Skip to main content
Version: Next

Binding Configuration and Secrets

Service binding trait will bind data from Kubernetes Secret to the application container's ENV.

Note: service-binding trait is hidden by default in VelaUX, you can use it in CLI.

How to use

  1. Prepare a Kubernetes Secret

The secret can be manually created, or generated by other component or external system.

For example, we have a secret db-conn-example whose data is as below:

endpoint: https://xxx.com
password: 123
username: myname
  1. Bind the Secret into your component by service-binding trait

For example, we have a webservice component who needs to consume a database. The database connection string should be set to Pod environments: endpoint, username and DB_PASSWORD.

We can set the properties for envMappings as below. For each environment, secret represents the secret name, and key represents the key of the secret.

Here is the complete properties for the trait.

traits:
- type: service-binding
properties:
envMappings:
DB_PASSWORD:
secret: db-conn-example
key: password
endpoint:
secret: db-conn-example
key: endpoint
username:
secret: db-conn-example
key: username

In particular, if the environment name, like endpoint, is same to the key of the secret, we can omit the key. So we can simplify the properties as below.

traits:
- type: service-binding
properties:
envMappings:
DB_PASSWORD:
secret: db-conn-example
key: password
endpoint:
secret: db-conn-example
username:
secret: db-conn-example

We can finally prepare an Application for the business component binding-test-comp to consume the secret, which is a representative of a database cloud resource.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: webapp
spec:
components:
- name: binding-test-comp
type: webservice
properties:
image: zzxwill/flask-web-application:v0.3.1-crossplane
ports: 80
traits:
- type: service-binding
properties:
envMappings:
# environments refer to db-conn secret
DB_PASSWORD:
secret: db-conn-example
key: password
endpoint:
secret: db-conn-example
username:
secret: db-conn-example

Deploy this YAML and the Secret db-conn-example will be binding into environment of workload.