will use the local kube-apiserver endpoint for the kubelet when creating a cluster with `kubeadm init` or when joining control plane nodes with `kubeadm join`. Enabling the feature gate also affects the `kubeadm init phase kubeconfig kubelet` phase, where the flag `--control-plane-endpoint` no longer affects the generated kubeconfig `Server` field, but the flag `--apiserver-advertise-address` can now be used for the same purpose. ([#129956](https://github.com/kubernetes/kubernetes/pull/129956), ...

## Changelog since v1.5.0

### Other notable changes

* Changes the default value of the "anonymous-auth" flag to a safer default value of false. This affects kube apiserver and federation apiserver. See https://groups.google.com/forum/#!topic/kubernetes-announce/iclRj-6Nfsg for more details.  ([#38708](https://github.com/kubernetes/kubernetes/pull/38708), [@erictune](https://github.com/erictune))

        // Modify original array - should not affect stored password
        passwordChars[0] = 'X';
        String retrievedPassword2 = authenticator.getPassword();
        assertEquals("charArrayPassword", retrievedPassword2, "Stored password should not be affected by external changes");
    }

    @Test
    public void testNullPasswordHandling() {

* Deployments and DaemonSets rollouts are considered complete when all of the desired replicas are updated and available. This change affects `kubectl rollout status` and Deployment condition. ([#44672](https://github.com/kubernetes/kubernetes/pull/44672), [@kargakis](https://github.com/kargakis))

* Code generated for CRDs now passes `go vet`. ([#62412](https://github.com/kubernetes/kubernetes/pull/62412), [@bhcleek](https://github.com/bhcleek))
* "beginPort+offset" format support for port range which affects kube-proxy only ([#58731](https://github.com/kubernetes/kubernetes/pull/58731), [@yue9944882](https://github.com/yue9944882))

- a new `EndpointSliceProxying` feature gate has been added to control the use of EndpointSlices in kube-proxy. The EndpointSlice feature gate that used to control this behavior no longer affects kube-proxy. This feature has been disabled by default. ([#86137](https://github.com/kubernetes/kubernetes/pull/86137), [@robscott](https://github.com/robscott)) 

#### kubeadm:

   * unprivileged user may return a resource accessible only to a privileged user making a similar
   * call. To prevent this problem, create a key object that includes all values that affect the
   * result of the query. Or use {@code LoadingCache.get(K)}, which lacks the ability to refer to
   * state other than that in the key.
   *

          runningAsyncCalls.add(asyncCall)
        }

        return@synchronized Effects(
          callsToExecute = callsToExecute,
          idleCallbackToRun = idleCallbackToRun,
        )
      }

    var callDispatcherQueueStart = true

    for (i in 0 until effects.callsToExecute.size) {
      val call = effects.callsToExecute[i]

     * regrettable implementations like our own Sets.filter, Collection.size() is sometimes a
     * linear-time operation, and it can even have side effects. Thus, we limit the special case to
     * List, which is _even more likely_ to have size() implemented to be fast and side-effect-free.
     *
     * We could consider recognizing specific other collections as safe (like ImmutableCollection,

statute, judicial order, or regulation then You must: (a) comply with
the terms of this License to the maximum extent possible; and (b)
describe the limitations and the code they affect. Such description must
be placed in a text file included with all distributions of the Covered
Software under this License. Except to the extent prohibited by statute