Move over to controller-runtime over doing it ourselves

Author: davidcollom

Dockerfile

@@ -3,7 +3,7 @@ FROM --platform=$BUILDPLATFORM golang:1.24-alpine AS builder
 COPY . /app/
 WORKDIR /app/
 
-RUN go mod download
+RUN go mod download -x
 
 ARG TARGETOS TARGETARCH
 RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o ./bin/version-checker ./cmd/.

cmd/app/app.go

@@ -3,20 +3,27 @@ package app
 import (
 	"context"
 	"fmt"
+	"net/http"
 
+	logrusr "github.com/bombsimon/logrusr/v4"
 	"github.com/sirupsen/logrus"
+
 	"github.com/spf13/cobra"
 
 	"github.com/go-chi/transport"
 	"github.com/hashicorp/go-cleanhttp"
 
-	"k8s.io/client-go/kubernetes"
 	_ "k8s.io/client-go/plugin/pkg/client/auth" // Load all auth plugins
 
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
+	ctrmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
+
 	"github.com/jetstack/version-checker/pkg/api"
 	"github.com/jetstack/version-checker/pkg/client"
 	"github.com/jetstack/version-checker/pkg/controller"
 	"github.com/jetstack/version-checker/pkg/metrics"
+	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 )
 
 const (
@@ -33,55 +40,92 @@ func NewCommand(ctx context.Context) *cobra.Command {
 		RunE: func(_ *cobra.Command, _ []string) error {
 			opts.complete()
 
-			logLevel, err := logrus.ParseLevel(opts.LogLevel)
-			if err != nil {
-				return fmt.Errorf("failed to parse --log-level %q: %s",
-					opts.LogLevel, err)
+			log := logrus.New().WithField("component", "controller")
+
+			defaultTestAllInfoMsg := fmt.Sprintf(`only containers with the annotation "%s/${my-container}=true" will be parsed`, api.EnableAnnotationKey)
+			if opts.DefaultTestAll {
+				defaultTestAllInfoMsg = fmt.Sprintf(`all containers will be tested, unless they have the annotation "%s/${my-container}=false"`, api.EnableAnnotationKey)
 			}
-			log := newLogger(logLevel)
 
 			restConfig, err := opts.kubeConfigFlags.ToRESTConfig()
 			if err != nil {
 				return fmt.Errorf("failed to build kubernetes rest config: %s", err)
 			}
 
-			kubeClient, err := kubernetes.NewForConfig(restConfig)
+			log.Infof("flag --test-all-containers=%t %s", opts.DefaultTestAll, defaultTestAllInfoMsg)
+
+			mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
+				Logger:         logrusr.New(log.WithField("controller", "manager").Logger),
+				LeaderElection: false,
+				// TODO: See if we can get newer/better solution
+				Metrics: server.Options{
+					BindAddress:   opts.MetricsServingAddress,
+					SecureServing: false,
+				},
+				GracefulShutdownTimeout: &opts.GracefulShutdownTimeout,
+				Cache:                   cache.Options{SyncPeriod: &opts.CacheSyncPeriod},
+			})
 			if err != nil {
-				return fmt.Errorf("failed to build kubernetes client: %s", err)
+				return err
+			}
+
+			// Liveness probe
+			if err := mgr.AddMetricsServerExtraHandler("/healthz",
+				http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+					w.WriteHeader(http.StatusOK)
+					_, _ = w.Write([]byte("ok"))
+				})); err != nil {
+				log.Fatal("Unable to set up health check:", err)
 			}
 
-			metricsServer := metrics.NewServer(log)
-			if err := metricsServer.Run(opts.MetricsServingAddress); err != nil {
-				return fmt.Errorf("failed to start metrics server: %s", err)
+			// Readiness probe
+			if err := mgr.AddMetricsServerExtraHandler("/readyz",
+				http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+					if mgr.GetCache().WaitForCacheSync(context.Background()) {
+						w.WriteHeader(http.StatusOK)
+						_, _ = w.Write([]byte("ready"))
+					} else {
+						http.Error(w, "cache not synced", http.StatusServiceUnavailable)
+					}
+				}),
+			); err != nil {
+				log.Fatal("Unable to set up ready check:", err)
 			}
 
