feat: Replace cli-utils (#516)

* init global watcher

* add watch interface

* example

* add cleanup

* add resources

* add store interface

* add map store

* add synchronizers with supervisor and store

* add status

* add initial applier

* add to delete

* task runner

* feat(applier): enhance service reconciliation with dynamic client and store integration

* fixes

* fixes

* add db store storage and options

* update store interface

* add database store

* feat(store): add SaveComponentAttributes method and refactor component saving logic

* add filters

* add SHA mechanism

* update store interface

* add interface docs

* refactor store package

* fix global store

* fix filters

* add metrics to cache filter

* fix global store

* add missing check to cache filter

* add initial test for cache filter

* refactor filters

* refactor tests

* feat(wave-processor): enhance logging and optimize concurrent applies

* feat(applier): add resource filtering and improve wave processing with enhanced logging and options

* refactor(applier): remove debug logging for resource filtering

* refactor tests

* add todo

* feat: enhance resource application logic and add TODOs for future improvements

* feat(applier): add dry run support base for apply operations

* refactor

* refactor component state

* minor perf improvement

* refactor

* refactor

* refactor: enhance logging and improve resource application handling

* refactor(discovery): streamline discovery cache implementation and improve service mesh handling

* feat(discovery): add discovery cache management and refresh interval configuration

* refactor(logging): enhance log levels and messages across services, remove unused code, streamline discovery cache usage, and improve synchronizers with supervisor to properly wait for initial cache sync

* fix: merge conflicts

* fix(controller): correct variable assignment in poller function

* refactor: add better support for discovery cache events, fix service mesh logic on deletion, add retry logic to cache gvr mapping

* refactor: add better support for discovery cache events, fix service mesh logic on deletion, add retry logic to cache gvr mapping, fix applier error propagation to console

* fix after merge

* fix after merge

* prevent destroy CRD

* delete CRD from cache

* update onDelete wave

* refactor: standardize lifecycle annotations, improve deletion logic and add dry run support

* Add proper cache expiration for database store

* fix(db_queries): update uid uniqueness constraint and modify conflict resolution

* fix(db_queries): update WHERE clause to use datetime function for updated_at

* fix after rebase

* Handle cache miss on status gathering and get from API w/ cache fill

* Add support for delay between applying resource waves

* refactor: improve logging and synchronization in various components

* feat(store): add configurable storage options and cleaner intervals

* feat(args): introduce jitter factor and supervisor options for enhanced control

* refactor(args): update default store storage to string and improve logging

* docs: improve function documentation

* fix service reconciler test

* fix(tests): update and skip some failing tests

* refactor: make fix

* test: skip failing CRD and MetricsAggregate tests, update cache initialization

* fix TestCacheFilter

* feat: enhance resource management with service ID tracking and logging improvements

* feat(wave): send component attributes to channel when resource is already managed

* fix(wave): set resource UID when already managed by another service

* fix unit tests

* cleanup

* fix some linters

* fix TODO refactor

* fix(wave, db_store): force apply resources and handle pod deletion errors

* refactor service

* remove unused files

* remove old applier

* feat(synchronizer): add initial resync implementation

* chore: update golangci-lint version and enable experimental greenteagc

* calculate component sha on save and save skipped components in store

* add delete components func to store

* delete components on synchronizer stop

* cache gvr to gvk mapping

* finish kindfor implementation

* fix lint

* feat(metrics): add synchronization event metrics and update applier options

* update golangci-lint

* feat: add supervisor option to ServiceReconciler and update related components

* fix(synchronizer): handle error events in watch synchronization

* chore: remove unused code

* chore: update Go version to 1.25 and bump alpine version in Dockerfile

* refactor(supervisor): improve cache sync timeout error message and remove os.Exit

* update dependencies

* fix linter

* fix nolint

* refactor(applier): enhance filter engine with named filters and dry run support

* remove cli-utils

* fix linter

* add unit tests

* add unit tests

* refactor(crd_controller): remove unused label check in discovery cache update

* add unit tests

* add unit tests

* add unit tests

* update unit tests

* update unit tests

* refactor: update applier initialization and improve cache filter function

* fix lua health status

* test(filter-engine): update filter addition to include names for clarity

* fix conditions conversion

* refactor(store): update component deletion to use StoreKey instead of UID

* test: update filter engine tests and add store key creation options

* refactor(e2e): comment out cache tests and update dependencies

* fix: lint

* fix bug with crd service id

* refactor: change svcQueue to svcQueueGetter in socketPublisher

* refresh rest mapper

* fix(wave-processor): allow taking over resource when service no longer exists

* detect new crds outside services

* fix cyclic dependency

* refactor: update reconciler functions to use RESTMapper and Kubernetes client interface

* refactor(reconciler): streamline ServiceReconciler initialization

* feat(discovery): add MaybeResetRESTMapper method to reset RESTMapper for CRDs

* remove empty

* bump API go client

* fix(crd_controller): conditionally update DiscoveryCache based on Served status

* fix(wave): add warning flag to service error attributes

* fix: unit tests

* refactor(discovery-cache): simplify cache refresh logic

* fix: lint

* fix: fix pinger store integration and improve runtime services logging

* fix(ping): update New function signature to include additional parameter

* bump console go client

* update pr template

* update pr template

* wait for CRD deployment

* fix linter

* fix wait for crd

* check CRD object list

* fix wait for crd

* wait fo CRD

* create client

* remove wait for CRD wave

* change defaultApplierWaveDelay to 200ms

* chore: add wave processing options for max concurrent applies and dequeue delay and refactor code

* try to fix the namespace error

* revert

* refactor(wave, supervisor): improve logging and streamline resource management

* fix unit test

* linter

* refactor(supervisor): improve supervisor management and synchronization logic

* refactor(supervisor): improve channel handling and add buffer for resource registration

* fix helm race condition

* fix race condition

* feat(kubernetes): enhance watch error handling and improve logging verbosity

* fix: deadlock between supervisor, discovery cache and synchronizer

* linter

* fix null pointer

* refactor: improve concurrency handling and cleanup in Kubernetes controllers

* fix: remove unused time import

* fix(discovery): improve error handling and logging in discovery manager

* improve WaitForCacheSync counter

* feat(supervisor): implement batch saving of components and improve cache sync error logging

* linter

* refactor(logging): improve log messages and remove unused ticker

* add TestComponentCache_SaveComponents

* fix(docker): update golang base image to 1.25-alpine3.22

* fix: lint

* bump fips image v1.25.1

* disable harness fips arm

* feat(metrics): add ResourceCacheWatchRemove method for metrics tracking

* remove unused file

* revert platform: linux/arm64

* remove unused file

* update go fips image

* feat(metrics): add ResourceCacheWatchRemove method for metrics tracking

* refactor(controller): simplify error handling in reconciler logic

* fix: avoid using multiple connections for db store SaveComponents

* fix(synchronizer): improve locking mechanism in Stop method

* fix(discoverycache): update logging level and make notifications asynchronous to avoid situations where callback code calls back discovery cache and results in deadlock

* fix(helm): use both gv and gvk to build APIVersions set for helm templating

* fix dependents deletion

* add `metrics.k8s.io/v1beta1` to non-watchable resources

---------

Co-authored-by: Marcin Maciaszczyk <[email protected]>
Co-authored-by: Sebastian Florek <[email protected]>

Author: 3 people

.github/PULL_REQUEST_TEMPLATE.md

@@ -17,9 +17,20 @@ Test environment: https://console.your-env.onplural.sh/
 
 - [ ] I have added a meaningful title and summary to convey the impact of this PR to a user.
 - [ ] I have deployed the agent to a test environment and verified that it works as expected.
-    - [ ] Agent started successfully.
-    - [ ] Logs are clean and do not contain errors.
-    - [ ] Component trees are working as expected.
+    - [ ] Agent starts successfully.
+    - [ ] Service creation works without any issues when using raw manifests and Helm templates.
+    - [ ] Service creation works when resources contain both CRD and CRD instances.
+    - [ ] Service templating works correctly.
+    - [ ] Service errors are reported properly and visible in the UI.
+    - [ ] Service updates are reflected properly in the cluster.
+    - [ ] Service resync triggers immediately and works as expected.
+    - [ ] Service deletion works and cleanups resources properly.
+    - [ ] Services can be recreated after deletion.
+    - [ ] Service detachment works and keeps resources unaffected.
+    - [ ] Services can be recreated after detachment.
+    - [ ] Service component trees are working as expected.
+    - [ ] Cluster health statuses are being updated.
+    - [ ] Agent logs do not contain any errors.
 - [ ] I have added tests to cover my changes.
 - [ ] If required, I have updated the Plural documentation accordingly.
 

.github/workflows/ci.yaml

@@ -40,9 +40,9 @@ jobs:
         with:
           go-version-file: go.mod
           check-latest: true
-      - uses: golangci/golangci-lint-action@v7.0.0
+      - uses: golangci/golangci-lint-action@v8.0.0
         with:
-          version: v2.1.2
+          version: v2.4.0
   build-image:
     name: Build image
     needs: [build, test]

.github/workflows/e2e.yaml

@@ -60,6 +60,6 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           build-args: |
-            GO_FIPS_IMAGE_REPO=ghcr.io/pluralsh/go-fips
-            GO_FIPS_IMAGE_TAG=1.23.2
+            GO_FIPS_IMAGE_REPO=ghcr.io/pluralsh/fips/go-fips
+            GO_FIPS_IMAGE_TAG=1.25.1
 

.github/workflows/publish-fips.yaml

@@ -73,8 +73,8 @@ jobs:
         cache-to: type=gha,mode=max
         build-args: |
           VERSION=${{ steps.meta.outputs.version }}
-          GO_FIPS_IMAGE_REPO=ghcr.io/pluralsh/go-fips
-          GO_FIPS_IMAGE_TAG=1.23.2
+          GO_FIPS_IMAGE_REPO=ghcr.io/pluralsh/fips/go-fips
+          GO_FIPS_IMAGE_TAG=1.25.1
     - name: Export digest
       run: |
         mkdir -p ${{ runner.temp }}/digests
@@ -205,5 +205,5 @@ jobs:
           PYTHON_VERSION=${{ matrix.versions.python }}
           HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base
           HARNESS_BASE_IMAGE_TAG=${{ needs.publish-base-image.outputs.version }}
-          GO_FIPS_IMAGE_REPO=ghcr.io/pluralsh/go-fips
-          GO_FIPS_IMAGE_TAG=1.23.2
+          GO_FIPS_IMAGE_REPO=ghcr.io/pluralsh/fips/go-fips
+          GO_FIPS_IMAGE_TAG=1.25.1

.github/workflows/publish-harness-fips.yaml

@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine3.21 AS builder
+FROM golang:1.25-alpine3.22 AS builder
 
 ARG HELM_VERSION=v3.17.3
 ARG TARGETARCH
@@ -21,7 +21,7 @@ COPY /api api/
 COPY /internal internal/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -a -o deployment-agent cmd/agent/*.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on GOEXPERIMENT=greenteagc go build -a -o deployment-agent cmd/agent/*.go
 
 # Get helm binary for kustomize helm inflate to work
 RUN curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xz && \

Dockerfile

@@ -4,16 +4,21 @@ import (
 	"os"
 	"time"
 
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/kubernetes"
 
 	"github.com/pluralsh/deployment-operator/cmd/agent/args"
 	"github.com/pluralsh/deployment-operator/internal/utils"
+	discoverycache "github.com/pluralsh/deployment-operator/pkg/cache/discovery"
 	"github.com/pluralsh/deployment-operator/pkg/client"
 	consolectrl "github.com/pluralsh/deployment-operator/pkg/controller"
 	"github.com/pluralsh/deployment-operator/pkg/controller/stacks"
 	v1 "github.com/pluralsh/deployment-operator/pkg/controller/v1"
+	"github.com/pluralsh/deployment-operator/pkg/streamline"
+	"github.com/pluralsh/deployment-operator/pkg/streamline/store"
 
-	"k8s.io/client-go/rest"
 	ctrclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/pluralsh/deployment-operator/pkg/controller/namespaces"
@@ -47,18 +52,43 @@ const (
 
 func registerConsoleReconcilersOrDie(
 	mgr *consolectrl.Manager,
-	config *rest.Config,
+	mapper meta.RESTMapper,
+	clientSet kubernetes.Interface,
 	k8sClient ctrclient.Client,
+	dynamicClient dynamic.Interface,
+	store store.Store,
 	scheme *runtime.Scheme,
 	consoleClient client.Client,
+	supervisor *streamline.Supervisor,
+	discoveryCache discoverycache.Cache,
 ) {
 	mgr.AddReconcilerOrDie(service.Identifier, func() (v1.Reconciler, error) {
-		r, err := service.NewServiceReconciler(consoleClient, k8sClient, config, args.ControllerCacheTTL(), args.ManifestCacheTTL(), args.ManifestCacheJitter(), args.WorkqueueBaseDelay(), args.WorkqueueMaxDelay(), args.PollInterval(), args.RestoreNamespace(), args.ConsoleUrl(), args.WorkqueueQPS(), args.WorkqueueBurst())
+		r, err := service.NewServiceReconciler(consoleClient,
+			k8sClient,
+			mapper,
+			clientSet,
+			dynamicClient,
+			discoveryCache,
+			store,
+			service.WithRefresh(args.ControllerCacheTTL()),
+			service.WithManifestTTL(args.ManifestCacheTTL()),
+			service.WithManifestTTLJitter(args.ManifestCacheJitter()),
+			service.WithWorkqueueBaseDelay(args.WorkqueueBaseDelay()),
+			service.WithWorkqueueMaxDelay(args.WorkqueueMaxDelay()),
+			service.WithWorkqueueQPS(args.WorkqueueQPS()),
+			service.WithWorkqueueBurst(args.WorkqueueBurst()),
+			service.WithRestoreNamespace(args.RestoreNamespace()),
+			service.WithConsoleURL(args.ConsoleUrl()),
+			service.WithPollInterval(args.PollInterval()),
+			service.WithWaveDelay(args.ApplierWaveDelay()),
+			service.WithWaveDeQueueDelay(args.WaveDeQueueDelay()),
+			service.WithWaveMaxConcurrentApplies(args.WaveMaxConcurrentApplies()),
+			service.WithSupervisor(supervisor))
 		return r, err
 	})
 
 	mgr.AddReconcilerOrDie(pipelinegates.Identifier, func() (v1.Reconciler, error) {
-		r, err := pipelinegates.NewGateReconciler(consoleClient, k8sClient, config, args.PipelineGatesInterval())
+		r, err := pipelinegates.NewGateReconciler(consoleClient, k8sClient, args.PipelineGatesInterval())
 		return r, err
 	})
 

cmd/agent/args/args.go

@@ -7,7 +7,6 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
-	"time"
 
 	trivy "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1"
 	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts"
@@ -16,12 +15,15 @@ import (
 	cmap "github.com/orcaman/concurrent-map/v2"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	velerov1 "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+	clientgocache "k8s.io/client-go/tools/cache"
 	ctrl "sigs.k8s.io/controller-runtime"
+	crcache "sigs.k8s.io/controller-runtime/pkg/cache"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -30,13 +32,12 @@ import (
 	"github.com/pluralsh/deployment-operator/cmd/agent/args"
 	"github.com/pluralsh/deployment-operator/internal/controller"
 	"github.com/pluralsh/deployment-operator/pkg/cache"
+	discoverycache "github.com/pluralsh/deployment-operator/pkg/cache/discovery"
 	consoleclient "github.com/pluralsh/deployment-operator/pkg/client"
 	consolectrl "github.com/pluralsh/deployment-operator/pkg/controller"
 	"github.com/pluralsh/deployment-operator/pkg/controller/service"
 )
 
-const serviceIDCacheExpiry = 12 * time.Hour
-
 func emptyDiskHealthCheck(_ *http.Request) error {
 	testFile := filepath.Join("/tmp", "healthcheck.tmp")
 	data := []byte("ok")
@@ -48,11 +49,22 @@ func emptyDiskHealthCheck(_ *http.Request) error {
 }
 
 func initKubeManagerOrDie(config *rest.Config) manager.Manager {
+	watchErrHandler := func(ctx context.Context, r *clientgocache.Reflector, err error) {
+		switch {
+		case apierrors.IsNotFound(err), apierrors.IsGone(err), meta.IsNoMatchError(err):
+			setupLog.V(2).Error(err, "ignoring watch error for removed resource")
+			return
+		default:
+			clientgocache.DefaultWatchErrorHandler(ctx, r, err)
+		}
+	}
+
 	mgr, err := ctrl.NewManager(config, ctrl.Options{
 		NewClient:              ctrlclient.New, // client reads directly from the API server
 		Logger:                 setupLog,
 		Scheme:                 scheme,
 		LeaderElection:         args.EnableLeaderElection(),
+		Cache:                  crcache.Options{DefaultWatchErrorHandler: watchErrHandler},
 		LeaderElectionID:       "dep12loy45.plural.sh",
 		HealthProbeBindAddress: args.ProbeAddr(),
 		Metrics: server.Options{
@@ -83,7 +95,10 @@ func initKubeManagerOrDie(config *rest.Config) manager.Manager {
 	return mgr
 }
 
-func initKubeClientsOrDie(config *rest.Config) (rolloutsClient *roclientset.Clientset, dynamicClient *dynamic.DynamicClient, kubeClient *kubernetes.Clientset) {
+func initKubeClientsOrDie(config *rest.Config) (rolloutsClient *roclientset.Clientset,
+	dynamicClient *dynamic.DynamicClient,
+	kubeClient *kubernetes.Clientset,
+) {
 	rolloutsClient, err := roclientset.NewForConfig(config)
 	if err != nil {
 		setupLog.Error(err, "unable to create rollouts client")
@@ -111,7 +126,7 @@ func registerKubeReconcilersOrDie(
 	consoleManager *consolectrl.Manager,
 	config *rest.Config,
 	extConsoleClient consoleclient.Client,
-	discoveryClient discovery.DiscoveryInterface,
+	discoveryCache discoverycache.Cache,
 	enableKubecostProxy bool,
 ) {
 	rolloutsClient, dynamicClient, kubeClient := initKubeClientsOrDie(config)
@@ -184,6 +199,7 @@ func registerKubeReconcilersOrDie(
 		Scheme:           manager.GetScheme(),
 		ReconcilerGroups: reconcileGroups,
 		Mgr:              manager,
+		DiscoveryCache:   discoveryCache,
 	}).SetupWithManager(manager); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "CRDRegisterController")
 	}
@@ -227,15 +243,7 @@ func registerKubeReconcilersOrDie(
 		setupLog.Error(err, "unable to create controller", "controller", "UpgradeInsights")
 	}
 
-	statusController, err := controller.NewStatusReconciler(manager.GetClient())
-	if err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "StatusController")
-	}
-	if err := statusController.SetupWithManager(manager); err != nil {
-		setupLog.Error(err, "unable to setup controller", "controller", "StatusController")
-	}
-
-	if err = (&controller.PipelineGateReconciler{
+	if err := (&controller.PipelineGateReconciler{
 		Client:        manager.GetClient(),
 		ConsoleClient: consoleclient.New(args.ConsoleUrl(), args.DeployToken()),
 		Scheme:        manager.GetScheme(),
@@ -246,9 +254,9 @@ func registerKubeReconcilersOrDie(
 	}
 
 	if err := (&controller.MetricsAggregateReconciler{
-		Client:          manager.GetClient(),
-		Scheme:          manager.GetScheme(),
-		DiscoveryClient: discoveryClient,
+		Client:         manager.GetClient(),
+		Scheme:         manager.GetScheme(),
+		DiscoveryCache: discoveryCache,
 	}).SetupWithManager(ctx, manager); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "MetricsAggregate")
 	}
@@ -260,7 +268,7 @@ func registerKubeReconcilersOrDie(
 		ExtConsoleClient: extConsoleClient,
 		Tasks:            cmap.New[context.CancelFunc](),
 		Proxy:            enableKubecostProxy,
-		ServiceIDCache:   controller.NewServiceIDCache(serviceIDCacheExpiry),
+		ServiceIDCache:   controller.NewServiceIDCache(args.KubeCostExtractorCacheTTL()),
 	}).SetupWithManager(manager); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "MetricsAggregate")
 	}