add: DeletionProtection mechanism reject namespace deletion when PVCs…

… are included under namespace (#1228) Signed-off-by: kevin1689 <[email protected]>
openkruise · Mar 20, 2023 · 08d7100 · 08d7100
1 parent 8204954
commit 08d7100
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/pkg/webhook/util/deletionprotection/deletion_protection.go b/pkg/webhook/util/deletionprotection/deletion_protection.go
@@ -71,6 +71,18 @@ func ValidateNamespaceDeletion(c client.Client, namespace *v1.Namespace) error {
 		if activeCount > 0 {
 			return fmt.Errorf("forbidden by ResourcesProtectionDeletion for %s=%s and active pods %d>0", policyv1alpha1.DeletionProtectionKey, val, activeCount)
 		}
+
+		pvc := v1.PersistentVolumeClaimList{}
+		if err := c.List(context.TODO(), &pvc, client.InNamespace(namespace.Name)); err != nil {
+			return fmt.Errorf("forbidden by ResourcesProtectionDeletion for list pvc error: %v", err)
+		}
+		var pvcCount int
+		for range pvc.Items {
+			pvcCount++
+		}
+		if pvcCount > 0 {
+			return fmt.Errorf("forbidden by ResourcesProtectionDeletion for %s=%s and existing pvc %d>0", policyv1alpha1.DeletionProtectionKey, val, pvcCount)
+		}
 	default:
 	}
 	return nil