Feature/131 ignore loglevel changes when debug mode is running

CHANGELOG.md

@@ -10,6 +10,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - [#121] Added use case to check if dogus actually use the desired version and config before completing the blueprint
+- [#129] Reconciliation of the blueprint on changes of dogu-crs, ces-configMaps and ces-secrets
+- [#131] Ignore loglevel changes while debug-mode is active
 
 ### Changed
 - [#119] *breaking* sensitive dogu config can now only be referenced with secrets

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/cloudogu/ces-commons-lib v0.2.0
 	github.com/cloudogu/cesapp-lib v0.18.1
 	github.com/cloudogu/k8s-blueprint-lib/v2 v2.0.0-20250925091741-275e54da827b
+	github.com/cloudogu/k8s-debug-mode-cr-lib v1.0.0
 	github.com/cloudogu/k8s-dogu-lib/v2 v2.0.0-20250924122244-01339f784cd0
 	github.com/cloudogu/k8s-registry-lib v0.2.2-0.20250818112109-cfd93e57e9f6
 	github.com/cloudogu/remote-dogu-descriptor-lib v0.1.1

go.sum

@@ -20,6 +20,8 @@ github.com/cloudogu/cesapp-lib v0.18.1 h1:LMdGktIefm/PuhdPqpLTPvjY1smO06EEGBbRSA
 github.com/cloudogu/cesapp-lib v0.18.1/go.mod h1:J05eXFxnz4enZblABlmiVTZaUtJ+LIhlJ2UF6l9jpDw=
 github.com/cloudogu/k8s-blueprint-lib/v2 v2.0.0-20250925091741-275e54da827b h1:1VRisF6h7o/B8fOtPIRuMApMe4PQKiCgiYDLD2tyScw=
 github.com/cloudogu/k8s-blueprint-lib/v2 v2.0.0-20250925091741-275e54da827b/go.mod h1:yNtYKIfJkJyMCQ5srtWspl4CDIu3pCvfNC4Yci1XVtQ=
+github.com/cloudogu/k8s-debug-mode-cr-lib v1.0.0 h1:geZjXwWQY8d8aEWA9l2is/DwlADdOHQveBokPK63XH0=
+github.com/cloudogu/k8s-debug-mode-cr-lib v1.0.0/go.mod h1:OPAO5P5ZSZkEexP9YOWNj4wEE8T3wqs92yyP5muymxQ=
 github.com/cloudogu/k8s-dogu-lib/v2 v2.0.0-20250924122244-01339f784cd0 h1:ohitXnpL655pmZOO0LVjW/weVi1ftFKSXG7jllbRQag=
 github.com/cloudogu/k8s-dogu-lib/v2 v2.0.0-20250924122244-01339f784cd0/go.mod h1:2xkJ1TI7fuBRcqIpHUlmQ6CJAtzlOvyUbwPktIVq6K8=
 github.com/cloudogu/k8s-registry-lib v0.2.2-0.20250818112109-cfd93e57e9f6 h1:OYMO6DYX6rtzo2a88hXXTzwf8+aXt7uV+BTaEmvlls4=

k8s/helm/templates/debug-mode-reader-role.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+  {{- include "k8s-blueprint-operator.labels" . | nindent 4 }}
+  name: {{ include "k8s-blueprint-operator.name" . }}-debug-mode-reader-role
+rules:
+  - apiGroups:
+      - k8s.cloudogu.com
+    resources:
+      - debugmodes
+    verbs:
+      - get

k8s/helm/templates/debug-mode-reader-rolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+  {{- include "k8s-blueprint-operator.labels" . | nindent 4 }}
+  name: {{ include "k8s-blueprint-operator.name" . }}-debug-mode-reader-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "k8s-blueprint-operator.name" . }}-debug-mode-reader-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "k8s-blueprint-operator.name" . }}-controller-manager

k8s/helm/templates/deployment.yaml

@@ -68,6 +68,8 @@ spec:
                 name: ces-proxy
                 key: url
                 optional: true
+          - name: DEBOUNCE_WINDOW
+            value: {{ quote .Values.manager.reconciler.debounceWindow | default "10s" }}
           image: "{{ .Values.manager.image.registry }}/{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag | default .Chart.AppVersion }}"
           livenessProbe:
             httpGet:

k8s/helm/templates/manager-role.yaml

@@ -15,10 +15,26 @@ rules:
     resources:
       - secrets
     verbs:
-      - create
-      - update
       - get
+      - list # needed, as the registry-lib seems to need that for a normal get command
+      - watch
 # issue PVC read-only permissions to amend the Blueprint CR with a currently configured Dogu volume size
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps # for normal dogu config
+    verbs:
+      - get
+      - list # needed, as the registry-lib seems to need that for a normal get command
+      - watch
+  - apiGroups:
+      - k8s.cloudogu.com
+    resources:
+      - dogus
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - ""
     resources:

k8s/helm/values.yaml

@@ -18,6 +18,8 @@ manager:
     memory: 105M
   networkPolicies:
     enabled: true
+  reconciler:
+    debounceWindow: 10s
 doguRegistry:
   certificate:
     secret: dogu-registry-cert

main.go

@@ -11,6 +11,7 @@ import (
 	"github.com/cloudogu/k8s-blueprint-operator/v2/pkg"
 	"github.com/cloudogu/k8s-blueprint-operator/v2/pkg/adapter/reconciler"
 	"github.com/cloudogu/k8s-blueprint-operator/v2/pkg/config"
+	v2 "github.com/cloudogu/k8s-dogu-lib/v2/api/v2"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -46,6 +47,7 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
 	utilruntime.Must(bpv2.AddToScheme(scheme))
+	utilruntime.Must(v2.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }
 

main_internal_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/go-logr/logr"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
@@ -181,6 +180,7 @@ func Test_startOperator(t *testing.T) {
 		t.Setenv("DOGU_REGISTRY_ENDPOINT", "dogu.example.com")
 		t.Setenv("DOGU_REGISTRY_USERNAME", "user")
 		t.Setenv("DOGU_REGISTRY_PASSWORD", "password")
+		t.Setenv("DEBOUNCE_WINDOW", "10s")
 
 		oldNewManagerFunc := ctrl.NewManager
 		oldGetConfigFunc := ctrl.GetConfigOrDie
@@ -196,6 +196,7 @@ func Test_startOperator(t *testing.T) {
 		//ctrlManMock.EXPECT().GetConfig().Return(restConfig)
 		ctrlManMock.EXPECT().GetControllerOptions().Return(config.Controller{})
 		ctrlManMock.EXPECT().GetScheme().Return(runtime.NewScheme())
+		ctrlManMock.EXPECT().GetCache().Return(nil)
 
 		ctrl.NewManager = func(config *rest.Config, options manager.Options) (manager.Manager, error) {
 			return ctrlManMock, nil
@@ -220,6 +221,7 @@ func Test_startOperator(t *testing.T) {
 		t.Setenv("DOGU_REGISTRY_ENDPOINT", "dogu.example.com")
 		t.Setenv("DOGU_REGISTRY_USERNAME", "user")
 		t.Setenv("DOGU_REGISTRY_PASSWORD", "password")
+		t.Setenv("DEBOUNCE_WINDOW", "10s")
 
 		oldNewManagerFunc := ctrl.NewManager
 		oldGetConfigFunc := ctrl.GetConfigOrDie
@@ -268,6 +270,7 @@ func Test_startOperator(t *testing.T) {
 		t.Setenv("DOGU_REGISTRY_ENDPOINT", "dogu.example.com")
 		t.Setenv("DOGU_REGISTRY_USERNAME", "user")
 		t.Setenv("DOGU_REGISTRY_PASSWORD", "password")
+		t.Setenv("DEBOUNCE_WINDOW", "10s")
 
 		oldNewManagerFunc := ctrl.NewManager
 		oldGetConfigFunc := ctrl.GetConfigOrDie
@@ -317,6 +320,7 @@ func Test_startOperator(t *testing.T) {
 		t.Setenv("DOGU_REGISTRY_ENDPOINT", "dogu.example.com")
 		t.Setenv("DOGU_REGISTRY_USERNAME", "user")
 		t.Setenv("DOGU_REGISTRY_PASSWORD", "password")
+		t.Setenv("DEBOUNCE_WINDOW", "10s")
 
 		oldNewManagerFunc := ctrl.NewManager
 		oldGetConfigFunc := ctrl.GetConfigOrDie
@@ -372,6 +376,7 @@ func Test_startOperator(t *testing.T) {
 		t.Setenv("DOGU_REGISTRY_ENDPOINT", "dogu.example.com")
 		t.Setenv("DOGU_REGISTRY_USERNAME", "user")
 		t.Setenv("DOGU_REGISTRY_PASSWORD", "password")
+		t.Setenv("DEBOUNCE_WINDOW", "10s")
 
 		oldNewManagerFunc := ctrl.NewManager
 		oldGetConfigFunc := ctrl.GetConfigOrDie

pkg/adapter/kubernetes/blueprintcr/v2/blueprintSpecCRRepository.go

@@ -112,6 +112,22 @@ func (repo *blueprintSpecRepo) CheckSingleton(ctx context.Context) error {
 	}
 }
 
+func (repo *blueprintSpecRepo) ListIds(ctx context.Context) ([]string, error) {
+	list, err := repo.blueprintClient.List(ctx, metav1.ListOptions{})
+	if err != nil {
+		return nil, &domainservice.InternalError{
+			WrappedError: err,
+			Message:      "error while listing blueprint resources",
+		}
+	}
+
+	result := make([]string, len(list.Items))
+	for index, blueprint := range list.Items {
+		result[index] = blueprint.Name
+	}
+	return result, nil
+}
+
 func (repo *blueprintSpecRepo) serializeBlueprintAndMask(blueprintSpec *domain.BlueprintSpec, blueprintCR *v2.Blueprint, blueprintId string) error {
 	blueprint, blueprintErr := serializerv2.ConvertToBlueprintDomain(blueprintCR.Spec.Blueprint)
 	if blueprintErr != nil {

pkg/adapter/kubernetes/blueprintcr/v2/blueprintSpecCRRepository_test.go

@@ -400,7 +400,7 @@ func Test_blueprintSpecRepo_CheckSingleton(t *testing.T) {
 		eventRecorderMock := newMockEventRecorder(t)
 		repo := NewBlueprintSpecRepository(restClientMock, eventRecorderMock)
 
-		restClientMock.EXPECT().List(ctx, metav1.ListOptions{Limit: 2}).Return(nil, nil)
+		restClientMock.EXPECT().List(ctx, mock.Anything).Return(nil, nil)
 
 		// when
 		err := repo.CheckSingleton(ctx)
@@ -413,7 +413,7 @@ func Test_blueprintSpecRepo_CheckSingleton(t *testing.T) {
 		restClientMock := newMockBlueprintInterface(t)
 		eventRecorderMock := newMockEventRecorder(t)
 		repo := NewBlueprintSpecRepository(restClientMock, eventRecorderMock)
-		restClientMock.EXPECT().List(ctx, metav1.ListOptions{Limit: 2}).Return(&bpv2.BlueprintList{}, nil)
+		restClientMock.EXPECT().List(ctx, mock.Anything).Return(&bpv2.BlueprintList{}, nil)
 
 		// when
 		err := repo.CheckSingleton(ctx)
@@ -435,7 +435,7 @@ func Test_blueprintSpecRepo_CheckSingleton(t *testing.T) {
 				},
 			},
 		}
-		restClientMock.EXPECT().List(ctx, metav1.ListOptions{Limit: 2}).Return(list, nil)
+		restClientMock.EXPECT().List(ctx, mock.Anything).Return(list, nil)
 
 		// when
 		err := repo.CheckSingleton(ctx)
@@ -462,7 +462,7 @@ func Test_blueprintSpecRepo_CheckSingleton(t *testing.T) {
 				},
 			},
 		}
-		restClientMock.EXPECT().List(ctx, metav1.ListOptions{Limit: 2}).Return(list, nil)
+		restClientMock.EXPECT().List(ctx, mock.Anything).Return(list, nil)
 
 		// when
 		err := repo.CheckSingleton(ctx)
@@ -479,7 +479,7 @@ func Test_blueprintSpecRepo_CheckSingleton(t *testing.T) {
 		eventRecorderMock := newMockEventRecorder(t)
 		repo := NewBlueprintSpecRepository(restClientMock, eventRecorderMock)
 
-		restClientMock.EXPECT().List(ctx, metav1.ListOptions{Limit: 2}).Return(nil, assert.AnError)
+		restClientMock.EXPECT().List(ctx, mock.Anything).Return(nil, assert.AnError)
 
 		// when
 		err := repo.CheckSingleton(ctx)
@@ -491,3 +491,52 @@ func Test_blueprintSpecRepo_CheckSingleton(t *testing.T) {
 		assert.ErrorContains(t, err, "error while listing blueprint resources")
 	})
 }
+
+func Test_blueprintSpecRepo_ListIds(t *testing.T) {
+	t.Run("success", func(t *testing.T) {
+		restClientMock := newMockBlueprintInterface(t)
+		repo := NewBlueprintSpecRepository(restClientMock, nil)
+
+		returnList := bpv2.BlueprintList{Items: []bpv2.Blueprint{
+			{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test1",
+				},
+			},
+			{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test2",
+				},
+			},
+		}}
+
+		restClientMock.EXPECT().List(ctx, metav1.ListOptions{}).Return(&returnList, nil)
+
+		// when
+		idList, err := repo.ListIds(ctx)
+
+		// then
+		require.NoError(t, err)
+		assert.Len(t, idList, 2)
+		assert.Contains(t, idList, "test1")
+		assert.Contains(t, idList, "test2")
+	})
+
+	t.Run("throw internal error on list error", func(t *testing.T) {
+		restClientMock := newMockBlueprintInterface(t)
+		repo := NewBlueprintSpecRepository(restClientMock, nil)
+
+		restClientMock.EXPECT().List(ctx, metav1.ListOptions{}).Return(nil, assert.AnError)
+
+		// when
+		list, err := repo.ListIds(ctx)
+
+		// then
+		require.Error(t, err)
+		assert.Nil(t, list)
+		var targetErr *domainservice.InternalError
+		assert.ErrorAs(t, err, &targetErr)
+		assert.ErrorContains(t, err, "error while listing blueprint resources")
+	})
+
+}

pkg/adapter/kubernetes/debugmodecr/debugModeRepo.go

@@ -0,0 +1,39 @@
+package debugmodecr
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/cloudogu/k8s-blueprint-operator/v2/pkg/domain/ecosystem"
+	"github.com/cloudogu/k8s-blueprint-operator/v2/pkg/domainservice"
+	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const debugModeSingletonCRName = "debug-mode"
+
+type debugModeRepo struct {
+	debugModeClient DebugModeInterface
+}
+
+// NewDebugModeRepo returns a new debugModeRepo to interact with the debug mode CR.
+func NewDebugModeRepo(debugModeClient DebugModeInterface) domainservice.DebugModeRepository {
+	return &debugModeRepo{debugModeClient: debugModeClient}
+}
+
+func (repo *debugModeRepo) GetSingleton(ctx context.Context) (*ecosystem.DebugMode, error) {
+	cr, err := repo.debugModeClient.Get(ctx, debugModeSingletonCRName, metav1.GetOptions{})
+	if err != nil {
+		if k8sErrors.IsNotFound(err) {
+			return nil, &domainservice.NotFoundError{
+				WrappedError: err,
+				Message:      fmt.Sprintf("cannot load debug mode CR %q as it does not exist", debugModeSingletonCRName),
+			}
+		}
+		return nil, &domainservice.InternalError{
+			WrappedError: err,
+			Message:      fmt.Sprintf("error while loading debug mode CR %q", debugModeSingletonCRName),
+		}
+	}
+	return parseDebugModeCR(cr)
+}