+			metricsServer := metrics.New(log, ctrmetrics.Registry)
+
 			opts.Client.Transport = transport.Chain(
 				cleanhttp.DefaultTransport(),
 				metricsServer.RoundTripper,
 			)
 
+			// nodeController := controller.NewNodeReconciler(log, mgr.GetClient())
+			// if err := nodeController.SetupWithManager(mgr); err != nil {
+			// }
+
 			client, err := client.New(ctx, log, opts.Client)
 			if err != nil {
 				return fmt.Errorf("failed to setup image registry clients: %s", err)
 			}
 
-			defer func() {
-				if err := metricsServer.Shutdown(); err != nil {
-					log.Error(err)
-				}
-			}()
+			c := controller.NewPodReconciler(opts.CacheTimeout,
+				metricsServer,
+				client,
+				mgr.GetClient(),
+				log,
+				opts.DefaultTestAll,
+			)
 
-			defaultTestAllInfoMsg := fmt.Sprintf(`only containers with the annotation "%s/${my-container}=true" will be parsed`, api.EnableAnnotationKey)
-			if opts.DefaultTestAll {
-				defaultTestAllInfoMsg = fmt.Sprintf(`all containers will be tested, unless they have the annotation "%s/${my-container}=false"`, api.EnableAnnotationKey)
+			if err := c.SetupWithManager(mgr); err != nil {
+				return err
 			}
 
-			log.Infof("flag --test-all-containers=%t %s", opts.DefaultTestAll, defaultTestAllInfoMsg)
-
-			c := controller.New(opts.CacheTimeout, metricsServer,
-				client, kubeClient, log, opts.DefaultTestAll)
-
-			return c.Run(ctx, opts.CacheTimeout/2)
+			// Start the manager and all controllers
+			log.Info("Starting controller manager")
+			if err := mgr.Start(ctx); err != nil {
+				return err
+			}
+			return nil
 		},
 	}
 

cmd/app/helpers.go

@@ -22,30 +22,30 @@ const (
 	envPrefix = "VERSION_CHECKER"
 
 	envACRUsername     = "ACR_USERNAME"
-	envACRPassword     = "ACR_PASSWORD"
-	envACRRefreshToken = "ACR_REFRESH_TOKEN"
+	envACRPassword     = "ACR_PASSWORD"      // #nosec G101
+	envACRRefreshToken = "ACR_REFRESH_TOKEN" // #nosec G101
 
 	envDockerUsername = "DOCKER_USERNAME"
-	envDockerPassword = "DOCKER_PASSWORD"
-	envDockerToken    = "DOCKER_TOKEN"
+	envDockerPassword = "DOCKER_PASSWORD" // #nosec G101
+	envDockerToken    = "DOCKER_TOKEN"    // #nosec G101
 
 	envECRIamRoleArn      = "ECR_IAM_ROLE_ARN"
-	envECRAccessKeyID     = "ECR_ACCESS_KEY_ID"
-	envECRSecretAccessKey = "ECR_SECRET_ACCESS_KEY"
-	envECRSessionToken    = "ECR_SESSION_TOKEN"
+	envECRAccessKeyID     = "ECR_ACCESS_KEY_ID"     // #nosec G101
+	envECRSecretAccessKey = "ECR_SECRET_ACCESS_KEY" // #nosec G101
+	envECRSessionToken    = "ECR_SESSION_TOKEN"     // #nosec G101
 
-	envGCRAccessToken = "GCR_TOKEN"
+	envGCRAccessToken = "GCR_TOKEN" // #nosec G101
 
