Skip to content

chore(module): add more exceptions for privileged containers#2061

Open
diafour wants to merge 3 commits intomainfrom
chore/module/more-security-policy-exceptions-for-privileged-containers
Open

chore(module): add more exceptions for privileged containers#2061
diafour wants to merge 3 commits intomainfrom
chore/module/more-security-policy-exceptions-for-privileged-containers

Conversation

@diafour
Copy link
Member

@diafour diafour commented Mar 4, 2026

Description

  • vm-route-forge: add more options into securityContext to match admission policies
  • virtualization-dra: add more rules into SecurityPolicyException
  • virt-handler: add more rules into SecurityPolicyException

Why do we need it, and what problem does it solve?

Something goes wrong when ModuleConfig/admission-policy-engine has no settings: a lot of errors appear reporting about missing/not set/undefined fields. This commit should fix these additional complains.

What is the expected result?

Privileged containers started in cluster without ModuleConfig/admission-policy-engine

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

@diafour
chore(module): add more exceptions for privileged containers
c9662ea 
Something goes wrong when ModuleConfig/admission-policy-engine has no settings: a lot of errors appear reporting about missing/not set/undefined fields. This commit should fix these additional complains.

- vm-route-forge: add more options into securityContext to match admission policies
- virtualization-dra: add more rules into SecurityPolicyException
- virt-handler: add more rules into SecurityPolicyException

Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
@diafour diafour added this to the v1.8.0 milestone Mar 4, 2026
@diafour diafour requested a review from Isteb4k as a code owner March 4, 2026 18:18
diafour added 2 commits March 4, 2026 21:50
@diafour
++ update helm lib to 1.71.1
d5504b9 
Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
@diafour
++ fix yaml
9293374 
Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@diafour diafour

Labels

None yet

Projects

None yet

Milestone

v1.8.0

Development

Successfully merging this pull request may close these issues.

1 participant

@diafour