From 5aa898e16610fd0b26340e2eed43e304a69dfb6b Mon Sep 17 00:00:00 2001
From: Lumpiasty <arek.dzski@gmail.com>
Date: Fri, 29 May 2026 01:04:27 +0200
Subject: [PATCH] add privileged access to woodpecker pods

---
 talos/patches/woodpecker.patch | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 talos/patches/woodpecker.patch

diff --git a/talos/patches/woodpecker.patch b/talos/patches/woodpecker.patch
new file mode 100644
index 0000000..6a91c95
--- /dev/null
+++ b/talos/patches/woodpecker.patch
@@ -0,0 +1,14 @@
+# Allow Woodpecker to run privileged containers
+# Used for example to build multi-arch mikrotik-tailscale image
+# which needs to register binfmt
+
+cluster:
+  apiServer:
+    admissionControl:
+      - name: PodSecurity
+        configuration:
+          apiVersion: pod-security.admission.config.k8s.io/v1beta1
+          kind: PodSecurityConfiguration
+          exemptions:
+            namespaces:
+              - woodpecker