feat: add proposal #6 - k8s best practices #32
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
mgoltzsche
force-pushed
the
k8s_best_practices
branch
from
0059f83
to
496f4ba
Compare
mgoltzsche
force-pushed
the
k8s_best_practices
branch
from
496f4ba
to
812f158
Compare
| TODO: To be refined: | ||
| * SourceRepository controller that accepts pipeline bot invitations (more of a security concern) - maybe not a good idea after all since e.g. github request for bot invitations could hang and therefore block the reconcile loop -> would need to spawn a pod to accept the invite | ||
| * Promotion controller that triggers a rollout and reflects its state in the corresponding CR's status so that clients (like jxui) can easily query it) - question remains how to make this work consistently with GitOps | ||
| * ... |
There was a problem hiding this comment.
I believe that RoleController is currently being extracted out of JX and there is also work happening on an Environment/Preview Controller.
| * Correspondingly avoid joining API resources - at least when listing them. | ||
| * Security: Don't mix security concerns. Think of how different security-related responsibilities can be separated before implementing new features. Model CRDs so that K8s' RBAC can be leveraged. | ||
|
|
||
| ## 4. External interface(s) & user load |
There was a problem hiding this comment.
Deane recommends to call them "public" interface and encourage users to use these only instead of relying on potentially more unstable internal k8s APIs.
Closes #30
Relates to #31