Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

Hey,
For production-ready deployment, how do you manage permissions for developers? Since Flyte does not support RBAC, I’m curious to understand how domains (development, staging, production) are separated in a secure way, not just logically.
Thanks!

For public reference:

<https://docs.flyte.org/projects/cookbook/en/latest/auto/core/containerization/use_secrets.html#configuring-a-secret-management-system-plugin>

In summary: K8s secrets is the default (but not the only) secrets provider.

&gt; When using the K8s secret manager plugin, which is enabled by default, the secrets need to be available in the same namespace as the task execution (for example `flytesnacks-development`). K8s secrets can be mounted as either files or injected as environment variables into the task pod, so if you need to make larger files available to the task, then this might be the better option.
&gt; Furthermore, this method also allows you to have separate credentials for different domains but still using the same name for the secret.


so domains will provide the logical separation and the namespaced nature of secrets will be leveraged to provide the separation of environments at the authentication layer also