Merge pull request #886 from akgalwas/registry-cache-1

Registry cache implementation: add a property to the Runtime CR that enables the cache

Author: m00g3n

api/v1/runtime_types.go

@@ -97,6 +97,7 @@ const (
 	ConditionReasonOidcConfigured           = RuntimeConditionReason("OidcConfigured")
 	ConditionReasonOidcError                = RuntimeConditionReason("OidcConfigurationErr")
 	ConditionReasonSeedNotFound             = RuntimeConditionReason("SeedNotFound")
+	ConditionReasonRegistryCacheError       = RuntimeConditionReason("RegistryCacheConfigurationErr")
 )
 
 //+kubebuilder:object:root=true
@@ -126,8 +127,13 @@ type RuntimeList struct {
 
 // RuntimeSpec defines the desired state of Runtime
 type RuntimeSpec struct {
-	Shoot    RuntimeShoot `json:"shoot"`
-	Security Security     `json:"security"`
+	Shoot    RuntimeShoot        `json:"shoot"`
+	Security Security            `json:"security"`
+	Caching  *ImageRegistryCache `json:"imageRegistryCache,omitempty"`
+}
+
+type ImageRegistryCache struct {
+	Enabled bool `json:"enabled"`
 }
 
 // RuntimeStatus defines the observed state of Runtime

api/v1/zz_generated.deepcopy.go

@@ -21,6 +21,7 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
+	registrycache "github.com/kyma-project/kim-snatch/api/v1beta1"
 	"io"
 	"os"
 	"time"
@@ -288,6 +289,11 @@ func initGardenerClients(kubeconfigPath string, namespace string, timeout time.D
 		return nil, nil, nil, errors.Wrap(err, "failed to register Gardener schema")
 	}
 
+	err = registrycache.AddToScheme(gardenerClient.Scheme())
+	if err != nil {
+		return nil, nil, nil, errors.Wrap(err, "failed to register Gardener schema")
+	}
+
 	shootClient := gardenerClientSet.Shoots(namespace)
 	dynamicKubeconfigAPI := gardenerClient.SubResource("adminkubeconfig")
 

cmd/main.go

@@ -52,6 +52,13 @@ spec:
           spec:
             description: RuntimeSpec defines the desired state of Runtime
             properties:
+              imageRegistryCache:
+                properties:
+                  enabled:
+                    type: boolean
+                required:
+                - enabled
+                type: object
               security:
                 properties:
                   administrators:

config/crd/bases/infrastructuremanager.kyma-project.io_runtimes.yaml

@@ -1,6 +1,6 @@
 module github.com/kyma-project/infrastructure-manager
 
-go 1.24.0
+go 1.24.2
 
 toolchain go1.24.3
 
@@ -10,9 +10,11 @@ require (
 	github.com/gardener/gardener-extension-provider-aws v1.61.1
 	github.com/gardener/gardener-extension-provider-gcp v1.43.2
 	github.com/gardener/gardener-extension-provider-openstack v1.47.0
+	github.com/gardener/gardener-extension-registry-cache v0.13.0
 	github.com/gardener/oidc-webhook-authenticator v0.35.0
 	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.26.0
+	github.com/kyma-project/kim-snatch v0.0.0-20250430122050-3c3bdc3b74bb
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
 	github.com/pkg/errors v0.9.1

go.mod

@@ -48,6 +48,8 @@ github.com/gardener/gardener-extension-provider-gcp v1.43.2 h1:LcMxg6qlH7Jm3EhBZ
 github.com/gardener/gardener-extension-provider-gcp v1.43.2/go.mod h1:dnW8Xd+1HTmFgsPBeKm3SQmPGzPjgInfnhxvlG6RIk8=
 github.com/gardener/gardener-extension-provider-openstack v1.47.0 h1:g4AiLyNSLRZYYRKSfgHf5MUZY0xBe4v+o5toxcY8YDU=
 github.com/gardener/gardener-extension-provider-openstack v1.47.0/go.mod h1:7uT3jCkSoJbYyN2TTJ1B6/vWwrUVw+xXJCtDrv3i0aQ=
+github.com/gardener/gardener-extension-registry-cache v0.13.0 h1:CcmcqUbYz3WLeJKk+sSQCAmHezvOmk8RgVgmFzVLTiA=
+github.com/gardener/gardener-extension-registry-cache v0.13.0/go.mod h1:vtyyHXh+3tmtxYhpT+ynEYfYkDXi8yCSLtC1gS4Y32A=
 github.com/gardener/machine-controller-manager v0.57.2 h1:3rTFvOmUnBSBW9ui3jnNhdkcRiyALJbqEb8FTPpR4U0=
 github.com/gardener/machine-controller-manager v0.57.2/go.mod h1:eCng7De6OE15rndmMm6Q1fwMQI39esASCd3WKZ/lLmY=
 github.com/gardener/oidc-webhook-authenticator v0.35.0 h1:VfIClVIi/1F0pHd4j/ue0ByGy0TJZI2lGJWaoES+vtE=
@@ -122,6 +124,8 @@ github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 h1:nHHjmvjitIiyP
 github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0/go.mod h1:YBCo4DoEeDndqvAn6eeu0vWM7QdXmHEeI9cFWplmBys=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/kyma-project/kim-snatch v0.0.0-20250430122050-3c3bdc3b74bb h1:ez9JwsTsK4hliF0WTO787bXmkataJ08L4P0y6SLpJow=
+github.com/kyma-project/kim-snatch v0.0.0-20250430122050-3c3bdc3b74bb/go.mod h1:S78TWWPO6T7IPoF2RHapMyzHlQfQU4M2KGbH6zfpXHg=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=

go.sum

@@ -1,6 +1,6 @@
 module github.com/kyma-project/infrastructure-manager/hack/patch-converter-runner
 
-go 1.24.0
+go 1.24.2
 
 toolchain go1.24.3
 
@@ -23,6 +23,7 @@ require (
 	github.com/gardener/gardener-extension-provider-aws v1.61.1 // indirect
 	github.com/gardener/gardener-extension-provider-gcp v1.43.2 // indirect
 	github.com/gardener/gardener-extension-provider-openstack v1.47.0 // indirect
+	github.com/gardener/gardener-extension-registry-cache v0.13.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.1 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
@@ -33,6 +34,7 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kyma-project/kim-snatch v0.0.0-20250430122050-3c3bdc3b74bb // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect

hack/patch-converter-runner/go.mod

@@ -44,6 +44,8 @@ github.com/gardener/gardener-extension-provider-gcp v1.43.2 h1:LcMxg6qlH7Jm3EhBZ
 github.com/gardener/gardener-extension-provider-gcp v1.43.2/go.mod h1:dnW8Xd+1HTmFgsPBeKm3SQmPGzPjgInfnhxvlG6RIk8=
 github.com/gardener/gardener-extension-provider-openstack v1.47.0 h1:g4AiLyNSLRZYYRKSfgHf5MUZY0xBe4v+o5toxcY8YDU=
 github.com/gardener/gardener-extension-provider-openstack v1.47.0/go.mod h1:7uT3jCkSoJbYyN2TTJ1B6/vWwrUVw+xXJCtDrv3i0aQ=
+github.com/gardener/gardener-extension-registry-cache v0.13.0 h1:CcmcqUbYz3WLeJKk+sSQCAmHezvOmk8RgVgmFzVLTiA=
+github.com/gardener/gardener-extension-registry-cache v0.13.0/go.mod h1:vtyyHXh+3tmtxYhpT+ynEYfYkDXi8yCSLtC1gS4Y32A=
 github.com/gardener/machine-controller-manager v0.57.2 h1:3rTFvOmUnBSBW9ui3jnNhdkcRiyALJbqEb8FTPpR4U0=
 github.com/gardener/machine-controller-manager v0.57.2/go.mod h1:eCng7De6OE15rndmMm6Q1fwMQI39esASCd3WKZ/lLmY=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
@@ -103,6 +105,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 h1:nHHjmvjitIiyPlUHk/ofpgvBcNcawJLtf4PYHORLjAA=
 github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0/go.mod h1:YBCo4DoEeDndqvAn6eeu0vWM7QdXmHEeI9cFWplmBys=
+github.com/kyma-project/kim-snatch v0.0.0-20250430122050-3c3bdc3b74bb h1:ez9JwsTsK4hliF0WTO787bXmkataJ08L4P0y6SLpJow=
+github.com/kyma-project/kim-snatch v0.0.0-20250430122050-3c3bdc3b74bb/go.mod h1:S78TWWPO6T7IPoF2RHapMyzHlQfQU4M2KGbH6zfpXHg=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=

hack/patch-converter-runner/go.sum

@@ -1,6 +1,6 @@
 module github.com/kyma-project/infrastructure-manager/hack/runtime-migrator-app
 
-go 1.24.0
+go 1.24.2
 
 toolchain go1.24.3
 

hack/runtime-migrator/go.mod

@@ -15,8 +15,9 @@ import (
 )
 
 const (
-	msgFailedToConfigureAuditlogs = "Failed to configure audit logs"
-	msgFailedStructuredConfigMap  = "Failed to create structured authentication config map"
+	msgFailedToConfigureAuditlogs     = "Failed to configure audit logs"
+	msgFailedStructuredConfigMap      = "Failed to create structured authentication config map"
+	msgFailedToConfigureRegistryCache = "Failed to configure registry cache"
 )
 
 func sFnCreateShoot(ctx context.Context, m *fsm, s *systemState) (stateFn, *ctrl.Result, error) {

internal/controller/runtime/fsm/runtime_fsm_create_shoot.go

@@ -12,13 +12,15 @@ import (
 	gardener "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	imv1 "github.com/kyma-project/infrastructure-manager/api/v1"
 	"github.com/kyma-project/infrastructure-manager/internal/log_level"
+	"github.com/kyma-project/infrastructure-manager/internal/registrycache"
 	gardener_shoot "github.com/kyma-project/infrastructure-manager/pkg/gardener/shoot"
 	"github.com/kyma-project/infrastructure-manager/pkg/reconciler"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+  "github.com/kyma-project/kim-snatch/api/v1beta1"
 )
 
 const fieldManagerName = "kim"
@@ -62,6 +64,22 @@ func sFnPatchExistingShoot(ctx context.Context, m *fsm, s *systemState) (stateFn
 		}
 	}
 
+	var registrycache []v1beta1.RegistryCache
+	if s.instance.Spec.Caching != nil && s.instance.Spec.Caching.Enabled {
+		registrycache, err = getRegistryCache(ctx, m.Client, s.instance)
+
+		if err != nil {
+			m.log.Error(err, "Failed to get Registry Cache Config")
+
+			m.Metrics.IncRuntimeFSMStopCounter()
+			return updateStatePendingWithErrorAndStop(
+				&s.instance,
+				imv1.ConditionTypeRuntimeProvisioned,
+				imv1.ConditionReasonRegistryCacheError,
+				msgFailedToConfigureRegistryCache)
+		}
+	}
+
 	// NOTE: In the future we want to pass the whole shoot object here
 	updatedShoot, err := convertPatch(&s.instance, gardener_shoot.PatchOpts{
 		ConverterConfig:       m.ConverterConfig,
@@ -75,6 +93,7 @@ func sFnPatchExistingShoot(ctx context.Context, m *fsm, s *systemState) (stateFn
 		ControlPlaneConfig:    s.shoot.Spec.Provider.ControlPlaneConfig,
 		Log:                   ptr.To(m.log),
 		StructuredAuthEnabled: m.StructuredAuthEnabled,
+		RegistryCache:         registrycache,
 	})
 
 	if err != nil {
@@ -317,3 +336,17 @@ func migrateOIDCToStructuredAuth(ctx context.Context, shootToUpdate gardener.Sho
 
 	return err
 }
+
+func getRegistryCache(ctx context.Context, client client.Client, runtime imv1.Runtime) ([]v1beta1.RegistryCache, error) {
+	secret, err := getKubeconfigSecret(ctx, client, runtime.Labels[imv1.LabelKymaRuntimeID], runtime.Namespace)
+	if err != nil {
+		return nil, err
+	}
+
+	configExplorer, err := registrycache.NewConfigExplorer(ctx, secret)
+	if err != nil {
+		return nil, err
+	}
+
+	return configExplorer.GetRegistryCacheConfig()
+}

