https://flyte.org logo
#flyte-deployment
Title
# flyte-deployment
a

Ariel Kaspit

06/14/2023, 3:04 PM
Hey, For production-ready deployment, how do you manage permissions for developers? Since Flyte does not support RBAC, I’m curious to understand how domains (development, staging, production) are separated in a secure way, not just logically. Thanks!
d

David Espejo (he/him)

06/14/2023, 3:57 PM
For public reference: https://docs.flyte.org/projects/cookbook/en/latest/auto/core/containerization/use_secrets.html#configuring-a-secret-management-system-plugin In summary: K8s secrets is the default (but not the only) secrets provider.
When using the K8s secret manager plugin, which is enabled by default, the secrets need to be available in the same namespace as the task execution (for example
flytesnacks-development
). K8s secrets can be mounted as either files or injected as environment variables into the task pod, so if you need to make larger files available to the task, then this might be the better option.
Furthermore, this method also allows you to have separate credentials for different domains but still using the same name for the secret.
so domains will provide the logical separation and the namespaced nature of secrets will be leveraged to provide the separation of environments at the authentication layer also
a

Ariel Kaspit

06/15/2023, 8:10 AM
Amazing! Thank u!
84 Views