From ca03d4763479eb81476de4cdcbd792e519671863 Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Fri, 19 Jan 2024 16:32:49 +0000
Subject: [PATCH] genpolicy: ignore pod DNS settings

Ignore pod DNS settings because policing the network traffic is
currently outside the scope of the Agent Policy.

Example from Kata CI: pod-custom-dns.yaml

Fixes: #8832

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 src/tools/genpolicy/src/pod.rs | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/tools/genpolicy/src/pod.rs b/src/tools/genpolicy/src/pod.rs
index c04d914f46..b85b7b9829 100644
--- a/src/tools/genpolicy/src/pod.rs
+++ b/src/tools/genpolicy/src/pod.rs
@@ -76,6 +76,12 @@ pub struct PodSpec {
 
     #[serde(skip_serializing_if = "Option::is_none")]
     pub hostNetwork: Option<bool>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    dnsConfig: Option<PodDNSConfig>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    dnsPolicy: Option<String>,
 }
 
 /// See Reference / Kubernetes API / Workload Resources / Pod.
@@ -439,6 +445,28 @@ struct LocalObjectReference {
     name: String,
 }
 
+/// See Reference / Kubernetes API / Workload Resources / Pod.
+#[derive(Clone, Debug, Serialize, Deserialize)]
+struct PodDNSConfig {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    nameservers: Option<Vec<String>>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    options: Option<Vec<PodDNSConfigOption>>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    searches: Option<Vec<String>>,
+}
+
+/// See Reference / Kubernetes API / Workload Resources / Pod.
+#[derive(Clone, Debug, Serialize, Deserialize)]
+struct PodDNSConfigOption {
+    name: String,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    value: Option<String>,
+}
+
 impl Container {
     pub async fn init(&mut self, use_cache: bool) {
         // Load container image properties from the registry.