let etcdclient use GetRESTConfigFromSecret to get kubeconfig

qliang · qliang · commit 4df4094f796d · 2025-06-25T06:09:12.000Z
diff --git a/controllers/clustercache/cluster_accessor.go b/controllers/clustercache/cluster_accessor.go
@@ -414,6 +414,19 @@ func (ca *clusterAccessor) GetRESTConfig(ctx context.Context) (*rest.Config, err
 	return ca.lockedState.connection.restConfig, nil
 }
 
+func (ca *clusterAccessor) GetRESTConfigFromSecret(ctx context.Context) (*rest.Config, error) {
+	ca.rLock(ctx)
+	defer ca.rUnlock(ctx)
+
+	log := ctrl.LoggerFrom(ctx)
+	log.V(6).Info("Creating REST config")
+	restConfig, err := createRESTConfig(ctx, ca.config.Client, ca.config.SecretClient, ca.cluster)
+	if err != nil {
+		return nil, err
+	}
+	return restConfig, nil
+}
+
 func (ca *clusterAccessor) GetClientCertificatePrivateKey(ctx context.Context) *rsa.PrivateKey {
 	ca.rLock(ctx)
 	defer ca.rUnlock(ctx)
diff --git a/controllers/clustercache/cluster_cache.go b/controllers/clustercache/cluster_cache.go
@@ -137,6 +137,10 @@ type ClusterCache interface {
 	// If there is no connection to the workload cluster ErrClusterNotConnected will be returned.
 	GetRESTConfig(ctx context.Context, cluster client.ObjectKey) (*rest.Config, error)
 
+	// GetRESTConfigFromSecret returns a REST config for the given cluster.
+	// It reads the REST config from kubeconfig secret directly.
+	GetRESTConfigFromSecret(ctx context.Context, cluster client.ObjectKey) (*rest.Config, error)
+
 	// GetClientCertificatePrivateKey returns a private key that is generated once for a cluster
 	// and can then be used to generate client certificates. This is e.g. used in KCP to generate a client
 	// cert to communicate with etcd.
@@ -384,6 +388,14 @@ func (cc *clusterCache) GetRESTConfig(ctx context.Context, cluster client.Object
 	return accessor.GetRESTConfig(ctx)
 }
 
+func (cc *clusterCache) GetRESTConfigFromSecret(ctx context.Context, cluster client.ObjectKey) (*rest.Config, error) {
+	accessor := cc.getClusterAccessor(cluster)
+	if accessor == nil {
+		return nil, errors.Wrapf(ErrClusterNotConnected, "error getting REST config")
+	}
+	return accessor.GetRESTConfigFromSecret(ctx)
+}
+
 func (cc *clusterCache) GetClientCertificatePrivateKey(ctx context.Context, cluster client.ObjectKey) (*rsa.PrivateKey, error) {
 	accessor := cc.getClusterAccessor(cluster)
 	if accessor == nil {
diff --git a/controlplane/kubeadm/internal/cluster.go b/controlplane/kubeadm/internal/cluster.go
@@ -99,7 +99,7 @@ func (m *Management) GetMachinePoolsForCluster(ctx context.Context, cluster *clu
 func (m *Management) GetWorkloadCluster(ctx context.Context, clusterKey client.ObjectKey) (WorkloadCluster, error) {
 	// TODO(chuckha): Inject this dependency.
 	// TODO(chuckha): memoize this function. The workload client only exists as long as a reconciliation loop.
-	restConfig, err := m.ClusterCache.GetRESTConfig(ctx, clusterKey)
+	restConfig, err := m.ClusterCache.GetRESTConfigFromSecret(ctx, clusterKey)
 	if err != nil {
 		return nil, &RemoteClusterConnectionError{Name: clusterKey.String(), Err: err}
 	}

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ func (m Management) GetMachinePoolsForCluster(ctx context.Context, cluster clu`
`99`	`99`	`func (m *Management) GetWorkloadCluster(ctx context.Context, clusterKey client.ObjectKey) (WorkloadCluster, error) {`
`100`	`100`	`// TODO(chuckha): Inject this dependency.`
`101`	`101`	`// TODO(chuckha): memoize this function. The workload client only exists as long as a reconciliation loop.`
`102`		`- restConfig, err := m.ClusterCache.GetRESTConfig(ctx, clusterKey)`
	`102`	`+ restConfig, err := m.ClusterCache.GetRESTConfigFromSecret(ctx, clusterKey)`
`103`	`103`	`if err != nil {`
`104`	`104`	`return nil, &RemoteClusterConnectionError{Name: clusterKey.String(), Err: err}`
`105`	`105`	`}`