You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have several teams, developing applications and managing their code via git(Gitlab). These application getting deployed to kubernetes more and more and we want to implement the kluctl-controller for pull based deployments more and more.
To enable the application teams to decide about this deployments and the versions for each environment on their own, we somehow need a solution, to pin the docker image tag to the kubernetes deployment in this pull based scenario.
We want to configure the kluctldeployments, to pull the application deployment from the application repo, where we also store the application specific kubernetes manifest files, so the kluctldeployment is using the git source and as ref a git tag in the application repo.
This git tag inside the application repo, is named like the kubernetes target/environment and points to the commit, the application teams wants to be deployed to the environment. During the build process, the commit sha will be added to the docker image in the registry.
In the kubernetes deployment, we define the http variable source, to pull the gitlab tag manifest from the api, to use the commit sha as docker image tag. Currently it looks like this:
As you can see, we are templating the target and token already and injecting this through the kluctldeployment from sops secrets. But in this case, the token is deployed or shown plaintext somewhere.
Why do you need that?
Long story short, it would be nice, to have some kind of authentication method added to the http variable source. Maybe a kind of secretRef, so the token is obfiscated in pipelines and during deployments.
The text was updated successfully, but these errors were encountered:
Uh oh!
There was an error while loading. Please reload this page.
Command
Who are you?
Platform Engineer at E3DC/Hagerenergy
What do you want to do?
We have several teams, developing applications and managing their code via git(Gitlab). These application getting deployed to kubernetes more and more and we want to implement the kluctl-controller for pull based deployments more and more.
To enable the application teams to decide about this deployments and the versions for each environment on their own, we somehow need a solution, to pin the docker image tag to the kubernetes deployment in this pull based scenario.
We want to configure the kluctldeployments, to pull the application deployment from the application repo, where we also store the application specific kubernetes manifest files, so the kluctldeployment is using the git source and as ref a git tag in the application repo.
This git tag inside the application repo, is named like the kubernetes target/environment and points to the commit, the application teams wants to be deployed to the environment. During the build process, the commit sha will be added to the docker image in the registry.
In the kubernetes deployment, we define the http variable source, to pull the gitlab tag manifest from the api, to use the commit sha as docker image tag. Currently it looks like this:
and the kubernetes deployment image definition like this:
As you can see, we are templating the target and token already and injecting this through the kluctldeployment from sops secrets. But in this case, the token is deployed or shown plaintext somewhere.
Why do you need that?
Long story short, it would be nice, to have some kind of authentication method added to the http variable source. Maybe a kind of secretRef, so the token is obfiscated in pipelines and during deployments.
The text was updated successfully, but these errors were encountered: