https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: enabled: false labels: {} # node-role.kubernetes.io/ingress: platform annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # kubernetes.io/ingress.allow-http: "false" # kubernetes.io/ingress.global-static-ip-name: "" # nginx.ingress.kubernetes.io/secure-backends: "true" # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 path: / hosts:...

https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: enabled: false labels: {} # node-role.kubernetes.io/ingress: platform annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # kubernetes.io/ingress.allow-http: "false" # kubernetes.io/ingress.global-static-ip-name: "" # nginx.ingress.kubernetes.io/secure-backends: "true" # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 path: / hosts:...

To allow additional flags, set CGO_CFLAGS_ALLOW to a regular expression
matching the new flags. To disallow flags that would otherwise be allowed,
set CGO_CFLAGS_DISALLOW to a regular expression matching arguments
that must be disallowed. In both cases the regular expression must match
a full argument: to allow -mfoo=bar, use CGO_CFLAGS_ALLOW='-mfoo.*',

 *   <li>Max children per node: ~71% (1.5k / 2k)
 * </ul>
 *
 * <p>If any of these limits are exceeded, the definitive solution is to increase the node size from
 * 3 to 4 characters. This would allow:
 *
 * <ul>
 *   <li>A full 32-bit offset for the String Pool (using 2 characters).
 *   <li>A full 16-bit child count (using the freed bits from the 4th character).
 * </ul>
 */
@GwtCompatible

     * WINS for example. Natrually it is not practical for every NbtAddress
     * to be populated will all state requiring a Node Status on every host
     * encountered. The below methods allow state to be populated when requested
     * in a lazy fashon.
     */

    void checkData(final CIFSContext tc) throws UnknownHostException {
        if (this.hostName.isUnknown()) {

 *  **TLSv1 and TLSv1.1 are no longer enabled by default.** Major web browsers are working towards
    removing these versions altogether in early 2020. If your servers aren't ready yet you can
    configure OkHttp 3.13 to allow TLSv1 and TLSv1.1 connections:

    ```
    OkHttpClient client = new OkHttpClient.Builder()
        .connectionSpecs(Arrays.asList(ConnectionSpec.COMPATIBLE_TLS))
        .build();
    ```

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4

    protected boolean useLargeReadWrite = true;
    /** LAN Manager compatibility level for authentication */
    protected int lanmanCompatibility = 3;
    /** Whether to allow fallback to NTLM authentication */
    protected boolean allowNTLMFallback = true;
    /** Whether to use raw NTLM authentication without SPNEGO */
    protected boolean useRawNTLM = false;

- Add tlsServerName field to EgressSelectorConfiguration TLSConfig to allow overriding the server name used for TLS certificate verification ([#136640](https://github.com/kubernetes/kubernetes/pull/136640), [@kennangaibel](https://github.com/kennangaibel)) [SIG API Machinery, Apps, Auth, Storage and Testing]

	if numCores := uint64(runtime.GOMAXPROCS(0)); info.NRRequests > numCores {
		numHealers = numCores / 4
	} else {
		numHealers = info.NRRequests / 4
	}
	if numHealers < 4 {
		numHealers = 4
	}
	// allow overriding this value as well..
	if v := globalHealConfig.GetWorkers(); v > 0 {
		numHealers = uint64(v)
	}

	healingLogEvent(ctx, "Healing drive '%s' - use %d parallel workers.", tracker.disk.String(), numHealers)