feat: added multi-cluster runtime (#90)

* feat: added multi-cluster runtime

On-behalf-of: SAP [email protected]

* chore: removed commented code

On-behalf-of: SAP [email protected]

* chore: refactored imports

On-behalf-of: SAP [email protected]

* feat: used mccontext and added condition manager

On-behalf-of: SAP [email protected]

* chore: removed completed todo

On-behalf-of: SAP [email protected]

* feat: added initilizer's clean up using initializing provider, removed context with timeout

On-behalf-of: SAP [email protected]

* feat: made initializer name configurable

On-behalf-of: SAP [email protected]

* fix: fixed merge errors

On-behalf-of: SAP [email protected]

* chore: showcase mcruntime integration

* fix: startup of manager

* fix.

* chore: updated model generated controller

On-behalf-of: SAP [email protected]

* Update internal/subroutine/remove_initializer.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* feat: used multi-cluster runtime in operator contoller

On-behalf-of: SAP [email protected]

* updated go version

On-behalf-of: SAP [email protected]

* updated go version in docker file

On-behalf-of: SAP [email protected]

* feat: removed specific lc clients

On-behalf-of: SAP [email protected]

* feat: updated tests

On-behalf-of: SAP [email protected]

* chore: format fix

On-behalf-of: SAP [email protected]

* fix: fixed merge errors

On-behalf-of: SAP [email protected]

* improve test coverage

On-behalf-of: SAP [email protected]

* improve tracehold for remove initializer subroutine

On-behalf-of: SAP [email protected]

* fix: fixed errors related to pointing wrong logical cluster

On-behalf-of: SAP [email protected]

* fix: fixed tests

On-behalf-of: SAP [email protected]

* fix: removed wrong file

On-behalf-of: SAP [email protected]

* feat: support additional redirectURLs for the clients (#99)

* feat: support additional redirectURLs for the clients

* chore: linter errors

---------

Co-authored-by: aaronschweig <[email protected]>
Co-authored-by: Aaron Schweig <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Author: 3 people

.mockery.yaml

@@ -13,3 +13,17 @@ packages:
       outpkg: mocks
     interfaces:
       Client:
+
+  sigs.k8s.io/multicluster-runtime/pkg/manager:
+    config:
+      dir: internal/subroutine/mocks
+      outpkg: mocks
+    interfaces:
+      Manager:
+
+  sigs.k8s.io/controller-runtime/pkg/cluster:
+      config:
+        dir: internal/subroutine/mocks
+        outpkg: mocks
+      interfaces:
+        Cluster:

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.24.6-bullseye AS builder
+FROM golang:1.25.2-bookworm AS builder
 ARG TARGETOS
 ARG TARGETARCH
 

cmd/initializer.go

@@ -6,24 +6,29 @@ import (
 
 	helmv2 "github.com/fluxcd/helm-controller/api/v2"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1"
+
 	"github.com/kcp-dev/logicalcluster/v3"
+	"github.com/kcp-dev/multicluster-provider/initializingworkspaces"
+	pmcontext "github.com/platform-mesh/golang-commons/context"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/kcp"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
 	"github.com/platform-mesh/security-operator/internal/controller"
+	mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
 )
 
 var initializerCmd = &cobra.Command{
 	Use:   "initializer",
 	Short: "FGA initializer for the organization workspacetype",
 	RunE: func(cmd *cobra.Command, args []string) error {
+		ctx, _, shutdown := pmcontext.StartContext(log, appCfg, defaultCfg.ShutdownTimeout)
+		defer shutdown()
 
 		mgrCfg := ctrl.GetConfigOrDie()
 
@@ -50,7 +55,17 @@ var initializerCmd = &cobra.Command{
 			}
 			mgrOpts.LeaderElectionConfig = inClusterCfg
 		}
-		mgr, err := kcp.NewClusterAwareManager(mgrCfg, mgrOpts)
+
+		provider, err := initializingworkspaces.New(mgrCfg, initializingworkspaces.Options{
+			InitializerName: appCfg.InitializerName,
+			Scheme:          mgrOpts.Scheme,
+		})
+		if err != nil {
+			log.Error().Err(err).Msg("unable to construct cluster provider")
+			os.Exit(1)
+		}
+
+		mgr, err := mcmanager.New(mgrCfg, provider, mgrOpts)
 		if err != nil {
 			setupLog.Error(err, "Failed to create manager")
 			os.Exit(1)
@@ -60,7 +75,7 @@ var initializerCmd = &cobra.Command{
 		utilruntime.Must(sourcev1.AddToScheme(runtimeScheme))
 		utilruntime.Must(helmv2.AddToScheme(runtimeScheme))
 
-		orgClient, err := logicalClusterClientFromKey(mgr, log)(logicalcluster.Name("root:orgs"))
+		orgClient, err := logicalClusterClientFromKey(mgr.GetLocalManager(), log)(logicalcluster.Name("root:orgs"))
 		if err != nil {
 			setupLog.Error(err, "Failed to create org client")
 			os.Exit(1)
@@ -78,7 +93,12 @@ var initializerCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
-		if err := controller.NewLogicalClusterReconciler(log, mgrCfg, mgr.GetClient(), orgClient, appCfg, inClusterClient).SetupWithManager(mgr, defaultCfg, log); err != nil {
+		if appCfg.IDP.AdditionalRedirectURLs == nil {
+			appCfg.IDP.AdditionalRedirectURLs = []string{}
+		}
+
+		if err := controller.NewLogicalClusterReconciler(log, orgClient, appCfg, inClusterClient, mgr).
+			SetupWithManager(mgr, defaultCfg); err != nil {
 			setupLog.Error(err, "unable to create controller", "controller", "LogicalCluster")
 			os.Exit(1)
 		}
@@ -92,6 +112,12 @@ var initializerCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
+		go func() {
+			if err := provider.Run(ctx, mgr); err != nil {
+				log.Fatal().Err(err).Msg("unable to run provider")
+			}
+		}()
+
 		setupLog.Info("starting manager")
 
 		return mgr.Start(ctrl.SetupSignalHandler())

cmd/model_generator.go

@@ -3,7 +3,9 @@ package cmd
 import (
 	"context"
 	"crypto/tls"
+	"fmt"
 
+	"github.com/kcp-dev/multicluster-provider/apiexport"
 	platformeshcontext "github.com/platform-mesh/golang-commons/context"
 	appsv1 "k8s.io/api/apps/v1"
 
@@ -13,9 +15,9 @@ import (
 	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/kcp"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
 
 	securityv1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1"
 	"github.com/platform-mesh/security-operator/internal/controller"
@@ -56,18 +58,31 @@ var modelGeneratorCmd = &cobra.Command{
 			}
 			mgrOpts.LeaderElectionConfig = inClusterCfg
 		}
+		runtimeScheme := runtime.NewScheme()
+		utilruntime.Must(appsv1.AddToScheme(runtimeScheme))
+		utilruntime.Must(securityv1alpha1.AddToScheme(runtimeScheme))
 
-		mgr, err := kcp.NewClusterAwareManager(cfg, mgrOpts)
+		if mgrOpts.Scheme == nil {
+			log.Error().Err(fmt.Errorf("scheme should not be nil")).Msg("scheme should not be nil")
+			return fmt.Errorf("scheme should not be nil")
+		}
+
+		provider, err := apiexport.New(cfg, apiexport.Options{
+			Scheme: mgrOpts.Scheme,
+		})
 		if err != nil {
-			setupLog.Error(err, "unable to setup manager")
+			log.Error().Err(err).Msg("Failed to create apiexport provider")
+			return err
 		}
 
-		runtimeScheme := runtime.NewScheme()
-		utilruntime.Must(appsv1.AddToScheme(runtimeScheme))
-		utilruntime.Must(securityv1alpha1.AddToScheme(runtimeScheme))
+		mgr, err := mcmanager.New(cfg, provider, mgrOpts)
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to create manager")
+			return err
+		}
 
-		if err := controller.NewAPIBindingReconciler(mgr.GetClient(), log, logicalClusterClientFromKey(mgr, log)).
-			SetupWithManager(mgr, log, defaultCfg); err != nil {
+		if err := controller.NewAPIBindingReconciler(log, mgr).
+			SetupWithManager(mgr, defaultCfg); err != nil {
 			setupLog.Error(err, "unable to create controller", "controller", "Resource")
 			return err
 		}
@@ -81,6 +96,12 @@ var modelGeneratorCmd = &cobra.Command{
 			return err
 		}
 
+		go func() {
+			if err := provider.Run(ctx, mgr); err != nil {
+				log.Fatal().Err(err).Msg("unable to run provider")
+			}
+		}()
+
 		setupLog.Info("starting manager")
 		if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
 			setupLog.Error(err, "problem running manager")

cmd/operator.go

@@ -11,6 +11,7 @@ import (
 	apisv1alpha1 "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1"
 	kcpcorev1alpha1 "github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1"
 	"github.com/kcp-dev/logicalcluster/v3"
+	"github.com/kcp-dev/multicluster-provider/apiexport"
 	accountsv1alpha1 "github.com/platform-mesh/account-operator/api/v1alpha1"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
@@ -23,8 +24,9 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/kcp"
+
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
 
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 	platformeshcontext "github.com/platform-mesh/golang-commons/context"
@@ -35,15 +37,16 @@ import (
 	kcptenancyv1alphav1 "github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1"
 	corev1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1"
 	"github.com/platform-mesh/security-operator/internal/controller"
-	"github.com/platform-mesh/security-operator/internal/subroutine"
 	// +kubebuilder:scaffold:imports
 )
 
 var (
 	scheme = runtime.NewScheme()
 )
 
-func logicalClusterClientFromKey(mgr ctrl.Manager, log *logger.Logger) subroutine.NewLogicalClusterClientFunc {
+type NewLogicalClusterClientFunc func(clusterKey logicalcluster.Name) (client.Client, error)
+
+func logicalClusterClientFromKey(mgr ctrl.Manager, log *logger.Logger) NewLogicalClusterClientFunc {
 	return func(clusterKey logicalcluster.Name) (client.Client, error) {
 		cfg := rest.CopyConfig(mgr.GetConfig())
 
@@ -55,6 +58,8 @@ func logicalClusterClientFromKey(mgr ctrl.Manager, log *logger.Logger) subroutin
 
 		parsed.Path = fmt.Sprintf("/clusters/%s", clusterKey)
 
+		log.Info().Msg(fmt.Sprintf("HOST from logical cluster client from key -- %s", parsed.String()))
+
 		cfg.Host = parsed.String()
 
 		return client.New(cfg, client.Options{
@@ -110,9 +115,22 @@ var operatorCmd = &cobra.Command{
 			mgrOpts.LeaderElectionConfig = inClusterCfg
 		}
 
-		mgr, err := kcp.NewClusterAwareManager(cfg, mgrOpts)
+		if mgrOpts.Scheme == nil {
+			log.Error().Err(fmt.Errorf("scheme should not be nil")).Msg("scheme should not be nil")
+			return fmt.Errorf("scheme should not be nil")
+		}
+
+		provider, err := apiexport.New(cfg, apiexport.Options{
+			Scheme: mgrOpts.Scheme,
+		})
+		if err != nil {
+			setupLog.Error(err, "unable to construct cluster provider")
+			return err
+		}
+
+		mgr, err := mcmanager.New(cfg, provider, mgrOpts)
 		if err != nil {
-			log.Error().Err(err).Msg("unable to start manager")
+			setupLog.Error(err, "Failed to create manager")
 			return err
 		}
 
@@ -124,14 +142,14 @@ var operatorCmd = &cobra.Command{
 
 		fga := openfgav1.NewOpenFGAServiceClient(conn)
 
-		if err = controller.NewStoreReconciler(log, mgr.GetClient(), fga, logicalClusterClientFromKey(mgr, log)).
-			SetupWithManager(mgr, defaultCfg, log); err != nil {
+		if err = controller.NewStoreReconciler(log, fga, mgr).
+			SetupWithManager(mgr, defaultCfg); err != nil {
 			log.Error().Err(err).Str("controller", "store").Msg("unable to create controller")
 			return err
 		}
 		if err = controller.
-			NewAuthorizationModelReconciler(log, mgr.GetClient(), fga, logicalClusterClientFromKey(mgr, log)).
-			SetupWithManager(mgr, defaultCfg, log); err != nil {
+			NewAuthorizationModelReconciler(log, fga, mgr).
+			SetupWithManager(mgr, defaultCfg); err != nil {
 			log.Error().Err(err).Str("controller", "authorizationmodel").Msg("unable to create controller")
 			return err
 		}
@@ -146,6 +164,12 @@ var operatorCmd = &cobra.Command{
 			return err
 		}
 
+		go func() {
+			if err := provider.Run(ctx, mgr); err != nil {
+				log.Fatal().Err(err).Msg("unable to run provider")
+			}
+		}()
+
 		setupLog.Info("starting manager")
 		if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
 			log.Error().Err(err).Msg("problem running manager")