kube-service-bindings
Advanced tools
Changelog
3.0.0 (2023-06-01)
Readme
Service bindings is kubernetes spec on how to communicate service secrets to applications in an automated way. The spec is available here.
The goal of this package is to make it easy for Node.js applications to consume these secrets, without requiring developers to be familiar with service bindings.
npm install kube-service-bindings --save
kube-service-bindings supports and is tested only on the current, maintenance and active Node.js LTS versions. We will bump the major version in a release of kube-service-bindings soon after an LTS version of Node.js goes EOL.
The package provides the getBinding method which does roughly
the following:
This is an example of how kube-service-bindings might be used:
const Kafka = require('node-rdkafka');
const serviceBindings = require('kube-service-bindings');
try {
// check if the deployment has been bound to a kafka instance through
// service bindings. If so use that connect info
kafkaConnectionBindings = serviceBindings.getBinding('KAFKA', 'node-rdkafka');
} catch (err) { // proper error handling here
};
const stream = Kafka.KafkaConsumer.createReadStream(
Object.assign({
'group.id': 'consumer-test', // identifier to use to help trace activity in Kafka
'socket.keepalive.enable': true, // Enable TCP keep-alives on broker sockets
'enable.auto.commit': false // Automatically and periodically commit offsets in the background.
}, kafkaConnectionBindings),
{},
{
topics: 'countries'
}
);
The parameters for getBinding include:
| Parameter | Type |
|---|---|
| type | String |
| client | String |
| bindingOptions | Object |
The type of service for which a binding is being requested. Currently the supported types are:
The package the application is using to connect to the service. kube-service-bindings is aware of a subset of possible packages. For those that it is aware of, it can map the service bindings into the form required by the client.
Currently the following clients are recognized based on the supported types:
(Deprecated) If you don't specify a client, the object returned will be a direct map from the bindings, with the keys corresponding to the name of each file provided by the binding.
const serviceBindings = require('kube-service-bindings');
const { MongoClient } = require('mongodb');
const { url, connectionOptions } = serviceBindings.getBinding(
'MONGODB',
'mongodb'
);
const mongoClient = new MongoClient(url, connectionOptions);
An object which provides additional control over how binding data is parsed.
| Attribute | type | default Value |
|---|---|---|
| id | String | undefined |
| removeUnmapped | Boolean | as set by client, or true if not set by client |
| allowCopy | Boolean | false |
| bindingData | Object | undefined |
Id used to filter the available bindings. For example, if you have two Kafka services bound to your application an id can be specified to identify which one should be used. If there are multiple bindings that satisfy a request and no id is specified, the first one found will be used.
Removes all binding data which is not mapped for the client. If false any binding data which is not mapped remains in it's raw form on the binding object returned. The default depends on the client.
Enables setting proper permissions for some of the binding data, where the system has not provided them correctly. It allows binding files content to be copied/stored in a new file and directory. This has to be enabled by the user in order to be aware of the security risk, as some files might include sensitive material. For example, connecting to postgresql with the odbc client, the following error is thrown for the tls.key file if copies are not allowed: permissions should be u=rw (0600) or less.
An optional object for passing binding data to kube-service-bindings. This is useful especially in local dev environtment or as a fallback in case of binding data are not available.
Example 1 mongodb client:
const serviceBindings = require('kube-service-bindings');
let url;
let connectionOptions;
try {
({ url, connectionOptions } = serviceBindings.getBinding(
'MONGODB',
'mongodb'
));
} catch (err) {
({ url, connectionOptions } = serviceBindings.getBinding(
'MONGODB',
'mongodb',
{
host: 'mongodb.host.com',
password: 'password',
port: 27017,
username: 'user1'
}
));
}
Example 2 kafkajs client:
const serviceBindings = require('kube-service-bindings');
let kafkaConnectionBindings;
try {
kafkaConnectionBindings = serviceBindings.getBinding('KAFKA', 'kafkajs');
} catch (err) {
kafkaConnectionBindings = serviceBindings.getBinding('KAFKA', 'kafkajs', {
bootstrapServers: 'test-boostrap:443',
clientId: 'client1',
clientSecret: 'pass1',
password: 'pass1',
provider: 'rhoas',
saslMechanism: 'PLAIN',
securityProtocol: 'SASL_SSL',
type: 'kafka',
user: 'user1'
});
}
If you don't specify any parameters the getBinding function will return binding data in raw format.
$ tree $SERVICE_BINDING_ROOT
/bindings
├── kafka-bindings
│ ├── bootstrapServers
│ ├── clientId
│ ├── clientSecret
│ ├── password
│ ├── provider
│ ├── saslMechanism
│ ├── securityProtocol
│ ├── type
│ └── user
└── kafka-bindings-another
├── bootstrapServers
├── clientId
├── clientSecret
├── password
├── provider
├── saslMechanism
├── securityProtocol
├── type
└── user
By executing getBinding in the above environment.
const serviceBindings = require('kube-service-bindings');
const rawBindingData = getBinding();
console.log(rawBindingData);
Will result in below output:
[
{
"bootstrapServers": "test-boostrap:443",
"clientId": "client1",
"clientSecret": "pass1",
"password": "pass1",
"provider": "rhoas",
"saslMechanism": "PLAIN",
"securityProtocol": "SASL_SSL",
"type": "kafka",
"user": "user1"
},
{
"bootstrapServers": "another-test-boostrap:443",
"clientId": "another-client1",
"clientSecret": "another-pass1",
"password": "another-pass1",
"provider": "another-rhoas",
"saslMechanism": "another-PLAIN",
"securityProtocol": "another-SASL_SSL",
"type": "another-kafka",
"user": "another-user1"
}
]
FAQs
helper for consuming kubernetes service bindings
The npm package kube-service-bindings receives a total of 14,573 weekly downloads. As such, kube-service-bindings popularity was classified as popular.
We found that kube-service-bindings demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.