(Define and) use Akri-specific Secret types #694
Comments
|
Actually implementing the warnings, eg with a sample ValidatingAdmissionPolicy, would be a follow-up task once the Secret types are defined and documented. |
|
@sftim thank you for submitting this feature request, this seems like it would be a great addition! @johnsonshih can you please take a look at this feature request? this is generally use-case/protocol specific. this might make more sense when we split the configuration - defining which secret types it can consume in discovery config and validate with admission webhook that the secret has correct structure for a given protocol/config. |
I would use ValidatingAdmissionPolicy where available, but admission webhooks work too. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a way you would like Akri extended? Please describe.
Examples such as https://docs.akri.sh/demos/onvif-authentication-access suggesting defining Secrets with type
Opaque. However, Kubernetes actually allows defining types of Secret that are more fine grained; for example,devices.akri.sh/onvif-credentialsfor ONVIF, ordevices.akri.sh/tls-clientfor OPCUA broker credentials.Using a type that isn't Opaque allows for admission-time validation (for example, you can validate that a Secret used with ONVIF has
device_credential_listandcredential_listkeys, and that the values for these are both valid JSON documents). You can even get a Warning: to remind you not to use an Opaque secret with an Akri Configuration object; because it's a Warning, you get reminded but your existing manifests and charts carry on working.Describe the solution you'd like
Describe alternatives you've considered
Additional context
See Kubernetes' documentation on types of Secret.
The text was updated successfully, but these errors were encountered: