Watch for changes in owned secrets

This allows for the reconcile to be performed when the capargo-created argo secrets are modified.

cmd/root.go

@@ -1,25 +1,31 @@
 package cmd
 
 import (
+	"context"
 	"flag"
 	"os"
 	"time"
 
-	"github.com/spf13/cobra"
 	"github.com/superorbital/capargo/internal/controller"
 	"github.com/superorbital/capargo/pkg/types"
 
 	corev1 "k8s.io/api/core/v1"
 
-	"k8s.io/apimachinery/pkg/runtime"
+	apimachinerytypes "k8s.io/apimachinery/pkg/types"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
 	clientconfig "sigs.k8s.io/controller-runtime/pkg/client/config"
-	"sigs.k8s.io/controller-runtime/pkg/config"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
+
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/config"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
 
 // Build information
@@ -95,7 +101,30 @@ var rootCmd = &cobra.Command{
 		err = builder.
 			ControllerManagedBy(mgr).
 			For(&clusterv1.Cluster{}).
-			Owns(&corev1.Secret{}).
+			Watches(&corev1.Secret{},
+				handler.EnqueueRequestsFromMapFunc(
+					func(ctx context.Context, obj client.Object) []reconcile.Request {
+						s := obj.(*corev1.Secret)
+						if _, ok := s.Labels[types.ControllerNameLabel]; ok {
+							var name string
+							var namespace string
+							if name, ok = s.Annotations[types.SecretNameAnnotation]; !ok {
+								return nil
+							}
+							if namespace, ok = s.Annotations[types.SecretNamespaceAnnotation]; !ok {
+								return nil
+							}
+							return []reconcile.Request{
+								{
+									NamespacedName: apimachinerytypes.NamespacedName{
+										Name:      name,
+										Namespace: namespace,
+									},
+								},
+							}
+						}
+						return nil
+					})).
 			Complete(&controller.ClusterKubeconfigReconciler{
 				Client:  mgr.GetClient(),
 				Options: o,

internal/controller/controller.go

@@ -39,7 +39,7 @@ func (c *ClusterKubeconfigReconciler) Reconcile(ctx context.Context, req reconci
 	}
 
 	// Remove the ArgoCD cluster secret if the cluster was deleted.
-	if err != nil && errors.IsNotFound(err) {
+	if errors.IsNotFound(err) {
 		return reconcile.Result{}, c.deleteArgoCluster(ctx, req.Name)
 	}
 
@@ -79,7 +79,6 @@ func (c *ClusterKubeconfigReconciler) deleteArgoCluster(ctx context.Context, nam
 // createOrUpdateArgoCluster uploads the latest version of the cluster
 // kubeconfig as an ArgoCD cluster secret to the cluster.
 func (c *ClusterKubeconfigReconciler) createOrUpdateArgoCluster(ctx context.Context, cluster *capiv1beta1.Cluster) error {
-	// Find the kubeconfig secret.
 	capiSecret := &corev1.Secret{}
 	namespacedName, err := providers.GetCapiKubeconfigNamespacedName(cluster)
 	if err != nil {
@@ -125,7 +124,11 @@ func (c *ClusterKubeconfigReconciler) createOrUpdateArgoCluster(ctx context.Cont
 			Namespace: c.ArgoNamespace,
 			Labels: map[string]string{
 				"argocd.argoproj.io/secret-type": "cluster",
-				"controller":                     "capargo",
+				types.ControllerNameLabel:        "capargo",
+			},
+			Annotations: map[string]string{
+				types.SecretNameAnnotation:      cluster.Name,
+				types.SecretNamespaceAnnotation: cluster.Namespace,
 			},
 		},
 		StringData: map[string]string{

pkg/types/consts.go

@@ -0,0 +1,8 @@
+package types
+
+const (
+	slug                      = "superorbital.io"
+	ControllerNameLabel       = slug + "/controller-name"
+	SecretNameAnnotation      = slug + "/cluster-name"
+	SecretNamespaceAnnotation = slug + "/cluster-namespace"
+)