cartographer
cartographer copied to clipboard
vmware-tanzu
R4RFC: Service claims for non-runtime resources
Description of problem
Currently the workload contains top level service claims that are meant to be exposed to runtime resources. There is currently no mechanism to define service claims that are targeted to other resources in the cluster (e.g. build).
Proposed solution
Requesting an RFC that outlines a solution for how we could introduce service claims to be consumed by other resources.
@squeedee at some point proposed tagging service claims so that templates could consume only the services tagged for a given resource.
example use of servicebindings at build time:
apiVersion: kpack.io/v1alpha2
kind: Image
metadata:
name: sample-binding-with-secret
spec:
tag: my-registry.com/repo
builder:
kind: ClusterBuilder
name: default
source:
git:
url: https://github.com/buildpack/sample-java-app.git
revision: 0eccc6c2f01d9f055087ebbf03526ed0623e014a
build:
services:
- name: settings-xml
kind: Secret
apiVersion: v1
---
apiVersion: v1
kind: Secret
metadata:
name: settings-xml
type: service.binding/maven
stringData:
type: maven
provider: sample
settings.xml: <settings>...</settings>
(see kpack/service-bindings.md)
Won't implement (at this time)
Working with kpack is the common pain point, passing a secret to it's services key. These aren't really services, and can be implemented by using params (which also provide per-supply-chain fallbacks), eg:
spec:
params:
- name: build-secrets
value:
- name: settings-xml
kind: Secret
apiVersion: v1
This avoids spec changes to the Cartographer API.
The one concern is providing these definitions with the CLI, however this is mitigated by this CLI issue
