Hey how can I provide secrets to the Kubernetes Agent I noti

Question

Hey how can I provide secrets to the Kubernetes Agent I noticed that I can set some envs at `KubernetesRun` but these are only strings Is there currently an easy way to provide secrets as envs My intuition says I have to provide a custom job yaml then is that correct or am I missing an easier way

Jim Crist-Harif · Answer

If you want to provide secrets for your flow you d need to provide a custom job yaml This could be either set as part of `KubernetesRun` or on the agent as the default job yaml with ` job template`

Jim Crist-Harif · Answer

The default template is here <https github com PrefectHQ prefect blob master src prefect agent kubernetes job template yaml> basically an empty job template with a single container you can add whatever secrets you need

Scott Zelenka · Answer

I ve been using PodPreset <https kubernetes io docs tasks inject data application podpreset use pod presets to inject environment variables and volumes> to pass a slew of common environment vars to each Pod that s spawned I wouldn t use this for sensitive information but it allows you to skip the two step process of using the ` job template` just to define them

Jim Crist-Harif · Answer

gt but it allows you to skip the two step process of using the ` job template` just to define them Oh neat Note that for simple environment variables not secrets you can use the ` env` cli flag instead if you re setting them at the agent level no need to add a custom job template just for environment variables

Joël Luijmes · Answer

Kay thanks slightly smiling face So the job template you provided is filled in at runtime with the correct image and stuff

Jim Crist-Harif · Answer

yeah Prefect will fill in the first container in the job pod spec with all the prefect required stuff

Jim Crist-Harif · Answer

So you only need to add whatever extra things you want

Pedro Martins · Answer

< Jim Crist Harif> why there is an argument option on KubernetesRun to provide the image pull secret if it is not present in the default job template

Nuno Silva · Answer

Before I d add `image pull secret` in `DaskKubernetesEnvironment` and it would work also I d add `image pull secret` in kubernetes agent Now like < Pedro Martins> I add it in KubernetesRun but it doesn t work So now the only way is through job template

Jim Crist-Harif · Answer

It doesn t need to be present in the job template it will automatically be added if set on either the `KubernetesRun` object or on the agent note that the `Secret` itself needs to already exist in the namespace You do need to ensure that the version of the k8s agent you re running is up to date or that feature will be ignored If this is not working for you this is a separate issue than Joel s above please open a new thread

Joël Luijmes · Answer

Thanks < Jim Crist Harif> seems like nice flexible solution then slightly smiling face