rebase: bump k8s.io/kubernetes in the k8s-dependencies group

Bumps the k8s-dependencies group with 1 update: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes). Updates `k8s.io/kubernetes` from 1.32.3 to 1.33.0 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.32.3...v1.33.0) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-version: 1.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Niels de Vos <ndevos@ibm.com>
2025-06-14 10:53:34 +00:00 · 2025-04-28 22:16:28 +00:00
parent 4147d5d15a
commit 51895f8619
699 changed files with 51590 additions and 17096 deletions
--- a/vendor/k8s.io/api/certificates/v1beta1/generated.proto
+++ b/vendor/k8s.io/api/certificates/v1beta1/generated.proto
@ -190,6 +190,79 @@ message CertificateSigningRequestStatus {
  optional bytes certificate = 2;
 }

+// ClusterTrustBundle is a cluster-scoped container for X.509 trust anchors
+// (root certificates).
+//
+// ClusterTrustBundle objects are considered to be readable by any authenticated
+// user in the cluster, because they can be mounted by pods using the
+// `clusterTrustBundle` projection.  All service accounts have read access to
+// ClusterTrustBundles by default.  Users who only have namespace-level access
+// to a cluster can read ClusterTrustBundles by impersonating a serviceaccount
+// that they have access to.
+//
+// It can be optionally associated with a particular assigner, in which case it
+// contains one valid set of trust anchors for that signer. Signers may have
+// multiple associated ClusterTrustBundles; each is an independent set of trust
+// anchors for that signer. Admission control is used to enforce that only users
+// with permissions on the signer can create or modify the corresponding bundle.
+message ClusterTrustBundle {
+  // metadata contains the object metadata.
+  // +optional
+  optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // spec contains the signer (if any) and trust anchors.
+  optional ClusterTrustBundleSpec spec = 2;
+}
+
+// ClusterTrustBundleList is a collection of ClusterTrustBundle objects
+message ClusterTrustBundleList {
+  // metadata contains the list metadata.
+  //
+  // +optional
+  optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
+
+  // items is a collection of ClusterTrustBundle objects
+  repeated ClusterTrustBundle items = 2;
+}
+
+// ClusterTrustBundleSpec contains the signer and trust anchors.
+message ClusterTrustBundleSpec {
+  // signerName indicates the associated signer, if any.
+  //
+  // In order to create or update a ClusterTrustBundle that sets signerName,
+  // you must have the following cluster-scoped permission:
+  // group=certificates.k8s.io resource=signers resourceName=<the signer name>
+  // verb=attest.
+  //
+  // If signerName is not empty, then the ClusterTrustBundle object must be
+  // named with the signer name as a prefix (translating slashes to colons).
+  // For example, for the signer name `example.com/foo`, valid
+  // ClusterTrustBundle object names include `example.com:foo:abc` and
+  // `example.com:foo:v1`.
+  //
+  // If signerName is empty, then the ClusterTrustBundle object's name must
+  // not have such a prefix.
+  //
+  // List/watch requests for ClusterTrustBundles can filter on this field
+  // using a `spec.signerName=NAME` field selector.
+  //
+  // +optional
+  optional string signerName = 1;
+
+  // trustBundle contains the individual X.509 trust anchors for this
+  // bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.
+  //
+  // The data must consist only of PEM certificate blocks that parse as valid
+  // X.509 certificates.  Each certificate must include a basic constraints
+  // extension with the CA bit set.  The API server will reject objects that
+  // contain duplicate certificates, or that use PEM block headers.
+  //
+  // Users of ClusterTrustBundles, including Kubelet, are free to reorder and
+  // deduplicate certificate blocks in this file according to their own logic,
+  // as well as to drop PEM block headers and inter-block data.
+  optional string trustBundle = 2;
+}
+
 // ExtraValue masks the value so protobuf can generate
 // +protobuf.nullable=true
 // +protobuf.options.(gogoproto.goproto_stringer)=false