servicebinding / spec

Specification for binding services to k8s workloads
https://servicebinding.io
Apache License 2.0
92 stars 35 forks source link

Improve the discoverability of Secret resource used for Direct Secret Reference #176

Closed baijum closed 3 years ago

baijum commented 3 years ago

Provisioned Service has better discoverability because of this recommendation:

To facilitate discoverability, it is RECOMMENDED that a CustomResourceDefinition exposing a Provisioned Service add service.binding/provisioned-service: "true" as a label.

I propose to add a similar label for the Secret resource used for Direct Secret Reference, something like this:

To facilitate discoverability, it is RECOMMENDED that a Secret add service.binding/bindable: "true" as a label.

Since the Secret resource used for Direct Secret Reference has the same recommendation as that of Provisioned Service Secret, a dynamic type field may exist for Secret resources. A field selector can filter Secret resources like this:

kubectl get secrets --field-selector="type=service.binding/mysql"

This selector query is not generic, the value for type is not constant. If there is a constant label selector similar to that of Provisioned Service CRD, it is much easier to retrieve all bindable Secret resources.

I think the recommendation for the label can be added to the Secret resources used for Direct Secret Reference, and not for the Secrets used in the Provisioned Service.

Note: The label selectors for CRDs and Secret resources can be used for caching.

scothis commented 3 years ago

The discovery concerns in the spec is not to find specific resources, but to find kinds of resources that can be bound. In this case, Secret is a well known kind.