openshift
diff --git a/‎manifests/0000_50_olm_00-catalogsources.crd.yaml
Lines changed: 1 addition & 2 deletions b/‎manifests/0000_50_olm_00-catalogsources.crd.yaml
Lines changed: 1 addition & 2 deletions
diff --git a/‎microshift-manifests/0000_50_olm_00-catalogsources.crd.yaml
Lines changed: 1 addition & 2 deletions b/‎microshift-manifests/0000_50_olm_00-catalogsources.crd.yaml
Lines changed: 1 addition & 2 deletions
diff --git a/‎staging/api/crds/operators.coreos.com_catalogsources.yaml
Lines changed: 5 additions & 9 deletions b/‎staging/api/crds/operators.coreos.com_catalogsources.yaml
Lines changed: 5 additions & 9 deletions
diff --git a/‎staging/api/crds/zz_defs.go
Lines changed: 1 addition & 1 deletion b/‎staging/api/crds/zz_defs.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎staging/api/pkg/operators/v1alpha1/catalogsource_types.go
Lines changed: 5 additions & 8 deletions b/‎staging/api/pkg/operators/v1alpha1/catalogsource_types.go
Lines changed: 5 additions & 8 deletions
diff --git a/‎vendor/github.com/operator-framework/api/crds/operators.coreos.com_catalogsources.yaml
Lines changed: 5 additions & 9 deletions b/‎vendor/github.com/operator-framework/api/crds/operators.coreos.com_catalogsources.yaml
Lines changed: 5 additions & 9 deletions
diff --git a/‎vendor/github.com/operator-framework/api/crds/zz_defs.go
Lines changed: 1 addition & 1 deletion b/‎vendor/github.com/operator-framework/api/crds/zz_defs.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎vendor/github.com/operator-framework/api/pkg/operators/v1alpha1/catalogsource_types.go
Lines changed: 5 additions & 8 deletions b/‎vendor/github.com/operator-framework/api/pkg/operators/v1alpha1/catalogsource_types.go
Lines changed: 5 additions & 8 deletions
@@ -613,9 +613,8 @@ spec:
                       description: If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
                       type: string
                     securityContextConfig:
-                      description: "SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. Currently if the SecurityContextConfig is unspecified, the default value of `legacy` is used. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. \n In a future version will the default will be set to `restricted`, catalog maintainers should rebuild their catalogs with a version of opm that supports running catalogSource pods in `restricted` mode to prepare for these changes. \n More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'"
+                      description: "SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. If the SecurityContextConfig is unspecified, the mode will be determined by the namespace's PSA configuration. If the namespace is enforcing `restricted` mode, then the pod will be configured as if `restricted` was specified. Otherwise, it will be configured as if `legacy` was specified. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older catalog images, which can not run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. \n More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'"
                       type: string
-                      default: legacy
                       enum:
                         - legacy
                         - restricted
 
@@ -613,9 +613,8 @@ spec:
                       description: If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
                       type: string
                     securityContextConfig:
-                      description: "SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. Currently if the SecurityContextConfig is unspecified, the default value of `legacy` is used. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. \n In a future version will the default will be set to `restricted`, catalog maintainers should rebuild their catalogs with a version of opm that supports running catalogSource pods in `restricted` mode to prepare for these changes. \n More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'"
+                      description: "SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. If the SecurityContextConfig is unspecified, the mode will be determined by the namespace's PSA configuration. If the namespace is enforcing `restricted` mode, then the pod will be configured as if `restricted` was specified. Otherwise, it will be configured as if `legacy` was specified. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older catalog images, which can not run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. \n More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'"
                       type: string
-                      default: legacy
                       enum:
                         - legacy
                         - restricted
 
@@ -989,19 +989,15 @@ spec:
                         SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the
                         right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod
                         Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be
-                        run in PSA `baseline` or `privileged` namespaces. Currently if the SecurityContextConfig is unspecified, the default
-                        value of `legacy` is used. Specifying a value other than `legacy` or `restricted` result in a validation error.
-                        When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be
-                        set to `legacy`.
-
-
-                        In a future version will the default will be set to `restricted`, catalog maintainers should rebuild their catalogs
-                        with a version of opm that supports running catalogSource pods in `restricted` mode to prepare for these changes.
+                        run in PSA `baseline` or `privileged` namespaces. If the SecurityContextConfig is unspecified, the mode will be
+                        determined by the namespace's PSA configuration. If the namespace is enforcing `restricted` mode, then the pod
+                        will be configured as if `restricted` was specified. Otherwise, it will be configured as if `legacy` was
+                        specified. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older
+                        catalog images, which can not run in `restricted` mode, the SecurityContextConfig should be set to `legacy`.
 
 
                         More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'
                       type: string
-                      default: legacy
                       enum:
                         - legacy
                         - restricted
 
@@ -133,18 +133,15 @@ type GrpcPodConfig struct {
 	// SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the
 	// right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod
 	// Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be
-	// run in PSA `baseline` or `privileged` namespaces. Currently if the SecurityContextConfig is unspecified, the default
-	// value of `legacy` is used. Specifying a value other than `legacy` or `restricted` result in a validation error.
-	// When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be
-	// set to `legacy`.
-	//
-	// In a future version will the default will be set to `restricted`, catalog maintainers should rebuild their catalogs
-	// with a version of opm that supports running catalogSource pods in `restricted` mode to prepare for these changes.
+	// run in PSA `baseline` or `privileged` namespaces. If the SecurityContextConfig is unspecified, the mode will be
+	// determined by the namespace's PSA configuration. If the namespace is enforcing `restricted` mode, then the pod
+	// will be configured as if `restricted` was specified. Otherwise, it will be configured as if `legacy` was
+	// specified. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older
+	// catalog images, which can not run in `restricted` mode, the SecurityContextConfig should be set to `legacy`.
 	//
 	// More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'
 	// +optional
 	// +kubebuilder:validation:Enum=legacy;restricted
-	// +kubebuilder:default:=legacy
 	SecurityContextConfig SecurityConfig `json:"securityContextConfig,omitempty"`
 
 	// MemoryTarget configures the $GOMEMLIMIT value for the gRPC catalog Pod. This is a soft memory limit for the server,