feat: adds cluster's ownerref on cilium helm values source object

Author: manoj-nutanix

docs/content/addons/cni.md

@@ -75,8 +75,6 @@ data:
       mode: kubernetes
 kind: ConfigMap
 metadata:
-  labels:
-    clusterctl.cluster.x-k8s.io/move: ""
   name: <CLUSTER_NAME>-cilium-cni-helm-values-template
   namespace: <CLUSTER_NAMESPACE>
 ```
@@ -94,8 +92,6 @@ stringData:
       mode: kubernetes
 kind: Secret
 metadata:
-  labels:
-    clusterctl.cluster.x-k8s.io/move: ""
   name: <CLUSTER_NAME>-cilium-cni-helm-values-template
   namespace: <CLUSTER_NAMESPACE>
 type: Opaque

pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/go-logr/logr"
 	"github.com/spf13/pflag"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
@@ -84,10 +85,13 @@ func (p *provider) Apply(
 	// However, that would leave the credentials visible in the HelmChartProxy.
 	// Instead, we'll create the Secret on the remote cluster and reference it in the Helm values.
 	if clusterConfig.Addons.CCM.Credentials != nil {
-		err := handlersutils.EnsureOwnerReferenceForSecret(
+		err := handlersutils.EnsureClusterOwnerReferenceForObject(
 			ctx,
 			p.client,
-			clusterConfig.Addons.CCM.Credentials.SecretRef.Name,
+			&corev1.TypedLocalObjectReference{
+				Kind: "Secret",
+				Name: clusterConfig.Addons.CCM.Credentials.SecretRef.Name,
+			},
 			cluster,
 		)
 		if err != nil {

pkg/handlers/generic/lifecycle/cni/cilium/handler.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 
 	"github.com/spf13/pflag"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
@@ -22,6 +23,7 @@ import (
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/lifecycle/addons"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/lifecycle/config"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/options"
+	handlersutils "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/utils"
 )
 
 type CNIConfig struct {
@@ -183,6 +185,33 @@ func (c *CiliumCNI) apply(
 			helmValuesSourceRefName = cniVar.Values.SourceRef.Name
 			// Use cluster's namespace since Values.SourceRef is always a LocalObjectReference
 			targetNamespace = cluster.Namespace
+
+			err := handlersutils.EnsureClusterOwnerReferenceForObject(
+				ctx,
+				c.client,
+				&corev1.TypedLocalObjectReference{
+					Kind: cniVar.Values.SourceRef.Kind,
+					Name: cniVar.Values.SourceRef.Name,
+				},
+				cluster,
+			)
+			if err != nil {
+				log.Error(
+					err,
+					"error updating Cluster's owner reference on cilium helm values source object",
+					"name",
+					cniVar.Values.SourceRef.Name,
+					"kind",
+					cniVar.Values.SourceRef.Kind,
+				)
+				resp.SetStatus(runtimehooksv1.ResponseStatusFailure)
+				resp.SetMessage(
+					fmt.Sprintf(
+						"failed to set Cluster's owner reference on cilium helm values source object: %v",
+						err,
+					),
+				)
+			}
 		}
 
 		strategy = addons.NewHelmAddonApplier(

pkg/handlers/generic/lifecycle/csi/nutanix/handler.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/go-logr/logr"
 	"github.com/spf13/pflag"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/utils/ptr"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
@@ -108,10 +109,13 @@ func (n *NutanixCSI) Apply(
 	}
 
 	if provider.Credentials != nil {
-		err := handlersutils.EnsureOwnerReferenceForSecret(
+		err := handlersutils.EnsureClusterOwnerReferenceForObject(
 			ctx,
 			n.client,
-			provider.Credentials.SecretRef.Name,
+			&corev1.TypedLocalObjectReference{
+				Kind: "Secret",
+				Name: provider.Credentials.SecretRef.Name,
+			},
 			cluster,
 		)
 		if err != nil {

pkg/handlers/generic/mutation/imageregistries/credentials/inject.go

@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -287,10 +288,13 @@ func ensureOwnerReferenceOnCredentialsSecrets(
 		if secretName := handlersutils.SecretNameForImageRegistryCredentials(credential); secretName != "" {
 			// Ensure the Secret is owned by the Cluster so it is correctly moved and deleted with the Cluster.
 			// This code assumes that Secret exists and that was validated before calling this function.
-			err := handlersutils.EnsureOwnerReferenceForSecret(
+			err := handlersutils.EnsureClusterOwnerReferenceForObject(
 				ctx,
 				c,
-				secretName,
+				&corev1.TypedLocalObjectReference{
+					Kind: "Secret",
+					Name: secretName,
+				},
 				cluster,
 			)
 			if err != nil {

pkg/handlers/utils/secrets.go

@@ -9,6 +9,8 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/controllers/remote"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
@@ -64,30 +66,61 @@ func CopySecretToRemoteCluster(
 	return nil
 }
 
-// EnsureOwnerReferenceForSecret will ensure that the secretName Secret has an OwnerReference of the cluster.
-func EnsureOwnerReferenceForSecret(
+// EnsureClusterOwnerReferenceForObject ensures that OwnerReference of the cluster is added on provided object.
+func EnsureClusterOwnerReferenceForObject(
 	ctx context.Context,
 	cl ctrlclient.Client,
-	secretName string,
+	objectRef *corev1.TypedLocalObjectReference,
 	cluster *clusterv1.Cluster,
 ) error {
-	secret, err := getSecretForCluster(ctx, cl, secretName, cluster)
+	targetObj, err := GetResourceFromTypedLocalObjectReference(
+		ctx,
+		cl,
+		objectRef,
+		cluster.Namespace,
+	)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to get object from TypedLocalObjectReference: %w", err)
 	}
 
-	err = controllerutil.SetOwnerReference(cluster, secret, cl.Scheme())
+	err = controllerutil.SetOwnerReference(cluster, targetObj, cl.Scheme())
 	if err != nil {
-		return fmt.Errorf("failed to set owner reference on Secret: %w", err)
+		return fmt.Errorf("failed to set cluster's owner reference on object: %w", err)
 	}
 
-	err = cl.Update(ctx, secret)
+	err = cl.Update(ctx, targetObj)
 	if err != nil {
-		return fmt.Errorf("failed to update Secret with owner references: %w", err)
+		return fmt.Errorf("failed to update object with cluster's owner reference: %w", err)
 	}
 	return nil
 }
 
+// GetResourceFromTypedLocalObjectReference gets the resource from the provided TypedLocalObjectReference.
+func GetResourceFromTypedLocalObjectReference(
+	ctx context.Context,
+	cl ctrlclient.Client,
+	objectRef *corev1.TypedLocalObjectReference,
+	ns string,
+) (*unstructured.Unstructured, error) {
+	targetObj := &unstructured.Unstructured{}
+
+	apiVersion := corev1.SchemeGroupVersion.String()
+	if objectRef.APIGroup != nil {
+		apiVersion = *objectRef.APIGroup
+	}
+
+	targetObj.SetGroupVersionKind(schema.FromAPIVersionAndKind(apiVersion, objectRef.Kind))
+	err := cl.Get(ctx, ctrlclient.ObjectKey{
+		Namespace: ns,
+		Name:      objectRef.Name,
+	}, targetObj)
+	if err != nil {
+		return nil, err
+	}
+
+	return targetObj, nil
+}
+
 func getSecretForCluster(
 	ctx context.Context,
 	c ctrlclient.Client,

pkg/handlers/utils/secrets_test.go

@@ -104,10 +104,13 @@ func Test_EnsureOwnerReferenceForSecret(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 
-			err := EnsureOwnerReferenceForSecret(
+			err := EnsureClusterOwnerReferenceForObject(
 				context.Background(),
 				tt.client,
-				tt.secretName,
+				&corev1.TypedLocalObjectReference{
+					Kind: "Secret",
+					Name: tt.secretName,
+				},
 				tt.cluster,
 			)
 			require.Equal(t, tt.wantErr, err)