[Feature]: App Developer can see Service Credential Bindings projected onto running workloads via VCAP_SERVICES

[tcdowney]

Blockers/Dependencies

No response

Background

As an App Developer
I want Credentials from Service Bindings for User-provided Service Instances to be accessible via the VCAP_SERVICES environment variable
So that my existing CF apps that are VCAP_SERVICES aware can continue to work

---

Acceptance Criteria

GIVEN I have multiple CFServiceBindings bindings bound to an app
WHEN I inspect the running Pods for that app
THEN I see that there is a VCAP_SERVICES environment variable with its value set to a json string containing credentials/info about each binding.

For example, in CF today you'd see something like this after cf ssh-ing on to an app:

vcap@ea6b07a8-bb91-4b16-43d3-9b4e:~$ env | grep VCAP_SERVICES -A 18
VCAP_SERVICES={"user-provided":[{
  "label": "user-provided",
  "name": "test-upsi",
  "tags": [

  ],
  "instance_guid": "f4a3a20f-8fd5-4233-afd3-cfcd863986e1",
  "instance_name": "test-upsi",
  "binding_guid": "13bbc5ee-14a5-400b-a354-a68dd52a1807",
  "binding_name": null,
  "credentials": {
    "user-provided-key-1": "user-provided-value-1",
    "user-provided-key-2": "user-provided-value-2"
  },
  "syslog_drain_url": null,
  "volume_mounts": [

  ]
}]}

---

Dev Notes

• "name" is an optional field for bindings. When "name" is empty/missing it should be set to be the same name as the Service Instance in VCAP_SERVICES
• In the exploration/spike we found that the the ProcessController was the best place to do this

Resources:

• Related Exploration: [Explore]: Spike out User Provided Service Instances Support Using Kubernetes Service Bindings for Runtime #367
• UPSI Proposal Doc

[krnbr]

Sorry to piggy back this issue,

Can someone please share the details, how to make credhub avaiable as a service in the korifi? How to brokerize it?

@matt-royal, @gnovv! if you can help?