Closed cospeedster closed 4 weeks ago
This issue is currently awaiting triage.
SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted
label.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
In my opinion, this would negatively impact the security. Bad actors would define symlinks of various unlisted yaml definitions and blindly applying these resources seems to be not preferable.
Unfortunately, this sounds like a valid point.
Maybe we could think about an cli option to accept this behavior explicitly? I don't know if that's a good idea.
I agree that it could be a security concern, and I think I recall that kubectl resolving symlinks has been avoided in the past.
As a workaround, could you copy the files you want to apply, expanding symlinks, something like this?
cp -rL . /tmp/staging
kubectl apply -f /tmp/staging --recursive
rm -r /tmp/staging
Yes, there is definitely a workaround. There is almost always one. That just makes our deployments a little more complex.
I can live with that, but I still wanted to put the topic up for discussion here.
Thanks for bringing this topic. I'd like to close this issue, if you don't mind; /close
@ardaguclu: Closing this issue.
What would you like to be added:
Symlink support for
kubectl apply --filename=. --recursive=true
Why is this needed:
Sometimes we organize manifests per environment in different directories. But some manifests are equal in each environment. for this we have an
all
directory with manifests which have to be applied for all environments like policies.