You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -273,6 +275,8 @@ If a containerized plugin needs network or disk access, its catalog entry MUST s
273
275
274
276
Optionally, it should be possible for a user to compile a bespoke distribution of Kustomize that embeds a trusted catalog, such that the plugins it references can be used without any additional flags on the end user's part. The target persona for this scenario is a platform maintainer at a large organization that distributes its own Kustomize internally. This approach could also be used in the future to extract Kustomize built-ins to plugins to reduce compiled in dependencies while minimizing UX impact.
275
277
278
+
Optionally, it should be possible for this custom-compiled distribution of Kustomize to disable the addition of trusted catalogs at runtime. When this is done, only plugins from the embedded trusted catalog can be used, and attempts to add more via the flag will print an error message. This option is intended for situations where the user crafting the Kustomize invocation and the user controlling the invocation environment are separate, such as a hosted GitOps platform. For example, an ArgoCD instance could include a version of Kustomize that automatically trusts the plugins its operator has pre-installed alongside Kustomize, and those plugins only.
279
+
276
280
**Plugins NOT in a trusted catalog**
277
281
278
282
*There's no such thing*
@@ -497,6 +501,36 @@ trustedCatalogs:
497
501
```
498
502
499
503
504
+
#### Story 5
505
+
506
+
As a GitOps platform operator, I want to selectively enable the plugins I've preinstalled, automatically and exclusively. I do not want end user configuration to reference their installed location.
507
+
508
+
1. Create a Catalog listing the desired set of plugins.
509
+
1. Build a bespoke Kustomize distribution, e.g. `DEFAULT_TRUSTED_CATALOGS=/path/to/plugins.json DISABLE_CATALOG_ADDITION=true make kustomize` (those hypothetical env vars are build-time-only)
510
+
1. Platform users can then craft custom `kustomize build` invocations that use the preinstalled plugins without additional configuration. They cannot run any additional plugins the platform operator did not trust.
511
+
512
+
```yaml
513
+
# Example end-user Kustomization
514
+
apiVersion: kustomize.config.k8s.io/v1beta1
515
+
kind: Kustomization
516
+
517
+
resources:
518
+
- configmap.yaml
519
+
520
+
generators:
521
+
- |-
522
+
apiVersion: kustomize.example.co/v1
523
+
kind: RenderHelmChart
524
+
helmCharts:
525
+
- chartArgs:
526
+
name: hello-world
527
+
version: 1.0
528
+
templateOptions:
529
+
values:
530
+
valuesFiles: ["values.yaml"]
531
+
```
532
+
533
+
500
534
### Notes/Constraints/Caveats (Optional)
501
535
502
536
Individual Kustomizations/Compositions can contain catalog references. These references are treated as informational regarding the dependencies of the Kustomization and will not result in Catalog trust for plugin execution purposes. If Kustomize encounters a plugin config with an unknown provider in a Kustomization/Composition with a catalog reference, it will emit an error message suggesting that the catalog in question needs to be trusted for the build to succeed.
0 commit comments