genpolicy: add topologySpreadConstraints support

Allow genpolicy to process Pod YAML files including
topologySpreadConstraints.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>

src/tools/genpolicy/src/pod.rs

@@ -89,6 +89,9 @@ pub struct PodSpec {
 
     #[serde(skip_serializing_if = "Option::is_none")]
     dnsPolicy: Option<String>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    topologySpreadConstraints: Option<Vec<TopologySpreadConstraint>>,
 }
 
 /// See Reference / Kubernetes API / Workload Resources / Pod.
@@ -503,6 +506,29 @@ struct PodDNSConfigOption {
     value: Option<String>,
 }
 
+/// See Reference / Kubernetes API / Workload Resources / Pod.
+#[derive(Clone, Debug, Serialize, Deserialize)]
+struct TopologySpreadConstraint {
+    maxSkew: i32,
+    topologyKey: String,
+    whenUnsatisfiable: String,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    labelSelector: Option<yaml::LabelSelector>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    matchLabelKeys: Option<Vec<String>>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    minDomains: Option<i32>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    nodeAffinityPolicy: Option<String>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    nodeTaintsPolicy: Option<String>,
+}
+
 impl Container {
     pub async fn init(&mut self, config: &Config) {
         // Load container image properties from the registry.

tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml

@@ -27,3 +27,7 @@ spec:
       securityContext:
         seccompProfile:
           type: RuntimeDefault
+  topologySpreadConstraints:
+    - maxSkew: 2
+      topologyKey: kubernetes.io/hostname
+      whenUnsatisfiable: ScheduleAnyway