Add UI binding flow#508
Conversation
fbf7314 to
e186520
Compare
e186520 to
4e69530
Compare
|
Overall this is a solid implementation of the browser-based binding flow. The tabbed UI approach with multiple methods (One-Click, Already Connected, Bundle, Manual) gives users good flexibility. A few items to address before merging: Security /api/konnector-manifests is unauthenticated - This endpoint is registered without RequireAuth. Is this intentional? If so, consider rate limiting since it reveals deployment details. ClusterRole grants full cluster-admin - The konnector ClusterRole uses apiGroups: [""], resources: [""], verbs: ["*"]. Worth documenting why this broad access is required, or scoping it down if possible. Consumer kubeconfig handling - The security note in the UI is good. Please confirm the kubeconfig bytes aren't logged anywhere (e.g., in error messages or debug logs). Bug Missing cluster parameter in handleConsumerStatus - At handler.go:189, the call to GetConsumerStatus passes identity and params.ClusterID, but looking at the implementation, it seems like the namespace lookup should work. However, double-check that the cluster context is being used correctly throughout the flow. Suggestions
Nice work on the polling logic with seenOnce to handle cache lag, and the idempotent create-or-update patterns throughout. |
|
Keeping it as a draft again, need to clean the code a bit and put a write-up |
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> On-behalf-of: @SAP karol.szwaj@sap.com
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> On-behalf-of: @SAP karol.szwaj@sap.com
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> On-behalf-of: @SAP karol.szwaj@sap.com
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> On-behalf-of: @SAP karol.szwaj@sap.com
…tails to the main page Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> On-behalf-of: @SAP karol.szwaj@sap.com
3c4d782 to
8b996c6
Compare
Summary
Adds the ability to bind Kubernetes services from a provider to a consumer cluster entirely through the
web UI, without requiring the CLI.
After selecting a template and clicking "Bind", users see a modal with three setup options:
"View Details" on a resource card now opens a details modal that shows resources, permission claims, a description, and active service exports for the authenticated user's consumer namespace.
Backend Changes:
konnector deployment, fixing connectivity in environments like Kind, where DNS names resolve to the loopback address.
BindingResponse gains optional ProviderNamespace and BindingName fields so the UI can display binding context after creation.



What Type of PR Is This?
/kind feature
Related Issue(s)
Fixes #406
Release Notes