From aafc4565272156ef39850b67349a74a2e1b37d55 Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Fri, 13 Oct 2023 07:04:06 +0000 Subject: [PATCH] add cmdline args to enable group snapshot webhooks VolumeGroupSnapshots are still in alpha. This commit adds cmdline args to enable group snapshot webhooks while keeping it disbaled by default. Signed-off-by: Rakshith R --- .../kubernetes/webhook-example/webhook.yaml | 6 +++- pkg/validation-webhook/webhook.go | 30 ++++++++++++------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/deploy/kubernetes/webhook-example/webhook.yaml b/deploy/kubernetes/webhook-example/webhook.yaml index 636ea744..c41c9b52 100644 --- a/deploy/kubernetes/webhook-example/webhook.yaml +++ b/deploy/kubernetes/webhook-example/webhook.yaml @@ -21,7 +21,11 @@ spec: - name: snapshot-validation image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1 # change the image if you wish to use your own custom validation server image imagePullPolicy: IfNotPresent - args: ['--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt', '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key'] + args: + - '--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt' + - '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key' + # uncomment the following line to enable webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass. + # - '--enable-volume-group-snapshot-webhook' ports: - containerPort: 443 # change the port as needed volumeMounts: diff --git a/pkg/validation-webhook/webhook.go b/pkg/validation-webhook/webhook.go index 09beecfd..b4c4f8c7 100644 --- a/pkg/validation-webhook/webhook.go +++ b/pkg/validation-webhook/webhook.go @@ -40,11 +40,12 @@ import ( ) var ( - certFile string - keyFile string - kubeconfigFile string - port int - preventVolumeModeConversion bool + certFile string + keyFile string + kubeconfigFile string + port int + preventVolumeModeConversion bool + enableVolumeGroupSnapshotWebhook bool ) // CmdWebhook is used by Cobra. @@ -71,6 +72,8 @@ func init() { CmdWebhook.Flags().StringVar(&kubeconfigFile, "kubeconfig", "", "kubeconfig file to use for volumesnapshotclasses") CmdWebhook.Flags().BoolVar(&preventVolumeModeConversion, "prevent-volume-mode-conversion", false, "Prevents an unauthorised user from modifying the volume mode when creating a PVC from an existing VolumeSnapshot.") + CmdWebhook.Flags().BoolVar(&enableVolumeGroupSnapshotWebhook, "enable-volume-group-snapshot-webhook", + false, "Enables webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass.") } // admitv1beta1Func handles a v1beta1 admission @@ -217,14 +220,18 @@ func startServer( snapshotWebhook := serveSnapshotWebhook{ lister: vscLister, } - groupSnapshotWebhook := serveGroupSnapshotWebhook{ - lister: vgscLister, - } fmt.Println("Starting webhook server") mux := http.NewServeMux() mux.Handle("/volumesnapshot", snapshotWebhook) - mux.Handle("/volumegroupsnapshot", groupSnapshotWebhook) + + if enableVolumeGroupSnapshotWebhook { + groupSnapshotWebhook := serveGroupSnapshotWebhook{ + lister: vgscLister, + } + mux.Handle("/volumegroupsnapshot", groupSnapshotWebhook) + } + mux.HandleFunc("/readyz", func(w http.ResponseWriter, req *http.Request) { w.Write([]byte("ok")) }) srv := &http.Server{ Handler: mux, @@ -267,7 +274,10 @@ func main(cmd *cobra.Command, args []string) { factory := informers.NewSharedInformerFactory(snapClient, 0) snapshotLister := factory.Snapshot().V1().VolumeSnapshotClasses().Lister() - groupSnapshotLister := factory.Groupsnapshot().V1alpha1().VolumeGroupSnapshotClasses().Lister() + var groupSnapshotLister groupsnapshotlisters.VolumeGroupSnapshotClassLister + if enableVolumeGroupSnapshotWebhook { + groupSnapshotLister = factory.Groupsnapshot().V1alpha1().VolumeGroupSnapshotClasses().Lister() + } // Start the informers factory.Start(ctx.Done())