Hi :wave: I have an issue with secrets mounting no...
# flyte-deployment
f
Hi 👋 I have an issue with secrets mounting not working properly. I have prepared the following `workflow-execution-config`:
Copy code
domain: ""
max_parallelism: 32
project: myproject
security_context:
  run_as:
    k8s_service_account: my-sa
  secrets:
    - group: my-secrets
      key: SECRET_A
    - group: my-secrets
      key: SECRET_B
The configuration is applied properly to my project:
Copy code
flytectl update workflow-execution-config --project myproject --attrFile attr.yaml
and I see that it's there when I do:
Copy code
flytectl get workflow-execution-config -p myproject
But when the pods are running for my workflows, the secrets are not mounted at all (pods don't even have any reference to them in their details). It seems like this configuration is completely ignored 🤔 Any hints how to debug it? Am I doing sth wrong?
a
I'm not sure the webhook reads this to mount secrets. Do you need to set the secret for all executions? Then probably a Pod template would be helpful
f
Do you need to set the secret for all executions?
Yes, for all executions in a given project
Is it possible to define podtemplate at project level?
I'm not sure the webhook reads this to mount secrets.
IMHO it's a bug then 🤔
a
> Is it possible to define podtemplate at project level? atm you can configure it inline, or at the task level or at the namespace level. So the closest to project-PodTemplate binding would be creating it at the corresponding project-domain namespace (ref)
But the DX is not the same as what you mention, so probably filing a feature request is a good first step
IMHO it's a bug then 🤔
Not sure if a bug or intended behavior bc secrets are handled at the task level. Again, the closest to project alignment would be consuming an existing secret in the project-domain namespace from the PodTemplate