- Client-go impersonation config can specify a UID to pass impersonated uid information through in requests. ([#104483](https://github.com/kubernetes/kubernetes/pull/104483), [@margocrawf](https://github.com/margocrawf))

	entry := &madmin.LockEntry{
		Timestamp:  t,
		Elapsed:    now.Sub(t),
		Resource:   resource,
		ServerList: []string{server},
		Source:     l.Source,
		Owner:      l.Owner,
		ID:         l.UID,
		Quorum:     l.Quorum,
	}
	if l.Writer {
		entry.Type = "WRITE"
	} else {
		entry.Type = "READ"
	}
	return entry
}

- Fixed an issue where the kubelet token cache returned stale tokens when service accounts were recreated with the same name. The cache is now UID-aware. Additionally, the new `TokenRequestServiceAccountUIDValidation` feature gate (Beta, enabled by default) ensures the `TokenRequest` UID matches the service account UID when set. ([#132803](https://github.com/kubernetes/kubernetes/pull/132803), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth, Node and Testing]

#                                                     ------

# Whether LDAP admin is enabled.
ldap.admin.enabled=false
# User filter for LDAP admin.
ldap.admin.user.filter=uid\=%s
# Base DN for LDAP admin user.
ldap.admin.user.base.dn=ou\=People,dc\=fess,dc\=codelibs,dc\=org
# Object classes for LDAP admin user.
ldap.admin.user.object.classes=organizationalPerson,top,person,inetOrgPerson

* Updating apiserver to return UID of the deleted resource. Clients can use this UID to verify that the resource was deleted or waiting for finalizers. ([#45600](https://github.com/kubernetes/kubernetes/pull/45600), [@nikhiljindal](https://github.com/nikhiljindal))

pkg sync/atomic, method (*Value) Load() interface{}
pkg sync/atomic, method (*Value) Store(interface{})
pkg sync/atomic, type Value struct

# CL 126190043 syscall: support UID/GID map files for Linux user namespaces, Mrunal Patel <******@****.***>
pkg syscall (linux-386), type SysProcAttr struct, GidMappings []SysProcIDMap
pkg syscall (linux-386), type SysProcAttr struct, UidMappings []SysProcIDMap

readOnlyRootFilesyst: false defaultAddCapabiliti: [] requiredDropCapabili: - KILL - MKNOD - SETUID - SETGID fsGroup: type: MustRunAs ranges: - max: {{ .Values.securityContext.fsGroup }} min: {{ .Values.securityContext.fsGroup }} runAsUser: type: MustRunAs uid: {{ .Values.securityContext.runAsUser }} seLinuxContext: type: MustRunAs supplementalGroups: type: RunAsAny volumes: - configMap - downwardAPI - emptyDir - persistentVolumeClai - projected - secret {{- end }} minio/templates/service.yaml {{ $scheme...

  - `alpha` support (guarded by the `ServiceAccountTokenPodNodeInfo` feature gate) for including the node name (and uid, if the node exists) as additional claims in service account tokens it issues which are bound to pods, and `authentication.kubernetes.io/node-name` and `authentication.kubernetes.io/node-uid` extra user info when the token is used to authenticate.

- Kubernetes components that accepted X.509 client certificate authentication now read the user UID from a certificate subject name RDN with object ID `1.3.6.1.4.1.57683.2`. An RDN with this object ID had to contain a string value and appear no more than once in the certificate subject. Reading the user UID from this RDN could be disabled by setting the beta feature gate `AllowParsingUserUIDFromCertAuth` to `false`(until the feature gate graduated to...

readOnlyRootFilesyst: false defaultAddCapabiliti: [] requiredDropCapabili: - KILL - MKNOD - SETUID - SETGID fsGroup: type: MustRunAs ranges: - max: {{ .Values.securityContext.fsGroup }} min: {{ .Values.securityContext.fsGroup }} runAsUser: type: MustRunAs uid: {{ .Values.securityContext.runAsUser }} seLinuxContext: type: MustRunAs supplementalGroups: type: RunAsAny volumes: - configMap - downwardAPI - emptyDir - persistentVolumeClai - projected - secret {{- end }} minio/templates/service.yaml {{ $scheme...