Merge pull request #940 from k8s-infra-cherrypick-robot/cherry-pick-922-to-release-6.3

k8s-ci-robot · web-flow · commit 472863e0c645 · 2023-10-19T21:03:53.000+02:00
[release-6.3] add cmdline args to enable group snapshot webhooks
diff --git a/deploy/kubernetes/webhook-example/webhook.yaml b/deploy/kubernetes/webhook-example/webhook.yaml
@@ -21,7 +21,11 @@ spec:
       - name: snapshot-validation
         image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1 # change the image if you wish to use your own custom validation server image
         imagePullPolicy: IfNotPresent
-        args: ['--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt', '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key']
+        args:
+        - '--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt'
+        - '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key'
+        # uncomment the following line to enable webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass.
+        # - '--enable-volume-group-snapshot-webhook'
         ports:
         - containerPort: 443 # change the port as needed
         volumeMounts:
diff --git a/pkg/validation-webhook/webhook.go b/pkg/validation-webhook/webhook.go
@@ -40,11 +40,12 @@ import (
 )
 
 var (
-	certFile                    string
-	keyFile                     string
-	kubeconfigFile              string
-	port                        int
-	preventVolumeModeConversion bool
+	certFile                         string
+	keyFile                          string
+	kubeconfigFile                   string
+	port                             int
+	preventVolumeModeConversion      bool
+	enableVolumeGroupSnapshotWebhook bool
 )
 
 // CmdWebhook is used by Cobra.
@@ -71,6 +72,8 @@ func init() {
 	CmdWebhook.Flags().StringVar(&kubeconfigFile, "kubeconfig", "", "kubeconfig file to use for volumesnapshotclasses")
 	CmdWebhook.Flags().BoolVar(&preventVolumeModeConversion, "prevent-volume-mode-conversion",
 		false, "Prevents an unauthorised user from modifying the volume mode when creating a PVC from an existing VolumeSnapshot.")
+	CmdWebhook.Flags().BoolVar(&enableVolumeGroupSnapshotWebhook, "enable-volume-group-snapshot-webhook",
+		false, "Enables webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass.")
 }
 
 // admitv1beta1Func handles a v1beta1 admission
@@ -217,14 +220,18 @@ func startServer(
 	snapshotWebhook := serveSnapshotWebhook{
 		lister: vscLister,
 	}
-	groupSnapshotWebhook := serveGroupSnapshotWebhook{
-		lister: vgscLister,
-	}
 
 	fmt.Println("Starting webhook server")
 	mux := http.NewServeMux()
 	mux.Handle("/volumesnapshot", snapshotWebhook)
-	mux.Handle("/volumegroupsnapshot", groupSnapshotWebhook)
+
+	if enableVolumeGroupSnapshotWebhook {
+		groupSnapshotWebhook := serveGroupSnapshotWebhook{
+			lister: vgscLister,
+		}
+		mux.Handle("/volumegroupsnapshot", groupSnapshotWebhook)
+	}
+
 	mux.HandleFunc("/readyz", func(w http.ResponseWriter, req *http.Request) { w.Write([]byte("ok")) })
 	srv := &http.Server{
 		Handler:   mux,
@@ -267,7 +274,10 @@ func main(cmd *cobra.Command, args []string) {
 
 	factory := informers.NewSharedInformerFactory(snapClient, 0)
 	snapshotLister := factory.Snapshot().V1().VolumeSnapshotClasses().Lister()
-	groupSnapshotLister := factory.Groupsnapshot().V1alpha1().VolumeGroupSnapshotClasses().Lister()
+	var groupSnapshotLister groupsnapshotlisters.VolumeGroupSnapshotClassLister
+	if enableVolumeGroupSnapshotWebhook {
+		groupSnapshotLister = factory.Groupsnapshot().V1alpha1().VolumeGroupSnapshotClasses().Lister()
+	}
 
 	// Start the informers
 	factory.Start(ctx.Done())
