https://prefect.io logo
Powered by
Title
n

nicholasnet

02/16/2023, 6:41 PM
Is there anyway to inject Vault secrets to Prefect Kubernetes job automatically without using Blocks?
1
r

redsquare

02/16/2023, 6:51 PM
Yes you can add them as infra_overrides customizations see https://prefect-community.slack.com/archives/CL09KU1K7/p1676043965864559?thread_ts=1676002713.946769&cid=CL09KU1K7
👍 1
🙌 1
n

nicholasnet

02/16/2023, 6:53 PM
Awesome let me try that thank you.
👍 1
Just wondering where this goes since I do not see overrides property in 
class KubernetesJob(Infrastructure):
r

redsquare

02/16/2023, 7:57 PM
its on the deployment build from flow
https://docs.prefect.io/concepts/deployments/#deployment-api-representation
infra overrides
n

nicholasnet

02/17/2023, 4:53 PM
Good morning. Thank you very much for you help and for that link. In my case I need to append doc like this. 
apiVersion: apps/v1
kind: Job
  ....
---
apiVersion: "<http://koudingspawn.de/v1|koudingspawn.de/v1>"
kind: Vault
metadata:
  name: control-service
  namespace: dev
spec:
  path: "control-service"
  type: "KEYVALUEV2"
How can I add such block using customization can I still use 
customization
with 
op
: add
or with 
infra_overrides
r

redsquare

02/17/2023, 5:02 PM
hey, you can add anything using the patch spec, basically using more customizations into infra overrides
n

nicholasnet

02/17/2023, 5:05 PM
ok cool I was more concerned about that 
---
separator.
Something like this then? 
k8s_job = KubernetesJob(
    namespace="prefect",
    customizations=[
        {
            "op": "add",
            "path": "/",
            "value": {
                {
                    "---": {
                        "apiVersion": "<http://koudingspawn.de/v1|koudingspawn.de/v1>",
                        "kind": "Vault",
                        "metadata": {
                            "name": "control-service",
                            "namespace": "dev"            
                        },
                        "spec": {
                            "path": "control-service",
                            "type": "KEYVALUEV2"
                        }
                    }
                }
            },
        }
    ],
)
r

redsquare

02/17/2023, 5:17 PM
youll need path /spec/
👍 1
n

nicholasnet

02/17/2023, 5:18 PM
ok I will try that. Thank you very much.
👍 1
r

redsquare

02/17/2023, 5:21 PM
for the control service *
the name and namespace can be set on the k8s job
rather than patch
n

nicholasnet

02/17/2023, 5:23 PM
Apparently that 
vault
CRD needed that namespace but I will remove that and try like you said.
r

redsquare

02/17/2023, 5:33 PM
Yeah I cant remember exactly which props prefect sets for you but you should be able to play around and get it working how you need
we have added tons of patches to ours for taints etv
j

Jai P

02/21/2023, 10:49 PM
this is a late follow-up, but in case you all are interested, another solution is https://www.hashicorp.com/blog/injecting-vault-secrets-into-kubernetes-pods-via-a-sidecar
(assuming you mean HashiCorp Vault)
n

nicholasnet

02/22/2023, 12:02 AM
Do you know how I can use this in KubernetesJob?
3 Views
#prefect-kubernetesJoin Slack
Powered by