Version: v1.1

Service Binding

Service binding trait will bind data from Kubernetes Secret to the application container’s ENV.

Specification

Properties

NameDescriptionTypeRequiredDefault
envMappingsThe mapping of environment variables to secretmap[string]#KeySecrettrue

KeySecret

NameDescriptionTypeRequiredDefault
keyif key is empty, we will use envMappings key insteadstringfalse
secretKubernetes secret namestringtrue

How to use

  1. Prepare a Kubernetes Secret

The secret can be manually created, or generated by other component or external system.

For example, we have a secret db-conn-example whose data is as below:

  1. endpoint: https://xxx.com
  2. password: 123
  3. username: myname
  1. Bind the Secret into your component by service-binding trait

For example, we have a webservice component who needs to consume a database. The database connection string should be set to Pod environments: endpoint, username and DB_PASSWORD.

We can set the properties for envMappings as below. For each environment, secret represents the secret name, and key represents the key of the secret.

Here is the complete properties for the trait.

  1. traits:
  2. - type: service-binding
  3.   properties:
  4.     envMappings:
  5.       DB_PASSWORD:
  6.         secret: db-conn-example
  7.         key: password            
  8.       endpoint:
  9.         secret: db-conn-example
  10.         key: endpoint
  11.       username:
  12.         secret: db-conn-example
  13.         key: username

In particular, if the environment name, like endpoint, is same to the key of the secret, we can omit the key. So we can simplify the properties as below.

  1. traits:
  2. - type: service-binding
  3.   properties:
  4.     envMappings:
  5.       DB_PASSWORD:
  6.         secret: db-conn-example
  7.         key: password            
  8.       endpoint:
  9.         secret: db-conn-example
  10.       username:
  11.         secret: db-conn-example

We can finally prepare an Application for the business component binding-test-comp to consume the secret, which is a representative of a database cloud resource.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: webapp
  5. spec:
  6.   components:
  7.     - name: binding-test-comp
  8.       type: webservice
  9.       properties:
  10.         image: zzxwill/flask-web-application:v0.3.1-crossplane
  11.         ports: 80
  12.       traits:
  13.         - type: service-binding
  14.           properties:
  15.             envMappings:
  16.               # environments refer to db-conn secret
  17.               DB_PASSWORD:
  18.                 secret: db-conn-example
  19.                 key: password            
  20.               endpoint:
  21.                 secret: db-conn-example
  22.               username:
  23.                 secret: db-conn-example

Deploy this YAML and the Secret db-conn-example will be binding into environment of workload.