@@ -23,9 +23,23 @@ It will do the following:
2323
2424# How to run
2525
26+ ## Preparation
27+
26281 . Start dex
29+
30+ ``` bash
31+ make run-dex
32+ ```
33+
27342 . Start kcp
28- 3 . Bootstrap kcp:
35+
36+ ``` bash
37+ make run-kcp
38+ ```
39+
40+ ## Backend
41+
42+ 2 . Bootstrap kcp:
2943``` bash
3044cp .kcp/admin.kubeconfig .kcp/backend.kubeconfig
3145export KUBECONFIG=.kcp/backend.kubeconfig
@@ -49,18 +63,22 @@ k ws use :root:kube-bind
4963 --schema-source apiresourceschemas
5064```
5165
66+ This process will keep running, so open a new terminal.
67+
68+ ## Provider
5269
53705 . Copy the kubeconfig to the provider and create provider workspace:
5471``` bash
5572cp .kcp/admin.kubeconfig .kcp/provider.kubeconfig
5673export KUBECONFIG=.kcp/provider.kubeconfig
5774k ws use :root
58- kubectl ws create provider --enter
75+ kubectl create-workspace provider --enter
5976```
6077
61786 . Bind the APIExport to the provider workspace
6279``` bash
63- kubectl kcp bind apiexport root:kube-bind:kube-bind.io --accept-permission-claim clusterrolebindings.rbac.authorization.k8s.io \
80+ kubectl kcp bind apiexport root:kube-bind:kube-bind.io \
81+ --accept-permission-claim clusterrolebindings.rbac.authorization.k8s.io \
6482 --accept-permission-claim clusterroles.rbac.authorization.k8s.io \
6583 --accept-permission-claim customresourcedefinitions.apiextensions.k8s.io \
6684 --accept-permission-claim serviceaccounts.core \
@@ -74,10 +92,9 @@ kubectl kcp bind apiexport root:kube-bind:kube-bind.io --accept-permission-claim
7492
75937 . Create CRD in provider:
7694``` bash
77- kubectl create -f kcp/deploy/examples/apiexport.yaml
78- kubectl create -f kcp/deploy/examples/apiresourceschema-cowboys.yaml
79- kubectl create -f kcp/deploy/examples/apiresourceschema-sheriffs.yaml
80- # recursive bind
95+ kubectl create -f contrib/kcp/deploy/examples/apiexport.yaml
96+ kubectl create -f contrib/kcp/deploy/examples/apiresourceschema-cowboys.yaml
97+ kubectl create -f contrib/kcp/deploy/examples/apiresourceschema-sheriffs.yaml
8198kubectl kcp bind apiexport root:provider:cowboys-stable
8299```
83100
@@ -86,9 +103,11 @@ kubectl kcp bind apiexport root:provider:cowboys-stable
86103``` bash
87104kubectl get logicalcluster
88105# NAME PHASE URL AGE
89- # cluster Ready https://192.168.2.166:6443/clusters/2xh2v3gzjhn4tmve
106+ # cluster Ready https://192.168.2.166:6443/clusters/1d5vpxvdpy0opbj1
90107```
91108
109+ ## Consumer
110+
921119 . Now we gonna initiate consumer:
93112``` bash
94113cp .kcp/admin.kubeconfig .kcp/consumer.kubeconfig
@@ -100,19 +119,29 @@ kubectl ws create consumer --enter
10011910 . Bind the thing:
101120
102121``` bash
103- ./bin/kubectl-bind http://127.0.0.1:8080/clusters/2vgrh380y0cq38du /exports --dry-run -o yaml > apiserviceexport.yaml
122+ ./bin/kubectl-bind http://127.0.0.1:8080/clusters/awsb9l59tt6xxwz3 /exports --dry-run -o yaml > apiserviceexport.yaml
104123
105124# Extract secret for binding process. Note that secret name is not the same as output from command above. Check secret
106125# name by running `kubectl get secret -n kube-bind`
107- kubectl get secret kubeconfig-wvvsb - n kube-bind -o jsonpath=' {.data.kubeconfig}' | base64 -d > remote.kubeconfig
126+ kubectl get secrets - n kube-bind -o jsonpath=' {.items[0] .data.kubeconfig}' | base64 -d > remote.kubeconfig
108127
109- ./bin/kubectl-bind apiservice --remote-kubeconfig remote.kubeconfig -f apiserviceexport.yaml --skip-konnector --remote- namespace kube-bind-m5zx4
128+ namespace= $( yq ' .contexts[0].context. namespace' remote.kubeconfig )
110129
111- export KUBECONFIG=.kcp/consumer.kubeconfig
112- go run ./cmd/konnector/ --lease-namespace default
130+ ./bin/kubectl-bind apiservice -v 6 --remote-kubeconfig remote.kubeconfig -f apiserviceexport.yaml --skip-konnector --remote-namespace " $namespace "
131+
132+ ```
133+
134+ This will keep running, so switch to a new terminal.
135+
136+ ### Consumer Konnector
113137
138+ Start konnector:
114139
115- 11. (Optional) Add second consumer to test
140+ ``` bash
141+ ./bin/konnector --lease-namespace default --kubeconfig .kcp/consumer.kubeconfig
142+ ```
143+
144+ Optionally add second consumer to test
116145
117146``` bash
118147cp .kcp/admin.kubeconfig .kcp/consumer2.kubeconfig
@@ -121,27 +150,53 @@ kubectl ws use :root
121150kubectl ws create consumer2 --enter
122151
123152./bin/kubectl-bind http://127.0.0.1:8080/clusters/2vgrh380y0cq38du/exports --dry-run -o yaml > apiserviceexport2.yaml
124- kubectl get secret kubeconfig-wvvsb -n kube-bind -o jsonpath=' {.data.kubeconfig}' | base64 -d > remote2.kubeconfig
125153
126- ./bin/ kubectl-bind apiservice --remote-kubeconfig remote2. kubeconfig -f apiserviceexport.yaml --skip-konnector --remote-namespace kube-bind-m5zx4
154+ kubectl get secrets -n kube-bind -o jsonpath= ' {.items[0].data. kubeconfig} ' | base64 -d > remote2.kubeconfig
127155
156+ ./bin/kubectl-bind apiservice -v 6 --remote-kubeconfig remote2.kubeconfig -f apiserviceexport2.yaml --skip-konnector --remote-namespace " $( yq ' .contexts[0].context.namespace' remote2.kubeconfig) "
128157
129- export KUBECONFIG=.kcp/consumer2.kubeconfig
130- go run ./cmd/konnector/ --lease-namespace default --server-address :8091
158+ ./bin/konnector --lease-namespace default --kubeconfig .kcp/consumer2.kubeconfig --server-address :8091
131159```
132160
161+ This will keep running, so switch to a new terminal.
162+
163+ ## Testing
164+
133165Create objects:
134166```
135- kubectl apply -f kcp/deploy/examples/cowboy.yaml
167+ export KUBECONFIG=.kcp/consumer.kubeconfig
168+ kubectl apply -f contrib/kcp/deploy/examples/cowboy.yaml
169+ kubectl apply -f contrib/kcp/deploy/examples/sheriff.yaml
136170```
137171
138172
139173## Debug
140174
141175``` bash
176+
142177cp .kcp/admin.kubeconfig .kcp/debug.kubeconfig
143178export KUBECONFIG=.kcp/debug.kubeconfig
144179k ws use :root:kube-bind
145180
146- k -s "$(kubectl get apiexportendpointslice kube-bind.io -o jsonpath="{.status.endpoints[0].url}")/clusters/*" api-resources
147- k -s "$(kubectl get apiexportendpointslice kube-bind.io -o jsonpath="{.status.endpoints[0].url}")/clusters/*" get crd
181+ k -s " $( kubectl get apiexportendpointslice kube-bind.io -o jsonpath=' {.status.endpoints[0].url}' ) /clusters/*" api-resources
182+
183+ k -s " $( kubectl get apiexportendpointslice kube-bind.io -o jsonpath=' {.status.endpoints[0].url}' ) /clusters/*" get crd
184+
185+ namespace=$( yq ' .contexts[0].context.namespace' remote.kubeconfig)
186+
187+ # some claimed objects
188+
189+ kubectl create cm provider -n " $namespace -default"
190+ kubectl label cm provider app=wildwest -n " $namespace -default"
191+
192+ kubectl create cm consumer -n default
193+ kubectl label cm consumer app=wildwest -n default
194+
195+ kubectl create secret generic provider-secret
196+ kubectl label secret provider-secret app=wildwest
197+
198+ kubectl create namespace bob
199+ kubectl create secret generic wildwest-secrets1 -n bob
200+ kubectl label secret wildwest-secrets1 app=wildwest -n bob
201+
202+ ```
0 commit comments