Closed flavio closed 2 years ago
Is there any reason to call the file sources.yml
? Am I missing some standard ? Or is this a share config fille that I'm not aware?
I think we can take this opportunity to create configuration file to kwctl
, like $HOME/.config/kwctl
or similar. Therefore, in the future if we need to add more configs we already have a file with a nice name.
We already have a sources.yml
file format that can be used via the dedicated cli flag. I would prefer to not conflate that into a bigger configuration file.
I think this approach has several benefits:
sources.yml
they already have to/from this ~/.kubectl
pathsources.yml
) instead of two (the sources.yml
and the ~/.kubectl/config.yml
one)~/.kubectl/config.yml
fileI agree with @flavio.
Keeping them separate helps to separate policy sources
:
The --docker-config-json-path
is a subset of docker-config-json(5)
where you can specify authentication details for registries.
They are different beasts in my opinion and it would be good to keep them separate. As for the name of sources.yaml
... is the one we came up with at the beginning given it's the sources of policies. Maybe it wasn't very good... I don't have a better option right now though; naming is hard 🙈
This is already implemented or am I missing something here? https://github.com/kubewarden/kwctl/blob/main/src/main.rs#L399-L401
sources.yaml will be loaded if it is placed here $HOME/.config/kubewarden/sources.yaml
I created a registry with a self signed certificate and verified the sources.yaml was loaded from $HOME/.config/kubewarden/sources.yaml
or the cli argument if provided
This is already implemented or am I missing something here? https://github.com/kubewarden/kwctl/blob/main/src/main.rs#L399-L401
As I understand the issue, it's true, it's already implemented. Sorry 🤦
The problem
Now that we moved to rustls, system certificates are ignored by kwctl. Because of that, pushing and pulling from registries using self-signed certificates need some extra hops: all the
run
,pull
andpush
commands must be invoked using the--sources-path
flag.The same applies to interactions with registries that are not secured with TLS. But this is a problem that happened also before the move to rustls.
Desired workflow
As a user, I want to define a
sources.yml
file somewhere inside of my home directory.kwctl
should then use it by default whenever I invoke a command that has the--sources-path
flag.The desired outcome is to not force the user to specify this flag every time.
However, the user must still be able to provide a different
sources.yml
.The
sources.yml
file should be stored under the user's home directory, inside of a "configuration" path.Acceptance criteria
--sources-path
flagsources.yml
file via the--sources-path
flag, the$HOME/<config path>/sources.yml
file is ignored. Only the contents from the "flag defined" file are used