Add direct connection arguments to mgmt cluster

This adds new arguments to allow the operator to connect to cluster
api mgmt cluster without a kubeconfig file, which is more practical
for containerized environments. It includes flags for the API URL,
bearer token, and CA data, while retaining backward compatibility
with the existing file-based method.

Signed-off-by: Mamduh Alassi <[email protected]>

Author: Mmduh-483

pkg/operator/operator.go

@@ -22,6 +22,7 @@ import (
 
 	"github.com/samber/lo"
 	"k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/cluster"
@@ -70,11 +71,12 @@ func NewOperator(ctx context.Context, operator *operator.Operator) (context.Cont
 }
 
 func buildManagementClusterKubeClient(ctx context.Context, operator *operator.Operator) (client.Client, error) {
-	if options.FromContext(ctx).ClusterAPIKubeConfigFile != "" {
-		clusterAPIKubeConfig, err := clientcmd.BuildConfigFromFlags("", options.FromContext(ctx).ClusterAPIKubeConfigFile)
-		if err != nil {
-			return nil, err
-		}
+	clusterAPIKubeConfig, err := buildClusterCAPIKubeConfig(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if clusterAPIKubeConfig != nil {
 		mgmtCluster, err := cluster.New(clusterAPIKubeConfig, func(o *cluster.Options) {
 			o.Scheme = operator.GetScheme()
 		})
@@ -88,3 +90,27 @@ func buildManagementClusterKubeClient(ctx context.Context, operator *operator.Op
 	}
 	return operator.GetClient(), nil
 }
+
+func buildClusterCAPIKubeConfig(ctx context.Context) (*rest.Config, error) {
+	kubeConfigFile := options.FromContext(ctx).ClusterAPIKubeConfigFile
+	if kubeConfigFile != "" {
+		return clientcmd.BuildConfigFromFlags("", kubeConfigFile)
+	}
+
+	url := options.FromContext(ctx).ClusterAPIUrl
+	token := options.FromContext(ctx).ClusterAPIToken
+	caData := options.FromContext(ctx).ClusterAPICertificateAuthorityData
+	skipTLSVerify := options.FromContext(ctx).ClusterAPISkipTlsVerify
+	if url != "" {
+		return &rest.Config{
+			Host:        url,
+			BearerToken: token,
+			TLSClientConfig: rest.TLSClientConfig{
+				CAData:   []byte(caData),
+				Insecure: skipTLSVerify,
+			},
+		}, nil
+	}
+
+	return nil, nil
+}

pkg/operator/options/options.go

@@ -33,11 +33,19 @@ func init() {
 type optionsKey struct{}
 
 type Options struct {
-	ClusterAPIKubeConfigFile string
+	ClusterAPIKubeConfigFile           string
+	ClusterAPIUrl                      string
+	ClusterAPIToken                    string
+	ClusterAPICertificateAuthorityData string
+	ClusterAPISkipTlsVerify            bool
 }
 
 func (o *Options) AddFlags(fs *karpoptions.FlagSet) {
 	fs.StringVar(&o.ClusterAPIKubeConfigFile, "cluster-api-kubeconfig", "", "The path to the cluster api manager cluster kubeconfig file.  Defaults to service account credentials if not specified.")
+	fs.StringVar(&o.ClusterAPIUrl, "cluster-api-url", "", "The url of the cluster api manager cluster")
+	fs.StringVar(&o.ClusterAPIToken, "cluster-api-token", "", "The Bearer token for authentication of the cluster api manager cluster")
+	fs.StringVar(&o.ClusterAPICertificateAuthorityData, "cluster-api-certificate-authority-data", "", "The cert certificate authority of the cluster api manager cluster")
+	fs.BoolVar(&o.ClusterAPISkipTlsVerify, "cluster-api-skip-tls-verify", false, "Skip the check for certificate for validity of the cluster api manager cluster. This will make HTTPS connections insecure")
 }
 
 func (o *Options) Parse(fs *karpoptions.FlagSet, args ...string) error {