Channels
#announcements
Title
# announcements
m
Matheus Moreno
05/11/2022, 4:10 PMHey, everyone. Did the in-container path for secrets change for 1.x.x? I can't access my secrets anymore, and I can't find the directory
/etc/flyte/secretsk
Ketan (kumare3)
05/11/2022, 4:11 PM
that has not been touched
m
Matheus Moreno
05/11/2022, 4:24 PMthis is weird. I can't even see those internal environment variables,
FLYTE_SECRET_ENV_VAR_PREFIXI create a Secret with:
Copy code
docker exec flyte-sandbox k3s kubectl create secret generic gcloud-credentials --namespace flyte-example-development --from-file=credentials.json=/root/scv.json Copy code
@task(secret_requests=[Secret(group='gcloud-credentials', key='credentials.json', mount_requirement=Secret.MountType.FILE)])
def test_secrets() -> None:
print(current_context().secrets.get('gcloud-credentials', 'credentials.json')) Copy code
Message:
Unable to find secret for key credentials.json in group gcloud-credentials in Env Var:_FSEC_GCLOUD-CREDENTIALS_CREDENTIALS.JSON and FilePath: /etc/secrets/gcloud-credentials/credentials.json
User error./etc/flyte/secrets/etc/secretskubectl get secrets -n flyte-example-developmentk
Ketan (kumare3)
05/11/2022, 6:03 PM
and the default SecretsConfig is created from env vars
did you add this as an env var?
it does read from env var too - https://github.com/flyteorg/flytekit/blob/9f08c9e6b5f88cfae5790573bd9ecb3c3f69be81/flytekit/configuration/file.py#L34
cc @Yee do you know whats happening here?
m
Matheus Moreno
05/11/2022, 6:05 PMno, I configured as a mounted file
bc of the bug involving env vars and fast registration
I'm avoiding the injection with env vars
k
Ketan (kumare3)
05/11/2022, 6:09 PM
@Matheus Moreno can you lauched pod spec
and I think you should try and dump the secret
we should be able to see this in pod spec to see if it even mounted it
from the code pov, it all looks fine
that being said, could be a bug right. sorry for the trouble, but help will be appreciated
m
Matheus Moreno
05/11/2022, 6:15 PMyeah 1 second
Copy code
{
"config": {},
"id": {
"resourceType": 1,
"project": "flyte-example",
"domain": "development",
"name": "tasks.serving.test_secrets",
"version": "c1826ab9d9ef49bdbeb7f1c9a7920bfe-uuid4"
},
"type": "python-task",
"metadata": {
"runtime": {
"type": 1,
"version": "1.0.1",
"flavor": "python"
},
"retries": {}
},
"interface": {
"inputs": {
"variables": {}
},
"outputs": {
"variables": {}
}
},
"securityContext": {
"secrets": [
{
"group": "gcloud-credentials",
"key": "credentials.json",
"mountRequirement": 2
}
],
"tokens": []
},
"container": {
"command": [],
"args": [
"pyflyte-execute",
"--inputs",
"{{.input}}",
"--output-prefix",
"{{.outputPrefix}}",
"--raw-output-data-prefix",
"{{.rawOutputDataPrefix}}",
"--checkpoint-path",
"{{.checkpointOutputPrefix}}",
"--prev-checkpoint",
"{{.prevCheckpointPrefix}}",
"--resolver",
"flytekit.core.python_auto_container.default_task_resolver",
"--",
"task-module",
"tasks.serving",
"task-name",
"test_secrets"
],
"env": [],
"config": [],
"ports": [],
"image": "us-docker.pkg.dev/bi-data-science/dsc-images/flyte-flyte-example:c1826ab",
"resources": {
"requests": [],
"limits": []
}
}
}this is the flyte config
this is the kubectl describe for the pod
k
Ketan (kumare3)
05/11/2022, 7:01 PM
@Matheus Moreno is the sandbox?
if so, then can you tell me
kubectl get pods -n flyteor is this demo?
cc @Haytham Abuelfutuh
m
Matheus Moreno
05/11/2022, 7:11 PMits the demo
the image is flyte-sandbox-lite
y
Yee
05/11/2022, 7:22 PM
can you dump the yaml for the pod as well please?
m
Matheus Moreno
05/11/2022, 7:24 PMtried mounting as env var and also no luck
k
Ketan (kumare3)
05/11/2022, 7:33 PM
@Yee I think the webhook is not coming up
We can look at the docker logs
But let me try this too
m
Matheus Moreno
05/11/2022, 8:50 PMany luck?
k
katrina
05/11/2022, 9:57 PM
hey @Matheus Moreno can you try
flytectl sandbox startk
Ketan (kumare3)
05/11/2022, 9:57 PM
my guess is that
webhookdemowe will figure that out
but you should be able to use sandbox
it is slower but each component is a separate deployment and easier to monitor use
kubectlin this you will have to start
demodocker logswe will try to reproduce
y
Yee
05/11/2022, 10:05 PM
yeah i can reproduce the same error on my demo
ketan how do i get logs from ‘propeller’?
i don’t quite understand the error message
Copy code
Env Var:_FSEC_GCLOUD-CREDENTIALS_CREDENTIALS.JSONcuz environment variables are not supposed to have
.-m
Matheus Moreno
05/11/2022, 10:09 PMI think this involves the SecretManager. I actually posted about this some other day, about how it upper/lower cases the keys depending on the mount type
let me see if I can find my post
y
Yee
05/11/2022, 10:34 PM
can confirm that that’s not the issue at this point though. it doesn’t work if you just do normal characters.
k
Ketan (kumare3)
05/11/2022, 10:40 PM
@Yee lets talk
.
y
Yee
05/11/2022, 11:21 PM
hey @Matheus Moreno - sorry but could you try using the sandbox for now? we’ll take a deeper look and try to fix this. (so just
flytectl demo teardownflytectl sandbox startk
Ketan (kumare3)
05/11/2022, 11:58 PM
@Matheus Moreno
flytectl sandbox startDemom
Matheus Moreno
05/12/2022, 5:17 PMOk, I'll keep using the sandbox for now. Thank you everyone!
7 Views