A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

**Affected Versions**:
  - kubelet >= v1.8.0

**Fixed Versions**:
  - kubelet v1.28.4

        .Builder()
        .body("c")
        .build(),
    )
    val urlC = server.url("/c")
    assertThat(get(urlC).body.string()).isEqualTo("c")

    // Confirm the iterator returns those responses...
    val i: Iterator<String> = cache.urls()
    assertThat(i.hasNext()).isTrue()
    assertThat(i.next()).isEqualTo(urlA.toString())
    assertThat(i.hasNext()).isTrue()

netes.io/docs/concepts/configuration/assign-pod-node/). This feature allows you to specify rules for "repelling" pods from nodes by default, which enables use cases like dedicated nodes and reserving nodes with special features for pods that need those features. We've also added a `NoExecute` taint type that evicts already-running pods, and an associated `tolerationSeconds` field to tolerations to delay the eviction for a specified amount of time. As before, taints are created using `kubectl taint`...

provided status of etcd, kube-scheduler, and kube-controller-manager components, but only worked when those components were local to the API server, and when kube-scheduler and kube-controller-manager exposed unsecured health endpoints. Instead of this API, etcd health is included in the kube-apiserver health check and kube-scheduler/kube-controller-manager health checks can be made directly against those components' health endpoints. ([#93570](https://github.com/kubernetes/kubernetes/pull/93570), [@...

  * `kubectl get podsecuritypolicies -o yaml > psp.yaml`
2. Review and delete any PodSecurityPolicy objects you do not want all pod-creating users to be able to use (NOTE: Privileged users that were making use of those policies will also lose access to those policies). For example:
  * `kubectl delete podsecuritypolicies/my-privileged-policy`
3. After upgrading to 1.5.5, re-create the exported PodSecurityPolicy objects:
  * `kubectl create -f psp.yaml`

        -  The API may be available in the public Keras API under a different name, so make sure to look for it on keras.io or TensorFlow docs and switch to the public version.
        -  It could also be a simple python or TF utility that you could easily copy over to your own codebase. In those case, just make it your own!

- Avoid caching the Azure VMSS instances whose network profile is nil ([#100948](https://github.com/kubernetes/kubernetes/pull/100948), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

**Affected Versions**:
  - kubelet >= v1.8.0

**Fixed Versions**:
  - kubelet v1.28.4

- The `horizontalpodautoscaling` and `clusterrole-aggregation` controllers now assume the `autoscaling/v1` and `rbac.authorization.k8s.io/v1` APIs are available. If you disable those APIs and do not want to run those controllers, exclude them by passing `--controllers=-horizontalpodautoscaling` or `--controllers=-clusterrole-aggregation` to `kube-controller-manager`. ([#117977](https://github.com/kubernetes/kubernetes/pull/117977), [@liggitt](...

consistently deployed across those clusters, and dynamically managed
to ensure that autoscaling can occur optimially in all clusters,
within a set of global constraints on the total number of replicas
permitted across all clusters.  If replicas are not
required in some clusters due to low system load or insufficient quota
or capacity in those clusters, additional replicas are made available