Explore ytt based conventions

[scothis]

The current approach to defining an opinion source is via a webhook to a remote process. While flexible, this approach introduces networks and misconfigurations that can affect system stability. We should also explore ytt as a mechanism to run arbitrary code safely within the controller process.

Open questions:

• can a poorly implemented convention cause a denial of service by crashing the controller?
• does ytt offer a good programming model for users to author conventions?
• can we provide a library of utility methods to make authoring a convention easier?

Proposed approach:

apiVersion: conventions.carto.run/v1alpha1
kind: ClusterPodConvention
metadata:
  name: ytt-sample
spec:
  ytt:
    template: |
      ...inlined ytt...

The .spec.webhook section would remain, but be mutually exclusive with .spec.ytt.

The structure being templated is the PodTemplateSpec, with image metadata exposed as a ytt value.

[vrabbi]

This would be amazing. I can think of a bunch of use cases this would solve for me and would be much easier to implement custom conventions

[cpage-pivotal]

Yes please! Being able to quickly implement template-based conventions with ytt is going to be extremely accessible to end users, and allow ops teams to realize enormous value from supply chains.