webhook: mutate rook op csv if previeous csv had hostNetwork enabled

rohan47 · rohan47 · commit cead385fd382 · 2025-08-18T15:33:39.000+05:30
updated webhook to mutate rook-opearator csv if the previous rook-op csv
had hostNetwork enabled for rook-op deployment

Signed-off-by: Rohan Gupta &lt;rohgupta@redhat.com&gt;
diff --git a/main.go b/main.go
@@ -154,7 +154,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err = (&webhook.ClusterServiceVersionDeploymentScaler{
+	if err = (&webhook.ClusterServiceVersionMutator{
 		Client:            mgr.GetClient(),
 		Decoder:           admission.NewDecoder(mgr.GetScheme()),
 		OperatorNamespace: operatorNamespace,
diff --git a/webhook/csv.go b/webhook/csv.go
@@ -36,7 +36,7 @@ import (
 	"github.com/red-hat-storage/odf-operator/controllers"
 )
 
-type ClusterServiceVersionDeploymentScaler struct {
+type ClusterServiceVersionMutator struct {
 	client.Client
 
 	Decoder           admission.Decoder
@@ -45,12 +45,13 @@ type ClusterServiceVersionDeploymentScaler struct {
 	odfOperatorConfigAccessMutex        sync.Mutex
 	odfOperatorConfigMapResourceVersion string
 	odfOwnedCsvNames                    map[string]bool
+	rookOperatorCsvName                 string
 }
 
 //+kubebuilder:rbac:groups=operators.coreos.com,resources=clusterserviceversions,verbs=get;patch
 //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get
 
-func (r *ClusterServiceVersionDeploymentScaler) Handle(ctx context.Context, req admission.Request) admission.Response {
+func (r *ClusterServiceVersionMutator) Handle(ctx context.Context, req admission.Request) admission.Response {
 
 	logger := log.FromContext(ctx)
 	logger.Info("request received for csv review")
@@ -66,23 +67,37 @@ func (r *ClusterServiceVersionDeploymentScaler) Handle(ctx context.Context, req
 		return admission.Errored(http.StatusInternalServerError, fmt.Errorf("failed to build config: %v", err))
 	}
 
-	if ok := r.isCsvManagedByOdf(csv); !ok {
-		logger.Info("ignoring csv as it is not a csv managed by ODF")
-		return admission.Allowed("csv is not managed by ODF")
-	}
+	mutate := false
 
-	running, err := r.isPreviousCsvHasRunningDeployments(ctx, logger, csv)
-	if err != nil {
-		logger.Error(err, "failed getting replicas from csv")
-		return admission.Errored(http.StatusInternalServerError, fmt.Errorf("failed getting replicas from csv: %v", err))
+	if r.isCsvManagedByOdf(csv) {
+		running, err := r.isPreviousCsvHasRunningDeployments(ctx, logger, csv)
+		if err != nil {
+			logger.Error(err, "failed getting replicas from csv")
+			return admission.Errored(http.StatusInternalServerError, fmt.Errorf("failed getting replicas from csv: %v", err))
+		}
+		if !running {
+			r.scaleDownCsvDeployments(logger, csv)
+			mutate = true
+		}
 	}
 
-	if running {
-		logger.Info("ignoring csv as the previous csv deployments are running")
-		return admission.Allowed("previous csv deployments are running")
+	if csv.Name == r.rookOperatorCsvName {
+		hostNetwork, err := r.isPreviousRookCsvHasHostNetwork(ctx, logger, csv)
+		if err != nil {
+			logger.Error(err, "failed checking previous rook csv hostNetwork")
+			return admission.Errored(http.StatusInternalServerError, fmt.Errorf("failed checking previous rook csv hostNetwork: %v", err))
+		}
+		if hostNetwork {
+			logger.Info("mutating csv: enabling hostNetwork for rook operator")
+			r.enableHostNetworkOnRookOperator(csv)
+			mutate = true
+		}
 	}
 
-	r.scaleDownCsvDeployments(logger, csv)
+	if !mutate {
+		logger.Info("ignoring csv as no mutation required")
+		return admission.Allowed("no csv mutation required")
+	}
 
 	marshaledCsv, err := json.Marshal(csv)
 	if err != nil {
@@ -93,7 +108,7 @@ func (r *ClusterServiceVersionDeploymentScaler) Handle(ctx context.Context, req
 	return admission.PatchResponseFromRaw(req.Object.Raw, marshaledCsv)
 }
 
-func (r *ClusterServiceVersionDeploymentScaler) loadOdfConfigMapData(ctx context.Context, logger logr.Logger) error {
+func (r *ClusterServiceVersionMutator) loadOdfConfigMapData(ctx context.Context, logger logr.Logger) error {
 
 	configmap, err := controllers.GetOdfConfigMap(ctx, r.Client, logger)
 	if err != nil {
@@ -113,6 +128,9 @@ func (r *ClusterServiceVersionDeploymentScaler) loadOdfConfigMapData(ctx context
 			logger.Info("skipping the record from the configmap", "key", key, "value", rawValue)
 			return
 		}
+		if record.Pkg == "rook-ceph-operator" {
+			r.rookOperatorCsvName = record.Csv
+		}
 
 		r.odfOwnedCsvNames[record.Csv] = true
 	})
@@ -123,25 +141,16 @@ func (r *ClusterServiceVersionDeploymentScaler) loadOdfConfigMapData(ctx context
 	return nil
 }
 
