### CVE-2022-3294: Node address isn't always verified when proxying

A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them.

* Support secure etcd cluster for centos provider. ([#42994](https://github.com/kubernetes/kubernetes/pull/42994), [@Shawyeok](https://github.com/Shawyeok))

- Added `kubeadm alpha certs certificate-key` command to generate secure random key to use on `kubeadm init --experimental-upload-certs` ([#77848](https://github.com/kubernetes/kubernetes/pull/77848), [@yagonobre](https://github.com/yagonobre))

pkg net/http, type Cookie struct, Name string
pkg net/http, type Cookie struct, Path string
pkg net/http, type Cookie struct, Raw string
pkg net/http, type Cookie struct, RawExpires string
pkg net/http, type Cookie struct, Secure bool
pkg net/http, type Cookie struct, Unparsed []string
pkg net/http, type Cookie struct, Value string
pkg net/http, type CookieJar interface { Cookies, SetCookies }

pkg syscall (freebsd-riscv64), const SIGTTOU = 22 #53466
pkg syscall (freebsd-riscv64), const SIGTTOU Signal #53466
pkg syscall (freebsd-riscv64), const SIGURG = 16 #53466
pkg syscall (freebsd-riscv64), const SIGURG Signal #53466
pkg syscall (freebsd-riscv64), const SIGUSR1 = 30 #53466
pkg syscall (freebsd-riscv64), const SIGUSR1 Signal #53466
pkg syscall (freebsd-riscv64), const SIGUSR2 = 31 #53466

### CVE-2022-3294: Node address isn't always verified when proxying

A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them.

- kubeadm: provide `--control-plane-endpoint` flag for `controlPlaneEndpoint` ([#79270](https://github.com/kubernetes/kubernetes/pull/79270), [@SataQiu](https://github.com/SataQiu))
- kubeadm: enable secure serving for the kube-scheduler ([#80951](https://github.com/kubernetes/kubernetes/pull/80951), [@neolit123](https://github.com/neolit123))

        * [Build a Secure Twilio Webhook with Python and FastAPI](https://www.twilio.com/blog/build-secure-twilio-webhook-python-fastapi)  by [Twilio](https://www.twilio.com).

### CVE-2022-3294: Node address isn't always verified when proxying

A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them.

* Kubernetes now supports up to 5,000 nodes via etcd v3, which is enabled by default.
* [Role-based access control (RBAC)](https://kubernetes.io//docs/admin/authorization/rbac) has graduated to beta, and defines secure default roles for control plane, node, and controller components.
* The [`kubeadm` cluster bootstrap tool](https://kubernetes.io/docs/getting-started-guides/kubeadm/) has graduated to beta. Some highlights: