* The deprecated kubelet --configure-cbr0 flag has been removed, and with that the "classic" networking mode as well.  If you depend on this mode, please investigate whether the other network plugins `kubenet` or `cni` meet your needs. ([#34906](https://github.com/kubernetes/kubernetes/pull/34906), [@luxas](https://github.com/luxas))

&2r,a&-&si,ton-si,?ted,?doog-a-si,e&erf-korgn,nilnigol,?gnigats-oned,h&cetaidem,sadtob,?k&catslluf-a-si,orgn,?l&e&crev,nap,?ooc-si,?nsrh,oned,p&l:.&ipa,stcejbo,?,pa-rettalp,?r&ddaym,eyalplacol,?s&egap,r&ahc21,e&krow,niatnocnur,???t&i&lper:.&arik,d&eer,i,racip,?e&kip,saelererp,?frow,gnigats,k&cops,rik,?labolg,mik,o&do,ksis,?re&hcra,k&c&ah,ut,?ir,??s&enob,irap,maet,?tiprat,ulus,y&awenaj,elsew,ranac,??,mx,?luavreve.yaler,?vresi,weiverpbuhtig,xdom,y&lf,srab,???ih?l!.&di?fnoc?gro?lim?moc?nsa?ten?ude?...

- Support for proxying a request to a peer kube-apiserver if the local apiserver is not able to serve it due to version skew or in the case the requested api is disabled on the local apiserver ([#117740](https://github.com/kubernetes/kubernetes/pull/117740), [@Richabanker](https://github.com/Richabanker))...

*   `conversion-gen` is now usable in a context without a vendored k8s.io/kubernetes. The Kubernetes core API is removed from `default extra-peer-dirs`. ([#54394](https://github.com/kubernetes/kubernetes/pull/54394),[ @sttts](https://github.com/sttts))

a problem where spurious retransmits in a long-running TCP connection to a service
IP could result in the connection being closed with the error "Connection reset by
peer" ([#74840](https://github.com/kubernetes/kubernetes/pull/74840), [@anfernee](https://github.com/anfernee))

KAAK6T,QAAc,OAA0B,IAAjB7T,KAAK6T,QAAgB,IAAM,OACxD,OAGRoB,QAAS,WACL,MACI,WACgB,EAAfjV,KAAK6T,QAAc,OAA0B,IAAjB7T,KAAK6T,QAAgB,IAAM,OACxD,OAGRqB,SAAU,WACN,OAAQlV,KAAKqT,OACT,KAAK,EACD,MACI,uBACgB,EAAfrT,KAAK6T,QACA,OACiB,IAAjB7T,KAAK6T,QACL,IACA,OACN,MAER,QACI,MACI,uBACgB,EAAf7T,KAAK6T,QACA,OACiB,IAAjB7T,KAAK6T,QACL,IACA,OACN,QAIhBsB,SAAU,KAEdQ,aAAc,CACVC,OAAQ,SACRC,KAAM,QACNnI,EAAG,iBACHoI,GAAI,aACJpT,EAAG,YACHqT,GAAI,YACJC,EAAG,SACHC,GAAI,SACJxD,EAAG,YACHyD,GAAI,YACJC,EAAG,gBACHC,GAAI,eACJC,EAAG,...

- If `kubeadm reset` finds no etcd member ID for the peer it removes during the `remove-etcd-member` phase, it continues immediately to other phases, instead of retrying the phase for up to 3 minutes before continuing. ([#117948](https://github.com/kubernetes/kubernetes/pull/117948), [@dlipovetsky](https...

* Adds an approval work flow to the certificate approver that will approve certificate signing requests from kubelets that meet all the criteria of kubelet server certificates. ([#46884](https://github.com/kubernetes/kubernetes/pull/46884), [@jcbsmpsn](https://github.com/jcbsmpsn))

* Adds an approval work flow to the certificate approver that will approve certificate signing requests from kubelets that meet all the criteria of kubelet server certificates. ([#46884](https://github.com/kubernetes/kubernetes/pull/46884), [@jcbsmpsn](https://github.com/jcbsmpsn))

s/kubernetes/pull/57902), [@kawych](https://github.com/kawych))

* On cluster provision or upgrade, kubeadm now generates certs and secures all connections to the etcd static-pod with mTLS. This includes the etcd serving cert, the etcd peer cert, and the apiserver etcd client cert. Flags and hostMounts are added to the etcd and apiserver static-pods to load these certs. For connections to etcd, https is now used in favor of http. ([#57415](https://github.com/kubernetes/kubernetes/pull/57415),...