|
6 | 6 | [id="sbo-binding-workloads-that-are-not-compliant-with-PodSpec_{context}"] |
7 | 7 | = Binding secondary workloads that are not compliant with PodSpec |
8 | 8 |
|
9 | | -[role="_abstract"] |
10 | 9 | A typical scenario in service binding involves configuring the backing service, the workload (Deployment), and {servicebinding-title}. Consider a scenario that involves a secondary workload (which can also be an application Operator) that is not compliant with PodSpec and is between the primary workload (Deployment) and {servicebinding-title}. |
11 | 10 |
|
12 | 11 | For such secondary workload resources, the location of the container path is arbitrary. For service binding, if the secondary workload in a CR is not compliant with the PodSpec, you must specify the location of the container path. Doing so projects the binding data into the container path specified in the secondary workload of the `ServiceBinding` custom resource (CR), for example, when you do not want the binding data inside a pod. |
13 | 12 |
|
14 | | -{servicebinding-title} provides an option to configure the value of where the container path or secret path is and bind these paths at a custom location. This option is available only for the `binding.operators.coreos.com` API group when the binding data is projected as environment variables. |
| 13 | +In {servicebinding-title}, you can configure the path of where containers or secrets reside within a workload and bind these paths at a custom location. |
15 | 14 |
|
| 15 | +[id="configuring-custom-location-of-container-path_{context}"] |
16 | 16 | == Configuring the custom location of the container path |
| 17 | +This custom location is available for the `binding.operators.coreos.com` API group when {servicebinding-title} projects the binding data as environment variables. |
| 18 | + |
17 | 19 | Consider a secondary workload CR, which is not compliant with the PodSpec and has containers located at the `spec.containers` path: |
18 | 20 |
|
19 | 21 | .Example: Secondary workload CR |
@@ -99,7 +101,10 @@ spec: |
99 | 101 | <1> Unique array of containers with values generated by the {servicebinding-title}. These values are based on the backing service CR. |
100 | 102 | <2> Name of the `Secret` resource generated by the {servicebinding-title}. |
101 | 103 |
|
| 104 | +[id="configuring-custom-location-of-secret-path_{context}"] |
102 | 105 | == Configuring the custom location of the secret path |
| 106 | +This custom location is available for the `binding.operators.coreos.com` API group when {servicebinding-title} projects the binding data as environment variables. |
| 107 | + |
103 | 108 | Consider a secondary workload CR, which is not compliant with the PodSpec, with only the secret at the `spec.secret` path: |
104 | 109 |
|
105 | 110 | .Example: Secondary workload CR |
@@ -154,4 +159,68 @@ spec: |
154 | 159 | secret: binding-request-72ddc0c540ab3a290e138726940591debf14c581 <1> |
155 | 160 | ... |
156 | 161 | ---- |
157 | | -<1> Unique name of the `Secret` resource generated by the {servicebinding-title}. |
| 162 | +<1> The unique name of the `Secret` resource that {servicebinding-title} generates. |
| 163 | + |
| 164 | +[id="workload-resource-mapping_{context}"] |
| 165 | +== Workload resource mapping |
| 166 | + |
| 167 | +[NOTE] |
| 168 | +==== |
| 169 | +* Workload resource mapping is available for the secondary workloads of the `ServiceBinding` custom resource (CR) for both the API groups: `binding.operators.coreos.com` and `servicebinding.io`. |
| 170 | +* You must define `ClusterWorkloadResourceMapping` resources only under the `servicebinding.io` API group. However, the `ClusterWorkloadResourceMapping` resources interact with `ServiceBinding` resources under both the `binding.operators.coreos.com` and `servicebinding.io` API groups. |
| 171 | +==== |
| 172 | + |
| 173 | +If you cannot configure custom path locations by using the configuration method for container path, you can define exactly where binding data needs to be projected. Specify where to project the binding data for a given workload kind by defining the `ClusterWorkloadResourceMapping` resources in the `servicebinding.io` API group. |
| 174 | + |
| 175 | +The following example shows how to define a mapping for the `CronJob.batch/v1` resources. |
| 176 | + |
| 177 | +.Example: Mapping for `CronJob.batch/v1` resources |
| 178 | +[source,yaml] |
