Join Slack

Is there anyway to inject Vault secrets to Prefect Kubernetes job automatically without using Blocks...

# prefect-kubernetes

nicholasnet

02/16/2023, 6:41 PM

Is there anyway to inject Vault secrets to Prefect Kubernetes job automatically without using Blocks?

✅ 1

redsquare

02/16/2023, 6:51 PM

Yes you can add them as infra_overrides customizations see https://prefect-community.slack.com/archives/CL09KU1K7/p1676043965864559?thread_ts=1676002713.946769&cid=CL09KU1K7

👍 1

🙌 1

nicholasnet

02/16/2023, 6:53 PM

Awesome let me try that thank you.

👍 1

nicholasnet

02/16/2023, 7:57 PM

Just wondering where this goes since I do not see overrides property in

class KubernetesJob(Infrastructure):

redsquare

02/16/2023, 7:57 PM

its on the deployment build from flow

redsquare

02/16/2023, 7:58 PM

https://docs.prefect.io/concepts/deployments/#deployment-api-representation

redsquare

02/16/2023, 7:59 PM

infra overrides

nicholasnet

02/17/2023, 4:53 PM

Good morning. Thank you very much for you help and for that link. In my case I need to append doc like this.

Copy code

apiVersion: apps/v1
kind: Job
  ....
---
apiVersion: "<http://koudingspawn.de/v1|koudingspawn.de/v1>"
kind: Vault
metadata:
  name: control-service
  namespace: dev
spec:
  path: "control-service"
  type: "KEYVALUEV2"

How can I add such block using customization can I still use

customization

with

op

: add

nicholasnet

02/17/2023, 4:56 PM

or with

infra_overrides

redsquare

02/17/2023, 5:02 PM

hey, you can add anything using the patch spec, basically using more customizations into infra overrides

nicholasnet

02/17/2023, 5:05 PM

ok cool I was more concerned about that

---

separator.

nicholasnet

02/17/2023, 5:10 PM

Something like this then?

Copy code

k8s_job = KubernetesJob(
    namespace="prefect",
    customizations=[
        {
            "op": "add",
            "path": "/",
            "value": {
                {
                    "---": {
                        "apiVersion": "<http://koudingspawn.de/v1|koudingspawn.de/v1>",
                        "kind": "Vault",
                        "metadata": {
                            "name": "control-service",
                            "namespace": "dev"            
                        },
                        "spec": {
                            "path": "control-service",
                            "type": "KEYVALUEV2"
                        }
                    }
                }
            },
        }
    ],
)

redsquare

02/17/2023, 5:17 PM

youll need path /spec/

👍 1

nicholasnet

02/17/2023, 5:18 PM

ok I will try that. Thank you very much.

👍 1

redsquare

02/17/2023, 5:21 PM

for the control service *

redsquare

02/17/2023, 5:22 PM

the name and namespace can be set on the k8s job

redsquare

02/17/2023, 5:22 PM

rather than patch

nicholasnet

02/17/2023, 5:23 PM

Apparently that

vault

CRD needed that namespace but I will remove that and try like you said.

redsquare

02/17/2023, 5:33 PM

Yeah I cant remember exactly which props prefect sets for you but you should be able to play around and get it working how you need

redsquare

02/17/2023, 5:34 PM

we have added tons of patches to ours for taints etv

Jai P

02/21/2023, 10:49 PM

this is a late follow-up, but in case you all are interested, another solution is https://www.hashicorp.com/blog/injecting-vault-secrets-into-kubernetes-pods-via-a-sidecar

Jai P

02/21/2023, 10:51 PM

(assuming you mean HashiCorp Vault)

nicholasnet

02/22/2023, 12:02 AM

Do you know how I can use this in KubernetesJob?

3 Views

Open in Slack

Previous Next

Prefect Community

Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.