Per title, this is now tracking an effort to improve the way all teams interact with this image.
Currently our team has implemented some pretty cool automations for the ob-team-charts -> rancher/charts automation that keeps the proper tag in use on charts. Essentially we need to improve this for other teams next.
There are 2 ways we can do that, but only one is really worth it to fix CVEs - the other is most helpful to end-users potentially though.
- Add a
rancher/charts automation matching the one we have for ob-team-charts
- Add a new
Setting for kuberlr-kubectl and manage like rancher/shell tag setting - then inject on all charts.
These both solve the issue in different and potentially complementary ways. However the risk would be that if we do both then assume:
- rancher ships with version X,
- OOB chart release ships version X+1
- Rancher will still want to inject version X (downgrading the version)
We would need to add something to juggle the versions to pick the right one.
With that in mind we should pursue option 1 first, then later consider 2 and all the implications it could have.
Per title, this is now tracking an effort to improve the way all teams interact with this image.
Currently our team has implemented some pretty cool automations for the
ob-team-charts->rancher/chartsautomation that keeps the proper tag in use on charts. Essentially we need to improve this for other teams next.There are 2 ways we can do that, but only one is really worth it to fix CVEs - the other is most helpful to end-users potentially though.
rancher/chartsautomation matching the one we have forob-team-chartsSettingforkuberlr-kubectland manage likerancher/shelltag setting - then inject on all charts.These both solve the issue in different and potentially complementary ways. However the risk would be that if we do both then assume:
We would need to add something to juggle the versions to pick the right one.
With that in mind we should pursue option 1 first, then later consider 2 and all the implications it could have.