add cmdline args to enable group snapshot webhooks

VolumeGroupSnapshots are still in alpha. This commit adds cmdline args to enable group snapshot webhooks while keeping it disbaled by default. Signed-off-by: Rakshith R <rakshith.r.0001@gmail.com>
2023-10-13 07:04:06 +00:00
parent 1880a33af3
commit aafc456527
2 changed files with 25 additions and 11 deletions
--- a/deploy/kubernetes/webhook-example/webhook.yaml
+++ b/deploy/kubernetes/webhook-example/webhook.yaml
@@ -21,7 +21,11 @@ spec:
      - name: snapshot-validation
        image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1 # change the image if you wish to use your own custom validation server image
        imagePullPolicy: IfNotPresent
-        args: ['--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt', '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key']
+        args:
+        - '--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt'
+        - '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key'
+        # uncomment the following line to enable webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass.
+        # - '--enable-volume-group-snapshot-webhook'
        ports:
        - containerPort: 443 # change the port as needed
        volumeMounts:
--- a/pkg/validation-webhook/webhook.go
+++ b/pkg/validation-webhook/webhook.go
@@ -40,11 +40,12 @@ import (
 )

 var (
-	certFile                    string
-	keyFile                     string
-	kubeconfigFile              string
-	port                        int
-	preventVolumeModeConversion bool
+	certFile                         string
+	keyFile                          string
+	kubeconfigFile                   string
+	port                             int
+	preventVolumeModeConversion      bool
+	enableVolumeGroupSnapshotWebhook bool
 )

 // CmdWebhook is used by Cobra.
@@ -71,6 +72,8 @@ func init() {
 	CmdWebhook.Flags().StringVar(&kubeconfigFile, "kubeconfig", "", "kubeconfig file to use for volumesnapshotclasses")
 	CmdWebhook.Flags().BoolVar(&preventVolumeModeConversion, "prevent-volume-mode-conversion",
 		false, "Prevents an unauthorised user from modifying the volume mode when creating a PVC from an existing VolumeSnapshot.")
+	CmdWebhook.Flags().BoolVar(&enableVolumeGroupSnapshotWebhook, "enable-volume-group-snapshot-webhook",
+		false, "Enables webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass.")
 }

 // admitv1beta1Func handles a v1beta1 admission
@@ -217,14 +220,18 @@ func startServer(
 	snapshotWebhook := serveSnapshotWebhook{
 		lister: vscLister,
 	}
-	groupSnapshotWebhook := serveGroupSnapshotWebhook{
-		lister: vgscLister,
-	}

 	fmt.Println("Starting webhook server")
 	mux := http.NewServeMux()
 	mux.Handle("/volumesnapshot", snapshotWebhook)
-	mux.Handle("/volumegroupsnapshot", groupSnapshotWebhook)
+
+	if enableVolumeGroupSnapshotWebhook {
+		groupSnapshotWebhook := serveGroupSnapshotWebhook{
+			lister: vgscLister,
+		}
+		mux.Handle("/volumegroupsnapshot", groupSnapshotWebhook)
+	}
+
 	mux.HandleFunc("/readyz", func(w http.ResponseWriter, req *http.Request) { w.Write([]byte("ok")) })
 	srv := &http.Server{
 		Handler:   mux,
@@ -267,7 +274,10 @@ func main(cmd *cobra.Command, args []string) {

 	factory := informers.NewSharedInformerFactory(snapClient, 0)
 	snapshotLister := factory.Snapshot().V1().VolumeSnapshotClasses().Lister()
-	groupSnapshotLister := factory.Groupsnapshot().V1alpha1().VolumeGroupSnapshotClasses().Lister()
+	var groupSnapshotLister groupsnapshotlisters.VolumeGroupSnapshotClassLister
+	if enableVolumeGroupSnapshotWebhook {
+		groupSnapshotLister = factory.Groupsnapshot().V1alpha1().VolumeGroupSnapshotClasses().Lister()
+	}

 	// Start the informers
 	factory.Start(ctx.Done())