},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization token for plugin hook endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         RolePolicy,
			Description: "policies to apply for plugin authorized users" + defaultHelpPostfix(RolePolicy),
			Type:        "string",
		},
		config.HelpKV{

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

   * comparator to look for it wherever it wants.
   *
   * Note that we do NOT touch the comparator returned by comparator(), which
   * should be identical to the one the user passed in. We touch only the
   * "secret" comparator used by the delegate implementation.
   */

  private static <K, V> SortedMap<K, V> newModifiableDelegate(Comparator<? super K> comparator) {
    return newTreeMap(nullAccepting(comparator));
  }

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

	sa, embeddedPolicy, err := sys.getServiceAccount(ctx, accessKey)
	if err != nil {
		return auth.Credentials{}, nil, err
	}
	// Hide secret & session keys
	sa.Credentials.SecretKey = ""
	sa.Credentials.SessionToken = ""
	return sa.Credentials, embeddedPolicy, nil
}

インタラクティブドキュメントを開きます: [http://127.0.0.1:8000/docs](http://127.0.0.1:8000/docs)。

### 認証 { #authenticate }

「Authorize」ボタンをクリックします。

次の認証情報を使います:

User: `johndoe`

Password: `secret`

<img src="/img/tutorial/security/image04.png">

システムで認証されると、次のように表示されます:

<img src="/img/tutorial/security/image05.png">

### 自分のユーザーデータを取得 { #get-your-own-user-data }

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

  * “kubectl run” now produces Deployments (instead of ReplicationControllers) and
Jobs (instead of Pods) by default.
  * Pods can now consume Secret data in environment variables and inject those
environment variables into a container’s command-line args.
  * Stable version of Heapster which scales up to 1000 nodes: more metrics, reduced