feat: add label to indicate pods managed by kmesh

pkg/cni/plugin/plugin.go

@@ -221,6 +221,10 @@ func CmdAdd(args *skel.CmdArgs) error {
 		log.Errorf("failed to annotate kmesh redirection, err is %v", err)
 	}
 
+	if err := utils.PatchKmeshManagedLabel(client, pod); err != nil {
+		log.Errorf("failed to label kmesh managed, err is %v", err)
+	}
+
 	if cniConf.Mode == constants.DualEngineMode {
 		enableXDPFunc := func(netns.NetNS) error {
 			if err := enableXdpAuth(args.IfName); err != nil {

pkg/constants/constants.go

@@ -24,8 +24,14 @@ const (
 	DataPlaneModeLabel = "istio.io/dataplane-mode"
 	// DataPlaneModeKmesh is the value of the label to indicate the data plane mode is kmesh
 	DataPlaneModeKmesh = "kmesh"
+	// DataPlaneLabel is the label used to indicate the data plane
+	DataPlaneLabel = "istio.io/dataplane"
 	// This annotation is used to indicate traffic redirection settings specific to Kmesh
 	KmeshRedirectionAnnotation = "kmesh.net/redirection"
+	// KmeshManagedLabel is the label used to indicate the pod is managed by Kmesh
+	KmeshManagedLabel = "kmesh.net/managed"
+	// KmeshManagedValue is the value of KmeshManagedLabel
+	KmeshManagedValue = "true"
 
 	XDP_PROG_NAME = "xdp_authz"
 	ENABLED       = uint32(1)

pkg/utils/enroll.go

@@ -33,7 +33,7 @@ import (
 )
 
 // ShouldEnroll checks whether a pod should be managed by kmesh.
-// Kmesh manages a pod if a pod has "istio.io/dataplane-mode: kmesh" label
+// Kmesh manages a pod if a pod has "istio.io/dataplane-mode: kmesh" or "istio.io/dataplane: kmesh" label
 // or the namespace where it resides has the label while pod have no "istio.io/dataplane-mode: none" label
 // Excluding cases: a pod has sidecar injected, or the pod is istio managed waypoint
 // https://github.com/istio/istio/blob/33539491628fe5f3ad4f5f1fb339b0da9455c028/manifests/charts/istio-control/istio-discovery/files/waypoint.yaml#L35
@@ -57,8 +57,10 @@ func ShouldEnroll(pod *corev1.Pod, ns *corev1.Namespace) bool {
 		}
 
 		podMode := pod.Labels[constants.DataPlaneModeLabel]
-		// Check if pod label contains istio.io/dataplane-mode: kmesh
-		if strings.EqualFold(podMode, constants.DataPlaneModeKmesh) {
+		// Check if pod dataplane mode is kmesh or
+		// pod label contains istio.io/dataplane-mode: kmesh or istio.io/dataplane: kmesh
+		if strings.EqualFold(podMode, constants.DataPlaneModeKmesh) ||
+			strings.EqualFold(pod.Labels[constants.DataPlaneLabel], constants.DataPlaneModeKmesh) {
 			return true
 		}
 
@@ -72,9 +74,10 @@ func ShouldEnroll(pod *corev1.Pod, ns *corev1.Namespace) bool {
 	if ns != nil {
 		nsMode = ns.Labels[constants.DataPlaneModeLabel]
 	}
-
-	// Check if ns label contains istio.io/dataplane-mode: kmesh
-	if strings.EqualFold(nsMode, constants.DataPlaneModeKmesh) {
+	// Check if namespace dataplane mode is kmesh or
+	// namespace label contains istio.io/dataplane-mode: kmesh or istio.io/dataplane: kmesh
+	if strings.EqualFold(nsMode, constants.DataPlaneModeKmesh) ||
+		(ns != nil && strings.EqualFold(ns.Labels[constants.DataPlaneLabel], constants.DataPlaneModeKmesh)) {
 		return true
 	}
 
@@ -108,6 +111,17 @@ var (
 		constants.KmeshRedirectionAnnotation,
 		"enabled",
 	))
+
+	labelDelPatch = []byte(fmt.Sprintf(
+		`{"metadata":{"labels":{"%s":null}}}`,
+		constants.KmeshManagedLabel,
+	))
+
+	labelAddPatch = []byte(fmt.Sprintf(
+		`{"metadata":{"labels":{"%s":"%s"}}}`,
+		constants.KmeshManagedLabel,
+		constants.KmeshManagedValue,
+	))
 )
 
 func PatchKmeshRedirectAnnotation(client kubernetes.Interface, pod *corev1.Pod) error {
@@ -143,3 +157,36 @@ func DelKmeshRedirectAnnotation(client kubernetes.Interface, pod *corev1.Pod) er
 func AnnotationEnabled(annotation string) bool {
 	return annotation == "enabled"
 }
+
+func PatchKmeshManagedLabel(client kubernetes.Interface, pod *corev1.Pod) error {
+	if pod.Labels[constants.KmeshManagedLabel] == constants.KmeshManagedValue {
+		log.Debugf("Pod %s in namespace %s already has label %s", pod.Name, pod.Namespace, constants.KmeshManagedLabel)
+		return nil
+	}
+	_, err := client.CoreV1().Pods(pod.Namespace).Patch(
+		context.Background(),
+		pod.Name,
+		k8stypes.MergePatchType,
+		labelAddPatch,
+		metav1.PatchOptions{},
+	)
+	if err == nil {
+		log.Debugf("Successfully marked pod %s/%s as managed by Kmesh", pod.Namespace, pod.Name)
+	}
+	return err
+}
+
+func DelKmeshManagedLabel(client kubernetes.Interface, pod *corev1.Pod) error {
+	if _, exists := pod.Labels[constants.KmeshManagedLabel]; !exists {
+		log.Debugf("Pod %s in namespace %s does not have label %s", pod.Name, pod.Namespace, constants.KmeshManagedLabel)
+		return nil
+	}
+	_, err := client.CoreV1().Pods(pod.Namespace).Patch(
+		context.Background(),
+		pod.Name,
+		k8stypes.MergePatchType,
+		labelDelPatch,
+		metav1.PatchOptions{},
+	)
+	return err
+}

pkg/utils/enroll_test.go

@@ -246,6 +246,26 @@ func TestShouldEnroll(t *testing.T) {
 			},
 			want: false,
 		},
+		{
+			name: "namespace with istio.io/dataplane label",
+			args: args{
+				namespace: &corev1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "ut-test",
+						Labels: map[string]string{
+							constants.DataPlaneLabel: constants.DataPlaneModeKmesh,
+						},
+					},
+				},
+				pod: &corev1.Pod{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "ut-test",
+						Name:      "ut-pod",
+					},
+				},
+			},
+			want: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -384,3 +404,58 @@ func TestDelKmeshRedirectAnnotation(t *testing.T) {
 		t.Errorf("DelKmeshRedirectAnnotation() returned an error: %v", err)
 	}
 }
+
+func TestPatchKmeshManagedLabel(t *testing.T) {
+	client := fake.NewSimpleClientset()
+	namespace := "test-ns"
+	podName := "test-pod"
+	pod := &corev1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: namespace,
+			Name:      podName,
+		},
+	}
+
+	_, err := client.CoreV1().Pods(namespace).Create(context.Background(), pod, metav1.CreateOptions{})
+	assert.NoError(t, err)
+
+	err = PatchKmeshManagedLabel(client, pod)
+	assert.NoError(t, err)
+
+	got, err := client.CoreV1().Pods(namespace).Get(context.Background(), podName, metav1.GetOptions{})
+	assert.NoError(t, err)
+	assert.Equal(t, constants.KmeshManagedValue, got.Labels[constants.KmeshManagedLabel])
+
+	err = PatchKmeshManagedLabel(client, got)
+	assert.NoError(t, err)
+
+	got, err = client.CoreV1().Pods(namespace).Get(context.Background(), podName, metav1.GetOptions{})
+	assert.NoError(t, err)
+	assert.Equal(t, constants.KmeshManagedValue, got.Labels[constants.KmeshManagedLabel])
+}
+
+func TestDelKmeshManagedLabel(t *testing.T) {
+	client := fake.NewSimpleClientset()
+	namespace := "test-ns"
+	podName := "test-pod"
+	pod := &corev1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: namespace,
+			Name:      podName,
+			Labels: map[string]string{
+				constants.KmeshManagedLabel: constants.KmeshManagedValue,
+			},
+		},
+	}
+
+	_, err := client.CoreV1().Pods(namespace).Create(context.Background(), pod, metav1.CreateOptions{})
+	assert.NoError(t, err)
+
+	err = DelKmeshManagedLabel(client, pod)
+	assert.NoError(t, err)
+
+	got, err := client.CoreV1().Pods(namespace).Get(context.Background(), podName, metav1.GetOptions{})
+	assert.NoError(t, err)
+	_, exists := got.Labels[constants.KmeshManagedLabel]
+	assert.False(t, exists)
+}

test/e2e/baseline_test.go

@@ -774,7 +774,7 @@ func TestBookinfo(t *testing.T) {
 			}
 		})
 
-		fetchFn := testKube.NewSinglePodFetch(t.Clusters().Default(), namespace)
+		fetchFn := testKube.NewPodFetch(t.Clusters().Default(), namespace, "app")
 		if _, err := testKube.WaitUntilPodsAreReady(fetchFn, retry.Timeout(15*time.Minute), retry.Delay(5*time.Second)); err != nil {
 			t.Fatalf("failed to wait bookinfo pods to be ready: %v", err)
 		}