feat(openapi): support for Kubernetes v1.33 (Octarine) (7026)

feat(openapi): bump kubernetes-latest to v1.32.4

Signed-off-by: Marc Nuri <marc@marcnuri.com>
---
feat(openapi): support for Kubernetes v1.33 (Octarine)

https://kubernetes.io/blog/2025/04/23/kubernetes-v1-33-release/

Notable changes:

- Removed authentication.k8s.io/v1beta1 SelfSubjectReview
- Introduced certificates.k8s.io/v1beta1 ClusterTrustBundle
- Introduced networking.k8s.io/v1 IPAddress and ServiceCIDR

Signed-off-by: Marc Nuri <marc@marcnuri.com>

Author: manusa

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1NetworkAPIGroupDSL.java

@@ -15,12 +15,16 @@
  */
 package io.fabric8.kubernetes.client;
 
+import io.fabric8.kubernetes.api.model.networking.v1.IPAddress;
+import io.fabric8.kubernetes.api.model.networking.v1.IPAddressList;
 import io.fabric8.kubernetes.api.model.networking.v1.Ingress;
 import io.fabric8.kubernetes.api.model.networking.v1.IngressClass;
 import io.fabric8.kubernetes.api.model.networking.v1.IngressClassList;
 import io.fabric8.kubernetes.api.model.networking.v1.IngressList;
 import io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy;
 import io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyList;
+import io.fabric8.kubernetes.api.model.networking.v1.ServiceCIDR;
+import io.fabric8.kubernetes.api.model.networking.v1.ServiceCIDRList;
 import io.fabric8.kubernetes.client.dsl.MixedOperation;
 import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
 import io.fabric8.kubernetes.client.dsl.Resource;
@@ -31,4 +35,8 @@ public interface V1NetworkAPIGroupDSL extends Client {
   MixedOperation<Ingress, IngressList, Resource<Ingress>> ingresses();
 
   NonNamespaceOperation<IngressClass, IngressClassList, Resource<IngressClass>> ingressClasses();
+
+  NonNamespaceOperation<IPAddress, IPAddressList, Resource<IPAddress>> ipAddresses();
+
+  NonNamespaceOperation<ServiceCIDR, ServiceCIDRList, Resource<ServiceCIDR>> serviceCIDRs();
 }

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/dsl/AuthenticationAPIGroupDSL.java

@@ -20,6 +20,4 @@
 
 public interface AuthenticationAPIGroupDSL extends Client {
   V1AuthenticationAPIGroupDSL v1();
-
-  V1Beta1AuthenticationAPIGroupDSL v1beta1();
 }

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/dsl/V1Beta1AuthenticationAPIGroupDSL.java

@@ -17,8 +17,32 @@
 
 import io.fabric8.kubernetes.api.model.certificates.v1beta1.CertificateSigningRequest;
 import io.fabric8.kubernetes.api.model.certificates.v1beta1.CertificateSigningRequestList;
+import io.fabric8.kubernetes.api.model.certificates.v1beta1.ClusterTrustBundle;
+import io.fabric8.kubernetes.api.model.certificates.v1beta1.ClusterTrustBundleList;
 import io.fabric8.kubernetes.client.Client;
 
 public interface V1beta1CertificatesAPIGroupDSL extends Client {
+
   NonNamespaceOperation<CertificateSigningRequest, CertificateSigningRequestList, V1beta1CertificateSigningRequestResource<CertificateSigningRequest>> certificateSigningRequests();
+
+  /**
+   * API entrypoint for certificates.k8s.io/v1beta1 ClusterTrustBundle.
+   * <br>
+   * ClusterTrustBundle is a cluster-scoped container for X.509 trust anchors (root certificates).<br>
+   * <p>
+   * ClusterTrustBundle objects are considered to be readable by any authenticated user in the cluster,
+   * because they can be mounted by pods using the `clusterTrustBundle` projection.
+   * All service accounts have read access to ClusterTrustBundles by default.
+   * Users who only have namespace-level access to a cluster can read ClusterTrustBundles by impersonating a serviceaccount that
+   * they have access to.
+   * <p>
+   * It can be optionally associated with a particular assigner, in which case it contains one valid set of trust anchors for
+   * that signer.
+   * Signers may have multiple associated ClusterTrustBundles; each is an independent set of trust anchors for that signer.
+   * Admission control is used to enforce that only users with permissions on the signer can create or modify the corresponding
+   * bundle.
+   *
+   * @return {@link NonNamespaceOperation} for ClusterTrustBundle
+   */
+  NonNamespaceOperation<ClusterTrustBundle, ClusterTrustBundleList, Resource<ClusterTrustBundle>> clusterTrustBundles();
 }