-func (r *ClusterServiceVersionDeploymentScaler) isPreviousCsvHasRunningDeployments(ctx context.Context, logger logr.Logger, csv *opv1a1.ClusterServiceVersion) (bool, error) {
-
-	if csv.Spec.Replaces == "" {
-		logger.Info("csv.Spec.Replaces is not populated")
-		return false, nil
+func (r *ClusterServiceVersionMutator) isPreviousCsvHasRunningDeployments(ctx context.Context, logger logr.Logger, csv *opv1a1.ClusterServiceVersion) (bool, error) {
+	deployments, err := r.getDeploymentsFromPreviousCsv(ctx, logger, csv)
+	if err != nil {
+		logger.Error(err, "failed getting previous csv deployments")
+		return false, err
 	}
-
-	prevCsv := &opv1a1.ClusterServiceVersion{}
-	key := client.ObjectKey{Name: csv.Spec.Replaces, Namespace: csv.Namespace}
-
-	if err := r.Client.Get(ctx, key, prevCsv); errors.IsNotFound(err) {
-		// new install where an previous csv does not exists
+	if len(deployments) == 0 {
 		return false, nil
-	} else if err != nil {
-		logger.Error(err, "failed getting previous csv")
-		return false, err
 	}
 
-	deployments := prevCsv.Spec.InstallStrategy.StrategySpec.DeploymentSpecs
 	for i := range deployments {
 		deployment := &deployments[i]
 		if deployment.Spec.Replicas == nil || *deployment.Spec.Replicas > 0 {
@@ -154,7 +163,7 @@ func (r *ClusterServiceVersionDeploymentScaler) isPreviousCsvHasRunningDeploymen
 	return false, nil
 }
 
-func (r *ClusterServiceVersionDeploymentScaler) scaleDownCsvDeployments(logger logr.Logger, csv *opv1a1.ClusterServiceVersion) {
+func (r *ClusterServiceVersionMutator) scaleDownCsvDeployments(logger logr.Logger, csv *opv1a1.ClusterServiceVersion) {
 
 	logger.Info("mutating requested csv")
 
@@ -163,12 +172,59 @@ func (r *ClusterServiceVersionDeploymentScaler) scaleDownCsvDeployments(logger l
 	}
 }
 
-func (r *ClusterServiceVersionDeploymentScaler) isCsvManagedByOdf(csv *opv1a1.ClusterServiceVersion) bool {
+func (r *ClusterServiceVersionMutator) isPreviousRookCsvHasHostNetwork(ctx context.Context, logger logr.Logger, csv *opv1a1.ClusterServiceVersion) (bool, error) {
+	deployments, err := r.getDeploymentsFromPreviousCsv(ctx, logger, csv)
+	if err != nil {
+		logger.Error(err, "failed getting previous csv deployments")
+		return false, err
+	}
+	if len(deployments) == 0 {
+		logger.Info("no previous deployments found")
+		return false, nil
+	}
+	for i := range deployments {
+		deployment := &deployments[i]
+		if deployment.Name == "rook-ceph-operator" && deployment.Spec.Template.Spec.HostNetwork {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+func (r *ClusterServiceVersionMutator) enableHostNetworkOnRookOperator(csv *opv1a1.ClusterServiceVersion) {
+	for i := range csv.Spec.InstallStrategy.StrategySpec.DeploymentSpecs {
+		csv.Spec.InstallStrategy.StrategySpec.DeploymentSpecs[i].Spec.Template.Spec.HostNetwork = true
+	}
+}
+
+func (r *ClusterServiceVersionMutator) getDeploymentsFromPreviousCsv(ctx context.Context, logger logr.Logger, csv *opv1a1.ClusterServiceVersion) ([]opv1a1.StrategyDeploymentSpec, error) {
+	if csv.Spec.Replaces == "" {
+		logger.Info("csv.Spec.Replaces is not populated")
+		return nil, nil
+	}
+
+	prevCsv := &opv1a1.ClusterServiceVersion{}
+	key := client.ObjectKey{Name: csv.Spec.Replaces, Namespace: csv.Namespace}
+
+	if err := r.Client.Get(ctx, key, prevCsv); errors.IsNotFound(err) {
+		// new install where an previous csv does not exists
+		return nil, nil
+	} else if err != nil {
+		logger.Error(err, "failed getting previous csv")
+		return nil, err
+	}
+
+	return prevCsv.Spec.InstallStrategy.StrategySpec.DeploymentSpecs, nil
+
+}
+
+func (r *ClusterServiceVersionMutator) isCsvManagedByOdf(csv *opv1a1.ClusterServiceVersion) bool {
 
 	return r.odfOwnedCsvNames[csv.Name]
 }
 
-func (r *ClusterServiceVersionDeploymentScaler) SetupWebhookWithManager(mgr ctrl.Manager) error {
+func (r *ClusterServiceVersionMutator) SetupWebhookWithManager(mgr ctrl.Manager) error {
 
 	mgr.GetWebhookServer().Register(controllers.CsvWebhookPath, &webhook.Admission{Handler: r})
 

Original file line number	Diff line number	Diff line change
`@@ -154,7 +154,7 @@ func main() {`
`154`	`154`	`os.Exit(1)`
`155`	`155`	`}`
`156`	`156`
`157`		`- if err = (&webhook.ClusterServiceVersionDeploymentScaler{`
	`157`	`+ if err = (&webhook.ClusterServiceVersionMutator{`
`158`	`158`	`Client: mgr.GetClient(),`
`159`	`159`	`Decoder: admission.NewDecoder(mgr.GetScheme()),`
`160`	`160`	`OperatorNamespace: operatorNamespace,`