From eaa249f9f6ecbc1e1634ffdaeddc78830924b43f Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 20 Dec 2024 01:10:38 +0300
Subject: [PATCH 001/115] Move LLVS to EE

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .gitignore                                    |  1 +
 api/v1alpha1/lvm_logical_volume_snapshot.go   | 10 +++++
 api/v1alpha1/register.go                      | 24 +++++-----
 ...ed_lvm_logical_volume_snapshot.deepcopy.go |  3 +-
 images/agent/src/cmd/llvs.go                  | 22 ++++++++++
 images/agent/src/cmd/llvs_ee.go               | 44 +++++++++++++++++++
 images/agent/src/cmd/main.go                  | 22 +---------
 .../llvs/{reconciler.go => reconciler_ee.go}  |  2 +
 8 files changed, 93 insertions(+), 35 deletions(-)
 create mode 100644 images/agent/src/cmd/llvs.go
 create mode 100644 images/agent/src/cmd/llvs_ee.go
 rename images/agent/src/internal/controller/llvs/{reconciler.go => reconciler_ee.go} (99%)

diff --git a/.gitignore b/.gitignore
index 5d3548aa..46eaf95e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,6 +28,7 @@
 .settings
 .idea/
 venv/
+.vscode
 
 # macOS Finder files
 *.DS_Store
diff --git a/api/v1alpha1/lvm_logical_volume_snapshot.go b/api/v1alpha1/lvm_logical_volume_snapshot.go
index 38af8344..4e2e06ac 100644
--- a/api/v1alpha1/lvm_logical_volume_snapshot.go
+++ b/api/v1alpha1/lvm_logical_volume_snapshot.go
@@ -1,3 +1,5 @@
+//go:build ee
+
 /*
 Copyright 2024 Flant JSC
 
@@ -21,6 +23,14 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+func init() {
+	knownTypes = append(
+		knownTypes,
+		&LVMLogicalVolumeSnapshot{},
+		&LVMLogicalVolumeSnapshotList{},
+	)
+}
+
 // +k8s:deepcopy-gen=true
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type LVMLogicalVolumeSnapshotList struct {
diff --git a/api/v1alpha1/register.go b/api/v1alpha1/register.go
index 41750972..dab4e856 100644
--- a/api/v1alpha1/register.go
+++ b/api/v1alpha1/register.go
@@ -37,20 +37,20 @@ var (
 	AddToScheme   = SchemeBuilder.AddToScheme
 )
 
+var knownTypes = []runtime.Object{
+	&BlockDevice{},
+	&BlockDeviceList{},
+	&LVMVolumeGroup{},
+	&LVMVolumeGroupList{},
+	&LVMLogicalVolume{},
+	&LVMLogicalVolumeList{},
+	&LVMVolumeGroupSet{},
+	&LVMVolumeGroupSetList{},
+}
+
 // Adds the list of known types to Scheme.
 func addKnownTypes(scheme *runtime.Scheme) error {
-	scheme.AddKnownTypes(SchemeGroupVersion,
-		&BlockDevice{},
-		&BlockDeviceList{},
-		&LVMVolumeGroup{},
-		&LVMVolumeGroupList{},
-		&LVMLogicalVolume{},
-		&LVMLogicalVolumeList{},
-		&LVMLogicalVolumeSnapshot{},
-		&LVMLogicalVolumeSnapshotList{},
-		&LVMVolumeGroupSet{},
-		&LVMVolumeGroupSetList{},
-	)
+	scheme.AddKnownTypes(SchemeGroupVersion, knownTypes...)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
 }
diff --git a/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go b/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
index 9cc347d7..2f625e8e 100644
--- a/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
+++ b/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
@@ -1,5 +1,4 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
+//go:build !ignore_autogenerated && ee
 
 /*
 Copyright 2024 Flant JSC
diff --git a/images/agent/src/cmd/llvs.go b/images/agent/src/cmd/llvs.go
new file mode 100644
index 00000000..8f460c5a
--- /dev/null
+++ b/images/agent/src/cmd/llvs.go
@@ -0,0 +1,22 @@
+//go:build !ee
+
+package main
+
+import (
+	"agent/internal/cache"
+	"agent/internal/config"
+	"agent/internal/logger"
+	"agent/internal/monitoring"
+
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+)
+
+func addLLVSReconciler(
+	_ manager.Manager,
+	_ logger.Logger,
+	_ monitoring.Metrics,
+	_ *cache.Cache,
+	_ *config.Config,
+) {
+	// noop
+}
diff --git a/images/agent/src/cmd/llvs_ee.go b/images/agent/src/cmd/llvs_ee.go
new file mode 100644
index 00000000..903100d4
--- /dev/null
+++ b/images/agent/src/cmd/llvs_ee.go
@@ -0,0 +1,44 @@
+//go:build ee
+
+package main
+
+import (
+	"agent/internal/cache"
+	"agent/internal/config"
+	"agent/internal/controller"
+	"agent/internal/controller/llvs"
+	"agent/internal/logger"
+	"agent/internal/monitoring"
+	"os"
+
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+)
+
+func addLLVSReconciler(
+	mgr manager.Manager,
+	log logger.Logger,
+	metrics monitoring.Metrics,
+	sdsCache *cache.Cache,
+	cfgParams *config.Config,
+) {
+	err := controller.AddReconciler(
+		mgr,
+		log,
+		llvs.NewReconciler(
+			mgr.GetClient(),
+			log,
+			metrics,
+			sdsCache,
+			llvs.ReconcilerConfig{
+				NodeName:                cfgParams.NodeName,
+				LLVRequeueInterval:      cfgParams.LLVRequeueInterval,
+				VolumeGroupScanInterval: cfgParams.VolumeGroupScanInterval,
+				LLVSRequeueInterval:     cfgParams.LLVSRequeueInterval,
+			},
+		),
+	)
+	if err != nil {
+		log.Error(err, "[main] unable to start llvs.NewReconciler")
+		os.Exit(1)
+	}
+}
diff --git a/images/agent/src/cmd/main.go b/images/agent/src/cmd/main.go
index e0a4df6e..22a3e36f 100644
--- a/images/agent/src/cmd/main.go
+++ b/images/agent/src/cmd/main.go
@@ -38,7 +38,6 @@ import (
 	"agent/internal/controller/bd"
 	"agent/internal/controller/llv"
 	"agent/internal/controller/llv_extender"
-	"agent/internal/controller/llvs"
 	"agent/internal/controller/lvg"
 	"agent/internal/kubutils"
 	"agent/internal/logger"
@@ -234,26 +233,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	err = controller.AddReconciler(
-		mgr,
-		log,
-		llvs.NewReconciler(
-			mgr.GetClient(),
-			log,
-			metrics,
-			sdsCache,
-			llvs.ReconcilerConfig{
-				NodeName:                cfgParams.NodeName,
-				LLVRequeueInterval:      cfgParams.LLVRequeueInterval,
-				VolumeGroupScanInterval: cfgParams.VolumeGroupScanInterval,
-				LLVSRequeueInterval:     cfgParams.LLVSRequeueInterval,
-			},
-		),
-	)
-	if err != nil {
-		log.Error(err, "[main] unable to start llvs.NewReconciler")
-		os.Exit(1)
-	}
+	addLLVSReconciler(mgr, log, metrics, sdsCache, cfgParams)
 
 	if err = mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		log.Error(err, "[main] unable to mgr.AddHealthzCheck")
diff --git a/images/agent/src/internal/controller/llvs/reconciler.go b/images/agent/src/internal/controller/llvs/reconciler_ee.go
similarity index 99%
rename from images/agent/src/internal/controller/llvs/reconciler.go
rename to images/agent/src/internal/controller/llvs/reconciler_ee.go
index 694f66b0..05d2471b 100644
--- a/images/agent/src/internal/controller/llvs/reconciler.go
+++ b/images/agent/src/internal/controller/llvs/reconciler_ee.go
@@ -1,3 +1,5 @@
+//go:build ee
+
 package llvs
 
 import (

From 14e1e82a52fc4060298de24b107f13d04d56c6b1 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 20 Dec 2024 11:06:35 +0300
Subject: [PATCH 002/115] also move snapshots restore to EE

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .../agent/src/internal/controller/llv/llvs.go | 14 +++++++++
 .../src/internal/controller/llv/llvs_ee.go    | 29 +++++++++++++++++++
 .../src/internal/controller/llv/reconciler.go | 14 +++------
 3 files changed, 47 insertions(+), 10 deletions(-)
 create mode 100644 images/agent/src/internal/controller/llv/llvs.go
 create mode 100644 images/agent/src/internal/controller/llv/llvs_ee.go

diff --git a/images/agent/src/internal/controller/llv/llvs.go b/images/agent/src/internal/controller/llv/llvs.go
new file mode 100644
index 00000000..34e87c62
--- /dev/null
+++ b/images/agent/src/internal/controller/llv/llvs.go
@@ -0,0 +1,14 @@
+//go:build !ee
+
+package llv
+
+import (
+	"context"
+	"errors"
+
+	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+)
+
+func (r *Reconciler) handleLLVSSource(_ context.Context, _ *v1alpha1.LVMLogicalVolume, _ *v1alpha1.LVMVolumeGroup) (string, bool, error) {
+	return "", false, errors.New("LLVS as a source is not supported")
+}
diff --git a/images/agent/src/internal/controller/llv/llvs_ee.go b/images/agent/src/internal/controller/llv/llvs_ee.go
new file mode 100644
index 00000000..38330769
--- /dev/null
+++ b/images/agent/src/internal/controller/llv/llvs_ee.go
@@ -0,0 +1,29 @@
+//go:build ee
+
+package llv
+
+import (
+	"agent/internal/utils"
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+func (r *Reconciler) handleLLVSSource(ctx context.Context, llv *v1alpha1.LVMLogicalVolume, lvg *v1alpha1.LVMVolumeGroup) (string, bool, error) {
+	sourceLLVS := &v1alpha1.LVMLogicalVolumeSnapshot{}
+	if err := r.cl.Get(ctx, types.NamespacedName{Name: llv.Spec.Source.Name}, sourceLLVS); err != nil {
+		r.log.Error(err, fmt.Sprintf("[reconcileLLVCreateFunc] unable to get source LVMLogicalVolumeSnapshot %s for the LVMLogicalVolume %s", llv.Spec.Source.Name, llv.Name))
+		return "", true, err
+	}
+
+	if sourceLLVS.Status.ActualVGNameOnTheNode != lvg.Spec.ActualVGNameOnTheNode || sourceLLVS.Status.NodeName != lvg.Spec.Local.NodeName {
+		return "", false, errors.New("restored volume should be in the same volume group as the origin volume")
+	}
+
+	cmd, err := utils.CreateThinLogicalVolumeFromSource(llv.Spec.ActualLVNameOnTheNode, sourceLLVS.Status.ActualVGNameOnTheNode, sourceLLVS.Spec.ActualSnapshotNameOnTheNode)
+
+	return cmd, err != nil, err
+}
diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index afa1b0c0..bcc66a32 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -280,17 +280,11 @@ func (r *Reconciler) reconcileLLVCreateFunc(
 
 		cmd, err = utils.CreateThinLogicalVolumeFromSource(llv.Spec.ActualLVNameOnTheNode, lvg.Spec.ActualVGNameOnTheNode, sourceLLV.Spec.ActualLVNameOnTheNode)
 	case llv.Spec.Source.Kind == "LVMLogicalVolumeSnapshot":
-		sourceLLVS := &v1alpha1.LVMLogicalVolumeSnapshot{}
-		if err := r.cl.Get(ctx, types.NamespacedName{Name: llv.Spec.Source.Name}, sourceLLVS); err != nil {
-			r.log.Error(err, fmt.Sprintf("[reconcileLLVCreateFunc] unable to get source LVMLogicalVolumeSnapshot %s for the LVMLogicalVolume %s", llv.Spec.Source.Name, llv.Name))
-			return true, err
-		}
-
-		if sourceLLVS.Status.ActualVGNameOnTheNode != lvg.Spec.ActualVGNameOnTheNode || sourceLLVS.Status.NodeName != lvg.Spec.Local.NodeName {
-			return false, errors.New("restored volume should be in the same volume group as the origin volume")
+		cmdTmp, shouldRequeue, err := r.handleLLVSSource(ctx, llv, lvg)
+		if err != nil {
+			return shouldRequeue, err
 		}
-
-		cmd, err = utils.CreateThinLogicalVolumeFromSource(llv.Spec.ActualLVNameOnTheNode, sourceLLVS.Status.ActualVGNameOnTheNode, sourceLLVS.Spec.ActualSnapshotNameOnTheNode)
+		cmd = cmdTmp
 	}
 	r.log.Debug(fmt.Sprintf("[reconcileLLVCreateFunc] ran cmd: %s", cmd))
 	if err != nil {

From fe9cc5c512f7bc522714ac85f90fe932cd9f7929 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 20 Dec 2024 11:12:46 +0300
Subject: [PATCH 003/115] fix linter

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 images/agent/src/cmd/llvs.go                        | 4 ++--
 images/agent/src/cmd/llvs_ee.go                     | 7 ++++---
 images/agent/src/internal/controller/llv/llvs_ee.go | 3 ++-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/images/agent/src/cmd/llvs.go b/images/agent/src/cmd/llvs.go
index 8f460c5a..ea6841a1 100644
--- a/images/agent/src/cmd/llvs.go
+++ b/images/agent/src/cmd/llvs.go
@@ -3,12 +3,12 @@
 package main
 
 import (
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+
 	"agent/internal/cache"
 	"agent/internal/config"
 	"agent/internal/logger"
 	"agent/internal/monitoring"
-
-	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
 func addLLVSReconciler(
diff --git a/images/agent/src/cmd/llvs_ee.go b/images/agent/src/cmd/llvs_ee.go
index 903100d4..bd0dec95 100644
--- a/images/agent/src/cmd/llvs_ee.go
+++ b/images/agent/src/cmd/llvs_ee.go
@@ -3,15 +3,16 @@
 package main
 
 import (
+	"os"
+
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+
 	"agent/internal/cache"
 	"agent/internal/config"
 	"agent/internal/controller"
 	"agent/internal/controller/llvs"
 	"agent/internal/logger"
 	"agent/internal/monitoring"
-	"os"
-
-	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
 func addLLVSReconciler(
diff --git a/images/agent/src/internal/controller/llv/llvs_ee.go b/images/agent/src/internal/controller/llv/llvs_ee.go
index 38330769..1095e0de 100644
--- a/images/agent/src/internal/controller/llv/llvs_ee.go
+++ b/images/agent/src/internal/controller/llv/llvs_ee.go
@@ -3,13 +3,14 @@
 package llv
 
 import (
-	"agent/internal/utils"
 	"context"
 	"errors"
 	"fmt"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"k8s.io/apimachinery/pkg/types"
+
+	"agent/internal/utils"
 )
 
 func (r *Reconciler) handleLLVSSource(ctx context.Context, llv *v1alpha1.LVMLogicalVolume, lvg *v1alpha1.LVMVolumeGroup) (string, bool, error) {

From 867f1ad7ae5753beb77ee25561bbdf9b579f152a Mon Sep 17 00:00:00 2001
From: Pavel Karpov <pavel.karpov@flant.com>
Date: Mon, 3 Feb 2025 16:09:45 +0300
Subject: [PATCH 004/115] [github] CI: add editions

Signed-off-by: Pavel Karpov <pavel.karpov@flant.com>
---
 .github/workflows/build_dev.yml               | 52 ++++++++++++++++---
 .github/workflows/build_prod.yml              | 19 +++++--
 .github/workflows/go_lint.yaml                | 22 ++++----
 .github/workflows/go_modules_check.yaml       | 10 +++-
 .github/workflows/go_tests.yaml               | 20 ++++---
 .github/workflows/trivy_check.yaml            |  6 +--
 .werf/consts.yaml                             |  5 ++
 api/v1alpha1/lvm_logical_volume_snapshot.go   |  2 +-
 ...ed_lvm_logical_volume_snapshot.deepcopy.go |  2 +-
 images/agent/src/cmd/llvs.go                  |  2 +-
 images/agent/src/cmd/llvs_ee.go               |  2 +-
 .../agent/src/internal/controller/llv/llvs.go |  2 +-
 .../src/internal/controller/llv/llvs_ee.go    |  2 +-
 .../internal/controller/llvs/reconciler_ee.go |  2 +-
 images/agent/werf.inc.yaml                    |  5 +-
 images/sds-utils-installer/werf.inc.yaml      |  3 +-
 werf-giterminism.yaml                         |  2 +-
 17 files changed, 110 insertions(+), 48 deletions(-)

diff --git a/.github/workflows/build_dev.yml b/.github/workflows/build_dev.yml
index 544f18e0..fbfe30d0 100644
--- a/.github/workflows/build_dev.yml
+++ b/.github/workflows/build_dev.yml
@@ -9,34 +9,70 @@ env:
   MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
   SOURCE_REPO: "${{ secrets.SOURCE_REPO }}"
 
-
-
 on:
   #pull_request:
+  # call from trivy_image_check.yaml, which in turn call from pull_request
+  # https://stackoverflow.com/a/71489231
+  workflow_call:
   push:
     branches:
       - main
-  # make this job as dependency for trivy_image_check workflow
-  # https://stackoverflow.com/a/71489231
-  workflow_call:
 
+defaults:
+  run:
+    shell: bash
 
 jobs:
+  set_edition:
+    runs-on: [self-hosted, regular, selectel]
+    name: Set edition
+    outputs:
+      module_edition: ${{ steps.set-vars.outputs.MODULE_EDITION }}
+    steps:
+      - name: Get Pull Request Labels
+        id: get-labels
+        uses: actions/github-script@v7
+        with:
+          script: |
+            if (context.eventName === "pull_request" || context.eventName === "pull_request_target" ) {
+              const prNumber = context.payload.pull_request.number;
+              const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+              });
+              return labels.map(label => label.name);
+            } else {
+              return [];
+            }
+          result-encoding: string
+
+      - name: Set vars
+        id: set-vars
+        run: |
+          # Slect edition for build, default EE
+          if echo "${{ steps.get-labels.outputs.result }}" | grep -q "edition/ce"; then
+            echo "MODULE_EDITION=CE" >> "$GITHUB_OUTPUT"
+          else
+            echo "MODULE_EDITION=EE" >> "$GITHUB_OUTPUT"
+          fi
+
   dev_setup_build:
     runs-on: [self-hosted, regular, selectel]
     name: Build and Push images
+    needs: [set_edition]
+    env:
+      MODULE_EDITION: ${{needs.set_edition.outputs.module_edition}}
     steps:
       - name: Set vars for PR
         if: ${{ github.ref_name != 'main' }}
         run: |
           MODULES_MODULE_TAG="$(echo pr${{ github.ref_name }} | sed 's/\/.*//g')"
           echo "MODULES_MODULE_TAG=$MODULES_MODULE_TAG" >> "$GITHUB_ENV"
-        shell: bash
       - name: Set vars for main
         if: ${{ github.ref_name == 'main' }}
         run: |
           echo "MODULES_MODULE_TAG=${{ github.ref_name }}" >> "$GITHUB_ENV"
-        shell: bash
       - name: Print vars
         run: |
           echo MODULES_REGISTRY=$MODULES_REGISTRY
@@ -44,7 +80,7 @@ jobs:
           echo MODULES_MODULE_NAME=$MODULES_MODULE_NAME
           echo MODULES_MODULE_SOURCE=$MODULES_MODULE_SOURCE
           echo MODULES_MODULE_TAG=$MODULES_MODULE_TAG
-        shell: bash
+          echo MODULE_EDITION=$MODULE_EDITION
 
       - uses: actions/checkout@v4
       - uses: deckhouse/modules-actions/setup@v1
diff --git a/.github/workflows/build_prod.yml b/.github/workflows/build_prod.yml
index 71c2407c..11df369e 100644
--- a/.github/workflows/build_prod.yml
+++ b/.github/workflows/build_prod.yml
@@ -15,6 +15,10 @@ on:
     tags:
       - '**'
 
+defaults:
+  run:
+    shell: bash
+
 jobs:
   prod_ce_setup_build:
     runs-on: [self-hosted, regular, selectel]
@@ -23,12 +27,13 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/ce/modules" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=CE" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
           echo $MODULES_MODULE_SOURCE
           echo $MODULES_MODULE_TAG
-        shell: bash
+          echo $MODULE_EDITION
         name: Show vars
 
       - uses: actions/checkout@v4
@@ -56,12 +61,13 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/ee/modules" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
           echo $MODULES_MODULE_SOURCE
           echo $MODULES_MODULE_TAG
-        shell: bash
+          echo $MODULE_EDITION
         name: Show vars
 
       - uses: actions/checkout@v4
@@ -89,12 +95,13 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/fe/modules" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
           echo $MODULES_MODULE_SOURCE
           echo $MODULES_MODULE_TAG
-        shell: bash
+          echo $MODULE_EDITION
         name: Show vars
 
       - uses: actions/checkout@v4
@@ -122,12 +129,13 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/se/modules" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
           echo $MODULES_MODULE_SOURCE
           echo $MODULES_MODULE_TAG
-        shell: bash
+          echo $MODULE_EDITION
         name: Show vars
 
       - uses: actions/checkout@v4
@@ -155,12 +163,13 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/se-plus/modules" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
           echo $MODULES_MODULE_SOURCE
           echo $MODULES_MODULE_TAG
-        shell: bash
+          echo $MODULE_EDITION
         name: Show vars
 
       - uses: actions/checkout@v4
diff --git a/.github/workflows/go_lint.yaml b/.github/workflows/go_lint.yaml
index 46b6e4be..c03a5f81 100644
--- a/.github/workflows/go_lint.yaml
+++ b/.github/workflows/go_lint.yaml
@@ -1,5 +1,8 @@
 name: Go linter for images
 
+env:
+  GO_BUILD_TAGS: "CE EE"
+
 on:
   pull_request:
   push:
@@ -21,23 +24,24 @@ jobs:
           go-version: '1.22'
 
       - name: Install golangci-lint
-        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.59.1
+        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0
 
       - name: Run Go lint
         run: |
           basedir=$(pwd)
           failed='false'
-          for dir in $(find images -type d); do
-            if ls $dir/go.mod &> /dev/null; then
-              echo "Running linter in $dir"
-              cd $dir
-              golangci-lint run
+          for i in $(find images -type f -name go.mod);do
+            dir=$(echo $i | sed 's/go.mod$//')
+            cd $basedir/$dir
+            # check all editions
+            for edition in $GO_BUILD_TAGS ;do
+              echo "Running linter in $dir (edition: $edition)"
+              golangci-lint run --build-tags $edition
               if [ $? -ne 0 ]; then
-                echo "Linter failed in $dir"
+                echo "Linter failed in $dir (edition: $edition)"
                 failed='true'
               fi
-            cd $basedir
-            fi
+            done
           done
           if [ $failed == 'true' ]; then
             exit 1
diff --git a/.github/workflows/go_modules_check.yaml b/.github/workflows/go_modules_check.yaml
index 37bbdb17..48010909 100644
--- a/.github/workflows/go_modules_check.yaml
+++ b/.github/workflows/go_modules_check.yaml
@@ -44,8 +44,14 @@ jobs:
             if [[ "$line" == *github.com/deckhouse/sds-* || "$line" == *github.com/deckhouse/csi-* || "$line" == *github.com/deckhouse/virtualization ]]; then
               repository=$(echo "$line" | awk '{print $1}' | awk -F'/' '{ print "https://"$1"/"$2"/"$3".git" }')
               pseudo_tag=$(echo "$line" | awk '{print $2}')
+              
+              go_pkg=$(echo "$line" | awk '{print $1}')
+              if grep -q "^replace $go_pkg" $go_mod_file ;then
+                echo "Skipping $go_pkg check because it exists in replacement"
+                continue
+              fi
+              
               echo "Cloning repo $repository into $temp_dir"
-          
               git clone "$repository" "$temp_dir/$repository" >/dev/null 2>&1
           
               if [ -d "$temp_dir/$repository/api" ]; then
@@ -79,4 +85,4 @@ jobs:
           if [ $alert_lines_count != 0 ]; then
             echo "We have non-actual pseudo-tags in repository's go.mod files"
             exit 1
-          fi
\ No newline at end of file
+          fi
diff --git a/.github/workflows/go_tests.yaml b/.github/workflows/go_tests.yaml
index 184ee37a..10e54b7d 100644
--- a/.github/workflows/go_tests.yaml
+++ b/.github/workflows/go_tests.yaml
@@ -1,5 +1,8 @@
 name: Go tests for images
 
+env:
+  GO_BUILD_TAGS: "EE CE"
+
 on:
   pull_request:
   push:
@@ -24,17 +27,18 @@ jobs:
         run: |
           basedir=$(pwd)
           failed='false'
-          for dir in $(find images -type d); do
-            if ls $dir/*_test.go &> /dev/null; then
-              echo "Running tests in $dir"
-              cd $dir
-              go test -v
+          for i in $(find images -type f -name '*_test.go');do
+            dir=$(echo $i | sed 's/[a-z_A-Z0-9-]*_test.go$//')
+            cd $basedir/$dir
+            # check all editions
+            for edition in $GO_BUILD_TAGS ;do
+              echo "Running tests in $dir (edition: $edition)"
+              go test -v -tags $edition
               if [ $? -ne 0 ]; then
-                echo "Tests failed in $dir"
+                echo "Tests failed in $dir (edition: $edition)"
                 failed='true'
               fi
-            cd $basedir
-            fi
+            done
           done
           if [ $failed == 'true' ]; then
             exit 1
diff --git a/.github/workflows/trivy_check.yaml b/.github/workflows/trivy_check.yaml
index f8692f1c..fc19c007 100644
--- a/.github/workflows/trivy_check.yaml
+++ b/.github/workflows/trivy_check.yaml
@@ -45,12 +45,12 @@ jobs:
 
       - name: Prepare sub repo
         run: |
-          version=v`grep "UTIL_LINUX_VERSION :=" images/agent/werf.inc.yaml | awk -F'"' '{ print $2}'`
+          version=`grep '"UTIL_LINUX"' .werf/consts.yaml | awk -F'"' '{ print $4}'`
           git clone --depth 1 --branch $version ${{ secrets.SOURCE_REPO }}/util-linux/util-linux.git ./util-linux
           git clone ${{ secrets.SOURCE_REPO }}/lvmteam/lvm2.git ./lvm2
-          version=`grep "LVM2_VERSION :=" images/sds-utils-installer/werf.inc.yaml | awk -F'"' '{ print $2}'`
+          version=`grep '"LVM2"' .werf/consts.yaml | awk -F'"' '{ print $4}'`
           cd ./lvm2
-          git checkout $version 
+          git checkout $version
           cd ..
 
       - name: Run Trivy vulnerability scanner in fs mode
diff --git a/.werf/consts.yaml b/.werf/consts.yaml
index b00cab8d..eb21997f 100644
--- a/.werf/consts.yaml
+++ b/.werf/consts.yaml
@@ -5,7 +5,12 @@
 {{- $_ := set $ "BASE_SCRATCH"     "registry.deckhouse.io/base_images/scratch@sha256:653ae76965c98c8cd1c8c9ff7725316d2983986f896655b30e0f44d2f8b2dd7e" }}
 {{- $_ := set $ "BASE_ALPINE"      "registry.deckhouse.io/base_images/alpine:3.20.3@sha256:41628df7c9b935d248f64542634e7a843f9bc7f2252d7f878e77f7b79a947466" }}
 
+# Edition module settings, default EE
+{{- $_ := set . "MODULE_EDITION" (env "MODULE_EDITION" "EE") }}
+
 # component versions
 {{- $versions := dict }}
+{{- $_ := set $versions "UTIL_LINUX" "v2.39.3" }}
+{{- $_ := set $versions "LVM2" "d786a8f820d54ce87a919e6af5426c333c173b11" }}
 
 {{- $_ := set $ "VERSIONS" $versions }}
diff --git a/api/v1alpha1/lvm_logical_volume_snapshot.go b/api/v1alpha1/lvm_logical_volume_snapshot.go
index 4e2e06ac..a742096e 100644
--- a/api/v1alpha1/lvm_logical_volume_snapshot.go
+++ b/api/v1alpha1/lvm_logical_volume_snapshot.go
@@ -1,4 +1,4 @@
-//go:build ee
+//go:build EE
 
 /*
 Copyright 2024 Flant JSC
diff --git a/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go b/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
index 2f625e8e..ecda4f10 100644
--- a/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
+++ b/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
@@ -1,4 +1,4 @@
-//go:build !ignore_autogenerated && ee
+//go:build !ignore_autogenerated && EE
 
 /*
 Copyright 2024 Flant JSC
diff --git a/images/agent/src/cmd/llvs.go b/images/agent/src/cmd/llvs.go
index ea6841a1..99c7ba51 100644
--- a/images/agent/src/cmd/llvs.go
+++ b/images/agent/src/cmd/llvs.go
@@ -1,4 +1,4 @@
-//go:build !ee
+//go:build !EE
 
 package main
 
diff --git a/images/agent/src/cmd/llvs_ee.go b/images/agent/src/cmd/llvs_ee.go
index bd0dec95..38893cde 100644
--- a/images/agent/src/cmd/llvs_ee.go
+++ b/images/agent/src/cmd/llvs_ee.go
@@ -1,4 +1,4 @@
-//go:build ee
+//go:build EE
 
 package main
 
diff --git a/images/agent/src/internal/controller/llv/llvs.go b/images/agent/src/internal/controller/llv/llvs.go
index 34e87c62..bd20ee4d 100644
--- a/images/agent/src/internal/controller/llv/llvs.go
+++ b/images/agent/src/internal/controller/llv/llvs.go
@@ -1,4 +1,4 @@
-//go:build !ee
+//go:build !EE
 
 package llv
 
diff --git a/images/agent/src/internal/controller/llv/llvs_ee.go b/images/agent/src/internal/controller/llv/llvs_ee.go
index 1095e0de..35f05072 100644
--- a/images/agent/src/internal/controller/llv/llvs_ee.go
+++ b/images/agent/src/internal/controller/llv/llvs_ee.go
@@ -1,4 +1,4 @@
-//go:build ee
+//go:build EE
 
 package llv
 
diff --git a/images/agent/src/internal/controller/llvs/reconciler_ee.go b/images/agent/src/internal/controller/llvs/reconciler_ee.go
index 05d2471b..30c7db3c 100644
--- a/images/agent/src/internal/controller/llvs/reconciler_ee.go
+++ b/images/agent/src/internal/controller/llvs/reconciler_ee.go
@@ -1,4 +1,4 @@
-//go:build ee
+//go:build EE
 
 package llvs
 
diff --git a/images/agent/werf.inc.yaml b/images/agent/werf.inc.yaml
index 02a734c1..c458ace6 100644
--- a/images/agent/werf.inc.yaml
+++ b/images/agent/werf.inc.yaml
@@ -1,5 +1,4 @@
 {{ $binaries := "/opt/deckhouse/sds/lib/libblkid.so.1 /opt/deckhouse/sds/lib/libmount.so.1 /opt/deckhouse/sds/lib/libsmartcols.so.1 /opt/deckhouse/sds/bin/nsenter.static /opt/deckhouse/sds/lib/x86_64-linux-gnu/libudev.so.1 /opt/deckhouse/sds/lib/x86_64-linux-gnu/libcap.so.2 /opt/deckhouse/sds/bin/lsblk.dynamic /usr/lib/x86_64-linux-gnu/sys-root/lib64/ld-linux-x86-64.so.2" }}
-{{ $UTIL_LINUX_VERSION := "2.39.3" }}
 
 # Do not remove. It's used in external tests.
 ---
@@ -23,7 +22,7 @@ shell:
   install:
     - apt-get update
     - apt-get -y install git
-    - git clone --depth 1 --branch v{{ $UTIL_LINUX_VERSION }} {{ env "SOURCE_REPO" }}/util-linux/util-linux.git /src/util-linux
+    - git clone --depth 1 --branch {{ $.Versions.UTIL_LINUX }} {{ env "SOURCE_REPO" }}/util-linux/util-linux.git /src/util-linux
     - rm -rf /src/util-linux/.git
 
 
@@ -101,7 +100,7 @@ mount:
 shell:
   setup:
     - cd /src/images/{{ $.ImageName }}/src/cmd
-    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o /{{ $.ImageName }}
+    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -tags {{ $.Root.MODULE_EDITION }} -o /{{ $.ImageName }}
     - chmod +x /{{ $.ImageName }}
 
 ---
diff --git a/images/sds-utils-installer/werf.inc.yaml b/images/sds-utils-installer/werf.inc.yaml
index caac4b12..76036d18 100644
--- a/images/sds-utils-installer/werf.inc.yaml
+++ b/images/sds-utils-installer/werf.inc.yaml
@@ -1,5 +1,4 @@
 {{ $binaries := "/sds-utils/bin/lvm.static" }}
-{{ $LVM2_VERSION := "d786a8f820d54ce87a919e6af5426c333c173b11" }}
 
 # Do not remove. It's used in external tests.
 ---
@@ -25,7 +24,7 @@ shell:
     - apt-get -y install git
     - git clone --depth 1 {{ env "SOURCE_REPO" }}/lvmteam/lvm2.git /src/lvm2
     - cd /src/lvm2
-    - git fetch --depth 1 origin {{ $LVM2_VERSION }}
+    - git fetch --depth 1 origin {{ $.Versions.LVM2 }}
     - rm -rf /src/lvm2/.git
 
 ---
diff --git a/werf-giterminism.yaml b/werf-giterminism.yaml
index 1fc78d98..fb48bee8 100644
--- a/werf-giterminism.yaml
+++ b/werf-giterminism.yaml
@@ -1,7 +1,7 @@
 giterminismConfigVersion: 1
 config:
   goTemplateRendering:	# The rules for the Go-template functions
-    allowEnvVariables: [ /CI_.+/, SOURCE_REPO ]
+    allowEnvVariables: [ /CI_.+/, SOURCE_REPO, MODULE_EDITION ]
   stapel:
     mount:
      allowFromPaths:

From 0556941fb7283aaf12721ced8f1b82198d564fdd Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Thu, 6 Feb 2025 14:36:33 +0300
Subject: [PATCH 005/115] include llvs always

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 api/v1alpha1/lvm_logical_volume_snapshot.go            | 10 ----------
 api/v1alpha1/register.go                               |  2 ++
 ...z_generated_lvm_logical_volume_snapshot.deepcopy.go |  2 +-
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/api/v1alpha1/lvm_logical_volume_snapshot.go b/api/v1alpha1/lvm_logical_volume_snapshot.go
index a742096e..38af8344 100644
--- a/api/v1alpha1/lvm_logical_volume_snapshot.go
+++ b/api/v1alpha1/lvm_logical_volume_snapshot.go
@@ -1,5 +1,3 @@
-//go:build EE
-
 /*
 Copyright 2024 Flant JSC
 
@@ -23,14 +21,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func init() {
-	knownTypes = append(
-		knownTypes,
-		&LVMLogicalVolumeSnapshot{},
-		&LVMLogicalVolumeSnapshotList{},
-	)
-}
-
 // +k8s:deepcopy-gen=true
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type LVMLogicalVolumeSnapshotList struct {
diff --git a/api/v1alpha1/register.go b/api/v1alpha1/register.go
index dab4e856..a9e63312 100644
--- a/api/v1alpha1/register.go
+++ b/api/v1alpha1/register.go
@@ -46,6 +46,8 @@ var knownTypes = []runtime.Object{
 	&LVMLogicalVolumeList{},
 	&LVMVolumeGroupSet{},
 	&LVMVolumeGroupSetList{},
+	&LVMLogicalVolumeSnapshot{},
+	&LVMLogicalVolumeSnapshotList{},
 }
 
 // Adds the list of known types to Scheme.
diff --git a/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go b/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
index ecda4f10..6d5d8438 100644
--- a/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
+++ b/api/v1alpha1/zz_generated_lvm_logical_volume_snapshot.deepcopy.go
@@ -1,4 +1,4 @@
-//go:build !ignore_autogenerated && EE
+//go:build !ignore_autogenerated
 
 /*
 Copyright 2024 Flant JSC

From dd3ae07370b75dd5c72f1f0085315adb3631e1a5 Mon Sep 17 00:00:00 2001
From: Nikolay Demchuk <nikolay.demchuk@flant.com>
Date: Thu, 6 Feb 2025 19:35:23 +1000
Subject: [PATCH 006/115] added webhook Signed-off-by: Nikolay Demchuk
 <nikolay.demchuk@flant.com>

---
 images/webhooks/src/api/register.go           |  54 +++++
 .../webhooks/src/api/zz_generated.deepcopy.go | 125 ++++++++++
 .../webhooks/src/api/zz_generated.defaults.go |  33 +++
 images/webhooks/src/go.mod                    |  68 ++++++
 images/webhooks/src/go.sum                    | 218 ++++++++++++++++++
 images/webhooks/src/handlers/func.go          | 129 +++++++++++
 images/webhooks/src/handlers/nscValidator.go  |  76 ++++++
 images/webhooks/src/main.go                   |  88 +++++++
 images/webhooks/werf.inc.yaml                 |  35 +++
 templates/webhooks/deployment.yaml            |  96 ++++++++
 templates/webhooks/rbac-for-us.yaml           |  62 +++++
 templates/webhooks/secret.yaml                |  12 +
 templates/webhooks/service.yaml               |  16 ++
 templates/webhooks/webhook.yaml               |  81 +++++++
 14 files changed, 1093 insertions(+)
 create mode 100644 images/webhooks/src/api/register.go
 create mode 100644 images/webhooks/src/api/zz_generated.deepcopy.go
 create mode 100644 images/webhooks/src/api/zz_generated.defaults.go
 create mode 100644 images/webhooks/src/go.mod
 create mode 100644 images/webhooks/src/go.sum
 create mode 100644 images/webhooks/src/handlers/func.go
 create mode 100644 images/webhooks/src/handlers/nscValidator.go
 create mode 100644 images/webhooks/src/main.go
 create mode 100644 images/webhooks/werf.inc.yaml
 create mode 100644 templates/webhooks/deployment.yaml
 create mode 100644 templates/webhooks/rbac-for-us.yaml
 create mode 100644 templates/webhooks/secret.yaml
 create mode 100644 templates/webhooks/service.yaml
 create mode 100644 templates/webhooks/webhook.yaml

diff --git a/images/webhooks/src/api/register.go b/images/webhooks/src/api/register.go
new file mode 100644
index 00000000..c2b87322
--- /dev/null
+++ b/images/webhooks/src/api/register.go
@@ -0,0 +1,54 @@
+// Copyright 2021 Flant JSC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: "deckhouse.io", Version: "v1alpha1"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	AddToScheme        = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes)
+}
+
+// Adds the list of known types to api.Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&ModuleConfig{},
+		&ModuleConfigList{},
+	)
+
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}
diff --git a/images/webhooks/src/api/zz_generated.deepcopy.go b/images/webhooks/src/api/zz_generated.deepcopy.go
new file mode 100644
index 00000000..ed837176
--- /dev/null
+++ b/images/webhooks/src/api/zz_generated.deepcopy.go
@@ -0,0 +1,125 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ModuleConfig) DeepCopyInto(out *ModuleConfig) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfig.
+func (in *ModuleConfig) DeepCopy() *ModuleConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(ModuleConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ModuleConfig) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ModuleConfigList) DeepCopyInto(out *ModuleConfigList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ModuleConfig, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfigList.
+func (in *ModuleConfigList) DeepCopy() *ModuleConfigList {
+	if in == nil {
+		return nil
+	}
+	out := new(ModuleConfigList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ModuleConfigList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ModuleConfigSpec) DeepCopyInto(out *ModuleConfigSpec) {
+	*out = *in
+	in.Settings.DeepCopyInto(&out.Settings)
+	if in.Enabled != nil {
+		in, out := &in.Enabled, &out.Enabled
+		*out = new(bool)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfigSpec.
+func (in *ModuleConfigSpec) DeepCopy() *ModuleConfigSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ModuleConfigSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ModuleConfigStatus) DeepCopyInto(out *ModuleConfigStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfigStatus.
+func (in *ModuleConfigStatus) DeepCopy() *ModuleConfigStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ModuleConfigStatus)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/images/webhooks/src/api/zz_generated.defaults.go b/images/webhooks/src/api/zz_generated.defaults.go
new file mode 100644
index 00000000..5070cb91
--- /dev/null
+++ b/images/webhooks/src/api/zz_generated.defaults.go
@@ -0,0 +1,33 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by defaulter-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// RegisterDefaults adds defaulters functions to the given scheme.
+// Public to allow building arbitrary schemes.
+// All generated defaulters are covering - they call all nested defaulters.
+func RegisterDefaults(scheme *runtime.Scheme) error {
+	return nil
+}
diff --git a/images/webhooks/src/go.mod b/images/webhooks/src/go.mod
new file mode 100644
index 00000000..97632ac3
--- /dev/null
+++ b/images/webhooks/src/go.mod
@@ -0,0 +1,68 @@
+module webhooks
+
+go 1.22.2
+
+require (
+	github.com/deckhouse/csi-nfs/api v0.0.0-20240715155038-264399e5952e
+	github.com/go-logr/logr v1.4.1
+	github.com/sirupsen/logrus v1.9.3
+	github.com/slok/kubewebhook/v2 v2.6.0
+	k8s.io/api v0.30.3
+	k8s.io/apiextensions-apiserver v0.30.3
+	k8s.io/apimachinery v0.30.3
+	k8s.io/client-go v0.30.3
+	k8s.io/klog/v2 v2.120.1
+	sigs.k8s.io/controller-runtime v0.18.4
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.5 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.19.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.17.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)
diff --git a/images/webhooks/src/go.sum b/images/webhooks/src/go.sum
new file mode 100644
index 00000000..fb698fa7
--- /dev/null
+++ b/images/webhooks/src/go.sum
@@ -0,0 +1,218 @@
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckhouse/csi-nfs/api v0.0.0-20240715155038-264399e5952e h1:LAFZeUTGegrl5tlkA3RVXU0EcAbD2WwmX/ehiTaAo7c=
+github.com/deckhouse/csi-nfs/api v0.0.0-20240715155038-264399e5952e/go.mod h1:/vXhdSgMvU4dP2MvOHOFZua9MvJoAPLM/hk6p7rE+Jc=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.5 h1:fVS63IE3M0lsuWRzuom3RLwUMVI2peDH01s6M70ugys=
+github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
+github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
+github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/slok/kubewebhook/v2 v2.6.0 h1:NMDDXx219OcNDc17ZYpqGXW81/jkBNmkdEwFDcZDVcA=
+github.com/slok/kubewebhook/v2 v2.6.0/go.mod h1:EoPfBo8lzgU1lmI1DSY/Fpwu+cdr4lZnzY4Tmg5sHe0=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
+go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
+golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
+golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ=
+k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04=
+k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U=
+k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4=
+k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc=
+k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k=
+k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U=
+k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
+k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ=
+k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
+sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
new file mode 100644
index 00000000..7f52917a
--- /dev/null
+++ b/images/webhooks/src/handlers/func.go
@@ -0,0 +1,129 @@
+/*
+Copyright 2024 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package handlers
+
+import (
+	"context"
+	cn "github.com/deckhouse/csi-nfs/api/v1alpha1"
+	"github.com/go-logr/logr"
+	"github.com/slok/kubewebhook/v2/pkg/log"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/api/resource/v1alpha2"
+	sv1 "k8s.io/api/storage/v1"
+	extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	apiruntime "k8s.io/apimachinery/pkg/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"net/http"
+	"os"
+	controllerruntime "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	mc "webhooks/api"
+
+	kwhhttp "github.com/slok/kubewebhook/v2/pkg/http"
+	"github.com/slok/kubewebhook/v2/pkg/model"
+	kwhmutating "github.com/slok/kubewebhook/v2/pkg/webhook/mutating"
+	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	ctrllog "sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+func NewKubeClient(kubeconfigPath string) (client.Client, error) {
+	var config *rest.Config
+	var err error
+
+	if kubeconfigPath == "" {
+		kubeconfigPath = os.Getenv("kubeconfig")
+	}
+
+	controllerruntime.SetLogger(logr.New(ctrllog.NullLogSink{}))
+
+	config, err = clientcmd.BuildConfigFromFlags("", kubeconfigPath)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var (
+		resourcesSchemeFuncs = []func(*apiruntime.Scheme) error{
+			v1alpha2.AddToScheme,
+			mc.AddToScheme,
+			cn.AddToScheme,
+			clientgoscheme.AddToScheme,
+			extv1.AddToScheme,
+			v1.AddToScheme,
+			sv1.AddToScheme,
+		}
+	)
+
+	scheme := apiruntime.NewScheme()
+	for _, f := range resourcesSchemeFuncs {
+		err = f(scheme)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	clientOpts := client.Options{
+		Scheme: scheme,
+	}
+
+	return client.New(config, clientOpts)
+}
+
+func GetMutatingWebhookHandler(mutationFunc func(ctx context.Context, _ *model.AdmissionReview, obj metav1.Object) (*kwhmutating.MutatorResult, error), mutatorID string, obj metav1.Object, logger log.Logger) (http.Handler, error) {
+	mutatorFunc := kwhmutating.MutatorFunc(mutationFunc)
+
+	mutatingWebhookConfig := kwhmutating.WebhookConfig{
+		ID:      mutatorID,
+		Obj:     obj,
+		Mutator: mutatorFunc,
+		Logger:  logger,
+	}
+
+	mutationWebhook, err := kwhmutating.NewWebhook(mutatingWebhookConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	mutationWebhookHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: mutationWebhook, Logger: logger})
+
+	return mutationWebhookHandler, err
+
+}
+
+func GetValidatingWebhookHandler(validationFunc func(ctx context.Context, _ *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error), validatorID string, obj metav1.Object, logger log.Logger) (http.Handler, error) {
+	validatorFunc := kwhvalidating.ValidatorFunc(validationFunc)
+
+	validatingWebhookConfig := kwhvalidating.WebhookConfig{
+		ID:        validatorID,
+		Obj:       obj,
+		Validator: validatorFunc,
+		Logger:    logger,
+	}
+
+	mutationWebhook, err := kwhvalidating.NewWebhook(validatingWebhookConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	mutationWebhookHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: mutationWebhook, Logger: logger})
+
+	return mutationWebhookHandler, err
+
+}
diff --git a/images/webhooks/src/handlers/nscValidator.go b/images/webhooks/src/handlers/nscValidator.go
new file mode 100644
index 00000000..cc0bd54e
--- /dev/null
+++ b/images/webhooks/src/handlers/nscValidator.go
@@ -0,0 +1,76 @@
+package handlers
+
+import (
+	"context"
+	"fmt"
+	cn "github.com/deckhouse/csi-nfs/api/v1alpha1"
+	"github.com/slok/kubewebhook/v2/pkg/model"
+	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/klog/v2"
+	mc "webhooks/api"
+)
+
+const (
+	csiNfsModuleName = "csi-nfs"
+)
+
+func NSCValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
+	nsc, ok := obj.(*cn.NFSStorageClass)
+	if !ok {
+		// If not a storage class just continue the validation chain(if there is one) and do nothing.
+		return &kwhvalidating.ValidatorResult{}, nil
+	}
+
+	if arReview.UserInfo.Username == allowedUserName {
+		klog.Infof("User %s is allowed to manage NFS storage classes", arReview.UserInfo.Username)
+		return &kwhvalidating.ValidatorResult{Valid: true}, nil
+	}
+
+	v3presents := false
+	v3enabled := false
+
+	cl, err := NewKubeClient("")
+	if err != nil {
+		klog.Fatal(err)
+	}
+
+	listClasses := &cn.NFSStorageClassList{}
+	err = cl.List(ctx, listClasses)
+
+	if nsc.ObjectMeta.DeletionTimestamp == nil && arReview.Operation != "delete" && nsc.Spec.Connection.NFSVersion == "3" {
+		v3presents = true
+	}
+
+	klog.Infof("NFSv3 NFSStorageClass exists: %t", v3presents)
+
+	nfsModuleConfig := &mc.ModuleConfig{}
+
+	err = cl.Get(ctx, types.NamespacedName{Name: csiNfsModuleName, Namespace: ""}, nfsModuleConfig)
+	if err != nil {
+		klog.Fatal(err)
+	}
+
+	if value, exists := nfsModuleConfig.Spec.Settings["v3support"]; exists && value == true {
+		v3enabled = true
+	} else {
+		v3enabled = false
+	}
+
+	klog.Infof("NFSv3 support enabled: %t", v3enabled)
+
+	if v3presents && !v3enabled {
+		klog.Info("NFS v3 is not enabled in module config, enable it first")
+
+		return &kwhvalidating.ValidatorResult{Valid: false, Message: fmt.Sprint("NFS v3 is not enabled in module config, enable it first")}, err
+	} else if !v3presents && v3enabled {
+		klog.Info("NFS v3 is enabled in module config, but not used in NFSStorageCLass - disable it first")
+		return &kwhvalidating.ValidatorResult{Valid: false, Message: fmt.Sprint("NFS v3 is enabled in module config, but not used in NFSStorageCLass - disable it first")}, err
+	}
+
+	return &kwhvalidating.ValidatorResult{Valid: true},
+		nil
+}
+
+//
diff --git a/images/webhooks/src/main.go b/images/webhooks/src/main.go
new file mode 100644
index 00000000..41668677
--- /dev/null
+++ b/images/webhooks/src/main.go
@@ -0,0 +1,88 @@
+/*
+Copyright 2024 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"webhooks/handlers"
+
+	cn "github.com/deckhouse/csi-nfs/api/v1alpha1"
+	"github.com/sirupsen/logrus"
+	kwhlogrus "github.com/slok/kubewebhook/v2/pkg/log/logrus"
+	storagev1 "k8s.io/api/storage/v1"
+)
+
+type config struct {
+	certFile string
+	keyFile  string
+}
+
+func httpHandlerHealthz(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprint(w, "Ok.")
+}
+
+func initFlags() config {
+	cfg := config{}
+
+	fl := flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+	fl.StringVar(&cfg.certFile, "tls-cert-file", "", "TLS certificate file")
+	fl.StringVar(&cfg.keyFile, "tls-key-file", "", "TLS key file")
+
+	fl.Parse(os.Args[1:])
+	return cfg
+}
+
+const (
+	port           = ":8443"
+	NSCValidatorId = "NSCValidator"
+	SCValidatorId  = "SCValidator"
+)
+
+func main() {
+	logrusLogEntry := logrus.NewEntry(logrus.New())
+	logrusLogEntry.Logger.SetLevel(logrus.DebugLevel)
+	logger := kwhlogrus.NewLogrus(logrusLogEntry)
+
+	cfg := initFlags()
+
+	scValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.SCValidate, SCValidatorId, &storagev1.StorageClass{}, logger)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "error creating scValidatingWebhookHandler: %s", err)
+		os.Exit(1)
+	}
+
+	nscValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.NSCValidate, NSCValidatorId, &cn.NFSStorageClass{}, logger)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "error creating nscValidatingWebhookHandler: %s", err)
+		os.Exit(1)
+	}
+
+	mux := http.NewServeMux()
+	mux.Handle("/sc-validate", scValidatingWebhookHandler)
+	mux.Handle("/nsc-validate", nscValidatingWebhookHandler)
+	mux.HandleFunc("/healthz", httpHandlerHealthz)
+
+	logger.Infof("Listening on %s", port)
+	err = http.ListenAndServeTLS(port, cfg.certFile, cfg.keyFile, mux)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "error serving webhook: %s", err)
+		os.Exit(1)
+	}
+}
diff --git a/images/webhooks/werf.inc.yaml b/images/webhooks/werf.inc.yaml
new file mode 100644
index 00000000..a8d03c04
--- /dev/null
+++ b/images/webhooks/werf.inc.yaml
@@ -0,0 +1,35 @@
+{{- $_ := set . "BASE_GOLANG" "registry.deckhouse.io/base_images/golang:1.22.6-bullseye@sha256:260918a3795372a6d33225d361fe5349723be9667de865a23411b50fbcc76c5a" }}
+{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
+
+---
+image: {{ $.ImageName }}-golang-artifact
+from: {{ $.BASE_GOLANG }}
+final: false
+
+git:
+  - add: /images/webhooks/src
+    to: /src
+    stageDependencies:
+      setup:
+        - "**/*"
+mount:
+  - fromPath: ~/go-pkg-cache
+    to: /go/pkg
+shell:
+  setup:
+    - cd /src
+    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o webhooks
+    - mv webhooks /webhooks
+    - chmod +x /webhooks
+---
+image: {{ $.ImageName }}
+from: {{ $.BASE_SCRATCH }}
+
+import:
+  - image: {{ $.ImageName }}-golang-artifact
+    add: /webhooks
+    to: /webhooks
+    before: setup
+
+docker:
+  ENTRYPOINT: ["/webhooks"]
diff --git a/templates/webhooks/deployment.yaml b/templates/webhooks/deployment.yaml
new file mode 100644
index 00000000..83bcd09f
--- /dev/null
+++ b/templates/webhooks/deployment.yaml
@@ -0,0 +1,96 @@
+{{- define "webhooks_resources" }}
+cpu: 10m
+memory: 50Mi
+{{- end }}
+  
+{{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
+---
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: webhooks
+  namespace: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks" "workload-resource-policy.deckhouse.io" "master")) | nindent 2 }}
+spec:
+  targetRef:
+    apiVersion: "apps/v1"
+    kind: Deployment
+    name: webhooks
+  updatePolicy:
+    updateMode: "Auto"
+  resourcePolicy:
+    containerPolicies:
+      - containerName: webhooks
+        minAllowed:
+          {{- include "webhooks_resources" . | nindent 8 }}
+        maxAllowed:
+          cpu: 20m
+          memory: 100Mi
+{{- end }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webhooks
+  namespace: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks" )) | nindent 2 }}
+spec:
+  {{- include "helm_lib_deployment_on_master_strategy_and_replicas_for_ha" . | nindent 2 }}
+  selector:
+    matchLabels:
+      app: webhooks
+  template:
+    metadata:
+      labels:
+        app: webhooks
+    spec:
+      {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }}
+      {{- include "helm_lib_tolerations" (tuple . "any-node" "with-uninitialized" "with-cloud-provider-uninitialized") | nindent 6 }}
+      {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }}
+      {{- include "helm_lib_pod_anti_affinity_for_ha" (list . (dict "app" "webhooks")) | nindent 6 }}
+      containers:
+      - name: webhooks
+        command:
+          - /webhooks
+          - -tls-cert-file=/etc/webhook/certs/tls.crt
+          - -tls-key-file=/etc/webhook/certs/tls.key
+        image: {{ include "helm_lib_module_image" (list . "webhooks") }}
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+          - name: webhook-certs
+            mountPath: /etc/webhook/certs
+            readOnly: true
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8443
+            scheme: HTTPS
+          initialDelaySeconds: 5
+          failureThreshold: 2
+          periodSeconds: 1
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8443
+            scheme: HTTPS
+          periodSeconds: 1
+          failureThreshold: 3
+        ports:
+          - name: http
+            containerPort: 8443
+            protocol: TCP
+        resources:
+          requests:
+            {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
+{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
+            {{- include "webhooks_resources" . | nindent 12 }}
+{{- end }}
+
+      imagePullSecrets:
+        - name: {{ .Chart.Name }}-module-registry
+      serviceAccount: webhooks
+      serviceAccountName: webhooks
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: webhooks-https-certs
\ No newline at end of file
diff --git a/templates/webhooks/rbac-for-us.yaml b/templates/webhooks/rbac-for-us.yaml
new file mode 100644
index 00000000..d6605cda
--- /dev/null
+++ b/templates/webhooks/rbac-for-us.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: webhooks
+  namespace: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks")) | nindent 2 }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: d8:{{ .Chart.Name }}:webhooks
+  {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks")) | nindent 2 }}
+rules:
+  - apiGroups:
+      - deckhouse.io
+    resources:
+      - moduleconfigs
+    verbs:
+      - get
+      - watch
+      - update
+      - list
+      - patch
+  - verbs:
+      - get
+      - list
+      - watch
+    apiGroups:
+      - storage.deckhouse.io
+    resources:
+      - lvmvolumegroups
+  - apiGroups:
+      - ""
+    verbs:
+      - get
+    resources:
+      - pods
+      - persistentvolumeclaims
+      - persistentvolumes
+  - apiGroups:
+      - storage.k8s.io
+    verbs:
+      - get
+      - list
+    resources:
+      - storageclasses
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: d8:{{ .Chart.Name }}:webhooks
+  {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks")) | nindent 2 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: d8:{{ .Chart.Name }}:webhooks
+subjects:
+  - kind: ServiceAccount
+    name: webhooks
+    namespace: d8-{{ .Chart.Name }}
diff --git a/templates/webhooks/secret.yaml b/templates/webhooks/secret.yaml
new file mode 100644
index 00000000..81d41327
--- /dev/null
+++ b/templates/webhooks/secret.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: webhooks-https-certs
+  namespace: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks")) | nindent 2 }}
+type: kubernetes.io/tls
+data:
+  ca.crt: {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
+  tls.crt: {{ .Values.sdsLocalVolume.internal.customWebhookCert.crt }}
+  tls.key: {{ .Values.sdsLocalVolume.internal.customWebhookCert.key }}
diff --git a/templates/webhooks/service.yaml b/templates/webhooks/service.yaml
new file mode 100644
index 00000000..dc01ddbf
--- /dev/null
+++ b/templates/webhooks/service.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: webhooks
+  namespace: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks" )) | nindent 2 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 443
+      targetPort: 8443
+      protocol: TCP
+      name: http
+  selector:
+    app: webhooks
\ No newline at end of file
diff --git a/templates/webhooks/webhook.yaml b/templates/webhooks/webhook.yaml
new file mode 100644
index 00000000..d6e96ecd
--- /dev/null
+++ b/templates/webhooks/webhook.yaml
@@ -0,0 +1,81 @@
+{{- if and (not (eq "dev" .Values.global.deckhouseVersion)) (semverCompare "<1.64" .Values.global.deckhouseVersion) }}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: "d8-{{ .Chart.Name }}-pod-scheduler-mutation"
+webhooks:
+  - name: "d8-{{ .Chart.Name }}-pod-scheduler-mutation.storage.deckhouse.io"
+    failurePolicy: Ignore
+    namespaceSelector:
+      matchExpressions:
+        - key: heritage
+          operator: NotIn
+          values:
+            - deckhouse
+    rules:
+      - apiGroups: [""]
+        apiVersions: ["v1"]
+        operations: ["CREATE"]
+        resources: ["pods"]
+        scope: "Namespaced"
+    clientConfig:
+      service:
+        namespace: "d8-{{ .Chart.Name }}"
+        name: "webhooks"
+        path: "/pod-scheduler-mutate"
+      caBundle: |
+        {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
+
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+{{- end }}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: "d8-{{ .Chart.Name }}-lsc-validation"
+webhooks:
+  - name: "d8-{{ .Chart.Name }}-lsc-validation.deckhouse.io"
+    failurePolicy: Fail
+    rules:
+      - apiGroups: ["storage.deckhouse.io"]
+        apiVersions: ["v1alpha1"]
+        operations: ["CREATE", "UPDATE"]
+        resources: ["localstorageclasses"]
+        scope: "Cluster"
+    clientConfig:
+      service:
+        namespace: "d8-{{ .Chart.Name }}"
+        name: "webhooks"
+        path: "/lsc-validate"
+      caBundle: |
+        {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
+
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: "d8-{{ .Chart.Name }}-sc-validation"
+webhooks:
+  - name: "d8-{{ .Chart.Name }}-sc-validation.deckhouse.io"
+    rules:
+      - apiGroups: ["storage.k8s.io"]
+        apiVersions: ["v1"]
+        operations: ["*"]
+        resources: ["storageclasses"]
+        scope: "Cluster"
+    clientConfig:
+      service:
+        namespace: "d8-{{ .Chart.Name }}"
+        name: "webhooks"
+        path: "/sc-validate"
+      caBundle: |
+        {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5

From d502bfb31cbc343019c3eabc5dadf4238fbf89fb Mon Sep 17 00:00:00 2001
From: Nikolay Demchuk <nikolay.demchuk@flant.com>
Date: Thu, 6 Feb 2025 20:34:15 +1000
Subject: [PATCH 007/115] fixes Signed-off-by: Nikolay Demchuk
 <nikolay.demchuk@flant.com>

---
 images/webhooks/src/api/module_config.go | 114 +++++++++++++++++++++++
 1 file changed, 114 insertions(+)
 create mode 100644 images/webhooks/src/api/module_config.go

diff --git a/images/webhooks/src/api/module_config.go b/images/webhooks/src/api/module_config.go
new file mode 100644
index 00000000..e8f235ed
--- /dev/null
+++ b/images/webhooks/src/api/module_config.go
@@ -0,0 +1,114 @@
+/*
+Copyright 2023 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+var (
+	// ModuleConfigGVR GroupVersionResource
+	ModuleConfigGVR = schema.GroupVersionResource{
+		Group:    SchemeGroupVersion.Group,
+		Version:  SchemeGroupVersion.Version,
+		Resource: "moduleconfigs",
+	}
+	ModuleConfigGVK = schema.GroupVersionKind{
+		Group:   SchemeGroupVersion.Group,
+		Version: SchemeGroupVersion.Version,
+		Kind:    "ModuleConfig",
+	}
+)
+
+var _ runtime.Object = (*ModuleConfig)(nil)
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ModuleConfig is a configuration for module or for global config values.
+type ModuleConfig struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec ModuleConfigSpec `json:"spec"`
+
+	Status ModuleConfigStatus `json:"status,omitempty"`
+}
+
+// SettingsValues empty interface in needed to handle DeepCopy generation. DeepCopy does not work with unnamed empty interfaces
+type SettingsValues map[string]interface{}
+
+func (v *SettingsValues) DeepCopy() *SettingsValues {
+	nmap := make(map[string]interface{}, len(*v))
+
+	for key, value := range *v {
+		nmap[key] = value
+	}
+
+	vv := SettingsValues(nmap)
+
+	return &vv
+}
+
+func (v SettingsValues) DeepCopyInto(out *SettingsValues) {
+	{
+		v := &v
+		clone := v.DeepCopy()
+		*out = *clone
+		return
+	}
+}
+
+type ModuleConfigSpec struct {
+	Version  int            `json:"version,omitempty"`
+	Settings SettingsValues `json:"settings,omitempty"`
+	Enabled  *bool          `json:"enabled,omitempty"`
+}
+
+type ModuleConfigStatus struct {
+	Version string `json:"version"`
+	Message string `json:"message"`
+}
+
+// +k8s:deepcopy-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ModuleConfigList is a list of ModuleConfig resources
+type ModuleConfigList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+
+	Items []ModuleConfig `json:"items"`
+}
+
+type moduleConfigKind struct{}
+
+func (in *ModuleConfigStatus) GetObjectKind() schema.ObjectKind {
+	return &moduleConfigKind{}
+}
+
+func (f *moduleConfigKind) SetGroupVersionKind(_ schema.GroupVersionKind) {}
+func (f *moduleConfigKind) GroupVersionKind() schema.GroupVersionKind {
+	return ModuleConfigGVK
+}

From 1401ca3a30568657a35c5025bbb413b5546f05b4 Mon Sep 17 00:00:00 2001
From: Nikolay Demchuk <nikolay.demchuk@flant.com>
Date: Thu, 6 Feb 2025 20:45:31 +1000
Subject: [PATCH 008/115] change Signed-off-by: Nikolay Demchuk
 <nikolay.demchuk@flant.com>

---
 images/webhooks/src/go.mod                   | 2 +-
 images/webhooks/src/go.sum                   | 4 ++--
 images/webhooks/src/handlers/func.go         | 2 +-
 images/webhooks/src/handlers/nscValidator.go | 4 ++--
 images/webhooks/src/main.go                  | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/images/webhooks/src/go.mod b/images/webhooks/src/go.mod
index 97632ac3..c7fffdae 100644
--- a/images/webhooks/src/go.mod
+++ b/images/webhooks/src/go.mod
@@ -3,7 +3,7 @@ module webhooks
 go 1.22.2
 
 require (
-	github.com/deckhouse/csi-nfs/api v0.0.0-20240715155038-264399e5952e
+	github.com/deckhouse/sds-node-configurator/api v0.0.0-20240715155038-264399e5952e
 	github.com/go-logr/logr v1.4.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/slok/kubewebhook/v2 v2.6.0
diff --git a/images/webhooks/src/go.sum b/images/webhooks/src/go.sum
index fb698fa7..90a2f903 100644
--- a/images/webhooks/src/go.sum
+++ b/images/webhooks/src/go.sum
@@ -6,8 +6,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/deckhouse/csi-nfs/api v0.0.0-20240715155038-264399e5952e h1:LAFZeUTGegrl5tlkA3RVXU0EcAbD2WwmX/ehiTaAo7c=
-github.com/deckhouse/csi-nfs/api v0.0.0-20240715155038-264399e5952e/go.mod h1:/vXhdSgMvU4dP2MvOHOFZua9MvJoAPLM/hk6p7rE+Jc=
+github.com/deckhouse/sds-node-configurator/api v0.0.0-20240715155038-264399e5952e h1:LAFZeUTGegrl5tlkA3RVXU0EcAbD2WwmX/ehiTaAo7c=
+github.com/deckhouse/sds-node-configurator/api v0.0.0-20240715155038-264399e5952e/go.mod h1:/vXhdSgMvU4dP2MvOHOFZua9MvJoAPLM/hk6p7rE+Jc=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
index 7f52917a..66cf36e8 100644
--- a/images/webhooks/src/handlers/func.go
+++ b/images/webhooks/src/handlers/func.go
@@ -18,7 +18,7 @@ package handlers
 
 import (
 	"context"
-	cn "github.com/deckhouse/csi-nfs/api/v1alpha1"
+	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/go-logr/logr"
 	"github.com/slok/kubewebhook/v2/pkg/log"
 	v1 "k8s.io/api/core/v1"
diff --git a/images/webhooks/src/handlers/nscValidator.go b/images/webhooks/src/handlers/nscValidator.go
index cc0bd54e..7884147a 100644
--- a/images/webhooks/src/handlers/nscValidator.go
+++ b/images/webhooks/src/handlers/nscValidator.go
@@ -3,7 +3,7 @@ package handlers
 import (
 	"context"
 	"fmt"
-	cn "github.com/deckhouse/csi-nfs/api/v1alpha1"
+	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/slok/kubewebhook/v2/pkg/model"
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -13,7 +13,7 @@ import (
 )
 
 const (
-	csiNfsModuleName = "csi-nfs"
+	csiNfsModuleName = "sds-node-configurator"
 )
 
 func NSCValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
diff --git a/images/webhooks/src/main.go b/images/webhooks/src/main.go
index 41668677..8c09e56d 100644
--- a/images/webhooks/src/main.go
+++ b/images/webhooks/src/main.go
@@ -23,7 +23,7 @@ import (
 	"os"
 	"webhooks/handlers"
 
-	cn "github.com/deckhouse/csi-nfs/api/v1alpha1"
+	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/sirupsen/logrus"
 	kwhlogrus "github.com/slok/kubewebhook/v2/pkg/log/logrus"
 	storagev1 "k8s.io/api/storage/v1"

From 6f9209fad652da0c34b8e556ae18f055ded2f2f7 Mon Sep 17 00:00:00 2001
From: Nikolay Demchuk <nikolay.demchuk@flant.com>
Date: Thu, 6 Feb 2025 21:38:27 +1000
Subject: [PATCH 009/115] fixes Signed-off-by: Nikolay Demchuk
 <nikolay.demchuk@flant.com>

---
 api/go.mod                                    |  2 +-
 images/agent/src/go.mod                       |  4 +-
 images/webhooks/src/go.mod                    | 29 ++++----
 images/webhooks/src/go.sum                    | 71 ++++++++++---------
 .../{nscValidator.go => llvsValidator.go}     | 29 ++------
 images/webhooks/src/main.go                   | 12 +---
 templates/webhooks/rbac-for-us.yaml           |  2 +-
 templates/webhooks/secret.yaml                |  6 +-
 templates/webhooks/webhook.yaml               | 65 ++---------------
 9 files changed, 72 insertions(+), 148 deletions(-)
 rename images/webhooks/src/handlers/{nscValidator.go => llvsValidator.go} (51%)

diff --git a/api/go.mod b/api/go.mod
index 05a0cf0b..0eb99944 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/sds-node-configurator/api
 
-go 1.22.2
+go 1.22.3
 
 require k8s.io/apimachinery v0.31.3
 
diff --git a/images/agent/src/go.mod b/images/agent/src/go.mod
index 38086fb1..c9e0c9d3 100644
--- a/images/agent/src/go.mod
+++ b/images/agent/src/go.mod
@@ -1,6 +1,8 @@
 module agent
 
-go 1.22.2
+go 1.22.3
+
+toolchain go1.23.0
 
 require (
 	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250114161813-c1a8b09cd47d
diff --git a/images/webhooks/src/go.mod b/images/webhooks/src/go.mod
index c7fffdae..6bbbccdf 100644
--- a/images/webhooks/src/go.mod
+++ b/images/webhooks/src/go.mod
@@ -1,27 +1,27 @@
 module webhooks
 
-go 1.22.2
+go 1.23.2
 
 require (
-	github.com/deckhouse/sds-node-configurator/api v0.0.0-20240715155038-264399e5952e
-	github.com/go-logr/logr v1.4.1
+	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250206203415-a9ffd855f5a3
+	github.com/go-logr/logr v1.4.2
 	github.com/sirupsen/logrus v1.9.3
 	github.com/slok/kubewebhook/v2 v2.6.0
 	k8s.io/api v0.30.3
 	k8s.io/apiextensions-apiserver v0.30.3
-	k8s.io/apimachinery v0.30.3
+	k8s.io/apimachinery v0.31.3
 	k8s.io/client-go v0.30.3
-	k8s.io/klog/v2 v2.120.1
 	sigs.k8s.io/controller-runtime v0.18.4
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.5 // indirect
@@ -44,25 +44,28 @@ require (
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
-	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.17.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/term v0.19.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
+
+replace github.com/deckhouse/sds-node-configurator/api => ../../../api
diff --git a/images/webhooks/src/go.sum b/images/webhooks/src/go.sum
index 90a2f903..1b56f5d0 100644
--- a/images/webhooks/src/go.sum
+++ b/images/webhooks/src/go.sum
@@ -4,10 +4,9 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/deckhouse/sds-node-configurator/api v0.0.0-20240715155038-264399e5952e h1:LAFZeUTGegrl5tlkA3RVXU0EcAbD2WwmX/ehiTaAo7c=
-github.com/deckhouse/sds-node-configurator/api v0.0.0-20240715155038-264399e5952e/go.mod h1:/vXhdSgMvU4dP2MvOHOFZua9MvJoAPLM/hk6p7rE+Jc=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
@@ -16,8 +15,10 @@ github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
@@ -28,7 +29,8 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+
 github.com/go-openapi/swag v0.22.5 h1:fVS63IE3M0lsuWRzuom3RLwUMVI2peDH01s6M70ugys=
 github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
@@ -46,8 +48,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
@@ -74,14 +76,15 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
-github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
 github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
 github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
 github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
@@ -90,8 +93,8 @@ github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSz
 github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/slok/kubewebhook/v2 v2.6.0 h1:NMDDXx219OcNDc17ZYpqGXW81/jkBNmkdEwFDcZDVcA=
@@ -108,8 +111,10 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@@ -134,8 +139,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
 golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -150,18 +155,18 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
-golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -169,8 +174,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
-golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -181,8 +186,8 @@ google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAs
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -198,16 +203,16 @@ k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ=
 k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04=
 k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U=
 k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4=
-k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc=
-k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
+k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
 k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k=
 k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U=
-k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
-k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ=
-k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
 sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
diff --git a/images/webhooks/src/handlers/nscValidator.go b/images/webhooks/src/handlers/llvsValidator.go
similarity index 51%
rename from images/webhooks/src/handlers/nscValidator.go
rename to images/webhooks/src/handlers/llvsValidator.go
index 7884147a..fc494ea3 100644
--- a/images/webhooks/src/handlers/nscValidator.go
+++ b/images/webhooks/src/handlers/llvsValidator.go
@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"context"
-	"fmt"
 	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/slok/kubewebhook/v2/pkg/model"
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
@@ -13,11 +12,11 @@ import (
 )
 
 const (
-	csiNfsModuleName = "sds-node-configurator"
+	sdsNodeConfiguratorModuleName = "sds-node-configurator"
 )
 
-func NSCValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
-	nsc, ok := obj.(*cn.NFSStorageClass)
+func LLVSValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
+	llvs, ok := obj.(*cn.)
 	if !ok {
 		// If not a storage class just continue the validation chain(if there is one) and do nothing.
 		return &kwhvalidating.ValidatorResult{}, nil
@@ -28,9 +27,6 @@ func NSCValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav
 		return &kwhvalidating.ValidatorResult{Valid: true}, nil
 	}
 
-	v3presents := false
-	v3enabled := false
-
 	cl, err := NewKubeClient("")
 	if err != nil {
 		klog.Fatal(err)
@@ -47,28 +43,11 @@ func NSCValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav
 
 	nfsModuleConfig := &mc.ModuleConfig{}
 
-	err = cl.Get(ctx, types.NamespacedName{Name: csiNfsModuleName, Namespace: ""}, nfsModuleConfig)
+	err = cl.Get(ctx, types.NamespacedName{Name: sdsNodeConfiguratorModuleName, Namespace: ""}, nfsModuleConfig)
 	if err != nil {
 		klog.Fatal(err)
 	}
 
-	if value, exists := nfsModuleConfig.Spec.Settings["v3support"]; exists && value == true {
-		v3enabled = true
-	} else {
-		v3enabled = false
-	}
-
-	klog.Infof("NFSv3 support enabled: %t", v3enabled)
-
-	if v3presents && !v3enabled {
-		klog.Info("NFS v3 is not enabled in module config, enable it first")
-
-		return &kwhvalidating.ValidatorResult{Valid: false, Message: fmt.Sprint("NFS v3 is not enabled in module config, enable it first")}, err
-	} else if !v3presents && v3enabled {
-		klog.Info("NFS v3 is enabled in module config, but not used in NFSStorageCLass - disable it first")
-		return &kwhvalidating.ValidatorResult{Valid: false, Message: fmt.Sprint("NFS v3 is enabled in module config, but not used in NFSStorageCLass - disable it first")}, err
-	}
-
 	return &kwhvalidating.ValidatorResult{Valid: true},
 		nil
 }
diff --git a/images/webhooks/src/main.go b/images/webhooks/src/main.go
index 8c09e56d..451e13a0 100644
--- a/images/webhooks/src/main.go
+++ b/images/webhooks/src/main.go
@@ -26,7 +26,6 @@ import (
 	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/sirupsen/logrus"
 	kwhlogrus "github.com/slok/kubewebhook/v2/pkg/log/logrus"
-	storagev1 "k8s.io/api/storage/v1"
 )
 
 type config struct {
@@ -62,21 +61,14 @@ func main() {
 
 	cfg := initFlags()
 
-	scValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.SCValidate, SCValidatorId, &storagev1.StorageClass{}, logger)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "error creating scValidatingWebhookHandler: %s", err)
-		os.Exit(1)
-	}
-
-	nscValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.NSCValidate, NSCValidatorId, &cn.NFSStorageClass{}, logger)
+	llvsValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.LLVSValidate, LLVSValidatorId, &cn.LVMLogicalVolumeSnapshot{}, logger)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "error creating nscValidatingWebhookHandler: %s", err)
 		os.Exit(1)
 	}
 
 	mux := http.NewServeMux()
-	mux.Handle("/sc-validate", scValidatingWebhookHandler)
-	mux.Handle("/nsc-validate", nscValidatingWebhookHandler)
+	mux.Handle("/llvs-validate", llvsValidatingWebhookHandler)
 	mux.HandleFunc("/healthz", httpHandlerHealthz)
 
 	logger.Infof("Listening on %s", port)
diff --git a/templates/webhooks/rbac-for-us.yaml b/templates/webhooks/rbac-for-us.yaml
index d6605cda..52386086 100644
--- a/templates/webhooks/rbac-for-us.yaml
+++ b/templates/webhooks/rbac-for-us.yaml
@@ -29,7 +29,7 @@ rules:
     apiGroups:
       - storage.deckhouse.io
     resources:
-      - lvmvolumegroups
+      - lvmlogicalvolumesnapshots
   - apiGroups:
       - ""
     verbs:
diff --git a/templates/webhooks/secret.yaml b/templates/webhooks/secret.yaml
index 81d41327..55d975ea 100644
--- a/templates/webhooks/secret.yaml
+++ b/templates/webhooks/secret.yaml
@@ -7,6 +7,6 @@ metadata:
   {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks")) | nindent 2 }}
 type: kubernetes.io/tls
 data:
-  ca.crt: {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
-  tls.crt: {{ .Values.sdsLocalVolume.internal.customWebhookCert.crt }}
-  tls.key: {{ .Values.sdsLocalVolume.internal.customWebhookCert.key }}
+  ca.crt: {{ .Values.sdsNodeConfigurator.internal.customWebhookCert.ca }}
+  tls.crt: {{ .Values.sdsNodeConfigurator.internal.customWebhookCert.crt }}
+  tls.key: {{ .Values.sdsNodeConfigurator.internal.customWebhookCert.key }}
diff --git a/templates/webhooks/webhook.yaml b/templates/webhooks/webhook.yaml
index d6e96ecd..9c13606c 100644
--- a/templates/webhooks/webhook.yaml
+++ b/templates/webhooks/webhook.yaml
@@ -1,79 +1,22 @@
 {{- if and (not (eq "dev" .Values.global.deckhouseVersion)) (semverCompare "<1.64" .Values.global.deckhouseVersion) }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: "d8-{{ .Chart.Name }}-pod-scheduler-mutation"
-webhooks:
-  - name: "d8-{{ .Chart.Name }}-pod-scheduler-mutation.storage.deckhouse.io"
-    failurePolicy: Ignore
-    namespaceSelector:
-      matchExpressions:
-        - key: heritage
-          operator: NotIn
-          values:
-            - deckhouse
-    rules:
-      - apiGroups: [""]
-        apiVersions: ["v1"]
-        operations: ["CREATE"]
-        resources: ["pods"]
-        scope: "Namespaced"
-    clientConfig:
-      service:
-        namespace: "d8-{{ .Chart.Name }}"
-        name: "webhooks"
-        path: "/pod-scheduler-mutate"
-      caBundle: |
-        {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
-
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
-{{- end }}
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: "d8-{{ .Chart.Name }}-lsc-validation"
-webhooks:
-  - name: "d8-{{ .Chart.Name }}-lsc-validation.deckhouse.io"
-    failurePolicy: Fail
-    rules:
-      - apiGroups: ["storage.deckhouse.io"]
-        apiVersions: ["v1alpha1"]
-        operations: ["CREATE", "UPDATE"]
-        resources: ["localstorageclasses"]
-        scope: "Cluster"
-    clientConfig:
-      service:
-        namespace: "d8-{{ .Chart.Name }}"
-        name: "webhooks"
-        path: "/lsc-validate"
-      caBundle: |
-        {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
-
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
----
-apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: "d8-{{ .Chart.Name }}-sc-validation"
 webhooks:
   - name: "d8-{{ .Chart.Name }}-sc-validation.deckhouse.io"
     rules:
-      - apiGroups: ["storage.k8s.io"]
-        apiVersions: ["v1"]
+      - apiGroups: ["storage.deckhouse.io"]
+        apiVersions: ["v1alpha1"]
         operations: ["*"]
-        resources: ["storageclasses"]
+        resources: ["lvmlogicalvolumesnapshots"]
         scope: "Cluster"
     clientConfig:
       service:
         namespace: "d8-{{ .Chart.Name }}"
         name: "webhooks"
-        path: "/sc-validate"
+        path: "/llvs-validate"
       caBundle: |
         {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
     admissionReviewVersions: ["v1", "v1beta1"]

From 536dac922707ec4a8ddb2be88964089f087fd709 Mon Sep 17 00:00:00 2001
From: Nikolay Demchuk <nikolay.demchuk@flant.com>
Date: Thu, 6 Feb 2025 21:42:05 +1000
Subject: [PATCH 010/115] fixes Signed-off-by: Nikolay Demchuk
 <nikolay.demchuk@flant.com>

---
 images/webhooks/src/handlers/llvsValidator.go | 38 +------------------
 1 file changed, 1 insertion(+), 37 deletions(-)

diff --git a/images/webhooks/src/handlers/llvsValidator.go b/images/webhooks/src/handlers/llvsValidator.go
index fc494ea3..f36cb1c6 100644
--- a/images/webhooks/src/handlers/llvsValidator.go
+++ b/images/webhooks/src/handlers/llvsValidator.go
@@ -2,13 +2,9 @@ package handlers
 
 import (
 	"context"
-	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/slok/kubewebhook/v2/pkg/model"
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/klog/v2"
-	mc "webhooks/api"
 )
 
 const (
@@ -16,39 +12,7 @@ const (
 )
 
 func LLVSValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
-	llvs, ok := obj.(*cn.)
-	if !ok {
-		// If not a storage class just continue the validation chain(if there is one) and do nothing.
-		return &kwhvalidating.ValidatorResult{}, nil
-	}
-
-	if arReview.UserInfo.Username == allowedUserName {
-		klog.Infof("User %s is allowed to manage NFS storage classes", arReview.UserInfo.Username)
-		return &kwhvalidating.ValidatorResult{Valid: true}, nil
-	}
-
-	cl, err := NewKubeClient("")
-	if err != nil {
-		klog.Fatal(err)
-	}
-
-	listClasses := &cn.NFSStorageClassList{}
-	err = cl.List(ctx, listClasses)
-
-	if nsc.ObjectMeta.DeletionTimestamp == nil && arReview.Operation != "delete" && nsc.Spec.Connection.NFSVersion == "3" {
-		v3presents = true
-	}
-
-	klog.Infof("NFSv3 NFSStorageClass exists: %t", v3presents)
-
-	nfsModuleConfig := &mc.ModuleConfig{}
-
-	err = cl.Get(ctx, types.NamespacedName{Name: sdsNodeConfiguratorModuleName, Namespace: ""}, nfsModuleConfig)
-	if err != nil {
-		klog.Fatal(err)
-	}
-
-	return &kwhvalidating.ValidatorResult{Valid: true},
+	return &kwhvalidating.ValidatorResult{Valid: false},
 		nil
 }
 

From 3624ce5fbe0e993d4e211592f5a5932e6b6d5773 Mon Sep 17 00:00:00 2001
From: Nikolay Demchuk <nikolay.demchuk@flant.com>
Date: Thu, 6 Feb 2025 21:46:57 +1000
Subject: [PATCH 011/115] changed go version Signed-off-by: Nikolay Demchuk
 <nikolay.demchuk@flant.com>

---
 images/webhooks/src/go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/webhooks/src/go.mod b/images/webhooks/src/go.mod
index 6bbbccdf..bff04e72 100644
--- a/images/webhooks/src/go.mod
+++ b/images/webhooks/src/go.mod
@@ -1,6 +1,6 @@
 module webhooks
 
-go 1.23.2
+go 1.22.6
 
 require (
 	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250206203415-a9ffd855f5a3

From 15735cf3f8942582ffdd45fb94d6c1340254203f Mon Sep 17 00:00:00 2001
From: Nikolay Demchuk <nikolay.demchuk@flant.com>
Date: Thu, 6 Feb 2025 21:58:05 +1000
Subject: [PATCH 012/115] fix Signed-off-by: Nikolay Demchuk
 <nikolay.demchuk@flant.com>

---
 images/webhooks/src/main.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/images/webhooks/src/main.go b/images/webhooks/src/main.go
index 451e13a0..43f97f69 100644
--- a/images/webhooks/src/main.go
+++ b/images/webhooks/src/main.go
@@ -49,9 +49,8 @@ func initFlags() config {
 }
 
 const (
-	port           = ":8443"
-	NSCValidatorId = "NSCValidator"
-	SCValidatorId  = "SCValidator"
+	port            = ":8443"
+	LLVSValidatorId = "LLVSValidator"
 )
 
 func main() {

From 583354f043be05de4aebb99eec4c500419c10751 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Thu, 6 Feb 2025 15:14:34 +0300
Subject: [PATCH 013/115] try

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 images/webhooks/werf.inc.yaml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/images/webhooks/werf.inc.yaml b/images/webhooks/werf.inc.yaml
index a8d03c04..3535e430 100644
--- a/images/webhooks/werf.inc.yaml
+++ b/images/webhooks/werf.inc.yaml
@@ -7,10 +7,15 @@ from: {{ $.BASE_GOLANG }}
 final: false
 
 git:
-  - add: /images/webhooks/src
-    to: /src
+  - add: /images/{{ $.ImageName }}/src
+    to: /src/images/{{ $.ImageName }}/src
     stageDependencies:
-      setup:
+      install:
+        - "**/*"
+  - add: /api
+    to: /src/api
+    stageDependencies:
+      install:
         - "**/*"
 mount:
   - fromPath: ~/go-pkg-cache

From 5b14900b996140f1746918a412021d72f34243bb Mon Sep 17 00:00:00 2001
From: Pavel Karpov <pavel.karpov@flant.com>
Date: Thu, 6 Feb 2025 15:41:37 +0300
Subject: [PATCH 014/115] [webhooks] fix werf

Signed-off-by: Pavel Karpov <pavel.karpov@flant.com>
---
 .werf/consts.yaml                             |   4 +
 images/webhooks/src/api/module_config.go      | 114 ----------------
 images/webhooks/src/api/register.go           |  54 --------
 .../webhooks/src/api/zz_generated.deepcopy.go | 125 ------------------
 .../webhooks/src/api/zz_generated.defaults.go |  33 -----
 images/webhooks/src/{ => cmd}/main.go         |   0
 images/webhooks/src/handlers/func.go          |   7 +-
 images/webhooks/werf.inc.yaml                 |  79 ++++++++---
 8 files changed, 66 insertions(+), 350 deletions(-)
 delete mode 100644 images/webhooks/src/api/module_config.go
 delete mode 100644 images/webhooks/src/api/register.go
 delete mode 100644 images/webhooks/src/api/zz_generated.deepcopy.go
 delete mode 100644 images/webhooks/src/api/zz_generated.defaults.go
 rename images/webhooks/src/{ => cmd}/main.go (100%)

diff --git a/.werf/consts.yaml b/.werf/consts.yaml
index eb21997f..18e1d458 100644
--- a/.werf/consts.yaml
+++ b/.werf/consts.yaml
@@ -14,3 +14,7 @@
 {{- $_ := set $versions "LVM2" "d786a8f820d54ce87a919e6af5426c333c173b11" }}
 
 {{- $_ := set $ "VERSIONS" $versions }}
+
+# custom constants
+{{- $_ := set $ "DECKHOUSE_UID_GID" "64535" }}
+{{- $_ := set $ "ALT_CLEANUP_CMD" "rm -rf /var/lib/apt/lists/* /var/cache/apt/* && mkdir -p /var/lib/apt/lists/partial /var/cache/apt/archives/partial" }}
diff --git a/images/webhooks/src/api/module_config.go b/images/webhooks/src/api/module_config.go
deleted file mode 100644
index e8f235ed..00000000
--- a/images/webhooks/src/api/module_config.go
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
-Copyright 2023 Flant JSC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-var (
-	// ModuleConfigGVR GroupVersionResource
-	ModuleConfigGVR = schema.GroupVersionResource{
-		Group:    SchemeGroupVersion.Group,
-		Version:  SchemeGroupVersion.Version,
-		Resource: "moduleconfigs",
-	}
-	ModuleConfigGVK = schema.GroupVersionKind{
-		Group:   SchemeGroupVersion.Group,
-		Version: SchemeGroupVersion.Version,
-		Kind:    "ModuleConfig",
-	}
-)
-
-var _ runtime.Object = (*ModuleConfig)(nil)
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ModuleConfig is a configuration for module or for global config values.
-type ModuleConfig struct {
-	metav1.TypeMeta `json:",inline"`
-	// Standard object's metadata.
-	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-	// +optional
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec ModuleConfigSpec `json:"spec"`
-
-	Status ModuleConfigStatus `json:"status,omitempty"`
-}
-
-// SettingsValues empty interface in needed to handle DeepCopy generation. DeepCopy does not work with unnamed empty interfaces
-type SettingsValues map[string]interface{}
-
-func (v *SettingsValues) DeepCopy() *SettingsValues {
-	nmap := make(map[string]interface{}, len(*v))
-
-	for key, value := range *v {
-		nmap[key] = value
-	}
-
-	vv := SettingsValues(nmap)
-
-	return &vv
-}
-
-func (v SettingsValues) DeepCopyInto(out *SettingsValues) {
-	{
-		v := &v
-		clone := v.DeepCopy()
-		*out = *clone
-		return
-	}
-}
-
-type ModuleConfigSpec struct {
-	Version  int            `json:"version,omitempty"`
-	Settings SettingsValues `json:"settings,omitempty"`
-	Enabled  *bool          `json:"enabled,omitempty"`
-}
-
-type ModuleConfigStatus struct {
-	Version string `json:"version"`
-	Message string `json:"message"`
-}
-
-// +k8s:deepcopy-gen=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ModuleConfigList is a list of ModuleConfig resources
-type ModuleConfigList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []ModuleConfig `json:"items"`
-}
-
-type moduleConfigKind struct{}
-
-func (in *ModuleConfigStatus) GetObjectKind() schema.ObjectKind {
-	return &moduleConfigKind{}
-}
-
-func (f *moduleConfigKind) SetGroupVersionKind(_ schema.GroupVersionKind) {}
-func (f *moduleConfigKind) GroupVersionKind() schema.GroupVersionKind {
-	return ModuleConfigGVK
-}
diff --git a/images/webhooks/src/api/register.go b/images/webhooks/src/api/register.go
deleted file mode 100644
index c2b87322..00000000
--- a/images/webhooks/src/api/register.go
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2021 Flant JSC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-// SchemeGroupVersion is group version used to register these objects
-var SchemeGroupVersion = schema.GroupVersion{Group: "deckhouse.io", Version: "v1alpha1"}
-
-// Resource takes an unqualified resource and returns a Group qualified GroupResource
-func Resource(resource string) schema.GroupResource {
-	return SchemeGroupVersion.WithResource(resource).GroupResource()
-}
-
-var (
-	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
-	SchemeBuilder      runtime.SchemeBuilder
-	localSchemeBuilder = &SchemeBuilder
-	AddToScheme        = localSchemeBuilder.AddToScheme
-)
-
-func init() {
-	// We only register manually written functions here. The registration of the
-	// generated functions takes place in the generated files. The separation
-	// makes the code compile even when the generated files are missing.
-	localSchemeBuilder.Register(addKnownTypes)
-}
-
-// Adds the list of known types to api.Scheme.
-func addKnownTypes(scheme *runtime.Scheme) error {
-	scheme.AddKnownTypes(SchemeGroupVersion,
-		&ModuleConfig{},
-		&ModuleConfigList{},
-	)
-
-	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
-	return nil
-}
diff --git a/images/webhooks/src/api/zz_generated.deepcopy.go b/images/webhooks/src/api/zz_generated.deepcopy.go
deleted file mode 100644
index ed837176..00000000
--- a/images/webhooks/src/api/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,125 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ModuleConfig) DeepCopyInto(out *ModuleConfig) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	out.Status = in.Status
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfig.
-func (in *ModuleConfig) DeepCopy() *ModuleConfig {
-	if in == nil {
-		return nil
-	}
-	out := new(ModuleConfig)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ModuleConfig) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ModuleConfigList) DeepCopyInto(out *ModuleConfigList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]ModuleConfig, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfigList.
-func (in *ModuleConfigList) DeepCopy() *ModuleConfigList {
-	if in == nil {
-		return nil
-	}
-	out := new(ModuleConfigList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ModuleConfigList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ModuleConfigSpec) DeepCopyInto(out *ModuleConfigSpec) {
-	*out = *in
-	in.Settings.DeepCopyInto(&out.Settings)
-	if in.Enabled != nil {
-		in, out := &in.Enabled, &out.Enabled
-		*out = new(bool)
-		**out = **in
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfigSpec.
-func (in *ModuleConfigSpec) DeepCopy() *ModuleConfigSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(ModuleConfigSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ModuleConfigStatus) DeepCopyInto(out *ModuleConfigStatus) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModuleConfigStatus.
-func (in *ModuleConfigStatus) DeepCopy() *ModuleConfigStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(ModuleConfigStatus)
-	in.DeepCopyInto(out)
-	return out
-}
diff --git a/images/webhooks/src/api/zz_generated.defaults.go b/images/webhooks/src/api/zz_generated.defaults.go
deleted file mode 100644
index 5070cb91..00000000
--- a/images/webhooks/src/api/zz_generated.defaults.go
+++ /dev/null
@@ -1,33 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by defaulter-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// RegisterDefaults adds defaulters functions to the given scheme.
-// Public to allow building arbitrary schemes.
-// All generated defaulters are covering - they call all nested defaulters.
-func RegisterDefaults(scheme *runtime.Scheme) error {
-	return nil
-}
diff --git a/images/webhooks/src/main.go b/images/webhooks/src/cmd/main.go
similarity index 100%
rename from images/webhooks/src/main.go
rename to images/webhooks/src/cmd/main.go
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
index 66cf36e8..18d9f88f 100644
--- a/images/webhooks/src/handlers/func.go
+++ b/images/webhooks/src/handlers/func.go
@@ -18,6 +18,9 @@ package handlers
 
 import (
 	"context"
+	"net/http"
+	"os"
+
 	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/go-logr/logr"
 	"github.com/slok/kubewebhook/v2/pkg/log"
@@ -29,11 +32,8 @@ import (
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
-	"net/http"
-	"os"
 	controllerruntime "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	mc "webhooks/api"
 
 	kwhhttp "github.com/slok/kubewebhook/v2/pkg/http"
 	"github.com/slok/kubewebhook/v2/pkg/model"
@@ -62,7 +62,6 @@ func NewKubeClient(kubeconfigPath string) (client.Client, error) {
 	var (
 		resourcesSchemeFuncs = []func(*apiruntime.Scheme) error{
 			v1alpha2.AddToScheme,
-			mc.AddToScheme,
 			cn.AddToScheme,
 			clientgoscheme.AddToScheme,
 			extv1.AddToScheme,
diff --git a/images/webhooks/werf.inc.yaml b/images/webhooks/werf.inc.yaml
index 3535e430..d0d2781f 100644
--- a/images/webhooks/werf.inc.yaml
+++ b/images/webhooks/werf.inc.yaml
@@ -1,40 +1,79 @@
-{{- $_ := set . "BASE_GOLANG" "registry.deckhouse.io/base_images/golang:1.22.6-bullseye@sha256:260918a3795372a6d33225d361fe5349723be9667de865a23411b50fbcc76c5a" }}
-{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
-
 ---
-image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
+# do not remove this image: used in external audits (DKP CSE)
+image: {{ $.ImageName }}-src-artifact
+from: {{ $.Root.BASE_ALT_P11 }}
 final: false
-
 git:
-  - add: /images/{{ $.ImageName }}/src
-    to: /src/images/{{ $.ImageName }}/src
+  - add: /
+    to: /src
+    includePaths:
+      - api
+      - images/{{ $.ImageName }}/src
     stageDependencies:
       install:
-        - "**/*"
-  - add: /api
-    to: /src/api
-    stageDependencies:
-      install:
-        - "**/*"
+        - '**/*'
+shell:
+  install:
+    - rm -rf /src/.git
+
+---
+image: {{ $.ImageName }}-golang-artifact
+from: {{ $.Root.BASE_GOLANG_1_23 }}
+final: false
+import:
+  - image: {{ $.ImageName }}-src-artifact
+    add: /src
+    to: /src
+    before: setup
 mount:
   - fromPath: ~/go-pkg-cache
     to: /go/pkg
 shell:
   setup:
-    - cd /src
-    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o webhooks
-    - mv webhooks /webhooks
+    - cd /src/images/{{ $.ImageName }}/src/cmd
+    - export CGO_ENABLED=0 GOOS=linux GOARCH=amd64
+    - go build -ldflags="-s -w" -tags {{ $.Root.MODULE_EDITION }} -o /webhooks
     - chmod +x /webhooks
+
 ---
-image: {{ $.ImageName }}
-from: {{ $.BASE_SCRATCH }}
+image: {{ $.ImageName }}-distroless-artifact
+from: {{ $.Root.BASE_ALT_P11 }}
+final: false
+shell:
+  beforeInstall:
+    - apt-get update
+    - apt-get install -y openssl libtirpc
+    - {{ $.Root.ALT_CLEANUP_CMD }}
+  install:
+    - mkdir -p /relocate/bin /relocate/sbin /relocate/etc /relocate/var/lib/ssl /relocate/usr/bin /relocate/usr/sbin /relocate/usr/share
+    - cp -pr /tmp /relocate
+    - cp -pr /etc/passwd /etc/group /etc/hostname /etc/hosts /etc/shadow /etc/protocols /etc/services /etc/nsswitch.conf /etc/netconfig /relocate/etc
+    - cp -pr /usr/share/ca-certificates /relocate/usr/share
+    - cp -pr /usr/share/zoneinfo /relocate/usr/share
+    - cp -pr /var/lib/ssl/cert.pem /relocate/var/lib/ssl
+    - cp -pr /var/lib/ssl/certs /relocate/var/lib/ssl
+    - echo "deckhouse:x:{{ $.Root.DECKHOUSE_UID_GID }}:{{ $.Root.DECKHOUSE_UID_GID }}:deckhouse:/:/sbin/nologin" >> /relocate/etc/passwd
+    - echo "deckhouse:x:{{ $.Root.DECKHOUSE_UID_GID }}:" >> /relocate/etc/group
+    - echo "deckhouse:!::0:::::" >> /relocate/etc/shadow
+
+---
+image: {{ $.ImageName }}-distroless
+from: {{ $.Root.BASE_SCRATCH }}
+final: false
+import:
+  - image: {{ $.ImageName }}-distroless-artifact
+    add: /relocate
+    to: /
+    before: setup
 
+---
+image: {{ $.ImageName }}
+fromImage: {{ $.ImageName }}-distroless
 import:
   - image: {{ $.ImageName }}-golang-artifact
     add: /webhooks
     to: /webhooks
     before: setup
-
 docker:
   ENTRYPOINT: ["/webhooks"]
+  USER: deckhouse:deckhouse

From 441d42e7f54c230739d6cce527489e9de6de8548 Mon Sep 17 00:00:00 2001
From: Pavel Karpov <pavel.karpov@flant.com>
Date: Thu, 6 Feb 2025 15:54:36 +0300
Subject: [PATCH 015/115] bump go version to 1.23.5

Signed-off-by: Pavel Karpov <pavel.karpov@flant.com>
---
 .werf/consts.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.werf/consts.yaml b/.werf/consts.yaml
index 18e1d458..d15740f9 100644
--- a/.werf/consts.yaml
+++ b/.werf/consts.yaml
@@ -1,7 +1,7 @@
 # base images
 {{- $_ := set $ "BASE_ALT"         "registry.deckhouse.io/base_images/alt:p10@sha256:f105773c682498700680d7cd61a702a4315c4235aee3622757591fd510fb8b4a" }}
 {{- $_ := set $ "BASE_ALT_P11"     "registry.deckhouse.io/base_images/alt:p11@sha256:e47d84424485d3674240cb2f67d3a1801b37d327e6d1eb8cc8d01be8ed3b34f3" }}
-{{- $_ := set $ "BASE_GOLANG_1_23" "registry.deckhouse.io/base_images/golang:1.23.1-alpine3.20@sha256:716820a183116e643839611ff9eca9bd1c92d2bf8f7a5eda2f9fd16e8acbaa72" }}
+{{- $_ := set $ "BASE_GOLANG_1_23" "registry.deckhouse.io/base_images/golang:1.23.5-alpine3.20@sha256:623ef3f63012bbd648021a2f097de3f411889332ba83bd98f0ac8d1288bdaa06" }}
 {{- $_ := set $ "BASE_SCRATCH"     "registry.deckhouse.io/base_images/scratch@sha256:653ae76965c98c8cd1c8c9ff7725316d2983986f896655b30e0f44d2f8b2dd7e" }}
 {{- $_ := set $ "BASE_ALPINE"      "registry.deckhouse.io/base_images/alpine:3.20.3@sha256:41628df7c9b935d248f64542634e7a843f9bc7f2252d7f878e77f7b79a947466" }}
 

From 060d427cb84f9efa5f14c4aa92817ca020be0806 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Thu, 6 Feb 2025 20:28:38 +0300
Subject: [PATCH 016/115] update go

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 images/webhooks/src/go.mod                    |  74 ++++---
 images/webhooks/src/go.sum                    | 200 ++++++++----------
 images/webhooks/src/handlers/func.go          |   2 -
 images/webhooks/src/handlers/llvsValidator.go |   3 +-
 4 files changed, 121 insertions(+), 158 deletions(-)

diff --git a/images/webhooks/src/go.mod b/images/webhooks/src/go.mod
index bff04e72..2646b12a 100644
--- a/images/webhooks/src/go.mod
+++ b/images/webhooks/src/go.mod
@@ -1,70 +1,68 @@
 module webhooks
 
-go 1.22.6
+go 1.23.5
 
 require (
 	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250206203415-a9ffd855f5a3
 	github.com/go-logr/logr v1.4.2
 	github.com/sirupsen/logrus v1.9.3
-	github.com/slok/kubewebhook/v2 v2.6.0
-	k8s.io/api v0.30.3
-	k8s.io/apiextensions-apiserver v0.30.3
-	k8s.io/apimachinery v0.31.3
-	k8s.io/client-go v0.30.3
-	sigs.k8s.io/controller-runtime v0.18.4
+	github.com/slok/kubewebhook/v2 v2.7.0
+	k8s.io/api v0.32.1
+	k8s.io/apiextensions-apiserver v0.32.1
+	k8s.io/apimachinery v0.32.1
+	k8s.io/client-go v0.32.1
+	sigs.k8s.io/controller-runtime v0.20.1
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.5 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.19.0 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.48.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
-	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.17.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/oauth2 v0.26.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.10.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
+	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
diff --git a/images/webhooks/src/go.sum b/images/webhooks/src/go.sum
index 1b56f5d0..485c9fde 100644
--- a/images/webhooks/src/go.sum
+++ b/images/webhooks/src/go.sum
@@ -1,74 +1,67 @@
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
-github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
-github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
+github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.22.5 h1:fVS63IE3M0lsuWRzuom3RLwUMVI2peDH01s6M70ugys=
-github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
-github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -76,148 +69,123 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
-github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
-github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
-github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
-github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
-github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
-github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
-github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
-github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
+github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/slok/kubewebhook/v2 v2.6.0 h1:NMDDXx219OcNDc17ZYpqGXW81/jkBNmkdEwFDcZDVcA=
-github.com/slok/kubewebhook/v2 v2.6.0/go.mod h1:EoPfBo8lzgU1lmI1DSY/Fpwu+cdr4lZnzY4Tmg5sHe0=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/slok/kubewebhook/v2 v2.7.0 h1:0Wq3IVBAKDQROiB4ugxzypKUKN4FI50Wd+nyKGNiH1w=
+github.com/slok/kubewebhook/v2 v2.7.0/go.mod h1:H9QZ1Z+0RpuE50y4aZZr85rr6d/4LSYX+hbvK6Oe+T4=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
-golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
+golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
+golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ=
-k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04=
-k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U=
-k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4=
-k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
-k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k=
-k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U=
+k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
+k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
+k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw=
+k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
+k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
+k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
+k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
-sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
+sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
index 18d9f88f..0ef3eb15 100644
--- a/images/webhooks/src/handlers/func.go
+++ b/images/webhooks/src/handlers/func.go
@@ -25,7 +25,6 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/slok/kubewebhook/v2/pkg/log"
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/api/resource/v1alpha2"
 	sv1 "k8s.io/api/storage/v1"
 	extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	apiruntime "k8s.io/apimachinery/pkg/runtime"
@@ -61,7 +60,6 @@ func NewKubeClient(kubeconfigPath string) (client.Client, error) {
 
 	var (
 		resourcesSchemeFuncs = []func(*apiruntime.Scheme) error{
-			v1alpha2.AddToScheme,
 			cn.AddToScheme,
 			clientgoscheme.AddToScheme,
 			extv1.AddToScheme,
diff --git a/images/webhooks/src/handlers/llvsValidator.go b/images/webhooks/src/handlers/llvsValidator.go
index f36cb1c6..dc4673dc 100644
--- a/images/webhooks/src/handlers/llvsValidator.go
+++ b/images/webhooks/src/handlers/llvsValidator.go
@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"context"
+
 	"github.com/slok/kubewebhook/v2/pkg/model"
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -15,5 +16,3 @@ func LLVSValidate(ctx context.Context, arReview *model.AdmissionReview, obj meta
 	return &kwhvalidating.ValidatorResult{Valid: false},
 		nil
 }
-
-//

From 62fdc34cbfa2c464025c2073c1d4a1a5f08be8fd Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 10:12:10 +0300
Subject: [PATCH 017/115] fix yamls

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 templates/webhooks/rbac-for-us.yaml | 26 --------------------------
 templates/webhooks/webhook.yaml     |  5 ++---
 2 files changed, 2 insertions(+), 29 deletions(-)

diff --git a/templates/webhooks/rbac-for-us.yaml b/templates/webhooks/rbac-for-us.yaml
index 52386086..6e37a4d8 100644
--- a/templates/webhooks/rbac-for-us.yaml
+++ b/templates/webhooks/rbac-for-us.yaml
@@ -12,16 +12,6 @@ metadata:
   name: d8:{{ .Chart.Name }}:webhooks
   {{- include "helm_lib_module_labels" (list . (dict "app" "webhooks")) | nindent 2 }}
 rules:
-  - apiGroups:
-      - deckhouse.io
-    resources:
-      - moduleconfigs
-    verbs:
-      - get
-      - watch
-      - update
-      - list
-      - patch
   - verbs:
       - get
       - list
@@ -30,22 +20,6 @@ rules:
       - storage.deckhouse.io
     resources:
       - lvmlogicalvolumesnapshots
-  - apiGroups:
-      - ""
-    verbs:
-      - get
-    resources:
-      - pods
-      - persistentvolumeclaims
-      - persistentvolumes
-  - apiGroups:
-      - storage.k8s.io
-    verbs:
-      - get
-      - list
-    resources:
-      - storageclasses
-
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/templates/webhooks/webhook.yaml b/templates/webhooks/webhook.yaml
index 9c13606c..81843287 100644
--- a/templates/webhooks/webhook.yaml
+++ b/templates/webhooks/webhook.yaml
@@ -1,11 +1,10 @@
-{{- if and (not (eq "dev" .Values.global.deckhouseVersion)) (semverCompare "<1.64" .Values.global.deckhouseVersion) }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
-  name: "d8-{{ .Chart.Name }}-sc-validation"
+  name: "d8-{{ .Chart.Name }}-llvs-validation"
 webhooks:
-  - name: "d8-{{ .Chart.Name }}-sc-validation.deckhouse.io"
+  - name: "d8-{{ .Chart.Name }}-llvs-validation.deckhouse.io"
     rules:
       - apiGroups: ["storage.deckhouse.io"]
         apiVersions: ["v1alpha1"]

From b26795b9c826036e1d39253e72de0fb0937adb21 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 10:25:53 +0300
Subject: [PATCH 018/115] fix caBundle

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 templates/webhooks/webhook.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/webhooks/webhook.yaml b/templates/webhooks/webhook.yaml
index 81843287..e375e50c 100644
--- a/templates/webhooks/webhook.yaml
+++ b/templates/webhooks/webhook.yaml
@@ -17,7 +17,7 @@ webhooks:
         name: "webhooks"
         path: "/llvs-validate"
       caBundle: |
-        {{ .Values.sdsLocalVolume.internal.customWebhookCert.ca }}
+        {{ .Values.sdsNodeConfigurator.internal.customWebhookCert.ca }}
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5

From a008529ef54a3594999f217218643fe3c15120a1 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 17:35:34 +0300
Subject: [PATCH 019/115] better message

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 images/webhooks/src/cmd/main.go               |  2 +-
 images/webhooks/src/go.mod                    | 42 ++--------
 images/webhooks/src/go.sum                    | 83 +------------------
 images/webhooks/src/handlers/func.go          | 76 -----------------
 images/webhooks/src/handlers/llvsValidator.go |  6 +-
 5 files changed, 11 insertions(+), 198 deletions(-)

diff --git a/images/webhooks/src/cmd/main.go b/images/webhooks/src/cmd/main.go
index 43f97f69..cf5c772d 100644
--- a/images/webhooks/src/cmd/main.go
+++ b/images/webhooks/src/cmd/main.go
@@ -62,7 +62,7 @@ func main() {
 
 	llvsValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.LLVSValidate, LLVSValidatorId, &cn.LVMLogicalVolumeSnapshot{}, logger)
 	if err != nil {
-		fmt.Fprintf(os.Stderr, "error creating nscValidatingWebhookHandler: %s", err)
+		fmt.Fprintf(os.Stderr, "error creating llvsValidatingWebhookHandler: %s", err)
 		os.Exit(1)
 	}
 
diff --git a/images/webhooks/src/go.mod b/images/webhooks/src/go.mod
index 2646b12a..01e9868a 100644
--- a/images/webhooks/src/go.mod
+++ b/images/webhooks/src/go.mod
@@ -4,62 +4,30 @@ go 1.23.5
 
 require (
 	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250206203415-a9ffd855f5a3
-	github.com/go-logr/logr v1.4.2
 	github.com/sirupsen/logrus v1.9.3
 	github.com/slok/kubewebhook/v2 v2.7.0
-	k8s.io/api v0.32.1
-	k8s.io/apiextensions-apiserver v0.32.1
 	k8s.io/apimachinery v0.32.1
-	k8s.io/client-go v0.32.1
-	sigs.k8s.io/controller-runtime v0.20.1
 )
 
 require (
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/btree v1.1.3 // indirect
-	github.com/google/gnostic-models v0.6.9 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.20.5 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.26.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/term v0.29.0 // indirect
 	golang.org/x/text v0.22.0 // indirect
-	golang.org/x/time v0.10.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.32.1 // indirect
+	k8s.io/client-go v0.32.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
diff --git a/images/webhooks/src/go.sum b/images/webhooks/src/go.sum
index 485c9fde..42a982ec 100644
--- a/images/webhooks/src/go.sum
+++ b/images/webhooks/src/go.sum
@@ -1,91 +1,36 @@
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
-github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
-github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
-github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
-github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
-github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
-github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
-github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
-github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
-github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
-github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
-github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
-github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
-github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
-github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
-github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
-github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
-github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
-github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
-github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
-github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
-github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
-github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
-github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -105,12 +50,6 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
-go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -122,46 +61,32 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
-golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
-golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
 golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
-golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
-golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
-gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -169,20 +94,14 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
 k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
-k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw=
-k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
 k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
 k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
 k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
 k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
-sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
index 0ef3eb15..ed31d3a2 100644
--- a/images/webhooks/src/handlers/func.go
+++ b/images/webhooks/src/handlers/func.go
@@ -19,91 +19,15 @@ package handlers
 import (
 	"context"
 	"net/http"
-	"os"
 
-	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-	"github.com/go-logr/logr"
 	"github.com/slok/kubewebhook/v2/pkg/log"
-	v1 "k8s.io/api/core/v1"
-	sv1 "k8s.io/api/storage/v1"
-	extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	apiruntime "k8s.io/apimachinery/pkg/runtime"
-	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	controllerruntime "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	kwhhttp "github.com/slok/kubewebhook/v2/pkg/http"
 	"github.com/slok/kubewebhook/v2/pkg/model"
-	kwhmutating "github.com/slok/kubewebhook/v2/pkg/webhook/mutating"
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	ctrllog "sigs.k8s.io/controller-runtime/pkg/log"
 )
 
-func NewKubeClient(kubeconfigPath string) (client.Client, error) {
-	var config *rest.Config
-	var err error
-
-	if kubeconfigPath == "" {
-		kubeconfigPath = os.Getenv("kubeconfig")
-	}
-
-	controllerruntime.SetLogger(logr.New(ctrllog.NullLogSink{}))
-
-	config, err = clientcmd.BuildConfigFromFlags("", kubeconfigPath)
-
-	if err != nil {
-		return nil, err
-	}
-
-	var (
-		resourcesSchemeFuncs = []func(*apiruntime.Scheme) error{
-			cn.AddToScheme,
-			clientgoscheme.AddToScheme,
-			extv1.AddToScheme,
-			v1.AddToScheme,
-			sv1.AddToScheme,
-		}
-	)
-
-	scheme := apiruntime.NewScheme()
-	for _, f := range resourcesSchemeFuncs {
-		err = f(scheme)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	clientOpts := client.Options{
-		Scheme: scheme,
-	}
-
-	return client.New(config, clientOpts)
-}
-
-func GetMutatingWebhookHandler(mutationFunc func(ctx context.Context, _ *model.AdmissionReview, obj metav1.Object) (*kwhmutating.MutatorResult, error), mutatorID string, obj metav1.Object, logger log.Logger) (http.Handler, error) {
-	mutatorFunc := kwhmutating.MutatorFunc(mutationFunc)
-
-	mutatingWebhookConfig := kwhmutating.WebhookConfig{
-		ID:      mutatorID,
-		Obj:     obj,
-		Mutator: mutatorFunc,
-		Logger:  logger,
-	}
-
-	mutationWebhook, err := kwhmutating.NewWebhook(mutatingWebhookConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	mutationWebhookHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: mutationWebhook, Logger: logger})
-
-	return mutationWebhookHandler, err
-
-}
-
 func GetValidatingWebhookHandler(validationFunc func(ctx context.Context, _ *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error), validatorID string, obj metav1.Object, logger log.Logger) (http.Handler, error) {
 	validatorFunc := kwhvalidating.ValidatorFunc(validationFunc)
 
diff --git a/images/webhooks/src/handlers/llvsValidator.go b/images/webhooks/src/handlers/llvsValidator.go
index dc4673dc..8dd688b9 100644
--- a/images/webhooks/src/handlers/llvsValidator.go
+++ b/images/webhooks/src/handlers/llvsValidator.go
@@ -13,6 +13,8 @@ const (
 )
 
 func LLVSValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
-	return &kwhvalidating.ValidatorResult{Valid: false},
-		nil
+	return &kwhvalidating.ValidatorResult{
+		Valid:   false,
+		Message: "LVMLogicalVolumeSnapshot is not available in this Deckhouse edition.",
+	}, nil
 }

From 8b772d250ecf5854baee2a7dcbc49770805fdb42 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 17:55:08 +0300
Subject: [PATCH 020/115] optionally disable validating webhook when
 featureLLVSEnabled

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .werf/choice-edition.yaml               | 15 +++++++++++
 openapi/values_CE.yaml                  | 36 +++++++++++++++++++++++++
 openapi/{values.yaml => values_EE.yaml} |  3 +++
 templates/webhooks/deployment.yaml      |  8 ++++--
 templates/webhooks/rbac-for-us.yaml     |  2 ++
 templates/webhooks/secret.yaml          |  2 ++
 templates/webhooks/service.yaml         |  4 ++-
 templates/webhooks/webhook.yaml         |  2 ++
 werf.yaml                               |  1 +
 9 files changed, 70 insertions(+), 3 deletions(-)
 create mode 100644 .werf/choice-edition.yaml
 create mode 100644 openapi/values_CE.yaml
 rename openapi/{values.yaml => values_EE.yaml} (91%)

diff --git a/.werf/choice-edition.yaml b/.werf/choice-edition.yaml
new file mode 100644
index 00000000..894a60d4
--- /dev/null
+++ b/.werf/choice-edition.yaml
@@ -0,0 +1,15 @@
+# TODO comment here
+---
+image: choice-edition
+from: {{ $.BASE_ALT_P11 }}
+fromCacheVersion: 2025-02-07.1
+git:
+  - add: /
+    to: /
+    includePaths:
+      - openapi
+shell:
+  setup:
+    - cd /openapi
+    - cp -v values_{{ .MODULE_EDITION }}.yaml values.yaml
+    - rm -rf values_*.yaml
diff --git a/openapi/values_CE.yaml b/openapi/values_CE.yaml
new file mode 100644
index 00000000..0c5c4974
--- /dev/null
+++ b/openapi/values_CE.yaml
@@ -0,0 +1,36 @@
+x-extend:
+  schema: config-values.yaml
+type: object
+properties:
+  internal:
+    type: object
+    default: {}
+    properties:
+      featureLLVSEnabled:
+        type: boolean
+        default: false
+      pythonVersions:
+        type: array
+        default: []
+        items:
+          type: string
+      customWebhookCert:
+        type: object
+        default: {}
+        x-required-for-helm:
+          - crt
+          - key
+          - ca
+        properties:
+          crt:
+            type: string
+            x-examples: ["YjY0ZW5jX3N0cmluZwo="]
+          key:
+            type: string
+            x-examples: ["YjY0ZW5jX3N0cmluZwo="]
+          ca:
+            type: string
+            x-examples: ["YjY0ZW5jX3N0cmluZwo="]
+  registry:
+    type: object
+    description: "System field, overwritten by Deckhouse. Don't use"
diff --git a/openapi/values.yaml b/openapi/values_EE.yaml
similarity index 91%
rename from openapi/values.yaml
rename to openapi/values_EE.yaml
index d1d8cb40..a1fd6e0b 100644
--- a/openapi/values.yaml
+++ b/openapi/values_EE.yaml
@@ -6,6 +6,9 @@ properties:
     type: object
     default: {}
     properties:
+      featureLLVSEnabled:
+        type: boolean
+        default: true
       pythonVersions:
         type: array
         default: []
diff --git a/templates/webhooks/deployment.yaml b/templates/webhooks/deployment.yaml
index 83bcd09f..d0394d67 100644
--- a/templates/webhooks/deployment.yaml
+++ b/templates/webhooks/deployment.yaml
@@ -1,8 +1,11 @@
 {{- define "webhooks_resources" }}
+{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
 cpu: 10m
 memory: 50Mi
 {{- end }}
-  
+{{- end }}
+
+{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
 {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
 ---
 apiVersion: autoscaling.k8s.io/v1
@@ -93,4 +96,5 @@ spec:
       volumes:
         - name: webhook-certs
           secret:
-            secretName: webhooks-https-certs
\ No newline at end of file
+            secretName: webhooks-https-certs
+{{- end }}
diff --git a/templates/webhooks/rbac-for-us.yaml b/templates/webhooks/rbac-for-us.yaml
index 6e37a4d8..d20b0c2d 100644
--- a/templates/webhooks/rbac-for-us.yaml
+++ b/templates/webhooks/rbac-for-us.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -34,3 +35,4 @@ subjects:
   - kind: ServiceAccount
     name: webhooks
     namespace: d8-{{ .Chart.Name }}
+{{- end }}
diff --git a/templates/webhooks/secret.yaml b/templates/webhooks/secret.yaml
index 55d975ea..4a6fc264 100644
--- a/templates/webhooks/secret.yaml
+++ b/templates/webhooks/secret.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
 ---
 apiVersion: v1
 kind: Secret
@@ -10,3 +11,4 @@ data:
   ca.crt: {{ .Values.sdsNodeConfigurator.internal.customWebhookCert.ca }}
   tls.crt: {{ .Values.sdsNodeConfigurator.internal.customWebhookCert.crt }}
   tls.key: {{ .Values.sdsNodeConfigurator.internal.customWebhookCert.key }}
+{{- end }}
diff --git a/templates/webhooks/service.yaml b/templates/webhooks/service.yaml
index dc01ddbf..2583eae7 100644
--- a/templates/webhooks/service.yaml
+++ b/templates/webhooks/service.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
 ---
 apiVersion: v1
 kind: Service
@@ -13,4 +14,5 @@ spec:
       protocol: TCP
       name: http
   selector:
-    app: webhooks
\ No newline at end of file
+    app: webhooks
+{{- end }}
diff --git a/templates/webhooks/webhook.yaml b/templates/webhooks/webhook.yaml
index e375e50c..62148c8e 100644
--- a/templates/webhooks/webhook.yaml
+++ b/templates/webhooks/webhook.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
@@ -21,3 +22,4 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+{{- end }}
diff --git a/werf.yaml b/werf.yaml
index 07a34773..13f87e5b 100644
--- a/werf.yaml
+++ b/werf.yaml
@@ -5,6 +5,7 @@ configVersion: 1
 {{ tpl (.Files.Get ".werf/images.yaml") $ }}
 {{ tpl (.Files.Get ".werf/images-digests.yaml") $ }}
 {{ tpl (.Files.Get ".werf/python-deps.yaml") $ }}
+{{ tpl (.Files.Get ".werf/choice-edition.yaml") $ }}
 {{ tpl (.Files.Get ".werf/bundle.yaml") $ }}
 {{ tpl (.Files.Get ".werf/release.yaml") $ }}
 

From 49723102393e6d4c52c5f785ff9668c00b285da6 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 18:40:58 +0300
Subject: [PATCH 021/115] fix overwriting openapi folder in bundle

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .werf/bundle.yaml         | 1 -
 .werf/choice-edition.yaml | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.werf/bundle.yaml b/.werf/bundle.yaml
index 72c5d96f..586bbc55 100644
--- a/.werf/bundle.yaml
+++ b/.werf/bundle.yaml
@@ -25,6 +25,5 @@ git:
   - enabled
   - hooks
   - monitoring
-  - openapi
   - templates
   - Chart.yaml
diff --git a/.werf/choice-edition.yaml b/.werf/choice-edition.yaml
index 894a60d4..3972e038 100644
--- a/.werf/choice-edition.yaml
+++ b/.werf/choice-edition.yaml
@@ -12,4 +12,4 @@ shell:
   setup:
     - cd /openapi
     - cp -v values_{{ .MODULE_EDITION }}.yaml values.yaml
-    - rm -rf values_*.yaml
+    - rm -f values_*.yaml

From 6284f38b62c0a7c20133291654da52677b37de18 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 18:51:06 +0300
Subject: [PATCH 022/115] fix bundle problem; change build trigger

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .github/workflows/build_dev.yml | 3 ++-
 .werf/bundle.yaml               | 5 +++++
 .werf/choice-edition.yaml       | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build_dev.yml b/.github/workflows/build_dev.yml
index fbfe30d0..15019e20 100644
--- a/.github/workflows/build_dev.yml
+++ b/.github/workflows/build_dev.yml
@@ -10,7 +10,8 @@ env:
   SOURCE_REPO: "${{ secrets.SOURCE_REPO }}"
 
 on:
-  #pull_request:
+  pull_request:
+    types: [opened, reopened, labeled, unlabeled, synchronize]
   # call from trivy_image_check.yaml, which in turn call from pull_request
   # https://stackoverflow.com/a/71489231
   workflow_call:
diff --git a/.werf/bundle.yaml b/.werf/bundle.yaml
index 586bbc55..6656f325 100644
--- a/.werf/bundle.yaml
+++ b/.werf/bundle.yaml
@@ -14,6 +14,11 @@ import:
   add: /lib/python/dist
   to: /lib/python/dist
   after: setup
+# Rendering .werf/choise-edition.yaml is required!
+- image: choise-edition
+  add: /openapi
+  to: /openapi
+  after: setup
 git:
 - add: /
   to: /
diff --git a/.werf/choice-edition.yaml b/.werf/choice-edition.yaml
index 3972e038..154976ec 100644
--- a/.werf/choice-edition.yaml
+++ b/.werf/choice-edition.yaml
@@ -2,7 +2,7 @@
 ---
 image: choice-edition
 from: {{ $.BASE_ALT_P11 }}
-fromCacheVersion: 2025-02-07.1
+fromCacheVersion: 2025-02-07.2
 git:
   - add: /
     to: /

From 13e4c0e7208b2bbe304f94f8a232f20e6c546308 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 18:54:54 +0300
Subject: [PATCH 023/115] fix typo

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .werf/bundle.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.werf/bundle.yaml b/.werf/bundle.yaml
index 6656f325..5778b871 100644
--- a/.werf/bundle.yaml
+++ b/.werf/bundle.yaml
@@ -14,8 +14,8 @@ import:
   add: /lib/python/dist
   to: /lib/python/dist
   after: setup
-# Rendering .werf/choise-edition.yaml is required!
-- image: choise-edition
+# Rendering .werf/choice-edition.yaml is required!
+- image: choice-edition
   add: /openapi
   to: /openapi
   after: setup

From a426efa97c5d8c542b697e2909240790446fe0b5 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 19:07:40 +0300
Subject: [PATCH 024/115] fix reversed logic of featureLLVSEnabled

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 templates/webhooks/deployment.yaml  | 4 ++--
 templates/webhooks/rbac-for-us.yaml | 2 +-
 templates/webhooks/secret.yaml      | 2 +-
 templates/webhooks/service.yaml     | 2 +-
 templates/webhooks/webhook.yaml     | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/templates/webhooks/deployment.yaml b/templates/webhooks/deployment.yaml
index d0394d67..16bddc12 100644
--- a/templates/webhooks/deployment.yaml
+++ b/templates/webhooks/deployment.yaml
@@ -1,11 +1,11 @@
 {{- define "webhooks_resources" }}
-{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
+{{- if not (.Values.sdsNodeConfigurator.internal.featureLLVSEnabled) }}
 cpu: 10m
 memory: 50Mi
 {{- end }}
 {{- end }}
 
-{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
+{{- if not (.Values.sdsNodeConfigurator.internal.featureLLVSEnabled) }}
 {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
 ---
 apiVersion: autoscaling.k8s.io/v1
diff --git a/templates/webhooks/rbac-for-us.yaml b/templates/webhooks/rbac-for-us.yaml
index d20b0c2d..890fa0ee 100644
--- a/templates/webhooks/rbac-for-us.yaml
+++ b/templates/webhooks/rbac-for-us.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
+{{- if not (.Values.sdsNodeConfigurator.internal.featureLLVSEnabled) }}
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/templates/webhooks/secret.yaml b/templates/webhooks/secret.yaml
index 4a6fc264..1884de01 100644
--- a/templates/webhooks/secret.yaml
+++ b/templates/webhooks/secret.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
+{{- if not (.Values.sdsNodeConfigurator.internal.featureLLVSEnabled) }}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/templates/webhooks/service.yaml b/templates/webhooks/service.yaml
index 2583eae7..9ed5537d 100644
--- a/templates/webhooks/service.yaml
+++ b/templates/webhooks/service.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
+{{- if not (.Values.sdsNodeConfigurator.internal.featureLLVSEnabled) }}
 ---
 apiVersion: v1
 kind: Service
diff --git a/templates/webhooks/webhook.yaml b/templates/webhooks/webhook.yaml
index 62148c8e..17a7fe2f 100644
--- a/templates/webhooks/webhook.yaml
+++ b/templates/webhooks/webhook.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.sdsNodeConfigurator.internal.featureLLVSEnabled }}
+{{- if not (.Values.sdsNodeConfigurator.internal.featureLLVSEnabled) }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration

From 6847728dbf4dcc55cd164b277836b1d1145cfa9e Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 19:55:09 +0300
Subject: [PATCH 025/115] upgrade Go in workflows

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .github/workflows/go_lint.yaml          | 2 +-
 .github/workflows/go_modules_check.yaml | 2 +-
 .github/workflows/go_tests.yaml         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/go_lint.yaml b/.github/workflows/go_lint.yaml
index c03a5f81..758aa427 100644
--- a/.github/workflows/go_lint.yaml
+++ b/.github/workflows/go_lint.yaml
@@ -21,7 +21,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23.5'
 
       - name: Install golangci-lint
         run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0
diff --git a/.github/workflows/go_modules_check.yaml b/.github/workflows/go_modules_check.yaml
index 48010909..bd2bf6ab 100644
--- a/.github/workflows/go_modules_check.yaml
+++ b/.github/workflows/go_modules_check.yaml
@@ -18,7 +18,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23.5'
 
       - name: Run Go modules version check
         run: |
diff --git a/.github/workflows/go_tests.yaml b/.github/workflows/go_tests.yaml
index 10e54b7d..c21fce40 100644
--- a/.github/workflows/go_tests.yaml
+++ b/.github/workflows/go_tests.yaml
@@ -21,7 +21,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23.5'
 
       - name: Run Go tests
         run: |

From 3bbf5ecd3c30693d253daaa129bef552d1a119bb Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Fri, 7 Feb 2025 20:01:13 +0300
Subject: [PATCH 026/115] fix linter

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .golangci.yaml                                |  2 --
 images/webhooks/src/cmd/main.go               | 13 ++++++++-----
 images/webhooks/src/handlers/func.go          |  4 +---
 images/webhooks/src/handlers/llvsValidator.go |  6 +-----
 4 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index f0eb7ce0..4a801f2c 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -17,8 +17,6 @@ linters-settings:
       - prefix(agent)
       - prefix(sds-health-watcher-controller)
       - prefix(sds-utils-installer)
-  errcheck:
-    ignore: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
 
 linters:
   disable-all: true
diff --git a/images/webhooks/src/cmd/main.go b/images/webhooks/src/cmd/main.go
index cf5c772d..583c82da 100644
--- a/images/webhooks/src/cmd/main.go
+++ b/images/webhooks/src/cmd/main.go
@@ -21,11 +21,11 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"webhooks/handlers"
 
 	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/sirupsen/logrus"
 	kwhlogrus "github.com/slok/kubewebhook/v2/pkg/log/logrus"
+	"webhooks/handlers"
 )
 
 type config struct {
@@ -33,7 +33,7 @@ type config struct {
 	keyFile  string
 }
 
-func httpHandlerHealthz(w http.ResponseWriter, r *http.Request) {
+func httpHandlerHealthz(w http.ResponseWriter, _ *http.Request) {
 	fmt.Fprint(w, "Ok.")
 }
 
@@ -44,13 +44,16 @@ func initFlags() config {
 	fl.StringVar(&cfg.certFile, "tls-cert-file", "", "TLS certificate file")
 	fl.StringVar(&cfg.keyFile, "tls-key-file", "", "TLS key file")
 
-	fl.Parse(os.Args[1:])
+	if err := fl.Parse(os.Args[1:]); err != nil {
+		fmt.Fprintf(os.Stderr, "error parsing os.Args: %s", err)
+		os.Exit(1)
+	}
 	return cfg
 }
 
 const (
 	port            = ":8443"
-	LLVSValidatorId = "LLVSValidator"
+	llvsValidatorID = "LLVSValidator"
 )
 
 func main() {
@@ -60,7 +63,7 @@ func main() {
 
 	cfg := initFlags()
 
-	llvsValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.LLVSValidate, LLVSValidatorId, &cn.LVMLogicalVolumeSnapshot{}, logger)
+	llvsValidatingWebhookHandler, err := handlers.GetValidatingWebhookHandler(handlers.LLVSValidate, llvsValidatorID, &cn.LVMLogicalVolumeSnapshot{}, logger)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "error creating llvsValidatingWebhookHandler: %s", err)
 		os.Exit(1)
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
index ed31d3a2..0cb64f74 100644
--- a/images/webhooks/src/handlers/func.go
+++ b/images/webhooks/src/handlers/func.go
@@ -20,9 +20,8 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/slok/kubewebhook/v2/pkg/log"
-
 	kwhhttp "github.com/slok/kubewebhook/v2/pkg/http"
+	"github.com/slok/kubewebhook/v2/pkg/log"
 	"github.com/slok/kubewebhook/v2/pkg/model"
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -46,5 +45,4 @@ func GetValidatingWebhookHandler(validationFunc func(ctx context.Context, _ *mod
 	mutationWebhookHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: mutationWebhook, Logger: logger})
 
 	return mutationWebhookHandler, err
-
 }
diff --git a/images/webhooks/src/handlers/llvsValidator.go b/images/webhooks/src/handlers/llvsValidator.go
index 8dd688b9..de944a03 100644
--- a/images/webhooks/src/handlers/llvsValidator.go
+++ b/images/webhooks/src/handlers/llvsValidator.go
@@ -8,11 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-const (
-	sdsNodeConfiguratorModuleName = "sds-node-configurator"
-)
-
-func LLVSValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
+func LLVSValidate(_ context.Context, _ *model.AdmissionReview, _ metav1.Object) (*kwhvalidating.ValidatorResult, error) {
 	return &kwhvalidating.ValidatorResult{
 		Valid:   false,
 		Message: "LVMLogicalVolumeSnapshot is not available in this Deckhouse edition.",

From 21866a644d758bbd19c766227a28af03d0c07c00 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Sun, 9 Feb 2025 22:22:36 +0300
Subject: [PATCH 027/115] some changes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 api/v1alpha1/const.go                         |  29 +++
 images/agent/src/cmd/{llvs.go => llvs_ce.go}  |   2 +-
 images/agent/src/cmd/llvs_ee.go               |   7 +-
 images/agent/src/cmd/main.go                  |   8 +-
 images/agent/src/go.mod                       |  57 +++---
 images/agent/src/go.sum                       | 101 +++++------
 images/agent/src/internal/const.go            |  10 --
 .../controller/llv/{llvs.go => llvs_ce.go}    |   4 +-
 .../src/internal/controller/llv/llvs_ee.go    |  12 +-
 .../src/internal/controller/llv/reconciler.go |  38 ++--
 .../controller/llv/reconciler_test.go         |  50 ++++--
 .../controller/llv_extender/reconciler.go     |  10 +-
 .../internal/controller/llvs/reconciler_ee.go | 144 +++++++++------
 images/agent/src/internal/utils/client_llv.go |   5 +-
 .../src/internal/const.go                     |   5 -
 .../pkg/controller/lvg_conditions_watcher.go  |  10 +-
 .../lvm_volume_group_set_watcher.go           |   3 +-
 images/webhooks/src/cmd/main.go               |   5 +-
 images/webhooks/src/go.mod                    |  48 ++++-
 images/webhooks/src/go.sum                    |  83 ++++++++-
 images/webhooks/src/handlers/func.go          |  57 +++++-
 images/webhooks/src/handlers/llvsValidator.go |  50 +++++-
 lib/go/common/go.mod                          |  57 ++++++
 lib/go/common/go.sum                          | 166 ++++++++++++++++++
 lib/go/common/pkg/feature/1_ce.go             |  18 ++
 lib/go/common/pkg/feature/2_se.go             |  18 ++
 lib/go/common/pkg/feature/3_se_plus.go        |  18 ++
 lib/go/common/pkg/feature/4_ee.go             |  18 ++
 lib/go/common/pkg/feature/5_cse_pro.go        |  18 ++
 lib/go/common/pkg/validating/validator.go     |  57 ++++++
 30 files changed, 896 insertions(+), 212 deletions(-)
 create mode 100644 api/v1alpha1/const.go
 rename images/agent/src/cmd/{llvs.go => llvs_ce.go} (95%)
 rename images/agent/src/internal/controller/llv/{llvs.go => llvs_ce.go} (68%)
 create mode 100644 lib/go/common/go.mod
 create mode 100644 lib/go/common/go.sum
 create mode 100644 lib/go/common/pkg/feature/1_ce.go
 create mode 100644 lib/go/common/pkg/feature/2_se.go
 create mode 100644 lib/go/common/pkg/feature/3_se_plus.go
 create mode 100644 lib/go/common/pkg/feature/4_ee.go
 create mode 100644 lib/go/common/pkg/feature/5_cse_pro.go
 create mode 100644 lib/go/common/pkg/validating/validator.go

diff --git a/api/v1alpha1/const.go b/api/v1alpha1/const.go
new file mode 100644
index 00000000..5b302610
--- /dev/null
+++ b/api/v1alpha1/const.go
@@ -0,0 +1,29 @@
+/*
+Copyright 2025 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+const (
+	PhaseCreated     = "Created"
+	PhasePending     = "Pending"
+	PhaseResizing    = "Resizing"
+	PhaseFailed      = "Failed"
+	PhaseNotReady    = "NotReady"
+	PhaseReady       = "Ready"
+	PhaseTerminating = "Terminating"
+
+	LLVSNameTag = "storage.deckhouse.io/lvmLogicalVolumeSnapshotName"
+)
diff --git a/images/agent/src/cmd/llvs.go b/images/agent/src/cmd/llvs_ce.go
similarity index 95%
rename from images/agent/src/cmd/llvs.go
rename to images/agent/src/cmd/llvs_ce.go
index 99c7ba51..93eee738 100644
--- a/images/agent/src/cmd/llvs.go
+++ b/images/agent/src/cmd/llvs_ce.go
@@ -1,4 +1,4 @@
-//go:build !EE
+//go:build ce
 
 package main
 
diff --git a/images/agent/src/cmd/llvs_ee.go b/images/agent/src/cmd/llvs_ee.go
index 38893cde..774f1f5b 100644
--- a/images/agent/src/cmd/llvs_ee.go
+++ b/images/agent/src/cmd/llvs_ee.go
@@ -1,4 +1,9 @@
-//go:build EE
+//go:build !ce
+
+/*
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
+*/
 
 package main
 
diff --git a/images/agent/src/cmd/main.go b/images/agent/src/cmd/main.go
index 22a3e36f..65f1fd72 100644
--- a/images/agent/src/cmd/main.go
+++ b/images/agent/src/cmd/main.go
@@ -23,6 +23,7 @@ import (
 	goruntime "runtime"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	v1 "k8s.io/api/core/v1"
 	sv1 "k8s.io/api/storage/v1"
 	extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -73,6 +74,8 @@ func main() {
 	log.Info(fmt.Sprintf("[main] Go Version:%s ", goruntime.Version()))
 	log.Info(fmt.Sprintf("[main] OS/Arch:Go OS/Arch:%s/%s ", goruntime.GOOS, goruntime.GOARCH))
 
+	log.Info(fmt.Sprintf("[main] Feature SnapshotsEnabled: %v", commonfeature.SnapshotsEnabled))
+
 	log.Info("[main] CfgParams has been successfully created")
 	log.Info(fmt.Sprintf("[main] %s = %s", config.LogLevel, cfgParams.Loglevel))
 	log.Info(fmt.Sprintf("[main] %s = %s", config.NodeName, cfgParams.NodeName))
@@ -233,7 +236,10 @@ func main() {
 		os.Exit(1)
 	}
 
-	addLLVSReconciler(mgr, log, metrics, sdsCache, cfgParams)
+	if commonfeature.SnapshotsEnabled {
+		log.Info("[main] Snapshot feature is enabled. Adding LLVS reconciler")
+		addLLVSReconciler(mgr, log, metrics, sdsCache, cfgParams)
+	}
 
 	if err = mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		log.Error(err, "[main] unable to mgr.AddHealthzCheck")
diff --git a/images/agent/src/go.mod b/images/agent/src/go.mod
index c9e0c9d3..7d9b7644 100644
--- a/images/agent/src/go.mod
+++ b/images/agent/src/go.mod
@@ -1,30 +1,33 @@
 module agent
 
-go 1.22.3
+go 1.23.4
 
-toolchain go1.23.0
+toolchain go1.23.5
 
 require (
-	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250114161813-c1a8b09cd47d
+	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250116103144-d23aedd591a3
+	github.com/deckhouse/sds-node-configurator/lib/go/common v0.0.0-00010101000000-000000000000
 	github.com/go-logr/logr v1.4.2
 	github.com/google/go-cmp v0.6.0
 	github.com/gosimple/slug v1.14.0
-	github.com/onsi/ginkgo/v2 v2.19.0
-	github.com/onsi/gomega v1.33.1
+	github.com/onsi/ginkgo/v2 v2.21.0
+	github.com/onsi/gomega v1.35.1
 	github.com/pilebones/go-udev v0.9.0
 	github.com/prometheus/client_golang v1.19.1
 	github.com/stretchr/testify v1.9.0
-	k8s.io/api v0.31.0
-	k8s.io/apiextensions-apiserver v0.31.0
-	k8s.io/apimachinery v0.31.3
-	k8s.io/client-go v0.31.0
+	k8s.io/api v0.32.0
+	k8s.io/apiextensions-apiserver v0.32.0
+	k8s.io/apimachinery v0.32.0
+	k8s.io/client-go v0.32.0
 	k8s.io/klog/v2 v2.130.1
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
-	sigs.k8s.io/controller-runtime v0.19.0
+	k8s.io/utils v0.0.0-20241210054802-24370beab758
+	sigs.k8s.io/controller-runtime v0.20.1
 )
 
 replace github.com/deckhouse/sds-node-configurator/api => ../../../api
 
+replace github.com/deckhouse/sds-node-configurator/lib/go/common => ../../../lib/go/common
+
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -34,19 +37,18 @@ require (
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-openapi/jsonpointer v0.20.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect
+	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gosimple/unidecode v1.0.1 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
@@ -60,22 +62,21 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/exp v0.0.0-20231127185646-65229373498e // indirect
-	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/term v0.28.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
diff --git a/images/agent/src/go.sum b/images/agent/src/go.sum
index 8c40072d..f0c05267 100644
--- a/images/agent/src/go.sum
+++ b/images/agent/src/go.sum
@@ -22,21 +22,21 @@ github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ4
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
-github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
 github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
-github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -45,16 +45,14 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
-github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gosimple/slug v1.14.0 h1:RtTL/71mJNDfpUbCOmnf/XFkzKRtD6wL6Uy+3akm4Es=
 github.com/gosimple/slug v1.14.0/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ=
 github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o=
 github.com/gosimple/unidecode v1.0.1/go.mod h1:CP0Cr1Y1kogOtx0bJblKzsVWrqYaqfNOnHzpgWw4Awc=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -77,10 +75,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
-github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
-github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
-github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/pilebones/go-udev v0.9.0 h1:N1uEO/SxUwtIctc0WLU0t69JeBxIYEYnj8lT/Nabl9Q=
 github.com/pilebones/go-udev v0.9.0/go.mod h1:T2eI2tUSK0hA2WS5QLjXJUfQkluZQu+18Cqvem3CaXI=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -117,53 +115,53 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20231127185646-65229373498e h1:Gvh4YaCaXNs6dKTlfgismwWZKyjVZXwOPfIyUaqU3No=
-golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -171,31 +169,28 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP
 gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
-k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
-k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
-k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
-k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
-k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
-k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
+k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
+k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
+k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
+k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
+k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
+k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
+k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
-sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
+sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/images/agent/src/internal/const.go b/images/agent/src/internal/const.go
index 583461bb..a7238143 100644
--- a/images/agent/src/internal/const.go
+++ b/images/agent/src/internal/const.go
@@ -77,16 +77,6 @@ const (
 	Thick = "Thick"
 	Thin  = "Thin"
 
-	LLVStatusPhaseCreated  = "Created"
-	LLVStatusPhasePending  = "Pending"
-	LLVStatusPhaseResizing = "Resizing"
-	LLVStatusPhaseFailed   = "Failed"
-
-	LLVSStatusPhaseCreated = "Created"
-	LLVSStatusPhasePending = "Pending"
-	LLVSStatusPhaseFailed  = "Failed"
-	LLVSNameTag            = "storage.deckhouse.io/lvmLogicalVolumeSnapshotName"
-
 	Local  = "Local"
 	Shared = "Shared"
 
diff --git a/images/agent/src/internal/controller/llv/llvs.go b/images/agent/src/internal/controller/llv/llvs_ce.go
similarity index 68%
rename from images/agent/src/internal/controller/llv/llvs.go
rename to images/agent/src/internal/controller/llv/llvs_ce.go
index bd20ee4d..dd4e75ea 100644
--- a/images/agent/src/internal/controller/llv/llvs.go
+++ b/images/agent/src/internal/controller/llv/llvs_ce.go
@@ -1,4 +1,4 @@
-//go:build !EE
+//go:build ce
 
 package llv
 
@@ -10,5 +10,5 @@ import (
 )
 
 func (r *Reconciler) handleLLVSSource(_ context.Context, _ *v1alpha1.LVMLogicalVolume, _ *v1alpha1.LVMVolumeGroup) (string, bool, error) {
-	return "", false, errors.New("LLVS as a source is not supported")
+	return "", false, errors.New("LVMLocalVolumeSnapshot as a source is not supported in your edition")
 }
diff --git a/images/agent/src/internal/controller/llv/llvs_ee.go b/images/agent/src/internal/controller/llv/llvs_ee.go
index 35f05072..e542fd5e 100644
--- a/images/agent/src/internal/controller/llv/llvs_ee.go
+++ b/images/agent/src/internal/controller/llv/llvs_ee.go
@@ -1,4 +1,9 @@
-//go:build EE
+//go:build !ce
+
+/*
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
+*/
 
 package llv
 
@@ -8,12 +13,17 @@ import (
 	"fmt"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	"k8s.io/apimachinery/pkg/types"
 
 	"agent/internal/utils"
 )
 
 func (r *Reconciler) handleLLVSSource(ctx context.Context, llv *v1alpha1.LVMLogicalVolume, lvg *v1alpha1.LVMVolumeGroup) (string, bool, error) {
+	if !commonfeature.SnapshotsEnabled {
+		return "", false, errors.New("LVMLocalVolumeSnapshot as a source is not supported in your edition")
+	}
+
 	sourceLLVS := &v1alpha1.LVMLogicalVolumeSnapshot{}
 	if err := r.cl.Get(ctx, types.NamespacedName{Name: llv.Spec.Source.Name}, sourceLLVS); err != nil {
 		r.log.Error(err, fmt.Sprintf("[reconcileLLVCreateFunc] unable to get source LVMLogicalVolumeSnapshot %s for the LVMLogicalVolume %s", llv.Spec.Source.Name, llv.Name))
diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index bcc66a32..5e8b6cfb 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -1,3 +1,19 @@
+/*
+Copyright 2024 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package llv
 
 import (
@@ -117,7 +133,7 @@ func (r *Reconciler) Reconcile(
 			err = r.llvCl.UpdatePhaseIfNeeded(
 				ctx,
 				llv,
-				internal.LLVStatusPhaseFailed,
+				v1alpha1.PhaseFailed,
 				fmt.Sprintf("LVMVolumeGroup %s not found", llv.Spec.LVMVolumeGroupName),
 			)
 			if err != nil {
@@ -133,7 +149,7 @@ func (r *Reconciler) Reconcile(
 		err = r.llvCl.UpdatePhaseIfNeeded(
 			ctx,
 			llv,
-			internal.LLVStatusPhaseFailed,
+			v1alpha1.PhaseFailed,
 			fmt.Sprintf("Unable to get selected LVMVolumeGroup, err: %s", err.Error()),
 		)
 		if err != nil {
@@ -170,7 +186,7 @@ func (r *Reconciler) Reconcile(
 	valid, reason := r.validateLVMLogicalVolume(llv, lvg)
 	if !valid {
 		r.log.Warning(fmt.Sprintf("[ReconcileLVMLogicalVolume] the LVMLogicalVolume %s is not valid, reason: %s", llv.Name, reason))
-		err = r.llvCl.UpdatePhaseIfNeeded(ctx, llv, internal.LLVStatusPhaseFailed, reason)
+		err = r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, reason)
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolume] unable to update the LVMLogicalVolume %s", llv.Name))
 			return controller.Result{}, err
@@ -183,7 +199,7 @@ func (r *Reconciler) Reconcile(
 	shouldRequeue, err := r.ReconcileLVMLogicalVolume(ctx, llv, lvg)
 	if err != nil {
 		r.log.Error(err, fmt.Sprintf("[RunLVMLogicalVolumeWatcherController] an error occurred while reconciling the LVMLogicalVolume: %s", llv.Name))
-		updErr := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, internal.LLVStatusPhaseFailed, err.Error())
+		updErr := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, err.Error())
 		if updErr != nil {
 			r.log.Error(updErr, fmt.Sprintf("[RunLVMLogicalVolumeWatcherController] unable to update the LVMLogicalVolume %s", llv.Name))
 			return controller.Result{}, updErr
@@ -213,9 +229,9 @@ func (r *Reconciler) ReconcileLVMLogicalVolume(ctx context.Context, llv *v1alpha
 		return r.reconcileLLVDeleteFunc(ctx, llv, lvg)
 	default:
 		r.log.Info(fmt.Sprintf("[runEventReconcile] the LVMLogicalVolume %s has compeleted configuration and should not be reconciled", llv.Name))
-		if llv.Status.Phase != internal.LLVStatusPhaseCreated {
-			r.log.Warning(fmt.Sprintf("[runEventReconcile] the LVMLogicalVolume %s should not be reconciled but has an unexpected phase: %s. Setting the phase to %s", llv.Name, llv.Status.Phase, internal.LLVStatusPhaseCreated))
-			err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, internal.LLVStatusPhaseCreated, "")
+		if llv.Status.Phase != v1alpha1.PhaseCreated {
+			r.log.Warning(fmt.Sprintf("[runEventReconcile] the LVMLogicalVolume %s should not be reconciled but has an unexpected phase: %s. Setting the phase to %s", llv.Name, llv.Status.Phase, v1alpha1.PhaseCreated))
+			err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseCreated, "")
 			if err != nil {
 				return true, err
 			}
@@ -234,7 +250,7 @@ func (r *Reconciler) reconcileLLVCreateFunc(
 
 	// this check prevents infinite resource updating after retries
 	if llv.Status == nil {
-		err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, internal.LLVStatusPhasePending, "")
+		err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhasePending, "")
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[reconcileLLVCreateFunc] unable to update the LVMLogicalVolume %s", llv.Name))
 			return true, err
@@ -322,7 +338,7 @@ func (r *Reconciler) reconcileLLVUpdateFunc(
 
 	// status might be nil if a user creates the resource with LV name which matches existing LV on the node
 	if llv.Status == nil {
-		err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, internal.LLVStatusPhasePending, "")
+		err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhasePending, "")
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[reconcileLLVUpdateFunc] unable to update the LVMLogicalVolume %s", llv.Name))
 			return true, err
@@ -368,8 +384,8 @@ func (r *Reconciler) reconcileLLVUpdateFunc(
 
 	r.log.Info(fmt.Sprintf("[reconcileLLVUpdateFunc] the LVMLogicalVolume %s should be resized", llv.Name))
 	// this check prevents infinite resource updates after retry
-	if llv.Status.Phase != internal.LLVStatusPhaseFailed {
-		err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, internal.LLVStatusPhaseResizing, "")
+	if llv.Status.Phase != v1alpha1.PhaseFailed {
+		err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseResizing, "")
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[reconcileLLVUpdateFunc] unable to update the LVMLogicalVolume %s", llv.Name))
 			return true, err
diff --git a/images/agent/src/internal/controller/llv/reconciler_test.go b/images/agent/src/internal/controller/llv/reconciler_test.go
index 50c2bdf9..3c91d78b 100644
--- a/images/agent/src/internal/controller/llv/reconciler_test.go
+++ b/images/agent/src/internal/controller/llv/reconciler_test.go
@@ -1,3 +1,19 @@
+/*
+Copyright 2024 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package llv
 
 import (
@@ -279,7 +295,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 					ActualLVNameOnTheNode: lvName,
 				},
 				Status: &v1alpha1.LVMLogicalVolumeStatus{
-					Phase: internal.LLVStatusPhaseCreated,
+					Phase: v1alpha1.PhaseCreated,
 				},
 			}
 			r.sdsCache.StoreLVs([]internal.LVData{
@@ -300,7 +316,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 			llv := &v1alpha1.LVMLogicalVolume{
 				ObjectMeta: v1.ObjectMeta{DeletionTimestamp: &v1.Time{}},
 				Status: &v1alpha1.LVMLogicalVolumeStatus{
-					Phase: internal.LLVStatusPhaseCreated,
+					Phase: v1alpha1.PhaseCreated,
 				},
 			}
 
@@ -320,7 +336,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 					ActualLVNameOnTheNode: lvName,
 				},
 				Status: &v1alpha1.LVMLogicalVolumeStatus{
-					Phase: internal.LLVStatusPhaseCreated,
+					Phase: v1alpha1.PhaseCreated,
 				},
 			}
 
@@ -336,7 +352,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 					ActualLVNameOnTheNode: lvName,
 				},
 				Status: &v1alpha1.LVMLogicalVolumeStatus{
-					Phase: internal.LLVStatusPhaseCreated,
+					Phase: v1alpha1.PhaseCreated,
 				},
 			}
 			r.sdsCache.StoreLVs([]internal.LVData{
@@ -358,7 +374,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 					ActualLVNameOnTheNode: lvName,
 				},
 				Status: &v1alpha1.LVMLogicalVolumeStatus{
-					Phase: internal.LLVStatusPhaseCreated,
+					Phase: v1alpha1.PhaseCreated,
 				},
 			}
 			should := r.shouldReconcileByCreateFunc(vgName, llv)
@@ -387,7 +403,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 					ActualLVNameOnTheNode: lvName,
 				},
 				Status: &v1alpha1.LVMLogicalVolumeStatus{
-					Phase: internal.LLVStatusPhaseCreated,
+					Phase: v1alpha1.PhaseCreated,
 				},
 			}
 			r.sdsCache.StoreLVs([]internal.LVData{
@@ -408,7 +424,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 					ActualLVNameOnTheNode: lvName,
 				},
 				Status: &v1alpha1.LVMLogicalVolumeStatus{
-					Phase: internal.LLVStatusPhaseCreated,
+					Phase: v1alpha1.PhaseCreated,
 				},
 			}
 			should := r.shouldReconcileByUpdateFunc(vgName, llv)
@@ -444,7 +460,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 				Name: "test",
 			},
 			Status: &v1alpha1.LVMLogicalVolumeStatus{
-				Phase:  internal.LLVStatusPhaseCreated,
+				Phase:  v1alpha1.PhaseCreated,
 				Reason: "",
 			},
 		}
@@ -462,7 +478,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 			}
 		}()
 
-		err = r.llvCl.UpdatePhaseIfNeeded(ctx, llv, internal.LLVStatusPhaseFailed, reason)
+		err = r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, reason)
 		if assert.NoError(t, err) {
 			newLLV := &v1alpha1.LVMLogicalVolume{}
 			err = r.cl.Get(ctx, client.ObjectKey{
@@ -470,7 +486,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 				Namespace: "",
 			}, newLLV)
 
-			assert.Equal(t, newLLV.Status.Phase, internal.LLVStatusPhaseFailed)
+			assert.Equal(t, newLLV.Status.Phase, v1alpha1.PhaseFailed)
 			assert.Equal(t, newLLV.Status.Reason, reason)
 		}
 	})
@@ -574,7 +590,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 				Size:                  oldSize.String(),
 			},
 			Status: &v1alpha1.LVMLogicalVolumeStatus{
-				Phase:      internal.LLVStatusPhasePending,
+				Phase:      v1alpha1.PhasePending,
 				Reason:     "",
 				ActualSize: *oldSize,
 			},
@@ -603,12 +619,12 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 		}
 
 		if assert.NotNil(t, oldLLV) {
-			assert.Equal(t, internal.LLVStatusPhasePending, oldLLV.Status.Phase)
+			assert.Equal(t, v1alpha1.PhasePending, oldLLV.Status.Phase)
 			assert.Equal(t, oldSize.Value(), oldLLV.Status.ActualSize.Value())
 		}
 
 		oldLLV.Spec.Size = newSize.String()
-		oldLLV.Status.Phase = internal.LLVStatusPhaseCreated
+		oldLLV.Status.Phase = v1alpha1.PhaseCreated
 		oldLLV.Status.ActualSize = *newSize
 
 		err = r.updateLVMLogicalVolumeSpec(ctx, oldLLV)
@@ -622,7 +638,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 				return
 			}
 
-			assert.Equal(t, internal.LLVStatusPhasePending, newLLV.Status.Phase)
+			assert.Equal(t, v1alpha1.PhasePending, newLLV.Status.Phase)
 			assert.Equal(t, oldSize.Value(), newLLV.Status.ActualSize.Value())
 		}
 	})
@@ -646,7 +662,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 				Size:                  oldSize.String(),
 			},
 			Status: &v1alpha1.LVMLogicalVolumeStatus{
-				Phase:      internal.LLVStatusPhasePending,
+				Phase:      v1alpha1.PhasePending,
 				Reason:     "",
 				ActualSize: *oldSize,
 			},
@@ -675,7 +691,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 		}
 
 		if assert.NotNil(t, oldLLV) {
-			assert.Equal(t, internal.LLVStatusPhasePending, oldLLV.Status.Phase)
+			assert.Equal(t, v1alpha1.PhasePending, oldLLV.Status.Phase)
 			assert.Equal(t, oldSize.Value(), oldLLV.Status.ActualSize.Value())
 		}
 
@@ -693,7 +709,7 @@ func TestLVMLogicaVolumeWatcher(t *testing.T) {
 			}
 
 			assert.Equal(t, oldSize.String(), newLLV.Spec.Size)
-			assert.Equal(t, internal.LLVStatusPhaseCreated, newLLV.Status.Phase)
+			assert.Equal(t, v1alpha1.PhaseCreated, newLLV.Status.Phase)
 			assert.Equal(t, newSize.Value(), newLLV.Status.ActualSize.Value())
 		}
 	})
diff --git a/images/agent/src/internal/controller/llv_extender/reconciler.go b/images/agent/src/internal/controller/llv_extender/reconciler.go
index 062645f6..a7c7d41f 100644
--- a/images/agent/src/internal/controller/llv_extender/reconciler.go
+++ b/images/agent/src/internal/controller/llv_extender/reconciler.go
@@ -155,7 +155,7 @@ func (r *Reconciler) ReconcileLVMLogicalVolumeExtension(
 		if lv == nil {
 			err = fmt.Errorf("lv %s not found", llv.Spec.ActualLVNameOnTheNode)
 			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to find LV %s of the LVMLogicalVolume %s", llv.Spec.ActualLVNameOnTheNode, llv.Name))
-			err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, internal.LLVStatusPhaseFailed, err.Error())
+			err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, v1alpha1.PhaseFailed, err.Error())
 			if err != nil {
 				r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to update the LVMLogicalVolume %s", llv.Name))
 			}
@@ -177,7 +177,7 @@ func (r *Reconciler) ReconcileLVMLogicalVolumeExtension(
 		if llvRequestedSize.Value()+internal.ResizeDelta.Value() > freeSpace.Value() {
 			err = errors.New("not enough space")
 			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to extend the LV %s of the LVMLogicalVolume %s", llv.Spec.ActualLVNameOnTheNode, llv.Name))
-			err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, internal.LLVStatusPhaseFailed, fmt.Sprintf("unable to extend LV, err: %s", err.Error()))
+			err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, v1alpha1.PhaseFailed, fmt.Sprintf("unable to extend LV, err: %s", err.Error()))
 			if err != nil {
 				r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to update the LVMLogicalVolume %s", llv.Name))
 				shouldRetry = true
@@ -186,7 +186,7 @@ func (r *Reconciler) ReconcileLVMLogicalVolumeExtension(
 		}
 
 		r.log.Info(fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] the LVMLogicalVolume %s should be extended from %s to %s size", llv.Name, llv.Status.ActualSize.String(), llvRequestedSize.String()))
-		err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, internal.LLVStatusPhaseResizing, "")
+		err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, v1alpha1.PhaseResizing, "")
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to update the LVMLogicalVolume %s", llv.Name))
 			shouldRetry = true
@@ -196,7 +196,7 @@ func (r *Reconciler) ReconcileLVMLogicalVolumeExtension(
 		cmd, err := utils.ExtendLV(llvRequestedSize.Value(), lvg.Spec.ActualVGNameOnTheNode, llv.Spec.ActualLVNameOnTheNode)
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to extend LV %s of the LVMLogicalVolume %s, cmd: %s", llv.Spec.ActualLVNameOnTheNode, llv.Name, cmd))
-			err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, internal.LLVStatusPhaseFailed, fmt.Sprintf("unable to extend LV, err: %s", err.Error()))
+			err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, v1alpha1.PhaseFailed, fmt.Sprintf("unable to extend LV, err: %s", err.Error()))
 			if err != nil {
 				r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to update the LVMLogicalVolume %s", llv.Name))
 			}
@@ -226,7 +226,7 @@ func (r *Reconciler) ReconcileLVMLogicalVolumeExtension(
 			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to resize the LVMLogicalVolume %s", llv.Name))
 			shouldRetry = true
 
-			if err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, internal.LLVStatusPhaseFailed, err.Error()); err != nil {
+			if err = r.llvCl.UpdatePhaseIfNeeded(ctx, &llv, v1alpha1.PhaseFailed, err.Error()); err != nil {
 				r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolumeExtension] unable to update the LVMLogicalVolume %s", llv.Name))
 			}
 			continue
diff --git a/images/agent/src/internal/controller/llvs/reconciler_ee.go b/images/agent/src/internal/controller/llvs/reconciler_ee.go
index 30c7db3c..6e420be2 100644
--- a/images/agent/src/internal/controller/llvs/reconciler_ee.go
+++ b/images/agent/src/internal/controller/llvs/reconciler_ee.go
@@ -1,4 +1,9 @@
-//go:build EE
+//go:build ee
+
+/*
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
+*/
 
 package llvs
 
@@ -11,6 +16,7 @@ import (
 	"time"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	commonvalidating "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/validating"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -80,13 +86,24 @@ func (r *Reconciler) ShouldReconcileUpdate(_ *v1alpha1.LVMLogicalVolumeSnapshot,
 		newObj.Finalizers[0] == internal.SdsNodeConfiguratorFinalizer
 }
 
-func (r *Reconciler) ShouldReconcileCreate(_ *v1alpha1.LVMLogicalVolumeSnapshot) bool {
+func (r *Reconciler) ShouldReconcileCreate(llvs *v1alpha1.LVMLogicalVolumeSnapshot) bool {
+	if llvs.Status != nil && llvs.Status.NodeName != r.cfg.NodeName {
+		r.log.Trace(fmt.Sprintf("LVMLogicalVolumeSnapshot %s has a Status with different node %s. Our node is %s. Skip", llvs.Name, llvs.Status.NodeName, r.cfg.NodeName))
+		return false
+	}
+
 	return true
 }
 
 func (r *Reconciler) Reconcile(ctx context.Context, req controller.ReconcileRequest[*v1alpha1.LVMLogicalVolumeSnapshot]) (controller.Result, error) {
 	llvs := req.Object
 
+	r.log.Info(fmt.Sprintf("reconciling the LVMLogicalVolumeSnapshot %s", llvs.Name))
+	if llvs.Status != nil && llvs.Status.NodeName != r.cfg.NodeName {
+		r.log.Info(fmt.Sprintf("LVMLogicalVolumeSnapshot %s has a Status with different node %s. Our node is %s. Skip", llvs.Name, llvs.Status.NodeName, r.cfg.NodeName))
+		return controller.Result{}, nil
+	}
+
 	// this case prevents the unexpected behavior when the controller runs up with existing LVMLogicalVolumeSnapshots
 	if lvs, _ := r.sdsCache.GetLVs(); len(lvs) == 0 {
 		r.log.Warning(fmt.Sprintf("unable to reconcile the request as no LV was found in the cache. Retry in %s", r.cfg.LLVRequeueInterval.String()))
@@ -114,13 +131,27 @@ func (r *Reconciler) reconcileLVMLogicalVolumeSnapshot(
 	ctx context.Context,
 	llvs *v1alpha1.LVMLogicalVolumeSnapshot,
 ) (bool, error) {
+	llv := &v1alpha1.LVMLogicalVolume{}
+	msg, err := commonvalidating.ValidateLVMLogicalVolumeSnapshot(ctx, r.cl, llvs, llv)
+	if err != nil {
+		r.log.Error(err, fmt.Sprintf("error validating LVMLogicalVolumeSnapshot %s", llvs.Name))
+		upErr := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, "Error validating LVMLogicalVolumeSnapshot")
+		retErr := errors.Join(err, upErr)
+		return true, retErr
+	}
+	if msg != "" {
+		r.log.Error(nil, fmt.Sprintf("LVMLogicalVolumeSnapshot %s is invalid: %s", llvs.Name, msg))
+		err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhaseFailed, msg)
+		return false, err
+	}
+
 	switch {
 	case llvs.DeletionTimestamp != nil:
 		// delete
 		return r.reconcileLLVSDeleteFunc(ctx, llvs)
-	case llvs.Status == nil || llvs.Status.Phase == internal.LLVSStatusPhasePending:
-		return r.reconcileLLVSCreateFunc(ctx, llvs)
-	case llvs.Status.Phase == internal.LLVSStatusPhaseCreated:
+	case llvs.Status == nil || llvs.Status.Phase == v1alpha1.PhasePending:
+		return r.reconcileLLVSCreateFunc(ctx, llvs, llv)
+	case llvs.Status.Phase == v1alpha1.PhaseCreated:
 		r.log.Info(fmt.Sprintf("the LVMLogicalVolumeSnapshot %s is already Created and should not be reconciled", llvs.Name))
 	default:
 		r.log.Warning(fmt.Sprintf("skipping LLVS reconciliation, since it is in phase: %s", llvs.Status.Phase))
@@ -132,26 +163,21 @@ func (r *Reconciler) reconcileLVMLogicalVolumeSnapshot(
 func (r *Reconciler) reconcileLLVSCreateFunc(
 	ctx context.Context,
 	llvs *v1alpha1.LVMLogicalVolumeSnapshot,
+	llv *v1alpha1.LVMLogicalVolume,
 ) (bool, error) {
 	// should precede setting finalizer to be able to determine the node when deleting
 	if llvs.Status == nil {
-		llv := &v1alpha1.LVMLogicalVolume{}
-		if err := r.getObjectOrSetPendingStatus(
-			ctx,
-			llvs,
-			types.NamespacedName{Name: llvs.Spec.LVMLogicalVolumeName},
-			llv,
-		); err != nil {
+		if llv.Status == nil {
+			reason := fmt.Sprintf("Source LLV %s does not have a status", llv.Name)
+			r.log.Error(nil, reason)
+			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
 			return true, err
 		}
-
-		if llv.Spec.Thin == nil {
-			r.log.Error(nil, fmt.Sprintf("Failed reconciling LLVS %s, LLV %s is not Thin", llvs.Name, llv.Name))
-			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
-				Phase:  internal.LLVSStatusPhaseFailed,
-				Reason: fmt.Sprintf("Source LLV %s is not Thin", llv.Name),
-			}
-			return false, r.cl.Status().Update(ctx, llvs)
+		if llv.Status.Phase != v1alpha1.PhaseCreated {
+			reason := fmt.Sprintf("Source LLV %s is not in the Created phase", llv.Name)
+			r.log.Error(nil, reason)
+			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
+			return true, err
 		}
 
 		lvg := &v1alpha1.LVMVolumeGroup{}
@@ -173,48 +199,36 @@ func (r *Reconciler) reconcileLLVSCreateFunc(
 			return tps.Name == llv.Spec.Thin.PoolName
 		})
 		if thinPoolIndex < 0 {
-			r.log.Error(nil, fmt.Sprintf("LLVS %s thin pool %s is not found in LVG %s", llvs.Name, llv.Spec.Thin.PoolName, lvg.Name))
-			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
-				Phase:  internal.LLVSStatusPhasePending,
-				Reason: fmt.Sprintf("Thin pool %s is not found in LVG %s", llv.Spec.Thin.PoolName, lvg.Name),
-			}
-			return true, r.cl.Status().Update(ctx, llvs)
+			reason := fmt.Sprintf("Thin pool %s for source LLV %s is not found in LVG %s", llv.Spec.Thin.PoolName, llv.Name, lvg.Name)
+			r.log.Error(nil, fmt.Sprintf("LLVS %s: %s", llvs.Name, reason))
+			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
+			return true, err
 		}
 
 		if llv.Status == nil || llv.Status.ActualSize.Value() == 0 {
-			r.log.Error(nil, fmt.Sprintf("Error reconciling LLVS %s, source LLV %s ActualSize is not known", llvs.Name, llv.Name))
-			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
-				Phase:  internal.LLVSStatusPhasePending,
-				Reason: fmt.Sprintf("Source LLV %s ActualSize is not known", llv.Name),
-			}
-			return true, r.cl.Status().Update(ctx, llvs)
+			reason := fmt.Sprintf("Source LLV %s ActualSize is not known", llv.Name)
+			r.log.Error(nil, fmt.Sprintf("LLVS %s: %s", llvs.Name, reason))
+			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
+			return true, err
 		}
 
 		if lvg.Status.ThinPools[thinPoolIndex].AvailableSpace.Value() < llv.Status.ActualSize.Value() {
-			r.log.Error(nil, fmt.Sprintf(
-				"LLVS %s: not enough space available in thin pool %s: need at least %s, got %s",
-				llvs.Name,
+			reason := fmt.Sprintf(
+				"Not enough space available in thin pool %s: need at least %s, got %s",
 				llv.Spec.Thin.PoolName,
 				llv.Status.ActualSize.String(),
 				lvg.Status.ThinPools[thinPoolIndex].AvailableSpace.String(),
-			))
-			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
-				Phase: internal.LLVSStatusPhasePending,
-				Reason: fmt.Sprintf(
-					"Not enough space available in thin pool %s: need at least %s, got %s",
-					llv.Spec.Thin.PoolName,
-					llv.Status.ActualSize.String(),
-					lvg.Status.ThinPools[thinPoolIndex].AvailableSpace.String(),
-				),
-			}
-			return true, r.cl.Status().Update(ctx, llvs)
+			)
+			r.log.Error(nil, fmt.Sprintf("LLVS %s: %s", llvs.Name, reason))
+			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
+			return true, err
 		}
 
 		llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
 			NodeName:              lvg.Spec.Local.NodeName,
 			ActualVGNameOnTheNode: lvg.Spec.ActualVGNameOnTheNode,
 			ActualLVNameOnTheNode: llv.Spec.ActualLVNameOnTheNode,
-			Phase:                 internal.LLVSStatusPhasePending,
+			Phase:                 v1alpha1.PhasePending,
 			Reason:                "Creating volume",
 		}
 
