https://flyte.org logo
Join Slack
Powered by
Hi all. I'm trying to use Vault agent injection fo...
# flyte-support
w
Hi all. I'm trying to use Vault agent injection for the secrets and documentation is a bit confusing on this part. I cant get the webhook pod to switch from k8s. Where exactly do i need to set secretManagerType: Vault? I'm deploying via helm chart.
flyte.configmap.core.webhook.secretsManagerType: Vault seems to do the trick?
t
which helm chart?
w
Thanks Yee, I think i got it. It's the stock flyte 1.4 chart from https://flyteorg.github.io/flyte
I think i got it working to the point where I'm dealing with how to automate vault auth via kube serviceaccount.
t
got it cool
thanks
my knowledge of vault is a bit limited but this is where it does its thing https://github.com/flyteorg/flytepropeller/blob/master/pkg/webhook/vault_secret_manager.go
w
Yup, got all that working, trying to reach to vault, but default service account doesnt have permission, so i'm trying to figure out how to create a clusterrolebinding automatically when you create a new project, for example.
t
we have the cluster resource manager for that
requires you to basically give it full admin permissions ofc
w
using that template yeah but the flyteadmin doesnt have perms to create clusterrolebindings, so i'm trying to glue that on
t
oic
okay, let us know if you run into any other troubles
w
How can i add a custom annotation? Looks like i'm gonna need to add 
<http://vault.hashicorp.com/namespace|vault.hashicorp.com/namespace>
, since auth role and secrets are in dedicated namespace.
158 Views
Open in Slack
PreviousNext
Powered by