- Kubeadm: during execution of the "check expiration" command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all...

search_engine.type=default
# The URL of the search engine HTTP endpoint.
# For IPv6 environments, use brackets around the IPv6 address (e.g., http://[::1]:9201)
search_engine.http.url=http://localhost:9201
# Path to SSL certificate authorities for secure HTTP connections.
search_engine.http.ssl.certificate_authorities=
# Username for authenticating to the search engine.
search_engine.username=
# Password for authenticating to the search engine.

- Kubeadm: make etcd pod request 100m CPU,...

- Updated the control plane's trust anchor publisher to create and manage a new ClusterTrustBundle object, associated with the `kubernetes.io/kube-apiserver-serving` X.509 certificate signer. This ClusterTrustBundle contains a PEM bundle in its payload that you can use to verify kube-apiserver serving certificates. ([#127326](https://github.com/kubernetes/kubernetes/pull/127326), [@stlaz](https://github.com/stlaz)) [SIG API Machinery, Apps, Auth, Cluster Lifecycle and Testing]

- Fixes an issue where the vsphere cloud provider will not trust a certificate if:
  - The issuer of the certificate is unknown (x509.UnknownAuthorityError)
  - The requested name does not match the set of authorized names (x509.HostnameError)

    <glob pattern="*.acc"/>
  </mime-type>
  <mime-type type="application/vnd.amiga.ami">
    <glob pattern="*.ami"/>
  </mime-type>
  <mime-type type="application/vnd.anser-web-certificate-issue-initiation">
    <glob pattern="*.cii"/>
  </mime-type>
  <mime-type type="application/vnd.anser-web-funds-transfer-initiation">
    <glob pattern="*.fti"/>
  </mime-type>

* AWS: fix volume device assignment race condition ([#31090](https://github.com/kubernetes/kubernetes/pull/31090), [@justinsb](https://github.com/justinsb))
* The certificates API group has been renamed to certificates.k8s.io ([#31887](https://github.com/kubernetes/kubernetes/pull/31887), [@liggitt](https://github.com/liggitt))

Il est intégré à Let's Encrypt. Ainsi, il peut gérer toutes les parties HTTPS, y compris l'acquisition et le renouvellement des certificats.

Il est également intégré à Docker. Ainsi, vous pouvez déclarer vos domaines dans les configurations de chaque application et faire en sorte qu'elles lisent ces configurations, génèrent les certificats HTTPS et servent via HTTPS à votre application automatiquement, sans nécessiter aucune modification de leurs configurations.

     */
    String getSearchEngineHttpUrl();

    /**
     * Get the value for the key 'search_engine.http.ssl.certificate_authorities'. <br>
     * The value is, e.g.  <br>
     * comment: Path to SSL certificate authorities for secure HTTP connections.
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */
    String getSearchEngineHttpSslCertificateAuthorities();

FROM golang:1.24-alpine as build

ARG TARGETARCH
ARG RELEASE

ENV GOPATH=/go
ENV CGO_ENABLED=0

# Install curl and minisign
RUN apk add -U --no-cache ca-certificates && \
    apk add -U --no-cache curl && \
    go install aead.dev/minisign/cmd/minisign@v0.2.1

# Download minio binary and signature files
RUN curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \