Matheus Moreno
05/11/2022, 4:10 PM/etc/flyte/secrets
eitherKetan (kumare3)
Matheus Moreno
05/11/2022, 4:24 PMFLYTE_SECRET_ENV_VAR_PREFIX
and such. were they removed?docker exec flyte-sandbox k3s kubectl create secret generic gcloud-credentials --namespace flyte-example-development --from-file=credentials.json=/root/scv.json
And try to retrieve it with:
@task(secret_requests=[Secret(group='gcloud-credentials', key='credentials.json', mount_requirement=Secret.MountType.FILE)])
def test_secrets() -> None:
print(current_context().secrets.get('gcloud-credentials', 'credentials.json'))
But this appears:
Message:
Unable to find secret for key credentials.json in group gcloud-credentials in Env Var:_FSEC_GCLOUD-CREDENTIALS_CREDENTIALS.JSON and FilePath: /etc/secrets/gcloud-credentials/credentials.json
User error.
On 0.x.x, secrets were being mounted on `/etc/flyte/secrets`; I was actually retrieving them manually because of how Flyte deals with upper/lower casing for them. But now there's no /etc/flyte/secrets
directory, nor /etc/secrets
, even though the secrets are being requested (I can see on the task definition) and they do exist on the defined namespace (I can see with kubectl get secrets -n flyte-example-development
).Ketan (kumare3)
Matheus Moreno
05/11/2022, 6:05 PMKetan (kumare3)
Matheus Moreno
05/11/2022, 6:15 PM{
"config": {},
"id": {
"resourceType": 1,
"project": "flyte-example",
"domain": "development",
"name": "tasks.serving.test_secrets",
"version": "c1826ab9d9ef49bdbeb7f1c9a7920bfe-uuid4"
},
"type": "python-task",
"metadata": {
"runtime": {
"type": 1,
"version": "1.0.1",
"flavor": "python"
},
"retries": {}
},
"interface": {
"inputs": {
"variables": {}
},
"outputs": {
"variables": {}
}
},
"securityContext": {
"secrets": [
{
"group": "gcloud-credentials",
"key": "credentials.json",
"mountRequirement": 2
}
],
"tokens": []
},
"container": {
"command": [],
"args": [
"pyflyte-execute",
"--inputs",
"{{.input}}",
"--output-prefix",
"{{.outputPrefix}}",
"--raw-output-data-prefix",
"{{.rawOutputDataPrefix}}",
"--checkpoint-path",
"{{.checkpointOutputPrefix}}",
"--prev-checkpoint",
"{{.prevCheckpointPrefix}}",
"--resolver",
"flytekit.core.python_auto_container.default_task_resolver",
"--",
"task-module",
"tasks.serving",
"task-name",
"test_secrets"
],
"env": [],
"config": [],
"ports": [],
"image": "us-docker.pkg.dev/bi-data-science/dsc-images/flyte-flyte-example:c1826ab",
"resources": {
"requests": [],
"limits": []
}
}
}
Ketan (kumare3)
kubectl get pods -n flyte
Matheus Moreno
05/11/2022, 7:11 PMYee
Matheus Moreno
05/11/2022, 7:24 PMKetan (kumare3)
Matheus Moreno
05/11/2022, 8:50 PMkatrina
flytectl sandbox start
Ketan (kumare3)
webhook
is not starting up in the demo
cluster for you for some reasonkubectl
demo
and then say docker logs
Yee
Env Var:_FSEC_GCLOUD-CREDENTIALS_CREDENTIALS.JSON
what is that env var used for?.
and -
in them, so some sanitizing needs to happenMatheus Moreno
05/11/2022, 10:09 PMYee
Ketan (kumare3)
Yee
flytectl demo teardown
and then flytectl sandbox start
- which does a very similar thing but all the flyte components run inside docker containers on the virtual cluster instead of one binary so it takes longer to load)Ketan (kumare3)
flytectl sandbox start
still works. Demo
is a new type of image that we are building which is faster to start and use and also is almost airgapped (almost).
It seems for some reason the Webhook is unable to communicate with K8s api in demoMatheus Moreno
05/12/2022, 5:17 PM