Add helm deployment & fixup generator

Author: mjudeikis

.gitignore

@@ -14,5 +14,5 @@ coverage.*
 /dex
 /bin
 docs/generators/cli-doc/cli-doc
-dex/
 apiserviceexport.yaml
+*.prod

Makefile

@@ -290,10 +290,26 @@ CONTRIBS_E2E := $(patsubst %,test-e2e-contrib-%,$(CONTRIBS))
 
 .PHONY: test-e2e-contribs $(CONTRIBS_E2E)
 test-e2e-contribs: $(CONTRIBS_E2E) ## Run e2e tests for external integrations
+
+.PHONY: test-e2e-contrib-kcp
 test-e2e-contrib-kcp: $(DEX) $(KCP)
 $(CONTRIBS_E2E):
 	cd contrib/$(patsubst test-e2e-contrib-%,%,$@) && $(GO_TEST) -race -count $(COUNT) $(E2E_PARALLELISM_FLAG) ./test/e2e/...
 
+DESTROY_KIND_CLUSTER ?= true
+REUSE_KIND_CLUSTER_SUFFIX ?= ""
+KIND_CLUSTER_NAME ?= kube-bind
+
+.PHONY: test-e2e-kind
+test-e2e-kind: build image-local
+	echo "Running kube-bind e2e tests"
+	KUBE_BIND_BACKEND_IMAGE=$(KO_DOCKER_REPO)/backend:$(REV) \
+	KUBE_BIND_KONNECTOR_IMAGE=$(KO_DOCKER_REPO)/konnector:$(REV) \
+	$(GO_TEST) -v ./test/e2e-kind/... \
+		-destroy-kind-cluster=$(DESTROY_KIND_CLUSTER) \
+		-collect-logs=true 
+	echo "Kube-bind e2e tests completed"
+
 .PHONY: test
 ifdef USE_GOTESTSUM
 test: $(GOTESTSUM)

backend/controllers/clusterbinding/clusterbinding_controller.go

@@ -147,10 +147,12 @@ func NewClusterBindingReconciler(
 	return r, nil
 }
 
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=clusterbindings,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=clusterbindings/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=clusterbindings/finalizers,verbs=update
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexports,verbs=get;list;watch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=clusterbindings,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=kube-bind.io,resources=clusterbindings/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=clusterbindings/finalizers,verbs=update
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexports,verbs=get;list;watch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=collections,verbs=get;list;watch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexporttemplates,verbs=get;list;watch
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch;create;update;patch;delete

backend/controllers/rbac.go

@@ -0,0 +1,13 @@
+package controllers
+
+// This is Core access needed for backend controllers.
+//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch;create;update;patch;delete
+
+// Additional RBAC permissions for export functionality
+// These permissions allow the backend to grant RBAC permissions for exported resources
+//+kubebuilder:rbac:groups="",resources=configmaps,verbs=*
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=*

backend/controllers/serviceexport/serviceexport_controller.go

@@ -82,11 +82,11 @@ func NewAPIServiceExportReconciler(
 	return r, nil
 }
 
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexports,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexports/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexports/finalizers,verbs=update
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=boundschemas,verbs=get;list;watch
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=boundschemas/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexports,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexports/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexports/finalizers,verbs=update
+//+kubebuilder:rbac:groups=kube-bind.io,resources=boundschemas,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=kube-bind.io,resources=boundschemas/status,verbs=get;update;patch;list
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.

backend/controllers/serviceexportrequest/serviceexportrequest_controller.go

@@ -177,12 +177,12 @@ func getBoundSchemaMapper(clusterName string, cl cluster.Cluster) handler.TypedE
 	})
 }
 
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexportrequests,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexportrequests/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexportrequests/finalizers,verbs=update
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexports,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiresourceschemas,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=resources=apiservicenamespaces,verbs=get;list;watch;create
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexportrequests,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexportrequests/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexportrequests/finalizers,verbs=update
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexports,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiresourceschemas,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiservicenamespaces,verbs=get;list;watch;create
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.

backend/controllers/servicenamespace/servicenamespace_controller.go

@@ -206,11 +206,11 @@ func getServiceExportMapper(clusterName string, cl cluster.Cluster) handler.Type
 	})
 }
 
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiservicenamespaces,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiservicenamespaces/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiservicenamespaces/finalizers,verbs=update
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=clusterbindings,verbs=get;list;watch
-//+kubebuilder:rbac:groups=kubebind.k8s.io,resources=apiserviceexports,verbs=get;list;watch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiservicenamespaces,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiservicenamespaces/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiservicenamespaces/finalizers,verbs=update
+//+kubebuilder:rbac:groups=kube-bind.io,resources=clusterbindings,verbs=get;list;watch
+//+kubebuilder:rbac:groups=kube-bind.io,resources=apiserviceexports,verbs=get;list;watch
 //+kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch;create;update;patch;delete
 

backend/http/handler.go

@@ -205,7 +205,7 @@ func (h *handler) handleAuthorize(w http.ResponseWriter, r *http.Request) {
 		ProviderClusterID: providerCluster, // used in multicluster-runtime providers
 	}
 	if callbackPort != "" && code.RedirectURL == "" {
-		code.RedirectURL = fmt.Sprintf("http://localhost:%s/callback", callbackPort)
+		code.RedirectURL = fmt.Sprintf("http://127.0.0.1:%s/callback", callbackPort)
 	}
 
 	if code.RedirectURL == "" || code.SessionID == "" || code.ClusterID == "" {

backend/template/resources.gohtml

@@ -10,7 +10,7 @@
     <!-- Bootstrap Icons -->
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.7.2/font/bootstrap-icons.css">
 
-    <title>Modules - Kube Bind</title>
+    <title>Services - Kube Bind</title>
     <style>
       body {
         background: #f8f9fa;
@@ -36,25 +36,25 @@
         margin: 0;
       }
 
-      .module-card {
+      .service-card {
         border: 1px solid #dee2e6;
         border-radius: 6px;
         background: white;
         transition: border-color 0.15s ease-in-out;
         margin-bottom: 1rem;
       }
 
-      .module-card:hover {
+      .service-card:hover {
         border-color: #007bff;
       }
 
-      .module-card .card-header {
+      .service-card .card-header {
         background: #f8f9fa;
         border-bottom: 1px solid #dee2e6;
         padding: 0.75rem 1rem;
       }
 
-      .module-card .card-header h5 {
+      .service-card .card-header h5 {
         margin: 0;
         font-size: 1.1rem;
         font-weight: 500;
@@ -135,14 +135,14 @@
   <body>
     <div class="container">
       <div class="page-header">
-        <h2>Available Modules</h2>
-        <p>Select a module to bind its resources and permissions</p>
+        <h2>Available Services</h2>
+        <p>Select a service to bind its resources and permissions</p>
       </div>
 
       <div class="row">
-        {{range $moduleIdx, $schema := .Schemas}}
+        {{range $serviceIdx, $schema := .Schemas}}
         <div class="col-lg-6 col-md-12 mb-3">
-          <div class="card module-card">
+          <div class="card service-card">
             <div class="card-header">
               <h5>{{$schema.Name}}</h5>
               {{if $schema.Description}}<small class="text-muted">{{$schema.Description}}</small>{{end}}
@@ -171,10 +171,10 @@
                   </span>
                   {{if or $claim.Selector.NamedResources $claim.Selector.LabelSelector}}
                   <br>
-                  <a class="btn details-btn mt-1" data-toggle="collapse" href="#claim-{{$moduleIdx}}-{{$i}}" role="button" aria-expanded="false">
+                  <a class="btn details-btn mt-1" data-toggle="collapse" href="#claim-{{$serviceIdx}}-{{$i}}" role="button" aria-expanded="false">
                     Details
                   </a>
-                  <div class="collapse mt-2" id="claim-{{$moduleIdx}}-{{$i}}">
+                  <div class="collapse mt-2" id="claim-{{$serviceIdx}}-{{$i}}">
                     {{if $claim.Selector.NamedResources}}
                     <div class="detail-card p-2 mb-2">
                       <strong>Named:</strong>
@@ -217,7 +217,7 @@
             </ul>
             <div class="card-body">
               <a href="{{if $.Cluster}}/clusters/{{$.Cluster}}{{end}}/bind?s={{$schema.SessionID}}&template={{$schema.Name}}" class="btn bind-btn {{$schema.Name}}">
-                Bind Module
+                Bind Service
               </a>
             </div>
           </div>

cli/pkg/kubectl/bind-apiservice/plugin/bind.go

@@ -143,39 +143,72 @@ func (b *BindAPIServiceOptions) Validate() error {
 
 // Run starts the binding process.
 func (b *BindAPIServiceOptions) Run(ctx context.Context) error {
+	fmt.Fprintf(b.Options.ErrOut, "🔧 Starting binding process...\n")
+
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 1: Getting client config...\n")
 	config, err := b.Options.ClientConfig.ClientConfig()
 	if err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to get client config: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ Client config obtained successfully\n")
 
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 2: Getting remote kubeconfig...\n")
 	remoteKubeconfig, remoteNamespace, remoteConfig, err := b.getRemoteKubeconfig(ctx, config)
 	if err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to get remote kubeconfig: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ Remote kubeconfig obtained, namespace: %s\n", remoteNamespace)
+
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 3: Getting request manifest...\n")
 	bs, err := b.getRequestManifest()
 	if err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to get request manifest: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ Request manifest obtained (%d bytes)\n", len(bs))
+
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 4: Unmarshaling manifest...\n")
 	request, err := b.unmarshalManifest(bs)
 	if err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to unmarshal manifest: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ Manifest unmarshaled successfully\n")
+
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 5: Creating service export request...\n")
 	result, err := b.createServiceExportRequest(ctx, remoteConfig, remoteNamespace, request)
 	if err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to create service export request: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ Service export request created successfully\n")
+
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 6: Deploying konnector...\n")
 	if err := b.deployKonnector(ctx, config); err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to deploy konnector: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ Konnector deployed successfully\n")
+
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 7: Creating kubeconfig secret...\n")
 	secretName, err := b.createKubeconfigSecret(ctx, config, remoteConfig.Host, remoteNamespace, remoteKubeconfig)
 	if err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to create kubeconfig secret: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ Kubeconfig secret created: %s\n", secretName)
+
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 8: Creating API service bindings...\n")
 	bindings, err := b.createAPIServiceBindings(ctx, config, result, secretName)
 	if err != nil {
+		fmt.Fprintf(b.Options.ErrOut, "❌ Failed to create API service bindings: %v\n", err)
 		return err
 	}
+	fmt.Fprintf(b.Options.ErrOut, "✅ API service bindings created (%d bindings)\n", len(bindings))
 
+	fmt.Fprintf(b.Options.ErrOut, "📋 Step 9: Printing results table...\n")
 	fmt.Fprintln(b.Options.ErrOut)
 	return b.printTable(ctx, config, bindings)
 }