https://flyte.org logo
#ask-ai
Title
# ask-ai
m

Maciej Kopczyński

02/13/2024, 9:33 PM
@Glime How do I mount a Kubernetes secret as an environment variable available for a Flyte task?
g

Glime

02/13/2024, 9:34 PM
To mount a Kubernetes (k8s) secret as an environment variable available for a Flyte task, you can follow these steps: 1. Define the Secret in Kubernetes: First, ensure that your secret is created in Kubernetes. You can do this using the
kubectl
command. For example, to create a secret named
my-secret
with the key
AWS_SECRET_ACCESS_KEY
, you would use:
Copy code
kubectl create secret generic my-secret --from-literal=AWS_SECRET_ACCESS_KEY=<your-secret-value>
2. Use the Secret in a Flyte Task: In your Flyte task, specify the secret request using the
Secret
object from
flytekit
. You need to set the
mount_requirement
to
Secret.MountType.ENV_VAR
to ensure the secret is mounted as an environment variable. Here is an example task that demonstrates how to do this:
Copy code
from flytekit import task, workflow     from flytekit.types.file import FlyteFile     from flytekitplugins.pod import Secret      @task(secret_requests=[Secret(group="my-secret", key="AWS_SECRET_ACCESS_KEY", mount_requirement=Secret.MountType.ENV_VAR)])     def my_task() -> str:         # Access the secret value from the environment variable         secret_val = os.environ["AWS_SECRET_ACCESS_KEY"]         return secret_val
In this example,
my-secret
is the name of the Kubernetes secret, and
AWS_SECRET_ACCESS_KEY
is the key within that secret. The secret's value will be available in the task's environment as the variable
AWS_SECRET_ACCESS_KEY
. 3. Deploy and Run Your Task: After defining your task with the secret request, deploy your Flyte workflow as usual. The Flyte system will automatically inject the specified secret as an environment variable into your task's execution environment. Remember, the secret must exist in the same Kubernetes namespace as where your Flyte workflows are being executed. Also, ensure that the service account used by Flyte has the necessary permissions to read secrets in the namespace.
5 Views