Allow enabling legacy namespace quota independent of usage profiles (#…

…123)
appuio · Aug 30, 2024 · 33cbf64 · 33cbf64
1 parent 0c09073
commit 33cbf64
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/main.go b/main.go
@@ -86,6 +86,9 @@ func main() {
 	var namespaceMetadataValidatorEnabled bool
 	flag.BoolVar(&namespaceMetadataValidatorEnabled, "namespace-metadata-validator-enabled", false, "Enable the NamespaceMetadataValidator webhook. Validates the metadata of a namespace.")
 
+	var legacyNamespaceQuotaEnabled bool
+	flag.BoolVar(&legacyNamespaceQuotaEnabled, "legacy-namespace-quota-enabled", false, "Enable the legacy namespace quota controller. This controller is deprecated and will be removed in the future.")
+
 	var qps, burst int
 	flag.IntVar(&qps, "qps", 20, "QPS to use for the controller-runtime client")
 	flag.IntVar(&burst, "burst", 100, "Burst to use for the controller-runtime client")
@@ -241,15 +244,16 @@ func main() {
 
 			Skipper: psk,
 
-			SkipValidateQuota: disableUsageProfiles,
+			SkipValidateQuota: disableUsageProfiles && !legacyNamespaceQuotaEnabled,
 
 			OrganizationLabel:                 conf.OrganizationLabel,
 			UserDefaultOrganizationAnnotation: conf.UserDefaultOrganizationAnnotation,
 
 			SelectedProfile:        selectedUsageProfile,
 			QuotaOverrideNamespace: conf.QuotaOverrideNamespace,
 
-			LegacyNamespaceQuota: conf.LegacyNamespaceQuota,
+			EnableLegacyNamespaceQuota: legacyNamespaceQuotaEnabled,
+			LegacyNamespaceQuota:       conf.LegacyNamespaceQuota,
 		},
 	})
 

diff --git a/webhooks/namespace_quota_validator.go b/webhooks/namespace_quota_validator.go
@@ -50,6 +50,8 @@ type NamespaceQuotaValidator struct {
 	// QuotaOverrideNamespace is the namespace in which the quota overrides are stored
 	QuotaOverrideNamespace string
 
+	// EnableLegacyNamespaceQuota enables the legacy namespace quota.
+	EnableLegacyNamespaceQuota bool
 	// LegacyNamespaceQuota is the namespace quota for legacy mode.
 	// It is used if no ZoneUsageProfile is selected.
 	LegacyNamespaceQuota int
@@ -60,7 +62,7 @@ func (v *NamespaceQuotaValidator) Handle(ctx context.Context, req admission.Requ
 	ctx = log.IntoContext(ctx, log.FromContext(ctx).
 		WithName("webhook.validate-namespace-quota.appuio.io").
 		WithValues("id", req.UID, "user", req.UserInfo.Username).
-		WithValues("legacyMode", v.legacyMode()).
+		WithValues("legacyMode", v.LegacyNamespaceQuota).
 		WithValues("namespace", req.Namespace, "name", req.Name,
 			"group", req.Kind.Group, "version", req.Kind.Version, "kind", req.Kind.Kind))
 
@@ -117,7 +119,7 @@ func (v *NamespaceQuotaValidator) handle(ctx context.Context, req admission.Requ
 	}
 
 	var nsCountLimit int
-	if v.legacyMode() {
+	if v.EnableLegacyNamespaceQuota {
 		nsCountLimit = v.LegacyNamespaceQuota
 	} else {
 		if v.SelectedProfile == "" {
@@ -163,11 +165,6 @@ func (v *NamespaceQuotaValidator) handle(ctx context.Context, req admission.Requ
 	return admission.Allowed("allowed")
 }
 
-// legacyMode returns true if the legacy namespace quota is set and no ZoneUsageProfile is selected.
-func (v *NamespaceQuotaValidator) legacyMode() bool {
-	return v.SelectedProfile == "" && v.LegacyNamespaceQuota > 0
-}
-
 // logAdmissionResponse logs the admission response to the logger derived from the given context and returns it unchanged.
 func logAdmissionResponse(ctx context.Context, res admission.Response) admission.Response {
 	l := log.FromContext(ctx)

diff --git a/webhooks/namespace_quota_validator_test.go b/webhooks/namespace_quota_validator_test.go
@@ -344,6 +344,9 @@ func TestNamespaceQuotaValidator_Handle(t *testing.T) {
 				LegacyNamespaceQuota:   test.legacyQuota,
 			}
 
+			if test.legacyQuota > 0 {
+				subject.EnableLegacyNamespaceQuota = true
+			}
 			if test.disableProfile {
 				subject.SelectedProfile = ""
 			}