Hey all, we're running container tasks for the fir...
# flyte-supportc
clean-glass-36808
09/06/2024, 6:21 PMHey all, we're running container tasks for the first time and seeing some unwanted behavior with regards to secrets.
It looks like the
flyte-copilot-downloader Copy code
initContainers:
- name: flyte-copilot-downloader
image: <redacted>/flytecopilot:v1.13.0-stack.14
command:
- /bin/flyte-copilot
- '--storage.limits.maxDownloadMBs=0'
- '--storage.container=<redacted>'
- '--storage.type=stow'
- '--storage.stow.config'
- secret_key=<redacted>
- '--storage.stow.config'
- access_key_id=<redacted>
- '--storage.stow.config'
- authtype=accesskey
- '--storage.stow.config'
- disable_ssl=0
- '--storage.stow.config'
- endpoint=<redacted>
- '--storage.stow.config'
- region=us-east-1
- '--storage.stow.kind=s3'clean-glass-36808
09/06/2024, 10:34 PMTaking a deeper look at this I see that even when the storage is configured with a secret in the helm chart its just mounted directly to the datacatalog deployment so its not really aware of any k8s level secrets. So its possible some more context would need to be pushed through and flyte copilot may need to be refactored to handle environment variables if it doesn't already.
clean-glass-36808
09/06/2024, 11:46 PMHmmm. And it looks like the configurable pod template has no impact on the init containers either so its not easy to plug in those AWS environment variables on our end hmm.
a
average-finland-92144
09/10/2024, 3:09 PMit looks like the configurable pod template has no impact on the init containers@shy-guitar-84777 sent a PR to at least address this
c
clean-glass-36808
09/10/2024, 3:39 PM@shy-guitar-84777 do you mind if I add some code/tests to get your PR merged?
clean-glass-36808
09/16/2024, 4:38 AMI opened a PR here: https://github.com/flyteorg/flyte/pull/5750
Not 100% the API signatures are ideal but yeah
2 Views