From ac4ea791f09f93ba8a889cf5e4c9ce7ea8b8b1f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Tue, 14 Oct 2025 15:55:30 +0200 Subject: [PATCH 1/5] refactor(initializer): improve kubeconfig handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Load kubeconfig from file to enhance flexibility • Update manager initialization to use the new configuration Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- cmd/initializer.go | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/cmd/initializer.go b/cmd/initializer.go index 636adf2..9d3213e 100644 --- a/cmd/initializer.go +++ b/cmd/initializer.go @@ -6,6 +6,7 @@ import ( helmv2 "github.com/fluxcd/helm-controller/api/v2" sourcev1 "github.com/fluxcd/source-controller/api/v1" + "k8s.io/client-go/tools/clientcmd" "github.com/kcp-dev/logicalcluster/v3" "github.com/kcp-dev/multicluster-provider/initializingworkspaces" @@ -31,7 +32,14 @@ var initializerCmd = &cobra.Command{ ctx, _, shutdown := pmcontext.StartContext(log, initializerCfg, defaultCfg.ShutdownTimeout) defer shutdown() - mgrCfg := ctrl.GetConfigOrDie() + cfg, err := clientcmd.LoadFromFile(initializerCfg.KCP.Kubeconfig) + if err != nil { + return err + } + restCfg, err := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{}).ClientConfig() + if err != nil { + return err + } mgrOpts := ctrl.Options{ Scheme: scheme, @@ -57,7 +65,7 @@ var initializerCmd = &cobra.Command{ mgrOpts.LeaderElectionConfig = inClusterCfg } - provider, err := initializingworkspaces.New(mgrCfg, initializingworkspaces.Options{ + provider, err := initializingworkspaces.New(restCfg, initializingworkspaces.Options{ InitializerName: initializerCfg.InitializerName, Scheme: mgrOpts.Scheme, }) @@ -66,7 +74,7 @@ var initializerCmd = &cobra.Command{ os.Exit(1) } - mgr, err := mcmanager.New(mgrCfg, provider, mgrOpts) + mgr, err := mcmanager.New(restCfg, provider, mgrOpts) if err != nil { setupLog.Error(err, "Failed to create manager") os.Exit(1) @@ -82,13 +90,13 @@ var initializerCmd = &cobra.Command{ os.Exit(1) } - inClusterConfig, err := rest.InClusterConfig() + k8sCfg := ctrl.GetConfigOrDie() if err != nil { log.Error().Err(err).Msg("Failed to create in cluster config") os.Exit(1) } - inClusterClient, err := client.New(inClusterConfig, client.Options{Scheme: scheme}) + runtimeClient, err := client.New(k8sCfg, client.Options{Scheme: scheme}) if err != nil { log.Error().Err(err).Msg("Failed to create in cluster client") os.Exit(1) @@ -98,7 +106,7 @@ var initializerCmd = &cobra.Command{ initializerCfg.IDP.AdditionalRedirectURLs = []string{} } - if err := controller.NewLogicalClusterReconciler(log, orgClient, initializerCfg, inClusterClient, mgr). + if err := controller.NewLogicalClusterReconciler(log, orgClient, initializerCfg, runtimeClient, mgr). SetupWithManager(mgr, defaultCfg); err != nil { setupLog.Error(err, "unable to create controller", "controller", "LogicalCluster") os.Exit(1) From f27b782facab98f65c38bbcce17a42779358ca21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Tue, 14 Oct 2025 15:56:23 +0200 Subject: [PATCH 2/5] refactor(config): enhance configuration structure for KCP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Introduces KCP kubeconfig handling in the config • Simplifies lifecycle manager import in the initializer Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- internal/config/config.go | 3 +++ internal/controller/initializer_controller.go | 4 ++-- internal/subroutine/workspace_initializer.go | 4 +--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index b1dc419..bad8da6 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -12,6 +12,9 @@ type Config struct { FGA struct { Target string `mapstructure:"fga-target"` } `mapstructure:",squash"` + KCP struct { + Kubeconfig string `mapstructure:"kcp-kubeconfig"` + } `mapstructure:",squash"` APIExportEndpointSliceName string `mapstructure:"api-export-endpoint-slice-name"` CoreModulePath string `mapstructure:"core-module-path"` WorkspaceDir string `mapstructure:"workspace-dir" default:"/operator/"` diff --git a/internal/controller/initializer_controller.go b/internal/controller/initializer_controller.go index 8d44f5b..6f7670d 100644 --- a/internal/controller/initializer_controller.go +++ b/internal/controller/initializer_controller.go @@ -6,7 +6,7 @@ import ( kcpcorev1alpha1 "github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1" platformeshconfig "github.com/platform-mesh/golang-commons/config" "github.com/platform-mesh/golang-commons/controller/lifecycle/builder" - lifecyclecontrollerruntime "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" + "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine" "github.com/platform-mesh/golang-commons/logger" ctrl "sigs.k8s.io/controller-runtime" @@ -23,7 +23,7 @@ import ( type LogicalClusterReconciler struct { log *logger.Logger - lifecycle *lifecyclecontrollerruntime.LifecycleManager + lifecycle *multicluster.LifecycleManager } func NewLogicalClusterReconciler(log *logger.Logger, orgClient client.Client, cfg config.Config, inClusterClient client.Client, mgr mcmanager.Manager) *LogicalClusterReconciler { diff --git a/internal/subroutine/workspace_initializer.go b/internal/subroutine/workspace_initializer.go index 4f18f3b..835c120 100644 --- a/internal/subroutine/workspace_initializer.go +++ b/internal/subroutine/workspace_initializer.go @@ -23,10 +23,8 @@ import ( ) func NewWorkspaceInitializer(orgsClient client.Client, cfg config.Config, mgr mcmanager.Manager) *workspaceInitializer { - coreModulePath := cfg.CoreModulePath - // read file from path - res, err := os.ReadFile(coreModulePath) + res, err := os.ReadFile(cfg.CoreModulePath) if err != nil { panic(err) } From 2ec28e051c7b2678707706a2a2c0cbeff2fca763 Mon Sep 17 00:00:00 2001 From: User Date: Wed, 15 Oct 2025 14:58:56 +0200 Subject: [PATCH 3/5] refactor(generator and operator): separated kcp and runtime kubeconfigs On-behalf-of: SAP aleh.yarshou@sap.com --- cmd/initializer.go | 10 +++----- cmd/model_generator.go | 11 +++++---- cmd/operator.go | 12 ++++++---- cmd/root.go | 23 +++++++++++++++++++ internal/config/config.go | 2 +- internal/controller/apibinding_controller.go | 10 ++++---- .../authorization_model_controller.go | 10 ++++---- internal/controller/initializer_controller.go | 8 +++---- internal/controller/invite_controller.go | 10 ++++---- internal/controller/store_controller.go | 10 ++++---- 10 files changed, 66 insertions(+), 40 deletions(-) diff --git a/cmd/initializer.go b/cmd/initializer.go index 9d3213e..102c1b5 100644 --- a/cmd/initializer.go +++ b/cmd/initializer.go @@ -6,7 +6,6 @@ import ( helmv2 "github.com/fluxcd/helm-controller/api/v2" sourcev1 "github.com/fluxcd/source-controller/api/v1" - "k8s.io/client-go/tools/clientcmd" "github.com/kcp-dev/logicalcluster/v3" "github.com/kcp-dev/multicluster-provider/initializingworkspaces" @@ -32,13 +31,10 @@ var initializerCmd = &cobra.Command{ ctx, _, shutdown := pmcontext.StartContext(log, initializerCfg, defaultCfg.ShutdownTimeout) defer shutdown() - cfg, err := clientcmd.LoadFromFile(initializerCfg.KCP.Kubeconfig) + restCfg, err := getKubeconfigFromPath(initializerCfg.KCP.Kubeconfig) if err != nil { - return err - } - restCfg, err := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{}).ClientConfig() - if err != nil { - return err + log.Error().Err(err).Msg("unable to get KCP kubeconfig") + os.Exit(1) } mgrOpts := ctrl.Options{ diff --git a/cmd/model_generator.go b/cmd/model_generator.go index fa7f143..657ec87 100644 --- a/cmd/model_generator.go +++ b/cmd/model_generator.go @@ -26,13 +26,16 @@ import ( var modelGeneratorCmd = &cobra.Command{ Use: "model-generator", RunE: func(cmd *cobra.Command, args []string) error { - ctrl.SetLogger(log.ComponentLogger("controller-runtime").Logr()) ctx, _, shutdown := platformeshcontext.StartContext(log, defaultCfg, defaultCfg.ShutdownTimeout) defer shutdown() - cfg := ctrl.GetConfigOrDie() + restCfg, err := getKubeconfigFromPath(generatorCfg.KCP.Kubeconfig) + if err != nil { + log.Error().Err(err).Msg("unable to get KCP kubeconfig") + return err + } mgrOpts := manager.Options{ Scheme: scheme, @@ -67,7 +70,7 @@ var modelGeneratorCmd = &cobra.Command{ return fmt.Errorf("scheme should not be nil") } - provider, err := apiexport.New(cfg, apiexport.Options{ + provider, err := apiexport.New(restCfg, apiexport.Options{ Scheme: mgrOpts.Scheme, }) if err != nil { @@ -75,7 +78,7 @@ var modelGeneratorCmd = &cobra.Command{ return err } - mgr, err := mcmanager.New(cfg, provider, mgrOpts) + mgr, err := mcmanager.New(restCfg, provider, mgrOpts) if err != nil { log.Error().Err(err).Msg("Failed to create manager") return err diff --git a/cmd/operator.go b/cmd/operator.go index 2cdc15b..7fdfb88 100644 --- a/cmd/operator.go +++ b/cmd/operator.go @@ -77,6 +77,12 @@ var operatorCmd = &cobra.Command{ ctx, _, shutdown := platformeshcontext.StartContext(log, defaultCfg, defaultCfg.ShutdownTimeout) defer shutdown() + restCfg, err := getKubeconfigFromPath(operatorCfg.KCP.Kubeconfig) + if err != nil { + log.Error().Err(err).Msg("unable to get KCP kubeconfig") + return err + } + if defaultCfg.Sentry.Dsn != "" { err := sentry.Start(ctx, defaultCfg.Sentry.Dsn, defaultCfg.Environment, defaultCfg.Region, @@ -89,8 +95,6 @@ var operatorCmd = &cobra.Command{ defer platformeshcontext.Recover(log) } - cfg := ctrl.GetConfigOrDie() - mgrOpts := ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ @@ -121,7 +125,7 @@ var operatorCmd = &cobra.Command{ return fmt.Errorf("scheme should not be nil") } - provider, err := apiexport.New(cfg, apiexport.Options{ + provider, err := apiexport.New(restCfg, apiexport.Options{ Scheme: mgrOpts.Scheme, }) if err != nil { @@ -129,7 +133,7 @@ var operatorCmd = &cobra.Command{ return err } - mgr, err := mcmanager.New(cfg, provider, mgrOpts) + mgr, err := mcmanager.New(restCfg, provider, mgrOpts) if err != nil { setupLog.Error(err, "Failed to create manager") return err diff --git a/cmd/root.go b/cmd/root.go index c0b2c43..f214835 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -1,6 +1,7 @@ package cmd import ( + "errors" "flag" "strings" @@ -9,6 +10,8 @@ import ( "github.com/platform-mesh/golang-commons/logger" "github.com/spf13/cobra" "github.com/spf13/viper" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" ctrl "sigs.k8s.io/controller-runtime" "github.com/platform-mesh/security-operator/internal/config" @@ -18,6 +21,7 @@ var ( defaultCfg *platformeshconfig.CommonServiceConfig initializerCfg config.Config operatorCfg config.Config + generatorCfg config.Config log *logger.Logger setupLog logr.Logger ) @@ -43,6 +47,10 @@ func init() { if err := platformeshconfig.BindConfigToFlags(operatorV, operatorCmd, &operatorCfg); err != nil { panic(err) } + generatorV := newViper() + if err := platformeshconfig.BindConfigToFlags(generatorV, modelGeneratorCmd, &generatorCfg); err != nil { + panic(err) + } initializerV := newViper() if err := platformeshconfig.BindConfigToFlags(initializerV, initializerCmd, &initializerCfg); err != nil { panic(err) @@ -51,6 +59,21 @@ func init() { cobra.OnInitialize(initLog) } +func getKubeconfigFromPath(kubeconfigPath string) (*rest.Config, error) { + if kubeconfigPath == "" { + return nil, errors.New("missing value for required flag --kcp-kubeconfig") + } + cfg, err := clientcmd.LoadFromFile(initializerCfg.KCP.Kubeconfig) + if err != nil { + return nil, err + } + restCfg, err := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{}).ClientConfig() + if err != nil { + return restCfg, err + } + return restCfg, nil +} + func newViper() *viper.Viper { v := viper.NewWithOptions( viper.EnvKeyReplacer(strings.NewReplacer("-", "_")), diff --git a/internal/config/config.go b/internal/config/config.go index bad8da6..1ecad4b 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -13,7 +13,7 @@ type Config struct { Target string `mapstructure:"fga-target"` } `mapstructure:",squash"` KCP struct { - Kubeconfig string `mapstructure:"kcp-kubeconfig"` + Kubeconfig string `mapstructure:"kcp-kubeconfig" default:"/api-kubeconfig/kubeconfig"` } `mapstructure:",squash"` APIExportEndpointSliceName string `mapstructure:"api-export-endpoint-slice-name"` CoreModulePath string `mapstructure:"core-module-path"` diff --git a/internal/controller/apibinding_controller.go b/internal/controller/apibinding_controller.go index 0a48e09..4909eb6 100644 --- a/internal/controller/apibinding_controller.go +++ b/internal/controller/apibinding_controller.go @@ -11,7 +11,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/predicate" - lifecyclecontrollerruntime "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" + "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" "github.com/platform-mesh/security-operator/internal/subroutine" mccontext "sigs.k8s.io/multicluster-runtime/pkg/context" mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager" @@ -21,7 +21,7 @@ import ( func NewAPIBindingReconciler(logger *logger.Logger, mcMgr mcmanager.Manager) *APIBindingReconciler { return &APIBindingReconciler{ log: logger, - lifecycle: builder.NewBuilder("apibinding", "apibinding-controller", []lifecyclesubroutine.Subroutine{ + mclifecycle: builder.NewBuilder("apibinding", "apibinding-controller", []lifecyclesubroutine.Subroutine{ subroutine.NewAuthorizationModelGenerationSubroutine(mcMgr), }, logger). BuildMultiCluster(mcMgr), @@ -30,14 +30,14 @@ func NewAPIBindingReconciler(logger *logger.Logger, mcMgr mcmanager.Manager) *AP type APIBindingReconciler struct { log *logger.Logger - lifecycle *lifecyclecontrollerruntime.LifecycleManager + mclifecycle *multicluster.LifecycleManager } func (r *APIBindingReconciler) Reconcile(ctx context.Context, req mcreconcile.Request) (ctrl.Result, error) { ctxWithCluster := mccontext.WithCluster(ctx, req.ClusterName) - return r.lifecycle.Reconcile(ctxWithCluster, req, &kcpv1alpha1.APIBinding{}) + return r.mclifecycle.Reconcile(ctxWithCluster, req, &kcpv1alpha1.APIBinding{}) } func (r *APIBindingReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platformeshconfig.CommonServiceConfig, evp ...predicate.Predicate) error { - return r.lifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "apibinding-controller", &kcpv1alpha1.APIBinding{}, cfg.DebugLabelValue, r, r.log, evp...) + return r.mclifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "apibinding-controller", &kcpv1alpha1.APIBinding{}, cfg.DebugLabelValue, r, r.log, evp...) } diff --git a/internal/controller/authorization_model_controller.go b/internal/controller/authorization_model_controller.go index f8e0e79..4f31d4c 100644 --- a/internal/controller/authorization_model_controller.go +++ b/internal/controller/authorization_model_controller.go @@ -6,7 +6,7 @@ import ( openfgav1 "github.com/openfga/api/proto/openfga/v1" platformeshconfig "github.com/platform-mesh/golang-commons/config" "github.com/platform-mesh/golang-commons/controller/lifecycle/builder" - lifecyclecontrollerruntime "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" + "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine" "github.com/platform-mesh/golang-commons/logger" corev1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1" @@ -20,13 +20,13 @@ import ( type AuthorizationModelReconciler struct { log *logger.Logger - lifecycle *lifecyclecontrollerruntime.LifecycleManager + mclifecycle *multicluster.LifecycleManager } func NewAuthorizationModelReconciler(log *logger.Logger, fga openfgav1.OpenFGAServiceClient, mcMgr