Add playbooks to allow hotfixing containers #538
Conversation
|
Added docs |
MoteHue
force-pushed
the
hotfix-containers-playbook
branch
2 times, most recently
from
c3b8e78 to
ef7de49
Compare
|
For the record, I'm not happy with how regex is handled, and the way it needs to match the entire name not just a substring. I don't know of a better way to do it though so any suggestions are more than welcome |
Alex-Welsh
force-pushed
the
hotfix-containers-playbook
branch
from
0fa4a33 to
33da0e0
Compare
|
So it's a bit late for this comment, but we could generate an image with a thin delta that is just the proposed hot fix, then push that image everywhere? We get to more easily track where it is applied then |
I'd be interested to hear other opinions but in my mind it might be an "as well as" rather than an "instead of". This playbook should really only be a last resort if we urgently need to get something out. I can see the two different workflows being: |
I'd agree with this. This hotfix playbook isn't meant to be the one true solution to urgently resolving a critical issue/vulnerability. |
Alex-Welsh
force-pushed
the
hotfix-containers-playbook
branch
from
06e91b6 to
ab53a11
Compare
It's an interesting alternative, since it reduces the risk of losing the temporary changes in the hotfix. I think the (your) intention here was for this to allow getting fixes out for zero day issues as fast as possible. If we need to build and distribute an image then it's going to take longer, and at some (unknown) point we might as well build images from scratch and do it "properly". |
Alex-Welsh
force-pushed
the
hotfix-containers-playbook
branch
from
ab53a11 to
1c5c627
Compare
Alex-Welsh
force-pushed
the
hotfix-containers-playbook
branch
from
1c5c627 to
aa1b171
Compare
No description provided.