Feature: support to skip the validation of indirectly related resources involved in webhook mutating

Signed-off-by: jiuyu <guotongyu.gty@alibaba-inc.com>

Author: jiuyu

pkg/application/inject/fuse/injector.go

@@ -172,9 +172,10 @@ func (s *Injector) inject(in runtime.Object, runtimeInfos map[string]base.Runtim
 			Log:    s.log,
 			Specs:  podSpecs,
 			Options: common.FuseSidecarInjectOption{
-				EnableCacheDir:             utils.InjectCacheDirEnabled(podSpecs.MetaObj.Labels),
-				EnableUnprivilegedSidecar:  utils.FuseSidecarUnprivileged(podSpecs.MetaObj.Labels),
-				SkipSidecarPostStartInject: utils.SkipSidecarPostStartInject(podSpecs.MetaObj.Labels),
+				EnableCacheDir:                          utils.InjectCacheDirEnabled(podSpecs.MetaObj.Labels),
+				EnableUnprivilegedSidecar:               utils.FuseSidecarUnprivileged(podSpecs.MetaObj.Labels),
+				SkipSidecarPostStartInject:              utils.SkipSidecarPostStartInject(podSpecs.MetaObj.Labels),
+				SkipIndirectlyRelatedResourceValidation: utils.SkipIndirectlyRelatedResourceValidationEnable(podSpecs.MetaObj.Annotations),
 			},
 			ExtraArgs: mutator.FindExtraArgsFromMetadata(podSpecs.MetaObj, platform),
 		}
@@ -258,5 +259,5 @@ func (s *Injector) shouldInject(pod common.FluidObject) (should bool, err error)
 }
 
 func (s *Injector) getServerlessPlatformFromMeta(metaObj metav1.ObjectMeta) string {
-	return utils.GetServerlessPlatfrom(metaObj.Labels)
+	return utils.GetServerlessPlatform(metaObj.Labels)
 }

pkg/application/inject/fuse/mutator/mutator_default.go

@@ -68,7 +68,7 @@ func NewDefaultMutator(args MutatorBuildArgs) Mutator {
 var _ Mutator = &DefaultMutator{}
 
 func (mutator *DefaultMutator) MutateWithRuntimeInfo(pvcName string, runtimeInfo base.RuntimeInfoInterface, nameSuffix string) error {
-	template, err := runtimeInfo.GetFuseContainerTemplate()
+	template, err := runtimeInfo.GetFuseContainerTemplate(mutator.options.SkipIndirectlyRelatedResourceValidation)
 	if err != nil {
 		return errors.Wrapf(err, "failed to get fuse container template for runtime \"%s/%s\"", runtimeInfo.GetNamespace(), runtimeInfo.GetName())
 	}

pkg/application/inject/fuse/mutator/mutator_unprivileged.go

@@ -48,7 +48,7 @@ func NewUnprivilegedMutator(opts MutatorBuildArgs) Mutator {
 }
 
 func (mutator *UnprivilegedMutator) MutateWithRuntimeInfo(pvcName string, runtimeInfo base.RuntimeInfoInterface, nameSuffix string) error {
-	template, err := runtimeInfo.GetFuseContainerTemplate()
+	template, err := runtimeInfo.GetFuseContainerTemplate(mutator.options.SkipIndirectlyRelatedResourceValidation)
 	if err != nil {
 		return errors.Wrapf(err, "failed to get fuse container template for runtime \"%s/%s\"", runtimeInfo.GetNamespace(), runtimeInfo.GetName())
 	}

pkg/common/constants.go

@@ -212,3 +212,7 @@ const (
 	K8sZoneLabelKey     = "topology.kubernetes.io/zone"
 	K8sRegionLabelKey   = "topology.kubernetes.io/region"
 )
+
+const (
+	SkipResourceValidationAnnotationKey = "sidecar.fluid.io/skip-resource-validation"
+)

pkg/common/types.go

@@ -168,9 +168,10 @@ type FuseMountInfo struct {
 
 // FuseSidecarInjectOption are options for webhook to inject fuse sidecar containers
 type FuseSidecarInjectOption struct {
-	EnableCacheDir             bool
-	EnableUnprivilegedSidecar  bool
-	SkipSidecarPostStartInject bool
+	EnableCacheDir                          bool
+	EnableUnprivilegedSidecar               bool
+	SkipSidecarPostStartInject              bool
+	SkipIndirectlyRelatedResourceValidation bool
 }
 
 func (f FuseSidecarInjectOption) String() string {

pkg/ddc/base/runtime.go

@@ -89,7 +89,7 @@ type RuntimeInfoInterface interface {
 
 	IsDeprecatedPVName() bool
 
-	GetFuseContainerTemplate() (template *common.FuseInjectionTemplate, err error)
+	GetFuseContainerTemplate(skipRelatedResourceCheck bool) (template *common.FuseInjectionTemplate, err error)
 
 	SetClient(client client.Client)
 

pkg/ddc/base/runtime_helper.go

@@ -20,17 +20,18 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/fluid-cloudnative/fluid/pkg/utils"
-	"github.com/fluid-cloudnative/fluid/pkg/utils/kubeclient"
 	"github.com/pkg/errors"
 	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 
 	"github.com/fluid-cloudnative/fluid/pkg/common"
+	"github.com/fluid-cloudnative/fluid/pkg/utils"
+	"github.com/fluid-cloudnative/fluid/pkg/utils/kubeclient"
 )
 
 // GetFuseContainerTemplate collects the fuse container spec from the runtime's fuse daemonSet spec. The function summarizes fuse related information into
 // the template and returns it. The template then can be freely modified according to need of the serverless platform.
-func (info *RuntimeInfo) GetFuseContainerTemplate() (template *common.FuseInjectionTemplate, err error) {
+func (info *RuntimeInfo) GetFuseContainerTemplate(skipIndirectlyRelatedResourceValidation bool) (template *common.FuseInjectionTemplate, err error) {
 	if utils.IsTimeTrackerDebugEnabled() {
 		defer utils.TimeTrack(time.Now(), "RuntimeInfo.GetFuseContainerTemplate",
 			"runtime.name", info.name, "runtime.namespace", info.namespace)
@@ -52,7 +53,11 @@ func (info *RuntimeInfo) GetFuseContainerTemplate() (template *common.FuseInject
 
 	template.FuseContainer.Name = common.FuseContainerName
 
-	hostMountPath, mountType, subPath, err := kubeclient.GetMountInfoFromVolumeClaim(info.client, info.name, info.namespace)
+	hostMountPath, mountType, subPath, err := info.getMountInfo(skipIndirectlyRelatedResourceValidation)
+	if err != nil {
+		return template, errors.Wrapf(err, "failed to get mount info")
+	}
+
 	if err != nil {
 		return template, errors.Wrapf(err, "failed get mount info from PVC \"%s/%s\"", info.namespace, info.name)
 	}
@@ -87,3 +92,35 @@ func (info *RuntimeInfo) getFuseDaemonset() (ds *appsv1.DaemonSet, err error) {
 	}
 	return kubeclient.GetDaemonset(info.client, fuseName, info.GetNamespace())
 }
+
+func (info *RuntimeInfo) getMountInfo(skipUnnecessaryResourceValidation bool) (path, mountType, subpath string, err error) {
+	var pv *corev1.PersistentVolume
+
+	pvName := info.GetPersistentVolumeName()
+
+	if !skipUnnecessaryResourceValidation {
+		var pvc *corev1.PersistentVolumeClaim
+		pvc, err = kubeclient.GetPersistentVolumeClaim(info.client, info.name, info.namespace)
+		if err != nil {
+			err = errors.Wrapf(err, "failed to get persistent volume claim %s/%s", info.namespace, info.name)
+			return
+		}
+		pvName = pvc.Spec.VolumeName
+	}
+
+	pv, err = kubeclient.GetPersistentVolume(info.client, pvName)
+	if err != nil {
+		err = errors.Wrapf(err, "cannot find pvc \"%s/%s\"'s bounded PV", info.namespace, info.name)
+		return
+	}
+
+	if pv.Spec.CSI != nil && len(pv.Spec.CSI.VolumeAttributes) > 0 {
+		path = pv.Spec.CSI.VolumeAttributes[common.VolumeAttrFluidPath]
+		mountType = pv.Spec.CSI.VolumeAttributes[common.VolumeAttrMountType]
+		subpath = pv.Spec.CSI.VolumeAttributes[common.VolumeAttrFluidSubPath]
+	} else {
+		err = fmt.Errorf("the pv %s is not created by fluid", pv.Name)
+	}
+
+	return
+}

pkg/ddc/base/runtime_helper_test.go

@@ -22,15 +22,27 @@ import (
 	datav1alpha1 "github.com/fluid-cloudnative/fluid/api/v1alpha1"
 	"github.com/fluid-cloudnative/fluid/pkg/common"
 	"github.com/fluid-cloudnative/fluid/pkg/utils/fake"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
 	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
 	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var (
+	testScheme *runtime.Scheme
 )
 
+func init() {
+	testScheme = runtime.NewScheme()
+	_ = corev1.AddToScheme(testScheme)
+	_ = rbacv1.AddToScheme(testScheme)
+	_ = appsv1.AddToScheme(testScheme)
+	_ = batchv1.AddToScheme(testScheme)
+}
+
 // func TestGetTemplateToInjectForFuse(t *testing.T) {
 // 	type runtimeInfo struct {
 // 		name        string
@@ -1169,3 +1181,180 @@ func TestGetFuseDaemonset(t *testing.T) {
 		}
 	}
 }
+
+func TestGetMountInfoFromVolumeClaim(t *testing.T) {
+	namespace := "default"
+	testPVCInputs := []*corev1.PersistentVolumeClaim{{
+		ObjectMeta: metav1.ObjectMeta{Name: "fluidpvc",
+			Namespace: namespace},
+		Spec: corev1.PersistentVolumeClaimSpec{
+			VolumeName: "fluidpv",
+		},
+	}, {
+		ObjectMeta: metav1.ObjectMeta{Name: "nonfluidpvc",
+			Annotations: common.ExpectedFluidAnnotations,
+			Namespace:   namespace},
+		Spec: corev1.PersistentVolumeClaimSpec{
+			VolumeName: "nonfluidpv",
+		},
+	}, {
+		ObjectMeta: metav1.ObjectMeta{Name: "nopv",
+			Annotations: common.ExpectedFluidAnnotations,
+			Namespace:   namespace},
+		Spec: corev1.PersistentVolumeClaimSpec{
+			VolumeName: "nopv",
+		},
+	}, {
+		ObjectMeta: metav1.ObjectMeta{Name: "subpvc",
+			Annotations: common.ExpectedFluidAnnotations,
+			Namespace:   namespace},
+		Spec: corev1.PersistentVolumeClaimSpec{
+			VolumeName: "subpv",
+		},
+	}}
+
+	objs := []runtime.Object{}
+
+	for _, pvc := range testPVCInputs {
+		objs = append(objs, pvc.DeepCopy())
+	}
+
+	testPVInputs := []*corev1.PersistentVolume{{
+		ObjectMeta: metav1.ObjectMeta{Name: "fluidpv"},
+		Spec: corev1.PersistentVolumeSpec{
+			PersistentVolumeSource: corev1.PersistentVolumeSource{
+				CSI: &corev1.CSIPersistentVolumeSource{
+					Driver: "fuse.csi.fluid.io",
+					VolumeAttributes: map[string]string{
+						common.VolumeAttrFluidPath: "/runtime-mnt/jindo/big-data/nofounddataset/jindofs-fuse",
+						common.VolumeAttrMountType: common.JindoRuntime,
+					},
+				},
+			},
+		},
+	}, {
+		ObjectMeta: metav1.ObjectMeta{Name: "nonfluidpv", Annotations: common.ExpectedFluidAnnotations},
+		Spec:       corev1.PersistentVolumeSpec{},
+	}, {
+		ObjectMeta: metav1.ObjectMeta{Name: "subpv"},
+		Spec: corev1.PersistentVolumeSpec{
+			PersistentVolumeSource: corev1.PersistentVolumeSource{
+				CSI: &corev1.CSIPersistentVolumeSource{
+					Driver: "fuse.csi.fluid.io",
+					VolumeAttributes: map[string]string{
+						common.VolumeAttrFluidPath:    "/runtime-mnt/jindo/big-data/nofounddataset/jindofs-fuse",
+						common.VolumeAttrMountType:    common.JindoRuntime,
+						common.VolumeAttrFluidSubPath: "subtest",
+					},
+				},
+			},
+		},
+	}}
+
+	for _, pv := range testPVInputs {
+		objs = append(objs, pv.DeepCopy())
+	}
+
+	client := fake.NewFakeClientWithScheme(testScheme, objs...)
+
+	type args struct {
+		name      string
+		namespace string
+	}
+	tests := []struct {
+		name        string
+		args        args
+		wantError   bool
+		wantPath    string
+		wantType    string
+		wantSubPath string
+	}{{
+		name: "volumeClaim doesn't exist",
+		args: args{
+			name:      "notExist",
+			namespace: namespace,
+		},
+		wantError: true,
+	}, {
+		name: "non fluid pv",
+		args: args{
+			name:      "nonfluidpvc",
+			namespace: namespace,
+		},
+		wantError: true,
+	}, {
+		name: " fluid pv",
+		args: args{
+			name:      "fluidpvc",
+			namespace: namespace,
+		},
+		wantError: false,
+		wantPath:  "/runtime-mnt/jindo/big-data/nofounddataset/jindofs-fuse",
+		wantType:  common.JindoRuntime,
+	}, {
+		name: "no pv",
+		args: args{
+			name:      "nopv",
+			namespace: namespace,
+		},
+		wantError: true,
+	}, {
+		name: "sub pv",
+		args: args{
+			name:      "subpvc",
+			namespace: namespace,
+		},
+		wantError:   false,
+		wantPath:    "/runtime-mnt/jindo/big-data/nofounddataset/jindofs-fuse",
+		wantType:    common.JindoRuntime,
+		wantSubPath: "subtest",
+	}}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			runtimeInfo := RuntimeInfo{
+				name:        tt.args.name,
+				namespace:   tt.args.namespace,
+				runtimeType: common.JindoRuntime,
+				client:      client,
+			}
+
+			path, mountType, subpath, err := runtimeInfo.getMountInfo(false)
+			got := err != nil
+
+			if got != tt.wantError {
+				t.Errorf("testcase %v GetMountInfoFromVolumeClaim() for %v in %v = %v, err = %v", tt.name,
+					tt.args.name,
+					tt.args.namespace,
+					got,
+					err)
+			}
+
+			if path != tt.wantPath {
+				t.Errorf("testcase %v GetMountInfoFromVolumeClaim() for %v in %v  got path  %v, want path = %v", tt.name,
+					tt.args.name,
+					tt.args.namespace,
+					path,
+					tt.wantPath)
+			}
+
+			if mountType != tt.wantType {
+				t.Errorf("testcase %v GetMountInfoFromVolumeClaim() for %v in %v  got mountType  %v, want mountType = %v", tt.name,
+					tt.args.name,
+					tt.args.namespace,
+					mountType,
+					tt.wantType)
+			}
+
+			if subpath != tt.wantSubPath {
+				t.Errorf("testcase %v GetMountInfoFromVolumeClaim() for %v in %v  got subpath  %v, want subpath = %v", tt.name,
+					tt.args.name,
+					tt.args.namespace,
+					subpath,
+					tt.wantSubPath)
+			}
+
+		})
+	}
+
+}

pkg/utils/annotations.go

@@ -75,7 +75,7 @@ const (
 	PlatformUnprivileged = "Unprivileged"
 )
 
-func GetServerlessPlatfrom(infos map[string]string) (platform string) {
+func GetServerlessPlatform(infos map[string]string) (platform string) {
 	if matchedKey(infos, ServerlessPlatformKey) {
 		return infos[ServerlessPlatformKey]
 	}
@@ -129,6 +129,10 @@ func serverlessPlatformMatched(infos map[string]string) (match bool) {
 	return matchedKey(infos, ServerlessPlatformKey)
 }
 
+func SkipIndirectlyRelatedResourceValidationEnable(infos map[string]string) (match bool) {
+	return enabled(infos, common.SkipResourceValidationAnnotationKey)
+}
+
 // enabled checks if the given name has a value of "true"
 func enabled(infos map[string]string, name string) (match bool) {
 	return matchedValue(infos, name, common.True)