fix: update APIBinding references to v1alpha2 (attempt two)

cmd/initializer.go

@@ -7,7 +7,6 @@ import (
 	helmv2 "github.com/fluxcd/helm-controller/api/v2"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1"
 
-	"github.com/kcp-dev/logicalcluster/v3"
 	"github.com/kcp-dev/multicluster-provider/initializingworkspaces"
 	pmcontext "github.com/platform-mesh/golang-commons/context"
 	"github.com/spf13/cobra"
@@ -37,10 +36,13 @@ var initializerCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
+		k8sCfg := ctrl.GetConfigOrDie()
+
 		mgrOpts := ctrl.Options{
 			Scheme:                 scheme,
 			LeaderElection:         defaultCfg.LeaderElection.Enabled,
 			LeaderElectionID:       "security-operator-initializer.platform-mesh.io",
+			LeaderElectionConfig:   k8sCfg,
 			HealthProbeBindAddress: defaultCfg.HealthProbeBindAddress,
 			Metrics: server.Options{
 				BindAddress: defaultCfg.Metrics.BindAddress,
@@ -80,14 +82,12 @@ var initializerCmd = &cobra.Command{
 		utilruntime.Must(sourcev1.AddToScheme(runtimeScheme))
 		utilruntime.Must(helmv2.AddToScheme(runtimeScheme))
 
-		orgClient, err := logicalClusterClientFromKey(mgr.GetLocalManager(), log)(logicalcluster.Name("root:orgs"))
+		orgClient, err := logicalClusterClientFromKey(mgr.GetLocalManager(), log)("root:orgs")
 		if err != nil {
 			setupLog.Error(err, "Failed to create org client")
 			os.Exit(1)
 		}
 
-		k8sCfg := ctrl.GetConfigOrDie()
-
 		runtimeClient, err := client.New(k8sCfg, client.Options{Scheme: scheme})
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to create in cluster client")

cmd/model_generator.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 
 	"github.com/kcp-dev/multicluster-provider/apiexport"
+	kcpv1alpha2 "github.com/kcp-dev/sdk/apis/apis/v1alpha2"
 	platformeshcontext "github.com/platform-mesh/golang-commons/context"
 	appsv1 "k8s.io/api/apps/v1"
 
@@ -71,7 +72,8 @@ var modelGeneratorCmd = &cobra.Command{
 		}
 
 		provider, err := apiexport.New(restCfg, apiexport.Options{
-			Scheme: mgrOpts.Scheme,
+			Scheme:        mgrOpts.Scheme,
+			ObjectToWatch: &kcpv1alpha2.APIBinding{},
 		})
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to create apiexport provider")

cmd/operator.go

@@ -6,12 +6,13 @@ import (
 	"fmt"
 	"net/url"
 
-	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
-	// to ensure that exec-entrypoint and run can make use of them.
-	apisv1alpha1 "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1"
 	kcpcorev1alpha1 "github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1"
+
 	"github.com/kcp-dev/logicalcluster/v3"
 	"github.com/kcp-dev/multicluster-provider/apiexport"
+	kcpapisv1alpha1 "github.com/kcp-dev/sdk/apis/apis/v1alpha1"
+	kcpapisv1alpha2 "github.com/kcp-dev/sdk/apis/apis/v1alpha2"
+	kcptenancyv1alpha1 "github.com/kcp-dev/sdk/apis/tenancy/v1alpha1"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 	accountsv1alpha1 "github.com/platform-mesh/account-operator/api/v1alpha1"
 	"google.golang.org/grpc"
@@ -34,8 +35,6 @@ import (
 	"github.com/platform-mesh/golang-commons/sentry"
 	"github.com/spf13/cobra"
 
-	kcptenancyv1alphav1 "github.com/kcp-dev/kcp/sdk/apis/tenancy/v1alpha1"
-
 	corev1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1"
 	"github.com/platform-mesh/security-operator/internal/controller"
 	// +kubebuilder:scaffold:imports
@@ -126,7 +125,8 @@ var operatorCmd = &cobra.Command{
 		}
 
 		provider, err := apiexport.New(restCfg, apiexport.Options{
-			Scheme: mgrOpts.Scheme,
+			Scheme:        mgrOpts.Scheme,
+			ObjectToWatch: &kcpapisv1alpha2.APIBinding{},
 		})
 		if err != nil {
 			setupLog.Error(err, "unable to construct cluster provider")
@@ -191,10 +191,12 @@ var operatorCmd = &cobra.Command{
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
-	utilruntime.Must(kcptenancyv1alphav1.AddToScheme(scheme))
-	utilruntime.Must(corev1alpha1.AddToScheme(scheme))
-	utilruntime.Must(apisv1alpha1.AddToScheme(scheme))
+	utilruntime.Must(kcpapisv1alpha1.AddToScheme(scheme))
+	utilruntime.Must(kcpapisv1alpha2.AddToScheme(scheme))
+	utilruntime.Must(kcptenancyv1alpha1.AddToScheme(scheme))
 	utilruntime.Must(kcpcorev1alpha1.AddToScheme(scheme))
+
 	utilruntime.Must(accountsv1alpha1.AddToScheme(scheme))
+	utilruntime.Must(corev1alpha1.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }

go.mod

@@ -2,21 +2,20 @@ module github.com/platform-mesh/security-operator
 
 go 1.25.0
 
-replace github.com/kcp-dev/multicluster-provider v0.2.0 => github.com/kcp-dev/multicluster-provider v0.0.0-20250827085327-2b5ca378b7b4
-
 require (
 	github.com/coreos/go-oidc v2.4.0+incompatible
 	github.com/fluxcd/helm-controller/api v1.4.5
 	github.com/fluxcd/source-controller/api v1.7.4
 	github.com/go-logr/logr v1.4.3
-	github.com/google/gnostic-models v0.7.1
-	github.com/kcp-dev/kcp/sdk v0.28.1-0.20250926104223-cec2e15f24c6
+	github.com/google/gnostic-models v0.7.0
+	github.com/kcp-dev/kcp/sdk v0.28.3
 	github.com/kcp-dev/logicalcluster/v3 v3.0.5
-	github.com/kcp-dev/multicluster-provider v0.2.0
+	github.com/kcp-dev/multicluster-provider v0.2.1
+	github.com/kcp-dev/sdk v0.29.0
 	github.com/openfga/api/proto v0.0.0-20251105142303-feed3db3d69d
 	github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251027165255-0f8f255e5f6c
-	github.com/platform-mesh/account-operator v0.5.31
-	github.com/platform-mesh/golang-commons v0.8.2
+	github.com/platform-mesh/account-operator v0.5.32
+	github.com/platform-mesh/golang-commons v0.9.0
 	github.com/rs/zerolog v1.34.0
 	github.com/spf13/cobra v1.10.1
 	github.com/spf13/viper v1.21.0
@@ -30,7 +29,7 @@ require (
 	k8s.io/client-go v0.34.2
 	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
 	sigs.k8s.io/controller-runtime v0.22.4
-	sigs.k8s.io/multicluster-runtime v0.21.0-alpha.9
+	sigs.k8s.io/multicluster-runtime v0.22.0-beta.0
 	sigs.k8s.io/yaml v1.6.0
 )
 
@@ -68,7 +67,7 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/kcp-dev/apimachinery/v2 v2.0.1-0.20250728122101-adbf20db3e51 // indirect
+	github.com/kcp-dev/apimachinery/v2 v2.29.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect

go.sum

@@ -84,8 +84,8 @@ github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
 github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ=
 github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM=
-github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c=
-github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
+github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
+github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -110,14 +110,16 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kcp-dev/apimachinery/v2 v2.0.1-0.20250728122101-adbf20db3e51 h1:l38RDS+VUMx9etvyaCgJIZa4nM7FaNevNubWN0kDZY4=
-github.com/kcp-dev/apimachinery/v2 v2.0.1-0.20250728122101-adbf20db3e51/go.mod h1:rF1jfvUfPjFXs+HV/LN1BtPzAz1bfjJOwVa+hAVfroQ=
-github.com/kcp-dev/kcp/sdk v0.28.1-0.20250926104223-cec2e15f24c6 h1:bOR4mdLD24VCJRrHxmtTh21AdbbzkBBKkEh0ngL+XTc=
-github.com/kcp-dev/kcp/sdk v0.28.1-0.20250926104223-cec2e15f24c6/go.mod h1:aC2BPGPvy8QtkI2gQNH9NfW6xpfGIKZkR93gy9O02BE=
+github.com/kcp-dev/apimachinery/v2 v2.29.0 h1:hoIomHs0v8N9+kvKYfjM/tVh5l27NH1zCDUV0kRLxn4=
+github.com/kcp-dev/apimachinery/v2 v2.29.0/go.mod h1:KizREtsxF5malriCj+Cr87TghwHQIMZYXbVycNBbGHs=
+github.com/kcp-dev/kcp/sdk v0.28.3 h1:TS2nJOVBjenBd3fz1+y3aNrqZWqmakalNAIcQM9SukQ=
+github.com/kcp-dev/kcp/sdk v0.28.3/go.mod h1:8oZpWxkoMu2TDpx5DgdIGDigByKHKkeqVMA4GiWneoI=
 github.com/kcp-dev/logicalcluster/v3 v3.0.5 h1:JbYakokb+5Uinz09oTXomSUJVQsqfxEvU4RyHUYxHOU=
 github.com/kcp-dev/logicalcluster/v3 v3.0.5/go.mod h1:EWBUBxdr49fUB1cLMO4nOdBWmYifLbP1LfoL20KkXYY=
-github.com/kcp-dev/multicluster-provider v0.0.0-20250827085327-2b5ca378b7b4 h1:GUihV22j2J/cGF5Svr/zGVvfqTJepIO+sOnYTn9o4Vc=
-github.com/kcp-dev/multicluster-provider v0.0.0-20250827085327-2b5ca378b7b4/go.mod h1:E/NxN2SMtC7b6iXgFMlQYWA7lJIfDPqRkPdvpxOEQLA=
+github.com/kcp-dev/multicluster-provider v0.2.1 h1:viYs6wks/yCGnLsrQq8zu/jVlCuyyJT2VRjpMAI/PH8=
+github.com/kcp-dev/multicluster-provider v0.2.1/go.mod h1:dm7L8PEB2ovbJY+G9E0zalH0qQj01QwQrrNOssG5sbw=
+github.com/kcp-dev/sdk v0.29.0 h1:zXJjtcKNduy8MntSdf2CoXSMVWybptPJwq0zKBkf0Iw=
+github.com/kcp-dev/sdk v0.29.0/go.mod h1:iOA3cEMbI7jeLHbfc0GlHSXRHfyhOWC0NDEJRdNcBY8=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
@@ -159,10 +161,10 @@ github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4
 github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/platform-mesh/account-operator v0.5.31 h1:NWAs5nAS/afrIuZFDhu8A5O37Xkn5mFIGR+q2ZTYIko=
-github.com/platform-mesh/account-operator v0.5.31/go.mod h1:LoJBFsEKJJqSFBf8k7MW1NGC/ZRhG8BrYevexpKqYUg=
-github.com/platform-mesh/golang-commons v0.8.2 h1:FwXFusbVrRm7mx0vUg9Ya0x5mb7rKAJxi99mZcmz9lc=
-github.com/platform-mesh/golang-commons v0.8.2/go.mod h1:yelLTXhu6JUUpMYLH+QyT1FwAp1SB2kRrfxtQ1sqiyg=
+github.com/platform-mesh/account-operator v0.5.32 h1:ignUxAlRUFOqQtqpol2P/40h18qN5OUkN6E0dKEZjx8=
+github.com/platform-mesh/account-operator v0.5.32/go.mod h1:Zk2wmY6pFx4MFh5RNpjYQD5d6wR77YZOBfuz2F2Dd6k=
+github.com/platform-mesh/golang-commons v0.9.0 h1:vqqwYLq8U3Mm9vFTbgcp5fhE/79UbQY5H0yIZBVMYMc=
+github.com/platform-mesh/golang-commons v0.9.0/go.mod h1:yelLTXhu6JUUpMYLH+QyT1FwAp1SB2kRrfxtQ1sqiyg=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -342,8 +344,8 @@ sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327U
 sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
-sigs.k8s.io/multicluster-runtime v0.21.0-alpha.9 h1:baonM4f081WWct3U7O4EfqrxcUGtmCrFDbsT1FQ8xlo=
-sigs.k8s.io/multicluster-runtime v0.21.0-alpha.9/go.mod h1:CpBzLMLQKdm+UCchd2FiGPiDdCxM5dgCCPKuaQ6Fsv0=
+sigs.k8s.io/multicluster-runtime v0.22.0-beta.0 h1:9NbjTISwohf5oLNWV96cWVISm/G4CzR8v5zOvnC/7nY=
+sigs.k8s.io/multicluster-runtime v0.22.0-beta.0/go.mod h1:4e/q1PCYE75S76Fd4nrPY3cbnj1TXjnjYfJ5ysQyaMw=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
 sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=

hack/update-kubeconfig.sh

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+SECRET_DIR="$PROJECT_ROOT/.secret"
+KCP_KUBECONFIG="$PROJECT_ROOT/../helm-charts/.secret/kcp/admin.kubeconfig"
+KCP_SERVER="https://kcp.api.portal.dev.local:8443/clusters/root:platform-mesh-system"
+
+OPERATOR_YAML="$SECRET_DIR/operator.yaml"
+INITIALIZER_YAML="$SECRET_DIR/initializer.yaml"
+RUNTIME_YAML="$SECRET_DIR/runtime.yaml"
+
+echo "Retrieving kind kubeconfig and saving as runtime.yaml..."
+
+if ! kind get clusters | grep -q "^platform-mesh$"; then
+    echo "Error: Kind cluster 'platform-mesh' not found"
+    echo "Available clusters:"
+    kind get clusters
+    exit 1
+fi
+
+kind export kubeconfig --name platform-mesh --kubeconfig="$RUNTIME_YAML"
+echo "Saved kind kubeconfig to $RUNTIME_YAML"
+
+echo ""
+echo "Retrieving credentials from KCP kubeconfig..."
+
+if [ ! -f "$KCP_KUBECONFIG" ]; then
+    echo "Error: KCP kubeconfig not found at $KCP_KUBECONFIG"
+    exit 1
+fi
+
+CA_DATA=$(yq eval '.clusters[] | select(.name == "workspace.kcp.io/current") | .cluster.certificate-authority-data' "$KCP_KUBECONFIG")
+CLIENT_CERT_DATA=$(yq eval '.users[] | select(.name == "kcp-admin") | .user.client-certificate-data' "$KCP_KUBECONFIG")
+CLIENT_KEY_DATA=$(yq eval '.users[] | select(.name == "kcp-admin") | .user.client-key-data' "$KCP_KUBECONFIG")
+
+if [ "$CA_DATA" == "null" ] || [ -z "$CA_DATA" ]; then
+    echo "Error: Failed to extract certificate-authority-data from kubeconfig"
+    exit 1
+fi
+
+if [ "$CLIENT_CERT_DATA" == "null" ] || [ -z "$CLIENT_CERT_DATA" ]; then
+    echo "Error: Failed to extract client-certificate-data from kubeconfig"
+    exit 1
+fi
+
+if [ "$CLIENT_KEY_DATA" == "null" ] || [ -z "$CLIENT_KEY_DATA" ]; then
+    echo "Error: Failed to extract client-key-data from kubeconfig"
+    exit 1
+fi
+
+echo "Updating certificate-authority-data and user info in $OPERATOR_YAML"
+yq eval ".clusters[0].cluster.certificate-authority-data = \"$CA_DATA\"" -i "$OPERATOR_YAML"
+yq eval ".users[0].user.client-certificate-data = \"$CLIENT_CERT_DATA\"" -i "$OPERATOR_YAML"
+yq eval ".users[0].user.client-key-data = \"$CLIENT_KEY_DATA\"" -i "$OPERATOR_YAML"
+
+echo "Updating certificate-authority-data and user info in $INITIALIZER_YAML"
+yq eval ".clusters[0].cluster.certificate-authority-data = \"$CA_DATA\"" -i "$INITIALIZER_YAML"
+yq eval ".users[0].user.client-certificate-data = \"$CLIENT_CERT_DATA\"" -i "$INITIALIZER_YAML"
+yq eval ".users[0].user.client-key-data = \"$CLIENT_KEY_DATA\"" -i "$INITIALIZER_YAML"
+yq eval ".clusters[0].cluster.server = \"https://kcp.api.portal.dev.local:8443/services/initializingworkspaces/root:security\"" -i "$INITIALIZER_YAML"
+
+echo ""
+echo "Retrieving KCP APIExport server URL..."
+
+export KUBECONFIG="$KCP_KUBECONFIG"
+SERVER_URL=$(kubectl get apiexportendpointslices.apis.kcp.io core.platform-mesh.io -oyaml --server="$KCP_SERVER" | yq eval '.status.endpoints[0].url' -)
+unset KUBECONFIG
+
+if [ "$SERVER_URL" == "null" ] || [ -z "$SERVER_URL" ]; then
+    echo "Error: Failed to extract server URL from APIExportEndpointSlice"
+    exit 1
+fi
+
+echo "Found KCP server URL: $SERVER_URL"
+echo "Updating server URL in $OPERATOR_YAML"
+yq eval ".clusters[0].cluster.server = \"$SERVER_URL\"" -i "$OPERATOR_YAML"
+
+echo ""
+echo "Successfully updated kubeconfig data in operator.yaml and initializer.yaml"

internal/controller/apibinding_controller.go

@@ -3,7 +3,7 @@ package controller
 import (
 	"context"
 
-	kcpv1alpha1 "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1"
+	kcpv1alpha2 "github.com/kcp-dev/sdk/apis/apis/v1alpha2"
 	platformeshconfig "github.com/platform-mesh/golang-commons/config"
 	"github.com/platform-mesh/golang-commons/controller/lifecycle/builder"
 	lifecyclesubroutine "github.com/platform-mesh/golang-commons/controller/lifecycle/subroutine"
@@ -35,9 +35,9 @@ type APIBindingReconciler struct {
 
 func (r *APIBindingReconciler) Reconcile(ctx context.Context, req mcreconcile.Request) (ctrl.Result, error) {
 	ctxWithCluster := mccontext.WithCluster(ctx, req.ClusterName)
-	return r.mclifecycle.Reconcile(ctxWithCluster, req, &kcpv1alpha1.APIBinding{})
+	return r.mclifecycle.Reconcile(ctxWithCluster, req, &kcpv1alpha2.APIBinding{})
 }
 
 func (r *APIBindingReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platformeshconfig.CommonServiceConfig, evp ...predicate.Predicate) error {
-	return r.mclifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "apibinding-controller", &kcpv1alpha1.APIBinding{}, cfg.DebugLabelValue, r, r.log, evp...)
+	return r.mclifecycle.SetupWithManager(mgr, cfg.MaxConcurrentReconciles, "apibinding-controller", &kcpv1alpha2.APIBinding{}, cfg.DebugLabelValue, r, r.log, evp...)
 }

internal/controller/initializer_controller.go

@@ -26,15 +26,15 @@ type LogicalClusterReconciler struct {
 	mclifecycle *multicluster.LifecycleManager
 }
 
-func NewLogicalClusterReconciler(log *logger.Logger, orgClient client.Client, cfg config.Config, inClusterClient client.Client, mgr mcmanager.Manager) *LogicalClusterReconciler {
+func NewLogicalClusterReconciler(log *logger.Logger, orgClient client.Client, cfg config.Config, runtimeClient client.Client, mgr mcmanager.Manager) *LogicalClusterReconciler {
 	return &LogicalClusterReconciler{
 		log: log,
 		mclifecycle: builder.NewBuilder("logicalcluster", "LogicalClusterReconciler", []lifecyclesubroutine.Subroutine{
 			subroutine.NewWorkspaceInitializer(orgClient, cfg, mgr),
-			subroutine.NewWorkspaceAuthConfigurationSubroutine(orgClient, inClusterClient, cfg),
-			subroutine.NewRealmSubroutine(inClusterClient, &cfg, cfg.BaseDomain),
+			subroutine.NewWorkspaceAuthConfigurationSubroutine(orgClient, runtimeClient, cfg),
+			subroutine.NewRealmSubroutine(runtimeClient, &cfg, cfg.BaseDomain),
 			subroutine.NewInviteSubroutine(orgClient, mgr),
-			subroutine.NewRemoveInitializer(mgr, cfg, inClusterClient),
+			subroutine.NewRemoveInitializer(mgr, cfg, runtimeClient),
 		}, log).
 			WithReadOnly().
 			BuildMultiCluster(mgr),