Disallow legacy hostNetwork together with non-default provider

.commitlintrc.json

@@ -28,6 +28,7 @@
         "mon",
         "monitoring",
         "multus",
+	"network",
         "nfs",
         "object",
         "operator",

deploy/charts/rook-ceph/templates/resources.yaml

@@ -2282,6 +2282,8 @@ spec:
                   x-kubernetes-validations:
                     - message: at least one network selector must be specified when using multus
                       rule: '!has(self.provider) || (self.provider != ''multus'' || (self.provider == ''multus'' && size(self.selectors) > 0))'
+                    - message: the legacy hostNetwork setting can only be set if the network.provider is set to the empty string
+                      rule: '!has(self.hostNetwork) || self.hostNetwork == false || !has(self.provider) || self.provider == ""'
                 placement:
                   additionalProperties:
                     description: Placement is the placement for an object

deploy/examples/crds.yaml

@@ -2280,6 +2280,8 @@ spec:
                   x-kubernetes-validations:
                     - message: at least one network selector must be specified when using multus
                       rule: '!has(self.provider) || (self.provider != ''multus'' || (self.provider == ''multus'' && size(self.selectors) > 0))'
+                    - message: the legacy hostNetwork setting can only be set if the network.provider is set to the empty string
+                      rule: '!has(self.hostNetwork) || self.hostNetwork == false || !has(self.provider) || self.provider == ""'
                 placement:
                   additionalProperties:
                     description: Placement is the placement for an object

pkg/apis/ceph.rook.io/v1/network.go

@@ -39,6 +39,9 @@ func (n *NetworkSpec) IsHost() bool {
 }
 
 func ValidateNetworkSpec(clusterNamespace string, spec NetworkSpec) error {
+	if spec.HostNetwork && (spec.Provider != NetworkProviderDefault) {
+		return errors.Errorf(`the legacy hostNetwork setting is only valid with the default network provider ("") and not with '%q'`, spec.Provider)
+	}
 	if spec.IsMultus() {
 		if len(spec.Selectors) == 0 {
 			return errors.Errorf("at least one network selector must be specified when using the %q network provider", NetworkProviderMultus)

pkg/apis/ceph.rook.io/v1/network_test.go

@@ -42,6 +42,36 @@ func TestNetworkCephSpecLegacy(t *testing.T) {
 	assert.Equal(t, expected, net)
 }
 
+func TestValidateNetworkSpec(t *testing.T) {
+	net := NetworkSpec{
+		HostNetwork: true,
+		Provider:    NetworkProviderDefault,
+	}
+	err := ValidateNetworkSpec("", net)
+	assert.NoError(t, err)
+
+	net = NetworkSpec{
+		HostNetwork: true,
+		Provider:    NetworkProviderHost,
+	}
+	err = ValidateNetworkSpec("", net)
+	assert.Error(t, err)
+
+	net = NetworkSpec{
+		HostNetwork: false,
+		Provider:    NetworkProviderDefault,
+	}
+	err = ValidateNetworkSpec("", net)
+	assert.NoError(t, err)
+
+	net = NetworkSpec{
+		HostNetwork: false,
+		Provider:    NetworkProviderHost,
+	}
+	err = ValidateNetworkSpec("", net)
+	assert.NoError(t, err)
+}
+
 func TestNetworkCephIsHostLegacy(t *testing.T) {
 	net := NetworkSpec{HostNetwork: true}
 

pkg/apis/ceph.rook.io/v1/types.go

@@ -2316,6 +2316,7 @@ type SSSDSidecarAdditionalFile struct {
 
 // NetworkSpec for Ceph includes backward compatibility code
 // +kubebuilder:validation:XValidation:message="at least one network selector must be specified when using multus",rule="!has(self.provider) || (self.provider != 'multus' || (self.provider == 'multus' && size(self.selectors) > 0))"
+// +kubebuilder:validation:XValidation:message=`the legacy hostNetwork setting can only be set if the network.provider is set to the empty string`,rule=`!has(self.hostNetwork) || self.hostNetwork == false || !has(self.provider) || self.provider == ""`
 type NetworkSpec struct {
 	// Provider is what provides network connectivity to the cluster e.g. "host" or "multus".
 	// If the Provider is updated from being empty to "host" on a running cluster, then the operator will automatically fail over all the mons to apply the "host" network settings.