- **API Machinery**
  - [alpha] Generate audit logs for every request user performs against secured API server endpoint. ([docs](http://kubernetes.io/docs/admin/audit/)) ([kubernetes/features#22](https://github.com/kubernetes/enhancements/issues/22))

				},
				VariableLabels: map[string]string{"target_id": st.ID.ID, "target_name": st.ID.Name},
				Value:          float64(st.FailedRequests),
			})
		}

		// Audit and system:
		audit := logger.CurrentStats()
		for id, st := range audit {
			metrics = append(metrics, MetricV2{
				Description: MetricDescription{
					Namespace: minioNamespace,
					Subsystem: auditSubsystem,

* The kube-apiserver [basic audit log](https://kubernetes.io/docs/admin/audit/) can be enabled in GCE by exporting the environment variable `ENABLE_APISERVER_BASIC_AUDIT=true` before running `cluster/kube-up.sh`. This will log to `/var/log/kube-apiserver-audit.log` and use the same `logrotate` settings as `/var/log/kube-apiserver.log`. ([#41211](https://github.com/kubernetes/kubernetes/pull/41211),...

https://HOSTNAME:PORT/minio/v2/metrics/cluster
```

Replace ``HOSTNAME:PORT`` with the hostname of your MinIO deployment.
For deployments behind a load balancer, use the load balancer hostname instead of a single node hostname.

## Audit Metrics

| Name                              | Description                                               |
|:----------------------------------|:----------------------------------------------------------|

video/3g2=3g2\n\
video/x-msvideo=avi\n\
video/x-flv=flv\n\
video/mpeg=mpeg\n\
video/mp4=mp4\n\
video/ogv=ogv\n\
video/quicktime=qt\n\
video/x-m4v=m4v\n\
audio/x-aif=aif\n\
audio/midi=midi\n\
audio/mpga=mpga\n\
audio/mp4=mp4a\n\
audio/ogg=oga\n\
audio/x-wav=wav\n\
image/webp=webp\n\
image/bmp=bmp\n\
image/x-icon=ico\n\
image/x-icon=ico\n\
image/png=png\n\
image/svg+xml=svg\n\
image/tiff=tiff\n\

#### Audit Logging
* [alpha] Advanced Auditing enhances the Kubernetes API [audit logging](https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/#log-backend) capabilities through a customizable policy, pluggable audit backends, and richer audit data.

#### Encryption at Rest

				"audio/g726-16",
				"audio/g726-24",
				"audio/g726-32",
				"audio/g726-40",
				"audio/g728",
				"audio/g729",
				"audio/g7291",
				"audio/g729d",
				"audio/g729e",
				"audio/gsm",
				"audio/gsm-efr",
				"audio/ilbc",
				"audio/l16",
				"audio/l20",
				"audio/l24",
				"audio/l8",
				"audio/lpc",
				"audio/midi",
				"audio/mobile-xmf",
				"audio/mp4",

* The kube-apiserver [basic audit log](https://kubernetes.io/docs/admin/audit/) can be enabled in GCE by exporting the environment variable `ENABLE_APISERVER_BASIC_AUDIT=true` before running `cluster/kube-up.sh`. This will log to `/var/log/kube-apiserver-audit.log` and use the same `logrotate` settings as `/var/log/kube-apiserver.log`. ([#41211](https://github.com/kubernetes/kubernetes/pull/41211),...

- `kube-apiserver` added:
  - `alpha` support (guarded by the `ServiceAccountTokenJTI` feature gate) for adding a `jti` (JWT ID) claim to service account tokens it issues, adding an `authentication.kubernetes.io/credential-id` audit annotation in audit logs when the tokens are issued, and `authentication.kubernetes.io/credential-id` entry in the extra user info when the token is used to authenticate.

## Urgent Upgrade Notes 

### (No, really, you MUST read this before you upgrade)