diff --git a/backend/http/server.go b/backend/http/server.go
index 6bb547dbf..a7a5208ca 100644
--- a/backend/http/server.go
+++ b/backend/http/server.go
@@ -49,7 +49,7 @@ func (s *Server) Addr() net.Addr {
}
func (s *Server) Start(ctx context.Context) error {
- log.Println("Starting HTTP server")
+ log.Println("Starting web server")
server := &http.Server{
Handler: s.Router,
ReadHeaderTimeout: 1 * time.Minute,
diff --git a/deploy/charts/backend/templates/gateway-api.yaml b/deploy/charts/backend/templates/gateway-api.yaml
new file mode 100644
index 000000000..187ddb888
--- /dev/null
+++ b/deploy/charts/backend/templates/gateway-api.yaml
@@ -0,0 +1,88 @@
+{{- if .Values.gatewayApi.enabled }}
+{{- if .Values.certManager.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ include "kube-bind.fullname" . }}-tls
+ labels:
+ {{- include "kube-bind.labels" . | nindent 4 }}
+spec:
+ secretName: {{ include "kube-bind.fullname" . }}-tls
+ issuerRef:
+ name: {{ .Values.certManager.clusterIssuer }}
+ kind: ClusterIssuer
+ {{- if .Values.gatewayApi.route.hostnames }}
+ dnsNames:
+ {{- range .Values.gatewayApi.route.hostnames }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
+---
+{{- end }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+ name: {{ include "kube-bind.fullname" . }}-gateway
+ labels:
+ {{- include "kube-bind.labels" . | nindent 4 }}
+ {{- with .Values.gatewayApi.gateway.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ gatewayClassName: {{ .Values.gatewayApi.gateway.className }}
+ listeners:
+ - name: https
+ protocol: HTTPS
+ port: {{ .Values.gatewayApi.gateway.httpsPort | default 443 }}
+ tls:
+ mode: Terminate
+ certificateRefs:
+ {{- if .Values.certManager.enabled }}
+ - name: {{ include "kube-bind.fullname" . }}-tls
+ {{- else if .Values.gatewayApi.gateway.tls.certificateRefs }}
+ {{- range .Values.gatewayApi.gateway.tls.certificateRefs }}
+ - name: {{ .name }}
+ {{- if .namespace }}
+ namespace: {{ .namespace }}
+ {{- end }}
+ {{- if .group }}
+ group: {{ .group }}
+ {{- end }}
+ {{- if .kind }}
+ kind: {{ .kind }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ - name: http
+ protocol: HTTP
+ port: {{ .Values.gatewayApi.gateway.httpPort | default 80 }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: {{ include "kube-bind.fullname" . }}-route
+ labels:
+ {{- include "kube-bind.labels" . | nindent 4 }}
+ {{- with .Values.gatewayApi.route.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ parentRefs:
+ - name: {{ include "kube-bind.fullname" . }}-gateway
+ {{- if .Values.gatewayApi.route.hostnames }}
+ hostnames:
+ {{- range .Values.gatewayApi.route.hostnames }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end }}
+ rules:
+ - matches:
+ - path:
+ type: {{ .Values.gatewayApi.route.pathType | default "PathPrefix" }}
+ value: {{ .Values.gatewayApi.route.path | default "/" }}
+ backendRefs:
+ - name: {{ include "kube-bind.fullname" . }}
+ port: {{ .Values.service.port }}
+{{- end }}
\ No newline at end of file
diff --git a/deploy/charts/backend/values.yaml b/deploy/charts/backend/values.yaml
index 67a6cb3e7..e003fe2d2 100644
--- a/deploy/charts/backend/values.yaml
+++ b/deploy/charts/backend/values.yaml
@@ -37,6 +37,28 @@ certManager:
enabled: false
clusterIssuer: ""
+# Gateway API configuration
+gatewayApi:
+ enabled: false
+ gateway:
+ className: ""
+ httpPort: 80
+ httpsPort: 443
+ annotations: {}
+ tls:
+ certificateRefs: []
+ # Example:
+ # - name: tls-cert
+ # namespace: default
+ route:
+ hostnames: []
+ # Example:
+ # - "example.com"
+ # - "api.example.com"
+ path: "/"
+ pathType: "PathPrefix"
+ annotations: {}
+
examples:
# Example resources to seed on first start
enabled: false
diff --git a/docs/content/developers/.pages b/docs/content/developers/.pages
index a549ca52d..ab903794b 100644
--- a/docs/content/developers/.pages
+++ b/docs/content/developers/.pages
@@ -3,4 +3,5 @@ nav:
- Development Environment: dev-environments.md
- Backend: backend
- Konnector: konnector
- - Publishing a release: publishing-a-release.md
\ No newline at end of file
+ - Publishing a release: publishing-a-release.md
+ - Testing changes: testing-changes.md
\ No newline at end of file
diff --git a/docs/content/developers/testing-changes.md b/docs/content/developers/testing-changes.md
new file mode 100644
index 000000000..fdd13fa6f
--- /dev/null
+++ b/docs/content/developers/testing-changes.md
@@ -0,0 +1,83 @@
+---
+description: >
+ How to test changes made to kube-bind in your development environment.
