feat: implement onboarding cluster management and update related commands

Author: n3rdc4ptn

api/constants.go

@@ -0,0 +1,6 @@
+package api
+
+const (
+	UsageOperatorDomain              = "usage.services.openmcp.cloud"
+	UsageOperatorPlatformServiceName = "provider." + UsageOperatorDomain
+)

cmd/usage-operator/app/app.go

@@ -5,8 +5,15 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/openmcp-project/controller-utils/pkg/clusters"
 	"github.com/openmcp-project/controller-utils/pkg/logging"
+	clustersv1alpha1 "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1"
 	"github.com/spf13/cobra"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/tools/clientcmd/api"
 
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/yaml"
@@ -21,7 +28,9 @@ func NewUsageOperatorCommand(ctx context.Context) *cobra.Command {
 	cmd.SetErr(os.Stderr)
 
 	so := &SharedOptions{
-		RawSharedOptions: &RawSharedOptions{},
+		RawSharedOptions: &RawSharedOptions{
+			PlatformCluster: clusters.New("platform"),
+		},
 	}
 
 	so.AddPersistentFlags(cmd)
@@ -35,6 +44,8 @@ func NewUsageOperatorCommand(ctx context.Context) *cobra.Command {
 type RawSharedOptions struct {
 	Environment string `json:"environment"`
 	DryRun      bool   `json:"dry-run"`
+
+	PlatformCluster *clusters.Cluster `json:"platform-cluster"`
 }
 
 type SharedOptions struct {
@@ -50,9 +61,25 @@ func (o *SharedOptions) AddPersistentFlags(cmd *cobra.Command) {
 	// misc
 	cmd.PersistentFlags().BoolVar(&o.DryRun, "dry-run", false, "If set, the command aborts after evaluation of the given flags.")
 	cmd.PersistentFlags().StringVar(&o.Environment, "environment", "", "Environment name. Required. This is used to distinguish between different environments that are watching the same Onboarding cluster. Must be globally unique.")
+
+	o.PlatformCluster.RegisterSingleConfigPathFlag(cmd.PersistentFlags())
 }
 
 func (o *SharedOptions) Complete() error {
+	// platform cluster
+	if err := o.PlatformCluster.InitializeRESTConfig(); err != nil {
+		return fmt.Errorf("unable to initialize platform cluster rest config: %w", err)
+	}
+	platformScheme := runtime.NewScheme()
+	utilruntime.Must(clientgoscheme.AddToScheme(platformScheme))
+	utilruntime.Must(apiextensionsv1.AddToScheme(platformScheme))
+	utilruntime.Must(clustersv1alpha1.AddToScheme(platformScheme))
+	utilruntime.Must(api.AddToScheme(platformScheme))
+
+	if err := o.PlatformCluster.InitializeClient(platformScheme); err != nil {
+		return fmt.Errorf("unable to initialize platform cluster client: %w", err)
+	}
+
 	// build logger
 	log, err := logging.GetLogger()
 	if err != nil {
@@ -74,7 +101,9 @@ func (o *SharedOptions) PrintRaw(cmd *cobra.Command) {
 }
 
 func (o *SharedOptions) PrintCompleted(cmd *cobra.Command) {
-	raw := map[string]any{}
+	raw := map[string]any{
+		"platform-cluster": o.PlatformCluster.APIServerEndpoint(),
+	}
 	data, err := yaml.Marshal(raw)
 	if err != nil {
 		cmd.Println(fmt.Errorf("error marshalling completed shared options: %w", err).Error())

cmd/usage-operator/app/init.go

@@ -4,16 +4,14 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/openmcp-project/controller-utils/pkg/clusters"
 	crdutil "github.com/openmcp-project/controller-utils/pkg/crds"
 	apiconst "github.com/openmcp-project/openmcp-operator/api/constants"
 	"github.com/openmcp-project/openmcp-operator/api/install"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	ctrl "sigs.k8s.io/controller-runtime"
-
 	"github.com/openmcp-project/usage-operator/api/crds"
+	"github.com/openmcp-project/usage-operator/internal/helper"
 )
 
 func NewInitCommand(so *SharedOptions) *cobra.Command {
@@ -63,14 +61,16 @@ func (o *InitOptions) Run(ctx context.Context) error {
 	// apply CRDs
 	crdManager := crdutil.NewCRDManager(apiconst.ClusterLabel, crds.CRDs)
 
-	var cluster clusters.Cluster
-	cluster.WithRESTConfig(ctrl.GetConfigOrDie())
+	cluster, err := helper.GetOnboardingCluster(ctx, log, o.PlatformCluster.Client())
+	if err != nil {
+		return fmt.Errorf("error when getting onboarding cluster: %w", err)
+	}
 
 	if err := cluster.InitializeClient(install.InstallCRDAPIs(runtime.NewScheme())); err != nil {
 		return fmt.Errorf("error initializing client: %w", err)
 	}
 
-	crdManager.AddCRDLabelToClusterMapping("onboarding", &cluster)
+	crdManager.AddCRDLabelToClusterMapping("onboarding", cluster)
 
 	if err := crdManager.CreateOrUpdateCRDs(ctx, &log); err != nil {
 		return fmt.Errorf("error creating/updating CRDs: %w", err)

cmd/usage-operator/app/run.go

@@ -25,6 +25,7 @@ import (
 	usagev1 "github.com/openmcp-project/usage-operator/api/usage/v1"
 
 	"github.com/openmcp-project/usage-operator/internal/controller"
+	"github.com/openmcp-project/usage-operator/internal/helper"
 	"github.com/openmcp-project/usage-operator/internal/runnable"
 	"github.com/openmcp-project/usage-operator/internal/usage"
 )
@@ -241,11 +242,16 @@ func (o *RunOptions) Run(ctx context.Context) error {
 	setupLog = o.Log.WithName("setup")
 	setupLog.Info("Environment", "value", o.Environment)
 
+	cluster, err := helper.GetOnboardingCluster(ctx, setupLog, o.PlatformCluster.Client())
+	if err != nil {
+		return fmt.Errorf("error when getting onboarding cluster: %w", err)
+	}
+
 	webhookServer := webhook.NewServer(webhook.Options{
 		TLSOpts: o.WebhookTLSOpts,
 	})
 
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+	mgr, err := ctrl.NewManager(cluster.RESTConfig(), ctrl.Options{
 		Scheme:                 scheme,
 		Metrics:                o.MetricsServerOptions,
 		WebhookServer:          webhookServer,

cmd/usage-operator/app/uninstall.go

@@ -5,14 +5,13 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/openmcp-project/controller-utils/pkg/clusters"
 	"github.com/openmcp-project/controller-utils/pkg/resources"
 	"github.com/openmcp-project/openmcp-operator/api/install"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
-	ctrl "sigs.k8s.io/controller-runtime"
 
 	"github.com/openmcp-project/usage-operator/api/crds"
+	"github.com/openmcp-project/usage-operator/internal/helper"
 )
 
 func NewUninstallCommand(so *SharedOptions) *cobra.Command {
@@ -63,8 +62,10 @@ func (o *UninstallOptions) Run(ctx context.Context) error {
 		return fmt.Errorf("error when getting crds: %w", err)
 	}
 
-	var cluster clusters.Cluster
-	cluster.WithRESTConfig(ctrl.GetConfigOrDie())
+	cluster, err := helper.GetOnboardingCluster(ctx, log, o.PlatformCluster.Client())
+	if err != nil {
+		return fmt.Errorf("error when getting onboarding cluster: %w", err)
+	}
 
 	if err := cluster.InitializeClient(install.InstallCRDAPIs(runtime.NewScheme())); err != nil {
 		return fmt.Errorf("error initializing client: %w", err)

go.mod

@@ -53,6 +53,7 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nxadm/tail v1.4.11 // indirect
+	github.com/openmcp-project/openmcp-operator/lib v0.8.3 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.22.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect

go.sum

@@ -104,6 +104,8 @@ github.com/openmcp-project/mcp-operator/api v0.30.0 h1:DqnoapCqzhgs/ypDsuSf01ltt
 github.com/openmcp-project/mcp-operator/api v0.30.0/go.mod h1:E7EPXYrmY4IpYtl6UGkppD7s5UZ6cKFZwN4ncIme7TY=
 github.com/openmcp-project/openmcp-operator/api v0.8.3 h1:s1c9kwvHUAkHZfSybb83Biw8qyia9pF4r2zxbfSM3qI=
 github.com/openmcp-project/openmcp-operator/api v0.8.3/go.mod h1:AflvCe/S41tO3x2rq4p+JnWxqVNtuwMn4LDPEVE00LE=
+github.com/openmcp-project/openmcp-operator/lib v0.8.3 h1:2bb1zbP6Si7/fUfXT9M5B0xQnd7O4zGJXaUoe9pDmcA=
+github.com/openmcp-project/openmcp-operator/lib v0.8.3/go.mod h1:oydIXRZoNDxtI4DI/JBUB08UPzvfdaKLqHvC4S4HXHQ=
 github.com/openmcp-project/project-workspace-operator/api v0.13.1 h1:Qq0110MdydwBHug5YFcRtHiN2Wtt9qJ5PYMvns/FiVY=
 github.com/openmcp-project/project-workspace-operator/api v0.13.1/go.mod h1:XFBFDMYCNFCNV5LQQs1FdStJ03ztrC5Exazbt9lZkvk=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

internal/helper/clusteraccess.go

@@ -0,0 +1,73 @@
+package helper
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/openmcp-project/controller-utils/pkg/clusters"
+	"github.com/openmcp-project/controller-utils/pkg/logging"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	clustersv1alpha1 "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1"
+	openmcpconstv1alpha1 "github.com/openmcp-project/openmcp-operator/api/constants"
+	"github.com/openmcp-project/openmcp-operator/lib/clusteraccess"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+
+	"github.com/openmcp-project/usage-operator/api"
+	usagev1 "github.com/openmcp-project/usage-operator/api/usage/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+func GetOnboardingCluster(ctx context.Context, log logging.Logger, client client.Client) (*clusters.Cluster, error) {
+	onboardingScheme := runtime.NewScheme()
+	utilruntime.Must(clientgoscheme.AddToScheme(onboardingScheme))
+	utilruntime.Must(usagev1.AddToScheme(onboardingScheme))
+	utilruntime.Must(clustersv1alpha1.AddToScheme(onboardingScheme))
+
+	providerSystemNamespace := os.Getenv(openmcpconstv1alpha1.EnvVariablePlatformClusterNamespace)
+	if providerSystemNamespace == "" {
+		log.Error(nil, fmt.Sprintf("environment variable %s is not set", openmcpconstv1alpha1.EnvVariablePlatformClusterNamespace))
+		return nil, fmt.Errorf("environment variable %s is not set", openmcpconstv1alpha1.EnvVariablePlatformClusterNamespace)
+	}
+
+	clusterAccessManager := clusteraccess.NewClusterAccessManager(client, api.UsageOperatorPlatformServiceName, providerSystemNamespace).
+		WithLogger(&log).
+		WithInterval(10 * time.Second).
+		WithTimeout(30 * time.Minute)
+
+	// TODO: Put the correct policies in there
+	onboardingCluster, err := clusterAccessManager.CreateAndWaitForCluster(ctx, "onboarding", clustersv1alpha1.PURPOSE_ONBOARDING,
+		onboardingScheme, []clustersv1alpha1.PermissionsRequest{
+			{
+				Rules: []rbacv1.PolicyRule{
+					{
+						APIGroups: []string{"core.openmcp.cloud"},
+						Resources: []string{"managedcontrolplanes", "managedcontrolplanes/status"},
+						Verbs:     []string{"get", "list"},
+					},
+					{
+						APIGroups: []string{"apiextensions.k8s.io"},
+						Resources: []string{"customresourcedefinitions"},
+						Verbs:     []string{"create", "delete"},
+					},
+					{
+						APIGroups: []string{"usage.openmcp.cloud"},
+						Resources: []string{"*"},
+						Verbs:     []string{"*"},
+					},
+				},
+			},
+		},
+	)
+	if err != nil {
+		log.Error(err, "error creating/updating onboarding cluster")
+		return nil, fmt.Errorf("error creating/updating onboarding cluster: %w", err)
+	}
+
+	return onboardingCluster, nil
+}