-	envGHCRAccessToken = "GHCR_TOKEN"
+	envGHCRAccessToken = "GHCR_TOKEN" // #nosec G101
 	envGHCRHostname    = "GHCR_HOSTNAME"
 
-	envQuayToken = "QUAY_TOKEN"
+	envQuayToken = "QUAY_TOKEN" // #nosec G101
 
 	envSelfhostedPrefix    = "SELFHOSTED"
 	envSelfhostedUsername  = "USERNAME"
 	envSelfhostedPassword  = "PASSWORD"
 	envSelfhostedHost      = "HOST"
-	envSelfhostedBearer    = "TOKEN"
+	envSelfhostedBearer    = "TOKEN" // #nosec G101
 	envSelfhostedTokenPath = "TOKEN_PATH"
 	envSelfhostedInsecure  = "INSECURE"
 	envSelfhostedCAPath    = "CA_PATH"
@@ -68,6 +68,9 @@ type Options struct {
 	CacheTimeout          time.Duration
 	LogLevel              string
 
+	GracefulShutdownTimeout time.Duration
+	CacheSyncPeriod         time.Duration
+
 	kubeConfigFlags *genericclioptions.ConfigFlags
 	selfhosted      selfhosted.Options
 
@@ -118,6 +121,14 @@ func (o *Options) addAppFlags(fs *pflag.FlagSet) {
 	fs.StringVarP(&o.LogLevel,
 		"log-level", "v", "info",
 		"Log level (debug, info, warn, error, fatal, panic).")
+
+	fs.DurationVarP(&o.GracefulShutdownTimeout,
+		"graceful-shutdown-timeout", "", 10*time.Second,
+		"Time that the manager should wait for all controller to shutdown.")
+
+	fs.DurationVarP(&o.CacheSyncPeriod,
+		"cache-sync-period", "", 5*time.Hour,
+		"The time in which all resources should be updated.")
 }
 
 func (o *Options) addAuthFlags(fs *pflag.FlagSet) {

cmd/app/options.go

@@ -170,8 +170,9 @@ func TestComplete(t *testing.T) {
 
 	for name, test := range tests {
 		t.Run(name, func(t *testing.T) {
+			os.Clearenv()
 			for _, env := range test.envs {
-				os.Setenv(env[0], env[1])
+				t.Setenv(env[0], env[1])
 			}
 			o := new(Options)
 			o.complete()

cmd/app/options_test.go

@@ -28,48 +28,62 @@ require (
 )
 
 require (
-	github.com/aws/aws-sdk-go-v2/config v1.29.9
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.62
+	github.com/aws/aws-sdk-go-v2/config v1.29.11
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.64
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.43.0
+	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/go-chi/transport v0.5.0
+	github.com/go-logr/logr v1.4.2
 	github.com/gofri/go-github-ratelimit v1.1.1
 	github.com/google/go-cmp v0.7.0
 	github.com/google/go-containerregistry v0.20.3
+	github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20250225234217-098045d5e61f
 	github.com/google/go-github/v70 v70.0.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/jarcoal/httpmock v1.3.1
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/stretchr/testify v1.10.0
+	go.uber.org/goleak v1.3.0
+	sigs.k8s.io/controller-runtime v0.20.4
 )
 
 require (
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.7 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.1 // indirect
 	github.com/Azure/go-autorest/logger v0.2.2 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.1 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.32.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect
 	github.com/aws/smithy-go v1.22.3 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/cli v28.0.2+incompatible // indirect
+	github.com/dimchansky/utfbom v1.1.1 // indirect
+	github.com/docker/cli v28.0.4+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.9.3 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-errors/errors v1.5.1 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.1 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
@@ -78,6 +92,7 @@ require (
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
+	github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20250225234217-098045d5e61f // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -114,11 +129,12 @@ require (
 	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gotest.tools/v3 v3.1.0 // indirect
+	k8s.io/apiextensions-apiserver v0.32.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect