-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add secret and configmap generator plugins #760
Conversation
This is great, I see you even included a sops dotenv plugin. I would like to try it out, but I am unsure how the sops integration works exactly. Can you give a concrete example? |
@jcassee cd into the sops plugin dir and build the plugin with Then do something like this:
|
@jcassee I tested out the sops plugin and added some code so that you can use relative file paths. |
@sethpollack this is interesting. Please take the kvPair refactor out of this PR and into its own pr, so we can get it in regardless and so it doesn't distract from the security changes. Would happily review :) This feature is meant to replace a perceived security risk that forced a fairly large rollback of a kubectl PR. So although it's nice to have the POC, we need discussion attached to a KEP PR and review. Nothing impacting security can go into kustomize or kubectl w/o a KEP in this repo. |
@monopole Ok rebased on the kvPair refactor. Also opened a KEP PR kubernetes/enhancements#811 |
@sethpollack Just tried it out. Works great! I like the idea, and I'm interested in what kind of feedback your KEP receives. |
@jcassee thanks for the feedback! |
@monopole I updated the implementation, can you take a look and let me know what you think? |
b6a8577
to
2820f12
Compare
k8sdeps/kv/plugin/testonly.go
Outdated
return kvs, nil | ||
} | ||
|
||
func (p *testonly) load(name string) (KVSource, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this causes the linter to fail during Travis CI job:
k8sdeps/kv/plugin/testonly.go:41:25: `(*testonly).load` - `name` is unused (unparam)
@monopole I fixed your comments, can you take a look? |
please rebase and we'll merge this. |
Ok |
@monopole done! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: monopole, sethpollack The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks @sethpollack and @monopole for seeing this through! |
@sethpollack At some time this PR contained examples to replace the old |
I can try and find them. @monopole what do you think about adding a repo for kustomize plugins? |
@jcassee Something like this should work
|
@sethpollack Thanks, that worked! Now to create a plugin that emulates:
I'll post here when I get something working, for posterity. |
This is a plugin for replacing the
Code:
|
I published both plugins at https://github.com/goabout/goabout-kustomize-plugins. I'd be happy to have them included in some central plugin repository. |
@sethpollack big thanks for this 👍 What I am wondering right now is how I am able to get information towards the plugin. For example am I able to do this in the end?
The args part is clear but is this the only way to pass data? Or can I access here |
@fentas No you would need to pass those as extra args. |
Is there any reason type of |
This is a POC of my plugin suggestion from #692
Plugins are loaded from
~/.kustomize/plugins
so there is no risk of executing malicious code from a remote base. Also plugins are built out of tree and allows people to create their own integrations.Also to solve the distribution problem we can provide some base plugins and export them to
~/.kustomize/plugins
with akustomize plugin save -d ~/.kustomize/plugins
command.Some example plugins are provided in the
plugins/
directory. They can be built withgo build -buildmode=plugin
They can be used as follows: