diff --git a/Makefile b/Makefile
index c01dd24ce5..5f2a7f35a9 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co
 KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2)
 
 # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions
-ISO_VERSION ?= v1.16.0-snapshot1
+ISO_VERSION ?= v1.16.0-snapshot4
 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta
 DEB_VERSION ?= $(subst -,~,$(RAW_VERSION))
 RPM_VERSION ?= $(DEB_VERSION)
diff --git a/cmd/minikube/cmd/config/config.go b/cmd/minikube/cmd/config/config.go
index 5869c1d175..7c650c3dc9 100644
--- a/cmd/minikube/cmd/config/config.go
+++ b/cmd/minikube/cmd/config/config.go
@@ -181,7 +181,7 @@ var settings = []Setting{
 var ConfigCmd = &cobra.Command{
 	Use:   "config SUBCOMMAND [flags]",
 	Short: "Modify persistent configuration values",
-	Long: `config modifies minikube config files using subcommands like "minikube config set driver kvm"
+	Long: `config modifies minikube config files using subcommands like "minikube config set driver kvm2"
 Configurable fields: ` + "\n\n" + configurableFields(),
 	Run: func(cmd *cobra.Command, args []string) {
 		if err := cmd.Help(); err != nil {
diff --git a/cmd/minikube/cmd/start_flags.go b/cmd/minikube/cmd/start_flags.go
index d5e7276c0c..3237156881 100644
--- a/cmd/minikube/cmd/start_flags.go
+++ b/cmd/minikube/cmd/start_flags.go
@@ -138,7 +138,7 @@ func initMinikubeFlags() {
 	startCmd.Flags().String(containerRuntime, "docker", fmt.Sprintf("The container runtime to be used (%s).", strings.Join(cruntime.ValidRuntimes(), ", ")))
 	startCmd.Flags().Bool(createMount, false, "This will start the mount daemon and automatically mount files into minikube.")
 	startCmd.Flags().String(mountString, constants.DefaultMountDir+":/minikube-host", "The argument to pass the minikube mount command on start.")
-	startCmd.Flags().StringArrayVar(&config.AddonList, "addons", nil, "Enable addons. see `minikube addons list` for a list of valid addon names.")
+	startCmd.Flags().StringSliceVar(&config.AddonList, "addons", nil, "Enable addons. see `minikube addons list` for a list of valid addon names.")
 	startCmd.Flags().String(criSocket, "", "The cri socket path to be used.")
 	startCmd.Flags().String(networkPlugin, "", "Kubelet network plug-in to use (default: auto)")
 	startCmd.Flags().Bool(enableDefaultCNI, false, "DEPRECATED: Replaced by --cni=bridge")
diff --git a/deploy/iso/minikube-iso/package/automount/minikube-automount b/deploy/iso/minikube-iso/package/automount/minikube-automount
index f1a8484bee..478280ec15 100755
--- a/deploy/iso/minikube-iso/package/automount/minikube-automount
+++ b/deploy/iso/minikube-iso/package/automount/minikube-automount
@@ -105,6 +105,10 @@ if [ -n "$BOOT2DOCKER_DATA" ]; then
     mkdir -p /var/lib/containerd
     mount --bind /mnt/$PARTNAME/var/lib/containerd /var/lib/containerd
 
+    mkdir -p /mnt/$PARTNAME/var/lib/buildkit
+    mkdir -p /var/lib/buildkit
+    mount --bind /mnt/$PARTNAME/var/lib/buildkit /var/lib/buildkit
+
     mkdir -p /mnt/$PARTNAME/var/lib/containers
     mkdir -p /var/lib/containers
     mount --bind /mnt/$PARTNAME/var/lib/containers /var/lib/containers
diff --git a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash
index bfc3e3ad46..e658bb8341 100644
--- a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash
+++ b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash
@@ -1 +1,2 @@
 sha256 33bcaa49b31bc3a277ac75d32fce3f5442d39f53a1799b8624e985279b579f74  buildkit-v0.7.2.linux-amd64.tar.gz
+sha256 28005748fae926edf8c93b7cb1df53ec49df65dec67105b94e7fb9c513fa78a4  buildkit-v0.8.0.linux-amd64.tar.gz
diff --git a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk
index 78f7f7ea38..639c0bf281 100644
--- a/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk
+++ b/deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk
@@ -4,17 +4,24 @@
 #
 ################################################################################
 
-BUILDKIT_BIN_VERSION = v0.7.2
+BUILDKIT_BIN_VERSION = v0.8.0
+BUILDKIT_BIN_COMMIT = 73fe4736135645a342abc7b587bba0994cccf0f9
 BUILDKIT_BIN_SITE = https://github.com/moby/buildkit/releases/download/$(BUILDKIT_BIN_VERSION)
 BUILDKIT_BIN_SOURCE = buildkit-$(BUILDKIT_BIN_VERSION).linux-amd64.tar.gz
 
+# https://github.com/opencontainers/runc.git
+BUILDKIT_RUNC_VERSION = 939ad4e3fcfa1ab531458355a73688c6f4ee5003
+
 define BUILDKIT_BIN_INSTALL_TARGET_CMDS
 	$(INSTALL) -D -m 0755 \
 		$(@D)/buildctl \
-		$(TARGET_DIR)/usr/bin/buildctl
+		$(TARGET_DIR)/usr/bin
+	$(INSTALL) -D -m 0755 \
+		$(@D)/buildkit-runc \
+		$(TARGET_DIR)/usr/sbin
 	$(INSTALL) -D -m 0755 \
 		$(@D)/buildkitd \
-		$(TARGET_DIR)/usr/sbin/buildkitd
+		$(TARGET_DIR)/usr/sbin
 endef
 
 $(eval $(generic-package))
diff --git a/deploy/kicbase/Dockerfile b/deploy/kicbase/Dockerfile
index 77fd2c3ee7..45cd7e2e92 100644
--- a/deploy/kicbase/Dockerfile
+++ b/deploy/kicbase/Dockerfile
@@ -21,7 +21,7 @@
 # for a kubernetes node image, it doesn't contain much we don't need
 FROM ubuntu:focal-20201106
 
-ARG BUILDKIT_VERSION="v0.7.2"
+ARG BUILDKIT_VERSION="v0.8.0"
 
 # copy in static files (configs, scripts)
 COPY 10-network-security.conf /etc/sysctl.d/10-network-security.conf
diff --git a/hack/release_notes.sh b/hack/release_notes.sh
index dabfc67153..8933f3475c 100755
--- a/hack/release_notes.sh
+++ b/hack/release_notes.sh
@@ -39,5 +39,6 @@ recent=$(git describe --abbrev=0)
 
 "${DIR}/release-notes" kubernetes minikube --since $recent
 
-echo "Thank you to our contributors for this release! "
+echo "Thank you to our contributors for this release!"
+echo ""
 git log "$recent".. --format="%aN" --reverse | sort | uniq | awk '{printf "- %s\n", $0 }'
diff --git a/pkg/drivers/kic/kic.go b/pkg/drivers/kic/kic.go
index 79f8da9245..a653ca36e6 100644
--- a/pkg/drivers/kic/kic.go
+++ b/pkg/drivers/kic/kic.go
@@ -17,9 +17,11 @@ limitations under the License.
 package kic
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"os/exec"
+	"runtime"
 	"strconv"
 	"strings"
 	"sync"
@@ -214,6 +216,33 @@ func (d *Driver) prepareSSH() error {
 		return errors.Wrapf(err, "apply authorized_keys file ownership, output %s", rr.Output())
 	}
 
+	if runtime.GOOS == "windows" {
+		path, _ := exec.LookPath("powershell")
+		ctx, cancel := context.WithTimeout(context.Background(), 8*time.Second)
+		defer cancel()
+
+		klog.Infof("ensuring only current user has permissions to key file located at : %s...", keyPath)
+
+		// Get the SID of the current user
+		currentUserSidCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive", "([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value")
+		currentUserSidOut, currentUserSidErr := currentUserSidCmd.CombinedOutput()
+		if currentUserSidErr != nil {
+			klog.Warningf("unable to determine current user's SID. minikube tunnel may not work.")
+		} else {
+			icaclsArguments := fmt.Sprintf(`"%s" /grant:r *%s:F /inheritancelevel:r`, keyPath, strings.TrimSpace(string(currentUserSidOut)))
+			icaclsCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive", "icacls.exe", icaclsArguments)
+			icaclsCmdOut, icaclsCmdErr := icaclsCmd.CombinedOutput()
+
+			if icaclsCmdErr != nil {
+				return errors.Wrap(icaclsCmdErr, "unable to execute icacls to set permissions")
+			}
+
+			if !strings.Contains(string(icaclsCmdOut), "Successfully processed 1 files; Failed processing 0 files") {
+				klog.Errorf("icacls failed applying permissions - err - [%s], output - [%s]", icaclsCmdErr, strings.TrimSpace(string(icaclsCmdOut)))
+			}
+		}
+	}
+
 	return nil
 }
 