@@ -249,7 +263,7 @@ func (r *Reconciler) reconcileLLVSCreateFunc(
 			llvs.ActualSnapshotNameOnTheNode(),
 			llvs.Status.ActualVGNameOnTheNode,
 			llvs.Status.ActualLVNameOnTheNode,
-			utils.NewEnabledTags(internal.LLVSNameTag, llvs.Name),
+			utils.NewEnabledTags(v1alpha1.LLVSNameTag, llvs.Name),
 		)
 		r.log.Debug(fmt.Sprintf("[reconcileLLVSCreateFunc] ran cmd: %s", cmd))
 		if err != nil {
@@ -296,7 +310,7 @@ func (r *Reconciler) reconcileLLVSCreateFunc(
 
 		llvs.Status.Size = *size
 		llvs.Status.UsedSize = *usedSize
-		llvs.Status.Phase = internal.LLVSStatusPhaseCreated
+		llvs.Status.Phase = v1alpha1.PhaseCreated
 		llvs.Status.Reason = ""
 		err = r.cl.Status().Update(ctx, llvs)
 		return false, err
@@ -344,7 +358,7 @@ func (r *Reconciler) deleteLVIfNeeded(llvsName, llvsActualNameOnTheNode, vgActua
 		return nil
 	}
 
-	if ok, name := utils.ReadValueFromTags(lv.Data.LvTags, internal.LLVSNameTag); !ok {
+	if ok, name := utils.ReadValueFromTags(lv.Data.LvTags, v1alpha1.LLVSNameTag); !ok {
 		r.log.Warning(fmt.Sprintf("[deleteLVIfNeeded] did not find required tags on LV %s in VG %s", llvsActualNameOnTheNode, vgActualNameOnTheNode))
 		return nil
 	} else if name != llvsName {
@@ -373,7 +387,7 @@ func (r *Reconciler) getObjectOrSetPendingStatus(
 ) error {
 	if err := r.cl.Get(ctx, key, obj); err != nil {
 		llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
-			Phase:  internal.LLVSStatusPhasePending,
+			Phase:  v1alpha1.PhasePending,
 			Reason: fmt.Sprintf("Error while getting object %s: %v", obj.GetName(), err),
 		}
 		updErr := r.cl.Status().Update(ctx, llvs)
@@ -381,3 +395,31 @@ func (r *Reconciler) getObjectOrSetPendingStatus(
 	}
 	return nil
 }
+
+func (r *Reconciler) setStatusIfNeeded(
+	ctx context.Context,
+	llvs *v1alpha1.LVMLogicalVolumeSnapshot,
+	phase, reason string,
+) error {
+	needUpdate := false
+
+	if llvs.Status == nil {
+		needUpdate = true
+		llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
+			Phase:  phase,
+			Reason: reason,
+		}
+	}
+
+	if llvs.Status.Phase != phase || llvs.Status.Reason != reason {
+		needUpdate = true
+		llvs.Status.Phase = phase
+		llvs.Status.Reason = reason
+	}
+
+	if needUpdate {
+		return r.cl.Status().Update(ctx, llvs)
+	}
+
+	return nil
+}
diff --git a/images/agent/src/internal/utils/client_llv.go b/images/agent/src/internal/utils/client_llv.go
index baead2bc..2551d973 100644
--- a/images/agent/src/internal/utils/client_llv.go
+++ b/images/agent/src/internal/utils/client_llv.go
@@ -8,7 +8,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	"agent/internal"
 	"agent/internal/logger"
 )
 
@@ -69,7 +68,7 @@ func (llvCl *LLVClient) UpdatePhaseToCreatedIfNeeded(
 		}
 	}
 
-	updateNeeded := llv.Status.Phase != internal.LLVStatusPhaseCreated ||
+	updateNeeded := llv.Status.Phase != v1alpha1.PhaseCreated ||
 		llv.Status.ActualSize.Value() != actualSize.Value() ||
 		llv.Status.Reason != "" ||
 		llv.Status.Contiguous != contiguous
@@ -79,7 +78,7 @@ func (llvCl *LLVClient) UpdatePhaseToCreatedIfNeeded(
 		return nil
 	}
 
-	llv.Status.Phase = internal.LLVStatusPhaseCreated
+	llv.Status.Phase = v1alpha1.PhaseCreated
 	llv.Status.Reason = ""
 	llv.Status.ActualSize = actualSize
 	llv.Status.Contiguous = contiguous
diff --git a/images/sds-health-watcher-controller/src/internal/const.go b/images/sds-health-watcher-controller/src/internal/const.go
index 37e0fdc4..572947cb 100644
--- a/images/sds-health-watcher-controller/src/internal/const.go
+++ b/images/sds-health-watcher-controller/src/internal/const.go
@@ -19,11 +19,6 @@ package internal
 const (
 	SdsNodeConfiguratorNamespace = "d8-sds-node-configurator"
 
-	PhasePending     = "Pending"
-	PhaseNotReady    = "NotReady"
-	PhaseReady       = "Ready"
-	PhaseTerminating = "Terminating"
-
 	ReasonPending          = "Pending"
 	ReasonUpdating         = "Updating"
 	ReasonCreating         = "Creating"
diff --git a/images/sds-health-watcher-controller/src/pkg/controller/lvg_conditions_watcher.go b/images/sds-health-watcher-controller/src/pkg/controller/lvg_conditions_watcher.go
index f382e08e..86df4283 100644
--- a/images/sds-health-watcher-controller/src/pkg/controller/lvg_conditions_watcher.go
+++ b/images/sds-health-watcher-controller/src/pkg/controller/lvg_conditions_watcher.go
@@ -146,7 +146,7 @@ func reconcileLVGConditions(ctx context.Context, cl client.Client, log logger.Lo
 	if len(lvg.Status.Conditions) < targetConCount {
 		log.Info(fmt.Sprintf("[reconcileLVGConditions] the LVMVolumeGroup %s misses some conditions, wait for them to got configured", lvg.Name))
 		log.Debug(fmt.Sprintf("[reconcileLVGConditions] the LVMVolumeGroup %s conditions current count: %d, target count: %d", lvg.Name, len(lvg.Status.Conditions), targetConCount))
-		err = updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, internal.PhasePending)
+		err = updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, v1alpha1.PhasePending)
 		if err != nil {
 			log.Error(err, fmt.Sprintf("[reconcileLVGConditions] unable to update the LVMVolumeGroup %s phase", lvg.Name))
 			return true, err
@@ -182,7 +182,7 @@ func reconcileLVGConditions(ctx context.Context, cl client.Client, log logger.Lo
 			ready = false
 			falseConditions = nil
 			log.Debug(fmt.Sprintf("[reconcileLVGConditions] the LVMVolumeGroup %s condition %s has Creating reason. Turn the LVMVolumeGroup Ready condition and phase to Pending", lvg.Name, c.Type))
-			err = updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, internal.PhasePending)
+			err = updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, v1alpha1.PhasePending)
 			if err != nil {
 				log.Error(err, fmt.Sprintf("[reconcileLVGConditions] unable to update the LVMVolumeGroup %s phase", lvg.Name))
 				return true, err
@@ -201,7 +201,7 @@ func reconcileLVGConditions(ctx context.Context, cl client.Client, log logger.Lo
 			ready = false
 			falseConditions = nil
 			log.Debug(fmt.Sprintf("[reconcileLVGConditions] the LVMVolumeGroup %s condition %s has Terminating reason. Turn the LVMVolumeGroup Ready condition and phase to Terminating", lvg.Name, c.Type))
-			err := updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, internal.PhaseTerminating)
+			err := updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, v1alpha1.PhaseTerminating)
 			if err != nil {
 				log.Error(err, fmt.Sprintf("[reconcileLVGConditions] unable to update the LVMVolumeGroup %s phase", lvg.Name))
 				return true, err
@@ -224,7 +224,7 @@ func reconcileLVGConditions(ctx context.Context, cl client.Client, log logger.Lo
 	}
 
 	if len(falseConditions) > 0 {
-		err := updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, internal.PhaseNotReady)
+		err := updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, v1alpha1.PhaseNotReady)
 		if err != nil {
 			log.Error(err, fmt.Sprintf("[reconcileLVGConditions] unable to update the LVMVolumeGroup %s phase", lvg.Name))
 			return true, err
@@ -249,7 +249,7 @@ func reconcileLVGConditions(ctx context.Context, cl client.Client, log logger.Lo
 			return true, err
 		}
 
-		err = updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, internal.PhaseReady)
+		err = updateLVMVolumeGroupPhaseIfNeeded(ctx, cl, lvg, v1alpha1.PhaseReady)
 		if err != nil {
 			log.Error(err, fmt.Sprintf("[reconcileLVGConditions] unable to update the LVMVolumeGroup %s phase", lvg.Name))
 		}
diff --git a/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go b/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go
index 64bfca4a..e604232f 100644
--- a/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go
+++ b/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go
@@ -22,7 +22,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
 	"sds-health-watcher-controller/config"
-	"sds-health-watcher-controller/internal"
 	"sds-health-watcher-controller/pkg/logger"
 	"sds-health-watcher-controller/pkg/monitoring"
 )
@@ -113,7 +112,7 @@ func shouldLVGSetWatcherReconcileUpdateEvent(old, new *v1alpha1.LVMVolumeGroupSe
 
 func reconcileLVMVolumeGroupSet(ctx context.Context, cl client.Client, log logger.Logger, metrics monitoring.Metrics, lvgSet *v1alpha1.LVMVolumeGroupSet) (bool, error) {
 	log.Debug(fmt.Sprintf("[reconcileLVMVolumeGroupSet] starts the reconciliation of the LVMVolumeGroupSet %s", lvgSet.Name))
-	err := updateLVMVolumeGroupSetPhaseIfNeeded(ctx, cl, log, lvgSet, internal.PhasePending, reasonWorkInProgress)
+	err := updateLVMVolumeGroupSetPhaseIfNeeded(ctx, cl, log, lvgSet, v1alpha1.PhasePending, reasonWorkInProgress)
 	if err != nil {
 		return false, err
 	}
diff --git a/images/webhooks/src/cmd/main.go b/images/webhooks/src/cmd/main.go
index 583c82da..9e912550 100644
--- a/images/webhooks/src/cmd/main.go
+++ b/images/webhooks/src/cmd/main.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2024 Flant JSC
+Copyright 2025 Flant JSC
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -22,10 +22,11 @@ import (
 	"net/http"
 	"os"
 
+	"webhooks/handlers"
+
 	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/sirupsen/logrus"
 	kwhlogrus "github.com/slok/kubewebhook/v2/pkg/log/logrus"
-	"webhooks/handlers"
 )
 
 type config struct {
diff --git a/images/webhooks/src/go.mod b/images/webhooks/src/go.mod
index 01e9868a..bc82dff1 100644
--- a/images/webhooks/src/go.mod
+++ b/images/webhooks/src/go.mod
@@ -4,34 +4,70 @@ go 1.23.5
 
 require (
 	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250206203415-a9ffd855f5a3
+	github.com/deckhouse/sds-node-configurator/lib/go/common v0.0.0-00010101000000-000000000000
+	github.com/go-logr/logr v1.4.2
 	github.com/sirupsen/logrus v1.9.3
 	github.com/slok/kubewebhook/v2 v2.7.0
 	k8s.io/apimachinery v0.32.1
+	k8s.io/client-go v0.32.1
+	k8s.io/klog/v2 v2.130.1
+	sigs.k8s.io/controller-runtime v0.20.1
 )
 
+replace github.com/deckhouse/sds-node-configurator/api => ../../../api
+
+replace github.com/deckhouse/sds-node-configurator/lib/go/common => ../../../lib/go/common
+
 require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/kr/text v0.2.0 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.20.2 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.57.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/stretchr/testify v1.10.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.28.0 // indirect
 	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.32.1 // indirect
-	k8s.io/client-go v0.32.1 // indirect
-	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/apiextensions-apiserver v0.32.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
-
-replace github.com/deckhouse/sds-node-configurator/api => ../../../api
diff --git a/images/webhooks/src/go.sum b/images/webhooks/src/go.sum
index 42a982ec..04aeba65 100644
--- a/images/webhooks/src/go.sum
+++ b/images/webhooks/src/go.sum
@@ -1,36 +1,91 @@
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg=
+github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY=
+github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -50,6 +105,12 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -61,32 +122,46 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
 golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -94,14 +169,20 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
 k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
+k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
+k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
 k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
 k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
 k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
 k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
+sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
index 0cb64f74..d8f03952 100644
--- a/images/webhooks/src/handlers/func.go
+++ b/images/webhooks/src/handlers/func.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2024 Flant JSC
+Copyright 2025 Flant JSC
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,14 +19,63 @@ package handlers
 import (
 	"context"
 	"net/http"
+	"os"
 
+	snc "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	"github.com/go-logr/logr"
 	kwhhttp "github.com/slok/kubewebhook/v2/pkg/http"
 	"github.com/slok/kubewebhook/v2/pkg/log"
 	"github.com/slok/kubewebhook/v2/pkg/model"
+	apiruntime "k8s.io/apimachinery/pkg/runtime"
+
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	controllerruntime "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	ctrllog "sigs.k8s.io/controller-runtime/pkg/log"
 )
 
+func NewKubeClient(kubeconfigPath string) (client.Client, error) {
+	var config *rest.Config
+	var err error
+
+	if kubeconfigPath == "" {
+		kubeconfigPath = os.Getenv("kubeconfig")
+	}
+
+	controllerruntime.SetLogger(logr.New(ctrllog.NullLogSink{}))
+
+	config, err = clientcmd.BuildConfigFromFlags("", kubeconfigPath)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var (
+		resourcesSchemeFuncs = []func(*apiruntime.Scheme) error{
+			snc.AddToScheme,
+			clientgoscheme.AddToScheme,
+		}
+	)
+
+	scheme := apiruntime.NewScheme()
+	for _, f := range resourcesSchemeFuncs {
+		err = f(scheme)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	clientOpts := client.Options{
+		Scheme: scheme,
+	}
+
+	return client.New(config, clientOpts)
+}
+
 func GetValidatingWebhookHandler(validationFunc func(ctx context.Context, _ *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error), validatorID string, obj metav1.Object, logger log.Logger) (http.Handler, error) {
 	validatorFunc := kwhvalidating.ValidatorFunc(validationFunc)
 
@@ -37,12 +86,12 @@ func GetValidatingWebhookHandler(validationFunc func(ctx context.Context, _ *mod
 		Logger:    logger,
 	}
 
-	mutationWebhook, err := kwhvalidating.NewWebhook(validatingWebhookConfig)
+	validatingWebhook, err := kwhvalidating.NewWebhook(validatingWebhookConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	mutationWebhookHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: mutationWebhook, Logger: logger})
+	validatingWebhookHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: validatingWebhook, Logger: logger})
 
-	return mutationWebhookHandler, err
+	return validatingWebhookHandler, err
 }
diff --git a/images/webhooks/src/handlers/llvsValidator.go b/images/webhooks/src/handlers/llvsValidator.go
index de944a03..90f61eb9 100644
--- a/images/webhooks/src/handlers/llvsValidator.go
+++ b/images/webhooks/src/handlers/llvsValidator.go
@@ -1,16 +1,60 @@
+/*
+Copyright 2025 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package handlers
 
 import (
 	"context"
 
+	snc "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	commonvalidating "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/validating"
 	"github.com/slok/kubewebhook/v2/pkg/model"
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/klog/v2"
 )
 
-func LLVSValidate(_ context.Context, _ *model.AdmissionReview, _ metav1.Object) (*kwhvalidating.ValidatorResult, error) {
+func LLVSValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
+	llvs, ok := obj.(*snc.LVMLogicalVolumeSnapshot)
+	if !ok {
+		return &kwhvalidating.ValidatorResult{}, nil
+	}
+
+	cl, err := NewKubeClient("")
+	if err != nil {
+		klog.Fatal(err) // pod restarting
+	}
+
+	llv := &snc.LVMLogicalVolume{}
+	msg, err := commonvalidating.ValidateLVMLogicalVolumeSnapshot(ctx, cl, llvs, llv)
+	if err != nil {
+		klog.ErrorS(err, "LLVS validation failed with error")
+		return &kwhvalidating.ValidatorResult{
+			Valid:   false,
+			Message: err.Error(),
+		}, nil
+	}
+	if msg != "" {
+		return &kwhvalidating.ValidatorResult{
+			Valid:   false,
+			Message: msg,
+		}, nil
+	}
+
 	return &kwhvalidating.ValidatorResult{
-		Valid:   false,
-		Message: "LVMLogicalVolumeSnapshot is not available in this Deckhouse edition.",
+		Valid: true,
 	}, nil
 }
diff --git a/lib/go/common/go.mod b/lib/go/common/go.mod
new file mode 100644
index 00000000..9a459b71
--- /dev/null
+++ b/lib/go/common/go.mod
@@ -0,0 +1,57 @@
+module github.com/deckhouse/sds-node-configurator/lib/go/common
+
+go 1.23.4
+
+require (
+	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250116103144-d23aedd591a3
+	sigs.k8s.io/controller-runtime v0.20.1
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/term v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.32.0 // indirect
+	k8s.io/apimachinery v0.32.0 // indirect
+	k8s.io/client-go v0.32.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)
+
+// Do not combine multiple replacements into a single block,
+// as this will break the CI workflow "Check Go module version."
+replace github.com/deckhouse/sds-node-configurator/api => ../../../api
+
+replace github.com/deckhouse/sds-node-configurator/lib/go/common => ./
diff --git a/lib/go/common/go.sum b/lib/go/common/go.sum
new file mode 100644
index 00000000..50dd3d6d
--- /dev/null
+++ b/lib/go/common/go.sum
@@ -0,0 +1,166 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
+k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
+k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
+k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
+k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
+k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
+k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
+sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/lib/go/common/pkg/feature/1_ce.go b/lib/go/common/pkg/feature/1_ce.go
new file mode 100644
index 00000000..cd714a16
--- /dev/null
+++ b/lib/go/common/pkg/feature/1_ce.go
@@ -0,0 +1,18 @@
+//go:build ce
+
+/*
+Copyright 2024 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package feature
+
+const SnapshotsEnabled = false
diff --git a/lib/go/common/pkg/feature/2_se.go b/lib/go/common/pkg/feature/2_se.go
new file mode 100644
index 00000000..2f7dfea1
--- /dev/null
+++ b/lib/go/common/pkg/feature/2_se.go
@@ -0,0 +1,18 @@
+//go:build se
+
+/*
+Copyright 2024 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package feature
+
+const SnapshotsEnabled = false
diff --git a/lib/go/common/pkg/feature/3_se_plus.go b/lib/go/common/pkg/feature/3_se_plus.go
new file mode 100644
index 00000000..71dc81f9
--- /dev/null
+++ b/lib/go/common/pkg/feature/3_se_plus.go
@@ -0,0 +1,18 @@
+//go:build seplus
+
+/*
+Copyright 2024 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package feature
+
+const SnapshotsEnabled = false
diff --git a/lib/go/common/pkg/feature/4_ee.go b/lib/go/common/pkg/feature/4_ee.go
new file mode 100644
index 00000000..a0e47244
--- /dev/null
+++ b/lib/go/common/pkg/feature/4_ee.go
@@ -0,0 +1,18 @@
+//go:build ee
+
+/*
+Copyright 2024 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package feature
+
+const SnapshotsEnabled = true
diff --git a/lib/go/common/pkg/feature/5_cse_pro.go b/lib/go/common/pkg/feature/5_cse_pro.go
new file mode 100644
index 00000000..b7a391a5
--- /dev/null
+++ b/lib/go/common/pkg/feature/5_cse_pro.go
@@ -0,0 +1,18 @@
+//go:build csepro
+
+/*
+Copyright 2024 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package feature
+
+const SnapshotsEnabled = true
diff --git a/lib/go/common/pkg/validating/validator.go b/lib/go/common/pkg/validating/validator.go
new file mode 100644
index 00000000..eab12eee
--- /dev/null
+++ b/lib/go/common/pkg/validating/validator.go
@@ -0,0 +1,57 @@
+/*
+Copyright 2024 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validating
+
+import (
+	"context"
+	"fmt"
+
+	snc "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	feature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// func ValidateLVMLogicalVolumeSnapshot(llvs *snc.LVMLogicalVolumeSnapshot, llv *snc.LVMLogicalVolume) (string, error) {
+func ValidateLVMLogicalVolumeSnapshot(ctx context.Context, cl client.Client, llvs *snc.LVMLogicalVolumeSnapshot, llv *snc.LVMLogicalVolume) (string, error) {
+
+	// var logPostfix = "Such a combination of parameters is not allowed"
+
+	if !feature.SnapshotsEnabled {
+		msg := "The snapshot feature is not available in your edition"
+		return msg, nil
+	}
+
+	if llvs.DeletionTimestamp != nil {
+		return "", nil
+	}
+
+	if llvs.Status == nil {
+		// cl.Get(ctx, llvs.Spec.LVMLogicalVolumeName, llv)
+		err := cl.Get(ctx, types.NamespacedName{Name: llvs.Spec.LVMLogicalVolumeName}, llv)
+		if err != nil {
+			return "", fmt.Errorf("Failed to get source LVMLogicalVolume %s: %s", llvs.Spec.LVMLogicalVolumeName, err)
+		}
+
+		if llv.Spec.Thin == nil {
+			return "Source LVMLogicalVolume %s is not thin provisioned. Snapshots are only supported for thin provisioned logical volumes", nil
+		}
+
+	}
+
+	return "", nil
+}

From fae47644ee65d35b0e2e19cdf92a884f8178bf6f Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Sun, 9 Feb 2025 22:25:55 +0300
Subject: [PATCH 028/115] another fix

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/agent/src/internal/controller/llvs/reconciler_ee.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/agent/src/internal/controller/llvs/reconciler_ee.go b/images/agent/src/internal/controller/llvs/reconciler_ee.go
index 6e420be2..3ce49c2b 100644
--- a/images/agent/src/internal/controller/llvs/reconciler_ee.go
+++ b/images/agent/src/internal/controller/llvs/reconciler_ee.go
@@ -1,4 +1,4 @@
-//go:build ee
+//go:build !ce
 
 /*
 Copyright 2025 Flant JSC

From 286a7479e3145034da21e61b0b1ead25e186e584 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 00:36:13 +0300
Subject: [PATCH 029/115] another fixes2

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 lib/go/common/pkg/feature/2_se.go      | 2 +-
 lib/go/common/pkg/feature/3_se_plus.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/go/common/pkg/feature/2_se.go b/lib/go/common/pkg/feature/2_se.go
index 2f7dfea1..2724e839 100644
--- a/lib/go/common/pkg/feature/2_se.go
+++ b/lib/go/common/pkg/feature/2_se.go
@@ -15,4 +15,4 @@ limitations under the License.
 
 package feature
 
-const SnapshotsEnabled = false
+const SnapshotsEnabled = true
diff --git a/lib/go/common/pkg/feature/3_se_plus.go b/lib/go/common/pkg/feature/3_se_plus.go
index 71dc81f9..0cf896aa 100644
--- a/lib/go/common/pkg/feature/3_se_plus.go
+++ b/lib/go/common/pkg/feature/3_se_plus.go
@@ -15,4 +15,4 @@ limitations under the License.
 
 package feature
 
-const SnapshotsEnabled = false
+const SnapshotsEnabled = true

From 704358dd2f9f2fd418aed31ec3415e6dddd89c83 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 00:38:34 +0300
Subject: [PATCH 030/115] fixes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/agent/src/internal/controller/llv/llvs_ce.go | 13 +++++++++++++
 lib/go/common/pkg/feature/1_ce.go                   |  2 +-
 lib/go/common/pkg/feature/2_se.go                   | 12 ++----------
 lib/go/common/pkg/feature/3_se_plus.go              | 12 ++----------
 lib/go/common/pkg/feature/4_ee.go                   | 12 ++----------
 lib/go/common/pkg/feature/5_cse_pro.go              | 12 ++----------
 6 files changed, 22 insertions(+), 41 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/llvs_ce.go b/images/agent/src/internal/controller/llv/llvs_ce.go
index dd4e75ea..2b37f7cc 100644
--- a/images/agent/src/internal/controller/llv/llvs_ce.go
+++ b/images/agent/src/internal/controller/llv/llvs_ce.go
@@ -1,5 +1,18 @@
 //go:build ce
 
+/*
+Copyright 2025 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package llv
 
 import (
diff --git a/lib/go/common/pkg/feature/1_ce.go b/lib/go/common/pkg/feature/1_ce.go
index cd714a16..1e3dbcaf 100644
--- a/lib/go/common/pkg/feature/1_ce.go
+++ b/lib/go/common/pkg/feature/1_ce.go
@@ -1,7 +1,7 @@
 //go:build ce
 
 /*
-Copyright 2024 Flant JSC
+Copyright 2025 Flant JSC
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
diff --git a/lib/go/common/pkg/feature/2_se.go b/lib/go/common/pkg/feature/2_se.go
index 2724e839..a34d91ce 100644
--- a/lib/go/common/pkg/feature/2_se.go
+++ b/lib/go/common/pkg/feature/2_se.go
@@ -1,16 +1,8 @@
 //go:build se
 
 /*
-Copyright 2024 Flant JSC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 */
 
 package feature
diff --git a/lib/go/common/pkg/feature/3_se_plus.go b/lib/go/common/pkg/feature/3_se_plus.go
index 0cf896aa..84ead276 100644
--- a/lib/go/common/pkg/feature/3_se_plus.go
+++ b/lib/go/common/pkg/feature/3_se_plus.go
@@ -1,16 +1,8 @@
 //go:build seplus
 
 /*
-Copyright 2024 Flant JSC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 */
 
 package feature
diff --git a/lib/go/common/pkg/feature/4_ee.go b/lib/go/common/pkg/feature/4_ee.go
index a0e47244..c8cad598 100644
--- a/lib/go/common/pkg/feature/4_ee.go
+++ b/lib/go/common/pkg/feature/4_ee.go
@@ -1,16 +1,8 @@
 //go:build ee
 
 /*
-Copyright 2024 Flant JSC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 */
 
 package feature
diff --git a/lib/go/common/pkg/feature/5_cse_pro.go b/lib/go/common/pkg/feature/5_cse_pro.go
index b7a391a5..2c6bb4e2 100644
--- a/lib/go/common/pkg/feature/5_cse_pro.go
+++ b/lib/go/common/pkg/feature/5_cse_pro.go
@@ -1,16 +1,8 @@
 //go:build csepro
 
 /*
-Copyright 2024 Flant JSC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 */
 
 package feature

From 2e5baa22d2181083d4746819c0c115d7fb2bad10 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 00:39:12 +0300
Subject: [PATCH 031/115] fixes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/agent/src/cmd/llvs_ce.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/images/agent/src/cmd/llvs_ce.go b/images/agent/src/cmd/llvs_ce.go
index 93eee738..4a6f0b74 100644
--- a/images/agent/src/cmd/llvs_ce.go
+++ b/images/agent/src/cmd/llvs_ce.go
@@ -1,5 +1,18 @@
 //go:build ce
 
+/*
+Copyright 2025 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package main
 
 import (

From 0ee6811d93af8dc1edb64598afaae985ee5c59b9 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 00:59:27 +0300
Subject: [PATCH 032/115] some fixes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 .golangci.yaml                                             | 1 +
 .../src/pkg/controller/lvm_volume_group_set_watcher.go     | 4 ++--
 images/webhooks/src/cmd/main.go                            | 4 ++--
 images/webhooks/src/handlers/func.go                       | 3 +--
 images/webhooks/src/handlers/llvsValidator.go              | 6 ++++++
 lib/go/common/pkg/validating/validator.go                  | 7 +------
 6 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 4a801f2c..1ba14916 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -17,6 +17,7 @@ linters-settings:
       - prefix(agent)
       - prefix(sds-health-watcher-controller)
       - prefix(sds-utils-installer)
+      - prefix(webhooks)
 
 linters:
   disable-all: true
diff --git a/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go b/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go
index e604232f..f96c388c 100644
--- a/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go
+++ b/images/sds-health-watcher-controller/src/pkg/controller/lvm_volume_group_set_watcher.go
@@ -106,8 +106,8 @@ func RunLVMVolumeGroupSetWatcher(
 	return nil
 }
 
-func shouldLVGSetWatcherReconcileUpdateEvent(old, new *v1alpha1.LVMVolumeGroupSet) bool {
-	return !reflect.DeepEqual(old.Spec, new.Spec)
+func shouldLVGSetWatcherReconcileUpdateEvent(oldLVG, newLVG *v1alpha1.LVMVolumeGroupSet) bool {
+	return !reflect.DeepEqual(oldLVG.Spec, newLVG.Spec)
 }
 
 func reconcileLVMVolumeGroupSet(ctx context.Context, cl client.Client, log logger.Logger, metrics monitoring.Metrics, lvgSet *v1alpha1.LVMVolumeGroupSet) (bool, error) {
diff --git a/images/webhooks/src/cmd/main.go b/images/webhooks/src/cmd/main.go
index 9e912550..5f30edda 100644
--- a/images/webhooks/src/cmd/main.go
+++ b/images/webhooks/src/cmd/main.go
@@ -22,11 +22,11 @@ import (
 	"net/http"
 	"os"
 
-	"webhooks/handlers"
-
 	cn "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
 	"github.com/sirupsen/logrus"
 	kwhlogrus "github.com/slok/kubewebhook/v2/pkg/log/logrus"
+
+	"webhooks/handlers"
 )
 
 type config struct {
diff --git a/images/webhooks/src/handlers/func.go b/images/webhooks/src/handlers/func.go
index d8f03952..3c1e95ac 100644
--- a/images/webhooks/src/handlers/func.go
+++ b/images/webhooks/src/handlers/func.go
@@ -26,10 +26,9 @@ import (
 	kwhhttp "github.com/slok/kubewebhook/v2/pkg/http"
 	"github.com/slok/kubewebhook/v2/pkg/log"
 	"github.com/slok/kubewebhook/v2/pkg/model"
-	apiruntime "k8s.io/apimachinery/pkg/runtime"
-
 	kwhvalidating "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	apiruntime "k8s.io/apimachinery/pkg/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
diff --git a/images/webhooks/src/handlers/llvsValidator.go b/images/webhooks/src/handlers/llvsValidator.go
index 90f61eb9..8c075167 100644
--- a/images/webhooks/src/handlers/llvsValidator.go
+++ b/images/webhooks/src/handlers/llvsValidator.go
@@ -28,6 +28,12 @@ import (
 )
 
 func LLVSValidate(ctx context.Context, arReview *model.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
+	if arReview.Operation == model.OperationDelete {
+		return &kwhvalidating.ValidatorResult{
+			Valid: true,
+		}, nil
+	}
+
 	llvs, ok := obj.(*snc.LVMLogicalVolumeSnapshot)
 	if !ok {
 		return &kwhvalidating.ValidatorResult{}, nil
diff --git a/lib/go/common/pkg/validating/validator.go b/lib/go/common/pkg/validating/validator.go
index eab12eee..b43ef068 100644
--- a/lib/go/common/pkg/validating/validator.go
+++ b/lib/go/common/pkg/validating/validator.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2024 Flant JSC
+Copyright 2025 Flant JSC
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -26,11 +26,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-// func ValidateLVMLogicalVolumeSnapshot(llvs *snc.LVMLogicalVolumeSnapshot, llv *snc.LVMLogicalVolume) (string, error) {
 func ValidateLVMLogicalVolumeSnapshot(ctx context.Context, cl client.Client, llvs *snc.LVMLogicalVolumeSnapshot, llv *snc.LVMLogicalVolume) (string, error) {
-
-	// var logPostfix = "Such a combination of parameters is not allowed"
-
 	if !feature.SnapshotsEnabled {
 		msg := "The snapshot feature is not available in your edition"
 		return msg, nil
@@ -50,7 +46,6 @@ func ValidateLVMLogicalVolumeSnapshot(ctx context.Context, cl client.Client, llv
 		if llv.Spec.Thin == nil {
 			return "Source LVMLogicalVolume %s is not thin provisioned. Snapshots are only supported for thin provisioned logical volumes", nil
 		}
-
 	}
 
 	return "", nil

From a61b92b05343ffdae50a90202d85c8c00e17faf7 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 01:05:00 +0300
Subject: [PATCH 033/115] change workflows

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 .github/workflows/build_dev.yml  |  4 ++--
 .github/workflows/build_prod.yml | 10 +++++-----
 .github/workflows/go_lint.yaml   |  2 +-
 .github/workflows/go_tests.yaml  |  2 +-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build_dev.yml b/.github/workflows/build_dev.yml
index 15019e20..565bfdd7 100644
--- a/.github/workflows/build_dev.yml
+++ b/.github/workflows/build_dev.yml
@@ -53,9 +53,9 @@ jobs:
         run: |
           # Slect edition for build, default EE
           if echo "${{ steps.get-labels.outputs.result }}" | grep -q "edition/ce"; then
-            echo "MODULE_EDITION=CE" >> "$GITHUB_OUTPUT"
+            echo "MODULE_EDITION=ce" >> "$GITHUB_OUTPUT"
           else
-            echo "MODULE_EDITION=EE" >> "$GITHUB_OUTPUT"
+            echo "MODULE_EDITION=ee" >> "$GITHUB_OUTPUT"
           fi
 
   dev_setup_build:
diff --git a/.github/workflows/build_prod.yml b/.github/workflows/build_prod.yml
index 11df369e..612c1b6e 100644
--- a/.github/workflows/build_prod.yml
+++ b/.github/workflows/build_prod.yml
@@ -27,7 +27,7 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/ce/modules" >> "$GITHUB_ENV"
-          echo "MODULE_EDITION=CE" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=ce" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
@@ -61,7 +61,7 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/ee/modules" >> "$GITHUB_ENV"
-          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=ee" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
@@ -95,7 +95,7 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/fe/modules" >> "$GITHUB_ENV"
-          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=ee" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
@@ -129,7 +129,7 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/se/modules" >> "$GITHUB_ENV"
-          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=se" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
@@ -163,7 +163,7 @@ jobs:
       - name: SET VAR
         run: |
           echo "MODULES_MODULE_SOURCE=$MODULES_REGISTRY/$MODULE_SOURCE_NAME/se-plus/modules" >> "$GITHUB_ENV"
-          echo "MODULE_EDITION=EE" >> "$GITHUB_ENV"
+          echo "MODULE_EDITION=seplus" >> "$GITHUB_ENV"
       - run: |
           echo $MODULES_REGISTRY
           echo $MODULES_MODULE_NAME
diff --git a/.github/workflows/go_lint.yaml b/.github/workflows/go_lint.yaml
index 758aa427..85fc9824 100644
--- a/.github/workflows/go_lint.yaml
+++ b/.github/workflows/go_lint.yaml
@@ -1,7 +1,7 @@
 name: Go linter for images
 
 env:
-  GO_BUILD_TAGS: "CE EE"
+  GO_BUILD_TAGS: "ce se seplus ee csepro"
 
 on:
   pull_request:
diff --git a/.github/workflows/go_tests.yaml b/.github/workflows/go_tests.yaml
index c21fce40..19db8e13 100644
--- a/.github/workflows/go_tests.yaml
+++ b/.github/workflows/go_tests.yaml
@@ -1,7 +1,7 @@
 name: Go tests for images
 
 env:
-  GO_BUILD_TAGS: "EE CE"
+  GO_BUILD_TAGS: "ce se seplus ee csepro"
 
 on:
   pull_request:

From d295a226f007229059e687f15cac9bcc75bf3e61 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 01:11:21 +0300
Subject: [PATCH 034/115] some changes in choice edition

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 .werf/choice-edition.yaml                  | 3 ++-
 openapi/{values_CE.yaml => values_ce.yaml} | 0
 openapi/{values_EE.yaml => values_ee.yaml} | 0
 3 files changed, 2 insertions(+), 1 deletion(-)
 rename openapi/{values_CE.yaml => values_ce.yaml} (100%)
 rename openapi/{values_EE.yaml => values_ee.yaml} (100%)

diff --git a/.werf/choice-edition.yaml b/.werf/choice-edition.yaml
index 154976ec..52901c23 100644
--- a/.werf/choice-edition.yaml
+++ b/.werf/choice-edition.yaml
@@ -11,5 +11,6 @@ git:
 shell:
   setup:
     - cd /openapi
-    - cp -v values_{{ .MODULE_EDITION }}.yaml values.yaml
+    # - cp -v values_{{ .MODULE_EDITION }}.yaml values.yaml
+    - if [[ {{ .MODULE_EDITION }} == "ce" ]]; then cp -v values_ce.yaml values.yaml; else cp -v values_ee.yaml values.yaml; fi
     - rm -f values_*.yaml
diff --git a/openapi/values_CE.yaml b/openapi/values_ce.yaml
similarity index 100%
rename from openapi/values_CE.yaml
rename to openapi/values_ce.yaml
diff --git a/openapi/values_EE.yaml b/openapi/values_ee.yaml
similarity index 100%
rename from openapi/values_EE.yaml
rename to openapi/values_ee.yaml

From 50a305d09fd20bebda2ea5a51d21c7cd74661ab5 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 01:18:58 +0300
Subject: [PATCH 035/115] change werf

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/agent/werf.inc.yaml    | 16 ++++++++--------
 images/webhooks/werf.inc.yaml |  1 +
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/images/agent/werf.inc.yaml b/images/agent/werf.inc.yaml
index c458ace6..a58c50c4 100644
--- a/images/agent/werf.inc.yaml
+++ b/images/agent/werf.inc.yaml
@@ -7,16 +7,15 @@ from: {{ $.Root.BASE_ALT_P11 }}
 final: false
 
 git:
-  - add: /images/{{ $.ImageName }}/src
-    to: /src/images/{{ $.ImageName }}/src
-    stageDependencies:
-      install:
-        - "**/*"
-  - add: /api
-    to: /src/api
+  - add: /
+    to: /src
+    includePaths:
+      - api
+      - lib/go
+      - images/{{ $.ImageName }}/src
     stageDependencies:
       install:
-        - "**/*"
+        - '**/*'
 
 shell:
   install:
@@ -24,6 +23,7 @@ shell:
     - apt-get -y install git
     - git clone --depth 1 --branch {{ $.Versions.UTIL_LINUX }} {{ env "SOURCE_REPO" }}/util-linux/util-linux.git /src/util-linux
     - rm -rf /src/util-linux/.git
+    - rm -rf /src/.git
 
 
 ---
diff --git a/images/webhooks/werf.inc.yaml b/images/webhooks/werf.inc.yaml
index d0d2781f..6edbb7a4 100644
--- a/images/webhooks/werf.inc.yaml
+++ b/images/webhooks/werf.inc.yaml
@@ -8,6 +8,7 @@ git:
     to: /src
     includePaths:
       - api
+      - lib/go
       - images/{{ $.ImageName }}/src
     stageDependencies:
       install:

From 7a7aef8a381729933e9d7c4102a38e617896f911 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 10:37:36 +0300
Subject: [PATCH 036/115] fix

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/agent/src/cmd/main.go                        | 4 ++--
 images/agent/src/internal/controller/llv/llvs_ee.go | 2 +-
 lib/go/common/pkg/feature/1_ce.go                   | 6 +++++-
 lib/go/common/pkg/feature/2_se.go                   | 6 +++++-
 lib/go/common/pkg/feature/3_se_plus.go              | 6 +++++-
 lib/go/common/pkg/feature/4_ee.go                   | 6 +++++-
 lib/go/common/pkg/feature/5_cse_pro.go              | 6 +++++-
 lib/go/common/pkg/validating/validator.go           | 2 +-
 8 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/images/agent/src/cmd/main.go b/images/agent/src/cmd/main.go
index 65f1fd72..c9e890a6 100644
--- a/images/agent/src/cmd/main.go
+++ b/images/agent/src/cmd/main.go
@@ -74,7 +74,7 @@ func main() {
 	log.Info(fmt.Sprintf("[main] Go Version:%s ", goruntime.Version()))
 	log.Info(fmt.Sprintf("[main] OS/Arch:Go OS/Arch:%s/%s ", goruntime.GOOS, goruntime.GOARCH))
 
-	log.Info(fmt.Sprintf("[main] Feature SnapshotsEnabled: %v", commonfeature.SnapshotsEnabled))
+	log.Info(fmt.Sprintf("[main] Feature SnapshotsEnabled: %t", commonfeature.SnapshotsEnabled()))
 
 	log.Info("[main] CfgParams has been successfully created")
 	log.Info(fmt.Sprintf("[main] %s = %s", config.LogLevel, cfgParams.Loglevel))
@@ -236,7 +236,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	if commonfeature.SnapshotsEnabled {
+	if commonfeature.SnapshotsEnabled() {
 		log.Info("[main] Snapshot feature is enabled. Adding LLVS reconciler")
 		addLLVSReconciler(mgr, log, metrics, sdsCache, cfgParams)
 	}
diff --git a/images/agent/src/internal/controller/llv/llvs_ee.go b/images/agent/src/internal/controller/llv/llvs_ee.go
index e542fd5e..c4901128 100644
--- a/images/agent/src/internal/controller/llv/llvs_ee.go
+++ b/images/agent/src/internal/controller/llv/llvs_ee.go
@@ -20,7 +20,7 @@ import (
 )
 
 func (r *Reconciler) handleLLVSSource(ctx context.Context, llv *v1alpha1.LVMLogicalVolume, lvg *v1alpha1.LVMVolumeGroup) (string, bool, error) {
-	if !commonfeature.SnapshotsEnabled {
+	if !commonfeature.SnapshotsEnabled() {
 		return "", false, errors.New("LVMLocalVolumeSnapshot as a source is not supported in your edition")
 	}
 
diff --git a/lib/go/common/pkg/feature/1_ce.go b/lib/go/common/pkg/feature/1_ce.go
index 1e3dbcaf..c5d0c028 100644
--- a/lib/go/common/pkg/feature/1_ce.go
+++ b/lib/go/common/pkg/feature/1_ce.go
@@ -15,4 +15,8 @@ limitations under the License.
 
 package feature
 
-const SnapshotsEnabled = false
+const snapshotsEnabled = false
+
+func SnapshotsEnabled() bool {
+	return snapshotsEnabled
+}
diff --git a/lib/go/common/pkg/feature/2_se.go b/lib/go/common/pkg/feature/2_se.go
index a34d91ce..c836809a 100644
--- a/lib/go/common/pkg/feature/2_se.go
+++ b/lib/go/common/pkg/feature/2_se.go
@@ -7,4 +7,8 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 
 package feature
 
-const SnapshotsEnabled = true
+const snapshotsEnabled = true
+
+func SnapshotsEnabled() bool {
+	return snapshotsEnabled
+}
diff --git a/lib/go/common/pkg/feature/3_se_plus.go b/lib/go/common/pkg/feature/3_se_plus.go
index 84ead276..d04b0089 100644
--- a/lib/go/common/pkg/feature/3_se_plus.go
+++ b/lib/go/common/pkg/feature/3_se_plus.go
@@ -7,4 +7,8 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 
 package feature
 
-const SnapshotsEnabled = true
+const snapshotsEnabled = true
+
+func SnapshotsEnabled() bool {
+	return snapshotsEnabled
+}
diff --git a/lib/go/common/pkg/feature/4_ee.go b/lib/go/common/pkg/feature/4_ee.go
index c8cad598..cd7fdf57 100644
--- a/lib/go/common/pkg/feature/4_ee.go
+++ b/lib/go/common/pkg/feature/4_ee.go
@@ -7,4 +7,8 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 
 package feature
 
-const SnapshotsEnabled = true
+const snapshotsEnabled = true
+
+func SnapshotsEnabled() bool {
+	return snapshotsEnabled
+}
diff --git a/lib/go/common/pkg/feature/5_cse_pro.go b/lib/go/common/pkg/feature/5_cse_pro.go
index 2c6bb4e2..ceb49865 100644
--- a/lib/go/common/pkg/feature/5_cse_pro.go
+++ b/lib/go/common/pkg/feature/5_cse_pro.go
@@ -7,4 +7,8 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 
 package feature
 
-const SnapshotsEnabled = true
+const snapshotsEnabled = true
+
+func SnapshotsEnabled() bool {
+	return snapshotsEnabled
+}
diff --git a/lib/go/common/pkg/validating/validator.go b/lib/go/common/pkg/validating/validator.go
index b43ef068..adc3ff4a 100644
--- a/lib/go/common/pkg/validating/validator.go
+++ b/lib/go/common/pkg/validating/validator.go
@@ -27,7 +27,7 @@ import (
 )
 
 func ValidateLVMLogicalVolumeSnapshot(ctx context.Context, cl client.Client, llvs *snc.LVMLogicalVolumeSnapshot, llv *snc.LVMLogicalVolume) (string, error) {
-	if !feature.SnapshotsEnabled {
+	if !feature.SnapshotsEnabled() {
 		msg := "The snapshot feature is not available in your edition"
 		return msg, nil
 	}

From c7f231089a80785692809c9b21f02a24c25b8e35 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Mon, 3 Feb 2025 14:52:36 +0600
Subject: [PATCH 037/115] First draft of user documentation

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.ru.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 45d96f58..052f701e 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -170,3 +170,43 @@ kubectl delete lvg %lvg-name%
 > **Внимание!** Если удаляемый ресурс `LVMVolumeGroup` содержит `Logical Volume` (даже если это только `Thin-pool`, который указан в `spec`) пользователю необходимо самостоятельно удалить все `Logical Volume`, которые содержит удаляемая `Volume Group`. В противном случае ни ресурс, ни `Volume Group` удалены не будут.
 
 > Пользователь может запретить удаление `LVMVolumeGroup` ресурса, повесив на ресурс специальную аннотацию `storage.deckhouse.io/deletion-protection`. При наличии данной аннотации контроллер не будет удалять ни ресурс, ни соответствующую `Volume Group` до тех пор, пока аннотация не будет снята с ресурса.
+
+## Безопасность удаления данных
+
+Удаление данных работает по-разному на жестких дисках и твердотельных накопителях. Это продиктовано различиями в принципах работы этих устройств.
+
+Жесткий диск при записи данных в блок физически заменяет старые данные новыми. Твердотельный накопитель пишет новые данные в новый блок, а старый блок помечает для очистки. При этом блоки твердотельного накопителя имеют ограниченный ресурс циклов очистки/записи. Для продления срока службы твердотельных накопителей предусмотрена команда `discard`, которая помечает блок свободным напрямую, без записи новых данных.
+
+> **Внимание!** Недоступность данных после `discard` зависит от физического устройства.
+
+Для предотвращения утечки данных между виртуальными машинами через блочные устройства LVM сконфигурирован так:
+
+* обычные тома:
+  * `devices/issue_discards=1` для отправки `discard` на физическое устройство, когда блоки перестают использоваться LVM, например при удалении томов. Не влияет на thin-тома, только на весь thin pool
+* thin-тома:
+  * `allocation/thin_pool_discards="passdown"` для пересылки `discard` на устройство с thin-томов
+  * `allocation/thin_pool_zero=1` для зануления блоков thin-томов при первом использовании
+
+Для жестких дисков добавлена опция `secureEraseForHDD` в `LVMLogicalVolume` и `LocalStorageClass`, которая задает процедуру очистки блоков при удалении логических томов. Опцию можно отредактировать перед удалением тома.
+
+> **Внимание!** Эту опцию нельзя включить для thin-томов.
+
+В результате:
+
+* Для жестких дисков добавлена опция `secureEraseForHDD`:
+  * задает процедуру очистки блоков, удаляемых логических томов
+  * нельзя включить для thin-томов
+* Для твердотельных накопителей:
+  * LVM пересылает `discard` с логических томов на физическое устройство (с какой версии?)
+  * при удалении логических томов `discard` отправляется на все занятые этими томами блоки физического устройства
+* Для thin-томов:
+  * включена настройка LVM, гарантирующая вычитывание нулей из блоков и их областей, которые ещё не были записаны.
+  * при освобождении блоков через `discard` логического тома, команда пересылается на физическое устройство
+  * нельзя включить опцию `secureEraseForHDD`
+
+TODO: Подсветить:
+
+* Будет-ли ошибка при создании thin volume на HDD?
+* Не все твердотельные накопители дают гарантии чтения из освобожденных блоков. Будет ошибка?
+* Очистка физических устройств при удалении из Volume Group?
+* С какой версии LVM пересылает дискарды с логических томов?

From d46438a6d385c29377593da8a81a55820b19c40c Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 3 Feb 2025 11:51:47 +0300
Subject: [PATCH 038/115] first commit

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 crds/lvmlogicalvolume.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index 0e5247d1..53c8ef68 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -115,6 +115,7 @@ spec:
                           message: Value is immutable.
                       description: |
                         If true, the Logical Volume will be created with the contiguous flag. Use it carefully as LV might not be created even if there is enough space in VG.
+                    # secureEraseForHDD:
                 source:
                   type: object
                   description: |

From b7092c00e0152db6b2f6aa2b79ab52ccab266f3c Mon Sep 17 00:00:00 2001
From: Anton Sergunov <setosha@gmail.com>
Date: Tue, 4 Feb 2025 18:11:32 +0600
Subject: [PATCH 039/115] Update USAGE.ru.md

Signed-off-by: Anton Sergunov <setosha@gmail.com>
Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.ru.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 052f701e..21d13f4a 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -189,7 +189,7 @@ kubectl delete lvg %lvg-name%
 
 Для жестких дисков добавлена опция `secureEraseForHDD` в `LVMLogicalVolume` и `LocalStorageClass`, которая задает процедуру очистки блоков при удалении логических томов. Опцию можно отредактировать перед удалением тома.
 
-> **Внимание!** Эту опцию нельзя включить для thin-томов.
+> **Внимание!** Эту опцию нельзя включить для thin-томов. Для освобождаемых блоков вызывается только `discard`, который ничего не делает на жестком диске, а затирание нулями произойдет только когда блок будет снова использован. Данные пользователя всё это время будут оставаться на диске. Затереть данные в этом случае может только пользовательское приложение. Однако если есть снапшот, приложение не сможет затереть данные.
 
 В результате:
 
@@ -206,7 +206,6 @@ kubectl delete lvg %lvg-name%
 
 TODO: Подсветить:
 
-* Будет-ли ошибка при создании thin volume на HDD?
 * Не все твердотельные накопители дают гарантии чтения из освобожденных блоков. Будет ошибка?
 * Очистка физических устройств при удалении из Volume Group?
 * С какой версии LVM пересылает дискарды с логических томов?

From 158c1177631c2c6052b567fd8919647b33e6f988 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Wed, 5 Feb 2025 15:45:30 +0300
Subject: [PATCH 040/115] some changes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.ru.md | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 21d13f4a..1e4c510b 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -173,23 +173,45 @@ kubectl delete lvg %lvg-name%
 
 ## Безопасность удаления данных
 
-Удаление данных работает по-разному на жестких дисках и твердотельных накопителях. Это продиктовано различиями в принципах работы этих устройств.
+Для предотвращения утечки данных между виртуальными машинами через блочные устройства LVM необходимо учитывать, что удаление данных работает по-разному на жестких дисках и твердотельных накопителях. Это продиктовано различиями в принципах работы этих устройств.
 
 Жесткий диск при записи данных в блок физически заменяет старые данные новыми. Твердотельный накопитель пишет новые данные в новый блок, а старый блок помечает для очистки. При этом блоки твердотельного накопителя имеют ограниченный ресурс циклов очистки/записи. Для продления срока службы твердотельных накопителей предусмотрена команда `discard`, которая помечает блок свободным напрямую, без записи новых данных.
 
-> **Внимание!** Недоступность данных после `discard` зависит от физического устройства.
+Поэтому, для жестких дисков мы предусмотрели опцию `secureEraseForHDD`, которая задает процедуру очистки блоков при удалении логических томов. Опцию можно отредактировать перед удалением тома. Данная опция применима только к thick-томам. При этом мы всегда перед удалением тома отправляем команду `discard` на физическое устройство, чтобы пометить блоки этого тома свободными (если это не будет отключено в опции `secureEraseForHDD`).
 
-Для предотвращения утечки данных между виртуальными машинами через блочные устройства LVM сконфигурирован так:
+> **Внимание!** Недоступность данных после `discard` зависит от физического устройства. Некоторые устройства могут отдавать старые данные, несмотря на то, что они помечены как свободные.
 
-* обычные тома:
-  * `devices/issue_discards=1` для отправки `discard` на физическое устройство, когда блоки перестают использоваться LVM, например при удалении томов. Не влияет на thin-тома, только на весь thin pool
+Опция `secureEraseForHDD` имеет следующие значения: 
+
+* `Disable` - не выполнять никаких дополнительных действий при удалении тома (`discard` при этом тоже НЕ будет отправлен на физическое устройство);
+* `SinglePass` - выполнить однопроходное затирание блоков случайными данными;
+* `ThreePass` - выполнить трехпроходное затирание блоков случайными данными.
+
+> **Внимание!** Не рекомендуется использовать опцию `secureEraseForHDD` для SSD, тк мы не проверяем, что устройство является HDD, поэтому опция `secureEraseForHDD` будет применена ко всем устройствам, на которых находится том, даже если это SSD. 
+
+
+<!-- * Для жестких дисков добавлена опция `secureEraseForHDD`:
+  * задает процедуру очистки блоков, удаляемых логических томов
+  * нельзя включить для thin-томов
+* Для твердотельных накопителей:
+  * LVM пересылает `discard` с логических томов на физическое устройство (с какой версии?)
+  * при удалении логических томов `discard` отправляется на все занятые этими томами блоки физического устройства
+* Для thin-томов:
+  * включена настройка LVM, гарантирующая вычитывание нулей из блоков и их областей, которые ещё не были записаны.
+  * при освобождении блоков через `discard` логического тома, команда пересылается на физическое устройство
+  * нельзя включить опцию `secureEraseForHDD` -->
+
+<!-- * обычные тома:
+  * `devices/issue_discards=1` для отправки `discard` на физическое устройство, когда блоки перестают использоваться LVM, например при удалении томов.
 * thin-тома:
   * `allocation/thin_pool_discards="passdown"` для пересылки `discard` на устройство с thin-томов
-  * `allocation/thin_pool_zero=1` для зануления блоков thin-томов при первом использовании
+  * `allocation/thin_pool_zero=1` для зануления блоков thin-томов при первом использовании -->
+<!-- 
+Для жестких дисков добавлена опция `secureEraseForHDD` в `LVMLogicalVolume` и `LocalStorageClass`, которая задает процедуру очистки блоков при удалении логических томов. Опцию можно отредактировать перед удалением тома. -->
 
-Для жестких дисков добавлена опция `secureEraseForHDD` в `LVMLogicalVolume` и `LocalStorageClass`, которая задает процедуру очистки блоков при удалении логических томов. Опцию можно отредактировать перед удалением тома.
+<!-- > **Внимание!** Эту опцию нельзя включить для thin-томов.  -->
 
-> **Внимание!** Эту опцию нельзя включить для thin-томов. Для освобождаемых блоков вызывается только `discard`, который ничего не делает на жестком диске, а затирание нулями произойдет только когда блок будет снова использован. Данные пользователя всё это время будут оставаться на диске. Затереть данные в этом случае может только пользовательское приложение. Однако если есть снапшот, приложение не сможет затереть данные.
+<!-- Для освобождаемых блоков вызывается только `discard`, который ничего не делает на жестком диске, а затирание нулями произойдет только когда блок будет снова использован. Данные пользователя всё это время будут оставаться на диске. Затереть данные в этом случае может только пользовательское приложение. Однако если есть снапшот, приложение не сможет затереть данные. -->
 
 В результате:
 

From 59f279593e56252acf4381a412aff7b8761b66f9 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 6 Feb 2025 16:44:10 +0600
Subject: [PATCH 041/115] =?UTF-8?q?=D0=95=D1=88=D1=91=20=D0=B2=D0=B0=D1=80?=
 =?UTF-8?q?=D0=B8=D0=B0=D0=BD=D1=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.ru.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 1e4c510b..2ed0252b 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -171,6 +171,39 @@ kubectl delete lvg %lvg-name%
 
 > Пользователь может запретить удаление `LVMVolumeGroup` ресурса, повесив на ресурс специальную аннотацию `storage.deckhouse.io/deletion-protection`. При наличии данной аннотации контроллер не будет удалять ни ресурс, ни соответствующую `Volume Group` до тех пор, пока аннотация не будет снята с ресурса.
 
+## Безопасность утечек данных между томами
+
+При удалении файлов файловые системы не удаляют данные, а лишь помечают их как удаленные. Имея доступ к тому, как блочному устройству, можно прочитать данные из удаленных предыдущим пользователем файлов.
+
+Для предотвращения утечек предусмотрена опция `volumeCleanupMethod`, которая имеет следующие значения:
+
+* `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему клиенту;
+* `SinglePass` - выполнить однопроходное затирание блоков случайными данными;
+* `ThreePass` - выполнить трехпроходное затирание блоков случайными данными;
+* `Discard` - вызывать `discard` при удалении тома;
+
+### Опция `SinglePass`
+
+Если записать новые данные в блочное устройство, то вычитать старые данные без специальных средств не получится. На жестком диске блоки располагаются в фиксированных областях диска. При записи в блочное устройство такого диска, данные на пластинах заменяются новыми. Поэтому для случая жесткого диска подходит `SinglePass` метод.
+
+### Опция `ThreePass`
+
+Если есть риск, что жесткий диск будет физически доступен для восстановления данных с использованием спец средств, может появиться необходимость затирать данные несколько раз. Для этого предусмотрена опция `ThreePass`.
+
+### Опция `Discard`
+
+В твердотельных накопителях используется NAND флеш-память. Ячейки такой памяти нельзя переписать без полной очистки, к тому-же они имеют ограниченный ресурс циклов очистки-записи. Из-за этой особенности при модификации новые данные записываются в чистую ячейку, которая подменяет собой старую. Из-за этого данные старой ячейки могут оказаться доступными для извлечения с использованием спец-средств. Гарантировать удаление данных (SecureErase) могут только производители дисков через специальные утилиты.
+
+Это делает опцию `ThreePass` практически бессмысленной для твердотельных накопителей.
+
+Для экономии ресурса твердотельного накопителя введена команда `discard` для отметки ячеек свободными самой файловой системой. Устройство балансирует использование ячеек, предпочтительно записывая данные в свободную ячейку с большим остаточным ресурсом. `discard` значительно увеличивает ресурс диска, увеличивая выбор свободных блоков при записи новых данных.
+
+Большинство современных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при переиспользовании твердотельных накопителей.
+
+Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группами (страницами). Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.
+
+Если устройство не гарантирует Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT), или не может быть доверенным, придется использовать `SinglePass` затирание, что уменьшит ресурс устройства.
+
 ## Безопасность удаления данных
 
 Для предотвращения утечки данных между виртуальными машинами через блочные устройства LVM необходимо учитывать, что удаление данных работает по-разному на жестких дисках и твердотельных накопителях. Это продиктовано различиями в принципах работы этих устройств.

From 5ca3263f2934a368810d7b9a53bef7e333e387a8 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 6 Feb 2025 17:29:43 +0600
Subject: [PATCH 042/115] thin

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.ru.md | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 2ed0252b..ec00859b 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -175,35 +175,45 @@ kubectl delete lvg %lvg-name%
 
 При удалении файлов файловые системы не удаляют данные, а лишь помечают их как удаленные. Имея доступ к тому, как блочному устройству, можно прочитать данные из удаленных предыдущим пользователем файлов.
 
-Для предотвращения утечек предусмотрена опция `volumeCleanupMethod`, которая имеет следующие значения:
+### Thick-тома
+
+Для предотвращения утечек через thick-тома предусмотрена опция `volumeCleanupMethod`, которая имеет следующие значения:
 
 * `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему клиенту;
 * `SinglePass` - выполнить однопроходное затирание блоков случайными данными;
 * `ThreePass` - выполнить трехпроходное затирание блоков случайными данными;
 * `Discard` - вызывать `discard` при удалении тома;
 
-### Опция `SinglePass`
+#### Опция `SinglePass`
 
 Если записать новые данные в блочное устройство, то вычитать старые данные без специальных средств не получится. На жестком диске блоки располагаются в фиксированных областях диска. При записи в блочное устройство такого диска, данные на пластинах заменяются новыми. Поэтому для случая жесткого диска подходит `SinglePass` метод.
 
-### Опция `ThreePass`
+#### Опция `ThreePass`
 
 Если есть риск, что жесткий диск будет физически доступен для восстановления данных с использованием спец средств, может появиться необходимость затирать данные несколько раз. Для этого предусмотрена опция `ThreePass`.
 
-### Опция `Discard`
+#### Опция `Discard`
 
 В твердотельных накопителях используется NAND флеш-память. Ячейки такой памяти нельзя переписать без полной очистки, к тому-же они имеют ограниченный ресурс циклов очистки-записи. Из-за этой особенности при модификации новые данные записываются в чистую ячейку, которая подменяет собой старую. Из-за этого данные старой ячейки могут оказаться доступными для извлечения с использованием спец-средств. Гарантировать удаление данных (SecureErase) могут только производители дисков через специальные утилиты.
 
 Это делает опцию `ThreePass` практически бессмысленной для твердотельных накопителей.
 
-Для экономии ресурса твердотельного накопителя введена команда `discard` для отметки ячеек свободными самой файловой системой. Устройство балансирует использование ячеек, предпочтительно записывая данные в свободную ячейку с большим остаточным ресурсом. `discard` значительно увеличивает ресурс диска, увеличивая выбор свободных блоков при записи новых данных.
+Для твердотельных накопителей в OS Linux предусмотрена команда `discard`. Она используется файловой системой для отметки ячейки как свободной. Устройство балансирует использование ячеек (wear leveling), предпочтительно записывая данные в свободную ячейку с большим остаточным ресурсом. `discard` значительно увеличивает ресурс диска, увеличивая выбор свободных блоков при записи новых данных.
 
-Большинство современных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при переиспользовании твердотельных накопителей.
+Большинство современных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при использовании твердотельных накопителей.
 
-Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группами (страницами). Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.
+Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группы - страницы. Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.
 
 Если устройство не гарантирует Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT), или не может быть доверенным, придется использовать `SinglePass` затирание, что уменьшит ресурс устройства.
 
+### Thin-тома
+
+Для Thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами.
+
+В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, остаточные данные могут остаться на thin-pool до нового использования такого блока.
+
+При этом thin-pool сам по себе является thick-томом. Используйте `volumeCleanupMethod` для задания процедуры его очистки при удалении.
+
 ## Безопасность удаления данных
 
 Для предотвращения утечки данных между виртуальными машинами через блочные устройства LVM необходимо учитывать, что удаление данных работает по-разному на жестких дисках и твердотельных накопителях. Это продиктовано различиями в принципах работы этих устройств.

From 53ff85451ce8a5fb340311428a51d9eb933c948f Mon Sep 17 00:00:00 2001
From: Anton Sergunov <setosha@gmail.com>
Date: Thu, 6 Feb 2025 17:35:13 +0600
Subject: [PATCH 043/115] Update USAGE.ru.md

Signed-off-by: Anton Sergunov <setosha@gmail.com>
Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.ru.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index ec00859b..b057798b 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -210,7 +210,7 @@ kubectl delete lvg %lvg-name%
 
 Для Thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами.
 
-В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, остаточные данные могут остаться на thin-pool до нового использования такого блока.
+В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, данные могут остаться на thin-pool до нового использования такого блока.
 
 При этом thin-pool сам по себе является thick-томом. Используйте `volumeCleanupMethod` для задания процедуры его очистки при удалении.
 

From 4774c7c1ea2bcb1256af42e4261aeb171b912888 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Fri, 7 Feb 2025 13:58:56 +0300
Subject: [PATCH 044/115] some changes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.ru.md | 80 +++++++++++++++++++++++++++++++++---------------
 1 file changed, 55 insertions(+), 25 deletions(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index b057798b..32128612 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -171,50 +171,80 @@ kubectl delete lvg %lvg-name%
 
 > Пользователь может запретить удаление `LVMVolumeGroup` ресурса, повесив на ресурс специальную аннотацию `storage.deckhouse.io/deletion-protection`. При наличии данной аннотации контроллер не будет удалять ни ресурс, ни соответствующую `Volume Group` до тех пор, пока аннотация не будет снята с ресурса.
 
-## Безопасность утечек данных между томами
+## Защита от утечек данных между томами
 
-При удалении файлов файловые системы не удаляют данные, а лишь помечают их как удаленные. Имея доступ к тому, как блочному устройству, можно прочитать данные из удаленных предыдущим пользователем файлов.
+При удалении файлов операционная система не удаляет содержимое физически, а лишь помечает соответствующие блоки как «свободные». Если новый том получает физические блоки, ранее использовавшиеся другим томом, в них могут остаться данные предыдущего пользователя. 
+
+Такое возможно, например, в таком случае:
+  - пользователь №1 разместил файлы в томе, запрошенном из StorageClass 1 и на узле 1 (не важно, в режиме «Block» или «Filesystem»);
+  - пользователь №1 удалил файлы и том;
+  - физические блоки, которые он занимал, становятся «свободными», но не затертыми;
+  - пользователь №2 запросил новый том из StorageClass 1 и на узле 1 в режиме «Block»;
+  - есть риск, что часть или все блоки, ранее занимаемые пользователем №1, будут снова выделены пользователю №2;
+  - в этом случае пользователь №2 имеет возможность восстановить данные пользователя №1.
 
 ### Thick-тома
 
-Для предотвращения утечек через thick-тома предусмотрена опция `volumeCleanupMethod`, которая имеет следующие значения:
+Для предотвращения утечек через thick-тома предусмотрено два параметра `volumeCleanupMethod`.
 
-* `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему клиенту;
-* `SinglePass` - выполнить однопроходное затирание блоков случайными данными;
-* `ThreePass` - выполнить трехпроходное затирание блоков случайными данными;
-* `Discard` - вызывать `discard` при удалении тома;
+#### Параметр `volumeCleanupMethod`
+
+* `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
+
+* `SinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, как она уменьшает ресурс накопителя.
+
+* `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, как она уменьшает ресурс накопителя. 
+
+* `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
+
+Большинство современных твердотельных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при использовании твердотельных накопителей.
+Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группы - страницы. Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.
+Если устройство не гарантирует Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT) и не является проверенным, то использовать его не рекомендуется.
+
+<!-- #### Параметр `volumePreparationMethod`
+
+* `Disable` - не выполнять никаких дополнительных действий перед использованием тома. Данные могут оказаться доступными следующему пользователю;
+* `ZeroFill` - том будет заполнен нулями перед использованием. Эта опция имеет смысл для твердотельных накопителей, если устройство не гарантирует немедленную недоступность освобожденных данных на чтение после `discard` при удалении тома. -->
 
-#### Опция `SinglePass`
 
-Если записать новые данные в блочное устройство, то вычитать старые данные без специальных средств не получится. На жестком диске блоки располагаются в фиксированных областях диска. При записи в блочное устройство такого диска, данные на пластинах заменяются новыми. Поэтому для случая жесткого диска подходит `SinglePass` метод.
 
-#### Опция `ThreePass`
+<!-- ##### `SinglePass`
 
-Если есть риск, что жесткий диск будет физически доступен для восстановления данных с использованием спец средств, может появиться необходимость затирать данные несколько раз. Для этого предусмотрена опция `ThreePass`.
+Том будет перезаписан случайными данными один раз перед удалением. Эта опция имеет смысл для жестких дисков, так как они физически заменяют старые данные новыми и без физического доступа к диску старые данные не могут быть восстановлены. -->
+<!-- Если записать новые данные в блочное устройство, то вычитать старые данные без специальных средств не получится. На жестком диске блоки располагаются в фиксированных областях диска. При записи в блочное устройство такого диска, данные на пластинах заменяются новыми. Поэтому для случая жесткого диска подходит `SinglePass` метод. -->
 
-#### Опция `Discard`
+<!-- Эта опция имеет смысл для жестких дисков, так как они физически заменяют старые данные новыми и без физического доступа к диску старые данные не могут быть восстановлены; -->
 
-В твердотельных накопителях используется NAND флеш-память. Ячейки такой памяти нельзя переписать без полной очистки, к тому-же они имеют ограниченный ресурс циклов очистки-записи. Из-за этой особенности при модификации новые данные записываются в чистую ячейку, которая подменяет собой старую. Из-за этого данные старой ячейки могут оказаться доступными для извлечения с использованием спец-средств. Гарантировать удаление данных (SecureErase) могут только производители дисков через специальные утилиты.
+<!-- #### Опция `ThreePass` -->
 
-Это делает опцию `ThreePass` практически бессмысленной для твердотельных накопителей.
+<!-- Том будет перезаписан случайными данными три раза перед удалением. Эта опция имеет смысл для жестких дисков, если есть риск, что жесткий диск будет физически доступен для восстановления данных с использованием спец средств. -->
 
-Для твердотельных накопителей в OS Linux предусмотрена команда `discard`. Она используется файловой системой для отметки ячейки как свободной. Устройство балансирует использование ячеек (wear leveling), предпочтительно записывая данные в свободную ячейку с большим остаточным ресурсом. `discard` значительно увеличивает ресурс диска, увеличивая выбор свободных блоков при записи новых данных.
+<!-- Если есть риск, что жесткий диск будет физически доступен для восстановления данных с использованием спец средств, может появиться необходимость затирать данные несколько раз. Для этого предусмотрена опция `ThreePass`. -->
 
-Большинство современных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при использовании твердотельных накопителей.
+<!-- #### Опция `Discard` -->
+
+
+<!-- Большинство современных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при использовании твердотельных накопителей.
 
 Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группы - страницы. Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.
 
-Если устройство не гарантирует Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT), или не может быть доверенным, придется использовать `SinglePass` затирание, что уменьшит ресурс устройства.
+Если устройство не гарантирует Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT) и не является проверенным, то рекомендуется использовать опцию `volumePreparationMethod`. -->
 
-### Thin-тома
+<!-- Для твердотельных накопителей в OS Linux предусмотрена команда `discard`. Она используется для отметки блока данных как свободного.  -->
+
+
+<!-- Устройство балансирует использование ячеек (wear leveling), предпочтительно записывая данные в свободную ячейку с большим остаточным ресурсом. `discard` значительно увеличивает ресурс диска, увеличивая выбор свободных блоков при записи новых данных.
 
-Для Thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами.
 
-В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, данные могут остаться на thin-pool до нового использования такого блока.
 
-При этом thin-pool сам по себе является thick-томом. Используйте `volumeCleanupMethod` для задания процедуры его очистки при удалении.
+В твердотельных накопителях используется NAND флеш-память. Ячейки такой памяти нельзя переписать без полной очистки, к тому-же они имеют ограниченный ресурс циклов очистки-записи. Из-за этой особенности при модификации новые данные записываются в чистую ячейку, которая логически подменяет собой старую. Из-за этого данные старой ячейки могут оказаться доступными для извлечения с использованием спец-средств. Гарантировать удаление данных (SecureErase) могут только производители дисков через специальные утилиты. -->
 
-## Безопасность удаления данных
+
+### Thin-тома
+
+В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, данные могут остаться на thin-pool до нового использования такого блока. Однако, мы не отдаем пользователям thin пул. Они могут получить только том из пула, а для Thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами. Это гарантируется настройкой `thin_pool_zero=1` в LVM. 
+
+<!-- ## Безопасность удаления данных
 
 Для предотвращения утечки данных между виртуальными машинами через блочные устройства LVM необходимо учитывать, что удаление данных работает по-разному на жестких дисках и твердотельных накопителях. Это продиктовано различиями в принципах работы этих устройств.
 
@@ -233,7 +263,7 @@ kubectl delete lvg %lvg-name%
 > **Внимание!** Не рекомендуется использовать опцию `secureEraseForHDD` для SSD, тк мы не проверяем, что устройство является HDD, поэтому опция `secureEraseForHDD` будет применена ко всем устройствам, на которых находится том, даже если это SSD. 
 
 
-<!-- * Для жестких дисков добавлена опция `secureEraseForHDD`:
+* Для жестких дисков добавлена опция `secureEraseForHDD`:
   * задает процедуру очистки блоков, удаляемых логических томов
   * нельзя включить для thin-томов
 * Для твердотельных накопителей:
@@ -254,7 +284,7 @@ kubectl delete lvg %lvg-name%
 
 <!-- > **Внимание!** Эту опцию нельзя включить для thin-томов.  -->
 
-<!-- Для освобождаемых блоков вызывается только `discard`, который ничего не делает на жестком диске, а затирание нулями произойдет только когда блок будет снова использован. Данные пользователя всё это время будут оставаться на диске. Затереть данные в этом случае может только пользовательское приложение. Однако если есть снапшот, приложение не сможет затереть данные. -->
+<!-- Для освобождаемых блоков вызывается только `discard`, который ничего не делает на жестком диске, а затирание нулями произойдет только когда блок будет снова использован. Данные пользователя всё это время будут оставаться на диске. Затереть данные в этом случае может только пользовательское приложение. Однако если есть снапшот, приложение не сможет затереть данные.
 
 В результате:
 
@@ -273,4 +303,4 @@ TODO: Подсветить:
 
 * Не все твердотельные накопители дают гарантии чтения из освобожденных блоков. Будет ошибка?
 * Очистка физических устройств при удалении из Volume Group?
-* С какой версии LVM пересылает дискарды с логических томов?
+* С какой версии LVM пересылает дискарды с логических томов? -->

From 745b1ed10575e631f7d0a09b17f708057952e35c Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 10:28:49 +0300
Subject: [PATCH 045/115] changes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 api/v1alpha1/lvm_logical_volume.go            |  3 ++-
 crds/doc-ru-lvmlogicalvolume.yaml             |  7 +++++
 crds/lvmlogicalvolume.yaml                    | 10 ++++++-
 docs/USAGE.ru.md                              |  4 +--
 .../src/internal/controller/llv/reconciler.go | 13 ++++++++--
 .../src/internal/utils/volume_cleanup_ce.go   | 26 +++++++++++++++++++
 .../src/internal/utils/volume_cleanup_ee.go   | 24 +++++++++++++++++
 7 files changed, 81 insertions(+), 6 deletions(-)
 create mode 100644 images/agent/src/internal/utils/volume_cleanup_ce.go
 create mode 100644 images/agent/src/internal/utils/volume_cleanup_ee.go

diff --git a/api/v1alpha1/lvm_logical_volume.go b/api/v1alpha1/lvm_logical_volume.go
index 1dc6af93..9caccda6 100644
--- a/api/v1alpha1/lvm_logical_volume.go
+++ b/api/v1alpha1/lvm_logical_volume.go
@@ -51,7 +51,8 @@ type LVMLogicalVolumeThinSpec struct {
 }
 
 type LVMLogicalVolumeThickSpec struct {
-	Contiguous *bool `json:"contiguous"`
+	Contiguous          *bool  `json:"contiguous"`
+	VolumeCleanupMethod string `json:"volumeCleanupMethod"`
 }
 type LVMLogicalVolumeStatus struct {
 	Phase      string            `json:"phase"`
diff --git a/crds/doc-ru-lvmlogicalvolume.yaml b/crds/doc-ru-lvmlogicalvolume.yaml
index cb0dacfc..f81d550b 100644
--- a/crds/doc-ru-lvmlogicalvolume.yaml
+++ b/crds/doc-ru-lvmlogicalvolume.yaml
@@ -38,6 +38,13 @@ spec:
                     contiguous:
                       description: |
                         Если true, логический том будет создан с флагом contiguous. Примечание: Этот флаг следует использовать с осторожностью, так как он может привести к невозможности создания LV, не смотря на наличие свободного пространства.
+                    volumeCleanupMethod:
+                      description: |
+                        Метод очистки тома после удаления PV.
+                        `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
+                        `SinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
+                        `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
+                        `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
             status:
               description: |
                 Описывает состояние ресурса.
diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index 53c8ef68..07dcab2b 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -115,7 +115,15 @@ spec:
                           message: Value is immutable.
                       description: |
                         If true, the Logical Volume will be created with the contiguous flag. Use it carefully as LV might not be created even if there is enough space in VG.
-                    # secureEraseForHDD:
+                    volumeCleanupMethod:
+                      type: string
+                      enum: [Disable, SinglePass, ThreePass, Discard]
+                      description: |
+                        The method of the volume cleanup before deletion.
+                        - `Disable`: Do not perform any additional actions when deleting the volume. The data may remain accessible to the next user.
+                        - `SinglePass`: The volume will be overwritten with random data once before deletion. This option is not recommended for solid-state drives, as it reduces the lifespan of the drive.
+                        - `ThreePass`: The volume will be overwritten with random data three times before deletion. This option is also not recommended for solid-state drives, as it reduces the lifespan of the drive.
+                        - `Discard`: All blocks of the volume will be marked as free using the `discard`` system call before deletion. This option is only applicable to solid-state drives.
                 source:
                   type: object
                   description: |
diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 32128612..a2ba5412 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -191,9 +191,9 @@ kubectl delete lvg %lvg-name%
 
 * `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
 
-* `SinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, как она уменьшает ресурс накопителя.
+* `SinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
 
-* `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, как она уменьшает ресурс накопителя. 
+* `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
 
 * `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
 
diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 5e8b6cfb..8e882534 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -452,7 +452,7 @@ func (r *Reconciler) reconcileLLVDeleteFunc(
 		}
 	}
 
-	err := r.deleteLVIfNeeded(lvg.Spec.ActualVGNameOnTheNode, llv)
+	err := r.deleteLVIfNeeded(ctx, lvg.Spec.ActualVGNameOnTheNode, llv)
 	if err != nil {
 		r.log.Error(err, fmt.Sprintf("[reconcileLLVDeleteFunc] unable to delete the LV %s in VG %s", llv.Spec.ActualLVNameOnTheNode, lvg.Spec.ActualVGNameOnTheNode))
 		return true, err
@@ -536,7 +536,7 @@ func checkIfLVBelongsToLLV(llv *v1alpha1.LVMLogicalVolume, lv *internal.LVData)
 	return true
 }
 
-func (r *Reconciler) deleteLVIfNeeded(vgName string, llv *v1alpha1.LVMLogicalVolume) error {
+func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v1alpha1.LVMLogicalVolume) error {
 	lv := r.sdsCache.FindLV(vgName, llv.Spec.ActualLVNameOnTheNode)
 	if lv == nil || !lv.Exist {
 		r.log.Warning(fmt.Sprintf("[deleteLVIfNeeded] did not find LV %s in VG %s", llv.Spec.ActualLVNameOnTheNode, vgName))
@@ -549,6 +549,15 @@ func (r *Reconciler) deleteLVIfNeeded(vgName string, llv *v1alpha1.LVMLogicalVol
 		return nil
 	}
 
+	if llv.Spec.Type == internal.Thick && llv.Spec.Thick.VolumeCleanupMethod != "" {
+		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanupMethod))
+		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, llv.Spec.Thick.VolumeCleanupMethod)
+		if err != nil {
+			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanupMethod))
+			return err
+		}
+	}
+
 	cmd, err := utils.RemoveLV(vgName, llv.Spec.ActualLVNameOnTheNode)
 	r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cmd: %s", cmd))
 	if err != nil {
diff --git a/images/agent/src/internal/utils/volume_cleanup_ce.go b/images/agent/src/internal/utils/volume_cleanup_ce.go
new file mode 100644
index 00000000..d6c6f1a7
--- /dev/null
+++ b/images/agent/src/internal/utils/volume_cleanup_ce.go
@@ -0,0 +1,26 @@
+//go:build ce
+
+/*
+Copyright 2025 Flant JSC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package utils
+
+import (
+	"agent/internal/logger"
+	"context"
+	"fmt"
+)
+
+func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
+	return fmt.Errorf("Volume cleanup is not supported in your edition.")
+}
diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
new file mode 100644
index 00000000..74a32ab7
--- /dev/null
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -0,0 +1,24 @@
+//go:build !ce
+
+/*
+Copyright 2025 Flant JSC
+Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
+*/
+
+package utils
+
+import (
+	"agent/internal/logger"
+	"context"
+	"fmt"
+
+	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
+)
+
+func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
+	if !commonfeature.VolumeCleanupEnabled {
+		return fmt.Errorf("Volume cleanup is not supported in your edition.")
+	}
+
+	return nil
+}

From 40a4f4ff192868e273800afe11839e0cf533f644 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Mon, 10 Feb 2025 10:56:27 +0300
Subject: [PATCH 046/115] fix

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/agent/src/cmd/main.go                         | 1 +
 images/agent/src/internal/utils/volume_cleanup_ee.go | 2 +-
 lib/go/common/pkg/feature/1_ce.go                    | 5 +++++
 lib/go/common/pkg/feature/2_se.go                    | 5 +++++
 lib/go/common/pkg/feature/3_se_plus.go               | 5 +++++
 lib/go/common/pkg/feature/4_ee.go                    | 5 +++++
 lib/go/common/pkg/feature/5_cse_pro.go               | 5 +++++
 7 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/images/agent/src/cmd/main.go b/images/agent/src/cmd/main.go
index c9e890a6..7038b333 100644
--- a/images/agent/src/cmd/main.go
+++ b/images/agent/src/cmd/main.go
@@ -75,6 +75,7 @@ func main() {
 	log.Info(fmt.Sprintf("[main] OS/Arch:Go OS/Arch:%s/%s ", goruntime.GOOS, goruntime.GOARCH))
 
 	log.Info(fmt.Sprintf("[main] Feature SnapshotsEnabled: %t", commonfeature.SnapshotsEnabled()))
+	log.Info(fmt.Sprintf("[main] Feature VolumeCleanupEnabled: %t", commonfeature.VolumeCleanupEnabled()))
 
 	log.Info("[main] CfgParams has been successfully created")
 	log.Info(fmt.Sprintf("[main] %s = %s", config.LogLevel, cfgParams.Loglevel))
diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 74a32ab7..eed50c7b 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -16,7 +16,7 @@ import (
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
-	if !commonfeature.VolumeCleanupEnabled {
+	if !commonfeature.VolumeCleanupEnabled() {
 		return fmt.Errorf("Volume cleanup is not supported in your edition.")
 	}
 
diff --git a/lib/go/common/pkg/feature/1_ce.go b/lib/go/common/pkg/feature/1_ce.go
index c5d0c028..1bb61b9f 100644
--- a/lib/go/common/pkg/feature/1_ce.go
+++ b/lib/go/common/pkg/feature/1_ce.go
@@ -16,7 +16,12 @@ limitations under the License.
 package feature
 
 const snapshotsEnabled = false
+const volumeCleanupEnabled = false
 
 func SnapshotsEnabled() bool {
 	return snapshotsEnabled
 }
+
+func VolumeCleanupEnabled() bool {
+	return volumeCleanupEnabled
+}
diff --git a/lib/go/common/pkg/feature/2_se.go b/lib/go/common/pkg/feature/2_se.go
index c836809a..02f8e505 100644
--- a/lib/go/common/pkg/feature/2_se.go
+++ b/lib/go/common/pkg/feature/2_se.go
@@ -8,7 +8,12 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = false
 
 func SnapshotsEnabled() bool {
 	return snapshotsEnabled
 }
+
+func VolumeCleanupEnabled() bool {
+	return volumeCleanupEnabled
+}
diff --git a/lib/go/common/pkg/feature/3_se_plus.go b/lib/go/common/pkg/feature/3_se_plus.go
index d04b0089..d59f84c3 100644
--- a/lib/go/common/pkg/feature/3_se_plus.go
+++ b/lib/go/common/pkg/feature/3_se_plus.go
@@ -8,7 +8,12 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = false
 
 func SnapshotsEnabled() bool {
 	return snapshotsEnabled
 }
+
+func VolumeCleanupEnabled() bool {
+	return volumeCleanupEnabled
+}
diff --git a/lib/go/common/pkg/feature/4_ee.go b/lib/go/common/pkg/feature/4_ee.go
index cd7fdf57..a2e16d76 100644
--- a/lib/go/common/pkg/feature/4_ee.go
+++ b/lib/go/common/pkg/feature/4_ee.go
@@ -8,7 +8,12 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = true
 
 func SnapshotsEnabled() bool {
 	return snapshotsEnabled
 }
+
+func VolumeCleanupEnabled() bool {
+	return volumeCleanupEnabled
+}
diff --git a/lib/go/common/pkg/feature/5_cse_pro.go b/lib/go/common/pkg/feature/5_cse_pro.go
index ceb49865..c748acc3 100644
--- a/lib/go/common/pkg/feature/5_cse_pro.go
+++ b/lib/go/common/pkg/feature/5_cse_pro.go
@@ -8,7 +8,12 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = true
 
 func SnapshotsEnabled() bool {
 	return snapshotsEnabled
 }
+
+func VolumeCleanupEnabled() bool {
+	return volumeCleanupEnabled
+}

From d6e8a454cf07bf4892fee53c8c8b9a1adc2a3be2 Mon Sep 17 00:00:00 2001
From: Pavel Karpov <pavel.karpov@flant.com>
Date: Mon, 10 Feb 2025 11:52:15 +0300
Subject: [PATCH 047/115] fix default MODULE_EDITION

Signed-off-by: Pavel Karpov <pavel.karpov@flant.com>
---
 .werf/consts.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.werf/consts.yaml b/.werf/consts.yaml
index d15740f9..6160aa3b 100644
--- a/.werf/consts.yaml
+++ b/.werf/consts.yaml
@@ -5,8 +5,8 @@
 {{- $_ := set $ "BASE_SCRATCH"     "registry.deckhouse.io/base_images/scratch@sha256:653ae76965c98c8cd1c8c9ff7725316d2983986f896655b30e0f44d2f8b2dd7e" }}
 {{- $_ := set $ "BASE_ALPINE"      "registry.deckhouse.io/base_images/alpine:3.20.3@sha256:41628df7c9b935d248f64542634e7a843f9bc7f2252d7f878e77f7b79a947466" }}
 
-# Edition module settings, default EE
-{{- $_ := set . "MODULE_EDITION" (env "MODULE_EDITION" "EE") }}
+# Edition module settings, default ee
+{{- $_ := set . "MODULE_EDITION" (env "MODULE_EDITION" "ee") }}
 
 # component versions
 {{- $versions := dict }}

From 5327da916ec43a91e59f9e080b55a1244cc75295 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Mon, 10 Feb 2025 23:10:33 +0300
Subject: [PATCH 048/115] leave conditional build only in feature flags

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 images/agent/src/cmd/llvs_ce.go               | 35 ---------
 images/agent/src/cmd/llvs_ee.go               |  2 -
 images/agent/src/cmd/main.go                  |  6 +-
 images/agent/src/go.mod                       | 36 ++++-----
 images/agent/src/go.sum                       | 77 ++++++++-----------
 .../src/internal/controller/llv/llvs_ce.go    | 27 -------
 .../src/internal/controller/llv/llvs_ee.go    |  7 --
 .../src/internal/controller/llv/reconciler.go |  5 ++
 .../internal/controller/llvs/reconciler_ee.go |  2 -
 lib/go/common/go.mod                          | 37 ++++-----
 lib/go/common/go.sum                          | 76 ++++++++----------
 lib/go/common/pkg/feature/1_ce.go             |  4 -
 lib/go/common/pkg/feature/2_se.go             |  4 -
 lib/go/common/pkg/feature/3_se_plus.go        |  4 -
 lib/go/common/pkg/feature/4_ee.go             |  4 -
 lib/go/common/pkg/feature/5_cse_pro.go        |  4 -
 lib/go/common/pkg/feature/feature.go          |  5 ++
 lib/go/common/pkg/validating/validator.go     |  4 +-
 18 files changed, 116 insertions(+), 223 deletions(-)
 delete mode 100644 images/agent/src/cmd/llvs_ce.go
 delete mode 100644 images/agent/src/internal/controller/llv/llvs_ce.go
 create mode 100644 lib/go/common/pkg/feature/feature.go

diff --git a/images/agent/src/cmd/llvs_ce.go b/images/agent/src/cmd/llvs_ce.go
deleted file mode 100644
index 4a6f0b74..00000000
--- a/images/agent/src/cmd/llvs_ce.go
+++ /dev/null
@@ -1,35 +0,0 @@
-//go:build ce
-
-/*
-Copyright 2025 Flant JSC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"sigs.k8s.io/controller-runtime/pkg/manager"
-
-	"agent/internal/cache"
-	"agent/internal/config"
-	"agent/internal/logger"
-	"agent/internal/monitoring"
-)
-
-func addLLVSReconciler(
-	_ manager.Manager,
-	_ logger.Logger,
-	_ monitoring.Metrics,
-	_ *cache.Cache,
-	_ *config.Config,
-) {
-	// noop
-}
diff --git a/images/agent/src/cmd/llvs_ee.go b/images/agent/src/cmd/llvs_ee.go
index 774f1f5b..ecc9510b 100644
--- a/images/agent/src/cmd/llvs_ee.go
+++ b/images/agent/src/cmd/llvs_ee.go
@@ -1,5 +1,3 @@
-//go:build !ce
-
 /*
 Copyright 2025 Flant JSC
 Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
diff --git a/images/agent/src/cmd/main.go b/images/agent/src/cmd/main.go
index c9e890a6..bcf71bab 100644
--- a/images/agent/src/cmd/main.go
+++ b/images/agent/src/cmd/main.go
@@ -23,7 +23,7 @@ import (
 	goruntime "runtime"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
+	"github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	v1 "k8s.io/api/core/v1"
 	sv1 "k8s.io/api/storage/v1"
 	extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -74,7 +74,7 @@ func main() {
 	log.Info(fmt.Sprintf("[main] Go Version:%s ", goruntime.Version()))
 	log.Info(fmt.Sprintf("[main] OS/Arch:Go OS/Arch:%s/%s ", goruntime.GOOS, goruntime.GOARCH))
 
-	log.Info(fmt.Sprintf("[main] Feature SnapshotsEnabled: %t", commonfeature.SnapshotsEnabled()))
+	log.Info(fmt.Sprintf("[main] Feature SnapshotsEnabled: %t", feature.SnapshotsEnabled()))
 
 	log.Info("[main] CfgParams has been successfully created")
 	log.Info(fmt.Sprintf("[main] %s = %s", config.LogLevel, cfgParams.Loglevel))
@@ -236,7 +236,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	if commonfeature.SnapshotsEnabled() {
+	if feature.SnapshotsEnabled() {
 		log.Info("[main] Snapshot feature is enabled. Adding LLVS reconciler")
 		addLLVSReconciler(mgr, log, metrics, sdsCache, cfgParams)
 	}
diff --git a/images/agent/src/go.mod b/images/agent/src/go.mod
index 7d9b7644..ceb3fd0b 100644
--- a/images/agent/src/go.mod
+++ b/images/agent/src/go.mod
@@ -5,7 +5,7 @@ go 1.23.4
 toolchain go1.23.5
 
 require (
-	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250116103144-d23aedd591a3
+	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250130211935-b68366dfd0f8
 	github.com/deckhouse/sds-node-configurator/lib/go/common v0.0.0-00010101000000-000000000000
 	github.com/go-logr/logr v1.4.2
 	github.com/google/go-cmp v0.6.0
@@ -15,10 +15,10 @@ require (
 	github.com/pilebones/go-udev v0.9.0
 	github.com/prometheus/client_golang v1.19.1
 	github.com/stretchr/testify v1.9.0
-	k8s.io/api v0.32.0
+	k8s.io/api v0.32.1
 	k8s.io/apiextensions-apiserver v0.32.0
-	k8s.io/apimachinery v0.32.0
-	k8s.io/client-go v0.32.0
+	k8s.io/apimachinery v0.32.1
+	k8s.io/client-go v0.32.1
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/utils v0.0.0-20241210054802-24370beab758
 	sigs.k8s.io/controller-runtime v0.20.1
@@ -32,26 +32,26 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gosimple/unidecode v1.0.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
@@ -62,20 +62,20 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/oauth2 v0.26.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.10.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
diff --git a/images/agent/src/go.sum b/images/agent/src/go.sum
index f0c05267..f7b05204 100644
--- a/images/agent/src/go.sum
+++ b/images/agent/src/go.sum
@@ -2,17 +2,16 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
-github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
-github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
+github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
@@ -21,12 +20,10 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
 github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
@@ -37,8 +34,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
 github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -66,8 +63,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -99,12 +96,7 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -126,28 +118,28 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
+golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
+golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -160,8 +152,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -169,21 +161,20 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP
 gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
-k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
+k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
+k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
 k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
 k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
-k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
-k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
-k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
+k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
+k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
+k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
 k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
diff --git a/images/agent/src/internal/controller/llv/llvs_ce.go b/images/agent/src/internal/controller/llv/llvs_ce.go
deleted file mode 100644
index 2b37f7cc..00000000
--- a/images/agent/src/internal/controller/llv/llvs_ce.go
+++ /dev/null
@@ -1,27 +0,0 @@
-//go:build ce
-
-/*
-Copyright 2025 Flant JSC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package llv
-
-import (
-	"context"
-	"errors"
-
-	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-)
-
-func (r *Reconciler) handleLLVSSource(_ context.Context, _ *v1alpha1.LVMLogicalVolume, _ *v1alpha1.LVMVolumeGroup) (string, bool, error) {
-	return "", false, errors.New("LVMLocalVolumeSnapshot as a source is not supported in your edition")
-}
diff --git a/images/agent/src/internal/controller/llv/llvs_ee.go b/images/agent/src/internal/controller/llv/llvs_ee.go
index c4901128..1e4022e0 100644
--- a/images/agent/src/internal/controller/llv/llvs_ee.go
+++ b/images/agent/src/internal/controller/llv/llvs_ee.go
@@ -1,5 +1,3 @@
-//go:build !ce
-
 /*
 Copyright 2025 Flant JSC
 Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
@@ -13,17 +11,12 @@ import (
 	"fmt"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	"k8s.io/apimachinery/pkg/types"
 
 	"agent/internal/utils"
 )
 
 func (r *Reconciler) handleLLVSSource(ctx context.Context, llv *v1alpha1.LVMLogicalVolume, lvg *v1alpha1.LVMVolumeGroup) (string, bool, error) {
-	if !commonfeature.SnapshotsEnabled() {
-		return "", false, errors.New("LVMLocalVolumeSnapshot as a source is not supported in your edition")
-	}
-
 	sourceLLVS := &v1alpha1.LVMLogicalVolumeSnapshot{}
 	if err := r.cl.Get(ctx, types.NamespacedName{Name: llv.Spec.Source.Name}, sourceLLVS); err != nil {
 		r.log.Error(err, fmt.Sprintf("[reconcileLLVCreateFunc] unable to get source LVMLogicalVolumeSnapshot %s for the LVMLogicalVolume %s", llv.Spec.Source.Name, llv.Name))
diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 5e8b6cfb..b70a482d 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -25,6 +25,7 @@ import (
 	"time"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
+	"github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	"github.com/google/go-cmp/cmp"
 	k8serr "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -296,6 +297,10 @@ func (r *Reconciler) reconcileLLVCreateFunc(
 
 		cmd, err = utils.CreateThinLogicalVolumeFromSource(llv.Spec.ActualLVNameOnTheNode, lvg.Spec.ActualVGNameOnTheNode, sourceLLV.Spec.ActualLVNameOnTheNode)
 	case llv.Spec.Source.Kind == "LVMLogicalVolumeSnapshot":
+		if !feature.SnapshotsEnabled() {
+			return false, errors.New("LVMLocalVolumeSnapshot as a source is not supported in your edition")
+		}
+
 		cmdTmp, shouldRequeue, err := r.handleLLVSSource(ctx, llv, lvg)
 		if err != nil {
 			return shouldRequeue, err
diff --git a/images/agent/src/internal/controller/llvs/reconciler_ee.go b/images/agent/src/internal/controller/llvs/reconciler_ee.go
index 3ce49c2b..36d1cc04 100644
--- a/images/agent/src/internal/controller/llvs/reconciler_ee.go
+++ b/images/agent/src/internal/controller/llvs/reconciler_ee.go
@@ -1,5 +1,3 @@
-//go:build !ce
-
 /*
 Copyright 2025 Flant JSC
 Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
diff --git a/lib/go/common/go.mod b/lib/go/common/go.mod
index 9a459b71..26bbd53c 100644
--- a/lib/go/common/go.mod
+++ b/lib/go/common/go.mod
@@ -3,47 +3,46 @@ module github.com/deckhouse/sds-node-configurator/lib/go/common
 go 1.23.4
 
 require (
-	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250116103144-d23aedd591a3
+	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250130211935-b68366dfd0f8
+	k8s.io/apimachinery v0.32.1
 	sigs.k8s.io/controller-runtime v0.20.1
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/oauth2 v0.26.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.10.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.32.0 // indirect
-	k8s.io/apimachinery v0.32.0 // indirect
-	k8s.io/client-go v0.32.0 // indirect
+	k8s.io/api v0.32.1 // indirect
+	k8s.io/client-go v0.32.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
@@ -53,5 +52,3 @@ require (
 // Do not combine multiple replacements into a single block,
 // as this will break the CI workflow "Check Go module version."
 replace github.com/deckhouse/sds-node-configurator/api => ../../../api
-
-replace github.com/deckhouse/sds-node-configurator/lib/go/common => ./
diff --git a/lib/go/common/go.sum b/lib/go/common/go.sum
index 50dd3d6d..8aa639ba 100644
--- a/lib/go/common/go.sum
+++ b/lib/go/common/go.sum
@@ -1,24 +1,21 @@
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
-github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
-github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
+github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
 github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
@@ -27,8 +24,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -45,15 +42,12 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -75,12 +69,7 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -100,26 +89,26 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
+golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
+golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -130,8 +119,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -139,21 +128,20 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP
 gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
-k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
+k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
+k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
 k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
 k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
-k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
-k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
-k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
+k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
+k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
+k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
 k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
diff --git a/lib/go/common/pkg/feature/1_ce.go b/lib/go/common/pkg/feature/1_ce.go
index c5d0c028..f1240f87 100644
--- a/lib/go/common/pkg/feature/1_ce.go
+++ b/lib/go/common/pkg/feature/1_ce.go
@@ -16,7 +16,3 @@ limitations under the License.
 package feature
 
 const snapshotsEnabled = false
-
-func SnapshotsEnabled() bool {
-	return snapshotsEnabled
-}
diff --git a/lib/go/common/pkg/feature/2_se.go b/lib/go/common/pkg/feature/2_se.go
index c836809a..8c5d778c 100644
--- a/lib/go/common/pkg/feature/2_se.go
+++ b/lib/go/common/pkg/feature/2_se.go
@@ -8,7 +8,3 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
-
-func SnapshotsEnabled() bool {
-	return snapshotsEnabled
-}
diff --git a/lib/go/common/pkg/feature/3_se_plus.go b/lib/go/common/pkg/feature/3_se_plus.go
index d04b0089..0bbbc85e 100644
--- a/lib/go/common/pkg/feature/3_se_plus.go
+++ b/lib/go/common/pkg/feature/3_se_plus.go
@@ -8,7 +8,3 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
-
-func SnapshotsEnabled() bool {
-	return snapshotsEnabled
-}
diff --git a/lib/go/common/pkg/feature/4_ee.go b/lib/go/common/pkg/feature/4_ee.go
index cd7fdf57..deb36fd3 100644
--- a/lib/go/common/pkg/feature/4_ee.go
+++ b/lib/go/common/pkg/feature/4_ee.go
@@ -8,7 +8,3 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
-
-func SnapshotsEnabled() bool {
-	return snapshotsEnabled
-}
diff --git a/lib/go/common/pkg/feature/5_cse_pro.go b/lib/go/common/pkg/feature/5_cse_pro.go
index ceb49865..b99b991d 100644
--- a/lib/go/common/pkg/feature/5_cse_pro.go
+++ b/lib/go/common/pkg/feature/5_cse_pro.go
@@ -8,7 +8,3 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package feature
 
 const snapshotsEnabled = true
-
-func SnapshotsEnabled() bool {
-	return snapshotsEnabled
-}
diff --git a/lib/go/common/pkg/feature/feature.go b/lib/go/common/pkg/feature/feature.go
new file mode 100644
index 00000000..18ed9940
--- /dev/null
+++ b/lib/go/common/pkg/feature/feature.go
@@ -0,0 +1,5 @@
+package feature
+
+func SnapshotsEnabled() bool {
+	return snapshotsEnabled
+}
diff --git a/lib/go/common/pkg/validating/validator.go b/lib/go/common/pkg/validating/validator.go
index adc3ff4a..22a0c25c 100644
--- a/lib/go/common/pkg/validating/validator.go
+++ b/lib/go/common/pkg/validating/validator.go
@@ -21,7 +21,7 @@ import (
 	"fmt"
 
 	snc "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-	feature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
+	"github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -40,7 +40,7 @@ func ValidateLVMLogicalVolumeSnapshot(ctx context.Context, cl client.Client, llv
 		// cl.Get(ctx, llvs.Spec.LVMLogicalVolumeName, llv)
 		err := cl.Get(ctx, types.NamespacedName{Name: llvs.Spec.LVMLogicalVolumeName}, llv)
 		if err != nil {
-			return "", fmt.Errorf("Failed to get source LVMLogicalVolume %s: %s", llvs.Spec.LVMLogicalVolumeName, err)
+			return "", fmt.Errorf("failed to get source LVMLogicalVolume %s: %s", llvs.Spec.LVMLogicalVolumeName, err)
 		}
 
 		if llv.Spec.Thin == nil {

From bec85059dcc0164b2f3c32bea5f0e56648f0a125 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Tue, 11 Feb 2025 02:07:44 +0300
Subject: [PATCH 049/115] fix

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index eed50c7b..fa790d15 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -20,5 +20,12 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 		return fmt.Errorf("Volume cleanup is not supported in your edition.")
 	}
 
+	// switch volumeCleanupMethod {
+	// case "Disable":
+	// case "SinglePass":
+	// case "ThreePass":
+	// case "Discard":
+	// default:
+
 	return nil
 }

From 82db6ec1af327532b0fa0c7d3568a6df778458a6 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 12 Feb 2025 12:33:25 +0600
Subject: [PATCH 050/115] volume cleanup implementation

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 115 +++++++++++++++++-
 1 file changed, 109 insertions(+), 6 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index fa790d15..a33418b4 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -11,6 +11,10 @@ import (
 	"agent/internal/logger"
 	"context"
 	"fmt"
+	"io"
+	"os"
+	"syscall"
+	"unsafe"
 
 	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 )
@@ -20,12 +24,111 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 		return fmt.Errorf("Volume cleanup is not supported in your edition.")
 	}
 
-	// switch volumeCleanupMethod {
-	// case "Disable":
-	// case "SinglePass":
-	// case "ThreePass":
-	// case "Discard":
-	// default:
+	devicePath := fmt.Sprintf("/dev/%s/%s", vgName, lvName)
+	randomSource := "/dev/urandom"
+
+	switch volumeCleanupMethod {
+	case "Disable":
+		return nil
+	case "SinglePass":
+		return VolumeCleanupCopy(devicePath, randomSource, 1)
+	case "ThreePass":
+		return VolumeCleanupCopy(devicePath, randomSource, 3)
+	case "Discard":
+		return VolumeCleanupDiscard(devicePath)
+	}
+
+	return fmt.Errorf("Unknown cleanup method %s", volumeCleanupMethod)
+}
+
+func _VolumeSize(stat syscall.Stat_t) (int64, error) {
+	if stat.Size > 0 {
+		return stat.Size, nil
+	}
+
+	if stat.Blksize <= 0 {
+		return 0, fmt.Errorf("block size %d is invalid", stat.Blksize)
+	}
+	if stat.Blocks <= 0 {
+		return 0, fmt.Errorf("block count %d is invalid", stat.Blocks)
+	}
+
+	return stat.Blksize * stat.Blocks, nil
+}
+
+func VolumeCleanupCopy(outputPath, inputPath string, passes int) error {
+	var stat syscall.Stat_t
+	if err := syscall.Stat(outputPath, &stat); err != nil {
+		return fmt.Errorf("stat call failed: %w", err)
+	}
+
+	bytesToWrite, err := _VolumeSize(stat)
+	if err != nil {
+		return fmt.Errorf("can't find the size of device: %w", err)
+	}
+
+	input, err := os.OpenFile(inputPath, syscall.O_RDONLY, os.ModeDevice)
+	if err != nil {
+		return fmt.Errorf("opening source device %s to wipe: %w", inputPath, err)
+	}
+
+	output, err := os.OpenFile(outputPath, syscall.O_DIRECT, os.ModeDevice)
+	if err != nil {
+		return fmt.Errorf("opening device %s to wipe: %w", outputPath, err)
+	}
+
+	written, err := io.CopyN(
+		output,
+		input,
+		bytesToWrite)
+
+	if err != nil {
+		return fmt.Errorf("copying from %s to %s: %w", inputPath, outputPath, err)
+	}
+
+	if written != int64(bytesToWrite) {
+		return fmt.Errorf("only %d bytes written, expected %d", written, bytesToWrite)
+	}
+
+	return nil
+}
+
+const (
+	BLKDISCARD       = 0x1277
+	BLKDISCARDZEROES = 0x127c
+	BLKSECDISCARD    = 0x127d
+)
+
+type Range struct {
+	start, count uint64
+}
+
+func VolumeCleanupDiscard(devicePath string) error {
+	var stat syscall.Stat_t
+	if err := syscall.Stat(devicePath, &stat); err != nil {
+		return fmt.Errorf("stat call failed: %w", err)
+	}
+
+	deviceSize, err := _VolumeSize(stat)
+	if err != nil {
+		return fmt.Errorf("can't find the size of device: %w", err)
+	}
+
+	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
+	if err != nil {
+		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
+	}
+
+	rng := Range{
+		start: 0,
+		count: uint64(deviceSize),
+	}
+
+	_, _, err = syscall.Syscall(syscall.SYS_IOCTL, uintptr(device.Fd()), BLKDISCARD, uintptr(unsafe.Pointer(&rng)))
+
+	if err != nil {
+		return fmt.Errorf("calling ioctl BLKDISCARD: %w", err)
+	}
 
 	return nil
 }

From ba3db2481bc0ffe7024ff4957834203ba1ac2654 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 10:07:06 +0600
Subject: [PATCH 051/115] Closing files, report closing errors, some logs

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 85 ++++++++++++++-----
 1 file changed, 62 insertions(+), 23 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index a33418b4..a780a9ee 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -27,21 +27,35 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	devicePath := fmt.Sprintf("/dev/%s/%s", vgName, lvName)
 	randomSource := "/dev/urandom"
 
+	var err error
+	closingErrors := []error{}
+
 	switch volumeCleanupMethod {
 	case "Disable":
 		return nil
 	case "SinglePass":
-		return VolumeCleanupCopy(devicePath, randomSource, 1)
+		err = volumeCleanupCopy(ctx, log, &closingErrors, devicePath, randomSource, 1)
 	case "ThreePass":
-		return VolumeCleanupCopy(devicePath, randomSource, 3)
+		err = volumeCleanupCopy(ctx, log, &closingErrors, devicePath, randomSource, 3)
 	case "Discard":
-		return VolumeCleanupDiscard(devicePath)
+		err = volumeCleanupDiscard(ctx, log, &closingErrors, devicePath)
+	default:
+		return fmt.Errorf("unknown cleanup method %s", volumeCleanupMethod)
+	}
+
+	if err == nil && len(closingErrors) > 0 {
+		err = closingErrors[0]
+		closingErrors = closingErrors[1:]
 	}
 
-	return fmt.Errorf("Unknown cleanup method %s", volumeCleanupMethod)
+	if len(closingErrors) == 0 {
+		return fmt.Errorf("cleaning volume %s: %w", devicePath, err)
+	} else {
+		return fmt.Errorf("cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
+	}
 }
 
-func _VolumeSize(stat syscall.Stat_t) (int64, error) {
+func volumeSize(stat syscall.Stat_t) (int64, error) {
 	if stat.Size > 0 {
 		return stat.Size, nil
 	}
@@ -56,41 +70,55 @@ func _VolumeSize(stat syscall.Stat_t) (int64, error) {
 	return stat.Blksize * stat.Blocks, nil
 }
 
-func VolumeCleanupCopy(outputPath, inputPath string, passes int) error {
-	var stat syscall.Stat_t
-	if err := syscall.Stat(outputPath, &stat); err != nil {
+func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]error, outputPath, inputPath string, passes int) error {
+	var outputStat syscall.Stat_t
+	if err := syscall.Stat(outputPath, &outputStat); err != nil {
 		return fmt.Errorf("stat call failed: %w", err)
 	}
 
-	bytesToWrite, err := _VolumeSize(stat)
-	if err != nil {
-		return fmt.Errorf("can't find the size of device: %w", err)
+	close := func(file *os.File) {
+		log := log.GetLogger().WithValues("name", file.Name())
+		// log.Info("Closing file", "name")
+		err := file.Close()
+		if err != nil {
+			log.Error(err, "While closing file")
+			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", file.Name(), err))
+		}
 	}
 
 	input, err := os.OpenFile(inputPath, syscall.O_RDONLY, os.ModeDevice)
 	if err != nil {
 		return fmt.Errorf("opening source device %s to wipe: %w", inputPath, err)
 	}
+	defer close(input)
 
 	output, err := os.OpenFile(outputPath, syscall.O_DIRECT, os.ModeDevice)
 	if err != nil {
 		return fmt.Errorf("opening device %s to wipe: %w", outputPath, err)
 	}
+	defer close(output)
 
-	written, err := io.CopyN(
-		output,
-		input,
-		bytesToWrite)
-
+	bytesToWrite, err := volumeSize(outputStat)
 	if err != nil {
-		return fmt.Errorf("copying from %s to %s: %w", inputPath, outputPath, err)
+		return fmt.Errorf("can't find the size of device %s: %w", outputPath, err)
 	}
 
-	if written != int64(bytesToWrite) {
-		return fmt.Errorf("only %d bytes written, expected %d", written, bytesToWrite)
+	for pass := 0; pass < passes; pass++ {
+		written, err := io.CopyN(
+			io.NewOffsetWriter(output, 0),
+			input,
+			bytesToWrite)
+
+		if err != nil {
+			return fmt.Errorf("copying from %s to %s: %w", inputPath, outputPath, err)
+		}
+
+		if written != int64(bytesToWrite) {
+			return fmt.Errorf("only %d bytes written, expected %d", written, bytesToWrite)
+		}
 	}
 
-	return nil
+	return err
 }
 
 const (
@@ -103,13 +131,13 @@ type Range struct {
 	start, count uint64
 }
 
-func VolumeCleanupDiscard(devicePath string) error {
+func volumeCleanupDiscard(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath string) error {
 	var stat syscall.Stat_t
 	if err := syscall.Stat(devicePath, &stat); err != nil {
 		return fmt.Errorf("stat call failed: %w", err)
 	}
 
-	deviceSize, err := _VolumeSize(stat)
+	deviceSize, err := volumeSize(stat)
 	if err != nil {
 		return fmt.Errorf("can't find the size of device: %w", err)
 	}
@@ -118,13 +146,24 @@ func VolumeCleanupDiscard(devicePath string) error {
 	if err != nil {
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
+	defer func() {
+		log.Info("Closing file", device)
+		err := device.Close()
+		if err != nil {
+			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", device.Name(), err))
+		}
+	}()
 
 	rng := Range{
 		start: 0,
 		count: uint64(deviceSize),
 	}
 
-	_, _, err = syscall.Syscall(syscall.SYS_IOCTL, uintptr(device.Fd()), BLKDISCARD, uintptr(unsafe.Pointer(&rng)))
+	_, _, err = syscall.Syscall(
+		syscall.SYS_IOCTL,
+		uintptr(device.Fd()),
+		uintptr(BLKDISCARD),
+		uintptr(unsafe.Pointer(&rng)))
 
 	if err != nil {
 		return fmt.Errorf("calling ioctl BLKDISCARD: %w", err)

From e26157d89aa9710c42af94979d12a82472d51e83 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 10:09:55 +0600
Subject: [PATCH 052/115] missing break

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index a780a9ee..aedf3475 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -35,10 +35,13 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 		return nil
 	case "SinglePass":
 		err = volumeCleanupCopy(ctx, log, &closingErrors, devicePath, randomSource, 1)
+		break
 	case "ThreePass":
 		err = volumeCleanupCopy(ctx, log, &closingErrors, devicePath, randomSource, 3)
+		break
 	case "Discard":
 		err = volumeCleanupDiscard(ctx, log, &closingErrors, devicePath)
+		break
 	default:
 		return fmt.Errorf("unknown cleanup method %s", volumeCleanupMethod)
 	}

From 91a53f608142ba4a8482fa01de43988595aaa26d Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 18:06:53 +0600
Subject: [PATCH 053/115] add log info for cleaning

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index aedf3475..cf5f362c 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -20,6 +20,7 @@ import (
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
+	log.Info("Cleaning up volume", "vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
 	if !commonfeature.VolumeCleanupEnabled() {
 		return fmt.Errorf("Volume cleanup is not supported in your edition.")
 	}

From bde8007792ecd726982f796b423631fbc1af6de6 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 18:36:43 +0600
Subject: [PATCH 054/115] contiguous is not required

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index 07dcab2b..fb0fc692 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -105,8 +105,6 @@ spec:
                     - rule: |
                         (!has(oldSelf.contiguous) || has(self.contiguous))
                       message: "Field 'contiguous' cannot be removed."
-                  required:
-                    - contiguous
                   properties:
                     contiguous:
                       type: boolean

From 72d98944aeb0c10317696b1472700d209b0b65b3 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 18:41:40 +0600
Subject: [PATCH 055/115] Remove space

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 docs/USAGE.ru.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index a2ba5412..1ce09630 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -193,7 +193,7 @@ kubectl delete lvg %lvg-name%
 
 * `SinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
 
-* `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
+* `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
 
 * `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
 

From 1c57c57da828aa28f6878fcfce7dc97d82d61815 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 19:34:13 +0600
Subject: [PATCH 056/115] Add nil checks

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/controller/llv/reconciler.go | 4 ++--
 images/agent/src/internal/utils/client_llv.go          | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 8e882534..4b0c61c2 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -549,7 +549,7 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 		return nil
 	}
 
-	if llv.Spec.Type == internal.Thick && llv.Spec.Thick.VolumeCleanupMethod != "" {
+	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanupMethod != "" {
 		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanupMethod))
 		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, llv.Spec.Thick.VolumeCleanupMethod)
 		if err != nil {
@@ -692,7 +692,7 @@ func (r *Reconciler) shouldReconcileByUpdateFunc(vgName string, llv *v1alpha1.LV
 }
 
 func isContiguous(llv *v1alpha1.LVMLogicalVolume) bool {
-	if llv.Spec.Thick == nil {
+	if llv.Spec.Thick == nil || llv.Spec.Thick.Contiguous == nil {
 		return false
 	}
 
diff --git a/images/agent/src/internal/utils/client_llv.go b/images/agent/src/internal/utils/client_llv.go
index 2551d973..497df356 100644
--- a/images/agent/src/internal/utils/client_llv.go
+++ b/images/agent/src/internal/utils/client_llv.go
@@ -62,7 +62,7 @@ func (llvCl *LLVClient) UpdatePhaseToCreatedIfNeeded(
 	actualSize resource.Quantity,
 ) error {
 	var contiguous *bool
-	if llv.Spec.Thick != nil {
+	if llv.Spec.Thick != nil && llv.Spec.Thick.Contiguous != nil {
 		if *llv.Spec.Thick.Contiguous {
 			contiguous = llv.Spec.Thick.Contiguous
 		}

From 43b55521dcb90b5fe1d8d60b7c6f83e1b6112a44 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 19:41:05 +0600
Subject: [PATCH 057/115] Lint error capitalization

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ce.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ce.go b/images/agent/src/internal/utils/volume_cleanup_ce.go
index d6c6f1a7..6449d5f3 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ce.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ce.go
@@ -22,5 +22,5 @@ import (
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
-	return fmt.Errorf("Volume cleanup is not supported in your edition.")
+	return fmt.Errorf("volume cleanup is not supported in your edition")
 }

From 7c05d9fad790d0871e0c37c29f1bdcde4f8df30e Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 13 Feb 2025 19:43:38 +0600
Subject: [PATCH 058/115] linter unused args

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ce.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ce.go b/images/agent/src/internal/utils/volume_cleanup_ce.go
index 6449d5f3..ab6cd28f 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ce.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ce.go
@@ -21,6 +21,6 @@ import (
 	"fmt"
 )
 
-func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
+func VolumeCleanup(_ context.Context, _ logger.Logger, _, _, _ string) error {
 	return fmt.Errorf("volume cleanup is not supported in your edition")
 }

From 07ff5ffd465c758876af1e5688acbb47a94e4500 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 10:23:35 +0600
Subject: [PATCH 059/115] show bad stat in error

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index cf5f362c..f91abea6 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -65,19 +65,19 @@ func volumeSize(stat syscall.Stat_t) (int64, error) {
 	}
 
 	if stat.Blksize <= 0 {
-		return 0, fmt.Errorf("block size %d is invalid", stat.Blksize)
+		return 0, fmt.Errorf("block size %d is invalid, stat: %v", stat.Blksize, stat)
 	}
 	if stat.Blocks <= 0 {
-		return 0, fmt.Errorf("block count %d is invalid", stat.Blocks)
+		return 0, fmt.Errorf("block count %d is invalid, stat: %v", stat.Blocks, stat)
 	}
 
 	return stat.Blksize * stat.Blocks, nil
 }
 
 func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]error, outputPath, inputPath string, passes int) error {
-	var outputStat syscall.Stat_t
-	if err := syscall.Stat(outputPath, &outputStat); err != nil {
-		return fmt.Errorf("stat call failed: %w", err)
+	outputStat, err := volumeStat(outputPath)
+	if err != nil {
+		return fmt.Errorf("can't get stat of %s: %w", outputPath, err)
 	}
 
 	close := func(file *os.File) {
@@ -135,15 +135,23 @@ type Range struct {
 	start, count uint64
 }
 
-func volumeCleanupDiscard(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath string) error {
+func volumeStat(devicePath string) (syscall.Stat_t, error) {
 	var stat syscall.Stat_t
 	if err := syscall.Stat(devicePath, &stat); err != nil {
-		return fmt.Errorf("stat call failed: %w", err)
+		return stat, fmt.Errorf("stat call failed for device %s: %w", devicePath, err)
+	}
+	return stat, nil
+}
+
+func volumeCleanupDiscard(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath string) error {
+	stat, err := volumeStat(devicePath)
+	if err != nil {
+		return fmt.Errorf("can't get stat of %s: %w", devicePath, err)
 	}
 
 	deviceSize, err := volumeSize(stat)
 	if err != nil {
-		return fmt.Errorf("can't find the size of device: %w", err)
+		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 
 	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)

From c45388aa33bb74b302e22e68aeedc9532097a533 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 11:02:27 +0600
Subject: [PATCH 060/115] use fstat call

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 55 ++++++++++++++-----
 1 file changed, 42 insertions(+), 13 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index f91abea6..aa8df2c9 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -64,6 +64,10 @@ func volumeSize(stat syscall.Stat_t) (int64, error) {
 		return stat.Size, nil
 	}
 
+	if stat.Mode&S_IFMT != S_IFBLK {
+		return 0, fmt.Errorf("not a block device, ifmt: %x", stat.Mode&S_IFMT)
+	}
+
 	if stat.Blksize <= 0 {
 		return 0, fmt.Errorf("block size %d is invalid, stat: %v", stat.Blksize, stat)
 	}
@@ -75,10 +79,6 @@ func volumeSize(stat syscall.Stat_t) (int64, error) {
 }
 
 func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]error, outputPath, inputPath string, passes int) error {
-	outputStat, err := volumeStat(outputPath)
-	if err != nil {
-		return fmt.Errorf("can't get stat of %s: %w", outputPath, err)
-	}
 
 	close := func(file *os.File) {
 		log := log.GetLogger().WithValues("name", file.Name())
@@ -100,6 +100,10 @@ func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]
 	if err != nil {
 		return fmt.Errorf("opening device %s to wipe: %w", outputPath, err)
 	}
+	outputStat, err := volumeStat(output)
+	if err != nil {
+		return fmt.Errorf("can't get stat of %s: %w", outputPath, err)
+	}
 	defer close(output)
 
 	bytesToWrite, err := volumeSize(outputStat)
@@ -129,34 +133,59 @@ const (
 	BLKDISCARD       = 0x1277
 	BLKDISCARDZEROES = 0x127c
 	BLKSECDISCARD    = 0x127d
+
+	S_IFMT   = 0x0170000 /* type of file mask */
+	S_IFIFO  = 0x0010000 /* named pipe (fifo) */
+	S_IFCHR  = 0x0020000 /* character special */
+	S_IFDIR  = 0x0040000 /* directory */
+	S_IFBLK  = 0x0060000 /* block special */
+	S_IFREG  = 0x0100000 /* regular */
+	S_IFLNK  = 0x0120000 /* symbolic link */
+	S_IFSOCK = 0x0140000 /* socket */
+	S_ISUID  = 0x0004000 /* set-user-ID on execution */
+	S_ISGID  = 0x0002000 /* set-group-ID on execution */
+	S_ISVTX  = 0x0001000 /* save swapped text even after use */
+	S_IRWXU  = 0x0000700 /* RWX mask for owner */
+	S_IRUSR  = 0x0000400 /* R for owner */
+	S_IWUSR  = 0x0000200 /* W for owner */
+	S_IXUSR  = 0x0000100 /* X for owner */
+	S_IRWXG  = 0x0000070 /* RWX mask for group */
+	S_IRGRP  = 0x0000040 /* R for group */
+	S_IWGRP  = 0x0000020 /* W for group */
+	S_IXGRP  = 0x0000010 /* X for group */
+	S_IRWXO  = 0x0000007 /* RWX mask for other */
+	S_IROTH  = 0x0000004 /* R for other */
+	S_IWOTH  = 0x0000002 /* W for other */
+	S_IXOTH  = 0x0000001 /* X for other */
 )
 
 type Range struct {
 	start, count uint64
 }
 
-func volumeStat(devicePath string) (syscall.Stat_t, error) {
+func volumeStat(device *os.File) (syscall.Stat_t, error) {
 	var stat syscall.Stat_t
-	if err := syscall.Stat(devicePath, &stat); err != nil {
-		return stat, fmt.Errorf("stat call failed for device %s: %w", devicePath, err)
+	if err := syscall.Fstat(int(device.Fd()), &stat); err != nil {
+		return stat, fmt.Errorf("fstat call failed: %w", err)
 	}
 	return stat, nil
 }
 
 func volumeCleanupDiscard(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath string) error {
-	stat, err := volumeStat(devicePath)
+
+	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
 	if err != nil {
-		return fmt.Errorf("can't get stat of %s: %w", devicePath, err)
+		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 
-	deviceSize, err := volumeSize(stat)
+	stat, err := volumeStat(device)
 	if err != nil {
-		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
+		return fmt.Errorf("can't get stat of %s: %w", devicePath, err)
 	}
 
-	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
+	deviceSize, err := volumeSize(stat)
 	if err != nil {
-		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
+		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 	defer func() {
 		log.Info("Closing file", device)

From 91dd9451517f9bc1d94f1612427b4bd46899e55a Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 11:37:55 +0600
Subject: [PATCH 061/115] Use two syscalls to find out block size and count

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 69 +++++++++++--------
 1 file changed, 39 insertions(+), 30 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index aa8df2c9..089fb44b 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -59,23 +59,46 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	}
 }
 
-func volumeSize(stat syscall.Stat_t) (int64, error) {
+func volumeSize(device *os.File) (int64, error) {
+	var stat syscall.Stat_t
+	if err := syscall.Fstat(int(device.Fd()), &stat); err != nil {
+		return 0, fmt.Errorf("fstat call failed: %w", err)
+	}
+
 	if stat.Size > 0 {
 		return stat.Size, nil
 	}
 
 	if stat.Mode&S_IFMT != S_IFBLK {
-		return 0, fmt.Errorf("not a block device, ifmt: %x", stat.Mode&S_IFMT)
+		return 0, fmt.Errorf("not a block device, mode: %x", stat.Mode)
 	}
 
-	if stat.Blksize <= 0 {
-		return 0, fmt.Errorf("block size %d is invalid, stat: %v", stat.Blksize, stat)
+	var blockSize uint64
+	_, _, errno := syscall.Syscall(
+		syscall.SYS_IOCTL,
+		uintptr(device.Fd()),
+		uintptr(BLKGETSIZE64),
+		uintptr(unsafe.Pointer(&blockSize)))
+	if errno != 0 {
+		return 0, fmt.Errorf("error calling ioctl BLKGETSIZE64: %s", errno.Error())
 	}
-	if stat.Blocks <= 0 {
-		return 0, fmt.Errorf("block count %d is invalid, stat: %v", stat.Blocks, stat)
+	if blockSize <= 0 {
+		return 0, fmt.Errorf("block size is invalid")
 	}
 
-	return stat.Blksize * stat.Blocks, nil
+	var blockCount int
+	_, _, errno = syscall.Syscall(
+		syscall.SYS_IOCTL,
+		uintptr(device.Fd()),
+		uintptr(BLKSSZGET),
+		uintptr(unsafe.Pointer(&blockCount)))
+	if errno != 0 {
+		return 0, fmt.Errorf("error calling ioctl BLKSSZGET: %s", errno.Error())
+	}
+	if blockCount <= 0 {
+		return 0, fmt.Errorf("block count is invalid")
+	}
+	return int64(blockSize * uint64(blockCount)), nil
 }
 
 func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]error, outputPath, inputPath string, passes int) error {
@@ -100,13 +123,9 @@ func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]
 	if err != nil {
 		return fmt.Errorf("opening device %s to wipe: %w", outputPath, err)
 	}
-	outputStat, err := volumeStat(output)
-	if err != nil {
-		return fmt.Errorf("can't get stat of %s: %w", outputPath, err)
-	}
 	defer close(output)
 
-	bytesToWrite, err := volumeSize(outputStat)
+	bytesToWrite, err := volumeSize(output)
 	if err != nil {
 		return fmt.Errorf("can't find the size of device %s: %w", outputPath, err)
 	}
@@ -134,6 +153,9 @@ const (
 	BLKDISCARDZEROES = 0x127c
 	BLKSECDISCARD    = 0x127d
 
+	BLKGETSIZE64 = 0x80081272
+	BLKSSZGET    = 0x1268
+
 	S_IFMT   = 0x0170000 /* type of file mask */
 	S_IFIFO  = 0x0010000 /* named pipe (fifo) */
 	S_IFCHR  = 0x0020000 /* character special */
@@ -163,30 +185,12 @@ type Range struct {
 	start, count uint64
 }
 
-func volumeStat(device *os.File) (syscall.Stat_t, error) {
-	var stat syscall.Stat_t
-	if err := syscall.Fstat(int(device.Fd()), &stat); err != nil {
-		return stat, fmt.Errorf("fstat call failed: %w", err)
-	}
-	return stat, nil
-}
-
 func volumeCleanupDiscard(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath string) error {
 
 	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
 	if err != nil {
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
-
-	stat, err := volumeStat(device)
-	if err != nil {
-		return fmt.Errorf("can't get stat of %s: %w", devicePath, err)
-	}
-
-	deviceSize, err := volumeSize(stat)
-	if err != nil {
-		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
-	}
 	defer func() {
 		log.Info("Closing file", device)
 		err := device.Close()
@@ -195,6 +199,11 @@ func volumeCleanupDiscard(ctx context.Context, log logger.Logger, closingErrors
 		}
 	}()
 
+	deviceSize, err := volumeSize(device)
+	if err != nil {
+		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
+	}
+
 	rng := Range{
 		start: 0,
 		count: uint64(deviceSize),

From 817b927a37c9e6865f5b18b69a839d453e643429 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 11:59:49 +0600
Subject: [PATCH 062/115] Fix block device constants

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 25 ++-----------------
 1 file changed, 2 insertions(+), 23 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 089fb44b..9d8bdafb 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -156,29 +156,8 @@ const (
 	BLKGETSIZE64 = 0x80081272
 	BLKSSZGET    = 0x1268
 
-	S_IFMT   = 0x0170000 /* type of file mask */
-	S_IFIFO  = 0x0010000 /* named pipe (fifo) */
-	S_IFCHR  = 0x0020000 /* character special */
-	S_IFDIR  = 0x0040000 /* directory */
-	S_IFBLK  = 0x0060000 /* block special */
-	S_IFREG  = 0x0100000 /* regular */
-	S_IFLNK  = 0x0120000 /* symbolic link */
-	S_IFSOCK = 0x0140000 /* socket */
-	S_ISUID  = 0x0004000 /* set-user-ID on execution */
-	S_ISGID  = 0x0002000 /* set-group-ID on execution */
-	S_ISVTX  = 0x0001000 /* save swapped text even after use */
-	S_IRWXU  = 0x0000700 /* RWX mask for owner */
-	S_IRUSR  = 0x0000400 /* R for owner */
-	S_IWUSR  = 0x0000200 /* W for owner */
-	S_IXUSR  = 0x0000100 /* X for owner */
-	S_IRWXG  = 0x0000070 /* RWX mask for group */
-	S_IRGRP  = 0x0000040 /* R for group */
-	S_IWGRP  = 0x0000020 /* W for group */
-	S_IXGRP  = 0x0000010 /* X for group */
-	S_IRWXO  = 0x0000007 /* RWX mask for other */
-	S_IROTH  = 0x0000004 /* R for other */
-	S_IWOTH  = 0x0000002 /* W for other */
-	S_IXOTH  = 0x0000001 /* X for other */
+	S_IFMT  = 0xf000 /* type of file mask */
+	S_IFBLK = 0x6000 /* block special */
 )
 
 type Range struct {

From e3073eac2084062ab9baf0861419fa6efcead0c2 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 12:15:36 +0600
Subject: [PATCH 063/115] Set O_RDWR flag

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 9d8bdafb..4205d68a 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -35,10 +35,10 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	case "Disable":
 		return nil
 	case "SinglePass":
-		err = volumeCleanupCopy(ctx, log, &closingErrors, devicePath, randomSource, 1)
+		err = volumeCleanupOverwrite(ctx, log, &closingErrors, devicePath, randomSource, 1)
 		break
 	case "ThreePass":
-		err = volumeCleanupCopy(ctx, log, &closingErrors, devicePath, randomSource, 3)
+		err = volumeCleanupOverwrite(ctx, log, &closingErrors, devicePath, randomSource, 3)
 		break
 	case "Discard":
 		err = volumeCleanupDiscard(ctx, log, &closingErrors, devicePath)
@@ -101,8 +101,7 @@ func volumeSize(device *os.File) (int64, error) {
 	return int64(blockSize * uint64(blockCount)), nil
 }
 
-func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]error, outputPath, inputPath string, passes int) error {
-
+func volumeCleanupOverwrite(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
 	close := func(file *os.File) {
 		log := log.GetLogger().WithValues("name", file.Name())
 		// log.Info("Closing file", "name")
@@ -119,25 +118,26 @@ func volumeCleanupCopy(ctx context.Context, log logger.Logger, closingErrors *[]
 	}
 	defer close(input)
 
-	output, err := os.OpenFile(outputPath, syscall.O_DIRECT, os.ModeDevice)
+	output, err := os.OpenFile(devicePath, syscall.O_DIRECT|syscall.O_RDWR, os.ModeDevice)
 	if err != nil {
-		return fmt.Errorf("opening device %s to wipe: %w", outputPath, err)
+		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 	defer close(output)
 
 	bytesToWrite, err := volumeSize(output)
 	if err != nil {
-		return fmt.Errorf("can't find the size of device %s: %w", outputPath, err)
+		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 
 	for pass := 0; pass < passes; pass++ {
+		log.Info("Overwriting", "bytes", bytesToWrite)
 		written, err := io.CopyN(
 			io.NewOffsetWriter(output, 0),
 			input,
 			bytesToWrite)
 
 		if err != nil {
-			return fmt.Errorf("copying from %s to %s: %w", inputPath, outputPath, err)
+			return fmt.Errorf("copying from %s to %s: %w", inputPath, devicePath, err)
 		}
 
 		if written != int64(bytesToWrite) {

From 7b8315451e7b817bd4b9208cb9a794ef872f9e7f Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 12:46:07 +0600
Subject: [PATCH 064/115] Logging

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 58 +++++++++++++++----
 1 file changed, 47 insertions(+), 11 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 4205d68a..cc676ad2 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -17,6 +17,7 @@ import (
 	"unsafe"
 
 	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
+	"github.com/go-logr/logr"
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
@@ -59,17 +60,22 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	}
 }
 
-func volumeSize(device *os.File) (int64, error) {
+func volumeSize(log logr.Logger, device *os.File) (int64, error) {
+	log = log.WithName("volumeSize").WithValues("device", device.Name())
 	var stat syscall.Stat_t
+	log.Info("Calling fstat")
 	if err := syscall.Fstat(int(device.Fd()), &stat); err != nil {
+		log.Error(err, "Calling fstat")
 		return 0, fmt.Errorf("fstat call failed: %w", err)
 	}
 
 	if stat.Size > 0 {
+		log.Info("Size is valid.", "size", stat.Size)
 		return stat.Size, nil
 	}
 
 	if stat.Mode&S_IFMT != S_IFBLK {
+		log.Info("Device mode", "mode", stat.Mode)
 		return 0, fmt.Errorf("not a block device, mode: %x", stat.Mode)
 	}
 
@@ -82,6 +88,7 @@ func volumeSize(device *os.File) (int64, error) {
 	if errno != 0 {
 		return 0, fmt.Errorf("error calling ioctl BLKGETSIZE64: %s", errno.Error())
 	}
+	log.Info("Block size", "blockSize", blockSize)
 	if blockSize <= 0 {
 		return 0, fmt.Errorf("block size is invalid")
 	}
@@ -95,42 +102,47 @@ func volumeSize(device *os.File) (int64, error) {
 	if errno != 0 {
 		return 0, fmt.Errorf("error calling ioctl BLKSSZGET: %s", errno.Error())
 	}
+	log.Info("Block count", "blockCount", blockCount)
 	if blockCount <= 0 {
 		return 0, fmt.Errorf("block count is invalid")
 	}
 	return int64(blockSize * uint64(blockCount)), nil
 }
 
-func volumeCleanupOverwrite(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
+func volumeCleanupOverwrite(ctx context.Context, log logr.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
+	log = log.WithName("volumeCleanupOverwrite").WithValues("device", devicePath, "input", inputPath, "passes", passes)
 	close := func(file *os.File) {
-		log := log.GetLogger().WithValues("name", file.Name())
-		// log.Info("Closing file", "name")
+		log := log.WithValues("name", file.Name())
+		log.Info("Closing")
 		err := file.Close()
 		if err != nil {
-			log.Error(err, "While closing file")
+			log.Error(err, "While closing")
 			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", file.Name(), err))
 		}
 	}
 
 	input, err := os.OpenFile(inputPath, syscall.O_RDONLY, os.ModeDevice)
 	if err != nil {
+		log.Error(err, "Opening file", "file", inputPath)
 		return fmt.Errorf("opening source device %s to wipe: %w", inputPath, err)
 	}
 	defer close(input)
 
 	output, err := os.OpenFile(devicePath, syscall.O_DIRECT|syscall.O_RDWR, os.ModeDevice)
 	if err != nil {
+		log.Error(err, "Opening file", "file", devicePath)
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 	defer close(output)
 
-	bytesToWrite, err := volumeSize(output)
+	bytesToWrite, err := volumeSize(log, output)
 	if err != nil {
+		log.Error(err, "Finding volume size")
 		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 
 	for pass := 0; pass < passes; pass++ {
-		log.Info("Overwriting", "bytes", bytesToWrite)
+		log.Info("Overwriting", "bytes", bytesToWrite, "pass", pass)
 		written, err := io.CopyN(
 			io.NewOffsetWriter(output, 0),
 			input,
@@ -148,6 +160,28 @@ func volumeCleanupOverwrite(ctx context.Context, log logger.Logger, closingError
 	return err
 }
 
+/* To find these constant run:
+gcc -o test -x c - <<EOF
+#include <sys/ioctl.h>
+#include <sys/stat.h>
+#include <linux/fs.h>
+#include <stdio.h>
+
+#define PRINT_CONSTANT(name, fmt) printf(#name " = " fmt "\n", name)
+
+int main() {
+    PRINT_CONSTANT(S_IFMT, "0x%x");
+    PRINT_CONSTANT(S_IFBLK, "0x%x");
+    PRINT_CONSTANT(BLKGETSIZE64, "0x%lx");
+    PRINT_CONSTANT(BLKSSZGET, "0x%x");
+    PRINT_CONSTANT(BLKDISCARD, "0x%x");
+    PRINT_CONSTANT(BLKDISCARDZEROES, "0x%x");
+    PRINT_CONSTANT(BLKSECDISCARD, "0x%x");
+    return 0;
+}
+EOF
+*/
+
 const (
 	BLKDISCARD       = 0x1277
 	BLKDISCARDZEROES = 0x127c
@@ -164,21 +198,23 @@ type Range struct {
 	start, count uint64
 }
 
-func volumeCleanupDiscard(ctx context.Context, log logger.Logger, closingErrors *[]error, devicePath string) error {
-
+func volumeCleanupDiscard(ctx context.Context, log logr.Logger, closingErrors *[]error, devicePath string) error {
+	log = log.WithName("volumeCleanupOverwrite").WithValues("device", devicePath, "device", devicePath)
 	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
 	if err != nil {
+		log.Error(err, "Opening device")
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 	defer func() {
-		log.Info("Closing file", device)
+		log.Info("Closing file")
 		err := device.Close()
 		if err != nil {
+			log.Error(err, "While closing deice")
 			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", device.Name(), err))
 		}
 	}()
 
-	deviceSize, err := volumeSize(device)
+	deviceSize, err := volumeSize(log, device)
 	if err != nil {
 		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}

From f024da5c66472c104eb08f4618472c2227665e5b Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 13:02:21 +0600
Subject: [PATCH 065/115] Measure copy time

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go     | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index cc676ad2..646253ad 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -8,20 +8,22 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package utils
 
 import (
-	"agent/internal/logger"
 	"context"
 	"fmt"
 	"io"
 	"os"
 	"syscall"
+	"time"
 	"unsafe"
 
 	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	"github.com/go-logr/logr"
+
+	"agent/internal/logger"
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
-	log.Info("Cleaning up volume", "vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
+	log_int := log.GetLogger().WithName("VolumeCleanup").WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
 	if !commonfeature.VolumeCleanupEnabled() {
 		return fmt.Errorf("Volume cleanup is not supported in your edition.")
 	}
@@ -36,13 +38,13 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	case "Disable":
 		return nil
 	case "SinglePass":
-		err = volumeCleanupOverwrite(ctx, log, &closingErrors, devicePath, randomSource, 1)
+		err = volumeCleanupOverwrite(ctx, log_int, &closingErrors, devicePath, randomSource, 1)
 		break
 	case "ThreePass":
-		err = volumeCleanupOverwrite(ctx, log, &closingErrors, devicePath, randomSource, 3)
+		err = volumeCleanupOverwrite(ctx, log_int, &closingErrors, devicePath, randomSource, 3)
 		break
 	case "Discard":
-		err = volumeCleanupDiscard(ctx, log, &closingErrors, devicePath)
+		err = volumeCleanupDiscard(ctx, log_int, &closingErrors, devicePath)
 		break
 	default:
 		return fmt.Errorf("unknown cleanup method %s", volumeCleanupMethod)
@@ -109,7 +111,7 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 	return int64(blockSize * uint64(blockCount)), nil
 }
 
-func volumeCleanupOverwrite(ctx context.Context, log logr.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
+func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
 	log = log.WithName("volumeCleanupOverwrite").WithValues("device", devicePath, "input", inputPath, "passes", passes)
 	close := func(file *os.File) {
 		log := log.WithValues("name", file.Name())
@@ -143,11 +145,12 @@ func volumeCleanupOverwrite(ctx context.Context, log logr.Logger, closingErrors
 
 	for pass := 0; pass < passes; pass++ {
 		log.Info("Overwriting", "bytes", bytesToWrite, "pass", pass)
+		start := time.Now()
 		written, err := io.CopyN(
 			io.NewOffsetWriter(output, 0),
 			input,
 			bytesToWrite)
-
+		log.Info("Copying is done", "duration", time.Since(start).String())
 		if err != nil {
 			return fmt.Errorf("copying from %s to %s: %w", inputPath, devicePath, err)
 		}

From ae5fd54d8a22dafb32e2208d8f15f5776581f9f9 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 13:03:41 +0600
Subject: [PATCH 066/115] Logging

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 646253ad..c0ebb84e 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -150,8 +150,9 @@ func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[
 			io.NewOffsetWriter(output, 0),
 			input,
 			bytesToWrite)
-		log.Info("Copying is done", "duration", time.Since(start).String())
+		log.Info("Overwriting is done", "duration", time.Since(start).String())
 		if err != nil {
+			log.Error(err, "While overwriting")
 			return fmt.Errorf("copying from %s to %s: %w", inputPath, devicePath, err)
 		}
 

From a66694f87f52dfa2d715a4b7dbac49eb76d00ee6 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 13:15:30 +0600
Subject: [PATCH 067/115] fix errno

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 39 +++++++++----------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index c0ebb84e..9835c8a1 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -23,9 +23,9 @@ import (
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
-	log_int := log.GetLogger().WithName("VolumeCleanup").WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
+	myLog := log.GetLogger().WithName("VolumeCleanup").WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
 	if !commonfeature.VolumeCleanupEnabled() {
-		return fmt.Errorf("Volume cleanup is not supported in your edition.")
+		return fmt.Errorf("volume cleanup is not supported in your edition")
 	}
 
 	devicePath := fmt.Sprintf("/dev/%s/%s", vgName, lvName)
@@ -38,14 +38,11 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	case "Disable":
 		return nil
 	case "SinglePass":
-		err = volumeCleanupOverwrite(ctx, log_int, &closingErrors, devicePath, randomSource, 1)
-		break
+		err = volumeCleanupOverwrite(ctx, myLog, &closingErrors, devicePath, randomSource, 1)
 	case "ThreePass":
-		err = volumeCleanupOverwrite(ctx, log_int, &closingErrors, devicePath, randomSource, 3)
-		break
+		err = volumeCleanupOverwrite(ctx, myLog, &closingErrors, devicePath, randomSource, 3)
 	case "Discard":
-		err = volumeCleanupDiscard(ctx, log_int, &closingErrors, devicePath)
-		break
+		err = volumeCleanupDiscard(ctx, myLog, &closingErrors, devicePath)
 	default:
 		return fmt.Errorf("unknown cleanup method %s", volumeCleanupMethod)
 	}
@@ -57,9 +54,8 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 
 	if len(closingErrors) == 0 {
 		return fmt.Errorf("cleaning volume %s: %w", devicePath, err)
-	} else {
-		return fmt.Errorf("cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
 	}
+	return fmt.Errorf("cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
 }
 
 func volumeSize(log logr.Logger, device *os.File) (int64, error) {
@@ -84,7 +80,7 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 	var blockSize uint64
 	_, _, errno := syscall.Syscall(
 		syscall.SYS_IOCTL,
-		uintptr(device.Fd()),
+		device.Fd(),
 		uintptr(BLKGETSIZE64),
 		uintptr(unsafe.Pointer(&blockSize)))
 	if errno != 0 {
@@ -98,7 +94,7 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 	var blockCount int
 	_, _, errno = syscall.Syscall(
 		syscall.SYS_IOCTL,
-		uintptr(device.Fd()),
+		device.Fd(),
 		uintptr(BLKSSZGET),
 		uintptr(unsafe.Pointer(&blockCount)))
 	if errno != 0 {
@@ -113,7 +109,7 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 
 func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
 	log = log.WithName("volumeCleanupOverwrite").WithValues("device", devicePath, "input", inputPath, "passes", passes)
-	close := func(file *os.File) {
+	closeFile := func(file *os.File) {
 		log := log.WithValues("name", file.Name())
 		log.Info("Closing")
 		err := file.Close()
@@ -128,14 +124,14 @@ func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[
 		log.Error(err, "Opening file", "file", inputPath)
 		return fmt.Errorf("opening source device %s to wipe: %w", inputPath, err)
 	}
-	defer close(input)
+	defer closeFile(input)
 
 	output, err := os.OpenFile(devicePath, syscall.O_DIRECT|syscall.O_RDWR, os.ModeDevice)
 	if err != nil {
 		log.Error(err, "Opening file", "file", devicePath)
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
-	defer close(output)
+	defer closeFile(output)
 
 	bytesToWrite, err := volumeSize(log, output)
 	if err != nil {
@@ -156,7 +152,7 @@ func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[
 			return fmt.Errorf("copying from %s to %s: %w", inputPath, devicePath, err)
 		}
 
-		if written != int64(bytesToWrite) {
+		if written != bytesToWrite {
 			return fmt.Errorf("only %d bytes written, expected %d", written, bytesToWrite)
 		}
 	}
@@ -186,6 +182,7 @@ int main() {
 EOF
 */
 
+//nolint:revive
 const (
 	BLKDISCARD       = 0x1277
 	BLKDISCARDZEROES = 0x127c
@@ -202,7 +199,7 @@ type Range struct {
 	start, count uint64
 }
 
-func volumeCleanupDiscard(ctx context.Context, log logr.Logger, closingErrors *[]error, devicePath string) error {
+func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath string) error {
 	log = log.WithName("volumeCleanupOverwrite").WithValues("device", devicePath, "device", devicePath)
 	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
 	if err != nil {
@@ -228,14 +225,14 @@ func volumeCleanupDiscard(ctx context.Context, log logr.Logger, closingErrors *[
 		count: uint64(deviceSize),
 	}
 
-	_, _, err = syscall.Syscall(
+	_, _, errno := syscall.Syscall(
 		syscall.SYS_IOCTL,
-		uintptr(device.Fd()),
+		device.Fd(),
 		uintptr(BLKDISCARD),
 		uintptr(unsafe.Pointer(&rng)))
 
-	if err != nil {
-		return fmt.Errorf("calling ioctl BLKDISCARD: %w", err)
+	if errno != 0 {
+		return fmt.Errorf("calling ioctl BLKDISCARD: %s", err.Error())
 	}
 
 	return nil

From 8311f89ad81772c763839447e6a46826914ae7ed Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 13:57:05 +0600
Subject: [PATCH 068/115] Correct device size

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 38 ++++++++++---------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 9835c8a1..00b95e4d 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -77,34 +77,36 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 		return 0, fmt.Errorf("not a block device, mode: %x", stat.Mode)
 	}
 
-	var blockSize uint64
+	var blockDeviceSize uint64
 	_, _, errno := syscall.Syscall(
 		syscall.SYS_IOCTL,
 		device.Fd(),
 		uintptr(BLKGETSIZE64),
-		uintptr(unsafe.Pointer(&blockSize)))
+		uintptr(unsafe.Pointer(&blockDeviceSize)))
 	if errno != 0 {
 		return 0, fmt.Errorf("error calling ioctl BLKGETSIZE64: %s", errno.Error())
 	}
-	log.Info("Block size", "blockSize", blockSize)
-	if blockSize <= 0 {
+	log.Info("Block device size", "size", blockDeviceSize)
+	if blockDeviceSize <= 0 {
 		return 0, fmt.Errorf("block size is invalid")
 	}
 
-	var blockCount int
-	_, _, errno = syscall.Syscall(
-		syscall.SYS_IOCTL,
-		device.Fd(),
-		uintptr(BLKSSZGET),
-		uintptr(unsafe.Pointer(&blockCount)))
-	if errno != 0 {
-		return 0, fmt.Errorf("error calling ioctl BLKSSZGET: %s", errno.Error())
-	}
-	log.Info("Block count", "blockCount", blockCount)
-	if blockCount <= 0 {
-		return 0, fmt.Errorf("block count is invalid")
-	}
-	return int64(blockSize * uint64(blockCount)), nil
+	return int64(blockDeviceSize), nil
+
+	// var blockSize int
+	// _, _, errno = syscall.Syscall(
+	// 	syscall.SYS_IOCTL,
+	// 	device.Fd(),
+	// 	uintptr(BLKSSZGET),
+	// 	uintptr(unsafe.Pointer(&blockSize)))
+	// if errno != 0 {
+	// 	return 0, fmt.Errorf("error calling ioctl BLKSSZGET: %s", errno.Error())
+	// }
+	// log.Info("Block size", "blockSize", blockSize)
+	// if blockSize <= 0 {
+	// 	return 0, fmt.Errorf("block size is invalid")
+	// }
+	// return int64(blockDeviceSize * uint64(blockSize)), nil
 }
 
 func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {

From 895b79da5a7751cc735f66e711897ddb98ad7737 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 14:19:32 +0600
Subject: [PATCH 069/115] import order

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ce.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ce.go b/images/agent/src/internal/utils/volume_cleanup_ce.go
index ab6cd28f..374ecad0 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ce.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ce.go
@@ -16,9 +16,10 @@ limitations under the License.
 package utils
 
 import (
-	"agent/internal/logger"
 	"context"
 	"fmt"
+
+	"agent/internal/logger"
 )
 
 func VolumeCleanup(_ context.Context, _ logger.Logger, _, _, _ string) error {

From cd69819d78631008574b4fd8bf330af6b173cb5f Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 14:37:49 +0600
Subject: [PATCH 070/115] Return no error if all fine

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 00b95e4d..e8e4f802 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -52,6 +52,10 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 		closingErrors = closingErrors[1:]
 	}
 
+	if err == nil {
+		return nil
+	}
+
 	if len(closingErrors) == 0 {
 		return fmt.Errorf("cleaning volume %s: %w", devicePath, err)
 	}

From 496f01e8bbe862d25db6fc6d029963cdf87f46ab Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Fri, 14 Feb 2025 17:38:26 +0600
Subject: [PATCH 071/115] let it change thick in crd

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index fb0fc692..9ed824f4 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -100,11 +100,12 @@ spec:
                 thick:
                   type: object
                   x-kubernetes-validations:
-                    - rule: self == oldSelf
-                      message: Value is immutable.
                     - rule: |
                         (!has(oldSelf.contiguous) || has(self.contiguous))
                       message: "Field 'contiguous' cannot be removed."
+                    - rule: |
+                        (!has(oldSelf.volumeCleanupMethod) || has(self.volumeCleanupMethod))
+                      message: "Field 'volumeCleanupMethod' cannot be removed."
                   properties:
                     contiguous:
                       type: boolean

From 6e1a3cfe346c98979e75e1078b07a1b0c8a558a2 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Mon, 17 Feb 2025 18:47:52 +0600
Subject: [PATCH 072/115] More logs

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 58 ++++++++-----------
 1 file changed, 25 insertions(+), 33 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index e8e4f802..794a5187 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -23,7 +23,7 @@ import (
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
-	myLog := log.GetLogger().WithName("VolumeCleanup").WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
+	myLog := log.GetLogger().WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
 	if !commonfeature.VolumeCleanupEnabled() {
 		return fmt.Errorf("volume cleanup is not supported in your edition")
 	}
@@ -57,27 +57,27 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	}
 
 	if len(closingErrors) == 0 {
-		return fmt.Errorf("cleaning volume %s: %w", devicePath, err)
+		return fmt.Errorf("[VolumeCleanup] cleaning volume %s: %w", devicePath, err)
 	}
-	return fmt.Errorf("cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
+	return fmt.Errorf("[VolumeCleanup] cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
 }
 
 func volumeSize(log logr.Logger, device *os.File) (int64, error) {
-	log = log.WithName("volumeSize").WithValues("device", device.Name())
+	log = log.WithValues("device", device.Name())
 	var stat syscall.Stat_t
 	log.Info("Calling fstat")
 	if err := syscall.Fstat(int(device.Fd()), &stat); err != nil {
-		log.Error(err, "Calling fstat")
+		log.Error(err, "[volumeSize] Calling fstat")
 		return 0, fmt.Errorf("fstat call failed: %w", err)
 	}
 
 	if stat.Size > 0 {
-		log.Info("Size is valid.", "size", stat.Size)
+		log.Info("[volumeSize] Size is valid.", "size", stat.Size)
 		return stat.Size, nil
 	}
 
 	if stat.Mode&S_IFMT != S_IFBLK {
-		log.Info("Device mode", "mode", stat.Mode)
+		log.Info("[volumeSize] Device mode", "mode", stat.Mode)
 		return 0, fmt.Errorf("not a block device, mode: %x", stat.Mode)
 	}
 
@@ -96,63 +96,48 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 	}
 
 	return int64(blockDeviceSize), nil
-
-	// var blockSize int
-	// _, _, errno = syscall.Syscall(
-	// 	syscall.SYS_IOCTL,
-	// 	device.Fd(),
-	// 	uintptr(BLKSSZGET),
-	// 	uintptr(unsafe.Pointer(&blockSize)))
-	// if errno != 0 {
-	// 	return 0, fmt.Errorf("error calling ioctl BLKSSZGET: %s", errno.Error())
-	// }
-	// log.Info("Block size", "blockSize", blockSize)
-	// if blockSize <= 0 {
-	// 	return 0, fmt.Errorf("block size is invalid")
-	// }
-	// return int64(blockDeviceSize * uint64(blockSize)), nil
 }
 
 func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
-	log = log.WithName("volumeCleanupOverwrite").WithValues("device", devicePath, "input", inputPath, "passes", passes)
+	log = log.WithValues("device", devicePath, "input", inputPath, "passes", passes)
 	closeFile := func(file *os.File) {
 		log := log.WithValues("name", file.Name())
-		log.Info("Closing")
+		log.Info("[volumeCleanupOverwrite] Closing")
 		err := file.Close()
 		if err != nil {
-			log.Error(err, "While closing")
+			log.Error(err, "[volumeCleanupOverwrite] While closing")
 			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", file.Name(), err))
 		}
 	}
 
 	input, err := os.OpenFile(inputPath, syscall.O_RDONLY, os.ModeDevice)
 	if err != nil {
-		log.Error(err, "Opening file", "file", inputPath)
+		log.Error(err, "[volumeCleanupOverwrite] Opening file", "file", inputPath)
 		return fmt.Errorf("opening source device %s to wipe: %w", inputPath, err)
 	}
 	defer closeFile(input)
 
 	output, err := os.OpenFile(devicePath, syscall.O_DIRECT|syscall.O_RDWR, os.ModeDevice)
 	if err != nil {
-		log.Error(err, "Opening file", "file", devicePath)
+		log.Error(err, "[volumeCleanupOverwrite] Opening file", "file", devicePath)
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 	defer closeFile(output)
 
 	bytesToWrite, err := volumeSize(log, output)
 	if err != nil {
-		log.Error(err, "Finding volume size")
+		log.Error(err, "[volumeCleanupOverwrite] Finding volume size")
 		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 
 	for pass := 0; pass < passes; pass++ {
-		log.Info("Overwriting", "bytes", bytesToWrite, "pass", pass)
+		log.Info("[volumeCleanupOverwrite] Overwriting", "bytes", bytesToWrite, "pass", pass)
 		start := time.Now()
 		written, err := io.CopyN(
 			io.NewOffsetWriter(output, 0),
 			input,
 			bytesToWrite)
-		log.Info("Overwriting is done", "duration", time.Since(start).String())
+		log.Info("[volumeCleanupOverwrite] Overwriting is done", "duration", time.Since(start).String())
 		if err != nil {
 			log.Error(err, "While overwriting")
 			return fmt.Errorf("copying from %s to %s: %w", inputPath, devicePath, err)
@@ -206,23 +191,24 @@ type Range struct {
 }
 
 func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath string) error {
-	log = log.WithName("volumeCleanupOverwrite").WithValues("device", devicePath, "device", devicePath)
+	log = log.WithValues("device", devicePath, "device", devicePath)
 	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
 	if err != nil {
-		log.Error(err, "Opening device")
+		log.Error(err, "[volumeCleanupDiscard] Opening device")
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 	defer func() {
 		log.Info("Closing file")
 		err := device.Close()
 		if err != nil {
-			log.Error(err, "While closing deice")
+			log.Error(err, "[volumeCleanupDiscard] While closing deice")
 			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", device.Name(), err))
 		}
 	}()
 
 	deviceSize, err := volumeSize(log, device)
 	if err != nil {
+		log.Error(err, "[volumeCleanupDiscard] finding device size")
 		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 
@@ -231,13 +217,19 @@ func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]e
 		count: uint64(deviceSize),
 	}
 
+	log.Info("[volumeCleanupDiscard] calling BLKDISCARD")
+	start := time.Now()
+
 	_, _, errno := syscall.Syscall(
 		syscall.SYS_IOCTL,
 		device.Fd(),
 		uintptr(BLKDISCARD),
 		uintptr(unsafe.Pointer(&rng)))
 
+	log.Info("[volumeCleanupDiscard] BLKDISCARD is done", "duration", time.Since(start).String(), "errno", errno)
+
 	if errno != 0 {
+		log.Error(fmt.Errorf(err.Error()), "[volumeCleanupDiscard] error calling BLKDISCARD")
 		return fmt.Errorf("calling ioctl BLKDISCARD: %s", err.Error())
 	}
 

From 392320b44c07409b87e737f861cb4fa837bb2121 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Mon, 17 Feb 2025 19:00:54 +0600
Subject: [PATCH 073/115] Open `O_RDWR` for discard

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 794a5187..611a2086 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -192,7 +192,7 @@ type Range struct {
 
 func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath string) error {
 	log = log.WithValues("device", devicePath, "device", devicePath)
-	device, err := os.OpenFile(devicePath, syscall.O_DIRECT, os.ModeDevice)
+	device, err := os.OpenFile(devicePath, syscall.O_RDWR, os.ModeDevice)
 	if err != nil {
 		log.Error(err, "[volumeCleanupDiscard] Opening device")
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
@@ -217,7 +217,7 @@ func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]e
 		count: uint64(deviceSize),
 	}
 
-	log.Info("[volumeCleanupDiscard] calling BLKDISCARD")
+	log.Info("[volumeCleanupDiscard] calling BLKDISCARD", "fd", device.Fd(), "range", rng)
 	start := time.Now()
 
 	_, _, errno := syscall.Syscall(

From 40fc76ff117bca2d6abd0dc686ab0799fb4ffd08 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Mon, 17 Feb 2025 19:42:34 +0600
Subject: [PATCH 074/115] Fix errno crash

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 611a2086..e174dc32 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -229,8 +229,9 @@ func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]e
 	log.Info("[volumeCleanupDiscard] BLKDISCARD is done", "duration", time.Since(start).String(), "errno", errno)
 
 	if errno != 0 {
-		log.Error(fmt.Errorf(err.Error()), "[volumeCleanupDiscard] error calling BLKDISCARD")
-		return fmt.Errorf("calling ioctl BLKDISCARD: %s", err.Error())
+		err := fmt.Errorf(errno.Error())
+		log.Error(err, "[volumeCleanupDiscard] error calling BLKDISCARD")
+		return fmt.Errorf("calling ioctl BLKDISCARD: %s", err)
 	}
 
 	return nil

From 03a01b9a335c9940eeca5619c9a52121b5e40a8c Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 12:00:00 +0600
Subject: [PATCH 075/115] Cleaner error message

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index e174dc32..f2e68add 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -57,9 +57,9 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	}
 
 	if len(closingErrors) == 0 {
-		return fmt.Errorf("[VolumeCleanup] cleaning volume %s: %w", devicePath, err)
+		return fmt.Errorf("cleaning volume %s: %w", devicePath, err)
 	}
-	return fmt.Errorf("[VolumeCleanup] cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
+	return fmt.Errorf("cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
 }
 
 func volumeSize(log logr.Logger, device *os.File) (int64, error) {

From 3b4b16383a93819f04d29781daa2c1b52f8cb287 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 15:31:06 +0600
Subject: [PATCH 076/115] lint

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index f2e68add..d59a7588 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -229,7 +229,7 @@ func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]e
 	log.Info("[volumeCleanupDiscard] BLKDISCARD is done", "duration", time.Since(start).String(), "errno", errno)
 
 	if errno != 0 {
-		err := fmt.Errorf(errno.Error())
+		err := fmt.Errorf("%s", errno.Error())
 		log.Error(err, "[volumeCleanupDiscard] error calling BLKDISCARD")
 		return fmt.Errorf("calling ioctl BLKDISCARD: %s", err)
 	}

From 6cb1d174a30ac2d74bd92aac2fb98037c181863d Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 17:42:09 +0600
Subject: [PATCH 077/115] Fix API by ADR

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 api/v1alpha1/lvm_logical_volume.go            |  4 +-
 crds/doc-ru-lvmlogicalvolume.yaml             |  7 ++--
 crds/lvmlogicalvolume.yaml                    | 13 +++---
 docs/USAGE.ru.md                              | 10 ++---
 .../src/internal/controller/llv/reconciler.go | 42 +++++++++----------
 .../src/internal/utils/volume_cleanup_ee.go   | 14 +++----
 6 files changed, 43 insertions(+), 47 deletions(-)

diff --git a/api/v1alpha1/lvm_logical_volume.go b/api/v1alpha1/lvm_logical_volume.go
index 9caccda6..fc3a0bc1 100644
--- a/api/v1alpha1/lvm_logical_volume.go
+++ b/api/v1alpha1/lvm_logical_volume.go
@@ -51,8 +51,8 @@ type LVMLogicalVolumeThinSpec struct {
 }
 
 type LVMLogicalVolumeThickSpec struct {
-	Contiguous          *bool  `json:"contiguous"`
-	VolumeCleanupMethod string `json:"volumeCleanupMethod"`
+	Contiguous    *bool  `json:"contiguous"`
+	VolumeCleanup string `json:"volumeCleanup"`
 }
 type LVMLogicalVolumeStatus struct {
 	Phase      string            `json:"phase"`
diff --git a/crds/doc-ru-lvmlogicalvolume.yaml b/crds/doc-ru-lvmlogicalvolume.yaml
index f81d550b..45470307 100644
--- a/crds/doc-ru-lvmlogicalvolume.yaml
+++ b/crds/doc-ru-lvmlogicalvolume.yaml
@@ -38,12 +38,11 @@ spec:
                     contiguous:
                       description: |
                         Если true, логический том будет создан с флагом contiguous. Примечание: Этот флаг следует использовать с осторожностью, так как он может привести к невозможности создания LV, не смотря на наличие свободного пространства.
-                    volumeCleanupMethod:
+                    volumeCleanup:
                       description: |
                         Метод очистки тома после удаления PV.
-                        `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
-                        `SinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
-                        `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
+                        `RandomFillSinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
+                        `RandomFillThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
                         `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
             status:
               description: |
diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index 9ed824f4..b840297f 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -104,8 +104,8 @@ spec:
                         (!has(oldSelf.contiguous) || has(self.contiguous))
                       message: "Field 'contiguous' cannot be removed."
                     - rule: |
-                        (!has(oldSelf.volumeCleanupMethod) || has(self.volumeCleanupMethod))
-                      message: "Field 'volumeCleanupMethod' cannot be removed."
+                        (!has(oldSelf.volumeCleanup) || has(self.volumeCleanup))
+                      message: "Field 'volumeCleanup' cannot be removed."
                   properties:
                     contiguous:
                       type: boolean
@@ -114,14 +114,13 @@ spec:
                           message: Value is immutable.
                       description: |
                         If true, the Logical Volume will be created with the contiguous flag. Use it carefully as LV might not be created even if there is enough space in VG.
-                    volumeCleanupMethod:
+                    volumeCleanup:
                       type: string
-                      enum: [Disable, SinglePass, ThreePass, Discard]
+                      enum: [RandomFillThreePass, RandomFillSinglePass, Discard]
                       description: |
                         The method of the volume cleanup before deletion.
-                        - `Disable`: Do not perform any additional actions when deleting the volume. The data may remain accessible to the next user.
-                        - `SinglePass`: The volume will be overwritten with random data once before deletion. This option is not recommended for solid-state drives, as it reduces the lifespan of the drive.
-                        - `ThreePass`: The volume will be overwritten with random data three times before deletion. This option is also not recommended for solid-state drives, as it reduces the lifespan of the drive.
+                        - `RandomFillSinglePass`: The volume will be overwritten with random data once before deletion. This option is not recommended for solid-state drives, as it reduces the lifespan of the drive.
+                        - `RandomFillThreePass`: The volume will be overwritten with random data three times before deletion. This option is also not recommended for solid-state drives, as it reduces the lifespan of the drive.
                         - `Discard`: All blocks of the volume will be marked as free using the `discard`` system call before deletion. This option is only applicable to solid-state drives.
                 source:
                   type: object
diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 1ce09630..1d9d323e 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -185,15 +185,15 @@ kubectl delete lvg %lvg-name%
 
 ### Thick-тома
 
-Для предотвращения утечек через thick-тома предусмотрено два параметра `volumeCleanupMethod`.
+Для предотвращения утечек через thick-тома предусмотрено два параметра `volumeCleanup`.
 
