https://flyte.org logo
#ask-the-community
Title
# ask-the-community
f

Frank Shen

10/03/2023, 6:40 PM
Hello, In the flyte helm chart, it uses k8s secret to manage db password, etc.
Copy code
common:
  databaseSecret:
    # -- Specify name of K8s Secret which contains Database password. Leave it empty if you don't need this Secret
    name: "db-pass"
    # -- Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See <https://github.com/godaddy/kubernetes-external-secrets>
    secretManifest:
      # -- Leave it empty if your secret already exists
....
When db password is rotated automatically, we have to update the secret and/or helm chart to reflect it. This is not good. Our organization has a standard way of managing credentials in AWS Secret Manager and a way to retrieve them in helm chart. e.g.
Copy code
password: "${secret.database.json.raw.database/service/.../dev/rw[password]}"
Question, 1. Does Flyte work without using commondatabaseSecret? 2. How to change Flyte to utilize password: “${secret.database.json.raw.database/service/.../dev/rw[password]}“? The current helm chart for db is using a mounted file for passwordPath. It doesn’t use password directly.
Copy code
db:
  datacatalog:
    database:
      port: 5432
      # -- Create a user called flyteadmin
      username: flyteadmin
      host: "{{ .Values.userSettings.rdsHost }}"
      # -- Create a DB called datacatalog (OR change the name here)
      dbname: "flyteadmin"
      passwordPath: /etc/db/pass.txt
2 Views