* Reduce time needed to attach Azure disks ([#40066](https://github.com/kubernetes/kubernetes/pull/40066), [@codablock](https://github.com/codablock))
* Fixes request header authenticator by presenting the request header client CA so that the front proxy will authenticate using its client certificate. ([#40301](https://github.com/kubernetes/kubernetes/pull/40301), [@deads2k](https://github.com/deads2k))

        code = 401,
        headers = headersOf("WWW-Authenticate", "Basic realm=\"protected area\""),
        body = "Please authenticate.",
      ),
    )
    server.enqueue(
      MockResponse(body = "Authenticated!"),
    )
    java.net.Authenticator.setDefault(RecordingAuthenticator())
    client =
      client
        .newBuilder()
        .authenticator(JavaNetAuthenticator())
        .build()

* Bump GCI to gci-beta-56-9000-80-0 ([#41027](https://github.com/kubernetes/kubernetes/pull/41027), [@dchen1107](https://github.com/dchen1107))
* Move b.gcr.io/k8s_authenticated_test to gcr.io/k8s-authenticated-test ([#40335](https://github.com/kubernetes/kubernetes/pull/40335), [@zmerlynn](https://github.com/zmerlynn))

      client
        .newBuilder()
        .authenticator(authenticator)
        .build()
    executeSynchronously("/")
      .assertCode(401)
    assertThat(authenticator.onlyRoute()).isNotNull()
  }

  @Test
  fun delete() {
    server.enqueue(MockResponse(body = "abc"))
    val request =
      Request
        .Builder()
        .url(server.url("/"))
        .delete()
        .build()

HSPLokhttp3/Address;->equalsNonHost$okhttp(Lokhttp3/Address;)Z
HSPLokhttp3/Address;->hashCode()I
HSPLokhttp3/Authenticator$Companion$AuthenticatorNone;-><init>()V
HSPLokhttp3/Authenticator;-><clinit>()V
HSPLokhttp3/Cache;-><init>(Ljava/io/File;J)V

        .code(responseCode)
        .body("ABCDE")
        .addHeader("WWW-Authenticate: challenge")
    when (responseCode) {
      HttpURLConnection.HTTP_PROXY_AUTH -> {
        builder.addHeader("Proxy-Authenticate: Basic realm=\"protected area\"")
      }

      HttpURLConnection.HTTP_UNAUTHORIZED -> {
        builder.addHeader("WWW-Authenticate: Basic realm=\"protected area\"")
      }

                     * is like changing the rug out from underneath our feet.
                     */
                    /* Technically we should also try to authenticate here but that means doing the session setup and tree connect separately. For now a simple connect will at least tell us if the host is alive. That should be sufficient for 99% of the cases. We can revisit this again for 2.0.