- A new `kubelet_preemptions` metric is reported from Kubelets to track the number of preemptions occurring over time, and which resource is triggering those preemptions. ([#84120](https://github.com/kubernetes/kubernetes/pull/84120), [@smarterclayton](https://github.com/smarterclayton))

- Graduated the asynchronous preemption feature in the scheduler to beta. 
  Now the feature flag (SchedulerAsyncPreemption) is enabled by default. ([#130550](https://github.com/kubernetes/kubernetes/pull/130550), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling]

- Do not include preemptor pod metadata in the event message ([#114946](https://github.com/kubernetes/kubernetes/pull/114946), [@mimowo](https://github.com/mimowo)) [SIG Scheduling]

 * for (Challenge challenge : response.challenges()) {
 *   // If this is preemptive auth, use a preemptive credential.
 *   if (challenge.scheme().equalsIgnoreCase("OkHttp-Preemptive")) {
 *     return response.request().newBuilder()
 *         .header("Proxy-Authorization", "secret")
 *         .build();
 *   }
 * }
 * return null; // Didn't find a preemptive auth scheme.
 * ```
 *
 * ## Reactive Authentication
 *

- Pause image contains "Architecture" in non-amd64 images ([#87954](https://github.com/kubernetes/kubernetes/pull/87954), [@BenTheElder](https://github.com/BenTheElder)) [SIG Release]
- Pods that are considered for preemption and haven't started don't produce an error log. ([#87900](https://github.com/kubernetes/kubernetes/pull/87900), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]

        .request(proxyConnectRequest)
        .protocol(Protocol.HTTP_1_1)
        .code(HttpURLConnection.HTTP_PROXY_AUTH)
        .message("Preemptive Authenticate")
        .sentRequestAtMillis(-1L)
        .receivedResponseAtMillis(-1L)
        .header("Proxy-Authenticate", "OkHttp-Preemptive")
        .build()

    val authenticatedRequest =
      route.address.proxyAuthenticator

 *
 *  * A DNS lookup failed
 *  * The configuration is incapable of carrying the request, such as when the client is configured
 *    to use `H2_PRIOR_KNOWLEDGE` but the URL's scheme is `https:`.
 *  * Preemptive proxy authentication failed.
 *
 * Planning failures are not necessarily fatal. For example, even if we can't DNS lookup the first
 * proxy in a list, looking up a subsequent one may succeed.
 */
internal class FailedPlan(

  * Mark all static pods on the Master node as critical to prevent preemption ([#47356](https://github.com/kubernetes/kubernetes/pull/47356), [@dashpole](https://github.com/dashpole))

## Changelog since v1.22.12

## Changes by Kind

### Bug or Regression

- Fix memory leak on kube-scheduler preemption ([#111805](https://github.com/kubernetes/kubernetes/pull/111805), [@amewayne](https://github.com/amewayne)) [SIG Scheduling]

 *  **Proxy authenticators are now asked for preemptive authentication.** OkHttp will now request
    authentication credentials before creating TLS tunnels through HTTP proxies (HTTP `CONNECT`).
    Authenticators should identify preemptive authentications by the presence of a challenge whose
    scheme is "OkHttp-Preemptive".