feat(kuma-cp): add pod labels on dataplane and use proxy type labels

api/mesh/v1alpha1/dataplane_helpers.go

@@ -609,6 +609,13 @@ func (d *Dataplane) IsBuiltinGateway() bool {
 		d.GetNetworking().GetGateway().GetType() == Dataplane_Networking_Gateway_BUILTIN
 }
 
+func (d *Dataplane) GetProxyType() ProxyTypeLabelValues {
+	if d.IsBuiltinGateway() {
+		return GatewayLabel
+	}
+	return SidecarLabel
+}
+
 func (t MultiValueTagSet) String() string {
 	var tags []string
 	for tag := range t {

api/mesh/v1alpha1/zoneegress_helpers.go

@@ -1,3 +1,7 @@
 package v1alpha1
 
 const ZoneEgressServiceName = "zone-egress"
+
+func (r *ZoneEgress) GetProxyType() ProxyTypeLabelValues {
+	return ZoneEgressLabel
+}

api/mesh/v1alpha1/zoneingress_helpers.go

@@ -0,0 +1,5 @@
+package v1alpha1
+
+func (r *ZoneIngress) GetProxyType() ProxyTypeLabelValues {
+	return ZoneIngressLabel
+}

pkg/api-server/resource_endpoints_test.go

@@ -295,6 +295,7 @@ var _ = Describe("Resource Endpoints on Zone, label origin", func() {
 			mesh_proto.ZoneTag:             "default",
 			mesh_proto.MeshTag:             mesh,
 			mesh_proto.EnvTag:              "universal",
+			mesh_proto.ProxyTypeLabel:      string(mesh_proto.SidecarLabel),
 		}))
 	})
 

pkg/api-server/testdata/resources/crud/put_update_dataplanes_01.golden.json

@@ -8,6 +8,7 @@
   "kuma.io/env": "universal",
   "kuma.io/mesh": "default",
   "kuma.io/origin": "zone",
+  "kuma.io/proxy-type": "sidecar",
   "kuma.io/zone": "default"
  },
  "networking": {

pkg/core/resources/apis/mesh/dataplane_helpers.go

@@ -260,11 +260,3 @@ func (d *DataplaneResource) AsOutbounds(resolver core_model.LabelResourceIdentif
 	}
 	return outbounds
 }
-
-func (d *DataplaneResource) GetProxyType() mesh_proto.ProxyTypeLabelValues {
-	spec := d.GetSpec().(*mesh_proto.Dataplane)
-	if spec.IsBuiltinGateway() {
-		return mesh_proto.GatewayLabel
-	}
-	return mesh_proto.SidecarLabel
-}

pkg/core/resources/apis/mesh/zone_egress_helpers.go

@@ -5,7 +5,6 @@ import (
 	"net"
 	"strconv"
 
-	mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1"
 	"github.com/kumahq/kuma/pkg/core/resources/model"
 )
 
@@ -56,7 +55,3 @@ func (r *ZoneEgressResource) Hash() []byte {
 func (r *ZoneEgressResource) IsRemoteEgress(localZone string) bool {
 	return r.Spec.GetZone() != "" && r.Spec.GetZone() != localZone
 }
-
-func (r *ZoneEgressResource) GetProxyType() mesh_proto.ProxyTypeLabelValues {
-	return mesh_proto.ZoneEgressLabel
-}

pkg/core/resources/apis/mesh/zone_ingress_helpers.go

@@ -5,7 +5,6 @@ import (
 	"net"
 	"strconv"
 
-	mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1"
 	"github.com/kumahq/kuma/pkg/core/resources/model"
 )
 
@@ -52,7 +51,3 @@ func (r *ZoneIngressResource) Hash() []byte {
 	_, _ = hasher.Write([]byte(r.Spec.GetNetworking().GetAdvertisedAddress()))
 	return hasher.Sum(nil)
 }
-
-func (r *ZoneIngressResource) GetProxyType() mesh_proto.ProxyTypeLabelValues {
-	return mesh_proto.ZoneIngressLabel
-}

pkg/core/resources/model/resource.go

@@ -566,6 +566,13 @@ func ComputeLabels(
 		labels[mesh_proto.PolicyRoleLabel] = string(role)
 	}
 
+	if rd.IsProxy {
+		proxy, ok := spec.(ProxyResource)
+		if ok {
+			labels[mesh_proto.ProxyTypeLabel] = strings.ToLower(string(proxy.GetProxyType()))
+		}
+	}
+
 	return labels, nil
 }
 

pkg/core/resources/model/resource_test.go

@@ -393,5 +393,52 @@ var _ = Describe("ComputeLabels", func() {
 				"kuma.io/env":           "kubernetes",
 			},
 		}),
+		Entry("gateway dataplane proxy", testCase{
+			mode:      core.Zone,
+			isK8s:     true,
+			localZone: "zone-1",
+			r: builders.Dataplane().
+				WithMesh("mesh-1").
+				WithBuiltInGateway("test-gateway").
+				Build(),
+			expectedLabels: map[string]string{
+				"kuma.io/mesh":       "mesh-1",
+				"kuma.io/origin":     "zone",
+				"kuma.io/zone":       "zone-1",
+				"kuma.io/env":        "kubernetes",
+				"kuma.io/proxy-type": "gateway",
+			},
+		}),
+		Entry("dataplane proxy", testCase{
+			mode:      core.Zone,
+			isK8s:     true,
+			localZone: "zone-1",
+			r: builders.Dataplane().
+				WithName("backend-1").
+				WithServices("backend").
+				WithMesh("mesh-1").
+				Build(),
+			expectedLabels: map[string]string{
+				"kuma.io/mesh":       "mesh-1",
+				"kuma.io/origin":     "zone",
+				"kuma.io/zone":       "zone-1",
+				"kuma.io/env":        "kubernetes",
+				"kuma.io/proxy-type": "sidecar",
+			},
+		}),
+		Entry("zone egress proxy", testCase{
+			mode:      core.Zone,
+			isK8s:     true,
+			localZone: "zone-1",
+			r: builders.ZoneEgress().
+				WithPort(1001).
+				Build(),
+			expectedLabels: map[string]string{
+				"kuma.io/origin":     "zone",
+				"kuma.io/zone":       "zone-1",
+				"kuma.io/env":        "kubernetes",
+				"kuma.io/proxy-type": "zoneegress",
+			},
+		}),
 	)
 })

pkg/plugins/policies/core/rules/testdata/rules/from/06.golden.yaml

@@ -1,31 +1,31 @@
 Rules:
   127.0.0.1:80:
-    - BackendRefOriginIndex: {}
-      Conf:
-        action: Allow
-      Origin:
-        - creationTime: "0001-01-01T00:00:00Z"
-          mesh: default
-          modificationTime: "0001-01-01T00:00:00Z"
-          name: mtp-allow-kuma-other-ns-and-tag
-          type: MeshTrafficPermission
-      Subset:
-        - Key: abcd
-          Not: false
-          Value: abcd
-        - Key: k8s.kuma.io/namespace
-          Not: false
-          Value: kuma-other
-    - BackendRefOriginIndex: {}
-      Conf:
-        action: Allow
-      Origin:
-        - creationTime: "0001-01-01T00:00:00Z"
-          mesh: default
-          modificationTime: "0001-01-01T00:00:00Z"
-          name: mtp-allow-kuma-one
-          type: MeshTrafficPermission
-      Subset:
-        - Key: k8s.kuma.io/namespace
-          Not: false
-          Value: kuma-one
+  - BackendRefOriginIndex: {}
+    Conf:
+      action: Allow
+    Origin:
+    - creationTime: "0001-01-01T00:00:00Z"
+      mesh: default
+      modificationTime: "0001-01-01T00:00:00Z"
+      name: mtp-allow-kuma-other-ns-and-tag
+      type: MeshTrafficPermission
+    Subset:
+    - Key: abcd
+      Not: false
+      Value: abcd
+    - Key: k8s.kuma.io/namespace
+      Not: false
+      Value: kuma-other
+  - BackendRefOriginIndex: {}
+    Conf:
+      action: Allow
+    Origin:
+    - creationTime: "0001-01-01T00:00:00Z"
+      mesh: default
+      modificationTime: "0001-01-01T00:00:00Z"
+      name: mtp-allow-kuma-one
+      type: MeshTrafficPermission
+    Subset:
+    - Key: k8s.kuma.io/namespace
+      Not: false
+      Value: kuma-one

pkg/plugins/policies/core/rules/testdata/rules/from/07.golden.yaml

@@ -1,34 +1,34 @@
 Rules:
   127.0.0.1:80:
-    - BackendRefOriginIndex: {}
-      Conf:
-        action: Deny
-      Origin:
-        - creationTime: "0001-01-01T00:00:00Z"
-          mesh: default
-          modificationTime: "0001-01-01T00:00:00Z"
-          name: mtp-allow-kuma-one
-          type: MeshTrafficPermission
-      Subset:
-        - Key: app
-          Not: false
-          Value: demo
-        - Key: k8s.kuma.io/namespace
-          Not: false
-          Value: kuma-one
-    - BackendRefOriginIndex: {}
-      Conf:
-        action: Allow
-      Origin:
-        - creationTime: "0001-01-01T00:00:00Z"
-          mesh: default
-          modificationTime: "0001-01-01T00:00:00Z"
-          name: mtp-allow-kuma-one
-          type: MeshTrafficPermission
-      Subset:
-        - Key: app
-          Not: true
-          Value: demo
-        - Key: k8s.kuma.io/namespace
-          Not: false
-          Value: kuma-one
+  - BackendRefOriginIndex: {}
+    Conf:
+      action: Deny
+    Origin:
+    - creationTime: "0001-01-01T00:00:00Z"
+      mesh: default
+      modificationTime: "0001-01-01T00:00:00Z"
+      name: mtp-allow-kuma-one
+      type: MeshTrafficPermission
+    Subset:
+    - Key: app
+      Not: false
+      Value: demo
+    - Key: k8s.kuma.io/namespace
+      Not: false
+      Value: kuma-one
+  - BackendRefOriginIndex: {}
+    Conf:
+      action: Allow
+    Origin:
+    - creationTime: "0001-01-01T00:00:00Z"
+      mesh: default
+      modificationTime: "0001-01-01T00:00:00Z"
+      name: mtp-allow-kuma-one
+      type: MeshTrafficPermission
+    Subset:
+    - Key: app
+      Not: true
+      Value: demo
+    - Key: k8s.kuma.io/namespace
+      Not: false
+      Value: kuma-one

pkg/plugins/runtime/k8s/controllers/pod_controller_test.go

@@ -638,6 +638,14 @@ var _ = Describe("PodReconciler", func() {
         mesh: poc
         metadata:
           creationTimestamp: null
+          labels:
+            app: sample
+            k8s.kuma.io/namespace: demo
+            kuma.io/env: kubernetes
+            kuma.io/mesh: poc
+            kuma.io/origin: zone
+            kuma.io/proxy-type: sidecar
+            kuma.io/zone: zone-1
           name: pod-with-kuma-sidecar-and-ip
           namespace: demo
           ownerReferences:
@@ -731,6 +739,14 @@ var _ = Describe("PodReconciler", func() {
         mesh: poc
         metadata:
           creationTimestamp: null
+          labels:
+            app: sample
+            k8s.kuma.io/namespace: demo
+            kuma.io/env: kubernetes
+            kuma.io/mesh: poc
+            kuma.io/origin: zone
+            kuma.io/proxy-type: sidecar
+            kuma.io/zone: zone-1
           name: pod-with-kuma-sidecar-and-ip
           namespace: demo
           ownerReferences:
@@ -874,23 +890,24 @@ var _ = Describe("PodReconciler", func() {
         mesh: poc
         metadata:
           creationTimestamp: null
-          name: pod-with-custom-admin-port
-          namespace: demo
           labels:
+            app: sample
             k8s.kuma.io/namespace: demo
-            kuma.io/display-name: pod-with-custom-admin-port
             kuma.io/env: kubernetes
             kuma.io/mesh: poc
             kuma.io/origin: zone
+            kuma.io/proxy-type: sidecar
             kuma.io/zone: zone-1
+          name: pod-with-custom-admin-port
+          namespace: demo
           ownerReferences:
               - apiVersion: v1
                 blockOwnerDeletion: true
                 controller: true
                 kind: Pod
                 name: pod-with-custom-admin-port
                 uid: pod-with-custom-admin-port-demo
-          resourceVersion: "1"
+          resourceVersion: "2"
         spec:
           networking:
             address: 192.168.0.1
@@ -997,6 +1014,14 @@ var _ = Describe("PodReconciler", func() {
         mesh: poc
         metadata:
           creationTimestamp: null
+          labels:
+            app: sample
+            k8s.kuma.io/namespace: demo
+            kuma.io/env: kubernetes
+            kuma.io/mesh: poc
+            kuma.io/origin: zone
+            kuma.io/proxy-type: sidecar
+            kuma.io/zone: zone-1
           name: pod-with-custom-admin-port
           namespace: demo
           ownerReferences:

pkg/plugins/runtime/k8s/controllers/pod_converter.go

@@ -63,7 +63,7 @@ func (p *PodConverter) PodToDataplane(
 	labels, err := model.ComputeLabels(
 		core_mesh.DataplaneResourceTypeDescriptor,
 		currentSpec,
-		map[string]string{},
+		pod.Labels,
 		model.NewNamespace(pod.Namespace, pod.Namespace == p.SystemNamespace),
 		dataplane.Mesh,
 		p.Mode,
@@ -78,6 +78,7 @@ func (p *PodConverter) PodToDataplane(
 		return nil
 	}
 	dataplane.SetSpec(dataplaneProto)
+	dataplane.SetLabels(labels)
 	return nil
 }
 
@@ -102,7 +103,7 @@ func (p *PodConverter) PodToIngress(ctx context.Context, zoneIngress *mesh_k8s.Z
 	labels, err := model.ComputeLabels(
 		core_mesh.ZoneIngressResourceTypeDescriptor,
 		currentSpec,
-		map[string]string{},
+		pod.Labels,
 		model.NewNamespace(pod.Namespace, pod.Namespace == p.SystemNamespace),
 		model.NoMesh,
 		p.Mode,
@@ -141,7 +142,7 @@ func (p *PodConverter) PodToEgress(ctx context.Context, zoneEgress *mesh_k8s.Zon
 	labels, err := model.ComputeLabels(
 		core_mesh.ZoneEgressResourceTypeDescriptor,
 		currentSpec,
-		map[string]string{},
+		pod.Labels,
 		model.NewNamespace(pod.Namespace, pod.Namespace == p.SystemNamespace),
 		model.NoMesh,
 		p.Mode,