#### Storage
- A node that uses a CSI raw block volume needs to be drained before kubelet can be upgraded to 1.17. ([#74026](https://github.com/kubernetes/kubernetes/pull/74026), [@mkimuram](https://github.com/mkimuram))

#### Windows

exchange, because it is large and // requires careful parsing to reject malformed keys. Seeds instead are just 32 // bytes, are always valid, and always expand to valid keys in memory. It is // *also* a poor in-memory format, because it defers computing the NTT of s1, // s2, and t0 and the expansion of A until signing time, which is inefficient. // For a hot second, it looked like we could have all agreed to only use seeds, // but unfortunately OpenSSL and BouncyCastle lobbied hard against that during //...

beginning to see its meaning.

  `And just as I'd taken the highest tree in the wood,' continued
the Pigeon, raising its voice to a shriek, `and just as I was
thinking I should be free of them at last, they must needs come
wriggling down from the sky!  Ugh, Serpent!'

  `But I'm NOT a serpent, I tell you!' said Alice.  `I'm a--I'm
a--'

  `Well!  WHAT are you?' said the Pigeon.  `I can see you're

Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret...

Thread { private java.io.InputStream input; private java.io.OutputStream output; private boolean done; public void StreamFeeder(java.io.InputStream, java.io.OutputStream); public void run(); public void close(); public boolean isDone(); private void feed() throws java.io.IOException; } org/codehaus/plexus/util/cli/StreamPumper.class package org.codehaus.plexus.util.cli; public synchronized class StreamPumper extends Thread { private java.io.BufferedReader in; private StreamConsumer consumer; private...

- kube-controller-manager currently needs a writable `--cert-dir` (default is `/var/run/kubernetes`) for generating self-signed certificates, when no `--tls-cert-file` or `--tls-private-key-file` are provided.

Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret...

Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret...

Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret...

Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret...