Open negz opened 4 years ago
CC @lukeweber - raised this to followup on what we're doing with install.yaml
.
A few notes and related issues here:
Deployment
, such as the SecurityContext
to support certain required functionality. A package consumer may want to configure something like the resource requests and limits for the package.install.yaml
exposes all of the configurable options of a Deployment
, which is useful because it doesn't require constantly changing our own API to support different options. However, the install.yaml
may be modified by the current package manager if it contains prohibited fields (i.e. allowPrivilegeEscalation: true
), which can be confusing and opaque for a package author.install.yaml
may have some fields overwritten by configuration on a ClusterPackageInstall
at install time, such as imagePullSecrets
, which can also be unexpected for a package author.Deployment
, then allow a user to patch it as they see fit (optionally overwriting things like image
, which would fundamentally change the package) via the package installation process.Deployment
s.
Currently the packages design includes an
install.yaml
, which determines how the packaged controller is spun up. This was designed for a more open ended take on packages, in which a package could include any kind of Kubernetes controller.Now that we're only ever packaging provider controllers we might reconsider this level of flexibility per https://github.com/crossplane/crossplane/issues/1441. We should likely not change anything for our scoped-september branch, but we may want to consider what our 'north star' take on this is.