From eb42e0e6168f2e64be7eab5c65077d8b88b50e3c Mon Sep 17 00:00:00 2001
From: Andrei Kvapil <kvapss@gmail.com>
Date: Mon, 5 Feb 2024 00:00:12 +0100
Subject: [PATCH] feat: allow overriding secretKey for kubeconfig

During reconciliation, the control plane provider copies the content from the secret provided by
Kamaji, named <cluster>-admin-kubeconfig, into a generic Cluster API secret, <cluster>-kubeconfig,
which can then be used by the bootstrap provider and other cluster components.

This change introduces a new annotation, kamaji.clastix.io/kubeconfig-secret-key, for the
KamajiControlPlane resource. This annotation instructs the control plane provider to read the
kubeconfig from a specific key (the default one is admin.conf).

Example:

```
kamaji.clastix.io/kubeconfig-secret-key: admin.svc
```

This will instruct the system to use `admin.svc` a kubeconfig with a local service FQDN
(introduced by https://github.com/clastix/kamaji/pull/403).

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
---
 controllers/kamajicontrolplane_controller_resources.go |  9 +++++++--
 controllers/kamajicontrolplane_controller_tcp.go       | 10 ++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/controllers/kamajicontrolplane_controller_resources.go b/controllers/kamajicontrolplane_controller_resources.go
index 5746e05..7004c5a 100644
--- a/controllers/kamajicontrolplane_controller_resources.go
+++ b/controllers/kamajicontrolplane_controller_resources.go
@@ -131,7 +131,7 @@ func (r *KamajiControlPlaneReconciler) createOrUpdateKubeconfig(ctx context.Cont
 	kamajiAdminKubeconfig.Namespace = tcp.Namespace
 
 	if err := r.client.Get(ctx, types.NamespacedName{Name: kamajiAdminKubeconfig.Name, Namespace: kamajiAdminKubeconfig.Namespace}, kamajiAdminKubeconfig); err != nil {
-		return errors.Wrap(err, "cannot retrieve source-of-truth for admin kubecofig")
+		return errors.Wrap(err, "cannot retrieve source-of-truth for admin kubeconfig")
 	}
 
 	err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
@@ -147,7 +147,12 @@ func (r *KamajiControlPlaneReconciler) createOrUpdateKubeconfig(ctx context.Cont
 			labels["kamaji.clastix.io/cluster"] = cluster.Name
 			labels["kamaji.clastix.io/tcp"] = tcp.Name
 
-			value, ok := kamajiAdminKubeconfig.Data["admin.conf"]
+			secretKey := "admin.conf"
+			if v, ok := kcp.GetAnnotations()[kamajiv1alpha1.KubeconfigSecretKeyAnnotation]; ok && v != "" {
+				secretKey = v
+			}
+
+			value, ok := kamajiAdminKubeconfig.Data[secretKey]
 			if !ok {
 				return errors.New("missing key from *kamajiv1alpha1.TenantControlPlane admin kubeconfig secret")
 			}
diff --git a/controllers/kamajicontrolplane_controller_tcp.go b/controllers/kamajicontrolplane_controller_tcp.go
index f570f52..1910b1c 100644
--- a/controllers/kamajicontrolplane_controller_tcp.go
+++ b/controllers/kamajicontrolplane_controller_tcp.go
@@ -24,6 +24,16 @@ func (r *KamajiControlPlaneReconciler) createOrUpdateTenantControlPlane(ctx cont
 	tcp.Name = kcp.GetName()
 	tcp.Namespace = kcp.GetNamespace()
 
+	if tcp.Annotations == nil {
+		tcp.Annotations = make(map[string]string)
+	}
+
+	if kubeconfigSecretKey := kcp.Annotations[kamajiv1alpha1.KubeconfigSecretKeyAnnotation]; kubeconfigSecretKey != "" {
+		tcp.Annotations[kamajiv1alpha1.KubeconfigSecretKeyAnnotation] = kubeconfigSecretKey
+	} else {
+		delete(tcp.Annotations, kamajiv1alpha1.KubeconfigSecretKeyAnnotation)
+	}
+
 	err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
 		_, scopeErr := controllerutil.CreateOrUpdate(ctx, r.client, tcp, func() error {
 			// TenantControlPlane port