<#3807 Add support for leveraging pre-created secr...
# flyte-githuba
acoustic-carpenter-78188
07/10/2023, 6:17 PM#3807 Add support for leveraging pre-created secrets in flyte-binary helm chart
Pull request opened by jeevb
Adds support for referencing pre-created Secret objects for sensitive configuration variables (e.g. DB password, auth client secrets, etc.). Also moves sensitive configuration into a Secret object as opposed to ConfigMap.
Addresses: #3769
Secrets in Flyte configuration
1. Create an external secret containing info such as DB password, S3 access/secret key, client secret hash, etc as follows:
Copy code
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: flyte-binary-inline-config-secret
namespace: flyte
type: Opaque
stringData:
202-database-secrets.yaml: |
database:
postgres:
password: <DB_PASSWORD>
203-storage-secrets.yaml: |
storage:
stow:
config:
access_key_id: <S3_ACCESS_KEY>
secret_key: <S3_SECRET_KEY>
204-auth-secrets.yaml: |
auth:
appAuth:
selfAuthServer:
staticClients:
flytepropeller:
client_secret: <CLIENT_SECRET_HASH>
EOF.Values.configuration.inlineSecretRefvalues.yaml Copy code
configuration:
inlineSecretRef: flyte-binary-inline-config-secret Copy code
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: flyte-binary-client-secrets-external-secret
namespace: flyte
type: Opaque
stringData:
client_secret: <INTERNAL_CLIENT_SECRET>
oidc_client_secret: <OIDC_CLIENT_SECRET>
EOF.Values.configuration.auth.clientSecretsExternalSecretRefvalues.yaml Copy code
configuration:
auth:
clientSecretsExternalSecretRef: flyte-binary-client-secrets-external-secretacoustic-carpenter-78188
07/10/2023, 6:17 PM#3807 Add support for leveraging pre-created secrets in flyte-binary helm chart
Pull request ready for review by jeevb
flyteorg/flyte
acoustic-carpenter-78188
07/10/2023, 8:47 PM#3807 Add support for leveraging pre-created secrets in flyte-binary helm chart
Pull request merged by jeevb
flyteorg/flyte
3 Views