* request a client certificate from the API server during the boot cycle and pause

    * waiting for the request to be satisfied. It will continually refresh the certificate

* Fix AWS NLB security group updates where valid security group ports were incorrectly removed ([#68422](https://github.com/kuber...

## Changelog since v1.13.1

### Other notable changes

* client-go: shortens refresh period for token files to 1 minute to ensure auto-rotated projected service account tokens are read frequently enough. ([#72437](https://github.com/kubernetes/kubernetes/pull/72437), [@liggitt](https://github.com/liggitt))

EVENT_OVERLAY_ADDED = `overlay.added${EVENT_KEY}`\nconst EVENT_OVERLAY_REMOVED = `overlay.removed${EVENT_KEY}`\n\nconst CLASS_NAME_CARD = 'card'\n\nconst SELECTOR_CARD = `.${CLASS_NAME_CARD}`\nconst SELECTOR_DATA_REFRESH = '[data-card-widget=\"card-refresh\"]'\n\nconst Default = {\n  source: '',\n  sourceSelector: '',\n  params: {},\n  trigger: SELECTOR_DATA_REFRESH,\n  content: '.card-body',\n  loadInContent: true,\n  loadOnInit: true,\n  loadErrorTemplate: true,\n  responseType: '',\n  overlayTemplate:...

  
  ### AWS
  - Regenerate list of EC2 instances
  - Fix pricing endpoint in AWS China Region
  
  ### Azure
  - Add optional jitter on initial VMSS VM cache refresh, keep the refreshes spread over time
  - Serve from cache for the whole period of ongoing throttling
  - Fix unwanted VMSS VMs cache invalidation
  - Enforce setting the number of retries if cloud provider backoff is enabled

### Auth

- Fixed OpenID Connect (OIDC) token refresh when the client secret contains a special character. ([#76914](https://github.com/kubernetes/kubernetes/pull/76914), [@tsuna](https://github.com/tsuna))

    * request a client certificate from the API server during the boot cycle and pause
    * waiting for the request to be satisfied. It will continually refresh the certificate
    * as the certificates expiration approaches.

- Masks ceph RBD adminSecrets in logs when logLevel >= 4 ([#95245](https://github.com/kubernetes/kubernetes/pull/95245), [@sfowl](https://github.com/sfowl)) [SIG Storage]
- Vsphere: improve logging message on node cache refresh event ([#95236](https://github.com/kubernetes/kubernetes/pull/95236), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cloud Provider]

## Dependencies

### Added
_Nothing has changed._

### Changed

				took := time.Since(refreshStart).Seconds()
				if took > maxRefreshDurationSecondsForLog {
					// Log if we took a lot of time.
					logger.Info("Site replication healing refresh took %.2fs", took)
				}

				// wait for 200 millisecond, if we are experience lot of I/O
				waitForLowIO(runtime.GOMAXPROCS(0), 200*time.Millisecond, currentHTTPIO)
			}

- Fixed an issue blocking azure auth to prompt to device code authentication flow when refresh token expires. ([#102063](https://github.com/kubernetes/kubernetes/pull/102063), [@tdihp](https://github.com/tdihp))