https://flyte.org logo
#ask-the-community
Title
# ask-the-community
g

Garret Cook

12/01/2023, 5:05 PM
I'm trying to enable AWS Secrets Manager in
flyte-binary
I've added this to my values.yaml:
Copy code
configuration:
  inline:
    webhook:
      secretManagerType: "AWS"
Where do I put the AWS service account credentials? And may I specify different credentials on different project/environment combinations? I'd expect to have to put a list of credentials in somewhere, like this for each project/environment:
Copy code
"AWS_ACCESS_KEY_ID": "some-value"
"AWS_SECRET_ACCESS_KEY": "some-value",
"AWS_DEFAULT_REGION": "some-value"
Thank you for taking a look.
s

Samhita Alla

12/02/2023, 11:52 AM
i think the default env variables need to be updated, but i'm not very sure. @Kevin Su how to add the aws credentials to access the secret manager?
g

Garret Cook

12/04/2023, 4:18 PM
Thank you @Samhita Alla, @Kevin Su do you have any notion where the AWS keys and region data should go? Thank you, kindly.
d

David Espejo (he/him)

12/04/2023, 5:34 PM
@Garret Cook
Where do I put the AWS service account credentials? And may I specify different credentials on different project/environment combinations?
This is possible but typically we'd use IRSA. For example. in this section of the FTHW tutorial, the chart is indicating an IAM role per domain. It could very well be a different role per domain/project
g

Garret Cook

12/04/2023, 7:50 PM
Oh, nice. I'm running everything on a local k3s cluster I setup with FTHW, which made me think I'd have to have the access key somewhere. Do I need the access key in there somewhere, or no?

This graphic in the guide

looks like what I want to do, but it assumes amazon eks, which I'm not planning to use (in favor of local k3s).
d

David Espejo (he/him)

12/04/2023, 9:08 PM
oh, nice. With on-prem you should use something like
kube2iam
to do IRSA. Have you tried adding the env vars under
Copy code
inline:
    plugins:
      k8s:
        e
        default-env-vars:
          - AWS_ACCESS_KEY_ID: "value"
          - AWS_SECRET_ACCESS_KEY: "value"
          - AWS_DEFAULT_REGION: "value
?
g

Garret Cook

12/04/2023, 9:10 PM
Interestin! I have not attempted that, I would add those variables in along with using kube2iam?
d

David Espejo (he/him)

12/04/2023, 10:21 PM
without using kube2iam
8 Views