Skip to content

Commit

Permalink
add DeletionProtectionForCRDCascadingGate (#1365)
Browse files Browse the repository at this point in the history
Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>
  • Loading branch information
zmberg authored Aug 16, 2023
1 parent 27d01ec commit efadf65
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
8 changes: 7 additions & 1 deletion pkg/features/kruise_features.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ const (
// It is only supported for Kubernetes version >= 1.16
// Note that if it is enabled during Kruise installation or upgrade, Kruise will require more authorities:
// 1. Webhook for deletion operation of namespace, crd, deployment, statefulset, replicaset and workloads in Kruise.
// 2. ClusterRole for reading all resource types, because CRD validation needs to list the CRs of this CRD.
ResourcesDeletionProtection featuregate.Feature = "ResourcesDeletionProtection"

// PodUnavailableBudgetDeleteGate enables PUB capability to protect pod from deletion and eviction
Expand Down Expand Up @@ -111,6 +110,9 @@ const (

// ResourceDistributionGate enable resourcedistribution-controller execute ResourceDistribution.
ResourceDistributionGate featuregate.Feature = "ResourceDistributionGate"

// DeletionProtectionForCRDCascadingGate enable deletionProtection for crd Cascading
DeletionProtectionForCRDCascadingGate featuregate.Feature = "DeletionProtectionForCRDCascadingGate"
)

var defaultFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
Expand All @@ -137,6 +139,7 @@ var defaultFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
PreparingUpdateAsUpdate: {Default: false, PreRelease: featuregate.Alpha},
ImagePullJobGate: {Default: false, PreRelease: featuregate.Alpha},
ResourceDistributionGate: {Default: false, PreRelease: featuregate.Alpha},
DeletionProtectionForCRDCascadingGate: {Default: false, PreRelease: featuregate.Alpha},
}

func init() {
Expand Down Expand Up @@ -177,4 +180,7 @@ func SetDefaultFeatureGates() {
if utilfeature.DefaultFeatureGate.Enabled(PreDownloadImageForInPlaceUpdate) || utilfeature.DefaultFeatureGate.Enabled(PreDownloadImageForDaemonSetUpdate) {
_ = utilfeature.DefaultMutableFeatureGate.Set(fmt.Sprintf("%s=true", ImagePullJobGate))
}
if !utilfeature.DefaultFeatureGate.Enabled(ResourcesDeletionProtection) {
_ = utilfeature.DefaultMutableFeatureGate.Set(fmt.Sprintf("%s=false", DeletionProtectionForCRDCascadingGate))
}
}
6 changes: 4 additions & 2 deletions pkg/webhook/util/deletionprotection/deletion_protection.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,9 @@ import (
"context"
"fmt"

v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"

v1 "k8s.io/api/core/v1"
kubecontroller "k8s.io/kubernetes/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/client"

Expand Down Expand Up @@ -100,6 +99,9 @@ func ValidateCRDDeletion(c client.Client, obj metav1.Object, gvk schema.GroupVer
case policyv1alpha1.DeletionProtectionTypeAlways:
return fmt.Errorf("forbidden by ResourcesProtectionDeletion for %s=%s", policyv1alpha1.DeletionProtectionKey, val)
case policyv1alpha1.DeletionProtectionTypeCascading:
if !utilfeature.DefaultFeatureGate.Enabled(features.DeletionProtectionForCRDCascadingGate) {
return fmt.Errorf("feature-gate %s is not enabled", features.DeletionProtectionForCRDCascadingGate)
}
objList := &unstructured.UnstructuredList{}
objList.SetAPIVersion(gvk.GroupVersion().String())
objList.SetKind(gvk.Kind)
Expand Down

0 comments on commit efadf65

Please sign in to comment.