-#### Параметр `volumeCleanupMethod`
+#### Параметр `volumeCleanup`
 
-* `Disable` - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
+* отсутствует - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
 
-* `SinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
+* `RandomFillSinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
 
-* `ThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
+* `RandomFillThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
 
 * `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
 
diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 4b0c61c2..09ed9b71 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -129,7 +129,7 @@ func (r *Reconciler) Reconcile(
 	lvg, err := r.lvgCl.GetLVMVolumeGroup(ctx, llv.Spec.LVMVolumeGroupName)
 	if err != nil {
 		if k8serr.IsNotFound(err) {
-			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolume] LVMVolumeGroup %s not found for LVMLogicalVolume %s. Retry in %s", llv.Spec.LVMVolumeGroupName, llv.Name, r.cfg.VolumeGroupScanInterval.String()))
+			r.log.Error(err, fmt.Sprintf("[Reconcile] LVMVolumeGroup %s not found for LVMLogicalVolume %s. Retry in %s", llv.Spec.LVMVolumeGroupName, llv.Name, r.cfg.VolumeGroupScanInterval.String()))
 			err = r.llvCl.UpdatePhaseIfNeeded(
 				ctx,
 				llv,
@@ -137,7 +137,7 @@ func (r *Reconciler) Reconcile(
 				fmt.Sprintf("LVMVolumeGroup %s not found", llv.Spec.LVMVolumeGroupName),
 			)
 			if err != nil {
-				r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolume] unable to update the LVMLogicalVolume %s", llv.Name))
+				r.log.Error(err, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
 				return controller.Result{}, err
 			}
 
@@ -153,16 +153,16 @@ func (r *Reconciler) Reconcile(
 			fmt.Sprintf("Unable to get selected LVMVolumeGroup, err: %s", err.Error()),
 		)
 		if err != nil {
-			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolume] unable to update the LVMLogicalVolume %s", llv.Name))
+			r.log.Error(err, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
 		}
 		return controller.Result{}, err
 	}
 
 	if !utils.LVGBelongsToNode(lvg, r.cfg.NodeName) {
-		r.log.Info(fmt.Sprintf("[ReconcileLVMLogicalVolume] the LVMVolumeGroup %s of the LVMLogicalVolume %s does not belongs to the current node: %s. Reconciliation stopped", lvg.Name, llv.Name, r.cfg.NodeName))
+		r.log.Info(fmt.Sprintf("[Reconcile] the LVMVolumeGroup %s of the LVMLogicalVolume %s does not belongs to the current node: %s. Reconciliation stopped", lvg.Name, llv.Name, r.cfg.NodeName))
 		return controller.Result{}, nil
 	}
-	r.log.Info(fmt.Sprintf("[ReconcileLVMLogicalVolume] the LVMVolumeGroup %s of the LVMLogicalVolume %s belongs to the current node: %s. Reconciliation continues", lvg.Name, llv.Name, r.cfg.NodeName))
+	r.log.Info(fmt.Sprintf("[Reconcile] the LVMVolumeGroup %s of the LVMLogicalVolume %s belongs to the current node: %s. Reconciliation continues", lvg.Name, llv.Name, r.cfg.NodeName))
 
 	// this case prevents the unexpected behavior when the controller runs up with existing LVMLogicalVolumes
 	if vgs, _ := r.sdsCache.GetVGs(); len(vgs) == 0 {
@@ -170,47 +170,47 @@ func (r *Reconciler) Reconcile(
 		return controller.Result{RequeueAfter: r.cfg.VolumeGroupScanInterval}, nil
 	}
 
-	r.log.Debug(fmt.Sprintf("[ReconcileLVMLogicalVolume] tries to add the finalizer %s to the LVMLogicalVolume %s", internal.SdsNodeConfiguratorFinalizer, llv.Name))
+	r.log.Debug(fmt.Sprintf("[Reconcile] tries to add the finalizer %s to the LVMLogicalVolume %s", internal.SdsNodeConfiguratorFinalizer, llv.Name))
 	added, err := r.addLLVFinalizerIfNotExist(ctx, llv)
 	if err != nil {
-		r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolume] unable to update the LVMLogicalVolume %s", llv.Name))
+		r.log.Error(err, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
 		return controller.Result{}, err
 	}
 	if added {
-		r.log.Debug(fmt.Sprintf("[ReconcileLVMLogicalVolume] successfully added the finalizer %s to the LVMLogicalVolume %s", internal.SdsNodeConfiguratorFinalizer, llv.Name))
+		r.log.Debug(fmt.Sprintf("[Reconcile] successfully added the finalizer %s to the LVMLogicalVolume %s", internal.SdsNodeConfiguratorFinalizer, llv.Name))
 	} else {
-		r.log.Debug(fmt.Sprintf("[ReconcileLVMLogicalVolume] no need to add the finalizer %s to the LVMLogicalVolume %s", internal.SdsNodeConfiguratorFinalizer, llv.Name))
+		r.log.Debug(fmt.Sprintf("[Reconcile] no need to add the finalizer %s to the LVMLogicalVolume %s", internal.SdsNodeConfiguratorFinalizer, llv.Name))
 	}
 
-	r.log.Info(fmt.Sprintf("[ReconcileLVMLogicalVolume] starts to validate the LVMLogicalVolume %s", llv.Name))
+	r.log.Info(fmt.Sprintf("[Reconcile] starts to validate the LVMLogicalVolume %s", llv.Name))
 	valid, reason := r.validateLVMLogicalVolume(llv, lvg)
 	if !valid {
-		r.log.Warning(fmt.Sprintf("[ReconcileLVMLogicalVolume] the LVMLogicalVolume %s is not valid, reason: %s", llv.Name, reason))
+		r.log.Warning(fmt.Sprintf("[Reconcile] the LVMLogicalVolume %s is not valid, reason: %s", llv.Name, reason))
 		err = r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, reason)
 		if err != nil {
-			r.log.Error(err, fmt.Sprintf("[ReconcileLVMLogicalVolume] unable to update the LVMLogicalVolume %s", llv.Name))
+			r.log.Error(err, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
 			return controller.Result{}, err
 		}
 
 		return controller.Result{}, nil
 	}
-	r.log.Info(fmt.Sprintf("[ReconcileLVMLogicalVolume] successfully validated the LVMLogicalVolume %s", llv.Name))
+	r.log.Info(fmt.Sprintf("[Reconcile] successfully validated the LVMLogicalVolume %s", llv.Name))
 
 	shouldRequeue, err := r.ReconcileLVMLogicalVolume(ctx, llv, lvg)
 	if err != nil {
-		r.log.Error(err, fmt.Sprintf("[RunLVMLogicalVolumeWatcherController] an error occurred while reconciling the LVMLogicalVolume: %s", llv.Name))
+		r.log.Error(err, fmt.Sprintf("[Reconcile] an error occurred while reconciling the LVMLogicalVolume: %s", llv.Name))
 		updErr := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, err.Error())
 		if updErr != nil {
-			r.log.Error(updErr, fmt.Sprintf("[RunLVMLogicalVolumeWatcherController] unable to update the LVMLogicalVolume %s", llv.Name))
+			r.log.Error(updErr, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
 			return controller.Result{}, updErr
 		}
 	}
 	if shouldRequeue {
-		r.log.Info(fmt.Sprintf("[RunLVMLogicalVolumeWatcherController] some issues were occurred while reconciliation the LVMLogicalVolume %s. Requeue the request in %s", llv.Name, r.cfg.LLVRequeueInterval.String()))
+		r.log.Info(fmt.Sprintf("[Reconcile] some issues were occurred while reconciliation the LVMLogicalVolume %s. Requeue the request in %s", llv.Name, r.cfg.LLVRequeueInterval.String()))
 		return controller.Result{RequeueAfter: r.cfg.LLVRequeueInterval}, nil
 	}
 
-	r.log.Info(fmt.Sprintf("[RunLVMLogicalVolumeWatcherController] successfully ended reconciliation of the LVMLogicalVolume %s", llv.Name))
+	r.log.Info(fmt.Sprintf("[Reconcile] successfully ended reconciliation of the LVMLogicalVolume %s", llv.Name))
 	return controller.Result{}, nil
 }
 
@@ -549,11 +549,11 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 		return nil
 	}
 
-	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanupMethod != "" {
-		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanupMethod))
-		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, llv.Spec.Thick.VolumeCleanupMethod)
+	if llv.Spec.Type == internal.Thick && llv.Spec.Thick.VolumeCleanup != "" {
+		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanup))
+		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, llv.Spec.Thick.VolumeCleanup)
 		if err != nil {
-			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanupMethod))
+			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanup))
 			return err
 		}
 	}
diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index d59a7588..3f78ab90 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -22,8 +22,8 @@ import (
 	"agent/internal/logger"
 )
 
-func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanupMethod string) error {
-	myLog := log.GetLogger().WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanupMethod)
+func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanup string) error {
+	myLog := log.GetLogger().WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanup)
 	if !commonfeature.VolumeCleanupEnabled() {
 		return fmt.Errorf("volume cleanup is not supported in your edition")
 	}
@@ -34,17 +34,15 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 	var err error
 	closingErrors := []error{}
 
-	switch volumeCleanupMethod {
-	case "Disable":
-		return nil
-	case "SinglePass":
+	switch volumeCleanup {
+	case "RandomFillSinglePass":
 		err = volumeCleanupOverwrite(ctx, myLog, &closingErrors, devicePath, randomSource, 1)
-	case "ThreePass":
+	case "RandomFillThreePass":
 		err = volumeCleanupOverwrite(ctx, myLog, &closingErrors, devicePath, randomSource, 3)
 	case "Discard":
 		err = volumeCleanupDiscard(ctx, myLog, &closingErrors, devicePath)
 	default:
-		return fmt.Errorf("unknown cleanup method %s", volumeCleanupMethod)
+		return fmt.Errorf("unknown cleanup method %s", volumeCleanup)
 	}
 
 	if err == nil && len(closingErrors) > 0 {

From 0c11d2cee738073594288ad5b2a58418825b043b Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 17:42:30 +0600
Subject: [PATCH 078/115] Enable volumeCleanup remove

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index b840297f..9461a5d1 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -103,9 +103,6 @@ spec:
                     - rule: |
                         (!has(oldSelf.contiguous) || has(self.contiguous))
                       message: "Field 'contiguous' cannot be removed."
-                    - rule: |
-                        (!has(oldSelf.volumeCleanup) || has(self.volumeCleanup))
-                      message: "Field 'volumeCleanup' cannot be removed."
                   properties:
                     contiguous:
                       type: boolean

From 3e1d821531ae6c50e1af40f9a541b3a9b4b0b9b8 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 19:24:10 +0600
Subject: [PATCH 079/115] make it build

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/cmd/main.go                         | 2 +-
 images/agent/src/internal/utils/volume_cleanup_ee.go | 4 ++--
 lib/go/common/pkg/feature/feature.go                 | 4 ++++
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/images/agent/src/cmd/main.go b/images/agent/src/cmd/main.go
index aed541f3..af0457de 100644
--- a/images/agent/src/cmd/main.go
+++ b/images/agent/src/cmd/main.go
@@ -75,7 +75,7 @@ func main() {
 	log.Info(fmt.Sprintf("[main] OS/Arch:Go OS/Arch:%s/%s ", goruntime.GOOS, goruntime.GOARCH))
 
 	log.Info(fmt.Sprintf("[main] Feature SnapshotsEnabled: %t", feature.SnapshotsEnabled()))
-	log.Info(fmt.Sprintf("[main] Feature VolumeCleanupEnabled: %t", commonfeature.VolumeCleanupEnabled()))
+	log.Info(fmt.Sprintf("[main] Feature VolumeCleanupEnabled: %t", feature.VolumeCleanupEnabled()))
 
 	log.Info("[main] CfgParams has been successfully created")
 	log.Info(fmt.Sprintf("[main] %s = %s", config.LogLevel, cfgParams.Loglevel))
diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 3f78ab90..380e8cb9 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -16,7 +16,7 @@ import (
 	"time"
 	"unsafe"
 
-	commonfeature "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
+	"github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	"github.com/go-logr/logr"
 
 	"agent/internal/logger"
@@ -24,7 +24,7 @@ import (
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanup string) error {
 	myLog := log.GetLogger().WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanup)
-	if !commonfeature.VolumeCleanupEnabled() {
+	if !feature.VolumeCleanupEnabled() {
 		return fmt.Errorf("volume cleanup is not supported in your edition")
 	}
 
diff --git a/lib/go/common/pkg/feature/feature.go b/lib/go/common/pkg/feature/feature.go
index 18ed9940..c82186b8 100644
--- a/lib/go/common/pkg/feature/feature.go
+++ b/lib/go/common/pkg/feature/feature.go
@@ -3,3 +3,7 @@ package feature
 func SnapshotsEnabled() bool {
 	return snapshotsEnabled
 }
+
+func VolumeCleanupEnabled() bool {
+	return volumeCleanupEnabled
+}

From bc4c2dc533102242298e168f8a06bc9dc33e9783 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 20:19:54 +0600
Subject: [PATCH 080/115] Make it build

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/controller/llv/reconciler.go |  1 -
 lib/go/common/pkg/feature/1_ce.go             | 19 -------------------
 lib/go/common/pkg/feature/2_se.go             | 11 -----------
 lib/go/common/pkg/feature/3_se_plus.go        | 11 -----------
 lib/go/common/pkg/feature/4_ee.go             | 11 -----------
 lib/go/common/pkg/feature/5_cse_pro.go        | 11 -----------
 lib/go/common/pkg/feature/const_ce.go         |  1 +
 lib/go/common/pkg/feature/const_csepro.go     |  1 +
 lib/go/common/pkg/feature/const_ee.go         |  1 +
 lib/go/common/pkg/feature/const_se.go         |  1 +
 lib/go/common/pkg/feature/const_seplus.go     |  1 +
 11 files changed, 5 insertions(+), 64 deletions(-)
 delete mode 100644 lib/go/common/pkg/feature/1_ce.go
 delete mode 100644 lib/go/common/pkg/feature/2_se.go
 delete mode 100644 lib/go/common/pkg/feature/3_se_plus.go
 delete mode 100644 lib/go/common/pkg/feature/4_ee.go
 delete mode 100644 lib/go/common/pkg/feature/5_cse_pro.go

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index d1acd8b0..09ed9b71 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -25,7 +25,6 @@ import (
 	"time"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-	"github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
 	"github.com/google/go-cmp/cmp"
 	k8serr "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/resource"
diff --git a/lib/go/common/pkg/feature/1_ce.go b/lib/go/common/pkg/feature/1_ce.go
deleted file mode 100644
index aec6ce27..00000000
--- a/lib/go/common/pkg/feature/1_ce.go
+++ /dev/null
@@ -1,19 +0,0 @@
-//go:build ce
-
-/*
-Copyright 2025 Flant JSC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package feature
-
-const snapshotsEnabled = false
-const volumeCleanupEnabled = false
diff --git a/lib/go/common/pkg/feature/2_se.go b/lib/go/common/pkg/feature/2_se.go
deleted file mode 100644
index b79cfb31..00000000
--- a/lib/go/common/pkg/feature/2_se.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build se
-
-/*
-Copyright 2025 Flant JSC
-Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
-*/
-
-package feature
-
-const snapshotsEnabled = true
-const volumeCleanupEnabled = false
diff --git a/lib/go/common/pkg/feature/3_se_plus.go b/lib/go/common/pkg/feature/3_se_plus.go
deleted file mode 100644
index bef9cb5a..00000000
--- a/lib/go/common/pkg/feature/3_se_plus.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build seplus
-
-/*
-Copyright 2025 Flant JSC
-Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
-*/
-
-package feature
-
-const snapshotsEnabled = true
-const volumeCleanupEnabled = false
diff --git a/lib/go/common/pkg/feature/4_ee.go b/lib/go/common/pkg/feature/4_ee.go
deleted file mode 100644
index 2037fd79..00000000
--- a/lib/go/common/pkg/feature/4_ee.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build ee
-
-/*
-Copyright 2025 Flant JSC
-Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
-*/
-
-package feature
-
-const snapshotsEnabled = true
-const volumeCleanupEnabled = true
diff --git a/lib/go/common/pkg/feature/5_cse_pro.go b/lib/go/common/pkg/feature/5_cse_pro.go
deleted file mode 100644
index 0cfac3a2..00000000
--- a/lib/go/common/pkg/feature/5_cse_pro.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build csepro
-
-/*
-Copyright 2025 Flant JSC
-Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
-*/
-
-package feature
-
-const snapshotsEnabled = true
-const volumeCleanupEnabled = true
diff --git a/lib/go/common/pkg/feature/const_ce.go b/lib/go/common/pkg/feature/const_ce.go
index f1240f87..aec6ce27 100644
--- a/lib/go/common/pkg/feature/const_ce.go
+++ b/lib/go/common/pkg/feature/const_ce.go
@@ -16,3 +16,4 @@ limitations under the License.
 package feature
 
 const snapshotsEnabled = false
+const volumeCleanupEnabled = false
diff --git a/lib/go/common/pkg/feature/const_csepro.go b/lib/go/common/pkg/feature/const_csepro.go
index 3a0b2587..bdd208fb 100644
--- a/lib/go/common/pkg/feature/const_csepro.go
+++ b/lib/go/common/pkg/feature/const_csepro.go
@@ -9,3 +9,4 @@ See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = true
diff --git a/lib/go/common/pkg/feature/const_ee.go b/lib/go/common/pkg/feature/const_ee.go
index cf1d2165..0fd07f6b 100644
--- a/lib/go/common/pkg/feature/const_ee.go
+++ b/lib/go/common/pkg/feature/const_ee.go
@@ -9,3 +9,4 @@ See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = true
diff --git a/lib/go/common/pkg/feature/const_se.go b/lib/go/common/pkg/feature/const_se.go
index 8a5bbca0..fdb30460 100644
--- a/lib/go/common/pkg/feature/const_se.go
+++ b/lib/go/common/pkg/feature/const_se.go
@@ -9,3 +9,4 @@ See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = false
diff --git a/lib/go/common/pkg/feature/const_seplus.go b/lib/go/common/pkg/feature/const_seplus.go
index d2445b57..61f6352c 100644
--- a/lib/go/common/pkg/feature/const_seplus.go
+++ b/lib/go/common/pkg/feature/const_seplus.go
@@ -9,3 +9,4 @@ See https://github.com/deckhouse/deckhouse/blob/main/ee/LICENSE
 package feature
 
 const snapshotsEnabled = true
+const volumeCleanupEnabled = false

From d5f8a12e88d69f97853aee99842002806c5433e8 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 20:49:59 +0600
Subject: [PATCH 081/115] diff cleanup

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .gitignore                                |   1 -
 .werf/bundle.yaml                         |   6 +-
 .werf/choice-edition.yaml                 |  16 ---
 lib/go/common/go.sum                      | 154 ----------------------
 lib/go/common/pkg/validating/validator.go |  52 --------
 werf.yaml                                 |   1 -
 6 files changed, 1 insertion(+), 229 deletions(-)
 delete mode 100644 .werf/choice-edition.yaml
 delete mode 100644 lib/go/common/pkg/validating/validator.go

diff --git a/.gitignore b/.gitignore
index 3e502712..4b561694 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,7 +28,6 @@
 .settings
 .idea/
 venv/
-.vscode
 *.code-workspace
 .vscode
 *.code-workspace
diff --git a/.werf/bundle.yaml b/.werf/bundle.yaml
index 5778b871..72c5d96f 100644
--- a/.werf/bundle.yaml
+++ b/.werf/bundle.yaml
@@ -14,11 +14,6 @@ import:
   add: /lib/python/dist
   to: /lib/python/dist
   after: setup
-# Rendering .werf/choice-edition.yaml is required!
-- image: choice-edition
-  add: /openapi
-  to: /openapi
-  after: setup
 git:
 - add: /
   to: /
@@ -30,5 +25,6 @@ git:
   - enabled
   - hooks
   - monitoring
+  - openapi
   - templates
   - Chart.yaml
diff --git a/.werf/choice-edition.yaml b/.werf/choice-edition.yaml
deleted file mode 100644
index 52901c23..00000000
--- a/.werf/choice-edition.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-# TODO comment here
----
-image: choice-edition
-from: {{ $.BASE_ALT_P11 }}
-fromCacheVersion: 2025-02-07.2
-git:
-  - add: /
-    to: /
-    includePaths:
-      - openapi
-shell:
-  setup:
-    - cd /openapi
-    # - cp -v values_{{ .MODULE_EDITION }}.yaml values.yaml
-    - if [[ {{ .MODULE_EDITION }} == "ce" ]]; then cp -v values_ce.yaml values.yaml; else cp -v values_ee.yaml values.yaml; fi
-    - rm -f values_*.yaml
diff --git a/lib/go/common/go.sum b/lib/go/common/go.sum
index 8aa639ba..e69de29b 100644
--- a/lib/go/common/go.sum
+++ b/lib/go/common/go.sum
@@ -1,154 +0,0 @@
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
-github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
-github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
-github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
-github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
-github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
-github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
-github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
-github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
-github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
-github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
-github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
-github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
-github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
-github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
-github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
-go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
-golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
-golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
-golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
-golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
-golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
-gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
-k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
-k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0=
-k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
-k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
-k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
-k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
-k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
-k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
-k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
-k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
-sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
-sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
-sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
-sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
-sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/lib/go/common/pkg/validating/validator.go b/lib/go/common/pkg/validating/validator.go
deleted file mode 100644
index 22a0c25c..00000000
--- a/lib/go/common/pkg/validating/validator.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-Copyright 2025 Flant JSC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package validating
-
-import (
-	"context"
-	"fmt"
-
-	snc "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-	"github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-)
-
-func ValidateLVMLogicalVolumeSnapshot(ctx context.Context, cl client.Client, llvs *snc.LVMLogicalVolumeSnapshot, llv *snc.LVMLogicalVolume) (string, error) {
-	if !feature.SnapshotsEnabled() {
-		msg := "The snapshot feature is not available in your edition"
-		return msg, nil
-	}
-
-	if llvs.DeletionTimestamp != nil {
-		return "", nil
-	}
-
-	if llvs.Status == nil {
-		// cl.Get(ctx, llvs.Spec.LVMLogicalVolumeName, llv)
-		err := cl.Get(ctx, types.NamespacedName{Name: llvs.Spec.LVMLogicalVolumeName}, llv)
-		if err != nil {
-			return "", fmt.Errorf("failed to get source LVMLogicalVolume %s: %s", llvs.Spec.LVMLogicalVolumeName, err)
-		}
-
-		if llv.Spec.Thin == nil {
-			return "Source LVMLogicalVolume %s is not thin provisioned. Snapshots are only supported for thin provisioned logical volumes", nil
-		}
-	}
-
-	return "", nil
-}
diff --git a/werf.yaml b/werf.yaml
index 13f87e5b..07a34773 100644
--- a/werf.yaml
+++ b/werf.yaml
@@ -5,7 +5,6 @@ configVersion: 1
 {{ tpl (.Files.Get ".werf/images.yaml") $ }}
 {{ tpl (.Files.Get ".werf/images-digests.yaml") $ }}
 {{ tpl (.Files.Get ".werf/python-deps.yaml") $ }}
-{{ tpl (.Files.Get ".werf/choice-edition.yaml") $ }}
 {{ tpl (.Files.Get ".werf/bundle.yaml") $ }}
 {{ tpl (.Files.Get ".werf/release.yaml") $ }}
 

From 58c00ac25d090204be384d45f0e427d1a2492eff Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 20:50:41 +0600
Subject: [PATCH 082/115] cleanup

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 openapi/values_ce.yaml | 36 ------------------------------------
 1 file changed, 36 deletions(-)
 delete mode 100644 openapi/values_ce.yaml

diff --git a/openapi/values_ce.yaml b/openapi/values_ce.yaml
deleted file mode 100644
index 0c5c4974..00000000
--- a/openapi/values_ce.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-x-extend:
-  schema: config-values.yaml
-type: object
-properties:
-  internal:
-    type: object
-    default: {}
-    properties:
-      featureLLVSEnabled:
-        type: boolean
-        default: false
-      pythonVersions:
-        type: array
-        default: []
-        items:
-          type: string
-      customWebhookCert:
-        type: object
-        default: {}
-        x-required-for-helm:
-          - crt
-          - key
-          - ca
-        properties:
-          crt:
-            type: string
-            x-examples: ["YjY0ZW5jX3N0cmluZwo="]
-          key:
-            type: string
-            x-examples: ["YjY0ZW5jX3N0cmluZwo="]
-          ca:
-            type: string
-            x-examples: ["YjY0ZW5jX3N0cmluZwo="]
-  registry:
-    type: object
-    description: "System field, overwritten by Deckhouse. Don't use"

From 0bd9e5aa8e0b742e607fd79cfbcf83ed6fea1d7e Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 21:08:28 +0600
Subject: [PATCH 083/115] remove setStatusIfNeeded

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../internal/controller/llvs/reconciler_ee.go | 117 +++++++-----------
 1 file changed, 43 insertions(+), 74 deletions(-)

diff --git a/images/agent/src/internal/controller/llvs/reconciler_ee.go b/images/agent/src/internal/controller/llvs/reconciler_ee.go
index 5318b67c..ecbaebf9 100644
--- a/images/agent/src/internal/controller/llvs/reconciler_ee.go
+++ b/images/agent/src/internal/controller/llvs/reconciler_ee.go
@@ -11,7 +11,6 @@ import (
 	"time"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
-	commonvalidating "github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/validating"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -81,12 +80,7 @@ func (r *Reconciler) ShouldReconcileUpdate(_ *v1alpha1.LVMLogicalVolumeSnapshot,
 		newObj.Finalizers[0] == internal.SdsNodeConfiguratorFinalizer
 }
 
-func (r *Reconciler) ShouldReconcileCreate(llvs *v1alpha1.LVMLogicalVolumeSnapshot) bool {
-	if llvs.Status != nil && llvs.Status.NodeName != r.cfg.NodeName {
-		r.log.Trace(fmt.Sprintf("LVMLogicalVolumeSnapshot %s has a Status with different node %s. Our node is %s. Skip", llvs.Name, llvs.Status.NodeName, r.cfg.NodeName))
-		return false
-	}
-
+func (r *Reconciler) ShouldReconcileCreate(_ *v1alpha1.LVMLogicalVolumeSnapshot) bool {
 	return true
 }
 
@@ -120,26 +114,12 @@ func (r *Reconciler) reconcileLVMLogicalVolumeSnapshot(
 	ctx context.Context,
 	llvs *v1alpha1.LVMLogicalVolumeSnapshot,
 ) (bool, error) {
-	llv := &v1alpha1.LVMLogicalVolume{}
-	msg, err := commonvalidating.ValidateLVMLogicalVolumeSnapshot(ctx, r.cl, llvs, llv)
-	if err != nil {
-		r.log.Error(err, fmt.Sprintf("error validating LVMLogicalVolumeSnapshot %s", llvs.Name))
-		upErr := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, "Error validating LVMLogicalVolumeSnapshot")
-		retErr := errors.Join(err, upErr)
-		return true, retErr
-	}
-	if msg != "" {
-		r.log.Error(nil, fmt.Sprintf("LVMLogicalVolumeSnapshot %s is invalid: %s", llvs.Name, msg))
-		err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhaseFailed, msg)
-		return false, err
-	}
-
 	switch {
 	case llvs.DeletionTimestamp != nil:
 		// delete
 		return r.reconcileLLVSDeleteFunc(ctx, llvs)
 	case llvs.Status == nil || llvs.Status.Phase == v1alpha1.PhasePending:
-		return r.reconcileLLVSCreateFunc(ctx, llvs, llv)
+		return r.reconcileLLVSCreateFunc(ctx, llvs)
 	case llvs.Status.Phase == v1alpha1.PhaseCreated:
 		r.log.Info(fmt.Sprintf("the LVMLogicalVolumeSnapshot %s is already Created and should not be reconciled", llvs.Name))
 	default:
@@ -152,21 +132,26 @@ func (r *Reconciler) reconcileLVMLogicalVolumeSnapshot(
 func (r *Reconciler) reconcileLLVSCreateFunc(
 	ctx context.Context,
 	llvs *v1alpha1.LVMLogicalVolumeSnapshot,
-	llv *v1alpha1.LVMLogicalVolume,
 ) (bool, error) {
 	// should precede setting finalizer to be able to determine the node when deleting
 	if llvs.Status == nil {
-		if llv.Status == nil {
-			reason := fmt.Sprintf("Source LLV %s does not have a status", llv.Name)
-			r.log.Error(nil, reason)
-			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
+		llv := &v1alpha1.LVMLogicalVolume{}
+		if err := r.getObjectOrSetPendingStatus(
+			ctx,
+			llvs,
+			types.NamespacedName{Name: llvs.Spec.LVMLogicalVolumeName},
+			llv,
+		); err != nil {
 			return true, err
 		}
-		if llv.Status.Phase != v1alpha1.PhaseCreated {
-			reason := fmt.Sprintf("Source LLV %s is not in the Created phase", llv.Name)
-			r.log.Error(nil, reason)
-			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
-			return true, err
+
+		if llv.Spec.Thin == nil {
+			r.log.Error(nil, fmt.Sprintf("Failed reconciling LLVS %s, LLV %s is not Thin", llvs.Name, llv.Name))
+			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
+				Phase:  v1alpha1.PhaseFailed,
+				Reason: fmt.Sprintf("Source LLV %s is not Thin", llv.Name),
+			}
+			return false, r.cl.Status().Update(ctx, llvs)
 		}
 
 		lvg := &v1alpha1.LVMVolumeGroup{}
@@ -188,29 +173,41 @@ func (r *Reconciler) reconcileLLVSCreateFunc(
 			return tps.Name == llv.Spec.Thin.PoolName
 		})
 		if thinPoolIndex < 0 {
-			reason := fmt.Sprintf("Thin pool %s for source LLV %s is not found in LVG %s", llv.Spec.Thin.PoolName, llv.Name, lvg.Name)
-			r.log.Error(nil, fmt.Sprintf("LLVS %s: %s", llvs.Name, reason))
-			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
-			return true, err
+			r.log.Error(nil, fmt.Sprintf("LLVS %s thin pool %s is not found in LVG %s", llvs.Name, llv.Spec.Thin.PoolName, lvg.Name))
+			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
+				Phase:  v1alpha1.PhasePending,
+				Reason: fmt.Sprintf("Thin pool %s is not found in LVG %s", llv.Spec.Thin.PoolName, lvg.Name),
+			}
+			return true, r.cl.Status().Update(ctx, llvs)
 		}
 
 		if llv.Status == nil || llv.Status.ActualSize.Value() == 0 {
-			reason := fmt.Sprintf("Source LLV %s ActualSize is not known", llv.Name)
-			r.log.Error(nil, fmt.Sprintf("LLVS %s: %s", llvs.Name, reason))
-			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
-			return true, err
+			r.log.Error(nil, fmt.Sprintf("Error reconciling LLVS %s, source LLV %s ActualSize is not known", llvs.Name, llv.Name))
+			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
+				Phase:  v1alpha1.PhasePending,
+				Reason: fmt.Sprintf("Source LLV %s ActualSize is not known", llv.Name),
+			}
+			return true, r.cl.Status().Update(ctx, llvs)
 		}
 
 		if lvg.Status.ThinPools[thinPoolIndex].AvailableSpace.Value() < llv.Status.ActualSize.Value() {
-			reason := fmt.Sprintf(
-				"Not enough space available in thin pool %s: need at least %s, got %s",
+			r.log.Error(nil, fmt.Sprintf(
+				"LLVS %s: not enough space available in thin pool %s: need at least %s, got %s",
+				llvs.Name,
 				llv.Spec.Thin.PoolName,
 				llv.Status.ActualSize.String(),
 				lvg.Status.ThinPools[thinPoolIndex].AvailableSpace.String(),
-			)
-			r.log.Error(nil, fmt.Sprintf("LLVS %s: %s", llvs.Name, reason))
-			err := r.setStatusIfNeeded(ctx, llvs, v1alpha1.PhasePending, reason)
-			return true, err
+			))
+			llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
+				Phase: v1alpha1.PhasePending,
+				Reason: fmt.Sprintf(
+					"Not enough space available in thin pool %s: need at least %s, got %s",
+					llv.Spec.Thin.PoolName,
+					llv.Status.ActualSize.String(),
+					lvg.Status.ThinPools[thinPoolIndex].AvailableSpace.String(),
+				),
+			}
+			return true, r.cl.Status().Update(ctx, llvs)
 		}
 
 		llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
@@ -384,31 +381,3 @@ func (r *Reconciler) getObjectOrSetPendingStatus(
 	}
 	return nil
 }
-
-func (r *Reconciler) setStatusIfNeeded(
-	ctx context.Context,
-	llvs *v1alpha1.LVMLogicalVolumeSnapshot,
-	phase, reason string,
-) error {
-	needUpdate := false
-
-	if llvs.Status == nil {
-		needUpdate = true
-		llvs.Status = &v1alpha1.LVMLogicalVolumeSnapshotStatus{
-			Phase:  phase,
-			Reason: reason,
-		}
-	}
-
-	if llvs.Status.Phase != phase || llvs.Status.Reason != reason {
-		needUpdate = true
-		llvs.Status.Phase = phase
-		llvs.Status.Reason = reason
-	}
-
-	if needUpdate {
-		return r.cl.Status().Update(ctx, llvs)
-	}
-
-	return nil
-}

From bfdc91a68703e13ef235b0cb18e71c12e62d50c6 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 21:08:41 +0600
Subject: [PATCH 084/115] remove featureLLVSEnabled

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 openapi/values_ee.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/openapi/values_ee.yaml b/openapi/values_ee.yaml
index a1fd6e0b..d1d8cb40 100644
--- a/openapi/values_ee.yaml
+++ b/openapi/values_ee.yaml
@@ -6,9 +6,6 @@ properties:
     type: object
     default: {}
     properties:
-      featureLLVSEnabled:
-        type: boolean
-        default: true
       pythonVersions:
         type: array
         default: []

From ac725e6fcff44ef80e128692e121b7ca8cda6b37 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Tue, 18 Feb 2025 21:10:45 +0600
Subject: [PATCH 085/115] rename openapi/values_ee.yaml back

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 openapi/{values_ee.yaml => values.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename openapi/{values_ee.yaml => values.yaml} (100%)

diff --git a/openapi/values_ee.yaml b/openapi/values.yaml
similarity index 100%
rename from openapi/values_ee.yaml
rename to openapi/values.yaml

From c2234d7bde80eb93bb216825098e9ebc93b7755b Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 10:06:11 +0600
Subject: [PATCH 086/115] thick can be removed

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index 9461a5d1..c2bc1a0f 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -35,9 +35,6 @@ spec:
                 - rule: |                  
                     (self.type == "Thin" && has(self.thin) && !has(self.thick)) || self.type != "Thin"
                   message: "Field 'thin' is required and field 'thick' is forbidden when 'type' is 'Thin'."
-                - rule: |
-                    (!has(oldSelf.thick) || has(self.thick))
-                  message: "Field 'thick' cannot be removed."
                 - rule: |
                     (!has(self.thick) || !has(self.thick.contiguous) || (has(self.thick.contiguous) && self.thick.contiguous == oldSelf.thick.contiguous))
                   message: "Field 'contiguous' is immutable and cannot be added if not specified at creation."

From f90ab13564d9527234999f44dc6158a8448e4f60 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 12:22:30 +0600
Subject: [PATCH 087/115] Fix contiguous validation in CRD

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index c2bc1a0f..b8fb753d 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -35,8 +35,13 @@ spec:
                 - rule: |                  
                     (self.type == "Thin" && has(self.thin) && !has(self.thick)) || self.type != "Thin"
                   message: "Field 'thin' is required and field 'thick' is forbidden when 'type' is 'Thin'."
-                - rule: |
-                    (!has(self.thick) || !has(self.thick.contiguous) || (has(self.thick.contiguous) && self.thick.contiguous == oldSelf.thick.contiguous))
+                - rule: >
+                    (!has(self.thick) && !has(oldSelf.thick) ||
+                    (!has(self.thick.contiguous) && !has(oldSelf.thick.contiguous)) ||
+                    (
+                      has(self.thick.contiguous) && has(oldSelf.thick.contiguous) &&
+                      self.thick.contiguous == oldSelf.thick.contiguous
+                    )
                   message: "Field 'contiguous' is immutable and cannot be added if not specified at creation."
               required:
                 - actualLVNameOnTheNode

From 7c3b650662d59f1f430c2bcd312f01688962495f Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 14:04:37 +0600
Subject: [PATCH 088/115] unify logging

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/utils/volume_cleanup_ee.go   | 77 ++++++++++---------
 1 file changed, 40 insertions(+), 37 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 380e8cb9..f67fa49d 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -9,6 +9,7 @@ package utils
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -17,13 +18,12 @@ import (
 	"unsafe"
 
 	"github.com/deckhouse/sds-node-configurator/lib/go/common/pkg/feature"
-	"github.com/go-logr/logr"
 
 	"agent/internal/logger"
 )
 
 func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volumeCleanup string) error {
-	myLog := log.GetLogger().WithValues("vgname", vgName, "lvname", lvName, "method", volumeCleanup)
+	log.Trace(fmt.Sprintf("[VolumeCleanup] cleaning up volume %s in volume group %s using %s", lvName, vgName, volumeCleanup))
 	if !feature.VolumeCleanupEnabled() {
 		return fmt.Errorf("volume cleanup is not supported in your edition")
 	}
@@ -36,46 +36,47 @@ func VolumeCleanup(ctx context.Context, log logger.Logger, vgName, lvName, volum
 
 	switch volumeCleanup {
 	case "RandomFillSinglePass":
-		err = volumeCleanupOverwrite(ctx, myLog, &closingErrors, devicePath, randomSource, 1)
+		err = volumeCleanupOverwrite(ctx, log, &closingErrors, devicePath, randomSource, 1)
 	case "RandomFillThreePass":
-		err = volumeCleanupOverwrite(ctx, myLog, &closingErrors, devicePath, randomSource, 3)
+		err = volumeCleanupOverwrite(ctx, log, &closingErrors, devicePath, randomSource, 3)
 	case "Discard":
-		err = volumeCleanupDiscard(ctx, myLog, &closingErrors, devicePath)
+		err = volumeCleanupDiscard(ctx, log, &closingErrors, devicePath)
 	default:
 		return fmt.Errorf("unknown cleanup method %s", volumeCleanup)
 	}
 
-	if err == nil && len(closingErrors) > 0 {
-		err = closingErrors[0]
-		closingErrors = closingErrors[1:]
+	if err != nil && len(closingErrors) > 0 {
+		closingErrors = append([]error{err}, closingErrors...)
+	}
+
+	if len(closingErrors) > 0 {
+		err = errors.Join(closingErrors...)
 	}
 
 	if err == nil {
 		return nil
 	}
 
-	if len(closingErrors) == 0 {
-		return fmt.Errorf("cleaning volume %s: %w", devicePath, err)
-	}
-	return fmt.Errorf("cleaning volume %s: %w, errors while closing files %v", devicePath, err, closingErrors)
+	log.Error(err, fmt.Sprintf("[VolumeCleanup] fail to cleanup volume %s", devicePath))
+	return fmt.Errorf("cleaning volume %s: %w", devicePath, err)
 }
 
-func volumeSize(log logr.Logger, device *os.File) (int64, error) {
-	log = log.WithValues("device", device.Name())
+func volumeSize(log logger.Logger, device *os.File) (int64, error) {
+	log.Trace(fmt.Sprintf("[volumeSize] finding size of device %v", device))
 	var stat syscall.Stat_t
-	log.Info("Calling fstat")
+	log.Debug("[volumeSize] Calling fstat")
 	if err := syscall.Fstat(int(device.Fd()), &stat); err != nil {
 		log.Error(err, "[volumeSize] Calling fstat")
 		return 0, fmt.Errorf("fstat call failed: %w", err)
 	}
 
 	if stat.Size > 0 {
-		log.Info("[volumeSize] Size is valid.", "size", stat.Size)
+		log.Debug(fmt.Sprintf("[volumeSize] Size %d is valid.", stat.Size))
 		return stat.Size, nil
 	}
 
 	if stat.Mode&S_IFMT != S_IFBLK {
-		log.Info("[volumeSize] Device mode", "mode", stat.Mode)
+		log.Debug(fmt.Sprintf("[volumeSize] Device mode %x", stat.Mode))
 		return 0, fmt.Errorf("not a block device, mode: %x", stat.Mode)
 	}
 
@@ -86,9 +87,11 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 		uintptr(BLKGETSIZE64),
 		uintptr(unsafe.Pointer(&blockDeviceSize)))
 	if errno != 0 {
-		return 0, fmt.Errorf("error calling ioctl BLKGETSIZE64: %s", errno.Error())
+		err := errors.New(errno.Error())
+		log.Error(err, "[volumeSize] calling ioctl BLKGETSIZE64")
+		return 0, fmt.Errorf("error calling ioctl BLKGETSIZE64: %w", err)
 	}
-	log.Info("Block device size", "size", blockDeviceSize)
+	log.Debug(fmt.Sprintf("Block device size is %d", blockDeviceSize))
 	if blockDeviceSize <= 0 {
 		return 0, fmt.Errorf("block size is invalid")
 	}
@@ -96,28 +99,27 @@ func volumeSize(log logr.Logger, device *os.File) (int64, error) {
 	return int64(blockDeviceSize), nil
 }
 
-func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
-	log = log.WithValues("device", devicePath, "input", inputPath, "passes", passes)
+func volumeCleanupOverwrite(_ context.Context, log logger.Logger, closingErrors *[]error, devicePath, inputPath string, passes int) error {
+	log.Trace(fmt.Sprintf("[volumeCleanupOverwrite] overwriting %s by %s in %d passes", devicePath, inputPath, passes))
 	closeFile := func(file *os.File) {
-		log := log.WithValues("name", file.Name())
-		log.Info("[volumeCleanupOverwrite] Closing")
+		log.Trace(fmt.Sprintf("[volumeCleanupOverwrite] closing %s", file.Name()))
 		err := file.Close()
 		if err != nil {
-			log.Error(err, "[volumeCleanupOverwrite] While closing")
+			log.Error(err, fmt.Sprintf("[volumeCleanupOverwrite] While closing file %s", file.Name()))
 			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", file.Name(), err))
 		}
 	}
 
 	input, err := os.OpenFile(inputPath, syscall.O_RDONLY, os.ModeDevice)
 	if err != nil {
-		log.Error(err, "[volumeCleanupOverwrite] Opening file", "file", inputPath)
+		log.Error(err, fmt.Sprintf("[volumeCleanupOverwrite] Opening file %s", inputPath))
 		return fmt.Errorf("opening source device %s to wipe: %w", inputPath, err)
 	}
 	defer closeFile(input)
 
 	output, err := os.OpenFile(devicePath, syscall.O_DIRECT|syscall.O_RDWR, os.ModeDevice)
 	if err != nil {
-		log.Error(err, "[volumeCleanupOverwrite] Opening file", "file", devicePath)
+		log.Error(err, fmt.Sprintf("[volumeCleanupOverwrite] Opening file %s", devicePath))
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 	defer closeFile(output)
@@ -129,19 +131,20 @@ func volumeCleanupOverwrite(_ context.Context, log logr.Logger, closingErrors *[
 	}
 
 	for pass := 0; pass < passes; pass++ {
-		log.Info("[volumeCleanupOverwrite] Overwriting", "bytes", bytesToWrite, "pass", pass)
+		log.Debug(fmt.Sprintf("[volumeCleanupOverwrite] Overwriting %d  bytes. Pass %d", bytesToWrite, pass))
 		start := time.Now()
 		written, err := io.CopyN(
 			io.NewOffsetWriter(output, 0),
 			input,
 			bytesToWrite)
-		log.Info("[volumeCleanupOverwrite] Overwriting is done", "duration", time.Since(start).String())
+		log.Info(fmt.Sprintf("[volumeCleanupOverwrite] Overwriting is done in %s", time.Since(start).String()))
 		if err != nil {
-			log.Error(err, "While overwriting")
+			log.Error(err, fmt.Sprintf("[volumeCleanupOverwrite] copying from %s to %s", inputPath, devicePath))
 			return fmt.Errorf("copying from %s to %s: %w", inputPath, devicePath, err)
 		}
 
 		if written != bytesToWrite {
+			log.Error(err, fmt.Sprintf("[volumeCleanupOverwrite] only %d bytes written, expected %d", written, bytesToWrite))
 			return fmt.Errorf("only %d bytes written, expected %d", written, bytesToWrite)
 		}
 	}
@@ -188,25 +191,25 @@ type Range struct {
 	start, count uint64
 }
 
-func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]error, devicePath string) error {
-	log = log.WithValues("device", devicePath, "device", devicePath)
+func volumeCleanupDiscard(_ context.Context, log logger.Logger, closingErrors *[]error, devicePath string) error {
+	log.Trace(fmt.Sprintf("[volumeCleanupDiscard] discarding %s", devicePath))
 	device, err := os.OpenFile(devicePath, syscall.O_RDWR, os.ModeDevice)
 	if err != nil {
-		log.Error(err, "[volumeCleanupDiscard] Opening device")
+		log.Error(err, fmt.Sprintf("[volumeCleanupDiscard] Opening device %s", devicePath))
 		return fmt.Errorf("opening device %s to wipe: %w", devicePath, err)
 	}
 	defer func() {
-		log.Info("Closing file")
+		log.Trace(fmt.Sprintf("Closing file %s", devicePath))
 		err := device.Close()
 		if err != nil {
-			log.Error(err, "[volumeCleanupDiscard] While closing deice")
+			log.Error(err, fmt.Sprintf("[volumeCleanupDiscard] While closing deice %s", devicePath))
 			*closingErrors = append(*closingErrors, fmt.Errorf("closing file %s: %w", device.Name(), err))
 		}
 	}()
 
 	deviceSize, err := volumeSize(log, device)
 	if err != nil {
-		log.Error(err, "[volumeCleanupDiscard] finding device size")
+		log.Error(err, fmt.Sprintf("[volumeCleanupDiscard] can't find the size of device %s", devicePath))
 		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 
@@ -215,7 +218,7 @@ func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]e
 		count: uint64(deviceSize),
 	}
 
-	log.Info("[volumeCleanupDiscard] calling BLKDISCARD", "fd", device.Fd(), "range", rng)
+	log.Debug(fmt.Sprintf("[volumeCleanupDiscard] calling BLKDISCARD fd: %d, range %v", device.Fd(), rng))
 	start := time.Now()
 
 	_, _, errno := syscall.Syscall(
@@ -224,7 +227,7 @@ func volumeCleanupDiscard(_ context.Context, log logr.Logger, closingErrors *[]e
 		uintptr(BLKDISCARD),
 		uintptr(unsafe.Pointer(&rng)))
 
-	log.Info("[volumeCleanupDiscard] BLKDISCARD is done", "duration", time.Since(start).String(), "errno", errno)
+	log.Info(fmt.Sprintf("[volumeCleanupDiscard] BLKDISCARD is done in %s", time.Since(start).String()))
 
 	if errno != 0 {
 		err := fmt.Errorf("%s", errno.Error())

From d2276c32c9e104145345e46d85b6c25611a18188 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 15:49:51 +0600
Subject: [PATCH 089/115] Fix crash

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/controller/llv/reconciler.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 09ed9b71..f27c9c2b 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -545,11 +545,11 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 
 	// this case prevents unexpected same-name LV deletions which does not actually belong to our LLV
 	if !checkIfLVBelongsToLLV(llv, &lv.Data) {
-		r.log.Warning(fmt.Sprintf("[deleteLVIfNeeded] no need to delete LV %s as it doesnt belong to LVMLogicalVolume %s", lv.Data.LVName, llv.Name))
+		r.log.Warning(fmt.Sprintf("[deleteLVIfNeeded] no need to delete LV %s as it doesn't belong to LVMLogicalVolume %s", lv.Data.LVName, llv.Name))
 		return nil
 	}
 
-	if llv.Spec.Type == internal.Thick && llv.Spec.Thick.VolumeCleanup != "" {
+	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != "" {
 		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanup))
 		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, llv.Spec.Thick.VolumeCleanup)
 		if err != nil {

From 92c4bf529db2edc28e8f677e0fcec81817e907f1 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 16:05:28 +0600
Subject: [PATCH 090/115] back to one line

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index b8fb753d..7ddae86a 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -35,13 +35,8 @@ spec:
                 - rule: |                  
                     (self.type == "Thin" && has(self.thin) && !has(self.thick)) || self.type != "Thin"
                   message: "Field 'thin' is required and field 'thick' is forbidden when 'type' is 'Thin'."
-                - rule: >
-                    (!has(self.thick) && !has(oldSelf.thick) ||
-                    (!has(self.thick.contiguous) && !has(oldSelf.thick.contiguous)) ||
-                    (
-                      has(self.thick.contiguous) && has(oldSelf.thick.contiguous) &&
-                      self.thick.contiguous == oldSelf.thick.contiguous
-                    )
+                - rule: |
+                    (!has(self.thick) && !has(oldSelf.thick) || (!has(self.thick.contiguous) && !has(oldSelf.thick.contiguous)) || (has(self.thick.contiguous) && has(oldSelf.thick.contiguous) && self.thick.contiguous == oldSelf.thick.contiguous)
                   message: "Field 'contiguous' is immutable and cannot be added if not specified at creation."
               required:
                 - actualLVNameOnTheNode

From e7c517393b02186f5afc68cb91bdbbab9a415955 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 16:07:07 +0600
Subject: [PATCH 091/115] Add missing `(

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index 7ddae86a..d79942db 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -35,8 +35,13 @@ spec:
                 - rule: |                  
                     (self.type == "Thin" && has(self.thin) && !has(self.thick)) || self.type != "Thin"
                   message: "Field 'thin' is required and field 'thick' is forbidden when 'type' is 'Thin'."
-                - rule: |
-                    (!has(self.thick) && !has(oldSelf.thick) || (!has(self.thick.contiguous) && !has(oldSelf.thick.contiguous)) || (has(self.thick.contiguous) && has(oldSelf.thick.contiguous) && self.thick.contiguous == oldSelf.thick.contiguous)
+                - rule: >
+                    (!has(self.thick) && !has(oldSelf.thick)) ||
+                    (!has(self.thick.contiguous) && !has(oldSelf.thick.contiguous)) ||
+                    (
+                      has(self.thick.contiguous) && has(oldSelf.thick.contiguous) &&
+                      self.thick.contiguous == oldSelf.thick.contiguous
+                    )
                   message: "Field 'contiguous' is immutable and cannot be added if not specified at creation."
               required:
                 - actualLVNameOnTheNode

From 5624447b1e6c229d6c27d6e137e851dceb499af5 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 16:25:52 +0600
Subject: [PATCH 092/115] Fix CRD

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index d79942db..fb09d259 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -36,10 +36,12 @@ spec:
                     (self.type == "Thin" && has(self.thin) && !has(self.thick)) || self.type != "Thin"
                   message: "Field 'thin' is required and field 'thick' is forbidden when 'type' is 'Thin'."
                 - rule: >
-                    (!has(self.thick) && !has(oldSelf.thick)) ||
-                    (!has(self.thick.contiguous) && !has(oldSelf.thick.contiguous)) ||
                     (
-                      has(self.thick.contiguous) && has(oldSelf.thick.contiguous) &&
+                      (!has(self.thick) || !has(self.thick.contiguous)) && 
+                      (!has(oldSelf.thick) || !has(oldSelf.thick.contiguous))
+                    ) || (
+                      has(self.thick) && has(self.thick.contiguous) &&
+                      has(oldSelf.thick) && has(oldSelf.thick.contiguous) &&
                       self.thick.contiguous == oldSelf.thick.contiguous
                     )
                   message: "Field 'contiguous' is immutable and cannot be added if not specified at creation."

From a68229441d493a4890e75f3d1d3602dde83c43f1 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Wed, 19 Feb 2025 16:57:34 +0600
Subject: [PATCH 093/115] make volumeCleanup optional

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 api/v1alpha1/lvm_logical_volume.go                     | 4 ++--
 images/agent/src/internal/controller/llv/reconciler.go | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/v1alpha1/lvm_logical_volume.go b/api/v1alpha1/lvm_logical_volume.go
index fc3a0bc1..ba9f48a6 100644
--- a/api/v1alpha1/lvm_logical_volume.go
+++ b/api/v1alpha1/lvm_logical_volume.go
@@ -51,8 +51,8 @@ type LVMLogicalVolumeThinSpec struct {
 }
 
 type LVMLogicalVolumeThickSpec struct {
-	Contiguous    *bool  `json:"contiguous"`
-	VolumeCleanup string `json:"volumeCleanup"`
+	Contiguous    *bool   `json:"contiguous"`
+	VolumeCleanup *string `json:"volumeCleanup"`
 }
 type LVMLogicalVolumeStatus struct {
 	Phase      string            `json:"phase"`
diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index f27c9c2b..6704e0ef 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -549,11 +549,11 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 		return nil
 	}
 
-	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != "" {
-		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanup))
-		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, llv.Spec.Thick.VolumeCleanup)
+	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != nil {
+		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, *llv.Spec.Thick.VolumeCleanup))
+		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, *llv.Spec.Thick.VolumeCleanup)
 		if err != nil {
-			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, llv.Spec.Thick.VolumeCleanup))
+			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, *llv.Spec.Thick.VolumeCleanup))
 			return err
 		}
 	}

From 3503908b1d704f31c89545124277732841e76c8d Mon Sep 17 00:00:00 2001
From: Anton Sergunov <setosha@gmail.com>
Date: Wed, 19 Feb 2025 18:33:03 +0600
Subject: [PATCH 094/115] Apply suggestions from code review

Signed-off-by: Anton Sergunov <setosha@gmail.com>
Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index f67fa49d..7d2da3c8 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -230,7 +230,7 @@ func volumeCleanupDiscard(_ context.Context, log logger.Logger, closingErrors *[
 	log.Info(fmt.Sprintf("[volumeCleanupDiscard] BLKDISCARD is done in %s", time.Since(start).String()))
 
 	if errno != 0 {
-		err := fmt.Errorf("%s", errno.Error())
+		err := errors.New(errno.Error())
 		log.Error(err, "[volumeCleanupDiscard] error calling BLKDISCARD")
 		return fmt.Errorf("calling ioctl BLKDISCARD: %s", err)
 	}

From f6aebf2f40290f74d867d51da59663c07867deee Mon Sep 17 00:00:00 2001
From: "v.oleynikov" <vasily.oleynikov@flant.com>
Date: Wed, 19 Feb 2025 19:30:20 +0300
Subject: [PATCH 095/115] Changed llv model

Signed-off-by: v.oleynikov <vasily.oleynikov@flant.com>
---
 api/v1alpha1/lvm_logical_volume.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/v1alpha1/lvm_logical_volume.go b/api/v1alpha1/lvm_logical_volume.go
index ba9f48a6..37696505 100644
--- a/api/v1alpha1/lvm_logical_volume.go
+++ b/api/v1alpha1/lvm_logical_volume.go
@@ -51,8 +51,8 @@ type LVMLogicalVolumeThinSpec struct {
 }
 
 type LVMLogicalVolumeThickSpec struct {
-	Contiguous    *bool   `json:"contiguous"`
-	VolumeCleanup *string `json:"volumeCleanup"`
+	Contiguous    *bool   `json:"contiguous,omitempty"`
+	VolumeCleanup *string `json:"volumeCleanup,omitempty"`
 }
 type LVMLogicalVolumeStatus struct {
 	Phase      string            `json:"phase"`

From 5934b49a693634c23db16b01eeacd9e6230fd313 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 11:21:09 +0600
Subject: [PATCH 096/115] Change phase before cleaning

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 api/v1alpha1/const.go                                |  1 +
 crds/lvmlogicalvolume.yaml                           |  2 +-
 .../agent/src/internal/controller/llv/reconciler.go  | 12 +++++++++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/api/v1alpha1/const.go b/api/v1alpha1/const.go
index 5b302610..7f6e6e03 100644
--- a/api/v1alpha1/const.go
+++ b/api/v1alpha1/const.go
@@ -19,6 +19,7 @@ package v1alpha1
 const (
 	PhaseCreated     = "Created"
 	PhasePending     = "Pending"
+	PhaseCleaning    = "Cleaning"
 	PhaseResizing    = "Resizing"
 	PhaseFailed      = "Failed"
 	PhaseNotReady    = "NotReady"
diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index fb09d259..e51574ee 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -157,7 +157,7 @@ spec:
               properties:
                 phase:
                   type: string
-                  enum: [Created, Pending, Resizing, Failed]
+                  enum: [Created, Pending, Cleaning, Resizing, Failed]
                   description: |
                     The current resource's phase.
                 reason:
diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 6704e0ef..9805991b 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -551,7 +551,17 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 
 	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != nil {
 		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, *llv.Spec.Thick.VolumeCleanup))
-		err := utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, *llv.Spec.Thick.VolumeCleanup)
+		err := r.llvCl.UpdatePhaseIfNeeded(
+			ctx,
+			llv,
+			v1alpha1.PhaseCleaning,
+			fmt.Sprintf("Cleaning up volume %s using %s", llv.Spec.LVMVolumeGroupName, *llv.Spec.Thick.VolumeCleanup),
+		)
+		if err != nil {
+			r.log.Error(err, "[deleteLVIfNeeded] change phase to Cleaning")
+			return err
+		}
+		err = utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, *llv.Spec.Thick.VolumeCleanup)
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, *llv.Spec.Thick.VolumeCleanup))
 			return err

From 09866b77f3881a7792ba19088c20bc795c37266e Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 12:01:35 +0600
Subject: [PATCH 097/115] prevent simultaneous cleanups of the same volume

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/controller/llv/reconciler.go | 92 ++++++++++++++-----
 1 file changed, 70 insertions(+), 22 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 9805991b..43ad867d 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"reflect"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/deckhouse/sds-node-configurator/api/v1alpha1"
@@ -42,14 +43,23 @@ import (
 
 const ReconcilerName = "lvm-logical-volume-watcher-controller"
 
+type runningCleanupsKey struct {
+	vgName, lvName string
+}
+
+type runningCleanups struct {
+	m       sync.RWMutex
+	volumes map[runningCleanupsKey]bool
+}
 type Reconciler struct {
-	cl       client.Client
-	log      logger.Logger
-	lvgCl    *utils.LVGClient
-	llvCl    *utils.LLVClient
-	metrics  monitoring.Metrics
-	sdsCache *cache.Cache
-	cfg      ReconcilerConfig
+	cl              client.Client
+	log             logger.Logger
+	lvgCl           *utils.LVGClient
+	llvCl           *utils.LLVClient
+	metrics         monitoring.Metrics
+	sdsCache        *cache.Cache
+	cfg             ReconcilerConfig
+	runningCleanups runningCleanups
 }
 
 type ReconcilerConfig struct {
@@ -82,7 +92,34 @@ func NewReconciler(
 		metrics:  metrics,
 		sdsCache: sdsCache,
 		cfg:      cfg,
+		runningCleanups: runningCleanups{
+			volumes: make(map[runningCleanupsKey]bool, 50),
+		},
+	}
+}
+
+func (r *Reconciler) insertCleanupRunning(vgName, lvName string) (inserted bool) {
+	r.runningCleanups.m.Lock()
+	defer r.runningCleanups.m.Unlock()
+	key := runningCleanupsKey{vgName: vgName, lvName: lvName}
+	value, exists := r.runningCleanups.volumes[key]
+	if exists && value {
+		return false
 	}
+	r.runningCleanups.volumes[key] = true
+	return true
+}
+
+func (r *Reconciler) removeCleanupRunning(vgName, lvName string) error {
+	r.runningCleanups.m.Lock()
+	defer r.runningCleanups.m.Unlock()
+	key := runningCleanupsKey{vgName: vgName, lvName: lvName}
+	value, exists := r.runningCleanups.volumes[key]
+	if !exists || !value {
+		return errors.New("cleanup is not running")
+	}
+	delete(r.runningCleanups.volumes, key)
+	return nil
 }
 
 // Name implements controller.Reconciler.
@@ -550,21 +587,32 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 	}
 
 	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != nil {
-		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, *llv.Spec.Thick.VolumeCleanup))
-		err := r.llvCl.UpdatePhaseIfNeeded(
-			ctx,
-			llv,
-			v1alpha1.PhaseCleaning,
-			fmt.Sprintf("Cleaning up volume %s using %s", llv.Spec.LVMVolumeGroupName, *llv.Spec.Thick.VolumeCleanup),
-		)
-		if err != nil {
-			r.log.Error(err, "[deleteLVIfNeeded] change phase to Cleaning")
-			return err
-		}
-		err = utils.VolumeCleanup(ctx, r.log, vgName, llv.Spec.ActualLVNameOnTheNode, *llv.Spec.Thick.VolumeCleanup)
-		if err != nil {
-			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", llv.Spec.ActualLVNameOnTheNode, vgName, *llv.Spec.Thick.VolumeCleanup))
-			return err
+		lvName := llv.Spec.ActualLVNameOnTheNode
+		if r.insertCleanupRunning(vgName, lvName) {
+			defer func() {
+				err := r.removeCleanupRunning(vgName, lvName)
+				if err != nil {
+					r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] can't unregister running cleanup for LV %s in VG %s", lvName, vgName))
+				}
+			}()
+			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", lvName, vgName, *llv.Spec.Thick.VolumeCleanup))
+			err := r.llvCl.UpdatePhaseIfNeeded(
+				ctx,
+				llv,
+				v1alpha1.PhaseCleaning,
+				fmt.Sprintf("Cleaning up volume %s in %s group using %s", lvName, vgName, *llv.Spec.Thick.VolumeCleanup),
+			)
+			if err != nil {
+				r.log.Error(err, "[deleteLVIfNeeded] changing phase to Cleaning")
+				return fmt.Errorf("changing phase to Cleaning :%w", err)
+			}
+			err = utils.VolumeCleanup(ctx, r.log, vgName, lvName, *llv.Spec.Thick.VolumeCleanup)
+			if err != nil {
+				r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, *llv.Spec.Thick.VolumeCleanup))
+				return err
+			}
+		} else {
+			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] cleanup already running for LV %s in VG %s", lvName, vgName))
 		}
 	}
 

From e4a16cd73cc0fecb97b2616b42c947de00819221 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 12:13:42 +0600
Subject: [PATCH 098/115] preallocate 4Mib buffer for overwrite cleanup

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 7d2da3c8..b948def2 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -130,13 +130,15 @@ func volumeCleanupOverwrite(_ context.Context, log logger.Logger, closingErrors
 		return fmt.Errorf("can't find the size of device %s: %w", devicePath, err)
 	}
 
+	bufferSize := 1024 * 1024 * 4
+	buffer := make([]byte, bufferSize)
 	for pass := 0; pass < passes; pass++ {
 		log.Debug(fmt.Sprintf("[volumeCleanupOverwrite] Overwriting %d  bytes. Pass %d", bytesToWrite, pass))
 		start := time.Now()
-		written, err := io.CopyN(
+		written, err := io.CopyBuffer(
 			io.NewOffsetWriter(output, 0),
-			input,
-			bytesToWrite)
+			io.LimitReader(input, bytesToWrite),
+			buffer)
 		log.Info(fmt.Sprintf("[volumeCleanupOverwrite] Overwriting is done in %s", time.Since(start).String()))
 		if err != nil {
 			log.Error(err, fmt.Sprintf("[volumeCleanupOverwrite] copying from %s to %s", inputPath, devicePath))

From ebbc6532e341c0bcb18213c482942119171cd061 Mon Sep 17 00:00:00 2001
From: "v.oleynikov" <vasily.oleynikov@flant.com>
Date: Thu, 20 Feb 2025 10:56:39 +0300
Subject: [PATCH 099/115] Signed-off-by: v.oleynikov
 <vasily.oleynikov@flant.com>

---
 crds/doc-ru-lvmlogicalvolume.yaml | 1 +
 crds/lvmlogicalvolume.yaml        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/crds/doc-ru-lvmlogicalvolume.yaml b/crds/doc-ru-lvmlogicalvolume.yaml
index 45470307..10154e71 100644
--- a/crds/doc-ru-lvmlogicalvolume.yaml
+++ b/crds/doc-ru-lvmlogicalvolume.yaml
@@ -41,6 +41,7 @@ spec:
                     volumeCleanup:
                       description: |
                         Метод очистки тома после удаления PV.
+                        Параметр не задан - том не будет очищен после удаления PV.
                         `RandomFillSinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
                         `RandomFillThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
                         `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index e51574ee..f5d589d1 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -120,6 +120,7 @@ spec:
                       enum: [RandomFillThreePass, RandomFillSinglePass, Discard]
                       description: |
                         The method of the volume cleanup before deletion.
+                        - Empty parameter: No cleanup is performed.
                         - `RandomFillSinglePass`: The volume will be overwritten with random data once before deletion. This option is not recommended for solid-state drives, as it reduces the lifespan of the drive.
                         - `RandomFillThreePass`: The volume will be overwritten with random data three times before deletion. This option is also not recommended for solid-state drives, as it reduces the lifespan of the drive.
                         - `Discard`: All blocks of the volume will be marked as free using the `discard`` system call before deletion. This option is only applicable to solid-state drives.

