Binding Configuration and Secrets
Service binding trait will bind data from Kubernetes Secret
to the application container's ENV.
Note:
service-binding
trait is hidden by default inVelaUX
, you can use it in CLI.
How to use
- Prepare a Kubernetes Secret
The secret can be manually created, or generated by other component or external system.
For example, we have a secret db-conn-example
whose data is as below:
endpoint: https://xxx.com
password: 123
username: myname
- Bind the Secret into your component by
service-binding
trait
For example, we have a webservice component who needs to consume a database. The database connection string should be set
to Pod environments: endpoint
, username
and DB_PASSWORD
.
We can set the properties for envMappings as below. For each environment, secret
represents the secret name, and key
represents the key of the secret.
Here is the complete properties for the trait.
traits:
- type: service-binding
properties:
envMappings:
DB_PASSWORD:
secret: db-conn-example
key: password
endpoint:
secret: db-conn-example
key: endpoint
username:
secret: db-conn-example
key: username
In particular, if the environment name, like endpoint
, is same to the key
of the secret, we can omit the key
.
So we can simplify the properties as below.
traits:
- type: service-binding
properties:
envMappings:
DB_PASSWORD:
secret: db-conn-example
key: password
endpoint:
secret: db-conn-example
username:
secret: db-conn-example
We can finally prepare an Application for the business component binding-test-comp
to consume the secret, which is a
representative of a database cloud resource.
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: webapp
spec:
components:
- name: binding-test-comp
type: webservice
properties:
image: zzxwill/flask-web-application:v0.3.1-crossplane
ports: 80
traits:
- type: service-binding
properties:
envMappings:
# environments refer to db-conn secret
DB_PASSWORD:
secret: db-conn-example
key: password
endpoint:
secret: db-conn-example
username:
secret: db-conn-example
Deploy this YAML and the Secret db-conn-example
will be binding into environment of workload.