Introduction

Application developers need access to backing services to build and connect workloads. Connecting workloads to backing services is always a challenge because each service provider requires a different way to access their secrets and consume them in a workload.

The Service Binding Operator enables application developers to easily bind workloads together with operator-managed backing services, without any manual procedures to configure the binding connection. For the Service Binding Operator to provide the binding data, as an Operator provider or user who creates backing services, you must expose the binding data to be automatically detected by the Service Binding Operator. Then, the Service Binding Operator automatically collects the binding data from the backing service and shares it with a workload to provide a consistent and predictable experience.

Methods of exposing binding data

This section describes the methods you can use to expose the binding data.

Ensure that you know and understand your workload requirements and environment, and how it works with the provided services.

Binding data is exposed under the following circumstances:

Service Binding Operator implements support for Secret Generation Extension and hence provides the ability to expose the binding data values from the backing service resources and CRDs. You can use the following categories of binding data to map and expose the values:

  • A string from a resource

  • A constant value

  • An entire config map or secret that is referenced from a resource

  • A specific entry from a config map or secret that is referenced from a resource

  • A resource definition value

  • Entries of a collection of objects with the mapping keys and values from entries in a config map or secret that is referenced from a resource

  • A collection of specific entry values in a resource’s collection of objects

  • A value to a specific key

  • A value of a collection to a key with a generated name

Data model

This section explains the data model used in the annotations.

  • path: JSONPath template is composed of JSONPath expressions enclosed by curly braces {}. The data model used in the annotations follow specific conventions.

Service binding annotations must use the following convention:

service.binding(/<NAME>)?:
    "<VALUE>|(path=<JSONPATH_TEMPLATE>(,objectType=<OBJECT_TYPE>)?(,elementType=<ELEMENT_TYPE>)?(,sourceKey=<SOURCE_KEY>)?(,sourceValue=<SOURCE_VALUE>)?)"

where:

<NAME>

Specifies the name under which the binding value is to be exposed. You can exclude it only when the objectType parameter is set to Secret or ConfigMap.

<VALUE>

Specifies the constant value exposed when no path is set.

The data model provides the details on the allowed values and semantic for the path, elementType, objectType, sourceKey, and sourceValue parameters.

Table 1. Parameters and their descriptions
Parameter Description Default value

path

JSONPath template that consists JSONPath expressions enclosed by curly braces {}. The behaviour matches kubectl JSONPath support.

N/A

elementType

Specifies whether the value of the element referenced in the path parameter complies with any one of the following types:

  • string

  • sliceOfStrings

  • sliceOfMaps

string

objectType

Specifies whether the value of the element indicated in the path parameter refers to a ConfigMap, Secret, or plain string in the current namespace.

Secret, if elementType is non-string.

sourceKey

Specifies the key in the ConfigMap or Secret resource to be added to the binding secret when collecting the binding data.

Note:

  • When used in conjunction with elementType=sliceOfMaps, the sourceKey parameter specifies the key in the slice of maps whose value is used as a key in the binding secret.

  • Use this optional parameter to expose a specific entry in the referenced Secret or ConfigMap resource as binding data.

  • When not specified, all keys and values from the Secret or ConfigMap resource are exposed and are added to the binding secret.

N/A

sourceValue

Specifies the key in the slice of maps.

Note:

  • The value of this key is used as the base to generate the value of the entry for the key-value pair to be added to the binding secret.

  • In addition, the value of the sourceKey is used as the key of the entry for the key-value pair to be added to the binding secret.

  • It is mandatory only if elementType=sliceOfMaps.

N/A

The sourceKey and sourceValue parameters are applicable only if the element indicated in the path parameter refers to a ConfigMap or Secret resource.