Comments (4)
Rename roles to instance_groups
Hooray! Locking into Fissile again recently, I was about to suggest this, too.
Change secret generator so it supports consuming information from a variables section
For me, the generation and rotation of secrets is a separate concern that I'd suggest trying to pull out from Fissile altogether. The topic of credential rotation needs to be solved in a uniform way anyhow, even for non-containerized workloads.
cf-deployment + an ops file == role manifest
Another hooray here. I was about to comment "why is the role manifest needed at all?". So maybe the answer to "what is in the ops file?" would address this question, too.
from fissile.
@bkrannich the generation of secrets is not controlled by fissile, but by this process.
It's included as a BOSH Job in this release and runs as an errand.
The implementation is kube specific, but we can generalize that.
from fissile.
@viovanov - but why is this a concern that is related to the conversion of a BOSH release into something that can be deployed on K8s? Ultimately, wouldn't you expect to be able to use the K8s primitives for credentials, so secrets and potentially config maps and shouldn't a rotation of those be independent from the pure conversion?
from fissile.
@bkrannich if I understand what you're saying - yes, that's correct. There's no dependency to the secret generator itself.
Secret generation is an "extra" feature, that you don't have to use when deploying.
But we currently use a secret generation mechanism and we want to transition it smoothly, along with everything else.
from fissile.
Related Issues (20)
- [question] do you have a plan to support the Cloud Foundry releases for this? HOT 1
- [WIP] Dockerfile for Fissile build
- Unauthorized HOT 6
- fissile does not build HOT 1
- Walkthrough manifests are unusable HOT 3
- New compilation cache code creates broken archives
- Update dependencies once mholt/archiver#92 has landed HOT 1
- Pod runtime information is in a non-sensical spot HOT 2
- add pre-built binaries to github releases? HOT 1
- `fissile diff` only works with already unpacked release directories and not with URLs
- Race condition for active/passive pods when no leader is available HOT 4
- Example doc for build in configuration.md is wrong (create-release.sh not found) HOT 1
- Deployment fails on clusters with containerd when credentials are empty HOT 6
- Role manifest shared volume validation bug HOT 1
- Services generated by fissile make Istio malfunction HOT 2
- Move to Go Modules HOT 1
- Generated K8s resources will not be supported in K8s 1.16
- docker run example for nats-release fails: cannot access '/usr/local/bin/create-release.sh': No such file or directory HOT 7
- Cut releases with release notes? HOT 3
- Why not create docker images from rev releases?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fissile.