Run make update

2025-09-03 02:07:38 +00:00 · 2018-06-05 19:04:30 +02:00
parent ab616a88b9
commit 3cc15363bc
44 changed files with 2327 additions and 1272 deletions
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
@@ -79360,6 +79360,13 @@
       "type": "integer",
       "format": "int64"
      }
+     },
+     "sysctls": {
+      "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.",
+      "type": "array",
+      "items": {
+       "$ref": "#/definitions/io.k8s.api.core.v1.Sysctl"
+      }
     }
    }
   },
@@ -80881,6 +80888,23 @@
     }
    }
   },
+   "io.k8s.api.core.v1.Sysctl": {
+    "description": "Sysctl defines a kernel parameter to be set",
+    "required": [
+     "name",
+     "value"
+    ],
+    "properties": {
+     "name": {
+      "description": "Name of a property to set",
+      "type": "string"
+     },
+     "value": {
+      "description": "Value of a property to set",
+      "type": "string"
+     }
+    }
+   },
   "io.k8s.api.core.v1.TCPSocketAction": {
    "description": "TCPSocketAction describes an action based on opening a socket",
    "required": [
@@ -82345,6 +82369,13 @@
       "$ref": "#/definitions/io.k8s.api.extensions.v1beta1.AllowedHostPath"
      }
     },
+     "allowedUnsafeSysctls": {
+      "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
+      "type": "array",
+      "items": {
+       "type": "string"
+      }
+     },
     "defaultAddCapabilities": {
      "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.",
      "type": "array",
@@ -82356,6 +82387,13 @@
      "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
      "type": "boolean"
     },
+     "forbiddenSysctls": {
+      "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.",
+      "type": "array",
+      "items": {
+       "type": "string"
+      }
+     },
     "fsGroup": {
      "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
      "$ref": "#/definitions/io.k8s.api.extensions.v1beta1.FSGroupStrategyOptions"
@@ -83233,6 +83271,13 @@
       "$ref": "#/definitions/io.k8s.api.policy.v1beta1.AllowedHostPath"
      }
     },
+     "allowedUnsafeSysctls": {
+      "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
+      "type": "array",
+      "items": {
+       "type": "string"
+      }
+     },
     "defaultAddCapabilities": {
      "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.",
      "type": "array",
@@ -83244,6 +83289,13 @@
      "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
      "type": "boolean"
     },
+     "forbiddenSysctls": {
+      "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.",
+      "type": "array",
+      "items": {
+       "type": "string"
+      }
+     },
     "fsGroup": {
      "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
      "$ref": "#/definitions/io.k8s.api.policy.v1beta1.FSGroupStrategyOptions"