✨ Enable the agent to send event to inventory server (#1104)

* ✨ Install the agent by helm chart (#1090)

* add standalone mode

Signed-off-by: myan <myan@redhat.com>

d

Signed-off-by: myan <myan@redhat.com>

agent support multiple transports

Signed-off-by: myan <myan@redhat.com>

fix the transport type

Signed-off-by: myan <myan@redhat.com>

improve ut

Signed-off-by: myan <myan@redhat.com>

fix the error

Signed-off-by: myan <myan@redhat.com>

remove the useless

Signed-off-by: myan <myan@redhat.com>

add e2e test

Signed-off-by: myan <myan@redhat.com>

format

Signed-off-by: myan <myan@redhat.com>

remove the

Signed-off-by: myan <myan@redhat.com>

fix the grafana

Signed-off-by: myan <myan@redhat.com>

fix the e2e

Signed-off-by: myan <myan@redhat.com>

pg and kafka

Signed-off-by: myan <myan@redhat.com>

fix the ns

Signed-off-by: myan <myan@redhat.com>

renaming

Signed-off-by: myan <myan@redhat.com>

rerun

Signed-off-by: myan <myan@redhat.com>

add standalone mode

Signed-off-by: myan <myan@redhat.com>

d

Signed-off-by: myan <myan@redhat.com>

agent support multiple transports

Signed-off-by: myan <myan@redhat.com>

fix the transport type

Signed-off-by: myan <myan@redhat.com>

improve ut

Signed-off-by: myan <myan@redhat.com>

fix the error

Signed-off-by: myan <myan@redhat.com>

remove the useless

Signed-off-by: myan <myan@redhat.com>

add e2e test

Signed-off-by: myan <myan@redhat.com>

format

Signed-off-by: myan <myan@redhat.com>

remove the

Signed-off-by: myan <myan@redhat.com>

fix the grafana

Signed-off-by: myan <myan@redhat.com>

fix the e2e

Signed-off-by: myan <myan@redhat.com>

pg and kafka

Signed-off-by: myan <myan@redhat.com>

fix the ns

Signed-off-by: myan <myan@redhat.com>

install agent by helm chart

Signed-off-by: myan <myan@redhat.com>

fix helm

Signed-off-by: myan <myan@redhat.com>

update doc

Signed-off-by: myan <myan@redhat.com>

fix the secret error

Signed-off-by: myan <myan@redhat.com>

doc

Signed-off-by: myan <myan@redhat.com>

test

Signed-off-by: myan <myan@redhat.com>

* add the review

Signed-off-by: myan <myan@redhat.com>

* add clusterId as default leaf_hub_name for standalone

Signed-off-by: myan <myan@redhat.com>

* add clusterId as default leaf_hub_name for standalone

Signed-off-by: myan <myan@redhat.com>

* improve ut

Signed-off-by: myan <myan@redhat.com>

* ut

Signed-off-by: myan <myan@redhat.com>

---------

Signed-off-by: myan <myan@redhat.com>

:bug: Fix the issue of event loss caused by time filtering. (#1101)

* skipp the expired event

Signed-off-by: myan <myan@redhat.com>

* fix the ut

Signed-off-by: myan <myan@redhat.com>

* integration

Signed-off-by: myan <myan@redhat.com>

---------

Signed-off-by: myan <myan@redhat.com>

kind_cluster (#1098)

Signed-off-by: myan <myan@redhat.com>

MGMT-18597: Poll Stackrox Central for violation counts and push it to kafka (#1091)

This patch changes the agent so that it discovers Stackrox _central_
instances in the hub, polls them to extract the summary of security
violations and sends them to the manager via the Kafka broker.

Related: https://issues.redhat.com/browse/MGMT-18597

Signed-off-by: danmanor <dmanor@redhat.com>
Co-authored-by: danmanor <dmanor@redhat.com>

ACM-14143: Fix section levels in StackRox integration doc (#1106)

The levels of the sections are incorrect, this patch fixes them.

Related: https://issues.redhat.com/browse/ACM-14143
Related: https://issues.redhat.com/browse/MGMT-18591

Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com>

:sparkles: Introduce managedclustermigration api (#1102)

* support migration

Signed-off-by: clyang82 <chuyang@redhat.com>

* rename to managedclustermigration

Signed-off-by: clyang82 <chuyang@redhat.com>

---------

Signed-off-by: clyang82 <chuyang@redhat.com>

MGMT-18903: Add 'source' column to violations by severity count SQL table to support multiple central instances in one hub (#1105)

Signed-off-by: danmanor <dmanor@redhat.com>

fix install hosted in other ns (#1107)

Signed-off-by: DangPeng Liu <daliu@redhat.com>

support sending to the inventory server

Signed-off-by: myan <myan@redhat.com>

generate the secret

Signed-off-by: myan <myan@redhat.com>

fix the e2e

Signed-off-by: myan <myan@redhat.com>

shell

Signed-off-by: myan <myan@redhat.com>

local test finished

Signed-off-by: myan <myan@redhat.com>

rebase

Signed-off-by: myan <myan@redhat.com>

fix the ut

Signed-off-by: myan <myan@redhat.com>

add inventory unit test

Signed-off-by: myan <myan@redhat.com>

add ut

Signed-off-by: myan <myan@redhat.com>

ignore leak

Signed-off-by: myan <myan@redhat.com>

watch the clusterinfo

Signed-off-by: myan <myan@redhat.com>

upgrade addon

Signed-off-by: myan <myan@redhat.com>

add ut

Signed-off-by: myan <myan@redhat.com>

format

Signed-off-by: myan <myan@redhat.com>

fix the e2e

Signed-off-by: myan <myan@redhat.com>

fix the consumer error

Signed-off-by: myan <myan@redhat.com>

* fix sum

Signed-off-by: myan <myan@redhat.com>

* reply review

Signed-off-by: myan <myan@redhat.com>

* remove the namespace

Signed-off-by: myan <myan@redhat.com>

---------

Signed-off-by: myan <myan@redhat.com>

Author: yanmxa

agent/cmd/agent/main.go

@@ -10,6 +10,7 @@ import (
 	configv1 "github.com/openshift/api/config/v1"
 	routev1 "github.com/openshift/api/route/v1"
 	"github.com/spf13/pflag"
+	clusterinfov1beta1 "github.com/stolostron/cluster-lifecycle-api/clusterinfo/v1beta1"
 	coordinationv1 "k8s.io/api/coordination/v1"
 	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -58,7 +59,7 @@ func main() {
 	restConfig.QPS = agentConfig.QPS
 	restConfig.Burst = agentConfig.Burst
 
-	c, err := client.New(restConfig, client.Options{})
+	c, err := client.New(restConfig, client.Options{Scheme: config.GetRuntimeScheme()})
 	if err != nil {
 		setupLog.Error(err, "failed to int controller runtime client")
 		os.Exit(1)
@@ -125,8 +126,6 @@ func parseFlags() *config.AgentConfig {
 	pflag.StringVar(&agentConfig.LeafHubName, "leaf-hub-name", "", "The name of the leaf hub.")
 	pflag.StringVar(&agentConfig.PodNamespace, "pod-namespace", constants.GHAgentNamespace,
 		"The agent running namespace, also used as leader election namespace")
-	pflag.StringVar(&agentConfig.TransportConfig.TransportType, "transport-type", "kafka",
-		"The transport type, 'kafka'")
 	pflag.IntVar(&agentConfig.SpecWorkPoolSize, "consumer-worker-pool-size", 10,
 		"The goroutine number to propagate the bundles on managed cluster.")
 	pflag.BoolVar(&agentConfig.SpecEnforceHohRbac, "enforce-hoh-rbac", false,
@@ -175,11 +174,11 @@ func completeConfig(ctx context.Context, c client.Client, agentConfig *config.Ag
 			return fmt.Errorf("failed to get the ClusterVersion(version): %w", err)
 		}
 
-		clusterId := string(clusterVersion.Spec.ClusterID)
-		if clusterId == "" {
+		clusterID := string(clusterVersion.Spec.ClusterID)
+		if clusterID == "" {
 			return fmt.Errorf("the clusterId from ClusterVersion must not be empty")
 		}
-		agentConfig.LeafHubName = clusterId
+		agentConfig.LeafHubName = clusterID
 	}
 
 	if agentConfig.MetricsAddress == "" {
@@ -275,6 +274,7 @@ func initCache(restConfig *rest.Config, cacheOpts cache.Options) (cache.Cache, e
 		&apiextensionsv1.CustomResourceDefinition{}: {},
 		&policyv1.Policy{}:                          {},
 		&clusterv1.ManagedCluster{}:                 {},
+		&clusterinfov1beta1.ManagedClusterInfo{}:    {},
 		&clustersv1alpha1.ClusterClaim{}:            {},
 		&routev1.Route{}:                            {},
 		&placementrulev1.PlacementRule{}:            {},

agent/cmd/agent/main_test.go

@@ -25,15 +25,13 @@ func TestParseFlags(t *testing.T) {
 		"cmd",
 		"--leaf-hub-name=test-hub",
 		"--pod-namespace=test-namespace",
-		"--transport-type=kafka",
 		"--consumer-worker-pool-size=5",
 	}
 
 	agentConfig := parseFlags()
 
 	assert.Equal(t, "test-hub", agentConfig.LeafHubName)
 	assert.Equal(t, "test-namespace", agentConfig.PodNamespace)
-	assert.Equal(t, "kafka", agentConfig.TransportConfig.TransportType)
 	assert.Equal(t, 5, agentConfig.SpecWorkPoolSize)
 }
 

agent/pkg/config/scheme.go

@@ -6,6 +6,7 @@ package config
 import (
 	configv1 "github.com/openshift/api/config/v1"
 	routev1 "github.com/openshift/api/route/v1"
+	clusterinfov1beta1 "github.com/stolostron/cluster-lifecycle-api/clusterinfo/v1beta1"
 	mchv1 "github.com/stolostron/multiclusterhub-operator/api/v1"
 	coordinationv1 "k8s.io/api/coordination/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -44,5 +45,6 @@ func GetRuntimeScheme() *runtime.Scheme {
 	utilruntime.Must(channelv1.AddToScheme(scheme))
 	utilruntime.Must(appsubv1.SchemeBuilder.AddToScheme(scheme))
 	utilruntime.Must(appv1beta1.AddToScheme(scheme))
+	utilruntime.Must(clusterinfov1beta1.AddToScheme(scheme))
 	return scheme
 }

agent/pkg/status/controller/controller.go

@@ -30,6 +30,16 @@ func AddControllers(ctx context.Context, mgr ctrl.Manager, producer transport.Pr
 	if statusCtrlStarted {
 		return nil
 	}
+	// managed cluster info
+	if err := managedclusters.LaunchManagedClusterInfoSyncer(ctx, mgr, agentConfig, producer); err != nil {
+		return fmt.Errorf("failed to launch managedclusterinfo syncer: %w", err)
+	}
+
+	// if it's rest transport, skip the following controllers
+	if agentConfig.TransportConfig.TransportType == string(transport.Rest) {
+		statusCtrlStarted = true
+		return nil
+	}
 
 	if err := agentstatusconfig.AddConfigController(mgr, agentConfig); err != nil {
 		return fmt.Errorf("failed to add ConfigMap controller: %w", err)
@@ -86,6 +96,5 @@ func AddControllers(ctx context.Context, mgr ctrl.Manager, producer transport.Pr
 		return fmt.Errorf("failed to launch time filter: %w", err)
 	}
 
-	statusCtrlStarted = true
 	return nil
 }

agent/pkg/status/controller/managedclusters/managed_cluster_info_syncer.go

@@ -0,0 +1,51 @@
+package managedclusters
+
+import (
+	"context"
+
+	clusterinfov1beta1 "github.com/stolostron/cluster-lifecycle-api/clusterinfo/v1beta1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+
+	"github.com/stolostron/multicluster-global-hub/agent/pkg/config"
+	statusconfig "github.com/stolostron/multicluster-global-hub/agent/pkg/status/controller/config"
+	"github.com/stolostron/multicluster-global-hub/agent/pkg/status/controller/generic"
+	"github.com/stolostron/multicluster-global-hub/pkg/constants"
+	"github.com/stolostron/multicluster-global-hub/pkg/enum"
+	"github.com/stolostron/multicluster-global-hub/pkg/transport"
+	"github.com/stolostron/multicluster-global-hub/pkg/utils"
+)
+
+// LaunchManagedClusterInfoSyncer only for the restful client
+func LaunchManagedClusterInfoSyncer(ctx context.Context, mgr ctrl.Manager, agentConfig *config.AgentConfig,
+	producer transport.Producer,
+) error {
+	if agentConfig.TransportConfig.TransportType != string(transport.Rest) {
+		return nil
+	}
+
+	// controller config
+	instance := func() client.Object { return &clusterinfov1beta1.ManagedClusterInfo{} }
+	predicate := predicate.NewPredicateFuncs(func(object client.Object) bool { return true })
+
+	// emitter config
+	tweakFunc := func(object client.Object) {
+		utils.MergeAnnotations(object, map[string]string{
+			constants.ManagedClusterManagedByAnnotation: statusconfig.GetLeafHubName(),
+		})
+	}
+	emitter := generic.ObjectEmitterWrapper(enum.ManagedClusterInfoType, func(obj client.Object) bool {
+		return true
+	}, tweakFunc, false)
+
+	return generic.LaunchGenericObjectSyncer(
+		"status.managed_cluster_info",
+		mgr,
+		generic.NewGenericController(instance, predicate),
+		producer,
+		statusconfig.GetManagerClusterDuration,
+		[]generic.ObjectEmitter{
+			emitter,
+		})
+}

agent/pkg/status/controller/managedclusters/managed_cluster_info_syncer_test.go

@@ -0,0 +1,32 @@
+package managedclusters
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+
+	"github.com/stolostron/multicluster-global-hub/agent/pkg/config"
+	"github.com/stolostron/multicluster-global-hub/pkg/transport"
+)
+
+func TestLaunchManagedClusterInfoSyncer(t *testing.T) {
+	ctx := context.Background()
+	agentConfig := &config.AgentConfig{
+		TransportConfig: &transport.TransportConfig{
+			TransportType: string(transport.Rest),
+		},
+	}
+	cfg := &rest.Config{
+		Host:            "https://mock-cluster",
+		APIPath:         "/api",
+		BearerToken:     "mock-token",
+		TLSClientConfig: rest.TLSClientConfig{Insecure: true},
+	}
+	mgr, err := manager.New(cfg, manager.Options{Scheme: config.GetRuntimeScheme()})
+	assert.Nil(t, err)
+	err = LaunchManagedClusterInfoSyncer(ctx, mgr, agentConfig, nil)
+	assert.Nil(t, err)
+}

doc/event-exporter/templates/clusterrole.yaml

@@ -181,4 +181,20 @@ rules:
   verbs:
   - list
   - watch
-  - get
+  - get
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusterversions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - internal.open-cluster-management.io
+  resources:
+  - managedclusterinfos
+  verbs:
+  - get
+  - list
+  - watch

go.mod

@@ -1,15 +1,15 @@
 module github.com/stolostron/multicluster-global-hub
 
-go 1.22.4
+go 1.22.5
 
 require (
 	github.com/RedHatInsights/strimzi-client-go v0.34.2
 	github.com/Shopify/sarama v1.38.1
 	github.com/cenkalti/backoff/v4 v4.3.0
-	github.com/cloudevents/sdk-go/protocol/kafka_confluent/v2 v2.0.0-20240805051634-1aecb204b50d
+	github.com/cloudevents/sdk-go/protocol/kafka_confluent/v2 v2.0.0-20240911135016-682f3a9684e4
 	github.com/cloudevents/sdk-go/v2 v2.15.2
 	github.com/cloudflare/cfssl v1.6.5
-	github.com/confluentinc/confluent-kafka-go/v2 v2.5.0
+	github.com/confluentinc/confluent-kafka-go/v2 v2.5.3
 	github.com/crunchydata/postgres-operator v1.3.3-0.20230629151007-94ebcf2df74d
 	github.com/deckarep/golang-set v1.8.0
 	github.com/evanphx/json-patch v5.7.0+incompatible
@@ -29,18 +29,20 @@ require (
 	github.com/openshift/library-go v0.0.0-20240723172506-8bb8fe6cc56d
 	github.com/operator-framework/api v0.17.7-0.20230626210316-aa3e49803e7b
 	github.com/operator-framework/operator-lifecycle-manager v0.22.0
+	github.com/project-kessel/inventory-api v0.0.0-20240902141731-aad011c715fd
+	github.com/project-kessel/inventory-client-go v0.0.0-20240918035700-76e5efdd0022
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.63.0
 	github.com/spf13/pflag v1.0.5
-	github.com/stolostron/cluster-lifecycle-api v0.0.0-20230222063645-5b18b26381ff
+	github.com/stolostron/cluster-lifecycle-api v0.0.0-20240918064238-a5e71b599118
 	github.com/stolostron/klusterlet-addon-controller v0.0.0-20230528112800-a466a2368df4
 	github.com/stolostron/multiclusterhub-operator v0.0.0-20230829141355-4ad378ab367f
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/zap v1.27.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
 	gorm.io/datatypes v1.2.0
-	gorm.io/driver/postgres v1.5.2
-	gorm.io/gorm v1.25.4
+	gorm.io/driver/postgres v1.5.9
+	gorm.io/gorm v1.25.11
 	k8s.io/api v0.31.0
 	k8s.io/apiextensions-apiserver v0.31.0
 	k8s.io/apimachinery v0.31.0
@@ -49,10 +51,10 @@ require (
 	k8s.io/kube-aggregator v0.31.0
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
 	open-cluster-management.io/addon-framework v0.10.0
-	open-cluster-management.io/api v0.13.0
+	open-cluster-management.io/api v0.14.1-0.20240627145512-bd6f2229b53c
 	open-cluster-management.io/governance-policy-propagator v0.11.1-0.20230815182526-b4ee1b24b1d0
-	open-cluster-management.io/multicloud-operators-channel v0.11.0
-	open-cluster-management.io/multicloud-operators-subscription v0.11.0
+	open-cluster-management.io/multicloud-operators-channel v0.13.1-0.20240423040139-ad986cafc6e8
+	open-cluster-management.io/multicloud-operators-subscription v0.14.0
 	sigs.k8s.io/application v0.8.3
 	sigs.k8s.io/controller-runtime v0.19.0
 	sigs.k8s.io/kustomize/api v0.17.2
@@ -61,19 +63,42 @@ require (
 )
 
 require (
+	cloud.google.com/go v0.99.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/authzed/grpcutil v0.0.0-20240123194739-2ea1e3d2d98b // indirect
+	github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d // indirect
+	github.com/docker/cli v26.1.4+incompatible // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-kratos/aegis v0.2.0 // indirect
+	github.com/go-kratos/kratos/v2 v2.8.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
+	github.com/go-playground/form/v4 v4.2.1 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/google/certificate-transparency-go v1.1.7 // indirect
-	github.com/jackc/puddle/v2 v2.2.1 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
+	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
+	github.com/mattn/go-sqlite3 v1.14.23 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/weppos/publicsuffix-go v0.30.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300 // indirect
 	github.com/zmap/zlint/v3 v3.5.0 // indirect
+	go.opentelemetry.io/otel v1.30.0 // indirect
+	go.opentelemetry.io/otel/exporters/prometheus v0.52.0 // indirect
+	go.opentelemetry.io/otel/metric v1.30.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.30.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.30.0 // indirect
+	go.opentelemetry.io/otel/trace v1.30.0 // indirect
+	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
-	helm.sh/helm/v3 v3.14.2 // indirect
+	helm.sh/helm/v3 v3.14.4 // indirect
 )
 
 require (
@@ -93,17 +118,17 @@ require (
 	github.com/eapache/go-resiliency v1.3.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230111030713-bf00bc1b83b6 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
@@ -137,9 +162,9 @@ require (
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
-	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
+	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/pgtype v1.14.0 // indirect
-	github.com/jackc/pgx/v5 v5.5.4 // indirect
+	github.com/jackc/pgx/v5 v5.7.1 // indirect
 	github.com/jackc/puddle v1.3.0 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
 	github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
@@ -150,8 +175,8 @@ require (
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect; indirec
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
@@ -166,20 +191,20 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/operator-framework/operator-registry v1.17.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_golang v1.19.1
+	github.com/prometheus/client_golang v1.20.3
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/common v0.59.1 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
-	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
 	github.com/texttheater/golang-levenshtein v1.0.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
@@ -189,30 +214,29 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
-	golang.org/x/net v0.28.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
+	golang.org/x/net v0.29.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/term v0.23.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/term v0.24.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.24.0 // indirect
+	golang.org/x/tools v0.25.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/grpc v1.65.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/grpc v1.66.2 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gorm.io/driver/mysql v1.4.7 // indirect
 	k8s.io/apiserver v0.31.0 // indirect
 	k8s.io/component-base v0.31.0 // indirect
 	k8s.io/klog/v2 v2.130.1
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect
 	open-cluster-management.io/sdk-go v0.13.1-0.20240416062924-20307e6fe090 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect

go.sum

@@ -106,8 +106,6 @@ func parseFlags() *managerconfig.ManagerConfig {
 		"The URL of database server for the process user.")
 	pflag.StringVar(&managerConfig.DatabaseConfig.TransportBridgeDatabaseURL,
 		"transport-bridge-database-url", "", "The URL of database server for the transport-bridge user.")
-	pflag.StringVar(&managerConfig.TransportConfig.TransportType, "transport-type", "kafka",
-		"The transport type, 'kafka'.")
 	pflag.DurationVar(&managerConfig.TransportConfig.CommitterInterval, "transport-committer-interval",
 		40*time.Second, "The committer interval for transport layer.")
 	pflag.StringVar(&managerConfig.DatabaseConfig.CACertPath, "postgres-ca-path", "/postgres-ca/ca.crt",

manager/cmd/manager/main.go

@@ -195,6 +195,7 @@ func expectedManagedClusterAddon(cluster *clusterv1.ManagedCluster, cma *v1alpha
 			Labels: map[string]string{
 				constants.GlobalHubOwnerLabelKey: constants.GHOperatorOwnerLabelVal,
 			},
+			// The OwnerReferences will be added automatically by the addon-manager(OCM) in the production evnvironment.
 			OwnerReferences: []metav1.OwnerReference{
 				{
 					APIVersion: "addon.open-cluster-management.io/v1alpha1",

operator/pkg/controllers/agent/addon_installer.go

@@ -194,4 +194,20 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusterversions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - internal.open-cluster-management.io
+  resources:
+  - managedclusterinfos
+  verbs:
+  - get
+  - list
+  - watch
 {{- end -}}

operator/pkg/controllers/agent/manifests/templates/agent/multicluster-global-hub-agent-clusterrole.yaml

@@ -27,7 +27,6 @@ spec:
             - --leaf-hub-name={{ .LeafHubID }}
             - --kafka-consumer-id={{ .LeafHubID }}
             - --enforce-hoh-rbac=false
-            - --transport-type={{ .TransportType }}
             - --kafka-bootstrap-server={{ .KafkaBootstrapServer }}
             - --kafka-ca-cert-path=/kafka-certs/ca.crt
             - --kafka-client-cert-path=/kafka-certs/client.crt

operator/pkg/controllers/agent/manifests/templates/hostedagent/multicluster-global-hub-hosting-agent-deployment.yaml

@@ -37,7 +37,6 @@ spec:
             - --zap-log-level={{.LogLevel}}
             - --manager-namespace=$(POD_NAMESPACE)
             - --watch-namespace=$(WATCH_NAMESPACE)
-            - --transport-type={{.TransportType}}
             - --postgres-ca-path=/postgres-credential/ca.crt
             - --process-database-url=$(DATABASE_URL)
             - --transport-bridge-database-url=$(DATABASE_URL)

operator/pkg/controllers/hubofhubs/manager/manifests/deployment.yaml

@@ -8,6 +8,7 @@ const (
 	HubClusterInfoType      EventType = "io.open-cluster-management.operator.multiclusterglobalhubs.managedhub.info"
 	HubClusterHeartbeatType EventType = "io.open-cluster-management.operator.multiclusterglobalhubs.managedhub.heartbeat"
 	ManagedClusterType      EventType = "io.open-cluster-management.operator.multiclusterglobalhubs.managedcluster"
+	ManagedClusterInfoType  EventType = "io.open-cluster-management.operator.multiclusterglobalhubs.managedclusterinfo"
 	SubscriptionReportType  EventType = "io.open-cluster-management.operator.multiclusterglobalhubs.subscription.report"
 	SubscriptionStatusType  EventType = "io.open-cluster-management.operator.multiclusterglobalhubs.subscription.status"
 

pkg/enum/event_type.go

@@ -0,0 +1,46 @@
+package config
+
+import (
+	"encoding/base64"
+	"fmt"
+
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/kustomize/kyaml/yaml"
+
+	"github.com/stolostron/multicluster-global-hub/pkg/transport"
+)
+
+func GetRestfulConnBySecret(transportConfig *corev1.Secret) (*transport.RestfulConnCredentail, error) {
+	restfulYaml, ok := transportConfig.Data["rest.yaml"]
+	if !ok {
+		return nil, fmt.Errorf("must set the `rest.yaml` in the transport secret(%s)", transportConfig.Name)
+	}
+	restfulConn := &transport.RestfulConnCredentail{}
+	if err := yaml.Unmarshal(restfulYaml, restfulConn); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal kafka config to transport credentail: %w", err)
+	}
+
+	// decode the ca and client cert
+	if restfulConn.CACert != "" {
+		bytes, err := base64.StdEncoding.DecodeString(restfulConn.CACert)
+		if err != nil {
+			return nil, err
+		}
+		restfulConn.CACert = string(bytes)
+	}
+	if restfulConn.ClientCert != "" {
+		bytes, err := base64.StdEncoding.DecodeString(restfulConn.ClientCert)
+		if err != nil {
+			return nil, err
+		}
+		restfulConn.ClientCert = string(bytes)
+	}
+	if restfulConn.ClientKey != "" {
+		bytes, err := base64.StdEncoding.DecodeString(restfulConn.ClientKey)
+		if err != nil {
+			return nil, err
+		}
+		restfulConn.ClientKey = string(bytes)
+	}
+	return restfulConn, nil
+}

pkg/transport/config/rest_config.go

@@ -2,7 +2,6 @@ package controller
 
 import (
 	"context"
-	"encoding/base64"
 	"fmt"
 	"reflect"
 	"sync"
@@ -15,7 +14,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
-	"sigs.k8s.io/kustomize/kyaml/yaml"
 
 	"github.com/stolostron/multicluster-global-hub/pkg/transport"
 	"github.com/stolostron/multicluster-global-hub/pkg/transport/config"
@@ -68,75 +66,134 @@ func (c *TransportCtrl) Reconcile(ctx context.Context, request ctrl.Request) (ct
 		return ctrl.Result{}, err
 	}
 
-	// load the kafka connection credentail based on the transport type. kafka, multiple
-	kafkaConn, err := config.GetTransportCredentailBySecret(secret, c.runtimeClient)
-	if err != nil {
-		return ctrl.Result{}, err
+	_, isKafka := secret.Data["kafka.yaml"]
+	if isKafka {
+		c.transportConfig.TransportType = string(transport.Kafka)
 	}
 
-	// update the kafka credential secret colletions for the predicates
-	if kafkaConn.CASecretName != "" || !utils.ContainsString(c.extraSecretNames, kafkaConn.CASecretName) {
-		c.extraSecretNames = append(c.extraSecretNames, kafkaConn.CASecretName)
+	_, isRestful := secret.Data["rest.yaml"]
+	if isRestful {
+		c.transportConfig.TransportType = string(transport.Rest)
 	}
-	if kafkaConn.ClientSecretName != "" || utils.ContainsString(c.extraSecretNames, kafkaConn.ClientSecretName) {
-		c.extraSecretNames = append(c.extraSecretNames, kafkaConn.ClientSecretName)
+
+	var updated bool
+	var err error
+	switch c.transportConfig.TransportType {
+	case string(transport.Kafka):
+		updated, err = c.ReconcileKafkaCredentail(ctx, secret)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+	case string(transport.Rest):
+		updated, err = c.ReconcileRestfulCredentail(ctx, secret)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+	default:
+		return ctrl.Result{}, fmt.Errorf("unsupported transport type: %s", c.transportConfig.TransportType)
 	}
 
-	restfulConn, err := c.GetRestfulConnBySecret(secret)
+	if !updated {
+		return ctrl.Result{}, nil
+	}
+
+	// secret is changed, then create/update the producer
+	err = c.ReconcileProducer()
 	if err != nil {
 		return ctrl.Result{}, err
 	}
+	klog.Info("the transport producer is created/updated")
 
-	// if credentials aren't updated, then return
-	if reflect.DeepEqual(c.transportConfig.KafkaCredential, kafkaConn) &&
-		reflect.DeepEqual(c.transportConfig.RestfulCredentail, restfulConn) {
-		return ctrl.Result{}, nil
+	if c.producer != nil && c.callback != nil {
+		if err := c.callback(c.producer, c.consumer); err != nil {
+			return ctrl.Result{}, fmt.Errorf("failed to invoke the callback function: %w", err)
+		}
 	}
-	c.transportConfig.KafkaCredential = kafkaConn
-	c.transportConfig.RestfulCredentail = restfulConn
 
-	// transport config is changed, then create/update the consumer/producer
+	return ctrl.Result{}, nil
+}
+
+// ReconcileProducer, transport config is changed, then create/update the producer
+func (c *TransportCtrl) ReconcileProducer() error {
 	if c.producer == nil {
 		sender, err := producer.NewGenericProducer(c.transportConfig)
 		if err != nil {
-			return ctrl.Result{}, fmt.Errorf("failed to create/update the producer: %w", err)
+			return fmt.Errorf("failed to create/update the producer: %w", err)
 		}
 		c.producer = sender
 	} else {
 		if err := c.producer.Reconnect(c.transportConfig); err != nil {
-			return ctrl.Result{}, fmt.Errorf("failed to reconnect the producer: %w", err)
+			return fmt.Errorf("failed to reconnect the producer: %w", err)
 		}
 	}
+	return nil
+}
 
-	// don't create the consumer when the consumer groupId is empty, that means the agent maybe in the standalone mode
-	if c.transportConfig.ConsumerGroupId != "" {
-		if c.consumer == nil {
-			receiver, err := consumer.NewGenericConsumer(c.transportConfig)
-			if err != nil {
-				return ctrl.Result{}, fmt.Errorf("failed to create the consumer: %w", err)
-			}
-			c.consumer = receiver
-			go func() {
-				if err = c.consumer.Start(ctx); err != nil {
-					klog.Errorf("failed to start the consumser: %v", err)
-				}
-			}()
-		} else {
-			if err := c.consumer.Reconnect(ctx, c.transportConfig); err != nil {
-				return ctrl.Result{}, fmt.Errorf("failed to reconnect the consumer: %w", err)
+// ReconcileKafkaCredentail update the kafka connection credentail based on the secret, return true if the kafka
+// credentail is updated, It also create/update the consumer if not in the standalone mode
+func (c *TransportCtrl) ReconcileKafkaCredentail(ctx context.Context, secret *corev1.Secret) (updated bool, err error) {
+	// load the kafka connection credentail based on the transport type. kafka, multiple
+	kafkaConn, err := config.GetTransportCredentailBySecret(secret, c.runtimeClient)
+	if err != nil {
+		return updated, err
+	}
+
+	// update the wathing secret lits
+	if kafkaConn.CASecretName != "" || !utils.ContainsString(c.extraSecretNames, kafkaConn.CASecretName) {
+		c.extraSecretNames = append(c.extraSecretNames, kafkaConn.CASecretName)
+	}
+	if kafkaConn.ClientSecretName != "" || utils.ContainsString(c.extraSecretNames, kafkaConn.ClientSecretName) {
+		c.extraSecretNames = append(c.extraSecretNames, kafkaConn.ClientSecretName)
+	}
+
+	// if credentials aren't updated, then return
+	if reflect.DeepEqual(c.transportConfig.KafkaCredential, kafkaConn) {
+		return
+	}
+	c.transportConfig.KafkaCredential = kafkaConn
+	updated = true
+
+	// if the consumer groupId is empty, then it's means the agent is in the standalone mode, don't create the consumer
+	if c.transportConfig.ConsumerGroupId == "" {
+		return
+	}
+
+	// create/update the consumer with the kafka transport
+	if c.consumer == nil {
+		receiver, err := consumer.NewGenericConsumer(c.transportConfig)
+		if err != nil {
+			return updated, fmt.Errorf("failed to create the consumer: %w", err)
+		}
+		c.consumer = receiver
+		go func() {
+			if err = c.consumer.Start(ctx); err != nil {
+				klog.Errorf("failed to start the consumser: %v", err)
 			}
+		}()
+	} else {
+		if err := c.consumer.Reconnect(ctx, c.transportConfig); err != nil {
+			return updated, fmt.Errorf("failed to reconnect the consumer: %w", err)
 		}
 	}
+	klog.Info("the transport(kafka) onsumer is created/updated")
 
-	klog.Info("the transport secret(producer, consumer) is created/updated")
+	return updated, nil
+}
 
-	if c.callback != nil {
-		if err := c.callback(c.producer, c.consumer); err != nil {
-			return ctrl.Result{}, fmt.Errorf("failed to invoke the callback function: %w", err)
-		}
+func (c *TransportCtrl) ReconcileRestfulCredentail(ctx context.Context, secret *corev1.Secret) (
+	updated bool, err error,
+) {
+	restfulConn, err := config.GetRestfulConnBySecret(secret)
+	if err != nil {
+		return updated, err
 	}
 
-	return ctrl.Result{}, nil
+	if reflect.DeepEqual(c.transportConfig.RestfulCredentail, restfulConn) {
+		return
+	}
+	updated = true
+	c.transportConfig.RestfulCredentail = restfulConn
+	return
 }
 
 // SetupWithManager sets up the controller with the Manager.
@@ -178,40 +235,3 @@ func (c *TransportCtrl) credentialSecret(name string) bool {
 	}
 	return false
 }
-
-func (c *TransportCtrl) GetRestfulConnBySecret(transportConfig *corev1.Secret) (
-	*transport.RestfulConnCredentail, error,
-) {
-	restfulYaml, ok := transportConfig.Data["rest.yaml"]
-	if !ok {
-		return nil, nil
-	}
-	restfulConn := &transport.RestfulConnCredentail{}
-	if err := yaml.Unmarshal(restfulYaml, restfulConn); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal kafka config to transport credentail: %w", err)
-	}
-
-	// decode the ca and client cert
-	if restfulConn.CACert != "" {
-		bytes, err := base64.StdEncoding.DecodeString(restfulConn.CACert)
-		if err != nil {
-			return nil, err
-		}
-		restfulConn.CACert = string(bytes)
-	}
-	if restfulConn.ClientCert != "" {
-		bytes, err := base64.StdEncoding.DecodeString(restfulConn.ClientCert)
-		if err != nil {
-			return nil, err
-		}
-		restfulConn.ClientCert = string(bytes)
-	}
-	if restfulConn.ClientKey != "" {
-		bytes, err := base64.StdEncoding.DecodeString(restfulConn.ClientKey)
-		if err != nil {
-			return nil, err
-		}
-		restfulConn.ClientKey = string(bytes)
-	}
-	return restfulConn, nil
-}

pkg/transport/controller/controller.go

@@ -32,6 +32,10 @@ func TestSecretCtrlReconcile(t *testing.T) {
 		transportConfig: &transport.TransportConfig{
 			TransportType:   string(transport.Chan),
 			ConsumerGroupId: "test",
+			KafkaCredential: &transport.KafkaConnCredential{
+				SpecTopic:   "spec",
+				StatusTopic: "status",
+			},
 		},
 		callback: func(p transport.Producer, c transport.Consumer) error {
 			callbackInvoked = true
@@ -56,12 +60,66 @@ func TestSecretCtrlReconcile(t *testing.T) {
 	kafkaConnYaml, err := kafkaConn.YamlMarshal(false)
 	assert.NoError(t, err)
 
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "default",
+			Name:      "test-secret",
+		},
+		Data: map[string][]byte{
+			"kafka.yaml": kafkaConnYaml,
+		},
+	}
+	_ = fakeClient.Create(ctx, secret)
+
+	// Reconcile
+	req := reconcile.Request{
+		NamespacedName: types.NamespacedName{
+			Namespace: "default",
+			Name:      "test-secret",
+		},
+	}
+	result, err := secretController.Reconcile(ctx, req)
+	assert.NoError(t, err)
+	assert.False(t, result.Requeue)
+	assert.NotNil(t, secretController.producer)
+	assert.NotNil(t, secretController.consumer)
+	assert.True(t, callbackInvoked)
+
+	// Test when transport config changes
+	result, err = secretController.Reconcile(ctx, req)
+	assert.NoError(t, err)
+	assert.False(t, result.Requeue)
+	utils.PrettyPrint(secretController.transportConfig.RestfulCredentail)
+}
+
+func TestInventorySecretCtrlReconcile(t *testing.T) {
+	// Set up a fake Kubernetes client
+	scheme := runtime.NewScheme()
+	_ = corev1.AddToScheme(scheme)
+
+	fakeClient := fake.NewClientBuilder().WithScheme(scheme).Build()
+
+	callbackInvoked := false
+
+	secretController := &TransportCtrl{
+		secretNamespace: "default",
+		secretName:      "test-secret",
+		transportConfig: &transport.TransportConfig{},
+		callback: func(p transport.Producer, c transport.Consumer) error {
+			callbackInvoked = true
+			return nil
+		},
+		runtimeClient: fakeClient,
+	}
+
+	ctx := context.TODO()
+
 	restfulConn := &transport.RestfulConnCredentail{
 		Host: "localhost:123",
 		// the following fields are only for the manager, and the agent of byo/standalone kafka
-		CACert:     base64.StdEncoding.EncodeToString([]byte("11")),
-		ClientCert: base64.StdEncoding.EncodeToString([]byte("12")),
-		ClientKey:  base64.StdEncoding.EncodeToString([]byte("13")),
+		CACert:     base64.StdEncoding.EncodeToString(rootPEM),
+		ClientCert: base64.StdEncoding.EncodeToString(certPem),
+		ClientKey:  base64.StdEncoding.EncodeToString(keyPem),
 	}
 
 	restfulConnYaml, err := restfulConn.YamlMarshal()
@@ -73,8 +131,7 @@ func TestSecretCtrlReconcile(t *testing.T) {
 			Name:      "test-secret",
 		},
 		Data: map[string][]byte{
-			"kafka.yaml": kafkaConnYaml,
-			"rest.yaml":  restfulConnYaml,
+			"rest.yaml": restfulConnYaml,
 		},
 	}
 	_ = fakeClient.Create(ctx, secret)
@@ -90,12 +147,52 @@ func TestSecretCtrlReconcile(t *testing.T) {
 	assert.NoError(t, err)
 	assert.False(t, result.Requeue)
 	assert.NotNil(t, secretController.producer)
-	assert.NotNil(t, secretController.consumer)
+	assert.Nil(t, secretController.consumer)
 	assert.True(t, callbackInvoked)
+	assert.Equal(t, string(transport.Rest), secretController.transportConfig.TransportType)
 
 	// Test when transport config changes
 	result, err = secretController.Reconcile(ctx, req)
 	assert.NoError(t, err)
 	assert.False(t, result.Requeue)
 	utils.PrettyPrint(secretController.transportConfig.RestfulCredentail)
 }
+
+var rootPEM = []byte(`
+-- GlobalSign Root R2, valid until Dec 15, 2021
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----`)
+
+var certPem = []byte(`-----BEGIN CERTIFICATE-----
+MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw
+DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow
+EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d
+7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B
+5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr
+BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1
+NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l
+Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc
+6MF9+Yw1Yy0t
+-----END CERTIFICATE-----`)
+
+var keyPem = []byte("-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\n-----END EC PRIVATE KEY-----") // notsecret

pkg/transport/controller/controller_test.go

@@ -0,0 +1,80 @@
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+
+	cloudevents "github.com/cloudevents/sdk-go/v2"
+	"github.com/project-kessel/inventory-client-go/v1beta1"
+	clusterinfov1beta1 "github.com/stolostron/cluster-lifecycle-api/clusterinfo/v1beta1"
+
+	"github.com/stolostron/multicluster-global-hub/pkg/enum"
+	"github.com/stolostron/multicluster-global-hub/pkg/transport"
+	"github.com/stolostron/multicluster-global-hub/pkg/transport/inventory/transfer"
+)
+
+type InventoryClient struct {
+	httpUrl   string
+	tlsConfig *tls.Config
+}
+
+func NewInventoryClient(ctx context.Context, restfulConn *transport.RestfulConnCredentail) (*InventoryClient, error) {
+	client := &InventoryClient{}
+	err := client.RefreshCredential(ctx, restfulConn)
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+func (c *InventoryClient) RefreshCredential(ctx context.Context, restfulConn *transport.RestfulConnCredentail) error {
+	clientCert, err := tls.X509KeyPair([]byte(restfulConn.ClientCert), []byte(restfulConn.ClientKey))
+	if err != nil {
+		return fmt.Errorf("failed the load client cert from raw data: %w", err)
+	}
+
+	caCertPool := x509.NewCertPool()
+	if !caCertPool.AppendCertsFromPEM([]byte(restfulConn.CACert)) {
+		return fmt.Errorf("failed to append CA certificate to pool")
+	}
+
+	// #nosec G402
+	tlsConfig := tls.Config{
+		Certificates: []tls.Certificate{clientCert},
+		RootCAs:      caCertPool,
+	}
+	c.httpUrl = restfulConn.Host
+	c.tlsConfig = &tlsConfig
+
+	return nil
+}
+
+func (c *InventoryClient) Request(ctx context.Context, evt cloudevents.Event) error {
+	// Extend the other type in the future
+	if evt.Type() != string(enum.ManagedClusterInfoType) {
+		return nil
+	}
+
+	client, err := v1beta1.NewHttpClient(ctx, v1beta1.NewConfig(v1beta1.WithHTTPUrl(c.httpUrl),
+		v1beta1.WithHTTPTLSConfig(c.tlsConfig)))
+	if err != nil {
+		return fmt.Errorf("failed to init the inventory client: %w", err)
+	}
+
+	var data []clusterinfov1beta1.ManagedClusterInfo
+	if err := evt.DataAs(&data); err != nil {
+		return err
+	}
+
+	for _, clusterInfo := range data {
+		clusterRequest := transfer.GetK8SCluster(&clusterInfo)
+		if clusterRequest != nil {
+			if _, err := client.K8sClusterService.CreateK8SCluster(ctx, clusterRequest); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}

pkg/transport/inventory/client/client.go

@@ -0,0 +1,20 @@
+package client
+
+import (
+	"context"
+	"testing"
+
+	cloudevents "github.com/cloudevents/sdk-go/v2"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/stolostron/multicluster-global-hub/pkg/enum"
+)
+
+func TestReqeust(t *testing.T) {
+	inventoryClient := &InventoryClient{}
+
+	evt := cloudevents.NewEvent()
+	evt.SetType(string(enum.ManagedClusterInfoType))
+	err := inventoryClient.Request(context.Background(), evt)
+	assert.Nil(t, err)
+}

pkg/transport/inventory/client/client_test.go

@@ -0,0 +1,97 @@
+package transfer
+
+import (
+	kessel "github.com/project-kessel/inventory-api/api/kessel/inventory/v1beta1/resources"
+	clusterinfov1beta1 "github.com/stolostron/cluster-lifecycle-api/clusterinfo/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clusterv1 "open-cluster-management.io/api/cluster/v1"
+)
+
+func GetK8SCluster(clusterInfo *clusterinfov1beta1.ManagedClusterInfo) *kessel.CreateK8SClusterRequest {
+	clusterRequest := &kessel.CreateK8SClusterRequest{
+		K8SCluster: &kessel.K8SCluster{
+			Metadata: &kessel.Metadata{
+				ResourceType: "k8s-cluster",
+			},
+			ReporterData: &kessel.ReporterData{
+				ReporterType:       kessel.ReporterData_ACM,
+				ReporterInstanceId: "guest",
+				ReporterVersion:    "0.1",
+				LocalResourceId:    "1",
+				ApiHref:            clusterInfo.Spec.MasterEndpoint,
+				ConsoleHref:        clusterInfo.Status.ConsoleURL,
+			},
+			ResourceData: &kessel.K8SClusterDetail{
+				ExternalClusterId: clusterInfo.Status.ClusterID,
+				KubeVersion:       clusterInfo.Status.Version,
+				Nodes:             []*kessel.K8SClusterDetailNodesInner{},
+			},
+		},
+	}
+
+	// platform
+	switch clusterInfo.Status.CloudVendor {
+	case clusterinfov1beta1.CloudVendorAWS:
+		clusterRequest.K8SCluster.ResourceData.CloudPlatform = kessel.K8SClusterDetail_AWS_UPI
+	case clusterinfov1beta1.CloudVendorGoogle:
+		clusterRequest.K8SCluster.ResourceData.CloudPlatform = kessel.K8SClusterDetail_GCP_UPI
+	case clusterinfov1beta1.CloudVendorBareMetal:
+		clusterRequest.K8SCluster.ResourceData.CloudPlatform = kessel.K8SClusterDetail_BAREMETAL_UPI
+	case clusterinfov1beta1.CloudVendorIBM:
+		clusterRequest.K8SCluster.ResourceData.CloudPlatform = kessel.K8SClusterDetail_IBMCLOUD_UPI
+	case clusterinfov1beta1.CloudVendorAzure:
+		clusterRequest.K8SCluster.ResourceData.CloudPlatform = kessel.K8SClusterDetail_AWS_UPI
+	default:
+		clusterRequest.K8SCluster.ResourceData.CloudPlatform = kessel.K8SClusterDetail_CLOUD_PLATFORM_OTHER
+	}
+
+	// kubevendor, ony have the openshift version
+	switch clusterInfo.Status.KubeVendor {
+	case clusterinfov1beta1.KubeVendorOpenShift:
+		clusterRequest.K8SCluster.ResourceData.KubeVendor = kessel.K8SClusterDetail_OPENSHIFT
+		clusterRequest.K8SCluster.ResourceData.VendorVersion = clusterInfo.Status.DistributionInfo.OCP.Version
+	case clusterinfov1beta1.KubeVendorEKS:
+		clusterRequest.K8SCluster.ResourceData.KubeVendor = kessel.K8SClusterDetail_EKS
+	case clusterinfov1beta1.KubeVendorGKE:
+		clusterRequest.K8SCluster.ResourceData.KubeVendor = kessel.K8SClusterDetail_GKE
+	default:
+		clusterRequest.K8SCluster.ResourceData.KubeVendor = kessel.K8SClusterDetail_KUBE_VENDOR_OTHER
+	}
+
+	// cluster status
+	for _, cond := range clusterInfo.Status.Conditions {
+		if cond.Type == clusterv1.ManagedClusterConditionAvailable {
+			if cond.Status == metav1.ConditionTrue {
+				clusterRequest.K8SCluster.ResourceData.ClusterStatus = kessel.K8SClusterDetail_READY
+			} else {
+				clusterRequest.K8SCluster.ResourceData.ClusterStatus = kessel.K8SClusterDetail_FAILED
+			}
+		}
+	}
+
+	// nodes
+	for _, node := range clusterInfo.Status.NodeList {
+		kesselNode := &kessel.K8SClusterDetailNodesInner{
+			Name: node.Name,
+		}
+		cpu, ok := node.Capacity[clusterv1.ResourceCPU]
+		if ok {
+			kesselNode.Cpu = cpu.String()
+		}
+		memory, ok := node.Capacity[clusterv1.ResourceMemory]
+		if ok {
+			kesselNode.Memory = memory.String()
+		}
+
+		labels := []*kessel.ResourceLabel{}
+		for key, val := range node.Labels {
+			if key != "" && val != "" {
+				labels = append(labels, &kessel.ResourceLabel{Key: key, Value: val})
+			}
+		}
+		kesselNode.Labels = labels
+
+		clusterRequest.K8SCluster.ResourceData.Nodes = append(clusterRequest.K8SCluster.ResourceData.Nodes, kesselNode)
+	}
+	return clusterRequest
+}

pkg/transport/inventory/transfer/k8s_cluster.go

@@ -0,0 +1,124 @@
+package transfer
+
+import (
+	"testing"
+
+	kessel "github.com/project-kessel/inventory-api/api/kessel/inventory/v1beta1/resources"
+	clusterinfov1beta1 "github.com/stolostron/cluster-lifecycle-api/clusterinfo/v1beta1"
+	"github.com/stretchr/testify/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clusterv1 "open-cluster-management.io/api/cluster/v1"
+)
+
+func TestGetK8SCluster(t *testing.T) {
+	clusterInfo := createMockClusterInfo("test-cluster", clusterinfov1beta1.KubeVendorOpenShift, "4.10.0",
+		clusterinfov1beta1.CloudVendorAWS)
+
+	// Call the function
+	result := GetK8SCluster(clusterInfo)
+
+	// Assert the results
+	assert.NotNil(t, result)
+	assert.Equal(t, "k8s-cluster", result.K8SCluster.Metadata.ResourceType)
+	assert.Equal(t, kessel.ReporterData_ACM, result.K8SCluster.ReporterData.ReporterType)
+	assert.Equal(t, "https://api.test-cluster.example.com", result.K8SCluster.ReporterData.ApiHref)
+	assert.Equal(t, "https://console.test-cluster.example.com", result.K8SCluster.ReporterData.ConsoleHref)
+	assert.Equal(t, "test-cluster-id", result.K8SCluster.ResourceData.ExternalClusterId)
+	assert.Equal(t, "1.23.0", result.K8SCluster.ResourceData.KubeVersion)
+	assert.Equal(t, kessel.K8SClusterDetail_READY, result.K8SCluster.ResourceData.ClusterStatus)
+	assert.Equal(t, kessel.K8SClusterDetail_AWS_UPI, result.K8SCluster.ResourceData.CloudPlatform)
+	assert.Equal(t, kessel.K8SClusterDetail_OPENSHIFT, result.K8SCluster.ResourceData.KubeVendor)
+	assert.Equal(t, "4.10.0", result.K8SCluster.ResourceData.VendorVersion)
+}
+
+func TestKubeVendorK8SCluster(t *testing.T) {
+	testCases := []struct {
+		name            string
+		clusterInfo     *clusterinfov1beta1.ManagedClusterInfo
+		expectedVendor  kessel.K8SClusterDetail_KubeVendor
+		expectedVersion string
+	}{
+		{
+			name: "OpenShift Cluster",
+			clusterInfo: createMockClusterInfo("openshift-cluster", clusterinfov1beta1.KubeVendorOpenShift, "4.10.0",
+				clusterinfov1beta1.CloudVendorAWS),
+			expectedVendor:  kessel.K8SClusterDetail_OPENSHIFT,
+			expectedVersion: "4.10.0",
+		},
+		{
+			name: "EKS Cluster",
+			clusterInfo: createMockClusterInfo("eks-cluster", clusterinfov1beta1.KubeVendorEKS, "",
+				clusterinfov1beta1.CloudVendorAzure),
+			expectedVendor:  kessel.K8SClusterDetail_EKS,
+			expectedVersion: "",
+		},
+		{
+			name: "GKE Cluster",
+			clusterInfo: createMockClusterInfo("gke-cluster", clusterinfov1beta1.KubeVendorGKE, "",
+				clusterinfov1beta1.CloudVendorGoogle),
+			expectedVendor:  kessel.K8SClusterDetail_GKE,
+			expectedVersion: "",
+		},
+		{
+			name: "Other Kubernetes Vendor",
+			clusterInfo: createMockClusterInfo("other-cluster", "SomeOtherVendor", "",
+				clusterinfov1beta1.CloudVendorBareMetal),
+			expectedVendor:  kessel.K8SClusterDetail_KUBE_VENDOR_OTHER,
+			expectedVersion: "",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := GetK8SCluster(tc.clusterInfo)
+
+			assert.NotNil(t, result)
+			assert.Equal(t, tc.expectedVendor, result.K8SCluster.ResourceData.KubeVendor)
+			assert.Equal(t, tc.expectedVersion, result.K8SCluster.ResourceData.VendorVersion)
+			// Add more assertions for common fields
+			assert.Equal(t, "k8s-cluster", result.K8SCluster.Metadata.ResourceType)
+			assert.Equal(t, kessel.ReporterData_ACM, result.K8SCluster.ReporterData.ReporterType)
+			assert.Equal(t, "https://api.test-cluster.example.com", result.K8SCluster.ReporterData.ApiHref)
+			assert.Equal(t, "https://console.test-cluster.example.com", result.K8SCluster.ReporterData.ConsoleHref)
+			assert.Equal(t, "test-cluster-id", result.K8SCluster.ResourceData.ExternalClusterId)
+			assert.Equal(t, "1.23.0", result.K8SCluster.ResourceData.KubeVersion)
+			assert.Equal(t, kessel.K8SClusterDetail_READY, result.K8SCluster.ResourceData.ClusterStatus)
+		})
+	}
+}
+
+func createMockClusterInfo(name string, kubeVendor clusterinfov1beta1.KubeVendorType,
+	vendorVersion string, platform clusterinfov1beta1.CloudVendorType,
+) *clusterinfov1beta1.ManagedClusterInfo {
+	clusterInfo := &clusterinfov1beta1.ManagedClusterInfo{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Spec: clusterinfov1beta1.ClusterInfoSpec{
+			MasterEndpoint: "https://api.test-cluster.example.com",
+		},
+		Status: clusterinfov1beta1.ClusterInfoStatus{
+			ClusterID:   "test-cluster-id",
+			Version:     "1.23.0",
+			ConsoleURL:  "https://console.test-cluster.example.com",
+			CloudVendor: platform,
+			KubeVendor:  kubeVendor,
+			Conditions: []metav1.Condition{
+				{
+					Type:   clusterv1.ManagedClusterConditionAvailable,
+					Status: metav1.ConditionTrue,
+				},
+			},
+		},
+	}
+
+	if kubeVendor == clusterinfov1beta1.KubeVendorOpenShift {
+		clusterInfo.Status.DistributionInfo = clusterinfov1beta1.DistributionInfo{
+			OCP: clusterinfov1beta1.OCPDistributionInfo{
+				Version: vendorVersion,
+			},
+		}
+	}
+
+	return clusterInfo
+}

pkg/transport/inventory/transfer/k8s_cluster_test.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/stolostron/multicluster-global-hub/pkg/transport"
 	"github.com/stolostron/multicluster-global-hub/pkg/transport/config"
+	"github.com/stolostron/multicluster-global-hub/pkg/transport/inventory/client"
 )
 
 const (
@@ -27,8 +28,9 @@ const (
 
 type GenericProducer struct {
 	log              logr.Logger
-	clientProtocol   interface{}
-	client           cloudevents.Client
+	ceProtocol       interface{}
+	ceClient         cloudevents.Client
+	inventoryClient  *client.InventoryClient
 	messageSizeLimit int
 }
 
@@ -46,17 +48,21 @@ func NewGenericProducer(transportConfig *transport.TransportConfig) (*GenericPro
 }
 
 func (p *GenericProducer) SendEvent(ctx context.Context, evt cloudevents.Event) error {
+	// inventory client
+	if p.inventoryClient != nil {
+		return p.inventoryClient.Request(ctx, evt)
+	}
+	// cloudevent kafka/gochan client
 	// message key
 	evtCtx := ctx
 	if kafka_confluent.MessageKeyFrom(ctx) == "" {
 		evtCtx = kafka_confluent.WithMessageKey(ctx, evt.Type())
 	}
-
 	// data
 	payloadBytes := evt.Data()
 	chunks := p.splitPayloadIntoChunks(payloadBytes)
 	if len(chunks) == 1 {
-		if ret := p.client.Send(evtCtx, evt); cloudevents.IsUndelivered(ret) {
+		if ret := p.ceClient.Send(evtCtx, evt); cloudevents.IsUndelivered(ret) {
 			return fmt.Errorf("failed to send event to transport: %v", ret)
 		}
 		return nil
@@ -70,7 +76,7 @@ func (p *GenericProducer) SendEvent(ctx context.Context, evt cloudevents.Event)
 		if err := evt.SetData(cloudevents.ApplicationJSON, chunk); err != nil {
 			return fmt.Errorf("failed to set cloudevents data: %v", evt)
 		}
-		if result := p.client.Send(evtCtx, evt); cloudevents.IsUndelivered(result) {
+		if result := p.ceClient.Send(evtCtx, evt); cloudevents.IsUndelivered(result) {
 			return fmt.Errorf("failed to send events to transport: %v", result)
 		}
 	}
@@ -79,7 +85,12 @@ func (p *GenericProducer) SendEvent(ctx context.Context, evt cloudevents.Event)
 
 // Reconnect close the previous producer state and init a new producer
 func (p *GenericProducer) Reconnect(config *transport.TransportConfig) error {
-	closer, ok := p.clientProtocol.(protocol.Closer)
+	// invenory client
+	if config.TransportType == string(transport.Rest) {
+		return p.inventoryClient.RefreshCredential(context.Background(), config.RestfulCredentail)
+	}
+	// cloudevent kafka/gochan client
+	closer, ok := p.ceProtocol.(protocol.Closer)
 	if ok {
 		if err := closer.Close(context.Background()); err != nil {
 			return fmt.Errorf("failed to close the previous producer: %w", err)
@@ -90,9 +101,13 @@ func (p *GenericProducer) Reconnect(config *transport.TransportConfig) error {
 
 // initClient will init/update the client, clientProtocol and messageLimitSize based on the transportConfig
 func (p *GenericProducer) initClient(transportConfig *transport.TransportConfig) error {
-	topic := transportConfig.KafkaCredential.SpecTopic
-	if !transportConfig.IsManager {
-		topic = transportConfig.KafkaCredential.StatusTopic
+	topic := ""
+	if transportConfig.TransportType == string(transport.Kafka) ||
+		transportConfig.TransportType == string(transport.Chan) {
+		topic = transportConfig.KafkaCredential.SpecTopic
+		if !transportConfig.IsManager {
+			topic = transportConfig.KafkaCredential.StatusTopic
+		}
 	}
 
 	switch transportConfig.TransportType {
@@ -107,29 +122,36 @@ func (p *GenericProducer) initClient(transportConfig *transport.TransportConfig)
 			return err
 		}
 		handleProducerEvents(p.log, eventChan)
-		p.clientProtocol = kafkaProtocol
+		p.ceProtocol = kafkaProtocol
 	case string(transport.Chan):
 		if transportConfig.Extends == nil {
 			transportConfig.Extends = make(map[string]interface{})
 		}
 		if _, found := transportConfig.Extends[topic]; !found {
 			transportConfig.Extends[topic] = gochan.New()
 		}
-		p.clientProtocol = transportConfig.Extends[topic]
+		p.ceProtocol = transportConfig.Extends[topic]
 	case string(transport.Rest):
 		if transportConfig.RestfulCredentail == nil {
 			return fmt.Errorf("the restful credentail must not be nil")
 		}
+		inventoryClient, err := client.NewInventoryClient(context.Background(), transportConfig.RestfulCredentail)
+		if err != nil {
+			return fmt.Errorf("initial the inventory client error %w", err)
+		}
+		p.inventoryClient = inventoryClient
 	default:
 		return fmt.Errorf("transport-type - %s is not a valid option", transportConfig.TransportType)
 	}
 
 	// kafka or gochan protocol
-	client, err := cloudevents.NewClient(p.clientProtocol, cloudevents.WithTimeNow(), cloudevents.WithUUIDs())
-	if err != nil {
-		return err
+	if p.ceProtocol != nil {
+		client, err := cloudevents.NewClient(p.ceProtocol, cloudevents.WithTimeNow(), cloudevents.WithUUIDs())
+		if err != nil {
+			return err
+		}
+		p.ceClient = client
 	}
-	p.client = client
 	return nil
 }
 

pkg/transport/producer/generic_producer.go

@@ -74,7 +74,7 @@ func GetConfluentConfigMapBySecret(isProducer bool) (*kafka.ConfigMap, error) {
 func GetConfluentConfigMap(producer bool) (*kafka.ConfigMap, error) {
 	bootstrapSever := os.Getenv("BOOTSTRAP_SEVER")
 	if bootstrapSever == "" {
-		return GetConfluentConfigMapFromGlobalHub(producer)
+		return GetConfluentConfigMapFromGlobalHub(KAFKA_USER, producer)
 	}
 	return GetConfluentConfigMapFromManagedHub(producer)
 }
@@ -164,7 +164,7 @@ func GetConfluentConfigMapFromManagedHub(producer bool) (*kafka.ConfigMap, error
 	return configMap, nil
 }
 
-func GetConfluentConfigMapFromGlobalHub(producer bool) (*kafka.ConfigMap, error) {
+func GetConfluentConfigMapFromGlobalHub(kafkaUser string, producer bool) (*kafka.ConfigMap, error) {
 	kubeconfig, err := DefaultKubeConfig()
 	if err != nil {
 		return nil, fmt.Errorf("failed to get kubeconfig")
@@ -174,17 +174,12 @@ func GetConfluentConfigMapFromGlobalHub(producer bool) (*kafka.ConfigMap, error)
 		return nil, fmt.Errorf("failed to get runtime client")
 	}
 
-	kafkaUserName := KAFKA_USER
-	if user := os.Getenv("KAFKA_USER"); user != "" {
-		kafkaUserName = user
-	}
-
-	kafkaConfigMap, err := GetConfluentConfigMapByUser(c, KAFKA_NAMESPACE, KAFKA_CLUSTER, kafkaUserName)
+	kafkaConfigMap, err := GetConfluentConfigMapByUser(c, KAFKA_NAMESPACE, KAFKA_CLUSTER, kafkaUser)
 	if err != nil {
 		return nil, err
 	}
 
-	consumerGroupId := "test-group-id" + kafkaUserName
+	consumerGroupId := "test-group-id" + kafkaUser
 	fmt.Println(">> consumer group id:", consumerGroupId)
 
 	if producer {

samples/config/confluent_config.go

@@ -5,7 +5,11 @@ import (
 	"fmt"
 	"os"
 
+	operatorconfig "github.com/stolostron/multicluster-global-hub/operator/pkg/config"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes"
@@ -40,3 +44,22 @@ func GetTransportSecret() (*v1.Secret, error) {
 	}
 	return secret, nil
 }
+
+func GetTransportConfigSecret(namespace, name string) (*corev1.Secret, error) {
+	kubeconfig, err := DefaultKubeConfig()
+	if err != nil {
+		return nil, err
+	}
+	c, err := client.New(kubeconfig, client.Options{Scheme: operatorconfig.GetRuntimeScheme()})
+	if err != nil {
+		return nil, err
+	}
+
+	transportConfig := &corev1.Secret{}
+
+	err = c.Get(context.Background(), types.NamespacedName{Name: name, Namespace: namespace}, transportConfig)
+	if err != nil {
+		return nil, err
+	}
+	return transportConfig, nil
+}

samples/config/transport_secret.go

@@ -0,0 +1,163 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"github.com/confluentinc/confluent-kafka-go/v2/kafka"
+	"github.com/stolostron/multicluster-global-hub/samples/config"
+)
+
+var topic = "kessel-inventory"
+
+func main() {
+	signals := make(chan os.Signal, 1)
+	signal.Notify(signals, syscall.SIGINT, syscall.SIGKILL)
+
+	// kafkaConfigMap, err := config.GetConfluentConfigMap()
+	kafkaConfigMap, err := config.GetConfluentConfigMapFromGlobalHub("global-hub-kafka-user", false)
+	if err != nil {
+		log.Fatalf("failed to get kafka config map: %v", err)
+	}
+	consumer, err := kafka.NewConsumer(kafkaConfigMap)
+	if err != nil {
+		log.Fatalf("failed to create kafka consumer: %v", err)
+	}
+
+	log.Printf(">> subscribe topic %s", topic)
+	if err := consumer.SubscribeTopics([]string{topic}, rebalanceCallback); err != nil {
+		log.Fatalf("failed to subscribe topic: %v", err)
+	}
+	ctx, cancel := context.WithCancel(context.Background())
+	go func() {
+		for {
+			select {
+			case <-ctx.Done():
+				_ = consumer.Unsubscribe()
+				log.Printf("unsubscribed topic: %s", topic)
+				return
+			default:
+				ev := consumer.Poll(100)
+				if ev == nil {
+					continue
+				}
+				if err := processEvent(ev); err != nil {
+					log.Printf("failed to process event: %s \n", ev)
+				}
+
+			}
+		}
+	}()
+
+	sig := <-signals
+	log.Printf("got signal: %s\n", sig.String())
+	cancel()
+	log.Println("context is done")
+
+	// graceful shutdown
+	time.Sleep(1 * time.Second)
+	log.Printf("exit main")
+	os.Exit(0)
+}
+
+func processEvent(ev kafka.Event) error {
+	switch e := ev.(type) {
+
+	case *kafka.Message:
+		if e.TopicPartition.Error != nil {
+			log.Printf("failed message on %s [%d %v]: %v\n", *e.TopicPartition.Topic, e.TopicPartition.Partition, e.TopicPartition.Offset, e.TopicPartition.Error)
+		} else {
+			log.Printf("received message on %s [%d %v]: %s\n", *e.TopicPartition.Topic, e.TopicPartition.Partition, e.TopicPartition.Offset, e.Value)
+		}
+
+		// https://github.com/confluentinc/confluent-kafka-go/blob/master/examples/consumer_rebalance_example/consumer_rebalance_example.go
+		// // Handle manual commit since enable.auto.commit is unset.
+		// if err := maybeCommit(c, e.TopicPartition); err != nil {
+		// 	return err
+		// }
+
+	case kafka.Error:
+		// Errors should generally be considered informational, the client
+		// will try to automatically recover.
+		return fmt.Errorf("kafka error with %v", e)
+	default:
+		// log.Printf("ignored event %v\n", e)
+	}
+
+	return nil
+}
+
+// rebalanceCallback is called on each group rebalance to assign additional
+// partitions, or remove existing partitions, from the consumer's current
+// assignment.
+//
+// A rebalance occurs when a consumer joins or leaves a consumer group, if it
+// changes the topic(s) it's subscribed to, or if there's a change in one of
+// the topics it's subscribed to, for example, the total number of partitions
+// increases.
+//
+// The application may use this optional callback to inspect the assignment,
+// alter the initial start offset (the .Offset field of each assigned partition),
+// and read/write offsets to commit to an alternative store outside of Kafka.
+func rebalanceCallback(c *kafka.Consumer, event kafka.Event) error {
+	switch ev := event.(type) {
+	case kafka.AssignedPartitions:
+		// log.Printf("%% %s rebalance: %d new partition(s) assigned: %v\n", c.GetRebalanceProtocol(), len(ev.Partitions), ev.Partitions)
+
+		log.Printf("%% %s rebalance: %d new partition(s) assigned\n", c.GetRebalanceProtocol(), len(ev.Partitions))
+
+		// The application may update the start .Offset of each assigned
+		// partition and then call Assign(). It is optional to call Assign
+		// in case the application is not modifying any start .Offsets. In
+		// that case we don't, the library takes care of it.
+		// It is called here despite not modifying any .Offsets for illustrative
+		// purposes.
+		err := c.Assign(ev.Partitions)
+		if err != nil {
+			return err
+		}
+
+	case kafka.RevokedPartitions:
+		// log.Printf("%% %s rebalance: %d partition(s) revoked: %v\n", c.GetRebalanceProtocol(), len(ev.Partitions), ev.Partitions)
+
+		log.Printf("%% %s rebalance: %d partition(s) revoked\n", c.GetRebalanceProtocol(), len(ev.Partitions))
+
+		// Usually, the rebalance callback for `RevokedPartitions` is called
+		// just before the partitions are revoked. We can be certain that a
+		// partition being revoked is not yet owned by any other consumer.
+		// This way, logic like storing any pending offsets or committing
+		// offsets can be handled.
+		// However, there can be cases where the assignment is lost
+		// involuntarily. In this case, the partition might already be owned
+		// by another consumer, and operations including committing
+		// offsets may not work.
+		if c.AssignmentLost() {
+			// Our consumer has been kicked out of the group and the
+			// entire assignment is thus lost.
+			fmt.Fprintln(os.Stderr, "Assignment lost involuntarily, commit may fail")
+		}
+
+		// Since enable.auto.commit is unset, we need to commit offsets manually
+		// before the partition is revoked.
+		commitedOffsets, err := c.Commit()
+
+		if err != nil && err.(kafka.Error).Code() != kafka.ErrNoOffset {
+			fmt.Fprintf(os.Stderr, "Failed to commit offsets: %s\n", err)
+			return err
+		}
+		fmt.Printf("%% Commited offsets to Kafka: %v\n", commitedOffsets)
+
+		// Similar to Assign, client automatically calls Unassign() unless the
+		// callback has already called that method. Here, we don't call it.
+
+	default:
+		fmt.Fprintf(os.Stderr, "Unxpected event type: %v\n", event)
+	}
+
+	return nil
+}

samples/inventory/consumer/main.go

@@ -0,0 +1,88 @@
+package main
+
+import (
+	"context"
+	"log"
+
+	cloudevents "github.com/cloudevents/sdk-go/v2"
+	clusterinfov1beta1 "github.com/stolostron/cluster-lifecycle-api/clusterinfo/v1beta1"
+	agentconfig "github.com/stolostron/multicluster-global-hub/agent/pkg/config"
+	"github.com/stolostron/multicluster-global-hub/pkg/enum"
+	transportconfig "github.com/stolostron/multicluster-global-hub/pkg/transport/config"
+	"github.com/stolostron/multicluster-global-hub/pkg/transport/inventory/client"
+	"github.com/stolostron/multicluster-global-hub/samples/config"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	runtimeclient "sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func main() {
+	clusterInfoList, err := listClusterInfo()
+	if err != nil {
+		log.Fatalf("failed to get cluster info list: %v", err)
+	}
+
+	transportConfigSecret, err := config.GetTransportConfigSecret("open-cluster-management", "transport-config")
+	if err != nil {
+		log.Fatalf("failed to get transport config secret: %v", err)
+	}
+	restfulConn, err := transportconfig.GetRestfulConnBySecret(transportConfigSecret)
+	if err != nil {
+		log.Fatalf("failed to extract rest credentail: %v", err)
+	}
+	// utils.PrettyPrint(restfulConn)
+
+	inventoryClient, err := client.NewInventoryClient(context.Background(), restfulConn)
+	if err != nil {
+		log.Fatalf("failed to init the inventory client: %v", err)
+	}
+
+	evt := cloudevents.NewEvent()
+	evt.SetType(string(enum.ManagedClusterInfoType))
+	evt.SetSource("test")
+	evt.SetData(cloudevents.ApplicationJSON, clusterInfoList)
+
+	err = inventoryClient.Request(context.Background(), evt)
+	if err != nil {
+		log.Fatalf("failed to send the request: %v", err)
+	}
+}
+
+func listClusterInfo() ([]clusterinfov1beta1.ManagedClusterInfo, error) {
+	c, err := getRuntimeClient()
+	if err != nil {
+		return nil, err
+	}
+	clusterInfoList := clusterinfov1beta1.ManagedClusterInfoList{}
+	err = c.List(context.Background(), &clusterInfoList)
+	if err != nil {
+		return nil, err
+	}
+	return clusterInfoList.Items, nil
+}
+
+func getTransportConfigSecret(namespace, name string) (*corev1.Secret, error) {
+	c, err := getRuntimeClient()
+	if err != nil {
+		return nil, err
+	}
+
+	transportConfig := &corev1.Secret{}
+	err = c.Get(context.Background(), types.NamespacedName{Name: name, Namespace: namespace}, transportConfig)
+	if err != nil {
+		return nil, err
+	}
+	return transportConfig, nil
+}
+
+func getRuntimeClient() (runtimeclient.Client, error) {
+	kubeconfig, err := config.DefaultKubeConfig()
+	if err != nil {
+		return nil, err
+	}
+	c, err := runtimeclient.New(kubeconfig, runtimeclient.Options{Scheme: agentconfig.GetRuntimeScheme()})
+	if err != nil {
+		return nil, err
+	}
+	return c, nil
+}

samples/inventory/producer/main.go

@@ -20,7 +20,7 @@ import (
 	operatorconstants "github.com/stolostron/multicluster-global-hub/operator/pkg/constants"
 )
 
-// go test ./test/integration/operator/addon -ginkgo.focus "addon registry" -v
+// go test ./test/integration/operator/agent -ginkgo.focus "addon registry" -v
 var _ = Describe("addon registry", Ordered, func() {
 	BeforeAll(func() {
 	})

test/integration/operator/agent/addon_registry_test.go

@@ -10,23 +10,30 @@ DELETE=${DELETE:-true}
 # setup kubeconfig
 KUBECONFIG=${KUBECONFIG:-${CONFIG_DIR}/clusters}
 
+echo "kill process"
 while read -r line; do
   if [[ $line != "" ]]; then
     kill -9 "${line}" >/dev/null 2>&1 
   fi
 done <"$CONFIG_DIR/PID"
 
+ps -ef | grep "ocm.sh" | grep -v grep |awk '{print $2}' | xargs kill -9 >/dev/null 2>&1
+ps -ef | grep -E 'e2e-setup|e2e_setup' | grep -v grep |awk '{print $2}' | xargs kill -9 >/dev/null 2>&1
+
 [ "$DELETE" = false ] && exit 0
 
+echo "delete kind clusters"
 kind delete cluster --name "${GH_NAME}" > /dev/null 2>&1
 for i in $(seq 1 "${MH_NUM}"); do
+  echo "delete hub${i}"
   kind delete cluster --name "hub${i}" > /dev/null 2>&1
   rm "$CONFIG_DIR/hub${i}" > /dev/null 2>&1 
   for j in $(seq 1 "${MC_NUM}"); do
+    echo "delete hub${i}-cluster${j}"
     kind delete cluster --name "hub${i}-cluster${j}" > /dev/null 2>&1
     rm "$CONFIG_DIR/hub${i}-cluster${j}" > /dev/null 2>&1
   done
 done
-rm "$KUBECONFIG" > /dev/null 2>&1 
 
-# ps -ef | grep "e2e" | grep -v grep |awk '{print $2}' | xargs kill -9 >/dev/null 2>&1
+echo "delete config $CONFIG_DIR"
+rm -rf "$CONFIG_DIR/*" 

test/manifest/crd/0000_06_internal.open-cluster-management.io_managedclusterinfos.crd.yaml

@@ -47,7 +47,7 @@ echo "Kafka cluster is ready"
 # generate resource for standalone agent
 export KAFKA_NAMESPACE=kafka
 export SECRET_NAMESPACE=open-cluster-management
-bash "$CURRENT_DIR/standalone_agent_secret.sh" "$KAFKA_KUBECONFIG" "$SECRET_KUBECONFIG"
+bash "$CURRENT_DIR/event_exporter_kafka.sh" "$KAFKA_KUBECONFIG" "$SECRET_KUBECONFIG"
 echo "Kafka standalone secret is ready! KUBECONFIG=$SECRET_KUBECONFIG"
 
 echo -e "\r${BOLD_GREEN}[ END - $(date +"%T") ] Install Kafka ${NC} $(($(date +%s) - start_time)) seconds"

test/manifest/crd/clusterversion.crd.yaml

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+CURRENT_DIR=$(
+  cd "$(dirname "$0")" || exit
+  pwd
+)
+
+# shellcheck source=/dev/null
+source "$CURRENT_DIR/util.sh"
+
+KUBECONFIG=${1:-$KUBECONFIG}        # the kubeconfig for running the inventory server
+SECRET_KUBECONFIG=${2:-$KUBECONFIG} # the kubeconfig for generating the inventory connection secret
+
+inventory_namespace=${INVENTORY_NAMESPACE:-"multicluster-global-hub"}
+secret_namespace=${SECRET_NAMESPACE:-"open-cluster-management"}
+
+# kubectl get secret inventory-api-server-ca-certs -n "$inventory_namespace" -ojsonpath='{.data.ca\.crt}' | base64 -d > /tmp/ca.crt
+# kubectl get secret inventory-api-guest-certs -n "$inventory_namespace" -ojsonpath='{.data.tls\.crt}' | base64 -d > /tmp/client.crt
+# kubectl get secret inventory-api-guest-certs -n "$inventory_namespace" -ojsonpath='{.data.tls\.key}' | base64 -d > /tmp/client.key
+
+host=$(kubectl get route inventory-api -n "$inventory_namespace" -ojsonpath='{.spec.host}')
+cat <<EOF >"$CURRENT_DIR/rest.yaml"
+host: https://${host}:443
+ca.crt: $(kubectl get secret inventory-api-server-ca-certs -n "$inventory_namespace" -ojsonpath='{.data.ca\.crt}')
+client.crt: $(kubectl get secret inventory-api-guest-certs -n "$inventory_namespace" -ojsonpath='{.data.tls\.crt}')
+client.key: $(kubectl get secret inventory-api-guest-certs -n "$inventory_namespace" -ojsonpath='{.data.tls\.key}')
+EOF
+
+kubectl create secret generic transport-config -n "$secret_namespace" --kubeconfig "$SECRET_KUBECONFIG" \
+  --from-file=rest.yaml="$CURRENT_DIR/rest.yaml"
+rm "$CURRENT_DIR/rest.yaml"
+echo "restful configuration is ready!"

test/script/e2e_clean_globalhub.sh

@@ -9,7 +9,7 @@ CURRENT_DIR=$(
 source "$CURRENT_DIR/util.sh"
 
 KUBECONFIG=${1:-$KUBECONFIG}        # the kubeconfig for running the kafka
-SECRET_KUBECONFIG=${2:-$KUBECONFIG} # generate the crenditial secret
+SECRET_KUBECONFIG=${2:-$KUBECONFIG} # the kubeconfig for generating the kafka connection secret
 
 kafka_namespace=${KAFKA_NAMESPACE:-"kafka"}
 secret_namespace=${SECRET_NAMESPACE:-"open-cluster-management"}
@@ -48,16 +48,3 @@ kubectl create secret generic transport-config -n "$secret_namespace" --kubeconf
   --from-file=kafka.yaml="$CURRENT_DIR/kafka.yaml"
 rm "$CURRENT_DIR/kafka.yaml"
 echo "kafka configuration is ready!"
-
-# host=$(kubectl get route inventory-api -n "$kafka_namespace" -ojsonpath='{.spec.host}')
-# cat <<EOF >"$CURRENT_DIR/inventory.yaml"
-# host: https://$host
-# ca.crt: $(kubectl get secret inventory-api-server-ca-certs -n "$kafka_namespace" -ojsonpath='{.data.ca\.crt}')
-# client.crt: $(kubectl get secret inventory-api-guest-certs -n "$kafka_namespace" -ojsonpath='{.data.tls\.crt}')
-# client.key: $(kubectl get secret inventory-api-guest-certs -n "$kafka_namespace" -ojsonpath='{.data.tls\.key}')
-# EOF
-
-# kubectl patch secret transport-config -n "$secret_namespace" --kubeconfig "$SECRET_KUBECONFIG" \
-#   --type='json' \
-#   -p='[{"op": "add", "path": "/data/inventory.yaml", "value":"'"$(base64 -w 0 "$CURRENT_DIR/inventory.yaml")"'"}]'
-# rm "$CURRENT_DIR/inventory.yaml"

test/script/e2e_cleanup.sh

@@ -118,7 +118,7 @@ kind_cluster() {
 ensure_cluster() {
   local cluster_name="$1"
   local kubeconfig="$2"
-  if [ -f "$kubeconfig" ]; then
+  if [ -f "$kubeconfig" ] && kubectl config get-contexts -o name | grep -wq "$cluster_name"; then
     return 0
   fi
 
@@ -361,6 +361,11 @@ install_crds() {
 
   # clusterclaim: agent
   kubectl --context "$ctx" apply -f ${CURRENT_DIR}/../manifest/crd/0000_02_clusters.open-cluster-management.io_clusterclaims.crd.yaml
+
+  # clusterinfo for rest
+  kubectl --context "$ctx" apply -f ${CURRENT_DIR}/../manifest/crd/0000_06_internal.open-cluster-management.io_managedclusterinfos.crd.yaml
+  # clusterID from clusterversion
+  kubectl --context "$ctx" apply -f ${CURRENT_DIR}/../manifest/crd/clusterversion.crd.yaml
 }
 
 enable_service_ca() {