cartographer icon indicating copy to clipboard operation
cartographer copied to clipboard

Published 20 hours ago verified publisher icon vmware-tanzu

R4RFC: Select arbitrary objects not stamped out in the supply chain

Open jwntrs opened this issue 2 years ago • 3 comments

Description of problem

Currently, Runnable has a special behaviour that allows it to select an arbitrary object which gets injected into its templating context. This behaviour is useful for decoupling your workload from your tekton pipeline, however, we could provide this same behaviour, as well as support additional use cases, if we were to support this additional selector at a higher level (either in the supply chain or in the templates).

~~This idea of introducing this selector on the supply chain was first introduced here, however it would be interesting to compare this to potentially introducing the selector in the templates instead.~~

In one of our community meetings, @scothis proposed the idea of adding a selector mechanism to params so that the param could be fulfilled by an arbitrary resource in the cluster.

Proposed solution

Requesting an RFC that outlines how supply chains/templates could select arbitrary objects not stamped out in the supply chain.

jwntrs avatar Apr 19 '22 19:04 jwntrs

In https://github.com/vmware-tanzu/cartographer/issues/774, we talked about the problem of cartographer not having any knowledge of resources it doesn't stamp out. If we were able to select extract information from arbitrary resources in the cluster, that would let us define a selector that looked for a runtime object (knative service, k8s service?) with the same name as the deliverable to extract the url from. Although we would still need to define a separate mechanism to expose that information somewhere.

jwntrs avatar Apr 27 '22 19:04 jwntrs

@jwntrs , are you thinking something like this?

  • supply chain
kind: ClusterSupplyChain
spec:
  resources:
    - name: deployer      # kapp-controller/App deploying knative/Service
      templateRef:
        kind: ClusterTemplate
        name: deployer

    - name: meta              # configmap that gives exposes some info/metadata
      templateRef:            # from things that got deployed?
        kind: ClusterConfigTemplate
        name: meta
      params:
        - name: url
          valueFrom:                   # kinda massive .. based on downward api
            objectFieldRef:
              name: $(workload.metadata.name)$
              kind: Service
              apiVersion: serving.knative.dev/v1
              fieldPath: status.address.url
  • templates
kind: ClusterConfigTemplate
metadata:
  name: meta
spec:
  configPath: .data.url

  params:
    - name: url
      default: unknown

  template:
    kind: ConfigMap
    apiVersion: v1
    metadata:
      name: $(workload.metadata.name)$-meta
    data:
      url: $(params.url)$

such that, in the Workload status:

kind: Workload
metadata:
  name: app
status:
  conditions:
  - lastTransitionTime: "2022-04-27T17:54:56Z"
    reason: Ready
    status: "True"
    type: Ready
  resources:
  - name: deployer
    # ...
  - name: meta
    outputs:
    - name: config
      preview: http://app.ootb-supply-chain-testing-scanning-outer.example.com
...

one could gather the URL from the config from the "meta" resource

cirocosta avatar Apr 27 '22 20:04 cirocosta

yup! It does get kinda weird though, since that Service may not be Ready (yet, or maybe ever?)

jwntrs avatar Apr 27 '22 20:04 jwntrs