Hi all. I'm trying to use Vault agent injection fo...
# ask-the-community
v
Hi all. I'm trying to use Vault agent injection for the secrets and documentation is a bit confusing on this part. I cant get the webhook pod to switch from k8s. Where exactly do i need to set secretManagerType: Vault? I'm deploying via helm chart.
flyte.configmap.core.webhook.secretsManagerType: Vault seems to do the trick?
y
which helm chart?
v
Thanks Yee, I think i got it. It's the stock flyte 1.4 chart from https://flyteorg.github.io/flyte
I think i got it working to the point where I'm dealing with how to automate vault auth via kube serviceaccount.
y
got it cool
thanks
my knowledge of vault is a bit limited but this is where it does its thing https://github.com/flyteorg/flytepropeller/blob/master/pkg/webhook/vault_secret_manager.go
v
Yup, got all that working, trying to reach to vault, but default service account doesnt have permission, so i'm trying to figure out how to create a clusterrolebinding automatically when you create a new project, for example.
y
we have the cluster resource manager for that
requires you to basically give it full admin permissions ofc
v
using that template yeah but the flyteadmin doesnt have perms to create clusterrolebindings, so i'm trying to glue that on
y
oic
okay, let us know if you run into any other troubles
v
How can i add a custom annotation? Looks like i'm gonna need to add
<http://vault.hashicorp.com/namespace|vault.hashicorp.com/namespace>
, since auth role and secrets are in dedicated namespace.