Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

Hi, I am running into issue - I defined `clusterResourceTemplates.inline` in values.yaml for binary helm deployment. I did put there namespace, secret and service account, but while namespace gets created, it looks like the other two are not applied. I tried to run flyte with `--v 10` but nothing interesting popped out. Does anyone here has any idea? Thank you all!

can you share the config section you're using?

No problem, thank you in advance
```clusterResourceTemplates:
    inline:
        aa_namespace.yaml: |
            apiVersion: v1
            kind: Namespace
            metadata:
              name: '{{ namespace }}'
        zy_docker_pull_secrets.yaml: |
            apiVersion: v1
            data:
              .dockerconfigjson: &lt;SNIP&gt;
              kind: Secret
              metadata:
                namespace: {{ namespace }}
                name: regcred
              type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>
        zz_sa.yaml: |
            apiVersion: v1
            kind: ServiceAccount
            metadata:
              name: default
              namespace: {{ namespace }}
            imagePullSecrets:
              - name: regcred```

As I posted the snippet I found the bug in my config: wrong indentation in the nested yaml... Classic. It became more obvious after redacting the lon secrets content.

So after fixing indentation it applies the service account - previously it probably stopped on badly formatted Secret. But for some reason I see no secret. What's worse - i see no error in logs, not even when i had badly formatted manifest.

&gt; But for some reason I see no secret
So the SA is annotated with the imagePullSecret but there's really no `regsecret`in any of the `project-domain` namespaces? (like `flytesnacks-development`for example)

As per YAML validation I think in this case it's done by kube-apiserver. Not sure if the logs on the Flyte pod capture this

exactly. But i'd expect flyte logging an error if something bad gets returned from apiserver.

This is an important pattern, access to private images. If you don't mind sharing your updated config?
Also, what about the output of `helm template`?

values.yaml

No problem. I hope I managed to redact all the secrets...

rendered.yaml

<@U04H6UUE78B> it turned out I messed up base64 in the secret, that's why it didn't appear. Though it took me quite some time to figure it out as flyte doesn't log anything which might point me somewhere. It silently ignores the errors.

<@U08JE41KY7L> thanks for sharing. So at this point I'm not sure what component owns the actual apply of those manifests, whether it is Helm (most likely) or Flyte. Thing is that in general a K8s secret will let you store arbitrary content, the secrets controller won't check for proper encryption so I don't think even K8s will log an error at that level. Did you see any error that pointed to wrong encryption?