internal/controller/runtime/fsm/runtime_fsm_patch_shoot.go

@@ -0,0 +1,60 @@
+package registrycache
+
+import (
+	"context"
+	"github.com/kyma-project/infrastructure-manager/pkg/gardener"
+	registrycache "github.com/kyma-project/kim-snatch/api/v1beta1"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type ConfigExplorer struct {
+	shootClient client.Client
+	Context     context.Context
+}
+
+type GetSecretFunc func() (corev1.Secret, error)
+
+func NewConfigExplorer(ctx context.Context, kubeconfigSecret corev1.Secret) (ConfigExplorer, error) {
+
+	shootClient, err := gardener.GetShootClient(kubeconfigSecret)
+	if err != nil {
+		return ConfigExplorer{}, err
+	}
+
+	return ConfigExplorer{
+		shootClient: shootClient,
+		Context:     ctx,
+	}, nil
+}
+
+func (c *ConfigExplorer) RegistryCacheConfigExists() (bool, error) {
+	var customConfigList registrycache.CustomConfigList
+	err := c.shootClient.List(c.Context, &customConfigList)
+	if err != nil {
+		return false, err
+	}
+
+	for _, customConfig := range customConfigList.Items {
+		if len(customConfig.Spec.RegistryCaches) > 0 {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+func (c *ConfigExplorer) GetRegistryCacheConfig() ([]registrycache.RegistryCache, error) {
+	var customConfigList registrycache.CustomConfigList
+	err := c.shootClient.List(c.Context, &customConfigList)
+	if err != nil {
+		return nil, err
+	}
+	registryCacheConfigs := make([]registrycache.RegistryCache, 0)
+
+	for _, customConfig := range customConfigList.Items {
+		registryCacheConfigs = append(registryCacheConfigs, customConfig.Spec.RegistryCaches...)
+	}
+
+	return registryCacheConfigs, nil
+}

internal/registrycache/explorer.go

@@ -3,7 +3,9 @@ package gardener
 import (
 	"context"
 	"fmt"
+	corev1 "k8s.io/api/core/v1"
 	"os"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	gardener_api "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -34,3 +36,23 @@ func NewRestConfigFromFile(kubeconfigFilePath string) (*restclient.Config, error
 
 	return restConfig, err
 }
+
+const (
+	kubeconfigSecretKey = "config"
+)
+
+// TODO: Use this function in the Runtime Controller's FSM
+func GetShootClient(secret corev1.Secret) (client.Client, error) {
+
+	restConfig, err := clientcmd.RESTConfigFromKubeConfig(secret.Data[kubeconfigSecretKey])
+	if err != nil {
+		return nil, err
+	}
+
+	shootClientWithAdmin, err := client.New(restConfig, client.Options{})
+	if err != nil {
+		return nil, err
+	}
+
+	return shootClientWithAdmin, nil
+}

pkg/gardener/client.go

@@ -6,6 +6,7 @@ import (
 	"github.com/kyma-project/infrastructure-manager/pkg/gardener/shoot/extender/maintenance"
 	"github.com/kyma-project/infrastructure-manager/pkg/gardener/shoot/extender/provider"
 	"github.com/kyma-project/infrastructure-manager/pkg/gardener/shoot/extender/restrictions"
+	registrycache "github.com/kyma-project/kim-snatch/api/v1beta1"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	gardener "github.com/gardener/gardener/pkg/apis/core/v1beta1"
@@ -74,6 +75,7 @@ type PatchOpts struct {
 	ControlPlaneConfig    *runtime.RawExtension
 	Log                   *logr.Logger
 	StructuredAuthEnabled bool
+	RegistryCache         []registrycache.RegistryCache
 }
 
 func NewConverterCreate(opts CreateOpts) Converter {
@@ -91,7 +93,7 @@ func NewConverterCreate(opts CreateOpts) Converter {
 	if !opts.DNS.IsGardenerInternal() {
 		extendersForCreate = append(extendersForCreate, extender2.NewDNSExtender(opts.DNS.SecretName, opts.DNS.DomainPrefix, opts.DNS.ProviderType))
 	}
-	extendersForCreate = append(extendersForCreate, extensions.NewExtensionsExtenderForCreate(opts.ConverterConfig, opts.AuditLogData))
+	extendersForCreate = append(extendersForCreate, extensions.NewExtensionsExtenderForCreate(opts.ConverterConfig, opts.AuditLogData, nil))
 	extendersForCreate = append(extendersForCreate,
 		extender2.NewKubernetesExtender(opts.Kubernetes.DefaultVersion, ""))
 
@@ -120,7 +122,7 @@ func NewConverterPatch(opts PatchOpts) Converter {
 			opts.ControlPlaneConfig))
 
 	extendersForPatch = append(extendersForPatch,
-		extensions.NewExtensionsExtenderForPatch(opts.AuditLogData, opts.Extensions),
+		extensions.NewExtensionsExtenderForPatch(opts.AuditLogData, opts.RegistryCache, opts.Extensions),
 		extender2.NewResourcesExtenderForPatch(opts.Resources))
 
 	extendersForPatch = append(extendersForPatch, extender2.NewKubernetesExtender(opts.Kubernetes.DefaultVersion, opts.ShootK8SVersion))