This is more of a question than an issue, but:
We're currently (probably not the only ones) trying to make a descision to go with service-operator or service-broker. I'm leaning against the former.
my question is: We need to be able to control some aspects of the aws resource generation - such as applying standard prefix names and tags to s3 buckets for instance. Another example is iam role permissions - if a "service" asks for a bucket to be created, we want to automatically create the iam resources that allows that service access to the bucket it requested.
In service-operator what are my options here? It looks like the CRDs are mapped to fairly plan cfn templates - are we supposed to just fork this repo and maintain our own custom cfn templates? I'm relucatant to start building mutating webhooks for all of this, I'm fairly sure that would be messy.
I guess I'm asking for whether or not the service-operator is supposed to be a 1-to-1 mapping between CRDs and AWS resources (s3 buckets for instance), or if it's meant to be used as a building block so that a CRD (bucket) can generate all the required things (s3 bucket, iam policy, policy mapping, etc etc).
Just trying to figure out where to go from here, any pointers or thoughts appreciated.
This is more of a question than an issue, but: We're currently (probably not the only ones) trying to make a descision to go with service-operator or service-broker. I'm leaning against the former.
my question is: We need to be able to control some aspects of the aws resource generation - such as applying standard prefix names and tags to s3 buckets for instance. Another example is iam role permissions - if a "service" asks for a bucket to be created, we want to automatically create the iam resources that allows that service access to the bucket it requested.
In service-operator what are my options here? It looks like the CRDs are mapped to fairly plan cfn templates - are we supposed to just fork this repo and maintain our own custom cfn templates? I'm relucatant to start building mutating webhooks for all of this, I'm fairly sure that would be messy.
I guess I'm asking for whether or not the service-operator is supposed to be a 1-to-1 mapping between CRDs and AWS resources (s3 buckets for instance), or if it's meant to be used as a building block so that a CRD (bucket) can generate all the required things (s3 bucket, iam policy, policy mapping, etc etc).
Just trying to figure out where to go from here, any pointers or thoughts appreciated.