Comments (7)
I have a secret that needs to be passed into a specific package in the bundle as a zarf variable. I could set this in a uds-config.yaml but that is a security risk, especially in any CI, preferably I could do something like
uds bundle deploy some-bundle.zst --set=bundle.deploy.zarf-packages.needs-secret.set.secretvar=${SOME_SECRET}
It's just another way of declaring what the uds-config.yaml file does
from uds-cli.
Thanks for this @rjferguson21 ! Can you elaborate on the use case for these additional methods? Or does the current uds-config.yaml
method feel weird?
from uds-cli.
My understanding is that the uds-config.yaml would not be published with the bundle artifact. If that is the case it would be impossible to publish a bundle that specified different zarf variables than the package defaults.
In my mental model the published bundle artifact is similar to the default values.yaml
that come with a helm chart. They are the best effort defaults from the bundle publisher. I think uds-config.yaml is a fine solution for a customer deployment, but I think it makes sense to allow some kind of configuration to be applied to the packages by the bundler. Some of this might addressed by #19 but I think there are distinct use cases where you'd want to explicitly set package variables without using globals.
The --set=dubbd.FOO=bar
might be less common but would come in handy for one offs like in CI or in places where you did not want to mutate a source controlled file like uds-config.yaml
from uds-cli.
Chatted about this @corang and @mikevanhemert . I think the direction to go is bundling the uds-config.yaml
in the bundle artifact
from uds-cli.
I think the --set
flag needs to be added too, that way secrets that are passed in via package variables don't need to be written to a file @UncleGedd
from uds-cli.
--set
scares me a bit. Thinking of the broader UDS UX goals, ideally there is a single way to do things, including setting variables. Can you provide an example where --set
is absolutely necessary?
from uds-cli.
Gotcha, deploy-time secrets is something I haven't fully thought through. I think the current method is to:
- set the secret at deploy-time in Zarf as a variable and
export
it in the bundle- for example, RDS connection info can be grabbed from TF outputs and put into a Zarf var inside a Zarf component
- if another package in the bundle needs that secret, it would
import
it
^^ this assumes that the secrets are generated by the underlying Zarf packages. But there are def situations where this isn't the case (ie. certs, API keys, enterprise licenses)
from uds-cli.
Related Issues (20)
- bundle linting HOT 1
- Improve dev docs and use Maru HOT 2
- Introduce uds-cli "docs" feature HOT 1
- Support timeout as package parameter
- Support for config values sources/plugins HOT 1
- uds inspect --validate HOT 1
- Remove layer verification HOT 1
- Optional components aren't excluded from the bundle HOT 1
- engine: UDS state and intelligent removes
- ADR for OCI media types
- UDS-Cli - index out of range error HOT 1
- Investigate dead code automation
- uds dev deploy remote bundle HOT 1
- Spike: What colors can be used in tasks HOT 2
- uds config variable check only on deploy
- Expand package selection to include components within those packages
- Caching Refactor
- Refactor overrides
- Add ability to view override and config options for a given bundle prior to deployment
- Check bundle arch against cluster arch HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uds-cli.