zhongwei/gh-secondsky-sap-skills-skills-sap-btp-service-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-secondsky-sap-skills-ski…/templates/service-binding-k8s.yaml
Zhongwei Li 0e7a2dc56e Initial commit
2025-11-30 08:55:15 +08:00

186 lines
4.0 KiB
YAML
Raw Permalink Blame History

# Kubernetes ServiceBinding CRD Template
# Documentation: https://github.com/SAP/sap-btp-service-operator
# Usage: kubectl apply -f service-binding-k8s.yaml
---
# Basic Service Binding
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: my-binding
namespace: default
spec:
# Required: Reference to ServiceInstance
serviceInstanceName: my-service-instance
---
# Binding with External Name
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: xsuaa-binding
namespace: default
spec:
serviceInstanceName: xsuaa-instance
externalName: xsuaa-binding-external
---
# Binding with X.509 Credentials
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: xsuaa-binding-x509
namespace: default
spec:
serviceInstanceName: xsuaa-instance
parameters:
credential-type: x509
---
# Binding with X.509 Custom Validity
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: xsuaa-binding-x509-custom
namespace: default
spec:
serviceInstanceName: xsuaa-instance
parameters:
credential-type: x509
key-length: 4096
validity-type: MONTHS
validity: 6
---
# Binding with Custom Secret Name
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: custom-secret-binding
namespace: default
spec:
serviceInstanceName: my-service-instance
# Secret will be created with this name instead of binding name
secretName: my-custom-secret
---
# Binding with Secret Root Key
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: binding-with-root-key
namespace: default
spec:
serviceInstanceName: my-service-instance
# All credentials nested under this key in secret
secretRootKey: credentials
---
# Binding with Parameters from Secret
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: binding-with-secret-params
namespace: default
spec:
serviceInstanceName: my-service-instance
parametersFrom:
- secretKeyRef:
name: binding-parameters
key: params
---
# Secret for binding parameters
apiVersion: v1
kind: Secret
metadata:
name: binding-parameters
namespace: default
type: Opaque
stringData:
params: |
{
"credential-type": "x509",
"key-length": 4096
}
---
# Example: Using binding credentials in a Pod (Environment Variables)
apiVersion: v1
kind: Pod
metadata:
name: app-with-env-credentials
namespace: default
spec:
containers:
- name: app
image: my-app:latest
env:
- name: XSUAA_CLIENTID
valueFrom:
secretKeyRef:
name: xsuaa-binding
key: clientid
- name: XSUAA_CLIENTSECRET
valueFrom:
secretKeyRef:
name: xsuaa-binding
key: clientsecret
- name: XSUAA_URL
valueFrom:
secretKeyRef:
name: xsuaa-binding
key: url
---
# Example: Using binding credentials in a Pod (Volume Mount)
apiVersion: v1
kind: Pod
metadata:
name: app-with-mounted-credentials
namespace: default
spec:
containers:
- name: app
image: my-app:latest
volumeMounts:
- name: xsuaa-credentials
mountPath: /etc/secrets/xsuaa
readOnly: true
volumes:
- name: xsuaa-credentials
secret:
secretName: xsuaa-binding
---
# Example: Deployment with binding credentials
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app-deployment
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: app
image: my-app:latest
envFrom:
- secretRef:
name: xsuaa-binding
volumeMounts:
- name: destination-credentials
mountPath: /etc/secrets/destination
readOnly: true
volumes:
- name: destination-credentials
secret:
secretName: destination-binding
Reference in New Issue View Git Blame Copy Permalink