search

kapicorp / kapitan

Generic templated configuration management for Kubernetes, Terraform and other things
https://kapitan.dev
Apache License 2.0
1.8k stars 197 forks source link

[FEATURE] Allow per-component output inside target #809

Open Moep90 opened 2 years ago

Moep90 commented 2 years ago

FEATURE

Whle wng with kapitan, I noticed that having many components inside a target can be tricky to overwatch. Therfore I would suggest to have some sort of per-component output flag.

Expected behavior

Current Situation

.
├── vault-agent-injector-bundle.yml
├── vault-agent-injector-rbac.yml
├── vault-agent-injector-service.yml
├── vault-bundle.yml
├── vault-config.yml
├── vault-csi-provider-bundle.yml
├── vault-csi-provider-rbac.yml
├── vault-namespace.yml
├── vault-rbac.yml
└── vault-service.yml

Future Idea

.
├── namespace.yml
├── vault
│   ├── vault-bundle.yml
│   ├── vault-config.yml
│   ├── vault-rbac.yml
│   └── vault-service.yml
├── vault-agent-injector
│   ├── vault-agent-injector-bundle.yml
│   ├── vault-agent-injector-rbac.yml
│   └── vault-agent-injector-service.yml
└── vault-csi-provider
    ├── vault-csi-provider-bundle.yml
    └── vault-csi-provider-rbac.yml
parameters:
  kapitan:
    dependencies:
    - type: git
      source: https://github.com/kapicorp/kapitan-reference.git
      ref: master
      subdir: components/generators/kubernetes
      output_path: components/generators/kubernetes
    compile:
    - output_path: manifests/${component_name} <---- PSEUDO
      input_type: kadet
      output_type: yml
      input_paths:
        - components/generators/kubernetes
ademariag commented 2 years ago

@ramaro by looking at https://github.com/kapicorp/kapitan/blob/097a711e515453e1acab380a16f3f4962f3b56e7/kapitan/inputs/kadet.py#L137, if item_key container a directory path, this should work?

So if I created an object with key "vault/vault-bundle" it should kind of work. Only thing needed would be to create the directory (and validate that we don't do anything nasty like ../../../etc/passwd and shit

ramaro commented 2 years ago

This should work but isn't great. We need to look better into better path traversal security before going forward with an official feature. Let me get back to you on that.

github-actions[bot] commented 3 weeks ago

This issue is stale because it has been open for 1 year with no activity. Remove the stale label or comment if this issue is still relevant for you. If not, please close it yourself.