diff --git a/main.go b/main.go index 849ab30..d101335 100644 --- a/main.go +++ b/main.go @@ -86,6 +86,9 @@ func main() { var namespaceMetadataValidatorEnabled bool flag.BoolVar(&namespaceMetadataValidatorEnabled, "namespace-metadata-validator-enabled", false, "Enable the NamespaceMetadataValidator webhook. Validates the metadata of a namespace.") + var legacyNamespaceQuotaEnabled bool + flag.BoolVar(&legacyNamespaceQuotaEnabled, "legacy-namespace-quota-enabled", false, "Enable the legacy namespace quota controller. This controller is deprecated and will be removed in the future.") + var qps, burst int flag.IntVar(&qps, "qps", 20, "QPS to use for the controller-runtime client") flag.IntVar(&burst, "burst", 100, "Burst to use for the controller-runtime client") @@ -241,7 +244,7 @@ func main() { Skipper: psk, - SkipValidateQuota: disableUsageProfiles, + SkipValidateQuota: disableUsageProfiles && !legacyNamespaceQuotaEnabled, OrganizationLabel: conf.OrganizationLabel, UserDefaultOrganizationAnnotation: conf.UserDefaultOrganizationAnnotation, @@ -249,7 +252,8 @@ func main() { SelectedProfile: selectedUsageProfile, QuotaOverrideNamespace: conf.QuotaOverrideNamespace, - LegacyNamespaceQuota: conf.LegacyNamespaceQuota, + EnableLegacyNamespaceQuota: legacyNamespaceQuotaEnabled, + LegacyNamespaceQuota: conf.LegacyNamespaceQuota, }, }) diff --git a/webhooks/namespace_quota_validator.go b/webhooks/namespace_quota_validator.go index 226953a..10d8c44 100644 --- a/webhooks/namespace_quota_validator.go +++ b/webhooks/namespace_quota_validator.go @@ -50,6 +50,8 @@ type NamespaceQuotaValidator struct { // QuotaOverrideNamespace is the namespace in which the quota overrides are stored QuotaOverrideNamespace string + // EnableLegacyNamespaceQuota enables the legacy namespace quota. + EnableLegacyNamespaceQuota bool // LegacyNamespaceQuota is the namespace quota for legacy mode. // It is used if no ZoneUsageProfile is selected. LegacyNamespaceQuota int @@ -60,7 +62,7 @@ func (v *NamespaceQuotaValidator) Handle(ctx context.Context, req admission.Requ ctx = log.IntoContext(ctx, log.FromContext(ctx). WithName("webhook.validate-namespace-quota.appuio.io"). WithValues("id", req.UID, "user", req.UserInfo.Username). - WithValues("legacyMode", v.legacyMode()). + WithValues("legacyMode", v.LegacyNamespaceQuota). WithValues("namespace", req.Namespace, "name", req.Name, "group", req.Kind.Group, "version", req.Kind.Version, "kind", req.Kind.Kind)) @@ -117,7 +119,7 @@ func (v *NamespaceQuotaValidator) handle(ctx context.Context, req admission.Requ } var nsCountLimit int - if v.legacyMode() { + if v.EnableLegacyNamespaceQuota { nsCountLimit = v.LegacyNamespaceQuota } else { if v.SelectedProfile == "" { @@ -163,11 +165,6 @@ func (v *NamespaceQuotaValidator) handle(ctx context.Context, req admission.Requ return admission.Allowed("allowed") } -// legacyMode returns true if the legacy namespace quota is set and no ZoneUsageProfile is selected. -func (v *NamespaceQuotaValidator) legacyMode() bool { - return v.SelectedProfile == "" && v.LegacyNamespaceQuota > 0 -} - // logAdmissionResponse logs the admission response to the logger derived from the given context and returns it unchanged. func logAdmissionResponse(ctx context.Context, res admission.Response) admission.Response { l := log.FromContext(ctx) diff --git a/webhooks/namespace_quota_validator_test.go b/webhooks/namespace_quota_validator_test.go index b3c92c5..74774bd 100644 --- a/webhooks/namespace_quota_validator_test.go +++ b/webhooks/namespace_quota_validator_test.go @@ -344,6 +344,9 @@ func TestNamespaceQuotaValidator_Handle(t *testing.T) { LegacyNamespaceQuota: test.legacyQuota, } + if test.legacyQuota > 0 { + subject.EnableLegacyNamespaceQuota = true + } if test.disableProfile { subject.SelectedProfile = "" }