From 6adf82678fd97c021d248481d177945bb4230dfe Mon Sep 17 00:00:00 2001
From: jeffy <jhchen08@foxmail.com>
Date: Thu, 12 Jan 2023 10:27:36 +0800
Subject: [PATCH] fix webhook (#2236)

* 1.add job and cronjob check in webhook
2.fix pod check in webhook

* 1. remove debug log

Co-authored-by: yl4811 <yl4811@yealink.com>
---
 pkg/webhook/static_ip.go | 37 +++++++++++++++++++++++++++++++++----
 pkg/webhook/webhook.go   |  6 ++++--
 yamls/webhook.yaml       |  9 +++++++++
 3 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/pkg/webhook/static_ip.go b/pkg/webhook/static_ip.go
index bb33780741c..b773d5b71b6 100644
--- a/pkg/webhook/static_ip.go
+++ b/pkg/webhook/static_ip.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/klog/v2"
@@ -23,6 +24,8 @@ var (
 	deploymentGVK  = metav1.GroupVersionKind{Group: appsv1.SchemeGroupVersion.Group, Version: appsv1.SchemeGroupVersion.Version, Kind: "Deployment"}
 	statefulSetGVK = metav1.GroupVersionKind{Group: appsv1.SchemeGroupVersion.Group, Version: appsv1.SchemeGroupVersion.Version, Kind: "StatefulSet"}
 	daemonSetGVK   = metav1.GroupVersionKind{Group: appsv1.SchemeGroupVersion.Group, Version: appsv1.SchemeGroupVersion.Version, Kind: "DaemonSet"}
+	jobSetGVK      = metav1.GroupVersionKind{Group: batchv1.SchemeGroupVersion.Group, Version: batchv1.SchemeGroupVersion.Version, Kind: "Job"}
+	cornJobSetGVK  = metav1.GroupVersionKind{Group: batchv1.SchemeGroupVersion.Group, Version: batchv1.SchemeGroupVersion.Version, Kind: "CronJob"}
 	podGVK         = metav1.GroupVersionKind{Group: corev1.SchemeGroupVersion.Group, Version: corev1.SchemeGroupVersion.Version, Kind: "Pod"}
 	subnetGVK      = metav1.GroupVersionKind{Group: ovnv1.SchemeGroupVersion.Group, Version: ovnv1.SchemeGroupVersion.Version, Kind: "Subnet"}
 	vpcGVK         = metav1.GroupVersionKind{Group: ovnv1.SchemeGroupVersion.Group, Version: ovnv1.SchemeGroupVersion.Version, Kind: "Vpc"}
@@ -70,6 +73,34 @@ func (v *ValidatingHook) DaemonSetCreateHook(ctx context.Context, req admission.
 	return v.validateIp(ctx, o.Spec.Template.GetAnnotations(), o.Kind, o.GetName(), o.GetNamespace())
 }
 
+func (v *ValidatingHook) JobSetCreateHook(ctx context.Context, req admission.Request) admission.Response {
+	o := batchv1.Job{}
+	if err := v.decoder.Decode(req, &o); err != nil {
+		return ctrlwebhook.Errored(http.StatusBadRequest, err)
+	}
+	// Get pod template static ips
+	staticIPSAnno := o.Spec.Template.GetAnnotations()[util.IpPoolAnnotation]
+	klog.V(3).Infof("%s %s@%s, ip_pool: %s", o.Kind, o.GetName(), o.GetNamespace(), staticIPSAnno)
+	if staticIPSAnno == "" {
+		return ctrlwebhook.Allowed("by pass")
+	}
+	return v.validateIp(ctx, o.Spec.Template.GetAnnotations(), o.Kind, o.GetName(), o.GetNamespace())
+}
+
+func (v *ValidatingHook) CornJobSetCreateHook(ctx context.Context, req admission.Request) admission.Response {
+	o := batchv1.CronJob{}
+	if err := v.decoder.Decode(req, &o); err != nil {
+		return ctrlwebhook.Errored(http.StatusBadRequest, err)
+	}
+	// Get pod template static ips
+	staticIPSAnno := o.Spec.JobTemplate.Spec.Template.GetAnnotations()[util.IpPoolAnnotation]
+	klog.V(3).Infof("%s %s@%s, ip_pool: %s", o.Kind, o.GetName(), o.GetNamespace(), staticIPSAnno)
+	if staticIPSAnno == "" {
+		return ctrlwebhook.Allowed("by pass")
+	}
+	return v.validateIp(ctx, o.Spec.JobTemplate.Spec.Template.GetAnnotations(), o.Kind, o.GetName(), o.GetNamespace())
+}
+
 func (v *ValidatingHook) PodCreateHook(ctx context.Context, req admission.Request) admission.Response {
 	o := corev1.Pod{}
 	if err := v.decoder.Decode(req, &o); err != nil {
@@ -77,12 +108,10 @@ func (v *ValidatingHook) PodCreateHook(ctx context.Context, req admission.Reques
 	}
 	poolAnno := o.GetAnnotations()[util.IpPoolAnnotation]
 	klog.V(3).Infof("%s %s@%s, ip_pool: %s", o.Kind, o.GetName(), o.GetNamespace(), poolAnno)
-	if poolAnno != "" {
-		return ctrlwebhook.Allowed("by pass")
-	}
+
 	staticIP := o.GetAnnotations()[util.IpAddressAnnotation]
 	klog.V(3).Infof("%s %s@%s, ip_address: %s", o.Kind, o.GetName(), o.GetNamespace(), staticIP)
-	if staticIP == "" {
+	if staticIP == "" && poolAnno == "" {
 		return ctrlwebhook.Allowed("by pass")
 	}
 	if v.allowLiveMigration(ctx, o.GetAnnotations(), o.GetName(), o.GetNamespace()) {
diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
index 683a1614800..21dcfff5b38 100644
--- a/pkg/webhook/webhook.go
+++ b/pkg/webhook/webhook.go
@@ -42,12 +42,14 @@ func NewValidatingHook(c cache.Cache) (*ValidatingHook, error) {
 	createHooks[deploymentGVK] = v.DeploymentCreateHook
 	createHooks[statefulSetGVK] = v.StatefulSetCreateHook
 	createHooks[daemonSetGVK] = v.DaemonSetCreateHook
+	createHooks[cornJobSetGVK] = v.CornJobSetCreateHook
+	createHooks[jobSetGVK] = v.JobSetCreateHook
 	createHooks[podGVK] = v.PodCreateHook
-	createHooks[subnetGVK] = v.SubnetCreateHook
 
+	createHooks[subnetGVK] = v.SubnetCreateHook
 	updateHooks[subnetGVK] = v.SubnetUpdateHook
-
 	deleteHooks[subnetGVK] = v.SubnetDeleteHook
+
 	deleteHooks[vpcGVK] = v.VpcDeleteHook
 
 	return v, nil
diff --git a/yamls/webhook.yaml b/yamls/webhook.yaml
index 0b5b1c3f853..3c1e6f125a3 100644
--- a/yamls/webhook.yaml
+++ b/yamls/webhook.yaml
@@ -89,6 +89,15 @@ webhooks:
         - deployments
         - statefulsets
         - daemonsets
+    - operations:
+        - CREATE
+      apiGroups:
+        - "batch"
+      apiVersions:
+        - v1
+      resources:
+        - jobs
+        - cronjobs
     - operations:
         - CREATE
       apiGroups: