### Runtime log sanitation

Logs can now be configured to use runtime protection from leaking sensitive data. [Details for this experimental feature is available in documentation](https://docs.k8s.io/concepts/cluster-administration/system-logs/#log-sanitization).

### Pod resource metrics

* Advanced audit policy now supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources. ([#48836](https://github.com/kubernetes/kubernetes/pull/48836), [@ericchiang](https://github.com/ericchiang))

		Value:  10 * humanize.MiByte,
		EnvVar: "MINIO_LOG_SIZE",
		Hidden: true,
	},
	cli.BoolFlag{
		Name:   "log-compress",
		Usage:  "specify if we want the rotated logs to be gzip compressed or not",
		EnvVar: "MINIO_LOG_COMPRESS",
		Hidden: true,
	},
	cli.StringFlag{
		Name:   "log-prefix",
		Usage:  "specify the log prefix name for the server log",

									<location>${project.basedir}</location>
									<includes>
										<include>plugin.xml</include>
									</includes>
								</source>
							</sources>
						</mapping>
						<!-- logs (empty) -->
						<mapping>
							<directory>${packaging.fess.log.dir}</directory>
						</mapping>
						<!-- temp (empty) -->
						<mapping>
							<directory>${packaging.fess.temp.dir}</directory>

labels.clear_crawler_index=Crawler Indices
labels.clear_crawler_index_button=Clear Crawler Indices
labels.diagnostic_logs=Diagnostic
labels.download_diagnostic_logs_button=Download Logs
labels.reload_doc_index=Reload Doc Index
labels.reload_doc_index_button=Reload
labels.plugin_title=Plugin
labels.plugin_list_name=Plugin List
labels.plugin_type=Type
labels.plugin_name=Name

* federation: Updating KubeDNS to try finding a local service first for federation query ([#27708](https://github.com/kubernetes/kubernetes/pull/27708), [@nikhiljindal](https://github.com/nikhiljindal))
* Support journal logs in fluentd-gcp on GCI ([#27981](https://github.com/kubernetes/kubernetes/pull/27981), [@a-robinson](https://github.com/a-robinson))

labels.clear_crawler_index=Crawler Indices
labels.clear_crawler_index_button=Clear Crawler Indices
labels.diagnostic_logs=Diagnostic
labels.download_diagnostic_logs_button=Download Logs
labels.reload_doc_index=Reload Doc Index
labels.reload_doc_index_button=Reload
labels.plugin_title=Plugin
labels.plugin_list_name=Plugin List
labels.plugin_type=Type
labels.plugin_name=Name

// "<>",            yielding (true,  obj.ABI0)
// "<ABI0>"         yielding (false, obj.ABI0)
// "<ABIInternal>"  yielding (false, obj.ABIInternal)
//
// Anything else beginning with "<" logs an error if issueError is
// true, otherwise returns (false, obj.ABI0).
func (p *Parser) symRefAttrs(name string, issueError bool) (bool, obj.ABI) {
	abi := obj.ABI0
	isStatic := false
	if p.peek() != '<' {

untrusted user can to modify Node objects and send requests proxying through them.

Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to be redirected to the...

* Audit policy supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources. ([#48836](https://github.com/kubernetes/kubernetes/pull/48836), [@ericchiang](https://github.com/ericchiang))