Use webhook to set associated labels and annotations of work

Signed-off-by: whitewindmills <[email protected]>

pkg/controllers/binding/common.go

@@ -110,7 +110,7 @@ func ensureWork(
 		}
 		workLabel := mergeLabel(clonedWorkload, binding, scope)
 
-		annotations := mergeAnnotations(clonedWorkload, workNamespace, binding, scope)
+		annotations := mergeAnnotations(clonedWorkload, binding, scope)
 		annotations = mergeConflictResolution(clonedWorkload, conflictResolutionInBinding, annotations)
 		annotations, err = RecordAppliedOverrides(cops, ops, annotations)
 		if err != nil {
@@ -154,7 +154,6 @@ func mergeTargetClusters(targetClusters []workv1alpha2.TargetCluster, requiredBy
 
 func mergeLabel(workload *unstructured.Unstructured, binding metav1.Object, scope apiextensionsv1.ResourceScope) map[string]string {
 	var workLabel = make(map[string]string)
-	util.MergeLabel(workload, util.ManagedByKarmadaLabel, util.ManagedByKarmadaLabelValue)
 	if scope == apiextensionsv1.NamespaceScoped {
 		bindingID := util.GetLabelValue(binding.GetLabels(), workv1alpha2.ResourceBindingPermanentIDLabel)
 		util.MergeLabel(workload, workv1alpha2.ResourceBindingPermanentIDLabel, bindingID)
@@ -167,10 +166,8 @@ func mergeLabel(workload *unstructured.Unstructured, binding metav1.Object, scop
 	return workLabel
 }
 
-func mergeAnnotations(workload *unstructured.Unstructured, workNamespace string, binding metav1.Object, scope apiextensionsv1.ResourceScope) map[string]string {
+func mergeAnnotations(workload *unstructured.Unstructured, binding metav1.Object, scope apiextensionsv1.ResourceScope) map[string]string {
 	annotations := make(map[string]string)
-	util.MergeAnnotation(workload, workv1alpha2.WorkNameAnnotation, names.GenerateWorkName(workload.GetKind(), workload.GetName(), workload.GetNamespace()))
-	util.MergeAnnotation(workload, workv1alpha2.WorkNamespaceAnnotation, workNamespace)
 
 	if scope == apiextensionsv1.NamespaceScoped {
 		util.MergeAnnotation(workload, workv1alpha2.ResourceBindingNamespaceAnnotationKey, binding.GetNamespace())

pkg/controllers/binding/common_test.go

@@ -185,16 +185,14 @@ func Test_mergeAnnotations(t *testing.T) {
 	bindingName := "fake-bindingName"
 
 	tests := []struct {
-		name      string
-		namespace string
-		workload  *unstructured.Unstructured
-		binding   metav1.Object
-		scope     v1.ResourceScope
-		want      map[string]string
+		name     string
+		workload *unstructured.Unstructured
+		binding  metav1.Object
+		scope    v1.ResourceScope
+		want     map[string]string
 	}{
 		{
-			name:      "NamespaceScoped",
-			namespace: "test",
+			name: "NamespaceScoped",
 			workload: &unstructured.Unstructured{
 				Object: map[string]interface{}{
 					"apiVersion": "apps/v1",
@@ -218,8 +216,7 @@ func Test_mergeAnnotations(t *testing.T) {
 			},
 		},
 		{
-			name:      "ClusterScoped",
-			namespace: "",
+			name: "ClusterScoped",
 			workload: &unstructured.Unstructured{
 				Object: map[string]interface{}{
 					"apiVersion": "v1",
@@ -242,7 +239,7 @@ func Test_mergeAnnotations(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := mergeAnnotations(tt.workload, tt.namespace, tt.binding, tt.scope); !reflect.DeepEqual(got, tt.want) {
+			if got := mergeAnnotations(tt.workload, tt.binding, tt.scope); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("mergeAnnotations() = %v, want %v", got, tt.want)
 			}
 		})

pkg/controllers/certificate/cert_rotation_controller.go

@@ -239,9 +239,6 @@ func (c *CertRotationController) createCSRInControlPlane(clusterName string, pri
 	certificateSigningRequest := &certificatesv1.CertificateSigningRequest{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: csrName,
-			Labels: map[string]string{
-				util.ManagedByKarmadaLabel: util.ManagedByKarmadaLabelValue,
-			},
 		},
 		Spec: certificatesv1.CertificateSigningRequestSpec{
 			Request:           csrData,

pkg/controllers/cluster/cluster_controller.go

@@ -423,9 +423,6 @@ func (c *Controller) createExecutionSpace(cluster *clusterv1alpha1.Cluster) erro
 		executionSpace := &corev1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: executionSpaceName,
-				Labels: map[string]string{
-					util.ManagedByKarmadaLabel: util.ManagedByKarmadaLabelValue,
-				},
 			},
 		}
 		err = c.Client.Create(context.TODO(), executionSpace)

pkg/controllers/execution/execution_controller.go

@@ -212,7 +212,6 @@ func (c *Controller) syncToClusters(clusterName string, work *workv1alpha1.Work)
 			errs = append(errs, err)
 			continue
 		}
-		util.MergeLabel(workload, workv1alpha2.WorkPermanentIDLabel, util.GetLabelValue(work.Labels, workv1alpha2.WorkPermanentIDLabel))
 
 		if err = c.tryCreateOrUpdateWorkload(clusterName, workload); err != nil {
 			klog.Errorf("Failed to create or update resource(%v/%v) in the given member cluster %s, err is %v", workload.GetNamespace(), workload.GetName(), clusterName, err)

pkg/controllers/federatedresourcequota/federated_resource_quota_sync_controller.go

@@ -37,7 +37,6 @@ import (
 	clusterv1alpha1 "github.com/karmada-io/karmada/pkg/apis/cluster/v1alpha1"
 	policyv1alpha1 "github.com/karmada-io/karmada/pkg/apis/policy/v1alpha1"
 	workv1alpha1 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha1"
-	workv1alpha2 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha2"
 	"github.com/karmada-io/karmada/pkg/events"
 	"github.com/karmada-io/karmada/pkg/util"
 	"github.com/karmada-io/karmada/pkg/util/helper"
@@ -160,21 +159,11 @@ func (c *SyncController) cleanUpWorks(namespace, name string) error {
 func (c *SyncController) buildWorks(quota *policyv1alpha1.FederatedResourceQuota, clusters []clusterv1alpha1.Cluster) error {
 	var errs []error
 	for _, cluster := range clusters {
-		workNamespace := names.GenerateExecutionSpaceName(cluster.Name)
-		workName := names.GenerateWorkName("ResourceQuota", quota.Name, quota.Namespace)
-
 		resourceQuota := &corev1.ResourceQuota{}
 		resourceQuota.APIVersion = "v1"
 		resourceQuota.Kind = "ResourceQuota"
 		resourceQuota.Namespace = quota.Namespace
 		resourceQuota.Name = quota.Name
-		resourceQuota.Labels = map[string]string{
-			util.ManagedByKarmadaLabel: util.ManagedByKarmadaLabelValue,
-		}
-		resourceQuota.Annotations = map[string]string{
-			workv1alpha2.WorkNamespaceAnnotation: workNamespace,
-			workv1alpha2.WorkNameAnnotation:      workName,
-		}
 		resourceQuota.Spec.Hard = extractClusterHardResourceList(quota.Spec, cluster.Name)
 
 		resourceQuotaObj, err := helper.ToUnstructured(resourceQuota)
@@ -185,13 +174,12 @@ func (c *SyncController) buildWorks(quota *policyv1alpha1.FederatedResourceQuota
 		}
 
 		objectMeta := metav1.ObjectMeta{
-			Namespace:  workNamespace,
-			Name:       workName,
+			Namespace:  names.GenerateExecutionSpaceName(cluster.Name),
+			Name:       names.GenerateWorkName(resourceQuota.Kind, quota.Name, quota.Namespace),
 			Finalizers: []string{util.ExecutionControllerFinalizer},
 			Labels: map[string]string{
 				util.FederatedResourceQuotaNamespaceLabel: quota.Namespace,
 				util.FederatedResourceQuotaNameLabel:      quota.Name,
-				util.ManagedByKarmadaLabel:                util.ManagedByKarmadaLabelValue,
 			},
 		}
 

pkg/controllers/mcs/service_export_controller.go

@@ -520,7 +520,6 @@ func getEndpointSliceWorkMeta(c client.Client, ns string, workName string, endpo
 			util.ServiceNameLabel:      endpointSlice.GetLabels()[discoveryv1.LabelServiceName],
 			// indicate the Work should be not propagated since it's collected resource.
 			util.PropagationInstruction:          util.PropagationInstructionSuppressed,
-			util.ManagedByKarmadaLabel:           util.ManagedByKarmadaLabelValue,
 			util.EndpointSliceWorkManagedByLabel: util.ServiceExportKind,
 		},
 	}

pkg/controllers/mcs/service_import_controller.go

@@ -31,7 +31,6 @@ import (
 	mcsv1alpha1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1"
 
 	"github.com/karmada-io/karmada/pkg/events"
-	"github.com/karmada-io/karmada/pkg/util"
 	"github.com/karmada-io/karmada/pkg/util/names"
 )
 
@@ -103,9 +102,6 @@ func (c *ServiceImportController) deriveServiceFromServiceImport(svcImport *mcsv
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: svcImport.Namespace,
 			Name:      names.GenerateDerivedServiceName(svcImport.Name),
-			Labels: map[string]string{
-				util.ManagedByKarmadaLabel: util.ManagedByKarmadaLabelValue,
-			},
 		},
 		Spec: corev1.ServiceSpec{
 			Type:  corev1.ServiceTypeClusterIP,

pkg/controllers/multiclusterservice/endpointslice_collect_controller.go

@@ -407,7 +407,6 @@ func getEndpointSliceWorkMeta(c client.Client, ns string, workName string, endpo
 		util.MultiClusterServiceNameLabel:      endpointSlice.GetLabels()[discoveryv1.LabelServiceName],
 		// indicate the Work should be not propagated since it's collected resource.
 		util.PropagationInstruction:          util.PropagationInstructionSuppressed,
-		util.ManagedByKarmadaLabel:           util.ManagedByKarmadaLabelValue,
 		util.EndpointSliceWorkManagedByLabel: util.MultiClusterServiceKind,
 	}
 	if existWork.Labels == nil || (err != nil && apierrors.IsNotFound(err)) {

pkg/controllers/multiclusterservice/endpointslice_dispatch_controller.go

@@ -42,7 +42,6 @@ import (
 	clusterv1alpha1 "github.com/karmada-io/karmada/pkg/apis/cluster/v1alpha1"
 	networkingv1alpha1 "github.com/karmada-io/karmada/pkg/apis/networking/v1alpha1"
 	workv1alpha1 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha1"
-	workv1alpha2 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha2"
 	"github.com/karmada-io/karmada/pkg/events"
 	"github.com/karmada-io/karmada/pkg/util"
 	"github.com/karmada-io/karmada/pkg/util/fedinformer/genericmanager"
@@ -385,14 +384,11 @@ func (c *EndpointsliceDispatchController) ensureEndpointSliceWork(mcs *networkin
 	clusterNamespace := names.GenerateExecutionSpaceName(consumerCluster)
 	endpointSlice.Labels = map[string]string{
 		discoveryv1.LabelServiceName: mcs.Name,
-		util.ManagedByKarmadaLabel:   util.ManagedByKarmadaLabelValue,
 		discoveryv1.LabelManagedBy:   util.EndpointSliceDispatchControllerLabelValue,
 	}
 	endpointSlice.Annotations = map[string]string{
 		// This annotation is used to identify the source cluster of EndpointSlice and whether the eps are the newest version
 		util.EndpointSliceProvisionClusterAnnotation: providerCluster,
-		workv1alpha2.WorkNamespaceAnnotation:         clusterNamespace,
-		workv1alpha2.WorkNameAnnotation:              work.Name,
 	}
 
 	workMeta := metav1.ObjectMeta{
@@ -403,7 +399,6 @@ func (c *EndpointsliceDispatchController) ensureEndpointSliceWork(mcs *networkin
 			util.EndpointSliceProvisionClusterAnnotation: providerCluster,
 		},
 		Labels: map[string]string{
-			util.ManagedByKarmadaLabel:             util.ManagedByKarmadaLabelValue,
 			util.MultiClusterServiceNameLabel:      mcs.Name,
 			util.MultiClusterServiceNamespaceLabel: mcs.Namespace,
 		},

pkg/controllers/multiclusterservice/mcs_controller.go

@@ -310,7 +310,6 @@ func (c *MCSController) propagateMultiClusterService(mcs *networkingv1alpha1.Mul
 			Labels: map[string]string{
 				// We add this id in mutating webhook, let's just use it
 				networkingv1alpha1.MultiClusterServicePermanentIDLabel: util.GetLabelValue(mcs.Labels, networkingv1alpha1.MultiClusterServicePermanentIDLabel),
-				util.ManagedByKarmadaLabel:                             util.ManagedByKarmadaLabelValue,
 				util.PropagationInstruction:                            util.PropagationInstructionSuppressed,
 				util.MultiClusterServiceNamespaceLabel:                 mcs.Namespace,
 				util.MultiClusterServiceNameLabel:                      mcs.Name,
@@ -496,10 +495,11 @@ func (c *MCSController) claimMultiClusterServiceForService(svc *corev1.Service,
 	}
 
