Pull in labels and annotations from istio.io/api (#53375)

* ambient redirection * AmbientWaypointInboundBinding * gateway annotations * tag * dataplane mode * more labels * lint * rebase
istio · Oct 9, 2024 · 915ac2b · 915ac2b
1 parent 5190383
commit 915ac2b
Show file tree

Hide file tree

Showing 67 changed files with 348 additions and 344 deletions.
diff --git a/cni/pkg/nodeagent/cni-watcher_test.go b/cni/pkg/nodeagent/cni-watcher_test.go
@@ -28,6 +28,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
+	"istio.io/api/label"
 	"istio.io/istio/cni/pkg/util"
 	"istio.io/istio/pkg/config/constants"
 	"istio.io/istio/pkg/kube"
@@ -117,7 +118,7 @@ func TestCNIPluginServer(t *testing.T) {
 
 	// label the namespace
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-		constants.DataplaneModeLabel, constants.DataplaneModeAmbient))
+		label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient))
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)
@@ -164,7 +165,7 @@ func TestGetPodWithRetry(t *testing.T) {
 			Name:      "pod-noambient",
 			Namespace: "funkyns",
 			Labels: map[string]string{
-				constants.DataplaneModeLabel: constants.DataplaneModeNone,
+				label.IoIstioDataplaneMode.Name: constants.DataplaneModeNone,
 			},
 		},
 		Spec: corev1.PodSpec{
@@ -190,7 +191,7 @@ func TestGetPodWithRetry(t *testing.T) {
 
 	// label the namespace
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-		constants.DataplaneModeLabel, constants.DataplaneModeAmbient))
+		label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient))
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)
@@ -265,7 +266,7 @@ func TestCNIPluginServerPrefersCNIProvidedPodIP(t *testing.T) {
 
 	// label the namespace
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-		constants.DataplaneModeLabel, constants.DataplaneModeAmbient))
+		label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient))
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)

diff --git a/cni/pkg/nodeagent/informers.go b/cni/pkg/nodeagent/informers.go
@@ -22,6 +22,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	klabels "k8s.io/apimachinery/pkg/labels"
 
+	"istio.io/api/annotation"
+	"istio.io/api/label"
 	"istio.io/istio/cni/pkg/util"
 	"istio.io/istio/pkg/config/constants"
 	"istio.io/istio/pkg/kube"
@@ -134,7 +136,7 @@ func (s *InformerHandlers) GetActiveAmbientPodSnapshot() []*corev1.Pod {
 func (s *InformerHandlers) enqueueNamespace(o controllers.Object) {
 	namespace := o.GetName()
 	labels := o.GetLabels()
-	matchAmbient := labels[constants.DataplaneModeLabel] == constants.DataplaneModeAmbient
+	matchAmbient := labels[label.IoIstioDataplaneMode.Name] == constants.DataplaneModeAmbient
 	if matchAmbient {
 		log.Infof("Namespace %s is enabled in ambient mesh", namespace)
 	} else {
@@ -192,7 +194,7 @@ func getModeLabel(m map[string]string) string {
 	if m == nil {
 		return ""
 	}
-	return m[constants.DataplaneModeLabel]
+	return m[label.IoIstioDataplaneMode.Name]
 }
 
 func (s *InformerHandlers) reconcilePod(input any) error {
@@ -221,8 +223,8 @@ func (s *InformerHandlers) reconcilePod(input any) error {
 		if ns == nil {
 			return fmt.Errorf("failed to find namespace %v", ns)
 		}
-		wasAnnotated := oldPod.Annotations != nil && oldPod.Annotations[constants.AmbientRedirection] == constants.AmbientRedirectionEnabled
-		isAnnotated := newPod.Annotations != nil && newPod.Annotations[constants.AmbientRedirection] == constants.AmbientRedirectionEnabled
+		wasAnnotated := oldPod.Annotations != nil && oldPod.Annotations[annotation.AmbientRedirection.Name] == constants.AmbientRedirectionEnabled
+		isAnnotated := newPod.Annotations != nil && newPod.Annotations[annotation.AmbientRedirection.Name] == constants.AmbientRedirectionEnabled
 		shouldBeEnabled := util.PodRedirectionEnabled(ns, newPod)
 		isTerminated := kube.CheckPodTerminal(newPod)
 		// Check intent (labels) versus status (annotation) - is there a delta we need to fix?

diff --git a/cni/pkg/nodeagent/informers_test.go b/cni/pkg/nodeagent/informers_test.go
@@ -25,6 +25,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
+	"istio.io/api/annotation"
+	"istio.io/api/label"
 	"istio.io/istio/cni/pkg/util"
 	"istio.io/istio/pkg/config/constants"
 	"istio.io/istio/pkg/kube"
@@ -73,7 +75,7 @@ func TestExistingPodAddedWhenNsLabeled(t *testing.T) {
 
 	// label the namespace
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-		constants.DataplaneModeLabel, constants.DataplaneModeAmbient))
+		label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient))
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)
@@ -133,7 +135,7 @@ func TestExistingPodAddedWhenDualStack(t *testing.T) {
 
 	// label the namespace
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-		constants.DataplaneModeLabel, constants.DataplaneModeAmbient))
+		label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient))
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)
@@ -181,7 +183,7 @@ func TestExistingPodNotAddedIfNoIPInAnyStatusField(t *testing.T) {
 
 	// label the namespace
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-		constants.DataplaneModeLabel, constants.DataplaneModeAmbient))
+		label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient))
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)
@@ -218,7 +220,7 @@ func TestExistingPodRemovedWhenNsUnlabeled(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{Name: "test"},
 		// TODO: once we if the add pod bug, re-enable this and remove the patch below
-		//		Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+		//		Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 
 	}
 
@@ -246,7 +248,7 @@ func TestExistingPodRemovedWhenNsUnlabeled(t *testing.T) {
 	log.Debug("labeling namespace")
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-			constants.DataplaneModeLabel, constants.DataplaneModeAmbient)), metav1.PatchOptions{})
+			label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient)), metav1.PatchOptions{})
 	assert.NoError(t, err)
 
 	// wait for an update event
@@ -268,7 +270,7 @@ func TestExistingPodRemovedWhenNsUnlabeled(t *testing.T) {
 
 	// unlabel the namespace
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":null}}}`,
-		constants.DataplaneModeLabel))
+		label.IoIstioDataplaneMode.Name))
 	_, err = client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)
@@ -308,7 +310,7 @@ func TestExistingPodRemovedWhenPodLabelRemoved(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{Name: "test"},
 		// TODO: once we if the add pod bug, re-enable this and remove the patch below
-		//		Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+		//		Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 
 	}
 
@@ -336,7 +338,7 @@ func TestExistingPodRemovedWhenPodLabelRemoved(t *testing.T) {
 	log.Debug("labeling namespace")
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-			constants.DataplaneModeLabel, constants.DataplaneModeAmbient)), metav1.PatchOptions{})
+			label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient)), metav1.PatchOptions{})
 	assert.NoError(t, err)
 
 	// wait for an update event
@@ -358,7 +360,7 @@ func TestExistingPodRemovedWhenPodLabelRemoved(t *testing.T) {
 
 	// label the pod for exclusion
 	labelsPatch := []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-		constants.DataplaneModeLabel, constants.DataplaneModeNone))
+		label.IoIstioDataplaneMode.Name, constants.DataplaneModeNone))
 	_, err = client.Kube().CoreV1().Pods(pod.Namespace).Patch(ctx, pod.Name,
 		types.MergePatchType, labelsPatch, metav1.PatchOptions{})
 	assert.NoError(t, err)
@@ -408,7 +410,7 @@ func TestJobPodRemovedWhenPodTerminates(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{Name: "test"},
 		// TODO: once we if the add pod bug, re-enable this and remove the patch below
-		//		Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+		//		Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 
 	}
 
