},
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",
            "version": "v1"
          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",
            "version": "v1alpha1"
          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",

  // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
  // +optional
  optional bool chapAuthDiscovery = 8;

  // chapAuthSession defines whether support iSCSI Session CHAP authentication
  // +optional
  optional bool chapAuthSession = 11;

  // secretRef is the CHAP Secret for iSCSI target and initiator authentication
  // +optional
  optional SecretReference secretRef = 10;

- `system:kube-controller-manager` and `system:kube-scheduler` users are now permitted to perform delegated authentication/authorization checks by default RBAC policy ([#72491](https://github.com/kubernetes/kubernetes/pull/72491), [@liggitt](https://github.com/liggitt))

  - `--address`
  The insecure port flags `--port` may only be set to 0 now.
  
  In addtion, please be careful that:
  - controller-manager MUST start with `--authorization-kubeconfig` and `--authentication-kubeconfig` correctly set to get authentication/authorization working.
  - liveness/readiness probes to controller-manager MUST use HTTPS now, and the default port has been changed to 10257.

    - [kubeadm](#kubeadm-1)
    - [Other Deprecations](#other-deprecations)
  - [Changes to API Resources](#changes-to-api-resources)
    - [ABAC](#abac)
    - [Admission Control](#admission-control)
    - [Authentication](#authentication)
    - [Authorization](#authorization)
    - [Autoscaling](#autoscaling-1)
    - [Certificates](#certificates)
    - [ConfigMap](#configmap)
    - [CronJob](#cronjob)
    - [DaemonSet](#daemonset-1)

* client-go: alpha support for out-of-tree exec-based credential providers. For example, a cloud provider could create their own authentication system rather than using the standard authentication provided with Kubernetes. ([#59495](https://github.com/kubernetes/kubernetes/pull/59495), [@ericchiang](https://github.com/ericchiang))

          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",
            "version": "v1"
          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",
            "version": "v1alpha1"
          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",

- github.com/hashicorp/go-syslog: [v1.0.0](https://github.com/hashicorp/go-syslog/tree/v1.0.0)
- github.com/jimstudt/http-authentication: [3eca13d](https://github.com/jimstudt/http-authentication/tree/3eca13d)
- github.com/kisielk/errcheck: [v1.2.0](https://github.com/kisielk/errcheck/tree/v1.2.0)
- github.com/kisielk/gotool: [v1.0.0](https://github.com/kisielk/gotool/tree/v1.0.0)

          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",
            "version": "v1"
          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",
            "version": "v1alpha1"
          },
          {
            "group": "authentication.k8s.io",
            "kind": "DeleteOptions",

Node API object](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction). In authentication, we added alpha-level support for automounting improved service account tokens through projected volumes. We also enabled [audience validation in TokenReview](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.13/#tokenreview-v1-authentication-k8s-io) for the new tokens for improved scoping. Under audit logging, the new alpha-level "dynamic audit configuration"...