mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 15:46:57 +01:00
91 lines
3.4 KiB
Plaintext
91 lines
3.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * openshift_images/using-templates.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="templates-exposing-object-fields_{context}"]
|
|
= Exposing template object fields
|
|
|
|
Template authors can indicate that fields of particular objects in a template should be exposed. The {tsb-name} recognizes exposed fields on `ConfigMap`, `Secret`, `Service`, and `Route` objects, and returns the values of the exposed fields when a user binds a service backed by the broker.
|
|
|
|
To expose one or more fields of an object, add annotations prefixed by `template.openshift.io/expose-` or `template.openshift.io/base64-expose-` to the object in the template.
|
|
|
|
Each annotation key, with its prefix removed, is passed through to become a key in a `bind` response.
|
|
|
|
Each annotation value is a Kubernetes JSONPath expression, which is resolved at bind time to indicate the object field whose value should be returned in the `bind` response.
|
|
|
|
[NOTE]
|
|
====
|
|
`Bind` response key-value pairs can be used in other parts of the system as environment variables. Therefore, it is recommended that every annotation key with its prefix removed should be a valid environment variable name -- beginning with a character `A-Z`, `a-z`, or `pass:[_]`, and being followed by zero or more characters `A-Z`, `a-z`, `0-9`, or `pass:[_]`.
|
|
====
|
|
|
|
[NOTE]
|
|
====
|
|
Unless escaped with a backslash, Kubernetes' JSONPath implementation interprets characters such as `.`, `@`, and others as metacharacters, regardless of their position in the expression. Therefore, for example, to refer to a `ConfigMap` datum named `my.key`, the required JSONPath expression would be `{.data['my\.key']}`. Depending on how the JSONPath expression is then written in YAML, an additional backslash might be required, for example `"{.data['my\\.key']}"`.
|
|
====
|
|
|
|
The following is an example of different objects' fields being exposed:
|
|
|
|
[source,yaml]
|
|
----
|
|
kind: Template
|
|
apiVersion: template.openshift.io/v1
|
|
metadata:
|
|
name: my-template
|
|
objects:
|
|
- kind: ConfigMap
|
|
apiVersion: v1
|
|
metadata:
|
|
name: my-template-config
|
|
annotations:
|
|
template.openshift.io/expose-username: "{.data['my\\.username']}"
|
|
data:
|
|
my.username: foo
|
|
- kind: Secret
|
|
apiVersion: v1
|
|
metadata:
|
|
name: my-template-config-secret
|
|
annotations:
|
|
template.openshift.io/base64-expose-password: "{.data['password']}"
|
|
stringData:
|
|
password: <password>
|
|
- kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: my-template-service
|
|
annotations:
|
|
template.openshift.io/expose-service_ip_port: "{.spec.clusterIP}:{.spec.ports[?(.name==\"web\")].port}"
|
|
spec:
|
|
ports:
|
|
- name: "web"
|
|
port: 8080
|
|
- kind: Route
|
|
apiVersion: route.openshift.io/v1
|
|
metadata:
|
|
name: my-template-route
|
|
annotations:
|
|
template.openshift.io/expose-uri: "http://{.spec.host}{.spec.path}"
|
|
spec:
|
|
path: mypath
|
|
----
|
|
|
|
An example response to a `bind` operation given the above partial template follows:
|
|
|
|
[source,json]
|
|
----
|
|
{
|
|
"credentials": {
|
|
"username": "foo",
|
|
"password": "YmFy",
|
|
"service_ip_port": "172.30.12.34:8080",
|
|
"uri": "http://route-test.router.default.svc.cluster.local/mypath"
|
|
}
|
|
}
|
|
----
|
|
|
|
.Procedure
|
|
|
|
* Use the `template.openshift.io/expose-` annotation to return the field value as a string. This is convenient, although it does not handle arbitrary binary data.
|
|
|
|
* If you want to return binary data, use the `template.openshift.io/base64-expose-` annotation instead to base64 encode the data before it is returned.
|