Open tonglil opened 7 years ago
What's the use case for use them later
? How would they be used later? Somehow uploaded manually to the drone? Or added to the repo?
Could view them later
be an option behind a debug flag? I'd assume someone would want to look at them for debugging purposes?
Being able to store them in S3/GCS would enable:
kubectl apply -f
The issue is that the only manifests people have access to are templates, and this would allow people to upload complete manifests to some storage service.
Idea
Currently they are output into the
/tmp
directory, which means they are discarded when this plugin completes.One useful feature is to preserve the output and upload the applied manifests to S3/GCS/storage so they can be viewed/used later.
The output directory MUST be changed to somewhere in the
workspace.Path
(NOTworkspace.Root
) in order to comply with those plugins to access and upload them (see https://github.com/drone-plugins/drone-google-cloudstorage/issues/10).Implications
The Secrets manifest (
.kube.sec.yml
) is no longer "ephemeral" in this plugin's container, and persists until the end of the entire Drone build.This risk should be acceptable since the secret is already in Drone as environment variables ($$SECRET).
However, this would be a concern for users of this plugin who are uploading their entire
workspace.Path
to S3, as the output directory is now in theworkspace.Path
!Alternatives
Write the output to somewhere in the
workspace.Root
instead ofworkspace.Path
, and fork existing plugins to support accessing files inworkspace.Root
.Alert users of this change, and ask them to update their S3/GCS configs to
ignore:
this output directory.Next steps