github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-04-04 19:16:12 +00:00
Code Issues Projects Releases Wiki Activity

webhook: allow privileged containers

Browse Source 
As of https://microsoft.visualstudio.com/OS/_workitems/edit/48222512?src=WorkItemMention&src-action=artifact_link ,
we are able to run privileged containers on kata, so allow them through the webhook.

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
This commit is contained in:
Saul Paredes
2025-10-24 16:50:11 -07:00
committed by Saul Paredes
parent b913ac8e2c
commit 081d51e77d
1 changed files with 0 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tools/testing/kata-webhook/main.go
View File

@@ -58,15 +58,6 @@ func annotatePodMutator(_ context.Context, ar *kwhmodel.AdmissionReview, obj met
return &kwhmutating.MutatorResult{}, nil
}
for i := range pod.Spec.Containers {
if pod.Spec.Containers[i].SecurityContext != nil && pod.Spec.Containers[i].SecurityContext.Privileged != nil {
if *pod.Spec.Containers[i].SecurityContext.Privileged {
fmt.Println("privileged container: ", pod.GetNamespace(), pod.GetName())
return &kwhmutating.MutatorResult{}, nil
}
}
}
if pod.Spec.RuntimeClassName != nil {
fmt.Println("explicit runtime: ", pod.GetNamespace(), pod.GetName(), pod.Spec.RuntimeClassName)
return &kwhmutating.MutatorResult{}, nil