diff --git a/releases/release-1.21/release-notes-draft.json b/releases/release-1.21/release-notes-draft.json
new file mode 100644
index 00000000000..b67fccf32bd
--- /dev/null
+++ b/releases/release-1.21/release-notes-draft.json
@@ -0,0 +1 @@
+{"61595":{"commit":"0697918749ad7f8997f464016f490bc1fa66a1c2","text":"Adding Brazilian Portuguese translation for kubectl","markdown":"Adding Brazilian Portuguese translation for kubectl ([#61595](https://github.com/kubernetes/kubernetes/pull/61595), [@cpanato](https://github.com/cpanato)) [SIG CLI]","author":"cpanato","author_url":"https://github.com/cpanato","pr_url":"https://github.com/kubernetes/kubernetes/pull/61595","pr_number":61595,"areas":["kubectl"],"sigs":["cli"]},"91592":{"commit":"debbe9dce981abd00e2787adaf7d6d5ac3f9e8e3","text":"NetworkPolicy validation framework optimizations for rapidly verifying CNIs work correctly across several pods and namespaces","markdown":"NetworkPolicy validation framework optimizations for rapidly verifying CNIs work correctly across several pods and namespaces ([#91592](https://github.com/kubernetes/kubernetes/pull/91592), [@jayunit100](https://github.com/jayunit100))","author":"jayunit100","author_url":"https://github.com/jayunit100","pr_url":"https://github.com/kubernetes/kubernetes/pull/91592","pr_number":91592,"areas":["dependency","test"],"kinds":["cleanup"],"sigs":["network","storage","testing"],"duplicate":true},"92817":{"commit":"4c9e96c2388c51a48ea530b111ba7381872e7d7a","text":"Users will see increase in time for deletion of pods and also guarantee that removal of pod from api server  would mean deletion of all the resources from container runtime.","markdown":"Users will see increase in time for deletion of pods and also guarantee that removal of pod from api server  would mean deletion of all the resources from container runtime. ([#92817](https://github.com/kubernetes/kubernetes/pull/92817), [@kmala](https://github.com/kmala)) [SIG Node]","author":"kmala","author_url":"https://github.com/kmala","pr_url":"https://github.com/kubernetes/kubernetes/pull/92817","pr_number":92817,"areas":["kubelet"],"kinds":["bug"],"sigs":["node"],"do_not_publish":true},"92938":{"commit":"5e22f7feadeb97aa8fad9330c936104479ad56d6","text":"kube-proxy's IPVS proxy mode no longer sets the net.ipv4.conf.all.route_localnet sysctl parameter. Nodes upgrading will have net.ipv4.conf.all.route_localnet set to 1 but new nodes will inherit the system default (usually 0). If you relied on any behavior requiring net.ipv4.conf.all.route_localnet, you must set ensure it is enabled as kube-proxy will no longer set it automatically. This change helps to further mitigate CVE-2020-8558.","markdown":"Kube-proxy's IPVS proxy mode no longer sets the net.ipv4.conf.all.route_localnet sysctl parameter. Nodes upgrading will have net.ipv4.conf.all.route_localnet set to 1 but new nodes will inherit the system default (usually 0). If you relied on any behavior requiring net.ipv4.conf.all.route_localnet, you must set ensure it is enabled as kube-proxy will no longer set it automatically. This change helps to further mitigate CVE-2020-8558. ([#92938](https://github.com/kubernetes/kubernetes/pull/92938), [@lbernail](https://github.com/lbernail)) [SIG Network and Release]","author":"lbernail","author_url":"https://github.com/lbernail","pr_url":"https://github.com/kubernetes/kubernetes/pull/92938","pr_number":92938,"areas":["ipvs","release-eng"],"kinds":["bug"],"sigs":["network","release"],"duplicate":true,"action_required":true},"93510":{"commit":"386f94ff032813ce15426b9ff9e7250281af9d8f","text":"Specifying the KUBE_TEST_REPO environment variable when e2e tests are executed will instruct the test infrastructure to load that image from a location within the specified repo, using a predefined pattern.","markdown":"Specifying the KUBE_TEST_REPO environment variable when e2e tests are executed will instruct the test infrastructure to load that image from a location within the specified repo, using a predefined pattern. ([#93510](https://github.com/kubernetes/kubernetes/pull/93510), [@smarterclayton](https://github.com/smarterclayton)) [SIG Testing]","author":"smarterclayton","author_url":"https://github.com/smarterclayton","pr_url":"https://github.com/kubernetes/kubernetes/pull/93510","pr_number":93510,"areas":["test"],"kinds":["bug"],"sigs":["testing"]},"93920":{"commit":"b6e0aac05c11839f1d8ce25a349cd5d112e8be5d","text":"Add limited lines to log on `--tail` option","markdown":"Add limited lines to log on `--tail` option ([#93920](https://github.com/kubernetes/kubernetes/pull/93920), [@zhouya0](https://github.com/zhouya0))","author":"zhouya0","author_url":"https://github.com/zhouya0","pr_url":"https://github.com/kubernetes/kubernetes/pull/93920","pr_number":93920,"areas":["kubelet"],"kinds":["bug","flake"],"sigs":["node"],"duplicate_kind":true},"94858":{"commit":"f11c3b475d852ec8b6075fb2899a795f52d1be8f","text":"Ensure empty string annotations are copied over in rollbacks.","markdown":"Ensure empty string annotations are copied over in rollbacks. ([#94858](https://github.com/kubernetes/kubernetes/pull/94858), [@waynepeking348](https://github.com/waynepeking348))","author":"waynepeking348","author_url":"https://github.com/waynepeking348","pr_url":"https://github.com/kubernetes/kubernetes/pull/94858","pr_number":94858,"kinds":["bug"],"sigs":["apps"]},"95269":{"commit":"e40cba59e32529595a138fe92c54da5aa3edd73e","text":"fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable","markdown":"Fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable ([#95269](https://github.com/kubernetes/kubernetes/pull/95269), [@SataQiu](https://github.com/SataQiu)) [SIG Node]","author":"SataQiu","author_url":"https://github.com/SataQiu","pr_url":"https://github.com/kubernetes/kubernetes/pull/95269","pr_number":95269,"areas":["kubelet"],"kinds":["bug"],"sigs":["node"]},"95790":{"commit":"403d0cdc286bae4c8e75cb4b7b3af12abe7764da","text":"The apimachinery util/net function used to detect the bind address `ResolveBindAddress()`\ntakes into consideration global ip addresses on loopback interfaces when:\n    - the host has default routes\n    - there are no global IPs on those interfaces.\nin order to support more complex network scenarios like BGP Unnumbered RFC 5549","markdown":"The apimachinery util/net function used to detect the bind address `ResolveBindAddress()`\n  takes into consideration global ip addresses on loopback interfaces when:\n      - the host has default routes\n      - there are no global IPs on those interfaces.\n  in order to support more complex network scenarios like BGP Unnumbered RFC 5549 ([#95790](https://github.com/kubernetes/kubernetes/pull/95790), [@aojea](https://github.com/aojea)) [SIG Network]","author":"aojea","author_url":"https://github.com/aojea","pr_url":"https://github.com/kubernetes/kubernetes/pull/95790","pr_number":95790,"kinds":["bug","feature"],"sigs":["network"],"feature":true,"duplicate_kind":true},"96296":{"commit":"9d81c4ebfa93d41f9770f223288e6f9310b9a3f0","text":"kube-proxy: Traffic from the cluster directed to ExternalIPs is always send directly to the Service.","markdown":"Kube-proxy: Traffic from the cluster directed to ExternalIPs is always send directly to the Service. ([#96296](https://github.com/kubernetes/kubernetes/pull/96296), [@aojea](https://github.com/aojea)) [SIG Network and Testing]","author":"aojea","author_url":"https://github.com/aojea","pr_url":"https://github.com/kubernetes/kubernetes/pull/96296","pr_number":96296,"areas":["e2e-test-framework","test"],"kinds":["cleanup"],"sigs":["network","testing"],"duplicate":true},"96378":{"commit":"d664958e55c795eeaa94b6d2a9597ce6d5a85270","text":"kubeadm: amend the node kernel validation to treat CGROUP_PIDS, FAIR_GROUP_SCHED as required and CFS_BANDWIDTH, CGROUP_HUGETLB as optional","markdown":"Kubeadm: amend the node kernel validation to treat CGROUP_PIDS, FAIR_GROUP_SCHED as required and CFS_BANDWIDTH, CGROUP_HUGETLB as optional ([#96378](https://github.com/kubernetes/kubernetes/pull/96378), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Node]","author":"neolit123","author_url":"https://github.com/neolit123","pr_url":"https://github.com/kubernetes/kubernetes/pull/96378","pr_number":96378,"areas":["code-organization","dependency"],"kinds":["feature"],"sigs":["cluster-lifecycle","node"],"feature":true,"duplicate":true},"96429":{"commit":"80be1d6c7217b99fb6ff083a190b44af53a628fc","text":"Kubeadm now includes CoreDNS v1.8.0.","markdown":"Kubeadm now includes CoreDNS v1.8.0. ([#96429](https://github.com/kubernetes/kubernetes/pull/96429), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle]","author":"rajansandeep","author_url":"https://github.com/rajansandeep","pr_url":"https://github.com/kubernetes/kubernetes/pull/96429","pr_number":96429,"areas":["dependency","kubeadm"],"kinds":["feature"],"sigs":["cluster-lifecycle"],"feature":true},"96447":{"commit":"bd4d197b5267ee198c1b0a070d7398f10df68c52","text":"Remove the deprecated metrics \"scheduling_algorithm_preemption_evaluation_seconds\" and \"binding_duration_seconds\", suggest to use \"scheduler_framework_extension_point_duration_seconds\" instead.","markdown":"Remove the deprecated metrics \"scheduling_algorithm_preemption_evaluation_seconds\" and \"binding_duration_seconds\", suggest to use \"scheduler_framework_extension_point_duration_seconds\" instead. ([#96447](https://github.com/kubernetes/kubernetes/pull/96447), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle, Instrumentation, Scheduling and Testing]","author":"chendave","author_url":"https://github.com/chendave","pr_url":"https://github.com/kubernetes/kubernetes/pull/96447","pr_number":96447,"areas":["test"],"kinds":["cleanup","deprecation"],"sigs":["cluster-lifecycle","instrumentation","scheduling","testing"],"duplicate":true,"duplicate_kind":true},"96502":{"commit":"33518271f3f97733a52369713769746f78cc4f1a","text":"Adds the ability to pass --strict-transport-security-directives to the kube-apiserver to set the HSTS header appropriately.  Be sure you understand the consequences to browsers before setting this field.","markdown":"Adds the ability to pass --strict-transport-security-directives to the kube-apiserver to set the HSTS header appropriately.  