Anish Ramasekar 7262edeb59 fix(admission): reword NodeRestriction audience authorization error ... The previous error message said the audience was "not found in pod spec volume", which led users to mount a spurious projected service account token volume in the pod spec to satisfy the check. That is not the intended remedy: kubelets should be authorized via RBAC to request tokens for the configured audience. Reword the error to a generic "is not authorized to request tokens for audience %q" so users are not pushed toward modifying pod specs. The valid authorization paths (pod spec volume, CSIDriver tokenRequests, or the request-serviceaccounts-token-audience verb) are documented in the kubelet credential provider task page. Update the unit and integration test expectations to match.		2026-05-13 16:30:51 -07:00
..
admission	fix(admission): reword NodeRestriction audience authorization error	2026-05-13 16:30:51 -07:00
auth	Merge pull request #138792 from dims/fix/graph-populator-extended-resource-claim	2026-05-13 12:40:28 +05:30