kpack Images can be configured with Service Bindings as described in the Kubernetes Service Bindings specification.
At build-time, service bindings are handled by the buildpacks being used for that Image. Check the desired buildpack homepage for documentation on the service bindings it supports. Buildpack homepages can be found with kp clusterstore status <store-name>.
There are two ways to configure service bindings:
- Natively using a Secret (most common use case for kpack users)
- Using ProvisionedServices as described in the specification (requires additional operator configuration external to kpack)
Requirements:
- A Secret containing the service binding data
- The Secret
stringDatafield must contain a key-value pairs oftype:<binding type>. The buildpacks will use read this type - The Secret
type(notstringData.type) is recommended to be set toservice.binding/<binding type>where<binding type>is the value of the key set in the above bullet. - The Secret
stringDatafield may contain any additional key-value pairs of<binding file name>:<binding data>. For each key-value pair, a file will be created that is accessible during build.
- The Secret
- An Image in the same namespace referencing that Secret in the
spec.build.servicesfield as an ObjectReference.
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: sample-binding-with-secret
spec:
tag: my-registry.com/repo
builder:
kind: ClusterBuilder
name: default
source:
git:
url: https://github.com/buildpack/sample-java-app.git
revision: 0eccc6c2f01d9f055087ebbf03526ed0623e014a
build:
services:
- name: settings-xml
kind: Secret
apiVersion: v1
---
apiVersion: v1
kind: Secret
metadata:
name: settings-xml
type: service.binding/maven
stringData:
type: maven
provider: sample
settings.xml: <settings>...</settings>The above example will result in the following files being available during Builds of the Image matching the directory layout of the K8s Service Binding Application Projection spec:
$SERVICE_BINDING_ROOT
└── account-database
├── type
├── provider
└── settings.xml
$SERVICE_BINDING_ROOT will be set to <platform>/bindings
kpack is fully compliant with the Kubernetes Service Binding Spec and supports bindings with ProvisionedServices.
ProvisionedServices are custom resources that implement the provisioned service duck type and must be configured external to kpack. ProvisionedServices provide the name of a Secret in status.binding.name. For more details, see the Kubernetes Service Bindings specification.
Requirements for a service bindings using ProvisionedService:
- A resource that implements the ProvisionedService duck type and
- A Secret containing the service binding data
- The Secret
stringDatafield must contain a key-value pairs oftype:<binding type>. The buildpacks will use read this type - The Secret
type(notstringData.type) must be set toservice.binding/<binding type>where<binding type>is the value of the key set in the above bullet. - The Secret
stringDatafield may contain any additional key-value pairs of<binding file name>:<binding data>. For each key-value pair, a file will be created that is accessible during build.
- The Secret
- An Image in the same namespace referencing the ProvisionedService in the
spec.build.servicesfield as an ObjectReference.
---
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: sample-binding-with-secret
spec:
tag: my-registry.com/repo
builder:
kind: ClusterBuilder
name: default
source:
git:
url: https://github.com/buildpack/sample-java-app.git
revision: 0eccc6c2f01d9f055087ebbf03526ed0623e014a
build:
services:
- name: sample-ps
kind: CustomProvisionedService
apiVersion: v1
---
apiVersion: v1alpha1
kind: CustomProvisionedService
metadata:
name: sample-ps
...
status:
binding:
name: settings-xml
---
apiVersion: v1
kind: Secret
metadata:
name: settings-xml
type: service.binding/maven
stringData:
type: maven
provider: sample
settings.xml: <settings>...</settings>