Service Bindings for Kubernetes implements the Service Binding Specification for Kubernetes. We are tracking changes to the spec as it approaches a stable release (currently targeting RC2++). Backwards and forwards compatibility should not be expected for alpha versioned resources.

This implementation provides support for:

• Provisioned Service
• Application Projection
• Service Binding
• Extensions including:
  • Custom Projection
  • Direct Secret Reference
  • Role-Based Access Control (RBAC)

The Binding Secret Generation Strategies extension is not supported.

Prerequisites:

• a Kubernetes 1.17+ cluster

Using the latest release is recommended.

We use ko to build the CRD and reconciler, and kapp to deploy them.

From within the cloned directory for this project, run:

kapp deploy -a service-bindings -f <(ko resolve --strict -f config)

kapp delete -a service-bindings

Samples are located in the samples directory, including:

• Spring PetClinic with MySQL
• Custom Projection
• Controlled Resource
• Environment Variables and Mappings
• Provisioned Service
• Multiple Bindings

The ServiceBinding resource shape and behavior is defined by the spec.

apiVersion: service.binding/v1alpha2
kind: ServiceBinding
metadata:
  name: account-db
spec:
  application:
    apiVersion: apps/v1
    kind: Deployment
    name: account-service
  service:
    apiVersion: bindings.labs.vmware.com/v1alpha1
    kind: ProvisionedService
    name: account-db

The ProvisionedService exposes a resource Secret by implementing the upstream Provisioned Service duck type, and may be the target of the .spec.service reference for a ServiceBinding. It is intended for compatibility with existing services that do not directly implement the duck type.

For example to expose a service with an existing Secret named account-db-service:

apiVersion: bindings.labs.vmware.com/v1alpha1
kind: ProvisionedService
metadata:
  name: account-db
spec:
  binding:
    name: account-db-service

---
apiVersion: v1
kind: Secret
metadata:
  name: account-db-service
type: Opaque
stringData:
  type: mysql
  # use appropriate values
  host: localhost
  database: default
  password: ""
  port: "3306"
  username: root

The controller writes the resource's status to implement the duck type.

The Service Bindings for Kubernetes project team welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. For more detailed information, refer to CONTRIBUTING.md.

Service Bindings for Kubernetes is an implementation of the Service Binding Specification for Kubernetes. Thanks to Arthur De Magalhaes and Ben Hale for leading the spec effort.

The initial implementation was conceived in projectriff/bindings by Scott Andrews, Emily Casey and the riff community at large, drawing inspiration from mattmoor/bindings and Knative duck type reconcilers.

Apache License v2.0: see LICENSE for details.