2995 check if storage network attached before cluster network or vlan…

… config deletion
harvester · Sep 19, 2024 · bdc4343 · bdc4343
1 parent 1d1dac8
commit bdc4343
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 9 deletions.
diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go
@@ -117,7 +117,7 @@ func run(ctx context.Context, cfg *rest.Config, options *config.Options) error {
 	}
 
 	if err := webhookServer.RegisterValidators(
-		clusternetwork.NewCnValidator(c.vcCache),
+		clusternetwork.NewCnValidator(c.vcCache, c.nadCache),
 		nad.NewNadValidator(c.vmiCache),
 		vlanconfig.NewVlanConfigValidator(c.nadCache, c.vcCache, c.vsCache, c.vmiCache),
 	); err != nil {

diff --git a/pkg/webhook/clusternetwork/validator.go b/pkg/webhook/clusternetwork/validator.go
@@ -3,6 +3,7 @@ package clusternetwork
 import (
 	"fmt"
 
+	ctlcniv1 "github.com/harvester/harvester/pkg/generated/controllers/k8s.cni.cncf.io/v1"
 	"github.com/harvester/webhook/pkg/server/admission"
 	admissionregv1 "k8s.io/api/admissionregistration/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -15,20 +16,23 @@ import (
 )
 
 const (
-	createErr = "could not create cluster network %s because %w"
-	deleteErr = "could not delete cluster network %s because %w"
+	createErr                           = "could not create cluster network %s because %w"
+	deleteErr                           = "could not delete cluster network %s because %w"
+	StorageNetworkNetAttachDefNamespace = "harvester-system"
 )
 
 type CnValidator struct {
 	admission.DefaultValidator
-	vcCache ctlnetworkv1.VlanConfigCache
+	vcCache  ctlnetworkv1.VlanConfigCache
+	nadCache ctlcniv1.NetworkAttachmentDefinitionCache
 }
 
 var _ admission.Validator = &CnValidator{}
 
-func NewCnValidator(vcCache ctlnetworkv1.VlanConfigCache) *CnValidator {
+func NewCnValidator(vcCache ctlnetworkv1.VlanConfigCache, nadCache ctlcniv1.NetworkAttachmentDefinitionCache) *CnValidator {
 	validator := &CnValidator{
-		vcCache: vcCache,
+		vcCache:  vcCache,
+		nadCache: nadCache,
 	}
 	return validator
 }
@@ -53,6 +57,17 @@ func (c *CnValidator) Delete(_ *admission.Request, oldObj runtime.Object) error
 		return fmt.Errorf(deleteErr, cn.Name, fmt.Errorf("it's not allowed"))
 	}
 
+	nads, err := c.nadCache.List(StorageNetworkNetAttachDefNamespace, labels.Set(map[string]string{
+		utils.KeyClusterNetworkLabel: cn.Name,
+	}).AsSelector())
+	if err != nil {
+		return fmt.Errorf(deleteErr, cn.Name, err)
+	}
+
+	if len(nads) > 0 {
+		return fmt.Errorf(deleteErr, cn.Name, fmt.Errorf("storage network is still attached"))
+	}
+
 	vcs, err := c.vcCache.List(labels.Set{
 		utils.KeyClusterNetworkLabel: cn.Name,
 	}.AsSelector())

diff --git a/pkg/webhook/vlanconfig/validator.go b/pkg/webhook/vlanconfig/validator.go
@@ -23,9 +23,10 @@ import (
 )
 
 const (
-	createErr = "could not create vlanConfig %s because %w"
-	updateErr = "could not update vlanConfig %s because %w"
-	deleteErr = "could not delete vlanConfig %s because %w"
+	createErr                           = "could not create vlanConfig %s because %w"
+	updateErr                           = "could not update vlanConfig %s because %w"
+	deleteErr                           = "could not delete vlanConfig %s because %w"
+	StorageNetworkNetAttachDefNamespace = "harvester-system"
 )
 
 type Validator struct {
@@ -143,6 +144,17 @@ func (v *Validator) Delete(_ *admission.Request, oldObj runtime.Object) error {
 		return fmt.Errorf(deleteErr, vc.Name, err)
 	}
 
+	nads, err := v.nadCache.List(StorageNetworkNetAttachDefNamespace, labels.Set(map[string]string{
+		utils.KeyClusterNetworkLabel: vc.Spec.ClusterNetwork,
+	}).AsSelector())
+	if err != nil {
+		return fmt.Errorf(deleteErr, vc.Name, err)
+	}
+
+	if len(nads) > 0 {
+		return fmt.Errorf(deleteErr, vc.Name, fmt.Errorf("storage network is still attached"))
+	}
+
 	return nil
 }