mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 10:33:35 +00:00
rebase: bump k8s.io/kubernetes in the k8s-dependencies group
Bumps the k8s-dependencies group with 1 update: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes). Updates `k8s.io/kubernetes` from 1.32.3 to 1.33.0 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.32.3...v1.33.0) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-version: 1.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit is contained in:
dependabot[bot]
committed by
mergify[bot]
mergify[bot]
parent
4147d5d15a
commit
51895f8619
2
vendor/k8s.io/api/admissionregistration/v1alpha1/doc.go
generated
vendored
2
vendor/k8s.io/api/admissionregistration/v1alpha1/doc.go
generated
vendored
@ -21,4 +21,4 @@ limitations under the License.
|
||||
// +groupName=admissionregistration.k8s.io
|
||||
|
||||
// Package v1alpha1 is the v1alpha1 version of the API.
|
||||
package v1alpha1 // import "k8s.io/api/admissionregistration/v1alpha1"
|
||||
package v1alpha1
|
||||
|
||||
13
vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
generated
vendored
13
vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
generated
vendored
@ -272,9 +272,9 @@ message MatchResources {
|
||||
// +optional
|
||||
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 1;
|
||||
|
||||
// ObjectSelector decides whether to run the validation based on if the
|
||||
// ObjectSelector decides whether to run the policy based on if the
|
||||
// object has matching labels. objectSelector is evaluated against both
|
||||
// the oldObject and newObject that would be sent to the cel validation, and
|
||||
// the oldObject and newObject that would be sent to the policy's expression (CEL), and
|
||||
// is considered to match if either object matches the selector. A null
|
||||
// object (oldObject in the case of create, or newObject in the case of
|
||||
// delete) or an object that cannot have labels (like a
|
||||
@ -286,13 +286,13 @@ message MatchResources {
|
||||
// +optional
|
||||
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector objectSelector = 2;
|
||||
|
||||
// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
|
||||
// ResourceRules describes what operations on what resources/subresources the admission policy matches.
|
||||
// The policy cares about an operation if it matches _any_ Rule.
|
||||
// +listType=atomic
|
||||
// +optional
|
||||
repeated NamedRuleWithOperations resourceRules = 3;
|
||||
|
||||
// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
|
||||
// ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about.
|
||||
// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
|
||||
// +listType=atomic
|
||||
// +optional
|
||||
@ -304,12 +304,13 @@ message MatchResources {
|
||||
// - Exact: match a request only if it exactly matches a specified rule.
|
||||
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
|
||||
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
|
||||
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
|
||||
// the admission policy does not consider requests to apps/v1beta1 or extensions/v1beta1 API groups.
|
||||
//
|
||||
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
|
||||
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
|
||||
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
|
||||
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
|
||||
// the admission policy **does** consider requests made to apps/v1beta1 or extensions/v1beta1
|
||||
// API groups. The API server translates the request to a matched resource API if necessary.
|
||||
//
|
||||
// Defaults to "Equivalent"
|
||||
// +optional
|
||||
|
||||
23
vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
generated
vendored
23
vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
generated
vendored
@ -56,9 +56,9 @@ const (
|
||||
type FailurePolicyType string
|
||||
|
||||
const (
|
||||
// Ignore means that an error calling the webhook is ignored.
|
||||
// Ignore means that an error calling the admission webhook or admission policy is ignored.
|
||||
Ignore FailurePolicyType = "Ignore"
|
||||
// Fail means that an error calling the webhook causes the admission to fail.
|
||||
// Fail means that an error calling the admission webhook or admission policy causes resource admission to fail.
|
||||
Fail FailurePolicyType = "Fail"
|
||||
)
|
||||
|
||||
@ -67,9 +67,11 @@ const (
|
||||
type MatchPolicyType string
|
||||
|
||||
const (
|
||||
// Exact means requests should only be sent to the webhook if they exactly match a given rule.
|
||||
// Exact means requests should only be sent to the admission webhook or admission policy if they exactly match a given rule.
|
||||
Exact MatchPolicyType = "Exact"
|
||||
// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
|
||||
// Equivalent means requests should be sent to the admission webhook or admission policy if they modify a resource listed
|
||||
// in rules via an equivalent API group or version. For example, `autoscaling/v1` and `autoscaling/v2`
|
||||
// HorizontalPodAutoscalers are equivalent: the same set of resources appear via both APIs.
|
||||
Equivalent MatchPolicyType = "Equivalent"
|
||||
)
|
||||
|
||||
@ -577,9 +579,9 @@ type MatchResources struct {
|
||||
// Default to the empty LabelSelector, which matches everything.
|
||||
// +optional
|
||||
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,1,opt,name=namespaceSelector"`
|
||||
// ObjectSelector decides whether to run the validation based on if the
|
||||
// ObjectSelector decides whether to run the policy based on if the
|
||||
// object has matching labels. objectSelector is evaluated against both
|
||||
// the oldObject and newObject that would be sent to the cel validation, and
|
||||
// the oldObject and newObject that would be sent to the policy's expression (CEL), and
|
||||
// is considered to match if either object matches the selector. A null
|
||||
// object (oldObject in the case of create, or newObject in the case of
|
||||
// delete) or an object that cannot have labels (like a
|
||||
@ -590,12 +592,12 @@ type MatchResources struct {
|
||||
// Default to the empty LabelSelector, which matches everything.
|
||||
// +optional
|
||||
ObjectSelector *metav1.LabelSelector `json:"objectSelector,omitempty" protobuf:"bytes,2,opt,name=objectSelector"`
|
||||
// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
|
||||
// ResourceRules describes what operations on what resources/subresources the admission policy matches.
|
||||
// The policy cares about an operation if it matches _any_ Rule.
|
||||
// +listType=atomic
|
||||
// +optional
|
||||
ResourceRules []NamedRuleWithOperations `json:"resourceRules,omitempty" protobuf:"bytes,3,rep,name=resourceRules"`
|
||||
// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
|
||||
// ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about.
|
||||
// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
|
||||
// +listType=atomic
|
||||
// +optional
|
||||
@ -606,12 +608,13 @@ type MatchResources struct {
|
||||
// - Exact: match a request only if it exactly matches a specified rule.
|
||||
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
|
||||
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
|
||||
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
|
||||
// the admission policy does not consider requests to apps/v1beta1 or extensions/v1beta1 API groups.
|
||||
//
|
||||
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
|
||||
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
|
||||
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
|
||||
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
|
||||
// the admission policy **does** consider requests made to apps/v1beta1 or extensions/v1beta1
|
||||
// API groups. The API server translates the request to a matched resource API if necessary.
|
||||
//
|
||||
// Defaults to "Equivalent"
|
||||
// +optional
|
||||
|
||||
8
vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
generated
vendored
8
vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
generated
vendored
@ -68,10 +68,10 @@ func (JSONPatch) SwaggerDoc() map[string]string {
|
||||
var map_MatchResources = map[string]string{
|
||||
"": "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
|
||||
"namespaceSelector": "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.",
|
||||
"objectSelector": "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.",
|
||||
"resourceRules": "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.",
|
||||
"excludeResourceRules": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
|
||||
"matchPolicy": "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"",
|
||||
"objectSelector": "ObjectSelector decides whether to run the policy based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the policy's expression (CEL), and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.",
|
||||
"resourceRules": "ResourceRules describes what operations on what resources/subresources the admission policy matches. The policy cares about an operation if it matches _any_ Rule.",
|
||||
"excludeResourceRules": "ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
|
||||
"matchPolicy": "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, the admission policy does not consider requests to apps/v1beta1 or extensions/v1beta1 API groups.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, the admission policy **does** consider requests made to apps/v1beta1 or extensions/v1beta1 API groups. The API server translates the request to a matched resource API if necessary.\n\nDefaults to \"Equivalent\"",
|
||||
}
|
||||
|
||||
func (MatchResources) SwaggerDoc() map[string]string {
|
||||
|
||||
Reference in New Issue
Block a user