mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
2174a67575
The Service Binding for Kubernetes project (servicebinding.io) is a spec to make it easier for workloads to consume services. At runtime, the ServiceBinding resource references a service resources and workload resource to connect to the service. The Secret for a service is projected into a workload resource at a well known path. Services can advertise the name of the Secret representing the service on it's status at `.status.binding.name`. Hosting the name of a Secret at this location is the Provisioned Service duck type. It has the effect of decoupling the logical consumption of a service from the physical Secret holding state. Using ServiceBindings with ExternalSecrets today requires the user to directly know and reference the Secret created by the ExternalSecret as the service reference. This PR adds the name of the Secret to the status of the ExternalSecret at a well known location where it is be discovered by a ServiceBinding. With this change, user can reference an ExternalSecret from a ServiceBinding. A ClusterRole is also added with a well known label for the ServiceBinding controller to have permission to watch ExternalSecrets and read the binding Secret. ClusterExternalSecret was not modified as ServiceBindings are limited to the scope of a single namespace. Signed-off-by: Scott Andrews <andrewssc@vmware.com> |
||
|---|---|---|
| .. | ||
| 000-template.md | ||
| 001-design-crd-v1beta1.md | ||
| 002-pushsecret.md | ||
| 003-cluster-external-secret-spec.md | ||
| 004-datafrom-key-rewrite.md | ||
| 005-secret-generator-group.md | ||
| 006-LTS-release.md | ||
| design-crd-spec.md | ||