WIP

Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>

Author: svghadi

cmd/main.go

@@ -28,8 +28,10 @@ import (
 	configv1 "github.com/openshift/api/config/v1"
 	routev1 "github.com/openshift/api/route/v1"
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
+	crclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -58,7 +60,10 @@ import (
 
 	v1alpha1 "github.com/argoproj-labs/argocd-operator/api/v1alpha1"
 	v1beta1 "github.com/argoproj-labs/argocd-operator/api/v1beta1"
+	wc "github.com/argoproj-labs/argocd-operator/pkg/clientwrapper"
 	"github.com/argoproj-labs/argocd-operator/version"
+	corev1 "k8s.io/api/core/v1"
+	toolscache "k8s.io/client-go/tools/cache"
 	//+kubebuilder:scaffold:imports
 )
 
@@ -179,6 +184,12 @@ func main() {
 		Controller: controllerconfig.Controller{
 			SkipNameValidation: &skipControllerNameValidation,
 		},
+		Cache: cache.Options{
+			Scheme: scheme,
+			ByObject: map[crclient.Object]cache.ByObject{
+				&corev1.Secret{}: {Transform: slimSecret()},
+			},
+		},
 	}
 
 	if watchedNsCache := getDefaultWatchedNamespacesCacheOptions(); watchedNsCache != nil {
@@ -193,6 +204,10 @@ func main() {
 		os.Exit(1)
 	}
 
+	liveClient, err := crclient.New(ctrl.GetConfigOrDie(), crclient.Options{Scheme: mgr.GetScheme()})
+	client := wc.NewClientWrapper(mgr.GetClient(), liveClient)
+	//print(client)
+
 	setupLog.Info("Registering Components.")
 
 	// Setup Scheme for all resources
@@ -236,7 +251,7 @@ func main() {
 		os.Exit(1)
 	}
 	if err = (&argocd.ReconcileArgoCD{
-		Client:        mgr.GetClient(),
+		Client:        client,
 		Scheme:        mgr.GetScheme(),
 		LabelSelector: labelSelectorFlag,
 		K8sClient:     k8sClient,
@@ -248,14 +263,14 @@ func main() {
 		os.Exit(1)
 	}
 	if err = (&argocdexport.ReconcileArgoCDExport{
-		Client: mgr.GetClient(),
+		Client: client,
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "ArgoCDExport")
 		os.Exit(1)
 	}
 	if err = (&notificationsConfig.NotificationsConfigurationReconciler{
-		Client: mgr.GetClient(),
+		Client: client,
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "NotificationsConfiguration")
@@ -338,3 +353,36 @@ func initK8sClient() (*kubernetes.Clientset, error) {
 
 	return k8sClient, nil
 }
+
+func slimSecret() toolscache.TransformFunc {
+	return func(in interface{}) (interface{}, error) {
+		if s, ok := in.(*v1.Secret); ok {
+			if isRequiredByOperator(s.Labels) {
+				return in, nil
+			}
+			out := &v1.Secret{
+				TypeMeta:   s.TypeMeta,
+				ObjectMeta: *s.ObjectMeta.DeepCopy(),
+				Type:       s.Type, // keep if you match on it
+			}
+			// (Data and StringData intentionally omitted)
+			// managedFields can also be stripped via DefaultTransform if you set it.
+			return out, nil
+		}
+		return in, nil
+	}
+}
+
+func isRequiredByOperator(labels map[string]string) bool {
+	interestedLabels := []string{
+		common.ArgoCDTrackedByOperatorLabel,
+		common.ArgoCDSecretTypeLabel,
+	}
+
+	for _, l := range interestedLabels {
+		if _, exists := labels[l]; exists {
+			return true
+		}
+	}
+	return false
+}

pkg/clientwrapper/client.go

@@ -0,0 +1,90 @@
+package clientwrapper
+
+import (
+	"context"
+
+	"github.com/argoproj-labs/argocd-operator/common"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" // Renamed to avoid conflict with our wrapper's name
+)
+
+// ClientWrapper wraps a controller-runtime client to customize Get behavior.
+// It embeds the cachedClient, allowing other methods (Create, Update, Delete etc.)
+// to be directly inherited from the cachedClient's implementation.
+// For Get, it falls back to liveClient on cache miss and labels the object.
+type ClientWrapper struct {
+	ctrlclient.Client                   // Embedded cached client. This provides all methods by default.
+	liveClient        ctrlclient.Client // Client for direct API server calls on cache misses.
+}
+
+// NewClientWrapper creates a new ClientWrapper.
+// `cachedClient` is typically the client from the Manager (which uses the cache and respects cache filters).
+// `liveClient` is a client configured to bypass the cache and talk directly to the API server.
+func NewClientWrapper(cachedClient ctrlclient.Client, liveClient ctrlclient.Client) *ClientWrapper {
+	return &ClientWrapper{
+		Client:     cachedClient, // Embed the cached client
+		liveClient: liveClient,
+	}
+}
+
+// Get overrides the embedded client's Get method to implement cache fallback.
+func (cw *ClientWrapper) Get(ctx context.Context, key types.NamespacedName, obj ctrlclient.Object, opts ...ctrlclient.GetOption) error {
+	// Try getting from the cached client first (this is the embedded client's Get)
+	err := cw.Client.Get(ctx, key, obj, opts...)
+	if err != nil {
+		// Found in cache, return successfully
+		return err
+	}
+
+	makeLiveCheck := false
+	switch obj := obj.(type) {
+	case *corev1.Secret:
+		if !isRequiredByOperator(obj.GetLabels()) {
+			makeLiveCheck = true
+		}
+	default:
+		return nil
+	}
+
+	// If not found in cache, check if it's a NotFound error
+	if makeLiveCheck {
+		// Use liveClient to do a live lookup of resource
+		liveErr := cw.liveClient.Get(ctx, key, obj, opts...)
+		if liveErr == nil {
+			// Resource found live - try to label it for future caching
+			// Create patch from the original live state
+			patch := ctrlclient.MergeFrom(obj.DeepCopyObject().(ctrlclient.Object))
+			// Add the tracking label to match cache filtering
+			labels := obj.GetLabels()
+			if labels == nil {
+				labels = make(map[string]string)
+			}
+			labels[common.ArgoCDTrackedByOperatorLabel] = common.ArgoCDAppName
+			obj.SetLabels(labels)
+			// Attempt to patch the live object with the new label
+			// If patching fails, we still succeeded in getting the resource
+			// Return success - we found the object live
+			cw.liveClient.Patch(ctx, obj, patch)
+			return nil
+		}
+		// Object not found in both cache and live - return the live error
+		return liveErr
+	}
+
+	return nil
+}
+
+func isRequiredByOperator(labels map[string]string) bool {
+	interestedLabels := []string{
+		common.ArgoCDTrackedByOperatorLabel,
+		common.ArgoCDSecretTypeLabel,
+	}
+
+	for _, l := range interestedLabels {
+		if _, exists := labels[l]; exists {
+			return true
+		}
+	}
+	return false
+}