optional int32 maxReplicas = 3;

  // targetCPUUtilizationPercentage is the target average CPU utilization (represented as a percentage of requested CPU) over all the pods;
  // if not specified the default autoscaling policy will be used.
  // +optional
  optional int32 targetCPUUtilizationPercentage = 4;
}

// current status of a horizontal pod autoscaler
message HorizontalPodAutoscalerStatus {

    dropped these cipher suite.

## Version 2.5.0

_2015-08-25_

 *  **Timeouts now default to 10 seconds.** Previously we defaulted to never
    timing out, and that was a lousy policy. If establishing a connection,
    reading the next byte from a connection, or writing the next byte to a
    connection takes more than 10 seconds to complete, you’ll need to adjust
    the timeouts manually.

  //
  // This field is immutable.
  //
  // Defaults to ReadWriteOnceWithFSType, which will examine each volume
  // to determine if Kubernetes should modify ownership and permissions of the volume.
  // With the default policy the defined fsGroup will only be applied
  // if a fstype is defined and the volume's access mode contains ReadWriteOnce.
  //
  // +optional
  optional string fsGroupPolicy = 5;

sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'PLAIN'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS

    - [Non-recursive Volume Ownership (FSGroup) graduates to Beta](#non-recursive-volume-ownership-fsgroup-graduates-to-beta)
    - [CSIDriver policy for FSGroup graduates to Beta](#csidriver-policy-for-fsgroup-graduates-to-beta)
    - [Security Improvements for CSI Drivers (Alpha)](#security-improvements-for-csi-drivers-alpha)

	// Create a new config system.
	globalConfigSys = NewConfigSys()

	// Create new IAM system.
	globalIAMSys = NewIAMSys()

	// Create new policy system.
	globalPolicySys = NewPolicySys()

	// Create new lifecycle system.
	globalLifecycleSys = NewLifecycleSys()

	// Create new bucket encryption subsystem

  - [Changelog since v1.28.8](#changelog-since-v1288)
  - [Important Security Information](#important-security-information-1)
    - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin)
  - [Changes by Kind](#changes-by-kind-6)
    - [Feature](#feature-4)
    - [Bug or Regression](#bug-or-regression-6)

* Retry Pod/RC updates in kubectl rolling-update ([#27509](https://github.com/kubernetes/kubernetes/pull/27509), [@janetkuo](https://github.com/janetkuo))
* AWS kube-up: Authorize route53 in the IAM policy ([#27794](https://github.com/kubernetes/kubernetes/pull/27794), [@justinsb](https://github.com/justinsb))

specified it was set to 80 by default while in autoscaling/v1 HPA object
without TargetCPUUtilizationPercentage specified is a valid object. Pod
autoscaler controller will apply a default scaling policy in this case which is
equivalent to the previous one but may change in the future.
     * The previous version, <code>apiVersion: extensions/v1beta1</code>, is still supported.  Even if you roll back to 1.1, the objects created using

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin