search

upbound / up

The @upbound CLI
Apache License 2.0
52 stars 41 forks source link

Support install hooks for supplemental operations on artifact install or upgrade #113

Open hasheddan opened 3 years ago

hasheddan commented 3 years ago

What problem are you facing?

up currently supports installing and upgrading uxp, and will support installation of other products in the future as well. The only supported "installer" today is Helm, which will have its functionality expanded to include supporting pulling charts as OCI images in #112. For the Helm installer, and for other potential installation options, additional operations are sometimes required or useful. For instance, if the artifacts being installed into the cluster require the presence of a Secret to be able to access images, up should support prompting users for credentials or allowing them to pass them in via flags or configuration.

How could Upbound help solve your problem?

up should support a set of pre / post installation hooks. We should be careful to weigh overlap with installation hooks in Helm and especially consider how feasibly it is for a hook to be defined in up rather than with the artifact it is installing. With uxp, we have done our best to ensure that only static configuration (such as chart name) are hard-coded in up rather than defined in the Helm chart so that we ensure that changes to implementations in the artifact do not break functionality in up (i.e. any version of up should be able to install any version of an artifact). In the case of creating a Secret to pull images, it may be generic enough to define as a hook in up, but we could also consider publishing are artifacts with annotations that are able to trigger the hooks without a user specifying that "I need to create an image pull secret" or up mandating it on every installation.

Epic #

hasheddan commented 3 years ago

/points 3

hasheddan commented 3 years ago

One idea for how we could support hooks in a "generic" fashion is define a set of them (e.g. post-install registry Secret) in up, then annotate our artifacts (using Chart.yaml annotations or OCI manifest annotations) with hooks that should be triggered.

hasheddan commented 3 years ago

After additional conversation, it is likely that we will support "checks" via these hooks rather than actual install steps. For instance, we may check and verify that you have a database credentials Secret present, and let you know if you don't (potentially via something like up enterprise check), but we wouldn't have you interactively create it.