Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a dry-run mode to flux build kustomization #3317

Merged
merged 2 commits into from Nov 16, 2022
Merged

Add a dry-run mode to flux build kustomization #3317

merged 2 commits into from Nov 16, 2022

Conversation

souleb
Copy link
Member

@souleb souleb commented Nov 15, 2022
edited

Signed-off-by: Soule BA soule@weave.works

fixes #2785

This is has to be merged after fluxcd/pkg#392.

If implemented user will be able to use flux build kustomization without any connection to the cluster.

This also revert the use of MakeSecureFSOnDisk, mainly because it is not consistent between OS. It was also not used in the flux/pkg/kustomize generator, so it was still possible to by-pass the enforcement.

@souleb souleb mentioned this pull request Nov 15, 2022
Closed
1 task
@souleb
Revert MakeSecureFSOnDisk to MakeFSOnDisk
35ea91c 
The reason to this is because MakeSecureFSOnDisk is not consistent
between OS.

Signed-off-by: Soule BA <soule@weave.works>
@souleb souleb force-pushed the update-pkg-kustomize branch 2 times, most recently from 7bd769e to 482cf09 Compare November 16, 2022 14:43
@souleb
Add a dry-run mode to flux build kustomization
ad5daee 
If implemented user will be able to use `flux build kustomization`
without any connection to the cluster.

Signed-off-by: Soule BA <soule@weave.works>
@stefanprodan stefanprodan added the area/kustomization Kustomization related issues and pull requests label Nov 16, 2022
hiddeco
hiddeco approved these changes Nov 16, 2022
View reviewed changes
Copy link
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the introduction of the secure FS was more to ensure the behavior between controller and CLI was the same, rather than offering a real security layer (which is more up to the OS and user space in non multi-tenant environments). I am fine with these changes.

Thanks @souleb 🙇

stefanprodan
stefanprodan approved these changes Nov 16, 2022
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @souleb 🏅

@stefanprodan stefanprodan merged commit 161c90e into fluxcd:main Nov 16, 2022
@stefanprodan stefanprodan deleted the update-pkg-kustomize branch November 16, 2022 16:11
@4c74356b41
Copy link

so I assume this will be included into the next release? do you mind sharing when is the next release (approx)?

@peterlindsten
Copy link

Verified fixed in 0.37.0.

Had the same issue as #2785 in 0.36.0

@4c74356b41
Copy link

yep, works on 0.37.0 for me as well

@arbourd arbourd mentioned this pull request Dec 16, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
area/kustomization Kustomization related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

flux build/diff: fs-security-constraint error
5 participants
@souleb @4c74356b41 @peterlindsten @stefanprodan @hiddeco