Saul Paredes
Saul Paredes
- Enable genpolicy testing on sev, snp and tdx - load oci version from settings. Set to default `1.1.0` - reenable checking the OCI version in rules.rego - added todo...
This change adds support for the `envFrom` field in the `Pod` resource
* genpolicy: deny UpdateEphemeralMountsRequest Deny UpdateEphemeralMountsRequest by default, because paths to critical Guest components can be redirected using such request. Upstreaming from https://github.com/microsoft/kata-containers/pull/126
environment variable * Set policy file via env var * Add restrictive policy file to kata-opa folder * Change restrictive policy file name * Change relative default path location Upstreaming...
Updated genpolicy settings to allow 2 empty environment variables that may be forgotten to specify (AZURE_CLIENT_ID and AZURE_TENANT_ID) Upstreaming from https://github.com/microsoft/kata-containers/pull/120
Add policy support for SecurityContext and PodSecurityContext runAsUser. Also, remove outdated UID rule workaround. Fixes: #8879
Allow genpolicy to process Pod YAML files including topologySpreadConstraints.
Enable autogenerated policy testing on SEV and SEV-SNP
PVC provisioning fails on [SEV](https://github.com/kata-containers/kata-containers/actions/runs/9507409550/job/26207681037?pr=9835#step:6:4226) and [SEV-SNP](https://github.com/kata-containers/kata-containers/actions/runs/9507409550/job/26207682154?pr=9835#step:6:4264) with ``` # Warning FailedScheduling 89s default-scheduler 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims. preemption: 0/1 nodes are available: 1...