docs: releasing v0.3.2

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.3.1
+VERSION ?= 0.3.2
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

charts/kamaji/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.3.1
+appVersion: v0.3.2
 description: Kamaji deploys and operates Kubernetes at scale with a fraction of the operational burden. Kamaji turns any Kubernetes cluster into an “admin cluster” to orchestrate other Kubernetes clusters called “tenant clusters”. Kamaji is special because the Control Plane components are running in a single pod instead of dedicated machines. This solution makes running multiple Control Planes cheaper and easier to deploy and operate.
 home: https://github.com/clastix/kamaji
 icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png
@@ -15,7 +15,7 @@ name: kamaji
 sources:
 - https://github.com/clastix/kamaji
 type: application
-version: 0.12.2
+version: 0.12.3
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/release-name: kamaji

charts/kamaji/README.md

@@ -1,6 +1,6 @@
 # kamaji
 
-![Version: 0.12.2](https://img.shields.io/badge/Version-0.12.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.1](https://img.shields.io/badge/AppVersion-v0.3.1-informational?style=flat-square)
+![Version: 0.12.3](https://img.shields.io/badge/Version-0.12.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.2](https://img.shields.io/badge/AppVersion-v0.3.2-informational?style=flat-square)
 
 Kamaji deploys and operates Kubernetes at scale with a fraction of the operational burden. Kamaji turns any Kubernetes cluster into an “admin cluster” to orchestrate other Kubernetes clusters called “tenant clusters”. Kamaji is special because the Control Plane components are running in a single pod instead of dedicated machines. This solution makes running multiple Control Planes cheaper and easier to deploy and operate.
 

cmd/manager/cmd.go

@@ -9,6 +9,7 @@ import (
 	"io"
 	"os"
 	goRuntime "runtime"
+	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -33,18 +34,19 @@ import (
 func NewCmd(scheme *runtime.Scheme) *cobra.Command {
 	// CLI flags
 	var (
-		metricsBindAddress        string
-		healthProbeBindAddress    string
-		leaderElect               bool
-		tmpDirectory              string
-		kineImage                 string
-		datastore                 string
-		managerNamespace          string
-		managerServiceAccountName string
-		managerServiceName        string
-		webhookCABundle           []byte
-		migrateJobImage           string
-		maxConcurrentReconciles   int
+		metricsBindAddress         string
+		healthProbeBindAddress     string
+		leaderElect                bool
+		tmpDirectory               string
+		kineImage                  string
+		controllerReconcileTimeout time.Duration
+		datastore                  string
+		managerNamespace           string
+		managerServiceAccountName  string
+		managerServiceName         string
+		webhookCABundle            []byte
+		migrateJobImage            string
+		maxConcurrentReconciles    int
 
 		webhookCAPath string
 	)
@@ -73,6 +75,10 @@ func NewCmd(scheme *runtime.Scheme) *cobra.Command {
 				return err
 			}
 
+			if controllerReconcileTimeout.Seconds() == 0 {
+				return fmt.Errorf("the controller reconcile timeout must be greater than zero")
+			}
+
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -111,6 +117,7 @@ func NewCmd(scheme *runtime.Scheme) *cobra.Command {
 				Client:    mgr.GetClient(),
 				APIReader: mgr.GetAPIReader(),
 				Config: controllers.TenantControlPlaneReconcilerConfig{
+					ReconcileTimeout:     controllerReconcileTimeout,
 					DefaultDataStoreName: datastore,
 					KineContainerImage:   kineImage,
 					TmpBaseDirectory:     tmpDirectory,
@@ -231,6 +238,7 @@ func NewCmd(scheme *runtime.Scheme) *cobra.Command {
 	cmd.Flags().StringVar(&managerServiceName, "webhook-service-name", "kamaji-webhook-service", "The Kamaji webhook server Service name which is used to get validation webhooks, required for the TenantControlPlane migration jobs.")
 	cmd.Flags().StringVar(&managerServiceAccountName, "serviceaccount-name", os.Getenv("SERVICE_ACCOUNT"), "The Kubernetes Namespace on which the Operator is running in, required for the TenantControlPlane migration jobs.")
 	cmd.Flags().StringVar(&webhookCAPath, "webhook-ca-path", "/tmp/k8s-webhook-server/serving-certs/ca.crt", "Path to the Manager webhook server CA, required for the TenantControlPlane migration jobs.")
+	cmd.Flags().DurationVar(&controllerReconcileTimeout, "controller-reconcile-timeout", 30*time.Second, "The reconciliation request timeout before the controller withdraw the external resource calls, such as dealing with the Datastore, or the Tenant Control Plane API endpoint.")
 
 	cobra.OnInitialize(func() {
 		viper.AutomaticEnv()

cmd/root.go

@@ -12,6 +12,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	appsv1 "k8s.io/kubernetes/pkg/apis/apps/v1"
 
 	kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1"
 )
@@ -26,6 +27,7 @@ func NewCmd(scheme *runtime.Scheme) *cobra.Command {
 
 			utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 			utilruntime.Must(kamajiv1alpha1.AddToScheme(scheme))
+			utilruntime.Must(appsv1.RegisterDefaults(scheme))
 		},
 	}
 }

config/install.yaml

@@ -5062,7 +5062,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: spec.serviceAccountName
-        image: clastix/kamaji:v0.3.1
+        image: clastix/kamaji:v0.3.2
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

config/manager/kustomization.yaml

@@ -13,4 +13,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: clastix/kamaji
-  newTag: v0.3.1
+  newTag: v0.3.2

config/samples/kamaji_v1alpha1_tenantcontrolplane.yaml

@@ -1,7 +1,7 @@
 apiVersion: kamaji.clastix.io/v1alpha1
 kind: TenantControlPlane
 metadata:
-  name: 126-k8s
+  name: k8s-126
 spec:
   controlPlane:
     deployment:

controllers/tenantcontrolplane_controller.go

@@ -56,6 +56,7 @@ type TenantControlPlaneReconciler struct {
 
 // TenantControlPlaneReconcilerConfig gives the necessary configuration for TenantControlPlaneReconciler.
 type TenantControlPlaneReconcilerConfig struct {
+	ReconcileTimeout     time.Duration
 	DefaultDataStoreName string
 	KineContainerImage   string
 	TmpBaseDirectory     string
@@ -74,6 +75,10 @@ type TenantControlPlaneReconcilerConfig struct {
 func (r *TenantControlPlaneReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := log.FromContext(ctx)
 
+	var cancelFn context.CancelFunc
+	ctx, cancelFn = context.WithTimeout(ctx, r.Config.ReconcileTimeout)
+	defer cancelFn()
+
 	tenantControlPlane, err := r.getTenantControlPlane(ctx, req.NamespacedName)()
 	if err != nil {
 		if apimachineryerrors.IsNotFound(err) {

docs/content/getting-started.md

@@ -73,7 +73,7 @@ helm install \
 
 ## Install Kamaji Controller
 
-Installing Kamaji via Helm charts is the preferred way. The Kamaji controller needs to access a Datastore in order to save data of the tenants' clusters. The Kamaji Helm Chart provides the installation of a basic unamanaged `etcd` as datastore, out of box. 
+Installing Kamaji via Helm charts is the preferred way. The Kamaji controller needs to access a Datastore in order to save data of the tenants' clusters. The Kamaji Helm Chart provides the installation of a basic unmanaged `etcd` as datastore, out of box. 
 
 Install Kamaji with `helm` using an unmanaged `etcd` as default datastore:
 

docs/content/guides/kamaji-azure-deployment.md

@@ -114,7 +114,7 @@ helm install \
 
 ## Install Kamaji Controller
 
-Installing Kamaji via Helm charts is the preferred way. The Kamaji controller needs to access a Datastore in order to save data of the tenants' clusters. The Kamaji Helm Chart provides the installation of a basic unamanaged `etcd` as datastore, out of box. 
+Installing Kamaji via Helm charts is the preferred way. The Kamaji controller needs to access a Datastore in order to save data of the tenants' clusters. The Kamaji Helm Chart provides the installation of a basic unmanaged `etcd` as datastore, out of box. 
 
 Install Kamaji with `helm` using an unmanaged `etcd` as default datastore:
 

docs/content/reference/versioning.md

@@ -9,3 +9,4 @@ In Kamaji, there are different components that might require independent version
 | v0.2   | v1.22+        | [v1.21.0 .. v1.27.0] |
 | v0.3.0 | v1.22+        | [v1.21.0 .. v1.27.0] |
 | v0.3.1 | v1.22+        | [v1.21.0 .. v1.27.3] |
+| v0.3.2 | v1.22+        | [v1.21.0 .. v1.27.3] |

internal/resources/ca_certificate.go

@@ -4,6 +4,7 @@
 package resources
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 
@@ -96,6 +97,13 @@ func (r *CACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1
 			if err != nil {
 				logger.Info(fmt.Sprintf("%s certificate-private_key pair is not valid: %s", kubeadmconstants.CACertAndKeyBaseName, err.Error()))
 			}
+			// Appending the Cluster API required keys if they're missing:
+			// with this we're sure to avoid introducing breaking changes.
+			if isValid && (!bytes.Equal(r.resource.Data[corev1.TLSCertKey], r.resource.Data[kubeadmconstants.CACertName]) || !bytes.Equal(r.resource.Data[kubeadmconstants.CAKeyName], r.resource.Data[corev1.TLSPrivateKeyKey])) {
+				r.resource.Data[corev1.TLSCertKey] = r.resource.Data[kubeadmconstants.CACertName]
+				r.resource.Data[corev1.TLSPrivateKeyKey] = r.resource.Data[kubeadmconstants.CAKeyName]
+			}
+
 			if isValid {
 				return nil
 			}
@@ -122,6 +130,11 @@ func (r *CACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1
 		r.resource.Data = map[string][]byte{
 			kubeadmconstants.CACertName: ca.Certificate,
 			kubeadmconstants.CAKeyName:  ca.PrivateKey,
+			// Required for Cluster API integration which is reading the basic TLS keys.
+			// We cannot switch over basic corev1.Secret keys for backward compatibility,
+			// it would require a new CA generation breaking all the clusters deployed.
+			corev1.TLSCertKey:       ca.Certificate,
+			corev1.TLSPrivateKeyKey: ca.PrivateKey,
 		}
 
 		r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))