sparse-pizza-79993
06/22/2023, 2:10 PMflyte-binary
helm chart.
Also having trouble working around this: https://github.com/flyteorg/flyte/issues/3769
Could use a hand if anyone has one to spare.flat-minister-9355
06/22/2023, 2:38 PMflyte-core
, I found flyte-core give you more config options and more examples than flyte-binary.sparse-pizza-79993
06/22/2023, 2:42 PMflyte-binary
because I was trying to find a way around putting plain text secrets into my values.
Our configs (incl. helm applications) are picked up from a git repo and I am not to keen on the idea of committing secrets.
I did try to work around this with Kustomize but there's just so much that would need to change or be redoneflat-minister-9355
06/22/2023, 3:36 PMflyte-binary
, you can refer to my configuration values:
configuration:
database:
passwordPath: /etc/db-password-secret/password
deployment:
extraVolumeMounts:
- name: db-password
mountPath: /etc/db-password-secret
readOnly: true
extraVolumes:
- name: db-password
secret:
secretName: database-secret
most-gold-65483
06/22/2023, 4:16 PMfaint-smartphone-23356
06/22/2023, 4:31 PMaverage-finland-92144
06/22/2023, 8:48 PMsparse-pizza-79993
06/23/2023, 5:44 AMsparse-pizza-79993
06/23/2023, 8:31 AMvalues.yaml
don't seem to be documented.faint-smartphone-23356
06/23/2023, 2:14 PMvolumeMounts
and volumes
via values.yaml:
• volumeMounts
• volumes
This allows your normal secret injection to run, and you can reference the secret name in the volume config to put the file/secret wherever you want it to be for your client code to work correctly.
Tools like AWS CLI will also look at the environment for its credentials, and the helm chart allows defining the environment via values.yaml as well. For example; the admin service has this: .Values.flyteadmin.env which you can populate via a secret using env - valueFrom -> secretKeyRef>.sparse-pizza-79993
06/23/2023, 2:18 PMkind: ConfigMap
though and not kind: Secret
... probably just need to take a close look.freezing-boots-56761
freezing-boots-56761
freezing-boots-56761
sparse-pizza-79993
06/27/2023, 6:45 AMfreezing-boots-56761
inlineSecretRef
would allow you to mount a secret that specifies overrides for the base config created by the chart. that could capture anything that you deem a secret.sparse-pizza-79993
06/27/2023, 6:49 AMfreezing-boots-56761
freezing-boots-56761
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: flyte-binary-client-secrets-external-secret
namespace: flyte
type: Opaque
stringData:
client_secret: <CLIENT_SECRET>
oidc_client_secret: <OIDC_CLIENT_SECRET>
---
apiVersion: v1
kind: Secret
metadata:
name: flyte-binary-inline-config-secret
namespace: flyte
type: Opaque
stringData:
202-database-secrets.yaml: |
database:
postgres:
password: <DB_PASSWORD>
204-auth-secrets.yaml: |
auth:
appAuth:
selfAuthServer:
staticClients:
flytepropeller:
client_secret: <CLIENT_SECRET_HASH>
EOF
sparse-pizza-79993
06/27/2023, 6:57 AMfreezing-boots-56761
clientId
in here as well.