@@ -436,7 +438,7 @@ func TestJobPodRemovedWhenPodTerminates(t *testing.T) {
 	log.Debug("labeling namespace")
 	_, err := client.Kube().CoreV1().Namespaces().Patch(ctx, ns.Name,
 		types.MergePatchType, []byte(fmt.Sprintf(`{"metadata":{"labels":{"%s":"%s"}}}`,
-			constants.DataplaneModeLabel, constants.DataplaneModeAmbient)), metav1.PatchOptions{})
+			label.IoIstioDataplaneMode.Name, constants.DataplaneModeAmbient)), metav1.PatchOptions{})
 	assert.NoError(t, err)
 
 	// wait for an update event
@@ -505,7 +507,7 @@ func TestGetActiveAmbientPodSnapshotOnlyReturnsActivePods(t *testing.T) {
 			Name:      "enrolled-not-redirected",
 			Namespace: "test",
 			UID:       "12345",
-			Labels:    map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels:    map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 		Spec: corev1.PodSpec{
 			NodeName: NodeName,
@@ -519,7 +521,7 @@ func TestGetActiveAmbientPodSnapshotOnlyReturnsActivePods(t *testing.T) {
 			Name:        "redirected-not-enrolled",
 			Namespace:   "test",
 			UID:         "12346",
-			Annotations: map[string]string{constants.AmbientRedirection: constants.AmbientRedirectionEnabled},
+			Annotations: map[string]string{annotation.AmbientRedirection.Name: constants.AmbientRedirectionEnabled},
 		},
 		Spec: corev1.PodSpec{
 			NodeName: NodeName,
@@ -531,7 +533,7 @@ func TestGetActiveAmbientPodSnapshotOnlyReturnsActivePods(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   "test",
-			Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 	}
 
@@ -563,7 +565,7 @@ func TestGetActiveAmbientPodSnapshotSkipsTerminatedJobPods(t *testing.T) {
 			Name:      "enrolled-not-redirected",
 			Namespace: "test",
 			UID:       "12345",
-			Labels:    map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels:    map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 		Spec: corev1.PodSpec{
 			NodeName: NodeName,
@@ -577,8 +579,8 @@ func TestGetActiveAmbientPodSnapshotSkipsTerminatedJobPods(t *testing.T) {
 			Name:        "enrolled-but-terminated",
 			Namespace:   "test",
 			UID:         "12345",
-			Labels:      map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
-			Annotations: map[string]string{constants.AmbientRedirection: constants.AmbientRedirectionEnabled},
+			Labels:      map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
+			Annotations: map[string]string{annotation.AmbientRedirection.Name: constants.AmbientRedirectionEnabled},
 		},
 		Spec: corev1.PodSpec{
 			NodeName: NodeName,
@@ -591,7 +593,7 @@ func TestGetActiveAmbientPodSnapshotSkipsTerminatedJobPods(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   "test",
-			Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 	}
 
@@ -632,7 +634,7 @@ func TestAmbientEnabledReturnsPodIfEnabled(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   "test",
-			Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 	}
 
@@ -661,7 +663,7 @@ func TestAmbientEnabledReturnsNoPodIfNotEnabled(t *testing.T) {
 			Name:      "test",
 			Namespace: "test",
 			UID:       "1234",
-			Labels:    map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeNone},
+			Labels:    map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeNone},
 		},
 		Spec: corev1.PodSpec{
 			NodeName: NodeName,
@@ -673,7 +675,7 @@ func TestAmbientEnabledReturnsNoPodIfNotEnabled(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   "test",
-			Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 	}
 
@@ -703,7 +705,7 @@ func TestAmbientEnabledReturnsErrorIfBogusNS(t *testing.T) {
 			Name:      "test",
 			Namespace: "test",
 			UID:       "1234",
-			Labels:    map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeNone},
+			Labels:    map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeNone},
 		},
 		Spec: corev1.PodSpec{
 			NodeName: NodeName,
@@ -715,7 +717,7 @@ func TestAmbientEnabledReturnsErrorIfBogusNS(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   "test",
-			Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 	}
 
