From 17869a4e0f77f25be6ae14ed6a948a8996de67ec Mon Sep 17 00:00:00 2001
From: Dario Tranchitella <dario@tranchitella.eu>
Date: Wed, 10 Sep 2025 14:23:32 +0200
Subject: [PATCH] fix(controller-manager): supporting extra args override
 (#959)

* fix(controller-manager): supporting extra args override

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore: removing deprecated intstr.FromInt usage

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
---
 internal/builders/controlplane/deployment.go  | 65 +++++++++----------
 .../controlplane/konnectivity_server.go       |  2 +-
 internal/resources/k8s_service_resource.go    |  2 +-
 3 files changed, 34 insertions(+), 35 deletions(-)

diff --git a/internal/builders/controlplane/deployment.go b/internal/builders/controlplane/deployment.go
index e7f0b88..a998e55 100644
--- a/internal/builders/controlplane/deployment.go
+++ b/internal/builders/controlplane/deployment.go
@@ -136,7 +136,7 @@ func (d Deployment) setStrategy(deployment *appsv1.DeploymentSpec, tcp kamajiv1a
 	if tcp.Spec.ControlPlane.Deployment.Strategy.RollingUpdate == nil {
 		maxSurge := intstr.FromString("100%")
 
-		maxUnavailable := intstr.FromInt(0)
+		maxUnavailable := intstr.FromInt32(0)
 
 		deployment.Strategy.RollingUpdate = &appsv1.RollingUpdateDeployment{
 			MaxUnavailable: &maxUnavailable,
@@ -344,7 +344,7 @@ func (d Deployment) buildScheduler(podSpec *corev1.PodSpec, tenantControlPlane k
 	args["--authorization-kubeconfig"] = kubeconfig
 	args["--bind-address"] = "0.0.0.0"
 	args["--kubeconfig"] = kubeconfig
-	args["--leader-elect"] = "true" //nolint:goconst
+	args["--leader-elect"] = "true"
 
 	podSpec.Containers[index].Name = schedulerContainerName
 	podSpec.Containers[index].Image = tenantControlPlane.Spec.ControlPlane.Deployment.RegistrySettings.KubeSchedulerImage(tenantControlPlane.Spec.Kubernetes.Version)
@@ -354,7 +354,7 @@ func (d Deployment) buildScheduler(podSpec *corev1.PodSpec, tenantControlPlane k
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/healthz",
-				Port:   intstr.FromInt(10259),
+				Port:   intstr.FromInt32(10259),
 				Scheme: corev1.URISchemeHTTPS,
 			},
 		},
@@ -368,7 +368,7 @@ func (d Deployment) buildScheduler(podSpec *corev1.PodSpec, tenantControlPlane k
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/healthz",
-				Port:   intstr.FromInt(10259),
+				Port:   intstr.FromInt32(10259),
 				Scheme: corev1.URISchemeHTTPS,
 			},
 		},
@@ -411,33 +411,32 @@ func (d Deployment) buildControllerManager(podSpec *corev1.PodSpec, tenantContro
 		index = len(podSpec.Containers)
 		podSpec.Containers = append(podSpec.Containers, corev1.Container{})
 	}
-	// Configuring the arguments of the container,
-	// taking in consideration the extra args from the user-space.
-	args := map[string]string{}
-
-	if tenantControlPlane.Spec.ControlPlane.Deployment.ExtraArgs != nil {
-		args = utilities.ArgsFromSliceToMap(tenantControlPlane.Spec.ControlPlane.Deployment.ExtraArgs.ControllerManager)
-	}
 
 	kubeconfig := "/etc/kubernetes/controller-manager.conf"
 
-	args["--allocate-node-cidrs"] = "true"
-	args["--authentication-kubeconfig"] = kubeconfig
-	args["--authorization-kubeconfig"] = kubeconfig
-	args["--bind-address"] = "0.0.0.0"
-	args["--client-ca-file"] = path.Join(v1beta3.DefaultCertificatesDir, constants.CACertName)
-	args["--cluster-name"] = tenantControlPlane.GetName()
-	args["--cluster-signing-cert-file"] = path.Join(v1beta3.DefaultCertificatesDir, constants.CACertName)
-	args["--cluster-signing-key-file"] = path.Join(v1beta3.DefaultCertificatesDir, constants.CAKeyName)
-	args["--controllers"] = "*,bootstrapsigner,tokencleaner"
-	args["--kubeconfig"] = kubeconfig
-	args["--leader-elect"] = "true"
-	args["--service-cluster-ip-range"] = tenantControlPlane.Spec.NetworkProfile.ServiceCIDR
-	args["--cluster-cidr"] = tenantControlPlane.Spec.NetworkProfile.PodCIDR
-	args["--requestheader-client-ca-file"] = path.Join(v1beta3.DefaultCertificatesDir, constants.FrontProxyCACertName)
-	args["--root-ca-file"] = path.Join(v1beta3.DefaultCertificatesDir, constants.CACertName)
-	args["--service-account-private-key-file"] = path.Join(v1beta3.DefaultCertificatesDir, constants.ServiceAccountPrivateKeyName)
-	args["--use-service-account-credentials"] = "true"
+	args := map[string]string{
+		"--allocate-node-cidrs":              "true",
+		"--authentication-kubeconfig":        kubeconfig,
+		"--authorization-kubeconfig":         kubeconfig,
+		"--bind-address":                     "0.0.0.0",
+		"--client-ca-file":                   path.Join(v1beta3.DefaultCertificatesDir, constants.CACertName),
+		"--cluster-name":                     tenantControlPlane.GetName(),
+		"--cluster-signing-cert-file":        path.Join(v1beta3.DefaultCertificatesDir, constants.CACertName),
+		"--cluster-signing-key-file":         path.Join(v1beta3.DefaultCertificatesDir, constants.CAKeyName),
+		"--controllers":                      "*,bootstrapsigner,tokencleaner",
+		"--kubeconfig":                       kubeconfig,
+		"--leader-elect":                     "true",
+		"--service-cluster-ip-range":         tenantControlPlane.Spec.NetworkProfile.ServiceCIDR,
+		"--cluster-cidr":                     tenantControlPlane.Spec.NetworkProfile.PodCIDR,
+		"--requestheader-client-ca-file":     path.Join(v1beta3.DefaultCertificatesDir, constants.FrontProxyCACertName),
+		"--root-ca-file":                     path.Join(v1beta3.DefaultCertificatesDir, constants.CACertName),
+		"--service-account-private-key-file": path.Join(v1beta3.DefaultCertificatesDir, constants.ServiceAccountPrivateKeyName),
+		"--use-service-account-credentials":  "true",
+	}
+
+	if extraArgs := tenantControlPlane.Spec.ControlPlane.Deployment.ExtraArgs; extraArgs != nil && len(extraArgs.ControllerManager) > 0 {
+		args = utilities.MergeMaps(args, utilities.ArgsFromSliceToMap(extraArgs.ControllerManager))
+	}
 