Be sure you understand the consequences to browsers before setting this field. ([#96502](https://github.com/kubernetes/kubernetes/pull/96502), [@249043822](https://github.com/249043822)) [SIG Auth]","author":"249043822","author_url":"https://github.com/249043822","pr_url":"https://github.com/kubernetes/kubernetes/pull/96502","pr_number":96502,"areas":["apiserver"],"kinds":["feature"],"sigs":["auth"],"feature":true},"96539":{"commit":"564ffbd400e50f37b892747c434ec55bde865134","text":"The `AttachVolumeLimit` feature gate (GA since v1.17) has been removed and now unconditionally enabled.","markdown":"The `AttachVolumeLimit` feature gate (GA since v1.17) has been removed and now unconditionally enabled. ([#96539](https://github.com/kubernetes/kubernetes/pull/96539), [@ialidzhikov](https://github.com/ialidzhikov))","documentation":[{"url":"https://github.com/kubernetes/enhancements/issues/554","type":"KEP"}],"author":"ialidzhikov","author_url":"https://github.com/ialidzhikov","pr_url":"https://github.com/kubernetes/kubernetes/pull/96539","pr_number":96539,"kinds":["cleanup"],"sigs":["storage"]},"96561":{"commit":"bc432124a249a6f1f875fb3cf18aa05ca469743f","text":"The `CSINodeInfo` feature gate that is GA since v1.17 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument.","markdown":"The `CSINodeInfo` feature gate that is GA since v1.17 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#96561](https://github.com/kubernetes/kubernetes/pull/96561), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Apps, Auth, Scheduling, Storage and Testing]","author":"ialidzhikov","author_url":"https://github.com/ialidzhikov","pr_url":"https://github.com/kubernetes/kubernetes/pull/96561","pr_number":96561,"areas":["test"],"kinds":["cleanup"],"sigs":["apps","auth","scheduling","storage","testing"],"duplicate":true},"96573":{"commit":"356bea6c9fe93b45f8c6e4391a6a98ec35e34ea6","text":"storage related e2e testsuite redesign \u0026 cleanup","markdown":"Storage related e2e testsuite redesign \u0026 cleanup ([#96573](https://github.com/kubernetes/kubernetes/pull/96573), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Storage and Testing]","author":"Jiawei0227","author_url":"https://github.com/Jiawei0227","pr_url":"https://github.com/kubernetes/kubernetes/pull/96573","pr_number":96573,"areas":["e2e-test-framework","test"],"kinds":["cleanup"],"sigs":["storage","testing"],"duplicate":true},"96617":{"commit":"efb9489acb8602835aa7bd9299424415d9492ace","text":"Fix to recover CSI volumes from certain dangling attachments","markdown":"Fix to recover CSI volumes from certain dangling attachments ([#96617](https://github.com/kubernetes/kubernetes/pull/96617), [@yuga711](https://github.com/yuga711)) [SIG Apps and Storage]","author":"yuga711","author_url":"https://github.com/yuga711","pr_url":"https://github.com/kubernetes/kubernetes/pull/96617","pr_number":96617,"kinds":["bug"],"sigs":["apps","storage"],"duplicate":true},"96668":{"commit":"af212061870489bdc1e4e252de1d1c3ca884916f","text":"ignore update pod with no new images in alwaysPullImages admission controller","markdown":"Ignore update pod with no new images in alwaysPullImages admission controller ([#96668](https://github.com/kubernetes/kubernetes/pull/96668), [@pacoxu](https://github.com/pacoxu)) [SIG Apps, Auth and Node]","author":"pacoxu","author_url":"https://github.com/pacoxu","pr_url":"https://github.com/kubernetes/kubernetes/pull/96668","pr_number":96668,"kinds":["bug"],"sigs":["apps","auth","node"],"duplicate":true},"96673":{"commit":"31fd5671ae863ee3ac20e3ab3cc95d803faafeb7","text":"Fixed Cinder volume IDs on OpenStack Train","markdown":"Fixed Cinder volume IDs on OpenStack Train ([#96673](https://github.com/kubernetes/kubernetes/pull/96673), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider]","author":"jsafrane","author_url":"https://github.com/jsafrane","pr_url":"https://github.com/kubernetes/kubernetes/pull/96673","pr_number":96673,"areas":["cloudprovider"],"kinds":["bug"],"sigs":["cloud-provider"]},"96689":{"commit":"fc43c80ccd0569298c81b2be080aa7dbb6132e95","text":"Ensure all vSphere nodes are are tracked by volume attach-detach controller","markdown":"Ensure all vSphere nodes are are tracked by volume attach-detach controller ([#96689](https://github.com/kubernetes/kubernetes/pull/96689), [@gnufied](https://github.com/gnufied))","author":"gnufied","author_url":"https://github.com/gnufied","pr_url":"https://github.com/kubernetes/kubernetes/pull/96689","pr_number":96689,"areas":["cloudprovider"],"kinds":["bug"],"sigs":["cloud-provider","storage"],"duplicate":true},"96736":{"commit":"ddf3eb5a1877338da806c2be15b53f456b6342c9","text":"Deprecate the `topologyKeys` field in Service. This capability will be replaced with upcoming work around Topology Aware Subsetting and Service Internal Traffic Policy.","markdown":"Deprecate the `topologyKeys` field in Service. This capability will be replaced with upcoming work around Topology Aware Subsetting and Service Internal Traffic Policy. ([#96736](https://github.com/kubernetes/kubernetes/pull/96736), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps]","author":"andrewsykim","author_url":"https://github.com/andrewsykim","pr_url":"https://github.com/kubernetes/kubernetes/pull/96736","pr_number":96736,"kinds":["api-change","deprecation"],"sigs":["apps"],"duplicate_kind":true},"96745":{"commit":"59968394254f70666338783e184738bf59921ef4","text":"Scheduler plugin validation now provides all errors detected instead of the first one.","markdown":"Scheduler plugin validation now provides all errors detected instead of the first one. ([#96745](https://github.com/kubernetes/kubernetes/pull/96745), [@lingsamuel](https://github.com/lingsamuel)) [SIG Node, Scheduling and Testing]","author":"lingsamuel","author_url":"https://github.com/lingsamuel","pr_url":"https://github.com/kubernetes/kubernetes/pull/96745","pr_number":96745,"areas":["test"],"kinds":["cleanup"],"sigs":["node","scheduling","testing"],"duplicate":true},"96751":{"commit":"d5430313bf7d4c85ba2f0b913962c8483e9d773c","text":"Warning about using a deprecated volume plugin is logged only once.","markdown":"Warning about using a deprecated volume plugin is logged only once. ([#96751](https://github.com/kubernetes/kubernetes/pull/96751), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]","author":"jsafrane","author_url":"https://github.com/jsafrane","pr_url":"https://github.com/kubernetes/kubernetes/pull/96751","pr_number":96751,"kinds":["bug"],"sigs":["storage"]},"96821":{"commit":"9720013d926cefb2ce5e5584f993387a2b12ce60","text":"Fix CSI-migrated inline EBS volumes failing to mount if their volumeID is prefixed by aws://","markdown":"Fix CSI-migrated inline EBS volumes failing to mount if their volumeID is prefixed by aws:// ([#96821](https://github.com/kubernetes/kubernetes/pull/96821), [@wongma7](https://github.com/wongma7)) [SIG Storage]","author":"wongma7","author_url":"https://github.com/wongma7","pr_url":"https://github.com/kubernetes/kubernetes/pull/96821","pr_number":96821,"areas":["provider/aws"],"kinds":["bug"],"sigs":["storage"]},"96844":{"commit":"95852d7b8ec6bff61f6bad456ba4a0e9ad4356e1","text":"Use force unmount for NFS volumes if regular mount fails after 1 minute timeout","markdown":"Use force unmount for NFS volumes if regular mount fails after 1 minute timeout ([#96844](https://github.com/kubernetes/kubernetes/pull/96844), [@gnufied](https://github.com/gnufied)) [SIG Storage]","author":"gnufied","author_url":"https://github.com/gnufied","pr_url":"https://github.com/kubernetes/kubernetes/pull/96844","pr_number":96844,"kinds":["bug"],"sigs":["storage"]},"96873":{"commit":"a20aeb8eed76d17117ca6086a1192c49d67c393b","text":"AcceleratorStats will be available in the Summary API of kubelet when cri_stats_provider is used.","markdown":"AcceleratorStats will be available in the Summary API of kubelet when cri_stats_provider is used. ([#96873](https://github.com/kubernetes/kubernetes/pull/96873), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node]","author":"ruiwen-zhao","author_url":"https://github.com/ruiwen-zhao","pr_url":"https://github.com/kubernetes/kubernetes/pull/96873","pr_number":96873,"areas":["kubelet"],"kinds":["bug"],"sigs":["node"]},"96876":{"commit":"5569db4902b39d33b6990bf20d8f7e78e83b1983","text":"fixing a bug where a failed node may not have the NoExecute taint set correctly","markdown":"Fixing a bug where a failed node may not have the NoExecute taint set correctly ([#96876](https://github.com/kubernetes/kubernetes/pull/96876), [@howieyuen](https://github.com/howieyuen)) [SIG Apps and Node]","author":"howieyuen","author_url":"https://github.com/howieyuen","pr_url":"https://github.com/kubernetes/kubernetes/pull/96876","pr_number":96876,"areas":["node-lifecycle"],"kinds":["bug"],"sigs":["apps","node"],"duplicate":true},"96889":{"commit":"39483aa0957be65b04686173d2970b508b3974ca","text":"Fixed cleanup of block devices when /var/lib/kubelet is a symlink.","markdown":"Fixed cleanup of block devices when /var/lib/kubelet is a symlink. ([#96889](https://github.com/kubernetes/kubernetes/pull/96889), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]","author":"jsafrane","author_url":"https://github.com/jsafrane","pr_url":"https://github.com/kubernetes/kubernetes/pull/96889","pr_number":96889,"kinds":["bug"],"sigs":["storage"]},"97006":{"commit":"75115236e77c08698d6fdd91c3c9d0897de44ad6","text":"Fix missing cadvisor machine metrics.","markdown":"Fix missing cadvisor machine metrics. ([#97006](https://github.com/kubernetes/kubernetes/pull/97006), [@lingsamuel](https://github.com/lingsamuel)) [SIG Node]","author":"lingsamuel","author_url":"https://github.com/lingsamuel","pr_url":"https://github.com/kubernetes/kubernetes/pull/97006","pr_number":97006,"areas":["kubelet"],"kinds":["bug"],"sigs":["node"]},"97009":{"commit":"74b4f3d0151f5c007f168d62f93cde12fdb9de98","text":"Add flag --lease-reuse-duration-seconds for kube-apiserver to config etcd lease reuse duration.","markdown":"Add flag --lease-reuse-duration-seconds for kube-apiserver to config etcd lease reuse duration. ([#97009](https://github.com/kubernetes/kubernetes/pull/97009), [@lingsamuel](https://github.com/lingsamuel)) [SIG API Machinery and Scalability]","author":"lingsamuel","author_url":"https://github.com/lingsamuel","pr_url":"https://github.com/kubernetes/kubernetes/pull/97009","pr_number":97009,"areas":["apiserver"],"kinds":["feature"],"sigs":["api-machinery","scalability"],"feature":true,"duplicate":true},"97011":{"commit":"7b4fc68f523a6780855e8473bf05a0b19c7a4fd5","text":"Cluster Autoscaler version bump to v1.20.0","markdown":"Cluster Autoscaler version bump to v1.20.0 ([#97011](https://github.com/kubernetes/kubernetes/pull/97011), [@towca](https://github.com/towca))","author":"towca","author_url":"https://github.com/towca","pr_url":"https://github.com/kubernetes/kubernetes/pull/97011","pr_number":97011,"areas":["provider/gcp"],"kinds":["bug"],"sigs":["cloud-provider"]},"97013":{"commit":"f8db0d91dedc879f7981478ba1917789acb6e2c5","text":"Fixed FibreChannel volume plugin corrupting filesystems on detach of multipath volumes.","markdown":"Fixed FibreChannel volume plugin corrupting filesystems on detach of multipath volumes. ([#97013](https://github.com/kubernetes/kubernetes/pull/97013), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]","author":"jsafrane","author_url":"https://github.com/jsafrane","pr_url":"https://github.com/kubernetes/kubernetes/pull/97013","pr_number":97013,"kinds":["bug"],"sigs":["storage"]},"97029":{"commit":"74a7fc46c313320dfe08195fcf6e5592dbbb4e06","text":"cloud-controller-manager: routes controller should not depend on --allocate-node-cidrs","markdown":"Cloud-controller-manager: routes controller should not depend on --allocate-node-cidrs ([#97029](https://github.com/kubernetes/kubernetes/pull/97029), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cloud Provider and Testing]","author":"andrewsykim","author_url":"https://github.com/andrewsykim","pr_url":"https://github.com/kubernetes/kubernetes/pull/97029","pr_number":97029,"areas":["cloudprovider","test"],"kinds":["bug"],"sigs":["cloud-provider","testing"],"duplicate":true},"97033":{"commit":"e11e9d4c6c3f522ed398748a11cc5dd1f8949c2b","text":"Bump github.com/Azure/go-autorest/autorest to v0.11.12","markdown":"Bump github.com/Azure/go-autorest/autorest to v0.11.12 ([#97033](https://github.com/kubernetes/kubernetes/pull/97033), [@patrickshan](https://github.com/patrickshan)) [SIG API Machinery, CLI, Cloud Provider and Cluster Lifecycle]","author":"patrickshan","author_url":"https://github.com/patrickshan","pr_url":"https://github.com/kubernetes/kubernetes/pull/97033","pr_number":97033,"areas":["apiserver","cloudprovider","dependency","kubectl","provider/azure"],"kinds":["cleanup"],"sigs":["api-machinery","cli","cloud-provider","cluster-lifecycle"],"duplicate":true},"97082":{"commit":"ff110654e912040cb55396c743c610996bb3b674","text":"fix: azure file latency issue for metadata-heavy workloads","markdown":"Fix: azure file latency issue for metadata-heavy workloads ([#97082](https://github.com/kubernetes/kubernetes/pull/97082), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]","author":"andyzhangx","author_url":"https://github.com/andyzhangx","pr_url":"https://github.com/kubernetes/kubernetes/pull/97082","pr_number":97082,"areas":["provider/azure"],"kinds":["bug"],"sigs":["cloud-provider","storage"],"duplicate":true},"97083":{"commit":"d0dce7035832f0673d87ae44503560204f3d3d46","text":"Enable SPDY pings to keep connections alive, so that `kubectl exec` and `kubectl portforward` won't be interrupted.","markdown":"Enable SPDY pings to keep connections alive, so that `kubectl exec` and `kubectl portforward` won't be interrupted. ([#97083](https://github.com/kubernetes/kubernetes/pull/97083), [@knight42](https://github.com/knight42)) [SIG API Machinery and CLI]","author":"knight42","author_url":"https://github.com/knight42","pr_url":"https://github.com/kubernetes/kubernetes/pull/97083","pr_number":97083,"kinds":["api-change","feature"],"sigs":["api-machinery","cli"],"feature":true,"duplicate":true,"duplicate_kind":true},"97087":{"commit":"fa04c55ee659fd75fc465a3d18938b08f75b6dd1","text":"kubeadm: change the default image repository for CI images from 'gcr.io/kubernetes-ci-images' to 'gcr.io/k8s-staging-ci-images'","markdown":"Kubeadm: change the default image repository for CI images from 'gcr.io/kubernetes-ci-images' to 'gcr.io/k8s-staging-ci-images' ([#97087](https://github.com/kubernetes/kubernetes/pull/97087), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]","author":"SataQiu","author_url":"https://github.com/SataQiu","pr_url":"https://github.com/kubernetes/kubernetes/pull/97087","pr_number":97087,"areas":["kubeadm"],"kinds":["cleanup"],"sigs":["cluster-lifecycle"]},"97096":{"commit":"42d19f9641270b06a68f805de7c5fc9fc2097e4f","text":"Remove deprecated mixed procotol annotation on Azure provider. Use `MixedProtocolLBService` instead.","markdown":"Remove deprecated mixed procotol annotation on Azure provider. Use `MixedProtocolLBService` instead. ([#97096](https://github.com/kubernetes/kubernetes/pull/97096), [@nilo19](https://github.com/nilo19))","author":"nilo19","author_url":"https://github.com/nilo19","pr_url":"https://github.com/kubernetes/kubernetes/pull/97096","pr_number":97096,"areas":["cloudprovider","provider/azure"],"kinds":["cleanup","deprecation"],"sigs":["cloud-provider"]},"97115":{"commit":"05b6addffb87d6b6499e19a5f1f577e06452d7dd","text":"NONE","markdown":"NONE ([#97115](https://github.com/kubernetes/kubernetes/pull/97115), [@IanColdwater](https://github.com/IanColdwater)) [SIG Contributor Experience and Security]","author":"IanColdwater","author_url":"https://github.com/IanColdwater","pr_url":"https://github.com/kubernetes/kubernetes/pull/97115","pr_number":97115,"kinds":["cleanup"],"sigs":["contributor-experience","security"],"duplicate":true,"do_not_publish":true},"97148":{"commit":"6ba3045176245d107e42d178bfcd259175d3ed54","text":"TokenRequest and TokenRequestProjection feature gates are now unconditionally enabled.","markdown":"TokenRequest and TokenRequestProjection feature gates are now unconditionally enabled. ([#97148](https://github.com/kubernetes/kubernetes/pull/97148), [@wawa0210](https://github.com/wawa0210))","author":"wawa0210","author_url":"https://github.com/wawa0210","pr_url":"https://github.com/kubernetes/kubernetes/pull/97148","pr_number":97148,"areas":["kubelet"],"kinds":["cleanup","deprecation"],"sigs":["node"],"duplicate_kind":true,"action_required":true},"97171":{"commit":"ae6729bb78ef7a3221483c66751fba9a77b9337c","text":"The PodSecurityPolicy API is deprecated in 1.21, and will no longer be served starting in 1.25.","markdown":"The PodSecurityPolicy API is deprecated in 1.21, and will no longer be served starting in 1.25. ([#97171](https://github.com/kubernetes/kubernetes/pull/97171), [@deads2k](https://github.com/deads2k)) [SIG Auth and CLI]","author":"deads2k","author_url":"https://github.com/deads2k","pr_url":"https://github.com/kubernetes/kubernetes/pull/97171","pr_number":97171,"areas":["kubectl"],"kinds":["api-change","cleanup","deprecation"],"sigs":["auth","cli"],"duplicate":true,"duplicate_kind":true},"97174":{"commit":"73118aecca618fd07a5dbeaff6a69b6200a4c381","text":"Fixed a bug in kubelet that will saturate CPU utilization after containerd got restarted.","markdown":"Fixed a bug in kubelet that will saturate CPU utilization after containerd got restarted. ([#97174](https://github.com/kubernetes/kubernetes/pull/97174), [@hanlins](https://github.com/hanlins)) [SIG Node]","author":"hanlins","author_url":"https://github.com/hanlins","pr_url":"https://github.com/kubernetes/kubernetes/pull/97174","pr_number":97174,"areas":["dependency"],"kinds":["bug"],"sigs":["node"]},"97244":{"commit":"6fc51bc52865603c165787af08e22c859d7423d0","text":"kubeadm installs etcd v3.4.13 when creating cluster v1.19","markdown":"Kubeadm installs etcd v3.4.13 when creating cluster v1.19 ([#97244](https://github.com/kubernetes/kubernetes/pull/97244), [@pacoxu](https://github.com/pacoxu))","author":"pacoxu","author_url":"https://github.com/pacoxu","pr_url":"https://github.com/kubernetes/kubernetes/pull/97244","pr_number":97244,"areas":["kubeadm"],"kinds":["bug"],"sigs":["cluster-lifecycle"]},"97266":{"commit":"88a05df5ff1b311e8e92f64b4f3a2c7d4329d14e","text":"kubeadm: add support for certificate chain validation. When using kubeadm in external CA mode, this allows an intermediate CA to be used to sign the certificates. The intermediate CA certificate must be appended to each signed certificate for this to work correctly.","markdown":"Kubeadm: add support for certificate chain validation. When using kubeadm in external CA mode, this allows an intermediate CA to be used to sign the certificates. The intermediate CA certificate must be appended to each signed certificate for this to work correctly. ([#97266](https://github.com/kubernetes/kubernetes/pull/97266), [@robbiemcmichael](https://github.com/robbiemcmichael)) [SIG Cluster Lifecycle]","author":"robbiemcmichael","author_url":"https://github.com/robbiemcmichael","pr_url":"https://github.com/kubernetes/kubernetes/pull/97266","pr_number":97266,"areas":["kubeadm"],"kinds":["bug","feature"],"sigs":["cluster-lifecycle"],"feature":true,"duplicate_kind":true},"97290":{"commit":"242e07dc3c6129a2ccae864d58edf7da28722f34","text":"kubeadm: improve the error messaging when the user provides an invalid discovery token CA certificate hash.","markdown":"Kubeadm: improve the error messaging when the user provides an invalid discovery token CA certificate hash. ([#97290](https://github.com/kubernetes/kubernetes/pull/97290), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]","author":"neolit123","author_url":"https://github.com/neolit123","pr_url":"https://github.com/kubernetes/kubernetes/pull/97290","pr_number":97290,"areas":["kubeadm"],"kinds":["cleanup"],"sigs":["cluster-lifecycle"]},"97306":{"commit":"c6789a175be8c1eea5758573fb9a75adc65f7752","text":"The deprecated feature gates `RotateKubeletClientCertificate`, `AttachVolumeLimit`, `VolumePVCDataSource` and `EvenPodsSpread` are now unconditionally enabled and can no longer be specified in component invocations.","markdown":"The deprecated feature gates `RotateKubeletClientCertificate`, `AttachVolumeLimit`, `VolumePVCDataSource` and `EvenPodsSpread` are now unconditionally enabled and can no longer be specified in component invocations. ([#97306](https://github.com/kubernetes/kubernetes/pull/97306), [@gavinfish](https://github.com/gavinfish)) [SIG Node, Scheduling and Storage]","author":"gavinfish","author_url":"https://github.com/gavinfish","pr_url":"https://github.com/kubernetes/kubernetes/pull/97306","pr_number":97306,"kinds":["cleanup"],"sigs":["node","scheduling","storage"],"duplicate":true},"97322":{"commit":"ad97a5b7a5a7a94bfd6ecdd27f47aa87dde289a5","text":"The Kubernetes pause image manifest list now contains an image for Windows Server 20H2.","markdown":"The Kubernetes pause image manifest list now contains an image for Windows Server 20H2. ([#97322](https://github.com/kubernetes/kubernetes/pull/97322), [@claudiubelu](https://github.com/claudiubelu)) [SIG Windows]","author":"claudiubelu","author_url":"https://github.com/claudiubelu","pr_url":"https://github.com/kubernetes/kubernetes/pull/97322","pr_number":97322,"kinds":["feature"],"sigs":["windows"],"feature":true},"97336":{"commit":"ffe74b2cf14fbd6de99d65f707bc331c98eb83b1","text":"remove deprecated --cleanup-ipvs flag of kube-proxy, and make --cleanup flag always to flush IPVS","markdown":"Remove deprecated --cleanup-ipvs flag of kube-proxy, and make --cleanup flag always to flush IPVS ([#97336](https://github.com/kubernetes/kubernetes/pull/97336), [@maaoBit](https://github.com/maaoBit)) [SIG Network]","author":"maaoBit","author_url":"https://github.com/maaoBit","pr_url":"https://github.com/kubernetes/kubernetes/pull/97336","pr_number":97336,"areas":["ipvs"],"kinds":["bug","deprecation"],"sigs":["network"]},"97349":{"commit":"94be86aaa242969bf20df91d68f9ac09619ecdb0","text":"Migrate some scheduler log messages to structured logging","markdown":"Migrate some scheduler log messages to structured logging ([#97349](https://github.com/kubernetes/kubernetes/pull/97349), [@aldudko](https://github.com/aldudko)) [SIG Scheduling]","author":"aldudko","author_url":"https://github.com/aldudko","pr_url":"https://github.com/kubernetes/kubernetes/pull/97349","pr_number":97349,"kinds":["cleanup"],"sigs":["scheduling"]},"97366":{"commit":"55fd3685d975158be04de7f7f324248ba929292f","text":"Fix nil VMSS name when setting service to auto mode","markdown":"Fix nil VMSS name when setting service to auto mode ([#97366](https://github.com/kubernetes/kubernetes/pull/97366), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider]","author":"nilo19","author_url":"https://github.com/nilo19","pr_url":"https://github.com/kubernetes/kubernetes/pull/97366","pr_number":97366,"areas":["cloudprovider","provider/azure"],"kinds":["bug"],"sigs":["cloud-provider"]},"97372":{"commit":"dc70c79a00b256f065acadc11d9b9c6bac59991a","text":"kubeadm: fix a bug where \"kubeadm join\" would not properly handle missing names for existing etcd members.","markdown":"Kubeadm: fix a bug where \"kubeadm join\" would not properly handle missing names for existing etcd members. ([#97372](https://github.com/kubernetes/kubernetes/pull/97372), [@ihgann](https://github.com/ihgann)) [SIG Cluster Lifecycle]","author":"ihgann","author_url":"https://github.com/ihgann","pr_url":"https://github.com/kubernetes/kubernetes/pull/97372","pr_number":97372,"areas":["kubeadm"],"kinds":["bug"],"sigs":["cluster-lifecycle"]},"97379":{"commit":"eff5b075f19dbb981a06bcd9b093b93a163dc981","text":"Change the APIVersion proto name of BoundObjectRef from aPIVersion to apiVersion.","markdown":"Change the APIVersion proto name of BoundObjectRef from aPIVersion to apiVersion. ([#97379](https://github.com/kubernetes/kubernetes/pull/97379), [@kebe7jun](https://github.com/kebe7jun)) [SIG Auth]","author":"kebe7jun","author_url":"https://github.com/kebe7jun","pr_url":"https://github.com/kubernetes/kubernetes/pull/97379","pr_number":97379,"kinds":["api-change","bug"],"sigs":["auth"],"duplicate_kind":true},"97403":{"commit":"32093b0447e86c6808c78e597ec2a3ceac054c57","text":"kubeadm: fix a bug in the host memory detection code on 32bit Linux platforms","markdown":"Kubeadm: fix a bug in the host memory detection code on 32bit Linux platforms ([#97403](https://github.com/kubernetes/kubernetes/pull/97403), [@abelbarrera15](https://github.com/abelbarrera15)) [SIG Cluster Lifecycle]","author":"abelbarrera15","author_url":"https://github.com/abelbarrera15","pr_url":"https://github.com/kubernetes/kubernetes/pull/97403","pr_number":97403,"areas":["kubeadm"],"kinds":["bug"],"sigs":["cluster-lifecycle"]},"97413":{"commit":"6d76ece4d6e1ad01bad3e866279bc35065813ec7","text":"kubeadm: fix a whitespace issue in the output of the \"kubeadm join\" command shown as the output of \"kubeadm init\" and \"kubeadm token create --print-join-command\"","markdown":"Kubeadm: fix a whitespace issue in the output of the \"kubeadm join\" command shown as the output of \"kubeadm init\" and \"kubeadm token create --print-join-command\" ([#97413](https://github.com/kubernetes/kubernetes/pull/97413), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]","author":"SataQiu","author_url":"https://github.com/SataQiu","pr_url":"https://github.com/kubernetes/kubernetes/pull/97413","pr_number":97413,"areas":["kubeadm"],"kinds":["cleanup"],"sigs":["cluster-lifecycle"]},"97417":{"commit":"8d43976b745ede2f96f85647801636a83194b7ae","text":"fix Azure file share not deleted issue when the namespace is deleted","markdown":"Fix Azure file share not deleted issue when the namespace is deleted ([#97417](https://github.com/kubernetes/kubernetes/pull/97417), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]","author":"andyzhangx","author_url":"https://github.com/andyzhangx","pr_url":"https://github.com/kubernetes/kubernetes/pull/97417","pr_number":97417,"areas":["provider/azure"],"kinds":["bug"],"sigs":["cloud-provider","storage"],"duplicate":true},"97427":{"commit":"4dc3a42712681186ed94d0a11cbdca573315809c","text":"Fixed bug in CPUManager with race on container map access","markdown":"Fixed bug in CPUManager with race on container map access ([#97427](https://github.com/kubernetes/kubernetes/pull/97427), [@klueska](https://github.com/klueska)) [SIG Node]","author":"klueska","author_url":"https://github.com/klueska","pr_url":"https://github.com/kubernetes/kubernetes/pull/97427","pr_number":97427,"areas":["kubelet"],"kinds":["bug"],"sigs":["node"]},"97440":{"commit":"815d7769f32b10469b2aa9fd6a02e1efabb57d4c","text":"fix kubectl label error when local=true is set","markdown":"Fix kubectl label error when local=true is set ([#97440](https://github.com/kubernetes/kubernetes/pull/97440), [@pandaamanda](https://github.com/pandaamanda)) [SIG CLI]","author":"pandaamanda","author_url":"https://github.com/pandaamanda","pr_url":"https://github.com/kubernetes/kubernetes/pull/97440","pr_number":97440,"areas":["kubectl"],"kinds":["bug","cleanup"],"sigs":["cli"],"duplicate_kind":true},"97451":{"commit":"f9c7c59e25d2ae82bf7b3d72ec65e41c712f24bd","text":"fix counting error in service/nodeport/loadbalancer quota check","markdown":"Fix counting error in service/nodeport/loadbalancer quota check ([#97451](https://github.com/kubernetes/kubernetes/pull/97451), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Network and Testing]","author":"pacoxu","author_url":"https://github.com/pacoxu","pr_url":"https://github.com/kubernetes/kubernetes/pull/97451","pr_number":97451,"areas":["apiserver","test"],"kinds":["bug"],"sigs":["api-machinery","network","testing"],"duplicate":true},"97480":{"commit":"e054aa268e86808c381226b2eded83a3f84834f8","text":"Add flag --lease-max-object-size and metric etcd_lease_object_counts for kube-apiserver to config and observe max objects attached to a single etcd lease.","markdown":"Add flag --lease-max-object-size and metric etcd_lease_object_counts for kube-apiserver to config and observe max objects attached to a single etcd lease. ([#97480](https://github.com/kubernetes/kubernetes/pull/97480), [@lingsamuel](https://github.com/lingsamuel)) [SIG API Machinery, Instrumentation and Scalability]","author":"lingsamuel","author_url":"https://github.com/lingsamuel","pr_url":"https://github.com/kubernetes/kubernetes/pull/97480","pr_number":97480,"areas":["apiserver"],"kinds":["feature"],"sigs":["api-machinery","instrumentation","scalability"],"feature":true,"duplicate":true},"97509":{"commit":"172cb33f3270d25bcdafbd084614523f5ca2dd13","text":"Migrate log messages in pkg/scheduler/{scheduler.go,factory.go} to structured logging","markdown":"Migrate log messages in pkg/scheduler/{scheduler.go,factory.go} to structured logging ([#97509](https://github.com/kubernetes/kubernetes/pull/97509), [@aldudko](https://github.com/aldudko)) [SIG Scheduling]","author":"aldudko","author_url":"https://github.com/aldudko","pr_url":"https://github.com/kubernetes/kubernetes/pull/97509","pr_number":97509,"kinds":["cleanup"],"sigs":["scheduling"]},"97543":{"commit":"0300aa712e378373261effcfb4a7895e5356c43e","text":"`ServiceNodeExclusion`, `NodeDisruptionExclusion` and `LegacyNodeRoleBehavior`(locked to false) features have been promoted to GA. \nTo prevent control plane nodes being added to load balancers automatically, upgrade users need to add \"node.kubernetes.io/exclude-from-external-load-balancers\"  label to control plane nodes.","markdown":"`ServiceNodeExclusion`, `NodeDisruptionExclusion` and `LegacyNodeRoleBehavior`(locked to false) features have been promoted to GA. \n  To prevent control plane nodes being added to load balancers automatically, upgrade users need to add \"node.kubernetes.io/exclude-from-external-load-balancers\"  label to control plane nodes. ([#97543](https://github.com/kubernetes/kubernetes/pull/97543), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Apps, Cloud Provider and Network]","documentation":[{"description":"[KEP]","url":"https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/1143-node-role-labels","type":"KEP"}],"author":"pacoxu","author_url":"https://github.com/pacoxu","pr_url":"https://github.com/kubernetes/kubernetes/pull/97543","pr_number":97543,"areas":["cloudprovider"],"kinds":["cleanup"],"sigs":["api-machinery","apps","cloud-provider","network"],"duplicate":true,"action_required":true},"97583":{"commit":"deb01c1a7a7aab62ad64abf0ff3ae76a9e91abb2","text":"kubeadm: graduate the command `kubeadm alpha kubeconfig user` to `kubeadm kubeconfig user`. The `kubeadm alpha kubeconfig user` command is deprecated now.","markdown":"Kubeadm: graduate the command `kubeadm alpha kubeconfig user` to `kubeadm kubeconfig user`. The `kubeadm alpha kubeconfig user` command is deprecated now. ([#97583](https://github.com/kubernetes/kubernetes/pull/97583), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle]","author":"knight42","author_url":"https://github.com/knight42","pr_url":"https://github.com/kubernetes/kubernetes/pull/97583","pr_number":97583,"areas":["kubeadm"],"kinds":["deprecation","feature"],"sigs":["cluster-lifecycle"],"feature":true,"duplicate_kind":true},"97615":{"commit":"c5cc25d1cb075f84756db9bffecd3fafe12c5fab","text":"Promote Immutable Secrets/ConfigMaps feature to Stable.\nThis allows to set `Immutable` field in Secrets or ConfigMap object to mark their contents as immutable.","markdown":"Promote Immutable Secrets/ConfigMaps feature to Stable.\n  This allows to set `Immutable` field in Secrets or ConfigMap object to mark their contents as immutable. ([#97615](https://github.com/kubernetes/kubernetes/pull/97615), [@wojtek-t](https://github.com/wojtek-t)) [SIG Apps, Architecture, Node and Testing]","author":"wojtek-t","author_url":"https://github.com/wojtek-t","pr_url":"https://github.com/kubernetes/kubernetes/pull/97615","pr_number":97615,"areas":["conformance","kubelet","test"],"kinds":["api-change","feature"],"sigs":["apps","architecture","node","testing"],"feature":true,"duplicate":true,"duplicate_kind":true},"97621":{"commit":"97a3e9e7e831a989f38c5830533b6e1b08a52a54","text":"The current version of the container image publicly exposed IP serving a /metrics endpoint to the Internet. The new version of the container image serves /metrics endpoint on a different port.","markdown":"The current version of the container image publicly exposed IP serving a /metrics endpoint to the Internet. The new version of the container image serves /metrics endpoint on a different port. ([#97621](https://github.com/kubernetes/kubernetes/pull/97621), [@vbannai](https://github.com/vbannai)) [SIG Cloud Provider]","author":"vbannai","author_url":"https://github.com/vbannai","pr_url":"https://github.com/kubernetes/kubernetes/pull/97621","pr_number":97621,"areas":["provider/gcp"],"kinds":["bug"],"sigs":["cloud-provider"]},"97625":{"commit":"43ce28b9954c0d0b8b43b02724f12dce795befec","text":"kubeadm: avoid detection of the container runtime for commands that do not need it","markdown":"Kubeadm: avoid detection of the container runtime for commands that do not need it ([#97625](https://github.com/kubernetes/kubernetes/pull/97625), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle]","author":"pacoxu","author_url":"https://github.com/pacoxu","pr_url":"https://github.com/kubernetes/kubernetes/pull/97625","pr_number":97625,"areas":["kubeadm"],"kinds":["bug"],"sigs":["cluster-lifecycle"]},"97627":{"commit":"8725c3bf12cfd3697464136201216fa05dc662d2","text":"kubeadm: deprecated command \"alpha selfhosting pivot\" is now removed.","markdown":"Kubeadm: deprecated command \"alpha selfhosting pivot\" is now removed. ([#97627](https://github.com/kubernetes/kubernetes/pull/97627), [@knight42](https://github.com/knight42))","author":"knight42","author_url":"https://github.com/knight42","pr_url":"https://github.com/kubernetes/kubernetes/pull/97627","pr_number":97627,"areas":["kubeadm"],"kinds":["cleanup","deprecation"],"sigs":["cluster-lifecycle"],"duplicate_kind":true},"97678":{"commit":"466e2e3751c0cb515a7c6e85225cb981b8b9b985","text":"migrate proxy/iptables/proxier.go logs to structured logging","markdown":"Migrate proxy/iptables/proxier.go logs to structured logging ([#97678](https://github.com/kubernetes/kubernetes/pull/97678), [@JornShen](https://github.com/JornShen)) [SIG Network]","author":"JornShen","author_url":"https://github.com/JornShen","pr_url":"https://github.com/kubernetes/kubernetes/pull/97678","pr_number":97678,"kinds":["cleanup"],"sigs":["network"]},"97693":{"commit":"d1db90ba579e9c01194f92ba6daff852e3b4c6e7","text":"The OIDC authenticator no longer waits 10 seconds before attempting to fetch the metadata required to verify tokens.","markdown":"The OIDC authenticator no longer waits 10 seconds before attempting to fetch the metadata required to verify tokens. ([#97693](https://github.com/kubernetes/kubernetes/pull/97693), [@enj](https://github.com/enj)) [SIG API Machinery and Auth]","author":"enj","author_url":"https://github.com/enj","pr_url":"https://github.com/kubernetes/kubernetes/pull/97693","pr_number":97693,"areas":["apiserver"],"kinds":["cleanup"],"sigs":["api-machinery","auth"],"duplicate":true},"97706":{"commit":"17bb2fc050ec786b60db7d8d6d4d3ac8eeac205b","text":"kubeadm: the \"kubeadm alpha certs\" command is removed now, please use \"kubeadm certs\" instead.","markdown":"Kubeadm: the \"kubeadm alpha certs\" command is removed now, please use \"kubeadm certs\" instead. ([#97706](https://github.com/kubernetes/kubernetes/pull/97706), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle]","author":"knight42","author_url":"https://github.com/knight42","pr_url":"https://github.com/kubernetes/kubernetes/pull/97706","pr_number":97706,"areas":["kubeadm"],"kinds":["cleanup","deprecation"],"sigs":["cluster-lifecycle"],"duplicate_kind":true},"97740":{"commit":"e9353e9a8b2230d81bf2d2b5cc58a1ccb8608229","text":"GCE Internal LoadBalancer sync loop will now release the ILB IP address upon sync failure. An error in ILB forwarding rule creation will no longer leak IP addresses.","markdown":"GCE Internal LoadBalancer sync loop will now release the ILB IP address upon sync failure. An error in ILB forwarding rule creation will no longer leak IP addresses. ([#97740](https://github.com/kubernetes/kubernetes/pull/97740), [@prameshj](https://github.com/prameshj)) [SIG Cloud Provider and Network]","author":"prameshj","author_url":"https://github.com/prameshj","pr_url":"https://github.com/kubernetes/kubernetes/pull/97740","pr_number":97740,"areas":["cloudprovider"],"kinds":["bug"],"sigs":["cloud-provider","network"],"duplicate":true},"97754":{"commit":"db183c7e80815558f0bdd8166f24e4af555166a1","text":"Fix kubectl-convert failure on using known apiVersion.","markdown":"Fix kubectl-convert failure on using known apiVersion. ([#97754](https://github.com/kubernetes/kubernetes/pull/97754), [@wzshiming](https://github.com/wzshiming))","author":"wzshiming","author_url":"https://github.com/wzshiming","pr_url":"https://github.com/kubernetes/kubernetes/pull/97754","pr_number":97754,"areas":["kubectl","test"],"kinds":["bug"],"sigs":["cli","testing"],"duplicate":true},"97857":{"commit":"e9dba7a627520f89778b367fc0d955776f220638","text":"Using exec auth plugins with kubectl no longer results in warnings about constructing many client instances from the same exec auth config.","markdown":"Using exec auth plugins with kubectl no longer results in warnings about constructing many client instances from the same exec auth config. ([#97857](https://github.com/kubernetes/kubernetes/pull/97857), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Auth]","author":"liggitt","author_url":"https://github.com/liggitt","pr_url":"https://github.com/kubernetes/kubernetes/pull/97857","pr_number":97857,"kinds":["bug"],"sigs":["api-machinery","auth"],"duplicate":true},"97860":{"commit":"d9a26fb69bcb194c1b56a93eca0735a8fdf3bd63","text":"Performance regresssion #97685 has been fixed.","markdown":"Performance regresssion #97685 has been fixed. ([#97860](https://github.com/kubernetes/kubernetes/pull/97860), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery]","author":"MikeSpreitzer","author_url":"https://github.com/MikeSpreitzer","pr_url":"https://github.com/kubernetes/kubernetes/pull/97860","pr_number":97860,"areas":["apiserver"],"kinds":["bug","regression"],"sigs":["api-machinery"],"duplicate_kind":true},"97919":{"commit":"bd947dfc652f58900b7e29e60e28af4c6fb7eb95","text":"kubeadm: fix a bug where \"kubeadm upgrade\" commands can fail if CoreDNS v1.8.0 is installed.","markdown":"Kubeadm: fix a bug where \"kubeadm upgrade\" commands can fail if CoreDNS v1.8.0 is installed. ([#97919](https://github.com/kubernetes/kubernetes/pull/97919), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]","author":"neolit123","author_url":"https://github.com/neolit123","pr_url":"https://github.com/kubernetes/kubernetes/pull/97919","pr_number":97919,"areas":["kubeadm"],"kinds":["bug"],"sigs":["cluster-lifecycle"]},"97922":{"commit":"0b75828dfc90dff01996e821f10e97a38f7f2230","text":"Fix CVE-2020-8555 for Gluster client connections.","markdown":"Fix CVE-2020-8555 for Gluster client connections. ([#97922](https://github.com/kubernetes/kubernetes/pull/97922), [@liggitt](https://github.com/liggitt)) [SIG Storage]","author":"liggitt","author_url":"https://github.com/liggitt","pr_url":"https://github.com/kubernetes/kubernetes/pull/97922","pr_number":97922,"areas":["dependency"],"kinds":["bug"],"sigs":["storage"]},"97935":{"commit":"bfb4f17fe2836f4cbe570eb88ec3fc9bf00022c4","text":"Official support to build kubernetes with docker-machine / remote docker is removed. This change does not affect building kubernetes with docker locally.","markdown":"Official support to build kubernetes with docker-machine / remote docker is removed. This change does not affect building kubernetes with docker locally. ([#97935](https://github.com/kubernetes/kubernetes/pull/97935), [@adeniyistephen](https://github.com/adeniyistephen)) [SIG Release and Testing]","author":"adeniyistephen","author_url":"https://github.com/adeniyistephen","pr_url":"https://github.com/kubernetes/kubernetes/pull/97935","pr_number":97935,"kinds":["documentation"],"sigs":["release","testing"],"duplicate":true},"97950":{"commit":"47ccae1e5c0d572e70b7050e3512970d24a1c83d","text":"Avoid systemd-logind loading configuration warning","markdown":"Avoid systemd-logind loading configuration warning ([#97950](https://github.com/kubernetes/kubernetes/pull/97950), [@wzshiming](https://github.com/wzshiming)) [SIG Node]","author":"wzshiming","author_url":"https://github.com/wzshiming","pr_url":"https://github.com/kubernetes/kubernetes/pull/97950","pr_number":97950,"areas":["kubelet"],"kinds":["bug"],"sigs":["node"]},"97967":{"commit":"69aae7aa6c086ebdfb19c46529d478ac7fc2df1f","text":"Update cri-tools to [v1.20.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.20.0)","markdown":"Update cri-tools to [v1.20.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.20.0) ([#97967](https://github.com/kubernetes/kubernetes/pull/97967), [@rajibmitra](https://github.com/rajibmitra)) [SIG Cloud Provider]","author":"rajibmitra","author_url":"https://github.com/rajibmitra","pr_url":"https://github.com/kubernetes/kubernetes/pull/97967","pr_number":97967,"areas":["provider/gcp"],"kinds":["cleanup"],"sigs":["cloud-provider"]},"97980":{"commit":"e0b2787ee1e066287d2d19c3841f18f07669b47d","text":"Fix the regression with the slow pods termination. Before this fix pods may take an additional time to terminate - up to one minute. Reversing the change that ensured that CNI resources cleaned up when the pod is removed on API server.","markdown":"Fix the regression with the slow pods termination. Before this fix pods may take an additional time to terminate - up to one minute. Reversing the change that ensured that CNI resources cleaned up when the pod is removed on API server. ([#97980](https://github.com/kubernetes/kubernetes/pull/97980), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Node]","author":"SergeyKanzhelev","author_url":"https://github.com/SergeyKanzhelev","pr_url":"https://github.com/kubernetes/kubernetes/pull/97980","pr_number":97980,"areas":["kubelet"],"kinds":["bug"],"sigs":["node"]}}
\ No newline at end of file
diff --git a/releases/release-1.21/release-notes-draft.md b/releases/release-1.21/release-notes-draft.md
new file mode 100644
index 00000000000..eb0615458da
--- /dev/null
+++ b/releases/release-1.21/release-notes-draft.md
@@ -0,0 +1,136 @@
+# Release notes for v1.21.0-alpha.1
+
+[Documentation](https://docs.k8s.io/docs/home)
+# Changelog since v1.20.0
+
+## Urgent Upgrade Notes 
+
+### (No, really, you MUST read this before you upgrade)
+
+- Kube-proxy's IPVS proxy mode no longer sets the net.ipv4.conf.all.route_localnet sysctl parameter. Nodes upgrading will have net.ipv4.conf.all.route_localnet set to 1 but new nodes will inherit the system default (usually 0). If you relied on any behavior requiring net.ipv4.conf.all.route_localnet, you must set ensure it is enabled as kube-proxy will no longer set it automatically. This change helps to further mitigate CVE-2020-8558. ([#92938](https://github.com/kubernetes/kubernetes/pull/92938), [@lbernail](https://github.com/lbernail)) [SIG Network and Release]
+ - `ServiceNodeExclusion`, `NodeDisruptionExclusion` and `LegacyNodeRoleBehavior`(locked to false) features have been promoted to GA. 
+  To prevent control plane nodes being added to load balancers automatically, upgrade users need to add "node.kubernetes.io/exclude-from-external-load-balancers"  label to control plane nodes. ([#97543](https://github.com/kubernetes/kubernetes/pull/97543), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Apps, Cloud Provider and Network]
+ 
+## Changes by Kind
+
+### Deprecation
+
+- Deprecate the `topologyKeys` field in Service. This capability will be replaced with upcoming work around Topology Aware Subsetting and Service Internal Traffic Policy. ([#96736](https://github.com/kubernetes/kubernetes/pull/96736), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps]
+- Kubeadm: deprecated command "alpha selfhosting pivot" is now removed. ([#97627](https://github.com/kubernetes/kubernetes/pull/97627), [@knight42](https://github.com/knight42))
+- Kubeadm: graduate the command `kubeadm alpha kubeconfig user` to `kubeadm kubeconfig user`. The `kubeadm alpha kubeconfig user` command is deprecated now. ([#97583](https://github.com/kubernetes/kubernetes/pull/97583), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle]
+- Kubeadm: the "kubeadm alpha certs" command is removed now, please use "kubeadm certs" instead. ([#97706](https://github.com/kubernetes/kubernetes/pull/97706), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle]
+- Remove deprecated --cleanup-ipvs flag of kube-proxy, and make --cleanup flag always to flush IPVS ([#97336](https://github.com/kubernetes/kubernetes/pull/97336), [@maaoBit](https://github.com/maaoBit)) [SIG Network]
+- Remove deprecated mixed procotol annotation on Azure provider. Use `MixedProtocolLBService` instead. ([#97096](https://github.com/kubernetes/kubernetes/pull/97096), [@nilo19](https://github.com/nilo19))
+- Remove the deprecated metrics "scheduling_algorithm_preemption_evaluation_seconds" and "binding_duration_seconds", suggest to use "scheduler_framework_extension_point_duration_seconds" instead. ([#96447](https://github.com/kubernetes/kubernetes/pull/96447), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle, Instrumentation, Scheduling and Testing]
+- The PodSecurityPolicy API is deprecated in 1.21, and will no longer be served starting in 1.25. ([#97171](https://github.com/kubernetes/kubernetes/pull/97171), [@deads2k](https://github.com/deads2k)) [SIG Auth and CLI]
+- TokenRequest and TokenRequestProjection feature gates are now unconditionally enabled. ([#97148](https://github.com/kubernetes/kubernetes/pull/97148), [@wawa0210](https://github.com/wawa0210))
+
+### API Change
+
+- Change the APIVersion proto name of BoundObjectRef from aPIVersion to apiVersion. ([#97379](https://github.com/kubernetes/kubernetes/pull/97379), [@kebe7jun](https://github.com/kebe7jun)) [SIG Auth]
+- Enable SPDY pings to keep connections alive, so that `kubectl exec` and `kubectl portforward` won't be interrupted. ([#97083](https://github.com/kubernetes/kubernetes/pull/97083), [@knight42](https://github.com/knight42)) [SIG API Machinery and CLI]
+- Promote Immutable Secrets/ConfigMaps feature to Stable.
+  This allows to set `Immutable` field in Secrets or ConfigMap object to mark their contents as immutable. ([#97615](https://github.com/kubernetes/kubernetes/pull/97615), [@wojtek-t](https://github.com/wojtek-t)) [SIG Apps, Architecture, Node and Testing]
+
+### Feature
+
+- Add flag --lease-max-object-size and metric etcd_lease_object_counts for kube-apiserver to config and observe max objects attached to a single etcd lease. ([#97480](https://github.com/kubernetes/kubernetes/pull/97480), [@lingsamuel](https://github.com/lingsamuel)) [SIG API Machinery, Instrumentation and Scalability]
+- Add flag --lease-reuse-duration-seconds for kube-apiserver to config etcd lease reuse duration. ([#97009](https://github.com/kubernetes/kubernetes/pull/97009), [@lingsamuel](https://github.com/lingsamuel)) [SIG API Machinery and Scalability]
+- Adds the ability to pass --strict-transport-security-directives to the kube-apiserver to set the HSTS header appropriately.  Be sure you understand the consequences to browsers before setting this field. ([#96502](https://github.com/kubernetes/kubernetes/pull/96502), [@249043822](https://github.com/249043822)) [SIG Auth]
+- Kubeadm now includes CoreDNS v1.8.0. ([#96429](https://github.com/kubernetes/kubernetes/pull/96429), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle]
+- Kubeadm: add support for certificate chain validation. When using kubeadm in external CA mode, this allows an intermediate CA to be used to sign the certificates. The intermediate CA certificate must be appended to each signed certificate for this to work correctly. ([#97266](https://github.com/kubernetes/kubernetes/pull/97266), [@robbiemcmichael](https://github.com/robbiemcmichael)) [SIG Cluster Lifecycle]
+- Kubeadm: amend the node kernel validation to treat CGROUP_PIDS, FAIR_GROUP_SCHED as required and CFS_BANDWIDTH, CGROUP_HUGETLB as optional ([#96378](https://github.com/kubernetes/kubernetes/pull/96378), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Node]
+- The Kubernetes pause image manifest list now contains an image for Windows Server 20H2. ([#97322](https://github.com/kubernetes/kubernetes/pull/97322), [@claudiubelu](https://github.com/claudiubelu)) [SIG Windows]
+- The apimachinery util/net function used to detect the bind address `ResolveBindAddress()`
+  takes into consideration global ip addresses on loopback interfaces when:
+      - the host has default routes
+      - there are no global IPs on those interfaces.
+  in order to support more complex network scenarios like BGP Unnumbered RFC 5549 ([#95790](https://github.com/kubernetes/kubernetes/pull/95790), [@aojea](https://github.com/aojea)) [SIG Network]
+
+### Documentation
+
+- Official support to build kubernetes with docker-machine / remote docker is removed. This change does not affect building kubernetes with docker locally. ([#97935](https://github.com/kubernetes/kubernetes/pull/97935), [@adeniyistephen](https://github.com/adeniyistephen)) [SIG Release and Testing]
+
+### Bug or Regression
+
+- AcceleratorStats will be available in the Summary API of kubelet when cri_stats_provider is used. ([#96873](https://github.com/kubernetes/kubernetes/pull/96873), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node]
+- Add limited lines to log on `--tail` option ([#93920](https://github.com/kubernetes/kubernetes/pull/93920), [@zhouya0](https://github.com/zhouya0))
+- Avoid systemd-logind loading configuration warning ([#97950](https://github.com/kubernetes/kubernetes/pull/97950), [@wzshiming](https://github.com/wzshiming)) [SIG Node]
+- Cloud-controller-manager: routes controller should not depend on --allocate-node-cidrs ([#97029](https://github.com/kubernetes/kubernetes/pull/97029), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cloud Provider and Testing]
+- Cluster Autoscaler version bump to v1.20.0 ([#97011](https://github.com/kubernetes/kubernetes/pull/97011), [@towca](https://github.com/towca))
+- Ensure all vSphere nodes are are tracked by volume attach-detach controller ([#96689](https://github.com/kubernetes/kubernetes/pull/96689), [@gnufied](https://github.com/gnufied))
+- Ensure empty string annotations are copied over in rollbacks. ([#94858](https://github.com/kubernetes/kubernetes/pull/94858), [@waynepeking348](https://github.com/waynepeking348))
+- Fix Azure file share not deleted issue when the namespace is deleted ([#97417](https://github.com/kubernetes/kubernetes/pull/97417), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
+- Fix CSI-migrated inline EBS volumes failing to mount if their volumeID is prefixed by aws:// ([#96821](https://github.com/kubernetes/kubernetes/pull/96821), [@wongma7](https://github.com/wongma7)) [SIG Storage]
+- Fix CVE-2020-8555 for Gluster client connections. ([#97922](https://github.com/kubernetes/kubernetes/pull/97922), [@liggitt](https://github.com/liggitt)) [SIG Storage]
+- Fix counting error in service/nodeport/loadbalancer quota check ([#97451](https://github.com/kubernetes/kubernetes/pull/97451), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Network and Testing]
+- Fix kubectl label error when local=true is set ([#97440](https://github.com/kubernetes/kubernetes/pull/97440), [@pandaamanda](https://github.com/pandaamanda)) [SIG CLI]
+- Fix kubectl-convert failure on using known apiVersion. ([#97754](https://github.com/kubernetes/kubernetes/pull/97754), [@wzshiming](https://github.com/wzshiming))
+- Fix missing cadvisor machine metrics. ([#97006](https://github.com/kubernetes/kubernetes/pull/97006), [@lingsamuel](https://github.com/lingsamuel)) [SIG Node]
+- Fix nil VMSS name when setting service to auto mode ([#97366](https://github.com/kubernetes/kubernetes/pull/97366), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider]
+- Fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable ([#95269](https://github.com/kubernetes/kubernetes/pull/95269), [@SataQiu](https://github.com/SataQiu)) [SIG Node]
+- Fix the regression with the slow pods termination. Before this fix pods may take an additional time to terminate - up to one minute. Reversing the change that ensured that CNI resources cleaned up when the pod is removed on API server. ([#97980](https://github.com/kubernetes/kubernetes/pull/97980), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Node]
+- Fix to recover CSI volumes from certain dangling attachments ([#96617](https://github.com/kubernetes/kubernetes/pull/96617), [@yuga711](https://github.com/yuga711)) [SIG Apps and Storage]
+- Fix: azure file latency issue for metadata-heavy workloads ([#97082](https://github.com/kubernetes/kubernetes/pull/97082), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
+- Fixed Cinder volume IDs on OpenStack Train ([#96673](https://github.com/kubernetes/kubernetes/pull/96673), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider]
+- Fixed FibreChannel volume plugin corrupting filesystems on detach of multipath volumes. ([#97013](https://github.com/kubernetes/kubernetes/pull/97013), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
+- Fixed a bug in kubelet that will saturate CPU utilization after containerd got restarted. ([#97174](https://github.com/kubernetes/kubernetes/pull/97174), [@hanlins](https://github.com/hanlins)) [SIG Node]
+- Fixed bug in CPUManager with race on container map access ([#97427](https://github.com/kubernetes/kubernetes/pull/97427), [@klueska](https://github.com/klueska)) [SIG Node]
+- Fixed cleanup of block devices when /var/lib/kubelet is a symlink. ([#96889](https://github.com/kubernetes/kubernetes/pull/96889), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
+- Fixing a bug where a failed node may not have the NoExecute taint set correctly ([#96876](https://github.com/kubernetes/kubernetes/pull/96876), [@howieyuen](https://github.com/howieyuen)) [SIG Apps and Node]
+- GCE Internal LoadBalancer sync loop will now release the ILB IP address upon sync failure. An error in ILB forwarding rule creation will no longer leak IP addresses. ([#97740](https://github.com/kubernetes/kubernetes/pull/97740), [@prameshj](https://github.com/prameshj)) [SIG Cloud Provider and Network]
