* requests for a TLS client certificate for any node are approved if the CSR creator has `create` permission on the `certificatesigningrequests` resource and `nodeclient` subresource in the `certificates.k8s.io` API group

SIG-OpenStack updated the OpenStack provider to use newer APIs, consolidated community code into one repository, engaged with the Cloud Provider Working Group to have a consistent plan for moving provider code into individual repositories, improved testing of provider code, and strengthened ties with the OpenStack developer community.

### API-machinery

name: Label Approved

on:
  schedule:
    - cron: "0 12 * * *"
  workflow_dispatch:

permissions:
  pull-requests: write

env:
  UV_SYSTEM_PYTHON: 1

jobs:
  label-approved:
    if: github.repository_owner == 'fastapi'
    runs-on: ubuntu-latest
    steps:
    - name: Dump GitHub context
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
      run: echo "$GITHUB_CONTEXT"
    - uses: actions/checkout@v5

  * **beta** PodSecurityPolicy objects limits use of security-sensitive features by pods.
* Kubectl
  * Display line number on JSON errors
  * Add flag -t as shorthand for --tty
* Resources
  * Improved node stability by *optionally* evicting pods upon memory pressure - [Design Doc](https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/proposals/kubelet-eviction.md)

- Improved handling of unmount failures when device may be in-use by another container/process. ([#107789](https://github.com/kubernetes/kubernetes/pull/107789), [@gnufied](https://github.com/gnufied))

        this.sizeExpiration = currentTime + cacheTimeout;

        return response;
    }

    @Override
    public boolean exists() throws SmbException {

        // Improved attribute caching with more granular cache validation
        long currentTime = System.currentTimeMillis();
        if (this.attrExpiration > currentTime) {

    - [Ephemeral Containers Graduate to Stable](#ephemeral-containers-graduate-to-stable)
    - [Support for cgroups v2 Graduates to Stable](#support-for-cgroups-v2-graduates-to-stable)
    - [Windows support improved](#windows-support-improved)
    - [Moved container registry service from k8s.gcr.io to registry.k8s.io](#moved-container-registry-service-from-k8sgcrio-to-registryk8sio)
    - [Promoted SeccompDefault to Beta](#promoted-seccompdefault-to-beta)

* Kibana has been slightly revamped/improved in the latest version ([#80421](https://github.com/kubernetes/kubernetes/pull/80421), [@lostick](https://github.com/lostick))
* kubeadm: fixed ignoring errors when pulling control plane images ([#80529](https://github.com/kubernetes/kubernetes/pull/80529), [@bart0sh](https://github.com/bart0sh))

This release also contains a number of bug fixes to the feature set. Aspiring plugin authors can look at [sample-exec-plugin](https://github.com/ankeesler/sample-exec-plugin) as a way...

- Improved `kubectl` display of invalid request errors returned by the API server. ([#112150](https://github.com/kubernetes/kubernetes/pull/112150), [@liggitt](https://github.com/liggitt))