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/dsl/V1beta1CertificatesAPIGroupDSL.java

@@ -17,7 +17,6 @@
 
 import io.fabric8.kubernetes.client.V1AuthenticationAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.AuthenticationAPIGroupDSL;
-import io.fabric8.kubernetes.client.dsl.V1Beta1AuthenticationAPIGroupDSL;
 import io.fabric8.kubernetes.client.extension.ClientAdapter;
 
 public class AuthenticationAPIGroupClient extends ClientAdapter<AuthenticationAPIGroupClient>
@@ -27,11 +26,6 @@ public V1AuthenticationAPIGroupDSL v1() {
     return adapt(V1AuthenticationAPIGroupClient.class);
   }
 
-  @Override
-  public V1Beta1AuthenticationAPIGroupDSL v1beta1() {
-    return adapt(V1Beta1AuthenticationAPIGroupClient.class);
-  }
-
   @Override
   public AuthenticationAPIGroupClient newInstance() {
     return new AuthenticationAPIGroupClient();

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/AuthenticationAPIGroupClient.java

@@ -126,7 +126,6 @@
 import io.fabric8.kubernetes.client.dsl.V1APIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.V1Alpha1CertificatesAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.V1BatchAPIGroupDSL;
-import io.fabric8.kubernetes.client.dsl.V1Beta1AuthenticationAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.V1CertificatesAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.V1DiscoveryAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.V1EventingAPIGroupDSL;
@@ -252,7 +251,6 @@ protected void registerDefaultAdapters() {
     adapters.registerClient(V1AuthorizationAPIGroupDSL.class, new V1AuthorizationAPIGroupClient());
     adapters.registerClient(V1beta1AuthorizationAPIGroupDSL.class, new V1beta1AuthorizationAPIGroupClient());
     adapters.registerClient(V1AuthenticationAPIGroupDSL.class, new V1AuthenticationAPIGroupClient());
-    adapters.registerClient(V1Beta1AuthenticationAPIGroupDSL.class, new V1Beta1AuthenticationAPIGroupClient());
     adapters.registerClient(V1NetworkAPIGroupDSL.class, new V1NetworkAPIGroupClient());
     adapters.registerClient(V1beta1NetworkAPIGroupDSL.class, new V1beta1NetworkAPIGroupClient());
     adapters.registerClient(DiscoveryAPIGroupDSL.class, new DiscoveryAPIGroupClient());

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/KubernetesClientImpl.java

@@ -15,14 +15,19 @@
  */
 package io.fabric8.kubernetes.client.impl;
 
+import io.fabric8.kubernetes.api.model.networking.v1.IPAddress;
+import io.fabric8.kubernetes.api.model.networking.v1.IPAddressList;
 import io.fabric8.kubernetes.api.model.networking.v1.Ingress;
 import io.fabric8.kubernetes.api.model.networking.v1.IngressClass;
 import io.fabric8.kubernetes.api.model.networking.v1.IngressClassList;
 import io.fabric8.kubernetes.api.model.networking.v1.IngressList;
 import io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy;
 import io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyList;
+import io.fabric8.kubernetes.api.model.networking.v1.ServiceCIDR;
+import io.fabric8.kubernetes.api.model.networking.v1.ServiceCIDRList;
 import io.fabric8.kubernetes.client.V1NetworkAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.MixedOperation;
+import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
 import io.fabric8.kubernetes.client.dsl.Resource;
 import io.fabric8.kubernetes.client.extension.ClientAdapter;
 
@@ -39,10 +44,20 @@ public MixedOperation<Ingress, IngressList, Resource<Ingress>> ingresses() {
   }
 
   @Override
-  public MixedOperation<IngressClass, IngressClassList, Resource<IngressClass>> ingressClasses() {
+  public NonNamespaceOperation<IngressClass, IngressClassList, Resource<IngressClass>> ingressClasses() {
     return resources(IngressClass.class, IngressClassList.class);
   }
 
+  @Override
+  public NonNamespaceOperation<IPAddress, IPAddressList, Resource<IPAddress>> ipAddresses() {
+    return resources(IPAddress.class, IPAddressList.class);
+  }
+
+  @Override
+  public NonNamespaceOperation<ServiceCIDR, ServiceCIDRList, Resource<ServiceCIDR>> serviceCIDRs() {
+    return resources(ServiceCIDR.class, ServiceCIDRList.class);
+  }
+
   @Override
   public V1NetworkAPIGroupClient newInstance() {
     return new V1NetworkAPIGroupClient();

