{"id":25343890,"url":"https://github.com/appscode-cloud/kube-bind","last_synced_at":"2025-04-08T14:46:22.751Z","repository":{"id":66603259,"uuid":"579934741","full_name":"appscode-cloud/kube-bind","owner":"appscode-cloud","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-07T01:35:08.000Z","size":58698,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-02-14T11:05:32.506Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"kube-bind/kube-bind","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/appscode-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-19T10:02:28.000Z","updated_at":"2025-02-07T01:34:58.000Z","dependencies_parsed_at":"2024-03-28T10:56:43.151Z","dependency_job_id":"88040ba5-4a41-4c05-9a9c-5baddddf1fe1","html_url":"https://github.com/appscode-cloud/kube-bind","commit_stats":null,"previous_names":["kubeware/kubeware","bytebuilders/kube-bind"],"tags_count":41,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appscode-cloud%2Fkube-bind","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appscode-cloud%2Fkube-bind/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appscode-cloud%2Fkube-bind/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appscode-cloud%2Fkube-bind/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/appscode-cloud","download_url":"https://codeload.github.com/appscode-cloud/kube-bind/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247866114,"owners_count":21009238,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-14T10:59:22.031Z","updated_at":"2025-04-08T14:46:22.727Z","avatar_url":"https://github.com/appscode-cloud.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg alt=\"Logo\" width=\"196px\" style=\"margin-right: 30px;\" align=\"left\" src=\"./docs/images/logo.svg\"\u003e\u003c/img\u003e\n\n# kube-bind\n\n## What is it?\n\nkube-bind is a project that aims to provide better support for service providers and consumers that reside in distinct Kubernetes clusters. The code in this repo has been forked from the [kube-bind](https://github.com/kube-bind/kube-bind) project and adapted to meet the requirements of [AppsCode](https://appscode.com)'s Kubernetes native services. We would like to thank [Dr. Stefan Schimanski](https://github.com/sttts) for the `kube-bind` project.\n\n- A service provider defines its API in terms of CRDs and associated permission claims/limitations, and exports it for use from other clusters.\n- Service consumers identify the services they want to consume.\n- The service CRDs get installed in the service consumer clusters, with objects of the defined kinds written and read by the service consumers.\n- The service provider indirectly reads and writes those objects as the interface to the service that it provides.\n- The service provider does not inject controllers/operators into the service consumer's cluster.\n\n## Try it out\n\nThis is the 3 line pitch:\n\n```shell\n$ kubectl krew index add appscode https://github.com/appscode/krew-index.git\n$ kubectl krew install appscode/connect\n$ kubectl connect https://mangodb/exports\nRedirect to the brower to authenticate via OIDC.\nBOOM – the MangoDB API is available in the local cluster, \n       without anything MangoDB-specific running.\n$ kubectl get mangodbs \n```\n\n## For more information\n\nFor more information go to https://kubectl-bind.io or watch the [ContainerDays talk](https://www.youtube.com/watch?v=dg0g15Qv5Fo\u0026t=1s)\nor the [KubeCon talk](https://www.youtube.com/watch?v=Uv0ivz5xej4).\n\nThe kube-bind prototype is following this manifesto from the linked talk:\n\n![kube-bind manifesto](docs/images/manifesto.png)\n\n## Technical Overview\n\n\u003cimg alt=\"overview\" width=\"800px\" src=\"./docs/images/overview.png\"\u003e\u003c/img\u003e\n\nAll the actions shown between the clusters are done by the konnector, except: the pull at the start is done by the kubectl plugin that installs the konnector.\n\n## Usage\n\nTo run the current backend, there must be an OIDC issuer installed in place to do the\nthe oauth2 workflow.\n\nWe use dex to manage OIDC, following the steps below you can run a local OIDC issuer using dex:\n* First, clone the dex repo: `git clone https://github.com/dexidp/dex.git`\n* `cd dex` and then build the dex binary `make build`\n* The binary will be created in `bin/dex`\n* Adjust the config file(`examples/config-dev.yaml`) for dex by specifying the server callback method:\n```yaml\nstaticClients:\n- id: kube-bind\n  redirectURIs:\n  - 'http://127.0.0.1:8080/callback'\n  name: 'Kube Bind'\n```\n* Run dex: `./bin/dex serve examples/config-dev.yaml`\n\nNext you should be able to run the backend. For it you need a kubernetes cluster (e.g. kind)\naccessible.\n\n***Note: make sure before running the backend that you have the dex server up and running as mentioned above\nand that you have at least one k8s cluster. Take a look at the backend option in the cmd/main.go file***\n\n* apply the CRDs: `kubectl apply -f deploy/crd`\n* In order to populate binding list on website, we need a CRD with label `kube-bind.io/exported: true`. Apply example CRD: `kubectl apply -f deploy/examples/crd-mangodb.yaml`\n* start the backend binary with the right flags:\n```shell\n$ make build\n$ bin/example-backend \\\n  --oidc-issuer-client-secret=ZXhhbXBsZS1hcHAtc2VjcmV0 \\\n  --oidc-issuer-client-id=kube-bind \\\n  --oidc-issuer-url=http://127.0.0.1:5556/dex \\\n  --oidc-callback-url=http://127.0.0.1:8080/callback \\\n  --pretty-name=\"BigCorp.com\" \\\n  --namespace-prefix=\"kube-bind-\" \\\n  --cookie-signing-key=bGMHz7SR9XcI9JdDB68VmjQErrjbrAR9JdVqjAOKHzE= \\\n  --cookie-encryption-key=wadqi4u+w0bqnSrVFtM38Pz2ykYVIeeadhzT34XlC1Y=\n```\n\nwhere `ZXhhbXBsZS1hcHAtc2VjcmV0` matches the value of the dex config file.\n\nThe `--cookie-signing-key` and `--cookie-encryption-key` settings can be generated using:\n```shell\n$ openssl rand -base64 32\nWQh88mNOY0Z3tLy1/WOud7qIEEBxz+POc4j8BsYenYo=\n```\n\nThe `--cookie-signing-key` option is required and supports 32 and 64 byte lengths.\nThe `--cookie-encryption-key` option is optional and supports byte lengths of 16, 24, 32 for AES-128, AES-192, or AES-256.\n\n* with a KUBECONFIG against another cluster (a consumer cluster) bind a service: `kubectl bind http://127.0.0.1:8080/export`.\n\n## Copyright\n\n- Copyright 2024 AppsCode Inc. and Contributors.\n- Copyright 2022-2023 The Kube Bind Authors.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappscode-cloud%2Fkube-bind","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fappscode-cloud%2Fkube-bind","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappscode-cloud%2Fkube-bind/lists"}