Command order at runtime with secret distribution #2030 and dynamic configuration #2068 #2069
Comments
bgrant0607
added
the
priority/awaiting-more-evidence
bgrant0607
added
area/usability
sig/api-machinery
|
Issues go stale after 90d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
k8s-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
This is a really early draft of how the different bootstrapping tools could be ordered and how they interact. It uses concepts from #2030 and #2068 heavily. Until these are pinpointed it's quite drafty.
Build container based on ENVs and config templates
Build encrypted Data Volume Container with GPG encryption and moby/moby#8021
Deploy via k8s and ENV-file
Bind Data Volume Container to /var/secrets
Use ENVs (with seed secret) to decrypt Data Volume Container -> seed secret = gpg key?
Use endpoint "/bootstrap.sh"
-> Run /var/secrets/ENVs.sh for credentials, PWs etc. if backend=env
-> Run /keys.sh to copy keys to actual locations
-> Run confd with ENV/etcd/consul to produce config files
-> Start actual process via confd
Needs a lot more input!
The text was updated successfully, but these errors were encountered: