Skip to content

Commit 4a0f9ba

Browse files
committed
Update docs for v0.5
Signed-off-by: Mangirdas Judeikis <mangirdas@judeikis.lt> On-behalf-of: @SAP mangirdas.judeikis@sap.com
1 parent ab03f00 commit 4a0f9ba

18 files changed

Lines changed: 458 additions & 36 deletions

File tree

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ CODE_GENERATOR_BIN := code-generator
7777
CODE_GENERATOR := $(TOOLS_GOBIN_DIR)/$(CODE_GENERATOR_BIN)-$(CODE_GENERATOR_VER)
7878
export CODE_GENERATOR # so hack scripts can use it
7979

80-
KCP_VER := v0.28.1
80+
KCP_VER := v0.28.0
8181
KCP_BIN := kcp
8282
KCP := $(TOOLS_GOBIN_DIR)/$(KCP_BIN)-$(KCP_VER)
8383
KCP_CMD ?= $(KCP)

README.md

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -62,23 +62,27 @@ All the actions shown between the clusters are done by the konnector, except: th
6262

6363
To get familiar with setting up the environment, please check out docs at [kube-bind.io](https://docs.kube-bind.io/main/setup).
6464

65-
## API Changes in coming v0.5.0 release
65+
## API Changes in v0.5.0 release
6666

6767
Version v0.5.0 includes significant architectural improvements to the API structure:
6868

6969
### Major Changes
7070

71-
- **API Version Upgrade**: Introduced `v1alpha2` API version with improved stability and features
72-
- **Service Exposure Refactoring**: Completely refactored the service exposure mechanism to use:
73-
- `APIResourceSchema`: Define the schema of exported CRDs, allowing one APIServiceExport to reference multiple CRDs.
74-
- `BoundAPIResourceSchema`: Represent bound schemas in consumer clusters and underlying status of synced resources.
71+
- **API Version Upgrade**: Introduced `v1alpha2` API version alongside existing `v1alpha1`
72+
- **Service Exposure Refactoring**: Refactored the service exposure mechanism from embedded CRD specifications to a resource-based model:
73+
- `APIServiceExportSpec` now uses `Resources []APIServiceExportResource` instead of embedded CRD specs
74+
- `BoundSchema`: New resource type in `v1alpha2` that represents bound schemas in consumer clusters and tracks the status of synced resources
75+
- This allows one APIServiceExport to reference multiple CRDs more efficiently
76+
77+
### Backend Architecture Improvements
78+
79+
- **MultiCluster Runtime Integration**: The backend now leverages `sigs.k8s.io/multicluster-runtime` for enhanced cluster management capabilities
80+
- **Provider Support**: Built-in support for multiple backend providers including KCP through `github.com/kcp-dev/multicluster-provider`
81+
- **Enhanced Cluster Operations**: Improved cluster-aware resource management with dedicated manager architecture for handling multi-cluster scenarios
7582

7683
### Limitations
7784

7885
These limitations are part of the roadmap and will be addressed in the future.
7986

80-
* Currently we don't support related resources, like ConfigMaps, Secrets
81-
* Currently CRD resources MUST be installed in the provider cluster, even when APIResourceSchema is used.
82-
This is to allow the konnector to sync instances of the CRD to the consumer cluster.
83-
This should be removed once we introduce sync policies and object wrappers.
84-
* Currently we dont support granular permissions, like only allow to read/write certain named resources.
87+
* Currently we don't support related resources, like ConfigMaps, Secrets.
88+
* We don't support lifecycle of `BoundSchema` resources, like schema changes.

backend/config.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,18 +35,18 @@ import (
3535
ctrlconfig "sigs.k8s.io/controller-runtime/pkg/config"
3636
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
3737
mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
38-
"sigs.k8s.io/multicluster-runtime/pkg/multicluster"
3938

4039
kuberesources "github.com/kube-bind/kube-bind/backend/kubernetes/resources"
4140
"github.com/kube-bind/kube-bind/backend/options"
41+
"github.com/kube-bind/kube-bind/backend/provider"
4242
kubebindv1alpha1 "github.com/kube-bind/kube-bind/sdk/apis/kubebind/v1alpha1"
4343
kubebindv1alpha2 "github.com/kube-bind/kube-bind/sdk/apis/kubebind/v1alpha2"
4444
)
4545

4646
type Config struct {
4747
Options *options.CompletedOptions
4848

49-
Provider multicluster.Provider
49+
Provider provider.MultiClusterProvider
5050
ExternalAddressGenerator kuberesources.ExternalAddreesGeneratorFunc
5151
Manager mcmanager.Manager
5252
Scheme *runtime.Scheme

backend/provider/provider.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
/*
2+
Copyright 2025 The Kube Bind Authors.
3+
4+
Licensed under the Apache License, Version 2.0 (the "License");
5+
you may not use this file except in compliance with the License.
6+
You may obtain a copy of the License at
7+
8+
http://www.apache.org/licenses/LICENSE-2.0
9+
10+
Unless required by applicable law or agreed to in writing, software
11+
distributed under the License is distributed on an "AS IS" BASIS,
12+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
See the License for the specific language governing permissions and
14+
limitations under the License.
15+
*/
16+
17+
package provider
18+
19+
import "sigs.k8s.io/multicluster-runtime/pkg/multicluster"
20+
21+
// MultiClusterProvider is an interface that combines multicluster.Provider and multicluster.ProviderRunnable.
22+
type MultiClusterProvider interface {
23+
multicluster.Provider
24+
multicluster.ProviderRunnable
25+
}

contrib/kcp/deploy/resources/apiexport-kube-bind.io.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ spec:
7474
crd: {}
7575
- group: kube-bind.io
7676
name: clusterbindings
77-
schema: v250809-5ed76a1.clusterbindings.kube-bind.io
77+
schema: v250924-ab03f00.clusterbindings.kube-bind.io
7878
storage:
7979
crd: {}
8080
status: {}

contrib/kcp/deploy/resources/apiresourceschema-clusterbindings.kube-bind.io.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: apis.kcp.io/v1alpha1
22
kind: APIResourceSchema
33
metadata:
44
creationTimestamp: null
5-
name: v250809-5ed76a1.clusterbindings.kube-bind.io
5+
name: v250924-ab03f00.clusterbindings.kube-bind.io
66
spec:
77
conversion:
88
strategy: None
@@ -32,8 +32,8 @@ spec:
3232
name: v1alpha1
3333
schema:
3434
description: |-
35-
ClusterBinding represents a bound consumer cluster. It lives in a service
36-
provider cluster and is a singleton named "cluster" per namespace.
35+
ClusterBinding represents a bound consumer class. It lives in a service provider cluster
36+
and is a singleton named "cluster".
3737
properties:
3838
apiVersion:
3939
description: |-

deploy/crd/kube-bind.io_clusterbindings.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,8 @@ spec:
3434
schema:
3535
openAPIV3Schema:
3636
description: |-
37-
ClusterBinding represents a bound consumer cluster. It lives in a service
38-
provider cluster and is a singleton named "cluster" per namespace.
37+
ClusterBinding represents a bound consumer class. It lives in a service provider cluster
38+
and is a singleton named "cluster".
3939
properties:
4040
apiVersion:
4141
description: |-
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,65 @@
11
# Backend
2+
3+
The kube-bind backend provides service export and binding capabilities for single Kubernetes clusters acting as backend or many clusters with support for multiple cluster providers through the multicluster-runtime architecture.
4+
5+
## Architecture
6+
7+
Starting with v0.5.0, the backend leverages `sigs.k8s.io/multicluster-runtime` for enhanced cluster management capabilities.
8+
9+
### Key Components
10+
11+
- **MultiCluster Runtime Integration**: Built on `sigs.k8s.io/multicluster-runtime` for provider-agnostic cluster operations
12+
- **Provider Support**: Extensible provider system supporting different backend implementations
13+
- **Manager Architecture**: Uses `mcmanager.Manager` for cluster-aware resource management
14+
15+
### Supported Providers
16+
17+
- **Default Provider**: Standard Kubernetes cluster support
18+
- **KCP Provider**: Integration with [kcp](https://github.com/kcp-dev/kcp) through `github.com/kcp-dev/multicluster-provider`
19+
20+
## Configuration
21+
22+
The backend can be configured to use different providers:
23+
24+
```bash
25+
./bin/backend \
26+
--multicluster-runtime-provider kcp \
27+
--server-url=$(kubectl get apiexportendpointslice kube-bind.io -o jsonpath="{.status.endpoints[0].url}") \
28+
# ... other options
29+
```
30+
31+
### Provider Configuration
32+
33+
#### KCP Provider
34+
35+
When using the KCP provider (`--multicluster-runtime-provider kcp`), the backend:
36+
37+
- Connects to kcp workspaces through APIExports
38+
- Manages resources across logical clusters
39+
- Supports advanced multi-tenancy features
40+
- Enables workspace-based isolation
41+
42+
#### Default Provider
43+
44+
The default provider works with standard Kubernetes clusters and provides:
45+
46+
- Direct cluster connectivity
47+
- Namespace-based isolation
48+
- Standard RBAC integration
49+
50+
## API Changes
51+
52+
The backend now supports the v1alpha2 API with significant architectural improvements:
53+
54+
- **Resource-Based Exports**: APIServiceExport now uses resource references instead of embedded CRDs
55+
- **BoundSchema Support**: Integration with BoundSchema resources for better schema management
56+
- **Multi-Resource Support**: Single exports can reference multiple CRDs efficiently
57+
58+
## Controllers
59+
60+
The backend includes several controllers for managing the export/binding lifecycle:
61+
62+
- **ClusterBinding Controller**: Manages cluster binding lifecycle
63+
- **ServiceExport Controller**: Handles APIServiceExport resources
64+
- **ServiceExportRequest Controller**: Processes export requests
65+
- **ServiceNamespace Controller**: Manages namespace isolation

docs/content/developers/konnector/controllers/cluster/apiserviceexport.md

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,21 @@
11
# APIServiceExports
22

3-
The APIServiceExport controller watches `APIServiceExports` and the referenced `CustomResourceDefinitions` (CRDs) in the **provider cluster**.
3+
The APIServiceExport controller watches `APIServiceExports` and the referenced resources in the **provider cluster**.
44

5-
It is responsible for:
5+
Starting with v1alpha2, the APIServiceExport has been refactored to use a resource-based model instead of embedded CRD specifications.
6+
7+
## Key Changes in v1alpha2
8+
9+
- **Resource-Based Model**: `APIServiceExportSpec` now uses `Resources []APIServiceExportResource` instead of embedded CRD specs
10+
- **Multi-Resource Support**: One APIServiceExport can reference multiple CRDs more efficiently
11+
- **BoundSchema Integration**: Works with the new `BoundSchema` resource type for tracking bound schemas in consumer clusters
12+
13+
## Controller Responsibilities
614

715
* Ensuring the existence and validity of `APIServiceExports`.
816
* Managing the lifecycle of `APIServiceExports` by starting and stopping spec and status syncers and controllers.
917
* Checking `APIServiceBinding` condition and setting `ConsumerInSync` condition in `APIServiceExport`
10-
* Copying conditions from the referenced CRDs to the `APIServiceExport` status.
18+
* Managing resource references and their associated schemas.
1119

1220
## Overview
1321

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# BoundSchema
2+
3+
The BoundSchema controller manages `BoundSchema` resources in the consumer cluster, introduced in v1alpha2.
4+
5+
`BoundSchema` represents bound API resource schemas in consumer clusters and tracks the underlying status of synced resources.
6+
7+
## Key Features
8+
9+
- **Schema Validation**: Ensures the bound schema is valid and properly applied
10+
- **Drift Detection**: Monitors for differences between expected and actual schema state
11+
- **Condition Management**: Provides status conditions for validation and drift detection
12+
13+
## BoundSchema Structure
14+
15+
```yaml
16+
apiVersion: kubebind.io/v1alpha2
17+
kind: BoundSchema
18+
metadata:
19+
name: example-schema
20+
namespace: kube-bind-example
21+
spec:
22+
informerScope: Namespaced # or Cluster
23+
group: example.com
24+
names:
25+
kind: ExampleResource
26+
plural: exampleresources
27+
scope: Namespaced
28+
versions:
29+
- name: v1
30+
served: true
31+
storage: true
32+
schema: # JSONSchema for validation
33+
status:
34+
acceptedNames: # Names actually being used
35+
storedVersions: []
36+
conditions:
37+
- type: Valid
38+
status: "True"
39+
reason: Accepted
40+
```
41+
42+
## Integration with APIServiceExport
43+
44+
BoundSchema works closely with the APIServiceExport resource-based model:
45+
46+
1. APIServiceExport references multiple resources via `Resources []APIServiceExportResource`
47+
2. Each resource can map to a BoundSchema in the consumer cluster
48+
3. BoundSchema tracks the actual application and status of these schemas
49+
4. This enables better multi-resource management and status tracking

0 commit comments

Comments
 (0)