Generated files

api/openapi-spec/swagger.json

@@ -77370,12 +77370,9 @@
    },
    "io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig": {
     "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook",
-    "required": [
-     "caBundle"
-    ],
     "properties": {
      "caBundle": {
-      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. Required.",
+      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.",
       "type": "string",
       "format": "byte"
      },
@@ -79979,7 +79976,7 @@
     "description": "WebhookClientConfig contains the information to make a connection with the webhook",
     "properties": {
      "caBundle": {
-      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. defaults to the apiservers CA bundle for the endpoint type",
+      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.",
       "type": "string",
       "format": "byte"
      },
@@ -93505,7 +93502,7 @@
     ],
     "properties": {
      "caBundle": {
-      "description": "CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate.",
+      "description": "CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. If unspecified, system trust roots on the apiserver are used.",
       "type": "string",
       "format": "byte"
      },
@@ -93664,7 +93661,7 @@
     ],
     "properties": {
      "caBundle": {
-      "description": "CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate.",
+      "description": "CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. If unspecified, system trust roots on the apiserver are used.",
       "type": "string",
       "format": "byte"
      },

api/swagger-spec/admissionregistration.k8s.io_v1beta1.json

@@ -1860,10 +1860,6 @@
    "v1beta1.WebhookClientConfig": {
     "id": "v1beta1.WebhookClientConfig",
     "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook",
-    "required": [
-     "service",
-     "caBundle"
-    ],
     "properties": {
      "url": {
       "type": "string",
@@ -1875,7 +1871,7 @@
      },
      "caBundle": {
       "type": "string",
-      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. Required."
+      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used."
      }
     }
    },

api/swagger-spec/auditregistration.k8s.io_v1alpha1.json

@@ -1155,10 +1155,6 @@
    "v1alpha1.WebhookClientConfig": {
     "id": "v1alpha1.WebhookClientConfig",
     "description": "WebhookClientConfig contains the information to make a connection with the webhook",
-    "required": [
-     "service",
-     "caBundle"
-    ],
     "properties": {
      "url": {
       "type": "string",
@@ -1170,7 +1166,7 @@
      },
      "caBundle": {
       "type": "string",
-      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. defaults to the apiservers CA bundle for the endpoint type"
+      "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used."
      }
     }
    },

docs/api-reference/admissionregistration.k8s.io/v1beta1/definitions.html

@@ -1613,14 +1613,14 @@ Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fra
 If the webhook is running within the cluster, then you should use <code>service</code>.<br>
 <br>
 Port 443 will be used if it is open, otherwise it is an error.</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
 <td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1beta1_servicereference">v1beta1.ServiceReference</a></p></td>
 <td class="tableblock halign-left valign-top"></td>
 </tr>
 <tr>
 <td class="tableblock halign-left valign-top"><p class="tableblock">caBundle</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><code>caBundle</code> is a PEM encoded CA bundle which will be used to validate the webhook&#8217;s server certificate. Required.</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><code>caBundle</code> is a PEM encoded CA bundle which will be used to validate the webhook&#8217;s server certificate. If unspecified, system trust roots on the apiserver are used.</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
 <td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
 <td class="tableblock halign-left valign-top"></td>
 </tr>

docs/api-reference/auditregistration.k8s.io/v1alpha1/definitions.html

@@ -525,14 +525,14 @@ Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fra
 If the webhook is running within the cluster, then you should use <code>service</code>.<br>
 <br>
 Port 443 will be used if it is open, otherwise it is an error.</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
 <td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1alpha1_servicereference">v1alpha1.ServiceReference</a></p></td>
 <td class="tableblock halign-left valign-top"></td>
 </tr>
 <tr>
 <td class="tableblock halign-left valign-top"><p class="tableblock">caBundle</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock"><code>caBundle</code> is a PEM encoded CA bundle which will be used to validate the webhook&#8217;s server certificate. defaults to the apiservers CA bundle for the endpoint type</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><code>caBundle</code> is a PEM encoded CA bundle which will be used to validate the webhook&#8217;s server certificate. If unspecified, system trust roots on the apiserver are used.</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
 <td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
 <td class="tableblock halign-left valign-top"></td>
 </tr>

staging/src/k8s.io/api/admissionregistration/v1beta1/generated.proto

@@ -261,9 +261,9 @@ message WebhookClientConfig {
   // +optional
   optional ServiceReference service = 1;
 
-  // `caBundle` is a PEM encoded CA bundle which will be used to validate
-  // the webhook's server certificate.
-  // Required.
+  // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
+  // If unspecified, system trust roots on the apiserver are used.
+  // +optional
   optional bytes caBundle = 2;
 }
 

staging/src/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go

@@ -116,7 +116,7 @@ var map_WebhookClientConfig = map[string]string{
 	"":         "WebhookClientConfig contains the information to make a TLS connection with the webhook",
 	"url":      "`url` gives the location of the webhook, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
 	"service":  "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error.",
-	"caBundle": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. Required.",
+	"caBundle": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.",
 }
 
 func (WebhookClientConfig) SwaggerDoc() map[string]string {

staging/src/k8s.io/api/auditregistration/v1alpha1/generated.proto

@@ -137,9 +137,8 @@ message WebhookClientConfig {
   // +optional
   optional ServiceReference service = 2;
 
-  // `caBundle` is a PEM encoded CA bundle which will be used to validate
-  // the webhook's server certificate.
-  // defaults to the apiservers CA bundle for the endpoint type
+  // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
+  // If unspecified, system trust roots on the apiserver are used.
   // +optional
   optional bytes caBundle = 3;
 }

staging/src/k8s.io/api/auditregistration/v1alpha1/types_swagger_doc_generated.go

@@ -90,7 +90,7 @@ var map_WebhookClientConfig = map[string]string{
 	"":         "WebhookClientConfig contains the information to make a connection with the webhook",
 	"url":      "`url` gives the location of the webhook, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
 	"service":  "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error.",
-	"caBundle": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. defaults to the apiservers CA bundle for the endpoint type",
+	"caBundle": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.",
 }
 
 func (WebhookClientConfig) SwaggerDoc() map[string]string {

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto

@@ -88,6 +88,7 @@ message APIServiceSpec {
   optional bool insecureSkipTLSVerify = 4;
 
   // CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate.
+  // If unspecified, system trust roots on the apiserver are used.
   // +optional
   optional bytes caBundle = 5;
 

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/generated.proto

@@ -88,6 +88,7 @@ message APIServiceSpec {
   optional bool insecureSkipTLSVerify = 4;
 
   // CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate.
+  // If unspecified, system trust roots on the apiserver are used.
   // +optional
   optional bytes caBundle = 5;