Create the webhook validations for externallyCreated variable

Signed-off-by: Sebastian Sch <[email protected]>
k8snetworkplumbingwg · Jul 3, 2023 · fcf34c0 · fcf34c0
1 parent bd7fae5
commit fcf34c0
Show file tree

Hide file tree

Showing 2 changed files with 350 additions and 0 deletions.
diff --git a/pkg/webhook/validate.go b/pkg/webhook/validate.go
@@ -165,6 +165,13 @@ func staticValidateSriovNetworkNodePolicy(cr *sriovnetworkv1.SriovNetworkNodePol
 	if cr.Spec.VdpaType == constants.VdpaTypeVirtio && cr.Spec.EswitchMode != sriovnetworkv1.ESwithModeSwitchDev {
 		return false, fmt.Errorf("virtio/vdpa requires the device to be configured in switchdev mode")
 	}
+
+	// Externally created: we don't support  ExternallyCreated + EswitchMode
+	//TODO: if needed we will need to add this in the future as today EswitchMode is for HWOFFLOAD
+	if cr.Spec.ExternallyCreated && cr.Spec.EswitchMode == sriovnetworkv1.ESwithModeSwitchDev {
+		return false, fmt.Errorf("ExternallyCreated doesn't support the device to be configured in switchdev mode")
+	}
+
 	return true, nil
 }
 
@@ -240,6 +247,21 @@ func validatePolicyForNodeState(policy *sriovnetworkv1.SriovNetworkNodePolicy, s
 			if policy.Spec.NumVfs > MlxMaxVFs && iface.Vendor == MellanoxID {
 				return fmt.Errorf("numVfs(%d) in CR %s exceed the maximum allowed value(%d)", policy.Spec.NumVfs, policy.GetName(), MlxMaxVFs)
 			}
+
+			// Externally create validations
+			if policy.Spec.ExternallyCreated {
+				if policy.Spec.NumVfs != iface.NumVfs {
+					return fmt.Errorf("numVfs(%d) in CR %s is not equal to the number of virtual functions allocated for the PF externally value(%d)", policy.Spec.NumVfs, policy.GetName(), iface.NumVfs)
+				}
+
+				if policy.Spec.Mtu != 0 && policy.Spec.Mtu != iface.Mtu {
+					return fmt.Errorf("MTU(%d) in CR %s is not equal to the MTU for the PF externally value(%d)", policy.Spec.Mtu, policy.GetName(), iface.Mtu)
+				}
+
+				if policy.Spec.LinkType != "" && strings.ToLower(policy.Spec.LinkType) != strings.ToLower(iface.LinkType) {
+					return fmt.Errorf("LinkType(%d) in CR %s is not equal to the LinkType for the PF externally value(%d)", policy.Spec.Mtu, policy.GetName(), iface.Mtu)
+				}
+			}
 			// vdpa: only mellanox cards are supported
 			if policy.Spec.VdpaType == constants.VdpaTypeVirtio && iface.Vendor != MellanoxID {
 				return fmt.Errorf("vendor(%s) in CR %s not supported for virtio-vdpa", iface.Vendor, policy.GetName())
@@ -281,6 +303,22 @@ func validatePfNames(current *sriovnetworkv1.SriovNetworkNodePolicy, previous *s
 			// since it should already be evaluated in previous run.
 			preName, preRngSt, preRngEnd, _ := sriovnetworkv1.ParsePFName(prePf)
 			if curName == preName {
+				// reject policy with externallyManage if there is a policy on the same PF without it
+				if current.Spec.ExternallyCreated != previous.Spec.ExternallyCreated {
+					return fmt.Errorf("externallyManage is inconsistent with existing policy %s", previous.GetName())
+				}
+
+				// reject policy with externallyManage if there is a policy on the same PF with switch dev
+				if current.Spec.ExternallyCreated && previous.Spec.EswitchMode == sriovnetworkv1.ESwithModeSwitchDev {
+					return fmt.Errorf("externallyManage overlap with switchdev mode in existing policy %s", previous.GetName())
+				}
+
+				// reject policy with externallyManage if there is a policy on the same PF with switch dev
+				if previous.Spec.ExternallyCreated && current.Spec.EswitchMode == sriovnetworkv1.ESwithModeSwitchDev {
+					return fmt.Errorf("switchdev overlap with externallyManage mode in existing policy %s", previous.GetName())
+				}
+
+				// Check for overlapping ranges
 				if curRngEnd < preRngSt || curRngSt > preRngEnd {
 					return nil
 				} else {