 	podSpec.Containers[index].Name = "kube-controller-manager"
 	podSpec.Containers[index].Image = tenantControlPlane.Spec.ControlPlane.Deployment.RegistrySettings.KubeControllerManagerImage(tenantControlPlane.Spec.Kubernetes.Version)
@@ -447,7 +446,7 @@ func (d Deployment) buildControllerManager(podSpec *corev1.PodSpec, tenantContro
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/healthz",
-				Port:   intstr.FromInt(10257),
+				Port:   intstr.FromInt32(10257),
 				Scheme: corev1.URISchemeHTTPS,
 			},
 		},
@@ -461,7 +460,7 @@ func (d Deployment) buildControllerManager(podSpec *corev1.PodSpec, tenantContro
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/healthz",
-				Port:   intstr.FromInt(10257),
+				Port:   intstr.FromInt32(10257),
 				Scheme: corev1.URISchemeHTTPS,
 			},
 		},
@@ -564,7 +563,7 @@ func (d Deployment) buildKubeAPIServer(podSpec *corev1.PodSpec, tenantControlPla
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/livez",
-				Port:   intstr.FromInt(int(tenantControlPlane.Spec.NetworkProfile.Port)),
+				Port:   intstr.FromInt32(tenantControlPlane.Spec.NetworkProfile.Port),
 				Scheme: corev1.URISchemeHTTPS,
 			},
 		},
@@ -578,7 +577,7 @@ func (d Deployment) buildKubeAPIServer(podSpec *corev1.PodSpec, tenantControlPla
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/readyz",
-				Port:   intstr.FromInt(int(tenantControlPlane.Spec.NetworkProfile.Port)),
+				Port:   intstr.FromInt32(tenantControlPlane.Spec.NetworkProfile.Port),
 				Scheme: corev1.URISchemeHTTPS,
 			},
 		},
@@ -592,7 +591,7 @@ func (d Deployment) buildKubeAPIServer(podSpec *corev1.PodSpec, tenantControlPla
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/livez",
-				Port:   intstr.FromInt(int(tenantControlPlane.Spec.NetworkProfile.Port)),
+				Port:   intstr.FromInt32(tenantControlPlane.Spec.NetworkProfile.Port),
 				Scheme: corev1.URISchemeHTTPS,
 			},
 		},
diff --git a/internal/builders/controlplane/konnectivity_server.go b/internal/builders/controlplane/konnectivity_server.go
index 8b9d93f..f4ed997 100644
--- a/internal/builders/controlplane/konnectivity_server.go
+++ b/internal/builders/controlplane/konnectivity_server.go
@@ -84,7 +84,7 @@ func (k Konnectivity) buildKonnectivityContainer(tcpVersion string, addon *kamaj
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
 				Path:   "/healthz",
-				Port:   intstr.FromInt(8134),
+				Port:   intstr.FromInt32(8134),
 				Scheme: corev1.URISchemeHTTP,
 			},
 		},
diff --git a/internal/resources/k8s_service_resource.go b/internal/resources/k8s_service_resource.go
index b1665da..35d9931 100644
--- a/internal/resources/k8s_service_resource.go
+++ b/internal/resources/k8s_service_resource.go
@@ -100,7 +100,7 @@ func (r *KubernetesServiceResource) mutate(ctx context.Context, tenantControlPla
 		r.resource.Spec.Ports[0].Name = "kube-apiserver"
 		r.resource.Spec.Ports[0].Protocol = corev1.ProtocolTCP
 		r.resource.Spec.Ports[0].Port = tenantControlPlane.Spec.NetworkProfile.Port
-		r.resource.Spec.Ports[0].TargetPort = intstr.FromInt(int(tenantControlPlane.Spec.NetworkProfile.Port))
+		r.resource.Spec.Ports[0].TargetPort = intstr.FromInt32(tenantControlPlane.Spec.NetworkProfile.Port)
 
 		switch tenantControlPlane.Spec.ControlPlane.Service.ServiceType {
 		case kamajiv1alpha1.ServiceTypeLoadBalancer: