s://kubernetes.io/docs/concepts/configuration/assign-pod-node/). Node affinity/anti-affinity allow you to specify rules for restricting which node(s) a pod can schedule onto, based on the labels on the node. Pod affinity/anti-affinity allow you to specify rules for spreading and packing pods relative to one another, across arbitrary topologies (node, zone, etc.) These affinity rules are now be specified in a new-in-1.6 `affinity` field of the PodSpec. Kubernetes 1.6 continues to support the alpha...

labels.facet=ファセット
labels.geo=ジオ
labels.groups=グループ
labels.hash=ハッシュ
labels.kuromojiFile=Kuromojiファイル
labels.maxSize=最大サイズ
labels.order=順番
labels.purgeSuggestSearchLogDay=以前のサジェスト情報を削除
labels.q=クエリー
labels.roles=ロール
labels.suggestSearchLog=サジェスト用検索ログ
labels.suggestWord=サジェストワード
labels.targetLabel=ラベル
labels.term=検索語
labels.fields=フィールド
labels.ex_q=拡張クエリー
labels.oldPassword=現在のパスワード
labels.newPassword=新しいパスワード

// expiry. The permissions for these STS credentials is determined in one of the
// following ways:
//
// - RoleARN - if a role-arn is specified in the request, the STS credential's
// policy is the role's policy.
//
// - inherited from parent - this is the case for AssumeRole API, where the
// parent user is an actual real user with their own (permanent) credentials and

  passed a file which contains RBAC roles, rolebindings, clusterroles, or
  clusterrolebindings, this command computes covers and adds the missing rules.
  The logic required to properly apply RBAC permissions is more complicated
  than a JSON merge because you have to compute logical covers operations between
  rule sets. This means that we cannot use `kubectl apply` to update RBAC roles

- **Auth**
  - [alpha] Further polishing of the Role-based access control alpha API including a default set of cluster roles. ([docs](http://kubernetes.io/docs/admin/authorization/)) ([kubernetes/features#2](https://github.com/kubernetes/enhancements/issues/2))

# no rules should be needed

-whyareyoukeeping class okhttp3.internal.idn.IdnaMappingTable {
  *;

as well as hostIPC and hostPID. hostNetwork is also checked to deny exec /attach. ([#56839](https://github.com/kubernetes/kubernetes/pull/56839), [@hzxuzhonghu](https://github.com/hzxuzhonghu))

* When using Role-Based Access Control, the "admin", "edit", and "view" roles now have the expected permissions on NetworkPolicy resources, rather than reserving those permissions to only cluster-admin. ([#56650](https://github.com/kubernetes/kubernetes/pull/56650), [@danwinship](https://github.com/danwinship))...

- The built-in system:csi-external-provisioner and system:csi-external-attacher cluster roles are removed as of 1.17 release ([#84282](https://github.com/kubernetes/kubernetes/pull/84282), [@tedyu](https://github.com/tedyu))

{"index":{"_index":"fess_user.role","_id":"YWRtaW4="}}
{"name":"admin"}
{"index":{"_index":"fess_user.role","_id":"Z3Vlc3Q="}}

Shinsuke Sugaya <******@****.***> 1638450896 +0900