Brightside
Brightside
> On (non-delete) Project reconciliation, ensure all SAs labeled as controller SAs have bindings to read Secrets in the Project namespace. It would be extremely helpful to have possibility to...
> I'm not sure that would work... there's no promoting across projects. As a bare minimum, prod project could be subscribed on a warehouse which discovers artifacts similarly as warehouse...
> [1] One may suggest we could use a single Freight with all images to work around this. The reason I am modeling microservice to Warehouse 1:1 is that it...
> I don't think loading up your Freight with a large number of artifacts is the answer. There have been a few other threads about this recently. I see a...
> I really do believe that there's a percentage of users whose processes are good on paper, but end up implemented poorly through no fault of their own Delivery is...
> The way you've worded this, I'm inferring that you actually don't care about the artifacts for various microservices progressing through the pipeline as a unit all the way up...
@krancour we can continue our discussion here I think. From perspective of infrastructure engineer is see threat not in API server which can have an access to VCS token which...
> This is a perfectly valid concern, but can be mitigated with branch protections. But how? As I know, kargo-controller can only consume single set of credentials from Kargo control...
> This is true. I hadn't actually been thinking of branch protections that allow only specific principals to push to a branch. I'd been thinking more of protections like those...
If I understand correctly, caching may be dangerous in situations when there is mutable tag and it may be updated, Kargo isn't aware and user may end up with stale...