rules_k8s
rules_k8s copied to clipboard
Improve validation of missing image dependencies
When an image dependency is accidentally missing from a BUILD
file, rules_k8s happily assumes it's an external image, and the baked YAML continues to refer to the image at :latest
. This can result in accidentally deploying the wrong version of an image, which is at best confusing to debug and at worst dangerous to production.
One approach that could potentially work is a pair of new parameters to k8s_object
:
-
external_images
- A whitelist of external images which are not built by Bazel. -
strict_image_check
- When true, check that all images are either explicitly listed inexternal_images
or supplied viaimages
. This could default to false for backward compatibility, though this is an easy (and dangerous) enough mistake to make that it might be worth defaulting it to true.
Fixed?
But also very low priority.