From 4c2c8b9f1b797b60a5a6bd2c4592d1c3d3fd5564 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 16:20:15 +0600
Subject: [PATCH 100/115] saving last failed method so we don't retry cleaning
 up if it's not changed

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/controller/llv/reconciler.go | 93 ++++++++++++-------
 1 file changed, 57 insertions(+), 36 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 43ad867d..3227adf3 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -43,13 +43,17 @@ import (
 
 const ReconcilerName = "lvm-logical-volume-watcher-controller"
 
-type runningCleanupsKey struct {
+type cleanupsKey struct {
 	vgName, lvName string
 }
 
-type runningCleanups struct {
-	m       sync.RWMutex
-	volumes map[runningCleanupsKey]bool
+type cleanupStatus struct {
+	cleanupRunning bool
+	failedMethod   *string
+}
+type cleanups struct {
+	m      sync.RWMutex
+	status map[cleanupsKey]cleanupStatus
 }
 type Reconciler struct {
 	cl              client.Client
@@ -59,7 +63,7 @@ type Reconciler struct {
 	metrics         monitoring.Metrics
 	sdsCache        *cache.Cache
 	cfg             ReconcilerConfig
-	runningCleanups runningCleanups
+	runningCleanups cleanups
 }
 
 type ReconcilerConfig struct {
@@ -92,33 +96,40 @@ func NewReconciler(
 		metrics:  metrics,
 		sdsCache: sdsCache,
 		cfg:      cfg,
-		runningCleanups: runningCleanups{
-			volumes: make(map[runningCleanupsKey]bool, 50),
+		runningCleanups: cleanups{
+			status: make(map[cleanupsKey]cleanupStatus, 50),
 		},
 	}
 }
 
-func (r *Reconciler) insertCleanupRunning(vgName, lvName string) (inserted bool) {
+func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool, failedMethod *string) {
 	r.runningCleanups.m.Lock()
 	defer r.runningCleanups.m.Unlock()
-	key := runningCleanupsKey{vgName: vgName, lvName: lvName}
-	value, exists := r.runningCleanups.volumes[key]
-	if exists && value {
-		return false
+	key := cleanupsKey{vgName: vgName, lvName: lvName}
+	value, exists := r.runningCleanups.status[key]
+	if exists && value.cleanupRunning {
+		return false, nil
 	}
-	r.runningCleanups.volumes[key] = true
-	return true
+	value.cleanupRunning = true
+	r.runningCleanups.status[key] = value
+	return true, value.failedMethod
 }
 
-func (r *Reconciler) removeCleanupRunning(vgName, lvName string) error {
+func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *string) error {
 	r.runningCleanups.m.Lock()
 	defer r.runningCleanups.m.Unlock()
-	key := runningCleanupsKey{vgName: vgName, lvName: lvName}
-	value, exists := r.runningCleanups.volumes[key]
-	if !exists || !value {
+	key := cleanupsKey{vgName: vgName, lvName: lvName}
+	value, exists := r.runningCleanups.status[key]
+	if !exists || !value.cleanupRunning {
 		return errors.New("cleanup is not running")
 	}
-	delete(r.runningCleanups.volumes, key)
+	if failedMethod == nil {
+		delete(r.runningCleanups.status, key)
+	} else {
+		value.failedMethod = failedMethod
+		value.cleanupRunning = false
+		r.runningCleanups.status[key] = value
+	}
 	return nil
 }
 
@@ -587,29 +598,39 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 	}
 
 	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != nil {
+		method := *llv.Spec.Thick.VolumeCleanup
 		lvName := llv.Spec.ActualLVNameOnTheNode
-		if r.insertCleanupRunning(vgName, lvName) {
+		started, failedMethod := r.startCleanupRunning(vgName, lvName)
+		if started {
+			r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] starting cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
 			defer func() {
-				err := r.removeCleanupRunning(vgName, lvName)
+				r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] stopping cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
+				err := r.stopCleanupRunning(vgName, lvName, failedMethod)
 				if err != nil {
 					r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] can't unregister running cleanup for LV %s in VG %s", lvName, vgName))
 				}
 			}()
-			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cleanup for LV %s in VG %s with method %s", lvName, vgName, *llv.Spec.Thick.VolumeCleanup))
-			err := r.llvCl.UpdatePhaseIfNeeded(
-				ctx,
-				llv,
-				v1alpha1.PhaseCleaning,
-				fmt.Sprintf("Cleaning up volume %s in %s group using %s", lvName, vgName, *llv.Spec.Thick.VolumeCleanup),
-			)
-			if err != nil {
-				r.log.Error(err, "[deleteLVIfNeeded] changing phase to Cleaning")
-				return fmt.Errorf("changing phase to Cleaning :%w", err)
-			}
-			err = utils.VolumeCleanup(ctx, r.log, vgName, lvName, *llv.Spec.Thick.VolumeCleanup)
-			if err != nil {
-				r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, *llv.Spec.Thick.VolumeCleanup))
-				return err
+			if failedMethod != nil && *failedMethod == method {
+				r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] was already failed with method %s for LV %s in VG %s", *failedMethod, lvName, vgName))
+			} else {
+				err := r.llvCl.UpdatePhaseIfNeeded(
+					ctx,
+					llv,
+					v1alpha1.PhaseCleaning,
+					fmt.Sprintf("Cleaning up volume %s in %s group using %s", lvName, vgName, method),
+				)
+				if err != nil {
+					r.log.Error(err, "[deleteLVIfNeeded] changing phase to Cleaning")
+					return fmt.Errorf("changing phase to Cleaning :%w", err)
+				}
+				failedMethod = &method
+				r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] running cleanup for LV %s in VG %s with method %s", lvName, vgName, method))
+				err = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
+				if err != nil {
+					r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
+					return err
+				}
+				failedMethod = nil
 			}
 		} else {
 			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] cleanup already running for LV %s in VG %s", lvName, vgName))

From ed5673f5c36cf239f92f8b11a00d734fd638fc57 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 16:54:21 +0600
Subject: [PATCH 101/115] don't delete failed or cleaning devices

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/controller/llv/reconciler.go | 42 +++++++++++--------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 3227adf3..3ca17ec5 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -48,8 +48,9 @@ type cleanupsKey struct {
 }
 
 type cleanupStatus struct {
-	cleanupRunning bool
-	failedMethod   *string
+	cleanupRunning    bool
+	failedMethod      *string
+	failedMethodError error
 }
 type cleanups struct {
 	m      sync.RWMutex
@@ -66,6 +67,8 @@ type Reconciler struct {
 	runningCleanups cleanups
 }
 
+var errAlreadyRunning = errors.New("reconcile in progress")
+
 type ReconcilerConfig struct {
 	NodeName                string
 	Loglevel                logger.Verbosity
@@ -102,20 +105,20 @@ func NewReconciler(
 	}
 }
 
-func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool, failedMethod *string) {
+func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool, failedMethod *string, failedMethodError error) {
 	r.runningCleanups.m.Lock()
 	defer r.runningCleanups.m.Unlock()
 	key := cleanupsKey{vgName: vgName, lvName: lvName}
 	value, exists := r.runningCleanups.status[key]
 	if exists && value.cleanupRunning {
-		return false, nil
+		return false, nil, nil
 	}
 	value.cleanupRunning = true
 	r.runningCleanups.status[key] = value
-	return true, value.failedMethod
+	return true, value.failedMethod, value.failedMethodError
 }
 
-func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *string) error {
+func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *string, failedMethodError error) error {
 	r.runningCleanups.m.Lock()
 	defer r.runningCleanups.m.Unlock()
 	key := cleanupsKey{vgName: vgName, lvName: lvName}
@@ -127,6 +130,7 @@ func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *str
 		delete(r.runningCleanups.status, key)
 	} else {
 		value.failedMethod = failedMethod
+		value.failedMethodError = failedMethodError
 		value.cleanupRunning = false
 		r.runningCleanups.status[key] = value
 	}
@@ -247,10 +251,12 @@ func (r *Reconciler) Reconcile(
 	shouldRequeue, err := r.ReconcileLVMLogicalVolume(ctx, llv, lvg)
 	if err != nil {
 		r.log.Error(err, fmt.Sprintf("[Reconcile] an error occurred while reconciling the LVMLogicalVolume: %s", llv.Name))
-		updErr := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, err.Error())
-		if updErr != nil {
-			r.log.Error(updErr, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
-			return controller.Result{}, updErr
+		if !errors.Is(err, errAlreadyRunning) {
+			updErr := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, err.Error())
+			if updErr != nil {
+				r.log.Error(updErr, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
+				return controller.Result{}, updErr
+			}
 		}
 	}
 	if shouldRequeue {
@@ -600,18 +606,19 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != nil {
 		method := *llv.Spec.Thick.VolumeCleanup
 		lvName := llv.Spec.ActualLVNameOnTheNode
-		started, failedMethod := r.startCleanupRunning(vgName, lvName)
+		started, failedMethod, failedMethodError := r.startCleanupRunning(vgName, lvName)
 		if started {
 			r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] starting cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
 			defer func() {
 				r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] stopping cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
-				err := r.stopCleanupRunning(vgName, lvName, failedMethod)
+				err := r.stopCleanupRunning(vgName, lvName, failedMethod, failedMethodError)
 				if err != nil {
 					r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] can't unregister running cleanup for LV %s in VG %s", lvName, vgName))
 				}
 			}()
-			if failedMethod != nil && *failedMethod == method {
+			if failedMethod != nil && *failedMethod == method && failedMethodError != nil {
 				r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] was already failed with method %s for LV %s in VG %s", *failedMethod, lvName, vgName))
+				return failedMethodError
 			} else {
 				err := r.llvCl.UpdatePhaseIfNeeded(
 					ctx,
@@ -625,15 +632,16 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 				}
 				failedMethod = &method
 				r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] running cleanup for LV %s in VG %s with method %s", lvName, vgName, method))
-				err = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
-				if err != nil {
-					r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
-					return err
+				failedMethodError = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
+				if failedMethodError != nil {
+					r.log.Error(failedMethodError, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
+					return failedMethodError
 				}
 				failedMethod = nil
 			}
 		} else {
 			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] cleanup already running for LV %s in VG %s", lvName, vgName))
+			return errAlreadyRunning
 		}
 	}
 

From 06bb8c8947a5ca0f387825aeb41e93b800804ed9 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 17:20:33 +0600
Subject: [PATCH 102/115] Remove commented text from USAGE

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 docs/USAGE.ru.md | 102 +----------------------------------------------
 1 file changed, 1 insertion(+), 101 deletions(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 1d9d323e..466de360 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -201,106 +201,6 @@ kubectl delete lvg %lvg-name%
 Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группы - страницы. Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.
 Если устройство не гарантирует Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT) и не является проверенным, то использовать его не рекомендуется.
 
-<!-- #### Параметр `volumePreparationMethod`
-
-* `Disable` - не выполнять никаких дополнительных действий перед использованием тома. Данные могут оказаться доступными следующему пользователю;
-* `ZeroFill` - том будет заполнен нулями перед использованием. Эта опция имеет смысл для твердотельных накопителей, если устройство не гарантирует немедленную недоступность освобожденных данных на чтение после `discard` при удалении тома. -->
-
-
-
-<!-- ##### `SinglePass`
-
-Том будет перезаписан случайными данными один раз перед удалением. Эта опция имеет смысл для жестких дисков, так как они физически заменяют старые данные новыми и без физического доступа к диску старые данные не могут быть восстановлены. -->
-<!-- Если записать новые данные в блочное устройство, то вычитать старые данные без специальных средств не получится. На жестком диске блоки располагаются в фиксированных областях диска. При записи в блочное устройство такого диска, данные на пластинах заменяются новыми. Поэтому для случая жесткого диска подходит `SinglePass` метод. -->
-
-<!-- Эта опция имеет смысл для жестких дисков, так как они физически заменяют старые данные новыми и без физического доступа к диску старые данные не могут быть восстановлены; -->
-
-<!-- #### Опция `ThreePass` -->
-
-<!-- Том будет перезаписан случайными данными три раза перед удалением. Эта опция имеет смысл для жестких дисков, если есть риск, что жесткий диск будет физически доступен для восстановления данных с использованием спец средств. -->
-
-<!-- Если есть риск, что жесткий диск будет физически доступен для восстановления данных с использованием спец средств, может появиться необходимость затирать данные несколько раз. Для этого предусмотрена опция `ThreePass`. -->
-
-<!-- #### Опция `Discard` -->
-
-
-<!-- Большинство современных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при использовании твердотельных накопителей.
-
-Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группы - страницы. Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.
-
-Если устройство не гарантирует Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT) и не является проверенным, то рекомендуется использовать опцию `volumePreparationMethod`. -->
-
-<!-- Для твердотельных накопителей в OS Linux предусмотрена команда `discard`. Она используется для отметки блока данных как свободного.  -->
-
-
-<!-- Устройство балансирует использование ячеек (wear leveling), предпочтительно записывая данные в свободную ячейку с большим остаточным ресурсом. `discard` значительно увеличивает ресурс диска, увеличивая выбор свободных блоков при записи новых данных.
-
-
-
-В твердотельных накопителях используется NAND флеш-память. Ячейки такой памяти нельзя переписать без полной очистки, к тому-же они имеют ограниченный ресурс циклов очистки-записи. Из-за этой особенности при модификации новые данные записываются в чистую ячейку, которая логически подменяет собой старую. Из-за этого данные старой ячейки могут оказаться доступными для извлечения с использованием спец-средств. Гарантировать удаление данных (SecureErase) могут только производители дисков через специальные утилиты. -->
-
-
 ### Thin-тома
 
-В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, данные могут остаться на thin-pool до нового использования такого блока. Однако, мы не отдаем пользователям thin пул. Они могут получить только том из пула, а для Thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами. Это гарантируется настройкой `thin_pool_zero=1` в LVM. 
-
-<!-- ## Безопасность удаления данных
-
-Для предотвращения утечки данных между виртуальными машинами через блочные устройства LVM необходимо учитывать, что удаление данных работает по-разному на жестких дисках и твердотельных накопителях. Это продиктовано различиями в принципах работы этих устройств.
-
-Жесткий диск при записи данных в блок физически заменяет старые данные новыми. Твердотельный накопитель пишет новые данные в новый блок, а старый блок помечает для очистки. При этом блоки твердотельного накопителя имеют ограниченный ресурс циклов очистки/записи. Для продления срока службы твердотельных накопителей предусмотрена команда `discard`, которая помечает блок свободным напрямую, без записи новых данных.
-
-Поэтому, для жестких дисков мы предусмотрели опцию `secureEraseForHDD`, которая задает процедуру очистки блоков при удалении логических томов. Опцию можно отредактировать перед удалением тома. Данная опция применима только к thick-томам. При этом мы всегда перед удалением тома отправляем команду `discard` на физическое устройство, чтобы пометить блоки этого тома свободными (если это не будет отключено в опции `secureEraseForHDD`).
-
-> **Внимание!** Недоступность данных после `discard` зависит от физического устройства. Некоторые устройства могут отдавать старые данные, несмотря на то, что они помечены как свободные.
-
-Опция `secureEraseForHDD` имеет следующие значения: 
-
-* `Disable` - не выполнять никаких дополнительных действий при удалении тома (`discard` при этом тоже НЕ будет отправлен на физическое устройство);
-* `SinglePass` - выполнить однопроходное затирание блоков случайными данными;
-* `ThreePass` - выполнить трехпроходное затирание блоков случайными данными.
-
-> **Внимание!** Не рекомендуется использовать опцию `secureEraseForHDD` для SSD, тк мы не проверяем, что устройство является HDD, поэтому опция `secureEraseForHDD` будет применена ко всем устройствам, на которых находится том, даже если это SSD. 
-
-
-* Для жестких дисков добавлена опция `secureEraseForHDD`:
-  * задает процедуру очистки блоков, удаляемых логических томов
-  * нельзя включить для thin-томов
-* Для твердотельных накопителей:
-  * LVM пересылает `discard` с логических томов на физическое устройство (с какой версии?)
-  * при удалении логических томов `discard` отправляется на все занятые этими томами блоки физического устройства
-* Для thin-томов:
-  * включена настройка LVM, гарантирующая вычитывание нулей из блоков и их областей, которые ещё не были записаны.
-  * при освобождении блоков через `discard` логического тома, команда пересылается на физическое устройство
-  * нельзя включить опцию `secureEraseForHDD` -->
-
-<!-- * обычные тома:
-  * `devices/issue_discards=1` для отправки `discard` на физическое устройство, когда блоки перестают использоваться LVM, например при удалении томов.
-* thin-тома:
-  * `allocation/thin_pool_discards="passdown"` для пересылки `discard` на устройство с thin-томов
-  * `allocation/thin_pool_zero=1` для зануления блоков thin-томов при первом использовании -->
-<!-- 
-Для жестких дисков добавлена опция `secureEraseForHDD` в `LVMLogicalVolume` и `LocalStorageClass`, которая задает процедуру очистки блоков при удалении логических томов. Опцию можно отредактировать перед удалением тома. -->
-
-<!-- > **Внимание!** Эту опцию нельзя включить для thin-томов.  -->
-
-<!-- Для освобождаемых блоков вызывается только `discard`, который ничего не делает на жестком диске, а затирание нулями произойдет только когда блок будет снова использован. Данные пользователя всё это время будут оставаться на диске. Затереть данные в этом случае может только пользовательское приложение. Однако если есть снапшот, приложение не сможет затереть данные.
-
-В результате:
-
-* Для жестких дисков добавлена опция `secureEraseForHDD`:
-  * задает процедуру очистки блоков, удаляемых логических томов
-  * нельзя включить для thin-томов
-* Для твердотельных накопителей:
-  * LVM пересылает `discard` с логических томов на физическое устройство (с какой версии?)
-  * при удалении логических томов `discard` отправляется на все занятые этими томами блоки физического устройства
-* Для thin-томов:
-  * включена настройка LVM, гарантирующая вычитывание нулей из блоков и их областей, которые ещё не были записаны.
-  * при освобождении блоков через `discard` логического тома, команда пересылается на физическое устройство
-  * нельзя включить опцию `secureEraseForHDD`
-
-TODO: Подсветить:
-
-* Не все твердотельные накопители дают гарантии чтения из освобожденных блоков. Будет ошибка?
-* Очистка физических устройств при удалении из Volume Group?
-* С какой версии LVM пересылает дискарды с логических томов? -->
+В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, данные могут остаться на thin-pool до нового использования такого блока. Однако, мы не отдаем пользователям thin пул. Они могут получить только том из пула, а для Thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами. Это гарантируется настройкой `thin_pool_zero=1` в LVM.

From 35a86c41c5861f45592b8e06e347628fa767276a Mon Sep 17 00:00:00 2001
From: Anton Sergunov <setosha@gmail.com>
Date: Thu, 20 Feb 2025 17:34:20 +0600
Subject: [PATCH 103/115] Apply suggestions from code review

Co-authored-by: Denis Rebenok <60424108+denmaloyreb@users.noreply.github.com>
Signed-off-by: Anton Sergunov <setosha@gmail.com>
---
 crds/doc-ru-lvmlogicalvolume.yaml |  7 ++++---
 docs/USAGE.ru.md                  | 13 +++++++------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/crds/doc-ru-lvmlogicalvolume.yaml b/crds/doc-ru-lvmlogicalvolume.yaml
index 10154e71..c8967fa0 100644
--- a/crds/doc-ru-lvmlogicalvolume.yaml
+++ b/crds/doc-ru-lvmlogicalvolume.yaml
@@ -42,9 +42,10 @@ spec:
                       description: |
                         Метод очистки тома после удаления PV.
                         Параметр не задан - том не будет очищен после удаления PV.
-                        `RandomFillSinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
-                        `RandomFillThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
-                        `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
+                        Допустимые значения:
+                        - `RandomFillSinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
+                        - `RandomFillThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
+                        - `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
             status:
               description: |
                 Описывает состояние ресурса.
diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 466de360..a70dd955 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -175,7 +175,8 @@ kubectl delete lvg %lvg-name%
 
 При удалении файлов операционная система не удаляет содержимое физически, а лишь помечает соответствующие блоки как «свободные». Если новый том получает физические блоки, ранее использовавшиеся другим томом, в них могут остаться данные предыдущего пользователя. 
 
-Такое возможно, например, в таком случае:
+Это возможно, например, в таком случае:
+
   - пользователь №1 разместил файлы в томе, запрошенном из StorageClass 1 и на узле 1 (не важно, в режиме «Block» или «Filesystem»);
   - пользователь №1 удалил файлы и том;
   - физические блоки, которые он занимал, становятся «свободными», но не затертыми;
@@ -185,17 +186,17 @@ kubectl delete lvg %lvg-name%
 
 ### Thick-тома
 
-Для предотвращения утечек через thick-тома предусмотрено два параметра `volumeCleanup`.
+Для предотвращения утечек через thick-тома предусмотрен параметр `volumeCleanup`.
 
 #### Параметр `volumeCleanup`
 
-* отсутствует - не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
+* параметр не задан — не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
 
-* `RandomFillSinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
+* `RandomFillSinglePass` — том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
 
-* `RandomFillThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
+* `RandomFillThreePass` — том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
 
-* `Discard` - все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
+* `Discard` — все блоки тома будут отмечены как свободные с использованием системного вызова `discard` перед удалением. Эта опция имеет смысл только для твердотельных накопителей.
 
 Большинство современных твердотельных накопителей гарантирует, что помеченный `discard` блок при чтении не вернет предыдущие данные. Это делает опцию `Discard` самым эффективным способом предотвращения утечек при использовании твердотельных накопителей.
 Однако очистка ячейки относительно долгая операция, поэтому выполняется устройством в фоне. К тому-же многие диски не могут очищать индивидуальные ячейки, а только группы - страницы. Из-за этого не все накопители гарантируют немедленную недоступность освобожденных данных. К тому-же не все накопители, гарантирующие это, держат обещание.

From 4c0f4af1949e7dcc850807fe208f5a5c0935724b Mon Sep 17 00:00:00 2001
From: Anton Sergunov <setosha@gmail.com>
Date: Thu, 20 Feb 2025 18:04:37 +0600
Subject: [PATCH 104/115] Apply suggestions from code review

Co-authored-by: Denis Rebenok <60424108+denmaloyreb@users.noreply.github.com>
Signed-off-by: Anton Sergunov <setosha@gmail.com>
---
 crds/doc-ru-lvmlogicalvolume.yaml | 2 +-
 crds/lvmlogicalvolume.yaml        | 3 ++-
 docs/USAGE.ru.md                  | 6 +++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/crds/doc-ru-lvmlogicalvolume.yaml b/crds/doc-ru-lvmlogicalvolume.yaml
index c8967fa0..a39e80a9 100644
--- a/crds/doc-ru-lvmlogicalvolume.yaml
+++ b/crds/doc-ru-lvmlogicalvolume.yaml
@@ -41,7 +41,7 @@ spec:
                     volumeCleanup:
                       description: |
                         Метод очистки тома после удаления PV.
-                        Параметр не задан - том не будет очищен после удаления PV.
+                        Если параметр не задан, после удаления PV данные могут удалиться, либо остаться. Гарантий удаления или неудаления нет.
                         Допустимые значения:
                         - `RandomFillSinglePass` - том будет перезаписан случайными данными один раз перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя.
                         - `RandomFillThreePass` - том будет перезаписан случайными данными три раза перед удалением. Использовать эту опцию не рекомендуется для твердотельных накопителей, так как она уменьшает ресурс накопителя. 
diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index f5d589d1..f4abea1f 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -120,7 +120,8 @@ spec:
                       enum: [RandomFillThreePass, RandomFillSinglePass, Discard]
                       description: |
                         The method of the volume cleanup before deletion.
-                        - Empty parameter: No cleanup is performed.
+                        If the parameter is not set, after deleting the PV, the data may be deleted or it may remain. There is no guarantee of deletion or non-deletion.
+                        Allowed values:
                         - `RandomFillSinglePass`: The volume will be overwritten with random data once before deletion. This option is not recommended for solid-state drives, as it reduces the lifespan of the drive.
                         - `RandomFillThreePass`: The volume will be overwritten with random data three times before deletion. This option is also not recommended for solid-state drives, as it reduces the lifespan of the drive.
                         - `Discard`: All blocks of the volume will be marked as free using the `discard`` system call before deletion. This option is only applicable to solid-state drives.
diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index a70dd955..944f1b94 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -173,7 +173,7 @@ kubectl delete lvg %lvg-name%
 
 ## Защита от утечек данных между томами
 
-При удалении файлов операционная система не удаляет содержимое физически, а лишь помечает соответствующие блоки как «свободные». Если новый том получает физические блоки, ранее использовавшиеся другим томом, в них могут остаться данные предыдущего пользователя. 
+При удалении файлов операционная система не удаляет содержимое физически, а лишь помечает соответствующие блоки как «свободные». Если новый том получает физические блоки, ранее использовавшиеся другим томом, в них могут остаться данные предыдущего пользователя.
 
 Это возможно, например, в таком случае:
 
@@ -187,8 +187,8 @@ kubectl delete lvg %lvg-name%
 ### Thick-тома
 
 Для предотвращения утечек через thick-тома предусмотрен параметр `volumeCleanup`.
-
-#### Параметр `volumeCleanup`
+Он позволяет выбрать метод очистки тома перед удалением PV.
+Возможные значения:
 
 * параметр не задан — не выполнять никаких дополнительных действий при удалении тома. Данные могут оказаться доступными следующему пользователю;
 

From 167fb64ff3ef4fe25251cac37a20164f48b18d1e Mon Sep 17 00:00:00 2001
From: Anton Sergunov <setosha@gmail.com>
Date: Thu, 20 Feb 2025 18:36:17 +0600
Subject: [PATCH 105/115] Update
 images/agent/src/internal/utils/volume_cleanup_ee.go

Signed-off-by: Anton Sergunov <setosha@gmail.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index b948def2..27ed61bf 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -177,6 +177,7 @@ EOF
 */
 
 //nolint:revive
+// TODO: It will be nice to figure them out during compilation or maybe runtime?
 const (
 	BLKDISCARD       = 0x1277
 	BLKDISCARDZEROES = 0x127c

From 15493b4acc15ec4b36b9c27c1d6cd7e3dc3f97b5 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 18:41:16 +0600
Subject: [PATCH 106/115] early return for less indentation

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/controller/llv/reconciler.go | 64 +++++++++----------
 1 file changed, 31 insertions(+), 33 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 3ca17ec5..bdc3eac0 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -607,42 +607,40 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 		method := *llv.Spec.Thick.VolumeCleanup
 		lvName := llv.Spec.ActualLVNameOnTheNode
 		started, failedMethod, failedMethodError := r.startCleanupRunning(vgName, lvName)
-		if started {
-			r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] starting cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
-			defer func() {
-				r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] stopping cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
-				err := r.stopCleanupRunning(vgName, lvName, failedMethod, failedMethodError)
-				if err != nil {
-					r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] can't unregister running cleanup for LV %s in VG %s", lvName, vgName))
-				}
-			}()
-			if failedMethod != nil && *failedMethod == method && failedMethodError != nil {
-				r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] was already failed with method %s for LV %s in VG %s", *failedMethod, lvName, vgName))
-				return failedMethodError
-			} else {
-				err := r.llvCl.UpdatePhaseIfNeeded(
-					ctx,
-					llv,
-					v1alpha1.PhaseCleaning,
-					fmt.Sprintf("Cleaning up volume %s in %s group using %s", lvName, vgName, method),
-				)
-				if err != nil {
-					r.log.Error(err, "[deleteLVIfNeeded] changing phase to Cleaning")
-					return fmt.Errorf("changing phase to Cleaning :%w", err)
-				}
-				failedMethod = &method
-				r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] running cleanup for LV %s in VG %s with method %s", lvName, vgName, method))
-				failedMethodError = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
-				if failedMethodError != nil {
-					r.log.Error(failedMethodError, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
-					return failedMethodError
-				}
-				failedMethod = nil
-			}
-		} else {
+		if !started {
 			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] cleanup already running for LV %s in VG %s", lvName, vgName))
 			return errAlreadyRunning
 		}
+		r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] starting cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
+		defer func() {
+			r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] stopping cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
+			err := r.stopCleanupRunning(vgName, lvName, failedMethod, failedMethodError)
+			if err != nil {
+				r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] can't unregister running cleanup for LV %s in VG %s", lvName, vgName))
+			}
+		}()
+		if failedMethod != nil && *failedMethod == method && failedMethodError != nil {
+			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] was already failed with method %s for LV %s in VG %s", *failedMethod, lvName, vgName))
+			return failedMethodError
+		}
+		err := r.llvCl.UpdatePhaseIfNeeded(
+			ctx,
+			llv,
+			v1alpha1.PhaseCleaning,
+			fmt.Sprintf("Cleaning up volume %s in %s group using %s", lvName, vgName, method),
+		)
+		if err != nil {
+			r.log.Error(err, "[deleteLVIfNeeded] changing phase to Cleaning")
+			return fmt.Errorf("changing phase to Cleaning :%w", err)
+		}
+		failedMethod = &method
+		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] running cleanup for LV %s in VG %s with method %s", lvName, vgName, method))
+		failedMethodError = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
+		if failedMethodError != nil {
+			r.log.Error(failedMethodError, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
+			return failedMethodError
+		}
+		failedMethod = nil
 	}
 
 	cmd, err := utils.RemoveLV(vgName, llv.Spec.ActualLVNameOnTheNode)

From 3e066114ae528d7dbf0e8cff94124102970f256a Mon Sep 17 00:00:00 2001
From: Anton Sergunov <setosha@gmail.com>
Date: Thu, 20 Feb 2025 18:43:35 +0600
Subject: [PATCH 107/115] Update docs/USAGE.ru.md

Co-authored-by: Denis Rebenok <60424108+denmaloyreb@users.noreply.github.com>
Signed-off-by: Anton Sergunov <setosha@gmail.com>
---
 docs/USAGE.ru.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/USAGE.ru.md b/docs/USAGE.ru.md
index 944f1b94..f7ae6a42 100644
--- a/docs/USAGE.ru.md
+++ b/docs/USAGE.ru.md
@@ -204,4 +204,4 @@ kubectl delete lvg %lvg-name%
 
 ### Thin-тома
 
-В момент освобождения блока thin-тома через `discard` гостевой ОС, эта команда пересылается на устройство. В случае использования жесткого диска или проблем с поддержкой `discard` со стороны твердотельного накопителя, данные могут остаться на thin-pool до нового использования такого блока. Однако, мы не отдаем пользователям thin пул. Они могут получить только том из пула, а для Thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами. Это гарантируется настройкой `thin_pool_zero=1` в LVM.
+В момент освобождения блока thin-тома через `discard` гостевой операционной системы, эта команда пересылается на устройство. В случае использования жесткого диска или отсутствии поддержки `discard` со стороны твердотельного накопителя, данные могут остаться на thin-pool до нового использования такого блока. Однако, пользователям предоставляется доступ только к thin-томам, а не к самому thin-пулу. Они могут получить только том из пула, а для thin-томов производится зануление блока thin-pool при новом использовании, что предотвращает утечки между клиентами. Это гарантируется настройкой `thin_pool_zero=1` в LVM.

From fd04ca261b7c4630f4d23b8b808242d687cd1656 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Thu, 20 Feb 2025 18:57:01 +0600
Subject: [PATCH 108/115] don't requeue cleaning up errors, don't update phase
 when not heeded

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../src/internal/controller/llv/reconciler.go | 53 +++++++++----------
 1 file changed, 26 insertions(+), 27 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index bdc3eac0..39f0c1e5 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -48,9 +48,8 @@ type cleanupsKey struct {
 }
 
 type cleanupStatus struct {
-	cleanupRunning    bool
-	failedMethod      *string
-	failedMethodError error
+	cleanupRunning bool
+	failedMethod   *string
 }
 type cleanups struct {
 	m      sync.RWMutex
@@ -68,6 +67,7 @@ type Reconciler struct {
 }
 
 var errAlreadyRunning = errors.New("reconcile in progress")
+var errCleanupSameAsPreviouslyFailed = errors.New("cleanup method was failed and not changed")
 
 type ReconcilerConfig struct {
 	NodeName                string
@@ -105,20 +105,20 @@ func NewReconciler(
 	}
 }
 
-func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool, failedMethod *string, failedMethodError error) {
+func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool, failedMethod *string) {
 	r.runningCleanups.m.Lock()
 	defer r.runningCleanups.m.Unlock()
 	key := cleanupsKey{vgName: vgName, lvName: lvName}
 	value, exists := r.runningCleanups.status[key]
 	if exists && value.cleanupRunning {
-		return false, nil, nil
+		return false, nil
 	}
 	value.cleanupRunning = true
 	r.runningCleanups.status[key] = value
-	return true, value.failedMethod, value.failedMethodError
+	return true, value.failedMethod
 }
 
-func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *string, failedMethodError error) error {
+func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *string) error {
 	r.runningCleanups.m.Lock()
 	defer r.runningCleanups.m.Unlock()
 	key := cleanupsKey{vgName: vgName, lvName: lvName}
@@ -130,7 +130,6 @@ func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *str
 		delete(r.runningCleanups.status, key)
 	} else {
 		value.failedMethod = failedMethod
-		value.failedMethodError = failedMethodError
 		value.cleanupRunning = false
 		r.runningCleanups.status[key] = value
 	}
@@ -251,7 +250,7 @@ func (r *Reconciler) Reconcile(
 	shouldRequeue, err := r.ReconcileLVMLogicalVolume(ctx, llv, lvg)
 	if err != nil {
 		r.log.Error(err, fmt.Sprintf("[Reconcile] an error occurred while reconciling the LVMLogicalVolume: %s", llv.Name))
-		if !errors.Is(err, errAlreadyRunning) {
+		if !errors.Is(err, errAlreadyRunning) && !errors.Is(err, errCleanupSameAsPreviouslyFailed) {
 			updErr := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseFailed, err.Error())
 			if updErr != nil {
 				r.log.Error(updErr, fmt.Sprintf("[Reconcile] unable to update the LVMLogicalVolume %s", llv.Name))
@@ -282,7 +281,7 @@ func (r *Reconciler) ReconcileLVMLogicalVolume(ctx context.Context, llv *v1alpha
 	case internal.DeleteReconcile:
 		return r.reconcileLLVDeleteFunc(ctx, llv, lvg)
 	default:
-		r.log.Info(fmt.Sprintf("[runEventReconcile] the LVMLogicalVolume %s has compeleted configuration and should not be reconciled", llv.Name))
+		r.log.Info(fmt.Sprintf("[runEventReconcile] the LVMLogicalVolume %s has completed configuration and should not be reconciled", llv.Name))
 		if llv.Status.Phase != v1alpha1.PhaseCreated {
 			r.log.Warning(fmt.Sprintf("[runEventReconcile] the LVMLogicalVolume %s should not be reconciled but has an unexpected phase: %s. Setting the phase to %s", llv.Name, llv.Status.Phase, v1alpha1.PhaseCreated))
 			err := r.llvCl.UpdatePhaseIfNeeded(ctx, llv, v1alpha1.PhaseCreated, "")
@@ -506,10 +505,10 @@ func (r *Reconciler) reconcileLLVDeleteFunc(
 		}
 	}
 
-	err := r.deleteLVIfNeeded(ctx, lvg.Spec.ActualVGNameOnTheNode, llv)
+	shouldRequeue, err := r.deleteLVIfNeeded(ctx, lvg.Spec.ActualVGNameOnTheNode, llv)
 	if err != nil {
 		r.log.Error(err, fmt.Sprintf("[reconcileLLVDeleteFunc] unable to delete the LV %s in VG %s", llv.Spec.ActualLVNameOnTheNode, lvg.Spec.ActualVGNameOnTheNode))
-		return true, err
+		return shouldRequeue, err
 	}
 
 	r.log.Info(fmt.Sprintf("[reconcileLLVDeleteFunc] successfully deleted the LV %s in VG %s", llv.Spec.ActualLVNameOnTheNode, lvg.Spec.ActualVGNameOnTheNode))
@@ -590,38 +589,38 @@ func checkIfLVBelongsToLLV(llv *v1alpha1.LVMLogicalVolume, lv *internal.LVData)
 	return true
 }
 
-func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v1alpha1.LVMLogicalVolume) error {
+func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v1alpha1.LVMLogicalVolume) (shouldRequeue bool, err error) {
 	lv := r.sdsCache.FindLV(vgName, llv.Spec.ActualLVNameOnTheNode)
 	if lv == nil || !lv.Exist {
 		r.log.Warning(fmt.Sprintf("[deleteLVIfNeeded] did not find LV %s in VG %s", llv.Spec.ActualLVNameOnTheNode, vgName))
-		return nil
+		return false, nil
 	}
 
 	// this case prevents unexpected same-name LV deletions which does not actually belong to our LLV
 	if !checkIfLVBelongsToLLV(llv, &lv.Data) {
 		r.log.Warning(fmt.Sprintf("[deleteLVIfNeeded] no need to delete LV %s as it doesn't belong to LVMLogicalVolume %s", lv.Data.LVName, llv.Name))
-		return nil
+		return false, nil
 	}
 
 	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != nil {
 		method := *llv.Spec.Thick.VolumeCleanup
 		lvName := llv.Spec.ActualLVNameOnTheNode
-		started, failedMethod, failedMethodError := r.startCleanupRunning(vgName, lvName)
+		started, failedMethod := r.startCleanupRunning(vgName, lvName)
 		if !started {
 			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] cleanup already running for LV %s in VG %s", lvName, vgName))
-			return errAlreadyRunning
+			return false, errAlreadyRunning
 		}
 		r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] starting cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
 		defer func() {
 			r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] stopping cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
-			err := r.stopCleanupRunning(vgName, lvName, failedMethod, failedMethodError)
+			err := r.stopCleanupRunning(vgName, lvName, failedMethod)
 			if err != nil {
 				r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] can't unregister running cleanup for LV %s in VG %s", lvName, vgName))
 			}
 		}()
-		if failedMethod != nil && *failedMethod == method && failedMethodError != nil {
+		if failedMethod != nil && *failedMethod == method {
 			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] was already failed with method %s for LV %s in VG %s", *failedMethod, lvName, vgName))
-			return failedMethodError
+			return false, errCleanupSameAsPreviouslyFailed
 		}
 		err := r.llvCl.UpdatePhaseIfNeeded(
 			ctx,
@@ -631,14 +630,14 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 		)
 		if err != nil {
 			r.log.Error(err, "[deleteLVIfNeeded] changing phase to Cleaning")
-			return fmt.Errorf("changing phase to Cleaning :%w", err)
+			return true, fmt.Errorf("changing phase to Cleaning :%w", err)
 		}
 		failedMethod = &method
 		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] running cleanup for LV %s in VG %s with method %s", lvName, vgName, method))
-		failedMethodError = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
-		if failedMethodError != nil {
-			r.log.Error(failedMethodError, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
-			return failedMethodError
+		err = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
+		if err != nil {
+			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
+			return true, err
 		}
 		failedMethod = nil
 	}
@@ -647,13 +646,13 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 	r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] runs cmd: %s", cmd))
 	if err != nil {
 		r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to remove LV %s from VG %s", llv.Spec.ActualLVNameOnTheNode, vgName))
-		return err
+		return true, err
 	}
 
 	r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] mark LV %s in the cache as removed", lv.Data.LVName))
 	r.sdsCache.MarkLVAsRemoved(lv.Data.VGName, lv.Data.LVName)
 
-	return nil
+	return false, nil
 }
 
 func (r *Reconciler) getLVActualSize(vgName, lvName string) resource.Quantity {

From bb4bba743831fd56fedd95cbbfe387db8f6a8523 Mon Sep 17 00:00:00 2001
From: "Denis.Rebenok" <denis.rebenok@flant.ru>
Date: Thu, 20 Feb 2025 16:20:00 +0300
Subject: [PATCH 109/115] docs: add Protection against data leakage between
 volumes section in USAGE.md

Signed-off-by: Denis.Rebenok <denis.rebenok@flant.ru>
---
 docs/USAGE.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/USAGE.md b/docs/USAGE.md
index 1d4ea7c0..ffe26c4a 100644
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@@ -170,3 +170,38 @@ To extract the `BlockDevice` resource from the `LVMVolumeGroup` resource, you ne
 > **Caution!** If the deleting `LVM Volume Group` resource contains any `Logical Volume` (even if it is only the `Thin-pool` that is specified in `spec`), a user must delete all those `Logical Volumes` manually. Otherwise, the `LVMVolumeGroup` resource and its `Volume Group` will not be deleted. 
 
 > A user can forbid to delete the `LVMVolumeGroup` resource by annotate it with `storage.deckhouse.io/deletion-protection`. If the controller finds the annotation, it will not delete nether the resource or the `Volume Group` till the annotation removal.
+
+## Protection against data leakage between volumes
+
+When deleting files, the operating system does not physically delete the contents, but only marks the corresponding blocks as “free”. If a new volume receives physical blocks previously used by another volume, the previous user's data may remain in them.
+
+This is possible, for example, in the following case:
+
+  - user №1 placed files in the volume requested from StorageClass 1 and on node 1 (no matter in “Block” or “Filesystem” mode);
+  - user №1 deleted the files and the volume;
+  - the physical blocks it occupied become “free” but not wiped;
+  - user №2 requested a new volume from StorageClass 1 and on node 1 in “Block” mode;
+  - there is a risk that some or all of the blocks previously occupied by user #1 will be reallocated to user №2;
+  - in which case user №2 has the ability to recover user №1's data.
+
+### Thick volumes
+
+The `volumeCleanup` parameter is provided to prevent leaks through thick volumes.
+It allows to select the volume cleanup method before deleting the PV.
+Allowed values:
+
+* parameter not specified — do not perform any additional actions when deleting a volume. The data may be available to the next user;
+
+* `RandomFillSinglePass` - the volume will be overwritten with random data once before deletion. Use of this option is not recommended for solid-state drives as it reduces the lifespan of the drive.
+
+* `RandomFillThreePass` - the volume will be overwritten with random data three times before deletion. Use of this option is not recommended for solid-state drives as it reduces the lifespan of the drive.
+
+* `Discard` - all blocks of the volume will be marked as free using the `discard` system call before deletion. This option is only applicable to solid-state drives.
+
+Most modern solid-state drives ensure that a `discard` marked block will not return previous data when read. This makes the `Discard' option the most effective way to prevent leakage when using solid-state drives.
+However, clearing a cell is a relatively long operation, so it is performed in the background by the device. In addition, many drives cannot clear individual cells, only groups - pages. Because of this, not all drives guarantee immediate unavailability of the freed data. In addition, not all drives that do guarantee this keep the promise.
+If the device does not guarantee Deterministic TRIM (DRAT), Deterministic Read Zero after TRIM (RZAT) and is not tested, then it is not recommended.
+
+### Thin volumes
+
+When a thin-pool block is released via `discard` by the guest operating system, this command is forwarded to the device. If a hard disk drive is used or if there is no `discard` support from the solid-state drive, the data may remain on the thin-pool until such a block is used again. However, users are only given access to thin volumes, not the thin-pool itself. They can only retrieve a volume from the pool, and the thin volumes are nulled for the thin-pool block on new use, preventing leakage between clients. This is guaranteed by setting `thin_pool_zero=1` in LVM.

From 3ef50b1522242fcb08ace018f813a4d9ad2aa73a Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Fri, 21 Feb 2025 14:17:45 +0300
Subject: [PATCH 110/115] some fixes

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 .werf/consts.yaml                                    | 2 +-
 images/agent/src/internal/utils/volume_cleanup_ee.go | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.werf/consts.yaml b/.werf/consts.yaml
index 5d41585c..c3d0dd52 100644
--- a/.werf/consts.yaml
+++ b/.werf/consts.yaml
@@ -1,7 +1,7 @@
 # base images
 {{- $_ := set $ "BASE_ALT"         "registry.deckhouse.io/base_images/alt:p10@sha256:f105773c682498700680d7cd61a702a4315c4235aee3622757591fd510fb8b4a" }}
 {{- $_ := set $ "BASE_ALT_P11"     "registry.deckhouse.io/base_images/alt:p11@sha256:e47d84424485d3674240cb2f67d3a1801b37d327e6d1eb8cc8d01be8ed3b34f3" }}
-{{- $_ := set $ "BASE_GOLANG_1_23" "registry.deckhouse.io/base_images/golang:1.23.5-alpine3.20@sha256:623ef3f63012bbd648021a2f097de3f411889332ba83bd98f0ac8d1288bdaa06" }}
+{{- $_ := set $ "BASE_GOLANG_1_23" "registry.deckhouse.io/base_images/golang:1.23.6-alpine3.20@sha256:3058c63e0e2532881949c4186414baa24a0f9a8f9349b1853daa49be816f42e9" }}
 {{- $_ := set $ "BASE_SCRATCH"     "registry.deckhouse.io/base_images/scratch@sha256:653ae76965c98c8cd1c8c9ff7725316d2983986f896655b30e0f44d2f8b2dd7e" }}
 {{- $_ := set $ "BASE_ALPINE"      "registry.deckhouse.io/base_images/alpine:3.20.3@sha256:41628df7c9b935d248f64542634e7a843f9bc7f2252d7f878e77f7b79a947466" }}
 
diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 27ed61bf..3839574b 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -176,8 +176,9 @@ int main() {
 EOF
 */
 
-//nolint:revive
 // TODO: It will be nice to figure them out during compilation or maybe runtime?
+//
+//nolint:revive
 const (
 	BLKDISCARD       = 0x1277
 	BLKDISCARDZEROES = 0x127c

From 5e9f33d56515d9e77122262810e9e3b4310abf53 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Fri, 21 Feb 2025 14:25:36 +0300
Subject: [PATCH 111/115] Update docs/USAGE.md

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 docs/USAGE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/USAGE.md b/docs/USAGE.md
index ffe26c4a..65059adc 100644
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@@ -181,7 +181,7 @@ This is possible, for example, in the following case:
   - user №1 deleted the files and the volume;
   - the physical blocks it occupied become “free” but not wiped;
   - user №2 requested a new volume from StorageClass 1 and on node 1 in “Block” mode;
-  - there is a risk that some or all of the blocks previously occupied by user #1 will be reallocated to user №2;
+  - there is a risk that some or all of the blocks previously occupied by user №1 will be reallocated to user №2;
   - in which case user №2 has the ability to recover user №1's data.
 
 ### Thick volumes

From edca6e2b92c4ae4dead5095567c18bb8f0923ef9 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Mon, 24 Feb 2025 15:19:54 +0600
Subject: [PATCH 112/115] Remove unused constants

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 images/agent/src/internal/utils/volume_cleanup_ee.go | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/images/agent/src/internal/utils/volume_cleanup_ee.go b/images/agent/src/internal/utils/volume_cleanup_ee.go
index 3839574b..8d2613c5 100644
--- a/images/agent/src/internal/utils/volume_cleanup_ee.go
+++ b/images/agent/src/internal/utils/volume_cleanup_ee.go
@@ -167,10 +167,7 @@ int main() {
     PRINT_CONSTANT(S_IFMT, "0x%x");
     PRINT_CONSTANT(S_IFBLK, "0x%x");
     PRINT_CONSTANT(BLKGETSIZE64, "0x%lx");
-    PRINT_CONSTANT(BLKSSZGET, "0x%x");
     PRINT_CONSTANT(BLKDISCARD, "0x%x");
-    PRINT_CONSTANT(BLKDISCARDZEROES, "0x%x");
-    PRINT_CONSTANT(BLKSECDISCARD, "0x%x");
     return 0;
 }
 EOF
@@ -180,12 +177,9 @@ EOF
 //
 //nolint:revive
 const (
-	BLKDISCARD       = 0x1277
-	BLKDISCARDZEROES = 0x127c
-	BLKSECDISCARD    = 0x127d
+	BLKDISCARD = 0x1277
 
 	BLKGETSIZE64 = 0x80081272
-	BLKSSZGET    = 0x1268
 
 	S_IFMT  = 0xf000 /* type of file mask */
 	S_IFBLK = 0x6000 /* block special */

From 0c7b1ee35af0c87828a638d00939fc1e588f65a5 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Mon, 24 Feb 2025 15:27:01 +0600
Subject: [PATCH 113/115] Fix by review

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 .../agent/src/internal/controller/llv/reconciler.go  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index 39f0c1e5..d7dcb4c8 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -48,11 +48,11 @@ type cleanupsKey struct {
 }
 
 type cleanupStatus struct {
-	cleanupRunning bool
-	failedMethod   *string
+	cleanupRunning   bool
+	prevFailedMethod *string
 }
 type cleanups struct {
-	m      sync.RWMutex
+	m      sync.Mutex
 	status map[cleanupsKey]cleanupStatus
 }
 type Reconciler struct {
@@ -105,7 +105,7 @@ func NewReconciler(
 	}
 }
 
-func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool, failedMethod *string) {
+func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool, prevFailedMethod *string) {
 	r.runningCleanups.m.Lock()
 	defer r.runningCleanups.m.Unlock()
 	key := cleanupsKey{vgName: vgName, lvName: lvName}
@@ -115,7 +115,7 @@ func (r *Reconciler) startCleanupRunning(vgName, lvName string) (inserted bool,
 	}
 	value.cleanupRunning = true
 	r.runningCleanups.status[key] = value
-	return true, value.failedMethod
+	return true, value.prevFailedMethod
 }
 
 func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *string) error {
@@ -129,7 +129,7 @@ func (r *Reconciler) stopCleanupRunning(vgName, lvName string, failedMethod *str
 	if failedMethod == nil {
 		delete(r.runningCleanups.status, key)
 	} else {
-		value.failedMethod = failedMethod
+		value.prevFailedMethod = failedMethod
 		value.cleanupRunning = false
 		r.runningCleanups.status[key] = value
 	}

From d1924e682cf62d9f5a1d47fc9dd1c1ea7e5f0be8 Mon Sep 17 00:00:00 2001
From: Anton Sergunov <anton.sergunov@flant.com>
Date: Mon, 24 Feb 2025 16:02:32 +0600
Subject: [PATCH 114/115] Remove check duplication

Signed-off-by: Anton Sergunov <anton.sergunov@flant.com>
---
 crds/lvmlogicalvolume.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/crds/lvmlogicalvolume.yaml b/crds/lvmlogicalvolume.yaml
index f4abea1f..f59e5efc 100644
--- a/crds/lvmlogicalvolume.yaml
+++ b/crds/lvmlogicalvolume.yaml
@@ -41,8 +41,7 @@ spec:
                       (!has(oldSelf.thick) || !has(oldSelf.thick.contiguous))
                     ) || (
                       has(self.thick) && has(self.thick.contiguous) &&
-                      has(oldSelf.thick) && has(oldSelf.thick.contiguous) &&
-                      self.thick.contiguous == oldSelf.thick.contiguous
+                      has(oldSelf.thick) && has(oldSelf.thick.contiguous)
                     )
                   message: "Field 'contiguous' is immutable and cannot be added if not specified at creation."
               required:

From 9437bcd3248d83dff261a4d320b2667f279cdbc9 Mon Sep 17 00:00:00 2001
From: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
Date: Mon, 24 Feb 2025 13:42:32 +0300
Subject: [PATCH 115/115] improve naming andadd comment

Signed-off-by: Aleksandr Stefurishin <aleksandr.stefurishin@flant.com>
---
 .../src/internal/controller/llv/reconciler.go      | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/images/agent/src/internal/controller/llv/reconciler.go b/images/agent/src/internal/controller/llv/reconciler.go
index d7dcb4c8..478e2ef7 100644
--- a/images/agent/src/internal/controller/llv/reconciler.go
+++ b/images/agent/src/internal/controller/llv/reconciler.go
@@ -605,7 +605,7 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 	if llv.Spec.Type == internal.Thick && llv.Spec.Thick != nil && llv.Spec.Thick.VolumeCleanup != nil {
 		method := *llv.Spec.Thick.VolumeCleanup
 		lvName := llv.Spec.ActualLVNameOnTheNode
-		started, failedMethod := r.startCleanupRunning(vgName, lvName)
+		started, prevFailedMethod := r.startCleanupRunning(vgName, lvName)
 		if !started {
 			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] cleanup already running for LV %s in VG %s", lvName, vgName))
 			return false, errAlreadyRunning
@@ -613,13 +613,15 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 		r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] starting cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
 		defer func() {
 			r.log.Trace(fmt.Sprintf("[deleteLVIfNeeded] stopping cleaning up for LV %s in VG %s with method %s", lvName, vgName, method))
-			err := r.stopCleanupRunning(vgName, lvName, failedMethod)
+			err := r.stopCleanupRunning(vgName, lvName, prevFailedMethod)
 			if err != nil {
 				r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] can't unregister running cleanup for LV %s in VG %s", lvName, vgName))
 			}
 		}()
-		if failedMethod != nil && *failedMethod == method {
-			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] was already failed with method %s for LV %s in VG %s", *failedMethod, lvName, vgName))
+
+		// prevent doing cleanup with previously failed method
+		if prevFailedMethod != nil && *prevFailedMethod == method {
+			r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] was already failed with method %s for LV %s in VG %s", *prevFailedMethod, lvName, vgName))
 			return false, errCleanupSameAsPreviouslyFailed
 		}
 		err := r.llvCl.UpdatePhaseIfNeeded(
@@ -632,14 +634,14 @@ func (r *Reconciler) deleteLVIfNeeded(ctx context.Context, vgName string, llv *v
 			r.log.Error(err, "[deleteLVIfNeeded] changing phase to Cleaning")
 			return true, fmt.Errorf("changing phase to Cleaning :%w", err)
 		}
-		failedMethod = &method
+		prevFailedMethod = &method
 		r.log.Debug(fmt.Sprintf("[deleteLVIfNeeded] running cleanup for LV %s in VG %s with method %s", lvName, vgName, method))
 		err = utils.VolumeCleanup(ctx, r.log, vgName, lvName, method)
 		if err != nil {
 			r.log.Error(err, fmt.Sprintf("[deleteLVIfNeeded] unable to clean up LV %s in VG %s with method %s", lvName, vgName, method))
 			return true, err
 		}
-		failedMethod = nil
+		prevFailedMethod = nil
 	}
 
 	cmd, err := utils.RemoveLV(vgName, llv.Spec.ActualLVNameOnTheNode)