diff --git a/internal/webhook/route_webhook.go b/internal/webhook/route_webhook.go index 3350e4e..2b6fd82 100644 --- a/internal/webhook/route_webhook.go +++ b/internal/webhook/route_webhook.go @@ -25,7 +25,10 @@ type RouteMutator struct { Client client.Client } -const clusterIngressName = "cluster" +const ( + clusterIngressName = "cluster" + bypassLabel = "haproxy.router.dana.io/bypass-mutation" +) // +kubebuilder:rbac:groups="route.openshift.io",resources=routes,verbs=get;list;watch;create;update;patch // +kubebuilder:rbac:groups="config.openshift.io",resources=ingresses,verbs=get;list;watch @@ -68,6 +71,10 @@ func (r *RouteMutator) Handle(ctx context.Context, req admission.Request) admiss // handleInner implements the main mutating logic. It modifies the host of an OpenShift Route // based on environment data and cluster ingress information. func (r *RouteMutator) handleInner(logger logr.Logger, route *routev1.Route, clusterIngress string, environments []string, labels map[string]string) { + if checkBypass(labels) { + logger.Info("Bypassing mutation") + return + } for _, env := range environments { if labels[environment.Key] == env { routeHost := route.Spec.Host @@ -97,3 +104,12 @@ func (r *RouteMutator) getClusterIngressDomain(ctx context.Context) (string, err } return ingress.Spec.Domain, nil } + +// checkBypass checks if the namespace has the bypass mutation label. +func checkBypass(labels map[string]string) bool { + if val, ok := labels[bypassLabel]; ok && val == "true" { + return true + } + + return false +} diff --git a/internal/webhook/route_webhook_test.go b/internal/webhook/route_webhook_test.go index 8e6f9ad..50009fd 100644 --- a/internal/webhook/route_webhook_test.go +++ b/internal/webhook/route_webhook_test.go @@ -41,6 +41,8 @@ func TestRouteMutator(t *testing.T) { {name: "routeWithCustomNameDefaultDomain", namespace: testNamespace, hostname: "test2", customDomain: "", defaultDomain: true, nsLabels: map[string]string{environment.Key: env1}, mutated: true}, {name: "routeWithNoCustomNameNoDomain", namespace: testNamespace, hostname: "", customDomain: "", defaultDomain: false, nsLabels: map[string]string{environment.Key: env1}, mutated: true}, {name: "routeWithoutLabels", namespace: testNamespace, hostname: "test5", customDomain: "", defaultDomain: true, nsLabels: map[string]string{}, mutated: false}, + {name: "routeWithBypassLabel", namespace: testNamespace, hostname: "test6", customDomain: "", defaultDomain: true, nsLabels: map[string]string{bypassLabel: "true", environment.Key: env1}, mutated: false}, + {name: "routeWithInvalidBypassLabel", namespace: testNamespace, hostname: "test7", customDomain: "", defaultDomain: true, nsLabels: map[string]string{bypassLabel: "false", environment.Key: env1}, mutated: true}, } client := testclient.NewClientBuilder().WithScheme(scheme.Scheme).Build()