| 179 | +---- |
| 180 | +apiVersion: servicebinding.io/v1alpha3 |
| 181 | +kind: ClusterWorkloadResourceMapping |
| 182 | +metadata: |
| 183 | + name: cronjobs.batch <1> |
| 184 | +spec: |
| 185 | + versions: |
| 186 | + - version: "v1" <2> |
| 187 | + annotations: .spec.jobTemplate.spec.template.metadata.annotations <3> |
| 188 | + containers: |
| 189 | + - path: .spec.jobTemplate.spec.template.spec.containers[*] <4> |
| 190 | + - path: .spec.jobTemplate.spec.template.spec.initContainers[*] |
| 191 | + name: .name <5> |
| 192 | + env: .env <6> |
| 193 | + volumeMounts: .volumeMounts <7> |
| 194 | + volumes: .spec.jobTemplate.spec.template.spec.volumes <8> |
| 195 | +---- |
| 196 | +<1> Name of the `ClusterWorkloadResourceMapping` resource, which must be qualified as the `plural.group` of the mapped workload resource. |
| 197 | +<2> Version of the resource that is being mapped. Any version that is not specified can be matched with the "*" wildcard. |
| 198 | +<3> Optional: Identifier of the `.annotations` field in a pod, specified with a fixed JSONPath. The default value is `.spec.template.spec.annotations`. |
| 199 | +<4> Identifier of the `.containers` and `.initContainers` fields in a pod, specified with a JSONPath. If no entries under the `containers` field are defined, the {servicebinding-title} defaults to two paths: `.spec.template.spec.containers[\*]` and `.spec.template.spec.initContainers[\*]`, with all other fields set as their default. However, if you specify an entry, then you must define the `.path` field. |
| 200 | +<5> Optional: Identifier of the `.name` field in a container, specified with a fixed JSONPath. The default value is `.name`. |
| 201 | +<6> Optional: Identifier of the `.env` field in a container, specified with a fixed JSONPath. The default value is `.env`. |
| 202 | +<7> Optional: Identifier of the `.volumeMounts` field in a container, specified with a fixed JSONPath. The default value is `.volumeMounts`. |
| 203 | +<8> Optional: Identifier of the `.volumes` field in a pod, specified with a fixed JSONPath. The default value is `.spec.template.spec.volumes`. |
| 204 | + |
| 205 | +[IMPORTANT] |
| 206 | +==== |
| 207 | +* In this context, a fixed JSONPath is a subset of the JSONPath grammar that accepts only the following operations: |
| 208 | ++ |
| 209 | +-- |
| 210 | +** Field lookup: `.spec.template` |
| 211 | +** Array indexing: `.spec['template']` |
| 212 | +-- |
| 213 | ++ |
| 214 | +All other operations are not accepted. |
| 215 | +
|
| 216 | +* Most of these fields are optional. When they are not specified, the {servicebinding-title} assumes defaults compatible with `PodSpec` resources. |
| 217 | +* The {servicebinding-title} requires that each of these fields is structurally equivalent to the corresponding field in a pod deployment. For example, the contents of the `.env` field in a workload resource must be able to accept the same structure of data that the `.env` field in a Pod resource would. Otherwise, projecting binding data into such a workload might result in unexpected behavior from the {servicebinding-title}. |
| 218 | +==== |
| 219 | + |
| 220 | +.Behavior specific to the `binding.operators.coreos.com` API group |
| 221 | +You can expect the following behaviors when `ClusterWorkloadResourceMapping` resources interact with `ServiceBinding` resources under the `binding.operators.coreos.com` API group: |
| 222 | + |
| 223 | +* If a `ServiceBinding` resource with the `bindAsFiles: false` flag value is created together with one of these mappings, then environment variables are projected into the `.envFrom` field underneath each `path` field specified in the corresponding `ClusterWorkloadResourceMapping` resource. |
| 224 | +* As a cluster administrator, you can specify both a `ClusterWorkloadResourceMapping` resource and the `.spec.application.bindingPath.containersPath` field in a `ServiceBinding.bindings.coreos.com` resource for binding purposes. |
| 225 | ++ |
| 226 | +The {servicebinding-title} attempts to project binding data into the locations specified in both a `ClusterWorkloadResourceMapping` resource and the `.spec.application.bindingPath.containersPath` field. This behavior is equivalent to adding a container entry to the corresponding `ClusterWorkloadResourceMapping` resource with the `path: $containersPath` attribute, with all other values taking their default value. |
0 commit comments