Work on #61: Add support for ICMP

+ Update dependencies

vendor/k8s.io/api/policy/v1beta1/generated.proto

@@ -150,8 +150,8 @@ message PodDisruptionBudgetSpec {
 // PodDisruptionBudgetStatus represents information about the status of a
 // PodDisruptionBudget. Status may trail the actual state of a system.
 message PodDisruptionBudgetStatus {
-  // Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other
-  // status informatio is valid only if observedGeneration equals to PDB's object generation.
+  // Most recent generation observed when updating this PDB status. DisruptionsAllowed and other
+  // status information is valid only if observedGeneration equals to PDB's object generation.
   // +optional
   optional int64 observedGeneration = 1;
 
@@ -186,7 +186,7 @@ message PodDisruptionBudgetStatus {
 // that will be applied to a pod and container.
 message PodSecurityPolicy {
   // Standard object's metadata.
-  // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
   // +optional
   optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
 
@@ -198,7 +198,7 @@ message PodSecurityPolicy {
 // PodSecurityPolicyList is a list of PodSecurityPolicy objects.
 message PodSecurityPolicyList {
   // Standard list metadata.
-  // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
   // +optional
   optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
 
@@ -230,7 +230,7 @@ message PodSecurityPolicySpec {
   // +optional
   repeated string allowedCapabilities = 4;
 
-  // volumes is a white list of allowed volume plugins. Empty indicates that
+  // volumes is an allowlist of volume plugins. Empty indicates that
   // no volumes may be used. To allow all volumes you may use '*'.
   // +optional
   repeated string volumes = 5;
@@ -287,26 +287,27 @@ message PodSecurityPolicySpec {
   // +optional
   optional bool allowPrivilegeEscalation = 16;
 
-  // allowedHostPaths is a white list of allowed host paths. Empty indicates
+  // allowedHostPaths is an allowlist of host paths. Empty indicates
   // that all host paths may be used.
   // +optional
   repeated AllowedHostPath allowedHostPaths = 17;
 
-  // allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all
+  // allowedFlexVolumes is an allowlist of Flexvolumes.  Empty or nil indicates that all
   // Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
   // is allowed in the "volumes" field.
   // +optional
   repeated AllowedFlexVolume allowedFlexVolumes = 18;
 
-  // AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
-  // An empty value means no CSI drivers can run inline within a pod spec.
+  // AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
+  // An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
+  // This is a beta field, and is only honored if the API server enables the CSIInlineVolume feature gate.
   // +optional
   repeated AllowedCSIDriver allowedCSIDrivers = 23;
 
   // allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
   // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
   // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
-  // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
+  // Kubelet has to allowlist all allowed unsafe sysctls explicitly to avoid rejection.
   //
   // Examples:
   // e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
@@ -324,11 +325,17 @@ message PodSecurityPolicySpec {
   // +optional
   repeated string forbiddenSysctls = 20;
 
-  // AllowedProcMountTypes is a whitelist of allowed ProcMountTypes.
+  // AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
   // Empty or nil indicates that only the DefaultProcMountType may be used.
   // This requires the ProcMountType feature flag to be enabled.
   // +optional
   repeated string allowedProcMountTypes = 21;
+
+  // runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
+  // If this field is omitted, the pod's runtimeClassName field is unrestricted.
+  // Enforcement of this field depends on the RuntimeClass feature gate being enabled.
+  // +optional
+  optional RuntimeClassStrategyOptions runtimeClass = 24;
 }
 
 // RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
@@ -353,6 +360,21 @@ message RunAsUserStrategyOptions {
   repeated IDRange ranges = 2;
 }
 
+// RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses
+// for a pod.
+message RuntimeClassStrategyOptions {
+  // allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod.
+  // A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the
+  // list. An empty list requires the RuntimeClassName field to be unset.
+  repeated string allowedRuntimeClassNames = 1;
+
+  // defaultRuntimeClassName is the default RuntimeClassName to set on the pod.
+  // The default MUST be allowed by the allowedRuntimeClassNames list.
+  // A value of nil does not mutate the Pod.
+  // +optional
+  optional string defaultRuntimeClassName = 2;
+}
+
 // SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
 message SELinuxStrategyOptions {
   // rule is the strategy that will dictate the allowable labels that may be set.