From 831651a69eea2ff33bd02dbf94e499894fbb36cf Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Wed, 9 Dec 2020 16:54:10 -0500
Subject: [PATCH 1/2] deprecate PSP in 1.21, but leave removal at 1.25

After discussion in sig-auth, the future of restricting pod security
settings does not lie in PSP because compatibility restrictions will
prevent the kinds of changes that are required.  To clearly signal this,
we will deprecate PSP in 1.21 and leave the removal of the api as 1.25 in
keeping with sig-arch required transitioning out of beta.
---
 staging/src/k8s.io/api/policy/v1beta1/types.go             | 7 +++++--
 .../policy/v1beta1/zz_generated.prerelease-lifecycle.go    | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/staging/src/k8s.io/api/policy/v1beta1/types.go b/staging/src/k8s.io/api/policy/v1beta1/types.go
index 711afc80c73..24998051f81 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/types.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/types.go
@@ -135,10 +135,12 @@ type Eviction struct {
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +k8s:prerelease-lifecycle-gen:introduced=1.10
-// +k8s:prerelease-lifecycle-gen:deprecated=1.22
+// +k8s:prerelease-lifecycle-gen:deprecated=1.21
+// +k8s:prerelease-lifecycle-gen:removed=1.25
 
 // PodSecurityPolicy governs the ability to make requests that affect the Security Context
 // that will be applied to a pod and container.
+// Deprecated in 1.21.
 type PodSecurityPolicy struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
@@ -485,7 +487,8 @@ const AllowAllRuntimeClassNames = "*"
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +k8s:prerelease-lifecycle-gen:introduced=1.10
-// +k8s:prerelease-lifecycle-gen:deprecated=1.22
+// +k8s:prerelease-lifecycle-gen:deprecated=1.21
+// +k8s:prerelease-lifecycle-gen:removed=1.25
 
 // PodSecurityPolicyList is a list of PodSecurityPolicy objects.
 type PodSecurityPolicyList struct {
diff --git a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go
index fca0a2a2ff1..18936137efd 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go
@@ -83,7 +83,7 @@ func (in *PodSecurityPolicy) APILifecycleIntroduced() (major, minor int) {
 // APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
 // It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
 func (in *PodSecurityPolicy) APILifecycleDeprecated() (major, minor int) {
-	return 1, 22
+	return 1, 21
 }
 
 // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
@@ -101,7 +101,7 @@ func (in *PodSecurityPolicyList) APILifecycleIntroduced() (major, minor int) {
 // APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
 // It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
 func (in *PodSecurityPolicyList) APILifecycleDeprecated() (major, minor int) {
-	return 1, 22
+	return 1, 21
 }
 
 // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.

From ae6729bb78ef7a3221483c66751fba9a77b9337c Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Thu, 10 Dec 2020 12:41:56 -0500
Subject: [PATCH 2/2] generated

---
 api/openapi-spec/swagger.json                                   | 2 +-
 staging/src/k8s.io/api/policy/v1beta1/generated.proto           | 1 +
 .../k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go    | 2 +-
 staging/src/k8s.io/cli-runtime/artifacts/openapi/swagger.json   | 2 +-
 staging/src/k8s.io/kubectl/testdata/openapi/swagger.json        | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
index f8dec1b4da7..4e0d81e3d2c 100644
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
@@ -14001,7 +14001,7 @@
       "type": "object"
     },
     "io.k8s.api.policy.v1beta1.PodSecurityPolicy": {
-      "description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
+      "description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated in 1.21.",
       "properties": {
         "apiVersion": {
           "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
diff --git a/staging/src/k8s.io/api/policy/v1beta1/generated.proto b/staging/src/k8s.io/api/policy/v1beta1/generated.proto
index 18a1c657864..8d370ef0141 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/policy/v1beta1/generated.proto
@@ -184,6 +184,7 @@ message PodDisruptionBudgetStatus {
 
 // PodSecurityPolicy governs the ability to make requests that affect the Security Context
 // that will be applied to a pod and container.
+// Deprecated in 1.21.
 message PodSecurityPolicy {
   // Standard object's metadata.
   // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
diff --git a/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
index 05a503667f0..55f0bf5eaab 100644
--- a/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/policy/v1beta1/types_swagger_doc_generated.go
@@ -139,7 +139,7 @@ func (PodDisruptionBudgetStatus) SwaggerDoc() map[string]string {
 }
 
 var map_PodSecurityPolicy = map[string]string{
-	"":         "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
+	"":         "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated in 1.21.",
 	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
 	"spec":     "spec defines the policy enforced.",
 }
diff --git a/staging/src/k8s.io/cli-runtime/artifacts/openapi/swagger.json b/staging/src/k8s.io/cli-runtime/artifacts/openapi/swagger.json
index 04c82a5403a..0ef9cf087c7 100644
--- a/staging/src/k8s.io/cli-runtime/artifacts/openapi/swagger.json
+++ b/staging/src/k8s.io/cli-runtime/artifacts/openapi/swagger.json
@@ -14427,7 +14427,7 @@
       "type": "object"
     },
     "io.k8s.api.policy.v1beta1.PodSecurityPolicy": {
-      "description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
+      "description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated in 1.21.",
       "properties": {
         "apiVersion": {
           "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
diff --git a/staging/src/k8s.io/kubectl/testdata/openapi/swagger.json b/staging/src/k8s.io/kubectl/testdata/openapi/swagger.json
index a8e2cf8f75a..e10bb8a9ed1 100644
--- a/staging/src/k8s.io/kubectl/testdata/openapi/swagger.json
+++ b/staging/src/k8s.io/kubectl/testdata/openapi/swagger.json
@@ -14427,7 +14427,7 @@
       "type": "object"
     },
     "io.k8s.api.policy.v1beta1.PodSecurityPolicy": {
-      "description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
+      "description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated in 1.21.",
       "properties": {
         "apiVersion": {
           "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",