Make the role manifest compatible with BOSH deployment manifests about fissile HOT 4 CLOSED

Rename roles to instance_groups

Hooray! Locking into Fissile again recently, I was about to suggest this, too.

Change secret generator so it supports consuming information from a variables section

For me, the generation and rotation of secrets is a separate concern that I'd suggest trying to pull out from Fissile altogether. The topic of credential rotation needs to be solved in a uniform way anyhow, even for non-containerized workloads.

cf-deployment + an ops file == role manifest

Another hooray here. I was about to comment "why is the role manifest needed at all?". So maybe the answer to "what is in the ops file?" would address this question, too.

from fissile.

@bkrannich the generation of secrets is not controlled by fissile, but by this process.

It's included as a BOSH Job in this release and runs as an errand.

The implementation is kube specific, but we can generalize that.

from fissile.

@viovanov - but why is this a concern that is related to the conversion of a BOSH release into something that can be deployed on K8s? Ultimately, wouldn't you expect to be able to use the K8s primitives for credentials, so secrets and potentially config maps and shouldn't a rotation of those be independent from the pure conversion?

from fissile.

@bkrannich if I understand what you're saying - yes, that's correct. There's no dependency to the secret generator itself.
Secret generation is an "extra" feature, that you don't have to use when deploying.

But we currently use a secret generation mechanism and we want to transition it smoothly, along with everything else.

from fissile.