 	// cleanup the policy labels
+	// TODO(whitewindmills): Delete the following three lines in a future version.
 	delete(svcCopy.Labels, policyv1alpha1.PropagationPolicyNameLabel)
 	delete(svcCopy.Labels, policyv1alpha1.PropagationPolicyNamespaceLabel)
-	delete(svcCopy.Labels, policyv1alpha1.PropagationPolicyPermanentIDLabel)
 	delete(svcCopy.Labels, policyv1alpha1.ClusterPropagationPolicyLabel)
+	delete(svcCopy.Labels, policyv1alpha1.PropagationPolicyPermanentIDLabel)
 	delete(svcCopy.Labels, policyv1alpha1.ClusterPropagationPolicyPermanentIDLabel)
 
 	svcCopy.Labels[util.ResourceTemplateClaimedByLabel] = util.MultiClusterServiceKind

pkg/controllers/namespace/namespace_sync_controller.go

@@ -40,7 +40,6 @@ import (
 
 	clusterv1alpha1 "github.com/karmada-io/karmada/pkg/apis/cluster/v1alpha1"
 	policyv1alpha1 "github.com/karmada-io/karmada/pkg/apis/policy/v1alpha1"
-	workv1alpha2 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha2"
 	"github.com/karmada-io/karmada/pkg/controllers/binding"
 	"github.com/karmada-io/karmada/pkg/util"
 	"github.com/karmada-io/karmada/pkg/util/helper"
@@ -147,23 +146,17 @@ func (c *Controller) buildWorks(namespace *corev1.Namespace, clusters []clusterv
 				return
 			}
 
-			workNamespace := names.GenerateExecutionSpaceName(cluster.Name)
-
 			workName := names.GenerateWorkName(namespaceObj.GetKind(), namespaceObj.GetName(), namespaceObj.GetNamespace())
 			objectMeta := metav1.ObjectMeta{
 				Name:       workName,
-				Namespace:  workNamespace,
+				Namespace:  names.GenerateExecutionSpaceName(cluster.Name),
 				Finalizers: []string{util.ExecutionControllerFinalizer},
 				OwnerReferences: []metav1.OwnerReference{
 					*metav1.NewControllerRef(namespace, namespace.GroupVersionKind()),
 				},
 				Annotations: annotations,
 			}
 
-			util.MergeLabel(clonedNamespaced, util.ManagedByKarmadaLabel, util.ManagedByKarmadaLabelValue)
-			util.MergeAnnotation(clonedNamespaced, workv1alpha2.WorkNamespaceAnnotation, workNamespace)
-			util.MergeAnnotation(clonedNamespaced, workv1alpha2.WorkNameAnnotation, workName)
-
 			if err = helper.CreateOrUpdateWork(c.Client, objectMeta, clonedNamespaced); err != nil {
 				ch <- fmt.Errorf("sync namespace(%s) to cluster(%s) failed due to: %v", clonedNamespaced.GetName(), cluster.GetName(), err)
 				return

pkg/controllers/status/work_status_controller.go

@@ -231,7 +231,6 @@ func (c *WorkStatusController) syncWorkStatus(key util.QueueKey) error {
 		return err
 	}
 
-	util.MergeLabel(desiredObj, workv1alpha2.WorkPermanentIDLabel, util.GetLabelValue(workObject.Labels, workv1alpha2.WorkPermanentIDLabel))
 	// we should check if the observed status is consistent with the declaration to prevent accidental changes made
 	// in member clusters.
 	needUpdate, err := c.ObjectWatcher.NeedsUpdate(clusterName, desiredObj, observedObj)

pkg/controllers/unifiedauth/unified_auth_controller.go

@@ -37,7 +37,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	clusterv1alpha1 "github.com/karmada-io/karmada/pkg/apis/cluster/v1alpha1"
-	workv1alpha2 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha2"
 	"github.com/karmada-io/karmada/pkg/events"
 	"github.com/karmada-io/karmada/pkg/util"
 	"github.com/karmada-io/karmada/pkg/util/helper"
@@ -223,22 +222,15 @@ func (c *Controller) buildImpersonationClusterRoleBinding(cluster *clusterv1alph
 }
 
 func (c *Controller) buildWorks(cluster *clusterv1alpha1.Cluster, obj *unstructured.Unstructured) error {
-	workNamespace := names.GenerateExecutionSpaceName(cluster.Name)
-
-	clusterRoleBindingWorkName := names.GenerateWorkName(obj.GetKind(), obj.GetName(), obj.GetNamespace())
 	objectMeta := metav1.ObjectMeta{
-		Name:       clusterRoleBindingWorkName,
-		Namespace:  workNamespace,
+		Name:       names.GenerateWorkName(obj.GetKind(), obj.GetName(), obj.GetNamespace()),
+		Namespace:  names.GenerateExecutionSpaceName(cluster.Name),
 		Finalizers: []string{util.ExecutionControllerFinalizer},
 		OwnerReferences: []metav1.OwnerReference{
 			*metav1.NewControllerRef(cluster, cluster.GroupVersionKind()),
 		},
 	}
 
