diff --git a/apis/kubebind/v1alpha1/apiservicebinding_types.go b/apis/kubebind/v1alpha1/apiservicebinding_types.go index f50dbf29..7c9fc726 100644 --- a/apis/kubebind/v1alpha1/apiservicebinding_types.go +++ b/apis/kubebind/v1alpha1/apiservicebinding_types.go @@ -85,17 +85,17 @@ func (in *APIServiceBinding) SetConditions(conditions conditionsapi.Conditions) } type APIServiceBindingSpec struct { - // kubeconfigSecretName is the secret ref that contains the kubeconfig of the service cluster. - // // +required // +kubebuilder:validation:Required - KubeconfigSecretRefs []ClusterSecretKeyRef `json:"kubeconfigSecretRefs"` + // Providers contains the provider ClusterIdentity and KubeconfigSecretRef of the provider cluster + Providers []Provider `json:"providers,omitempty"` } type Provider struct { ClusterIdentity `json:",inline"` + RemoteNamespace string `json:"remoteNamespace,omitempty"` - Kubeconfig *ClusterSecretKeyRef `json:"kubeconfigs,omitempty"` + Kubeconfig ClusterSecretKeyRef `json:"kubeconfig,omitempty"` } type ClusterIdentity struct { @@ -104,9 +104,6 @@ type ClusterIdentity struct { } type APIServiceBindingStatus struct { - // Providers contains the provider ClusterIdentity and KubeconfigSecretRef of the provider cluster - Providers []Provider `json:"providers,omitempty"` - // conditions is a list of conditions that apply to the APIServiceBinding. Conditions conditionsapi.Conditions `json:"conditions,omitempty"` } diff --git a/apis/kubebind/v1alpha1/zz_generated.deepcopy.go b/apis/kubebind/v1alpha1/zz_generated.deepcopy.go index 314fc6d4..30745cb4 100644 --- a/apis/kubebind/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kubebind/v1alpha1/zz_generated.deepcopy.go @@ -91,9 +91,9 @@ func (in *APIServiceBindingList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APIServiceBindingSpec) DeepCopyInto(out *APIServiceBindingSpec) { *out = *in - if in.KubeconfigSecretRefs != nil { - in, out := &in.KubeconfigSecretRefs, &out.KubeconfigSecretRefs - *out = make([]ClusterSecretKeyRef, len(*in)) + if in.Providers != nil { + in, out := &in.Providers, &out.Providers + *out = make([]Provider, len(*in)) copy(*out, *in) } return @@ -112,13 +112,6 @@ func (in *APIServiceBindingSpec) DeepCopy() *APIServiceBindingSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APIServiceBindingStatus) DeepCopyInto(out *APIServiceBindingStatus) { *out = *in - if in.Providers != nil { - in, out := &in.Providers, &out.Providers - *out = make([]Provider, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions *out = make(v1.Conditions, len(*in)) @@ -908,11 +901,7 @@ func (in *OAuth2CodeGrant) DeepCopy() *OAuth2CodeGrant { func (in *Provider) DeepCopyInto(out *Provider) { *out = *in out.ClusterIdentity = in.ClusterIdentity - if in.Kubeconfig != nil { - in, out := &in.Kubeconfig, &out.Kubeconfig - *out = new(ClusterSecretKeyRef) - **out = **in - } + out.Kubeconfig = in.Kubeconfig return } diff --git a/contrib/example-backend/controllers/clusterbinding/clusterbinding_reconcile.go b/contrib/example-backend/controllers/clusterbinding/clusterbinding_reconcile.go index d5aa547d..b87057c7 100644 --- a/contrib/example-backend/controllers/clusterbinding/clusterbinding_reconcile.go +++ b/contrib/example-backend/controllers/clusterbinding/clusterbinding_reconcile.go @@ -60,9 +60,9 @@ type reconciler struct { func (r *reconciler) reconcile(ctx context.Context, clusterBinding *v1alpha1.ClusterBinding) error { var errs []error - if err := r.ensureKubeSystemNSAccess(ctx, clusterBinding); err != nil { - errs = append(errs, err) - } + //if err := r.ensureKubeSystemNSAccess(ctx, clusterBinding); err != nil { + // errs = append(errs, err) + //} r.ensureClusterBindingConditions(clusterBinding) if err := r.ensureRBACRoleBinding(ctx, clusterBinding); err != nil { errs = append(errs, err) diff --git a/crds/kube-bind.appscode.com_apiservicebindings.yaml b/crds/kube-bind.appscode.com_apiservicebindings.yaml index d1b54fc4..f986e57c 100644 --- a/crds/kube-bind.appscode.com_apiservicebindings.yaml +++ b/crds/kube-bind.appscode.com_apiservicebindings.yaml @@ -55,33 +55,42 @@ spec: description: spec specifies how an API service from a service provider should be bound in the local consumer cluster. properties: - kubeconfigSecretRefs: - description: kubeconfigSecretName is the secret ref that contains - the kubeconfig of the service cluster. + providers: + description: Providers contains the provider ClusterIdentity and KubeconfigSecretRef + of the provider cluster items: properties: - key: - description: The key of the secret to select from. Must be - "kubeconfig". - enum: - - kubeconfig + clusterName: type: string - name: - description: Name of the referent. - minLength: 1 + clusterUID: type: string - namespace: - description: Namespace of the referent. - minLength: 1 + kubeconfig: + properties: + key: + description: The key of the secret to select from. Must + be "kubeconfig". + enum: + - kubeconfig + type: string + name: + description: Name of the referent. + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + minLength: 1 + type: string + required: + - key + - name + - namespace + type: object + remoteNamespace: type: string - required: - - key - - name - - namespace type: object type: array required: - - kubeconfigSecretRefs + - providers type: object status: description: status contains reconciliation information for a service @@ -139,38 +148,6 @@ spec: - type type: object type: array - providers: - description: Providers contains the provider ClusterIdentity and KubeconfigSecretRef - of the provider cluster - items: - properties: - clusterName: - type: string - clusterUID: - type: string - kubeconfigs: - properties: - key: - description: The key of the secret to select from. Must - be "kubeconfig". - enum: - - kubeconfig - type: string - name: - description: Name of the referent. - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - minLength: 1 - type: string - required: - - key - - name - - namespace - type: object - type: object - type: array type: object type: object served: true diff --git a/hack/examples/docker-machine.yaml b/hack/examples/docker-machine.yaml index 56c15be5..829cd2ac 100644 --- a/hack/examples/docker-machine.yaml +++ b/hack/examples/docker-machine.yaml @@ -5,7 +5,7 @@ metadata: namespace: demo annotations: # provider.kube-bind.appscode.com/cluster-id: 71a87546-b339-45ee-bca5-033d277faca2 - provider.kube-bind.appscode.com/cluster-id: e95736c6-06f2-43ae-9f17-bbcc0c38c4ed + provider.kube-bind.appscode.com/cluster-id: 68d95713-cdbf-4fc1-96ed-ca2fc743ec7c spec: driver: name: google diff --git a/pkg/indexers/servicebinding.go b/pkg/indexers/servicebinding.go index 96221d2c..5115f1fc 100644 --- a/pkg/indexers/servicebinding.go +++ b/pkg/indexers/servicebinding.go @@ -33,10 +33,10 @@ func IndexServiceBindingByKubeconfigSecret(obj interface{}) ([]string, error) { } func ByServiceBindingKubeconfigSecretKey(binding *kubebindv1alpha1.APIServiceBinding) []string { - refs := binding.Spec.KubeconfigSecretRefs + ps := binding.Spec.Providers var secretRefs []string - for _, ref := range refs { - secretRefs = append(secretRefs, ref.Namespace+"/"+ref.Name) + for _, p := range ps { + secretRefs = append(secretRefs, p.Kubeconfig.Namespace+"/"+p.Kubeconfig.Name) } return secretRefs } diff --git a/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_controller.go b/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_controller.go index 16584ff4..f4d71c32 100644 --- a/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_controller.go +++ b/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_controller.go @@ -101,6 +101,15 @@ func NewController( heartbeatInterval: heartbeatInterval, providerInfos: providerInfos, + updateServiceBinding: func(ctx context.Context, sbinding *v1alpha1.APIServiceBinding) error { + if _, err = consumerBindClient.KubeBindV1alpha1().APIServiceBindings().Update(ctx, sbinding, metav1.UpdateOptions{}); err != nil { + return err + } + return nil + }, + getServiceBinding: func(ctx context.Context) (*v1alpha1.APIServiceBindingList, error) { + return consumerBindClient.KubeBindV1alpha1().APIServiceBindings().List(ctx, metav1.ListOptions{}) + }, getProviderInfo: func(clusterID string) (*konnectormodels.ProviderInfo, error) { for _, provider := range providerInfos { if provider.ClusterID == clusterID { diff --git a/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_reconcile.go b/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_reconcile.go index a92f40b4..8ed014a6 100644 --- a/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_reconcile.go +++ b/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_reconcile.go @@ -18,6 +18,7 @@ package clusterbinding import ( "context" + "fmt" "time" kubebindv1alpha1 "go.bytebuilders.dev/kube-bind/apis/kubebind/v1alpha1" @@ -38,6 +39,8 @@ import ( type reconciler struct { heartbeatInterval time.Duration + updateServiceBinding func(ctx context.Context, sbinding *kubebindv1alpha1.APIServiceBinding) error + getServiceBinding func(ctx context.Context) (*kubebindv1alpha1.APIServiceBindingList, error) getProviderSecret func(porvider *konnectormodels.ProviderInfo) (*corev1.Secret, error) getConsumerSecret func(provider *konnectormodels.ProviderInfo) (*corev1.Secret, error) updateConsumerSecret func(ctx context.Context, secret *corev1.Secret) (*corev1.Secret, error) @@ -66,11 +69,40 @@ func (r *reconciler) reconcile(ctx context.Context, binding *kubebindv1alpha1.Cl errs = append(errs, err) } + if err := r.ensureRightScopedServiceBinding(ctx, binding); err != nil { + errs = append(errs, err) + } + conditions.SetSummary(binding) return utilerrors.NewAggregate(errs) } +func (r *reconciler) ensureRightScopedServiceBinding(ctx context.Context, binding *kubebindv1alpha1.ClusterBinding) error { + // return error if provider info is not set in clusterBinding status + if binding.Status.Provider.ClusterName == "" || binding.Status.Provider.ClusterUID == "" { + return fmt.Errorf("cluster name or uid is missing in ClusterBinding status") + } + + sblist, err := r.getServiceBinding(ctx) + if err != nil { + return err + } + for _, sb := range sblist.Items { + for i := range sb.Spec.Providers { + if sb.Spec.Providers[i].RemoteNamespace == binding.Namespace && (sb.Spec.Providers[i].ClusterUID == "" || sb.Spec.Providers[i].ClusterName == "") { + sb.Spec.Providers[i].ClusterUID = binding.Status.Provider.ClusterUID + sb.Spec.Providers[i].ClusterName = binding.Status.Provider.ClusterName + if err = r.updateServiceBinding(ctx, &sb); err != nil { + return err + } + break + } + } + } + return nil +} + func (r *reconciler) ensureHeartbeat(ctx context.Context, binding *kubebindv1alpha1.ClusterBinding) error { binding.Status.HeartbeatInterval.Duration = r.heartbeatInterval if now := time.Now(); binding.Status.LastHeartbeatTime.IsZero() || now.After(binding.Status.LastHeartbeatTime.Add(r.heartbeatInterval/2)) { diff --git a/pkg/konnector/controllers/cluster/servicebinding/servicebinding_reconcile.go b/pkg/konnector/controllers/cluster/servicebinding/servicebinding_reconcile.go index dc87e1d3..2b165e07 100644 --- a/pkg/konnector/controllers/cluster/servicebinding/servicebinding_reconcile.go +++ b/pkg/konnector/controllers/cluster/servicebinding/servicebinding_reconcile.go @@ -64,9 +64,9 @@ func (r *reconciler) reconcile(ctx context.Context, binding *v1alpha1.APIService errs = append(errs, err) } - if err := r.ensureClusterName(ctx, binding); err != nil { - errs = append(errs, err) - } + //if err := r.ensureClusterName(ctx, binding); err != nil { + // errs = append(errs, err) + //} conditions.SetSummary(binding) @@ -197,26 +197,26 @@ func (r *reconciler) ensureCRDs(ctx context.Context, binding *v1alpha1.APIServic return utilerrors.NewAggregate(errs) } -func (r *reconciler) ensureClusterName(ctx context.Context, binding *v1alpha1.APIServiceBinding) error { - binding.Status.Providers = []v1alpha1.Provider{} - for _, provider := range r.providerInfos { - clusterBinding, err := r.getClusterBinding(ctx, provider) - if err != nil && !errors.IsNotFound(err) { - return err - } else if errors.IsNotFound(err) { - return nil - } - prov := v1alpha1.Provider{} - prov.Kubeconfig = &v1alpha1.ClusterSecretKeyRef{ - LocalSecretKeyRef: clusterBinding.Spec.KubeconfigSecretRef, - Namespace: clusterBinding.Namespace, - } - if clusterBinding.Status.Provider != nil { - prov.ClusterIdentity.ClusterName = clusterBinding.Spec.ProviderClusterName - prov.ClusterIdentity.ClusterUID = clusterBinding.Status.Provider.ClusterUID - } - binding.Status.Providers = append(binding.Status.Providers, prov) - } - - return nil -} +//func (r *reconciler) ensureClusterName(ctx context.Context, binding *v1alpha1.APIServiceBinding) error { +// binding.Status.Providers = []v1alpha1.Provider{} +// for _, provider := range r.providerInfos { +// clusterBinding, err := r.getClusterBinding(ctx, provider) +// if err != nil && !errors.IsNotFound(err) { +// return err +// } else if errors.IsNotFound(err) { +// return nil +// } +// prov := v1alpha1.Provider{} +// prov.Kubeconfig = &v1alpha1.ClusterSecretKeyRef{ +// LocalSecretKeyRef: clusterBinding.Spec.KubeconfigSecretRef, +// Namespace: clusterBinding.Namespace, +// } +// if clusterBinding.Status.Provider != nil { +// prov.ClusterIdentity.ClusterName = clusterBinding.Spec.ProviderClusterName +// prov.ClusterIdentity.ClusterUID = clusterBinding.Status.Provider.ClusterUID +// } +// binding.Status.Providers = append(binding.Status.Providers, prov) +// } +// +// return nil +//} diff --git a/pkg/konnector/controllers/servicebinding/servicebinding_reconcile.go b/pkg/konnector/controllers/servicebinding/servicebinding_reconcile.go index 1acef380..ff605ed6 100644 --- a/pkg/konnector/controllers/servicebinding/servicebinding_reconcile.go +++ b/pkg/konnector/controllers/servicebinding/servicebinding_reconcile.go @@ -46,8 +46,8 @@ func (r *reconciler) reconcile(ctx context.Context, binding *kubebindv1alpha1.AP } func (r *reconciler) ensureValidKubeconfigSecret(ctx context.Context, binding *kubebindv1alpha1.APIServiceBinding) error { - for _, ref := range binding.Spec.KubeconfigSecretRefs { - secret, err := r.getConsumerSecret(ref.Namespace, ref.Name) + for _, p := range binding.Spec.Providers { + secret, err := r.getConsumerSecret(p.Kubeconfig.Namespace, p.Kubeconfig.Name) if err != nil && !errors.IsNotFound(err) { return err } else if errors.IsNotFound(err) { @@ -57,12 +57,12 @@ func (r *reconciler) ensureValidKubeconfigSecret(ctx context.Context, binding *k "KubeconfigSecretNotFound", conditionsapi.ConditionSeverityError, "Kubeconfig secret %s/%s not found. Rerun kubectl bind for repair.", - ref.Namespace, ref.Name, + p.Kubeconfig.Namespace, p.Kubeconfig.Name, ) return