@ancient-wolf-19325 can you use both the AWS secrets manager webhook plugin and the default k8s secrets manager?

Yes, you can use both AWS Secrets Manager and the default K8s secrets manager in Flyte. According to the Flyte documentation, Flyte supports multiple secret management systems, including K8s secrets (default) and AWS Secrets Manager. The Flyte Pod Webhook can be configured to use these secret managers, and secrets can be retrieved based on the configured secret manager type. Would you like more detail on how to configure these secret managers? Sources: - Flyte documentation 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@ancient-wolf-19325 I set

configuration.inline.webhook.secretManagerType = "AWS"

in my flyte-binary helm deployment and I can successfully retrieve secrets from AWS secrets manager now but if I try retrieving secrets from a Kubernetes secret I get this error:

[1/1] currentAttempt done. Last Error: USER::Pod failed. No message received from kubernetes.
[init] terminated with ExitCode 0.
[aws-pull-secret-1] terminated with exit code (1). Reason [Error]. Message: 
.

Does setting

configuration.inline.webhook.secretManagerType = "AWS"

force us to ONLY use AWS Secrets Manager?

Yes, setting

configuration.inline.webhook.secretManagerType = "AWS"

configures Flyte to use AWS Secrets Manager, which may prevent the use of Kubernetes secrets. According to the Flyte documentation, the secret manager type determines which secret management system Flyte will use to retrieve secrets. If AWS is set as the secret manager, it will prioritize AWS Secrets Manager over Kubernetes secrets. Would you like more detail on how to configure Flyte to use both secret managers? Sources: - Flyte documentation 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@ancient-wolf-19325 yes I would like more detail on how to configure Flyte to use both secret managers

To configure Flyte to use both AWS Secrets Manager and Kubernetes secrets, you need to ensure that both secret management systems are properly set up and that Flyte is configured to access them. Here's a step-by-step breakdown: 1. Kubernetes Secrets Configuration: - By default, Flyte uses Kubernetes secrets. Ensure that your secrets are created in the same namespace as your Flyte tasks. You can create a Kubernetes secret using `kubectl`:

kubectl create secret generic user-info --from-literal=user_secret=mysecret -n <namespace>

- Ensure that the Flyte task requests the secret using the

Secret

class in Flytekit, specifying the group and key. 2. AWS Secrets Manager Configuration: - Set up AWS Secrets Manager and ensure that your AWS credentials are configured correctly in your Flyte environment. - In your Flyte configuration, set

configuration.inline.webhook.secretManagerType = "AWS"

to enable AWS Secrets Manager. 3. Flyte Configuration: - To use both secret managers, you may need to configure Flyte to handle secrets from both systems. This might involve setting up the Flyte Pod Webhook to recognize and handle both types of secrets. - Ensure that your Flyte tasks are annotated or configured to request secrets from the appropriate secret manager. 4. Task Configuration: - In your Flyte tasks, use the

Secret

class to request secrets. Specify the secret group and key, and ensure that the task is aware of which secret manager to use. 5. Testing and Validation: - Test your configuration by running Flyte tasks that request secrets from both AWS Secrets Manager and Kubernetes secrets. Ensure that the secrets are correctly retrieved and used within the tasks. If you encounter issues, check the Flyte Pod Webhook logs for any errors related to secret retrieval and ensure that the necessary permissions and configurations are in place for both secret managers. Sources: - Flyte documentation - Flyte GitHub 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.