kubevela
/
kubevela.github.io
mirror of https://github.com/kubevela/kubevela.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubevela.github.io/docs/end-user/traits/service-binding.md

3.0 KiB
Raw Blame History

title
Service Binding

Service binding trait will bind data from Kubernetes Secret to the application container's ENV.

Specification

Properties

Name Description Type Required Default
envMappings The mapping of environment variables to secret map[string]#KeySecret true

KeySecret

Name Description Type Required Default
key if key is empty, we will use envMappings key instead string false
secret Kubernetes secret name string true

How to use

  1. Prepare a Kubernetes Secret

The secret can be manually created, or generated by other component or external system.

For example, we have a secret db-conn-example whose data is as below:

endpoint: https://xxx.com
password: 123
username: myname
  1. Bind the Secret into your component by service-binding trait

For example, we have a webservice component who needs to consume a database. The database connection string should be set to Pod environments: endpoint, username and DB_PASSWORD.

We can set the properties for envMappings as below. For each environment, secret represents the secret name, and key represents the key of the secret.

Here is the complete properties for the trait.

traits:
- type: service-binding
  properties:
    envMappings:
      DB_PASSWORD:
        secret: db-conn-example
        key: password            
      endpoint:
        secret: db-conn-example
        key: endpoint
      username:
        secret: db-conn-example
        key: username

In particular, if the environment name, like endpoint, is same to the key of the secret, we can omit the key. So we can simplify the properties as below.

traits:
- type: service-binding
  properties:
    envMappings:
      DB_PASSWORD:
        secret: db-conn-example
        key: password            
      endpoint:
        secret: db-conn-example
      username:
        secret: db-conn-example

We can finally prepare an Application for the business component binding-test-comp to consume the secret, which is a representative of a database cloud resource.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: webapp
spec:
  components:
    - name: binding-test-comp
      type: webservice
      properties:
        image: zzxwill/flask-web-application:v0.3.1-crossplane
        ports: 80
      traits:
        - type: service-binding
          properties:
            envMappings:
              # environments refer to db-conn secret
              DB_PASSWORD:
                secret: db-conn-example
                key: password            
              endpoint:
                secret: db-conn-example
              username:
                secret: db-conn-example

Deploy this YAML and the Secret db-conn-example will be binding into environment of workload.