- Addressed an issue where a JWT authenticator set up via `--authentication-config` would encounter failures in verifying tokens not signed with RS256. ([#123282](https://github.com/kubernetes/kubernetes/pull/123282), [@enj](https://github.com/enj))

            </ul>

            <h2>Examples</h2>

            <ul>
            <li>JDK version range: {@code inrange(${java.version}, '[11,)')} (JDK 11 or higher)</li>
            <li>OS check: {@code ${os.name} == 'windows'}</li>
            <li>File existence: {@code exists('${project.basedir}/src/**}{@code /*.xsd')}</li>

- Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. ([#112398](https://github.com/kubernetes/kubernetes/pull/112398), [@shyamjvs](https://github.com/shyamjvs)) [SIG API Machinery]

* calico-node addon tolerates all NoExecute and NoSchedule taints by default. ([#57122](https://github.com/kubernetes/kubernetes/pull/57122), [@caseydavenport](https://github.com/caseydavenport))
* Allow kubernetes components to react to SIGTERM signal and shutdown gracefully. ([#57756](https://github.com/kubernetes/kubernetes/pull/57756), [@mborsz](https://github.com/mborsz))

  managed by the GLBC Ingress Controller. This can cause the health checks to start failing,
  requiring you to reapply the manual edits.
  * This issue does not affect clusters that were already running Kubernetes v1.6.4 or higher.
  * This issue does not affect Health Checks that were left in the configuration
    [originally set by the GLBC Ingress Controller](https://github.com/kubernetes/ingress-nginx/tree/0.9.0-beta.1/controllers/gce#health-checks).

is-a-candidate.org
is-a-caterer.com
is-a-celticsfan.org
is-a-chef.com
is-a-chef.net
is-a-chef.org
is-a-conservative.com
is-a-cpa.com
is-a-cubicle-slave.com
is-a-democrat.com
is-a-designer.com
is-a-doctor.com
is-a-financialadvisor.com
is-a-fullstack.dev
is-a-geek.com
is-a-geek.net
is-a-geek.org
is-a-good.dev
is-a-green.com
is-a-guru.com
is-a-hard-worker.com

- Ensured that the Node Admission plugin to reject CSR requests created by a node identity for the signers `kubernetes.io/kubelet-serving` or `kubernetes.io/kube-apiserver-client-kubelet` with a CN starting with `system:node:`, but where the CN is not `system:node:${node-name}`. The feature gate `AllowInsecureKubeletCertificateSigningRequests` defaults...

"y=p,sign-", "edffffffffffffffffff", "00000000000000000000", }, { "y=p+1,sign+", "eeffffffffffffffffff", "01000000000000000000", }, // "y=p+1,sign-" is already tested above. // p+2 is not a valid y-coordinate. { "y=p+3,sign+", "f0ffffffffffffffffff", "03000000000000000000", }, { "y=p+3,sign-", "f0ffffffffffffffffff", "03000000000000000000", }, { "y=p+4,sign+", "f1ffffffffffffffffff", "04000000000000000000", }, { "y=p+4,sign-", "f1ffffffffffffffffff", "04000000000000000000", }, { "y=p+5,sign+", "f2...

"y=p,sign-", "edffffffffffffffffff", "00000000000000000000", }, { "y=p+1,sign+", "eeffffffffffffffffff", "01000000000000000000", }, // "y=p+1,sign-" is already tested above. // p+2 is not a valid y-coordinate. { "y=p+3,sign+", "f0ffffffffffffffffff", "03000000000000000000", }, { "y=p+3,sign-", "f0ffffffffffffffffff", "03000000000000000000", }, { "y=p+4,sign+", "f1ffffffffffffffffff", "04000000000000000000", }, { "y=p+4,sign-", "f1ffffffffffffffffff", "04000000000000000000", }, { "y=p+5,sign+", "f2...

        * At Metadata audit level or higher, an annotation with key "mutation.webhook.admission.k8s.io/round_{round idx}_index_{order idx}" gets logged with JSON payload indicating a webhook gets invoked for given request and whether it mutated the object or not.