
mc admin trace --verbose myminio
```

To trace entire HTTP request and also internode communication

```sh
mc admin trace --all --verbose myminio
```

## Subnet Health

> NOTE:  While MinIO does not implement an upper boundary on buckets, your cluster's hardware has natural limits that depend on the workload and its scaling patterns. We strongly recommend [MinIO SUBNET](https://min.io/pricing) for architecture and sizing guidance for your production use case.

## List of Amazon S3 APIs not supported on MinIO

	for {
		select {
		case hi, hasMore := <-healthInfoCh:
			if !hasMore {
				auditOptions := AuditLogOptions{Event: "callhome:diagnostics"}
				// Received all data. Send to SUBNET and return
				err := sendHealthInfo(ctx, healthInfo)
				if err != nil {
					internalLogIf(ctx, fmt.Errorf("Unable to perform callhome: %w", err))
					auditOptions.Error = err.Error()
				}

See [CRIME TLS](https://en.wikipedia.org/wiki/CRIME) as an example of this.

Therefore, compression is disabled when encrypting by default, and must be enabled separately.

Consult our security experts on [SUBNET](https://min.io/pricing) to help you evaluate if
your setup can use this feature combination safely.

To enable compression+encryption use:

```bash
~ mc admin config set myminio compression allow_encryption=on
```

func IsKubernetes() bool {
	// Kubernetes env used to validate if we are
	// indeed running inside a kubernetes pod
	// is KUBERNETES_SERVICE_HOST
	// https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kubelet_pods.go#L541
	return env.Get("KUBERNETES_SERVICE_HOST", "") != ""
}

// IsBOSH returns true if minio is deployed from a bosh package
func IsBOSH() bool {