rebase: bump k8s.io/kubernetes in the k8s-dependencies group

Bumps the k8s-dependencies group with 1 update: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes). Updates `k8s.io/kubernetes` from 1.32.3 to 1.33.0 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.32.3...v1.33.0) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-version: 1.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Niels de Vos <ndevos@ibm.com>
2025-06-13 10:33:35 +00:00 · 2025-04-28 22:16:28 +00:00
parent 4147d5d15a
commit 51895f8619
699 changed files with 51590 additions and 17096 deletions
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
@ -272,9 +272,9 @@ message MatchResources {
  // +optional
  optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 1;

-  // ObjectSelector decides whether to run the validation based on if the
+  // ObjectSelector decides whether to run the policy based on if the
  // object has matching labels. objectSelector is evaluated against both
-  // the oldObject and newObject that would be sent to the cel validation, and
+  // the oldObject and newObject that would be sent to the policy's expression (CEL), and
  // is considered to match if either object matches the selector. A null
  // object (oldObject in the case of create, or newObject in the case of
  // delete) or an object that cannot have labels (like a
@ -286,13 +286,13 @@ message MatchResources {
  // +optional
  optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector objectSelector = 2;

-  // ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
+  // ResourceRules describes what operations on what resources/subresources the admission policy matches.
  // The policy cares about an operation if it matches _any_ Rule.
  // +listType=atomic
  // +optional
  repeated NamedRuleWithOperations resourceRules = 3;

-  // ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
+  // ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about.
  // The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
  // +listType=atomic
  // +optional
@ -304,12 +304,13 @@ message MatchResources {
  // - Exact: match a request only if it exactly matches a specified rule.
  // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
  // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
-  // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
+  // the admission policy does not consider requests to apps/v1beta1 or extensions/v1beta1 API groups.
  //
  // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
  // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
  // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
-  // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
+  // the admission policy **does** consider requests made to apps/v1beta1 or extensions/v1beta1
+  // API groups. The API server translates the request to a matched resource API if necessary.
  //
  // Defaults to "Equivalent"
  // +optional