feat: add label to indicate pods managed by kmesh

[Aaravanand00]

What this PR does

This PR adds a simple label to Pods to indicate when they are managed by Kmesh.

Currently, it is not easy to know whether Kmesh is actually handling a Pod.
It depends on multiple conditions such as the namespace label (istio.io/dataplane=kmesh) and whether the pod has an Istio sidecar.

With this change, when a pod is handled by Kmesh, a label like this will be added to the Pod:

kmesh.net/managed: "true"

This makes it easier for users and operators to quickly see which Pods are controlled by Kmesh.

Why this change is needed

Right now there is no direct way to check if Kmesh is responsible for a pod.
Adding this label makes debugging and verification much easier.

Result

Users can run commands like:

kubectl get pods --show-labels

and quickly identify pods managed by Kmesh.

Fixes #71

Special notes for reviewers:
AI assistance was used to help explore the repository and draft the implementation idea, but the final code and changes were reviewed and verified by me.

[kmesh-bot]

Welcome @Aaravanand00! It looks like this is your first PR to kmesh-net/kmesh 🎉

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the observability and debuggability of Kmesh-managed Pods by introducing a dedicated Kubernetes label. This change allows for straightforward identification of Pods under Kmesh control, simplifying operational tasks and troubleshooting. It also refines the enrollment criteria to be more inclusive of different dataplane labeling conventions.

Highlights

• Enhanced Pod Identification: A new label, kmesh.net/managed: "true", is now automatically added to Pods that are managed by Kmesh, providing a direct and clear indicator for users and operators.
• Flexible Enrollment Logic: The ShouldEnroll function has been updated to recognize both istio.io/dataplane-mode and the new istio.io/dataplane labels on Pods and Namespaces when determining if Kmesh should manage them.
• New Utility Functions: Introduced PatchKmeshManagedLabel and DelKmeshManagedLabel utility functions to programmatically add and remove the kmesh.net/managed label on Kubernetes Pods.
• CNI Plugin Integration: The Kmesh CNI plugin's CmdAdd function now calls PatchKmeshManagedLabel to ensure the managed label is applied when a Pod is configured by Kmesh.
• Comprehensive Testing: New unit tests were added to validate the updated ShouldEnroll logic and to ensure the correct functionality of the PatchKmeshManagedLabel and DelKmeshManagedLabel utility functions.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• pkg/cni/plugin/plugin.go
  • Integrated the new PatchKmeshManagedLabel function to apply the Kmesh managed label during CNI CmdAdd operation.
• pkg/constants/constants.go
  • Defined new constants for the istio.io/dataplane label and the kmesh.net/managed label, including its 'true' value.
• pkg/utils/enroll.go
  • Updated ShouldEnroll function to consider both istio.io/dataplane-mode and istio.io/dataplane labels for Kmesh enrollment.
  • Introduced JSON merge patch definitions (labelDelPatch, labelAddPatch) for label manipulation.
  • Implemented PatchKmeshManagedLabel to add the kmesh.net/managed: 'true' label to pods.
  • Implemented DelKmeshManagedLabel to remove the kmesh.net/managed label from pods.
• pkg/utils/enroll_test.go
  • Added a test case to TestShouldEnroll for namespaces with the istio.io/dataplane label.
  • Added TestPatchKmeshManagedLabel to verify the addition of the Kmesh managed label to pods.
  • Added TestDelKmeshManagedLabel to verify the removal of the Kmesh managed label from pods.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A label added, clear and bright, Kmesh-managed pods, now in plain sight. No more guessing, no more dread, Just `kubectl get`, and truth is spread.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new label, kmesh.net/managed: "true", to pods that are managed by Kmesh, enhancing visibility for users and operators. It also updates the ShouldEnroll logic to consider the istio.io/dataplane label for both pods and namespaces, aligning with broader Istio label conventions. New utility functions PatchKmeshManagedLabel and DelKmeshManagedLabel have been added, along with comprehensive unit tests to ensure their correctness and idempotency. The changes are well-tested and address the stated goal of improving Kmesh pod identification.

[Copilot]

Pull request overview

This PR adds a Pod label (kmesh.net/managed: "true") intended to indicate when a Pod is managed by Kmesh, and expands enrollment detection to also honor the istio.io/dataplane=kmesh label (in addition to istio.io/dataplane-mode=kmesh).

Changes:

• Extend ShouldEnroll to treat istio.io/dataplane=kmesh as an enrollment signal (pod + namespace).
• Add constants and utilities to patch/delete the new kmesh.net/managed label on Pods.
• Add unit tests for the new label patch/delete helpers and for namespace enrollment via istio.io/dataplane.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
pkg/utils/enroll.go	Expands enrollment checks and adds patch helpers for the managed label.
pkg/utils/enroll_test.go	Adds test coverage for namespace istio.io/dataplane enrollment + label patch/delete helpers.
pkg/constants/constants.go	Introduces constants for istio.io/dataplane and kmesh.net/managed.
pkg/cni/plugin/plugin.go	Labels Pods as managed during CNI CmdAdd when Kmesh enrollment is enabled.

Comments suppressed due to low confidence (1)

pkg/utils/enroll.go:67

• Order of checks in ShouldEnroll means a pod with istio.io/dataplane-mode: none will still be enrolled if it also has istio.io/dataplane: kmesh (the none opt-out check happens after the early return true). If none is intended to be an explicit opt-out (as the comment suggests), handle the none case before checking the istio.io/dataplane/dataplane-mode opt-in labels.

		podMode := pod.Labels[constants.DataPlaneModeLabel]
		if strings.EqualFold(podMode, constants.DataPlaneModeKmesh) ||
			strings.EqualFold(pod.Labels[constants.DataPlaneLabel], constants.DataPlaneModeKmesh) {
			return true
		}

		if podMode == "none" {
			return false
		}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[codecov]

Codecov Report

❌ Patch coverage is 84.37500% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 39.63%. Comparing base (58c1ac4) to head (da47335).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/utils/enroll.go	90.00%	2 Missing and 1 partial ⚠️
pkg/cni/plugin/plugin.go	0.00%	2 Missing ⚠️

Files with missing lines	Coverage Δ
pkg/cni/plugin/plugin.go	0.00% <0.00%> (ø)
pkg/utils/enroll.go	92.85% <90.00%> (-1.79%)	⬇️

... and 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4c35b86...da47335. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign yaozengzeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• pkg/OWNERS
• test/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Copilot]

Pull request overview

This PR adds an explicit Pod label to indicate when a Pod is managed by Kmesh, making it easier to confirm Kmesh enrollment via standard Kubernetes tooling (e.g., kubectl get pods --show-labels).

Changes:

• Introduces kmesh.net/managed: "true" and patches it onto enrolled Pods from the CNI CmdAdd path.
• Extends enrollment detection (ShouldEnroll) to also recognize istio.io/dataplane=kmesh (in addition to istio.io/dataplane-mode=kmesh).
• Updates/extends tests to cover the new label patch behavior and related e2e flows.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
test/e2e/baseline_test.go	Updates pod readiness fetch and modifies waypoint label patching logic in e2e tests.
pkg/utils/enroll_test.go	Adds unit tests for new enrollment criteria and managed-label patch/delete helpers.
pkg/utils/enroll.go	Extends ShouldEnroll logic and adds helpers to patch/delete the managed label.
pkg/constants/constants.go	Adds constants for istio.io/dataplane and the new kmesh.net/managed label/value.
pkg/cni/plugin/plugin.go	Calls into utils to patch the managed label during CNI ADD for enrolled pods.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[kmesh-bot]

Adding label do-not-merge/contains-merge-commits because PR contains merge commits, which are not allowed in this repository.
Use git rebase to reapply your commits on top of the target branch. Detailed instructions for doing so can be found here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.