Home > Storage > ObjectScale and ECS > Product Documentation > ECS Storage Broker Installation Guide > Binding an instance
Binding an Instance to a Kubernetes cluster will tell the service broker to create an object user with full control rights to the instance (bucket) and then create a secret configuration and place the secret into the namespace you configured in the Instance creation step.
Below is the YAML structure you will use to initiate binding.
kind: ServiceBinding
metadata:
name: yaml-instance-v2-binding
namespace: default
spec:
instanceRef:
name: yaml-instance-v2
secretName: shhh-my-secret
In the metadata name line, you will add a name to identify your binding, in the namespace line add in the Kubernetes namespace which you want to use the secret in or where your application resides. The namespace has to exist at the time of running this YAML.
In spec, instanceeRef the name line needs to match the instance you created in the previous YAML, this is so the binding know which bucket to create the object user for. In the secretName this allows you to apply a custom name to your Kubernetes secret file.
Below is a sample Kubernetes secret file. To use this secret file inside a pod you have two options:
Import the secret data as individual environment variables into your pod.
Mount the secret file as a volume definition in your pod YAML file.
root@local:~# kubectl describe secret shhh-my-secret
Name: shhh-my-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
accessKey: 48 bytes
bucket: 48 bytes
endpoint: 25 bytes
path-style-access: 4 bytes
s3Url: 166 bytes
secretKey: 40 bytes
If you want to decode the base64 encryption which a Kubernetes Secret file has been wrapped in use the below command with the corresponding JSON Path’s.
Below are the JSON Path for all of the areas of the secret file.
i {.data.accessKey}
ii {.data.secretKey}
iii {.data.bucket}
iv {.data.endpoint}
v {.data.s3Url}
vi {.data.path-style-access}
To decode the base64 encoded secrets use the below example and subsittute the JSON path fields.
root@local:~# kubectl get secrets <SECRET_NAME> -o jsonpath='{.data.accessKey}' -n <NAMESPACE> | base64 -d