Add clustercache for worklaod clusters connections

Signed-off-by: apedriza <adripedriza@gmail.com>

Author: apedriza

cmd/main.go

@@ -36,6 +36,7 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	"sigs.k8s.io/cluster-api/util/flags"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
@@ -254,10 +255,33 @@ func main() {
 		MaxConcurrentReconciles: concurrency,
 	}
 
+	ctx := ctrl.SetupSignalHandler()
+
+	clusterCache, err := clustercache.SetupWithManager(ctx, mgr, clustercache.Options{
+		SecretClient: secretCachingClient,
+		Cache:        clustercache.CacheOptions{},
+		Client: clustercache.ClientOptions{
+			UserAgent: "k0smotron",
+			Cache: clustercache.ClientCacheOptions{
+				DisableFor: []client.Object{
+					// Don't cache ConfigMaps & Secrets.
+					&corev1.ConfigMap{},
+					&corev1.Secret{},
+				},
+			},
+		},
+	}, ctrlOptions)
+	if err != nil {
+		setupLog.Error(err, "Unable to create ClusterCache")
+		os.Exit(1)
+	}
+
 	if isControllerEnabled(bootstrapController) && runCAPIControllers {
+
 		if err = (&bootstrap.Controller{
 			Client:              mgr.GetClient(),
 			SecretCachingClient: secretCachingClient,
+			ClusterCache:        clusterCache,
 			Scheme:              mgr.GetScheme(),
 			ClientSet:           clientSet,
 			RESTConfig:          restConfig,
@@ -268,6 +292,7 @@ func main() {
 		if err = (&bootstrap.ControlPlaneController{
 			Client:              mgr.GetClient(),
 			SecretCachingClient: secretCachingClient,
+			ClusterCache:        clusterCache,
 			Scheme:              mgr.GetScheme(),
 			ClientSet:           clientSet,
 			RESTConfig:          restConfig,
@@ -290,6 +315,7 @@ func main() {
 			if err = (&controlplane.K0smotronController{
 				Client:              mgr.GetClient(),
 				SecretCachingClient: secretCachingClient,
+				ClusterCache:        clusterCache,
 				Scheme:              mgr.GetScheme(),
 				ClientSet:           clientSet,
 				RESTConfig:          restConfig,
@@ -301,6 +327,7 @@ func main() {
 			if err = (&controlplane.K0sController{
 				Client:              mgr.GetClient(),
 				SecretCachingClient: secretCachingClient,
+				ClusterCache:        clusterCache,
 				ClientSet:           clientSet,
 				RESTConfig:          restConfig,
 			}).SetupWithManager(mgr, ctrlOptions); err != nil {
@@ -348,9 +375,10 @@ func main() {
 	// as both of them create/update Machines.
 	if runCAPIControllers && (isControllerEnabled(infrastructureController) || isControllerEnabled(bootstrapController)) {
 		if err = (&bootstrap.ProviderIDController{
-			Client:    mgr.GetClient(),
-			Scheme:    mgr.GetScheme(),
-			ClientSet: clientSet,
+			Client:       mgr.GetClient(),
+			Scheme:       mgr.GetScheme(),
+			ClientSet:    clientSet,
+			ClusterCache: clusterCache,
 		}).SetupWithManager(mgr, ctrlOptions); err != nil {
 			setupLog.Error(err, "unable to create controller", "controller", "ProviderID")
 			os.Exit(1)
@@ -367,7 +395,7 @@ func main() {
 	}
 
 	setupLog.Info("starting manager")
-	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+	if err := mgr.Start(ctx); err != nil {
 		setupLog.Error(err, "problem running manager")
 		os.Exit(1)
 	}

internal/controller/bootstrap/controlplane_bootstrap_controller.go

@@ -41,8 +41,8 @@ import (
 	kubeadmbootstrapv1 "sigs.k8s.io/cluster-api/api/bootstrap/kubeadm/v1beta2"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
 	bsutil "sigs.k8s.io/cluster-api/bootstrap/util"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	"sigs.k8s.io/cluster-api/controllers/external"
-	"sigs.k8s.io/cluster-api/controllers/remote"
 	capiutil "sigs.k8s.io/cluster-api/util"
 	"sigs.k8s.io/cluster-api/util/annotations"
 	"sigs.k8s.io/cluster-api/util/collections"
@@ -66,6 +66,7 @@ import (
 type ControlPlaneController struct {
 	client.Client
 	SecretCachingClient client.Client
+	ClusterCache        clustercache.ClusterCache
 	Scheme              *runtime.Scheme
 	ClientSet           *kubernetes.Clientset
 	RESTConfig          *rest.Config
@@ -461,7 +462,7 @@ func (c *ControlPlaneController) genControlPlaneJoinFiles(ctx context.Context, s
 	token := fmt.Sprintf("%s.%s", tokenID, tokenSecret)
 	tokenKubeSecret := createTokenSecret(tokenID, tokenSecret)
 
-	chCS, err := remote.NewClusterClient(ctx, "k0smotron", c.Client, capiutil.ObjectKey(scope.Cluster))
+	chCS, err := c.ClusterCache.GetClient(ctx, client.ObjectKeyFromObject(scope.Cluster))
 	if err != nil {
 		log.Error(err, "Failed to getting child cluster client set")
 		return nil, err

internal/controller/bootstrap/providerid_controller.go

@@ -14,6 +14,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/util/retry"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	capiutil "sigs.k8s.io/cluster-api/util"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -26,8 +27,9 @@ import (
 // ProviderIDController is responsible for reconciling the ProviderID field of the Machine resource.
 type ProviderIDController struct {
 	client.Client
-	Scheme    *runtime.Scheme
-	ClientSet *kubernetes.Clientset
+	Scheme       *runtime.Scheme
+	ClientSet    *kubernetes.Clientset
+	ClusterCache clustercache.ClusterCache
 }
 
 // Reconcile reconciles the ProviderID field of the Machine resource and
@@ -67,7 +69,7 @@ func (p *ProviderIDController) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, fmt.Errorf("can't get cluster %s/%s: %w", machine.Namespace, machine.Spec.ClusterName, err)
 	}
 
-	childClient, err := k0smoutil.GetKubeClient(context.Background(), p.Client, cluster)
+	childClient, err := p.getWorkloadClusterKubeClient(context.Background(), cluster)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("can't get kube client for cluster %s/%s: %w. may not be created yet", machine.Namespace, machine.Spec.ClusterName, err)
 	}
@@ -130,6 +132,15 @@ func (p *ProviderIDController) Reconcile(ctx context.Context, req ctrl.Request)
 	return ctrl.Result{}, nil
 }
 
+func (p *ProviderIDController) getWorkloadClusterKubeClient(ctx context.Context, cluster *clusterv1.Cluster) (*kubernetes.Clientset, error) {
+	restConfig, err := p.ClusterCache.GetRESTConfig(ctx, client.ObjectKeyFromObject(cluster))
+	if err != nil {
+		return nil, fmt.Errorf("failed to get REST config: %w", err)
+	}
+
+	return k0smoutil.GetKubeClient(restConfig)
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (p *ProviderIDController) SetupWithManager(mgr ctrl.Manager, opts controller.Options) error {
 	apiResources, err := p.ClientSet.Discovery().ServerResourcesForGroupVersion(clusterv1.GroupVersion.String())

internal/controller/bootstrap/worker_bootstrap_controller.go

@@ -34,8 +34,8 @@ import (
 	"k8s.io/utils/ptr"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
 	bsutil "sigs.k8s.io/cluster-api/bootstrap/util"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	"sigs.k8s.io/cluster-api/controllers/external"
-	"sigs.k8s.io/cluster-api/controllers/remote"
 	capiutil "sigs.k8s.io/cluster-api/util"
 	"sigs.k8s.io/cluster-api/util/annotations"
 	"sigs.k8s.io/cluster-api/util/conditions"
@@ -66,6 +66,7 @@ const (
 type Controller struct {
 	client.Client
 	SecretCachingClient client.Client
+	ClusterCache        clustercache.ClusterCache
 	Scheme              *runtime.Scheme
 	ClientSet           *kubernetes.Clientset
 	RESTConfig          *rest.Config
@@ -357,10 +358,10 @@ func (r *Controller) generateBootstrapDataForWorker(ctx context.Context, log log
 
 func (r *Controller) getK0sToken(ctx context.Context, scope *Scope) (string, error) {
 	// Check if the workload cluster client is already set. This client is used for testing purposes to inject a fake client.
-	client := r.workloadClusterClient
-	if client == nil {
+	wcClient := r.workloadClusterClient
+	if wcClient == nil {
 		var err error
-		client, err = remote.NewClusterClient(ctx, "k0smotron", r.Client, capiutil.ObjectKey(scope.Cluster))
+		wcClient, err = r.ClusterCache.GetClient(ctx, client.ObjectKeyFromObject(scope.Cluster))
 		if err != nil {
 			return "", fmt.Errorf("failed to create child cluster client: %w", err)
 		}
@@ -370,7 +371,7 @@ func (r *Controller) getK0sToken(ctx context.Context, scope *Scope) (string, err
 	tokenID := kutil.RandomString(6)
 	tokenSecret := kutil.RandomString(16)
 	token := fmt.Sprintf("%s.%s", tokenID, tokenSecret)
-	if err := client.Create(ctx, &corev1.Secret{
+	if err := wcClient.Create(ctx, &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      fmt.Sprintf("bootstrap-token-%s", tokenID),
 			Namespace: "kube-system",

internal/controller/controlplane/helper.go

@@ -503,10 +503,11 @@ func (c *K0sController) markChildControlNodeToLeave(ctx context.Context, name st
 }
 
 func (c *K0sController) deleteOldControlNodes(ctx context.Context, cluster *clusterv1.Cluster) error {
-	kubeClient, err := c.getKubeClient(ctx, cluster)
+	kubeClient, err := c.getWorkloadClusterClientset(ctx, cluster)
 	if err != nil {
-		return fmt.Errorf("error getting kube client: %w", err)
+		return fmt.Errorf("error getting workload cluster client: %w", err)
 	}
+
 	machines, err := collections.GetFilteredMachinesForCluster(ctx, c, cluster, collections.ControlPlaneMachines(cluster.Name))
 	if err != nil {
 		return fmt.Errorf("error getting all machines: %w", err)

internal/controller/controlplane/k0s_controlplane_controller.go

@@ -45,6 +45,7 @@ import (
 	"k8s.io/utils/ptr"
 	kubeadmbootstrapv1 "sigs.k8s.io/cluster-api/api/bootstrap/kubeadm/v1beta2"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	capiutil "sigs.k8s.io/cluster-api/util"
 	"sigs.k8s.io/cluster-api/util/annotations"
 	"sigs.k8s.io/cluster-api/util/certs"
@@ -88,6 +89,7 @@ var (
 type K0sController struct {
 	client.Client
 	SecretCachingClient client.Client
+	ClusterCache        clustercache.ClusterCache
 	ClientSet           *kubernetes.Clientset
 	RESTConfig          *rest.Config
 	// workloadClusterKubeClient is used during testing to inject a fake client
@@ -177,7 +179,7 @@ func (c *K0sController) Reconcile(ctx context.Context, req ctrl.Request) (res ct
 			// Separate var for status update errors to avoid shadowing err
 			derr = c.updateStatus(ctx, kcp, cluster)
 			if derr != nil {
-				if !errors.Is(derr, errUpgradeNotCompleted) {
+				if !errors.Is(derr, errUpgradeNotCompleted) && !errors.Is(derr, ErrNotReady) {
 					log.Error(derr, "Failed to update status")
 					return
 				}
@@ -474,7 +476,7 @@ func (c *K0sController) reconcileMachines(ctx context.Context, cluster *clusterv
 				}
 			}
 		} else {
-			kubeClient, err := c.getKubeClient(ctx, cluster)
+			kubeClient, err := c.getWorkloadClusterClientset(ctx, cluster)
 			if err != nil {
 				return fmt.Errorf("error getting cluster client set for machine update: %w", err)
 			}
@@ -597,7 +599,7 @@ func (c *K0sController) deleteK0sNodeResources(ctx context.Context, cluster *clu
 	logger := log.FromContext(ctx)
 
