Merge remote-tracking branch 'origin/master' into release-1.14

Kubernetes-commit: 9ef24c9b016648e842673a7f5570de4f6af04439

vendor/k8s.io/api/extensions/v1beta1/generated.proto

@@ -30,6 +30,12 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "v1beta1";
 
+// AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
+message AllowedCSIDriver {
+  // Name is the registered name of the CSI driver
+  optional string name = 1;
+}
+
 // AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
 // Deprecated: use AllowedFlexVolume from policy API Group instead.
 message AllowedFlexVolume {
@@ -865,6 +871,11 @@ message PodSecurityPolicySpec {
   // +optional
   repeated AllowedFlexVolume allowedFlexVolumes = 18;
 
+  // AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
+  // An empty value means no CSI drivers can run inline within a pod spec.
+  // +optional
+  repeated AllowedCSIDriver allowedCSIDrivers = 23;
+
   // allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
   // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
   // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.