update using sandbox spec runtimeconfig instend of annotation flag

Signed-off-by: jicheng.sk <jicheng.sk@alibaba-inc.com>

Author: BH4AWS

api/v1alpha1/sandbox_types.go

@@ -36,17 +36,18 @@ const (
 	// Sandbox Manager or Sandbox Claim creates high-priority sandboxes by default.
 	SandboxAnnotationPriority = "agents.kruise.io/sandbox-priority"
 
-	// ShouldInjectCsiMount is the annotation key for inject csi mount plugin container.
-	// If set, the csi sidecar will be injected into the pod when the sandbox is created.
-	// The csi mount sidecar is used to mount the remote oss/nas storage to the sandbox container.
-	ShouldInjectCsiMount = "agents.kruise.io/inject-csi-plugin"
-
-	// ShouldInjectAgentRuntime is the annotation key for inject agent runtime sidecar in init container.
-	// If set, the agent runtime sidecar will be injected into the pod when the sandbox is created.
-	// Some binary tools which are contained in the init agent runtime container. These are the basic tools for sandbox running.
-	ShouldInjectAgentRuntime = "agents.kruise.io/inject-agent-runtime"
+	// RuntimeConfigForInjectCsiMount is a valid value for RuntimeConfig.Name.
+	// When set, enables CSI mount sidecar injection for the sandbox.
+	RuntimeConfigForInjectCsiMount = "csi"
+	// RuntimeConfigForInjectAgentRuntime is a valid value for RuntimeConfig.Name.
+	// When set, enables agent runtime sidecar injection for the sandbox.
+	RuntimeConfigForInjectAgentRuntime = "agent-runtime"
 )
 
+type RuntimeConfig struct {
+	Name string `json:"name"`
+}
+
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
@@ -69,6 +70,10 @@ type SandboxSpec struct {
 	// +kubebuilder:validation:Format="date-time"
 	ShutdownTime *metav1.Time `json:"shutdownTime,omitempty"`
 
+	// Runtimes - Runtime configuration for sandbox object
+	// +optional
+	Runtimes []RuntimeConfig `json:"runtimes,omitempty"`
+
 	// PauseTime - Absolute time when the sandbox will be paused automatically.
 	// +kubebuilder:validation:Format="date-time"
 	PauseTime *metav1.Time `json:"pauseTime,omitempty"`

api/v1alpha1/zz_generated.deepcopy.go

@@ -71,6 +71,16 @@ spec:
                 items:
                   type: string
                 type: array
+              runtimes:
+                description: Runtimes - Runtime configuration for sandbox object
+                items:
+                  properties:
+                    name:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
               shutdownTime:
                 description: |-
                   ShutdownTime - Absolute time when the sandbox is deleted.

config/crd/bases/agents.kruise.io_sandboxes.yaml

@@ -1305,11 +1305,13 @@ func TestCommonControl_createPod_WithSidecarInjection(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "test-sandbox",
 					Namespace: "default",
-					Annotations: map[string]string{
-						agentsv1alpha1.ShouldInjectAgentRuntime: "true",
-					},
 				},
 				Spec: agentsv1alpha1.SandboxSpec{
+					Runtimes: []agentsv1alpha1.RuntimeConfig{
+						{
+							Name: agentsv1alpha1.RuntimeConfigForInjectAgentRuntime,
+						},
+					},
 					EmbeddedSandboxTemplate: agentsv1alpha1.EmbeddedSandboxTemplate{
 						Template: &corev1.PodTemplateSpec{
 							Spec: corev1.PodSpec{
@@ -1359,11 +1361,13 @@ func TestCommonControl_createPod_WithSidecarInjection(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "test-sandbox",
 					Namespace: "default",
-					Annotations: map[string]string{
-						agentsv1alpha1.ShouldInjectCsiMount: "true",
-					},
 				},
 				Spec: agentsv1alpha1.SandboxSpec{
+					Runtimes: []agentsv1alpha1.RuntimeConfig{
+						{
+							Name: agentsv1alpha1.RuntimeConfigForInjectCsiMount,
+						},
+					},
 					EmbeddedSandboxTemplate: agentsv1alpha1.EmbeddedSandboxTemplate{
 						Template: &corev1.PodTemplateSpec{
 							Spec: corev1.PodSpec{
@@ -1416,12 +1420,16 @@ func TestCommonControl_createPod_WithSidecarInjection(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "test-sandbox",
 					Namespace: "default",
-					Annotations: map[string]string{
-						agentsv1alpha1.ShouldInjectAgentRuntime: "true",
-						agentsv1alpha1.ShouldInjectCsiMount:     "true",
-					},
 				},
 				Spec: agentsv1alpha1.SandboxSpec{
+					Runtimes: []agentsv1alpha1.RuntimeConfig{
+						{
+							Name: agentsv1alpha1.RuntimeConfigForInjectAgentRuntime,
+						},
+						{
+							Name: agentsv1alpha1.RuntimeConfigForInjectCsiMount,
+						},
+					},
 					EmbeddedSandboxTemplate: agentsv1alpha1.EmbeddedSandboxTemplate{
 						Template: &corev1.PodTemplateSpec{
 							Spec: corev1.PodSpec{

pkg/controller/sandbox/core/common_control_test.go

@@ -17,11 +17,21 @@ import (
 )
 
 func enableInjectCsiMountConfig(sandbox *agentsv1alpha1.Sandbox) bool {
-	return sandbox.Annotations[agentsv1alpha1.ShouldInjectCsiMount] == "true"
+	for _, runtime := range sandbox.Spec.Runtimes {
+		if runtime.Name == agentsv1alpha1.RuntimeConfigForInjectCsiMount {
+			return true
+		}
+	}
+	return false
 }
 
 func enableInjectAgentRuntimeConfig(sandbox *agentsv1alpha1.Sandbox) bool {
-	return sandbox.Annotations[agentsv1alpha1.ShouldInjectAgentRuntime] == "true"
+	for _, runtime := range sandbox.Spec.Runtimes {
+		if runtime.Name == agentsv1alpha1.RuntimeConfigForInjectAgentRuntime {
+			return true
+		}
+	}
+	return false
 }
 
 func fetchInjectionConfiguration(ctx context.Context, cli client.Client) (map[string]string, error) {
@@ -150,23 +160,29 @@ func setAgentRuntimeContainer(ctx context.Context, podSpec *corev1.PodSpec, conf
 func setMainContainerConfigWhenInjectRuntimeSidecar(ctx context.Context, mainContainer *corev1.Container, config SidecarInjectConfig) {
 	log := logf.FromContext(ctx)
 
-	// Check if main container already has a postStart hook
-	if mainContainer.Lifecycle != nil && mainContainer.Lifecycle.PostStart != nil {
-		if config.MainContainer.Lifecycle != nil && config.MainContainer.Lifecycle.PostStart != nil {
-			log.Error(nil, "conflicting postStart hooks detected, main container already has a postStart hook defined",
+	// Check if main container already has a valid postStart hook (with actual handler)
+	mainContainerHasValidPostStart := mainContainer.Lifecycle != nil &&
+		mainContainer.Lifecycle.PostStart != nil &&
+		hasValidLifecycleHandler(mainContainer.Lifecycle.PostStart)
+
+	configHasValidPostStart := config.MainContainer.Lifecycle != nil &&
+		config.MainContainer.Lifecycle.PostStart != nil &&
+		hasValidLifecycleHandler(config.MainContainer.Lifecycle.PostStart)
+
+	if mainContainerHasValidPostStart {
+		if configHasValidPostStart {
+			log.V(consts.DebugLogLevel).Info("conflicting postStart hooks detected, main container already has a postStart hook defined",
 				"existingHook", mainContainer.Lifecycle.PostStart,
 				"injectedHook", config.MainContainer.Lifecycle.PostStart)
+			return
 		}
 	} else {
-		// set main container lifecycle
-		if mainContainer.Lifecycle == nil {
-			mainContainer.Lifecycle = &corev1.Lifecycle{}
-		}
-		if mainContainer.Lifecycle.PostStart == nil {
-			mainContainer.Lifecycle.PostStart = &corev1.LifecycleHandler{}
-		}
-		// Main container doesn't have postStart, apply config if available
-		if config.MainContainer.Lifecycle != nil && config.MainContainer.Lifecycle.PostStart != nil {
+		// Main container doesn't have valid postStart, apply config if available
+		if configHasValidPostStart {
+			// set main container lifecycle
+			if mainContainer.Lifecycle == nil {
+				mainContainer.Lifecycle = &corev1.Lifecycle{}
+			}
 			mainContainer.Lifecycle.PostStart = config.MainContainer.Lifecycle.PostStart
 		}
 	}
@@ -227,3 +243,13 @@ func isContainersExists(podContainers []corev1.Container, injectContainers []cor
 	}
 	return false
 }
+
+// hasValidLifecycleHandler checks if the lifecycle handler has at least one valid action defined.
+// A valid handler must have at least one of: Exec, HTTPGet, or TCPSocket.
+// Returns false if the handler is nil or all actions are nil (empty handler).
+func hasValidLifecycleHandler(handler *corev1.LifecycleHandler) bool {
+	if handler == nil {
+		return false
+	}
+	return handler.Exec != nil || handler.HTTPGet != nil || handler.TCPSocket != nil
+}