search

confidential-containers / trustee-operator

Operator to manage the lifecycle of Trustee (KBS)
Apache License 2.0
3 stars 18 forks source link

Remove hardcoded trustee images tags/digests #48

Closed lmilleri closed 1 month ago

lmilleri commented 1 month ago

Currently the trustee images to be deployed by the operator are hardcoded here .

A more flexible mechanism will be beneficial to the deployment and test automation.

Suggested solution: Define container environment variables using ConfigMap data

lmilleri commented 1 month ago

It looks like the suggested approach will complicate things downstream when defining the images to be used (new config map with tags/digests to be created by the user). @bpradipt is suggesting to check for the "kustomize patch" approach.

bpradipt commented 1 month ago

The images can also be changed in the csv when building the bundle - https://github.com/confidential-containers/trustee-operator/blob/main/bundle/manifests/trustee-operator.clusterserviceversion.yaml#L189-L200 For deployment from source, I think using kustomize should work. If it doesn't we can look into configmap.

lmilleri commented 1 month ago

Something like this does the trick:

kustomize edit add patch --patch '- op: replace
  path: "/spec/template/spec/containers/0/env/1"
  value:
    name: KBS_IMAGE_NAME
    value: quay.io/confidential-containers/trustee:290fd0eb64ab20f50efbd27cf80542851c0ee17f' --kind Deployment --name controller-manager