rebase: update kubernetes to v1.23.0

updating go dependency to latest kubernetes released version i.e v1.23.0 Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2025-06-13 10:33:35 +00:00 · 2021-12-08 19:20:47 +05:30
parent 42403e2ba7
commit 5762da3e91
789 changed files with 49781 additions and 11501 deletions
--- a/vendor/k8s.io/apiserver/pkg/admission/audit.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/audit.go
@ -19,6 +19,7 @@ package admission
 import (
 	"context"
 	"fmt"
+	"sync"

 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	"k8s.io/apiserver/pkg/audit"
@ -27,7 +28,10 @@ import (
 // auditHandler logs annotations set by other admission handlers
 type auditHandler struct {
 	Interface
-	ae *auditinternal.Event
+	// TODO: move the lock near the Annotations field of the audit event so it is always protected from concurrent access.
+	// to protect the 'Annotations' map of the audit event from concurrent writes
+	mutex sync.Mutex
+	ae    *auditinternal.Event
 }

 var _ Interface = &auditHandler{}
@ -42,10 +46,10 @@ func WithAudit(i Interface, ae *auditinternal.Event) Interface {
 	if i == nil {
 		return i
 	}
-	return &auditHandler{i, ae}
+	return &auditHandler{Interface: i, ae: ae}
 }

-func (handler auditHandler) Admit(ctx context.Context, a Attributes, o ObjectInterfaces) error {
+func (handler *auditHandler) Admit(ctx context.Context, a Attributes, o ObjectInterfaces) error {
 	if !handler.Interface.Handles(a.GetOperation()) {
 		return nil
 	}
@ -60,7 +64,7 @@ func (handler auditHandler) Admit(ctx context.Context, a Attributes, o ObjectInt
 	return err
 }

-func (handler auditHandler) Validate(ctx context.Context, a Attributes, o ObjectInterfaces) error {
+func (handler *auditHandler) Validate(ctx context.Context, a Attributes, o ObjectInterfaces) error {
 	if !handler.Interface.Handles(a.GetOperation()) {
 		return nil
 	}
@ -84,10 +88,13 @@ func ensureAnnotationGetter(a Attributes) error {
 	return fmt.Errorf("attributes must be an instance of privateAnnotationsGetter or AnnotationsGetter")
 }

-func (handler auditHandler) logAnnotations(a Attributes) {
+func (handler *auditHandler) logAnnotations(a Attributes) {
 	if handler.ae == nil {
 		return
 	}
+	handler.mutex.Lock()
+	defer handler.mutex.Unlock()
+
 	switch a := a.(type) {
 	case privateAnnotationsGetter:
 		for key, value := range a.getAnnotations(handler.ae.Level) {
--- a/vendor/k8s.io/apiserver/pkg/admission/metrics/metrics.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/metrics/metrics.go
@ -18,7 +18,6 @@ package metrics

 import (
 	"context"
-	"fmt"
 	"strconv"
 	"time"

@ -45,8 +44,6 @@ const (
 )

 var (
-	// Use buckets ranging from 5 ms to 2.5 seconds (admission webhooks timeout at 30 seconds by default).
-	latencyBuckets       = []float64{0.005, 0.025, 0.1, 0.5, 2.5}
 	latencySummaryMaxAge = 5 * time.Hour

 	// Metrics provides access to all admission metrics.
@ -119,25 +116,75 @@ type AdmissionMetrics struct {
 	controller       *metricSet
 	webhook          *metricSet
 	webhookRejection *metrics.CounterVec
+	webhookRequest   *metrics.CounterVec
 }

 // newAdmissionMetrics create a new AdmissionMetrics, configured with default metric names.
 func newAdmissionMetrics() *AdmissionMetrics {
 	// Admission metrics for a step of the admission flow. The entire admission flow is broken down into a series of steps
 	// Each step is identified by a distinct type label value.
-	step := newMetricSet("step",
-		[]string{"type", "operation", "rejected"},
-		"Admission sub-step %s, broken out for each operation and API resource and step type (validate or admit).", true)
+	// Use buckets ranging from 5 ms to 2.5 seconds.
+	step := &metricSet{
+		latencies: metrics.NewHistogramVec(
+			&metrics.HistogramOpts{
+				Namespace:      namespace,
+				Subsystem:      subsystem,
+				Name:           "step_admission_duration_seconds",
+				Help:           "Admission sub-step latency histogram in seconds, broken out for each operation and API resource and step type (validate or admit).",
+				Buckets:        []float64{0.005, 0.025, 0.1, 0.5, 1.0, 2.5},
+				StabilityLevel: metrics.STABLE,
+			},
+			[]string{"type", "operation", "rejected"},
+		),
+
+		latenciesSummary: metrics.NewSummaryVec(
+			&metrics.SummaryOpts{
+				Namespace:      namespace,
+				Subsystem:      subsystem,
+				Name:           "step_admission_duration_seconds_summary",
+				Help:           "Admission sub-step latency summary in seconds, broken out for each operation and API resource and step type (validate or admit).",
+				MaxAge:         latencySummaryMaxAge,
+				StabilityLevel: metrics.ALPHA,
+			},
+			[]string{"type", "operation", "rejected"},
+		),
+	}

 	// Built-in admission controller metrics. Each admission controller is identified by name.
-	controller := newMetricSet("controller",
-		[]string{"name", "type", "operation", "rejected"},
-		"Admission controller %s, identified by name and broken out for each operation and API resource and type (validate or admit).", false)
+	// Use buckets ranging from 5 ms to 2.5 seconds.
+	controller := &metricSet{
+		latencies: metrics.NewHistogramVec(
+			&metrics.HistogramOpts{
+				Namespace:      namespace,
+				Subsystem:      subsystem,
+				Name:           "controller_admission_duration_seconds",
+				Help:           "Admission controller latency histogram in seconds, identified by name and broken out for each operation and API resource and type (validate or admit).",
+				Buckets:        []float64{0.005, 0.025, 0.1, 0.5, 1.0, 2.5},
+				StabilityLevel: metrics.STABLE,
+			},
+			[]string{"name", "type", "operation", "rejected"},
+		),
+
+		latenciesSummary: nil,
+	}

 	// Admission webhook metrics. Each webhook is identified by name.
-	webhook := newMetricSet("webhook",
-		[]string{"name", "type", "operation", "rejected"},
-		"Admission webhook %s, identified by name and broken out for each operation and API resource and type (validate or admit).", false)
+	// Use buckets ranging from 5 ms to 2.5 seconds (admission webhooks timeout at 30 seconds by default).
+	webhook := &metricSet{
+		latencies: metrics.NewHistogramVec(
+			&metrics.HistogramOpts{
+				Namespace:      namespace,
+				Subsystem:      subsystem,
+				Name:           "webhook_admission_duration_seconds",
+				Help:           "Admission webhook latency histogram in seconds, identified by name and broken out for each operation and API resource and type (validate or admit).",
+				Buckets:        []float64{0.005, 0.025, 0.1, 0.5, 1.0, 2.5},
+				StabilityLevel: metrics.STABLE,
+			},
+			[]string{"name", "type", "operation", "rejected"},
+		),
+
+		latenciesSummary: nil,
+	}

 	webhookRejection := metrics.NewCounterVec(
 		&metrics.CounterOpts{
@ -149,11 +196,22 @@ func newAdmissionMetrics() *AdmissionMetrics {
 		},
 		[]string{"name", "type", "operation", "error_type", "rejection_code"})

+	webhookRequest := metrics.NewCounterVec(
+		&metrics.CounterOpts{
+			Namespace:      namespace,
+			Subsystem:      subsystem,
+			Name:           "webhook_request_total",
+			Help:           "Admission webhook request total, identified by name and broken out for each admission type (validating or mutating) and operation. Additional labels specify whether the request was rejected or not and an HTTP status code. Codes greater than 600 are truncated to 600, to keep the metrics cardinality bounded.",
+			StabilityLevel: metrics.ALPHA,
+		},
+		[]string{"name", "type", "operation", "code", "rejected"})
+
 	step.mustRegister()
 	controller.mustRegister()
 	webhook.mustRegister()
 	legacyregistry.MustRegister(webhookRejection)
-	return &AdmissionMetrics{step: step, controller: controller, webhook: webhook, webhookRejection: webhookRejection}
+	legacyregistry.MustRegister(webhookRequest)
+	return &AdmissionMetrics{step: step, controller: controller, webhook: webhook, webhookRejection: webhookRejection, webhookRequest: webhookRequest}
 }

 func (m *AdmissionMetrics) reset() {
@ -173,8 +231,13 @@ func (m *AdmissionMetrics) ObserveAdmissionController(ctx context.Context, elaps
 }

 // ObserveWebhook records admission related metrics for a admission webhook.
-func (m *AdmissionMetrics) ObserveWebhook(ctx context.Context, elapsed time.Duration, rejected bool, attr admission.Attributes, stepType string, extraLabels ...string) {
-	m.webhook.observe(ctx, elapsed, append(extraLabels, stepType, string(attr.GetOperation()), strconv.FormatBool(rejected))...)
+func (m *AdmissionMetrics) ObserveWebhook(ctx context.Context, name string, elapsed time.Duration, rejected bool, attr admission.Attributes, stepType string, code int) {
+	// We truncate codes greater than 600 to keep the cardinality bounded.
+	if code > 600 {
+		code = 600
+	}
+	m.webhookRequest.WithContext(ctx).WithLabelValues(name, stepType, string(attr.GetOperation()), strconv.Itoa(code), strconv.FormatBool(rejected)).Inc()
+	m.webhook.observe(ctx, elapsed, name, stepType, string(attr.GetOperation()), strconv.FormatBool(rejected))
 }

 // ObserveWebhookRejection records admission related metrics for an admission webhook rejection.
@ -192,39 +255,6 @@ type metricSet struct {
 	latenciesSummary *metrics.SummaryVec
 }

-func newMetricSet(name string, labels []string, helpTemplate string, hasSummary bool) *metricSet {
-	var summary *metrics.SummaryVec
-	if hasSummary {
-		summary = metrics.NewSummaryVec(
-			&metrics.SummaryOpts{
-				Namespace:      namespace,
-				Subsystem:      subsystem,
-				Name:           fmt.Sprintf("%s_admission_duration_seconds_summary", name),
-				Help:           fmt.Sprintf(helpTemplate, "latency summary in seconds"),
-				MaxAge:         latencySummaryMaxAge,
-				StabilityLevel: metrics.ALPHA,
-			},
-			labels,
-		)
-	}
-
-	return &metricSet{
-		latencies: metrics.NewHistogramVec(
-			&metrics.HistogramOpts{
-				Namespace:      namespace,
-				Subsystem:      subsystem,
-				Name:           fmt.Sprintf("%s_admission_duration_seconds", name),
-				Help:           fmt.Sprintf(helpTemplate, "latency histogram in seconds"),
-				Buckets:        latencyBuckets,
-				StabilityLevel: metrics.ALPHA,
-			},
-			labels,
-		),
-
-		latenciesSummary: summary,
-	}
-}
-
 // MustRegister registers all the prometheus metrics in the metricSet.
 func (m *metricSet) mustRegister() {
 	legacyregistry.MustRegister(m.latencies)
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
@ -34,6 +34,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer/json"
+	utiljson "k8s.io/apimachinery/pkg/util/json"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apiserver/pkg/admission"
 	admissionmetrics "k8s.io/apiserver/pkg/admission/metrics"
@ -42,6 +43,7 @@ import (
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/generic"
 	webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
+	endpointsrequest "k8s.io/apiserver/pkg/endpoints/request"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
 	"k8s.io/apiserver/pkg/warning"
 	utiltrace "k8s.io/utils/trace"
@ -61,8 +63,6 @@ const (
 	MutationAuditAnnotationFailedOpenKeyPrefix string = "failed-open." + MutationAuditAnnotationPrefix
 )

-var encodingjson = json.CaseSensitiveJSONIterator()
-
 type mutatingDispatcher struct {
 	cm     *webhookutil.ClientManager
 	plugin *Plugin
@ -148,17 +148,21 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
 			case *webhookutil.ErrCallingWebhook:
 				if !ignoreClientCallFailures {
 					rejected = true
-					admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionCallingWebhookError, 0)
+					admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionCallingWebhookError, int(err.Status.ErrStatus.Code))
 				}
+				admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", int(err.Status.ErrStatus.Code))
 			case *webhookutil.ErrWebhookRejection:
 				rejected = true
 				admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionNoError, int(err.Status.ErrStatus.Code))
+				admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", int(err.Status.ErrStatus.Code))
 			default:
 				rejected = true
 				admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionAPIServerInternalError, 0)
+				admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", 0)
 			}
+		} else {
+			admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", 200)
 		}
-		admissionmetrics.Metrics.ObserveWebhook(ctx, time.Since(t), rejected, versionedAttr.Attributes, "admit", hook.Name)
 		if changed {
 			// Patch had changed the object. Prepare to reinvoke all previous webhooks that are eligible for re-invocation.
 			webhookReinvokeCtx.RequireReinvokingPreviouslyInvokedPlugins()
@ -213,7 +217,7 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss
 	defer func() { annotator.addMutationAnnotation(changed) }()
 	if attr.Attributes.IsDryRun() {
 		if h.SideEffects == nil {
-			return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Webhook SideEffects is nil")}
+			return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Webhook SideEffects is nil"), Status: apierrors.NewBadRequest("Webhook SideEffects is nil")}
 		}
 		if !(*h.SideEffects == admissionregistrationv1.SideEffectClassNone || *h.SideEffects == admissionregistrationv1.SideEffectClassNoneOnDryRun) {
 			return false, webhookerrors.NewDryRunUnsupportedErr(h.Name)
@ -222,12 +226,12 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss

 	uid, request, response, err := webhookrequest.CreateAdmissionObjects(attr, invocation)
 	if err != nil {
-		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not create admission objects: %w", err)}
+		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not create admission objects: %w", err), Status: apierrors.NewBadRequest("error creating admission objects")}
 	}
 	// Make the webhook request
 	client, err := invocation.Webhook.GetRESTClient(a.cm)
 	if err != nil {
-		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not get REST client: %w", err)}
+		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not get REST client: %w", err), Status: apierrors.NewBadRequest("error getting REST client")}
 	}
 	trace := utiltrace.New("Call mutating webhook",
 		utiltrace.Field{"configuration", configurationName},
@ -260,14 +264,26 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss
 		}
 	}

-	if err := r.Do(ctx).Into(response); err != nil {
-		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("failed to call webhook: %w", err)}
+	do := func() { err = r.Do(ctx).Into(response) }
+	if wd, ok := endpointsrequest.WebhookDurationFrom(ctx); ok {
+		tmp := do
+		do = func() { wd.AdmitTracker.Track(tmp) }
+	}
+	do()
+	if err != nil {
+		var status *apierrors.StatusError
+		if se, ok := err.(*apierrors.StatusError); ok {
+			status = se
+		} else {
+			status = apierrors.NewBadRequest("error calling webhook")
+		}
+		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("failed to call webhook: %w", err), Status: status}
 	}
 	trace.Step("Request completed")

 	result, err := webhookrequest.VerifyAdmissionResponse(uid, true, response)
 	if err != nil {
-		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("received invalid webhook response: %w", err)}
+		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("received invalid webhook response: %w", err), Status: apierrors.NewServiceUnavailable("error validating webhook response")}
 	}

 	for k, v := range result.AuditAnnotations {
@ -315,7 +331,7 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss
 			return false, apierrors.NewInternalError(err)
 		}
 	default:
-		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("unsupported patch type %q", result.PatchType)}
+		return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("unsupported patch type %q", result.PatchType), Status: webhookerrors.ToStatusErr(h.Name, result.Result)}
 	}

 	var newVersionedObject runtime.Object
@ -434,7 +450,7 @@ func mutationAnnotationValue(configuration, webhook string, mutated bool) (strin
 		Webhook:       webhook,
 		Mutated:       mutated,
 	}
-	bytes, err := encodingjson.Marshal(m)
+	bytes, err := utiljson.Marshal(m)
 	return string(bytes), err
 }

@ -445,6 +461,6 @@ func jsonPatchAnnotationValue(configuration, webhook string, patch interface{})
 		Patch:         patch,
 		PatchType:     string(admissionv1.PatchTypeJSONPatch),
 	}
-	bytes, err := encodingjson.Marshal(p)
+	bytes, err := utiljson.Marshal(p)
 	return string(bytes), err
 }
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/types.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/types.go
@ -62,8 +62,7 @@ type EgressSelectorConfiguration struct {
 // EgressSelection provides the configuration for a single egress selection client.
 type EgressSelection struct {
 	// Name is the name of the egress selection.
-	// Currently supported values are "controlplane", "master", "etcd" and "cluster"
-	// The "master" egress selector is deprecated in favor of "controlplane"
+	// Currently supported values are "controlplane", "etcd" and "cluster"
 	Name string

 	// Connection is the exact information used to configure the egress selection
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/conversion.go
@ -0,0 +1,32 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	apiserver "k8s.io/apiserver/pkg/apis/apiserver"
+)
+
+func Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error {
+	if err := autoConvert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in, out, s); err != nil {
+		return err
+	}
+	if out.Name == "master" {
+		out.Name = "controlplane"
+	}
+	return nil
+}
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -65,11 +66,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*EgressSelection)(nil), (*apiserver.EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(a.(*EgressSelection), b.(*apiserver.EgressSelection), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*apiserver.EgressSelection)(nil), (*EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(a.(*apiserver.EgressSelection), b.(*EgressSelection), scope)
 	}); err != nil {
@ -135,6 +131,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*EgressSelection)(nil), (*apiserver.EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(a.(*EgressSelection), b.(*apiserver.EgressSelection), scope)
+	}); err != nil {
+		return err
+	}
 	return nil
 }

@ -212,11 +213,6 @@ func autoConvert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in *Egres
 	return nil
 }

-// Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection is an autogenerated conversion function.
-func Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error {
-	return autoConvert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in, out, s)
-}
-
 func autoConvert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error {
 	out.Name = in.Name
 	if err := Convert_apiserver_Connection_To_v1alpha1_Connection(&in.Connection, &out.Connection, s); err != nil {
@ -231,7 +227,17 @@ func Convert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(in *apiserver
 }

 func autoConvert_v1alpha1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, s conversion.Scope) error {
-	out.EgressSelections = *(*[]apiserver.EgressSelection)(unsafe.Pointer(&in.EgressSelections))
+	if in.EgressSelections != nil {
+		in, out := &in.EgressSelections, &out.EgressSelections
+		*out = make([]apiserver.EgressSelection, len(*in))
+		for i := range *in {
+			if err := Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.EgressSelections = nil
+	}
 	return nil
 }

@ -241,7 +247,17 @@ func Convert_v1alpha1_EgressSelectorConfiguration_To_apiserver_EgressSelectorCon
 }

 func autoConvert_apiserver_EgressSelectorConfiguration_To_v1alpha1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, s conversion.Scope) error {
-	out.EgressSelections = *(*[]EgressSelection)(unsafe.Pointer(&in.EgressSelections))
+	if in.EgressSelections != nil {
+		in, out := &in.EgressSelections, &out.EgressSelections
+		*out = make([]EgressSelection, len(*in))
+		for i := range *in {
+			if err := Convert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.EgressSelections = nil
+	}
 	return nil
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/conversion.go
@ -0,0 +1,32 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	apiserver "k8s.io/apiserver/pkg/apis/apiserver"
+)
+
+func Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error {
+	if err := autoConvert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in, out, s); err != nil {
+		return err
+	}
+	if out.Name == "master" {
+		out.Name = "controlplane"
+	}
+	return nil
+}
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -45,11 +46,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*EgressSelection)(nil), (*apiserver.EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(a.(*EgressSelection), b.(*apiserver.EgressSelection), scope)
-	}); err != nil {
-		return err
-	}
 	if err := s.AddGeneratedConversionFunc((*apiserver.EgressSelection)(nil), (*EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(a.(*apiserver.EgressSelection), b.(*EgressSelection), scope)
 	}); err != nil {
@ -105,6 +101,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*EgressSelection)(nil), (*apiserver.EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(a.(*EgressSelection), b.(*apiserver.EgressSelection), scope)
+	}); err != nil {
+		return err
+	}
 	return nil
 }

@ -138,11 +139,6 @@ func autoConvert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in *Egress
 	return nil
 }

-// Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection is an autogenerated conversion function.
-func Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error {
-	return autoConvert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in, out, s)
-}
-
 func autoConvert_apiserver_EgressSelection_To_v1beta1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error {
 	out.Name = in.Name
 	if err := Convert_apiserver_Connection_To_v1beta1_Connection(&in.Connection, &out.Connection, s); err != nil {
@ -157,7 +153,17 @@ func Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(in *apiserver.
 }

 func autoConvert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, s conversion.Scope) error {
-	out.EgressSelections = *(*[]apiserver.EgressSelection)(unsafe.Pointer(&in.EgressSelections))
+	if in.EgressSelections != nil {
+		in, out := &in.EgressSelections, &out.EgressSelections
+		*out = make([]apiserver.EgressSelection, len(*in))
+		for i := range *in {
+			if err := Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.EgressSelections = nil
+	}
 	return nil
 }

@ -167,7 +173,17 @@ func Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConf
 }

 func autoConvert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, s conversion.Scope) error {
-	out.EgressSelections = *(*[]EgressSelection)(unsafe.Pointer(&in.EgressSelections))
+	if in.EgressSelections != nil {
+		in, out := &in.EgressSelections, &out.EgressSelections
+		*out = make([]EgressSelection, len(*in))
+		for i := range *in {
+			if err := Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		out.EgressSelections = nil
+	}
 	return nil
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/types.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/types.go
@ -172,6 +172,15 @@ type Policy struct {
 	// be specified per rule in which case the union of both are omitted.
 	// +optional
 	OmitStages []Stage
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// This is used as a global default - a value of 'true' will omit the managed fileds,
+	// otherwise the managed fields will be included in the API audit log.
+	// Note that this can also be specified per rule in which case the value specified
+	// in a rule will override the global default.
+	// +optional
+	OmitManagedFields bool
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -232,6 +241,17 @@ type PolicyRule struct {
 	// An empty list means no restrictions will apply.
 	// +optional
 	OmitStages []Stage
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// - a value of 'true' will drop the managed fields from the API audit log
+	// - a value of 'false' indicates that the managed fileds should be included
+	//   in the API audit log
+	// Note that the value, if specified, in this rule will override the global default
+	// If a value is not specified then the global default specified in
+	// Policy.OmitManagedFields will stand.
+	// +optional
+	OmitManagedFields *bool
 }

 // GroupResources represents resource kinds in an API group.
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go
@ -261,85 +261,88 @@ func init() {
 }

 var fileDescriptor_4982ac40a460d730 = []byte{
-	// 1243 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcd, 0x8e, 0x1b, 0x45,
-	0x10, 0xde, 0x59, 0xaf, 0xb3, 0x76, 0x3b, 0xeb, 0x75, 0x3a, 0x11, 0x19, 0xed, 0xc1, 0x36, 0x46,
-	0x42, 0x06, 0x96, 0x99, 0xec, 0x12, 0x48, 0x14, 0x09, 0x24, 0x5b, 0x89, 0xc0, 0x22, 0xd9, 0xac,
-	0xda, 0x38, 0x07, 0xc4, 0x21, 0xe3, 0x71, 0xc5, 0x1e, 0x6c, 0xcf, 0x4c, 0xba, 0x7b, 0x8c, 0xf6,
-	0xc6, 0x0b, 0x20, 0x71, 0xe7, 0x2d, 0xb8, 0x45, 0xbc, 0x40, 0x8e, 0x39, 0xe6, 0x64, 0x11, 0xc3,
-	0x43, 0xa0, 0x9c, 0x50, 0xff, 0xcc, 0x8f, 0xbd, 0x6b, 0xc5, 0xcb, 0x81, 0xdb, 0x74, 0xd5, 0xf7,
-	0x7d, 0x55, 0x5d, 0xd3, 0x55, 0xdd, 0xe8, 0xdb, 0xf1, 0x5d, 0x66, 0x79, 0x81, 0x3d, 0x8e, 0xfa,
-	0x40, 0x7d, 0xe0, 0xc0, 0xec, 0x19, 0xf8, 0x83, 0x80, 0xda, 0xda, 0xe1, 0x84, 0x1e, 0x03, 0x3a,
-	0x03, 0x6a, 0x87, 0xe3, 0xa1, 0x5c, 0xd9, 0x4e, 0x34, 0xf0, 0xb8, 0x3d, 0x3b, 0xb2, 0x87, 0xe0,
-	0x03, 0x75, 0x38, 0x0c, 0xac, 0x90, 0x06, 0x3c, 0xc0, 0x0d, 0xc5, 0xb1, 0x12, 0x8e, 0x15, 0x8e,
-	0x87, 0x72, 0x65, 0x49, 0x8e, 0x35, 0x3b, 0x3a, 0xf8, 0x74, 0xe8, 0xf1, 0x51, 0xd4, 0xb7, 0xdc,
-	0x60, 0x6a, 0x0f, 0x83, 0x61, 0x60, 0x4b, 0x6a, 0x3f, 0x7a, 0x26, 0x57, 0x72, 0x21, 0xbf, 0x94,
-	0xe4, 0xc1, 0x61, 0x9a, 0x86, 0xed, 0x44, 0x7c, 0x04, 0x3e, 0xf7, 0x5c, 0x87, 0x7b, 0x81, 0x7f,
-	0x41, 0x02, 0x07, 0xb7, 0x53, 0xf4, 0xd4, 0x71, 0x47, 0x9e, 0x0f, 0xf4, 0x2c, 0xcd, 0x7b, 0x0a,
-	0xdc, 0xb9, 0x88, 0x65, 0xaf, 0x63, 0xd1, 0xc8, 0xe7, 0xde, 0x14, 0xce, 0x11, 0xbe, 0x78, 0x17,
-	0x81, 0xb9, 0x23, 0x98, 0x3a, 0xab, 0xbc, 0xc6, 0xdf, 0x08, 0xe5, 0x1f, 0xcc, 0xc0, 0xe7, 0xf8,
-	0x10, 0xe5, 0x27, 0x30, 0x83, 0x89, 0x69, 0xd4, 0x8d, 0x66, 0xb1, 0xfd, 0xde, 0xcb, 0x79, 0x6d,
-	0x6b, 0x31, 0xaf, 0xe5, 0x1f, 0x0a, 0xe3, 0xdb, 0xf8, 0x83, 0x28, 0x10, 0x3e, 0x41, 0xbb, 0xb2,
-	0x7e, 0x9d, 0xfb, 0xe6, 0xb6, 0xc4, 0xdf, 0xd6, 0xf8, 0xdd, 0x96, 0x32, 0xbf, 0x9d, 0xd7, 0xde,
-	0x5f, 0x97, 0x13, 0x3f, 0x0b, 0x81, 0x59, 0xbd, 0xce, 0x7d, 0x12, 0x8b, 0x88, 0xe8, 0x8c, 0x3b,
-	0x43, 0x30, 0x73, 0xcb, 0xd1, 0xbb, 0xc2, 0xf8, 0x36, 0xfe, 0x20, 0x0a, 0x84, 0x8f, 0x11, 0xa2,
-	0xf0, 0x3c, 0x02, 0xc6, 0x7b, 0xa4, 0x63, 0xee, 0x48, 0x0a, 0xd6, 0x14, 0x44, 0x12, 0x0f, 0xc9,
-	0xa0, 0x70, 0x1d, 0xed, 0xcc, 0x80, 0xf6, 0xcd, 0xbc, 0x44, 0x5f, 0xd5, 0xe8, 0x9d, 0x27, 0x40,
-	0xfb, 0x44, 0x7a, 0xf0, 0x37, 0x68, 0x27, 0x62, 0x40, 0xcd, 0x2b, 0x75, 0xa3, 0x59, 0x3a, 0xfe,
-	0xd0, 0x4a, 0x8f, 0x8e, 0xb5, 0xfc, 0x9f, 0xad, 0xd9, 0x91, 0xd5, 0x63, 0x40, 0x3b, 0xfe, 0xb3,
-	0x20, 0x55, 0x12, 0x16, 0x22, 0x15, 0xf0, 0x08, 0x55, 0xbc, 0x69, 0x08, 0x94, 0x05, 0xbe, 0xa8,
-	0xb5, 0xf0, 0x98, 0xbb, 0x97, 0x52, 0xbd, 0xb1, 0x98, 0xd7, 0x2a, 0x9d, 0x15, 0x0d, 0x72, 0x4e,
-	0x15, 0x7f, 0x82, 0x8a, 0x2c, 0x88, 0xa8, 0x0b, 0x9d, 0x53, 0x66, 0x16, 0xea, 0xb9, 0x66, 0xb1,
-	0xbd, 0xb7, 0x98, 0xd7, 0x8a, 0xdd, 0xd8, 0x48, 0x52, 0x3f, 0xb6, 0x51, 0x51, 0xa4, 0xd7, 0x1a,
-	0x82, 0xcf, 0xcd, 0x8a, 0xac, 0xc3, 0x35, 0x9d, 0x7d, 0xb1, 0x17, 0x3b, 0x48, 0x8a, 0xc1, 0x4f,
-	0x51, 0x31, 0xe8, 0xff, 0x08, 0x2e, 0x27, 0xf0, 0xcc, 0x2c, 0xca, 0x0d, 0x7c, 0x66, 0xbd, 0xbb,
-	0xa3, 0xac, 0xc7, 0x31, 0x09, 0x28, 0xf8, 0x2e, 0xa8, 0x94, 0x12, 0x23, 0x49, 0x45, 0xf1, 0x08,
-	0x95, 0x29, 0xb0, 0x30, 0xf0, 0x19, 0x74, 0xb9, 0xc3, 0x23, 0x66, 0x22, 0x19, 0xe6, 0x30, 0x13,
-	0x26, 0x39, 0x3c, 0x69, 0x24, 0xd1, 0x37, 0x22, 0x90, 0xe2, 0xb4, 0xf1, 0x62, 0x5e, 0x2b, 0x93,
-	0x25, 0x1d, 0xb2, 0xa2, 0x8b, 0x1d, 0xb4, 0xa7, 0x4f, 0x83, 0x4a, 0xc4, 0x2c, 0xc9, 0x40, 0xcd,
-	0xb5, 0x81, 0x74, 0xe7, 0x58, 0x3d, 0x7f, 0xec, 0x07, 0x3f, 0xf9, 0xed, 0x6b, 0x8b, 0x79, 0x6d,
-	0x8f, 0x64, 0x25, 0xc8, 0xb2, 0x22, 0x1e, 0xa4, 0x9b, 0xd1, 0x31, 0xae, 0x5e, 0x32, 0xc6, 0xd2,
-	0x46, 0x74, 0x90, 0x15, 0x4d, 0xfc, 0x8b, 0x81, 0x4c, 0x1d, 0x97, 0x80, 0x0b, 0xde, 0x0c, 0x06,
-	0xdf, 0x79, 0x53, 0x60, 0xdc, 0x99, 0x86, 0xe6, 0x9e, 0x0c, 0x68, 0x6f, 0x56, 0xbd, 0x47, 0x9e,
-	0x4b, 0x03, 0xc1, 0x6d, 0xd7, 0xf5, 0x31, 0x30, 0xc9, 0x1a, 0x61, 0xb2, 0x36, 0x24, 0x0e, 0x50,
-	0x59, 0x76, 0x65, 0x9a, 0x44, 0xf9, 0xbf, 0x25, 0x11, 0x37, 0x7d, 0xb9, 0xbb, 0x24, 0x47, 0x56,
-	0xe4, 0xf1, 0x73, 0x54, 0x72, 0x7c, 0x3f, 0xe0, 0xb2, 0x6b, 0x98, 0xb9, 0x5f, 0xcf, 0x35, 0x4b,
-	0xc7, 0xf7, 0x36, 0x39, 0x97, 0x72, 0xd2, 0x59, 0xad, 0x94, 0xfc, 0xc0, 0xe7, 0xf4, 0xac, 0x7d,
-	0x5d, 0x07, 0x2e, 0x65, 0x3c, 0x24, 0x1b, 0xe3, 0xe0, 0x2b, 0x54, 0x59, 0x65, 0xe1, 0x0a, 0xca,
-	0x8d, 0xe1, 0x4c, 0x8d, 0x4b, 0x22, 0x3e, 0xf1, 0x0d, 0x94, 0x9f, 0x39, 0x93, 0x08, 0xd4, 0x48,
-	0x24, 0x6a, 0x71, 0x6f, 0xfb, 0xae, 0xd1, 0x78, 0x61, 0xa0, 0xa2, 0x0c, 0xfe, 0xd0, 0x63, 0x1c,
-	0xff, 0x80, 0x0a, 0x62, 0xf7, 0x03, 0x87, 0x3b, 0x92, 0x5e, 0x3a, 0xb6, 0x36, 0xab, 0x95, 0x60,
-	0x3f, 0x02, 0xee, 0xb4, 0x2b, 0x3a, 0xe3, 0x42, 0x6c, 0x21, 0x89, 0x22, 0x3e, 0x41, 0x79, 0x8f,
-	0xc3, 0x94, 0x99, 0xdb, 0xb2, 0x30, 0x1f, 0x6d, 0x5c, 0x98, 0xf6, 0x5e, 0x3c, 0x75, 0x3b, 0x82,
-	0x4f, 0x94, 0x4c, 0xe3, 0x37, 0x03, 0x95, 0xbf, 0xa6, 0x41, 0x14, 0x12, 0x50, 0xa3, 0x84, 0xe1,
-	0x0f, 0x50, 0x7e, 0x28, 0x2c, 0xfa, 0xae, 0x48, 0x78, 0x0a, 0xa6, 0x7c, 0x62, 0x34, 0xd1, 0x98,
-	0x21, 0x73, 0xd1, 0xa3, 0x29, 0x91, 0x21, 0xa9, 0x1f, 0xdf, 0x11, 0xdd, 0xa9, 0x16, 0x27, 0xce,
-	0x14, 0x98, 0x99, 0x93, 0x04, 0xdd, 0x73, 0x19, 0x07, 0x59, 0xc6, 0x35, 0x7e, 0xcf, 0xa1, 0xfd,
-	0x95, 0x71, 0x83, 0x0f, 0x51, 0x21, 0x06, 0xe9, 0x0c, 0x93, 0x7a, 0xc5, 0x5a, 0x24, 0x41, 0x88,
-	0xa9, 0xe8, 0x0b, 0xa9, 0xd0, 0x71, 0xf5, 0x9f, 0x4b, 0xa7, 0xe2, 0x49, 0xec, 0x20, 0x29, 0x46,
-	0xdc, 0x24, 0x62, 0xa1, 0xaf, 0xaa, 0x64, 0xfe, 0x0b, 0x2c, 0x91, 0x1e, 0xdc, 0x46, 0xb9, 0xc8,
-	0x1b, 0xe8, 0x8b, 0xe9, 0x96, 0x06, 0xe4, 0x7a, 0x9b, 0xde, 0x8a, 0x82, 0x2c, 0x36, 0xe1, 0x84,
-	0x9e, 0xac, 0xa8, 0xbe, 0xb3, 0x92, 0x4d, 0xb4, 0x4e, 0x3b, 0xaa, 0xd2, 0x09, 0x42, 0xdc, 0x88,
-	0x4e, 0xe8, 0x3d, 0x01, 0xca, 0xbc, 0xc0, 0x97, 0x37, 0x58, 0xe6, 0x46, 0x6c, 0x9d, 0x76, 0xb4,
-	0x87, 0x64, 0x50, 0xb8, 0x85, 0xf6, 0xe3, 0x22, 0xc4, 0xc4, 0x5d, 0x49, 0xbc, 0xa9, 0x89, 0xfb,
-	0x64, 0xd9, 0x4d, 0x56, 0xf1, 0xf8, 0x73, 0x54, 0x62, 0x51, 0x3f, 0x29, 0x76, 0x41, 0xd2, 0x93,
-	0x76, 0xea, 0xa6, 0x2e, 0x92, 0xc5, 0x35, 0xfe, 0x31, 0xd0, 0x95, 0xd3, 0x60, 0xe2, 0xb9, 0x67,
-	0xf8, 0xe9, 0xb9, 0x5e, 0xb8, 0xb5, 0x59, 0x2f, 0xa8, 0x9f, 0x2e, 0xbb, 0x21, 0xd9, 0x68, 0x6a,
-	0xcb, 0xf4, 0x43, 0x17, 0xe5, 0x69, 0x34, 0x81, 0xb8, 0x1f, 0xac, 0x4d, 0xfa, 0x41, 0x25, 0x47,
-	0xa2, 0x09, 0xa4, 0x87, 0x5b, 0xac, 0x18, 0x51, 0x5a, 0xf8, 0x0e, 0x42, 0xc1, 0xd4, 0xe3, 0x72,
-	0x52, 0xc5, 0x87, 0xf5, 0xa6, 0x4c, 0x21, 0xb1, 0xa6, 0xaf, 0x96, 0x0c, 0xb4, 0xf1, 0x87, 0x81,
-	0x90, 0x52, 0xff, 0x1f, 0x46, 0xc1, 0xe3, 0xe5, 0x51, 0xf0, 0xf1, 0xe6, 0x5b, 0x5f, 0x33, 0x0b,
-	0x5e, 0xe4, 0xe2, 0xec, 0x45, 0x35, 0x2e, 0xf9, 0x66, 0xac, 0xa1, 0xbc, 0x78, 0x5a, 0xc4, 0xc3,
-	0xa0, 0x28, 0x90, 0xe2, 0xd9, 0xc1, 0x88, 0xb2, 0x63, 0x0b, 0x21, 0xf1, 0x21, 0x4f, 0x74, 0x5c,
-	0xd4, 0xb2, 0x28, 0x6a, 0x2f, 0xb1, 0x92, 0x0c, 0x42, 0x08, 0x8a, 0x87, 0x1b, 0x33, 0x77, 0x52,
-	0x41, 0xf1, 0x9e, 0x63, 0x44, 0xd9, 0xb1, 0x9b, 0x1d, 0x41, 0x79, 0x59, 0x83, 0xe3, 0x4d, 0x6a,
-	0xb0, 0x3c, 0xee, 0xd2, 0x71, 0x70, 0xe1, 0xe8, 0xb2, 0x10, 0x4a, 0x66, 0x03, 0x33, 0xaf, 0xa4,
-	0x59, 0x27, 0xc3, 0x83, 0x91, 0x0c, 0x02, 0x7f, 0x89, 0xf6, 0xfd, 0xc0, 0x8f, 0xa5, 0x7a, 0xe4,
-	0x21, 0x33, 0x77, 0x25, 0xe9, 0xba, 0x68, 0xb9, 0x93, 0x65, 0x17, 0x59, 0xc5, 0xae, 0x9c, 0xbc,
-	0xc2, 0xc6, 0x27, 0xaf, 0xdd, 0x7c, 0xf9, 0xa6, 0xba, 0xf5, 0xea, 0x4d, 0x75, 0xeb, 0xf5, 0x9b,
-	0xea, 0xd6, 0xcf, 0x8b, 0xaa, 0xf1, 0x72, 0x51, 0x35, 0x5e, 0x2d, 0xaa, 0xc6, 0xeb, 0x45, 0xd5,
-	0xf8, 0x73, 0x51, 0x35, 0x7e, 0xfd, 0xab, 0xba, 0xf5, 0xfd, 0xf6, 0xec, 0xe8, 0xdf, 0x00, 0x00,
-	0x00, 0xff, 0xff, 0x33, 0x6e, 0xcf, 0xc7, 0x82, 0x0d, 0x00, 0x00,
+	// 1287 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcf, 0x6f, 0x1b, 0xc5,
+	0x17, 0xcf, 0xc6, 0x71, 0x63, 0x8f, 0x1b, 0xc7, 0x99, 0xf6, 0xfb, 0xed, 0x92, 0x83, 0x6d, 0x8c,
+	0x84, 0x0c, 0x84, 0xdd, 0x26, 0x14, 0x5a, 0x55, 0x02, 0xc9, 0xa6, 0xa5, 0x58, 0xb4, 0x49, 0x34,
+	0xc6, 0x3d, 0x20, 0x0e, 0x5d, 0xaf, 0x5f, 0xec, 0xc5, 0xf6, 0xec, 0x76, 0x67, 0xd6, 0x28, 0x37,
+	0xfe, 0x01, 0x24, 0xee, 0xfc, 0x17, 0xdc, 0x10, 0x27, 0x6e, 0x39, 0xf6, 0xd8, 0x93, 0x45, 0x0c,
+	0x7f, 0x45, 0x0e, 0x08, 0xcd, 0xec, 0xec, 0x0f, 0x3b, 0xb1, 0xea, 0x70, 0xe0, 0xb6, 0xf3, 0xde,
+	0xe7, 0xf3, 0x79, 0x6f, 0xdf, 0xbe, 0xf7, 0x66, 0xd1, 0x57, 0xc3, 0x07, 0xcc, 0x70, 0x5c, 0x73,
+	0x18, 0x74, 0xc1, 0xa7, 0xc0, 0x81, 0x99, 0x13, 0xa0, 0x3d, 0xd7, 0x37, 0x95, 0xc3, 0xf2, 0x1c,
+	0x06, 0xfe, 0x04, 0x7c, 0xd3, 0x1b, 0xf6, 0xe5, 0xc9, 0xb4, 0x82, 0x9e, 0xc3, 0xcd, 0xc9, 0xbe,
+	0xd9, 0x07, 0x0a, 0xbe, 0xc5, 0xa1, 0x67, 0x78, 0xbe, 0xcb, 0x5d, 0x5c, 0x0b, 0x39, 0x46, 0xcc,
+	0x31, 0xbc, 0x61, 0x5f, 0x9e, 0x0c, 0xc9, 0x31, 0x26, 0xfb, 0xbb, 0x1f, 0xf6, 0x1d, 0x3e, 0x08,
+	0xba, 0x86, 0xed, 0x8e, 0xcd, 0xbe, 0xdb, 0x77, 0x4d, 0x49, 0xed, 0x06, 0x27, 0xf2, 0x24, 0x0f,
+	0xf2, 0x29, 0x94, 0xdc, 0xdd, 0x4b, 0xd2, 0x30, 0xad, 0x80, 0x0f, 0x80, 0x72, 0xc7, 0xb6, 0xb8,
+	0xe3, 0xd2, 0x2b, 0x12, 0xd8, 0xbd, 0x97, 0xa0, 0xc7, 0x96, 0x3d, 0x70, 0x28, 0xf8, 0xa7, 0x49,
+	0xde, 0x63, 0xe0, 0xd6, 0x55, 0x2c, 0x73, 0x19, 0xcb, 0x0f, 0x28, 0x77, 0xc6, 0x70, 0x89, 0xf0,
+	0xc9, 0x9b, 0x08, 0xcc, 0x1e, 0xc0, 0xd8, 0x5a, 0xe4, 0xd5, 0xfe, 0x42, 0x28, 0xfb, 0x78, 0x02,
+	0x94, 0xe3, 0x3d, 0x94, 0x1d, 0xc1, 0x04, 0x46, 0xba, 0x56, 0xd5, 0xea, 0xf9, 0xe6, 0xff, 0xcf,
+	0xa6, 0x95, 0xb5, 0xd9, 0xb4, 0x92, 0x7d, 0x2a, 0x8c, 0x17, 0xd1, 0x03, 0x09, 0x41, 0xf8, 0x10,
+	0x6d, 0xca, 0xfa, 0xb5, 0x1e, 0xe9, 0xeb, 0x12, 0x7f, 0x4f, 0xe1, 0x37, 0x1b, 0xa1, 0xf9, 0x62,
+	0x5a, 0x79, 0x7b, 0x59, 0x4e, 0xfc, 0xd4, 0x03, 0x66, 0x74, 0x5a, 0x8f, 0x48, 0x24, 0x22, 0xa2,
+	0x33, 0x6e, 0xf5, 0x41, 0xcf, 0xcc, 0x47, 0x6f, 0x0b, 0xe3, 0x45, 0xf4, 0x40, 0x42, 0x10, 0x3e,
+	0x40, 0xc8, 0x87, 0x97, 0x01, 0x30, 0xde, 0x21, 0x2d, 0x7d, 0x43, 0x52, 0xb0, 0xa2, 0x20, 0x12,
+	0x7b, 0x48, 0x0a, 0x85, 0xab, 0x68, 0x63, 0x02, 0x7e, 0x57, 0xcf, 0x4a, 0xf4, 0x4d, 0x85, 0xde,
+	0x78, 0x0e, 0x7e, 0x97, 0x48, 0x0f, 0xfe, 0x12, 0x6d, 0x04, 0x0c, 0x7c, 0xfd, 0x46, 0x55, 0xab,
+	0x17, 0x0e, 0xde, 0x35, 0x92, 0xd6, 0x31, 0xe6, 0xbf, 0xb3, 0x31, 0xd9, 0x37, 0x3a, 0x0c, 0xfc,
+	0x16, 0x3d, 0x71, 0x13, 0x25, 0x61, 0x21, 0x52, 0x01, 0x0f, 0x50, 0xc9, 0x19, 0x7b, 0xe0, 0x33,
+	0x97, 0x8a, 0x5a, 0x0b, 0x8f, 0xbe, 0x79, 0x2d, 0xd5, 0xdb, 0xb3, 0x69, 0xa5, 0xd4, 0x5a, 0xd0,
+	0x20, 0x97, 0x54, 0xf1, 0x07, 0x28, 0xcf, 0xdc, 0xc0, 0xb7, 0xa1, 0x75, 0xcc, 0xf4, 0x5c, 0x35,
+	0x53, 0xcf, 0x37, 0xb7, 0x66, 0xd3, 0x4a, 0xbe, 0x1d, 0x19, 0x49, 0xe2, 0xc7, 0x26, 0xca, 0x8b,
+	0xf4, 0x1a, 0x7d, 0xa0, 0x5c, 0x2f, 0xc9, 0x3a, 0xec, 0xa8, 0xec, 0xf3, 0x9d, 0xc8, 0x41, 0x12,
+	0x0c, 0x7e, 0x81, 0xf2, 0x6e, 0xf7, 0x3b, 0xb0, 0x39, 0x81, 0x13, 0x3d, 0x2f, 0x5f, 0xe0, 0x23,
+	0xe3, 0xcd, 0x13, 0x65, 0x1c, 0x45, 0x24, 0xf0, 0x81, 0xda, 0x10, 0xa6, 0x14, 0x1b, 0x49, 0x22,
+	0x8a, 0x07, 0xa8, 0xe8, 0x03, 0xf3, 0x5c, 0xca, 0xa0, 0xcd, 0x2d, 0x1e, 0x30, 0x1d, 0xc9, 0x30,
+	0x7b, 0xa9, 0x30, 0x71, 0xf3, 0x24, 0x91, 0xc4, 0xdc, 0x88, 0x40, 0x21, 0xa7, 0x89, 0x67, 0xd3,
+	0x4a, 0x91, 0xcc, 0xe9, 0x90, 0x05, 0x5d, 0x6c, 0xa1, 0x2d, 0xd5, 0x0d, 0x61, 0x22, 0x7a, 0x41,
+	0x06, 0xaa, 0x2f, 0x0d, 0xa4, 0x26, 0xc7, 0xe8, 0xd0, 0x21, 0x75, 0xbf, 0xa7, 0xcd, 0x9d, 0xd9,
+	0xb4, 0xb2, 0x45, 0xd2, 0x12, 0x64, 0x5e, 0x11, 0xf7, 0x92, 0x97, 0x51, 0x31, 0x6e, 0x5e, 0x33,
+	0xc6, 0xdc, 0x8b, 0xa8, 0x20, 0x0b, 0x9a, 0xf8, 0x47, 0x0d, 0xe9, 0x2a, 0x2e, 0x01, 0x1b, 0x9c,
+	0x09, 0xf4, 0xbe, 0x76, 0xc6, 0xc0, 0xb8, 0x35, 0xf6, 0xf4, 0x2d, 0x19, 0xd0, 0x5c, 0xad, 0x7a,
+	0xcf, 0x1c, 0xdb, 0x77, 0x05, 0xb7, 0x59, 0x55, 0x6d, 0xa0, 0x93, 0x25, 0xc2, 0x64, 0x69, 0x48,
+	0xec, 0xa2, 0xa2, 0x9c, 0xca, 0x24, 0x89, 0xe2, 0xbf, 0x4b, 0x22, 0x1a, 0xfa, 0x62, 0x7b, 0x4e,
+	0x8e, 0x2c, 0xc8, 0xe3, 0x97, 0xa8, 0x60, 0x51, 0xea, 0x72, 0x39, 0x35, 0x4c, 0xdf, 0xae, 0x66,
+	0xea, 0x85, 0x83, 0x87, 0xab, 0xf4, 0xa5, 0xdc, 0x74, 0x46, 0x23, 0x21, 0x3f, 0xa6, 0xdc, 0x3f,
+	0x6d, 0xde, 0x52, 0x81, 0x0b, 0x29, 0x0f, 0x49, 0xc7, 0xd8, 0xfd, 0x0c, 0x95, 0x16, 0x59, 0xb8,
+	0x84, 0x32, 0x43, 0x38, 0x0d, 0xd7, 0x25, 0x11, 0x8f, 0xf8, 0x36, 0xca, 0x4e, 0xac, 0x51, 0x00,
+	0xe1, 0x4a, 0x24, 0xe1, 0xe1, 0xe1, 0xfa, 0x03, 0xad, 0xf6, 0xab, 0x86, 0xf2, 0x32, 0xf8, 0x53,
+	0x87, 0x71, 0xfc, 0x2d, 0xca, 0x89, 0xb7, 0xef, 0x59, 0xdc, 0x92, 0xf4, 0xc2, 0x81, 0xb1, 0x5a,
+	0xad, 0x04, 0xfb, 0x19, 0x70, 0xab, 0x59, 0x52, 0x19, 0xe7, 0x22, 0x0b, 0x89, 0x15, 0xf1, 0x21,
+	0xca, 0x3a, 0x1c, 0xc6, 0x4c, 0x5f, 0x97, 0x85, 0x79, 0x6f, 0xe5, 0xc2, 0x34, 0xb7, 0xa2, 0xad,
+	0xdb, 0x12, 0x7c, 0x12, 0xca, 0xd4, 0x7e, 0xd6, 0x50, 0xf1, 0x89, 0xef, 0x06, 0x1e, 0x81, 0x70,
+	0x95, 0x30, 0xfc, 0x0e, 0xca, 0xf6, 0x85, 0x45, 0xdd, 0x15, 0x31, 0x2f, 0x84, 0x85, 0x3e, 0xb1,
+	0x9a, 0xfc, 0x88, 0x21, 0x73, 0x51, 0xab, 0x29, 0x96, 0x21, 0x89, 0x1f, 0xdf, 0x17, 0xd3, 0x19,
+	0x1e, 0x0e, 0xad, 0x31, 0x30, 0x3d, 0x23, 0x09, 0x6a, 0xe6, 0x52, 0x0e, 0x32, 0x8f, 0xab, 0xfd,
+	0x92, 0x41, 0xdb, 0x0b, 0xeb, 0x06, 0xef, 0xa1, 0x5c, 0x04, 0x52, 0x19, 0xc6, 0xf5, 0x8a, 0xb4,
+	0x48, 0x8c, 0x10, 0x5b, 0x91, 0x0a, 0x29, 0xcf, 0xb2, 0xd5, 0x97, 0x4b, 0xb6, 0xe2, 0x61, 0xe4,
+	0x20, 0x09, 0x46, 0xdc, 0x24, 0xe2, 0xa0, 0xae, 0xaa, 0x78, 0xff, 0x0b, 0x2c, 0x91, 0x1e, 0xdc,
+	0x44, 0x99, 0xc0, 0xe9, 0xa9, 0x8b, 0xe9, 0xae, 0x02, 0x64, 0x3a, 0xab, 0xde, 0x8a, 0x82, 0x2c,
+	0x5e, 0xc2, 0xf2, 0x1c, 0x59, 0x51, 0x75, 0x67, 0xc5, 0x2f, 0xd1, 0x38, 0x6e, 0x85, 0x95, 0x8e,
+	0x11, 0xe2, 0x46, 0xb4, 0x3c, 0xe7, 0x39, 0xf8, 0xcc, 0x71, 0xa9, 0xbc, 0xc1, 0x52, 0x37, 0x62,
+	0xe3, 0xb8, 0xa5, 0x3c, 0x24, 0x85, 0xc2, 0x0d, 0xb4, 0x1d, 0x15, 0x21, 0x22, 0x6e, 0x4a, 0xe2,
+	0x1d, 0x45, 0xdc, 0x26, 0xf3, 0x6e, 0xb2, 0x88, 0xc7, 0x1f, 0xa3, 0x02, 0x0b, 0xba, 0x71, 0xb1,
+	0x73, 0x92, 0x1e, 0x8f, 0x53, 0x3b, 0x71, 0x91, 0x34, 0xae, 0xf6, 0xfb, 0x3a, 0xba, 0x71, 0xec,
+	0x8e, 0x1c, 0xfb, 0x14, 0xbf, 0xb8, 0x34, 0x0b, 0x77, 0x57, 0x9b, 0x85, 0xf0, 0xa3, 0xcb, 0x69,
+	0x88, 0x5f, 0x34, 0xb1, 0xa5, 0xe6, 0xa1, 0x8d, 0xb2, 0x7e, 0x30, 0x82, 0x68, 0x1e, 0x8c, 0x55,
+	0xe6, 0x21, 0x4c, 0x8e, 0x04, 0x23, 0x48, 0x9a, 0x5b, 0x9c, 0x18, 0x09, 0xb5, 0xf0, 0x7d, 0x84,
+	0xdc, 0xb1, 0xc3, 0xe5, 0xa6, 0x8a, 0x9a, 0xf5, 0x8e, 0x4c, 0x21, 0xb6, 0x26, 0x7f, 0x2d, 0x29,
+	0x28, 0x7e, 0x82, 0x76, 0xc4, 0xe9, 0x99, 0x45, 0xad, 0x3e, 0xf4, 0xbe, 0x70, 0x60, 0xd4, 0x63,
+	0xb2, 0x51, 0x72, 0xcd, 0xb7, 0x54, 0xa4, 0x9d, 0xa3, 0x45, 0x00, 0xb9, 0xcc, 0xa9, 0xfd, 0xa6,
+	0x21, 0x14, 0xa6, 0xf9, 0x1f, 0xec, 0x94, 0xa3, 0xf9, 0x9d, 0xf2, 0xfe, 0xea, 0x35, 0x5c, 0xb2,
+	0x54, 0xfe, 0xce, 0x44, 0xd9, 0x8b, 0xb2, 0x5e, 0xf3, 0xe7, 0xb3, 0x82, 0xb2, 0xe2, 0x1f, 0x25,
+	0xda, 0x2a, 0x79, 0x81, 0x14, 0xff, 0x2f, 0x8c, 0x84, 0x76, 0x6c, 0x20, 0x24, 0x1e, 0xe4, 0x68,
+	0x44, 0x5f, 0xa7, 0x28, 0xbe, 0x4e, 0x27, 0xb6, 0x92, 0x14, 0x42, 0x08, 0x8a, 0x3f, 0x40, 0xf1,
+	0x21, 0x62, 0x41, 0xf1, 0x63, 0xc8, 0x48, 0x68, 0xc7, 0x76, 0x7a, 0x97, 0x65, 0x65, 0x0d, 0x0e,
+	0x56, 0xa9, 0xc1, 0xfc, 0xde, 0x4c, 0xf6, 0xca, 0x95, 0x3b, 0xd0, 0x40, 0x28, 0x5e, 0x32, 0x4c,
+	0xbf, 0x91, 0x64, 0x1d, 0x6f, 0x21, 0x46, 0x52, 0x08, 0xfc, 0x29, 0xda, 0xa6, 0x2e, 0x8d, 0xa4,
+	0x3a, 0xe4, 0x29, 0xd3, 0x37, 0x25, 0xe9, 0x96, 0x98, 0xdd, 0xc3, 0x79, 0x17, 0x59, 0xc4, 0x2e,
+	0xb4, 0x70, 0x6e, 0xf5, 0x16, 0xfe, 0xfc, 0xaa, 0x16, 0xce, 0xcb, 0x16, 0xfe, 0xdf, 0xaa, 0xed,
+	0xdb, 0xac, 0x9f, 0x9d, 0x97, 0xd7, 0x5e, 0x9d, 0x97, 0xd7, 0x5e, 0x9f, 0x97, 0xd7, 0x7e, 0x98,
+	0x95, 0xb5, 0xb3, 0x59, 0x59, 0x7b, 0x35, 0x2b, 0x6b, 0xaf, 0x67, 0x65, 0xed, 0x8f, 0x59, 0x59,
+	0xfb, 0xe9, 0xcf, 0xf2, 0xda, 0x37, 0xeb, 0x93, 0xfd, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0x6a,
+	0x8e, 0x8a, 0xae, 0x10, 0x0e, 0x00, 0x00,
 }

 func (m *Event) Marshal() (dAtA []byte, err error) {
@ -696,6 +699,14 @@ func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	i--
+	if m.OmitManagedFields {
+		dAtA[i] = 1
+	} else {
+		dAtA[i] = 0
+	}
+	i--
+	dAtA[i] = 0x20
 	if len(m.OmitStages) > 0 {
 		for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.OmitStages[iNdEx])
@ -799,6 +810,16 @@ func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.OmitManagedFields != nil {
+		i--
+		if *m.OmitManagedFields {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x48
+	}
 	if len(m.OmitStages) > 0 {
 		for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.OmitStages[iNdEx])
@ -1032,6 +1053,7 @@ func (m *Policy) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	n += 2
 	return n
 }

@ -1102,6 +1124,9 @@ func (m *PolicyRule) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	if m.OmitManagedFields != nil {
+		n += 2
+	}
 	return n
 }

@ -1204,6 +1229,7 @@ func (this *Policy) String() string {
 		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`,
 		`Rules:` + repeatedStringForRules + `,`,
 		`OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`,
+		`OmitManagedFields:` + fmt.Sprintf("%v", this.OmitManagedFields) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1242,6 +1268,7 @@ func (this *PolicyRule) String() string {
 		`Namespaces:` + fmt.Sprintf("%v", this.Namespaces) + `,`,
 		`NonResourceURLs:` + fmt.Sprintf("%v", this.NonResourceURLs) + `,`,
 		`OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`,
+		`OmitManagedFields:` + valueToStringGenerated(this.OmitManagedFields) + `,`,
 		`}`,
 	}, "")
 	return s
@ -2631,6 +2658,26 @@ func (m *Policy) Unmarshal(dAtA []byte) error {
 			}
 			m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.OmitManagedFields = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@ -3056,6 +3103,27 @@ func (m *PolicyRule) Unmarshal(dAtA []byte) error {
 			}
 			m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			b := bool(v != 0)
+			m.OmitManagedFields = &b
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto
@ -190,6 +190,15 @@ message Policy {
  // be specified per rule in which case the union of both are omitted.
  // +optional
  repeated string omitStages = 3;
+
+  // OmitManagedFields indicates whether to omit the managed fields of the request
+  // and response bodies from being written to the API audit log.
+  // This is used as a global default - a value of 'true' will omit the managed fileds,
+  // otherwise the managed fields will be included in the API audit log.
+  // Note that this can also be specified per rule in which case the value specified
+  // in a rule will override the global default.
+  // +optional
+  optional bool omitManagedFields = 4;
 }

 // PolicyList is a list of audit Policies.
@ -245,5 +254,16 @@ message PolicyRule {
  // An empty list means no restrictions will apply.
  // +optional
  repeated string omitStages = 8;
+
+  // OmitManagedFields indicates whether to omit the managed fields of the request
+  // and response bodies from being written to the API audit log.
+  // - a value of 'true' will drop the managed fields from the API audit log
+  // - a value of 'false' indicates that the managed fileds should be included
+  //   in the API audit log
+  // Note that the value, if specified, in this rule will override the global default
+  // If a value is not specified then the global default specified in
+  // Policy.OmitManagedFields will stand.
+  // +optional
+  optional bool omitManagedFields = 9;
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go
@ -166,6 +166,15 @@ type Policy struct {
 	// be specified per rule in which case the union of both are omitted.
 	// +optional
 	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// This is used as a global default - a value of 'true' will omit the managed fileds,
+	// otherwise the managed fields will be included in the API audit log.
+	// Note that this can also be specified per rule in which case the value specified
+	// in a rule will override the global default.
+	// +optional
+	OmitManagedFields bool `json:"omitManagedFields,omitempty" protobuf:"varint,4,opt,name=omitManagedFields"`
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -226,6 +235,17 @@ type PolicyRule struct {
 	// An empty list means no restrictions will apply.
 	// +optional
 	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// - a value of 'true' will drop the managed fields from the API audit log
+	// - a value of 'false' indicates that the managed fileds should be included
+	//   in the API audit log
+	// Note that the value, if specified, in this rule will override the global default
+	// If a value is not specified then the global default specified in
+	// Policy.OmitManagedFields will stand.
+	// +optional
+	OmitManagedFields *bool `json:"omitManagedFields,omitempty" protobuf:"varint,9,opt,name=omitManagedFields"`
 }

 // GroupResources represents resource kinds in an API group.
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -245,6 +246,7 @@ func autoConvert_v1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conv
 	out.ObjectMeta = in.ObjectMeta
 	out.Rules = *(*[]audit.PolicyRule)(unsafe.Pointer(&in.Rules))
 	out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = in.OmitManagedFields
 	return nil
 }

@ -257,6 +259,7 @@ func autoConvert_audit_Policy_To_v1_Policy(in *audit.Policy, out *Policy, s conv
 	out.ObjectMeta = in.ObjectMeta
 	out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
 	out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = in.OmitManagedFields
 	return nil
 }

@ -296,6 +299,7 @@ func autoConvert_v1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.Po
 	out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
 	out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
 	out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields))
 	return nil
 }

@ -313,6 +317,7 @@ func autoConvert_audit_PolicyRule_To_v1_PolicyRule(in *audit.PolicyRule, out *Po
 	out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
 	out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
 	out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields))
 	return nil
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -277,6 +278,11 @@ func (in *PolicyRule) DeepCopyInto(out *PolicyRule) {
 		*out = make([]Stage, len(*in))
 		copy(*out, *in)
 	}
+	if in.OmitManagedFields != nil {
+		in, out := &in.OmitManagedFields, &out.OmitManagedFields
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/generated.pb.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/generated.pb.go
@ -261,86 +261,89 @@ func init() {
 }

 var fileDescriptor_46c0b2c8ea67b187 = []byte{
-	// 1263 bytes of a gzipped FileDescriptorProto
+	// 1306 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45,
-	0x14, 0xcf, 0xd6, 0x71, 0x63, 0x8f, 0x1b, 0xc7, 0x99, 0x56, 0x74, 0x95, 0x83, 0x6d, 0x8c, 0x84,
-	0x2c, 0x08, 0xbb, 0x49, 0x14, 0x68, 0x40, 0x02, 0x11, 0xab, 0x15, 0x58, 0x4a, 0x43, 0x78, 0x89,
-	0x2b, 0xf1, 0xe7, 0xc0, 0xda, 0x7e, 0xb1, 0x17, 0xdb, 0xbb, 0xcb, 0xce, 0xac, 0xab, 0xdc, 0x38,
-	0x70, 0x45, 0xe2, 0xce, 0x87, 0xe0, 0x23, 0x54, 0xdc, 0x72, 0xec, 0xb1, 0x27, 0x8b, 0x98, 0x6f,
-	0x91, 0x03, 0x42, 0x33, 0xfb, 0x67, 0xd6, 0x4e, 0x2d, 0x1c, 0x0e, 0xbd, 0xed, 0xbc, 0xf7, 0x7b,
-	0xbf, 0xf7, 0xe6, 0xed, 0xfb, 0x33, 0xe4, 0xeb, 0xc1, 0x01, 0x33, 0x6c, 0xd7, 0x1c, 0x04, 0x6d,
-	0xf4, 0x1d, 0xe4, 0xc8, 0xcc, 0x31, 0x3a, 0x5d, 0xd7, 0x37, 0x23, 0x85, 0xe5, 0xd9, 0x0c, 0xfd,
-	0x31, 0xfa, 0xa6, 0x37, 0xe8, 0xc9, 0x93, 0x69, 0x05, 0x5d, 0x9b, 0x9b, 0xe3, 0x5d, 0x6b, 0xe8,
-	0xf5, 0xad, 0x5d, 0xb3, 0x87, 0x0e, 0xfa, 0x16, 0xc7, 0xae, 0xe1, 0xf9, 0x2e, 0x77, 0x69, 0x3d,
-	0xb4, 0x34, 0x12, 0x4b, 0xc3, 0x1b, 0xf4, 0xe4, 0xc9, 0x90, 0x96, 0x46, 0x6c, 0xb9, 0xf5, 0x41,
-	0xcf, 0xe6, 0xfd, 0xa0, 0x6d, 0x74, 0xdc, 0x91, 0xd9, 0x73, 0x7b, 0xae, 0x29, 0x09, 0xda, 0xc1,
-	0xb9, 0x3c, 0xc9, 0x83, 0xfc, 0x0a, 0x89, 0xb7, 0xb6, 0x55, 0x48, 0xa6, 0x15, 0xf0, 0x3e, 0x3a,
-	0xdc, 0xee, 0x58, 0xdc, 0x76, 0x1d, 0x73, 0x7c, 0x23, 0x8c, 0xad, 0x7d, 0x85, 0x1e, 0x59, 0x9d,
-	0xbe, 0xed, 0xa0, 0x7f, 0xa1, 0xee, 0x30, 0x42, 0x6e, 0xbd, 0xce, 0xca, 0x5c, 0x64, 0xe5, 0x07,
-	0x0e, 0xb7, 0x47, 0x78, 0xc3, 0xe0, 0xa3, 0xff, 0x32, 0x60, 0x9d, 0x3e, 0x8e, 0xac, 0x79, 0xbb,
-	0xda, 0x1f, 0xf7, 0x48, 0xf6, 0xc9, 0x18, 0x1d, 0x4e, 0x7f, 0x20, 0x39, 0x11, 0x4d, 0xd7, 0xe2,
-	0x96, 0xae, 0x55, 0xb5, 0x7a, 0x61, 0x6f, 0xc7, 0x50, 0x29, 0x4c, 0x48, 0x55, 0x16, 0x05, 0xda,
-	0x18, 0xef, 0x1a, 0x5f, 0xb5, 0x7f, 0xc4, 0x0e, 0x7f, 0x8a, 0xdc, 0x6a, 0xd0, 0xcb, 0x49, 0x65,
-	0x65, 0x3a, 0xa9, 0x10, 0x25, 0x83, 0x84, 0x95, 0x6e, 0x93, 0xec, 0x10, 0xc7, 0x38, 0xd4, 0xef,
-	0x54, 0xb5, 0x7a, 0xbe, 0xf1, 0x56, 0x04, 0xce, 0x1e, 0x09, 0xe1, 0x75, 0xfc, 0x01, 0x21, 0x88,
-	0x7e, 0x47, 0xf2, 0x22, 0x70, 0xc6, 0xad, 0x91, 0xa7, 0x67, 0x64, 0x40, 0xef, 0x2d, 0x17, 0xd0,
-	0x99, 0x3d, 0xc2, 0xc6, 0x66, 0xc4, 0x9e, 0x3f, 0x8b, 0x49, 0x40, 0xf1, 0xd1, 0x63, 0xb2, 0x26,
-	0x8b, 0xa0, 0xf9, 0x58, 0x5f, 0x95, 0xc1, 0xec, 0x47, 0xf0, 0xb5, 0xc3, 0x50, 0x7c, 0x3d, 0xa9,
-	0xbc, 0xbd, 0x28, 0xa5, 0xfc, 0xc2, 0x43, 0x66, 0xb4, 0x9a, 0x8f, 0x21, 0x26, 0x11, 0x57, 0x63,
-	0xdc, 0xea, 0xa1, 0x9e, 0x9d, 0xbd, 0xda, 0xa9, 0x10, 0x5e, 0xc7, 0x1f, 0x10, 0x82, 0xe8, 0x1e,
-	0x21, 0x3e, 0xfe, 0x14, 0x20, 0xe3, 0x2d, 0x68, 0xea, 0x77, 0xa5, 0x49, 0x92, 0x3a, 0x48, 0x34,
-	0x90, 0x42, 0xd1, 0x2a, 0x59, 0x1d, 0xa3, 0xdf, 0xd6, 0xd7, 0x24, 0xfa, 0x5e, 0x84, 0x5e, 0x7d,
-	0x86, 0x7e, 0x1b, 0xa4, 0x86, 0x7e, 0x49, 0x56, 0x03, 0x86, 0xbe, 0x9e, 0x93, 0xb9, 0x7a, 0x37,
-	0x95, 0x2b, 0x63, 0xb6, 0x4c, 0x45, 0x8e, 0x5a, 0x0c, 0xfd, 0xa6, 0x73, 0xee, 0x2a, 0x26, 0x21,
-	0x01, 0xc9, 0x40, 0xfb, 0xa4, 0x64, 0x8f, 0x3c, 0xf4, 0x99, 0xeb, 0x88, 0x52, 0x11, 0x1a, 0x3d,
-	0x7f, 0x2b, 0xd6, 0x07, 0xd3, 0x49, 0xa5, 0xd4, 0x9c, 0xe3, 0x80, 0x1b, 0xac, 0xf4, 0x7d, 0x92,
-	0x67, 0x6e, 0xe0, 0x77, 0xb0, 0x79, 0xc2, 0x74, 0x52, 0xcd, 0xd4, 0xf3, 0x8d, 0x75, 0xf1, 0xd3,
-	0x4e, 0x63, 0x21, 0x28, 0x3d, 0x35, 0x49, 0x5e, 0x84, 0x77, 0xd8, 0x43, 0x87, 0xeb, 0x54, 0xe6,
-	0x21, 0xf9, 0xcb, 0xad, 0x58, 0x01, 0x0a, 0x43, 0xcf, 0x49, 0xde, 0x95, 0x85, 0x08, 0x78, 0xae,
-	0x17, 0xe4, 0x05, 0x3e, 0x36, 0x96, 0x1d, 0x0b, 0x51, 0x5d, 0x03, 0x9e, 0xa3, 0x8f, 0x4e, 0x07,
-	0xc3, 0xc0, 0x12, 0x21, 0x28, 0x6a, 0xda, 0x27, 0x45, 0x1f, 0x99, 0xe7, 0x3a, 0x0c, 0x4f, 0xb9,
-	0xc5, 0x03, 0xa6, 0xdf, 0x93, 0xce, 0xb6, 0x97, 0xab, 0xd7, 0xd0, 0xa6, 0x41, 0xa7, 0x93, 0x4a,
-	0x11, 0x66, 0x78, 0x60, 0x8e, 0x97, 0x5a, 0x64, 0x3d, 0xaa, 0x89, 0x30, 0x10, 0x7d, 0x5d, 0x3a,
-	0xaa, 0x2f, 0x74, 0x14, 0xb5, 0xbf, 0xd1, 0x72, 0x06, 0x8e, 0xfb, 0xdc, 0x69, 0x6c, 0x4e, 0x27,
-	0x95, 0x75, 0x48, 0x53, 0xc0, 0x2c, 0x23, 0xed, 0xaa, 0xcb, 0x44, 0x3e, 0x8a, 0xb7, 0xf4, 0x31,
-	0x73, 0x91, 0xc8, 0xc9, 0x1c, 0x27, 0xfd, 0x55, 0x23, 0x7a, 0xe4, 0x17, 0xb0, 0x83, 0xf6, 0x18,
-	0xbb, 0x49, 0xa3, 0xea, 0x1b, 0xd2, 0xa1, 0xb9, 0x5c, 0xf6, 0x9e, 0xda, 0x1d, 0xdf, 0x95, 0x2d,
-	0x5f, 0x8d, 0x8a, 0x41, 0x87, 0x05, 0xc4, 0xb0, 0xd0, 0x25, 0x75, 0x49, 0x51, 0xf6, 0xa6, 0x0a,
-	0xa2, 0xf4, 0xff, 0x82, 0x88, 0x5b, 0xbf, 0x78, 0x3a, 0x43, 0x07, 0x73, 0xf4, 0xf4, 0x39, 0x29,
-	0x58, 0x8e, 0xe3, 0x72, 0xd9, 0x3b, 0x4c, 0xdf, 0xac, 0x66, 0xea, 0x85, 0xbd, 0xcf, 0x97, 0xaf,
-	0x4e, 0x39, 0xb4, 0x8d, 0x43, 0x45, 0xf1, 0xc4, 0xe1, 0xfe, 0x45, 0xe3, 0x7e, 0xe4, 0xbe, 0x90,
-	0xd2, 0x40, 0xda, 0xd3, 0xd6, 0x67, 0xa4, 0x34, 0x6f, 0x45, 0x4b, 0x24, 0x33, 0xc0, 0x0b, 0x39,
-	0xf6, 0xf3, 0x20, 0x3e, 0xe9, 0x03, 0x92, 0x1d, 0x5b, 0xc3, 0x00, 0xc3, 0x59, 0x0d, 0xe1, 0xe1,
-	0x93, 0x3b, 0x07, 0x5a, 0xed, 0x85, 0x46, 0xf2, 0xd2, 0xf9, 0x91, 0xcd, 0x38, 0xfd, 0xfe, 0xc6,
-	0xd6, 0x30, 0x96, 0xcb, 0x98, 0xb0, 0x96, 0x3b, 0xa3, 0x14, 0x45, 0x9c, 0x8b, 0x25, 0xa9, 0x8d,
-	0x71, 0x46, 0xb2, 0x36, 0xc7, 0x11, 0xd3, 0xef, 0xc8, 0xf4, 0x98, 0xb7, 0x4c, 0x4f, 0x63, 0x3d,
-	0x9e, 0xc3, 0x4d, 0xc1, 0x02, 0x21, 0x59, 0xed, 0x77, 0x8d, 0x14, 0xbf, 0xf0, 0xdd, 0xc0, 0x03,
-	0x0c, 0x87, 0x0b, 0xa3, 0xef, 0x90, 0x6c, 0x4f, 0x48, 0xc2, 0x14, 0x28, 0xbb, 0x10, 0x16, 0xea,
-	0xc4, 0xb0, 0xf2, 0x63, 0x0b, 0x19, 0x51, 0x34, 0xac, 0x12, 0x1a, 0x50, 0x7a, 0xfa, 0x48, 0x74,
-	0x6a, 0x78, 0x38, 0xb6, 0x46, 0xc8, 0xf4, 0x8c, 0x34, 0x88, 0xfa, 0x2f, 0xa5, 0x80, 0x59, 0x5c,
-	0xed, 0x97, 0x0c, 0xd9, 0x98, 0x1b, 0x3d, 0x74, 0x9b, 0xe4, 0x62, 0x50, 0x14, 0x61, 0x92, 0xb5,
-	0x98, 0x0b, 0x12, 0x84, 0x98, 0x93, 0x8e, 0xa0, 0xf2, 0xac, 0x4e, 0xf4, 0xff, 0xd4, 0x9c, 0x3c,
-	0x8e, 0x15, 0xa0, 0x30, 0x62, 0xb7, 0x88, 0x83, 0xdc, 0xb2, 0xa9, 0xdd, 0x22, 0xb0, 0x20, 0x35,
-	0xb4, 0x41, 0x32, 0x81, 0xdd, 0x8d, 0x76, 0xe5, 0x4e, 0x04, 0xc8, 0xb4, 0x96, 0xdd, 0x93, 0xc2,
-	0x58, 0x6c, 0x3d, 0xcb, 0xb3, 0x9f, 0xa1, 0xcf, 0x6c, 0xd7, 0x89, 0x16, 0x65, 0xb2, 0xf5, 0x0e,
-	0x4f, 0x9a, 0x91, 0x06, 0x52, 0x28, 0x7a, 0x48, 0x36, 0xe2, 0x6b, 0xc5, 0x86, 0xe1, 0xba, 0x7c,
-	0x18, 0x19, 0x6e, 0xc0, 0xac, 0x1a, 0xe6, 0xf1, 0xf4, 0x43, 0x52, 0x60, 0x41, 0x3b, 0x49, 0x5f,
-	0xb8, 0x3f, 0x93, 0x36, 0x39, 0x55, 0x2a, 0x48, 0xe3, 0x6a, 0xff, 0x68, 0xe4, 0xee, 0x89, 0x3b,
-	0xb4, 0x3b, 0x17, 0x6f, 0xe0, 0x65, 0xf4, 0x0d, 0xc9, 0xfa, 0xc1, 0x10, 0xe3, 0x3a, 0xdf, 0x5f,
-	0xbe, 0xce, 0xc3, 0x10, 0x21, 0x18, 0xa2, 0x2a, 0x5a, 0x71, 0x62, 0x10, 0x32, 0xd2, 0x47, 0x84,
-	0xb8, 0x23, 0x9b, 0xcb, 0x69, 0x14, 0x17, 0xe1, 0x43, 0x19, 0x48, 0x22, 0x55, 0xef, 0x93, 0x14,
-	0xb4, 0xf6, 0xa7, 0x46, 0x48, 0xc8, 0xfe, 0x06, 0x1a, 0xbd, 0x35, 0xdb, 0xe8, 0x3b, 0xb7, 0x4d,
-	0xc0, 0x82, 0x4e, 0x7f, 0x91, 0x89, 0xef, 0x20, 0x72, 0xa2, 0x1e, 0xa0, 0xda, 0x32, 0x0f, 0xd0,
-	0x0a, 0xc9, 0x8a, 0xa7, 0x44, 0xdc, 0xea, 0x79, 0x81, 0x14, 0xcf, 0x0c, 0x06, 0xa1, 0x9c, 0x1a,
-	0x84, 0x88, 0x0f, 0x39, 0x23, 0xe2, 0xd4, 0x16, 0x45, 0x6a, 0x5b, 0x89, 0x14, 0x52, 0x08, 0x41,
-	0x28, 0x1e, 0x6a, 0x4c, 0x5f, 0x55, 0x84, 0xe2, 0xfd, 0xc6, 0x20, 0x94, 0x53, 0x3b, 0x3d, 0x60,
-	0xb2, 0x32, 0x13, 0x07, 0xcb, 0x67, 0x62, 0x76, 0xa4, 0xa9, 0x96, 0x7f, 0xed, 0x78, 0x32, 0x08,
-	0x49, 0xfa, 0x9f, 0xe9, 0x77, 0x55, 0xec, 0xc9, 0x80, 0x60, 0x90, 0x42, 0xd0, 0x4f, 0xc9, 0x86,
-	0xe3, 0x3a, 0x31, 0x55, 0x0b, 0x8e, 0x98, 0xbe, 0x26, 0x8d, 0xee, 0x8b, 0x26, 0x3c, 0x9e, 0x55,
-	0xc1, 0x3c, 0x76, 0xae, 0x0a, 0x73, 0x4b, 0x57, 0x61, 0xc3, 0xb8, 0xbc, 0x2a, 0xaf, 0xbc, 0xbc,
-	0x2a, 0xaf, 0xbc, 0xba, 0x2a, 0xaf, 0xfc, 0x3c, 0x2d, 0x6b, 0x97, 0xd3, 0xb2, 0xf6, 0x72, 0x5a,
-	0xd6, 0x5e, 0x4d, 0xcb, 0xda, 0x5f, 0xd3, 0xb2, 0xf6, 0xdb, 0xdf, 0xe5, 0x95, 0x6f, 0x73, 0x71,
-	0x12, 0xfe, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x19, 0xf8, 0xf6, 0xd0, 0x49, 0x0e, 0x00, 0x00,
+	0x14, 0xcf, 0xc6, 0x71, 0xe3, 0x9d, 0x34, 0x4e, 0x32, 0x2d, 0x74, 0xc9, 0xc1, 0x0e, 0x41, 0x42,
+	0x11, 0x84, 0xdd, 0xb6, 0x2a, 0xb4, 0x20, 0x81, 0x88, 0x69, 0x29, 0x96, 0xda, 0xb4, 0x4c, 0xea,
+	0x4a, 0xfc, 0x39, 0x30, 0xb6, 0x5f, 0xec, 0xc5, 0xf6, 0xec, 0xb2, 0x33, 0xeb, 0x2a, 0x37, 0x0e,
+	0xbd, 0x22, 0x71, 0xe7, 0x43, 0xf0, 0x11, 0x10, 0x27, 0x7a, 0xec, 0xb1, 0x27, 0x8b, 0x9a, 0x6f,
+	0xd1, 0x13, 0x9a, 0xd9, 0xd9, 0x9d, 0xb5, 0x13, 0x8b, 0x0d, 0x87, 0xde, 0x66, 0xde, 0xfb, 0xbd,
+	0xdf, 0x7b, 0xf3, 0xe6, 0xcd, 0x7b, 0x83, 0xbe, 0x1e, 0xdc, 0xe2, 0xae, 0x1f, 0x78, 0x83, 0xb8,
+	0x0d, 0x11, 0x03, 0x01, 0xdc, 0x1b, 0x03, 0xeb, 0x06, 0x91, 0xa7, 0x15, 0x34, 0xf4, 0x39, 0x44,
+	0x63, 0x88, 0xbc, 0x70, 0xd0, 0x53, 0x3b, 0x8f, 0xc6, 0x5d, 0x5f, 0x78, 0xe3, 0x6b, 0x74, 0x18,
+	0xf6, 0xe9, 0x35, 0xaf, 0x07, 0x0c, 0x22, 0x2a, 0xa0, 0xeb, 0x86, 0x51, 0x20, 0x02, 0xbc, 0x97,
+	0x58, 0xba, 0x99, 0xa5, 0x1b, 0x0e, 0x7a, 0x6a, 0xe7, 0x2a, 0x4b, 0x37, 0xb5, 0xdc, 0xfe, 0xa0,
+	0xe7, 0x8b, 0x7e, 0xdc, 0x76, 0x3b, 0xc1, 0xc8, 0xeb, 0x05, 0xbd, 0xc0, 0x53, 0x04, 0xed, 0xf8,
+	0x58, 0xed, 0xd4, 0x46, 0xad, 0x12, 0xe2, 0xed, 0x7d, 0x13, 0x92, 0x47, 0x63, 0xd1, 0x07, 0x26,
+	0xfc, 0x0e, 0x15, 0x7e, 0xc0, 0xbc, 0xf1, 0xa9, 0x30, 0xb6, 0x6f, 0x18, 0xf4, 0x88, 0x76, 0xfa,
+	0x3e, 0x83, 0xe8, 0xc4, 0x9c, 0x61, 0x04, 0x82, 0x9e, 0x65, 0xe5, 0x2d, 0xb2, 0x8a, 0x62, 0x26,
+	0xfc, 0x11, 0x9c, 0x32, 0xf8, 0xe8, 0xbf, 0x0c, 0x78, 0xa7, 0x0f, 0x23, 0x3a, 0x6f, 0xb7, 0xfb,
+	0xfb, 0x45, 0x54, 0xbe, 0x33, 0x06, 0x26, 0xf0, 0x0f, 0xa8, 0x22, 0xa3, 0xe9, 0x52, 0x41, 0x1d,
+	0x6b, 0xc7, 0xda, 0x5b, 0xbb, 0x7e, 0xd5, 0x35, 0x29, 0xcc, 0x48, 0x4d, 0x16, 0x25, 0xda, 0x1d,
+	0x5f, 0x73, 0x1f, 0xb4, 0x7f, 0x84, 0x8e, 0xb8, 0x0f, 0x82, 0x36, 0xf0, 0xb3, 0x49, 0x7d, 0x69,
+	0x3a, 0xa9, 0x23, 0x23, 0x23, 0x19, 0x2b, 0xde, 0x47, 0xe5, 0x21, 0x8c, 0x61, 0xe8, 0x2c, 0xef,
+	0x58, 0x7b, 0x76, 0xe3, 0x4d, 0x0d, 0x2e, 0xdf, 0x93, 0xc2, 0x57, 0xe9, 0x82, 0x24, 0x20, 0xfc,
+	0x1d, 0xb2, 0x65, 0xe0, 0x5c, 0xd0, 0x51, 0xe8, 0x94, 0x54, 0x40, 0xef, 0x15, 0x0b, 0xe8, 0x91,
+	0x3f, 0x82, 0xc6, 0x96, 0x66, 0xb7, 0x1f, 0xa5, 0x24, 0xc4, 0xf0, 0xe1, 0x43, 0xb4, 0xaa, 0x8a,
+	0xa0, 0x79, 0xdb, 0x59, 0x51, 0xc1, 0xdc, 0xd0, 0xf0, 0xd5, 0x83, 0x44, 0xfc, 0x6a, 0x52, 0x7f,
+	0x7b, 0x51, 0x4a, 0xc5, 0x49, 0x08, 0xdc, 0x6d, 0x35, 0x6f, 0x93, 0x94, 0x44, 0x1e, 0x8d, 0x0b,
+	0xda, 0x03, 0xa7, 0x3c, 0x7b, 0xb4, 0x23, 0x29, 0x7c, 0x95, 0x2e, 0x48, 0x02, 0xc2, 0xd7, 0x11,
+	0x8a, 0xe0, 0xa7, 0x18, 0xb8, 0x68, 0x91, 0xa6, 0x73, 0x41, 0x99, 0x64, 0xa9, 0x23, 0x99, 0x86,
+	0xe4, 0x50, 0x78, 0x07, 0xad, 0x8c, 0x21, 0x6a, 0x3b, 0xab, 0x0a, 0x7d, 0x51, 0xa3, 0x57, 0x1e,
+	0x43, 0xd4, 0x26, 0x4a, 0x83, 0xbf, 0x42, 0x2b, 0x31, 0x87, 0xc8, 0xa9, 0xa8, 0x5c, 0xbd, 0x9b,
+	0xcb, 0x95, 0x3b, 0x5b, 0xa6, 0x32, 0x47, 0x2d, 0x0e, 0x51, 0x93, 0x1d, 0x07, 0x86, 0x49, 0x4a,
+	0x88, 0x62, 0xc0, 0x7d, 0xb4, 0xe9, 0x8f, 0x42, 0x88, 0x78, 0xc0, 0x64, 0xa9, 0x48, 0x8d, 0x63,
+	0x9f, 0x8b, 0xf5, 0xf2, 0x74, 0x52, 0xdf, 0x6c, 0xce, 0x71, 0x90, 0x53, 0xac, 0xf8, 0x7d, 0x64,
+	0xf3, 0x20, 0x8e, 0x3a, 0xd0, 0x7c, 0xc8, 0x1d, 0xb4, 0x53, 0xda, 0xb3, 0x1b, 0xeb, 0xf2, 0xd2,
+	0x8e, 0x52, 0x21, 0x31, 0x7a, 0xec, 0x21, 0x5b, 0x86, 0x77, 0xd0, 0x03, 0x26, 0x1c, 0xac, 0xf2,
+	0x90, 0xdd, 0x72, 0x2b, 0x55, 0x10, 0x83, 0xc1, 0xc7, 0xc8, 0x0e, 0x54, 0x21, 0x12, 0x38, 0x76,
+	0xd6, 0xd4, 0x01, 0x3e, 0x76, 0x8b, 0xb6, 0x05, 0x5d, 0xd7, 0x04, 0x8e, 0x21, 0x02, 0xd6, 0x81,
+	0x24, 0xb0, 0x4c, 0x48, 0x0c, 0x35, 0xee, 0xa3, 0x6a, 0x04, 0x3c, 0x0c, 0x18, 0x87, 0x23, 0x41,
+	0x45, 0xcc, 0x9d, 0x8b, 0xca, 0xd9, 0x7e, 0xb1, 0x7a, 0x4d, 0x6c, 0x1a, 0x78, 0x3a, 0xa9, 0x57,
+	0xc9, 0x0c, 0x0f, 0x99, 0xe3, 0xc5, 0x14, 0xad, 0xeb, 0x9a, 0x48, 0x02, 0x71, 0xd6, 0x95, 0xa3,
+	0xbd, 0x85, 0x8e, 0xf4, 0xf3, 0x77, 0x5b, 0x6c, 0xc0, 0x82, 0x27, 0xac, 0xb1, 0x35, 0x9d, 0xd4,
+	0xd7, 0x49, 0x9e, 0x82, 0xcc, 0x32, 0xe2, 0xae, 0x39, 0x8c, 0xf6, 0x51, 0x3d, 0xa7, 0x8f, 0x99,
+	0x83, 0x68, 0x27, 0x73, 0x9c, 0xf8, 0x17, 0x0b, 0x39, 0xda, 0x2f, 0x81, 0x0e, 0xf8, 0x63, 0xe8,
+	0x66, 0x0f, 0xd5, 0xd9, 0x50, 0x0e, 0xbd, 0x62, 0xd9, 0xbb, 0xef, 0x77, 0xa2, 0x40, 0x3d, 0xf9,
+	0x1d, 0x5d, 0x0c, 0x0e, 0x59, 0x40, 0x4c, 0x16, 0xba, 0xc4, 0x01, 0xaa, 0xaa, 0xb7, 0x69, 0x82,
+	0xd8, 0xfc, 0x7f, 0x41, 0xa4, 0x4f, 0xbf, 0x7a, 0x34, 0x43, 0x47, 0xe6, 0xe8, 0xf1, 0x13, 0xb4,
+	0x46, 0x19, 0x0b, 0x84, 0x7a, 0x3b, 0xdc, 0xd9, 0xda, 0x29, 0xed, 0xad, 0x5d, 0xff, 0xbc, 0x78,
+	0x75, 0xaa, 0xa6, 0xed, 0x1e, 0x18, 0x8a, 0x3b, 0x4c, 0x44, 0x27, 0x8d, 0x4b, 0xda, 0xfd, 0x5a,
+	0x4e, 0x43, 0xf2, 0x9e, 0xb6, 0x3f, 0x43, 0x9b, 0xf3, 0x56, 0x78, 0x13, 0x95, 0x06, 0x70, 0xa2,
+	0xda, 0xbe, 0x4d, 0xe4, 0x12, 0x5f, 0x46, 0xe5, 0x31, 0x1d, 0xc6, 0x90, 0xf4, 0x6a, 0x92, 0x6c,
+	0x3e, 0x59, 0xbe, 0x65, 0xed, 0xfe, 0x61, 0x21, 0x5b, 0x39, 0xbf, 0xe7, 0x73, 0x81, 0xbf, 0x3f,
+	0x35, 0x35, 0xdc, 0x62, 0x19, 0x93, 0xd6, 0x6a, 0x66, 0x6c, 0xea, 0x88, 0x2b, 0xa9, 0x24, 0x37,
+	0x31, 0x1e, 0xa1, 0xb2, 0x2f, 0x60, 0xc4, 0x9d, 0x65, 0x95, 0x1e, 0xef, 0x9c, 0xe9, 0x69, 0xac,
+	0xa7, 0x7d, 0xb8, 0x29, 0x59, 0x48, 0x42, 0xb6, 0xfb, 0x9b, 0x85, 0xaa, 0x77, 0xa3, 0x20, 0x0e,
+	0x09, 0x24, 0xcd, 0x85, 0xe3, 0x77, 0x50, 0xb9, 0x27, 0x25, 0x49, 0x0a, 0x8c, 0x5d, 0x02, 0x4b,
+	0x74, 0xb2, 0x59, 0x45, 0xa9, 0x85, 0x8a, 0x48, 0x37, 0xab, 0x8c, 0x86, 0x18, 0x3d, 0xbe, 0x29,
+	0x5f, 0x6a, 0xb2, 0x39, 0xa4, 0x23, 0xe0, 0x4e, 0x49, 0x19, 0xe8, 0xf7, 0x97, 0x53, 0x90, 0x59,
+	0xdc, 0xee, 0xd3, 0x12, 0xda, 0x98, 0x6b, 0x3d, 0x78, 0x1f, 0x55, 0x52, 0x90, 0x8e, 0x30, 0xcb,
+	0x5a, 0xca, 0x45, 0x32, 0x84, 0xec, 0x93, 0x4c, 0x52, 0x85, 0xb4, 0xa3, 0xef, 0xcf, 0xf4, 0xc9,
+	0xc3, 0x54, 0x41, 0x0c, 0x46, 0xce, 0x16, 0xb9, 0x51, 0x53, 0x36, 0x37, 0x5b, 0x24, 0x96, 0x28,
+	0x0d, 0x6e, 0xa0, 0x52, 0xec, 0x77, 0xf5, 0xac, 0xbc, 0xaa, 0x01, 0xa5, 0x56, 0xd1, 0x39, 0x29,
+	0x8d, 0xe5, 0xd4, 0xa3, 0xa1, 0xff, 0x18, 0x22, 0xee, 0x07, 0x4c, 0x0f, 0xca, 0x6c, 0xea, 0x1d,
+	0x3c, 0x6c, 0x6a, 0x0d, 0xc9, 0xa1, 0xf0, 0x01, 0xda, 0x48, 0x8f, 0x95, 0x1a, 0x26, 0xe3, 0xf2,
+	0x8a, 0x36, 0xdc, 0x20, 0xb3, 0x6a, 0x32, 0x8f, 0xc7, 0x1f, 0xa2, 0x35, 0x1e, 0xb7, 0xb3, 0xf4,
+	0x25, 0xf3, 0x33, 0x7b, 0x26, 0x47, 0x46, 0x45, 0xf2, 0xb8, 0xdd, 0xbf, 0x96, 0xd1, 0x85, 0x87,
+	0xc1, 0xd0, 0xef, 0x9c, 0xbc, 0x86, 0x9f, 0xd1, 0x37, 0xa8, 0x1c, 0xc5, 0x43, 0x48, 0xeb, 0xfc,
+	0x46, 0xf1, 0x3a, 0x4f, 0x42, 0x24, 0xf1, 0x10, 0x4c, 0xd1, 0xca, 0x1d, 0x27, 0x09, 0x23, 0xbe,
+	0x89, 0x50, 0x30, 0xf2, 0x85, 0xea, 0x46, 0x69, 0x11, 0x5e, 0x51, 0x81, 0x64, 0x52, 0xf3, 0x3f,
+	0xc9, 0x41, 0xf1, 0x5d, 0xb4, 0x25, 0x77, 0xf7, 0x29, 0xa3, 0x3d, 0xe8, 0x7e, 0xe9, 0xc3, 0xb0,
+	0xcb, 0x55, 0x01, 0x54, 0x1a, 0x6f, 0x69, 0x4f, 0x5b, 0x0f, 0xe6, 0x01, 0xe4, 0xb4, 0xcd, 0xee,
+	0x9f, 0x16, 0x42, 0x49, 0x98, 0xaf, 0xa1, 0x63, 0xb4, 0x66, 0x3b, 0xc6, 0xd5, 0xf3, 0x66, 0x72,
+	0x41, 0xcb, 0x78, 0xba, 0x92, 0x9e, 0x41, 0x26, 0xd7, 0xfc, 0x64, 0xad, 0x22, 0x3f, 0xd9, 0x3a,
+	0x2a, 0xcb, 0x3f, 0x49, 0xda, 0x33, 0x6c, 0x89, 0x94, 0xff, 0x15, 0x4e, 0x12, 0x39, 0x76, 0x11,
+	0x92, 0x0b, 0xd5, 0x6c, 0xd2, 0x3b, 0xaa, 0xca, 0x3b, 0x6a, 0x65, 0x52, 0x92, 0x43, 0x48, 0x42,
+	0xf9, 0xe3, 0x93, 0xd7, 0x91, 0x11, 0xca, 0x8f, 0x20, 0x27, 0x89, 0x1c, 0xfb, 0xf9, 0x4e, 0x55,
+	0x56, 0x99, 0xb8, 0x55, 0x3c, 0x13, 0xb3, 0xbd, 0xd1, 0xf4, 0x8e, 0x33, 0xfb, 0x9c, 0x8b, 0x50,
+	0xd6, 0x48, 0xb8, 0x73, 0xc1, 0xc4, 0x9e, 0x75, 0x1a, 0x4e, 0x72, 0x08, 0xfc, 0x29, 0xda, 0x60,
+	0x01, 0x4b, 0xa9, 0x5a, 0xe4, 0x1e, 0x77, 0x56, 0x95, 0xd1, 0x25, 0xf9, 0x9a, 0x0f, 0x67, 0x55,
+	0x64, 0x1e, 0x3b, 0x57, 0xce, 0x95, 0xe2, 0xe5, 0xfc, 0xc5, 0x59, 0xe5, 0x6c, 0xab, 0x72, 0x7e,
+	0xa3, 0x68, 0x29, 0x37, 0xdc, 0x67, 0x2f, 0x6b, 0x4b, 0xcf, 0x5f, 0xd6, 0x96, 0x5e, 0xbc, 0xac,
+	0x2d, 0xfd, 0x3c, 0xad, 0x59, 0xcf, 0xa6, 0x35, 0xeb, 0xf9, 0xb4, 0x66, 0xbd, 0x98, 0xd6, 0xac,
+	0xbf, 0xa7, 0x35, 0xeb, 0xd7, 0x7f, 0x6a, 0x4b, 0xdf, 0x56, 0xd2, 0x4c, 0xfe, 0x1b, 0x00, 0x00,
+	0xff, 0xff, 0x3a, 0xc5, 0x5b, 0x91, 0xd7, 0x0e, 0x00, 0x00,
 }

 func (m *Event) Marshal() (dAtA []byte, err error) {
@ -716,6 +719,14 @@ func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	i--
+	if m.OmitManagedFields {
+		dAtA[i] = 1
+	} else {
+		dAtA[i] = 0
+	}
+	i--
+	dAtA[i] = 0x20
 	if len(m.OmitStages) > 0 {
 		for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.OmitStages[iNdEx])
@ -819,6 +830,16 @@ func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.OmitManagedFields != nil {
+		i--
+		if *m.OmitManagedFields {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x48
+	}
 	if len(m.OmitStages) > 0 {
 		for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.OmitStages[iNdEx])
@ -1054,6 +1075,7 @@ func (m *Policy) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	n += 2
 	return n
 }

@ -1124,6 +1146,9 @@ func (m *PolicyRule) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	if m.OmitManagedFields != nil {
+		n += 2
+	}
 	return n
 }

@ -1227,6 +1252,7 @@ func (this *Policy) String() string {
 		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
 		`Rules:` + repeatedStringForRules + `,`,
 		`OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`,
+		`OmitManagedFields:` + fmt.Sprintf("%v", this.OmitManagedFields) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1265,6 +1291,7 @@ func (this *PolicyRule) String() string {
 		`Namespaces:` + fmt.Sprintf("%v", this.Namespaces) + `,`,
 		`NonResourceURLs:` + fmt.Sprintf("%v", this.NonResourceURLs) + `,`,
 		`OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`,
+		`OmitManagedFields:` + valueToStringGenerated(this.OmitManagedFields) + `,`,
 		`}`,
 	}, "")
 	return s
@ -2688,6 +2715,26 @@ func (m *Policy) Unmarshal(dAtA []byte) error {
 			}
 			m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.OmitManagedFields = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@ -3113,6 +3160,27 @@ func (m *PolicyRule) Unmarshal(dAtA []byte) error {
 			}
 			m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			b := bool(v != 0)
+			m.OmitManagedFields = &b
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/generated.proto
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/generated.proto
@ -195,6 +195,15 @@ message Policy {
  // be specified per rule in which case the union of both are omitted.
  // +optional
  repeated string omitStages = 3;
+
+  // OmitManagedFields indicates whether to omit the managed fields of the request
+  // and response bodies from being written to the API audit log.
+  // This is used as a global default - a value of 'true' will omit the managed fileds,
+  // otherwise the managed fields will be included in the API audit log.
+  // Note that this can also be specified per rule in which case the value specified
+  // in a rule will override the global default.
+  // +optional
+  optional bool omitManagedFields = 4;
 }

 // PolicyList is a list of audit Policies.
@ -250,5 +259,16 @@ message PolicyRule {
  // An empty list means no restrictions will apply.
  // +optional
  repeated string omitStages = 8;
+
+  // OmitManagedFields indicates whether to omit the managed fields of the request
+  // and response bodies from being written to the API audit log.
+  // - a value of 'true' will drop the managed fields from the API audit log
+  // - a value of 'false' indicates that the managed fileds should be included
+  //   in the API audit log
+  // Note that the value, if specified, in this rule will override the global default
+  // If a value is not specified then the global default specified in
+  // Policy.OmitManagedFields will stand.
+  // +optional
+  optional bool omitManagedFields = 9;
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go
@ -191,6 +191,15 @@ type Policy struct {
 	// be specified per rule in which case the union of both are omitted.
 	// +optional
 	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// This is used as a global default - a value of 'true' will omit the managed fileds,
+	// otherwise the managed fields will be included in the API audit log.
+	// Note that this can also be specified per rule in which case the value specified
+	// in a rule will override the global default.
+	// +optional
+	OmitManagedFields bool `json:"omitManagedFields,omitempty" protobuf:"varint,4,opt,name=omitManagedFields"`
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -254,6 +263,17 @@ type PolicyRule struct {
 	// An empty list means no restrictions will apply.
 	// +optional
 	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// - a value of 'true' will drop the managed fields from the API audit log
+	// - a value of 'false' indicates that the managed fileds should be included
+	//   in the API audit log
+	// Note that the value, if specified, in this rule will override the global default
+	// If a value is not specified then the global default specified in
+	// Policy.OmitManagedFields will stand.
+	// +optional
+	OmitManagedFields *bool `json:"omitManagedFields,omitempty" protobuf:"varint,9,opt,name=omitManagedFields"`
 }

 // GroupResources represents resource kinds in an API group.
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -262,6 +263,7 @@ func autoConvert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy,
 	out.ObjectMeta = in.ObjectMeta
 	out.Rules = *(*[]audit.PolicyRule)(unsafe.Pointer(&in.Rules))
 	out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = in.OmitManagedFields
 	return nil
 }

@ -274,6 +276,7 @@ func autoConvert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy,
 	out.ObjectMeta = in.ObjectMeta
 	out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
 	out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = in.OmitManagedFields
 	return nil
 }

@ -313,6 +316,7 @@ func autoConvert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *au
 	out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
 	out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
 	out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields))
 	return nil
 }

@ -330,6 +334,7 @@ func autoConvert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, o
 	out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
 	out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
 	out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields))
 	return nil
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -279,6 +280,11 @@ func (in *PolicyRule) DeepCopyInto(out *PolicyRule) {
 		*out = make([]Stage, len(*in))
 		copy(*out, *in)
 	}
+	if in.OmitManagedFields != nil {
+		in, out := &in.OmitManagedFields, &out.OmitManagedFields
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.prerelease-lifecycle.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.prerelease-lifecycle.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/generated.pb.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/generated.pb.go
@ -261,87 +261,90 @@ func init() {
 }

 var fileDescriptor_c7e4d52063960930 = []byte{
-	// 1279 bytes of a gzipped FileDescriptorProto
+	// 1320 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45,
-	0x14, 0xcf, 0xd6, 0x71, 0x63, 0x8f, 0x1b, 0xc7, 0x9d, 0x56, 0x74, 0x95, 0x83, 0x6d, 0x8c, 0x04,
-	0x11, 0xa4, 0xbb, 0x4d, 0x28, 0x24, 0x42, 0x02, 0x64, 0xab, 0x15, 0x58, 0x4a, 0x43, 0x34, 0x8e,
-	0x2b, 0x04, 0x1c, 0x58, 0xdb, 0x2f, 0xf6, 0x62, 0x7b, 0x77, 0xd9, 0x99, 0x35, 0xca, 0x8d, 0x2f,
-	0x80, 0xc4, 0x9d, 0xcf, 0xc0, 0x85, 0x0f, 0x50, 0x71, 0xcc, 0xb1, 0xc7, 0x9e, 0x2c, 0x62, 0xbe,
-	0x45, 0x24, 0x24, 0x34, 0x7f, 0x76, 0x67, 0xed, 0xd4, 0xc2, 0xe1, 0xd0, 0xdb, 0xce, 0x7b, 0xbf,
-	0xf7, 0x9b, 0x37, 0xbf, 0x7d, 0xf3, 0xde, 0xa0, 0x93, 0xe1, 0x21, 0xb5, 0x5c, 0xdf, 0x1e, 0x46,
-	0x1d, 0x08, 0x3d, 0x60, 0x40, 0xed, 0x09, 0x78, 0x3d, 0x3f, 0xb4, 0x95, 0xc3, 0x09, 0x5c, 0x0a,
-	0xe1, 0x04, 0x42, 0x3b, 0x18, 0xf6, 0xc5, 0xca, 0x76, 0xa2, 0x9e, 0xcb, 0xec, 0xc9, 0x5e, 0x07,
-	0x98, 0xb3, 0x67, 0xf7, 0xc1, 0x83, 0xd0, 0x61, 0xd0, 0xb3, 0x82, 0xd0, 0x67, 0x3e, 0x7e, 0x4f,
-	0x06, 0x5a, 0x49, 0xa0, 0x15, 0x0c, 0xfb, 0x62, 0x65, 0x89, 0x40, 0x4b, 0x05, 0x6e, 0x3f, 0xec,
-	0xbb, 0x6c, 0x10, 0x75, 0xac, 0xae, 0x3f, 0xb6, 0xfb, 0x7e, 0xdf, 0xb7, 0x45, 0x7c, 0x27, 0x3a,
-	0x13, 0x2b, 0xb1, 0x10, 0x5f, 0x92, 0x77, 0x7b, 0x57, 0x27, 0x64, 0x3b, 0x11, 0x1b, 0x80, 0xc7,
-	0xdc, 0xae, 0xc3, 0x5c, 0xdf, 0xb3, 0x27, 0xd7, 0xb2, 0xd8, 0x7e, 0xac, 0xd1, 0x63, 0xa7, 0x3b,
-	0x70, 0x3d, 0x08, 0xcf, 0xf5, 0x09, 0xc6, 0xc0, 0x9c, 0xd7, 0x45, 0xd9, 0xcb, 0xa2, 0xc2, 0xc8,
-	0x63, 0xee, 0x18, 0xae, 0x05, 0x7c, 0xfc, 0x5f, 0x01, 0xb4, 0x3b, 0x80, 0xb1, 0xb3, 0x18, 0x57,
-	0xfb, 0xfd, 0x0e, 0xca, 0x3e, 0x9d, 0x80, 0xc7, 0xf0, 0xf7, 0x28, 0xc7, 0xb3, 0xe9, 0x39, 0xcc,
-	0x31, 0x8d, 0xaa, 0xb1, 0x53, 0xd8, 0x7f, 0x64, 0x69, 0x05, 0x13, 0x52, 0x2d, 0x22, 0x47, 0x5b,
-	0x93, 0x3d, 0xeb, 0xab, 0xce, 0x0f, 0xd0, 0x65, 0xcf, 0x80, 0x39, 0x0d, 0x7c, 0x31, 0xad, 0xac,
-	0xcd, 0xa6, 0x15, 0xa4, 0x6d, 0x24, 0x61, 0xc5, 0xbb, 0x28, 0x3b, 0x82, 0x09, 0x8c, 0xcc, 0x5b,
-	0x55, 0x63, 0x27, 0xdf, 0x78, 0x4b, 0x81, 0xb3, 0x47, 0xdc, 0x78, 0x15, 0x7f, 0x10, 0x09, 0xc2,
-	0xdf, 0xa2, 0x3c, 0x4f, 0x9c, 0x32, 0x67, 0x1c, 0x98, 0x19, 0x91, 0xd0, 0xfb, 0xab, 0x25, 0x74,
-	0xea, 0x8e, 0xa1, 0x71, 0x57, 0xb1, 0xe7, 0x4f, 0x63, 0x12, 0xa2, 0xf9, 0xf0, 0x31, 0xda, 0x10,
-	0x35, 0xd0, 0x7c, 0x62, 0xae, 0x8b, 0x64, 0x1e, 0x2b, 0xf8, 0x46, 0x5d, 0x9a, 0xaf, 0xa6, 0x95,
-	0xb7, 0x97, 0x49, 0xca, 0xce, 0x03, 0xa0, 0x56, 0xbb, 0xf9, 0x84, 0xc4, 0x24, 0xfc, 0x68, 0x94,
-	0x39, 0x7d, 0x30, 0xb3, 0xf3, 0x47, 0x6b, 0x71, 0xe3, 0x55, 0xfc, 0x41, 0x24, 0x08, 0xef, 0x23,
-	0x14, 0xc2, 0x8f, 0x11, 0x50, 0xd6, 0x26, 0x4d, 0xf3, 0xb6, 0x08, 0x49, 0xa4, 0x23, 0x89, 0x87,
-	0xa4, 0x50, 0xb8, 0x8a, 0xd6, 0x27, 0x10, 0x76, 0xcc, 0x0d, 0x81, 0xbe, 0xa3, 0xd0, 0xeb, 0xcf,
-	0x21, 0xec, 0x10, 0xe1, 0xc1, 0x5f, 0xa2, 0xf5, 0x88, 0x42, 0x68, 0xe6, 0x84, 0x56, 0xef, 0xa6,
-	0xb4, 0xb2, 0xe6, 0xcb, 0x94, 0x6b, 0xd4, 0xa6, 0x10, 0x36, 0xbd, 0x33, 0x5f, 0x33, 0x71, 0x0b,
-	0x11, 0x0c, 0x78, 0x80, 0x4a, 0xee, 0x38, 0x80, 0x90, 0xfa, 0x1e, 0x2f, 0x15, 0xee, 0x31, 0xf3,
-	0x37, 0x62, 0xbd, 0x3f, 0x9b, 0x56, 0x4a, 0xcd, 0x05, 0x0e, 0x72, 0x8d, 0x15, 0x7f, 0x80, 0xf2,
-	0xd4, 0x8f, 0xc2, 0x2e, 0x34, 0x4f, 0xa8, 0x89, 0xaa, 0x99, 0x9d, 0x7c, 0x63, 0x93, 0xff, 0xb4,
-	0x56, 0x6c, 0x24, 0xda, 0x8f, 0x6d, 0x94, 0xe7, 0xe9, 0xd5, 0xfb, 0xe0, 0x31, 0x13, 0x0b, 0x1d,
-	0x92, 0xbf, 0xdc, 0x8e, 0x1d, 0x44, 0x63, 0x30, 0xa0, 0xbc, 0x2f, 0x0a, 0x91, 0xc0, 0x99, 0x59,
-	0x10, 0x07, 0x38, 0xb4, 0x56, 0xec, 0x0a, 0xaa, 0xac, 0x09, 0x9c, 0x41, 0x08, 0x5e, 0x17, 0x64,
-	0x5e, 0x89, 0x91, 0x68, 0x66, 0x3c, 0x40, 0xc5, 0x10, 0x68, 0xe0, 0x7b, 0x14, 0x5a, 0xcc, 0x61,
-	0x11, 0x35, 0xef, 0x88, 0xbd, 0x76, 0x57, 0x2b, 0x57, 0x19, 0xd3, 0xc0, 0xb3, 0x69, 0xa5, 0x48,
-	0xe6, 0x78, 0xc8, 0x02, 0x2f, 0x76, 0xd0, 0xa6, 0x2a, 0x09, 0x99, 0x88, 0xb9, 0x29, 0x36, 0xda,
-	0x59, 0xba, 0x91, 0xba, 0xfd, 0x56, 0xdb, 0x1b, 0x7a, 0xfe, 0x4f, 0x5e, 0xe3, 0xee, 0x6c, 0x5a,
-	0xd9, 0x24, 0x69, 0x0a, 0x32, 0xcf, 0x88, 0x7b, 0xfa, 0x30, 0x6a, 0x8f, 0xe2, 0x0d, 0xf7, 0x98,
-	0x3b, 0x88, 0xda, 0x64, 0x81, 0x13, 0xff, 0x62, 0x20, 0x53, 0xed, 0x4b, 0xa0, 0x0b, 0xee, 0x04,
-	0x7a, 0xc9, 0x3d, 0x35, 0xb7, 0xc4, 0x86, 0xf6, 0x6a, 0xea, 0x3d, 0x73, 0xbb, 0xa1, 0x2f, 0x6e,
-	0x7c, 0x55, 0xd5, 0x82, 0x49, 0x96, 0x10, 0x93, 0xa5, 0x5b, 0x62, 0x1f, 0x15, 0xc5, 0xd5, 0xd4,
-	0x49, 0x94, 0xfe, 0x5f, 0x12, 0xf1, 0xcd, 0x2f, 0xb6, 0xe6, 0xe8, 0xc8, 0x02, 0x3d, 0x9e, 0xa0,
-	0x82, 0xe3, 0x79, 0x3e, 0x13, 0x57, 0x87, 0x9a, 0x77, 0xab, 0x99, 0x9d, 0xc2, 0xfe, 0xe7, 0x2b,
-	0x17, 0xa7, 0x68, 0xd9, 0x56, 0x5d, 0x33, 0x3c, 0xf5, 0x58, 0x78, 0xde, 0xb8, 0xa7, 0x76, 0x2f,
-	0xa4, 0x3c, 0x24, 0xbd, 0xd1, 0xf6, 0x67, 0xa8, 0xb4, 0x18, 0x85, 0x4b, 0x28, 0x33, 0x84, 0x73,
-	0xd1, 0xf4, 0xf3, 0x84, 0x7f, 0xe2, 0xfb, 0x28, 0x3b, 0x71, 0x46, 0x11, 0xc8, 0x4e, 0x4d, 0xe4,
-	0xe2, 0x93, 0x5b, 0x87, 0x46, 0xed, 0x85, 0x81, 0xf2, 0x62, 0xf3, 0x23, 0x97, 0x32, 0xfc, 0xdd,
-	0xb5, 0x99, 0x61, 0xad, 0x26, 0x18, 0x8f, 0x16, 0x13, 0xa3, 0xa4, 0x32, 0xce, 0xc5, 0x96, 0xd4,
-	0xbc, 0x68, 0xa1, 0xac, 0xcb, 0x60, 0x4c, 0xcd, 0x5b, 0x42, 0x1d, 0xeb, 0x66, 0xea, 0x34, 0x36,
-	0xe3, 0x26, 0xdc, 0xe4, 0x24, 0x44, 0x72, 0xd5, 0x7e, 0x33, 0x50, 0xf1, 0x8b, 0xd0, 0x8f, 0x02,
-	0x02, 0xb2, 0xb3, 0x50, 0xfc, 0x0e, 0xca, 0xf6, 0xb9, 0x45, 0x2a, 0xa0, 0xe3, 0x24, 0x4c, 0xfa,
-	0x78, 0xa7, 0x0a, 0xe3, 0x08, 0x91, 0x90, 0xea, 0x54, 0x09, 0x0d, 0xd1, 0x7e, 0x7c, 0xc0, 0xef,
-	0xa9, 0x5c, 0x1c, 0x3b, 0x63, 0xa0, 0x66, 0x46, 0x04, 0xa8, 0xdb, 0x97, 0x72, 0x90, 0x79, 0x5c,
-	0xed, 0x8f, 0x0c, 0xda, 0x5a, 0x68, 0x3c, 0x78, 0x17, 0xe5, 0x62, 0x90, 0xca, 0x30, 0x11, 0x2d,
-	0xe6, 0x22, 0x09, 0x82, 0x37, 0x49, 0x8f, 0x53, 0x05, 0x4e, 0x57, 0xfd, 0x3e, 0xdd, 0x24, 0x8f,
-	0x63, 0x07, 0xd1, 0x18, 0x3e, 0x58, 0xf8, 0x42, 0x8c, 0xd8, 0xd4, 0x60, 0xe1, 0x58, 0x22, 0x3c,
-	0xb8, 0x81, 0x32, 0x91, 0xdb, 0x53, 0x83, 0xf2, 0x91, 0x02, 0x64, 0xda, 0xab, 0x0e, 0x49, 0x1e,
-	0xcc, 0x0f, 0xe1, 0x04, 0xae, 0x50, 0x54, 0xcd, 0xc8, 0xe4, 0x10, 0xf5, 0x93, 0xa6, 0x54, 0x3a,
-	0x41, 0xf0, 0x01, 0xe9, 0x04, 0xee, 0x73, 0x08, 0xa9, 0xeb, 0x7b, 0x8b, 0x03, 0xb2, 0x7e, 0xd2,
-	0x54, 0x1e, 0x92, 0x42, 0xe1, 0x3a, 0xda, 0x8a, 0x45, 0x88, 0x03, 0xe5, 0xac, 0x7c, 0xa0, 0x02,
-	0xb7, 0xc8, 0xbc, 0x9b, 0x2c, 0xe2, 0xf1, 0x47, 0xa8, 0x40, 0xa3, 0x4e, 0x22, 0x76, 0x4e, 0x84,
-	0x27, 0x77, 0xaa, 0xa5, 0x5d, 0x24, 0x8d, 0xab, 0xfd, 0x63, 0xa0, 0xdb, 0x27, 0xfe, 0xc8, 0xed,
-	0x9e, 0xbf, 0x81, 0x47, 0xd4, 0xd7, 0x28, 0x1b, 0x46, 0x23, 0x88, 0x2f, 0xc5, 0x87, 0x2b, 0x5f,
-	0x0a, 0x99, 0x21, 0x89, 0x46, 0xa0, 0x2b, 0x9c, 0xaf, 0x28, 0x91, 0x84, 0xf8, 0x00, 0x21, 0x7f,
-	0xec, 0x32, 0xd1, 0xb8, 0xe2, 0x8a, 0x7d, 0x20, 0xf2, 0x48, 0xac, 0xfa, 0x25, 0x93, 0x82, 0xd6,
-	0xfe, 0x34, 0x10, 0x92, 0xec, 0x6f, 0xa0, 0x29, 0x9c, 0xce, 0x37, 0x05, 0xfb, 0x86, 0xe7, 0x5f,
-	0xd2, 0x15, 0x5e, 0x64, 0xe2, 0x23, 0x70, 0x49, 0xf4, 0x4b, 0xd5, 0x58, 0xe5, 0xa5, 0x5a, 0x41,
-	0x59, 0xfe, 0xe6, 0x88, 0xdb, 0x42, 0x9e, 0x23, 0xf9, 0x7b, 0x84, 0x12, 0x69, 0xc7, 0x16, 0x42,
-	0xfc, 0x43, 0xd4, 0x76, 0xac, 0x6c, 0x91, 0x2b, 0xdb, 0x4e, 0xac, 0x24, 0x85, 0xe0, 0x84, 0xfc,
-	0x45, 0x47, 0xcd, 0x75, 0x4d, 0xc8, 0x1f, 0x7a, 0x94, 0x48, 0x3b, 0x1e, 0xa4, 0x9b, 0x51, 0x56,
-	0x08, 0x71, 0xb0, 0xb2, 0x10, 0xf3, 0xdd, 0x4f, 0x77, 0x87, 0xd7, 0x76, 0x32, 0x0b, 0xa1, 0xa4,
-	0x55, 0x50, 0xf3, 0xb6, 0x4e, 0x3d, 0xe9, 0x25, 0x94, 0xa4, 0x10, 0xf8, 0x53, 0xb4, 0xe5, 0xf9,
-	0x5e, 0x4c, 0xd5, 0x26, 0x47, 0xd4, 0xdc, 0x10, 0x41, 0xf7, 0xf8, 0x0d, 0x3c, 0x9e, 0x77, 0x91,
-	0x45, 0xec, 0x42, 0x0d, 0xe6, 0x56, 0xae, 0xc1, 0xc6, 0xc3, 0x8b, 0xcb, 0xf2, 0xda, 0xcb, 0xcb,
-	0xf2, 0xda, 0xab, 0xcb, 0xf2, 0xda, 0xcf, 0xb3, 0xb2, 0x71, 0x31, 0x2b, 0x1b, 0x2f, 0x67, 0x65,
-	0xe3, 0xd5, 0xac, 0x6c, 0xfc, 0x35, 0x2b, 0x1b, 0xbf, 0xfe, 0x5d, 0x5e, 0xfb, 0x66, 0x43, 0x69,
-	0xf0, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x4f, 0xae, 0x4a, 0x9d, 0x6e, 0x0e, 0x00, 0x00,
+	0x14, 0xcf, 0xc6, 0x71, 0xe3, 0x9d, 0x34, 0x4e, 0x32, 0x2d, 0x74, 0xc9, 0xc1, 0x0e, 0x41, 0x82,
+	0x08, 0xd2, 0xdd, 0xb6, 0x14, 0x5a, 0x21, 0x01, 0x8a, 0x69, 0x29, 0x96, 0xda, 0x34, 0x9a, 0xd4,
+	0x15, 0x02, 0x0e, 0x8c, 0xed, 0x17, 0x7b, 0x89, 0x3d, 0xbb, 0xec, 0xcc, 0x1a, 0xe5, 0x86, 0xc4,
+	0x19, 0x89, 0x3b, 0x9f, 0x81, 0x0b, 0x1f, 0x00, 0x71, 0x42, 0x3d, 0xf6, 0xd8, 0x53, 0x44, 0xcd,
+	0xb7, 0xe8, 0x09, 0xcd, 0xec, 0xec, 0xce, 0x7a, 0x53, 0x8b, 0x0d, 0x87, 0xde, 0x76, 0xde, 0xfb,
+	0xbd, 0xdf, 0x7b, 0xf3, 0xf6, 0xfd, 0x19, 0x74, 0x70, 0x7c, 0x9b, 0xbb, 0x7e, 0xe0, 0x1d, 0xc7,
+	0x5d, 0x88, 0x18, 0x08, 0xe0, 0xde, 0x04, 0x58, 0x3f, 0x88, 0x3c, 0xad, 0xa0, 0xa1, 0xcf, 0x21,
+	0x9a, 0x40, 0xe4, 0x85, 0xc7, 0x03, 0x75, 0xf2, 0x68, 0xdc, 0xf7, 0x85, 0x37, 0xb9, 0xde, 0x05,
+	0x41, 0xaf, 0x7b, 0x03, 0x60, 0x10, 0x51, 0x01, 0x7d, 0x37, 0x8c, 0x02, 0x11, 0xe0, 0x77, 0x12,
+	0x43, 0x37, 0x33, 0x74, 0xc3, 0xe3, 0x81, 0x3a, 0xb9, 0xca, 0xd0, 0xd5, 0x86, 0x9b, 0x57, 0x07,
+	0xbe, 0x18, 0xc6, 0x5d, 0xb7, 0x17, 0x8c, 0xbd, 0x41, 0x30, 0x08, 0x3c, 0x65, 0xdf, 0x8d, 0x8f,
+	0xd4, 0x49, 0x1d, 0xd4, 0x57, 0xc2, 0xbb, 0xb9, 0x6b, 0x02, 0xf2, 0x68, 0x2c, 0x86, 0xc0, 0x84,
+	0xdf, 0xa3, 0xc2, 0x0f, 0x98, 0x37, 0x39, 0x13, 0xc5, 0xe6, 0x4d, 0x83, 0x1e, 0xd3, 0xde, 0xd0,
+	0x67, 0x10, 0x9d, 0x98, 0x1b, 0x8c, 0x41, 0xd0, 0x97, 0x59, 0x79, 0xf3, 0xac, 0xa2, 0x98, 0x09,
+	0x7f, 0x0c, 0x67, 0x0c, 0x3e, 0xfc, 0x2f, 0x03, 0xde, 0x1b, 0xc2, 0x98, 0x16, 0xed, 0xb6, 0x7f,
+	0xbb, 0x88, 0xaa, 0x77, 0x27, 0xc0, 0x04, 0xfe, 0x16, 0xd5, 0x64, 0x34, 0x7d, 0x2a, 0xa8, 0x63,
+	0x6d, 0x59, 0x3b, 0x2b, 0x37, 0xae, 0xb9, 0x26, 0x83, 0x19, 0xa9, 0x49, 0xa2, 0x44, 0xbb, 0x93,
+	0xeb, 0xee, 0xc3, 0xee, 0x77, 0xd0, 0x13, 0x0f, 0x40, 0xd0, 0x16, 0x7e, 0x72, 0xda, 0x5c, 0x98,
+	0x9e, 0x36, 0x91, 0x91, 0x91, 0x8c, 0x15, 0xef, 0xa2, 0xea, 0x08, 0x26, 0x30, 0x72, 0x16, 0xb7,
+	0xac, 0x1d, 0xbb, 0xf5, 0xba, 0x06, 0x57, 0xef, 0x4b, 0xe1, 0x8b, 0xf4, 0x83, 0x24, 0x20, 0xfc,
+	0x35, 0xb2, 0x65, 0xe0, 0x5c, 0xd0, 0x71, 0xe8, 0x54, 0x54, 0x40, 0xef, 0x96, 0x0b, 0xe8, 0x91,
+	0x3f, 0x86, 0xd6, 0x86, 0x66, 0xb7, 0x1f, 0xa5, 0x24, 0xc4, 0xf0, 0xe1, 0x7d, 0xb4, 0xac, 0x6a,
+	0xa0, 0x7d, 0xc7, 0x59, 0x52, 0xc1, 0xdc, 0xd4, 0xf0, 0xe5, 0xbd, 0x44, 0xfc, 0xe2, 0xb4, 0xf9,
+	0xe6, 0xbc, 0x94, 0x8a, 0x93, 0x10, 0xb8, 0xdb, 0x69, 0xdf, 0x21, 0x29, 0x89, 0xbc, 0x1a, 0x17,
+	0x74, 0x00, 0x4e, 0x75, 0xf6, 0x6a, 0x87, 0x52, 0xf8, 0x22, 0xfd, 0x20, 0x09, 0x08, 0xdf, 0x40,
+	0x28, 0x82, 0xef, 0x63, 0xe0, 0xa2, 0x43, 0xda, 0xce, 0x05, 0x65, 0x92, 0xa5, 0x8e, 0x64, 0x1a,
+	0x92, 0x43, 0xe1, 0x2d, 0xb4, 0x34, 0x81, 0xa8, 0xeb, 0x2c, 0x2b, 0xf4, 0x45, 0x8d, 0x5e, 0x7a,
+	0x0c, 0x51, 0x97, 0x28, 0x0d, 0xfe, 0x02, 0x2d, 0xc5, 0x1c, 0x22, 0xa7, 0xa6, 0x72, 0xf5, 0x76,
+	0x2e, 0x57, 0xee, 0x6c, 0x99, 0xca, 0x1c, 0x75, 0x38, 0x44, 0x6d, 0x76, 0x14, 0x18, 0x26, 0x29,
+	0x21, 0x8a, 0x01, 0x0f, 0xd1, 0xba, 0x3f, 0x0e, 0x21, 0xe2, 0x01, 0x93, 0xa5, 0x22, 0x35, 0x8e,
+	0x7d, 0x2e, 0xd6, 0xcb, 0xd3, 0xd3, 0xe6, 0x7a, 0xbb, 0xc0, 0x41, 0xce, 0xb0, 0xe2, 0xf7, 0x90,
+	0xcd, 0x83, 0x38, 0xea, 0x41, 0xfb, 0x80, 0x3b, 0x68, 0xab, 0xb2, 0x63, 0xb7, 0x56, 0xe5, 0x4f,
+	0x3b, 0x4c, 0x85, 0xc4, 0xe8, 0xb1, 0x87, 0x6c, 0x19, 0xde, 0xde, 0x00, 0x98, 0x70, 0xb0, 0xca,
+	0x43, 0xf6, 0x97, 0x3b, 0xa9, 0x82, 0x18, 0x0c, 0x06, 0x64, 0x07, 0xaa, 0x10, 0x09, 0x1c, 0x39,
+	0x2b, 0xea, 0x02, 0xb7, 0xdd, 0x92, 0x53, 0x41, 0x97, 0x35, 0x81, 0x23, 0x88, 0x80, 0xf5, 0x20,
+	0x89, 0x2b, 0x13, 0x12, 0xc3, 0x8c, 0x87, 0xa8, 0x1e, 0x01, 0x0f, 0x03, 0xc6, 0xe1, 0x50, 0x50,
+	0x11, 0x73, 0xe7, 0xa2, 0xf2, 0xb5, 0x5b, 0xae, 0x5c, 0x13, 0x9b, 0x16, 0x9e, 0x9e, 0x36, 0xeb,
+	0x64, 0x86, 0x87, 0x14, 0x78, 0x31, 0x45, 0xab, 0xba, 0x24, 0x92, 0x40, 0x9c, 0x55, 0xe5, 0x68,
+	0x67, 0xae, 0x23, 0xdd, 0xfd, 0x6e, 0x87, 0x1d, 0xb3, 0xe0, 0x07, 0xd6, 0xda, 0x98, 0x9e, 0x36,
+	0x57, 0x49, 0x9e, 0x82, 0xcc, 0x32, 0xe2, 0xbe, 0xb9, 0x8c, 0xf6, 0x51, 0x3f, 0xa7, 0x8f, 0x99,
+	0x8b, 0x68, 0x27, 0x05, 0x4e, 0xfc, 0xb3, 0x85, 0x1c, 0xed, 0x97, 0x40, 0x0f, 0xfc, 0x09, 0xf4,
+	0xb3, 0x3e, 0x75, 0xd6, 0x94, 0x43, 0xaf, 0x5c, 0xf6, 0x1e, 0xf8, 0xbd, 0x28, 0x50, 0x1d, 0xbf,
+	0xa5, 0x6b, 0xc1, 0x21, 0x73, 0x88, 0xc9, 0x5c, 0x97, 0x38, 0x40, 0x75, 0xd5, 0x9a, 0x26, 0x88,
+	0xf5, 0xff, 0x17, 0x44, 0xda, 0xf9, 0xf5, 0xc3, 0x19, 0x3a, 0x52, 0xa0, 0xc7, 0x13, 0xb4, 0x42,
+	0x19, 0x0b, 0x84, 0x6a, 0x1d, 0xee, 0x6c, 0x6c, 0x55, 0x76, 0x56, 0x6e, 0x7c, 0x5a, 0xba, 0x38,
+	0xd5, 0xc8, 0x76, 0xf7, 0x0c, 0xc3, 0x5d, 0x26, 0xa2, 0x93, 0xd6, 0x25, 0xed, 0x7d, 0x25, 0xa7,
+	0x21, 0x79, 0x47, 0x9b, 0x9f, 0xa0, 0xf5, 0xa2, 0x15, 0x5e, 0x47, 0x95, 0x63, 0x38, 0x51, 0x43,
+	0xdf, 0x26, 0xf2, 0x13, 0x5f, 0x46, 0xd5, 0x09, 0x1d, 0xc5, 0x90, 0x4c, 0x6a, 0x92, 0x1c, 0x3e,
+	0x5a, 0xbc, 0x6d, 0x6d, 0xff, 0x61, 0x21, 0x5b, 0x39, 0xbf, 0xef, 0x73, 0x81, 0xbf, 0x39, 0xb3,
+	0x33, 0xdc, 0x72, 0x09, 0x93, 0xd6, 0x6a, 0x63, 0xac, 0xeb, 0x88, 0x6b, 0xa9, 0x24, 0xb7, 0x2f,
+	0x0e, 0x51, 0xd5, 0x17, 0x30, 0xe6, 0xce, 0xa2, 0xca, 0x8e, 0x7b, 0xbe, 0xec, 0xb4, 0x56, 0xd3,
+	0x21, 0xdc, 0x96, 0x24, 0x24, 0xe1, 0xda, 0xfe, 0xd5, 0x42, 0xf5, 0x7b, 0x51, 0x10, 0x87, 0x04,
+	0x92, 0xc9, 0xc2, 0xf1, 0x5b, 0xa8, 0x3a, 0x90, 0x92, 0x24, 0x03, 0xc6, 0x2e, 0x81, 0x25, 0x3a,
+	0x39, 0xa9, 0xa2, 0xd4, 0x42, 0x05, 0xa4, 0x27, 0x55, 0x46, 0x43, 0x8c, 0x1e, 0xdf, 0x92, 0x7d,
+	0x9a, 0x1c, 0xf6, 0xe9, 0x18, 0xb8, 0x53, 0x51, 0x06, 0xba, 0xfb, 0x72, 0x0a, 0x32, 0x8b, 0xdb,
+	0xfe, 0xbd, 0x82, 0xd6, 0x0a, 0x83, 0x07, 0xef, 0xa2, 0x5a, 0x0a, 0xd2, 0x11, 0x66, 0x49, 0x4b,
+	0xb9, 0x48, 0x86, 0x90, 0x43, 0x92, 0x49, 0xaa, 0x90, 0xf6, 0xf4, 0xef, 0x33, 0x43, 0x72, 0x3f,
+	0x55, 0x10, 0x83, 0x91, 0x8b, 0x45, 0x1e, 0xd4, 0x8a, 0xcd, 0x2d, 0x16, 0x89, 0x25, 0x4a, 0x83,
+	0x5b, 0xa8, 0x12, 0xfb, 0x7d, 0xbd, 0x28, 0xaf, 0x69, 0x40, 0xa5, 0x53, 0x76, 0x49, 0x4a, 0x63,
+	0x79, 0x09, 0x1a, 0xfa, 0x2a, 0xa3, 0x7a, 0x47, 0x66, 0x97, 0xd8, 0x3b, 0x68, 0x27, 0x99, 0xce,
+	0x10, 0x72, 0x41, 0xd2, 0xd0, 0x7f, 0x0c, 0x11, 0xf7, 0x03, 0x56, 0x5c, 0x90, 0x7b, 0x07, 0x6d,
+	0xad, 0x21, 0x39, 0x14, 0xde, 0x43, 0x6b, 0x69, 0x12, 0x52, 0xc3, 0x64, 0x57, 0x5e, 0xd1, 0x86,
+	0x6b, 0x64, 0x56, 0x4d, 0x8a, 0x78, 0xfc, 0x01, 0x5a, 0xe1, 0x71, 0x37, 0x4b, 0x76, 0x4d, 0x99,
+	0x67, 0x3d, 0x75, 0x68, 0x54, 0x24, 0x8f, 0xdb, 0xfe, 0x6b, 0x11, 0x5d, 0x38, 0x08, 0x46, 0x7e,
+	0xef, 0xe4, 0x15, 0x3c, 0xa2, 0xbe, 0x44, 0xd5, 0x28, 0x1e, 0x41, 0xda, 0x14, 0xef, 0x97, 0x6e,
+	0x8a, 0x24, 0x42, 0x12, 0x8f, 0xc0, 0x54, 0xb8, 0x3c, 0x71, 0x92, 0x10, 0xe2, 0x5b, 0x08, 0x05,
+	0x63, 0x5f, 0xa8, 0xc1, 0x95, 0x56, 0xec, 0x15, 0x15, 0x47, 0x26, 0x35, 0x2f, 0x99, 0x1c, 0x14,
+	0xdf, 0x43, 0x1b, 0xf2, 0xf4, 0x80, 0x32, 0x3a, 0x80, 0xfe, 0xe7, 0x3e, 0x8c, 0xfa, 0x5c, 0x55,
+	0x4b, 0xad, 0xf5, 0x86, 0xf6, 0xb4, 0xf1, 0xb0, 0x08, 0x20, 0x67, 0x6d, 0xb6, 0xff, 0xb4, 0x10,
+	0x4a, 0xc2, 0x7c, 0x05, 0xd3, 0xe5, 0xd1, 0xec, 0x74, 0xf1, 0xce, 0x99, 0xc8, 0x39, 0xe3, 0xe5,
+	0xa7, 0xa5, 0xf4, 0x0a, 0x32, 0xb7, 0xe6, 0xc9, 0x6b, 0x95, 0x79, 0xf2, 0x36, 0x51, 0x55, 0x3e,
+	0x5e, 0xd2, 0xf9, 0x62, 0x4b, 0xa4, 0x7c, 0xd8, 0x70, 0x92, 0xc8, 0xb1, 0x8b, 0x90, 0xfc, 0x50,
+	0x4d, 0x92, 0xfe, 0xa2, 0xba, 0xfc, 0x45, 0x9d, 0x4c, 0x4a, 0x72, 0x08, 0x49, 0x28, 0x9f, 0x86,
+	0xf2, 0x6f, 0x64, 0x84, 0xf2, 0xc5, 0xc8, 0x49, 0x22, 0xc7, 0xc3, 0xfc, 0x54, 0xab, 0xaa, 0x44,
+	0xdc, 0x2a, 0x9d, 0x88, 0xd9, 0x31, 0x6a, 0xc6, 0xcc, 0x4b, 0x47, 0xa2, 0x8b, 0x50, 0x36, 0x73,
+	0xb8, 0x73, 0xc1, 0x84, 0x9e, 0x0d, 0x25, 0x4e, 0x72, 0x08, 0xfc, 0x31, 0x5a, 0x63, 0x01, 0x4b,
+	0xa9, 0x3a, 0xe4, 0x3e, 0x77, 0x96, 0x95, 0xd1, 0x25, 0xd9, 0xca, 0xfb, 0xb3, 0x2a, 0x52, 0xc4,
+	0x16, 0x8a, 0xb9, 0x56, 0xbe, 0x98, 0x3f, 0x7b, 0x59, 0x31, 0xdb, 0xaa, 0x98, 0x5f, 0x2b, 0x5b,
+	0xc8, 0xad, 0xab, 0x4f, 0x9e, 0x37, 0x16, 0x9e, 0x3e, 0x6f, 0x2c, 0x3c, 0x7b, 0xde, 0x58, 0xf8,
+	0x71, 0xda, 0xb0, 0x9e, 0x4c, 0x1b, 0xd6, 0xd3, 0x69, 0xc3, 0x7a, 0x36, 0x6d, 0x58, 0x7f, 0x4f,
+	0x1b, 0xd6, 0x2f, 0xff, 0x34, 0x16, 0xbe, 0x5a, 0xd6, 0x89, 0xfc, 0x37, 0x00, 0x00, 0xff, 0xff,
+	0x21, 0x57, 0x33, 0x77, 0xfc, 0x0e, 0x00, 0x00,
 }

 func (m *Event) Marshal() (dAtA []byte, err error) {
@ -722,6 +725,14 @@ func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	i--
+	if m.OmitManagedFields {
+		dAtA[i] = 1
+	} else {
+		dAtA[i] = 0
+	}
+	i--
+	dAtA[i] = 0x20
 	if len(m.OmitStages) > 0 {
 		for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.OmitStages[iNdEx])
@ -825,6 +836,16 @@ func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.OmitManagedFields != nil {
+		i--
+		if *m.OmitManagedFields {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x48
+	}
 	if len(m.OmitStages) > 0 {
 		for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.OmitStages[iNdEx])
@ -1062,6 +1083,7 @@ func (m *Policy) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	n += 2
 	return n
 }

@ -1132,6 +1154,9 @@ func (m *PolicyRule) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	if m.OmitManagedFields != nil {
+		n += 2
+	}
 	return n
 }

@ -1236,6 +1261,7 @@ func (this *Policy) String() string {
 		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
 		`Rules:` + repeatedStringForRules + `,`,
 		`OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`,
+		`OmitManagedFields:` + fmt.Sprintf("%v", this.OmitManagedFields) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1274,6 +1300,7 @@ func (this *PolicyRule) String() string {
 		`Namespaces:` + fmt.Sprintf("%v", this.Namespaces) + `,`,
 		`NonResourceURLs:` + fmt.Sprintf("%v", this.NonResourceURLs) + `,`,
 		`OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`,
+		`OmitManagedFields:` + valueToStringGenerated(this.OmitManagedFields) + `,`,
 		`}`,
 	}, "")
 	return s
@ -2729,6 +2756,26 @@ func (m *Policy) Unmarshal(dAtA []byte) error {
 			}
 			m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.OmitManagedFields = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@ -3154,6 +3201,27 @@ func (m *PolicyRule) Unmarshal(dAtA []byte) error {
 			}
 			m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 9:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			b := bool(v != 0)
+			m.OmitManagedFields = &b
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/generated.proto
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/generated.proto
@ -204,6 +204,15 @@ message Policy {
  // be specified per rule in which case the union of both are omitted.
  // +optional
  repeated string omitStages = 3;
+
+  // OmitManagedFields indicates whether to omit the managed fields of the request
+  // and response bodies from being written to the API audit log.
+  // This is used as a global default - a value of 'true' will omit the managed fileds,
+  // otherwise the managed fields will be included in the API audit log.
+  // Note that this can also be specified per rule in which case the value specified
+  // in a rule will override the global default.
+  // +optional
+  optional bool omitManagedFields = 4;
 }

 // PolicyList is a list of audit Policies.
@ -259,5 +268,16 @@ message PolicyRule {
  // An empty list means no restrictions will apply.
  // +optional
  repeated string omitStages = 8;
+
+  // OmitManagedFields indicates whether to omit the managed fields of the request
+  // and response bodies from being written to the API audit log.
+  // - a value of 'true' will drop the managed fields from the API audit log
+  // - a value of 'false' indicates that the managed fileds should be included
+  //   in the API audit log
+  // Note that the value, if specified, in this rule will override the global default
+  // If a value is not specified then the global default specified in
+  // Policy.OmitManagedFields will stand.
+  // +optional
+  optional bool omitManagedFields = 9;
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go
@ -187,6 +187,15 @@ type Policy struct {
 	// be specified per rule in which case the union of both are omitted.
 	// +optional
 	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// This is used as a global default - a value of 'true' will omit the managed fileds,
+	// otherwise the managed fields will be included in the API audit log.
+	// Note that this can also be specified per rule in which case the value specified
+	// in a rule will override the global default.
+	// +optional
+	OmitManagedFields bool `json:"omitManagedFields,omitempty" protobuf:"varint,4,opt,name=omitManagedFields"`
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -250,6 +259,17 @@ type PolicyRule struct {
 	// An empty list means no restrictions will apply.
 	// +optional
 	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	// - a value of 'true' will drop the managed fields from the API audit log
+	// - a value of 'false' indicates that the managed fileds should be included
+	//   in the API audit log
+	// Note that the value, if specified, in this rule will override the global default
+	// If a value is not specified then the global default specified in
+	// Policy.OmitManagedFields will stand.
+	// +optional
+	OmitManagedFields *bool `json:"omitManagedFields,omitempty" protobuf:"varint,9,opt,name=omitManagedFields"`
 }

 // GroupResources represents resource kinds in an API group.
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.conversion.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -257,6 +258,7 @@ func autoConvert_v1beta1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s
 	out.ObjectMeta = in.ObjectMeta
 	out.Rules = *(*[]audit.PolicyRule)(unsafe.Pointer(&in.Rules))
 	out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = in.OmitManagedFields
 	return nil
 }

@ -269,6 +271,7 @@ func autoConvert_audit_Policy_To_v1beta1_Policy(in *audit.Policy, out *Policy, s
 	out.ObjectMeta = in.ObjectMeta
 	out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
 	out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = in.OmitManagedFields
 	return nil
 }

@ -308,6 +311,7 @@ func autoConvert_v1beta1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *aud
 	out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
 	out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
 	out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields))
 	return nil
 }

@ -325,6 +329,7 @@ func autoConvert_audit_PolicyRule_To_v1beta1_PolicyRule(in *audit.PolicyRule, ou
 	out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
 	out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
 	out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages))
+	out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields))
 	return nil
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -279,6 +280,11 @@ func (in *PolicyRule) DeepCopyInto(out *PolicyRule) {
 		*out = make([]Stage, len(*in))
 		copy(*out, *in)
 	}
+	if in.OmitManagedFields != nil {
+		in, out := &in.OmitManagedFields, &out.OmitManagedFields
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.defaults.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.defaults.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.prerelease-lifecycle.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.prerelease-lifecycle.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
@ -277,6 +278,11 @@ func (in *PolicyRule) DeepCopyInto(out *PolicyRule) {
 		*out = make([]Stage, len(*in))
 		copy(*out, *in)
 	}
+	if in.OmitManagedFields != nil {
+		in, out := &in.OmitManagedFields, &out.OmitManagedFields
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

--- a/vendor/k8s.io/apiserver/pkg/audit/context.go
+++ b/vendor/k8s.io/apiserver/pkg/audit/context.go
@ -19,6 +19,7 @@ package audit
 import (
 	"context"

+	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
 )

@ -27,7 +28,15 @@ type key int

 const (
 	// auditAnnotationsKey is the context key for the audit annotations.
+	// TODO: it's wasteful to store the audit annotations under a separate key, we
+	//  copy the request context twice for audit purposes. We should move the audit
+	//  annotations under AuditContext so we can get rid of the additional request
+	//  context copy.
 	auditAnnotationsKey key = iota
+
+	// auditKey is the context key for storing the audit event that is being
+	// captured and the evaluated policy that applies to the given request.
+	auditKey
 )

 // annotations = *[]annotation instead of a map to preserve order of insertions
@ -59,7 +68,7 @@ func WithAuditAnnotations(parent context.Context) context.Context {
 // prefer AddAuditAnnotation over LogAnnotation to avoid dropping annotations.
 func AddAuditAnnotation(ctx context.Context, key, value string) {
 	// use the audit event directly if we have it
-	if ae := genericapirequest.AuditEventFrom(ctx); ae != nil {
+	if ae := AuditEventFrom(ctx); ae != nil {
 		LogAnnotation(ae, key, value)
 		return
 	}
@ -82,3 +91,26 @@ func auditAnnotationsFrom(ctx context.Context) []annotation {

 	return *annotations
 }
+
+// WithAuditContext returns a new context that stores the pair of the audit
+// configuration object that applies to the given request and
+// the audit event that is going to be written to the API audit log.
+func WithAuditContext(parent context.Context, ev *AuditContext) context.Context {
+	return genericapirequest.WithValue(parent, auditKey, ev)
+}
+
+// AuditEventFrom returns the audit event struct on the ctx
+func AuditEventFrom(ctx context.Context) *auditinternal.Event {
+	if o := AuditContextFrom(ctx); o != nil {
+		return o.Event
+	}
+	return nil
+}
+
+// AuditContextFrom returns the pair of the audit configuration object
+// that applies to the given request and the audit event that is going to
+// be written to the API audit log.
+func AuditContextFrom(ctx context.Context) *AuditContext {
+	ev, _ := ctx.Value(auditKey).(*AuditContext)
+	return ev
+}
--- a/vendor/k8s.io/apiserver/pkg/audit/evaluator.go
+++ b/vendor/k8s.io/apiserver/pkg/audit/evaluator.go
@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package audit
+
+import (
+	"k8s.io/apiserver/pkg/apis/audit"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+// AuditContext is a pair of the audit configuration object that applies to
+// a given request and the audit Event object that is being captured.
+// It's a convenient placeholder to store both these objects in the request context.
+type AuditContext struct {
+	// RequestAuditConfig is the audit configuration that applies to the request
+	RequestAuditConfig RequestAuditConfig
+
+	// Event is the audit Event object that is being captured to be written in
+	// the API audit log. It is set to nil when the request is not being audited.
+	Event *audit.Event
+}
+
+// RequestAuditConfig is the evaluated audit configuration that is applicable to
+// a given request. PolicyRuleEvaluator evaluates the audit policy against the
+// authorizer attributes and returns a RequestAuditConfig that applies to the request.
+type RequestAuditConfig struct {
+	// OmitStages is the stages that need to be omitted from being audited.
+	OmitStages []audit.Stage
+
+	// OmitManagedFields indicates whether to omit the managed fields of the request
+	// and response bodies from being written to the API audit log.
+	OmitManagedFields bool
+}
+
+// RequestAuditConfigWithLevel includes Level at which the request is being audited.
+// PolicyRuleEvaluator evaluates the audit configuration for a request
+// against the authorizer attributes and returns an RequestAuditConfigWithLevel
+// that applies to the request.
+type RequestAuditConfigWithLevel struct {
+	RequestAuditConfig
+
+	// Level at which the request is being audited at
+	Level audit.Level
+}
+
+// PolicyRuleEvaluator exposes methods for evaluating the policy rules.
+type PolicyRuleEvaluator interface {
+	// EvaluatePolicyRule evaluates the audit policy of the apiserver against
+	// the given authorizer attributes and returns the audit configuration that
+	// is applicable to the given equest.
+	EvaluatePolicyRule(authorizer.Attributes) RequestAuditConfigWithLevel
+}
--- a/vendor/k8s.io/apiserver/pkg/audit/request.go
+++ b/vendor/k8s.io/apiserver/pkg/audit/request.go
@ -18,6 +18,7 @@ package audit

 import (
 	"bytes"
+	"context"
 	"fmt"
 	"net/http"
 	"reflect"
@ -111,7 +112,8 @@ func LogImpersonatedUser(ae *auditinternal.Event, user user.Info) {

 // LogRequestObject fills in the request object into an audit event. The passed runtime.Object
 // will be converted to the given gv.
-func LogRequestObject(ae *auditinternal.Event, obj runtime.Object, objGV schema.GroupVersion, gvr schema.GroupVersionResource, subresource string, s runtime.NegotiatedSerializer) {
+func LogRequestObject(ctx context.Context, obj runtime.Object, objGV schema.GroupVersion, gvr schema.GroupVersionResource, subresource string, s runtime.NegotiatedSerializer) {
+	ae := AuditEventFrom(ctx)
 	if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) {
 		return
 	}
@ -151,6 +153,16 @@ func LogRequestObject(ae *auditinternal.Event, obj runtime.Object, objGV schema.
 		return
 	}

+	if shouldOmitManagedFields(ctx) {
+		copy, ok, err := copyWithoutManagedFields(obj)
+		if err != nil {
+			klog.Warningf("error while dropping managed fields from the request for %q error: %v", reflect.TypeOf(obj).Name(), err)
+		}
+		if ok {
+			obj = copy
+		}
+	}
+
 	// TODO(audit): hook into the serializer to avoid double conversion
 	var err error
 	ae.RequestObject, err = encodeObject(obj, objGV, s)
@ -162,7 +174,8 @@ func LogRequestObject(ae *auditinternal.Event, obj runtime.Object, objGV schema.
 }

 // LogRequestPatch fills in the given patch as the request object into an audit event.
-func LogRequestPatch(ae *auditinternal.Event, patch []byte) {
+func LogRequestPatch(ctx context.Context, patch []byte) {
+	ae := AuditEventFrom(ctx)
 	if ae == nil || ae.Level.Less(auditinternal.LevelRequest) {
 		return
 	}
@ -175,7 +188,8 @@ func LogRequestPatch(ae *auditinternal.Event, patch []byte) {

 // LogResponseObject fills in the response object into an audit event. The passed runtime.Object
 // will be converted to the given gv.
-func LogResponseObject(ae *auditinternal.Event, obj runtime.Object, gv schema.GroupVersion, s runtime.NegotiatedSerializer) {
+func LogResponseObject(ctx context.Context, obj runtime.Object, gv schema.GroupVersion, s runtime.NegotiatedSerializer) {
+	ae := AuditEventFrom(ctx)
 	if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) {
 		return
 	}
@ -191,6 +205,17 @@ func LogResponseObject(ae *auditinternal.Event, obj runtime.Object, gv schema.Gr
 	if ae.Level.Less(auditinternal.LevelRequestResponse) {
 		return
 	}
+
+	if shouldOmitManagedFields(ctx) {
+		copy, ok, err := copyWithoutManagedFields(obj)
+		if err != nil {
+			klog.Warningf("error while dropping managed fields from the response for %q error: %v", reflect.TypeOf(obj).Name(), err)
+		}
+		if ok {
+			obj = copy
+		}
+	}
+
 	// TODO(audit): hook into the serializer to avoid double conversion
 	var err error
 	ae.ResponseObject, err = encodeObject(obj, gv, s)
@ -242,3 +267,72 @@ func maybeTruncateUserAgent(req *http.Request) string {

 	return ua
 }
+
+// copyWithoutManagedFields will make a deep copy of the specified object and
+// will discard the managed fields from the copy.
+// The specified object is expected to be a meta.Object or a "list".
+// The specified object obj is treated as readonly and hence not mutated.
+// On return, an error is set if the function runs into any error while
+// removing the managed fields, the boolean value is true if the copy has
+// been made successfully, otherwise false.
+func copyWithoutManagedFields(obj runtime.Object) (runtime.Object, bool, error) {
+	isAccessor := true
+	if _, err := meta.Accessor(obj); err != nil {
+		isAccessor = false
+	}
+	isList := meta.IsListType(obj)
+	_, isTable := obj.(*metav1.Table)
+	if !isAccessor && !isList && !isTable {
+		return nil, false, nil
+	}
+
+	// TODO a deep copy isn't really needed here, figure out how we can reliably
+	//  use shallow copy here to omit the manageFields.
+	copy := obj.DeepCopyObject()
+
+	if isAccessor {
+		if err := removeManagedFields(copy); err != nil {
+			return nil, false, err
+		}
+	}
+
+	if isList {
+		if err := meta.EachListItem(copy, removeManagedFields); err != nil {
+			return nil, false, err
+		}
+	}
+
+	if isTable {
+		table := copy.(*metav1.Table)
+		for i := range table.Rows {
+			rowObj := table.Rows[i].Object
+			if err := removeManagedFields(rowObj.Object); err != nil {
+				return nil, false, err
+			}
+		}
+	}
+
+	return copy, true, nil
+}
+
+func removeManagedFields(obj runtime.Object) error {
+	if obj == nil {
+		return nil
+	}
+	accessor, err := meta.Accessor(obj)
+	if err != nil {
+		return err
+	}
+	accessor.SetManagedFields(nil)
+	return nil
+}
+
+func shouldOmitManagedFields(ctx context.Context) bool {
+	if auditContext := AuditContextFrom(ctx); auditContext != nil {
+		return auditContext.RequestAuditConfig.OmitManagedFields
+	}
+
+	// If we can't decide, return false to maintain current behavior which is
+	// to retain the manage fields in the audit.
+	return false
+}
--- a/vendor/k8s.io/apiserver/pkg/endpoints/request/context.go
+++ b/vendor/k8s.io/apiserver/pkg/endpoints/request/context.go
@ -20,7 +20,6 @@ import (
 	"context"

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apiserver/pkg/apis/audit"
 	"k8s.io/apiserver/pkg/authentication/user"
 )

@ -33,9 +32,6 @@ const (

 	// userKey is the context key for the request user.
 	userKey
-
-	// auditKey is the context key for the audit event.
-	auditKey
 )

 // NewContext instantiates a base context object for request flows.
@ -80,14 +76,3 @@ func UserFrom(ctx context.Context) (user.Info, bool) {
 	user, ok := ctx.Value(userKey).(user.Info)
 	return user, ok
 }
-
-// WithAuditEvent returns set audit event struct.
-func WithAuditEvent(parent context.Context, ev *audit.Event) context.Context {
-	return WithValue(parent, auditKey, ev)
-}
-
-// AuditEventFrom returns the audit event struct on the ctx
-func AuditEventFrom(ctx context.Context) *audit.Event {
-	ev, _ := ctx.Value(auditKey).(*audit.Event)
-	return ev
-}
--- a/vendor/k8s.io/apiserver/pkg/endpoints/request/webhook_duration.go
+++ b/vendor/k8s.io/apiserver/pkg/endpoints/request/webhook_duration.go
@ -0,0 +1,122 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package request
+
+import (
+	"context"
+	"sync"
+	"time"
+
+	"k8s.io/utils/clock"
+)
+
+func sumDuration(d1 time.Duration, d2 time.Duration) time.Duration {
+	return d1 + d2
+}
+
+func maxDuration(d1 time.Duration, d2 time.Duration) time.Duration {
+	if d1 > d2 {
+		return d1
+	}
+	return d2
+}
+
+// DurationTracker is a simple interface for tracking functions duration
+type DurationTracker interface {
+	Track(func())
+	GetLatency() time.Duration
+}
+
+// durationTracker implements DurationTracker by measuring function time
+// using given clock and aggregates the duration using given aggregate function
+type durationTracker struct {
+	clock             clock.Clock
+	latency           time.Duration
+	mu                sync.Mutex
+	aggregateFunction func(time.Duration, time.Duration) time.Duration
+}
+
+// Track measures time spent in given function and aggregates measured
+// duration using aggregateFunction
+func (t *durationTracker) Track(f func()) {
+	startedAt := t.clock.Now()
+	defer func() {
+		duration := t.clock.Since(startedAt)
+		t.mu.Lock()
+		defer t.mu.Unlock()
+		t.latency = t.aggregateFunction(t.latency, duration)
+	}()
+
+	f()
+}
+
+// GetLatency returns aggregated latency tracked by a tracker
+func (t *durationTracker) GetLatency() time.Duration {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	return t.latency
+}
+
+func newSumLatencyTracker(c clock.Clock) DurationTracker {
+	return &durationTracker{
+		clock:             c,
+		aggregateFunction: sumDuration,
+	}
+}
+
+func newMaxLatencyTracker(c clock.Clock) DurationTracker {
+	return &durationTracker{
+		clock:             c,
+		aggregateFunction: maxDuration,
+	}
+}
+
+// WebhookDuration stores trackers used to measure webhook request durations.
+// Since admit webhooks are done sequentially duration is aggregated using
+// sum function. Validate webhooks are done in parallel so max function
+// is used.
+type WebhookDuration struct {
+	AdmitTracker    DurationTracker
+	ValidateTracker DurationTracker
+}
+
+type webhookDurationKeyType int
+
+// webhookDurationKey is the WebhookDuration (the time the request spent waiting
+// for the webhooks to finish) key for the context.
+const webhookDurationKey webhookDurationKeyType = iota
+
+// WithWebhookDuration returns a copy of parent context to which the
+// WebhookDuration trackers are added.
+func WithWebhookDuration(parent context.Context) context.Context {
+	return WithWebhookDurationAndCustomClock(parent, clock.RealClock{})
+}
+
+// WithWebhookDurationAndCustomClock returns a copy of parent context to which
+// the WebhookDuration trackers are added. Tracers use given clock.
+func WithWebhookDurationAndCustomClock(parent context.Context, c clock.Clock) context.Context {
+	return WithValue(parent, webhookDurationKey, &WebhookDuration{
+		AdmitTracker:    newSumLatencyTracker(c),
+		ValidateTracker: newMaxLatencyTracker(c),
+	})
+}
+
+// WebhookDurationFrom returns the value of the WebhookDuration key from the specified context.
+func WebhookDurationFrom(ctx context.Context) (*WebhookDuration, bool) {
+	wd, ok := ctx.Value(webhookDurationKey).(*WebhookDuration)
+	return wd, ok && wd != nil
+}
--- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go
+++ b/vendor/k8s.io/apiserver/pkg/features/kube_features.go
@ -170,6 +170,35 @@ const (
 	//
 	// Add support for distributed tracing in the API Server
 	APIServerTracing featuregate.Feature = "APIServerTracing"
+
+	// owner: @jiahuif
+	// kep: http://kep.k8s.io/2887
+	// alpha: v1.23
+	//
+	// Enables populating "enum" field of OpenAPI schemas
+	// in the spec returned from kube-apiserver.
+	OpenAPIEnums featuregate.Feature = "OpenAPIEnums"
+
+	// owner: @cici37
+	// kep: http://kep.k8s.io/2876
+	// alpha: v1.23
+	//
+	// Enables expression validation for Custom Resource
+	CustomResourceValidationExpressions featuregate.Feature = "CustomResourceValidationExpressions"
+
+	// owner: @jefftree
+	// kep: http://kep.k8s.io/2896
+	// alpha: v1.23
+	//
+	// Enables kubernetes to publish OpenAPI v3
+	OpenAPIV3 featuregate.Feature = "OpenAPIV3"
+
+	// owner: @kevindelgado
+	// kep: http://kep.k8s.io/2885
+	// alpha: v1.23
+	//
+	// Enables server-side field validation.
+	ServerSideFieldValidation featuregate.Feature = "ServerSideFieldValidation"
 )

 func init() {
@ -180,22 +209,26 @@ func init() {
 // To add a new feature, define a key for it above and add it here. The features will be
 // available throughout Kubernetes binaries.
 var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
-	StreamingProxyRedirects:  {Default: false, PreRelease: featuregate.Deprecated},
-	ValidateProxyRedirects:   {Default: true, PreRelease: featuregate.Deprecated},
-	AdvancedAuditing:         {Default: true, PreRelease: featuregate.GA},
-	APIResponseCompression:   {Default: true, PreRelease: featuregate.Beta},
-	APIListChunking:          {Default: true, PreRelease: featuregate.Beta},
-	DryRun:                   {Default: true, PreRelease: featuregate.GA},
-	RemainingItemCount:       {Default: true, PreRelease: featuregate.Beta},
-	ServerSideApply:          {Default: true, PreRelease: featuregate.GA},
-	StorageVersionHash:       {Default: true, PreRelease: featuregate.Beta},
-	StorageVersionAPI:        {Default: false, PreRelease: featuregate.Alpha},
-	WatchBookmark:            {Default: true, PreRelease: featuregate.GA, LockToDefault: true},
-	APIPriorityAndFairness:   {Default: true, PreRelease: featuregate.Beta},
-	RemoveSelfLink:           {Default: true, PreRelease: featuregate.Beta},
-	SelectorIndex:            {Default: true, PreRelease: featuregate.GA, LockToDefault: true},
-	WarningHeaders:           {Default: true, PreRelease: featuregate.GA, LockToDefault: true},
-	EfficientWatchResumption: {Default: true, PreRelease: featuregate.Beta},
-	APIServerIdentity:        {Default: false, PreRelease: featuregate.Alpha},
-	APIServerTracing:         {Default: false, PreRelease: featuregate.Alpha},
+	StreamingProxyRedirects:             {Default: false, PreRelease: featuregate.Deprecated},
+	ValidateProxyRedirects:              {Default: true, PreRelease: featuregate.Deprecated},
+	AdvancedAuditing:                    {Default: true, PreRelease: featuregate.GA},
+	APIResponseCompression:              {Default: true, PreRelease: featuregate.Beta},
+	APIListChunking:                     {Default: true, PreRelease: featuregate.Beta},
+	DryRun:                              {Default: true, PreRelease: featuregate.GA},
+	RemainingItemCount:                  {Default: true, PreRelease: featuregate.Beta},
+	ServerSideApply:                     {Default: true, PreRelease: featuregate.GA},
+	StorageVersionHash:                  {Default: true, PreRelease: featuregate.Beta},
+	StorageVersionAPI:                   {Default: false, PreRelease: featuregate.Alpha},
+	WatchBookmark:                       {Default: true, PreRelease: featuregate.GA, LockToDefault: true},
+	APIPriorityAndFairness:              {Default: true, PreRelease: featuregate.Beta},
+	RemoveSelfLink:                      {Default: true, PreRelease: featuregate.Beta},
+	SelectorIndex:                       {Default: true, PreRelease: featuregate.GA, LockToDefault: true},
+	WarningHeaders:                      {Default: true, PreRelease: featuregate.GA, LockToDefault: true},
+	EfficientWatchResumption:            {Default: true, PreRelease: featuregate.Beta},
+	APIServerIdentity:                   {Default: false, PreRelease: featuregate.Alpha},
+	APIServerTracing:                    {Default: false, PreRelease: featuregate.Alpha},
+	OpenAPIEnums:                        {Default: false, PreRelease: featuregate.Alpha},
+	CustomResourceValidationExpressions: {Default: false, PreRelease: featuregate.Alpha},
+	OpenAPIV3:                           {Default: false, PreRelease: featuregate.Alpha},
+	ServerSideFieldValidation:           {Default: false, PreRelease: featuregate.Alpha},
 }
--- a/vendor/k8s.io/apiserver/pkg/server/egressselector/config.go
+++ b/vendor/k8s.io/apiserver/pkg/server/egressselector/config.go
@ -34,8 +34,7 @@ import (
 var cfgScheme = runtime.NewScheme()

 // validEgressSelectorNames contains the set of valid egress selctor names.
-// 'master' is deprecated in favor of 'controlplane' and will be removed in v1.22.
-var validEgressSelectorNames = sets.NewString("master", "controlplane", "cluster", "etcd")
+var validEgressSelectorNames = sets.NewString("controlplane", "cluster", "etcd")

 func init() {
 	install.Install(cfgScheme)
@ -103,27 +102,21 @@ func ValidateEgressSelectorConfiguration(config *apiserver.EgressSelectorConfigu
 		}
 	}

-	var foundControlPlane, foundMaster bool
-	for _, service := range config.EgressSelections {
+	seen := sets.String{}
+	for i, service := range config.EgressSelections {
 		canonicalName := strings.ToLower(service.Name)
-
-		if !validEgressSelectorNames.Has(canonicalName) {
-			allErrs = append(allErrs, field.NotSupported(field.NewPath("egressSelection", "name"), canonicalName, validEgressSelectorNames.List()))
+		fldPath := field.NewPath("service", "connection")
+		// no duplicate check
+		if seen.Has(canonicalName) {
+			allErrs = append(allErrs, field.Duplicate(fldPath.Index(i), canonicalName))
 			continue
 		}
+		seen.Insert(canonicalName)

-		if canonicalName == "master" {
-			foundMaster = true
+		if !validEgressSelectorNames.Has(canonicalName) {
+			allErrs = append(allErrs, field.NotSupported(fldPath, canonicalName, validEgressSelectorNames.List()))
+			continue
 		}
-
-		if canonicalName == "controlplane" {
-			foundControlPlane = true
-		}
-	}
-
-	// error if both master and controlplane egress selectors are set
-	if foundMaster && foundControlPlane {
-		allErrs = append(allErrs, field.Forbidden(field.NewPath("egressSelection", "name"), "both egressSelection names 'master' and 'controlplane' are specified, only one is allowed"))
 	}

 	return allErrs
--- a/vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go
+++ b/vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go
@ -91,10 +91,6 @@ func (s EgressType) AsNetworkContext() NetworkContext {

 func lookupServiceName(name string) (EgressType, error) {
 	switch strings.ToLower(name) {
-	// 'master' is deprecated, interpret "master" as controlplane internally until removed in v1.22.
-	case "master":
-		klog.Warning("EgressSelection name 'master' is deprecated, use 'controlplane' instead")
-		return ControlPlane, nil
 	case "controlplane":
 		return ControlPlane, nil
 	case "etcd":
--- a/vendor/k8s.io/apiserver/pkg/server/egressselector/metrics/metrics.go
+++ b/vendor/k8s.io/apiserver/pkg/server/egressselector/metrics/metrics.go
@ -19,9 +19,9 @@ package metrics
 import (
 	"time"

-	"k8s.io/apimachinery/pkg/util/clock"
 	"k8s.io/component-base/metrics"
 	"k8s.io/component-base/metrics/legacyregistry"
+	"k8s.io/utils/clock"
 )

 const (
--- a/vendor/k8s.io/apiserver/pkg/util/webhook/error.go
+++ b/vendor/k8s.io/apiserver/pkg/util/webhook/error.go
@ -28,6 +28,7 @@ import (
 type ErrCallingWebhook struct {
 	WebhookName string
 	Reason      error
+	Status      *apierrors.StatusError
 }

 func (e *ErrCallingWebhook) Error() string {