mcmanager.Manager) *AuthorizationModelReconciler { return &AuthorizationModelReconciler{ log: log, - lifecycle: builder.NewBuilder("authorizationmodel", "AuthorizationModelReconciler", []lifecyclesubroutine.Subroutine{ + mclifecycle: builder.NewBuilder("authorizationmodel", "AuthorizationModelReconciler", []lifecyclesubroutine.Subroutine{ subroutine.NewTupleSubroutine(fga, mcMgr), }, log). BuildMultiCluster(mcMgr), @@ -35,9 +35,9 @@ func NewAuthorizationModelReconciler(log *logger.Logger, fga openfgav1.OpenFGASe func (r *AuthorizationModelReconciler) Reconcile(ctx context.Context, req mcreconcile.Request) (ctrl.Result, error) { ctxWithCluster := mccontext.WithCluster(ctx, req.ClusterName) - return r.lifecycle.Reconcile(ctxWithCluster, req, &corev1alpha1.AuthorizationModel{}) + return r.mclifecycle.Reconcile(ctxWithCluster, req, &corev1alpha1.AuthorizationModel{}) } func (r *AuthorizationModelReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platformeshconfig.CommonServiceConfig, evp ...predicate.Predicate) error { // coverage-ignore - return r.lifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "authorizationmodel", &corev1alpha1.AuthorizationModel{}, cfg.DebugLabelValue, r, r.log, evp...) + return r.mclifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "authorizationmodel", &corev1alpha1.AuthorizationModel{}, cfg.DebugLabelValue, r, r.log, evp...) } diff --git a/internal/controller/initializer_controller.go b/internal/controller/initializer_controller.go index 6f7670d..2f6f4cc 100644 --- a/internal/controller/initializer_controller.go +++ b/internal/controller/initializer_controller.go @@ -23,13 +23,13 @@ import ( type LogicalClusterReconciler struct { log *logger.Logger - lifecycle *multicluster.LifecycleManager + mclifecycle *multicluster.LifecycleManager } func NewLogicalClusterReconciler(log *logger.Logger, orgClient client.Client, cfg config.Config, inClusterClient client.Client, mgr mcmanager.Manager) *LogicalClusterReconciler { return &LogicalClusterReconciler{ log: log, - lifecycle: builder.NewBuilder("logicalcluster", "LogicalClusterReconciler", []lifecyclesubroutine.Subroutine{ + mclifecycle: builder.NewBuilder("logicalcluster", "LogicalClusterReconciler", []lifecyclesubroutine.Subroutine{ subroutine.NewWorkspaceInitializer(orgClient, cfg, mgr), subroutine.NewWorkspaceAuthConfigurationSubroutine(orgClient, inClusterClient, cfg), subroutine.NewRealmSubroutine(inClusterClient, &cfg, cfg.BaseDomain), @@ -42,9 +42,9 @@ func NewLogicalClusterReconciler(log *logger.Logger, orgClient client.Client, cf func (r *LogicalClusterReconciler) Reconcile(ctx context.Context, req mcreconcile.Request) (ctrl.Result, error) { ctxWithCluster := mccontext.WithCluster(ctx, req.ClusterName) - return r.lifecycle.Reconcile(ctxWithCluster, req, &kcpcorev1alpha1.LogicalCluster{}) + return r.mclifecycle.Reconcile(ctxWithCluster, req, &kcpcorev1alpha1.LogicalCluster{}) } func (r *LogicalClusterReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platformeshconfig.CommonServiceConfig, evp ...predicate.Predicate) error { - return r.lifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "LogicalCluster", &kcpcorev1alpha1.LogicalCluster{}, cfg.DebugLabelValue, r, r.log, evp...) + return r.mclifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "LogicalCluster", &kcpcorev1alpha1.LogicalCluster{}, cfg.DebugLabelValue, r, r.log, evp...) } diff --git a/internal/controller/invite_controller.go b/internal/controller/invite_controller.go index 80fa618..d9d6839 100644 --- a/internal/controller/invite_controller.go +++ b/internal/controller/invite_controller.go @@ -6,7 +6,7 @@ import ( platformeshconfig "github.com/platform-mesh/golang-commons/config" "github.com/platform-mesh/golang-commons/controller/lifecycle/builder" - lifecycle "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" + "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine" "github.com/platform-mesh/golang-commons/logger" ctrl "sigs.k8s.io/controller-runtime" @@ -20,7 +20,7 @@ import ( ) type InviteReconciler struct { - lifecycle *lifecycle.LifecycleManager + mclifecycle *multicluster.LifecycleManager } func NewInviteReconciler(ctx context.Context, mgr mcmanager.Manager, cfg *config.Config, log *logger.Logger) *InviteReconciler { @@ -35,7 +35,7 @@ func NewInviteReconciler(ctx context.Context, mgr mcmanager.Manager, cfg *config } return &InviteReconciler{ - lifecycle: builder.NewBuilder( + mclifecycle: builder.NewBuilder( "invite", "InviteReconciler", []lifecyclesubroutine.Subroutine{ @@ -46,11 +46,11 @@ func NewInviteReconciler(ctx context.Context, mgr mcmanager.Manager, cfg *config } func (r *InviteReconciler) Reconcile(ctx context.Context, req mcreconcile.Request) (ctrl.Result, error) { - return r.lifecycle.Reconcile(mccontext.WithCluster(ctx, req.ClusterName), req, &v1alpha1.Invite{}) + return r.mclifecycle.Reconcile(mccontext.WithCluster(ctx, req.ClusterName), req, &v1alpha1.Invite{}) } func (r *InviteReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platformeshconfig.CommonServiceConfig, log *logger.Logger) error { // coverage-ignore - return r.lifecycle. + return r.mclifecycle. SetupWithManager( mgr, cfg.MaxConcurrentReconciles, diff --git a/internal/controller/store_controller.go b/internal/controller/store_controller.go index c2a043c..3b3c641 100644 --- a/internal/controller/store_controller.go +++ b/internal/controller/store_controller.go @@ -13,7 +13,7 @@ import ( openfgav1 "github.com/openfga/api/proto/openfga/v1" platformeshconfig "github.com/platform-mesh/golang-commons/config" - lifecyclecontrollerruntime "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" + "github.com/platform-mesh/golang-commons/controller/lifecycle/multicluster" lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine" "github.com/platform-mesh/golang-commons/logger" corev1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1" @@ -28,14 +28,14 @@ import ( type StoreReconciler struct { fga openfgav1.OpenFGAServiceClient log *logger.Logger - lifecycle *lifecyclecontrollerruntime.LifecycleManager + mclifecycle *multicluster.LifecycleManager } func NewStoreReconciler(log *logger.Logger, fga openfgav1.OpenFGAServiceClient, mcMgr mcmanager.Manager) *StoreReconciler { return &StoreReconciler{ fga: fga, log: log, - lifecycle: builder.NewBuilder("store", "StoreReconciler", []lifecyclesubroutine.Subroutine{ + mclifecycle: builder.NewBuilder("store", "StoreReconciler", []lifecyclesubroutine.Subroutine{ subroutine.NewStoreSubroutine(fga, mcMgr), subroutine.NewAuthorizationModelSubroutine(fga, mcMgr), subroutine.NewTupleSubroutine(fga, mcMgr), @@ -46,12 +46,12 @@ func NewStoreReconciler(log *logger.Logger, fga openfgav1.OpenFGAServiceClient, func (r *StoreReconciler) Reconcile(ctx context.Context, req mcreconcile.Request) (ctrl.Result, error) { ctxWithCluster := mccontext.WithCluster(ctx, req.ClusterName) - return r.lifecycle.Reconcile(ctxWithCluster, req, &corev1alpha1.Store{}) + return r.mclifecycle.Reconcile(ctxWithCluster, req, &corev1alpha1.Store{}) } // SetupWithManager sets up the controller with the Manager. func (r *StoreReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platformeshconfig.CommonServiceConfig, evp ...predicate.Predicate) error { // coverage-ignore - builder, err := r.lifecycle.SetupWithManagerBuilder(mgr, cfg.MaxConcurrentReconciles, "store", &corev1alpha1.Store{}, cfg.DebugLabelValue, r.log, evp...) + builder, err := r.mclifecycle.SetupWithManagerBuilder(mgr, cfg.MaxConcurrentReconciles, "store", &corev1alpha1.Store{}, cfg.DebugLabelValue, r.log, evp...) if err != nil { return err } From 9658aa4216eeebb82f40f6d2fa8f61c160629517 Mon Sep 17 00:00:00 2001 From: User Date: Wed, 15 Oct 2025 17:11:45 +0200 Subject: [PATCH 4/5] fix: fixed getting config function On-behalf-of: SAP aleh.yarshou@sap.com --- cmd/root.go | 2 +- internal/controller/apibinding_controller.go | 2 +- internal/controller/authorization_model_controller.go | 2 +- internal/controller/store_controller.go | 6 +++--- internal/subroutine/tuples.go | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index f214835..f1a4847 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -63,7 +63,7 @@ func getKubeconfigFromPath(kubeconfigPath string) (*rest.Config, error) { if kubeconfigPath == "" { return nil, errors.New("missing value for required flag --kcp-kubeconfig") } - cfg, err := clientcmd.LoadFromFile(initializerCfg.KCP.Kubeconfig) + cfg, err := clientcmd.LoadFromFile(kubeconfigPath) if err != nil { return nil, err } diff --git a/internal/controller/apibinding_controller.go b/internal/controller/apibinding_controller.go index 4909eb6..3afd184 100644 --- a/internal/controller/apibinding_controller.go +++ b/internal/controller/apibinding_controller.go @@ -29,7 +29,7 @@ func NewAPIBindingReconciler(logger *logger.Logger, mcMgr mcmanager.Manager) *AP } type APIBindingReconciler struct { - log *logger.Logger + log *logger.Logger mclifecycle *multicluster.LifecycleManager } diff --git a/internal/controller/authorization_model_controller.go b/internal/controller/authorization_model_controller.go index 4f31d4c..0f206dc 100644 --- a/internal/controller/authorization_model_controller.go +++ b/internal/controller/authorization_model_controller.go @@ -19,7 +19,7 @@ import ( ) type AuthorizationModelReconciler struct { - log *logger.Logger + log *logger.Logger mclifecycle *multicluster.LifecycleManager } diff --git a/internal/controller/store_controller.go b/internal/controller/store_controller.go index 3b3c641..8debd6b 100644 --- a/internal/controller/store_controller.go +++ b/internal/controller/store_controller.go @@ -26,8 +26,8 @@ import ( // StoreReconciler reconciles a Store object type StoreReconciler struct { - fga openfgav1.OpenFGAServiceClient - log *logger.Logger + fga openfgav1.OpenFGAServiceClient + log *logger.Logger mclifecycle *multicluster.LifecycleManager } @@ -59,7 +59,7 @@ func (r *StoreReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platforme Watches( &corev1alpha1.AuthorizationModel{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request { - model,ok := obj.(*corev1alpha1.AuthorizationModel) + model, ok := obj.(*corev1alpha1.AuthorizationModel) if !ok { return nil } diff --git a/internal/subroutine/tuples.go b/internal/subroutine/tuples.go index e04d658..998f85c 100644 --- a/internal/subroutine/tuples.go +++ b/internal/subroutine/tuples.go @@ -140,8 +140,8 @@ func (t *tupleSubroutine) Process(ctx context.Context, instance runtimeobject.Ru } storeCtx := mccontext.WithCluster(ctx, string(logicalcluster.Name(lc.Annotations[logicalcluster.AnnotationKey]))) - - storeCluster, err := t.mgr.GetCluster(ctx,obj.Spec.StoreRef.Path) + + storeCluster, err := t.mgr.GetCluster(ctx, obj.Spec.StoreRef.Path) if err != nil { return ctrl.Result{}, errors.NewOperatorError(fmt.Errorf("unable to get store cluster: %w", err), true, false) } From cb24090cf049fc924310ba3b06a7ddee341fc41a Mon Sep 17 00:00:00 2001 From: User Date: Wed, 15 Oct 2025 17:12:57 +0200 Subject: [PATCH 5/5] fix: removed extra error handler On-behalf-of: SAP aleh.yarshou@sap.com --- cmd/initializer.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/initializer.go b/cmd/initializer.go index 102c1b5..33fb3e8 100644 --- a/cmd/initializer.go +++ b/cmd/initializer.go @@ -87,10 +87,6 @@ var initializerCmd = &cobra.Command{ } k8sCfg := ctrl.GetConfigOrDie() - if err != nil { - log.Error().Err(err).Msg("Failed to create in cluster config") - os.Exit(1) - } runtimeClient, err := client.New(k8sCfg, client.Options{Scheme: scheme}) if err != nil {