-
Notifications
You must be signed in to change notification settings - Fork 387
Allow service brokers to specify labels that are applied to the binding secret #1222
Comments
It would additionally be useful if the created bind secret could inherit the "template" and "template.openshift.io/template-instance" labels which the platform adds to the Secret/Service/DeploymentConfig that are created when the template is instantiated. Perhaps also ownerReferences. |
in your workflow, after you create the binding, could you not add the labels to the secrets yourself? |
I'm not the one creating the binding. I have a process that watches deployment changes and reacts to them, but can't influence them. |
There are two different flavors of this that we run a risk of conflating. I believe they are:
I believe that @maleck13 can use (1), but @jhalliday needs (2). |
@pmorie @duglin Example: If the use case makes sense. I am happy to start putting a proposal together but want to be sure this is the right place for it. |
@pmorie @duglin Had no response on this for sometime so just following up after thinking more on it. Currently we have to create a second secret with the same credentials in it with the labels we need which seems counter productive. |
drive-by-comment: the broker already knows it is talking to a platform on a binding request, perhaps we add a kubernetes section to the payload where we can store info like this that is intended for k8s to act on? like:
It blurs the line a bit around the broker needing to know it is talking to k8s, but it does that already I would say. Or you pass those tags into the original request parameters, and they come out plus some. |
This would be an approach that works, perhaps it would just be
And then the platform could decide what should be done with that information? In k8s case it would add those labels to the secret. |
@maleck13 Can you help me understand why you prefer that the broker add those labels instead of specifying the label say, on the binding? I'm curious because I am working on a proposal to support adding defaults for service classes and plans, and thought that default labels could be useful as well. So that you could configure a single time at the cluster level "when resources are created for this plan, add this label". I'm just wondering if you picked option 2 (broker supplied labels) because that seemed like less repetition or because the broker is actually in a better position to know what labels are appropriate. Thanks! |
I don't have strong preference here. I was looking for something that would gain traction as I have been struggling with getting engagement on the issue. So delighted to hear I am not alone and you are working towards something similar. |
@maleck13 It seems quite straightforward and fits into the intent of that proposal. I'll ping back here once it's updated. |
@carolynvs how is the proposal coming along? |
@maleck13 With KubeCon and then falling sick, I completely dropped the ball on this. I've added it to my list but I'm out sick so it won't be updated this week. Thanks for the reminder! |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Use case:
I have an application that wants to use the secrets created from certain services in order to generate a configuration object / file that can be consumed by external clients for those services, for example a mobile application. Currently in order to do this, the application needs to maintain a list of distinct services that it knows about. It would be preferable if I could have the secrets created from the broker have a label, something like "mobile-enabled" that it could use to discover the secrets it could work with.
The text was updated successfully, but these errors were encountered: