diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index 53d110eb..94de69de 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -117,7 +117,7 @@ func run(ctx context.Context, cfg *rest.Config, options *config.Options) error { } if err := webhookServer.RegisterValidators( - clusternetwork.NewCnValidator(c.vcCache, c.nadCache), + clusternetwork.NewCnValidator(c.vcCache), nad.NewNadValidator(c.vmiCache), vlanconfig.NewVlanConfigValidator(c.nadCache, c.vcCache, c.vsCache, c.vmiCache), ); err != nil { diff --git a/pkg/webhook/clusternetwork/validator.go b/pkg/webhook/clusternetwork/validator.go index 85566bb4..52d6289f 100644 --- a/pkg/webhook/clusternetwork/validator.go +++ b/pkg/webhook/clusternetwork/validator.go @@ -3,7 +3,6 @@ package clusternetwork import ( "fmt" - ctlcniv1 "github.com/harvester/harvester/pkg/generated/controllers/k8s.cni.cncf.io/v1" "github.com/harvester/webhook/pkg/server/admission" admissionregv1 "k8s.io/api/admissionregistration/v1" "k8s.io/apimachinery/pkg/labels" @@ -16,23 +15,20 @@ import ( ) const ( - createErr = "could not create cluster network %s because %w" - deleteErr = "could not delete cluster network %s because %w" - StorageNetworkNetAttachDefNamespace = "harvester-system" + createErr = "could not create cluster network %s because %w" + deleteErr = "could not delete cluster network %s because %w" ) type CnValidator struct { admission.DefaultValidator - vcCache ctlnetworkv1.VlanConfigCache - nadCache ctlcniv1.NetworkAttachmentDefinitionCache + vcCache ctlnetworkv1.VlanConfigCache } var _ admission.Validator = &CnValidator{} -func NewCnValidator(vcCache ctlnetworkv1.VlanConfigCache, nadCache ctlcniv1.NetworkAttachmentDefinitionCache) *CnValidator { +func NewCnValidator(vcCache ctlnetworkv1.VlanConfigCache) *CnValidator { validator := &CnValidator{ - vcCache: vcCache, - nadCache: nadCache, + vcCache: vcCache, } return validator } @@ -57,17 +53,6 @@ func (c *CnValidator) Delete(_ *admission.Request, oldObj runtime.Object) error return fmt.Errorf(deleteErr, cn.Name, fmt.Errorf("it's not allowed")) } - nads, err := c.nadCache.List(StorageNetworkNetAttachDefNamespace, labels.Set(map[string]string{ - utils.KeyClusterNetworkLabel: cn.Name, - }).AsSelector()) - if err != nil { - return fmt.Errorf(deleteErr, cn.Name, err) - } - - if len(nads) > 0 { - return fmt.Errorf(deleteErr, cn.Name, fmt.Errorf("storage network is still attached")) - } - vcs, err := c.vcCache.List(labels.Set{ utils.KeyClusterNetworkLabel: cn.Name, }.AsSelector()) diff --git a/pkg/webhook/vlanconfig/validator.go b/pkg/webhook/vlanconfig/validator.go index 0490979b..b8f284ad 100644 --- a/pkg/webhook/vlanconfig/validator.go +++ b/pkg/webhook/vlanconfig/validator.go @@ -16,6 +16,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" kubevirtv1 "kubevirt.io/api/core/v1" + "github.com/harvester/harvester/pkg/util" + networkv1 "github.com/harvester/harvester-network-controller/pkg/apis/network.harvesterhci.io/v1beta1" ctlnetworkv1 "github.com/harvester/harvester-network-controller/pkg/generated/controllers/network.harvesterhci.io/v1beta1" "github.com/harvester/harvester-network-controller/pkg/network/iface" @@ -23,10 +25,10 @@ import ( ) const ( - createErr = "could not create vlanConfig %s because %w" - updateErr = "could not update vlanConfig %s because %w" - deleteErr = "could not delete vlanConfig %s because %w" - StorageNetworkNetAttachDefNamespace = "harvester-system" + createErr = "could not create vlanConfig %s because %w" + updateErr = "could not update vlanConfig %s because %w" + deleteErr = "could not delete vlanConfig %s because %w" + StorageNetworkAnnotation = "storage-network.settings.harvesterhci.io" ) type Validator struct { @@ -144,7 +146,7 @@ func (v *Validator) Delete(_ *admission.Request, oldObj runtime.Object) error { return fmt.Errorf(deleteErr, vc.Name, err) } - nads, err := v.nadCache.List(StorageNetworkNetAttachDefNamespace, labels.Set(map[string]string{ + nads, err := v.nadCache.List(util.HarvesterSystemNamespaceName, labels.Set(map[string]string{ utils.KeyClusterNetworkLabel: vc.Spec.ClusterNetwork, }).AsSelector()) if err != nil { @@ -152,7 +154,11 @@ func (v *Validator) Delete(_ *admission.Request, oldObj runtime.Object) error { } if len(nads) > 0 { - return fmt.Errorf(deleteErr, vc.Name, fmt.Errorf("storage network is still attached")) + for _, nad := range nads { + if nad.DeletionTimestamp == nil && nad.Annotations[StorageNetworkAnnotation] == "true" { + return fmt.Errorf(deleteErr, vc.Name, fmt.Errorf(`storage network nad %s is still attached`, nad.Name)) + } + } } return nil