Kubernetes 1.36 - New security features

Kubernetes 1.36 introduces 60 enhancements, with a strong emphasis on security, including 22 changes that address admission control configurations and certificate handling. Key updates include the deprecation of service.spec.externalIPs due to security risks, the separation of kubectl user preferences from cluster configurations, and improvements in the Pod certificate signing process. Dynamic Resource Allocation (DRA) sees advancements in resource claim status with standardized network interface data. Notable security features include manifest-based admission control configurations, constrained impersonation, and the external signing of service account tokens. Additionally, the update improves IP/CIDR validation and enhances user namespace support for increased Pod isolation. The release also marks the stabilization of several features, such as fine-grained Kubelet API authorization and the use of OCI artifacts and images as volume sources, while removing the dependency on the deprecated gogo protobuf library for Kubernetes API types.