nil } - kubeconfig, found := secret.Data[ref.Key] + kubeconfig, found := secret.Data[p.Kubeconfig.Key] if !found { conditions.MarkFalse( binding, @@ -70,9 +70,9 @@ func (r *reconciler) ensureValidKubeconfigSecret(ctx context.Context, binding *k "KubeconfigSecretInvalid", conditionsapi.ConditionSeverityError, "Kubeconfig secret %s/%s is missing %q string key.", - ref.Namespace, - ref.Name, - ref.Key, + p.Kubeconfig.Namespace, + p.Kubeconfig.Name, + p.Kubeconfig.Key, ) return nil } @@ -85,8 +85,8 @@ func (r *reconciler) ensureValidKubeconfigSecret(ctx context.Context, binding *k "KubeconfigSecretInvalid", conditionsapi.ConditionSeverityError, "Kubeconfig secret %s/%s has an invalid kubeconfig: %v", - ref.Namespace, - ref.Name, + p.Kubeconfig.Namespace, + p.Kubeconfig.Name, err, ) return nil @@ -99,8 +99,8 @@ func (r *reconciler) ensureValidKubeconfigSecret(ctx context.Context, binding *k "KubeconfigSecretInvalid", conditionsapi.ConditionSeverityError, "Kubeconfig secret %s/%s has an invalid kubeconfig: current context %q not found", - ref.Namespace, - ref.Name, + p.Kubeconfig.Namespace, + p.Kubeconfig.Name, cfg.CurrentContext, ) return nil @@ -112,8 +112,8 @@ func (r *reconciler) ensureValidKubeconfigSecret(ctx context.Context, binding *k "KubeconfigSecretInvalid", conditionsapi.ConditionSeverityError, "Kubeconfig secret %s/%s has an invalid kubeconfig: current context %q has no namespace set", - ref.Namespace, - ref.Name, + p.Kubeconfig.Namespace, + p.Kubeconfig.Name, cfg.CurrentContext, ) return nil @@ -125,8 +125,8 @@ func (r *reconciler) ensureValidKubeconfigSecret(ctx context.Context, binding *k "KubeconfigSecretInvalid", conditionsapi.ConditionSeverityError, "Kubeconfig secret %s/%s has an invalid kubeconfig: %v", - ref.Namespace, - ref.Name, + p.Kubeconfig.Namespace, + p.Kubeconfig.Name, err, ) return nil diff --git a/pkg/konnector/konnector_controller.go b/pkg/konnector/konnector_controller.go index 6a64e2d1..da8cee4a 100644 --- a/pkg/konnector/konnector_controller.go +++ b/pkg/konnector/konnector_controller.go @@ -59,7 +59,10 @@ func New( namespaceInformer coreinformers.NamespaceInformer, crdInformer crdinformers.CustomResourceDefinitionInformer, ) (*Controller, error) { - queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), controllerName) + // queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), controllerName) + queue := workqueue.NewRateLimitingQueueWithConfig(workqueue.DefaultControllerRateLimiter(), workqueue.RateLimitingQueueConfig{ + Name: controllerName, + }) logger := klog.Background().WithValues("Controller", controllerName) diff --git a/pkg/konnector/konnector_reconcile.go b/pkg/konnector/konnector_reconcile.go index 306fa5a3..f0198a6f 100644 --- a/pkg/konnector/konnector_reconcile.go +++ b/pkg/konnector/konnector_reconcile.go @@ -26,15 +26,12 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" - kubernetesclient "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" "k8s.io/klog/v2" ) -const namespaceKubeSystem = "kube-system" - +// const namespaceKubeSystem = "kube-system" type startable interface { Start(ctx context.Context) } @@ -56,7 +53,7 @@ type controllerContext struct { } type providerIdentifier struct { - kubeconfig, secretRefName, secretRefNamespace string + kubeconfig, secretRefName, secretRefNamespace, clusterUID string } func (r *reconciler) reconcile(ctx context.Context, binding *kubebindv1alpha1.APIServiceBinding) error { @@ -65,20 +62,24 @@ func (r *reconciler) reconcile(ctx context.Context, binding *kubebindv1alpha1.AP var kubeconfigs []string var identifiers []providerIdentifier - refs := binding.Spec.KubeconfigSecretRefs - for _, ref := range refs { - secret, err := r.getSecret(ref.Namespace, ref.Name) + for _, p := range binding.Spec.Providers { + secret, err := r.getSecret(p.Kubeconfig.Namespace, p.Kubeconfig.Name) if err != nil && !errors.IsNotFound(err) { return err } else if errors.IsNotFound(err) { - logger.V(2).Info("secret not found", "secret", ref.Namespace+"/"+ref.Name) + logger.V(2).Info("secret not found", "secret", p.Kubeconfig.Namespace+"/"+p.Kubeconfig.Name) } else { - kubeconfigs = append(kubeconfigs, string(secret.Data[ref.Key])) - identifiers = append(identifiers, providerIdentifier{ - kubeconfig: string(secret.Data[ref.Key]), - secretRefName: ref.Name, - secretRefNamespace: ref.Namespace, - }) + kubeconfigs = append(kubeconfigs, string(secret.Data[p.Kubeconfig.Key])) + idf := providerIdentifier{ + kubeconfig: string(secret.Data[p.Kubeconfig.Key]), + secretRefName: p.Kubeconfig.Name, + secretRefNamespace: p.Kubeconfig.Namespace, + } + if p.ClusterUID != "" { + idf.clusterUID = p.ClusterUID + } + + identifiers = append(identifiers, idf) } } @@ -141,16 +142,18 @@ func (r *reconciler) reconcile(ctx context.Context, binding *kubebindv1alpha1.AP provider.ConsumerSecretRefKey = identifier.secretRefNamespace + "/" + identifier.secretRefName // set cluster uid - kubeclient, err := kubernetesclient.NewForConfig(provider.Config) - if err != nil { - return err - } - ns, err := kubeclient.CoreV1().Namespaces().Get(ctx, namespaceKubeSystem, metav1.GetOptions{}) - if err != nil { - klog.Error(err.Error()) - return err - } - provider.ClusterID = string(ns.GetUID()) + //kubeclient, err := kubernetesclient.NewForConfig(provider.Config) + //if err != nil { + // return err + //} + //ns, err := kubeclient.CoreV1().Namespaces().Get(ctx, namespaceKubeSystem, metav1.GetOptions{}) + //if err != nil { + // klog.Error(err.Error()) + // return err + //} + //provider.ClusterID = string(ns.GetUID()) + + provider.ClusterID = identifier.clusterUID providerInfos = append(providerInfos, &provider) } diff --git a/pkg/kubectl/bind-apiservice/plugin/bind.go b/pkg/kubectl/bind-apiservice/plugin/bind.go index f7cfab35..d9a80749 100644 --- a/pkg/kubectl/bind-apiservice/plugin/bind.go +++ b/pkg/kubectl/bind-apiservice/plugin/bind.go @@ -172,7 +172,7 @@ func (b *BindAPIServiceOptions) Run(ctx context.Context) error { if err != nil { return err } - bindings, err := b.createAPIServiceBindings(ctx, config, result, secretName) + bindings, err := b.createAPIServiceBindings(ctx, config, result, secretName, remoteNamespace) if err != nil { return err } diff --git a/pkg/kubectl/bind-apiservice/plugin/konnector.go b/pkg/kubectl/bind-apiservice/plugin/konnector.go index 1db1ba7a..1028f36e 100644 --- a/pkg/kubectl/bind-apiservice/plugin/konnector.go +++ b/pkg/kubectl/bind-apiservice/plugin/konnector.go @@ -40,8 +40,7 @@ import ( ) const ( - // konnectorImage = "ghcr.io/kube-bind/konnector" - konnectorImage = "superm4n/konnector" + konnectorImage = "ghcr.io/kube-bind/konnector" ) // nolint: unused @@ -71,7 +70,7 @@ func (b *BindAPIServiceOptions) deployKonnector(ctx context.Context, config *res } if b.KonnectorImageOverride != "" { - fmt.Fprintf(b.Options.ErrOut, "🚀 Deploying konnector %s to namespace kube-bind with custom image %q.\n", bindVersion, b.KonnectorImageOverride) // nolint: errcheck + fmt.Fprintf(b.Options.ErrOut, "🚀 Deploying konnector %s to namespace %s with custom image %q.\n", bindVersion, models.KonnectorNamespace, b.KonnectorImageOverride) // nolint: errcheck if err := konnector.Bootstrap(ctx, discoveryClient, dynamicClient, b.KonnectorImageOverride); err != nil { return err } diff --git a/pkg/kubectl/bind-apiservice/plugin/servicebindings.go b/pkg/kubectl/bind-apiservice/plugin/servicebindings.go index dce6e2e9..ce178603 100644 --- a/pkg/kubectl/bind-apiservice/plugin/servicebindings.go +++ b/pkg/kubectl/bind-apiservice/plugin/servicebindings.go @@ -35,7 +35,7 @@ import ( "kmodules.xyz/client-go/conditions" ) -func (b *BindAPIServiceOptions) createAPIServiceBindings(ctx context.Context, config *rest.Config, request *v1alpha1.APIServiceExportRequest, secretName string) ([]*v1alpha1.APIServiceBinding, error) { +func (b *BindAPIServiceOptions) createAPIServiceBindings(ctx context.Context, config *rest.Config, request *v1alpha1.APIServiceExportRequest, secretName, remoteNs string) ([]*v1alpha1.APIServiceBinding, error) { bindClient, err := bindclient.NewForConfig(config) if err != nil { return nil, err @@ -52,30 +52,30 @@ func (b *BindAPIServiceOptions) createAPIServiceBindings(ctx context.Context, co if err != nil && !apierrors.IsNotFound(err) { return nil, err } else if err == nil { - //if existing.Spec.KubeconfigSecretRef.Namespace != "kube-bind" || existing.Spec.KubeconfigSecretRef.Name != secretName { - // return nil, fmt.Errorf("found existing APIServiceBinding %s not from this service provider", name) - //} - hasSecret := false - for _, secRef := range existing.Spec.KubeconfigSecretRefs { - if secRef.Namespace == models.KonnectorNamespace && secRef.Name == secretName { + for _, p := range existing.Spec.Providers { + if p.Kubeconfig.Namespace == models.KonnectorNamespace && p.Kubeconfig.Name == secretName { hasSecret = true fmt.Fprintf(b.Options.IOStreams.ErrOut, "✅ Existing APIServiceBinding \"%s\" already has the secret \"%s\".\n", existing.Name, secretName) // nolint: errcheck break } } + if hasSecret { continue } fmt.Fprintf(b.Options.IOStreams.ErrOut, "✅ Updating existing APIServiceBinding %s.\n", existing.Name) // nolint: errcheck - existing.Spec.KubeconfigSecretRefs = append(existing.Spec.KubeconfigSecretRefs, v1alpha1.ClusterSecretKeyRef{ - LocalSecretKeyRef: v1alpha1.LocalSecretKeyRef{ - Name: secretName, - Key: "kubeconfig", + existing.Spec.Providers = append(existing.Spec.Providers, v1alpha1.Provider{ + Kubeconfig: v1alpha1.ClusterSecretKeyRef{ + LocalSecretKeyRef: v1alpha1.LocalSecretKeyRef{ + Name: secretName, + Key: "kubeconfig", + }, + Namespace: models.KonnectorNamespace, }, - Namespace: models.KonnectorNamespace, + RemoteNamespace: remoteNs, }) existing, err = bindClient.KubeBindV1alpha1().APIServiceBindings().Update(ctx, existing, metav1.UpdateOptions{}) @@ -110,13 +110,16 @@ func (b *BindAPIServiceOptions) createAPIServiceBindings(ctx context.Context, co Namespace: models.KonnectorNamespace, }, Spec: v1alpha1.APIServiceBindingSpec{ - KubeconfigSecretRefs: []v1alpha1.ClusterSecretKeyRef{ + Providers: []v1alpha1.Provider{ { - LocalSecretKeyRef: v1alpha1.LocalSecretKeyRef{ - Name: secretName, - Key: "kubeconfig", + Kubeconfig: v1alpha1.ClusterSecretKeyRef{ + LocalSecretKeyRef: v1alpha1.LocalSecretKeyRef{ + Name: secretName, + Key: "kubeconfig", + }, + Namespace: models.KonnectorNamespace, }, - Namespace: models.KonnectorNamespace, + RemoteNamespace: remoteNs, }, }, }, diff --git a/pkg/kubectl/bind/plugin/bind.go b/pkg/kubectl/bind/plugin/bind.go index 3c651814..f6c8f4cd 100644 --- a/pkg/kubectl/bind/plugin/bind.go +++ b/pkg/kubectl/bind/plugin/bind.go @@ -279,7 +279,7 @@ func (b *BindOptions) Run(ctx context.Context, urlCh chan<- string) error { "--remote-kubeconfig-name", secret.Name, // comment the remote namespace "--remote-namespace", remoteNamespace, - "--konnector-image", "superm4n/konnector:latest", + //"--konnector-image", "superm4n/konnector:v0.5.0_linux_amd64", "-f", "-", } b.flags.VisitAll(func(flag *pflag.Flag) {