- kube-apiserver: a new `--requestheader-uid-headers` flag allows configuring request header authentication to obtain the authenticating user's UID from the specified headers. The suggested value for the new option is `X-Remote-Uid`. When specified, the `kube-system/extension-apiserver-authentication` configmap will include the value in its `.data[requestheader-uid-headers]` field. ([#115834](https://github.com/kubernetes/kubernetes/pull/115834),...

- The extension API server can now dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients. ([#66394](https://github.com/kubernetes/kubernetes/pull/66394), [@rtripat](https://github.com/rtripat))

### SIG Autoscaling

* Allows extension API server to dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients ([#66394](https://github.com/kubernetes/kubernetes/pull/66394), [@rtripat](https://github.com/rtripat))



# v1.11.2

* Fix an issue that pods using hostNetwork keep increasing. ([#67456](https://github.com/kubernetes/kubernetes/pull/67456), [@Huang-Wei](https://github.com/Huang-Wei))
* Allows extension API server to dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients ([#66394](https://github.com/kubernetes/kubernetes/pull/66394), [@rtripat](https://github.com/rtripat))

Shinsuke Sugaya <******@****.***> 1638450896 +0900

Shinsuke Sugaya <******@****.***> 1638450896 +0900

{
  "fess_config.request_header" : {
    "aliases" : { },
    "mappings" : {
      "request_header" : {
        "properties" : {
          "createdBy" : {
            "type" : "keyword"
          },
          "createdTime" : {
            "type" : "long"
          },
          "name" : {
            "type" : "keyword"
          },
          "updatedBy" : {
            "type" : "keyword"
          },
          "updatedTime" : {

    return sslSocket
  }

  override fun onStream(stream: Http2Stream) {
    try {
      val requestHeaders = stream.takeHeaders()
      var path: String? = null
      var i = 0
      val size = requestHeaders.size
      while (i < size) {
        if (requestHeaders.name(i) == Header.TARGET_PATH_UTF8) {
          path = requestHeaders.value(i)
          break
        }
        i++
      }
      if (path == null) {

   *
   * @param streamId server-initiated stream ID: an even number.
   * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`,
   * and `:path`.
   */
  fun onRequest(
    streamId: Int,
    requestHeaders: List<Header>,
  ): Boolean

  /**
   * The response headers corresponding to a pushed request.  When [last] is true, there are

        override fun pushPromise(
          streamId: Int,
          promisedStreamId: Int,
          requestHeaders: List<Header>,
        ) {
          assertThat(streamId).isEqualTo(expectedStreamId)
          assertThat(promisedStreamId).isEqualTo(expectedPromisedStreamId)
          assertThat(requestHeaders).isEqualTo(pushPromise)
        }
      },
    )
  }

  /** Headers are compressed, then framed.  */