- one running instance
- watches/applies namespaces in parallel
- replace git-sync with go-git (https://github.com/go-git/go-git)
- roleBinding KA's/SA as ns admin
- secret called kube-applier.io
- strongbox-key
- git-token
- CRD instance
- dry_run
- prune
- prune_blacklist
- full_run_interval
- repository
- repository_path
You can specify the git repository describing your namespace
Path to the namespace definition within your repository
One git token you provide that both grants access to your base repository and any private bases you might pull via Kuatomize
How do you auth to multiple private repositories, go-git suggests using personal tokens to auth for clone.We allow each namespace to specify a single token. And suggest they use a user account (human or machine).- Obscure last-applied annotation from Secret resources
- Work out how to "watch" with go-git
- go-git doesn't implement filters right now, won't work with strongobx: go-git/go-git#95