Hi all. I'm trying to use Vault agent injection fo...
# ask-the-communityv
Viljem Skornik
05/04/2023, 7:40 PMHi all. I'm trying to use Vault agent injection for the secrets and documentation is a bit confusing on this part. I cant get the webhook pod to switch from k8s.
Where exactly do i need to set secretManagerType: Vault? I'm deploying via helm chart.
Viljem Skornik
05/04/2023, 7:57 PMflyte.configmap.core.webhook.secretsManagerType: Vault seems to do the trick?
y
Yee
05/04/2023, 11:12 PM
which helm chart?
v
Viljem Skornik
05/04/2023, 11:14 PMThanks Yee, I think i got it. It's the stock flyte 1.4 chart from https://flyteorg.github.io/flyte
Viljem Skornik
05/04/2023, 11:14 PMI think i got it working to the point where I'm dealing with how to automate vault auth via kube serviceaccount.
y
Yee
05/04/2023, 11:16 PM
got it cool
Yee
05/04/2023, 11:16 PM
thanks
Yee
05/04/2023, 11:16 PM
my knowledge of vault is a bit limited but this is where it does its thing https://github.com/flyteorg/flytepropeller/blob/master/pkg/webhook/vault_secret_manager.go
v
Viljem Skornik
05/04/2023, 11:19 PMYup, got all that working, trying to reach to vault, but default service account doesnt have permission, so i'm trying to figure out how to create a clusterrolebinding automatically when you create a new project, for example.
y
Yee
05/04/2023, 11:22 PM
we have the cluster resource manager for that
Yee
05/04/2023, 11:22 PM
requires you to basically give it full admin permissions ofc
v
Viljem Skornik
05/04/2023, 11:22 PMusing that template yeah but the flyteadmin doesnt have perms to create clusterrolebindings, so i'm trying to glue that on
y
Yee
05/04/2023, 11:23 PM
oic
Yee
05/04/2023, 11:23 PM
okay, let us know if you run into any other troubles
v
Viljem Skornik
05/04/2023, 11:31 PMHow can i add a custom annotation? Looks like i'm gonna need to add
<http://vault.hashicorp.com/namespace|vault.hashicorp.com/namespace>152 Views