Jianbo Sun

yes, if we use OPA, we will use gatekeep for Integration. The trivy can be integrated into the workflow steps of kubevela. So the deployment process can add a step...

We have exactly the same case in ACK scenario \cc @Somefive @barnettZQG @FogDong But I don't like the solution here, it's too complex and will make the controller hard to...

> another thing to address here is that when we say ConfigMap should be updated before Deployment is updated, it might be a bit tricky to determine if the ConfigMap...

For the solutions mentioned above, I can agree the solution: > add a field in traitdefinition to notify the deploy stage The end user SHOULD NOT understand the Implementation detail...

another option is [Kaniko](https://github.com/GoogleContainerTools/kaniko), refer to https://devopscube.com/build-docker-image-kubernetes-pod/

/close

I think all validation work (including https://github.com/crossplane/oam-kubernetes-runtime/issues/14) can all be done by this admission webhook.

Good question, `ComponentDefinition` in OAM is a contract from abstraction to Implementation details, the abstractions is the component type which is the name of ComponentDefition, along with the schematic of...

> It looks kike the actual parameter contract might be abstracted away and made global, though. Yes, we're also feeling this can be a standard registry for all common types...

I think we can keep this issue open to support component/trait standard registry and track the idea. \cc @Somefive @wangyikewxgm