- [Container Storage Interface graduations](#container-storage-interface-graduations)
    - [SIG Windows development tools](#sig-windows-development-tools)
    - [Deploy a more secure control plane with kubeadm](#deploy-a-more-secure-control-plane-with-kubeadm)
    - [etcd moves to version 3.5.0](#etcd-moves-to-version-350)
    - [Kubernetes Node system swap support](#kubernetes-node-system-swap-support)

     */
    boolean isCookieSearchParameterHttpOnly();

    /**
     * Get the value for the key 'cookie.search.parameter.secure'. <br>
     * The value is, e.g.  <br>
     * comment: Whether to set Secure attribute to the search parameter cookie. Should be true in production environments using HTTPS.

				"application/vnd.etsi.sci+xml",
				"application/vnd.etsi.simservs+xml",
				"application/vnd.eudora.data",
				"application/vnd.ezpix-album",
				"application/vnd.ezpix-package",
				"application/vnd.f-secure.mobile",
				"application/vnd.fdf",
				"application/vnd.fdsn.mseed",
				"application/vnd.fdsn.seed",
				"application/vnd.ffsns",
				"application/vnd.fints",
				"application/vnd.flographit",

		}
		if accessKey != "" {
			os.Setenv(config.EnvRootUser, accessKey)
		}
	}

	if env.IsSet(config.EnvSecretKeyFile) {
		secretKey, err := readFromSecret(env.Get(config.EnvSecretKeyFile, ""))
		if err != nil {
			logger.Fatal(config.ErrInvalidCredentials(err),
				"Unable to validate credentials inherited from the secret file(s)")
		}
		if secretKey != "" {

### Feature

- Kubernetes is now built with Golang 1.16.9 (#105672, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]

### Failing Test

- Backport: e2e.test now uses the secure port to retrieve metrics data to ensure compatibility with 1.21 and 1.22 (for upgrade tests) (#104328, @pohly) [SIG API Machinery, Instrumentation, Storage and Testing]

### Bug or Regression

	// and hence expected to have same credentials.
	core, err := miniogo.NewCore(host, &miniogo.Options{
		Creds:     credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, ""),
		Secure:    globalIsTLS,
		Transport: getRemoteInstanceTransport(),
	})
	if err != nil {
		return nil, err
	}
	core.SetAppInfo("minio-federated", ReleaseTag)
	return core, nil
}

```
kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -
# optionally, remove the old secret
kubectl delete secret --namespace=federation federation-apiserver-secret
```

### Immutable Secrets and ConfigMaps (beta)

Secret and ConfigMap volumes can be marked as immutable, which significantly reduces load on the API server if there are many Secret and ConfigMap volumes in the cluster.
See [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) and [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) for more information.

### CSI Proxy for Windows

scrapping.cc
scrysec.com
sd
sd.cn
sd.us
sdn.gov.pl
sdscloud.pl
se
se.eu.org
se.gov.br
se.leg.br
se.net
search
seat
sebastopol.ua
sec.ps
secaas.hk
secret.jp
secure
security
securitytactics.com
seek
seg.br
seidat.net
seihi.nagasaki.jp
seika.kyoto.jp
seiro.niigata.jp
seirou.niigata.jp
seiyo.ehime.jp
sejny.pl
sekd1.beebyteapp.io

- Kubeadm: add the deprecated flag --port=0 to kube-controller-manager and kube-scheduler manifests to disable insecure serving. Without this flag the components by default serve (e.g. /metrics) insecurely on the default node interface (controlled by --address). Users that wish to override this behavior and enable insecure serving can pass a custom --port=X via kubeadm's "extraArgs" mechanic for these components. ([#92720](https://github.com/kubernetes/kubernetes/pull/92720),...