+weight: 30
+title: Testing Changes
+---
+
+# Testing code changes
+
+When making changes to kube-bind, it's important to test them in a realistic multi-cluster environment.
+
+Follow [development setup instructions](../developers/development-setup/) to set up your development environment using kcp.
+kcp allows you to simulate multiple clusters using logical clusters.
+
+
+# Testing helm chart changes
+
+By default, in helm chart, the backend component does not have TLS enabled, and the embedded OIDC server is not used.
+To test changes related to TLS or OIDC, you need to enable them explicitly by setting the appropriate Helm values.
+
+To test basic Helm-install flow you will need GatewayAPI enabled kubernetes cluster with cert-manager installed.
+By default it will use TLS termination at the Gateway level.
+
+
+```bash
+# Use a specific development version:
+# VERSION=0.0.0-9fd9281e661c0d9a426a941111d3d8b08019ebc1
+```
+
+And run full helm install command with additional parameters:
+```bash
+helm upgrade \
+ --install \
+ --namespace kube-bind \
+ --create-namespace \
+ --set certManager.enabled=true \
+ --set certManager.clusterIssuer=letsencrypt-prod \
+ --set backend.oidc.issuerUrl=https://auth.genericcontrolplane.io \
+ --set backend.oidc.clientId=platform-mesh \
+ --set backend.oidc.clientSecret=Z2Fyc2lha2FsYmlzdmFuZGVuekWplCg== \
+ --set backend.oidc.callbackUrl=https://kube-bind.genericcontrolplane.io/api/callback \
+ --set gatewayApi.enabled=true \
+ --set gatewayApi.gateway.className=nginx \
+ --set gatewayApi.gateway.httpPort=80 \
+ --set gatewayApi.gateway.httpsPort=443 \
+ --set 'gatewayApi.gateway.tls.certificateRefs[0].name=backend-tls-cert' \
+ --set 'gatewayApi.route.hostnames[0]=kube-bind.genericcontrolplane.io' \
+ --set gatewayApi.route.path=/ \
+ --set gatewayApi.route.pathType=PathPrefix \
+ --set image.tag=${VERSION} \
+ kube-bind \
+ ./deploy/charts/backend
+```
+
+After the deployment at minimum url should be accessible:
+
+```bash
+ curl https://kube-bind.genericcontrolplane.io
+
+
+
+
+
+
+ Kube Bind
+
+
+
+
+
+
+
+%
+```
+
+
+# Local dev environment testing
+
+If you changed helm charts and neet to test them in local development environment you can do the following:
+
+```bash
+ ./bin/kubectl-bind dev create --chart-path ./deploy/charts/backend
+```
\ No newline at end of file
diff --git a/docs/content/setup/helm.md b/docs/content/setup/helm.md
index 83adf69d9..e26ab2122 100644
--- a/docs/content/setup/helm.md
+++ b/docs/content/setup/helm.md
@@ -10,8 +10,6 @@ The backend chart is available as an OCI image for service providers, with konne
## Quick Start
-**Important**: Current version of kube-bind uses application-level redirect (HTTP 302) to CLI. Your ingress controller must support this behavior.
-
## Prerequisites & Setup Guides
The following prerequisites are required. Click the links below for detailed setup instructions:
@@ -20,6 +18,7 @@ The following prerequisites are required. Click the links below for detailed set
- **[Helm 3.x](#helm)** - Package manager for Kubernetes
- **[cert-manager](#cert-manager-setup)** - For TLS certificate management
- **[OIDC provider](#oidc-provider-setup)** - For authentication (Dex, Keycloak, etc.)
+- **[Gateway API](#gateway-api-setup)** - (Optional) For advanced ingress management
### Install kube-bind Backend
@@ -31,7 +30,7 @@ The following prerequisites are required. Click the links below for detailed set
VERSION=$(curl -s https://api.github.com/repos/kube-bind/kube-bind/releases/latest | grep '"tag_name"' | cut -d'"' -f4 | sed 's/v//')
# Or use a specific development version:
- # VERSION=0.0.0-
+ # VERSION=0.0.0-9fd9281e661c0d9a426a941111d3d8b08019ebc1
```
2. **Configure your values:**
@@ -41,21 +40,35 @@ The following prerequisites are required. Click the links below for detailed set
- Update hostnames to match your setup
3. **Install the backend using OCI chart:**
- ```bash
+
+ Note !!!
+ To install production configuration, you will need to have OIDC provider.
+ For more information, just check out the [quickstart guide].(./quickstart.md)
+
+```bash
# Using latest release version
- helm upgrade --install \
- --namespace kube-bind \
- --create-namespace \
- --values ./deploy/charts/backend/examples/values-local-development.yaml \
- kube-bind oci://ghcr.io/kube-bind/charts/backend --version ${VERSION}
-
- # Or install a specific development version
- helm upgrade --install \
- --namespace kube-bind \
- --create-namespace \
- --values ./deploy/charts/backend/examples/values-local-development.yaml \
- kube-bind oci://ghcr.io/kube-bind/charts/backend --version 0.0.0-a50df39d7e4c71f7808f4209ec23f294c5ac8f86
- ```
+helm upgrade \
+ --install \
+ --namespace kube-bind \
+ --create-namespace \
+ --set certManager.enabled=true \
+ --set certManager.clusterIssuer=letsencrypt-prod \
+ --set backend.oidc.issuerUrl=https://auth.example.com \
+ --set backend.oidc.clientId=platform-mesh \
+ --set backend.oidc.clientSecret= \
+ --set backend.oidc.callbackUrl=https://kube-bind.example.com/api/callback \
+ --set gatewayApi.enabled=true \
+ --set gatewayApi.gateway.className=nginx \
+ --set gatewayApi.gateway.httpsPort=443 \
+ --set 'gatewayApi.gateway.tls.certificateRefs[0].name=backend-tls-cert' \
+ --set 'gatewayApi.route.hostnames[0]=kube-bind.example.com' \
+ --set gatewayApi.route.path=/ \
+ --set gatewayApi.route.pathType=PathPrefix \
+ --set image.tag=${VERSION} \
+ kube-bind \
+ kube-bind oci://ghcr.io/kube-bind/charts/backend --version ${VERSION}
+```
+
4. **Seed with example resources (optional):**
```bash
@@ -70,13 +83,6 @@ That's it! Your kube-bind backend is now ready to use.
---
-### Kubernetes Cluster
-You need a running Kubernetes cluster with `kubectl` configured. For testing, you can create a local cluster:
-
-```bash
-kind create cluster --name kube-bind-test
-```
-
### Helm
Install Helm 3.x from [https://helm.sh/docs/intro/install/](https://helm.sh/docs/intro/install/)
@@ -85,6 +91,23 @@ Install Helm 3.x from [https://helm.sh/docs/intro/install/](https://helm.sh/docs
export HELM_EXPERIMENTAL_OCI=1
```
+### Gateway API Setup
+
+Install gateway API CRDs and controller for advanced ingress management. Kube-bind supports Gateway API for routing traffic to the backend service.
+
+Follow the official Gateway API installation instructions:
+https://gateway-api.sigs.k8s.io/guides/
+
+```bash
+kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/standard-install.yaml
+```
+
+We used NGINX Gateway controller for testing. Install it as follows:
+
+```bash
+helm upgrade --install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway
+```
+
### cert-manager Setup
Install cert-manager for automatic TLS certificate management:
@@ -216,7 +239,7 @@ config:
redirectURIs:
- https://auth.example.com/callback
- http://localhost:8000
- - https://kube-bind.example.com/callback # Replace with your domain
+ - https://kube-bind.example.com/api/callback # Replace with your domain
name: 'KubeBindApp'
secret: ### REPLACE ME ###
@@ -281,20 +304,4 @@ curl -s https://api.github.com/repos/kube-bind/kube-bind/releases | grep '"tag_n
# Get latest release version
VERSION=$(curl -s https://api.github.com/repos/kube-bind/kube-bind/releases/latest | grep '"tag_name"' | cut -d'"' -f4 | sed 's/v//')
echo "Latest version: ${VERSION}"
-```
-
-**Development versions:**
-Development charts are built from every commit to the main branch with the format `0.0.0-`.
-
-### Installing Different Versions
-
-```bash
-# Install latest stable release (recommended for production)
-helm upgrade --install kube-bind oci://ghcr.io/kube-bind/charts/backend --version ${VERSION}
-
-# Install specific release version
-helm upgrade --install kube-bind oci://ghcr.io/kube-bind/charts/backend --version 1.0.0
-
-# Install development build (for testing)
-helm upgrade --install kube-bind oci://ghcr.io/kube-bind/charts/backend --version 0.0.0-a1b2c3d
-```
+```
\ No newline at end of file
diff --git a/docs/content/setup/kind-setup.md b/docs/content/setup/kind-setup.md
index 6e71915b0..7db19ce04 100644
--- a/docs/content/setup/kind-setup.md
+++ b/docs/content/setup/kind-setup.md
@@ -24,12 +24,14 @@ export KIND_EXPERIMENTAL_DOCKER_NETWORK=kube-bind
kind create cluster --name provider
kubectl cluster-info --context kind-provider
-helm upgrade --install \
+helm upgrade \
+ --install \
--namespace kube-bind \
--create-namespace \
kube-bind oci://ghcr.io/kube-bind/charts/backend --version 0.0.0-a50df39d7e4c71f7808f4209ec23f294c5ac8f86
-helm upgrade --install \
+helm upgrade \
+ --install \
--namespace kube-bind \
--create-namespace \
--set image.repository=ghcr.io/mjudeikis/kube-bind/backend \