This has two implementations:
* The Credentials controller is responsible for reading TLS certificates, stored as Secrets.
* The Kubernetes Service Discovery controller is a bit of a monolith, and spins off a bunch of other sub-controllers in addition to the core service discovery controller.

Because of the monolithic complexity it helps to see this magnified a bit:

```mermaid
graph BT
    mcsc("Multicluster Secret")

# Avoid creating a bunch of RBAC rules for features we are not enabling
rbac:
  create: false
  pspEnabled: false

# Disable test pods
testFramework:
  enabled: false

podLabels:
  sidecar.istio.io/inject: "false"

# Demo only, so we will have no authentication
admin:
  existingSecret: ""
ldap:
  existingSecret: true
env:
  GF_SECURITY_ADMIN_USER: "admin"
  GF_SECURITY_ADMIN_PASSWORD: "admin"

title: "import/path: issue title"

body:
  - type: markdown
    attributes:
      value: |
        Thanks for helping us improve! 🙏 Please answer these questions and provide as much information as possible about your problem.

  - type: input
    id: go-version
    attributes:
      label: Go version
      description: |
        What version of Go are you using (`go version`)?

## Public Discussions

Please restrain from publicly discussing a potential security vulnerability. 🙊

It's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible.

---

Thanks for your help!

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

# Generates a handy index.html with a bunch of Kokoro links for GitHub
# presubmits.
# Usage: generate_index_html.sh /path/to/output/index.html

cat > "$1" <<EOF
<html>
<head>
<title>$(basename "$KOKORO_JOB_NAME")</title>
</head>
<body>

        These advantages can take
        [many forms](https://github.com/google/guava/wiki/PhilosophyExplained#utility), but taking
        the time to discuss them in detail will make it much clearer why this feature should be
        added to Guava.


        Please fill out the following fields to give us a better understanding of your proposed
        feature and its potential value for other Guava users.

		// Unlock the 1st lock; ref=1 after this line
		nsLk.unlock("volume", "path", false)

		// Taking another lockMapMutex here allows queuing up additional lockers. This should
		// not be required but makes reproduction much easier.
		nsLk.lockMapMutex.Lock()

		// lk3 blocks.
		lk3ch := make(chan bool)
		go func() {
			lk3ch <- nsLk.lock(ctx, "volume", "path", "source", "opsID", false, 0)
		}()

		// lk4, blocks.

 *
 * Doing it correctly would require running a Gradle build with the full
 * distribution and extracting the generated api jar from its Gradle user home,
 * slowing down building documentation.
 *
 * All this would be so much simpler if the Kotlin extensions to the Gradle API
 * were generated at build time instead.
 *
 * This is a first step to get the doc to be complete and will be revisited.
 */
@CacheableTask

        token_url, data=data, verify=False,
        allow_redirects=False, auth=(client_id, client_secret))

    print('body: ' + id_token_response.text)

    # we can now use the id_token as much as we want to access protected resources.
    tokens = json.loads(id_token_response.text)
    id_token = tokens['id_token']

    response = sts_client.assume_role_with_web_identity(

Having the return model ensure that a value is always available and always `int` (not `None`) is very useful for the API clients, they can write much simpler code having this certainty.

Also, **automatically generated clients** will have simpler interfaces, so that the developers communicating with your API can have a much better time working with your API. 😎

///