add hook

Signed-off-by: yaroslavborbat <[email protected]>
deckhouse · Dec 16, 2024 · 4e1cba7 · 4e1cba7
1 parent 599cfbc
commit 4e1cba7
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 13 deletions.
diff --git a/hooks/module_config_on_startup.py b/hooks/module_config_on_startup.py
@@ -0,0 +1,101 @@
+#!/usr/bin/env python3
+#
+# Copyright 2024 Flant JSC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import Callable
+from deckhouse import hook
+from lib.hooks.hook import Hook
+from ipaddress import ip_network,ip_address,IPv4Network,IPv4Address
+import common
+
+
+class ModuleConfigValidateHook(Hook):
+    KIND="ModuleConfig"
+    API_VERSION="deckhouse.io/v1alpha1"
+    SNAPSHOT_NAME = "module-config-validate"
+    LABEL = "moduleconfig.deckhouse.io/name"
+
+    def __init__(self, module_name: str):
+        self.module_name = module_name
+
+    def generate_config(self) -> dict:
+        return {
+            "configVersion": "v1",
+            "onStartup": 1,
+            "kubernetes": [
+                {
+                    "name": self.SNAPSHOT_NAME,
+                    "executeHookOnEvent": [],
+                    "apiVersion": self.API_VERSION,
+                    "kind": self.KIND,
+                    "nameSelector": {
+                        "matchNames": [self.module_name]
+                    },
+                    "group": "main",
+                    "jqFilter": '{"cidrs": .spec.settings.virtualMachineCIDRs}',
+                    "queue": f"/modules/{self.module_name}/{self.SNAPSHOT_NAME}",
+                    "keepFullObjectsInMemory": False
+                },
+                {
+                    "name": "nodes",
+                    "executeHookOnEvent": [],
+                    "apiVersion": "v1",
+                    "kind": "Node",
+                    "group": "main",
+                    "jqFilter": '{"addresses": .status.addresses}',
+                    "queue": f"/modules/{self.module_name}/{self.SNAPSHOT_NAME}",
+                    "keepFullObjectsInMemory": False
+                }
+            ]
+        }
+
+    def check_overlaps_cidrs(networks: list[IPv4Network]) -> None:
+        """Check for overlapping CIDRs in a list of networks."""
+        for i, net1 in enumerate(networks):
+            for net2 in networks[i + 1:]:
+                if net1.overlaps(net2):
+                    raise ValueError(f"Overlapping CIDRs {net1} and {net2}")
+
+    def check_node_addresses_overlap(networks: list[IPv4Network], node_addresses: list[IPv4Address]) -> None:
+        """Check if node addresses overlap with any subnet."""
+        for addr in node_addresses:
+            for net in networks:
+                if addr in net:
+                    raise ValueError(f"Node address {addr} overlaps with subnet {net}")
+
+    def reconcile(self) -> Callable[[hook.Context], None]:
+        def r(ctx: hook.Context):
+            cidrs: list[IPv4Network] = [
+                ip_network(c)
+                for c in ctx.snapshots.get(self.SNAPSHOT_NAME, [{}])[0]
+                .get("filterResult", {})
+                .get("cidrs", [])
+            ]
+            self.check_overlaps_cidrs(cidrs)
+
+            node_addresses: list[IPv4Address] = [
+                ip_address(addr["address"])
+                for snap in ctx.snapshots.get("nodes", [])
+                for addr in (snap.get("filterResult", {}).get("addresses") or [])
+                if addr.get("type") in {"InternalIP", "ExternalIP"}
+            ]
+            self.check_node_addresses_overlap(cidrs, node_addresses)
+
+        return r
+
+
+if __name__ == "__main__":
+    h = ModuleConfigValidateHook(common.MODULE_NAME)
+    h.run()
diff --git a/images/virtualization-artifact/pkg/controller/moduleconfig/cidrs_validator.go b/images/virtualization-artifact/pkg/controller/moduleconfig/cidrs_validator.go
@@ -38,16 +38,8 @@ func newCIDRsValidator(client client.Client) *cidrsValidator {
 	}
 }
 
-func (v cidrsValidator) ValidateCreate(ctx context.Context, mc *mcapi.ModuleConfig) (admission.Warnings, error) {
-	return v.validate(ctx, mc)
-}
-
 func (v cidrsValidator) ValidateUpdate(ctx context.Context, _, newMC *mcapi.ModuleConfig) (admission.Warnings, error) {
-	return v.validate(ctx, newMC)
-}
-
-func (v cidrsValidator) validate(ctx context.Context, mc *mcapi.ModuleConfig) (admission.Warnings, error) {
-	CIDRs, err := parseCIDRs(mc.Spec.Settings)
+	CIDRs, err := parseCIDRs(newMC.Spec.Settings)
 	if err != nil {
 		return admission.Warnings{}, err
 	}

diff --git a/images/virtualization-artifact/pkg/controller/moduleconfig/moduleconfig_webhook.go b/images/virtualization-artifact/pkg/controller/moduleconfig/moduleconfig_webhook.go
@@ -24,6 +24,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 
 	"github.com/deckhouse/deckhouse/pkg/log"
+
 	mcapi "github.com/deckhouse/virtualization-controller/pkg/controller/moduleconfig/api"
 	"github.com/deckhouse/virtualization-controller/pkg/controller/validator"
 )
@@ -49,14 +50,10 @@ func NewModuleConfigValidator(client client.Client) *validator.Validator[*mcapi.
 
 	return validator.NewValidator[*mcapi.ModuleConfig](lg).
 		WithPredicate(&validator.Predicate[*mcapi.ModuleConfig]{
-			Create: func(mc *mcapi.ModuleConfig) bool {
-				return mc.GetName() == moduleConfigName
-			},
 			Update: func(oldMC, newMC *mcapi.ModuleConfig) bool {
 				return newMC.GetName() == moduleConfigName &&
 					oldMC.GetGeneration() != newMC.GetGeneration()
 			},
 		}).
-		WithCreateValidators(cidrs).
 		WithUpdateValidators(cidrs, reduceCIDRs)
 }