Merge pull request #31 from teodor-pripoae/gate-cluster-resource-quot…

…a-feature-flag Add flag for cluster resource quota
flanksource · Aug 11, 2020 · 05dc462 · 05dc462
2 parents 1ae1e1f + 0af1e2d
commit 05dc462
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 15 deletions.
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -56,6 +56,7 @@ func main() {
 	var enableLeaderElection bool
 	var cleanupInterval, annotationInterval time.Duration
 	var annotations string
+	var enableClusterResourceQuota bool
 
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
 
@@ -66,6 +67,7 @@ func main() {
 	flag.DurationVar(&annotationInterval, "annotation-interval", 10*time.Minute, "Frequency at which the annotation controller runs.")
 
 	flag.StringVar(&annotations, "annotations", "", "Annotations pods inherit from parent namespace")
+	flag.BoolVar(&enableClusterResourceQuota, "enable-cluster-resource-quota", true, "Enable/Disable cluster resource quota")
 
 	flag.Parse()
 
@@ -91,9 +93,11 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err := clusterresourcequota.Add(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "ClusterResourceQuota")
-		os.Exit(1)
+	if enableClusterResourceQuota {
+		if err := clusterresourcequota.Add(mgr); err != nil {
+			setupLog.Error(err, "unable to create controller", "controller", "ClusterResourceQuota")
+			os.Exit(1)
+		}
 	}
 
 	if err := podannotator.Add(mgr, annotationInterval, strings.Split(annotations, ",")); err != nil {
@@ -109,8 +113,8 @@ func main() {
 
 	setupLog.Info("registering webhooks to the webhook server")
 	hookServer.Register("/mutate-v1-pod", &webhook.Admission{Handler: platformv1.PodAnnotatorMutateWebhook(mgr.GetClient(), strings.Split(annotations, ","))})
-	hookServer.Register("/validate-clusterresourcequota-platform-flanksource-com-v1", platformv1.ClusterResourceQuotaValidatingWebhook(mtx))
-	hookServer.Register("/validate-resourcequota-v1", platformv1.ResourceQuotaValidatingWebhook(mtx))
+	hookServer.Register("/validate-clusterresourcequota-platform-flanksource-com-v1", platformv1.ClusterResourceQuotaValidatingWebhook(mtx, enableClusterResourceQuota))
+	hookServer.Register("/validate-resourcequota-v1", platformv1.ResourceQuotaValidatingWebhook(mtx, enableClusterResourceQuota))
 
 	// +kubebuilder:scaffold:builder
 

diff --git a/pkg/apis/platform/v1/clusterresourcequota_validatingwebhook.go b/pkg/apis/platform/v1/clusterresourcequota_validatingwebhook.go
@@ -34,17 +34,18 @@ var qlog = logf.Log.WithName("clusterresourcequota-validation")
 
 // +kubebuilder:webhook:path=/validate-clusterresourcequota-platform-flanksource-com-v1,mutating=false,failurePolicy=fail,groups=platform.flanksource.com,resources=clusterresourcequotas,verbs=create;update,versions=v1,name=clusterresourcequotas-validation-v1.platform.flanksource.com
 
-func ClusterResourceQuotaValidatingWebhook(mtx *sync.Mutex) *admission.Webhook {
+func ClusterResourceQuotaValidatingWebhook(mtx *sync.Mutex, validationEnabled bool) *admission.Webhook {
 	return &admission.Webhook{
-		Handler: &validatingClusterResourceQuotaHandler{mtx: mtx},
+		Handler: &validatingClusterResourceQuotaHandler{mtx: mtx, validationEnabled: validationEnabled},
 	}
 }
 
 // ClusterResourceQuotaValidator validates ClusterResourceQuotas
 type validatingClusterResourceQuotaHandler struct {
-	client  client.Client
-	decoder *admission.Decoder
-	mtx     *sync.Mutex
+	client            client.Client
+	decoder           *admission.Decoder
+	mtx               *sync.Mutex
+	validationEnabled bool
 }
 
 var _ admission.Handler = &validatingClusterResourceQuotaHandler{}
@@ -59,6 +60,11 @@ func (v *validatingClusterResourceQuotaHandler) Handle(ctx context.Context, req
 		return admission.Errored(http.StatusBadRequest, err)
 	}
 
+	if !v.validationEnabled {
+		qlog.Info("validate resource quota flag is not enabled. All requests will be declared valid")
+		return admission.Allowed("")
+	}
+
 	namespacesList := &corev1.NamespaceList{}
 	if err := v.client.List(ctx, namespacesList); err != nil {
 		qlog.Error(err, "Failed to list namespaces")

diff --git a/pkg/apis/platform/v1/resourcequota_validatingwebhook.go b/pkg/apis/platform/v1/resourcequota_validatingwebhook.go
@@ -34,16 +34,17 @@ var rqLog = logf.Log.WithName("resourcequota-validation")
 
 // +kubebuilder:webhook:path=/validate-resourcequota-v1,mutating=false,failurePolicy=fail,groups="",resources=resourcequotas,verbs=create;update,versions=v1,name=resourcequotas-validation-v1.platform.flanksource.com
 
-func ResourceQuotaValidatingWebhook(mtx *sync.Mutex) *admission.Webhook {
+func ResourceQuotaValidatingWebhook(mtx *sync.Mutex, validationEnabled bool) *admission.Webhook {
 	return &admission.Webhook{
-		Handler: &validatingResourceQuotaHandler{mtx: mtx},
+		Handler: &validatingResourceQuotaHandler{mtx: mtx, validationEnabled: validationEnabled},
 	}
 }
 
 type validatingResourceQuotaHandler struct {
-	client  client.Client
-	decoder *admission.Decoder
-	mtx     *sync.Mutex
+	client            client.Client
+	decoder           *admission.Decoder
+	mtx               *sync.Mutex
+	validationEnabled bool
 }
 
 var _ admission.Handler = &validatingResourceQuotaHandler{}
@@ -58,6 +59,11 @@ func (v *validatingResourceQuotaHandler) Handle(ctx context.Context, req admissi
 		return admission.Errored(http.StatusBadRequest, err)
 	}
 
+	if !v.validationEnabled {
+		qlog.Info("validate resource quota flag is not enabled. All requests will be declared valid")
+		return admission.Allowed("")
+	}
+
 	namespacesList := &corev1.NamespaceList{}
 	if err := v.client.List(ctx, namespacesList); err != nil {
 		qlog.Error(err, "Failed to list namespaces")