@@ -757,7 +759,7 @@ func TestExistingPodAddedWhenItPreExists(t *testing.T) {
 	ns := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   "test",
-			Labels: map[string]string{constants.DataplaneModeLabel: constants.DataplaneModeAmbient},
+			Labels: map[string]string{label.IoIstioDataplaneMode.Name: constants.DataplaneModeAmbient},
 		},
 	}
 
@@ -796,7 +798,7 @@ func assertPodAnnotated(t *testing.T, client kube.Client, pod *corev1.Pod) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		if p.Annotations[constants.AmbientRedirection] == constants.AmbientRedirectionEnabled {
+		if p.Annotations[annotation.AmbientRedirection.Name] == constants.AmbientRedirectionEnabled {
 			return
 		}
 		time.Sleep(1 * time.Second)
@@ -810,7 +812,7 @@ func assertPodNotAnnotated(t *testing.T, client kube.Client, pod *corev1.Pod) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		if p.Annotations[constants.AmbientRedirection] != constants.AmbientRedirectionEnabled {
+		if p.Annotations[annotation.AmbientRedirection.Name] != constants.AmbientRedirectionEnabled {
 			return
 		}
 		time.Sleep(1 * time.Second)

diff --git a/cni/pkg/nodeagent/server_test.go b/cni/pkg/nodeagent/server_test.go
@@ -30,6 +30,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
 
+	"istio.io/api/annotation"
 	"istio.io/istio/cni/pkg/ipset"
 	"istio.io/istio/pkg/config/constants"
 	"istio.io/istio/pkg/test/util/assert"
@@ -74,7 +75,7 @@ func TestMeshDataplaneAddsAnnotationOnAdd(t *testing.T) {
 	pod, err = fakeClientSet.CoreV1().Pods("test").Get(fakeCtx, "test", metav1.GetOptions{})
 	assert.NoError(t, err)
 	assert.Equal(t, len(pod.Annotations), 1)
-	assert.Equal(t, pod.Annotations[constants.AmbientRedirection], constants.AmbientRedirectionEnabled)
+	assert.Equal(t, pod.Annotations[annotation.AmbientRedirection.Name], constants.AmbientRedirectionEnabled)
 }
 
 func TestMeshDataplaneAddsAnnotationOnAddWithPartialError(t *testing.T) {
@@ -115,7 +116,7 @@ func TestMeshDataplaneAddsAnnotationOnAddWithPartialError(t *testing.T) {
 	pod, err = fakeClientSet.CoreV1().Pods("test").Get(fakeCtx, "test", metav1.GetOptions{})
 	assert.NoError(t, err)
 	assert.Equal(t, len(pod.Annotations), 1)
-	assert.Equal(t, pod.Annotations[constants.AmbientRedirection], constants.AmbientRedirectionEnabled)
+	assert.Equal(t, pod.Annotations[annotation.AmbientRedirection.Name], constants.AmbientRedirectionEnabled)
 }
 
 func TestMeshDataplaneDoesntAnnotateOnAddWithRealError(t *testing.T) {
@@ -216,7 +217,7 @@ func TestMeshDataplaneRemovePodErrorDoesntRemoveAnnotation(t *testing.T) {
 
 	pod, err = fakeClientSet.CoreV1().Pods("test").Get(fakeCtx, "test", metav1.GetOptions{})
 	assert.NoError(t, err)
-	assert.Equal(t, pod.Annotations[constants.AmbientRedirection], constants.AmbientRedirectionEnabled)
+	assert.Equal(t, pod.Annotations[annotation.AmbientRedirection.Name], constants.AmbientRedirectionEnabled)
 }
 
 func TestMeshDataplaneDelPod(t *testing.T) {
@@ -635,7 +636,7 @@ func podWithAnnotation() *corev1.Pod {
 			Namespace: "test",
 			UID:       types.UID("test"),
 			Annotations: map[string]string{
-				constants.AmbientRedirection: constants.AmbientRedirectionEnabled,
+				annotation.AmbientRedirection.Name: constants.AmbientRedirectionEnabled,
 			},
 		},
 	}