flat-waiter-82487
01/17/2025, 12:38 PMdomain: ""
max_parallelism: 32
project: myproject
security_context:
run_as:
k8s_service_account: my-sa
secrets:
- group: my-secrets
key: SECRET_A
- group: my-secrets
key: SECRET_B
The configuration is applied properly to my project:
flytectl update workflow-execution-config --project myproject --attrFile attr.yaml
and I see that it's there when I do:
flytectl get workflow-execution-config -p myproject
But when the pods are running for my workflows, the secrets are not mounted at all (pods don't even have any reference to them in their details). It seems like this configuration is completely ignored 🤔
Any hints how to debug it? Am I doing sth wrong?average-finland-92144
01/17/2025, 12:44 PMflat-waiter-82487
01/17/2025, 12:45 PMDo you need to set the secret for all executions?Yes, for all executions in a given project
flat-waiter-82487
01/17/2025, 12:46 PMflat-waiter-82487
01/17/2025, 12:53 PMI'm not sure the webhook reads this to mount secrets.IMHO it's a bug then 🤔
average-finland-92144
01/21/2025, 2:15 PMaverage-finland-92144
01/21/2025, 2:16 PMaverage-finland-92144
01/21/2025, 2:20 PMIMHO it's a bug then 🤔Not sure if a bug or intended behavior bc secrets are handled at the task level. Again, the closest to project alignment would be consuming an existing secret in the project-domain namespace from the PodTemplate