#### **Audit**

*   Fixed a bug so that `kube-apiserver` now waits for open connections to finish before exiting. This fix provides graceful shutdown and ensures that the audit backend no longer drops events on shutdown. ([#53695](https://github.com/kubernetes/kubernetes/pull/53695),[ @hzxuzhonghu](https://github.com/hzxuzhonghu))

    for (N node : graph.nodes()) {
      nodeConnections.put(node, connectionsOf(graph, node));
    }
    return nodeConnections.buildOrThrow();
  }

  private static <N, V> GraphConnections<N, V> connectionsOf(ValueGraph<N, V> graph, N node) {
    Function<N, V> successorNodeToValueFn =
        (N successorNode) ->

// ConnectionOptions is a structure containing options for connecting
// to a KMS.
type ConnectionOptions struct {
	CADir string // Path to directory (or file) containing CA certificates
}

// Connect returns a new Conn to a KMS. It uses configuration from the
// environment and returns a:
//
//   - connection to MinIO KMS if the "MINIO_KMS_SERVER" variable is present.
//   - connection to MinIO KES if the "MINIO_KMS_KES_ENDPOINT" is present.

by default). An API server fronted by an L7 load balancer that already mitigates these http/2 attacks may choose not to enable the kube-apiserver mitigation to avoid disrupting load balancer → kube-apiserver connections if http/2 requests from multiple clients share the same backend connection. An API server on a private network may choose not to enable the kube-apiserver mitigation to prevent performance regressions for unauthenticated clients. Authenticated requests rely on the fix in golang.org/x/net...

   | This is a list of authentication profiles, keyed by the server-id used within the system.
   | Authentication profiles can be used whenever maven must make a connection to a remote server.
   |-->
  <servers>
    <!-- server
     | Specifies the authentication information to use when connecting to a particular server, identified by
     | a unique name within the system (referred to by the 'id' attribute below).
     |

	"github.com/zeebo/xxh3"
)

// muxClient is a stateful connection to a remote.
type muxClient struct {
	MuxID              uint64
	SendSeq, RecvSeq   uint32
	LastPong           int64
	BaseFlags          Flags
	ctx                context.Context
	cancelFn           context.CancelCauseFunc
	parent             *Connection
	respWait           chan<- Response
	respMu             sync.Mutex

		// Without this closing connection would disallow re-using
		// the same connection for future uses.
		//  - http://stackoverflow.com/a/17961593/4465767
		defer respBody.Close()
		xioutil.DiscardReader(respBody)
	}

import java.io.IOException
import java.util.concurrent.TimeUnit
import okhttp3.Call
import okhttp3.Connection
import okhttp3.Interceptor
import okhttp3.Request
import okhttp3.Response
import okhttp3.internal.checkDuration
import okhttp3.internal.connection.Exchange
import okhttp3.internal.connection.RealCall

/**
 * A concrete interceptor chain that carries the entire interceptor chain: all application

  override fun connectionConnectEnd(
    connection: Connection,
    route: Route,
  ) {
    poolConnectionListener.connectEnd(connection, route, call)
  }

  override fun connectionAcquired(connection: Connection) {
    eventListener.connectionAcquired(call, connection)
  }

  override fun acquireConnectionNoEvents(connection: RealConnection) {
    call.acquireConnectionNoEvents(connection)
  }

  ) {
    logWithTime("connectFailed: $protocol $ioe")
  }

  override fun connectionAcquired(
    call: Call,
    connection: Connection,
  ) {
    logWithTime("connectionAcquired: $connection")
  }

  override fun connectionReleased(
    call: Call,
    connection: Connection,
  ) {
    logWithTime("connectionReleased")
  }

  override fun requestHeadersStart(call: Call) {