diff --git a/charts/flyte-core/templates/admin/deployment.yaml b/charts/flyte-core/templates/admin/deployment.yaml index 23ea9966dfc..512fb80de8f 100755 --- a/charts/flyte-core/templates/admin/deployment.yaml +++ b/charts/flyte-core/templates/admin/deployment.yaml @@ -107,31 +107,6 @@ spec: {{- end }} {{- end }} {{- end }} - - name: generate-secrets - image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" - imagePullPolicy: "{{ .Values.flyteadmin.image.pullPolicy }}" - command: ["/bin/sh", "-c"] - args: - [ - "flyteadmin --config={{ .Values.flyteadmin.configPath }} secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", - ] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - mountPath: /etc/flyte/config - name: base-config-volume - - mountPath: /etc/scratch - name: scratch - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.flyteadmin.env -}} - {{- tpl (toYaml .) $ | nindent 12 }} - {{- end }} containers: - command: - flyteadmin diff --git a/charts/flyte-core/templates/admin/secret.yaml b/charts/flyte-core/templates/admin/secret.yaml index 3d1cd1ec800..2b3ca07885c 100644 --- a/charts/flyte-core/templates/admin/secret.yaml +++ b/charts/flyte-core/templates/admin/secret.yaml @@ -1,11 +1,28 @@ {{- if .Values.flyteadmin.enabled }} +{{- $secret := (lookup "v1" "Secret" (include "flyte.namespace" .) "flyte-admin-secrets") -}} apiVersion: v1 kind: Secret metadata: name: flyte-admin-secrets namespace: {{ template "flyte.namespace" . }} type: Opaque +data: +{{- if $secret }} + token_rsa_key.pem: | + {{ index $secret.data "token_rsa_key.pem" }} + cookie_hash_key: {{ index $secret.data "cookie_hash_key" }} + cookie_block_key: {{ index $secret.data "cookie_block_key" }} + claim_symmetric_key: {{ index $secret.data "claim_symmetric_key" }} +{{- else }} + token_rsa_key.pem: | + {{ genPrivateKey "rsa" | b64enc }} +{{- end }} stringData: +{{- if not $secret }} + cookie_hash_key: {{ randAlphaNum 64 | b64enc | quote }} + cookie_block_key: {{ randAlphaNum 32 | b64enc | quote }} + claim_symmetric_key: {{ randAlphaNum 32 | b64enc | quote }} +{{- end }} {{- with .Values.flyteadmin.secrets -}} {{ tpl (toYaml .) $ | nindent 2 }} {{- end }} diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 0ce940cfa90..35f1f2d53e0 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -56,7 +56,13 @@ metadata: name: flyte-admin-secrets namespace: flyte type: Opaque +data: + token_rsa_key.pem: | + LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBdmFyejEwYzBvbW14OUdNUUVlZDh6ZzN6cUFmWGZDLzM5MFV3YUFFSENJd21zYlhTCk5rV2dUNGZyUzdOS3JML2syS2FCVjVVaC9neUF2cWFQTnlUczBVak9xL1ZieG45ZUlUVG50bE9lQ0VZWE9pZ2gKWWQ2a2FPbVlXakNicWdTMC93QlhHMjlkVHlycWxtZFFOWFlZZVJOOU80cEhPNGIzb3R0Rm1SWEVOenBBTEM1Vwo2c1NyNmpJRENXSzA2c3NmM1B4WEc1TEJaQ1hDaFpiQXNZZFNGUVlnc3ByZ0hXWTRzbEZIUmlDbm5BdWxyMEJxCjlkdVMxM0NJWkp3TE5aK1JDS2RRM0JKQ3pxZ1lnNDcwTXpXTXlUMnp4SkpFR1pLaGhYeEFuV1VZVmMzYkZHckoKNWl4cVZvWjZQM2QvUkZBeXIwc0k2UjZ3N1ZnUzlpQktabkpNV3FzMGdHRlpQRkdiVS9lcm9va0JKN2toakdFWApUbjF6eWZJMHlLSGwwNDZ4VmZ3Y1J0cUJvTVh3aWpmcFFjNDlManNJTzVuaVdxTm5rQ3pLanJJNHhBNElUNkhECi9YOFlVRnphbTZnY0NJdk4vaHZkZXdka3U4SndoOGI5Y0hDd2U0cHB0ZVZvTnVxdjV0SHBhOE9EZityZlR1MUwKYWM1QXRzVUR5TGRrSXNWL2pkaUlBKzlGTTJWN211YVVTVEM0bEVOS0xwQm1yZHFuUm5oVFFKSlNCZGVGMzhEWApqZFlOWUs5K0RKK25ReEdjVVA0c3Y2anorUVUvTkI4RTRMMFM4aVRIemZ0MkpOQTBFZmh5WWh4OVJXbHNzQ0RRCnJlc011ZVFkbVBubWJWcFBUMi80YjhVOVEyN1NIQ3krbmxsODdnb0NzWVY0Q1ZYeGFUU0RYQU5HZFdzQ0F3RUEKQVFLQ0FnRUFqZ1VoR3hUZGE3TzdKYVM3MXJ4QWJzWnhxV05kemtiWTVSV3czbC9PbFc3a1ZuTXdHYVZmR2M1TAp1TjVpenlITlNSQzhqd2xEYjhpSzZyY3JTLzVoT1lETUNHVHJ1S0dNcVU3RkpuaE1RQ1BEcHE5Lzk1blFBQ0xTCkNzNlU4T1VmWmtZcDg0Z2JGWG1zT0x6WmlYNkphcmZXTVN3a2xJVkdqbktrRmJIL3Y5N2xTRy9XYzJxYTAvMW8KMnJGSGlQeGFPbzNVNS9lbXljZWdkWWxoZGswK2dER2JjRUdhQ1VtT3NLODlzRndwUlNaUGhQKzJWNngzc3N3Mwp4U1kzR29zRi9iWFRUVVo3TWVVYW5nQUFDUXhUQkNrb244dHFKTC93SkZUYXlVQjJ6V0VjWjVoaTMvQm9HNndNCmc5T0Z2M0JSMDRKYkJMd1BmVmxTc1d1U2FrMnhyM1NWTmV4RjQwdkVURVZpMHJ0OE5aQzFDU1kwTkIxbDdzUnEKVW5hQmFsSldkalA1NkJQYTQ2SHNLQUF1aWVXRUw4K1Q3MUZkR1pUV012Mk13enpOT2tmYmNSczNtZ2wvdlRpOApkUmlFNWExYnpoUlRiOW1Bd09UNE56SFdsSHlWaENpSXFjM2J2WE5Id0FRN0M1OStjZjFCWW5leittM1RYQjVmCk8vNFpPWWFUNkkvN2wvMGREZ1pDOHlOYU1VMGhTUzVwbXFoYkhxWHdiejhncUt4dUQ4czFkdjBQWW1LQ3VPTkgKTmdpbWJxWUZNVGFzT2NvWHc0M0V2WjkwKzNONXQ4b1g1OWhnQm51WFNQaVVwSTVQM3hBbTZkV01yWFpIZkNySQpET2txQW1hVGUxMHN0VTB1bjJWeXJJVFZTaGhiT1Z1QlN5V2FyYVdBbU4xVTc3ZnF3dmtDZ2dFQkFOV2M3QUtxCkIyVUNJRGYyRHc5dGZjdVNRWjFIRndMVm05T1d4a3Vsc0Ywd1ZIank5SGlBaHB6SjMwc3pRK2I4ZkNWVFk5MFAKYXZlRHdqMnA4QitESkxVSXBWdGg4ZTB0VVVBaUF3S3FyaGV2RnJSTytKOEVDcVB3WVY0MUZNVGNVMmJXSXRqOQpSM1NxeitFVTJDdXVWbS9iaC9UL3FxMEtnMk9nQWJtUjJNM3ZkeEYzcWFJeVlnRkU2KzN3dkltQmhXNWJkZWNCCmdzd3RiZThyQVVDelZjb2l1Z3V4bEpiUVhXakticjZGRVRyUSszUmxDemg3SUVTNUVvaFVQK2orKzJYNHFHWE8KTVc2OTZDMmdBTTQ1Y0MxQkl1YUdlZEpzbXRmUXQrbFVlWWl5a043d05ET2orYWhacTVIaU96SXpRTndIb2kxcQphVFhxN3hoRmpSQ2cvdVVDZ2dFQkFPTk5xcDNjSHFVNXRiMmQ3RUJjTXdvV09ub2dGK3QvT244KysyWks1b1RlClF5bVcvTVJ0cE5aMlFuRkZKZ2tHZXdkZDhzbzVPZFVudmg1SnI4RUd1ZkVwVDNWNGVjc2kxbllIR29HU21vb2wKL2J5U0lsVHRONzVERW1SNWpYckZUUWxic1BBRk1TK3o0ODBseitGQW5ReE1ZK0lUVjc3dllQc3RRQkhjNllGNApRTWgrRU5DUGh5L3RORFJqc1lIeThRNXFxT1dnNmswV0tmQ1JsdTJNaUVpcDI5OW0zSytnY2xNUFBINlZCZ1YrCnd3MndEMjE4TnB2RDhvQmlwTjBneTZ3QkpqMk5OSkRMU0JES1dkSHBialJwdVg2Tm05Q3hRdGFyMnppTDF6ZTYKNncvTVM1c0NtRlZkendaZU5mL1pCZUFyZ21qZUhEMkU5RlAwLzViYkRnOENnZ0VBRUFiTytrQXhmOVdSLzBEWgp6bW1EbDZOb2d0bFRrNlhkSkJuYTFOQWdsRTFNK1NvWlIzVTFKRXhORVlKT0pPVnFsdzVUbnNGS1lEbWxlQ1RvCjNDUmx1Nk5qYktERG11emNmTGhRaTRHc3dDQWx6dTloM2VSYXZBUUwraHAzYlhHdVhEZlNzMzhGUG02V1hDZkoKTkRYSFRHc25IeTJUYTVvdlUya3MxL1JtVk1VVHBON2FmazNUWm83Nk9JYm9UbFRHWXdvL3BVNUt0dkR0bjVVVgphZnBLaEhqb2hub1RVT0ZmTUw2SFlvbnZTZjlsN2t5cWM5bGhDV2J0U2djd0tGWUJISngwWGZjRFpIQ2hHOU0yClhFS1k5UHcvRnhhZHl6alV3VDVxbmZuMWlGa0ZYNFNjRmdmR2NtZ1A1RWtaOGVGQWk0R1RIRjh3ZDVnaHlpdGwKc3dxeE5RS0NBUUVBb1pRbE04QTB2S2tRYXpFbXJ2MmJmcEVja3BIYnp4a0xBVWRKT0ljSDVPMkdlcnNOQmFrWApZeWgveExzdDlYNTQyRnpOYVRsU3hoWlJUSUIvQWswQXd0RGwzaEI5SzR5aFBSZUJuUmdVNlIxbWlMU3MyUWdqCjl3a0F1eEc1STh1N0htcmlsVXhya1loajZBSDRDeHgrUnk3S1Zmd0FCUWR2UGo0RmJHMUlSRE95Z1pNejZyNE0Ka0dJakdSYkJLU29FZDRZVWQ5OXlqc2V4bW9RejhMdFVhYXJ0VkpwdlNCMWJCM1l1UDZFNXZaQkZvYVpFNFVSSwpJV0lpTVdkdDRJOGVtUy9iK2ljMWRiUTdqMHY0bTRJL1I5emI4bjFCaFJGcy9PTC9tK3UwV3JaeHdESXVrSXRBCnRIWlI0eW4zWXQ3b0VWbDhnNFZZTjljYVE5QkdHL3V0dXdLQ0FRQjJsYTJZcENqTGhrKy9HLzJudXNFVk5HcGkKY1NiNXBmcXg3Q1N3WnhFeElPb21Ld0lJL1Z1REJqVVRkd1hqcVEwZVJqN3pncVBtQnZNenlFMkszbzdMVjluWAplbUpzd212WGloZnRWMVcyZVhKNHU1UTFyVW1kckFZK09BdUdyMHNXalpxMEV5YXRaN0RwaTVKY1M5UGR1bWtoCmZTN1VBMHNXdDI2d0pWcGZkT1F1T1F6dWFna3U3UVU3bVE4cGV0VDBzVmJKa2RjemJvRFdIR3F1VDJaV3VRSGEKT0dCSjZzSG5iWlF5VkVVOGtoT3VFV0xrakFVMnNIQ0hWQ1gvK0NPdExlR0lDaTc3bTdGVHVVaWdrd2lhalVrZgo5L0RrZ3N6dlNLb1l0cjFxbjFTVE1vendPYUpFR2Q4azZYVjVWS3ZjZkpQRFlYRy94SEdZcWU5WGl4Q3gKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K stringData: + cookie_hash_key: "QkszemVLWGdFU3h5UlhVS0JuU0oyWUNHcUNUdnhwQ2w2RTJsQktaR3gwcFg3MldNMGY0eFE0Z2VWS0t0bHp2QQ==" + cookie_block_key: "TVhSV3dVZjZlYkduQWtWWlFVZENkcE13bWpqYnk3NE8=" + claim_symmetric_key: "RkptQ1dJODJvTGk0NGphb1ZSVWRpb1RZbEFaWHBIZTQ=" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 @@ -931,28 +937,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - name: generate-secrets - image: "cr.flyte.org/flyteorg/flyteadmin:v1.13.0" - imagePullPolicy: "IfNotPresent" - command: ["/bin/sh", "-c"] - args: - [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", - ] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - mountPath: /etc/flyte/config - name: base-config-volume - - mountPath: /etc/scratch - name: scratch - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - command: - flyteadmin diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index d9ebf1d7bd3..d898ef1b66d 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -46,7 +46,13 @@ metadata: name: flyte-admin-secrets namespace: flyte type: Opaque +data: + token_rsa_key.pem: | + LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBN2JmelZvb01DSENyV09LVXJjaUdCRUFWQVFicStsQ1BYRUV2TGsreWxmZmxRbVVwCkVTRHp1KzJpRm8vSklRZTdkc2hlaXN6VWlkVWdXUXRCSEt6THdtaXZ4YmdqeTRub2Z5RGhmSXhBdURpTW9NREsKUlVpTFQxeTZxdDIzcjRLY21lTDhKamVwbmlQbHdaZUJjU21YRk9vUktoWFRrUmRITkFKWm1oaU1RTUJaZTZUYwpTTDRrc0NVdlEvV2o4SkFmRjlwM1RmMk9CTVpYMnBqQU5xSlU3S0l3SzFWSTlndFp0REJUL0xDam8yZnl2TVJaClEzbDRndm9HeTNtSUhGK0Y5N0tJd09RWUNFZVE3RnpsS0tFanpySEVyUllXUW5BRk9qekhTcU1vREJtZnpsajIKY1VqcHY4UXBkM1JjWDhUNG9YWG5CVWFKK1YwMVN2WVRmV0pwaG5OcC9mL0QycTVSM004QWlCNE9uQjJzTHdldQpVb1dUYmx1OWl1UHhCMkhISlhzZ0pXd0xqSkhMOEhjZXZUaGZncUVEOVpFQTV2dDBzb3pkV2svOFZLbDlHczlqClIrYVExSE41cHl1SDg3N3oxcE1sTTAwSW5sNG5UTldCUDNncy9KZGIzZzBWZjNuVnAzRnZCcHpPcnlWemg3UFEKYzhINXBqTWVjeXZpUW53di82YWFCbXdHT0owUHdIRmpKSzlvM0hFejVySHlWcDM1K1R1clJkeDNYNmgrcVVVRgpUdXlnaXk0Zis3RFFpeS9PdDBhbkdGWUNaaEc3N21PSXlCaXBZdHVQRW9pL3ZMNWpsWm9KQTdKQ3JYOVk4UjZjCjJUN1dlWXVPRlRGUnFreHJ4MWNDYW9sb1BobTl4Z0pPSFBkT3k4RmVoelg3K0JjTFZVTGdOaXVrOWljQ0F3RUEKQVFLQ0FnRUF6L2ZKZkdGRFM3TCtSTUhkWHZmNlB3ZXRHSHZyNE5mUHc5OEhIdFg4bi9VQzdnWkFXa3JnMFAyQgplNG1KWlVzMWR5S3VpM0hOVTFSUWUzWThIWkVTcGQ4ZVA3VHNJK3BmcTdDaGRHdmpSd2U2Qi8wQ09JRFIxN21CCldYQ2xmWGVmOTRVOElWYzdIaTI3bUpVcVdrMFBidTJqM0pUQnhjSit1WUtBenk1QXJYbGFEN0RZUXcrT1cwZjgKeE5ERy92T25NQ0FobGVxSWI2YnlQenk1bEZLS1I0ZFE2dWd1NzRwWWpTcG1uOEFOT1N6OGtLYWFqVXhjNFFGSwpKb01KVUFGRjI4Q21vVklyc0Rxa0VCVHBLcFZuRlRJeXBWYVlYTUZSNFhSQXlneFpRZFM5R1RKOVQvaUEveExuClVDbE5rejlvWVNFYjNtS3EzS3p0cmNvQW5RWVcyQ2lmREV4RkpYTHlidWhaMUs2RS9zZ0pKQm9FYUxGWWZ3NW8KRUNPNGhJb3l3ZFpWMmUwS2xqamRYVDVmVzZXRkh5WHRQcktpdEZFcjJsRk9mbC85emsrclR0QTFGckdNK2hWaQo1UXkwZEw1ZEU5Y1FGYWN4UkhZWnJiN2ltMGxkL2lNS21VODJmYXF0K0dEMXdKSlpNeW1FeDRtTmp6NXpEMkxtCjV1Q0FGVGF6dUx6anlwM01RL1JHZzRDTzdGdFhBS2VuYXhGNFplOGVFNHJXQk1WSkNwSC9xV3pXb0p4TWpEcm8KQlZZQlRsV0F0eG9hOUgzZUxlLys3bnA2cWp4NW5tS0pLTzFJVGxjTmJKbmw4aVJINjJlaEdPVTFIcnVrOWx6SgpoOVQxUFp2akdjbFRUVklNWmZjK1RMTTAxam91alBtRHl1ckovOFlISEU1U3BlejJHd0VDZ2dFQkFQMWtpeDVKCnU3TUhxRDFFOWw5MGJqK3JnK1V3UllyOFIybUIzKzlyVjBOSEwxaEUxdEtJNDdra0c5RFp5NlphbWwyTk9vbnoKcFFFd0dIeTRTUUVmSWxPc3RzMlJUQkdicnV4QlF2RDFxOVJiNUlmV2ZEN2lwWTFBZGc5WXgrYlNmNmlJMzlVcApmalVjUDNSeElUb1luckJhSWd5TW5YQmNOQzFlWlJ1blNSRytTcHNyaGVsTXM1TVNaWFlYd0FRUFNvSy91U2hiCmpOZU9qU2dha016NWRUdW1mMDM4MU9WalFCNEI1cGFiRnhSbEtwaERQSnR5NUFhYkhkckltS2tWZUc1SEF0QU4Kb0ZmZmNqUjJCRkQ2c1hhSEcrSXhkTTIxTmZHeHVBODFvNWZMNUgwdXhxdkkwRGYyNUJPR3Y1Y28wZE9HTTNnQQp2YnZpbzBpUkV2dnBnYWNDZ2dFQkFQQXFIcnR5WHYzQlM4NVhja0dDRi92eDlkQzluRzk5NnkveGNIM1pUOENxCnRZY0RIWjFoRmcycms0aUdmVk16eW9iSS9IblJhTVVjanNDbXFTb2dGZEhXODdnbC9pMTJ5eWUrM2JSN0xEQ0sKOWR4eGZWazZPT0hwcGV1TS90YlJoLzg2ejdQN2dPTE12bW12MCsxU3dIUitBc1pYUXNLSWZmQ08zOFRFajBWSQpTYndpdGdlaFI4Ym8rNDlnMjFmUk8xRVVvTjkrUnk5d3hkS3pMSnZ5b1pDNmU3ZDEzTVJ1LytKS3o4UDIrQkR1CnlWZmp2d3JBMGZZampLeHBkRWJCVEdrS3NuRURpVDhORzVUa1JnZEtBMVVPbTZaVU01UUIzdWMrYzh1YXdOMFoKMkIvRUVEZEtOZDdMQitEZU1UbklIZnFscmNqdk1UckM5RjJmd0cxYWQ0RUNnZ0VCQUpnNmF3bUxLbVJuMlQ3Vgp5MTJWU1JhZkorSHNtaHJoYk5XSjNNcXRKZ09aSkd4WER1ZjByVHB3NHZVWm95c1JpMk5na1NhSFpUM05jeWlhClhlRjZudGkrRGlSNWdjV2lUZmhKVExvT0hXaTZ2QlNQV3AwODlGQmp4WWw2d0wxL0FJcHprR1V6UkVzTDZXTS8KQThNdlAwYWJINUdDZUtNa0FZU3dEUFlNRGUzRzhITkFObmJ1U1lPMXJaYkF0ZTY2Y1AwVHlWemhneitNdUdpNwpiUHAzYzJLZXFDUm1IRkNpeThZN1JoaDhtK1Q0MGhvZmFxM0kzQXpMNjZlZ2szWWhHL1RFWElBNWIzYmJHblZCCjRWMzAvZUJEVXhFVXZTTklGbHhaZEVaTzV6VXVuTnBIMjdzZ0xWY3h6OXViUEViSGt5Y01uS2NmYXQwUlR4OHQKYU1aR2hra0NnZ0VBZWlIeFh3SGFyTkVQNis4c2U0UGREcE1ObnduTjlDVGs1WXl5MkUwYThhL2VnTHBrNVJQcQpVeWxkN1ovM084aXF4Y0NRSktNSjFMT2hKUGVjTDRBQm1LVG5iRTVsNUZqMUYxRkpEZTlWbVpvUlRmbW85U2RXCnBneGNCRjIvZXg4ek9laCtsOWpld25lOG5hSjg4OE9SZTZ4WlhPUWpYeXBxWVZ0SEVKbWxBbWF3bUt4T1JiTU8KL1dpZUJWd01MNnlIcmNQL3k2ZzhLelArWmhnWUozWk1FMzNDVEpuem16R1hqMHpjTzV2c3F5L0QxSjVOR1ByVgp5NFpvazRWTlRHNGduWXFERkZYb0JkaDBubE00Q1p6cDlPZG80RDBSdmNMMXlFTktQOUNESSsxd3F6Ylp5RVJGCkFQZmZHY3ZrM0syWUVVOFFBWThpU2UrNnRhSDRDYVJvQVFLQ0FRQWRUUnJxUS9pcCtnUGxVQWtpTjgwMjAxRHMKOURVZmVJNTAxRnhSMHdHU2ZuYVg0WGVvS25GNHNPdjJjSzQzRFlMSTNRSnYwZEdPSnZRRm5CY1NrdHMzSi90KwozT0VkMlYySzdXdlNLd2F1S1BZT2l5TElVOUwyRm9UTkFKK1lHdkdjM0NBRTM3NjI4NGpXRFhMYWtmVnZ4cmsvCnVjS2FhZmtlOVg1NGw1VXZDb29HbmZvQWhZTURWeGtRWUp2QUd2OXNxWnpnNk9XcExCR2lLTkZ6U2I3MjQvN3oKN1hnR0NLQWpDUXNJSE00YURJUElLbE9IRm5saTd5M2drQzdaTnRkcDVnZmlONEw1MDFzUUNNYXJnUFg5ZGptMQpiOWExckdUdUEvbUc1U3dSczRxaTAva3EzS3Q5NEllb2NSSlROWU5ZMkc4bC90azRWUkFEWEpjK2R0VHQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K stringData: + cookie_hash_key: "VlY3UEcxNFY2SFFLeUpucUdxSnRSNFJUbnpyOVNnaXZjOEZnMHF4NU4zaDFBaDhPT3FhMU9BaHREU05UWExhRw==" + cookie_block_key: "WXk3WDFQb2w2MFhTRjdCa3ZsTDNqVlNjTDBmOFN3aVY=" + claim_symmetric_key: "cEVhdGFUNzRMOVFlZnBScVlDOVJ6SVBoZXE4dEpPRDg=" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 @@ -636,28 +642,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - name: generate-secrets - image: "cr.flyte.org/flyteorg/flyteadmin:v1.13.0" - imagePullPolicy: "IfNotPresent" - command: ["/bin/sh", "-c"] - args: - [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", - ] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - mountPath: /etc/flyte/config - name: base-config-volume - - mountPath: /etc/scratch - name: scratch - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - command: - flyteadmin diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index 5fc562963e6..023662ae54f 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -68,7 +68,13 @@ metadata: name: flyte-admin-secrets namespace: flyte type: Opaque +data: + token_rsa_key.pem: | + LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBMDkyT3BDdks1aWxGN0FhWUlxMTJoT1VhQkVkWkl0amNWUTBzWE1kMDgvMEcwVFlhCmQwNHZwTjRSUlZGZXJncnlEVlJNVHE1bTZ3UzJhdEVkQWpEL2lzWUszTnFxRndod01SYVRMdGJTQTIwUmZsYTIKZlUvbTQyNjVqMkJQcnYvUVMyVExUKzVGQjNIQ0J2YzlDcHMxSGJIQzcrSjNUdGk1bG95WTl3bjFIcDJ5STkwcwpyaHp5ZXJWczN1Y1lyNVphVHpvZTIwU1dMdVdmN1ZXS0FnVksyY0dNZFgyckVCZFNncHJ3cm95QkZFdXc3a1pKCjFPeFpmeDNodHhJaVJ5TVZFRE1aWmwxTjhIM3RXdnBVUnp1dy9ZelFuNHF0U0JMdWtLWElma3VsZ3RjQUtGd0YKTkE4VmNoeFAxcjN1alo1OWtpKzhqYW1LNkp0T0tKQjB5b05ycVhNajNRckRXcHMwamhVYzJvRVVFS1RDZXI4dAo2cytWcmxEMFRSVGhSRTZvTW4zbXlYbjByRCtGcktaM2FGNFdmdUNzZXVhek8rb1MxdG50NEx2eUdZWjVsRzdJCjlNSmZQWGYrcmViS3JzTXhDUWlPU042VTJyUVBrTXE2SzgyeTE4a2NyVE5IVWlVcWU3SUpjemluNUhSTldLZDQKQ1dWbHJ4ZTBxTExEcDkrQUY1RlBDeTlOSVZjeEcxYzAzRUlKZFcwSWRQMzloT0FDdjltWjRuWW8zOG5sQW5HKwpoWnR6OHI5bDduRk1XM3VuRHZxWGlBUWtTek03OHJaRlA2U1NwTFpHejlTc2Nkc0Z1VkxBTExSSzlOYnZUZnEzCmtaVURpU0hNU2NvTHBGR2pWd2s2N3dhLzlZUHkxOTFRb1pSVzNWdStKbTVsbzZNWnhHRThUZ2VNVzVzQ0F3RUEKQVFLQ0FnQmxZUjlnYjVRbmpwaG0yTUR6MXcxZmlrRm95cnRjY1dqOVNkQndsUURodjdJRGFtQS90cW9WdWkySgpmZVpRWWV4eGRHVVBRV1QrRU1NNVdkY0h0V3FTZlRHMWZPem5HS0tXMnJhVE16aExhMlZ6andyRDYvZ1AzR3Z1CnI2ZHhsZmVXSENVdG1sWnR1WUdlMDYvaDQyTUhVb2gxUVdqVjBkNzhxMHFHNjd6ZmFaWlVrd0ZPVDR1NExCaHMKa1NpKzNMTmFOZldOOXNQbXJQcGFGeFJ5NHhWdUhhK1lpUW5TS1ZiU0tGSURORGlQL2Fnc1hIWDM3U0RtTXVaUApNOTR6TEJab0tndDljQ2hiYSthb0lpRXg5TjQ4ZGFWZXNuMDRmOWFvWUt3UHd5THYrUEdhWG00ZSt4aklBY1F5CmZiQXBGQzRDUmRWejlDMEVJVXpGSEZyR2pSeDJtaW8xS0dsYXB2clZRaGwzeE5HeG1MWVBsOTV5aTZyTjBRcVcKUStWeVZkS2VoWWdXYkl0QmVIZ2dURGhZV1gyc3VRY3Y1cFhYR2s3VHB0dzJkNWtySm1oZDFZZDZQMkd0T2hraApmYWt5RFF2U2cxcmtPR2VTa2c1UkJZL21zTFFzMzlVclBaL1NQTjRRRjNzY1FPOWd5UEwyL0prNGZpdUVOcWtzClpMd2pka1lCSEFaWXJoMmlSMkQxRWZIVHljYmRCTjhhZUU2d0lHVnI1ZnFKK04yUDBkZTM1ZFpZUG1mTXZiejIKSmcya0RGVThGaERGcnNzL3B4MG5wdGN0Y3EwUk1LblJMT2w2VW1oeERMM2NjUW9vZGx1ZHhkUzdIeVorbUNzQgpPMHZvTzlUeElONGhZT2ZvK25yVkhCSGhuMmFSM1hpbFlOZTM5NGo2UWtBYXJsN3dBUUtDQVFFQTcyN0U2bGNaCmhodTF6eDJ6Qmk0d3RhT0FqaTRVN1hINVdPNUl3Q1VuRS8xbFg1MXhjSzgyTjcwSWJmOFpGV3ZDY2s2RVoyU0EKbzZEdFRjYWUvSnM2NngwYXEvVmhQYmZuQS91OTBpTEd0Z2FKeEg1U2tZdnV0cXpxK09WY25aTXQ1SmliRXV4egpDRElrS2tlSTBjeHpSYktSVHY5U2NtVGF4VnV6VG1GSE8xMldjWTFzeTlzZllqMjhvM3A5QXNMSGgxWnpUQkVuCk54YmFyLzdOUC93UEYwWWUxVVFzdEhvam9kdE0yMjdHRVh6b2tVd3ZEcEhEaDdGQkdzS3JsOWI0a0F5M2Z5LzQKRnRHWmlFU0JieFlmNHZqcGRkcWR2RjNNV0E0UFJJdEdBOFhqeEdZOVdUUzJSb21TNUQ1U3RTbjQ0Y2JEQjlqdQorTXZTQStYZnpJSGd5d0tDQVFFQTRvWjRvTEk4eFB5cHpPMzJwU09hR2lrWTV2Vk5MaTFzNTZEZEIzS0hVeTZOCnRHL0c0MkZNTkQ2RFJWUjhFYUZJQURxZjYyaFp0T1Qva3hPdjBvclVydzRTMnhPMWE5N2dKeWpaODZlRVYrVEEKK0hXRVArQ2FpaTJZRXQ1ZjVzTHkzMFpVMkxCc2RtL2dmMDZOOWVuTG9Od1YyTnlYYVU0aDR6ZkNGQjVrYU1KeApzZnN1Si9jWktqYkxlbmFyQ2NUTGxMOVZua0czcUw3ZE81UG1TMFhTWm9yMDN6d3hCdGhJQkdLQVlxSjI1by8xCmVGY2pKb3RiNVV4bTNWa2pwSXllMkd3OE1vYWF0dHZOVlJKU0VqYTJwWS9VRE05Y2IxeGFEbDNrQVRidmUxZFcKR0V4UkNGL05sblVva3VBci9PTlk4eGEyUXd2N0VrT2RIUjlXVjA0bWNRS0NBUUFHNlllOXpDM3NkVGhXZG1FSQp1S1NuV2NVSVZjUTg1cUZ3TTlEZDJ6UzVtd01tTTRGbTQyZ0pTK2ZHWlNyd04yQXh0SnFWOFl6VkxId3RWcUtZCllGTGZIc1A2V3VjbnhQdGlYZzRvMXVBdHVScVpGWnlFbnltUkZJVGtFcHNONFlYZHA1b3lmYWtFZjQ0VHVtVDAKeVpZNldPRmhDblh5MzM2QlhCaGRGdW5iaU9RaSt4WTgvR0ozajVpMmozNjBhYk1nOFJuN0JEUEJuMk5JMlc1TApmcGRnOEtGTFB1Q2JoVHNxSFE2bTl4ZTR3WVpsUzNIQVZlenpLZWJiUXV0NVFyZUNVUnVyREZONU5TdmRoenpGClhEb25iMUF1R3RXYTdvcExzSHc0V2x6M0Z1dHdiQk14VkJnL0NSRzRqU1FPSHR3VWlJeHcyWTVzbUZYRHp3c2EKK0ZUcEFvSUJBUUNGRkljdHNVanVXWm5RSVVVenczUzNSY214ZGc5L3Y0UXBtR0lDREJEZ2w0cjhwR1p1RXkxWAp6Qm9HMHhtSXFmM0kxS2c2L3JVbEJ4djI1aXYzUDBTd0MwNmNram1WUS96Z1JLbTI4WVZZdGJXQXdsbU54WUJGCkNZQThKWlNsMTRZa0VnZXF2Z3Nha2FPTVp6UVRjdVVFZmdmL3ZhamVYdDZkeEpZcWg2aHB1MEpjVTdyTUUra2UKMmM0MUJoNTV3TG54aTI3YmFMUmpXSzVVWUJGOXkybE9nUGhYWmQ5UHJDU3pIc05hTHlRM1UvL2NVU1QvY2dQcwo5RFBDZXFucjlBa21FSUJWRnFzeUhuUEZOTnd1Z3lKT3BlN29EN0s0WWNNdWlZNTRBRFExZkJ2Q2JxTjBqZ1FVCkRvUmx0WGxpT3BaNVNiQ09OeTJyanpsd2NJYWpCL0NoQW9JQkFDZHgzMVFBcTZadGtRdnFUMCtoYUF0cW94M0EKVXR0YTFWOVpvOTJudDdZcGZPbnI4OGRYUVVjOXBYYVQ0aUh1MnltL3ZneVY4M1JZZVZvM3QzejlPeGxmL0NhbApJbkFMaVhPNlNYdkJ6RDZHTkdUTHdvQVpJcnJCcCtoYVdNY0dNSWZLVWVVeThLMzcxdk1zbjYrRFUyV0RmQS92Cm41U3NYZDJ0dTYydnNXUTlKaVE1TEZrdzN2NVpzajhOZk5VN0p1bDhCV3BRNUsxaUF0d214M1NEdys3Y2FiYk4KTjNjMnYrcEszb0pDNzM2dWpKSnM2N3BwM1VBK3BySjJCbTlWR1JCVEZUWGJmZTBXdFV1Z3hGVGRGVnMzcGxQQgpRelV3Q1U2cVNmOVVQSFBNWE5mUW1UNmI1WDVsb3B6dVJIUERnOFdGKzVwWjVxSEhkRGoxOFpTTFNzUT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K stringData: + cookie_hash_key: "SmVNNUxQb0NmbG40VDFnTlF2TmtuRTBMNHJHNG9qRG5UNmQ5aGRqdGRoZ05GWE5uZUViS2trVm5IT2k3OGRRNA==" + cookie_block_key: "bnB5NlBudHFleHB1WUx2SWRDd1RYR09IY1BpaUxVZUo=" + claim_symmetric_key: "WUlJN0NyRmhaaFpGQVVUZXc3bnRSTTJoS1hnTVMzMUU=" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 @@ -962,28 +968,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - name: generate-secrets - image: "cr.flyte.org/flyteorg/flyteadmin:v1.13.0" - imagePullPolicy: "IfNotPresent" - command: ["/bin/sh", "-c"] - args: - [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", - ] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - mountPath: /etc/flyte/config - name: base-config-volume - - mountPath: /etc/scratch - name: scratch - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - command: - flyteadmin diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index e83e4ebe24c..65b20fe81ea 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -46,7 +46,13 @@ metadata: name: flyte-admin-secrets namespace: flyte type: Opaque +data: + token_rsa_key.pem: | + LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBM3htUUJDSiszRjc4Sk1Ic1grOW5TSlJxaFA0YVJiQncxZnNzNitqQVBldHFCMnF5CjVsb3RqemF3NzkwT2NvQUFadCszZUxPcFZuRUFSV3VSVGpLdUxPUjVqYmlaOFVxbFQ0alNpaS9uenA4TDVlejAKN1loUjk4RXJFTlp2TG9BYXQzNkdlbnp4L3ZrbzhJMkFqaFJxdXNBVHhPK1lLVGRDZzhhWUo5VEQvWWZaUlRxMQorWUxPSk1KZjU3YW1qQk42MENvelRleDhCR1haV205MHBhMXRCdEZWYVFMTExnaUVhWDlpeWRZcEJaQVI0NGRtClBuakxJTU00REUrNmRNVEl6TVpGRE9CU3d0ekYwcUR6YTduMTJyeGdaNDVaeEdUTnNwQ1Q3Rjl4Yi9vY2ZDbCsKb0VPdm1pNHkzL3F4Sjh1M2I3Qjdidk5HWWFUelhDaVpYbS9vWmZtQVZCNkpBczk2N0ZWRzJQUEViTnk2S3ArOQpMSFU3N0hYKzQ3bEJwa2FQR2s4UlJBU2w2enBrd2JWa3dnaEkzVHRyNkl5eDRzN3d6SHFDeTBQSi81eGdqZzBKCmduVm54YUhlTzVVWmZ1aHlUVGZQK0s5dkZuL3czeXlsYVFpMjhueEROQkxYczBjekVwTXQvY1pHTnRDdk1uN1AKN1NHdTNNeldzY1NZUXRDelF5KzJETXN6cEJvcy9MaWpOWElmSUQ4YlprU2dHa3k4YmdYNy9IbEZBOTYrK0ppawp1bTNYL0M0ekhWNnFWd3Btang1aVBJRkpDYUlMVEFYYTNRdHBxcFFtNGNmU2tPYVdNNS81bm4zS2Y4bm5QcVZXCkxpSE1SUElJWTcyRm1NWDhBbmdwVUowY0NiVHQ5R1ZPakFpa0Ivc0tBdnZUT3l2VWFpNWZ3Z05kUitFQ0F3RUEKQVFLQ0FnRUFtd2JFVUZzNEZDSGN6QjRGQnRUd3pEcDFtbHlJSFF6eUczOGlRL3ZFT2tLdnR0K3AyTytvNE85OApHL0ZiN0t5Tm11NnlLeW1NN2dndnpBMW5OeE40ZkxGMjFjZ0ZFT3B4M01hU3BudUxkTVNJSEFtQVdONTFOdGYvCitQOUkydU1ocllnNklqdFlYWGo5dmNwV0htU0psYU9MR1RuMFhnK01KTTJIUllaUGVvay9yUitTL0FLdEJGWWQKRm9LUlVKem9wbVhzcUtVL3VENmR2bjNjYkpRS1FzYUx0eUM5MXdzTUY5THc3cGZtZ1hzUE16QVBHRElQMUlCVApIaHI0MGRNOFJTOHhKRFZzelFOa1kyeDhPY3RLeitnK2hUY2hvWnI2Wks2YVc1SW0zVXpMSm13ZkZYWnpPNHdHCnhpVUpuVUd1QWVwOG15aHBLOGpYWXA3RGxCL25PRWhSUWxGNDNaY3pmN1lRRHJtVTdpMUNhZFNCcm5KNlQ4NG8KcS9QYUh2L0dXM29KN3E4RW1YelF5amVSeFBKVCs1enExaW91T2tNK1IrS29PN09VWnV6M1BkbTZ1T0ZYS0dsYQpHSlN3U01WcGl5azNsVGhrdDZqcHNOS3Z0enpVbldSdjRQWUhuTzltQmdUNjJ1b2ZRMHpQcWpld2NXQi9SQzIzCkdRUmdvcjM0Mk9QZEVXMXFtZmNJalgvQklZemxXb1RkcWZwSEZOeERsVkFnRk01QmVLbGhTRHdMM2xzZmx5SngKUU5BQUxvaDRFK2tPaEVRTGZsa1lGVUdPdGp3TTFYS2R5K2NON0hZMURuY21wTjFNSDJCNDNMaG9BUFR2NGZpQQpHcVN0NUNYUlJrUWJCR0t6eGlTNkZmL3NpR2M1andGOVg2OVY0RjFmcENweDRPb241QUVDZ2dFQkFQNS9YRG9lCmlUOVAzNm9qYVJWQ2FUaHM5N3NEUURWSkMzK2R5NVF3cjl2WG9LWDc0KzM3a3lkYkwyTFNLZndNczNLZnpCOUQKcEZGWTdsQWNWK2xGWlRMVkZVUkFiM2VuTlZ3T2VmcVZrNW4vKzRyY05COTIzTVBUS2VhcGkrQ0Iyb3pZMjZWRApnVEx2V3YxdDlldm0wYTVYd0NxeWowTHJJMy9PM3RZTWU3WmRTZnpPU3MxUW1MMjNCMnVrbXR6YWNnWnVkZCthCkJqOFE5cDIzWkhzNkFZNzQrNE81ODZ6YWpCUzFodk1BZlFNdTZ6cjVHNkVPbXpvSlhvWGhVK1AvZUF4L1BpTUYKM2JncTRMQmFlV0hxN0Z3c1NUSms1N0JFL0ZUWTlFdnhUdW1Vem54TVBZRGw5MlUvNTE5VjlSZnBpQlBGb3c0QgpBRTV0byt1dytLOUNjN0VDZ2dFQkFPQnF2N1VpRGJpaTU0N3JqamMzUzZhNkNPc3VzblhwQkdXMEU4ZVUyUW96ClNTM1UwSlJNRkw2QU1IQ3VYR1NDUFlXUzNoZGdKSit0dE5UaTVWVzBtSnNSbFZYeWx6VDZHRDJ6M1BQN0xOMkMKbmpPVTBjTDZsaE1WVDZpRFphUnhIaTRxZW1TcjJ6NnRyelFSTkdvTFVCd05LTUpIb2tRM2JueEJNVEhuYVhycQpFaUdybENiZzBsK0c5RlVIbHo1cGZqT3V4RktyWURHWmVBK2ZFakJydENoZUVxN2FrcnBCZlU5TDl6eXZhZlNtCjViNGRuU21mZmJ6OWF0aytScHBwZmUxNWRqMkRMS0JCaE91dU1CVU4rNDZEWGd1amxFNW1xYnBLNnU1TitKT2gKbnRuS1hSK2d6bmdRSGtmejBoL0h0V3k5ZjZ6QzM3WkE5NkNkMjdpL0V6RUNnZ0VCQU5vZ2VRRExhV0VkYVp1ZQp6Qk5QbjNXZ1Y5Z3ZHaHBScUF4U1I4bVV6VFhGSThrQUUwVEhha0hDTXVRbE01ejNtZHAxd2ZOTis0bEppc0NZCituUlNhVUZmUnVIL3hFb3V3MXBLZ2h2WGxmSFphRlNGRmh1ZHVld1JrZ2xFYWtJYnFpRXNRVjN0ZE5BZVBNT1kKT3I1ZFVIeDRjNWxrLzhzZ1ZJWFgza0JoNUtyU1hIYlVyV0k2WVIvQnZ4ZHd0dGJ5VitiUlNEQkZDSE9IYTRpVQpSZ2drR0cvZFVWMSt4Szd6aGpxOXQ1T1JhSlNRNDBiaGVkL1o4QXVYT2kvUGlDS1R0T1lwTFMzQmVsNitTV1I5CnR5bkl1NXJvempmbUtucDNOanJXMU5RK1dCOTF6bURVeTZZdDlKUVFhSlBhemI0WUIrekNhVlc0WC9YWW5UV0cKc2k4czZwRUNnZ0VCQUlWdU11bkpnNHNDSU5lVEtvMmQ3UGNHcVlMYjB2UFVSZThLY0xBN3lnZ01ramdUenFnOQp6Qit3TEJ6ekxxLzcyQVJ4WEdkZG5LanNLUlppaWFTNXFmcVpLOGRjWTViMkZDK3JuM1haSThYWWdhTjltbkpwCmQ0MkZJRVc3U2xYSmcvNUM5MTZmNTgyT2l4dFVGMnZ0cWdYanRSWStiVFpPRnZ6OTdmZ1Q5VjFGaXQ1R0crSTUKemh0S0xEL2FNWXpFUUdzT1FHQSswUVRza0x3SkFsR1QyQndnUXM5LzJibXdjb2NSVGNEaE13aHBxek9zZStOaApsdXNsYWNBZERQR0dRMzlNdG9iQVZXbzdTb0t1b0p3RUlrdUx4QUQ3azVSQjZpeC9tc3R4eEpoU2doWlFBYXBxCmZCaGF6UVpPNitKRlpaTnY0RmVoemsyWXR5TGllTitSakNFQ2dnRUFkZ0hFYmdVZURCYnEvL0VYaUlJUXU5K20KUTVPYmRxTmM3Tm5DbDRFT3F0SkRYaDdvU1NIdG11RnV1bUhrRjZUSkg2TVdCTFZ2OVF3bE9DVDRkcmRKeHNCSwpyZWZwVFdDdDJwa1ZoNm1QZFdRTWZ1RG5aZ2w4RVZLb3RXaUJvd0hHNFBDTmVtTlVIdXZ6Kzd2Z0dxTzJNV2dZClBKZ292M3JtSGRGNmViUUlCb25PbzcyQm5GNWp6dnFBSnRuelhxTXl4ZkhsZkNPbmJBbG90Qlp6UzVhb0gyRDEKYXlUdVF1aTQ3SkZRWTVRend4U3RFbjA2cUwvOVU3ckplVDl2ejQ3VmRwUXJpQjE3ZTRZdEpLOEduOFl2VzljVQo5Rk5aNUFISW5BdElYNkorT1FwTHJYRkpKbnVkaFN6ajJxMmhnQzRndFlkTm9qTlBRRzhvd3lBQUxTQ1ZFdz09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== stringData: + cookie_hash_key: "YUZoeEtEcGJsZUs3SkVzaWxIM1U4dEZ0bUIyV1I2cVpQbThBcHJaQVloSlJySGQ4bkpGVk54RGhPQ0Jzc085eA==" + cookie_block_key: "SXFrNnhZRzBodklheWxHM1lDd3VhbkdqcjRmdjFkSUo=" + claim_symmetric_key: "U3ZWSjRhTVk5RFhXb0VnRGFJQXNqbzZKWDY3aWp5b2I=" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 @@ -651,28 +657,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - name: generate-secrets - image: "cr.flyte.org/flyteorg/flyteadmin:v1.13.0" - imagePullPolicy: "IfNotPresent" - command: ["/bin/sh", "-c"] - args: - [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", - ] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - mountPath: /etc/flyte/config - name: base-config-volume - - mountPath: /etc/scratch - name: scratch - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - command: - flyteadmin diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index 4e3fe06e38e..701f3ebaf24 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -68,7 +68,13 @@ metadata: name: flyte-admin-secrets namespace: flyte type: Opaque +data: + token_rsa_key.pem: | + LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdkl3T0NtdUdyOVFVODdKbE9YSnBUQ2JNRFBYTHVGV2RDUnRnRmV4a01TVDBnamE2CkMzYldJU2oxamVFTUh2NDdCVlFxR0NrS1dFaHlqbTFDSVNYeHEvVUNhUHlyOXFPR242cVVrSG0zMUVMZ2ZGWFEKV0djb29ZWS9iSFA3bEZYUDkwYU9GVFkrMnMzc0Z6c2NKblc3UnhjZEpVNVFjODFpejVjYnplT0tYRkR3M2ZJcQoyL3RSdVo3NkVHejhscmZMZklZL2VnTlo3Y0FybG1oeHhYRlBlMFB1Y2t4MEdSUXJmOFY4RjRkMEI0SXBqcDQ4CmgybWwydndjMjlFS05qcFJNSkdSSjJNT1hmWHF6YVo3RWpTTWFORDdlaGkvUlc5VXp0b1NSNW9HYVBrNjF0ZjcKWGlyRWVnQnJhN0VFeThwbE9qaVRRTy9XK3hNbDFpS1FsM3p4RTh3M2ZmdTAxMHhtd3R6aWNKblNDZ1VlMHNZRgphZmd2aHoxZ0xUb0Z4TzJidTRpSkd5RmpBZTRGcEdFcG5IUnkxTVNIYS8rTUFqclIxekFXZWJhcWVTZ2J6eFVzClh5anJMdW9SMXBMYUxoaUEyTEdlVnJwYkxiWVBtTEZjOEUrV3BSRUVlUU4ycTcybWFTQW42T21zMm9JUDJIUmQKNGtqcGFzS0tFUnpaaW9iNngycUVpSy9OaHppcE9JdnpEUXpGeEVQZEZrTEFDODVGNjgya2d4VFFJaVN2MDduWQowWUI5c3N4ckZkYmJhSFdwQnJzOGN3Sm9PQXJXaENURFVFNEh3Rll3UWczdGFXNlhLNDE5U2pwY1JnMDYvMWg0CkcrRkxwb3Rwd3FvSExaY0x6VFpLT0JJN1draS9nWHB0L29VcVoxZDI0Z1A1V0U1bjBYd3pXTDVSdi9VQ0F3RUEKQVFLQ0FnQTIrMFJ3NTNBc1A5VW9SMkpiUVREUmd4TEh5TGx5ZEl6SmhoRWI4NFk0Q29XK253VGJxUGpDVExabQpmRFRUcU9FL0tZN280cmJnamFmU1Bxd2xESEtQNlcrZGUra05rQndHM1hCYlBSTk5NMzlRNHBsUjNpc3NCd0RoCnVHU3BtZWgrUERYY202ZnltRS83YWtKSU9OYTI0VmVmZEZuam13WHdjU2tyZmVud0I2NWxtbVBES0dOcGxLRnAKUHM3ZGlKVXZKOXJFMHN0Ym1FbGRuL0ZsV1NpTFVvRHJGYjVaUGRkOWQvSTZ6a1lZbG0xVjZIRFFNQStzYnc1ZgpUM01CNHptZnh5TWo4Qy9WV0l2ekVsUWJOL1dsN3lNV05MYzZJVUFDM2Zhc3FJNnI5OW1mb3ZYclBOOTBrRURDCjg2anBZSWpxVkdza2FZd3dSU0lvY29YbGx3cVpjZ1FWODFvYTNvSzltcjVSS3dUeEFxM05MbDZldHJGUUZUUm0KaWZRT3FIUXNpcHRvNnlEQU9xbUdxMVNSbytmZFdZRXBpWDNBSi80QWVzL294YjZzNjNtOTZWaXYrMXNqaThwaQpLTkFyYTl2M1JVVkVoNzVaNEw1WCtyOHVSMjZZV2VHS3JsNDRrZDgxbkVVRGhXZ0hCbUUwdzhmYlJtZUlMdDJLCmEyQ2U3LzNUMU1zQmdLZ01TcHRPQ2ZDQ0xSd2gyUmpNNG00Y1VmejBMTFExM3A5eVFoYnM4cTVPdjA2QzZNMUcKczVUbW12eU90dlRuQXBxcWg4d2FPYU1LT0FaZFF5OFpWeXZBdXhjUFFLek1vb29BQWdNbWVkWkFaVnNJcHRjOAp6THBYNC9nVzdNQ3U2MGJvVjVEa0xWeDl2S3NwT2I3YWpLTlZqZjVTTVh4SUxyMUlOUUtDQVFFQTZEdm1uT1RuCkE4ZVpLTVpTcWxGUUpydnlJRnEvdDl4MnVXVFMwWGdNMTJmUmVhRjl6a1dJTG1MZUJEcnFCWHduVlBORi9YOHUKTURVN0dzUU9lRW9mYkR4V0JmUXllVG1yQmJSOTE5UkV6bkR6TmRKL2F5NWRBTUdCRWsvbnVzWWxKMVByM0RocwpRWWRpdlZuZXZTTWZXRWxzbFR0dWVMaUNuRnF6Mzg0djBPdmNvMmVMQ3l0MHh6WTJ1WVE5b0VkenpoRWNJWGpyCm5wbWpLeTVLYzlCTTNUWjdldWFjOFhCNXAwTEhaN0NwQXl6dEdtQU5CWWlWRW5IbEZLWGZPcUlEQVlINHlNNnkKZHN3cTBJMHRTdG5rSlZjaVQwWm9jeFRuNDFZOVJKTWFHY2Q4WGlXNlFaem93Z1pHN29rYUF4TFVVaWM1Qm5RMgpHZEpYNmFIOCtQcmZyd0tDQVFFQXo5ZWpid3Y1Vkt0Z3hBTGhrajRPZmlFVXdNZ2JhV0dQdGlzRWZFT0FEMm5mCkFvcWFZa1VSVTJDVlo1ZUwrQVRSMDRkTlBBV0x2L0dMTlNHQkgzNXc3c2UwUjRvSGxKUlhYZGxFczZhMDgvYnAKaHB6UDkrczVFaHNJV1d0WnNpQVZ0U0NmbGl3SDhqZmQ4NytXd051MGtUSzFRKzFGbFFhcHhsUy9QWkQwdzRZWgpQUHRXWjkwelBXTDZRQlNhbU93Q2tBc0xBVkVBWWxnZU9ySVhVUlAzMFo1YkU5enRlWFJyTDY4TFV6ZFBiRG9YCmFVWnBCWkpRLzFtbWNvT21sdkl6UGs0NzVkTGJsR3BGR1RSM09zaDVMOWtqK20rZjlYWXk0KzJ5ZkZ1UlR2SWMKQnp1VGdLMWwyajJzTjNlWkZ2dk9sMm45MkFCREJSSnN5RkU1d25QL213S0NBUUVBbEJzL28rZkgvUDBhaklxTwp4ZGc5eWJZcllMNy9iZjdJS014SU54YmMrYk5ZUUwzaFFkL09UZWIzdUxMcDlMMk5SL3d1TXRFZFg5bFM3R3NFCjMycEdSL3ppejhGQlAxYXIzMk9RcmtqTjZPclg4UWRpQTdUNTB6V1ZYMXhlYVJ0ZExvdXk3Q3QvdnZyYzJlMnEKdyt6V1hMUFc4QVdMR3FweGdjM0cwWURwdGMvMlVyQUNXUWxKM0pLU3JCWE9SNTNLR1MySVIwQ2E0L2NQdk1ZMAo3VTkyOWMxOVNwQXduem9nRzYvWEJDWUNZK2dPL3JjckZ0QllZZjhKSGZYN082Vi9UVUxhcXhaSGNzUWF1ZzZQClNDRldBd3BpOHpQd0FSVGdIbmd0Y3NKdDd1cnVRZ3pGa0hyRlpwZ2lQSlpyWkhKcHZrc05ielJHSEltdFQyN2oKcXRZME9RS0NBUUFzSnVEZkhDb1JKSDdmNU1US2JraGgzdUVydXRhbjRrUEhMUWc4NVpIMHRFYmRvVmYrZkRHYwpCcTUyWFNrc3ZNbGVLQ1h1RkRlRnhPZ1BsMWg0dWtGL1dBa2lFVjVlMzh4WGNXbzR4N2MxQkVURGhkaGdFQ1lGCmhKeVhja2lSb0dNOElQd0Z5TUMvWWNMU251YUZmYWEwR1pPTUpJRmRrUmJMdlFFTE1SbnQxelRSVVlzZmNVd0wKUkZWbyszZUQrTTdxam8zOTc1a25TeFRRM3pnNHp3Y2NEb25HaEc0bUdPY1VNQmsxeWxBaTY0eEJudVY4ZTRLZApYQXdSMDRtMkV5bHptT2I4Z1hpSDVMTmRFVm9xc0orZDNJRGFHSkJnY29XSkNkdWFzMUVBOWttaDk3UHo1K0gxCkpKakxCNnNMeU40d0tDSDJtc2VoOGpJTnM4T1RYVlQxQW9JQkFCWUZmVVRJUmQySnE4V01vSUs4ZENhWCtBRDUKamxxSnhVUXhPV2hoUHY5U2VHUE9uNkVhaEdDMC93OFoyMGk2RC9IRnhJcWdKcEVnUnVDaVZXK05pSTAzVXV4UApuYWZtZnRlZHF6Wm5TOHllaHlXVkZsNDlVYXVzS2JjdDliNXVkazVCVGM5Uk1oK3cvYzZSSG5EOGZaNTQ3SW4wCmVRY3ovcldmbGFCb1g0Z1JPalZLb0FVd0dnS0syV3h3L1hGM2NrQS9ZaEhNanA4STYyQ2ZxU3Zha3doUUtQZysKYTRzQ1ErY0NzazgwSDVOVGZWWFlPUU5ZZkFiRVFHd1hLSW8yTG4zakpFWG9GOVZ0K0x5WGJLeXo2eFpJUGVwSApPc1ZFUUFscUlFRExvV0Q2NUptVm5tZjBNZklyK29UZk1pRDlYSStFQnVpS1NidlN4NU92emhzVkdCdz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K stringData: + cookie_hash_key: "Q0FnZkdlcHhGYUlTbkxYTGtSazk5ZDRjb1ByeGQ4YmdiWHhQM2lTZEc0M0ZRbGVFRUJCNmk1WUFUdEU3SXpZUQ==" + cookie_block_key: "RHhtQkhTcmRUZGh6bjZMcWZuZTlNaGdWcTZiWGR4TkY=" + claim_symmetric_key: "d0VFNU1wZ2Uyc1FvcTNDbXd4ZHJsSmtYVmE2SGd6M0s=" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 @@ -985,28 +991,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - name: generate-secrets - image: "cr.flyte.org/flyteorg/flyteadmin:v1.13.0" - imagePullPolicy: "IfNotPresent" - command: ["/bin/sh", "-c"] - args: - [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", - ] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - mountPath: /etc/flyte/config - name: base-config-volume - - mountPath: /etc/scratch - name: scratch - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - command: - flyteadmin diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index f53025f8506..3efa2119ffc 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -116,7 +116,13 @@ metadata: name: flyte-admin-secrets namespace: flyte type: Opaque +data: + token_rsa_key.pem: | + LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBcGhsZWUwanZDTU14bmlqSlViNTVqaU1wZCt2aTU5UEQrL2h0d2hQL2x2M0M4SktECmlHbjc2RDdEZnVuV1NocjdMZzFOUUxTN2dIYWw0QW5EYW9CbStYcnlQeFlndG1jTHd5MURhMTBGVXk1VjBLZHYKUU9tUWNmUGFEcWdZelliSEZlWWNBbzQxUE53bnJWZWlPUjJVZnhVdHJBQjAwcFFFUmN6M2VPcStmZmlUU0loYwpqbW5LV3ZkclBYSWVscWltUm5NOFNmYmY0UVE1MnlFOStxU1REQ1pjMXlCWFRLUEJLNVdoeExrTGNYdW5WQ2JXCm5BeDhRUXVuTjluNWRMOHF2cG1lQSsxcXRrR0h5cUVqYWNVZlVkSXRoVXAxdjZOQlJjamFhM3d3elVRRXZ2eGQKZytDdHhGRkVPY25vWnpYTTdZWVgrdklKZituZVUwMTJBdEZVeGNhTjlnVkJJUlZuSU91WVJLdGVmcHhiY0hITgppTDBRRTRyeXRueTlqN1B4S212OStndytiS3g3TXVhY2RvQUM3WFJJaSs3WDJIc3dpRkd3VDFJYVZwRi83LzFaCjhTRTgyeER3NUF6eGlNanVFUDArRUt2cGh6aEhDTkRYMFEzcjFvOWxXenNQYk9TM2ZLeWJKRFZqNWhpcXJvMjYKYmM1TWZLRXNHc1gyY1dCM0xKbjcxVXFXTE1KYzdkZDFERTBESjJPamtFWnRSZVJKWVBkUGFXSFh6SnpkTExFRgpJRzd4S3NrZ1pnYnJUb1Vjd1hHVXlVdUlwV0NwT3pJanZzNlFROHkzUk5RS3p3YzVWNmljM01XNXZZR2JzclQrCkJxVEg2WTBoNW5SOHE1b0o0cm1QY0ZQVVJoTkVWczFweDNkZGplYlRGTTBkamhWZ2xkdlB6alNvWXZrQ0F3RUEKQVFLQ0FnQXNQYldjd09CcVJST0NQUHJpZXdtRmduZ1pLUXRYRkdDdlRJeHZsVVFPdzZpWXkyMmRlQjFRenViagpkd1ZNMThMdmtUdHljTEZBbGxtNFF1RjZESmxnK2c1c0gwaTNUTnNsTVhrenI2TXJkTHdHeDVJcWlBdWhUb0pXClJRL1dMbi80cFVId3JGQWgxY0g3dWN2THlzVXkxRUZGL3hrZXZhNGxxV0tCSW9WNnFDc1N0cjl3YjEwbXZhQWkKemJLNERsTzdrQllPM1dMa1hHdk1vaDRRRktYV0pxR3o2emxWZ0lpRFEyZkRMa2FPQTVHZUtIb2hObklpSVNoNQpCK1laNHBGUUV6cXpjUmxyVWlrSkg4SisrYkpONk4yWEV5NHB6U0lscEVvSk54c0lrWVZ5R1dZUEtsa2VZVWI2CjNYeTVnT3NFbVNMcUJHM2pWRGVUbUo1R1FkdUNKRDBBNXlJZ3h2S2lVbnE4NVQwOEtUbGl5WndBVVVzK21wY2oKUU8wVzNRYzZ4dlExbzNsbWExcHpzZEI5aHg0TnZvNzdWYjE3YWRSMFhjQmtCOTFHNmUvVkhnYUhMelVTRVdmcApoVEVvcW0wSWZiOHE2QWdUZ3JlUk1nNGVxUGVMU0RONGZCZ3Z5MmRrdFV1bVRZc3ZmeTgyUVlNQjhwRi95OWkrCk00NGpoRnJJRTNuNjBHTjNNN3IyVFpoRk5aeno2VWJZTFdGRjFXUUFZR3BPWG1jVXA1YzRhb2tWTDIxTng3T3AKSmNpbGdhVDRHUnZYVXNac1Z3Mnd0L3RjcDExYm5ZMFArKzNlVExpV0EzTGNnRXpJSXBMOWlxWmdyaCtrcU15cgoxbWRqUHdWbkxIakJuMnkyYjJSWnVIazU2bzZ0SVRJV0JrZkZSd2doenIrNE91Sy9BUUtDQVFFQTIrdGF6anJ5CjNmT1NXODFKUjJUY0FHVURCbWpJV0VPRnZ2cEdCRnFFMlN3MXY2VGFjd0NJRE5RMnBORWRwMTNuNjc2SVVOenMKRTlrZ0J3TTJKVjFvMEdQNFhzR28rNVRSNTJzU1pGbEhVOFkrZS9xbnVOdnptTlZzTktBQ3l3WGVWdGlSUFBiZApLM0JyT0R3cEJGeis0aUxoVENZSzRRekVEUUoxNXZKcDB5SERqUSs0ZFMyRnp1R0NGZHVjRlhHKzBWZnFTNHpsCnU3OVhuSW51bkVNWVh5RVVKRTgvVXl0Vmd3TzdDK0xVMkpWMkZTRld1M2MxRTFZZllXbUVnRGFHeVJGM1lCSHYKaDBqamJndWRtSjlSSmlhZUFXdlpZaWowa0NnV2RDMFhXZ1kyRFcxVWdqd2JCSm5uZC9hSGlWamMxc0JyRjViRQphc01mRmQyUEIxd3h2UUtDQVFFQXdWbU9QNmxoQUg1ekNISFRSQ1l5bG53QUI2K3hhbjdqSDJ1dXhLUmxDNXFhCjFIelcrdDU3TW9kU2JXQ1huc0JuYms2QTJYT0Q0T1A4eW4wMFJkTjVCMmVKbWZjOHpNZXh4MHM3U3RCZUpqc0YKUStoNWdQaUdGdk9NZzFyK0JvREdQcXRJZVVhY3o3TEZBaGUyaWl2SlFzQkZucGxEWnZydlNsdTJEZit6dnhxUQo5MDM4VE42UmZpQjNJT01Uai8rTmplb0RpcytySmRCWW1id2NqUE4wNStvV0xXdjROcmgveWZab2I5eHVRb3lNCll2YWI0WVlTUHQwenFvbVdlMzJZZStUMWNpQmczcUsrNTV0V1hDR1MyVXk0U1B2V0krQ2VDNEVpeVZzcmdPSi8KbDdoUGprWnMwTXVmQTRQZjUxSjdWSm55eTltdTd5dUh6VEtzSWQrajdRS0NBUUJTcnVvMUgzU3dmaU5JNEtYcwpjYjlGWnJUOGMramZSb1BDaWRaSlRMOGw1N2xObEcyTlQyWFhiUEllaFlEZ3JDM0dOSnlMeW9QMzhtcFlPSnppCjczdTQzZDFEd3d3RmlxNWdrNkVXbVhwM3hORTVTOFJEZkc3WngyUW5aUUduMDAwRTJlZkJSQTlqaGFES1E5UW8KRDg3RXR0aCtDTStPVFg1b1pjUnVVRFg1YTNoYVVNN0pQNVJQYy9tMHZoeXc4MU1LNGtMMHBNUzdFZldlcFQxUgpBdWptMjBqM1hkUXhNTm0xcUhGcXhwMi8wSEhVLy9QY0I3V3N6M1I4NjI4bHhWcG52bWxqZFZyWlFrNC8wWjR2CkE3Yys0TVlIUXNVNFlxMlFoWUhyckFoYmtIcENFaGp6M2lWS1ZaTHhSMzh0NUhzalFyVUE2VzV2dFd5Nmk5SjYKc2U4QkFvSUJBQlIyZmUrTzVZMC8xTHpZRHh2dlR2dE9ORktiN1pMdnl1blFZN2E4RDFXakR5L2Q1b0syZVNObgozdmxrZDZkOWhYVFBLaVBaYmVPblBXSFF6bTkxYWlHMmU0R29BTzlMVXkxY2NQSUNDM1RRV2taTm5FNWgvdzcrCng2Zy9RUk0vSGJ3VU5KOWhNY2RwakNBa2tsVWRQVGVyVWJMdlZZcllrK3F5dWhuUkxoelRtdlFSZE5wTjArZ2QKVjM1TGlnNTdaV2ZYbEhoa2NpQ1daRW9nOW9TVVg1TUwyejBEYUVtaVRTUDZ5Q0xPbVh6Qmt6b0dENGxXdnllWQpFWmZDNkFJNTBLR01JYzNxVDFaQXN5T2Y5UXZiSWNlTnJ4TktVK2VJSmpIaGdPVCttU1FTMUo0aUM0bHJPcWorClk5M2pYeGNFUzdrd2NkblJPQXBuK1A5bWxZRWdRaUVDZ2dFQkFOWHMveDlRcFJFdEZPbTllVlcvWFgwcTRvMUkKOWVFb0puMUQxaEtzVlJDOExSMnI2b2V2QXhBN3FoWmhTSXdhM3c4NGR3cVR0Z2E2MW9BY1NHMlo3UG5CUXhDegozQ0Zya3lwY3pRem5ocTJLZ3BwaHdDWVRWRGRnc0FEK1p3UThmU3BQOVJ0SHcxMW9mQlJDS0IwV09CcytDOFF2CnFMQ3FJZTZndlRGQldRWkRZdEwvMlRTa3VUL3pMNEJmNHlNeGs4RXVoQnd1Q09Cc0I5K0pJYkhtWGtMVG4wRlcKS2w3eU5mUDRvWlY2dXZ5MWQ2UlBEUFlhQ0pFNENLVk81dHRJUmpYVVdHU1VBdTJmNzJpdXBGcDR4b1pLZlRTWgowNTNkNlJhenBPdk1RaEdXUDV4cWpWd2NLblcwQzlXMGpKVldiUGNlY1ppeW5qdG8zQUowcEtNSlczZz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K stringData: + cookie_hash_key: "ZThram5lbkxybTdSeDhHbGM2VDVtckRVZUo3MVo3M1l5b0JGWGVpY1dCN3R1QmZMbWJDNEhkZHFvdnRkenNNOA==" + cookie_block_key: "UnlrWEt3NkkxRUQyN055N2tuMG9kQnRwV2JZdkZvVGg=" + claim_symmetric_key: "MXcwb2ZpZWx4VmxqczcxalBGM0o2SzlOU1p3TkNvMXk=" --- # Source: flyte/charts/flyte/templates/common/secret-auth.yaml apiVersion: v1 @@ -6766,28 +6772,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - name: generate-secrets - image: "cr.flyte.org/flyteorg/flyteadmin:v1.13.0" - imagePullPolicy: "IfNotPresent" - command: ["/bin/sh", "-c"] - args: - [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", - ] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - volumeMounts: - - mountPath: /etc/flyte/config - name: base-config-volume - - mountPath: /etc/scratch - name: scratch - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - command: - flyteadmin diff --git a/script/generate_helm.sh b/script/generate_helm.sh index 1c836b90027..8e936997fd2 100755 --- a/script/generate_helm.sh +++ b/script/generate_helm.sh @@ -56,7 +56,8 @@ ${GOPATH:-~/go}/bin/helm-docs -c ${DIR}/../charts/ # This section is used by GitHub workflow to ensure that the generation step was run if [ -n "$DELTA_CHECK" ]; then - DIRTY=$(git status --porcelain) + # find only deleted or removed lines, not replaced values + DIRTY=$(git diff --word-diff | grep '^[{\[]') if [ -n "$DIRTY" ]; then echo "FAILED: helm code updated without committing generated code." echo "Ensure make helm has run and all changes are committed."