public void setRoles_Equal(String roles) {
        setRoles_Term(roles, null);
    }

    public void setRoles_Equal(String roles, ConditionOptionCall<TermQueryBuilder> opLambda) {
        setRoles_Term(roles, opLambda);
    }

    public void setRoles_Term(String roles) {
        setRoles_Term(roles, null);
    }

    public void setRoles_Term(String roles, ConditionOptionCall<TermQueryBuilder> opLambda) {

    /** The key of the configuration. e.g. admin */
    String AUTHENTICATION_ADMIN_USERS = "authentication.admin.users";

    /** The key of the configuration. e.g. admin */
    String AUTHENTICATION_ADMIN_ROLES = "authentication.admin.roles";

    /** The key of the configuration. e.g.  */
    String ROLE_SEARCH_DEFAULT_PERMISSIONS = "role.search.default.permissions";

    /** The key of the configuration. e.g. {role}guest */

#### **RBAC**

*   New permissions have been added to default RBAC roles ([#52654](https://github.com/kubernetes/kubernetes/pull/52654),[ @liggitt](https://github.com/liggitt)):
    *   The default admin and edit roles now include read/write permissions
    *   The view role includes read permissions on poddisruptionbudget.policy resources.

  passed a file which contains RBAC roles, rolebindings, clusterroles, or
  clusterrolebindings, this command computes covers and adds the missing rules.
  The logic required to properly apply RBAC permissions is more complicated
  than a JSON merge because you have to compute logical covers operations between
  rule sets. This means that we cannot use `kubectl apply` to update RBAC roles

    - [SIG Windows development tools](#sig-windows-development-tools)
    - [Deploy a more secure control plane with kubeadm](#deploy-a-more-secure-control-plane-with-kubeadm)
    - [etcd moves to version 3.5.0](#etcd-moves-to-version-350)
    - [Kubernetes Node system swap support](#kubernetes-node-system-swap-support)
    - [Cluster-wide seccomp defaults](#cluster-wide-seccomp-defaults)

- [Changes](#changes)
  - [What’s New (Major Themes)](#whats-new-major-themes)
    - [Cloud Provider Labels reach General Availability](#cloud-provider-labels-reach-general-availability)
    - [Volume Snapshot Moves to Beta](#volume-snapshot-moves-to-beta)
    - [CSI Migration Beta](#csi-migration-beta)
  - [Known Issues](#known-issues)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes-1)

  - The built-in `system:csi-external-provisioner` and `system:csi-external-attacher` cluster roles are deprecated and will not be auto-created in a future release. CSI deployments should provide their own RBAC role definitions with required permissions. ([#69868](https://github.com/kubernetes/kubernetes/pull/69868), [@pohly]( https://github.com/pohly))...

// and allows a Source for provider-specific attributes
message PersistentVolumeClaimSpec {
  // accessModes contains the desired access modes the volume should have.
  // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
  // +optional
  repeated string accessModes = 1;

  // selector is a label query over volumes to consider for binding.
  // +optional

* Fix credentials providers for docker sandbox image. ([#51870](https://github.com/kubernetes/kubernetes/pull/51870), [@feiskyer](https://github.com/feiskyer))
* Fix security holes in GCE metadata proxy. ([#51302](https://github.com/kubernetes/kubernetes/pull/51302), [@ihmccreery](https://github.com/ihmccreery))

* Kubernetes now supports up to 5,000 nodes via etcd v3, which is enabled by default.
* [Role-based access control (RBAC)](https://kubernetes.io//docs/admin/authorization/rbac) has graduated to beta, and defines secure default roles for control plane, node, and controller components.
* The [`kubeadm` cluster bootstrap tool](https://kubernetes.io/docs/getting-started-guides/kubeadm/) has graduated to beta. Some highlights: