Make it possible to configure flyte with an externally managed Secret

charts/flyte-core/README.md

@@ -288,6 +288,7 @@ helm install gateway bitnami/contour -n flyte
 | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` |  |
 | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` |  |
 | secrets.adminOauthClientCredentials.enabled | bool | `true` |  |
+| secrets.adminOauthClientCredentials.secretName | string | `"flyte-secret-auth"` |  |
 | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator |
 | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation |
 | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration |

charts/flyte-core/templates/clusterresourcesync/deployment.yaml

@@ -83,7 +83,7 @@ spec:
         {{- if .Values.secrets.adminOauthClientCredentials.enabled }}
         - name: auth
           secret:
-            secretName: flyte-secret-auth
+            secretName: {{ .Values.secrets.adminOauthClientCredentials.secretName }}
         {{- end }}
         {{- end }}
       {{- with .Values.cluster_resource_manager.nodeSelector }}

charts/flyte-core/templates/common/secret-auth.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: flyte-secret-auth
+  name: {{ .Values.secrets.adminOauthClientCredentials.secretName }}
   namespace: {{ template "flyte.namespace" . }}
 type: Opaque
 stringData:

charts/flyte-core/templates/propeller/deployment.yaml

@@ -108,7 +108,7 @@ spec:
       {{- if .Values.secrets.adminOauthClientCredentials.enabled }}
       - name: auth
         secret:
-          secretName: flyte-secret-auth
+          secretName: {{ .Values.secrets.adminOauthClientCredentials.secretName }}
       {{- end }}
       {{- with .Values.flytepropeller.additionalVolumes -}}
       {{ tpl (toYaml .) $ | nindent 6 }}

charts/flyte-core/values.yaml

@@ -473,6 +473,7 @@ secrets:
     enabled: true
     clientSecret: foobar
     clientId: flytepropeller
+    secretName: flyte-secret-auth
 
 #
 # WEBHOOK SETTINGS

docker/sandbox-bundled/manifests/complete-agent.yaml

@@ -818,7 +818,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: cWlOc1c1bnl5ZGI3YTlzSw==
+  haSharedSecret: ZDJTa2NKVTFMcjlidGR5QQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1415,7 +1415,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 7f8247a0b84f43018fdf11a598132b8a67ed9fde6573ffce801b725a6f955012
+        checksum/secret: db5afa123c05e2aae4eac302bb2d67f9687e37d90ceb9e6296215d9ac9d74c75
       labels:
         app: docker-registry
         release: flyte-sandbox

docker/sandbox-bundled/manifests/complete.yaml

@@ -798,7 +798,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: UUxqaW5SeGlBbFNlQzVoag==
+  haSharedSecret: bXRKd3dodGJvOFFuWmpScg==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1362,7 +1362,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: bea0c8f293b54e309a353e0e8563e709ad817d372d2b1dce1114188693aa3f12
+        checksum/secret: 2f7372a0283232d9d3ba0da6451468d9d3cd37e53c6df468d2e2358800a2a98a
       labels:
         app: docker-registry
         release: flyte-sandbox

docker/sandbox-bundled/manifests/dev.yaml

@@ -499,7 +499,7 @@ metadata:
 ---
 apiVersion: v1
 data:
-  haSharedSecret: ZmdJNWs5RUg4cWNVTVBzRw==
+  haSharedSecret: VkJMUDJpV2dUR2w5VE1TQw==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -934,7 +934,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: a896f2c43dff6c05c154b51e4c9ec21c9e2f03ecaf4c1fed045d84523219cf63
+        checksum/secret: 5db584b292312ecbd4601d6adfa940eb97a201d813d1de51bd54a0a33d168d70
       labels:
         app: docker-registry
         release: flyte-sandbox