Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extensible Promotion Mechanisms #862

Closed
jessesuen opened this issue Sep 26, 2023 · 2 comments
Closed

Extensible Promotion Mechanisms #862

jessesuen opened this issue Sep 26, 2023 · 2 comments

Comments

@jessesuen
Copy link
Member

Today we support a handful of promotion mechanisms. Some things that happen as part of a promotion include:

  • making a commit to git
  • kustomize edit set image or equivalent
  • argo cd app sync or refresh
  • modifying an argo cd app revision field
  • Tomorrow, we will support PR based promotion.

Following that, there might be more. Users will want to define what might happen during the act of promoting. For example, they may need to open and close a JIRA/ServiceNow ticket as part of affecting the environment.

Kargo should allow provide an extensible way to allow users to define what happens during the act of promoting.

The way I imagine this working is similar to how ConfigManagementPlugins (v2) work in Argo CD where we allow users to package their own tooling into a container, which we would run as a sidecar to the promotion controller, and invoke commands from inside the user-defined container as part of the promotion process via an RPC interface that we define.

@krancour
Copy link
Member

Agree in the need. Very intrigued by the suggested approach.

Was talking with @shelby-moore and @evgeny-goldin yesterday about extending Bookkeeper's capabilities, and by extension, Kargo's...

Something I keep coming back to is a security concern over execution of arbitrary user-defined workloads in-process.

With the approach you suggest, it would be the cluster op/admin who configures and installs Kargo who is "blessing" specific tools, scripts, etc. and making those available to leas privileged users.

Love this idea. It may be a viable strategy for solving a few different problems.

@krancour
Copy link
Member

Closing in favor of #2219

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants