Domantas

    Domantas

    1 year ago
    Hello prefect, I'm trying to use secrets which are saved in the kubernetes. To access them, I'm using KubernetesRun agent parameter:
    job_template_path
    where there is a path to yaml file which is supposed to create environment variables and used them in the prefect code:
    apiVersion: v1
    kind: Pod
    metadata:
      name: secret-test-pod
    spec:
      containers:
        - name: test-container
          image: <http://k8s.gcr.io/busybox|k8s.gcr.io/busybox>
          command: [ "/bin/sh", "-c", "env" ]
          envFrom:
          - secretRef:
              name: mysecret
      restartPolicy: Never
    Yaml file template is took from kubernetes documentation(https://kubernetes.io/docs/concepts/configuration/secret/#use-cases) However, when I try to run it on prefect server, I got this error:
    "'spec'"
    (will attach an error log screenshot) Is there are anything wrong with the template? Is this approach is a good way to define and use secrets in the kubernetes agent? P.S I tried to define
    env
    parameter with secrets by using KubernetesRun agent but it is not a good option for this case since all secrets could be visible as a plain text in the prefect server UI.
    davzucky

    davzucky

    1 year ago
    I added a task kubernetessecret few month ago to solve that problem. https://docs.prefect.io/api/latest/tasks/kubernetes.html This allow to read kuberbetes secrets directly without mapping them to your pod. Did it work for you?
    Domantas

    Domantas

    1 year ago
    Thank you, I'll give a shot!