Work on #61: Add support for ICMP

+ Update dependencies

vendor/k8s.io/api/certificates/v1beta1/generated.proto

@@ -21,6 +21,7 @@ syntax = 'proto2';
 
 package k8s.io.api.certificates.v1beta1;
 
+import "k8s.io/api/core/v1/generated.proto";
 import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
 import "k8s.io/apimachinery/pkg/runtime/generated.proto";
 import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
@@ -43,9 +44,16 @@ message CertificateSigningRequest {
 }
 
 message CertificateSigningRequestCondition {
-  // request approval state, currently Approved or Denied.
+  // type of the condition. Known conditions include "Approved", "Denied", and "Failed".
   optional string type = 1;
 
+  // Status of the condition, one of True, False, Unknown.
+  // Approved, Denied, and Failed conditions may not be "False" or "Unknown".
+  // Defaults to "True".
+  // If unset, should be treated as "True".
+  // +optional
+  optional string status = 6;
+
   // brief reason for the request state
   // +optional
   optional string reason = 2;
@@ -57,6 +65,12 @@ message CertificateSigningRequestCondition {
   // timestamp for the last update to this condition
   // +optional
   optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 4;
+
+  // lastTransitionTime is the time the condition last transitioned from one status to another.
+  // If unset, when a new condition type is added or an existing condition's status is changed,
+  // the server defaults this to the current time.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 5;
 }
 
 message CertificateSigningRequestList {
@@ -71,12 +85,51 @@ message CertificateSigningRequestList {
 // Kubernetes and cannot be modified by users.
 message CertificateSigningRequestSpec {
   // Base64-encoded PKCS#10 CSR data
+  // +listType=atomic
   optional bytes request = 1;
 
+  // Requested signer for the request. It is a qualified name in the form:
+  // `scope-hostname.io/name`.
+  // If empty, it will be defaulted:
+  //  1. If it's a kubelet client certificate, it is assigned
+  //     "kubernetes.io/kube-apiserver-client-kubelet".
+  //  2. If it's a kubelet serving certificate, it is assigned
+  //     "kubernetes.io/kubelet-serving".
+  //  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
+  // Distribution of trust for signers happens out of band.
+  // You can select on this field using `spec.signerName`.
+  // +optional
+  optional string signerName = 7;
+
   // allowedUsages specifies a set of usage contexts the key will be
   // valid for.
   // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
   //      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
+  // Valid values are:
+  //  "signing",
+  //  "digital signature",
+  //  "content commitment",
+  //  "key encipherment",
+  //  "key agreement",
+  //  "data encipherment",
+  //  "cert sign",
+  //  "crl sign",
+  //  "encipher only",
+  //  "decipher only",
+  //  "any",
+  //  "server auth",
+  //  "client auth",
+  //  "code signing",
+  //  "email protection",
+  //  "s/mime",
+  //  "ipsec end system",
+  //  "ipsec tunnel",
+  //  "ipsec user",
+  //  "timestamping",
+  //  "ocsp signing",
+  //  "microsoft sgc",
+  //  "netscape sgc"
+  // +listType=atomic
   repeated string usages = 5;
 
   // Information about the requesting user.
@@ -91,6 +144,7 @@ message CertificateSigningRequestSpec {
 
   // Group information about the requesting user.
   // See user.Info interface for details.
+  // +listType=atomic
   // +optional
   repeated string groups = 4;
 
@@ -102,10 +156,13 @@ message CertificateSigningRequestSpec {
 
 message CertificateSigningRequestStatus {
   // Conditions applied to the request, such as approval or denial.
+  // +listType=map
+  // +listMapKey=type
   // +optional
   repeated CertificateSigningRequestCondition conditions = 1;
 
   // If request was approved, the controller will place the issued certificate here.
+  // +listType=atomic
   // +optional
   optional bytes certificate = 2;
 }