diff --git a/internal/controller/reconcile.go b/internal/controller/reconcile.go index 0697e36..bf1a724 100644 --- a/internal/controller/reconcile.go +++ b/internal/controller/reconcile.go @@ -50,7 +50,7 @@ const ( AnnotationSubscriptionContextSecret = "sme.sap.com/subscription-context-secret" AnnotationProviderSubAccountId = "sme.sap.com/provider-sub-account-id" AnnotationEnableCleanupMonitoring = "sme.sap.com/enable-cleanup-monitoring" - AnnotationUseVolumeMount = "sme.sap.com/use-volume-mount" + AnnotationUseVolumeMount = "sme.sap.com/use-credential-volume-mount" FinalizerCAPApplication = "sme.sap.com/capapplication" FinalizerCAPApplicationVersion = "sme.sap.com/capapplicationversion" FinalizerCAPTenant = "sme.sap.com/captenant" diff --git a/internal/controller/testdata/capapplicationversion/cav-use-vol-mount.yaml b/internal/controller/testdata/capapplicationversion/cav-use-vol-mount.yaml index 10fa396..a3c3f76 100644 --- a/internal/controller/testdata/capapplicationversion/cav-use-vol-mount.yaml +++ b/internal/controller/testdata/capapplicationversion/cav-use-vol-mount.yaml @@ -6,7 +6,7 @@ metadata: annotations: sme.sap.com/btp-app-identifier: btp-glo-acc-id.test-cap-01 sme.sap.com/owner-identifier: default.test-cap-01 - sme.sap.com/use-volume-mount: "true" + sme.sap.com/use-credential-volume-mount: "true" labels: sme.sap.com/btp-app-identifier-hash: f20cc8aeb2003b3abc33f749a16bd53544b6bab2 sme.sap.com/owner-generation: "2" diff --git a/internal/controller/testdata/capapplicationversion/expected/cav-processing-use-vol-mount.yaml b/internal/controller/testdata/capapplicationversion/expected/cav-processing-use-vol-mount.yaml index 475b05b..40dfb1d 100644 --- a/internal/controller/testdata/capapplicationversion/expected/cav-processing-use-vol-mount.yaml +++ b/internal/controller/testdata/capapplicationversion/expected/cav-processing-use-vol-mount.yaml @@ -6,7 +6,7 @@ metadata: annotations: sme.sap.com/btp-app-identifier: btp-glo-acc-id.test-cap-01 sme.sap.com/owner-identifier: default.test-cap-01 - sme.sap.com/use-volume-mount: "true" + sme.sap.com/use-credential-volume-mount: "true" labels: sme.sap.com/btp-app-identifier-hash: f20cc8aeb2003b3abc33f749a16bd53544b6bab2 sme.sap.com/owner-generation: "2" diff --git a/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount-custom.yaml b/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount-custom.yaml index 6ad749c..95fe5e1 100644 --- a/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount-custom.yaml +++ b/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount-custom.yaml @@ -5,7 +5,7 @@ metadata: annotations: sme.sap.com/btp-app-identifier: btp-glo-acc-id.test-cap-01 sme.sap.com/owner-identifier: default.test-cap-01 - sme.sap.com/use-volume-mount: "true" + sme.sap.com/use-credential-volume-mount: "true" labels: sme.sap.com/btp-app-identifier-hash: f20cc8aeb2003b3abc33f749a16bd53544b6bab2 sme.sap.com/owner-generation: "2" diff --git a/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount.yaml b/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount.yaml index 588fb58..3452646 100644 --- a/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount.yaml +++ b/internal/controller/testdata/common/capapplicationversion-v1-use-vol-mount.yaml @@ -6,7 +6,7 @@ metadata: annotations: sme.sap.com/btp-app-identifier: btp-glo-acc-id.test-cap-01 sme.sap.com/owner-identifier: default.test-cap-01 - sme.sap.com/use-volume-mount: "true" + sme.sap.com/use-credential-volume-mount: "true" labels: sme.sap.com/btp-app-identifier-hash: f20cc8aeb2003b3abc33f749a16bd53544b6bab2 sme.sap.com/owner-generation: "2" diff --git a/website/content/en/docs/usage/resources/capapplicationversion.md b/website/content/en/docs/usage/resources/capapplicationversion.md index 6e8553b..1a47ba6 100644 --- a/website/content/en/docs/usage/resources/capapplicationversion.md +++ b/website/content/en/docs/usage/resources/capapplicationversion.md @@ -42,7 +42,7 @@ spec: > The `CAPApplicationVersion` resource is meant to be immutable - it's spec should not be modified once it is deployed. This is also prevented by our web-hooks which we recommend to always keep active (default). -> By default, credentials (from secrets) required to access SAP BTP services are automatically provided as the `VCAP_SERVICES` environment variable across all workloads. However, this behavior can be changed to use volume mounts by setting the annotation `sme.sap.com/use-volume-mount: "true"` on the `CAPApplicationVersion` resource. When this annotation is set, the `SERVICE_BINDING_ROOT` environment variable will be injected into all the workloads, pointing to the secret path and overriding any user-defined values, if specified. +> By default, credentials (from secrets) required to access SAP BTP services are automatically provided as the `VCAP_SERVICES` environment variable across all workloads. However, this behavior can be changed to use volume mounts by setting the annotation `sme.sap.com/use-credential-volume-mount: "true"` on the `CAPApplicationVersion` resource. When this annotation is set, the `SERVICE_BINDING_ROOT` environment variable will be injected into all the workloads, pointing to the secret path and overriding user-defined values, if any. ### Workloads with `deploymentDefinition` @@ -366,4 +366,4 @@ spec: > > The supported configurations is kept minimal intentionally to keep the overall API simple by considering commonly used configurations. -> Note: For `initContainers` nearly the same environment variables as the main container are made available including VCAP_SERVICES environment. +> Note: For `initContainers` nearly the same environment variables as the main container are made available including VCAP_SERVICES environment. Additionally, if annotation `sme.sap.com/use-credential-volume-mount: "true"` is set on the `CAPApplicationVersion` resource, the environment variable `SERVICE_BINDING_ROOT` and the volume mounts for the service credentials will also be made available.