https://flyte.org logo
#ask-the-community
Title
# ask-the-community
v

Viljem Skornik

05/04/2023, 7:40 PM
Hi all. I'm trying to use Vault agent injection for the secrets and documentation is a bit confusing on this part. I cant get the webhook pod to switch from k8s. Where exactly do i need to set secretManagerType: Vault? I'm deploying via helm chart.
flyte.configmap.core.webhook.secretsManagerType: Vault seems to do the trick?
y

Yee

05/04/2023, 11:12 PM
which helm chart?
v

Viljem Skornik

05/04/2023, 11:14 PM
Thanks Yee, I think i got it. It's the stock flyte 1.4 chart from https://flyteorg.github.io/flyte
I think i got it working to the point where I'm dealing with how to automate vault auth via kube serviceaccount.
y

Yee

05/04/2023, 11:16 PM
got it cool
thanks
my knowledge of vault is a bit limited but this is where it does its thing https://github.com/flyteorg/flytepropeller/blob/master/pkg/webhook/vault_secret_manager.go
v

Viljem Skornik

05/04/2023, 11:19 PM
Yup, got all that working, trying to reach to vault, but default service account doesnt have permission, so i'm trying to figure out how to create a clusterrolebinding automatically when you create a new project, for example.
y

Yee

05/04/2023, 11:22 PM
we have the cluster resource manager for that
requires you to basically give it full admin permissions ofc
v

Viljem Skornik

05/04/2023, 11:22 PM
using that template yeah but the flyteadmin doesnt have perms to create clusterrolebindings, so i'm trying to glue that on
y

Yee

05/04/2023, 11:23 PM
oic
okay, let us know if you run into any other troubles
v

Viljem Skornik

05/04/2023, 11:31 PM
How can i add a custom annotation? Looks like i'm gonna need to add
<http://vault.hashicorp.com/namespace|vault.hashicorp.com/namespace>
, since auth role and secrets are in dedicated namespace.
2 Views