Skip to content

contrib: add kcp schema serving#493

Merged
mjudeikis merged 6 commits into
kbind-dev:mainfrom
mjudeikis:dynamic.templates
Mar 16, 2026
Merged

contrib: add kcp schema serving#493
mjudeikis merged 6 commits into
kbind-dev:mainfrom
mjudeikis:dynamic.templates

Conversation

@mjudeikis

@mjudeikis mjudeikis commented Mar 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Enables kube-bind to serve resources in a 3-tier kcp topology where the backend workspace has no APIExport of its own — only an APIBinding that binds from an upstream provider workspace.

Problem

Standard kube-bind + kcp is 2-tier: :root:provider owns the APIExport, consumer binds via kube-bind. This PR adds a 3-tier model:

:root:provider   — owns APIResourceSchema + APIExport
      |  (APIBinding)
      v
:root:backend    — binds from provider; kube-bind backend runs here
      |  (kube-bind serving)
      v
  consumer       — binds resources via kube-bind

The backend has no APIExport — previously, this made it impossible to serve resources since kube-bind needs local APIServiceExportTemplate and APIResourceSchema copies.

What this adds

Two new kcp-specific controllers (only active with --provider=kcp):

apibindingtemplate controller — watches APIBinding objects; when Bound, auto-creates APIServiceExportTemplate objects (one per scope) derived from the bound resources; binding is owner so templates GC on removal
apiresourceschema controller — watches APIServiceExportTemplate; copies APIResourceSchema definitions from the bound APIBinding into the backend workspace labeled kube-bind.io/exported=true for ServiceExportRequest discovery

Bootstrap also gains apibindings + subjectaccessreviews permission claims required by the new controllers.

Tests
kcp_3tier_test.go — two e2e tests covering cluster-scoped and namespaced resources through the full provider → backend → consumer chain.

What Type of PR Is This?

/kind feature

Related Issue(s)

Fixes #

Release Notes

kcp provider: add 3-tier topology support — backend can now serve resources from workspaces with only an APIBinding (no APIExport required). New apibindingtemplate and apiresourceschema controllers auto-populate templates and schema copies.

@mjudeikis mjudeikis requested a review from a team as a code owner March 13, 2026 11:06
@mjudeikis

mjudeikis commented Mar 13, 2026

Copy link
Copy Markdown
Contributor Author

Want to see what CI will tell for now

@mjudeikis
contrib kcp: add apibinding serving
4bdb46a 
Signed-off-by: Mangirdas Judeikis <mangirdas@judeikis.lt>
On-behalf-of: SAP <mangirdas.judeikis@sap.com>
@mjudeikis

mjudeikis commented Mar 13, 2026

Copy link
Copy Markdown
Contributor Author

@mjudeikis-bot review this please

mjudeikis-bot

This comment was marked as resolved.

Sign in to view

@xrstf

This comment was marked as resolved.

Sign in to view
@mjudeikis-bot

mjudeikis-bot commented Mar 13, 2026

Copy link
Copy Markdown

Review submitted — see the PR review above. One potential blocker flagged (the getTemplateMapper type question); the rest are code-quality suggestions. Happy to re-review once those are addressed.

@mjudeikis-bot

This comment was marked as resolved.

Sign in to view
@mjudeikis

mjudeikis commented Mar 16, 2026

Copy link
Copy Markdown
Contributor Author

@mjudeikis-bot, which of the code review questions are not yet addressed, as now it's a bit chaotic. Give clear bullet points and what needs to be changed and where.

@mjudeikis-bot

This comment was marked as resolved.

Sign in to view
cnvergence
cnvergence reviewed Mar 16, 2026
View reviewed changes
Comment thread Makefile Outdated
GOTESTSUM_VERSION := 1.8.1
HELM_VERSION := 3.18.6
KCP_VERSION := 0.29.0
# unlreleased kcp version with vw code for schemas

@cnvergence cnvergence Mar 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# unlreleased kcp version with vw code for schemas
# unreleased kcp version with vw code for schemas

cnvergence
cnvergence reviewed Mar 16, 2026
View reviewed changes
Comment thread Makefile Outdated
Comment on lines +39 to +40
# unlreleased kcp version with vw code for schemas
KCP_VERSION := 301a8f749e7b99a0c81f43b37aa5b5e5ff0fc0b4

@cnvergence cnvergence Mar 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trailing ws

cnvergence
cnvergence reviewed Mar 16, 2026
View reviewed changes
Comment thread contrib/kcp/README.md Outdated
```

7. Get LogicalCluster:
9. Get the LogicalCluster identity (needed for consumer binding):

@cnvergence cnvergence Mar 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: 8.

@mjudeikis mjudeikis merged commit 4d36ba0 into kbind-dev:main Mar 16, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cnvergence cnvergence cnvergence approved these changes
+1 more reviewer
@mjudeikis-bot mjudeikis-bot mjudeikis-bot left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mjudeikis @xrstf @mjudeikis-bot @cnvergence