WIP

Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>

Author: svghadi

Dockerfile

@@ -14,6 +14,7 @@ COPY cmd/main.go cmd/main.go
 COPY api/ api/
 COPY common/ common/
 COPY controllers/ controllers/
+COPY pkg/ pkg/
 COPY version/ version/
 
 # Build

cmd/main.go

@@ -30,6 +30,7 @@ import (
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
+	crclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -56,8 +57,12 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
+	corev1 "k8s.io/api/core/v1"
+
 	v1alpha1 "github.com/argoproj-labs/argocd-operator/api/v1alpha1"
 	v1beta1 "github.com/argoproj-labs/argocd-operator/api/v1beta1"
+	"github.com/argoproj-labs/argocd-operator/pkg/cacheutils"
+	wc "github.com/argoproj-labs/argocd-operator/pkg/clientwrapper"
 	"github.com/argoproj-labs/argocd-operator/version"
 	//+kubebuilder:scaffold:imports
 )
@@ -179,6 +184,13 @@ func main() {
 		Controller: controllerconfig.Controller{
 			SkipNameValidation: &skipControllerNameValidation,
 		},
+		Cache: cache.Options{
+			Scheme: scheme,
+			ByObject: map[crclient.Object]cache.ByObject{
+				&corev1.Secret{}:    {Transform: cacheutils.StripSecretDataTranform()},
+				&corev1.ConfigMap{}: {Transform: cacheutils.StripConfigMapDataTransform()},
+			},
+		},
 	}
 
 	if watchedNsCache := getDefaultWatchedNamespacesCacheOptions(); watchedNsCache != nil {
@@ -193,6 +205,10 @@ func main() {
 		os.Exit(1)
 	}
 
+	liveClient, _ := crclient.New(ctrl.GetConfigOrDie(), crclient.Options{Scheme: mgr.GetScheme()})
+	client := wc.NewClientWrapper(mgr.GetClient(), liveClient)
+	//print(client)
+
 	setupLog.Info("Registering Components.")
 
 	// Setup Scheme for all resources
@@ -236,7 +252,7 @@ func main() {
 		os.Exit(1)
 	}
 	if err = (&argocd.ReconcileArgoCD{
-		Client:        mgr.GetClient(),
+		Client:        client,
 		Scheme:        mgr.GetScheme(),
 		LabelSelector: labelSelectorFlag,
 		K8sClient:     k8sClient,
@@ -248,14 +264,14 @@ func main() {
 		os.Exit(1)
 	}
 	if err = (&argocdexport.ReconcileArgoCDExport{
-		Client: mgr.GetClient(),
+		Client: client,
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "ArgoCDExport")
 		os.Exit(1)
 	}
 	if err = (&notificationsConfig.NotificationsConfigurationReconciler{
-		Client: mgr.GetClient(),
+		Client: client,
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "NotificationsConfiguration")

pkg/cacheutils/utlis.go

@@ -0,0 +1,62 @@
+package cacheutils
+
+import (
+	v1 "k8s.io/api/core/v1"
+	clientgotools "k8s.io/client-go/tools/cache"
+
+	"github.com/argoproj-labs/argocd-operator/common"
+)
+
+func StripSecretDataTranform() clientgotools.TransformFunc {
+	return func(in interface{}) (interface{}, error) {
+		if s, ok := in.(*v1.Secret); ok {
+			if IsTrackedByOperator(s.Labels) {
+				// Keep full secret
+				return in, nil
+			}
+			// Strip data for non-operator secrets
+			return &v1.Secret{
+				TypeMeta:   s.TypeMeta,
+				ObjectMeta: s.ObjectMeta,
+				Type:       s.Type,
+				Immutable:  s.Immutable,
+				Data:       nil,
+				StringData: nil,
+			}, nil
+		}
+		return in, nil
+	}
+}
+
+func StripConfigMapDataTransform() clientgotools.TransformFunc {
+	return func(in interface{}) (interface{}, error) {
+		if cm, ok := in.(*v1.ConfigMap); ok {
+			if IsTrackedByOperator(cm.Labels) {
+				// Keep full configmap
+				return in, nil
+			}
+			// Strip data for non-operator configmaps
+			return &v1.ConfigMap{
+				TypeMeta:   cm.TypeMeta,
+				ObjectMeta: cm.ObjectMeta,
+				Data:       nil,
+				BinaryData: nil,
+			}, nil
+		}
+		return in, nil
+	}
+}
+
+func IsTrackedByOperator(labels map[string]string) bool {
+	trackedLabels := []string{
+		common.ArgoCDTrackedByOperatorLabel,
+		common.ArgoCDSecretTypeLabel,
+	}
+
+	for _, l := range trackedLabels {
+		if _, exists := labels[l]; exists {
+			return true
+		}
+	}
+	return false
+}

