Declare Binding Data with Resource Annotations

If your backing service is not compliant with the Service Binding specification as a Provisioned Service resource, you can annotate the resources of the backing service and/or its CRD declaring what data are exposed as binding.

The Service Binding Operator implements support for Secret Generation Extension. It detects the annotations added to the CRD and/or service resource and creates a Secret resource with the values extracted based on the annotations. The Service Binding Operator then projects these bindings into the application.

Service binding annotations follow the convention:

service.binding(/<NAME>)?: "<VALUE>|(path=<JSONPATH_TEMPLATE>(,objectType=<OBJECT_TYPE)?(,elementType=<ELEMENT_TYPE>)?(,sourceKey=<SOURCE_KEY>)?(,sourceValue=<SOURCE_VALUE>)?)"

where:

<NAME> specifies the name under which the binding value is going to be exposed. It can omitted only when objectType is set to Secret or ConfigMap
<VALUE> specifies the constant value exposed, when no path is set

Please check Data Model for more details on allowed values and semantic for path, elementType, objectType, sourceKey, and sourceValue.

Examples

The following examples assume existence of Secret db-cred:

Secret db-cred

apiVersion: v1
kind: Secret
metadata:
  name: db-cred
data:
  password: "foo"
  username: "guest"

and ConfigMap db-conf:

ConfigMap db-conf

apiVersion: v1
kind: ConfigMap
metadata:
  name: db-conf
data:
  timeout: 10s
  database: db1

Expose constant value as the binding item

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding/type": "foo" (1)
spec:
  ...

1	exposed binding `type` with value `foo`

Expose all secret entries as binding data

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding": "path={.status.data.dbCredentials},objectType=Secret"
spec:
  ...

status:
  data:
    dbCredentials: db-cred (1)

1	Secret name

Expose all entries from a secret not referred by the service

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: db
  annotations:
    "service.binding": "path={.metadata.name}-cred,objectType=Secret" (1)
spec:
  ...

1	Secret name is constructed from `{.metadata.name}-cred` template that resolved to `db-cred` eventually. Multiple JSONPath can be contained in the template.

Exposing username entry from a Secret as user binding item

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding/user": "path={.status.data.dbCredentials},objectType=Secret,sourceKey=username"
spec:
  ...

status:
  data:
    dbCredentials: db-cred (1)

1	Secret name

Expose all entries from ConfigMap

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding": "path={.status.data.dbConfiguration},objectType=ConfigMap"
spec:
  ...

status:
  data:
    dbConfiguration: db-conf (1)

1	ConfigMap name

Exposing db_timeout entry from a ConfigMap as timeout binding

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding/timeout": "path={.status.data.dbConfiguration},objectType=ConfigMap,sourceKey=db_timeout"
spec:
  ...

status:
  data:
    dbConfiguration: db-conf (1)

1	ConfigMap name

Expose status.data.connectionURL resource value as uri binding item

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding/uri":  "path={.status.data.connectionURL}"
spec:
  ...

status:
  data:
    connectionURL: "http://guest:secret123@192.168.1.29/db"

Exposing the collection entries as the binding data by selecting the key and value from each entry

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding/uri": "path={.status.connections},elementType=sliceOfMaps,sourceKey=type,sourceValue=url"
spec:
  ...

status:
  connections:
    - type: primary (1)
      url: primary.example.com
    - type: secondary (2)
      url: secondary.example.com
    - type: '404' (3)
      url: black-hole.example.com

1	exposed as `uri_primary` with value `primary.example.com`
2	exposed as `uri_secondary` with value `secondary.example.com`
3	exposed as `uri_404` with value `black-hole.example.com`

Exposing the collection of strings

apiVersion: apps.example.org/v1beta1
kind: Database
metadata:
  name: my-db
  annotations:
    "service.binding/tags": "path={.spec.tags},elementType=sliceOfStrings"

spec:
    tags:
      - knowledge (1)
      - is (2)
      - power (3)

1	exposed as `tags_0` with value `knowledge`
2	exposed as `tags_1` with value `is`
3	exposed as `tags_2` with value `power`