add webhook vaildate the vpc resource whether can be deleted. (#1423)

kubeovn · Apr 6, 2022 · e7c69ba · e7c69ba
1 parent c9a5888
commit e7c69ba
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 0 deletions.
diff --git a/pkg/webhook/static_ip.go b/pkg/webhook/static_ip.go
@@ -24,6 +24,7 @@ var (
 	daemonSetGVK   = metav1.GroupVersionKind{Group: appsv1.SchemeGroupVersion.Group, Version: appsv1.SchemeGroupVersion.Version, Kind: "DaemonSet"}
 	podGVK         = metav1.GroupVersionKind{Group: corev1.SchemeGroupVersion.Group, Version: corev1.SchemeGroupVersion.Version, Kind: "Pod"}
 	subnetGVK      = metav1.GroupVersionKind{Group: ovnv1.SchemeGroupVersion.Group, Version: ovnv1.SchemeGroupVersion.Version, Kind: "Subnet"}
+	vpcGVK         = metav1.GroupVersionKind{Group: ovnv1.SchemeGroupVersion.Group, Version: ovnv1.SchemeGroupVersion.Version, Kind: "Vpc"}
 )
 
 func (v *ValidatingHook) DeploymentCreateHook(ctx context.Context, req admission.Request) admission.Response {

diff --git a/pkg/webhook/vpc.go b/pkg/webhook/vpc.go
@@ -0,0 +1,24 @@
+package webhook
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	ctrlwebhook "sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	ovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
+)
+
+func (v *ValidatingHook) VpcDeleteHook(ctx context.Context, req admission.Request) admission.Response {
+	vpc := ovnv1.Vpc{}
+	if err := v.decoder.DecodeRaw(req.OldObject, &vpc); err != nil {
+		return ctrlwebhook.Errored(http.StatusBadRequest, err)
+	}
+	if 0 != len(vpc.Status.Subnets) {
+		err := fmt.Errorf("can't delete vpc when any subnet in the vpc")
+		return ctrlwebhook.Denied(err.Error())
+	}
+	return ctrlwebhook.Allowed("by pass")
+}
diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
@@ -49,6 +49,8 @@ func NewValidatingHook(c cache.Cache) (*ValidatingHook, error) {
 
 	deleteHooks[subnetGVK] = v.SubnetDeleteHook
 
+	deleteHooks[vpcGVK] = v.VpcDeleteHook
+
 	return v, nil
 }
 

diff --git a/yamls/webhook.yaml b/yamls/webhook.yaml
@@ -107,6 +107,7 @@ webhooks:
         - v1
       resources:
         - subnets
+        - vpcs
   failurePolicy: Ignore
   admissionReviewVersions: ["v1", "v1beta1"]
   sideEffects: None