genpolicy: ignore the nodeName field

Validating the node name is currently outside the scope of the CoCo policy. This change unblocks testing using Kata CI's test-pod-file-volume.yaml and pv-pod.yaml. Fixes: #8888 Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-08-30 23:37:45 +00:00 · 2024-01-26 16:30:55 +00:00
parent ef1ee81f81
commit 076869aa39
1 changed files with 3 additions and 0 deletions
--- a/src/tools/genpolicy/src/pod.rs
+++ b/src/tools/genpolicy/src/pod.rs
@@ -59,6 +59,9 @@ pub struct PodSpec {
    #[serde(skip_serializing_if = "Option::is_none")]
    pub volumes: Option<Vec<volume::Volume>>,

+    #[serde(skip_serializing_if = "Option::is_none")]
+    nodeName: Option<String>,
+
    #[serde(skip_serializing_if = "Option::is_none")]
    serviceAccountName: Option<String>,