Hi all I m trying to use Vault agent injection for the secre

Question

Hi all I m trying to use Vault agent injection for the secrets and documentation is a bit confusing on this part I cant get the webhook pod to switch from k8s Where exactly do i need to set secretManagerType Vault I m deploying via helm chart

Viljem Skornik · Answer

flyte configmap core webhook secretsManagerType Vault seems to do the trick

Yee · Answer

which helm chart

Viljem Skornik · Answer

Thanks Yee I think i got it It s the stock flyte 1 4 chart from <https flyteorg github io flyte>

Viljem Skornik · Answer

I think i got it working to the point where I m dealing with how to automate vault auth via kube serviceaccount

Yee · Answer

got it cool

Yee · Answer

thanks

Yee · Answer

my knowledge of vault is a bit limited but this is where it does its thing <https github com flyteorg flytepropeller blob master pkg webhook vault secret manager go>

Viljem Skornik · Answer

Yup got all that working trying to reach to vault but default service account doesnt have permission so i m trying to figure out how to create a clusterrolebinding automatically when you create a new project for example

Yee · Answer

we have the cluster resource manager for that

Yee · Answer

requires you to basically give it full admin permissions ofc

Viljem Skornik · Answer

using that template yeah but the flyteadmin doesnt have perms to create clusterrolebindings so i m trying to glue that on

Yee · Answer

oic

Yee · Answer

okay let us know if you run into any other troubles

Viljem Skornik · Answer

How can i add a custom annotation Looks like i m gonna need to add `<http vault hashicorp com namespace|vault hashicorp com namespace>` since auth role and secrets are in dedicated namespace