Allow VolumeAttributesClassName changes in storageConfig webhook

[SreedevT]

Problem

Changing VolumeAttributesClassName (VAC) in the storageConfig.CassandraDataVolumeClaimSpec of a CassandraDatacenter is rejected by the admission webhook vcassandradatacenter.kb.io:

admission webhook "vcassandradatacenter.kb.io" denied the request:
CassandraDatacenter write rejected, attempted to change
storageConfig.CassandraDataVolumeClaimSpec, diff:
  -  VolumeAttributesClassName: &"gp3-cassandra-general"
  +  VolumeAttributesClassName: &"gp3-cassandra"

Background

VolumeAttributesClassName is a field on PersistentVolumeClaimSpec that references a VolumeAttributesClass object. It has been GA since kubernetes 1.34. On AWS EBS, this is the mechanism for in-place volume performance class changes (e.g. changing IOPS tier, Tags, etc.) without replacing the PVC.

The webhook currently blocks all changes to CassandraDataVolumeClaimSpec beyond storage size increases (gated by cassandra.datastax.com/allow-storage-changes). Since VAC changes are non-destructive and in-place — the PVC is not replaced, only its performance class is updated — they should be unconditionally permitted.

Expected Behaviour

Changing VolumeAttributesClassName on an existing CassandraDatacenter should be allowed without any annotation.

Impact

Operators running Cassandra on AWS EKS cannot dynamically change EBS volume performance tiers (e.g. switch between gp3 profiles) without bypassing webhook validation entirely via cassandra.datastax.com/bypass-webhook-validations.

[burmanm]

without bypassing webhook validation entirely via cassandra.datastax.com/bypass-webhook-validations.

This feature is not in anything that's been released so far (and might not be in the any future releases either), the older method of disabling webhooks through Kubernetes is also a valid method and necessary sometimes.

Since VAC changes are non-destructive and in-place — the PVC is not replaced, only its performance class is updated — they should be unconditionally permitted.

Most gated features are not because of this, but because certain feature is not considered stable enough from our perspective. Even in this case, there's additional monitoring required that would need to be tested in live environments.

Also, please use the template in the future for feature requests, it makes processing easier for us, thank you.