+- Ignore update pod with no new images in alwaysPullImages admission controller ([#96668](https://github.com/kubernetes/kubernetes/pull/96668), [@pacoxu](https://github.com/pacoxu)) [SIG Apps, Auth and Node]
+- Kubeadm installs etcd v3.4.13 when creating cluster v1.19 ([#97244](https://github.com/kubernetes/kubernetes/pull/97244), [@pacoxu](https://github.com/pacoxu))
+- Kubeadm: avoid detection of the container runtime for commands that do not need it ([#97625](https://github.com/kubernetes/kubernetes/pull/97625), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle]
+- Kubeadm: fix a bug in the host memory detection code on 32bit Linux platforms ([#97403](https://github.com/kubernetes/kubernetes/pull/97403), [@abelbarrera15](https://github.com/abelbarrera15)) [SIG Cluster Lifecycle]
+- Kubeadm: fix a bug where "kubeadm join" would not properly handle missing names for existing etcd members. ([#97372](https://github.com/kubernetes/kubernetes/pull/97372), [@ihgann](https://github.com/ihgann)) [SIG Cluster Lifecycle]
+- Kubeadm: fix a bug where "kubeadm upgrade" commands can fail if CoreDNS v1.8.0 is installed. ([#97919](https://github.com/kubernetes/kubernetes/pull/97919), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
+- Performance regresssion #97685 has been fixed. ([#97860](https://github.com/kubernetes/kubernetes/pull/97860), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery]
+- Remove deprecated --cleanup-ipvs flag of kube-proxy, and make --cleanup flag always to flush IPVS ([#97336](https://github.com/kubernetes/kubernetes/pull/97336), [@maaoBit](https://github.com/maaoBit)) [SIG Network]
+- Specifying the KUBE_TEST_REPO environment variable when e2e tests are executed will instruct the test infrastructure to load that image from a location within the specified repo, using a predefined pattern. ([#93510](https://github.com/kubernetes/kubernetes/pull/93510), [@smarterclayton](https://github.com/smarterclayton)) [SIG Testing]
+- The current version of the container image publicly exposed IP serving a /metrics endpoint to the Internet. The new version of the container image serves /metrics endpoint on a different port. ([#97621](https://github.com/kubernetes/kubernetes/pull/97621), [@vbannai](https://github.com/vbannai)) [SIG Cloud Provider]
+- Use force unmount for NFS volumes if regular mount fails after 1 minute timeout ([#96844](https://github.com/kubernetes/kubernetes/pull/96844), [@gnufied](https://github.com/gnufied)) [SIG Storage]
+- Using exec auth plugins with kubectl no longer results in warnings about constructing many client instances from the same exec auth config. ([#97857](https://github.com/kubernetes/kubernetes/pull/97857), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Auth]
+- Warning about using a deprecated volume plugin is logged only once. ([#96751](https://github.com/kubernetes/kubernetes/pull/96751), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
+
+### Other (Cleanup or Flake)
+
+- Bump github.com/Azure/go-autorest/autorest to v0.11.12 ([#97033](https://github.com/kubernetes/kubernetes/pull/97033), [@patrickshan](https://github.com/patrickshan)) [SIG API Machinery, CLI, Cloud Provider and Cluster Lifecycle]
+- Kube-proxy: Traffic from the cluster directed to ExternalIPs is always send directly to the Service. ([#96296](https://github.com/kubernetes/kubernetes/pull/96296), [@aojea](https://github.com/aojea)) [SIG Network and Testing]
+- Kubeadm: change the default image repository for CI images from 'gcr.io/kubernetes-ci-images' to 'gcr.io/k8s-staging-ci-images' ([#97087](https://github.com/kubernetes/kubernetes/pull/97087), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
+- Kubeadm: fix a whitespace issue in the output of the "kubeadm join" command shown as the output of "kubeadm init" and "kubeadm token create --print-join-command" ([#97413](https://github.com/kubernetes/kubernetes/pull/97413), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
+- Kubeadm: improve the error messaging when the user provides an invalid discovery token CA certificate hash. ([#97290](https://github.com/kubernetes/kubernetes/pull/97290), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
+- Migrate log messages in pkg/scheduler/{scheduler.go,factory.go} to structured logging ([#97509](https://github.com/kubernetes/kubernetes/pull/97509), [@aldudko](https://github.com/aldudko)) [SIG Scheduling]
+- Migrate proxy/iptables/proxier.go logs to structured logging ([#97678](https://github.com/kubernetes/kubernetes/pull/97678), [@JornShen](https://github.com/JornShen)) [SIG Network]
+- Migrate some scheduler log messages to structured logging ([#97349](https://github.com/kubernetes/kubernetes/pull/97349), [@aldudko](https://github.com/aldudko)) [SIG Scheduling]
+- NetworkPolicy validation framework optimizations for rapidly verifying CNIs work correctly across several pods and namespaces ([#91592](https://github.com/kubernetes/kubernetes/pull/91592), [@jayunit100](https://github.com/jayunit100))
+- Remove deprecated mixed procotol annotation on Azure provider. Use `MixedProtocolLBService` instead. ([#97096](https://github.com/kubernetes/kubernetes/pull/97096), [@nilo19](https://github.com/nilo19))
+- Scheduler plugin validation now provides all errors detected instead of the first one. ([#96745](https://github.com/kubernetes/kubernetes/pull/96745), [@lingsamuel](https://github.com/lingsamuel)) [SIG Node, Scheduling and Testing]
+- Storage related e2e testsuite redesign & cleanup ([#96573](https://github.com/kubernetes/kubernetes/pull/96573), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Storage and Testing]
+- The OIDC authenticator no longer waits 10 seconds before attempting to fetch the metadata required to verify tokens. ([#97693](https://github.com/kubernetes/kubernetes/pull/97693), [@enj](https://github.com/enj)) [SIG API Machinery and Auth]
+- The `AttachVolumeLimit` feature gate (GA since v1.17) has been removed and now unconditionally enabled. ([#96539](https://github.com/kubernetes/kubernetes/pull/96539), [@ialidzhikov](https://github.com/ialidzhikov))
+- The `CSINodeInfo` feature gate that is GA since v1.17 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#96561](https://github.com/kubernetes/kubernetes/pull/96561), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Apps, Auth, Scheduling, Storage and Testing]
+- The deprecated feature gates `RotateKubeletClientCertificate`, `AttachVolumeLimit`, `VolumePVCDataSource` and `EvenPodsSpread` are now unconditionally enabled and can no longer be specified in component invocations. ([#97306](https://github.com/kubernetes/kubernetes/pull/97306), [@gavinfish](https://github.com/gavinfish)) [SIG Node, Scheduling and Storage]
+- Update cri-tools to [v1.20.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.20.0) ([#97967](https://github.com/kubernetes/kubernetes/pull/97967), [@rajibmitra](https://github.com/rajibmitra)) [SIG Cloud Provider]
+
+### Uncategorized
+
+- Adding Brazilian Portuguese translation for kubectl ([#61595](https://github.com/kubernetes/kubernetes/pull/61595), [@cpanato](https://github.com/cpanato)) [SIG CLI]
+
+## Dependencies
+
+### Added
+_Nothing has changed._
+
+### Changed
+- github.com/Azure/go-autorest/autorest: [v0.11.1 → v0.11.12](https://github.com/Azure/go-autorest/autorest/compare/v0.11.1...v0.11.12)
+- github.com/coredns/corefile-migration: [v1.0.10 → v1.0.11](https://github.com/coredns/corefile-migration/compare/v1.0.10...v1.0.11)
+- github.com/golang/mock: [v1.4.1 → v1.4.4](https://github.com/golang/mock/compare/v1.4.1...v1.4.4)
+- github.com/google/cadvisor: [v0.38.5 → v0.38.6](https://github.com/google/cadvisor/compare/v0.38.5...v0.38.6)
+- github.com/heketi/heketi: [c2e2a4a → v10.2.0+incompatible](https://github.com/heketi/heketi/compare/c2e2a4a...v10.2.0)
+- github.com/miekg/dns: [v1.1.4 → v1.1.35](https://github.com/miekg/dns/compare/v1.1.4...v1.1.35)
+- k8s.io/system-validators: v1.2.0 → v1.3.0
+
+### Removed
+- rsc.io/quote/v3: v3.1.0
+- rsc.io/sampler: v1.3.0
diff --git a/releases/release-1.21/release-notes/maps/pr-91592-map.yaml b/releases/release-1.21/release-notes/maps/pr-91592-map.yaml
new file mode 100644
index 00000000000..fb37d729b94
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-91592-map.yaml
@@ -0,0 +1,4 @@
+pr: 91592
+releasenote:
+  text: NetworkPolicy validation framework optimizations for rapidly verifying CNIs
+    work correctly across several pods and namespaces
diff --git a/releases/release-1.21/release-notes/maps/pr-92817-map.yaml b/releases/release-1.21/release-notes/maps/pr-92817-map.yaml
new file mode 100644
index 00000000000..6b8116b73b6
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-92817-map.yaml
@@ -0,0 +1,3 @@
+pr: 92817
+releasenote:
+  do_not_publish: true
diff --git a/releases/release-1.21/release-notes/maps/pr-93920-map.yaml b/releases/release-1.21/release-notes/maps/pr-93920-map.yaml
new file mode 100644
index 00000000000..5eedd6fad4c
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-93920-map.yaml
@@ -0,0 +1,3 @@
+pr: 93920
+releasenote:
+  text: Add limited lines to log on `--tail` option
diff --git a/releases/release-1.21/release-notes/maps/pr-94858-map.yaml b/releases/release-1.21/release-notes/maps/pr-94858-map.yaml
new file mode 100644
index 00000000000..dfad86adc13
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-94858-map.yaml
@@ -0,0 +1,3 @@
+pr: 94858
+releasenote:
+  text: Ensure empty string annotations are copied over in rollbacks.
diff --git a/releases/release-1.21/release-notes/maps/pr-96539-map.yaml b/releases/release-1.21/release-notes/maps/pr-96539-map.yaml
new file mode 100644
index 00000000000..b8adc248b1c
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-96539-map.yaml
@@ -0,0 +1,4 @@
+pr: 96539
+releasenote:
+  text: The `AttachVolumeLimit` feature gate (GA since v1.17) has been removed and
+    now unconditionally enabled.
diff --git a/releases/release-1.21/release-notes/maps/pr-96689-map.yaml b/releases/release-1.21/release-notes/maps/pr-96689-map.yaml
new file mode 100644
index 00000000000..13bdc9a3fe3
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-96689-map.yaml
@@ -0,0 +1,3 @@
+pr: 96689
+releasenote:
+  text: Ensure all vSphere nodes are are tracked by volume attach-detach controller
diff --git a/releases/release-1.21/release-notes/maps/pr-97011-map.yaml b/releases/release-1.21/release-notes/maps/pr-97011-map.yaml
new file mode 100644
index 00000000000..c67fbd70d09
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97011-map.yaml
@@ -0,0 +1,3 @@
+pr: 97011
+releasenote:
+  text: Cluster Autoscaler version bump to v1.20.0
diff --git a/releases/release-1.21/release-notes/maps/pr-97096-map.yaml b/releases/release-1.21/release-notes/maps/pr-97096-map.yaml
new file mode 100644
index 00000000000..37201308414
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97096-map.yaml
@@ -0,0 +1,7 @@
+pr: 97096
+releasenote:
+  text: Remove deprecated mixed procotol annotation on Azure provider. Use `MixedProtocolLBService`
+    instead.
+  kinds:
+  - cleanup
+  - deprecation
diff --git a/releases/release-1.21/release-notes/maps/pr-97115-map.yaml b/releases/release-1.21/release-notes/maps/pr-97115-map.yaml
new file mode 100644
index 00000000000..c382825bfee
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97115-map.yaml
@@ -0,0 +1,3 @@
+pr: 97115
+releasenote:
+  do_not_publish: true
diff --git a/releases/release-1.21/release-notes/maps/pr-97148-map.yaml b/releases/release-1.21/release-notes/maps/pr-97148-map.yaml
new file mode 100644
index 00000000000..ba474bbf105
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97148-map.yaml
@@ -0,0 +1,4 @@
+pr: 97148
+releasenote:
+  text: TokenRequest and TokenRequestProjection feature gates are now unconditionally
+    enabled.
diff --git a/releases/release-1.21/release-notes/maps/pr-97244-map.yaml b/releases/release-1.21/release-notes/maps/pr-97244-map.yaml
new file mode 100644
index 00000000000..4d2917c972d
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97244-map.yaml
@@ -0,0 +1,3 @@
+pr: 97244
+releasenote:
+  text: kubeadm installs etcd v3.4.13 when creating cluster v1.19
diff --git a/releases/release-1.21/release-notes/maps/pr-97336-map.yaml b/releases/release-1.21/release-notes/maps/pr-97336-map.yaml
new file mode 100644
index 00000000000..665f71f251c
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97336-map.yaml
@@ -0,0 +1,5 @@
+pr: 97336
+releasenote:
+  kinds:
+  - bug
+  - deprecation
diff --git a/releases/release-1.21/release-notes/maps/pr-97543-map.yaml b/releases/release-1.21/release-notes/maps/pr-97543-map.yaml
new file mode 100644
index 00000000000..bfc9a6fc613
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97543-map.yaml
@@ -0,0 +1,3 @@
+pr: 97543
+releasenote:
+  action_required: true
diff --git a/releases/release-1.21/release-notes/maps/pr-97627-map.yaml b/releases/release-1.21/release-notes/maps/pr-97627-map.yaml
new file mode 100644
index 00000000000..253982e3b44
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97627-map.yaml
@@ -0,0 +1,3 @@
+pr: 97627
+releasenote:
+  text: 'kubeadm: deprecated command "alpha selfhosting pivot" is now removed.'
diff --git a/releases/release-1.21/release-notes/maps/pr-97754-map.yaml b/releases/release-1.21/release-notes/maps/pr-97754-map.yaml
new file mode 100644
index 00000000000..d3f7c195e7e
--- /dev/null
+++ b/releases/release-1.21/release-notes/maps/pr-97754-map.yaml
@@ -0,0 +1,3 @@
+pr: 97754
+releasenote:
+  text: Fix kubectl-convert failure on using known apiVersion.
diff --git a/releases/release-1.21/release-notes/sessions/maps-1611085134.json b/releases/release-1.21/release-notes/sessions/maps-1611085134.json
new file mode 100644
index 00000000000..853734dd47a
--- /dev/null
+++ b/releases/release-1.21/release-notes/sessions/maps-1611085134.json
@@ -0,0 +1 @@
+{"mail":"wilsonehusin@gmail.com","name":"Wilson E. Husin","date":1611085134,"prs":[{"nr":96751,"hash":"eb8b7f259a961bdd3fe2f4e8b0be4f295026b77b"},{"nr":97615,"hash":"cfe3378601412ba7456362a292b3060fb54f816a"},{"nr":91592,"hash":"79393e1e35462ef88578356630b71a7261352d97"},{"nr":97244,"hash":"ec8243dd97630169404c1a2d32923d4e7180a6d4"},{"nr":93920,"hash":"f59999be9e06baa5a4c9f84b19b49140c7421d3d"},{"nr":97087,"hash":"aa0a5d1a011bf541ca9e97fa450b9450569f254a"},{"nr":92938,"hash":"1384df18733594691f5982e2211989367e2b4c2d"},{"nr":92817,"hash":"2bf32f3a9f6613cbc0a4e75fbb99ccd68eb23e3b"},{"nr":97754,"hash":"112db9fd13b1a1a69754589b0fc3339dda70d230"},{"nr":97922,"hash":"ed79a2e69a3061becc769931060f76208984051e"},{"nr":97115,"hash":"f27d50ce5cb18f0eb997db1a7b0875ac5d586675"},{"nr":97096,"hash":"5c35e67e0d6fdbbf03f0e9cf02d582a39786eda3"},{"nr":97029,"hash":"c6aa948a7f1c526001ca30e2c5861c73e7a950eb"},{"nr":97693,"hash":"6c9c3e0f5924d152af3644c4f215ce27ad21b52b"},{"nr":97980,"hash":"1da78839155e65673030b2a85fe03dfd51797451"},{"nr":97336,"hash":"5acf0de4ea71fdd320f47839d2b501ae6014d9dc"},{"nr":97322,"hash":"7d24e8bb1d05c2b6b8557d69ab83f41fc56c8836"},{"nr":97379,"hash":"08a38d99114509f09d79db9dc81842853e915e8e"},{"nr":97290,"hash":"03452d9ed48d629bd49f21dc75392dc0752abd09"},{"nr":96844,"hash":"60c1ff4a774f783e32800842850307d420c0492a"},{"nr":61595,"hash":"51afeaec5352f7834f67b394b2b8bca761794736"},{"nr":96429,"hash":"13ca44bc6b9719ff13a05ddd717377bdbb866757"},{"nr":97950,"hash":"5291afdc03792e183bc07e0b65546ba0e79c8d38"},{"nr":96821,"hash":"fb387c8d53d3ea2f42ab048016cc281423edb3de"},{"nr":97306,"hash":"9489a0c26078f98984c6057da5b3103f86a51f0a"},{"nr":96673,"hash":"c95b947d98ea4427e0cd2a35bd699795e5257c28"},{"nr":97082,"hash":"1ac55c41df45034df9ca1e636d8e7eeaf2107cc2"},{"nr":96502,"hash":"25fc3d4e0bcce536cd9f604a7262d0791f724279"},{"nr":96736,"hash":"99e8967a3f9d8aed11739b9ec3b0466f1f5be53d"},{"nr":97678,"hash":"c85fd5f4f8b38f03a0e761f6028af8eeb6f444ad"},{"nr":97627,"hash":"828215c847bea4335e470edf1a1582e9f02187f0"},{"nr":96873,"hash":"ee230c662151c4ba4d03403c48653bda4410ccd1"},{"nr":97011,"hash":"586427f8260d9f8dc3ffb70b2aa791b61a6878f4"},{"nr":97006,"hash":"c9f83476e7758054074565a1e9a0221c2bb0ae7e"},{"nr":97919,"hash":"e6b3939742142732c581faf917c2adc9ff567549"},{"nr":97266,"hash":"2ef1f28bfd1e93cd714eaec457bd63a896a12cac"},{"nr":97413,"hash":"06658a91a68a213907ac2114f8a0b1c5f7f262b3"},{"nr":96668,"hash":"196561220b3e64775b8159843b2c3803f9e54085"},{"nr":97174,"hash":"e7e48fdb9be8d8675d2d75a071cd6682f6aedcb6"},{"nr":97740,"hash":"3fe761e639dcf97bd65cf8ee2ca528e3628af4d3"},{"nr":97583,"hash":"f989c054e2d6381372facf0f4522455d2a417f8d"},{"nr":95269,"hash":"e84b9e25e7016cecddb425b2fec7052c37bc80cd"},{"nr":96378,"hash":"69123b5b3c558833af958fe6c6cf75c584cc8bf5"},{"nr":97083,"hash":"bb6c3d6862ffeb44c07d78d4fa9acbeca3ac81df"},{"nr":96561,"hash":"f31f6b50639d7c77cabe7ef158af6d5231a16740"},{"nr":97427,"hash":"fd22c40f4676e9dda77c1570a538ea1f00f7f6e1"},{"nr":97440,"hash":"d40b35293c94bf59a3cea9476969a14239396b61"},{"nr":95790,"hash":"539ab8ac9e9df1e58c910f8a6915028d5fc56cbd"},{"nr":97417,"hash":"a819b44138fefa6b828919d03c077c48d5a0a13f"},{"nr":96573,"hash":"5b16f72ebd99d94e438693a1abadd95570a64531"},{"nr":97009,"hash":"56b4d77d47edf946c180d8424d4792024a55007c"},{"nr":97621,"hash":"9b8ff3563b706cb9588fa1c8e65f3b9ca134f7e5"},{"nr":97625,"hash":"708db2cc3bea3b9217f10fb92f863044b834359e"},{"nr":97171,"hash":"485d7f376d365eefdac83f121d9dca646d1c62d1"},{"nr":96889,"hash":"4f07104a8e0b4102577cf0bf4e3724109647dce1"},{"nr":97509,"hash":"7713fe234bd6cdf5550c15cc94f885de4890eddd"},{"nr":96689,"hash":"9b19130b144263fadd97340f6cf531ce38af7e99"},{"nr":96745,"hash":"d8bc4fa632a4d75d5488404446b4e4b558c0858a"},{"nr":97480,"hash":"8ee98dec1bea65b02a8376dbfea067facbbd6e32"},{"nr":97860,"hash":"ddce2b123f9684fc4b9f883c52411eda36f8d6f1"},{"nr":97349,"hash":"79751cd4898b8d4a5e3dbda35196731928fa5192"},{"nr":93510,"hash":"8bbf2fb4285c9d9d17084aa8b18dcee0ff74a958"},{"nr":97148,"hash":"23fce77164011a15f0d5b8adc88dab545801d5e1"},{"nr":97706,"hash":"65bbe20eba1483f980becb9587b041c6d175019f"},{"nr":96539,"hash":"004d87594fddc15a40ac6ed6a7258d9be9b2f124"},{"nr":96447,"hash":"60cf72156887d84a4477595e95620ad851f067fd"},{"nr":94858,"hash":"31c4123543ecb21d2bacb3aa6b18553a339cffed"},{"nr":97967,"hash":"866ea08231f06d1885a211194960e7cfd4e1054f"},{"nr":97366,"hash":"17d9de349f2c9670514c56fab5c372bc9de7abec"},{"nr":97033,"hash":"02e126628a95c9b52f4d098a35dc9be349ea2392"},{"nr":97372,"hash":"f1373aeca419d44cc2ca3b4cd8e492e0046c63a3"},{"nr":97013,"hash":"115ee9ad51c1aa302566cbcb98e149adf1fc0cbb"},{"nr":96876,"hash":"b43aebb636cc5e20a71aef14291e6f73f00c4874"},{"nr":97403,"hash":"1b86a7c68c1e051ceed64613f97242fff51c1dbb"},{"nr":96617,"hash":"032bb7eaecde342b3ceb0e32ac4d35a1f647f40a"},{"nr":97857,"hash":"05384fb03bf13c464272245abf110c102d0936ca"},{"nr":97451,"hash":"d36b1f8f90bb793818454aadbb12b2a8239690fd"},{"nr":97543,"hash":"a1496c5fd344abecd58d1ab96dc9d2bccc32a6ca"},{"nr":96296,"hash":"fe8177a26f3d6117b3a8671f00e085e916a7e25d"},{"nr":97935,"hash":"df9ea412a7ec4d759949c732983ce94bdc4e9f3d"}]}
\ No newline at end of file