cncf-helm@lists.cncf.io | Is there any way to enforce constraints

Home Messages Hashtags Subgroups

Date Date 1 - 5 of 5

Is there any way to enforce constraints

Loritsch, Berin <bloritsch@...> #349 Example: I am creating a chart for a single page app server. In it I want the ability to add a reference to the TLS secret. The TLS secret would be provided by the person using the chart. In my chart I want to enforce that the provided Secret is the type: kubernetes.io/tls I want that constraint enforced prior to deploying the chart. -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708
More All Messages By This Member
Loritsch, Berin <bloritsch@...> #352 It appears this did not garner any attention. Is there any way to enforce constraints on a chart's dependencies? For example, I would like to have my chart enforce a specific _type_ of secret the consumer provides. My container can use TLS secrets and make use of them if they are provided. However, it won't make sense if the user supplies a service account token or basic-auth token. It would be fine if the secret is not provided at all, but if it is provided it should be a specific type. I am clear on how to create the templates, and mount the secret to my container. I'm not clear on how to enforce rather important constraints like that. toggle quoted message Show quoted text On Tue, Jan 12, 2021 at 10:17 AM Loritsch, Berin <bloritsch@...> wrote: Example: I am creating a chart for a single page app server. In it I want the ability to add a reference to the TLS secret. The TLS secret would be provided by the person using the chart. In my chart I want to enforce that the provided Secret is the type: kubernetes.io/tls I want that constraint enforced prior to deploying the chart. -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708 -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708
More All Messages By This Member
Paul Czarkowski #353 Hey Berin, I’m not sure if this completely answers the question, but the helm lookup function (https://helm.sh/docs/chart_template_guide/functions_and_pipelines/) may be usable here to introspect the secret and make sure it has the correct type or the correct keys in the data. From: cncf-helm@... <cncf-helm@...> On Behalf Of Loritsch, Berin via lists.cncf.io Sent: Friday, January 15, 2021 1:47 PM To: cncf-helm@... Subject: Re: [cncf-helm] Is there any way to enforce constraints It appears this did not garner any attention. Is there any way to enforce constraints on a chart's dependencies? For example, I would like to have my chart enforce a specific _type_ of secret the consumer provides. My container can use TLS secrets and make use of them if they are provided. However, it won't make sense if the user supplies a service account token or basic-auth token. It would be fine if the secret is not provided at all, but if it is provided it should be a specific type. I am clear on how to create the templates, and mount the secret to my container. I'm not clear on how to enforce rather important constraints like that. toggle quoted message Show quoted text On Tue, Jan 12, 2021 at 10:17 AM Loritsch, Berin <bloritsch@...> wrote: Example: I am creating a chart for a single page app server. In it I want the ability to add a reference to the TLS secret. The TLS secret would be provided by the person using the chart. In my chart I want to enforce that the provided Secret is the type: kubernetes.io/tls I want that constraint enforced prior to deploying the chart. -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708 -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708
More All Messages By This Member
Loritsch, Berin <bloritsch@...> #354 Would 2pm work for you on monday? toggle quoted message Show quoted text On Fri, Jan 15, 2021 at 2:54 PM Paul Czarkowski <pczarkowski@...> wrote: Hey Berin, I’m not sure if this completely answers the question, but the helm lookup function (https://helm.sh/docs/chart_template_guide/functions_and_pipelines/) may be usable here to introspect the secret and make sure it has the correct type or the correct keys in the data. From: cncf-helm@... <cncf-helm@...> On Behalf Of Loritsch, Berin via lists.cncf.io Sent: Friday, January 15, 2021 1:47 PM To: cncf-helm@... Subject: Re: [cncf-helm] Is there any way to enforce constraints It appears this did not garner any attention. Is there any way to enforce constraints on a chart's dependencies? For example, I would like to have my chart enforce a specific _type_ of secret the consumer provides. My container can use TLS secrets and make use of them if they are provided. However, it won't make sense if the user supplies a service account token or basic-auth token. It would be fine if the secret is not provided at all, but if it is provided it should be a specific type. I am clear on how to create the templates, and mount the secret to my container. I'm not clear on how to enforce rather important constraints like that. On Tue, Jan 12, 2021 at 10:17 AM Loritsch, Berin <bloritsch@...> wrote: Example: I am creating a chart for a single page app server. In it I want the ability to add a reference to the TLS secret. The TLS secret would be provided by the person using the chart. In my chart I want to enforce that the provided Secret is the type: kubernetes.io/tls I want that constraint enforced prior to deploying the chart. -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708 -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708 -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708
More All Messages By This Member
Loritsch, Berin <bloritsch@...> #355 Sorry, wrong email. toggle quoted message Show quoted text On Fri, Jan 15, 2021 at 4:46 PM Loritsch, Berin via lists.cncf.io <bloritsch=novetta.com@...> wrote: Would 2pm work for you on monday? On Fri, Jan 15, 2021 at 2:54 PM Paul Czarkowski <pczarkowski@...> wrote: Hey Berin, I’m not sure if this completely answers the question, but the helm lookup function (https://helm.sh/docs/chart_template_guide/functions_and_pipelines/) may be usable here to introspect the secret and make sure it has the correct type or the correct keys in the data. From: cncf-helm@... <cncf-helm@...> On Behalf Of Loritsch, Berin via lists.cncf.io Sent: Friday, January 15, 2021 1:47 PM To: cncf-helm@... Subject: Re: [cncf-helm] Is there any way to enforce constraints It appears this did not garner any attention. Is there any way to enforce constraints on a chart's dependencies? For example, I would like to have my chart enforce a specific _type_ of secret the consumer provides. My container can use TLS secrets and make use of them if they are provided. However, it won't make sense if the user supplies a service account token or basic-auth token. It would be fine if the secret is not provided at all, but if it is provided it should be a specific type. I am clear on how to create the templates, and mount the secret to my container. I'm not clear on how to enforce rather important constraints like that. On Tue, Jan 12, 2021 at 10:17 AM Loritsch, Berin <bloritsch@...> wrote: Example: I am creating a chart for a single page app server. In it I want the ability to add a reference to the TLS secret. The TLS secret would be provided by the person using the chart. In my chart I want to enforce that the provided Secret is the type: kubernetes.io/tls I want that constraint enforced prior to deploying the chart. -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708 -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708 -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708 -- Berin Loritsch DOMEX Architect 7921 Jones Branch Drive McLean, VA 22102 Email bloritsch@... Office (703) 735-6281 Mobile (571) 215-7708
More All Messages By This Member

1 - 5 of 5

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms