chore(helm): releasing v0.2.2

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.2.1
+VERSION ?= 0.2.2
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

charts/kamaji/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.2.1
+appVersion: v0.2.2
 description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service
   with a fraction of the operational burden. With Kamaji, you can deploy and operate
   hundreds of Kubernetes clusters as a hyper-scaler.
@@ -17,7 +17,7 @@ name: kamaji
 sources:
 - https://github.com/clastix/kamaji
 type: application
-version: 0.11.3
+version: 0.11.4
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/release-name: kamaji

charts/kamaji/README.md

@@ -1,6 +1,6 @@
 # kamaji
 
-![Version: 0.11.2](https://img.shields.io/badge/Version-0.11.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.1](https://img.shields.io/badge/AppVersion-v0.2.1-informational?style=flat-square)
+![Version: 0.11.4](https://img.shields.io/badge/Version-0.11.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.2](https://img.shields.io/badge/AppVersion-v0.2.2-informational?style=flat-square)
 
 Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler.
 

config/install.yaml

@@ -2304,7 +2304,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: spec.serviceAccountName
-        image: clastix/kamaji:v0.2.1
+        image: clastix/kamaji:v0.2.2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

config/manager/kustomization.yaml

@@ -13,4 +13,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: clastix/kamaji
-  newTag: v0.2.1
+  newTag: v0.2.2

docs/content/guides/backup-and-restore.md

@@ -0,0 +1,73 @@
+# Backup and restore
+
+As mentioned in the introduction, Kamaji “tenant clusters” are just regular pods scheduled on top of a choosn admin cluster; as such, you can take advantage of the same backup and restore methods that you would use to maintain the standard workload.
+
+This guide will assist you in how to backup and restore TCP resources on the admin cluster using [Velero](https://tanzu.vmware.com/developer/guides/what-is-velero/).
+
+## Prerequisites
+
+Before proceeding with the next steps, we assume that the following prerequisites are met:
+
+- Working admin cluster
+- Working datastore resource
+- Working TCP resource
+- Velero binary installed on the operator VM
+- Velero installed on the admin cluster
+- Configured BackupStorageLocation for Velero
+
+## Backup step
+
+This example shows how to backup and restore a Tenant Control Plane called `tenant-00` and related resources using the `--include-namespaces` tag. Assume the Tenant Control Plane is deployed into the `tenant-00` namespace:
+
+```
+velero backup create tenant-00 --include-namespaces tenant-00
+```
+
+then, verify the backup job status:
+
+```
+velero backup get tenant-00
+NAME        STATUS     ERRORS   WARNINGS   CREATED                         EXPIRES   STORAGE LOCATION   SELECTOR
+tenant-00   Completed  0        0          2023-02-23 17:45:13 +0100 CET   27d       cloudian           <none>
+```
+
+in case of problems, you can get more information by running:
+
+```
+velero backup describe tenant-00
+```
+
+## Restore step
+
+>_WARNING_: this procedure will restore just the TCP resource.
+In the event that the related datastore has been lost, you MUST restore it BEFORE continue; to do this, refer to the backup and restore strategy of the datastore of your choice.
+
+---
+
+To restore just the desired TCP, simply execute:
+
+```
+velero restore create tenant-00 \
+    --from-backup tenant-00 \
+    --include-resources tcp,secret \
+    --status-include-resources tcp
+```
+
+verify the restore job status:
+
+```
+velero restore get
+
+NAME           BACKUP         STATUS      STARTED                         COMPLETED                       ERRORS   WARNINGS   CREATED                         SELECTOR
+tenant-00      tenant-00      Completed   2023-02-24 12:31:39 +0100 CET   2023-02-24 12:31:40 +0100 CET   0        0          2023-02-24 12:31:39 +0100 CET   <none>
+```
+
+In a bunch of seconds, the Kamaji controller will reconcile the TCP and its status will pass from Ready, to NotReady and, finally, Ready again:
+
+```
+kubectl get tcp -A
+
+NAMESPACE   NAME           VERSION   STATUS   CONTROL-PLANE ENDPOINT   KUBECONFIG                      DATASTORE   AGE
+tenant-00   solar-energy   v1.25.6   Ready    192.168.1.251:8443       solar-energy-admin-kubeconfig   dedicated   6m
+[...]
+```

docs/mkdocs.yml

@@ -49,6 +49,7 @@ nav:
   - guides/kamaji-gitops-flux.md
   - guides/upgrade.md
   - guides/datastore-migration.md
+  - guides/backup-and-restore.md
 - 'Use Cases': use-cases.md
 - 'Reference':
   - reference/index.md

internal/resources/kubeconfig.go

@@ -37,8 +37,15 @@ type KubeconfigResource struct {
 	TmpDirectory       string
 }
 
-func (r *KubeconfigResource) ShouldStatusBeUpdated(context.Context, *kamajiv1alpha1.TenantControlPlane) bool {
-	return false
+func (r *KubeconfigResource) ShouldStatusBeUpdated(_ context.Context, tcp *kamajiv1alpha1.TenantControlPlane) bool {
+	// an update is required only in case of missing status checksum, or name:
+	// this data is required by the following resource handlers.
+	status, err := r.getKubeconfigStatus(tcp)
+	if err != nil {
+		return false
+	}
+
+	return len(status.Checksum) == 0 || len(status.SecretName) == 0
 }
 
 func (r *KubeconfigResource) ShouldCleanup(*kamajiv1alpha1.TenantControlPlane) bool {
@@ -151,27 +158,29 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam
 
 			return err
 		}
+		// A new kubeconfig must be generated when one of the following cases is occurring:
+		// 1. the status checksum is different from the computed one
+		// 2. the resource UID is empty, meaning it's a new resource (tl;dr; a first reconciliation)
+		//
+		// And finally, we're checking if the kubeconfig is valid: if not, generating a new one.
+		if (status.Checksum != checksum || len(r.resource.UID) == 0) && !kubeadm.IsKubeconfigValid(r.resource.Data[r.KubeConfigFileName]) {
+			kubeconfig, err := kubeadm.CreateKubeconfig(
+				r.KubeConfigFileName,
 
-		if (status.Checksum == checksum || len(r.resource.UID) > 0) && kubeadm.IsKubeconfigValid(r.resource.Data[r.KubeConfigFileName]) {
-			return nil
-		}
+				kubeadm.CertificatePrivateKeyPair{
+					Certificate: apiServerCertificatesSecret.Data[kubeadmconstants.CACertName],
+					PrivateKey:  apiServerCertificatesSecret.Data[kubeadmconstants.CAKeyName],
+				},
+				config,
+			)
+			if err != nil {
+				logger.Error(err, "cannot create a valid kubeconfig")
 
-		kubeconfig, err := kubeadm.CreateKubeconfig(
-			r.KubeConfigFileName,
-
-			kubeadm.CertificatePrivateKeyPair{
-				Certificate: apiServerCertificatesSecret.Data[kubeadmconstants.CACertName],
-				PrivateKey:  apiServerCertificatesSecret.Data[kubeadmconstants.CAKeyName],
-			},
-			config,
-		)
-		if err != nil {
-			logger.Error(err, "cannot create a valid kubeconfig")
-
-			return err
-		}
-		r.resource.Data = map[string][]byte{
-			r.KubeConfigFileName: kubeconfig,
+				return err
+			}
+			r.resource.Data = map[string][]byte{
+				r.KubeConfigFileName: kubeconfig,
+			}
 		}
 
 		r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))