 	if kcp.Status.Ready {
-		kubeClient, err := c.getKubeClient(ctx, cluster)
+		kubeClient, err := c.getWorkloadClusterClientset(ctx, cluster)
 		if err != nil {
 			return fmt.Errorf("error getting cluster client set for deletion: %w", err)
 		}
@@ -664,7 +666,7 @@ func (c *K0sController) createBootstrapConfig(ctx context.Context, name string,
 }
 
 func (c *K0sController) checkMachineIsReady(ctx context.Context, machineName string, cluster *clusterv1.Cluster) error {
-	kubeClient, err := c.getKubeClient(ctx, cluster)
+	kubeClient, err := c.getWorkloadClusterClientset(ctx, cluster)
 	if err != nil {
 		return fmt.Errorf("error getting cluster client set for machine update: %w", err)
 	}
@@ -733,11 +735,19 @@ func (c *K0sController) reconcileConfig(ctx context.Context, cluster *clusterv1.
 			}
 		}
 
-		// Reconcile the dynamic config
-		dErr := kutil.ReconcileDynamicConfig(ctx, cluster, c.Client, *kcp.Spec.K0sConfigSpec.K0s.DeepCopy())
+		workloadClient, err := c.ClusterCache.GetClient(ctx, client.ObjectKeyFromObject(cluster))
+		if err != nil {
+			if errors.Is(err, clustercache.ErrClusterNotConnected) {
+				log.Info("Connection to workload cluster is not ready, skipping config reconciliation")
+				return nil
+			}
+
+			return fmt.Errorf("error getting workload cluster client: %w", err)
+		}
+
+		dErr := kutil.ReconcileDynamicConfig(ctx, workloadClient, *kcp.Spec.K0sConfigSpec.K0s.DeepCopy())
 		if dErr != nil {
-			// Don't return error from dynamic config reconciliation, as it may not be created yet
-			log.Error(fmt.Errorf("failed to reconcile dynamic config, kubeconfig may not be available yet: %w", dErr), "Failed to reconcile dynamic config")
+			return fmt.Errorf("error reconciling dynamic config: %w", dErr)
 		}
 	}
 

internal/controller/controlplane/k0s_controlplane_controller_env_test.go

@@ -50,6 +50,7 @@ import (
 	"k8s.io/kubectl/pkg/scheme"
 	"k8s.io/utils/ptr"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	"sigs.k8s.io/cluster-api/controllers/external"
 	"sigs.k8s.io/cluster-api/util"
 	"sigs.k8s.io/cluster-api/util/certs"
@@ -59,6 +60,7 @@ import (
 	"sigs.k8s.io/cluster-api/util/secret"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 
 	autopilot "github.com/k0sproject/k0s/pkg/apis/autopilot/v1beta2"
 	bootstrapv1 "github.com/k0sproject/k0smotron/api/bootstrap/v1beta1"
@@ -82,6 +84,7 @@ func TestReconcileReturnErrorWhenOwnerClusterIsMissing(t *testing.T) {
 	r := &K0sController{
 		Client:              testEnv,
 		SecretCachingClient: secretCachingClient,
+		ClusterCache:        clustercache.NewFakeClusterCache(fake.NewClientBuilder().Build(), client.ObjectKey{Name: cluster.Name, Namespace: cluster.Namespace}),
 	}
 
 	result, err := r.Reconcile(ctx, ctrl.Request{NamespacedName: util.ObjectKey(kcp)})
@@ -666,6 +669,10 @@ func TestReconcileK0sConfigWithNLLBEnabled(t *testing.T) {
 
 	r := &K0sController{
 		Client: testEnv,
+		// We set a ClusterCache with a non-related Cluster accessor to verify to trigger an 'clustercache.ErrClusterNotConnected' error, which should be handled
+		// gracefully by the controller and not cause the reconciliation to fail because it is expected that the workload cluster config reconciliation might not
+		// be complete until the Cluster is fully connected and available.
+		ClusterCache: clustercache.NewFakeClusterCache(fake.NewClientBuilder().Build(), client.ObjectKey{Name: "another-cluster", Namespace: "another-namespace"}),
 	}
 	err = r.reconcileConfig(ctx, cluster, kcp)
 	require.NoError(t, err)
@@ -724,6 +731,10 @@ func TestReconcileK0sConfigWithNLLBDisabled(t *testing.T) {
 
 	r := &K0sController{
 		Client: testEnv,
+		// We set a ClusterCache with a non-related Cluster accessor to verify to trigger an 'clustercache.ErrClusterNotConnected' error, which should be handled
+		// gracefully by the controller and not cause the reconciliation to fail because it is expected that the workload cluster config reconciliation might not
+		// be complete until the Cluster is fully connected and available.
+		ClusterCache: clustercache.NewFakeClusterCache(fake.NewClientBuilder().Build(), client.ObjectKey{Name: "another-cluster", Namespace: "another-namespace"}),
 	}
 	err = r.reconcileConfig(ctx, cluster, kcp)
 	require.NoError(t, err)
@@ -780,6 +791,10 @@ func TestReconcileK0sConfigTunnelingServerAddressToApiSans(t *testing.T) {
 
 	r := &K0sController{
 		Client: testEnv,
+		// We set a ClusterCache with a non-related Cluster accessor to verify to trigger an 'clustercache.ErrClusterNotConnected' error, which should be handled
+		// gracefully by the controller and not cause the reconciliation to fail because it is expected that the workload cluster config reconciliation might not
+		// be complete until the Cluster is fully connected and available.
+		ClusterCache: clustercache.NewFakeClusterCache(fake.NewClientBuilder().Build(), client.ObjectKey{Name: "another-cluster", Namespace: "another-namespace"}),
 	}
 	err = r.reconcileConfig(ctx, cluster, kcp)
 	require.NoError(t, err)
@@ -1516,6 +1531,7 @@ func TestReconcileInitializeControlPlanes(t *testing.T) {
 		Client:                    testEnv,
 		workloadClusterKubeClient: kubernetes.New(restClient),
 		SecretCachingClient:       secretCachingClient,
+		ClusterCache:              clustercache.NewFakeClusterCache(fake.NewClientBuilder().Build(), client.ObjectKey{Name: cluster.Name, Namespace: cluster.Namespace}),
 	}
 
 	_, err = r.Reconcile(ctx, ctrl.Request{NamespacedName: util.ObjectKey(kcp)})

internal/controller/controlplane/k0smotron_controlplane_controller.go

@@ -36,8 +36,8 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	"sigs.k8s.io/cluster-api/controllers/external"
-	"sigs.k8s.io/cluster-api/controllers/remote"
 	crcontroller "sigs.k8s.io/controller-runtime/pkg/controller"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -82,6 +82,7 @@ var currentSpec kapi.ClusterSpec
 type K0smotronController struct {
 	client.Client
 	SecretCachingClient client.Client
+	ClusterCache        clustercache.ClusterCache
 	Scheme              *runtime.Scheme
 	ClientSet           *kubernetes.Clientset
 	RESTConfig          *rest.Config
@@ -633,9 +634,9 @@ func (c *K0smotronController) computeAvailability(ctx context.Context, cluster *
 	logger.Info("Pinging the workload cluster API")
 
 	// Get the CAPI cluster accessor
-	client, err := remote.NewClusterClient(ctx, "k0smotron", c.Client, capiutil.ObjectKey(cluster))
+	client, err := c.ClusterCache.GetClient(ctx, client.ObjectKeyFromObject(cluster))
 	if err != nil {
-		logger.Info("Failed to create cluster client", "error", err)
+		logger.Info("Failed to get cluster client", "error", err)
 		conditions.Set(kcp, metav1.Condition{
 			Type:    string(cpv1beta1.ControlPlaneAvailableCondition),
 			Status:  metav1.ConditionFalse,