Greg Linklater06/22/2023, 2:10 PM
helm chart. Also having trouble working around this: https://github.com/flyteorg/flyte/issues/3769 Could use a hand if anyone has one to spare.
Super Bo06/22/2023, 2:38 PM
, I found flyte-core give you more config options and more examples than flyte-binary.
Greg Linklater06/22/2023, 2:42 PM
because I was trying to find a way around putting plain text secrets into my values. Our configs (incl. helm applications) are picked up from a git repo and I am not to keen on the idea of committing secrets. I did try to work around this with Kustomize but there's just so much that would need to change or be redone
Super Bo06/22/2023, 3:36 PM
, you can refer to my configuration values:
configuration: database: passwordPath: /etc/db-password-secret/password deployment: extraVolumeMounts: - name: db-password mountPath: /etc/db-password-secret readOnly: true extraVolumes: - name: db-password secret: secretName: database-secret
Pradithya Aria Pura06/22/2023, 4:16 PM
Mike Ossareh06/22/2023, 4:31 PM
David Espejo (he/him)06/22/2023, 8:48 PM
Greg Linklater06/23/2023, 5:44 AM
don't seem to be documented.
Mike Ossareh06/23/2023, 2:14 PM
via values.yaml: • volumeMounts • volumes This allows your normal secret injection to run, and you can reference the secret name in the volume config to put the file/secret wherever you want it to be for your client code to work correctly. Tools like AWS CLI will also look at the environment for its credentials, and the helm chart allows defining the environment via values.yaml as well. For example; the admin service has this: .Values.flyteadmin.env which you can populate via a secret using env - valueFrom -> secretKeyRef>.
Greg Linklater06/23/2023, 2:18 PM
though and not
... probably just need to take a close look.
Greg Linklater06/27/2023, 6:45 AM
would allow you to mount a secret that specifies overrides for the base config created by the chart. that could capture anything that you deem a secret.
Greg Linklater06/27/2023, 6:49 AM
$ cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Secret metadata: name: flyte-binary-client-secrets-external-secret namespace: flyte type: Opaque stringData: client_secret: <CLIENT_SECRET> oidc_client_secret: <OIDC_CLIENT_SECRET> --- apiVersion: v1 kind: Secret metadata: name: flyte-binary-inline-config-secret namespace: flyte type: Opaque stringData: 202-database-secrets.yaml: | database: postgres: password: <DB_PASSWORD> 204-auth-secrets.yaml: | auth: appAuth: selfAuthServer: staticClients: flytepropeller: client_secret: <CLIENT_SECRET_HASH> EOF
Greg Linklater06/27/2023, 6:57 AM
in here as well.