job controller back-off logic is now decoupled from workqueue. In case of parallelism > 1, if there are multiple new failures in a reconciliation cycle, all the failures are taken into account to compute the back-off. Previously, the back-off kicked in for all types of failures; with this change, only pod failures are taken into account. If the back-off limits exceeds, the job is marked as failed immediately; before this change, the job is marked as failed in the next back-off. ([#114768](https:...

   *       maxPermits is equal to warmupPeriod.
   *   <li>When _used_, the time it takes, as explained in the introductory class note, is equal to
   *       the integral of our function, between X permits and X-K permits, assuming we want to
   *       spend K saved permits.
   * </ol>
   *

    assertThat(response.cacheResponse!!.request.url).isEqualTo(request.url)
  }

  @Test
  fun postWithOverrideResponse() {
    val url = server.url("/abc?token=123")
    val cacheUrlOverride = url.newBuilder().removeAllQueryParameters("token").build()

    val request =
      Request
        .Builder()
        .url(url)
        .method("POST", "XYZ".toRequestBody())

*   Pod preemption has been improved.
    *   Now takes PodDisruptionBudget into account. ([#56178](https://github.com/kubernetes/kubernetes/pull/56178),[ @bsalamat](https://github.com/bsalamat))

 - The default Bootstrap Token created with `kubeadm init` v1.8 expires
 and is deleted after 24 hours by default to limit the exposure of the
 valuable credential. You can create a new Bootstrap Token with
 `kubeadm token create` or make the default token permanently valid by specifying
 `--token-ttl 0` to `kubeadm init`. The default token can later be deleted with
 `kubeadm token delete`.

Shinsuke Sugaya <******@****.***> 1436049991 +0900

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Get the user { #get-the-user }

`get_current_user` will use a (fake) utility function we created, that takes a token as a `str` and returns our Pydantic `User` model:

- kube-apiserver: `--service-account-max-token-expiration` can now be used in combination with an external token signer `--service-account-signing-endpoint`, as long as the `--service-account-max-token-expiration` is not longer than the external token signer's max expiration. ([#129816](https://github.com/kubernetes/kubernetes/pull/129816), [@sambdavidson](https://github.com/sambdavidson)) [SIG...

      while (true) {
        // correctly throws NoSuchElementException when filtered map is empty.
        K key = headMap.lastKey();
        // The cast is safe because the key is taken from the map.
        if (apply(key, uncheckedCastNullableTToT(unfiltered.get(key)))) {
          return key;
        }
        headMap = sortedMap().headMap(key);
      }
    }

    @Override

      while (true) {
        // correctly throws NoSuchElementException when filtered map is empty.
        K key = headMap.lastKey();
        // The cast is safe because the key is taken from the map.
        if (apply(key, uncheckedCastNullableTToT(unfiltered.get(key)))) {
          return key;
        }
        headMap = sortedMap().headMap(key);
      }
    }

    @Override