Someone added a PR to an app of mine adding instructions for k8s setup. I do like the idea of providing these instructions, but I don’t have any experience with k8s whatsoever. The commits look fine to me, but in case anyone is experienced, I’d appreciate if you can take a look. I don’t want to inadvertently add something malicious. Here’s a link to the PR: https://github.com/SinTan1729/chhoto-url/pull/48, thanks.
It looks safe to me in the sense that I don’t see any malicious code in here. I don’t think the committee is trying to sneak in security hopes or similar. So all good on from that perspective.
It’s a very simple helm chart which is consideration! Here’s the thing with charts. They’re meant to be an official means of distributing your app’s manifests for k8s. One package with all runtime needs defined. If the chart supports every tweak I need, then it’s great! If it doesn’t, then I need to modify it myself. This usually means forking the project, making edits, and templating from the fork. It’s a lot of overhead for end users. If the maintainer is willing, it’s so much easier to create an issue or submit a PR with the needed changes.
Your project has some stars and forks. People are likely using it. Grats! The helm chart doesn’t like meet everyone’s needs and I would expect this to spur some extra issues and PRs. Is that good or bad? That’s up to you!!
OP, my personal preference is to supply raw k8s manifests in a project. These are far easier to manipulate using tool called kustomize. Just think of it as an alternative to helm. The big thing is that kustomize removes the need for forks because it can run against manifests defined by a url.
Thanks for the insight. They submitted said they’re willing to help with future issues, so I guess I don’t need to worry about it too much. (I can just discontinue k8s support if they don’t keep their word.)
