search

GoogleCloudPlatform / solutions-modern-cicd-anthos

An end-to-end operating model for onboarding and continually deploying services with Anthos.
Apache License 2.0
86 stars 61 forks source link

Simplifying use of gatekeeper kpt function #43

Open frankfarzan opened 4 years ago

frankfarzan commented 4 years ago

https://github.com/GoogleCloudPlatform/solutions-modern-cicd-anthos/blob/master/starter-repos/shared-ci-cd/cd/validate.yaml

Above is a completely valid use of kpt CLI and may be desirable if you actually want separate steps. But we can use a single step as well:

    kpt pkg get https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/platform-admins/anthos-config-management.git/constraints/apps app-constraints
    kpt fn source app-constraints/ hydrated-manifests/ | kpt fn run --image gcr.io/kpt-functions/gatekeeper-validate
  artifacts:
    paths:
      - hydrated-manifests/

We can potentially simplify this even further by having kpt fn run to merge multiple directories.

viglesiasce commented 4 years ago

In this case you'd have to have a docker daemon right? Namely for kpt fn run --image ... to work. Or does kpt fn run do something fancy with pulling out the binary from the OCI image directly?