"items": {
              "default": "",
              "type": "string"

  optional int64 runAsGroup = 6;

  // Indicates that the container must run as a non-root user.
  // If true, the Kubelet will validate the image at runtime to ensure that it
  // does not run as UID 0 (root) and fail to start the container if it does.
  // If unset or false, no such validation will be performed.
  // May also be set in SecurityContext.  If set in both SecurityContext and

                        that includes when: \n * The Route refers to a non-existent
                        parent. * The Route is of a type that the controller does
                        not support. * The Route is in a namespace the controller
                        does not have access to."
                      items:
                        description: "Condition contains details for one aspect of

	// Indicates that the container must run as a non-root user.
	// If true, the Kubelet will validate the image at runtime to ensure that it
	// does not run as UID 0 (root) and fail to start the container if it does.
	// If unset or false, no such validation will be performed.
	// May also be set in SecurityContext.  If set in both SecurityContext and

// The caller does not own the returned slice.
func (mh *http2MetaHeadersFrame) RegularFields() []hpack.HeaderField {
	for i, hf := range mh.Fields {
		if !hf.IsPseudo() {
			return mh.Fields[i:]
		}
	}
	return nil
}

// PseudoFields returns the pseudo header fields of mh.
// The caller does not own the returned slice.

  - [Changelog since v1.20.5](#changelog-since-v1205)
  - [Important Security Information](#important-security-information-1)
    - [CVE-2021-25735: Validating Admission Webhook does not observe some previous fields](#cve-2021-25735-validating-admission-webhook-does-not-observe-some-previous-fields)
  - [Changes by Kind](#changes-by-kind-9)
    - [API Change](#api-change-2)
    - [Feature](#feature-5)

  managed by the GLBC Ingress Controller. This can cause the health checks to start failing,
  requiring you to reapply the manual edits.
  * This issue does not affect clusters that were already running Kubernetes v1.6.4 or higher.
  * This issue does not affect Health Checks that were left in the configuration

          },
          "runAsNonRoot": {
            "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",

			pathOfFieldPath: path,
			schema:          &schema,
			errMsg:          "does not refer to a valid field",
		},
		{
			name:            "Unsupported .list['a-b.34']",
			fieldPath:       ".list['a-b.34']",
			pathOfFieldPath: path,
			schema:          &schema,
			errMsg:          "does not refer to a valid field",
		},
		{
			name:            "Invalid .list.a-b.34",

* When performing a GET then PUT, the kube-apiserver must write the canonical representation of the object to etcd if the current value does not match. That allows external agents to migrate content in etcd from one API version to another, across different storage types, or across varying encryption levels. This fixes a bug introduced in 1.5 where we unintentionally stopped writing the...