Augie Palacios
05/24/2023, 9:35 PMDavid Espejo (he/him)
05/24/2023, 10:04 PMflyte-binary
?Augie Palacios
05/25/2023, 2:20 PMconfigmap
which can be read in plain text and was wondering if it was currently possible to have them stored in something like flyte-admin-secrets
?David Espejo (he/him)
05/30/2023, 6:16 PMadditionalVolumes
in values
to mount and then reference a secretAugie Palacios
05/30/2023, 6:25 PMpassword
to these blocks, they are stored in plain text in the configmap
for each service. Is there a way to set the postgres password elsewhere without creating a custom secret?
# Database configuration
db:
datacatalog:
database:
port: 5432
username: postgres
host: postgres
dbname: "datacatalog"
admin:
database:
port: 5432
username: postgres
host: postgres
dbname: "flyteadmin"
David Espejo (he/him)
05/30/2023, 6:54 PMcommon:
databaseSecret:
to reference a K8s secret and then one of the templates (secret.yaml
) will use itAugie Palacios
05/30/2023, 6:57 PMflyte
namespace as well, assuming it was being deployed to the flyte namespace right? If possible we want to avoid any pre or post deployment commands to helm upgrade --install flyte
David Espejo (he/him)
05/30/2023, 7:08 PM--create-namespace
to helm upgrade
In regards to secrets, in this case they would have to be created beforehand. You could also rely on an external service to handle database passwords dynamically.
In this example, a Flyte user shares how they use ExternalSecrets
operator and AWS Secrets Manager to do it
https://github.com/alexifm/flyte-eks-deploymentAugie Palacios
05/30/2023, 7:12 PMvalues.yaml
and then end up as secrets via the helm deployment. I was tinkering with the idea of adding this capability but wanted to vet the existing helm charts before I went down that road