Merge pull request #1158 from stakater/feat/takeover-v2

Feat/takeover v2

Author: msafwankarim

.gitignore

@@ -9,7 +9,8 @@ _gopath/
 .vscode
 vendor
 dist
-Reloader
+/reloader
+/Reloader
 !**/chart/reloader
 !**/internal/reloader
 *.tgz

.goreleaser.yml

@@ -1,5 +1,7 @@
 builds:
-- env:
+- main: ./cmd/reloader
+  binary: reloader
+  env:
   - CGO_ENABLED=0
   goos:
   - windows
@@ -11,6 +13,11 @@ builds:
   - arm
   - arm64
   - ppc64le
+  ldflags:
+  - -s -w
+  - -X github.com/stakater/Reloader/internal/pkg/metadata.Version={{.Version}}
+  - -X github.com/stakater/Reloader/internal/pkg/metadata.Commit={{.Commit}}
+  - -X github.com/stakater/Reloader/internal/pkg/metadata.BuildDate={{.Date}}
 archives:
 - name_template: "{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
 snapshot:

Dockerfile

@@ -24,9 +24,8 @@ COPY go.sum go.sum
 RUN go mod download
 
 # Copy the go source
-COPY main.go main.go
+COPY cmd/ cmd/
 COPY internal/ internal/
-COPY pkg/ pkg/
 
 # Build
 RUN CGO_ENABLED=0 \
@@ -39,7 +38,7 @@ RUN CGO_ENABLED=0 \
          -X github.com/stakater/Reloader/pkg/common.Commit=${COMMIT} \
          -X github.com/stakater/Reloader/pkg/common.BuildDate=${BUILD_DATE} \
          -X github.com/stakater/Reloader/pkg/common.Edition=${EDITION}" \
-        -installsuffix 'static' -mod=mod -a -o manager ./
+        -installsuffix 'static' -mod=mod -a -o manager ./cmd/reloader
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Dockerfile.ubi

@@ -1,6 +1,7 @@
 ARG BUILDER_IMAGE
 ARG BASE_IMAGE
 
+# First stage: Build the binary (using the standard Dockerfile as builder)
 FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE} AS SRC
 
 FROM ${BASE_IMAGE:-registry.access.redhat.com/ubi9/ubi:9.8-1779374378} AS ubi

Makefile

@@ -23,10 +23,17 @@ BUILD=
 
 GOCMD = go
 GOFLAGS ?= $(GOFLAGS:)
-LDFLAGS =
 GOPROXY   ?=
 GOPRIVATE ?=
 
+# Version information for ldflags
+GIT_COMMIT ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown")
+BUILD_DATE ?= $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
+LDFLAGS = -s -w \
+	-X github.com/stakater/Reloader/internal/pkg/metadata.Version=$(VERSION) \
+	-X github.com/stakater/Reloader/internal/pkg/metadata.Commit=$(GIT_COMMIT) \
+	-X github.com/stakater/Reloader/internal/pkg/metadata.BuildDate=$(BUILD_DATE)
+
 ## Location to install dependencies to
 LOCALBIN ?= $(shell pwd)/bin
 $(LOCALBIN):
@@ -94,10 +101,10 @@ install:
 	"$(GOCMD)" mod download
 
 run:
-	go run ./main.go
+	go run ./cmd/reloader
 
 build:
-	"$(GOCMD)" build ${GOFLAGS} ${LDFLAGS} -o "${BINARY}"
+	"$(GOCMD)" build ${GOFLAGS} -ldflags '${LDFLAGS}' -o "${BINARY}" ./cmd/reloader
 
 lint: ## Run golangci-lint on the codebase
 	go tool golangci-lint run ./...
@@ -141,7 +148,7 @@ manifest:
 	docker manifest annotate --arch $(ARCH) $(REPOSITORY_GENERIC)  $(REPOSITORY_ARCH)
 
 test:
-	"$(GOCMD)" test -timeout 1800s -v -count=1 ./internal/... ./pkg/... ./test/e2e/utils/...
+	"$(GOCMD)" test -timeout 1800s -v -count=1 ./internal/... ./test/e2e/utils/...
 
 ##@ E2E Tests
 
@@ -199,8 +206,8 @@ apply:
 deploy: binary-image push apply
 
 .PHONY: k8s-manifests
-k8s-manifests: $(KUSTOMIZE) ## Generate k8s manifests using Kustomize from 'manifests' folder
-	$(KUSTOMIZE) build ./deployments/kubernetes/ -o ./deployments/kubernetes/reloader.yaml
+k8s-manifests: ## Generate k8s manifests using Kustomize from 'manifests' folder
+	go tool kustomize build ./deployments/kubernetes/ -o ./deployments/kubernetes/reloader.yaml
 
 .PHONY: update-manifests-version
 update-manifests-version: ## Generate k8s manifests using Kustomize from 'manifests' folder

cmd/reloader/main.go

@@ -0,0 +1,227 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	_ "net/http/pprof"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"github.com/go-logr/logr"
+	"github.com/go-logr/zerologr"
+	"github.com/rs/zerolog"
+	"github.com/spf13/cobra"
+	"k8s.io/client-go/discovery"
+	controllerruntime "sigs.k8s.io/controller-runtime"
+
+	"github.com/stakater/Reloader/internal/pkg/config"
+	"github.com/stakater/Reloader/internal/pkg/controller"
+	"github.com/stakater/Reloader/internal/pkg/metadata"
+	"github.com/stakater/Reloader/internal/pkg/metrics"
+	"github.com/stakater/Reloader/internal/pkg/openshift"
+)
+
+// Environment variable names for pod identity in HA mode.
+const (
+	podNameEnv      = "POD_NAME"
+	podNamespaceEnv = "POD_NAMESPACE"
+)
+
+// cfg holds the configuration for this reloader instance.
+var cfg *config.Config
+
+func main() {
+	if err := newReloaderCommand().Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func newReloaderCommand() *cobra.Command {
+	cfg = config.NewDefault()
+
+	cmd := &cobra.Command{
+		Use:   "reloader",
+		Short: "A watcher for your Kubernetes cluster",
+		RunE:  run,
+	}
+
+	config.BindFlags(cmd.PersistentFlags(), cfg)
+	return cmd
+}
+
+func run(cmd *cobra.Command, args []string) error {
+	if err := config.ApplyFlags(cfg); err != nil {
+		return fmt.Errorf("applying flags: %w", err)
+	}
+
+	if err := cfg.Validate(); err != nil {
+		return fmt.Errorf("validating config: %w", err)
+	}
+
+	if cfg.EnableHA {
+		if err := validateHAEnvs(); err != nil {
+			return err
+		}
+		cfg.LeaderElection.Identity = os.Getenv(podNameEnv)
+		if cfg.LeaderElection.Namespace == "" {
+			cfg.LeaderElection.Namespace = os.Getenv(podNamespaceEnv)
+		}
+	}
+
+	log, err := configureLogging(cfg.LogFormat, cfg.LogLevel)
+	if err != nil {
+		return fmt.Errorf("configuring logging: %w", err)
+	}
+
+	controllerruntime.SetLogger(log)
+
+	log.Info("Starting Reloader")
+
+	if cfg.WatchedNamespace != "" {
+		log.Info("watching single namespace", "namespace", cfg.WatchedNamespace)
+	} else {
+		log.Info("watching all namespaces")
+	}
+
+	if len(cfg.NamespaceSelectors) > 0 {
+		log.Info("namespace-selector is set", "selectors", cfg.NamespaceSelectorStrings)
+	}
+
+	if len(cfg.ResourceSelectors) > 0 {
+		log.Info("resource-label-selector is set", "selectors", cfg.ResourceSelectorStrings)
+	}
+
+	if cfg.WebhookURL != "" {
+		log.Info("webhook-url is set, will only send webhook, no resources will be reloaded", "url", cfg.WebhookURL)
+	}
+
+	if cfg.EnableHA {
+		log.Info(
+			"high-availability mode enabled",
+			"leaderElectionID", cfg.LeaderElection.LockName,
+			"leaderElectionNamespace", cfg.LeaderElection.Namespace,
+		)
+	}
+
+	collectors := metrics.SetupPrometheusEndpoint()
+
+	if config.ShouldAutoDetectOpenShift() {
+		restConfig := controllerruntime.GetConfigOrDie()
+		discoveryClient, err := discovery.NewDiscoveryClientForConfig(restConfig)
+		if err != nil {
+			log.V(1).Info("Failed to create discovery client for DeploymentConfig detection", "error", err)
+		} else if openshift.HasDeploymentConfigSupport(discoveryClient, log) {
+			cfg.DeploymentConfigEnabled = true
+		}
+	}
+
+	controller.AddOptionalSchemes(cfg.ArgoRolloutsEnabled, cfg.DeploymentConfigEnabled)
+
+	mgr, err := controller.NewManager(
+		controller.ManagerOptions{
+			Config:     cfg,
+			Log:        log,
+			Collectors: &collectors,
+		},
+	)
+	if err != nil {
+		return fmt.Errorf("creating manager: %w", err)
+	}
+
+	if err := controller.SetupReconcilers(mgr, cfg, log, &collectors); err != nil {
+		return fmt.Errorf("setting up reconcilers: %w", err)
+	}
+
+	// Skip metadata publisher when ConfigMaps are ignored (no RBAC permissions)
+	if !cfg.IsResourceIgnored("configmaps") {
+		if err := mgr.Add(metadata.Runnable(mgr.GetClient(), cfg, log)); err != nil {
+			log.Error(err, "Failed to add metadata publisher")
+			// Non-fatal, continue starting
+		}
+	} else {
+		log.Info("skipping metadata publisher (configmaps ignored)")
+	}
+
+	if cfg.EnablePProf {
+		go startPProfServer(log)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
+	go func() {
+		sig := <-sigCh
+		log.Info("Received signal, shutting down", "signal", sig)
+		cancel()
+	}()
+
+	log.Info("Starting controller manager")
+	if err := controller.RunManager(ctx, mgr, log); err != nil {
+		return fmt.Errorf("manager exited with error: %w", err)
+	}
+
+	log.Info("Reloader shutdown complete")
+	return nil
+}
+
+func configureLogging(logFormat, logLevel string) (logr.Logger, error) {
+	// Parse log level
+	var level zerolog.Level
+	switch logLevel {
+	case "trace":
+		level = zerolog.TraceLevel
+	case "debug":
+		level = zerolog.DebugLevel
+	case "info", "":
+		level = zerolog.InfoLevel
+	case "warn", "warning":
+		level = zerolog.WarnLevel
+	case "error":
+		level = zerolog.ErrorLevel
+	default:
+		return logr.Logger{}, fmt.Errorf("unsupported log level: %q", logLevel)
+	}
+
+	var zl zerolog.Logger
+	switch logFormat {
+	case "json":
+		zl = zerolog.New(os.Stdout).Level(level).With().Timestamp().Logger()
+	case "":
+		// Human-readable console output
+		zl = zerolog.New(
+			zerolog.ConsoleWriter{
+				Out:        os.Stdout,
+				TimeFormat: time.RFC3339,
+			},
+		).Level(level).With().Timestamp().Logger()
+	default:
+		return logr.Logger{}, fmt.Errorf("unsupported log format: %q", logFormat)
+	}
+
+	return zerologr.New(&zl), nil
+}
+
+func validateHAEnvs() error {
+	podName := os.Getenv(podNameEnv)
+	podNamespace := os.Getenv(podNamespaceEnv)
+
+	if podName == "" {
+		return fmt.Errorf("%s not set, cannot run in HA mode", podNameEnv)
+	}
+	if podNamespace == "" {
+		return fmt.Errorf("%s not set, cannot run in HA mode", podNamespaceEnv)
+	}
+	return nil
+}
+
+func startPProfServer(log logr.Logger) {
+	log.Info("Starting pprof server", "addr", cfg.PProfAddr)
+	if err := http.ListenAndServe(cfg.PProfAddr, nil); err != nil {
+		log.Error(err, "Failed to start pprof server")
+	}
+}

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -56,12 +56,12 @@ rules:
 {{- if and (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1") (.Values.reloader.isArgoRollouts) }}
   - apiGroups:
       - "argoproj.io"
-      - ""
     resources:
       - rollouts
     verbs:
       - list
       - get
+      - watch
       - update
       - patch
 {{- end }}
@@ -76,6 +76,7 @@ rules:
       - get
       - update
       - patch
+      - watch
 {{- if .Values.reloader.ignoreCronJobs }}{{- else }}
   - apiGroups:
       - "batch"
@@ -84,6 +85,9 @@ rules:
     verbs:
       - list
       - get
+      - watch
+      - update
+      - patch
 {{- end }}
 {{- if .Values.reloader.ignoreJobs }}{{- else }}
   - apiGroups:
@@ -95,6 +99,7 @@ rules:
       - delete
       - list
       - get
+      - watch
 {{- end}}
 {{- if .Values.reloader.enableHA }}
   - apiGroups:
@@ -105,17 +110,6 @@ rules:
       - create
       - get
       - update
-{{- end}}
-{{- if .Values.reloader.enableCSIIntegration }}
-  - apiGroups:
-      - "secrets-store.csi.x-k8s.io"
-    resources:
-      - secretproviderclasspodstatuses
-      - secretproviderclasses
-    verbs:
-      - list
-      - get
-      - watch
 {{- end}}
   - apiGroups:
       - ""