{"index":{"_index":"fess_user.user","_id":"YWRtaW4="}}

 * intermediate certificate, "Entrust Certification Authority - L1M". The intermediate certificate
 * is used to verify the signature of the "www.squareup.com" certificate.
 *
 * This roles are reversed for client authentication. In that case the client has a private key and
 * a chain of certificates. The server uses a set of trusted root certificates to authenticate the

  // Items is a list of RoleBindings
  repeated RoleBinding items = 2;
}

// RoleList is a collection of Roles
message RoleList {
  // Standard object's metadata.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  // Items is a list of Roles
  repeated Role items = 2;
}

// RoleRef contains information that points to the role being used
// +structType=atomic

#### **RBAC**

*   New permissions have been added to default RBAC roles ([#52654](https://github.com/kubernetes/kubernetes/pull/52654),[ @liggitt](https://github.com/liggitt)):
    *   The default admin and edit roles now include read/write permissions
    *   The view role includes read permissions on poddisruptionbudget.policy resources.

chable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"responseTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"roles\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"searchField._default\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scr...

* Kubernetes now supports up to 5,000 nodes via etcd v3, which is enabled by default.
* [Role-based access control (RBAC)](https://kubernetes.io//docs/admin/authorization/rbac) has graduated to beta, and defines secure default roles for control plane, node, and controller components.
* The [`kubeadm` cluster bootstrap tool](https://kubernetes.io/docs/getting-started-guides/kubeadm/) has graduated to beta. Some highlights:

* corrects a race condition in bootstrapping aggregated cluster roles in new HA clusters ([#63761](https://github.com/kubernetes/kubernetes/pull/63761), [@liggitt](https://github.com/liggitt))

  // It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
  // For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
  // +optional
  optional string evaluationError = 3;
}

// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on

  `Boots and shoes under the sea,' the Gryphon went on in a deep
voice, `are done with a whiting.  Now you know.'

  `And what are they made of?' Alice asked in a tone of great
curiosity.

  `Soles and eels, of course,' the Gryphon replied rather
impatiently:  `any shrimp could have told you that.'

  `If I'd been the whiting,' said Alice, whose thoughts were

  passed a file which contains RBAC roles, rolebindings, clusterroles, or
  clusterrolebindings, this command computes covers and adds the missing rules.
  The logic required to properly apply RBAC permissions is more complicated
  than a JSON merge because you have to compute logical covers operations between
  rule sets. This means that we cannot use `kubectl apply` to update RBAC roles