diff --git a/pkg/minikube/cruntime/crio.go b/pkg/minikube/cruntime/crio.go
index 6169ad9107..8483752d86 100644
--- a/pkg/minikube/cruntime/crio.go
+++ b/pkg/minikube/cruntime/crio.go
@@ -109,6 +109,26 @@ func (r *CRIO) Active() bool {
 	return r.Init.Active("crio")
 }
 
+// enableIPForwarding configures IP forwarding, which is handled normally by Docker
+// Context: https://github.com/kubernetes/kubeadm/issues/1062
+func enableIPForwarding(cr CommandRunner) error {
+	// The bridge-netfilter module enables iptables rules to work on Linux bridges
+	// NOTE: br_netfilter isn't available in WSL2, but forwarding works fine there anyways
+	c := exec.Command("sudo", "sysctl", "net.bridge.bridge-nf-call-iptables")
+	if rr, err := cr.RunCmd(c); err != nil {
+		klog.Infof("couldn't verify netfilter by %q which might be okay. error: %v", rr.Command(), err)
+		c = exec.Command("sudo", "modprobe", "br_netfilter")
+		if _, err := cr.RunCmd(c); err != nil {
+			klog.Warningf("%q failed, which may be ok: %v", rr.Command(), err)
+		}
+	}
+	c = exec.Command("sudo", "sh", "-c", "echo 1 > /proc/sys/net/ipv4/ip_forward")
+	if _, err := cr.RunCmd(c); err != nil {
+		return errors.Wrapf(err, "ip_forward")
+	}
+	return nil
+}
+
 // Enable idempotently enables CRIO on a host
 func (r *CRIO) Enable(disOthers, _ bool) error {
 	if disOthers {
diff --git a/pkg/minikube/cruntime/cruntime.go b/pkg/minikube/cruntime/cruntime.go
index 332dc1be4c..b6c67c8a13 100644
--- a/pkg/minikube/cruntime/cruntime.go
+++ b/pkg/minikube/cruntime/cruntime.go
@@ -22,7 +22,6 @@ import (
 	"os/exec"
 
 	"github.com/blang/semver"
-	"github.com/pkg/errors"
 	"k8s.io/klog/v2"
 	"k8s.io/minikube/pkg/minikube/assets"
 	"k8s.io/minikube/pkg/minikube/command"
@@ -210,21 +209,3 @@ func disableOthers(me Manager, cr CommandRunner) error {
 	}
 	return nil
 }
-
-// enableIPForwarding configures IP forwarding, which is handled normally by Docker
-// Context: https://github.com/kubernetes/kubeadm/issues/1062
-func enableIPForwarding(cr CommandRunner) error {
-	c := exec.Command("sudo", "sysctl", "net.bridge.bridge-nf-call-iptables")
-	if rr, err := cr.RunCmd(c); err != nil {
-		klog.Infof("couldn't verify netfilter by %q which might be okay. error: %v", rr.Command(), err)
-		c = exec.Command("sudo", "modprobe", "br_netfilter")
-		if _, err := cr.RunCmd(c); err != nil {
-			return errors.Wrapf(err, "br_netfilter")
-		}
-	}
-	c = exec.Command("sudo", "sh", "-c", "echo 1 > /proc/sys/net/ipv4/ip_forward")
-	if _, err := cr.RunCmd(c); err != nil {
-		return errors.Wrapf(err, "ip_forward")
-	}
-	return nil
-}
diff --git a/pkg/minikube/out/out.go b/pkg/minikube/out/out.go
index df6cadc156..50f09600f5 100644
--- a/pkg/minikube/out/out.go
+++ b/pkg/minikube/out/out.go
@@ -138,6 +138,10 @@ func spinnerString(format string, a ...interface{}) {
 	}
 
 	klog.Infof(format, a...)
+	// if spin is active from a previous step, it will stop spinner displaying
+	if spin.Active() {
+		spin.Stop()
+	}
 	_, err := fmt.Fprintf(outFile, format, a...)
 	if err != nil {
 		klog.Errorf("Fprintf failed: %v", err)
diff --git a/pkg/minikube/tunnel/kic/ssh_conn.go b/pkg/minikube/tunnel/kic/ssh_conn.go
index d850e92bef..f1d132aea5 100644
--- a/pkg/minikube/tunnel/kic/ssh_conn.go
+++ b/pkg/minikube/tunnel/kic/ssh_conn.go
@@ -19,6 +19,7 @@ package kic
 import (
 	"fmt"
 	"os/exec"
+	"runtime"
 
 	"github.com/phayes/freeport"
 	v1 "k8s.io/api/core/v1"
@@ -39,7 +40,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	sshArgs := []string{
 		// TODO: document the options here
 		"-o", "UserKnownHostsFile=/dev/null",
-		"-o", "StrictHostKeyChecking no",
+		"-o", "StrictHostKeyChecking=no",
 		"-N",
 		"docker@127.0.0.1",
 		"-p", sshPort,
@@ -66,8 +67,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	}
 
 	command := "ssh"
-
-	if askForSudo {
+	if askForSudo && runtime.GOOS != "windows" {
 		out.Step(
 			style.Warning,
 			"The service {{.service}} requires privileged ports to be exposed: {{.ports}}",
@@ -79,7 +79,6 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 		command = "sudo"
 		sshArgs = append([]string{"ssh"}, sshArgs...)
 	}
-
 	cmd := exec.Command(command, sshArgs...)
 
 	return &sshConn{
@@ -94,7 +93,7 @@ func createSSHConnWithRandomPorts(name, sshPort, sshKey string, svc *v1.Service)
 	sshArgs := []string{
 		// TODO: document the options here
 		"-o", "UserKnownHostsFile=/dev/null",
-		"-o", "StrictHostKeyChecking no",
+		"-o", "StrictHostKeyChecking=no",
 		"-N",
 		"docker@127.0.0.1",
 		"-p", sshPort,
diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md
index c4572e0fce..b5bf841feb 100644
--- a/site/content/en/docs/commands/start.md
+++ b/site/content/en/docs/commands/start.md
@@ -64,7 +64,7 @@ minikube start [flags]
       --insecure-registry strings         Insecure Docker registries to pass to the Docker daemon.  The default service CIDR range will automatically be added.
       --install-addons                    If set, install addons. Defaults to true. (default true)
       --interactive                       Allow user prompts for more information (default true)
-      --iso-url strings                   Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube/iso/minikube-v1.16.0-snapshot1.iso,https://github.com/kubernetes/minikube/releases/download/v1.16.0-snapshot1/minikube-v1.16.0-snapshot1.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.16.0-snapshot1.iso])
+      --iso-url strings                   Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube/iso/minikube-v1.16.0-snapshot4.iso,https://github.com/kubernetes/minikube/releases/download/v1.16.0-snapshot4/minikube-v1.16.0-snapshot4.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.16.0-snapshot4.iso])
       --keep-context                      This will keep the existing kubectl context and will create a minikube context.
       --kubernetes-version string         The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.20.0, 'latest' for v1.20.0). Defaults to 'stable'.
       --kvm-gpu                           Enable experimental NVIDIA GPU support in minikube
diff --git a/site/content/en/docs/handbook/persistent_volumes.md b/site/content/en/docs/handbook/persistent_volumes.md
index bb05a7944b..8f4966b5c7 100644
--- a/site/content/en/docs/handbook/persistent_volumes.md
+++ b/site/content/en/docs/handbook/persistent_volumes.md
@@ -18,6 +18,9 @@ minikube is configured to persist files stored under the following directories,
 * `/data`
 * `/var/lib/minikube`
 * `/var/lib/docker`
+* `/var/lib/containerd`
+* `/var/lib/buildkit`
+* `/var/lib/containers`
 * `/tmp/hostpath_pv`
 * `/tmp/hostpath-provisioner`
 
diff --git a/site/content/en/docs/handbook/pushing.md b/site/content/en/docs/handbook/pushing.md
index 0afec3daf1..56a4e0ce23 100644
--- a/site/content/en/docs/handbook/pushing.md
+++ b/site/content/en/docs/handbook/pushing.md
@@ -2,7 +2,7 @@
 title: "Pushing images"
 weight: 5
 description: >
- comparing 5 ways to push your image into a minikiube cluster.
+ comparing 5 ways to push your image into a minikube cluster.
 aliases:
  - /docs/tasks/building
  - /docs/tasks/caching
@@ -31,6 +31,7 @@ Here is a comparison table to help you choose:
 
 ## 1. Pushing directly to the in-cluster Docker daemon (docker-env)
 
+This is similar to podman-env but only for Docker runtime.
 When using a container or VM driver (all drivers except none), you can reuse the Docker daemon inside minikube cluster.
 this means you don't have to build on your host machine and push the image into a docker registry. You can just build inside the same docker daemon as minikube which speeds up local experiments.
 
@@ -137,6 +138,12 @@ You should now be able to use podman client on the command line on your host mac
 podman-remote help
 ```
 
+now you can 'build' against the storage inside minikube. which is instantly accessible to kubernetes cluster.
+
+```shell
+podman-remote build -t my_image .
+```
+
 {{% pageinfo color="info" %}}
 Note: On Linux the remote client is called "podman-remote", while the local program is called "podman".
 {{% /pageinfo %}}
@@ -148,6 +155,12 @@ Note: On Linux the remote client is called "podman-remote", while the local prog
 podman help
 ```
 
+now you can 'build' against the storage inside minikube. which is instantly accessible to kubernetes cluster.
+
+```shell
+podman build -t my_image .
+```
+
 {{% pageinfo color="info" %}}
 Note: On macOS the remote client is called "podman", since there is no local "podman" program available.
 {{% /pageinfo %}}
@@ -155,10 +168,16 @@ Note: On macOS the remote client is called "podman", since there is no local "po
 {{% /mactab %}}
 {{% windowstab %}}
 
+now you can 'build' against the storage inside minikube. which is instantly accessible to kubernetes cluster.
+
 ```shell
 podman help
 ```
 
+```shell
+podman build -t my_image .
+```
+
 {{% pageinfo color="info" %}}
 Note: On Windows the remote client is called "podman", since there is no local "podman" program available.
 {{% /pageinfo %}}
@@ -200,8 +219,10 @@ docker push $(minikube ip):5000/test-img
 
 ## 5. Building images inside of minikube using SSH
 
-Use `minikube ssh` to run commands inside the minikube node, and run the `docker build` directly there.
-Any command you run there will run against the same daemon that kubernetes cluster is using.
+Use `minikube ssh` to run commands inside the minikube node, and run the build command directly there.
+Any command you run there will run against the same daemon / storage that kubernetes cluster is using.
+
+For Docker, use:
 
 ```shell
 docker build
@@ -209,15 +230,24 @@ docker build
 
 For more information on the `docker build` command, read the [Docker documentation](https://docs.docker.com/engine/reference/commandline/build/) (docker.com).
 
-For Podman, use:
+For CRI-O, use:
 
 ```shell
 sudo podman build
 ```
 
-For more information on the `podman build` command, read the [Podman documentation](https://github.com/containers/libpod/blob/master/docs/source/markdown/podman-build.1.md) (podman.io).
+For more information on the `podman build` command, read the [Podman documentation](https://github.com/containers/podman/blob/master/docs/source/markdown/podman-build.1.md) (podman.io).
+
+For Containerd, use:
+
+```shell
+sudo buildctl build
+```
+
+For more information on the `buildctl build` command, read the [Buildkit documentation](https://github.com/moby/buildkit#quick-start) (mobyproject.org).
 
 to exit minikube ssh and come back to your terminal type:
+
 ```shell
 exit
 ```
diff --git a/site/content/en/docs/start/_index.md b/site/content/en/docs/start/_index.md
index 15b7b91882..85f2497263 100644
--- a/site/content/en/docs/start/_index.md
+++ b/site/content/en/docs/start/_index.md
@@ -98,12 +98,22 @@ sudo install minikube-darwin-amd64 /usr/local/bin/minikube
 {{% /mactab %}}
 {{% windowstab %}}
 
-If the [Chocolatey Package Manager](https://chocolatey.org/) is installed, use it to install minikube:
+### Windows Package Manager
+
+If the [Windows Package Manager](https://docs.microsoft.com/en-us/windows/package-manager/) is installed, use the following command to install minikube:
+
+```shell
+winget install minikube
+```
+
+### Chocolatey
+If the [Chocolatey Package Manager](https://chocolatey.org/) is installed, use the following command:
 
 ```shell
 choco install minikube
 ```
 
+### Stand-alone Windows Installer
 Otherwise, download and run the [Windows installer](https://storage.googleapis.com/minikube/releases/latest/minikube-installer.exe)
 
 {{% /windowstab %}}