kfctl icon indicating copy to clipboard operation
kfctl copied to clipboard
verified publisher icon kubeflow

creating secrets from kfDef during installation

Open SatwikBhandiwad opened this issue 5 years ago • 4 comments 

secrets:
  - name: env_password
    secretSource:
      envSource:
        name: ENV_PASSWORD_NAME
  - name: plain_text_password
    secretSource:
      literalSource:
        value: 12345

Added the above part in kfDef and expected it to create two secrets in kubeflow namespace during installation. Is this how it works? I posted the same question on slack and did not get any response, so posting it here.

SatwikBhandiwad avatar Apr 14 '20 06:04 SatwikBhandiwad

Issue Label Bot is not confident enough to auto-label this issue. See dashboard for more details.

issue-label-bot[bot] avatar Apr 14 '20 06:04 issue-label-bot[bot]

/kind question /priority p1 /area engprod

jtfogarty avatar Apr 17 '20 20:04 jtfogarty

@SatwikBhandiwad Hey, I don't think that is how this works. I digged through the code and it seems like the Secrets are only used in plugins (e.g. gcp)

vpavlin avatar Nov 13 '20 13:11 vpavlin

It is the Kustomize that handles resource generation like k8s secrets when using the CLI kfctl. And you can use the directive secretGenerator. For instance:

https://github.com/kubeflow/manifests/blob/a95c7d0a0eda0066c987df19b1b0ad00d4413101/metadata/overlays/db/kustomization.yaml#L13-L16

If you plan to externalize the actual secret text out of code, it could use environment variable files but only keep the environment variable names in it, so that you can pass the actual secret text via an environment variable when running kfctl apply. You can find how-to from this article: https://rm3l.org/using-system-envvars-with-kustomize/#using-system-environment-variables

shawnzhu avatar Nov 16 '20 14:11 shawnzhu