This repo is archived. Provisioned service support is available directly on an ExternalSecret, no mapping required.
Reference implementation of the ServiceBinding.io 1.0 spec. The full specification is implemented, please open an issue for any discrepancies.
You’ll need a Kubernetes cluster to run against. You can use kind to get a local cluster for testing, or run against a remote cluster.
After the controller is deployed, try out the samples.
The easiest way to get started is by deploying the latest release. Alternatively, you can build the runtime from source.
-
Define where to publish images:
export KO_DOCKER_REPO=<a-repository-you-can-write-to>
For kind, a registry is not required:
export KO_DOCKER_REPO=kind.local
-
Build and deploy the controller to the cluster:
Note: The cluster must have the cert-manager and external-secrets deployed. There is a
make deploy-cert-manager
andmake deploy-external-secrets
target to deploy the cert-manager and external-secrets respectively.make deploy
Undeploy the controller to the cluster:
make undeploy
A ExternalSecretMapping
mirrors every ExternalSecret
resource in the cluster. The ExternalSecretMapping
is a Service Binding Provisioned Service compatible resource that reflects the name of the secret defined by the ExternalSecret
on to the ExternalSecretMapping
status. Users should not create the ExternalSecretMapping
resource directly, as new ExternalSecret
are created/updated/deleted, the ExternalSecretMapping
with the same namespace/name is created/updated/deleted. The mapping does not alter the Secret
or ExternalSecret
resources in anyway.
Once installed, a ServiceBinding
can target an ExternalSecretMapping
of the same name as the ExternalSecret
as a service.
In the ServiceBinding
replace:
spec:
service:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
name: my-secret
with:
spec:
service:
apiVersion: x-mapping.servicebinding.io/v1alpha1
kind: ExternalSecretMapping
name: my-secret
Run the unit tests:
make test
If you are editing the API definitions, generate the manifests such as CRs or CRDs using:
make manifests
NOTE: Run make help
for more information on all potential make
targets
More information can be found via the Kubebuilder Documentation
The Service Binding Mapping for External Secrets project is a community lead effort. A bi-weekly working group call is open to the public. Discussions occur here on GitHub and on the #bindings-discuss channel in the Kubernetes Slack.
If you catch an error in the implementation, please let us know by opening an issue at our GitHub repository.
Participation in the Service Binding community is governed by the Contributor Covenant.