Version: v1.0

Service Binding

Service binding trait will bind data from Kubernetes Secret to the application container’s ENV.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: TraitDefinition
  3. metadata:
  4.   annotations:
  5.     definition.oam.dev/description: "binding cloud resource secrets to pod env"
  6.   name: service-binding
  7. spec:
  8.   appliesToWorkloads:
  9.     - webservice
  10.     - worker
  11.   schematic:
  12.     cue:
  13.       template: |
  14.         patch: {
  15.             spec: template: spec: {
  16.                 // +patchKey=name
  17.                 containers: [{
  18.                     name: context.name
  19.                     // +patchKey=name
  20.                     env: [
  21.                         for envName, v in parameter.envMappings {
  22.                             name: envName
  23.                             valueFrom: {
  24.                                 secretKeyRef: {
  25.                                     name: v.secret
  26.                                     if v["key"] != _|_ {
  27.                                         key: v.key
  28.                                     }
  29.                                     if v["key"] == _|_ {
  30.                                         key: envName
  31.                                     }
  32.                                 }
  33.                             }
  34.                         },
  35.                     ]
  36.                 }]
  37.             }
  38.         }
  41.         parameter: {
  42.             // +usage=The mapping of environment variables to secret
  43.             envMappings: [string]: [string]: string
  44.         }

With the help of this service-binding trait, you can explicitly set parameter envMappings to mapping all environment names with secret key. Here is an example.

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: webapp
  5. spec:
  6.   components:
  7.     - name: express-server
  8.       type: webservice
  9.       properties:
  10.         image: zzxwill/flask-web-application:v0.3.1-crossplane
  11.         ports: 80
  12.       traits:
  13.         - type: service-binding
  14.           properties:
  15.             envMappings:
  16.               # environments refer to db-conn secret
  17.               DB_PASSWORD:
  18.                 secret: db-conn
  19.                 key: password                                     # 1) If the env name is different from secret key, secret key has to be set.
  20.               endpoint:
  21.                 secret: db-conn                                   # 2) If the env name is the same as the secret key, secret key can be omitted.
  22.               username:
  23.                 secret: db-conn
  26.     - name: sample-db
  27.       type: alibaba-rds
  28.       properties:
  29.         name: sample-db
  30.         engine: mysql
  31.         engineVersion: "8.0"
  32.         instanceClass: rds.mysql.c1.large
  33.         username: oamtest
  34.         secretName: db-conn