{
		// We don't compare the values of the canned policies because server is
		// re-encoding them. (FIXME?)
		for k := range content.policies {
			content.policies[k] = nil
			gotContent.policies[k] = nil
		}
		if !reflect.DeepEqual(content.policies, gotContent.policies) {
			c.Fatalf("import %d: policies mismatch: expected: %v, got: %v", caseNum, content.policies, gotContent.policies)
		}
	}

// isIAMPolicyReplicated returns true if count of replicated IAM policies matches total
// number of sites and IAM policies are identical.
func isIAMPolicyReplicated(cntReplicated, total int, policies []*policy.Policy) bool {
	if cntReplicated > 0 && cntReplicated != total {
		return false
	}
	// check if policies match between sites
	var prev *policy.Policy
	for i, p := range policies {
		if i == 0 {
			prev = p
			continue

				writeErrorResponseHeadersOnly(w, toAPIError(ctx, proxy.Err))
				return
			}
		}
	}

	if objInfo.UserTags != "" {
		// Set this such that authorization policies can be applied on the object tags.
		r.Header.Set(xhttp.AmzObjectTagging, objInfo.UserTags)
	}

	if s3Error := authorizeRequest(ctx, r, policy.GetObjectAction); s3Error != ErrNone {

alpha support for manifest-based admission control configuration (KEP-5793). When the `ManifestBasedAdmissionControlConfig` feature gate is enabled, admission webhooks and CEL-based policies can be loaded from static manifest files on disk via the `staticManifestsDir` field in `AdmissionConfiguration`. These policies are active from API server startup, survive etcd unavailability, and can protect API-based admission resources from modification. ([#137346](https://github.com/kubernetes/kubernetes/pull/137346),...

  - Expanded support for federated hybrid-cloud resources including ReplicaSets, Secrets, Namespaces and Events.
- **Security**
  - Increased pod-level security granularity (eg: Container Image Policies, AppArmor and `sysctl` support)
  - Increased cluster-level security granularity (eg: Access Review API)

## Features

  * `kubectl get podsecuritypolicies -o yaml > psp.yaml`
2. Review and delete any PodSecurityPolicy objects you do not want all pod-creating users to be able to use (NOTE: Privileged users that were making use of those policies will also lose access to those policies). For example:
  * `kubectl delete podsecuritypolicies/my-privileged-policy`
3. After upgrading to 1.5.5, re-create the exported PodSecurityPolicy objects:
  * `kubectl create -f psp.yaml`

po.it
poa.br
podhale.pl
podlasie.pl
podzone.net
podzone.org
pohl
point2this.com
pointto.us
poivron.org
poker
pokrovsk.su
pol.dz
pol.ht
pol.tr
police.uk
politica.bo
politie
polkowice.pl
poltava.ua
polyspace.com
pomorskie.pl
pomorze.pl
poniatowa.pl
ponpes.id
pordenone.it
porn
porsanger.no
porsangu.no
porsgrunn.no

po.it
poa.br
podhale.pl
podlasie.pl
podzone.net
podzone.org
pohl
point2this.com
pointto.us
poivron.org
poker
pokrovsk.su
pol.dz
pol.ht
pol.tr
police.uk
politica.bo
politie
polkowice.pl
poltava.ua
polyspace.com
pomorskie.pl
pomorze.pl
poniatowa.pl
ponpes.id
pordenone.it
porn
porsanger.no
porsangu.no
porsgrunn.no