/service-bindings

Service Bindings for Kubernetes

Primary LanguageGoOtherNOASSERTION

Service Bindings for Kubernetes

CI GoDoc Go Report Card codecov

Service Bindings for Kubernetes implements the Service Binding Specification for Kubernetes. We are tracking changes to the spec as it approaches a stable release (currently targeting RC2). Backwards and forwards compatibility should not be expected for alpha versioned resources.

Try it out

Prerequisites:

  • a Kubernetes 1.16+ cluster

Using the latest release is recommended.

Build from source

We use ko to build the CRD and reconciler, and kapp to deploy them.

From within the cloned directory for this project, run:

kapp deploy -a service-bindings -f <(ko resolve --strict -f config)

Uninstall

kapp delete -a service-bindings

Samples

Samples are located in the samples directory, including:

Resources

ServiceBinding (service.binding/v1alpha2)

The ServiceBinding resource shape and behavior is defined upstream. In addition to the core specification, the Custom Projection and Role-Based Access Control (RBAC) extensions are also supported by this implementation.

apiVersion: service.binding/v1alpha2
kind: ServiceBinding
metadata:
  name: account-db
spec:
  application:
    apiVersion: apps/v1
    kind: Deployment
    name: account-service
  service:
    apiVersion: bindings.labs.vmware.com/v1alpha1
    kind: ProvisionedService
    name: account-db

ProvisionedService (bindings.labs.vmware.com/v1alpha1)

The ProvisionedService exposes a resource Secret by implementing the upstream Provisioned Service duck type, and may be the target of the .spec.service reference for a ServiceBinding. It is intended for compatibility with existing services that do not directly implement the duck type.

For example to expose a service with an existing Secret named account-db-service:

apiVersion: bindings.labs.vmware.com/v1alpha1
kind: ProvisionedService
metadata:
  name: account-db
spec:
  binding:
    name: account-db-service

---
apiVersion: v1
kind: Secret
metadata:
  name: account-db-service
type: Opaque
stringData:
  type: mysql
  # use appropriate values
  host: localhost
  database: default
  password: ""
  port: "3306"
  username: root

The controller writes the resource's status to implement the duck type.

Contributing

The Service Bindings for Kubernetes project team welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. For more detailed information, refer to CONTRIBUTING.md.

Acknowledgements

Service Bindings for Kubernetes is an implementation of the Service Binding Specification for Kubernetes. Thanks to Arthur De Magalhaes and Ben Hale for leading the spec effort.

The initial implementation was conceived in projectriff/bindings by Scott Andrews, Emily Casey and the riff community at large, drawing inspiration from mattmoor/bindings and Knative duck type reconcilers.

License

Apache License v2.0: see LICENSE for details.