errors.failed_to_download_mapping_file = Impossibile scaricare il file di mappatura.
errors.failed_to_upload_mapping_file = Impossibile caricare il file di mappatura.
errors.invalid_kuromoji_token={0} non è un token valido.
errors.invalid_kuromoji_segmentation=Il numero di segmentazioni di {0} non corrisponde al numero di segmentazioni di {1}.
errors.invalid_str_is_included = {0} non è valido in {1}.

labels.roleTypeIds=ID ролей
labels.scriptData=Скрипт
labels.scriptResult=Результат
labels.scriptType=Метод выполнения
labels.segmentation=Сегментация
labels.startTime=Время начала
labels.target=Цель
labels.token=Токен
labels.synonymFile=Файл синонимов
labels.stopwordsFile=Файл стоп-слов
labels.stemmerOverrideFile=Файл переопределения стеммера
labels.mappingFile=Файл сопоставления
labels.protwordsFile=Файл Protwords

- Upon receiving a LIST request with an expired continue token, the apiserver now returns a continue token together with the 410 "the from parameter is too old" error. If the client does not care about getting a list from a consistent snapshot, the client can use this token to continue listing from the next key, but the returned chunk will be from the latest snapshot. ([#67284](https://github.com/kubernetes/kubernetes/pull/67284),...

* With this PR, kubectl and other RestClient's using the AuthProvider framework can make OIDC authenticated requests, and, if there is a refresh token present, the tokens will be refreshed as needed. ([#25270](https://github.com/kubernetes/kubernetes/pull/25270), [@bobbyrullo](https://github.com/bobbyrullo))

    * Email.
    * UUID.
    * ...及其他.

所有的校验都由完善且强大的 **Pydantic** 处理。

### 安全性及身份验证

集成了安全性和身份认证。杜绝数据库或者数据模型的渗透风险。

OpenAPI 中定义的安全模式，包括：

* HTTP 基本认证。
* **OAuth2** (也使用 **JWT tokens**)。在 [OAuth2 with JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}查看教程。
* API 密钥，在:
    * 请求头。
    * 查询参数。
    * Cookies, 等等。

加上来自 Starlette（包括 **session cookie**）的所有安全特性。

labels.roleTypeIds=Rol ID'leri
labels.scriptData=Betik
labels.scriptResult=Sonuç
labels.scriptType=Yürütme Yöntemi
labels.segmentation=Segmentasyon
labels.startTime=Başlangıç Zamanı
labels.target=Hedef
labels.token=Belirteç
labels.synonymFile=Eş Anlamlı Dosyası
labels.stopwordsFile=Durdurma Kelimeleri Dosyası
labels.stemmerOverrideFile=Kök Bulma Geçersizleştirme Dosyası
labels.mappingFile=Eşleme Dosyası

	oauth2Token, err := oauth2Config.Exchange(ctx, code)
	if err != nil {
		return "", fmt.Errorf("unable to exchange code for id token: %v", err)
	}

	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
	if !ok {
		return "", fmt.Errorf("id_token not found!")
	}

	// fmt.Printf("TOKEN: %s\n", rawIDToken)
	return rawIDToken, nil
}

// unwrapAll will unwrap the returned error completely.

    /** The key of the message: Target */
    public static final String LABELS_TARGET = "{labels.target}";

    /** The key of the message: Token */
    public static final String LABELS_TOKEN = "{labels.token}";

    /** The key of the message: Synonym File */
    public static final String LABELS_SYNONYM_FILE = "{labels.synonymFile}";

    /** The key of the message: Stopwords File */

- kube-apiserver: `--service-account-max-token-expiration` can now be used in combination with an external token signer `--service-account-signing-endpoint`, as long as the `--service-account-max-token-expiration` is not longer than the external token signer's max expiration. ([#129816](https://github.com/kubernetes/kubernetes/pull/129816), [@sambdavidson](https://github.com/sambdavidson)) [SIG...

- If BoundServiceAccountTokenVolume is enabled, cluster admins can use metric `serviceaccount_stale_tokens_total` to monitor workloads that are depending on the extended tokens. If there are no such workloads, turn off extended tokens by starting `kube-apiserver` with flag `--service-account-extend-token-expiration=false` ([#96273](https://github.com/kubernetes/kubernetes/pull/96273), [@zshihang](https://github.com/zshihang)) [SIG API Machinery and Auth]