|
79 | 79 | NOTE: This feature is only available for `ServiceBinding` in the |
80 | 80 | `binding.operators.coreos.com` API group. |
81 | 81 |
|
82 | | -SBO provides an API to inject a binding secret name into a custom application resource field. |
| 82 | +SBO provides an API to project a binding secret name into a custom application resource field. |
83 | 83 | Here is an example CR with the secret in a custom location: |
84 | 84 |
|
85 | 85 | [source,yaml] |
@@ -132,3 +132,83 @@ metadata: |
132 | 132 | spec: |
133 | 133 | secret: binding-request-72ddc0c540ab3a290e138726940591debf14c581 |
134 | 134 | .... |
| 135 | + |
| 136 | +== Workload resource mapping |
| 137 | + |
| 138 | +[NOTE] |
| 139 | +==== |
| 140 | +Workload resource mapping is available for the secondary workloads of the ServiceBinding custom resource (CR) for both the API groups: `binding.operators.coreos.com` and `servicebinding.io`. |
| 141 | +==== |
| 142 | + |
| 143 | +The specification also provides a way of defining exactly where binding data needs to be projected into. This method may be used when the preceding methods would not be able to configure custom path locations correctly. You may define `ClusterWorkloadResourceMapping.servicebindings.io` resources, which specifies where binding data will be projected for a given workload kind. |
| 144 | + |
| 145 | +.Example: Schema of the `ClusterWorkloadResourceMapping` resource |
| 146 | +[source,yaml] |
| 147 | +---- |
| 148 | +apiVersion: servicebinding.io/v1alpha3 |
| 149 | +kind: ClusterWorkloadResourceMapping |
| 150 | +metadata: |
| 151 | + name: # string <1> |
| 152 | + ... |
| 153 | +spec: |
| 154 | + versions: # required, at least one entry must be defined |
| 155 | + - version: # string <2> |
| 156 | + annotations: # string (Fixed JSONPath), optional <3> |
| 157 | + containers: # optional |
| 158 | + - path: # string (JSONPath) <4> |
| 159 | + name: # string (Fixed JSONPath), optional <5> |
| 160 | + env: # string (Fixed JSONPath), optional <6> |
| 161 | + volumeMounts: # string (Fixed JSONPath), optional <7> |
| 162 | + volumes: # string (Fixed JSONPath), optional <8> |
| 163 | +---- |
| 164 | +<1> Name of the `ClusterWorkloadResourceMapping` resource, which must be qualified as the `plural.group` of the mapped workload resource. For example, `cronjobs.batch` for CronJobs. |
| 165 | +<2> Version of the resource that is being mapped. Any version that is not specified can be matched with the "*" wildcard. |
| 166 | +<3> Optional: Identifier of the `.annotations` field in a pod, specified with a fixed JSONPath. The default value is `.spec.template.spec.annotations`. |
| 167 | +<4> Identifies where containers live, specified with a JSONPath. If no entries are defined, the {servicebinding-title} defaults to two paths: `.spec.template.spec.containers` and `.spec.template.spec.initContainers` with all other fields set as their default). |
| 168 | +<5> Optional: Identifier of the `.name` field in a container, specified with a fixed JSONPath. The default value is `.name`. |
| 169 | +<6> Optional: Identifier of the `.env` field in a container, specified with a fixed JSONPath. The default value is `.env`. |
| 170 | +<7> Optional: Identifier of the `.volumeMounts` field in a container, specified with a fixed JSONPath. The default value is `.volumeMounts`. |
| 171 | +<8> Optional: Identifier of the `.volumes` field in a pod, specified with a fixed JSONPath. The default value is `.spec.template.spec.volumes`. |
| 172 | + |
| 173 | +[IMPORTANT] |
| 174 | +==== |
| 175 | +In this context, a "Fixed JSONPath" is a subset of the JSONPath grammar that accepts only the following operations: |
| 176 | +
|
| 177 | +. Field lookup: `.spec.template` |
| 178 | +. Array indexing: `.spec['template']` |
| 179 | +
|
| 180 | +All other operations are forbidden. |
| 181 | +==== |
| 182 | + |
| 183 | +[NOTE] |
| 184 | +==== |
| 185 | +* Most of these fields are optional, and the {servicebinding-title} assumes PodSpec-compatible defaults when they are not specified. |
| 186 | +* The {servicebinding-title} requires that each of these fields is structurally equivalent to the corresponding field in a Pod deployment. For example, the contents of the `.env` field in a workload resource must be able to accept the same structure of data that the `.env` field in a Pod resource would. Otherwise, projecting binding information into such a workload may result in unexpected behavior from the {servicebinding-title}. |
| 187 | +==== |
| 188 | + |
| 189 | +Using the previous schema, you can define the following YAML as an example mapping for `CronJob.batch/v1` |
| 190 | +resources: |
| 191 | + |
| 192 | +[source,yaml] |
| 193 | +---- |
| 194 | +apiVersion: servicebinding.io/v1alpha3 |
| 195 | +kind: ClusterWorkloadResourceMapping |
| 196 | +metadata: |
| 197 | + name: cronjobs.batch |
| 198 | +spec: |
| 199 | + versions: |
| 200 | + - version: "v1" |
| 201 | + annotations: .spec.jobTemplate.spec.template.metadata.annotations |
| 202 | + containers: |
| 203 | + - path: .spec.jobTemplate.spec.template.spec.containers[*] |
| 204 | + - path: .spec.jobTemplate.spec.template.spec.initContainers[*] |
| 205 | + volumes: .spec.jobTemplate.spec.template.spec.volumes |
| 206 | +---- |
| 207 | + |
| 208 | +[NOTE] |
| 209 | +==== |
| 210 | +There is some behavior in the CoreOS API that does not exist in the specification API: |
| 211 | +
|
| 212 | +. If a `ServiceBinding` resource with `bindAsFiles: false` is created with one of these mappings, then environment variables will be projected into `.envFrom` underneath each `path` field specified in the corresponding `ClusterWorkloadResourceMapping` resource. |
| 213 | +. Both `ClusterWorkloadResourceMapping.servicebinding.io` resources and the `.spec.application.bindingPath.containersPath` field will be considered for binding purposes. This behavior would be equivalent to adding an entry to the corresponding `ClusterWorkloadResourceMapping` resource with `path: $containersPath`, with all other values taking their default value. |
| 214 | +==== |
0 commit comments