djzager
commented
6 years ago I think this is worth implementing and I'm going to look into writing a proposal.
Closed maleck13 closed 6 years ago
djzager
commented
6 years ago I think this is worth implementing and I'm going to look into writing a proposal.
Based on discussions here: https://github.com/openshift/ansible-service-broker/pull/537 Creating follow up issue to allow discussion of using a secret in the temporary bind namespace to retrieve the credentials rather than the current approach: having the apb write them to a specific file and have the broker exec into the container in a background loop to check for their existence.
In the referenced issue, we discuss using the pod for the apb to add meta data about the last operation and then retrieving this information via a watch on the pod resource. This raised the question of whether we should use a similar paradigm for the credentials from a bind.
This needs a full proposal, but the basic premise would be to have the apb either create or update a secret with the credentials for the binding. The broker then, instead of exec'ing into the container, would set up a watch on secrets within the temporary namespace that the apb was being executed. It would use the contents of this secret in order to return the credentials to the service catalog.