Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Direct Secret Reference extension #104

Merged
merged 2 commits into from
Oct 13, 2020
Merged

Add Direct Secret Reference extension #104

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
443c927
Add Direct Secret Reference extension
baijum Sep 21, 2020
94062aa
Quote the word `Secret` for consistency
baijum Sep 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ Behavior within the project is governed by the [Contributor Covenant Code of Con
- [Custom Projection Service Binding Example Resource](#custom-projection-service-binding-example-resource)
- [Resource Type Schema](#resource-type-schema-2)
- [Service Binding Projection Example Resource](#service-binding-projection-example-resource)
- [Direct Secret Reference](#direct-secret-reference)
- [Direct Secret Reference Example Resource](#direct-secret-reference-example-resource)
- [Binding `Secret` Generation Strategies](#binding-secret-generation-strategies)
- [OLM Operator Descriptors](#olm-operator-descriptors)
- [Descriptor Examples](#descriptor-examples)
Expand Down Expand Up @@ -492,6 +494,39 @@ status:
status: 'True'
```

## Direct Secret Reference

There are scenarios where an appropriate resource conforming to the Provisioned Service duck-type does not exist, but there is a `Secret` available for binding. This extension allows a `ServiceBinding` resource to directly reference a secret.
baijum marked this conversation as resolved.
Show resolved Hide resolved

When the `.spec.service.kind` attribute is `Secret` and `.spec.service.apiVersion` is `v1`, the `.spec.service.name` attribute **MUST** be treated as `.status.binding.name` for a Provisioned Service.

### Direct Secret Reference Example Resource

```yaml
apiVersion: service.binding/v1alpha2
kind: ServiceBinding
metadata:
name: account-service

spec:
application:
apiVersion: apps/v1
kind: Deployment
name: online-banking

service:
apiVersion: v1
kind: Secret
name: prod-account-service-secret

status:
binding:
name: prod-account-service-reference
conditions:
- type: Ready
status: 'True'
```

## Binding `Secret` Generation Strategies

Many services, especially initially, will not be Provisioned Service-compliant. These services will expose the appropriate binding `Secret` information, but not in the way that the specification or applications expect. Users should have a way of describing a mapping from existing data associated with arbitrary resources and CRDs to a representation of a binding `Secret`.
Expand Down