-	util.MergeLabel(obj, util.ManagedByKarmadaLabel, util.ManagedByKarmadaLabelValue)
-	util.MergeAnnotation(obj, workv1alpha2.WorkNamespaceAnnotation, workNamespace)
-	util.MergeAnnotation(obj, workv1alpha2.WorkNameAnnotation, clusterRoleBindingWorkName)
-
 	if err := helper.CreateOrUpdateWork(c.Client, objectMeta, obj); err != nil {
 		return err
 	}

pkg/util/helper/work.go

@@ -40,16 +40,9 @@ import (
 
 // CreateOrUpdateWork creates a Work object if not exist, or updates if it already exist.
 func CreateOrUpdateWork(client client.Client, workMeta metav1.ObjectMeta, resource *unstructured.Unstructured) error {
-	workload := resource.DeepCopy()
-	if conflictResolution, ok := workMeta.GetAnnotations()[workv1alpha2.ResourceConflictResolutionAnnotation]; ok {
-		util.MergeAnnotation(workload, workv1alpha2.ResourceConflictResolutionAnnotation, conflictResolution)
-	}
-	util.MergeAnnotation(workload, workv1alpha2.ResourceTemplateUIDAnnotation, string(workload.GetUID()))
-	util.RecordManagedAnnotations(workload)
-	util.RecordManagedLabels(workload)
-	workloadJSON, err := workload.MarshalJSON()
+	workloadJSON, err := resource.MarshalJSON()
 	if err != nil {
-		klog.Errorf("Failed to marshal workload(%s/%s), Error: %v", workload.GetNamespace(), workload.GetName(), err)
+		klog.Errorf("Failed to marshal workload(%s/%s), error: %v", resource.GetNamespace(), resource.GetName(), err)
 		return err
 	}
 

pkg/webhook/work/mutating.go

@@ -27,7 +27,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	workv1alpha1 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha1"
+	workv1alpha2 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha2"
 	"github.com/karmada-io/karmada/pkg/resourceinterpreter/default/native/prune"
+	"github.com/karmada-io/karmada/pkg/util"
 )
 
 // MutatingAdmission mutates API request if necessary.
@@ -64,6 +66,8 @@ func (a *MutatingAdmission) Handle(_ context.Context, req admission.Request) adm
 			return admission.Errored(http.StatusInternalServerError, err)
 		}
 
+		setAssociatedLabelsAndAnnotations(workloadObj, work)
+
 		workloadJSON, err := workloadObj.MarshalJSON()
 		if err != nil {
 			klog.Errorf("Failed to marshal workload of the work(%s/%s), err: %s", work.Namespace, work.Name, err)
@@ -80,3 +84,22 @@ func (a *MutatingAdmission) Handle(_ context.Context, req admission.Request) adm
 
 	return admission.PatchResponseFromRaw(req.Object.Raw, marshaledBytes)
 }
+
+// setAssociatedLabelsAndAnnotations sets the associated work object labels and annotations.
+func setAssociatedLabelsAndAnnotations(workload *unstructured.Unstructured, work *workv1alpha1.Work) {
+	workload.SetAnnotations(util.DedupeAndMergeAnnotations(workload.GetAnnotations(), map[string]string{
+		workv1alpha2.ResourceTemplateUIDAnnotation: string(workload.GetUID()),
+		workv1alpha2.WorkNamespaceAnnotation:       work.GetNamespace(),
+		workv1alpha2.WorkNameAnnotation:            work.GetName(),
+	}))
+	if conflictResolution, ok := work.Annotations[workv1alpha2.ResourceConflictResolutionAnnotation]; ok {
+		util.MergeAnnotation(workload, workv1alpha2.ResourceConflictResolutionAnnotation, conflictResolution)
+	}
+	util.RecordManagedAnnotations(workload)
+
+	workload.SetLabels(util.DedupeAndMergeLabels(workload.GetLabels(), map[string]string{
+		util.ManagedByKarmadaLabel:        util.ManagedByKarmadaLabelValue,
+		workv1alpha2.WorkPermanentIDLabel: work.Labels[workv1alpha2.WorkPermanentIDLabel],
+	}))
+	util.RecordManagedLabels(workload)
+}