pkg/clientwrapper/client.go

@@ -0,0 +1,101 @@
+package clientwrapper
+
+import (
+	"context"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/argoproj-labs/argocd-operator/common"
+	"github.com/argoproj-labs/argocd-operator/pkg/cacheutils"
+)
+
+// ClientWrapper wraps a cached client and only falls back to
+// live GET when the cached object appears stripped OR is missing required labels.
+type ClientWrapper struct {
+	ctrlclient.Client                   // cached client
+	liveClient        ctrlclient.Client // direct API client
+}
+
+func NewClientWrapper(cached, live ctrlclient.Client) *ClientWrapper {
+	return &ClientWrapper{
+		Client:     cached,
+		liveClient: live,
+	}
+}
+
+func (cw *ClientWrapper) Get(ctx context.Context, key types.NamespacedName, obj ctrlclient.Object, opts ...ctrlclient.GetOption) error {
+	// 1) Cache read (no live fallback here on error)
+	if err := cw.Client.Get(ctx, key, obj, opts...); err != nil {
+		return err
+	}
+
+	// 2) Post-read check: only specific kinds may need live refresh
+	switch o := obj.(type) {
+	case *corev1.Secret:
+		if secretNeedsLiveRefresh(o) {
+			// Re-fetch from live to get the full object
+			if err := cw.liveClient.Get(ctx, key, obj, opts...); err != nil {
+				return err
+			}
+			// Ensure it becomes tracked for future full-caching (best-effort)
+			cw.ensureTrackedLabel(ctx, obj)
+		}
+	case *corev1.ConfigMap:
+		if configmapNeedsLiveRefresh(o) {
+			// Re-fetch from live to get the full object
+			if err := cw.liveClient.Get(ctx, key, obj, opts...); err != nil {
+				return err
+			}
+			// Ensure it becomes tracked for future full-caching (best-effort)
+			cw.ensureTrackedLabel(ctx, obj)
+		}
+
+		// add more kinds here (e.g., *corev1.ConfigMap) if you apply similar striping
+	}
+
+	return nil
+}
+
+// secretNeedsLiveRefresh returns true if the cached secret looks stripped or untracked.
+func secretNeedsLiveRefresh(s *corev1.Secret) bool {
+	// Untracked → we likely cached a slimmed object; refresh live.
+	if !cacheutils.IsTrackedByOperator(s.GetLabels()) {
+		return true
+	}
+	// Heuristic: a "slimmed" secret from our transform has nil Data/StringData.
+	// (Note: a legitimately empty secret may also match; adjust if you add a marker label/annotation.)
+	if s.Data == nil && s.StringData == nil {
+		return true
+	}
+	return false
+}
+
+// configmapNeedsLiveRefresh returns true if the cached cm looks stripped or untracked.
+func configmapNeedsLiveRefresh(cm *corev1.ConfigMap) bool {
+	if !cacheutils.IsTrackedByOperator(cm.GetLabels()) {
+		return true
+	}
+	if cm.Data == nil && cm.BinaryData == nil {
+		return true
+	}
+	return false
+}
+
+// ensureTrackedLabel adds the operator tracking label (best-effort, ignores patch error).
+func (cw *ClientWrapper) ensureTrackedLabel(ctx context.Context, obj ctrlclient.Object) {
+	if cacheutils.IsTrackedByOperator(obj.GetLabels()) {
+		return
+	}
+	orig := obj.DeepCopyObject().(ctrlclient.Object)
+
+	labels := obj.GetLabels()
+	if labels == nil {
+		labels = make(map[string]string, 1)
+	}
+	labels[common.ArgoCDTrackedByOperatorLabel] = common.ArgoCDAppName
+	obj.SetLabels(labels)
+
+	_ = cw.liveClient.Patch(ctx, obj, ctrlclient.MergeFrom(orig)) // best-effort
+}