Skip to content

Add UI binding flow#508

Merged
cnvergence merged 8 commits into
kbind-dev:mainfrom
cnvergence:add-ui-binding-flow
Apr 24, 2026
Merged

Add UI binding flow#508
cnvergence merged 8 commits into
kbind-dev:mainfrom
cnvergence:add-ui-binding-flow

Conversation

@cnvergence

@cnvergence cnvergence commented Apr 1, 2026

Copy link
Copy Markdown
Member

Summary

Adds the ability to bind Kubernetes services from a provider to a consumer cluster entirely through the
web UI, without requiring the CLI.

After selecting a template and clicking "Bind", users see a modal with three setup options:

  • Provide Kubeconfig — Paste a consumer cluster kubeconfig, and the backend automatically deploys the konnector, creating the binding bundle on the consumer.
  • APIServiceBindingBundle — Copy a pre-generated YAML manifest to apply manually on the consumer.
  • Manual CLI — Old flow with kubectl bind command.

"View Details" on a resource card now opens a details modal that shows resources, permission claims, a description, and active service exports for the authenticated user's consumer namespace.

Backend Changes:

  • POST /api/apply-binding — Accepts a consumer kubeconfig, deploys the konnector + creates an APIServiceBindingBundle on the consumer cluster automatically.
  • GET /api/consumer-status — Returns whether the user has an existing consumer namespace and lists active exports.
  • GET /api/konnector-manifests — Returns konnector deployment YAML (intentionally unauthenticated for easy download).
  • Host alias resolution — Resolves the provider hostname from the backend pod and injects HostAliases into the
    konnector deployment, fixing connectivity in environments like Kind, where DNS names resolve to the loopback address.
  • CRD bootstrap wait — ApplyToConsumer polls until the APIServiceBindingBundle CRD is established before creating the bundle resource.

BindingResponse gains optional ProviderNamespace and BindingName fields so the UI can display binding context after creation.
image
image
image

What Type of PR Is This?

/kind feature

Related Issue(s)

Fixes #406

Release Notes

Added the ability to bind Kubernetes services from a provider to a consumer cluster entirely through the
web UI.

@cnvergence cnvergence force-pushed the add-ui-binding-flow branch from fbf7314 to e186520 Compare April 7, 2026 09:58
@cnvergence cnvergence force-pushed the add-ui-binding-flow branch from e186520 to 4e69530 Compare April 16, 2026 12:33
@cnvergence cnvergence marked this pull request as ready for review April 16, 2026 12:33
@cnvergence cnvergence requested a review from a team as a code owner April 16, 2026 12:33
@xrstf

xrstf commented Apr 17, 2026

Copy link
Copy Markdown
Contributor

Overall this is a solid implementation of the browser-based binding flow. The tabbed UI approach with multiple methods (One-Click, Already Connected, Bundle, Manual) gives users good flexibility. A few items to address before merging:

Security

/api/konnector-manifests is unauthenticated - This endpoint is registered without RequireAuth. Is this intentional? If so, consider rate limiting since it reveals deployment details.

ClusterRole grants full cluster-admin - The konnector ClusterRole uses apiGroups: [""], resources: [""], verbs: ["*"]. Worth documenting why this broad access is required, or scoping it down if possible.

Consumer kubeconfig handling - The security note in the UI is good. Please confirm the kubeconfig bytes aren't logged anywhere (e.g., in error messages or debug logs).

Bug

Missing cluster parameter in handleConsumerStatus - At handler.go:189, the call to GetConsumerStatus passes identity and params.ClusterID, but looking at the implementation, it seems like the namespace lookup should work. However, double-check that the cluster context is being used correctly throughout the flow.

Suggestions

  • Duplicate konnector definitions - The YAML template in handleKonnectorManifests and the Go structs in ensureKonnector define the same resources. Consider generating one from the other to avoid drift.
  • Empty bindingName in non-UI flows - exportRequestName is only set for UI flows, so the response will include an empty BindingName for CLI flows. May want to omit the field entirely with omitempty behavior or always populate it.
  • Compiled assets in PR - The web/dist/ changes could be generated in CI rather than committed, reducing diff noise.

Nice work on the polling logic with seenOnce to handle cache lag, and the idempotent create-or-update patterns throughout.

@cnvergence cnvergence marked this pull request as draft April 17, 2026 11:23
@cnvergence

Copy link
Copy Markdown
Member Author

Keeping it as a draft again, need to clean the code a bit and put a write-up

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

On-behalf-of: @SAP karol.szwaj@sap.com
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

On-behalf-of: @SAP karol.szwaj@sap.com
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

On-behalf-of: @SAP karol.szwaj@sap.com
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

On-behalf-of: @SAP karol.szwaj@sap.com
…tails to the main page

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

On-behalf-of: @SAP karol.szwaj@sap.com
@cnvergence cnvergence force-pushed the add-ui-binding-flow branch from 3c4d782 to 8b996c6 Compare April 22, 2026 11:08
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

On-behalf-of: @SAP karol.szwaj@sap.com
@cnvergence cnvergence marked this pull request as ready for review April 22, 2026 11:26
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
@cnvergence cnvergence merged commit f3f89e7 into kbind-dev:main Apr 24, 2026
7 checks passed
@cnvergence cnvergence deleted the add-ui-binding-flow branch April 24, 2026 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feature: UI only binding flow

3 participants