Command order at runtime with secret distribution #2030 and dynamic configuration #2068 #2069
Labels
area/app-lifecycle
area/usability
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
priority/awaiting-more-evidence
Lowest priority. Possibly useful, but not yet enough support to actually get it done.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
This is a really early draft of how the different bootstrapping tools could be ordered and how they interact. It uses concepts from #2030 and #2068 heavily. Until these are pinpointed it's quite drafty.
Build container based on ENVs and config templates
Build encrypted Data Volume Container with GPG encryption and moby/moby#8021
Deploy via k8s and ENV-file
Bind Data Volume Container to /var/secrets
Use ENVs (with seed secret) to decrypt Data Volume Container -> seed secret = gpg key?
Use endpoint "/bootstrap.sh"
-> Run /var/secrets/ENVs.sh for credentials, PWs etc. if backend=env
-> Run /keys.sh to copy keys to actual locations
-> Run confd with ENV/etcd/consul to produce config files
-> Start actual process via confd
Needs a lot more input!
The text was updated successfully, but these errors were encountered: