Skip to content

Bump the k8s-dependencies group with 5 updates #490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot wants to merge 2 commits into from
Closed

Bump the k8s-dependencies group with 5 updates #490

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9cd951a
Bump the k8s-dependencies group with 5 updates
dependabot[bot] Apr 28, 2026
5a71860
regenerate manifests
May 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 46 additions & 47 deletions crds/operators.coreos.com_clusterserviceversions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2783,7 +2783,6 @@ spec:
procMount denotes the type of proc mount to use for the containers.
The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
Expand Down Expand Up @@ -4278,7 +4277,6 @@ spec:
procMount denotes the type of proc mount to use for the containers.
The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
Expand Down Expand Up @@ -4740,7 +4738,6 @@ spec:
When set to false, a new userns is created for the pod. Setting false is useful for
mitigating container breakout vulnerabilities even allowing users to run their
containers as root without actually having root privileges on the host.
This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
type: boolean
hostname:
description: |-
Expand Down Expand Up @@ -5859,7 +5856,6 @@ spec:
procMount denotes the type of proc mount to use for the containers.
The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
Expand Down Expand Up @@ -6404,6 +6400,14 @@ spec:

It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
Containers that need access to the ResourceClaim reference it with this name.

When the DRAWorkloadResourceClaims feature gate is enabled and this Pod
belongs to a PodGroup, a PodResourceClaim is matched to a
PodGroupResourceClaim if all of their fields are equal (Name,
ResourceClaimName, and ResourceClaimTemplateName). A matched claim references
a single ResourceClaim shared across all Pods in the PodGroup, reserved for
the PodGroup in ResourceClaimStatus.ReservedFor rather than for individual
Pods.
type: object
required:
- name
Expand Down Expand Up @@ -6432,6 +6436,16 @@ spec:
generated component, will be used to form a unique name for the
ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.

When the DRAWorkloadResourceClaims feature gate is enabled and the pod
belongs to a PodGroup that defines a PodGroupResourceClaim with the same
Name and ResourceClaimTemplateName, this PodResourceClaim resolves to the
ResourceClaim generated for the PodGroup. All pods in the group that
define an equivalent PodResourceClaim matching the
PodGroupResourceClaim's Name and ResourceClaimTemplateName share the same
generated ResourceClaim. ResourceClaims generated for a PodGroup are
owned by the PodGroup and their lifecycles are tied to the PodGroup
instead of any individual pod.

This field is immutable and no changes will be made to the
corresponding ResourceClaim by the control plane after creating the
ResourceClaim.
Expand Down Expand Up @@ -6552,6 +6566,28 @@ spec:
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
schedulingGroup:
description: |-
SchedulingGroup provides a reference to the immediate scheduling runtime
grouping object that this Pod belongs to.
This field is used by the scheduler to identify the group and apply the
correct group scheduling policies. The association with a group also
impacts other lifecycle aspects of a Pod that are relevant in a wider context
of scheduling like preemption, resource attachment, etc. If not specified,
the Pod is treated as a single unit in all of these aspects.
The group object referenced by this field may not exist at the time the
Pod is created.
This field is immutable, but a group object with the same name may be
recreated with different policies. Doing this during pod scheduling
may result in the placement not conforming to the expected policies.
type: object
properties:
podGroupName:
description: |-
PodGroupName specifies the name of the standalone PodGroup object
that represents the runtime instance of this group.
Must be a DNS subdomain.
type: string
securityContext:
description: |-
SecurityContext holds pod-level security attributes and common container settings.
Expand Down Expand Up @@ -7925,7 +7961,7 @@ spec:
A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
The volume will be mounted read-only (ro) and non-executable files (noexec).
The volume will be mounted read-only (ro).
Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
type: object
Expand Down Expand Up @@ -8093,8 +8129,7 @@ spec:
description: |-
portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
is on.
are redirected to the pxd.portworx.com CSI driver.
type: object
required:
- volumeID
Expand Down Expand Up @@ -8864,42 +8899,6 @@ spec:
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
workloadRef:
description: |-
WorkloadRef provides a reference to the Workload object that this Pod belongs to.
This field is used by the scheduler to identify the PodGroup and apply the
correct group scheduling policies. The Workload object referenced
by this field may not exist at the time the Pod is created.
This field is immutable, but a Workload object with the same name
may be recreated with different policies. Doing this during pod scheduling
may result in the placement not conforming to the expected policies.
type: object
required:
- name
- podGroup
properties:
name:
description: |-
Name defines the name of the Workload object this Pod belongs to.
Workload must be in the same namespace as the Pod.
If it doesn't match any existing Workload, the Pod will remain unschedulable
until a Workload object is created and observed by the kube-scheduler.
It must be a DNS subdomain.
type: string
podGroup:
description: |-
PodGroup is the name of the PodGroup within the Workload that this Pod
belongs to. If it doesn't match any existing PodGroup within the Workload,
the Pod will remain unschedulable until the Workload object is recreated
and observed by the kube-scheduler. It must be a DNS label.
type: string
podGroupReplicaKey:
description: |-
PodGroupReplicaKey specifies the replica key of the PodGroup to which this
Pod belongs. It is used to distinguish pods belonging to different replicas
of the same pod group. The pod group policy is applied separately to each replica.
When set, it must be a DNS label.
type: string
permissions:
type: array
items:
Expand Down Expand Up @@ -9229,7 +9228,7 @@ spec:
properties:
apiGroups:
description: |-
APIGroups is the API groups the resources belong to. '*' is all groups.
apiGroups is the API groups the resources belong to. '*' is all groups.
If '*' is present, the length of the slice must be one.
Required.
type: array
Expand All @@ -9238,7 +9237,7 @@ spec:
x-kubernetes-list-type: atomic
apiVersions:
description: |-
APIVersions is the API versions the resources belong to. '*' is all versions.
apiVersions is the API versions the resources belong to. '*' is all versions.
If '*' is present, the length of the slice must be one.
Required.
type: array
Expand All @@ -9247,7 +9246,7 @@ spec:
x-kubernetes-list-type: atomic
operations:
description: |-
Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *
operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *
for all of those operations and any future admission operations that are added.
If '*' is present, the length of the slice must be one.
Required.
Expand All @@ -9258,7 +9257,7 @@ spec:
x-kubernetes-list-type: atomic
resources:
description: |-
Resources is a list of resources this rule applies to.
resources is a list of resources this rule applies to.

For example:
'pods' means pods.
Expand Down
5 changes: 2 additions & 3 deletions crds/operators.coreos.com_subscriptions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2258,7 +2258,7 @@ spec:
A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
The volume will be mounted read-only (ro) and non-executable files (noexec).
The volume will be mounted read-only (ro).
Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
type: object
Expand Down Expand Up @@ -2426,8 +2426,7 @@ spec:
description: |-
portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
is on.
are redirected to the pxd.portworx.com CSI driver.
type: object
required:
- volumeID
Expand Down
4 changes: 2 additions & 2 deletions crds/zz_defs.go
View file
Open in desktop

Large diffs are not rendered by default.

Loading
Loading