Merge pull request #130394 from Barakmor1/psa

[BugFix]Allow ImageVolume for Restricted PSA profiles

staging/src/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go

@@ -36,6 +36,7 @@ limits usage of inline pod volume sources to:
 * csi
 * persistentVolumeClaim
 * ephemeral
+* image
 
 **Restricted Fields:**
 
@@ -95,6 +96,7 @@ func restrictedVolumes_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSp
 			volume.DownwardAPI != nil,
 			volume.EmptyDir != nil,
 			volume.Ephemeral != nil,
+			volume.Image != nil,
 			volume.PersistentVolumeClaim != nil,
 			volume.Projected != nil,
 			volume.Secret != nil:

staging/src/k8s.io/pod-security-admission/policy/check_restrictedVolumes_test.go

@@ -42,6 +42,7 @@ func TestRestrictedVolumes(t *testing.T) {
 					{Name: "a6", VolumeSource: corev1.VolumeSource{Projected: &corev1.ProjectedVolumeSource{}}},
 					{Name: "a7", VolumeSource: corev1.VolumeSource{CSI: &corev1.CSIVolumeSource{}}},
 					{Name: "a8", VolumeSource: corev1.VolumeSource{Ephemeral: &corev1.EphemeralVolumeSource{}}},
+					{Name: "a9", VolumeSource: corev1.VolumeSource{Image: &corev1.ImageVolumeSource{}}},
 
 					// known restricted types
 					{Name: "b1", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{}}},