📖 Add APIBindings example #3207
Conversation
kcp-ci-bot
added
the
release-note-none
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kcp-ci-bot
added
size/M
|
Hi @SimonTheLeg. Thanks for your PR. I'm waiting for a kcp-dev member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
kcp-ci-bot
added
the
needs-ok-to-test
On-behalf-of: SAP [email protected] Signed-off-by: Simon Bein <[email protected]>
SimonTheLeg
force-pushed
the
docs-apibindings
branch
from
bd923f6 to
7ac5005
Compare
kcp-ci-bot
added
dco-signoff: yes
|
/ok-to-test |
kcp-ci-bot
added
ok-to-test
kcp-ci-bot
added
dco-signoff: no
Co-authored-by: Dr. Stefan Schimanski <[email protected]> On-behalf-of: SAP [email protected] Signed-off-by: Simon Bein <[email protected]>
On-behalf-of: SAP [email protected] Signed-off-by: Simon Bein <[email protected]>
SimonTheLeg
force-pushed
the
docs-apibindings
branch
from
595ad6b to
d10b444
Compare
kcp-ci-bot
added
dco-signoff: yes
|
addressed all comments. Ready for review again |
|
|
||
| [diagram1]: https://asciiflow.com/#/share/eJyrVspLzE1VssorzcnRUcpJrEwtUrJSqo5RqohRsrI0NdGJUaoEsozMzYCsktSKEiAnRkmBGPBoyh5qoZiYPGKtVFBwzs8rLs1NLVIIzy%2FKLi5ITE6FyJBgyIC4G5cMEYZgtVwhPDMlPbWkWMExwNMpMy8lMy%2BdFAOp5C44BXGNgiMWY6gY4igBgNUBTtgdAGQDw0khoCi%2FLDMFNfHgNMp5gPxCxeSJO4YR8YeqEilVuVYU5BeVKDya3kKCDdj5ONROw68WyS1BqcX5pUXJqcHJGam5iehx1vNoSgM10AT6xHATzlKsiZRcN4dKvl5C1xIDS9DgKMmICQyoqU24ZUgyBEcpRpYh6CURWYagl0EkGDKFSsljRoxSrVItAH%2FrdL4%3D | ||
|
|
||
| `APIBindings` are used to import API resources. They contain a reference to an `APIExport` using the namespace and workspace path of an `APIExport` and will bind all APIs defined in the `APIExport`. The reference path needs to be provided to you by the provider of the API or an external catalog solution. |
There was a problem hiding this comment.
| `APIBindings` are used to import API resources. They contain a reference to an `APIExport` using the namespace and workspace path of an `APIExport` and will bind all APIs defined in the `APIExport`. The reference path needs to be provided to you by the provider of the API or an external catalog solution. | |
| `APIBindings` are used to import API resources. They contain a reference to an `APIExport` using the name and workspace path of an `APIExport` and will bind all APIs defined in the `APIExport`. The reference path needs to be provided to you by the provider of the API or an external catalog solution if you don't have direct access to the workspace containing the `APIExport`. |
I think the "namespace" part here is wrong, APIExports are cluster-level resources. Maybe "name" was meant? In addition, I suggest a little clarification on how to get the APIExport path (if you have access directly, you don't need someone to give you the path; it's entirely possible that people make this choice).
|
|
||
| `APIBindings` are used to import API resources. They contain a reference to an `APIExport` using the namespace and workspace path of an `APIExport` and will bind all APIs defined in the `APIExport`. The reference path needs to be provided to you by the provider of the API or an external catalog solution. | ||
|
|
||
| Furthermore, `APIBindings` provide the `APIExport` owner access to additional resources defined in an `APIExport`'s `PermissionClaims` list. `PermissionClaims` must be accepted by the user explicitly, before this access is granted. The resources can be builtin Kubernetes resources or resources from other `APIExports`. |
There was a problem hiding this comment.
Nit: I think we shouldn't put permission claims in backticks, they aren't a standalone resource type. It would be more useful to put the JSONpath references to where permission claims are configured in APIExport and APIBindings.
| path: "root:api-provider" # path of your api-provider workspace | ||
| ``` | ||
|
|
||
| It should be noted that `APIBindings` do not create `CRDs` or `APIResourceSchemas`. Instead APIs are directly bound. |
There was a problem hiding this comment.
| It should be noted that `APIBindings` do not create `CRDs` or `APIResourceSchemas`. Instead APIs are directly bound. | |
| It should be noted that `APIBindings` do not create `CRDs` or `APIResourceSchemas` in the workspace. Instead APIs are directly bound. |
Strictly speaking (as far as I know), CRDs are created somewhere in the shadows, so let's make this sentence a little more precise.
| widgets example.kcp.io/v1alpha1 false Widget | ||
| ``` | ||
|
|
||
| Furthermore, you can use the `APIBinding.Status.BoundResources` field to precisely identify which `APIResourceSchemas` have been imported. |
There was a problem hiding this comment.
| Furthermore, you can use the `APIBinding.Status.BoundResources` field to precisely identify which `APIResourceSchemas` have been imported. | |
| Furthermore, you can use the `.status.boundResources` field of an `APIBinding` to precisely identify which `APIResourceSchemas` have been imported. |
I would say we should reference via JSONpath, not Go structs. That only makes sense if you develop a controller, and you usually don't write controllers that check an APIBinding status.
| path: "root:api-provider" # path of your api-provider workspace | ||
| ``` | ||
|
|
||
| It should be noted that `APIBindings` do not create `CRDs` or `APIResourceSchemas`. Instead APIs are directly bound. |
There was a problem hiding this comment.
Instead APIs are directly bound.
What does this mean?
|
|
||
| `APIBindings` are used to import API resources. They contain a reference to an `APIExport` using the namespace and workspace path of an `APIExport` and will bind all APIs defined in the `APIExport`. The reference path needs to be provided to you by the provider of the API or an external catalog solution. | ||
|
|
||
| Furthermore, `APIBindings` provide the `APIExport` owner access to additional resources defined in an `APIExport`'s `PermissionClaims` list. `PermissionClaims` must be accepted by the user explicitly, before this access is granted. The resources can be builtin Kubernetes resources or resources from other `APIExports`. |
There was a problem hiding this comment.
How are these permissions granted? Need an example in line with the APIExport sample above.
Summary
Adds an APIBinding example to fit with the example previously on the page and adds some more information on APIBindings/turns some of the bullets into full text.
The asciiflow link did not resolve for me and is also not rendered in the documentation at the moment, so I removed it.
Related issue(s)
Fixes #
Release Notes