From ba473a3d7e17391655d7b735a9d8a5435be39ded Mon Sep 17 00:00:00 2001
From: Gaurav Mehta <gaurav.mehta@suse.com>
Date: Fri, 15 Mar 2024 12:50:42 +1100
Subject: [PATCH] change pod mutation webhook logic for kubevirt v1.1.x support

---
 pkg/webhook/pod.go                | 19 ++++++++++++-------
 tests/integration/mutator_test.go |  2 +-
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/pkg/webhook/pod.go b/pkg/webhook/pod.go
index 17c27afa..24535f85 100644
--- a/pkg/webhook/pod.go
+++ b/pkg/webhook/pod.go
@@ -3,8 +3,6 @@ package webhook
 import (
 	"fmt"
 
-	kubevirtctl "github.com/harvester/harvester/pkg/generated/controllers/kubevirt.io/v1"
-	"github.com/harvester/harvester/pkg/webhook/types"
 	"github.com/sirupsen/logrus"
 	admissionregv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -12,11 +10,15 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/json"
 
+	kubevirtctl "github.com/harvester/harvester/pkg/generated/controllers/kubevirt.io/v1"
+	"github.com/harvester/harvester/pkg/webhook/types"
+
 	"github.com/harvester/pcidevices/pkg/generated/controllers/devices.harvesterhci.io/v1beta1"
 )
 
 const (
-	VMLabel = "harvesterhci.io/vmName"
+	VMLabel                     = "harvesterhci.io/vmName"
+	defaultComputeContainerName = "compute"
 )
 
 var matchingLabels = []labels.Set{
@@ -131,11 +133,14 @@ func (m *podMutator) Create(_ *types.Request, newObj runtime.Object) (types.Patc
 func createCapabilityPatch(pod *corev1.Pod) (types.PatchOps, error) {
 	var patchOps types.PatchOps
 	for idx, container := range pod.Spec.Containers {
-		addPatch, err := resourcePatch(container.SecurityContext.Capabilities.Add, fmt.Sprintf("/spec/containers/%d/securityContext/capabilities/add", idx))
-		if err != nil {
-			return nil, err
+		if container.Name == defaultComputeContainerName {
+
+			addPatch, err := resourcePatch(container.SecurityContext.Capabilities.Add, fmt.Sprintf("/spec/containers/%d/securityContext/capabilities/add", idx))
+			if err != nil {
+				return nil, err
+			}
+			patchOps = append(patchOps, addPatch...)
 		}
-		patchOps = append(patchOps, addPatch...)
 	}
 
 	return patchOps, nil
diff --git a/tests/integration/mutator_test.go b/tests/integration/mutator_test.go
index e9c0d7e2..591ea6bf 100644
--- a/tests/integration/mutator_test.go
+++ b/tests/integration/mutator_test.go
@@ -92,7 +92,7 @@ var _ = Describe("validate mutator by sending a mock pod request needing mutatio
 		Spec: corev1.PodSpec{
 			Containers: []corev1.Container{
 				{
-					Name:  "fakepod",
+					Name:  "compute",
 					Image: "fakeimage",
 					SecurityContext: &corev1.SecurityContext{
 						Capabilities: &corev1.Capabilities{