Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

Hi everyone! :wave:
I’m working on setting up a Flyte deployment using helm charts and need to configure OIDC secrets and S3 keys using environment variables instead of including them in the helm values.yaml file.

Does anyone have experience or recommendations for achieving this?
Any tips, examples, or references to existing documentation would be greatly appreciated!
Thanks in advance for your help! :pray:

this is a good one
<https://github.com/davidmirror-ops/flyte-the-hard-way>

<@U05FFAF4FC2> Thank you, but I haven't really seen an example of how to configure something like an accessKey and secretKey through environment variables. The same applies to OIDC clientSecret. I have a self-hosted Kubernetes cluster.
```storage:
    metadataContainer: flytemeta-dev
    userDataContainer: flyteuserdata-dev
    provider: s3
    providerConfig:
      s3:
        authType: "accesskey"
        endpoint: ""
        accessKey: ""
        secretKey: ""
        disableSSL: true
        v2Signing: true

  auth:
    enabled: true
    oidc:
      baseUrl:
      clientId: flyte
      clientSecret:
    internal:
      clientSecret:
      clientSecretHash:
    authorizedUris:```

<@U082XHGQSVA> if you're using flyte-binary, this is already available:
<https://github.com/flyteorg/flyte/blob/ab95f7e7241afd9c020b1fd1dedd69f9ff613baa/charts%2Fflyte-binary%2Ftemplates%2Fdeployment.yaml#L169|https://github.com/flyteorg/flyte/blob/ab95f7e7241afd9c020b1fd1dedd69f9ff613baa/charts%2Fflyte-binary%2Ftemplates%2Fdeployment.yaml#L169>

If flyte-core, it is going out soon:
<https://github.com/flyteorg/flyte/pull/5216|https://github.com/flyteorg/flyte/pull/5216>

<@U04H6UUE78B> This is clear, but which variables should I use for the AWS secret key, client key, and OIDC secret?

If I have this secret:
```apiVersion: v1
kind: Secret
metadata:
    name: secrets
    namespace: flyte
type: Opaque
data:
    aws_key_id: "secret"
    aws_secret_access_key: "secret"
    oidc_client_secret: "secret"
    client_secret: "secret"```
And if I reference this secret in values.yaml like this
```deployment:
  extraEnvVarsSecret: secrets```
It wont't work.

Should I name the variables differently, or is it something else?

Thanks in advance!

hey Anes, yeah my mistake.
Unfortunately this is not documented yet in the auth page but you can inject OIDC secrets to flyte-binary using a K8s secret:
<https://github.com/flyteorg/flyte/pull/3807>