From 4f783f10fc34a283f2632911ce6757ea31e62f90 Mon Sep 17 00:00:00 2001 From: Shawn Hurley Date: Thu, 7 Apr 2022 10:39:08 -0400 Subject: [PATCH 1/2] Updating readme based on new flag for webhook * Adding volumesnapshotclasses to admission configuration template --- README.md | 2 ++ .../kubernetes/webhook-example/admission-configuration-template | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5f35bd63..11517413 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,8 @@ Read more about how to install the example webhook [here](deploy/kubernetes/webh * `--port`: Secure port that the webhook listens on (default 443) +* `--kubeconfig `: Path to Kubernetes client configuration that the webhook uses to connect to Kubernetes API server. When omitted, default token provided by Kubernetes will be used. This option is useful only when the snapshot controller does not run as a Kubernetes pod, e.g. for debugging. + ### Distributed Snapshotting The distributed snapshotting feature is provided to handle snapshot operations for local volumes. To use this functionality, the snapshotter sidecar should be deployed along with the csi driver on each node so that every node manages the snapshot operations only for the volumes local to that node. This feature can be enabled by setting the following command line options to true: diff --git a/deploy/kubernetes/webhook-example/admission-configuration-template b/deploy/kubernetes/webhook-example/admission-configuration-template index 6f43cc71..bae6e4f8 100644 --- a/deploy/kubernetes/webhook-example/admission-configuration-template +++ b/deploy/kubernetes/webhook-example/admission-configuration-template @@ -8,7 +8,7 @@ webhooks: - apiGroups: ["snapshot.storage.k8s.io"] apiVersions: ["v1", "v1beta1"] operations: ["CREATE", "UPDATE"] - resources: ["volumesnapshots", "volumesnapshotcontents"] + resources: ["volumesnapshots", "volumesnapshotcontents", "volumesnapshotclasses"] scope: "*" clientConfig: service: From d8a31738f1d96b2a6636dde4225d44c74c1c3293 Mon Sep 17 00:00:00 2001 From: Shawn Hurley Date: Wed, 13 Apr 2022 09:56:44 -0400 Subject: [PATCH 2/2] Adding documentation for the validations that the webhook performs --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index 11517413..515492d5 100644 --- a/README.md +++ b/README.md @@ -111,6 +111,25 @@ Read more about how to install the example webhook [here](deploy/kubernetes/webh * `--kubeconfig `: Path to Kubernetes client configuration that the webhook uses to connect to Kubernetes API server. When omitted, default token provided by Kubernetes will be used. This option is useful only when the snapshot controller does not run as a Kubernetes pod, e.g. for debugging. +#### Validating Webhook Validations + +##### Volume Snapshot + +* Spec.VolumeSnapshotClassName must not be an empty string or nil on creation +* Spec.Source.PersistentVolumeClaimName must not be changed on update requests +* Spec.Source.VolumeSnapshotContentName must not be changed on update requests + +##### Volume Snapshot Content + +* Spec.VolumeSnapshotRef.Name must not be an empty string on creation +* Spec.VolumeSnapshotRef.Namespace must not be an empty stringon creation +* Spec.Source.VolumeHandle must not be changed on update requests +* Spec.Source.SnapshotHandle must not be changed on update requests + +##### Volume Snapshot Classes + +* There can only be a single default volume snapshot class for a particular driver. + ### Distributed Snapshotting The distributed snapshotting feature is provided to handle snapshot operations for local volumes. To use this functionality, the snapshotter sidecar should be deployed along with the csi driver on each node so that every node manages the snapshot operations only for the volumes local to that node. This feature can be enabled by setting the following command line options to true: