Hey,
For production-ready deployment, how do you m...
# flyte-deploymenta
Ariel Kaspit
06/14/2023, 3:04 PMHey,
For production-ready deployment, how do you manage permissions for developers? Since Flyte does not support RBAC, I’m curious to understand how domains (development, staging, production) are separated in a secure way, not just logically.
Thanks!
d
David Espejo (he/him)
06/14/2023, 3:57 PMFor public reference:
https://docs.flyte.org/projects/cookbook/en/latest/auto/core/containerization/use_secrets.html#configuring-a-secret-management-system-plugin
In summary: K8s secrets is the default (but not the only) secrets provider.
When using the K8s secret manager plugin, which is enabled by default, the secrets need to be available in the same namespace as the task execution (for example). K8s secrets can be mounted as either files or injected as environment variables into the task pod, so if you need to make larger files available to the task, then this might be the better option.flytesnacks-development
Furthermore, this method also allows you to have separate credentials for different domains but still using the same name for the secret.
David Espejo (he/him)
06/14/2023, 3:59 PMso domains will provide the logical separation and the namespaced nature of secrets will be leveraged to provide the separation of environments at the authentication layer also
a
Ariel Kaspit
06/15/2023, 8:10 AMAmazing! Thank u!
169 Views