diff --git a/src/tools/genpolicy/src/pod.rs b/src/tools/genpolicy/src/pod.rs index 737a3ca91b..403ae845fd 100644 --- a/src/tools/genpolicy/src/pod.rs +++ b/src/tools/genpolicy/src/pod.rs @@ -89,6 +89,9 @@ pub struct PodSpec { #[serde(skip_serializing_if = "Option::is_none")] dnsPolicy: Option, + + #[serde(skip_serializing_if = "Option::is_none")] + topologySpreadConstraints: Option>, } /// See Reference / Kubernetes API / Workload Resources / Pod. @@ -503,6 +506,29 @@ struct PodDNSConfigOption { value: Option, } +/// See Reference / Kubernetes API / Workload Resources / Pod. +#[derive(Clone, Debug, Serialize, Deserialize)] +struct TopologySpreadConstraint { + maxSkew: i32, + topologyKey: String, + whenUnsatisfiable: String, + + #[serde(skip_serializing_if = "Option::is_none")] + labelSelector: Option, + + #[serde(skip_serializing_if = "Option::is_none")] + matchLabelKeys: Option>, + + #[serde(skip_serializing_if = "Option::is_none")] + minDomains: Option, + + #[serde(skip_serializing_if = "Option::is_none")] + nodeAffinityPolicy: Option, + + #[serde(skip_serializing_if = "Option::is_none")] + nodeTaintsPolicy: Option, +} + impl Container { pub async fn init(&mut self, config: &Config) { // Load container image properties from the registry. diff --git a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml index 3fa203b854..ac47bc98e2 100644 --- a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml +++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml @@ -27,3 +27,7 @@ spec: securityContext: seccompProfile: type: RuntimeDefault + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway \ No newline at end of file