From a5c03e7e48c57e3341cec265c70de3b8a7abe286 Mon Sep 17 00:00:00 2001
From: Kevin Taylor <kevtaylor@expedia.com>
Date: Mon, 16 Apr 2018 15:28:41 +0100
Subject: [PATCH] Admission Controller for PersistentVolumeClaimResize

---
 core/controlplane/config/config.go                        | 8 ++++++++
 .../controlplane/config/templates/cloud-config-controller | 2 +-
 core/controlplane/config/templates/cluster.yaml           | 2 ++
 test/integration/maincluster_test.go                      | 8 ++++++++
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/core/controlplane/config/config.go b/core/controlplane/config/config.go
index 38aba3524..e5ba5f148 100644
--- a/core/controlplane/config/config.go
+++ b/core/controlplane/config/config.go
@@ -69,6 +69,9 @@ func NewDefaultCluster() *Cluster {
 			OwnerReferencesPermissionEnforcement{
 				Enabled: false,
 			},
+			PersistentVolumeClaimResize{
+				Enabled: false,
+			},
 		},
 		AuditLog: AuditLog{
 			Enabled: false,
@@ -605,6 +608,7 @@ type Admission struct {
 	MutatingAdmissionWebhook             MutatingAdmissionWebhook             `yaml:"mutatingAdmissionWebhook"`
 	ValidatingAdmissionWebhook           ValidatingAdmissionWebhook           `yaml:"validatingAdmissionWebhook"`
 	OwnerReferencesPermissionEnforcement OwnerReferencesPermissionEnforcement `yaml:"ownerReferencesPermissionEnforcement"`
+	PersistentVolumeClaimResize          PersistentVolumeClaimResize          `yaml:"persistentVolumeClaimResize"`
 }
 
 type AlwaysPullImages struct {
@@ -639,6 +643,10 @@ type OwnerReferencesPermissionEnforcement struct {
 	Enabled bool `yaml:"enabled"`
 }
 
+type PersistentVolumeClaimResize struct {
+	Enabled bool `yaml:"enabled"`
+}
+
 type AuditLog struct {
 	Enabled bool   `yaml:"enabled"`
 	MaxAge  int    `yaml:"maxage"`
diff --git a/core/controlplane/config/templates/cloud-config-controller b/core/controlplane/config/templates/cloud-config-controller
index 7facb8aac..6ede750ae 100644
--- a/core/controlplane/config/templates/cloud-config-controller
+++ b/core/controlplane/config/templates/cloud-config-controller
@@ -3183,7 +3183,7 @@ write_files:
           - --authentication-token-webhook-cache-ttl={{ .Experimental.Authentication.Webhook.CacheTTL }}
           {{ end }}
           - --advertise-address=$private_ipv4
-          - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass{{if .Experimental.Admission.PodSecurityPolicy.Enabled}},PodSecurityPolicy{{ end }}{{if .Experimental.Admission.AlwaysPullImages.Enabled}},AlwaysPullImages{{ end }}{{if .Experimental.NodeAuthorizer.Enabled}},NodeRestriction{{end}},ResourceQuota{{if .Experimental.Admission.DenyEscalatingExec.Enabled}},DenyEscalatingExec{{end}}{{if .Experimental.Admission.Initializers.Enabled}},Initializers{{end}}{{if .Experimental.Admission.Priority.Enabled}},Priority{{end}},DefaultTolerationSeconds{{if .Experimental.Admission.MutatingAdmissionWebhook.Enabled}},MutatingAdmissionWebhook{{end}}{{if .Experimental.Admission.ValidatingAdmissionWebhook.Enabled}},ValidatingAdmissionWebhook{{end}}
+          - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass{{if .Experimental.Admission.PodSecurityPolicy.Enabled}},PodSecurityPolicy{{ end }}{{if .Experimental.Admission.AlwaysPullImages.Enabled}},AlwaysPullImages{{ end }}{{if .Experimental.NodeAuthorizer.Enabled}},NodeRestriction{{end}},ResourceQuota{{if .Experimental.Admission.DenyEscalatingExec.Enabled}},DenyEscalatingExec{{end}}{{if .Experimental.Admission.Initializers.Enabled}},Initializers{{end}}{{if .Experimental.Admission.Priority.Enabled}},Priority{{end}},DefaultTolerationSeconds{{if .Experimental.Admission.MutatingAdmissionWebhook.Enabled}},MutatingAdmissionWebhook{{end}}{{if .Experimental.Admission.ValidatingAdmissionWebhook.Enabled}},ValidatingAdmissionWebhook{{end}}{{if .Experimental.Admission.PersistentVolumeClaimResize.Enabled}},PersistentVolumeClaimResize{{end}}
           - --anonymous-auth=false
           {{if .Experimental.Oidc.Enabled}}
           - --oidc-issuer-url={{.Experimental.Oidc.IssuerUrl}}
diff --git a/core/controlplane/config/templates/cluster.yaml b/core/controlplane/config/templates/cluster.yaml
index 662dc7349..f63c5c78f 100644
--- a/core/controlplane/config/templates/cluster.yaml
+++ b/core/controlplane/config/templates/cluster.yaml
@@ -1296,6 +1296,8 @@ experimental:
       enabled: false
     OwnerReferencesPermissionEnforcement:
       enabled: false
+    persistentVolumeClaimResize:
+      enabled: false
 
   # Used to provide `/etc/environment` env vars with values from arbitrary CloudFormation refs
   awsEnvironment:
diff --git a/test/integration/maincluster_test.go b/test/integration/maincluster_test.go
index 98596ef98..0886c6c45 100644
--- a/test/integration/maincluster_test.go
+++ b/test/integration/maincluster_test.go
@@ -101,6 +101,9 @@ func TestMainClusterConfig(t *testing.T) {
 				ValidatingAdmissionWebhook: controlplane_config.ValidatingAdmissionWebhook{
 					Enabled: false,
 				},
+				PersistentVolumeClaimResize: controlplane_config.PersistentVolumeClaimResize{
+					Enabled: false,
+				},
 			},
 			AuditLog: controlplane_config.AuditLog{
 				Enabled: false,
@@ -1245,6 +1248,8 @@ experimental:
       enabled: true
     validatingAdmissionWebhook:
       enabled: true
+    persistentVolumeClaimResize:
+      enabled: true
   auditLog:
     enabled: true
     maxage: 100
@@ -1326,6 +1331,9 @@ worker:
 							ValidatingAdmissionWebhook: controlplane_config.ValidatingAdmissionWebhook{
 								Enabled: true,
 							},
+							PersistentVolumeClaimResize: controlplane_config.PersistentVolumeClaimResize{
+								Enabled: true,
+							},
 						},
 						AuditLog: controlplane_config.AuditLog{
 							Enabled: true,