reserving-the-client-source-ip ## externalTrafficPolic: Cluster ## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: enabled: false ingressClassName: ~ labels: {} # node-role.kubernetes.io/ingress: platform annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # kubernetes.io/ingress.allow-http: "false" # kubernetes.io/ingress.global-static-ip-name: "" # nginx.ingress.kubernetes.io/secure-backends:...

- The `system:aggregate-to-edit` role no longer includes write access to the Endpoints API. For new Kubernetes 1.22 clusters, the `edit` and `admin` roles will no longer include that access in newly created Kubernetes 1.22 clusters. This will have no affect on existing clusters upgrading to Kubernetes 1.22. To retain write access to Endpoints in the aggregated `edit` and `admin` roles for newly created 1.22 clusters, refer to https://github.com/kubernetes/website/pull/29025....

- **Auth**
  - [alpha] Further polishing of the Role-based access control alpha API including a default set of cluster roles. ([docs](http://kubernetes.io/docs/admin/authorization/)) ([kubernetes/features#2](https://github.com/kubernetes/enhancements/issues/2))

    public static final int POLICY_INFO_PRIMARY_DOMAIN = 3;
    /** Policy information level for account domain. */
    public static final int POLICY_INFO_ACCOUNT_DOMAIN = 5;
    /** Policy information level for server role. */
    public static final int POLICY_INFO_SERVER_ROLE = 6;
    /** Policy information level for modification details. */
    public static final int POLICY_INFO_MODIFICATION = 9;

- Fixed a bug that caused duplicate validation when updating role and role binding resources. ([#132550](https://github.com/kubernetes/kubernetes/pull/132550), [@gavinkflam](https://github.com/gavinkflam)) [SIG Auth]

`-${Math.floor(Math.random() * 1000)}`\n      navId += `-${Math.floor(Math.random() * 1000)}`\n    }\n\n    const newNavItem = `<li class=\"nav-item\" role=\"presentation\"><a href=\"#\" class=\"btn-iframe-close\" data-widget=\"iframe-close\" data-type=\"only-this\"><i class=\"fas fa-times\"></i></a><a class=\"nav-link\" data-toggle=\"row\" id=\"${navId}\" href=\"#${tabId}\" role=\"tab\" aria-controls=\"${tabId}\" aria-selected=\"false\">${title}</a></li>`\n    $(SELECTOR_TAB_NAVBAR_NAV).append(unescape(escape(newNavItem)))\n\n...

            dependency.

            The term "scope" comes from the OAuth2 specification, it seems to be
            intentionally vague and interpretable. It normally refers to permissions,
            in cases to roles.

            These scopes are integrated with OpenAPI (and the API docs at `/docs`).
            So they are visible in the OpenAPI specification.

            Read more about it in the

        final Map<String, Object> source = new LinkedHashMap<>();
        source.put("url", "https://example.com/page.html");
        source.put("title", "Test");
        source.put("content", "Body");
        source.put("role", Arrays.asList("admin", "user"));

        indexExportJob.exportDocument(source, tempDir.toString(), Collections.emptySet(), new HtmlIndexExportFormatter());

	} else {
		c.iamUsersMap[key] = u
	}
	c.updatedAt = time.Now()
	return nil
}

// IAMStorageAPI defines an interface for the IAM persistence layer
type IAMStorageAPI interface {
	// The role of the read-write lock is to prevent go routines from
	// concurrently reading and writing the IAM storage. The (r)lock()
	// functions return the iamCache. The cache can be safely written to
	// only when returned by `lock()`.

- Add write and read permissions for workloads to the admin cluster role. Add write permissions for workloads to the edit cluster role. Add read permissions for workloads to the view cluster role. ([#135418](https://github.com/kubernetes/kubernetes/pull/135418), [@carlory](https://github.com/carlory)) [SIG Auth]