Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Portable Service Definitions #706
The KEP already exists, but there were no issue, so creating this one.
I'm interested in working on that, and I'd like guidance on how to move this forward.
About the secrets, I'd like to mention this project from appscode - AppsBinding which is the ServiceCatalog equivalent of binding.
I think that this KEP asks again the question of Operator vs Service Catalog, and I keep asking this to myself, but I think I found the answer in this thread.
And then, to move this forward, I think we need the following:
To list them in a cluster, we can just label them I guess. But at the end of the day, all CRDs are special services to the end user. So I don't see a big difference between a normal CRD and a standard CRD.
For kubernetes project, there is not much code to write/maintain. We'll need to write/maintain this list of CRDs, and then write automation/validation.
Looking forward to see this happen!
There are also these 3 links relevant to this discussion:
This was referenced
Jan 21, 2019
Here is the repo I'd like to discuss: https://github.com/pierreozoux/StandardResourceDefinitions
This was referenced
Jan 24, 2019
@pierreozoux I'll poke at the different topics here as I get a chance. The first is the AppsBinding. Thanks for pointing me to the post on it.
One problem is the way the credentials are stored in the AppBinding CRs. They are stored in plain text inside etcd and don't appear to be mountable via things like environment variables. ConfigMaps and Secrets have a special place in Kubernetes in their ability to do that.
Secrets have been going through a bit of backend work lately. Where there used to be a flag for encrypting the data of secrets (alpha feature being enabled) there is now work to back secrets with KMS providers.
I would like to see anything we do with credentials get looped into the security mechanisms already being worked on.
Secrets have a
Kubernetes is starting to take securing credentials much more seriously, which is needed for many users and use cases, and I would like to see the work here leverage that.