Hello prefect, I'm trying to use secrets which are saved in the kubernetes. To access them, I'm using KubernetesRun agent parameter:

job_template_path

where there is a path to yaml file which is supposed to create environment variables and used them in the prefect code:

apiVersion: v1
kind: Pod
metadata:
  name: secret-test-pod
spec:
  containers:
    - name: test-container
      image: <http://k8s.gcr.io/busybox|k8s.gcr.io/busybox>
      command: [ "/bin/sh", "-c", "env" ]
      envFrom:
      - secretRef:
          name: mysecret
  restartPolicy: Never

Yaml file template is took from kubernetes documentation(https://kubernetes.io/docs/concepts/configuration/secret/#use-cases) However, when I try to run it on prefect server, I got this error:

"'spec'"

(will attach an error log screenshot) Is there are anything wrong with the template? Is this approach is a good way to define and use secrets in the kubernetes agent? P.S I tried to define

env

parameter with secrets by using KubernetesRun agent but it is not a good option for this case since all secrets could be visible as a plain text in the prefect server UI.

I added a task kubernetessecret few month ago to solve that problem. https://docs.prefect.io/api/latest/tasks/kubernetes.html This allow to read kuberbetes secrets directly without mapping them to your pod. Did it work for you?

Thank you, I'll give a shot!