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1Beta1AuthenticationAPIGroupClient.java

@@ -17,7 +17,10 @@
 
 import io.fabric8.kubernetes.api.model.certificates.v1beta1.CertificateSigningRequest;
 import io.fabric8.kubernetes.api.model.certificates.v1beta1.CertificateSigningRequestList;
+import io.fabric8.kubernetes.api.model.certificates.v1beta1.ClusterTrustBundle;
+import io.fabric8.kubernetes.api.model.certificates.v1beta1.ClusterTrustBundleList;
 import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
+import io.fabric8.kubernetes.client.dsl.Resource;
 import io.fabric8.kubernetes.client.dsl.V1beta1CertificateSigningRequestResource;
 import io.fabric8.kubernetes.client.dsl.V1beta1CertificatesAPIGroupDSL;
 import io.fabric8.kubernetes.client.extension.ClientAdapter;
@@ -32,6 +35,11 @@ public NonNamespaceOperation<CertificateSigningRequest, CertificateSigningReques
         V1beta1CertificateSigningRequestResource.class);
   }
 
+  @Override
+  public NonNamespaceOperation<ClusterTrustBundle, ClusterTrustBundleList, Resource<ClusterTrustBundle>> clusterTrustBundles() {
+    return resources(ClusterTrustBundle.class, ClusterTrustBundleList.class);
+  }
+
   @Override
   public V1beta1CertificatesAPIGroupClient newInstance() {
     return new V1beta1CertificatesAPIGroupClient();

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1NetworkAPIGroupClient.java

@@ -102,7 +102,7 @@ public MatchResources(List<NamedRuleWithOperations> excludeResourceRules, String
     }
 
     /**
-     * ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+     * ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
      */
     @JsonProperty("excludeResourceRules")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
@@ -111,23 +111,23 @@ public List<NamedRuleWithOperations> getExcludeResourceRules() {
     }
 
     /**
-     * ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+     * ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
      */
     @JsonProperty("excludeResourceRules")
     public void setExcludeResourceRules(List<NamedRuleWithOperations> excludeResourceRules) {
         this.excludeResourceRules = excludeResourceRules;
     }
 
     /**
-     * matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".<br><p> <br><p> - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.<br><p> <br><p> - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.<br><p> <br><p> Defaults to "Equivalent"
+     * matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".<br><p> <br><p> - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, the admission policy does not consider requests to apps/v1beta1 or extensions/v1beta1 API groups.<br><p> <br><p> - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, the admission policy &#42;&#42;does&#42;&#42; consider requests made to apps/v1beta1 or extensions/v1beta1 API groups. The API server translates the request to a matched resource API if necessary.<br><p> <br><p> Defaults to "Equivalent"
      */
     @JsonProperty("matchPolicy")
     public String getMatchPolicy() {
         return matchPolicy;
     }
 
     /**
-     * matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".<br><p> <br><p> - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.<br><p> <br><p> - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.<br><p> <br><p> Defaults to "Equivalent"
+     * matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".<br><p> <br><p> - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, the admission policy does not consider requests to apps/v1beta1 or extensions/v1beta1 API groups.<br><p> <br><p> - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, the admission policy &#42;&#42;does&#42;&#42; consider requests made to apps/v1beta1 or extensions/v1beta1 API groups. The API server translates the request to a matched resource API if necessary.<br><p> <br><p> Defaults to "Equivalent"
      */
     @JsonProperty("matchPolicy")
     public void setMatchPolicy(String matchPolicy) {
@@ -167,7 +167,7 @@ public void setObjectSelector(LabelSelector objectSelector) {
     }
 
     /**
-     * ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
+     * ResourceRules describes what operations on what resources/subresources the admission policy matches. The policy cares about an operation if it matches _any_ Rule.
      */
     @JsonProperty("resourceRules")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
@@ -176,7 +176,7 @@ public List<NamedRuleWithOperations> getResourceRules() {
     }
 
     /**
-     * ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
+     * ResourceRules describes what operations on what resources/subresources the admission policy matches. The policy cares about an operation if it matches _any_ Rule.
      */
     @JsonProperty("resourceRules")
     public void setResourceRules(List<NamedRuleWithOperations> resourceRules) {