Uploaded image for project: 'Service Binding'
  1. Service Binding
  2. APPSVC-867

Inject secrets as environment variables

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Obsolete
    • Icon: Undefined Undefined
    • None
    • None
    • Service Binding

      To inject secrets as environment variables, spec suggests using an optional`.spec.env` field in the ServiceBinding CR.

      The `.spec.env` field should be a array of `EnvMapping`.

      `EnvMapping` is a map of `name` and `value` where `name` is the name of the environment variable to be injected in the application and `value` is any one of the keys from the binding secret.

      spec:
  env:                  # []EnvMapping, optional
  - name:               # string
    key:                # string

      Example:

      spec:
  env:               
  - name: ACCOUNT_SERVICE_HOST
    key:  host
  - name: ACCOUNT_SERVICE_USERNAME
    key:  username
  - name: ACCOUNT_SERVICE_PASSWORD
    key:  password

      Are dependencies identified?
      1. [TODO] Discussion - Should there be a limit of number of environment variables that can be injected. E.g. an upperlimit of 50?

      2. [TODO] Discussion - In the current implementation, if user sets`bindAsFiles: false`, all the credentials are injected as environment variables. In addition to that, if the user sets `env` field for the same environment variable, it could overwrite the value of environment variable.

      Are blockers noted?

      No blockers.

      What is the expected delivery timeline?
      GA

      Is design implementable?
      1. Add an optional Field `env` in ServiceBindingSpec which should be an array of `EnvMapping`
      2. Update User Guide and examples.

      What is the acceptance criteria?

          Scenario: Sequence from service resource is injected into application as environment variables
        Given The Custom Resource is present
            """
            apiVersion: "stable.example.com/v1"
            kind: Backend
            metadata:
                name: backend
            spec:
                host: example.common
                tags:
                    - "centos7-12.3"
                    - "fedora-33"
            """
        * Generic test application "foo" is running
        When Service Binding is applied
            """
            apiVersion: binding.operators.coreos.com/v1alpha1
            kind: ServiceBinding
            metadata:
                name: env-var
            spec:
                application:
                    name: foo
                    group: apps
                    version: v1
                    resource: deployments
                services:
                -   group: stable.example.com
                    version: v1
                    kind: Backend
                    name: backend
                env:
                - name: OPERATING_SYSTEM_TAGS
                  key: tags
                - name: HOST
                  key: host
            """
        Then Service Binding "env-var" is ready
        And The application env var "OPERATING_SYSTEM_TAGS" has value "[centos7-12.3 123]"
        And The application env var "HOST" has value "example.common"

      Is the story (roughly) estimated?
      8

              Unassigned Unassigned
              dshikhar Dhriti Shikhar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: