search

kubernetes-retired / service-catalog

Consume services in Kubernetes using the Open Service Broker API
https://svc-cat.io
Apache License 2.0
1.05k stars 385 forks source link

Support of OpenServiceBroker feature "binding_rotatable" in the ServiceCatalog #2846

Closed freegroup closed 3 years ago

freegroup commented 4 years ago

in the OpenServiceBroker spec it is possible to rotate a binding as describe here: https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#binding-rotation

This feature is mandatory if we want to rotate an secret without a new deployment and restart of existing pods.

As far as I understood the existing binding is updated with the new binding information. In this case k8s updates the mounted secret within existing pods without restart. This feature is requested in the past in the ticket: https://github.com/kubernetes-sigs/service-catalog/issues/1815

Is there any backlog or plans to support this OSB specification part as well?

jhvhs commented 4 years ago

Hi @freegroup,

The support for binding rotation hasn't been yet finalised, and may become a new feature as part of the upcoming OSBAPI release. We will implement it as part of the new OSBAPI version implementation if and when it does.

freegroup commented 4 years ago

thanks for your feedback. Unfortunately I'm unable get a schedule for this feature....

I think I write my own operator to rotate the credentials in the meanwhile.

jhvhs commented 3 years ago

@freegroup Can we close this issue?